Update-AzRoleManagementPolicy
更新角色管理原則
Syntax
Update-AzRoleManagementPolicy
-Name <String>
-Scope <String>
[-Description <String>]
[-DisplayName <String>]
[-IsOrganizationDefault]
[-Rule <IRoleManagementPolicyRule[]>]
[-DefaultProfile <PSObject>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Update-AzRoleManagementPolicy
-InputObject <IAuthorizationIdentity>
[-Description <String>]
[-DisplayName <String>]
[-IsOrganizationDefault]
[-Rule <IRoleManagementPolicyRule[]>]
[-DefaultProfile <PSObject>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
更新角色管理原則
範例
範例 1:更新原則的到期規則
$scope = "/subscriptions/38ab2ccc-3747-4567-b36b-9478f5602f0d/"
$expirationRule = [RoleManagementPolicyExpirationRule]@{
isExpirationRequired = "false";
maximumDuration = "P180D";
id = "Expiration_Admin_Eligibility";
ruleType = [RoleManagementPolicyRuleType]("RoleManagementPolicyExpirationRule");
targetCaller = "Admin";
targetOperation = @('All');
targetLevel = "Eligibility";
targetObject = $null;
targetInheritableSetting = $null;
targetEnforcedSetting = $null;
}
$rules = [IRoleManagementPolicyRule[]]@($expirationRule)
Update-AzRoleManagementPolicy -Scope $scope -Name "33b520ea-3544-4abc-8565-3588deb8e68e" -Rule $rules
Name Type Scope
---- ---- -----
33b520ea-3544-4abc-8565-3588deb8e68e Microsoft.Authorization/roleManagementPolicies /subscriptions/38ab2ccc-3747-4567-b36b-9478f5602f0d
原則上的每個個別 Rule
都可以獨立更新。
範例 2:更新到期規則和原則的通知規則
$scope = "/subscriptions/38ab2ccc-3747-4567-b36b-9478f5602f0d/"
$expirationRule = [RoleManagementPolicyExpirationRule]@{
isExpirationRequired = "false";
maximumDuration = "P180D";
id = "Expiration_Admin_Eligibility";
ruleType = [RoleManagementPolicyRuleType]("RoleManagementPolicyExpirationRule");
targetCaller = "Admin";
targetOperation = @('All');
targetLevel = "Eligibility";
targetObject = $null;
targetInheritableSetting = $null;
targetEnforcedSetting = $null;
}
$notificationRule = [RoleManagementPolicyNotificationRule]@{
notificationType = "Email";
recipientType = "Approver";
isDefaultRecipientsEnabled = "false";
notificationLevel = "Critical";
notificationRecipient = $null;
id = "Notification_Approver_Admin_Eligibility";
ruleType = [RoleManagementPolicyRuleType]("RoleManagementPolicyNotificationRule");
targetCaller = "Admin";
targetOperation = @('All');
targetLevel = "Eligibility";
targetObject = $null;
targetInheritableSetting = $null;
targetEnforcedSetting = $null;
}
$rules = [IRoleManagementPolicyRule[]]@($expirationRule, $notificationRule)
Update-AzRoleManagementPolicy -Scope $scope -Name "33b520ea-3544-4abc-8565-3588deb8e68e" -Rule $rules
Name Type Scope
---- ---- -----
33b520ea-3544-4abc-8565-3588deb8e68e Microsoft.Authorization/roleManagementPolicies /subscriptions/38ab2ccc-3747-4567-b36b-9478f5602f0d
Rule
多個可以一起更新。
參數
-Confirm
執行 Cmdlet 之前先提示您確認。
Type: | SwitchParameter |
Aliases: | cf |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-DefaultProfile
DefaultProfile 參數無法運作。 如果針對不同的訂用帳戶執行 Cmdlet,請使用 SubscriptionId 參數。
Type: | PSObject |
Aliases: | AzureRMContext, AzureCredential |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Description
角色管理原則描述。
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-DisplayName
角色管理原則顯示名稱。
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-InputObject
Identity Parameter To construct, see NOTES section for INPUTOBJECT properties and create a hash table.
Type: | IAuthorizationIdentity |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-IsOrganizationDefault
角色管理原則是默認原則。
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Name
要更新插入的角色管理原則名稱 (guid)。
Type: | String |
Aliases: | RoleManagementPolicyName |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Rule
套用至原則的規則。 若要建構,請參閱 RULE 屬性和建立哈希表的 NOTES 一節。
Type: | IRoleManagementPolicyRule[] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Scope
要向上插入的角色管理原則範圍。
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-WhatIf
顯示執行 Cmdlet 後會發生的情況。 未執行 Cmdlet。
Type: | SwitchParameter |
Aliases: | wi |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
輸入
輸出
備註
別名
COMPLEX PARAMETER PROPERTIES
若要建立以下所述的參數,請建構包含適當屬性的哈希表。 如需哈希表的相關信息,請執行 Get-Help about_Hash_Tables。
INPUTOBJECT <IAuthorizationIdentity>
:Identity 參數
[Id <String>]
:資源識別路徑[RoleAssignmentScheduleInstanceName <String>]
:要取得之角色指派排程的名稱(排程名稱 + 時間的哈希)。[RoleAssignmentScheduleName <String>]
:要取得的角色指派排程名稱(guid)。[RoleAssignmentScheduleRequestName <String>]
:要建立的角色指派名稱。 它可以是任何有效的 GUID。[RoleEligibilityScheduleInstanceName <String>]
:要取得之角色資格排程的名稱(排程名稱的哈希 + 時間)。[RoleEligibilityScheduleName <String>]
:要取得之角色資格排程的名稱(guid)。[RoleEligibilityScheduleRequestName <String>]
:要建立的角色資格名稱。 它可以是任何有效的 GUID。[RoleManagementPolicyAssignmentName <String>]
:要取得的角色管理原則指派格式 {guid_guid} 名稱。[RoleManagementPolicyName <String>]
:要取得的角色管理原則名稱(guid)。[Scope <String>]
:角色管理原則的範圍。
RULE <IRoleManagementPolicyRule[]>
:套用至原則的規則。
RuleType <RoleManagementPolicyRuleType>
:規則的類型[Id <String>]
:規則的識別碼。[TargetCaller <String>]
:設定的呼叫端。[TargetEnforcedSetting <String[]>]
:強制設定的清單。[TargetInheritableSetting <String[]>]
:可繼承的設定清單。[TargetLevel <String>]
:套用指派層級。[TargetObject <String[]>]
:目標物件清單。[TargetOperation <String[]>]
:作業的類型。