创建 unifiedRoleAssignmentMultipleCreate unifiedRoleAssignmentMultiple

命名空间:microsoft.graphNamespace: microsoft.graph

重要

/betaMicrosoft Graph 中的版本下的 api 可能会发生更改。APIs under the /beta version in Microsoft Graph are subject to change. 不支持在生产应用程序中使用这些 API。Use of these APIs in production applications is not supported.

创建新的unifiedRoleAssignmentMultiple对象。Create a new unifiedRoleAssignmentMultiple object. 使用此对象在 Microsoft Intune 中创建角色分配。Use this object to create role assignments in Microsoft Intune. 对于其他 Micrsoft 365 应用程序(如 Azure AD),请使用unifiedRoleAssignmentFor other Micrsoft 365 applications (like Azure AD), use unifiedRoleAssignment.

权限Permissions

要调用此 API,需要以下权限之一。要了解详细信息,包括如何选择权限的信息,请参阅权限One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.

权限类型Permission type 权限(从最低特权到最高特权)Permissions (from least to most privileged)
委派(工作或学校帐户)Delegated (work or school account) DeviceManagementRBAC.ReadWrite.AllDeviceManagementRBAC.ReadWrite.All
委派(个人 Microsoft 帐户)Delegated (personal Microsoft account) 不支持。Not supported.
应用程序Application DeviceManagementRBAC.ReadWrite.AllDeviceManagementRBAC.ReadWrite.All

HTTP 请求HTTP request

POST /roleManagement/deviceManagement/roleAssignments

请求标头Request headers

名称Name 说明Description
AuthorizationAuthorization Bearer {token}。必需。Bearer {token}. Required.
Content-typeContent-type application/json. Required.application/json. Required.

请求正文Request body

在请求正文中,提供unifiedRoleAssignmentMultiple对象的 JSON 表示形式。In the request body, supply a JSON representation of unifiedRoleAssignmentMultiple object. 请求必须具有在 Azure AD 中定义的作用域(例如 directoryScopeIds )或特定于应用程序的作用域(例如) appScopeIdThe request must have either a scope defined in Azure AD, such as directoryScopeIds, or an application-specific scope, such as appScopeId. Azure AD 作用域的示例包括租户("/")、管理单元或应用程序。Examples of Azure AD scope are tenant ("/"), administrative units, or applications.

响应Response

如果成功,此方法 201 Created 在响应正文中返回响应代码和新的unifiedRoleAssignmentMultiple对象。If successful, this method returns a 201 Created response code and a new unifiedRoleAssignmentMultiple object in the response body.

示例Examples

示例1:在 Intune 中在两个作用域组(Azure AD 对象)上创建角色分配Example 1: Create a role assignment in Intune over two scope groups (which are Azure AD objects)

请求Request

下面展示了示例请求。The following is an example of the request. 请注意,使用roleTemplateId进行roleDefinitionIdNote the use of the roleTemplateId for roleDefinitionId. roleDefinitionId可以是服务范围的模板 ID,也可以是特定于目录的roleDefinitionIdroleDefinitionId can be either the service-wide template ID or the directory-specific roleDefinitionId.

POST https://graph.microsoft.com/beta/roleManagement/deviceManagement/roleAssignments
Content-type: application/json

{ 
    "@odata.type": "#microsoft.graph.unifiedRoleAssignmentMultiple",
    "displayName": "My test role assignment 1",
    "roleDefinitionId": "c2cf284d-6c41-4e6b-afac-4b80928c9034",
    "principalIds": ["f8ca5a85-489a-49a0-b555-0a6d81e56f0d", "c1518aa9-4da5-4c84-a902-a31404023890"],
    "directoryScopeIds": ["28ca5a85-489a-49a0-b555-0a6d81e56f0d", "8152656a-cf9a-4928-a457-1512d4cae295"],
}

响应Response

下面展示了示例响应。The following is an example of the response.

注意: 为了提高可读性,可能缩短了此处显示的响应对象。所有属性都将通过实际调用返回。Note: The response object shown here might be shortened for readability. All the properties will be returned from an actual call.

HTTP/1.1 201 Created
Content-type: application/json

{
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#roleManagement/deviceManagement/roleAssignments/$entity",
    "@odata.type": "#microsoft.graph.unifiedRoleAssignmentMultiple",
    "id": "28ca5a85-489a-49a0-b555-0a6d81e56f0d",
    "roleDefinitionId": "c2cf284d-6c41-4e6b-afac-4b80928c9034",
    "principalIds": ["f8ca5a85-489a-49a0-b555-0a6d81e56f0d", "c1518aa9-4da5-4c84-a902-a31404023890"],
    "directoryScopeIds": ["28ca5a85-489a-49a0-b555-0a6d81e56f0d", "8152656a-cf9a-4928-a457-1512d4cae295"]
}

示例2:在 Intune 中的 "所有设备" 作用域上在 Intune 中创建角色分配Example 2: Create a role assignment in Intune at Intune-specific scope of "all Devices"

使用以下信息创建 Intune 角色分配:Use the following information for creating Intune role assignments:

  • 若要允许在所有 Intune 设备上进行分配,请使用 AllDevices appScopeIds中的值。To allow assignments over all Intune devices, use the AllDevices value in appScopeIds.
  • 若要允许所有 Intune 许可用户的工作分配,请使用 AllLicensedUsers appScopeIds中的值。To allow assignments over all Intune licensed users, use the AllLicensedUsers value in appScopeIds.
  • 若要允许在所有 Intune 设备和许可的用户上进行分配,请使用 / directoryScopeIds中的值。To allow assignments over all Intune devices and licensed users, use the / value in directoryScopeIds.

请求Request

下面展示了示例请求。The following is an example of the request.

POST https://graph.microsoft.com/beta/roleManagement/deviceManagement/roleAssignments
Content-type: application/json

{
    "@odata.type": "#microsoft.graph.unifiedRoleAssignmentMultiple",
    "displayName": "My test role assignment 1",
    "roleDefinitionId": "c2cf284d-6c41-4e6b-afac-4b80928c9034",
    "principalIds": ["f8ca5a85-489a-49a0-b555-0a6d81e56f0d", "c1518aa9-4da5-4c84-a902-a31404023890"],
    "appScopeIds": ["allDevices"]
}

响应Response

下面展示了示例响应。The following is an example of the response.

注意: 为了提高可读性,可能缩短了此处显示的响应对象。所有属性都将通过实际调用返回。Note: The response object shown here might be shortened for readability. All the properties will be returned from an actual call.

HTTP/1.1 201 Created
Content-type: application/json

{
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#roleManagement/deviceManagement/roleAssignments/$entity",
    "@odata.type": "#microsoft.graph.unifiedRoleAssignmentMultiple",
    "id": "28ca5a85-489a-49a0-b555-0a6d81e56f0d",
    "roleDefinitionId": "c2cf284d-6c41-4e6b-afac-4b80928c9034",
    "principalIds": ["f8ca5a85-489a-49a0-b555-0a6d81e56f0d", "c1518aa9-4da5-4c84-a902-a31404023890"],
    "appScopeIds": ["allDevices"]
}