Microsoft.Authorization accessReviewScheduleDefinitions
Bicep resource definition
The accessReviewScheduleDefinitions resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Authorization/accessReviewScheduleDefinitions resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Authorization/accessReviewScheduleDefinitions@2021-12-01-preview' = {
scope: resourceSymbolicName or scope
backupReviewers: [
{
principalId: 'string'
}
]
descriptionForAdmins: 'string'
descriptionForReviewers: 'string'
displayName: 'string'
instances: [
{
properties: {
backupReviewers: [
{
principalId: 'string'
}
]
endDateTime: 'string'
reviewers: [
{
principalId: 'string'
}
]
startDateTime: 'string'
}
}
]
name: 'string'
reviewers: [
{
principalId: 'string'
}
]
settings: {
autoApplyDecisionsEnabled: bool
defaultDecision: 'string'
defaultDecisionEnabled: bool
instanceDurationInDays: int
justificationRequiredOnApproval: bool
mailNotificationsEnabled: bool
recommendationLookBackDuration: 'string'
recommendationsEnabled: bool
recurrence: {
pattern: {
interval: int
type: 'string'
}
range: {
endDate: 'string'
numberOfOccurrences: int
startDate: 'string'
type: 'string'
}
}
reminderNotificationsEnabled: bool
}
}
Property values
AccessReviewInstance
| Name | Description | Value |
|---|---|---|
| properties | Access Review properties. | AccessReviewInstanceProperties |
AccessReviewInstanceProperties
| Name | Description | Value |
|---|---|---|
| backupReviewers | This is the collection of backup reviewers. | AccessReviewReviewer[] |
| endDateTime | The DateTime when the review instance is scheduled to end. | string |
| reviewers | This is the collection of reviewers. | AccessReviewReviewer[] |
| startDateTime | The DateTime when the review instance is scheduled to be start. | string |
AccessReviewRecurrencePattern
| Name | Description | Value |
|---|---|---|
| interval | The interval for recurrence. For a quarterly review, the interval is 3 for type : absoluteMonthly. | int |
| type | The recurrence type : weekly, monthly, etc. | 'absoluteMonthly' 'weekly' |
AccessReviewRecurrenceRange
| Name | Description | Value |
|---|---|---|
| endDate | The DateTime when the review is scheduled to end. Required if type is endDate | string |
| numberOfOccurrences | The number of times to repeat the access review. Required and must be positive if type is numbered. | int |
| startDate | The DateTime when the review is scheduled to be start. This could be a date in the future. Required on create. | string |
| type | The recurrence range type. The possible values are: endDate, noEnd, numbered. | 'endDate' 'noEnd' 'numbered' |
AccessReviewRecurrenceSettings
| Name | Description | Value |
|---|---|---|
| pattern | Access Review schedule definition recurrence pattern. | AccessReviewRecurrencePattern |
| range | Access Review schedule definition recurrence range. | AccessReviewRecurrenceRange |
AccessReviewReviewer
| Name | Description | Value |
|---|---|---|
| principalId | The id of the reviewer(user/servicePrincipal) | string |
AccessReviewScheduleSettings
| Name | Description | Value |
|---|---|---|
| autoApplyDecisionsEnabled | Flag to indicate whether auto-apply capability, to automatically change the target object access resource, is enabled. If not enabled, a user must, after the review completes, apply the access review. | bool |
| defaultDecision | This specifies the behavior for the autoReview feature when an access review completes. | 'Approve' 'Deny' 'Recommendation' |
| defaultDecisionEnabled | Flag to indicate whether reviewers are required to provide a justification when reviewing access. | bool |
| instanceDurationInDays | The duration in days for an instance. | int |
| justificationRequiredOnApproval | Flag to indicate whether the reviewer is required to pass justification when recording a decision. | bool |
| mailNotificationsEnabled | Flag to indicate whether sending mails to reviewers and the review creator is enabled. | bool |
| recommendationLookBackDuration | Recommendations for access reviews are calculated by looking back at 30 days of data(w.r.t the start date of the review) by default. However, in some scenarios, customers want to change how far back to look at and want to configure 60 days, 90 days, etc. instead. This setting allows customers to configure this duration. The value should be in ISO 8601 format (http://en.wikipedia.org/wiki/ISO_8601#Durations).This code can be used to convert TimeSpan to a valid interval string: XmlConvert.ToString(new TimeSpan(hours, minutes, seconds)) | string |
| recommendationsEnabled | Flag to indicate whether showing recommendations to reviewers is enabled. | bool |
| recurrence | Access Review Settings. | AccessReviewRecurrenceSettings |
| reminderNotificationsEnabled | Flag to indicate whether sending reminder emails to reviewers are enabled. | bool |
Microsoft.Authorization/accessReviewScheduleDefinitions
| Name | Description | Value |
|---|---|---|
| backupReviewers | This is the collection of backup reviewers. | AccessReviewReviewer[] |
| descriptionForAdmins | The description provided by the access review creator and visible to admins. | string |
| descriptionForReviewers | The description provided by the access review creator to be shown to reviewers. | string |
| displayName | The display name for the schedule definition. | string |
| instances | This is the collection of instances returned when one does an expand on it. | AccessReviewInstance[] |
| name | The resource name | string (required) |
| reviewers | This is the collection of reviewers. | AccessReviewReviewer[] |
| scope | Use when creating a resource at a scope that is different than the deployment scope. | Set this property to the symbolic name of a resource to apply the extension resource. |
| settings | Access Review Settings. | AccessReviewScheduleSettings |
ARM template resource definition
The accessReviewScheduleDefinitions resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Authorization/accessReviewScheduleDefinitions resource, add the following JSON to your template.
{
"type": "Microsoft.Authorization/accessReviewScheduleDefinitions",
"apiVersion": "2021-12-01-preview",
"name": "string",
"backupReviewers": [
{
"principalId": "string"
}
],
"descriptionForAdmins": "string",
"descriptionForReviewers": "string",
"displayName": "string",
"instances": [
{
"properties": {
"backupReviewers": [
{
"principalId": "string"
}
],
"endDateTime": "string",
"reviewers": [
{
"principalId": "string"
}
],
"startDateTime": "string"
}
}
],
"reviewers": [
{
"principalId": "string"
}
],
"settings": {
"autoApplyDecisionsEnabled": "bool",
"defaultDecision": "string",
"defaultDecisionEnabled": "bool",
"instanceDurationInDays": "int",
"justificationRequiredOnApproval": "bool",
"mailNotificationsEnabled": "bool",
"recommendationLookBackDuration": "string",
"recommendationsEnabled": "bool",
"recurrence": {
"pattern": {
"interval": "int",
"type": "string"
},
"range": {
"endDate": "string",
"numberOfOccurrences": "int",
"startDate": "string",
"type": "string"
}
},
"reminderNotificationsEnabled": "bool"
}
}
Property values
AccessReviewInstance
| Name | Description | Value |
|---|---|---|
| properties | Access Review properties. | AccessReviewInstanceProperties |
AccessReviewInstanceProperties
| Name | Description | Value |
|---|---|---|
| backupReviewers | This is the collection of backup reviewers. | AccessReviewReviewer[] |
| endDateTime | The DateTime when the review instance is scheduled to end. | string |
| reviewers | This is the collection of reviewers. | AccessReviewReviewer[] |
| startDateTime | The DateTime when the review instance is scheduled to be start. | string |
AccessReviewRecurrencePattern
| Name | Description | Value |
|---|---|---|
| interval | The interval for recurrence. For a quarterly review, the interval is 3 for type : absoluteMonthly. | int |
| type | The recurrence type : weekly, monthly, etc. | 'absoluteMonthly' 'weekly' |
AccessReviewRecurrenceRange
| Name | Description | Value |
|---|---|---|
| endDate | The DateTime when the review is scheduled to end. Required if type is endDate | string |
| numberOfOccurrences | The number of times to repeat the access review. Required and must be positive if type is numbered. | int |
| startDate | The DateTime when the review is scheduled to be start. This could be a date in the future. Required on create. | string |
| type | The recurrence range type. The possible values are: endDate, noEnd, numbered. | 'endDate' 'noEnd' 'numbered' |
AccessReviewRecurrenceSettings
| Name | Description | Value |
|---|---|---|
| pattern | Access Review schedule definition recurrence pattern. | AccessReviewRecurrencePattern |
| range | Access Review schedule definition recurrence range. | AccessReviewRecurrenceRange |
AccessReviewReviewer
| Name | Description | Value |
|---|---|---|
| principalId | The id of the reviewer(user/servicePrincipal) | string |
AccessReviewScheduleSettings
| Name | Description | Value |
|---|---|---|
| autoApplyDecisionsEnabled | Flag to indicate whether auto-apply capability, to automatically change the target object access resource, is enabled. If not enabled, a user must, after the review completes, apply the access review. | bool |
| defaultDecision | This specifies the behavior for the autoReview feature when an access review completes. | 'Approve' 'Deny' 'Recommendation' |
| defaultDecisionEnabled | Flag to indicate whether reviewers are required to provide a justification when reviewing access. | bool |
| instanceDurationInDays | The duration in days for an instance. | int |
| justificationRequiredOnApproval | Flag to indicate whether the reviewer is required to pass justification when recording a decision. | bool |
| mailNotificationsEnabled | Flag to indicate whether sending mails to reviewers and the review creator is enabled. | bool |
| recommendationLookBackDuration | Recommendations for access reviews are calculated by looking back at 30 days of data(w.r.t the start date of the review) by default. However, in some scenarios, customers want to change how far back to look at and want to configure 60 days, 90 days, etc. instead. This setting allows customers to configure this duration. The value should be in ISO 8601 format (http://en.wikipedia.org/wiki/ISO_8601#Durations).This code can be used to convert TimeSpan to a valid interval string: XmlConvert.ToString(new TimeSpan(hours, minutes, seconds)) | string |
| recommendationsEnabled | Flag to indicate whether showing recommendations to reviewers is enabled. | bool |
| recurrence | Access Review Settings. | AccessReviewRecurrenceSettings |
| reminderNotificationsEnabled | Flag to indicate whether sending reminder emails to reviewers are enabled. | bool |
Microsoft.Authorization/accessReviewScheduleDefinitions
| Name | Description | Value |
|---|---|---|
| apiVersion | The api version | '2021-12-01-preview' |
| backupReviewers | This is the collection of backup reviewers. | AccessReviewReviewer[] |
| descriptionForAdmins | The description provided by the access review creator and visible to admins. | string |
| descriptionForReviewers | The description provided by the access review creator to be shown to reviewers. | string |
| displayName | The display name for the schedule definition. | string |
| instances | This is the collection of instances returned when one does an expand on it. | AccessReviewInstance[] |
| name | The resource name | string (required) |
| reviewers | This is the collection of reviewers. | AccessReviewReviewer[] |
| settings | Access Review Settings. | AccessReviewScheduleSettings |
| type | The resource type | 'Microsoft.Authorization/accessReviewScheduleDefinitions' |
Terraform (AzAPI provider) resource definition
The accessReviewScheduleDefinitions resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Authorization/accessReviewScheduleDefinitions resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Authorization/accessReviewScheduleDefinitions@2021-12-01-preview"
name = "string"
parent_id = "string"
backupReviewers = [
{
principalId = "string"
}
]
descriptionForAdmins = "string"
descriptionForReviewers = "string"
displayName = "string"
instances = [
{
properties = {
backupReviewers = [
{
principalId = "string"
}
]
endDateTime = "string"
reviewers = [
{
principalId = "string"
}
]
startDateTime = "string"
}
}
]
reviewers = [
{
principalId = "string"
}
]
settings = {
autoApplyDecisionsEnabled = bool
defaultDecision = "string"
defaultDecisionEnabled = bool
instanceDurationInDays = int
justificationRequiredOnApproval = bool
mailNotificationsEnabled = bool
recommendationLookBackDuration = "string"
recommendationsEnabled = bool
recurrence = {
pattern = {
interval = int
type = "string"
}
range = {
endDate = "string"
numberOfOccurrences = int
startDate = "string"
type = "string"
}
}
reminderNotificationsEnabled = bool
}
}
Property values
AccessReviewInstance
| Name | Description | Value |
|---|---|---|
| properties | Access Review properties. | AccessReviewInstanceProperties |
AccessReviewInstanceProperties
| Name | Description | Value |
|---|---|---|
| backupReviewers | This is the collection of backup reviewers. | AccessReviewReviewer[] |
| endDateTime | The DateTime when the review instance is scheduled to end. | string |
| reviewers | This is the collection of reviewers. | AccessReviewReviewer[] |
| startDateTime | The DateTime when the review instance is scheduled to be start. | string |
AccessReviewRecurrencePattern
| Name | Description | Value |
|---|---|---|
| interval | The interval for recurrence. For a quarterly review, the interval is 3 for type : absoluteMonthly. | int |
| type | The recurrence type : weekly, monthly, etc. | 'absoluteMonthly' 'weekly' |
AccessReviewRecurrenceRange
| Name | Description | Value |
|---|---|---|
| endDate | The DateTime when the review is scheduled to end. Required if type is endDate | string |
| numberOfOccurrences | The number of times to repeat the access review. Required and must be positive if type is numbered. | int |
| startDate | The DateTime when the review is scheduled to be start. This could be a date in the future. Required on create. | string |
| type | The recurrence range type. The possible values are: endDate, noEnd, numbered. | 'endDate' 'noEnd' 'numbered' |
AccessReviewRecurrenceSettings
| Name | Description | Value |
|---|---|---|
| pattern | Access Review schedule definition recurrence pattern. | AccessReviewRecurrencePattern |
| range | Access Review schedule definition recurrence range. | AccessReviewRecurrenceRange |
AccessReviewReviewer
| Name | Description | Value |
|---|---|---|
| principalId | The id of the reviewer(user/servicePrincipal) | string |
AccessReviewScheduleSettings
| Name | Description | Value |
|---|---|---|
| autoApplyDecisionsEnabled | Flag to indicate whether auto-apply capability, to automatically change the target object access resource, is enabled. If not enabled, a user must, after the review completes, apply the access review. | bool |
| defaultDecision | This specifies the behavior for the autoReview feature when an access review completes. | 'Approve' 'Deny' 'Recommendation' |
| defaultDecisionEnabled | Flag to indicate whether reviewers are required to provide a justification when reviewing access. | bool |
| instanceDurationInDays | The duration in days for an instance. | int |
| justificationRequiredOnApproval | Flag to indicate whether the reviewer is required to pass justification when recording a decision. | bool |
| mailNotificationsEnabled | Flag to indicate whether sending mails to reviewers and the review creator is enabled. | bool |
| recommendationLookBackDuration | Recommendations for access reviews are calculated by looking back at 30 days of data(w.r.t the start date of the review) by default. However, in some scenarios, customers want to change how far back to look at and want to configure 60 days, 90 days, etc. instead. This setting allows customers to configure this duration. The value should be in ISO 8601 format (http://en.wikipedia.org/wiki/ISO_8601#Durations).This code can be used to convert TimeSpan to a valid interval string: XmlConvert.ToString(new TimeSpan(hours, minutes, seconds)) | string |
| recommendationsEnabled | Flag to indicate whether showing recommendations to reviewers is enabled. | bool |
| recurrence | Access Review Settings. | AccessReviewRecurrenceSettings |
| reminderNotificationsEnabled | Flag to indicate whether sending reminder emails to reviewers are enabled. | bool |
Microsoft.Authorization/accessReviewScheduleDefinitions
| Name | Description | Value |
|---|---|---|
| backupReviewers | This is the collection of backup reviewers. | AccessReviewReviewer[] |
| descriptionForAdmins | The description provided by the access review creator and visible to admins. | string |
| descriptionForReviewers | The description provided by the access review creator to be shown to reviewers. | string |
| displayName | The display name for the schedule definition. | string |
| instances | This is the collection of instances returned when one does an expand on it. | AccessReviewInstance[] |
| name | The resource name | string (required) |
| parent_id | The ID of the resource to apply this extension resource to. | string (required) |
| reviewers | This is the collection of reviewers. | AccessReviewReviewer[] |
| settings | Access Review Settings. | AccessReviewScheduleSettings |
| type | The resource type | "Microsoft.Authorization/accessReviewScheduleDefinitions@2021-12-01-preview" |