使用Microsoft graph API或Azure AD graph API从用户界面中删除对用户的应用程序访问
[英]Removing application access to user from User interface by using Microsoft graph API or Azure AD graph api
问题描述
I created admin console in the User interface where admin can perform all the operations such create, delete the user, assign applications to user and remove application access to users from the user interface 
我在用户界面中创建了管理控制台,管理员可以在其中执行所有操作,例如创建,删除用户,为用户分配应用程序以及从用户界面中删除对用户的应用程序访问权限
I tired to remove application access to the users from the User Interface by using Microsoft graph API and Azure AD graph api i used following azure AD graph api 我厌倦了使用Azure AD图API之后使用的Microsoft图API和Azure AD图API从用户界面中删除对用户的应用程序访问权限
https://graph.windows.net/tenantid/users/ {userId}/appRoleAssignments/{appId}?api-version=1.6 https://graph.windows.net/tenantid/users/ {userId} / appRoleAssignments / {appId}?api-version = 1.6
but it is showing the error when i tested in the postman "Invalid resource identifier for EntitlementGrant." 但是当我在邮递员“ EntitlementGrant的无效资源标识符”中进行测试时,它显示了错误。
Idont know what to do can anyone help me about these error and how to resolve these problem. 我不知道该怎么办,任何人都可以帮助我解决这些错误以及如何解决这些问题。
1 个解决方案
解决方案1
2 2018-08-02 05:53:11
You may be getting this error because you are trying to delete the application access using AppId of the application. 您可能会收到此错误,因为您正在尝试使用应用程序的AppId删除应用程序访问权限。 Please make sure to use "AssignmentID" from Azure Portal which is unique ID of the specific role assignment and links the user/group and the service principal object. 请确保使用Azure门户中的“ AssignmentID”,它是特定角色分配的唯一ID,并将用户/组与服务主体对象链接在一起。 Go to Azure Active Directory > Users > Select specific User > Applications > Select any application to navigate to "Assignment Details" blade. 转到Azure Active Directory>用户>选择特定的用户>应用程序>选择任何应用程序以导航到“分配详细信息”刀片。
See screenshot below - 请参见下面的屏幕截图-
This unique id is also available as "ObjectID" if querying application role assignments through Graph API - 如果通过Graph API查询应用程序角色分配,则该唯一ID也可以作为“ ObjectID”使用-
https://graph.windows.net/{TenantID}/users/{UserID}/appRoleAssignments
Here is the sample output of the above API call. 这是上述API调用的示例输出。
"odata.metadata": "https://graph.windows.net/sasharms.onmicrosoft.com/$metadata#directoryObjects/Microsoft.DirectoryServices.AppRoleAssignment",
"value": [
{
"odata.type": "Microsoft.DirectoryServices.AppRoleAssignment",
"objectType": "AppRoleAssignment",
"objectId": "r7rDMrnDo0uCuwnosRwwzuziiF5B8s9FnsotYya5DMU",
"deletionTimestamp": null,
"creationTimestamp": "2018-05-10T14:10:49.8197813Z",
"id": "00000000-0000-0000-0000-000000000000",
"principalDisplayName": "SaurabhSharma",
"principalId": "32c3baaf-c3b9-4ba3-82bb-09e8b11c30ce",
"principalType": "User",
"resourceDisplayName": "WebAppOpenIdGraphApi",
"resourceId": "90658e39-2559-48fb-a27a-5e50cca94288"
}
This Id is ideally used for performing various operations against the application using any programmatic interfaces like PowerShell and Graph APIs. 理想情况下,此ID用于使用任何编程接口(例如PowerShell和Graph API)对应用程序执行各种操作。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.