Update-AzRoleManagementPolicy
Update a role management policy
Syntax
UpdateExpanded (Default)
Update-AzRoleManagementPolicy
-Name <String>
-Scope <String>
[-Description <String>]
[-DisplayName <String>]
[-IsOrganizationDefault]
[-Rule <IRoleManagementPolicyRule[]>]
[-DefaultProfile <PSObject>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
UpdateViaIdentityExpanded
Update-AzRoleManagementPolicy
-InputObject <IAuthorizationIdentity>
[-Description <String>]
[-DisplayName <String>]
[-IsOrganizationDefault]
[-Rule <IRoleManagementPolicyRule[]>]
[-DefaultProfile <PSObject>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
Update a role management policy
Examples
Example 1: Update expiration rule of a policy
$scope = "/subscriptions/38ab2ccc-3747-4567-b36b-9478f5602f0d/"
$expirationRule = [Microsoft.Azure.PowerShell.Cmdlets.Resources.Authorization.Models.Api20201001Preview.RoleManagementPolicyExpirationRule]@{
isExpirationRequired = "false";
maximumDuration = "P180D";
id = "Expiration_Admin_Eligibility";
ruleType = [Microsoft.Azure.PowerShell.Cmdlets.Resources.Authorization.Support.RoleManagementPolicyRuleType]("RoleManagementPolicyExpirationRule");
targetCaller = "Admin";
targetOperation = @('All');
targetLevel = "Eligibility";
targetObject = $null;
targetInheritableSetting = $null;
targetEnforcedSetting = $null;
}
$rules = [IRoleManagementPolicyRule[]]@($expirationRule)
Update-AzRoleManagementPolicy -Scope $scope -Name "33b520ea-3544-4abc-8565-3588deb8e68e" -Rule $rules
Name Type Scope
---- ---- -----
33b520ea-3544-4abc-8565-3588deb8e68e Microsoft.Authorization/roleManagementPolicies /subscriptions/38ab2ccc-3747-4567-b36b-9478f5602f0d
Each individual Rule on a policy can be update independently.
Example 2: Update expiration rule and a notification rule of a policy
$scope = "/subscriptions/38ab2ccc-3747-4567-b36b-9478f5602f0d/"
$expirationRule = [Microsoft.Azure.PowerShell.Cmdlets.Resources.Authorization.Models.Api20201001Preview.RoleManagementPolicyExpirationRule]@{
isExpirationRequired = "false";
maximumDuration = "P180D";
id = "Expiration_Admin_Eligibility";
ruleType = [Microsoft.Azure.PowerShell.Cmdlets.Resources.Authorization.Support.RoleManagementPolicyRuleType]("RoleManagementPolicyExpirationRule");
targetCaller = "Admin";
targetOperation = @('All');
targetLevel = "Eligibility";
targetObject = $null;
targetInheritableSetting = $null;
targetEnforcedSetting = $null;
}
$notificationRule = [Microsoft.Azure.PowerShell.Cmdlets.Resources.Authorization.Models.Api20201001Preview.RoleManagementPolicyNotificationRule]@{
notificationType = "Email";
recipientType = "Approver";
isDefaultRecipientsEnabled = "false";
notificationLevel = "Critical";
notificationRecipient = $null;
id = "Notification_Approver_Admin_Eligibility";
ruleType = [Microsoft.Azure.PowerShell.Cmdlets.Resources.Authorization.Support.RoleManagementPolicyRuleType]("RoleManagementPolicyNotificationRule");
targetCaller = "Admin";
targetOperation = @('All');
targetLevel = "Eligibility";
targetObject = $null;
targetInheritableSetting = $null;
targetEnforcedSetting = $null;
}
$rules = [IRoleManagementPolicyRule[]]@($expirationRule, $notificationRule)
Update-AzRoleManagementPolicy -Scope $scope -Name "33b520ea-3544-4abc-8565-3588deb8e68e" -Rule $rules
Name Type Scope
---- ---- -----
33b520ea-3544-4abc-8565-3588deb8e68e Microsoft.Authorization/roleManagementPolicies /subscriptions/38ab2ccc-3747-4567-b36b-9478f5602f0d
Multiple Rule can be updated together.
Parameters
-Confirm
Prompts you for confirmation before running the cmdlet.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False Aliases: cf
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-DefaultProfile
The DefaultProfile parameter is not functional.
Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription.
Parameter properties
Type: PSObject
Default value: None Supports wildcards: False DontShow: False Aliases: AzureRMContext, AzureCredential
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Description
The role management policy description.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-DisplayName
The role management policy display name.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
Identity Parameter
To construct, see NOTES section for INPUTOBJECT properties and create a hash table.
UpdateViaIdentityExpanded
Position: Named Mandatory: True Value from pipeline: True Value from pipeline by property name: False Value from remaining arguments: False
-IsOrganizationDefault
The role management policy is default policy.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Name
The name (guid) of the role management policy to upsert.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False Aliases: RoleManagementPolicyName
Parameter sets
UpdateExpanded
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Rule
The rule applied to the policy.
To construct, see NOTES section for RULE properties and create a hash table.
Parameter properties
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Scope
The scope of the role management policy to upsert.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
UpdateExpanded
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-WhatIf
Shows what would happen if the cmdlet runs.
The cmdlet is not run.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False Aliases: wi
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable,
-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable,
-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see
about_CommonParameters .
Outputs
