写入请求仅在包含的实体上受支持，Microsoft Graph API 在尝试 PATCH/POST 以将 AD 应用角色分配给用户时 [英] Write requests are only supported on contained entities, Microsoft Graph API when trying to PATCH/POST to assign AD App role to user

问题描述

I'm trying to assign app-specific roles to a user in our AD group using Microsoft Graph.

The link I'm sending the request to:

https://graph.microsoft.com/beta/users/{oID of the user I want to assign the role to}/appRoleAssignments/{Object ID of the AD enterprise app}

Inside the request:

{"id": "ID of the role I'm trying to assign to the user"}

The error:

"code": "BadRequest", "message": "Write requests are only supported on contained entities",

The documentation doesn't define parameters in the example well and I've tried various possibilities but this is the only meaningful result I've gotten.

解决方案

This isn't current supported by Microsoft Graph. To create app role assignments, you'll need to use Azure AD Graph:

POST https://graph.windows.net/myorganization/users/{user-object-id}/appRoleAssignments

{
    "principalId": "{user-object-id}",
    "resourceId": "{service-principal-object-id}",
    "id": "{app-role-id}"
}

这篇关于写入请求仅在包含的实体上受支持，Microsoft Graph API 在尝试 PATCH/POST 以将 AD 应用角色分配给用户时的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！