From 40735708a976ad0d5d6007faa7964b4e4dbadaed Mon Sep 17 00:00:00 2001 From: Anthony Watherston Date: Mon, 13 Nov 2023 16:11:47 +1100 Subject: [PATCH] Add no deletion for exemptions when ownedonly (#419) Co-authored-by: Anthony Watherston --- Scripts/Helpers/Build-ExemptionsPlan.ps1 | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/Scripts/Helpers/Build-ExemptionsPlan.ps1 b/Scripts/Helpers/Build-ExemptionsPlan.ps1 index 633f1644..9a904830 100644 --- a/Scripts/Helpers/Build-ExemptionsPlan.ps1 +++ b/Scripts/Helpers/Build-ExemptionsPlan.ps1 @@ -300,7 +300,7 @@ function Build-ExemptionsPlan { } } else { - if (!$AllAssignments.ContainsKey($policyAssignmentId) -and $deleteOrpahed) { + if (!$AllAssignments.ContainsKey($policyAssignmentId) -and $deleteOrphaned) { Write-Warning "Orphaned exemption (name=$name, scope=$scope) in definitions" continue } @@ -433,7 +433,17 @@ function Build-ExemptionsPlan { $removed = $true } } - $shallDelete = Confirm-DeleteForStrategy -PacOwner $pacOwner -Strategy $strategy -Status $status -DeleteExpired $deleteExpired -DeleteOrphaned $deleteOrphaned -Removed $removed + if ($null -eq $exemption.metadata.pacOwnerId -and $PacEnvironment.desiredState.strategy -eq "ownedOnly") { + $shallDelete = $false + } + else { + $shallDelete = Confirm-DeleteForStrategy -PacOwner $pacOwner ` + -Strategy $strategy ` + -Status $status ` + -DeleteExpired $deleteExpired ` + -DeleteOrphaned $deleteOrphaned ` + -Removed $removed + } if ($shallDelete) { switch ($status) {