分享程序员开发的那些事...
更新时间:2023-02-21 10:02:10
Azure门户(预览版)
在新的Azure门户的企业应用程序">(您的应用程序)>用户和组"下,您现在将仅看到分配给该应用程序的用户列表以及他们的应用程序角色被分配给.您还可以按应用角色进行过滤和排序.这是一个示例:
In the new Azure portal, under "Enterprise applications" > (your app) > "Users and groups", you'll now see only the list of users who are assigned to the application, as well as the app role they are assigned to. You can also filter and sort by app role. Here's an example:
注意:截至2016年9月,新Azure门户中的Azure AD管理经验已在预览中.
经典Azure门户
在和应用程序的用户和组"下,您可以列出所有用户(及其分配状态是什么)以及所有组:
Under and application's "Users and groups" you can list all users (and what their assignment state is), as well as all groups:
[]
PowerShell
使用新的预览(截至2016年9月)Azure AD PowerShell模块,您可以使用以下示例:
Using the new preview (as of Sept 2016) Azure AD PowerShell module, you can use the following example:
# Get all service principals, and for each one, get all the app role assignments,
# resolving the app role ID to it's display name. Output everything to a CSV.
Get-AzureADServicePrincipal | % {
# Build a hash table of the service principal's app roles. The 0-Guid is
# used in an app role assignment to indicate that the principal is assigned
# to the default app role (or rather, no app role).
$appRoles = @{ "$([Guid]::Empty.ToString())" = "(default)" }
$_.AppRoles | % { $appRoles[$_.Id] = $_.DisplayName }
# Get the app role assignments for this app, and add a field for the app role name
Get-AzureADServiceAppRoleAssignment -ObjectId ($_.ObjectId) | % {
$_ | Add-Member "AppRoleDisplayName" $appRoles[$_.Id] -Passthru
}
} | Export-Csv "app_role_assignments.csv" -NoTypeInformation
Azure AD Graph API
使用Azure AD Graph API,您可以执行与PowerShell脚本相同的操作(实际上,新的Azure AD PowerShell模块将Azure AD Graph API用于大多数请求).
With Azure AD Graph API, you can do the equivalent of what the PowerShell script does, above (in fact, the new Azure AD PowerShell module uses Azure AD Graph API for the majority of the requests).
列出所有服务主体:
GET https://graph.windows.net/{tenant-id}/servicePrincipals
列出服务负责人的应用角色分配:
List a service principal's app role assignments:
GET https://graph.windows.net/{tenant-id}/servicePrincipals/{object-id}/appRoleAssignments