在 Azure Active Directory 中分配用户或组角色Assign user or group roles in Azure Active Directory

使用 "工作区分析" 的用户仅在为产品分配了角色 — (即管理员、分析者、受限分析师或项目经理)后才能使用该产品。People who use Workplace Analytics can work with the product only after they've been assigned a role — namely, that of admin, analyst, limited analyst, or program manager. (参阅Workplace analytics 中的用户角色。 ) 按照本文中的步骤操作,将工作区分析角色分配给用户或组:(See User roles in Workplace Analytics.) Follow the steps in this article to assign Workplace Analytics roles to users or to groups:

向用户分配角色Assign roles to users

角色: Azure Active Directory 管理员Role: Azure Active Directory admin

  1. 登录到租户的Azure Active Directory 管理中心Log in to your tenant's Azure Active Directory admin center.

  2. 在左侧导航菜单中,选择 "企业应用程序":In the left navigation menu, select Enterprise applications:

    企业应用程序

    这将打开企业应用程序 | 仪表板的 "所有应用程序" 页。This opens the Enterprise applications | All applications page of the dashboard.

  3. 在 "应用程序类型" 下拉菜单中,选择 "所有应用程序":In the Application Type drop-down menu, select All Applications:

    企业应用程序

  4. 在搜索字段中,键入 "workplace",然后按enterIn the search field, type "workplace" and then press Enter.

    键入 "workplacd"

  5. 在搜索结果中,选择 "工作区分析"。In the search results, select Workplace Analytics.

  6. 工作区分析 |概述"页上的"开始"下,选择"分配用户和组":On the Workplace Analytics | Overview page, under Getting Started, select Assign users and groups:

    “概述”页

  7. 在 "工作区分析用户和组" 页上,选择 "添加用户":On the Workplace Analytics Users and groups page, select Add user:

    WpA 用户和组

Note

在 "用户和组" 区域中,当前显示 "无选定"。In the Users and groups area, "None Selected" currently appears.

  1. 在 "添加作业" 页上,选择 "用户和组":On the Add Assignment page, select Users and groups:

    选择用户和组

  2. 在 "用户和组" (页面右侧的 ") " 中,确定要为其分配角色的用户。Under Users and groups (on the right side of the page), identify the user to whom you want to assign a role. 开始在搜索字段中键入此人的用户标识符 (例如其显示名称或其用户主体名称) ,然后在结果列表中选择其标识符。Start typing that person's user identifier (such as their display name or their User Principal Name) in the search field and then select their identifier in the results list. 选择人员后,其标识符将显示在 "所选项目" 下方的右侧:After you have selected the person, their identifier appears on the right under Selected items:

    选定项目

    在 "用户和组" 区域中,所选用户的计数已更改为1:In the Users and groups area, the count of selected users has changed to 1:

    添加工作分配 + 1

    Note

    如果要向一个或多个其他用户分配相同的角色,可以重复此步骤。You can repeat this step to add one or more additional users, if you intend to assign the same role to them.

  3. 在 "添加作业" 页上,选择 "选择角色"。On the Add Assignment page, select Select Role. 这将打开页面右侧的 "选择角色" 区域:This opens the Select Role area on the right side of the page:

    选择角色

  4. 从显示的列表中,选择下列角色之一:From the list that appears, select one of the following roles:

  • 人员Analyst
  • 分析师 (受限访问) Analyst (Limited Access)
  • 管理员Administrator
  • 项目经理Program manager

Note

组管理员角色可能作为已禁用选项显示 (在之前预配的某些租户中) 。The Group manager role might appear (as a disabled option) in some tenants that were provisioned earlier.

您选择的角色将显示在 "选择角色" 区域的底部:The role you selected appears at the bottom of the Select Role area:

选定的角色

该角色也会显示在 "选择角色" 区域中的 "添加工作分配" 下:The role also appears under Add Assignment in the Select Role area:

添加了角色

Note

若要更改要分配给此用户的角色,请重复步骤10和11,并在第11步中选择不同的角色。To change the role to assign to this user, repeat steps 10 and 11 and select a different role in step 11.

  1. 为该用户选择了该用户以及正确的角色后,请在 "添加工作分配" 页的底部选择 "分配":After you've chosen the user and the correct role for that user, select Assign at the bottom of the Add Assignment page:

Assign

几秒钟后,右上角的消息将向您告知角色分配是否成功:After a few seconds, a message in the upper right informs you of the success of the role assignment:

分配成功

您现在已向一个用户分配了一个角色。You have now assigned one role to one user.

  1. (可选) 现在可以为同一用户或不同用户分配其他角色。(Optional) You can now assign additional roles, either to the same user or to different users.

    • 同一个用户,其他角色。Same user, additional role. 若要将另一个角色添加到同一个用户,请在此过程中重复步骤7-12。在步骤9中,确保选择了正确的用户,然后在 "步骤 10" 和 "11" 中选择 "其他" 角色。To add another role to the same user, repeat steps 7-12 in this procedure; in step 9, make sure that you have the correct user selected, and then select the additional role in steps 10 and 11.

    • 其他用户。Other users. 若要选择其他用户并向其分配角色,请在此过程中重复步骤7-12。在第9步中选择新用户,并在步骤10和11中选择角色。To select other users and assign roles to them, repeat steps 7-12 in this procedure; select the new user in step 9 and the role in steps 10 and 11. 根据需要重复这些步骤。Repeat these steps as necessary.

若要检查用户当前拥有的角色分配,请参阅验证角色分配To check the role assignments that a user currently has, see Verify role assignments.

将角色分配给组Assign roles to groups

您还可以将角色分配给组,这意味着您要将与该角色相关联的访问权限分配给该组。You can also assign roles to groups, which means that you are assigning the access permissions associated with that role to the group. 分配给该组的任何用户都会自动获得分配给该角色的相同权限。Any users who are assigned to that group automatically receive the same permissions that are assigned to that role.

Note

您可以向其分配工作区分析角色的组是 Azure Active Directory 安全组。The groups to which you can assign Workplace Analytics roles are Azure Active Directory security groups. 有关使用这种类型的组的详细信息,请参阅使用 Azure Active Directory 组管理应用和资源访问For more information about working with this kind of group, see Manage app and resource access using Azure Active Directory groups.

若要将用户和角色分配到工作区分析组,步骤与分配用户的步骤类似,如在将角色分配给用户之前的步骤9到12中所述。To assign users and roles to Workplace Analytics groups, the steps are similar to those for assigning users, as previously described in steps 9 through 12 under Assign roles to users. 在该过程中,在第9步中命名并选择用户,而不是命名并选择一个组,然后将角色分配给所选的组。In that process, where you name and select a user in step 9, instead name and select a group, and then assign a role to the selected group.

选择组

如果尚未在 Azure Active Directory 中创建工作区分析组,并且想要执行此操作,请参阅Create a group and add members In Azure Active directoryIf you have not yet created a Workplace Analytics group in Azure Active Directory, and want to do so, see Create a group and add members in Azure Active Directory.

验证角色分配Verify role assignments

使用此过程可查看已分配给用户的角色。Use this procedure to see what roles have been assigned to a user.

  1. 工作区分析 |"用户和组" 页上,开始键入用户标识符。On the Workplace Analytics | Users and groups page, start typing the user identifier. 在执行此操作时,用户和组筛选器的列表将筛选为包含所键入的名称。As you do so, the list of users and groups filters to contain the name you're typing.

  2. 在列表中查找用户。Find the user in the list. 在 "角色分配" 列中,可以查看用户的角色 (或角色) 。In the Role assigned column, you can see the user’s role (or roles).

角色分配 FAQRole assignment FAQ

何时将角色分配给组,而不是分配给单个用户?When would you assign a role to a group rather than to an individual user?

这取决于具体情况或公司的策略,但在一种方法和另一种方法之间进行选择通常都是效率的原因。It depends on the situation or on your company's policy, but the reason for choosing between one method and another is usually efficiency. 在较小的公司中,如果只分配少数几个人的工作区分析角色,则单独分配用户角色可能会很方便,尤其是在不可能更改此类角色的情况下。In a smaller company, if only a few people will be assigned Workplace Analytics roles, it can be convenient to assign user roles individually, especially if such roles are unlikely to change.

但是,在较大的公司中,相同角色所需的用户数非常重要 — ,例如,计划经理 — 将角色分配给组,然后将用户添加到组中,这是更有效的,因为组更易于管理和审核。However, in a larger company where the number of users required for the same role is significant — for example, Program Managers — it is more efficient to assign a role to a group and then add users to the group, because groups are easier to manage and audit.