Megosztás a következőn keresztül:


Get-MgUserAppRoleAssignment

Represents the app roles a user is granted for an application. Supports $expand.

Note

To view the beta release of this cmdlet, view Get-MgBetaUserAppRoleAssignment

Syntax

Get-MgUserAppRoleAssignment
   -UserId <String>
   [-ExpandProperty <String[]>]
   [-Property <String[]>]
   [-Filter <String>]
   [-Search <String>]
   [-Skip <Int32>]
   [-Sort <String[]>]
   [-Top <Int32>]
   [-ConsistencyLevel <String>]
   [-ResponseHeadersVariable <String>]
   [-Headers <IDictionary>]
   [-PageSize <Int32>]
   [-All]
   [-CountVariable <String>]
   [-ProgressAction <ActionPreference>]
   [<CommonParameters>]
Get-MgUserAppRoleAssignment
   -AppRoleAssignmentId <String>
   -UserId <String>
   [-ExpandProperty <String[]>]
   [-Property <String[]>]
   [-ConsistencyLevel <String>]
   [-ResponseHeadersVariable <String>]
   [-Headers <IDictionary>]
   [-ProgressAction <ActionPreference>]
   [<CommonParameters>]
Get-MgUserAppRoleAssignment
   -InputObject <IApplicationsIdentity>
   [-ExpandProperty <String[]>]
   [-Property <String[]>]
   [-ConsistencyLevel <String>]
   [-ResponseHeadersVariable <String>]
   [-Headers <IDictionary>]
   [-ProgressAction <ActionPreference>]
   [<CommonParameters>]

Description

Represents the app roles a user is granted for an application. Supports $expand.

Permissions

Permission type Least privileged permissions Higher privileged permissions
Delegated (work or school account) AppRoleAssignment.ReadWrite.All Directory.Read.All
Delegated (personal Microsoft account) Not supported. Not supported.
Application Directory.Read.All AppRoleAssignment.ReadWrite.All

Examples

Example 1: Get assigned app roles

Get-MgUserAppRoleAssignment -UserId "529827aa-d058-4821-a012-4de3ce093955" | 
  Format-List Id, AppRoleID, CreationTimeStamp, PrincipalDisplayName,PrincipalId, PrincipalType, ResourceDisplayName

Id                   : QQxVaKMYXkmqHc9ijBcbSFkvIqIpOSdOjXRyNBWe_zE
AppRoleId            : 00000000-0000-0000-0000-000000000000
PrincipalDisplayName : MOD Administrator
PrincipalId          : 529827aa-d058-4821-a012-4de3ce093955
PrincipalType        : User
ResourceDisplayName  : MOD Demo Platform UnifiedApiConsumer

Id                   : QQxVaKMYXkmqHc9ijBcbSDXNn98ZHl9Gg4yTKKIIUFA
AppRoleId            : 00000000-0000-0000-0000-000000000000
PrincipalDisplayName : MOD Administrator
PrincipalId          : 529827aa-d058-4821-a012-4de3ce093955
PrincipalType        : User
ResourceDisplayName  : dxprovisioning-worker-mfa

This command gets all the application roles that the selected user has been assigned.

Parameters

-All

List all pages.

Type:SwitchParameter
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-AppRoleAssignmentId

The unique identifier of appRoleAssignment

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-ConsistencyLevel

Indicates the requested consistency level. Documentation URL: https://docs.microsoft.com/graph/aad-advanced-queries

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-CountVariable

Specifies a count of the total number of items in a collection. By default, this variable will be set in the global scope.

Type:String
Aliases:CV
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ExpandProperty

Expand related entities

Type:String[]
Aliases:Expand
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Filter

Filter items by property values

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Headers

Optional headers that will be added to the request.

Type:IDictionary
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-InputObject

Identity Parameter To construct, see NOTES section for INPUTOBJECT properties and create a hash table.

Type:IApplicationsIdentity
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-PageSize

Sets the page size of results.

Type:Int32
Position:Named
Default value:0
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ProgressAction

{{ Fill ProgressAction Description }}

Type:ActionPreference
Aliases:proga
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Property

Select properties to be returned

Type:String[]
Aliases:Select
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ResponseHeadersVariable

Optional Response Headers Variable.

Type:String
Aliases:RHV
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Search items by search phrases

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Skip

Skip the first n items

Type:Int32
Position:Named
Default value:0
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Sort

Order items by property values

Type:String[]
Aliases:OrderBy
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Top

Show only the first n items

Type:Int32
Aliases:Limit
Position:Named
Default value:0
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-UserId

The unique identifier of user

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

Inputs

Microsoft.Graph.PowerShell.Models.IApplicationsIdentity

System.Collections.IDictionary

Outputs

Microsoft.Graph.PowerShell.Models.IMicrosoftGraphAppRoleAssignment

Notes

COMPLEX PARAMETER PROPERTIES

To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables.

INPUTOBJECT <IApplicationsIdentity>: Identity Parameter

  • [AppId <String>]: Alternate key of application
  • [AppManagementPolicyId <String>]: The unique identifier of appManagementPolicy
  • [AppRoleAssignmentId <String>]: The unique identifier of appRoleAssignment
  • [ApplicationId <String>]: The unique identifier of application
  • [ApplicationTemplateId <String>]: The unique identifier of applicationTemplate
  • [ClaimsMappingPolicyId <String>]: The unique identifier of claimsMappingPolicy
  • [DelegatedPermissionClassificationId <String>]: The unique identifier of delegatedPermissionClassification
  • [DirectoryDefinitionId <String>]: The unique identifier of directoryDefinition
  • [DirectoryObjectId <String>]: The unique identifier of directoryObject
  • [EndpointId <String>]: The unique identifier of endpoint
  • [ExtensionPropertyId <String>]: The unique identifier of extensionProperty
  • [FederatedIdentityCredentialId <String>]: The unique identifier of federatedIdentityCredential
  • [GroupId <String>]: The unique identifier of group
  • [HomeRealmDiscoveryPolicyId <String>]: The unique identifier of homeRealmDiscoveryPolicy
  • [Name <String>]: Alternate key of federatedIdentityCredential
  • [OAuth2PermissionGrantId <String>]: The unique identifier of oAuth2PermissionGrant
  • [ServicePrincipalId <String>]: The unique identifier of servicePrincipal
  • [SynchronizationJobId <String>]: The unique identifier of synchronizationJob
  • [SynchronizationTemplateId <String>]: The unique identifier of synchronizationTemplate
  • [TargetDeviceGroupId <String>]: The unique identifier of targetDeviceGroup
  • [TokenIssuancePolicyId <String>]: The unique identifier of tokenIssuancePolicy
  • [TokenLifetimePolicyId <String>]: The unique identifier of tokenLifetimePolicy
  • [UniqueName <String>]: Alternate key of application
  • [UserId <String>]: The unique identifier of user