共用方式為

Access Control Lists - Query

  • 參考
服務:
Security
API 版本:
7.1

傳回指定之安全性命名空間和令牌的訪問控制清單清單。 如果未提供選擇性參數,則會擷取安全性命名空間中的所有 ACL。

GET https://dev.azure.com/{organization}/_apis/accesscontrollists/{securityNamespaceId}?api-version=7.1
含選擇性參數: 
GET https://dev.azure.com/{organization}/_apis/accesscontrollists/{securityNamespaceId}?token={token}&descriptors={descriptors}&includeExtendedInfo={includeExtendedInfo}&recurse={recurse}&api-version=7.1

URI 參數

名稱 位於 必要 類型 Description
securityNamespaceId
 path True

string (uuid)

安全性命名空間標識碼。
organization
 path

string

Azure DevOps 組織的名稱。
api-version
 query True

string

要使用的 API 版本。 這應該設定為 『7.1』 以使用此版本的 API。
descriptors
 query

string

選擇性的篩選字串,包含以 ', 分隔的識別描述項清單,其 ACE 應該擷取。 如果此為 Null,則會傳回整個 ACL。
includeExtendedInfo
 query

boolean

如果為 true,請針對傳回清單中包含的存取控制專案填入擴充資訊屬性。
recurse
 query

boolean

如果為 true 且這是階層式命名空間,則傳回指定令牌的子 ACL。
token
 query

string

安全性令牌

回應

名稱 類型 Description
200 OK

AccessControlList[]

成功作業

安全性

accessToken

個人存取令牌。 針對使用者名稱和令牌使用任何值做為密碼。

類型: basic

範例

All ACLs in a security namespace
Filter by descriptors
Filter by token
Include child ACLs
Include extended info properties

All ACLs in a security namespace

範例要求

GET https://dev.azure.com/fabrikam/_apis/accesscontrollists/5a27515b-ccd7-42c9-84f1-54c998f03866?api-version=7.1

範例回覆

狀態碼:
200 
{
  "count": 5,
  "value": [
    {
      "inheritPermissions": true,
      "token": "1ba198c0-7a12-46ed-a96b-f4e77554c6d4",
      "acesDictionary": {
        "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-1": {
          "descriptor": "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-1",
          "allow": 31,
          "deny": 0
        },
        "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-2": {
          "descriptor": "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-2",
          "allow": 31,
          "deny": 0
        },
        "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-3": {
          "descriptor": "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-3",
          "allow": 1,
          "deny": 0
        }
      }
    },
    {
      "inheritPermissions": true,
      "token": "1ba198c0-7a12-46ed-a96b-f4e77554c6d4\\846cd9c3-56ba-4158-b6d2-23a3a73244e5",
      "acesDictionary": {
        "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-1-2": {
          "descriptor": "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-1-2",
          "allow": 8,
          "deny": 0
        }
      }
    },
    {
      "inheritPermissions": true,
      "token": "28b9bb88-a513-4115-9b5c-8be39ce1f1ba",
      "acesDictionary": {
        "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-2294004008-329585985-2606533603-2632053178-0-0-0-0-1": {
          "descriptor": "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-2294004008-329585985-2606533603-2632053178-0-0-0-0-1",
          "allow": 31,
          "deny": 0
        },
        "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-2294004008-329585985-2606533603-2632053178-0-0-0-0-2": {
          "descriptor": "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-2294004008-329585985-2606533603-2632053178-0-0-0-0-2",
          "allow": 31,
          "deny": 0
        },
        "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-2294004008-329585985-2606533603-2632053178-0-0-0-0-3": {
          "descriptor": "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-2294004008-329585985-2606533603-2632053178-0-0-0-0-3",
          "allow": 1,
          "deny": 0
        }
      }
    },
    {
      "inheritPermissions": false,
      "token": "token1",
      "acesDictionary": {
        "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-1": {
          "descriptor": "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-1",
          "allow": 31,
          "deny": 0
        }
      }
    },
    {
      "inheritPermissions": false,
      "token": "token2",
      "acesDictionary": {
        "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-1": {
          "descriptor": "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-1",
          "allow": 1,
          "deny": 0
        },
        "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-2": {
          "descriptor": "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-2",
          "allow": 8,
          "deny": 0
        }
      }
    }
  ]
}

Filter by descriptors

範例要求

GET https://dev.azure.com/fabrikam/_apis/accesscontrollists/5a27515b-ccd7-42c9-84f1-54c998f03866?descriptors=Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-1&api-version=7.1

範例回覆

狀態碼:
200 
{
  "count": 5,
  "value": [
    {
      "inheritPermissions": true,
      "token": "1ba198c0-7a12-46ed-a96b-f4e77554c6d4",
      "acesDictionary": {
        "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-1": {
          "descriptor": "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-1",
          "allow": 31,
          "deny": 0
        }
      }
    },
    {
      "inheritPermissions": true,
      "token": "1ba198c0-7a12-46ed-a96b-f4e77554c6d4\\846cd9c3-56ba-4158-b6d2-23a3a73244e5",
      "acesDictionary": {
        "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-1": {
          "descriptor": "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-1",
          "allow": 0,
          "deny": 0
        }
      }
    },
    {
      "inheritPermissions": true,
      "token": "28b9bb88-a513-4115-9b5c-8be39ce1f1ba",
      "acesDictionary": {
        "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-1": {
          "descriptor": "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-1",
          "allow": 0,
          "deny": 0
        }
      }
    },
    {
      "inheritPermissions": false,
      "token": "token1",
      "acesDictionary": {
        "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-1": {
          "descriptor": "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-1",
          "allow": 31,
          "deny": 0
        }
      }
    },
    {
      "inheritPermissions": false,
      "token": "token2",
      "acesDictionary": {
        "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-1": {
          "descriptor": "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-1",
          "allow": 1,
          "deny": 0
        }
      }
    }
  ]
}

Filter by token

範例要求

GET https://dev.azure.com/fabrikam/_apis/accesscontrollists/5a27515b-ccd7-42c9-84f1-54c998f03866?token=1ba198c0-7a12-46ed-a96b-f4e77554c6d4&api-version=7.1

範例回覆

狀態碼:
200 
{
  "count": 1,
  "value": [
    {
      "inheritPermissions": true,
      "token": "1ba198c0-7a12-46ed-a96b-f4e77554c6d4",
      "acesDictionary": {
        "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-1": {
          "descriptor": "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-1",
          "allow": 31,
          "deny": 0
        },
        "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-2": {
          "descriptor": "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-2",
          "allow": 31,
          "deny": 0
        },
        "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-3": {
          "descriptor": "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-3",
          "allow": 1,
          "deny": 0
        }
      }
    }
  ]
}

Include child ACLs

範例要求

GET https://dev.azure.com/fabrikam/_apis/accesscontrollists/5a27515b-ccd7-42c9-84f1-54c998f03866?token=1ba198c0-7a12-46ed-a96b-f4e77554c6d4&includeExtendedInfo=False&recurse=True&api-version=7.1

範例回覆

狀態碼:
200 
{
  "count": 2,
  "value": [
    {
      "inheritPermissions": true,
      "token": "1ba198c0-7a12-46ed-a96b-f4e77554c6d4",
      "acesDictionary": {
        "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-1": {
          "descriptor": "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-1",
          "allow": 31,
          "deny": 0
        },
        "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-2": {
          "descriptor": "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-2",
          "allow": 31,
          "deny": 0
        },
        "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-3": {
          "descriptor": "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-3",
          "allow": 1,
          "deny": 0
        }
      }
    },
    {
      "inheritPermissions": true,
      "token": "1ba198c0-7a12-46ed-a96b-f4e77554c6d4\\846cd9c3-56ba-4158-b6d2-23a3a73244e5",
      "acesDictionary": {
        "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-1-2": {
          "descriptor": "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-1-2",
          "allow": 8,
          "deny": 0
        }
      }
    }
  ]
}

Include extended info properties

範例要求

GET https://dev.azure.com/fabrikam/_apis/accesscontrollists/5a27515b-ccd7-42c9-84f1-54c998f03866?token=1ba198c0-7a12-46ed-a96b-f4e77554c6d4&includeExtendedInfo=True&api-version=7.1

範例回覆

狀態碼:
200 
{
  "count": 1,
  "value": [
    {
      "inheritPermissions": true,
      "token": "1ba198c0-7a12-46ed-a96b-f4e77554c6d4",
      "acesDictionary": {
        "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-1": {
          "descriptor": "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-1",
          "allow": 31,
          "deny": 0,
          "extendedInfo": {
            "effectiveAllow": 31
          }
        },
        "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-2": {
          "descriptor": "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-2",
          "allow": 31,
          "deny": 0,
          "extendedInfo": {
            "effectiveAllow": 31
          }
        },
        "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-3": {
          "descriptor": "Microsoft.TeamFoundation.Identity;S-1-9-1551374245-1204400969-2402986413-2179408616-0-0-0-0-3",
          "allow": 1,
          "deny": 0,
          "extendedInfo": {
            "effectiveAllow": 1
          }
        }
      },
      "includeExtendedInfo": true
    }
  ]
}

定義

名稱 Description
AccessControlEntry

封裝指定 IdentityDescriptor 之允許和拒絕許可權的類別。
AccessControlList

AccessControlList 類別的目的是將一組 AccessControlEntries 與安全性令牌及其繼承設定產生關聯。
AceExtendedInformation

保留給定 AccessControlEntry 的繼承且有效的許可權資訊。
IdentityDescriptor

身分識別描述元是識別類型 (Windows SID, Passport) 的包裝函式,以及 SID 或 PUID 等唯一識別碼。

AccessControlEntry

Object

封裝指定 IdentityDescriptor 之允許和拒絕許可權的類別。

名稱 類型 Description
allow

integer (int32)

一組許可權位,表示允許執行相關聯描述元的動作。
deny

integer (int32)

一組許可權位,表示不允許執行相關聯描述元的動作。
descriptor

IdentityDescriptor

這個 AccessControlEntry 所套用之使用者的描述元。
extendedInfo

AceExtendedInformation

當設定時,這個值會報告相關聯描述元的繼承和有效資訊。 只有在 QueryAccessControlList(s) 呼叫所傳回的 AccessControlEntries 上設定這個值,其 includeExtendedInfo 參數設定為 true。

AccessControlList

Object

AccessControlList 類別的目的是將一組 AccessControlEntries 與安全性令牌及其繼承設定產生關聯。

名稱 類型 Description
acesDictionary

<string,  AccessControlEntry>

許可權所在身分識別上金鑰的許可權儲存。
includeExtendedInfo

boolean

True 是表示 如果此 ACL 保存具有擴充資訊的 ACE。
inheritPermissions

boolean

如果指定的令牌繼承父系的許可權,則為 True。
token

string

此 AccessControlList 的令牌。

AceExtendedInformation

Object

保留給定 AccessControlEntry 的繼承且有效的許可權資訊。

名稱 類型 Description
effectiveAllow

integer (int32)

這是此令牌上此身分識別之所有明確和繼承許可權的組合。 這些是判斷指定使用者是否有權執行動作時所使用的許可權。
effectiveDeny

integer (int32)

這是此令牌上此身分識別之所有明確和繼承許可權的組合。 這些是判斷指定使用者是否有權執行動作時所使用的許可權。
inheritedAllow

integer (int32)

這些是此令牌上此身分識別所繼承的許可權。 如果令牌未繼承許可權,這將會是 0。 請注意,此身分識別在此令牌上明確設定的任何許可權,或此身分識別所屬的任何群組,都不包含在此。
inheritedDeny

integer (int32)

這些是此令牌上此身分識別所繼承的許可權。 如果令牌未繼承許可權,這將會是 0。 請注意,此身分識別在此令牌上明確設定的任何許可權,或此身分識別所屬的任何群組,都不包含在此。

IdentityDescriptor

Object

身分識別描述元是識別類型 (Windows SID, Passport) 的包裝函式,以及 SID 或 PUID 等唯一識別碼。

名稱 類型 Description
identifier

string

此身分識別的唯一標識符,不超過 256 個字元,這會保存。
identityType

string

描述項的類型(例如 Windows、Passport 等)。