使用异步元数据读取 (AMR) API 导出权限,可以使用新的导出选项导出 SharePoint Online 元数据权限信息。 本指南将介绍如何使用此选项,以及对导出结果引入了哪些更改。
如何使用 AMR 导出权限选项
对于 CSOM 和 RESTFul 调用,请添加以下选项以启用/禁用 AMR 导出权限:
- 对于 CSOM,在生成
AsyncReadOptions对象时,将 属性设置为IncludePermissiontrue或false。- 如果无法使用
IncludePermission属性,请将 CSOM nuget 包更新到最新版本。
- 如果无法使用
- 对于 RESTFul,请将密钥添加到
IncludePermission请求 JSON 有效负载的readOptions节,并将其设置为true或false。- 例如:
{..., "readOptions":{...,"IncludePermission":true,...}...}
- 例如:
对导出结果引入了哪些更改
新 IncludePermission=true 选项将涉及导出结果中名为 <RoleAssignments>Manifest.xml 文件的其他标记,其中包括每个导出的 SPO 对象的所有可分辨权限信息,其属性 ScopeId如下所示:
<...>
<RoleAssignments>
<RoleAssignment ScopeId="08501058-995b-4fc6-b908-66da16e6bb52" ...>
<Assignment RoleId="1073741825" PrincipalId="5" />
<Assignment RoleId="1073741826" PrincipalId="6" />
...
</RoleAssignment>
</RoleAssignments>
<...>
标记 RoleAssignments 是标记列表 RoleAssignment ,每个 RoleAssignment 标记表示导出的 SPO 对象的唯一权限范围,由 ScopeId标识。 每个 RoleAssignment 标记包含多个 Assignment 标记,表示具有主体 ID 的特定唯一权限范围内的实体,例如用户、组等。
同时,所有相关实体都将在导出结果中的 UserGroup.xml 文件中列出,以帮助进一步解决用户问题。
下面是 使用 选项Manifest.xml 文件和 UserGroup.xmlIncludePermission=true 的示例:
<!-- Manifest.xml -->
<...>
<SPObject Id="e85f2a94-f760-4bb4-9460-dde1cabc2fd4" ObjectType="SPFile" ParentId="2aba6aee-eb13-4379-b374-8fddc71e7d1a" ParentWebId="7206fc09-e4af-48b3-8730-ed7321396d7a" Url="/SampleDocLib/Forms/AllItems.aspx">
<File Url="SampleDocLib/Forms/AllItems.aspx" Id="e85f2a94-f760-4bb4-9460-dde1cabc2fd4" ParentWebId="7206fc09-e4af-48b3-8730-ed7321396d7a" ParentWebUrl="/" Name="AllItems.aspx" ListId="e42a303c-995d-4237-8ce7-3545c41be140" ParentId="2aba6aee-eb13-4379-b374-8fddc71e7d1a" ScopeId="08501058-995b-4fc6-b908-66da16e6bb52" TimeCreated="2023-05-11T05:19:48" TimeLastModified="2023-05-11T05:19:48" Version="1.0" FileSize="2763" Level="1" IsGhosted="true" SetupPath="pages\viewpage.aspx" SetupPathVersion="15" SetupPathUser="12" />
</SPObject>
<...>
<RoleAssignments>
<RoleAssignment ScopeId="08501058-995b-4fc6-b908-66da16e6bb52" RoleDefWebId="7206fc09-e4af-48b3-8730-ed7321396d7a" RoleDefWebUrl="" ObjectId="e42a303c-995d-4237-8ce7-3545c41be140" ObjectType="1" ObjectUrl="SampleDocLib" AnonymousPermMask="0">
<Assignment RoleId="1073741825" PrincipalId="5" />
<Assignment RoleId="1073741825" PrincipalId="15" />
<Assignment RoleId="1073741825" PrincipalId="28" />
<Assignment RoleId="1073741826" PrincipalId="4" />
<Assignment RoleId="1073741829" PrincipalId="3" />
<Assignment RoleId="1073741830" PrincipalId="5" />
<Assignment RoleId="1073741924" PrincipalId="13" />
<Assignment RoleId="1073741925" PrincipalId="14" />
<Assignment RoleId="1073741926" PrincipalId="15" />
<Assignment RoleId="1073741927" PrincipalId="16" />
</RoleAssignment>
<RoleAssignment ScopeId="0b40dd84-46b8-435f-b497-e0fea7cecf1f" RoleDefWebId="7206fc09-e4af-48b3-8730-ed7321396d7a" RoleDefWebUrl="" ObjectId="92f3d976-e7bd-47fc-943f-2d3222e27402" ObjectType="2" ObjectUrl="SampleDocLib/33333333.txt" AnonymousPermMask="0">
<Assignment RoleId="1073741829" PrincipalId="3" />
<Assignment RoleId="1073741924" PrincipalId="13" />
<Assignment RoleId="1073741925" PrincipalId="14" />
</RoleAssignment>
<RoleAssignment ScopeId="bdc32b67-53e5-4ae4-a8a9-0dbbeaa64d51" RoleDefWebId="7206fc09-e4af-48b3-8730-ed7321396d7a" RoleDefWebUrl="" ObjectId="19c768aa-b6fc-4e20-aa35-d5d5b7716625" ObjectType="2" ObjectUrl="SampleDocLib/44444444.txt" AnonymousPermMask="0">
<Assignment RoleId="1073741825" PrincipalId="28" />
<Assignment RoleId="1073741826" PrincipalId="4" />
<Assignment RoleId="1073741826" PrincipalId="5" />
<Assignment RoleId="1073741826" PrincipalId="15" />
<Assignment RoleId="1073741826" PrincipalId="31" />
<Assignment RoleId="1073741827" PrincipalId="25" />
<Assignment RoleId="1073741829" PrincipalId="3" />
<Assignment RoleId="1073741924" PrincipalId="13" />
<Assignment RoleId="1073741925" PrincipalId="14" />
<Assignment RoleId="1073741927" PrincipalId="16" />
<Assignment RoleId="1073741928" PrincipalId="33" />
<Assignment RoleId="1073741929" PrincipalId="27" />
</RoleAssignment>
</RoleAssignments>
<...>
<!-- UserGroup.xml -->
<UserGroupMap xmlns="urn:deployment-usergroupmap-schema">
<Users>
<User Id="1" Name="0+.w|s-1-5-82-1817844472-4009360788-1366746990-4201194761-44825052" Login="c:0+.w|s-1-5-82-1817844472-4009360788-1366746990-4201194761-44825052" Email="" IsDomainGroup="false" IsSiteAdmin="false" SystemId="YzowKy53fHMtMS01LTgyLTE4MTc4NDQ0NzItNDAwOTM2MDc4OC0xMzY2NzQ2OTkwLTQyMDExOTQ3NjEtNDQ4MjUwNTI=" IsDeleted="true" Flags="0" />
<User Id="6" Name="NT Service\sptimerv4" Login="i:0#.w|nt service\sptimerv4" Email="" IsDomainGroup="false" IsSiteAdmin="false" SystemId="aTowKS53fHMtMS01LTgwLTU3NTg3NTE3Mi0xOTM3ODYyNTYzLTQzMTA4MTg1My0yOTQ2MTQyMDItNjM1MTk1NTc0" IsDeleted="true" Flags="0" />
<User Id="7" Name="37483779-f0d7-46d0-ba4f-5769451f8666" Login="c:0t.c|tenant|37483779-f0d7-46d0-ba4f-5769451f8666" Email="" IsDomainGroup="true" IsSiteAdmin="false" SystemId="YzowdC5jfHRlbmFudHwzNzQ4Mzc3OS1mMGQ3LTQ2ZDAtYmE0Zi01NzY5NDUxZjg2NjY=" IsDeleted="false" Flags="0" />
<User Id="8" Name="4da703b0-bdeb-4c8a-ba78-75dc23b4fb64" Login="c:0t.c|tenant|4da703b0-bdeb-4c8a-ba78-75dc23b4fb64" Email="" IsDomainGroup="true" IsSiteAdmin="true" SystemId="YzowdC5jfHRlbmFudHw0ZGE3MDNiMC1iZGViLTRjOGEtYmE3OC03NWRjMjNiNGZiNjQ=" IsDeleted="false" Flags="0" />
<User Id="9" Name="Everyone except external users" Login="c:0-.f|rolemanager|spo-grid-all-users/82abb045-250e-4186-ba83-b9295930f272" Email="" IsDomainGroup="true" IsSiteAdmin="false" SystemId="YzowLS5mfHJvbGVtYW5hZ2VyfHNwby1ncmlkLWFsbC11c2Vycy84MmFiYjA0NS0yNTBlLTQxODYtYmE4My1iOTI5NTkzMGYyNzI=" IsDeleted="false" Flags="0" />
<User Id="10" Name="spsearch" Login="i:0#.w|nt service\spsearch" Email="" IsDomainGroup="false" IsSiteAdmin="false" SystemId="aTowKS53fHMtMS01LTgwLTg3MzgzMjg3LTIwNTQyNTcwNDktMzYwMTg3MzA3Mi00NDAxNjMwMTgtMzI3MTAyNjQ3Mg==" IsDeleted="false" Flags="0" />
<User Id="11" Name="Everyone" Login="c:0(.s|true" Email="" IsDomainGroup="true" IsSiteAdmin="false" SystemId="YzowKC5zfHRydWU=" IsDeleted="false" Flags="0" />
<User Id="12" Name="Tenant Admin User" Login="i:0#.f|membership|admin@oidctest.ccsctp.net" Email="" IsDomainGroup="false" IsSiteAdmin="true" SystemId="aTowaC5mfG1lbWJlcnNoaXB8MTAwM2JmZmRhYjZmODEzM0BsaXZlLmNvbQ==" IsDeleted="false" Flags="0" />
<User Id="18" Name="OIDC User0" Login="i:0#.f|membership|user0@oidctest.ccsctp.net" Email="user1@prepspo.msolctp-int.com" IsDomainGroup="false" IsSiteAdmin="false" SystemId="aTowaC5mfG1lbWJlcnNoaXB8MTAwM2JmZmQ5ZDZmNTM0ZkBsaXZlLmNvbQ==" IsDeleted="false" Flags="0" />
<User Id="19" Name="VM255732\vmadministrator" Login="i:0#.w|vm255732\vmadministrator" Email="" IsDomainGroup="false" IsSiteAdmin="false" SystemId="aTowKS53fHMtMS01LTIxLTM1OTMxNDMyNzQtMTE0NDIzMzMyNC0xNTI2NDU5Mzg0LTUwMA==" IsDeleted="false" MobilePhone="" Flags="0" />
<User Id="20" Name="VM255732\vmadministrator" Login="VM255732\vmadministrator" Email="" IsDomainGroup="false" IsSiteAdmin="false" SystemId="AQUAAAAAAAUVAAAA6gMr1mydM0T46/ta9AEAAA==" IsDeleted="false" MobilePhone="" Flags="0" />
<User Id="21" Name="VM304711\vmadmin" Login="i:0#.w|VM304711\vmadmin" Email="" IsDomainGroup="false" IsSiteAdmin="false" SystemId="aTowKS53fHMtMS01LTIxLTMwNTIyODM1ODMtMjY4MjM3MTA0Mi0xNzcyNDI0NDExLTUwMA==" IsDeleted="false" MobilePhone="" Flags="0" />
<User Id="22" Name="VM304711\VMAdmin" Login="VM304711\VMAdmin" Email="" IsDomainGroup="false" IsSiteAdmin="false" SystemId="AQUAAAAAAAUVAAAAvybuteK74Z/bDKVp9AEAAA==" IsDeleted="false" MobilePhone="" Flags="0" />
<User Id="23" Name="Chengjia Xu" Login="FAREAST\chexu" Email="" IsDomainGroup="false" IsSiteAdmin="false" SystemId="Uy0xLTUtMjEtMjE0Njc3MzA4NS05MDMzNjMyODUtNzE5MzQ0NzA3LTI1NzU5Nzc=" IsDeleted="true" MobilePhone="" Flags="0" />
<User Id="24" Name="OIDC User1" Login="i:0#.f|membership|user1@oidctest.ccsctp.net" Email="user2@prepspo.msolctp-int.com" IsDomainGroup="false" IsSiteAdmin="false" SystemId="aTowaC5mfG1lbWJlcnNoaXB8MTAwMzNmZmZhYmU2Y2Y4N0BsaXZlLmNvbQ==" IsDeleted="false" Flags="0" />
<User Id="26" Name="Guest Contributor" Login="i:0#.f|membership|urn%3aspo%3aanon#9cf6d720741da817754e9ffa57029a446da569a990c8f14b7bed073562e29bc1" Email="" IsDomainGroup="false" IsSiteAdmin="false" SystemId="aTowaC5mfG1lbWJlcnNoaXB8dXJuJTNhc3BvJTNhYW5vbiM5Y2Y2ZDcyMDc0MWRhODE3NzU0ZTlmZmE1NzAyOWE0NDZkYTU2OWE5OTBjOGYxNGI3YmVkMDczNTYyZTI5YmMx" IsDeleted="false" MobilePhone="" Flags="144" />
<User Id="27" Name="c:0u.c|tenant|9cf6d720741da817754e9ffa57029a446da569a990c8f14b7bed073562e29bc1" Login="c:0u.c|tenant|9cf6d720741da817754e9ffa57029a446da569a990c8f14b7bed073562e29bc1" Email="" IsDomainGroup="true" IsSiteAdmin="false" SystemId="YzowdS5jfHRlbmFudHw5Y2Y2ZDcyMDc0MWRhODE3NzU0ZTlmZmE1NzAyOWE0NDZkYTU2OWE5OTBjOGYxNGI3YmVkMDczNTYyZTI5YmMx" IsDeleted="false" MobilePhone="" Flags="2176" />
<User Id="30" Name="OIDC User2" Login="i:0#.f|membership|user2@oidctest.ccsctp.net" Email="user3@prepspo.msolctp-int.com" IsDomainGroup="false" IsSiteAdmin="false" SystemId="aTowaC5mfG1lbWJlcnNoaXB8MTAwMzNmZmZhYmU2Y2ZhMEBsaXZlLmNvbQ==" IsDeleted="false" Flags="0" />
<User Id="32" Name="Guest Contributor" Login="i:0#.f|membership|urn%3aspo%3aanon#2900e72705fe44bf8134e1ac056d15a3b7b622733d6bc5cbe9afd245d0f7b7c5" Email="" IsDomainGroup="false" IsSiteAdmin="false" SystemId="aTowaC5mfG1lbWJlcnNoaXB8dXJuJTNhc3BvJTNhYW5vbiMyOTAwZTcyNzA1ZmU0NGJmODEzNGUxYWMwNTZkMTVhM2I3YjYyMjczM2Q2YmM1Y2JlOWFmZDI0NWQwZjdiN2M1" IsDeleted="false" MobilePhone="" Flags="144" />
<User Id="33" Name="c:0u.c|tenant|2900e72705fe44bf8134e1ac056d15a3b7b622733d6bc5cbe9afd245d0f7b7c5" Login="c:0u.c|tenant|2900e72705fe44bf8134e1ac056d15a3b7b622733d6bc5cbe9afd245d0f7b7c5" Email="" IsDomainGroup="true" IsSiteAdmin="false" SystemId="YzowdS5jfHRlbmFudHwyOTAwZTcyNzA1ZmU0NGJmODEzNGUxYWMwNTZkMTVhM2I3YjYyMjczM2Q2YmM1Y2JlOWFmZDI0NWQwZjdiN2M1" IsDeleted="false" MobilePhone="" Flags="2176" />
</Users>
<Groups>
<Group Id="3" Name="Communication site Owners" Owner="3" OwnerIsUser="false" RequestToJoinLeaveEmailSetting="">
<Member UserId="7" />
<Member UserId="1073741823" />
</Group>
<Group Id="4" Name="Communication site Visitors" Owner="3" OwnerIsUser="false" RequestToJoinLeaveEmailSetting="" />
<Group Id="5" Name="Communication site Members" Owner="3" OwnerIsUser="false" RequestToJoinLeaveEmailSetting="" AllowMembersEditMembership="true">
<Member UserId="9" />
</Group>
<Group Id="13" Name="Web Administrators (Project Web App Synchronized)" Description="Users who have Manage Microsoft SharePoint Foundation permission in Microsoft Project Web App." Owner="13" OwnerIsUser="false" OnlyAllowMembersViewMembership="true">
<Member UserId="12" />
<Member UserId="18" />
</Group>
<Group Id="14" Name="Project Managers (Project Web App Synchronized)" Description="Users who have published this project or who have Save Project permission in Microsoft Project Web App." Owner="13" OwnerIsUser="false" OnlyAllowMembersViewMembership="true" />
<Group Id="15" Name="Team Members (Project Web App Synchronized)" Description="Users who have assignments in this project in Microsoft Project Web App." Owner="13" OwnerIsUser="false" OnlyAllowMembersViewMembership="true" />
<Group Id="16" Name="Readers (Project Web App Synchronized)" Description="Users who have been added to this project in Microsoft Project Web App, but not assigned to tasks." Owner="13" OwnerIsUser="false" OnlyAllowMembersViewMembership="true" />
<Group Id="17" Name="Workflow and Project Detail Pages Administrators (Project Web App Synchronized)" Description="Users who have Manage Workflow and Project Detail Pages permission in Microsoft Project Web App." Owner="13" OwnerIsUser="false" OnlyAllowMembersViewMembership="true" />
<Group Id="25" Name="SharingLinks.19c768aa-b6fc-4e20-aa35-d5d5b7716625.AnonymousEdit.846e32c2-9f06-4102-9c3b-274dc8506796" Description="This group is for AnonymousEdit sharing links on item 'SampleDocLib/44444444.txt'" Owner="1073741823" OwnerIsUser="true" OnlyAllowMembersViewMembership="true">
<Member UserId="18" />
<Member UserId="24" />
</Group>
<Group Id="28" Name="Limited Access System Group For List e42a303c-995d-4237-8ce7-3545c41be140" Description="Limited Access System Group For List e42a303c-995d-4237-8ce7-3545c41be140" Owner="1073741823" OwnerIsUser="true" OnlyAllowMembersViewMembership="true">
<Member UserId="18" />
<Member UserId="24" />
<Member UserId="27" />
<Member UserId="30" />
<Member UserId="33" />
</Group>
<Group Id="29" Name="Limited Access System Group For Web 7206fc09-e4af-48b3-8730-ed7321396d7a" Description="Limited Access System Group For Web 7206fc09-e4af-48b3-8730-ed7321396d7a" Owner="1073741823" OwnerIsUser="true" OnlyAllowMembersViewMembership="true">
<Member UserId="18" />
<Member UserId="24" />
<Member UserId="27" />
<Member UserId="30" />
<Member UserId="33" />
</Group>
<Group Id="31" Name="SharingLinks.19c768aa-b6fc-4e20-aa35-d5d5b7716625.AnonymousView.1c02392c-d30e-47fc-a97f-86927acc370e" Description="This group is for AnonymousView sharing links on item 'SampleDocLib/44444444.txt'" Owner="1073741823" OwnerIsUser="true" OnlyAllowMembersViewMembership="true">
<Member UserId="30" />
</Group>
</Groups>
</UserGroupMap>
和 之间的 IncludeSecurity 选项交互 IncludePermission
在 IncludePermission 选项之前, IncludeSecurity 选项已用于获取目标站点的所有用户 & 组信息的完整列表。 无需将 选项与 选项一 IncludePermission 起使用 IncludeSecurity 。 但是,如果仍希望获取包含权限信息的目标网站的所有用户和组信息的完整列表,可以将 IncludePermission 选项与 IncludeSecurity 选项结合使用,下面是两个选项的 4 个组合,预期结果如下:
IncludeSecurity=trueonly:获取目标站点的所有用户 & 组信息的完整列表,而不获取权限信息。IncludePermission=trueonly:获取导出项的权限信息,并列出相应的用户 & 已导出权限的组信息。IncludeSecurity=true+IncludePermission=true:获取导出项的权限信息,以及目标站点的所有用户 & 组信息的完整列表。- 它们均未使用:获取任何权限,也未获取相关用户 & 组信息。