Namespace: microsoft.graph
Importante
As APIs na versão /beta no Microsoft Graph estão sujeitas a alterações. Não há suporte para o uso dessas APIs em aplicativos de produção. Para determinar se uma API está disponível na v1.0, use o seletor Versão.
Crie um novo accessPackageResourceRoleScope para adicionar uma função de recurso a um pacote de acesso. O recurso do pacote de acesso, para um grupo, uma aplicação ou um site do SharePoint Online, já tem de existir no catálogo de pacotes de acesso e o originId para a função de recurso obtida a partir da lista de funções de recursos. Depois de adicionar o âmbito da função de recurso ao pacote de acesso, o utilizador receberá esta função de recurso através de quaisquer atribuições de pacotes de acesso atuais e futuras.
Esta API está disponível nas seguintes implementações de cloud nacionais.
| Serviço global |
US Government L4 |
US Government L5 (DOD) |
China operada pela 21Vianet |
| ✅ |
✅ |
✅ |
✅ |
Permissões
Escolha a permissão ou permissões marcadas como menos privilegiadas para esta API. Utilize uma permissão ou permissões com privilégios mais elevados apenas se a sua aplicação o exigir. Para obter detalhes sobre as permissões delegadas e de aplicação, veja Tipos de permissão. Para saber mais sobre estas permissões, veja a referência de permissões.
| Tipo de permissão |
Permissões com menos privilégios |
Permissões com privilégios superiores |
| Delegado (conta corporativa ou de estudante) |
EntitlementManagement.ReadWrite.All |
Indisponível. |
| Delegado (conta pessoal da Microsoft) |
Sem suporte. |
Sem suporte. |
| Application |
EntitlementManagement.ReadWrite.All |
Indisponível. |
Dica
Em cenários delegados com contas escolares ou profissionais, o utilizador com sessão iniciada também tem de ter uma função de administrador com permissões de função suportadas através de uma das seguintes opções:
Em cenários apenas de aplicações, a aplicação de chamadas pode ser atribuída a uma das funções suportadas anteriores em vez da permissão da aplicação EntitlementManagement.ReadWrite.All . A função gestor de pacotes do Access tem menos privilégios do que a permissão da aplicação.EntitlementManagement.ReadWrite.All
Para obter mais informações, veja Delegação e funções na gestão de direitos e como delegar a governação de acesso aos gestores de pacotes de acesso na gestão de direitos.
Solicitação HTTP
POST /identityGovernance/entitlementManagement/accessPackages/{id}/accessPackageResourceRoleScopes
| Nome |
Descrição |
| Autorização |
{token} de portador. Obrigatório. Saiba mais sobre autenticação e autorização. |
| Content-Type |
application/json. Obrigatório. |
Corpo da solicitação
No corpo do pedido, forneça uma representação JSON de um objeto accessPackageResourceRoleScope . Inclua no objeto as relações com um objeto accessPackageResourceRole , que pode ser obtido a partir de um pedido para listar funções de recursos de pacotes de acesso de um recurso num catálogo, e um objeto accessPackageResourceScope , que pode ser obtido a partir de um pedido para listar recursos do pacote de acesso com $expand=accessPackageResourceScopes.
Resposta
Se for bem-sucedido, este método devolve um código de resposta de série 200 e um novo objeto accessPackageResourceRoleScope no corpo da resposta.
Exemplos
Exemplo 1: adicionar a associação a grupos como uma função de recurso a um pacote de acesso
Solicitação
O exemplo a seguir mostra uma solicitação. Antes deste pedido, o recurso 1d08498d-72a1-403f-8511-6b1f875746a0 do pacote de acesso para o grupo b31fe1f1-3651-488f-bd9a-1711887fd4ca já deve ter sido adicionado ao catálogo de pacotes de acesso que contém este pacote de acesso. O recurso poderia ter sido adicionado ao catálogo ao criar um pedido de recurso do pacote de acesso.
POST https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackages/{id}/accessPackageResourceRoleScopes
Content-type: application/json
{
"accessPackageResourceRole":{
"originId":"Member_b31fe1f1-3651-488f-bd9a-1711887fd4ca",
"displayName":"Member",
"originSystem":"AadGroup",
"accessPackageResource":{"id":"1d08498d-72a1-403f-8511-6b1f875746a0","resourceType":"O365 Group","originId":"b31fe1f1-3651-488f-bd9a-1711887fd4ca","originSystem":"AadGroup"}
},
"accessPackageResourceScope":{
"originId":"b31fe1f1-3651-488f-bd9a-1711887fd4ca","originSystem":"AadGroup"
}
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models;
var requestBody = new AccessPackageResourceRoleScope
{
AccessPackageResourceRole = new AccessPackageResourceRole
{
OriginId = "Member_b31fe1f1-3651-488f-bd9a-1711887fd4ca",
DisplayName = "Member",
OriginSystem = "AadGroup",
AccessPackageResource = new AccessPackageResource
{
Id = "1d08498d-72a1-403f-8511-6b1f875746a0",
ResourceType = "O365 Group",
OriginId = "b31fe1f1-3651-488f-bd9a-1711887fd4ca",
OriginSystem = "AadGroup",
},
},
AccessPackageResourceScope = new AccessPackageResourceScope
{
OriginId = "b31fe1f1-3651-488f-bd9a-1711887fd4ca",
OriginSystem = "AadGroup",
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.EntitlementManagement.AccessPackages["{accessPackage-id}"].AccessPackageResourceRoleScopes.PostAsync(requestBody);
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewAccessPackageResourceRoleScope()
accessPackageResourceRole := graphmodels.NewAccessPackageResourceRole()
originId := "Member_b31fe1f1-3651-488f-bd9a-1711887fd4ca"
accessPackageResourceRole.SetOriginId(&originId)
displayName := "Member"
accessPackageResourceRole.SetDisplayName(&displayName)
originSystem := "AadGroup"
accessPackageResourceRole.SetOriginSystem(&originSystem)
accessPackageResource := graphmodels.NewAccessPackageResource()
id := "1d08498d-72a1-403f-8511-6b1f875746a0"
accessPackageResource.SetId(&id)
resourceType := "O365 Group"
accessPackageResource.SetResourceType(&resourceType)
originId := "b31fe1f1-3651-488f-bd9a-1711887fd4ca"
accessPackageResource.SetOriginId(&originId)
originSystem := "AadGroup"
accessPackageResource.SetOriginSystem(&originSystem)
accessPackageResourceRole.SetAccessPackageResource(accessPackageResource)
requestBody.SetAccessPackageResourceRole(accessPackageResourceRole)
accessPackageResourceScope := graphmodels.NewAccessPackageResourceScope()
originId := "b31fe1f1-3651-488f-bd9a-1711887fd4ca"
accessPackageResourceScope.SetOriginId(&originId)
originSystem := "AadGroup"
accessPackageResourceScope.SetOriginSystem(&originSystem)
requestBody.SetAccessPackageResourceScope(accessPackageResourceScope)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
accessPackageResourceRoleScopes, err := graphClient.IdentityGovernance().EntitlementManagement().AccessPackages().ByAccessPackageId("accessPackage-id").AccessPackageResourceRoleScopes().Post(context.Background(), requestBody, nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
AccessPackageResourceRoleScope accessPackageResourceRoleScope = new AccessPackageResourceRoleScope();
AccessPackageResourceRole accessPackageResourceRole = new AccessPackageResourceRole();
accessPackageResourceRole.setOriginId("Member_b31fe1f1-3651-488f-bd9a-1711887fd4ca");
accessPackageResourceRole.setDisplayName("Member");
accessPackageResourceRole.setOriginSystem("AadGroup");
AccessPackageResource accessPackageResource = new AccessPackageResource();
accessPackageResource.setId("1d08498d-72a1-403f-8511-6b1f875746a0");
accessPackageResource.setResourceType("O365 Group");
accessPackageResource.setOriginId("b31fe1f1-3651-488f-bd9a-1711887fd4ca");
accessPackageResource.setOriginSystem("AadGroup");
accessPackageResourceRole.setAccessPackageResource(accessPackageResource);
accessPackageResourceRoleScope.setAccessPackageResourceRole(accessPackageResourceRole);
AccessPackageResourceScope accessPackageResourceScope = new AccessPackageResourceScope();
accessPackageResourceScope.setOriginId("b31fe1f1-3651-488f-bd9a-1711887fd4ca");
accessPackageResourceScope.setOriginSystem("AadGroup");
accessPackageResourceRoleScope.setAccessPackageResourceScope(accessPackageResourceScope);
AccessPackageResourceRoleScope result = graphClient.identityGovernance().entitlementManagement().accessPackages().byAccessPackageId("{accessPackage-id}").accessPackageResourceRoleScopes().post(accessPackageResourceRoleScope);
const options = {
authProvider,
};
const client = Client.init(options);
const accessPackageResourceRoleScope = {
accessPackageResourceRole: {
originId: 'Member_b31fe1f1-3651-488f-bd9a-1711887fd4ca',
displayName: 'Member',
originSystem: 'AadGroup',
accessPackageResource: {id: '1d08498d-72a1-403f-8511-6b1f875746a0',resourceType: 'O365 Group',originId: 'b31fe1f1-3651-488f-bd9a-1711887fd4ca',originSystem: 'AadGroup'}
},
accessPackageResourceScope: {
originId: 'b31fe1f1-3651-488f-bd9a-1711887fd4ca',originSystem: 'AadGroup'
}
};
await client.api('/identityGovernance/entitlementManagement/accessPackages/{id}/accessPackageResourceRoleScopes')
.version('beta')
.post(accessPackageResourceRoleScope);
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\AccessPackageResourceRoleScope;
use Microsoft\Graph\Beta\Generated\Models\AccessPackageResourceRole;
use Microsoft\Graph\Beta\Generated\Models\AccessPackageResource;
use Microsoft\Graph\Beta\Generated\Models\AccessPackageResourceScope;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new AccessPackageResourceRoleScope();
$accessPackageResourceRole = new AccessPackageResourceRole();
$accessPackageResourceRole->setOriginId('Member_b31fe1f1-3651-488f-bd9a-1711887fd4ca');
$accessPackageResourceRole->setDisplayName('Member');
$accessPackageResourceRole->setOriginSystem('AadGroup');
$accessPackageResourceRoleAccessPackageResource = new AccessPackageResource();
$accessPackageResourceRoleAccessPackageResource->setId('1d08498d-72a1-403f-8511-6b1f875746a0');
$accessPackageResourceRoleAccessPackageResource->setResourceType('O365 Group');
$accessPackageResourceRoleAccessPackageResource->setOriginId('b31fe1f1-3651-488f-bd9a-1711887fd4ca');
$accessPackageResourceRoleAccessPackageResource->setOriginSystem('AadGroup');
$accessPackageResourceRole->setAccessPackageResource($accessPackageResourceRoleAccessPackageResource);
$requestBody->setAccessPackageResourceRole($accessPackageResourceRole);
$accessPackageResourceScope = new AccessPackageResourceScope();
$accessPackageResourceScope->setOriginId('b31fe1f1-3651-488f-bd9a-1711887fd4ca');
$accessPackageResourceScope->setOriginSystem('AadGroup');
$requestBody->setAccessPackageResourceScope($accessPackageResourceScope);
$result = $graphServiceClient->identityGovernance()->entitlementManagement()->accessPackages()->byAccessPackageId('accessPackage-id')->accessPackageResourceRoleScopes()->post($requestBody)->wait();
Import-Module Microsoft.Graph.Beta.Identity.Governance
$params = @{
accessPackageResourceRole = @{
originId = "Member_b31fe1f1-3651-488f-bd9a-1711887fd4ca"
displayName = "Member"
originSystem = "AadGroup"
accessPackageResource = @{
id = "1d08498d-72a1-403f-8511-6b1f875746a0"
resourceType = "O365 Group"
originId = "b31fe1f1-3651-488f-bd9a-1711887fd4ca"
originSystem = "AadGroup"
}
}
accessPackageResourceScope = @{
originId = "b31fe1f1-3651-488f-bd9a-1711887fd4ca"
originSystem = "AadGroup"
}
}
New-MgBetaEntitlementManagementAccessPackageResourceRoleScope -AccessPackageId $accessPackageId -BodyParameter $params
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.access_package_resource_role_scope import AccessPackageResourceRoleScope
from msgraph_beta.generated.models.access_package_resource_role import AccessPackageResourceRole
from msgraph_beta.generated.models.access_package_resource import AccessPackageResource
from msgraph_beta.generated.models.access_package_resource_scope import AccessPackageResourceScope
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = AccessPackageResourceRoleScope(
access_package_resource_role = AccessPackageResourceRole(
origin_id = "Member_b31fe1f1-3651-488f-bd9a-1711887fd4ca",
display_name = "Member",
origin_system = "AadGroup",
access_package_resource = AccessPackageResource(
id = "1d08498d-72a1-403f-8511-6b1f875746a0",
resource_type = "O365 Group",
origin_id = "b31fe1f1-3651-488f-bd9a-1711887fd4ca",
origin_system = "AadGroup",
),
),
access_package_resource_scope = AccessPackageResourceScope(
origin_id = "b31fe1f1-3651-488f-bd9a-1711887fd4ca",
origin_system = "AadGroup",
),
)
result = await graph_client.identity_governance.entitlement_management.access_packages.by_access_package_id('accessPackage-id').access_package_resource_role_scopes.post(request_body)
Resposta
O exemplo a seguir mostra a resposta.
Observação: o objeto de resposta mostrado aqui pode ser encurtado para legibilidade.
HTTP/1.1 201 Created
Content-type: application/json
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#accessPackageResourceRoleScopes/$entity",
"id": "ad5c7636-e481-4528-991f-198e3b38dd56_ffd4004a-f4a9-4b22-b027-759e55c0d1db",
"createdBy": "admin@example.com",
"createdDateTime": "2019-12-11T01:35:26.4754081Z",
"modifiedBy": "admin@example.com",
"modifiedDateTime": "2019-12-11T01:35:26.4754081Z"
}
Exemplo 2: adicionar uma função de site do SharePoint Online a um pacote de acesso
Solicitação
O exemplo seguinte mostra um pedido para um recurso de âmbito não raiz. O recurso do pacote de acesso para o site já deve ter sido adicionado ao catálogo de pacotes de acesso que contém este pacote de acesso.
O pedido contém um objeto accessPackageResourceRole , que pode ser obtido a partir de um pedido anterior para listar funções de recursos do pacote de acesso de um recurso num catálogo. Cada tipo de recurso define o formato do campo originId numa função de recurso. Para um site do SharePoint Online, originId é o número de sequência da função no site.
Se o objeto accessPackageResourceScope obtido a partir de um pedido anterior para listar recursos do pacote de acesso tiver o recurso como um âmbito de raiz (isRootScope definido como true), inclua a propriedade isRootScope no objeto accessPackageResourceScope do pedido.
POST https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackages/{id}/accessPackageResourceRoleScopes
Content-type: application/json
{
"accessPackageResourceRole": {
"originId": "4",
"originSystem": "SharePointOnline",
"accessPackageResource": {
"id": "53c71803-a0a8-4777-aecc-075de8ee3991"
}
},
"accessPackageResourceScope": {
"id": "5ae0ae7c-d0a5-42aa-ab37-1f15e9a61d33",
"originId": "https://microsoft.sharepoint.com/portals/Community",
"originSystem": "SharePointOnline"
}
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models;
var requestBody = new AccessPackageResourceRoleScope
{
AccessPackageResourceRole = new AccessPackageResourceRole
{
OriginId = "4",
OriginSystem = "SharePointOnline",
AccessPackageResource = new AccessPackageResource
{
Id = "53c71803-a0a8-4777-aecc-075de8ee3991",
},
},
AccessPackageResourceScope = new AccessPackageResourceScope
{
Id = "5ae0ae7c-d0a5-42aa-ab37-1f15e9a61d33",
OriginId = "https://microsoft.sharepoint.com/portals/Community",
OriginSystem = "SharePointOnline",
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.EntitlementManagement.AccessPackages["{accessPackage-id}"].AccessPackageResourceRoleScopes.PostAsync(requestBody);
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewAccessPackageResourceRoleScope()
accessPackageResourceRole := graphmodels.NewAccessPackageResourceRole()
originId := "4"
accessPackageResourceRole.SetOriginId(&originId)
originSystem := "SharePointOnline"
accessPackageResourceRole.SetOriginSystem(&originSystem)
accessPackageResource := graphmodels.NewAccessPackageResource()
id := "53c71803-a0a8-4777-aecc-075de8ee3991"
accessPackageResource.SetId(&id)
accessPackageResourceRole.SetAccessPackageResource(accessPackageResource)
requestBody.SetAccessPackageResourceRole(accessPackageResourceRole)
accessPackageResourceScope := graphmodels.NewAccessPackageResourceScope()
id := "5ae0ae7c-d0a5-42aa-ab37-1f15e9a61d33"
accessPackageResourceScope.SetId(&id)
originId := "https://microsoft.sharepoint.com/portals/Community"
accessPackageResourceScope.SetOriginId(&originId)
originSystem := "SharePointOnline"
accessPackageResourceScope.SetOriginSystem(&originSystem)
requestBody.SetAccessPackageResourceScope(accessPackageResourceScope)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
accessPackageResourceRoleScopes, err := graphClient.IdentityGovernance().EntitlementManagement().AccessPackages().ByAccessPackageId("accessPackage-id").AccessPackageResourceRoleScopes().Post(context.Background(), requestBody, nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
AccessPackageResourceRoleScope accessPackageResourceRoleScope = new AccessPackageResourceRoleScope();
AccessPackageResourceRole accessPackageResourceRole = new AccessPackageResourceRole();
accessPackageResourceRole.setOriginId("4");
accessPackageResourceRole.setOriginSystem("SharePointOnline");
AccessPackageResource accessPackageResource = new AccessPackageResource();
accessPackageResource.setId("53c71803-a0a8-4777-aecc-075de8ee3991");
accessPackageResourceRole.setAccessPackageResource(accessPackageResource);
accessPackageResourceRoleScope.setAccessPackageResourceRole(accessPackageResourceRole);
AccessPackageResourceScope accessPackageResourceScope = new AccessPackageResourceScope();
accessPackageResourceScope.setId("5ae0ae7c-d0a5-42aa-ab37-1f15e9a61d33");
accessPackageResourceScope.setOriginId("https://microsoft.sharepoint.com/portals/Community");
accessPackageResourceScope.setOriginSystem("SharePointOnline");
accessPackageResourceRoleScope.setAccessPackageResourceScope(accessPackageResourceScope);
AccessPackageResourceRoleScope result = graphClient.identityGovernance().entitlementManagement().accessPackages().byAccessPackageId("{accessPackage-id}").accessPackageResourceRoleScopes().post(accessPackageResourceRoleScope);
const options = {
authProvider,
};
const client = Client.init(options);
const accessPackageResourceRoleScope = {
accessPackageResourceRole: {
originId: '4',
originSystem: 'SharePointOnline',
accessPackageResource: {
id: '53c71803-a0a8-4777-aecc-075de8ee3991'
}
},
accessPackageResourceScope: {
id: '5ae0ae7c-d0a5-42aa-ab37-1f15e9a61d33',
originId: 'https://microsoft.sharepoint.com/portals/Community',
originSystem: 'SharePointOnline'
}
};
await client.api('/identityGovernance/entitlementManagement/accessPackages/{id}/accessPackageResourceRoleScopes')
.version('beta')
.post(accessPackageResourceRoleScope);
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\AccessPackageResourceRoleScope;
use Microsoft\Graph\Beta\Generated\Models\AccessPackageResourceRole;
use Microsoft\Graph\Beta\Generated\Models\AccessPackageResource;
use Microsoft\Graph\Beta\Generated\Models\AccessPackageResourceScope;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new AccessPackageResourceRoleScope();
$accessPackageResourceRole = new AccessPackageResourceRole();
$accessPackageResourceRole->setOriginId('4');
$accessPackageResourceRole->setOriginSystem('SharePointOnline');
$accessPackageResourceRoleAccessPackageResource = new AccessPackageResource();
$accessPackageResourceRoleAccessPackageResource->setId('53c71803-a0a8-4777-aecc-075de8ee3991');
$accessPackageResourceRole->setAccessPackageResource($accessPackageResourceRoleAccessPackageResource);
$requestBody->setAccessPackageResourceRole($accessPackageResourceRole);
$accessPackageResourceScope = new AccessPackageResourceScope();
$accessPackageResourceScope->setId('5ae0ae7c-d0a5-42aa-ab37-1f15e9a61d33');
$accessPackageResourceScope->setOriginId('https://microsoft.sharepoint.com/portals/Community');
$accessPackageResourceScope->setOriginSystem('SharePointOnline');
$requestBody->setAccessPackageResourceScope($accessPackageResourceScope);
$result = $graphServiceClient->identityGovernance()->entitlementManagement()->accessPackages()->byAccessPackageId('accessPackage-id')->accessPackageResourceRoleScopes()->post($requestBody)->wait();
Import-Module Microsoft.Graph.Beta.Identity.Governance
$params = @{
accessPackageResourceRole = @{
originId = "4"
originSystem = "SharePointOnline"
accessPackageResource = @{
id = "53c71803-a0a8-4777-aecc-075de8ee3991"
}
}
accessPackageResourceScope = @{
id = "5ae0ae7c-d0a5-42aa-ab37-1f15e9a61d33"
originId = "https://microsoft.sharepoint.com/portals/Community"
originSystem = "SharePointOnline"
}
}
New-MgBetaEntitlementManagementAccessPackageResourceRoleScope -AccessPackageId $accessPackageId -BodyParameter $params
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.access_package_resource_role_scope import AccessPackageResourceRoleScope
from msgraph_beta.generated.models.access_package_resource_role import AccessPackageResourceRole
from msgraph_beta.generated.models.access_package_resource import AccessPackageResource
from msgraph_beta.generated.models.access_package_resource_scope import AccessPackageResourceScope
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = AccessPackageResourceRoleScope(
access_package_resource_role = AccessPackageResourceRole(
origin_id = "4",
origin_system = "SharePointOnline",
access_package_resource = AccessPackageResource(
id = "53c71803-a0a8-4777-aecc-075de8ee3991",
),
),
access_package_resource_scope = AccessPackageResourceScope(
id = "5ae0ae7c-d0a5-42aa-ab37-1f15e9a61d33",
origin_id = "https://microsoft.sharepoint.com/portals/Community",
origin_system = "SharePointOnline",
),
)
result = await graph_client.identity_governance.entitlement_management.access_packages.by_access_package_id('accessPackage-id').access_package_resource_role_scopes.post(request_body)
Resposta
O exemplo a seguir mostra a resposta.
Observação: o objeto de resposta mostrado aqui pode ser encurtado para legibilidade.
HTTP/1.1 201 Created
Content-type: application/json
{
"id": "6646a29e-da03-49f6-bcd9-dec124492de3_5ae0ae7c-d0a5-42aa-ab37-1f15e9a61d33"
}
Exemplo 3: Adicionar uma função de Microsoft Entra como recurso num pacote de acesso
Solicitação
POST https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackages/{id}/accessPackageResourceRoleScopes
Content-type: application/json
{
"role": {
"originId": "Eligible",
"displayName": "Eligible Member",
"originSystem": "DirectoryRole",
"resource": {
"id": "ea036095-57a6-4c90-a640-013edf151eb1"
}
},
"scope": {
"description": "Root Scope",
"displayName": "Root",
"isRootScope": true,
"originSystem": "DirectoryRole",
"originId": "c4e39bd9-1100-46d3-8c65-fb160da0071f"
}
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models;
using Microsoft.Kiota.Abstractions.Serialization;
var requestBody = new AccessPackageResourceRoleScope
{
AdditionalData = new Dictionary<string, object>
{
{
"role" , new UntypedObject(new Dictionary<string, UntypedNode>
{
{
"originId", new UntypedString("Eligible")
},
{
"displayName", new UntypedString("Eligible Member")
},
{
"originSystem", new UntypedString("DirectoryRole")
},
{
"resource", new UntypedObject(new Dictionary<string, UntypedNode>
{
{
"id", new UntypedString("ea036095-57a6-4c90-a640-013edf151eb1")
},
})
},
})
},
{
"scope" , new UntypedObject(new Dictionary<string, UntypedNode>
{
{
"description", new UntypedString("Root Scope")
},
{
"displayName", new UntypedString("Root")
},
{
"isRootScope", new UntypedBoolean(true)
},
{
"originSystem", new UntypedString("DirectoryRole")
},
{
"originId", new UntypedString("c4e39bd9-1100-46d3-8c65-fb160da0071f")
},
})
},
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.EntitlementManagement.AccessPackages["{accessPackage-id}"].AccessPackageResourceRoleScopes.PostAsync(requestBody);
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewAccessPackageResourceRoleScope()
additionalData := map[string]interface{}{
role := graph.New()
originId := "Eligible"
role.SetOriginId(&originId)
displayName := "Eligible Member"
role.SetDisplayName(&displayName)
originSystem := "DirectoryRole"
role.SetOriginSystem(&originSystem)
resource := graph.New()
id := "ea036095-57a6-4c90-a640-013edf151eb1"
resource.SetId(&id)
role.SetResource(resource)
requestBody.SetRole(role)
scope := graph.New()
description := "Root Scope"
scope.SetDescription(&description)
displayName := "Root"
scope.SetDisplayName(&displayName)
isRootScope := true
scope.SetIsRootScope(&isRootScope)
originSystem := "DirectoryRole"
scope.SetOriginSystem(&originSystem)
originId := "c4e39bd9-1100-46d3-8c65-fb160da0071f"
scope.SetOriginId(&originId)
requestBody.SetScope(scope)
}
requestBody.SetAdditionalData(additionalData)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
accessPackageResourceRoleScopes, err := graphClient.IdentityGovernance().EntitlementManagement().AccessPackages().ByAccessPackageId("accessPackage-id").AccessPackageResourceRoleScopes().Post(context.Background(), requestBody, nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
AccessPackageResourceRoleScope accessPackageResourceRoleScope = new AccessPackageResourceRoleScope();
HashMap<String, Object> additionalData = new HashMap<String, Object>();
role = new ();
role.setOriginId("Eligible");
role.setDisplayName("Eligible Member");
role.setOriginSystem("DirectoryRole");
resource = new ();
resource.setId("ea036095-57a6-4c90-a640-013edf151eb1");
role.setResource(resource);
additionalData.put("role", role);
scope = new ();
scope.setDescription("Root Scope");
scope.setDisplayName("Root");
scope.setIsRootScope(true);
scope.setOriginSystem("DirectoryRole");
scope.setOriginId("c4e39bd9-1100-46d3-8c65-fb160da0071f");
additionalData.put("scope", scope);
accessPackageResourceRoleScope.setAdditionalData(additionalData);
AccessPackageResourceRoleScope result = graphClient.identityGovernance().entitlementManagement().accessPackages().byAccessPackageId("{accessPackage-id}").accessPackageResourceRoleScopes().post(accessPackageResourceRoleScope);
const options = {
authProvider,
};
const client = Client.init(options);
const accessPackageResourceRoleScope = {
role: {
originId: 'Eligible',
displayName: 'Eligible Member',
originSystem: 'DirectoryRole',
resource: {
id: 'ea036095-57a6-4c90-a640-013edf151eb1'
}
},
scope: {
description: 'Root Scope',
displayName: 'Root',
isRootScope: true,
originSystem: 'DirectoryRole',
originId: 'c4e39bd9-1100-46d3-8c65-fb160da0071f'
}
};
await client.api('/identityGovernance/entitlementManagement/accessPackages/{id}/accessPackageResourceRoleScopes')
.version('beta')
.post(accessPackageResourceRoleScope);
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\AccessPackageResourceRoleScope;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new AccessPackageResourceRoleScope();
$additionalData = [
'role' => [
'originId' => 'Eligible',
'displayName' => 'Eligible Member',
'originSystem' => 'DirectoryRole',
'resource' => [
'id' => 'ea036095-57a6-4c90-a640-013edf151eb1',
],
],
'scope' => [
'description' => 'Root Scope',
'displayName' => 'Root',
'isRootScope' => true,
'originSystem' => 'DirectoryRole',
'originId' => 'c4e39bd9-1100-46d3-8c65-fb160da0071f',
],
];
$requestBody->setAdditionalData($additionalData);
$result = $graphServiceClient->identityGovernance()->entitlementManagement()->accessPackages()->byAccessPackageId('accessPackage-id')->accessPackageResourceRoleScopes()->post($requestBody)->wait();
Import-Module Microsoft.Graph.Beta.Identity.Governance
$params = @{
role = @{
originId = "Eligible"
displayName = "Eligible Member"
originSystem = "DirectoryRole"
resource = @{
id = "ea036095-57a6-4c90-a640-013edf151eb1"
}
}
scope = @{
description = "Root Scope"
displayName = "Root"
isRootScope = $true
originSystem = "DirectoryRole"
originId = "c4e39bd9-1100-46d3-8c65-fb160da0071f"
}
}
New-MgBetaEntitlementManagementAccessPackageResourceRoleScope -AccessPackageId $accessPackageId -BodyParameter $params
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.access_package_resource_role_scope import AccessPackageResourceRoleScope
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = AccessPackageResourceRoleScope(
additional_data = {
"role" : {
"origin_id" : "Eligible",
"display_name" : "Eligible Member",
"origin_system" : "DirectoryRole",
"resource" : {
"id" : "ea036095-57a6-4c90-a640-013edf151eb1",
},
},
"scope" : {
"description" : "Root Scope",
"display_name" : "Root",
"is_root_scope" : True,
"origin_system" : "DirectoryRole",
"origin_id" : "c4e39bd9-1100-46d3-8c65-fb160da0071f",
},
}
)
result = await graph_client.identity_governance.entitlement_management.access_packages.by_access_package_id('accessPackage-id').access_package_resource_role_scopes.post(request_body)
Resposta
O exemplo a seguir mostra a resposta.
Observação: o objeto de resposta mostrado aqui pode ser encurtado para legibilidade.
HTTP/1.1 201 Created
Content-type: application/json
{
"id": "ea036095-57a6-4c90-a640-013edf151eb1_c4e39bd9-1100-46d3-8c65-fb160da0071f",
"createdDateTime": "2023-06-28T01:19:48.4216782Z"
}
Exemplo 4: Adicionar um grupo gerido por PIM como uma função de recurso a um pacote de acesso
Solicitação
O exemplo seguinte mostra um pedido para adicionar um grupo gerido por PIM como uma função de recurso a um pacote de acesso. Os membros do grupo são elegíveis para o grupo.
Antes deste pedido, tem de ter adicionado o recurso b86a1828-3171-409e-8343-32a224f324a0 do pacote de acesso para o grupo bcfae74a-91a6-46e9-99bf-89d6487cc3f3 gerido pelo PIM ao catálogo de pacotes de acesso que contém este pacote de acesso. O recurso poderia ter sido adicionado ao catálogo ao criar um pedido de recurso do pacote de acesso.
POST https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackages/b86a1828-3171-409e-8343-32a224f324a0/accessPackageResourceRoleScopes
Content-type: application/json
{
"accessPackageResourceRole":{
"originId":"EligibleMember_89590e41-f49d-4792-b531-6ed6fe6cfe18",
"displayName":"Eligible Member",
"originSystem":"AadGroup",
"accessPackageResource":{"id":"b86a1828-3171-409e-8343-32a224f324a0","resourceType":"O365 Group","originId":"bcfae74a-91a6-46e9-99bf-89d6487cc3f3","originSystem":"AadGroup"}
},
"accessPackageResourceScope":{
"originId":"bcfae74a-91a6-46e9-99bf-89d6487cc3f3","originSystem":"AadGroup"
}
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models;
var requestBody = new AccessPackageResourceRoleScope
{
AccessPackageResourceRole = new AccessPackageResourceRole
{
OriginId = "EligibleMember_89590e41-f49d-4792-b531-6ed6fe6cfe18",
DisplayName = "Eligible Member",
OriginSystem = "AadGroup",
AccessPackageResource = new AccessPackageResource
{
Id = "b86a1828-3171-409e-8343-32a224f324a0",
ResourceType = "O365 Group",
OriginId = "bcfae74a-91a6-46e9-99bf-89d6487cc3f3",
OriginSystem = "AadGroup",
},
},
AccessPackageResourceScope = new AccessPackageResourceScope
{
OriginId = "bcfae74a-91a6-46e9-99bf-89d6487cc3f3",
OriginSystem = "AadGroup",
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.EntitlementManagement.AccessPackages["{accessPackage-id}"].AccessPackageResourceRoleScopes.PostAsync(requestBody);
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewAccessPackageResourceRoleScope()
accessPackageResourceRole := graphmodels.NewAccessPackageResourceRole()
originId := "EligibleMember_89590e41-f49d-4792-b531-6ed6fe6cfe18"
accessPackageResourceRole.SetOriginId(&originId)
displayName := "Eligible Member"
accessPackageResourceRole.SetDisplayName(&displayName)
originSystem := "AadGroup"
accessPackageResourceRole.SetOriginSystem(&originSystem)
accessPackageResource := graphmodels.NewAccessPackageResource()
id := "b86a1828-3171-409e-8343-32a224f324a0"
accessPackageResource.SetId(&id)
resourceType := "O365 Group"
accessPackageResource.SetResourceType(&resourceType)
originId := "bcfae74a-91a6-46e9-99bf-89d6487cc3f3"
accessPackageResource.SetOriginId(&originId)
originSystem := "AadGroup"
accessPackageResource.SetOriginSystem(&originSystem)
accessPackageResourceRole.SetAccessPackageResource(accessPackageResource)
requestBody.SetAccessPackageResourceRole(accessPackageResourceRole)
accessPackageResourceScope := graphmodels.NewAccessPackageResourceScope()
originId := "bcfae74a-91a6-46e9-99bf-89d6487cc3f3"
accessPackageResourceScope.SetOriginId(&originId)
originSystem := "AadGroup"
accessPackageResourceScope.SetOriginSystem(&originSystem)
requestBody.SetAccessPackageResourceScope(accessPackageResourceScope)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
accessPackageResourceRoleScopes, err := graphClient.IdentityGovernance().EntitlementManagement().AccessPackages().ByAccessPackageId("accessPackage-id").AccessPackageResourceRoleScopes().Post(context.Background(), requestBody, nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
AccessPackageResourceRoleScope accessPackageResourceRoleScope = new AccessPackageResourceRoleScope();
AccessPackageResourceRole accessPackageResourceRole = new AccessPackageResourceRole();
accessPackageResourceRole.setOriginId("EligibleMember_89590e41-f49d-4792-b531-6ed6fe6cfe18");
accessPackageResourceRole.setDisplayName("Eligible Member");
accessPackageResourceRole.setOriginSystem("AadGroup");
AccessPackageResource accessPackageResource = new AccessPackageResource();
accessPackageResource.setId("b86a1828-3171-409e-8343-32a224f324a0");
accessPackageResource.setResourceType("O365 Group");
accessPackageResource.setOriginId("bcfae74a-91a6-46e9-99bf-89d6487cc3f3");
accessPackageResource.setOriginSystem("AadGroup");
accessPackageResourceRole.setAccessPackageResource(accessPackageResource);
accessPackageResourceRoleScope.setAccessPackageResourceRole(accessPackageResourceRole);
AccessPackageResourceScope accessPackageResourceScope = new AccessPackageResourceScope();
accessPackageResourceScope.setOriginId("bcfae74a-91a6-46e9-99bf-89d6487cc3f3");
accessPackageResourceScope.setOriginSystem("AadGroup");
accessPackageResourceRoleScope.setAccessPackageResourceScope(accessPackageResourceScope);
AccessPackageResourceRoleScope result = graphClient.identityGovernance().entitlementManagement().accessPackages().byAccessPackageId("{accessPackage-id}").accessPackageResourceRoleScopes().post(accessPackageResourceRoleScope);
const options = {
authProvider,
};
const client = Client.init(options);
const accessPackageResourceRoleScope = {
accessPackageResourceRole: {
originId: 'EligibleMember_89590e41-f49d-4792-b531-6ed6fe6cfe18',
displayName: 'Eligible Member',
originSystem: 'AadGroup',
accessPackageResource: {id: 'b86a1828-3171-409e-8343-32a224f324a0',resourceType: 'O365 Group',originId: 'bcfae74a-91a6-46e9-99bf-89d6487cc3f3',originSystem: 'AadGroup'}
},
accessPackageResourceScope: {
originId: 'bcfae74a-91a6-46e9-99bf-89d6487cc3f3',originSystem: 'AadGroup'
}
};
await client.api('/identityGovernance/entitlementManagement/accessPackages/b86a1828-3171-409e-8343-32a224f324a0/accessPackageResourceRoleScopes')
.version('beta')
.post(accessPackageResourceRoleScope);
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\AccessPackageResourceRoleScope;
use Microsoft\Graph\Beta\Generated\Models\AccessPackageResourceRole;
use Microsoft\Graph\Beta\Generated\Models\AccessPackageResource;
use Microsoft\Graph\Beta\Generated\Models\AccessPackageResourceScope;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new AccessPackageResourceRoleScope();
$accessPackageResourceRole = new AccessPackageResourceRole();
$accessPackageResourceRole->setOriginId('EligibleMember_89590e41-f49d-4792-b531-6ed6fe6cfe18');
$accessPackageResourceRole->setDisplayName('Eligible Member');
$accessPackageResourceRole->setOriginSystem('AadGroup');
$accessPackageResourceRoleAccessPackageResource = new AccessPackageResource();
$accessPackageResourceRoleAccessPackageResource->setId('b86a1828-3171-409e-8343-32a224f324a0');
$accessPackageResourceRoleAccessPackageResource->setResourceType('O365 Group');
$accessPackageResourceRoleAccessPackageResource->setOriginId('bcfae74a-91a6-46e9-99bf-89d6487cc3f3');
$accessPackageResourceRoleAccessPackageResource->setOriginSystem('AadGroup');
$accessPackageResourceRole->setAccessPackageResource($accessPackageResourceRoleAccessPackageResource);
$requestBody->setAccessPackageResourceRole($accessPackageResourceRole);
$accessPackageResourceScope = new AccessPackageResourceScope();
$accessPackageResourceScope->setOriginId('bcfae74a-91a6-46e9-99bf-89d6487cc3f3');
$accessPackageResourceScope->setOriginSystem('AadGroup');
$requestBody->setAccessPackageResourceScope($accessPackageResourceScope);
$result = $graphServiceClient->identityGovernance()->entitlementManagement()->accessPackages()->byAccessPackageId('accessPackage-id')->accessPackageResourceRoleScopes()->post($requestBody)->wait();
Import-Module Microsoft.Graph.Beta.Identity.Governance
$params = @{
accessPackageResourceRole = @{
originId = "EligibleMember_89590e41-f49d-4792-b531-6ed6fe6cfe18"
displayName = "Eligible Member"
originSystem = "AadGroup"
accessPackageResource = @{
id = "b86a1828-3171-409e-8343-32a224f324a0"
resourceType = "O365 Group"
originId = "bcfae74a-91a6-46e9-99bf-89d6487cc3f3"
originSystem = "AadGroup"
}
}
accessPackageResourceScope = @{
originId = "bcfae74a-91a6-46e9-99bf-89d6487cc3f3"
originSystem = "AadGroup"
}
}
New-MgBetaEntitlementManagementAccessPackageResourceRoleScope -AccessPackageId $accessPackageId -BodyParameter $params
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.access_package_resource_role_scope import AccessPackageResourceRoleScope
from msgraph_beta.generated.models.access_package_resource_role import AccessPackageResourceRole
from msgraph_beta.generated.models.access_package_resource import AccessPackageResource
from msgraph_beta.generated.models.access_package_resource_scope import AccessPackageResourceScope
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = AccessPackageResourceRoleScope(
access_package_resource_role = AccessPackageResourceRole(
origin_id = "EligibleMember_89590e41-f49d-4792-b531-6ed6fe6cfe18",
display_name = "Eligible Member",
origin_system = "AadGroup",
access_package_resource = AccessPackageResource(
id = "b86a1828-3171-409e-8343-32a224f324a0",
resource_type = "O365 Group",
origin_id = "bcfae74a-91a6-46e9-99bf-89d6487cc3f3",
origin_system = "AadGroup",
),
),
access_package_resource_scope = AccessPackageResourceScope(
origin_id = "bcfae74a-91a6-46e9-99bf-89d6487cc3f3",
origin_system = "AadGroup",
),
)
result = await graph_client.identity_governance.entitlement_management.access_packages.by_access_package_id('accessPackage-id').access_package_resource_role_scopes.post(request_body)
Resposta
O exemplo a seguir mostra a resposta.
Observação: o objeto de resposta mostrado aqui pode ser encurtado para legibilidade.
HTTP/1.1 201 Created
Content-type: application/json
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#accessPackageResourceRoleScopes/$entity",
"id": "ad5c7636-e481-4528-991f-198e3b38dd56_ffd4004a-f4a9-4b22-b027-759e55c0d1db",
"createdBy": "admin@example.com",
"createdDateTime": "2019-12-11T01:35:26.4754081Z",
"modifiedBy": "admin@example.com",
"modifiedDateTime": "2019-12-11T01:35:26.4754081Z"
}