Powershell, Switch naming ParameterSets

Question

Original Question - Update below - Final code in marked answer

More or less a simple question I hope but my brain is fried. I'm trying to write a module to set registry key permissions, named 'Set-RegistryPermissions', and have a slight problem with naming my switches and creating acceptable parameter sets. I've come up with the following but I got to last line and got stumped.

    # -Recurse                  Sets Permissions for supplied key and subkeys (entire tree)

    # -Inherit                  Sets Inheritance for supplied key
    # -SubkeyInherit            Sets Inheritance for only subkeys (entire subkey tree)

    # -Inherit -Recurse         Sets Inheritance for supplied key and subkeys (entire tree)
    # -SubkeyInherit -Recurse   Sets Permissions for supplied key and Inheritance for subkeys (entire subkey tree)

The more I look at it the more confused I'm getting. Maybe I could combine -Inherit & -SubkeyInherit instead of -Inherit -Recurse or maybe start again and have something like SetSuppliedKey, Recurse, Set... Ahhh I'm confused again. Any suggestions please?

---- Update ----

In response to the comment by @Scepticalist I came up with the following which also allows me to add '-Permissions -Subkeys'.

I did think I could change '-Permissions -Recurse' to '-Permissions -All' but that sounds harder to understand or I could change '-Inherit -All' to '-Inherit -Recurse' and scrap the -All switch, but that might make the last option confusing, like your trying to recurse all the permissions as well as the inherit.

Maybe I'm just overthinking this or trying to do too much in one command. It might be easier if the command was ran twice, set Permissions then set Inheritance.

Please let me know your thoughts, if you see any problems or think it's too complicated. Thank you.

# -Permissions (Parameter)
# -Recurse (Switch)
# -Inherit (Switch)
# -Subkeys (Switch)
# -All (Switch)

# -Permissions              Sets Permissions for supplied key
# -Permissions -Subkeys     Sets Permissions for only subkeys (entire subkey tree)
# -Permissions -Recurse     Sets Permissions for supplied key and subkeys (entire tree)

# -Inherit                  Sets Inheritance for supplied key
# -Inherit -Subkeys         Sets Inheritance for only subkeys (entire subkey tree)
# -Inherit -All             Sets Inheritance for supplied key and subkeys (entire tree)

# -Permissions -Inherit -Subkeys    Sets Permissions for supplied key and Inheritance for subkeys (entire subkey tree)
# -Permissions -Inherit -All        Sets Permissions for supplied key and Inheritance for entire tree

These would be the only valid combinations, a example of a invalid combination would be, -Permissions -Subkeys -Recurse, or -Permissions -Subkeys -All

[EDIT]

Reading it over I think I might change 'Subkeys' to 'InheritSubkeys' and scrap the 'All' switch making the last 4 lines read,

# -InheritSubkeys           Sets Inheritance for only subkeys (entire subkey tree)
# -Inherit -InheritSubkeys  Sets Inheritance for supplied key and subkeys (entire tree)

# -Permissions -InheritSubkeys            Sets Permissions for supplied key and Inheritance for subkeys (entire subkey tree)
# -Permissions -Inherit -InheritSubkeys   Sets Permissions for supplied key and Inheritance for entire tree

Answer 1

I worked out my names and with a little help from the answer here, Multiple mandatory parameters in a single parameter set, I finally got everything working the way I want.

Get-Help displays correctly, tab completion works correctly and only valid parameters are displayed after typing a dash when others are present.

I still don't fully understand how this is all working but it's working and that's all I care about now.

So my final naming and parameter sets are:

# -User          (Mandatory)
# -RegKey        (Mandatory)
# -Rights        (Allow | Deny)
# -Permissions   (Validateset)
# -Recurse       (Switch)
# -SubkeysOnly   (Switch)
# -Inherit       (SingleKey | All | Subkeys)

# -Permissions -Rights                    Sets Permissions for supplied key
# -Permissions -Rights -Recurse           Sets Permissions for supplied key and subkeys (entire tree)
# -Permissions -Rights -SubkeysOnly       Sets Permissions for only subkeys (entire subkey tree)

# -Inherit SingleKey                      Sets Inheritance for supplied key
# -Inherit Subkeys                        Sets Inheritance for only subkeys (entire subkey tree)
# -Inherit All                            Sets Inheritance for supplied key and subkeys (entire tree)

# -Permissions -Rights -Inherit Subkeys   Sets Permissions for supplied key and Inheritance for subkeys (entire subkey tree)
# -Permissions -Rights -Inherit All       Sets Permissions for supplied key and Inheritance for entire tree 

function Set-RegistryPermissions
{
    param(
    [Parameter(Mandatory=$true, ValueFromPipeline=$false)]
    [ValidateNotNullOrEmpty()]
    [string]$User,

    [Parameter(Mandatory=$true, ValueFromPipeline=$false)]
    [ValidateNotNullOrEmpty()]
    [string]$RegKey,

    [Parameter(ParameterSetName = 'PermissionsInherit', Mandatory = $true)]
    [Parameter(ParameterSetName = 'SubKeysOnly', Mandatory = $true)]
    [Parameter(ParameterSetName = 'Recurse', Mandatory = $true)]
    [Parameter(ParameterSetName = 'PermissionsRights', Mandatory = $true)]
    [ValidateNotNullOrEmpty()]
    [Validateset("ChangePermissions","CreateSubKey","Delete","EnumerateSubKeys","ExecuteKey","FullControl", ``
                 "Notify","QueryValues","ReadKey","ReadPermissions","SetValue","TakeOwnership","WriteKey")]
    [string[]]$Permissions,

    [Parameter(ParameterSetName = 'Recurse', Mandatory = $true)]
    [Switch]$Recurse,

    [Parameter(ParameterSetName = 'SubKeysOnly', Mandatory = $true)]
    [Switch]$SubKeysOnly,

    [Parameter(ParameterSetName = 'Inherit', Mandatory = $true)]
    [Parameter(ParameterSetName = 'PermissionsInherit', Mandatory = $true, ValueFromPipeline=$false)]
    [ValidateNotNullOrEmpty()]
    [Validateset("SingleKey","All","Subkeys")]
    [string]$Inherit,

    [Parameter(ParameterSetName = 'SubKeysOnly', Mandatory = $true)]
    [Parameter(ParameterSetName = 'Recurse', Mandatory = $true)]
    [Parameter(ParameterSetName = 'PermissionsInherit', Mandatory = $true)]
    [Parameter(ParameterSetName = 'PermissionsRights', Mandatory = $true)]
    [ValidateNotNullOrEmpty()]
    [Validateset("Allow","Deny")]
    [string]$Rights
    )
}

Get-Help Set-RegistryPermissions

If you want to copy and test there should only be one backtick(`) in the permissions ValidateSet. I had to add a second to get it to display right here.

Result from Get-Help

SYNTAX
Set-RegistryPermissions -User <string> -RegKey <string> -Permissions {ChangePermissions | CreateSubKey | Delete | EnumerateSubKeys | ExecuteKey | FullControl | Notify | QueryValues | ReadKey | ReadPermissions | SetValue | TakeOwnership | WriteKey} 
-Rights {Allow | Deny}  [<CommonParameters>]

Set-RegistryPermissions -User <string> -RegKey <string> -Permissions {ChangePermissions | CreateSubKey | Delete | EnumerateSubKeys | ExecuteKey | FullControl | Notify | QueryValues | ReadKey | ReadPermissions | SetValue | TakeOwnership | WriteKey} 
-Recurse -Rights {Allow | Deny}  [<CommonParameters>]

Set-RegistryPermissions -User <string> -RegKey <string> -Permissions {ChangePermissions | CreateSubKey | Delete | EnumerateSubKeys | ExecuteKey | FullControl | Notify | QueryValues | ReadKey | ReadPermissions | SetValue | TakeOwnership | WriteKey} 
-SubKeysOnly -Rights {Allow | Deny}  [<CommonParameters>]

Set-RegistryPermissions -User <string> -RegKey <string> -Permissions {ChangePermissions | CreateSubKey | Delete | EnumerateSubKeys | ExecuteKey | FullControl | Notify | QueryValues | ReadKey | ReadPermissions | SetValue | TakeOwnership | WriteKey} 
-Inherit {SingleKey | All | Subkeys} -Rights {Allow | Deny}  [<CommonParameters>]

Set-RegistryPermissions -User <string> -RegKey <string> -Inherit {SingleKey | All | Subkeys}  [<CommonParameters>]

The ValidateSet for the permissions can make it a little hard to read but it's correct.