使用Microsoft Graph扩展MemberOf不会填充组 [英] Expanding MemberOf with Microsoft Graph does not populate groups

问题描述

背景
目前，我正在努力在自己的门户中实施Azure Active Directory用户管理，以为我们不想在Azure门户中窥探的用户启用用户管理.我已经使用应用程序权限实现了它，因此我们可以让Azure管理员授予对此特定应用程序的权限. RBAC与我们应用程序中的用户角色一起确保只有授权用户才能使用该功能.

Background
Currently I'm working on implementing Azure Active Directory user management in our own portal to enable user management for users we don't want snooping around in the Azure Portal. I've implemented it using application permissions so we can have the Azure admin grant permissions to this one specific application. RBAC together with user roles in our application make sure only authorized users are able to use the functionality.

我们要启用的功能之一就是邀请用户加入我们的Azure Active Directory租户.我设法实现了这一点，一切似乎都很棒.下一步是使用分配的角色实施用户概述.

One of the things we wanted to enable is inviting users into our Azure Active Directory tenant. I managed to implement that one, and everything seemed great. Next step was to implement a user overview with their assigned roles.

顺便说一下，这些是必需的(并已授予)权限:

By the way, these are the required (and granted) permissions:

• 邀请访客用户加入组织
• 阅读所有组
• 读取目录数据
• 阅读所有用户的完整个人资料

问题
让用户成为租户是没有问题的.无法获取用户列表的MemberOf信息.经过一些搜索后，我发现您的应用程序需要Directory.Read.All权限(

The issue
Getting the users in the tenant is no issue. Getting the MemberOf information for a list of users does not work. After some searching I found your application needs the Directory.Read.All permission (documentation on List memberOf). I added the permission, tested the code with anticipation: nothing. The MemberOf property is always null.

不起作用的情况:
为所有用户扩展MemberOf:

Scenarios that do not work:
Expanding MemberOf for a all users:

var allUsers = await _graphClient.Users.Request().Expand(u => u.MemberOf).GetAsync();

扩展特定用户的MemberOf:

Expanding MemberOf for a specific user:

var user = await _graphClient.Users[userId].Request().Expand(u => u.MemberOf).GetAsync();

起作用的情况:
让所有组扩大成员:

Scenarios that do work:
Getting all groups expanding Members:

var groupsWithMembers = await _graphClient.Groups.Request().Expand(g => g.Members).GetAsync();

获取特定用户的MemberOf信息:

Getting the MemberOf information for a specific user:

var userGroups = await _graphClient.Users[userId].MemberOf.Request().GetAsync();

问题
简而言之:我在这里想念什么?据我所知，我已经设置了应用程序所需的权限，并且正在使用所记录的SDK.考虑到扩展用户的Members属性确实有效的事实，这应该是正确的.

The question
In short: what am I missing here? As far as I can determine I've set the permissions the application needs, and I'm using the SDK like documented. And that should be correct given the fact that expanding the users' Members property does work.

有什么想法吗?

推荐答案

不幸的是，文档对该主题有些含糊，但目前/v1.0端点不支持扩展memberOf属性.但是，/beta端点支持它.

The documentation is, unfortunately, a little vague on the topic but currently, the /v1.0 endpoint doesn't support expanding the memberOf property. It is however supported by the /beta endpoint.

我的建议是为此呼叫切换到/beta.通常，指南是避免在生产中使用Beta. v1.0和Beta实体之间通常存在细微的架构差异，并且此端点可以(并且确实)收到重大更改而不会发出警告.但是，在这种特定情况下，这应该不成问题，因为您扩展了v1.0中已经存在的属性(尽管当前不起作用)/

My recommendation would be to switch to /beta for this call. Normally the guidance is to avoid using Beta in production. There are often subtle schema differences between v1.0 and Beta entities and this endpoint can (and does) receive breaking change without warning. In this specific case, however, it shouldn't be an issue since your expanding a property that already exists in v1.0 (albeit currently non-functional)/

这篇关于使用Microsoft Graph扩展MemberOf不会填充组的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！