Get-AzKeyVaultRoleDefinition
List role definitions of a given managed HSM at a given scope.
Syntax
Interactive (Default)
Get-AzKeyVaultRoleDefinition
[-HsmName] <String>
[-Scope <String>]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
CustomOnly
Get-AzKeyVaultRoleDefinition
[-HsmName] <String>
[-Scope <String>]
[-Custom]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
ByName
Get-AzKeyVaultRoleDefinition
[-HsmName] <String>
-RoleDefinitionName <String>
[-Scope <String>]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
Description
List role definitions of a given managed HSM at a given scope.
Examples
Example 1
Get-AzKeyVaultRoleDefinition -HsmName myHsm -Scope "/keys"
RoleName Description Permissions
-------- ----------- -----------
Managed HSM Administrator 1 permission(s)
Managed HSM Crypto Officer 1 permission(s)
Managed HSM Crypto User 1 permission(s)
Managed HSM Policy Administrator 1 permission(s)
Managed HSM Crypto Auditor 1 permission(s)
Managed HSM Crypto Service Encryption 1 permission(s)
Managed HSM Backup 1 permission(s)
The example lists all the roles at "/keys" scope.
Example 2
$backupRole = Get-AzKeyVaultRoleDefinition -HsmName myHsm -RoleDefinitionName "Managed HSM Backup User"
$backupRole.Permissions
Actions NotActions DataActions NotDataActions
------- ---------- ----------- --------------
0 action(s) 0 action(s) 3 action(s) 0 action(s)
$backupRole.Permissions.DataActions
Microsoft.KeyVault/managedHsm/backup/start/action
Microsoft.KeyVault/managedHsm/backup/status/action
Microsoft.KeyVault/managedHsm/keys/backup/action
The example gets the "Managed HSM Backup" role and inspects its permissions.
Example 3
Get-AzKeyVaultRoleDefinition -HsmName myHsm -Custom
This example lists all the custom role definitions belong to "myHsm".
Parameters
-Custom
If specified, only displays the custom created roles in the directory.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
CustomOnly
| Position: | Named |
| Mandatory: | True |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with Azure.
Parameter properties
| Type: | IAzureContextContainer |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | AzContext, AzureRmContext, AzureCredential |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-HsmName
Name of the HSM.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | 1 |
| Mandatory: | True |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-RoleDefinitionName
Name of the role definition to get.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | RoleName |
Parameter sets
ByName
| Position: | Named |
| Mandatory: | True |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Scope
Scope at which the role assignment or definition applies to, e.g., '/' or '/keys' or '/keys/{keyName}'. '/' is used when omitted.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.