#PowerShell, #PowerWiseScripting, #ProjectWise, PWPS_DAB

How-To: Use Non-Admin User Account

Many users work within a ProjectWise datasource(s) in which they are not the “owners” and therefore cannot create administrator accounts or create or add members to the “PowerShell Users” group. These restrictions have impeded the ability to obtain pertinent information related to the projects they are working on. They will now be able to accomplish some of these tasks. 

With the latest release of the PWPS_DAB module (version 1.14.0.0), users now have the ability to log into a ProjectWise datasource with a user account that is NOT a ProjectWise Administrator, NOT a Restricted Administrator and NOT a member of the “PowerShell Users” Group. Albeit, they will not be able to use all cmdlets, but a limited number of read-only cmdlets for generating reports and get non-security related cmdlets. All access control will be honored.


In this post, we will be logging into a ProjectWise Datasource with a “restricted” account. One with limited capabilities to demonstrate how it will work and to see some of the cmdlets available. Many cmdlets may be available, however, it will take some testing for each of you to determine which ones are and are not available to you.

We will be using the following cmdlets to accomplish this task. All of the ProjectWise related cmdlets are available using the PWPS_DAB module. At the time of this post, I am using version 1.14.0.0. Take a look at the help for each of the cmdlets to become familiar with their functionality, available parameters, etc.

  • Save-SecureStringToEncryptedFile
  • Get-SecureStringFromEncryptedFile
  • New-PWLogin
  • Get-PWCurrentDatasource
  • Get-PWCurrentUser
  • Get-PWUsersByMatch
  • Get-PWFolders
  • Get-PWDocumentsBySearch

The following shows the information for the latest build.

showpwpschangelog

Working with an Encrypted Password File

The following steps through the process of generating an encrypted password text file and then retrieving the encrypted password from it. The purpose of using this is to eliminate the need for users to log into a ProjectWise Datasource using the GUI, which is not allowed when using the NonAdminLogin switch parameter. Of course, you should not include your password(s) in your script files in clear text. Be sure to create the encrypted password file with the password for the ProjectWise user account in which you will be using within PowerShell.

One caveat, the encrypted file can ONLY be used on the computer in which it is created. It CANNOT be copied from one computer to another.

# Create a text file containing encrypted password.
$passwordFile = 'd:\temp\test\testPSUserPW.txt'
Save-SecureStringToEncryptedFile -FileName $passwordFile -Prompt 'Enter Password:'

Now that we have created the encrypted password file, we can read the value from it and populate a variable which will be used with the New-PWLogin cmdlet.

# Populate password variable with the contents of the password file.
$password = Get-SecureStringFromEncryptedFile -FileName $passwordFile

You can verify the variable was successfully populated with a secure string.

# Verify the password variable was populated with a secure string.
$password.GetType()

securestring

Log Into ProjectWise Datasource

We will now log into a ProjectWise Datasource using the secure string password retrieved from the encrypted password and the NonAdminLogin switch parameter. 

# You CANNOT use the GUI to log into ProjectWise with a NON-Admin account.
$Splat_PWLogin = @{
DatasourceName = 'BMF-WS2016-PWDI:ProjectWise'
UserName = 'testPSUser'
Password = $password
NonAdminLogin = $true
}
New-PWLogin @Splat_PWLogin -Verbose

The following shows the Warning message you will receive when logging in.

loginMessage


Now that we are logged into our ProjectWise datasource, lets try to run a few cmdlets.

First, I will try to get the current ProjectWise user and datasource information.

# Get current user information.
Get-PWCurrentUser

The following demonstrates the error message you will receive when you encounter a cmdlet you cannot run.

errormessage

# Get current datasource information.
Get-PWCurrentDatasource

The following shows the current datasource value. 

datasource

Next, we will get information about the user account we are logged in with.

# Get user information.
Get-PWUsersByMatch -UserName 'testPSUser'

Again, we are able to successfully retrieve the desired information.

getuser

Now, lets try to get project information. We will attempt to select folders and documents. Both cmdlets will return data. 

# Can get folder objects. Honors access control.
# So, only those folders in which the user has access to will be returned.
$pwFolders = Get-PWFolders -Slow | Select-Object FullPath
$pwFolders.Count
$pwFolders.FullPath

The following shows the results.

getfolders

# Can get documents by search. Honors access control.
# So, only those documents in which the user has access to will be returned.
$pwDocs = Get-PWDocumentsBySearch -GetAttributes
$pwDocs.Count
$pwDocs | Select-Object FullPath

The following shows the results.

getdocs

Summary

I realize this is a small sample of what you can expect, however, my objective was simply to demonstrate how to log into a ProjectWise datasource with an account that is not an Administrator, Restricted Administrator or a member of the “PowerShell Users” group. Also, to demonstrate what messages you can expect to see when working within PowerShell.  Be sure to test any / all cmdlets to determine what you can and cannot use.


Experiment with it and have fun.

Hopefully, you find this useful. Please let me know if you have any questions or comments.  If you like this post, please click the Like button at the bottom of the page.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.