SYNOPSIS
Configures a role authorization rule
SYNTAX
Copy Set-AmsRoleAuthorizationRule [-Id] <String> [-Name <String>] [-AddPrincipalsAllowedJit <Object[]>]
[-RemovePrincipalsAllowedJit <Object[]>] [-AddPrincipalsDeniedJit <Object[]>]
[-RemovePrincipalsDeniedJit <Object[]>] [-GroupName <String>] [-MaximumAccessDuration <TimeSpan>]
[-DefaultAccessDuration <TimeSpan>] [-AllowExtension <Boolean>] [-Description <String>]
[-RuleExpiryDate <DateTime>] [-Enabled <Boolean>] [-Notes <String>]
[-UserRequestReasonRequirement <AuditReasonFieldState>] [-NotificationChannelsSuccess <String[]>]
[-NotificationChannelsFailure <String[]>] [-SiteName <String>] [-DomainControllerName <String>]
[<CommonParameters>]
DESCRIPTION
This cmdlet allows you to change properties on role authorization rules
EXAMPLES
Example 1
Copy PS C:\ > Set-AmsRoleAuthorizationRule - Id 'a984d40c-8b22-4009-83ac-f38b7b341cc4' - Name "My new role name"
Renames a role
Example 2
Copy PS C:\ > Set-AmsRoleAuthorizationRule - Id 'a984d40c-8b22-4009-83ac-f38b7b341cc4' - AddPrincipalsAllowedJit "DOMAIN\user1"
Adds `Domain\user1` to the list of users who are allowed to access this role
Example 3
Copy PS C:\ > Get-AmsRoleAuthorizationRule - Name "My role" | Set-AmsRoleAuthorizationRule - AddPrincipalsDeniedJit "DOMAIN\user1"
Get a rule by its name, and adds `Domain\user1` to the list of users who are denied to access this role
Example 4
Copy PS C:\ > Get-AmsRoleAuthorizationRule - Name "My role" | Set-AmsRoleAuthorizationRule - Enabled: $false
Get a rule by its name, and disables it
PARAMETERS
-AddPrincipalsAllowedJit
A list of usernames or SIDs to add to the list of users who are allowed to access this role
Copy Type : Object[]
Parameter Sets : (All)
Aliases :
Required : False
Position : Named
Default value : None
Accept pipeline input : False
Accept wildcard characters : False
-AddPrincipalsDeniedJit
A list of usernames or SIDs to add to the list of users who are not allowed to access this role
Copy Type : Object[]
Parameter Sets : (All)
Aliases :
Required : False
Position : Named
Default value : None
Accept pipeline input : False
Accept wildcard characters : False
-AllowExtension
Specifies if the user is allowed to extend their access request before it expires
Copy Type : Boolean
Parameter Sets : (All)
Aliases :
Required : False
Position : Named
Default value : None
Accept pipeline input : False
Accept wildcard characters : False
-DefaultAccessDuration
The amount of time the user is offered to access this role by default. This value cannot be greater than the value defined in MaximumAccessDuration
Copy Type : TimeSpan
Parameter Sets : (All)
Aliases :
Required : False
Position : Named
Default value : None
Accept pipeline input : False
Accept wildcard characters : False
-Description
A description of the role, as shown to end users
Copy Type : String
Parameter Sets : (All)
Aliases :
Required : False
Position : Named
Default value : None
Accept pipeline input : False
Accept wildcard characters : False
-Enabled
Indicates if the rule should be enabled
Copy Type : Boolean
Parameter Sets : (All)
Aliases :
Required : False
Position : Named
Default value : None
Accept pipeline input : False
Accept wildcard characters : False
-GroupName
The name of the group that users will be added to when granted access to this role
Copy Type : String
Parameter Sets : (All)
Aliases :
Required : False
Position : Named
Default value : None
Accept pipeline input : False
Accept wildcard characters : False
-Id
The ID of the role to edit
Copy Type : String
Parameter Sets : (All)
Aliases :
Required : True
Position : 1
Default value : None
Accept pipeline input : True (ByPropertyName)
Accept wildcard characters : False
-MaximumAccessDuration
The maximum amount of time the user can request access to this role
Copy Type : TimeSpan
Parameter Sets : (All)
Aliases :
Required : False
Position : Named
Default value : None
Accept pipeline input : False
Accept wildcard characters : False
-Name
The name of the role, as shown to end users
Copy Type : String
Parameter Sets : (All)
Aliases :
Required : False
Position : Named
Default value : None
Accept pipeline input : False
Accept wildcard characters : False
-Notes
A custom field to store notes, only visible to AMS administrators
Copy Type : String
Parameter Sets : (All)
Aliases :
Required : False
Position : Named
Default value : None
Accept pipeline input : False
Accept wildcard characters : False
-NotificationChannelsFailure
A list of channel IDs that should be notified when a user is denied access to this role
Copy Type : String[]
Parameter Sets : (All)
Aliases :
Required : False
Position : Named
Default value : None
Accept pipeline input : False
Accept wildcard characters : False
-NotificationChannelsSuccess
A list of channel IDs that should be notified when a user is granted access to this role
Copy Type : String[]
Parameter Sets : (All)
Aliases :
Required : False
Position : Named
Default value : None
Accept pipeline input : False
Accept wildcard characters : False
-RemovePrincipalsAllowedJit
A list of usernames or SIDs to remove from the list of users who are allowed to access this role
Copy Type : Object[]
Parameter Sets : (All)
Aliases :
Required : False
Position : Named
Default value : None
Accept pipeline input : False
Accept wildcard characters : False
-RemovePrincipalsDeniedJit
A list of usernames or SIDs to remove from the list of users who are not allowed to access this role
Copy Type : Object[]
Parameter Sets : (All)
Aliases :
Required : False
Position : Named
Default value : None
Accept pipeline input : False
Accept wildcard characters : False
-RuleExpiryDate
A date and time when this rule will expire, expressed in local time
Copy Type : DateTime
Parameter Sets : (All)
Aliases :
Required : False
Position : Named
Default value : None
Accept pipeline input : False
Accept wildcard characters : False
-UserRequestReasonRequirement
Specifies if the user must provide a reason for the request, if they can optionally provide a reason, or are not prompted at all for a reason
Copy Type : AuditReasonFieldState
Parameter Sets : (All)
Aliases :
Accepted values : Hidden, Optional, Required
Required : False
Position : Named
Default value : None
Accept pipeline input : False
Accept wildcard characters : False
-DomainControllerName
The name of a domain controller to use when performing the JIT operation against
Copy Type : String
Parameter Sets : (All)
Aliases :
Required : False
Position : Named
Default value : None
Accept pipeline input : False
Accept wildcard characters : False
-SiteName
The name of the site to use when trying to find a domain controller to perform the JIT operation against
Copy Type : String
Parameter Sets : (All)
Aliases :
Required : False
Position : Named
Default value : None
Accept pipeline input : False
Accept wildcard characters : False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters .
INPUTS
System.String
OUTPUTS
Lithnet.AccessManager.PowerShell.RoleAuthorizationRulePSObject
NOTES
Use of this cmdlet requires an Enterprise Edition license.
RELATED LINKS
Last updated 5 months ago