用于权限 User.Invite.All 的 MS 图形指南 [英] MS graph guid for permission User.Invite.All

问题描述

graph.microsoft.com

User.Invite.All guid = ?????

答案中的图表邀请权限安全解决方案 …

(下面的列表现已更新为 User.Invite.All guid)

----------------------------------------------------- 
Microsoft Graph (API) 
 - resourceAppId 00000003-0000-0000-c000-000000000000 
-----------------------------------------------------

User.ReadWrite.All 
   -  741f803b-c850-494e-b5df-cde7c675a1ca

Directory.ReadWrite.All (+)
   -  19dbc75e-c2e2-444c-a770-ec69d8559fc7

User.Invite.All
   -  09850681-111b-4a89-9bed-3f2cae46d706


-----------------------------------------------------
Windows Azure Active Directory (API)
 - resourceAppId 00000002-0000-0000-c000-000000000000 
-----------------------------------------------------

Directory.Read.All  
 - Read directory data 
 - 5778995a-e1bf-45b8-affa-663a9f3f4d04 

Domain.ReadWrite.All (*)
 - Read and write domains 
 - abefe9df-d5a9-41c6-a60b-27b38eac3efb

Directory.ReadWrite.All (+)
 - Read and write directory data
 - 78c8a3c8-a07e-4b9e-af1b-b5ccab50a175 

Device.ReadWrite.All
 - Read and write devices
 - 1138cb37-bd11-4084-a2b7-9f71582aeddb 

Member.Read.Hidden
 - Read all hidden memberships
 -  9728c0c4-a06b-4e0e-8d1b-3d694e8ec207

Application.ReadWrite.OwnedBy
 - Manage apps that this app creates or owns
 - 824c81eb-e3f8-4ee6-8f6d-de7f50d565b7

Application.ReadWrite.All
 - Read and write all applications
 - 1cda74f2-2616-4834-b122-5cb1b07f8a59

Domain.ReadWrite.All (*) 
 - Read and write domains
 - aaff0dfd-0295-48b6-a5cc-9f465bc87928 

(*) Note these have the same name and description - two seperate guids within AD
(+) Notice same scope name in two diferent resourceAppIDs (Graph vs. AD)

上面的列表可能对某人非常有用，因为我无法在任何地方找到包含文件或键入 def.当您在范围调用中使用文本名称时，这很有意义.

The above list may be very useful to someone as I was not able to find an include file or type def anywhere. Which makes sense as you use the text name in scope calls.

推荐答案

邀请管理器 Microsoft Graph 安全权限 - 关键细节

邀请服务"是 Graph 的一部分，而不是 AD 的一部分.

The invitations "service" is part of Graph not part of AD.

AD 看起来像是 Graph 的一部分，而 Graph 看起来像是 AD 的一部分，但它们具有不同的安全设置上下文和范围，而在某些范围中恰好具有完全相同的权限名称.

AD looks like it is part of Graph and Graph looks like it is part of AD but they have different security setup contexts and scopes that happen to have the exact same permission names in some of the scopes.

如果您要在 Azure 中设置需要访问 Invitations API 的应用程序，请确保您添加对 Graph 的特定引用，以及在您创建时为您创建的 AD API 引用.首先创建一个应用注册.

If you are setting up an application in Azure that needs access to the Invitations API then make sure you add a specific reference to Graph in addition to the AD API reference that is created for you when you first create an application registration.

仅供参考:邀请看起来像是普通完整 v1.0 图表的一部分，而不再只是测试版.https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/resources/invitationhttps://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/api/invitation_posthttps://graph.microsoft.com/v1.0/invitationshttps://graph.microsoft.com/beta/invitations

FYI: The Invitations looks like it is part of normal full v1.0 Graph and not beta only anymore. https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/resources/invitation https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/api/invitation_post https://graph.microsoft.com/v1.0/invitations https://graph.microsoft.com/beta/invitations

这篇关于用于权限 User.Invite.All 的 MS 图形指南的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！