无法使用c#和GraphClient创建Azure Accessreview

lndjwyie  于 2023-03-24  发布在  C#
关注(0)|答案(1)|浏览(64)

我需要帮助创建访问审查。这里的示例代码似乎是旧的https://learn.microsoft.com/en-us/graph/api/accessreviewset-post-definitions?view=graph-rest-1.0&tabs=csharp#request
但是在代码中.PostAsync不可用
下面是我的更新代码:但是运行下面的代码,我得到了这个错误:消息:PartnerData|存储库中未找到ID为0000000 - 0000 - 0000 - 0000- 00000000000的合作伙伴记录

Console.WriteLine($"Creating AR for Group {groupid}");
      var ar = new AccessReviewScheduleDefinition();
       ar.DisplayName = "One-time self-review for members of Building security";
       ar.DescriptionForAdmins = "One-time self-review for members of Building security";
       ar.DescriptionForReviewers = "One-time self-review for members of Building security";
       ar.Scope = new AccessReviewScope
        {
          AdditionalData = new Dictionary<string, object>
          {           
            {
              ///transitiveMembers - Self Review
              "query" , $"/groups/{groupid}/owners"
            },
            {
              "queryType" , "MicrosoftGraph"
            },
          },
        };
       ar.InstanceEnumerationScope = new AccessReviewScope
        {
          AdditionalData = new Dictionary<string, object>
          {
            {
              "query" , $"/groups/{groupid}"
            },
            {
              "queryType" , "MicrosoftGraph"
            },
          },
        };
       ar.Settings = new AccessReviewScheduleSettings
        {
          MailNotificationsEnabled = true,
          ReminderNotificationsEnabled = true,
          JustificationRequiredOnApproval = true,
          DefaultDecisionEnabled = true,
          DefaultDecision = "Deny",
          InstanceDurationInDays = 5,
          AutoApplyDecisionsEnabled = true,
          RecommendationsEnabled = true,
          Recurrence = new PatternedRecurrence
          {
              Pattern = new RecurrencePattern
              {
                Type = RecurrencePatternType.Weekly,
                Interval = 1,
              },
              Range = new RecurrenceRange
              {
                Type = RecurrenceRangeType.NoEnd,
                StartDate = new Date(2023,03,15),
              },
          },
        };
      try
      {
      var result = await graphClient.IdentityGovernance.AccessReviews.Definitions.Request().AddAsync(ar);
       Console.WriteLine(result);
      }
      catch(Exception ex)
      {
      Console.WriteLine(ex.Message);
      }
    }

我尝试了文章上的代码,但后来修改为上面的代码

Azure

1条答案

按热度按时间
lymnna71

lymnna711#

我尝试了下面的代码来创建访问审查与客户端凭据身份验证,它被成功创建,参考下面:-

  • 我正在使用.net 6.0和最新版本的Microsoft.graph包。*
    代码:-
using System;
using System;
using System.Collections.Generic;
using System.Threading.Tasks;
using Microsoft.Graph;
using Microsoft.Graph.Auth;
using Microsoft.Identity.Client;
using Microsoft.Extensions.Configuration;
using Microsoft.Graph.Models;
using Microsoft.Kiota.Abstractions;
using System.Collections.Generic;
using Microsoft.Graph.Core;
using Azure.Identity;

// The client credentials flow requires that you request the
// /.default scope, and preconfigure your permissions on the
// app registration in Azure. An administrator must grant consent
// to those permissions beforehand.
var scopes = new[] { "https://graph.microsoft.com/.default" };

// Multi-tenant apps can use "common",
// single-tenant apps must use the tenant ID from the Azure portal
var tenantId = "<tenant-id>";

// Values from app registration
var clientId = "<client-id>";
var clientSecret = "<client-secret>";

// using Azure.Identity;
var options = new TokenCredentialOptions
{
    AuthorityHost = AzureAuthorityHosts.AzurePublicCloud
};

// https://learn.microsoft.com/dotnet/api/azure.identity.clientsecretcredential
var clientSecretCredential = new ClientSecretCredential(
    tenantId, clientId, clientSecret, options);

var graphClient = new GraphServiceClient(clientSecretCredential, scopes);


var requestBody = new AccessReviewScheduleDefinition
{
    DisplayName = "Test create",
    DescriptionForAdmins = "New scheduled access review",
    DescriptionForReviewers = "If you have any questions, contact sid24desai@outlook.com",
    Scope = new AccessReviewScope
    {
        OdataType = "microsoft.graph.accessReviewQueryScope",
        AdditionalData = new Dictionary<string, object>
        {
            {
                "query" , "/groups/<objectid>/transitiveMembers"
            },
            {
                "queryType" , "MicrosoftGraph"
            },
        },
    },
    Reviewers = new List<AccessReviewReviewerScope>
    {
        new AccessReviewReviewerScope
        {
            Query = "/users/<objectid>",
            QueryType = "MicrosoftGraph",
        },
    },
    Settings = new AccessReviewScheduleSettings
    {
        MailNotificationsEnabled = true,
        ReminderNotificationsEnabled = true,
        JustificationRequiredOnApproval = true,
        DefaultDecisionEnabled = false,
        DefaultDecision = "None",
        InstanceDurationInDays = 1,
        RecommendationsEnabled = true,
        Recurrence = new PatternedRecurrence
        {
            Pattern = new RecurrencePattern
            {
                Type = RecurrencePatternType.Weekly,
                Interval = 1,
            },
            Range = new RecurrenceRange
            {
                Type = RecurrenceRangeType.NoEnd,
                StartDate = new Date(DateTime.Parse("2020-09-08T12:02:30.667Z")),
            },
        },
    },
};
var _ = await graphClient.IdentityGovernance.AccessReviews.Definitions.PostAsync(requestBody);

输出:-

当我运行你的代码时,我也收到了相同的错误代码,当我在我的代码中将我的查询组参数从transitiveMember更改为Owners时,我得到了相同的错误,参考如下:-

当您没有遵循MS Graph文档中的默认SDK方法并使用错误的参数进行自我审查时,会发生此错误。您的代码缺少OdataType,并且Reviewers函数应包含此方法:-

Odata类型:-

OdataType = "#microsoft.graph.accessReviewQueryScope"
OdataType = "#microsoft.graph.accessReviewInactiveUsersQueryScope"

审稿人:-

Reviewers = new List<AccessReviewReviewerScope> { new AccessReviewReviewerScope { Query = "./owners", QueryType = "MicrosoftGraph", }, }, FallbackReviewers = new List<AccessReviewReviewerScope> { new AccessReviewReviewerScope { Query = "/users/fc9a2c2b-1ddc-486d-a211-5fe8ca77fa1f", QueryType = "MicrosoftGraph", }, },

我在下面的代码中尝试了上面的参数,它工作了。我将AccessReviewReviewerScope添加到Owner:-

var graphClient = new GraphServiceClient(requestAdapter);

var requestBody = new AccessReviewScheduleDefinition
{
    DisplayName = "Review inactive guests on teams",
    DescriptionForAdmins = "Control guest user access to our teams.",
    DescriptionForReviewers = "Information security is everyone's responsibility. Review our access policy for more.",
    InstanceEnumerationScope = new AccessReviewScope
    {
        OdataType = "#microsoft.graph.accessReviewQueryScope",
        AdditionalData = new Dictionary<string, object>
        {
            {
                "query" , "/groups?$filter=(groupTypes/any(c:c+eq+'Unified') and resourceProvisioningOptions/Any(x:x eq 'Team')')"
            },
            {
                "queryType" , "MicrosoftGraph"
            },
        },
    },
    Scope = new AccessReviewScope
    {
        OdataType = "#microsoft.graph.accessReviewInactiveUsersQueryScope",
        AdditionalData = new Dictionary<string, object>
        {
            {
                "query" , "./members/microsoft.graph.user/?$filter=(userType eq 'Guest')"
            },
            {
                "queryType" , "MicrosoftGraph"
            },
            {
                "inactiveDuration" , "P30D"
            },
        },
    },
    Reviewers = new List<AccessReviewReviewerScope>
    {
        new AccessReviewReviewerScope
        {
            Query = "./owners",
            QueryType = "MicrosoftGraph",
        },
    },
    FallbackReviewers = new List<AccessReviewReviewerScope>
    {
        new AccessReviewReviewerScope
        {
            Query = "/users/fc9a2c2b-1ddc-486d-a211-5fe8ca77fa1f",
            QueryType = "MicrosoftGraph",
        },
    },
    Settings = new AccessReviewScheduleSettings
    {
        MailNotificationsEnabled = true,
        ReminderNotificationsEnabled = true,
        JustificationRequiredOnApproval = true,
        RecommendationsEnabled = true,
        InstanceDurationInDays = 3,
        Recurrence = new PatternedRecurrence
        {
            Pattern = new RecurrencePattern
            {
                Type = RecurrencePatternType.AbsoluteMonthly,
                DayOfMonth = 5,
                Interval = 3,
            },
            Range = new RecurrenceRange
            {
                Type = RecurrenceRangeType.NoEnd,
                StartDate = new Date(DateTime.Parse("2020-05-04T00:00:00.000Z")),
            },
        },
        DefaultDecisionEnabled = true,
        DefaultDecision = "Deny",
        AutoApplyDecisionsEnabled = true,
    },
};
var result = await graphClient.IdentityGovernance.AccessReviews.Definitions.PostAsync(requestBody);

输出:-

请确保检查本文档中的有效和支持的参数:-

参考资料:-

Create definitions - Microsoft Graph v1.0 | Microsoft Learn
Assign reviewers to your access review using the Microsoft Graph API - Microsoft Graph | Microsoft Learn

赞(0)分享  回复(0)举报  2023-03-24
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备2022004421号-2 NULL123 https://www.null123.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com