列出为服务主体授予的 appRoleAssignmentList appRoleAssignments granted for a service principal

命名空间:microsoft.graphNamespace: microsoft.graph

检索已为给定资源服务主体授予用户、组或客户端服务主体的 appRoleAssignment 列表。Retrieve a list of appRoleAssignment that users, groups, or client service principals have been granted for the given resource service principal.

例如,如果资源服务主体是 Microsoft Graph API 的服务主体,则将返回已向 Microsoft Graph 授予任何仅应用权限的所有服务主体。For example, if the resource service principal is the service principal for the Microsoft Graph API, this will return all service principals that have been granted any app-only permissions to Microsoft Graph.

如果资源服务主体是具有授予用户和组的应用角色的应用程序,则将返回为此应用程序分配应用角色的所有用户和组。If the resource service principal is an application that has app roles granted to users and groups, this will return all the users and groups assigned app roles for this application.

权限Permissions

要调用此 API,需要以下权限之一。要了解详细信息,包括如何选择权限的信息,请参阅权限One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.

权限类型Permission type 权限(从最低特权到最高特权)Permissions (from least to most privileged)
委派(工作或学校帐户)Delegated (work or school account) Application.Read.All、Directory.Read.All、Application.ReadWrite.All、Directory.ReadWrite.All、Directory.AccessAsUser.AllApplication.Read.All, Directory.Read.All, Application.ReadWrite.All, Directory.ReadWrite.All, Directory.AccessAsUser.All
委派(个人 Microsoft 帐户)Delegated (personal Microsoft account) 不支持。Not supported.
应用程序Application Application.Read.All、Directory.Read.All、Application.ReadWrite.All、Directory.ReadWrite.AllApplication.Read.All, Directory.Read.All, Application.ReadWrite.All, Directory.ReadWrite.All

HTTP 请求HTTP request

GET /servicePrincipals/{id}/appRoleAssignedTo

可选的查询参数Optional query parameters

此方法支持使用 OData 查询参数来帮助自定义响应。This method supports the OData query parameters to help customize the response.

请求标头Request headers

名称Name 说明Description
AuthorizationAuthorization Bearer {token}。必需。Bearer {token}. Required.

请求正文Request body

请勿提供此方法的请求正文。Do not supply a request body for this method.

响应Response

如果成功,此方法将在响应正文中返回 200 OK 响应代码和 appRoleAssignment 对象集合。If successful, this method returns a 200 OK response code and a collection of appRoleAssignment objects in the response body.

示例Example

请求Request

以下是检索已为给定资源服务主体授予的应用角色分配的请求示例。The following is an example of the request to retrieve the app roles assignments that have been granted for a given resource service principal.

GET https://graph.microsoft.com/v1.0/servicePrincipals/{id}/appRoleAssignedTo

响应Response

下面是一个响应示例。Here is an example of the response.

注意: 为了提高可读性,可能缩短了此处显示的响应对象。所有属性都将通过实际调用返回。Note: The response object shown here might be shortened for readability. All the properties will be returned from an actual call.

HTTP/1.1 200 OK
Content-type: application/json
Content-length: 306

{
  "value": [
    {
      "creationTimestamp": "2016-10-19T10:37:00Z",
      "id": "id-value",
      "principalDisplayName": "principalDisplayName-value",
      "principalId": "principalId-value",
      "principalType": "principalType-value",
      "resourceDisplayName": "resourceDisplayName-value"
    }
  ]
}