Set-PAMRole

Updates a PAM role in the MIM Service.

Syntax

Set-PAMRole
   [-Role] <PAMRole>
   [[-Candidates] <PAMUser[]>]
   [[-Privileges] <PAMGroup[]>]
   [[-Approvers] <PAMUser[]>]
   [[-Session] <PAMSession>]
   [[-TTL] <TimeSpan>]
   [[-AvailableFrom] <DateTime>]
   [[-AvailableTo] <DateTime>]
   [[-MFAEnabled] <Boolean>]
   [[-ApprovalEnabled] <Boolean>]
   [[-AvailabilityWindowEnabled] <Boolean>]
   [[-DisplayName] <String>]
   [[-Description] <String>]
   [<CommonParameters>]

Description

The Set-PAMRole cmdlet updates a Privileged Access Management (PAM) role in the Microsoft Identity Manager (MIM) Service.

Examples

Example 1: Change an attribute of the role

PS C:\> Set-PAMRole -Role (Get-PAMRole -DisplayName "IT") -Description "For IT Use Only"

This command changes an attribute of the PAM role in the MIM Service.

Example 2: Adding a candidate user to a role

PS C:\> $Role = Get-PAMRole -DisplayName "IT" ; $NC = $Role.Candidates + (Get-PAMUser -PrivDisplayName "contoso.jen") ; $Role = Set-PAMRole -Role $Role -Candidates $NC

This command adds a candidate user to a PAM role in the MIM Service.

Required Parameters

-Role

Specifies the role to be updated, returned by Get-PAMRole.

Type:PAMRole
Position:1
Default value:None
Accept pipeline input:True (ByValue)
Accept wildcard characters:False

Optional Parameters

-ApprovalEnabled

Indicates whether the cmdlet requires approval by a role owner when activating requests to this role.

Type:Boolean
Position:6
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Approvers

Specifies an array of role owners that will approve activation requests if ApprovalEnabled is set to true.

Type:PAMUser[]
Position:12
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-AvailabilityWindowEnabled

Indicates whether the role can only be activated during a specified time interval.

Type:Boolean
Position:7
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-AvailableFrom

Indicates the earliest time of day that a request will be activated. Only the time portion of the parameter is used.

Type:DateTime
Position:3
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-AvailableTo

Indicates the latest time of day that a request will be activated. Only the time portion of the parameter is used.

Type:DateTime
Position:4
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Candidates

Specifies the collection of candidate users which are to be associated with the PAM Role.

Type:PAMUser[]
Position:10
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Description

Specifies the description of the PAM role in the MIM Service.

Type:String
Position:9
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-DisplayName

Specifies the value for the DisplayName attribute of the PAM role in the MIM Service.

Type:String
Position:8
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-MFAEnabled

Specifies, if true, that activation requests to this role will require an MFA challenge.

Type:Boolean
Position:5
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Privileges

Specifies the collection of groups which are associated with the PAM role.

Type:PAMGroup[]
Position:11
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Session

Specifies the session with the PAM domain and MIM Service.

Type:PAMSession
Position:13
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-TTL

Specifies the default time to live (TTL) in seconds of group memberships assigned to users through this role.

Type:TimeSpan
Position:2
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

Outputs

Microsoft.IdentityManagement.PamCmdlets.Model.PAMRole