关于 Microsoft Graph API 中组权限范围的管理员同意 [英] Regarding admin consent for Group Permission Scope in Microsoft Graph API

问题描述

目前，Azure AD 应用程序委派的权限Group.Read.All"和Group.ReadWrite.All"需要管理员同意.

Currently the Azure AD application delegated permissions "Group.Read.All" and "Group.ReadWrite.All" requires admin consent.

参考:http://graph.microsoft.io/en-us/docs/overview/release_notes

/////从以下 URL 截取/////

/////snip from the below URL/////

组权限范围

Microsoft Graph 公开了两个权限范围(Group.Read.All 和 Group.ReadWrite.All)，用于访问组 API.这些权限范围必须得到管理员的同意(这是对预览的更改).未来我们计划为用户同意的群组添加新的范围.

The Microsoft Graph exposes two permission scopes (Group.Read.All and Group.ReadWrite.All) for access to groups APIs. These permission scopes must be consented to by an administrator (which is a change from preview). In the future we plan to add new scopes for groups that can be consented by users.

/////剪辑结束/////

/////snip end/////

在我们的应用程序中，我们需要仅在用户同意的情况下才能获得这些范围权限.请让我们知道此功能的任何解决方法和预计到达时间.

In our application we have requirement for these scope permissions with user consent alone. Please let us know any workaround and ETA for this feature.

推荐答案

截至今天，Microsoft Graph 中的所有组权限仍需要管理员同意.但是，我们目前正在开发一项功能，允许应用程序请求访问一个或多个特定组，并且最终用户将能够在这种情况下同意.我们还没有这方面的预计到达时间——但我们正在积极努力.

As of today, all Groups permissions in Microsoft Graph still require administrator consent. However, we're currently working on a feature that will allow applications to request access to one or more specific groups, and end-users will be able to consent in this case. We don't have an ETA yet for this- but we are actively working on it.

这篇关于关于 Microsoft Graph API 中组权限范围的管理员同意的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！