Be sure to check out my Scripting4Crypto initiative. It’s a fun way to get into using cryptocurrencies all while getting your PowerShell needs met.
Many users work within a ProjectWise datasource(s) in which they are not the “owners” and therefore cannot create administrator accounts or create or add members to the “PowerShell Users” group. These restrictions have impeded the ability to obtain pertinent information related to the projects they are working on. They will now be able to accomplish some of these tasks. With the latest release of the PWPS_DAB module (version 1.14.0.0), users now have the ability to log into a ProjectWise datasource with a user account that is NOT a ProjectWise Administrator, NOT a Restricted Administrator and NOT a member of the “PowerShell Users” Group. Albeit, they will not be able to use all cmdlets, but a limited number of read-only cmdlets for generating reports and get non-security related cmdlets. All access control will be honored.In this post, we will be logging into a ProjectWise Datasource with a “restricted” account. One with limited capabilities to demonstrate how it will work and to see some of the cmdlets available. Many cmdlets may be available, however, it will take some testing for each of you to determine which ones are and are not available to you. We will be using the following cmdlets to accomplish this task. All of the ProjectWise related cmdlets are available using the PWPS_DAB module. At the time of this post, I am using version 1.14.0.0. Take a look at the help for each of the cmdlets to become familiar with their functionality, available parameters, etc.
- Save-SecureStringToEncryptedFile
- Get-SecureStringFromEncryptedFile
- New-PWLogin
- Get-PWCurrentDatasource
- Get-PWCurrentUser
- Get-PWUsersByMatch
- Get-PWFolders
- Get-PWDocumentsBySearch
Working with an Encrypted Password File
The following steps through the process of generating an encrypted password text file and then retrieving the encrypted password from it. The purpose of using this is to eliminate the need for users to log into a ProjectWise Datasource using the GUI, which is not allowed when using the NonAdminLogin switch parameter. Of course, you should not include your password(s) in your script files in clear text. Be sure to create the encrypted password file with the password for the ProjectWise user account in which you will be using within PowerShell. One caveat, the encrypted file can ONLY be used on the computer in which it is created. It CANNOT be copied from one computer to another.# Create a text file containing encrypted password. $passwordFile = 'd:\temp\test\testPSUserPW.txt' Save-SecureStringToEncryptedFile -FileName $passwordFile -Prompt 'Enter Password:'Now that we have created the encrypted password file, we can read the value from it and populate a variable which will be used with the New-PWLogin cmdlet.
# Populate password variable with the contents of the password file. $password = Get-SecureStringFromEncryptedFile -FileName $passwordFileYou can verify the variable was successfully populated with a secure string.
# Verify the password variable was populated with a secure string. $password.GetType()
Log Into ProjectWise Datasource
We will now log into a ProjectWise Datasource using the secure string password retrieved from the encrypted password and the NonAdminLogin switch parameter.# You CANNOT use the GUI to log into ProjectWise with a NON-Admin account. $Splat_PWLogin = @{ DatasourceName = 'BMF-WS2016-PWDI:ProjectWise' UserName = 'testPSUser' Password = $password NonAdminLogin = $true } New-PWLogin @Splat_PWLogin -VerboseThe following shows the Warning message you will receive when logging in.
Now that we are logged into our ProjectWise datasource, lets try to run a few cmdlets. First, I will try to get the current ProjectWise user and datasource information.
# Get current user information. Get-PWCurrentUserThe following demonstrates the error message you will receive when you encounter a cmdlet you cannot run.
# Get current datasource information. Get-PWCurrentDatasourceThe following shows the current datasource value.
Next, we will get information about the user account we are logged in with.
# Get user information. Get-PWUsersByMatch -UserName 'testPSUser'Again, we are able to successfully retrieve the desired information.
Now, lets try to get project information. We will attempt to select folders and documents. Both cmdlets will return data.
# Can get folder objects. Honors access control. # So, only those folders in which the user has access to will be returned. $pwFolders = Get-PWFolders -Slow | Select-Object FullPath $pwFolders.Count $pwFolders.FullPathThe following shows the results.
# Can get documents by search. Honors access control. # So, only those documents in which the user has access to will be returned. $pwDocs = Get-PWDocumentsBySearch -GetAttributes $pwDocs.Count $pwDocs | Select-Object FullPathThe following shows the results.
Summary
I realize this is a small sample of what you can expect, however, my objective was simply to demonstrate how to log into a ProjectWise datasource with an account that is not an Administrator, Restricted Administrator or a member of the “PowerShell Users” group. Also, to demonstrate what messages you can expect to see when working within PowerShell. Be sure to test any / all cmdlets to determine what you can and cannot use.Experiment with it and have fun. Hopefully, you find this useful. Please let me know if you have any questions or comments. If you like this post, please click the Like button at the bottom of the page.
powerwisescripting.blog 