Get-AzKeyVaultRoleDefinition
List role definitions of a given managed HSM at a given scope.
语法
Interactive (默认值)
Get-AzKeyVaultRoleDefinition
[-HsmName] <String>
[-Scope <String>]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
CustomOnly
Get-AzKeyVaultRoleDefinition
[-HsmName] <String>
[-Scope <String>]
[-Custom]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
ByName
Get-AzKeyVaultRoleDefinition
[-HsmName] <String>
-RoleDefinitionName <String>
[-Scope <String>]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
说明
List role definitions of a given managed HSM at a given scope.
示例
Example 1
Get-AzKeyVaultRoleDefinition -HsmName myHsm -Scope "/keys"
RoleName Description Permissions
-------- ----------- -----------
Managed HSM Administrator 1 permission(s)
Managed HSM Crypto Officer 1 permission(s)
Managed HSM Crypto User 1 permission(s)
Managed HSM Policy Administrator 1 permission(s)
Managed HSM Crypto Auditor 1 permission(s)
Managed HSM Crypto Service Encryption 1 permission(s)
Managed HSM Backup 1 permission(s)
The example lists all the roles at "/keys" scope.
Example 2
$backupRole = Get-AzKeyVaultRoleDefinition -HsmName myHsm -RoleDefinitionName "Managed HSM Backup User"
$backupRole.Permissions
Actions NotActions DataActions NotDataActions
------- ---------- ----------- --------------
0 action(s) 0 action(s) 3 action(s) 0 action(s)
$backupRole.Permissions.DataActions
Microsoft.KeyVault/managedHsm/backup/start/action
Microsoft.KeyVault/managedHsm/backup/status/action
Microsoft.KeyVault/managedHsm/keys/backup/action
The example gets the "Managed HSM Backup" role and inspects its permissions.
Example 3
Get-AzKeyVaultRoleDefinition -HsmName myHsm -Custom
This example lists all the custom role definitions belong to "myHsm".
参数
-Custom
If specified, only displays the custom created roles in the directory.
参数属性
类型: | SwitchParameter |
默认值: | None |
支持通配符: | False |
不显示: | False |
参数集
CustomOnly
Position: | Named |
必需: | True |
来自管道的值: | False |
来自管道的值(按属性名称): | False |
来自剩余参数的值: | False |
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with Azure.
参数属性
类型: | IAzureContextContainer |
默认值: | None |
支持通配符: | False |
不显示: | False |
别名: | AzContext, AzureRmContext, AzureCredential |
参数集
(All)
Position: | Named |
必需: | False |
来自管道的值: | False |
来自管道的值(按属性名称): | False |
来自剩余参数的值: | False |
-HsmName
Name of the HSM.
参数属性
类型: | String |
默认值: | None |
支持通配符: | False |
不显示: | False |
参数集
(All)
Position: | 1 |
必需: | True |
来自管道的值: | False |
来自管道的值(按属性名称): | False |
来自剩余参数的值: | False |
-RoleDefinitionName
Name of the role definition to get.
参数属性
类型: | String |
默认值: | None |
支持通配符: | False |
不显示: | False |
别名: | RoleName |
参数集
ByName
Position: | Named |
必需: | True |
来自管道的值: | False |
来自管道的值(按属性名称): | False |
来自剩余参数的值: | False |
-Scope
Scope at which the role assignment or definition applies to, e.g., '/' or '/keys' or '/keys/{keyName}'. '/' is used when omitted.
参数属性
类型: | String |
默认值: | None |
支持通配符: | False |
不显示: | False |
参数集
(All)
Position: | Named |
必需: | False |
来自管道的值: | False |
来自管道的值(按属性名称): | False |
来自剩余参数的值: | False |
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.