获取成员组Get member groups

命名空间:microsoft.graphNamespace: microsoft.graph

返回指定的 user、group 或 directory 对象所属的所有组。此函数是可传递的。Return all the groups that the specified user, group, or directory object is a member of. This function is transitive.

权限Permissions

要调用此 API,需要以下权限之一。要了解详细信息,包括如何选择权限的信息,请参阅权限One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.

权限类型Permission type 权限(从最低特权到最高特权)Permissions (from least to most privileged)
委派(工作或学校帐户)Delegated (work or school account) User.readbasic.all、GroupMember、GroupMember、和 Group。 read. all、user. all 和 Group。 read. all、Directory 中的所有读取。全部,全部读取。全部,Read. AllUser.ReadBasic.All and GroupMember.Read.All, User.Read.All and GroupMember.Read.All, User.ReadBasic.All and Group.Read.All, User.Read.All and Group.Read.All, Directory.Read.All
委派(个人 Microsoft 帐户)Delegated (personal Microsoft account) 不支持。Not supported.
ApplicationApplication User. all 和 GroupMember、User. all 和 Group. all、Read. All: AllUser.Read.All and GroupMember.Read.All, User.Read.All and Group.Read.All, Directory.Read.All

使用下面的方案指南可帮助确定要使用的权限类型:Use the follow scenario guidance to help determine which permission types to use:

  • 使用 User. read 和 GroupMember 或 User. read 和 Group。 Read。获取登录用户的组成员身份的所有权限。Use User.Read and GroupMember.Read.All or User.Read and Group.Read.All permissions to get group memberships for the signed-in user.
  • 使用 User.readbasic.all 和 GroupMember、GroupMember、、all 和、all 和 group。 read. all 和 Group。 Read。获取任何用户的组成员身份的所有权限的权限的详细权限的概述。Use User.ReadBasic.All and GroupMember.Read.All, User.Read.All and GroupMember.Read.All, User.ReadBasic.All and Group.Read.All or User.Read.All and Group.Read.All permissions to get group memberships for any user.
  • 使用 GroupMember 或 Group。读取。获取组的组成员身份的所有权限。Use GroupMember.Read.All or Group.Read.All permission to get group memberships for a group.
  • 使用目录读取。获取目录对象的组成员身份的所有权限。Use Directory.Read.All permission to get group memberships for a directory object.

HTTP 请求HTTP request

POST /me/getMemberGroups
POST /users/{id | userPrincipalName}/getMemberGroups
POST /groups/{id}/getMemberGroups
POST /directoryObjects/{id}/getMemberGroups

请求标头Request headers

名称Name 类型Type 说明Description
AuthorizationAuthorization stringstring Bearer {token}。必需。Bearer {token}. Required.
Content-TypeContent-Type stringstring application/jsonapplication/json

请求正文Request body

在请求正文中,提供具有以下参数的 JSON 对象。In the request body, provide a JSON object with the following parameters.

参数Parameter 类型Type 说明Description
securityEnabledOnlysecurityEnabledOnly BooleanBoolean true 指定仅应返回包含实体的安全组;false 指定应返回包含实体的所有组和目录角色。注意:如果参数为 true,只能对一位用户调用此函数。true to specify that only security groups that the entity is a member of should be returned; false to specify that all groups and directory roles that the entity is a member of should be returned. Note: The function can only be called on a user if the parameter is true.

响应Response

如果成功,此方法在响应正文中返回 200 OK 响应代码和 String 集合对象。If successful, this method returns 200 OK response code and String collection object in the response body.

示例Example

请求Request
POST https://graph.microsoft.com/v1.0/directoryObjects/{object-id}/getMemberGroups
Content-type: application/json

{
  "securityEnabledOnly": true
}
响应Response

注意:为了简单起见,可能会将此处所示的响应对象截断。将从实际调用中返回所有属性。Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.

HTTP/1.1 200 OK
Content-type: application/json

{
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#Collection(Edm.String)",
    "value": [
        "fee2c45b-915a-4a64-b130-f4eb9e75525e",
        "4fe90ae7-065a-478b-9400-e0a0e1cbd540",
        "e0c3beaf-eeb4-43d8-abc5-94f037a65697"
    ]
}