gpt4 book ai didi

python - 在 Azure AD 中创建用户需要哪些应用程序权限?

转载 作者:行者123 更新时间:2023-12-03 06:06:26 30 4
gpt4 key购买 nike

我正在开发一个简单的 Python 应用程序,用于在招聘/解雇时自动从我们的 Azure 实例创建/删除用户。我能够使用 azure.graphrbac 库获取脚本来创建/删除测试用户,但它需要在脚本中提供管理员用户的登录凭据,而我们显然不会花很长时间-学期。我设法使用 azure.common.credentials.ServicePrincipalCredentials 创建和验证应用程序,并使用正确的设置成功连接到我们的租户,但每次尝试创建用户时,我都会收到以下错误。我对应用程序应用了以下权限(Directory.ReadWrite.AllUser.EnableDisableAccount.AllUser.ReadWrite.All) ,我错过了什么?

azure.graphrbac.models.graph_error.GraphErrorException: Insufficient privileges to complete the operation.

permissions for Azure application

最佳答案

Note that, azure.graphrbac library works with Azure AD Graph APIthat is currently deprecated and no longer supported.The error occurred as azure.graphrbac library won't work withMicrosoft Graph permissions.

就我而言,我注册了一个 Azure AD 应用程序,并授予了 应用程序 类型的 MS Graph User.ReadWrite.All 权限,如下所示:

enter image description here

现在,我运行了下面的 python 代码,最初使用客户端凭据流生成 token ,并使用它来创建 Azure AD 用户:

import msal
import requests

client_id = "appId"
client_secret= "secret"
tenant_id = "tenantId"
authority = f"https://login.microsoftonline.com/{tenant_id}"
scopes = ['https://graph.microsoft.com/.default']

app = msal.ConfidentialClientApplication(client_id, client_secret, authority=authority)

result = app.acquire_token_for_client(scopes)
access_token = result['access_token']

headers = {'Authorization': 'Bearer ' + access_token}
url = 'https://graph.microsoft.com/v1.0/users'
user = {
"accountEnabled": True,
"displayName": "Test User",
"mailNickname": "testuser",
"userPrincipalName": "<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="661203151213150314261e1e1e1e1e1e1e1e4809080b0f051409150900124805090b" rel="noreferrer noopener nofollow">[email protected]</a>",
"passwordProfile": {
"forceChangePasswordNextSignIn": True,
"password": "xxxxxxx"
}
}

response = requests.post(url, headers=headers, json=user)
if response.status_code == 201:
print('User created successfully!')
print(response.content)
else:
print('Error creating user:', response.text)

回应:

enter image description here

当我在门户中检查相同内容时,Azure AD 用户创建成功,如下所示:

enter image description here

同样,修改 python 代码以删除 Azure AD 用户,如下所示:

headers = {'Authorization': 'Bearer ' + access_token}
url = 'https://graph.microsoft.com/v1.0/users/<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="89fdecfafdfcfaecfbc9f1f1f1f1f1f1f1a7e6e7e4e0eafbe6fae6effda7eae6e4" rel="noreferrer noopener nofollow">[email protected]</a>'
response = requests.delete(url, headers=headers)

if response.status_code == 204:
print('User deleted successfully!')
else:
print('Error deleting user:', response.text)

回应:

enter image description here

为了确认这一点,我在门户中检查了用户删除成功的情况,如下所示:

enter image description here

引用: Create User - Microsoft Graph

关于python - 在 Azure AD 中创建用户需要哪些应用程序权限?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/77267795/

30 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com