获取 unifiedRoleAssignment
本文内容
命名空间:microsoft.graph
重要
Microsoft Graph版本下的 /beta API 可能会发生更改。 不支持在生产应用程序中使用这些 API。 若要确定 API 是否在 v1.0 中可用,请使用 版本 选择器。
检索 unifiedRoleAssignment 对象的属性和关系。
权限
根据 RBAC 提供程序以及 (或应用程序) 的权限类型,从下表中选择调用此 API 所需的最低特权权限。 若要了解其他信息, 在 特权权限之前要特别小心,在"权限" 中搜索 。
对于目录 (Azure AD) 提供程序
权限类型
权限(从最低特权到最高特权)
委派(工作或学校帐户)
RoleManagement.Read.Directory、Directory.Read.All、RoleManagement.ReadWrite.Directory、Directory.ReadWrite.All
委派(个人 Microsoft 帐户)
不支持。
应用程序
RoleManagement.Read.Directory、Directory.Read.All、RoleManagement.ReadWrite.Directory、Directory.ReadWrite.All
对于权利管理提供程序
权限类型
权限(从最低特权到最高特权)
委派(工作或学校帐户)
EntitlementManagement.Read.All、EntitlementManagement.ReadWrite.All
委派(个人 Microsoft 帐户)
不支持。
Application
不支持。
HTTP 请求
获取角色分配提供程序的名称:
GET /roleManagement/directory/roleAssignments/{id}
获取角色分配管理提供程序的许可证:
GET /roleManagement/entitlementManagement/roleAssignments/{id}
可选的查询参数
此方法支持 OData 查询参数来帮助自定义响应。 若要了解一般信息,请参阅 OData 查询参数 。
名称
说明
Authorization
持有者 {token}
请求正文
请勿提供此方法的请求正文。
响应
如果成功,此方法在响应 200 OK 正文中返回 响应代码和请求的 unifiedRoleAssignment 对象。
示例
示例 1:获取角色分配
请求
下面展示了示例请求。
GET https://graph.microsoft.com/beta/roleManagement/directory/roleAssignments/lAPpYvVpN0KRkAEhdxReEJC2sEqbR_9Hr48lds9SGHI-1
GraphServiceClient graphClient = new GraphServiceClient( authProvider );
var unifiedRoleAssignment = await graphClient.RoleManagement.Directory.RoleAssignments["{unifiedRoleAssignment-id}"]
.Request()
.GetAsync();
const options = {
authProvider,
};
const client = Client.init(options);
let unifiedRoleAssignment = await client.api('/roleManagement/directory/roleAssignments/lAPpYvVpN0KRkAEhdxReEJC2sEqbR_9Hr48lds9SGHI-1')
.version('beta')
.get();
MSHTTPClient *httpClient = [MSClientFactory createHTTPClientWithAuthenticationProvider:authenticationProvider];
NSString *MSGraphBaseURL = @"https://graph.microsoft.com/beta/";
NSMutableURLRequest *urlRequest = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:[MSGraphBaseURL stringByAppendingString:@"/roleManagement/directory/roleAssignments/lAPpYvVpN0KRkAEhdxReEJC2sEqbR_9Hr48lds9SGHI-1"]]];
[urlRequest setHTTPMethod:@"GET"];
MSURLSessionDataTask *meDataTask = [httpClient dataTaskWithRequest:urlRequest
completionHandler: ^(NSData *data, NSURLResponse *response, NSError *nserror) {
MSGraphUnifiedRoleAssignment *unifiedRoleAssignment = [[MSGraphUnifiedRoleAssignment alloc] initWithData:data error:&nserror];
}];
[meDataTask execute];
GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();
UnifiedRoleAssignment unifiedRoleAssignment = graphClient.roleManagement().directory().roleAssignments("lAPpYvVpN0KRkAEhdxReEJC2sEqbR_9Hr48lds9SGHI-1")
.buildRequest()
.get();
//THE GO SDK IS IN PREVIEW. NON-PRODUCTION USE ONLY
graphClient := msgraphsdk.NewGraphServiceClient(requestAdapter)
unifiedRoleAssignmentId := "unifiedRoleAssignment-id"
result, err := graphClient.RoleManagement().Directory().RoleAssignmentsById(&unifiedRoleAssignmentId).Get()
Import-Module Microsoft.Graph.DeviceManagement.Enrolment
Get-MgRoleManagementDirectoryRoleAssignment -UnifiedRoleAssignmentId $unifiedRoleAssignmentId
响应
下面展示了示例响应。
注意: 为了提高可读性,可能缩短了此处显示的响应对象。
HTTP/1.1 200 OK
Content-type: application/json
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/directory/roleAssignments/$entity",
"id": "lAPpYvVpN0KRkAEhdxReEJC2sEqbR_9Hr48lds9SGHI-1",
"roleDefinitionId": "62e90394-69f5-4237-9190-012177145e10",
"principalId": "4ab0b690-479b-47ff-af8f-2576cf521872",
"directoryScopeId": "28ca5a85-489a-49a0-b555-0a6d81e56f0"
}
示例 2:使用 获取角色分配的详细信息 $expand
请求
下面是一个包含查询参数的请求 $expand 示例。
GET https://graph.microsoft.com/beta/roleManagement/directory/roleAssignments/lAPpYvVpN0KRkAEhdxReEJC2sEqbR_9Hr48lds9SGHI-1?$expand=roleDefinition
GraphServiceClient graphClient = new GraphServiceClient( authProvider );
var unifiedRoleAssignment = await graphClient.RoleManagement.Directory.RoleAssignments["{unifiedRoleAssignment-id}"]
.Request()
.Expand("roleDefinition")
.GetAsync();
const options = {
authProvider,
};
const client = Client.init(options);
let unifiedRoleAssignment = await client.api('/roleManagement/directory/roleAssignments/lAPpYvVpN0KRkAEhdxReEJC2sEqbR_9Hr48lds9SGHI-1')
.version('beta')
.expand('roleDefinition')
.get();
MSHTTPClient *httpClient = [MSClientFactory createHTTPClientWithAuthenticationProvider:authenticationProvider];
NSString *MSGraphBaseURL = @"https://graph.microsoft.com/beta/";
NSMutableURLRequest *urlRequest = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:[MSGraphBaseURL stringByAppendingString:@"/roleManagement/directory/roleAssignments/lAPpYvVpN0KRkAEhdxReEJC2sEqbR_9Hr48lds9SGHI-1?$expand=roleDefinition"]]];
[urlRequest setHTTPMethod:@"GET"];
MSURLSessionDataTask *meDataTask = [httpClient dataTaskWithRequest:urlRequest
completionHandler: ^(NSData *data, NSURLResponse *response, NSError *nserror) {
MSGraphUnifiedRoleAssignment *unifiedRoleAssignment = [[MSGraphUnifiedRoleAssignment alloc] initWithData:data error:&nserror];
}];
[meDataTask execute];
GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();
UnifiedRoleAssignment unifiedRoleAssignment = graphClient.roleManagement().directory().roleAssignments("lAPpYvVpN0KRkAEhdxReEJC2sEqbR_9Hr48lds9SGHI-1")
.buildRequest()
.expand("roleDefinition")
.get();
//THE GO SDK IS IN PREVIEW. NON-PRODUCTION USE ONLY
graphClient := msgraphsdk.NewGraphServiceClient(requestAdapter)
requestParameters := &msgraphsdk.UnifiedRoleAssignmentRequestBuilderGetQueryParameters{
Expand: "roleDefinition",
}
options := &msgraphsdk.UnifiedRoleAssignmentRequestBuilderGetRequestConfiguration{
QueryParameters: requestParameters,
}
unifiedRoleAssignmentId := "unifiedRoleAssignment-id"
result, err := graphClient.RoleManagement().Directory().RoleAssignmentsById(&unifiedRoleAssignmentId).GetWithRequestConfigurationAndResponseHandler(options, nil)
Import-Module Microsoft.Graph.DeviceManagement.Enrolment
Get-MgRoleManagementDirectoryRoleAssignment -UnifiedRoleAssignmentId $unifiedRoleAssignmentId -ExpandProperty "roleDefinition"
响应
下面展示了示例响应。
注意: 为了提高可读性,可能缩短了此处显示的响应对象。
HTTP/1.1 200 OK
Content-type: application/json
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/directory/roleAssignments/$entity",
"@odata.type": "#microsoft.graph.unifiedRoleAssignment",
"id": "lAPpYvVpN0KRkAEhdxReEJC2sEqbR_9Hr48lds9SGHI-1",
"roleDefinitionId": "c2cf284d-6c41-4e6b-afac-4b80928c9034",
"roleDefinition": {
"id": "c2cf284d-6c41-4e6b-afac-4b80928c9034",
"displayName": "Billing Administrator",
"description": "Can perform common billing related tasks like updating payment information.",
"rolePermissions": [
{
"allowedResourceActions": [
"microsoft.commerce.billing/allEntities/allTasks",
"microsoft.directory/organization/basic/update",
],
"excludedResourceActions": []
}],
"isEnabled": true,
},
"principalId": "f8ca5a85-489a-49a0-b555-0a6d81e56f0d",
"directoryScopeId": "28ca5a85-489a-49a0-b555-0a6d81e56f0d"
}