Share via

Set-PAMRole

  • Reference
Module:
MIMPAM

Updates a PAM Role in the MIM Service.

Syntax

Set-PAMRole
   [-Role] <PAMRole>
   [[-TTL] <TimeSpan>]
   [[-AvailableFrom] <DateTime>]
   [[-AvailableTo] <DateTime>]
   [[-MFAEnabled] <Boolean>]
   [[-ApprovalEnabled] <Boolean>]
   [[-AvailabilityWindowEnabled] <Boolean>]
   [[-DisplayName] <String>]
   [[-Description] <String>]
   [[-Candidates] <PAMUser[]>]
   [[-Privileges] <PAMGroup[]>]
   [[-Approvers] <PAMUser[]>]
   [[-Session] <PAMSession>]
   [-DisableAutoApprovalIfOwner <Boolean>]
   [<CommonParameters>]

Description

The Set-PAMRole cmdlet updates a PAM role in the MIM Service.

Examples

EXAMPLE 1

Set-PAMRole -Role (Get-PAMRole -DisplayName "IT") -Description "For IT Use Only"

Description

This command changes an attribute of the PAM role in the MIM Service.

EXAMPLE 2

$r = Get-PAMRole -DisplayName "IT" ; $nc = $r.Candidates + (Get-PAMUser -PrivDisplayName "contoso.jen") ; $r = Set-PAMRole -Role $r -Candidates $nc

Description

This command adds a candidate user to a PAM role in the MIM Service.

Parameters

-ApprovalEnabled

If true, activation requests for this role will require approval by a role owner.

Type:Boolean
Position:6
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Approvers

The optional list of users who are owners of the role and can approve requests if ApprovalEnabled is set.

Type:PAMUser[]
Position:12
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-AvailabilityWindowEnabled

If true, the role can only be activated during a specified time window.

Type:Boolean
Position:7
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-AvailableFrom

Only the time portion of this parameter is used.

Type:DateTime
Position:3
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-AvailableTo

Only the time portion of this parameter is used.

Type:DateTime
Position:4
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Candidates

The collection of candidate users which are to be associated with the PAM Role.

Type:PAMUser[]
Position:10
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Description

The description of the PAM Role in the MIM Service.

Type:String
Position:9
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DisableAutoApprovalIfOwner

{{Fill DisableAutoApprovalIfOwner Description}}

Type:Boolean
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DisplayName

Value for DisplayName attribute of the PAM Role in the MIM Service.

Type:String
Position:8
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-MFAEnabled

If true, activation requests for this role will require an MFA challenge.

Type:Boolean
Position:5
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Privileges

The collection of groups which are associated with the PAM Role.

Type:PAMGroup[]
Position:11
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Role

The role to be updated, returned by Get-PAMRole.

Type:PAMRole
Position:1
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-Session

Session with the PAM domain and MIM Service.

Type:PAMSession
Position:13
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-TTL

The default time to live in seconds of group memberships assigned to users via this role.

Type:TimeSpan
Position:2
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Outputs

Microsoft.IdentityManagement.PamCmdlets.Model.PAMRole

Modified PAM role.