-
Notifications
You must be signed in to change notification settings - Fork 6
New‐PIMAzureResourceEligibleAssigment
Loïc MICHEL edited this page Jun 26, 2024
·
3 revisions
Create an eligible assignement at the provided scope
Eligible assignment require users to activate their role. https://learn.microsoft.com/en-us/entra/id-governance/privileged-identity-management/pim-resource-roles-assign-roles
🔷 Create an eligible assignment for the Acrpush role, starting at a specific date with a 24h duration.
New-PIMAzureResourceEligibleAssignment -tenantID $tenantID -subscriptionID $subscriptionId -rolename "AcrPush" -principalID 3604fe63-cb67-4b60-99c9-707d46ab9092 -startDateTime "2/2/2024 18:20" -duration "PT24H"🔷 Create a permanent eligible assignement for the role webmaster
New-PIMAzureResourceEligibleAssignment -tenantID $tenantID -subscriptionID $subscriptionId -rolename "webmaster" -principalID 3604fe63-cb67-4b60-99c9-707d46ab9092 -justification 'New permanent admin' -permanent| Parameter | description |
|---|---|
$TenantID |
Entra ID TenantID |
$SubscriptionId |
Subscription ID |
$scope |
If you want to manage the role at other scope than subscription |
$rolename |
Name of the role to assign |
$principalID |
Object ID of the principal |
$duration |
Duration of the assignment, if not set we will use the maximum value from the role settings |
$startDateTime |
When the assignment will begin |
[switch]$permanent |
The assignment will not expire |