Skip to content

Remove‐PIMAzureResourceActiveAssignment

Loïc MICHEL edited this page Feb 4, 2024 · 1 revision

Description:

Remove an active assignement at the provided scope.
Note to remove the assignment we create a new assignment with a request type AdminRemove, this will invalidate previous assignment.
Active assignment does not require users to activate their role. https://learn.microsoft.com/en-us/entra/id-governance/privileged-identity-management/pim-resource-roles-assign-roles

Samples:

🔷 Remove an active assignment for the Acrpush role and principalID "3604fe63-cb67-4b60-99c9-707d46ab9092"

Remove-PIMAzureResourceActiveAssignment -tenantID $tenantID -subscriptionID $subscriptionId -rolename "ArcPush" -principalID "3604fe63-cb67-4b60-99c9-707d46ab9092" -Verbose

Parameters:

Parameter description
$TenantID Entra ID TenantID
$SubscriptionId Subscription ID
$scope If you want to manage the role at other scope than subscription
$rolename Name of the role to assign
$principalID Object ID of the principal
$justification optional justification

📝 Documentation

Clone this wiki locally