Set-AmsRoleAuthorizationRule

SYNOPSIS

Configures a role authorization rule

SYNTAX

Set-AmsRoleAuthorizationRule [-Id] <String> [-Name <String>] [-AddPrincipalsAllowedJit <Object[]>]
 [-RemovePrincipalsAllowedJit <Object[]>] [-AddPrincipalsDeniedJit <Object[]>]
 [-RemovePrincipalsDeniedJit <Object[]>] [-GroupName <String>] [-MaximumAccessDuration <TimeSpan>]
 [-DefaultAccessDuration <TimeSpan>] [-AllowExtension <Boolean>] [-Description <String>]
 [-RuleExpiryDate <DateTime>] [-Enabled <Boolean>] [-Notes <String>]
 [-UserRequestReasonRequirement <AuditReasonFieldState>] [-NotificationChannelsSuccess <String[]>]
 [-NotificationChannelsFailure <String[]>] [-SiteName <String>] [-DomainControllerName <String>]
 [<CommonParameters>]

DESCRIPTION

This cmdlet allows you to change properties on role authorization rules

EXAMPLES

Example 1

PS C:\> Set-AmsRoleAuthorizationRule -Id 'a984d40c-8b22-4009-83ac-f38b7b341cc4' -Name "My new role name"

Renames a role

Example 2

PS C:\> Set-AmsRoleAuthorizationRule -Id 'a984d40c-8b22-4009-83ac-f38b7b341cc4' -AddPrincipalsAllowedJit "DOMAIN\user1"

Adds `Domain\user1` to the list of users who are allowed to access this role

Example 3

PS C:\> Get-AmsRoleAuthorizationRule -Name "My role" | Set-AmsRoleAuthorizationRule -AddPrincipalsDeniedJit "DOMAIN\user1"

Get a rule by its name, and adds `Domain\user1` to the list of users who are denied to access this role

Example 4

PS C:\> Get-AmsRoleAuthorizationRule -Name "My role" | Set-AmsRoleAuthorizationRule -Enabled:$false

Get a rule by its name, and disables it

PARAMETERS

-AddPrincipalsAllowedJit

A list of usernames or SIDs to add to the list of users who are allowed to access this role

Type: Object[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-AddPrincipalsDeniedJit

A list of usernames or SIDs to add to the list of users who are not allowed to access this role

Type: Object[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-AllowExtension

Specifies if the user is allowed to extend their access request before it expires

Type: Boolean
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-DefaultAccessDuration

The amount of time the user is offered to access this role by default. This value cannot be greater than the value defined in MaximumAccessDuration

Type: TimeSpan
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Description

A description of the role, as shown to end users

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Enabled

Indicates if the rule should be enabled

Type: Boolean
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-GroupName

The name of the group that users will be added to when granted access to this role

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Id

The ID of the role to edit

Type: String
Parameter Sets: (All)
Aliases:

Required: True
Position: 1
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-MaximumAccessDuration

The maximum amount of time the user can request access to this role

Type: TimeSpan
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Name

The name of the role, as shown to end users

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Notes

A custom field to store notes, only visible to AMS administrators

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-NotificationChannelsFailure

A list of channel IDs that should be notified when a user is denied access to this role

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-NotificationChannelsSuccess

A list of channel IDs that should be notified when a user is granted access to this role

Type: String[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-RemovePrincipalsAllowedJit

A list of usernames or SIDs to remove from the list of users who are allowed to access this role

Type: Object[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-RemovePrincipalsDeniedJit

A list of usernames or SIDs to remove from the list of users who are not allowed to access this role

Type: Object[]
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-RuleExpiryDate

A date and time when this rule will expire, expressed in local time

Type: DateTime
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-UserRequestReasonRequirement

Specifies if the user must provide a reason for the request, if they can optionally provide a reason, or are not prompted at all for a reason

Type: AuditReasonFieldState
Parameter Sets: (All)
Aliases:
Accepted values: Hidden, Optional, Required

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-DomainControllerName

The name of a domain controller to use when performing the JIT operation against

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-SiteName

The name of the site to use when trying to find a domain controller to perform the JIT operation against

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

INPUTS

System.String

OUTPUTS

Lithnet.AccessManager.PowerShell.RoleAuthorizationRulePSObject

NOTES

Use of this cmdlet requires an Enterprise Edition license.

Last updated