创建 roleAssignmentScheduleRequests
本文内容
命名空间:microsoft.graph
在 PIM 中,通过 unifiedRoleAssignmentScheduleRequest 对象执行以下操作:
请求主体的活动和持久角色分配,无论是否过期日期。
激活、停用、扩展或续订主体的合格角色分配。
若要调用此 API 来为自己更新、续订和扩展分配,必须强制执行多重身份验证 (MFA) ,并在对 MFA 提出质询的会话中运行查询。 请参阅 “启用每用户 Azure AD 多重身份验证”来保护登录事件 。
权限
要调用此 API,需要以下权限之一。要了解详细信息,包括如何选择权限的信息,请参阅权限 。
权限类型
权限(从最低特权到最高特权)
委派(工作或学校帐户)
RoleAssignmentSchedule.ReadWrite.Directory
委派(个人 Microsoft 帐户)
不支持
Application
RoleAssignmentSchedule.ReadWrite.Directory
HTTP 请求
POST /roleManagement/directory/roleAssignmentScheduleRequests
名称
说明
Authorization
Bearer {token}。必需。
Content-Type
application/json. Required.
请求正文
在请求正文中,提供 unifiedRoleAssignmentScheduleRequest 对象的 JSON 表示形式。
创建 unifiedRoleAssignmentScheduleRequest 时,可以指定以下属性。
属性
类型
说明
action
unifiedRoleScheduleRequestActions
表示角色分配请求上的操作类型。 可取值包括:adminAssign、adminUpdate、adminRemove、selfActivate、selfDeactivate、adminExtend、adminRenew、selfExtend、selfRenew、unknownFutureValue。 adminAssign:让管理员将角色分配给用户或组。adminRemove:让管理员从角色中删除用户或组。 adminUpdate:让管理员更改现有角色分配。 adminExtend:让管理员延长即将过期的分配。adminRenew:让管理员续订过期的分配。selfActivate:让用户激活其分配。selfDeactivate:让用户停用其活动分配。selfExtend:让用户请求延长其即将到期的分配。selfRenew:用户请求续订其过期的分配。
customData
String
用于定义请求的任何自定义数据的免费文本字段。 可选。
principalId
String
已授予分配的主体的标识符。 必需项。
roleDefinitionId
String
正在分配的 unifiedRoleDefinition 对象的标识符。 必需项。
directoryScopeId
String
表示分配范围的目录对象的标识符。 分配的范围确定已授予主体访问权限的资源集。 目录范围是存储在多个应用程序理解的目录中的共享范围。 用于 / 租户范围。 使用 appScopeId 将范围限制为仅限应用程序。 需要 directoryScopeId 或 appScopeId 。
appScopeId
String
分配作用域为应用时特定于应用的范围的标识符。 分配的范围确定已授予主体访问权限的资源集。 应用范围是仅由此应用程序定义和理解的范围。 用于 / 租户范围的应用范围。 使用 directoryScopeId 将范围限制为特定目录对象,例如管理单元。 需要 directoryScopeId 或 appScopeId 。
理由
String
用户和管理员创建 unifiedRoleAssignmentScheduleRequest 对象时提供的消息。 可选。
scheduleInfo
requestSchedule 角色分配请求的周期。 当前不支持定期计划。 必需项。
ticketInfo
ticketInfo 链接到角色分配请求的票证详细信息,包括票证编号和票证系统的详细信息。 可选。
响应
如果成功,此方法在响应正文中返回 201 Created 响应代码和 unifiedRoleAssignmentScheduleRequest 对象。
示例
示例 1:管理员将目录角色分配给主体
在以下请求中,管理员创建一个请求,以将标 fdd7a751-b60b-444a-984c-02652fe8fa1c 识的角色分配给 ID 标识的 071cc716-8147-4397-a5ba-b2105951cc0b主体。 其角色的范围是租户中的所有目录对象,分配是永久性的。
请求
POST https://graph.microsoft.com/v1.0/roleManagement/directory/roleAssignmentScheduleRequests
Content-Type: application/json
{
"action": "adminAssign",
"justification": "Assign Groups Admin to IT Helpdesk group",
"roleDefinitionId": "fdd7a751-b60b-444a-984c-02652fe8fa1c",
"directoryScopeId": "/",
"principalId": "071cc716-8147-4397-a5ba-b2105951cc0b",
"scheduleInfo": {
"startDateTime": "2022-04-10T00:00:00Z",
"expiration": {
"type": "NoExpiration"
}
}
}
GraphServiceClient graphClient = new GraphServiceClient( authProvider );
var unifiedRoleAssignmentScheduleRequest = new UnifiedRoleAssignmentScheduleRequestObject
{
Action = UnifiedRoleScheduleRequestActions.AdminAssign,
Justification = "Assign Groups Admin to IT Helpdesk group",
RoleDefinitionId = "fdd7a751-b60b-444a-984c-02652fe8fa1c",
DirectoryScopeId = "/",
PrincipalId = "071cc716-8147-4397-a5ba-b2105951cc0b",
ScheduleInfo = new RequestSchedule
{
StartDateTime = DateTimeOffset.Parse("2022-04-10T00:00:00Z"),
Expiration = new ExpirationPattern
{
Type = ExpirationPatternType.NoExpiration
}
}
};
await graphClient.RoleManagement.Directory.RoleAssignmentScheduleRequests
.Request()
.AddAsync(unifiedRoleAssignmentScheduleRequest);
有关如何将 SDK 添加 到项目并 创建 authProvider 实例的 详细信息,请参阅 SDK 文档 。
const options = {
authProvider,
};
const client = Client.init(options);
const unifiedRoleAssignmentScheduleRequest = {
action: 'adminAssign',
justification: 'Assign Groups Admin to IT Helpdesk group',
roleDefinitionId: 'fdd7a751-b60b-444a-984c-02652fe8fa1c',
directoryScopeId: '/',
principalId: '071cc716-8147-4397-a5ba-b2105951cc0b',
scheduleInfo: {
startDateTime: '2022-04-10T00:00:00Z',
expiration: {
type: 'NoExpiration'
}
}
};
await client.api('/roleManagement/directory/roleAssignmentScheduleRequests')
.post(unifiedRoleAssignmentScheduleRequest);
有关如何将 SDK 添加 到项目并 创建 authProvider 实例的 详细信息,请参阅 SDK 文档 。
MSHTTPClient *httpClient = [MSClientFactory createHTTPClientWithAuthenticationProvider:authenticationProvider];
NSString *MSGraphBaseURL = @"https://graph.microsoft.com/v1.0/";
NSMutableURLRequest *urlRequest = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:[MSGraphBaseURL stringByAppendingString:@"/roleManagement/directory/roleAssignmentScheduleRequests"]]];
[urlRequest setHTTPMethod:@"POST"];
[urlRequest setValue:@"application/json" forHTTPHeaderField:@"Content-Type"];
MSGraphUnifiedRoleAssignmentScheduleRequest *unifiedRoleAssignmentScheduleRequest = [[MSGraphUnifiedRoleAssignmentScheduleRequest alloc] init];
[unifiedRoleAssignmentScheduleRequest setAction: [MSGraphUnifiedRoleScheduleRequestActions adminAssign]];
[unifiedRoleAssignmentScheduleRequest setJustification:@"Assign Groups Admin to IT Helpdesk group"];
[unifiedRoleAssignmentScheduleRequest setRoleDefinitionId:@"fdd7a751-b60b-444a-984c-02652fe8fa1c"];
[unifiedRoleAssignmentScheduleRequest setDirectoryScopeId:@"/"];
[unifiedRoleAssignmentScheduleRequest setPrincipalId:@"071cc716-8147-4397-a5ba-b2105951cc0b"];
MSGraphRequestSchedule *scheduleInfo = [[MSGraphRequestSchedule alloc] init];
[scheduleInfo setStartDateTime: "2022-04-10T00:00:00Z"];
MSGraphExpirationPattern *expiration = [[MSGraphExpirationPattern alloc] init];
[expiration setType: [MSGraphExpirationPatternType noExpiration]];
[scheduleInfo setExpiration:expiration];
[unifiedRoleAssignmentScheduleRequest setScheduleInfo:scheduleInfo];
NSError *error;
NSData *unifiedRoleAssignmentScheduleRequestData = [unifiedRoleAssignmentScheduleRequest getSerializedDataWithError:&error];
[urlRequest setHTTPBody:unifiedRoleAssignmentScheduleRequestData];
MSURLSessionDataTask *meDataTask = [httpClient dataTaskWithRequest:urlRequest
completionHandler: ^(NSData *data, NSURLResponse *response, NSError *nserror) {
//Request Completed
}];
[meDataTask execute];
有关如何将 SDK 添加 到项目并 创建 authProvider 实例的 详细信息,请参阅 SDK 文档 。
GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();
UnifiedRoleAssignmentScheduleRequest unifiedRoleAssignmentScheduleRequest = new UnifiedRoleAssignmentScheduleRequest();
unifiedRoleAssignmentScheduleRequest.action = UnifiedRoleScheduleRequestActions.ADMIN_ASSIGN;
unifiedRoleAssignmentScheduleRequest.justification = "Assign Groups Admin to IT Helpdesk group";
unifiedRoleAssignmentScheduleRequest.roleDefinitionId = "fdd7a751-b60b-444a-984c-02652fe8fa1c";
unifiedRoleAssignmentScheduleRequest.directoryScopeId = "/";
unifiedRoleAssignmentScheduleRequest.principalId = "071cc716-8147-4397-a5ba-b2105951cc0b";
RequestSchedule scheduleInfo = new RequestSchedule();
scheduleInfo.startDateTime = OffsetDateTimeSerializer.deserialize("2022-04-10T00:00:00Z");
ExpirationPattern expiration = new ExpirationPattern();
expiration.type = ExpirationPatternType.NO_EXPIRATION;
scheduleInfo.expiration = expiration;
unifiedRoleAssignmentScheduleRequest.scheduleInfo = scheduleInfo;
graphClient.roleManagement().directory().roleAssignmentScheduleRequests()
.buildRequest()
.post(unifiedRoleAssignmentScheduleRequest);
有关如何将 SDK 添加 到项目并 创建 authProvider 实例的 详细信息,请参阅 SDK 文档 。
//THE GO SDK IS IN PREVIEW. NON-PRODUCTION USE ONLY
graphClient := msgraphsdk.NewGraphServiceClient(requestAdapter)
requestBody := msgraphsdk.NewUnifiedRoleAssignmentScheduleRequest()
action := "adminAssign"
requestBody.SetAction(&action)
justification := "Assign Groups Admin to IT Helpdesk group"
requestBody.SetJustification(&justification)
roleDefinitionId := "fdd7a751-b60b-444a-984c-02652fe8fa1c"
requestBody.SetRoleDefinitionId(&roleDefinitionId)
directoryScopeId := "/"
requestBody.SetDirectoryScopeId(&directoryScopeId)
principalId := "071cc716-8147-4397-a5ba-b2105951cc0b"
requestBody.SetPrincipalId(&principalId)
scheduleInfo := msgraphsdk.NewRequestSchedule()
requestBody.SetScheduleInfo(scheduleInfo)
startDateTime, err := time.Parse(time.RFC3339, "2022-04-10T00:00:00Z")
scheduleInfo.SetStartDateTime(&startDateTime)
expiration := msgraphsdk.NewExpirationPattern()
scheduleInfo.SetExpiration(expiration)
type := "NoExpiration"
expiration.SetType(&type)
result, err := graphClient.RoleManagement().Directory().RoleAssignmentScheduleRequests().Post(requestBody)
有关如何将 SDK 添加 到项目并 创建 authProvider 实例的 详细信息,请参阅 SDK 文档 。
Import-Module Microsoft.Graph.DeviceManagement.Enrolment
$params = @{
Action = "adminAssign"
Justification = "Assign Groups Admin to IT Helpdesk group"
RoleDefinitionId = "fdd7a751-b60b-444a-984c-02652fe8fa1c"
DirectoryScopeId = "/"
PrincipalId = "071cc716-8147-4397-a5ba-b2105951cc0b"
ScheduleInfo = @{
StartDateTime = [System.DateTime]::Parse("2022-04-10T00:00:00Z")
Expiration = @{
Type = "NoExpiration"
}
}
}
New-MgRoleManagementDirectoryRoleAssignmentScheduleRequest -BodyParameter $params
有关如何将 SDK 添加 到项目并 创建 authProvider 实例的 详细信息,请参阅 SDK 文档 。
响应
注意: 为了提高可读性,可能缩短了此处显示的响应对象。
HTTP/1.1 201 Created
Content-Type: application/json
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#roleManagement/directory/roleAssignmentScheduleRequests/$entity",
"id": "95c690fb-3eb3-4942-a03f-4524aed6f31e",
"status": "Provisioned",
"createdDateTime": "2022-04-11T11:50:03.9014347Z",
"completedDateTime": "2022-04-11T11:50:05.9999343Z",
"approvalId": null,
"customData": null,
"action": "adminAssign",
"principalId": "071cc716-8147-4397-a5ba-b2105951cc0b",
"roleDefinitionId": "fdd7a751-b60b-444a-984c-02652fe8fa1c",
"directoryScopeId": "/",
"appScopeId": null,
"isValidationOnly": false,
"targetScheduleId": "95c690fb-3eb3-4942-a03f-4524aed6f31e",
"justification": "Assign Groups Admin to IT Helpdesk group",
"createdBy": {
"application": null,
"device": null,
"user": {
"displayName": null,
"id": "3fbd929d-8c56-4462-851e-0eb9a7b3a2a5"
}
},
"scheduleInfo": {
"startDateTime": "2022-04-11T11:50:05.9999343Z",
"recurrence": null,
"expiration": {
"type": "noExpiration",
"endDateTime": null,
"duration": null
}
},
"ticketInfo": {
"ticketNumber": null,
"ticketSystem": null
}
}
示例 2:用户激活其符合条件的角色
请求
在以下请求中, principalId 071cc716-8147-4397-a5ba-b2105951cc0b 标识的用户会将自己的 符合条件的角色 激活到 ID 标识的 8424c6f0-a189-499e-bbd0-26c1753c96d4Azure AD 角色。 其角色的范围是租户中的所有目录对象,分配为 5 小时。 若要运行此请求,调用用户必须实施多重身份验证 (MFA) 并在请求 MFA 的会话中运行查询。
若要检索其资格请求的详细信息并确定激活资格,用户将调用 unifiedRoleEligibilitySchedule:filterByCurrentUser API。
POST https://graph.microsoft.com/v1.0/roleManagement/directory/roleAssignmentScheduleRequests/
Content-Type: application/json
{
"action": "selfActivate",
"principalId": "071cc716-8147-4397-a5ba-b2105951cc0b",
"roleDefinitionId": "8424c6f0-a189-499e-bbd0-26c1753c96d4",
"directoryScopeId": "/",
"justification": "I need access to the Attribute Administrator role to manage attributes to be assigned to restricted AUs",
"scheduleInfo": {
"startDateTime": "2022-04-14T00:00:00.000Z",
"expiration": {
"type": "AfterDuration",
"duration": "PT5H"
}
},
"ticketInfo": {
"ticketNumber": "CONTOSO:Normal-67890",
"ticketSystem": "MS Project"
}
}
GraphServiceClient graphClient = new GraphServiceClient( authProvider );
var unifiedRoleAssignmentScheduleRequest = new UnifiedRoleAssignmentScheduleRequestObject
{
Action = UnifiedRoleScheduleRequestActions.SelfActivate,
PrincipalId = "071cc716-8147-4397-a5ba-b2105951cc0b",
RoleDefinitionId = "8424c6f0-a189-499e-bbd0-26c1753c96d4",
DirectoryScopeId = "/",
Justification = "I need access to the Attribute Administrator role to manage attributes to be assigned to restricted AUs",
ScheduleInfo = new RequestSchedule
{
StartDateTime = DateTimeOffset.Parse("2022-04-14T00:00:00Z"),
Expiration = new ExpirationPattern
{
Type = ExpirationPatternType.AfterDuration,
Duration = new Duration("PT5H")
}
},
TicketInfo = new TicketInfo
{
TicketNumber = "CONTOSO:Normal-67890",
TicketSystem = "MS Project"
}
};
await graphClient.RoleManagement.Directory.RoleAssignmentScheduleRequests
.Request()
.AddAsync(unifiedRoleAssignmentScheduleRequest);
有关如何将 SDK 添加 到项目并 创建 authProvider 实例的 详细信息,请参阅 SDK 文档 。
const options = {
authProvider,
};
const client = Client.init(options);
const unifiedRoleAssignmentScheduleRequest = {
action: 'selfActivate',
principalId: '071cc716-8147-4397-a5ba-b2105951cc0b',
roleDefinitionId: '8424c6f0-a189-499e-bbd0-26c1753c96d4',
directoryScopeId: '/',
justification: 'I need access to the Attribute Administrator role to manage attributes to be assigned to restricted AUs',
scheduleInfo: {
startDateTime: '2022-04-14T00:00:00.000Z',
expiration: {
type: 'AfterDuration',
duration: 'PT5H'
}
},
ticketInfo: {
ticketNumber: 'CONTOSO:Normal-67890',
ticketSystem: 'MS Project'
}
};
await client.api('/roleManagement/directory/roleAssignmentScheduleRequests/')
.post(unifiedRoleAssignmentScheduleRequest);
有关如何将 SDK 添加 到项目并 创建 authProvider 实例的 详细信息,请参阅 SDK 文档 。
MSHTTPClient *httpClient = [MSClientFactory createHTTPClientWithAuthenticationProvider:authenticationProvider];
NSString *MSGraphBaseURL = @"https://graph.microsoft.com/v1.0/";
NSMutableURLRequest *urlRequest = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:[MSGraphBaseURL stringByAppendingString:@"/roleManagement/directory/roleAssignmentScheduleRequests/"]]];
[urlRequest setHTTPMethod:@"POST"];
[urlRequest setValue:@"application/json" forHTTPHeaderField:@"Content-Type"];
MSGraphUnifiedRoleAssignmentScheduleRequest *unifiedRoleAssignmentScheduleRequest = [[MSGraphUnifiedRoleAssignmentScheduleRequest alloc] init];
[unifiedRoleAssignmentScheduleRequest setAction: [MSGraphUnifiedRoleScheduleRequestActions selfActivate]];
[unifiedRoleAssignmentScheduleRequest setPrincipalId:@"071cc716-8147-4397-a5ba-b2105951cc0b"];
[unifiedRoleAssignmentScheduleRequest setRoleDefinitionId:@"8424c6f0-a189-499e-bbd0-26c1753c96d4"];
[unifiedRoleAssignmentScheduleRequest setDirectoryScopeId:@"/"];
[unifiedRoleAssignmentScheduleRequest setJustification:@"I need access to the Attribute Administrator role to manage attributes to be assigned to restricted AUs"];
MSGraphRequestSchedule *scheduleInfo = [[MSGraphRequestSchedule alloc] init];
[scheduleInfo setStartDateTime: "2022-04-14T00:00:00Z"];
MSGraphExpirationPattern *expiration = [[MSGraphExpirationPattern alloc] init];
[expiration setType: [MSGraphExpirationPatternType afterDuration]];
[expiration setDuration:@"PT5H"];
[scheduleInfo setExpiration:expiration];
[unifiedRoleAssignmentScheduleRequest setScheduleInfo:scheduleInfo];
MSGraphTicketInfo *ticketInfo = [[MSGraphTicketInfo alloc] init];
[ticketInfo setTicketNumber:@"CONTOSO:Normal-67890"];
[ticketInfo setTicketSystem:@"MS Project"];
[unifiedRoleAssignmentScheduleRequest setTicketInfo:ticketInfo];
NSError *error;
NSData *unifiedRoleAssignmentScheduleRequestData = [unifiedRoleAssignmentScheduleRequest getSerializedDataWithError:&error];
[urlRequest setHTTPBody:unifiedRoleAssignmentScheduleRequestData];
MSURLSessionDataTask *meDataTask = [httpClient dataTaskWithRequest:urlRequest
completionHandler: ^(NSData *data, NSURLResponse *response, NSError *nserror) {
//Request Completed
}];
[meDataTask execute];
有关如何将 SDK 添加 到项目并 创建 authProvider 实例的 详细信息,请参阅 SDK 文档 。
GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();
UnifiedRoleAssignmentScheduleRequest unifiedRoleAssignmentScheduleRequest = new UnifiedRoleAssignmentScheduleRequest();
unifiedRoleAssignmentScheduleRequest.action = UnifiedRoleScheduleRequestActions.SELF_ACTIVATE;
unifiedRoleAssignmentScheduleRequest.principalId = "071cc716-8147-4397-a5ba-b2105951cc0b";
unifiedRoleAssignmentScheduleRequest.roleDefinitionId = "8424c6f0-a189-499e-bbd0-26c1753c96d4";
unifiedRoleAssignmentScheduleRequest.directoryScopeId = "/";
unifiedRoleAssignmentScheduleRequest.justification = "I need access to the Attribute Administrator role to manage attributes to be assigned to restricted AUs";
RequestSchedule scheduleInfo = new RequestSchedule();
scheduleInfo.startDateTime = OffsetDateTimeSerializer.deserialize("2022-04-14T00:00:00Z");
ExpirationPattern expiration = new ExpirationPattern();
expiration.type = ExpirationPatternType.AFTER_DURATION;
expiration.duration = DatatypeFactory.newInstance().newDuration("PT5H");
scheduleInfo.expiration = expiration;
unifiedRoleAssignmentScheduleRequest.scheduleInfo = scheduleInfo;
TicketInfo ticketInfo = new TicketInfo();
ticketInfo.ticketNumber = "CONTOSO:Normal-67890";
ticketInfo.ticketSystem = "MS Project";
unifiedRoleAssignmentScheduleRequest.ticketInfo = ticketInfo;
graphClient.roleManagement().directory().roleAssignmentScheduleRequests()
.buildRequest()
.post(unifiedRoleAssignmentScheduleRequest);
有关如何将 SDK 添加 到项目并 创建 authProvider 实例的 详细信息,请参阅 SDK 文档 。
//THE GO SDK IS IN PREVIEW. NON-PRODUCTION USE ONLY
graphClient := msgraphsdk.NewGraphServiceClient(requestAdapter)
requestBody := msgraphsdk.NewUnifiedRoleAssignmentScheduleRequest()
action := "selfActivate"
requestBody.SetAction(&action)
principalId := "071cc716-8147-4397-a5ba-b2105951cc0b"
requestBody.SetPrincipalId(&principalId)
roleDefinitionId := "8424c6f0-a189-499e-bbd0-26c1753c96d4"
requestBody.SetRoleDefinitionId(&roleDefinitionId)
directoryScopeId := "/"
requestBody.SetDirectoryScopeId(&directoryScopeId)
justification := "I need access to the Attribute Administrator role to manage attributes to be assigned to restricted AUs"
requestBody.SetJustification(&justification)
scheduleInfo := msgraphsdk.NewRequestSchedule()
requestBody.SetScheduleInfo(scheduleInfo)
startDateTime, err := time.Parse(time.RFC3339, "2022-04-14T00:00:00.000Z")
scheduleInfo.SetStartDateTime(&startDateTime)
expiration := msgraphsdk.NewExpirationPattern()
scheduleInfo.SetExpiration(expiration)
type := "AfterDuration"
expiration.SetType(&type)
duration := "PT5H"
expiration.SetDuration(&duration)
ticketInfo := msgraphsdk.NewTicketInfo()
requestBody.SetTicketInfo(ticketInfo)
ticketNumber := "CONTOSO:Normal-67890"
ticketInfo.SetTicketNumber(&ticketNumber)
ticketSystem := "MS Project"
ticketInfo.SetTicketSystem(&ticketSystem)
result, err := graphClient.RoleManagement().Directory().RoleAssignmentScheduleRequests().Post(requestBody)
有关如何将 SDK 添加 到项目并 创建 authProvider 实例的 详细信息,请参阅 SDK 文档 。
Import-Module Microsoft.Graph.DeviceManagement.Enrolment
$params = @{
Action = "selfActivate"
PrincipalId = "071cc716-8147-4397-a5ba-b2105951cc0b"
RoleDefinitionId = "8424c6f0-a189-499e-bbd0-26c1753c96d4"
DirectoryScopeId = "/"
Justification = "I need access to the Attribute Administrator role to manage attributes to be assigned to restricted AUs"
ScheduleInfo = @{
StartDateTime = [System.DateTime]::Parse("2022-04-14T00:00:00.000Z")
Expiration = @{
Type = "AfterDuration"
Duration = "PT5H"
}
}
TicketInfo = @{
TicketNumber = "CONTOSO:Normal-67890"
TicketSystem = "MS Project"
}
}
New-MgRoleManagementDirectoryRoleAssignmentScheduleRequest -BodyParameter $params
有关如何将 SDK 添加 到项目并 创建 authProvider 实例的 详细信息,请参阅 SDK 文档 。
响应
下面展示了示例响应。
注意: 为了提高可读性,可能缩短了此处显示的响应对象。
HTTP/1.1 201 Created
Content-Type: application/json
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#roleManagement/directory/roleAssignmentScheduleRequests/$entity",
"id": "911bab8a-6912-4de2-9dc0-2648ede7dd6d",
"status": "Granted",
"createdDateTime": "2022-04-13T08:52:32.6485851Z",
"completedDateTime": "2022-04-14T00:00:00Z",
"approvalId": null,
"customData": null,
"action": "selfActivate",
"principalId": "071cc716-8147-4397-a5ba-b2105951cc0b",
"roleDefinitionId": "8424c6f0-a189-499e-bbd0-26c1753c96d4",
"directoryScopeId": "/",
"appScopeId": null,
"isValidationOnly": false,
"targetScheduleId": "911bab8a-6912-4de2-9dc0-2648ede7dd6d",
"justification": "I need access to the Attribute Administrator role to manage attributes to be assigned to restricted AUs",
"createdBy": {
"application": null,
"device": null,
"user": {
"displayName": null,
"id": "071cc716-8147-4397-a5ba-b2105951cc0b"
}
},
"scheduleInfo": {
"startDateTime": "2022-04-14T00:00:00Z",
"recurrence": null,
"expiration": {
"type": "afterDuration",
"endDateTime": null,
"duration": "PT5H"
}
},
"ticketInfo": {
"ticketNumber": "CONTOSO:Normal-67890",
"ticketSystem": "MS Project"
}
}