roleDefinitions auflisten

Namespace: microsoft.graph

Ruft eine Liste der unifiedRoleDefinition-Objekte für einen RBAC-Anbieter ab.

Die folgenden RBAC-Anbieter werden derzeit unterstützt:

• Cloud-PC
• Geräteverwaltung (Intune)
• Defender (Microsoft Defender XDR)
• Verzeichnis (Microsoft Entra ID)
• Berechtigungsverwaltung (Microsoft Entra ID)
• Exchange Online:

Diese API ist in den folgenden nationalen Cloudbereitstellungen verfügbar.

Berechtigungen

Wählen Sie abhängig vom RBAC-Anbieter und dem erforderlichen Berechtigungstyp (delegiert oder Anwendung) aus den folgenden Tabellen die Berechtigung mit den geringsten Berechtigungen aus, die zum Aufrufen dieser API erforderlich sind. Weitere Informationen, einschließlich Vorsicht vor der Auswahl von privilegierteren Berechtigungen, finden Sie unter Berechtigungen.

Für einen Cloud-PC-Anbieter

Für einen Geräteverwaltungsanbieter (Intune)

Für einen Defender-Anbieter

Für einen Verzeichnisanbieter (Microsoft Entra ID)

Für einen Berechtigungsverwaltungsanbieter

Für einen Exchange Online anbieter

HTTP-Anforderung

So listen Sie Rollendefinitionen für einen Cloud-PC-Anbieter auf:

GET /roleManagement/cloudPC/roleDefinitions

So listen Sie Rollendefinitionen für einen Geräteverwaltungsanbieter auf:

GET /roleManagement/deviceManagement/roleDefinitions

So listen Sie Rollendefinitionen für einen Defender-Anbieter auf:

GET /roleManagement/defender/roleDefinitions

So listen Sie Rollendefinitionen für einen Verzeichnisanbieter auf:

GET /roleManagement/directory/roleDefinitions

So listen Sie Rollendefinitionen für den Berechtigungsverwaltungsanbieter auf:

GET /roleManagement/entitlementManagement/roleDefinitions

So listen Sie Rollendefinitionen für den Exchange Online-Anbieter auf:

GET /roleManagement/exchange/roleDefinitions

Optionale Abfrageparameter

Diese Methode unterstützt den $filter Abfrageparameter, um die Antwort anzupassen. Allgemeine Informationen finden Sie unter OData-Abfrageparameter.

Anforderungsheader

Anforderungstext

Geben Sie keinen Anforderungstext für diese Methode an.

Antwort

Bei erfolgreicher Ausführung gibt die Methode den 200 OK Antwortcode und eine Sammlung von unifiedRoleDefinition-Objekten im Antworttext zurück.

Beispiele

Beispiel 1: Auflisten von Rollendefinitionen für einen Verzeichnisanbieter

Anforderung

Das folgende Beispiel zeigt eine Anfrage.

GET https://graph.microsoft.com/beta/roleManagement/directory/roleDefinitions

// Code snippets are only available for the latest version. Current version is 5.x

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.RoleManagement.Directory.RoleDefinitions.GetAsync();

// Code snippets are only available for the latest major version. Current major version is $v0.*

// Dependencies
import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
	  //other-imports
)


// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
roleDefinitions, err := graphClient.RoleManagement().Directory().RoleDefinitions().Get(context.Background(), nil)

// Code snippets are only available for the latest version. Current version is 6.x

GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);

UnifiedRoleDefinitionCollectionResponse result = graphClient.roleManagement().directory().roleDefinitions().get();

const options = {
	authProvider,
};

const client = Client.init(options);

let roleDefinitions = await client.api('/roleManagement/directory/roleDefinitions')
	.version('beta')
	.get();

<?php
use Microsoft\Graph\Beta\GraphServiceClient;


$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);


$result = $graphServiceClient->roleManagement()->directory()->roleDefinitions()->get()->wait();

Import-Module Microsoft.Graph.Beta.Identity.Governance

Get-MgBetaRoleManagementDirectoryRoleDefinition

# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python

result = await graph_client.role_management.directory.role_definitions.get()

Antwort

Das folgende Beispiel zeigt die Antwort.

Hinweis: Das hier gezeigte Antwortobjekt kann zur besseren Lesbarkeit gekürzt werden.

HTTP/1.1 200 OK
Content-type: application/json

{
    "@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/directory/roleDefinitions",
    "value": [
        {
            "id": "729827e3-9c14-49f7-bb1b-9608f156bbb8",
            "description": "Can reset passwords for non-administrators and Helpdesk Administrators.",
            "displayName": "Helpdesk Administrator",
            "isBuiltIn": true,
            "isEnabled": true,
            "isPrivileged": true,
            "templateId": "729827e3-9c14-49f7-bb1b-9608f156bbb8",
            "version": "1",
            "rolePermissions": [
                {
                    "allowedResourceActions": [
                        "microsoft.directory/users/invalidateAllRefreshTokens",
                        "microsoft.directory/users/bitLockerRecoveryKeys/read",
                        "microsoft.directory/users/password/update",
                        "microsoft.azure.serviceHealth/allEntities/allTasks",
                        "microsoft.azure.supportTickets/allEntities/allTasks",
                        "microsoft.office365.webPortal/allEntities/standard/read",
                        "microsoft.office365.serviceHealth/allEntities/allTasks",
                        "microsoft.office365.supportTickets/allEntities/allTasks"
                    ],
                    "condition": null
                }
            ],
            "inheritsPermissionsFrom": [
                {
                    "id": "88d8e3e3-8f55-4a1e-953a-9b9898b8876b"
                }
            ]
        },
        {
            "id": "f023fd81-a637-4b56-95fd-791ac0226033",
            "description": "Can read service health information and manage support tickets.",
            "displayName": "Service Support Administrator",
            "isBuiltIn": true,
            "isEnabled": true,
            "isPrivileged": false,
            "templateId": "f023fd81-a637-4b56-95fd-791ac0226033",
            "version": "1",
            "rolePermissions": [
                {
                    "allowedResourceActions": [
                        "microsoft.azure.serviceHealth/allEntities/allTasks",
                        "microsoft.azure.supportTickets/allEntities/allTasks",
                        "microsoft.office365.webPortal/allEntities/standard/read",
                        "microsoft.office365.serviceHealth/allEntities/allTasks",
                        "microsoft.office365.supportTickets/allEntities/allTasks"
                    ],
                    "condition": null
                }
            ],
            "inheritsPermissionsFrom": [
                {
                    "id": "88d8e3e3-8f55-4a1e-953a-9b9898b8876b"
                }
            ]
        },
        {
            "id": "b0f54661-2d74-4c50-afa3-1ec803f12efe",
            "description": "Can perform common billing related tasks like updating payment information.",
            "displayName": "Billing Administrator",
            "isBuiltIn": true,
            "isEnabled": true,
            "isPrivileged": false,
            "templateId": "b0f54661-2d74-4c50-afa3-1ec803f12efe",
            "version": "1",
            "rolePermissions": [
                {
                    "allowedResourceActions": [
                        "microsoft.directory/organization/basic/update",
                        "microsoft.azure.serviceHealth/allEntities/allTasks",
                        "microsoft.azure.supportTickets/allEntities/allTasks",
                        "microsoft.commerce.billing/allEntities/allTasks",
                        "microsoft.office365.webPortal/allEntities/standard/read",
                        "microsoft.office365.serviceHealth/allEntities/allTasks",
                        "microsoft.office365.supportTickets/allEntities/allTasks"
                    ],
                    "condition": null
                }
            ],
            "inheritsPermissionsFrom": [
                {
                    "id": "88d8e3e3-8f55-4a1e-953a-9b9898b8876b"
                }
            ]
        }
    ]
}

Beispiel 2: Auflisten von Rollendefinitionen für einen Cloud-PC-Anbieter

Anforderung

Das folgende Beispiel zeigt eine Anfrage.

GET https://graph.microsoft.com/beta/roleManagement/cloudPC/roleDefinitions

// Code snippets are only available for the latest version. Current version is 5.x

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.RoleManagement.CloudPC.RoleDefinitions.GetAsync();

// Code snippets are only available for the latest major version. Current major version is $v0.*

// Dependencies
import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
	  //other-imports
)


// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
roleDefinitions, err := graphClient.RoleManagement().CloudPC().RoleDefinitions().Get(context.Background(), nil)

// Code snippets are only available for the latest version. Current version is 6.x

GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);

UnifiedRoleDefinitionCollectionResponse result = graphClient.roleManagement().cloudPC().roleDefinitions().get();

const options = {
	authProvider,
};

const client = Client.init(options);

let roleDefinitions = await client.api('/roleManagement/cloudPC/roleDefinitions')
	.version('beta')
	.get();

<?php
use Microsoft\Graph\Beta\GraphServiceClient;


$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);


$result = $graphServiceClient->roleManagement()->cloudPC()->roleDefinitions()->get()->wait();

Import-Module Microsoft.Graph.Beta.DeviceManagement.Enrollment

Get-MgBetaRoleManagementCloudPcRoleDefinition

# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python

result = await graph_client.role_management.cloud_p_c.role_definitions.get()

Antwort

Das folgende Beispiel zeigt die Antwort.

Hinweis: Das hier gezeigte Antwortobjekt kann zur besseren Lesbarkeit gekürzt werden.

HTTP/1.1 200 OK
Content-type: application/json

{
    "@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/cloudPC/roleDefinitions",
    "value": [
        {
            "id": "b5c08161-a7af-481c-ace2-a20a69a48fb1",
            "description": "Cloud PC Administrator has read and write access to all Cloud PC features located within the Cloud PC blade.",
            "displayName": "Cloud PC Administrator",
            "isBuiltIn": true,
            "isEnabled": true,
            "resourceScopes": [
                "/"
            ],
            "templateId": "b5c08161-a7af-481c-ace2-a20a69a48fb1",
            "version": null,
            "rolePermissions": [
                {
                    "allowedResourceActions": [
                        "Microsoft.CloudPC/CloudPCs/Read",
                        "Microsoft.CloudPC/CloudPCs/Reprovision",
                        "Microsoft.CloudPC/DeviceImages/Create",
                        "Microsoft.CloudPC/DeviceImages/Delete",
                        "Microsoft.CloudPC/DeviceImages/Read",
                        "Microsoft.CloudPC/OnPremisesConnections/Create",
                        "Microsoft.CloudPC/OnPremisesConnections/Delete",
                        "Microsoft.CloudPC/OnPremisesConnections/Read",
                        "Microsoft.CloudPC/OnPremisesConnections/Update",
                        "Microsoft.CloudPC/OnPremisesConnections/RunHealthChecks",
                        "Microsoft.CloudPC/OnPremisesConnections/UpdateAdDomainPassword",
                        "Microsoft.CloudPC/ProvisioningPolicies/Assign",
                        "Microsoft.CloudPC/ProvisioningPolicies/Create",
                        "Microsoft.CloudPC/ProvisioningPolicies/Delete",
                        "Microsoft.CloudPC/ProvisioningPolicies/Read",
                        "Microsoft.CloudPC/ProvisioningPolicies/Update",
                        "Microsoft.CloudPC/RoleAssignments/Create",
                        "Microsoft.CloudPC/RoleAssignments/Update",
                        "Microsoft.CloudPC/RoleAssignments/Delete",
                        "Microsoft.CloudPC/Roles/Read"
                    ],
                    "condition": null
                }
            ]
        },
        {
            "id": "d40368cb-fbf4-4965-bbc1-f17b3a78e510",
            "description": "Cloud PC Reader has read access to all Cloud PC features located within the Cloud PC blade.",
            "displayName": "Cloud PC Reader",
            "isBuiltIn": true,
            "isEnabled": true,
            "resourceScopes": [
                "/"
            ],
            "templateId": "d40368cb-fbf4-4965-bbc1-f17b3a78e510",
            "version": null,
            "rolePermissions": [
                {
                    "allowedResourceActions": [
                        "Microsoft.CloudPC/CloudPCs/Read",
                        "Microsoft.CloudPC/DeviceImages/Read",
                        "Microsoft.CloudPC/OnPremisesConnections/Read",
                        "Microsoft.CloudPC/ProvisioningPolicies/Read",
                        "Microsoft.CloudPC/Roles/Read"
                    ],
                    "condition": null
                }
            ]
        }
    ]
}

Beispiel 3: Auflisten von Rollendefinitionen für den Berechtigungsverwaltungsanbieter

Anforderung

Das folgende Beispiel zeigt eine Anfrage.

GET https://graph.microsoft.com/beta/roleManagement/entitlementManagement/roleDefinitions

// Code snippets are only available for the latest version. Current version is 5.x

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.RoleManagement.EntitlementManagement.RoleDefinitions.GetAsync();

// Code snippets are only available for the latest major version. Current major version is $v0.*

// Dependencies
import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
	  //other-imports
)


// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
roleDefinitions, err := graphClient.RoleManagement().EntitlementManagement().RoleDefinitions().Get(context.Background(), nil)

// Code snippets are only available for the latest version. Current version is 6.x

GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);

UnifiedRoleDefinitionCollectionResponse result = graphClient.roleManagement().entitlementManagement().roleDefinitions().get();

const options = {
	authProvider,
};

const client = Client.init(options);

let roleDefinitions = await client.api('/roleManagement/entitlementManagement/roleDefinitions')
	.version('beta')
	.get();

<?php
use Microsoft\Graph\Beta\GraphServiceClient;


$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);


$result = $graphServiceClient->roleManagement()->entitlementManagement()->roleDefinitions()->get()->wait();

Import-Module Microsoft.Graph.Beta.Identity.Governance

Get-MgBetaRoleManagementEntitlementManagementRoleDefinition

# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python

result = await graph_client.role_management.entitlement_management.role_definitions.get()

Antwort

Das folgende Beispiel zeigt die Antwort.

Hinweis: Das hier gezeigte Antwortobjekt kann zur besseren Lesbarkeit gekürzt werden.

HTTP/1.1 200 OK
Content-type: application/json

{
    "@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/entitlementManagement/roleDefinitions",
    "value": [
        {
            "id": "ae79f266-94d4-4dab-b730-feca7e132178",
            "displayName": "Catalog owner",
            "description": "Catalog owner",
            "isBuiltIn": true,
            "isEnabled": true,
            "templateId": "ae79f266-94d4-4dab-b730-feca7e132178",
            "version": "1.0",
            "rolePermissions": [
                {
                    "allowedResourceActions": [
                        "microsoft.entitlementManagement/allEntities/allTasks"
                    ]
                }
            ]
        },
        {
            "id": "44272f93-9762-48e8-af59-1b5351b1d6b3",
            "displayName": "Catalog reader",
            "description": "Catalog reader",
            "isBuiltIn": true,
            "isEnabled": true,
            "templateId": "44272f93-9762-48e8-af59-1b5351b1d6b3",
            "version": "1.0",
            "rolePermissions": [
                {
                    "allowedResourceActions": [
                        "microsoft.entitlementManagement/allEntities/Read"
                    ]
                }
            ]
        }
    ]
}

Beispiel 4: Auflisten von Rollendefinitionen für den Exchange Online anbieter

Anforderung

Das folgende Beispiel zeigt eine Anfrage.

GET https://graph.microsoft.com/beta/roleManagement/exchange/roleDefinitions

// Code snippets are only available for the latest version. Current version is 5.x

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.RoleManagement.Exchange.RoleDefinitions.GetAsync();

// Code snippets are only available for the latest major version. Current major version is $v0.*

// Dependencies
import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
	  //other-imports
)


// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
roleDefinitions, err := graphClient.RoleManagement().Exchange().RoleDefinitions().Get(context.Background(), nil)

// Code snippets are only available for the latest version. Current version is 6.x

GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);

UnifiedRoleDefinitionCollectionResponse result = graphClient.roleManagement().exchange().roleDefinitions().get();

const options = {
	authProvider,
};

const client = Client.init(options);

let roleDefinitions = await client.api('/roleManagement/exchange/roleDefinitions')
	.version('beta')
	.get();

<?php
use Microsoft\Graph\Beta\GraphServiceClient;


$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);


$result = $graphServiceClient->roleManagement()->exchange()->roleDefinitions()->get()->wait();

Import-Module Microsoft.Graph.Beta.DeviceManagement.Enrollment

Get-MgBetaRoleManagementExchangeRoleDefinition

# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python

result = await graph_client.role_management.exchange.role_definitions.get()

Antwort

Das folgende Beispiel zeigt die Antwort.

Hinweis: Das hier gezeigte Antwortobjekt kann zur besseren Lesbarkeit gekürzt werden.

HTTP/1.1 200 OK
Content-type: application/json

{
    "@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/exchange/roleDefinitions",
    "value": [
        {
            "id": "7224da60-d8e2-4f45-9380-8e4fda64e133",
            "description": "This role enables administrators to manage address lists, global address lists, and offline address lists in an organization.",
            "displayName": "Address Lists",
            "isEnabled": true,
            "version": "0.12 (14.0.451.0)",
            "isBuiltIn": true,
            "templateId": null,
            "allowedPrincipalTypes": "user,group",
            "rolePermissions": [
                {
                    "allowedResourceActions": [
                        "(Microsoft.Exchange.Management.PowerShell.E2010) Get-AddressBookPolicy -ErrorAction -ErrorVariable -Identity -OutBuffer -OutVariable -WarningAction -WarningVariable"
                    ],
                    "excludedResourceActions": [],
                    "condition": null
                }
            ]
        },
        {
            "id": "435bdc29-5ab0-454e-906e-afb7d563bd98",
            "description": "This role enables applications to impersonate users in an organization in order to perform tasks on behalf of the user.",
            "displayName": "ApplicationImpersonation",
            "isEnabled": true,
            "version": "0.12 (14.0.451.0)",
            "isBuiltIn": true,
            "templateId": null,
            "allowedPrincipalTypes": "user,group",
            "rolePermissions": [
                {
                    "allowedResourceActions": [
                        "Impersonate-ExchangeUser"
                    ],
                    "excludedResourceActions": [],
                    "condition": null
                }
            ]
        }
    ]
}

Beispiel 5: Auflisten privilegierter Rollendefinitionen

Anforderung

Das folgende Beispiel zeigt eine Anfrage.

GET https://graph.microsoft.com/beta/roleManagement/directory/roleDefinitions?$filter=isPrivileged eq true

// Code snippets are only available for the latest version. Current version is 5.x

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.RoleManagement.Directory.RoleDefinitions.GetAsync((requestConfiguration) =>
{
	requestConfiguration.QueryParameters.Filter = "isPrivileged eq true";
});

// Code snippets are only available for the latest major version. Current major version is $v0.*

// Dependencies
import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
	  graphrolemanagement "github.com/microsoftgraph/msgraph-beta-sdk-go/rolemanagement"
	  //other-imports
)


requestFilter := "isPrivileged eq true"

requestParameters := &graphrolemanagement.DirectoryRoleDefinitionsRequestBuilderGetQueryParameters{
	Filter: &requestFilter,
}
configuration := &graphrolemanagement.DirectoryRoleDefinitionsRequestBuilderGetRequestConfiguration{
	QueryParameters: requestParameters,
}

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
roleDefinitions, err := graphClient.RoleManagement().Directory().RoleDefinitions().Get(context.Background(), configuration)

// Code snippets are only available for the latest version. Current version is 6.x

GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);

UnifiedRoleDefinitionCollectionResponse result = graphClient.roleManagement().directory().roleDefinitions().get(requestConfiguration -> {
	requestConfiguration.queryParameters.filter = "isPrivileged eq true";
});

const options = {
	authProvider,
};

const client = Client.init(options);

let roleDefinitions = await client.api('/roleManagement/directory/roleDefinitions')
	.version('beta')
	.filter('isPrivileged eq true')
	.get();

<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\RoleManagement\Directory\RoleDefinitions\RoleDefinitionsRequestBuilderGetRequestConfiguration;


$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);

$requestConfiguration = new RoleDefinitionsRequestBuilderGetRequestConfiguration();
$queryParameters = RoleDefinitionsRequestBuilderGetRequestConfiguration::createQueryParameters();
$queryParameters->filter = "isPrivileged eq true";
$requestConfiguration->queryParameters = $queryParameters;


$result = $graphServiceClient->roleManagement()->directory()->roleDefinitions()->get($requestConfiguration)->wait();

Import-Module Microsoft.Graph.Beta.Identity.Governance

Get-MgBetaRoleManagementDirectoryRoleDefinition -Filter "isPrivileged eq true" 

# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.role_management.directory.role_definitions.role_definitions_request_builder import RoleDefinitionsRequestBuilder
from kiota_abstractions.base_request_configuration import RequestConfiguration
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
query_params = RoleDefinitionsRequestBuilder.RoleDefinitionsRequestBuilderGetQueryParameters(
		filter = "isPrivileged eq true",
)

request_configuration = RequestConfiguration(
query_parameters = query_params,
)

result = await graph_client.role_management.directory.role_definitions.get(request_configuration = request_configuration)

Antwort

Das folgende Beispiel zeigt die Antwort.

Hinweis: Das hier gezeigte Antwortobjekt kann zur besseren Lesbarkeit gekürzt werden.

HTTP/1.1 200 OK
Content-type: application/json

{
    "@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/directory/roleDefinitions",
    "value": [
        {
            "id": "aaf43236-0c0d-4d5f-883a-6955382ac081",
            "description": "Can manage secrets for federation and encryption in the Identity Experience Framework (IEF).",
            "displayName": "B2C IEF Keyset Administrator",
            "isBuiltIn": true,
            "isEnabled": true,
            "isPrivileged": true,
            "resourceScopes": [
                "/"
            ],
            "templateId": "aaf43236-0c0d-4d5f-883a-6955382ac081",
            "version": "1",
            "rolePermissions": [
                {
                    "allowedResourceActions": [
                        "microsoft.directory/b2cTrustFrameworkKeySet/allProperties/allTasks"
                    ],
                    "condition": null
                }
            ],
            "inheritsPermissionsFrom@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/directory/roleDefinitions('aaf43236-0c0d-4d5f-883a-6955382ac081')/inheritsPermissionsFrom",
            "inheritsPermissionsFrom": [
                {
                    "id": "88d8e3e3-8f55-4a1e-953a-9b9898b8876b"
                }
            ]
        },
        {
            "id": "be2f45a1-457d-42af-a067-6ec1fa63bc45",
            "description": "Can configure identity providers for use in direct federation.",
            "displayName": "External Identity Provider Administrator",
            "isBuiltIn": true,
            "isEnabled": true,
            "isPrivileged": true,
            "resourceScopes": [
                "/"
            ],
            "templateId": "be2f45a1-457d-42af-a067-6ec1fa63bc45",
            "version": "1",
            "rolePermissions": [
                {
                    "allowedResourceActions": [
                        "microsoft.directory/domains/federation/update",
                        "microsoft.directory/identityProviders/allProperties/allTasks"
                    ],
                    "condition": null
                }
            ],
            "inheritsPermissionsFrom@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/directory/roleDefinitions('be2f45a1-457d-42af-a067-6ec1fa63bc45')/inheritsPermissionsFrom",
            "inheritsPermissionsFrom": [
                {
                    "id": "88d8e3e3-8f55-4a1e-953a-9b9898b8876b"
                }
            ]
        }
    ]
}

Beispiel 6: Auflisten von Rollendefinitionen für einen Defender-Anbieter

Anforderung

Das folgende Beispiel zeigt eine Anfrage.

GET https://graph.microsoft.com/beta/roleManagement/defender/roleDefinitions

// Code snippets are only available for the latest version. Current version is 5.x

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.RoleManagement.Defender.RoleDefinitions.GetAsync();

// Code snippets are only available for the latest major version. Current major version is $v0.*

// Dependencies
import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
	  //other-imports
)


// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
roleDefinitions, err := graphClient.RoleManagement().Defender().RoleDefinitions().Get(context.Background(), nil)

// Code snippets are only available for the latest version. Current version is 6.x

GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);

UnifiedRoleDefinitionCollectionResponse result = graphClient.roleManagement().defender().roleDefinitions().get();

const options = {
	authProvider,
};

const client = Client.init(options);

let roleDefinitions = await client.api('/roleManagement/defender/roleDefinitions')
	.version('beta')
	.get();

<?php
use Microsoft\Graph\Beta\GraphServiceClient;


$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);


$result = $graphServiceClient->roleManagement()->defender()->roleDefinitions()->get()->wait();

Snippet not available

# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python

result = await graph_client.role_management.defender.role_definitions.get()

Antwort

Das folgende Beispiel zeigt die Antwort.

Hinweis: Das hier gezeigte Antwortobjekt kann zur besseren Lesbarkeit gekürzt werden.

HTTP/1.1 200 OK
Content-type: application/json

{
    "@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/defender/roleDefinitions",
    "value": [
         {
            "id": "02cd625a-f26c-426d-8c81-931fc075205f",
            "description": "Role allows read and manage security operations, security posture and configuration",
            "displayName": "Role Definition 1",
            "rolePermissions": [
                {
                    "allowedResourceActions": [
                        "microsoft.xdr/secops/rawdata/huntingschema/read",
                        "microsoft.xdr/secops/securitydata/alerts/manage",
                        "microsoft.xdr/secops/securitydata/response/manage",
                        "microsoft.xdr/configuration/security/read",
                        "microsoft.xdr/configuration/security/manage",
                        "microsoft.xdr/secops/securitydata/liveresponse-basic/manage",
                        "microsoft.xdr/securityposture/posturemanagement/read",
                        "microsoft.xdr/securityposture/posturemanagement/exceptionhandling/manage",
                        "microsoft.xdr/securityposture/posturemanagement/remediate/manage",
                        "microsoft.xdr/securityposture/posturemanagement/applicationhandling/manage"
                    ]
                }
            ]
        },
        {
            "id": "87b93997-ee6e-45ce-b1ae-06a7104d2f65",
            "description": "Role allows security posture read only",
            "displayName": "Role Definition 2",
            "rolePermissions": [
                {
                    "allowedResourceActions": [
                        "microsoft.xdr/securityposture/read"
                    ]
                }
            ]
        }
    ]
}