[英]How can I access the signed in user's groups in Microsoft's Graph API without needing admin priviledges?
I'm trying to use the Microsoft Graph api to check if the signed in user is in a group (I would use claims based authentication, but the number of claims that were returned is limited to 150 items, which is not enough when my user is in a lot of groups). 我正在尝试使用Microsoft Graph api检查登录的用户是否在组中(我将使用基于声明的身份验证,但是返回的声明数限制为150个项目,这在我的用户时还不够在很多组中)。 The problem is, I'm signing into Microsoft's Active Directory, so I am definitely not an administrator and cannot approve services like letting my user look at the entire Microsoft directory.
问题是,我正在登录Microsoft的Active Directory,因此我绝对不是管理员,也无法批准服务,例如让用户查看整个Microsoft目录。
However, this link and this link combined seem to suggest that I'll need some permissions that can ONLY be granted by the administrator to achieve functionality (to see groups I can already see elsewhere). 但是, 此链接和此链接的组合似乎表明,我需要一些只能由管理员授予的权限才能实现功能(以查看我已经在其他地方看到的组)。 So, it seems like it's impossible for me, as a lowly code monkey, to access the url:
因此,作为低级代码猴子,我似乎无法访问url:
https://graph.microsoft.com/beta/me/memberOf
with the permissions I can grant. 我可以授予的权限。 Am I understanding this correctly and is there another way to do what I'm trying to do?
我是否正确理解了这一点,还有另一种方法可以做我想做的事情?
You are right, you do need to log in as admin to grant those permissions when using the Microsoft Graph API. 没错,使用Microsoft Graph API时,您确实需要以管理员身份登录才能授予这些权限。
I've just tried on the older Azure AD Graph API. 我刚刚尝试使用较旧的Azure AD Graph API。 There it works, but I don't know whether my org has granted the older Graph Explorer app any special privileges.
在那里工作,但是我不知道我的组织是否已授予旧版Graph Explorer应用程序任何特殊特权。
Try out https://graphexplorer.azurewebsites.net/ and GET https://graph.windows.net/tenant/me/memberOf 试用https://graphexplorer.azurewebsites.net/和GET https://graph.windows.net/tenant/me/memberOf
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.