Microsoft Graph按resourceScope列出RBACRoleAssignments [英] Microsoft Graph list RBACRoleAssignments by resourceScope

问题描述

我想用GraphAPI列出组的roleAssignments. 但是我只看到 API 列出整个roleAssignments.
我尝试使用$filter子句按resourceScopes/scopeMembers进行过滤，但无法正常工作.

I would like list roleAssignments of a group with GraphAPI. But I only see an API to list whole roleAssignments.
I tried to filter by resourceScopes/scopeMembers using $filter clause but it's not working.

我应该自己过滤整个列表，还是有其他方法可以做到?

Should I filter this whole list myself or is there any other way to do it?

推荐答案

似乎您正在寻找

It seems like you are looking for Azure RBAC role assignments.

这些与您链接的内容不同，它们是Intune设备管理角色分配(特定于 Azure AD应用程序角色分配(用于将应用程序或用户/组分配给另一个应用程序的角色)和Azure AD目录角色成员身份(用于将用户分配给目录角色).

These are different from what you've linked to, which are Intune device management role assignments (which are specific to Intune RBAC roles). They are also different from Azure AD app role assignments (which are for assigning an app or a user/group to another app's role), and Azure AD directory role membership (which is for assigning users to directory roles).

您可以

You can list all Azure RBAC role assignments using the Azure Management API. You can also filter this request by scope and/or by which user, group or app the role assignment is for.

例如，要列出已将组{group-id}分配给订阅{sub-id}的所有范围:

For example, to list all the scopes a group {group-id} has been assigned to for a subscription {sub-id}:

GET https://management.azure.com/subscriptions/{sub-id}/providers/Microsoft.Authorization/roleAssignments?api-version=2015-07-01&$filter=principalId%20eq%20'{group-id}'

有关更多详细信息，您可以阅读

For more details, you can read Manage Role-Based Access Control with the REST API.

这篇关于Microsoft Graph按resourceScope列出RBACRoleAssignments的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！