问题
I would like list roleAssignments of a group with GraphAPI.
But I only see an API to list whole roleAssignments.
I tried to filter by resourceScopes/scopeMembers using $filter clause but it's not working.
Should I filter this whole list myself or is there any other way to do it?
回答1:
It seems like you are looking for Azure RBAC role assignments.
These are different from what you've linked to, which are Intune device management role assignments (which are specific to Intune RBAC roles). They are also different from Azure AD app role assignments (which are for assigning an app or a user/group to another app's role), and Azure AD directory role membership (which is for assigning users to directory roles).
You can list all Azure RBAC role assignments using the Azure Management API. You can also filter this request by scope and/or by which user, group or app the role assignment is for.
For example, to list all the scopes a group {group-id} has been assigned to for a subscription {sub-id}:
GET https://management.azure.com/subscriptions/{sub-id}/providers/Microsoft.Authorization/roleAssignments?api-version=2015-07-01&$filter=principalId%20eq%20'{group-id}'
For more details, you can read Manage Role-Based Access Control with the REST API.
来源:https://stackoverflow.com/questions/49976165/microsoft-graph-list-rbacroleassignments-by-resourcescope