命名空间:microsoft.graph
更新 delegatedAdminRelationship 对象的属性。
以下限制适用:
- 当 状态属性 为
created时,可以更新此关系。
- 当状态为
created 或 active时,可以更新 autoExtendDuration 属性。
- 仅当状态属性为
active时,才能删除Microsoft Entra全局管理员角色,这表示长时间运行的作。
此 API 可用于以下国家级云部署。
| 全局服务 |
美国政府 L4 |
美国政府 L5 (DOD) |
由世纪互联运营的中国 |
| ✅ |
✅ |
✅ |
❌ |
权限
为此 API 选择标记为最低特权的权限。
只有在应用需要它时,才使用更高的特权权限。 有关委派权限和应用程序权限的详细信息,请参阅权限类型。 要了解有关这些权限的详细信息,请参阅 权限参考。
| 权限类型 |
最低特权权限 |
更高特权权限 |
| 委派(工作或学校帐户) |
DelegatedAdminRelationship.ReadWrite.All |
不可用。 |
| 委派(个人 Microsoft 帐户) |
不支持。 |
不支持。 |
| 应用程序 |
DelegatedAdminRelationship.ReadWrite.All |
不可用。 |
重要
若要使用应用程序权限调用此 API,必须在合作伙伴租户中预配由 appId2832473f-ec63-45fb-976f-5d45a7d4bb91 标识并命名为 合作伙伴客户委托管理 的服务主体。 若要在合作伙伴租户中预配服务主体,请调用 创建 servicePrincipal API。
HTTP 请求
PATCH /tenantRelationships/delegatedAdminRelationships/{delegatedAdminRelationshipId}
| 名称 |
说明 |
| Authorization |
持有者 {token}。 必填。 详细了解 身份验证和授权。 |
| If-Match |
If-match: {etag}。 要更新的 delegatedAdminRelationship 的最后一个已知 ETag 值。 从 LIST 或 GET作中检索 ETag 值。 必填。 |
| Content-Type |
application/json. 必需。 |
请求正文
在请求正文中, 仅 提供要更新的属性的值。 请求正文中未包含的现有属性会保留其以前的值,或者根据对其他属性值的更改重新计算。
下表指定可更新的属性。
响应
如果成功,此方法将 200 OK 返回 或 202 Accepted 响应代码。 当响应为 时,响应200 OK正文包含 delegatedAdminRelationship 对象。
| 名称 |
说明 |
| Content-Type |
application/json. |
| 位置 |
长时间运行的作的位置。 |
| Retry-After |
之后,可以对位置 URL 进行后续 API 调用,以检查长时间运行的作的状态。 |
如果从关系中删除Microsoft Entra全局管理员角色,而其状态属性为 ,active则此方法将返回202 Accepted响应。 响应包含位置标头中的 URL,可用于监视作进度。
如果未提供与请求正文 属性数组中unifiedRolesaccessDetails Microsoft Entra全局管理员角色对应的模板 ID,则 API 将返回200 OK响应正文中的原始 delegatedAdminRelationship 对象。
示例
请求
下面为请求示例。
PATCH https://graph.microsoft.com/v1.0/tenantRelationships/delegatedAdminRelationships/5d027261-d21f-4aa9-b7db-7fa1f56fb163-8777b240-c6f0-4469-9e98-a3205431b836
If-Match: W/"JyI0NzAwNjg0NS0wMDAwLTE5MDAtMDAwMC02MGY0Yjg4MzAwMDAiJw=="
Content-Type: application/json
{
"displayName": "Updated Contoso admin relationship",
"duration": "P31D",
"customer": {
"tenantId": "52eaad04-13a2-4a2f-9ce8-93a294fadf36"
},
"accessDetails": {
"unifiedRoles": [
{
"roleDefinitionId": "44367163-eba1-44c3-98af-f5787879f96a"
},
{
"roleDefinitionId": "29232cdf-9323-42fd-ade2-1d097af3e4de"
},
{
"roleDefinitionId": "69091246-20e8-4a56-aa4d-066075b2a7a8"
},
{
"roleDefinitionId": "3a2c62db-5318-420d-8d74-23affee5d9d5"
}
]
},
"autoExtendDuration": "P180D"
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Models;
var requestBody = new DelegatedAdminRelationship
{
DisplayName = "Updated Contoso admin relationship",
Duration = TimeSpan.Parse("P31D"),
Customer = new DelegatedAdminRelationshipCustomerParticipant
{
TenantId = "52eaad04-13a2-4a2f-9ce8-93a294fadf36",
},
AccessDetails = new DelegatedAdminAccessDetails
{
UnifiedRoles = new List<UnifiedRole>
{
new UnifiedRole
{
RoleDefinitionId = "44367163-eba1-44c3-98af-f5787879f96a",
},
new UnifiedRole
{
RoleDefinitionId = "29232cdf-9323-42fd-ade2-1d097af3e4de",
},
new UnifiedRole
{
RoleDefinitionId = "69091246-20e8-4a56-aa4d-066075b2a7a8",
},
new UnifiedRole
{
RoleDefinitionId = "3a2c62db-5318-420d-8d74-23affee5d9d5",
},
},
},
AutoExtendDuration = TimeSpan.Parse("P180D"),
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.TenantRelationships.DelegatedAdminRelationships["{delegatedAdminRelationship-id}"].PatchAsync(requestBody, (requestConfiguration) =>
{
requestConfiguration.Headers.Add("If-Match", "W/\"JyI0NzAwNjg0NS0wMDAwLTE5MDAtMDAwMC02MGY0Yjg4MzAwMDAiJw==\"");
});
有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息,请参阅 SDK 文档。
// Code snippets are only available for the latest major version. Current major version is $v1.*
// Dependencies
import (
"context"
abstractions "github.com/microsoft/kiota-abstractions-go"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
graphtenantrelationships "github.com/microsoftgraph/msgraph-sdk-go/tenantrelationships"
//other-imports
)
headers := abstractions.NewRequestHeaders()
headers.Add("If-Match", "W/\"JyI0NzAwNjg0NS0wMDAwLTE5MDAtMDAwMC02MGY0Yjg4MzAwMDAiJw==\"")
configuration := &graphtenantrelationships.DelegatedAdminRelationshipsItemRequestBuilderPatchRequestConfiguration{
Headers: headers,
}
requestBody := graphmodels.NewDelegatedAdminRelationship()
displayName := "Updated Contoso admin relationship"
requestBody.SetDisplayName(&displayName)
duration , err := abstractions.ParseISODuration("P31D")
requestBody.SetDuration(&duration)
customer := graphmodels.NewDelegatedAdminRelationshipCustomerParticipant()
tenantId := "52eaad04-13a2-4a2f-9ce8-93a294fadf36"
customer.SetTenantId(&tenantId)
requestBody.SetCustomer(customer)
accessDetails := graphmodels.NewDelegatedAdminAccessDetails()
unifiedRole := graphmodels.NewUnifiedRole()
roleDefinitionId := "44367163-eba1-44c3-98af-f5787879f96a"
unifiedRole.SetRoleDefinitionId(&roleDefinitionId)
unifiedRole1 := graphmodels.NewUnifiedRole()
roleDefinitionId := "29232cdf-9323-42fd-ade2-1d097af3e4de"
unifiedRole1.SetRoleDefinitionId(&roleDefinitionId)
unifiedRole2 := graphmodels.NewUnifiedRole()
roleDefinitionId := "69091246-20e8-4a56-aa4d-066075b2a7a8"
unifiedRole2.SetRoleDefinitionId(&roleDefinitionId)
unifiedRole3 := graphmodels.NewUnifiedRole()
roleDefinitionId := "3a2c62db-5318-420d-8d74-23affee5d9d5"
unifiedRole3.SetRoleDefinitionId(&roleDefinitionId)
unifiedRoles := []graphmodels.UnifiedRoleable {
unifiedRole,
unifiedRole1,
unifiedRole2,
unifiedRole3,
}
accessDetails.SetUnifiedRoles(unifiedRoles)
requestBody.SetAccessDetails(accessDetails)
autoExtendDuration , err := abstractions.ParseISODuration("P180D")
requestBody.SetAutoExtendDuration(&autoExtendDuration)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
delegatedAdminRelationships, err := graphClient.TenantRelationships().DelegatedAdminRelationships().ByDelegatedAdminRelationshipId("delegatedAdminRelationship-id").Patch(context.Background(), requestBody, configuration)
有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息,请参阅 SDK 文档。
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
DelegatedAdminRelationship delegatedAdminRelationship = new DelegatedAdminRelationship();
delegatedAdminRelationship.setDisplayName("Updated Contoso admin relationship");
PeriodAndDuration duration = PeriodAndDuration.ofDuration(Duration.parse("P31D"));
delegatedAdminRelationship.setDuration(duration);
DelegatedAdminRelationshipCustomerParticipant customer = new DelegatedAdminRelationshipCustomerParticipant();
customer.setTenantId("52eaad04-13a2-4a2f-9ce8-93a294fadf36");
delegatedAdminRelationship.setCustomer(customer);
DelegatedAdminAccessDetails accessDetails = new DelegatedAdminAccessDetails();
LinkedList<UnifiedRole> unifiedRoles = new LinkedList<UnifiedRole>();
UnifiedRole unifiedRole = new UnifiedRole();
unifiedRole.setRoleDefinitionId("44367163-eba1-44c3-98af-f5787879f96a");
unifiedRoles.add(unifiedRole);
UnifiedRole unifiedRole1 = new UnifiedRole();
unifiedRole1.setRoleDefinitionId("29232cdf-9323-42fd-ade2-1d097af3e4de");
unifiedRoles.add(unifiedRole1);
UnifiedRole unifiedRole2 = new UnifiedRole();
unifiedRole2.setRoleDefinitionId("69091246-20e8-4a56-aa4d-066075b2a7a8");
unifiedRoles.add(unifiedRole2);
UnifiedRole unifiedRole3 = new UnifiedRole();
unifiedRole3.setRoleDefinitionId("3a2c62db-5318-420d-8d74-23affee5d9d5");
unifiedRoles.add(unifiedRole3);
accessDetails.setUnifiedRoles(unifiedRoles);
delegatedAdminRelationship.setAccessDetails(accessDetails);
PeriodAndDuration autoExtendDuration = PeriodAndDuration.ofDuration(Duration.parse("P180D"));
delegatedAdminRelationship.setAutoExtendDuration(autoExtendDuration);
DelegatedAdminRelationship result = graphClient.tenantRelationships().delegatedAdminRelationships().byDelegatedAdminRelationshipId("{delegatedAdminRelationship-id}").patch(delegatedAdminRelationship, requestConfiguration -> {
requestConfiguration.headers.add("If-Match", "W/\"JyI0NzAwNjg0NS0wMDAwLTE5MDAtMDAwMC02MGY0Yjg4MzAwMDAiJw==\"");
});
有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息,请参阅 SDK 文档。
const options = {
authProvider,
};
const client = Client.init(options);
const delegatedAdminRelationship = {
displayName: 'Updated Contoso admin relationship',
duration: 'P31D',
customer: {
tenantId: '52eaad04-13a2-4a2f-9ce8-93a294fadf36'
},
accessDetails: {
unifiedRoles: [
{
roleDefinitionId: '44367163-eba1-44c3-98af-f5787879f96a'
},
{
roleDefinitionId: '29232cdf-9323-42fd-ade2-1d097af3e4de'
},
{
roleDefinitionId: '69091246-20e8-4a56-aa4d-066075b2a7a8'
},
{
roleDefinitionId: '3a2c62db-5318-420d-8d74-23affee5d9d5'
}
]
},
autoExtendDuration: 'P180D'
};
await client.api('/tenantRelationships/delegatedAdminRelationships/5d027261-d21f-4aa9-b7db-7fa1f56fb163-8777b240-c6f0-4469-9e98-a3205431b836')
.update(delegatedAdminRelationship);
有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息,请参阅 SDK 文档。
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\TenantRelationships\DelegatedAdminRelationships\Item\DelegatedAdminRelationshipItemRequestBuilderPatchRequestConfiguration;
use Microsoft\Graph\Generated\Models\DelegatedAdminRelationship;
use Microsoft\Graph\Generated\Models\DelegatedAdminRelationshipCustomerParticipant;
use Microsoft\Graph\Generated\Models\DelegatedAdminAccessDetails;
use Microsoft\Graph\Generated\Models\UnifiedRole;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new DelegatedAdminRelationship();
$requestBody->setDisplayName('Updated Contoso admin relationship');
$requestBody->setDuration(new \DateInterval('P31D'));
$customer = new DelegatedAdminRelationshipCustomerParticipant();
$customer->setTenantId('52eaad04-13a2-4a2f-9ce8-93a294fadf36');
$requestBody->setCustomer($customer);
$accessDetails = new DelegatedAdminAccessDetails();
$unifiedRolesUnifiedRole1 = new UnifiedRole();
$unifiedRolesUnifiedRole1->setRoleDefinitionId('44367163-eba1-44c3-98af-f5787879f96a');
$unifiedRolesArray []= $unifiedRolesUnifiedRole1;
$unifiedRolesUnifiedRole2 = new UnifiedRole();
$unifiedRolesUnifiedRole2->setRoleDefinitionId('29232cdf-9323-42fd-ade2-1d097af3e4de');
$unifiedRolesArray []= $unifiedRolesUnifiedRole2;
$unifiedRolesUnifiedRole3 = new UnifiedRole();
$unifiedRolesUnifiedRole3->setRoleDefinitionId('69091246-20e8-4a56-aa4d-066075b2a7a8');
$unifiedRolesArray []= $unifiedRolesUnifiedRole3;
$unifiedRolesUnifiedRole4 = new UnifiedRole();
$unifiedRolesUnifiedRole4->setRoleDefinitionId('3a2c62db-5318-420d-8d74-23affee5d9d5');
$unifiedRolesArray []= $unifiedRolesUnifiedRole4;
$accessDetails->setUnifiedRoles($unifiedRolesArray);
$requestBody->setAccessDetails($accessDetails);
$requestBody->setAutoExtendDuration(new \DateInterval('P180D'));
$requestConfiguration = new DelegatedAdminRelationshipItemRequestBuilderPatchRequestConfiguration();
$headers = [
'If-Match' => 'W/"JyI0NzAwNjg0NS0wMDAwLTE5MDAtMDAwMC02MGY0Yjg4MzAwMDAiJw=="',
];
$requestConfiguration->headers = $headers;
$result = $graphServiceClient->tenantRelationships()->delegatedAdminRelationships()->byDelegatedAdminRelationshipId('delegatedAdminRelationship-id')->patch($requestBody, $requestConfiguration)->wait();
有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息,请参阅 SDK 文档。
Import-Module Microsoft.Graph.Identity.Partner
$params = @{
displayName = "Updated Contoso admin relationship"
duration = "P31D"
customer = @{
tenantId = "52eaad04-13a2-4a2f-9ce8-93a294fadf36"
}
accessDetails = @{
unifiedRoles = @(
@{
roleDefinitionId = "44367163-eba1-44c3-98af-f5787879f96a"
}
@{
roleDefinitionId = "29232cdf-9323-42fd-ade2-1d097af3e4de"
}
@{
roleDefinitionId = "69091246-20e8-4a56-aa4d-066075b2a7a8"
}
@{
roleDefinitionId = "3a2c62db-5318-420d-8d74-23affee5d9d5"
}
)
}
autoExtendDuration = "P180D"
}
Update-MgTenantRelationshipDelegatedAdminRelationship -DelegatedAdminRelationshipId $delegatedAdminRelationshipId -BodyParameter $params
有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息,请参阅 SDK 文档。
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.tenant_relationships.delegated_admin_relationships.item.delegated_admin_relationship_item_request_builder import DelegatedAdminRelationshipItemRequestBuilder
from kiota_abstractions.base_request_configuration import RequestConfiguration
from msgraph.generated.models.delegated_admin_relationship import DelegatedAdminRelationship
from msgraph.generated.models.delegated_admin_relationship_customer_participant import DelegatedAdminRelationshipCustomerParticipant
from msgraph.generated.models.delegated_admin_access_details import DelegatedAdminAccessDetails
from msgraph.generated.models.unified_role import UnifiedRole
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = DelegatedAdminRelationship(
display_name = "Updated Contoso admin relationship",
duration = "P31D",
customer = DelegatedAdminRelationshipCustomerParticipant(
tenant_id = "52eaad04-13a2-4a2f-9ce8-93a294fadf36",
),
access_details = DelegatedAdminAccessDetails(
unified_roles = [
UnifiedRole(
role_definition_id = "44367163-eba1-44c3-98af-f5787879f96a",
),
UnifiedRole(
role_definition_id = "29232cdf-9323-42fd-ade2-1d097af3e4de",
),
UnifiedRole(
role_definition_id = "69091246-20e8-4a56-aa4d-066075b2a7a8",
),
UnifiedRole(
role_definition_id = "3a2c62db-5318-420d-8d74-23affee5d9d5",
),
],
),
auto_extend_duration = "P180D",
)
request_configuration = RequestConfiguration()
request_configuration.headers.add("If-Match", "W/\"JyI0NzAwNjg0NS0wMDAwLTE5MDAtMDAwMC02MGY0Yjg4MzAwMDAiJw==\"")
result = await graph_client.tenant_relationships.delegated_admin_relationships.by_delegated_admin_relationship_id('delegatedAdminRelationship-id').patch(request_body, request_configuration = request_configuration)
有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息,请参阅 SDK 文档。
响应
下面为请求示例。
注意:为了提高可读性,可能缩短了此处显示的响应对象。
HTTP/1.1 200 OK
Content-Type: application/json
{
"@odata.type": "#microsoft.graph.delegatedAdminRelationship",
"@odata.context": "https://graph.microsoft.com/v1.0/tenantRelationships/$metadata#delegatedAdminRelationships/$entity",
"@odata.etag": "W/\"JyIwMzAwZTM0ZS0wMDAwLTAyMDAtMDAwMC02MTRjZjI1YzAwMDAiJw==\"",
"id": "5d027261-d21f-4aa9-b7db-7fa1f56fb163-8777b240-c6f0-4469-9e98-a3205431b836",
"displayName": "Updated Contoso admin relationship",
"duration": "P31D",
"status": "created",
"createdDateTime": "2022-02-10T11:24:42.3148266Z",
"lastModifiedDateTime": "2022-02-10T11:26:44.9941884Z",
"customer": {
"tenantId": "52eaad04-13a2-4a2f-9ce8-93a294fadf36"
},
"accessDetails": {
"unifiedRoles": [
{
"roleDefinitionId": "44367163-eba1-44c3-98af-f5787879f96a"
},
{
"roleDefinitionId": "29232cdf-9323-42fd-ade2-1d097af3e4de"
},
{
"roleDefinitionId": "69091246-20e8-4a56-aa4d-066075b2a7a8"
},
{
"roleDefinitionId": "3a2c62db-5318-420d-8d74-23affee5d9d5"
}
]
},
"autoExtendDuration": "P180D"
}
下面是返回响应代码以及 Location 和 Retry-After 标头的示例202 Accepted响应。
HTTP/1.1 202 Accepted
Location: https://graph.microsoft.com/v1.0/tenantRelationships/delegatedAdminRelationships/5e5594d3-6f82-458b-b567-77db4811f0cd-00000000-0000-0000-0000-000000001234/operations/d8dbb27b-7fe7-4523-a3df-f766355fe0f2
Retry-After: 10
Content-Type: application/json
{
}