Remove-AzKeyVaultAccessPolicy
從金鑰保存庫移除使用者或應用程式的所有許可權。
Syntax
Remove-AzKeyVaultAccessPolicy
[-VaultName] <String>
[[-ResourceGroupName] <String>]
-UserPrincipalName <String>
[-PassThru]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[-SubscriptionId <String>]
[<CommonParameters>] Remove-AzKeyVaultAccessPolicy
[-VaultName] <String>
[[-ResourceGroupName] <String>]
-ObjectId <String>
[-ApplicationId <Guid>]
[-PassThru]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[-SubscriptionId <String>]
[<CommonParameters>] Remove-AzKeyVaultAccessPolicy
[-VaultName] <String>
[[-ResourceGroupName] <String>]
-ServicePrincipalName <String>
[-PassThru]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[-SubscriptionId <String>]
[<CommonParameters>] Remove-AzKeyVaultAccessPolicy
[-VaultName] <String>
[[-ResourceGroupName] <String>]
-EmailAddress <String>
[-PassThru]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[-SubscriptionId <String>]
[<CommonParameters>] Remove-AzKeyVaultAccessPolicy
[-VaultName] <String>
[[-ResourceGroupName] <String>]
[-EnabledForDeployment]
[-EnabledForTemplateDeployment]
[-EnabledForDiskEncryption]
[-PassThru]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[-SubscriptionId <String>]
[<CommonParameters>] Remove-AzKeyVaultAccessPolicy
[-InputObject] <PSKeyVault>
-ObjectId <String>
[-ApplicationId <Guid>]
[-PassThru]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[-SubscriptionId <String>]
[<CommonParameters>] Remove-AzKeyVaultAccessPolicy
[-InputObject] <PSKeyVault>
-ServicePrincipalName <String>
[-PassThru]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[-SubscriptionId <String>]
[<CommonParameters>] Remove-AzKeyVaultAccessPolicy
[-InputObject] <PSKeyVault>
-UserPrincipalName <String>
[-PassThru]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[-SubscriptionId <String>]
[<CommonParameters>] Remove-AzKeyVaultAccessPolicy
[-InputObject] <PSKeyVault>
-EmailAddress <String>
[-PassThru]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[-SubscriptionId <String>]
[<CommonParameters>] Remove-AzKeyVaultAccessPolicy
[-InputObject] <PSKeyVault>
[-EnabledForDeployment]
[-EnabledForTemplateDeployment]
[-EnabledForDiskEncryption]
[-PassThru]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[-SubscriptionId <String>]
[<CommonParameters>] Remove-AzKeyVaultAccessPolicy
[-ResourceId] <String>
-ObjectId <String>
[-ApplicationId <Guid>]
[-PassThru]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[-SubscriptionId <String>]
[<CommonParameters>] Remove-AzKeyVaultAccessPolicy
[-ResourceId] <String>
-ServicePrincipalName <String>
[-PassThru]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[-SubscriptionId <String>]
[<CommonParameters>] Remove-AzKeyVaultAccessPolicy
[-ResourceId] <String>
-UserPrincipalName <String>
[-PassThru]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[-SubscriptionId <String>]
[<CommonParameters>] Remove-AzKeyVaultAccessPolicy
[-ResourceId] <String>
-EmailAddress <String>
[-PassThru]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[-SubscriptionId <String>]
[<CommonParameters>] Remove-AzKeyVaultAccessPolicy
[-ResourceId] <String>
[-EnabledForDeployment]
[-EnabledForTemplateDeployment]
[-EnabledForDiskEncryption]
[-PassThru]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[-SubscriptionId <String>]
[<CommonParameters>] Description
Remove-AzKeyVaultAccessPolicy Cmdlet 會移除使用者或應用程式或密鑰保存庫中所有使用者和應用程式的所有許可權。 即使您移除所有許可權,包含密鑰保存庫的 Azure 訂用帳戶擁有者也可以將許可權新增至金鑰保存庫。 請注意,雖然指定此 Cmdlet 的資源群組是選擇性的,但您應該這麼做以提升效能。
Cmdlet 可能會根據輸入參數呼叫下列 Microsoft Graph API:
- GET /directoryObjects/{id}
- GET /users/{id}
- GET /users
- GET /servicePrincipals/{id}
- GET /servicePrincipals
- GET /groups/{id}
範例
範例 1:移除使用者的許可權
Remove-AzKeyVaultAccessPolicy -VaultName 'Contoso03Vault' -UserPrincipalName 'PattiFuller@contoso.com' -PassThru
Vault Name : Contoso03Vault
Resource Group Name : myrg
Location : westus
Resource ID : /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/resourceGroups/myrg/providers
/Microsoft.KeyVault/vaults/contoso03vault
Vault URI : https://contoso03vault.vault.azure.net/
Tenant ID : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx
SKU : Standard
Enabled For Deployment? : False
Enabled For Template Deployment? : False
Enabled For Disk Encryption? : False
Soft Delete Enabled? :
Access Policies :
Tenant ID : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx
Object ID : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx
Application ID :
Display Name : User Name (username@microsoft.com)
Permissions to Keys :
Permissions to Secrets :
Permissions to Certificates : get, create
Permissions to (Key Vault Managed) Storage :
Network Rule Set :
Default Action : Allow
Bypass : AzureServices
IP Rules :
Virtual Network Rules :
Tags :此命令會移除使用者 PattiFuller@contoso.com 對名為 Contoso03Vault 之密鑰保存庫的所有許可權。 如果指定了 -PassThru,則會傳回 KeyVault 物件。
範例 2:移除應用程式的許可權
Remove-AzKeyVaultAccessPolicy -VaultName 'Contoso03Vault' -ServicePrincipalName 'http://payroll.contoso.com'此命令會移除應用程式在名為 Contoso03Vault 之金鑰保存庫上擁有的所有許可權。
此範例會使用 Microsoft Entra ID http://payroll.contoso.com中註冊的服務主體名稱來識別應用程式。
範例 3:使用其物件標識碼移除應用程式的許可權
Remove-AzKeyVaultAccessPolicy -VaultName 'Contoso03Vault' -ObjectID 34595082-9346-41b6-8d6b-295a2808b8db此命令會移除應用程式在名為 Contoso03Vault 之金鑰保存庫上擁有的所有許可權。 此範例會依服務主體的物件標識碼來識別應用程式。
範例 4:移除 Microsoft.Compute 資源提供者的許可權
Remove-AzKeyVaultAccessPolicy -VaultName 'Contoso03Vault' -ResourceGroupName 'Group14' -EnabledForDeployment此命令會移除 Microsoft.Compute 資源提供者的許可權,以從 Contoso03Vault 取得秘密。
參數
-ApplicationId
指定應移除其許可權的應用程式識別碼
| Type: | Nullable<T>[Guid] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Confirm
執行 Cmdlet 之前先提示您確認。
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DefaultProfile
用於與 azure 通訊的認證、帳戶、租用戶和訂用帳戶
| Type: | IAzureContextContainer |
| Aliases: | AzContext, AzureRmContext, AzureCredential |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-EmailAddress
指定您要移除其存取權之使用者的使用者電子郵件位址。
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-EnabledForDeployment
如果指定,請在資源建立中參考時,停用 Microsoft.Compute 資源提供者從此密鑰保存庫擷取秘密。
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-EnabledForDiskEncryption
如果指定,請 Azure 磁碟加密 停用從此金鑰保存庫擷取秘密。
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-EnabledForTemplateDeployment
如果指定,請在範本中參考時,停用 Azure Resource Manager 從此密鑰保存庫擷取秘密。
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-InputObject
金鑰保存庫物件。
| Type: | PSKeyVault |
| Position: | 0 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-ObjectId
指定要移除許可權的 Microsoft Entra ID 中用戶或服務主體的物件識別碼。
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-PassThru
會傳回 物件,代表您正在使用的專案。 根據預設,此 Cmdlet 不會產生任何輸出。
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ResourceGroupName
指定與正在修改其存取原則之密鑰保存庫相關聯的資源組名。 如果未指定,此 Cmdlet 會搜尋目前訂用帳戶中的密鑰保存庫。
| Type: | String |
| Position: | 1 |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ResourceId
KeyVault 資源標識碼。
| Type: | String |
| Position: | 0 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-ServicePrincipalName
指定您要移除其許可權的應用程式服務主體名稱。 在 Microsoft Entra ID 中指定為應用程式註冊的應用程式識別碼,也稱為用戶端識別碼。
| Type: | String |
| Aliases: | SPN |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-SubscriptionId
訂用帳戶的識別碼。 根據預設,Cmdlet 會在目前內容中設定的訂用帳戶中執行。 如果使用者指定另一個訂用帳戶,則會在使用者指定的訂用帳戶中執行目前的 Cmdlet。 覆寫訂閱只會在目前 Cmdlet 的生命週期內生效。 它不會變更內容中的訂用帳戶,而且不會影響後續的 Cmdlet。
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-UserPrincipalName
指定您要移除其存取權之用戶的用戶主體名稱。
| Type: | String |
| Aliases: | UPN |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-VaultName
指定金鑰保存庫的名稱。 這個 Cmdlet 會移除此參數所指定之金鑰保存庫的許可權。
| Type: | String |
| Position: | 0 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-WhatIf
顯示執行 Cmdlet 後會發生的情況。 未執行 Cmdlet。
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
輸入
輸出
相關連結
意見反應
即將登場:在 2024 年,我們將逐步淘汰 GitHub 問題作為內容的意見反應機制,並將它取代為新的意見反應系統。 如需詳細資訊,請參閱:https://aka.ms/ContentUserFeedback。
提交並檢視相關的意見反應