复杂的 Microsoft Graph API 查询,可能吗?

问题描述 投票:0回答:1

假设我想查询属于 

microsoft.graph.group
成员的 
Group A
列表,并且我想在结果集中包含那些类型为 
microsoft.graph.user
的组的成员,但仅限于分配给 
 的用户App Role B

这可能吗?有人能让我朝这个方向开始吗(我被难住了)?这是我到目前为止所拥有的:

https://graph.microsoft.com/v1.0/groups/00000000-0000-0000-0000-000000000000/members/microsoft.graph.group?$expand=members($select=id,displayName)&$select=id,displayName

这产生了以下数据集(当然是经过编辑的):

[
    {
        "id": "00000000-0000-0000-0000-000000000000",
        "displayName": "Group (52)",
        "members": [
            {
                "@odata.type": "#microsoft.graph.user",
                "id": "00000000-0000-0000-0000-000000000000",
                "displayName": "Marshawn Lynch"
            },
            {
                "@odata.type": "#microsoft.graph.user",
                "id": "00000000-0000-0000-0000-000000000000",
                "displayName": "Richard Sherman"
            }
        ]
    },
    {
        "id": "00000000-0000-0000-0000-000000000000",
        "displayName": "Group (542)",
        "members": [
            {
                "@odata.type": "#microsoft.graph.user",
                "id": "00000000-0000-0000-0000-000000000000",
                "displayName": "Kam Chancellor"
            },
            {
                "@odata.type": "#microsoft.graph.user",
                "id": "00000000-0000-0000-0000-000000000000",
                "displayName": "Earl Thomas"
            }
        ]
    },
    {
        "id": "00000000-0000-0000-0000-000000000000",
        "displayName": "Group (821)",
        "members": [
            {
                "@odata.type": "#microsoft.graph.user",
                "id": "00000000-0000-0000-0000-000000000000",
                "displayName": "Tyler Lockett"
            },
            {
                "@odata.type": "#microsoft.graph.user",
                "id": "00000000-0000-0000-0000-000000000000",
                "displayName": "D.K. Metcalf"
            }
        ]
    }
]

唯一缺少的是对用户的过滤。谁能帮忙?

编辑1:

我尝试了以下查询来应用用户过滤器:

https://graph.microsoft.com/v1.0/groups/00000000-0000-0000-0000-000000000000/members/microsoft.graph.group?$expand=members($select=id,displayName,appRoleAssignments;$filter=type eq 'microsoft.graph.user';$expand=appRoleAssignments($select=appRoleId))&$select=id,displayName

这产生了以下错误:

{
    "error": {
        "code": "BadRequest",
        "message": "Parsing OData Select and Expand failed: Could not find a property named 'appRoleAssignments' on type 'microsoft.graph.directoryObject'.",
        "innerError": {
            "date": "2024-01-04T23:16:32",
            "request-id": "00000000-0000-0000-0000-000000000000",
            "client-request-id": "00000000-0000-0000-0000-000000000000"
        }
    }
}
azure-active-directory microsoft-graph-api microsoft-entra-id
1个回答
0
投票

我使用相同的查询并得到如下结果:

https://graph.microsoft.com/v1.0/groups/GroupAID/members/microsoft.graph.group?$expand=members($select=id,displayName)&$select=id,displayName

enter image description here

注意:您可以在一个查询中过滤用户和组,从而使用不同的调用。

作为解决方法,要仅检索组的成员,请使用以下查询:

https://graph.microsoft.com/v1.0/groups/GroupID/members/microsoft.graph.user?$select=id,displayName

enter image description here

注意:Microsoft Graph 不支持 appRoleId 上的 $filter。检查这个 Microsoft QnA,作者:CarlZhao-MSFT。

因此,您必须单独检查用户的应用程序角色分配或按 

resourceId
进行过滤,如下所示:

https://graph.microsoft.com/v1.0/users/UserID/appRoleAssignments

enter image description here

resourceId
过滤:

https://graph.microsoft.com/v1.0/users/UserID/appRoleAssignments?$filter=resourceId eq ResourceID

enter image description here

参考:

列出授予用户的 appRoleAssignments - Microsoft Graph v1.0 |微软

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.