名前空間: microsoft.graph
重要
Microsoft Graph の /beta バージョンの API は変更される可能性があります。 実稼働アプリケーションでこれらの API を使用することは、サポートされていません。 v1.0 で API を使用できるかどうかを確認するには、Version セレクターを使用します。
アクセス パッケージにリソース ロールを追加するための新しい accessPackageResourceRoleScope を作成します。 グループ、アプリ、または SharePoint Online サイトのアクセス パッケージ リソースは、アクセス パッケージ カタログに既に存在し、リソース ロールの一覧から取得したリソース ロールの originId が必要です。 アクセス パッケージにリソース ロールスコープを追加すると、ユーザーは現在および将来のアクセス パッケージの割り当てを通じてこのリソース ロールを受け取ります。
この API は、次の国内クラウド展開で使用できます。
| グローバル サービス |
米国政府機関 L4 |
米国政府機関 L5 (DOD) |
21Vianet が運営する中国 |
| ✅ |
✅ |
✅ |
✅ |
アクセス許可
この API の最小特権としてマークされているアクセス許可またはアクセス許可を選択します。
アプリで必要な場合にのみ、より高い特権のアクセス許可またはアクセス許可を使用します。 委任されたアクセス許可とアプリケーションのアクセス許可の詳細については、「アクセス許可の種類」を参照してください。 これらのアクセス許可の詳細については、「アクセス許可のリファレンス」を参照してください。
| アクセス許可の種類 |
最小特権アクセス許可 |
より高い特権のアクセス許可 |
| 委任 (職場または学校のアカウント) |
EntitlementManagement.ReadWrite.All |
注意事項なし。 |
| 委任 (個人用 Microsoft アカウント) |
サポートされていません。 |
サポートされていません。 |
| アプリケーション |
EntitlementManagement.ReadWrite.All |
注意事項なし。 |
ヒント
職場または学校アカウントを使用した委任されたシナリオでは、サインインしているユーザーに、次のいずれかのオプションを使用して、サポートされているロールのアクセス許可を持つ管理者ロールも割り当てる必要があります。
アプリのみのシナリオでは、呼び出し元のアプリに、 EntitlementManagement.ReadWrite.All アプリケーションのアクセス許可ではなく、前述のサポートされているロールのいずれかを割り当てることができます。
Access パッケージ マネージャー ロールの特権は、EntitlementManagement.ReadWrite.All アプリケーションのアクセス許可よりも低くなります。
詳細については、「エンタイトルメント管理での委任とロール」および「エンタイトルメント管理でパッケージ マネージャーにアクセスするためのアクセス ガバナンスを委任する方法」を参照してください。
HTTP 要求
POST /identityGovernance/entitlementManagement/accessPackages/{id}/accessPackageResourceRoleScopes
| 名前 |
説明 |
| Authorization |
ベアラー {token}。 必須です。
認証と認可についての詳細をご覧ください。 |
| Content-Type |
application/json. 必須です。 |
要求本文
要求本文で、 accessPackageResourceRoleScope オブジェクトの JSON 表現を指定します。 オブジェクトに accessPackageResourceRole オブジェクトとの関係を含めます。これは、カタログ内のリソースのアクセス パッケージ リソース ロールを一覧表示する要求から取得できます。また、accessPackageResourceScope オブジェクトは、$expand=accessPackageResourceScopesを使用してアクセス パッケージ リソースを一覧表示する要求から取得できます。
応答
成功した場合、このメソッドは応答本文に 200 シリーズの応答コードと新しい accessPackageResourceRoleScope オブジェクトを返します。
例
例 1: アクセス パッケージにリソース ロールとしてグループ メンバーシップを追加する
要求
次の例は要求を示しています。 この要求の前に、グループ b31fe1f1-3651-488f-bd9a-1711887fd4caのアクセス パッケージ リソース 1d08498d-72a1-403f-8511-6b1f875746a0は、このアクセス パッケージを含むアクセス パッケージ カタログに既に追加されている必要があります。
アクセス パッケージ リソース要求を作成することで、リソースがカタログに追加されている可能性があります。
POST https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackages/{id}/accessPackageResourceRoleScopes
Content-type: application/json
{
"accessPackageResourceRole":{
"originId":"Member_b31fe1f1-3651-488f-bd9a-1711887fd4ca",
"displayName":"Member",
"originSystem":"AadGroup",
"accessPackageResource":{"id":"1d08498d-72a1-403f-8511-6b1f875746a0","resourceType":"O365 Group","originId":"b31fe1f1-3651-488f-bd9a-1711887fd4ca","originSystem":"AadGroup"}
},
"accessPackageResourceScope":{
"originId":"b31fe1f1-3651-488f-bd9a-1711887fd4ca","originSystem":"AadGroup"
}
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models;
var requestBody = new AccessPackageResourceRoleScope
{
AccessPackageResourceRole = new AccessPackageResourceRole
{
OriginId = "Member_b31fe1f1-3651-488f-bd9a-1711887fd4ca",
DisplayName = "Member",
OriginSystem = "AadGroup",
AccessPackageResource = new AccessPackageResource
{
Id = "1d08498d-72a1-403f-8511-6b1f875746a0",
ResourceType = "O365 Group",
OriginId = "b31fe1f1-3651-488f-bd9a-1711887fd4ca",
OriginSystem = "AadGroup",
},
},
AccessPackageResourceScope = new AccessPackageResourceScope
{
OriginId = "b31fe1f1-3651-488f-bd9a-1711887fd4ca",
OriginSystem = "AadGroup",
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.EntitlementManagement.AccessPackages["{accessPackage-id}"].AccessPackageResourceRoleScopes.PostAsync(requestBody);
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewAccessPackageResourceRoleScope()
accessPackageResourceRole := graphmodels.NewAccessPackageResourceRole()
originId := "Member_b31fe1f1-3651-488f-bd9a-1711887fd4ca"
accessPackageResourceRole.SetOriginId(&originId)
displayName := "Member"
accessPackageResourceRole.SetDisplayName(&displayName)
originSystem := "AadGroup"
accessPackageResourceRole.SetOriginSystem(&originSystem)
accessPackageResource := graphmodels.NewAccessPackageResource()
id := "1d08498d-72a1-403f-8511-6b1f875746a0"
accessPackageResource.SetId(&id)
resourceType := "O365 Group"
accessPackageResource.SetResourceType(&resourceType)
originId := "b31fe1f1-3651-488f-bd9a-1711887fd4ca"
accessPackageResource.SetOriginId(&originId)
originSystem := "AadGroup"
accessPackageResource.SetOriginSystem(&originSystem)
accessPackageResourceRole.SetAccessPackageResource(accessPackageResource)
requestBody.SetAccessPackageResourceRole(accessPackageResourceRole)
accessPackageResourceScope := graphmodels.NewAccessPackageResourceScope()
originId := "b31fe1f1-3651-488f-bd9a-1711887fd4ca"
accessPackageResourceScope.SetOriginId(&originId)
originSystem := "AadGroup"
accessPackageResourceScope.SetOriginSystem(&originSystem)
requestBody.SetAccessPackageResourceScope(accessPackageResourceScope)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
accessPackageResourceRoleScopes, err := graphClient.IdentityGovernance().EntitlementManagement().AccessPackages().ByAccessPackageId("accessPackage-id").AccessPackageResourceRoleScopes().Post(context.Background(), requestBody, nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
AccessPackageResourceRoleScope accessPackageResourceRoleScope = new AccessPackageResourceRoleScope();
AccessPackageResourceRole accessPackageResourceRole = new AccessPackageResourceRole();
accessPackageResourceRole.setOriginId("Member_b31fe1f1-3651-488f-bd9a-1711887fd4ca");
accessPackageResourceRole.setDisplayName("Member");
accessPackageResourceRole.setOriginSystem("AadGroup");
AccessPackageResource accessPackageResource = new AccessPackageResource();
accessPackageResource.setId("1d08498d-72a1-403f-8511-6b1f875746a0");
accessPackageResource.setResourceType("O365 Group");
accessPackageResource.setOriginId("b31fe1f1-3651-488f-bd9a-1711887fd4ca");
accessPackageResource.setOriginSystem("AadGroup");
accessPackageResourceRole.setAccessPackageResource(accessPackageResource);
accessPackageResourceRoleScope.setAccessPackageResourceRole(accessPackageResourceRole);
AccessPackageResourceScope accessPackageResourceScope = new AccessPackageResourceScope();
accessPackageResourceScope.setOriginId("b31fe1f1-3651-488f-bd9a-1711887fd4ca");
accessPackageResourceScope.setOriginSystem("AadGroup");
accessPackageResourceRoleScope.setAccessPackageResourceScope(accessPackageResourceScope);
AccessPackageResourceRoleScope result = graphClient.identityGovernance().entitlementManagement().accessPackages().byAccessPackageId("{accessPackage-id}").accessPackageResourceRoleScopes().post(accessPackageResourceRoleScope);
const options = {
authProvider,
};
const client = Client.init(options);
const accessPackageResourceRoleScope = {
accessPackageResourceRole: {
originId: 'Member_b31fe1f1-3651-488f-bd9a-1711887fd4ca',
displayName: 'Member',
originSystem: 'AadGroup',
accessPackageResource: {id: '1d08498d-72a1-403f-8511-6b1f875746a0',resourceType: 'O365 Group',originId: 'b31fe1f1-3651-488f-bd9a-1711887fd4ca',originSystem: 'AadGroup'}
},
accessPackageResourceScope: {
originId: 'b31fe1f1-3651-488f-bd9a-1711887fd4ca',originSystem: 'AadGroup'
}
};
await client.api('/identityGovernance/entitlementManagement/accessPackages/{id}/accessPackageResourceRoleScopes')
.version('beta')
.post(accessPackageResourceRoleScope);
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\AccessPackageResourceRoleScope;
use Microsoft\Graph\Beta\Generated\Models\AccessPackageResourceRole;
use Microsoft\Graph\Beta\Generated\Models\AccessPackageResource;
use Microsoft\Graph\Beta\Generated\Models\AccessPackageResourceScope;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new AccessPackageResourceRoleScope();
$accessPackageResourceRole = new AccessPackageResourceRole();
$accessPackageResourceRole->setOriginId('Member_b31fe1f1-3651-488f-bd9a-1711887fd4ca');
$accessPackageResourceRole->setDisplayName('Member');
$accessPackageResourceRole->setOriginSystem('AadGroup');
$accessPackageResourceRoleAccessPackageResource = new AccessPackageResource();
$accessPackageResourceRoleAccessPackageResource->setId('1d08498d-72a1-403f-8511-6b1f875746a0');
$accessPackageResourceRoleAccessPackageResource->setResourceType('O365 Group');
$accessPackageResourceRoleAccessPackageResource->setOriginId('b31fe1f1-3651-488f-bd9a-1711887fd4ca');
$accessPackageResourceRoleAccessPackageResource->setOriginSystem('AadGroup');
$accessPackageResourceRole->setAccessPackageResource($accessPackageResourceRoleAccessPackageResource);
$requestBody->setAccessPackageResourceRole($accessPackageResourceRole);
$accessPackageResourceScope = new AccessPackageResourceScope();
$accessPackageResourceScope->setOriginId('b31fe1f1-3651-488f-bd9a-1711887fd4ca');
$accessPackageResourceScope->setOriginSystem('AadGroup');
$requestBody->setAccessPackageResourceScope($accessPackageResourceScope);
$result = $graphServiceClient->identityGovernance()->entitlementManagement()->accessPackages()->byAccessPackageId('accessPackage-id')->accessPackageResourceRoleScopes()->post($requestBody)->wait();
Import-Module Microsoft.Graph.Beta.Identity.Governance
$params = @{
accessPackageResourceRole = @{
originId = "Member_b31fe1f1-3651-488f-bd9a-1711887fd4ca"
displayName = "Member"
originSystem = "AadGroup"
accessPackageResource = @{
id = "1d08498d-72a1-403f-8511-6b1f875746a0"
resourceType = "O365 Group"
originId = "b31fe1f1-3651-488f-bd9a-1711887fd4ca"
originSystem = "AadGroup"
}
}
accessPackageResourceScope = @{
originId = "b31fe1f1-3651-488f-bd9a-1711887fd4ca"
originSystem = "AadGroup"
}
}
New-MgBetaEntitlementManagementAccessPackageResourceRoleScope -AccessPackageId $accessPackageId -BodyParameter $params
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.access_package_resource_role_scope import AccessPackageResourceRoleScope
from msgraph_beta.generated.models.access_package_resource_role import AccessPackageResourceRole
from msgraph_beta.generated.models.access_package_resource import AccessPackageResource
from msgraph_beta.generated.models.access_package_resource_scope import AccessPackageResourceScope
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = AccessPackageResourceRoleScope(
access_package_resource_role = AccessPackageResourceRole(
origin_id = "Member_b31fe1f1-3651-488f-bd9a-1711887fd4ca",
display_name = "Member",
origin_system = "AadGroup",
access_package_resource = AccessPackageResource(
id = "1d08498d-72a1-403f-8511-6b1f875746a0",
resource_type = "O365 Group",
origin_id = "b31fe1f1-3651-488f-bd9a-1711887fd4ca",
origin_system = "AadGroup",
),
),
access_package_resource_scope = AccessPackageResourceScope(
origin_id = "b31fe1f1-3651-488f-bd9a-1711887fd4ca",
origin_system = "AadGroup",
),
)
result = await graph_client.identity_governance.entitlement_management.access_packages.by_access_package_id('accessPackage-id').access_package_resource_role_scopes.post(request_body)
応答
次の例は応答を示しています。
注: ここに示す応答オブジェクトは、読みやすさのために短縮されている場合があります。
HTTP/1.1 201 Created
Content-type: application/json
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#accessPackageResourceRoleScopes/$entity",
"id": "ad5c7636-e481-4528-991f-198e3b38dd56_ffd4004a-f4a9-4b22-b027-759e55c0d1db",
"createdBy": "admin@example.com",
"createdDateTime": "2019-12-11T01:35:26.4754081Z",
"modifiedBy": "admin@example.com",
"modifiedDateTime": "2019-12-11T01:35:26.4754081Z"
}
例 2: SharePoint Online サイト ロールをアクセス パッケージに追加する
要求
次の例は、ルート以外のスコープ リソースに対する要求を示しています。 サイトのアクセス パッケージ リソースは、このアクセス パッケージを含むアクセス パッケージ カタログに既に追加されている必要があります。
要求には accessPackageResourceRole オブジェクトが含まれています。これは、以前の要求から取得して、 カタログ内のリソースのアクセス パッケージ リソース ロールを一覧表示できます。 リソースの種類ごとに、リソース ロールの originId フィールドの形式が定義されます。 SharePoint Online サイトの場合、originId はサイト内のロールのシーケンス番号です。
アクセス パッケージ リソースを一覧表示する以前の要求から取得した accessPackageResourceScope オブジェクトのリソースがルート スコープ (isRootScope がtrue に設定されている) の場合は、要求の accessPackageResourceScope オブジェクトに isRootScope プロパティを含めます。
POST https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackages/{id}/accessPackageResourceRoleScopes
Content-type: application/json
{
"accessPackageResourceRole": {
"originId": "4",
"originSystem": "SharePointOnline",
"accessPackageResource": {
"id": "53c71803-a0a8-4777-aecc-075de8ee3991"
}
},
"accessPackageResourceScope": {
"id": "5ae0ae7c-d0a5-42aa-ab37-1f15e9a61d33",
"originId": "https://microsoft.sharepoint.com/portals/Community",
"originSystem": "SharePointOnline"
}
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models;
var requestBody = new AccessPackageResourceRoleScope
{
AccessPackageResourceRole = new AccessPackageResourceRole
{
OriginId = "4",
OriginSystem = "SharePointOnline",
AccessPackageResource = new AccessPackageResource
{
Id = "53c71803-a0a8-4777-aecc-075de8ee3991",
},
},
AccessPackageResourceScope = new AccessPackageResourceScope
{
Id = "5ae0ae7c-d0a5-42aa-ab37-1f15e9a61d33",
OriginId = "https://microsoft.sharepoint.com/portals/Community",
OriginSystem = "SharePointOnline",
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.EntitlementManagement.AccessPackages["{accessPackage-id}"].AccessPackageResourceRoleScopes.PostAsync(requestBody);
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewAccessPackageResourceRoleScope()
accessPackageResourceRole := graphmodels.NewAccessPackageResourceRole()
originId := "4"
accessPackageResourceRole.SetOriginId(&originId)
originSystem := "SharePointOnline"
accessPackageResourceRole.SetOriginSystem(&originSystem)
accessPackageResource := graphmodels.NewAccessPackageResource()
id := "53c71803-a0a8-4777-aecc-075de8ee3991"
accessPackageResource.SetId(&id)
accessPackageResourceRole.SetAccessPackageResource(accessPackageResource)
requestBody.SetAccessPackageResourceRole(accessPackageResourceRole)
accessPackageResourceScope := graphmodels.NewAccessPackageResourceScope()
id := "5ae0ae7c-d0a5-42aa-ab37-1f15e9a61d33"
accessPackageResourceScope.SetId(&id)
originId := "https://microsoft.sharepoint.com/portals/Community"
accessPackageResourceScope.SetOriginId(&originId)
originSystem := "SharePointOnline"
accessPackageResourceScope.SetOriginSystem(&originSystem)
requestBody.SetAccessPackageResourceScope(accessPackageResourceScope)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
accessPackageResourceRoleScopes, err := graphClient.IdentityGovernance().EntitlementManagement().AccessPackages().ByAccessPackageId("accessPackage-id").AccessPackageResourceRoleScopes().Post(context.Background(), requestBody, nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
AccessPackageResourceRoleScope accessPackageResourceRoleScope = new AccessPackageResourceRoleScope();
AccessPackageResourceRole accessPackageResourceRole = new AccessPackageResourceRole();
accessPackageResourceRole.setOriginId("4");
accessPackageResourceRole.setOriginSystem("SharePointOnline");
AccessPackageResource accessPackageResource = new AccessPackageResource();
accessPackageResource.setId("53c71803-a0a8-4777-aecc-075de8ee3991");
accessPackageResourceRole.setAccessPackageResource(accessPackageResource);
accessPackageResourceRoleScope.setAccessPackageResourceRole(accessPackageResourceRole);
AccessPackageResourceScope accessPackageResourceScope = new AccessPackageResourceScope();
accessPackageResourceScope.setId("5ae0ae7c-d0a5-42aa-ab37-1f15e9a61d33");
accessPackageResourceScope.setOriginId("https://microsoft.sharepoint.com/portals/Community");
accessPackageResourceScope.setOriginSystem("SharePointOnline");
accessPackageResourceRoleScope.setAccessPackageResourceScope(accessPackageResourceScope);
AccessPackageResourceRoleScope result = graphClient.identityGovernance().entitlementManagement().accessPackages().byAccessPackageId("{accessPackage-id}").accessPackageResourceRoleScopes().post(accessPackageResourceRoleScope);
const options = {
authProvider,
};
const client = Client.init(options);
const accessPackageResourceRoleScope = {
accessPackageResourceRole: {
originId: '4',
originSystem: 'SharePointOnline',
accessPackageResource: {
id: '53c71803-a0a8-4777-aecc-075de8ee3991'
}
},
accessPackageResourceScope: {
id: '5ae0ae7c-d0a5-42aa-ab37-1f15e9a61d33',
originId: 'https://microsoft.sharepoint.com/portals/Community',
originSystem: 'SharePointOnline'
}
};
await client.api('/identityGovernance/entitlementManagement/accessPackages/{id}/accessPackageResourceRoleScopes')
.version('beta')
.post(accessPackageResourceRoleScope);
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\AccessPackageResourceRoleScope;
use Microsoft\Graph\Beta\Generated\Models\AccessPackageResourceRole;
use Microsoft\Graph\Beta\Generated\Models\AccessPackageResource;
use Microsoft\Graph\Beta\Generated\Models\AccessPackageResourceScope;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new AccessPackageResourceRoleScope();
$accessPackageResourceRole = new AccessPackageResourceRole();
$accessPackageResourceRole->setOriginId('4');
$accessPackageResourceRole->setOriginSystem('SharePointOnline');
$accessPackageResourceRoleAccessPackageResource = new AccessPackageResource();
$accessPackageResourceRoleAccessPackageResource->setId('53c71803-a0a8-4777-aecc-075de8ee3991');
$accessPackageResourceRole->setAccessPackageResource($accessPackageResourceRoleAccessPackageResource);
$requestBody->setAccessPackageResourceRole($accessPackageResourceRole);
$accessPackageResourceScope = new AccessPackageResourceScope();
$accessPackageResourceScope->setId('5ae0ae7c-d0a5-42aa-ab37-1f15e9a61d33');
$accessPackageResourceScope->setOriginId('https://microsoft.sharepoint.com/portals/Community');
$accessPackageResourceScope->setOriginSystem('SharePointOnline');
$requestBody->setAccessPackageResourceScope($accessPackageResourceScope);
$result = $graphServiceClient->identityGovernance()->entitlementManagement()->accessPackages()->byAccessPackageId('accessPackage-id')->accessPackageResourceRoleScopes()->post($requestBody)->wait();
Import-Module Microsoft.Graph.Beta.Identity.Governance
$params = @{
accessPackageResourceRole = @{
originId = "4"
originSystem = "SharePointOnline"
accessPackageResource = @{
id = "53c71803-a0a8-4777-aecc-075de8ee3991"
}
}
accessPackageResourceScope = @{
id = "5ae0ae7c-d0a5-42aa-ab37-1f15e9a61d33"
originId = "https://microsoft.sharepoint.com/portals/Community"
originSystem = "SharePointOnline"
}
}
New-MgBetaEntitlementManagementAccessPackageResourceRoleScope -AccessPackageId $accessPackageId -BodyParameter $params
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.access_package_resource_role_scope import AccessPackageResourceRoleScope
from msgraph_beta.generated.models.access_package_resource_role import AccessPackageResourceRole
from msgraph_beta.generated.models.access_package_resource import AccessPackageResource
from msgraph_beta.generated.models.access_package_resource_scope import AccessPackageResourceScope
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = AccessPackageResourceRoleScope(
access_package_resource_role = AccessPackageResourceRole(
origin_id = "4",
origin_system = "SharePointOnline",
access_package_resource = AccessPackageResource(
id = "53c71803-a0a8-4777-aecc-075de8ee3991",
),
),
access_package_resource_scope = AccessPackageResourceScope(
id = "5ae0ae7c-d0a5-42aa-ab37-1f15e9a61d33",
origin_id = "https://microsoft.sharepoint.com/portals/Community",
origin_system = "SharePointOnline",
),
)
result = await graph_client.identity_governance.entitlement_management.access_packages.by_access_package_id('accessPackage-id').access_package_resource_role_scopes.post(request_body)
応答
次の例は応答を示しています。
注: ここに示す応答オブジェクトは、読みやすさのために短縮されている場合があります。
HTTP/1.1 201 Created
Content-type: application/json
{
"id": "6646a29e-da03-49f6-bcd9-dec124492de3_5ae0ae7c-d0a5-42aa-ab37-1f15e9a61d33"
}
例 3: アクセス パッケージにリソースとしてMicrosoft Entra ロールを追加する
要求
POST https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackages/{id}/accessPackageResourceRoleScopes
Content-type: application/json
{
"role": {
"originId": "Eligible",
"displayName": "Eligible Member",
"originSystem": "DirectoryRole",
"resource": {
"id": "ea036095-57a6-4c90-a640-013edf151eb1"
}
},
"scope": {
"description": "Root Scope",
"displayName": "Root",
"isRootScope": true,
"originSystem": "DirectoryRole",
"originId": "c4e39bd9-1100-46d3-8c65-fb160da0071f"
}
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models;
using Microsoft.Kiota.Abstractions.Serialization;
var requestBody = new AccessPackageResourceRoleScope
{
AdditionalData = new Dictionary<string, object>
{
{
"role" , new UntypedObject(new Dictionary<string, UntypedNode>
{
{
"originId", new UntypedString("Eligible")
},
{
"displayName", new UntypedString("Eligible Member")
},
{
"originSystem", new UntypedString("DirectoryRole")
},
{
"resource", new UntypedObject(new Dictionary<string, UntypedNode>
{
{
"id", new UntypedString("ea036095-57a6-4c90-a640-013edf151eb1")
},
})
},
})
},
{
"scope" , new UntypedObject(new Dictionary<string, UntypedNode>
{
{
"description", new UntypedString("Root Scope")
},
{
"displayName", new UntypedString("Root")
},
{
"isRootScope", new UntypedBoolean(true)
},
{
"originSystem", new UntypedString("DirectoryRole")
},
{
"originId", new UntypedString("c4e39bd9-1100-46d3-8c65-fb160da0071f")
},
})
},
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.EntitlementManagement.AccessPackages["{accessPackage-id}"].AccessPackageResourceRoleScopes.PostAsync(requestBody);
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewAccessPackageResourceRoleScope()
additionalData := map[string]interface{}{
role := graph.New()
originId := "Eligible"
role.SetOriginId(&originId)
displayName := "Eligible Member"
role.SetDisplayName(&displayName)
originSystem := "DirectoryRole"
role.SetOriginSystem(&originSystem)
resource := graph.New()
id := "ea036095-57a6-4c90-a640-013edf151eb1"
resource.SetId(&id)
role.SetResource(resource)
requestBody.SetRole(role)
scope := graph.New()
description := "Root Scope"
scope.SetDescription(&description)
displayName := "Root"
scope.SetDisplayName(&displayName)
isRootScope := true
scope.SetIsRootScope(&isRootScope)
originSystem := "DirectoryRole"
scope.SetOriginSystem(&originSystem)
originId := "c4e39bd9-1100-46d3-8c65-fb160da0071f"
scope.SetOriginId(&originId)
requestBody.SetScope(scope)
}
requestBody.SetAdditionalData(additionalData)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
accessPackageResourceRoleScopes, err := graphClient.IdentityGovernance().EntitlementManagement().AccessPackages().ByAccessPackageId("accessPackage-id").AccessPackageResourceRoleScopes().Post(context.Background(), requestBody, nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
AccessPackageResourceRoleScope accessPackageResourceRoleScope = new AccessPackageResourceRoleScope();
HashMap<String, Object> additionalData = new HashMap<String, Object>();
role = new ();
role.setOriginId("Eligible");
role.setDisplayName("Eligible Member");
role.setOriginSystem("DirectoryRole");
resource = new ();
resource.setId("ea036095-57a6-4c90-a640-013edf151eb1");
role.setResource(resource);
additionalData.put("role", role);
scope = new ();
scope.setDescription("Root Scope");
scope.setDisplayName("Root");
scope.setIsRootScope(true);
scope.setOriginSystem("DirectoryRole");
scope.setOriginId("c4e39bd9-1100-46d3-8c65-fb160da0071f");
additionalData.put("scope", scope);
accessPackageResourceRoleScope.setAdditionalData(additionalData);
AccessPackageResourceRoleScope result = graphClient.identityGovernance().entitlementManagement().accessPackages().byAccessPackageId("{accessPackage-id}").accessPackageResourceRoleScopes().post(accessPackageResourceRoleScope);
const options = {
authProvider,
};
const client = Client.init(options);
const accessPackageResourceRoleScope = {
role: {
originId: 'Eligible',
displayName: 'Eligible Member',
originSystem: 'DirectoryRole',
resource: {
id: 'ea036095-57a6-4c90-a640-013edf151eb1'
}
},
scope: {
description: 'Root Scope',
displayName: 'Root',
isRootScope: true,
originSystem: 'DirectoryRole',
originId: 'c4e39bd9-1100-46d3-8c65-fb160da0071f'
}
};
await client.api('/identityGovernance/entitlementManagement/accessPackages/{id}/accessPackageResourceRoleScopes')
.version('beta')
.post(accessPackageResourceRoleScope);
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\AccessPackageResourceRoleScope;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new AccessPackageResourceRoleScope();
$additionalData = [
'role' => [
'originId' => 'Eligible',
'displayName' => 'Eligible Member',
'originSystem' => 'DirectoryRole',
'resource' => [
'id' => 'ea036095-57a6-4c90-a640-013edf151eb1',
],
],
'scope' => [
'description' => 'Root Scope',
'displayName' => 'Root',
'isRootScope' => true,
'originSystem' => 'DirectoryRole',
'originId' => 'c4e39bd9-1100-46d3-8c65-fb160da0071f',
],
];
$requestBody->setAdditionalData($additionalData);
$result = $graphServiceClient->identityGovernance()->entitlementManagement()->accessPackages()->byAccessPackageId('accessPackage-id')->accessPackageResourceRoleScopes()->post($requestBody)->wait();
Import-Module Microsoft.Graph.Beta.Identity.Governance
$params = @{
role = @{
originId = "Eligible"
displayName = "Eligible Member"
originSystem = "DirectoryRole"
resource = @{
id = "ea036095-57a6-4c90-a640-013edf151eb1"
}
}
scope = @{
description = "Root Scope"
displayName = "Root"
isRootScope = $true
originSystem = "DirectoryRole"
originId = "c4e39bd9-1100-46d3-8c65-fb160da0071f"
}
}
New-MgBetaEntitlementManagementAccessPackageResourceRoleScope -AccessPackageId $accessPackageId -BodyParameter $params
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.access_package_resource_role_scope import AccessPackageResourceRoleScope
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = AccessPackageResourceRoleScope(
additional_data = {
"role" : {
"origin_id" : "Eligible",
"display_name" : "Eligible Member",
"origin_system" : "DirectoryRole",
"resource" : {
"id" : "ea036095-57a6-4c90-a640-013edf151eb1",
},
},
"scope" : {
"description" : "Root Scope",
"display_name" : "Root",
"is_root_scope" : True,
"origin_system" : "DirectoryRole",
"origin_id" : "c4e39bd9-1100-46d3-8c65-fb160da0071f",
},
}
)
result = await graph_client.identity_governance.entitlement_management.access_packages.by_access_package_id('accessPackage-id').access_package_resource_role_scopes.post(request_body)
応答
次の例は応答を示しています。
注: ここに示す応答オブジェクトは、読みやすさのために短縮されている場合があります。
HTTP/1.1 201 Created
Content-type: application/json
{
"id": "ea036095-57a6-4c90-a640-013edf151eb1_c4e39bd9-1100-46d3-8c65-fb160da0071f",
"createdDateTime": "2023-06-28T01:19:48.4216782Z"
}
例 4: PIM マネージド グループをリソース ロールとしてアクセス パッケージに追加する
要求
次の例は、PIM マネージド グループをリソース ロールとしてアクセス パッケージに追加する要求を示しています。 グループのメンバーは、グループの対象となります。
この要求の前に、PIM マネージド グループ bcfae74a-91a6-46e9-99bf-89d6487cc3f3のアクセス パッケージ リソース b86a1828-3171-409e-8343-32a224f324a0を、このアクセス パッケージを含むアクセス パッケージ カタログに既に追加しておく必要があります。
アクセス パッケージ リソース要求を作成することで、リソースがカタログに追加されている可能性があります。
POST https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackages/b86a1828-3171-409e-8343-32a224f324a0/accessPackageResourceRoleScopes
Content-type: application/json
{
"accessPackageResourceRole":{
"originId":"EligibleMember_89590e41-f49d-4792-b531-6ed6fe6cfe18",
"displayName":"Eligible Member",
"originSystem":"AadGroup",
"accessPackageResource":{"id":"b86a1828-3171-409e-8343-32a224f324a0","resourceType":"O365 Group","originId":"bcfae74a-91a6-46e9-99bf-89d6487cc3f3","originSystem":"AadGroup"}
},
"accessPackageResourceScope":{
"originId":"bcfae74a-91a6-46e9-99bf-89d6487cc3f3","originSystem":"AadGroup"
}
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models;
var requestBody = new AccessPackageResourceRoleScope
{
AccessPackageResourceRole = new AccessPackageResourceRole
{
OriginId = "EligibleMember_89590e41-f49d-4792-b531-6ed6fe6cfe18",
DisplayName = "Eligible Member",
OriginSystem = "AadGroup",
AccessPackageResource = new AccessPackageResource
{
Id = "b86a1828-3171-409e-8343-32a224f324a0",
ResourceType = "O365 Group",
OriginId = "bcfae74a-91a6-46e9-99bf-89d6487cc3f3",
OriginSystem = "AadGroup",
},
},
AccessPackageResourceScope = new AccessPackageResourceScope
{
OriginId = "bcfae74a-91a6-46e9-99bf-89d6487cc3f3",
OriginSystem = "AadGroup",
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.EntitlementManagement.AccessPackages["{accessPackage-id}"].AccessPackageResourceRoleScopes.PostAsync(requestBody);
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewAccessPackageResourceRoleScope()
accessPackageResourceRole := graphmodels.NewAccessPackageResourceRole()
originId := "EligibleMember_89590e41-f49d-4792-b531-6ed6fe6cfe18"
accessPackageResourceRole.SetOriginId(&originId)
displayName := "Eligible Member"
accessPackageResourceRole.SetDisplayName(&displayName)
originSystem := "AadGroup"
accessPackageResourceRole.SetOriginSystem(&originSystem)
accessPackageResource := graphmodels.NewAccessPackageResource()
id := "b86a1828-3171-409e-8343-32a224f324a0"
accessPackageResource.SetId(&id)
resourceType := "O365 Group"
accessPackageResource.SetResourceType(&resourceType)
originId := "bcfae74a-91a6-46e9-99bf-89d6487cc3f3"
accessPackageResource.SetOriginId(&originId)
originSystem := "AadGroup"
accessPackageResource.SetOriginSystem(&originSystem)
accessPackageResourceRole.SetAccessPackageResource(accessPackageResource)
requestBody.SetAccessPackageResourceRole(accessPackageResourceRole)
accessPackageResourceScope := graphmodels.NewAccessPackageResourceScope()
originId := "bcfae74a-91a6-46e9-99bf-89d6487cc3f3"
accessPackageResourceScope.SetOriginId(&originId)
originSystem := "AadGroup"
accessPackageResourceScope.SetOriginSystem(&originSystem)
requestBody.SetAccessPackageResourceScope(accessPackageResourceScope)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
accessPackageResourceRoleScopes, err := graphClient.IdentityGovernance().EntitlementManagement().AccessPackages().ByAccessPackageId("accessPackage-id").AccessPackageResourceRoleScopes().Post(context.Background(), requestBody, nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
AccessPackageResourceRoleScope accessPackageResourceRoleScope = new AccessPackageResourceRoleScope();
AccessPackageResourceRole accessPackageResourceRole = new AccessPackageResourceRole();
accessPackageResourceRole.setOriginId("EligibleMember_89590e41-f49d-4792-b531-6ed6fe6cfe18");
accessPackageResourceRole.setDisplayName("Eligible Member");
accessPackageResourceRole.setOriginSystem("AadGroup");
AccessPackageResource accessPackageResource = new AccessPackageResource();
accessPackageResource.setId("b86a1828-3171-409e-8343-32a224f324a0");
accessPackageResource.setResourceType("O365 Group");
accessPackageResource.setOriginId("bcfae74a-91a6-46e9-99bf-89d6487cc3f3");
accessPackageResource.setOriginSystem("AadGroup");
accessPackageResourceRole.setAccessPackageResource(accessPackageResource);
accessPackageResourceRoleScope.setAccessPackageResourceRole(accessPackageResourceRole);
AccessPackageResourceScope accessPackageResourceScope = new AccessPackageResourceScope();
accessPackageResourceScope.setOriginId("bcfae74a-91a6-46e9-99bf-89d6487cc3f3");
accessPackageResourceScope.setOriginSystem("AadGroup");
accessPackageResourceRoleScope.setAccessPackageResourceScope(accessPackageResourceScope);
AccessPackageResourceRoleScope result = graphClient.identityGovernance().entitlementManagement().accessPackages().byAccessPackageId("{accessPackage-id}").accessPackageResourceRoleScopes().post(accessPackageResourceRoleScope);
const options = {
authProvider,
};
const client = Client.init(options);
const accessPackageResourceRoleScope = {
accessPackageResourceRole: {
originId: 'EligibleMember_89590e41-f49d-4792-b531-6ed6fe6cfe18',
displayName: 'Eligible Member',
originSystem: 'AadGroup',
accessPackageResource: {id: 'b86a1828-3171-409e-8343-32a224f324a0',resourceType: 'O365 Group',originId: 'bcfae74a-91a6-46e9-99bf-89d6487cc3f3',originSystem: 'AadGroup'}
},
accessPackageResourceScope: {
originId: 'bcfae74a-91a6-46e9-99bf-89d6487cc3f3',originSystem: 'AadGroup'
}
};
await client.api('/identityGovernance/entitlementManagement/accessPackages/b86a1828-3171-409e-8343-32a224f324a0/accessPackageResourceRoleScopes')
.version('beta')
.post(accessPackageResourceRoleScope);
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\AccessPackageResourceRoleScope;
use Microsoft\Graph\Beta\Generated\Models\AccessPackageResourceRole;
use Microsoft\Graph\Beta\Generated\Models\AccessPackageResource;
use Microsoft\Graph\Beta\Generated\Models\AccessPackageResourceScope;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new AccessPackageResourceRoleScope();
$accessPackageResourceRole = new AccessPackageResourceRole();
$accessPackageResourceRole->setOriginId('EligibleMember_89590e41-f49d-4792-b531-6ed6fe6cfe18');
$accessPackageResourceRole->setDisplayName('Eligible Member');
$accessPackageResourceRole->setOriginSystem('AadGroup');
$accessPackageResourceRoleAccessPackageResource = new AccessPackageResource();
$accessPackageResourceRoleAccessPackageResource->setId('b86a1828-3171-409e-8343-32a224f324a0');
$accessPackageResourceRoleAccessPackageResource->setResourceType('O365 Group');
$accessPackageResourceRoleAccessPackageResource->setOriginId('bcfae74a-91a6-46e9-99bf-89d6487cc3f3');
$accessPackageResourceRoleAccessPackageResource->setOriginSystem('AadGroup');
$accessPackageResourceRole->setAccessPackageResource($accessPackageResourceRoleAccessPackageResource);
$requestBody->setAccessPackageResourceRole($accessPackageResourceRole);
$accessPackageResourceScope = new AccessPackageResourceScope();
$accessPackageResourceScope->setOriginId('bcfae74a-91a6-46e9-99bf-89d6487cc3f3');
$accessPackageResourceScope->setOriginSystem('AadGroup');
$requestBody->setAccessPackageResourceScope($accessPackageResourceScope);
$result = $graphServiceClient->identityGovernance()->entitlementManagement()->accessPackages()->byAccessPackageId('accessPackage-id')->accessPackageResourceRoleScopes()->post($requestBody)->wait();
Import-Module Microsoft.Graph.Beta.Identity.Governance
$params = @{
accessPackageResourceRole = @{
originId = "EligibleMember_89590e41-f49d-4792-b531-6ed6fe6cfe18"
displayName = "Eligible Member"
originSystem = "AadGroup"
accessPackageResource = @{
id = "b86a1828-3171-409e-8343-32a224f324a0"
resourceType = "O365 Group"
originId = "bcfae74a-91a6-46e9-99bf-89d6487cc3f3"
originSystem = "AadGroup"
}
}
accessPackageResourceScope = @{
originId = "bcfae74a-91a6-46e9-99bf-89d6487cc3f3"
originSystem = "AadGroup"
}
}
New-MgBetaEntitlementManagementAccessPackageResourceRoleScope -AccessPackageId $accessPackageId -BodyParameter $params
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.access_package_resource_role_scope import AccessPackageResourceRoleScope
from msgraph_beta.generated.models.access_package_resource_role import AccessPackageResourceRole
from msgraph_beta.generated.models.access_package_resource import AccessPackageResource
from msgraph_beta.generated.models.access_package_resource_scope import AccessPackageResourceScope
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = AccessPackageResourceRoleScope(
access_package_resource_role = AccessPackageResourceRole(
origin_id = "EligibleMember_89590e41-f49d-4792-b531-6ed6fe6cfe18",
display_name = "Eligible Member",
origin_system = "AadGroup",
access_package_resource = AccessPackageResource(
id = "b86a1828-3171-409e-8343-32a224f324a0",
resource_type = "O365 Group",
origin_id = "bcfae74a-91a6-46e9-99bf-89d6487cc3f3",
origin_system = "AadGroup",
),
),
access_package_resource_scope = AccessPackageResourceScope(
origin_id = "bcfae74a-91a6-46e9-99bf-89d6487cc3f3",
origin_system = "AadGroup",
),
)
result = await graph_client.identity_governance.entitlement_management.access_packages.by_access_package_id('accessPackage-id').access_package_resource_role_scopes.post(request_body)
応答
次の例は応答を示しています。
注: ここに示す応答オブジェクトは、読みやすさのために短縮されている場合があります。
HTTP/1.1 201 Created
Content-type: application/json
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#accessPackageResourceRoleScopes/$entity",
"id": "ad5c7636-e481-4528-991f-198e3b38dd56_ffd4004a-f4a9-4b22-b027-759e55c0d1db",
"createdBy": "admin@example.com",
"createdDateTime": "2019-12-11T01:35:26.4754081Z",
"modifiedBy": "admin@example.com",
"modifiedDateTime": "2019-12-11T01:35:26.4754081Z"
}