查看分配给 Azure Active Directory 中的组的角色View roles assigned to a group in Azure Active Directory

本部分介绍如何使用 Azure AD 管理中心查看分配给组的角色。This section describes how the roles assigned to a group can be viewed using Azure AD admin center. 查看组和分配的角色是默认的用户权限。Viewing groups and assigned roles are default user permissions.

  1. 使用任何非管理员或管理员凭据登录到 Azure AD 管理中心Sign in to the Azure AD admin center with any non-admin or admin credentials.

  2. 选择所需的组。Select the group that you are interested in.

  3. 选择“分配的角色”。Select Assigned roles. 你现在可以查看分配给此组的所有 Azure AD 角色。You can now see all the Azure AD roles assigned to this group.

    查看分配给所选组的所有角色

使用 PowerShellUsing PowerShell

获取组的对象 IDGet object ID of the group

Get-AzureADMSGroup -SearchString "Contoso_Helpdesk_Administrators"

查看组的角色分配View role assignment to a group

Get-AzureADMSRoleAssignment -Filter "principalId eq '<object id of group>" 

使用 Microsoft Graph APIUsing Microsoft Graph API

获取组的对象 IDGet object ID of the group

GET https://microsoftgraph.chinacloudapi.cn/beta/groups?$filter=displayName+eq+'Contoso_Helpdesk_Administrator'

获取组的角色分配Get role assignments to a group

GET https://microsoftgraph.chinacloudapi.cn/beta/roleManagement/directory/roleAssignments?$filter=principalId eq

后续步骤Next steps