-
Notifications
You must be signed in to change notification settings - Fork 6
Remove‐PIMAzureResourceActiveAssignment
Loïc MICHEL edited this page Feb 4, 2024
·
1 revision
Remove an active assignement at the provided scope.
Note to remove the assignment we create a new assignment with a request type AdminRemove, this will invalidate previous assignment.
Active assignment does not require users to activate their role. https://learn.microsoft.com/en-us/entra/id-governance/privileged-identity-management/pim-resource-roles-assign-roles
🔷 Remove an active assignment for the Acrpush role and principalID "3604fe63-cb67-4b60-99c9-707d46ab9092"
Remove-PIMAzureResourceActiveAssignment -tenantID $tenantID -subscriptionID $subscriptionId -rolename "ArcPush" -principalID "3604fe63-cb67-4b60-99c9-707d46ab9092" -Verbose
Parameter | description |
---|---|
$TenantID |
Entra ID TenantID |
$SubscriptionId |
Subscription ID |
$scope |
If you want to manage the role at other scope than subscription |
$rolename |
Name of the role to assign |
$principalID |
Object ID of the principal |
$justification |
optional justification |