Обновление unifiedRoleManagementPolicy
- Статья
Пространство имен: microsoft.graph
Обновите сведения об объекте политики управления ролями unifiedRoleManagementPolicy .
Этот API доступен в следующих национальных облачных развертываниях.
| Глобальная служба | Правительство США L4 | Правительство США L5 (DOD) | Китай управляется 21Vianet |
|---|---|---|---|
| ✅ | ✅ | ✅ | ✅ |
Разрешения
Для вызова этого API требуется одно из следующих разрешений. Дополнительные сведения, включая сведения о том, как выбрать разрешения, см. в статье Разрешения.
Для PIM для Microsoft Entra ролей
| Тип разрешения | Разрешения (в порядке повышения привилегий) |
|---|---|
| Делегированные (рабочая или учебная учетная запись) | RoleManagementPolicy.ReadWrite.Directory, RoleManagement.ReadWrite.Directory |
| Делегированные (личная учетная запись Майкрософт) | Не поддерживается. |
| Приложение | RoleManagementPolicy.ReadWrite.Directory, RoleManagement.ReadWrite.Directory |
В делегированных сценариях пользователю, выполнившему вход, также необходимо назначить по крайней мере одну из следующих Microsoft Entra ролей:
- Для операций чтения: глобальный читатель, оператор безопасности, читатель безопасности, администратор безопасности или администратор привилегированных ролей.
- Для операций записи: администратор привилегированных ролей
Для PIM для групп
| Тип разрешения | Разрешения (в порядке повышения привилегий) |
|---|---|
| Делегированные (рабочая или учебная учетная запись) | RoleManagementPolicy.ReadWrite.AzureADGroup |
| Делегированные (личная учетная запись Майкрософт) | Не поддерживается. |
| Приложение | RoleManagementPolicy.ReadWrite.AzureADGroup |
HTTP-запрос
Чтобы обновить сведения о политике управления ролями для Microsoft Entra ролей или групп, выполните следующие действия:
PATCH /policies/roleManagementPolicies/{unifiedRoleManagementPolicyId}
Заголовки запросов
| Имя | Описание |
|---|---|
| Авторизация | Bearer {token}. Обязательно. Дополнительные сведения о проверке подлинности и авторизации. |
| Content-Type | application/json. Обязательно. |
Текст запроса
Укажите в тексте запроса только значения обновляемых свойств. Существующие свойства, которые не включены в текст запроса, сохраняют свои предыдущие значения или пересчитываются на основе изменений других значений свойств.
В следующей таблице указаны свойства, которые можно обновить.
| Свойство | Тип | Описание |
|---|---|---|
| правила | коллекция unifiedRoleManagementPolicyRule | Список правил политики для обновления. |
Отклик
В случае успешного выполнения этот метод возвращает код отклика 200 OK и объект unifiedRoleManagementPolicy в теле отклика.
Примеры
Пример 1. Обновление сведений о политике, определенной в PIM для Microsoft Entra ролей
Запрос
Ниже показан пример запроса.
PATCH https://graph.microsoft.com/v1.0/policies/roleManagementPolicies/DirectoryRole_2132228a-d66e-401c-ab8a-a8ae31254a36_0f8c4bbc-4f1a-421c-b63d-a68f571b7fab
Content-Type: application/json
{
"rules": [
{
"@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyApprovalRule",
"id": "Approval_EndUser_Assignment",
"target": {
"caller": "EndUser",
"operations": [
"All"
],
"level": "Assignment",
"inheritableSettings": [],
"enforcedSettings": []
},
"setting": {
"isApprovalRequired": false,
"isApprovalRequiredForExtension": false,
"isRequestorJustificationRequired": true,
"approvalMode": "SingleStage",
"approvalStages": [
{
"approvalStageTimeOutInDays": 1,
"isApproverJustificationRequired": true,
"escalationTimeInMinutes": 0,
"isEscalationEnabled": false,
"primaryApprovers": [],
"escalationApprovers": []
}
]
}
},
{
"@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyAuthenticationContextRule",
"id": "AuthenticationContext_EndUser_Assignment",
"isEnabled": false,
"claimValue": "",
"target": {
"caller": "EndUser",
"operations": [
"All"
],
"level": "Assignment",
"inheritableSettings": [],
"enforcedSettings": []
}
},
{
"@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule",
"id": "Enablement_Admin_Eligibility",
"enabledRules": [],
"target": {
"caller": "Admin",
"operations": [
"All"
],
"level": "Eligibility",
"inheritableSettings": [],
"enforcedSettings": []
}
},
{
"@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule",
"id": "Expiration_Admin_Eligibility",
"isExpirationRequired": false,
"maximumDuration": "P365D",
"target": {
"caller": "Admin",
"operations": [
"All"
],
"level": "Eligibility",
"inheritableSettings": [],
"enforcedSettings": []
}
},
{
"@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule",
"id": "Notification_Admin_Admin_Eligibility",
"notificationType": "Email",
"recipientType": "Admin",
"notificationLevel": "All",
"isDefaultRecipientsEnabled": true,
"notificationRecipients": [],
"target": {
"caller": "Admin",
"operations": [
"All"
],
"level": "Eligibility",
"inheritableSettings": [],
"enforcedSettings": []
}
}
]
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Models;
var requestBody = new UnifiedRoleManagementPolicy
{
Rules = new List<UnifiedRoleManagementPolicyRule>
{
new UnifiedRoleManagementPolicyApprovalRule
{
OdataType = "#microsoft.graph.unifiedRoleManagementPolicyApprovalRule",
Id = "Approval_EndUser_Assignment",
Target = new UnifiedRoleManagementPolicyRuleTarget
{
Caller = "EndUser",
Operations = new List<UnifiedRoleManagementPolicyRuleTargetOperations?>
{
UnifiedRoleManagementPolicyRuleTargetOperations.All,
},
Level = "Assignment",
InheritableSettings = new List<string>
{
},
EnforcedSettings = new List<string>
{
},
},
Setting = new ApprovalSettings
{
IsApprovalRequired = false,
IsApprovalRequiredForExtension = false,
IsRequestorJustificationRequired = true,
ApprovalMode = "SingleStage",
ApprovalStages = new List<UnifiedApprovalStage>
{
new UnifiedApprovalStage
{
ApprovalStageTimeOutInDays = 1,
IsApproverJustificationRequired = true,
EscalationTimeInMinutes = 0,
IsEscalationEnabled = false,
PrimaryApprovers = new List<SubjectSet>
{
},
EscalationApprovers = new List<SubjectSet>
{
},
},
},
},
},
new UnifiedRoleManagementPolicyAuthenticationContextRule
{
OdataType = "#microsoft.graph.unifiedRoleManagementPolicyAuthenticationContextRule",
Id = "AuthenticationContext_EndUser_Assignment",
IsEnabled = false,
ClaimValue = "",
Target = new UnifiedRoleManagementPolicyRuleTarget
{
Caller = "EndUser",
Operations = new List<UnifiedRoleManagementPolicyRuleTargetOperations?>
{
UnifiedRoleManagementPolicyRuleTargetOperations.All,
},
Level = "Assignment",
InheritableSettings = new List<string>
{
},
EnforcedSettings = new List<string>
{
},
},
},
new UnifiedRoleManagementPolicyEnablementRule
{
OdataType = "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule",
Id = "Enablement_Admin_Eligibility",
EnabledRules = new List<string>
{
},
Target = new UnifiedRoleManagementPolicyRuleTarget
{
Caller = "Admin",
Operations = new List<UnifiedRoleManagementPolicyRuleTargetOperations?>
{
UnifiedRoleManagementPolicyRuleTargetOperations.All,
},
Level = "Eligibility",
InheritableSettings = new List<string>
{
},
EnforcedSettings = new List<string>
{
},
},
},
new UnifiedRoleManagementPolicyExpirationRule
{
OdataType = "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule",
Id = "Expiration_Admin_Eligibility",
IsExpirationRequired = false,
MaximumDuration = TimeSpan.Parse("P365D"),
Target = new UnifiedRoleManagementPolicyRuleTarget
{
Caller = "Admin",
Operations = new List<UnifiedRoleManagementPolicyRuleTargetOperations?>
{
UnifiedRoleManagementPolicyRuleTargetOperations.All,
},
Level = "Eligibility",
InheritableSettings = new List<string>
{
},
EnforcedSettings = new List<string>
{
},
},
},
new UnifiedRoleManagementPolicyNotificationRule
{
OdataType = "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule",
Id = "Notification_Admin_Admin_Eligibility",
NotificationType = "Email",
RecipientType = "Admin",
NotificationLevel = "All",
IsDefaultRecipientsEnabled = true,
NotificationRecipients = new List<string>
{
},
Target = new UnifiedRoleManagementPolicyRuleTarget
{
Caller = "Admin",
Operations = new List<UnifiedRoleManagementPolicyRuleTargetOperations?>
{
UnifiedRoleManagementPolicyRuleTargetOperations.All,
},
Level = "Eligibility",
InheritableSettings = new List<string>
{
},
EnforcedSettings = new List<string>
{
},
},
},
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Policies.RoleManagementPolicies["{unifiedRoleManagementPolicy-id}"].PatchAsync(requestBody);
Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider, см. в документации по SDK.
// THE CLI IS IN PREVIEW. NON-PRODUCTION USE ONLY
mgc policies role-management-policies patch --unified-role-management-policy-id {unifiedRoleManagementPolicy-id} --body '{\
"rules": [\
{\
"@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyApprovalRule",\
"id": "Approval_EndUser_Assignment",\
"target": {\
"caller": "EndUser",\
"operations": [\
"All"\
],\
"level": "Assignment",\
"inheritableSettings": [],\
"enforcedSettings": []\
},\
"setting": {\
"isApprovalRequired": false,\
"isApprovalRequiredForExtension": false,\
"isRequestorJustificationRequired": true,\
"approvalMode": "SingleStage",\
"approvalStages": [\
{\
"approvalStageTimeOutInDays": 1,\
"isApproverJustificationRequired": true,\
"escalationTimeInMinutes": 0,\
"isEscalationEnabled": false,\
"primaryApprovers": [],\
"escalationApprovers": []\
}\
]\
}\
},\
{\
"@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyAuthenticationContextRule",\
"id": "AuthenticationContext_EndUser_Assignment",\
"isEnabled": false,\
"claimValue": "",\
"target": {\
"caller": "EndUser",\
"operations": [\
"All"\
],\
"level": "Assignment",\
"inheritableSettings": [],\
"enforcedSettings": []\
}\
},\
{\
"@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule",\
"id": "Enablement_Admin_Eligibility",\
"enabledRules": [],\
"target": {\
"caller": "Admin",\
"operations": [\
"All"\
],\
"level": "Eligibility",\
"inheritableSettings": [],\
"enforcedSettings": []\
}\
},\
{\
"@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule",\
"id": "Expiration_Admin_Eligibility",\
"isExpirationRequired": false,\
"maximumDuration": "P365D",\
"target": {\
"caller": "Admin",\
"operations": [\
"All"\
],\
"level": "Eligibility",\
"inheritableSettings": [],\
"enforcedSettings": []\
}\
},\
{\
"@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule",\
"id": "Notification_Admin_Admin_Eligibility",\
"notificationType": "Email",\
"recipientType": "Admin",\
"notificationLevel": "All",\
"isDefaultRecipientsEnabled": true,\
"notificationRecipients": [],\
"target": {\
"caller": "Admin",\
"operations": [\
"All"\
],\
"level": "Eligibility",\
"inheritableSettings": [],\
"enforcedSettings": []\
}\
}\
]\
}\
'
Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider, см. в документации по SDK.
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
//other-imports
)
graphClient := msgraphsdk.NewGraphServiceClientWithCredentials(cred, scopes)
requestBody := graphmodels.NewUnifiedRoleManagementPolicy()
unifiedRoleManagementPolicyRule := graphmodels.NewUnifiedRoleManagementPolicyApprovalRule()
id := "Approval_EndUser_Assignment"
unifiedRoleManagementPolicyRule.SetId(&id)
target := graphmodels.NewUnifiedRoleManagementPolicyRuleTarget()
caller := "EndUser"
target.SetCaller(&caller)
operations := []graphmodels.UnifiedRoleManagementPolicyRuleTargetOperationsable {
unifiedRoleManagementPolicyRuleTargetOperations := graphmodels.ALL_UNIFIEDROLEMANAGEMENTPOLICYRULETARGETOPERATIONS
target.SetUnifiedRoleManagementPolicyRuleTargetOperations(&unifiedRoleManagementPolicyRuleTargetOperations)
}
target.SetOperations(operations)
level := "Assignment"
target.SetLevel(&level)
inheritableSettings := []string {
}
target.SetInheritableSettings(inheritableSettings)
enforcedSettings := []string {
}
target.SetEnforcedSettings(enforcedSettings)
unifiedRoleManagementPolicyRule.SetTarget(target)
setting := graphmodels.NewApprovalSettings()
isApprovalRequired := false
setting.SetIsApprovalRequired(&isApprovalRequired)
isApprovalRequiredForExtension := false
setting.SetIsApprovalRequiredForExtension(&isApprovalRequiredForExtension)
isRequestorJustificationRequired := true
setting.SetIsRequestorJustificationRequired(&isRequestorJustificationRequired)
approvalMode := "SingleStage"
setting.SetApprovalMode(&approvalMode)
unifiedApprovalStage := graphmodels.NewUnifiedApprovalStage()
approvalStageTimeOutInDays := int32(1)
unifiedApprovalStage.SetApprovalStageTimeOutInDays(&approvalStageTimeOutInDays)
isApproverJustificationRequired := true
unifiedApprovalStage.SetIsApproverJustificationRequired(&isApproverJustificationRequired)
escalationTimeInMinutes := int32(0)
unifiedApprovalStage.SetEscalationTimeInMinutes(&escalationTimeInMinutes)
isEscalationEnabled := false
unifiedApprovalStage.SetIsEscalationEnabled(&isEscalationEnabled)
primaryApprovers := []graphmodels.SubjectSetable {
}
unifiedApprovalStage.SetPrimaryApprovers(primaryApprovers)
escalationApprovers := []graphmodels.SubjectSetable {
}
unifiedApprovalStage.SetEscalationApprovers(escalationApprovers)
approvalStages := []graphmodels.UnifiedApprovalStageable {
unifiedApprovalStage,
}
setting.SetApprovalStages(approvalStages)
unifiedRoleManagementPolicyRule.SetSetting(setting)
unifiedRoleManagementPolicyRule1 := graphmodels.NewUnifiedRoleManagementPolicyAuthenticationContextRule()
id := "AuthenticationContext_EndUser_Assignment"
unifiedRoleManagementPolicyRule1.SetId(&id)
isEnabled := false
unifiedRoleManagementPolicyRule1.SetIsEnabled(&isEnabled)
claimValue := ""
unifiedRoleManagementPolicyRule1.SetClaimValue(&claimValue)
target := graphmodels.NewUnifiedRoleManagementPolicyRuleTarget()
caller := "EndUser"
target.SetCaller(&caller)
operations := []graphmodels.UnifiedRoleManagementPolicyRuleTargetOperationsable {
unifiedRoleManagementPolicyRuleTargetOperations := graphmodels.ALL_UNIFIEDROLEMANAGEMENTPOLICYRULETARGETOPERATIONS
target.SetUnifiedRoleManagementPolicyRuleTargetOperations(&unifiedRoleManagementPolicyRuleTargetOperations)
}
target.SetOperations(operations)
level := "Assignment"
target.SetLevel(&level)
inheritableSettings := []string {
}
target.SetInheritableSettings(inheritableSettings)
enforcedSettings := []string {
}
target.SetEnforcedSettings(enforcedSettings)
unifiedRoleManagementPolicyRule1.SetTarget(target)
unifiedRoleManagementPolicyRule2 := graphmodels.NewUnifiedRoleManagementPolicyEnablementRule()
id := "Enablement_Admin_Eligibility"
unifiedRoleManagementPolicyRule2.SetId(&id)
enabledRules := []string {
}
unifiedRoleManagementPolicyRule2.SetEnabledRules(enabledRules)
target := graphmodels.NewUnifiedRoleManagementPolicyRuleTarget()
caller := "Admin"
target.SetCaller(&caller)
operations := []graphmodels.UnifiedRoleManagementPolicyRuleTargetOperationsable {
unifiedRoleManagementPolicyRuleTargetOperations := graphmodels.ALL_UNIFIEDROLEMANAGEMENTPOLICYRULETARGETOPERATIONS
target.SetUnifiedRoleManagementPolicyRuleTargetOperations(&unifiedRoleManagementPolicyRuleTargetOperations)
}
target.SetOperations(operations)
level := "Eligibility"
target.SetLevel(&level)
inheritableSettings := []string {
}
target.SetInheritableSettings(inheritableSettings)
enforcedSettings := []string {
}
target.SetEnforcedSettings(enforcedSettings)
unifiedRoleManagementPolicyRule2.SetTarget(target)
unifiedRoleManagementPolicyRule3 := graphmodels.NewUnifiedRoleManagementPolicyExpirationRule()
id := "Expiration_Admin_Eligibility"
unifiedRoleManagementPolicyRule3.SetId(&id)
isExpirationRequired := false
unifiedRoleManagementPolicyRule3.SetIsExpirationRequired(&isExpirationRequired)
maximumDuration , err := abstractions.ParseISODuration("P365D")
unifiedRoleManagementPolicyRule3.SetMaximumDuration(&maximumDuration)
target := graphmodels.NewUnifiedRoleManagementPolicyRuleTarget()
caller := "Admin"
target.SetCaller(&caller)
operations := []graphmodels.UnifiedRoleManagementPolicyRuleTargetOperationsable {
unifiedRoleManagementPolicyRuleTargetOperations := graphmodels.ALL_UNIFIEDROLEMANAGEMENTPOLICYRULETARGETOPERATIONS
target.SetUnifiedRoleManagementPolicyRuleTargetOperations(&unifiedRoleManagementPolicyRuleTargetOperations)
}
target.SetOperations(operations)
level := "Eligibility"
target.SetLevel(&level)
inheritableSettings := []string {
}
target.SetInheritableSettings(inheritableSettings)
enforcedSettings := []string {
}
target.SetEnforcedSettings(enforcedSettings)
unifiedRoleManagementPolicyRule3.SetTarget(target)
unifiedRoleManagementPolicyRule4 := graphmodels.NewUnifiedRoleManagementPolicyNotificationRule()
id := "Notification_Admin_Admin_Eligibility"
unifiedRoleManagementPolicyRule4.SetId(&id)
notificationType := "Email"
unifiedRoleManagementPolicyRule4.SetNotificationType(¬ificationType)
recipientType := "Admin"
unifiedRoleManagementPolicyRule4.SetRecipientType(&recipientType)
notificationLevel := "All"
unifiedRoleManagementPolicyRule4.SetNotificationLevel(¬ificationLevel)
isDefaultRecipientsEnabled := true
unifiedRoleManagementPolicyRule4.SetIsDefaultRecipientsEnabled(&isDefaultRecipientsEnabled)
notificationRecipients := []string {
}
unifiedRoleManagementPolicyRule4.SetNotificationRecipients(notificationRecipients)
target := graphmodels.NewUnifiedRoleManagementPolicyRuleTarget()
caller := "Admin"
target.SetCaller(&caller)
operations := []graphmodels.UnifiedRoleManagementPolicyRuleTargetOperationsable {
unifiedRoleManagementPolicyRuleTargetOperations := graphmodels.ALL_UNIFIEDROLEMANAGEMENTPOLICYRULETARGETOPERATIONS
target.SetUnifiedRoleManagementPolicyRuleTargetOperations(&unifiedRoleManagementPolicyRuleTargetOperations)
}
target.SetOperations(operations)
level := "Eligibility"
target.SetLevel(&level)
inheritableSettings := []string {
}
target.SetInheritableSettings(inheritableSettings)
enforcedSettings := []string {
}
target.SetEnforcedSettings(enforcedSettings)
unifiedRoleManagementPolicyRule4.SetTarget(target)
rules := []graphmodels.UnifiedRoleManagementPolicyRuleable {
unifiedRoleManagementPolicyRule,
unifiedRoleManagementPolicyRule1,
unifiedRoleManagementPolicyRule2,
unifiedRoleManagementPolicyRule3,
unifiedRoleManagementPolicyRule4,
}
requestBody.SetRules(rules)
roleManagementPolicies, err := graphClient.Policies().RoleManagementPolicies().ByUnifiedRoleManagementPolicyId("unifiedRoleManagementPolicy-id").Patch(context.Background(), requestBody, nil)
Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider, см. в документации по SDK.
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
UnifiedRoleManagementPolicy unifiedRoleManagementPolicy = new UnifiedRoleManagementPolicy();
LinkedList<UnifiedRoleManagementPolicyRule> rules = new LinkedList<UnifiedRoleManagementPolicyRule>();
UnifiedRoleManagementPolicyApprovalRule unifiedRoleManagementPolicyRule = new UnifiedRoleManagementPolicyApprovalRule();
unifiedRoleManagementPolicyRule.setOdataType("#microsoft.graph.unifiedRoleManagementPolicyApprovalRule");
unifiedRoleManagementPolicyRule.setId("Approval_EndUser_Assignment");
UnifiedRoleManagementPolicyRuleTarget target = new UnifiedRoleManagementPolicyRuleTarget();
target.setCaller("EndUser");
LinkedList<UnifiedRoleManagementPolicyRuleTargetOperations> operations = new LinkedList<UnifiedRoleManagementPolicyRuleTargetOperations>();
operations.add(UnifiedRoleManagementPolicyRuleTargetOperations.All);
target.setOperations(operations);
target.setLevel("Assignment");
LinkedList<String> inheritableSettings = new LinkedList<String>();
target.setInheritableSettings(inheritableSettings);
LinkedList<String> enforcedSettings = new LinkedList<String>();
target.setEnforcedSettings(enforcedSettings);
unifiedRoleManagementPolicyRule.setTarget(target);
ApprovalSettings setting = new ApprovalSettings();
setting.setIsApprovalRequired(false);
setting.setIsApprovalRequiredForExtension(false);
setting.setIsRequestorJustificationRequired(true);
setting.setApprovalMode("SingleStage");
LinkedList<UnifiedApprovalStage> approvalStages = new LinkedList<UnifiedApprovalStage>();
UnifiedApprovalStage unifiedApprovalStage = new UnifiedApprovalStage();
unifiedApprovalStage.setApprovalStageTimeOutInDays(1);
unifiedApprovalStage.setIsApproverJustificationRequired(true);
unifiedApprovalStage.setEscalationTimeInMinutes(0);
unifiedApprovalStage.setIsEscalationEnabled(false);
LinkedList<SubjectSet> primaryApprovers = new LinkedList<SubjectSet>();
unifiedApprovalStage.setPrimaryApprovers(primaryApprovers);
LinkedList<SubjectSet> escalationApprovers = new LinkedList<SubjectSet>();
unifiedApprovalStage.setEscalationApprovers(escalationApprovers);
approvalStages.add(unifiedApprovalStage);
setting.setApprovalStages(approvalStages);
unifiedRoleManagementPolicyRule.setSetting(setting);
rules.add(unifiedRoleManagementPolicyRule);
UnifiedRoleManagementPolicyAuthenticationContextRule unifiedRoleManagementPolicyRule1 = new UnifiedRoleManagementPolicyAuthenticationContextRule();
unifiedRoleManagementPolicyRule1.setOdataType("#microsoft.graph.unifiedRoleManagementPolicyAuthenticationContextRule");
unifiedRoleManagementPolicyRule1.setId("AuthenticationContext_EndUser_Assignment");
unifiedRoleManagementPolicyRule1.setIsEnabled(false);
unifiedRoleManagementPolicyRule1.setClaimValue("");
UnifiedRoleManagementPolicyRuleTarget target1 = new UnifiedRoleManagementPolicyRuleTarget();
target1.setCaller("EndUser");
LinkedList<UnifiedRoleManagementPolicyRuleTargetOperations> operations1 = new LinkedList<UnifiedRoleManagementPolicyRuleTargetOperations>();
operations1.add(UnifiedRoleManagementPolicyRuleTargetOperations.All);
target1.setOperations(operations1);
target1.setLevel("Assignment");
LinkedList<String> inheritableSettings1 = new LinkedList<String>();
target1.setInheritableSettings(inheritableSettings1);
LinkedList<String> enforcedSettings1 = new LinkedList<String>();
target1.setEnforcedSettings(enforcedSettings1);
unifiedRoleManagementPolicyRule1.setTarget(target1);
rules.add(unifiedRoleManagementPolicyRule1);
UnifiedRoleManagementPolicyEnablementRule unifiedRoleManagementPolicyRule2 = new UnifiedRoleManagementPolicyEnablementRule();
unifiedRoleManagementPolicyRule2.setOdataType("#microsoft.graph.unifiedRoleManagementPolicyEnablementRule");
unifiedRoleManagementPolicyRule2.setId("Enablement_Admin_Eligibility");
LinkedList<String> enabledRules = new LinkedList<String>();
unifiedRoleManagementPolicyRule2.setEnabledRules(enabledRules);
UnifiedRoleManagementPolicyRuleTarget target2 = new UnifiedRoleManagementPolicyRuleTarget();
target2.setCaller("Admin");
LinkedList<UnifiedRoleManagementPolicyRuleTargetOperations> operations2 = new LinkedList<UnifiedRoleManagementPolicyRuleTargetOperations>();
operations2.add(UnifiedRoleManagementPolicyRuleTargetOperations.All);
target2.setOperations(operations2);
target2.setLevel("Eligibility");
LinkedList<String> inheritableSettings2 = new LinkedList<String>();
target2.setInheritableSettings(inheritableSettings2);
LinkedList<String> enforcedSettings2 = new LinkedList<String>();
target2.setEnforcedSettings(enforcedSettings2);
unifiedRoleManagementPolicyRule2.setTarget(target2);
rules.add(unifiedRoleManagementPolicyRule2);
UnifiedRoleManagementPolicyExpirationRule unifiedRoleManagementPolicyRule3 = new UnifiedRoleManagementPolicyExpirationRule();
unifiedRoleManagementPolicyRule3.setOdataType("#microsoft.graph.unifiedRoleManagementPolicyExpirationRule");
unifiedRoleManagementPolicyRule3.setId("Expiration_Admin_Eligibility");
unifiedRoleManagementPolicyRule3.setIsExpirationRequired(false);
PeriodAndDuration maximumDuration = PeriodAndDuration.ofDuration(Duration.parse("P365D"));
unifiedRoleManagementPolicyRule3.setMaximumDuration(maximumDuration);
UnifiedRoleManagementPolicyRuleTarget target3 = new UnifiedRoleManagementPolicyRuleTarget();
target3.setCaller("Admin");
LinkedList<UnifiedRoleManagementPolicyRuleTargetOperations> operations3 = new LinkedList<UnifiedRoleManagementPolicyRuleTargetOperations>();
operations3.add(UnifiedRoleManagementPolicyRuleTargetOperations.All);
target3.setOperations(operations3);
target3.setLevel("Eligibility");
LinkedList<String> inheritableSettings3 = new LinkedList<String>();
target3.setInheritableSettings(inheritableSettings3);
LinkedList<String> enforcedSettings3 = new LinkedList<String>();
target3.setEnforcedSettings(enforcedSettings3);
unifiedRoleManagementPolicyRule3.setTarget(target3);
rules.add(unifiedRoleManagementPolicyRule3);
UnifiedRoleManagementPolicyNotificationRule unifiedRoleManagementPolicyRule4 = new UnifiedRoleManagementPolicyNotificationRule();
unifiedRoleManagementPolicyRule4.setOdataType("#microsoft.graph.unifiedRoleManagementPolicyNotificationRule");
unifiedRoleManagementPolicyRule4.setId("Notification_Admin_Admin_Eligibility");
unifiedRoleManagementPolicyRule4.setNotificationType("Email");
unifiedRoleManagementPolicyRule4.setRecipientType("Admin");
unifiedRoleManagementPolicyRule4.setNotificationLevel("All");
unifiedRoleManagementPolicyRule4.setIsDefaultRecipientsEnabled(true);
LinkedList<String> notificationRecipients = new LinkedList<String>();
unifiedRoleManagementPolicyRule4.setNotificationRecipients(notificationRecipients);
UnifiedRoleManagementPolicyRuleTarget target4 = new UnifiedRoleManagementPolicyRuleTarget();
target4.setCaller("Admin");
LinkedList<UnifiedRoleManagementPolicyRuleTargetOperations> operations4 = new LinkedList<UnifiedRoleManagementPolicyRuleTargetOperations>();
operations4.add(UnifiedRoleManagementPolicyRuleTargetOperations.All);
target4.setOperations(operations4);
target4.setLevel("Eligibility");
LinkedList<String> inheritableSettings4 = new LinkedList<String>();
target4.setInheritableSettings(inheritableSettings4);
LinkedList<String> enforcedSettings4 = new LinkedList<String>();
target4.setEnforcedSettings(enforcedSettings4);
unifiedRoleManagementPolicyRule4.setTarget(target4);
rules.add(unifiedRoleManagementPolicyRule4);
unifiedRoleManagementPolicy.setRules(rules);
UnifiedRoleManagementPolicy result = graphClient.policies().roleManagementPolicies().byUnifiedRoleManagementPolicyId("{unifiedRoleManagementPolicy-id}").patch(unifiedRoleManagementPolicy);
Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider, см. в документации по SDK.
const options = {
authProvider,
};
const client = Client.init(options);
const unifiedRoleManagementPolicy = {
rules: [
{
'@odata.type': '#microsoft.graph.unifiedRoleManagementPolicyApprovalRule',
id: 'Approval_EndUser_Assignment',
target: {
caller: 'EndUser',
operations: [
'All'
],
level: 'Assignment',
inheritableSettings: [],
enforcedSettings: []
},
setting: {
isApprovalRequired: false,
isApprovalRequiredForExtension: false,
isRequestorJustificationRequired: true,
approvalMode: 'SingleStage',
approvalStages: [
{
approvalStageTimeOutInDays: 1,
isApproverJustificationRequired: true,
escalationTimeInMinutes: 0,
isEscalationEnabled: false,
primaryApprovers: [],
escalationApprovers: []
}
]
}
},
{
'@odata.type': '#microsoft.graph.unifiedRoleManagementPolicyAuthenticationContextRule',
id: 'AuthenticationContext_EndUser_Assignment',
isEnabled: false,
claimValue: '',
target: {
caller: 'EndUser',
operations: [
'All'
],
level: 'Assignment',
inheritableSettings: [],
enforcedSettings: []
}
},
{
'@odata.type': '#microsoft.graph.unifiedRoleManagementPolicyEnablementRule',
id: 'Enablement_Admin_Eligibility',
enabledRules: [],
target: {
caller: 'Admin',
operations: [
'All'
],
level: 'Eligibility',
inheritableSettings: [],
enforcedSettings: []
}
},
{
'@odata.type': '#microsoft.graph.unifiedRoleManagementPolicyExpirationRule',
id: 'Expiration_Admin_Eligibility',
isExpirationRequired: false,
maximumDuration: 'P365D',
target: {
caller: 'Admin',
operations: [
'All'
],
level: 'Eligibility',
inheritableSettings: [],
enforcedSettings: []
}
},
{
'@odata.type': '#microsoft.graph.unifiedRoleManagementPolicyNotificationRule',
id: 'Notification_Admin_Admin_Eligibility',
notificationType: 'Email',
recipientType: 'Admin',
notificationLevel: 'All',
isDefaultRecipientsEnabled: true,
notificationRecipients: [],
target: {
caller: 'Admin',
operations: [
'All'
],
level: 'Eligibility',
inheritableSettings: [],
enforcedSettings: []
}
}
]
};
await client.api('/policies/roleManagementPolicies/DirectoryRole_2132228a-d66e-401c-ab8a-a8ae31254a36_0f8c4bbc-4f1a-421c-b63d-a68f571b7fab')
.update(unifiedRoleManagementPolicy);
Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider, см. в документации по SDK.
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\UnifiedRoleManagementPolicy;
use Microsoft\Graph\Generated\Models\UnifiedRoleManagementPolicyRule;
use Microsoft\Graph\Generated\Models\UnifiedRoleManagementPolicyApprovalRule;
use Microsoft\Graph\Generated\Models\UnifiedRoleManagementPolicyRuleTarget;
use Microsoft\Graph\Generated\Models\UnifiedRoleManagementPolicyRuleTargetOperations;
use Microsoft\Graph\Generated\Models\ApprovalSettings;
use Microsoft\Graph\Generated\Models\UnifiedApprovalStage;
use Microsoft\Graph\Generated\Models\SubjectSet;
use Microsoft\Graph\Generated\Models\UnifiedRoleManagementPolicyAuthenticationContextRule;
use Microsoft\Graph\Generated\Models\UnifiedRoleManagementPolicyEnablementRule;
use Microsoft\Graph\Generated\Models\UnifiedRoleManagementPolicyExpirationRule;
use Microsoft\Graph\Generated\Models\UnifiedRoleManagementPolicyNotificationRule;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new UnifiedRoleManagementPolicy();
$rulesUnifiedRoleManagementPolicyRule1 = new UnifiedRoleManagementPolicyApprovalRule();
$rulesUnifiedRoleManagementPolicyRule1->setOdataType('#microsoft.graph.unifiedRoleManagementPolicyApprovalRule');
$rulesUnifiedRoleManagementPolicyRule1->setId('Approval_EndUser_Assignment');
$rulesUnifiedRoleManagementPolicyRule1Target = new UnifiedRoleManagementPolicyRuleTarget();
$rulesUnifiedRoleManagementPolicyRule1Target->setCaller('EndUser');
$rulesUnifiedRoleManagementPolicyRule1Target->setOperations([new UnifiedRoleManagementPolicyRuleTargetOperations('all'), ]);
$rulesUnifiedRoleManagementPolicyRule1Target->setLevel('Assignment');
$rulesUnifiedRoleManagementPolicyRule1Target->setInheritableSettings([ ]);
$rulesUnifiedRoleManagementPolicyRule1Target->setEnforcedSettings([ ]);
$rulesUnifiedRoleManagementPolicyRule1->setTarget($rulesUnifiedRoleManagementPolicyRule1Target);
$rulesUnifiedRoleManagementPolicyRule1Setting = new ApprovalSettings();
$rulesUnifiedRoleManagementPolicyRule1Setting->setIsApprovalRequired(false);
$rulesUnifiedRoleManagementPolicyRule1Setting->setIsApprovalRequiredForExtension(false);
$rulesUnifiedRoleManagementPolicyRule1Setting->setIsRequestorJustificationRequired(true);
$rulesUnifiedRoleManagementPolicyRule1Setting->setApprovalMode('SingleStage');
$approvalStagesUnifiedApprovalStage1 = new UnifiedApprovalStage();
$approvalStagesUnifiedApprovalStage1->setApprovalStageTimeOutInDays(1);
$approvalStagesUnifiedApprovalStage1->setIsApproverJustificationRequired(true);
$approvalStagesUnifiedApprovalStage1->setEscalationTimeInMinutes(0);
$approvalStagesUnifiedApprovalStage1->setIsEscalationEnabled(false);
$approvalStagesUnifiedApprovalStage1->setPrimaryApprovers([ ]);
$approvalStagesUnifiedApprovalStage1->setEscalationApprovers([ ]);
$approvalStagesArray []= $approvalStagesUnifiedApprovalStage1;
$rulesUnifiedRoleManagementPolicyRule1Setting->setApprovalStages($approvalStagesArray);
$rulesUnifiedRoleManagementPolicyRule1->setSetting($rulesUnifiedRoleManagementPolicyRule1Setting);
$rulesArray []= $rulesUnifiedRoleManagementPolicyRule1;
$rulesUnifiedRoleManagementPolicyRule2 = new UnifiedRoleManagementPolicyAuthenticationContextRule();
$rulesUnifiedRoleManagementPolicyRule2->setOdataType('#microsoft.graph.unifiedRoleManagementPolicyAuthenticationContextRule');
$rulesUnifiedRoleManagementPolicyRule2->setId('AuthenticationContext_EndUser_Assignment');
$rulesUnifiedRoleManagementPolicyRule2->setIsEnabled(false);
$rulesUnifiedRoleManagementPolicyRule2->setClaimValue('');
$rulesUnifiedRoleManagementPolicyRule2Target = new UnifiedRoleManagementPolicyRuleTarget();
$rulesUnifiedRoleManagementPolicyRule2Target->setCaller('EndUser');
$rulesUnifiedRoleManagementPolicyRule2Target->setOperations([new UnifiedRoleManagementPolicyRuleTargetOperations('all'),]);
$rulesUnifiedRoleManagementPolicyRule2Target->setLevel('Assignment');
$rulesUnifiedRoleManagementPolicyRule2Target->setInheritableSettings([]);
$rulesUnifiedRoleManagementPolicyRule2Target->setEnforcedSettings([]);
$rulesUnifiedRoleManagementPolicyRule2->setTarget($rulesUnifiedRoleManagementPolicyRule2Target);
$rulesArray []= $rulesUnifiedRoleManagementPolicyRule2;
$rulesUnifiedRoleManagementPolicyRule3 = new UnifiedRoleManagementPolicyEnablementRule();
$rulesUnifiedRoleManagementPolicyRule3->setOdataType('#microsoft.graph.unifiedRoleManagementPolicyEnablementRule');
$rulesUnifiedRoleManagementPolicyRule3->setId('Enablement_Admin_Eligibility');
$rulesUnifiedRoleManagementPolicyRule3->setEnabledRules([]);
$rulesUnifiedRoleManagementPolicyRule3Target = new UnifiedRoleManagementPolicyRuleTarget();
$rulesUnifiedRoleManagementPolicyRule3Target->setCaller('Admin');
$rulesUnifiedRoleManagementPolicyRule3Target->setOperations([new UnifiedRoleManagementPolicyRuleTargetOperations('all'),]);
$rulesUnifiedRoleManagementPolicyRule3Target->setLevel('Eligibility');
$rulesUnifiedRoleManagementPolicyRule3Target->setInheritableSettings([]);
$rulesUnifiedRoleManagementPolicyRule3Target->setEnforcedSettings([]);
$rulesUnifiedRoleManagementPolicyRule3->setTarget($rulesUnifiedRoleManagementPolicyRule3Target);
$rulesArray []= $rulesUnifiedRoleManagementPolicyRule3;
$rulesUnifiedRoleManagementPolicyRule4 = new UnifiedRoleManagementPolicyExpirationRule();
$rulesUnifiedRoleManagementPolicyRule4->setOdataType('#microsoft.graph.unifiedRoleManagementPolicyExpirationRule');
$rulesUnifiedRoleManagementPolicyRule4->setId('Expiration_Admin_Eligibility');
$rulesUnifiedRoleManagementPolicyRule4->setIsExpirationRequired(false);
$rulesUnifiedRoleManagementPolicyRule4->setMaximumDuration(new \DateInterval('P365D'));
$rulesUnifiedRoleManagementPolicyRule4Target = new UnifiedRoleManagementPolicyRuleTarget();
$rulesUnifiedRoleManagementPolicyRule4Target->setCaller('Admin');
$rulesUnifiedRoleManagementPolicyRule4Target->setOperations([new UnifiedRoleManagementPolicyRuleTargetOperations('all'),]);
$rulesUnifiedRoleManagementPolicyRule4Target->setLevel('Eligibility');
$rulesUnifiedRoleManagementPolicyRule4Target->setInheritableSettings([]);
$rulesUnifiedRoleManagementPolicyRule4Target->setEnforcedSettings([]);
$rulesUnifiedRoleManagementPolicyRule4->setTarget($rulesUnifiedRoleManagementPolicyRule4Target);
$rulesArray []= $rulesUnifiedRoleManagementPolicyRule4;
$rulesUnifiedRoleManagementPolicyRule5 = new UnifiedRoleManagementPolicyNotificationRule();
$rulesUnifiedRoleManagementPolicyRule5->setOdataType('#microsoft.graph.unifiedRoleManagementPolicyNotificationRule');
$rulesUnifiedRoleManagementPolicyRule5->setId('Notification_Admin_Admin_Eligibility');
$rulesUnifiedRoleManagementPolicyRule5->setNotificationType('Email');
$rulesUnifiedRoleManagementPolicyRule5->setRecipientType('Admin');
$rulesUnifiedRoleManagementPolicyRule5->setNotificationLevel('All');
$rulesUnifiedRoleManagementPolicyRule5->setIsDefaultRecipientsEnabled(true);
$rulesUnifiedRoleManagementPolicyRule5->setNotificationRecipients([]);
$rulesUnifiedRoleManagementPolicyRule5Target = new UnifiedRoleManagementPolicyRuleTarget();
$rulesUnifiedRoleManagementPolicyRule5Target->setCaller('Admin');
$rulesUnifiedRoleManagementPolicyRule5Target->setOperations([new UnifiedRoleManagementPolicyRuleTargetOperations('all'),]);
$rulesUnifiedRoleManagementPolicyRule5Target->setLevel('Eligibility');
$rulesUnifiedRoleManagementPolicyRule5Target->setInheritableSettings([]);
$rulesUnifiedRoleManagementPolicyRule5Target->setEnforcedSettings([]);
$rulesUnifiedRoleManagementPolicyRule5->setTarget($rulesUnifiedRoleManagementPolicyRule5Target);
$rulesArray []= $rulesUnifiedRoleManagementPolicyRule5;
$requestBody->setRules($rulesArray);
$result = $graphServiceClient->policies()->roleManagementPolicies()->byUnifiedRoleManagementPolicyId('unifiedRoleManagementPolicy-id')->patch($requestBody)->wait();
Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider, см. в документации по SDK.
Import-Module Microsoft.Graph.Identity.SignIns
$params = @{
rules = @(
@{
"@odata.type" = "#microsoft.graph.unifiedRoleManagementPolicyApprovalRule"
id = "Approval_EndUser_Assignment"
target = @{
caller = "EndUser"
operations = @(
"All"
)
level = "Assignment"
inheritableSettings = @(
)
enforcedSettings = @(
)
}
setting = @{
isApprovalRequired = $false
isApprovalRequiredForExtension = $false
isRequestorJustificationRequired = $true
approvalMode = "SingleStage"
approvalStages = @(
@{
approvalStageTimeOutInDays =
isApproverJustificationRequired = $true
escalationTimeInMinutes =
isEscalationEnabled = $false
primaryApprovers = @(
)
escalationApprovers = @(
)
}
)
}
}
@{
"@odata.type" = "#microsoft.graph.unifiedRoleManagementPolicyAuthenticationContextRule"
id = "AuthenticationContext_EndUser_Assignment"
isEnabled = $false
claimValue = ""
target = @{
caller = "EndUser"
operations = @(
"All"
)
level = "Assignment"
inheritableSettings = @(
)
enforcedSettings = @(
)
}
}
@{
"@odata.type" = "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule"
id = "Enablement_Admin_Eligibility"
enabledRules = @(
)
target = @{
caller = "Admin"
operations = @(
"All"
)
level = "Eligibility"
inheritableSettings = @(
)
enforcedSettings = @(
)
}
}
@{
"@odata.type" = "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule"
id = "Expiration_Admin_Eligibility"
isExpirationRequired = $false
maximumDuration = "P365D"
target = @{
caller = "Admin"
operations = @(
"All"
)
level = "Eligibility"
inheritableSettings = @(
)
enforcedSettings = @(
)
}
}
@{
"@odata.type" = "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule"
id = "Notification_Admin_Admin_Eligibility"
notificationType = "Email"
recipientType = "Admin"
notificationLevel = "All"
isDefaultRecipientsEnabled = $true
notificationRecipients = @(
)
target = @{
caller = "Admin"
operations = @(
"All"
)
level = "Eligibility"
inheritableSettings = @(
)
enforcedSettings = @(
)
}
}
)
}
Update-MgPolicyRoleManagementPolicy -UnifiedRoleManagementPolicyId $unifiedRoleManagementPolicyId -BodyParameter $params
Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider, см. в документации по SDK.
from msgraph import GraphServiceClient
from msgraph.generated.models.unified_role_management_policy import UnifiedRoleManagementPolicy
from msgraph.generated.models.unified_role_management_policy_rule import UnifiedRoleManagementPolicyRule
from msgraph.generated.models.unified_role_management_policy_approval_rule import UnifiedRoleManagementPolicyApprovalRule
from msgraph.generated.models.unified_role_management_policy_rule_target import UnifiedRoleManagementPolicyRuleTarget
from msgraph.generated.models.unified_role_management_policy_rule_target_operations import UnifiedRoleManagementPolicyRuleTargetOperations
from msgraph.generated.models.approval_settings import ApprovalSettings
from msgraph.generated.models.unified_approval_stage import UnifiedApprovalStage
from msgraph.generated.models.subject_set import SubjectSet
from msgraph.generated.models.unified_role_management_policy_authentication_context_rule import UnifiedRoleManagementPolicyAuthenticationContextRule
from msgraph.generated.models.unified_role_management_policy_enablement_rule import UnifiedRoleManagementPolicyEnablementRule
from msgraph.generated.models.unified_role_management_policy_expiration_rule import UnifiedRoleManagementPolicyExpirationRule
from msgraph.generated.models.unified_role_management_policy_notification_rule import UnifiedRoleManagementPolicyNotificationRule
graph_client = GraphServiceClient(credentials, scopes)
request_body = UnifiedRoleManagementPolicy(
rules = [
UnifiedRoleManagementPolicyApprovalRule(
odata_type = "#microsoft.graph.unifiedRoleManagementPolicyApprovalRule",
id = "Approval_EndUser_Assignment",
target = UnifiedRoleManagementPolicyRuleTarget(
caller = "EndUser",
operations = [
UnifiedRoleManagementPolicyRuleTargetOperations.All,
],
level = "Assignment",
inheritable_settings = [
],
enforced_settings = [
],
),
setting = ApprovalSettings(
is_approval_required = False,
is_approval_required_for_extension = False,
is_requestor_justification_required = True,
approval_mode = "SingleStage",
approval_stages = [
UnifiedApprovalStage(
approval_stage_time_out_in_days = 1,
is_approver_justification_required = True,
escalation_time_in_minutes = 0,
is_escalation_enabled = False,
primary_approvers = [
],
escalation_approvers = [
],
),
],
),
),
UnifiedRoleManagementPolicyAuthenticationContextRule(
odata_type = "#microsoft.graph.unifiedRoleManagementPolicyAuthenticationContextRule",
id = "AuthenticationContext_EndUser_Assignment",
is_enabled = False,
claim_value = "",
target = UnifiedRoleManagementPolicyRuleTarget(
caller = "EndUser",
operations = [
UnifiedRoleManagementPolicyRuleTargetOperations.All,
],
level = "Assignment",
inheritable_settings = [
],
enforced_settings = [
],
),
),
UnifiedRoleManagementPolicyEnablementRule(
odata_type = "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule",
id = "Enablement_Admin_Eligibility",
enabled_rules = [
],
target = UnifiedRoleManagementPolicyRuleTarget(
caller = "Admin",
operations = [
UnifiedRoleManagementPolicyRuleTargetOperations.All,
],
level = "Eligibility",
inheritable_settings = [
],
enforced_settings = [
],
),
),
UnifiedRoleManagementPolicyExpirationRule(
odata_type = "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule",
id = "Expiration_Admin_Eligibility",
is_expiration_required = False,
maximum_duration = "P365D",
target = UnifiedRoleManagementPolicyRuleTarget(
caller = "Admin",
operations = [
UnifiedRoleManagementPolicyRuleTargetOperations.All,
],
level = "Eligibility",
inheritable_settings = [
],
enforced_settings = [
],
),
),
UnifiedRoleManagementPolicyNotificationRule(
odata_type = "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule",
id = "Notification_Admin_Admin_Eligibility",
notification_type = "Email",
recipient_type = "Admin",
notification_level = "All",
is_default_recipients_enabled = True,
notification_recipients = [
],
target = UnifiedRoleManagementPolicyRuleTarget(
caller = "Admin",
operations = [
UnifiedRoleManagementPolicyRuleTargetOperations.All,
],
level = "Eligibility",
inheritable_settings = [
],
enforced_settings = [
],
),
),
],
)
result = await graph_client.policies.role_management_policies.by_unified_role_management_policy_id('unifiedRoleManagementPolicy-id').patch(request_body)
Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider, см. в документации по SDK.
Отклик
Ниже показан пример отклика.
HTTP/1.1 200 OK
Content-Type: application/json
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#policies/roleManagementPolicies/$entity",
"id": "DirectoryRole_2132228a-d66e-401c-ab8a-a8ae31254a36_0f8c4bbc-4f1a-421c-b63d-a68f571b7fab",
"displayName": "DirectoryRole",
"description": "DirectoryRole",
"isOrganizationDefault": false,
"scopeId": "/",
"scopeType": "DirectoryRole",
"lastModifiedDateTime": "2023-10-01T19:27:32.663Z",
"lastModifiedBy": {
"displayName": "Test User 1",
"id": null
}
}
Пример 2. Обновление сведений о политике, определенной в PIM для групп
Запрос
Ниже показан пример запроса.
PATCH https://graph.microsoft.com/v1.0/policies/roleManagementPolicies/Group_60bba733-f09d-49b7-8445-32369aa066b3_f21b26d9-9ff9-4af1-b1d4-bddf28591369
Content-Type: application/json
{
"rules": [
{
"@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyApprovalRule",
"id": "Approval_EndUser_Assignment",
"target": {
"caller": "EndUser",
"operations": [
"All"
],
"level": "Assignment",
"inheritableSettings": [],
"enforcedSettings": []
},
"setting": {
"isApprovalRequired": true,
"isApprovalRequiredForExtension": false,
"isRequestorJustificationRequired": true,
"approvalMode": "SingleStage",
"approvalStages": [
{
"approvalStageTimeOutInDays": 1,
"isApproverJustificationRequired": true,
"escalationTimeInMinutes": 0,
"isEscalationEnabled": false,
"primaryApprovers": [
{
"@odata.type": "#microsoft.graph.singleUser",
"isBackup": false,
"id": "c277c8cb-6bb7-42e5-a17f-0add9a718151",
"description": null
}
],
"escalationApprovers": []
}
]
}
},
{
"@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyAuthenticationContextRule",
"id": "AuthenticationContext_EndUser_Assignment",
"isEnabled": false,
"claimValue": "",
"target": {
"caller": "EndUser",
"operations": [
"All"
],
"level": "Assignment",
"inheritableSettings": [],
"enforcedSettings": []
}
},
{
"@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule",
"id": "Enablement_Admin_Eligibility",
"enabledRules": [],
"target": {
"caller": "Admin",
"operations": [
"All"
],
"level": "Eligibility",
"inheritableSettings": [],
"enforcedSettings": []
}
},
{
"@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule",
"id": "Expiration_Admin_Eligibility",
"isExpirationRequired": true,
"maximumDuration": "P365D",
"target": {
"caller": "Admin",
"operations": [
"All"
],
"level": "Eligibility",
"inheritableSettings": [],
"enforcedSettings": []
}
},
{
"@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule",
"id": "Notification_Admin_Admin_Eligibility",
"notificationType": "Email",
"recipientType": "Admin",
"notificationLevel": "All",
"isDefaultRecipientsEnabled": true,
"notificationRecipients": [],
"target": {
"caller": "Admin",
"operations": [
"All"
],
"level": "Eligibility",
"inheritableSettings": [],
"enforcedSettings": []
}
}
]
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Models;
var requestBody = new UnifiedRoleManagementPolicy
{
Rules = new List<UnifiedRoleManagementPolicyRule>
{
new UnifiedRoleManagementPolicyApprovalRule
{
OdataType = "#microsoft.graph.unifiedRoleManagementPolicyApprovalRule",
Id = "Approval_EndUser_Assignment",
Target = new UnifiedRoleManagementPolicyRuleTarget
{
Caller = "EndUser",
Operations = new List<UnifiedRoleManagementPolicyRuleTargetOperations?>
{
UnifiedRoleManagementPolicyRuleTargetOperations.All,
},
Level = "Assignment",
InheritableSettings = new List<string>
{
},
EnforcedSettings = new List<string>
{
},
},
Setting = new ApprovalSettings
{
IsApprovalRequired = true,
IsApprovalRequiredForExtension = false,
IsRequestorJustificationRequired = true,
ApprovalMode = "SingleStage",
ApprovalStages = new List<UnifiedApprovalStage>
{
new UnifiedApprovalStage
{
ApprovalStageTimeOutInDays = 1,
IsApproverJustificationRequired = true,
EscalationTimeInMinutes = 0,
IsEscalationEnabled = false,
PrimaryApprovers = new List<SubjectSet>
{
new SingleUser
{
OdataType = "#microsoft.graph.singleUser",
Description = null,
AdditionalData = new Dictionary<string, object>
{
{
"isBackup" , false
},
{
"id" , "c277c8cb-6bb7-42e5-a17f-0add9a718151"
},
},
},
},
EscalationApprovers = new List<SubjectSet>
{
},
},
},
},
},
new UnifiedRoleManagementPolicyAuthenticationContextRule
{
OdataType = "#microsoft.graph.unifiedRoleManagementPolicyAuthenticationContextRule",
Id = "AuthenticationContext_EndUser_Assignment",
IsEnabled = false,
ClaimValue = "",
Target = new UnifiedRoleManagementPolicyRuleTarget
{
Caller = "EndUser",
Operations = new List<UnifiedRoleManagementPolicyRuleTargetOperations?>
{
UnifiedRoleManagementPolicyRuleTargetOperations.All,
},
Level = "Assignment",
InheritableSettings = new List<string>
{
},
EnforcedSettings = new List<string>
{
},
},
},
new UnifiedRoleManagementPolicyEnablementRule
{
OdataType = "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule",
Id = "Enablement_Admin_Eligibility",
EnabledRules = new List<string>
{
},
Target = new UnifiedRoleManagementPolicyRuleTarget
{
Caller = "Admin",
Operations = new List<UnifiedRoleManagementPolicyRuleTargetOperations?>
{
UnifiedRoleManagementPolicyRuleTargetOperations.All,
},
Level = "Eligibility",
InheritableSettings = new List<string>
{
},
EnforcedSettings = new List<string>
{
},
},
},
new UnifiedRoleManagementPolicyExpirationRule
{
OdataType = "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule",
Id = "Expiration_Admin_Eligibility",
IsExpirationRequired = true,
MaximumDuration = TimeSpan.Parse("P365D"),
Target = new UnifiedRoleManagementPolicyRuleTarget
{
Caller = "Admin",
Operations = new List<UnifiedRoleManagementPolicyRuleTargetOperations?>
{
UnifiedRoleManagementPolicyRuleTargetOperations.All,
},
Level = "Eligibility",
InheritableSettings = new List<string>
{
},
EnforcedSettings = new List<string>
{
},
},
},
new UnifiedRoleManagementPolicyNotificationRule
{
OdataType = "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule",
Id = "Notification_Admin_Admin_Eligibility",
NotificationType = "Email",
RecipientType = "Admin",
NotificationLevel = "All",
IsDefaultRecipientsEnabled = true,
NotificationRecipients = new List<string>
{
},
Target = new UnifiedRoleManagementPolicyRuleTarget
{
Caller = "Admin",
Operations = new List<UnifiedRoleManagementPolicyRuleTargetOperations?>
{
UnifiedRoleManagementPolicyRuleTargetOperations.All,
},
Level = "Eligibility",
InheritableSettings = new List<string>
{
},
EnforcedSettings = new List<string>
{
},
},
},
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Policies.RoleManagementPolicies["{unifiedRoleManagementPolicy-id}"].PatchAsync(requestBody);
Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider, см. в документации по SDK.
// THE CLI IS IN PREVIEW. NON-PRODUCTION USE ONLY
mgc policies role-management-policies patch --unified-role-management-policy-id {unifiedRoleManagementPolicy-id} --body '{\
"rules": [\
{\
"@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyApprovalRule",\
"id": "Approval_EndUser_Assignment",\
"target": {\
"caller": "EndUser",\
"operations": [\
"All"\
],\
"level": "Assignment",\
"inheritableSettings": [],\
"enforcedSettings": []\
},\
"setting": {\
"isApprovalRequired": true,\
"isApprovalRequiredForExtension": false,\
"isRequestorJustificationRequired": true,\
"approvalMode": "SingleStage",\
"approvalStages": [\
{\
"approvalStageTimeOutInDays": 1,\
"isApproverJustificationRequired": true,\
"escalationTimeInMinutes": 0,\
"isEscalationEnabled": false,\
"primaryApprovers": [\
{\
"@odata.type": "#microsoft.graph.singleUser",\
"isBackup": false,\
"id": "c277c8cb-6bb7-42e5-a17f-0add9a718151",\
"description": null\
}\
],\
"escalationApprovers": []\
}\
]\
}\
},\
{\
"@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyAuthenticationContextRule",\
"id": "AuthenticationContext_EndUser_Assignment",\
"isEnabled": false,\
"claimValue": "",\
"target": {\
"caller": "EndUser",\
"operations": [\
"All"\
],\
"level": "Assignment",\
"inheritableSettings": [],\
"enforcedSettings": []\
}\
},\
{\
"@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule",\
"id": "Enablement_Admin_Eligibility",\
"enabledRules": [],\
"target": {\
"caller": "Admin",\
"operations": [\
"All"\
],\
"level": "Eligibility",\
"inheritableSettings": [],\
"enforcedSettings": []\
}\
},\
{\
"@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule",\
"id": "Expiration_Admin_Eligibility",\
"isExpirationRequired": true,\
"maximumDuration": "P365D",\
"target": {\
"caller": "Admin",\
"operations": [\
"All"\
],\
"level": "Eligibility",\
"inheritableSettings": [],\
"enforcedSettings": []\
}\
},\
{\
"@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule",\
"id": "Notification_Admin_Admin_Eligibility",\
"notificationType": "Email",\
"recipientType": "Admin",\
"notificationLevel": "All",\
"isDefaultRecipientsEnabled": true,\
"notificationRecipients": [],\
"target": {\
"caller": "Admin",\
"operations": [\
"All"\
],\
"level": "Eligibility",\
"inheritableSettings": [],\
"enforcedSettings": []\
}\
}\
]\
}\
'
Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider, см. в документации по SDK.
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
//other-imports
)
graphClient := msgraphsdk.NewGraphServiceClientWithCredentials(cred, scopes)
requestBody := graphmodels.NewUnifiedRoleManagementPolicy()
unifiedRoleManagementPolicyRule := graphmodels.NewUnifiedRoleManagementPolicyApprovalRule()
id := "Approval_EndUser_Assignment"
unifiedRoleManagementPolicyRule.SetId(&id)
target := graphmodels.NewUnifiedRoleManagementPolicyRuleTarget()
caller := "EndUser"
target.SetCaller(&caller)
operations := []graphmodels.UnifiedRoleManagementPolicyRuleTargetOperationsable {
unifiedRoleManagementPolicyRuleTargetOperations := graphmodels.ALL_UNIFIEDROLEMANAGEMENTPOLICYRULETARGETOPERATIONS
target.SetUnifiedRoleManagementPolicyRuleTargetOperations(&unifiedRoleManagementPolicyRuleTargetOperations)
}
target.SetOperations(operations)
level := "Assignment"
target.SetLevel(&level)
inheritableSettings := []string {
}
target.SetInheritableSettings(inheritableSettings)
enforcedSettings := []string {
}
target.SetEnforcedSettings(enforcedSettings)
unifiedRoleManagementPolicyRule.SetTarget(target)
setting := graphmodels.NewApprovalSettings()
isApprovalRequired := true
setting.SetIsApprovalRequired(&isApprovalRequired)
isApprovalRequiredForExtension := false
setting.SetIsApprovalRequiredForExtension(&isApprovalRequiredForExtension)
isRequestorJustificationRequired := true
setting.SetIsRequestorJustificationRequired(&isRequestorJustificationRequired)
approvalMode := "SingleStage"
setting.SetApprovalMode(&approvalMode)
unifiedApprovalStage := graphmodels.NewUnifiedApprovalStage()
approvalStageTimeOutInDays := int32(1)
unifiedApprovalStage.SetApprovalStageTimeOutInDays(&approvalStageTimeOutInDays)
isApproverJustificationRequired := true
unifiedApprovalStage.SetIsApproverJustificationRequired(&isApproverJustificationRequired)
escalationTimeInMinutes := int32(0)
unifiedApprovalStage.SetEscalationTimeInMinutes(&escalationTimeInMinutes)
isEscalationEnabled := false
unifiedApprovalStage.SetIsEscalationEnabled(&isEscalationEnabled)
subjectSet := graphmodels.NewSingleUser()
description := null
subjectSet.SetDescription(&description)
additionalData := map[string]interface{}{
isBackup := false
subjectSet.SetIsBackup(&isBackup)
"id" : "c277c8cb-6bb7-42e5-a17f-0add9a718151",
}
subjectSet.SetAdditionalData(additionalData)
primaryApprovers := []graphmodels.SubjectSetable {
subjectSet,
}
unifiedApprovalStage.SetPrimaryApprovers(primaryApprovers)
escalationApprovers := []graphmodels.SubjectSetable {
}
unifiedApprovalStage.SetEscalationApprovers(escalationApprovers)
approvalStages := []graphmodels.UnifiedApprovalStageable {
unifiedApprovalStage,
}
setting.SetApprovalStages(approvalStages)
unifiedRoleManagementPolicyRule.SetSetting(setting)
unifiedRoleManagementPolicyRule1 := graphmodels.NewUnifiedRoleManagementPolicyAuthenticationContextRule()
id := "AuthenticationContext_EndUser_Assignment"
unifiedRoleManagementPolicyRule1.SetId(&id)
isEnabled := false
unifiedRoleManagementPolicyRule1.SetIsEnabled(&isEnabled)
claimValue := ""
unifiedRoleManagementPolicyRule1.SetClaimValue(&claimValue)
target := graphmodels.NewUnifiedRoleManagementPolicyRuleTarget()
caller := "EndUser"
target.SetCaller(&caller)
operations := []graphmodels.UnifiedRoleManagementPolicyRuleTargetOperationsable {
unifiedRoleManagementPolicyRuleTargetOperations := graphmodels.ALL_UNIFIEDROLEMANAGEMENTPOLICYRULETARGETOPERATIONS
target.SetUnifiedRoleManagementPolicyRuleTargetOperations(&unifiedRoleManagementPolicyRuleTargetOperations)
}
target.SetOperations(operations)
level := "Assignment"
target.SetLevel(&level)
inheritableSettings := []string {
}
target.SetInheritableSettings(inheritableSettings)
enforcedSettings := []string {
}
target.SetEnforcedSettings(enforcedSettings)
unifiedRoleManagementPolicyRule1.SetTarget(target)
unifiedRoleManagementPolicyRule2 := graphmodels.NewUnifiedRoleManagementPolicyEnablementRule()
id := "Enablement_Admin_Eligibility"
unifiedRoleManagementPolicyRule2.SetId(&id)
enabledRules := []string {
}
unifiedRoleManagementPolicyRule2.SetEnabledRules(enabledRules)
target := graphmodels.NewUnifiedRoleManagementPolicyRuleTarget()
caller := "Admin"
target.SetCaller(&caller)
operations := []graphmodels.UnifiedRoleManagementPolicyRuleTargetOperationsable {
unifiedRoleManagementPolicyRuleTargetOperations := graphmodels.ALL_UNIFIEDROLEMANAGEMENTPOLICYRULETARGETOPERATIONS
target.SetUnifiedRoleManagementPolicyRuleTargetOperations(&unifiedRoleManagementPolicyRuleTargetOperations)
}
target.SetOperations(operations)
level := "Eligibility"
target.SetLevel(&level)
inheritableSettings := []string {
}
target.SetInheritableSettings(inheritableSettings)
enforcedSettings := []string {
}
target.SetEnforcedSettings(enforcedSettings)
unifiedRoleManagementPolicyRule2.SetTarget(target)
unifiedRoleManagementPolicyRule3 := graphmodels.NewUnifiedRoleManagementPolicyExpirationRule()
id := "Expiration_Admin_Eligibility"
unifiedRoleManagementPolicyRule3.SetId(&id)
isExpirationRequired := true
unifiedRoleManagementPolicyRule3.SetIsExpirationRequired(&isExpirationRequired)
maximumDuration , err := abstractions.ParseISODuration("P365D")
unifiedRoleManagementPolicyRule3.SetMaximumDuration(&maximumDuration)
target := graphmodels.NewUnifiedRoleManagementPolicyRuleTarget()
caller := "Admin"
target.SetCaller(&caller)
operations := []graphmodels.UnifiedRoleManagementPolicyRuleTargetOperationsable {
unifiedRoleManagementPolicyRuleTargetOperations := graphmodels.ALL_UNIFIEDROLEMANAGEMENTPOLICYRULETARGETOPERATIONS
target.SetUnifiedRoleManagementPolicyRuleTargetOperations(&unifiedRoleManagementPolicyRuleTargetOperations)
}
target.SetOperations(operations)
level := "Eligibility"
target.SetLevel(&level)
inheritableSettings := []string {
}
target.SetInheritableSettings(inheritableSettings)
enforcedSettings := []string {
}
target.SetEnforcedSettings(enforcedSettings)
unifiedRoleManagementPolicyRule3.SetTarget(target)
unifiedRoleManagementPolicyRule4 := graphmodels.NewUnifiedRoleManagementPolicyNotificationRule()
id := "Notification_Admin_Admin_Eligibility"
unifiedRoleManagementPolicyRule4.SetId(&id)
notificationType := "Email"
unifiedRoleManagementPolicyRule4.SetNotificationType(¬ificationType)
recipientType := "Admin"
unifiedRoleManagementPolicyRule4.SetRecipientType(&recipientType)
notificationLevel := "All"
unifiedRoleManagementPolicyRule4.SetNotificationLevel(¬ificationLevel)
isDefaultRecipientsEnabled := true
unifiedRoleManagementPolicyRule4.SetIsDefaultRecipientsEnabled(&isDefaultRecipientsEnabled)
notificationRecipients := []string {
}
unifiedRoleManagementPolicyRule4.SetNotificationRecipients(notificationRecipients)
target := graphmodels.NewUnifiedRoleManagementPolicyRuleTarget()
caller := "Admin"
target.SetCaller(&caller)
operations := []graphmodels.UnifiedRoleManagementPolicyRuleTargetOperationsable {
unifiedRoleManagementPolicyRuleTargetOperations := graphmodels.ALL_UNIFIEDROLEMANAGEMENTPOLICYRULETARGETOPERATIONS
target.SetUnifiedRoleManagementPolicyRuleTargetOperations(&unifiedRoleManagementPolicyRuleTargetOperations)
}
target.SetOperations(operations)
level := "Eligibility"
target.SetLevel(&level)
inheritableSettings := []string {
}
target.SetInheritableSettings(inheritableSettings)
enforcedSettings := []string {
}
target.SetEnforcedSettings(enforcedSettings)
unifiedRoleManagementPolicyRule4.SetTarget(target)
rules := []graphmodels.UnifiedRoleManagementPolicyRuleable {
unifiedRoleManagementPolicyRule,
unifiedRoleManagementPolicyRule1,
unifiedRoleManagementPolicyRule2,
unifiedRoleManagementPolicyRule3,
unifiedRoleManagementPolicyRule4,
}
requestBody.SetRules(rules)
roleManagementPolicies, err := graphClient.Policies().RoleManagementPolicies().ByUnifiedRoleManagementPolicyId("unifiedRoleManagementPolicy-id").Patch(context.Background(), requestBody, nil)
Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider, см. в документации по SDK.
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
UnifiedRoleManagementPolicy unifiedRoleManagementPolicy = new UnifiedRoleManagementPolicy();
LinkedList<UnifiedRoleManagementPolicyRule> rules = new LinkedList<UnifiedRoleManagementPolicyRule>();
UnifiedRoleManagementPolicyApprovalRule unifiedRoleManagementPolicyRule = new UnifiedRoleManagementPolicyApprovalRule();
unifiedRoleManagementPolicyRule.setOdataType("#microsoft.graph.unifiedRoleManagementPolicyApprovalRule");
unifiedRoleManagementPolicyRule.setId("Approval_EndUser_Assignment");
UnifiedRoleManagementPolicyRuleTarget target = new UnifiedRoleManagementPolicyRuleTarget();
target.setCaller("EndUser");
LinkedList<UnifiedRoleManagementPolicyRuleTargetOperations> operations = new LinkedList<UnifiedRoleManagementPolicyRuleTargetOperations>();
operations.add(UnifiedRoleManagementPolicyRuleTargetOperations.All);
target.setOperations(operations);
target.setLevel("Assignment");
LinkedList<String> inheritableSettings = new LinkedList<String>();
target.setInheritableSettings(inheritableSettings);
LinkedList<String> enforcedSettings = new LinkedList<String>();
target.setEnforcedSettings(enforcedSettings);
unifiedRoleManagementPolicyRule.setTarget(target);
ApprovalSettings setting = new ApprovalSettings();
setting.setIsApprovalRequired(true);
setting.setIsApprovalRequiredForExtension(false);
setting.setIsRequestorJustificationRequired(true);
setting.setApprovalMode("SingleStage");
LinkedList<UnifiedApprovalStage> approvalStages = new LinkedList<UnifiedApprovalStage>();
UnifiedApprovalStage unifiedApprovalStage = new UnifiedApprovalStage();
unifiedApprovalStage.setApprovalStageTimeOutInDays(1);
unifiedApprovalStage.setIsApproverJustificationRequired(true);
unifiedApprovalStage.setEscalationTimeInMinutes(0);
unifiedApprovalStage.setIsEscalationEnabled(false);
LinkedList<SubjectSet> primaryApprovers = new LinkedList<SubjectSet>();
SingleUser subjectSet = new SingleUser();
subjectSet.setOdataType("#microsoft.graph.singleUser");
subjectSet.setDescription(null);
HashMap<String, Object> additionalData = new HashMap<String, Object>();
additionalData.put("isBackup", false);
additionalData.put("id", "c277c8cb-6bb7-42e5-a17f-0add9a718151");
subjectSet.setAdditionalData(additionalData);
primaryApprovers.add(subjectSet);
unifiedApprovalStage.setPrimaryApprovers(primaryApprovers);
LinkedList<SubjectSet> escalationApprovers = new LinkedList<SubjectSet>();
unifiedApprovalStage.setEscalationApprovers(escalationApprovers);
approvalStages.add(unifiedApprovalStage);
setting.setApprovalStages(approvalStages);
unifiedRoleManagementPolicyRule.setSetting(setting);
rules.add(unifiedRoleManagementPolicyRule);
UnifiedRoleManagementPolicyAuthenticationContextRule unifiedRoleManagementPolicyRule1 = new UnifiedRoleManagementPolicyAuthenticationContextRule();
unifiedRoleManagementPolicyRule1.setOdataType("#microsoft.graph.unifiedRoleManagementPolicyAuthenticationContextRule");
unifiedRoleManagementPolicyRule1.setId("AuthenticationContext_EndUser_Assignment");
unifiedRoleManagementPolicyRule1.setIsEnabled(false);
unifiedRoleManagementPolicyRule1.setClaimValue("");
UnifiedRoleManagementPolicyRuleTarget target1 = new UnifiedRoleManagementPolicyRuleTarget();
target1.setCaller("EndUser");
LinkedList<UnifiedRoleManagementPolicyRuleTargetOperations> operations1 = new LinkedList<UnifiedRoleManagementPolicyRuleTargetOperations>();
operations1.add(UnifiedRoleManagementPolicyRuleTargetOperations.All);
target1.setOperations(operations1);
target1.setLevel("Assignment");
LinkedList<String> inheritableSettings1 = new LinkedList<String>();
target1.setInheritableSettings(inheritableSettings1);
LinkedList<String> enforcedSettings1 = new LinkedList<String>();
target1.setEnforcedSettings(enforcedSettings1);
unifiedRoleManagementPolicyRule1.setTarget(target1);
rules.add(unifiedRoleManagementPolicyRule1);
UnifiedRoleManagementPolicyEnablementRule unifiedRoleManagementPolicyRule2 = new UnifiedRoleManagementPolicyEnablementRule();
unifiedRoleManagementPolicyRule2.setOdataType("#microsoft.graph.unifiedRoleManagementPolicyEnablementRule");
unifiedRoleManagementPolicyRule2.setId("Enablement_Admin_Eligibility");
LinkedList<String> enabledRules = new LinkedList<String>();
unifiedRoleManagementPolicyRule2.setEnabledRules(enabledRules);
UnifiedRoleManagementPolicyRuleTarget target2 = new UnifiedRoleManagementPolicyRuleTarget();
target2.setCaller("Admin");
LinkedList<UnifiedRoleManagementPolicyRuleTargetOperations> operations2 = new LinkedList<UnifiedRoleManagementPolicyRuleTargetOperations>();
operations2.add(UnifiedRoleManagementPolicyRuleTargetOperations.All);
target2.setOperations(operations2);
target2.setLevel("Eligibility");
LinkedList<String> inheritableSettings2 = new LinkedList<String>();
target2.setInheritableSettings(inheritableSettings2);
LinkedList<String> enforcedSettings2 = new LinkedList<String>();
target2.setEnforcedSettings(enforcedSettings2);
unifiedRoleManagementPolicyRule2.setTarget(target2);
rules.add(unifiedRoleManagementPolicyRule2);
UnifiedRoleManagementPolicyExpirationRule unifiedRoleManagementPolicyRule3 = new UnifiedRoleManagementPolicyExpirationRule();
unifiedRoleManagementPolicyRule3.setOdataType("#microsoft.graph.unifiedRoleManagementPolicyExpirationRule");
unifiedRoleManagementPolicyRule3.setId("Expiration_Admin_Eligibility");
unifiedRoleManagementPolicyRule3.setIsExpirationRequired(true);
PeriodAndDuration maximumDuration = PeriodAndDuration.ofDuration(Duration.parse("P365D"));
unifiedRoleManagementPolicyRule3.setMaximumDuration(maximumDuration);
UnifiedRoleManagementPolicyRuleTarget target3 = new UnifiedRoleManagementPolicyRuleTarget();
target3.setCaller("Admin");
LinkedList<UnifiedRoleManagementPolicyRuleTargetOperations> operations3 = new LinkedList<UnifiedRoleManagementPolicyRuleTargetOperations>();
operations3.add(UnifiedRoleManagementPolicyRuleTargetOperations.All);
target3.setOperations(operations3);
target3.setLevel("Eligibility");
LinkedList<String> inheritableSettings3 = new LinkedList<String>();
target3.setInheritableSettings(inheritableSettings3);
LinkedList<String> enforcedSettings3 = new LinkedList<String>();
target3.setEnforcedSettings(enforcedSettings3);
unifiedRoleManagementPolicyRule3.setTarget(target3);
rules.add(unifiedRoleManagementPolicyRule3);
UnifiedRoleManagementPolicyNotificationRule unifiedRoleManagementPolicyRule4 = new UnifiedRoleManagementPolicyNotificationRule();
unifiedRoleManagementPolicyRule4.setOdataType("#microsoft.graph.unifiedRoleManagementPolicyNotificationRule");
unifiedRoleManagementPolicyRule4.setId("Notification_Admin_Admin_Eligibility");
unifiedRoleManagementPolicyRule4.setNotificationType("Email");
unifiedRoleManagementPolicyRule4.setRecipientType("Admin");
unifiedRoleManagementPolicyRule4.setNotificationLevel("All");
unifiedRoleManagementPolicyRule4.setIsDefaultRecipientsEnabled(true);
LinkedList<String> notificationRecipients = new LinkedList<String>();
unifiedRoleManagementPolicyRule4.setNotificationRecipients(notificationRecipients);
UnifiedRoleManagementPolicyRuleTarget target4 = new UnifiedRoleManagementPolicyRuleTarget();
target4.setCaller("Admin");
LinkedList<UnifiedRoleManagementPolicyRuleTargetOperations> operations4 = new LinkedList<UnifiedRoleManagementPolicyRuleTargetOperations>();
operations4.add(UnifiedRoleManagementPolicyRuleTargetOperations.All);
target4.setOperations(operations4);
target4.setLevel("Eligibility");
LinkedList<String> inheritableSettings4 = new LinkedList<String>();
target4.setInheritableSettings(inheritableSettings4);
LinkedList<String> enforcedSettings4 = new LinkedList<String>();
target4.setEnforcedSettings(enforcedSettings4);
unifiedRoleManagementPolicyRule4.setTarget(target4);
rules.add(unifiedRoleManagementPolicyRule4);
unifiedRoleManagementPolicy.setRules(rules);
UnifiedRoleManagementPolicy result = graphClient.policies().roleManagementPolicies().byUnifiedRoleManagementPolicyId("{unifiedRoleManagementPolicy-id}").patch(unifiedRoleManagementPolicy);
Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider, см. в документации по SDK.
const options = {
authProvider,
};
const client = Client.init(options);
const unifiedRoleManagementPolicy = {
rules: [
{
'@odata.type': '#microsoft.graph.unifiedRoleManagementPolicyApprovalRule',
id: 'Approval_EndUser_Assignment',
target: {
caller: 'EndUser',
operations: [
'All'
],
level: 'Assignment',
inheritableSettings: [],
enforcedSettings: []
},
setting: {
isApprovalRequired: true,
isApprovalRequiredForExtension: false,
isRequestorJustificationRequired: true,
approvalMode: 'SingleStage',
approvalStages: [
{
approvalStageTimeOutInDays: 1,
isApproverJustificationRequired: true,
escalationTimeInMinutes: 0,
isEscalationEnabled: false,
primaryApprovers: [
{
'@odata.type': '#microsoft.graph.singleUser',
isBackup: false,
id: 'c277c8cb-6bb7-42e5-a17f-0add9a718151',
description: null
}
],
escalationApprovers: []
}
]
}
},
{
'@odata.type': '#microsoft.graph.unifiedRoleManagementPolicyAuthenticationContextRule',
id: 'AuthenticationContext_EndUser_Assignment',
isEnabled: false,
claimValue: '',
target: {
caller: 'EndUser',
operations: [
'All'
],
level: 'Assignment',
inheritableSettings: [],
enforcedSettings: []
}
},
{
'@odata.type': '#microsoft.graph.unifiedRoleManagementPolicyEnablementRule',
id: 'Enablement_Admin_Eligibility',
enabledRules: [],
target: {
caller: 'Admin',
operations: [
'All'
],
level: 'Eligibility',
inheritableSettings: [],
enforcedSettings: []
}
},
{
'@odata.type': '#microsoft.graph.unifiedRoleManagementPolicyExpirationRule',
id: 'Expiration_Admin_Eligibility',
isExpirationRequired: true,
maximumDuration: 'P365D',
target: {
caller: 'Admin',
operations: [
'All'
],
level: 'Eligibility',
inheritableSettings: [],
enforcedSettings: []
}
},
{
'@odata.type': '#microsoft.graph.unifiedRoleManagementPolicyNotificationRule',
id: 'Notification_Admin_Admin_Eligibility',
notificationType: 'Email',
recipientType: 'Admin',
notificationLevel: 'All',
isDefaultRecipientsEnabled: true,
notificationRecipients: [],
target: {
caller: 'Admin',
operations: [
'All'
],
level: 'Eligibility',
inheritableSettings: [],
enforcedSettings: []
}
}
]
};
await client.api('/policies/roleManagementPolicies/Group_60bba733-f09d-49b7-8445-32369aa066b3_f21b26d9-9ff9-4af1-b1d4-bddf28591369')
.update(unifiedRoleManagementPolicy);
Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider, см. в документации по SDK.
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\UnifiedRoleManagementPolicy;
use Microsoft\Graph\Generated\Models\UnifiedRoleManagementPolicyRule;
use Microsoft\Graph\Generated\Models\UnifiedRoleManagementPolicyApprovalRule;
use Microsoft\Graph\Generated\Models\UnifiedRoleManagementPolicyRuleTarget;
use Microsoft\Graph\Generated\Models\UnifiedRoleManagementPolicyRuleTargetOperations;
use Microsoft\Graph\Generated\Models\ApprovalSettings;
use Microsoft\Graph\Generated\Models\UnifiedApprovalStage;
use Microsoft\Graph\Generated\Models\SubjectSet;
use Microsoft\Graph\Generated\Models\SingleUser;
use Microsoft\Graph\Generated\Models\UnifiedRoleManagementPolicyAuthenticationContextRule;
use Microsoft\Graph\Generated\Models\UnifiedRoleManagementPolicyEnablementRule;
use Microsoft\Graph\Generated\Models\UnifiedRoleManagementPolicyExpirationRule;
use Microsoft\Graph\Generated\Models\UnifiedRoleManagementPolicyNotificationRule;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new UnifiedRoleManagementPolicy();
$rulesUnifiedRoleManagementPolicyRule1 = new UnifiedRoleManagementPolicyApprovalRule();
$rulesUnifiedRoleManagementPolicyRule1->setOdataType('#microsoft.graph.unifiedRoleManagementPolicyApprovalRule');
$rulesUnifiedRoleManagementPolicyRule1->setId('Approval_EndUser_Assignment');
$rulesUnifiedRoleManagementPolicyRule1Target = new UnifiedRoleManagementPolicyRuleTarget();
$rulesUnifiedRoleManagementPolicyRule1Target->setCaller('EndUser');
$rulesUnifiedRoleManagementPolicyRule1Target->setOperations([new UnifiedRoleManagementPolicyRuleTargetOperations('all'), ]);
$rulesUnifiedRoleManagementPolicyRule1Target->setLevel('Assignment');
$rulesUnifiedRoleManagementPolicyRule1Target->setInheritableSettings([ ]);
$rulesUnifiedRoleManagementPolicyRule1Target->setEnforcedSettings([ ]);
$rulesUnifiedRoleManagementPolicyRule1->setTarget($rulesUnifiedRoleManagementPolicyRule1Target);
$rulesUnifiedRoleManagementPolicyRule1Setting = new ApprovalSettings();
$rulesUnifiedRoleManagementPolicyRule1Setting->setIsApprovalRequired(true);
$rulesUnifiedRoleManagementPolicyRule1Setting->setIsApprovalRequiredForExtension(false);
$rulesUnifiedRoleManagementPolicyRule1Setting->setIsRequestorJustificationRequired(true);
$rulesUnifiedRoleManagementPolicyRule1Setting->setApprovalMode('SingleStage');
$approvalStagesUnifiedApprovalStage1 = new UnifiedApprovalStage();
$approvalStagesUnifiedApprovalStage1->setApprovalStageTimeOutInDays(1);
$approvalStagesUnifiedApprovalStage1->setIsApproverJustificationRequired(true);
$approvalStagesUnifiedApprovalStage1->setEscalationTimeInMinutes(0);
$approvalStagesUnifiedApprovalStage1->setIsEscalationEnabled(false);
$primaryApproversSubjectSet1 = new SingleUser();
$primaryApproversSubjectSet1->setOdataType('#microsoft.graph.singleUser');
$primaryApproversSubjectSet1->setDescription(null);
$additionalData = [
'isBackup' => false,
'id' => 'c277c8cb-6bb7-42e5-a17f-0add9a718151',
];
$primaryApproversSubjectSet1->setAdditionalData($additionalData);
$primaryApproversArray []= $primaryApproversSubjectSet1;
$approvalStagesUnifiedApprovalStage1->setPrimaryApprovers($primaryApproversArray);
$approvalStagesUnifiedApprovalStage1->setEscalationApprovers([]);
$approvalStagesArray []= $approvalStagesUnifiedApprovalStage1;
$rulesUnifiedRoleManagementPolicyRule1Setting->setApprovalStages($approvalStagesArray);
$rulesUnifiedRoleManagementPolicyRule1->setSetting($rulesUnifiedRoleManagementPolicyRule1Setting);
$rulesArray []= $rulesUnifiedRoleManagementPolicyRule1;
$rulesUnifiedRoleManagementPolicyRule2 = new UnifiedRoleManagementPolicyAuthenticationContextRule();
$rulesUnifiedRoleManagementPolicyRule2->setOdataType('#microsoft.graph.unifiedRoleManagementPolicyAuthenticationContextRule');
$rulesUnifiedRoleManagementPolicyRule2->setId('AuthenticationContext_EndUser_Assignment');
$rulesUnifiedRoleManagementPolicyRule2->setIsEnabled(false);
$rulesUnifiedRoleManagementPolicyRule2->setClaimValue('');
$rulesUnifiedRoleManagementPolicyRule2Target = new UnifiedRoleManagementPolicyRuleTarget();
$rulesUnifiedRoleManagementPolicyRule2Target->setCaller('EndUser');
$rulesUnifiedRoleManagementPolicyRule2Target->setOperations([new UnifiedRoleManagementPolicyRuleTargetOperations('all'),]);
$rulesUnifiedRoleManagementPolicyRule2Target->setLevel('Assignment');
$rulesUnifiedRoleManagementPolicyRule2Target->setInheritableSettings([]);
$rulesUnifiedRoleManagementPolicyRule2Target->setEnforcedSettings([]);
$rulesUnifiedRoleManagementPolicyRule2->setTarget($rulesUnifiedRoleManagementPolicyRule2Target);
$rulesArray []= $rulesUnifiedRoleManagementPolicyRule2;
$rulesUnifiedRoleManagementPolicyRule3 = new UnifiedRoleManagementPolicyEnablementRule();
$rulesUnifiedRoleManagementPolicyRule3->setOdataType('#microsoft.graph.unifiedRoleManagementPolicyEnablementRule');
$rulesUnifiedRoleManagementPolicyRule3->setId('Enablement_Admin_Eligibility');
$rulesUnifiedRoleManagementPolicyRule3->setEnabledRules([]);
$rulesUnifiedRoleManagementPolicyRule3Target = new UnifiedRoleManagementPolicyRuleTarget();
$rulesUnifiedRoleManagementPolicyRule3Target->setCaller('Admin');
$rulesUnifiedRoleManagementPolicyRule3Target->setOperations([new UnifiedRoleManagementPolicyRuleTargetOperations('all'),]);
$rulesUnifiedRoleManagementPolicyRule3Target->setLevel('Eligibility');
$rulesUnifiedRoleManagementPolicyRule3Target->setInheritableSettings([]);
$rulesUnifiedRoleManagementPolicyRule3Target->setEnforcedSettings([]);
$rulesUnifiedRoleManagementPolicyRule3->setTarget($rulesUnifiedRoleManagementPolicyRule3Target);
$rulesArray []= $rulesUnifiedRoleManagementPolicyRule3;
$rulesUnifiedRoleManagementPolicyRule4 = new UnifiedRoleManagementPolicyExpirationRule();
$rulesUnifiedRoleManagementPolicyRule4->setOdataType('#microsoft.graph.unifiedRoleManagementPolicyExpirationRule');
$rulesUnifiedRoleManagementPolicyRule4->setId('Expiration_Admin_Eligibility');
$rulesUnifiedRoleManagementPolicyRule4->setIsExpirationRequired(true);
$rulesUnifiedRoleManagementPolicyRule4->setMaximumDuration(new \DateInterval('P365D'));
$rulesUnifiedRoleManagementPolicyRule4Target = new UnifiedRoleManagementPolicyRuleTarget();
$rulesUnifiedRoleManagementPolicyRule4Target->setCaller('Admin');
$rulesUnifiedRoleManagementPolicyRule4Target->setOperations([new UnifiedRoleManagementPolicyRuleTargetOperations('all'),]);
$rulesUnifiedRoleManagementPolicyRule4Target->setLevel('Eligibility');
$rulesUnifiedRoleManagementPolicyRule4Target->setInheritableSettings([]);
$rulesUnifiedRoleManagementPolicyRule4Target->setEnforcedSettings([]);
$rulesUnifiedRoleManagementPolicyRule4->setTarget($rulesUnifiedRoleManagementPolicyRule4Target);
$rulesArray []= $rulesUnifiedRoleManagementPolicyRule4;
$rulesUnifiedRoleManagementPolicyRule5 = new UnifiedRoleManagementPolicyNotificationRule();
$rulesUnifiedRoleManagementPolicyRule5->setOdataType('#microsoft.graph.unifiedRoleManagementPolicyNotificationRule');
$rulesUnifiedRoleManagementPolicyRule5->setId('Notification_Admin_Admin_Eligibility');
$rulesUnifiedRoleManagementPolicyRule5->setNotificationType('Email');
$rulesUnifiedRoleManagementPolicyRule5->setRecipientType('Admin');
$rulesUnifiedRoleManagementPolicyRule5->setNotificationLevel('All');
$rulesUnifiedRoleManagementPolicyRule5->setIsDefaultRecipientsEnabled(true);
$rulesUnifiedRoleManagementPolicyRule5->setNotificationRecipients([]);
$rulesUnifiedRoleManagementPolicyRule5Target = new UnifiedRoleManagementPolicyRuleTarget();
$rulesUnifiedRoleManagementPolicyRule5Target->setCaller('Admin');
$rulesUnifiedRoleManagementPolicyRule5Target->setOperations([new UnifiedRoleManagementPolicyRuleTargetOperations('all'),]);
$rulesUnifiedRoleManagementPolicyRule5Target->setLevel('Eligibility');
$rulesUnifiedRoleManagementPolicyRule5Target->setInheritableSettings([]);
$rulesUnifiedRoleManagementPolicyRule5Target->setEnforcedSettings([]);
$rulesUnifiedRoleManagementPolicyRule5->setTarget($rulesUnifiedRoleManagementPolicyRule5Target);
$rulesArray []= $rulesUnifiedRoleManagementPolicyRule5;
$requestBody->setRules($rulesArray);
$result = $graphServiceClient->policies()->roleManagementPolicies()->byUnifiedRoleManagementPolicyId('unifiedRoleManagementPolicy-id')->patch($requestBody)->wait();
Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider, см. в документации по SDK.
Import-Module Microsoft.Graph.Identity.SignIns
$params = @{
rules = @(
@{
"@odata.type" = "#microsoft.graph.unifiedRoleManagementPolicyApprovalRule"
id = "Approval_EndUser_Assignment"
target = @{
caller = "EndUser"
operations = @(
"All"
)
level = "Assignment"
inheritableSettings = @(
)
enforcedSettings = @(
)
}
setting = @{
isApprovalRequired = $true
isApprovalRequiredForExtension = $false
isRequestorJustificationRequired = $true
approvalMode = "SingleStage"
approvalStages = @(
@{
approvalStageTimeOutInDays =
isApproverJustificationRequired = $true
escalationTimeInMinutes =
isEscalationEnabled = $false
primaryApprovers = @(
@{
"@odata.type" = "#microsoft.graph.singleUser"
isBackup = $false
id = "c277c8cb-6bb7-42e5-a17f-0add9a718151"
description = $null
}
)
escalationApprovers = @(
)
}
)
}
}
@{
"@odata.type" = "#microsoft.graph.unifiedRoleManagementPolicyAuthenticationContextRule"
id = "AuthenticationContext_EndUser_Assignment"
isEnabled = $false
claimValue = ""
target = @{
caller = "EndUser"
operations = @(
"All"
)
level = "Assignment"
inheritableSettings = @(
)
enforcedSettings = @(
)
}
}
@{
"@odata.type" = "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule"
id = "Enablement_Admin_Eligibility"
enabledRules = @(
)
target = @{
caller = "Admin"
operations = @(
"All"
)
level = "Eligibility"
inheritableSettings = @(
)
enforcedSettings = @(
)
}
}
@{
"@odata.type" = "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule"
id = "Expiration_Admin_Eligibility"
isExpirationRequired = $true
maximumDuration = "P365D"
target = @{
caller = "Admin"
operations = @(
"All"
)
level = "Eligibility"
inheritableSettings = @(
)
enforcedSettings = @(
)
}
}
@{
"@odata.type" = "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule"
id = "Notification_Admin_Admin_Eligibility"
notificationType = "Email"
recipientType = "Admin"
notificationLevel = "All"
isDefaultRecipientsEnabled = $true
notificationRecipients = @(
)
target = @{
caller = "Admin"
operations = @(
"All"
)
level = "Eligibility"
inheritableSettings = @(
)
enforcedSettings = @(
)
}
}
)
}
Update-MgPolicyRoleManagementPolicy -UnifiedRoleManagementPolicyId $unifiedRoleManagementPolicyId -BodyParameter $params
Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider, см. в документации по SDK.
from msgraph import GraphServiceClient
from msgraph.generated.models.unified_role_management_policy import UnifiedRoleManagementPolicy
from msgraph.generated.models.unified_role_management_policy_rule import UnifiedRoleManagementPolicyRule
from msgraph.generated.models.unified_role_management_policy_approval_rule import UnifiedRoleManagementPolicyApprovalRule
from msgraph.generated.models.unified_role_management_policy_rule_target import UnifiedRoleManagementPolicyRuleTarget
from msgraph.generated.models.unified_role_management_policy_rule_target_operations import UnifiedRoleManagementPolicyRuleTargetOperations
from msgraph.generated.models.approval_settings import ApprovalSettings
from msgraph.generated.models.unified_approval_stage import UnifiedApprovalStage
from msgraph.generated.models.subject_set import SubjectSet
from msgraph.generated.models.single_user import SingleUser
from msgraph.generated.models.unified_role_management_policy_authentication_context_rule import UnifiedRoleManagementPolicyAuthenticationContextRule
from msgraph.generated.models.unified_role_management_policy_enablement_rule import UnifiedRoleManagementPolicyEnablementRule
from msgraph.generated.models.unified_role_management_policy_expiration_rule import UnifiedRoleManagementPolicyExpirationRule
from msgraph.generated.models.unified_role_management_policy_notification_rule import UnifiedRoleManagementPolicyNotificationRule
graph_client = GraphServiceClient(credentials, scopes)
request_body = UnifiedRoleManagementPolicy(
rules = [
UnifiedRoleManagementPolicyApprovalRule(
odata_type = "#microsoft.graph.unifiedRoleManagementPolicyApprovalRule",
id = "Approval_EndUser_Assignment",
target = UnifiedRoleManagementPolicyRuleTarget(
caller = "EndUser",
operations = [
UnifiedRoleManagementPolicyRuleTargetOperations.All,
],
level = "Assignment",
inheritable_settings = [
],
enforced_settings = [
],
),
setting = ApprovalSettings(
is_approval_required = True,
is_approval_required_for_extension = False,
is_requestor_justification_required = True,
approval_mode = "SingleStage",
approval_stages = [
UnifiedApprovalStage(
approval_stage_time_out_in_days = 1,
is_approver_justification_required = True,
escalation_time_in_minutes = 0,
is_escalation_enabled = False,
primary_approvers = [
SingleUser(
odata_type = "#microsoft.graph.singleUser",
description = None,
additional_data = {
"is_backup" : False,
"id" : "c277c8cb-6bb7-42e5-a17f-0add9a718151",
}
),
],
escalation_approvers = [
],
),
],
),
),
UnifiedRoleManagementPolicyAuthenticationContextRule(
odata_type = "#microsoft.graph.unifiedRoleManagementPolicyAuthenticationContextRule",
id = "AuthenticationContext_EndUser_Assignment",
is_enabled = False,
claim_value = "",
target = UnifiedRoleManagementPolicyRuleTarget(
caller = "EndUser",
operations = [
UnifiedRoleManagementPolicyRuleTargetOperations.All,
],
level = "Assignment",
inheritable_settings = [
],
enforced_settings = [
],
),
),
UnifiedRoleManagementPolicyEnablementRule(
odata_type = "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule",
id = "Enablement_Admin_Eligibility",
enabled_rules = [
],
target = UnifiedRoleManagementPolicyRuleTarget(
caller = "Admin",
operations = [
UnifiedRoleManagementPolicyRuleTargetOperations.All,
],
level = "Eligibility",
inheritable_settings = [
],
enforced_settings = [
],
),
),
UnifiedRoleManagementPolicyExpirationRule(
odata_type = "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule",
id = "Expiration_Admin_Eligibility",
is_expiration_required = True,
maximum_duration = "P365D",
target = UnifiedRoleManagementPolicyRuleTarget(
caller = "Admin",
operations = [
UnifiedRoleManagementPolicyRuleTargetOperations.All,
],
level = "Eligibility",
inheritable_settings = [
],
enforced_settings = [
],
),
),
UnifiedRoleManagementPolicyNotificationRule(
odata_type = "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule",
id = "Notification_Admin_Admin_Eligibility",
notification_type = "Email",
recipient_type = "Admin",
notification_level = "All",
is_default_recipients_enabled = True,
notification_recipients = [
],
target = UnifiedRoleManagementPolicyRuleTarget(
caller = "Admin",
operations = [
UnifiedRoleManagementPolicyRuleTargetOperations.All,
],
level = "Eligibility",
inheritable_settings = [
],
enforced_settings = [
],
),
),
],
)
result = await graph_client.policies.role_management_policies.by_unified_role_management_policy_id('unifiedRoleManagementPolicy-id').patch(request_body)
Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider, см. в документации по SDK.
Отклик
Ниже приводится пример отклика.
HTTP/1.1 200 OK
Content-Type: application/json
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#policies/roleManagementPolicies/$entity",
"id": "Group_60bba733-f09d-49b7-8445-32369aa066b3_f21b26d9-9ff9-4af1-b1d4-bddf28591369",
"displayName": "Group",
"description": "Group",
"isOrganizationDefault": false,
"scopeId": "60bba733-f09d-49b7-8445-32369aa066b3",
"scopeType": "Group",
"lastModifiedDateTime": "2023-10-01T23:29:43.687Z",
"lastModifiedBy": {
"displayName": "Test User 1",
"id": null
}
}
Обратная связь
Были ли сведения на этой странице полезными?
Обратная связь
Ожидается в ближайшее время: в течение 2024 года мы постепенно откажемся от GitHub Issues как механизма обратной связи для контента и заменим его новой системой обратной связи. Дополнительные сведения см. в разделе https://aka.ms/ContentUserFeedback.
Отправить и просмотреть отзыв по