我有一个蔚蓝的功能,由托管身份作为后盾。
在同一AD上有Office 365,带有一个名为“ demonews”的SharePoint网站。
如何添加权限/将托管身份添加到“ demonews”组,以便其可以访问SharePoint API?
我尝试在SharePoint网站上添加成员,我尝试在AD组上添加成员。下拉列表找不到托管身份。
答案 0 :(得分:0)
我认为这是您想要的:
基本上,您将获得Office 365 SharePoint的Azure服务主体以及角色。
#Get the sharePoint principal
$sharePoint = (Get-AzureADServicePrincipal -SearchString “Office 365 SharePoint”).ObjectId
#Get the Roles for that principal
$appRoles = Get-AzureADServicePrincipal -SearchString “Office 365 SharePoint” | %{$_.AppRoles}
#Find the specific role
$appRole = AppRoles.Where({ $_.Value -eq "Sites.Manage.All" }
#You will also need to get the service principal for your function app
#Get the function app object id
$myfunctionapp = (Get-AzureADServicePrincipal -SearchString “myfunctionapp”).ObjectId
#assign the role to the MSI for the sharepoint resource
New-AzureADServiceAppRoleAssignment -ObjectId $myfunctionapp -PrincipalId $myfunctionapp -ResourceId $sharePoint -Id $appRole
然后,您可以使用本地MSI端点和密码获取令牌。