Public/Roles.ps1



<#
.SYNOPSIS
    The get role operation will retrieve a list of roles from your company.
.DESCRIPTION
    The get roles operation will retrieve a list of roles from your company. This can be either all roles, or roles filtered by name or ID.
.PARAMETER Name
    Specifies the name of an existing variable to retrieve, can be specified as an array of strings to retrieve multiple variables
.PARAMETER Name
    Specifies the name of an existing variable to retrieve, can be specified as an array of strings to retrieve multiple variables
.PARAMETER CompanyName
    The companyname that's used in the helloId URL to know which HelloID tenant to talk to. Required if not connected with Connect-HelloId.
.PARAMETER ApiKey
    The Apikey to use for the api call. Required if not connected with Connect-HelloId.
.PARAMETER ApiSecret
    The Apisecret belonging to the apikey, has to be a securestring. Required if not connected with Connect-HelloId.
.EXAMPLE
     
.EXAMPLE
     
.INPUTS
     
.OUTPUTS
     
#>

function Get-HidRole {
    [CmdletBinding(DefaultParameterSetName = 'guid',PositionalBinding = $false)]
    [Alias()]
    [OutputType([String])]
    Param ( 
        # the name of an existing variable
        [Parameter(Mandatory = $false,
        ValueFromPipeline = $true,
        ValueFromPipelineByPropertyName = $true,
        ParameterSetName = "guid")]
        [ValidateNotNullOrEmpty()]
        [guid[]]$RoleGuid,
    
        # the name of an existing variable
        [Parameter(Mandatory = $false,
        ValueFromPipeline = $true,
        ValueFromPipelineByPropertyName = $true,
        ParameterSetName = "Name")]
        [ValidateNotNullOrEmpty()]
        [string[]]$Name,

        # Company name used in the URL
        [Parameter(Mandatory= $false)]
        [ValidateNotNullOrEmpty()]
        [string]$CompanyName,
        
        # Api key
        [Parameter(Mandatory= $false)]
        [ValidateNotNullOrEmpty()]
        [string]$ApiKey,

        # Api secret
        [Parameter(Mandatory= $false)]
        [ValidateNotNullOrEmpty()]
        [securestring]$ApiSecret,

        # For preview tenants
        [Parameter(Mandatory = $false)]
        [switch]$IsPreviewTenant
    )
    
    begin {

        if ($PSBoundParameters.ContainsKey("CompanyName") -AND $PSBoundParameters.ContainsKey("ApiKey") -AND $PSBoundParameters.ContainsKey("ApiSecret") ){
            Write-Verbose -Message "Using connectioninfo and credentials from parameter"
            #Create credential object for authentication
            $Cred = New-Object System.Management.Automation.PSCredential ($ApiKey, $ApiSecret)
            if ($IsPreviewTenant){
                $BaseUrl = "https://$CompanyName.preview-helloid.com"
            }
            else {
                $BaseUrl = "https://$CompanyName.helloid.com"
            }
        }
        elseif ($Global:HelloIdConnection.ApiCredentials) {
            Write-Verbose -Message "Using Global connectioninfo and credentials from Connect-HelloId "
            $Cred = $Global:HelloIdConnection.ApiCredentials
            $CompanyName = $Global:HelloIdConnection.CompanyName
            $BaseUrl = $Global:HelloIdConnection.BaseUrl
        }
        else {            
            throw "Error finding connectioninfo. Connect using Connect-HelloId, or specifie CompanyName, ApiKey and ApiSecret"
        }

        #Headers
        $headers = @{
            "Content-Type" = "application/json"
        }
        
    } #End begin
    
    process {        

        if ($PSBoundParameters.ContainsKey("RoleGuid")){            
            foreach ($guid in $RoleGuid){
                $URI = "$BaseUrl/api/v1/roles/$guid"
                $output = Invoke-RestMethod -Uri $URI -Method "GET" -Headers $headers -Credential $Cred -UseBasicParsing               
                $output
            }

        }
        elseif ($PSBoundParameters.ContainsKey("Name")) {
            foreach ($item in $Name){
                $URI = "$BaseUrl/api/v1/roles/$item"
                $output = Invoke-RestMethod -Uri $URI -Method "GET" -Headers $headers -Credential $Cred -UseBasicParsing
                $output
            }
        }        
        else {
            $URI = "$BaseUrl/api/v1/roles"
            $output = Invoke-RestMethod -Uri $URI -Method "GET" -Headers $headers -Credential $Cred -UseBasicParsing
            $output            
        }
    } #End process
    
    end {
        
    } #End end
} #End function





<#
.SYNOPSIS
    The new role operation will create a new role
.DESCRIPTION
    The new role cmdlet will create a new role in your tenant
.PARAMETER Name
    Specifies the name of the role to create
.PARAMETER Description
    Specifies the description of the role to create
.PARAMETER UserNames
    The User names to add to the role
.PARAMETER UserGuids
    The user Guids to add to the role
.PARAMETER Rights
    Specifies the Rights to assign to the role
.PARAMETER Enabled
    Role enabled true / false
.PARAMETER Default
    Role is a default role true / false
.PARAMETER CompanyName
    The companyname that's used in the helloId URL to know which HelloID tenant to talk to. Required if not connected with Connect-HelloId.
.PARAMETER ApiKey
    The Apikey to use for the api call. Required if not connected with Connect-HelloId.
.PARAMETER ApiSecret
    The Apisecret belonging to the apikey, has to be a securestring. Required if not connected with Connect-HelloId.
.EXAMPLE
     
.EXAMPLE
     
.INPUTS
     
.OUTPUTS
     
#>

function New-HidRole {
    [CmdletBinding(PositionalBinding = $false)]
    [Alias()]
    [OutputType([String])]
    Param (    
        # the name of an existing variable
        [Parameter(Mandatory = $false,
        ValueFromPipeline = $true,
        ValueFromPipelineByPropertyName = $true)]
        [ValidateNotNullOrEmpty()]
        [string]$Name,        

        # description of the role
        [Parameter(Mandatory= $false)]
        [ValidateNotNullOrEmpty()]
        [string]$Description,

        # Usernames to add to the role
        [Parameter(Mandatory= $false)]
        [ValidateNotNullOrEmpty()]
        [string[]]$UserNames = @(),
        
        # UserGuids to add to the role
        [Parameter(Mandatory= $false)]
        [ValidateNotNullOrEmpty()]
        [guid[]]$UserGuids = @(),
        
        # Rights to assign to the role
        [Parameter(Mandatory= $false)]
        [ValidateNotNullOrEmpty()]
        [int[]]$Rights = @(),
        
        # Role enabled true / false
        [Parameter(Mandatory= $false)]
        [ValidateNotNullOrEmpty()]
        [bool]$Enabled = $true,
        
        # Default role true / false
        [Parameter(Mandatory= $false)]
        [ValidateNotNullOrEmpty()]
        [bool]$Default = $false,

        # Company name used in the URL
        [Parameter(Mandatory= $false)]
        [ValidateNotNullOrEmpty()]
        [string]$CompanyName,
        
        # Api key
        [Parameter(Mandatory= $false)]
        [ValidateNotNullOrEmpty()]
        [string]$ApiKey,

        # Api secret
        [Parameter(Mandatory= $false)]
        [ValidateNotNullOrEmpty()]
        [securestring]$ApiSecret,

        # For preview tenants
        [Parameter(Mandatory = $false)]
        [switch]$IsPreviewTenant
    )
    
    begin {

        if ($PSBoundParameters.ContainsKey("CompanyName") -AND $PSBoundParameters.ContainsKey("ApiKey") -AND $PSBoundParameters.ContainsKey("ApiSecret") ){
            Write-Verbose -Message "Using connectioninfo and credentials from parameter"
            #Create credential object for authentication
            $Cred = New-Object System.Management.Automation.PSCredential ($ApiKey, $ApiSecret)
            if ($IsPreviewTenant){
                $BaseUrl = "https://$CompanyName.preview-helloid.com"
            }
            else {
                $BaseUrl = "https://$CompanyName.helloid.com"
            }
        }
        elseif ($Global:HelloIdConnection.ApiCredentials) {
            Write-Verbose -Message "Using Global connectioninfo and credentials from Connect-HelloId "
            $Cred = $Global:HelloIdConnection.ApiCredentials
            $CompanyName = $Global:HelloIdConnection.CompanyName
            $BaseUrl = $Global:HelloIdConnection.BaseUrl
        }
        else {            
            throw "Error finding connectioninfo. Connect using Connect-HelloId, or specifie CompanyName, ApiKey and ApiSecret"
        }

        #Headers
        $headers = @{
            "Content-Type" = "application/json"
        }


        #Variables
        $JsonUserNames = ConvertTo-Json $UserNames -Depth 15
        $JsonUserGuids = ConvertTo-Json $UserGuids -Depth 15
        $JsonRights = ConvertTo-Json $Rights -Depth 15

        if (!($Description)){
            $Description = $Name
        }

        
    } #End begin
    
    process {  
        
        
        $sbBody = [System.Text.StringBuilder]::new()
        $null = $SbBody.AppendLine("{") 
        $null = $SbBody.AppendLine("`"name`": `"$Name`",")
        $null = $SbBody.AppendLine("`"Description`": `"$Description`",")
        $null = $SbBody.AppendLine("`"IsEnabled`": $(($Enabled).ToString().ToLower()),")
        $null = $SbBody.AppendLine("`"IsDefault`": $(($Default).ToString().ToLower()),")
        $null = $SbBody.AppendLine("`"UserNames`": $JsonUserNames,")
        $null = $SbBody.AppendLine("`"UserGuids`": $JsonUserGuids,")
        $null = $SbBody.AppendLine("`"Rights`": $JsonRights")
        $null = $SbBody.AppendLine("}") 
        
        Write-Debug "body is:`n $($SbBody.ToString())"

        $URI = "$BaseUrl/api/v1/roles"
        $output = Invoke-RestMethod -Uri $URI -Method "POST" -Headers $headers -Credential $Cred -UseBasicParsing -Body $sbBody.tostring()
        $output            
        
    } #End process
    
    end {
        
    } #End end
} #End function





<#
.SYNOPSIS
    The set role operation will update a role
.DESCRIPTION
    The set role cmdlet will update a role in your tenant
.PARAMETER Name
    Specifies the name of an existing variable to retrieve, can be specified as an array of strings to retrieve multiple variables
.PARAMETER Name
    Specifies the name of an existing variable to retrieve, can be specified as an array of strings to retrieve multiple variables
.PARAMETER CompanyName
    The companyname that's used in the helloId URL to know which HelloID tenant to talk to. Required if not connected with Connect-HelloId.
.PARAMETER ApiKey
    The Apikey to use for the api call. Required if not connected with Connect-HelloId.
.PARAMETER ApiSecret
    The Apisecret belonging to the apikey, has to be a securestring. Required if not connected with Connect-HelloId.
.EXAMPLE
     
.EXAMPLE
     
.INPUTS
     
.OUTPUTS
#>

function Set-HidRole {
    [CmdletBinding(PositionalBinding = $false,DefaultParameterSetName = "guid")]
    [Alias()]
    [OutputType([String])]
    Param (

        # the guid of an existing role to update
        [Parameter(Mandatory = $false,
        ValueFromPipeline = $true,
        ValueFromPipelineByPropertyName = $true,
        ParameterSetName = "guid")]
        [ValidateNotNullOrEmpty()]
        [guid]$RoleGuid,

        # the name of an existing role to update
        [Parameter(Mandatory = $false,
        ValueFromPipeline = $true,
        ValueFromPipelineByPropertyName = $true,
        ParameterSetName = "name")]
        [ValidateNotNullOrEmpty()]
        [string]$Name,        

        # New name for the role
        [Parameter(Mandatory= $false)]
        [ValidateNotNullOrEmpty()]
        [string]$NewName,

        # New description of the role
        [Parameter(Mandatory= $false)]
        [ValidateNotNullOrEmpty()]
        [string]$Description,        
        
        # Role enabled true / false
        [Parameter(Mandatory= $false)]
        [ValidateNotNullOrEmpty()]
        [bool]$Enabled,
        
        # Default role true / false
        [Parameter(Mandatory= $false)]
        [ValidateNotNullOrEmpty()]
        [bool]$Default,
        
        # Rights to assign to the role
        [Parameter(Mandatory= $false)]
        [ValidateNotNullOrEmpty()]
        [int[]]$Rights,

        # Company name used in the URL
        [Parameter(Mandatory= $false)]
        [ValidateNotNullOrEmpty()]
        [string]$CompanyName,
        
        # Api key
        [Parameter(Mandatory= $false)]
        [ValidateNotNullOrEmpty()]
        [string]$ApiKey,

        # Api secret
        [Parameter(Mandatory= $false)]
        [ValidateNotNullOrEmpty()]
        [securestring]$ApiSecret,

        # For preview tenants
        [Parameter(Mandatory = $false)]
        [switch]$IsPreviewTenant
    )
    
    begin {

        if ($PSBoundParameters.ContainsKey("CompanyName") -AND $PSBoundParameters.ContainsKey("ApiKey") -AND $PSBoundParameters.ContainsKey("ApiSecret") ){
            Write-Verbose -Message "Using connectioninfo and credentials from parameter"
            #Create credential object for authentication
            $Cred = New-Object System.Management.Automation.PSCredential ($ApiKey, $ApiSecret)
            if ($IsPreviewTenant){
                $BaseUrl = "https://$CompanyName.preview-helloid.com"
            }
            else {
                $BaseUrl = "https://$CompanyName.helloid.com"
            }
        }
        elseif ($Global:HelloIdConnection.ApiCredentials) {
            Write-Verbose -Message "Using Global connectioninfo and credentials from Connect-HelloId "
            $Cred = $Global:HelloIdConnection.ApiCredentials
            $CompanyName = $Global:HelloIdConnection.CompanyName
            $BaseUrl = $Global:HelloIdConnection.BaseUrl
        }
        else {            
            throw "Error finding connectioninfo. Connect using Connect-HelloId, or specifie CompanyName, ApiKey and ApiSecret"
        }

        #Headers
        $headers = @{
            "Content-Type" = "application/json"
        }


        #Variables
        $JsonRights = ConvertTo-Json $Rights -Depth 15

        if (!($Description)){
            $Description = $Name
        }

        
    } #End begin
    
    process {        
        
        $sbBody = [System.Text.StringBuilder]::new()
        $null = $SbBody.AppendLine("{") 
        if ($PSBoundParameters.ContainsKey("NewName")) {
            $null = $SbBody.AppendLine("`"name`": `"$NewName`"") 
            if ($PSBoundParameters.ContainsKey("Description") -or $PSBoundParameters.ContainsKey("Enabled") -or $PSBoundParameters.ContainsKey("Default") -or $PSBoundParameters.ContainsKey("Rights")){ $sbBody.Append(",") }
        }
        if ($PSBoundParameters.ContainsKey("Description")) { 
            $null = $SbBody.AppendLine("`"Description`": `"$Description`"") 
            if ($PSBoundParameters.ContainsKey("Enabled") -or $PSBoundParameters.ContainsKey("Default") -or $PSBoundParameters.ContainsKey("Rights")){ $sbBody.Append(",") }
        }
        if ($PSBoundParameters.ContainsKey("Enabled")) { 
            $null = $SbBody.AppendLine("`"IsEnabled`": $(($Enabled).ToString().ToLower())") 
            if ($PSBoundParameters.ContainsKey("Default") -or $PSBoundParameters.ContainsKey("Rights")){ $sbBody.Append(",") }
        }
        if ($PSBoundParameters.ContainsKey("Default")) { 
            $null = $SbBody.AppendLine("`"IsDefault`": $(($Default).ToString().ToLower())") 
            if ($PSBoundParameters.ContainsKey("Rights")){ $sbBody.Append(",") }
        }
        if ($PSBoundParameters.ContainsKey("Rights")) { $null = $SbBody.AppendLine("`"Rights`": $JsonRights") }
        $null = $SbBody.AppendLine("}") 
        
        
        Write-Debug "body is:`n $($SbBody.ToString())"

        if ($PSBoundParameters.ContainsKey("Name")){
            $URI = "$BaseUrl/api/v1/roles/$Name"
        }
        elseif ($PSBoundParameters.ContainsKey("RoleGuid")) {
            $URI = "$BaseUrl/api/v1/roles/$RoleGuid"
        }
        $output = Invoke-RestMethod -Uri $URI -Method "PUT" -Headers $headers -Credential $Cred -UseBasicParsing -Body $sbBody.tostring()
        $output            
        
    } #End process
    
    end {
        
    } #End end
} #End function







<#
.SYNOPSIS
    The assign role to user operation will assign a role to a user
.DESCRIPTION
    The assign role to user operation will assign a role to a user
.PARAMETER RoleGuid
    Specifies the Guid of an existing role to add users or groups to
.PARAMETER RoleName
    Specifies the name of an existing role to add users or groups to
.PARAMETER UserNames
    Specifies the usernames to be added to the role
.PARAMETER UserGuids
    Specifies the Guids of users to be added to the role
.PARAMETER GroupGuids
    Specifies the guids of groups to be added to the role
.PARAMETER CompanyName
    The companyname that's used in the helloId URL to know which HelloID tenant to talk to. Required if not connected with Connect-HelloId.
.PARAMETER ApiKey
    The Apikey to use for the api call. Required if not connected with Connect-HelloId.
.PARAMETER ApiSecret
    The Apisecret belonging to the apikey, has to be a securestring. Required if not connected with Connect-HelloId.
.EXAMPLE
     
.EXAMPLE
     
.INPUTS
     
.OUTPUTS
#>

function New-HidRoleAssignment {
    [CmdletBinding(PositionalBinding = $false,DefaultParameterSetName = "roleguid_users")]
    [Alias()]
    [OutputType([String])]
    Param (

        # the guid of an existing role to add users to
        [Parameter(Mandatory = $true,
        ValueFromPipeline = $true,
        ValueFromPipelineByPropertyName = $true,
        ParameterSetName = "roleguid_users")]
        [Parameter(Mandatory = $true,
        ValueFromPipeline = $true,
        ValueFromPipelineByPropertyName = $true,
        ParameterSetName = "roleguid_groups")]
        [ValidateNotNullOrEmpty()]
        [guid]$RoleGuid,

        # Name of the role to add users to
        [Parameter(Mandatory = $true,
        ValueFromPipeline = $true,
        ValueFromPipelineByPropertyName = $false,
        ParameterSetName = "rolename_users")]
        [Parameter(Mandatory = $true,
        ValueFromPipeline = $true,
        ValueFromPipelineByPropertyName = $true,
        ParameterSetName = "rolename_groups")]
        [ValidateNotNullOrEmpty()]
        [string]$RoleName,        

        # Usernames to add to the role
        [Parameter(Mandatory= $false,ParameterSetName = "roleguid_users")]
        [Parameter(Mandatory= $false,ParameterSetName = "rolename_users")]
        [ValidateNotNullOrEmpty()]
        [string[]]$UserNames = @(),
        
        # UserGuids to add to the role
        [Parameter(Mandatory= $false,ParameterSetName = "roleguid_users")]
        [Parameter(Mandatory= $false,ParameterSetName = "rolename_users")]
        [ValidateNotNullOrEmpty()]
        [guid[]]$UserGuids = @(),

        # GroupGuids to add to the role
        [Parameter(Mandatory= $true,ParameterSetName = "roleguid_groups")]
        [Parameter(Mandatory= $true,ParameterSetName = "rolename_groups")]
        [ValidateNotNullOrEmpty()]
        [guid[]]$GroupGuids = @(),

        # Company name used in the URL
        [Parameter(Mandatory= $false)]
        [ValidateNotNullOrEmpty()]
        [string]$CompanyName,
        
        # Api key
        [Parameter(Mandatory= $false)]
        [ValidateNotNullOrEmpty()]
        [string]$ApiKey,

        # Api secret
        [Parameter(Mandatory= $false)]
        [ValidateNotNullOrEmpty()]
        [securestring]$ApiSecret,

        # For preview tenants
        [Parameter(Mandatory = $false)]
        [switch]$IsPreviewTenant
    )
    
    begin {
       

        if ($PSBoundParameters.ContainsKey("CompanyName") -AND $PSBoundParameters.ContainsKey("ApiKey") -AND $PSBoundParameters.ContainsKey("ApiSecret") ){
            Write-Verbose -Message "Using connectioninfo and credentials from parameter"
            #Create credential object for authentication
            $Cred = New-Object System.Management.Automation.PSCredential ($ApiKey, $ApiSecret)
            if ($IsPreviewTenant){
                $BaseUrl = "https://$CompanyName.preview-helloid.com"
            }
            else {
                $BaseUrl = "https://$CompanyName.helloid.com"
            }
        }
        elseif ($Global:HelloIdConnection.ApiCredentials) {
            Write-Verbose -Message "Using Global connectioninfo and credentials from Connect-HelloId "
            $Cred = $Global:HelloIdConnection.ApiCredentials
            $CompanyName = $Global:HelloIdConnection.CompanyName
            $BaseUrl = $Global:HelloIdConnection.BaseUrl
        }
        else {            
            throw "Error finding connectioninfo. Connect using Connect-HelloId, or specifie CompanyName, ApiKey and ApiSecret"
        }

        #Headers
        $headers = @{
            "Content-Type" = "application/json"
        }

        #Variables
        $JsonUserNames = ConvertTo-Json $UserNames -Depth 15
        $JsonUserGuids = ConvertTo-Json $UserGuids -Depth 15
        $JsonGroupGuids = ConvertTo-Json $GroupGuids -Depth 15

        
    } #End begin
    
    process {
        
        $sbBody = [System.Text.StringBuilder]::new()

        if($PSBoundParameters.ContainsKey("GroupGuids")){
            $UriEndpoint = "groups" #used in the POST url

            $null = $SbBody.AppendLine("{")
            $null = $SbBody.AppendLine("`"GroupGuids`": $JsonGroupGuids")
            $null = $SbBody.AppendLine("}") 
        }
        else {
            $UriEndpoint = "users" #used in the POST url

            $null = $SbBody.AppendLine("{")
            $null = $SbBody.AppendLine("`"UserNames`": $JsonUserNames,")
            $null = $SbBody.AppendLine("`"UserGuids`": $JsonUserGuids")
            $null = $SbBody.AppendLine("}") 
        }
        
        Write-Debug "body is:`n $($SbBody.ToString())"

        if ($PSBoundParameters.ContainsKey("RoleName")){
            $URI = "$BaseUrl/api/v1/roles/$RoleName/$UriEndpoint"
        }
        elseif ($PSBoundParameters.ContainsKey("RoleGuid")) {
            $URI = "$BaseUrl/api/v1/roles/$RoleGuid/$UriEndpoint"
        }
        $output = Invoke-RestMethod -Uri $URI -Method "POST" -Headers $headers -Credential $Cred -UseBasicParsing -Body $sbBody.tostring()
        $output
        
    } #End process
    
    end {
        
    } #End end
} #End function





<#
.SYNOPSIS
    The remove role to user operation will remove a role from a user
.DESCRIPTION
    The remove role to user operation will remove a role from a user
.PARAMETER RoleGuid
    Specifies the Guid of an existing role to remove users or groups from
.PARAMETER RoleName
    Specifies the name of an existing role to remove users or groups from
.PARAMETER UserNames
    Specifies the usernames to be removed from the role
.PARAMETER UserGuids
    Specifies the Guids of users to be removed from the role
.PARAMETER GroupGuids
    Specifies the guids of groups to be removed from the role
.PARAMETER CompanyName
    The companyname that's used in the helloId URL to know which HelloID tenant to talk to. Required if not connected with Connect-HelloId.
.PARAMETER ApiKey
    The Apikey to use for the api call. Required if not connected with Connect-HelloId.
.PARAMETER ApiSecret
    The Apisecret belonging to the apikey, has to be a securestring. Required if not connected with Connect-HelloId.
.EXAMPLE
     
.EXAMPLE
     
.INPUTS
     
.OUTPUTS
#>

function Remove-HidRoleAssignment {
    [CmdletBinding(PositionalBinding = $false,DefaultParameterSetName = "roleguid_users_userguid")]
    [Alias()]
    [OutputType([String])]
    Param (

        # the guid of an existing role to remove users or groups from
        [Parameter(Mandatory = $true,
        ValueFromPipeline = $true,
        ValueFromPipelineByPropertyName = $true,
        ParameterSetName = "roleguid_users_username")]
        [Parameter(Mandatory = $true,
        ValueFromPipeline = $true,
        ValueFromPipelineByPropertyName = $true,
        ParameterSetName = "roleguid_users_userguid")]
        [Parameter(Mandatory = $true,
        ValueFromPipeline = $true,
        ValueFromPipelineByPropertyName = $true,
        ParameterSetName = "roleguid_groups")]
        [ValidateNotNullOrEmpty()]
        [guid]$RoleGuid,

        # Name of the role to remove users or groups from
        [Parameter(Mandatory = $true,
        ValueFromPipeline = $true,
        ValueFromPipelineByPropertyName = $false,
        ParameterSetName = "rolename_users_username")]
        [Parameter(Mandatory = $true,
        ValueFromPipeline = $true,
        ValueFromPipelineByPropertyName = $false,
        ParameterSetName = "rolename_users_userguid")]
        [Parameter(Mandatory = $true,
        ValueFromPipeline = $true,
        ValueFromPipelineByPropertyName = $true,
        ParameterSetName = "rolename_groups")]
        [ValidateNotNullOrEmpty()]
        [string]$RoleName,

        # Usernames to remove from the role
        [Parameter(Mandatory= $true,ParameterSetName = "roleguid_users_username")]
        [Parameter(Mandatory= $true,ParameterSetName = "rolename_users_username")]
        [ValidateNotNullOrEmpty()]
        [string]$UserName,
        
        # UserGuids to remove from the role
        [Parameter(Mandatory= $true,ParameterSetName = "roleguid_users_userguid")]
        [Parameter(Mandatory= $true,ParameterSetName = "rolename_users_userguid")]
        [ValidateNotNullOrEmpty()]
        [guid]$UserGuid,

        # GroupGuids to remove from the role
        [Parameter(Mandatory= $true,ParameterSetName = "roleguid_groups")]
        [Parameter(Mandatory= $true,ParameterSetName = "rolename_groups")]
        [ValidateNotNullOrEmpty()]
        [guid[]]$GroupGuids,

        # Company name used in the URL
        [Parameter(Mandatory= $false)]
        [ValidateNotNullOrEmpty()]
        [string]$CompanyName,
        
        # Api key
        [Parameter(Mandatory= $false)]
        [ValidateNotNullOrEmpty()]
        [string]$ApiKey,

        # Api secret
        [Parameter(Mandatory= $false)]
        [ValidateNotNullOrEmpty()]
        [securestring]$ApiSecret,

        # For preview tenants
        [Parameter(Mandatory = $false)]
        [switch]$IsPreviewTenant
    )
    
    begin {
       

        if ($PSBoundParameters.ContainsKey("CompanyName") -AND $PSBoundParameters.ContainsKey("ApiKey") -AND $PSBoundParameters.ContainsKey("ApiSecret") ){
            Write-Verbose -Message "Using connectioninfo and credentials from parameter"
            #Create credential object for authentication
            $Cred = New-Object System.Management.Automation.PSCredential ($ApiKey, $ApiSecret)
            if ($IsPreviewTenant){
                $BaseUrl = "https://$CompanyName.preview-helloid.com"
            }
            else {
                $BaseUrl = "https://$CompanyName.helloid.com"
            }
        }
        elseif ($Global:HelloIdConnection.ApiCredentials) {
            Write-Verbose -Message "Using Global connectioninfo and credentials from Connect-HelloId "
            $Cred = $Global:HelloIdConnection.ApiCredentials
            $CompanyName = $Global:HelloIdConnection.CompanyName
            $BaseUrl = $Global:HelloIdConnection.BaseUrl
        }
        else {            
            throw "Error finding connectioninfo. Connect using Connect-HelloId, or specifie CompanyName, ApiKey and ApiSecret"
        }

        #Headers
        $headers = @{
            "Content-Type" = "application/json"
        }

        #Variables
        #$JsonUserNames = ConvertTo-Json $UserNames -Depth 15
        #$JsonUserGuids = ConvertTo-Json $UserGuids -Depth 15
        $JsonGroupGuids = ConvertTo-Json $GroupGuids -Depth 15

        
    } #End begin
    
    process {
        
        
        if($PSBoundParameters.ContainsKey("GroupGuids")){
            $UriEndpoint = "groups" #used in the POST url
            $sbBody = [System.Text.StringBuilder]::new()

            $null = $SbBody.AppendLine("{")
            $null = $SbBody.AppendLine("`"GroupGuids`": $JsonGroupGuids")
            $null = $SbBody.AppendLine("}") 

            Write-Debug "body is:`n $($SbBody.ToString())"

            if ($PSBoundParameters.ContainsKey("RoleName")){
                $URI = "$BaseUrl/api/v1/roles/$RoleName/$UriEndpoint"
            }
            elseif ($PSBoundParameters.ContainsKey("RoleGuid")) {
                $URI = "$BaseUrl/api/v1/roles/$RoleGuid/$UriEndpoint"
            }
            $output = Invoke-RestMethod -Uri $URI -Method "DELETE" -Headers $headers -Credential $Cred -UseBasicParsing -Body $sbBody.tostring()
            
        }
        else {
            
            if ($PSBoundParameters.ContainsKey("UserName")){
                $UsernameOrGuid = $UserName
            }
            else {
                $UsernameOrGuid = $UserGuid
            }

            if ($PSBoundParameters.ContainsKey("RoleName")){
                $URI = "$BaseUrl/api/v1/roles/$RoleName/users/$UsernameOrGuid"
            }
            elseif ($PSBoundParameters.ContainsKey("RoleGuid")) {
                $URI = "$BaseUrl/api/v1/roles/$RoleGuid/users/$UsernameOrGuid"
            }
            $output = Invoke-RestMethod -Uri $URI -Method "DELETE" -Headers $headers -Credential $Cred -UseBasicParsing
            
        }
        
        $output

        
        
    } #End process
    
    end {
        
    } #End end
} #End function