我正在尝试跨 PowerShell 和 Dataverse Web API 获取租户的 Dataverse 团队环境中内置的所有 pva 机器人。
我是该租户中的 Power Platform 管理员,我按照本文档声明了一个服务主体作为 Power Platform 管理员。 (https://learn.microsoft.com/en-us/power-platform/admin/powershell-create-service-principal)
#################################################################
# Now that it has been registered with Microsoft Power Platform,
# I can authenticate as the service principal itself.
#################################################################
$appId = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
$secret = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
$tenantId = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
Add-PowerAppsAccount -Endpoint prod -TenantID $tenantId -ApplicationId $appId -ClientSecret $secret -Verbose
此时,我作为管理员连接良好,因为我可以作为管理员获取租户的所有环境。
然后我需要请求 Dataverse API 以在环境中获取 pva 机器人。
#################
#### TO DO #####
#################
<#
I have to loop the list of Dataverse for teams environments and for each environment get pva bots
#>
#For the moment I set only one environment that I know there're PVA bots inside
$PowerPlatformOrg = 'XXXXXXXX'
#Dynamics 365 Organization ID
$PowerPlatformEnvironmentUrl = "https://$($PowerPlatformOrg).crm4.dynamics.com"
#The URL of the Dataverse environment you want to connect to perform CRUD Operation
$oAuthTokenEndpoint = "https://login.microsoftonline.com/$($tenantId)/oauth2/v2.0/token"
<# The “v2 OAuth” endpoint is for the App registration. You’ll want to open the app registration and click the “endpoints” button in the overview area to find it. Then, copy the “OAuth 2.0” token endpoint (v2) URL. #>
# OAuth Body Access Token Request
$authBody = @{
client_id = $appId;
client_secret = $secret;
# The v2 endpoint for OAuth uses scope instead of resource
scope = "$($PowerPlatformEnvironmentUrl)/.default"
grant_type = 'client_credentials'
}
# Parameters for OAuth Access Token Request
$authParams = @{
URI = $oAuthTokenEndpoint
Method = 'POST'
ContentType = 'application/x-www-form-urlencoded'
Body = $authBody
}
# Get Access Token
$authResponseObject = Invoke-RestMethod @authParams -ErrorAction Stop
# Output
$authResponseObject
# My request to get top 5 bots names in this environment
$getDataRequestUri = 'bots?$top=5&$select=name';
$getApiCallParams = @{
URI = "$($PowerPlatformEnvironmentUrl)/api/data/v9.2/$($getDataRequestUri)"
Headers = @{
"Authorization" = "$($authResponseObject.token_type) $($authResponseObject.access_token)"
"Accept" = "application/json"
"OData-MaxVersion" = "4.0"
"OData-Version" = "4.0"
"If-None-Match" = "null"
}
Method = 'GET'
}
# Call API to Get Response
$getApiResponseObject = Invoke-RestMethod @getApiCallParams -ErrorAction Stop
# Output
$getApiResponseObject.value
这样做我收到以下错误
Invoke-RestMethod : {"error":{"code":"0x80072560","message":"用户不是组织的成员。"}}
有人可以帮助理解为什么我会收到此错误吗? 我作为管理员的服务主体不需要成为组织的成员即可获取此数据,因为我可以作为管理员来获取此数据。