Las API de administración de permisos le permiten detectar permisos asignados a todas las identidades en varias nubes; solicitar permisos; aprobar, rechazar y cancelar solicitudes de permisos. En este artículo se proporciona una guía de referencia rápida para las operaciones de API en sistemas de autorización de AWS, que se admiten a través de las API de administración de permisos.
Enumere todos los sistemas de autorización incorporados a La administración de permisos.
Filtre los sistemas de autorización por nombre.
Enumere los sistemas de autorización de AWS incorporados a Permissions Management mediante el filtrado por la propiedad authorizationSystemType .
Enumere los sistemas de autorización de AWS incorporados a Permissions Management.
Identifique todos los sistemas de autorización de AWS que están en línea y tienen habilitada la funcionalidad de modificación de permisos.
Por identificador de clave principal.
Por externalId de clave alternativa.
Por identificador de rol de clave principal.
Por externalId de clave alternativa.
Por identificador de usuario de clave principal.
Por externalId de clave alternativa.
Enumera todas las acciones.
Enumera las acciones de un servicio específico en un sistema de autorización de AWS.
Enumeración de acciones de eliminación de alto riesgo para un servicio específico en el sistema de autorización de AWS
Por identificador de acción de clave principal.
Por externalId de clave alternativa.
Enumera todas las directivas.
Enumera todas las directivas que coinciden con un nombre de directiva específico.
Enumere todas las directivas donde el nombre de la directiva contiene una cadena específica.
Enumera todas las directivas personalizadas.
Por identificador de directiva de clave principal.
Por externalId de clave alternativa.
Por identificador de recurso de clave principal.
Por externalId de clave alternativa.
POST https://graph.microsoft.com/beta/identityGovernance/permissionsManagement/scheduledPermissionsRequests
Content-Type: application/json
{
"requestedPermissions": {
"@odata.type": "#microsoft.graph.awsPermissionsDefinition",
"authorizationSystemInfo": {
"authorizationSystemId": "956987887735",
"authorizationSystemType": "AWS"
},
"actionInfo": {
"@odata.type": "microsoft.graph.awsPolicyPermissionsDefinitionAction",
"policies": [
{
"id": "arn:aws:iam::956987887735:policy/AddUserToGroup"
}
],
"assignToRoleId": "arn:aws:aim::956987887735:role/saml-user"
},
"identityInfo": {
"externalId": "alex@contoso.com",
"source": {
"@odata.type": "microsoft.graph.samlIdentitySource"
},
"identityType": "user"
}
},
"justification": "I need to do this because I want to add a user to a group",
"notes": "Pretty Please",
"scheduleInfo": {
"expiration": {
"duration": "PT1H"
}
},
"ticketInfo": {
"ticketNumber": "INC1234567",
"ticketSystem": "ServiceNow",
"ticketSubmitterIdentityId": "alex@contoso.com",
"ticketApproverIdentityId": "alexmanager@contoso.com"
}
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models;
var requestBody = new ScheduledPermissionsRequest
{
RequestedPermissions = new AwsPermissionsDefinition
{
OdataType = "#microsoft.graph.awsPermissionsDefinition",
AuthorizationSystemInfo = new PermissionsDefinitionAuthorizationSystem
{
AuthorizationSystemId = "956987887735",
AuthorizationSystemType = "AWS",
},
ActionInfo = new AwsPolicyPermissionsDefinitionAction
{
OdataType = "microsoft.graph.awsPolicyPermissionsDefinitionAction",
Policies = new List<PermissionsDefinitionAwsPolicy>
{
new PermissionsDefinitionAwsPolicy
{
Id = "arn:aws:iam::956987887735:policy/AddUserToGroup",
},
},
AssignToRoleId = "arn:aws:aim::956987887735:role/saml-user",
},
IdentityInfo = new PermissionsDefinitionAuthorizationSystemIdentity
{
ExternalId = "alex@contoso.com",
Source = new SamlIdentitySource
{
OdataType = "microsoft.graph.samlIdentitySource",
},
IdentityType = PermissionsDefinitionIdentityType.User,
},
},
Justification = "I need to do this because I want to add a user to a group",
Notes = "Pretty Please",
ScheduleInfo = new RequestSchedule
{
Expiration = new ExpirationPattern
{
Duration = TimeSpan.Parse("PT1H"),
},
},
TicketInfo = new TicketInfo
{
TicketNumber = "INC1234567",
TicketSystem = "ServiceNow",
TicketSubmitterIdentityId = "alex@contoso.com",
TicketApproverIdentityId = "alexmanager@contoso.com",
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.PermissionsManagement.ScheduledPermissionsRequests.PostAsync(requestBody);
Lea la documentación del SDK para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider .
mgc-beta identity-governance permissions-management scheduled-permissions-requests post --body '{\
"requestedPermissions": {\
"@odata.type": "#microsoft.graph.awsPermissionsDefinition",\
"authorizationSystemInfo": {\
"authorizationSystemId": "956987887735",\
"authorizationSystemType": "AWS"\
},\
"actionInfo": {\
"@odata.type": "microsoft.graph.awsPolicyPermissionsDefinitionAction",\
"policies": [\
{\
"id": "arn:aws:iam::956987887735:policy/AddUserToGroup"\
}\
],\
"assignToRoleId": "arn:aws:aim::956987887735:role/saml-user"\
},\
"identityInfo": {\
"externalId": "alex@contoso.com",\
"source": {\
"@odata.type": "microsoft.graph.samlIdentitySource"\
},\
"identityType": "user"\
}\
},\
"justification": "I need to do this because I want to add a user to a group",\
"notes": "Pretty Please",\
"scheduleInfo": {\
"expiration": {\
"duration": "PT1H"\
}\
},\
"ticketInfo": {\
"ticketNumber": "INC1234567",\
"ticketSystem": "ServiceNow",\
"ticketSubmitterIdentityId": "alex@contoso.com",\
"ticketApproverIdentityId": "alexmanager@contoso.com"\
}\
}\
'
Lea la documentación del SDK para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider .
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewScheduledPermissionsRequest()
requestedPermissions := graphmodels.NewAwsPermissionsDefinition()
authorizationSystemInfo := graphmodels.NewPermissionsDefinitionAuthorizationSystem()
authorizationSystemId := "956987887735"
authorizationSystemInfo.SetAuthorizationSystemId(&authorizationSystemId)
authorizationSystemType := "AWS"
authorizationSystemInfo.SetAuthorizationSystemType(&authorizationSystemType)
requestedPermissions.SetAuthorizationSystemInfo(authorizationSystemInfo)
actionInfo := graphmodels.NewAwsPolicyPermissionsDefinitionAction()
permissionsDefinitionAwsPolicy := graphmodels.NewPermissionsDefinitionAwsPolicy()
id := "arn:aws:iam::956987887735:policy/AddUserToGroup"
permissionsDefinitionAwsPolicy.SetId(&id)
policies := []graphmodels.PermissionsDefinitionAwsPolicyable {
permissionsDefinitionAwsPolicy,
}
actionInfo.SetPolicies(policies)
assignToRoleId := "arn:aws:aim::956987887735:role/saml-user"
actionInfo.SetAssignToRoleId(&assignToRoleId)
requestedPermissions.SetActionInfo(actionInfo)
identityInfo := graphmodels.NewPermissionsDefinitionAuthorizationSystemIdentity()
externalId := "alex@contoso.com"
identityInfo.SetExternalId(&externalId)
source := graphmodels.NewSamlIdentitySource()
identityInfo.SetSource(source)
identityType := graphmodels.USER_PERMISSIONSDEFINITIONIDENTITYTYPE
identityInfo.SetIdentityType(&identityType)
requestedPermissions.SetIdentityInfo(identityInfo)
requestBody.SetRequestedPermissions(requestedPermissions)
justification := "I need to do this because I want to add a user to a group"
requestBody.SetJustification(&justification)
notes := "Pretty Please"
requestBody.SetNotes(¬es)
scheduleInfo := graphmodels.NewRequestSchedule()
expiration := graphmodels.NewExpirationPattern()
duration , err := abstractions.ParseISODuration("PT1H")
expiration.SetDuration(&duration)
scheduleInfo.SetExpiration(expiration)
requestBody.SetScheduleInfo(scheduleInfo)
ticketInfo := graphmodels.NewTicketInfo()
ticketNumber := "INC1234567"
ticketInfo.SetTicketNumber(&ticketNumber)
ticketSystem := "ServiceNow"
ticketInfo.SetTicketSystem(&ticketSystem)
ticketSubmitterIdentityId := "alex@contoso.com"
ticketInfo.SetTicketSubmitterIdentityId(&ticketSubmitterIdentityId)
ticketApproverIdentityId := "alexmanager@contoso.com"
ticketInfo.SetTicketApproverIdentityId(&ticketApproverIdentityId)
requestBody.SetTicketInfo(ticketInfo)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
scheduledPermissionsRequests, err := graphClient.IdentityGovernance().PermissionsManagement().ScheduledPermissionsRequests().Post(context.Background(), requestBody, nil)
Lea la documentación del SDK para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider .
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
ScheduledPermissionsRequest scheduledPermissionsRequest = new ScheduledPermissionsRequest();
AwsPermissionsDefinition requestedPermissions = new AwsPermissionsDefinition();
requestedPermissions.setOdataType("#microsoft.graph.awsPermissionsDefinition");
PermissionsDefinitionAuthorizationSystem authorizationSystemInfo = new PermissionsDefinitionAuthorizationSystem();
authorizationSystemInfo.setAuthorizationSystemId("956987887735");
authorizationSystemInfo.setAuthorizationSystemType("AWS");
requestedPermissions.setAuthorizationSystemInfo(authorizationSystemInfo);
AwsPolicyPermissionsDefinitionAction actionInfo = new AwsPolicyPermissionsDefinitionAction();
actionInfo.setOdataType("microsoft.graph.awsPolicyPermissionsDefinitionAction");
LinkedList<PermissionsDefinitionAwsPolicy> policies = new LinkedList<PermissionsDefinitionAwsPolicy>();
PermissionsDefinitionAwsPolicy permissionsDefinitionAwsPolicy = new PermissionsDefinitionAwsPolicy();
permissionsDefinitionAwsPolicy.setId("arn:aws:iam::956987887735:policy/AddUserToGroup");
policies.add(permissionsDefinitionAwsPolicy);
actionInfo.setPolicies(policies);
actionInfo.setAssignToRoleId("arn:aws:aim::956987887735:role/saml-user");
requestedPermissions.setActionInfo(actionInfo);
PermissionsDefinitionAuthorizationSystemIdentity identityInfo = new PermissionsDefinitionAuthorizationSystemIdentity();
identityInfo.setExternalId("alex@contoso.com");
SamlIdentitySource source = new SamlIdentitySource();
source.setOdataType("microsoft.graph.samlIdentitySource");
identityInfo.setSource(source);
identityInfo.setIdentityType(PermissionsDefinitionIdentityType.User);
requestedPermissions.setIdentityInfo(identityInfo);
scheduledPermissionsRequest.setRequestedPermissions(requestedPermissions);
scheduledPermissionsRequest.setJustification("I need to do this because I want to add a user to a group");
scheduledPermissionsRequest.setNotes("Pretty Please");
RequestSchedule scheduleInfo = new RequestSchedule();
ExpirationPattern expiration = new ExpirationPattern();
PeriodAndDuration duration = PeriodAndDuration.ofDuration(Duration.parse("PT1H"));
expiration.setDuration(duration);
scheduleInfo.setExpiration(expiration);
scheduledPermissionsRequest.setScheduleInfo(scheduleInfo);
TicketInfo ticketInfo = new TicketInfo();
ticketInfo.setTicketNumber("INC1234567");
ticketInfo.setTicketSystem("ServiceNow");
ticketInfo.setTicketSubmitterIdentityId("alex@contoso.com");
ticketInfo.setTicketApproverIdentityId("alexmanager@contoso.com");
scheduledPermissionsRequest.setTicketInfo(ticketInfo);
ScheduledPermissionsRequest result = graphClient.identityGovernance().permissionsManagement().scheduledPermissionsRequests().post(scheduledPermissionsRequest);
Lea la documentación del SDK para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider .
const options = {
authProvider,
};
const client = Client.init(options);
const scheduledPermissionsRequest = {
requestedPermissions: {
'@odata.type': '#microsoft.graph.awsPermissionsDefinition',
authorizationSystemInfo: {
authorizationSystemId: '956987887735',
authorizationSystemType: 'AWS'
},
actionInfo: {
'@odata.type': 'microsoft.graph.awsPolicyPermissionsDefinitionAction',
policies: [
{
id: 'arn:aws:iam::956987887735:policy/AddUserToGroup'
}
],
assignToRoleId: 'arn:aws:aim::956987887735:role/saml-user'
},
identityInfo: {
externalId: 'alex@contoso.com',
source: {
'@odata.type': 'microsoft.graph.samlIdentitySource'
},
identityType: 'user'
}
},
justification: 'I need to do this because I want to add a user to a group',
notes: 'Pretty Please',
scheduleInfo: {
expiration: {
duration: 'PT1H'
}
},
ticketInfo: {
ticketNumber: 'INC1234567',
ticketSystem: 'ServiceNow',
ticketSubmitterIdentityId: 'alex@contoso.com',
ticketApproverIdentityId: 'alexmanager@contoso.com'
}
};
await client.api('/identityGovernance/permissionsManagement/scheduledPermissionsRequests')
.version('beta')
.post(scheduledPermissionsRequest);
Lea la documentación del SDK para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider .
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\ScheduledPermissionsRequest;
use Microsoft\Graph\Beta\Generated\Models\AwsPermissionsDefinition;
use Microsoft\Graph\Beta\Generated\Models\PermissionsDefinitionAuthorizationSystem;
use Microsoft\Graph\Beta\Generated\Models\AwsPolicyPermissionsDefinitionAction;
use Microsoft\Graph\Beta\Generated\Models\PermissionsDefinitionAwsPolicy;
use Microsoft\Graph\Beta\Generated\Models\PermissionsDefinitionAuthorizationSystemIdentity;
use Microsoft\Graph\Beta\Generated\Models\SamlIdentitySource;
use Microsoft\Graph\Beta\Generated\Models\PermissionsDefinitionIdentityType;
use Microsoft\Graph\Beta\Generated\Models\RequestSchedule;
use Microsoft\Graph\Beta\Generated\Models\ExpirationPattern;
use Microsoft\Graph\Beta\Generated\Models\TicketInfo;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new ScheduledPermissionsRequest();
$requestedPermissions = new AwsPermissionsDefinition();
$requestedPermissions->setOdataType('#microsoft.graph.awsPermissionsDefinition');
$requestedPermissionsAuthorizationSystemInfo = new PermissionsDefinitionAuthorizationSystem();
$requestedPermissionsAuthorizationSystemInfo->setAuthorizationSystemId('956987887735');
$requestedPermissionsAuthorizationSystemInfo->setAuthorizationSystemType('AWS');
$requestedPermissions->setAuthorizationSystemInfo($requestedPermissionsAuthorizationSystemInfo);
$requestedPermissionsActionInfo = new AwsPolicyPermissionsDefinitionAction();
$requestedPermissionsActionInfo->setOdataType('microsoft.graph.awsPolicyPermissionsDefinitionAction');
$policiesPermissionsDefinitionAwsPolicy1 = new PermissionsDefinitionAwsPolicy();
$policiesPermissionsDefinitionAwsPolicy1->setId('arn:aws:iam::956987887735:policy/AddUserToGroup');
$policiesArray []= $policiesPermissionsDefinitionAwsPolicy1;
$requestedPermissionsActionInfo->setPolicies($policiesArray);
$requestedPermissionsActionInfo->setAssignToRoleId('arn:aws:aim::956987887735:role/saml-user');
$requestedPermissions->setActionInfo($requestedPermissionsActionInfo);
$requestedPermissionsIdentityInfo = new PermissionsDefinitionAuthorizationSystemIdentity();
$requestedPermissionsIdentityInfo->setExternalId('alex@contoso.com');
$requestedPermissionsIdentityInfoSource = new SamlIdentitySource();
$requestedPermissionsIdentityInfoSource->setOdataType('microsoft.graph.samlIdentitySource');
$requestedPermissionsIdentityInfo->setSource($requestedPermissionsIdentityInfoSource);
$requestedPermissionsIdentityInfo->setIdentityType(new PermissionsDefinitionIdentityType('user'));
$requestedPermissions->setIdentityInfo($requestedPermissionsIdentityInfo);
$requestBody->setRequestedPermissions($requestedPermissions);
$requestBody->setJustification('I need to do this because I want to add a user to a group');
$requestBody->setNotes('Pretty Please');
$scheduleInfo = new RequestSchedule();
$scheduleInfoExpiration = new ExpirationPattern();
$scheduleInfoExpiration->setDuration(new \DateInterval('PT1H'));
$scheduleInfo->setExpiration($scheduleInfoExpiration);
$requestBody->setScheduleInfo($scheduleInfo);
$ticketInfo = new TicketInfo();
$ticketInfo->setTicketNumber('INC1234567');
$ticketInfo->setTicketSystem('ServiceNow');
$ticketInfo->setTicketSubmitterIdentityId('alex@contoso.com');
$ticketInfo->setTicketApproverIdentityId('alexmanager@contoso.com');
$requestBody->setTicketInfo($ticketInfo);
$result = $graphServiceClient->identityGovernance()->permissionsManagement()->scheduledPermissionsRequests()->post($requestBody)->wait();
Lea la documentación del SDK para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider .
Import-Module Microsoft.Graph.Beta.Identity.Governance
$params = @{
requestedPermissions = @{
"@odata.type" = "#microsoft.graph.awsPermissionsDefinition"
authorizationSystemInfo = @{
authorizationSystemId = "956987887735"
authorizationSystemType = "AWS"
}
actionInfo = @{
"@odata.type" = "microsoft.graph.awsPolicyPermissionsDefinitionAction"
policies = @(
@{
id = "arn:aws:iam::956987887735:policy/AddUserToGroup"
}
)
assignToRoleId = "arn:aws:aim::956987887735:role/saml-user"
}
identityInfo = @{
externalId = "alex@contoso.com"
source = @{
"@odata.type" = "microsoft.graph.samlIdentitySource"
}
identityType = "user"
}
}
justification = "I need to do this because I want to add a user to a group"
notes = "Pretty Please"
scheduleInfo = @{
expiration = @{
duration = "PT1H"
}
}
ticketInfo = @{
ticketNumber = "INC1234567"
ticketSystem = "ServiceNow"
ticketSubmitterIdentityId = "alex@contoso.com"
ticketApproverIdentityId = "alexmanager@contoso.com"
}
}
New-MgBetaIdentityGovernancePermissionManagementScheduledPermissionRequest -BodyParameter $params
Lea la documentación del SDK para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider .
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.scheduled_permissions_request import ScheduledPermissionsRequest
from msgraph_beta.generated.models.aws_permissions_definition import AwsPermissionsDefinition
from msgraph_beta.generated.models.permissions_definition_authorization_system import PermissionsDefinitionAuthorizationSystem
from msgraph_beta.generated.models.aws_policy_permissions_definition_action import AwsPolicyPermissionsDefinitionAction
from msgraph_beta.generated.models.permissions_definition_aws_policy import PermissionsDefinitionAwsPolicy
from msgraph_beta.generated.models.permissions_definition_authorization_system_identity import PermissionsDefinitionAuthorizationSystemIdentity
from msgraph_beta.generated.models.saml_identity_source import SamlIdentitySource
from msgraph_beta.generated.models.permissions_definition_identity_type import PermissionsDefinitionIdentityType
from msgraph_beta.generated.models.request_schedule import RequestSchedule
from msgraph_beta.generated.models.expiration_pattern import ExpirationPattern
from msgraph_beta.generated.models.ticket_info import TicketInfo
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = ScheduledPermissionsRequest(
requested_permissions = AwsPermissionsDefinition(
odata_type = "#microsoft.graph.awsPermissionsDefinition",
authorization_system_info = PermissionsDefinitionAuthorizationSystem(
authorization_system_id = "956987887735",
authorization_system_type = "AWS",
),
action_info = AwsPolicyPermissionsDefinitionAction(
odata_type = "microsoft.graph.awsPolicyPermissionsDefinitionAction",
policies = [
PermissionsDefinitionAwsPolicy(
id = "arn:aws:iam::956987887735:policy/AddUserToGroup",
),
],
assign_to_role_id = "arn:aws:aim::956987887735:role/saml-user",
),
identity_info = PermissionsDefinitionAuthorizationSystemIdentity(
external_id = "alex@contoso.com",
source = SamlIdentitySource(
odata_type = "microsoft.graph.samlIdentitySource",
),
identity_type = PermissionsDefinitionIdentityType.User,
),
),
justification = "I need to do this because I want to add a user to a group",
notes = "Pretty Please",
schedule_info = RequestSchedule(
expiration = ExpirationPattern(
duration = "PT1H",
),
),
ticket_info = TicketInfo(
ticket_number = "INC1234567",
ticket_system = "ServiceNow",
ticket_submitter_identity_id = "alex@contoso.com",
ticket_approver_identity_id = "alexmanager@contoso.com",
),
)
result = await graph_client.identity_governance.permissions_management.scheduled_permissions_requests.post(request_body)
Lea la documentación del SDK para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider .
POST https://graph.microsoft.com/beta/identityGovernance/permissionsManagement/scheduledPermissionsRequests
Content-Type: application/json
{
"requestedPermissions": {
"@odata.type": "microsoft.graph.awsPermissionsDefinition",
"authorizationSystemInfo": {
"authorizationSystemId": "956987887735",
"authorizationSystemType": "AWS"
},
"actionInfo": {
"@odata.type": "microsoft.graph.awsActionsPermissionsDefinitionAction",
"statements": [
{
"statementId": "test1",
"actions": ["s3:AbortMultipartUpload", "s3:CreateBucket"],
"notActions": [],
"resources": ["*"],
"notResources": [],
"effect": "allow",
"condition": {
"NumericLessThanEquals": { "aws:MultiFactorAuthAge": "3600" }
}
},
{
"statementId": "test2",
"actions": ["s3:Delete:*"],
"notActions": [],
"resources": ["*"],
"notResources": [],
"effect": "allow",
"condition": {
"NumericLessThanEquals": { "aws:MultiFactorAuthAge": "3600" }
}
}
],
"assignToRoleId": "arn:aws:iam::956987887735:role/ck-saml-power-user"
},
"identityInfo": {
"externalId": "rsn:alex@contoso.com",
"source": {
"@odata.type": "microsoft.graph.samlIdentitySource"
},
"identityType": "user"
}
},
"justification": "I need to do this because I want to access S3 resources",
"notes": "Please",
"scheduleInfo": {
"startDateTime": "2023-02-08T12:15:00Z",
"expiration": {
"duration": "PT1H"
},
"recurrence": {
"pattern": {
"dayOfMonth": 5,
"daysOfWeek": [],
"interval": 1,
"reccurencePatternType": "absoluteMonthly"
},
"range": {
"startDate": "2023-02-08",
"reccurenceRangeType": "noEnd"
}
}
},
"ticketInfo": {
"ticketNumber": "INC1234567",
"ticketSystem": "ServiceNow",
"ticketSubmitterIdentityId": "alex@contoso.com",
"ticketApproverIdentityId": "alexmanager@contoso.com"
}
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models;
using Microsoft.Kiota.Abstractions.Serialization;
var requestBody = new ScheduledPermissionsRequest
{
RequestedPermissions = new AwsPermissionsDefinition
{
OdataType = "microsoft.graph.awsPermissionsDefinition",
AuthorizationSystemInfo = new PermissionsDefinitionAuthorizationSystem
{
AuthorizationSystemId = "956987887735",
AuthorizationSystemType = "AWS",
},
ActionInfo = new AwsActionsPermissionsDefinitionAction
{
OdataType = "microsoft.graph.awsActionsPermissionsDefinitionAction",
Statements = new List<AwsStatement>
{
new AwsStatement
{
StatementId = "test1",
Actions = new List<string>
{
"s3:AbortMultipartUpload",
"s3:CreateBucket",
},
NotActions = new List<string>
{
},
Resources = new List<string>
{
"*",
},
NotResources = new List<string>
{
},
Effect = AwsStatementEffect.Allow,
Condition = new AwsCondition
{
AdditionalData = new Dictionary<string, object>
{
{
"NumericLessThanEquals" , new UntypedObject(new Dictionary<string, UntypedNode>
{
{
"aws:MultiFactorAuthAge", new UntypedString("3600")
},
})
},
},
},
},
new AwsStatement
{
StatementId = "test2",
Actions = new List<string>
{
"s3:Delete:*",
},
NotActions = new List<string>
{
},
Resources = new List<string>
{
"*",
},
NotResources = new List<string>
{
},
Effect = AwsStatementEffect.Allow,
Condition = new AwsCondition
{
AdditionalData = new Dictionary<string, object>
{
{
"NumericLessThanEquals" , new UntypedObject(new Dictionary<string, UntypedNode>
{
{
"aws:MultiFactorAuthAge", new UntypedString("3600")
},
})
},
},
},
},
},
AssignToRoleId = "arn:aws:iam::956987887735:role/ck-saml-power-user",
},
IdentityInfo = new PermissionsDefinitionAuthorizationSystemIdentity
{
ExternalId = "rsn:alex@contoso.com",
Source = new SamlIdentitySource
{
OdataType = "microsoft.graph.samlIdentitySource",
},
IdentityType = PermissionsDefinitionIdentityType.User,
},
},
Justification = "I need to do this because I want to access S3 resources",
Notes = "Please",
ScheduleInfo = new RequestSchedule
{
StartDateTime = DateTimeOffset.Parse("2023-02-08T12:15:00Z"),
Expiration = new ExpirationPattern
{
Duration = TimeSpan.Parse("PT1H"),
},
Recurrence = new PatternedRecurrence
{
Pattern = new RecurrencePattern
{
DayOfMonth = 5,
DaysOfWeek = new List<DayOfWeekObject>
{
},
Interval = 1,
AdditionalData = new Dictionary<string, object>
{
{
"reccurencePatternType" , "absoluteMonthly"
},
},
},
Range = new RecurrenceRange
{
StartDate = new Date(DateTime.Parse("2023-02-08")),
AdditionalData = new Dictionary<string, object>
{
{
"reccurenceRangeType" , "noEnd"
},
},
},
},
},
TicketInfo = new TicketInfo
{
TicketNumber = "INC1234567",
TicketSystem = "ServiceNow",
TicketSubmitterIdentityId = "alex@contoso.com",
TicketApproverIdentityId = "alexmanager@contoso.com",
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.PermissionsManagement.ScheduledPermissionsRequests.PostAsync(requestBody);
Lea la documentación del SDK para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider .
mgc-beta identity-governance permissions-management scheduled-permissions-requests post --body '{\
"requestedPermissions": {\
"@odata.type": "microsoft.graph.awsPermissionsDefinition",\
"authorizationSystemInfo": {\
"authorizationSystemId": "956987887735",\
"authorizationSystemType": "AWS"\
},\
"actionInfo": {\
"@odata.type": "microsoft.graph.awsActionsPermissionsDefinitionAction",\
"statements": [\
{\
"statementId": "test1",\
"actions": ["s3:AbortMultipartUpload", "s3:CreateBucket"],\
"notActions": [],\
"resources": ["*"],\
"notResources": [],\
"effect": "allow",\
"condition": {\
"NumericLessThanEquals": { "aws:MultiFactorAuthAge": "3600" }\
}\
},\
{\
"statementId": "test2",\
"actions": ["s3:Delete:*"],\
"notActions": [],\
"resources": ["*"],\
"notResources": [],\
"effect": "allow",\
"condition": {\
"NumericLessThanEquals": { "aws:MultiFactorAuthAge": "3600" }\
}\
}\
],\
"assignToRoleId": "arn:aws:iam::956987887735:role/ck-saml-power-user"\
},\
"identityInfo": {\
"externalId": "rsn:alex@contoso.com",\
"source": {\
"@odata.type": "microsoft.graph.samlIdentitySource"\
},\
"identityType": "user"\
}\
},\
"justification": "I need to do this because I want to access S3 resources",\
"notes": "Please",\
"scheduleInfo": {\
"startDateTime": "2023-02-08T12:15:00Z",\
"expiration": {\
"duration": "PT1H"\
},\
"recurrence": {\
"pattern": {\
"dayOfMonth": 5,\
"daysOfWeek": [],\
"interval": 1,\
"reccurencePatternType": "absoluteMonthly"\
},\
"range": {\
"startDate": "2023-02-08",\
"reccurenceRangeType": "noEnd"\
}\
}\
},\
"ticketInfo": {\
"ticketNumber": "INC1234567",\
"ticketSystem": "ServiceNow",\
"ticketSubmitterIdentityId": "alex@contoso.com",\
"ticketApproverIdentityId": "alexmanager@contoso.com"\
}\
}\
'
Lea la documentación del SDK para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider .
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewScheduledPermissionsRequest()
requestedPermissions := graphmodels.NewAwsPermissionsDefinition()
authorizationSystemInfo := graphmodels.NewPermissionsDefinitionAuthorizationSystem()
authorizationSystemId := "956987887735"
authorizationSystemInfo.SetAuthorizationSystemId(&authorizationSystemId)
authorizationSystemType := "AWS"
authorizationSystemInfo.SetAuthorizationSystemType(&authorizationSystemType)
requestedPermissions.SetAuthorizationSystemInfo(authorizationSystemInfo)
actionInfo := graphmodels.NewAwsActionsPermissionsDefinitionAction()
awsStatement := graphmodels.NewAwsStatement()
statementId := "test1"
awsStatement.SetStatementId(&statementId)
actions := []string {
"s3:AbortMultipartUpload",
"s3:CreateBucket",
}
awsStatement.SetActions(actions)
notActions := []string {
}
awsStatement.SetNotActions(notActions)
resources := []string {
"*",
}
awsStatement.SetResources(resources)
notResources := []string {
}
awsStatement.SetNotResources(notResources)
effect := graphmodels.ALLOW_AWSSTATEMENTEFFECT
awsStatement.SetEffect(&effect)
condition := graphmodels.NewAwsCondition()
additionalData := map[string]interface{}{
numericLessThanEquals := graph.New()
aws:MultiFactorAuthAge := "3600"
numericLessThanEquals.SetAws:MultiFactorAuthAge(&aws:MultiFactorAuthAge)
condition.SetNumericLessThanEquals(numericLessThanEquals)
}
condition.SetAdditionalData(additionalData)
awsStatement.SetCondition(condition)
awsStatement1 := graphmodels.NewAwsStatement()
statementId := "test2"
awsStatement1.SetStatementId(&statementId)
actions := []string {
"s3:Delete:*",
}
awsStatement1.SetActions(actions)
notActions := []string {
}
awsStatement1.SetNotActions(notActions)
resources := []string {
"*",
}
awsStatement1.SetResources(resources)
notResources := []string {
}
awsStatement1.SetNotResources(notResources)
effect := graphmodels.ALLOW_AWSSTATEMENTEFFECT
awsStatement1.SetEffect(&effect)
condition := graphmodels.NewAwsCondition()
additionalData := map[string]interface{}{
numericLessThanEquals := graph.New()
aws:MultiFactorAuthAge := "3600"
numericLessThanEquals.SetAws:MultiFactorAuthAge(&aws:MultiFactorAuthAge)
condition.SetNumericLessThanEquals(numericLessThanEquals)
}
condition.SetAdditionalData(additionalData)
awsStatement1.SetCondition(condition)
statements := []graphmodels.AwsStatementable {
awsStatement,
awsStatement1,
}
actionInfo.SetStatements(statements)
assignToRoleId := "arn:aws:iam::956987887735:role/ck-saml-power-user"
actionInfo.SetAssignToRoleId(&assignToRoleId)
requestedPermissions.SetActionInfo(actionInfo)
identityInfo := graphmodels.NewPermissionsDefinitionAuthorizationSystemIdentity()
externalId := "rsn:alex@contoso.com"
identityInfo.SetExternalId(&externalId)
source := graphmodels.NewSamlIdentitySource()
identityInfo.SetSource(source)
identityType := graphmodels.USER_PERMISSIONSDEFINITIONIDENTITYTYPE
identityInfo.SetIdentityType(&identityType)
requestedPermissions.SetIdentityInfo(identityInfo)
requestBody.SetRequestedPermissions(requestedPermissions)
justification := "I need to do this because I want to access S3 resources"
requestBody.SetJustification(&justification)
notes := "Please"
requestBody.SetNotes(¬es)
scheduleInfo := graphmodels.NewRequestSchedule()
startDateTime , err := time.Parse(time.RFC3339, "2023-02-08T12:15:00Z")
scheduleInfo.SetStartDateTime(&startDateTime)
expiration := graphmodels.NewExpirationPattern()
duration , err := abstractions.ParseISODuration("PT1H")
expiration.SetDuration(&duration)
scheduleInfo.SetExpiration(expiration)
recurrence := graphmodels.NewPatternedRecurrence()
pattern := graphmodels.NewRecurrencePattern()
dayOfMonth := int32(5)
pattern.SetDayOfMonth(&dayOfMonth)
daysOfWeek := []graphmodels.DayOfWeekable {
}
pattern.SetDaysOfWeek(daysOfWeek)
interval := int32(1)
pattern.SetInterval(&interval)
additionalData := map[string]interface{}{
"reccurencePatternType" : "absoluteMonthly",
}
pattern.SetAdditionalData(additionalData)
recurrence.SetPattern(pattern)
range := graphmodels.NewRecurrenceRange()
startDate := 2023-02-08
range.SetStartDate(&startDate)
additionalData := map[string]interface{}{
"reccurenceRangeType" : "noEnd",
}
range.SetAdditionalData(additionalData)
recurrence.SetRange(range)
scheduleInfo.SetRecurrence(recurrence)
requestBody.SetScheduleInfo(scheduleInfo)
ticketInfo := graphmodels.NewTicketInfo()
ticketNumber := "INC1234567"
ticketInfo.SetTicketNumber(&ticketNumber)
ticketSystem := "ServiceNow"
ticketInfo.SetTicketSystem(&ticketSystem)
ticketSubmitterIdentityId := "alex@contoso.com"
ticketInfo.SetTicketSubmitterIdentityId(&ticketSubmitterIdentityId)
ticketApproverIdentityId := "alexmanager@contoso.com"
ticketInfo.SetTicketApproverIdentityId(&ticketApproverIdentityId)
requestBody.SetTicketInfo(ticketInfo)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
scheduledPermissionsRequests, err := graphClient.IdentityGovernance().PermissionsManagement().ScheduledPermissionsRequests().Post(context.Background(), requestBody, nil)
Lea la documentación del SDK para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider .
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
ScheduledPermissionsRequest scheduledPermissionsRequest = new ScheduledPermissionsRequest();
AwsPermissionsDefinition requestedPermissions = new AwsPermissionsDefinition();
requestedPermissions.setOdataType("microsoft.graph.awsPermissionsDefinition");
PermissionsDefinitionAuthorizationSystem authorizationSystemInfo = new PermissionsDefinitionAuthorizationSystem();
authorizationSystemInfo.setAuthorizationSystemId("956987887735");
authorizationSystemInfo.setAuthorizationSystemType("AWS");
requestedPermissions.setAuthorizationSystemInfo(authorizationSystemInfo);
AwsActionsPermissionsDefinitionAction actionInfo = new AwsActionsPermissionsDefinitionAction();
actionInfo.setOdataType("microsoft.graph.awsActionsPermissionsDefinitionAction");
LinkedList<AwsStatement> statements = new LinkedList<AwsStatement>();
AwsStatement awsStatement = new AwsStatement();
awsStatement.setStatementId("test1");
LinkedList<String> actions = new LinkedList<String>();
actions.add("s3:AbortMultipartUpload");
actions.add("s3:CreateBucket");
awsStatement.setActions(actions);
LinkedList<String> notActions = new LinkedList<String>();
awsStatement.setNotActions(notActions);
LinkedList<String> resources = new LinkedList<String>();
resources.add("*");
awsStatement.setResources(resources);
LinkedList<String> notResources = new LinkedList<String>();
awsStatement.setNotResources(notResources);
awsStatement.setEffect(AwsStatementEffect.Allow);
AwsCondition condition = new AwsCondition();
HashMap<String, Object> additionalData = new HashMap<String, Object>();
numericLessThanEquals = new ();
numericLessThanEquals.setAwsMultiFactorAuthAge("3600");
additionalData.put("NumericLessThanEquals", numericLessThanEquals);
condition.setAdditionalData(additionalData);
awsStatement.setCondition(condition);
statements.add(awsStatement);
AwsStatement awsStatement1 = new AwsStatement();
awsStatement1.setStatementId("test2");
LinkedList<String> actions1 = new LinkedList<String>();
actions1.add("s3:Delete:*");
awsStatement1.setActions(actions1);
LinkedList<String> notActions1 = new LinkedList<String>();
awsStatement1.setNotActions(notActions1);
LinkedList<String> resources1 = new LinkedList<String>();
resources1.add("*");
awsStatement1.setResources(resources1);
LinkedList<String> notResources1 = new LinkedList<String>();
awsStatement1.setNotResources(notResources1);
awsStatement1.setEffect(AwsStatementEffect.Allow);
AwsCondition condition1 = new AwsCondition();
HashMap<String, Object> additionalData1 = new HashMap<String, Object>();
numericLessThanEquals1 = new ();
numericLessThanEquals1.setAwsMultiFactorAuthAge("3600");
additionalData1.put("NumericLessThanEquals", numericLessThanEquals1);
condition1.setAdditionalData(additionalData1);
awsStatement1.setCondition(condition1);
statements.add(awsStatement1);
actionInfo.setStatements(statements);
actionInfo.setAssignToRoleId("arn:aws:iam::956987887735:role/ck-saml-power-user");
requestedPermissions.setActionInfo(actionInfo);
PermissionsDefinitionAuthorizationSystemIdentity identityInfo = new PermissionsDefinitionAuthorizationSystemIdentity();
identityInfo.setExternalId("rsn:alex@contoso.com");
SamlIdentitySource source = new SamlIdentitySource();
source.setOdataType("microsoft.graph.samlIdentitySource");
identityInfo.setSource(source);
identityInfo.setIdentityType(PermissionsDefinitionIdentityType.User);
requestedPermissions.setIdentityInfo(identityInfo);
scheduledPermissionsRequest.setRequestedPermissions(requestedPermissions);
scheduledPermissionsRequest.setJustification("I need to do this because I want to access S3 resources");
scheduledPermissionsRequest.setNotes("Please");
RequestSchedule scheduleInfo = new RequestSchedule();
OffsetDateTime startDateTime = OffsetDateTime.parse("2023-02-08T12:15:00Z");
scheduleInfo.setStartDateTime(startDateTime);
ExpirationPattern expiration = new ExpirationPattern();
PeriodAndDuration duration = PeriodAndDuration.ofDuration(Duration.parse("PT1H"));
expiration.setDuration(duration);
scheduleInfo.setExpiration(expiration);
PatternedRecurrence recurrence = new PatternedRecurrence();
RecurrencePattern pattern = new RecurrencePattern();
pattern.setDayOfMonth(5);
LinkedList<DayOfWeek> daysOfWeek = new LinkedList<DayOfWeek>();
pattern.setDaysOfWeek(daysOfWeek);
pattern.setInterval(1);
HashMap<String, Object> additionalData2 = new HashMap<String, Object>();
additionalData2.put("reccurencePatternType", "absoluteMonthly");
pattern.setAdditionalData(additionalData2);
recurrence.setPattern(pattern);
RecurrenceRange range = new RecurrenceRange();
LocalDate startDate = LocalDate.parse("2023-02-08");
range.setStartDate(startDate);
HashMap<String, Object> additionalData3 = new HashMap<String, Object>();
additionalData3.put("reccurenceRangeType", "noEnd");
range.setAdditionalData(additionalData3);
recurrence.setRange(range);
scheduleInfo.setRecurrence(recurrence);
scheduledPermissionsRequest.setScheduleInfo(scheduleInfo);
TicketInfo ticketInfo = new TicketInfo();
ticketInfo.setTicketNumber("INC1234567");
ticketInfo.setTicketSystem("ServiceNow");
ticketInfo.setTicketSubmitterIdentityId("alex@contoso.com");
ticketInfo.setTicketApproverIdentityId("alexmanager@contoso.com");
scheduledPermissionsRequest.setTicketInfo(ticketInfo);
ScheduledPermissionsRequest result = graphClient.identityGovernance().permissionsManagement().scheduledPermissionsRequests().post(scheduledPermissionsRequest);
Lea la documentación del SDK para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider .
const options = {
authProvider,
};
const client = Client.init(options);
const scheduledPermissionsRequest = {
requestedPermissions: {
'@odata.type': 'microsoft.graph.awsPermissionsDefinition',
authorizationSystemInfo: {
authorizationSystemId: '956987887735',
authorizationSystemType: 'AWS'
},
actionInfo: {
'@odata.type': 'microsoft.graph.awsActionsPermissionsDefinitionAction',
statements: [
{
statementId: 'test1',
actions: ['s3:AbortMultipartUpload', 's3:CreateBucket'],
notActions: [],
resources: ['*'],
notResources: [],
effect: 'allow',
condition: {
NumericLessThanEquals: { 'aws:MultiFactorAuthAge': '3600' }
}
},
{
statementId: 'test2',
actions: ['s3:Delete:*'],
notActions: [],
resources: ['*'],
notResources: [],
effect: 'allow',
condition: {
NumericLessThanEquals: { 'aws:MultiFactorAuthAge': '3600' }
}
}
],
assignToRoleId: 'arn:aws:iam::956987887735:role/ck-saml-power-user'
},
identityInfo: {
externalId: 'rsn:alex@contoso.com',
source: {
'@odata.type': 'microsoft.graph.samlIdentitySource'
},
identityType: 'user'
}
},
justification: 'I need to do this because I want to access S3 resources',
notes: 'Please',
scheduleInfo: {
startDateTime: '2023-02-08T12:15:00Z',
expiration: {
duration: 'PT1H'
},
recurrence: {
pattern: {
dayOfMonth: 5,
daysOfWeek: [],
interval: 1,
reccurencePatternType: 'absoluteMonthly'
},
range: {
startDate: '2023-02-08',
reccurenceRangeType: 'noEnd'
}
}
},
ticketInfo: {
ticketNumber: 'INC1234567',
ticketSystem: 'ServiceNow',
ticketSubmitterIdentityId: 'alex@contoso.com',
ticketApproverIdentityId: 'alexmanager@contoso.com'
}
};
await client.api('/identityGovernance/permissionsManagement/scheduledPermissionsRequests')
.version('beta')
.post(scheduledPermissionsRequest);
Lea la documentación del SDK para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider .
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\ScheduledPermissionsRequest;
use Microsoft\Graph\Beta\Generated\Models\AwsPermissionsDefinition;
use Microsoft\Graph\Beta\Generated\Models\PermissionsDefinitionAuthorizationSystem;
use Microsoft\Graph\Beta\Generated\Models\AwsActionsPermissionsDefinitionAction;
use Microsoft\Graph\Beta\Generated\Models\AwsStatement;
use Microsoft\Graph\Beta\Generated\Models\AwsStatementEffect;
use Microsoft\Graph\Beta\Generated\Models\AwsCondition;
use Microsoft\Graph\Beta\Generated\Models\PermissionsDefinitionAuthorizationSystemIdentity;
use Microsoft\Graph\Beta\Generated\Models\SamlIdentitySource;
use Microsoft\Graph\Beta\Generated\Models\PermissionsDefinitionIdentityType;
use Microsoft\Graph\Beta\Generated\Models\RequestSchedule;
use Microsoft\Graph\Beta\Generated\Models\ExpirationPattern;
use Microsoft\Graph\Beta\Generated\Models\PatternedRecurrence;
use Microsoft\Graph\Beta\Generated\Models\RecurrencePattern;
use Microsoft\Graph\Beta\Generated\Models\DayOfWeek;
use Microsoft\Graph\Beta\Generated\Models\RecurrenceRange;
use Microsoft\Kiota\Abstractions\Types\Date;
use Microsoft\Graph\Beta\Generated\Models\TicketInfo;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new ScheduledPermissionsRequest();
$requestedPermissions = new AwsPermissionsDefinition();
$requestedPermissions->setOdataType('microsoft.graph.awsPermissionsDefinition');
$requestedPermissionsAuthorizationSystemInfo = new PermissionsDefinitionAuthorizationSystem();
$requestedPermissionsAuthorizationSystemInfo->setAuthorizationSystemId('956987887735');
$requestedPermissionsAuthorizationSystemInfo->setAuthorizationSystemType('AWS');
$requestedPermissions->setAuthorizationSystemInfo($requestedPermissionsAuthorizationSystemInfo);
$requestedPermissionsActionInfo = new AwsActionsPermissionsDefinitionAction();
$requestedPermissionsActionInfo->setOdataType('microsoft.graph.awsActionsPermissionsDefinitionAction');
$statementsAwsStatement1 = new AwsStatement();
$statementsAwsStatement1->setStatementId('test1');
$statementsAwsStatement1->setActions(['s3:AbortMultipartUpload', 's3:CreateBucket', ]);
$statementsAwsStatement1->setNotActions([ ]);
$statementsAwsStatement1->setResources(['*', ]);
$statementsAwsStatement1->setNotResources([ ]);
$statementsAwsStatement1->setEffect(new AwsStatementEffect('allow'));
$statementsAwsStatement1Condition = new AwsCondition();
$additionalData = [
'NumericLessThanEquals' => [
'aws:MultiFactorAuthAge' => '3600',
],
];
$statementsAwsStatement1Condition->setAdditionalData($additionalData);
$statementsAwsStatement1->setCondition($statementsAwsStatement1Condition);
$statementsArray []= $statementsAwsStatement1;
$statementsAwsStatement2 = new AwsStatement();
$statementsAwsStatement2->setStatementId('test2');
$statementsAwsStatement2->setActions(['s3:Delete:*', ]);
$statementsAwsStatement2->setNotActions([ ]);
$statementsAwsStatement2->setResources(['*', ]);
$statementsAwsStatement2->setNotResources([ ]);
$statementsAwsStatement2->setEffect(new AwsStatementEffect('allow'));
$statementsAwsStatement2Condition = new AwsCondition();
$additionalData = [
'NumericLessThanEquals' => [
'aws:MultiFactorAuthAge' => '3600',
],
];
$statementsAwsStatement2Condition->setAdditionalData($additionalData);
$statementsAwsStatement2->setCondition($statementsAwsStatement2Condition);
$statementsArray []= $statementsAwsStatement2;
$requestedPermissionsActionInfo->setStatements($statementsArray);
$requestedPermissionsActionInfo->setAssignToRoleId('arn:aws:iam::956987887735:role/ck-saml-power-user');
$requestedPermissions->setActionInfo($requestedPermissionsActionInfo);
$requestedPermissionsIdentityInfo = new PermissionsDefinitionAuthorizationSystemIdentity();
$requestedPermissionsIdentityInfo->setExternalId('rsn:alex@contoso.com');
$requestedPermissionsIdentityInfoSource = new SamlIdentitySource();
$requestedPermissionsIdentityInfoSource->setOdataType('microsoft.graph.samlIdentitySource');
$requestedPermissionsIdentityInfo->setSource($requestedPermissionsIdentityInfoSource);
$requestedPermissionsIdentityInfo->setIdentityType(new PermissionsDefinitionIdentityType('user'));
$requestedPermissions->setIdentityInfo($requestedPermissionsIdentityInfo);
$requestBody->setRequestedPermissions($requestedPermissions);
$requestBody->setJustification('I need to do this because I want to access S3 resources');
$requestBody->setNotes('Please');
$scheduleInfo = new RequestSchedule();
$scheduleInfo->setStartDateTime(new \DateTime('2023-02-08T12:15:00Z'));
$scheduleInfoExpiration = new ExpirationPattern();
$scheduleInfoExpiration->setDuration(new \DateInterval('PT1H'));
$scheduleInfo->setExpiration($scheduleInfoExpiration);
$scheduleInfoRecurrence = new PatternedRecurrence();
$scheduleInfoRecurrencePattern = new RecurrencePattern();
$scheduleInfoRecurrencePattern->setDayOfMonth(5);
$scheduleInfoRecurrencePattern->setDaysOfWeek([]);
$scheduleInfoRecurrencePattern->setInterval(1);
$additionalData = [
'reccurencePatternType' => 'absoluteMonthly',
];
$scheduleInfoRecurrencePattern->setAdditionalData($additionalData);
$scheduleInfoRecurrence->setPattern($scheduleInfoRecurrencePattern);
$scheduleInfoRecurrenceRange = new RecurrenceRange();
$scheduleInfoRecurrenceRange->setStartDate(new Date('2023-02-08'));
$additionalData = [
'reccurenceRangeType' => 'noEnd',
];
$scheduleInfoRecurrenceRange->setAdditionalData($additionalData);
$scheduleInfoRecurrence->setRange($scheduleInfoRecurrenceRange);
$scheduleInfo->setRecurrence($scheduleInfoRecurrence);
$requestBody->setScheduleInfo($scheduleInfo);
$ticketInfo = new TicketInfo();
$ticketInfo->setTicketNumber('INC1234567');
$ticketInfo->setTicketSystem('ServiceNow');
$ticketInfo->setTicketSubmitterIdentityId('alex@contoso.com');
$ticketInfo->setTicketApproverIdentityId('alexmanager@contoso.com');
$requestBody->setTicketInfo($ticketInfo);
$result = $graphServiceClient->identityGovernance()->permissionsManagement()->scheduledPermissionsRequests()->post($requestBody)->wait();
Lea la documentación del SDK para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider .
Import-Module Microsoft.Graph.Beta.Identity.Governance
$params = @{
requestedPermissions = @{
"@odata.type" = "microsoft.graph.awsPermissionsDefinition"
authorizationSystemInfo = @{
authorizationSystemId = "956987887735"
authorizationSystemType = "AWS"
}
actionInfo = @{
"@odata.type" = "microsoft.graph.awsActionsPermissionsDefinitionAction"
statements = @(
@{
statementId = "test1"
actions = @(
"s3:AbortMultipartUpload"
"s3:CreateBucket"
)
notActions = @(
)
resources = @(
"*"
)
notResources = @(
)
effect = "allow"
condition = @{
NumericLessThanEquals = @{
"aws:MultiFactorAuthAge" = "3600"
}
}
}
@{
statementId = "test2"
actions = @(
"s3:Delete:*"
)
notActions = @(
)
resources = @(
"*"
)
notResources = @(
)
effect = "allow"
condition = @{
NumericLessThanEquals = @{
"aws:MultiFactorAuthAge" = "3600"
}
}
}
)
assignToRoleId = "arn:aws:iam::956987887735:role/ck-saml-power-user"
}
identityInfo = @{
externalId = "rsn:alex@contoso.com"
source = @{
"@odata.type" = "microsoft.graph.samlIdentitySource"
}
identityType = "user"
}
}
justification = "I need to do this because I want to access S3 resources"
notes = "Please"
scheduleInfo = @{
startDateTime = [System.DateTime]::Parse("2023-02-08T12:15:00Z")
expiration = @{
duration = "PT1H"
}
recurrence = @{
pattern = @{
dayOfMonth = 5
daysOfWeek = @(
)
interval = 1
reccurencePatternType = "absoluteMonthly"
}
range = @{
startDate = "2023-02-08"
reccurenceRangeType = "noEnd"
}
}
}
ticketInfo = @{
ticketNumber = "INC1234567"
ticketSystem = "ServiceNow"
ticketSubmitterIdentityId = "alex@contoso.com"
ticketApproverIdentityId = "alexmanager@contoso.com"
}
}
New-MgBetaIdentityGovernancePermissionManagementScheduledPermissionRequest -BodyParameter $params
Lea la documentación del SDK para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider .
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.scheduled_permissions_request import ScheduledPermissionsRequest
from msgraph_beta.generated.models.aws_permissions_definition import AwsPermissionsDefinition
from msgraph_beta.generated.models.permissions_definition_authorization_system import PermissionsDefinitionAuthorizationSystem
from msgraph_beta.generated.models.aws_actions_permissions_definition_action import AwsActionsPermissionsDefinitionAction
from msgraph_beta.generated.models.aws_statement import AwsStatement
from msgraph_beta.generated.models.aws_statement_effect import AwsStatementEffect
from msgraph_beta.generated.models.aws_condition import AwsCondition
from msgraph_beta.generated.models.permissions_definition_authorization_system_identity import PermissionsDefinitionAuthorizationSystemIdentity
from msgraph_beta.generated.models.saml_identity_source import SamlIdentitySource
from msgraph_beta.generated.models.permissions_definition_identity_type import PermissionsDefinitionIdentityType
from msgraph_beta.generated.models.request_schedule import RequestSchedule
from msgraph_beta.generated.models.expiration_pattern import ExpirationPattern
from msgraph_beta.generated.models.patterned_recurrence import PatternedRecurrence
from msgraph_beta.generated.models.recurrence_pattern import RecurrencePattern
from msgraph_beta.generated.models.day_of_week import DayOfWeek
from msgraph_beta.generated.models.recurrence_range import RecurrenceRange
from msgraph_beta.generated.models.ticket_info import TicketInfo
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = ScheduledPermissionsRequest(
requested_permissions = AwsPermissionsDefinition(
odata_type = "microsoft.graph.awsPermissionsDefinition",
authorization_system_info = PermissionsDefinitionAuthorizationSystem(
authorization_system_id = "956987887735",
authorization_system_type = "AWS",
),
action_info = AwsActionsPermissionsDefinitionAction(
odata_type = "microsoft.graph.awsActionsPermissionsDefinitionAction",
statements = [
AwsStatement(
statement_id = "test1",
actions = [
"s3:AbortMultipartUpload",
"s3:CreateBucket",
],
not_actions = [
],
resources = [
"*",
],
not_resources = [
],
effect = AwsStatementEffect.Allow,
condition = AwsCondition(
additional_data = {
"numeric_less_than_equals" : {
"aws:_multi_factor_auth_age" : "3600",
},
}
),
),
AwsStatement(
statement_id = "test2",
actions = [
"s3:Delete:*",
],
not_actions = [
],
resources = [
"*",
],
not_resources = [
],
effect = AwsStatementEffect.Allow,
condition = AwsCondition(
additional_data = {
"numeric_less_than_equals" : {
"aws:_multi_factor_auth_age" : "3600",
},
}
),
),
],
assign_to_role_id = "arn:aws:iam::956987887735:role/ck-saml-power-user",
),
identity_info = PermissionsDefinitionAuthorizationSystemIdentity(
external_id = "rsn:alex@contoso.com",
source = SamlIdentitySource(
odata_type = "microsoft.graph.samlIdentitySource",
),
identity_type = PermissionsDefinitionIdentityType.User,
),
),
justification = "I need to do this because I want to access S3 resources",
notes = "Please",
schedule_info = RequestSchedule(
start_date_time = "2023-02-08T12:15:00Z",
expiration = ExpirationPattern(
duration = "PT1H",
),
recurrence = PatternedRecurrence(
pattern = RecurrencePattern(
day_of_month = 5,
days_of_week = [
],
interval = 1,
additional_data = {
"reccurence_pattern_type" : "absoluteMonthly",
}
),
range = RecurrenceRange(
start_date = "2023-02-08",
additional_data = {
"reccurence_range_type" : "noEnd",
}
),
),
),
ticket_info = TicketInfo(
ticket_number = "INC1234567",
ticket_system = "ServiceNow",
ticket_submitter_identity_id = "alex@contoso.com",
ticket_approver_identity_id = "alexmanager@contoso.com",
),
)
result = await graph_client.identity_governance.permissions_management.scheduled_permissions_requests.post(request_body)
Lea la documentación del SDK para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider .
El solicitante o un administrador pueden cancelar una solicitud aprobada, mientras que solo el solicitante puede cancelar una solicitud pendiente (statusDetail de submitted).