Les API de gestion des autorisations vous permettent de découvrir les autorisations attribuées à toutes les identités dans plusieurs clouds . demander des autorisations ; approuver, rejeter et annuler des demandes d’autorisations. Cet article fournit un guide de référence rapide pour les opérations d’API sur les systèmes d’autorisation AWS, pris en charge par le biais des API de gestion des autorisations.
Répertorier tous les systèmes d’autorisation intégrés à Permissions Management.
Filtrez les systèmes d’autorisation par nom.
Répertoriez les systèmes d’autorisation AWS intégrés à Permissions Management en filtrant par la propriété authorizationSystemType .
Répertoriez les systèmes d’autorisation AWS intégrés à Permissions Management.
Identifiez tous les systèmes d’autorisation AWS qui sont en ligne et dont la fonctionnalité de modification des autorisations est activée.
Par ID de clé primaire.
Par id externe de clé alternative.
Par ID de rôle de clé primaire.
Par id externe de clé alternative.
Par ID d’utilisateur de clé primaire.
Par id externe de clé alternative.
Répertorier toutes les actions.
Répertorier les actions d’un service spécifique dans un système d’autorisation AWS.
Répertorier les actions de suppression à haut risque pour un service spécifique dans le système d’autorisation AWS
Par ID d’action de clé primaire.
Par id externe de clé alternative.
Répertorier toutes les stratégies.
Répertorier toutes les stratégies correspondant à un nom de stratégie spécifique.
Répertorie toutes les stratégies pour lesquelles le nom de la stratégie contient une chaîne spécifique.
Répertorier toutes les stratégies personnalisées.
Par ID de stratégie de clé primaire.
Par id externe de clé alternative.
Par ID de ressource de clé primaire.
Par id externe de clé alternative.
POST https://graph.microsoft.com/beta/identityGovernance/permissionsManagement/scheduledPermissionsRequests
Content-Type: application/json
{
"requestedPermissions": {
"@odata.type": "#microsoft.graph.awsPermissionsDefinition",
"authorizationSystemInfo": {
"authorizationSystemId": "956987887735",
"authorizationSystemType": "AWS"
},
"actionInfo": {
"@odata.type": "microsoft.graph.awsPolicyPermissionsDefinitionAction",
"policies": [
{
"id": "arn:aws:iam::956987887735:policy/AddUserToGroup"
}
],
"assignToRoleId": "arn:aws:aim::956987887735:role/saml-user"
},
"identityInfo": {
"externalId": "alex@contoso.com",
"source": {
"@odata.type": "microsoft.graph.samlIdentitySource"
},
"identityType": "user"
}
},
"justification": "I need to do this because I want to add a user to a group",
"notes": "Pretty Please",
"scheduleInfo": {
"expiration": {
"duration": "PT1H"
}
},
"ticketInfo": {
"ticketNumber": "INC1234567",
"ticketSystem": "ServiceNow",
"ticketSubmitterIdentityId": "alex@contoso.com",
"ticketApproverIdentityId": "alexmanager@contoso.com"
}
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models;
var requestBody = new ScheduledPermissionsRequest
{
RequestedPermissions = new AwsPermissionsDefinition
{
OdataType = "#microsoft.graph.awsPermissionsDefinition",
AuthorizationSystemInfo = new PermissionsDefinitionAuthorizationSystem
{
AuthorizationSystemId = "956987887735",
AuthorizationSystemType = "AWS",
},
ActionInfo = new AwsPolicyPermissionsDefinitionAction
{
OdataType = "microsoft.graph.awsPolicyPermissionsDefinitionAction",
Policies = new List<PermissionsDefinitionAwsPolicy>
{
new PermissionsDefinitionAwsPolicy
{
Id = "arn:aws:iam::956987887735:policy/AddUserToGroup",
},
},
AssignToRoleId = "arn:aws:aim::956987887735:role/saml-user",
},
IdentityInfo = new PermissionsDefinitionAuthorizationSystemIdentity
{
ExternalId = "alex@contoso.com",
Source = new SamlIdentitySource
{
OdataType = "microsoft.graph.samlIdentitySource",
},
IdentityType = PermissionsDefinitionIdentityType.User,
},
},
Justification = "I need to do this because I want to add a user to a group",
Notes = "Pretty Please",
ScheduleInfo = new RequestSchedule
{
Expiration = new ExpirationPattern
{
Duration = TimeSpan.Parse("PT1H"),
},
},
TicketInfo = new TicketInfo
{
TicketNumber = "INC1234567",
TicketSystem = "ServiceNow",
TicketSubmitterIdentityId = "alex@contoso.com",
TicketApproverIdentityId = "alexmanager@contoso.com",
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.PermissionsManagement.ScheduledPermissionsRequests.PostAsync(requestBody);
Pour plus d’informations sur l’ajout du SDK à votre projet et la création d’un instance authProvider, consultez la documentation du Kit de développement logiciel (SDK).
mgc-beta identity-governance permissions-management scheduled-permissions-requests post --body '{\
"requestedPermissions": {\
"@odata.type": "#microsoft.graph.awsPermissionsDefinition",\
"authorizationSystemInfo": {\
"authorizationSystemId": "956987887735",\
"authorizationSystemType": "AWS"\
},\
"actionInfo": {\
"@odata.type": "microsoft.graph.awsPolicyPermissionsDefinitionAction",\
"policies": [\
{\
"id": "arn:aws:iam::956987887735:policy/AddUserToGroup"\
}\
],\
"assignToRoleId": "arn:aws:aim::956987887735:role/saml-user"\
},\
"identityInfo": {\
"externalId": "alex@contoso.com",\
"source": {\
"@odata.type": "microsoft.graph.samlIdentitySource"\
},\
"identityType": "user"\
}\
},\
"justification": "I need to do this because I want to add a user to a group",\
"notes": "Pretty Please",\
"scheduleInfo": {\
"expiration": {\
"duration": "PT1H"\
}\
},\
"ticketInfo": {\
"ticketNumber": "INC1234567",\
"ticketSystem": "ServiceNow",\
"ticketSubmitterIdentityId": "alex@contoso.com",\
"ticketApproverIdentityId": "alexmanager@contoso.com"\
}\
}\
'
Pour plus d’informations sur l’ajout du SDK à votre projet et la création d’un instance authProvider, consultez la documentation du Kit de développement logiciel (SDK).
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewScheduledPermissionsRequest()
requestedPermissions := graphmodels.NewAwsPermissionsDefinition()
authorizationSystemInfo := graphmodels.NewPermissionsDefinitionAuthorizationSystem()
authorizationSystemId := "956987887735"
authorizationSystemInfo.SetAuthorizationSystemId(&authorizationSystemId)
authorizationSystemType := "AWS"
authorizationSystemInfo.SetAuthorizationSystemType(&authorizationSystemType)
requestedPermissions.SetAuthorizationSystemInfo(authorizationSystemInfo)
actionInfo := graphmodels.NewAwsPolicyPermissionsDefinitionAction()
permissionsDefinitionAwsPolicy := graphmodels.NewPermissionsDefinitionAwsPolicy()
id := "arn:aws:iam::956987887735:policy/AddUserToGroup"
permissionsDefinitionAwsPolicy.SetId(&id)
policies := []graphmodels.PermissionsDefinitionAwsPolicyable {
permissionsDefinitionAwsPolicy,
}
actionInfo.SetPolicies(policies)
assignToRoleId := "arn:aws:aim::956987887735:role/saml-user"
actionInfo.SetAssignToRoleId(&assignToRoleId)
requestedPermissions.SetActionInfo(actionInfo)
identityInfo := graphmodels.NewPermissionsDefinitionAuthorizationSystemIdentity()
externalId := "alex@contoso.com"
identityInfo.SetExternalId(&externalId)
source := graphmodels.NewSamlIdentitySource()
identityInfo.SetSource(source)
identityType := graphmodels.USER_PERMISSIONSDEFINITIONIDENTITYTYPE
identityInfo.SetIdentityType(&identityType)
requestedPermissions.SetIdentityInfo(identityInfo)
requestBody.SetRequestedPermissions(requestedPermissions)
justification := "I need to do this because I want to add a user to a group"
requestBody.SetJustification(&justification)
notes := "Pretty Please"
requestBody.SetNotes(¬es)
scheduleInfo := graphmodels.NewRequestSchedule()
expiration := graphmodels.NewExpirationPattern()
duration , err := abstractions.ParseISODuration("PT1H")
expiration.SetDuration(&duration)
scheduleInfo.SetExpiration(expiration)
requestBody.SetScheduleInfo(scheduleInfo)
ticketInfo := graphmodels.NewTicketInfo()
ticketNumber := "INC1234567"
ticketInfo.SetTicketNumber(&ticketNumber)
ticketSystem := "ServiceNow"
ticketInfo.SetTicketSystem(&ticketSystem)
ticketSubmitterIdentityId := "alex@contoso.com"
ticketInfo.SetTicketSubmitterIdentityId(&ticketSubmitterIdentityId)
ticketApproverIdentityId := "alexmanager@contoso.com"
ticketInfo.SetTicketApproverIdentityId(&ticketApproverIdentityId)
requestBody.SetTicketInfo(ticketInfo)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
scheduledPermissionsRequests, err := graphClient.IdentityGovernance().PermissionsManagement().ScheduledPermissionsRequests().Post(context.Background(), requestBody, nil)
Pour plus d’informations sur l’ajout du SDK à votre projet et la création d’un instance authProvider, consultez la documentation du Kit de développement logiciel (SDK).
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
ScheduledPermissionsRequest scheduledPermissionsRequest = new ScheduledPermissionsRequest();
AwsPermissionsDefinition requestedPermissions = new AwsPermissionsDefinition();
requestedPermissions.setOdataType("#microsoft.graph.awsPermissionsDefinition");
PermissionsDefinitionAuthorizationSystem authorizationSystemInfo = new PermissionsDefinitionAuthorizationSystem();
authorizationSystemInfo.setAuthorizationSystemId("956987887735");
authorizationSystemInfo.setAuthorizationSystemType("AWS");
requestedPermissions.setAuthorizationSystemInfo(authorizationSystemInfo);
AwsPolicyPermissionsDefinitionAction actionInfo = new AwsPolicyPermissionsDefinitionAction();
actionInfo.setOdataType("microsoft.graph.awsPolicyPermissionsDefinitionAction");
LinkedList<PermissionsDefinitionAwsPolicy> policies = new LinkedList<PermissionsDefinitionAwsPolicy>();
PermissionsDefinitionAwsPolicy permissionsDefinitionAwsPolicy = new PermissionsDefinitionAwsPolicy();
permissionsDefinitionAwsPolicy.setId("arn:aws:iam::956987887735:policy/AddUserToGroup");
policies.add(permissionsDefinitionAwsPolicy);
actionInfo.setPolicies(policies);
actionInfo.setAssignToRoleId("arn:aws:aim::956987887735:role/saml-user");
requestedPermissions.setActionInfo(actionInfo);
PermissionsDefinitionAuthorizationSystemIdentity identityInfo = new PermissionsDefinitionAuthorizationSystemIdentity();
identityInfo.setExternalId("alex@contoso.com");
SamlIdentitySource source = new SamlIdentitySource();
source.setOdataType("microsoft.graph.samlIdentitySource");
identityInfo.setSource(source);
identityInfo.setIdentityType(PermissionsDefinitionIdentityType.User);
requestedPermissions.setIdentityInfo(identityInfo);
scheduledPermissionsRequest.setRequestedPermissions(requestedPermissions);
scheduledPermissionsRequest.setJustification("I need to do this because I want to add a user to a group");
scheduledPermissionsRequest.setNotes("Pretty Please");
RequestSchedule scheduleInfo = new RequestSchedule();
ExpirationPattern expiration = new ExpirationPattern();
PeriodAndDuration duration = PeriodAndDuration.ofDuration(Duration.parse("PT1H"));
expiration.setDuration(duration);
scheduleInfo.setExpiration(expiration);
scheduledPermissionsRequest.setScheduleInfo(scheduleInfo);
TicketInfo ticketInfo = new TicketInfo();
ticketInfo.setTicketNumber("INC1234567");
ticketInfo.setTicketSystem("ServiceNow");
ticketInfo.setTicketSubmitterIdentityId("alex@contoso.com");
ticketInfo.setTicketApproverIdentityId("alexmanager@contoso.com");
scheduledPermissionsRequest.setTicketInfo(ticketInfo);
ScheduledPermissionsRequest result = graphClient.identityGovernance().permissionsManagement().scheduledPermissionsRequests().post(scheduledPermissionsRequest);
Pour plus d’informations sur l’ajout du SDK à votre projet et la création d’un instance authProvider, consultez la documentation du Kit de développement logiciel (SDK).
const options = {
authProvider,
};
const client = Client.init(options);
const scheduledPermissionsRequest = {
requestedPermissions: {
'@odata.type': '#microsoft.graph.awsPermissionsDefinition',
authorizationSystemInfo: {
authorizationSystemId: '956987887735',
authorizationSystemType: 'AWS'
},
actionInfo: {
'@odata.type': 'microsoft.graph.awsPolicyPermissionsDefinitionAction',
policies: [
{
id: 'arn:aws:iam::956987887735:policy/AddUserToGroup'
}
],
assignToRoleId: 'arn:aws:aim::956987887735:role/saml-user'
},
identityInfo: {
externalId: 'alex@contoso.com',
source: {
'@odata.type': 'microsoft.graph.samlIdentitySource'
},
identityType: 'user'
}
},
justification: 'I need to do this because I want to add a user to a group',
notes: 'Pretty Please',
scheduleInfo: {
expiration: {
duration: 'PT1H'
}
},
ticketInfo: {
ticketNumber: 'INC1234567',
ticketSystem: 'ServiceNow',
ticketSubmitterIdentityId: 'alex@contoso.com',
ticketApproverIdentityId: 'alexmanager@contoso.com'
}
};
await client.api('/identityGovernance/permissionsManagement/scheduledPermissionsRequests')
.version('beta')
.post(scheduledPermissionsRequest);
Pour plus d’informations sur l’ajout du SDK à votre projet et la création d’un instance authProvider, consultez la documentation du Kit de développement logiciel (SDK).
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\ScheduledPermissionsRequest;
use Microsoft\Graph\Beta\Generated\Models\AwsPermissionsDefinition;
use Microsoft\Graph\Beta\Generated\Models\PermissionsDefinitionAuthorizationSystem;
use Microsoft\Graph\Beta\Generated\Models\AwsPolicyPermissionsDefinitionAction;
use Microsoft\Graph\Beta\Generated\Models\PermissionsDefinitionAwsPolicy;
use Microsoft\Graph\Beta\Generated\Models\PermissionsDefinitionAuthorizationSystemIdentity;
use Microsoft\Graph\Beta\Generated\Models\SamlIdentitySource;
use Microsoft\Graph\Beta\Generated\Models\PermissionsDefinitionIdentityType;
use Microsoft\Graph\Beta\Generated\Models\RequestSchedule;
use Microsoft\Graph\Beta\Generated\Models\ExpirationPattern;
use Microsoft\Graph\Beta\Generated\Models\TicketInfo;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new ScheduledPermissionsRequest();
$requestedPermissions = new AwsPermissionsDefinition();
$requestedPermissions->setOdataType('#microsoft.graph.awsPermissionsDefinition');
$requestedPermissionsAuthorizationSystemInfo = new PermissionsDefinitionAuthorizationSystem();
$requestedPermissionsAuthorizationSystemInfo->setAuthorizationSystemId('956987887735');
$requestedPermissionsAuthorizationSystemInfo->setAuthorizationSystemType('AWS');
$requestedPermissions->setAuthorizationSystemInfo($requestedPermissionsAuthorizationSystemInfo);
$requestedPermissionsActionInfo = new AwsPolicyPermissionsDefinitionAction();
$requestedPermissionsActionInfo->setOdataType('microsoft.graph.awsPolicyPermissionsDefinitionAction');
$policiesPermissionsDefinitionAwsPolicy1 = new PermissionsDefinitionAwsPolicy();
$policiesPermissionsDefinitionAwsPolicy1->setId('arn:aws:iam::956987887735:policy/AddUserToGroup');
$policiesArray []= $policiesPermissionsDefinitionAwsPolicy1;
$requestedPermissionsActionInfo->setPolicies($policiesArray);
$requestedPermissionsActionInfo->setAssignToRoleId('arn:aws:aim::956987887735:role/saml-user');
$requestedPermissions->setActionInfo($requestedPermissionsActionInfo);
$requestedPermissionsIdentityInfo = new PermissionsDefinitionAuthorizationSystemIdentity();
$requestedPermissionsIdentityInfo->setExternalId('alex@contoso.com');
$requestedPermissionsIdentityInfoSource = new SamlIdentitySource();
$requestedPermissionsIdentityInfoSource->setOdataType('microsoft.graph.samlIdentitySource');
$requestedPermissionsIdentityInfo->setSource($requestedPermissionsIdentityInfoSource);
$requestedPermissionsIdentityInfo->setIdentityType(new PermissionsDefinitionIdentityType('user'));
$requestedPermissions->setIdentityInfo($requestedPermissionsIdentityInfo);
$requestBody->setRequestedPermissions($requestedPermissions);
$requestBody->setJustification('I need to do this because I want to add a user to a group');
$requestBody->setNotes('Pretty Please');
$scheduleInfo = new RequestSchedule();
$scheduleInfoExpiration = new ExpirationPattern();
$scheduleInfoExpiration->setDuration(new \DateInterval('PT1H'));
$scheduleInfo->setExpiration($scheduleInfoExpiration);
$requestBody->setScheduleInfo($scheduleInfo);
$ticketInfo = new TicketInfo();
$ticketInfo->setTicketNumber('INC1234567');
$ticketInfo->setTicketSystem('ServiceNow');
$ticketInfo->setTicketSubmitterIdentityId('alex@contoso.com');
$ticketInfo->setTicketApproverIdentityId('alexmanager@contoso.com');
$requestBody->setTicketInfo($ticketInfo);
$result = $graphServiceClient->identityGovernance()->permissionsManagement()->scheduledPermissionsRequests()->post($requestBody)->wait();
Pour plus d’informations sur l’ajout du SDK à votre projet et la création d’un instance authProvider, consultez la documentation du Kit de développement logiciel (SDK).
Import-Module Microsoft.Graph.Beta.Identity.Governance
$params = @{
requestedPermissions = @{
"@odata.type" = "#microsoft.graph.awsPermissionsDefinition"
authorizationSystemInfo = @{
authorizationSystemId = "956987887735"
authorizationSystemType = "AWS"
}
actionInfo = @{
"@odata.type" = "microsoft.graph.awsPolicyPermissionsDefinitionAction"
policies = @(
@{
id = "arn:aws:iam::956987887735:policy/AddUserToGroup"
}
)
assignToRoleId = "arn:aws:aim::956987887735:role/saml-user"
}
identityInfo = @{
externalId = "alex@contoso.com"
source = @{
"@odata.type" = "microsoft.graph.samlIdentitySource"
}
identityType = "user"
}
}
justification = "I need to do this because I want to add a user to a group"
notes = "Pretty Please"
scheduleInfo = @{
expiration = @{
duration = "PT1H"
}
}
ticketInfo = @{
ticketNumber = "INC1234567"
ticketSystem = "ServiceNow"
ticketSubmitterIdentityId = "alex@contoso.com"
ticketApproverIdentityId = "alexmanager@contoso.com"
}
}
New-MgBetaIdentityGovernancePermissionManagementScheduledPermissionRequest -BodyParameter $params
Pour plus d’informations sur l’ajout du SDK à votre projet et la création d’un instance authProvider, consultez la documentation du Kit de développement logiciel (SDK).
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.scheduled_permissions_request import ScheduledPermissionsRequest
from msgraph_beta.generated.models.aws_permissions_definition import AwsPermissionsDefinition
from msgraph_beta.generated.models.permissions_definition_authorization_system import PermissionsDefinitionAuthorizationSystem
from msgraph_beta.generated.models.aws_policy_permissions_definition_action import AwsPolicyPermissionsDefinitionAction
from msgraph_beta.generated.models.permissions_definition_aws_policy import PermissionsDefinitionAwsPolicy
from msgraph_beta.generated.models.permissions_definition_authorization_system_identity import PermissionsDefinitionAuthorizationSystemIdentity
from msgraph_beta.generated.models.saml_identity_source import SamlIdentitySource
from msgraph_beta.generated.models.permissions_definition_identity_type import PermissionsDefinitionIdentityType
from msgraph_beta.generated.models.request_schedule import RequestSchedule
from msgraph_beta.generated.models.expiration_pattern import ExpirationPattern
from msgraph_beta.generated.models.ticket_info import TicketInfo
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = ScheduledPermissionsRequest(
requested_permissions = AwsPermissionsDefinition(
odata_type = "#microsoft.graph.awsPermissionsDefinition",
authorization_system_info = PermissionsDefinitionAuthorizationSystem(
authorization_system_id = "956987887735",
authorization_system_type = "AWS",
),
action_info = AwsPolicyPermissionsDefinitionAction(
odata_type = "microsoft.graph.awsPolicyPermissionsDefinitionAction",
policies = [
PermissionsDefinitionAwsPolicy(
id = "arn:aws:iam::956987887735:policy/AddUserToGroup",
),
],
assign_to_role_id = "arn:aws:aim::956987887735:role/saml-user",
),
identity_info = PermissionsDefinitionAuthorizationSystemIdentity(
external_id = "alex@contoso.com",
source = SamlIdentitySource(
odata_type = "microsoft.graph.samlIdentitySource",
),
identity_type = PermissionsDefinitionIdentityType.User,
),
),
justification = "I need to do this because I want to add a user to a group",
notes = "Pretty Please",
schedule_info = RequestSchedule(
expiration = ExpirationPattern(
duration = "PT1H",
),
),
ticket_info = TicketInfo(
ticket_number = "INC1234567",
ticket_system = "ServiceNow",
ticket_submitter_identity_id = "alex@contoso.com",
ticket_approver_identity_id = "alexmanager@contoso.com",
),
)
result = await graph_client.identity_governance.permissions_management.scheduled_permissions_requests.post(request_body)
Pour plus d’informations sur l’ajout du SDK à votre projet et la création d’un instance authProvider, consultez la documentation du Kit de développement logiciel (SDK).
POST https://graph.microsoft.com/beta/identityGovernance/permissionsManagement/scheduledPermissionsRequests
Content-Type: application/json
{
"requestedPermissions": {
"@odata.type": "microsoft.graph.awsPermissionsDefinition",
"authorizationSystemInfo": {
"authorizationSystemId": "956987887735",
"authorizationSystemType": "AWS"
},
"actionInfo": {
"@odata.type": "microsoft.graph.awsActionsPermissionsDefinitionAction",
"statements": [
{
"statementId": "test1",
"actions": ["s3:AbortMultipartUpload", "s3:CreateBucket"],
"notActions": [],
"resources": ["*"],
"notResources": [],
"effect": "allow",
"condition": {
"NumericLessThanEquals": { "aws:MultiFactorAuthAge": "3600" }
}
},
{
"statementId": "test2",
"actions": ["s3:Delete:*"],
"notActions": [],
"resources": ["*"],
"notResources": [],
"effect": "allow",
"condition": {
"NumericLessThanEquals": { "aws:MultiFactorAuthAge": "3600" }
}
}
],
"assignToRoleId": "arn:aws:iam::956987887735:role/ck-saml-power-user"
},
"identityInfo": {
"externalId": "rsn:alex@contoso.com",
"source": {
"@odata.type": "microsoft.graph.samlIdentitySource"
},
"identityType": "user"
}
},
"justification": "I need to do this because I want to access S3 resources",
"notes": "Please",
"scheduleInfo": {
"startDateTime": "2023-02-08T12:15:00Z",
"expiration": {
"duration": "PT1H"
},
"recurrence": {
"pattern": {
"dayOfMonth": 5,
"daysOfWeek": [],
"interval": 1,
"reccurencePatternType": "absoluteMonthly"
},
"range": {
"startDate": "2023-02-08",
"reccurenceRangeType": "noEnd"
}
}
},
"ticketInfo": {
"ticketNumber": "INC1234567",
"ticketSystem": "ServiceNow",
"ticketSubmitterIdentityId": "alex@contoso.com",
"ticketApproverIdentityId": "alexmanager@contoso.com"
}
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models;
using Microsoft.Kiota.Abstractions.Serialization;
var requestBody = new ScheduledPermissionsRequest
{
RequestedPermissions = new AwsPermissionsDefinition
{
OdataType = "microsoft.graph.awsPermissionsDefinition",
AuthorizationSystemInfo = new PermissionsDefinitionAuthorizationSystem
{
AuthorizationSystemId = "956987887735",
AuthorizationSystemType = "AWS",
},
ActionInfo = new AwsActionsPermissionsDefinitionAction
{
OdataType = "microsoft.graph.awsActionsPermissionsDefinitionAction",
Statements = new List<AwsStatement>
{
new AwsStatement
{
StatementId = "test1",
Actions = new List<string>
{
"s3:AbortMultipartUpload",
"s3:CreateBucket",
},
NotActions = new List<string>
{
},
Resources = new List<string>
{
"*",
},
NotResources = new List<string>
{
},
Effect = AwsStatementEffect.Allow,
Condition = new AwsCondition
{
AdditionalData = new Dictionary<string, object>
{
{
"NumericLessThanEquals" , new UntypedObject(new Dictionary<string, UntypedNode>
{
{
"aws:MultiFactorAuthAge", new UntypedString("3600")
},
})
},
},
},
},
new AwsStatement
{
StatementId = "test2",
Actions = new List<string>
{
"s3:Delete:*",
},
NotActions = new List<string>
{
},
Resources = new List<string>
{
"*",
},
NotResources = new List<string>
{
},
Effect = AwsStatementEffect.Allow,
Condition = new AwsCondition
{
AdditionalData = new Dictionary<string, object>
{
{
"NumericLessThanEquals" , new UntypedObject(new Dictionary<string, UntypedNode>
{
{
"aws:MultiFactorAuthAge", new UntypedString("3600")
},
})
},
},
},
},
},
AssignToRoleId = "arn:aws:iam::956987887735:role/ck-saml-power-user",
},
IdentityInfo = new PermissionsDefinitionAuthorizationSystemIdentity
{
ExternalId = "rsn:alex@contoso.com",
Source = new SamlIdentitySource
{
OdataType = "microsoft.graph.samlIdentitySource",
},
IdentityType = PermissionsDefinitionIdentityType.User,
},
},
Justification = "I need to do this because I want to access S3 resources",
Notes = "Please",
ScheduleInfo = new RequestSchedule
{
StartDateTime = DateTimeOffset.Parse("2023-02-08T12:15:00Z"),
Expiration = new ExpirationPattern
{
Duration = TimeSpan.Parse("PT1H"),
},
Recurrence = new PatternedRecurrence
{
Pattern = new RecurrencePattern
{
DayOfMonth = 5,
DaysOfWeek = new List<DayOfWeekObject>
{
},
Interval = 1,
AdditionalData = new Dictionary<string, object>
{
{
"reccurencePatternType" , "absoluteMonthly"
},
},
},
Range = new RecurrenceRange
{
StartDate = new Date(DateTime.Parse("2023-02-08")),
AdditionalData = new Dictionary<string, object>
{
{
"reccurenceRangeType" , "noEnd"
},
},
},
},
},
TicketInfo = new TicketInfo
{
TicketNumber = "INC1234567",
TicketSystem = "ServiceNow",
TicketSubmitterIdentityId = "alex@contoso.com",
TicketApproverIdentityId = "alexmanager@contoso.com",
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.PermissionsManagement.ScheduledPermissionsRequests.PostAsync(requestBody);
Pour plus d’informations sur l’ajout du SDK à votre projet et la création d’un instance authProvider, consultez la documentation du Kit de développement logiciel (SDK).
mgc-beta identity-governance permissions-management scheduled-permissions-requests post --body '{\
"requestedPermissions": {\
"@odata.type": "microsoft.graph.awsPermissionsDefinition",\
"authorizationSystemInfo": {\
"authorizationSystemId": "956987887735",\
"authorizationSystemType": "AWS"\
},\
"actionInfo": {\
"@odata.type": "microsoft.graph.awsActionsPermissionsDefinitionAction",\
"statements": [\
{\
"statementId": "test1",\
"actions": ["s3:AbortMultipartUpload", "s3:CreateBucket"],\
"notActions": [],\
"resources": ["*"],\
"notResources": [],\
"effect": "allow",\
"condition": {\
"NumericLessThanEquals": { "aws:MultiFactorAuthAge": "3600" }\
}\
},\
{\
"statementId": "test2",\
"actions": ["s3:Delete:*"],\
"notActions": [],\
"resources": ["*"],\
"notResources": [],\
"effect": "allow",\
"condition": {\
"NumericLessThanEquals": { "aws:MultiFactorAuthAge": "3600" }\
}\
}\
],\
"assignToRoleId": "arn:aws:iam::956987887735:role/ck-saml-power-user"\
},\
"identityInfo": {\
"externalId": "rsn:alex@contoso.com",\
"source": {\
"@odata.type": "microsoft.graph.samlIdentitySource"\
},\
"identityType": "user"\
}\
},\
"justification": "I need to do this because I want to access S3 resources",\
"notes": "Please",\
"scheduleInfo": {\
"startDateTime": "2023-02-08T12:15:00Z",\
"expiration": {\
"duration": "PT1H"\
},\
"recurrence": {\
"pattern": {\
"dayOfMonth": 5,\
"daysOfWeek": [],\
"interval": 1,\
"reccurencePatternType": "absoluteMonthly"\
},\
"range": {\
"startDate": "2023-02-08",\
"reccurenceRangeType": "noEnd"\
}\
}\
},\
"ticketInfo": {\
"ticketNumber": "INC1234567",\
"ticketSystem": "ServiceNow",\
"ticketSubmitterIdentityId": "alex@contoso.com",\
"ticketApproverIdentityId": "alexmanager@contoso.com"\
}\
}\
'
Pour plus d’informations sur l’ajout du SDK à votre projet et la création d’un instance authProvider, consultez la documentation du Kit de développement logiciel (SDK).
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewScheduledPermissionsRequest()
requestedPermissions := graphmodels.NewAwsPermissionsDefinition()
authorizationSystemInfo := graphmodels.NewPermissionsDefinitionAuthorizationSystem()
authorizationSystemId := "956987887735"
authorizationSystemInfo.SetAuthorizationSystemId(&authorizationSystemId)
authorizationSystemType := "AWS"
authorizationSystemInfo.SetAuthorizationSystemType(&authorizationSystemType)
requestedPermissions.SetAuthorizationSystemInfo(authorizationSystemInfo)
actionInfo := graphmodels.NewAwsActionsPermissionsDefinitionAction()
awsStatement := graphmodels.NewAwsStatement()
statementId := "test1"
awsStatement.SetStatementId(&statementId)
actions := []string {
"s3:AbortMultipartUpload",
"s3:CreateBucket",
}
awsStatement.SetActions(actions)
notActions := []string {
}
awsStatement.SetNotActions(notActions)
resources := []string {
"*",
}
awsStatement.SetResources(resources)
notResources := []string {
}
awsStatement.SetNotResources(notResources)
effect := graphmodels.ALLOW_AWSSTATEMENTEFFECT
awsStatement.SetEffect(&effect)
condition := graphmodels.NewAwsCondition()
additionalData := map[string]interface{}{
numericLessThanEquals := graph.New()
aws:MultiFactorAuthAge := "3600"
numericLessThanEquals.SetAws:MultiFactorAuthAge(&aws:MultiFactorAuthAge)
condition.SetNumericLessThanEquals(numericLessThanEquals)
}
condition.SetAdditionalData(additionalData)
awsStatement.SetCondition(condition)
awsStatement1 := graphmodels.NewAwsStatement()
statementId := "test2"
awsStatement1.SetStatementId(&statementId)
actions := []string {
"s3:Delete:*",
}
awsStatement1.SetActions(actions)
notActions := []string {
}
awsStatement1.SetNotActions(notActions)
resources := []string {
"*",
}
awsStatement1.SetResources(resources)
notResources := []string {
}
awsStatement1.SetNotResources(notResources)
effect := graphmodels.ALLOW_AWSSTATEMENTEFFECT
awsStatement1.SetEffect(&effect)
condition := graphmodels.NewAwsCondition()
additionalData := map[string]interface{}{
numericLessThanEquals := graph.New()
aws:MultiFactorAuthAge := "3600"
numericLessThanEquals.SetAws:MultiFactorAuthAge(&aws:MultiFactorAuthAge)
condition.SetNumericLessThanEquals(numericLessThanEquals)
}
condition.SetAdditionalData(additionalData)
awsStatement1.SetCondition(condition)
statements := []graphmodels.AwsStatementable {
awsStatement,
awsStatement1,
}
actionInfo.SetStatements(statements)
assignToRoleId := "arn:aws:iam::956987887735:role/ck-saml-power-user"
actionInfo.SetAssignToRoleId(&assignToRoleId)
requestedPermissions.SetActionInfo(actionInfo)
identityInfo := graphmodels.NewPermissionsDefinitionAuthorizationSystemIdentity()
externalId := "rsn:alex@contoso.com"
identityInfo.SetExternalId(&externalId)
source := graphmodels.NewSamlIdentitySource()
identityInfo.SetSource(source)
identityType := graphmodels.USER_PERMISSIONSDEFINITIONIDENTITYTYPE
identityInfo.SetIdentityType(&identityType)
requestedPermissions.SetIdentityInfo(identityInfo)
requestBody.SetRequestedPermissions(requestedPermissions)
justification := "I need to do this because I want to access S3 resources"
requestBody.SetJustification(&justification)
notes := "Please"
requestBody.SetNotes(¬es)
scheduleInfo := graphmodels.NewRequestSchedule()
startDateTime , err := time.Parse(time.RFC3339, "2023-02-08T12:15:00Z")
scheduleInfo.SetStartDateTime(&startDateTime)
expiration := graphmodels.NewExpirationPattern()
duration , err := abstractions.ParseISODuration("PT1H")
expiration.SetDuration(&duration)
scheduleInfo.SetExpiration(expiration)
recurrence := graphmodels.NewPatternedRecurrence()
pattern := graphmodels.NewRecurrencePattern()
dayOfMonth := int32(5)
pattern.SetDayOfMonth(&dayOfMonth)
daysOfWeek := []graphmodels.DayOfWeekable {
}
pattern.SetDaysOfWeek(daysOfWeek)
interval := int32(1)
pattern.SetInterval(&interval)
additionalData := map[string]interface{}{
"reccurencePatternType" : "absoluteMonthly",
}
pattern.SetAdditionalData(additionalData)
recurrence.SetPattern(pattern)
range := graphmodels.NewRecurrenceRange()
startDate := 2023-02-08
range.SetStartDate(&startDate)
additionalData := map[string]interface{}{
"reccurenceRangeType" : "noEnd",
}
range.SetAdditionalData(additionalData)
recurrence.SetRange(range)
scheduleInfo.SetRecurrence(recurrence)
requestBody.SetScheduleInfo(scheduleInfo)
ticketInfo := graphmodels.NewTicketInfo()
ticketNumber := "INC1234567"
ticketInfo.SetTicketNumber(&ticketNumber)
ticketSystem := "ServiceNow"
ticketInfo.SetTicketSystem(&ticketSystem)
ticketSubmitterIdentityId := "alex@contoso.com"
ticketInfo.SetTicketSubmitterIdentityId(&ticketSubmitterIdentityId)
ticketApproverIdentityId := "alexmanager@contoso.com"
ticketInfo.SetTicketApproverIdentityId(&ticketApproverIdentityId)
requestBody.SetTicketInfo(ticketInfo)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
scheduledPermissionsRequests, err := graphClient.IdentityGovernance().PermissionsManagement().ScheduledPermissionsRequests().Post(context.Background(), requestBody, nil)
Pour plus d’informations sur l’ajout du SDK à votre projet et la création d’un instance authProvider, consultez la documentation du Kit de développement logiciel (SDK).
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
ScheduledPermissionsRequest scheduledPermissionsRequest = new ScheduledPermissionsRequest();
AwsPermissionsDefinition requestedPermissions = new AwsPermissionsDefinition();
requestedPermissions.setOdataType("microsoft.graph.awsPermissionsDefinition");
PermissionsDefinitionAuthorizationSystem authorizationSystemInfo = new PermissionsDefinitionAuthorizationSystem();
authorizationSystemInfo.setAuthorizationSystemId("956987887735");
authorizationSystemInfo.setAuthorizationSystemType("AWS");
requestedPermissions.setAuthorizationSystemInfo(authorizationSystemInfo);
AwsActionsPermissionsDefinitionAction actionInfo = new AwsActionsPermissionsDefinitionAction();
actionInfo.setOdataType("microsoft.graph.awsActionsPermissionsDefinitionAction");
LinkedList<AwsStatement> statements = new LinkedList<AwsStatement>();
AwsStatement awsStatement = new AwsStatement();
awsStatement.setStatementId("test1");
LinkedList<String> actions = new LinkedList<String>();
actions.add("s3:AbortMultipartUpload");
actions.add("s3:CreateBucket");
awsStatement.setActions(actions);
LinkedList<String> notActions = new LinkedList<String>();
awsStatement.setNotActions(notActions);
LinkedList<String> resources = new LinkedList<String>();
resources.add("*");
awsStatement.setResources(resources);
LinkedList<String> notResources = new LinkedList<String>();
awsStatement.setNotResources(notResources);
awsStatement.setEffect(AwsStatementEffect.Allow);
AwsCondition condition = new AwsCondition();
HashMap<String, Object> additionalData = new HashMap<String, Object>();
numericLessThanEquals = new ();
numericLessThanEquals.setAwsMultiFactorAuthAge("3600");
additionalData.put("NumericLessThanEquals", numericLessThanEquals);
condition.setAdditionalData(additionalData);
awsStatement.setCondition(condition);
statements.add(awsStatement);
AwsStatement awsStatement1 = new AwsStatement();
awsStatement1.setStatementId("test2");
LinkedList<String> actions1 = new LinkedList<String>();
actions1.add("s3:Delete:*");
awsStatement1.setActions(actions1);
LinkedList<String> notActions1 = new LinkedList<String>();
awsStatement1.setNotActions(notActions1);
LinkedList<String> resources1 = new LinkedList<String>();
resources1.add("*");
awsStatement1.setResources(resources1);
LinkedList<String> notResources1 = new LinkedList<String>();
awsStatement1.setNotResources(notResources1);
awsStatement1.setEffect(AwsStatementEffect.Allow);
AwsCondition condition1 = new AwsCondition();
HashMap<String, Object> additionalData1 = new HashMap<String, Object>();
numericLessThanEquals1 = new ();
numericLessThanEquals1.setAwsMultiFactorAuthAge("3600");
additionalData1.put("NumericLessThanEquals", numericLessThanEquals1);
condition1.setAdditionalData(additionalData1);
awsStatement1.setCondition(condition1);
statements.add(awsStatement1);
actionInfo.setStatements(statements);
actionInfo.setAssignToRoleId("arn:aws:iam::956987887735:role/ck-saml-power-user");
requestedPermissions.setActionInfo(actionInfo);
PermissionsDefinitionAuthorizationSystemIdentity identityInfo = new PermissionsDefinitionAuthorizationSystemIdentity();
identityInfo.setExternalId("rsn:alex@contoso.com");
SamlIdentitySource source = new SamlIdentitySource();
source.setOdataType("microsoft.graph.samlIdentitySource");
identityInfo.setSource(source);
identityInfo.setIdentityType(PermissionsDefinitionIdentityType.User);
requestedPermissions.setIdentityInfo(identityInfo);
scheduledPermissionsRequest.setRequestedPermissions(requestedPermissions);
scheduledPermissionsRequest.setJustification("I need to do this because I want to access S3 resources");
scheduledPermissionsRequest.setNotes("Please");
RequestSchedule scheduleInfo = new RequestSchedule();
OffsetDateTime startDateTime = OffsetDateTime.parse("2023-02-08T12:15:00Z");
scheduleInfo.setStartDateTime(startDateTime);
ExpirationPattern expiration = new ExpirationPattern();
PeriodAndDuration duration = PeriodAndDuration.ofDuration(Duration.parse("PT1H"));
expiration.setDuration(duration);
scheduleInfo.setExpiration(expiration);
PatternedRecurrence recurrence = new PatternedRecurrence();
RecurrencePattern pattern = new RecurrencePattern();
pattern.setDayOfMonth(5);
LinkedList<DayOfWeek> daysOfWeek = new LinkedList<DayOfWeek>();
pattern.setDaysOfWeek(daysOfWeek);
pattern.setInterval(1);
HashMap<String, Object> additionalData2 = new HashMap<String, Object>();
additionalData2.put("reccurencePatternType", "absoluteMonthly");
pattern.setAdditionalData(additionalData2);
recurrence.setPattern(pattern);
RecurrenceRange range = new RecurrenceRange();
LocalDate startDate = LocalDate.parse("2023-02-08");
range.setStartDate(startDate);
HashMap<String, Object> additionalData3 = new HashMap<String, Object>();
additionalData3.put("reccurenceRangeType", "noEnd");
range.setAdditionalData(additionalData3);
recurrence.setRange(range);
scheduleInfo.setRecurrence(recurrence);
scheduledPermissionsRequest.setScheduleInfo(scheduleInfo);
TicketInfo ticketInfo = new TicketInfo();
ticketInfo.setTicketNumber("INC1234567");
ticketInfo.setTicketSystem("ServiceNow");
ticketInfo.setTicketSubmitterIdentityId("alex@contoso.com");
ticketInfo.setTicketApproverIdentityId("alexmanager@contoso.com");
scheduledPermissionsRequest.setTicketInfo(ticketInfo);
ScheduledPermissionsRequest result = graphClient.identityGovernance().permissionsManagement().scheduledPermissionsRequests().post(scheduledPermissionsRequest);
Pour plus d’informations sur l’ajout du SDK à votre projet et la création d’un instance authProvider, consultez la documentation du Kit de développement logiciel (SDK).
const options = {
authProvider,
};
const client = Client.init(options);
const scheduledPermissionsRequest = {
requestedPermissions: {
'@odata.type': 'microsoft.graph.awsPermissionsDefinition',
authorizationSystemInfo: {
authorizationSystemId: '956987887735',
authorizationSystemType: 'AWS'
},
actionInfo: {
'@odata.type': 'microsoft.graph.awsActionsPermissionsDefinitionAction',
statements: [
{
statementId: 'test1',
actions: ['s3:AbortMultipartUpload', 's3:CreateBucket'],
notActions: [],
resources: ['*'],
notResources: [],
effect: 'allow',
condition: {
NumericLessThanEquals: { 'aws:MultiFactorAuthAge': '3600' }
}
},
{
statementId: 'test2',
actions: ['s3:Delete:*'],
notActions: [],
resources: ['*'],
notResources: [],
effect: 'allow',
condition: {
NumericLessThanEquals: { 'aws:MultiFactorAuthAge': '3600' }
}
}
],
assignToRoleId: 'arn:aws:iam::956987887735:role/ck-saml-power-user'
},
identityInfo: {
externalId: 'rsn:alex@contoso.com',
source: {
'@odata.type': 'microsoft.graph.samlIdentitySource'
},
identityType: 'user'
}
},
justification: 'I need to do this because I want to access S3 resources',
notes: 'Please',
scheduleInfo: {
startDateTime: '2023-02-08T12:15:00Z',
expiration: {
duration: 'PT1H'
},
recurrence: {
pattern: {
dayOfMonth: 5,
daysOfWeek: [],
interval: 1,
reccurencePatternType: 'absoluteMonthly'
},
range: {
startDate: '2023-02-08',
reccurenceRangeType: 'noEnd'
}
}
},
ticketInfo: {
ticketNumber: 'INC1234567',
ticketSystem: 'ServiceNow',
ticketSubmitterIdentityId: 'alex@contoso.com',
ticketApproverIdentityId: 'alexmanager@contoso.com'
}
};
await client.api('/identityGovernance/permissionsManagement/scheduledPermissionsRequests')
.version('beta')
.post(scheduledPermissionsRequest);
Pour plus d’informations sur l’ajout du SDK à votre projet et la création d’un instance authProvider, consultez la documentation du Kit de développement logiciel (SDK).
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\ScheduledPermissionsRequest;
use Microsoft\Graph\Beta\Generated\Models\AwsPermissionsDefinition;
use Microsoft\Graph\Beta\Generated\Models\PermissionsDefinitionAuthorizationSystem;
use Microsoft\Graph\Beta\Generated\Models\AwsActionsPermissionsDefinitionAction;
use Microsoft\Graph\Beta\Generated\Models\AwsStatement;
use Microsoft\Graph\Beta\Generated\Models\AwsStatementEffect;
use Microsoft\Graph\Beta\Generated\Models\AwsCondition;
use Microsoft\Graph\Beta\Generated\Models\PermissionsDefinitionAuthorizationSystemIdentity;
use Microsoft\Graph\Beta\Generated\Models\SamlIdentitySource;
use Microsoft\Graph\Beta\Generated\Models\PermissionsDefinitionIdentityType;
use Microsoft\Graph\Beta\Generated\Models\RequestSchedule;
use Microsoft\Graph\Beta\Generated\Models\ExpirationPattern;
use Microsoft\Graph\Beta\Generated\Models\PatternedRecurrence;
use Microsoft\Graph\Beta\Generated\Models\RecurrencePattern;
use Microsoft\Graph\Beta\Generated\Models\DayOfWeek;
use Microsoft\Graph\Beta\Generated\Models\RecurrenceRange;
use Microsoft\Kiota\Abstractions\Types\Date;
use Microsoft\Graph\Beta\Generated\Models\TicketInfo;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new ScheduledPermissionsRequest();
$requestedPermissions = new AwsPermissionsDefinition();
$requestedPermissions->setOdataType('microsoft.graph.awsPermissionsDefinition');
$requestedPermissionsAuthorizationSystemInfo = new PermissionsDefinitionAuthorizationSystem();
$requestedPermissionsAuthorizationSystemInfo->setAuthorizationSystemId('956987887735');
$requestedPermissionsAuthorizationSystemInfo->setAuthorizationSystemType('AWS');
$requestedPermissions->setAuthorizationSystemInfo($requestedPermissionsAuthorizationSystemInfo);
$requestedPermissionsActionInfo = new AwsActionsPermissionsDefinitionAction();
$requestedPermissionsActionInfo->setOdataType('microsoft.graph.awsActionsPermissionsDefinitionAction');
$statementsAwsStatement1 = new AwsStatement();
$statementsAwsStatement1->setStatementId('test1');
$statementsAwsStatement1->setActions(['s3:AbortMultipartUpload', 's3:CreateBucket', ]);
$statementsAwsStatement1->setNotActions([ ]);
$statementsAwsStatement1->setResources(['*', ]);
$statementsAwsStatement1->setNotResources([ ]);
$statementsAwsStatement1->setEffect(new AwsStatementEffect('allow'));
$statementsAwsStatement1Condition = new AwsCondition();
$additionalData = [
'NumericLessThanEquals' => [
'aws:MultiFactorAuthAge' => '3600',
],
];
$statementsAwsStatement1Condition->setAdditionalData($additionalData);
$statementsAwsStatement1->setCondition($statementsAwsStatement1Condition);
$statementsArray []= $statementsAwsStatement1;
$statementsAwsStatement2 = new AwsStatement();
$statementsAwsStatement2->setStatementId('test2');
$statementsAwsStatement2->setActions(['s3:Delete:*', ]);
$statementsAwsStatement2->setNotActions([ ]);
$statementsAwsStatement2->setResources(['*', ]);
$statementsAwsStatement2->setNotResources([ ]);
$statementsAwsStatement2->setEffect(new AwsStatementEffect('allow'));
$statementsAwsStatement2Condition = new AwsCondition();
$additionalData = [
'NumericLessThanEquals' => [
'aws:MultiFactorAuthAge' => '3600',
],
];
$statementsAwsStatement2Condition->setAdditionalData($additionalData);
$statementsAwsStatement2->setCondition($statementsAwsStatement2Condition);
$statementsArray []= $statementsAwsStatement2;
$requestedPermissionsActionInfo->setStatements($statementsArray);
$requestedPermissionsActionInfo->setAssignToRoleId('arn:aws:iam::956987887735:role/ck-saml-power-user');
$requestedPermissions->setActionInfo($requestedPermissionsActionInfo);
$requestedPermissionsIdentityInfo = new PermissionsDefinitionAuthorizationSystemIdentity();
$requestedPermissionsIdentityInfo->setExternalId('rsn:alex@contoso.com');
$requestedPermissionsIdentityInfoSource = new SamlIdentitySource();
$requestedPermissionsIdentityInfoSource->setOdataType('microsoft.graph.samlIdentitySource');
$requestedPermissionsIdentityInfo->setSource($requestedPermissionsIdentityInfoSource);
$requestedPermissionsIdentityInfo->setIdentityType(new PermissionsDefinitionIdentityType('user'));
$requestedPermissions->setIdentityInfo($requestedPermissionsIdentityInfo);
$requestBody->setRequestedPermissions($requestedPermissions);
$requestBody->setJustification('I need to do this because I want to access S3 resources');
$requestBody->setNotes('Please');
$scheduleInfo = new RequestSchedule();
$scheduleInfo->setStartDateTime(new \DateTime('2023-02-08T12:15:00Z'));
$scheduleInfoExpiration = new ExpirationPattern();
$scheduleInfoExpiration->setDuration(new \DateInterval('PT1H'));
$scheduleInfo->setExpiration($scheduleInfoExpiration);
$scheduleInfoRecurrence = new PatternedRecurrence();
$scheduleInfoRecurrencePattern = new RecurrencePattern();
$scheduleInfoRecurrencePattern->setDayOfMonth(5);
$scheduleInfoRecurrencePattern->setDaysOfWeek([]);
$scheduleInfoRecurrencePattern->setInterval(1);
$additionalData = [
'reccurencePatternType' => 'absoluteMonthly',
];
$scheduleInfoRecurrencePattern->setAdditionalData($additionalData);
$scheduleInfoRecurrence->setPattern($scheduleInfoRecurrencePattern);
$scheduleInfoRecurrenceRange = new RecurrenceRange();
$scheduleInfoRecurrenceRange->setStartDate(new Date('2023-02-08'));
$additionalData = [
'reccurenceRangeType' => 'noEnd',
];
$scheduleInfoRecurrenceRange->setAdditionalData($additionalData);
$scheduleInfoRecurrence->setRange($scheduleInfoRecurrenceRange);
$scheduleInfo->setRecurrence($scheduleInfoRecurrence);
$requestBody->setScheduleInfo($scheduleInfo);
$ticketInfo = new TicketInfo();
$ticketInfo->setTicketNumber('INC1234567');
$ticketInfo->setTicketSystem('ServiceNow');
$ticketInfo->setTicketSubmitterIdentityId('alex@contoso.com');
$ticketInfo->setTicketApproverIdentityId('alexmanager@contoso.com');
$requestBody->setTicketInfo($ticketInfo);
$result = $graphServiceClient->identityGovernance()->permissionsManagement()->scheduledPermissionsRequests()->post($requestBody)->wait();
Pour plus d’informations sur l’ajout du SDK à votre projet et la création d’un instance authProvider, consultez la documentation du Kit de développement logiciel (SDK).
Import-Module Microsoft.Graph.Beta.Identity.Governance
$params = @{
requestedPermissions = @{
"@odata.type" = "microsoft.graph.awsPermissionsDefinition"
authorizationSystemInfo = @{
authorizationSystemId = "956987887735"
authorizationSystemType = "AWS"
}
actionInfo = @{
"@odata.type" = "microsoft.graph.awsActionsPermissionsDefinitionAction"
statements = @(
@{
statementId = "test1"
actions = @(
"s3:AbortMultipartUpload"
"s3:CreateBucket"
)
notActions = @(
)
resources = @(
"*"
)
notResources = @(
)
effect = "allow"
condition = @{
NumericLessThanEquals = @{
"aws:MultiFactorAuthAge" = "3600"
}
}
}
@{
statementId = "test2"
actions = @(
"s3:Delete:*"
)
notActions = @(
)
resources = @(
"*"
)
notResources = @(
)
effect = "allow"
condition = @{
NumericLessThanEquals = @{
"aws:MultiFactorAuthAge" = "3600"
}
}
}
)
assignToRoleId = "arn:aws:iam::956987887735:role/ck-saml-power-user"
}
identityInfo = @{
externalId = "rsn:alex@contoso.com"
source = @{
"@odata.type" = "microsoft.graph.samlIdentitySource"
}
identityType = "user"
}
}
justification = "I need to do this because I want to access S3 resources"
notes = "Please"
scheduleInfo = @{
startDateTime = [System.DateTime]::Parse("2023-02-08T12:15:00Z")
expiration = @{
duration = "PT1H"
}
recurrence = @{
pattern = @{
dayOfMonth = 5
daysOfWeek = @(
)
interval = 1
reccurencePatternType = "absoluteMonthly"
}
range = @{
startDate = "2023-02-08"
reccurenceRangeType = "noEnd"
}
}
}
ticketInfo = @{
ticketNumber = "INC1234567"
ticketSystem = "ServiceNow"
ticketSubmitterIdentityId = "alex@contoso.com"
ticketApproverIdentityId = "alexmanager@contoso.com"
}
}
New-MgBetaIdentityGovernancePermissionManagementScheduledPermissionRequest -BodyParameter $params
Pour plus d’informations sur l’ajout du SDK à votre projet et la création d’un instance authProvider, consultez la documentation du Kit de développement logiciel (SDK).
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.scheduled_permissions_request import ScheduledPermissionsRequest
from msgraph_beta.generated.models.aws_permissions_definition import AwsPermissionsDefinition
from msgraph_beta.generated.models.permissions_definition_authorization_system import PermissionsDefinitionAuthorizationSystem
from msgraph_beta.generated.models.aws_actions_permissions_definition_action import AwsActionsPermissionsDefinitionAction
from msgraph_beta.generated.models.aws_statement import AwsStatement
from msgraph_beta.generated.models.aws_statement_effect import AwsStatementEffect
from msgraph_beta.generated.models.aws_condition import AwsCondition
from msgraph_beta.generated.models.permissions_definition_authorization_system_identity import PermissionsDefinitionAuthorizationSystemIdentity
from msgraph_beta.generated.models.saml_identity_source import SamlIdentitySource
from msgraph_beta.generated.models.permissions_definition_identity_type import PermissionsDefinitionIdentityType
from msgraph_beta.generated.models.request_schedule import RequestSchedule
from msgraph_beta.generated.models.expiration_pattern import ExpirationPattern
from msgraph_beta.generated.models.patterned_recurrence import PatternedRecurrence
from msgraph_beta.generated.models.recurrence_pattern import RecurrencePattern
from msgraph_beta.generated.models.day_of_week import DayOfWeek
from msgraph_beta.generated.models.recurrence_range import RecurrenceRange
from msgraph_beta.generated.models.ticket_info import TicketInfo
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = ScheduledPermissionsRequest(
requested_permissions = AwsPermissionsDefinition(
odata_type = "microsoft.graph.awsPermissionsDefinition",
authorization_system_info = PermissionsDefinitionAuthorizationSystem(
authorization_system_id = "956987887735",
authorization_system_type = "AWS",
),
action_info = AwsActionsPermissionsDefinitionAction(
odata_type = "microsoft.graph.awsActionsPermissionsDefinitionAction",
statements = [
AwsStatement(
statement_id = "test1",
actions = [
"s3:AbortMultipartUpload",
"s3:CreateBucket",
],
not_actions = [
],
resources = [
"*",
],
not_resources = [
],
effect = AwsStatementEffect.Allow,
condition = AwsCondition(
additional_data = {
"numeric_less_than_equals" : {
"aws:_multi_factor_auth_age" : "3600",
},
}
),
),
AwsStatement(
statement_id = "test2",
actions = [
"s3:Delete:*",
],
not_actions = [
],
resources = [
"*",
],
not_resources = [
],
effect = AwsStatementEffect.Allow,
condition = AwsCondition(
additional_data = {
"numeric_less_than_equals" : {
"aws:_multi_factor_auth_age" : "3600",
},
}
),
),
],
assign_to_role_id = "arn:aws:iam::956987887735:role/ck-saml-power-user",
),
identity_info = PermissionsDefinitionAuthorizationSystemIdentity(
external_id = "rsn:alex@contoso.com",
source = SamlIdentitySource(
odata_type = "microsoft.graph.samlIdentitySource",
),
identity_type = PermissionsDefinitionIdentityType.User,
),
),
justification = "I need to do this because I want to access S3 resources",
notes = "Please",
schedule_info = RequestSchedule(
start_date_time = "2023-02-08T12:15:00Z",
expiration = ExpirationPattern(
duration = "PT1H",
),
recurrence = PatternedRecurrence(
pattern = RecurrencePattern(
day_of_month = 5,
days_of_week = [
],
interval = 1,
additional_data = {
"reccurence_pattern_type" : "absoluteMonthly",
}
),
range = RecurrenceRange(
start_date = "2023-02-08",
additional_data = {
"reccurence_range_type" : "noEnd",
}
),
),
),
ticket_info = TicketInfo(
ticket_number = "INC1234567",
ticket_system = "ServiceNow",
ticket_submitter_identity_id = "alex@contoso.com",
ticket_approver_identity_id = "alexmanager@contoso.com",
),
)
result = await graph_client.identity_governance.permissions_management.scheduled_permissions_requests.post(request_body)
Pour plus d’informations sur l’ajout du SDK à votre projet et la création d’un instance authProvider, consultez la documentation du Kit de développement logiciel (SDK).
Le demandeur ou un administrateur peut annuler une demande approuvée, tandis que seul le demandeur peut annuler une requête en attente (statusDetail de submitted).