选择“激活”。
如果角色需要审批才能激活,在浏览器右上角会显示通知,告知请求正在等待审批。
使用 Microsoft Graph API 激活角色
有关适用于 PIM 的 Microsoft Graph API 的详细信息,请参阅通过 Privileged Identity Management (PIM) API 进行角色管理概述。
获取可激活的所有符合条件的角色
当用户通过组成员身份获取其角色资格时,此 Microsoft Graph 请求不会返回其资格。
HTTP 请求
GET https://graph.microsoft.com/v1.0/roleManagement/directory/roleEligibilityScheduleRequests/filterByCurrentUser(on='principal')
HTTP 响应
为了节省空间,我们将只显示一个角色的响应,但会列出你可以激活的所有符合条件的角色分配。
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#Collection(unifiedRoleEligibilityScheduleRequest)",
"value": [
{
"@odata.type": "#microsoft.graph.unifiedRoleEligibilityScheduleRequest",
"id": "50d34326-f243-4540-8bb5-2af6692aafd0",
"status": "Provisioned",
"createdDateTime": "2022-04-12T18:26:08.843Z",
"completedDateTime": "2022-04-12T18:26:08.89Z",
"approvalId": null,
"customData": null,
"action": "adminAssign",
"principalId": "aaaaaaaa-bbbb-cccc-1111-222222222222",
"roleDefinitionId": "8424c6f0-a189-499e-bbd0-26c1753c96d4",
"directoryScopeId": "/",
"appScopeId": null,
"isValidationOnly": false,
"targetScheduleId": "50d34326-f243-4540-8bb5-2af6692aafd0",
"justification": "Assign Attribute Assignment Admin eligibility to myself",
"createdBy": {
"application": null,
"device": null,
"user": {
"displayName": null,
"id": "00aa00aa-bb11-cc22-dd33-44ee44ee44ee"
}
},
"scheduleInfo": {
"startDateTime": "2022-04-12T18:26:08.8911834Z",
"recurrence": null,
"expiration": {
"type": "afterDateTime",
"endDateTime": "2024-04-10T00:00:00Z",
"duration": null
}
},
"ticketInfo": {
"ticketNumber": null,
"ticketSystem": null
}
}
]
}
自行激活一个角色资格并说明理由
HTTP 请求
POST https://graph.microsoft.com/v1.0/roleManagement/directory/roleAssignmentScheduleRequests
{
"action": "selfActivate",
"principalId": "aaaaaaaa-bbbb-cccc-1111-222222222222",
"roleDefinitionId": "8424c6f0-a189-499e-bbd0-26c1753c96d4",
"directoryScopeId": "/",
"justification": "I need access to the Attribute Administrator role to manage attributes to be assigned to restricted AUs",
"scheduleInfo": {
"startDateTime": "2022-04-14T00:00:00.000Z",
"expiration": {
"type": "AfterDuration",
"duration": "PT5H"
}
},
"ticketInfo": {
"ticketNumber": "CONTOSO:Normal-67890",
"ticketSystem": "MS Project"
}
}
HTTP 响应
HTTP/1.1 201 Created
Content-Type: application/json
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#roleManagement/directory/roleAssignmentScheduleRequests/$entity",
"id": "911bab8a-6912-4de2-9dc0-2648ede7dd6d",
"status": "Granted",
"createdDateTime": "2022-04-13T08:52:32.6485851Z",
"completedDateTime": "2022-04-14T00:00:00Z",
"approvalId": null,
"customData": null,
"action": "selfActivate",
"principalId": "aaaaaaaa-bbbb-cccc-1111-222222222222",
"roleDefinitionId": "8424c6f0-a189-499e-bbd0-26c1753c96d4",
"directoryScopeId": "/",
"appScopeId": null,
"isValidationOnly": false,
"targetScheduleId": "911bab8a-6912-4de2-9dc0-2648ede7dd6d",
"justification": "I need access to the Attribute Administrator role to manage attributes to be assigned to restricted AUs",
"createdBy": {
"application": null,
"device": null,
"user": {
"displayName": null,
"id": "071cc716-8147-4397-a5ba-b2105951cc0b"
}
},
"scheduleInfo": {
"startDateTime": "2022-04-14T00:00:00Z",
"recurrence": null,
"expiration": {
"type": "afterDuration",
"endDateTime": null,
"duration": "PT5H"
}
},
"ticketInfo": {
"ticketNumber": "CONTOSO:Normal-67890",
"ticketSystem": "MS Project"
}
}