你当前正在访问 Microsoft Azure Global Edition 技术文档网站。 如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站,请访问 https://docs.azure.cn。
New-AzManagedServicesEligibleAuthorizationObject
为 EligibleAuthorization 创建内存中对象
语法
New-AzManagedServicesEligibleAuthorizationObject
-PrincipalId <String>
-RoleDefinitionId <String>
[-JustInTimeAccessPolicyManagedByTenantApprover <IEligibleApprover[]>]
[-JustInTimeAccessPolicyMaximumActivationDuration <TimeSpan>]
[-JustInTimeAccessPolicyMultiFactorAuthProvider <MultiFactorAuthProvider>]
[-PrincipalIdDisplayName <String>]
[<CommonParameters>] 说明
为 EligibleAuthorization 创建内存中对象
示例
示例 1:创建新的 Azure Lighthouse 符合条件的授权对象以用于注册定义
New-AzManagedServicesEligibleAuthorizationObject -PrincipalId "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -PrincipalIdDisplayName "Test user" -RoleDefinitionId "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
PrincipalId PrincipalIdDisplayName RoleDefinitionId
----------- ---------------------- ----------------
xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx Test user xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx创建新的 Azure Lighthouse 符合条件的授权对象以用于注册定义。
示例 2:使用 JustInTime 设置创建新的 Azure Lighthouse 合格授权
$approver = New-AzManagedServicesEligibleApproverObject -PrincipalId "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -PrincipalIdDisplayName "Approver group"
$eligibleAuth = New-AzManagedServicesEligibleAuthorizationObject -PrincipalId "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -PrincipalIdDisplayName "Test user" -RoleDefinitionId "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -JustInTimeAccessPolicyManagedByTenantApprover $approver -JustInTimeAccessPolicyMultiFactorAuthProvider Azure -JustInTimeAccessPolicyMaximumActivationDuration 0:30
$eligibleAuth | Format-List -Property PrinciPalId, PrincipalIdDisplayName, RoleDefinitionId, JustInTimeAccessPolicyManagedByTenantApprover, JustInTimeAccessPolicyMultiFactorAuthProvider, JustInTimeAccessPolicyMaximumActivationDuration
PrincipalId : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
PrincipalIdDisplayName : Test user
RoleDefinitionId : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
JustInTimeAccessPolicyManagedByTenantApprover : {Approver group}
JustInTimeAccessPolicyMultiFactorAuthProvider : Azure
JustInTimeAccessPolicyMaximumActivationDuration : 00:30:00使用 JustInTime (JIT) 设置创建新的 Azure Lighthouse 符合条件的授权对象。
参数
-JustInTimeAccessPolicyManagedByTenantApprover
符合条件的授权的 managedByTenant 审批者列表。 若要构造,请参阅 JUSTINTIMEACCESSPOLICYMANAGEDBYTENANTAPPROVER 属性的 NOTES 部分,并创建哈希表。
| Type: | IEligibleApprover[] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-JustInTimeAccessPolicyMaximumActivationDuration
实时访问请求的最大访问持续时间(采用 ISO 8601 格式)。
| Type: | TimeSpan |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-JustInTimeAccessPolicyMultiFactorAuthProvider
用于实时访问请求的多重授权提供程序。
| Type: | MultiFactorAuthProvider |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-PrincipalId
Azure Active Directory 主体的标识符。
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-PrincipalIdDisplayName
Azure Active Directory 主体的显示名称。
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-RoleDefinitionId
Azure 内置角色的标识符,用于定义 Azure Active Directory 主体在投影范围上拥有的权限。
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
输出
反馈
即将发布:在整个 2024 年,我们将逐步淘汰作为内容反馈机制的“GitHub 问题”,并将其取代为新的反馈系统。 有关详细信息,请参阅:https://aka.ms/ContentUserFeedback。
提交和查看相关反馈