Namespace: microsoft.graph
Crie um novo objeto delegatedAdminAccessAssignment .
Esta API está disponível nas seguintes implementações de cloud nacionais.
| Serviço global |
US Government L4 |
US Government L5 (DOD) |
China operada pela 21Vianet |
| ✅ |
✅ |
✅ |
❌ |
Permissões
Escolha a permissão ou permissões marcadas como menos privilegiadas para esta API. Utilize uma permissão ou permissões com privilégios mais elevados apenas se a sua aplicação o exigir. Para obter detalhes sobre as permissões delegadas e de aplicação, veja Tipos de permissão. Para saber mais sobre estas permissões, veja a referência de permissões.
| Tipo de permissão |
Permissões com menos privilégios |
Permissões com privilégios superiores |
| Delegado (conta corporativa ou de estudante) |
DelegatedAdminRelationship.ReadWrite.All |
Indisponível. |
| Delegado (conta pessoal da Microsoft) |
Sem suporte. |
Sem suporte. |
| Application |
DelegatedAdminRelationship.ReadWrite.All |
Indisponível. |
Importante
Para chamar esta API através de permissões de aplicação, tem de aprovisionar o principal de serviço identificado por appId2832473f-ec63-45fb-976f-5d45a7d4bb91 e com o nome Administração Delegada de Cliente Parceiro no inquilino do parceiro. Para aprovisionar o principal de serviço no inquilino do parceiro, chame a API Create servicePrincipal .
Solicitação HTTP
POST /tenantRelationships/delegatedAdminRelationships/{delegatedAdminRelationshipId}/accessAssignments
| Nome |
Descrição |
| Autorização |
{token} de portador. Obrigatório. Saiba mais sobre autenticação e autorização. |
| Content-Type |
application/json. Obrigatório. |
Corpo da solicitação
No corpo do pedido, forneça uma representação JSON do objeto delegatedAdminAccessAssignment .
Pode especificar as seguintes propriedades ao criar um delegatedAdminAccessAssignment.
| Propriedade |
Tipo |
Descrição |
| accessContainer |
delegatedAdminAccessContainer |
O contentor de acesso através do qual os membros têm acesso atribuído. Por exemplo, um grupo de segurança. |
| accessDetails |
delegatedAdminAccessDetails |
Os identificadores das funções administrativas atribuídas ao parceiro no inquilino do cliente. |
Resposta
Se for bem-sucedido, este método devolve um 201 Created código de resposta e um objeto delegatedAdminAccessAssignment no corpo da resposta. Um cabeçalho Localização na resposta aponta para o objeto delegatedAdminAccessAssignment criado.
Exemplos
Solicitação
POST https://graph.microsoft.com/v1.0/tenantRelationships/delegatedAdminRelationships/72a7ae7e-4887-4e34-9755-2e1e9b26b943-63f017cb-9e0d-4f14-94bd-4871902b3409/accessAssignments
Content-Type: application/json
{
"accessContainer": {
"accessContainerId": "869713c9-0b28-4d08-8949-ae07ae1bf528",
"accessContainerType": "securityGroup"
},
"accessDetails": {
"unifiedRoles": [
{
"roleDefinitionId": "29232cdf-9323-42fd-ade2-1d097af3e4de"
},
{
"roleDefinitionId": "f2ef992c-3afb-46b9-b7cf-a126ee74c451"
},
{
"roleDefinitionId": "729827e3-9c14-49f7-bb1b-9608f156bbb8"
},
{
"roleDefinitionId": "3a2c62db-5318-420d-8d74-23affee5d9d5"
}
]
}
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Models;
var requestBody = new DelegatedAdminAccessAssignment
{
AccessContainer = new DelegatedAdminAccessContainer
{
AccessContainerId = "869713c9-0b28-4d08-8949-ae07ae1bf528",
AccessContainerType = DelegatedAdminAccessContainerType.SecurityGroup,
},
AccessDetails = new DelegatedAdminAccessDetails
{
UnifiedRoles = new List<UnifiedRole>
{
new UnifiedRole
{
RoleDefinitionId = "29232cdf-9323-42fd-ade2-1d097af3e4de",
},
new UnifiedRole
{
RoleDefinitionId = "f2ef992c-3afb-46b9-b7cf-a126ee74c451",
},
new UnifiedRole
{
RoleDefinitionId = "729827e3-9c14-49f7-bb1b-9608f156bbb8",
},
new UnifiedRole
{
RoleDefinitionId = "3a2c62db-5318-420d-8d74-23affee5d9d5",
},
},
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.TenantRelationships.DelegatedAdminRelationships["{delegatedAdminRelationship-id}"].AccessAssignments.PostAsync(requestBody);
Para obter detalhes sobre como adicionar o SDK ao seu projeto e criar uma instância authProvider, consulte a documentação do SDK.
// Code snippets are only available for the latest major version. Current major version is $v1.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewDelegatedAdminAccessAssignment()
accessContainer := graphmodels.NewDelegatedAdminAccessContainer()
accessContainerId := "869713c9-0b28-4d08-8949-ae07ae1bf528"
accessContainer.SetAccessContainerId(&accessContainerId)
accessContainerType := graphmodels.SECURITYGROUP_DELEGATEDADMINACCESSCONTAINERTYPE
accessContainer.SetAccessContainerType(&accessContainerType)
requestBody.SetAccessContainer(accessContainer)
accessDetails := graphmodels.NewDelegatedAdminAccessDetails()
unifiedRole := graphmodels.NewUnifiedRole()
roleDefinitionId := "29232cdf-9323-42fd-ade2-1d097af3e4de"
unifiedRole.SetRoleDefinitionId(&roleDefinitionId)
unifiedRole1 := graphmodels.NewUnifiedRole()
roleDefinitionId := "f2ef992c-3afb-46b9-b7cf-a126ee74c451"
unifiedRole1.SetRoleDefinitionId(&roleDefinitionId)
unifiedRole2 := graphmodels.NewUnifiedRole()
roleDefinitionId := "729827e3-9c14-49f7-bb1b-9608f156bbb8"
unifiedRole2.SetRoleDefinitionId(&roleDefinitionId)
unifiedRole3 := graphmodels.NewUnifiedRole()
roleDefinitionId := "3a2c62db-5318-420d-8d74-23affee5d9d5"
unifiedRole3.SetRoleDefinitionId(&roleDefinitionId)
unifiedRoles := []graphmodels.UnifiedRoleable {
unifiedRole,
unifiedRole1,
unifiedRole2,
unifiedRole3,
}
accessDetails.SetUnifiedRoles(unifiedRoles)
requestBody.SetAccessDetails(accessDetails)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
accessAssignments, err := graphClient.TenantRelationships().DelegatedAdminRelationships().ByDelegatedAdminRelationshipId("delegatedAdminRelationship-id").AccessAssignments().Post(context.Background(), requestBody, nil)
Para obter detalhes sobre como adicionar o SDK ao seu projeto e criar uma instância authProvider, consulte a documentação do SDK.
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
DelegatedAdminAccessAssignment delegatedAdminAccessAssignment = new DelegatedAdminAccessAssignment();
DelegatedAdminAccessContainer accessContainer = new DelegatedAdminAccessContainer();
accessContainer.setAccessContainerId("869713c9-0b28-4d08-8949-ae07ae1bf528");
accessContainer.setAccessContainerType(DelegatedAdminAccessContainerType.SecurityGroup);
delegatedAdminAccessAssignment.setAccessContainer(accessContainer);
DelegatedAdminAccessDetails accessDetails = new DelegatedAdminAccessDetails();
LinkedList<UnifiedRole> unifiedRoles = new LinkedList<UnifiedRole>();
UnifiedRole unifiedRole = new UnifiedRole();
unifiedRole.setRoleDefinitionId("29232cdf-9323-42fd-ade2-1d097af3e4de");
unifiedRoles.add(unifiedRole);
UnifiedRole unifiedRole1 = new UnifiedRole();
unifiedRole1.setRoleDefinitionId("f2ef992c-3afb-46b9-b7cf-a126ee74c451");
unifiedRoles.add(unifiedRole1);
UnifiedRole unifiedRole2 = new UnifiedRole();
unifiedRole2.setRoleDefinitionId("729827e3-9c14-49f7-bb1b-9608f156bbb8");
unifiedRoles.add(unifiedRole2);
UnifiedRole unifiedRole3 = new UnifiedRole();
unifiedRole3.setRoleDefinitionId("3a2c62db-5318-420d-8d74-23affee5d9d5");
unifiedRoles.add(unifiedRole3);
accessDetails.setUnifiedRoles(unifiedRoles);
delegatedAdminAccessAssignment.setAccessDetails(accessDetails);
DelegatedAdminAccessAssignment result = graphClient.tenantRelationships().delegatedAdminRelationships().byDelegatedAdminRelationshipId("{delegatedAdminRelationship-id}").accessAssignments().post(delegatedAdminAccessAssignment);
Para obter detalhes sobre como adicionar o SDK ao seu projeto e criar uma instância authProvider, consulte a documentação do SDK.
const options = {
authProvider,
};
const client = Client.init(options);
const delegatedAdminAccessAssignment = {
accessContainer: {
accessContainerId: '869713c9-0b28-4d08-8949-ae07ae1bf528',
accessContainerType: 'securityGroup'
},
accessDetails: {
unifiedRoles: [
{
roleDefinitionId: '29232cdf-9323-42fd-ade2-1d097af3e4de'
},
{
roleDefinitionId: 'f2ef992c-3afb-46b9-b7cf-a126ee74c451'
},
{
roleDefinitionId: '729827e3-9c14-49f7-bb1b-9608f156bbb8'
},
{
roleDefinitionId: '3a2c62db-5318-420d-8d74-23affee5d9d5'
}
]
}
};
await client.api('/tenantRelationships/delegatedAdminRelationships/72a7ae7e-4887-4e34-9755-2e1e9b26b943-63f017cb-9e0d-4f14-94bd-4871902b3409/accessAssignments')
.post(delegatedAdminAccessAssignment);
Para obter detalhes sobre como adicionar o SDK ao seu projeto e criar uma instância authProvider, consulte a documentação do SDK.
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\DelegatedAdminAccessAssignment;
use Microsoft\Graph\Generated\Models\DelegatedAdminAccessContainer;
use Microsoft\Graph\Generated\Models\DelegatedAdminAccessContainerType;
use Microsoft\Graph\Generated\Models\DelegatedAdminAccessDetails;
use Microsoft\Graph\Generated\Models\UnifiedRole;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new DelegatedAdminAccessAssignment();
$accessContainer = new DelegatedAdminAccessContainer();
$accessContainer->setAccessContainerId('869713c9-0b28-4d08-8949-ae07ae1bf528');
$accessContainer->setAccessContainerType(new DelegatedAdminAccessContainerType('securityGroup'));
$requestBody->setAccessContainer($accessContainer);
$accessDetails = new DelegatedAdminAccessDetails();
$unifiedRolesUnifiedRole1 = new UnifiedRole();
$unifiedRolesUnifiedRole1->setRoleDefinitionId('29232cdf-9323-42fd-ade2-1d097af3e4de');
$unifiedRolesArray []= $unifiedRolesUnifiedRole1;
$unifiedRolesUnifiedRole2 = new UnifiedRole();
$unifiedRolesUnifiedRole2->setRoleDefinitionId('f2ef992c-3afb-46b9-b7cf-a126ee74c451');
$unifiedRolesArray []= $unifiedRolesUnifiedRole2;
$unifiedRolesUnifiedRole3 = new UnifiedRole();
$unifiedRolesUnifiedRole3->setRoleDefinitionId('729827e3-9c14-49f7-bb1b-9608f156bbb8');
$unifiedRolesArray []= $unifiedRolesUnifiedRole3;
$unifiedRolesUnifiedRole4 = new UnifiedRole();
$unifiedRolesUnifiedRole4->setRoleDefinitionId('3a2c62db-5318-420d-8d74-23affee5d9d5');
$unifiedRolesArray []= $unifiedRolesUnifiedRole4;
$accessDetails->setUnifiedRoles($unifiedRolesArray);
$requestBody->setAccessDetails($accessDetails);
$result = $graphServiceClient->tenantRelationships()->delegatedAdminRelationships()->byDelegatedAdminRelationshipId('delegatedAdminRelationship-id')->accessAssignments()->post($requestBody)->wait();
Para obter detalhes sobre como adicionar o SDK ao seu projeto e criar uma instância authProvider, consulte a documentação do SDK.
Import-Module Microsoft.Graph.Identity.Partner
$params = @{
accessContainer = @{
accessContainerId = "869713c9-0b28-4d08-8949-ae07ae1bf528"
accessContainerType = "securityGroup"
}
accessDetails = @{
unifiedRoles = @(
@{
roleDefinitionId = "29232cdf-9323-42fd-ade2-1d097af3e4de"
}
@{
roleDefinitionId = "f2ef992c-3afb-46b9-b7cf-a126ee74c451"
}
@{
roleDefinitionId = "729827e3-9c14-49f7-bb1b-9608f156bbb8"
}
@{
roleDefinitionId = "3a2c62db-5318-420d-8d74-23affee5d9d5"
}
)
}
}
New-MgTenantRelationshipDelegatedAdminRelationshipAccessAssignment -DelegatedAdminRelationshipId $delegatedAdminRelationshipId -BodyParameter $params
Para obter detalhes sobre como adicionar o SDK ao seu projeto e criar uma instância authProvider, consulte a documentação do SDK.
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.models.delegated_admin_access_assignment import DelegatedAdminAccessAssignment
from msgraph.generated.models.delegated_admin_access_container import DelegatedAdminAccessContainer
from msgraph.generated.models.delegated_admin_access_container_type import DelegatedAdminAccessContainerType
from msgraph.generated.models.delegated_admin_access_details import DelegatedAdminAccessDetails
from msgraph.generated.models.unified_role import UnifiedRole
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = DelegatedAdminAccessAssignment(
access_container = DelegatedAdminAccessContainer(
access_container_id = "869713c9-0b28-4d08-8949-ae07ae1bf528",
access_container_type = DelegatedAdminAccessContainerType.SecurityGroup,
),
access_details = DelegatedAdminAccessDetails(
unified_roles = [
UnifiedRole(
role_definition_id = "29232cdf-9323-42fd-ade2-1d097af3e4de",
),
UnifiedRole(
role_definition_id = "f2ef992c-3afb-46b9-b7cf-a126ee74c451",
),
UnifiedRole(
role_definition_id = "729827e3-9c14-49f7-bb1b-9608f156bbb8",
),
UnifiedRole(
role_definition_id = "3a2c62db-5318-420d-8d74-23affee5d9d5",
),
],
),
)
result = await graph_client.tenant_relationships.delegated_admin_relationships.by_delegated_admin_relationship_id('delegatedAdminRelationship-id').access_assignments.post(request_body)
Para obter detalhes sobre como adicionar o SDK ao seu projeto e criar uma instância authProvider, consulte a documentação do SDK.
Resposta
HTTP/1.1 201 Created
Content-Type: application/json
Location: https://graph.microsoft.com/v1.0/tenantRelationships/delegatedAdminRelationships/72a7ae7e-4887-4e34-9755-2e1e9b26b943-63f017cb-9e0d-4f14-94bd-4871902b3409/accessAssignments/a9d6cf90-083a-47dc-ace2-1da98be3f344
{
"@odata.type": "#microsoft.graph.delegatedAdminAccessAssignment",
"@odata.context": "https://graph.microsoft.com/v1.0/tenantRelationships/$metadata#accessAssignments",
"@odata.etag": "W/\"JyIxODAwZTY4My0wMDAwLTAyMDAtMDAwMC02MTU0OWFmMDAwMDAiJw==\"",
"id": "a9d6cf90-083a-47dc-ace2-1da98be3f344",
"status": "pending",
"createdDateTime": "2022-02-13T10:33:52.3182097Z",
"lastModifiedDateTime": "2022-02-13T10:33:52.3182097Z",
"accessContainer": {
"accessContainerId": "869713c9-0b28-4d08-8949-ae07ae1bf528",
"accessContainerType": "securityGroup"
},
"accessDetails": {
"unifiedRoles": [
{
"roleDefinitionId": "29232cdf-9323-42fd-ade2-1d097af3e4de"
},
{
"roleDefinitionId": "f2ef992c-3afb-46b9-b7cf-a126ee74c451"
},
{
"roleDefinitionId": "729827e3-9c14-49f7-bb1b-9608f156bbb8"
},
{
"roleDefinitionId": "3a2c62db-5318-420d-8d74-23affee5d9d5"
}
]
}
}