无法使用Graph API在Azure B2C中删除用户
[英]Cannot delete user in Azure B2C using Graph API
问题描述
We are attempting to delete a user within Azure B2C by using the Graph API, but have had no luck up to this point. 
我们正在尝试使用Graph API删除Azure B2C中的用户,但到目前为止还算不上成功。 Documentation here suggests that it is possible: https://msdn.microsoft.com/Library/Azure/Ad/Graph/api/users-operations#DeleteUser 此处的文档表明有可能: https : //msdn.microsoft.com/Library/Azure/Ad/Graph/api/users-operations#DeleteUser
We currently have no issues when it comes to creating/updating users, but when attempting a delete operation we get the following error: 目前,在创建/更新用户方面,我们没有任何问题,但是在尝试执行删除操作时,出现以下错误:
Authorization_RequestDenied - Insufficient privileges to complete the operation. Authorization_RequestDenied-权限不足,无法完成操作。
I'm aware there are limitations to using the Graph API with B2C, but the documentation out there suggests this should not be one of them. 我知道将Graph API与B2C一起使用存在局限性,但是那里的文档表明这不应该是其中之一。
1 个解决方案
解决方案1
3 已采纳 2018-02-27 05:24:55
If you want to have enough privileges to Delete Users, you need to assign Company Administrators Role to your Service principal. 如果要具有足够的特权来删除用户,则需要将“ Company Administrators角色”分配给您的服务主体。 You can refer to this document to do that. 您可以参考该文档来做到这一点。
- Use AAD Powershell to Connect AAD: 使用AAD Powershell连接AAD:
Connect-AzureAD
- Get the Role of Company Administrator: 获得公司管理员的角色:
$role = Get-AzureADDirectoryRole | Where-Object {$_.displayName -eq 'Company Administrator'}
- Assign the role to your SP: 将角色分配给您的SP:
Add-AzureADDirectoryRoleMember -ObjectId $role.ObjectId -RefObjectId $yoursp.ObjectId
- Try to Get a new token and use it in the head to Delete the user again. 尝试获取新令牌,并在头部使用它再次删除用户。 Here is my result: 这是我的结果:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.