创建 delegatedAdminRelationship
本文内容
命名空间:microsoft.graph
重要
Microsoft Graph /beta 版本下的 API 可能会发生更改。 不支持在生产应用程序中使用这些 API。 若要确定 API 是否在 v1.0 中可用,请使用 版本 选择器。
创建新的 delegatedAdminRelationship 对象。
此 API 可用于以下国家级云部署 。
全局服务
美国政府 L4
美国政府 L5 (DOD)
由世纪互联运营的中国
✅
❌
❌
❌
权限
为此 API 选择标记为最低特权的权限。
只有在应用需要它时 ,才使用更高的特权权限。 有关委派权限和应用程序权限的详细信息,请参阅权限类型 。 要了解有关这些权限的详细信息,请参阅 权限参考 。
权限类型
最低特权权限
更高特权权限
委派(工作或学校帐户)
DelegatedAdminRelationship.ReadWrite.All
不可用。
委派(个人 Microsoft 帐户)
不支持。
不支持。
应用程序
DelegatedAdminRelationship.ReadWrite.All
不可用。
重要
若要使用应用程序权限调用此 API,必须在合作伙伴租户中预配由 appId 2832473f-ec63-45fb-976f-5d45a7d4bb91 标识并命名为 合作伙伴客户委托管理 的服务主体。 若要在合作伙伴租户中预配服务主体,请调用 创建 servicePrincipal API。
HTTP 请求
POST /tenantRelationships/delegatedAdminRelationships
名称
说明
Authorization
持有者 {token}。 必填。 详细了解 身份验证和授权 。
Content-Type
application/json. 必需。
请求正文
在请求正文中,提供 delegatedAdminRelationship 对象的 JSON 表示形式。
创建 delegatedAdminRelationship 时,可以指定以下属性。
属性
类型
说明
accessDetails
delegatedAdminAccessDetails
合作伙伴在客户租户中请求或有权访问的管理角色的标识符。 必填。
autoExtendDuration
持续时间
关系有效期自动延长的持续时间,以 ISO 8601 格式表示。 支持的值为: P0D、 PT0S、 P180D。 默认值为 PT0S。
PT0S 指示关系在达到 endDateTime 时过期,并且不会自动扩展。 可选。
客户
delegatedAdminRelationshipCustomerParticipant
关系的客户的显示名称和唯一标识符。 可选。
displayName
String
为便于识别而使用的关系的显示名称。 在合作伙伴 的所有 委派管理员关系中必须是唯一的。 必填。 最大长度为 50 个字符。
duration
持续时间
ISO 8601 格式的关系持续时间。 必须是 和 P2Y (含)之间的P1D值。 必填。
响应
如果成功,此方法在 201 Created 响应正文中返回响应代码和 delegatedAdminRelationship 对象。
响应包含 一个 Location 标头,其中包含已创建的委托管理关系的 URL。 根据RFC2616,每个 delegatedAdminRelationship 对象都包含一个 @odata.etag 属性。
示例
请求
POST https://graph.microsoft.com/beta/tenantRelationships/delegatedAdminRelationships
Content-Type: application/json
{
"displayName": "Contoso admin relationship",
"duration": "P730D",
"customer": {
"tenantId": "4b827261-d21f-4aa9-b7db-7fa1f56fb163",
"displayName": "Contoso subsidiary Inc"
},
"accessDetails": {
"unifiedRoles": [
{
"roleDefinitionId": "29232cdf-9323-42fd-ade2-1d097af3e4de"
},
{
"roleDefinitionId": "3a2c62db-5318-420d-8d74-23affee5d9d5"
}
]
},
"autoExtendDuration": "P180D"
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models;
var requestBody = new DelegatedAdminRelationship
{
DisplayName = "Contoso admin relationship",
Duration = TimeSpan.Parse("P730D"),
Customer = new DelegatedAdminRelationshipCustomerParticipant
{
TenantId = "4b827261-d21f-4aa9-b7db-7fa1f56fb163",
DisplayName = "Contoso subsidiary Inc",
},
AccessDetails = new DelegatedAdminAccessDetails
{
UnifiedRoles = new List<UnifiedRole>
{
new UnifiedRole
{
RoleDefinitionId = "29232cdf-9323-42fd-ade2-1d097af3e4de",
},
new UnifiedRole
{
RoleDefinitionId = "3a2c62db-5318-420d-8d74-23affee5d9d5",
},
},
},
AutoExtendDuration = TimeSpan.Parse("P180D"),
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.TenantRelationships.DelegatedAdminRelationships.PostAsync(requestBody);
mgc-beta tenant-relationships delegated-admin-relationships create --body '{\
"displayName": "Contoso admin relationship",\
"duration": "P730D",\
"customer": {\
"tenantId": "4b827261-d21f-4aa9-b7db-7fa1f56fb163",\
"displayName": "Contoso subsidiary Inc"\
},\
"accessDetails": {\
"unifiedRoles": [\
{\
"roleDefinitionId": "29232cdf-9323-42fd-ade2-1d097af3e4de"\
},\
{\
"roleDefinitionId": "3a2c62db-5318-420d-8d74-23affee5d9d5"\
}\
]\
},\
"autoExtendDuration": "P180D"\
}\
'
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
abstractions "github.com/microsoft/kiota-abstractions-go"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewDelegatedAdminRelationship()
displayName := "Contoso admin relationship"
requestBody.SetDisplayName(&displayName)
duration , err := abstractions.ParseISODuration("P730D")
requestBody.SetDuration(&duration)
customer := graphmodels.NewDelegatedAdminRelationshipCustomerParticipant()
tenantId := "4b827261-d21f-4aa9-b7db-7fa1f56fb163"
customer.SetTenantId(&tenantId)
displayName := "Contoso subsidiary Inc"
customer.SetDisplayName(&displayName)
requestBody.SetCustomer(customer)
accessDetails := graphmodels.NewDelegatedAdminAccessDetails()
unifiedRole := graphmodels.NewUnifiedRole()
roleDefinitionId := "29232cdf-9323-42fd-ade2-1d097af3e4de"
unifiedRole.SetRoleDefinitionId(&roleDefinitionId)
unifiedRole1 := graphmodels.NewUnifiedRole()
roleDefinitionId := "3a2c62db-5318-420d-8d74-23affee5d9d5"
unifiedRole1.SetRoleDefinitionId(&roleDefinitionId)
unifiedRoles := []graphmodels.UnifiedRoleable {
unifiedRole,
unifiedRole1,
}
accessDetails.SetUnifiedRoles(unifiedRoles)
requestBody.SetAccessDetails(accessDetails)
autoExtendDuration , err := abstractions.ParseISODuration("P180D")
requestBody.SetAutoExtendDuration(&autoExtendDuration)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
delegatedAdminRelationships, err := graphClient.TenantRelationships().DelegatedAdminRelationships().Post(context.Background(), requestBody, nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
DelegatedAdminRelationship delegatedAdminRelationship = new DelegatedAdminRelationship();
delegatedAdminRelationship.setDisplayName("Contoso admin relationship");
PeriodAndDuration duration = PeriodAndDuration.ofDuration(Duration.parse("P730D"));
delegatedAdminRelationship.setDuration(duration);
DelegatedAdminRelationshipCustomerParticipant customer = new DelegatedAdminRelationshipCustomerParticipant();
customer.setTenantId("4b827261-d21f-4aa9-b7db-7fa1f56fb163");
customer.setDisplayName("Contoso subsidiary Inc");
delegatedAdminRelationship.setCustomer(customer);
DelegatedAdminAccessDetails accessDetails = new DelegatedAdminAccessDetails();
LinkedList<UnifiedRole> unifiedRoles = new LinkedList<UnifiedRole>();
UnifiedRole unifiedRole = new UnifiedRole();
unifiedRole.setRoleDefinitionId("29232cdf-9323-42fd-ade2-1d097af3e4de");
unifiedRoles.add(unifiedRole);
UnifiedRole unifiedRole1 = new UnifiedRole();
unifiedRole1.setRoleDefinitionId("3a2c62db-5318-420d-8d74-23affee5d9d5");
unifiedRoles.add(unifiedRole1);
accessDetails.setUnifiedRoles(unifiedRoles);
delegatedAdminRelationship.setAccessDetails(accessDetails);
PeriodAndDuration autoExtendDuration = PeriodAndDuration.ofDuration(Duration.parse("P180D"));
delegatedAdminRelationship.setAutoExtendDuration(autoExtendDuration);
DelegatedAdminRelationship result = graphClient.tenantRelationships().delegatedAdminRelationships().post(delegatedAdminRelationship);
const options = {
authProvider,
};
const client = Client.init(options);
const delegatedAdminRelationship = {
displayName: 'Contoso admin relationship',
duration: 'P730D',
customer: {
tenantId: '4b827261-d21f-4aa9-b7db-7fa1f56fb163',
displayName: 'Contoso subsidiary Inc'
},
accessDetails: {
unifiedRoles: [
{
roleDefinitionId: '29232cdf-9323-42fd-ade2-1d097af3e4de'
},
{
roleDefinitionId: '3a2c62db-5318-420d-8d74-23affee5d9d5'
}
]
},
autoExtendDuration: 'P180D'
};
await client.api('/tenantRelationships/delegatedAdminRelationships')
.version('beta')
.post(delegatedAdminRelationship);
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\DelegatedAdminRelationship;
use Microsoft\Graph\Beta\Generated\Models\DelegatedAdminRelationshipCustomerParticipant;
use Microsoft\Graph\Beta\Generated\Models\DelegatedAdminAccessDetails;
use Microsoft\Graph\Beta\Generated\Models\UnifiedRole;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new DelegatedAdminRelationship();
$requestBody->setDisplayName('Contoso admin relationship');
$requestBody->setDuration(new \DateInterval('P730D'));
$customer = new DelegatedAdminRelationshipCustomerParticipant();
$customer->setTenantId('4b827261-d21f-4aa9-b7db-7fa1f56fb163');
$customer->setDisplayName('Contoso subsidiary Inc');
$requestBody->setCustomer($customer);
$accessDetails = new DelegatedAdminAccessDetails();
$unifiedRolesUnifiedRole1 = new UnifiedRole();
$unifiedRolesUnifiedRole1->setRoleDefinitionId('29232cdf-9323-42fd-ade2-1d097af3e4de');
$unifiedRolesArray []= $unifiedRolesUnifiedRole1;
$unifiedRolesUnifiedRole2 = new UnifiedRole();
$unifiedRolesUnifiedRole2->setRoleDefinitionId('3a2c62db-5318-420d-8d74-23affee5d9d5');
$unifiedRolesArray []= $unifiedRolesUnifiedRole2;
$accessDetails->setUnifiedRoles($unifiedRolesArray);
$requestBody->setAccessDetails($accessDetails);
$requestBody->setAutoExtendDuration(new \DateInterval('P180D'));
$result = $graphServiceClient->tenantRelationships()->delegatedAdminRelationships()->post($requestBody)->wait();
Import-Module Microsoft.Graph.Beta.Identity.Partner
$params = @{
displayName = "Contoso admin relationship"
duration = "P730D"
customer = @{
tenantId = "4b827261-d21f-4aa9-b7db-7fa1f56fb163"
displayName = "Contoso subsidiary Inc"
}
accessDetails = @{
unifiedRoles = @(
@{
roleDefinitionId = "29232cdf-9323-42fd-ade2-1d097af3e4de"
}
@{
roleDefinitionId = "3a2c62db-5318-420d-8d74-23affee5d9d5"
}
)
}
autoExtendDuration = "P180D"
}
New-MgBetaTenantRelationshipDelegatedAdminRelationship -BodyParameter $params
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.delegated_admin_relationship import DelegatedAdminRelationship
from msgraph_beta.generated.models.delegated_admin_relationship_customer_participant import DelegatedAdminRelationshipCustomerParticipant
from msgraph_beta.generated.models.delegated_admin_access_details import DelegatedAdminAccessDetails
from msgraph_beta.generated.models.unified_role import UnifiedRole
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = DelegatedAdminRelationship(
display_name = "Contoso admin relationship",
duration = "P730D",
customer = DelegatedAdminRelationshipCustomerParticipant(
tenant_id = "4b827261-d21f-4aa9-b7db-7fa1f56fb163",
display_name = "Contoso subsidiary Inc",
),
access_details = DelegatedAdminAccessDetails(
unified_roles = [
UnifiedRole(
role_definition_id = "29232cdf-9323-42fd-ade2-1d097af3e4de",
),
UnifiedRole(
role_definition_id = "3a2c62db-5318-420d-8d74-23affee5d9d5",
),
],
),
auto_extend_duration = "P180D",
)
result = await graph_client.tenant_relationships.delegated_admin_relationships.post(request_body)
响应
注意: 为了提高可读性,可能缩短了此处显示的响应对象。
HTTP/1.1 201 Created
Content-Type: application/json
Location: https://graph.microsoft.com/beta/tenantRelationships/delegatedAdminRelationships/5d027261-d21f-4aa9-b7db-7fa1f56fb163-8777b240-c6f0-4469-9e98-a3205431b836
{
"@odata.type": "#microsoft.graph.delegatedAdminRelationship",
"@odata.context": "https://graph.microsoft.com/beta/tenantRelationships/$metadata#delegatedAdminRelationships",
"@odata.etag": "W/\"JyIxODAwZTY4My0wMDAwLTAyMDAtMDAwMC02MTU0OWFmMDAwMDAiJw==\"",
"id": "5d027261-d21f-4aa9-b7db-7fa1f56fb163-8777b240-c6f0-4469-9e98-a3205431b836",
"displayName": "Contoso admin relationship",
"duration": "P730D",
"customer": {
"tenantId": "4b827261-d21f-4aa9-b7db-7fa1f56fb163",
"displayName": "Contoso subsidiary Inc"
},
"accessDetails": {
"unifiedRoles": [
{
"roleDefinitionId": "29232cdf-9323-42fd-ade2-1d097af3e4de"
},
{
"roleDefinitionId": "3a2c62db-5318-420d-8d74-23affee5d9d5"
}
]
},
"status": "created",
"autoExtendDuration": "P180D",
"createdDateTime": "2022-02-10T11:24:42.3148266Z",
"lastModifiedDateTime": "2022-02-10T11:24:42.3148266Z",
"activatedDateTime": "",
"endDateTime": "2024-02-10T11:24:42.3148266Z"
}