Update-AzRoleManagementPolicy
更新角色管理原則
Syntax
Update-AzRoleManagementPolicy
-Name <String>
-Scope <String>
[-Description <String>]
[-DisplayName <String>]
[-IsOrganizationDefault]
[-Rule <IRoleManagementPolicyRule[]>]
[-DefaultProfile <PSObject>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Update-AzRoleManagementPolicy
-InputObject <IAuthorizationIdentity>
[-Description <String>]
[-DisplayName <String>]
[-IsOrganizationDefault]
[-Rule <IRoleManagementPolicyRule[]>]
[-DefaultProfile <PSObject>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Description
更新角色管理原則
範例
範例 1:更新原則的到期規則
$scope = "/subscriptions/38ab2ccc-3747-4567-b36b-9478f5602f0d/"
$expirationRule = [RoleManagementPolicyExpirationRule]@{
isExpirationRequired = "false";
maximumDuration = "P180D";
id = "Expiration_Admin_Eligibility";
ruleType = [RoleManagementPolicyRuleType]("RoleManagementPolicyExpirationRule");
targetCaller = "Admin";
targetOperation = @('All');
targetLevel = "Eligibility";
targetObject = $null;
targetInheritableSetting = $null;
targetEnforcedSetting = $null;
}
$rules = [IRoleManagementPolicyRule[]]@($expirationRule)
Update-AzRoleManagementPolicy -Scope $scope -Name "33b520ea-3544-4abc-8565-3588deb8e68e" -Rule $rules
Name Type Scope
---- ---- -----
33b520ea-3544-4abc-8565-3588deb8e68e Microsoft.Authorization/roleManagementPolicies /subscriptions/38ab2ccc-3747-4567-b36b-9478f5602f0d原則上的每個個別 Rule 都可以獨立更新。
範例 2:更新到期規則和原則的通知規則
$scope = "/subscriptions/38ab2ccc-3747-4567-b36b-9478f5602f0d/"
$expirationRule = [RoleManagementPolicyExpirationRule]@{
isExpirationRequired = "false";
maximumDuration = "P180D";
id = "Expiration_Admin_Eligibility";
ruleType = [RoleManagementPolicyRuleType]("RoleManagementPolicyExpirationRule");
targetCaller = "Admin";
targetOperation = @('All');
targetLevel = "Eligibility";
targetObject = $null;
targetInheritableSetting = $null;
targetEnforcedSetting = $null;
}
$notificationRule = [RoleManagementPolicyNotificationRule]@{
notificationType = "Email";
recipientType = "Approver";
isDefaultRecipientsEnabled = "false";
notificationLevel = "Critical";
notificationRecipient = $null;
id = "Notification_Approver_Admin_Eligibility";
ruleType = [RoleManagementPolicyRuleType]("RoleManagementPolicyNotificationRule");
targetCaller = "Admin";
targetOperation = @('All');
targetLevel = "Eligibility";
targetObject = $null;
targetInheritableSetting = $null;
targetEnforcedSetting = $null;
}
$rules = [IRoleManagementPolicyRule[]]@($expirationRule, $notificationRule)
Update-AzRoleManagementPolicy -Scope $scope -Name "33b520ea-3544-4abc-8565-3588deb8e68e" -Rule $rules
Name Type Scope
---- ---- -----
33b520ea-3544-4abc-8565-3588deb8e68e Microsoft.Authorization/roleManagementPolicies /subscriptions/38ab2ccc-3747-4567-b36b-9478f5602f0dRule多個可以一起更新。
參數
-Confirm
執行 Cmdlet 之前先提示您確認。
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DefaultProfile
DefaultProfile 參數無法運作。 如果針對不同的訂用帳戶執行 Cmdlet,請使用 SubscriptionId 參數。
| Type: | PSObject |
| Aliases: | AzureRMContext, AzureCredential |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Description
角色管理原則描述。
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DisplayName
角色管理原則顯示名稱。
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-InputObject
Identity Parameter To construct, see NOTES section for INPUTOBJECT properties and create a hash table.
| Type: | IAuthorizationIdentity |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-IsOrganizationDefault
角色管理原則是默認原則。
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Name
要更新插入的角色管理原則名稱 (guid)。
| Type: | String |
| Aliases: | RoleManagementPolicyName |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Rule
套用至原則的規則。 若要建構,請參閱 RULE 屬性和建立哈希表的 NOTES 一節。
| Type: | IRoleManagementPolicyRule[] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Scope
要向上插入的角色管理原則範圍。
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-WhatIf
顯示執行 Cmdlet 後會發生的情況。 未執行 Cmdlet。
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
輸入
輸出
備註
別名
COMPLEX PARAMETER PROPERTIES
若要建立以下所述的參數,請建構包含適當屬性的哈希表。 如需哈希表的相關信息,請執行 Get-Help about_Hash_Tables。
INPUTOBJECT <IAuthorizationIdentity>:Identity 參數
[Id <String>]:資源識別路徑[RoleAssignmentScheduleInstanceName <String>]:要取得之角色指派排程的名稱(排程名稱 + 時間的哈希)。[RoleAssignmentScheduleName <String>]:要取得的角色指派排程名稱(guid)。[RoleAssignmentScheduleRequestName <String>]:要建立的角色指派名稱。 它可以是任何有效的 GUID。[RoleEligibilityScheduleInstanceName <String>]:要取得之角色資格排程的名稱(排程名稱的哈希 + 時間)。[RoleEligibilityScheduleName <String>]:要取得之角色資格排程的名稱(guid)。[RoleEligibilityScheduleRequestName <String>]:要建立的角色資格名稱。 它可以是任何有效的 GUID。[RoleManagementPolicyAssignmentName <String>]:要取得的角色管理原則指派格式 {guid_guid} 名稱。[RoleManagementPolicyName <String>]:要取得的角色管理原則名稱(guid)。[Scope <String>]:角色管理原則的範圍。
RULE <IRoleManagementPolicyRule[]>:套用至原則的規則。
RuleType <RoleManagementPolicyRuleType>:規則的類型[Id <String>]:規則的識別碼。[TargetCaller <String>]:設定的呼叫端。[TargetEnforcedSetting <String[]>]:強制設定的清單。[TargetInheritableSetting <String[]>]:可繼承的設定清單。[TargetLevel <String>]:套用指派層級。[TargetObject <String[]>]:目標物件清單。[TargetOperation <String[]>]:作業的類型。