[英]How to grant permissions as an admin to a group for an app in Azure Active Directory?
I am looking for a way, as an admin, to grant permissions to an internal app on my Azure Active Directory only for a specific set of user (a group), without having to prompt any consent. 我正在寻找一种方法,以管理员身份仅对特定的一组用户(组)授予对我的Azure Active Directory上的内部应用程序的权限,而无需征得任何同意。
I want this app to have access to Mail.Read scopes on Graph API for a specific group of users only. 我希望此应用有权访问Graph API上的Mail.Read范围,仅适用于特定的用户组。
I manage to give access for the whole organization. 我设法为整个组织提供访问权限。 (Clicking on the "grant permissions" button in the Azure Portal > Azure Active Directory > App Registration > MyApp > Settings > Permissions).
(单击Azure门户> Azure Active Directory>应用程序注册> MyApp>设置>权限中的“授予权限”按钮)。 How to limit these rights to a specific group of users without having to prompt any individual consent ?
如何在无需征得任何个人同意的情况下将这些权利限制为特定的用户组?
How to limit these rights to a specific group of users without having to prompt any individual consent ?
如何在无需征得任何个人同意的情况下将这些权利限制为特定的用户组?
You could get it use RBAC in the portal. 您可以在门户网站中使用RBAC来获取它。
Navigate to your app(not in the App registrations ) in the portal -> Access control (IAM) -> Add, please follow the steps in this article . 在门户->访问控制(IAM)->添加中导航至您的应用(不在App注册中 ),请按照本文中的步骤进行操作。
For more details about RBAC , you could refer to this link : What is role-based access control (RBAC)? 有关RBAC的更多详细信息,您可以参考以下链接: 什么是基于角色的访问控制(RBAC)?
I want this app to have access to Mail.Read scopes on Graph API
我希望该应用有权访问Graph API上的Mail.Read范围
Go to your app in the App registrations , you could refer to the screenshot to choose the Read mail in all mailboxes
option. 在“ 应用程序注册”中转到您的应用程序 ,您可以参考屏幕截图以选择“
Read mail in all mailboxes
选项。 The option means access to Mail.Read
, refer to this post . 该选项意味着可以访问
Mail.Read
,请参阅此文章 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.