1. Aaron Jensen
  2. Carbon
  3. Issues
Issue #221 closed

[Community] Revoke-Permission fails if the identity has multiple ACEs

bozho_
created an issue

Get-Permission on line ~86 in Revoke-Permission.ps1 returns an array if an identity has multiple ACEs.

In that case, $ruleToRemove will be an array and calls to $keySecurity.RemoveAccessRule or $currentAcl.RemoveAccessRule will fail.

Comments (6)

  1. bozho_ reporter

    If I remember correctly, we had a scenario where the Users group had both a set of inherited permissions on a folder and a non-inherited set of permissions.

    We hit the bug because a part of our DSC config disables inheritance on a folder, removes all permissions for the Users group and assigns a specific set of permissions for a different group.

    Disabling the inheritance would result in the Users group having two ACEs on that folder. I can look up the exact scenario on Monday.

  2. Log in to comment