[英]How to get the list of access policies of an Azure keyvault related to individual users?
I'm working on a script to remove all the permissions for indivudual users on a keyvault and replacing them with an access policy for a security group instead.我正在编写一个脚本,以删除单个用户对密钥库的所有权限,并将其替换为安全组的访问策略。 With Get-AzKeyVault you can get all the access policies for a key vault, but I don't see a property on the access policy that allows me to differentiate between individual user accounts, applications, and security groups, like the Azure Portal does.使用 Get-AzKeyVault,您可以获得密钥保管库的所有访问策略,但我没有在访问策略上看到允许我区分各个用户帐户、应用程序和安全组的属性,就像 Azure 门户所做的那样。
If you have enough slow browser then you may notice that Azure Portal first load plain list and then group it by type.如果您的浏览器足够慢,那么您可能会注意到 Azure 门户首先加载普通列表,然后按类型对其进行分组。 This is exactly because of same reason as you have: the Graph API can return only the object id and nothing else.这正是因为与您相同的原因:图表 API 只能返回 object id 而没有其他任何内容。 You should get the object to actually find out the type:你应该得到 object 来实际找出类型:
$kv = Get-AzKeyVault -VaultName you-vault-name
# take all object ids for policies
$ids = $kv.AccessPolicies | select -ExpandProperty ObjectId
$objects = Get-AzureADObjectByObjectId -ObjectIds $ids
$objects | % {
$obj = $_
$kv.AccessPolicies | ? {$_.ObjectId -eq $obj.ObjectId} | Add-Member -MemberType NoteProperty -Name "Type" -Value $obj.GetType().Name -Force
}
$kv.AccessPolicies | ft
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.