Set-TppPermission - replaces all existed permissions

[tall27]

Environment

Operating System: win
VenafiPS version: 5.4.1
PowerShell version: 7
TPP version (if applicable): 22.4

Steps to reproduce

$list=find-TppObject -Path '\ved\policy\' -Class 'Policy'|Get-TppPermission $i = 1 foreach ($identity in $list) { if (($identity).EffectivePermissions.IsWriteAllowed ) { Set-TppPermission -Path $identity.Path -IdentityId $identity.IdentityId -Permission @{IsPrivateKeyReadAllowed=$true} } $i++ }

Expected behavior

I'd expect only a single permission being added.

Actual behavior

all other permissions are reset ( removed)

Screenshots

[gdbarron]

Hi @tall27. This is how the function currently is expected to work. -Permission expects a full permissions object

.PARAMETER Permission
TppPermission object.  You can create a new object or get existing object from Get-TppPermission.

Only providing individual permissions will cause the rest to be set to false. We could look to make an enhancement to override this behavior and update an existing permissions object individual perms.

For now, I'd suggest what the parameter help states. Get the existing via Get-TppPermission, update the perms you'd like, and send that as your permissions object.

[gdbarron]

@tall27 would you mind testing the update?

[DadsVacayShorts]

I pulled the update , but I as this PR doesn't have the test-tppidentity fix from 206 it fails in my environment. Time permitting I may pull just that update and put it in my local repo and re-test. Here's the wrong format message when I test this update for set-tpppermission which I assume is the period in the identity connector name.

'AD+galaxylab.private:09904781855e7245aaf535c5c65b26d0' is not a valid Prefixed Universal Id format