创建 resourceRoleScope

项目
03/15/2024

命名空间：microsoft.graph

创建新的 accessPackageResourceRoleScope ，用于向访问包添加资源角色。对于组、应用程序或 SharePoint Online 网站，访问包资源必须已存在于访问包目录中，并且从资源角色列表中检索到的资源角色的 originId。将资源角色范围添加到访问包后，用户将通过任何当前和将来的访问包分配接收此资源角色。

此 API 可用于以下国家级云部署。

全局服务	美国政府 L4	美国政府 L5 (DOD)	由世纪互联运营的中国
✅	✅	✅	✅

权限

为此 API 选择标记为最低特权的权限。只有在应用需要它时，才使用更高的特权权限。有关委派权限和应用程序权限的详细信息，请参阅权限类型。要了解有关这些权限的详细信息，请参阅权限参考。

权限类型	最低特权权限	更高特权权限
委派（工作或学校帐户）	EntitlementManagement.ReadWrite.All	不可用。
委派（个人 Microsoft 帐户）	不支持。	不支持。
应用程序	EntitlementManagement.ReadWrite.All	不可用。

HTTP 请求

POST /identityGovernance/entitlementManagement/accessPackages/{id}/resourceRoleScopes

请求标头

名称	说明
Authorization	持有者 {token}。必填。详细了解身份验证和授权。
Content-Type	application/json. 必需。

请求正文

在请求正文中，提供 accessPackageResourceRoleScope 对象的 JSON 表示形式。在对象中包括与 accessPackageResourceRole 对象和 accessPackageResourceScope 对象的关系，这些关系可以从请求获取，以列出目录访问包资源，使用 $expand=roles,scopes。

响应

如果成功，此方法在响应正文中返回 200 系列响应代码和新的 accessPackageResourceRoleScope 对象。

示例

示例 1：向访问包添加 SharePoint Online 网站角色

请求

以下示例演示了向访问包的资源角色列表添加 SharePoint Online 网站角色的请求。站点的访问包资源必须已添加到包含此访问包的访问包目录中。

请求包含 accessPackageResourceRole 对象。每种类型的资源定义资源角色中的 originId 字段的格式。对于 SharePoint Online 网站，originId 将是网站中角色的序列号。可以从请求获取资源角色，以检索 SharePoint Online 网站集的资源角色。

POST https://graph.microsoft.com/v1.0/identityGovernance/entitlementManagement/accessPackages/{id}/resourceRoleScopes
Content-type: application/json

{
    "role": {
        "displayName": "Contributors",
        "originSystem": "SharePointOnline",
        "originId": "4",
        "resource": {
            "id": "53c71803-a0a8-4777-aecc-075de8ee3991"
        }
    },
    "scope": {
        "displayName": "Root",
        "description": "Root Scope",
        "originId": "https://contoso.sharepoint.com/portals/Community",
        "originSystem": "SharePointOnline",
        "isRootScope": true
    }
}


// Code snippets are only available for the latest version. Current version is 5.x

// Dependencies
using Microsoft.Graph.Models;

var requestBody = new AccessPackageResourceRoleScope
{
	Role = new AccessPackageResourceRole
	{
		DisplayName = "Contributors",
		OriginSystem = "SharePointOnline",
		OriginId = "4",
		Resource = new AccessPackageResource
		{
			Id = "53c71803-a0a8-4777-aecc-075de8ee3991",
		},
	},
	Scope = new AccessPackageResourceScope
	{
		DisplayName = "Root",
		Description = "Root Scope",
		OriginId = "https://contoso.sharepoint.com/portals/Community",
		OriginSystem = "SharePointOnline",
		IsRootScope = true,
	},
};

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.EntitlementManagement.AccessPackages["{accessPackage-id}"].ResourceRoleScopes.PostAsync(requestBody);


// THE CLI IS IN PREVIEW. NON-PRODUCTION USE ONLY
mgc identity-governance entitlement-management access-packages resource-role-scopes create --access-package-id {accessPackage-id} --body '{\
    "role": {\
        "displayName": "Contributors",\
        "originSystem": "SharePointOnline",\
        "originId": "4",\
        "resource": {\
            "id": "53c71803-a0a8-4777-aecc-075de8ee3991"\
        }\
    },\
    "scope": {\
        "displayName": "Root",\
        "description": "Root Scope",\
        "originId": "https://contoso.sharepoint.com/portals/Community",\
        "originSystem": "SharePointOnline",\
        "isRootScope": true\
    }\
}\
'



import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
	  graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
	  //other-imports
)

graphClient := msgraphsdk.NewGraphServiceClientWithCredentials(cred, scopes)


requestBody := graphmodels.NewAccessPackageResourceRoleScope()
role := graphmodels.NewAccessPackageResourceRole()
displayName := "Contributors"
role.SetDisplayName(&displayName) 
originSystem := "SharePointOnline"
role.SetOriginSystem(&originSystem) 
originId := "4"
role.SetOriginId(&originId) 
resource := graphmodels.NewAccessPackageResource()
id := "53c71803-a0a8-4777-aecc-075de8ee3991"
resource.SetId(&id) 
role.SetResource(resource)
requestBody.SetRole(role)
scope := graphmodels.NewAccessPackageResourceScope()
displayName := "Root"
scope.SetDisplayName(&displayName) 
description := "Root Scope"
scope.SetDescription(&description) 
originId := "https://contoso.sharepoint.com/portals/Community"
scope.SetOriginId(&originId) 
originSystem := "SharePointOnline"
scope.SetOriginSystem(&originSystem) 
isRootScope := true
scope.SetIsRootScope(&isRootScope) 
requestBody.SetScope(scope)

resourceRoleScopes, err := graphClient.IdentityGovernance().EntitlementManagement().AccessPackages().ByAccessPackageId("accessPackage-id").ResourceRoleScopes().Post(context.Background(), requestBody, nil)


// Code snippets are only available for the latest version. Current version is 6.x

GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);

AccessPackageResourceRoleScope accessPackageResourceRoleScope = new AccessPackageResourceRoleScope();
AccessPackageResourceRole role = new AccessPackageResourceRole();
role.setDisplayName("Contributors");
role.setOriginSystem("SharePointOnline");
role.setOriginId("4");
AccessPackageResource resource = new AccessPackageResource();
resource.setId("53c71803-a0a8-4777-aecc-075de8ee3991");
role.setResource(resource);
accessPackageResourceRoleScope.setRole(role);
AccessPackageResourceScope scope = new AccessPackageResourceScope();
scope.setDisplayName("Root");
scope.setDescription("Root Scope");
scope.setOriginId("https://contoso.sharepoint.com/portals/Community");
scope.setOriginSystem("SharePointOnline");
scope.setIsRootScope(true);
accessPackageResourceRoleScope.setScope(scope);
AccessPackageResourceRoleScope result = graphClient.identityGovernance().entitlementManagement().accessPackages().byAccessPackageId("{accessPackage-id}").resourceRoleScopes().post(accessPackageResourceRoleScope);


const options = {
	authProvider,
};

const client = Client.init(options);

const accessPackageResourceRoleScope = {
    role: {
        displayName: 'Contributors',
        originSystem: 'SharePointOnline',
        originId: '4',
        resource: {
            id: '53c71803-a0a8-4777-aecc-075de8ee3991'
        }
    },
    scope: {
        displayName: 'Root',
        description: 'Root Scope',
        originId: 'https://contoso.sharepoint.com/portals/Community',
        originSystem: 'SharePointOnline',
        isRootScope: true
    }
};

await client.api('/identityGovernance/entitlementManagement/accessPackages/{id}/resourceRoleScopes')
	.post(accessPackageResourceRoleScope);


<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\AccessPackageResourceRoleScope;
use Microsoft\Graph\Generated\Models\AccessPackageResourceRole;
use Microsoft\Graph\Generated\Models\AccessPackageResource;
use Microsoft\Graph\Generated\Models\AccessPackageResourceScope;


$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);

$requestBody = new AccessPackageResourceRoleScope();
$role = new AccessPackageResourceRole();
$role->setDisplayName('Contributors');
$role->setOriginSystem('SharePointOnline');
$role->setOriginId('4');
$roleResource = new AccessPackageResource();
$roleResource->setId('53c71803-a0a8-4777-aecc-075de8ee3991');
$role->setResource($roleResource);
$requestBody->setRole($role);
$scope = new AccessPackageResourceScope();
$scope->setDisplayName('Root');
$scope->setDescription('Root Scope');
$scope->setOriginId('https://contoso.sharepoint.com/portals/Community');
$scope->setOriginSystem('SharePointOnline');
$scope->setIsRootScope(true);
$requestBody->setScope($scope);

$result = $graphServiceClient->identityGovernance()->entitlementManagement()->accessPackages()->byAccessPackageId('accessPackage-id')->resourceRoleScopes()->post($requestBody)->wait();


Import-Module Microsoft.Graph.Identity.Governance

$params = @{
	role = @{
		displayName = "Contributors"
		originSystem = "SharePointOnline"
		originId = "4"
		resource = @{
			id = "53c71803-a0a8-4777-aecc-075de8ee3991"
		}
	}
	scope = @{
		displayName = "Root"
		description = "Root Scope"
		originId = "https://contoso.sharepoint.com/portals/Community"
		originSystem = "SharePointOnline"
		isRootScope = $true
	}
}

New-MgEntitlementManagementAccessPackageResourceRoleScope -AccessPackageId $accessPackageId -BodyParameter $params


from msgraph import GraphServiceClient
from msgraph.generated.models.access_package_resource_role_scope import AccessPackageResourceRoleScope
from msgraph.generated.models.access_package_resource_role import AccessPackageResourceRole
from msgraph.generated.models.access_package_resource import AccessPackageResource
from msgraph.generated.models.access_package_resource_scope import AccessPackageResourceScope

graph_client = GraphServiceClient(credentials, scopes)

request_body = AccessPackageResourceRoleScope(
	role = AccessPackageResourceRole(
		display_name = "Contributors",
		origin_system = "SharePointOnline",
		origin_id = "4",
		resource = AccessPackageResource(
			id = "53c71803-a0a8-4777-aecc-075de8ee3991",
		),
	),
	scope = AccessPackageResourceScope(
		display_name = "Root",
		description = "Root Scope",
		origin_id = "https://contoso.sharepoint.com/portals/Community",
		origin_system = "SharePointOnline",
		is_root_scope = True,
	),
)

result = await graph_client.identity_governance.entitlement_management.access_packages.by_access_package_id('accessPackage-id').resource_role_scopes.post(request_body)

响应

以下示例显示了相应的响应。

HTTP/1.1 201 Created
Content-type: application/json

{
   "id": "6646a29e-da03-49f6-bcd9-dec124492de3_5ae0ae7c-d0a5-42aa-ab37-1f15e9a61d33",
    "createdDateTime": "2023-06-28T01:19:48.4216782Z"
}

示例 2：向访问包添加应用程序角色

请求

以下示例演示了将应用程序角色添加到访问包的资源角色列表的请求。应用程序的访问包资源必须已添加到包含此访问包的访问包目录中。 role和 resourcescope 可以通过目录的资源列表获取。

POST https://graph.microsoft.com/v1.0/identityGovernance/entitlementManagement/accessPackages/cdd5f06b-752a-4c9f-97a6-82f4eda6c76d/resourceRoleScopes
Content-type: application/json

{
    "role": {
        "id": "cde82ecb-e461-496b-98fb-4f807c7ca640",
        "displayName": "Standard User",
        "description": "Standard User",
        "originSystem": "AadApplication",
        "originId": "a29a7690-b3c4-4ed5-96c6-f640cde06fb8",
        "resource": {
            "id": "5f80c0c7-a180-4521-b585-18200048a0d8",
            "originId": "e81d7f57-0840-45e1-894b-f505c1bdcc1f",
            "originSystem": "AadApplication"
        }
    },
    "scope": {
        "id": "dbeb8772-9907-4e95-a28e-a8d70dbcda69",
        "originId": "e81d7f57-0840-45e1-894b-f505c1bdcc1f",
        "originSystem": "AadApplication",
        "isRootScope": true
    }
}


// Code snippets are only available for the latest version. Current version is 5.x

// Dependencies
using Microsoft.Graph.Models;

var requestBody = new AccessPackageResourceRoleScope
{
	Role = new AccessPackageResourceRole
	{
		Id = "cde82ecb-e461-496b-98fb-4f807c7ca640",
		DisplayName = "Standard User",
		Description = "Standard User",
		OriginSystem = "AadApplication",
		OriginId = "a29a7690-b3c4-4ed5-96c6-f640cde06fb8",
		Resource = new AccessPackageResource
		{
			Id = "5f80c0c7-a180-4521-b585-18200048a0d8",
			OriginId = "e81d7f57-0840-45e1-894b-f505c1bdcc1f",
			OriginSystem = "AadApplication",
		},
	},
	Scope = new AccessPackageResourceScope
	{
		Id = "dbeb8772-9907-4e95-a28e-a8d70dbcda69",
		OriginId = "e81d7f57-0840-45e1-894b-f505c1bdcc1f",
		OriginSystem = "AadApplication",
		IsRootScope = true,
	},
};

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.EntitlementManagement.AccessPackages["{accessPackage-id}"].ResourceRoleScopes.PostAsync(requestBody);


// THE CLI IS IN PREVIEW. NON-PRODUCTION USE ONLY
mgc identity-governance entitlement-management access-packages resource-role-scopes create --access-package-id {accessPackage-id} --body '{\
    "role": {\
        "id": "cde82ecb-e461-496b-98fb-4f807c7ca640",\
        "displayName": "Standard User",\
        "description": "Standard User",\
        "originSystem": "AadApplication",\
        "originId": "a29a7690-b3c4-4ed5-96c6-f640cde06fb8",\
        "resource": {\
            "id": "5f80c0c7-a180-4521-b585-18200048a0d8",\
            "originId": "e81d7f57-0840-45e1-894b-f505c1bdcc1f",\
            "originSystem": "AadApplication"\
        }\
    },\
    "scope": {\
        "id": "dbeb8772-9907-4e95-a28e-a8d70dbcda69",\
        "originId": "e81d7f57-0840-45e1-894b-f505c1bdcc1f",\
        "originSystem": "AadApplication",\
        "isRootScope": true\
    }\
}\
'



import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
	  graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
	  //other-imports
)

graphClient := msgraphsdk.NewGraphServiceClientWithCredentials(cred, scopes)


requestBody := graphmodels.NewAccessPackageResourceRoleScope()
role := graphmodels.NewAccessPackageResourceRole()
id := "cde82ecb-e461-496b-98fb-4f807c7ca640"
role.SetId(&id) 
displayName := "Standard User"
role.SetDisplayName(&displayName) 
description := "Standard User"
role.SetDescription(&description) 
originSystem := "AadApplication"
role.SetOriginSystem(&originSystem) 
originId := "a29a7690-b3c4-4ed5-96c6-f640cde06fb8"
role.SetOriginId(&originId) 
resource := graphmodels.NewAccessPackageResource()
id := "5f80c0c7-a180-4521-b585-18200048a0d8"
resource.SetId(&id) 
originId := "e81d7f57-0840-45e1-894b-f505c1bdcc1f"
resource.SetOriginId(&originId) 
originSystem := "AadApplication"
resource.SetOriginSystem(&originSystem) 
role.SetResource(resource)
requestBody.SetRole(role)
scope := graphmodels.NewAccessPackageResourceScope()
id := "dbeb8772-9907-4e95-a28e-a8d70dbcda69"
scope.SetId(&id) 
originId := "e81d7f57-0840-45e1-894b-f505c1bdcc1f"
scope.SetOriginId(&originId) 
originSystem := "AadApplication"
scope.SetOriginSystem(&originSystem) 
isRootScope := true
scope.SetIsRootScope(&isRootScope) 
requestBody.SetScope(scope)

resourceRoleScopes, err := graphClient.IdentityGovernance().EntitlementManagement().AccessPackages().ByAccessPackageId("accessPackage-id").ResourceRoleScopes().Post(context.Background(), requestBody, nil)


// Code snippets are only available for the latest version. Current version is 6.x

GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);

AccessPackageResourceRoleScope accessPackageResourceRoleScope = new AccessPackageResourceRoleScope();
AccessPackageResourceRole role = new AccessPackageResourceRole();
role.setId("cde82ecb-e461-496b-98fb-4f807c7ca640");
role.setDisplayName("Standard User");
role.setDescription("Standard User");
role.setOriginSystem("AadApplication");
role.setOriginId("a29a7690-b3c4-4ed5-96c6-f640cde06fb8");
AccessPackageResource resource = new AccessPackageResource();
resource.setId("5f80c0c7-a180-4521-b585-18200048a0d8");
resource.setOriginId("e81d7f57-0840-45e1-894b-f505c1bdcc1f");
resource.setOriginSystem("AadApplication");
role.setResource(resource);
accessPackageResourceRoleScope.setRole(role);
AccessPackageResourceScope scope = new AccessPackageResourceScope();
scope.setId("dbeb8772-9907-4e95-a28e-a8d70dbcda69");
scope.setOriginId("e81d7f57-0840-45e1-894b-f505c1bdcc1f");
scope.setOriginSystem("AadApplication");
scope.setIsRootScope(true);
accessPackageResourceRoleScope.setScope(scope);
AccessPackageResourceRoleScope result = graphClient.identityGovernance().entitlementManagement().accessPackages().byAccessPackageId("{accessPackage-id}").resourceRoleScopes().post(accessPackageResourceRoleScope);


const options = {
	authProvider,
};

const client = Client.init(options);

const accessPackageResourceRoleScope = {
    role: {
        id: 'cde82ecb-e461-496b-98fb-4f807c7ca640',
        displayName: 'Standard User',
        description: 'Standard User',
        originSystem: 'AadApplication',
        originId: 'a29a7690-b3c4-4ed5-96c6-f640cde06fb8',
        resource: {
            id: '5f80c0c7-a180-4521-b585-18200048a0d8',
            originId: 'e81d7f57-0840-45e1-894b-f505c1bdcc1f',
            originSystem: 'AadApplication'
        }
    },
    scope: {
        id: 'dbeb8772-9907-4e95-a28e-a8d70dbcda69',
        originId: 'e81d7f57-0840-45e1-894b-f505c1bdcc1f',
        originSystem: 'AadApplication',
        isRootScope: true
    }
};

await client.api('/identityGovernance/entitlementManagement/accessPackages/cdd5f06b-752a-4c9f-97a6-82f4eda6c76d/resourceRoleScopes')
	.post(accessPackageResourceRoleScope);


<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\AccessPackageResourceRoleScope;
use Microsoft\Graph\Generated\Models\AccessPackageResourceRole;
use Microsoft\Graph\Generated\Models\AccessPackageResource;
use Microsoft\Graph\Generated\Models\AccessPackageResourceScope;


$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);

$requestBody = new AccessPackageResourceRoleScope();
$role = new AccessPackageResourceRole();
$role->setId('cde82ecb-e461-496b-98fb-4f807c7ca640');
$role->setDisplayName('Standard User');
$role->setDescription('Standard User');
$role->setOriginSystem('AadApplication');
$role->setOriginId('a29a7690-b3c4-4ed5-96c6-f640cde06fb8');
$roleResource = new AccessPackageResource();
$roleResource->setId('5f80c0c7-a180-4521-b585-18200048a0d8');
$roleResource->setOriginId('e81d7f57-0840-45e1-894b-f505c1bdcc1f');
$roleResource->setOriginSystem('AadApplication');
$role->setResource($roleResource);
$requestBody->setRole($role);
$scope = new AccessPackageResourceScope();
$scope->setId('dbeb8772-9907-4e95-a28e-a8d70dbcda69');
$scope->setOriginId('e81d7f57-0840-45e1-894b-f505c1bdcc1f');
$scope->setOriginSystem('AadApplication');
$scope->setIsRootScope(true);
$requestBody->setScope($scope);

$result = $graphServiceClient->identityGovernance()->entitlementManagement()->accessPackages()->byAccessPackageId('accessPackage-id')->resourceRoleScopes()->post($requestBody)->wait();


Import-Module Microsoft.Graph.Identity.Governance

$params = @{
	role = @{
		id = "cde82ecb-e461-496b-98fb-4f807c7ca640"
		displayName = "Standard User"
		description = "Standard User"
		originSystem = "AadApplication"
		originId = "a29a7690-b3c4-4ed5-96c6-f640cde06fb8"
		resource = @{
			id = "5f80c0c7-a180-4521-b585-18200048a0d8"
			originId = "e81d7f57-0840-45e1-894b-f505c1bdcc1f"
			originSystem = "AadApplication"
		}
	}
	scope = @{
		id = "dbeb8772-9907-4e95-a28e-a8d70dbcda69"
		originId = "e81d7f57-0840-45e1-894b-f505c1bdcc1f"
		originSystem = "AadApplication"
		isRootScope = $true
	}
}

New-MgEntitlementManagementAccessPackageResourceRoleScope -AccessPackageId $accessPackageId -BodyParameter $params


from msgraph import GraphServiceClient
from msgraph.generated.models.access_package_resource_role_scope import AccessPackageResourceRoleScope
from msgraph.generated.models.access_package_resource_role import AccessPackageResourceRole
from msgraph.generated.models.access_package_resource import AccessPackageResource
from msgraph.generated.models.access_package_resource_scope import AccessPackageResourceScope

graph_client = GraphServiceClient(credentials, scopes)

request_body = AccessPackageResourceRoleScope(
	role = AccessPackageResourceRole(
		id = "cde82ecb-e461-496b-98fb-4f807c7ca640",
		display_name = "Standard User",
		description = "Standard User",
		origin_system = "AadApplication",
		origin_id = "a29a7690-b3c4-4ed5-96c6-f640cde06fb8",
		resource = AccessPackageResource(
			id = "5f80c0c7-a180-4521-b585-18200048a0d8",
			origin_id = "e81d7f57-0840-45e1-894b-f505c1bdcc1f",
			origin_system = "AadApplication",
		),
	),
	scope = AccessPackageResourceScope(
		id = "dbeb8772-9907-4e95-a28e-a8d70dbcda69",
		origin_id = "e81d7f57-0840-45e1-894b-f505c1bdcc1f",
		origin_system = "AadApplication",
		is_root_scope = True,
	),
)

result = await graph_client.identity_governance.entitlement_management.access_packages.by_access_package_id('accessPackage-id').resource_role_scopes.post(request_body)

响应

以下示例显示了相应的响应。

HTTP/1.1 201 Created
Content-type: application/json

{
   "id": "cde82ecb-e461-496b-98fb-4f807c7ca640_dbeb8772-9907-4e95-a28e-a8d70dbcda69",
   "createdDateTime": "2023-06-28T01:19:48.4216782Z"
}

示例 3：向访问包添加组成员身份

请求

以下示例演示了向访问包的资源角色列表添加组成员身份的请求。组的访问包资源必须已添加到包含此访问包的访问包目录中。 role和 resourcescope 可以通过目录的资源列表获取。

POST https://graph.microsoft.com/v1.0/identityGovernance/entitlementManagement/accessPackages/cdd5f06b-752a-4c9f-97a6-82f4eda6c76d/resourceRoleScopes
Content-type: application/json

{
    "role": {
        "id": "748f8431-c7c6-404d-8564-df67aa8cfc5e",
        "displayName": "Member",
        "originSystem": "AadGroup",
        "originId": "Member_0282e19d-bf41-435d-92a4-99bab93af305",
        "resource": {
            "id": "b16e0e71-17b4-4ebd-a3cd-8a468542e418",
            "displayName": "example group",
            "description": "a group whose members are to be assigned via an access package",
            "originId": "0282e19d-bf41-435d-92a4-99bab93af305",
            "originSystem": "AadGroup"
        }
    },
    "scope": {
        "id": "83b3e3e9-c8b3-481b-ad80-53e29d1eda9c",
        "displayName": "Root",
        "description": "Root Scope",
        "originId": "0282e19d-bf41-435d-92a4-99bab93af305",
        "originSystem": "AadGroup",
        "isRootScope": true
    }
}


// Code snippets are only available for the latest version. Current version is 5.x

// Dependencies
using Microsoft.Graph.Models;

var requestBody = new AccessPackageResourceRoleScope
{
	Role = new AccessPackageResourceRole
	{
		Id = "748f8431-c7c6-404d-8564-df67aa8cfc5e",
		DisplayName = "Member",
		OriginSystem = "AadGroup",
		OriginId = "Member_0282e19d-bf41-435d-92a4-99bab93af305",
		Resource = new AccessPackageResource
		{
			Id = "b16e0e71-17b4-4ebd-a3cd-8a468542e418",
			DisplayName = "example group",
			Description = "a group whose members are to be assigned via an access package",
			OriginId = "0282e19d-bf41-435d-92a4-99bab93af305",
			OriginSystem = "AadGroup",
		},
	},
	Scope = new AccessPackageResourceScope
	{
		Id = "83b3e3e9-c8b3-481b-ad80-53e29d1eda9c",
		DisplayName = "Root",
		Description = "Root Scope",
		OriginId = "0282e19d-bf41-435d-92a4-99bab93af305",
		OriginSystem = "AadGroup",
		IsRootScope = true,
	},
};

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.EntitlementManagement.AccessPackages["{accessPackage-id}"].ResourceRoleScopes.PostAsync(requestBody);


// THE CLI IS IN PREVIEW. NON-PRODUCTION USE ONLY
mgc identity-governance entitlement-management access-packages resource-role-scopes create --access-package-id {accessPackage-id} --body '{\
    "role": {\
        "id": "748f8431-c7c6-404d-8564-df67aa8cfc5e",\
        "displayName": "Member",\
        "originSystem": "AadGroup",\
        "originId": "Member_0282e19d-bf41-435d-92a4-99bab93af305",\
        "resource": {\
            "id": "b16e0e71-17b4-4ebd-a3cd-8a468542e418",\
            "displayName": "example group",\
            "description": "a group whose members are to be assigned via an access package",\
            "originId": "0282e19d-bf41-435d-92a4-99bab93af305",\
            "originSystem": "AadGroup"\
        }\
    },\
    "scope": {\
        "id": "83b3e3e9-c8b3-481b-ad80-53e29d1eda9c",\
        "displayName": "Root",\
        "description": "Root Scope",\
        "originId": "0282e19d-bf41-435d-92a4-99bab93af305",\
        "originSystem": "AadGroup",\
        "isRootScope": true\
    }\
}\
'



import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
	  graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
	  //other-imports
)

graphClient := msgraphsdk.NewGraphServiceClientWithCredentials(cred, scopes)


requestBody := graphmodels.NewAccessPackageResourceRoleScope()
role := graphmodels.NewAccessPackageResourceRole()
id := "748f8431-c7c6-404d-8564-df67aa8cfc5e"
role.SetId(&id) 
displayName := "Member"
role.SetDisplayName(&displayName) 
originSystem := "AadGroup"
role.SetOriginSystem(&originSystem) 
originId := "Member_0282e19d-bf41-435d-92a4-99bab93af305"
role.SetOriginId(&originId) 
resource := graphmodels.NewAccessPackageResource()
id := "b16e0e71-17b4-4ebd-a3cd-8a468542e418"
resource.SetId(&id) 
displayName := "example group"
resource.SetDisplayName(&displayName) 
description := "a group whose members are to be assigned via an access package"
resource.SetDescription(&description) 
originId := "0282e19d-bf41-435d-92a4-99bab93af305"
resource.SetOriginId(&originId) 
originSystem := "AadGroup"
resource.SetOriginSystem(&originSystem) 
role.SetResource(resource)
requestBody.SetRole(role)
scope := graphmodels.NewAccessPackageResourceScope()
id := "83b3e3e9-c8b3-481b-ad80-53e29d1eda9c"
scope.SetId(&id) 
displayName := "Root"
scope.SetDisplayName(&displayName) 
description := "Root Scope"
scope.SetDescription(&description) 
originId := "0282e19d-bf41-435d-92a4-99bab93af305"
scope.SetOriginId(&originId) 
originSystem := "AadGroup"
scope.SetOriginSystem(&originSystem) 
isRootScope := true
scope.SetIsRootScope(&isRootScope) 
requestBody.SetScope(scope)

resourceRoleScopes, err := graphClient.IdentityGovernance().EntitlementManagement().AccessPackages().ByAccessPackageId("accessPackage-id").ResourceRoleScopes().Post(context.Background(), requestBody, nil)


// Code snippets are only available for the latest version. Current version is 6.x

GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);

AccessPackageResourceRoleScope accessPackageResourceRoleScope = new AccessPackageResourceRoleScope();
AccessPackageResourceRole role = new AccessPackageResourceRole();
role.setId("748f8431-c7c6-404d-8564-df67aa8cfc5e");
role.setDisplayName("Member");
role.setOriginSystem("AadGroup");
role.setOriginId("Member_0282e19d-bf41-435d-92a4-99bab93af305");
AccessPackageResource resource = new AccessPackageResource();
resource.setId("b16e0e71-17b4-4ebd-a3cd-8a468542e418");
resource.setDisplayName("example group");
resource.setDescription("a group whose members are to be assigned via an access package");
resource.setOriginId("0282e19d-bf41-435d-92a4-99bab93af305");
resource.setOriginSystem("AadGroup");
role.setResource(resource);
accessPackageResourceRoleScope.setRole(role);
AccessPackageResourceScope scope = new AccessPackageResourceScope();
scope.setId("83b3e3e9-c8b3-481b-ad80-53e29d1eda9c");
scope.setDisplayName("Root");
scope.setDescription("Root Scope");
scope.setOriginId("0282e19d-bf41-435d-92a4-99bab93af305");
scope.setOriginSystem("AadGroup");
scope.setIsRootScope(true);
accessPackageResourceRoleScope.setScope(scope);
AccessPackageResourceRoleScope result = graphClient.identityGovernance().entitlementManagement().accessPackages().byAccessPackageId("{accessPackage-id}").resourceRoleScopes().post(accessPackageResourceRoleScope);


const options = {
	authProvider,
};

const client = Client.init(options);

const accessPackageResourceRoleScope = {
    role: {
        id: '748f8431-c7c6-404d-8564-df67aa8cfc5e',
        displayName: 'Member',
        originSystem: 'AadGroup',
        originId: 'Member_0282e19d-bf41-435d-92a4-99bab93af305',
        resource: {
            id: 'b16e0e71-17b4-4ebd-a3cd-8a468542e418',
            displayName: 'example group',
            description: 'a group whose members are to be assigned via an access package',
            originId: '0282e19d-bf41-435d-92a4-99bab93af305',
            originSystem: 'AadGroup'
        }
    },
    scope: {
        id: '83b3e3e9-c8b3-481b-ad80-53e29d1eda9c',
        displayName: 'Root',
        description: 'Root Scope',
        originId: '0282e19d-bf41-435d-92a4-99bab93af305',
        originSystem: 'AadGroup',
        isRootScope: true
    }
};

await client.api('/identityGovernance/entitlementManagement/accessPackages/cdd5f06b-752a-4c9f-97a6-82f4eda6c76d/resourceRoleScopes')
	.post(accessPackageResourceRoleScope);


<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\AccessPackageResourceRoleScope;
use Microsoft\Graph\Generated\Models\AccessPackageResourceRole;
use Microsoft\Graph\Generated\Models\AccessPackageResource;
use Microsoft\Graph\Generated\Models\AccessPackageResourceScope;


$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);

$requestBody = new AccessPackageResourceRoleScope();
$role = new AccessPackageResourceRole();
$role->setId('748f8431-c7c6-404d-8564-df67aa8cfc5e');
$role->setDisplayName('Member');
$role->setOriginSystem('AadGroup');
$role->setOriginId('Member_0282e19d-bf41-435d-92a4-99bab93af305');
$roleResource = new AccessPackageResource();
$roleResource->setId('b16e0e71-17b4-4ebd-a3cd-8a468542e418');
$roleResource->setDisplayName('example group');
$roleResource->setDescription('a group whose members are to be assigned via an access package');
$roleResource->setOriginId('0282e19d-bf41-435d-92a4-99bab93af305');
$roleResource->setOriginSystem('AadGroup');
$role->setResource($roleResource);
$requestBody->setRole($role);
$scope = new AccessPackageResourceScope();
$scope->setId('83b3e3e9-c8b3-481b-ad80-53e29d1eda9c');
$scope->setDisplayName('Root');
$scope->setDescription('Root Scope');
$scope->setOriginId('0282e19d-bf41-435d-92a4-99bab93af305');
$scope->setOriginSystem('AadGroup');
$scope->setIsRootScope(true);
$requestBody->setScope($scope);

$result = $graphServiceClient->identityGovernance()->entitlementManagement()->accessPackages()->byAccessPackageId('accessPackage-id')->resourceRoleScopes()->post($requestBody)->wait();


Import-Module Microsoft.Graph.Identity.Governance

$params = @{
	role = @{
		id = "748f8431-c7c6-404d-8564-df67aa8cfc5e"
		displayName = "Member"
		originSystem = "AadGroup"
		originId = "Member_0282e19d-bf41-435d-92a4-99bab93af305"
		resource = @{
			id = "b16e0e71-17b4-4ebd-a3cd-8a468542e418"
			displayName = "example group"
			description = "a group whose members are to be assigned via an access package"
			originId = "0282e19d-bf41-435d-92a4-99bab93af305"
			originSystem = "AadGroup"
		}
	}
	scope = @{
		id = "83b3e3e9-c8b3-481b-ad80-53e29d1eda9c"
		displayName = "Root"
		description = "Root Scope"
		originId = "0282e19d-bf41-435d-92a4-99bab93af305"
		originSystem = "AadGroup"
		isRootScope = $true
	}
}

New-MgEntitlementManagementAccessPackageResourceRoleScope -AccessPackageId $accessPackageId -BodyParameter $params


from msgraph import GraphServiceClient
from msgraph.generated.models.access_package_resource_role_scope import AccessPackageResourceRoleScope
from msgraph.generated.models.access_package_resource_role import AccessPackageResourceRole
from msgraph.generated.models.access_package_resource import AccessPackageResource
from msgraph.generated.models.access_package_resource_scope import AccessPackageResourceScope

graph_client = GraphServiceClient(credentials, scopes)

request_body = AccessPackageResourceRoleScope(
	role = AccessPackageResourceRole(
		id = "748f8431-c7c6-404d-8564-df67aa8cfc5e",
		display_name = "Member",
		origin_system = "AadGroup",
		origin_id = "Member_0282e19d-bf41-435d-92a4-99bab93af305",
		resource = AccessPackageResource(
			id = "b16e0e71-17b4-4ebd-a3cd-8a468542e418",
			display_name = "example group",
			description = "a group whose members are to be assigned via an access package",
			origin_id = "0282e19d-bf41-435d-92a4-99bab93af305",
			origin_system = "AadGroup",
		),
	),
	scope = AccessPackageResourceScope(
		id = "83b3e3e9-c8b3-481b-ad80-53e29d1eda9c",
		display_name = "Root",
		description = "Root Scope",
		origin_id = "0282e19d-bf41-435d-92a4-99bab93af305",
		origin_system = "AadGroup",
		is_root_scope = True,
	),
)

result = await graph_client.identity_governance.entitlement_management.access_packages.by_access_package_id('accessPackage-id').resource_role_scopes.post(request_body)

响应

以下示例显示了相应的响应。

HTTP/1.1 201 Created
Content-type: application/json

{
   "id": "748f8431-c7c6-404d-8564-df67aa8cfc5e_83b3e3e9-c8b3-481b-ad80-53e29d1eda9c",
   "createdDateTime": "2023-06-28T01:19:48.4216782Z"
}

创建 resourceRoleScope

权限

HTTP 请求

请求标头

请求正文

响应

示例

示例 1：向访问包添加 SharePoint Online 网站角色

请求

响应

示例 2：向访问包添加应用程序角色

请求

响应

示例 3：向访问包添加组成员身份

请求

响应

反馈

反馈

其他资源