Is it possible to make different users have different maximum activation duration time for the same role in Azure. For example, User A has the user administrator role with a maximum activation time of 8hrs, and User B also has the user administrator role with a maximum activation time of 24hrs. Is this possible?
Privilege Identity Management (Azure)
34 Views Asked by Isaiah At
1
There are 1 best solutions below
Related Questions in AZURE
- How to update to the latest external Git in Azure Web App?
- I need an azure product that executes my intensive ffmpeg command then dies, and i only get charged for the delta. Any Tips?
- Inject AsyncCollector into a service
- mutual tls authentication between app service and function app
- Azure Application Insights Not Displaying Custom Logs for Azure Functions with .NET 8
- Application settings for production deployment slot in Azure App Services
- Encountered an error (ServiceUnavailable) from host runtime on Azure Function App
- Implementing Incremental consent when using both application and delegated permissions
- Invalid format for email address in WordPress on Azure app service
- Producer Batching Service Bus Vs Kafka
- Integrating Angular External IP with ClusterIP of .NET microservices on AKS
- Difficulty creating a data pipeline with Fabric Datafactory using REST
- Azure Batch for Excel VBA
- How to authenticate only Local and Guest users in Azure AD B2C and add custom claims in token?
- Azure Scale Sets and Parallel Jobs
Related Questions in SECURITY
- HTTPS configuration in Spring Boot, server returning timeout
- HSM ZKA control mask values
- OWASP Amass Subcommands
- Is there a need for BPF Linux namespace?
- Error when trying to execute a binary compiled in a Kali Linux machine on an Ubuntu system
- When sanitize/encode while implementing tags system like on SO
- spring security version in spring-boot-starter-security
- I am currently trying to implement a rudimentary firewall from a video I watched but the nimda worm detection is not working and i do not know why?
- Is it possible for `sudo` to fail temporarily with the correct password? Hacking suspected
- Is it viable proxying all my mobile apps requests, to some kind knowing that a request is coming from a secure source
- What abilities should I concentrate on while bug hunting, and how can I improve the quality of my bug bounty reports?
- System.ArgumentOutOfRangeException: I passed this error in every single program
- How to prevent users from creating custom client apps?
- Does server-side content security policy exist for youtube video player API, app, mod apks and website?
- Can we pass a hostname/IP address as a query string in a GET request in REST API
Related Questions in IDENTITY
- Avoid resetting AccessFailedCount by CheckPasswordSignIn in ASP.Net Identity
- Camunda 8 Identity not connecting to existing Keycloak
- Identity log out suddenly in ASP.NET Core 7
- Unable to Connect to Azure using Certificate thumbprint with Connect-AzAccount
- what is the use of max_server_pool_size configuration for supertokens
- Sustainsys.saml2: IDX10214: Audience validation failed. Did not match: validationParameters.ValidAudience
- Custom Authorization Policy User.Identity.Name is null
- Impossible to assign a managed identity to my Azure function
- Implementing RFC 8693 Token Exchange with Azure AD for a Non-JWT OAuth2 Token
- Azure FailedIdentityOperation - failure on container app secret update with az cli
- Generate HTML Email from Razor View Page with a Strongly Typed Model
- Why Email Confirmation Token Getting Expired After 10 Minutes [.Net 8]
- Problem with identity scaffolding in ASP.NET
- System.NotSupportedException: Store does not implement IUserRoleStore<TUser>
- How to received a notification about removing user from FreeIPA?
Related Questions in ELEVATED-PRIVILEGES
- How to invoke UAC(Elevation shield) Prompt while trying to open bootstrapper bundle exe in WIX
- IE Mode Edge driver stuck on 'This is the initial start page for the WebDriver server' when running in Elevated Mode (Admin Mode) [Selenium]
- Opening Microsoft Edge in Elevated mode (use case: open via Selenium)
- How to run an app requiring admin privileges on standard user so that the user does not know the admin password?
- Run Batch-file Elevated through Windows Terminal
- Privilege Identity Management (Azure)
- How to start an application elevated on account without admin privileges on Windows 10
- "Missing sudo password" error with Ansible Error
- ShellExecuteExW function with lpVerb = L"runas" and lpFile = L"cmd" succeeds but fails
- Zephyr, defeating C_NULL_POINTER_EXCEPTION protection
- Is it possible to give my Android app root permissions without rooting the device? Perhaps with an MDM or a UEM?
- What's the proper way to run a piece of code with admin privileges conditionally?
- My PowerShell script does not work when opening it from a batch file or the command line, but it works when running directly
- How can we trigger the PowerShell file with both another user and admin privileges
- Opening domain computer's explorer from elevated PS script still prompts for credentials
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Yes, it is possible but not without creating two (2) PIM groups.
One for 8h and one for 24h. Alternatively, you can use one for 24h and tell the user A that the person can maximum use it for 8h, which means he/she would have to adjust the hours every time they activate. You can then setup a KQL query in your LAW (if you send Entra ID logs) and then create an alert for when User A activate this role. This is not a very good and recommendable solution.
https://learn.microsoft.com/en-us/entra/id-governance/privileged-identity-management/pim-resource-roles-configure-role-settings?wt.mc_id=MVP_323223