New-AzRoleEligibilityScheduleRequest

Creates a role eligibility schedule request.

Syntax

New-AzRoleEligibilityScheduleRequest
   -Name <String>
   -Scope <String>
   [-Condition <String>]
   [-ConditionVersion <String>]
   [-ExpirationDuration <String>]
   [-ExpirationEndDateTime <DateTime>]
   [-ExpirationType <Type>]
   [-Justification <String>]
   [-PrincipalId <String>]
   [-RequestType <RequestType>]
   [-RoleDefinitionId <String>]
   [-ScheduleInfoStartDateTime <DateTime>]
   [-TargetRoleEligibilityScheduleId <String>]
   [-TargetRoleEligibilityScheduleInstanceId <String>]
   [-TicketNumber <String>]
   [-TicketSystem <String>]
   [-DefaultProfile <PSObject>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

Creates a role eligibility schedule request.

Examples

Example 1: Create a new role eligibile schedule request as Admin

$guid = "12f8978c-5d8d-4fbf-b4b6-2f43eeb43eca"
$startTime = Get-Date -Format o 
$scope = "/subscriptions/aaaaaaaa-bbbb-cccc-1111-222222222222/"
New-AzRoleEligibilityScheduleRequest -Name $guid -Scope $scope -ExpirationDuration PT1H -ExpirationType AfterDuration -PrincipalId aaaaaaaa-bbbb-cccc-1111-222222222222 -RequestType AdminAssign -RoleDefinitionId subscriptions/aaaaaaaa-bbbb-cccc-1111-222222222222/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7 -ScheduleInfoStartDateTime $startTime

Name                                 Type                                                    Scope                                               RoleDefinitionId
----                                 ----                                                    -----                                               ----------------                                                                 
12f8978c-5d8d-4fbf-b4b6-2f43eeb43eca Microsoft.Authorization/roleEligibilityScheduleRequests /subscriptions/aaaaaaaa-bbbb-cccc-1111-222222222222 /subscriptions/aaaaaaaa-bbbb-cccc-1111-222222222222/providers/Microsoft.Authoriā€¦

Creates a request to provision an eligible assignment of roleDefinition on the scope for the specified principal

Example 2: Remove a role eligibile schedule request as Admin

$guid = "13f8978c-5d8d-4fbf-b4b6-2f43eeb43eca"
$startTime = Get-Date -Format o 
$scope = "/subscriptions/aaaaaaaa-bbbb-cccc-1111-222222222222/"
New-AzRoleEligibilityScheduleRequest -Name $guid -Scope $scope -ExpirationDuration PT1H -ExpirationType AfterDuration -PrincipalId aaaaaaaa-bbbb-cccc-1111-222222222222 -RequestType AdminRemove -RoleDefinitionId subscriptions/aaaaaaaa-bbbb-cccc-1111-222222222222/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7 -ScheduleInfoStartDateTime $startTime

Name                                 Type                                                    Scope                                               RoleDefinitionId
----                                 ----                                                    -----                                               ----------------                                                                 
13f8978c-5d8d-4fbf-b4b6-2f43eeb43eca Microsoft.Authorization/roleEligibilityScheduleRequests /subscriptions/aaaaaaaa-bbbb-cccc-1111-222222222222 /subscriptions/aaaaaaaa-bbbb-cccc-1111-222222222222/providers/Microsoft.Authoriā€¦

Creates a request to remove an eligible assignment of roleDefinition on the scope for the specified principal

Parameters

-Condition

The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ConditionVersion

Version of the condition. Currently accepted value is '2.0'

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DefaultProfile

The DefaultProfile parameter is not functional. Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription.

Type:PSObject
Aliases:AzureRMContext, AzureCredential
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ExpirationDuration

Duration of the role eligibility schedule in TimeSpan.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ExpirationEndDateTime

End DateTime of the role eligibility schedule.

Type:DateTime
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ExpirationType

Type of the role eligibility schedule expiration

Type:Type
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Justification

Justification for the role eligibility

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Name

The name of the role eligibility to create. It can be any valid GUID.

Type:String
Aliases:RoleEligibilityScheduleRequestName
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-PrincipalId

The principal ID.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-RequestType

The type of the role assignment schedule request. Eg: SelfActivate, AdminAssign etc

Type:RequestType
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-RoleDefinitionId

The role definition ID.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ScheduleInfoStartDateTime

Start DateTime of the role eligibility schedule.

Type:DateTime
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Scope

The scope of the role eligibility schedule request to create. The scope can be any REST resource instance. For example, use '/providers/Microsoft.Subscription/subscriptions/{subscription-id}/' for a subscription, '/providers/Microsoft.Subscription/subscriptions/{subscription-id}/resourceGroups/{resource-group-name}' for a resource group, and '/providers/Microsoft.Subscription/subscriptions/{subscription-id}/resourceGroups/{resource-group-name}/providers/{resource-provider}/{resource-type}/{resource-name}' for a resource.

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-TargetRoleEligibilityScheduleId

The resultant role eligibility schedule id or the role eligibility schedule id being updated

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-TargetRoleEligibilityScheduleInstanceId

The role eligibility schedule instance id being updated

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-TicketNumber

Ticket number for the role eligibility

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-TicketSystem

Ticket system name for the role eligibility

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Outputs

IRoleEligibilityScheduleRequest