Crear assignmentPolicies

Artículo
11/22/2024

Espacio de nombres: microsoft.graph

Cree un nuevo objeto accessPackageAssignmentPolicy en Microsoft Entra administración de derechos. La solicitud incluye una referencia al accessPackage que contiene esta directiva, que ya debe existir.

Esta API está disponible en las siguientes implementaciones nacionales de nube.

Servicio global	Gobierno de EE. UU. L4	Us Government L5 (DOD)	China operada por 21Vianet
✅	✅	✅	✅

Permissions

Elija el permiso o los permisos marcados como con privilegios mínimos para esta API. Use un permiso o permisos con privilegios superiores solo si la aplicación lo requiere. Para obtener más información sobre los permisos delegados y de aplicación, consulte Tipos de permisos. Para obtener más información sobre estos permisos, consulte la referencia de permisos.

Tipo de permiso	Permisos con privilegios mínimos	Permisos con privilegios más altos
Delegado (cuenta profesional o educativa)	EntitlementManagement.ReadWrite.All	No disponible.
Delegado (cuenta personal de Microsoft)	No admitida.	No admitida.
Aplicación	EntitlementManagement.ReadWrite.All	No disponible.

Sugerencia

En escenarios delegados con cuentas profesionales o educativas, al usuario que ha iniciado sesión también se le debe asignar un rol de administrador con permisos de rol admitidos mediante una de las siguientes opciones:

Un rol en el sistema de administración de derechos donde los roles con privilegios mínimos son:
- Acceso al administrador de paquetes. Esta es la opción con menos privilegios
- Propietario del catálogo
Roles de Microsoft Entra con más privilegios admitidos para esta operación:
- Administrador de gobernanza de identidades

En escenarios de solo aplicación, se puede asignar a la aplicación que realiza la llamada uno de los roles admitidos anteriores en lugar del permiso de EntitlementManagement.ReadWrite.All aplicación. El rol administrador de paquetes de Access tiene menos privilegios que el permiso de aplicación EntitlementManagement.ReadWrite.All .

Para obtener más información, vea Delegación y roles en la administración de derechos y cómo delegar la gobernanza del acceso a administradores de paquetes de acceso en la administración de derechos.

Solicitud HTTP

POST /identityGovernance/entitlementManagement/assignmentPolicies

Encabezados de solicitud

Nombre	Descripción
Authorization	{token} de portador. Obligatorio. Obtenga más información sobre la autenticación y la autorización.
Content-Type	application/json. Obligatorio.

Cuerpo de la solicitud

En el cuerpo de la solicitud, proporcione una representación JSON del objeto accessPackageAssignmentPolicy .

Puede especificar las siguientes propiedades al crear un accessPackageAssignmentPolicy.

Propiedad	Tipo	Descripción
description	Cadena	Descripción de la directiva.
displayName	Cadena	Nombre para mostrar de la directiva.
allowedTargetScope	allowedTargetScope	A quién se le permite asignar el paquete de acceso a través de esta directiva. Los valores posibles son: `notSpecified`, `specificDirectoryUsers`, `specificConnectedOrganizationUsers`, `specificDirectoryServicePrincipals`, `allMemberUsers`, `allDirectoryUsers`, `allDirectoryServicePrincipals`, `allConfiguredConnectedOrganizationUsers`, `allExternalUsers` y `unknownFutureValue`. Opcional.
expiración	expirationPattern	Fecha de expiración de las asignaciones creadas en esta directiva.
requestApprovalSettings	accessPackageAssignmentApprovalSettings	Especifica la configuración para la aprobación de solicitudes para una asignación de paquetes de acceso a través de esta directiva. Por ejemplo, si se requiere aprobación para las nuevas solicitudes.
requestorSettings	accessPackageAssignmentRequestorSettings	Proporciona una configuración adicional para seleccionar quién puede crear una solicitud para una asignación de paquete de acceso a través de esta directiva y lo que pueden incluir en su solicitud.
reviewSettings	accessPackageAssignmentReviewSettings	Configuración de las revisiones de acceso de las asignaciones a través de esta directiva.
specificAllowedTargets	subjectSet (colección)	Las entidades de seguridad a las que se puede asignar acceso desde un paquete de acceso a través de esta directiva.
automaticRequestSettings	accessPackageAutomaticRequestSettings	Esta propiedad solo está presente para una directiva de asignación automática; si no está presente, se trata de una directiva basada en solicitudes.
accessPackage	accessPackage	Referencia al paquete de acceso que contendrá la directiva, que ya debe existir.
Preguntas	colección accessPackageQuestion	Preguntas que se presentan al solicitante.

Respuesta

Si se ejecuta correctamente, este método devuelve un 201 Created código de respuesta y un objeto accessPackageAssignmentPolicy en el cuerpo de la respuesta.

Ejemplos

Ejemplo 1: Creación de una directiva de asignación directa

Una directiva de asignación directa es útil cuando las solicitudes de asignación de paquetes de acceso solo las creará un administrador, no los propios usuarios.

Solicitud

En el ejemplo siguiente se muestra una solicitud para crear una directiva de asignación de paquetes de acceso. En esta directiva, ningún usuario puede solicitar, no se requiere aprobación y no hay revisiones de acceso.

POST https://graph.microsoft.com/v1.0/identityGovernance/entitlementManagement/assignmentPolicies
Content-Type: application/json

{
  "displayName": "New Policy",
  "description": "policy for assignment",
  "allowedTargetScope": "notSpecified",
  "specificAllowedTargets": [],
  "expiration": {
      "endDateTime": null,
      "duration": null,
      "type": "noExpiration"
  },
  "requestorSettings": {
      "enableTargetsToSelfAddAccess": false,
      "enableTargetsToSelfUpdateAccess": false,
      "enableTargetsToSelfRemoveAccess": false,
      "allowCustomAssignmentSchedule": true,
      "enableOnBehalfRequestorsToAddAccess": false,
      "enableOnBehalfRequestorsToUpdateAccess": false,
      "enableOnBehalfRequestorsToRemoveAccess": false,
      "onBehalfRequestors": []
  },
  "requestApprovalSettings": {
      "isApprovalRequiredForAdd": false,
      "isApprovalRequiredForUpdate": false,
      "stages": []
  },
  "accessPackage": {
      "id": "a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b"
  }
}


// Code snippets are only available for the latest version. Current version is 5.x

// Dependencies
using Microsoft.Graph.Models;

var requestBody = new AccessPackageAssignmentPolicy
{
	DisplayName = "New Policy",
	Description = "policy for assignment",
	AllowedTargetScope = AllowedTargetScope.NotSpecified,
	SpecificAllowedTargets = new List<SubjectSet>
	{
	},
	Expiration = new ExpirationPattern
	{
		EndDateTime = null,
		Duration = null,
		Type = ExpirationPatternType.NoExpiration,
	},
	RequestorSettings = new AccessPackageAssignmentRequestorSettings
	{
		EnableTargetsToSelfAddAccess = false,
		EnableTargetsToSelfUpdateAccess = false,
		EnableTargetsToSelfRemoveAccess = false,
		AllowCustomAssignmentSchedule = true,
		EnableOnBehalfRequestorsToAddAccess = false,
		EnableOnBehalfRequestorsToUpdateAccess = false,
		EnableOnBehalfRequestorsToRemoveAccess = false,
		OnBehalfRequestors = new List<SubjectSet>
		{
		},
	},
	RequestApprovalSettings = new AccessPackageAssignmentApprovalSettings
	{
		IsApprovalRequiredForAdd = false,
		IsApprovalRequiredForUpdate = false,
		Stages = new List<AccessPackageApprovalStage>
		{
		},
	},
	AccessPackage = new AccessPackage
	{
		Id = "a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b",
	},
};

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.EntitlementManagement.AssignmentPolicies.PostAsync(requestBody);



mgc identity-governance entitlement-management assignment-policies create --body '{\
  "displayName": "New Policy",\
  "description": "policy for assignment",\
  "allowedTargetScope": "notSpecified",\
  "specificAllowedTargets": [],\
  "expiration": {\
      "endDateTime": null,\
      "duration": null,\
      "type": "noExpiration"\
  },\
  "requestorSettings": {\
      "enableTargetsToSelfAddAccess": false,\
      "enableTargetsToSelfUpdateAccess": false,\
      "enableTargetsToSelfRemoveAccess": false,\
      "allowCustomAssignmentSchedule": true,\
      "enableOnBehalfRequestorsToAddAccess": false,\
      "enableOnBehalfRequestorsToUpdateAccess": false,\
      "enableOnBehalfRequestorsToRemoveAccess": false,\
      "onBehalfRequestors": []\
  },\
  "requestApprovalSettings": {\
      "isApprovalRequiredForAdd": false,\
      "isApprovalRequiredForUpdate": false,\
      "stages": []\
  },\
  "accessPackage": {\
      "id": "a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b"\
  }\
}\
'



// Code snippets are only available for the latest major version. Current major version is $v1.*

// Dependencies
import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
	  graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
	  //other-imports
)

requestBody := graphmodels.NewAccessPackageAssignmentPolicy()
displayName := "New Policy"
requestBody.SetDisplayName(&displayName) 
description := "policy for assignment"
requestBody.SetDescription(&description) 
allowedTargetScope := graphmodels.NOTSPECIFIED_ALLOWEDTARGETSCOPE 
requestBody.SetAllowedTargetScope(&allowedTargetScope) 
specificAllowedTargets := []graphmodels.SubjectSetable {

}
requestBody.SetSpecificAllowedTargets(specificAllowedTargets)
expiration := graphmodels.NewExpirationPattern()
endDateTime := null
expiration.SetEndDateTime(&endDateTime) 
duration := null
expiration.SetDuration(&duration) 
type := graphmodels.NOEXPIRATION_EXPIRATIONPATTERNTYPE 
expiration.SetType(&type) 
requestBody.SetExpiration(expiration)
requestorSettings := graphmodels.NewAccessPackageAssignmentRequestorSettings()
enableTargetsToSelfAddAccess := false
requestorSettings.SetEnableTargetsToSelfAddAccess(&enableTargetsToSelfAddAccess) 
enableTargetsToSelfUpdateAccess := false
requestorSettings.SetEnableTargetsToSelfUpdateAccess(&enableTargetsToSelfUpdateAccess) 
enableTargetsToSelfRemoveAccess := false
requestorSettings.SetEnableTargetsToSelfRemoveAccess(&enableTargetsToSelfRemoveAccess) 
allowCustomAssignmentSchedule := true
requestorSettings.SetAllowCustomAssignmentSchedule(&allowCustomAssignmentSchedule) 
enableOnBehalfRequestorsToAddAccess := false
requestorSettings.SetEnableOnBehalfRequestorsToAddAccess(&enableOnBehalfRequestorsToAddAccess) 
enableOnBehalfRequestorsToUpdateAccess := false
requestorSettings.SetEnableOnBehalfRequestorsToUpdateAccess(&enableOnBehalfRequestorsToUpdateAccess) 
enableOnBehalfRequestorsToRemoveAccess := false
requestorSettings.SetEnableOnBehalfRequestorsToRemoveAccess(&enableOnBehalfRequestorsToRemoveAccess) 
onBehalfRequestors := []graphmodels.SubjectSetable {

}
requestorSettings.SetOnBehalfRequestors(onBehalfRequestors)
requestBody.SetRequestorSettings(requestorSettings)
requestApprovalSettings := graphmodels.NewAccessPackageAssignmentApprovalSettings()
isApprovalRequiredForAdd := false
requestApprovalSettings.SetIsApprovalRequiredForAdd(&isApprovalRequiredForAdd) 
isApprovalRequiredForUpdate := false
requestApprovalSettings.SetIsApprovalRequiredForUpdate(&isApprovalRequiredForUpdate) 
stages := []graphmodels.AccessPackageApprovalStageable {

}
requestApprovalSettings.SetStages(stages)
requestBody.SetRequestApprovalSettings(requestApprovalSettings)
accessPackage := graphmodels.NewAccessPackage()
id := "a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b"
accessPackage.SetId(&id) 
requestBody.SetAccessPackage(accessPackage)

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
assignmentPolicies, err := graphClient.IdentityGovernance().EntitlementManagement().AssignmentPolicies().Post(context.Background(), requestBody, nil)


// Code snippets are only available for the latest version. Current version is 6.x

GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);

AccessPackageAssignmentPolicy accessPackageAssignmentPolicy = new AccessPackageAssignmentPolicy();
accessPackageAssignmentPolicy.setDisplayName("New Policy");
accessPackageAssignmentPolicy.setDescription("policy for assignment");
accessPackageAssignmentPolicy.setAllowedTargetScope(AllowedTargetScope.NotSpecified);
LinkedList<SubjectSet> specificAllowedTargets = new LinkedList<SubjectSet>();
accessPackageAssignmentPolicy.setSpecificAllowedTargets(specificAllowedTargets);
ExpirationPattern expiration = new ExpirationPattern();
expiration.setEndDateTime(null);
expiration.setDuration(null);
expiration.setType(ExpirationPatternType.NoExpiration);
accessPackageAssignmentPolicy.setExpiration(expiration);
AccessPackageAssignmentRequestorSettings requestorSettings = new AccessPackageAssignmentRequestorSettings();
requestorSettings.setEnableTargetsToSelfAddAccess(false);
requestorSettings.setEnableTargetsToSelfUpdateAccess(false);
requestorSettings.setEnableTargetsToSelfRemoveAccess(false);
requestorSettings.setAllowCustomAssignmentSchedule(true);
requestorSettings.setEnableOnBehalfRequestorsToAddAccess(false);
requestorSettings.setEnableOnBehalfRequestorsToUpdateAccess(false);
requestorSettings.setEnableOnBehalfRequestorsToRemoveAccess(false);
LinkedList<SubjectSet> onBehalfRequestors = new LinkedList<SubjectSet>();
requestorSettings.setOnBehalfRequestors(onBehalfRequestors);
accessPackageAssignmentPolicy.setRequestorSettings(requestorSettings);
AccessPackageAssignmentApprovalSettings requestApprovalSettings = new AccessPackageAssignmentApprovalSettings();
requestApprovalSettings.setIsApprovalRequiredForAdd(false);
requestApprovalSettings.setIsApprovalRequiredForUpdate(false);
LinkedList<AccessPackageApprovalStage> stages = new LinkedList<AccessPackageApprovalStage>();
requestApprovalSettings.setStages(stages);
accessPackageAssignmentPolicy.setRequestApprovalSettings(requestApprovalSettings);
AccessPackage accessPackage = new AccessPackage();
accessPackage.setId("a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b");
accessPackageAssignmentPolicy.setAccessPackage(accessPackage);
AccessPackageAssignmentPolicy result = graphClient.identityGovernance().entitlementManagement().assignmentPolicies().post(accessPackageAssignmentPolicy);


const options = {
	authProvider,
};

const client = Client.init(options);

const accessPackageAssignmentPolicy = {
  displayName: 'New Policy',
  description: 'policy for assignment',
  allowedTargetScope: 'notSpecified',
  specificAllowedTargets: [],
  expiration: {
      endDateTime: null,
      duration: null,
      type: 'noExpiration'
  },
  requestorSettings: {
      enableTargetsToSelfAddAccess: false,
      enableTargetsToSelfUpdateAccess: false,
      enableTargetsToSelfRemoveAccess: false,
      allowCustomAssignmentSchedule: true,
      enableOnBehalfRequestorsToAddAccess: false,
      enableOnBehalfRequestorsToUpdateAccess: false,
      enableOnBehalfRequestorsToRemoveAccess: false,
      onBehalfRequestors: []
  },
  requestApprovalSettings: {
      isApprovalRequiredForAdd: false,
      isApprovalRequiredForUpdate: false,
      stages: []
  },
  accessPackage: {
      id: 'a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b'
  }
};

await client.api('/identityGovernance/entitlementManagement/assignmentPolicies')
	.post(accessPackageAssignmentPolicy);


<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\AccessPackageAssignmentPolicy;
use Microsoft\Graph\Generated\Models\AllowedTargetScope;
use Microsoft\Graph\Generated\Models\SubjectSet;
use Microsoft\Graph\Generated\Models\ExpirationPattern;
use Microsoft\Graph\Generated\Models\ExpirationPatternType;
use Microsoft\Graph\Generated\Models\AccessPackageAssignmentRequestorSettings;
use Microsoft\Graph\Generated\Models\AccessPackageAssignmentApprovalSettings;
use Microsoft\Graph\Generated\Models\AccessPackageApprovalStage;
use Microsoft\Graph\Generated\Models\AccessPackage;


$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);

$requestBody = new AccessPackageAssignmentPolicy();
$requestBody->setDisplayName('New Policy');
$requestBody->setDescription('policy for assignment');
$requestBody->setAllowedTargetScope(new AllowedTargetScope('notSpecified'));
$requestBody->setSpecificAllowedTargets([	]);
$expiration = new ExpirationPattern();
$expiration->setEndDateTime(null);
$expiration->setDuration(null);
$expiration->setType(new ExpirationPatternType('noExpiration'));
$requestBody->setExpiration($expiration);
$requestorSettings = new AccessPackageAssignmentRequestorSettings();
$requestorSettings->setEnableTargetsToSelfAddAccess(false);
$requestorSettings->setEnableTargetsToSelfUpdateAccess(false);
$requestorSettings->setEnableTargetsToSelfRemoveAccess(false);
$requestorSettings->setAllowCustomAssignmentSchedule(true);
$requestorSettings->setEnableOnBehalfRequestorsToAddAccess(false);
$requestorSettings->setEnableOnBehalfRequestorsToUpdateAccess(false);
$requestorSettings->setEnableOnBehalfRequestorsToRemoveAccess(false);
$requestorSettings->setOnBehalfRequestors([	]);
$requestBody->setRequestorSettings($requestorSettings);
$requestApprovalSettings = new AccessPackageAssignmentApprovalSettings();
$requestApprovalSettings->setIsApprovalRequiredForAdd(false);
$requestApprovalSettings->setIsApprovalRequiredForUpdate(false);
$requestApprovalSettings->setStages([	]);
$requestBody->setRequestApprovalSettings($requestApprovalSettings);
$accessPackage = new AccessPackage();
$accessPackage->setId('a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b');
$requestBody->setAccessPackage($accessPackage);

$result = $graphServiceClient->identityGovernance()->entitlementManagement()->assignmentPolicies()->post($requestBody)->wait();


Import-Module Microsoft.Graph.Identity.Governance

$params = @{
	displayName = "New Policy"
	description = "policy for assignment"
	allowedTargetScope = "notSpecified"
	specificAllowedTargets = @(
	)
	expiration = @{
		endDateTime = $null
		duration = $null
		type = "noExpiration"
	}
	requestorSettings = @{
		enableTargetsToSelfAddAccess = $false
		enableTargetsToSelfUpdateAccess = $false
		enableTargetsToSelfRemoveAccess = $false
		allowCustomAssignmentSchedule = $true
		enableOnBehalfRequestorsToAddAccess = $false
		enableOnBehalfRequestorsToUpdateAccess = $false
		enableOnBehalfRequestorsToRemoveAccess = $false
		onBehalfRequestors = @(
		)
	}
	requestApprovalSettings = @{
		isApprovalRequiredForAdd = $false
		isApprovalRequiredForUpdate = $false
		stages = @(
		)
	}
	accessPackage = @{
		id = "a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b"
	}
}

New-MgEntitlementManagementAssignmentPolicy -BodyParameter $params


# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.models.access_package_assignment_policy import AccessPackageAssignmentPolicy
from msgraph.generated.models.allowed_target_scope import AllowedTargetScope
from msgraph.generated.models.subject_set import SubjectSet
from msgraph.generated.models.expiration_pattern import ExpirationPattern
from msgraph.generated.models.expiration_pattern_type import ExpirationPatternType
from msgraph.generated.models.access_package_assignment_requestor_settings import AccessPackageAssignmentRequestorSettings
from msgraph.generated.models.access_package_assignment_approval_settings import AccessPackageAssignmentApprovalSettings
from msgraph.generated.models.access_package_approval_stage import AccessPackageApprovalStage
from msgraph.generated.models.access_package import AccessPackage
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = AccessPackageAssignmentPolicy(
	display_name = "New Policy",
	description = "policy for assignment",
	allowed_target_scope = AllowedTargetScope.NotSpecified,
	specific_allowed_targets = [
	],
	expiration = ExpirationPattern(
		end_date_time = None,
		duration = None,
		type = ExpirationPatternType.NoExpiration,
	),
	requestor_settings = AccessPackageAssignmentRequestorSettings(
		enable_targets_to_self_add_access = False,
		enable_targets_to_self_update_access = False,
		enable_targets_to_self_remove_access = False,
		allow_custom_assignment_schedule = True,
		enable_on_behalf_requestors_to_add_access = False,
		enable_on_behalf_requestors_to_update_access = False,
		enable_on_behalf_requestors_to_remove_access = False,
		on_behalf_requestors = [
		],
	),
	request_approval_settings = AccessPackageAssignmentApprovalSettings(
		is_approval_required_for_add = False,
		is_approval_required_for_update = False,
		stages = [
		],
	),
	access_package = AccessPackage(
		id = "a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b",
	),
)

result = await graph_client.identity_governance.entitlement_management.assignment_policies.post(request_body)

Respuesta

HTTP/1.1 201 Created
Content-Type: application/json

{
  "id": "87e1c7f7-c7f7-87e1-f7c7-e187f7c7e187",
  "displayName": "New policy",
  "description": "policy for assignment"
}

Ejemplo 2: Creación de una directiva para que los usuarios de otras organizaciones soliciten

En el ejemplo siguiente se muestra una directiva más compleja con dos fases de aprobación y revisiones periódicas de acceso.

Solicitud

POST https://graph.microsoft.com/v1.0/identityGovernance/entitlementManagement/assignmentPolicies
Content-Type: application/json

{
    "displayName": "policy for external access requests",
    "description": "policy for users from connected organizations to request access, with two stages of approval.",
    "allowedTargetScope": "allConfiguredConnectedOrganizationUsers",
    "specificAllowedTargets": [],
    "expiration": {
        "type": "noExpiration"
    },
    "requestorSettings": {
        "enableTargetsToSelfAddAccess": true,
        "enableTargetsToSelfUpdateAccess": true,
        "enableTargetsToSelfRemoveAccess": true,
        "allowCustomAssignmentSchedule": false,
        "enableOnBehalfRequestorsToAddAccess": false,
        "enableOnBehalfRequestorsToUpdateAccess": false,
        "enableOnBehalfRequestorsToRemoveAccess": false,
        "onBehalfRequestors": []
    },
    "requestApprovalSettings": {
        "isApprovalRequiredForAdd": true,
        "isApprovalRequiredForUpdate": false,
        "stages": [
            {
                "durationBeforeAutomaticDenial": "P14D",
                "isApproverJustificationRequired": false,
                "isEscalationEnabled": false,
                "durationBeforeEscalation": "PT0S",
                "primaryApprovers": [
                    {
                        "@odata.type": "#microsoft.graph.internalSponsors"
                    }
                ],
                "fallbackPrimaryApprovers": [
                    {
                        "@odata.type": "#microsoft.graph.singleUser",
                        "userId": "7deff43e-1f17-44ef-9e5f-d516b0ba11d4"
                    },
                    {
                        "@odata.type": "#microsoft.graph.groupMembers",
                        "groupId": "1623f912-5e86-41c2-af47-39dd67582b66"
                    }
                ],
                "escalationApprovers": [],
                "fallbackEscalationApprovers": []
            },
            {
                "durationBeforeAutomaticDenial": "P14D",
                "isApproverJustificationRequired": false,
                "isEscalationEnabled": false,
                "durationBeforeEscalation": "PT0S",
                "primaryApprovers": [],
                "fallbackPrimaryApprovers": [
                    {
                        "@odata.type": "#microsoft.graph.singleUser",
                        "userId": "46184453-e63b-4f20-86c2-c557ed5d5df9"
                    },
                    {
                        "@odata.type": "#microsoft.graph.groupMembers",
                        "groupId": "1623f912-5e86-41c2-af47-39dd67582b66"
                    }
                ],
                "escalationApprovers": [],
                "fallbackEscalationApprovers": []
            }
        ]
    },
    "reviewSettings": {
        "isEnabled": true,
        "expirationBehavior": "keepAccess",
        "isRecommendationEnabled": true,
        "isReviewerJustificationRequired": true,
        "isSelfReview": false,
        "schedule": {
            "startDateTime": "2022-07-02T06:59:59.998Z",
            "expiration": {
                "duration": "P14D",
                "type": "afterDuration"
            },
            "recurrence": {
                "pattern": {
                    "type": "absoluteMonthly",
                    "interval": 3,
                    "month": 0,
                    "dayOfMonth": 0,
                    "daysOfWeek": []
                },
                "range": {
                    "type": "noEnd",
                    "numberOfOccurrences": 0
                }
            }
        },
        "primaryReviewers": [
            {
                "@odata.type": "#microsoft.graph.groupMembers",
                "groupId": "1623f912-5e86-41c2-af47-39dd67582b66"
            }
        ],
        "fallbackReviewers": []
    },
    "accessPackage": {
        "id": "a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b"
    }
}


// Code snippets are only available for the latest version. Current version is 5.x

// Dependencies
using Microsoft.Graph.Models;

var requestBody = new AccessPackageAssignmentPolicy
{
	DisplayName = "policy for external access requests",
	Description = "policy for users from connected organizations to request access, with two stages of approval.",
	AllowedTargetScope = AllowedTargetScope.AllConfiguredConnectedOrganizationUsers,
	SpecificAllowedTargets = new List<SubjectSet>
	{
	},
	Expiration = new ExpirationPattern
	{
		Type = ExpirationPatternType.NoExpiration,
	},
	RequestorSettings = new AccessPackageAssignmentRequestorSettings
	{
		EnableTargetsToSelfAddAccess = true,
		EnableTargetsToSelfUpdateAccess = true,
		EnableTargetsToSelfRemoveAccess = true,
		AllowCustomAssignmentSchedule = false,
		EnableOnBehalfRequestorsToAddAccess = false,
		EnableOnBehalfRequestorsToUpdateAccess = false,
		EnableOnBehalfRequestorsToRemoveAccess = false,
		OnBehalfRequestors = new List<SubjectSet>
		{
		},
	},
	RequestApprovalSettings = new AccessPackageAssignmentApprovalSettings
	{
		IsApprovalRequiredForAdd = true,
		IsApprovalRequiredForUpdate = false,
		Stages = new List<AccessPackageApprovalStage>
		{
			new AccessPackageApprovalStage
			{
				DurationBeforeAutomaticDenial = TimeSpan.Parse("P14D"),
				IsApproverJustificationRequired = false,
				IsEscalationEnabled = false,
				DurationBeforeEscalation = TimeSpan.Parse("PT0S"),
				PrimaryApprovers = new List<SubjectSet>
				{
					new InternalSponsors
					{
						OdataType = "#microsoft.graph.internalSponsors",
					},
				},
				FallbackPrimaryApprovers = new List<SubjectSet>
				{
					new SingleUser
					{
						OdataType = "#microsoft.graph.singleUser",
						UserId = "7deff43e-1f17-44ef-9e5f-d516b0ba11d4",
					},
					new GroupMembers
					{
						OdataType = "#microsoft.graph.groupMembers",
						GroupId = "1623f912-5e86-41c2-af47-39dd67582b66",
					},
				},
				EscalationApprovers = new List<SubjectSet>
				{
				},
				FallbackEscalationApprovers = new List<SubjectSet>
				{
				},
			},
			new AccessPackageApprovalStage
			{
				DurationBeforeAutomaticDenial = TimeSpan.Parse("P14D"),
				IsApproverJustificationRequired = false,
				IsEscalationEnabled = false,
				DurationBeforeEscalation = TimeSpan.Parse("PT0S"),
				PrimaryApprovers = new List<SubjectSet>
				{
				},
				FallbackPrimaryApprovers = new List<SubjectSet>
				{
					new SingleUser
					{
						OdataType = "#microsoft.graph.singleUser",
						UserId = "46184453-e63b-4f20-86c2-c557ed5d5df9",
					},
					new GroupMembers
					{
						OdataType = "#microsoft.graph.groupMembers",
						GroupId = "1623f912-5e86-41c2-af47-39dd67582b66",
					},
				},
				EscalationApprovers = new List<SubjectSet>
				{
				},
				FallbackEscalationApprovers = new List<SubjectSet>
				{
				},
			},
		},
	},
	ReviewSettings = new AccessPackageAssignmentReviewSettings
	{
		IsEnabled = true,
		ExpirationBehavior = AccessReviewExpirationBehavior.KeepAccess,
		IsRecommendationEnabled = true,
		IsReviewerJustificationRequired = true,
		IsSelfReview = false,
		Schedule = new EntitlementManagementSchedule
		{
			StartDateTime = DateTimeOffset.Parse("2022-07-02T06:59:59.998Z"),
			Expiration = new ExpirationPattern
			{
				Duration = TimeSpan.Parse("P14D"),
				Type = ExpirationPatternType.AfterDuration,
			},
			Recurrence = new PatternedRecurrence
			{
				Pattern = new RecurrencePattern
				{
					Type = RecurrencePatternType.AbsoluteMonthly,
					Interval = 3,
					Month = 0,
					DayOfMonth = 0,
					DaysOfWeek = new List<DayOfWeekObject>
					{
					},
				},
				Range = new RecurrenceRange
				{
					Type = RecurrenceRangeType.NoEnd,
					NumberOfOccurrences = 0,
				},
			},
		},
		PrimaryReviewers = new List<SubjectSet>
		{
			new GroupMembers
			{
				OdataType = "#microsoft.graph.groupMembers",
				GroupId = "1623f912-5e86-41c2-af47-39dd67582b66",
			},
		},
		FallbackReviewers = new List<SubjectSet>
		{
		},
	},
	AccessPackage = new AccessPackage
	{
		Id = "a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b",
	},
};

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.EntitlementManagement.AssignmentPolicies.PostAsync(requestBody);



mgc identity-governance entitlement-management assignment-policies create --body '{\
    "displayName": "policy for external access requests",\
    "description": "policy for users from connected organizations to request access, with two stages of approval.",\
    "allowedTargetScope": "allConfiguredConnectedOrganizationUsers",\
    "specificAllowedTargets": [],\
    "expiration": {\
        "type": "noExpiration"\
    },\
    "requestorSettings": {\
        "enableTargetsToSelfAddAccess": true,\
        "enableTargetsToSelfUpdateAccess": true,\
        "enableTargetsToSelfRemoveAccess": true,\
        "allowCustomAssignmentSchedule": false,\
        "enableOnBehalfRequestorsToAddAccess": false,\
        "enableOnBehalfRequestorsToUpdateAccess": false,\
        "enableOnBehalfRequestorsToRemoveAccess": false,\
        "onBehalfRequestors": []\
    },\
    "requestApprovalSettings": {\
        "isApprovalRequiredForAdd": true,\
        "isApprovalRequiredForUpdate": false,\
        "stages": [\
            {\
                "durationBeforeAutomaticDenial": "P14D",\
                "isApproverJustificationRequired": false,\
                "isEscalationEnabled": false,\
                "durationBeforeEscalation": "PT0S",\
                "primaryApprovers": [\
                    {\
                        "@odata.type": "#microsoft.graph.internalSponsors"\
                    }\
                ],\
                "fallbackPrimaryApprovers": [\
                    {\
                        "@odata.type": "#microsoft.graph.singleUser",\
                        "userId": "7deff43e-1f17-44ef-9e5f-d516b0ba11d4"\
                    },\
                    {\
                        "@odata.type": "#microsoft.graph.groupMembers",\
                        "groupId": "1623f912-5e86-41c2-af47-39dd67582b66"\
                    }\
                ],\
                "escalationApprovers": [],\
                "fallbackEscalationApprovers": []\
            },\
            {\
                "durationBeforeAutomaticDenial": "P14D",\
                "isApproverJustificationRequired": false,\
                "isEscalationEnabled": false,\
                "durationBeforeEscalation": "PT0S",\
                "primaryApprovers": [],\
                "fallbackPrimaryApprovers": [\
                    {\
                        "@odata.type": "#microsoft.graph.singleUser",\
                        "userId": "46184453-e63b-4f20-86c2-c557ed5d5df9"\
                    },\
                    {\
                        "@odata.type": "#microsoft.graph.groupMembers",\
                        "groupId": "1623f912-5e86-41c2-af47-39dd67582b66"\
                    }\
                ],\
                "escalationApprovers": [],\
                "fallbackEscalationApprovers": []\
            }\
        ]\
    },\
    "reviewSettings": {\
        "isEnabled": true,\
        "expirationBehavior": "keepAccess",\
        "isRecommendationEnabled": true,\
        "isReviewerJustificationRequired": true,\
        "isSelfReview": false,\
        "schedule": {\
            "startDateTime": "2022-07-02T06:59:59.998Z",\
            "expiration": {\
                "duration": "P14D",\
                "type": "afterDuration"\
            },\
            "recurrence": {\
                "pattern": {\
                    "type": "absoluteMonthly",\
                    "interval": 3,\
                    "month": 0,\
                    "dayOfMonth": 0,\
                    "daysOfWeek": []\
                },\
                "range": {\
                    "type": "noEnd",\
                    "numberOfOccurrences": 0\
                }\
            }\
        },\
        "primaryReviewers": [\
            {\
                "@odata.type": "#microsoft.graph.groupMembers",\
                "groupId": "1623f912-5e86-41c2-af47-39dd67582b66"\
            }\
        ],\
        "fallbackReviewers": []\
    },\
    "accessPackage": {\
        "id": "a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b"\
    }\
}\
'



// Code snippets are only available for the latest major version. Current major version is $v1.*

// Dependencies
import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
	  graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
	  //other-imports
)

requestBody := graphmodels.NewAccessPackageAssignmentPolicy()
displayName := "policy for external access requests"
requestBody.SetDisplayName(&displayName) 
description := "policy for users from connected organizations to request access, with two stages of approval."
requestBody.SetDescription(&description) 
allowedTargetScope := graphmodels.ALLCONFIGUREDCONNECTEDORGANIZATIONUSERS_ALLOWEDTARGETSCOPE 
requestBody.SetAllowedTargetScope(&allowedTargetScope) 
specificAllowedTargets := []graphmodels.SubjectSetable {

}
requestBody.SetSpecificAllowedTargets(specificAllowedTargets)
expiration := graphmodels.NewExpirationPattern()
type := graphmodels.NOEXPIRATION_EXPIRATIONPATTERNTYPE 
expiration.SetType(&type) 
requestBody.SetExpiration(expiration)
requestorSettings := graphmodels.NewAccessPackageAssignmentRequestorSettings()
enableTargetsToSelfAddAccess := true
requestorSettings.SetEnableTargetsToSelfAddAccess(&enableTargetsToSelfAddAccess) 
enableTargetsToSelfUpdateAccess := true
requestorSettings.SetEnableTargetsToSelfUpdateAccess(&enableTargetsToSelfUpdateAccess) 
enableTargetsToSelfRemoveAccess := true
requestorSettings.SetEnableTargetsToSelfRemoveAccess(&enableTargetsToSelfRemoveAccess) 
allowCustomAssignmentSchedule := false
requestorSettings.SetAllowCustomAssignmentSchedule(&allowCustomAssignmentSchedule) 
enableOnBehalfRequestorsToAddAccess := false
requestorSettings.SetEnableOnBehalfRequestorsToAddAccess(&enableOnBehalfRequestorsToAddAccess) 
enableOnBehalfRequestorsToUpdateAccess := false
requestorSettings.SetEnableOnBehalfRequestorsToUpdateAccess(&enableOnBehalfRequestorsToUpdateAccess) 
enableOnBehalfRequestorsToRemoveAccess := false
requestorSettings.SetEnableOnBehalfRequestorsToRemoveAccess(&enableOnBehalfRequestorsToRemoveAccess) 
onBehalfRequestors := []graphmodels.SubjectSetable {

}
requestorSettings.SetOnBehalfRequestors(onBehalfRequestors)
requestBody.SetRequestorSettings(requestorSettings)
requestApprovalSettings := graphmodels.NewAccessPackageAssignmentApprovalSettings()
isApprovalRequiredForAdd := true
requestApprovalSettings.SetIsApprovalRequiredForAdd(&isApprovalRequiredForAdd) 
isApprovalRequiredForUpdate := false
requestApprovalSettings.SetIsApprovalRequiredForUpdate(&isApprovalRequiredForUpdate) 


accessPackageApprovalStage := graphmodels.NewAccessPackageApprovalStage()
durationBeforeAutomaticDenial , err := abstractions.ParseISODuration("P14D")
accessPackageApprovalStage.SetDurationBeforeAutomaticDenial(&durationBeforeAutomaticDenial) 
isApproverJustificationRequired := false
accessPackageApprovalStage.SetIsApproverJustificationRequired(&isApproverJustificationRequired) 
isEscalationEnabled := false
accessPackageApprovalStage.SetIsEscalationEnabled(&isEscalationEnabled) 
durationBeforeEscalation , err := abstractions.ParseISODuration("PT0S")
accessPackageApprovalStage.SetDurationBeforeEscalation(&durationBeforeEscalation) 


subjectSet := graphmodels.NewInternalSponsors()

primaryApprovers := []graphmodels.SubjectSetable {
	subjectSet,
}
accessPackageApprovalStage.SetPrimaryApprovers(primaryApprovers)


subjectSet := graphmodels.NewSingleUser()
userId := "7deff43e-1f17-44ef-9e5f-d516b0ba11d4"
subjectSet.SetUserId(&userId) 
subjectSet1 := graphmodels.NewGroupMembers()
groupId := "1623f912-5e86-41c2-af47-39dd67582b66"
subjectSet1.SetGroupId(&groupId) 

fallbackPrimaryApprovers := []graphmodels.SubjectSetable {
	subjectSet,
	subjectSet1,
}
accessPackageApprovalStage.SetFallbackPrimaryApprovers(fallbackPrimaryApprovers)
escalationApprovers := []graphmodels.SubjectSetable {

}
accessPackageApprovalStage.SetEscalationApprovers(escalationApprovers)
fallbackEscalationApprovers := []graphmodels.SubjectSetable {

}
accessPackageApprovalStage.SetFallbackEscalationApprovers(fallbackEscalationApprovers)
accessPackageApprovalStage1 := graphmodels.NewAccessPackageApprovalStage()
durationBeforeAutomaticDenial , err := abstractions.ParseISODuration("P14D")
accessPackageApprovalStage1.SetDurationBeforeAutomaticDenial(&durationBeforeAutomaticDenial) 
isApproverJustificationRequired := false
accessPackageApprovalStage1.SetIsApproverJustificationRequired(&isApproverJustificationRequired) 
isEscalationEnabled := false
accessPackageApprovalStage1.SetIsEscalationEnabled(&isEscalationEnabled) 
durationBeforeEscalation , err := abstractions.ParseISODuration("PT0S")
accessPackageApprovalStage1.SetDurationBeforeEscalation(&durationBeforeEscalation) 
primaryApprovers := []graphmodels.SubjectSetable {

}
accessPackageApprovalStage1.SetPrimaryApprovers(primaryApprovers)


subjectSet := graphmodels.NewSingleUser()
userId := "46184453-e63b-4f20-86c2-c557ed5d5df9"
subjectSet.SetUserId(&userId) 
subjectSet1 := graphmodels.NewGroupMembers()
groupId := "1623f912-5e86-41c2-af47-39dd67582b66"
subjectSet1.SetGroupId(&groupId) 

fallbackPrimaryApprovers := []graphmodels.SubjectSetable {
	subjectSet,
	subjectSet1,
}
accessPackageApprovalStage1.SetFallbackPrimaryApprovers(fallbackPrimaryApprovers)
escalationApprovers := []graphmodels.SubjectSetable {

}
accessPackageApprovalStage1.SetEscalationApprovers(escalationApprovers)
fallbackEscalationApprovers := []graphmodels.SubjectSetable {

}
accessPackageApprovalStage1.SetFallbackEscalationApprovers(fallbackEscalationApprovers)

stages := []graphmodels.AccessPackageApprovalStageable {
	accessPackageApprovalStage,
	accessPackageApprovalStage1,
}
requestApprovalSettings.SetStages(stages)
requestBody.SetRequestApprovalSettings(requestApprovalSettings)
reviewSettings := graphmodels.NewAccessPackageAssignmentReviewSettings()
isEnabled := true
reviewSettings.SetIsEnabled(&isEnabled) 
expirationBehavior := graphmodels.KEEPACCESS_ACCESSREVIEWEXPIRATIONBEHAVIOR 
reviewSettings.SetExpirationBehavior(&expirationBehavior) 
isRecommendationEnabled := true
reviewSettings.SetIsRecommendationEnabled(&isRecommendationEnabled) 
isReviewerJustificationRequired := true
reviewSettings.SetIsReviewerJustificationRequired(&isReviewerJustificationRequired) 
isSelfReview := false
reviewSettings.SetIsSelfReview(&isSelfReview) 
schedule := graphmodels.NewEntitlementManagementSchedule()
startDateTime , err := time.Parse(time.RFC3339, "2022-07-02T06:59:59.998Z")
schedule.SetStartDateTime(&startDateTime) 
expiration := graphmodels.NewExpirationPattern()
duration , err := abstractions.ParseISODuration("P14D")
expiration.SetDuration(&duration) 
type := graphmodels.AFTERDURATION_EXPIRATIONPATTERNTYPE 
expiration.SetType(&type) 
schedule.SetExpiration(expiration)
recurrence := graphmodels.NewPatternedRecurrence()
pattern := graphmodels.NewRecurrencePattern()
type := graphmodels.ABSOLUTEMONTHLY_RECURRENCEPATTERNTYPE 
pattern.SetType(&type) 
interval := int32(3)
pattern.SetInterval(&interval) 
month := int32(0)
pattern.SetMonth(&month) 
dayOfMonth := int32(0)
pattern.SetDayOfMonth(&dayOfMonth) 
daysOfWeek := []graphmodels.DayOfWeekable {

}
pattern.SetDaysOfWeek(daysOfWeek)
recurrence.SetPattern(pattern)
range := graphmodels.NewRecurrenceRange()
type := graphmodels.NOEND_RECURRENCERANGETYPE 
range.SetType(&type) 
numberOfOccurrences := int32(0)
range.SetNumberOfOccurrences(&numberOfOccurrences) 
recurrence.SetRange(range)
schedule.SetRecurrence(recurrence)
reviewSettings.SetSchedule(schedule)


subjectSet := graphmodels.NewGroupMembers()
groupId := "1623f912-5e86-41c2-af47-39dd67582b66"
subjectSet.SetGroupId(&groupId) 

primaryReviewers := []graphmodels.SubjectSetable {
	subjectSet,
}
reviewSettings.SetPrimaryReviewers(primaryReviewers)
fallbackReviewers := []graphmodels.SubjectSetable {

}
reviewSettings.SetFallbackReviewers(fallbackReviewers)
requestBody.SetReviewSettings(reviewSettings)
accessPackage := graphmodels.NewAccessPackage()
id := "a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b"
accessPackage.SetId(&id) 
requestBody.SetAccessPackage(accessPackage)

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
assignmentPolicies, err := graphClient.IdentityGovernance().EntitlementManagement().AssignmentPolicies().Post(context.Background(), requestBody, nil)


// Code snippets are only available for the latest version. Current version is 6.x

GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);

AccessPackageAssignmentPolicy accessPackageAssignmentPolicy = new AccessPackageAssignmentPolicy();
accessPackageAssignmentPolicy.setDisplayName("policy for external access requests");
accessPackageAssignmentPolicy.setDescription("policy for users from connected organizations to request access, with two stages of approval.");
accessPackageAssignmentPolicy.setAllowedTargetScope(AllowedTargetScope.AllConfiguredConnectedOrganizationUsers);
LinkedList<SubjectSet> specificAllowedTargets = new LinkedList<SubjectSet>();
accessPackageAssignmentPolicy.setSpecificAllowedTargets(specificAllowedTargets);
ExpirationPattern expiration = new ExpirationPattern();
expiration.setType(ExpirationPatternType.NoExpiration);
accessPackageAssignmentPolicy.setExpiration(expiration);
AccessPackageAssignmentRequestorSettings requestorSettings = new AccessPackageAssignmentRequestorSettings();
requestorSettings.setEnableTargetsToSelfAddAccess(true);
requestorSettings.setEnableTargetsToSelfUpdateAccess(true);
requestorSettings.setEnableTargetsToSelfRemoveAccess(true);
requestorSettings.setAllowCustomAssignmentSchedule(false);
requestorSettings.setEnableOnBehalfRequestorsToAddAccess(false);
requestorSettings.setEnableOnBehalfRequestorsToUpdateAccess(false);
requestorSettings.setEnableOnBehalfRequestorsToRemoveAccess(false);
LinkedList<SubjectSet> onBehalfRequestors = new LinkedList<SubjectSet>();
requestorSettings.setOnBehalfRequestors(onBehalfRequestors);
accessPackageAssignmentPolicy.setRequestorSettings(requestorSettings);
AccessPackageAssignmentApprovalSettings requestApprovalSettings = new AccessPackageAssignmentApprovalSettings();
requestApprovalSettings.setIsApprovalRequiredForAdd(true);
requestApprovalSettings.setIsApprovalRequiredForUpdate(false);
LinkedList<AccessPackageApprovalStage> stages = new LinkedList<AccessPackageApprovalStage>();
AccessPackageApprovalStage accessPackageApprovalStage = new AccessPackageApprovalStage();
PeriodAndDuration durationBeforeAutomaticDenial = PeriodAndDuration.ofDuration(Duration.parse("P14D"));
accessPackageApprovalStage.setDurationBeforeAutomaticDenial(durationBeforeAutomaticDenial);
accessPackageApprovalStage.setIsApproverJustificationRequired(false);
accessPackageApprovalStage.setIsEscalationEnabled(false);
PeriodAndDuration durationBeforeEscalation = PeriodAndDuration.ofDuration(Duration.parse("PT0S"));
accessPackageApprovalStage.setDurationBeforeEscalation(durationBeforeEscalation);
LinkedList<SubjectSet> primaryApprovers = new LinkedList<SubjectSet>();
InternalSponsors subjectSet = new InternalSponsors();
subjectSet.setOdataType("#microsoft.graph.internalSponsors");
primaryApprovers.add(subjectSet);
accessPackageApprovalStage.setPrimaryApprovers(primaryApprovers);
LinkedList<SubjectSet> fallbackPrimaryApprovers = new LinkedList<SubjectSet>();
SingleUser subjectSet1 = new SingleUser();
subjectSet1.setOdataType("#microsoft.graph.singleUser");
subjectSet1.setUserId("7deff43e-1f17-44ef-9e5f-d516b0ba11d4");
fallbackPrimaryApprovers.add(subjectSet1);
GroupMembers subjectSet2 = new GroupMembers();
subjectSet2.setOdataType("#microsoft.graph.groupMembers");
subjectSet2.setGroupId("1623f912-5e86-41c2-af47-39dd67582b66");
fallbackPrimaryApprovers.add(subjectSet2);
accessPackageApprovalStage.setFallbackPrimaryApprovers(fallbackPrimaryApprovers);
LinkedList<SubjectSet> escalationApprovers = new LinkedList<SubjectSet>();
accessPackageApprovalStage.setEscalationApprovers(escalationApprovers);
LinkedList<SubjectSet> fallbackEscalationApprovers = new LinkedList<SubjectSet>();
accessPackageApprovalStage.setFallbackEscalationApprovers(fallbackEscalationApprovers);
stages.add(accessPackageApprovalStage);
AccessPackageApprovalStage accessPackageApprovalStage1 = new AccessPackageApprovalStage();
PeriodAndDuration durationBeforeAutomaticDenial1 = PeriodAndDuration.ofDuration(Duration.parse("P14D"));
accessPackageApprovalStage1.setDurationBeforeAutomaticDenial(durationBeforeAutomaticDenial1);
accessPackageApprovalStage1.setIsApproverJustificationRequired(false);
accessPackageApprovalStage1.setIsEscalationEnabled(false);
PeriodAndDuration durationBeforeEscalation1 = PeriodAndDuration.ofDuration(Duration.parse("PT0S"));
accessPackageApprovalStage1.setDurationBeforeEscalation(durationBeforeEscalation1);
LinkedList<SubjectSet> primaryApprovers1 = new LinkedList<SubjectSet>();
accessPackageApprovalStage1.setPrimaryApprovers(primaryApprovers1);
LinkedList<SubjectSet> fallbackPrimaryApprovers1 = new LinkedList<SubjectSet>();
SingleUser subjectSet3 = new SingleUser();
subjectSet3.setOdataType("#microsoft.graph.singleUser");
subjectSet3.setUserId("46184453-e63b-4f20-86c2-c557ed5d5df9");
fallbackPrimaryApprovers1.add(subjectSet3);
GroupMembers subjectSet4 = new GroupMembers();
subjectSet4.setOdataType("#microsoft.graph.groupMembers");
subjectSet4.setGroupId("1623f912-5e86-41c2-af47-39dd67582b66");
fallbackPrimaryApprovers1.add(subjectSet4);
accessPackageApprovalStage1.setFallbackPrimaryApprovers(fallbackPrimaryApprovers1);
LinkedList<SubjectSet> escalationApprovers1 = new LinkedList<SubjectSet>();
accessPackageApprovalStage1.setEscalationApprovers(escalationApprovers1);
LinkedList<SubjectSet> fallbackEscalationApprovers1 = new LinkedList<SubjectSet>();
accessPackageApprovalStage1.setFallbackEscalationApprovers(fallbackEscalationApprovers1);
stages.add(accessPackageApprovalStage1);
requestApprovalSettings.setStages(stages);
accessPackageAssignmentPolicy.setRequestApprovalSettings(requestApprovalSettings);
AccessPackageAssignmentReviewSettings reviewSettings = new AccessPackageAssignmentReviewSettings();
reviewSettings.setIsEnabled(true);
reviewSettings.setExpirationBehavior(AccessReviewExpirationBehavior.KeepAccess);
reviewSettings.setIsRecommendationEnabled(true);
reviewSettings.setIsReviewerJustificationRequired(true);
reviewSettings.setIsSelfReview(false);
EntitlementManagementSchedule schedule = new EntitlementManagementSchedule();
OffsetDateTime startDateTime = OffsetDateTime.parse("2022-07-02T06:59:59.998Z");
schedule.setStartDateTime(startDateTime);
ExpirationPattern expiration1 = new ExpirationPattern();
PeriodAndDuration duration = PeriodAndDuration.ofDuration(Duration.parse("P14D"));
expiration1.setDuration(duration);
expiration1.setType(ExpirationPatternType.AfterDuration);
schedule.setExpiration(expiration1);
PatternedRecurrence recurrence = new PatternedRecurrence();
RecurrencePattern pattern = new RecurrencePattern();
pattern.setType(RecurrencePatternType.AbsoluteMonthly);
pattern.setInterval(3);
pattern.setMonth(0);
pattern.setDayOfMonth(0);
LinkedList<DayOfWeek> daysOfWeek = new LinkedList<DayOfWeek>();
pattern.setDaysOfWeek(daysOfWeek);
recurrence.setPattern(pattern);
RecurrenceRange range = new RecurrenceRange();
range.setType(RecurrenceRangeType.NoEnd);
range.setNumberOfOccurrences(0);
recurrence.setRange(range);
schedule.setRecurrence(recurrence);
reviewSettings.setSchedule(schedule);
LinkedList<SubjectSet> primaryReviewers = new LinkedList<SubjectSet>();
GroupMembers subjectSet5 = new GroupMembers();
subjectSet5.setOdataType("#microsoft.graph.groupMembers");
subjectSet5.setGroupId("1623f912-5e86-41c2-af47-39dd67582b66");
primaryReviewers.add(subjectSet5);
reviewSettings.setPrimaryReviewers(primaryReviewers);
LinkedList<SubjectSet> fallbackReviewers = new LinkedList<SubjectSet>();
reviewSettings.setFallbackReviewers(fallbackReviewers);
accessPackageAssignmentPolicy.setReviewSettings(reviewSettings);
AccessPackage accessPackage = new AccessPackage();
accessPackage.setId("a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b");
accessPackageAssignmentPolicy.setAccessPackage(accessPackage);
AccessPackageAssignmentPolicy result = graphClient.identityGovernance().entitlementManagement().assignmentPolicies().post(accessPackageAssignmentPolicy);


const options = {
	authProvider,
};

const client = Client.init(options);

const accessPackageAssignmentPolicy = {
    displayName: 'policy for external access requests',
    description: 'policy for users from connected organizations to request access, with two stages of approval.',
    allowedTargetScope: 'allConfiguredConnectedOrganizationUsers',
    specificAllowedTargets: [],
    expiration: {
        type: 'noExpiration'
    },
    requestorSettings: {
        enableTargetsToSelfAddAccess: true,
        enableTargetsToSelfUpdateAccess: true,
        enableTargetsToSelfRemoveAccess: true,
        allowCustomAssignmentSchedule: false,
        enableOnBehalfRequestorsToAddAccess: false,
        enableOnBehalfRequestorsToUpdateAccess: false,
        enableOnBehalfRequestorsToRemoveAccess: false,
        onBehalfRequestors: []
    },
    requestApprovalSettings: {
        isApprovalRequiredForAdd: true,
        isApprovalRequiredForUpdate: false,
        stages: [
            {
                durationBeforeAutomaticDenial: 'P14D',
                isApproverJustificationRequired: false,
                isEscalationEnabled: false,
                durationBeforeEscalation: 'PT0S',
                primaryApprovers: [
                    {
                        '@odata.type': '#microsoft.graph.internalSponsors'
                    }
                ],
                fallbackPrimaryApprovers: [
                    {
                        '@odata.type': '#microsoft.graph.singleUser',
                        userId: '7deff43e-1f17-44ef-9e5f-d516b0ba11d4'
                    },
                    {
                        '@odata.type': '#microsoft.graph.groupMembers',
                        groupId: '1623f912-5e86-41c2-af47-39dd67582b66'
                    }
                ],
                escalationApprovers: [],
                fallbackEscalationApprovers: []
            },
            {
                durationBeforeAutomaticDenial: 'P14D',
                isApproverJustificationRequired: false,
                isEscalationEnabled: false,
                durationBeforeEscalation: 'PT0S',
                primaryApprovers: [],
                fallbackPrimaryApprovers: [
                    {
                        '@odata.type': '#microsoft.graph.singleUser',
                        userId: '46184453-e63b-4f20-86c2-c557ed5d5df9'
                    },
                    {
                        '@odata.type': '#microsoft.graph.groupMembers',
                        groupId: '1623f912-5e86-41c2-af47-39dd67582b66'
                    }
                ],
                escalationApprovers: [],
                fallbackEscalationApprovers: []
            }
        ]
    },
    reviewSettings: {
        isEnabled: true,
        expirationBehavior: 'keepAccess',
        isRecommendationEnabled: true,
        isReviewerJustificationRequired: true,
        isSelfReview: false,
        schedule: {
            startDateTime: '2022-07-02T06:59:59.998Z',
            expiration: {
                duration: 'P14D',
                type: 'afterDuration'
            },
            recurrence: {
                pattern: {
                    type: 'absoluteMonthly',
                    interval: 3,
                    month: 0,
                    dayOfMonth: 0,
                    daysOfWeek: []
                },
                range: {
                    type: 'noEnd',
                    numberOfOccurrences: 0
                }
            }
        },
        primaryReviewers: [
            {
                '@odata.type': '#microsoft.graph.groupMembers',
                groupId: '1623f912-5e86-41c2-af47-39dd67582b66'
            }
        ],
        fallbackReviewers: []
    },
    accessPackage: {
        id: 'a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b'
    }
};

await client.api('/identityGovernance/entitlementManagement/assignmentPolicies')
	.post(accessPackageAssignmentPolicy);


<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\AccessPackageAssignmentPolicy;
use Microsoft\Graph\Generated\Models\AllowedTargetScope;
use Microsoft\Graph\Generated\Models\SubjectSet;
use Microsoft\Graph\Generated\Models\ExpirationPattern;
use Microsoft\Graph\Generated\Models\ExpirationPatternType;
use Microsoft\Graph\Generated\Models\AccessPackageAssignmentRequestorSettings;
use Microsoft\Graph\Generated\Models\AccessPackageAssignmentApprovalSettings;
use Microsoft\Graph\Generated\Models\AccessPackageApprovalStage;
use Microsoft\Graph\Generated\Models\InternalSponsors;
use Microsoft\Graph\Generated\Models\SingleUser;
use Microsoft\Graph\Generated\Models\GroupMembers;
use Microsoft\Graph\Generated\Models\AccessPackageAssignmentReviewSettings;
use Microsoft\Graph\Generated\Models\AccessReviewExpirationBehavior;
use Microsoft\Graph\Generated\Models\EntitlementManagementSchedule;
use Microsoft\Graph\Generated\Models\PatternedRecurrence;
use Microsoft\Graph\Generated\Models\RecurrencePattern;
use Microsoft\Graph\Generated\Models\RecurrencePatternType;
use Microsoft\Graph\Generated\Models\DayOfWeek;
use Microsoft\Graph\Generated\Models\RecurrenceRange;
use Microsoft\Graph\Generated\Models\RecurrenceRangeType;
use Microsoft\Graph\Generated\Models\AccessPackage;


$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);

$requestBody = new AccessPackageAssignmentPolicy();
$requestBody->setDisplayName('policy for external access requests');
$requestBody->setDescription('policy for users from connected organizations to request access, with two stages of approval.');
$requestBody->setAllowedTargetScope(new AllowedTargetScope('allConfiguredConnectedOrganizationUsers'));
$requestBody->setSpecificAllowedTargets([	]);
$expiration = new ExpirationPattern();
$expiration->setType(new ExpirationPatternType('noExpiration'));
$requestBody->setExpiration($expiration);
$requestorSettings = new AccessPackageAssignmentRequestorSettings();
$requestorSettings->setEnableTargetsToSelfAddAccess(true);
$requestorSettings->setEnableTargetsToSelfUpdateAccess(true);
$requestorSettings->setEnableTargetsToSelfRemoveAccess(true);
$requestorSettings->setAllowCustomAssignmentSchedule(false);
$requestorSettings->setEnableOnBehalfRequestorsToAddAccess(false);
$requestorSettings->setEnableOnBehalfRequestorsToUpdateAccess(false);
$requestorSettings->setEnableOnBehalfRequestorsToRemoveAccess(false);
$requestorSettings->setOnBehalfRequestors([	]);
$requestBody->setRequestorSettings($requestorSettings);
$requestApprovalSettings = new AccessPackageAssignmentApprovalSettings();
$requestApprovalSettings->setIsApprovalRequiredForAdd(true);
$requestApprovalSettings->setIsApprovalRequiredForUpdate(false);
$stagesAccessPackageApprovalStage1 = new AccessPackageApprovalStage();
$stagesAccessPackageApprovalStage1->setDurationBeforeAutomaticDenial(new \DateInterval('P14D'));
$stagesAccessPackageApprovalStage1->setIsApproverJustificationRequired(false);
$stagesAccessPackageApprovalStage1->setIsEscalationEnabled(false);
$stagesAccessPackageApprovalStage1->setDurationBeforeEscalation(new \DateInterval('PT0S'));
$primaryApproversSubjectSet1 = new InternalSponsors();
$primaryApproversSubjectSet1->setOdataType('#microsoft.graph.internalSponsors');
$primaryApproversArray []= $primaryApproversSubjectSet1;
$stagesAccessPackageApprovalStage1->setPrimaryApprovers($primaryApproversArray);

$fallbackPrimaryApproversSubjectSet1 = new SingleUser();
$fallbackPrimaryApproversSubjectSet1->setOdataType('#microsoft.graph.singleUser');
$fallbackPrimaryApproversSubjectSet1->setUserId('7deff43e-1f17-44ef-9e5f-d516b0ba11d4');
$fallbackPrimaryApproversArray []= $fallbackPrimaryApproversSubjectSet1;
$fallbackPrimaryApproversSubjectSet2 = new GroupMembers();
$fallbackPrimaryApproversSubjectSet2->setOdataType('#microsoft.graph.groupMembers');
$fallbackPrimaryApproversSubjectSet2->setGroupId('1623f912-5e86-41c2-af47-39dd67582b66');
$fallbackPrimaryApproversArray []= $fallbackPrimaryApproversSubjectSet2;
$stagesAccessPackageApprovalStage1->setFallbackPrimaryApprovers($fallbackPrimaryApproversArray);

$stagesAccessPackageApprovalStage1->setEscalationApprovers([]);
$stagesAccessPackageApprovalStage1->setFallbackEscalationApprovers([]);
$stagesArray []= $stagesAccessPackageApprovalStage1;
$stagesAccessPackageApprovalStage2 = new AccessPackageApprovalStage();
$stagesAccessPackageApprovalStage2->setDurationBeforeAutomaticDenial(new \DateInterval('P14D'));
$stagesAccessPackageApprovalStage2->setIsApproverJustificationRequired(false);
$stagesAccessPackageApprovalStage2->setIsEscalationEnabled(false);
$stagesAccessPackageApprovalStage2->setDurationBeforeEscalation(new \DateInterval('PT0S'));
$stagesAccessPackageApprovalStage2->setPrimaryApprovers([]);
$fallbackPrimaryApproversSubjectSet1 = new SingleUser();
$fallbackPrimaryApproversSubjectSet1->setOdataType('#microsoft.graph.singleUser');
$fallbackPrimaryApproversSubjectSet1->setUserId('46184453-e63b-4f20-86c2-c557ed5d5df9');
$fallbackPrimaryApproversArray []= $fallbackPrimaryApproversSubjectSet1;
$fallbackPrimaryApproversSubjectSet2 = new GroupMembers();
$fallbackPrimaryApproversSubjectSet2->setOdataType('#microsoft.graph.groupMembers');
$fallbackPrimaryApproversSubjectSet2->setGroupId('1623f912-5e86-41c2-af47-39dd67582b66');
$fallbackPrimaryApproversArray []= $fallbackPrimaryApproversSubjectSet2;
$stagesAccessPackageApprovalStage2->setFallbackPrimaryApprovers($fallbackPrimaryApproversArray);

$stagesAccessPackageApprovalStage2->setEscalationApprovers([]);
$stagesAccessPackageApprovalStage2->setFallbackEscalationApprovers([]);
$stagesArray []= $stagesAccessPackageApprovalStage2;
$requestApprovalSettings->setStages($stagesArray);

$requestBody->setRequestApprovalSettings($requestApprovalSettings);
$reviewSettings = new AccessPackageAssignmentReviewSettings();
$reviewSettings->setIsEnabled(true);
$reviewSettings->setExpirationBehavior(new AccessReviewExpirationBehavior('keepAccess'));
$reviewSettings->setIsRecommendationEnabled(true);
$reviewSettings->setIsReviewerJustificationRequired(true);
$reviewSettings->setIsSelfReview(false);
$reviewSettingsSchedule = new EntitlementManagementSchedule();
$reviewSettingsSchedule->setStartDateTime(new \DateTime('2022-07-02T06:59:59.998Z'));
$reviewSettingsScheduleExpiration = new ExpirationPattern();
$reviewSettingsScheduleExpiration->setDuration(new \DateInterval('P14D'));
$reviewSettingsScheduleExpiration->setType(new ExpirationPatternType('afterDuration'));
$reviewSettingsSchedule->setExpiration($reviewSettingsScheduleExpiration);
$reviewSettingsScheduleRecurrence = new PatternedRecurrence();
$reviewSettingsScheduleRecurrencePattern = new RecurrencePattern();
$reviewSettingsScheduleRecurrencePattern->setType(new RecurrencePatternType('absoluteMonthly'));
$reviewSettingsScheduleRecurrencePattern->setInterval(3);
$reviewSettingsScheduleRecurrencePattern->setMonth(0);
$reviewSettingsScheduleRecurrencePattern->setDayOfMonth(0);
$reviewSettingsScheduleRecurrencePattern->setDaysOfWeek([]);
$reviewSettingsScheduleRecurrence->setPattern($reviewSettingsScheduleRecurrencePattern);
$reviewSettingsScheduleRecurrenceRange = new RecurrenceRange();
$reviewSettingsScheduleRecurrenceRange->setType(new RecurrenceRangeType('noEnd'));
$reviewSettingsScheduleRecurrenceRange->setNumberOfOccurrences(0);
$reviewSettingsScheduleRecurrence->setRange($reviewSettingsScheduleRecurrenceRange);
$reviewSettingsSchedule->setRecurrence($reviewSettingsScheduleRecurrence);
$reviewSettings->setSchedule($reviewSettingsSchedule);
$primaryReviewersSubjectSet1 = new GroupMembers();
$primaryReviewersSubjectSet1->setOdataType('#microsoft.graph.groupMembers');
$primaryReviewersSubjectSet1->setGroupId('1623f912-5e86-41c2-af47-39dd67582b66');
$primaryReviewersArray []= $primaryReviewersSubjectSet1;
$reviewSettings->setPrimaryReviewers($primaryReviewersArray);

$reviewSettings->setFallbackReviewers([]);
$requestBody->setReviewSettings($reviewSettings);
$accessPackage = new AccessPackage();
$accessPackage->setId('a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b');
$requestBody->setAccessPackage($accessPackage);

$result = $graphServiceClient->identityGovernance()->entitlementManagement()->assignmentPolicies()->post($requestBody)->wait();


Import-Module Microsoft.Graph.Identity.Governance

$params = @{
	displayName = "policy for external access requests"
	description = "policy for users from connected organizations to request access, with two stages of approval."
	allowedTargetScope = "allConfiguredConnectedOrganizationUsers"
	specificAllowedTargets = @(
	)
	expiration = @{
		type = "noExpiration"
	}
	requestorSettings = @{
		enableTargetsToSelfAddAccess = $true
		enableTargetsToSelfUpdateAccess = $true
		enableTargetsToSelfRemoveAccess = $true
		allowCustomAssignmentSchedule = $false
		enableOnBehalfRequestorsToAddAccess = $false
		enableOnBehalfRequestorsToUpdateAccess = $false
		enableOnBehalfRequestorsToRemoveAccess = $false
		onBehalfRequestors = @(
		)
	}
	requestApprovalSettings = @{
		isApprovalRequiredForAdd = $true
		isApprovalRequiredForUpdate = $false
		stages = @(
			@{
				durationBeforeAutomaticDenial = "P14D"
				isApproverJustificationRequired = $false
				isEscalationEnabled = $false
				durationBeforeEscalation = "PT0S"
				primaryApprovers = @(
					@{
						"@odata.type" = "#microsoft.graph.internalSponsors"
					}
				)
				fallbackPrimaryApprovers = @(
					@{
						"@odata.type" = "#microsoft.graph.singleUser"
						userId = "7deff43e-1f17-44ef-9e5f-d516b0ba11d4"
					}
					@{
						"@odata.type" = "#microsoft.graph.groupMembers"
						groupId = "1623f912-5e86-41c2-af47-39dd67582b66"
					}
				)
				escalationApprovers = @(
				)
				fallbackEscalationApprovers = @(
				)
			}
			@{
				durationBeforeAutomaticDenial = "P14D"
				isApproverJustificationRequired = $false
				isEscalationEnabled = $false
				durationBeforeEscalation = "PT0S"
				primaryApprovers = @(
				)
				fallbackPrimaryApprovers = @(
					@{
						"@odata.type" = "#microsoft.graph.singleUser"
						userId = "46184453-e63b-4f20-86c2-c557ed5d5df9"
					}
					@{
						"@odata.type" = "#microsoft.graph.groupMembers"
						groupId = "1623f912-5e86-41c2-af47-39dd67582b66"
					}
				)
				escalationApprovers = @(
				)
				fallbackEscalationApprovers = @(
				)
			}
		)
	}
	reviewSettings = @{
		isEnabled = $true
		expirationBehavior = "keepAccess"
		isRecommendationEnabled = $true
		isReviewerJustificationRequired = $true
		isSelfReview = $false
		schedule = @{
			startDateTime = [System.DateTime]::Parse("2022-07-02T06:59:59.998Z")
			expiration = @{
				duration = "P14D"
				type = "afterDuration"
			}
			recurrence = @{
				pattern = @{
					type = "absoluteMonthly"
					interval = 3
					month = 0
					dayOfMonth = 0
					daysOfWeek = @(
					)
				}
				range = @{
					type = "noEnd"
					numberOfOccurrences = 0
				}
			}
		}
		primaryReviewers = @(
			@{
				"@odata.type" = "#microsoft.graph.groupMembers"
				groupId = "1623f912-5e86-41c2-af47-39dd67582b66"
			}
		)
		fallbackReviewers = @(
		)
	}
	accessPackage = @{
		id = "a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b"
	}
}

New-MgEntitlementManagementAssignmentPolicy -BodyParameter $params


# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.models.access_package_assignment_policy import AccessPackageAssignmentPolicy
from msgraph.generated.models.allowed_target_scope import AllowedTargetScope
from msgraph.generated.models.subject_set import SubjectSet
from msgraph.generated.models.expiration_pattern import ExpirationPattern
from msgraph.generated.models.expiration_pattern_type import ExpirationPatternType
from msgraph.generated.models.access_package_assignment_requestor_settings import AccessPackageAssignmentRequestorSettings
from msgraph.generated.models.access_package_assignment_approval_settings import AccessPackageAssignmentApprovalSettings
from msgraph.generated.models.access_package_approval_stage import AccessPackageApprovalStage
from msgraph.generated.models.internal_sponsors import InternalSponsors
from msgraph.generated.models.single_user import SingleUser
from msgraph.generated.models.group_members import GroupMembers
from msgraph.generated.models.access_package_assignment_review_settings import AccessPackageAssignmentReviewSettings
from msgraph.generated.models.access_review_expiration_behavior import AccessReviewExpirationBehavior
from msgraph.generated.models.entitlement_management_schedule import EntitlementManagementSchedule
from msgraph.generated.models.patterned_recurrence import PatternedRecurrence
from msgraph.generated.models.recurrence_pattern import RecurrencePattern
from msgraph.generated.models.recurrence_pattern_type import RecurrencePatternType
from msgraph.generated.models.day_of_week import DayOfWeek
from msgraph.generated.models.recurrence_range import RecurrenceRange
from msgraph.generated.models.recurrence_range_type import RecurrenceRangeType
from msgraph.generated.models.access_package import AccessPackage
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = AccessPackageAssignmentPolicy(
	display_name = "policy for external access requests",
	description = "policy for users from connected organizations to request access, with two stages of approval.",
	allowed_target_scope = AllowedTargetScope.AllConfiguredConnectedOrganizationUsers,
	specific_allowed_targets = [
	],
	expiration = ExpirationPattern(
		type = ExpirationPatternType.NoExpiration,
	),
	requestor_settings = AccessPackageAssignmentRequestorSettings(
		enable_targets_to_self_add_access = True,
		enable_targets_to_self_update_access = True,
		enable_targets_to_self_remove_access = True,
		allow_custom_assignment_schedule = False,
		enable_on_behalf_requestors_to_add_access = False,
		enable_on_behalf_requestors_to_update_access = False,
		enable_on_behalf_requestors_to_remove_access = False,
		on_behalf_requestors = [
		],
	),
	request_approval_settings = AccessPackageAssignmentApprovalSettings(
		is_approval_required_for_add = True,
		is_approval_required_for_update = False,
		stages = [
			AccessPackageApprovalStage(
				duration_before_automatic_denial = "P14D",
				is_approver_justification_required = False,
				is_escalation_enabled = False,
				duration_before_escalation = "PT0S",
				primary_approvers = [
					InternalSponsors(
						odata_type = "#microsoft.graph.internalSponsors",
					),
				],
				fallback_primary_approvers = [
					SingleUser(
						odata_type = "#microsoft.graph.singleUser",
						user_id = "7deff43e-1f17-44ef-9e5f-d516b0ba11d4",
					),
					GroupMembers(
						odata_type = "#microsoft.graph.groupMembers",
						group_id = "1623f912-5e86-41c2-af47-39dd67582b66",
					),
				],
				escalation_approvers = [
				],
				fallback_escalation_approvers = [
				],
			),
			AccessPackageApprovalStage(
				duration_before_automatic_denial = "P14D",
				is_approver_justification_required = False,
				is_escalation_enabled = False,
				duration_before_escalation = "PT0S",
				primary_approvers = [
				],
				fallback_primary_approvers = [
					SingleUser(
						odata_type = "#microsoft.graph.singleUser",
						user_id = "46184453-e63b-4f20-86c2-c557ed5d5df9",
					),
					GroupMembers(
						odata_type = "#microsoft.graph.groupMembers",
						group_id = "1623f912-5e86-41c2-af47-39dd67582b66",
					),
				],
				escalation_approvers = [
				],
				fallback_escalation_approvers = [
				],
			),
		],
	),
	review_settings = AccessPackageAssignmentReviewSettings(
		is_enabled = True,
		expiration_behavior = AccessReviewExpirationBehavior.KeepAccess,
		is_recommendation_enabled = True,
		is_reviewer_justification_required = True,
		is_self_review = False,
		schedule = EntitlementManagementSchedule(
			start_date_time = "2022-07-02T06:59:59.998Z",
			expiration = ExpirationPattern(
				duration = "P14D",
				type = ExpirationPatternType.AfterDuration,
			),
			recurrence = PatternedRecurrence(
				pattern = RecurrencePattern(
					type = RecurrencePatternType.AbsoluteMonthly,
					interval = 3,
					month = 0,
					day_of_month = 0,
					days_of_week = [
					],
				),
				range = RecurrenceRange(
					type = RecurrenceRangeType.NoEnd,
					number_of_occurrences = 0,
				),
			),
		),
		primary_reviewers = [
			GroupMembers(
				odata_type = "#microsoft.graph.groupMembers",
				group_id = "1623f912-5e86-41c2-af47-39dd67582b66",
			),
		],
		fallback_reviewers = [
		],
	),
	access_package = AccessPackage(
		id = "a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b",
	),
)

result = await graph_client.identity_governance.entitlement_management.assignment_policies.post(request_body)

Respuesta

HTTP/1.1 201 Created
Content-Type: application/json

{
  "id": "9d8f2361-39be-482e-b267-34ad6baef4d3",
    "displayName": "policy for external access requests",
    "description": "policy for users from connected organizations to request access, with two stages of approval."
}

Ejemplo 3: Creación de una directiva que crea automáticamente asignaciones basadas en una regla de pertenencia

En el ejemplo siguiente se muestra una directiva que crea automáticamente asignaciones para los usuarios del departamento de ventas.

Solicitud

POST https://graph.microsoft.com/v1.0/identityGovernance/entitlementManagement/assignmentPolicies
Content-Type: application/json

{
    "displayName": "Sales department users",
    "description": "All users from sales department",
    "allowedTargetScope": "specificDirectoryUsers",
    "specificAllowedTargets": [
        {
            "@odata.type": "#microsoft.graph.attributeRuleMembers",
            "description": "Membership rule for all users from sales department",
            "membershipRule": "(user.department -eq \"Sales\")"
        }
    ],
    "automaticRequestSettings": {
        "requestAccessForAllowedTargets": true,
        "removeAccessWhenTargetLeavesAllowedTargets": true,
        "gracePeriodBeforeAccessRemoval": "P7D"
    },
    "accessPackage": {
        "id": "8a36831e-1527-4b2b-aff2-81259a8d8e76"
    }
}


// Code snippets are only available for the latest version. Current version is 5.x

// Dependencies
using Microsoft.Graph.Models;

var requestBody = new AccessPackageAssignmentPolicy
{
	DisplayName = "Sales department users",
	Description = "All users from sales department",
	AllowedTargetScope = AllowedTargetScope.SpecificDirectoryUsers,
	SpecificAllowedTargets = new List<SubjectSet>
	{
		new AttributeRuleMembers
		{
			OdataType = "#microsoft.graph.attributeRuleMembers",
			Description = "Membership rule for all users from sales department",
			MembershipRule = "(user.department -eq \"Sales\")",
		},
	},
	AutomaticRequestSettings = new AccessPackageAutomaticRequestSettings
	{
		RequestAccessForAllowedTargets = true,
		RemoveAccessWhenTargetLeavesAllowedTargets = true,
		GracePeriodBeforeAccessRemoval = TimeSpan.Parse("P7D"),
	},
	AccessPackage = new AccessPackage
	{
		Id = "8a36831e-1527-4b2b-aff2-81259a8d8e76",
	},
};

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.EntitlementManagement.AssignmentPolicies.PostAsync(requestBody);



mgc identity-governance entitlement-management assignment-policies create --body '{\
    "displayName": "Sales department users",\
    "description": "All users from sales department",\
    "allowedTargetScope": "specificDirectoryUsers",\
    "specificAllowedTargets": [\
        {\
            "@odata.type": "#microsoft.graph.attributeRuleMembers",\
            "description": "Membership rule for all users from sales department",\
            "membershipRule": "(user.department -eq \"Sales\")"\
        }\
    ],\
    "automaticRequestSettings": {\
        "requestAccessForAllowedTargets": true,\
        "removeAccessWhenTargetLeavesAllowedTargets": true,\
        "gracePeriodBeforeAccessRemoval": "P7D"\
    },\
    "accessPackage": {\
        "id": "8a36831e-1527-4b2b-aff2-81259a8d8e76"\
    }\
}\
'



// Code snippets are only available for the latest major version. Current major version is $v1.*

// Dependencies
import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
	  graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
	  //other-imports
)

requestBody := graphmodels.NewAccessPackageAssignmentPolicy()
displayName := "Sales department users"
requestBody.SetDisplayName(&displayName) 
description := "All users from sales department"
requestBody.SetDescription(&description) 
allowedTargetScope := graphmodels.SPECIFICDIRECTORYUSERS_ALLOWEDTARGETSCOPE 
requestBody.SetAllowedTargetScope(&allowedTargetScope) 


subjectSet := graphmodels.NewAttributeRuleMembers()
description := "Membership rule for all users from sales department"
subjectSet.SetDescription(&description) 
membershipRule := "(user.department -eq \"Sales\")"
subjectSet.SetMembershipRule(&membershipRule) 

specificAllowedTargets := []graphmodels.SubjectSetable {
	subjectSet,
}
requestBody.SetSpecificAllowedTargets(specificAllowedTargets)
automaticRequestSettings := graphmodels.NewAccessPackageAutomaticRequestSettings()
requestAccessForAllowedTargets := true
automaticRequestSettings.SetRequestAccessForAllowedTargets(&requestAccessForAllowedTargets) 
removeAccessWhenTargetLeavesAllowedTargets := true
automaticRequestSettings.SetRemoveAccessWhenTargetLeavesAllowedTargets(&removeAccessWhenTargetLeavesAllowedTargets) 
gracePeriodBeforeAccessRemoval , err := abstractions.ParseISODuration("P7D")
automaticRequestSettings.SetGracePeriodBeforeAccessRemoval(&gracePeriodBeforeAccessRemoval) 
requestBody.SetAutomaticRequestSettings(automaticRequestSettings)
accessPackage := graphmodels.NewAccessPackage()
id := "8a36831e-1527-4b2b-aff2-81259a8d8e76"
accessPackage.SetId(&id) 
requestBody.SetAccessPackage(accessPackage)

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
assignmentPolicies, err := graphClient.IdentityGovernance().EntitlementManagement().AssignmentPolicies().Post(context.Background(), requestBody, nil)


// Code snippets are only available for the latest version. Current version is 6.x

GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);

AccessPackageAssignmentPolicy accessPackageAssignmentPolicy = new AccessPackageAssignmentPolicy();
accessPackageAssignmentPolicy.setDisplayName("Sales department users");
accessPackageAssignmentPolicy.setDescription("All users from sales department");
accessPackageAssignmentPolicy.setAllowedTargetScope(AllowedTargetScope.SpecificDirectoryUsers);
LinkedList<SubjectSet> specificAllowedTargets = new LinkedList<SubjectSet>();
AttributeRuleMembers subjectSet = new AttributeRuleMembers();
subjectSet.setOdataType("#microsoft.graph.attributeRuleMembers");
subjectSet.setDescription("Membership rule for all users from sales department");
subjectSet.setMembershipRule("(user.department -eq \"Sales\")");
specificAllowedTargets.add(subjectSet);
accessPackageAssignmentPolicy.setSpecificAllowedTargets(specificAllowedTargets);
AccessPackageAutomaticRequestSettings automaticRequestSettings = new AccessPackageAutomaticRequestSettings();
automaticRequestSettings.setRequestAccessForAllowedTargets(true);
automaticRequestSettings.setRemoveAccessWhenTargetLeavesAllowedTargets(true);
PeriodAndDuration gracePeriodBeforeAccessRemoval = PeriodAndDuration.ofDuration(Duration.parse("P7D"));
automaticRequestSettings.setGracePeriodBeforeAccessRemoval(gracePeriodBeforeAccessRemoval);
accessPackageAssignmentPolicy.setAutomaticRequestSettings(automaticRequestSettings);
AccessPackage accessPackage = new AccessPackage();
accessPackage.setId("8a36831e-1527-4b2b-aff2-81259a8d8e76");
accessPackageAssignmentPolicy.setAccessPackage(accessPackage);
AccessPackageAssignmentPolicy result = graphClient.identityGovernance().entitlementManagement().assignmentPolicies().post(accessPackageAssignmentPolicy);


const options = {
	authProvider,
};

const client = Client.init(options);

const accessPackageAssignmentPolicy = {
    displayName: 'Sales department users',
    description: 'All users from sales department',
    allowedTargetScope: 'specificDirectoryUsers',
    specificAllowedTargets: [
        {
            '@odata.type': '#microsoft.graph.attributeRuleMembers',
            description: 'Membership rule for all users from sales department',
            membershipRule: '(user.department -eq \"Sales\")'
        }
    ],
    automaticRequestSettings: {
        requestAccessForAllowedTargets: true,
        removeAccessWhenTargetLeavesAllowedTargets: true,
        gracePeriodBeforeAccessRemoval: 'P7D'
    },
    accessPackage: {
        id: '8a36831e-1527-4b2b-aff2-81259a8d8e76'
    }
};

await client.api('/identityGovernance/entitlementManagement/assignmentPolicies')
	.post(accessPackageAssignmentPolicy);


<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\AccessPackageAssignmentPolicy;
use Microsoft\Graph\Generated\Models\AllowedTargetScope;
use Microsoft\Graph\Generated\Models\SubjectSet;
use Microsoft\Graph\Generated\Models\AttributeRuleMembers;
use Microsoft\Graph\Generated\Models\AccessPackageAutomaticRequestSettings;
use Microsoft\Graph\Generated\Models\AccessPackage;


$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);

$requestBody = new AccessPackageAssignmentPolicy();
$requestBody->setDisplayName('Sales department users');
$requestBody->setDescription('All users from sales department');
$requestBody->setAllowedTargetScope(new AllowedTargetScope('specificDirectoryUsers'));
$specificAllowedTargetsSubjectSet1 = new AttributeRuleMembers();
$specificAllowedTargetsSubjectSet1->setOdataType('#microsoft.graph.attributeRuleMembers');
$specificAllowedTargetsSubjectSet1->setDescription('Membership rule for all users from sales department');
$specificAllowedTargetsSubjectSet1->setMembershipRule('(user.department -eq \"Sales\")');
$specificAllowedTargetsArray []= $specificAllowedTargetsSubjectSet1;
$requestBody->setSpecificAllowedTargets($specificAllowedTargetsArray);

$automaticRequestSettings = new AccessPackageAutomaticRequestSettings();
$automaticRequestSettings->setRequestAccessForAllowedTargets(true);
$automaticRequestSettings->setRemoveAccessWhenTargetLeavesAllowedTargets(true);
$automaticRequestSettings->setGracePeriodBeforeAccessRemoval(new \DateInterval('P7D'));
$requestBody->setAutomaticRequestSettings($automaticRequestSettings);
$accessPackage = new AccessPackage();
$accessPackage->setId('8a36831e-1527-4b2b-aff2-81259a8d8e76');
$requestBody->setAccessPackage($accessPackage);

$result = $graphServiceClient->identityGovernance()->entitlementManagement()->assignmentPolicies()->post($requestBody)->wait();


Import-Module Microsoft.Graph.Identity.Governance

$params = @{
	displayName = "Sales department users"
	description = "All users from sales department"
	allowedTargetScope = "specificDirectoryUsers"
	specificAllowedTargets = @(
		@{
			"@odata.type" = "#microsoft.graph.attributeRuleMembers"
			description = "Membership rule for all users from sales department"
			membershipRule = "(user.department -eq "Sales")"
		}
	)
	automaticRequestSettings = @{
		requestAccessForAllowedTargets = $true
		removeAccessWhenTargetLeavesAllowedTargets = $true
		gracePeriodBeforeAccessRemoval = "P7D"
	}
	accessPackage = @{
		id = "8a36831e-1527-4b2b-aff2-81259a8d8e76"
	}
}

New-MgEntitlementManagementAssignmentPolicy -BodyParameter $params


# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.models.access_package_assignment_policy import AccessPackageAssignmentPolicy
from msgraph.generated.models.allowed_target_scope import AllowedTargetScope
from msgraph.generated.models.subject_set import SubjectSet
from msgraph.generated.models.attribute_rule_members import AttributeRuleMembers
from msgraph.generated.models.access_package_automatic_request_settings import AccessPackageAutomaticRequestSettings
from msgraph.generated.models.access_package import AccessPackage
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = AccessPackageAssignmentPolicy(
	display_name = "Sales department users",
	description = "All users from sales department",
	allowed_target_scope = AllowedTargetScope.SpecificDirectoryUsers,
	specific_allowed_targets = [
		AttributeRuleMembers(
			odata_type = "#microsoft.graph.attributeRuleMembers",
			description = "Membership rule for all users from sales department",
			membership_rule = "(user.department -eq \"Sales\")",
		),
	],
	automatic_request_settings = AccessPackageAutomaticRequestSettings(
		request_access_for_allowed_targets = True,
		remove_access_when_target_leaves_allowed_targets = True,
		grace_period_before_access_removal = "P7D",
	),
	access_package = AccessPackage(
		id = "8a36831e-1527-4b2b-aff2-81259a8d8e76",
	),
)

result = await graph_client.identity_governance.entitlement_management.assignment_policies.post(request_body)

Respuesta

HTTP/1.1 201 Created
Content-Type: application/json

{
    "id": "962493bb-be02-4aeb-a233-a205bbfe1d8d",
    "displayName": "Sales department users",
    "description": "All users from sales department"
}

Ejemplo 4: Cree una directiva en la que se pida a los solicitantes que respondan a las preguntas mientras solicitan acceso para proporcionar información adicional a los aprobadores.

En el ejemplo siguiente se muestra una directiva que crea automáticamente asignaciones para los usuarios del departamento de ventas.

Solicitud

POST https://graph.microsoft.com/v1.0/identityGovernance/entitlementManagement/assignmentPolicies
Content-Type: application/json

{
    "displayName": "A Policy With Questions",
    "description": "",
    "allowedTargetScope": "allMemberUsers",
    "expiration": {
        "type": "noExpiration"
    },
    "requestorSettings": {
        "enableTargetsToSelfAddAccess": "true",
        "enableTargetsToSelfUpdateAccess": "true",
        "enableTargetsToSelfRemoveAccess": "true"
    },
    "requestApprovalSettings": {
        "isApprovalRequiredForAdd": "true",
        "isApprovalRequiredForUpdate": "true",
        "stages": [
            {
                "durationBeforeAutomaticDenial": "P7D",
                "isApproverJustificationRequired": "false",
                "isEscalationEnabled": "false",
                "fallbackPrimaryApprovers": [],
                "escalationApprovers": [],
                "fallbackEscalationApprovers": [],
                "primaryApprovers": [
                    {
                        "@odata.type": "#microsoft.graph.singleUser",
                        "userId": "08a551cb-575a-4343-b914-f6e42798bd20"
                    }
                ]
            }
        ]
    },
    "questions": [
        {
            "@odata.type": "#microsoft.graph.accessPackageMultipleChoiceQuestion",
            "sequence": "1",
            "isRequired": "true",
            "isAnswerEditable": "true",
            "text": "What country are you working from?",
            "isMultipleSelectionAllowed": "false",
            "choices": [
                {
                    "@odata.type": "microsoft.graph.accessPackageAnswerChoice",
                    "actualValue": "KE",
                    "text": "Kenya"
                },
                {
                    "@odata.type": "microsoft.graph.accessPackageAnswerChoice",
                    "actualValue": "US",
                    "text": "United States"
                },
                {
                    "@odata.type": "microsoft.graph.accessPackageAnswerChoice",
                    "actualValue": "GY",
                    "text": "Guyana"
                },
                {
                    "@odata.type": "microsoft.graph.accessPackageAnswerChoice",
                    "actualValue": "BD",
                    "text": "Bangladesh"
                },
                {
                    "@odata.type": "microsoft.graph.accessPackageAnswerChoice",
                    "actualValue": "JP",
                    "text": "Japan"
                }
            ]
        },
        {
            "@odata.type": "#microsoft.graph.accessPackageTextInputQuestion",
            "sequence": "2",
            "isRequired": "true",
            "isAnswerEditable": "true",
            "text": "What do you do for work?",
            "localizations": [
                {
                    "languageCode": "fr-CA",
                    "text": "Que fais-tu comme travail?"
                }
            ],
            "isSingleLineQuestion": "false",
            "regexPattern": "[a-zA-Z]+[a-zA-Z\\s]*"
        }
    ],
    "accessPackage": {
        "id": "977c7ff4-ef8f-4910-9d31-49048ddf3120"
    }
}


// Code snippets are only available for the latest version. Current version is 5.x

// Dependencies
using Microsoft.Graph.Models;

var requestBody = new AccessPackageAssignmentPolicy
{
	DisplayName = "A Policy With Questions",
	Description = "",
	AllowedTargetScope = AllowedTargetScope.AllMemberUsers,
	Expiration = new ExpirationPattern
	{
		Type = ExpirationPatternType.NoExpiration,
	},
	RequestorSettings = new AccessPackageAssignmentRequestorSettings
	{
		EnableTargetsToSelfAddAccess = true,
		EnableTargetsToSelfUpdateAccess = true,
		EnableTargetsToSelfRemoveAccess = true,
	},
	RequestApprovalSettings = new AccessPackageAssignmentApprovalSettings
	{
		IsApprovalRequiredForAdd = true,
		IsApprovalRequiredForUpdate = true,
		Stages = new List<AccessPackageApprovalStage>
		{
			new AccessPackageApprovalStage
			{
				DurationBeforeAutomaticDenial = TimeSpan.Parse("P7D"),
				IsApproverJustificationRequired = false,
				IsEscalationEnabled = false,
				FallbackPrimaryApprovers = new List<SubjectSet>
				{
				},
				EscalationApprovers = new List<SubjectSet>
				{
				},
				FallbackEscalationApprovers = new List<SubjectSet>
				{
				},
				PrimaryApprovers = new List<SubjectSet>
				{
					new SingleUser
					{
						OdataType = "#microsoft.graph.singleUser",
						UserId = "08a551cb-575a-4343-b914-f6e42798bd20",
					},
				},
			},
		},
	},
	Questions = new List<AccessPackageQuestion>
	{
		new AccessPackageMultipleChoiceQuestion
		{
			OdataType = "#microsoft.graph.accessPackageMultipleChoiceQuestion",
			Sequence = 1,
			IsRequired = true,
			IsAnswerEditable = true,
			Text = "What country are you working from?",
			IsMultipleSelectionAllowed = false,
			Choices = new List<AccessPackageAnswerChoice>
			{
				new AccessPackageAnswerChoice
				{
					OdataType = "microsoft.graph.accessPackageAnswerChoice",
					ActualValue = "KE",
					Text = "Kenya",
				},
				new AccessPackageAnswerChoice
				{
					OdataType = "microsoft.graph.accessPackageAnswerChoice",
					ActualValue = "US",
					Text = "United States",
				},
				new AccessPackageAnswerChoice
				{
					OdataType = "microsoft.graph.accessPackageAnswerChoice",
					ActualValue = "GY",
					Text = "Guyana",
				},
				new AccessPackageAnswerChoice
				{
					OdataType = "microsoft.graph.accessPackageAnswerChoice",
					ActualValue = "BD",
					Text = "Bangladesh",
				},
				new AccessPackageAnswerChoice
				{
					OdataType = "microsoft.graph.accessPackageAnswerChoice",
					ActualValue = "JP",
					Text = "Japan",
				},
			},
		},
		new AccessPackageTextInputQuestion
		{
			OdataType = "#microsoft.graph.accessPackageTextInputQuestion",
			Sequence = 2,
			IsRequired = true,
			IsAnswerEditable = true,
			Text = "What do you do for work?",
			Localizations = new List<AccessPackageLocalizedText>
			{
				new AccessPackageLocalizedText
				{
					LanguageCode = "fr-CA",
					Text = "Que fais-tu comme travail?",
				},
			},
			IsSingleLineQuestion = false,
			RegexPattern = "[a-zA-Z]+[a-zA-Z\s]*",
		},
	},
	AccessPackage = new AccessPackage
	{
		Id = "977c7ff4-ef8f-4910-9d31-49048ddf3120",
	},
};

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.EntitlementManagement.AssignmentPolicies.PostAsync(requestBody);



mgc identity-governance entitlement-management assignment-policies create --body '{\
    "displayName": "A Policy With Questions",\
    "description": "",\
    "allowedTargetScope": "allMemberUsers",\
    "expiration": {\
        "type": "noExpiration"\
    },\
    "requestorSettings": {\
        "enableTargetsToSelfAddAccess": "true",\
        "enableTargetsToSelfUpdateAccess": "true",\
        "enableTargetsToSelfRemoveAccess": "true"\
    },\
    "requestApprovalSettings": {\
        "isApprovalRequiredForAdd": "true",\
        "isApprovalRequiredForUpdate": "true",\
        "stages": [\
            {\
                "durationBeforeAutomaticDenial": "P7D",\
                "isApproverJustificationRequired": "false",\
                "isEscalationEnabled": "false",\
                "fallbackPrimaryApprovers": [],\
                "escalationApprovers": [],\
                "fallbackEscalationApprovers": [],\
                "primaryApprovers": [\
                    {\
                        "@odata.type": "#microsoft.graph.singleUser",\
                        "userId": "08a551cb-575a-4343-b914-f6e42798bd20"\
                    }\
                ]\
            }\
        ]\
    },\
    "questions": [\
        {\
            "@odata.type": "#microsoft.graph.accessPackageMultipleChoiceQuestion",\
            "sequence": "1",\
            "isRequired": "true",\
            "isAnswerEditable": "true",\
            "text": "What country are you working from?",\
            "isMultipleSelectionAllowed": "false",\
            "choices": [\
                {\
                    "@odata.type": "microsoft.graph.accessPackageAnswerChoice",\
                    "actualValue": "KE",\
                    "text": "Kenya"\
                },\
                {\
                    "@odata.type": "microsoft.graph.accessPackageAnswerChoice",\
                    "actualValue": "US",\
                    "text": "United States"\
                },\
                {\
                    "@odata.type": "microsoft.graph.accessPackageAnswerChoice",\
                    "actualValue": "GY",\
                    "text": "Guyana"\
                },\
                {\
                    "@odata.type": "microsoft.graph.accessPackageAnswerChoice",\
                    "actualValue": "BD",\
                    "text": "Bangladesh"\
                },\
                {\
                    "@odata.type": "microsoft.graph.accessPackageAnswerChoice",\
                    "actualValue": "JP",\
                    "text": "Japan"\
                }\
            ]\
        },\
        {\
            "@odata.type": "#microsoft.graph.accessPackageTextInputQuestion",\
            "sequence": "2",\
            "isRequired": "true",\
            "isAnswerEditable": "true",\
            "text": "What do you do for work?",\
            "localizations": [\
                {\
                    "languageCode": "fr-CA",\
                    "text": "Que fais-tu comme travail?"\
                }\
            ],\
            "isSingleLineQuestion": "false",\
            "regexPattern": "[a-zA-Z]+[a-zA-Z\\s]*"\
        }\
    ],\
    "accessPackage": {\
        "id": "977c7ff4-ef8f-4910-9d31-49048ddf3120"\
    }\
}\
'



// Code snippets are only available for the latest major version. Current major version is $v1.*

// Dependencies
import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
	  graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
	  //other-imports
)

requestBody := graphmodels.NewAccessPackageAssignmentPolicy()
displayName := "A Policy With Questions"
requestBody.SetDisplayName(&displayName) 
description := ""
requestBody.SetDescription(&description) 
allowedTargetScope := graphmodels.ALLMEMBERUSERS_ALLOWEDTARGETSCOPE 
requestBody.SetAllowedTargetScope(&allowedTargetScope) 
expiration := graphmodels.NewExpirationPattern()
type := graphmodels.NOEXPIRATION_EXPIRATIONPATTERNTYPE 
expiration.SetType(&type) 
requestBody.SetExpiration(expiration)
requestorSettings := graphmodels.NewAccessPackageAssignmentRequestorSettings()
enableTargetsToSelfAddAccess := true
requestorSettings.SetEnableTargetsToSelfAddAccess(&enableTargetsToSelfAddAccess) 
enableTargetsToSelfUpdateAccess := true
requestorSettings.SetEnableTargetsToSelfUpdateAccess(&enableTargetsToSelfUpdateAccess) 
enableTargetsToSelfRemoveAccess := true
requestorSettings.SetEnableTargetsToSelfRemoveAccess(&enableTargetsToSelfRemoveAccess) 
requestBody.SetRequestorSettings(requestorSettings)
requestApprovalSettings := graphmodels.NewAccessPackageAssignmentApprovalSettings()
isApprovalRequiredForAdd := true
requestApprovalSettings.SetIsApprovalRequiredForAdd(&isApprovalRequiredForAdd) 
isApprovalRequiredForUpdate := true
requestApprovalSettings.SetIsApprovalRequiredForUpdate(&isApprovalRequiredForUpdate) 


accessPackageApprovalStage := graphmodels.NewAccessPackageApprovalStage()
durationBeforeAutomaticDenial , err := abstractions.ParseISODuration("P7D")
accessPackageApprovalStage.SetDurationBeforeAutomaticDenial(&durationBeforeAutomaticDenial) 
isApproverJustificationRequired := false
accessPackageApprovalStage.SetIsApproverJustificationRequired(&isApproverJustificationRequired) 
isEscalationEnabled := false
accessPackageApprovalStage.SetIsEscalationEnabled(&isEscalationEnabled) 
fallbackPrimaryApprovers := []graphmodels.SubjectSetable {

}
accessPackageApprovalStage.SetFallbackPrimaryApprovers(fallbackPrimaryApprovers)
escalationApprovers := []graphmodels.SubjectSetable {

}
accessPackageApprovalStage.SetEscalationApprovers(escalationApprovers)
fallbackEscalationApprovers := []graphmodels.SubjectSetable {

}
accessPackageApprovalStage.SetFallbackEscalationApprovers(fallbackEscalationApprovers)


subjectSet := graphmodels.NewSingleUser()
userId := "08a551cb-575a-4343-b914-f6e42798bd20"
subjectSet.SetUserId(&userId) 

primaryApprovers := []graphmodels.SubjectSetable {
	subjectSet,
}
accessPackageApprovalStage.SetPrimaryApprovers(primaryApprovers)

stages := []graphmodels.AccessPackageApprovalStageable {
	accessPackageApprovalStage,
}
requestApprovalSettings.SetStages(stages)
requestBody.SetRequestApprovalSettings(requestApprovalSettings)


accessPackageQuestion := graphmodels.NewAccessPackageMultipleChoiceQuestion()
sequence := int32(1)
accessPackageQuestion.SetSequence(&sequence) 
isRequired := true
accessPackageQuestion.SetIsRequired(&isRequired) 
isAnswerEditable := true
accessPackageQuestion.SetIsAnswerEditable(&isAnswerEditable) 
text := "What country are you working from?"
accessPackageQuestion.SetText(&text) 
isMultipleSelectionAllowed := false
accessPackageQuestion.SetIsMultipleSelectionAllowed(&isMultipleSelectionAllowed) 


accessPackageAnswerChoice := graphmodels.NewAccessPackageAnswerChoice()
actualValue := "KE"
accessPackageAnswerChoice.SetActualValue(&actualValue) 
text := "Kenya"
accessPackageAnswerChoice.SetText(&text) 
accessPackageAnswerChoice1 := graphmodels.NewAccessPackageAnswerChoice()
actualValue := "US"
accessPackageAnswerChoice1.SetActualValue(&actualValue) 
text := "United States"
accessPackageAnswerChoice1.SetText(&text) 
accessPackageAnswerChoice2 := graphmodels.NewAccessPackageAnswerChoice()
actualValue := "GY"
accessPackageAnswerChoice2.SetActualValue(&actualValue) 
text := "Guyana"
accessPackageAnswerChoice2.SetText(&text) 
accessPackageAnswerChoice3 := graphmodels.NewAccessPackageAnswerChoice()
actualValue := "BD"
accessPackageAnswerChoice3.SetActualValue(&actualValue) 
text := "Bangladesh"
accessPackageAnswerChoice3.SetText(&text) 
accessPackageAnswerChoice4 := graphmodels.NewAccessPackageAnswerChoice()
actualValue := "JP"
accessPackageAnswerChoice4.SetActualValue(&actualValue) 
text := "Japan"
accessPackageAnswerChoice4.SetText(&text) 

choices := []graphmodels.AccessPackageAnswerChoiceable {
	accessPackageAnswerChoice,
	accessPackageAnswerChoice1,
	accessPackageAnswerChoice2,
	accessPackageAnswerChoice3,
	accessPackageAnswerChoice4,
}
accessPackageQuestion.SetChoices(choices)
accessPackageQuestion1 := graphmodels.NewAccessPackageTextInputQuestion()
sequence := int32(2)
accessPackageQuestion1.SetSequence(&sequence) 
isRequired := true
accessPackageQuestion1.SetIsRequired(&isRequired) 
isAnswerEditable := true
accessPackageQuestion1.SetIsAnswerEditable(&isAnswerEditable) 
text := "What do you do for work?"
accessPackageQuestion1.SetText(&text) 


accessPackageLocalizedText := graphmodels.NewAccessPackageLocalizedText()
languageCode := "fr-CA"
accessPackageLocalizedText.SetLanguageCode(&languageCode) 
text := "Que fais-tu comme travail?"
accessPackageLocalizedText.SetText(&text) 

localizations := []graphmodels.AccessPackageLocalizedTextable {
	accessPackageLocalizedText,
}
accessPackageQuestion1.SetLocalizations(localizations)
isSingleLineQuestion := false
accessPackageQuestion1.SetIsSingleLineQuestion(&isSingleLineQuestion) 
regexPattern := "[a-zA-Z]+[a-zA-Z\s]*"
accessPackageQuestion1.SetRegexPattern(&regexPattern) 

questions := []graphmodels.AccessPackageQuestionable {
	accessPackageQuestion,
	accessPackageQuestion1,
}
requestBody.SetQuestions(questions)
accessPackage := graphmodels.NewAccessPackage()
id := "977c7ff4-ef8f-4910-9d31-49048ddf3120"
accessPackage.SetId(&id) 
requestBody.SetAccessPackage(accessPackage)

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
assignmentPolicies, err := graphClient.IdentityGovernance().EntitlementManagement().AssignmentPolicies().Post(context.Background(), requestBody, nil)


// Code snippets are only available for the latest version. Current version is 6.x

GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);

AccessPackageAssignmentPolicy accessPackageAssignmentPolicy = new AccessPackageAssignmentPolicy();
accessPackageAssignmentPolicy.setDisplayName("A Policy With Questions");
accessPackageAssignmentPolicy.setDescription("");
accessPackageAssignmentPolicy.setAllowedTargetScope(AllowedTargetScope.AllMemberUsers);
ExpirationPattern expiration = new ExpirationPattern();
expiration.setType(ExpirationPatternType.NoExpiration);
accessPackageAssignmentPolicy.setExpiration(expiration);
AccessPackageAssignmentRequestorSettings requestorSettings = new AccessPackageAssignmentRequestorSettings();
requestorSettings.setEnableTargetsToSelfAddAccess(true);
requestorSettings.setEnableTargetsToSelfUpdateAccess(true);
requestorSettings.setEnableTargetsToSelfRemoveAccess(true);
accessPackageAssignmentPolicy.setRequestorSettings(requestorSettings);
AccessPackageAssignmentApprovalSettings requestApprovalSettings = new AccessPackageAssignmentApprovalSettings();
requestApprovalSettings.setIsApprovalRequiredForAdd(true);
requestApprovalSettings.setIsApprovalRequiredForUpdate(true);
LinkedList<AccessPackageApprovalStage> stages = new LinkedList<AccessPackageApprovalStage>();
AccessPackageApprovalStage accessPackageApprovalStage = new AccessPackageApprovalStage();
PeriodAndDuration durationBeforeAutomaticDenial = PeriodAndDuration.ofDuration(Duration.parse("P7D"));
accessPackageApprovalStage.setDurationBeforeAutomaticDenial(durationBeforeAutomaticDenial);
accessPackageApprovalStage.setIsApproverJustificationRequired(false);
accessPackageApprovalStage.setIsEscalationEnabled(false);
LinkedList<SubjectSet> fallbackPrimaryApprovers = new LinkedList<SubjectSet>();
accessPackageApprovalStage.setFallbackPrimaryApprovers(fallbackPrimaryApprovers);
LinkedList<SubjectSet> escalationApprovers = new LinkedList<SubjectSet>();
accessPackageApprovalStage.setEscalationApprovers(escalationApprovers);
LinkedList<SubjectSet> fallbackEscalationApprovers = new LinkedList<SubjectSet>();
accessPackageApprovalStage.setFallbackEscalationApprovers(fallbackEscalationApprovers);
LinkedList<SubjectSet> primaryApprovers = new LinkedList<SubjectSet>();
SingleUser subjectSet = new SingleUser();
subjectSet.setOdataType("#microsoft.graph.singleUser");
subjectSet.setUserId("08a551cb-575a-4343-b914-f6e42798bd20");
primaryApprovers.add(subjectSet);
accessPackageApprovalStage.setPrimaryApprovers(primaryApprovers);
stages.add(accessPackageApprovalStage);
requestApprovalSettings.setStages(stages);
accessPackageAssignmentPolicy.setRequestApprovalSettings(requestApprovalSettings);
LinkedList<AccessPackageQuestion> questions = new LinkedList<AccessPackageQuestion>();
AccessPackageMultipleChoiceQuestion accessPackageQuestion = new AccessPackageMultipleChoiceQuestion();
accessPackageQuestion.setOdataType("#microsoft.graph.accessPackageMultipleChoiceQuestion");
accessPackageQuestion.setSequence(1);
accessPackageQuestion.setIsRequired(true);
accessPackageQuestion.setIsAnswerEditable(true);
accessPackageQuestion.setText("What country are you working from?");
accessPackageQuestion.setIsMultipleSelectionAllowed(false);
LinkedList<AccessPackageAnswerChoice> choices = new LinkedList<AccessPackageAnswerChoice>();
AccessPackageAnswerChoice accessPackageAnswerChoice = new AccessPackageAnswerChoice();
accessPackageAnswerChoice.setOdataType("microsoft.graph.accessPackageAnswerChoice");
accessPackageAnswerChoice.setActualValue("KE");
accessPackageAnswerChoice.setText("Kenya");
choices.add(accessPackageAnswerChoice);
AccessPackageAnswerChoice accessPackageAnswerChoice1 = new AccessPackageAnswerChoice();
accessPackageAnswerChoice1.setOdataType("microsoft.graph.accessPackageAnswerChoice");
accessPackageAnswerChoice1.setActualValue("US");
accessPackageAnswerChoice1.setText("United States");
choices.add(accessPackageAnswerChoice1);
AccessPackageAnswerChoice accessPackageAnswerChoice2 = new AccessPackageAnswerChoice();
accessPackageAnswerChoice2.setOdataType("microsoft.graph.accessPackageAnswerChoice");
accessPackageAnswerChoice2.setActualValue("GY");
accessPackageAnswerChoice2.setText("Guyana");
choices.add(accessPackageAnswerChoice2);
AccessPackageAnswerChoice accessPackageAnswerChoice3 = new AccessPackageAnswerChoice();
accessPackageAnswerChoice3.setOdataType("microsoft.graph.accessPackageAnswerChoice");
accessPackageAnswerChoice3.setActualValue("BD");
accessPackageAnswerChoice3.setText("Bangladesh");
choices.add(accessPackageAnswerChoice3);
AccessPackageAnswerChoice accessPackageAnswerChoice4 = new AccessPackageAnswerChoice();
accessPackageAnswerChoice4.setOdataType("microsoft.graph.accessPackageAnswerChoice");
accessPackageAnswerChoice4.setActualValue("JP");
accessPackageAnswerChoice4.setText("Japan");
choices.add(accessPackageAnswerChoice4);
accessPackageQuestion.setChoices(choices);
questions.add(accessPackageQuestion);
AccessPackageTextInputQuestion accessPackageQuestion1 = new AccessPackageTextInputQuestion();
accessPackageQuestion1.setOdataType("#microsoft.graph.accessPackageTextInputQuestion");
accessPackageQuestion1.setSequence(2);
accessPackageQuestion1.setIsRequired(true);
accessPackageQuestion1.setIsAnswerEditable(true);
accessPackageQuestion1.setText("What do you do for work?");
LinkedList<AccessPackageLocalizedText> localizations = new LinkedList<AccessPackageLocalizedText>();
AccessPackageLocalizedText accessPackageLocalizedText = new AccessPackageLocalizedText();
accessPackageLocalizedText.setLanguageCode("fr-CA");
accessPackageLocalizedText.setText("Que fais-tu comme travail?");
localizations.add(accessPackageLocalizedText);
accessPackageQuestion1.setLocalizations(localizations);
accessPackageQuestion1.setIsSingleLineQuestion(false);
accessPackageQuestion1.setRegexPattern("[a-zA-Z]+[a-zA-Z\s]*");
questions.add(accessPackageQuestion1);
accessPackageAssignmentPolicy.setQuestions(questions);
AccessPackage accessPackage = new AccessPackage();
accessPackage.setId("977c7ff4-ef8f-4910-9d31-49048ddf3120");
accessPackageAssignmentPolicy.setAccessPackage(accessPackage);
AccessPackageAssignmentPolicy result = graphClient.identityGovernance().entitlementManagement().assignmentPolicies().post(accessPackageAssignmentPolicy);


const options = {
	authProvider,
};

const client = Client.init(options);

const accessPackageAssignmentPolicy = {
    displayName: 'A Policy With Questions',
    description: '',
    allowedTargetScope: 'allMemberUsers',
    expiration: {
        type: 'noExpiration'
    },
    requestorSettings: {
        enableTargetsToSelfAddAccess: 'true',
        enableTargetsToSelfUpdateAccess: 'true',
        enableTargetsToSelfRemoveAccess: 'true'
    },
    requestApprovalSettings: {
        isApprovalRequiredForAdd: 'true',
        isApprovalRequiredForUpdate: 'true',
        stages: [
            {
                durationBeforeAutomaticDenial: 'P7D',
                isApproverJustificationRequired: 'false',
                isEscalationEnabled: 'false',
                fallbackPrimaryApprovers: [],
                escalationApprovers: [],
                fallbackEscalationApprovers: [],
                primaryApprovers: [
                    {
                        '@odata.type': '#microsoft.graph.singleUser',
                        userId: '08a551cb-575a-4343-b914-f6e42798bd20'
                    }
                ]
            }
        ]
    },
    questions: [
        {
            '@odata.type': '#microsoft.graph.accessPackageMultipleChoiceQuestion',
            sequence: '1',
            isRequired: 'true',
            isAnswerEditable: 'true',
            text: 'What country are you working from?',
            isMultipleSelectionAllowed: 'false',
            choices: [
                {
                    '@odata.type': 'microsoft.graph.accessPackageAnswerChoice',
                    actualValue: 'KE',
                    text: 'Kenya'
                },
                {
                    '@odata.type': 'microsoft.graph.accessPackageAnswerChoice',
                    actualValue: 'US',
                    text: 'United States'
                },
                {
                    '@odata.type': 'microsoft.graph.accessPackageAnswerChoice',
                    actualValue: 'GY',
                    text: 'Guyana'
                },
                {
                    '@odata.type': 'microsoft.graph.accessPackageAnswerChoice',
                    actualValue: 'BD',
                    text: 'Bangladesh'
                },
                {
                    '@odata.type': 'microsoft.graph.accessPackageAnswerChoice',
                    actualValue: 'JP',
                    text: 'Japan'
                }
            ]
        },
        {
            '@odata.type': '#microsoft.graph.accessPackageTextInputQuestion',
            sequence: '2',
            isRequired: 'true',
            isAnswerEditable: 'true',
            text: 'What do you do for work?',
            localizations: [
                {
                    languageCode: 'fr-CA',
                    text: 'Que fais-tu comme travail?'
                }
            ],
            isSingleLineQuestion: 'false',
            regexPattern: '[a-zA-Z]+[a-zA-Z\\s]*'
        }
    ],
    accessPackage: {
        id: '977c7ff4-ef8f-4910-9d31-49048ddf3120'
    }
};

await client.api('/identityGovernance/entitlementManagement/assignmentPolicies')
	.post(accessPackageAssignmentPolicy);


<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\AccessPackageAssignmentPolicy;
use Microsoft\Graph\Generated\Models\AllowedTargetScope;
use Microsoft\Graph\Generated\Models\ExpirationPattern;
use Microsoft\Graph\Generated\Models\ExpirationPatternType;
use Microsoft\Graph\Generated\Models\AccessPackageAssignmentRequestorSettings;
use Microsoft\Graph\Generated\Models\AccessPackageAssignmentApprovalSettings;
use Microsoft\Graph\Generated\Models\AccessPackageApprovalStage;
use Microsoft\Graph\Generated\Models\SubjectSet;
use Microsoft\Graph\Generated\Models\SingleUser;
use Microsoft\Graph\Generated\Models\AccessPackageQuestion;
use Microsoft\Graph\Generated\Models\AccessPackageMultipleChoiceQuestion;
use Microsoft\Graph\Generated\Models\AccessPackageAnswerChoice;
use Microsoft\Graph\Generated\Models\AccessPackageTextInputQuestion;
use Microsoft\Graph\Generated\Models\AccessPackageLocalizedText;
use Microsoft\Graph\Generated\Models\AccessPackage;


$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);

$requestBody = new AccessPackageAssignmentPolicy();
$requestBody->setDisplayName('A Policy With Questions');
$requestBody->setDescription('');
$requestBody->setAllowedTargetScope(new AllowedTargetScope('allMemberUsers'));
$expiration = new ExpirationPattern();
$expiration->setType(new ExpirationPatternType('noExpiration'));
$requestBody->setExpiration($expiration);
$requestorSettings = new AccessPackageAssignmentRequestorSettings();
$requestorSettings->setEnableTargetsToSelfAddAccess(true);
$requestorSettings->setEnableTargetsToSelfUpdateAccess(true);
$requestorSettings->setEnableTargetsToSelfRemoveAccess(true);
$requestBody->setRequestorSettings($requestorSettings);
$requestApprovalSettings = new AccessPackageAssignmentApprovalSettings();
$requestApprovalSettings->setIsApprovalRequiredForAdd(true);
$requestApprovalSettings->setIsApprovalRequiredForUpdate(true);
$stagesAccessPackageApprovalStage1 = new AccessPackageApprovalStage();
$stagesAccessPackageApprovalStage1->setDurationBeforeAutomaticDenial(new \DateInterval('P7D'));
$stagesAccessPackageApprovalStage1->setIsApproverJustificationRequired(false);
$stagesAccessPackageApprovalStage1->setIsEscalationEnabled(false);
$stagesAccessPackageApprovalStage1->setFallbackPrimaryApprovers([	]);
$stagesAccessPackageApprovalStage1->setEscalationApprovers([	]);
$stagesAccessPackageApprovalStage1->setFallbackEscalationApprovers([	]);
$primaryApproversSubjectSet1 = new SingleUser();
$primaryApproversSubjectSet1->setOdataType('#microsoft.graph.singleUser');
$primaryApproversSubjectSet1->setUserId('08a551cb-575a-4343-b914-f6e42798bd20');
$primaryApproversArray []= $primaryApproversSubjectSet1;
$stagesAccessPackageApprovalStage1->setPrimaryApprovers($primaryApproversArray);

$stagesArray []= $stagesAccessPackageApprovalStage1;
$requestApprovalSettings->setStages($stagesArray);

$requestBody->setRequestApprovalSettings($requestApprovalSettings);
$questionsAccessPackageQuestion1 = new AccessPackageMultipleChoiceQuestion();
$questionsAccessPackageQuestion1->setOdataType('#microsoft.graph.accessPackageMultipleChoiceQuestion');
$questionsAccessPackageQuestion1->setSequence(1);
$questionsAccessPackageQuestion1->setIsRequired(true);
$questionsAccessPackageQuestion1->setIsAnswerEditable(true);
$questionsAccessPackageQuestion1->setText('What country are you working from?');
$questionsAccessPackageQuestion1->setIsMultipleSelectionAllowed(false);
$choicesAccessPackageAnswerChoice1 = new AccessPackageAnswerChoice();
$choicesAccessPackageAnswerChoice1->setOdataType('microsoft.graph.accessPackageAnswerChoice');
$choicesAccessPackageAnswerChoice1->setActualValue('KE');
$choicesAccessPackageAnswerChoice1->setText('Kenya');
$choicesArray []= $choicesAccessPackageAnswerChoice1;
$choicesAccessPackageAnswerChoice2 = new AccessPackageAnswerChoice();
$choicesAccessPackageAnswerChoice2->setOdataType('microsoft.graph.accessPackageAnswerChoice');
$choicesAccessPackageAnswerChoice2->setActualValue('US');
$choicesAccessPackageAnswerChoice2->setText('United States');
$choicesArray []= $choicesAccessPackageAnswerChoice2;
$choicesAccessPackageAnswerChoice3 = new AccessPackageAnswerChoice();
$choicesAccessPackageAnswerChoice3->setOdataType('microsoft.graph.accessPackageAnswerChoice');
$choicesAccessPackageAnswerChoice3->setActualValue('GY');
$choicesAccessPackageAnswerChoice3->setText('Guyana');
$choicesArray []= $choicesAccessPackageAnswerChoice3;
$choicesAccessPackageAnswerChoice4 = new AccessPackageAnswerChoice();
$choicesAccessPackageAnswerChoice4->setOdataType('microsoft.graph.accessPackageAnswerChoice');
$choicesAccessPackageAnswerChoice4->setActualValue('BD');
$choicesAccessPackageAnswerChoice4->setText('Bangladesh');
$choicesArray []= $choicesAccessPackageAnswerChoice4;
$choicesAccessPackageAnswerChoice5 = new AccessPackageAnswerChoice();
$choicesAccessPackageAnswerChoice5->setOdataType('microsoft.graph.accessPackageAnswerChoice');
$choicesAccessPackageAnswerChoice5->setActualValue('JP');
$choicesAccessPackageAnswerChoice5->setText('Japan');
$choicesArray []= $choicesAccessPackageAnswerChoice5;
$questionsAccessPackageQuestion1->setChoices($choicesArray);

$questionsArray []= $questionsAccessPackageQuestion1;
$questionsAccessPackageQuestion2 = new AccessPackageTextInputQuestion();
$questionsAccessPackageQuestion2->setOdataType('#microsoft.graph.accessPackageTextInputQuestion');
$questionsAccessPackageQuestion2->setSequence(2);
$questionsAccessPackageQuestion2->setIsRequired(true);
$questionsAccessPackageQuestion2->setIsAnswerEditable(true);
$questionsAccessPackageQuestion2->setText('What do you do for work?');
$localizationsAccessPackageLocalizedText1 = new AccessPackageLocalizedText();
$localizationsAccessPackageLocalizedText1->setLanguageCode('fr-CA');
$localizationsAccessPackageLocalizedText1->setText('Que fais-tu comme travail?');
$localizationsArray []= $localizationsAccessPackageLocalizedText1;
$questionsAccessPackageQuestion2->setLocalizations($localizationsArray);

$questionsAccessPackageQuestion2->setIsSingleLineQuestion(false);
$questionsAccessPackageQuestion2->setRegexPattern('[a-zA-Z]+[a-zA-Z\s]*');
$questionsArray []= $questionsAccessPackageQuestion2;
$requestBody->setQuestions($questionsArray);

$accessPackage = new AccessPackage();
$accessPackage->setId('977c7ff4-ef8f-4910-9d31-49048ddf3120');
$requestBody->setAccessPackage($accessPackage);

$result = $graphServiceClient->identityGovernance()->entitlementManagement()->assignmentPolicies()->post($requestBody)->wait();


Import-Module Microsoft.Graph.Identity.Governance

$params = @{
	displayName = "A Policy With Questions"
	description = ""
	allowedTargetScope = "allMemberUsers"
	expiration = @{
		type = "noExpiration"
	}
	requestorSettings = @{
		enableTargetsToSelfAddAccess = "true"
		enableTargetsToSelfUpdateAccess = "true"
		enableTargetsToSelfRemoveAccess = "true"
	}
	requestApprovalSettings = @{
		isApprovalRequiredForAdd = "true"
		isApprovalRequiredForUpdate = "true"
		stages = @(
			@{
				durationBeforeAutomaticDenial = "P7D"
				isApproverJustificationRequired = "false"
				isEscalationEnabled = "false"
				fallbackPrimaryApprovers = @(
				)
				escalationApprovers = @(
				)
				fallbackEscalationApprovers = @(
				)
				primaryApprovers = @(
					@{
						"@odata.type" = "#microsoft.graph.singleUser"
						userId = "08a551cb-575a-4343-b914-f6e42798bd20"
					}
				)
			}
		)
	}
	questions = @(
		@{
			"@odata.type" = "#microsoft.graph.accessPackageMultipleChoiceQuestion"
			sequence = "1"
			isRequired = "true"
			isAnswerEditable = "true"
			text = "What country are you working from?"
			isMultipleSelectionAllowed = "false"
			choices = @(
				@{
					"@odata.type" = "microsoft.graph.accessPackageAnswerChoice"
					actualValue = "KE"
					text = "Kenya"
				}
				@{
					"@odata.type" = "microsoft.graph.accessPackageAnswerChoice"
					actualValue = "US"
					text = "United States"
				}
				@{
					"@odata.type" = "microsoft.graph.accessPackageAnswerChoice"
					actualValue = "GY"
					text = "Guyana"
				}
				@{
					"@odata.type" = "microsoft.graph.accessPackageAnswerChoice"
					actualValue = "BD"
					text = "Bangladesh"
				}
				@{
					"@odata.type" = "microsoft.graph.accessPackageAnswerChoice"
					actualValue = "JP"
					text = "Japan"
				}
			)
		}
		@{
			"@odata.type" = "#microsoft.graph.accessPackageTextInputQuestion"
			sequence = "2"
			isRequired = "true"
			isAnswerEditable = "true"
			text = "What do you do for work?"
			localizations = @(
				@{
					languageCode = "fr-CA"
					text = "Que fais-tu comme travail?"
				}
			)
			isSingleLineQuestion = "false"
			regexPattern = "[a-zA-Z]+[a-zA-Z\s]*"
		}
	)
	accessPackage = @{
		id = "977c7ff4-ef8f-4910-9d31-49048ddf3120"
	}
}

New-MgEntitlementManagementAssignmentPolicy -BodyParameter $params


# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.models.access_package_assignment_policy import AccessPackageAssignmentPolicy
from msgraph.generated.models.allowed_target_scope import AllowedTargetScope
from msgraph.generated.models.expiration_pattern import ExpirationPattern
from msgraph.generated.models.expiration_pattern_type import ExpirationPatternType
from msgraph.generated.models.access_package_assignment_requestor_settings import AccessPackageAssignmentRequestorSettings
from msgraph.generated.models.access_package_assignment_approval_settings import AccessPackageAssignmentApprovalSettings
from msgraph.generated.models.access_package_approval_stage import AccessPackageApprovalStage
from msgraph.generated.models.subject_set import SubjectSet
from msgraph.generated.models.single_user import SingleUser
from msgraph.generated.models.access_package_question import AccessPackageQuestion
from msgraph.generated.models.access_package_multiple_choice_question import AccessPackageMultipleChoiceQuestion
from msgraph.generated.models.access_package_answer_choice import AccessPackageAnswerChoice
from msgraph.generated.models.access_package_text_input_question import AccessPackageTextInputQuestion
from msgraph.generated.models.access_package_localized_text import AccessPackageLocalizedText
from msgraph.generated.models.access_package import AccessPackage
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = AccessPackageAssignmentPolicy(
	display_name = "A Policy With Questions",
	description = "",
	allowed_target_scope = AllowedTargetScope.AllMemberUsers,
	expiration = ExpirationPattern(
		type = ExpirationPatternType.NoExpiration,
	),
	requestor_settings = AccessPackageAssignmentRequestorSettings(
		enable_targets_to_self_add_access = True,
		enable_targets_to_self_update_access = True,
		enable_targets_to_self_remove_access = True,
	),
	request_approval_settings = AccessPackageAssignmentApprovalSettings(
		is_approval_required_for_add = True,
		is_approval_required_for_update = True,
		stages = [
			AccessPackageApprovalStage(
				duration_before_automatic_denial = "P7D",
				is_approver_justification_required = False,
				is_escalation_enabled = False,
				fallback_primary_approvers = [
				],
				escalation_approvers = [
				],
				fallback_escalation_approvers = [
				],
				primary_approvers = [
					SingleUser(
						odata_type = "#microsoft.graph.singleUser",
						user_id = "08a551cb-575a-4343-b914-f6e42798bd20",
					),
				],
			),
		],
	),
	questions = [
		AccessPackageMultipleChoiceQuestion(
			odata_type = "#microsoft.graph.accessPackageMultipleChoiceQuestion",
			sequence = 1,
			is_required = True,
			is_answer_editable = True,
			text = "What country are you working from?",
			is_multiple_selection_allowed = False,
			choices = [
				AccessPackageAnswerChoice(
					odata_type = "microsoft.graph.accessPackageAnswerChoice",
					actual_value = "KE",
					text = "Kenya",
				),
				AccessPackageAnswerChoice(
					odata_type = "microsoft.graph.accessPackageAnswerChoice",
					actual_value = "US",
					text = "United States",
				),
				AccessPackageAnswerChoice(
					odata_type = "microsoft.graph.accessPackageAnswerChoice",
					actual_value = "GY",
					text = "Guyana",
				),
				AccessPackageAnswerChoice(
					odata_type = "microsoft.graph.accessPackageAnswerChoice",
					actual_value = "BD",
					text = "Bangladesh",
				),
				AccessPackageAnswerChoice(
					odata_type = "microsoft.graph.accessPackageAnswerChoice",
					actual_value = "JP",
					text = "Japan",
				),
			],
		),
		AccessPackageTextInputQuestion(
			odata_type = "#microsoft.graph.accessPackageTextInputQuestion",
			sequence = 2,
			is_required = True,
			is_answer_editable = True,
			text = "What do you do for work?",
			localizations = [
				AccessPackageLocalizedText(
					language_code = "fr-CA",
					text = "Que fais-tu comme travail?",
				),
			],
			is_single_line_question = False,
			regex_pattern = "[a-zA-Z]+[a-zA-Z\s]*",
		),
	],
	access_package = AccessPackage(
		id = "977c7ff4-ef8f-4910-9d31-49048ddf3120",
	),
)

result = await graph_client.identity_governance.entitlement_management.assignment_policies.post(request_body)

Respuesta

HTTP/1.1 201 Created
Content-Type: application/json

{
    "id": "24e5711e-92f0-41e2-912d-9f4e005f36cc",
    "displayName": "A Policy With Questions",
    "allowedTargetScope": "allMemberUsers",
    "createdDateTime": "2022-09-30T20:32:07.1949218Z",
    "modifiedDateTime": "2022-09-30T20:32:07.4173893Z",
}

Ejemplo 5: Creación de una directiva y especificación de las fases para desencadenar extensiones personalizadas del paquete de acceso predefinido

En el ejemplo siguiente, el objeto accessPackageCustomWorkflowExtension predefinido se desencadena mediante la creación o aprobación de una solicitud de asignación de paquete de acceso. El identificador de la propiedad customExtension corresponde al identificador del objeto accessPackageCustomWorkflowExtension .

Solicitud

En el ejemplo siguiente se muestra la solicitud.

POST https://graph.microsoft.com/v1.0/identityGovernance/entitlementManagement/assignmentPolicies/
Content-type: application/json

{
    "displayName": "customExtensionStageSettings policy",
    "description": "policy with specified stages for custom extension assignment",
    "allowedTargetScope": "notSpecified",
    "specificAllowedTargets": [],
    "expiration": {
        "endDateTime": null,
        "duration": null,
        "type": "noExpiration"
    },
    "requestorSettings": {
        "enableTargetsToSelfAddAccess": false,
        "enableTargetsToSelfUpdateAccess": false,
        "enableTargetsToSelfRemoveAccess": false,
        "allowCustomAssignmentSchedule": true,
        "enableOnBehalfRequestorsToAddAccess": false,
        "enableOnBehalfRequestorsToUpdateAccess": false,
        "enableOnBehalfRequestorsToRemoveAccess": false,
        "onBehalfRequestors": []
    },
    "requestApprovalSettings": {
        "isApprovalRequiredForAdd": false,
        "isApprovalRequiredForUpdate": false,
        "stages": []
    },
    "accessPackage": {
        "id": "5ad1eb64-15f7-4614-b419-05d11ee266bf"
    },
    "customExtensionStageSettings": [
        {
            "stage": "assignmentRequestCreated",
            "customExtension": {
                "@odata.type": "#microsoft.graph.accessPackageAssignmentRequestWorkflowExtension",
                "id": "bebe7873-1f0d-4db9-b6c3-01f7ebfe8476"
            }
        }
    ]
}


// Code snippets are only available for the latest version. Current version is 5.x

// Dependencies
using Microsoft.Graph.Models;

var requestBody = new AccessPackageAssignmentPolicy
{
	DisplayName = "customExtensionStageSettings policy",
	Description = "policy with specified stages for custom extension assignment",
	AllowedTargetScope = AllowedTargetScope.NotSpecified,
	SpecificAllowedTargets = new List<SubjectSet>
	{
	},
	Expiration = new ExpirationPattern
	{
		EndDateTime = null,
		Duration = null,
		Type = ExpirationPatternType.NoExpiration,
	},
	RequestorSettings = new AccessPackageAssignmentRequestorSettings
	{
		EnableTargetsToSelfAddAccess = false,
		EnableTargetsToSelfUpdateAccess = false,
		EnableTargetsToSelfRemoveAccess = false,
		AllowCustomAssignmentSchedule = true,
		EnableOnBehalfRequestorsToAddAccess = false,
		EnableOnBehalfRequestorsToUpdateAccess = false,
		EnableOnBehalfRequestorsToRemoveAccess = false,
		OnBehalfRequestors = new List<SubjectSet>
		{
		},
	},
	RequestApprovalSettings = new AccessPackageAssignmentApprovalSettings
	{
		IsApprovalRequiredForAdd = false,
		IsApprovalRequiredForUpdate = false,
		Stages = new List<AccessPackageApprovalStage>
		{
		},
	},
	AccessPackage = new AccessPackage
	{
		Id = "5ad1eb64-15f7-4614-b419-05d11ee266bf",
	},
	CustomExtensionStageSettings = new List<CustomExtensionStageSetting>
	{
		new CustomExtensionStageSetting
		{
			Stage = AccessPackageCustomExtensionStage.AssignmentRequestCreated,
			CustomExtension = new AccessPackageAssignmentRequestWorkflowExtension
			{
				OdataType = "#microsoft.graph.accessPackageAssignmentRequestWorkflowExtension",
				Id = "bebe7873-1f0d-4db9-b6c3-01f7ebfe8476",
			},
		},
	},
};

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.EntitlementManagement.AssignmentPolicies.PostAsync(requestBody);



mgc identity-governance entitlement-management assignment-policies create --body '{\
    "displayName": "customExtensionStageSettings policy",\
    "description": "policy with specified stages for custom extension assignment",\
    "allowedTargetScope": "notSpecified",\
    "specificAllowedTargets": [],\
    "expiration": {\
        "endDateTime": null,\
        "duration": null,\
        "type": "noExpiration"\
    },\
    "requestorSettings": {\
        "enableTargetsToSelfAddAccess": false,\
        "enableTargetsToSelfUpdateAccess": false,\
        "enableTargetsToSelfRemoveAccess": false,\
        "allowCustomAssignmentSchedule": true,\
        "enableOnBehalfRequestorsToAddAccess": false,\
        "enableOnBehalfRequestorsToUpdateAccess": false,\
        "enableOnBehalfRequestorsToRemoveAccess": false,\
        "onBehalfRequestors": []\
    },\
    "requestApprovalSettings": {\
        "isApprovalRequiredForAdd": false,\
        "isApprovalRequiredForUpdate": false,\
        "stages": []\
    },\
    "accessPackage": {\
        "id": "5ad1eb64-15f7-4614-b419-05d11ee266bf"\
    },\
    "customExtensionStageSettings": [\
        {\
            "stage": "assignmentRequestCreated",\
            "customExtension": {\
                "@odata.type": "#microsoft.graph.accessPackageAssignmentRequestWorkflowExtension",\
                "id": "bebe7873-1f0d-4db9-b6c3-01f7ebfe8476"\
            }\
        }\
    ]\
}\
'



// Code snippets are only available for the latest major version. Current major version is $v1.*

// Dependencies
import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
	  graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
	  //other-imports
)

requestBody := graphmodels.NewAccessPackageAssignmentPolicy()
displayName := "customExtensionStageSettings policy"
requestBody.SetDisplayName(&displayName) 
description := "policy with specified stages for custom extension assignment"
requestBody.SetDescription(&description) 
allowedTargetScope := graphmodels.NOTSPECIFIED_ALLOWEDTARGETSCOPE 
requestBody.SetAllowedTargetScope(&allowedTargetScope) 
specificAllowedTargets := []graphmodels.SubjectSetable {

}
requestBody.SetSpecificAllowedTargets(specificAllowedTargets)
expiration := graphmodels.NewExpirationPattern()
endDateTime := null
expiration.SetEndDateTime(&endDateTime) 
duration := null
expiration.SetDuration(&duration) 
type := graphmodels.NOEXPIRATION_EXPIRATIONPATTERNTYPE 
expiration.SetType(&type) 
requestBody.SetExpiration(expiration)
requestorSettings := graphmodels.NewAccessPackageAssignmentRequestorSettings()
enableTargetsToSelfAddAccess := false
requestorSettings.SetEnableTargetsToSelfAddAccess(&enableTargetsToSelfAddAccess) 
enableTargetsToSelfUpdateAccess := false
requestorSettings.SetEnableTargetsToSelfUpdateAccess(&enableTargetsToSelfUpdateAccess) 
enableTargetsToSelfRemoveAccess := false
requestorSettings.SetEnableTargetsToSelfRemoveAccess(&enableTargetsToSelfRemoveAccess) 
allowCustomAssignmentSchedule := true
requestorSettings.SetAllowCustomAssignmentSchedule(&allowCustomAssignmentSchedule) 
enableOnBehalfRequestorsToAddAccess := false
requestorSettings.SetEnableOnBehalfRequestorsToAddAccess(&enableOnBehalfRequestorsToAddAccess) 
enableOnBehalfRequestorsToUpdateAccess := false
requestorSettings.SetEnableOnBehalfRequestorsToUpdateAccess(&enableOnBehalfRequestorsToUpdateAccess) 
enableOnBehalfRequestorsToRemoveAccess := false
requestorSettings.SetEnableOnBehalfRequestorsToRemoveAccess(&enableOnBehalfRequestorsToRemoveAccess) 
onBehalfRequestors := []graphmodels.SubjectSetable {

}
requestorSettings.SetOnBehalfRequestors(onBehalfRequestors)
requestBody.SetRequestorSettings(requestorSettings)
requestApprovalSettings := graphmodels.NewAccessPackageAssignmentApprovalSettings()
isApprovalRequiredForAdd := false
requestApprovalSettings.SetIsApprovalRequiredForAdd(&isApprovalRequiredForAdd) 
isApprovalRequiredForUpdate := false
requestApprovalSettings.SetIsApprovalRequiredForUpdate(&isApprovalRequiredForUpdate) 
stages := []graphmodels.AccessPackageApprovalStageable {

}
requestApprovalSettings.SetStages(stages)
requestBody.SetRequestApprovalSettings(requestApprovalSettings)
accessPackage := graphmodels.NewAccessPackage()
id := "5ad1eb64-15f7-4614-b419-05d11ee266bf"
accessPackage.SetId(&id) 
requestBody.SetAccessPackage(accessPackage)


customExtensionStageSetting := graphmodels.NewCustomExtensionStageSetting()
stage := graphmodels.ASSIGNMENTREQUESTCREATED_ACCESSPACKAGECUSTOMEXTENSIONSTAGE 
customExtensionStageSetting.SetStage(&stage) 
customExtension := graphmodels.NewAccessPackageAssignmentRequestWorkflowExtension()
id := "bebe7873-1f0d-4db9-b6c3-01f7ebfe8476"
customExtension.SetId(&id) 
customExtensionStageSetting.SetCustomExtension(customExtension)

customExtensionStageSettings := []graphmodels.CustomExtensionStageSettingable {
	customExtensionStageSetting,
}
requestBody.SetCustomExtensionStageSettings(customExtensionStageSettings)

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
assignmentPolicies, err := graphClient.IdentityGovernance().EntitlementManagement().AssignmentPolicies().Post(context.Background(), requestBody, nil)


// Code snippets are only available for the latest version. Current version is 6.x

GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);

AccessPackageAssignmentPolicy accessPackageAssignmentPolicy = new AccessPackageAssignmentPolicy();
accessPackageAssignmentPolicy.setDisplayName("customExtensionStageSettings policy");
accessPackageAssignmentPolicy.setDescription("policy with specified stages for custom extension assignment");
accessPackageAssignmentPolicy.setAllowedTargetScope(AllowedTargetScope.NotSpecified);
LinkedList<SubjectSet> specificAllowedTargets = new LinkedList<SubjectSet>();
accessPackageAssignmentPolicy.setSpecificAllowedTargets(specificAllowedTargets);
ExpirationPattern expiration = new ExpirationPattern();
expiration.setEndDateTime(null);
expiration.setDuration(null);
expiration.setType(ExpirationPatternType.NoExpiration);
accessPackageAssignmentPolicy.setExpiration(expiration);
AccessPackageAssignmentRequestorSettings requestorSettings = new AccessPackageAssignmentRequestorSettings();
requestorSettings.setEnableTargetsToSelfAddAccess(false);
requestorSettings.setEnableTargetsToSelfUpdateAccess(false);
requestorSettings.setEnableTargetsToSelfRemoveAccess(false);
requestorSettings.setAllowCustomAssignmentSchedule(true);
requestorSettings.setEnableOnBehalfRequestorsToAddAccess(false);
requestorSettings.setEnableOnBehalfRequestorsToUpdateAccess(false);
requestorSettings.setEnableOnBehalfRequestorsToRemoveAccess(false);
LinkedList<SubjectSet> onBehalfRequestors = new LinkedList<SubjectSet>();
requestorSettings.setOnBehalfRequestors(onBehalfRequestors);
accessPackageAssignmentPolicy.setRequestorSettings(requestorSettings);
AccessPackageAssignmentApprovalSettings requestApprovalSettings = new AccessPackageAssignmentApprovalSettings();
requestApprovalSettings.setIsApprovalRequiredForAdd(false);
requestApprovalSettings.setIsApprovalRequiredForUpdate(false);
LinkedList<AccessPackageApprovalStage> stages = new LinkedList<AccessPackageApprovalStage>();
requestApprovalSettings.setStages(stages);
accessPackageAssignmentPolicy.setRequestApprovalSettings(requestApprovalSettings);
AccessPackage accessPackage = new AccessPackage();
accessPackage.setId("5ad1eb64-15f7-4614-b419-05d11ee266bf");
accessPackageAssignmentPolicy.setAccessPackage(accessPackage);
LinkedList<CustomExtensionStageSetting> customExtensionStageSettings = new LinkedList<CustomExtensionStageSetting>();
CustomExtensionStageSetting customExtensionStageSetting = new CustomExtensionStageSetting();
customExtensionStageSetting.setStage(AccessPackageCustomExtensionStage.AssignmentRequestCreated);
AccessPackageAssignmentRequestWorkflowExtension customExtension = new AccessPackageAssignmentRequestWorkflowExtension();
customExtension.setOdataType("#microsoft.graph.accessPackageAssignmentRequestWorkflowExtension");
customExtension.setId("bebe7873-1f0d-4db9-b6c3-01f7ebfe8476");
customExtensionStageSetting.setCustomExtension(customExtension);
customExtensionStageSettings.add(customExtensionStageSetting);
accessPackageAssignmentPolicy.setCustomExtensionStageSettings(customExtensionStageSettings);
AccessPackageAssignmentPolicy result = graphClient.identityGovernance().entitlementManagement().assignmentPolicies().post(accessPackageAssignmentPolicy);


const options = {
	authProvider,
};

const client = Client.init(options);

const accessPackageAssignmentPolicy = {
    displayName: 'customExtensionStageSettings policy',
    description: 'policy with specified stages for custom extension assignment',
    allowedTargetScope: 'notSpecified',
    specificAllowedTargets: [],
    expiration: {
        endDateTime: null,
        duration: null,
        type: 'noExpiration'
    },
    requestorSettings: {
        enableTargetsToSelfAddAccess: false,
        enableTargetsToSelfUpdateAccess: false,
        enableTargetsToSelfRemoveAccess: false,
        allowCustomAssignmentSchedule: true,
        enableOnBehalfRequestorsToAddAccess: false,
        enableOnBehalfRequestorsToUpdateAccess: false,
        enableOnBehalfRequestorsToRemoveAccess: false,
        onBehalfRequestors: []
    },
    requestApprovalSettings: {
        isApprovalRequiredForAdd: false,
        isApprovalRequiredForUpdate: false,
        stages: []
    },
    accessPackage: {
        id: '5ad1eb64-15f7-4614-b419-05d11ee266bf'
    },
    customExtensionStageSettings: [
        {
            stage: 'assignmentRequestCreated',
            customExtension: {
                '@odata.type': '#microsoft.graph.accessPackageAssignmentRequestWorkflowExtension',
                id: 'bebe7873-1f0d-4db9-b6c3-01f7ebfe8476'
            }
        }
    ]
};

await client.api('/identityGovernance/entitlementManagement/assignmentPolicies/')
	.post(accessPackageAssignmentPolicy);


<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\AccessPackageAssignmentPolicy;
use Microsoft\Graph\Generated\Models\AllowedTargetScope;
use Microsoft\Graph\Generated\Models\SubjectSet;
use Microsoft\Graph\Generated\Models\ExpirationPattern;
use Microsoft\Graph\Generated\Models\ExpirationPatternType;
use Microsoft\Graph\Generated\Models\AccessPackageAssignmentRequestorSettings;
use Microsoft\Graph\Generated\Models\AccessPackageAssignmentApprovalSettings;
use Microsoft\Graph\Generated\Models\AccessPackageApprovalStage;
use Microsoft\Graph\Generated\Models\AccessPackage;
use Microsoft\Graph\Generated\Models\CustomExtensionStageSetting;
use Microsoft\Graph\Generated\Models\AccessPackageCustomExtensionStage;
use Microsoft\Graph\Generated\Models\AccessPackageAssignmentRequestWorkflowExtension;


$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);

$requestBody = new AccessPackageAssignmentPolicy();
$requestBody->setDisplayName('customExtensionStageSettings policy');
$requestBody->setDescription('policy with specified stages for custom extension assignment');
$requestBody->setAllowedTargetScope(new AllowedTargetScope('notSpecified'));
$requestBody->setSpecificAllowedTargets([	]);
$expiration = new ExpirationPattern();
$expiration->setEndDateTime(null);
$expiration->setDuration(null);
$expiration->setType(new ExpirationPatternType('noExpiration'));
$requestBody->setExpiration($expiration);
$requestorSettings = new AccessPackageAssignmentRequestorSettings();
$requestorSettings->setEnableTargetsToSelfAddAccess(false);
$requestorSettings->setEnableTargetsToSelfUpdateAccess(false);
$requestorSettings->setEnableTargetsToSelfRemoveAccess(false);
$requestorSettings->setAllowCustomAssignmentSchedule(true);
$requestorSettings->setEnableOnBehalfRequestorsToAddAccess(false);
$requestorSettings->setEnableOnBehalfRequestorsToUpdateAccess(false);
$requestorSettings->setEnableOnBehalfRequestorsToRemoveAccess(false);
$requestorSettings->setOnBehalfRequestors([	]);
$requestBody->setRequestorSettings($requestorSettings);
$requestApprovalSettings = new AccessPackageAssignmentApprovalSettings();
$requestApprovalSettings->setIsApprovalRequiredForAdd(false);
$requestApprovalSettings->setIsApprovalRequiredForUpdate(false);
$requestApprovalSettings->setStages([	]);
$requestBody->setRequestApprovalSettings($requestApprovalSettings);
$accessPackage = new AccessPackage();
$accessPackage->setId('5ad1eb64-15f7-4614-b419-05d11ee266bf');
$requestBody->setAccessPackage($accessPackage);
$customExtensionStageSettingsCustomExtensionStageSetting1 = new CustomExtensionStageSetting();
$customExtensionStageSettingsCustomExtensionStageSetting1->setStage(new AccessPackageCustomExtensionStage('assignmentRequestCreated'));
$customExtensionStageSettingsCustomExtensionStageSetting1CustomExtension = new AccessPackageAssignmentRequestWorkflowExtension();
$customExtensionStageSettingsCustomExtensionStageSetting1CustomExtension->setOdataType('#microsoft.graph.accessPackageAssignmentRequestWorkflowExtension');
$customExtensionStageSettingsCustomExtensionStageSetting1CustomExtension->setId('bebe7873-1f0d-4db9-b6c3-01f7ebfe8476');
$customExtensionStageSettingsCustomExtensionStageSetting1->setCustomExtension($customExtensionStageSettingsCustomExtensionStageSetting1CustomExtension);
$customExtensionStageSettingsArray []= $customExtensionStageSettingsCustomExtensionStageSetting1;
$requestBody->setCustomExtensionStageSettings($customExtensionStageSettingsArray);


$result = $graphServiceClient->identityGovernance()->entitlementManagement()->assignmentPolicies()->post($requestBody)->wait();


Import-Module Microsoft.Graph.Identity.Governance

$params = @{
	displayName = "customExtensionStageSettings policy"
	description = "policy with specified stages for custom extension assignment"
	allowedTargetScope = "notSpecified"
	specificAllowedTargets = @(
	)
	expiration = @{
		endDateTime = $null
		duration = $null
		type = "noExpiration"
	}
	requestorSettings = @{
		enableTargetsToSelfAddAccess = $false
		enableTargetsToSelfUpdateAccess = $false
		enableTargetsToSelfRemoveAccess = $false
		allowCustomAssignmentSchedule = $true
		enableOnBehalfRequestorsToAddAccess = $false
		enableOnBehalfRequestorsToUpdateAccess = $false
		enableOnBehalfRequestorsToRemoveAccess = $false
		onBehalfRequestors = @(
		)
	}
	requestApprovalSettings = @{
		isApprovalRequiredForAdd = $false
		isApprovalRequiredForUpdate = $false
		stages = @(
		)
	}
	accessPackage = @{
		id = "5ad1eb64-15f7-4614-b419-05d11ee266bf"
	}
	customExtensionStageSettings = @(
		@{
			stage = "assignmentRequestCreated"
			customExtension = @{
				"@odata.type" = "#microsoft.graph.accessPackageAssignmentRequestWorkflowExtension"
				id = "bebe7873-1f0d-4db9-b6c3-01f7ebfe8476"
			}
		}
	)
}

New-MgEntitlementManagementAssignmentPolicy -BodyParameter $params


# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.models.access_package_assignment_policy import AccessPackageAssignmentPolicy
from msgraph.generated.models.allowed_target_scope import AllowedTargetScope
from msgraph.generated.models.subject_set import SubjectSet
from msgraph.generated.models.expiration_pattern import ExpirationPattern
from msgraph.generated.models.expiration_pattern_type import ExpirationPatternType
from msgraph.generated.models.access_package_assignment_requestor_settings import AccessPackageAssignmentRequestorSettings
from msgraph.generated.models.access_package_assignment_approval_settings import AccessPackageAssignmentApprovalSettings
from msgraph.generated.models.access_package_approval_stage import AccessPackageApprovalStage
from msgraph.generated.models.access_package import AccessPackage
from msgraph.generated.models.custom_extension_stage_setting import CustomExtensionStageSetting
from msgraph.generated.models.access_package_custom_extension_stage import AccessPackageCustomExtensionStage
from msgraph.generated.models.access_package_assignment_request_workflow_extension import AccessPackageAssignmentRequestWorkflowExtension
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = AccessPackageAssignmentPolicy(
	display_name = "customExtensionStageSettings policy",
	description = "policy with specified stages for custom extension assignment",
	allowed_target_scope = AllowedTargetScope.NotSpecified,
	specific_allowed_targets = [
	],
	expiration = ExpirationPattern(
		end_date_time = None,
		duration = None,
		type = ExpirationPatternType.NoExpiration,
	),
	requestor_settings = AccessPackageAssignmentRequestorSettings(
		enable_targets_to_self_add_access = False,
		enable_targets_to_self_update_access = False,
		enable_targets_to_self_remove_access = False,
		allow_custom_assignment_schedule = True,
		enable_on_behalf_requestors_to_add_access = False,
		enable_on_behalf_requestors_to_update_access = False,
		enable_on_behalf_requestors_to_remove_access = False,
		on_behalf_requestors = [
		],
	),
	request_approval_settings = AccessPackageAssignmentApprovalSettings(
		is_approval_required_for_add = False,
		is_approval_required_for_update = False,
		stages = [
		],
	),
	access_package = AccessPackage(
		id = "5ad1eb64-15f7-4614-b419-05d11ee266bf",
	),
	custom_extension_stage_settings = [
		CustomExtensionStageSetting(
			stage = AccessPackageCustomExtensionStage.AssignmentRequestCreated,
			custom_extension = AccessPackageAssignmentRequestWorkflowExtension(
				odata_type = "#microsoft.graph.accessPackageAssignmentRequestWorkflowExtension",
				id = "bebe7873-1f0d-4db9-b6c3-01f7ebfe8476",
			),
		),
	],
)

result = await graph_client.identity_governance.entitlement_management.assignment_policies.post(request_body)

Respuesta

En el ejemplo siguiente se muestra la respuesta. El objeto customExtensionStageSettings no se devuelve de forma predeterminada. Para recuperar este objeto, use el método GET accessPackageAssignmentPolicy con $expand. Para obtener más información, vea Ejemplo 2: Recuperar la configuración de la fase de extensión personalizada para una directiva.

HTTP/1.1 201 Created
Content-type: application/json

{
  "id": "d0324cbb-24a2-4edb-acca-fee5384c6a5e",
  "displayName": "customExtensionStageSettings policy",
  "description": "policy with specified stages for custom extension assignment",
  "canExtend": false,
  "durationInDays": 0,
  "expirationDateTime": null,
  "accessPackageId": "5ad1eb64-15f7-4614-b419-05d11ee266bf",
  "accessReviewSettings": null,
  "questions": [],
  "requestorSettings": {
    "scopeType": "AllExistingDirectorySubjects",
    "acceptRequests": true,
    "allowedRequestors": []
  },
  "requestApprovalSettings": {
    "isApprovalRequired": false,
    "isApprovalRequiredForExtension": false,
    "isRequestorJustificationRequired": false,
    "approvalMode": "NoApproval",
    "approvalStages": []
  },
  "customExtensionStageSettings": [
        {
            "stage": "assignmentRequestCreated",
            "customExtension": {
                "@odata.type": "#microsoft.graph.accessPackageAssignmentRequestWorkflowExtension",
                "id": "bebe7873-1f0d-4db9-b6c3-01f7ebfe8476"
            }
        }
    ]
}

Compartir vía

Crear assignmentPolicies

Permissions

Solicitud HTTP

Encabezados de solicitud

Cuerpo de la solicitud

Respuesta

Ejemplos

Ejemplo 1: Creación de una directiva de asignación directa

Solicitud

Respuesta

Ejemplo 2: Creación de una directiva para que los usuarios de otras organizaciones soliciten

Solicitud

Respuesta

Ejemplo 3: Creación de una directiva que crea automáticamente asignaciones basadas en una regla de pertenencia

Solicitud

Respuesta

Ejemplo 4: Cree una directiva en la que se pida a los solicitantes que respondan a las preguntas mientras solicitan acceso para proporcionar información adicional a los aprobadores.

Solicitud

Respuesta

Ejemplo 5: Creación de una directiva y especificación de las fases para desencadenar extensiones personalizadas del paquete de acceso predefinido

Solicitud

Respuesta

Comentarios

Recursos adicionales