Actualización de reglas en PIM mediante Microsoft Graph
- Artículo
En el artículo siguiente se proporcionan ejemplos para usar las API de Microsoft Graph para actualizar diferentes reglas asignadas a Microsoft Entra roles o grupos a través de Privileged Identity Management (PIM). Para comprender la estructura de las reglas en PIM, consulte Trabajar con reglas en PIM mediante Microsoft Graph.
Al actualizar las reglas, debe incluir para @odata.type
el tipo derivado en el cuerpo de la solicitud. Por ejemplo, para actualizar una regla de activación de identificador Enablement_EndUser_Assignment
, debe incluir "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule"
.
Si se ejecuta correctamente, todas las solicitudes devuelven 204 No Content
códigos de respuesta.
Nota:
Pim para las API de grupos solo están disponibles actualmente en el punto de beta
conexión.
Requisitos previos
- Conozca PIM para las API de roles de Microsoft Entra o PIM para las API de grupos.
- En este artículo, llamará a las API en un escenario delegado.
- Inicie sesión en un cliente de API, como Graph Explorer , para llamar a Microsoft Graph. Use una cuenta con al menos el rol Administrador de roles con privilegios .
- En función de las operaciones que quiera llevar a cabo, concédese uno de los siguientes permisos delegados:
- Para administrar las reglas de Microsoft Entra roles: RoleManagementPolicy.ReadWrite.Directory
- Para administrar las reglas de los grupos: RoleManagementPolicy.ReadWrite.AzureADGroup
Ejemplo 1: Actualización de la duración máxima de la activación
- Categoría de regla: regla de activación
- Tipo de regla de Microsoft Graph: unifiedRoleManagementPolicyExpirationRule
- Identificador de regla de Microsoft Graph:
Expiration_EndUser_Assignment
PATCH https://graph.microsoft.com/v1.0/policies/roleManagementPolicies/DirectoryRole_38d49456-54d4-455d-a8d6-c383c71e0a6d_59d351b1-e819-4262-b298-236f5f9b1a67/rules/Expiration_EndUser_Assignment
Content-Type: application/json
{
"@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule",
"id": "Expiration_EndUser_Assignment",
"isExpirationRequired": true,
"maximumDuration": "PT1H45M",
"target": {
"@odata.type": "microsoft.graph.unifiedRoleManagementPolicyRuleTarget",
"caller": "EndUser",
"operations": [
"All"
],
"level": "Assignment",
"inheritableSettings": [],
"enforcedSettings": []
}
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Models;
var requestBody = new UnifiedRoleManagementPolicyExpirationRule
{
OdataType = "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule",
Id = "Expiration_EndUser_Assignment",
IsExpirationRequired = true,
MaximumDuration = TimeSpan.Parse("PT1H45M"),
Target = new UnifiedRoleManagementPolicyRuleTarget
{
OdataType = "microsoft.graph.unifiedRoleManagementPolicyRuleTarget",
Caller = "EndUser",
Operations = new List<UnifiedRoleManagementPolicyRuleTargetOperations?>
{
UnifiedRoleManagementPolicyRuleTargetOperations.All,
},
Level = "Assignment",
InheritableSettings = new List<string>
{
},
EnforcedSettings = new List<string>
{
},
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Policies.RoleManagementPolicies["{unifiedRoleManagementPolicy-id}"].Rules["{unifiedRoleManagementPolicyRule-id}"].PatchAsync(requestBody);
Lea la documentación del SDK para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider .
// THE CLI IS IN PREVIEW. NON-PRODUCTION USE ONLY
mgc policies role-management-policies rules patch --unified-role-management-policy-id {unifiedRoleManagementPolicy-id} --unified-role-management-policy-rule-id {unifiedRoleManagementPolicyRule-id} --body '{\
"@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule",\
"id": "Expiration_EndUser_Assignment",\
"isExpirationRequired": true,\
"maximumDuration": "PT1H45M",\
"target": {\
"@odata.type": "microsoft.graph.unifiedRoleManagementPolicyRuleTarget",\
"caller": "EndUser",\
"operations": [\
"All"\
],\
"level": "Assignment",\
"inheritableSettings": [],\
"enforcedSettings": []\
}\
}\
'
Lea la documentación del SDK para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider .
import (
"context"
abstractions "github.com/microsoft/kiota-abstractions-go"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
//other-imports
)
graphClient := msgraphsdk.NewGraphServiceClientWithCredentials(cred, scopes)
requestBody := graphmodels.NewUnifiedRoleManagementPolicyRule()
id := "Expiration_EndUser_Assignment"
requestBody.SetId(&id)
isExpirationRequired := true
requestBody.SetIsExpirationRequired(&isExpirationRequired)
maximumDuration , err := abstractions.ParseISODuration("PT1H45M")
requestBody.SetMaximumDuration(&maximumDuration)
target := graphmodels.NewUnifiedRoleManagementPolicyRuleTarget()
caller := "EndUser"
target.SetCaller(&caller)
operations := []graphmodels.UnifiedRoleManagementPolicyRuleTargetOperationsable {
unifiedRoleManagementPolicyRuleTargetOperations := graphmodels.ALL_UNIFIEDROLEMANAGEMENTPOLICYRULETARGETOPERATIONS
target.SetUnifiedRoleManagementPolicyRuleTargetOperations(&unifiedRoleManagementPolicyRuleTargetOperations)
}
target.SetOperations(operations)
level := "Assignment"
target.SetLevel(&level)
inheritableSettings := []string {
}
target.SetInheritableSettings(inheritableSettings)
enforcedSettings := []string {
}
target.SetEnforcedSettings(enforcedSettings)
requestBody.SetTarget(target)
rules, err := graphClient.Policies().RoleManagementPolicies().ByUnifiedRoleManagementPolicyId("unifiedRoleManagementPolicy-id").Rules().ByUnifiedRoleManagementPolicyRuleId("unifiedRoleManagementPolicyRule-id").Patch(context.Background(), requestBody, nil)
Lea la documentación del SDK para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider .
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
UnifiedRoleManagementPolicyExpirationRule unifiedRoleManagementPolicyRule = new UnifiedRoleManagementPolicyExpirationRule();
unifiedRoleManagementPolicyRule.setOdataType("#microsoft.graph.unifiedRoleManagementPolicyExpirationRule");
unifiedRoleManagementPolicyRule.setId("Expiration_EndUser_Assignment");
unifiedRoleManagementPolicyRule.setIsExpirationRequired(true);
PeriodAndDuration maximumDuration = PeriodAndDuration.ofDuration(Duration.parse("PT1H45M"));
unifiedRoleManagementPolicyRule.setMaximumDuration(maximumDuration);
UnifiedRoleManagementPolicyRuleTarget target = new UnifiedRoleManagementPolicyRuleTarget();
target.setOdataType("microsoft.graph.unifiedRoleManagementPolicyRuleTarget");
target.setCaller("EndUser");
LinkedList<UnifiedRoleManagementPolicyRuleTargetOperations> operations = new LinkedList<UnifiedRoleManagementPolicyRuleTargetOperations>();
operations.add(UnifiedRoleManagementPolicyRuleTargetOperations.All);
target.setOperations(operations);
target.setLevel("Assignment");
LinkedList<String> inheritableSettings = new LinkedList<String>();
target.setInheritableSettings(inheritableSettings);
LinkedList<String> enforcedSettings = new LinkedList<String>();
target.setEnforcedSettings(enforcedSettings);
unifiedRoleManagementPolicyRule.setTarget(target);
UnifiedRoleManagementPolicyRule result = graphClient.policies().roleManagementPolicies().byUnifiedRoleManagementPolicyId("{unifiedRoleManagementPolicy-id}").rules().byUnifiedRoleManagementPolicyRuleId("{unifiedRoleManagementPolicyRule-id}").patch(unifiedRoleManagementPolicyRule);
Lea la documentación del SDK para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider .
const options = {
authProvider,
};
const client = Client.init(options);
const unifiedRoleManagementPolicyRule = {
'@odata.type': '#microsoft.graph.unifiedRoleManagementPolicyExpirationRule',
id: 'Expiration_EndUser_Assignment',
isExpirationRequired: true,
maximumDuration: 'PT1H45M',
target: {
'@odata.type': 'microsoft.graph.unifiedRoleManagementPolicyRuleTarget',
caller: 'EndUser',
operations: [
'All'
],
level: 'Assignment',
inheritableSettings: [],
enforcedSettings: []
}
};
await client.api('/policies/roleManagementPolicies/DirectoryRole_38d49456-54d4-455d-a8d6-c383c71e0a6d_59d351b1-e819-4262-b298-236f5f9b1a67/rules/Expiration_EndUser_Assignment')
.update(unifiedRoleManagementPolicyRule);
Lea la documentación del SDK para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider .
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\UnifiedRoleManagementPolicyExpirationRule;
use Microsoft\Graph\Generated\Models\UnifiedRoleManagementPolicyRuleTarget;
use Microsoft\Graph\Generated\Models\UnifiedRoleManagementPolicyRuleTargetOperations;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new UnifiedRoleManagementPolicyExpirationRule();
$requestBody->setOdataType('#microsoft.graph.unifiedRoleManagementPolicyExpirationRule');
$requestBody->setId('Expiration_EndUser_Assignment');
$requestBody->setIsExpirationRequired(true);
$requestBody->setMaximumDuration(new \DateInterval('PT1H45M'));
$target = new UnifiedRoleManagementPolicyRuleTarget();
$target->setOdataType('microsoft.graph.unifiedRoleManagementPolicyRuleTarget');
$target->setCaller('EndUser');
$target->setOperations([new UnifiedRoleManagementPolicyRuleTargetOperations('all'), ]);
$target->setLevel('Assignment');
$target->setInheritableSettings([ ]);
$target->setEnforcedSettings([ ]);
$requestBody->setTarget($target);
$result = $graphServiceClient->policies()->roleManagementPolicies()->byUnifiedRoleManagementPolicyId('unifiedRoleManagementPolicy-id')->rules()->byUnifiedRoleManagementPolicyRuleId('unifiedRoleManagementPolicyRule-id')->patch($requestBody)->wait();
Lea la documentación del SDK para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider .
Import-Module Microsoft.Graph.Identity.SignIns
$params = @{
"@odata.type" = "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule"
id = "Expiration_EndUser_Assignment"
isExpirationRequired = $true
maximumDuration = "PT1H45M"
target = @{
"@odata.type" = "microsoft.graph.unifiedRoleManagementPolicyRuleTarget"
caller = "EndUser"
operations = @(
"All"
)
level = "Assignment"
inheritableSettings = @(
)
enforcedSettings = @(
)
}
}
Update-MgPolicyRoleManagementPolicyRule -UnifiedRoleManagementPolicyId $unifiedRoleManagementPolicyId -UnifiedRoleManagementPolicyRuleId $unifiedRoleManagementPolicyRuleId -BodyParameter $params
Lea la documentación del SDK para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider .
from msgraph import GraphServiceClient
from msgraph.generated.models.unified_role_management_policy_expiration_rule import UnifiedRoleManagementPolicyExpirationRule
from msgraph.generated.models.unified_role_management_policy_rule_target import UnifiedRoleManagementPolicyRuleTarget
from msgraph.generated.models.unified_role_management_policy_rule_target_operations import UnifiedRoleManagementPolicyRuleTargetOperations
graph_client = GraphServiceClient(credentials, scopes)
request_body = UnifiedRoleManagementPolicyExpirationRule(
odata_type = "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule",
id = "Expiration_EndUser_Assignment",
is_expiration_required = True,
maximum_duration = "PT1H45M",
target = UnifiedRoleManagementPolicyRuleTarget(
odata_type = "microsoft.graph.unifiedRoleManagementPolicyRuleTarget",
caller = "EndUser",
operations = [
UnifiedRoleManagementPolicyRuleTargetOperations.All,
],
level = "Assignment",
inheritable_settings = [
],
enforced_settings = [
],
),
)
result = await graph_client.policies.role_management_policies.by_unified_role_management_policy_id('unifiedRoleManagementPolicy-id').rules.by_unified_role_management_policy_rule_id('unifiedRoleManagementPolicyRule-id').patch(request_body)
Lea la documentación del SDK para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider .
Ejemplo 2: Actualización de las reglas de justificación, MFA y vales necesarias para la activación
- Categoría de regla: regla de activación
- Tipo de regla de Microsoft Graph: unifiedRoleManagementPolicyEnablementRule
- Identificador de regla de Microsoft Graph:
Enablement_EndUser_Assignment
PATCH https://graph.microsoft.com/v1.0/policies/roleManagementPolicies/DirectoryRole_38d49456-54d4-455d-a8d6-c383c71e0a6d_59d351b1-e819-4262-b298-236f5f9b1a67/rules/Enablement_EndUser_Assignment
Content-Type: application/json
{
"@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule",
"id": "Enablement_EndUser_Assignment",
"enabledRules": [
"Justification",
"MultiFactorAuthentication",
"Ticketing"
],
"target": {
"@odata.type": "microsoft.graph.unifiedRoleManagementPolicyRuleTarget",
"caller": "EndUser",
"operations": [
"All"
],
"level": "Assignment",
"inheritableSettings": [],
"enforcedSettings": []
}
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Models;
var requestBody = new UnifiedRoleManagementPolicyEnablementRule
{
OdataType = "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule",
Id = "Enablement_EndUser_Assignment",
EnabledRules = new List<string>
{
"Justification",
"MultiFactorAuthentication",
"Ticketing",
},
Target = new UnifiedRoleManagementPolicyRuleTarget
{
OdataType = "microsoft.graph.unifiedRoleManagementPolicyRuleTarget",
Caller = "EndUser",
Operations = new List<UnifiedRoleManagementPolicyRuleTargetOperations?>
{
UnifiedRoleManagementPolicyRuleTargetOperations.All,
},
Level = "Assignment",
InheritableSettings = new List<string>
{
},
EnforcedSettings = new List<string>
{
},
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Policies.RoleManagementPolicies["{unifiedRoleManagementPolicy-id}"].Rules["{unifiedRoleManagementPolicyRule-id}"].PatchAsync(requestBody);
Lea la documentación del SDK para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider .
// THE CLI IS IN PREVIEW. NON-PRODUCTION USE ONLY
mgc policies role-management-policies rules patch --unified-role-management-policy-id {unifiedRoleManagementPolicy-id} --unified-role-management-policy-rule-id {unifiedRoleManagementPolicyRule-id} --body '{\
"@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule",\
"id": "Enablement_EndUser_Assignment",\
"enabledRules": [\
"Justification",\
"MultiFactorAuthentication",\
"Ticketing"\
],\
"target": {\
"@odata.type": "microsoft.graph.unifiedRoleManagementPolicyRuleTarget",\
"caller": "EndUser",\
"operations": [\
"All"\
],\
"level": "Assignment",\
"inheritableSettings": [],\
"enforcedSettings": []\
}\
}\
'
Lea la documentación del SDK para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider .
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
//other-imports
)
graphClient := msgraphsdk.NewGraphServiceClientWithCredentials(cred, scopes)
requestBody := graphmodels.NewUnifiedRoleManagementPolicyRule()
id := "Enablement_EndUser_Assignment"
requestBody.SetId(&id)
enabledRules := []string {
"Justification",
"MultiFactorAuthentication",
"Ticketing",
}
requestBody.SetEnabledRules(enabledRules)
target := graphmodels.NewUnifiedRoleManagementPolicyRuleTarget()
caller := "EndUser"
target.SetCaller(&caller)
operations := []graphmodels.UnifiedRoleManagementPolicyRuleTargetOperationsable {
unifiedRoleManagementPolicyRuleTargetOperations := graphmodels.ALL_UNIFIEDROLEMANAGEMENTPOLICYRULETARGETOPERATIONS
target.SetUnifiedRoleManagementPolicyRuleTargetOperations(&unifiedRoleManagementPolicyRuleTargetOperations)
}
target.SetOperations(operations)
level := "Assignment"
target.SetLevel(&level)
inheritableSettings := []string {
}
target.SetInheritableSettings(inheritableSettings)
enforcedSettings := []string {
}
target.SetEnforcedSettings(enforcedSettings)
requestBody.SetTarget(target)
rules, err := graphClient.Policies().RoleManagementPolicies().ByUnifiedRoleManagementPolicyId("unifiedRoleManagementPolicy-id").Rules().ByUnifiedRoleManagementPolicyRuleId("unifiedRoleManagementPolicyRule-id").Patch(context.Background(), requestBody, nil)
Lea la documentación del SDK para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider .
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
UnifiedRoleManagementPolicyEnablementRule unifiedRoleManagementPolicyRule = new UnifiedRoleManagementPolicyEnablementRule();
unifiedRoleManagementPolicyRule.setOdataType("#microsoft.graph.unifiedRoleManagementPolicyEnablementRule");
unifiedRoleManagementPolicyRule.setId("Enablement_EndUser_Assignment");
LinkedList<String> enabledRules = new LinkedList<String>();
enabledRules.add("Justification");
enabledRules.add("MultiFactorAuthentication");
enabledRules.add("Ticketing");
unifiedRoleManagementPolicyRule.setEnabledRules(enabledRules);
UnifiedRoleManagementPolicyRuleTarget target = new UnifiedRoleManagementPolicyRuleTarget();
target.setOdataType("microsoft.graph.unifiedRoleManagementPolicyRuleTarget");
target.setCaller("EndUser");
LinkedList<UnifiedRoleManagementPolicyRuleTargetOperations> operations = new LinkedList<UnifiedRoleManagementPolicyRuleTargetOperations>();
operations.add(UnifiedRoleManagementPolicyRuleTargetOperations.All);
target.setOperations(operations);
target.setLevel("Assignment");
LinkedList<String> inheritableSettings = new LinkedList<String>();
target.setInheritableSettings(inheritableSettings);
LinkedList<String> enforcedSettings = new LinkedList<String>();
target.setEnforcedSettings(enforcedSettings);
unifiedRoleManagementPolicyRule.setTarget(target);
UnifiedRoleManagementPolicyRule result = graphClient.policies().roleManagementPolicies().byUnifiedRoleManagementPolicyId("{unifiedRoleManagementPolicy-id}").rules().byUnifiedRoleManagementPolicyRuleId("{unifiedRoleManagementPolicyRule-id}").patch(unifiedRoleManagementPolicyRule);
Lea la documentación del SDK para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider .
const options = {
authProvider,
};
const client = Client.init(options);
const unifiedRoleManagementPolicyRule = {
'@odata.type': '#microsoft.graph.unifiedRoleManagementPolicyEnablementRule',
id: 'Enablement_EndUser_Assignment',
enabledRules: [
'Justification',
'MultiFactorAuthentication',
'Ticketing'
],
target: {
'@odata.type': 'microsoft.graph.unifiedRoleManagementPolicyRuleTarget',
caller: 'EndUser',
operations: [
'All'
],
level: 'Assignment',
inheritableSettings: [],
enforcedSettings: []
}
};
await client.api('/policies/roleManagementPolicies/DirectoryRole_38d49456-54d4-455d-a8d6-c383c71e0a6d_59d351b1-e819-4262-b298-236f5f9b1a67/rules/Enablement_EndUser_Assignment')
.update(unifiedRoleManagementPolicyRule);
Lea la documentación del SDK para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider .
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\UnifiedRoleManagementPolicyEnablementRule;
use Microsoft\Graph\Generated\Models\UnifiedRoleManagementPolicyRuleTarget;
use Microsoft\Graph\Generated\Models\UnifiedRoleManagementPolicyRuleTargetOperations;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new UnifiedRoleManagementPolicyEnablementRule();
$requestBody->setOdataType('#microsoft.graph.unifiedRoleManagementPolicyEnablementRule');
$requestBody->setId('Enablement_EndUser_Assignment');
$requestBody->setEnabledRules(['Justification', 'MultiFactorAuthentication', 'Ticketing', ]);
$target = new UnifiedRoleManagementPolicyRuleTarget();
$target->setOdataType('microsoft.graph.unifiedRoleManagementPolicyRuleTarget');
$target->setCaller('EndUser');
$target->setOperations([new UnifiedRoleManagementPolicyRuleTargetOperations('all'), ]);
$target->setLevel('Assignment');
$target->setInheritableSettings([ ]);
$target->setEnforcedSettings([ ]);
$requestBody->setTarget($target);
$result = $graphServiceClient->policies()->roleManagementPolicies()->byUnifiedRoleManagementPolicyId('unifiedRoleManagementPolicy-id')->rules()->byUnifiedRoleManagementPolicyRuleId('unifiedRoleManagementPolicyRule-id')->patch($requestBody)->wait();
Lea la documentación del SDK para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider .
Import-Module Microsoft.Graph.Identity.SignIns
$params = @{
"@odata.type" = "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule"
id = "Enablement_EndUser_Assignment"
enabledRules = @(
"Justification"
"MultiFactorAuthentication"
"Ticketing"
)
target = @{
"@odata.type" = "microsoft.graph.unifiedRoleManagementPolicyRuleTarget"
caller = "EndUser"
operations = @(
"All"
)
level = "Assignment"
inheritableSettings = @(
)
enforcedSettings = @(
)
}
}
Update-MgPolicyRoleManagementPolicyRule -UnifiedRoleManagementPolicyId $unifiedRoleManagementPolicyId -UnifiedRoleManagementPolicyRuleId $unifiedRoleManagementPolicyRuleId -BodyParameter $params
Lea la documentación del SDK para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider .
from msgraph import GraphServiceClient
from msgraph.generated.models.unified_role_management_policy_enablement_rule import UnifiedRoleManagementPolicyEnablementRule
from msgraph.generated.models.unified_role_management_policy_rule_target import UnifiedRoleManagementPolicyRuleTarget
from msgraph.generated.models.unified_role_management_policy_rule_target_operations import UnifiedRoleManagementPolicyRuleTargetOperations
graph_client = GraphServiceClient(credentials, scopes)
request_body = UnifiedRoleManagementPolicyEnablementRule(
odata_type = "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule",
id = "Enablement_EndUser_Assignment",
enabled_rules = [
"Justification",
"MultiFactorAuthentication",
"Ticketing",
],
target = UnifiedRoleManagementPolicyRuleTarget(
odata_type = "microsoft.graph.unifiedRoleManagementPolicyRuleTarget",
caller = "EndUser",
operations = [
UnifiedRoleManagementPolicyRuleTargetOperations.All,
],
level = "Assignment",
inheritable_settings = [
],
enforced_settings = [
],
),
)
result = await graph_client.policies.role_management_policies.by_unified_role_management_policy_id('unifiedRoleManagementPolicy-id').rules.by_unified_role_management_policy_rule_id('unifiedRoleManagementPolicyRule-id').patch(request_body)
Lea la documentación del SDK para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider .
Ejemplo 3: Requerir aprobación para activar
- Categoría de regla: regla de activación
- Tipo de regla de Microsoft Graph: unifiedRoleManagementPolicyApprovalRule
- Identificador de regla de Microsoft Graph:
Approval_EndUser_Assignment
PATCH https://graph.microsoft.com/v1.0/policies/roleManagementPolicies/DirectoryRole_38d49456-54d4-455d-a8d6-c383c71e0a6d_59d351b1-e819-4262-b298-236f5f9b1a67/rules/Approval_EndUser_Assignment
Content-Type: application/json
{
"@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyApprovalRule",
"id": "Approval_EndUser_Assignment",
"target": {
"@odata.type": "microsoft.graph.unifiedRoleManagementPolicyRuleTarget",
"caller": "EndUser",
"operations": [
"All"
],
"level": "Assignment",
"inheritableSettings": [],
"enforcedSettings": []
},
"setting": {
"@odata.type": "microsoft.graph.approvalSettings",
"isApprovalRequired": true,
"isApprovalRequiredForExtension": false,
"isRequestorJustificationRequired": true,
"approvalMode": "SingleStage",
"approvalStages": [
{
"@odata.type": "microsoft.graph.unifiedApprovalStage",
"approvalStageTimeOutInDays": 1,
"isApproverJustificationRequired": true,
"escalationTimeInMinutes": 0,
"primaryApprovers": [
{
"@odata.type": "#microsoft.graph.singleUser",
"userId": "10a08e2e-3ea2-4ce0-80cb-d5fdd4b05ea6"
},
{
"@odata.type": "#microsoft.graph.groupMembers",
"groupId": "14f2746d-7d6f-4ac6-acd8-8cac318b041b"
}
],
"isEscalationEnabled": false,
"escalationApprovers": []
}
]
}
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Models;
var requestBody = new UnifiedRoleManagementPolicyApprovalRule
{
OdataType = "#microsoft.graph.unifiedRoleManagementPolicyApprovalRule",
Id = "Approval_EndUser_Assignment",
Target = new UnifiedRoleManagementPolicyRuleTarget
{
OdataType = "microsoft.graph.unifiedRoleManagementPolicyRuleTarget",
Caller = "EndUser",
Operations = new List<UnifiedRoleManagementPolicyRuleTargetOperations?>
{
UnifiedRoleManagementPolicyRuleTargetOperations.All,
},
Level = "Assignment",
InheritableSettings = new List<string>
{
},
EnforcedSettings = new List<string>
{
},
},
Setting = new ApprovalSettings
{
OdataType = "microsoft.graph.approvalSettings",
IsApprovalRequired = true,
IsApprovalRequiredForExtension = false,
IsRequestorJustificationRequired = true,
ApprovalMode = "SingleStage",
ApprovalStages = new List<UnifiedApprovalStage>
{
new UnifiedApprovalStage
{
OdataType = "microsoft.graph.unifiedApprovalStage",
ApprovalStageTimeOutInDays = 1,
IsApproverJustificationRequired = true,
EscalationTimeInMinutes = 0,
PrimaryApprovers = new List<SubjectSet>
{
new SingleUser
{
OdataType = "#microsoft.graph.singleUser",
UserId = "10a08e2e-3ea2-4ce0-80cb-d5fdd4b05ea6",
},
new GroupMembers
{
OdataType = "#microsoft.graph.groupMembers",
GroupId = "14f2746d-7d6f-4ac6-acd8-8cac318b041b",
},
},
IsEscalationEnabled = false,
EscalationApprovers = new List<SubjectSet>
{
},
},
},
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Policies.RoleManagementPolicies["{unifiedRoleManagementPolicy-id}"].Rules["{unifiedRoleManagementPolicyRule-id}"].PatchAsync(requestBody);
Lea la documentación del SDK para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider .
// THE CLI IS IN PREVIEW. NON-PRODUCTION USE ONLY
mgc policies role-management-policies rules patch --unified-role-management-policy-id {unifiedRoleManagementPolicy-id} --unified-role-management-policy-rule-id {unifiedRoleManagementPolicyRule-id} --body '{\
"@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyApprovalRule",\
"id": "Approval_EndUser_Assignment",\
"target": {\
"@odata.type": "microsoft.graph.unifiedRoleManagementPolicyRuleTarget",\
"caller": "EndUser",\
"operations": [\
"All"\
],\
"level": "Assignment",\
"inheritableSettings": [],\
"enforcedSettings": []\
},\
"setting": {\
"@odata.type": "microsoft.graph.approvalSettings",\
"isApprovalRequired": true,\
"isApprovalRequiredForExtension": false,\
"isRequestorJustificationRequired": true,\
"approvalMode": "SingleStage",\
"approvalStages": [\
{\
"@odata.type": "microsoft.graph.unifiedApprovalStage",\
"approvalStageTimeOutInDays": 1,\
"isApproverJustificationRequired": true,\
"escalationTimeInMinutes": 0,\
"primaryApprovers": [\
{\
"@odata.type": "#microsoft.graph.singleUser",\
"userId": "10a08e2e-3ea2-4ce0-80cb-d5fdd4b05ea6"\
},\
{\
"@odata.type": "#microsoft.graph.groupMembers",\
"groupId": "14f2746d-7d6f-4ac6-acd8-8cac318b041b"\
}\
],\
"isEscalationEnabled": false,\
"escalationApprovers": []\
}\
]\
}\
}\
'
Lea la documentación del SDK para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider .
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
//other-imports
)
graphClient := msgraphsdk.NewGraphServiceClientWithCredentials(cred, scopes)
requestBody := graphmodels.NewUnifiedRoleManagementPolicyRule()
id := "Approval_EndUser_Assignment"
requestBody.SetId(&id)
target := graphmodels.NewUnifiedRoleManagementPolicyRuleTarget()
caller := "EndUser"
target.SetCaller(&caller)
operations := []graphmodels.UnifiedRoleManagementPolicyRuleTargetOperationsable {
unifiedRoleManagementPolicyRuleTargetOperations := graphmodels.ALL_UNIFIEDROLEMANAGEMENTPOLICYRULETARGETOPERATIONS
target.SetUnifiedRoleManagementPolicyRuleTargetOperations(&unifiedRoleManagementPolicyRuleTargetOperations)
}
target.SetOperations(operations)
level := "Assignment"
target.SetLevel(&level)
inheritableSettings := []string {
}
target.SetInheritableSettings(inheritableSettings)
enforcedSettings := []string {
}
target.SetEnforcedSettings(enforcedSettings)
requestBody.SetTarget(target)
setting := graphmodels.NewApprovalSettings()
isApprovalRequired := true
setting.SetIsApprovalRequired(&isApprovalRequired)
isApprovalRequiredForExtension := false
setting.SetIsApprovalRequiredForExtension(&isApprovalRequiredForExtension)
isRequestorJustificationRequired := true
setting.SetIsRequestorJustificationRequired(&isRequestorJustificationRequired)
approvalMode := "SingleStage"
setting.SetApprovalMode(&approvalMode)
unifiedApprovalStage := graphmodels.NewUnifiedApprovalStage()
approvalStageTimeOutInDays := int32(1)
unifiedApprovalStage.SetApprovalStageTimeOutInDays(&approvalStageTimeOutInDays)
isApproverJustificationRequired := true
unifiedApprovalStage.SetIsApproverJustificationRequired(&isApproverJustificationRequired)
escalationTimeInMinutes := int32(0)
unifiedApprovalStage.SetEscalationTimeInMinutes(&escalationTimeInMinutes)
subjectSet := graphmodels.NewSingleUser()
userId := "10a08e2e-3ea2-4ce0-80cb-d5fdd4b05ea6"
subjectSet.SetUserId(&userId)
subjectSet1 := graphmodels.NewGroupMembers()
groupId := "14f2746d-7d6f-4ac6-acd8-8cac318b041b"
subjectSet1.SetGroupId(&groupId)
primaryApprovers := []graphmodels.SubjectSetable {
subjectSet,
subjectSet1,
}
unifiedApprovalStage.SetPrimaryApprovers(primaryApprovers)
isEscalationEnabled := false
unifiedApprovalStage.SetIsEscalationEnabled(&isEscalationEnabled)
escalationApprovers := []graphmodels.SubjectSetable {
}
unifiedApprovalStage.SetEscalationApprovers(escalationApprovers)
approvalStages := []graphmodels.UnifiedApprovalStageable {
unifiedApprovalStage,
}
setting.SetApprovalStages(approvalStages)
requestBody.SetSetting(setting)
rules, err := graphClient.Policies().RoleManagementPolicies().ByUnifiedRoleManagementPolicyId("unifiedRoleManagementPolicy-id").Rules().ByUnifiedRoleManagementPolicyRuleId("unifiedRoleManagementPolicyRule-id").Patch(context.Background(), requestBody, nil)
Lea la documentación del SDK para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider .
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
UnifiedRoleManagementPolicyApprovalRule unifiedRoleManagementPolicyRule = new UnifiedRoleManagementPolicyApprovalRule();
unifiedRoleManagementPolicyRule.setOdataType("#microsoft.graph.unifiedRoleManagementPolicyApprovalRule");
unifiedRoleManagementPolicyRule.setId("Approval_EndUser_Assignment");
UnifiedRoleManagementPolicyRuleTarget target = new UnifiedRoleManagementPolicyRuleTarget();
target.setOdataType("microsoft.graph.unifiedRoleManagementPolicyRuleTarget");
target.setCaller("EndUser");
LinkedList<UnifiedRoleManagementPolicyRuleTargetOperations> operations = new LinkedList<UnifiedRoleManagementPolicyRuleTargetOperations>();
operations.add(UnifiedRoleManagementPolicyRuleTargetOperations.All);
target.setOperations(operations);
target.setLevel("Assignment");
LinkedList<String> inheritableSettings = new LinkedList<String>();
target.setInheritableSettings(inheritableSettings);
LinkedList<String> enforcedSettings = new LinkedList<String>();
target.setEnforcedSettings(enforcedSettings);
unifiedRoleManagementPolicyRule.setTarget(target);
ApprovalSettings setting = new ApprovalSettings();
setting.setOdataType("microsoft.graph.approvalSettings");
setting.setIsApprovalRequired(true);
setting.setIsApprovalRequiredForExtension(false);
setting.setIsRequestorJustificationRequired(true);
setting.setApprovalMode("SingleStage");
LinkedList<UnifiedApprovalStage> approvalStages = new LinkedList<UnifiedApprovalStage>();
UnifiedApprovalStage unifiedApprovalStage = new UnifiedApprovalStage();
unifiedApprovalStage.setOdataType("microsoft.graph.unifiedApprovalStage");
unifiedApprovalStage.setApprovalStageTimeOutInDays(1);
unifiedApprovalStage.setIsApproverJustificationRequired(true);
unifiedApprovalStage.setEscalationTimeInMinutes(0);
LinkedList<SubjectSet> primaryApprovers = new LinkedList<SubjectSet>();
SingleUser subjectSet = new SingleUser();
subjectSet.setOdataType("#microsoft.graph.singleUser");
subjectSet.setUserId("10a08e2e-3ea2-4ce0-80cb-d5fdd4b05ea6");
primaryApprovers.add(subjectSet);
GroupMembers subjectSet1 = new GroupMembers();
subjectSet1.setOdataType("#microsoft.graph.groupMembers");
subjectSet1.setGroupId("14f2746d-7d6f-4ac6-acd8-8cac318b041b");
primaryApprovers.add(subjectSet1);
unifiedApprovalStage.setPrimaryApprovers(primaryApprovers);
unifiedApprovalStage.setIsEscalationEnabled(false);
LinkedList<SubjectSet> escalationApprovers = new LinkedList<SubjectSet>();
unifiedApprovalStage.setEscalationApprovers(escalationApprovers);
approvalStages.add(unifiedApprovalStage);
setting.setApprovalStages(approvalStages);
unifiedRoleManagementPolicyRule.setSetting(setting);
UnifiedRoleManagementPolicyRule result = graphClient.policies().roleManagementPolicies().byUnifiedRoleManagementPolicyId("{unifiedRoleManagementPolicy-id}").rules().byUnifiedRoleManagementPolicyRuleId("{unifiedRoleManagementPolicyRule-id}").patch(unifiedRoleManagementPolicyRule);
Lea la documentación del SDK para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider .
const options = {
authProvider,
};
const client = Client.init(options);
const unifiedRoleManagementPolicyRule = {
'@odata.type': '#microsoft.graph.unifiedRoleManagementPolicyApprovalRule',
id: 'Approval_EndUser_Assignment',
target: {
'@odata.type': 'microsoft.graph.unifiedRoleManagementPolicyRuleTarget',
caller: 'EndUser',
operations: [
'All'
],
level: 'Assignment',
inheritableSettings: [],
enforcedSettings: []
},
setting: {
'@odata.type': 'microsoft.graph.approvalSettings',
isApprovalRequired: true,
isApprovalRequiredForExtension: false,
isRequestorJustificationRequired: true,
approvalMode: 'SingleStage',
approvalStages: [
{
'@odata.type': 'microsoft.graph.unifiedApprovalStage',
approvalStageTimeOutInDays: 1,
isApproverJustificationRequired: true,
escalationTimeInMinutes: 0,
primaryApprovers: [
{
'@odata.type': '#microsoft.graph.singleUser',
userId: '10a08e2e-3ea2-4ce0-80cb-d5fdd4b05ea6'
},
{
'@odata.type': '#microsoft.graph.groupMembers',
groupId: '14f2746d-7d6f-4ac6-acd8-8cac318b041b'
}
],
isEscalationEnabled: false,
escalationApprovers: []
}
]
}
};
await client.api('/policies/roleManagementPolicies/DirectoryRole_38d49456-54d4-455d-a8d6-c383c71e0a6d_59d351b1-e819-4262-b298-236f5f9b1a67/rules/Approval_EndUser_Assignment')
.update(unifiedRoleManagementPolicyRule);
Lea la documentación del SDK para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider .
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\UnifiedRoleManagementPolicyApprovalRule;
use Microsoft\Graph\Generated\Models\UnifiedRoleManagementPolicyRuleTarget;
use Microsoft\Graph\Generated\Models\UnifiedRoleManagementPolicyRuleTargetOperations;
use Microsoft\Graph\Generated\Models\ApprovalSettings;
use Microsoft\Graph\Generated\Models\UnifiedApprovalStage;
use Microsoft\Graph\Generated\Models\SubjectSet;
use Microsoft\Graph\Generated\Models\SingleUser;
use Microsoft\Graph\Generated\Models\GroupMembers;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new UnifiedRoleManagementPolicyApprovalRule();
$requestBody->setOdataType('#microsoft.graph.unifiedRoleManagementPolicyApprovalRule');
$requestBody->setId('Approval_EndUser_Assignment');
$target = new UnifiedRoleManagementPolicyRuleTarget();
$target->setOdataType('microsoft.graph.unifiedRoleManagementPolicyRuleTarget');
$target->setCaller('EndUser');
$target->setOperations([new UnifiedRoleManagementPolicyRuleTargetOperations('all'), ]);
$target->setLevel('Assignment');
$target->setInheritableSettings([ ]);
$target->setEnforcedSettings([ ]);
$requestBody->setTarget($target);
$setting = new ApprovalSettings();
$setting->setOdataType('microsoft.graph.approvalSettings');
$setting->setIsApprovalRequired(true);
$setting->setIsApprovalRequiredForExtension(false);
$setting->setIsRequestorJustificationRequired(true);
$setting->setApprovalMode('SingleStage');
$approvalStagesUnifiedApprovalStage1 = new UnifiedApprovalStage();
$approvalStagesUnifiedApprovalStage1->setOdataType('microsoft.graph.unifiedApprovalStage');
$approvalStagesUnifiedApprovalStage1->setApprovalStageTimeOutInDays(1);
$approvalStagesUnifiedApprovalStage1->setIsApproverJustificationRequired(true);
$approvalStagesUnifiedApprovalStage1->setEscalationTimeInMinutes(0);
$primaryApproversSubjectSet1 = new SingleUser();
$primaryApproversSubjectSet1->setOdataType('#microsoft.graph.singleUser');
$primaryApproversSubjectSet1->setUserId('10a08e2e-3ea2-4ce0-80cb-d5fdd4b05ea6');
$primaryApproversArray []= $primaryApproversSubjectSet1;
$primaryApproversSubjectSet2 = new GroupMembers();
$primaryApproversSubjectSet2->setOdataType('#microsoft.graph.groupMembers');
$primaryApproversSubjectSet2->setGroupId('14f2746d-7d6f-4ac6-acd8-8cac318b041b');
$primaryApproversArray []= $primaryApproversSubjectSet2;
$approvalStagesUnifiedApprovalStage1->setPrimaryApprovers($primaryApproversArray);
$approvalStagesUnifiedApprovalStage1->setIsEscalationEnabled(false);
$approvalStagesUnifiedApprovalStage1->setEscalationApprovers([]);
$approvalStagesArray []= $approvalStagesUnifiedApprovalStage1;
$setting->setApprovalStages($approvalStagesArray);
$requestBody->setSetting($setting);
$result = $graphServiceClient->policies()->roleManagementPolicies()->byUnifiedRoleManagementPolicyId('unifiedRoleManagementPolicy-id')->rules()->byUnifiedRoleManagementPolicyRuleId('unifiedRoleManagementPolicyRule-id')->patch($requestBody)->wait();
Lea la documentación del SDK para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider .
Import-Module Microsoft.Graph.Identity.SignIns
$params = @{
"@odata.type" = "#microsoft.graph.unifiedRoleManagementPolicyApprovalRule"
id = "Approval_EndUser_Assignment"
target = @{
"@odata.type" = "microsoft.graph.unifiedRoleManagementPolicyRuleTarget"
caller = "EndUser"
operations = @(
"All"
)
level = "Assignment"
inheritableSettings = @(
)
enforcedSettings = @(
)
}
setting = @{
"@odata.type" = "microsoft.graph.approvalSettings"
isApprovalRequired = $true
isApprovalRequiredForExtension = $false
isRequestorJustificationRequired = $true
approvalMode = "SingleStage"
approvalStages = @(
@{
"@odata.type" = "microsoft.graph.unifiedApprovalStage"
approvalStageTimeOutInDays =
isApproverJustificationRequired = $true
escalationTimeInMinutes =
primaryApprovers = @(
@{
"@odata.type" = "#microsoft.graph.singleUser"
userId = "10a08e2e-3ea2-4ce0-80cb-d5fdd4b05ea6"
}
@{
"@odata.type" = "#microsoft.graph.groupMembers"
groupId = "14f2746d-7d6f-4ac6-acd8-8cac318b041b"
}
)
isEscalationEnabled = $false
escalationApprovers = @(
)
}
)
}
}
Update-MgPolicyRoleManagementPolicyRule -UnifiedRoleManagementPolicyId $unifiedRoleManagementPolicyId -UnifiedRoleManagementPolicyRuleId $unifiedRoleManagementPolicyRuleId -BodyParameter $params
Lea la documentación del SDK para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider .
from msgraph import GraphServiceClient
from msgraph.generated.models.unified_role_management_policy_approval_rule import UnifiedRoleManagementPolicyApprovalRule
from msgraph.generated.models.unified_role_management_policy_rule_target import UnifiedRoleManagementPolicyRuleTarget
from msgraph.generated.models.unified_role_management_policy_rule_target_operations import UnifiedRoleManagementPolicyRuleTargetOperations
from msgraph.generated.models.approval_settings import ApprovalSettings
from msgraph.generated.models.unified_approval_stage import UnifiedApprovalStage
from msgraph.generated.models.subject_set import SubjectSet
from msgraph.generated.models.single_user import SingleUser
from msgraph.generated.models.group_members import GroupMembers
graph_client = GraphServiceClient(credentials, scopes)
request_body = UnifiedRoleManagementPolicyApprovalRule(
odata_type = "#microsoft.graph.unifiedRoleManagementPolicyApprovalRule",
id = "Approval_EndUser_Assignment",
target = UnifiedRoleManagementPolicyRuleTarget(
odata_type = "microsoft.graph.unifiedRoleManagementPolicyRuleTarget",
caller = "EndUser",
operations = [
UnifiedRoleManagementPolicyRuleTargetOperations.All,
],
level = "Assignment",
inheritable_settings = [
],
enforced_settings = [
],
),
setting = ApprovalSettings(
odata_type = "microsoft.graph.approvalSettings",
is_approval_required = True,
is_approval_required_for_extension = False,
is_requestor_justification_required = True,
approval_mode = "SingleStage",
approval_stages = [
UnifiedApprovalStage(
odata_type = "microsoft.graph.unifiedApprovalStage",
approval_stage_time_out_in_days = 1,
is_approver_justification_required = True,
escalation_time_in_minutes = 0,
primary_approvers = [
SingleUser(
odata_type = "#microsoft.graph.singleUser",
user_id = "10a08e2e-3ea2-4ce0-80cb-d5fdd4b05ea6",
),
GroupMembers(
odata_type = "#microsoft.graph.groupMembers",
group_id = "14f2746d-7d6f-4ac6-acd8-8cac318b041b",
),
],
is_escalation_enabled = False,
escalation_approvers = [
],
),
],
),
)
result = await graph_client.policies.role_management_policies.by_unified_role_management_policy_id('unifiedRoleManagementPolicy-id').rules.by_unified_role_management_policy_rule_id('unifiedRoleManagementPolicyRule-id').patch(request_body)
Lea la documentación del SDK para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider .
Ejemplo 4: Establecimiento de la expiración de la asignación apta
- Categoría de regla: regla de activación
- Tipo de regla de Microsoft Graph: unifiedRoleManagementPolicyExpirationRule
- Identificador de regla de Microsoft Graph:
Expiration_Admin_Eligibility
PATCH https://graph.microsoft.com/v1.0/policies/roleManagementPolicies/DirectoryRole_38d49456-54d4-455d-a8d6-c383c71e0a6d_59d351b1-e819-4262-b298-236f5f9b1a67/rules/Expiration_Admin_Eligibility
Content-Type: application/json
{
"@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule",
"id": "Expiration_Admin_Eligibility",
"isExpirationRequired": true,
"maximumDuration": "P90D",
"target": {
"@odata.type": "microsoft.graph.unifiedRoleManagementPolicyRuleTarget",
"caller": "Admin",
"operations": [
"All"
],
"level": "Eligibility",
"inheritableSettings": [],
"enforcedSettings": []
}
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Models;
var requestBody = new UnifiedRoleManagementPolicyExpirationRule
{
OdataType = "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule",
Id = "Expiration_Admin_Eligibility",
IsExpirationRequired = true,
MaximumDuration = TimeSpan.Parse("P90D"),
Target = new UnifiedRoleManagementPolicyRuleTarget
{
OdataType = "microsoft.graph.unifiedRoleManagementPolicyRuleTarget",
Caller = "Admin",
Operations = new List<UnifiedRoleManagementPolicyRuleTargetOperations?>
{
UnifiedRoleManagementPolicyRuleTargetOperations.All,
},
Level = "Eligibility",
InheritableSettings = new List<string>
{
},
EnforcedSettings = new List<string>
{
},
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Policies.RoleManagementPolicies["{unifiedRoleManagementPolicy-id}"].Rules["{unifiedRoleManagementPolicyRule-id}"].PatchAsync(requestBody);
Lea la documentación del SDK para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider .
// THE CLI IS IN PREVIEW. NON-PRODUCTION USE ONLY
mgc policies role-management-policies rules patch --unified-role-management-policy-id {unifiedRoleManagementPolicy-id} --unified-role-management-policy-rule-id {unifiedRoleManagementPolicyRule-id} --body '{\
"@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule",\
"id": "Expiration_Admin_Eligibility",\
"isExpirationRequired": true,\
"maximumDuration": "P90D",\
"target": {\
"@odata.type": "microsoft.graph.unifiedRoleManagementPolicyRuleTarget",\
"caller": "Admin",\
"operations": [\
"All"\
],\
"level": "Eligibility",\
"inheritableSettings": [],\
"enforcedSettings": []\
}\
}\
'
Lea la documentación del SDK para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider .
import (
"context"
abstractions "github.com/microsoft/kiota-abstractions-go"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
//other-imports
)
graphClient := msgraphsdk.NewGraphServiceClientWithCredentials(cred, scopes)
requestBody := graphmodels.NewUnifiedRoleManagementPolicyRule()
id := "Expiration_Admin_Eligibility"
requestBody.SetId(&id)
isExpirationRequired := true
requestBody.SetIsExpirationRequired(&isExpirationRequired)
maximumDuration , err := abstractions.ParseISODuration("P90D")
requestBody.SetMaximumDuration(&maximumDuration)
target := graphmodels.NewUnifiedRoleManagementPolicyRuleTarget()
caller := "Admin"
target.SetCaller(&caller)
operations := []graphmodels.UnifiedRoleManagementPolicyRuleTargetOperationsable {
unifiedRoleManagementPolicyRuleTargetOperations := graphmodels.ALL_UNIFIEDROLEMANAGEMENTPOLICYRULETARGETOPERATIONS
target.SetUnifiedRoleManagementPolicyRuleTargetOperations(&unifiedRoleManagementPolicyRuleTargetOperations)
}
target.SetOperations(operations)
level := "Eligibility"
target.SetLevel(&level)
inheritableSettings := []string {
}
target.SetInheritableSettings(inheritableSettings)
enforcedSettings := []string {
}
target.SetEnforcedSettings(enforcedSettings)
requestBody.SetTarget(target)
rules, err := graphClient.Policies().RoleManagementPolicies().ByUnifiedRoleManagementPolicyId("unifiedRoleManagementPolicy-id").Rules().ByUnifiedRoleManagementPolicyRuleId("unifiedRoleManagementPolicyRule-id").Patch(context.Background(), requestBody, nil)
Lea la documentación del SDK para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider .
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
UnifiedRoleManagementPolicyExpirationRule unifiedRoleManagementPolicyRule = new UnifiedRoleManagementPolicyExpirationRule();
unifiedRoleManagementPolicyRule.setOdataType("#microsoft.graph.unifiedRoleManagementPolicyExpirationRule");
unifiedRoleManagementPolicyRule.setId("Expiration_Admin_Eligibility");
unifiedRoleManagementPolicyRule.setIsExpirationRequired(true);
PeriodAndDuration maximumDuration = PeriodAndDuration.ofDuration(Duration.parse("P90D"));
unifiedRoleManagementPolicyRule.setMaximumDuration(maximumDuration);
UnifiedRoleManagementPolicyRuleTarget target = new UnifiedRoleManagementPolicyRuleTarget();
target.setOdataType("microsoft.graph.unifiedRoleManagementPolicyRuleTarget");
target.setCaller("Admin");
LinkedList<UnifiedRoleManagementPolicyRuleTargetOperations> operations = new LinkedList<UnifiedRoleManagementPolicyRuleTargetOperations>();
operations.add(UnifiedRoleManagementPolicyRuleTargetOperations.All);
target.setOperations(operations);
target.setLevel("Eligibility");
LinkedList<String> inheritableSettings = new LinkedList<String>();
target.setInheritableSettings(inheritableSettings);
LinkedList<String> enforcedSettings = new LinkedList<String>();
target.setEnforcedSettings(enforcedSettings);
unifiedRoleManagementPolicyRule.setTarget(target);
UnifiedRoleManagementPolicyRule result = graphClient.policies().roleManagementPolicies().byUnifiedRoleManagementPolicyId("{unifiedRoleManagementPolicy-id}").rules().byUnifiedRoleManagementPolicyRuleId("{unifiedRoleManagementPolicyRule-id}").patch(unifiedRoleManagementPolicyRule);
Lea la documentación del SDK para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider .
const options = {
authProvider,
};
const client = Client.init(options);
const unifiedRoleManagementPolicyRule = {
'@odata.type': '#microsoft.graph.unifiedRoleManagementPolicyExpirationRule',
id: 'Expiration_Admin_Eligibility',
isExpirationRequired: true,
maximumDuration: 'P90D',
target: {
'@odata.type': 'microsoft.graph.unifiedRoleManagementPolicyRuleTarget',
caller: 'Admin',
operations: [
'All'
],
level: 'Eligibility',
inheritableSettings: [],
enforcedSettings: []
}
};
await client.api('/policies/roleManagementPolicies/DirectoryRole_38d49456-54d4-455d-a8d6-c383c71e0a6d_59d351b1-e819-4262-b298-236f5f9b1a67/rules/Expiration_Admin_Eligibility')
.update(unifiedRoleManagementPolicyRule);
Lea la documentación del SDK para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider .
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\UnifiedRoleManagementPolicyExpirationRule;
use Microsoft\Graph\Generated\Models\UnifiedRoleManagementPolicyRuleTarget;
use Microsoft\Graph\Generated\Models\UnifiedRoleManagementPolicyRuleTargetOperations;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new UnifiedRoleManagementPolicyExpirationRule();
$requestBody->setOdataType('#microsoft.graph.unifiedRoleManagementPolicyExpirationRule');
$requestBody->setId('Expiration_Admin_Eligibility');
$requestBody->setIsExpirationRequired(true);
$requestBody->setMaximumDuration(new \DateInterval('P90D'));
$target = new UnifiedRoleManagementPolicyRuleTarget();
$target->setOdataType('microsoft.graph.unifiedRoleManagementPolicyRuleTarget');
$target->setCaller('Admin');
$target->setOperations([new UnifiedRoleManagementPolicyRuleTargetOperations('all'), ]);
$target->setLevel('Eligibility');
$target->setInheritableSettings([ ]);
$target->setEnforcedSettings([ ]);
$requestBody->setTarget($target);
$result = $graphServiceClient->policies()->roleManagementPolicies()->byUnifiedRoleManagementPolicyId('unifiedRoleManagementPolicy-id')->rules()->byUnifiedRoleManagementPolicyRuleId('unifiedRoleManagementPolicyRule-id')->patch($requestBody)->wait();
Lea la documentación del SDK para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider .
Import-Module Microsoft.Graph.Identity.SignIns
$params = @{
"@odata.type" = "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule"
id = "Expiration_Admin_Eligibility"
isExpirationRequired = $true
maximumDuration = "P90D"
target = @{
"@odata.type" = "microsoft.graph.unifiedRoleManagementPolicyRuleTarget"
caller = "Admin"
operations = @(
"All"
)
level = "Eligibility"
inheritableSettings = @(
)
enforcedSettings = @(
)
}
}
Update-MgPolicyRoleManagementPolicyRule -UnifiedRoleManagementPolicyId $unifiedRoleManagementPolicyId -UnifiedRoleManagementPolicyRuleId $unifiedRoleManagementPolicyRuleId -BodyParameter $params
Lea la documentación del SDK para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider .
from msgraph import GraphServiceClient
from msgraph.generated.models.unified_role_management_policy_expiration_rule import UnifiedRoleManagementPolicyExpirationRule
from msgraph.generated.models.unified_role_management_policy_rule_target import UnifiedRoleManagementPolicyRuleTarget
from msgraph.generated.models.unified_role_management_policy_rule_target_operations import UnifiedRoleManagementPolicyRuleTargetOperations
graph_client = GraphServiceClient(credentials, scopes)
request_body = UnifiedRoleManagementPolicyExpirationRule(
odata_type = "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule",
id = "Expiration_Admin_Eligibility",
is_expiration_required = True,
maximum_duration = "P90D",
target = UnifiedRoleManagementPolicyRuleTarget(
odata_type = "microsoft.graph.unifiedRoleManagementPolicyRuleTarget",
caller = "Admin",
operations = [
UnifiedRoleManagementPolicyRuleTargetOperations.All,
],
level = "Eligibility",
inheritable_settings = [
],
enforced_settings = [
],
),
)
result = await graph_client.policies.role_management_policies.by_unified_role_management_policy_id('unifiedRoleManagementPolicy-id').rules.by_unified_role_management_policy_rule_id('unifiedRoleManagementPolicyRule-id').patch(request_body)
Lea la documentación del SDK para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider .
Ejemplo 5: Establecer la expiración de la asignación activa
- Categoría de regla: regla de asignación
- Tipo de regla de Microsoft Graph: unifiedRoleManagementPolicyExpirationRule
- Identificador de regla de Microsoft Graph:
Expiration_Admin_Assignment
PATCH https://graph.microsoft.com/v1.0/policies/roleManagementPolicies/DirectoryRole_38d49456-54d4-455d-a8d6-c383c71e0a6d_59d351b1-e819-4262-b298-236f5f9b1a67/rules/Expiration_Admin_Assignment
Content-Type: application/json
{
"@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule",
"id": "Expiration_Admin_Assignment",
"isExpirationRequired": true,
"maximumDuration": "P90D",
"target": {
"@odata.type": "microsoft.graph.unifiedRoleManagementPolicyRuleTarget",
"caller": "Admin",
"operations": [
"All"
],
"level": "Assignment",
"inheritableSettings": [],
"enforcedSettings": []
}
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Models;
var requestBody = new UnifiedRoleManagementPolicyExpirationRule
{
OdataType = "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule",
Id = "Expiration_Admin_Assignment",
IsExpirationRequired = true,
MaximumDuration = TimeSpan.Parse("P90D"),
Target = new UnifiedRoleManagementPolicyRuleTarget
{
OdataType = "microsoft.graph.unifiedRoleManagementPolicyRuleTarget",
Caller = "Admin",
Operations = new List<UnifiedRoleManagementPolicyRuleTargetOperations?>
{
UnifiedRoleManagementPolicyRuleTargetOperations.All,
},
Level = "Assignment",
InheritableSettings = new List<string>
{
},
EnforcedSettings = new List<string>
{
},
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Policies.RoleManagementPolicies["{unifiedRoleManagementPolicy-id}"].Rules["{unifiedRoleManagementPolicyRule-id}"].PatchAsync(requestBody);
Lea la documentación del SDK para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider .
// THE CLI IS IN PREVIEW. NON-PRODUCTION USE ONLY
mgc policies role-management-policies rules patch --unified-role-management-policy-id {unifiedRoleManagementPolicy-id} --unified-role-management-policy-rule-id {unifiedRoleManagementPolicyRule-id} --body '{\
"@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule",\
"id": "Expiration_Admin_Assignment",\
"isExpirationRequired": true,\
"maximumDuration": "P90D",\
"target": {\
"@odata.type": "microsoft.graph.unifiedRoleManagementPolicyRuleTarget",\
"caller": "Admin",\
"operations": [\
"All"\
],\
"level": "Assignment",\
"inheritableSettings": [],\
"enforcedSettings": []\
}\
}\
'
Lea la documentación del SDK para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider .
import (
"context"
abstractions "github.com/microsoft/kiota-abstractions-go"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
//other-imports
)
graphClient := msgraphsdk.NewGraphServiceClientWithCredentials(cred, scopes)
requestBody := graphmodels.NewUnifiedRoleManagementPolicyRule()
id := "Expiration_Admin_Assignment"
requestBody.SetId(&id)
isExpirationRequired := true
requestBody.SetIsExpirationRequired(&isExpirationRequired)
maximumDuration , err := abstractions.ParseISODuration("P90D")
requestBody.SetMaximumDuration(&maximumDuration)
target := graphmodels.NewUnifiedRoleManagementPolicyRuleTarget()
caller := "Admin"
target.SetCaller(&caller)
operations := []graphmodels.UnifiedRoleManagementPolicyRuleTargetOperationsable {
unifiedRoleManagementPolicyRuleTargetOperations := graphmodels.ALL_UNIFIEDROLEMANAGEMENTPOLICYRULETARGETOPERATIONS
target.SetUnifiedRoleManagementPolicyRuleTargetOperations(&unifiedRoleManagementPolicyRuleTargetOperations)
}
target.SetOperations(operations)
level := "Assignment"
target.SetLevel(&level)
inheritableSettings := []string {
}
target.SetInheritableSettings(inheritableSettings)
enforcedSettings := []string {
}
target.SetEnforcedSettings(enforcedSettings)
requestBody.SetTarget(target)
rules, err := graphClient.Policies().RoleManagementPolicies().ByUnifiedRoleManagementPolicyId("unifiedRoleManagementPolicy-id").Rules().ByUnifiedRoleManagementPolicyRuleId("unifiedRoleManagementPolicyRule-id").Patch(context.Background(), requestBody, nil)
Lea la documentación del SDK para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider .
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
UnifiedRoleManagementPolicyExpirationRule unifiedRoleManagementPolicyRule = new UnifiedRoleManagementPolicyExpirationRule();
unifiedRoleManagementPolicyRule.setOdataType("#microsoft.graph.unifiedRoleManagementPolicyExpirationRule");
unifiedRoleManagementPolicyRule.setId("Expiration_Admin_Assignment");
unifiedRoleManagementPolicyRule.setIsExpirationRequired(true);
PeriodAndDuration maximumDuration = PeriodAndDuration.ofDuration(Duration.parse("P90D"));
unifiedRoleManagementPolicyRule.setMaximumDuration(maximumDuration);
UnifiedRoleManagementPolicyRuleTarget target = new UnifiedRoleManagementPolicyRuleTarget();
target.setOdataType("microsoft.graph.unifiedRoleManagementPolicyRuleTarget");
target.setCaller("Admin");
LinkedList<UnifiedRoleManagementPolicyRuleTargetOperations> operations = new LinkedList<UnifiedRoleManagementPolicyRuleTargetOperations>();
operations.add(UnifiedRoleManagementPolicyRuleTargetOperations.All);
target.setOperations(operations);
target.setLevel("Assignment");
LinkedList<String> inheritableSettings = new LinkedList<String>();
target.setInheritableSettings(inheritableSettings);
LinkedList<String> enforcedSettings = new LinkedList<String>();
target.setEnforcedSettings(enforcedSettings);
unifiedRoleManagementPolicyRule.setTarget(target);
UnifiedRoleManagementPolicyRule result = graphClient.policies().roleManagementPolicies().byUnifiedRoleManagementPolicyId("{unifiedRoleManagementPolicy-id}").rules().byUnifiedRoleManagementPolicyRuleId("{unifiedRoleManagementPolicyRule-id}").patch(unifiedRoleManagementPolicyRule);
Lea la documentación del SDK para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider .
const options = {
authProvider,
};
const client = Client.init(options);
const unifiedRoleManagementPolicyRule = {
'@odata.type': '#microsoft.graph.unifiedRoleManagementPolicyExpirationRule',
id: 'Expiration_Admin_Assignment',
isExpirationRequired: true,
maximumDuration: 'P90D',
target: {
'@odata.type': 'microsoft.graph.unifiedRoleManagementPolicyRuleTarget',
caller: 'Admin',
operations: [
'All'
],
level: 'Assignment',
inheritableSettings: [],
enforcedSettings: []
}
};
await client.api('/policies/roleManagementPolicies/DirectoryRole_38d49456-54d4-455d-a8d6-c383c71e0a6d_59d351b1-e819-4262-b298-236f5f9b1a67/rules/Expiration_Admin_Assignment')
.update(unifiedRoleManagementPolicyRule);
Lea la documentación del SDK para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider .
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\UnifiedRoleManagementPolicyExpirationRule;
use Microsoft\Graph\Generated\Models\UnifiedRoleManagementPolicyRuleTarget;
use Microsoft\Graph\Generated\Models\UnifiedRoleManagementPolicyRuleTargetOperations;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new UnifiedRoleManagementPolicyExpirationRule();
$requestBody->setOdataType('#microsoft.graph.unifiedRoleManagementPolicyExpirationRule');
$requestBody->setId('Expiration_Admin_Assignment');
$requestBody->setIsExpirationRequired(true);
$requestBody->setMaximumDuration(new \DateInterval('P90D'));
$target = new UnifiedRoleManagementPolicyRuleTarget();
$target->setOdataType('microsoft.graph.unifiedRoleManagementPolicyRuleTarget');
$target->setCaller('Admin');
$target->setOperations([new UnifiedRoleManagementPolicyRuleTargetOperations('all'), ]);
$target->setLevel('Assignment');
$target->setInheritableSettings([ ]);
$target->setEnforcedSettings([ ]);
$requestBody->setTarget($target);
$result = $graphServiceClient->policies()->roleManagementPolicies()->byUnifiedRoleManagementPolicyId('unifiedRoleManagementPolicy-id')->rules()->byUnifiedRoleManagementPolicyRuleId('unifiedRoleManagementPolicyRule-id')->patch($requestBody)->wait();
Lea la documentación del SDK para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider .
Import-Module Microsoft.Graph.Identity.SignIns
$params = @{
"@odata.type" = "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule"
id = "Expiration_Admin_Assignment"
isExpirationRequired = $true
maximumDuration = "P90D"
target = @{
"@odata.type" = "microsoft.graph.unifiedRoleManagementPolicyRuleTarget"
caller = "Admin"
operations = @(
"All"
)
level = "Assignment"
inheritableSettings = @(
)
enforcedSettings = @(
)
}
}
Update-MgPolicyRoleManagementPolicyRule -UnifiedRoleManagementPolicyId $unifiedRoleManagementPolicyId -UnifiedRoleManagementPolicyRuleId $unifiedRoleManagementPolicyRuleId -BodyParameter $params
Lea la documentación del SDK para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider .
from msgraph import GraphServiceClient
from msgraph.generated.models.unified_role_management_policy_expiration_rule import UnifiedRoleManagementPolicyExpirationRule
from msgraph.generated.models.unified_role_management_policy_rule_target import UnifiedRoleManagementPolicyRuleTarget
from msgraph.generated.models.unified_role_management_policy_rule_target_operations import UnifiedRoleManagementPolicyRuleTargetOperations
graph_client = GraphServiceClient(credentials, scopes)
request_body = UnifiedRoleManagementPolicyExpirationRule(
odata_type = "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule",
id = "Expiration_Admin_Assignment",
is_expiration_required = True,
maximum_duration = "P90D",
target = UnifiedRoleManagementPolicyRuleTarget(
odata_type = "microsoft.graph.unifiedRoleManagementPolicyRuleTarget",
caller = "Admin",
operations = [
UnifiedRoleManagementPolicyRuleTargetOperations.All,
],
level = "Assignment",
inheritable_settings = [
],
enforced_settings = [
],
),
)
result = await graph_client.policies.role_management_policies.by_unified_role_management_policy_id('unifiedRoleManagementPolicy-id').rules.by_unified_role_management_policy_rule_id('unifiedRoleManagementPolicyRule-id').patch(request_body)
Lea la documentación del SDK para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider .
Ejemplo 6: Establecer la justificación y los requisitos de MFA para la asignación activa
- Categoría de regla: regla de asignación
- Tipo de regla de Microsoft Graph: unifiedRoleManagementPolicyExpirationRule
- Identificador de regla de Microsoft Graph:
Enablement_Admin_Assignment
PATCH https://graph.microsoft.com/v1.0/policies/roleManagementPolicies/DirectoryRole_38d49456-54d4-455d-a8d6-c383c71e0a6d_59d351b1-e819-4262-b298-236f5f9b1a67/rules/Enablement_Admin_Assignment
Content-Type: application/json
{
"@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule",
"id": "Enablement_Admin_Assignment",
"enabledRules": [
"Justification",
"MultiFactorAuthentication"
],
"target": {
"@odata.type": "microsoft.graph.unifiedRoleManagementPolicyRuleTarget",
"caller": "Admin",
"operations": [
"All"
],
"level": "Assignment",
"inheritableSettings": [],
"enforcedSettings": []
}
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Models;
var requestBody = new UnifiedRoleManagementPolicyEnablementRule
{
OdataType = "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule",
Id = "Enablement_Admin_Assignment",
EnabledRules = new List<string>
{
"Justification",
"MultiFactorAuthentication",
},
Target = new UnifiedRoleManagementPolicyRuleTarget
{
OdataType = "microsoft.graph.unifiedRoleManagementPolicyRuleTarget",
Caller = "Admin",
Operations = new List<UnifiedRoleManagementPolicyRuleTargetOperations?>
{
UnifiedRoleManagementPolicyRuleTargetOperations.All,
},
Level = "Assignment",
InheritableSettings = new List<string>
{
},
EnforcedSettings = new List<string>
{
},
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Policies.RoleManagementPolicies["{unifiedRoleManagementPolicy-id}"].Rules["{unifiedRoleManagementPolicyRule-id}"].PatchAsync(requestBody);
Lea la documentación del SDK para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider .
// THE CLI IS IN PREVIEW. NON-PRODUCTION USE ONLY
mgc policies role-management-policies rules patch --unified-role-management-policy-id {unifiedRoleManagementPolicy-id} --unified-role-management-policy-rule-id {unifiedRoleManagementPolicyRule-id} --body '{\
"@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule",\
"id": "Enablement_Admin_Assignment",\
"enabledRules": [\
"Justification",\
"MultiFactorAuthentication"\
],\
"target": {\
"@odata.type": "microsoft.graph.unifiedRoleManagementPolicyRuleTarget",\
"caller": "Admin",\
"operations": [\
"All"\
],\
"level": "Assignment",\
"inheritableSettings": [],\
"enforcedSettings": []\
}\
}\
'
Lea la documentación del SDK para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider .
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
//other-imports
)
graphClient := msgraphsdk.NewGraphServiceClientWithCredentials(cred, scopes)
requestBody := graphmodels.NewUnifiedRoleManagementPolicyRule()
id := "Enablement_Admin_Assignment"
requestBody.SetId(&id)
enabledRules := []string {
"Justification",
"MultiFactorAuthentication",
}
requestBody.SetEnabledRules(enabledRules)
target := graphmodels.NewUnifiedRoleManagementPolicyRuleTarget()
caller := "Admin"
target.SetCaller(&caller)
operations := []graphmodels.UnifiedRoleManagementPolicyRuleTargetOperationsable {
unifiedRoleManagementPolicyRuleTargetOperations := graphmodels.ALL_UNIFIEDROLEMANAGEMENTPOLICYRULETARGETOPERATIONS
target.SetUnifiedRoleManagementPolicyRuleTargetOperations(&unifiedRoleManagementPolicyRuleTargetOperations)
}
target.SetOperations(operations)
level := "Assignment"
target.SetLevel(&level)
inheritableSettings := []string {
}
target.SetInheritableSettings(inheritableSettings)
enforcedSettings := []string {
}
target.SetEnforcedSettings(enforcedSettings)
requestBody.SetTarget(target)
rules, err := graphClient.Policies().RoleManagementPolicies().ByUnifiedRoleManagementPolicyId("unifiedRoleManagementPolicy-id").Rules().ByUnifiedRoleManagementPolicyRuleId("unifiedRoleManagementPolicyRule-id").Patch(context.Background(), requestBody, nil)
Lea la documentación del SDK para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider .
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
UnifiedRoleManagementPolicyEnablementRule unifiedRoleManagementPolicyRule = new UnifiedRoleManagementPolicyEnablementRule();
unifiedRoleManagementPolicyRule.setOdataType("#microsoft.graph.unifiedRoleManagementPolicyEnablementRule");
unifiedRoleManagementPolicyRule.setId("Enablement_Admin_Assignment");
LinkedList<String> enabledRules = new LinkedList<String>();
enabledRules.add("Justification");
enabledRules.add("MultiFactorAuthentication");
unifiedRoleManagementPolicyRule.setEnabledRules(enabledRules);
UnifiedRoleManagementPolicyRuleTarget target = new UnifiedRoleManagementPolicyRuleTarget();
target.setOdataType("microsoft.graph.unifiedRoleManagementPolicyRuleTarget");
target.setCaller("Admin");
LinkedList<UnifiedRoleManagementPolicyRuleTargetOperations> operations = new LinkedList<UnifiedRoleManagementPolicyRuleTargetOperations>();
operations.add(UnifiedRoleManagementPolicyRuleTargetOperations.All);
target.setOperations(operations);
target.setLevel("Assignment");
LinkedList<String> inheritableSettings = new LinkedList<String>();
target.setInheritableSettings(inheritableSettings);
LinkedList<String> enforcedSettings = new LinkedList<String>();
target.setEnforcedSettings(enforcedSettings);
unifiedRoleManagementPolicyRule.setTarget(target);
UnifiedRoleManagementPolicyRule result = graphClient.policies().roleManagementPolicies().byUnifiedRoleManagementPolicyId("{unifiedRoleManagementPolicy-id}").rules().byUnifiedRoleManagementPolicyRuleId("{unifiedRoleManagementPolicyRule-id}").patch(unifiedRoleManagementPolicyRule);
Lea la documentación del SDK para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider .
const options = {
authProvider,
};
const client = Client.init(options);
const unifiedRoleManagementPolicyRule = {
'@odata.type': '#microsoft.graph.unifiedRoleManagementPolicyEnablementRule',
id: 'Enablement_Admin_Assignment',
enabledRules: [
'Justification',
'MultiFactorAuthentication'
],
target: {
'@odata.type': 'microsoft.graph.unifiedRoleManagementPolicyRuleTarget',
caller: 'Admin',
operations: [
'All'
],
level: 'Assignment',
inheritableSettings: [],
enforcedSettings: []
}
};
await client.api('/policies/roleManagementPolicies/DirectoryRole_38d49456-54d4-455d-a8d6-c383c71e0a6d_59d351b1-e819-4262-b298-236f5f9b1a67/rules/Enablement_Admin_Assignment')
.update(unifiedRoleManagementPolicyRule);
Lea la documentación del SDK para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider .
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\UnifiedRoleManagementPolicyEnablementRule;
use Microsoft\Graph\Generated\Models\UnifiedRoleManagementPolicyRuleTarget;
use Microsoft\Graph\Generated\Models\UnifiedRoleManagementPolicyRuleTargetOperations;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new UnifiedRoleManagementPolicyEnablementRule();
$requestBody->setOdataType('#microsoft.graph.unifiedRoleManagementPolicyEnablementRule');
$requestBody->setId('Enablement_Admin_Assignment');
$requestBody->setEnabledRules(['Justification', 'MultiFactorAuthentication', ]);
$target = new UnifiedRoleManagementPolicyRuleTarget();
$target->setOdataType('microsoft.graph.unifiedRoleManagementPolicyRuleTarget');
$target->setCaller('Admin');
$target->setOperations([new UnifiedRoleManagementPolicyRuleTargetOperations('all'), ]);
$target->setLevel('Assignment');
$target->setInheritableSettings([ ]);
$target->setEnforcedSettings([ ]);
$requestBody->setTarget($target);
$result = $graphServiceClient->policies()->roleManagementPolicies()->byUnifiedRoleManagementPolicyId('unifiedRoleManagementPolicy-id')->rules()->byUnifiedRoleManagementPolicyRuleId('unifiedRoleManagementPolicyRule-id')->patch($requestBody)->wait();
Lea la documentación del SDK para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider .
Import-Module Microsoft.Graph.Identity.SignIns
$params = @{
"@odata.type" = "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule"
id = "Enablement_Admin_Assignment"
enabledRules = @(
"Justification"
"MultiFactorAuthentication"
)
target = @{
"@odata.type" = "microsoft.graph.unifiedRoleManagementPolicyRuleTarget"
caller = "Admin"
operations = @(
"All"
)
level = "Assignment"
inheritableSettings = @(
)
enforcedSettings = @(
)
}
}
Update-MgPolicyRoleManagementPolicyRule -UnifiedRoleManagementPolicyId $unifiedRoleManagementPolicyId -UnifiedRoleManagementPolicyRuleId $unifiedRoleManagementPolicyRuleId -BodyParameter $params
Lea la documentación del SDK para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider .
from msgraph import GraphServiceClient
from msgraph.generated.models.unified_role_management_policy_enablement_rule import UnifiedRoleManagementPolicyEnablementRule
from msgraph.generated.models.unified_role_management_policy_rule_target import UnifiedRoleManagementPolicyRuleTarget
from msgraph.generated.models.unified_role_management_policy_rule_target_operations import UnifiedRoleManagementPolicyRuleTargetOperations
graph_client = GraphServiceClient(credentials, scopes)
request_body = UnifiedRoleManagementPolicyEnablementRule(
odata_type = "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule",
id = "Enablement_Admin_Assignment",
enabled_rules = [
"Justification",
"MultiFactorAuthentication",
],
target = UnifiedRoleManagementPolicyRuleTarget(
odata_type = "microsoft.graph.unifiedRoleManagementPolicyRuleTarget",
caller = "Admin",
operations = [
UnifiedRoleManagementPolicyRuleTargetOperations.All,
],
level = "Assignment",
inheritable_settings = [
],
enforced_settings = [
],
),
)
result = await graph_client.policies.role_management_policies.by_unified_role_management_policy_id('unifiedRoleManagementPolicy-id').rules.by_unified_role_management_policy_rule_id('unifiedRoleManagementPolicyRule-id').patch(request_body)
Lea la documentación del SDK para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider .
Contenido relacionado
- Introducción a la administración de roles a través de la API de administración de identidades con privilegios (PIM)
- Introducción a las reglas de Microsoft Entra roles en las API de administración de identidades con privilegios (PIM) en Microsoft Graph
- Configuración de Microsoft Entra roles mediante el Centro de administración Microsoft Entra
Comentarios
¿Le ha resultado útil esta página?
Comentarios
Próximamente: A lo largo de 2024 iremos eliminando gradualmente GitHub Issues como mecanismo de comentarios sobre el contenido y lo sustituiremos por un nuevo sistema de comentarios. Para más información, vea: https://aka.ms/ContentUserFeedback.
Enviar y ver comentarios de