Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from https://learn.microsoft.com/en-us/powershell/module/az.resources/remove-azroleassignment below:

Remove-AzRoleAssignment (Az.Resources) | Microsoft Learn

Removes a role assignment to the specified principal who is assigned to a particular role at a particular scope.

The cmdlet may call below Microsoft Graph API according to input parameters:

• GET /users/{id}
• GET /servicePrincipals/{id}
• GET /groups/{id}
• GET /directoryObjects/{id}
• POST /directoryObjects/getByIds

Please notice that this cmdlet will mark ObjectType as Unknown in output if the object of role assignment is not found or current account has insufficient privileges to get object type.

Remove-AzRoleAssignment
    -ObjectId <String>
    -RoleDefinitionName <String>
    [-Scope <String>]
    [-PassThru]
    [-SkipClientSideScopeValidation]
    [-DefaultProfile <IAzureContextContainer>]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

Remove-AzRoleAssignment
    -ObjectId <String>
    -ResourceGroupName <String>
    -ResourceName <String>
    -ResourceType <String>
    -RoleDefinitionName <String>
    [-ParentResource <String>]
    [-PassThru]
    [-SkipClientSideScopeValidation]
    [-DefaultProfile <IAzureContextContainer>]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

Remove-AzRoleAssignment
    -ObjectId <String>
    -ResourceGroupName <String>
    -RoleDefinitionName <String>
    [-PassThru]
    [-SkipClientSideScopeValidation]
    [-DefaultProfile <IAzureContextContainer>]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

Remove-AzRoleAssignment
    -ObjectId <String>
    -RoleDefinitionName <String>
    [-Scope <String>]
    [-PassThru]
    [-SkipClientSideScopeValidation]
    [-DefaultProfile <IAzureContextContainer>]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

Remove-AzRoleAssignment
    -ObjectId <String>
    -RoleDefinitionId <Guid>
    [-Scope <String>]
    [-PassThru]
    [-SkipClientSideScopeValidation]
    [-DefaultProfile <IAzureContextContainer>]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

Remove-AzRoleAssignment
    -SignInName <String>
    -ResourceGroupName <String>
    -ResourceName <String>
    -ResourceType <String>
    -RoleDefinitionName <String>
    [-ParentResource <String>]
    [-PassThru]
    [-SkipClientSideScopeValidation]
    [-DefaultProfile <IAzureContextContainer>]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

Remove-AzRoleAssignment
    -SignInName <String>
    -ResourceGroupName <String>
    -RoleDefinitionName <String>
    [-PassThru]
    [-SkipClientSideScopeValidation]
    [-DefaultProfile <IAzureContextContainer>]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

Remove-AzRoleAssignment
    -SignInName <String>
    -RoleDefinitionName <String>
    [-Scope <String>]
    [-PassThru]
    [-SkipClientSideScopeValidation]
    [-DefaultProfile <IAzureContextContainer>]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

Remove-AzRoleAssignment
    -ServicePrincipalName <String>
    -ResourceGroupName <String>
    -ResourceName <String>
    -ResourceType <String>
    -RoleDefinitionName <String>
    [-ParentResource <String>]
    [-PassThru]
    [-SkipClientSideScopeValidation]
    [-DefaultProfile <IAzureContextContainer>]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

Remove-AzRoleAssignment
    -ServicePrincipalName <String>
    -ResourceGroupName <String>
    -RoleDefinitionName <String>
    [-PassThru]
    [-SkipClientSideScopeValidation]
    [-DefaultProfile <IAzureContextContainer>]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

Remove-AzRoleAssignment
    -ServicePrincipalName <String>
    -RoleDefinitionName <String>
    [-Scope <String>]
    [-PassThru]
    [-SkipClientSideScopeValidation]
    [-DefaultProfile <IAzureContextContainer>]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

Remove-AzRoleAssignment
    [-InputObject] <PSRoleAssignment>
    [-PassThru]
    [-SkipClientSideScopeValidation]
    [-DefaultProfile <IAzureContextContainer>]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

Use the Remove-AzRoleAssignment commandlet to revoke access to any principal at given scope and given role. The object of the assignment i.e. the principal MUST be specified. The principal can be a user (use SignInName or ObjectId parameters to identify a user), security group (use ObjectId parameter to identify a group) or service principal (use ServicePrincipalName or ObjectId parameters to identify a ServicePrincipal. The role that the principal is assigned to MUST be specified using the RoleDefinitionName parameter. The scope of the assignment MAY be specified and if not specified, defaults to the subscription scope i.e. it will try to delete an assignment to the specified principal and role at the subscription scope. The scope of the assignment can be specified using one of the following parameters. a. Scope - This is the fully qualified scope starting with /subscriptions/<subscriptionId> b. ResourceGroupName - Name of any resource group under the subscription. c. ResourceName, ResourceType, ResourceGroupName and (optionally) ParentResource - Identifies a particular resource under the subscription.

Remove-AzRoleAssignment -ResourceGroupName rg1 -SignInName john.doe@contoso.com -RoleDefinitionName Reader

Removes a role assignment for john.doe@contoso.com who is assigned to the Reader role at the rg1 resourcegroup scope.

Remove-AzRoleAssignment -ObjectId 00001111-aaaa-2222-bbbb-3333cccc4444 -RoleDefinitionName Reader

Removes the role assignment to the group principal identified by the ObjectId and assigned to the Reader role. Defaults to using the current subscription as the scope to find the assignment to be deleted.

$roleassignment = Get-AzRoleAssignment |Select-Object -First 1 -Wait
Remove-AzRoleAssignment -InputObject $roleassignment

Removes the first role assignment object which is fetched from the Get-AzRoleAssignment commandlet.

Prompts you for confirmation before running the cmdlet.

The credentials, account, tenant, and subscription used for communication with azure

Role Assignment object.

Microsoft Entra ObjectId of the user, group or service principal.

The parent resource in the hierarchy(of the resource specified using ResourceName parameter), if any. Must be used in conjunction with ResourceGroupName, ResourceType and ResourceName parameters to construct a hierarchical scope in the form of a relative URI that identifies the resource.

If specified, displays the deleted role assignment

The resource group name that the role is assigned to. Attempts to delete an assignment at the specified resource group scope. When used in conjunction with ResourceName, ResourceType and (optionally)ParentResource parameters, the command constructs a hierarchical scope in the form of a relative URI that identifies a resource.

The resource name. For e.g. storageaccountprod. Must be used in conjunction with ResourceGroupName, ResourceType and (optionally)ParentResource parameters, to construct a hierarchical scope in the form of a relative URI that identifies the resource and delete an assignment at that scope.

The resource type. For e.g. Microsoft.Network/virtualNetworks. Must be used in conjunction with ResourceGroupName, ResourceName and (optionally)ParentResource parameters to construct a hierarchical scope in the form of a relative URI that identifies the resource and delete an assignment at that resource scope.

Id of the RBAC role for which the assignment needs to be deleted.

Name of the RBAC role for which the assignment needs to be deleted i.e. Reader, Contributor, Virtual Network Administrator, etc.

The Scope of the role assignment to be deleted. In the format of relative URI. For e.g. "/subscriptions/9004a9fd-d58e-48dc-aeb2-4a4aec58606f/resourceGroups/TestRG". If not specified, will attempt to delete the role at subscription level. If specified, it should start with "/subscriptions/{id}".

The ServicePrincipalName of the Microsoft Entra application

The email address or the user principal name of the user.

If specified, skip client side scope validation.

Use the Remove-AzRoleAssignment commandlet to revoke access to any principal at given scope and given role. The object of the assignment i.e. the principal MUST be specified. The principal can be a user (use SignInName or ObjectId parameters to identify a user), security group (use ObjectId parameter to identify a group) or service principal (use ServicePrincipalName or ObjectId parameters to identify a ServicePrincipal. The role that the principal is assigned to MUST be specified using the RoleDefinitionName parameter. The scope of the assignment MAY be specified and if not specified, defaults to the subscription scope i.e. it will try to delete an assignment to the specified principal and role at the subscription scope. The scope of the assignment can be specified using one of the following parameters. a. Scope - This is the fully qualified scope starting with /subscriptions/<subscriptionId> b. ResourceGroupName - Name of any resource group under the subscription. c. ResourceName, ResourceType, ResourceGroupName and (optionally) ParentResource - Identifies a particular resource under the subscription.

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

Keywords: azure, azurerm, arm, resource, management, manager, resource, group, template, deployment

• New-AzRoleAssignment
• Get-AzRoleAssignment
• Get-AzRoleDefinition

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4