functions/Get-PasswordStatePermission.ps1

Function Get-PasswordStatePermission {
    [Diagnostics.CodeAnalysis.SuppressMessageAttribute(
        'PSAvoidUsingPlainTextForPassword', '', Justification = 'Not a password just an ID'
    )]
    [CmdletBinding(SupportsShouldProcess = $true, DefaultParameterSetName = 'All')]
    Param (
        [Parameter(ValueFromPipelineByPropertyName, Position = 0)]
        [ValidateScript( {
                if ($_ -notmatch '23|24|25|26|27|28|37|38|43|44') {
                    throw "Given ReportID '$_' is not a valid ReportID for auditing permission. Please specify one of the following IDs: '23', '24', '25', '26', '27', '28', '37', '38', '43', '44'. You can get all possible ReportIDs and their purpose for auditing permissions with 'Get-PasswordStatePermission -ShowReportIDs'"
                }
                else {
                    $true
                }
            })]
        [int32]$ReportID,
        [Parameter(ParameterSetName = 'Specific', ValueFromPipelineByPropertyName, Position = 0)][string]$UserID,
        [Parameter(ParameterSetName = 'Specific', ValueFromPipelineByPropertyName, Position = 1)][string]$SecurityGroupName,
        [Parameter(ParameterSetName = 'Specific', ValueFromPipelineByPropertyName, Position = 2, HelpMessage = "Possible values are 0 for current month, 1 for the past 30 days, and then any other integer representing the quantity of months.")]
        [AllowNull()]
        [Alias('Duration')]
        [Nullable[System.Int32]]$DurationInMonth,
        [Parameter(ValueFromPipelineByPropertyName, Position = 1, HelpMessage = "SiteID 0 = Default site 'Internal'")]
        [AllowNull()]
        [Nullable[System.Int32]]$SiteID = 0,
        [Parameter(ValueFromPipelineByPropertyName, Position = 2)][switch]$ShowReportIDs
    )

    begin {
        $col_ReportIDs = [ordered]@{
            "23" = "(Default) What permissions exist (all users and security groups)?"
            "24" = "What permissions exist for a user?"
            "25" = "What Permissions exist for a Security Group?"
            "26" = "What permissions have changed recently?"
            "43" = "What permissions exist for all shared password records?"
            "44" = "What permissions exist for all Host Folders?"
            "27" = "Who has been approved access to passwords recently?"
            "28" = "Who has been denied access to passwords recently?"
            "37" = "How many Administrators are there for each Shared Password List?"
            "38" = "How many Administrators are there for each Password Folder?"
        }
        If ($PSBoundParameters.ContainsKey('ShowReportIDs')) {
            $ReportIDs = $col_ReportIDs
        }
        else {
            $ReportIDs = $null
        }
    }
    process {
        # If -ShowReportIDs was specified, output the overview and return the table from this function
        if ($ReportIDs) {
            return $ReportIDs
        }
        # Use default report for all permissions if no ReportID was specified
        If (!($PSBoundParameters.ContainsKey('ReportID'))) {
            [int32]$ReportID = 23
        }
        if ($ReportID) {
            # Get the name for the report id
            [string]$ReportName = $col_ReportIDs."$($ReportID)"
            Switch ($PSCmdlet.ParameterSetName) {
                'All' {
                    If ($null -ne $SiteID) {
                        $BuildURL = [string]$ReportID + '?'
                        $BuildURL += "SiteID=$([System.Web.HttpUtility]::UrlEncode($SiteID))&"
                    }
                    else {
                        $BuildURL = $ReportID
                    }
                }
                'Specific' {
                    $BuildURL = [string]$ReportID + '?'
                    If ($UserID) { $BuildURL += "UserID=$([System.Web.HttpUtility]::UrlEncode($UserID))&" }
                    If ($SecurityGroupName) { $BuildURL += "SecurityGroupName=$([System.Web.HttpUtility]::UrlEncode($SecurityGroupName))&" }
                    If ($null -ne $SiteID) { $BuildURL += "SiteID=$([System.Web.HttpUtility]::UrlEncode($SiteID))&" }
                    If ($null -ne $DurationInMonth) { $BuildURL += "Duration=$([System.Web.HttpUtility]::UrlEncode($DurationInMonth))&" }
                }
            }
            if ($BuildURL) {
                $BuildURL = $BuildURL -Replace ".$"
                $uri = "/api/reporting/$($BuildURL)"
            }
            if ($PSCmdlet.ShouldProcess("Running report '$ReportName' (ID '$ReportID') for Site '$SiteID'. Specific options: User = '$UserID', SecurityGroup = '$SecurityGroupName', Duration = '$DurationInMonth'")) {
                Try {
                    $output = Get-PasswordStateResource -uri $uri -method GET -ErrorAction Stop
                }
                Catch {
                    Throw $_.Exception
                }
            }
        }
    }
    end {
        if ($output) {
            return $output
        }
    }
}

Set-Alias -Name Get-PasswordStateListPermission -Value Get-PasswordStatePermission -Force
Set-Alias -Name Get-PasswordStateFolderPermission -Value Get-PasswordStatePermission -Force
Set-Alias -Name Get-PasswordStatePasswordPermission -Value Get-PasswordStatePermission -Force