Skip to content

Commit 00f4328

Browse files
BethanyZhouBethanyZhou
authored
update docs for managed hsm (#15817)
1 parent ec493b6 commit 00f4328

File tree

2 files changed

+11
-3
lines changed

2 files changed

+11
-3
lines changed

src/KeyVault/KeyVault/help/New-AzKeyVaultManagedHsm.md

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -21,8 +21,10 @@ New-AzKeyVaultManagedHsm [-Name] <String> [-ResourceGroupName] <String> [-Locati
2121

2222
## DESCRIPTION
2323
The **New-AzKeyVaultManagedHsm** cmdlet creates a managed HSM in the specified resource group. To add,
24-
remove, or list keys in the managed HSM, user should grant permissions by adding user ID to
25-
Administrator.
24+
remove, or list keys in the managed HSM, user should:
25+
1. grant permissions by adding user ID to Administrator;
26+
2. add role assignment for user like "Managed HSM Crypto User" and so on;
27+
3. back up security domain data of a managed HSM using `Export-AzKeyVaultSecurityDomain`.
2628

2729
## EXAMPLES
2830

src/KeyVault/KeyVault/help/New-AzKeyVaultRoleAssignment.md

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -58,9 +58,15 @@ And to specify an Azure AD application, use ApplicationId or ObjectId parameters
5858
The role that is being assigned must be specified using the RoleDefinitionName pr RoleDefinitionId parameter. The scope at which access is being granted may be specified. It defaults to the selected subscription.
5959

6060
## EXAMPLES
61-
6261
### Example 1
6362
```powershell
63+
PS C:\> New-AzKeyVaultRoleAssignment -HsmName bez-hsm -RoleDefinitionName "Managed Hsm Crypto User" -ObjectId xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
64+
```
65+
66+
This example assigns role "Managed Hsm Crypto User" to user "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" at top scope. If user wants to perform operations on keys. "Managed Hsm Crypto *" role is required for that user.
67+
68+
### Example 2
69+
```powershell
6470
PS C:\> New-AzKeyVaultRoleAssignment -HsmName myHsm -RoleDefinitionName "Managed HSM Policy Administrator" -SignInName [email protected]
6571
6672
RoleDefinitionName DisplayName ObjectType Scope

0 commit comments

Comments
 (0)