你当前正在访问 Microsoft Azure Global Edition 技术文档网站。 如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站,请访问 https://docs.azure.cn。
Remove-AzKeyVaultRoleAssignment
Removes a role assignment to the specified principal who is assigned to a particular role at a particular scope.
Syntax
Remove-AzKeyVaultRoleAssignment
[-HsmName] <String>
[-Scope <String>]
-RoleDefinitionName <String>
-SignInName <String>
[-PassThru]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Remove-AzKeyVaultRoleAssignment
[-HsmName] <String>
[-Scope <String>]
-RoleDefinitionName <String>
-ApplicationId <String>
[-PassThru]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Remove-AzKeyVaultRoleAssignment
[-HsmName] <String>
[-Scope <String>]
-RoleDefinitionName <String>
-ObjectId <String>
[-PassThru]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Remove-AzKeyVaultRoleAssignment
[-HsmName] <String>
[-Scope <String>]
-RoleDefinitionId <String>
-ApplicationId <String>
[-PassThru]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Remove-AzKeyVaultRoleAssignment
[-HsmName] <String>
[-Scope <String>]
-RoleDefinitionId <String>
-ObjectId <String>
[-PassThru]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Remove-AzKeyVaultRoleAssignment
[-HsmName] <String>
[-Scope <String>]
-RoleDefinitionId <String>
-SignInName <String>
[-PassThru]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Remove-AzKeyVaultRoleAssignment
[-HsmName] <String>
[-Scope <String>]
[-PassThru]
-RoleAssignmentName <String>
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Remove-AzKeyVaultRoleAssignment
[-Scope <String>]
[-PassThru]
-InputObject <PSKeyVaultRoleAssignment>
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
Use the Remove-AzKeyVaultRoleAssignment
cmdlet to revoke access to any principal at given scope and given role. The object of the assignment i.e. the principal MUST be specified. The principal can be a user (use SignInName or ObjectId parameters to identify a user), security group (use ObjectId parameter to identify a group) or service principal (use ApplicationId or ObjectId parameters to identify a ServicePrincipal. The role that the principal is assigned to MUST be specified using the RoleDefinitionName or RoleDefinitionId parameter.
The cmdlet may call below Microsoft Graph API according to input parameters:
- GET /users/{id}
- GET /servicePrincipals
Examples
Example 1
Remove-AzKeyVaultRoleAssignment -HsmName myHsm -RoleDefinitionName "Managed HSM Policy Administrator" -SignInName user1@microsoft.com -Scope "/keys"
This example revokes "Managed HSM Policy Administrator" role of "user1@microsoft.com" at "/keys" scope.
Example 2
Get-AzKeyVaultRoleAssignment -HsmName myHsm -SignInName user1@microsoft.com | Remove-AzKeyVaultRoleAssignment
This example revokes all roles of "user1@microsoft.com" at all scopes.
Parameters
-ApplicationId
The app SPN.
Type: | String |
Aliases: | SPN, ServicePrincipalName |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Confirm
Prompts you for confirmation before running the cmdlet.
Type: | SwitchParameter |
Aliases: | cf |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with Azure.
Type: | IAzureContextContainer |
Aliases: | AzContext, AzureRmContext, AzureCredential |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-HsmName
Name of the HSM.
Type: | String |
Position: | 1 |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-InputObject
Role assignment object.
Type: | PSKeyVaultRoleAssignment |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-ObjectId
The user or group object id.
Type: | String |
Aliases: | Id, PrincipalId |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-PassThru
Return true when the HSM is restored.
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-RoleAssignmentName
Name of the role assignment.
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-RoleDefinitionId
Role Id the principal is assigned to.
Type: | String |
Aliases: | RoleId |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-RoleDefinitionName
Name of the RBAC role to assign the principal with.
Type: | String |
Aliases: | RoleName |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Scope
Scope at which the role assignment or definition applies to, e.g., '/' or '/keys' or '/keys/{keyName}'. '/' is used when omitted.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-SignInName
The user SignInName.
Type: | String |
Aliases: | Email, UserPrincipalName |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Type: | SwitchParameter |
Aliases: | wi |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |