我正在尝试使用Microsoft Graph将应用程序特定的角色分配给我们AD组中的用户。
我将请求发送到的链接:
https://graph.microsoft.com/beta/users/{oID of the user I want to assign the role to}/appRoleAssignments/{Object ID of the AD enterprise app}
在请求内:
{"id": "ID of the role I'm trying to assign to the user"}
错误:
"code": "BadRequest",
"message": "Write requests are only supported on contained entities",
文档没有很好地定义示例中的参数,我尝试了各种可能性,但这是我获得的唯一有意义的结果。
答案 0 :(得分:3)
Microsoft Graph当前不支持此功能。要创建应用角色分配,您需要使用Azure AD Graph:
POST https://graph.windows.net/myorganization/users/{user-object-id}/appRoleAssignments
{
"principalId": "{user-object-id}",
"resourceId": "{service-principal-object-id}",
"id": "{app-role-id}"
}