通过图表获取用户的角色和组 - Azure AD

Question

我正在尝试使用 API 获取已分配给 Azure AD 中用户的角色和组的名称。需要哪些API权限？

我需要一个 API 来获取角色和组。另外，还有其他方法可以访问 Azure AD 中的角色和组吗？

Answer 1

注意： 要获取已分配给用户的角色和组，用户或应用程序必须具有

Directory.Read.All

委派 API 权限或应用程序 API 权限。

并利用以下查询来获取角色和组:

https://graph.microsoft.com/v1.0/users/UserObjID/memberOf

enter image description here

输出：

"value": [
{
"@odata.type": "#microsoft.graph.directoryRole",
"id": "xxx1",
"deletedDateTime": null,
"description": "Can manage all aspects of Azure AD and Microsoft services that use Azure AD identities.",
"displayName": "Global Administrator",
"roleTemplateId": "xxx"
},
{
"@odata.type": "#microsoft.graph.group",
"id": "xxxx",
"deletedDateTime": null,
"classification": null,
"createdDateTime": "2023-06-06T05:15:55Z",
"creationOptions": [
"YammerProvisioning"
],
"description": "Demo",
"displayName": "Demo",
"expirationDateTime": null,
"groupTypes": [
"Unified"
],
"isAssignableToRole": null,
"mail": "[email protected]",
"mailEnabled": true,
"mailNickname": "demo",
"membershipRule": null,
"membershipRuleProcessingState": null,
"onPremisesDomainName": null,
"onPremisesLastSyncDateTime": null,
"onPremisesNetBiosName": null,
"onPremisesSamAccountName": null,
"onPremisesSecurityIdentifier": null,
"onPremisesSyncEnabled": null,
"preferredDataLocation": null,
"preferredLanguage": null,
"proxyAddresses": [
"SPO:xxx",
"xxx.onmicrosoft.com"
],
"renewedDateTime": "2023-06-06T05:15:55Z",
"resourceBehaviorOptions": [
"CalendarMemberReadOnly"
],
"resourceProvisioningOptions": [],
"securityEnabled": false,
"securityIdentifier": "xxx",
"theme": null,
"visibility": "Public",
"onPremisesProvisioningErrors": [],
"serviceProvisioningErrors": []

}

参考：

列出用户的直接成员资格 - Microsoft Graph v1.0 |微软

通过图表获取用户的角色和组 - Azure AD

问题描述投票：0回答：1

1个回答

最新问题

通过图表获取用户的角色和组 - Azure AD

问题描述 投票：0回答：1

1个回答

最新问题

问题描述投票：0回答：1