Add-AipServiceRoleBasedAdministrator
Grants administrative rights to Azure Information Protection.
Sintassi
ObjectId
Add-AipServiceRoleBasedAdministrator
[-ObjectId <Guid>]
[-Role <Role>]
[<CommonParameters>]
DisplayName
Add-AipServiceRoleBasedAdministrator
[-SecurityGroupDisplayName <String>]
[-Role <Role>]
[<CommonParameters>]
EmailAddress
Add-AipServiceRoleBasedAdministrator
[-EmailAddress <String>]
[-Role <Role>]
[<CommonParameters>]
Descrizione
The Add-AipServiceRoleBasedAdministrator cmdlet grants administrative rights to the protection service from Azure Information Protection, so that administrators you delegate to configure this service can do so by using PowerShell commands.
You must use PowerShell to configure delegated administrative control for the protection service; you cannot do this configuration by using a management portal.
When you run this cmdlet, you can specify a user or a group in Azure AD, and you can run the cmdlet multiple times to add new users and new groups. To see the full list, use Get-AipServiceRoleBasedAdministrator.
If you specify a group, it can be any group in Azure AD and does not need to be mail-enabled. To specify a group that is not mail-enabled, use either the SecurityGroupDisplayName parameter, or the ObjectId parameter. You can also use these parameters or the EmailAddress parameter for a mail-enabled group.
For more information about the user and group requirements, see Preparing users and groups for Azure Information Protection. This information includes how to identify the different group types and how to find the values to specify them when you run this cmdlet.
After delegating control to other administrators, they might find it useful to reference a list of the cmdlets they can run, grouped by administrative task. For this information, see Administering the protection service by using PowerShell.
Note that these administrative roles are separate from the Azure Active Directory admin roles or Office 365 admin roles.
Esempio
Example 1: Grant administrative rights by using a display name
PS C:\>Add-AipServiceRoleBasedAdministrator -SecurityGroupDisplayName "Finance Employees"
This command grants administrative rights to the protection service for the group that has a display name of Finance Employees.
Example 2: Grant administrative rights by using a GUID
PS C:\>Add-AipServiceRoleBasedAdministrator -ObjectId 2c8afe23-bf58-4289-bea1-05131aeb50ab
This command grants administrative rights to the protection service for the group that has the specified GUID.
Parametri
-EmailAddress
Specifies the email address of a user or group to have administrative rights for the protection service. If the user has no email address, specify the user's Universal Principal Name.
Proprietà dei parametri
| Tipo: | String |
| Valore predefinito: | None |
| Supporta i caratteri jolly: | False |
| DontShow: | False |
Set di parametri
EmailAddress
| Posizione: | Named |
| Obbligatorio: | False |
| Valore dalla pipeline: | True |
| Valore dalla pipeline in base al nome della proprietà: | True |
| Valore dagli argomenti rimanenti: | False |
-ObjectId
Specifies the GUID of a user or group to have administrative rights for the protection service.
Proprietà dei parametri
| Tipo: | Guid |
| Valore predefinito: | None |
| Supporta i caratteri jolly: | False |
| DontShow: | False |
Set di parametri
ObjectId
| Posizione: | Named |
| Obbligatorio: | False |
| Valore dalla pipeline: | True |
| Valore dalla pipeline in base al nome della proprietà: | True |
| Valore dagli argomenti rimanenti: | False |
-Role
Specifies a role of either Azure Information Protection service global administrator (the user can configure all aspects of the protection service by using PowerShell commands) or Azure Information Protection service connector administrator (the account is granted least privileges to configure and run the Rights Management (RMS) connector).
To specify these roles, use the following values:
GlobalAdministrator
ConnectorAdministrator
The default value is GlobalAdministrator.
Proprietà dei parametri
| Tipo: | Role |
| Valore predefinito: | None |
| Valori accettati: | GlobalAdministrator, ConnectorAdministrator |
| Supporta i caratteri jolly: | False |
| DontShow: | False |
Set di parametri
(All)
| Posizione: | Named |
| Obbligatorio: | False |
| Valore dalla pipeline: | True |
| Valore dalla pipeline in base al nome della proprietà: | True |
| Valore dagli argomenti rimanenti: | False |
-SecurityGroupDisplayName
Specifies the display name of a user or group to have administrative rights for the protection service.
Proprietà dei parametri
| Tipo: | String |
| Valore predefinito: | None |
| Supporta i caratteri jolly: | False |
| DontShow: | False |
Set di parametri
DisplayName
| Posizione: | Named |
| Obbligatorio: | False |
| Valore dalla pipeline: | True |
| Valore dalla pipeline in base al nome della proprietà: | True |
| Valore dagli argomenti rimanenti: | False |
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.