Crear permissionGrantConditionSet en excluye la colección de permissionGrantPolicy
Artículo
Espacio de nombres: microsoft.graph
Agregue condiciones en las que se excluye un evento de concesión de permisos en una directiva de concesión de permisos. Para ello, agregue un permissionGrantConditionSet a la colección excludes de un permissionGrantPolicy.
Elija el permiso o los permisos marcados como con privilegios mínimos para esta API. Use un permiso o permisos con privilegios superiores solo si la aplicación lo requiere. Para obtener más información sobre los permisos delegados y de aplicación, consulte Tipos de permisos. Para obtener más información sobre estos permisos, consulte la referencia de permisos.
Tipo de permiso
Permisos con privilegios mínimos
Permisos con privilegios más altos
Delegado (cuenta profesional o educativa)
Policy.ReadWrite.PermissionGrant
No disponible.
Delegado (cuenta personal de Microsoft)
No admitida.
No admitida.
Aplicación
Policy.ReadWrite.PermissionGrant
No disponible.
Solicitud HTTP
POST /policies/permissionGrantPolicies/{id}/excludes
En el cuerpo de la solicitud, proporcione una representación JSON de un objeto permissionGrantConditionSet .
Respuesta
Si se ejecuta correctamente, este método devuelve un 201 Created código de respuesta y un objeto permissionGrantConditionSet en el cuerpo de la respuesta.
Ejemplos
Solicitud
En este ejemplo, todos los permisos delegados para Microsoft Graph (appId 00000003-0000-0000-c000-0000000000000000) se excluyen de la directiva de concesión de permisos.
POST https://graph.microsoft.com/v1.0/policies/permissionGrantPolicies/my-custom-consent-policy/excludes
Content-Type: application/json
{
"permissionType": "delegated",
"resourceApplication": "00000003-0000-0000-c000-000000000000"
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Models;
var requestBody = new PermissionGrantConditionSet
{
PermissionType = PermissionType.Delegated,
ResourceApplication = "00000003-0000-0000-c000-000000000000",
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Policies.PermissionGrantPolicies["{permissionGrantPolicy-id}"].Excludes.PostAsync(requestBody);
// Code snippets are only available for the latest major version. Current major version is $v1.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewPermissionGrantConditionSet()
permissionType := graphmodels.DELEGATED_PERMISSIONTYPE
requestBody.SetPermissionType(&permissionType)
resourceApplication := "00000003-0000-0000-c000-000000000000"
requestBody.SetResourceApplication(&resourceApplication)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
excludes, err := graphClient.Policies().PermissionGrantPolicies().ByPermissionGrantPolicyId("permissionGrantPolicy-id").Excludes().Post(context.Background(), requestBody, nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
PermissionGrantConditionSet permissionGrantConditionSet = new PermissionGrantConditionSet();
permissionGrantConditionSet.setPermissionType(PermissionType.Delegated);
permissionGrantConditionSet.setResourceApplication("00000003-0000-0000-c000-000000000000");
PermissionGrantConditionSet result = graphClient.policies().permissionGrantPolicies().byPermissionGrantPolicyId("{permissionGrantPolicy-id}").excludes().post(permissionGrantConditionSet);
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\PermissionGrantConditionSet;
use Microsoft\Graph\Generated\Models\PermissionType;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new PermissionGrantConditionSet();
$requestBody->setPermissionType(new PermissionType('delegated'));
$requestBody->setResourceApplication('00000003-0000-0000-c000-000000000000');
$result = $graphServiceClient->policies()->permissionGrantPolicies()->byPermissionGrantPolicyId('permissionGrantPolicy-id')->excludes()->post($requestBody)->wait();
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.models.permission_grant_condition_set import PermissionGrantConditionSet
from msgraph.generated.models.permission_type import PermissionType
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = PermissionGrantConditionSet(
permission_type = PermissionType.Delegated,
resource_application = "00000003-0000-0000-c000-000000000000",
)
result = await graph_client.policies.permission_grant_policies.by_permission_grant_policy_id('permissionGrantPolicy-id').excludes.post(request_body)