名前空間: microsoft.graph
重要
Microsoft Graph の /beta バージョンの API は変更される可能性があります。 実稼働アプリケーションでこれらの API を使用することは、サポートされていません。 v1.0 で API を使用できるかどうかを確認するには、Version セレクターを使用します。
RBAC プロバイダーの unifiedRoleAssignmentMultiple オブジェクトの一覧を取得します。
現在、次の RBAC プロバイダーがサポートされています。
- クラウド PC
- デバイス管理 (Intune)
- Defender (Microsoft Defender XDR)
他の Microsoft 365 アプリケーション (Microsoft Entra ID など) の場合は、unifiedRoleAssignment を使用します。
この API は、次の国内クラウド展開で使用できます。
| グローバル サービス |
米国政府機関 L4 |
米国政府機関 L5 (DOD) |
21Vianet が運営する中国 |
| ✅ |
✅ |
✅ |
✅ |
アクセス許可
次の表は、サポートされている各リソースの種類でこの API を呼び出すために必要な最小特権のアクセス許可またはアクセス許可を示しています。
ベスト プラクティスに従って、最小限の特権のアクセス許可を要求します。 委任されたアクセス許可とアプリケーションのアクセス許可の詳細については、「アクセス許可の種類」を参照してください。 これらのアクセス許可の詳細については、「アクセス許可のリファレンス」を参照してください。
クラウド PC プロバイダーの場合
| アクセス許可の種類 |
最小特権アクセス許可 |
より高い特権のアクセス許可 |
| 委任 (職場または学校のアカウント) |
CloudPC.Read.All |
CloudPC.ReadWrite.All、DeviceManagementRBAC.Read.All、DeviceManagementRBAC.ReadWrite.All |
| 委任 (個人用 Microsoft アカウント) |
サポートされていません。 |
サポートされていません。 |
| アプリケーション |
CloudPC.Read.All |
CloudPC.ReadWrite.All、DeviceManagementRBAC.Read.All、DeviceManagementRBAC.ReadWrite.All |
デバイス管理 (Intune) プロバイダーの場合
| アクセス許可の種類 |
最小特権アクセス許可 |
より高い特権のアクセス許可 |
| 委任 (職場または学校のアカウント) |
CloudPC.Read.All |
CloudPC.ReadWrite.All、DeviceManagementRBAC.Read.All、DeviceManagementRBAC.ReadWrite.All |
| 委任 (個人用 Microsoft アカウント) |
サポートされていません。 |
サポートされていません。 |
| アプリケーション |
CloudPC.Read.All |
CloudPC.ReadWrite.All、DeviceManagementRBAC.Read.All、DeviceManagementRBAC.ReadWrite.All |
Defender プロバイダーの場合
| アクセス許可の種類 |
最小特権アクセス許可 |
より高い特権のアクセス許可 |
| 委任 (職場または学校のアカウント) |
RoleManagement.Read.Defender |
RoleManagement.Read.All、RoleManagement.ReadWrite.Defender |
| 委任 (個人用 Microsoft アカウント) |
サポートされていません。 |
サポートされていません。 |
| アプリケーション |
RoleManagement.Read.Defender |
RoleManagement.Read.All、RoleManagement.ReadWrite.Defender |
HTTP 要求
クラウド PC プロバイダーのロールの割り当てを一覧表示するには:
GET /roleManagement/cloudPc/roleAssignments
Intune プロバイダーのロールの割り当てを一覧表示するには:
GET /roleManagement/deviceManagement/roleAssignments
Defender プロバイダーのロールの割り当てを一覧表示するには:
GET /roleManagement/defender/roleAssignments
オプションのクエリ パラメーター
roleDefinitionIdまたはprincipalIdプロパティでフィルター処理できます。
roleDefinitionId プロパティには、ロール オブジェクト ID またはロール テンプレート オブジェクト ID を指定できます。 一般的な情報については、「OData クエリ パラメーター」を参照してください。
| 名前 |
説明 |
| Authorization |
ベアラー {token}。 必須です。
認証と認可についての詳細をご覧ください。 |
要求本文
このメソッドには、要求本文を指定しません。
応答
成功した場合、このメソッドは 200 OK 応答コードと、応答本文の unifiedRoleAssignmentMultiple オブジェクトのコレクションを返します。
例
例 1: Intune プロバイダーの特定のプリンシパルのロールの割り当てを一覧表示する
要求
要求の例を次に示します。
GET https://graph.microsoft.com/beta/roleManagement/deviceManagement/roleAssignments?$filter=principalId eq '9e47fc6f-2d7a-464c-944e-d3dd0de522e4'
// Code snippets are only available for the latest version. Current version is 5.x
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.RoleManagement.DeviceManagement.RoleAssignments.GetAsync((requestConfiguration) =>
{
requestConfiguration.QueryParameters.Filter = "principalId eq '9e47fc6f-2d7a-464c-944e-d3dd0de522e4'";
});
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphrolemanagement "github.com/microsoftgraph/msgraph-beta-sdk-go/rolemanagement"
//other-imports
)
requestFilter := "principalId eq '9e47fc6f-2d7a-464c-944e-d3dd0de522e4'"
requestParameters := &graphrolemanagement.DeviceManagementRoleAssignmentsRequestBuilderGetQueryParameters{
Filter: &requestFilter,
}
configuration := &graphrolemanagement.DeviceManagementRoleAssignmentsRequestBuilderGetRequestConfiguration{
QueryParameters: requestParameters,
}
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
roleAssignments, err := graphClient.RoleManagement().DeviceManagement().RoleAssignments().Get(context.Background(), configuration)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
UnifiedRoleAssignmentMultipleCollectionResponse result = graphClient.roleManagement().deviceManagement().roleAssignments().get(requestConfiguration -> {
requestConfiguration.queryParameters.filter = "principalId eq '9e47fc6f-2d7a-464c-944e-d3dd0de522e4'";
});
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\RoleManagement\DeviceManagement\RoleAssignments\RoleAssignmentsRequestBuilderGetRequestConfiguration;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestConfiguration = new RoleAssignmentsRequestBuilderGetRequestConfiguration();
$queryParameters = RoleAssignmentsRequestBuilderGetRequestConfiguration::createQueryParameters();
$queryParameters->filter = "principalId eq '9e47fc6f-2d7a-464c-944e-d3dd0de522e4'";
$requestConfiguration->queryParameters = $queryParameters;
$result = $graphServiceClient->roleManagement()->deviceManagement()->roleAssignments()->get($requestConfiguration)->wait();
Import-Module Microsoft.Graph.Beta.DeviceManagement.Enrollment
Get-MgBetaRoleManagementDeviceManagementRoleAssignment -Filter "principalId eq '9e47fc6f-2d7a-464c-944e-d3dd0de522e4'"
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.role_management.device_management.role_assignments.role_assignments_request_builder import RoleAssignmentsRequestBuilder
from kiota_abstractions.base_request_configuration import RequestConfiguration
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
query_params = RoleAssignmentsRequestBuilder.RoleAssignmentsRequestBuilderGetQueryParameters(
filter = "principalId eq '9e47fc6f-2d7a-464c-944e-d3dd0de522e4'",
)
request_configuration = RequestConfiguration(
query_parameters = query_params,
)
result = await graph_client.role_management.device_management.role_assignments.get(request_configuration = request_configuration)
応答
応答の例を次に示します。
注: ここに示す応答オブジェクトは、読みやすさのために短縮されている場合があります。
HTTP/1.1 200 OK
Content-type: application/json
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/deviceManagement/roleAssignments/$entity",
"value": [
{
"@odata.type": "#microsoft.graph.unifiedRoleAssignmentMultiple",
"id": "lAPpYvVpN0KRkAEhdxReEJC2sEqbR_9Hr48lds9SGHI-1",
"roleDefinitionId": "62e90394-69f5-4237-9190-012177145e10",
"principalIds[]": ["9e47fc6f-2d7a-464c-944e-d3dd0de522e4", "f8ca5a85-489a-49a0-b555-0a6d81e56f0d"],
"directoryScopeIds[]": ["28ca5a85-489a-49a0-b555-0a6d81e56f0", "8152656a-cf9a-4928-a457-1512d4cae295"]
},
{
"@odata.type": "#microsoft.graph.unifiedRoleAssignmentMultiple",
"id": "2BNpYvVpN0KRkAEhdxReEJC2sEqbR_9Hr48lds9SWRD-2",
"roleDefinitionId": "9e47fc6f-2d7a-464c-944e-d3dd0de522e4",
"principalIds[]": ["9e47fc6f-2d7a-464c-944e-d3dd0de522e4", "53a6c08d-0227-41bd-8bc6-2728df6be749", "a4991fe1-6d7c-427c-969b-bda6df78c458"],
"appScopeIds[]": ["28ca5a85-489a-49a0-b555-0a6d81e56f0"]
}
]
}
例 2: クラウド PC プロバイダーのロールの割り当てを一覧表示する
要求
GET https://graph.microsoft.com/beta/roleManagement/cloudPC/roleAssignments
// Code snippets are only available for the latest version. Current version is 5.x
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.RoleManagement.CloudPC.RoleAssignments.GetAsync();
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
//other-imports
)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
roleAssignments, err := graphClient.RoleManagement().CloudPC().RoleAssignments().Get(context.Background(), nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
UnifiedRoleAssignmentMultipleCollectionResponse result = graphClient.roleManagement().cloudPC().roleAssignments().get();
const options = {
authProvider,
};
const client = Client.init(options);
let roleAssignments = await client.api('/roleManagement/cloudPC/roleAssignments')
.version('beta')
.get();
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$result = $graphServiceClient->roleManagement()->cloudPC()->roleAssignments()->get()->wait();
Import-Module Microsoft.Graph.Beta.DeviceManagement.Enrollment
Get-MgBetaRoleManagementCloudPcRoleAssignment
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
result = await graph_client.role_management.cloud_p_c.role_assignments.get()
応答
注: ここに示す応答オブジェクトは、読みやすさのために短縮されている場合があります。 実際の呼び出しではすべてのプロパティが返されます。
HTTP/1.1 200 OK
Content-type: application/json
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/cloudPC/roleAssignments/$entity",
"value": [
{
"id": "dbe9d288-fd87-41f4-b33d-b498ed207096",
"description": null,
"displayName": "My test role assignment 1",
"roleDefinitionId": "b5c08161-a7af-481c-ace2-a20a69a48fb1",
"principalIds": [
"8e811502-ebda-4782-8f81-071d17f0f892",
"30e3492f-964c-4d73-88c6-986a53c6e2a0"
],
"directoryScopeIds": [
"/"
],
"appScopeIds": []
},
{
"id": "fad74173-3fe3-4e64-9a80-297bdad2b36e",
"description": null,
"displayName": "My test role assignment 2",
"roleDefinitionId": "b5c08161-a7af-481c-ace2-a20a69a48fb1",
"principalIds": [
"8e811502-ebda-4782-8f81-071d17f0f892",
],
"directoryScopeIds": [
"/"
],
"appScopeIds": []
}
]
}
例 3: クラウド PC プロバイダーの特定のロールのロールの割り当てを一覧表示する
要求
GET https://graph.microsoft.com/beta/roleManagement/cloudPC/roleAssignments?$filter=roleDefinitionId eq 'b5c08161-a7af-481c-ace2-a20a69a48fb1'
// Code snippets are only available for the latest version. Current version is 5.x
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.RoleManagement.CloudPC.RoleAssignments.GetAsync((requestConfiguration) =>
{
requestConfiguration.QueryParameters.Filter = "roleDefinitionId eq 'b5c08161-a7af-481c-ace2-a20a69a48fb1'";
});
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphrolemanagement "github.com/microsoftgraph/msgraph-beta-sdk-go/rolemanagement"
//other-imports
)
requestFilter := "roleDefinitionId eq 'b5c08161-a7af-481c-ace2-a20a69a48fb1'"
requestParameters := &graphrolemanagement.CloudPCRoleAssignmentsRequestBuilderGetQueryParameters{
Filter: &requestFilter,
}
configuration := &graphrolemanagement.CloudPCRoleAssignmentsRequestBuilderGetRequestConfiguration{
QueryParameters: requestParameters,
}
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
roleAssignments, err := graphClient.RoleManagement().CloudPC().RoleAssignments().Get(context.Background(), configuration)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
UnifiedRoleAssignmentMultipleCollectionResponse result = graphClient.roleManagement().cloudPC().roleAssignments().get(requestConfiguration -> {
requestConfiguration.queryParameters.filter = "roleDefinitionId eq 'b5c08161-a7af-481c-ace2-a20a69a48fb1'";
});
const options = {
authProvider,
};
const client = Client.init(options);
let roleAssignments = await client.api('/roleManagement/cloudPC/roleAssignments')
.version('beta')
.filter('roleDefinitionId eq \'b5c08161-a7af-481c-ace2-a20a69a48fb1\'')
.get();
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\RoleManagement\CloudPC\RoleAssignments\RoleAssignmentsRequestBuilderGetRequestConfiguration;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestConfiguration = new RoleAssignmentsRequestBuilderGetRequestConfiguration();
$queryParameters = RoleAssignmentsRequestBuilderGetRequestConfiguration::createQueryParameters();
$queryParameters->filter = "roleDefinitionId eq 'b5c08161-a7af-481c-ace2-a20a69a48fb1'";
$requestConfiguration->queryParameters = $queryParameters;
$result = $graphServiceClient->roleManagement()->cloudPC()->roleAssignments()->get($requestConfiguration)->wait();
Import-Module Microsoft.Graph.Beta.DeviceManagement.Enrollment
Get-MgBetaRoleManagementCloudPcRoleAssignment -Filter "roleDefinitionId eq 'b5c08161-a7af-481c-ace2-a20a69a48fb1'"
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.role_management.cloud_p_c.role_assignments.role_assignments_request_builder import RoleAssignmentsRequestBuilder
from kiota_abstractions.base_request_configuration import RequestConfiguration
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
query_params = RoleAssignmentsRequestBuilder.RoleAssignmentsRequestBuilderGetQueryParameters(
filter = "roleDefinitionId eq 'b5c08161-a7af-481c-ace2-a20a69a48fb1'",
)
request_configuration = RequestConfiguration(
query_parameters = query_params,
)
result = await graph_client.role_management.cloud_p_c.role_assignments.get(request_configuration = request_configuration)
応答
注: ここに示す応答オブジェクトは、読みやすさのために短縮されている場合があります。 実際の呼び出しではすべてのプロパティが返されます。
HTTP/1.1 200 OK
Content-type: application/json
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/cloudPC/roleAssignments",
"value": [{
"id": "ed9e247f-f23b-4d72-9e8c-97fa6f385246",
"description": "",
"displayName": "test",
"roleDefinitionId": "b5c08161-a7af-481c-ace2-a20a69a48fb1",
"principalIds": ["689c9051-77ff-4f14-9b39-3d22de07321a"],
"directoryScopeIds": ["/"],
"appScopeIds": []
}, {
"id": "3d8e564b-761a-4b32-8f50-63d555f7bc00",
"description": "test1",
"displayName": "AssignmentTest",
"roleDefinitionId": "b5c08161-a7af-481c-ace2-a20a69a48fb1",
"principalIds": ["0ec7855b-4057-4b7c-9217-09ee9bf4dfd7"],
"directoryScopeIds": ["/"],
"appScopeIds": []
}, {
"id": "f36a3269-d03d-4d33-81e7-190bded40ad2",
"description": "",
"displayName": "test3",
"roleDefinitionId": "b5c08161-a7af-481c-ace2-a20a69a48fb1",
"principalIds": ["e4ea53cf-cdd6-46b5-bf38-570033a0fba3"],
"directoryScopeIds": ["/"],
"appScopeIds": []
}]
}
例 4: Defender プロバイダーの特定のロールに対するロールの割り当てを一覧表示する
要求
GET https://graph.microsoft.com/beta/roleManagement/defender/roleAssignments?$filter=roleDefinitionId eq 'b5c08161-a7af-481c-ace2-a20a69a48fb1'
// Code snippets are only available for the latest version. Current version is 5.x
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.RoleManagement.Defender.RoleAssignments.GetAsync((requestConfiguration) =>
{
requestConfiguration.QueryParameters.Filter = "roleDefinitionId eq 'b5c08161-a7af-481c-ace2-a20a69a48fb1'";
});
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphrolemanagement "github.com/microsoftgraph/msgraph-beta-sdk-go/rolemanagement"
//other-imports
)
requestFilter := "roleDefinitionId eq 'b5c08161-a7af-481c-ace2-a20a69a48fb1'"
requestParameters := &graphrolemanagement.DefenderRoleAssignmentsRequestBuilderGetQueryParameters{
Filter: &requestFilter,
}
configuration := &graphrolemanagement.DefenderRoleAssignmentsRequestBuilderGetRequestConfiguration{
QueryParameters: requestParameters,
}
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
roleAssignments, err := graphClient.RoleManagement().Defender().RoleAssignments().Get(context.Background(), configuration)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
UnifiedRoleAssignmentMultipleCollectionResponse result = graphClient.roleManagement().defender().roleAssignments().get(requestConfiguration -> {
requestConfiguration.queryParameters.filter = "roleDefinitionId eq 'b5c08161-a7af-481c-ace2-a20a69a48fb1'";
});
const options = {
authProvider,
};
const client = Client.init(options);
let roleAssignments = await client.api('/roleManagement/defender/roleAssignments')
.version('beta')
.filter('roleDefinitionId eq \'b5c08161-a7af-481c-ace2-a20a69a48fb1\'')
.get();
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\RoleManagement\Defender\RoleAssignments\RoleAssignmentsRequestBuilderGetRequestConfiguration;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestConfiguration = new RoleAssignmentsRequestBuilderGetRequestConfiguration();
$queryParameters = RoleAssignmentsRequestBuilderGetRequestConfiguration::createQueryParameters();
$queryParameters->filter = "roleDefinitionId eq 'b5c08161-a7af-481c-ace2-a20a69a48fb1'";
$requestConfiguration->queryParameters = $queryParameters;
$result = $graphServiceClient->roleManagement()->defender()->roleAssignments()->get($requestConfiguration)->wait();
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.role_management.defender.role_assignments.role_assignments_request_builder import RoleAssignmentsRequestBuilder
from kiota_abstractions.base_request_configuration import RequestConfiguration
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
query_params = RoleAssignmentsRequestBuilder.RoleAssignmentsRequestBuilderGetQueryParameters(
filter = "roleDefinitionId eq 'b5c08161-a7af-481c-ace2-a20a69a48fb1'",
)
request_configuration = RequestConfiguration(
query_parameters = query_params,
)
result = await graph_client.role_management.defender.role_assignments.get(request_configuration = request_configuration)
応答
注: ここに示す応答オブジェクトは、読みやすさのために短縮されている場合があります。 実際の呼び出しではすべてのプロパティが返されます。
HTTP/1.1 200 OK
Content-type: application/json
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/defender/roleAssignments",
"value": [
{
"id": "dbe9d288-fd87-41f4-b33d-b498ed207096",
"displayName": "Example role assignment scoped to specific domain identity",
"roleDefinitionId": "b5c08161-a7af-481c-ace2-a20a69a48fb1",
"principalIds": [
"8e811502-ebda-4782-8f81-071d17f0f892",
"30e3492f-964c-4d73-88c6-986a53c6e2a0"
],
"appScopeIds": [
"Mdi", "/UserGroupId/481c-ace2-a20a69a48f"
]
},
{
"id": "fad74173-3fe3-4e64-9a80-297bdad2b36e",
"displayName": "Example role assignment not scoped to any workload nor scope",
"roleDefinitionId": "b5c08161-a7af-481c-ace2-a20a69a48fb1",
"principalIds": [
"8e811502-ebda-4782-8f81-071d17f0f892"
],
"appScopeIds": [
"/"
]
}
]
}