更新 governanceRoleSetting
命名空间:microsoft.graph
重要
Microsoft Graph版本下的 /beta API 可能会发生更改。 不支持在生产应用程序中使用这些 API。 若要确定 API 是否在 v1.0 中可用,请使用 版本 选择器。
更新 governanceRoleSetting 的属性。
权限
要调用此 API,需要以下权限之一。要了解详细信息,包括如何选择权限的信息,请参阅权限。
注意: 此 API 还要求请求者至少有一个 Active 管理员角色分配 (owner 或 user access administrator) 资源。
| 权限类型 |
权限 |
| 委派(工作或学校帐户) |
PrivilegedAccess.ReadWrite.AzureResources |
| 委派(个人 Microsoft 帐户) |
不支持。 |
| 应用程序 |
不支持。 |
Azure 资源
| 权限类型 |
权限 |
| 委派(工作或学校帐户) |
PrivilegedAccess.ReadWrite.AzureResources |
| 委派(个人 Microsoft 帐户) |
不支持。 |
| 应用程序 |
不支持。 |
Azure AD
| 权限类型 |
权限 |
| 委派(工作或学校帐户) |
PrivilegedAccess.ReadWrite.AzureAD |
| 委派(个人 Microsoft 帐户) |
不支持。 |
| 应用程序 |
不支持。 |
组
| 权限类型 |
权限 |
| 委派(工作或学校帐户) |
PrivilegedAccess.ReadWrite.AzureADGroup |
| 委派(个人 Microsoft 帐户) |
不支持。 |
| 应用程序 |
不支持。 |
HTTP 请求
PATCH /privilegedAccess/azureResources/roleSettings/{id}
| 名称 |
说明 |
| Authorization |
持有者 {token} |
| Content-type |
application/json |
请求正文
在请求正文中,提供需要更新的 governanceRuleSettings 的 值。
响应
如果成功,此方法返回 204 NoContent 响应代码。它不在响应正文中返回任何内容。
错误代码
此 API 返回标准 HTTP 错误代码。 此外,它返回以下自定义错误代码。
示例
本示例更新订阅 Wingtip Toys - Prod 中自定义角色 3 的角色设置。
请求
PATCH https://graph.microsoft.com/beta/privilegedAccess/azureResources/roleSettings/5fb5aef8-1081-4b8e-bb16-9d5d0385bab5
Content-type: application/json
{
"adminEligibleSettings":[
{
"ruleIdentifier":"ExpirationRule",
"setting":"{\"permanentAssignment\":false,\"maximumGrantPeriodInMinutes\":129600}"
}
]
}
GraphServiceClient graphClient = new GraphServiceClient( authProvider );
var governanceRoleSetting = new GovernanceRoleSetting
{
AdminEligibleSettings = new List<GovernanceRuleSetting>()
{
new GovernanceRuleSetting
{
RuleIdentifier = "ExpirationRule",
Setting = "{\"permanentAssignment\":false,\"maximumGrantPeriodInMinutes\":129600}"
}
}
};
await graphClient.PrivilegedAccess["{privilegedAccess-id}"].RoleSettings["{governanceRoleSetting-id}"]
.Request()
.UpdateAsync(governanceRoleSetting);
const options = {
authProvider,
};
const client = Client.init(options);
const governanceRoleSetting = {
adminEligibleSettings: [
{
ruleIdentifier: 'ExpirationRule',
setting: '{\"permanentAssignment\':false,\'maximumGrantPeriodInMinutes\':129600}"
}
]
};
await client.api('/privilegedAccess/azureResources/roleSettings/5fb5aef8-1081-4b8e-bb16-9d5d0385bab5')
.version('beta')
.update(governanceRoleSetting);
MSHTTPClient *httpClient = [MSClientFactory createHTTPClientWithAuthenticationProvider:authenticationProvider];
NSString *MSGraphBaseURL = @"https://graph.microsoft.com/beta/";
NSMutableURLRequest *urlRequest = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:[MSGraphBaseURL stringByAppendingString:@"/privilegedAccess/azureResources/roleSettings/5fb5aef8-1081-4b8e-bb16-9d5d0385bab5"]]];
[urlRequest setHTTPMethod:@"PATCH"];
[urlRequest setValue:@"application/json" forHTTPHeaderField:@"Content-Type"];
MSGraphGovernanceRoleSetting *governanceRoleSetting = [[MSGraphGovernanceRoleSetting alloc] init];
NSMutableArray *adminEligibleSettingsList = [[NSMutableArray alloc] init];
MSGraphGovernanceRuleSetting *adminEligibleSettings = [[MSGraphGovernanceRuleSetting alloc] init];
[adminEligibleSettings setRuleIdentifier:@"ExpirationRule"];
[adminEligibleSettings setSetting:@"{\"permanentAssignment\":false,\"maximumGrantPeriodInMinutes\":129600}"];
[adminEligibleSettingsList addObject: adminEligibleSettings];
[governanceRoleSetting setAdminEligibleSettings:adminEligibleSettingsList];
NSError *error;
NSData *governanceRoleSettingData = [governanceRoleSetting getSerializedDataWithError:&error];
[urlRequest setHTTPBody:governanceRoleSettingData];
MSURLSessionDataTask *meDataTask = [httpClient dataTaskWithRequest:urlRequest
completionHandler: ^(NSData *data, NSURLResponse *response, NSError *nserror) {
//Request Completed
}];
[meDataTask execute];
GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();
GovernanceRoleSetting governanceRoleSetting = new GovernanceRoleSetting();
LinkedList<GovernanceRuleSetting> adminEligibleSettingsList = new LinkedList<GovernanceRuleSetting>();
GovernanceRuleSetting adminEligibleSettings = new GovernanceRuleSetting();
adminEligibleSettings.ruleIdentifier = "ExpirationRule";
adminEligibleSettings.setting = "{\"permanentAssignment\":false,\"maximumGrantPeriodInMinutes\":129600}";
adminEligibleSettingsList.add(adminEligibleSettings);
governanceRoleSetting.adminEligibleSettings = adminEligibleSettingsList;
graphClient.privilegedAccess("azureResources").roleSettings("5fb5aef8-1081-4b8e-bb16-9d5d0385bab5")
.buildRequest()
.patch(governanceRoleSetting);
//THE GO SDK IS IN PREVIEW. NON-PRODUCTION USE ONLY
graphClient := msgraphsdk.NewGraphServiceClient(requestAdapter)
requestBody := msgraphsdk.NewGovernanceRoleSetting()
requestBody.SetAdminEligibleSettings( []GovernanceRuleSetting {
msgraphsdk.NewGovernanceRuleSetting(),
ruleIdentifier := "ExpirationRule"
SetRuleIdentifier(&ruleIdentifier)
setting := "{"permanentAssignment":false,"maximumGrantPeriodInMinutes":129600}"
SetSetting(&setting)
}
privilegedAccessId := "privilegedAccess-id"
governanceRoleSettingId := "governanceRoleSetting-id"
graphClient.PrivilegedAccessById(&privilegedAccessId).RoleSettingsById(&governanceRoleSettingId).Patch(requestBody)
Import-Module Microsoft.Graph.Identity.Governance
$params = @{
AdminEligibleSettings = @(
@{
RuleIdentifier = "ExpirationRule"
Setting = "{"permanentAssignment":false,"maximumGrantPeriodInMinutes":129600}"
}
)
}
Update-MgPrivilegedAccessRoleSetting -PrivilegedAccessId $privilegedAccessId -GovernanceRoleSettingId $governanceRoleSettingId -BodyParameter $params
响应
HTTP/1.1 204 No Content