我正在尝试使用 API 获取已分配给 Azure AD 中用户的角色和组的名称。需要哪些API权限?
我需要一个 API 来获取角色和组。另外,还有其他方法可以访问 Azure AD 中的角色和组吗?
注意: 要获取已分配给用户的角色和组,用户或应用程序必须具有
Directory.Read.All
委派 API 权限或应用程序 API 权限。
并利用以下查询来获取角色和组:
https://graph.microsoft.com/v1.0/users/UserObjID/memberOf
输出:
"value": [
{
"@odata.type": "#microsoft.graph.directoryRole",
"id": "xxx1",
"deletedDateTime": null,
"description": "Can manage all aspects of Azure AD and Microsoft services that use Azure AD identities.",
"displayName": "Global Administrator",
"roleTemplateId": "xxx"
},
{
"@odata.type": "#microsoft.graph.group",
"id": "xxxx",
"deletedDateTime": null,
"classification": null,
"createdDateTime": "2023-06-06T05:15:55Z",
"creationOptions": [
"YammerProvisioning"
],
"description": "Demo",
"displayName": "Demo",
"expirationDateTime": null,
"groupTypes": [
"Unified"
],
"isAssignableToRole": null,
"mail": "[email protected]",
"mailEnabled": true,
"mailNickname": "demo",
"membershipRule": null,
"membershipRuleProcessingState": null,
"onPremisesDomainName": null,
"onPremisesLastSyncDateTime": null,
"onPremisesNetBiosName": null,
"onPremisesSamAccountName": null,
"onPremisesSecurityIdentifier": null,
"onPremisesSyncEnabled": null,
"preferredDataLocation": null,
"preferredLanguage": null,
"proxyAddresses": [
"SPO:xxx",
"xxx.onmicrosoft.com"
],
"renewedDateTime": "2023-06-06T05:15:55Z",
"resourceBehaviorOptions": [
"CalendarMemberReadOnly"
],
"resourceProvisioningOptions": [],
"securityEnabled": false,
"securityIdentifier": "xxx",
"theme": null,
"visibility": "Public",
"onPremisesProvisioningErrors": [],
"serviceProvisioningErrors": []
}
参考: