Microsoft graph api 使用Graph API添加授权管理访问包目录所有者
我正在与Microsoft.Graph.Beta 4.0.1-preview和Beta API端点合作,以批量提供授权管理访问包目录。一个似乎没有记录的领域是如何分配像目录所有者这样的角色。我已经能够获得现有的角色分配:Microsoft graph api 使用Graph API添加授权管理访问包目录所有者,microsoft-graph-api,Microsoft Graph Api,我正在与Microsoft.Graph.Beta 4.0.1-preview和Beta API端点合作,以批量提供授权管理访问包目录。一个似乎没有记录的领域是如何分配像目录所有者这样的角色。我已经能够获得现有的角色分配: var assignments = await graphClient.RoleManagement.EntitlementManagement.RoleAssignments .Request() .Filter($"roleDefinitionId
var assignments = await graphClient.RoleManagement.EntitlementManagement.RoleAssignments
.Request()
.Filter($"roleDefinitionId eq '{roleDefinitionId}' and principalId eq '{principalId}'")
.GetAsync();
尝试创建新角色分配时,我遇到InvalidModel错误:
var assignment = new UnifiedRoleAssignment
{
RoleDefinitionId = role.Id,
PrincipalId = catalogRole.PrincipalId.ToString(),
AppScopeId = $"/AccessPackageCatalog/{catalogId}"
};
await graphClient.RoleManagement.EntitlementManagement.RoleAssignments
.Request()
.AddAsync(assignment);
{
"roleDefinitionId": "e2182095-804a-4656-ae11-64734e9b7ae5",
"principalId": "c251d039-15aa-4104-8d5b-f91d95da61d9",
"appScopeId": "/AccessPackageCatalog/603b69ff-283e-4fa3-a7aa-99d51aa4040d"
}
上面的代码非常接近,但遗憾的是API返回了InvalidModel错误
我确信我拥有正确的RoleDefinitionId和PrincipalId,并且我从现有角色分配中复制了AppScopeId格式:
var assignment = new UnifiedRoleAssignment
{
RoleDefinitionId = role.Id,
PrincipalId = catalogRole.PrincipalId.ToString(),
AppScopeId = $"/AccessPackageCatalog/{catalogId}"
};
await graphClient.RoleManagement.EntitlementManagement.RoleAssignments
.Request()
.AddAsync(assignment);
{
"roleDefinitionId": "e2182095-804a-4656-ae11-64734e9b7ae5",
"principalId": "c251d039-15aa-4104-8d5b-f91d95da61d9",
"appScopeId": "/AccessPackageCatalog/603b69ff-283e-4fa3-a7aa-99d51aa4040d"
}
我有点相信我试图在API中的错误位置添加新角色分配
我为其他需要这样做的人找到了一个解决办法:
如果我序列化一个Beta.unifiedreleasignment并向图发送一个POST,我也会得到一个InvalidModel错误。所有未初始化的属性都包含在JSON中。不确定Beta Graph SDK是否是这样运行的,如果我手动序列化UnifiedReleasignment,就会发生这种情况:
{
"appScopeId": "/AccessPackageCatalog/603b69ff-283e-4fa3-a7aa-99d51aa4040d",
"condition": null,
"directoryScopeId": null,
"principalId": "d8f2b33d-fca2-43c9-991c-a45ae674532f",
"resourceScope": null,
"roleDefinitionId": "e2182095-804a-4656-ae11-64734e9b7ae5",
"appScope": null,
"directoryScope": null,
"principal": null,
"roleDefinition": null,
"id": null,
"oDataType": "microsoft.graph.unifiedRoleAssignment",
"additionalData": null
}
如果我序列化一个仅包含我正在设置的属性的变通对象,我就能够创建角色分配:
var assignment = new UnifiedRoleAssignment
{
RoleDefinitionId = role.Id,
PrincipalId = catalogRole.PrincipalId.ToString(),
AppScopeId = $"/AccessPackageCatalog/{catalogId}"
};
await graphClient.RoleManagement.EntitlementManagement.RoleAssignments
.Request()
.AddAsync(assignment);
{
"roleDefinitionId": "e2182095-804a-4656-ae11-64734e9b7ae5",
"principalId": "c251d039-15aa-4104-8d5b-f91d95da61d9",
"appScopeId": "/AccessPackageCatalog/603b69ff-283e-4fa3-a7aa-99d51aa4040d"
}
这是C#:
他们建议试用beta.NET SDK的v0.43.0预览版,该版本比v4.0.1预览版更新约2周。没有改变。我通过添加一个新的目录所有者来确认这不是Graph API本身的错误。