Espacio de nombres: microsoft.graph
Importante
Las API de la versión /beta de Microsoft Graph están sujetas a cambios. No se admite el uso de estas API en aplicaciones de producción. Para determinar si una API está disponible en la versión 1.0, use el selector de Versión.
Recupere las propiedades y las relaciones de un objeto unifiedRoleAssignment .
Esta API está disponible en las siguientes implementaciones nacionales de nube.
| Servicio global |
Gobierno de EE. UU. L4 |
Us Government L5 (DOD) |
China operada por 21Vianet |
| ✅ |
✅ |
✅ |
✅ |
Permisos
Se requiere uno de los siguientes permisos para llamar a esta API. Para obtener más información, incluido cómo elegir permisos, vea Permisos.
Para el proveedor de directorios (Microsoft Entra ID)
| Tipo de permiso |
Permisos (de menos a más privilegiados) |
| Delegado (cuenta profesional o educativa) |
RoleManagement.Read.Directory, RoleManagement.Read.All, Directory.Read.All, RoleManagement.ReadWrite.Directory, Directory.ReadWrite.All |
| Delegado (cuenta personal de Microsoft) |
No admitida. |
| Aplicación |
RoleManagement.Read.Directory, RoleManagement.Read.All, Directory.Read.All, RoleManagement.ReadWrite.Directory, Directory.ReadWrite.All |
Importante
En escenarios delegados con cuentas profesionales o educativas, al usuario que ha iniciado sesión se le debe asignar un rol de Microsoft Entra compatible o un rol personalizado con un permiso de rol admitido. Se admiten los siguientes roles con privilegios mínimos para esta operación:
- Lectores de directorio
- Lector global
- Administrador de roles con privilegios
Para el proveedor de administración de derechos
| Tipo de permiso |
Permisos (de menos a más privilegiados) |
| Delegado (cuenta profesional o educativa) |
EntitlementManagement.Read.All, EntitlementManagement.ReadWrite.All |
| Delegado (cuenta personal de Microsoft) |
No admitida. |
| Aplicación |
No admitida. |
Para un proveedor de Exchange Online
| Tipo de permiso |
Permisos (de menos a más privilegiados) |
| Delegado (cuenta profesional o educativa) |
RoleManagement.Read.Exchange, RoleManagement.Read.All, RoleManagement.ReadWrite.Exchange |
| Delegado (cuenta personal de Microsoft) |
No admitida. |
| Aplicación |
RoleManagement.Read.Exchange, RoleManagement.Read.All, RoleManagement.ReadWrite.Exchange |
Solicitud HTTP
Obtenga una asignación de roles para un proveedor de directorios:
GET /roleManagement/directory/roleAssignments/{id}
Obtenga una asignación de roles para el proveedor de administración de derechos:
GET /roleManagement/entitlementManagement/roleAssignments/{id}
Obtenga una asignación de roles para el proveedor de Exchange Online:
GET /roleManagement/exchange/roleAssignments/{id}
Parámetros de consulta opcionales
Este método admite los parámetros de consulta th $select y $expand OData para ayudar a personalizar la respuesta. Para obtener información general, vea Parámetros de consulta OData.
Cuerpo de la solicitud
No proporcione un cuerpo de solicitud para este método.
Respuesta
Si se ejecuta correctamente, este método devuelve un 200 OK código de respuesta y el objeto unifiedRoleAssignment solicitado en el cuerpo de la respuesta.
Ejemplos
Ejemplo 1: Obtener detalles de una asignación de roles
Solicitud
En el ejemplo siguiente se muestra la solicitud.
GET https://graph.microsoft.com/beta/roleManagement/directory/roleAssignments/lAPpYvVpN0KRkAEhdxReEJC2sEqbR_9Hr48lds9SGHI-1
// Code snippets are only available for the latest version. Current version is 5.x
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.RoleManagement.Directory.RoleAssignments["{unifiedRoleAssignment-id}"].GetAsync();
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
//other-imports
)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
roleAssignments, err := graphClient.RoleManagement().Directory().RoleAssignments().ByUnifiedRoleAssignmentId("unifiedRoleAssignment-id").Get(context.Background(), nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
UnifiedRoleAssignment result = graphClient.roleManagement().directory().roleAssignments().byUnifiedRoleAssignmentId("{unifiedRoleAssignment-id}").get();
const options = {
authProvider,
};
const client = Client.init(options);
let unifiedRoleAssignment = await client.api('/roleManagement/directory/roleAssignments/lAPpYvVpN0KRkAEhdxReEJC2sEqbR_9Hr48lds9SGHI-1')
.version('beta')
.get();
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$result = $graphServiceClient->roleManagement()->directory()->roleAssignments()->byUnifiedRoleAssignmentId('unifiedRoleAssignment-id')->get()->wait();
Import-Module Microsoft.Graph.Beta.Identity.Governance
Get-MgBetaRoleManagementDirectoryRoleAssignment -UnifiedRoleAssignmentId $unifiedRoleAssignmentId
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
result = await graph_client.role_management.directory.role_assignments.by_unified_role_assignment_id('unifiedRoleAssignment-id').get()
Respuesta
En el ejemplo siguiente se muestra la respuesta.
Nota: Se puede acortar el objeto de respuesta que se muestra aquí para mejorar la legibilidad.
HTTP/1.1 200 OK
Content-type: application/json
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/directory/roleAssignments/$entity",
"id": "lAPpYvVpN0KRkAEhdxReEJC2sEqbR_9Hr48lds9SGHI-1",
"roleDefinitionId": "62e90394-69f5-4237-9190-012177145e10",
"principalId": "4ab0b690-479b-47ff-af8f-2576cf521872",
"directoryScopeId": "28ca5a85-489a-49a0-b555-0a6d81e56f0"
}
Ejemplo 2: Obtener detalles de una asignación de roles y expandir la definición de roles
Solicitud
En el ejemplo siguiente se muestra una solicitud con el parámetro de $expand consulta.
GET https://graph.microsoft.com/beta/roleManagement/directory/roleAssignments/lAPpYvVpN0KRkAEhdxReEJC2sEqbR_9Hr48lds9SGHI-1?$expand=roleDefinition
// Code snippets are only available for the latest version. Current version is 5.x
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.RoleManagement.Directory.RoleAssignments["{unifiedRoleAssignment-id}"].GetAsync((requestConfiguration) =>
{
requestConfiguration.QueryParameters.Expand = new string []{ "roleDefinition" };
});
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphrolemanagement "github.com/microsoftgraph/msgraph-beta-sdk-go/rolemanagement"
//other-imports
)
requestParameters := &graphrolemanagement.DirectoryRoleAssignmentsItemRequestBuilderGetQueryParameters{
Expand: [] string {"roleDefinition"},
}
configuration := &graphrolemanagement.DirectoryRoleAssignmentsItemRequestBuilderGetRequestConfiguration{
QueryParameters: requestParameters,
}
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
roleAssignments, err := graphClient.RoleManagement().Directory().RoleAssignments().ByUnifiedRoleAssignmentId("unifiedRoleAssignment-id").Get(context.Background(), configuration)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
UnifiedRoleAssignment result = graphClient.roleManagement().directory().roleAssignments().byUnifiedRoleAssignmentId("{unifiedRoleAssignment-id}").get(requestConfiguration -> {
requestConfiguration.queryParameters.expand = new String []{"roleDefinition"};
});
const options = {
authProvider,
};
const client = Client.init(options);
let unifiedRoleAssignment = await client.api('/roleManagement/directory/roleAssignments/lAPpYvVpN0KRkAEhdxReEJC2sEqbR_9Hr48lds9SGHI-1')
.version('beta')
.expand('roleDefinition')
.get();
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\RoleManagement\Directory\RoleAssignments\Item\UnifiedRoleAssignmentItemRequestBuilderGetRequestConfiguration;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestConfiguration = new UnifiedRoleAssignmentItemRequestBuilderGetRequestConfiguration();
$queryParameters = UnifiedRoleAssignmentItemRequestBuilderGetRequestConfiguration::createQueryParameters();
$queryParameters->expand = ["roleDefinition"];
$requestConfiguration->queryParameters = $queryParameters;
$result = $graphServiceClient->roleManagement()->directory()->roleAssignments()->byUnifiedRoleAssignmentId('unifiedRoleAssignment-id')->get($requestConfiguration)->wait();
Import-Module Microsoft.Graph.Beta.Identity.Governance
Get-MgBetaRoleManagementDirectoryRoleAssignment -UnifiedRoleAssignmentId $unifiedRoleAssignmentId -ExpandProperty "roleDefinition"
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.role_management.directory.role_assignments.item.unified_role_assignment_item_request_builder import UnifiedRoleAssignmentItemRequestBuilder
from kiota_abstractions.base_request_configuration import RequestConfiguration
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
query_params = UnifiedRoleAssignmentItemRequestBuilder.UnifiedRoleAssignmentItemRequestBuilderGetQueryParameters(
expand = ["roleDefinition"],
)
request_configuration = RequestConfiguration(
query_parameters = query_params,
)
result = await graph_client.role_management.directory.role_assignments.by_unified_role_assignment_id('unifiedRoleAssignment-id').get(request_configuration = request_configuration)
Respuesta
En el ejemplo siguiente se muestra la respuesta.
Nota: Se puede acortar el objeto de respuesta que se muestra aquí para mejorar la legibilidad.
HTTP/1.1 200 OK
Content-type: application/json
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/directory/roleAssignments/$entity",
"@odata.type": "#microsoft.graph.unifiedRoleAssignment",
"id": "lAPpYvVpN0KRkAEhdxReEJC2sEqbR_9Hr48lds9SGHI-1",
"roleDefinitionId": "c2cf284d-6c41-4e6b-afac-4b80928c9034",
"roleDefinition": {
"id": "c2cf284d-6c41-4e6b-afac-4b80928c9034",
"displayName": "Billing Administrator",
"description": "Can perform common billing related tasks like updating payment information.",
"rolePermissions": [
{
"allowedResourceActions": [
"microsoft.commerce.billing/allEntities/allTasks",
"microsoft.directory/organization/basic/update",
],
"excludedResourceActions": []
}],
"isEnabled": true,
},
"principalId": "f8ca5a85-489a-49a0-b555-0a6d81e56f0d",
"directoryScopeId": "28ca5a85-489a-49a0-b555-0a6d81e56f0d"
}
Ejemplo 3: Obtener detalles de una asignación de roles del proveedor de Exchange Online
Solicitud
En el ejemplo siguiente se muestra la solicitud.
GET https://graph.microsoft.com/beta/roleManagement/exchange/roleAssignments/6f0be5be-49f3-42e6-8086-cdcd67b6eac0
// Code snippets are only available for the latest version. Current version is 5.x
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.RoleManagement.Exchange.RoleAssignments["{unifiedRoleAssignment-id}"].GetAsync();
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
//other-imports
)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
roleAssignments, err := graphClient.RoleManagement().Exchange().RoleAssignments().ByUnifiedRoleAssignmentId("unifiedRoleAssignment-id").Get(context.Background(), nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
UnifiedRoleAssignment result = graphClient.roleManagement().exchange().roleAssignments().byUnifiedRoleAssignmentId("{unifiedRoleAssignment-id}").get();
const options = {
authProvider,
};
const client = Client.init(options);
let unifiedRoleAssignment = await client.api('/roleManagement/exchange/roleAssignments/6f0be5be-49f3-42e6-8086-cdcd67b6eac0')
.version('beta')
.get();
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$result = $graphServiceClient->roleManagement()->exchange()->roleAssignments()->byUnifiedRoleAssignmentId('unifiedRoleAssignment-id')->get()->wait();
Import-Module Microsoft.Graph.Beta.DeviceManagement.Enrollment
Get-MgBetaRoleManagementExchangeRoleAssignment -UnifiedRoleAssignmentId $unifiedRoleAssignmentId
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
result = await graph_client.role_management.exchange.role_assignments.by_unified_role_assignment_id('unifiedRoleAssignment-id').get()
Respuesta
En el ejemplo siguiente se muestra la respuesta.
Nota: Se puede acortar el objeto de respuesta que se muestra aquí para mejorar la legibilidad.
HTTP/1.1 200 OK
Content-type: application/json
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/exchange/roleAssignments/$entity",
"id": "6f0be5be-49f3-42e6-8086-cdcd67b6eac0",
"principalId": "/ServicePrincipals/5d39cc4d-ba68-4c44-92c7-5056e3a1ce39",
"roleDefinitionId": "ba6ab9a1-045c-4812-9e0b-f851f0da3907",
"directoryScopeId": "/Users/62ef60ab-0736-495b-b2b0-a4ca2c5b11d7",
"appScopeId": null
}