September 25, 2015 Leave a comment
Here is part 2 where I will be covering the following features:
- PAM role with time span limits (e.g. 08:00 to 17:00)
- PAM role with a specific request time (requests in future)
First make sure that the server running PAM components and the MIM service/portal have the correct time zone setting. You can check that in MIM portal under: Administration -> Portal Configuration -> Timezone
Currently the time restrictions are only working on time values not dates, so you cannot exclude weekend days for example. Only restrictions like 8:00 to 17:00 (or 8:00 am to 5:00 pm) are possible.
The supported way to set a time span rule on a PAM role is through PowerShell:
Import-Module MIMPAM $pamrole = Get-PAMRole "SQLAdmins" Set-PAMRole -Role $pamrole -AvailabilityWindowEnabled $true -AvailableFrom "08:00" -AvailableTo "17:00"