< Back
Remove-AzureRmKeyVaultAccessPolicy
Post
NAME Remove-AzureRmKeyVaultAccessPolicy
SYNOPSIS
Removes all permissions for a user or application from a key vault.
SYNTAX
Remove-AzureRmKeyVaultAccessPolicy [-VaultName] <String> [[-ResourceGroupName] <String>] [-ApplicationId <Guid>] [-DefaultProfile
<IAzureContextContainer>] -ObjectId <String> [-PassThru] [-Confirm] [-WhatIf] [<CommonParameters>]
Remove-AzureRmKeyVaultAccessPolicy [-InputObject] <PSKeyVault> [-ApplicationId <Guid>] [-DefaultProfile <IAzureContextContainer>] -ObjectId
<String> [-PassThru] [-Confirm] [-WhatIf] [<CommonParameters>]
Remove-AzureRmKeyVaultAccessPolicy [-VaultName] <String> [[-ResourceGroupName] <String>] [-DefaultProfile <IAzureContextContainer>] -EmailAddress
<String> [-PassThru] [-Confirm] [-WhatIf] [<CommonParameters>]
Remove-AzureRmKeyVaultAccessPolicy [-InputObject] <PSKeyVault> [-DefaultProfile <IAzureContextContainer>] -EmailAddress <String> [-PassThru]
[-Confirm] [-WhatIf] [<CommonParameters>]
Remove-AzureRmKeyVaultAccessPolicy [-VaultName] <String> [[-ResourceGroupName] <String>] [-DefaultProfile <IAzureContextContainer>]
[-EnabledForDeployment] [-EnabledForDiskEncryption] [-EnabledForTemplateDeployment] [-PassThru] [-Confirm] [-WhatIf] [<CommonParameters>]
Remove-AzureRmKeyVaultAccessPolicy [-InputObject] <PSKeyVault> [-DefaultProfile <IAzureContextContainer>] [-EnabledForDeployment]
[-EnabledForDiskEncryption] [-EnabledForTemplateDeployment] [-PassThru] [-Confirm] [-WhatIf] [<CommonParameters>]
Remove-AzureRmKeyVaultAccessPolicy [-InputObject] <PSKeyVault> [-DefaultProfile <IAzureContextContainer>] [-PassThru] -ServicePrincipalName
<String> [-Confirm] [-WhatIf] [<CommonParameters>]
Remove-AzureRmKeyVaultAccessPolicy [-InputObject] <PSKeyVault> [-DefaultProfile <IAzureContextContainer>] [-PassThru] -UserPrincipalName <String>
[-Confirm] [-WhatIf] [<CommonParameters>]
Remove-AzureRmKeyVaultAccessPolicy [-VaultName] <String> [[-ResourceGroupName] <String>] [-DefaultProfile <IAzureContextContainer>] [-PassThru]
-UserPrincipalName <String> [-Confirm] [-WhatIf] [<CommonParameters>]
Remove-AzureRmKeyVaultAccessPolicy [-VaultName] <String> [[-ResourceGroupName] <String>] [-DefaultProfile <IAzureContextContainer>] [-PassThru]
-ServicePrincipalName <String> [-Confirm] [-WhatIf] [<CommonParameters>]
DESCRIPTION
The Remove-AzureRmKeyVaultAccessPolicy cmdlet removes all permissions for a user or application or for all users and applications from a key
vault. Even if you remove all permissions, the owner of the Azure subscription that contains the key vault can add permissions to the key vault.
Note that although specifying the resource group is optional for this cmdlet, you should do so for better performance.
PARAMETERS
-ApplicationId <Guid>
Specifies the ID of application whose permissions should be removed
Required? false
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-DefaultProfile <IAzureContextContainer>
The credentials, account, tenant, and subscription used for communication with azure
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-EmailAddress <String>
Specifies the user email address of the user whose access you want to remove.
Required? true
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-EnabledForDeployment [<SwitchParameter>]
If specified, disables the retrieval of secrets from this key vault by the Microsoft.Compute resource provider when referenced in resource
creation.
Required? false
Position? named
Default value False
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-EnabledForDiskEncryption [<SwitchParameter>]
If specified, disables the retrieval of secrets from this key vault by Azure Disk Encryption.
Required? false
Position? named
Default value False
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-EnabledForTemplateDeployment [<SwitchParameter>]
If specified, disables the retrieval of secrets from this key vault by Azure Resource Manager when referenced in templates.
Required? false
Position? named
Default value False
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-InputObject <PSKeyVault>
Key Vault object.
Required? true
Position? 0
Default value None
Accept pipeline input? True (ByValue)
Accept wildcard characters? false
-ObjectId <String>
Specifies the object ID of the user or service principal in Azure Active Directory for which to remove permissions.
Required? true
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-PassThru [<SwitchParameter>]
Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.
Required? false
Position? named
Default value False
Accept pipeline input? False
Accept wildcard characters? false
-ResourceGroupName <String>
Specifies the name of the resource group associated with the key vault whose access policy is being modified. If not specified, this cmdlet
searches for the key vault in the current subscription.
Required? false
Position? 1
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-ServicePrincipalName <String>
Specifies the service principal name of the application whose permissions you want to remove. Specify the application ID, also known as client
ID, registered for the application in Azure Active Directory.
Required? true
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-UserPrincipalName <String>
Specifies the user principal name of the user whose access you want to remove.
Required? true
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-VaultName <String>
Specifies the name of the key vault. This cmdlet removes permissions for the key vault that this parameter specifies.
Required? true
Position? 0
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-Confirm [<SwitchParameter>]
Prompts you for confirmation before running the cmdlet.
Required? false
Position? named
Default value False
Accept pipeline input? False
Accept wildcard characters? false
-WhatIf [<SwitchParameter>]
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Required? false
Position? named
Default value False
Accept pipeline input? False
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
None
This cmdlet does not accept any input.
OUTPUTS
Microsoft.Azure.Commands.KeyVault.Models.PSKeyVault
NOTES
Example 1: Remove permissions for a user
PS C:\\>Remove-AzureRmKeyVaultAccessPolicy -VaultName 'Contoso03Vault' -UserPrincipalName 'PattiFuller@contoso.com'
This command removes all the permissions that a user PattiFuller@contoso.com has on the key vault named Contoso03Vault.
Example 2: Remove permissions for an application
PS C:\\>Remove-AzureRmKeyVaultAccessPolicy -VaultName 'Contoso03Vault' -ServicePrincipalName 'http://payroll.contoso.com'
This command removes all the permissions that an application has on the key vault named Contoso03Vault. This example identifies the application by
using the service principal name registered in Azure Active Directory, http://payroll.contoso.com.
Example 3: Remove permissions for an application by using its object ID
PS C:\\>Remove-AzureRmKeyVaultAccessPolicy -VaultName 'Contoso03Vault' -ObjectID 34595082-9346-41b6-8d6b-295a2808b8db
This command removes all the permissions that an application has on the key vault named Contoso03Vault. This example identifies the application by
the object ID of the service principal.
Example 4: Remove permissions for the Microsoft.Compute resource provider
PS C:\\>Remove-AzureRmKeyVaultAccessPolicy -VaultName 'Contoso03Vault' -ResourceGroupName 'Group14' -EnabledForDeployment
This command removes permission for the Microsoft.Compute resource provider to get secrets from the Contoso03Vault.
RELATED LINKS
Online Version: https://docs.microsoft.com/en-us/powers ... cesspolicy
Set-AzureRmKeyVaultAccessPolicy
SYNOPSIS
Removes all permissions for a user or application from a key vault.
SYNTAX
Remove-AzureRmKeyVaultAccessPolicy [-VaultName] <String> [[-ResourceGroupName] <String>] [-ApplicationId <Guid>] [-DefaultProfile
<IAzureContextContainer>] -ObjectId <String> [-PassThru] [-Confirm] [-WhatIf] [<CommonParameters>]
Remove-AzureRmKeyVaultAccessPolicy [-InputObject] <PSKeyVault> [-ApplicationId <Guid>] [-DefaultProfile <IAzureContextContainer>] -ObjectId
<String> [-PassThru] [-Confirm] [-WhatIf] [<CommonParameters>]
Remove-AzureRmKeyVaultAccessPolicy [-VaultName] <String> [[-ResourceGroupName] <String>] [-DefaultProfile <IAzureContextContainer>] -EmailAddress
<String> [-PassThru] [-Confirm] [-WhatIf] [<CommonParameters>]
Remove-AzureRmKeyVaultAccessPolicy [-InputObject] <PSKeyVault> [-DefaultProfile <IAzureContextContainer>] -EmailAddress <String> [-PassThru]
[-Confirm] [-WhatIf] [<CommonParameters>]
Remove-AzureRmKeyVaultAccessPolicy [-VaultName] <String> [[-ResourceGroupName] <String>] [-DefaultProfile <IAzureContextContainer>]
[-EnabledForDeployment] [-EnabledForDiskEncryption] [-EnabledForTemplateDeployment] [-PassThru] [-Confirm] [-WhatIf] [<CommonParameters>]
Remove-AzureRmKeyVaultAccessPolicy [-InputObject] <PSKeyVault> [-DefaultProfile <IAzureContextContainer>] [-EnabledForDeployment]
[-EnabledForDiskEncryption] [-EnabledForTemplateDeployment] [-PassThru] [-Confirm] [-WhatIf] [<CommonParameters>]
Remove-AzureRmKeyVaultAccessPolicy [-InputObject] <PSKeyVault> [-DefaultProfile <IAzureContextContainer>] [-PassThru] -ServicePrincipalName
<String> [-Confirm] [-WhatIf] [<CommonParameters>]
Remove-AzureRmKeyVaultAccessPolicy [-InputObject] <PSKeyVault> [-DefaultProfile <IAzureContextContainer>] [-PassThru] -UserPrincipalName <String>
[-Confirm] [-WhatIf] [<CommonParameters>]
Remove-AzureRmKeyVaultAccessPolicy [-VaultName] <String> [[-ResourceGroupName] <String>] [-DefaultProfile <IAzureContextContainer>] [-PassThru]
-UserPrincipalName <String> [-Confirm] [-WhatIf] [<CommonParameters>]
Remove-AzureRmKeyVaultAccessPolicy [-VaultName] <String> [[-ResourceGroupName] <String>] [-DefaultProfile <IAzureContextContainer>] [-PassThru]
-ServicePrincipalName <String> [-Confirm] [-WhatIf] [<CommonParameters>]
DESCRIPTION
The Remove-AzureRmKeyVaultAccessPolicy cmdlet removes all permissions for a user or application or for all users and applications from a key
vault. Even if you remove all permissions, the owner of the Azure subscription that contains the key vault can add permissions to the key vault.
Note that although specifying the resource group is optional for this cmdlet, you should do so for better performance.
PARAMETERS
-ApplicationId <Guid>
Specifies the ID of application whose permissions should be removed
Required? false
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-DefaultProfile <IAzureContextContainer>
The credentials, account, tenant, and subscription used for communication with azure
Required? false
Position? named
Default value None
Accept pipeline input? False
Accept wildcard characters? false
-EmailAddress <String>
Specifies the user email address of the user whose access you want to remove.
Required? true
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-EnabledForDeployment [<SwitchParameter>]
If specified, disables the retrieval of secrets from this key vault by the Microsoft.Compute resource provider when referenced in resource
creation.
Required? false
Position? named
Default value False
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-EnabledForDiskEncryption [<SwitchParameter>]
If specified, disables the retrieval of secrets from this key vault by Azure Disk Encryption.
Required? false
Position? named
Default value False
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-EnabledForTemplateDeployment [<SwitchParameter>]
If specified, disables the retrieval of secrets from this key vault by Azure Resource Manager when referenced in templates.
Required? false
Position? named
Default value False
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-InputObject <PSKeyVault>
Key Vault object.
Required? true
Position? 0
Default value None
Accept pipeline input? True (ByValue)
Accept wildcard characters? false
-ObjectId <String>
Specifies the object ID of the user or service principal in Azure Active Directory for which to remove permissions.
Required? true
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-PassThru [<SwitchParameter>]
Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.
Required? false
Position? named
Default value False
Accept pipeline input? False
Accept wildcard characters? false
-ResourceGroupName <String>
Specifies the name of the resource group associated with the key vault whose access policy is being modified. If not specified, this cmdlet
searches for the key vault in the current subscription.
Required? false
Position? 1
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-ServicePrincipalName <String>
Specifies the service principal name of the application whose permissions you want to remove. Specify the application ID, also known as client
ID, registered for the application in Azure Active Directory.
Required? true
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-UserPrincipalName <String>
Specifies the user principal name of the user whose access you want to remove.
Required? true
Position? named
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-VaultName <String>
Specifies the name of the key vault. This cmdlet removes permissions for the key vault that this parameter specifies.
Required? true
Position? 0
Default value None
Accept pipeline input? True (ByPropertyName)
Accept wildcard characters? false
-Confirm [<SwitchParameter>]
Prompts you for confirmation before running the cmdlet.
Required? false
Position? named
Default value False
Accept pipeline input? False
Accept wildcard characters? false
-WhatIf [<SwitchParameter>]
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Required? false
Position? named
Default value False
Accept pipeline input? False
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
None
This cmdlet does not accept any input.
OUTPUTS
Microsoft.Azure.Commands.KeyVault.Models.PSKeyVault
NOTES
Example 1: Remove permissions for a user
PS C:\\>Remove-AzureRmKeyVaultAccessPolicy -VaultName 'Contoso03Vault' -UserPrincipalName 'PattiFuller@contoso.com'
This command removes all the permissions that a user PattiFuller@contoso.com has on the key vault named Contoso03Vault.
Example 2: Remove permissions for an application
PS C:\\>Remove-AzureRmKeyVaultAccessPolicy -VaultName 'Contoso03Vault' -ServicePrincipalName 'http://payroll.contoso.com'
This command removes all the permissions that an application has on the key vault named Contoso03Vault. This example identifies the application by
using the service principal name registered in Azure Active Directory, http://payroll.contoso.com.
Example 3: Remove permissions for an application by using its object ID
PS C:\\>Remove-AzureRmKeyVaultAccessPolicy -VaultName 'Contoso03Vault' -ObjectID 34595082-9346-41b6-8d6b-295a2808b8db
This command removes all the permissions that an application has on the key vault named Contoso03Vault. This example identifies the application by
the object ID of the service principal.
Example 4: Remove permissions for the Microsoft.Compute resource provider
PS C:\\>Remove-AzureRmKeyVaultAccessPolicy -VaultName 'Contoso03Vault' -ResourceGroupName 'Group14' -EnabledForDeployment
This command removes permission for the Microsoft.Compute resource provider to get secrets from the Contoso03Vault.
RELATED LINKS
Online Version: https://docs.microsoft.com/en-us/powers ... cesspolicy
Set-AzureRmKeyVaultAccessPolicy