我已经在Azure中创建了一个注册的应用,并且获得了Graph API的以下API权限,如下所示:
**
Directory.ReadWrite.All
Policy.Read.All
Policy.ReadWrite.TrustFramework
User.Invite.All
User.Read
**
我的计划是将允许列表添加到Azure B2B目录,然后使用上面创建的服务原理邀请来宾用户访问我的目录。
具有上述权限,我可以阅读当前策略并将邀请发送给来宾用户。但是,我无法在B2B目录中附加允许的现有域列表。
每次我尝试更新现有策略时,都会拒绝访问,如下所示:
**
Set-AzureADPolicy -Definition $policyValue -Id $currentpolicy.Id | Out-Null**
Error
Set-AzureADPolicy : Error occurred while executing SetPolicy
Code: Authorization_RequestDenied
Message: Insufficient privileges to complete the operation.
InnerError:
RequestId: 4f161b70-f71c-4507-8b91-788457429fcc
DateTimeStamp: Wed, 08 Apr 2020 16:57:39 GMT
HttpStatusCode: Forbidden
HttpStatusDescription: Forbidden
HttpResponseStatus: Completed
At line:1 char:1
+ Set-AzureADPolicy -Definition $policyValue -Id $currentpolicy.Id | Ou ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Set-AzureADPolicy], ApiException
+ FullyQualifiedErrorId : Microsoft.Open.MSGraphBeta.Client.ApiException,Microsoft.Open.MSGraphBeta.PowerShell.SetPolicy
有人有什么想法吗?
还可以确认Graph API目前支持此操作吗?
谢谢Balaip