在 Privileged Identity Management 中更新或删除分配的 Azure AD 自定义角色Update or remove an assigned Azure AD custom role in Privileged Identity Management

本文介绍如何使用 Privileged Identity Management (PIM) 来更新或删除对自定义角色进行的恰时分配和有时限的分配,这些自定义角色是在 Azure Active Directory (Azure AD) 管理体验中为了进行应用程序管理而创建的。This article tells you how to use Privileged Identity Management (PIM) to update or remove just-in-time and time-bound assignment to custom roles created for application management in the Azure Active Directory (Azure AD) administrative experience.

备注

在预览版中,Azure AD 自定义角色未集成内置的目录角色。Azure AD custom roles are not integrated with the built-in directory roles during preview. 此功能的正式版发布后,可在内置的角色体验中进行角色管理。Once the capability is generally available, role management will take place in the built-in roles experience. 如果看到以下横幅,则应在内置角色体验中管理这些角色,而本文不适用:If you see the following banner, these roles should be managed in the built-in roles experience and this article does not apply:

选择“Azure AD”>“Privileged Identity Management”。Select Azure AD > Privileged Identity Management.

更新或删除分配Update or remove an assignment

按照以下步骤更新或删除现有的自定义角色分配。Follow these steps to update or remove an existing custom role assignment.

  1. 在 Azure 门户中使用分配给特权角色管理员角色的用户帐户登录到 Privileged Identity ManagementSign in to Privileged Identity Management in the Azure portal with a user account that is assigned to the Privileged role administrator role.

  2. 选择“Azure AD 自定义角色(预览版)”。Select Azure AD custom roles (Preview).

    选择 Azure AD 自定义角色预览版,查看符合条件的角色分配

  3. 选择“角色”,查看 Azure AD 应用程序的自定义角色的“分配”列表。Select Roles to see a the Assignments list of custom roles for Azure AD applications.

    选择“角色”以查看符合条件的角色分配列表

  4. 选择要更新或删除的角色。Select the role that you want to update or remove.

  5. 在“合格角色”或“活动角色”选项卡上查找角色分配。Find the role assignment on the Eligible roles or Active roles tabs.

  6. 选择“更新”或“删除”以更新或删除角色分配。Select Update or Remove to update or remove the role assignment.

    在符合条件的角色分配中选择“删除”或“更新”

后续步骤Next steps