Condividi tramite


Revoke-SCResource

Revoke-SCResource

Revokes access to a resource from a user or user role.

Syntax

Parameter Set: Default
Revoke-SCResource -Resource <ClientObject> [-JobGroup <Guid]> ] [-JobVariable <String> ] [-OnBehalfOfUser <System.String> ] [-OnBehalfOfUserRole <Microsoft.SystemCenter.VirtualMachineManager.UserRole> ] [-PROTipID <Guid]> ] [-RunAsynchronously] [-UserName <String> ] [-UserRoleID <Guid[]> ] [-UserRoleName <String[]> ] [-VMMServer <ServerConnection> ] [ <CommonParameters>]

Detailed Description

The Revoke-SCResource cmdlet revokes access to a resource from a user or user role.

Parameters

-JobGroup<Guid]>

Specifies an identifier for a series of commands that will run as a set just before the final command that includes the same job group identifier runs.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-JobVariable<String>

Specifies that job progress is tracked and stored in the variable named by this parameter.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-OnBehalfOfUser<System.String>

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-OnBehalfOfUserRole<Microsoft.SystemCenter.VirtualMachineManager.UserRole>

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-PROTipID<Guid]>

Specifies the ID of the PRO tip that triggered this action. This allows for auditing of PRO tips.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-Resource<ClientObject>

Specifies a resource object.

Aliases

none

Required?

true

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByValue)

Accept Wildcard Characters?

false

-RunAsynchronously

Indicates that the job runs asynchronously so that control returns to the command shell immediately.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-UserName<String>

Specifies a the name of a user. Enter a user name with the format Domain\User.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-UserRoleID<Guid[]>

Specifies the ID of a user role.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-UserRoleName<String[]>

Specifies the name of a user role. Types of user roles that are named include Delegated Administrator, Read-Only Administrator and Self-Service User.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-VMMServer<ServerConnection>

Specifies a VMM server object.

Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

<CommonParameters>

This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer, and -OutVariable. For more information, see    about_CommonParameters (https://go.microsoft.com/fwlink/p/?LinkID=113216).

Inputs

The input type is the type of the objects that you can pipe to the cmdlet.

Outputs

The output type is the type of the objects that the cmdlet emits.

  • Resource

Examples

Example 1: Revoke access to a resource from a specific user

The first command gets the template object named Template01, and then stores the object in the $Resource variable.

The second command revokes access to the resource stored in $Resource from the user named Katarina. If the user is a member of multiple user roles, access will be revoked from the user in all its user roles.

PS C:\> $Resource = Get-SCVMTemplate | where {$_.Name -eq "Template01"}
PS C:\> Revoke-SCResource -Resource $Resource -Username "Contoso\Katarina"

Example 2: Revoke access to a resource from a user who is a member of multiple user roles

The first command gets the template object named Template01, and then stores the object in the $Resource variable.

The second command revokes access to the resource stored in $Resource from the user named Katarina, but only if the user is using the ContosoSelfServiceUsers or SelfServiceUserRole02 user roles. If Katarina uses a different user role that has access to the resource then she will still be able to access the resource.

PS C:\> $Resource = Get-SCVMTemplate | where {$_.Name -eq "Template01"}
PS C:\> Revoke-SCResource -Resource $Resource -Username "Contoso\Katarina" -UserRoleName @("ContosoSelfServiceUsers", "SelfServiceUserRole02")

Example 3: Revoke access to a resource from all members of a user role

The first command gets the template object named Template01, and then stores the object in the $Resource variable.

The second command revokes access to the resource stored in $Resource from all members of the ContosoSelfServiceUsers user role.

PS C:\> $Resource = Get-SCVMTemplate | where {$_.Name -eq "Template01"}
PS C:\> Revoke-SCResource -Resource $Resource -UserRoleName "ContosoSelfServiceUsers"

Grant-SCResource

Get-SCVMTemplate