Gerenciar o acesso aos recursos usando as APIs de gerenciamento de direitos no Microsoft Graph

Artigo
07/24/2023

Gerenciar o acesso a todos os recursos de que os funcionários precisam, como grupos, aplicativos e sites, é uma função importante para as organizações. Você deseja conceder aos funcionários o nível certo de acesso que eles precisam para serem produtivos e remover seu acesso quando ele não for mais necessário. O gerenciamento de direitos do Azure Active Directory (Azure AD) usando APIs do Microsoft Graph permite gerenciar esse tipo de acesso.

Neste tutorial, você aprenderá a desenvolver código para criar um pacote de recursos para uma campanha de marketing que os usuários internos podem solicitar por autoatendimento. As solicitações não exigem aprovação e o acesso do usuário expira após 30 dias. Para este tutorial, os recursos de campanha de marketing são apenas associação em um único grupo, mas pode ser uma coleção de grupos, aplicativos ou sites do SharePoint Online.

Observação

Os objetos de resposta mostrados neste tutorial podem ser abreviados para legibilidade.

Pré-requisitos

Para concluir este tutorial com êxito, verifique se você tem os pré-requisitos necessários:

Azure AD gerenciamento de direitos requer licenças específicas. Para obter mais informações, consulte Requisitos de licença. As seguintes licenças são necessárias em seu locatário:
- Azure AD Premium P2
- licença E5 de Enterprise Mobility + Security (EMS)
Entre em um cliente de API como Graph Explorer, Postman ou crie seu próprio aplicativo cliente para chamar o Microsoft Graph. Para chamar APIs do Microsoft Graph neste tutorial, você precisa usar uma conta com a função de Administrador Global.
Conceda a si mesmo as seguintes permissões delegadas: User.ReadWrite.All, Group.ReadWrite.Alle EntitlementManagement.ReadWrite.All.

Etapa 1: Criar uma conta de usuário e um grupo

Nesta etapa, você cria um grupo chamado Recursos de Marketing no diretório que é o recurso de destino para o gerenciamento de direitos. Você também cria uma conta de usuário configurada como um solicitante interno.

Criar uma conta de usuário

Para este tutorial, você cria uma conta de usuário usada para solicitar acesso aos recursos no pacote de acesso. Ao fazer essas chamadas, altere contoso.onmicrosoft.com para o nome de domínio do locatário. Encontre informações sobre locatários na página de visão geral do Azure Active Directory. Registre o valor da propriedade id que é retornada para ser usada posteriormente no tutorial.

Solicitação

POST https://graph.microsoft.com/v1.0/users
Content-type: application/json

{
  "accountEnabled":true,
  "displayName":"Requestor1",
  "mailNickname":"Requestor1",
  "userPrincipalName":"Requestor1@contoso.onmicrosoft.com",
  "passwordProfile": {
    "forceChangePasswordNextSignIn":true,
    "password":"Contoso1234"
  }
}


// Code snippets are only available for the latest version. Current version is 5.x

var graphClient = new GraphServiceClient(requestAdapter);

var requestBody = new User
{
	AccountEnabled = true,
	DisplayName = "Requestor1",
	MailNickname = "Requestor1",
	UserPrincipalName = "Requestor1@contoso.onmicrosoft.com",
	PasswordProfile = new PasswordProfile
	{
		ForceChangePasswordNextSignIn = true,
		Password = "Contoso1234",
	},
};
var result = await graphClient.Users.PostAsync(requestBody);


// THE CLI IS IN PREVIEW. NON-PRODUCTION USE ONLY
mgc users create --body '{\
  "accountEnabled":true,\
  "displayName":"Requestor1",\
  "mailNickname":"Requestor1",\
  "userPrincipalName":"Requestor1@contoso.onmicrosoft.com",\
  "passwordProfile": {\
    "forceChangePasswordNextSignIn":true,\
    "password":"Contoso1234"\
  }\
}\
'



import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
	  graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
	  //other-imports
)

graphClient := msgraphsdk.NewGraphServiceClientWithCredentials(cred, scopes)


requestBody := graphmodels.NewUser()
accountEnabled := true
requestBody.SetAccountEnabled(&accountEnabled) 
displayName := "Requestor1"
requestBody.SetDisplayName(&displayName) 
mailNickname := "Requestor1"
requestBody.SetMailNickname(&mailNickname) 
userPrincipalName := "Requestor1@contoso.onmicrosoft.com"
requestBody.SetUserPrincipalName(&userPrincipalName) 
passwordProfile := graphmodels.NewPasswordProfile()
forceChangePasswordNextSignIn := true
passwordProfile.SetForceChangePasswordNextSignIn(&forceChangePasswordNextSignIn) 
password := "Contoso1234"
passwordProfile.SetPassword(&password) 
requestBody.SetPasswordProfile(passwordProfile)

users, err := graphClient.Users().Post(context.Background(), requestBody, nil)


GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();

User user = new User();
user.accountEnabled = true;
user.displayName = "Requestor1";
user.mailNickname = "Requestor1";
user.userPrincipalName = "Requestor1@contoso.onmicrosoft.com";
PasswordProfile passwordProfile = new PasswordProfile();
passwordProfile.forceChangePasswordNextSignIn = true;
passwordProfile.password = "Contoso1234";
user.passwordProfile = passwordProfile;

graphClient.users()
	.buildRequest()
	.post(user);


const options = {
	authProvider,
};

const client = Client.init(options);

const user = {
  accountEnabled: true,
  displayName: 'Requestor1',
  mailNickname: 'Requestor1',
  userPrincipalName: 'Requestor1@contoso.onmicrosoft.com',
  passwordProfile: {
    forceChangePasswordNextSignIn: true,
    password: 'Contoso1234'
  }
};

await client.api('/users')
	.post(user);


<?php

// THIS SNIPPET IS A PREVIEW VERSION OF THE SDK. NON-PRODUCTION USE ONLY
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);

$requestBody = new User();
$requestBody->setAccountEnabled(true);
$requestBody->setDisplayName('Requestor1');
$requestBody->setMailNickname('Requestor1');
$requestBody->setUserPrincipalName('Requestor1@contoso.onmicrosoft.com');
$passwordProfile = new PasswordProfile();
$passwordProfile->setForceChangePasswordNextSignIn(true);
$passwordProfile->setPassword('Contoso1234');
$requestBody->setPasswordProfile($passwordProfile);

$result = $graphServiceClient->users()->post($requestBody)->wait();


Import-Module Microsoft.Graph.Users

$params = @{
	accountEnabled = $true
	displayName = "Requestor1"
	mailNickname = "Requestor1"
	userPrincipalName = "Requestor1@contoso.onmicrosoft.com"
	passwordProfile = @{
		forceChangePasswordNextSignIn = $true
		password = "Contoso1234"
	}
}

New-MgUser -BodyParameter $params


# THE PYTHON SDK IS IN PREVIEW. FOR NON-PRODUCTION USE ONLY

graph_client = GraphServiceClient(request_adapter)

request_body = User(
	account_enabled = True,
	display_name = "Requestor1",
	mail_nickname = "Requestor1",
	user_principal_name = "Requestor1@contoso.onmicrosoft.com",
	password_profile = PasswordProfile(
		force_change_password_next_sign_in = True,
		password = "Contoso1234",
	),
)

result = await graph_client.users.post(body = request_body)

Resposta

{
  "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users/$entity",
  "id": "007d1c7e-7fa8-4e33-b678-5e437acdcddc",
  "deletedDateTime": null,
  "accountEnabled": true,
  "ageGroup": null,
  "businessPhones": [],
  "city": null,
  "createdDateTime": null,
  "creationType": null,
  "companyName": null,
  "consentProvidedForMinor": null,
  "country": null,
  "department": null,
  "displayName": "Requestor1",
  "employeeId": null,
  "faxNumber": null,
  "givenName": null,
  "imAddresses": [],
  "infoCatalogs": [],
  "isResourceAccount": null,
  "jobTitle": null,
  "legalAgeGroupClassification": null,
  "mail": null,
  "mailNickname": "Requestor1",
}

Criar um grupo

Neste tutorial, você cria um grupo chamado Recursos de Marketing que é o recurso de destino para o gerenciamento de direitos. Você pode usar um grupo existente se já tiver um. Registre o valor da propriedade ID que é retornada a ser usada posteriormente neste tutorial.

Solicitação

POST https://graph.microsoft.com/v1.0/groups
Content-type: application/json

{
  "description":"Marketing group",
  "displayName":"Marketing resources",
  "mailEnabled":false,
  "mailNickname":"markres",
  "securityEnabled":true
}


// Code snippets are only available for the latest version. Current version is 5.x

var graphClient = new GraphServiceClient(requestAdapter);

var requestBody = new Group
{
	Description = "Marketing group",
	DisplayName = "Marketing resources",
	MailEnabled = false,
	MailNickname = "markres",
	SecurityEnabled = true,
};
var result = await graphClient.Groups.PostAsync(requestBody);


// THE CLI IS IN PREVIEW. NON-PRODUCTION USE ONLY
mgc groups create --body '{\
  "description":"Marketing group",\
  "displayName":"Marketing resources",\
  "mailEnabled":false,\
  "mailNickname":"markres",\
  "securityEnabled":true\
}\
'



import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
	  graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
	  //other-imports
)

graphClient := msgraphsdk.NewGraphServiceClientWithCredentials(cred, scopes)


requestBody := graphmodels.NewGroup()
description := "Marketing group"
requestBody.SetDescription(&description) 
displayName := "Marketing resources"
requestBody.SetDisplayName(&displayName) 
mailEnabled := false
requestBody.SetMailEnabled(&mailEnabled) 
mailNickname := "markres"
requestBody.SetMailNickname(&mailNickname) 
securityEnabled := true
requestBody.SetSecurityEnabled(&securityEnabled) 

groups, err := graphClient.Groups().Post(context.Background(), requestBody, nil)


GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();

Group group = new Group();
group.description = "Marketing group";
group.displayName = "Marketing resources";
group.mailEnabled = false;
group.mailNickname = "markres";
group.securityEnabled = true;

graphClient.groups()
	.buildRequest()
	.post(group);


const options = {
	authProvider,
};

const client = Client.init(options);

const group = {
  description: 'Marketing group',
  displayName: 'Marketing resources',
  mailEnabled: false,
  mailNickname: 'markres',
  securityEnabled: true
};

await client.api('/groups')
	.post(group);


<?php

// THIS SNIPPET IS A PREVIEW VERSION OF THE SDK. NON-PRODUCTION USE ONLY
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);

$requestBody = new Group();
$requestBody->setDescription('Marketing group');
$requestBody->setDisplayName('Marketing resources');
$requestBody->setMailEnabled(false);
$requestBody->setMailNickname('markres');
$requestBody->setSecurityEnabled(true);

$result = $graphServiceClient->groups()->post($requestBody)->wait();


Import-Module Microsoft.Graph.Groups

$params = @{
	description = "Marketing group"
	displayName = "Marketing resources"
	mailEnabled = $false
	mailNickname = "markres"
	securityEnabled = $true
}

New-MgGroup -BodyParameter $params


# THE PYTHON SDK IS IN PREVIEW. FOR NON-PRODUCTION USE ONLY

graph_client = GraphServiceClient(request_adapter)

request_body = Group(
	description = "Marketing group",
	display_name = "Marketing resources",
	mail_enabled = False,
	mail_nickname = "markres",
	security_enabled = True,
)

result = await graph_client.groups.post(body = request_body)

Resposta

{
  "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#groups/$entity",
  "id": "e93e24d1-2b65-4a6c-a1dd-654a12225487",
  "deletedDateTime": null,
  "classification": null,
  "createdDateTime": "2020-06-24T16:47:37Z",
  "createdByAppId": "de8bc8b5-d9f9-48b1-a8ad-b748da725064",
  "description": "Marketing group",
  "displayName": "Marketing resources",
  "expirationDateTime": null,
  "groupTypes": [],
  "infoCatalogs": [],
  "isAssignableToRole": null,
  "mail": null,
  "mailEnabled": false,
  "mailNickname": "markres"
}

Etapa 2: adicionar recursos a um catálogo e criar um pacote de acesso

Um pacote de acesso é um pacote de recursos que uma equipe ou projeto precisa e é regido com políticas. Os pacotes de acesso são definidos em contêineres chamados catálogos. Os catálogos podem referenciar recursos, como grupos, aplicativos e sites, que são usados no pacote de acesso. Nesta etapa, você cria um pacote de acesso à Campanha de Marketing no catálogo geral. Se você tiver um catálogo diferente, use seu nome na próxima seção.

Obter o identificador de catálogo

Para adicionar recursos ao catálogo, primeiro você deve obter o identificador dele. Se você estiver usando o catálogo geral, execute a solicitação a seguir para obter seu identificador. Se você estiver usando um calalog diferente, altere o valor do filtro na solicitação para o nome do catálogo. Registre o valor da propriedade ID que é retornada a ser usada posteriormente neste tutorial.

Solicitação

GET https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageCatalogs?$filter=(displayName eq 'General')


// Code snippets are only available for the latest version. Current version is 5.x

var graphClient = new GraphServiceClient(requestAdapter);

var result = await graphClient.IdentityGovernance.EntitlementManagement.AccessPackageCatalogs.GetAsync((requestConfiguration) =>
{
	requestConfiguration.QueryParameters.Filter = "(displayName eq 'General')";
});


// THE CLI IS IN PREVIEW. NON-PRODUCTION USE ONLY
mgc-beta identity-governance entitlement-management access-package-catalogs list --filter "(displayName eq 'General')"



import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
	  graphidentitygovernance "github.com/microsoftgraph/msgraph-beta-sdk-go/identitygovernance"
	  //other-imports
)

graphClient := msgraphsdk.NewGraphServiceClientWithCredentials(cred, scopes)



requestFilter := "(displayName eq 'General')"

requestParameters := &graphidentitygovernance.IdentityGovernanceEntitlementManagementAccessPackageCatalogsRequestBuilderGetQueryParameters{
	Filter: &requestFilter,
}
configuration := &graphidentitygovernance.IdentityGovernanceEntitlementManagementAccessPackageCatalogsRequestBuilderGetRequestConfiguration{
	QueryParameters: requestParameters,
}

accessPackageCatalogs, err := graphClient.IdentityGovernance().EntitlementManagement().AccessPackageCatalogs().Get(context.Background(), configuration)


GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();

AccessPackageCatalogCollectionPage accessPackageCatalogs = graphClient.identityGovernance().entitlementManagement().accessPackageCatalogs()
	.buildRequest()
	.filter("(displayName eq 'General')")
	.get();


const options = {
	authProvider,
};

const client = Client.init(options);

let accessPackageCatalogs = await client.api('/identityGovernance/entitlementManagement/accessPackageCatalogs')
	.version('beta')
	.filter('(displayName eq \'General\')')
	.get();


<?php

// THIS SNIPPET IS A PREVIEW VERSION OF THE SDK. NON-PRODUCTION USE ONLY
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);

$requestConfiguration = new AccessPackageCatalogsRequestBuilderGetRequestConfiguration();
$queryParameters = AccessPackageCatalogsRequestBuilderGetRequestConfiguration::createQueryParameters();
$queryParameters->filter = "(displayName eq 'General')";
$requestConfiguration->queryParameters = $queryParameters;


$result = $graphServiceClient->identityGovernance()->entitlementManagement()->accessPackageCatalogs()->get($requestConfiguration)->wait();


Import-Module Microsoft.Graph.Beta.Identity.Governance

Get-MgBetaEntitlementManagementAccessPackageCatalog -Filter "(displayName eq 'General')"


# THE PYTHON SDK IS IN PREVIEW. FOR NON-PRODUCTION USE ONLY

graph_client = GraphServiceClient(request_adapter)

query_params = AccessPackageCatalogsRequestBuilder.AccessPackageCatalogsRequestBuilderGetQueryParameters(
		filter = "(displayName eq 'General')",
)

request_configuration = AccessPackageCatalogsRequestBuilder.AccessPackageCatalogsRequestBuilderGetRequestConfiguration(
query_parameters = query_params,
)

result = await graph_client.identity_governance.entitlement_management.acces_package_catalogs.get(request_configuration = request_configuration)

Resposta

{
  "@odata.context": "https://graph.microsoft.com/beta/$metadata#accessPackageCatalogs",
  "value": [ 
    {
      "id": "cec5d6ab-c75d-47c0-9c1c-92e89f66e384",
      "displayName": "General",
      "description": "Built-in catalog.",
      "catalogType": "ServiceDefault",
      "catalogStatus": "Published",
      "isExternallyVisible": true,
      "createdBy": "Azure AD",
      "createdDateTime": "2020-05-30T10:58:05.363Z",
      "modifiedBy": "Azure AD",
      "modifiedDateTime": "2020-05-30T10:58:05.363Z"
    }
  ]
}

A resposta deve conter apenas o catálogo cujo nome você forneceu na solicitação. Se não houver valores retornados, marcar que o nome do catálogo esteja correto antes de prosseguir.

Adicionar o grupo ao catálogo

Para adicionar o grupo que você criou ao catálogo, forneça os seguintes valores de propriedade:

catalogId - a ID do catálogo que você está usando
displayName - o nome do grupo
description - a descrição do grupo
originId - a id do grupo que você criou

Solicitação

POST https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageResourceRequests
Content-type: application/json

{
  "catalogId":"cec5d6ab-c75d-47c0-9c1c-92e89f66e384",
  "requestType": "AdminAdd",
  "justification": "",
  "accessPackageResource": {
    "displayName": "Marketing resources",
    "description": "Marketing group",
    "resourceType": "AadGroup",
    "originId": "e93e24d1-2b65-4a6c-a1dd-654a12225487",
    "originSystem": "AadGroup"
  }
}


// Code snippets are only available for the latest version. Current version is 5.x

var graphClient = new GraphServiceClient(requestAdapter);

var requestBody = new AccessPackageResourceRequest
{
	CatalogId = "cec5d6ab-c75d-47c0-9c1c-92e89f66e384",
	RequestType = "AdminAdd",
	Justification = "",
	AccessPackageResource = new AccessPackageResource
	{
		DisplayName = "Marketing resources",
		Description = "Marketing group",
		ResourceType = "AadGroup",
		OriginId = "e93e24d1-2b65-4a6c-a1dd-654a12225487",
		OriginSystem = "AadGroup",
	},
};
var result = await graphClient.IdentityGovernance.EntitlementManagement.AccessPackageResourceRequests.PostAsync(requestBody);


// THE CLI IS IN PREVIEW. NON-PRODUCTION USE ONLY
mgc-beta identity-governance entitlement-management access-package-resource-requests create --body '{\
  "catalogId":"cec5d6ab-c75d-47c0-9c1c-92e89f66e384",\
  "requestType": "AdminAdd",\
  "justification": "",\
  "accessPackageResource": {\
    "displayName": "Marketing resources",\
    "description": "Marketing group",\
    "resourceType": "AadGroup",\
    "originId": "e93e24d1-2b65-4a6c-a1dd-654a12225487",\
    "originSystem": "AadGroup"\
  }\
}\
'



import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
	  graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
	  //other-imports
)

graphClient := msgraphsdk.NewGraphServiceClientWithCredentials(cred, scopes)


requestBody := graphmodels.NewAccessPackageResourceRequest()
catalogId := "cec5d6ab-c75d-47c0-9c1c-92e89f66e384"
requestBody.SetCatalogId(&catalogId) 
requestType := "AdminAdd"
requestBody.SetRequestType(&requestType) 
justification := ""
requestBody.SetJustification(&justification) 
accessPackageResource := graphmodels.NewAccessPackageResource()
displayName := "Marketing resources"
accessPackageResource.SetDisplayName(&displayName) 
description := "Marketing group"
accessPackageResource.SetDescription(&description) 
resourceType := "AadGroup"
accessPackageResource.SetResourceType(&resourceType) 
originId := "e93e24d1-2b65-4a6c-a1dd-654a12225487"
accessPackageResource.SetOriginId(&originId) 
originSystem := "AadGroup"
accessPackageResource.SetOriginSystem(&originSystem) 
requestBody.SetAccessPackageResource(accessPackageResource)

accessPackageResourceRequests, err := graphClient.IdentityGovernance().EntitlementManagement().AccessPackageResourceRequests().Post(context.Background(), requestBody, nil)


GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();

AccessPackageResourceRequest accessPackageResourceRequest = new AccessPackageResourceRequest();
accessPackageResourceRequest.catalogId = "cec5d6ab-c75d-47c0-9c1c-92e89f66e384";
accessPackageResourceRequest.requestType = "AdminAdd";
accessPackageResourceRequest.justification = "";
AccessPackageResource accessPackageResource = new AccessPackageResource();
accessPackageResource.displayName = "Marketing resources";
accessPackageResource.description = "Marketing group";
accessPackageResource.resourceType = "AadGroup";
accessPackageResource.originId = "e93e24d1-2b65-4a6c-a1dd-654a12225487";
accessPackageResource.originSystem = "AadGroup";
accessPackageResourceRequest.accessPackageResource = accessPackageResource;

graphClient.identityGovernance().entitlementManagement().accessPackageResourceRequests()
	.buildRequest()
	.post(accessPackageResourceRequest);


const options = {
	authProvider,
};

const client = Client.init(options);

const accessPackageResourceRequest = {
  catalogId: 'cec5d6ab-c75d-47c0-9c1c-92e89f66e384',
  requestType: 'AdminAdd',
  justification: '',
  accessPackageResource: {
    displayName: 'Marketing resources',
    description: 'Marketing group',
    resourceType: 'AadGroup',
    originId: 'e93e24d1-2b65-4a6c-a1dd-654a12225487',
    originSystem: 'AadGroup'
  }
};

await client.api('/identityGovernance/entitlementManagement/accessPackageResourceRequests')
	.version('beta')
	.post(accessPackageResourceRequest);


<?php

// THIS SNIPPET IS A PREVIEW VERSION OF THE SDK. NON-PRODUCTION USE ONLY
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);

$requestBody = new AccessPackageResourceRequest();
$requestBody->setCatalogId('cec5d6ab-c75d-47c0-9c1c-92e89f66e384');
$requestBody->setRequestType('AdminAdd');
$requestBody->setJustification('');
$accessPackageResource = new AccessPackageResource();
$accessPackageResource->setDisplayName('Marketing resources');
$accessPackageResource->setDescription('Marketing group');
$accessPackageResource->setResourceType('AadGroup');
$accessPackageResource->setOriginId('e93e24d1-2b65-4a6c-a1dd-654a12225487');
$accessPackageResource->setOriginSystem('AadGroup');
$requestBody->setAccessPackageResource($accessPackageResource);

$result = $graphServiceClient->identityGovernance()->entitlementManagement()->accessPackageResourceRequests()->post($requestBody)->wait();


Import-Module Microsoft.Graph.Beta.Identity.Governance

$params = @{
	catalogId = "cec5d6ab-c75d-47c0-9c1c-92e89f66e384"
	requestType = "AdminAdd"
	justification = ""
	accessPackageResource = @{
		displayName = "Marketing resources"
		description = "Marketing group"
		resourceType = "AadGroup"
		originId = "e93e24d1-2b65-4a6c-a1dd-654a12225487"
		originSystem = "AadGroup"
	}
}

New-MgBetaEntitlementManagementAccessPackageResourceRequest -BodyParameter $params


# THE PYTHON SDK IS IN PREVIEW. FOR NON-PRODUCTION USE ONLY

graph_client = GraphServiceClient(request_adapter)

request_body = AccessPackageResourceRequest(
	catalog_id = "cec5d6ab-c75d-47c0-9c1c-92e89f66e384",
	request_type = "AdminAdd",
	justification = "",
	access_package_resource = AccessPackageResource(
		display_name = "Marketing resources",
		description = "Marketing group",
		resource_type = "AadGroup",
		origin_id = "e93e24d1-2b65-4a6c-a1dd-654a12225487",
		origin_system = "AadGroup",
	),
)

result = await graph_client.identity_governance.entitlement_management.acces_package_resource_requests.post(body = request_body)

Resposta

{
  "@odata.context": "https://graph.microsoft.com/beta/$metadata#identityGovernance/entitlementManagement/accessPackageResourceRequests/$entity",
  "catalogId": "cec5d6ab-c75d-47c0-9c1c-92e89f66e384",
  "executeImmediately": false,
  "id": "44e521e0-fb6b-4d5e-a282-e7e68dc59493",
  "requestType": "AdminAdd",
  "requestState": "Delivered",
  "requestStatus": "Fulfilled",
  "isValidationOnly": false,
  "expirationDateTime": null,
  "justification": ""
}

Obter recursos de catálogo

Em etapas posteriores neste tutorial, você precisa da ID atribuída ao recurso de grupo no catálogo. Esse identificador, que representa o grupo como um recurso no catálogo, é diferente do identificador do próprio grupo no Microsoft Graph. Isso ocorre porque um catálogo pode ter recursos que não são representados no Microsoft Graph.

Na solicitação, forneça a ID do catálogo que você está usando. Registre o valor da propriedade id para o recurso de catálogo de grupo.

Solicitação

GET https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageCatalogs/cec5d6ab-c75d-47c0-9c1c-92e89f66e384/accessPackageResources?$filter=(displayName eq 'Marketing resources')


// Code snippets are only available for the latest version. Current version is 5.x

var graphClient = new GraphServiceClient(requestAdapter);

var result = await graphClient.IdentityGovernance.EntitlementManagement.AccessPackageCatalogs["{accessPackageCatalog-id}"].AccessPackageResources.GetAsync((requestConfiguration) =>
{
	requestConfiguration.QueryParameters.Filter = "(displayName eq 'Marketing resources')";
});


// THE CLI IS IN PREVIEW. NON-PRODUCTION USE ONLY
mgc-beta identity-governance entitlement-management access-package-catalogs access-package-resources list --access-package-catalog-id {accessPackageCatalog-id} --filter "(displayName eq 'Marketing resources')"



import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
	  graphidentitygovernance "github.com/microsoftgraph/msgraph-beta-sdk-go/identitygovernance"
	  //other-imports
)

graphClient := msgraphsdk.NewGraphServiceClientWithCredentials(cred, scopes)



requestFilter := "(displayName eq 'Marketing resources')"

requestParameters := &graphidentitygovernance.IdentityGovernanceEntitlementManagementAccessPackageCatalogItemAccessPackageResourcesRequestBuilderGetQueryParameters{
	Filter: &requestFilter,
}
configuration := &graphidentitygovernance.IdentityGovernanceEntitlementManagementAccessPackageCatalogItemAccessPackageResourcesRequestBuilderGetRequestConfiguration{
	QueryParameters: requestParameters,
}

accessPackageResources, err := graphClient.IdentityGovernance().EntitlementManagement().AccessPackageCatalogs().ByAccessPackageCatalogId("accessPackageCatalog-id").AccessPackageResources().Get(context.Background(), configuration)


GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();

AccessPackageResourceCollectionPage accessPackageResources = graphClient.identityGovernance().entitlementManagement().accessPackageCatalogs("cec5d6ab-c75d-47c0-9c1c-92e89f66e384").accessPackageResources()
	.buildRequest()
	.filter("(displayName eq 'Marketing resources')")
	.get();


const options = {
	authProvider,
};

const client = Client.init(options);

let accessPackageResources = await client.api('/identityGovernance/entitlementManagement/accessPackageCatalogs/cec5d6ab-c75d-47c0-9c1c-92e89f66e384/accessPackageResources')
	.version('beta')
	.filter('(displayName eq \'Marketing resources\')')
	.get();


<?php

// THIS SNIPPET IS A PREVIEW VERSION OF THE SDK. NON-PRODUCTION USE ONLY
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);

$requestConfiguration = new AccessPackageResourcesRequestBuilderGetRequestConfiguration();
$queryParameters = AccessPackageResourcesRequestBuilderGetRequestConfiguration::createQueryParameters();
$queryParameters->filter = "(displayName eq 'Marketing resources')";
$requestConfiguration->queryParameters = $queryParameters;


$result = $graphServiceClient->identityGovernance()->entitlementManagement()->accessPackageCatalogs()->byAccessPackageCatalogId('accessPackageCatalog-id')->accessPackageResources()->get($requestConfiguration)->wait();


Import-Module Microsoft.Graph.Beta.Identity.Governance

Get-MgBetaEntitlementManagementAccessPackageCatalogAccessPackageResource -AccessPackageCatalogId $accessPackageCatalogId -Filter "(displayName eq 'Marketing resources')"


# THE PYTHON SDK IS IN PREVIEW. FOR NON-PRODUCTION USE ONLY

graph_client = GraphServiceClient(request_adapter)

query_params = AccessPackageResourcesRequestBuilder.AccessPackageResourcesRequestBuilderGetQueryParameters(
		filter = "(displayName eq 'Marketing resources')",
)

request_configuration = AccessPackageResourcesRequestBuilder.AccessPackageResourcesRequestBuilderGetRequestConfiguration(
query_parameters = query_params,
)

result = await graph_client.identity_governance.entitlement_management.acce_package_catalogs.by_acce_package_catalog_id('accessPackageCatalog-id').acces_package_resources.get(request_configuration = request_configuration)

Resposta

{
  "@odata.context": "https://graph.microsoft.com/beta/$metadata#accessPackageResources",
  "value": [
    {
      "id": "4a1e21c5-8a76-4578-acb1-641160e076e8",
      "displayName": "Marketing resources",
      "description": "Marketing group",
      "url": "https://account.activedirectory.windowsazure.com/r?tenantId=d3030981-8fb9-4919-9980-5580caeddd75#/manageMembership?objectType=Group&objectId=e93e24d1-2b65-4a6c-a1dd-654a12225487",
      "resourceType": "Security Group",
      "originId": "e93e24d1-2b65-4a6c-a1dd-654a12225487",
      "originSystem": "AadGroup",
      "isPendingOnboarding": false,
      "addedBy": "admin@contoso.onmicrosoft.com",
      "addedOn": "2020-08-21T19:27:29.967Z"
    }
  ]
}

Obter funções de recursos

O pacote de acesso atribui os usuários às funções de um recurso. A função típica de um grupo é a função membro. Outros recursos, como sites e aplicativos do SharePoint Online, podem ter várias funções. A função típica de um grupo usado em um pacote de acesso é a função membro. Você precisará da função membro ao adicionar uma função de recurso ao pacote de acesso mais tarde neste tutorial.

Na solicitação, use a ID do catálogo e a ID do recurso de grupo no catálogo que você gravou para obter a origemId da função de recurso membro. Registre o valor da propriedade originId a ser usada posteriormente neste tutorial.

Solicitação

GET https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageCatalogs/cec5d6ab-c75d-47c0-9c1c-92e89f66e384/accessPackageResourceRoles?$filter=(originSystem+eq+%27AadGroup%27+and+accessPackageResource/id+eq+%274a1e21c5-8a76-4578-acb1-641160e076e8%27+and+displayName+eq+%27Member%27)&$expand=accessPackageResource


// Code snippets are only available for the latest version. Current version is 5.x

var graphClient = new GraphServiceClient(requestAdapter);

var result = await graphClient.IdentityGovernance.EntitlementManagement.AccessPackageCatalogs["{accessPackageCatalog-id}"].AccessPackageResourceRoles.GetAsync((requestConfiguration) =>
{
	requestConfiguration.QueryParameters.Filter = "(originSystem eq 'AadGroup' and accessPackageResource/id eq '4a1e21c5-8a76-4578-acb1-641160e076e8' and displayName eq 'Member')";
	requestConfiguration.QueryParameters.Expand = new string []{ "accessPackageResource" };
});


// THE CLI IS IN PREVIEW. NON-PRODUCTION USE ONLY
mgc-beta identity-governance entitlement-management access-package-catalogs access-package-resource-roles list --access-package-catalog-id {accessPackageCatalog-id} --filter "(originSystem eq 'AadGroup' and accessPackageResource/id eq '4a1e21c5-8a76-4578-acb1-641160e076e8' and displayName eq 'Member')" --expand "accessPackageResource"



import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
	  graphidentitygovernance "github.com/microsoftgraph/msgraph-beta-sdk-go/identitygovernance"
	  //other-imports
)

graphClient := msgraphsdk.NewGraphServiceClientWithCredentials(cred, scopes)



requestFilter := "(originSystem eq 'AadGroup' and accessPackageResource/id eq '4a1e21c5-8a76-4578-acb1-641160e076e8' and displayName eq 'Member')"

requestParameters := &graphidentitygovernance.IdentityGovernanceEntitlementManagementAccessPackageCatalogItemAccessPackageResourceRolesRequestBuilderGetQueryParameters{
	Filter: &requestFilter,
	Expand: [] string {"accessPackageResource"},
}
configuration := &graphidentitygovernance.IdentityGovernanceEntitlementManagementAccessPackageCatalogItemAccessPackageResourceRolesRequestBuilderGetRequestConfiguration{
	QueryParameters: requestParameters,
}

accessPackageResourceRoles, err := graphClient.IdentityGovernance().EntitlementManagement().AccessPackageCatalogs().ByAccessPackageCatalogId("accessPackageCatalog-id").AccessPackageResourceRoles().Get(context.Background(), configuration)


GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();

AccessPackageResourceRoleCollectionPage accessPackageResourceRoles = graphClient.identityGovernance().entitlementManagement().accessPackageCatalogs("cec5d6ab-c75d-47c0-9c1c-92e89f66e384").accessPackageResourceRoles()
	.buildRequest()
	.filter("(originSystem eq 'AadGroup' and accessPackageResource/id eq '4a1e21c5-8a76-4578-acb1-641160e076e8' and displayName eq 'Member')")
	.expand("accessPackageResource/id eq '4a1e21c5-8a76-4578-acb1-641160e076e8' and displayName eq 'Member')")
	.get();


const options = {
	authProvider,
};

const client = Client.init(options);

let accessPackageResourceRoles = await client.api('/identityGovernance/entitlementManagement/accessPackageCatalogs/cec5d6ab-c75d-47c0-9c1c-92e89f66e384/accessPackageResourceRoles')
	.version('beta')
	.filter('(originSystem eq \'AadGroup\' and accessPackageResource/id eq \'4a1e21c5-8a76-4578-acb1-641160e076e8\' and displayName eq \'Member\')')
	.expand('accessPackageResource/id eq \'4a1e21c5-8a76-4578-acb1-641160e076e8\' and displayName eq \'Member\')')
	.get();


<?php

// THIS SNIPPET IS A PREVIEW VERSION OF THE SDK. NON-PRODUCTION USE ONLY
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);

$requestConfiguration = new AccessPackageResourceRolesRequestBuilderGetRequestConfiguration();
$queryParameters = AccessPackageResourceRolesRequestBuilderGetRequestConfiguration::createQueryParameters();
$queryParameters->filter = "(originSystem eq 'AadGroup' and accessPackageResource/id eq '4a1e21c5-8a76-4578-acb1-641160e076e8' and displayName eq 'Member')";
$queryParameters->expand = ["accessPackageResource"];
$requestConfiguration->queryParameters = $queryParameters;


$result = $graphServiceClient->identityGovernance()->entitlementManagement()->accessPackageCatalogs()->byAccessPackageCatalogId('accessPackageCatalog-id')->accessPackageResourceRoles()->get($requestConfiguration)->wait();


Import-Module Microsoft.Graph.Beta.Identity.Governance

Get-MgBetaEntitlementManagementAccessPackageCatalogAccessPackageResourceRole -AccessPackageCatalogId $accessPackageCatalogId -Filter "(originSystem eq 'AadGroup' and accessPackageResource/id eq '4a1e21c5-8a76-4578-acb1-641160e076e8' and displayName eq 'Member')" -ExpandProperty "accessPackageResource"


# THE PYTHON SDK IS IN PREVIEW. FOR NON-PRODUCTION USE ONLY

graph_client = GraphServiceClient(request_adapter)

query_params = AccessPackageResourceRolesRequestBuilder.AccessPackageResourceRolesRequestBuilderGetQueryParameters(
		filter = "(originSystem eq 'AadGroup' and accessPackageResource/id eq '4a1e21c5-8a76-4578-acb1-641160e076e8' and displayName eq 'Member')",
		expand = ["accessPackageResource"],
)

request_configuration = AccessPackageResourceRolesRequestBuilder.AccessPackageResourceRolesRequestBuilderGetRequestConfiguration(
query_parameters = query_params,
)

result = await graph_client.identity_governance.entitlement_management.acce_package_catalogs.by_acce_package_catalog_id('accessPackageCatalog-id').acces_package_resource_roles.get(request_configuration = request_configuration)

Resposta

{
  "@odata.context": "https://graph.microsoft.com/beta/$metadata#identityGovernance/entitlementManagement/accessPackageCatalogs('ede67938-cda7-4127-a9ca-7c7bf86a19b7')/accessPackageResourceRoles(accessPackageResource())",
  "value": [
    {
      "id": "00000000-0000-0000-0000-000000000000",
      "displayName": "Member",
      "description": null,
      "originSystem": "AadGroup",
      "originId": "Member_e93e24d1-2b65-4a6c-a1dd-654a12225487",
      "accessPackageResource": {
        "id": "4a1e21c5-8a76-4578-acb1-641160e076e8",
        "displayName": "Marketing resources",
        "description": "Marketing group",
        "url": "https://account.activedirectory.windowsazure.com/r?tenantId=d3030981-8fb9-4919-9980-5580caeddd75#/manageMembership?objectType=Group&objectId=e93e24d1-2b65-4a6c-a1dd-654a12225487",
        "resourceType": "Security Group",
        "originId": "e93e24d1-2b65-4a6c-a1dd-654a12225487",
        "originSystem": "AadGroup",
        "isPendingOnboarding": false,
        "addedBy": "admin@contoso.onmicrosoft.com",
        "addedOn": "2020-06-26T17:13:23.723Z",
        "accessPackageResourceScopes": []
      }
    }
  ]
}

Se for bem-sucedido, um único valor será retornado, o que representa a função membro desse grupo. Se nenhuma função for retornada, marcar os valores de ID do catálogo e o recurso do pacote de acesso.

Criar o pacote de acesso

Neste ponto, você tem um catálogo com um recurso de grupo e sabe que usará a função de recurso do membro do grupo no pacote de acesso. A próxima etapa é criar o pacote de acesso. Depois de ter o pacote de acesso, você pode adicionar a função de recurso a ele e criar uma política de como os usuários podem solicitar acesso a essa função de recurso. Você usa a ID do catálogo que você gravou anteriormente para criar o pacote de acesso. Registre a ID do pacote de acesso a ser usado posteriormente neste tutorial.

Solicitação

POST https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackages
Content-type: application/json

{
  "catalogId": "cec5d6ab-c75d-47c0-9c1c-92e89f66e384",
  "displayName": "Marketing Campaign",
  "description": "Access to resources for the campaign"
}


// Code snippets are only available for the latest version. Current version is 5.x

var graphClient = new GraphServiceClient(requestAdapter);

var requestBody = new AccessPackage
{
	CatalogId = "cec5d6ab-c75d-47c0-9c1c-92e89f66e384",
	DisplayName = "Marketing Campaign",
	Description = "Access to resources for the campaign",
};
var result = await graphClient.IdentityGovernance.EntitlementManagement.AccessPackages.PostAsync(requestBody);


// THE CLI IS IN PREVIEW. NON-PRODUCTION USE ONLY
mgc-beta identity-governance entitlement-management access-packages create --body '{\
  "catalogId": "cec5d6ab-c75d-47c0-9c1c-92e89f66e384",\
  "displayName": "Marketing Campaign",\
  "description": "Access to resources for the campaign"\
}\
'



import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
	  graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
	  //other-imports
)

graphClient := msgraphsdk.NewGraphServiceClientWithCredentials(cred, scopes)


requestBody := graphmodels.NewAccessPackage()
catalogId := "cec5d6ab-c75d-47c0-9c1c-92e89f66e384"
requestBody.SetCatalogId(&catalogId) 
displayName := "Marketing Campaign"
requestBody.SetDisplayName(&displayName) 
description := "Access to resources for the campaign"
requestBody.SetDescription(&description) 

accessPackages, err := graphClient.IdentityGovernance().EntitlementManagement().AccessPackages().Post(context.Background(), requestBody, nil)


GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();

AccessPackage accessPackage = new AccessPackage();
accessPackage.catalogId = "cec5d6ab-c75d-47c0-9c1c-92e89f66e384";
accessPackage.displayName = "Marketing Campaign";
accessPackage.description = "Access to resources for the campaign";

graphClient.identityGovernance().entitlementManagement().accessPackages()
	.buildRequest()
	.post(accessPackage);


const options = {
	authProvider,
};

const client = Client.init(options);

const accessPackage = {
  catalogId: 'cec5d6ab-c75d-47c0-9c1c-92e89f66e384',
  displayName: 'Marketing Campaign',
  description: 'Access to resources for the campaign'
};

await client.api('/identityGovernance/entitlementManagement/accessPackages')
	.version('beta')
	.post(accessPackage);


<?php

// THIS SNIPPET IS A PREVIEW VERSION OF THE SDK. NON-PRODUCTION USE ONLY
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);

$requestBody = new AccessPackage();
$requestBody->setCatalogId('cec5d6ab-c75d-47c0-9c1c-92e89f66e384');
$requestBody->setDisplayName('Marketing Campaign');
$requestBody->setDescription('Access to resources for the campaign');

$result = $graphServiceClient->identityGovernance()->entitlementManagement()->accessPackages()->post($requestBody)->wait();


Import-Module Microsoft.Graph.Beta.Identity.Governance

$params = @{
	catalogId = "cec5d6ab-c75d-47c0-9c1c-92e89f66e384"
	displayName = "Marketing Campaign"
	description = "Access to resources for the campaign"
}

New-MgBetaEntitlementManagementAccessPackage -BodyParameter $params


# THE PYTHON SDK IS IN PREVIEW. FOR NON-PRODUCTION USE ONLY

graph_client = GraphServiceClient(request_adapter)

request_body = AccessPackage(
	catalog_id = "cec5d6ab-c75d-47c0-9c1c-92e89f66e384",
	display_name = "Marketing Campaign",
	description = "Access to resources for the campaign",
)

result = await graph_client.identity_governance.entitlement_management.acces_packages.post(body = request_body)

Resposta

{
  "@odata.context": "https://graph.microsoft.com/beta/$metadata#identityGovernance/entitlementManagement/accessPackages/$entity",
  "id": "88203d16-0e31-41d4-87b2-dd402f1435e9",
  "catalogId": "cec5d6ab-c75d-47c0-9c1c-92e89f66e384",
  "displayName": "Marketing Campaign",
  "description": "Access to resources for the campaign",
  "isHidden": false,
  "isRoleScopesVisible": false,
  "createdBy": "admin@contoso.onmicrosoft.com",
  "createdDateTime": "2020-08-21T19:45:33.2042281Z",
  "modifiedBy": "admin@contoso.onmicrosoft.com",
  "modifiedDateTime": "2020-08-21T19:45:33.2042281Z"
}

Adicionar uma função de recurso ao pacote de acesso

Adicione a função Membro do recurso de grupo ao pacote de acesso. Na solicitação, forneça a ID do pacote de acesso. No corpo da solicitação, forneça a ID do recurso de catálogo de grupo para accessPackageResource e forneça a origemId da função Membro que você gravou anteriormente.

Solicitação

POST https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackages/88203d16-0e31-41d4-87b2-dd402f1435e9/accessPackageResourceRoleScopes
Content-type: application/json

{
  "accessPackageResourceRole": {
    "originId":"Member_e93e24d1-2b65-4a6c-a1dd-654a12225487",
    "displayName":"Member",
    "originSystem":"AadGroup",
    "accessPackageResource": {
      "id":"4a1e21c5-8a76-4578-acb1-641160e076e8","resourceType":"Security Group",  
      "originId":"e93e24d1-2b65-4a6c-a1dd-654a12225487","originSystem":"AadGroup"
    }
  },
  "accessPackageResourceScope": {
    "originId":"e93e24d1-2b65-4a6c-a1dd-654a12225487","originSystem":"AadGroup"
  }
}


// Code snippets are only available for the latest version. Current version is 5.x

var graphClient = new GraphServiceClient(requestAdapter);

var requestBody = new AccessPackageResourceRoleScope
{
	AccessPackageResourceRole = new AccessPackageResourceRole
	{
		OriginId = "Member_e93e24d1-2b65-4a6c-a1dd-654a12225487",
		DisplayName = "Member",
		OriginSystem = "AadGroup",
		AccessPackageResource = new AccessPackageResource
		{
			Id = "4a1e21c5-8a76-4578-acb1-641160e076e8",
			ResourceType = "Security Group",
			OriginId = "e93e24d1-2b65-4a6c-a1dd-654a12225487",
			OriginSystem = "AadGroup",
		},
	},
	AccessPackageResourceScope = new AccessPackageResourceScope
	{
		OriginId = "e93e24d1-2b65-4a6c-a1dd-654a12225487",
		OriginSystem = "AadGroup",
	},
};
var result = await graphClient.IdentityGovernance.EntitlementManagement.AccessPackages["{accessPackage-id}"].AccessPackageResourceRoleScopes.PostAsync(requestBody);


// THE CLI IS IN PREVIEW. NON-PRODUCTION USE ONLY
mgc-beta identity-governance entitlement-management access-packages access-package-resource-role-scopes create --access-package-id {accessPackage-id} --body '{\
  "accessPackageResourceRole": {\
    "originId":"Member_e93e24d1-2b65-4a6c-a1dd-654a12225487",\
    "displayName":"Member",\
    "originSystem":"AadGroup",\
    "accessPackageResource": {\
      "id":"4a1e21c5-8a76-4578-acb1-641160e076e8","resourceType":"Security Group",  \
      "originId":"e93e24d1-2b65-4a6c-a1dd-654a12225487","originSystem":"AadGroup"\
    }\
  },\
  "accessPackageResourceScope": {\
    "originId":"e93e24d1-2b65-4a6c-a1dd-654a12225487","originSystem":"AadGroup"\
  }\
}\
'



import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
	  graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
	  //other-imports
)

graphClient := msgraphsdk.NewGraphServiceClientWithCredentials(cred, scopes)


requestBody := graphmodels.NewAccessPackageResourceRoleScope()
accessPackageResourceRole := graphmodels.NewAccessPackageResourceRole()
originId := "Member_e93e24d1-2b65-4a6c-a1dd-654a12225487"
accessPackageResourceRole.SetOriginId(&originId) 
displayName := "Member"
accessPackageResourceRole.SetDisplayName(&displayName) 
originSystem := "AadGroup"
accessPackageResourceRole.SetOriginSystem(&originSystem) 
accessPackageResource := graphmodels.NewAccessPackageResource()
id := "4a1e21c5-8a76-4578-acb1-641160e076e8"
accessPackageResource.SetId(&id) 
resourceType := "Security Group"
accessPackageResource.SetResourceType(&resourceType) 
originId := "e93e24d1-2b65-4a6c-a1dd-654a12225487"
accessPackageResource.SetOriginId(&originId) 
originSystem := "AadGroup"
accessPackageResource.SetOriginSystem(&originSystem) 
accessPackageResourceRole.SetAccessPackageResource(accessPackageResource)
requestBody.SetAccessPackageResourceRole(accessPackageResourceRole)
accessPackageResourceScope := graphmodels.NewAccessPackageResourceScope()
originId := "e93e24d1-2b65-4a6c-a1dd-654a12225487"
accessPackageResourceScope.SetOriginId(&originId) 
originSystem := "AadGroup"
accessPackageResourceScope.SetOriginSystem(&originSystem) 
requestBody.SetAccessPackageResourceScope(accessPackageResourceScope)

accessPackageResourceRoleScopes, err := graphClient.IdentityGovernance().EntitlementManagement().AccessPackages().ByAccessPackageId("accessPackage-id").AccessPackageResourceRoleScopes().Post(context.Background(), requestBody, nil)


GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();

AccessPackageResourceRoleScope accessPackageResourceRoleScope = new AccessPackageResourceRoleScope();
AccessPackageResourceRole accessPackageResourceRole = new AccessPackageResourceRole();
accessPackageResourceRole.originId = "Member_e93e24d1-2b65-4a6c-a1dd-654a12225487";
accessPackageResourceRole.displayName = "Member";
accessPackageResourceRole.originSystem = "AadGroup";
AccessPackageResource accessPackageResource = new AccessPackageResource();
accessPackageResource.id = "4a1e21c5-8a76-4578-acb1-641160e076e8";
accessPackageResource.resourceType = "Security Group";
accessPackageResource.originId = "e93e24d1-2b65-4a6c-a1dd-654a12225487";
accessPackageResource.originSystem = "AadGroup";
accessPackageResourceRole.accessPackageResource = accessPackageResource;
accessPackageResourceRoleScope.accessPackageResourceRole = accessPackageResourceRole;
AccessPackageResourceScope accessPackageResourceScope = new AccessPackageResourceScope();
accessPackageResourceScope.originId = "e93e24d1-2b65-4a6c-a1dd-654a12225487";
accessPackageResourceScope.originSystem = "AadGroup";
accessPackageResourceRoleScope.accessPackageResourceScope = accessPackageResourceScope;

graphClient.identityGovernance().entitlementManagement().accessPackages("88203d16-0e31-41d4-87b2-dd402f1435e9").accessPackageResourceRoleScopes()
	.buildRequest()
	.post(accessPackageResourceRoleScope);


const options = {
	authProvider,
};

const client = Client.init(options);

const accessPackageResourceRoleScope = {
  accessPackageResourceRole: {
    originId: 'Member_e93e24d1-2b65-4a6c-a1dd-654a12225487',
    displayName: 'Member',
    originSystem: 'AadGroup',
    accessPackageResource: {
      id: '4a1e21c5-8a76-4578-acb1-641160e076e8',resourceType: 'Security Group',  
      originId: 'e93e24d1-2b65-4a6c-a1dd-654a12225487',originSystem: 'AadGroup'
    }
  },
  accessPackageResourceScope: {
    originId: 'e93e24d1-2b65-4a6c-a1dd-654a12225487',originSystem: 'AadGroup'
  }
};

await client.api('/identityGovernance/entitlementManagement/accessPackages/88203d16-0e31-41d4-87b2-dd402f1435e9/accessPackageResourceRoleScopes')
	.version('beta')
	.post(accessPackageResourceRoleScope);


<?php

// THIS SNIPPET IS A PREVIEW VERSION OF THE SDK. NON-PRODUCTION USE ONLY
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);

$requestBody = new AccessPackageResourceRoleScope();
$accessPackageResourceRole = new AccessPackageResourceRole();
$accessPackageResourceRole->setOriginId('Member_e93e24d1-2b65-4a6c-a1dd-654a12225487');
$accessPackageResourceRole->setDisplayName('Member');
$accessPackageResourceRole->setOriginSystem('AadGroup');
$accessPackageResourceRoleAccessPackageResource = new AccessPackageResource();
$accessPackageResourceRoleAccessPackageResource->setId('4a1e21c5-8a76-4578-acb1-641160e076e8');
$accessPackageResourceRoleAccessPackageResource->setResourceType('Security Group');
$accessPackageResourceRoleAccessPackageResource->setOriginId('e93e24d1-2b65-4a6c-a1dd-654a12225487');
$accessPackageResourceRoleAccessPackageResource->setOriginSystem('AadGroup');
$accessPackageResourceRole->setAccessPackageResource($accessPackageResourceRoleAccessPackageResource);
$requestBody->setAccessPackageResourceRole($accessPackageResourceRole);
$accessPackageResourceScope = new AccessPackageResourceScope();
$accessPackageResourceScope->setOriginId('e93e24d1-2b65-4a6c-a1dd-654a12225487');
$accessPackageResourceScope->setOriginSystem('AadGroup');
$requestBody->setAccessPackageResourceScope($accessPackageResourceScope);

$result = $graphServiceClient->identityGovernance()->entitlementManagement()->accessPackages()->byAccessPackageId('accessPackage-id')->accessPackageResourceRoleScopes()->post($requestBody)->wait();


Import-Module Microsoft.Graph.Beta.Identity.Governance

$params = @{
	accessPackageResourceRole = @{
		originId = "Member_e93e24d1-2b65-4a6c-a1dd-654a12225487"
		displayName = "Member"
		originSystem = "AadGroup"
		accessPackageResource = @{
			id = "4a1e21c5-8a76-4578-acb1-641160e076e8"
			resourceType = "Security Group"
			originId = "e93e24d1-2b65-4a6c-a1dd-654a12225487"
			originSystem = "AadGroup"
		}
	}
	accessPackageResourceScope = @{
		originId = "e93e24d1-2b65-4a6c-a1dd-654a12225487"
		originSystem = "AadGroup"
	}
}

New-MgBetaEntitlementManagementAccessPackageResourceRoleScope -AccessPackageId $accessPackageId -BodyParameter $params


# THE PYTHON SDK IS IN PREVIEW. FOR NON-PRODUCTION USE ONLY

graph_client = GraphServiceClient(request_adapter)

request_body = AccessPackageResourceRoleScope(
	access_package_resource_role = AccessPackageResourceRole(
		origin_id = "Member_e93e24d1-2b65-4a6c-a1dd-654a12225487",
		display_name = "Member",
		origin_system = "AadGroup",
		access_package_resource = AccessPackageResource(
			id = "4a1e21c5-8a76-4578-acb1-641160e076e8",
			resource_type = "Security Group",
			origin_id = "e93e24d1-2b65-4a6c-a1dd-654a12225487",
			origin_system = "AadGroup",
		),
	),
	access_package_resource_scope = AccessPackageResourceScope(
		origin_id = "e93e24d1-2b65-4a6c-a1dd-654a12225487",
		origin_system = "AadGroup",
	),
)

result = await graph_client.identity_governance.entitlement_management.acce_packages.by_acce_package_id('accessPackage-id').acces_package_resource_role_scopes.post(body = request_body)

Resposta

{
  "@odata.context": "https://graph.microsoft.com/beta/$metadata#identityGovernance/entitlementManagement/accessPackages('88203d16-0e31-41d4-87b2-dd402f1435e9')/accessPackageResourceRoleScopes/$entity",
  "id": "e081321b-2802-4834-a6ca-6f598ce3cdf7_6dbd2209-9d14-4c76-b92b-fcb00e835fe1",
  "createdBy": "admin@contoso.onmicrosoft.com",
  "createdDateTime": "2020-08-21T19:56:00.6320729Z",
  "modifiedBy": "admin@contoso.onmicrosoft.com",
  "modifiedDateTime": "2020-08-21T19:56:00.6320729Z"
}

O pacote de acesso agora tem uma função de recurso, que é a associação de grupo. A função é atribuída a qualquer usuário que tenha o pacote de acesso.

Criar uma política de pacote de acesso

Agora que você criou o pacote de acesso e adicionou recursos e funções, você pode decidir quem pode acessá-lo criando uma política de pacote de acesso. Neste tutorial, você habilita a conta Requestor1 que você criou para solicitar acesso aos recursos no pacote de acesso. Para esta tarefa, você precisa desses valores:

id do pacote de acesso para o valor da propriedade accessPackageId
id da conta de usuário Requestor1 para o valor da propriedade id em allowedRequestors

O valor da propriedade durationInDays permite que a conta Requestor1 acesse os recursos no pacote de acesso por até 30 dias. Registre o valor da propriedade ID que é retornada a ser usada posteriormente neste tutorial.

Solicitação

POST https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageAssignmentPolicies
Content-type: application/json

{
  "accessPackageId": "88203d16-0e31-41d4-87b2-dd402f1435e9",
  "displayName": "Specific users",
  "description": "Specific users can request assignment",
  "accessReviewSettings": null,
  "durationInDays": 30,
  "requestorSettings": {
    "scopeType": "SpecificDirectorySubjects",
    "acceptRequests": true,
    "allowedRequestors": [
       {
         "@odata.type": "#microsoft.graph.singleUser",
         "isBackup": false,
         "id": "007d1c7e-7fa8-4e33-b678-5e437acdcddc",
         "description": "Requestor1"
       }
    ]
  },
  "requestApprovalSettings": {
    "isApprovalRequired": false,
    "isApprovalRequiredForExtension": false,
    "isRequestorJustificationRequired": false,
    "approvalMode": "NoApproval",
    "approvalStages": []
  }
}


// Code snippets are only available for the latest version. Current version is 5.x

var graphClient = new GraphServiceClient(requestAdapter);

var requestBody = new AccessPackageAssignmentPolicy
{
	AccessPackageId = "88203d16-0e31-41d4-87b2-dd402f1435e9",
	DisplayName = "Specific users",
	Description = "Specific users can request assignment",
	AccessReviewSettings = null,
	DurationInDays = 30,
	RequestorSettings = new RequestorSettings
	{
		ScopeType = "SpecificDirectorySubjects",
		AcceptRequests = true,
		AllowedRequestors = new List<UserSet>
		{
			new SingleUser
			{
				OdataType = "#microsoft.graph.singleUser",
				IsBackup = false,
				Id = "007d1c7e-7fa8-4e33-b678-5e437acdcddc",
				Description = "Requestor1",
			},
		},
	},
	RequestApprovalSettings = new ApprovalSettings
	{
		IsApprovalRequired = false,
		IsApprovalRequiredForExtension = false,
		IsRequestorJustificationRequired = false,
		ApprovalMode = "NoApproval",
		ApprovalStages = new List<ApprovalStage>
		{
		},
	},
};
var result = await graphClient.IdentityGovernance.EntitlementManagement.AccessPackageAssignmentPolicies.PostAsync(requestBody);


// THE CLI IS IN PREVIEW. NON-PRODUCTION USE ONLY
mgc-beta identity-governance entitlement-management access-package-assignment-policies create --body '{\
  "accessPackageId": "88203d16-0e31-41d4-87b2-dd402f1435e9",\
  "displayName": "Specific users",\
  "description": "Specific users can request assignment",\
  "accessReviewSettings": null,\
  "durationInDays": 30,\
  "requestorSettings": {\
    "scopeType": "SpecificDirectorySubjects",\
    "acceptRequests": true,\
    "allowedRequestors": [\
       {\
         "@odata.type": "#microsoft.graph.singleUser",\
         "isBackup": false,\
         "id": "007d1c7e-7fa8-4e33-b678-5e437acdcddc",\
         "description": "Requestor1"\
       }\
    ]\
  },\
  "requestApprovalSettings": {\
    "isApprovalRequired": false,\
    "isApprovalRequiredForExtension": false,\
    "isRequestorJustificationRequired": false,\
    "approvalMode": "NoApproval",\
    "approvalStages": []\
  }\
}\
'



import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
	  graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
	  //other-imports
)

graphClient := msgraphsdk.NewGraphServiceClientWithCredentials(cred, scopes)


requestBody := graphmodels.NewAccessPackageAssignmentPolicy()
accessPackageId := "88203d16-0e31-41d4-87b2-dd402f1435e9"
requestBody.SetAccessPackageId(&accessPackageId) 
displayName := "Specific users"
requestBody.SetDisplayName(&displayName) 
description := "Specific users can request assignment"
requestBody.SetDescription(&description) 
accessReviewSettings := null
requestBody.SetAccessReviewSettings(&accessReviewSettings) 
durationInDays := int32(30)
requestBody.SetDurationInDays(&durationInDays) 
requestorSettings := graphmodels.NewRequestorSettings()
scopeType := "SpecificDirectorySubjects"
requestorSettings.SetScopeType(&scopeType) 
acceptRequests := true
requestorSettings.SetAcceptRequests(&acceptRequests) 


userSet := graphmodels.NewSingleUser()
isBackup := false
userSet.SetIsBackup(&isBackup) 
id := "007d1c7e-7fa8-4e33-b678-5e437acdcddc"
userSet.SetId(&id) 
description := "Requestor1"
userSet.SetDescription(&description) 

allowedRequestors := []graphmodels.UserSetable {
	userSet,
}
requestorSettings.SetAllowedRequestors(allowedRequestors)
requestBody.SetRequestorSettings(requestorSettings)
requestApprovalSettings := graphmodels.NewApprovalSettings()
isApprovalRequired := false
requestApprovalSettings.SetIsApprovalRequired(&isApprovalRequired) 
isApprovalRequiredForExtension := false
requestApprovalSettings.SetIsApprovalRequiredForExtension(&isApprovalRequiredForExtension) 
isRequestorJustificationRequired := false
requestApprovalSettings.SetIsRequestorJustificationRequired(&isRequestorJustificationRequired) 
approvalMode := "NoApproval"
requestApprovalSettings.SetApprovalMode(&approvalMode) 
approvalStages := []graphmodels.ApprovalStageable {

}
requestApprovalSettings.SetApprovalStages(approvalStages)
requestBody.SetRequestApprovalSettings(requestApprovalSettings)

accessPackageAssignmentPolicies, err := graphClient.IdentityGovernance().EntitlementManagement().AccessPackageAssignmentPolicies().Post(context.Background(), requestBody, nil)


GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();

AccessPackageAssignmentPolicy accessPackageAssignmentPolicy = new AccessPackageAssignmentPolicy();
accessPackageAssignmentPolicy.accessPackageId = "88203d16-0e31-41d4-87b2-dd402f1435e9";
accessPackageAssignmentPolicy.displayName = "Specific users";
accessPackageAssignmentPolicy.description = "Specific users can request assignment";
accessPackageAssignmentPolicy.accessReviewSettings = null;
accessPackageAssignmentPolicy.durationInDays = 30;
RequestorSettings requestorSettings = new RequestorSettings();
requestorSettings.scopeType = "SpecificDirectorySubjects";
requestorSettings.acceptRequests = true;
LinkedList<UserSet> allowedRequestorsList = new LinkedList<UserSet>();
SingleUser allowedRequestors = new SingleUser();
allowedRequestors.isBackup = false;
allowedRequestors.id = "007d1c7e-7fa8-4e33-b678-5e437acdcddc";
allowedRequestors.description = "Requestor1";
allowedRequestorsList.add(allowedRequestors);
requestorSettings.allowedRequestors = allowedRequestorsList;
accessPackageAssignmentPolicy.requestorSettings = requestorSettings;
ApprovalSettings requestApprovalSettings = new ApprovalSettings();
requestApprovalSettings.isApprovalRequired = false;
requestApprovalSettings.isApprovalRequiredForExtension = false;
requestApprovalSettings.isRequestorJustificationRequired = false;
requestApprovalSettings.approvalMode = "NoApproval";
LinkedList<ApprovalStage> approvalStagesList = new LinkedList<ApprovalStage>();
requestApprovalSettings.approvalStages = approvalStagesList;
accessPackageAssignmentPolicy.requestApprovalSettings = requestApprovalSettings;

graphClient.identityGovernance().entitlementManagement().accessPackageAssignmentPolicies()
	.buildRequest()
	.post(accessPackageAssignmentPolicy);


const options = {
	authProvider,
};

const client = Client.init(options);

const accessPackageAssignmentPolicy = {
  accessPackageId: '88203d16-0e31-41d4-87b2-dd402f1435e9',
  displayName: 'Specific users',
  description: 'Specific users can request assignment',
  accessReviewSettings: null,
  durationInDays: 30,
  requestorSettings: {
    scopeType: 'SpecificDirectorySubjects',
    acceptRequests: true,
    allowedRequestors: [
       {
         '@odata.type': '#microsoft.graph.singleUser',
         isBackup: false,
         id: '007d1c7e-7fa8-4e33-b678-5e437acdcddc',
         description: 'Requestor1'
       }
    ]
  },
  requestApprovalSettings: {
    isApprovalRequired: false,
    isApprovalRequiredForExtension: false,
    isRequestorJustificationRequired: false,
    approvalMode: 'NoApproval',
    approvalStages: []
  }
};

await client.api('/identityGovernance/entitlementManagement/accessPackageAssignmentPolicies')
	.version('beta')
	.post(accessPackageAssignmentPolicy);


<?php

// THIS SNIPPET IS A PREVIEW VERSION OF THE SDK. NON-PRODUCTION USE ONLY
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);

$requestBody = new AccessPackageAssignmentPolicy();
$requestBody->setAccessPackageId('88203d16-0e31-41d4-87b2-dd402f1435e9');
$requestBody->setDisplayName('Specific users');
$requestBody->setDescription('Specific users can request assignment');
$requestBody->setAccessReviewSettings(null);
$requestBody->setDurationInDays(30);
$requestorSettings = new RequestorSettings();
$requestorSettings->setScopeType('SpecificDirectorySubjects');
$requestorSettings->setAcceptRequests(true);
$allowedRequestorsUserSet1 = new SingleUser();
$allowedRequestorsUserSet1->setOdataType('#microsoft.graph.singleUser');
$allowedRequestorsUserSet1->setIsBackup(false);
$allowedRequestorsUserSet1->setId('007d1c7e-7fa8-4e33-b678-5e437acdcddc');
$allowedRequestorsUserSet1->setDescription('Requestor1');
$allowedRequestorsArray []= $allowedRequestorsUserSet1;
$requestorSettings->setAllowedRequestors($allowedRequestorsArray);

$requestBody->setRequestorSettings($requestorSettings);
$requestApprovalSettings = new ApprovalSettings();
$requestApprovalSettings->setIsApprovalRequired(false);
$requestApprovalSettings->setIsApprovalRequiredForExtension(false);
$requestApprovalSettings->setIsRequestorJustificationRequired(false);
$requestApprovalSettings->setApprovalMode('NoApproval');
$requestApprovalSettings->setApprovalStages([]);
$requestBody->setRequestApprovalSettings($requestApprovalSettings);

$result = $graphServiceClient->identityGovernance()->entitlementManagement()->accessPackageAssignmentPolicies()->post($requestBody)->wait();


Import-Module Microsoft.Graph.Beta.Identity.Governance

$params = @{
	accessPackageId = "88203d16-0e31-41d4-87b2-dd402f1435e9"
	displayName = "Specific users"
	description = "Specific users can request assignment"
	accessReviewSettings = $null
	durationInDays = 30
	requestorSettings = @{
		scopeType = "SpecificDirectorySubjects"
		acceptRequests = $true
		allowedRequestors = @(
			@{
				"@odata.type" = "#microsoft.graph.singleUser"
				isBackup = $false
				id = "007d1c7e-7fa8-4e33-b678-5e437acdcddc"
				description = "Requestor1"
			}
		)
	}
	requestApprovalSettings = @{
		isApprovalRequired = $false
		isApprovalRequiredForExtension = $false
		isRequestorJustificationRequired = $false
		approvalMode = "NoApproval"
		approvalStages = @(
		)
	}
}

New-MgBetaEntitlementManagementAccessPackageAssignmentPolicy -BodyParameter $params


# THE PYTHON SDK IS IN PREVIEW. FOR NON-PRODUCTION USE ONLY

graph_client = GraphServiceClient(request_adapter)

request_body = AccessPackageAssignmentPolicy(
	access_package_id = "88203d16-0e31-41d4-87b2-dd402f1435e9",
	display_name = "Specific users",
	description = "Specific users can request assignment",
	access_review_settings = None,
	duration_in_days = 30,
	requestor_settings = RequestorSettings(
		scope_type = "SpecificDirectorySubjects",
		accept_requests = True,
		allowed_requestors = [
			SingleUser(
				odata_type = "#microsoft.graph.singleUser",
				is_backup = False,
				id = "007d1c7e-7fa8-4e33-b678-5e437acdcddc",
				description = "Requestor1",
			),
		]
	),
	request_approval_settings = ApprovalSettings(
		is_approval_required = False,
		is_approval_required_for_extension = False,
		is_requestor_justification_required = False,
		approval_mode = "NoApproval",
		approval_stages = [
		]
	),
)

result = await graph_client.identity_governance.entitlement_management.acces_package_assignment_policies.post(body = request_body)

Resposta

{
  "@odata.context": "https://graph.microsoft.com/beta/$metadata#accessPackageAssignmentPolicies/$entity",
  "id": "db440482-1210-4a60-9b55-3ac7a72f63ba",
  "accessPackageId": "88203d16-0e31-41d4-87b2-dd402f1435e9",
  "displayName": "Specific users",
  "description": "Specific users can request assignment",
  "canExtend": false,
  "durationInDays": 30,
  "expirationDateTime": null,
  "createdBy": "admin@contoso.onmicrosoft.com",
  "createdDateTime": "2020-06-29T19:47:44.7399675Z",
  "modifiedBy": "admin@contoso.onmicrosoft.com",
  "modifiedDateTime": "2020-06-29T19:47:44.7555489Z",
  "accessReviewSettings": null,
  "requestorSettings": {
    "scopeType": "SpecificDirectorySubjects",
    "acceptRequests": true,
    "allowedRequestors": [
      {
        "@odata.type": "#microsoft.graph.singleUser",
        "isBackup": false,
        "id": "007d1c7e-7fa8-4e33-b678-5e437acdcddc",
        "description": "Requestor1"
      }
    ]
  },
  "requestApprovalSettings": {
    "isApprovalRequired": false,
    "isApprovalRequiredForExtension": false,
    "isRequestorJustificationRequired": false,
    "approvalMode": "NoApproval",
    "approvalStages": []
  }
}

Etapa 3: Solicitar acesso

Nesta etapa, a conta de usuário Requestor1 solicita acesso aos recursos no pacote de acesso.

Para solicitar acesso aos recursos no pacote de acesso, você precisa fornecer esses valores:

id da conta de usuário Requestor1 que você criou para o valor da propriedade targetId
id da política de atribuição para o valor da propriedade assignmentPolicyId
id do pacote de acesso para o valor da propriedade accessPackageId

Na resposta, você pode ver o status de Aceito e um estado de Envio. Registre o valor da propriedade ID retornada para obter o status da solicitação posteriormente.

Se você ainda não tiver feito isso, saia da conta de administrador que estava usando no Microsoft Graph Explorer. Entre na conta de usuário Requestor1 que você criou. Você será solicitado a alterar a senha se ela for a primeira vez que você entrar.

Solicitação

POST https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageAssignmentRequests
Content-type: application/json

{
  "requestType": "UserAdd",
  "accessPackageAssignment":{
     "targetId":"007d1c7e-7fa8-4e33-b678-5e437acdcddc",
     "assignmentPolicyId":"db440482-1210-4a60-9b55-3ac7a72f63ba",
     "accessPackageId":"88203d16-0e31-41d4-87b2-dd402f1435e9"
  }
}


// Code snippets are only available for the latest version. Current version is 5.x

var graphClient = new GraphServiceClient(requestAdapter);

var requestBody = new AccessPackageAssignmentRequest
{
	RequestType = "UserAdd",
	AccessPackageAssignment = new AccessPackageAssignment
	{
		TargetId = "007d1c7e-7fa8-4e33-b678-5e437acdcddc",
		AssignmentPolicyId = "db440482-1210-4a60-9b55-3ac7a72f63ba",
		AccessPackageId = "88203d16-0e31-41d4-87b2-dd402f1435e9",
	},
};
var result = await graphClient.IdentityGovernance.EntitlementManagement.AccessPackageAssignmentRequests.PostAsync(requestBody);


// THE CLI IS IN PREVIEW. NON-PRODUCTION USE ONLY
mgc-beta identity-governance entitlement-management access-package-assignment-requests create --body '{\
  "requestType": "UserAdd",\
  "accessPackageAssignment":{\
     "targetId":"007d1c7e-7fa8-4e33-b678-5e437acdcddc",\
     "assignmentPolicyId":"db440482-1210-4a60-9b55-3ac7a72f63ba",\
     "accessPackageId":"88203d16-0e31-41d4-87b2-dd402f1435e9"\
  }\
}\
'



import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
	  graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
	  //other-imports
)

graphClient := msgraphsdk.NewGraphServiceClientWithCredentials(cred, scopes)


requestBody := graphmodels.NewAccessPackageAssignmentRequest()
requestType := "UserAdd"
requestBody.SetRequestType(&requestType) 
accessPackageAssignment := graphmodels.NewAccessPackageAssignment()
targetId := "007d1c7e-7fa8-4e33-b678-5e437acdcddc"
accessPackageAssignment.SetTargetId(&targetId) 
assignmentPolicyId := "db440482-1210-4a60-9b55-3ac7a72f63ba"
accessPackageAssignment.SetAssignmentPolicyId(&assignmentPolicyId) 
accessPackageId := "88203d16-0e31-41d4-87b2-dd402f1435e9"
accessPackageAssignment.SetAccessPackageId(&accessPackageId) 
requestBody.SetAccessPackageAssignment(accessPackageAssignment)

accessPackageAssignmentRequests, err := graphClient.IdentityGovernance().EntitlementManagement().AccessPackageAssignmentRequests().Post(context.Background(), requestBody, nil)


GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();

AccessPackageAssignmentRequest accessPackageAssignmentRequest = new AccessPackageAssignmentRequest();
accessPackageAssignmentRequest.requestType = "UserAdd";
AccessPackageAssignment accessPackageAssignment = new AccessPackageAssignment();
accessPackageAssignment.targetId = "007d1c7e-7fa8-4e33-b678-5e437acdcddc";
accessPackageAssignment.assignmentPolicyId = "db440482-1210-4a60-9b55-3ac7a72f63ba";
accessPackageAssignment.accessPackageId = "88203d16-0e31-41d4-87b2-dd402f1435e9";
accessPackageAssignmentRequest.accessPackageAssignment = accessPackageAssignment;

graphClient.identityGovernance().entitlementManagement().accessPackageAssignmentRequests()
	.buildRequest()
	.post(accessPackageAssignmentRequest);


const options = {
	authProvider,
};

const client = Client.init(options);

const accessPackageAssignmentRequest = {
  requestType: 'UserAdd',
  accessPackageAssignment: {
     targetId: '007d1c7e-7fa8-4e33-b678-5e437acdcddc',
     assignmentPolicyId: 'db440482-1210-4a60-9b55-3ac7a72f63ba',
     accessPackageId: '88203d16-0e31-41d4-87b2-dd402f1435e9'
  }
};

await client.api('/identityGovernance/entitlementManagement/accessPackageAssignmentRequests')
	.version('beta')
	.post(accessPackageAssignmentRequest);


<?php

// THIS SNIPPET IS A PREVIEW VERSION OF THE SDK. NON-PRODUCTION USE ONLY
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);

$requestBody = new AccessPackageAssignmentRequest();
$requestBody->setRequestType('UserAdd');
$accessPackageAssignment = new AccessPackageAssignment();
$accessPackageAssignment->setTargetId('007d1c7e-7fa8-4e33-b678-5e437acdcddc');
$accessPackageAssignment->setAssignmentPolicyId('db440482-1210-4a60-9b55-3ac7a72f63ba');
$accessPackageAssignment->setAccessPackageId('88203d16-0e31-41d4-87b2-dd402f1435e9');
$requestBody->setAccessPackageAssignment($accessPackageAssignment);

$result = $graphServiceClient->identityGovernance()->entitlementManagement()->accessPackageAssignmentRequests()->post($requestBody)->wait();


Import-Module Microsoft.Graph.Beta.Identity.Governance

$params = @{
	requestType = "UserAdd"
	accessPackageAssignment = @{
		targetId = "007d1c7e-7fa8-4e33-b678-5e437acdcddc"
		assignmentPolicyId = "db440482-1210-4a60-9b55-3ac7a72f63ba"
		accessPackageId = "88203d16-0e31-41d4-87b2-dd402f1435e9"
	}
}

New-MgBetaEntitlementManagementAccessPackageAssignmentRequest -BodyParameter $params


# THE PYTHON SDK IS IN PREVIEW. FOR NON-PRODUCTION USE ONLY

graph_client = GraphServiceClient(request_adapter)

request_body = AccessPackageAssignmentRequest(
	request_type = "UserAdd",
	access_package_assignment = AccessPackageAssignment(
		target_id = "007d1c7e-7fa8-4e33-b678-5e437acdcddc",
		assignment_policy_id = "db440482-1210-4a60-9b55-3ac7a72f63ba",
		access_package_id = "88203d16-0e31-41d4-87b2-dd402f1435e9",
	),
)

result = await graph_client.identity_governance.entitlement_management.acces_package_assignment_requests.post(body = request_body)

Resposta

{
  "@odata.context": "https://graph.microsoft.com/beta/$metadata#accessPackageAssignmentRequests/$entity",
    "createdDateTime": null,
    "completedDate": null,
    "id": "a6bb6942-3ae1-4259-9908-0133aaee9377",
    "requestType": "UserAdd",
    "requestState": "Submitted",
    "requestStatus": "Accepted",
    "isValidationOnly": false,
    "expirationDateTime": null,
    "justification": null
}

Etapa 4: Validar se o acesso foi atribuído

Nesta etapa, você confirma que a conta de usuário Requestor1 recebeu o pacote de acesso e que agora eles são membros do grupo de recursos de marketing .

Saia da conta Requestor1 e entre novamente na conta de administrador para ver o status da solicitação.

Obter o status da solicitação

Use o valor da propriedade ID da solicitação para obter o status atual dela. Na resposta, você pode ver o status alterado para Fulfilled e o estado alterado para Entregue.

Solicitação

GET https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageAssignmentRequests/a6bb6942-3ae1-4259-9908-0133aaee9377


// Code snippets are only available for the latest version. Current version is 5.x

var graphClient = new GraphServiceClient(requestAdapter);

var result = await graphClient.IdentityGovernance.EntitlementManagement.AccessPackageAssignmentRequests["{accessPackageAssignmentRequest-id}"].GetAsync();


// THE CLI IS IN PREVIEW. NON-PRODUCTION USE ONLY
mgc-beta identity-governance entitlement-management access-package-assignment-requests get --access-package-assignment-request-id {accessPackageAssignmentRequest-id}



import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
	  //other-imports
)

graphClient := msgraphsdk.NewGraphServiceClientWithCredentials(cred, scopes)



accessPackageAssignmentRequests, err := graphClient.IdentityGovernance().EntitlementManagement().AccessPackageAssignmentRequests().ByAccessPackageAssignmentRequestId("accessPackageAssignmentRequest-id").Get(context.Background(), nil)


GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();

AccessPackageAssignmentRequest accessPackageAssignmentRequest = graphClient.identityGovernance().entitlementManagement().accessPackageAssignmentRequests("a6bb6942-3ae1-4259-9908-0133aaee9377")
	.buildRequest()
	.get();


const options = {
	authProvider,
};

const client = Client.init(options);

let accessPackageAssignmentRequest = await client.api('/identityGovernance/entitlementManagement/accessPackageAssignmentRequests/a6bb6942-3ae1-4259-9908-0133aaee9377')
	.version('beta')
	.get();


<?php

// THIS SNIPPET IS A PREVIEW VERSION OF THE SDK. NON-PRODUCTION USE ONLY
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);


$result = $graphServiceClient->identityGovernance()->entitlementManagement()->accessPackageAssignmentRequests()->byAccessPackageAssignmentRequestId('accessPackageAssignmentRequest-id')->get()->wait();


Import-Module Microsoft.Graph.Beta.Identity.Governance

Get-MgBetaEntitlementManagementAccessPackageAssignmentRequest -AccessPackageAssignmentRequestId $accessPackageAssignmentRequestId


# THE PYTHON SDK IS IN PREVIEW. FOR NON-PRODUCTION USE ONLY

graph_client = GraphServiceClient(request_adapter)


result = await graph_client.identity_governance.entitlement_management.acce_package_assignment_requests.by_acces_package_assignment_request_id('accessPackageAssignmentRequest-id').get()

Resposta

{
  "@odata.context": "https://graph.microsoft.com/beta/$metadata#accessPackageAssignmentRequests/$entity",
  "createdDateTime": "2020-06-29T20:24:24.683Z",
  "completedDate": "2020-06-29T20:24:47.937Z",
  "id": "a6bb6942-3ae1-4259-9908-0133aaee9377",
  "requestType": "UserAdd",
  "requestState": "Delivered",
  "requestStatus": "FulfilledNotificationTriggered",
  "isValidationOnly": false,
  "expirationDateTime": null,
  "justification": null
}

Obter atribuições de pacote de acesso

Você também pode usar a ID da política de pacote de acesso que você criou para ver que os recursos foram atribuídos à conta de usuário Requestor1 .

Solicitação

GET https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageAssignments?$filter=accessPackageAssignmentPolicy/Id eq 'db440482-1210-4a60-9b55-3ac7a72f63ba'&$expand=target,accessPackageAssignmentResourceRoles


// Code snippets are only available for the latest version. Current version is 5.x

var graphClient = new GraphServiceClient(requestAdapter);

var result = await graphClient.IdentityGovernance.EntitlementManagement.AccessPackageAssignments.GetAsync((requestConfiguration) =>
{
	requestConfiguration.QueryParameters.Filter = "accessPackageAssignmentPolicy/Id eq 'db440482-1210-4a60-9b55-3ac7a72f63ba'";
	requestConfiguration.QueryParameters.Expand = new string []{ "target","accessPackageAssignmentResourceRoles" };
});


// THE CLI IS IN PREVIEW. NON-PRODUCTION USE ONLY
mgc-beta identity-governance entitlement-management access-package-assignments list --filter "accessPackageAssignmentPolicy/Id eq 'db440482-1210-4a60-9b55-3ac7a72f63ba'" --expand "target,accessPackageAssignmentResourceRoles"



import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
	  graphidentitygovernance "github.com/microsoftgraph/msgraph-beta-sdk-go/identitygovernance"
	  //other-imports
)

graphClient := msgraphsdk.NewGraphServiceClientWithCredentials(cred, scopes)



requestFilter := "accessPackageAssignmentPolicy/Id eq 'db440482-1210-4a60-9b55-3ac7a72f63ba'"

requestParameters := &graphidentitygovernance.IdentityGovernanceEntitlementManagementAccessPackageAssignmentsRequestBuilderGetQueryParameters{
	Filter: &requestFilter,
	Expand: [] string {"target","accessPackageAssignmentResourceRoles"},
}
configuration := &graphidentitygovernance.IdentityGovernanceEntitlementManagementAccessPackageAssignmentsRequestBuilderGetRequestConfiguration{
	QueryParameters: requestParameters,
}

accessPackageAssignments, err := graphClient.IdentityGovernance().EntitlementManagement().AccessPackageAssignments().Get(context.Background(), configuration)


GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();

AccessPackageAssignmentCollectionPage accessPackageAssignments = graphClient.identityGovernance().entitlementManagement().accessPackageAssignments()
	.buildRequest()
	.filter("accessPackageAssignmentPolicy/Id eq 'db440482-1210-4a60-9b55-3ac7a72f63ba'")
	.expand("target,accessPackageAssignmentResourceRoles")
	.get();


const options = {
	authProvider,
};

const client = Client.init(options);

let accessPackageAssignments = await client.api('/identityGovernance/entitlementManagement/accessPackageAssignments')
	.version('beta')
	.filter('accessPackageAssignmentPolicy/Id eq \'db440482-1210-4a60-9b55-3ac7a72f63ba\'')
	.expand('target,accessPackageAssignmentResourceRoles')
	.get();


<?php

// THIS SNIPPET IS A PREVIEW VERSION OF THE SDK. NON-PRODUCTION USE ONLY
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);

$requestConfiguration = new AccessPackageAssignmentsRequestBuilderGetRequestConfiguration();
$queryParameters = AccessPackageAssignmentsRequestBuilderGetRequestConfiguration::createQueryParameters();
$queryParameters->filter = "accessPackageAssignmentPolicy/Id eq 'db440482-1210-4a60-9b55-3ac7a72f63ba'";
$queryParameters->expand = ["target","accessPackageAssignmentResourceRoles"];
$requestConfiguration->queryParameters = $queryParameters;


$result = $graphServiceClient->identityGovernance()->entitlementManagement()->accessPackageAssignments()->get($requestConfiguration)->wait();


Import-Module Microsoft.Graph.Beta.Identity.Governance

Get-MgBetaEntitlementManagementAccessPackageAssignment -Filter "accessPackageAssignmentPolicy/Id eq 'db440482-1210-4a60-9b55-3ac7a72f63ba'" -ExpandProperty "target,accessPackageAssignmentResourceRoles"


# THE PYTHON SDK IS IN PREVIEW. FOR NON-PRODUCTION USE ONLY

graph_client = GraphServiceClient(request_adapter)

query_params = AccessPackageAssignmentsRequestBuilder.AccessPackageAssignmentsRequestBuilderGetQueryParameters(
		filter = "accessPackageAssignmentPolicy/Id eq 'db440482-1210-4a60-9b55-3ac7a72f63ba'",
		expand = ["target","accessPackageAssignmentResourceRoles"],
)

request_configuration = AccessPackageAssignmentsRequestBuilder.AccessPackageAssignmentsRequestBuilderGetRequestConfiguration(
query_parameters = query_params,
)

result = await graph_client.identity_governance.entitlement_management.acces_package_assignments.get(request_configuration = request_configuration)

Resposta

{
  "@odata.context": "https://graph.microsoft.com/beta/$metadata#accessPackageAssignments",
  "value": [
    {
      "id": "a6bb6942-3ae1-4259-9908-0133aaee9377",
      "catalogId": "cec5d6ab-c75d-47c0-9c1c-92e89f66e384",
      "accessPackageId": "88203d16-0e31-41d4-87b2-dd402f1435e9",
      "assignmentPolicyId": "db440482-1210-4a60-9b55-3ac7a72f63ba",
      "targetId": "2bc42425-6dc5-4f2a-9ebb-7a7464481eb0",
      "assignmentStatus": "Delivered",
      "assignmentState": "Delivered",
      "isExtended": false,
      "expiredDateTime": null,
      "target": {
         "id": "8586ddc8-0ff7-4c24-9c79-f192bc3566e3",
         "objectId": "2bc42425-6dc5-4f2a-9ebb-7a7464481eb0"
      },
      "accessPackageAssignmentResourceRoles": [
         {
            "id": "bdb7e0a0-a927-42ab-bf30-c5b5533dc54a",
            "originSystem": "AadGroup",
            "status": "Fulfilled"
         }
      ]
    }
  ]
}

Obter os membros do grupo

Depois que a solicitação tiver sido concedida, você poderá usar a ID que você gravou para o grupo de recursos de Marketing para ver se a conta de usuário Requestor1 foi adicionada a ela.

Solicitação

GET https://graph.microsoft.com/v1.0/groups/e93e24d1-2b65-4a6c-a1dd-654a12225487/members


// Code snippets are only available for the latest version. Current version is 5.x

var graphClient = new GraphServiceClient(requestAdapter);

var result = await graphClient.Groups["{group-id}"].Members.GetAsync();


// THE CLI IS IN PREVIEW. NON-PRODUCTION USE ONLY
mgc groups members list --group-id {group-id}



import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
	  //other-imports
)

graphClient := msgraphsdk.NewGraphServiceClientWithCredentials(cred, scopes)



members, err := graphClient.Groups().ByGroupId("group-id").Members().Get(context.Background(), nil)


GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();

DirectoryObjectCollectionWithReferencesPage members = graphClient.groups("e93e24d1-2b65-4a6c-a1dd-654a12225487").members()
	.buildRequest()
	.get();


const options = {
	authProvider,
};

const client = Client.init(options);

let members = await client.api('/groups/e93e24d1-2b65-4a6c-a1dd-654a12225487/members')
	.get();


<?php

// THIS SNIPPET IS A PREVIEW VERSION OF THE SDK. NON-PRODUCTION USE ONLY
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);


$result = $graphServiceClient->groups()->byGroupId('group-id')->members()->get()->wait();


Import-Module Microsoft.Graph.Groups

Get-MgGroupMember -GroupId $groupId


# THE PYTHON SDK IS IN PREVIEW. FOR NON-PRODUCTION USE ONLY

graph_client = GraphServiceClient(request_adapter)


result = await graph_client.groups.by_group_id('group-id').members.get()

Resposta:

{
  "@odata.context": "https://graph.microsoft.com/beta/$metadata#directoryObjects",
  "value": [
    {
      "@odata.type": "#microsoft.graph.user",
      "id": "007d1c7e-7fa8-4e33-b678-5e437acdcddc",
      "deletedDateTime": null,
      "accountEnabled": true,
      "ageGroup": null,
      "businessPhones": [],
      "city": null,
      "createdDateTime": "2020-06-23T18:43:24Z",
      "creationType": null,
      "companyName": null,
      "consentProvidedForMinor": null,
      "country": null,
      "department": null,
      "displayName": "Requestor1",
      "employeeId": null,
      "faxNumber": null,
      "givenName": null,
      "imAddresses": [],
      "infoCatalogs": [],
      "isResourceAccount": null,
      "jobTitle": null,
      "legalAgeGroupClassification": null,
      "mail": null,
      "mailNickname": "Requestor1"
    }
  ]
}

Etapa 5: Limpar recursos

Nesta etapa, você remove as alterações feitas e exclui o pacote de acesso da Campanha de Marketing .

Remover uma atribuição de pacote de acesso

Você deve remover todas as atribuições para o pacote de acesso antes de poder excluí-la. Use a ID da solicitação de atribuição que você gravou anteriormente para excluí-la.

Solicitação

POST https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageAssignmentRequests
Content-type: application/json

{
  "requestType": "AdminRemove",
  "accessPackageAssignment":{
     "id": "a6bb6942-3ae1-4259-9908-0133aaee9377"
  }
}


// Code snippets are only available for the latest version. Current version is 5.x

var graphClient = new GraphServiceClient(requestAdapter);

var requestBody = new AccessPackageAssignmentRequest
{
	RequestType = "AdminRemove",
	AccessPackageAssignment = new AccessPackageAssignment
	{
		Id = "a6bb6942-3ae1-4259-9908-0133aaee9377",
	},
};
var result = await graphClient.IdentityGovernance.EntitlementManagement.AccessPackageAssignmentRequests.PostAsync(requestBody);


// THE CLI IS IN PREVIEW. NON-PRODUCTION USE ONLY
mgc-beta identity-governance entitlement-management access-package-assignment-requests create --body '{\
  "requestType": "AdminRemove",\
  "accessPackageAssignment":{\
     "id": "a6bb6942-3ae1-4259-9908-0133aaee9377"\
  }\
}\
'



import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
	  graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
	  //other-imports
)

graphClient := msgraphsdk.NewGraphServiceClientWithCredentials(cred, scopes)


requestBody := graphmodels.NewAccessPackageAssignmentRequest()
requestType := "AdminRemove"
requestBody.SetRequestType(&requestType) 
accessPackageAssignment := graphmodels.NewAccessPackageAssignment()
id := "a6bb6942-3ae1-4259-9908-0133aaee9377"
accessPackageAssignment.SetId(&id) 
requestBody.SetAccessPackageAssignment(accessPackageAssignment)

accessPackageAssignmentRequests, err := graphClient.IdentityGovernance().EntitlementManagement().AccessPackageAssignmentRequests().Post(context.Background(), requestBody, nil)


GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();

AccessPackageAssignmentRequest accessPackageAssignmentRequest = new AccessPackageAssignmentRequest();
accessPackageAssignmentRequest.requestType = "AdminRemove";
AccessPackageAssignment accessPackageAssignment = new AccessPackageAssignment();
accessPackageAssignment.id = "a6bb6942-3ae1-4259-9908-0133aaee9377";
accessPackageAssignmentRequest.accessPackageAssignment = accessPackageAssignment;

graphClient.identityGovernance().entitlementManagement().accessPackageAssignmentRequests()
	.buildRequest()
	.post(accessPackageAssignmentRequest);


const options = {
	authProvider,
};

const client = Client.init(options);

const accessPackageAssignmentRequest = {
  requestType: 'AdminRemove',
  accessPackageAssignment: {
     id: 'a6bb6942-3ae1-4259-9908-0133aaee9377'
  }
};

await client.api('/identityGovernance/entitlementManagement/accessPackageAssignmentRequests')
	.version('beta')
	.post(accessPackageAssignmentRequest);


<?php

// THIS SNIPPET IS A PREVIEW VERSION OF THE SDK. NON-PRODUCTION USE ONLY
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);

$requestBody = new AccessPackageAssignmentRequest();
$requestBody->setRequestType('AdminRemove');
$accessPackageAssignment = new AccessPackageAssignment();
$accessPackageAssignment->setId('a6bb6942-3ae1-4259-9908-0133aaee9377');
$requestBody->setAccessPackageAssignment($accessPackageAssignment);

$result = $graphServiceClient->identityGovernance()->entitlementManagement()->accessPackageAssignmentRequests()->post($requestBody)->wait();


Import-Module Microsoft.Graph.Beta.Identity.Governance

$params = @{
	requestType = "AdminRemove"
	accessPackageAssignment = @{
		id = "a6bb6942-3ae1-4259-9908-0133aaee9377"
	}
}

New-MgBetaEntitlementManagementAccessPackageAssignmentRequest -BodyParameter $params


# THE PYTHON SDK IS IN PREVIEW. FOR NON-PRODUCTION USE ONLY

graph_client = GraphServiceClient(request_adapter)

request_body = AccessPackageAssignmentRequest(
	request_type = "AdminRemove",
	access_package_assignment = AccessPackageAssignment(
		id = "a6bb6942-3ae1-4259-9908-0133aaee9377",
	),
)

result = await graph_client.identity_governance.entitlement_management.acces_package_assignment_requests.post(body = request_body)

Resposta

{
    "@odata.context": "https://graph.microsoft.com/beta/$metadata#accessPackageAssignmentRequests/$entity",
    "createdDateTime": null,
    "completedDate": null,
    "id": "78eaee8c-e6cf-48c9-8f99-aae44c35e379",
    "requestType": "AdminRemove",
    "requestState": "Submitted",
    "requestStatus": "Accepted",
    "isValidationOnly": false,
    "expirationDateTime": null,
    "justification": null
}

Excluir a política de atribuição de pacote de acesso

Use a ID da política de atribuição que você gravou anteriormente para excluí-la. Verifique se todas as atribuições são removidas primeiro.

Solicitação

DELETE https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageAssignmentPolicies/6c1f65ec-8c25-4a45-83c2-a1de2a6d0e9f


// Code snippets are only available for the latest version. Current version is 5.x

var graphClient = new GraphServiceClient(requestAdapter);

await graphClient.IdentityGovernance.EntitlementManagement.AccessPackageAssignmentPolicies["{accessPackageAssignmentPolicy-id}"].DeleteAsync();


// THE CLI IS IN PREVIEW. NON-PRODUCTION USE ONLY
mgc-beta identity-governance entitlement-management access-package-assignment-policies delete --access-package-assignment-policy-id {accessPackageAssignmentPolicy-id}



import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
	  //other-imports
)

graphClient := msgraphsdk.NewGraphServiceClientWithCredentials(cred, scopes)



graphClient.IdentityGovernance().EntitlementManagement().AccessPackageAssignmentPolicies().ByAccessPackageAssignmentPolicyId("accessPackageAssignmentPolicy-id").Delete(context.Background(), nil)


GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();

graphClient.identityGovernance().entitlementManagement().accessPackageAssignmentPolicies("6c1f65ec-8c25-4a45-83c2-a1de2a6d0e9f")
	.buildRequest()
	.delete();


const options = {
	authProvider,
};

const client = Client.init(options);

await client.api('/identityGovernance/entitlementManagement/accessPackageAssignmentPolicies/6c1f65ec-8c25-4a45-83c2-a1de2a6d0e9f')
	.version('beta')
	.delete();


<?php

// THIS SNIPPET IS A PREVIEW VERSION OF THE SDK. NON-PRODUCTION USE ONLY
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);


$graphServiceClient->identityGovernance()->entitlementManagement()->accessPackageAssignmentPolicies()->byAccessPackageAssignmentPolicyId('accessPackageAssignmentPolicy-id')->delete()->wait();


Import-Module Microsoft.Graph.Beta.Identity.Governance

Remove-MgBetaEntitlementManagementAccessPackageAssignmentPolicy -AccessPackageAssignmentPolicyId $accessPackageAssignmentPolicyId


# THE PYTHON SDK IS IN PREVIEW. FOR NON-PRODUCTION USE ONLY

graph_client = GraphServiceClient(request_adapter)


await graph_client.identity_governance.entitlement_management.acce_package_assignment_policies.by_acces_package_assignment_policie_id('accessPackageAssignmentPolicy-id').delete()

Resposta

No Content - 204

Excluir o pacote de acesso

Use a ID do pacote de acesso que você gravou anteriormente para excluí-la.

Solicitação

DELETE https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackages/cf54c6ca-d717-49bc-babe-d140d035dfdd


// Code snippets are only available for the latest version. Current version is 5.x

var graphClient = new GraphServiceClient(requestAdapter);

await graphClient.IdentityGovernance.EntitlementManagement.AccessPackages["{accessPackage-id}"].DeleteAsync();


// THE CLI IS IN PREVIEW. NON-PRODUCTION USE ONLY
mgc-beta identity-governance entitlement-management access-packages delete --access-package-id {accessPackage-id}



import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
	  //other-imports
)

graphClient := msgraphsdk.NewGraphServiceClientWithCredentials(cred, scopes)



graphClient.IdentityGovernance().EntitlementManagement().AccessPackages().ByAccessPackageId("accessPackage-id").Delete(context.Background(), nil)


GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();

graphClient.identityGovernance().entitlementManagement().accessPackages("cf54c6ca-d717-49bc-babe-d140d035dfdd")
	.buildRequest()
	.delete();


const options = {
	authProvider,
};

const client = Client.init(options);

await client.api('/identityGovernance/entitlementManagement/accessPackages/cf54c6ca-d717-49bc-babe-d140d035dfdd')
	.version('beta')
	.delete();


<?php

// THIS SNIPPET IS A PREVIEW VERSION OF THE SDK. NON-PRODUCTION USE ONLY
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);


$graphServiceClient->identityGovernance()->entitlementManagement()->accessPackages()->byAccessPackageId('accessPackage-id')->delete()->wait();


Import-Module Microsoft.Graph.Beta.Identity.Governance

Remove-MgBetaEntitlementManagementAccessPackage -AccessPackageId $accessPackageId


# THE PYTHON SDK IS IN PREVIEW. FOR NON-PRODUCTION USE ONLY

graph_client = GraphServiceClient(request_adapter)


await graph_client.identity_governance.entitlement_management.acce_packages.by_acces_package_id('accessPackage-id').delete()

Resposta

No Content - 204

Excluir a conta de usuário

Exclua a conta de usuário Requestor1 .

Solicitação

DELETE https://graph.microsoft.com/v1.0/users/ce02eca8-752b-4ecf-ac29-aa9bccd87606


// Code snippets are only available for the latest version. Current version is 5.x

var graphClient = new GraphServiceClient(requestAdapter);

await graphClient.Users["{user-id}"].DeleteAsync();


// THE CLI IS IN PREVIEW. NON-PRODUCTION USE ONLY
mgc users delete --user-id {user-id}



import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
	  //other-imports
)

graphClient := msgraphsdk.NewGraphServiceClientWithCredentials(cred, scopes)



graphClient.Users().ByUserId("user-id").Delete(context.Background(), nil)


GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();

graphClient.users("ce02eca8-752b-4ecf-ac29-aa9bccd87606")
	.buildRequest()
	.delete();


const options = {
	authProvider,
};

const client = Client.init(options);

await client.api('/users/ce02eca8-752b-4ecf-ac29-aa9bccd87606')
	.delete();


<?php

// THIS SNIPPET IS A PREVIEW VERSION OF THE SDK. NON-PRODUCTION USE ONLY
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);


$graphServiceClient->users()->byUserId('user-id')->delete()->wait();


Import-Module Microsoft.Graph.Users

Remove-MgUser -UserId $userId


# THE PYTHON SDK IS IN PREVIEW. FOR NON-PRODUCTION USE ONLY

graph_client = GraphServiceClient(request_adapter)


await graph_client.users.by_user_id('user-id').delete()

Resposta

No Content - 204

Adicionar ou remover membros do grupo

Exclua o grupo de recursos de marketing .

Solicitação

DELETE https://graph.microsoft.com/v1.0/groups/a468eaea-ed6c-4290-98d2-a96bb1cb4209


// Code snippets are only available for the latest version. Current version is 5.x

var graphClient = new GraphServiceClient(requestAdapter);

await graphClient.Groups["{group-id}"].DeleteAsync();


// THE CLI IS IN PREVIEW. NON-PRODUCTION USE ONLY
mgc groups delete --group-id {group-id}



import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
	  //other-imports
)

graphClient := msgraphsdk.NewGraphServiceClientWithCredentials(cred, scopes)



graphClient.Groups().ByGroupId("group-id").Delete(context.Background(), nil)


GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();

graphClient.groups("a468eaea-ed6c-4290-98d2-a96bb1cb4209")
	.buildRequest()
	.delete();


const options = {
	authProvider,
};

const client = Client.init(options);

await client.api('/groups/a468eaea-ed6c-4290-98d2-a96bb1cb4209')
	.delete();


<?php

// THIS SNIPPET IS A PREVIEW VERSION OF THE SDK. NON-PRODUCTION USE ONLY
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);


$graphServiceClient->groups()->byGroupId('group-id')->delete()->wait();


Import-Module Microsoft.Graph.Groups

Remove-MgGroup -GroupId $groupId


# THE PYTHON SDK IS IN PREVIEW. FOR NON-PRODUCTION USE ONLY

graph_client = GraphServiceClient(request_adapter)


await graph_client.groups.by_group_id('group-id').delete()

Resposta

No Content - 204

Confira também

Neste tutorial, você usou muitas APIs para realizar tarefas. Explore a referência de API para essas APIs para saber mais sobre o que as APIs podem fazer:

Gerenciar o acesso aos recursos usando as APIs de gerenciamento de direitos no Microsoft Graph

Pré-requisitos

Etapa 1: Criar uma conta de usuário e um grupo

Criar uma conta de usuário

Solicitação

Resposta

Criar um grupo

Solicitação

Resposta

Etapa 2: adicionar recursos a um catálogo e criar um pacote de acesso

Obter o identificador de catálogo

Solicitação

Resposta

Adicionar o grupo ao catálogo

Solicitação

Resposta

Obter recursos de catálogo

Solicitação

Resposta

Obter funções de recursos

Solicitação

Resposta

Criar o pacote de acesso

Solicitação

Resposta

Adicionar uma função de recurso ao pacote de acesso

Solicitação

Resposta

Criar uma política de pacote de acesso

Solicitação

Resposta

Etapa 3: Solicitar acesso

Solicitação

Resposta

Etapa 4: Validar se o acesso foi atribuído

Obter o status da solicitação

Solicitação

Resposta

Obter atribuições de pacote de acesso

Solicitação

Resposta

Obter os membros do grupo

Solicitação

Resposta:

Etapa 5: Limpar recursos

Remover uma atribuição de pacote de acesso

Solicitação

Resposta

Excluir a política de atribuição de pacote de acesso

Solicitação

Resposta

Excluir o pacote de acesso

Solicitação

Resposta

Excluir a conta de usuário

Solicitação

Resposta

Adicionar ou remover membros do grupo

Solicitação

Resposta

Confira também

Recursos adicionais

Recursos adicionais