命名空间:microsoft.graph
重要
Microsoft Graph /beta 版本下的 API 可能会发生更改。 不支持在生产应用程序中使用这些 API。 若要确定 API 是否在 v1.0 中可用,请使用 版本 选择器。
为 RBAC 提供程序创建新的 unifiedRoleAssignmentMultiple 对象。
当前支持以下 RBAC 提供程序:
- 云电脑
- 设备管理 (Intune)
- Defender (Microsoft Defender XDR)
对于其他 Microsoft 365 应用程序 ((如 Microsoft Entra ID) ),请使用 unifiedRoleAssignment。
此 API 可用于以下国家级云部署。
| 全局服务 |
美国政府 L4 |
美国政府 L5 (DOD) |
由世纪互联运营的中国 |
| ✅ |
✅ |
✅ |
✅ |
权限
下表显示了对每种受支持的资源类型调用此 API 所需的最低特权权限。 请遵循 最佳做法 来请求最低特权权限。 有关委派权限和应用程序权限的详细信息,请参阅权限类型。 要了解有关这些权限的详细信息,请参阅 权限参考。
对于云电脑提供商
| 权限类型 |
最低特权权限 |
更高特权权限 |
| 委派(工作或学校帐户) |
CloudPC.ReadWrite.All |
DeviceManagementRBAC.ReadWrite.All |
| 委派(个人 Microsoft 帐户) |
不支持。 |
不支持。 |
| 应用程序 |
CloudPC.ReadWrite.All |
DeviceManagementRBAC.ReadWrite.All |
对于设备管理 (Intune) 提供程序
| 权限类型 |
最低特权权限 |
更高特权权限 |
| 委派(工作或学校帐户) |
CloudPC.ReadWrite.All |
DeviceManagementRBAC.ReadWrite.All |
| 委派(个人 Microsoft 帐户) |
不支持。 |
不支持。 |
| 应用程序 |
CloudPC.ReadWrite.All |
DeviceManagementRBAC.ReadWrite.All |
对于 Defender 提供程序
| 权限类型 |
最低特权权限 |
更高特权权限 |
| 委派(工作或学校帐户) |
RoleManagement.ReadWrite.Defender |
不可用。 |
| 委派(个人 Microsoft 帐户) |
不支持。 |
不支持。 |
| 应用程序 |
RoleManagement.ReadWrite.Defender |
不可用。 |
HTTP 请求
若要为云电脑提供商创建角色分配,请执行以下作:
POST /roleManagement/cloudPC/roleAssignments
若要为Intune提供程序创建角色分配,请执行以下作:
POST /roleManagement/deviceManagement/roleAssignments
若要为 Defender 提供程序创建角色分配,请执行以下作:
POST /roleManagement/defender/roleAssignments
| 名称 |
说明 |
| Authorization |
持有者 {token}。 必填。 详细了解 身份验证和授权。 |
| Content-type |
application/json. 必需。 |
请求正文
在请求正文中,提供 unifiedRoleAssignmentMultiple 对象的 JSON 表示形式。 请求必须具有在 Microsoft Entra ID 中定义的范围(如 directoryScopeIds)或应用程序特定的范围(如 appScopeId)。 Microsoft Entra范围的示例包括租户 (“/”) 、管理单元或应用程序。
响应
如果成功,此方法在响应正文中返回响应 201 Created 代码和新的 unifiedRoleAssignmentMultiple 对象。
示例
示例 1:在 Intune中创建两个范围组的角色分配, (这些组是Microsoft Entra对象)
请求
以下示例显示了一个请求。
注意:对 roleDefinitionId 使用 roleTemplateId。
roleDefinitionId 可以是服务范围的模板 ID,也可以是特定于目录的 roleDefinitionId。
POST https://graph.microsoft.com/beta/roleManagement/deviceManagement/roleAssignments
Content-type: application/json
{
"@odata.type": "#microsoft.graph.unifiedRoleAssignmentMultiple",
"displayName": "My test role assignment 1",
"roleDefinitionId": "c2cf284d-6c41-4e6b-afac-4b80928c9034",
"principalIds": ["f8ca5a85-489a-49a0-b555-0a6d81e56f0d", "c1518aa9-4da5-4c84-a902-a31404023890"],
"directoryScopeIds": ["28ca5a85-489a-49a0-b555-0a6d81e56f0d", "8152656a-cf9a-4928-a457-1512d4cae295"],
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models;
var requestBody = new UnifiedRoleAssignmentMultiple
{
OdataType = "#microsoft.graph.unifiedRoleAssignmentMultiple",
DisplayName = "My test role assignment 1",
RoleDefinitionId = "c2cf284d-6c41-4e6b-afac-4b80928c9034",
PrincipalIds = new List<string>
{
"f8ca5a85-489a-49a0-b555-0a6d81e56f0d",
"c1518aa9-4da5-4c84-a902-a31404023890",
},
DirectoryScopeIds = new List<string>
{
"28ca5a85-489a-49a0-b555-0a6d81e56f0d",
"8152656a-cf9a-4928-a457-1512d4cae295",
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.RoleManagement.DeviceManagement.RoleAssignments.PostAsync(requestBody);
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewUnifiedRoleAssignmentMultiple()
displayName := "My test role assignment 1"
requestBody.SetDisplayName(&displayName)
roleDefinitionId := "c2cf284d-6c41-4e6b-afac-4b80928c9034"
requestBody.SetRoleDefinitionId(&roleDefinitionId)
principalIds := []string {
"f8ca5a85-489a-49a0-b555-0a6d81e56f0d",
"c1518aa9-4da5-4c84-a902-a31404023890",
}
requestBody.SetPrincipalIds(principalIds)
directoryScopeIds := []string {
"28ca5a85-489a-49a0-b555-0a6d81e56f0d",
"8152656a-cf9a-4928-a457-1512d4cae295",
}
requestBody.SetDirectoryScopeIds(directoryScopeIds)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
roleAssignments, err := graphClient.RoleManagement().DeviceManagement().RoleAssignments().Post(context.Background(), requestBody, nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
UnifiedRoleAssignmentMultiple unifiedRoleAssignmentMultiple = new UnifiedRoleAssignmentMultiple();
unifiedRoleAssignmentMultiple.setOdataType("#microsoft.graph.unifiedRoleAssignmentMultiple");
unifiedRoleAssignmentMultiple.setDisplayName("My test role assignment 1");
unifiedRoleAssignmentMultiple.setRoleDefinitionId("c2cf284d-6c41-4e6b-afac-4b80928c9034");
LinkedList<String> principalIds = new LinkedList<String>();
principalIds.add("f8ca5a85-489a-49a0-b555-0a6d81e56f0d");
principalIds.add("c1518aa9-4da5-4c84-a902-a31404023890");
unifiedRoleAssignmentMultiple.setPrincipalIds(principalIds);
LinkedList<String> directoryScopeIds = new LinkedList<String>();
directoryScopeIds.add("28ca5a85-489a-49a0-b555-0a6d81e56f0d");
directoryScopeIds.add("8152656a-cf9a-4928-a457-1512d4cae295");
unifiedRoleAssignmentMultiple.setDirectoryScopeIds(directoryScopeIds);
UnifiedRoleAssignmentMultiple result = graphClient.roleManagement().deviceManagement().roleAssignments().post(unifiedRoleAssignmentMultiple);
const options = {
authProvider,
};
const client = Client.init(options);
const unifiedRoleAssignmentMultiple = {
'@odata.type': '#microsoft.graph.unifiedRoleAssignmentMultiple',
displayName: 'My test role assignment 1',
roleDefinitionId: 'c2cf284d-6c41-4e6b-afac-4b80928c9034',
principalIds: ['f8ca5a85-489a-49a0-b555-0a6d81e56f0d', 'c1518aa9-4da5-4c84-a902-a31404023890'],
directoryScopeIds: ['28ca5a85-489a-49a0-b555-0a6d81e56f0d', '8152656a-cf9a-4928-a457-1512d4cae295'],
};
await client.api('/roleManagement/deviceManagement/roleAssignments')
.version('beta')
.post(unifiedRoleAssignmentMultiple);
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\UnifiedRoleAssignmentMultiple;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new UnifiedRoleAssignmentMultiple();
$requestBody->setOdataType('#microsoft.graph.unifiedRoleAssignmentMultiple');
$requestBody->setDisplayName('My test role assignment 1');
$requestBody->setRoleDefinitionId('c2cf284d-6c41-4e6b-afac-4b80928c9034');
$requestBody->setPrincipalIds(['f8ca5a85-489a-49a0-b555-0a6d81e56f0d', 'c1518aa9-4da5-4c84-a902-a31404023890', ]);
$requestBody->setDirectoryScopeIds(['28ca5a85-489a-49a0-b555-0a6d81e56f0d', '8152656a-cf9a-4928-a457-1512d4cae295', ]);
$result = $graphServiceClient->roleManagement()->deviceManagement()->roleAssignments()->post($requestBody)->wait();
Import-Module Microsoft.Graph.Beta.DeviceManagement.Enrollment
$params = @{
"@odata.type" = "#microsoft.graph.unifiedRoleAssignmentMultiple"
displayName = "My test role assignment 1"
roleDefinitionId = "c2cf284d-6c41-4e6b-afac-4b80928c9034"
principalIds = @(
"f8ca5a85-489a-49a0-b555-0a6d81e56f0d"
"c1518aa9-4da5-4c84-a902-a31404023890"
)
directoryScopeIds = @(
"28ca5a85-489a-49a0-b555-0a6d81e56f0d"
"8152656a-cf9a-4928-a457-1512d4cae295"
)
}
New-MgBetaRoleManagementDeviceManagementRoleAssignment -BodyParameter $params
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.unified_role_assignment_multiple import UnifiedRoleAssignmentMultiple
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = UnifiedRoleAssignmentMultiple(
odata_type = "#microsoft.graph.unifiedRoleAssignmentMultiple",
display_name = "My test role assignment 1",
role_definition_id = "c2cf284d-6c41-4e6b-afac-4b80928c9034",
principal_ids = [
"f8ca5a85-489a-49a0-b555-0a6d81e56f0d",
"c1518aa9-4da5-4c84-a902-a31404023890",
],
directory_scope_ids = [
"28ca5a85-489a-49a0-b555-0a6d81e56f0d",
"8152656a-cf9a-4928-a457-1512d4cae295",
],
)
result = await graph_client.role_management.device_management.role_assignments.post(request_body)
响应
以下示例显示了相应的响应。
注意:为了提高可读性,可能缩短了此处显示的响应对象。
HTTP/1.1 201 Created
Content-type: application/json
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#roleManagement/deviceManagement/roleAssignments/$entity",
"@odata.type": "#microsoft.graph.unifiedRoleAssignmentMultiple",
"id": "28ca5a85-489a-49a0-b555-0a6d81e56f0d",
"roleDefinitionId": "c2cf284d-6c41-4e6b-afac-4b80928c9034",
"principalIds": ["f8ca5a85-489a-49a0-b555-0a6d81e56f0d", "c1518aa9-4da5-4c84-a902-a31404023890"],
"directoryScopeIds": ["28ca5a85-489a-49a0-b555-0a6d81e56f0d", "8152656a-cf9a-4928-a457-1512d4cae295"]
}
示例 2:在“所有设备”的特定于Intune范围的Intune中创建角色分配
使用以下信息创建Intune角色分配:
- 若要允许对所有Intune设备进行分配,请使用
AllDevicesappScopeIds 中的 值。
- 若要允许对所有Intune许可用户进行分配,请使用
AllLicensedUsersappScopeIds 中的 值。
- 若要允许对所有Intune设备和许可用户进行分配,请使用
/directoryScopeIds 中的 值。
请求
以下示例显示了一个请求。
POST https://graph.microsoft.com/beta/roleManagement/deviceManagement/roleAssignments
Content-type: application/json
{
"@odata.type": "#microsoft.graph.unifiedRoleAssignmentMultiple",
"displayName": "My test role assignment 1",
"roleDefinitionId": "c2cf284d-6c41-4e6b-afac-4b80928c9034",
"principalIds": ["f8ca5a85-489a-49a0-b555-0a6d81e56f0d", "c1518aa9-4da5-4c84-a902-a31404023890"],
"appScopeIds": ["allDevices"]
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models;
var requestBody = new UnifiedRoleAssignmentMultiple
{
OdataType = "#microsoft.graph.unifiedRoleAssignmentMultiple",
DisplayName = "My test role assignment 1",
RoleDefinitionId = "c2cf284d-6c41-4e6b-afac-4b80928c9034",
PrincipalIds = new List<string>
{
"f8ca5a85-489a-49a0-b555-0a6d81e56f0d",
"c1518aa9-4da5-4c84-a902-a31404023890",
},
AppScopeIds = new List<string>
{
"allDevices",
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.RoleManagement.DeviceManagement.RoleAssignments.PostAsync(requestBody);
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewUnifiedRoleAssignmentMultiple()
displayName := "My test role assignment 1"
requestBody.SetDisplayName(&displayName)
roleDefinitionId := "c2cf284d-6c41-4e6b-afac-4b80928c9034"
requestBody.SetRoleDefinitionId(&roleDefinitionId)
principalIds := []string {
"f8ca5a85-489a-49a0-b555-0a6d81e56f0d",
"c1518aa9-4da5-4c84-a902-a31404023890",
}
requestBody.SetPrincipalIds(principalIds)
appScopeIds := []string {
"allDevices",
}
requestBody.SetAppScopeIds(appScopeIds)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
roleAssignments, err := graphClient.RoleManagement().DeviceManagement().RoleAssignments().Post(context.Background(), requestBody, nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
UnifiedRoleAssignmentMultiple unifiedRoleAssignmentMultiple = new UnifiedRoleAssignmentMultiple();
unifiedRoleAssignmentMultiple.setOdataType("#microsoft.graph.unifiedRoleAssignmentMultiple");
unifiedRoleAssignmentMultiple.setDisplayName("My test role assignment 1");
unifiedRoleAssignmentMultiple.setRoleDefinitionId("c2cf284d-6c41-4e6b-afac-4b80928c9034");
LinkedList<String> principalIds = new LinkedList<String>();
principalIds.add("f8ca5a85-489a-49a0-b555-0a6d81e56f0d");
principalIds.add("c1518aa9-4da5-4c84-a902-a31404023890");
unifiedRoleAssignmentMultiple.setPrincipalIds(principalIds);
LinkedList<String> appScopeIds = new LinkedList<String>();
appScopeIds.add("allDevices");
unifiedRoleAssignmentMultiple.setAppScopeIds(appScopeIds);
UnifiedRoleAssignmentMultiple result = graphClient.roleManagement().deviceManagement().roleAssignments().post(unifiedRoleAssignmentMultiple);
const options = {
authProvider,
};
const client = Client.init(options);
const unifiedRoleAssignmentMultiple = {
'@odata.type': '#microsoft.graph.unifiedRoleAssignmentMultiple',
displayName: 'My test role assignment 1',
roleDefinitionId: 'c2cf284d-6c41-4e6b-afac-4b80928c9034',
principalIds: ['f8ca5a85-489a-49a0-b555-0a6d81e56f0d', 'c1518aa9-4da5-4c84-a902-a31404023890'],
appScopeIds: ['allDevices']
};
await client.api('/roleManagement/deviceManagement/roleAssignments')
.version('beta')
.post(unifiedRoleAssignmentMultiple);
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\UnifiedRoleAssignmentMultiple;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new UnifiedRoleAssignmentMultiple();
$requestBody->setOdataType('#microsoft.graph.unifiedRoleAssignmentMultiple');
$requestBody->setDisplayName('My test role assignment 1');
$requestBody->setRoleDefinitionId('c2cf284d-6c41-4e6b-afac-4b80928c9034');
$requestBody->setPrincipalIds(['f8ca5a85-489a-49a0-b555-0a6d81e56f0d', 'c1518aa9-4da5-4c84-a902-a31404023890', ]);
$requestBody->setAppScopeIds(['allDevices', ]);
$result = $graphServiceClient->roleManagement()->deviceManagement()->roleAssignments()->post($requestBody)->wait();
Import-Module Microsoft.Graph.Beta.DeviceManagement.Enrollment
$params = @{
"@odata.type" = "#microsoft.graph.unifiedRoleAssignmentMultiple"
displayName = "My test role assignment 1"
roleDefinitionId = "c2cf284d-6c41-4e6b-afac-4b80928c9034"
principalIds = @(
"f8ca5a85-489a-49a0-b555-0a6d81e56f0d"
"c1518aa9-4da5-4c84-a902-a31404023890"
)
appScopeIds = @(
"allDevices"
)
}
New-MgBetaRoleManagementDeviceManagementRoleAssignment -BodyParameter $params
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.unified_role_assignment_multiple import UnifiedRoleAssignmentMultiple
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = UnifiedRoleAssignmentMultiple(
odata_type = "#microsoft.graph.unifiedRoleAssignmentMultiple",
display_name = "My test role assignment 1",
role_definition_id = "c2cf284d-6c41-4e6b-afac-4b80928c9034",
principal_ids = [
"f8ca5a85-489a-49a0-b555-0a6d81e56f0d",
"c1518aa9-4da5-4c84-a902-a31404023890",
],
app_scope_ids = [
"allDevices",
],
)
result = await graph_client.role_management.device_management.role_assignments.post(request_body)
响应
以下示例显示了相应的响应。
注意:为了提高可读性,可能缩短了此处显示的响应对象。
HTTP/1.1 201 Created
Content-type: application/json
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#roleManagement/deviceManagement/roleAssignments/$entity",
"@odata.type": "#microsoft.graph.unifiedRoleAssignmentMultiple",
"id": "28ca5a85-489a-49a0-b555-0a6d81e56f0d",
"roleDefinitionId": "c2cf284d-6c41-4e6b-afac-4b80928c9034",
"principalIds": ["f8ca5a85-489a-49a0-b555-0a6d81e56f0d", "c1518aa9-4da5-4c84-a902-a31404023890"],
"appScopeIds": ["allDevices"]
}
示例 3:为云电脑提供商创建角色分配
请求
POST https://graph.microsoft.com/beta/roleManagement/cloudPC/roleAssignments
Content-type: application/json
{
"@odata.type": "#microsoft.graph.unifiedRoleAssignmentMultiple",
"displayName": "My test role assignment 1",
"description": "My role assignment description",
"roleDefinitionId": "b5c08161-a7af-481c-ace2-a20a69a48fb1",
"principalIds": ["f8ca5a85-489a-49a0-b555-0a6d81e56f0d", "c1518aa9-4da5-4c84-a902-a31404023890"]
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models;
var requestBody = new UnifiedRoleAssignmentMultiple
{
OdataType = "#microsoft.graph.unifiedRoleAssignmentMultiple",
DisplayName = "My test role assignment 1",
Description = "My role assignment description",
RoleDefinitionId = "b5c08161-a7af-481c-ace2-a20a69a48fb1",
PrincipalIds = new List<string>
{
"f8ca5a85-489a-49a0-b555-0a6d81e56f0d",
"c1518aa9-4da5-4c84-a902-a31404023890",
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.RoleManagement.CloudPC.RoleAssignments.PostAsync(requestBody);
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewUnifiedRoleAssignmentMultiple()
displayName := "My test role assignment 1"
requestBody.SetDisplayName(&displayName)
description := "My role assignment description"
requestBody.SetDescription(&description)
roleDefinitionId := "b5c08161-a7af-481c-ace2-a20a69a48fb1"
requestBody.SetRoleDefinitionId(&roleDefinitionId)
principalIds := []string {
"f8ca5a85-489a-49a0-b555-0a6d81e56f0d",
"c1518aa9-4da5-4c84-a902-a31404023890",
}
requestBody.SetPrincipalIds(principalIds)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
roleAssignments, err := graphClient.RoleManagement().CloudPC().RoleAssignments().Post(context.Background(), requestBody, nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
UnifiedRoleAssignmentMultiple unifiedRoleAssignmentMultiple = new UnifiedRoleAssignmentMultiple();
unifiedRoleAssignmentMultiple.setOdataType("#microsoft.graph.unifiedRoleAssignmentMultiple");
unifiedRoleAssignmentMultiple.setDisplayName("My test role assignment 1");
unifiedRoleAssignmentMultiple.setDescription("My role assignment description");
unifiedRoleAssignmentMultiple.setRoleDefinitionId("b5c08161-a7af-481c-ace2-a20a69a48fb1");
LinkedList<String> principalIds = new LinkedList<String>();
principalIds.add("f8ca5a85-489a-49a0-b555-0a6d81e56f0d");
principalIds.add("c1518aa9-4da5-4c84-a902-a31404023890");
unifiedRoleAssignmentMultiple.setPrincipalIds(principalIds);
UnifiedRoleAssignmentMultiple result = graphClient.roleManagement().cloudPC().roleAssignments().post(unifiedRoleAssignmentMultiple);
const options = {
authProvider,
};
const client = Client.init(options);
const unifiedRoleAssignmentMultiple = {
'@odata.type': '#microsoft.graph.unifiedRoleAssignmentMultiple',
displayName: 'My test role assignment 1',
description: 'My role assignment description',
roleDefinitionId: 'b5c08161-a7af-481c-ace2-a20a69a48fb1',
principalIds: ['f8ca5a85-489a-49a0-b555-0a6d81e56f0d', 'c1518aa9-4da5-4c84-a902-a31404023890']
};
await client.api('/roleManagement/cloudPC/roleAssignments')
.version('beta')
.post(unifiedRoleAssignmentMultiple);
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\UnifiedRoleAssignmentMultiple;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new UnifiedRoleAssignmentMultiple();
$requestBody->setOdataType('#microsoft.graph.unifiedRoleAssignmentMultiple');
$requestBody->setDisplayName('My test role assignment 1');
$requestBody->setDescription('My role assignment description');
$requestBody->setRoleDefinitionId('b5c08161-a7af-481c-ace2-a20a69a48fb1');
$requestBody->setPrincipalIds(['f8ca5a85-489a-49a0-b555-0a6d81e56f0d', 'c1518aa9-4da5-4c84-a902-a31404023890', ]);
$result = $graphServiceClient->roleManagement()->cloudPC()->roleAssignments()->post($requestBody)->wait();
Import-Module Microsoft.Graph.Beta.DeviceManagement.Enrollment
$params = @{
"@odata.type" = "#microsoft.graph.unifiedRoleAssignmentMultiple"
displayName = "My test role assignment 1"
description = "My role assignment description"
roleDefinitionId = "b5c08161-a7af-481c-ace2-a20a69a48fb1"
principalIds = @(
"f8ca5a85-489a-49a0-b555-0a6d81e56f0d"
"c1518aa9-4da5-4c84-a902-a31404023890"
)
}
New-MgBetaRoleManagementCloudPcRoleAssignment -BodyParameter $params
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.unified_role_assignment_multiple import UnifiedRoleAssignmentMultiple
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = UnifiedRoleAssignmentMultiple(
odata_type = "#microsoft.graph.unifiedRoleAssignmentMultiple",
display_name = "My test role assignment 1",
description = "My role assignment description",
role_definition_id = "b5c08161-a7af-481c-ace2-a20a69a48fb1",
principal_ids = [
"f8ca5a85-489a-49a0-b555-0a6d81e56f0d",
"c1518aa9-4da5-4c84-a902-a31404023890",
],
)
result = await graph_client.role_management.cloud_p_c.role_assignments.post(request_body)
响应
以下示例显示了相应的响应。
注意:为了提高可读性,可能缩短了此处显示的响应对象。 所有属性都将通过实际调用返回。
HTTP/1.1 201 Created
Content-type: application/json
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#roleManagement/cloudPC/roleAssignments/$entity",
"id": "47c88dcd-cc79-4b0c-ba7d-7af2199649c5",
"displayName": "My role assignment",
"description": "My role assignment description",
"roleDefinitionId": "b5c08161-a7af-481c-ace2-a20a69a48fb1",
"principalIds": [
"f8ca5a85-489a-49a0-b555-0a6d81e56f0d",
"c1518aa9-4da5-4c84-a902-a31404023890"
],
"directoryScopeIds": [
"/"
],
"appScopeIds": []
}
示例 4:在 CloudSet“123”范围内,在 Defender 中创建所有和未来工作负载的角色分配:
使用以下信息创建Intune角色分配:
- 若要允许对所有工作负载和将来的工作负荷进行分配,请使用
/appScopeIds 中的 值。
- 若要允许对工作负载进行分配,请在所有作用域上,不要在 appScopeIds 中的以下工作负载 ID 之后添加任何范围:
Mdi、、Mdc、Mda、MdeMdoSecureScoreExternal、 。
- 若要允许对所有当前和将来的工作负荷进行分配,请在特定范围内使用 directoryScopeIds 中的以下值之一:
/、 ScopeType、 ScopeId 。
请求
以下示例显示了一个请求。
POST https://graph.microsoft.com/beta/roleManagement/defender/roleAssignments
Content-type: application/json
{
"@odata.type": "#microsoft.graph.unifiedRoleAssignmentMultiple",
"displayName": "Example role assignment",
"roleDefinitionId": "b5c08161-a7af-481c-ace2-a20a69a48fb1",
"principalIds": [
"8e811502-ebda-4782-8f81-071d17f0f892",
"30e3492f-964c-4d73-88c6-986a53c6e2a0"
],
"appScopeIds": [
"Mdc", "/CloudSet/123"
]
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models;
var requestBody = new UnifiedRoleAssignmentMultiple
{
OdataType = "#microsoft.graph.unifiedRoleAssignmentMultiple",
DisplayName = "Example role assignment",
RoleDefinitionId = "b5c08161-a7af-481c-ace2-a20a69a48fb1",
PrincipalIds = new List<string>
{
"8e811502-ebda-4782-8f81-071d17f0f892",
"30e3492f-964c-4d73-88c6-986a53c6e2a0",
},
AppScopeIds = new List<string>
{
"Mdc",
"/CloudSet/123",
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.RoleManagement.Defender.RoleAssignments.PostAsync(requestBody);
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewUnifiedRoleAssignmentMultiple()
displayName := "Example role assignment"
requestBody.SetDisplayName(&displayName)
roleDefinitionId := "b5c08161-a7af-481c-ace2-a20a69a48fb1"
requestBody.SetRoleDefinitionId(&roleDefinitionId)
principalIds := []string {
"8e811502-ebda-4782-8f81-071d17f0f892",
"30e3492f-964c-4d73-88c6-986a53c6e2a0",
}
requestBody.SetPrincipalIds(principalIds)
appScopeIds := []string {
"Mdc",
"/CloudSet/123",
}
requestBody.SetAppScopeIds(appScopeIds)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
roleAssignments, err := graphClient.RoleManagement().Defender().RoleAssignments().Post(context.Background(), requestBody, nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
UnifiedRoleAssignmentMultiple unifiedRoleAssignmentMultiple = new UnifiedRoleAssignmentMultiple();
unifiedRoleAssignmentMultiple.setOdataType("#microsoft.graph.unifiedRoleAssignmentMultiple");
unifiedRoleAssignmentMultiple.setDisplayName("Example role assignment");
unifiedRoleAssignmentMultiple.setRoleDefinitionId("b5c08161-a7af-481c-ace2-a20a69a48fb1");
LinkedList<String> principalIds = new LinkedList<String>();
principalIds.add("8e811502-ebda-4782-8f81-071d17f0f892");
principalIds.add("30e3492f-964c-4d73-88c6-986a53c6e2a0");
unifiedRoleAssignmentMultiple.setPrincipalIds(principalIds);
LinkedList<String> appScopeIds = new LinkedList<String>();
appScopeIds.add("Mdc");
appScopeIds.add("/CloudSet/123");
unifiedRoleAssignmentMultiple.setAppScopeIds(appScopeIds);
UnifiedRoleAssignmentMultiple result = graphClient.roleManagement().defender().roleAssignments().post(unifiedRoleAssignmentMultiple);
const options = {
authProvider,
};
const client = Client.init(options);
const unifiedRoleAssignmentMultiple = {
'@odata.type': '#microsoft.graph.unifiedRoleAssignmentMultiple',
displayName: 'Example role assignment',
roleDefinitionId: 'b5c08161-a7af-481c-ace2-a20a69a48fb1',
principalIds: [
'8e811502-ebda-4782-8f81-071d17f0f892',
'30e3492f-964c-4d73-88c6-986a53c6e2a0'
],
appScopeIds: [
'Mdc', '/CloudSet/123'
]
};
await client.api('/roleManagement/defender/roleAssignments')
.version('beta')
.post(unifiedRoleAssignmentMultiple);
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\UnifiedRoleAssignmentMultiple;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new UnifiedRoleAssignmentMultiple();
$requestBody->setOdataType('#microsoft.graph.unifiedRoleAssignmentMultiple');
$requestBody->setDisplayName('Example role assignment');
$requestBody->setRoleDefinitionId('b5c08161-a7af-481c-ace2-a20a69a48fb1');
$requestBody->setPrincipalIds(['8e811502-ebda-4782-8f81-071d17f0f892', '30e3492f-964c-4d73-88c6-986a53c6e2a0', ]);
$requestBody->setAppScopeIds(['Mdc', '/CloudSet/123', ]);
$result = $graphServiceClient->roleManagement()->defender()->roleAssignments()->post($requestBody)->wait();
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.unified_role_assignment_multiple import UnifiedRoleAssignmentMultiple
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = UnifiedRoleAssignmentMultiple(
odata_type = "#microsoft.graph.unifiedRoleAssignmentMultiple",
display_name = "Example role assignment",
role_definition_id = "b5c08161-a7af-481c-ace2-a20a69a48fb1",
principal_ids = [
"8e811502-ebda-4782-8f81-071d17f0f892",
"30e3492f-964c-4d73-88c6-986a53c6e2a0",
],
app_scope_ids = [
"Mdc",
"/CloudSet/123",
],
)
result = await graph_client.role_management.defender.role_assignments.post(request_body)
响应
以下示例显示了相应的响应。
注意:为了提高可读性,可能缩短了此处显示的响应对象。
HTTP/1.1 201 Created
Content-type: application/json
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#roleManagement/defender/roleAssignments/$entity",
"@odata.type": "#microsoft.graph.unifiedRoleAssignmentMultiple",
"id": "28ca5a85-489a-49a0-b555-0a6d81e56f0d",
"roleDefinitionId": "b5c08161-a7af-481c-ace2-a20a69a48fb1",
"principalIds": [
"8e811502-ebda-4782-8f81-071d17f0f892",
"30e3492f-964c-4d73-88c6-986a53c6e2a0"
],
"appScopeIds": [
"Mdc", "/CloudSet/123"
]
}