更新 delegatedAdminRelationship
本文内容
命名空间:microsoft.graph
重要
Microsoft Graph /beta 版本下的 API 可能会发生更改。 不支持在生产应用程序中使用这些 API。 若要确定 API 是否在 v1.0 中可用,请使用 版本 选择器。
更新 delegatedAdminRelationship 对象的属性。
以下限制适用:
当 状态属性 为 created时,可以更新此关系。
当状态 为 created 或 active时,可以更新 autoExtendDuration 属性。
仅当状态 属性为 active时,才能删除Microsoft Entra全局管理员角色,这表示长时间运行的操作。
此 API 可用于以下国家级云部署 。
全局服务
美国政府 L4
美国政府 L5 (DOD)
由世纪互联运营的中国
✅
❌
❌
❌
权限
为此 API 选择标记为最低特权的权限。
只有在应用需要它时 ,才使用更高的特权权限。 有关委派权限和应用程序权限的详细信息,请参阅权限类型 。 要了解有关这些权限的详细信息,请参阅 权限参考 。
权限类型
最低特权权限
更高特权权限
委派(工作或学校帐户)
DelegatedAdminRelationship.ReadWrite.All
不可用。
委派(个人 Microsoft 帐户)
不支持。
不支持。
应用程序
DelegatedAdminRelationship.ReadWrite.All
不可用。
重要
若要使用应用程序权限调用此 API,必须在合作伙伴租户中预配由 appId 2832473f-ec63-45fb-976f-5d45a7d4bb91 标识并命名为 合作伙伴客户委托管理 的服务主体。 若要在合作伙伴租户中预配服务主体,请调用 创建 servicePrincipal API。
HTTP 请求
PATCH /tenantRelationships/delegatedAdminRelationships/{delegatedAdminRelationshipId}
名称
说明
Authorization
持有者 {token}。 必填。 详细了解 身份验证和授权 。
If-Match
If-match: {etag}。 要更新的 delegatedAdminRelationship 的最后一个已知 ETag 值。 从 LIST 或 GET 操作中检索 ETag 值。 必填。
Content-Type
application/json. 必需。
请求正文
在请求正文中, 仅 提供要更新的属性的值。 请求正文中未包含的现有属性会保留其以前的值,或者根据对其他属性值的更改重新计算。
下表指定可更新的属性。
属性
类型
说明
accessDetails
delegatedAdminAccessDetails
合作伙伴在客户租户中请求或有权访问的管理角色的标识符。
autoExtendDuration
持续时间
关系有效期自动延长的持续时间,以 ISO 8601 格式表示。 支持的值为: P0D、 PT0S、 P180D。 默认值为 PT0S。
PT0S 指示关系在达到 endDateTime 时过期,并且不会自动扩展。
客户
delegatedAdminRelationshipCustomerParticipant
关系的客户的显示名称和唯一标识符。
displayName
String
为便于识别而使用的关系的显示名称。 在合作伙伴 的所有 委派管理员关系中必须是唯一的。 最大长度为 50 个字符。
duration
持续时间
ISO 8601 格式的关系持续时间。 必须是 和 P2Y (含)之间的P1D值。
响应
如果成功,此方法将 200 OK 返回 或 202 Accepted 响应代码。 当响应为 时,响应200 OK正文包含 delegatedAdminRelationship 对象。
名称
说明
Content-Type
application/json.
位置
长时间运行的操作的位置。
Retry-After
之后,可以对位置 URL 进行后续 API 调用,以检查长时间运行的操作的状态。
如果从关系中删除Microsoft Entra全局管理员角色,而其状态 属性为 ,active则此方法将返回202 Accepted响应。 响应包含位置标头中的 URL,可用于监视操作进度。
如果未提供与请求正文 属性数组中unifiedRolesaccessDetails Microsoft Entra全局管理员角色对应的模板 ID,则 API 将返回200 OK响应正文中的原始 delegatedAdminRelationship 对象。
示例
请求
下面为请求示例。
PATCH https://graph.microsoft.com/beta/tenantRelationships/delegatedAdminRelationships/5d027261-d21f-4aa9-b7db-7fa1f56fb163-8777b240-c6f0-4469-9e98-a3205431b836
If-Match: W/"JyI0NzAwNjg0NS0wMDAwLTE5MDAtMDAwMC02MGY0Yjg4MzAwMDAiJw=="
Content-Type: application/json
{
"displayName": "Updated Contoso admin relationship",
"duration": "P31D",
"customer": {
"tenantId": "52eaad04-13a2-4a2f-9ce8-93a294fadf36"
},
"accessDetails": {
"unifiedRoles": [
{
"roleDefinitionId": "44367163-eba1-44c3-98af-f5787879f96a"
},
{
"roleDefinitionId": "29232cdf-9323-42fd-ade2-1d097af3e4de"
},
{
"roleDefinitionId": "69091246-20e8-4a56-aa4d-066075b2a7a8"
},
{
"roleDefinitionId": "3a2c62db-5318-420d-8d74-23affee5d9d5"
}
]
},
"autoExtendDuration": "P180D"
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models;
var requestBody = new DelegatedAdminRelationship
{
DisplayName = "Updated Contoso admin relationship",
Duration = TimeSpan.Parse("P31D"),
Customer = new DelegatedAdminRelationshipCustomerParticipant
{
TenantId = "52eaad04-13a2-4a2f-9ce8-93a294fadf36",
},
AccessDetails = new DelegatedAdminAccessDetails
{
UnifiedRoles = new List<UnifiedRole>
{
new UnifiedRole
{
RoleDefinitionId = "44367163-eba1-44c3-98af-f5787879f96a",
},
new UnifiedRole
{
RoleDefinitionId = "29232cdf-9323-42fd-ade2-1d097af3e4de",
},
new UnifiedRole
{
RoleDefinitionId = "69091246-20e8-4a56-aa4d-066075b2a7a8",
},
new UnifiedRole
{
RoleDefinitionId = "3a2c62db-5318-420d-8d74-23affee5d9d5",
},
},
},
AutoExtendDuration = TimeSpan.Parse("P180D"),
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.TenantRelationships.DelegatedAdminRelationships["{delegatedAdminRelationship-id}"].PatchAsync(requestBody, (requestConfiguration) =>
{
requestConfiguration.Headers.Add("If-Match", "W/\"JyI0NzAwNjg0NS0wMDAwLTE5MDAtMDAwMC02MGY0Yjg4MzAwMDAiJw==\"");
});
mgc-beta tenant-relationships delegated-admin-relationships patch --delegated-admin-relationship-id {delegatedAdminRelationship-id} --body '{\
"displayName": "Updated Contoso admin relationship",\
"duration": "P31D",\
"customer": {\
"tenantId": "52eaad04-13a2-4a2f-9ce8-93a294fadf36"\
},\
"accessDetails": {\
"unifiedRoles": [\
{\
"roleDefinitionId": "44367163-eba1-44c3-98af-f5787879f96a"\
},\
{\
"roleDefinitionId": "29232cdf-9323-42fd-ade2-1d097af3e4de"\
},\
{\
"roleDefinitionId": "69091246-20e8-4a56-aa4d-066075b2a7a8"\
},\
{\
"roleDefinitionId": "3a2c62db-5318-420d-8d74-23affee5d9d5"\
}\
]\
},\
"autoExtendDuration": "P180D"\
}\
'
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
abstractions "github.com/microsoft/kiota-abstractions-go"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
graphtenantrelationships "github.com/microsoftgraph/msgraph-beta-sdk-go/tenantrelationships"
//other-imports
)
headers := abstractions.NewRequestHeaders()
headers.Add("If-Match", "W/\"JyI0NzAwNjg0NS0wMDAwLTE5MDAtMDAwMC02MGY0Yjg4MzAwMDAiJw==\"")
configuration := &graphtenantrelationships.TenantRelationshipsDelegatedAdminRelationshipItemRequestBuilderPatchRequestConfiguration{
Headers: headers,
}
requestBody := graphmodels.NewDelegatedAdminRelationship()
displayName := "Updated Contoso admin relationship"
requestBody.SetDisplayName(&displayName)
duration , err := abstractions.ParseISODuration("P31D")
requestBody.SetDuration(&duration)
customer := graphmodels.NewDelegatedAdminRelationshipCustomerParticipant()
tenantId := "52eaad04-13a2-4a2f-9ce8-93a294fadf36"
customer.SetTenantId(&tenantId)
requestBody.SetCustomer(customer)
accessDetails := graphmodels.NewDelegatedAdminAccessDetails()
unifiedRole := graphmodels.NewUnifiedRole()
roleDefinitionId := "44367163-eba1-44c3-98af-f5787879f96a"
unifiedRole.SetRoleDefinitionId(&roleDefinitionId)
unifiedRole1 := graphmodels.NewUnifiedRole()
roleDefinitionId := "29232cdf-9323-42fd-ade2-1d097af3e4de"
unifiedRole1.SetRoleDefinitionId(&roleDefinitionId)
unifiedRole2 := graphmodels.NewUnifiedRole()
roleDefinitionId := "69091246-20e8-4a56-aa4d-066075b2a7a8"
unifiedRole2.SetRoleDefinitionId(&roleDefinitionId)
unifiedRole3 := graphmodels.NewUnifiedRole()
roleDefinitionId := "3a2c62db-5318-420d-8d74-23affee5d9d5"
unifiedRole3.SetRoleDefinitionId(&roleDefinitionId)
unifiedRoles := []graphmodels.UnifiedRoleable {
unifiedRole,
unifiedRole1,
unifiedRole2,
unifiedRole3,
}
accessDetails.SetUnifiedRoles(unifiedRoles)
requestBody.SetAccessDetails(accessDetails)
autoExtendDuration , err := abstractions.ParseISODuration("P180D")
requestBody.SetAutoExtendDuration(&autoExtendDuration)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
delegatedAdminRelationships, err := graphClient.TenantRelationships().DelegatedAdminRelationships().ByDelegatedAdminRelationshipId("delegatedAdminRelationship-id").Patch(context.Background(), requestBody, configuration)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
DelegatedAdminRelationship delegatedAdminRelationship = new DelegatedAdminRelationship();
delegatedAdminRelationship.setDisplayName("Updated Contoso admin relationship");
PeriodAndDuration duration = PeriodAndDuration.ofDuration(Duration.parse("P31D"));
delegatedAdminRelationship.setDuration(duration);
DelegatedAdminRelationshipCustomerParticipant customer = new DelegatedAdminRelationshipCustomerParticipant();
customer.setTenantId("52eaad04-13a2-4a2f-9ce8-93a294fadf36");
delegatedAdminRelationship.setCustomer(customer);
DelegatedAdminAccessDetails accessDetails = new DelegatedAdminAccessDetails();
LinkedList<UnifiedRole> unifiedRoles = new LinkedList<UnifiedRole>();
UnifiedRole unifiedRole = new UnifiedRole();
unifiedRole.setRoleDefinitionId("44367163-eba1-44c3-98af-f5787879f96a");
unifiedRoles.add(unifiedRole);
UnifiedRole unifiedRole1 = new UnifiedRole();
unifiedRole1.setRoleDefinitionId("29232cdf-9323-42fd-ade2-1d097af3e4de");
unifiedRoles.add(unifiedRole1);
UnifiedRole unifiedRole2 = new UnifiedRole();
unifiedRole2.setRoleDefinitionId("69091246-20e8-4a56-aa4d-066075b2a7a8");
unifiedRoles.add(unifiedRole2);
UnifiedRole unifiedRole3 = new UnifiedRole();
unifiedRole3.setRoleDefinitionId("3a2c62db-5318-420d-8d74-23affee5d9d5");
unifiedRoles.add(unifiedRole3);
accessDetails.setUnifiedRoles(unifiedRoles);
delegatedAdminRelationship.setAccessDetails(accessDetails);
PeriodAndDuration autoExtendDuration = PeriodAndDuration.ofDuration(Duration.parse("P180D"));
delegatedAdminRelationship.setAutoExtendDuration(autoExtendDuration);
DelegatedAdminRelationship result = graphClient.tenantRelationships().delegatedAdminRelationships().byDelegatedAdminRelationshipId("{delegatedAdminRelationship-id}").patch(delegatedAdminRelationship, requestConfiguration -> {
requestConfiguration.headers.add("If-Match", "W/\"JyI0NzAwNjg0NS0wMDAwLTE5MDAtMDAwMC02MGY0Yjg4MzAwMDAiJw==\"");
});
const options = {
authProvider,
};
const client = Client.init(options);
const delegatedAdminRelationship = {
displayName: 'Updated Contoso admin relationship',
duration: 'P31D',
customer: {
tenantId: '52eaad04-13a2-4a2f-9ce8-93a294fadf36'
},
accessDetails: {
unifiedRoles: [
{
roleDefinitionId: '44367163-eba1-44c3-98af-f5787879f96a'
},
{
roleDefinitionId: '29232cdf-9323-42fd-ade2-1d097af3e4de'
},
{
roleDefinitionId: '69091246-20e8-4a56-aa4d-066075b2a7a8'
},
{
roleDefinitionId: '3a2c62db-5318-420d-8d74-23affee5d9d5'
}
]
},
autoExtendDuration: 'P180D'
};
await client.api('/tenantRelationships/delegatedAdminRelationships/5d027261-d21f-4aa9-b7db-7fa1f56fb163-8777b240-c6f0-4469-9e98-a3205431b836')
.version('beta')
.update(delegatedAdminRelationship);
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\TenantRelationships\DelegatedAdminRelationships\Item\DelegatedAdminRelationshipItemRequestBuilderPatchRequestConfiguration;
use Microsoft\Graph\Beta\Generated\Models\DelegatedAdminRelationship;
use Microsoft\Graph\Beta\Generated\Models\DelegatedAdminRelationshipCustomerParticipant;
use Microsoft\Graph\Beta\Generated\Models\DelegatedAdminAccessDetails;
use Microsoft\Graph\Beta\Generated\Models\UnifiedRole;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new DelegatedAdminRelationship();
$requestBody->setDisplayName('Updated Contoso admin relationship');
$requestBody->setDuration(new \DateInterval('P31D'));
$customer = new DelegatedAdminRelationshipCustomerParticipant();
$customer->setTenantId('52eaad04-13a2-4a2f-9ce8-93a294fadf36');
$requestBody->setCustomer($customer);
$accessDetails = new DelegatedAdminAccessDetails();
$unifiedRolesUnifiedRole1 = new UnifiedRole();
$unifiedRolesUnifiedRole1->setRoleDefinitionId('44367163-eba1-44c3-98af-f5787879f96a');
$unifiedRolesArray []= $unifiedRolesUnifiedRole1;
$unifiedRolesUnifiedRole2 = new UnifiedRole();
$unifiedRolesUnifiedRole2->setRoleDefinitionId('29232cdf-9323-42fd-ade2-1d097af3e4de');
$unifiedRolesArray []= $unifiedRolesUnifiedRole2;
$unifiedRolesUnifiedRole3 = new UnifiedRole();
$unifiedRolesUnifiedRole3->setRoleDefinitionId('69091246-20e8-4a56-aa4d-066075b2a7a8');
$unifiedRolesArray []= $unifiedRolesUnifiedRole3;
$unifiedRolesUnifiedRole4 = new UnifiedRole();
$unifiedRolesUnifiedRole4->setRoleDefinitionId('3a2c62db-5318-420d-8d74-23affee5d9d5');
$unifiedRolesArray []= $unifiedRolesUnifiedRole4;
$accessDetails->setUnifiedRoles($unifiedRolesArray);
$requestBody->setAccessDetails($accessDetails);
$requestBody->setAutoExtendDuration(new \DateInterval('P180D'));
$requestConfiguration = new DelegatedAdminRelationshipItemRequestBuilderPatchRequestConfiguration();
$headers = [
'If-Match' => 'W/"JyI0NzAwNjg0NS0wMDAwLTE5MDAtMDAwMC02MGY0Yjg4MzAwMDAiJw=="',
];
$requestConfiguration->headers = $headers;
$result = $graphServiceClient->tenantRelationships()->delegatedAdminRelationships()->byDelegatedAdminRelationshipId('delegatedAdminRelationship-id')->patch($requestBody, $requestConfiguration)->wait();
Import-Module Microsoft.Graph.Beta.Identity.Partner
$params = @{
displayName = "Updated Contoso admin relationship"
duration = "P31D"
customer = @{
tenantId = "52eaad04-13a2-4a2f-9ce8-93a294fadf36"
}
accessDetails = @{
unifiedRoles = @(
@{
roleDefinitionId = "44367163-eba1-44c3-98af-f5787879f96a"
}
@{
roleDefinitionId = "29232cdf-9323-42fd-ade2-1d097af3e4de"
}
@{
roleDefinitionId = "69091246-20e8-4a56-aa4d-066075b2a7a8"
}
@{
roleDefinitionId = "3a2c62db-5318-420d-8d74-23affee5d9d5"
}
)
}
autoExtendDuration = "P180D"
}
Update-MgBetaTenantRelationshipDelegatedAdminRelationship -DelegatedAdminRelationshipId $delegatedAdminRelationshipId -BodyParameter $params
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.tenant_relationships.delegated_admin_relationships.item.delegated_admin_relationship_item_request_builder import DelegatedAdminRelationshipItemRequestBuilder
from kiota_abstractions.base_request_configuration import RequestConfiguration
from msgraph_beta.generated.models.delegated_admin_relationship import DelegatedAdminRelationship
from msgraph_beta.generated.models.delegated_admin_relationship_customer_participant import DelegatedAdminRelationshipCustomerParticipant
from msgraph_beta.generated.models.delegated_admin_access_details import DelegatedAdminAccessDetails
from msgraph_beta.generated.models.unified_role import UnifiedRole
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = DelegatedAdminRelationship(
display_name = "Updated Contoso admin relationship",
duration = "P31D",
customer = DelegatedAdminRelationshipCustomerParticipant(
tenant_id = "52eaad04-13a2-4a2f-9ce8-93a294fadf36",
),
access_details = DelegatedAdminAccessDetails(
unified_roles = [
UnifiedRole(
role_definition_id = "44367163-eba1-44c3-98af-f5787879f96a",
),
UnifiedRole(
role_definition_id = "29232cdf-9323-42fd-ade2-1d097af3e4de",
),
UnifiedRole(
role_definition_id = "69091246-20e8-4a56-aa4d-066075b2a7a8",
),
UnifiedRole(
role_definition_id = "3a2c62db-5318-420d-8d74-23affee5d9d5",
),
],
),
auto_extend_duration = "P180D",
)
request_configuration = RequestConfiguration()
request_configuration.headers.add("If-Match", "W/\"JyI0NzAwNjg0NS0wMDAwLTE5MDAtMDAwMC02MGY0Yjg4MzAwMDAiJw==\"")
result = await graph_client.tenant_relationships.delegated_admin_relationships.by_delegated_admin_relationship_id('delegatedAdminRelationship-id').patch(request_body, request_configuration = request_configuration)
响应
以下示例显示了相应的响应。
注意: 为了提高可读性,可能缩短了此处显示的响应对象。
HTTP/1.1 200 OK
Content-Type: application/json
{
"@odata.type": "#microsoft.graph.delegatedAdminRelationship",
"@odata.context": "https://graph.microsoft.com/beta/tenantRelationships/$metadata#delegatedAdminRelationships/$entity",
"@odata.etag": "W/\"JyIwMzAwZTM0ZS0wMDAwLTAyMDAtMDAwMC02MTRjZjI1YzAwMDAiJw==\"",
"id": "5d027261-d21f-4aa9-b7db-7fa1f56fb163-8777b240-c6f0-4469-9e98-a3205431b836",
"displayName": "Updated Contoso admin relationship",
"duration": "P31D",
"status": "created",
"createdDateTime": "2022-02-10T11:24:42.3148266Z",
"lastModifiedDateTime": "2022-02-10T11:26:44.9941884Z",
"customer": {
"tenantId": "52eaad04-13a2-4a2f-9ce8-93a294fadf36"
},
"accessDetails": {
"unifiedRoles": [
{
"roleDefinitionId": "44367163-eba1-44c3-98af-f5787879f96a"
},
{
"roleDefinitionId": "29232cdf-9323-42fd-ade2-1d097af3e4de"
},
{
"roleDefinitionId": "69091246-20e8-4a56-aa4d-066075b2a7a8"
},
{
"roleDefinitionId": "3a2c62db-5318-420d-8d74-23affee5d9d5"
}
]
},
"autoExtendDuration": "P180D"
}
下面是返回响应代码以及 Location 和 Retry-After 标头的示例202 Accepted响应。
HTTP/1.1 202 Accepted
Location: https://graph.microsoft.com/beta/tenantRelationships/delegatedAdminRelationships/5e5594d3-6f82-458b-b567-77db4811f0cd-00000000-0000-0000-0000-000000001234/operations/d8dbb27b-7fe7-4523-a3df-f766355fe0f2
Retry-After: 10
Content-Type: application/json
{
}