命名空间:microsoft.graph
创建新的 accessPackageResourceRoleScope ,用于向访问包添加资源角色。 对于组、应用程序或 SharePoint Online 网站,访问包资源必须已存在于访问包目录中,并且从资源角色列表中检索到的资源角色的 originId。 将资源角色范围添加到访问包后,用户将通过任何当前和将来的访问包分配接收此资源角色。
此 API 可用于以下国家级云部署。
| 全局服务 |
美国政府 L4 |
美国政府 L5 (DOD) |
由世纪互联运营的中国 |
| ✅ |
✅ |
✅ |
✅ |
权限
为此 API 选择标记为最低特权的权限。
只有在应用需要它时,才使用更高的特权权限。 有关委派权限和应用程序权限的详细信息,请参阅权限类型。 要了解有关这些权限的详细信息,请参阅 权限参考。
| 权限类型 |
最低特权权限 |
更高特权权限 |
| 委派(工作或学校帐户) |
EntitlementManagement.ReadWrite.All |
不可用。 |
| 委派(个人 Microsoft 帐户) |
不支持。 |
不支持。 |
| 应用程序 |
EntitlementManagement.ReadWrite.All |
不可用。 |
提示
对于使用工作或学校帐户的委派访问,必须通过以下选项之一为已登录用户分配具有支持的角色权限的管理员角色:
在仅限应用的情况下,可为调用应用分配上述受支持的角色之一,而不是 EntitlementManagement.ReadWrite.All 应用程序权限。
访问包管理员角色的特权低于EntitlementManagement.ReadWrite.All应用程序权限。
有关详细信息,请参阅 权利管理中的委派和角色 以及如何 在权利管理中将访问管理委托给访问包管理员。
HTTP 请求
POST /identityGovernance/entitlementManagement/accessPackages/{id}/resourceRoleScopes
| 名称 |
说明 |
| Authorization |
持有者 {token}。 必填。 详细了解 身份验证和授权。 |
| Content-Type |
application/json. 必需。 |
请求正文
在请求正文中,提供 accessPackageResourceRoleScope 对象的 JSON 表示形式。 在 对象中包括 与 accessPackageResourceRole 对象和 accessPackageResourceScope 对象的关系,这些关系可以从请求获取,以 列出目录访问包资源,使用 $expand=roles,scopes。
响应
如果成功,此方法在响应正文中返回 200 系列响应代码和新的 accessPackageResourceRoleScope 对象。
示例
示例 1:向访问包添加 SharePoint Online 网站角色
请求
以下示例演示了向访问包的资源角色列表添加 SharePoint Online 网站角色的请求。 站点的访问包资源必须已添加到包含此访问包的访问包目录中。
请求包含 accessPackageResourceRole 对象。 每种类型的资源定义资源角色中的 originId 字段的格式。 对于 SharePoint Online 网站,originId 将是网站中角色的序列号。 可以从请求获取资源角色 ,以检索 SharePoint Online 网站集的资源角色。
POST https://graph.microsoft.com/v1.0/identityGovernance/entitlementManagement/accessPackages/{id}/resourceRoleScopes
Content-type: application/json
{
"role": {
"displayName": "Contributors",
"originSystem": "SharePointOnline",
"originId": "4",
"resource": {
"id": "53c71803-a0a8-4777-aecc-075de8ee3991"
}
},
"scope": {
"displayName": "Root",
"description": "Root Scope",
"originId": "https://contoso.sharepoint.com/portals/Community",
"originSystem": "SharePointOnline",
"isRootScope": true
}
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Models;
var requestBody = new AccessPackageResourceRoleScope
{
Role = new AccessPackageResourceRole
{
DisplayName = "Contributors",
OriginSystem = "SharePointOnline",
OriginId = "4",
Resource = new AccessPackageResource
{
Id = "53c71803-a0a8-4777-aecc-075de8ee3991",
},
},
Scope = new AccessPackageResourceScope
{
DisplayName = "Root",
Description = "Root Scope",
OriginId = "https://contoso.sharepoint.com/portals/Community",
OriginSystem = "SharePointOnline",
IsRootScope = true,
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.EntitlementManagement.AccessPackages["{accessPackage-id}"].ResourceRoleScopes.PostAsync(requestBody);
有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息,请参阅 SDK 文档。
// Code snippets are only available for the latest major version. Current major version is $v1.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewAccessPackageResourceRoleScope()
role := graphmodels.NewAccessPackageResourceRole()
displayName := "Contributors"
role.SetDisplayName(&displayName)
originSystem := "SharePointOnline"
role.SetOriginSystem(&originSystem)
originId := "4"
role.SetOriginId(&originId)
resource := graphmodels.NewAccessPackageResource()
id := "53c71803-a0a8-4777-aecc-075de8ee3991"
resource.SetId(&id)
role.SetResource(resource)
requestBody.SetRole(role)
scope := graphmodels.NewAccessPackageResourceScope()
displayName := "Root"
scope.SetDisplayName(&displayName)
description := "Root Scope"
scope.SetDescription(&description)
originId := "https://contoso.sharepoint.com/portals/Community"
scope.SetOriginId(&originId)
originSystem := "SharePointOnline"
scope.SetOriginSystem(&originSystem)
isRootScope := true
scope.SetIsRootScope(&isRootScope)
requestBody.SetScope(scope)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
resourceRoleScopes, err := graphClient.IdentityGovernance().EntitlementManagement().AccessPackages().ByAccessPackageId("accessPackage-id").ResourceRoleScopes().Post(context.Background(), requestBody, nil)
有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息,请参阅 SDK 文档。
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
AccessPackageResourceRoleScope accessPackageResourceRoleScope = new AccessPackageResourceRoleScope();
AccessPackageResourceRole role = new AccessPackageResourceRole();
role.setDisplayName("Contributors");
role.setOriginSystem("SharePointOnline");
role.setOriginId("4");
AccessPackageResource resource = new AccessPackageResource();
resource.setId("53c71803-a0a8-4777-aecc-075de8ee3991");
role.setResource(resource);
accessPackageResourceRoleScope.setRole(role);
AccessPackageResourceScope scope = new AccessPackageResourceScope();
scope.setDisplayName("Root");
scope.setDescription("Root Scope");
scope.setOriginId("https://contoso.sharepoint.com/portals/Community");
scope.setOriginSystem("SharePointOnline");
scope.setIsRootScope(true);
accessPackageResourceRoleScope.setScope(scope);
AccessPackageResourceRoleScope result = graphClient.identityGovernance().entitlementManagement().accessPackages().byAccessPackageId("{accessPackage-id}").resourceRoleScopes().post(accessPackageResourceRoleScope);
有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息,请参阅 SDK 文档。
const options = {
authProvider,
};
const client = Client.init(options);
const accessPackageResourceRoleScope = {
role: {
displayName: 'Contributors',
originSystem: 'SharePointOnline',
originId: '4',
resource: {
id: '53c71803-a0a8-4777-aecc-075de8ee3991'
}
},
scope: {
displayName: 'Root',
description: 'Root Scope',
originId: 'https://contoso.sharepoint.com/portals/Community',
originSystem: 'SharePointOnline',
isRootScope: true
}
};
await client.api('/identityGovernance/entitlementManagement/accessPackages/{id}/resourceRoleScopes')
.post(accessPackageResourceRoleScope);
有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息,请参阅 SDK 文档。
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\AccessPackageResourceRoleScope;
use Microsoft\Graph\Generated\Models\AccessPackageResourceRole;
use Microsoft\Graph\Generated\Models\AccessPackageResource;
use Microsoft\Graph\Generated\Models\AccessPackageResourceScope;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new AccessPackageResourceRoleScope();
$role = new AccessPackageResourceRole();
$role->setDisplayName('Contributors');
$role->setOriginSystem('SharePointOnline');
$role->setOriginId('4');
$roleResource = new AccessPackageResource();
$roleResource->setId('53c71803-a0a8-4777-aecc-075de8ee3991');
$role->setResource($roleResource);
$requestBody->setRole($role);
$scope = new AccessPackageResourceScope();
$scope->setDisplayName('Root');
$scope->setDescription('Root Scope');
$scope->setOriginId('https://contoso.sharepoint.com/portals/Community');
$scope->setOriginSystem('SharePointOnline');
$scope->setIsRootScope(true);
$requestBody->setScope($scope);
$result = $graphServiceClient->identityGovernance()->entitlementManagement()->accessPackages()->byAccessPackageId('accessPackage-id')->resourceRoleScopes()->post($requestBody)->wait();
有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息,请参阅 SDK 文档。
Import-Module Microsoft.Graph.Identity.Governance
$params = @{
role = @{
displayName = "Contributors"
originSystem = "SharePointOnline"
originId = "4"
resource = @{
id = "53c71803-a0a8-4777-aecc-075de8ee3991"
}
}
scope = @{
displayName = "Root"
description = "Root Scope"
originId = "https://contoso.sharepoint.com/portals/Community"
originSystem = "SharePointOnline"
isRootScope = $true
}
}
New-MgEntitlementManagementAccessPackageResourceRoleScope -AccessPackageId $accessPackageId -BodyParameter $params
有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息,请参阅 SDK 文档。
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.models.access_package_resource_role_scope import AccessPackageResourceRoleScope
from msgraph.generated.models.access_package_resource_role import AccessPackageResourceRole
from msgraph.generated.models.access_package_resource import AccessPackageResource
from msgraph.generated.models.access_package_resource_scope import AccessPackageResourceScope
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = AccessPackageResourceRoleScope(
role = AccessPackageResourceRole(
display_name = "Contributors",
origin_system = "SharePointOnline",
origin_id = "4",
resource = AccessPackageResource(
id = "53c71803-a0a8-4777-aecc-075de8ee3991",
),
),
scope = AccessPackageResourceScope(
display_name = "Root",
description = "Root Scope",
origin_id = "https://contoso.sharepoint.com/portals/Community",
origin_system = "SharePointOnline",
is_root_scope = True,
),
)
result = await graph_client.identity_governance.entitlement_management.access_packages.by_access_package_id('accessPackage-id').resource_role_scopes.post(request_body)
有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息,请参阅 SDK 文档。
响应
以下示例显示了相应的响应。
注意:为了提高可读性,可能缩短了此处显示的响应对象。
HTTP/1.1 201 Created
Content-type: application/json
{
"id": "6646a29e-da03-49f6-bcd9-dec124492de3_5ae0ae7c-d0a5-42aa-ab37-1f15e9a61d33",
"createdDateTime": "2023-06-28T01:19:48.4216782Z"
}
示例 2:向访问包添加应用程序角色
请求
以下示例显示了一个请求,该请求将应用程序的角色添加到访问包的资源角色列表。 应用程序的访问包资源必须已添加到包含此访问包的访问包目录中。 可以使用列表资源方法获取 role、 resource和 scope 。
POST https://graph.microsoft.com/v1.0/identityGovernance/entitlementManagement/accessPackages/cdd5f06b-752a-4c9f-97a6-82f4eda6c76d/resourceRoleScopes
Content-type: application/json
{
"role": {
"id": "cde82ecb-e461-496b-98fb-4f807c7ca640",
"displayName": "Standard User",
"description": "Standard User",
"originSystem": "AadApplication",
"originId": "a29a7690-b3c4-4ed5-96c6-f640cde06fb8",
"resource": {
"id": "5f80c0c7-a180-4521-b585-18200048a0d8",
"originId": "e81d7f57-0840-45e1-894b-f505c1bdcc1f",
"originSystem": "AadApplication"
}
},
"scope": {
"id": "dbeb8772-9907-4e95-a28e-a8d70dbcda69",
"originId": "e81d7f57-0840-45e1-894b-f505c1bdcc1f",
"originSystem": "AadApplication",
"isRootScope": true
}
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Models;
var requestBody = new AccessPackageResourceRoleScope
{
Role = new AccessPackageResourceRole
{
Id = "cde82ecb-e461-496b-98fb-4f807c7ca640",
DisplayName = "Standard User",
Description = "Standard User",
OriginSystem = "AadApplication",
OriginId = "a29a7690-b3c4-4ed5-96c6-f640cde06fb8",
Resource = new AccessPackageResource
{
Id = "5f80c0c7-a180-4521-b585-18200048a0d8",
OriginId = "e81d7f57-0840-45e1-894b-f505c1bdcc1f",
OriginSystem = "AadApplication",
},
},
Scope = new AccessPackageResourceScope
{
Id = "dbeb8772-9907-4e95-a28e-a8d70dbcda69",
OriginId = "e81d7f57-0840-45e1-894b-f505c1bdcc1f",
OriginSystem = "AadApplication",
IsRootScope = true,
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.EntitlementManagement.AccessPackages["{accessPackage-id}"].ResourceRoleScopes.PostAsync(requestBody);
有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息,请参阅 SDK 文档。
// Code snippets are only available for the latest major version. Current major version is $v1.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewAccessPackageResourceRoleScope()
role := graphmodels.NewAccessPackageResourceRole()
id := "cde82ecb-e461-496b-98fb-4f807c7ca640"
role.SetId(&id)
displayName := "Standard User"
role.SetDisplayName(&displayName)
description := "Standard User"
role.SetDescription(&description)
originSystem := "AadApplication"
role.SetOriginSystem(&originSystem)
originId := "a29a7690-b3c4-4ed5-96c6-f640cde06fb8"
role.SetOriginId(&originId)
resource := graphmodels.NewAccessPackageResource()
id := "5f80c0c7-a180-4521-b585-18200048a0d8"
resource.SetId(&id)
originId := "e81d7f57-0840-45e1-894b-f505c1bdcc1f"
resource.SetOriginId(&originId)
originSystem := "AadApplication"
resource.SetOriginSystem(&originSystem)
role.SetResource(resource)
requestBody.SetRole(role)
scope := graphmodels.NewAccessPackageResourceScope()
id := "dbeb8772-9907-4e95-a28e-a8d70dbcda69"
scope.SetId(&id)
originId := "e81d7f57-0840-45e1-894b-f505c1bdcc1f"
scope.SetOriginId(&originId)
originSystem := "AadApplication"
scope.SetOriginSystem(&originSystem)
isRootScope := true
scope.SetIsRootScope(&isRootScope)
requestBody.SetScope(scope)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
resourceRoleScopes, err := graphClient.IdentityGovernance().EntitlementManagement().AccessPackages().ByAccessPackageId("accessPackage-id").ResourceRoleScopes().Post(context.Background(), requestBody, nil)
有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息,请参阅 SDK 文档。
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
AccessPackageResourceRoleScope accessPackageResourceRoleScope = new AccessPackageResourceRoleScope();
AccessPackageResourceRole role = new AccessPackageResourceRole();
role.setId("cde82ecb-e461-496b-98fb-4f807c7ca640");
role.setDisplayName("Standard User");
role.setDescription("Standard User");
role.setOriginSystem("AadApplication");
role.setOriginId("a29a7690-b3c4-4ed5-96c6-f640cde06fb8");
AccessPackageResource resource = new AccessPackageResource();
resource.setId("5f80c0c7-a180-4521-b585-18200048a0d8");
resource.setOriginId("e81d7f57-0840-45e1-894b-f505c1bdcc1f");
resource.setOriginSystem("AadApplication");
role.setResource(resource);
accessPackageResourceRoleScope.setRole(role);
AccessPackageResourceScope scope = new AccessPackageResourceScope();
scope.setId("dbeb8772-9907-4e95-a28e-a8d70dbcda69");
scope.setOriginId("e81d7f57-0840-45e1-894b-f505c1bdcc1f");
scope.setOriginSystem("AadApplication");
scope.setIsRootScope(true);
accessPackageResourceRoleScope.setScope(scope);
AccessPackageResourceRoleScope result = graphClient.identityGovernance().entitlementManagement().accessPackages().byAccessPackageId("{accessPackage-id}").resourceRoleScopes().post(accessPackageResourceRoleScope);
有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息,请参阅 SDK 文档。
const options = {
authProvider,
};
const client = Client.init(options);
const accessPackageResourceRoleScope = {
role: {
id: 'cde82ecb-e461-496b-98fb-4f807c7ca640',
displayName: 'Standard User',
description: 'Standard User',
originSystem: 'AadApplication',
originId: 'a29a7690-b3c4-4ed5-96c6-f640cde06fb8',
resource: {
id: '5f80c0c7-a180-4521-b585-18200048a0d8',
originId: 'e81d7f57-0840-45e1-894b-f505c1bdcc1f',
originSystem: 'AadApplication'
}
},
scope: {
id: 'dbeb8772-9907-4e95-a28e-a8d70dbcda69',
originId: 'e81d7f57-0840-45e1-894b-f505c1bdcc1f',
originSystem: 'AadApplication',
isRootScope: true
}
};
await client.api('/identityGovernance/entitlementManagement/accessPackages/cdd5f06b-752a-4c9f-97a6-82f4eda6c76d/resourceRoleScopes')
.post(accessPackageResourceRoleScope);
有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息,请参阅 SDK 文档。
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\AccessPackageResourceRoleScope;
use Microsoft\Graph\Generated\Models\AccessPackageResourceRole;
use Microsoft\Graph\Generated\Models\AccessPackageResource;
use Microsoft\Graph\Generated\Models\AccessPackageResourceScope;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new AccessPackageResourceRoleScope();
$role = new AccessPackageResourceRole();
$role->setId('cde82ecb-e461-496b-98fb-4f807c7ca640');
$role->setDisplayName('Standard User');
$role->setDescription('Standard User');
$role->setOriginSystem('AadApplication');
$role->setOriginId('a29a7690-b3c4-4ed5-96c6-f640cde06fb8');
$roleResource = new AccessPackageResource();
$roleResource->setId('5f80c0c7-a180-4521-b585-18200048a0d8');
$roleResource->setOriginId('e81d7f57-0840-45e1-894b-f505c1bdcc1f');
$roleResource->setOriginSystem('AadApplication');
$role->setResource($roleResource);
$requestBody->setRole($role);
$scope = new AccessPackageResourceScope();
$scope->setId('dbeb8772-9907-4e95-a28e-a8d70dbcda69');
$scope->setOriginId('e81d7f57-0840-45e1-894b-f505c1bdcc1f');
$scope->setOriginSystem('AadApplication');
$scope->setIsRootScope(true);
$requestBody->setScope($scope);
$result = $graphServiceClient->identityGovernance()->entitlementManagement()->accessPackages()->byAccessPackageId('accessPackage-id')->resourceRoleScopes()->post($requestBody)->wait();
有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息,请参阅 SDK 文档。
Import-Module Microsoft.Graph.Identity.Governance
$params = @{
role = @{
id = "cde82ecb-e461-496b-98fb-4f807c7ca640"
displayName = "Standard User"
description = "Standard User"
originSystem = "AadApplication"
originId = "a29a7690-b3c4-4ed5-96c6-f640cde06fb8"
resource = @{
id = "5f80c0c7-a180-4521-b585-18200048a0d8"
originId = "e81d7f57-0840-45e1-894b-f505c1bdcc1f"
originSystem = "AadApplication"
}
}
scope = @{
id = "dbeb8772-9907-4e95-a28e-a8d70dbcda69"
originId = "e81d7f57-0840-45e1-894b-f505c1bdcc1f"
originSystem = "AadApplication"
isRootScope = $true
}
}
New-MgEntitlementManagementAccessPackageResourceRoleScope -AccessPackageId $accessPackageId -BodyParameter $params
有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息,请参阅 SDK 文档。
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.models.access_package_resource_role_scope import AccessPackageResourceRoleScope
from msgraph.generated.models.access_package_resource_role import AccessPackageResourceRole
from msgraph.generated.models.access_package_resource import AccessPackageResource
from msgraph.generated.models.access_package_resource_scope import AccessPackageResourceScope
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = AccessPackageResourceRoleScope(
role = AccessPackageResourceRole(
id = "cde82ecb-e461-496b-98fb-4f807c7ca640",
display_name = "Standard User",
description = "Standard User",
origin_system = "AadApplication",
origin_id = "a29a7690-b3c4-4ed5-96c6-f640cde06fb8",
resource = AccessPackageResource(
id = "5f80c0c7-a180-4521-b585-18200048a0d8",
origin_id = "e81d7f57-0840-45e1-894b-f505c1bdcc1f",
origin_system = "AadApplication",
),
),
scope = AccessPackageResourceScope(
id = "dbeb8772-9907-4e95-a28e-a8d70dbcda69",
origin_id = "e81d7f57-0840-45e1-894b-f505c1bdcc1f",
origin_system = "AadApplication",
is_root_scope = True,
),
)
result = await graph_client.identity_governance.entitlement_management.access_packages.by_access_package_id('accessPackage-id').resource_role_scopes.post(request_body)
有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息,请参阅 SDK 文档。
响应
以下示例显示了相应的响应。
注意:为了提高可读性,可能缩短了此处显示的响应对象。
HTTP/1.1 201 Created
Content-type: application/json
{
"id": "cde82ecb-e461-496b-98fb-4f807c7ca640_dbeb8772-9907-4e95-a28e-a8d70dbcda69",
"createdDateTime": "2023-06-28T01:19:48.4216782Z"
}
示例 3:向访问包添加组成员身份
请求
以下示例显示了一个请求,该请求将组的成员身份添加到访问包的资源角色列表。 组的访问包资源必须已添加到包含此访问包的访问包目录中。 可以使用目录方法的资源列表获取 resource 和 scope 。 可以在目录方法中获取 role 包含 资源角色列表的 。
role如果从角色列表返回的 ID 为零,则不要在 accessPackageResourceRole中包含 id 。
POST https://graph.microsoft.com/v1.0/identityGovernance/entitlementManagement/accessPackages/cdd5f06b-752a-4c9f-97a6-82f4eda6c76d/resourceRoleScopes
Content-type: application/json
{
"role": {
"displayName": "Member",
"originSystem": "AadGroup",
"originId": "Member_0282e19d-bf41-435d-92a4-99bab93af305",
"resource": {
"id": "b16e0e71-17b4-4ebd-a3cd-8a468542e418",
"displayName": "example group",
"description": "a group whose members are to be assigned via an access package",
"originId": "0282e19d-bf41-435d-92a4-99bab93af305",
"originSystem": "AadGroup"
}
},
"scope": {
"id": "83b3e3e9-c8b3-481b-ad80-53e29d1eda9c",
"displayName": "Root",
"description": "Root Scope",
"originId": "0282e19d-bf41-435d-92a4-99bab93af305",
"originSystem": "AadGroup",
"isRootScope": true
}
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Models;
var requestBody = new AccessPackageResourceRoleScope
{
Role = new AccessPackageResourceRole
{
DisplayName = "Member",
OriginSystem = "AadGroup",
OriginId = "Member_0282e19d-bf41-435d-92a4-99bab93af305",
Resource = new AccessPackageResource
{
Id = "b16e0e71-17b4-4ebd-a3cd-8a468542e418",
DisplayName = "example group",
Description = "a group whose members are to be assigned via an access package",
OriginId = "0282e19d-bf41-435d-92a4-99bab93af305",
OriginSystem = "AadGroup",
},
},
Scope = new AccessPackageResourceScope
{
Id = "83b3e3e9-c8b3-481b-ad80-53e29d1eda9c",
DisplayName = "Root",
Description = "Root Scope",
OriginId = "0282e19d-bf41-435d-92a4-99bab93af305",
OriginSystem = "AadGroup",
IsRootScope = true,
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.EntitlementManagement.AccessPackages["{accessPackage-id}"].ResourceRoleScopes.PostAsync(requestBody);
有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息,请参阅 SDK 文档。
// Code snippets are only available for the latest major version. Current major version is $v1.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewAccessPackageResourceRoleScope()
role := graphmodels.NewAccessPackageResourceRole()
displayName := "Member"
role.SetDisplayName(&displayName)
originSystem := "AadGroup"
role.SetOriginSystem(&originSystem)
originId := "Member_0282e19d-bf41-435d-92a4-99bab93af305"
role.SetOriginId(&originId)
resource := graphmodels.NewAccessPackageResource()
id := "b16e0e71-17b4-4ebd-a3cd-8a468542e418"
resource.SetId(&id)
displayName := "example group"
resource.SetDisplayName(&displayName)
description := "a group whose members are to be assigned via an access package"
resource.SetDescription(&description)
originId := "0282e19d-bf41-435d-92a4-99bab93af305"
resource.SetOriginId(&originId)
originSystem := "AadGroup"
resource.SetOriginSystem(&originSystem)
role.SetResource(resource)
requestBody.SetRole(role)
scope := graphmodels.NewAccessPackageResourceScope()
id := "83b3e3e9-c8b3-481b-ad80-53e29d1eda9c"
scope.SetId(&id)
displayName := "Root"
scope.SetDisplayName(&displayName)
description := "Root Scope"
scope.SetDescription(&description)
originId := "0282e19d-bf41-435d-92a4-99bab93af305"
scope.SetOriginId(&originId)
originSystem := "AadGroup"
scope.SetOriginSystem(&originSystem)
isRootScope := true
scope.SetIsRootScope(&isRootScope)
requestBody.SetScope(scope)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
resourceRoleScopes, err := graphClient.IdentityGovernance().EntitlementManagement().AccessPackages().ByAccessPackageId("accessPackage-id").ResourceRoleScopes().Post(context.Background(), requestBody, nil)
有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息,请参阅 SDK 文档。
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
AccessPackageResourceRoleScope accessPackageResourceRoleScope = new AccessPackageResourceRoleScope();
AccessPackageResourceRole role = new AccessPackageResourceRole();
role.setDisplayName("Member");
role.setOriginSystem("AadGroup");
role.setOriginId("Member_0282e19d-bf41-435d-92a4-99bab93af305");
AccessPackageResource resource = new AccessPackageResource();
resource.setId("b16e0e71-17b4-4ebd-a3cd-8a468542e418");
resource.setDisplayName("example group");
resource.setDescription("a group whose members are to be assigned via an access package");
resource.setOriginId("0282e19d-bf41-435d-92a4-99bab93af305");
resource.setOriginSystem("AadGroup");
role.setResource(resource);
accessPackageResourceRoleScope.setRole(role);
AccessPackageResourceScope scope = new AccessPackageResourceScope();
scope.setId("83b3e3e9-c8b3-481b-ad80-53e29d1eda9c");
scope.setDisplayName("Root");
scope.setDescription("Root Scope");
scope.setOriginId("0282e19d-bf41-435d-92a4-99bab93af305");
scope.setOriginSystem("AadGroup");
scope.setIsRootScope(true);
accessPackageResourceRoleScope.setScope(scope);
AccessPackageResourceRoleScope result = graphClient.identityGovernance().entitlementManagement().accessPackages().byAccessPackageId("{accessPackage-id}").resourceRoleScopes().post(accessPackageResourceRoleScope);
有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息,请参阅 SDK 文档。
const options = {
authProvider,
};
const client = Client.init(options);
const accessPackageResourceRoleScope = {
role: {
displayName: 'Member',
originSystem: 'AadGroup',
originId: 'Member_0282e19d-bf41-435d-92a4-99bab93af305',
resource: {
id: 'b16e0e71-17b4-4ebd-a3cd-8a468542e418',
displayName: 'example group',
description: 'a group whose members are to be assigned via an access package',
originId: '0282e19d-bf41-435d-92a4-99bab93af305',
originSystem: 'AadGroup'
}
},
scope: {
id: '83b3e3e9-c8b3-481b-ad80-53e29d1eda9c',
displayName: 'Root',
description: 'Root Scope',
originId: '0282e19d-bf41-435d-92a4-99bab93af305',
originSystem: 'AadGroup',
isRootScope: true
}
};
await client.api('/identityGovernance/entitlementManagement/accessPackages/cdd5f06b-752a-4c9f-97a6-82f4eda6c76d/resourceRoleScopes')
.post(accessPackageResourceRoleScope);
有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息,请参阅 SDK 文档。
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\AccessPackageResourceRoleScope;
use Microsoft\Graph\Generated\Models\AccessPackageResourceRole;
use Microsoft\Graph\Generated\Models\AccessPackageResource;
use Microsoft\Graph\Generated\Models\AccessPackageResourceScope;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new AccessPackageResourceRoleScope();
$role = new AccessPackageResourceRole();
$role->setDisplayName('Member');
$role->setOriginSystem('AadGroup');
$role->setOriginId('Member_0282e19d-bf41-435d-92a4-99bab93af305');
$roleResource = new AccessPackageResource();
$roleResource->setId('b16e0e71-17b4-4ebd-a3cd-8a468542e418');
$roleResource->setDisplayName('example group');
$roleResource->setDescription('a group whose members are to be assigned via an access package');
$roleResource->setOriginId('0282e19d-bf41-435d-92a4-99bab93af305');
$roleResource->setOriginSystem('AadGroup');
$role->setResource($roleResource);
$requestBody->setRole($role);
$scope = new AccessPackageResourceScope();
$scope->setId('83b3e3e9-c8b3-481b-ad80-53e29d1eda9c');
$scope->setDisplayName('Root');
$scope->setDescription('Root Scope');
$scope->setOriginId('0282e19d-bf41-435d-92a4-99bab93af305');
$scope->setOriginSystem('AadGroup');
$scope->setIsRootScope(true);
$requestBody->setScope($scope);
$result = $graphServiceClient->identityGovernance()->entitlementManagement()->accessPackages()->byAccessPackageId('accessPackage-id')->resourceRoleScopes()->post($requestBody)->wait();
有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息,请参阅 SDK 文档。
Import-Module Microsoft.Graph.Identity.Governance
$params = @{
role = @{
displayName = "Member"
originSystem = "AadGroup"
originId = "Member_0282e19d-bf41-435d-92a4-99bab93af305"
resource = @{
id = "b16e0e71-17b4-4ebd-a3cd-8a468542e418"
displayName = "example group"
description = "a group whose members are to be assigned via an access package"
originId = "0282e19d-bf41-435d-92a4-99bab93af305"
originSystem = "AadGroup"
}
}
scope = @{
id = "83b3e3e9-c8b3-481b-ad80-53e29d1eda9c"
displayName = "Root"
description = "Root Scope"
originId = "0282e19d-bf41-435d-92a4-99bab93af305"
originSystem = "AadGroup"
isRootScope = $true
}
}
New-MgEntitlementManagementAccessPackageResourceRoleScope -AccessPackageId $accessPackageId -BodyParameter $params
有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息,请参阅 SDK 文档。
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.models.access_package_resource_role_scope import AccessPackageResourceRoleScope
from msgraph.generated.models.access_package_resource_role import AccessPackageResourceRole
from msgraph.generated.models.access_package_resource import AccessPackageResource
from msgraph.generated.models.access_package_resource_scope import AccessPackageResourceScope
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = AccessPackageResourceRoleScope(
role = AccessPackageResourceRole(
display_name = "Member",
origin_system = "AadGroup",
origin_id = "Member_0282e19d-bf41-435d-92a4-99bab93af305",
resource = AccessPackageResource(
id = "b16e0e71-17b4-4ebd-a3cd-8a468542e418",
display_name = "example group",
description = "a group whose members are to be assigned via an access package",
origin_id = "0282e19d-bf41-435d-92a4-99bab93af305",
origin_system = "AadGroup",
),
),
scope = AccessPackageResourceScope(
id = "83b3e3e9-c8b3-481b-ad80-53e29d1eda9c",
display_name = "Root",
description = "Root Scope",
origin_id = "0282e19d-bf41-435d-92a4-99bab93af305",
origin_system = "AadGroup",
is_root_scope = True,
),
)
result = await graph_client.identity_governance.entitlement_management.access_packages.by_access_package_id('accessPackage-id').resource_role_scopes.post(request_body)
有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息,请参阅 SDK 文档。
响应
以下示例显示了相应的响应。
注意:为了提高可读性,可能缩短了此处显示的响应对象。
HTTP/1.1 201 Created
Content-type: application/json
{
"id": "748f8431-c7c6-404d-8564-df67aa8cfc5e_83b3e3e9-c8b3-481b-ad80-53e29d1eda9c",
"createdDateTime": "2023-06-28T01:19:48.4216782Z"
}