Namespace: microsoft.graph
Importante
As APIs na versão /beta no Microsoft Graph estão sujeitas a alterações. Não há suporte para o uso dessas APIs em aplicativos de produção. Para determinar se uma API está disponível na v1.0, use o seletor Versão.
Obtenha uma lista de objetos unifiedRoleAssignmentMultiple para um fornecedor RBAC.
Os seguintes fornecedores RBAC são atualmente suportados:
- PC na nuvem.
- gestão de dispositivos (Intune)
- Defender (Microsoft Defender XDR)
Para outras aplicações do Microsoft 365 (como Microsoft Entra ID), utilize unifiedRoleAssignment.
Esta API está disponível nas seguintes implementações de cloud nacionais.
| Serviço global |
US Government L4 |
US Government L5 (DOD) |
China operada pela 21Vianet |
| ✅ |
✅ |
✅ |
✅ |
Permissões
As tabelas seguintes mostram as permissões ou permissões com menos privilégios necessárias para chamar esta API em cada tipo de recurso suportado. Siga as melhores práticas para pedir permissões com menos privilégios. Para obter detalhes sobre as permissões delegadas e de aplicação, veja Tipos de permissão. Para saber mais sobre estas permissões, veja a referência de permissões.
Para o fornecedor de PCs Cloud
| Tipo de permissão |
Permissões com menos privilégios |
Permissões com privilégios superiores |
| Delegado (conta corporativa ou de estudante) |
CloudPC.Read.All |
CloudPC.ReadWrite.All, DeviceManagementRBAC.Read.All, DeviceManagementRBAC.ReadWrite.All |
| Delegado (conta pessoal da Microsoft) |
Sem suporte. |
Sem suporte. |
| Application |
CloudPC.Read.All |
CloudPC.ReadWrite.All, DeviceManagementRBAC.Read.All, DeviceManagementRBAC.ReadWrite.All |
Para o fornecedor de Gestão de dispositivos (Intune)
| Tipo de permissão |
Permissões com menos privilégios |
Permissões com privilégios superiores |
| Delegado (conta corporativa ou de estudante) |
CloudPC.Read.All |
CloudPC.ReadWrite.All, DeviceManagementRBAC.Read.All, DeviceManagementRBAC.ReadWrite.All |
| Delegado (conta pessoal da Microsoft) |
Sem suporte. |
Sem suporte. |
| Application |
CloudPC.Read.All |
CloudPC.ReadWrite.All, DeviceManagementRBAC.Read.All, DeviceManagementRBAC.ReadWrite.All |
Para o fornecedor do Defender
| Tipo de permissão |
Permissões com menos privilégios |
Permissões com privilégios superiores |
| Delegado (conta corporativa ou de estudante) |
RoleManagement.Read.Defender |
RoleManagement.Read.All, RoleManagement.ReadWrite.Defender |
| Delegado (conta pessoal da Microsoft) |
Sem suporte. |
Sem suporte. |
| Application |
RoleManagement.Read.Defender |
RoleManagement.Read.All, RoleManagement.ReadWrite.Defender |
Solicitação HTTP
Para listar atribuições de funções para um fornecedor de PC na Cloud:
GET /roleManagement/cloudPc/roleAssignments
Para listar atribuições de funções para um fornecedor de Intune:
GET /roleManagement/deviceManagement/roleAssignments
Para listar atribuições de funções para um fornecedor do Defender:
GET /roleManagement/defender/roleAssignments
Parâmetros de consulta opcionais
Pode filtrar as roleDefinitionId propriedades ou principalId . A roleDefinitionId propriedade pode ser um ID de objeto de função ou um ID de objeto de modelo de função. Para obter informações gerais, acesse Parâmetros de consulta OData.
Corpo da solicitação
Não forneça um corpo de solicitação para esse método.
Resposta
Se for bem-sucedido, este método devolve um 200 OK código de resposta e uma coleção de objetos unifiedRoleAssignmentMultiple no corpo da resposta.
Exemplo
Exemplo 1: listar as atribuições de funções de um principal específico para um fornecedor de Intune
Solicitação
Segue-se um exemplo do pedido:
GET https://graph.microsoft.com/beta/roleManagement/deviceManagement/roleAssignments?$filter=principalId eq '9e47fc6f-2d7a-464c-944e-d3dd0de522e4'
// Code snippets are only available for the latest version. Current version is 5.x
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.RoleManagement.DeviceManagement.RoleAssignments.GetAsync((requestConfiguration) =>
{
requestConfiguration.QueryParameters.Filter = "principalId eq '9e47fc6f-2d7a-464c-944e-d3dd0de522e4'";
});
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphrolemanagement "github.com/microsoftgraph/msgraph-beta-sdk-go/rolemanagement"
//other-imports
)
requestFilter := "principalId eq '9e47fc6f-2d7a-464c-944e-d3dd0de522e4'"
requestParameters := &graphrolemanagement.DeviceManagementRoleAssignmentsRequestBuilderGetQueryParameters{
Filter: &requestFilter,
}
configuration := &graphrolemanagement.DeviceManagementRoleAssignmentsRequestBuilderGetRequestConfiguration{
QueryParameters: requestParameters,
}
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
roleAssignments, err := graphClient.RoleManagement().DeviceManagement().RoleAssignments().Get(context.Background(), configuration)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
UnifiedRoleAssignmentMultipleCollectionResponse result = graphClient.roleManagement().deviceManagement().roleAssignments().get(requestConfiguration -> {
requestConfiguration.queryParameters.filter = "principalId eq '9e47fc6f-2d7a-464c-944e-d3dd0de522e4'";
});
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\RoleManagement\DeviceManagement\RoleAssignments\RoleAssignmentsRequestBuilderGetRequestConfiguration;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestConfiguration = new RoleAssignmentsRequestBuilderGetRequestConfiguration();
$queryParameters = RoleAssignmentsRequestBuilderGetRequestConfiguration::createQueryParameters();
$queryParameters->filter = "principalId eq '9e47fc6f-2d7a-464c-944e-d3dd0de522e4'";
$requestConfiguration->queryParameters = $queryParameters;
$result = $graphServiceClient->roleManagement()->deviceManagement()->roleAssignments()->get($requestConfiguration)->wait();
Import-Module Microsoft.Graph.Beta.DeviceManagement.Enrollment
Get-MgBetaRoleManagementDeviceManagementRoleAssignment -Filter "principalId eq '9e47fc6f-2d7a-464c-944e-d3dd0de522e4'"
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.role_management.device_management.role_assignments.role_assignments_request_builder import RoleAssignmentsRequestBuilder
from kiota_abstractions.base_request_configuration import RequestConfiguration
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
query_params = RoleAssignmentsRequestBuilder.RoleAssignmentsRequestBuilderGetQueryParameters(
filter = "principalId eq '9e47fc6f-2d7a-464c-944e-d3dd0de522e4'",
)
request_configuration = RequestConfiguration(
query_parameters = query_params,
)
result = await graph_client.role_management.device_management.role_assignments.get(request_configuration = request_configuration)
Resposta
Segue-se um exemplo da resposta:
Observação: o objeto de resposta mostrado aqui pode ser encurtado para legibilidade.
HTTP/1.1 200 OK
Content-type: application/json
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/deviceManagement/roleAssignments/$entity",
"value": [
{
"@odata.type": "#microsoft.graph.unifiedRoleAssignmentMultiple",
"id": "lAPpYvVpN0KRkAEhdxReEJC2sEqbR_9Hr48lds9SGHI-1",
"roleDefinitionId": "62e90394-69f5-4237-9190-012177145e10",
"principalIds[]": ["9e47fc6f-2d7a-464c-944e-d3dd0de522e4", "f8ca5a85-489a-49a0-b555-0a6d81e56f0d"],
"directoryScopeIds[]": ["28ca5a85-489a-49a0-b555-0a6d81e56f0", "8152656a-cf9a-4928-a457-1512d4cae295"]
},
{
"@odata.type": "#microsoft.graph.unifiedRoleAssignmentMultiple",
"id": "2BNpYvVpN0KRkAEhdxReEJC2sEqbR_9Hr48lds9SWRD-2",
"roleDefinitionId": "9e47fc6f-2d7a-464c-944e-d3dd0de522e4",
"principalIds[]": ["9e47fc6f-2d7a-464c-944e-d3dd0de522e4", "53a6c08d-0227-41bd-8bc6-2728df6be749", "a4991fe1-6d7c-427c-969b-bda6df78c458"],
"appScopeIds[]": ["28ca5a85-489a-49a0-b555-0a6d81e56f0"]
}
]
}
Exemplo 2: listar atribuições de funções para um fornecedor de PC na Cloud
Solicitação
GET https://graph.microsoft.com/beta/roleManagement/cloudPC/roleAssignments
// Code snippets are only available for the latest version. Current version is 5.x
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.RoleManagement.CloudPC.RoleAssignments.GetAsync();
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
//other-imports
)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
roleAssignments, err := graphClient.RoleManagement().CloudPC().RoleAssignments().Get(context.Background(), nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
UnifiedRoleAssignmentMultipleCollectionResponse result = graphClient.roleManagement().cloudPC().roleAssignments().get();
const options = {
authProvider,
};
const client = Client.init(options);
let roleAssignments = await client.api('/roleManagement/cloudPC/roleAssignments')
.version('beta')
.get();
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$result = $graphServiceClient->roleManagement()->cloudPC()->roleAssignments()->get()->wait();
Import-Module Microsoft.Graph.Beta.DeviceManagement.Enrollment
Get-MgBetaRoleManagementCloudPcRoleAssignment
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
result = await graph_client.role_management.cloud_p_c.role_assignments.get()
Resposta
Observação: o objeto de resposta mostrado aqui pode ser encurtado para legibilidade. Todas as propriedades serão retornadas de uma chamada real.
HTTP/1.1 200 OK
Content-type: application/json
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/cloudPC/roleAssignments/$entity",
"value": [
{
"id": "dbe9d288-fd87-41f4-b33d-b498ed207096",
"description": null,
"displayName": "My test role assignment 1",
"roleDefinitionId": "b5c08161-a7af-481c-ace2-a20a69a48fb1",
"principalIds": [
"8e811502-ebda-4782-8f81-071d17f0f892",
"30e3492f-964c-4d73-88c6-986a53c6e2a0"
],
"directoryScopeIds": [
"/"
],
"appScopeIds": []
},
{
"id": "fad74173-3fe3-4e64-9a80-297bdad2b36e",
"description": null,
"displayName": "My test role assignment 2",
"roleDefinitionId": "b5c08161-a7af-481c-ace2-a20a69a48fb1",
"principalIds": [
"8e811502-ebda-4782-8f81-071d17f0f892",
],
"directoryScopeIds": [
"/"
],
"appScopeIds": []
}
]
}
Exemplo 3: Listar atribuições de funções para uma função específica de um fornecedor de PC na Cloud
Solicitação
GET https://graph.microsoft.com/beta/roleManagement/cloudPC/roleAssignments?$filter=roleDefinitionId eq 'b5c08161-a7af-481c-ace2-a20a69a48fb1'
// Code snippets are only available for the latest version. Current version is 5.x
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.RoleManagement.CloudPC.RoleAssignments.GetAsync((requestConfiguration) =>
{
requestConfiguration.QueryParameters.Filter = "roleDefinitionId eq 'b5c08161-a7af-481c-ace2-a20a69a48fb1'";
});
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphrolemanagement "github.com/microsoftgraph/msgraph-beta-sdk-go/rolemanagement"
//other-imports
)
requestFilter := "roleDefinitionId eq 'b5c08161-a7af-481c-ace2-a20a69a48fb1'"
requestParameters := &graphrolemanagement.CloudPCRoleAssignmentsRequestBuilderGetQueryParameters{
Filter: &requestFilter,
}
configuration := &graphrolemanagement.CloudPCRoleAssignmentsRequestBuilderGetRequestConfiguration{
QueryParameters: requestParameters,
}
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
roleAssignments, err := graphClient.RoleManagement().CloudPC().RoleAssignments().Get(context.Background(), configuration)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
UnifiedRoleAssignmentMultipleCollectionResponse result = graphClient.roleManagement().cloudPC().roleAssignments().get(requestConfiguration -> {
requestConfiguration.queryParameters.filter = "roleDefinitionId eq 'b5c08161-a7af-481c-ace2-a20a69a48fb1'";
});
const options = {
authProvider,
};
const client = Client.init(options);
let roleAssignments = await client.api('/roleManagement/cloudPC/roleAssignments')
.version('beta')
.filter('roleDefinitionId eq \'b5c08161-a7af-481c-ace2-a20a69a48fb1\'')
.get();
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\RoleManagement\CloudPC\RoleAssignments\RoleAssignmentsRequestBuilderGetRequestConfiguration;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestConfiguration = new RoleAssignmentsRequestBuilderGetRequestConfiguration();
$queryParameters = RoleAssignmentsRequestBuilderGetRequestConfiguration::createQueryParameters();
$queryParameters->filter = "roleDefinitionId eq 'b5c08161-a7af-481c-ace2-a20a69a48fb1'";
$requestConfiguration->queryParameters = $queryParameters;
$result = $graphServiceClient->roleManagement()->cloudPC()->roleAssignments()->get($requestConfiguration)->wait();
Import-Module Microsoft.Graph.Beta.DeviceManagement.Enrollment
Get-MgBetaRoleManagementCloudPcRoleAssignment -Filter "roleDefinitionId eq 'b5c08161-a7af-481c-ace2-a20a69a48fb1'"
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.role_management.cloud_p_c.role_assignments.role_assignments_request_builder import RoleAssignmentsRequestBuilder
from kiota_abstractions.base_request_configuration import RequestConfiguration
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
query_params = RoleAssignmentsRequestBuilder.RoleAssignmentsRequestBuilderGetQueryParameters(
filter = "roleDefinitionId eq 'b5c08161-a7af-481c-ace2-a20a69a48fb1'",
)
request_configuration = RequestConfiguration(
query_parameters = query_params,
)
result = await graph_client.role_management.cloud_p_c.role_assignments.get(request_configuration = request_configuration)
Resposta
Observação: o objeto de resposta mostrado aqui pode ser encurtado para legibilidade. Todas as propriedades serão retornadas de uma chamada real.
HTTP/1.1 200 OK
Content-type: application/json
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/cloudPC/roleAssignments",
"value": [{
"id": "ed9e247f-f23b-4d72-9e8c-97fa6f385246",
"description": "",
"displayName": "test",
"roleDefinitionId": "b5c08161-a7af-481c-ace2-a20a69a48fb1",
"principalIds": ["689c9051-77ff-4f14-9b39-3d22de07321a"],
"directoryScopeIds": ["/"],
"appScopeIds": []
}, {
"id": "3d8e564b-761a-4b32-8f50-63d555f7bc00",
"description": "test1",
"displayName": "AssignmentTest",
"roleDefinitionId": "b5c08161-a7af-481c-ace2-a20a69a48fb1",
"principalIds": ["0ec7855b-4057-4b7c-9217-09ee9bf4dfd7"],
"directoryScopeIds": ["/"],
"appScopeIds": []
}, {
"id": "f36a3269-d03d-4d33-81e7-190bded40ad2",
"description": "",
"displayName": "test3",
"roleDefinitionId": "b5c08161-a7af-481c-ace2-a20a69a48fb1",
"principalIds": ["e4ea53cf-cdd6-46b5-bf38-570033a0fba3"],
"directoryScopeIds": ["/"],
"appScopeIds": []
}]
}
Exemplo 4: Listar atribuições de funções para uma função específica de um fornecedor do Defender
Solicitação
GET https://graph.microsoft.com/beta/roleManagement/defender/roleAssignments?$filter=roleDefinitionId eq 'b5c08161-a7af-481c-ace2-a20a69a48fb1'
// Code snippets are only available for the latest version. Current version is 5.x
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.RoleManagement.Defender.RoleAssignments.GetAsync((requestConfiguration) =>
{
requestConfiguration.QueryParameters.Filter = "roleDefinitionId eq 'b5c08161-a7af-481c-ace2-a20a69a48fb1'";
});
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphrolemanagement "github.com/microsoftgraph/msgraph-beta-sdk-go/rolemanagement"
//other-imports
)
requestFilter := "roleDefinitionId eq 'b5c08161-a7af-481c-ace2-a20a69a48fb1'"
requestParameters := &graphrolemanagement.DefenderRoleAssignmentsRequestBuilderGetQueryParameters{
Filter: &requestFilter,
}
configuration := &graphrolemanagement.DefenderRoleAssignmentsRequestBuilderGetRequestConfiguration{
QueryParameters: requestParameters,
}
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
roleAssignments, err := graphClient.RoleManagement().Defender().RoleAssignments().Get(context.Background(), configuration)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
UnifiedRoleAssignmentMultipleCollectionResponse result = graphClient.roleManagement().defender().roleAssignments().get(requestConfiguration -> {
requestConfiguration.queryParameters.filter = "roleDefinitionId eq 'b5c08161-a7af-481c-ace2-a20a69a48fb1'";
});
const options = {
authProvider,
};
const client = Client.init(options);
let roleAssignments = await client.api('/roleManagement/defender/roleAssignments')
.version('beta')
.filter('roleDefinitionId eq \'b5c08161-a7af-481c-ace2-a20a69a48fb1\'')
.get();
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\RoleManagement\Defender\RoleAssignments\RoleAssignmentsRequestBuilderGetRequestConfiguration;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestConfiguration = new RoleAssignmentsRequestBuilderGetRequestConfiguration();
$queryParameters = RoleAssignmentsRequestBuilderGetRequestConfiguration::createQueryParameters();
$queryParameters->filter = "roleDefinitionId eq 'b5c08161-a7af-481c-ace2-a20a69a48fb1'";
$requestConfiguration->queryParameters = $queryParameters;
$result = $graphServiceClient->roleManagement()->defender()->roleAssignments()->get($requestConfiguration)->wait();
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.role_management.defender.role_assignments.role_assignments_request_builder import RoleAssignmentsRequestBuilder
from kiota_abstractions.base_request_configuration import RequestConfiguration
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
query_params = RoleAssignmentsRequestBuilder.RoleAssignmentsRequestBuilderGetQueryParameters(
filter = "roleDefinitionId eq 'b5c08161-a7af-481c-ace2-a20a69a48fb1'",
)
request_configuration = RequestConfiguration(
query_parameters = query_params,
)
result = await graph_client.role_management.defender.role_assignments.get(request_configuration = request_configuration)
Resposta
Observação: o objeto de resposta mostrado aqui pode ser encurtado para legibilidade. Todas as propriedades serão retornadas de uma chamada real.
HTTP/1.1 200 OK
Content-type: application/json
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/defender/roleAssignments",
"value": [
{
"id": "dbe9d288-fd87-41f4-b33d-b498ed207096",
"displayName": "Example role assignment scoped to specific domain identity",
"roleDefinitionId": "b5c08161-a7af-481c-ace2-a20a69a48fb1",
"principalIds": [
"8e811502-ebda-4782-8f81-071d17f0f892",
"30e3492f-964c-4d73-88c6-986a53c6e2a0"
],
"appScopeIds": [
"Mdi", "/UserGroupId/481c-ace2-a20a69a48f"
]
},
{
"id": "fad74173-3fe3-4e64-9a80-297bdad2b36e",
"displayName": "Example role assignment not scoped to any workload nor scope",
"roleDefinitionId": "b5c08161-a7af-481c-ace2-a20a69a48fb1",
"principalIds": [
"8e811502-ebda-4782-8f81-071d17f0f892"
],
"appScopeIds": [
"/"
]
}
]
}