Revoking Permissions from Roles
Revoking Permissions from Roles
Analogical to Granting Permissions to Roles, rights can be revoked from Roles. The cmdlet used here is called Revoke-EmdbPermission and also expects a Role- and a Permission-object as parameters.
Examples:
|
Hint: The execution of these examples requires a connected PowerShell drive. |
In the example below, the previously granted permission 'Use Software' should be revoked from the Role 'Testing Manager':
|
$MyRole = Get-EmdbRole "Testing Manager" $MyPermission = Get-EmdbPermission "Use Software" Revoke-EmdbPermission -Role $MyRole -Permission $MyPermission |
In the second example, the userdefined right 'Reboot' should be revoked from all (user-modifiable) Roles. The following commands can be executed:
|
$MyPermission = Get-EmdbPermission "Custom.Reboot" Get-EmdbRole | Where-Object {$_.IsSystem -eq $false} | Revoke-EmdbPermission -Permission $MyPermission |
|
Note: Note that Role-objects are not part of the context rootDSE and therefore they can be referenced without a full qualified path resp. an absolute path. |