user: getMemberGroupsuser: getMemberGroups

命名空间:microsoft.graphNamespace: microsoft.graph

返回用户是其成员的所有组。检查是可传递的,这和读取 memberOf 导航属性不同,后者仅返回用户是其直接成员的组。Return all the groups that the user is a member of. The check is transitive, unlike reading the memberOf navigation property, which returns only the groups that the user is a direct member of.

此功能支持 Microsoft 365 和 Azure AD 中设置的其他类型的组。每个请求可以返回的最大组数为 2046 组。注意:Microsoft 365 组不能包含组。因此,Microsoft 365 组中的成员身份始终是直接的。This function supports Microsoft 365 and other types of groups provisioned in Azure AD. The maximum number of groups each request can return is 2046. Note that Microsoft 365 groups cannot contain groups. So membership in a Microsoft 365 group is always direct.


要调用此 API,需要以下权限之一。要了解详细信息,包括如何选择权限的信息,请参阅权限One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.

权限类型Permission type 权限(从最低特权到最高特权)Permissions (from least to most privileged)
委派(工作或学校帐户)Delegated (work or school account) User.ReadBasic.All 和 GroupMember.Read.All、User.Read 和 GroupMember.Read.All、User.Read.All 和 GroupMember.Read.All、User.ReadBasic.All 和 Group.Read.All、User.Read 和 Group.Read.All、User.Read.All 和 Group.Read.All、Directory.Read.All、Directory.ReadWrite.All、Directory.AccessAsUser.AllUser.ReadBasic.All and GroupMember.Read.All, User.Read and GroupMember.Read.All, User.Read.All and GroupMember.Read.All, User.ReadBasic.All and Group.Read.All, User.Read and Group.Read.All, User.Read.All and Group.Read.All, Directory.Read.All, Directory.ReadWrite.All, Directory.AccessAsUser.All
委派(个人 Microsoft 帐户)Delegated (personal Microsoft account) 不支持。Not supported.
应用程序Application User.Read.All 和 GroupMember.Read.All、User.Read.All 和 Group.Read.All、Directory.Read.All、Directory.ReadWrite.AllUser.Read.All and GroupMember.Read.All, User.Read.All and Group.Read.All, Directory.Read.All, Directory.ReadWrite.All

HTTP 请求HTTP request

POST /users/{id | userPrincipalName}/getMemberGroups

请求标头Request headers

标头Header Value
AuthorizationAuthorization Bearer {token}。必需。Bearer {token}. Required.
Content-TypeContent-Type application/jsonapplication/json

请求正文Request body

在请求正文中,提供具有以下参数的 JSON 对象。In the request body, provide a JSON object with the following parameters.

参数Parameter 类型Type 说明Description
securityEnabledOnlysecurityEnabledOnly BooleanBoolean true 指定仅应返回用户是其成员的安全组;false 指定应返回用户是其成员的所有组。注意:仅当对用户调用这个方法时,才支持将此参数设置为 truetrue to specify that only security groups that the user is a member of should be returned; false to specify that all groups that the user is a member of should be returned. Note: Setting this parameter to true is only supported when calling this method on a user.


如果成功,此方法将在响应正文中返回 200 OK 响应代码和字符串集合,响应正文中包括用户是其成员的组的 ID。If successful, this method returns 200 OK response code and String collection in the response body that contains the IDs of the groups that the user is a member of.


下面是一个如何调用此 API 的示例。Here is an example of how to call this API.


下面是一个请求示例。Here is an example of the request.

Content-type: application/json
Content-length: 33

  "securityEnabledOnly": true

下面是一个响应示例。注意:为了简单起见,可能会将此处所示的响应对象截断。将从实际调用中返回所有属性。Here is an example of the response. Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.

HTTP/1.1 200 OK
Content-type: application/json
Content-length: 39

  "value": [