我正在开发一个应用程序来通过 Microsoft Graph 管理房间预订.最后,应用需要读取和取消预定到某个房间资源帐户的会议.
I am developing an app to manage room bookings via Microsoft Graph. In the end, the app needs to read and cancel meetings that are booked into a certain room resource account.
不幸的是,只有 Calendars.ReadWrite
权限授予应用读取和写入租户中每个用户日历的权限,包括私人约会.
Unfortunately, there is only the permission Calendars.ReadWrite
which gives the app permissions to read and write every users calendar in the tenant, including private appointments.
我没有发现任何限制权限或更细化的可能性.
I have not found any possibility to restrict the permissions or specify them more granular.
有谁知道如何处理这个问题?(或者我是否必须再次退回到服务帐户和旧的 Exchange Web 服务,在那里我可以为该服务帐户授予细化权限?)
Does anyone know how to deal with this? (Or do I have to fall back again to service accounts and the old exchange web services, where I can give granular permissions to that service account?)
提前非常感谢!
应用程序权限意味着该范围的全部权限级别,参考 这里.如果您要确定此特定邮箱/日历的范围,则可以将委派权限与对这些资源具有委派权限的功能帐户一起使用.我们以前必须这样做.这很糟糕,但这就是 App Permissions 与 Delegate 的本质.
Application permissions imply the full the level of privileges of that scope, referenced here. If you are scoping this specific mailboxes/calendars, you use delegated permissions with a functional account that has delegated permissions on those resources. We've had to do that before. It sucks, but that is the nature of App Permissions versus Delegate.
如果您正在尝试编写脚本,您可以尝试使用client_secret_post".提到的令牌获取的身份验证方法 这里 和 OpenID Connect规范 和 OAuth 2.0 规范.
If you have are trying to script this, you could try the "client_secret_post" authentication method for the token acquisition mentioned here and in more detail with the OpenID Connect Spec and the OAuth 2.0 Spec.