assignmentPolicies の作成
- [アーティクル]
名前空間: microsoft.graph
エンタイトルメント管理で新しい accessPackageAssignmentPolicy オブジェクトMicrosoft Entra作成します。 要求には、このポリシーを含む accessPackage への参照が含まれています。このポリシーは既に存在している必要があります。
この API は、次の国内クラウド展開で使用できます。
グローバル サービス | 米国政府機関 L4 | 米国政府機関 L5 (DOD) | 21Vianet が運営する中国 |
---|---|---|---|
✅ | ✅ | ✅ | ✅ |
アクセス許可
この API の最小特権としてマークされているアクセス許可またはアクセス許可を選択します。 アプリで必要な場合にのみ、より高い特権のアクセス許可またはアクセス許可を使用します。 委任されたアクセス許可とアプリケーションのアクセス許可の詳細については、「アクセス許可の種類」を参照してください。 これらのアクセス許可の詳細については、「アクセス許可のリファレンス」を参照してください。
アクセス許可の種類 | 最小特権アクセス許可 | より高い特権のアクセス許可 |
---|---|---|
委任 (職場または学校のアカウント) | EntitlementManagement.ReadWrite.All | 注意事項なし。 |
委任 (個人用 Microsoft アカウント) | サポートされていません。 | サポートされていません。 |
アプリケーション | EntitlementManagement.ReadWrite.All | 注意事項なし。 |
ヒント
職場または学校アカウントを使用した委任されたシナリオでは、サインインしているユーザーに、次のいずれかのオプションを使用して、サポートされているロールのアクセス許可を持つ管理者ロールも割り当てる必要があります。
-
エンタイトルメント管理システムのロール。最小特権ロールは次のとおりです。
- パッケージ マネージャーにアクセスします。 これは最小限の特権オプションです
- カタログ所有者
- この操作でサポートされるその他の特権Microsoft Entraロール:
- ID ガバナンス管理者
アプリのみのシナリオでは、呼び出し元のアプリに、 EntitlementManagement.ReadWrite.All
アプリケーションのアクセス許可ではなく、前述のサポートされているロールのいずれかを割り当てることができます。
Access パッケージ マネージャー ロールの特権は、EntitlementManagement.ReadWrite.All
アプリケーションのアクセス許可よりも低くなります。
詳細については、「エンタイトルメント管理での委任とロール」および「エンタイトルメント管理でパッケージ マネージャーにアクセスするためのアクセス ガバナンスを委任する方法」を参照してください。
HTTP 要求
POST /identityGovernance/entitlementManagement/assignmentPolicies
要求ヘッダー
名前 | 説明 |
---|---|
Authorization | ベアラー {token}。 必須です。 認証と認可についての詳細をご覧ください。 |
Content-Type | application/json. 必須です。 |
要求本文
要求本文で、 accessPackageAssignmentPolicy オブジェクトの JSON 表現を指定します。
accessPackageAssignmentPolicy を作成するときに、次のプロパティを指定できます。
プロパティ | 型 | 説明 |
---|---|---|
description | String | ポリシーの説明。 |
displayName | String | ポリシーの表示名。 |
allowedTargetScope | allowedTargetScope | このポリシーを使用してアクセス パッケージを割り当てることが許可されているユーザー。 使用可能な値: notSpecified 、specificDirectoryUsers 、specificConnectedOrganizationUsers 、specificDirectoryServicePrincipals 、allMemberUsers 、allDirectoryUsers 、allDirectoryServicePrincipals 、allConfiguredConnectedOrganizationUsers 、allExternalUsers 、unknownFutureValue 。 省略可能。 |
満了 | expirationPattern | このポリシーで作成された割り当ての有効期限。 |
requestApprovalSettings | accessPackageAssignmentApprovalSettings | このポリシーを使用して、アクセス パッケージの割り当てに対する要求の承認の設定を指定します。 たとえば、新しい要求に承認が必要な場合です。 |
requestorSettings | accessPackageAssignmentRequestorSettings | このポリシーを使用してアクセス パッケージの割り当ての要求を作成できるユーザーと、要求に含めることができるものを選択するための追加の設定を提供します。 |
reviewSettings | accessPackageAssignmentReviewSettings | このポリシーを使用した割り当てのアクセス レビューの設定。 |
specificAllowedTargets | subjectSet コレクション | このポリシーを使用してアクセス パッケージからのアクセスを割り当てることができるプリンシパル。 |
automaticRequestSettings | accessPackageAutomaticRequestSettings | このプロパティは、自動割り当てポリシーにのみ存在します。存在しない場合、これは要求ベースのポリシーです。 |
accessPackage | accessPackage | ポリシーを含むアクセス パッケージへの参照。これは、既に存在している必要があります。 |
問 | accessPackageQuestion コレクション | 要求者に送信される質問。 |
応答
成功した場合、このメソッドは応答コード 201 Created
と、応答本文に accessPackageAssignmentPolicy オブジェクトを返します。
例
例 1: 直接割り当てポリシーを作成する
直接割り当てポリシーは、アクセス パッケージの割り当て要求がユーザー自身ではなく管理者によってのみ作成される場合に便利です。
要求
次の例は、アクセス パッケージの割り当てポリシーを作成する要求を示しています。 このポリシーでは、ユーザーは要求できません。承認は必要ありません。アクセス レビューもありません。
POST https://graph.microsoft.com/v1.0/identityGovernance/entitlementManagement/assignmentPolicies
Content-Type: application/json
{
"displayName": "New Policy",
"description": "policy for assignment",
"allowedTargetScope": "notSpecified",
"specificAllowedTargets": [],
"expiration": {
"endDateTime": null,
"duration": null,
"type": "noExpiration"
},
"requestorSettings": {
"enableTargetsToSelfAddAccess": false,
"enableTargetsToSelfUpdateAccess": false,
"enableTargetsToSelfRemoveAccess": false,
"allowCustomAssignmentSchedule": true,
"enableOnBehalfRequestorsToAddAccess": false,
"enableOnBehalfRequestorsToUpdateAccess": false,
"enableOnBehalfRequestorsToRemoveAccess": false,
"onBehalfRequestors": []
},
"requestApprovalSettings": {
"isApprovalRequiredForAdd": false,
"isApprovalRequiredForUpdate": false,
"stages": []
},
"accessPackage": {
"id": "a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b"
}
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Models;
var requestBody = new AccessPackageAssignmentPolicy
{
DisplayName = "New Policy",
Description = "policy for assignment",
AllowedTargetScope = AllowedTargetScope.NotSpecified,
SpecificAllowedTargets = new List<SubjectSet>
{
},
Expiration = new ExpirationPattern
{
EndDateTime = null,
Duration = null,
Type = ExpirationPatternType.NoExpiration,
},
RequestorSettings = new AccessPackageAssignmentRequestorSettings
{
EnableTargetsToSelfAddAccess = false,
EnableTargetsToSelfUpdateAccess = false,
EnableTargetsToSelfRemoveAccess = false,
AllowCustomAssignmentSchedule = true,
EnableOnBehalfRequestorsToAddAccess = false,
EnableOnBehalfRequestorsToUpdateAccess = false,
EnableOnBehalfRequestorsToRemoveAccess = false,
OnBehalfRequestors = new List<SubjectSet>
{
},
},
RequestApprovalSettings = new AccessPackageAssignmentApprovalSettings
{
IsApprovalRequiredForAdd = false,
IsApprovalRequiredForUpdate = false,
Stages = new List<AccessPackageApprovalStage>
{
},
},
AccessPackage = new AccessPackage
{
Id = "a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b",
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.EntitlementManagement.AssignmentPolicies.PostAsync(requestBody);
プロジェクトに SDK を追加し、authProvider インスタンスを作成する方法の詳細については、SDK のドキュメントを参照してください。
mgc identity-governance entitlement-management assignment-policies create --body '{\
"displayName": "New Policy",\
"description": "policy for assignment",\
"allowedTargetScope": "notSpecified",\
"specificAllowedTargets": [],\
"expiration": {\
"endDateTime": null,\
"duration": null,\
"type": "noExpiration"\
},\
"requestorSettings": {\
"enableTargetsToSelfAddAccess": false,\
"enableTargetsToSelfUpdateAccess": false,\
"enableTargetsToSelfRemoveAccess": false,\
"allowCustomAssignmentSchedule": true,\
"enableOnBehalfRequestorsToAddAccess": false,\
"enableOnBehalfRequestorsToUpdateAccess": false,\
"enableOnBehalfRequestorsToRemoveAccess": false,\
"onBehalfRequestors": []\
},\
"requestApprovalSettings": {\
"isApprovalRequiredForAdd": false,\
"isApprovalRequiredForUpdate": false,\
"stages": []\
},\
"accessPackage": {\
"id": "a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b"\
}\
}\
'
プロジェクトに SDK を追加し、authProvider インスタンスを作成する方法の詳細については、SDK のドキュメントを参照してください。
// Code snippets are only available for the latest major version. Current major version is $v1.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewAccessPackageAssignmentPolicy()
displayName := "New Policy"
requestBody.SetDisplayName(&displayName)
description := "policy for assignment"
requestBody.SetDescription(&description)
allowedTargetScope := graphmodels.NOTSPECIFIED_ALLOWEDTARGETSCOPE
requestBody.SetAllowedTargetScope(&allowedTargetScope)
specificAllowedTargets := []graphmodels.SubjectSetable {
}
requestBody.SetSpecificAllowedTargets(specificAllowedTargets)
expiration := graphmodels.NewExpirationPattern()
endDateTime := null
expiration.SetEndDateTime(&endDateTime)
duration := null
expiration.SetDuration(&duration)
type := graphmodels.NOEXPIRATION_EXPIRATIONPATTERNTYPE
expiration.SetType(&type)
requestBody.SetExpiration(expiration)
requestorSettings := graphmodels.NewAccessPackageAssignmentRequestorSettings()
enableTargetsToSelfAddAccess := false
requestorSettings.SetEnableTargetsToSelfAddAccess(&enableTargetsToSelfAddAccess)
enableTargetsToSelfUpdateAccess := false
requestorSettings.SetEnableTargetsToSelfUpdateAccess(&enableTargetsToSelfUpdateAccess)
enableTargetsToSelfRemoveAccess := false
requestorSettings.SetEnableTargetsToSelfRemoveAccess(&enableTargetsToSelfRemoveAccess)
allowCustomAssignmentSchedule := true
requestorSettings.SetAllowCustomAssignmentSchedule(&allowCustomAssignmentSchedule)
enableOnBehalfRequestorsToAddAccess := false
requestorSettings.SetEnableOnBehalfRequestorsToAddAccess(&enableOnBehalfRequestorsToAddAccess)
enableOnBehalfRequestorsToUpdateAccess := false
requestorSettings.SetEnableOnBehalfRequestorsToUpdateAccess(&enableOnBehalfRequestorsToUpdateAccess)
enableOnBehalfRequestorsToRemoveAccess := false
requestorSettings.SetEnableOnBehalfRequestorsToRemoveAccess(&enableOnBehalfRequestorsToRemoveAccess)
onBehalfRequestors := []graphmodels.SubjectSetable {
}
requestorSettings.SetOnBehalfRequestors(onBehalfRequestors)
requestBody.SetRequestorSettings(requestorSettings)
requestApprovalSettings := graphmodels.NewAccessPackageAssignmentApprovalSettings()
isApprovalRequiredForAdd := false
requestApprovalSettings.SetIsApprovalRequiredForAdd(&isApprovalRequiredForAdd)
isApprovalRequiredForUpdate := false
requestApprovalSettings.SetIsApprovalRequiredForUpdate(&isApprovalRequiredForUpdate)
stages := []graphmodels.AccessPackageApprovalStageable {
}
requestApprovalSettings.SetStages(stages)
requestBody.SetRequestApprovalSettings(requestApprovalSettings)
accessPackage := graphmodels.NewAccessPackage()
id := "a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b"
accessPackage.SetId(&id)
requestBody.SetAccessPackage(accessPackage)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
assignmentPolicies, err := graphClient.IdentityGovernance().EntitlementManagement().AssignmentPolicies().Post(context.Background(), requestBody, nil)
プロジェクトに SDK を追加し、authProvider インスタンスを作成する方法の詳細については、SDK のドキュメントを参照してください。
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
AccessPackageAssignmentPolicy accessPackageAssignmentPolicy = new AccessPackageAssignmentPolicy();
accessPackageAssignmentPolicy.setDisplayName("New Policy");
accessPackageAssignmentPolicy.setDescription("policy for assignment");
accessPackageAssignmentPolicy.setAllowedTargetScope(AllowedTargetScope.NotSpecified);
LinkedList<SubjectSet> specificAllowedTargets = new LinkedList<SubjectSet>();
accessPackageAssignmentPolicy.setSpecificAllowedTargets(specificAllowedTargets);
ExpirationPattern expiration = new ExpirationPattern();
expiration.setEndDateTime(null);
expiration.setDuration(null);
expiration.setType(ExpirationPatternType.NoExpiration);
accessPackageAssignmentPolicy.setExpiration(expiration);
AccessPackageAssignmentRequestorSettings requestorSettings = new AccessPackageAssignmentRequestorSettings();
requestorSettings.setEnableTargetsToSelfAddAccess(false);
requestorSettings.setEnableTargetsToSelfUpdateAccess(false);
requestorSettings.setEnableTargetsToSelfRemoveAccess(false);
requestorSettings.setAllowCustomAssignmentSchedule(true);
requestorSettings.setEnableOnBehalfRequestorsToAddAccess(false);
requestorSettings.setEnableOnBehalfRequestorsToUpdateAccess(false);
requestorSettings.setEnableOnBehalfRequestorsToRemoveAccess(false);
LinkedList<SubjectSet> onBehalfRequestors = new LinkedList<SubjectSet>();
requestorSettings.setOnBehalfRequestors(onBehalfRequestors);
accessPackageAssignmentPolicy.setRequestorSettings(requestorSettings);
AccessPackageAssignmentApprovalSettings requestApprovalSettings = new AccessPackageAssignmentApprovalSettings();
requestApprovalSettings.setIsApprovalRequiredForAdd(false);
requestApprovalSettings.setIsApprovalRequiredForUpdate(false);
LinkedList<AccessPackageApprovalStage> stages = new LinkedList<AccessPackageApprovalStage>();
requestApprovalSettings.setStages(stages);
accessPackageAssignmentPolicy.setRequestApprovalSettings(requestApprovalSettings);
AccessPackage accessPackage = new AccessPackage();
accessPackage.setId("a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b");
accessPackageAssignmentPolicy.setAccessPackage(accessPackage);
AccessPackageAssignmentPolicy result = graphClient.identityGovernance().entitlementManagement().assignmentPolicies().post(accessPackageAssignmentPolicy);
プロジェクトに SDK を追加し、authProvider インスタンスを作成する方法の詳細については、SDK のドキュメントを参照してください。
const options = {
authProvider,
};
const client = Client.init(options);
const accessPackageAssignmentPolicy = {
displayName: 'New Policy',
description: 'policy for assignment',
allowedTargetScope: 'notSpecified',
specificAllowedTargets: [],
expiration: {
endDateTime: null,
duration: null,
type: 'noExpiration'
},
requestorSettings: {
enableTargetsToSelfAddAccess: false,
enableTargetsToSelfUpdateAccess: false,
enableTargetsToSelfRemoveAccess: false,
allowCustomAssignmentSchedule: true,
enableOnBehalfRequestorsToAddAccess: false,
enableOnBehalfRequestorsToUpdateAccess: false,
enableOnBehalfRequestorsToRemoveAccess: false,
onBehalfRequestors: []
},
requestApprovalSettings: {
isApprovalRequiredForAdd: false,
isApprovalRequiredForUpdate: false,
stages: []
},
accessPackage: {
id: 'a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b'
}
};
await client.api('/identityGovernance/entitlementManagement/assignmentPolicies')
.post(accessPackageAssignmentPolicy);
プロジェクトに SDK を追加し、authProvider インスタンスを作成する方法の詳細については、SDK のドキュメントを参照してください。
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\AccessPackageAssignmentPolicy;
use Microsoft\Graph\Generated\Models\AllowedTargetScope;
use Microsoft\Graph\Generated\Models\SubjectSet;
use Microsoft\Graph\Generated\Models\ExpirationPattern;
use Microsoft\Graph\Generated\Models\ExpirationPatternType;
use Microsoft\Graph\Generated\Models\AccessPackageAssignmentRequestorSettings;
use Microsoft\Graph\Generated\Models\AccessPackageAssignmentApprovalSettings;
use Microsoft\Graph\Generated\Models\AccessPackageApprovalStage;
use Microsoft\Graph\Generated\Models\AccessPackage;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new AccessPackageAssignmentPolicy();
$requestBody->setDisplayName('New Policy');
$requestBody->setDescription('policy for assignment');
$requestBody->setAllowedTargetScope(new AllowedTargetScope('notSpecified'));
$requestBody->setSpecificAllowedTargets([ ]);
$expiration = new ExpirationPattern();
$expiration->setEndDateTime(null);
$expiration->setDuration(null);
$expiration->setType(new ExpirationPatternType('noExpiration'));
$requestBody->setExpiration($expiration);
$requestorSettings = new AccessPackageAssignmentRequestorSettings();
$requestorSettings->setEnableTargetsToSelfAddAccess(false);
$requestorSettings->setEnableTargetsToSelfUpdateAccess(false);
$requestorSettings->setEnableTargetsToSelfRemoveAccess(false);
$requestorSettings->setAllowCustomAssignmentSchedule(true);
$requestorSettings->setEnableOnBehalfRequestorsToAddAccess(false);
$requestorSettings->setEnableOnBehalfRequestorsToUpdateAccess(false);
$requestorSettings->setEnableOnBehalfRequestorsToRemoveAccess(false);
$requestorSettings->setOnBehalfRequestors([ ]);
$requestBody->setRequestorSettings($requestorSettings);
$requestApprovalSettings = new AccessPackageAssignmentApprovalSettings();
$requestApprovalSettings->setIsApprovalRequiredForAdd(false);
$requestApprovalSettings->setIsApprovalRequiredForUpdate(false);
$requestApprovalSettings->setStages([ ]);
$requestBody->setRequestApprovalSettings($requestApprovalSettings);
$accessPackage = new AccessPackage();
$accessPackage->setId('a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b');
$requestBody->setAccessPackage($accessPackage);
$result = $graphServiceClient->identityGovernance()->entitlementManagement()->assignmentPolicies()->post($requestBody)->wait();
プロジェクトに SDK を追加し、authProvider インスタンスを作成する方法の詳細については、SDK のドキュメントを参照してください。
Import-Module Microsoft.Graph.Identity.Governance
$params = @{
displayName = "New Policy"
description = "policy for assignment"
allowedTargetScope = "notSpecified"
specificAllowedTargets = @(
)
expiration = @{
endDateTime = $null
duration = $null
type = "noExpiration"
}
requestorSettings = @{
enableTargetsToSelfAddAccess = $false
enableTargetsToSelfUpdateAccess = $false
enableTargetsToSelfRemoveAccess = $false
allowCustomAssignmentSchedule = $true
enableOnBehalfRequestorsToAddAccess = $false
enableOnBehalfRequestorsToUpdateAccess = $false
enableOnBehalfRequestorsToRemoveAccess = $false
onBehalfRequestors = @(
)
}
requestApprovalSettings = @{
isApprovalRequiredForAdd = $false
isApprovalRequiredForUpdate = $false
stages = @(
)
}
accessPackage = @{
id = "a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b"
}
}
New-MgEntitlementManagementAssignmentPolicy -BodyParameter $params
プロジェクトに SDK を追加し、authProvider インスタンスを作成する方法の詳細については、SDK のドキュメントを参照してください。
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.models.access_package_assignment_policy import AccessPackageAssignmentPolicy
from msgraph.generated.models.allowed_target_scope import AllowedTargetScope
from msgraph.generated.models.subject_set import SubjectSet
from msgraph.generated.models.expiration_pattern import ExpirationPattern
from msgraph.generated.models.expiration_pattern_type import ExpirationPatternType
from msgraph.generated.models.access_package_assignment_requestor_settings import AccessPackageAssignmentRequestorSettings
from msgraph.generated.models.access_package_assignment_approval_settings import AccessPackageAssignmentApprovalSettings
from msgraph.generated.models.access_package_approval_stage import AccessPackageApprovalStage
from msgraph.generated.models.access_package import AccessPackage
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = AccessPackageAssignmentPolicy(
display_name = "New Policy",
description = "policy for assignment",
allowed_target_scope = AllowedTargetScope.NotSpecified,
specific_allowed_targets = [
],
expiration = ExpirationPattern(
end_date_time = None,
duration = None,
type = ExpirationPatternType.NoExpiration,
),
requestor_settings = AccessPackageAssignmentRequestorSettings(
enable_targets_to_self_add_access = False,
enable_targets_to_self_update_access = False,
enable_targets_to_self_remove_access = False,
allow_custom_assignment_schedule = True,
enable_on_behalf_requestors_to_add_access = False,
enable_on_behalf_requestors_to_update_access = False,
enable_on_behalf_requestors_to_remove_access = False,
on_behalf_requestors = [
],
),
request_approval_settings = AccessPackageAssignmentApprovalSettings(
is_approval_required_for_add = False,
is_approval_required_for_update = False,
stages = [
],
),
access_package = AccessPackage(
id = "a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b",
),
)
result = await graph_client.identity_governance.entitlement_management.assignment_policies.post(request_body)
プロジェクトに SDK を追加し、authProvider インスタンスを作成する方法の詳細については、SDK のドキュメントを参照してください。
応答
注: ここに示す応答オブジェクトは、読みやすさのために短縮されている場合があります。
HTTP/1.1 201 Created
Content-Type: application/json
{
"id": "87e1c7f7-c7f7-87e1-f7c7-e187f7c7e187",
"displayName": "New policy",
"description": "policy for assignment"
}
例 2: 他の組織のユーザーが要求するポリシーを作成する
次の例は、承認と定期的なアクセス レビューの 2 つの段階を持つ、より複雑なポリシーを示しています。
要求
POST https://graph.microsoft.com/v1.0/identityGovernance/entitlementManagement/assignmentPolicies
Content-Type: application/json
{
"displayName": "policy for external access requests",
"description": "policy for users from connected organizations to request access, with two stages of approval.",
"allowedTargetScope": "allConfiguredConnectedOrganizationUsers",
"specificAllowedTargets": [],
"expiration": {
"type": "noExpiration"
},
"requestorSettings": {
"enableTargetsToSelfAddAccess": true,
"enableTargetsToSelfUpdateAccess": true,
"enableTargetsToSelfRemoveAccess": true,
"allowCustomAssignmentSchedule": false,
"enableOnBehalfRequestorsToAddAccess": false,
"enableOnBehalfRequestorsToUpdateAccess": false,
"enableOnBehalfRequestorsToRemoveAccess": false,
"onBehalfRequestors": []
},
"requestApprovalSettings": {
"isApprovalRequiredForAdd": true,
"isApprovalRequiredForUpdate": false,
"stages": [
{
"durationBeforeAutomaticDenial": "P14D",
"isApproverJustificationRequired": false,
"isEscalationEnabled": false,
"durationBeforeEscalation": "PT0S",
"primaryApprovers": [
{
"@odata.type": "#microsoft.graph.internalSponsors"
}
],
"fallbackPrimaryApprovers": [
{
"@odata.type": "#microsoft.graph.singleUser",
"userId": "7deff43e-1f17-44ef-9e5f-d516b0ba11d4"
},
{
"@odata.type": "#microsoft.graph.groupMembers",
"groupId": "1623f912-5e86-41c2-af47-39dd67582b66"
}
],
"escalationApprovers": [],
"fallbackEscalationApprovers": []
},
{
"durationBeforeAutomaticDenial": "P14D",
"isApproverJustificationRequired": false,
"isEscalationEnabled": false,
"durationBeforeEscalation": "PT0S",
"primaryApprovers": [],
"fallbackPrimaryApprovers": [
{
"@odata.type": "#microsoft.graph.singleUser",
"userId": "46184453-e63b-4f20-86c2-c557ed5d5df9"
},
{
"@odata.type": "#microsoft.graph.groupMembers",
"groupId": "1623f912-5e86-41c2-af47-39dd67582b66"
}
],
"escalationApprovers": [],
"fallbackEscalationApprovers": []
}
]
},
"reviewSettings": {
"isEnabled": true,
"expirationBehavior": "keepAccess",
"isRecommendationEnabled": true,
"isReviewerJustificationRequired": true,
"isSelfReview": false,
"schedule": {
"startDateTime": "2022-07-02T06:59:59.998Z",
"expiration": {
"duration": "P14D",
"type": "afterDuration"
},
"recurrence": {
"pattern": {
"type": "absoluteMonthly",
"interval": 3,
"month": 0,
"dayOfMonth": 0,
"daysOfWeek": []
},
"range": {
"type": "noEnd",
"numberOfOccurrences": 0
}
}
},
"primaryReviewers": [
{
"@odata.type": "#microsoft.graph.groupMembers",
"groupId": "1623f912-5e86-41c2-af47-39dd67582b66"
}
],
"fallbackReviewers": []
},
"accessPackage": {
"id": "a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b"
}
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Models;
var requestBody = new AccessPackageAssignmentPolicy
{
DisplayName = "policy for external access requests",
Description = "policy for users from connected organizations to request access, with two stages of approval.",
AllowedTargetScope = AllowedTargetScope.AllConfiguredConnectedOrganizationUsers,
SpecificAllowedTargets = new List<SubjectSet>
{
},
Expiration = new ExpirationPattern
{
Type = ExpirationPatternType.NoExpiration,
},
RequestorSettings = new AccessPackageAssignmentRequestorSettings
{
EnableTargetsToSelfAddAccess = true,
EnableTargetsToSelfUpdateAccess = true,
EnableTargetsToSelfRemoveAccess = true,
AllowCustomAssignmentSchedule = false,
EnableOnBehalfRequestorsToAddAccess = false,
EnableOnBehalfRequestorsToUpdateAccess = false,
EnableOnBehalfRequestorsToRemoveAccess = false,
OnBehalfRequestors = new List<SubjectSet>
{
},
},
RequestApprovalSettings = new AccessPackageAssignmentApprovalSettings
{
IsApprovalRequiredForAdd = true,
IsApprovalRequiredForUpdate = false,
Stages = new List<AccessPackageApprovalStage>
{
new AccessPackageApprovalStage
{
DurationBeforeAutomaticDenial = TimeSpan.Parse("P14D"),
IsApproverJustificationRequired = false,
IsEscalationEnabled = false,
DurationBeforeEscalation = TimeSpan.Parse("PT0S"),
PrimaryApprovers = new List<SubjectSet>
{
new InternalSponsors
{
OdataType = "#microsoft.graph.internalSponsors",
},
},
FallbackPrimaryApprovers = new List<SubjectSet>
{
new SingleUser
{
OdataType = "#microsoft.graph.singleUser",
UserId = "7deff43e-1f17-44ef-9e5f-d516b0ba11d4",
},
new GroupMembers
{
OdataType = "#microsoft.graph.groupMembers",
GroupId = "1623f912-5e86-41c2-af47-39dd67582b66",
},
},
EscalationApprovers = new List<SubjectSet>
{
},
FallbackEscalationApprovers = new List<SubjectSet>
{
},
},
new AccessPackageApprovalStage
{
DurationBeforeAutomaticDenial = TimeSpan.Parse("P14D"),
IsApproverJustificationRequired = false,
IsEscalationEnabled = false,
DurationBeforeEscalation = TimeSpan.Parse("PT0S"),
PrimaryApprovers = new List<SubjectSet>
{
},
FallbackPrimaryApprovers = new List<SubjectSet>
{
new SingleUser
{
OdataType = "#microsoft.graph.singleUser",
UserId = "46184453-e63b-4f20-86c2-c557ed5d5df9",
},
new GroupMembers
{
OdataType = "#microsoft.graph.groupMembers",
GroupId = "1623f912-5e86-41c2-af47-39dd67582b66",
},
},
EscalationApprovers = new List<SubjectSet>
{
},
FallbackEscalationApprovers = new List<SubjectSet>
{
},
},
},
},
ReviewSettings = new AccessPackageAssignmentReviewSettings
{
IsEnabled = true,
ExpirationBehavior = AccessReviewExpirationBehavior.KeepAccess,
IsRecommendationEnabled = true,
IsReviewerJustificationRequired = true,
IsSelfReview = false,
Schedule = new EntitlementManagementSchedule
{
StartDateTime = DateTimeOffset.Parse("2022-07-02T06:59:59.998Z"),
Expiration = new ExpirationPattern
{
Duration = TimeSpan.Parse("P14D"),
Type = ExpirationPatternType.AfterDuration,
},
Recurrence = new PatternedRecurrence
{
Pattern = new RecurrencePattern
{
Type = RecurrencePatternType.AbsoluteMonthly,
Interval = 3,
Month = 0,
DayOfMonth = 0,
DaysOfWeek = new List<DayOfWeekObject>
{
},
},
Range = new RecurrenceRange
{
Type = RecurrenceRangeType.NoEnd,
NumberOfOccurrences = 0,
},
},
},
PrimaryReviewers = new List<SubjectSet>
{
new GroupMembers
{
OdataType = "#microsoft.graph.groupMembers",
GroupId = "1623f912-5e86-41c2-af47-39dd67582b66",
},
},
FallbackReviewers = new List<SubjectSet>
{
},
},
AccessPackage = new AccessPackage
{
Id = "a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b",
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.EntitlementManagement.AssignmentPolicies.PostAsync(requestBody);
プロジェクトに SDK を追加し、authProvider インスタンスを作成する方法の詳細については、SDK のドキュメントを参照してください。
mgc identity-governance entitlement-management assignment-policies create --body '{\
"displayName": "policy for external access requests",\
"description": "policy for users from connected organizations to request access, with two stages of approval.",\
"allowedTargetScope": "allConfiguredConnectedOrganizationUsers",\
"specificAllowedTargets": [],\
"expiration": {\
"type": "noExpiration"\
},\
"requestorSettings": {\
"enableTargetsToSelfAddAccess": true,\
"enableTargetsToSelfUpdateAccess": true,\
"enableTargetsToSelfRemoveAccess": true,\
"allowCustomAssignmentSchedule": false,\
"enableOnBehalfRequestorsToAddAccess": false,\
"enableOnBehalfRequestorsToUpdateAccess": false,\
"enableOnBehalfRequestorsToRemoveAccess": false,\
"onBehalfRequestors": []\
},\
"requestApprovalSettings": {\
"isApprovalRequiredForAdd": true,\
"isApprovalRequiredForUpdate": false,\
"stages": [\
{\
"durationBeforeAutomaticDenial": "P14D",\
"isApproverJustificationRequired": false,\
"isEscalationEnabled": false,\
"durationBeforeEscalation": "PT0S",\
"primaryApprovers": [\
{\
"@odata.type": "#microsoft.graph.internalSponsors"\
}\
],\
"fallbackPrimaryApprovers": [\
{\
"@odata.type": "#microsoft.graph.singleUser",\
"userId": "7deff43e-1f17-44ef-9e5f-d516b0ba11d4"\
},\
{\
"@odata.type": "#microsoft.graph.groupMembers",\
"groupId": "1623f912-5e86-41c2-af47-39dd67582b66"\
}\
],\
"escalationApprovers": [],\
"fallbackEscalationApprovers": []\
},\
{\
"durationBeforeAutomaticDenial": "P14D",\
"isApproverJustificationRequired": false,\
"isEscalationEnabled": false,\
"durationBeforeEscalation": "PT0S",\
"primaryApprovers": [],\
"fallbackPrimaryApprovers": [\
{\
"@odata.type": "#microsoft.graph.singleUser",\
"userId": "46184453-e63b-4f20-86c2-c557ed5d5df9"\
},\
{\
"@odata.type": "#microsoft.graph.groupMembers",\
"groupId": "1623f912-5e86-41c2-af47-39dd67582b66"\
}\
],\
"escalationApprovers": [],\
"fallbackEscalationApprovers": []\
}\
]\
},\
"reviewSettings": {\
"isEnabled": true,\
"expirationBehavior": "keepAccess",\
"isRecommendationEnabled": true,\
"isReviewerJustificationRequired": true,\
"isSelfReview": false,\
"schedule": {\
"startDateTime": "2022-07-02T06:59:59.998Z",\
"expiration": {\
"duration": "P14D",\
"type": "afterDuration"\
},\
"recurrence": {\
"pattern": {\
"type": "absoluteMonthly",\
"interval": 3,\
"month": 0,\
"dayOfMonth": 0,\
"daysOfWeek": []\
},\
"range": {\
"type": "noEnd",\
"numberOfOccurrences": 0\
}\
}\
},\
"primaryReviewers": [\
{\
"@odata.type": "#microsoft.graph.groupMembers",\
"groupId": "1623f912-5e86-41c2-af47-39dd67582b66"\
}\
],\
"fallbackReviewers": []\
},\
"accessPackage": {\
"id": "a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b"\
}\
}\
'
プロジェクトに SDK を追加し、authProvider インスタンスを作成する方法の詳細については、SDK のドキュメントを参照してください。
// Code snippets are only available for the latest major version. Current major version is $v1.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewAccessPackageAssignmentPolicy()
displayName := "policy for external access requests"
requestBody.SetDisplayName(&displayName)
description := "policy for users from connected organizations to request access, with two stages of approval."
requestBody.SetDescription(&description)
allowedTargetScope := graphmodels.ALLCONFIGUREDCONNECTEDORGANIZATIONUSERS_ALLOWEDTARGETSCOPE
requestBody.SetAllowedTargetScope(&allowedTargetScope)
specificAllowedTargets := []graphmodels.SubjectSetable {
}
requestBody.SetSpecificAllowedTargets(specificAllowedTargets)
expiration := graphmodels.NewExpirationPattern()
type := graphmodels.NOEXPIRATION_EXPIRATIONPATTERNTYPE
expiration.SetType(&type)
requestBody.SetExpiration(expiration)
requestorSettings := graphmodels.NewAccessPackageAssignmentRequestorSettings()
enableTargetsToSelfAddAccess := true
requestorSettings.SetEnableTargetsToSelfAddAccess(&enableTargetsToSelfAddAccess)
enableTargetsToSelfUpdateAccess := true
requestorSettings.SetEnableTargetsToSelfUpdateAccess(&enableTargetsToSelfUpdateAccess)
enableTargetsToSelfRemoveAccess := true
requestorSettings.SetEnableTargetsToSelfRemoveAccess(&enableTargetsToSelfRemoveAccess)
allowCustomAssignmentSchedule := false
requestorSettings.SetAllowCustomAssignmentSchedule(&allowCustomAssignmentSchedule)
enableOnBehalfRequestorsToAddAccess := false
requestorSettings.SetEnableOnBehalfRequestorsToAddAccess(&enableOnBehalfRequestorsToAddAccess)
enableOnBehalfRequestorsToUpdateAccess := false
requestorSettings.SetEnableOnBehalfRequestorsToUpdateAccess(&enableOnBehalfRequestorsToUpdateAccess)
enableOnBehalfRequestorsToRemoveAccess := false
requestorSettings.SetEnableOnBehalfRequestorsToRemoveAccess(&enableOnBehalfRequestorsToRemoveAccess)
onBehalfRequestors := []graphmodels.SubjectSetable {
}
requestorSettings.SetOnBehalfRequestors(onBehalfRequestors)
requestBody.SetRequestorSettings(requestorSettings)
requestApprovalSettings := graphmodels.NewAccessPackageAssignmentApprovalSettings()
isApprovalRequiredForAdd := true
requestApprovalSettings.SetIsApprovalRequiredForAdd(&isApprovalRequiredForAdd)
isApprovalRequiredForUpdate := false
requestApprovalSettings.SetIsApprovalRequiredForUpdate(&isApprovalRequiredForUpdate)
accessPackageApprovalStage := graphmodels.NewAccessPackageApprovalStage()
durationBeforeAutomaticDenial , err := abstractions.ParseISODuration("P14D")
accessPackageApprovalStage.SetDurationBeforeAutomaticDenial(&durationBeforeAutomaticDenial)
isApproverJustificationRequired := false
accessPackageApprovalStage.SetIsApproverJustificationRequired(&isApproverJustificationRequired)
isEscalationEnabled := false
accessPackageApprovalStage.SetIsEscalationEnabled(&isEscalationEnabled)
durationBeforeEscalation , err := abstractions.ParseISODuration("PT0S")
accessPackageApprovalStage.SetDurationBeforeEscalation(&durationBeforeEscalation)
subjectSet := graphmodels.NewInternalSponsors()
primaryApprovers := []graphmodels.SubjectSetable {
subjectSet,
}
accessPackageApprovalStage.SetPrimaryApprovers(primaryApprovers)
subjectSet := graphmodels.NewSingleUser()
userId := "7deff43e-1f17-44ef-9e5f-d516b0ba11d4"
subjectSet.SetUserId(&userId)
subjectSet1 := graphmodels.NewGroupMembers()
groupId := "1623f912-5e86-41c2-af47-39dd67582b66"
subjectSet1.SetGroupId(&groupId)
fallbackPrimaryApprovers := []graphmodels.SubjectSetable {
subjectSet,
subjectSet1,
}
accessPackageApprovalStage.SetFallbackPrimaryApprovers(fallbackPrimaryApprovers)
escalationApprovers := []graphmodels.SubjectSetable {
}
accessPackageApprovalStage.SetEscalationApprovers(escalationApprovers)
fallbackEscalationApprovers := []graphmodels.SubjectSetable {
}
accessPackageApprovalStage.SetFallbackEscalationApprovers(fallbackEscalationApprovers)
accessPackageApprovalStage1 := graphmodels.NewAccessPackageApprovalStage()
durationBeforeAutomaticDenial , err := abstractions.ParseISODuration("P14D")
accessPackageApprovalStage1.SetDurationBeforeAutomaticDenial(&durationBeforeAutomaticDenial)
isApproverJustificationRequired := false
accessPackageApprovalStage1.SetIsApproverJustificationRequired(&isApproverJustificationRequired)
isEscalationEnabled := false
accessPackageApprovalStage1.SetIsEscalationEnabled(&isEscalationEnabled)
durationBeforeEscalation , err := abstractions.ParseISODuration("PT0S")
accessPackageApprovalStage1.SetDurationBeforeEscalation(&durationBeforeEscalation)
primaryApprovers := []graphmodels.SubjectSetable {
}
accessPackageApprovalStage1.SetPrimaryApprovers(primaryApprovers)
subjectSet := graphmodels.NewSingleUser()
userId := "46184453-e63b-4f20-86c2-c557ed5d5df9"
subjectSet.SetUserId(&userId)
subjectSet1 := graphmodels.NewGroupMembers()
groupId := "1623f912-5e86-41c2-af47-39dd67582b66"
subjectSet1.SetGroupId(&groupId)
fallbackPrimaryApprovers := []graphmodels.SubjectSetable {
subjectSet,
subjectSet1,
}
accessPackageApprovalStage1.SetFallbackPrimaryApprovers(fallbackPrimaryApprovers)
escalationApprovers := []graphmodels.SubjectSetable {
}
accessPackageApprovalStage1.SetEscalationApprovers(escalationApprovers)
fallbackEscalationApprovers := []graphmodels.SubjectSetable {
}
accessPackageApprovalStage1.SetFallbackEscalationApprovers(fallbackEscalationApprovers)
stages := []graphmodels.AccessPackageApprovalStageable {
accessPackageApprovalStage,
accessPackageApprovalStage1,
}
requestApprovalSettings.SetStages(stages)
requestBody.SetRequestApprovalSettings(requestApprovalSettings)
reviewSettings := graphmodels.NewAccessPackageAssignmentReviewSettings()
isEnabled := true
reviewSettings.SetIsEnabled(&isEnabled)
expirationBehavior := graphmodels.KEEPACCESS_ACCESSREVIEWEXPIRATIONBEHAVIOR
reviewSettings.SetExpirationBehavior(&expirationBehavior)
isRecommendationEnabled := true
reviewSettings.SetIsRecommendationEnabled(&isRecommendationEnabled)
isReviewerJustificationRequired := true
reviewSettings.SetIsReviewerJustificationRequired(&isReviewerJustificationRequired)
isSelfReview := false
reviewSettings.SetIsSelfReview(&isSelfReview)
schedule := graphmodels.NewEntitlementManagementSchedule()
startDateTime , err := time.Parse(time.RFC3339, "2022-07-02T06:59:59.998Z")
schedule.SetStartDateTime(&startDateTime)
expiration := graphmodels.NewExpirationPattern()
duration , err := abstractions.ParseISODuration("P14D")
expiration.SetDuration(&duration)
type := graphmodels.AFTERDURATION_EXPIRATIONPATTERNTYPE
expiration.SetType(&type)
schedule.SetExpiration(expiration)
recurrence := graphmodels.NewPatternedRecurrence()
pattern := graphmodels.NewRecurrencePattern()
type := graphmodels.ABSOLUTEMONTHLY_RECURRENCEPATTERNTYPE
pattern.SetType(&type)
interval := int32(3)
pattern.SetInterval(&interval)
month := int32(0)
pattern.SetMonth(&month)
dayOfMonth := int32(0)
pattern.SetDayOfMonth(&dayOfMonth)
daysOfWeek := []graphmodels.DayOfWeekable {
}
pattern.SetDaysOfWeek(daysOfWeek)
recurrence.SetPattern(pattern)
range := graphmodels.NewRecurrenceRange()
type := graphmodels.NOEND_RECURRENCERANGETYPE
range.SetType(&type)
numberOfOccurrences := int32(0)
range.SetNumberOfOccurrences(&numberOfOccurrences)
recurrence.SetRange(range)
schedule.SetRecurrence(recurrence)
reviewSettings.SetSchedule(schedule)
subjectSet := graphmodels.NewGroupMembers()
groupId := "1623f912-5e86-41c2-af47-39dd67582b66"
subjectSet.SetGroupId(&groupId)
primaryReviewers := []graphmodels.SubjectSetable {
subjectSet,
}
reviewSettings.SetPrimaryReviewers(primaryReviewers)
fallbackReviewers := []graphmodels.SubjectSetable {
}
reviewSettings.SetFallbackReviewers(fallbackReviewers)
requestBody.SetReviewSettings(reviewSettings)
accessPackage := graphmodels.NewAccessPackage()
id := "a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b"
accessPackage.SetId(&id)
requestBody.SetAccessPackage(accessPackage)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
assignmentPolicies, err := graphClient.IdentityGovernance().EntitlementManagement().AssignmentPolicies().Post(context.Background(), requestBody, nil)
プロジェクトに SDK を追加し、authProvider インスタンスを作成する方法の詳細については、SDK のドキュメントを参照してください。
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
AccessPackageAssignmentPolicy accessPackageAssignmentPolicy = new AccessPackageAssignmentPolicy();
accessPackageAssignmentPolicy.setDisplayName("policy for external access requests");
accessPackageAssignmentPolicy.setDescription("policy for users from connected organizations to request access, with two stages of approval.");
accessPackageAssignmentPolicy.setAllowedTargetScope(AllowedTargetScope.AllConfiguredConnectedOrganizationUsers);
LinkedList<SubjectSet> specificAllowedTargets = new LinkedList<SubjectSet>();
accessPackageAssignmentPolicy.setSpecificAllowedTargets(specificAllowedTargets);
ExpirationPattern expiration = new ExpirationPattern();
expiration.setType(ExpirationPatternType.NoExpiration);
accessPackageAssignmentPolicy.setExpiration(expiration);
AccessPackageAssignmentRequestorSettings requestorSettings = new AccessPackageAssignmentRequestorSettings();
requestorSettings.setEnableTargetsToSelfAddAccess(true);
requestorSettings.setEnableTargetsToSelfUpdateAccess(true);
requestorSettings.setEnableTargetsToSelfRemoveAccess(true);
requestorSettings.setAllowCustomAssignmentSchedule(false);
requestorSettings.setEnableOnBehalfRequestorsToAddAccess(false);
requestorSettings.setEnableOnBehalfRequestorsToUpdateAccess(false);
requestorSettings.setEnableOnBehalfRequestorsToRemoveAccess(false);
LinkedList<SubjectSet> onBehalfRequestors = new LinkedList<SubjectSet>();
requestorSettings.setOnBehalfRequestors(onBehalfRequestors);
accessPackageAssignmentPolicy.setRequestorSettings(requestorSettings);
AccessPackageAssignmentApprovalSettings requestApprovalSettings = new AccessPackageAssignmentApprovalSettings();
requestApprovalSettings.setIsApprovalRequiredForAdd(true);
requestApprovalSettings.setIsApprovalRequiredForUpdate(false);
LinkedList<AccessPackageApprovalStage> stages = new LinkedList<AccessPackageApprovalStage>();
AccessPackageApprovalStage accessPackageApprovalStage = new AccessPackageApprovalStage();
PeriodAndDuration durationBeforeAutomaticDenial = PeriodAndDuration.ofDuration(Duration.parse("P14D"));
accessPackageApprovalStage.setDurationBeforeAutomaticDenial(durationBeforeAutomaticDenial);
accessPackageApprovalStage.setIsApproverJustificationRequired(false);
accessPackageApprovalStage.setIsEscalationEnabled(false);
PeriodAndDuration durationBeforeEscalation = PeriodAndDuration.ofDuration(Duration.parse("PT0S"));
accessPackageApprovalStage.setDurationBeforeEscalation(durationBeforeEscalation);
LinkedList<SubjectSet> primaryApprovers = new LinkedList<SubjectSet>();
InternalSponsors subjectSet = new InternalSponsors();
subjectSet.setOdataType("#microsoft.graph.internalSponsors");
primaryApprovers.add(subjectSet);
accessPackageApprovalStage.setPrimaryApprovers(primaryApprovers);
LinkedList<SubjectSet> fallbackPrimaryApprovers = new LinkedList<SubjectSet>();
SingleUser subjectSet1 = new SingleUser();
subjectSet1.setOdataType("#microsoft.graph.singleUser");
subjectSet1.setUserId("7deff43e-1f17-44ef-9e5f-d516b0ba11d4");
fallbackPrimaryApprovers.add(subjectSet1);
GroupMembers subjectSet2 = new GroupMembers();
subjectSet2.setOdataType("#microsoft.graph.groupMembers");
subjectSet2.setGroupId("1623f912-5e86-41c2-af47-39dd67582b66");
fallbackPrimaryApprovers.add(subjectSet2);
accessPackageApprovalStage.setFallbackPrimaryApprovers(fallbackPrimaryApprovers);
LinkedList<SubjectSet> escalationApprovers = new LinkedList<SubjectSet>();
accessPackageApprovalStage.setEscalationApprovers(escalationApprovers);
LinkedList<SubjectSet> fallbackEscalationApprovers = new LinkedList<SubjectSet>();
accessPackageApprovalStage.setFallbackEscalationApprovers(fallbackEscalationApprovers);
stages.add(accessPackageApprovalStage);
AccessPackageApprovalStage accessPackageApprovalStage1 = new AccessPackageApprovalStage();
PeriodAndDuration durationBeforeAutomaticDenial1 = PeriodAndDuration.ofDuration(Duration.parse("P14D"));
accessPackageApprovalStage1.setDurationBeforeAutomaticDenial(durationBeforeAutomaticDenial1);
accessPackageApprovalStage1.setIsApproverJustificationRequired(false);
accessPackageApprovalStage1.setIsEscalationEnabled(false);
PeriodAndDuration durationBeforeEscalation1 = PeriodAndDuration.ofDuration(Duration.parse("PT0S"));
accessPackageApprovalStage1.setDurationBeforeEscalation(durationBeforeEscalation1);
LinkedList<SubjectSet> primaryApprovers1 = new LinkedList<SubjectSet>();
accessPackageApprovalStage1.setPrimaryApprovers(primaryApprovers1);
LinkedList<SubjectSet> fallbackPrimaryApprovers1 = new LinkedList<SubjectSet>();
SingleUser subjectSet3 = new SingleUser();
subjectSet3.setOdataType("#microsoft.graph.singleUser");
subjectSet3.setUserId("46184453-e63b-4f20-86c2-c557ed5d5df9");
fallbackPrimaryApprovers1.add(subjectSet3);
GroupMembers subjectSet4 = new GroupMembers();
subjectSet4.setOdataType("#microsoft.graph.groupMembers");
subjectSet4.setGroupId("1623f912-5e86-41c2-af47-39dd67582b66");
fallbackPrimaryApprovers1.add(subjectSet4);
accessPackageApprovalStage1.setFallbackPrimaryApprovers(fallbackPrimaryApprovers1);
LinkedList<SubjectSet> escalationApprovers1 = new LinkedList<SubjectSet>();
accessPackageApprovalStage1.setEscalationApprovers(escalationApprovers1);
LinkedList<SubjectSet> fallbackEscalationApprovers1 = new LinkedList<SubjectSet>();
accessPackageApprovalStage1.setFallbackEscalationApprovers(fallbackEscalationApprovers1);
stages.add(accessPackageApprovalStage1);
requestApprovalSettings.setStages(stages);
accessPackageAssignmentPolicy.setRequestApprovalSettings(requestApprovalSettings);
AccessPackageAssignmentReviewSettings reviewSettings = new AccessPackageAssignmentReviewSettings();
reviewSettings.setIsEnabled(true);
reviewSettings.setExpirationBehavior(AccessReviewExpirationBehavior.KeepAccess);
reviewSettings.setIsRecommendationEnabled(true);
reviewSettings.setIsReviewerJustificationRequired(true);
reviewSettings.setIsSelfReview(false);
EntitlementManagementSchedule schedule = new EntitlementManagementSchedule();
OffsetDateTime startDateTime = OffsetDateTime.parse("2022-07-02T06:59:59.998Z");
schedule.setStartDateTime(startDateTime);
ExpirationPattern expiration1 = new ExpirationPattern();
PeriodAndDuration duration = PeriodAndDuration.ofDuration(Duration.parse("P14D"));
expiration1.setDuration(duration);
expiration1.setType(ExpirationPatternType.AfterDuration);
schedule.setExpiration(expiration1);
PatternedRecurrence recurrence = new PatternedRecurrence();
RecurrencePattern pattern = new RecurrencePattern();
pattern.setType(RecurrencePatternType.AbsoluteMonthly);
pattern.setInterval(3);
pattern.setMonth(0);
pattern.setDayOfMonth(0);
LinkedList<DayOfWeek> daysOfWeek = new LinkedList<DayOfWeek>();
pattern.setDaysOfWeek(daysOfWeek);
recurrence.setPattern(pattern);
RecurrenceRange range = new RecurrenceRange();
range.setType(RecurrenceRangeType.NoEnd);
range.setNumberOfOccurrences(0);
recurrence.setRange(range);
schedule.setRecurrence(recurrence);
reviewSettings.setSchedule(schedule);
LinkedList<SubjectSet> primaryReviewers = new LinkedList<SubjectSet>();
GroupMembers subjectSet5 = new GroupMembers();
subjectSet5.setOdataType("#microsoft.graph.groupMembers");
subjectSet5.setGroupId("1623f912-5e86-41c2-af47-39dd67582b66");
primaryReviewers.add(subjectSet5);
reviewSettings.setPrimaryReviewers(primaryReviewers);
LinkedList<SubjectSet> fallbackReviewers = new LinkedList<SubjectSet>();
reviewSettings.setFallbackReviewers(fallbackReviewers);
accessPackageAssignmentPolicy.setReviewSettings(reviewSettings);
AccessPackage accessPackage = new AccessPackage();
accessPackage.setId("a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b");
accessPackageAssignmentPolicy.setAccessPackage(accessPackage);
AccessPackageAssignmentPolicy result = graphClient.identityGovernance().entitlementManagement().assignmentPolicies().post(accessPackageAssignmentPolicy);
プロジェクトに SDK を追加し、authProvider インスタンスを作成する方法の詳細については、SDK のドキュメントを参照してください。
const options = {
authProvider,
};
const client = Client.init(options);
const accessPackageAssignmentPolicy = {
displayName: 'policy for external access requests',
description: 'policy for users from connected organizations to request access, with two stages of approval.',
allowedTargetScope: 'allConfiguredConnectedOrganizationUsers',
specificAllowedTargets: [],
expiration: {
type: 'noExpiration'
},
requestorSettings: {
enableTargetsToSelfAddAccess: true,
enableTargetsToSelfUpdateAccess: true,
enableTargetsToSelfRemoveAccess: true,
allowCustomAssignmentSchedule: false,
enableOnBehalfRequestorsToAddAccess: false,
enableOnBehalfRequestorsToUpdateAccess: false,
enableOnBehalfRequestorsToRemoveAccess: false,
onBehalfRequestors: []
},
requestApprovalSettings: {
isApprovalRequiredForAdd: true,
isApprovalRequiredForUpdate: false,
stages: [
{
durationBeforeAutomaticDenial: 'P14D',
isApproverJustificationRequired: false,
isEscalationEnabled: false,
durationBeforeEscalation: 'PT0S',
primaryApprovers: [
{
'@odata.type': '#microsoft.graph.internalSponsors'
}
],
fallbackPrimaryApprovers: [
{
'@odata.type': '#microsoft.graph.singleUser',
userId: '7deff43e-1f17-44ef-9e5f-d516b0ba11d4'
},
{
'@odata.type': '#microsoft.graph.groupMembers',
groupId: '1623f912-5e86-41c2-af47-39dd67582b66'
}
],
escalationApprovers: [],
fallbackEscalationApprovers: []
},
{
durationBeforeAutomaticDenial: 'P14D',
isApproverJustificationRequired: false,
isEscalationEnabled: false,
durationBeforeEscalation: 'PT0S',
primaryApprovers: [],
fallbackPrimaryApprovers: [
{
'@odata.type': '#microsoft.graph.singleUser',
userId: '46184453-e63b-4f20-86c2-c557ed5d5df9'
},
{
'@odata.type': '#microsoft.graph.groupMembers',
groupId: '1623f912-5e86-41c2-af47-39dd67582b66'
}
],
escalationApprovers: [],
fallbackEscalationApprovers: []
}
]
},
reviewSettings: {
isEnabled: true,
expirationBehavior: 'keepAccess',
isRecommendationEnabled: true,
isReviewerJustificationRequired: true,
isSelfReview: false,
schedule: {
startDateTime: '2022-07-02T06:59:59.998Z',
expiration: {
duration: 'P14D',
type: 'afterDuration'
},
recurrence: {
pattern: {
type: 'absoluteMonthly',
interval: 3,
month: 0,
dayOfMonth: 0,
daysOfWeek: []
},
range: {
type: 'noEnd',
numberOfOccurrences: 0
}
}
},
primaryReviewers: [
{
'@odata.type': '#microsoft.graph.groupMembers',
groupId: '1623f912-5e86-41c2-af47-39dd67582b66'
}
],
fallbackReviewers: []
},
accessPackage: {
id: 'a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b'
}
};
await client.api('/identityGovernance/entitlementManagement/assignmentPolicies')
.post(accessPackageAssignmentPolicy);
プロジェクトに SDK を追加し、authProvider インスタンスを作成する方法の詳細については、SDK のドキュメントを参照してください。
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\AccessPackageAssignmentPolicy;
use Microsoft\Graph\Generated\Models\AllowedTargetScope;
use Microsoft\Graph\Generated\Models\SubjectSet;
use Microsoft\Graph\Generated\Models\ExpirationPattern;
use Microsoft\Graph\Generated\Models\ExpirationPatternType;
use Microsoft\Graph\Generated\Models\AccessPackageAssignmentRequestorSettings;
use Microsoft\Graph\Generated\Models\AccessPackageAssignmentApprovalSettings;
use Microsoft\Graph\Generated\Models\AccessPackageApprovalStage;
use Microsoft\Graph\Generated\Models\InternalSponsors;
use Microsoft\Graph\Generated\Models\SingleUser;
use Microsoft\Graph\Generated\Models\GroupMembers;
use Microsoft\Graph\Generated\Models\AccessPackageAssignmentReviewSettings;
use Microsoft\Graph\Generated\Models\AccessReviewExpirationBehavior;
use Microsoft\Graph\Generated\Models\EntitlementManagementSchedule;
use Microsoft\Graph\Generated\Models\PatternedRecurrence;
use Microsoft\Graph\Generated\Models\RecurrencePattern;
use Microsoft\Graph\Generated\Models\RecurrencePatternType;
use Microsoft\Graph\Generated\Models\DayOfWeek;
use Microsoft\Graph\Generated\Models\RecurrenceRange;
use Microsoft\Graph\Generated\Models\RecurrenceRangeType;
use Microsoft\Graph\Generated\Models\AccessPackage;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new AccessPackageAssignmentPolicy();
$requestBody->setDisplayName('policy for external access requests');
$requestBody->setDescription('policy for users from connected organizations to request access, with two stages of approval.');
$requestBody->setAllowedTargetScope(new AllowedTargetScope('allConfiguredConnectedOrganizationUsers'));
$requestBody->setSpecificAllowedTargets([ ]);
$expiration = new ExpirationPattern();
$expiration->setType(new ExpirationPatternType('noExpiration'));
$requestBody->setExpiration($expiration);
$requestorSettings = new AccessPackageAssignmentRequestorSettings();
$requestorSettings->setEnableTargetsToSelfAddAccess(true);
$requestorSettings->setEnableTargetsToSelfUpdateAccess(true);
$requestorSettings->setEnableTargetsToSelfRemoveAccess(true);
$requestorSettings->setAllowCustomAssignmentSchedule(false);
$requestorSettings->setEnableOnBehalfRequestorsToAddAccess(false);
$requestorSettings->setEnableOnBehalfRequestorsToUpdateAccess(false);
$requestorSettings->setEnableOnBehalfRequestorsToRemoveAccess(false);
$requestorSettings->setOnBehalfRequestors([ ]);
$requestBody->setRequestorSettings($requestorSettings);
$requestApprovalSettings = new AccessPackageAssignmentApprovalSettings();
$requestApprovalSettings->setIsApprovalRequiredForAdd(true);
$requestApprovalSettings->setIsApprovalRequiredForUpdate(false);
$stagesAccessPackageApprovalStage1 = new AccessPackageApprovalStage();
$stagesAccessPackageApprovalStage1->setDurationBeforeAutomaticDenial(new \DateInterval('P14D'));
$stagesAccessPackageApprovalStage1->setIsApproverJustificationRequired(false);
$stagesAccessPackageApprovalStage1->setIsEscalationEnabled(false);
$stagesAccessPackageApprovalStage1->setDurationBeforeEscalation(new \DateInterval('PT0S'));
$primaryApproversSubjectSet1 = new InternalSponsors();
$primaryApproversSubjectSet1->setOdataType('#microsoft.graph.internalSponsors');
$primaryApproversArray []= $primaryApproversSubjectSet1;
$stagesAccessPackageApprovalStage1->setPrimaryApprovers($primaryApproversArray);
$fallbackPrimaryApproversSubjectSet1 = new SingleUser();
$fallbackPrimaryApproversSubjectSet1->setOdataType('#microsoft.graph.singleUser');
$fallbackPrimaryApproversSubjectSet1->setUserId('7deff43e-1f17-44ef-9e5f-d516b0ba11d4');
$fallbackPrimaryApproversArray []= $fallbackPrimaryApproversSubjectSet1;
$fallbackPrimaryApproversSubjectSet2 = new GroupMembers();
$fallbackPrimaryApproversSubjectSet2->setOdataType('#microsoft.graph.groupMembers');
$fallbackPrimaryApproversSubjectSet2->setGroupId('1623f912-5e86-41c2-af47-39dd67582b66');
$fallbackPrimaryApproversArray []= $fallbackPrimaryApproversSubjectSet2;
$stagesAccessPackageApprovalStage1->setFallbackPrimaryApprovers($fallbackPrimaryApproversArray);
$stagesAccessPackageApprovalStage1->setEscalationApprovers([]);
$stagesAccessPackageApprovalStage1->setFallbackEscalationApprovers([]);
$stagesArray []= $stagesAccessPackageApprovalStage1;
$stagesAccessPackageApprovalStage2 = new AccessPackageApprovalStage();
$stagesAccessPackageApprovalStage2->setDurationBeforeAutomaticDenial(new \DateInterval('P14D'));
$stagesAccessPackageApprovalStage2->setIsApproverJustificationRequired(false);
$stagesAccessPackageApprovalStage2->setIsEscalationEnabled(false);
$stagesAccessPackageApprovalStage2->setDurationBeforeEscalation(new \DateInterval('PT0S'));
$stagesAccessPackageApprovalStage2->setPrimaryApprovers([]);
$fallbackPrimaryApproversSubjectSet1 = new SingleUser();
$fallbackPrimaryApproversSubjectSet1->setOdataType('#microsoft.graph.singleUser');
$fallbackPrimaryApproversSubjectSet1->setUserId('46184453-e63b-4f20-86c2-c557ed5d5df9');
$fallbackPrimaryApproversArray []= $fallbackPrimaryApproversSubjectSet1;
$fallbackPrimaryApproversSubjectSet2 = new GroupMembers();
$fallbackPrimaryApproversSubjectSet2->setOdataType('#microsoft.graph.groupMembers');
$fallbackPrimaryApproversSubjectSet2->setGroupId('1623f912-5e86-41c2-af47-39dd67582b66');
$fallbackPrimaryApproversArray []= $fallbackPrimaryApproversSubjectSet2;
$stagesAccessPackageApprovalStage2->setFallbackPrimaryApprovers($fallbackPrimaryApproversArray);
$stagesAccessPackageApprovalStage2->setEscalationApprovers([]);
$stagesAccessPackageApprovalStage2->setFallbackEscalationApprovers([]);
$stagesArray []= $stagesAccessPackageApprovalStage2;
$requestApprovalSettings->setStages($stagesArray);
$requestBody->setRequestApprovalSettings($requestApprovalSettings);
$reviewSettings = new AccessPackageAssignmentReviewSettings();
$reviewSettings->setIsEnabled(true);
$reviewSettings->setExpirationBehavior(new AccessReviewExpirationBehavior('keepAccess'));
$reviewSettings->setIsRecommendationEnabled(true);
$reviewSettings->setIsReviewerJustificationRequired(true);
$reviewSettings->setIsSelfReview(false);
$reviewSettingsSchedule = new EntitlementManagementSchedule();
$reviewSettingsSchedule->setStartDateTime(new \DateTime('2022-07-02T06:59:59.998Z'));
$reviewSettingsScheduleExpiration = new ExpirationPattern();
$reviewSettingsScheduleExpiration->setDuration(new \DateInterval('P14D'));
$reviewSettingsScheduleExpiration->setType(new ExpirationPatternType('afterDuration'));
$reviewSettingsSchedule->setExpiration($reviewSettingsScheduleExpiration);
$reviewSettingsScheduleRecurrence = new PatternedRecurrence();
$reviewSettingsScheduleRecurrencePattern = new RecurrencePattern();
$reviewSettingsScheduleRecurrencePattern->setType(new RecurrencePatternType('absoluteMonthly'));
$reviewSettingsScheduleRecurrencePattern->setInterval(3);
$reviewSettingsScheduleRecurrencePattern->setMonth(0);
$reviewSettingsScheduleRecurrencePattern->setDayOfMonth(0);
$reviewSettingsScheduleRecurrencePattern->setDaysOfWeek([]);
$reviewSettingsScheduleRecurrence->setPattern($reviewSettingsScheduleRecurrencePattern);
$reviewSettingsScheduleRecurrenceRange = new RecurrenceRange();
$reviewSettingsScheduleRecurrenceRange->setType(new RecurrenceRangeType('noEnd'));
$reviewSettingsScheduleRecurrenceRange->setNumberOfOccurrences(0);
$reviewSettingsScheduleRecurrence->setRange($reviewSettingsScheduleRecurrenceRange);
$reviewSettingsSchedule->setRecurrence($reviewSettingsScheduleRecurrence);
$reviewSettings->setSchedule($reviewSettingsSchedule);
$primaryReviewersSubjectSet1 = new GroupMembers();
$primaryReviewersSubjectSet1->setOdataType('#microsoft.graph.groupMembers');
$primaryReviewersSubjectSet1->setGroupId('1623f912-5e86-41c2-af47-39dd67582b66');
$primaryReviewersArray []= $primaryReviewersSubjectSet1;
$reviewSettings->setPrimaryReviewers($primaryReviewersArray);
$reviewSettings->setFallbackReviewers([]);
$requestBody->setReviewSettings($reviewSettings);
$accessPackage = new AccessPackage();
$accessPackage->setId('a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b');
$requestBody->setAccessPackage($accessPackage);
$result = $graphServiceClient->identityGovernance()->entitlementManagement()->assignmentPolicies()->post($requestBody)->wait();
プロジェクトに SDK を追加し、authProvider インスタンスを作成する方法の詳細については、SDK のドキュメントを参照してください。
Import-Module Microsoft.Graph.Identity.Governance
$params = @{
displayName = "policy for external access requests"
description = "policy for users from connected organizations to request access, with two stages of approval."
allowedTargetScope = "allConfiguredConnectedOrganizationUsers"
specificAllowedTargets = @(
)
expiration = @{
type = "noExpiration"
}
requestorSettings = @{
enableTargetsToSelfAddAccess = $true
enableTargetsToSelfUpdateAccess = $true
enableTargetsToSelfRemoveAccess = $true
allowCustomAssignmentSchedule = $false
enableOnBehalfRequestorsToAddAccess = $false
enableOnBehalfRequestorsToUpdateAccess = $false
enableOnBehalfRequestorsToRemoveAccess = $false
onBehalfRequestors = @(
)
}
requestApprovalSettings = @{
isApprovalRequiredForAdd = $true
isApprovalRequiredForUpdate = $false
stages = @(
@{
durationBeforeAutomaticDenial = "P14D"
isApproverJustificationRequired = $false
isEscalationEnabled = $false
durationBeforeEscalation = "PT0S"
primaryApprovers = @(
@{
"@odata.type" = "#microsoft.graph.internalSponsors"
}
)
fallbackPrimaryApprovers = @(
@{
"@odata.type" = "#microsoft.graph.singleUser"
userId = "7deff43e-1f17-44ef-9e5f-d516b0ba11d4"
}
@{
"@odata.type" = "#microsoft.graph.groupMembers"
groupId = "1623f912-5e86-41c2-af47-39dd67582b66"
}
)
escalationApprovers = @(
)
fallbackEscalationApprovers = @(
)
}
@{
durationBeforeAutomaticDenial = "P14D"
isApproverJustificationRequired = $false
isEscalationEnabled = $false
durationBeforeEscalation = "PT0S"
primaryApprovers = @(
)
fallbackPrimaryApprovers = @(
@{
"@odata.type" = "#microsoft.graph.singleUser"
userId = "46184453-e63b-4f20-86c2-c557ed5d5df9"
}
@{
"@odata.type" = "#microsoft.graph.groupMembers"
groupId = "1623f912-5e86-41c2-af47-39dd67582b66"
}
)
escalationApprovers = @(
)
fallbackEscalationApprovers = @(
)
}
)
}
reviewSettings = @{
isEnabled = $true
expirationBehavior = "keepAccess"
isRecommendationEnabled = $true
isReviewerJustificationRequired = $true
isSelfReview = $false
schedule = @{
startDateTime = [System.DateTime]::Parse("2022-07-02T06:59:59.998Z")
expiration = @{
duration = "P14D"
type = "afterDuration"
}
recurrence = @{
pattern = @{
type = "absoluteMonthly"
interval = 3
month = 0
dayOfMonth = 0
daysOfWeek = @(
)
}
range = @{
type = "noEnd"
numberOfOccurrences = 0
}
}
}
primaryReviewers = @(
@{
"@odata.type" = "#microsoft.graph.groupMembers"
groupId = "1623f912-5e86-41c2-af47-39dd67582b66"
}
)
fallbackReviewers = @(
)
}
accessPackage = @{
id = "a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b"
}
}
New-MgEntitlementManagementAssignmentPolicy -BodyParameter $params
プロジェクトに SDK を追加し、authProvider インスタンスを作成する方法の詳細については、SDK のドキュメントを参照してください。
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.models.access_package_assignment_policy import AccessPackageAssignmentPolicy
from msgraph.generated.models.allowed_target_scope import AllowedTargetScope
from msgraph.generated.models.subject_set import SubjectSet
from msgraph.generated.models.expiration_pattern import ExpirationPattern
from msgraph.generated.models.expiration_pattern_type import ExpirationPatternType
from msgraph.generated.models.access_package_assignment_requestor_settings import AccessPackageAssignmentRequestorSettings
from msgraph.generated.models.access_package_assignment_approval_settings import AccessPackageAssignmentApprovalSettings
from msgraph.generated.models.access_package_approval_stage import AccessPackageApprovalStage
from msgraph.generated.models.internal_sponsors import InternalSponsors
from msgraph.generated.models.single_user import SingleUser
from msgraph.generated.models.group_members import GroupMembers
from msgraph.generated.models.access_package_assignment_review_settings import AccessPackageAssignmentReviewSettings
from msgraph.generated.models.access_review_expiration_behavior import AccessReviewExpirationBehavior
from msgraph.generated.models.entitlement_management_schedule import EntitlementManagementSchedule
from msgraph.generated.models.patterned_recurrence import PatternedRecurrence
from msgraph.generated.models.recurrence_pattern import RecurrencePattern
from msgraph.generated.models.recurrence_pattern_type import RecurrencePatternType
from msgraph.generated.models.day_of_week import DayOfWeek
from msgraph.generated.models.recurrence_range import RecurrenceRange
from msgraph.generated.models.recurrence_range_type import RecurrenceRangeType
from msgraph.generated.models.access_package import AccessPackage
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = AccessPackageAssignmentPolicy(
display_name = "policy for external access requests",
description = "policy for users from connected organizations to request access, with two stages of approval.",
allowed_target_scope = AllowedTargetScope.AllConfiguredConnectedOrganizationUsers,
specific_allowed_targets = [
],
expiration = ExpirationPattern(
type = ExpirationPatternType.NoExpiration,
),
requestor_settings = AccessPackageAssignmentRequestorSettings(
enable_targets_to_self_add_access = True,
enable_targets_to_self_update_access = True,
enable_targets_to_self_remove_access = True,
allow_custom_assignment_schedule = False,
enable_on_behalf_requestors_to_add_access = False,
enable_on_behalf_requestors_to_update_access = False,
enable_on_behalf_requestors_to_remove_access = False,
on_behalf_requestors = [
],
),
request_approval_settings = AccessPackageAssignmentApprovalSettings(
is_approval_required_for_add = True,
is_approval_required_for_update = False,
stages = [
AccessPackageApprovalStage(
duration_before_automatic_denial = "P14D",
is_approver_justification_required = False,
is_escalation_enabled = False,
duration_before_escalation = "PT0S",
primary_approvers = [
InternalSponsors(
odata_type = "#microsoft.graph.internalSponsors",
),
],
fallback_primary_approvers = [
SingleUser(
odata_type = "#microsoft.graph.singleUser",
user_id = "7deff43e-1f17-44ef-9e5f-d516b0ba11d4",
),
GroupMembers(
odata_type = "#microsoft.graph.groupMembers",
group_id = "1623f912-5e86-41c2-af47-39dd67582b66",
),
],
escalation_approvers = [
],
fallback_escalation_approvers = [
],
),
AccessPackageApprovalStage(
duration_before_automatic_denial = "P14D",
is_approver_justification_required = False,
is_escalation_enabled = False,
duration_before_escalation = "PT0S",
primary_approvers = [
],
fallback_primary_approvers = [
SingleUser(
odata_type = "#microsoft.graph.singleUser",
user_id = "46184453-e63b-4f20-86c2-c557ed5d5df9",
),
GroupMembers(
odata_type = "#microsoft.graph.groupMembers",
group_id = "1623f912-5e86-41c2-af47-39dd67582b66",
),
],
escalation_approvers = [
],
fallback_escalation_approvers = [
],
),
],
),
review_settings = AccessPackageAssignmentReviewSettings(
is_enabled = True,
expiration_behavior = AccessReviewExpirationBehavior.KeepAccess,
is_recommendation_enabled = True,
is_reviewer_justification_required = True,
is_self_review = False,
schedule = EntitlementManagementSchedule(
start_date_time = "2022-07-02T06:59:59.998Z",
expiration = ExpirationPattern(
duration = "P14D",
type = ExpirationPatternType.AfterDuration,
),
recurrence = PatternedRecurrence(
pattern = RecurrencePattern(
type = RecurrencePatternType.AbsoluteMonthly,
interval = 3,
month = 0,
day_of_month = 0,
days_of_week = [
],
),
range = RecurrenceRange(
type = RecurrenceRangeType.NoEnd,
number_of_occurrences = 0,
),
),
),
primary_reviewers = [
GroupMembers(
odata_type = "#microsoft.graph.groupMembers",
group_id = "1623f912-5e86-41c2-af47-39dd67582b66",
),
],
fallback_reviewers = [
],
),
access_package = AccessPackage(
id = "a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b",
),
)
result = await graph_client.identity_governance.entitlement_management.assignment_policies.post(request_body)
プロジェクトに SDK を追加し、authProvider インスタンスを作成する方法の詳細については、SDK のドキュメントを参照してください。
応答
注: ここに示す応答オブジェクトは、読みやすさのために短縮されている場合があります。
HTTP/1.1 201 Created
Content-Type: application/json
{
"id": "9d8f2361-39be-482e-b267-34ad6baef4d3",
"displayName": "policy for external access requests",
"description": "policy for users from connected organizations to request access, with two stages of approval."
}
例 3: メンバーシップ ルールに基づいて割り当てを自動的に作成するポリシーを作成する
次の例は、営業部門のユーザーの割り当てを自動的に作成するポリシーを示しています。
要求
POST https://graph.microsoft.com/v1.0/identityGovernance/entitlementManagement/assignmentPolicies
Content-Type: application/json
{
"displayName": "Sales department users",
"description": "All users from sales department",
"allowedTargetScope": "specificDirectoryUsers",
"specificAllowedTargets": [
{
"@odata.type": "#microsoft.graph.attributeRuleMembers",
"description": "Membership rule for all users from sales department",
"membershipRule": "(user.department -eq \"Sales\")"
}
],
"automaticRequestSettings": {
"requestAccessForAllowedTargets": true,
"removeAccessWhenTargetLeavesAllowedTargets": true,
"gracePeriodBeforeAccessRemoval": "P7D"
},
"accessPackage": {
"id": "8a36831e-1527-4b2b-aff2-81259a8d8e76"
}
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Models;
var requestBody = new AccessPackageAssignmentPolicy
{
DisplayName = "Sales department users",
Description = "All users from sales department",
AllowedTargetScope = AllowedTargetScope.SpecificDirectoryUsers,
SpecificAllowedTargets = new List<SubjectSet>
{
new AttributeRuleMembers
{
OdataType = "#microsoft.graph.attributeRuleMembers",
Description = "Membership rule for all users from sales department",
MembershipRule = "(user.department -eq \"Sales\")",
},
},
AutomaticRequestSettings = new AccessPackageAutomaticRequestSettings
{
RequestAccessForAllowedTargets = true,
RemoveAccessWhenTargetLeavesAllowedTargets = true,
GracePeriodBeforeAccessRemoval = TimeSpan.Parse("P7D"),
},
AccessPackage = new AccessPackage
{
Id = "8a36831e-1527-4b2b-aff2-81259a8d8e76",
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.EntitlementManagement.AssignmentPolicies.PostAsync(requestBody);
プロジェクトに SDK を追加し、authProvider インスタンスを作成する方法の詳細については、SDK のドキュメントを参照してください。
mgc identity-governance entitlement-management assignment-policies create --body '{\
"displayName": "Sales department users",\
"description": "All users from sales department",\
"allowedTargetScope": "specificDirectoryUsers",\
"specificAllowedTargets": [\
{\
"@odata.type": "#microsoft.graph.attributeRuleMembers",\
"description": "Membership rule for all users from sales department",\
"membershipRule": "(user.department -eq \"Sales\")"\
}\
],\
"automaticRequestSettings": {\
"requestAccessForAllowedTargets": true,\
"removeAccessWhenTargetLeavesAllowedTargets": true,\
"gracePeriodBeforeAccessRemoval": "P7D"\
},\
"accessPackage": {\
"id": "8a36831e-1527-4b2b-aff2-81259a8d8e76"\
}\
}\
'
プロジェクトに SDK を追加し、authProvider インスタンスを作成する方法の詳細については、SDK のドキュメントを参照してください。
// Code snippets are only available for the latest major version. Current major version is $v1.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewAccessPackageAssignmentPolicy()
displayName := "Sales department users"
requestBody.SetDisplayName(&displayName)
description := "All users from sales department"
requestBody.SetDescription(&description)
allowedTargetScope := graphmodels.SPECIFICDIRECTORYUSERS_ALLOWEDTARGETSCOPE
requestBody.SetAllowedTargetScope(&allowedTargetScope)
subjectSet := graphmodels.NewAttributeRuleMembers()
description := "Membership rule for all users from sales department"
subjectSet.SetDescription(&description)
membershipRule := "(user.department -eq \"Sales\")"
subjectSet.SetMembershipRule(&membershipRule)
specificAllowedTargets := []graphmodels.SubjectSetable {
subjectSet,
}
requestBody.SetSpecificAllowedTargets(specificAllowedTargets)
automaticRequestSettings := graphmodels.NewAccessPackageAutomaticRequestSettings()
requestAccessForAllowedTargets := true
automaticRequestSettings.SetRequestAccessForAllowedTargets(&requestAccessForAllowedTargets)
removeAccessWhenTargetLeavesAllowedTargets := true
automaticRequestSettings.SetRemoveAccessWhenTargetLeavesAllowedTargets(&removeAccessWhenTargetLeavesAllowedTargets)
gracePeriodBeforeAccessRemoval , err := abstractions.ParseISODuration("P7D")
automaticRequestSettings.SetGracePeriodBeforeAccessRemoval(&gracePeriodBeforeAccessRemoval)
requestBody.SetAutomaticRequestSettings(automaticRequestSettings)
accessPackage := graphmodels.NewAccessPackage()
id := "8a36831e-1527-4b2b-aff2-81259a8d8e76"
accessPackage.SetId(&id)
requestBody.SetAccessPackage(accessPackage)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
assignmentPolicies, err := graphClient.IdentityGovernance().EntitlementManagement().AssignmentPolicies().Post(context.Background(), requestBody, nil)
プロジェクトに SDK を追加し、authProvider インスタンスを作成する方法の詳細については、SDK のドキュメントを参照してください。
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
AccessPackageAssignmentPolicy accessPackageAssignmentPolicy = new AccessPackageAssignmentPolicy();
accessPackageAssignmentPolicy.setDisplayName("Sales department users");
accessPackageAssignmentPolicy.setDescription("All users from sales department");
accessPackageAssignmentPolicy.setAllowedTargetScope(AllowedTargetScope.SpecificDirectoryUsers);
LinkedList<SubjectSet> specificAllowedTargets = new LinkedList<SubjectSet>();
AttributeRuleMembers subjectSet = new AttributeRuleMembers();
subjectSet.setOdataType("#microsoft.graph.attributeRuleMembers");
subjectSet.setDescription("Membership rule for all users from sales department");
subjectSet.setMembershipRule("(user.department -eq \"Sales\")");
specificAllowedTargets.add(subjectSet);
accessPackageAssignmentPolicy.setSpecificAllowedTargets(specificAllowedTargets);
AccessPackageAutomaticRequestSettings automaticRequestSettings = new AccessPackageAutomaticRequestSettings();
automaticRequestSettings.setRequestAccessForAllowedTargets(true);
automaticRequestSettings.setRemoveAccessWhenTargetLeavesAllowedTargets(true);
PeriodAndDuration gracePeriodBeforeAccessRemoval = PeriodAndDuration.ofDuration(Duration.parse("P7D"));
automaticRequestSettings.setGracePeriodBeforeAccessRemoval(gracePeriodBeforeAccessRemoval);
accessPackageAssignmentPolicy.setAutomaticRequestSettings(automaticRequestSettings);
AccessPackage accessPackage = new AccessPackage();
accessPackage.setId("8a36831e-1527-4b2b-aff2-81259a8d8e76");
accessPackageAssignmentPolicy.setAccessPackage(accessPackage);
AccessPackageAssignmentPolicy result = graphClient.identityGovernance().entitlementManagement().assignmentPolicies().post(accessPackageAssignmentPolicy);
プロジェクトに SDK を追加し、authProvider インスタンスを作成する方法の詳細については、SDK のドキュメントを参照してください。
const options = {
authProvider,
};
const client = Client.init(options);
const accessPackageAssignmentPolicy = {
displayName: 'Sales department users',
description: 'All users from sales department',
allowedTargetScope: 'specificDirectoryUsers',
specificAllowedTargets: [
{
'@odata.type': '#microsoft.graph.attributeRuleMembers',
description: 'Membership rule for all users from sales department',
membershipRule: '(user.department -eq \"Sales\")'
}
],
automaticRequestSettings: {
requestAccessForAllowedTargets: true,
removeAccessWhenTargetLeavesAllowedTargets: true,
gracePeriodBeforeAccessRemoval: 'P7D'
},
accessPackage: {
id: '8a36831e-1527-4b2b-aff2-81259a8d8e76'
}
};
await client.api('/identityGovernance/entitlementManagement/assignmentPolicies')
.post(accessPackageAssignmentPolicy);
プロジェクトに SDK を追加し、authProvider インスタンスを作成する方法の詳細については、SDK のドキュメントを参照してください。
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\AccessPackageAssignmentPolicy;
use Microsoft\Graph\Generated\Models\AllowedTargetScope;
use Microsoft\Graph\Generated\Models\SubjectSet;
use Microsoft\Graph\Generated\Models\AttributeRuleMembers;
use Microsoft\Graph\Generated\Models\AccessPackageAutomaticRequestSettings;
use Microsoft\Graph\Generated\Models\AccessPackage;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new AccessPackageAssignmentPolicy();
$requestBody->setDisplayName('Sales department users');
$requestBody->setDescription('All users from sales department');
$requestBody->setAllowedTargetScope(new AllowedTargetScope('specificDirectoryUsers'));
$specificAllowedTargetsSubjectSet1 = new AttributeRuleMembers();
$specificAllowedTargetsSubjectSet1->setOdataType('#microsoft.graph.attributeRuleMembers');
$specificAllowedTargetsSubjectSet1->setDescription('Membership rule for all users from sales department');
$specificAllowedTargetsSubjectSet1->setMembershipRule('(user.department -eq \"Sales\")');
$specificAllowedTargetsArray []= $specificAllowedTargetsSubjectSet1;
$requestBody->setSpecificAllowedTargets($specificAllowedTargetsArray);
$automaticRequestSettings = new AccessPackageAutomaticRequestSettings();
$automaticRequestSettings->setRequestAccessForAllowedTargets(true);
$automaticRequestSettings->setRemoveAccessWhenTargetLeavesAllowedTargets(true);
$automaticRequestSettings->setGracePeriodBeforeAccessRemoval(new \DateInterval('P7D'));
$requestBody->setAutomaticRequestSettings($automaticRequestSettings);
$accessPackage = new AccessPackage();
$accessPackage->setId('8a36831e-1527-4b2b-aff2-81259a8d8e76');
$requestBody->setAccessPackage($accessPackage);
$result = $graphServiceClient->identityGovernance()->entitlementManagement()->assignmentPolicies()->post($requestBody)->wait();
プロジェクトに SDK を追加し、authProvider インスタンスを作成する方法の詳細については、SDK のドキュメントを参照してください。
Import-Module Microsoft.Graph.Identity.Governance
$params = @{
displayName = "Sales department users"
description = "All users from sales department"
allowedTargetScope = "specificDirectoryUsers"
specificAllowedTargets = @(
@{
"@odata.type" = "#microsoft.graph.attributeRuleMembers"
description = "Membership rule for all users from sales department"
membershipRule = "(user.department -eq "Sales")"
}
)
automaticRequestSettings = @{
requestAccessForAllowedTargets = $true
removeAccessWhenTargetLeavesAllowedTargets = $true
gracePeriodBeforeAccessRemoval = "P7D"
}
accessPackage = @{
id = "8a36831e-1527-4b2b-aff2-81259a8d8e76"
}
}
New-MgEntitlementManagementAssignmentPolicy -BodyParameter $params
プロジェクトに SDK を追加し、authProvider インスタンスを作成する方法の詳細については、SDK のドキュメントを参照してください。
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.models.access_package_assignment_policy import AccessPackageAssignmentPolicy
from msgraph.generated.models.allowed_target_scope import AllowedTargetScope
from msgraph.generated.models.subject_set import SubjectSet
from msgraph.generated.models.attribute_rule_members import AttributeRuleMembers
from msgraph.generated.models.access_package_automatic_request_settings import AccessPackageAutomaticRequestSettings
from msgraph.generated.models.access_package import AccessPackage
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = AccessPackageAssignmentPolicy(
display_name = "Sales department users",
description = "All users from sales department",
allowed_target_scope = AllowedTargetScope.SpecificDirectoryUsers,
specific_allowed_targets = [
AttributeRuleMembers(
odata_type = "#microsoft.graph.attributeRuleMembers",
description = "Membership rule for all users from sales department",
membership_rule = "(user.department -eq \"Sales\")",
),
],
automatic_request_settings = AccessPackageAutomaticRequestSettings(
request_access_for_allowed_targets = True,
remove_access_when_target_leaves_allowed_targets = True,
grace_period_before_access_removal = "P7D",
),
access_package = AccessPackage(
id = "8a36831e-1527-4b2b-aff2-81259a8d8e76",
),
)
result = await graph_client.identity_governance.entitlement_management.assignment_policies.post(request_body)
プロジェクトに SDK を追加し、authProvider インスタンスを作成する方法の詳細については、SDK のドキュメントを参照してください。
応答
注: ここに示す応答オブジェクトは、読みやすさのために短縮されている場合があります。
HTTP/1.1 201 Created
Content-Type: application/json
{
"id": "962493bb-be02-4aeb-a233-a205bbfe1d8d",
"displayName": "Sales department users",
"description": "All users from sales department"
}
例 4: 承認者に追加情報を提供するためのアクセスを要求するときに、要求者が質問に回答するように求められるポリシーを作成します。
次の例は、営業部門のユーザーの割り当てを自動的に作成するポリシーを示しています。
要求
POST https://graph.microsoft.com/v1.0/identityGovernance/entitlementManagement/assignmentPolicies
Content-Type: application/json
{
"displayName": "A Policy With Questions",
"description": "",
"allowedTargetScope": "allMemberUsers",
"expiration": {
"type": "noExpiration"
},
"requestorSettings": {
"enableTargetsToSelfAddAccess": "true",
"enableTargetsToSelfUpdateAccess": "true",
"enableTargetsToSelfRemoveAccess": "true"
},
"requestApprovalSettings": {
"isApprovalRequiredForAdd": "true",
"isApprovalRequiredForUpdate": "true",
"stages": [
{
"durationBeforeAutomaticDenial": "P7D",
"isApproverJustificationRequired": "false",
"isEscalationEnabled": "false",
"fallbackPrimaryApprovers": [],
"escalationApprovers": [],
"fallbackEscalationApprovers": [],
"primaryApprovers": [
{
"@odata.type": "#microsoft.graph.singleUser",
"userId": "08a551cb-575a-4343-b914-f6e42798bd20"
}
]
}
]
},
"questions": [
{
"@odata.type": "#microsoft.graph.accessPackageMultipleChoiceQuestion",
"sequence": "1",
"isRequired": "true",
"isAnswerEditable": "true",
"text": "What country are you working from?",
"isMultipleSelectionAllowed": "false",
"choices": [
{
"@odata.type": "microsoft.graph.accessPackageAnswerChoice",
"actualValue": "KE",
"text": "Kenya"
},
{
"@odata.type": "microsoft.graph.accessPackageAnswerChoice",
"actualValue": "US",
"text": "United States"
},
{
"@odata.type": "microsoft.graph.accessPackageAnswerChoice",
"actualValue": "GY",
"text": "Guyana"
},
{
"@odata.type": "microsoft.graph.accessPackageAnswerChoice",
"actualValue": "BD",
"text": "Bangladesh"
},
{
"@odata.type": "microsoft.graph.accessPackageAnswerChoice",
"actualValue": "JP",
"text": "Japan"
}
]
},
{
"@odata.type": "#microsoft.graph.accessPackageTextInputQuestion",
"sequence": "2",
"isRequired": "true",
"isAnswerEditable": "true",
"text": "What do you do for work?",
"localizations": [
{
"languageCode": "fr-CA",
"text": "Que fais-tu comme travail?"
}
],
"isSingleLineQuestion": "false",
"regexPattern": "[a-zA-Z]+[a-zA-Z\\s]*"
}
],
"accessPackage": {
"id": "977c7ff4-ef8f-4910-9d31-49048ddf3120"
}
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Models;
var requestBody = new AccessPackageAssignmentPolicy
{
DisplayName = "A Policy With Questions",
Description = "",
AllowedTargetScope = AllowedTargetScope.AllMemberUsers,
Expiration = new ExpirationPattern
{
Type = ExpirationPatternType.NoExpiration,
},
RequestorSettings = new AccessPackageAssignmentRequestorSettings
{
EnableTargetsToSelfAddAccess = true,
EnableTargetsToSelfUpdateAccess = true,
EnableTargetsToSelfRemoveAccess = true,
},
RequestApprovalSettings = new AccessPackageAssignmentApprovalSettings
{
IsApprovalRequiredForAdd = true,
IsApprovalRequiredForUpdate = true,
Stages = new List<AccessPackageApprovalStage>
{
new AccessPackageApprovalStage
{
DurationBeforeAutomaticDenial = TimeSpan.Parse("P7D"),
IsApproverJustificationRequired = false,
IsEscalationEnabled = false,
FallbackPrimaryApprovers = new List<SubjectSet>
{
},
EscalationApprovers = new List<SubjectSet>
{
},
FallbackEscalationApprovers = new List<SubjectSet>
{
},
PrimaryApprovers = new List<SubjectSet>
{
new SingleUser
{
OdataType = "#microsoft.graph.singleUser",
UserId = "08a551cb-575a-4343-b914-f6e42798bd20",
},
},
},
},
},
Questions = new List<AccessPackageQuestion>
{
new AccessPackageMultipleChoiceQuestion
{
OdataType = "#microsoft.graph.accessPackageMultipleChoiceQuestion",
Sequence = 1,
IsRequired = true,
IsAnswerEditable = true,
Text = "What country are you working from?",
IsMultipleSelectionAllowed = false,
Choices = new List<AccessPackageAnswerChoice>
{
new AccessPackageAnswerChoice
{
OdataType = "microsoft.graph.accessPackageAnswerChoice",
ActualValue = "KE",
Text = "Kenya",
},
new AccessPackageAnswerChoice
{
OdataType = "microsoft.graph.accessPackageAnswerChoice",
ActualValue = "US",
Text = "United States",
},
new AccessPackageAnswerChoice
{
OdataType = "microsoft.graph.accessPackageAnswerChoice",
ActualValue = "GY",
Text = "Guyana",
},
new AccessPackageAnswerChoice
{
OdataType = "microsoft.graph.accessPackageAnswerChoice",
ActualValue = "BD",
Text = "Bangladesh",
},
new AccessPackageAnswerChoice
{
OdataType = "microsoft.graph.accessPackageAnswerChoice",
ActualValue = "JP",
Text = "Japan",
},
},
},
new AccessPackageTextInputQuestion
{
OdataType = "#microsoft.graph.accessPackageTextInputQuestion",
Sequence = 2,
IsRequired = true,
IsAnswerEditable = true,
Text = "What do you do for work?",
Localizations = new List<AccessPackageLocalizedText>
{
new AccessPackageLocalizedText
{
LanguageCode = "fr-CA",
Text = "Que fais-tu comme travail?",
},
},
IsSingleLineQuestion = false,
RegexPattern = "[a-zA-Z]+[a-zA-Z\s]*",
},
},
AccessPackage = new AccessPackage
{
Id = "977c7ff4-ef8f-4910-9d31-49048ddf3120",
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.EntitlementManagement.AssignmentPolicies.PostAsync(requestBody);
プロジェクトに SDK を追加し、authProvider インスタンスを作成する方法の詳細については、SDK のドキュメントを参照してください。
mgc identity-governance entitlement-management assignment-policies create --body '{\
"displayName": "A Policy With Questions",\
"description": "",\
"allowedTargetScope": "allMemberUsers",\
"expiration": {\
"type": "noExpiration"\
},\
"requestorSettings": {\
"enableTargetsToSelfAddAccess": "true",\
"enableTargetsToSelfUpdateAccess": "true",\
"enableTargetsToSelfRemoveAccess": "true"\
},\
"requestApprovalSettings": {\
"isApprovalRequiredForAdd": "true",\
"isApprovalRequiredForUpdate": "true",\
"stages": [\
{\
"durationBeforeAutomaticDenial": "P7D",\
"isApproverJustificationRequired": "false",\
"isEscalationEnabled": "false",\
"fallbackPrimaryApprovers": [],\
"escalationApprovers": [],\
"fallbackEscalationApprovers": [],\
"primaryApprovers": [\
{\
"@odata.type": "#microsoft.graph.singleUser",\
"userId": "08a551cb-575a-4343-b914-f6e42798bd20"\
}\
]\
}\
]\
},\
"questions": [\
{\
"@odata.type": "#microsoft.graph.accessPackageMultipleChoiceQuestion",\
"sequence": "1",\
"isRequired": "true",\
"isAnswerEditable": "true",\
"text": "What country are you working from?",\
"isMultipleSelectionAllowed": "false",\
"choices": [\
{\
"@odata.type": "microsoft.graph.accessPackageAnswerChoice",\
"actualValue": "KE",\
"text": "Kenya"\
},\
{\
"@odata.type": "microsoft.graph.accessPackageAnswerChoice",\
"actualValue": "US",\
"text": "United States"\
},\
{\
"@odata.type": "microsoft.graph.accessPackageAnswerChoice",\
"actualValue": "GY",\
"text": "Guyana"\
},\
{\
"@odata.type": "microsoft.graph.accessPackageAnswerChoice",\
"actualValue": "BD",\
"text": "Bangladesh"\
},\
{\
"@odata.type": "microsoft.graph.accessPackageAnswerChoice",\
"actualValue": "JP",\
"text": "Japan"\
}\
]\
},\
{\
"@odata.type": "#microsoft.graph.accessPackageTextInputQuestion",\
"sequence": "2",\
"isRequired": "true",\
"isAnswerEditable": "true",\
"text": "What do you do for work?",\
"localizations": [\
{\
"languageCode": "fr-CA",\
"text": "Que fais-tu comme travail?"\
}\
],\
"isSingleLineQuestion": "false",\
"regexPattern": "[a-zA-Z]+[a-zA-Z\\s]*"\
}\
],\
"accessPackage": {\
"id": "977c7ff4-ef8f-4910-9d31-49048ddf3120"\
}\
}\
'
プロジェクトに SDK を追加し、authProvider インスタンスを作成する方法の詳細については、SDK のドキュメントを参照してください。
// Code snippets are only available for the latest major version. Current major version is $v1.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewAccessPackageAssignmentPolicy()
displayName := "A Policy With Questions"
requestBody.SetDisplayName(&displayName)
description := ""
requestBody.SetDescription(&description)
allowedTargetScope := graphmodels.ALLMEMBERUSERS_ALLOWEDTARGETSCOPE
requestBody.SetAllowedTargetScope(&allowedTargetScope)
expiration := graphmodels.NewExpirationPattern()
type := graphmodels.NOEXPIRATION_EXPIRATIONPATTERNTYPE
expiration.SetType(&type)
requestBody.SetExpiration(expiration)
requestorSettings := graphmodels.NewAccessPackageAssignmentRequestorSettings()
enableTargetsToSelfAddAccess := true
requestorSettings.SetEnableTargetsToSelfAddAccess(&enableTargetsToSelfAddAccess)
enableTargetsToSelfUpdateAccess := true
requestorSettings.SetEnableTargetsToSelfUpdateAccess(&enableTargetsToSelfUpdateAccess)
enableTargetsToSelfRemoveAccess := true
requestorSettings.SetEnableTargetsToSelfRemoveAccess(&enableTargetsToSelfRemoveAccess)
requestBody.SetRequestorSettings(requestorSettings)
requestApprovalSettings := graphmodels.NewAccessPackageAssignmentApprovalSettings()
isApprovalRequiredForAdd := true
requestApprovalSettings.SetIsApprovalRequiredForAdd(&isApprovalRequiredForAdd)
isApprovalRequiredForUpdate := true
requestApprovalSettings.SetIsApprovalRequiredForUpdate(&isApprovalRequiredForUpdate)
accessPackageApprovalStage := graphmodels.NewAccessPackageApprovalStage()
durationBeforeAutomaticDenial , err := abstractions.ParseISODuration("P7D")
accessPackageApprovalStage.SetDurationBeforeAutomaticDenial(&durationBeforeAutomaticDenial)
isApproverJustificationRequired := false
accessPackageApprovalStage.SetIsApproverJustificationRequired(&isApproverJustificationRequired)
isEscalationEnabled := false
accessPackageApprovalStage.SetIsEscalationEnabled(&isEscalationEnabled)
fallbackPrimaryApprovers := []graphmodels.SubjectSetable {
}
accessPackageApprovalStage.SetFallbackPrimaryApprovers(fallbackPrimaryApprovers)
escalationApprovers := []graphmodels.SubjectSetable {
}
accessPackageApprovalStage.SetEscalationApprovers(escalationApprovers)
fallbackEscalationApprovers := []graphmodels.SubjectSetable {
}
accessPackageApprovalStage.SetFallbackEscalationApprovers(fallbackEscalationApprovers)
subjectSet := graphmodels.NewSingleUser()
userId := "08a551cb-575a-4343-b914-f6e42798bd20"
subjectSet.SetUserId(&userId)
primaryApprovers := []graphmodels.SubjectSetable {
subjectSet,
}
accessPackageApprovalStage.SetPrimaryApprovers(primaryApprovers)
stages := []graphmodels.AccessPackageApprovalStageable {
accessPackageApprovalStage,
}
requestApprovalSettings.SetStages(stages)
requestBody.SetRequestApprovalSettings(requestApprovalSettings)
accessPackageQuestion := graphmodels.NewAccessPackageMultipleChoiceQuestion()
sequence := int32(1)
accessPackageQuestion.SetSequence(&sequence)
isRequired := true
accessPackageQuestion.SetIsRequired(&isRequired)
isAnswerEditable := true
accessPackageQuestion.SetIsAnswerEditable(&isAnswerEditable)
text := "What country are you working from?"
accessPackageQuestion.SetText(&text)
isMultipleSelectionAllowed := false
accessPackageQuestion.SetIsMultipleSelectionAllowed(&isMultipleSelectionAllowed)
accessPackageAnswerChoice := graphmodels.NewAccessPackageAnswerChoice()
actualValue := "KE"
accessPackageAnswerChoice.SetActualValue(&actualValue)
text := "Kenya"
accessPackageAnswerChoice.SetText(&text)
accessPackageAnswerChoice1 := graphmodels.NewAccessPackageAnswerChoice()
actualValue := "US"
accessPackageAnswerChoice1.SetActualValue(&actualValue)
text := "United States"
accessPackageAnswerChoice1.SetText(&text)
accessPackageAnswerChoice2 := graphmodels.NewAccessPackageAnswerChoice()
actualValue := "GY"
accessPackageAnswerChoice2.SetActualValue(&actualValue)
text := "Guyana"
accessPackageAnswerChoice2.SetText(&text)
accessPackageAnswerChoice3 := graphmodels.NewAccessPackageAnswerChoice()
actualValue := "BD"
accessPackageAnswerChoice3.SetActualValue(&actualValue)
text := "Bangladesh"
accessPackageAnswerChoice3.SetText(&text)
accessPackageAnswerChoice4 := graphmodels.NewAccessPackageAnswerChoice()
actualValue := "JP"
accessPackageAnswerChoice4.SetActualValue(&actualValue)
text := "Japan"
accessPackageAnswerChoice4.SetText(&text)
choices := []graphmodels.AccessPackageAnswerChoiceable {
accessPackageAnswerChoice,
accessPackageAnswerChoice1,
accessPackageAnswerChoice2,
accessPackageAnswerChoice3,
accessPackageAnswerChoice4,
}
accessPackageQuestion.SetChoices(choices)
accessPackageQuestion1 := graphmodels.NewAccessPackageTextInputQuestion()
sequence := int32(2)
accessPackageQuestion1.SetSequence(&sequence)
isRequired := true
accessPackageQuestion1.SetIsRequired(&isRequired)
isAnswerEditable := true
accessPackageQuestion1.SetIsAnswerEditable(&isAnswerEditable)
text := "What do you do for work?"
accessPackageQuestion1.SetText(&text)
accessPackageLocalizedText := graphmodels.NewAccessPackageLocalizedText()
languageCode := "fr-CA"
accessPackageLocalizedText.SetLanguageCode(&languageCode)
text := "Que fais-tu comme travail?"
accessPackageLocalizedText.SetText(&text)
localizations := []graphmodels.AccessPackageLocalizedTextable {
accessPackageLocalizedText,
}
accessPackageQuestion1.SetLocalizations(localizations)
isSingleLineQuestion := false
accessPackageQuestion1.SetIsSingleLineQuestion(&isSingleLineQuestion)
regexPattern := "[a-zA-Z]+[a-zA-Z\s]*"
accessPackageQuestion1.SetRegexPattern(®exPattern)
questions := []graphmodels.AccessPackageQuestionable {
accessPackageQuestion,
accessPackageQuestion1,
}
requestBody.SetQuestions(questions)
accessPackage := graphmodels.NewAccessPackage()
id := "977c7ff4-ef8f-4910-9d31-49048ddf3120"
accessPackage.SetId(&id)
requestBody.SetAccessPackage(accessPackage)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
assignmentPolicies, err := graphClient.IdentityGovernance().EntitlementManagement().AssignmentPolicies().Post(context.Background(), requestBody, nil)
プロジェクトに SDK を追加し、authProvider インスタンスを作成する方法の詳細については、SDK のドキュメントを参照してください。
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
AccessPackageAssignmentPolicy accessPackageAssignmentPolicy = new AccessPackageAssignmentPolicy();
accessPackageAssignmentPolicy.setDisplayName("A Policy With Questions");
accessPackageAssignmentPolicy.setDescription("");
accessPackageAssignmentPolicy.setAllowedTargetScope(AllowedTargetScope.AllMemberUsers);
ExpirationPattern expiration = new ExpirationPattern();
expiration.setType(ExpirationPatternType.NoExpiration);
accessPackageAssignmentPolicy.setExpiration(expiration);
AccessPackageAssignmentRequestorSettings requestorSettings = new AccessPackageAssignmentRequestorSettings();
requestorSettings.setEnableTargetsToSelfAddAccess(true);
requestorSettings.setEnableTargetsToSelfUpdateAccess(true);
requestorSettings.setEnableTargetsToSelfRemoveAccess(true);
accessPackageAssignmentPolicy.setRequestorSettings(requestorSettings);
AccessPackageAssignmentApprovalSettings requestApprovalSettings = new AccessPackageAssignmentApprovalSettings();
requestApprovalSettings.setIsApprovalRequiredForAdd(true);
requestApprovalSettings.setIsApprovalRequiredForUpdate(true);
LinkedList<AccessPackageApprovalStage> stages = new LinkedList<AccessPackageApprovalStage>();
AccessPackageApprovalStage accessPackageApprovalStage = new AccessPackageApprovalStage();
PeriodAndDuration durationBeforeAutomaticDenial = PeriodAndDuration.ofDuration(Duration.parse("P7D"));
accessPackageApprovalStage.setDurationBeforeAutomaticDenial(durationBeforeAutomaticDenial);
accessPackageApprovalStage.setIsApproverJustificationRequired(false);
accessPackageApprovalStage.setIsEscalationEnabled(false);
LinkedList<SubjectSet> fallbackPrimaryApprovers = new LinkedList<SubjectSet>();
accessPackageApprovalStage.setFallbackPrimaryApprovers(fallbackPrimaryApprovers);
LinkedList<SubjectSet> escalationApprovers = new LinkedList<SubjectSet>();
accessPackageApprovalStage.setEscalationApprovers(escalationApprovers);
LinkedList<SubjectSet> fallbackEscalationApprovers = new LinkedList<SubjectSet>();
accessPackageApprovalStage.setFallbackEscalationApprovers(fallbackEscalationApprovers);
LinkedList<SubjectSet> primaryApprovers = new LinkedList<SubjectSet>();
SingleUser subjectSet = new SingleUser();
subjectSet.setOdataType("#microsoft.graph.singleUser");
subjectSet.setUserId("08a551cb-575a-4343-b914-f6e42798bd20");
primaryApprovers.add(subjectSet);
accessPackageApprovalStage.setPrimaryApprovers(primaryApprovers);
stages.add(accessPackageApprovalStage);
requestApprovalSettings.setStages(stages);
accessPackageAssignmentPolicy.setRequestApprovalSettings(requestApprovalSettings);
LinkedList<AccessPackageQuestion> questions = new LinkedList<AccessPackageQuestion>();
AccessPackageMultipleChoiceQuestion accessPackageQuestion = new AccessPackageMultipleChoiceQuestion();
accessPackageQuestion.setOdataType("#microsoft.graph.accessPackageMultipleChoiceQuestion");
accessPackageQuestion.setSequence(1);
accessPackageQuestion.setIsRequired(true);
accessPackageQuestion.setIsAnswerEditable(true);
accessPackageQuestion.setText("What country are you working from?");
accessPackageQuestion.setIsMultipleSelectionAllowed(false);
LinkedList<AccessPackageAnswerChoice> choices = new LinkedList<AccessPackageAnswerChoice>();
AccessPackageAnswerChoice accessPackageAnswerChoice = new AccessPackageAnswerChoice();
accessPackageAnswerChoice.setOdataType("microsoft.graph.accessPackageAnswerChoice");
accessPackageAnswerChoice.setActualValue("KE");
accessPackageAnswerChoice.setText("Kenya");
choices.add(accessPackageAnswerChoice);
AccessPackageAnswerChoice accessPackageAnswerChoice1 = new AccessPackageAnswerChoice();
accessPackageAnswerChoice1.setOdataType("microsoft.graph.accessPackageAnswerChoice");
accessPackageAnswerChoice1.setActualValue("US");
accessPackageAnswerChoice1.setText("United States");
choices.add(accessPackageAnswerChoice1);
AccessPackageAnswerChoice accessPackageAnswerChoice2 = new AccessPackageAnswerChoice();
accessPackageAnswerChoice2.setOdataType("microsoft.graph.accessPackageAnswerChoice");
accessPackageAnswerChoice2.setActualValue("GY");
accessPackageAnswerChoice2.setText("Guyana");
choices.add(accessPackageAnswerChoice2);
AccessPackageAnswerChoice accessPackageAnswerChoice3 = new AccessPackageAnswerChoice();
accessPackageAnswerChoice3.setOdataType("microsoft.graph.accessPackageAnswerChoice");
accessPackageAnswerChoice3.setActualValue("BD");
accessPackageAnswerChoice3.setText("Bangladesh");
choices.add(accessPackageAnswerChoice3);
AccessPackageAnswerChoice accessPackageAnswerChoice4 = new AccessPackageAnswerChoice();
accessPackageAnswerChoice4.setOdataType("microsoft.graph.accessPackageAnswerChoice");
accessPackageAnswerChoice4.setActualValue("JP");
accessPackageAnswerChoice4.setText("Japan");
choices.add(accessPackageAnswerChoice4);
accessPackageQuestion.setChoices(choices);
questions.add(accessPackageQuestion);
AccessPackageTextInputQuestion accessPackageQuestion1 = new AccessPackageTextInputQuestion();
accessPackageQuestion1.setOdataType("#microsoft.graph.accessPackageTextInputQuestion");
accessPackageQuestion1.setSequence(2);
accessPackageQuestion1.setIsRequired(true);
accessPackageQuestion1.setIsAnswerEditable(true);
accessPackageQuestion1.setText("What do you do for work?");
LinkedList<AccessPackageLocalizedText> localizations = new LinkedList<AccessPackageLocalizedText>();
AccessPackageLocalizedText accessPackageLocalizedText = new AccessPackageLocalizedText();
accessPackageLocalizedText.setLanguageCode("fr-CA");
accessPackageLocalizedText.setText("Que fais-tu comme travail?");
localizations.add(accessPackageLocalizedText);
accessPackageQuestion1.setLocalizations(localizations);
accessPackageQuestion1.setIsSingleLineQuestion(false);
accessPackageQuestion1.setRegexPattern("[a-zA-Z]+[a-zA-Z\s]*");
questions.add(accessPackageQuestion1);
accessPackageAssignmentPolicy.setQuestions(questions);
AccessPackage accessPackage = new AccessPackage();
accessPackage.setId("977c7ff4-ef8f-4910-9d31-49048ddf3120");
accessPackageAssignmentPolicy.setAccessPackage(accessPackage);
AccessPackageAssignmentPolicy result = graphClient.identityGovernance().entitlementManagement().assignmentPolicies().post(accessPackageAssignmentPolicy);
プロジェクトに SDK を追加し、authProvider インスタンスを作成する方法の詳細については、SDK のドキュメントを参照してください。
const options = {
authProvider,
};
const client = Client.init(options);
const accessPackageAssignmentPolicy = {
displayName: 'A Policy With Questions',
description: '',
allowedTargetScope: 'allMemberUsers',
expiration: {
type: 'noExpiration'
},
requestorSettings: {
enableTargetsToSelfAddAccess: 'true',
enableTargetsToSelfUpdateAccess: 'true',
enableTargetsToSelfRemoveAccess: 'true'
},
requestApprovalSettings: {
isApprovalRequiredForAdd: 'true',
isApprovalRequiredForUpdate: 'true',
stages: [
{
durationBeforeAutomaticDenial: 'P7D',
isApproverJustificationRequired: 'false',
isEscalationEnabled: 'false',
fallbackPrimaryApprovers: [],
escalationApprovers: [],
fallbackEscalationApprovers: [],
primaryApprovers: [
{
'@odata.type': '#microsoft.graph.singleUser',
userId: '08a551cb-575a-4343-b914-f6e42798bd20'
}
]
}
]
},
questions: [
{
'@odata.type': '#microsoft.graph.accessPackageMultipleChoiceQuestion',
sequence: '1',
isRequired: 'true',
isAnswerEditable: 'true',
text: 'What country are you working from?',
isMultipleSelectionAllowed: 'false',
choices: [
{
'@odata.type': 'microsoft.graph.accessPackageAnswerChoice',
actualValue: 'KE',
text: 'Kenya'
},
{
'@odata.type': 'microsoft.graph.accessPackageAnswerChoice',
actualValue: 'US',
text: 'United States'
},
{
'@odata.type': 'microsoft.graph.accessPackageAnswerChoice',
actualValue: 'GY',
text: 'Guyana'
},
{
'@odata.type': 'microsoft.graph.accessPackageAnswerChoice',
actualValue: 'BD',
text: 'Bangladesh'
},
{
'@odata.type': 'microsoft.graph.accessPackageAnswerChoice',
actualValue: 'JP',
text: 'Japan'
}
]
},
{
'@odata.type': '#microsoft.graph.accessPackageTextInputQuestion',
sequence: '2',
isRequired: 'true',
isAnswerEditable: 'true',
text: 'What do you do for work?',
localizations: [
{
languageCode: 'fr-CA',
text: 'Que fais-tu comme travail?'
}
],
isSingleLineQuestion: 'false',
regexPattern: '[a-zA-Z]+[a-zA-Z\\s]*'
}
],
accessPackage: {
id: '977c7ff4-ef8f-4910-9d31-49048ddf3120'
}
};
await client.api('/identityGovernance/entitlementManagement/assignmentPolicies')
.post(accessPackageAssignmentPolicy);
プロジェクトに SDK を追加し、authProvider インスタンスを作成する方法の詳細については、SDK のドキュメントを参照してください。
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\AccessPackageAssignmentPolicy;
use Microsoft\Graph\Generated\Models\AllowedTargetScope;
use Microsoft\Graph\Generated\Models\ExpirationPattern;
use Microsoft\Graph\Generated\Models\ExpirationPatternType;
use Microsoft\Graph\Generated\Models\AccessPackageAssignmentRequestorSettings;
use Microsoft\Graph\Generated\Models\AccessPackageAssignmentApprovalSettings;
use Microsoft\Graph\Generated\Models\AccessPackageApprovalStage;
use Microsoft\Graph\Generated\Models\SubjectSet;
use Microsoft\Graph\Generated\Models\SingleUser;
use Microsoft\Graph\Generated\Models\AccessPackageQuestion;
use Microsoft\Graph\Generated\Models\AccessPackageMultipleChoiceQuestion;
use Microsoft\Graph\Generated\Models\AccessPackageAnswerChoice;
use Microsoft\Graph\Generated\Models\AccessPackageTextInputQuestion;
use Microsoft\Graph\Generated\Models\AccessPackageLocalizedText;
use Microsoft\Graph\Generated\Models\AccessPackage;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new AccessPackageAssignmentPolicy();
$requestBody->setDisplayName('A Policy With Questions');
$requestBody->setDescription('');
$requestBody->setAllowedTargetScope(new AllowedTargetScope('allMemberUsers'));
$expiration = new ExpirationPattern();
$expiration->setType(new ExpirationPatternType('noExpiration'));
$requestBody->setExpiration($expiration);
$requestorSettings = new AccessPackageAssignmentRequestorSettings();
$requestorSettings->setEnableTargetsToSelfAddAccess(true);
$requestorSettings->setEnableTargetsToSelfUpdateAccess(true);
$requestorSettings->setEnableTargetsToSelfRemoveAccess(true);
$requestBody->setRequestorSettings($requestorSettings);
$requestApprovalSettings = new AccessPackageAssignmentApprovalSettings();
$requestApprovalSettings->setIsApprovalRequiredForAdd(true);
$requestApprovalSettings->setIsApprovalRequiredForUpdate(true);
$stagesAccessPackageApprovalStage1 = new AccessPackageApprovalStage();
$stagesAccessPackageApprovalStage1->setDurationBeforeAutomaticDenial(new \DateInterval('P7D'));
$stagesAccessPackageApprovalStage1->setIsApproverJustificationRequired(false);
$stagesAccessPackageApprovalStage1->setIsEscalationEnabled(false);
$stagesAccessPackageApprovalStage1->setFallbackPrimaryApprovers([ ]);
$stagesAccessPackageApprovalStage1->setEscalationApprovers([ ]);
$stagesAccessPackageApprovalStage1->setFallbackEscalationApprovers([ ]);
$primaryApproversSubjectSet1 = new SingleUser();
$primaryApproversSubjectSet1->setOdataType('#microsoft.graph.singleUser');
$primaryApproversSubjectSet1->setUserId('08a551cb-575a-4343-b914-f6e42798bd20');
$primaryApproversArray []= $primaryApproversSubjectSet1;
$stagesAccessPackageApprovalStage1->setPrimaryApprovers($primaryApproversArray);
$stagesArray []= $stagesAccessPackageApprovalStage1;
$requestApprovalSettings->setStages($stagesArray);
$requestBody->setRequestApprovalSettings($requestApprovalSettings);
$questionsAccessPackageQuestion1 = new AccessPackageMultipleChoiceQuestion();
$questionsAccessPackageQuestion1->setOdataType('#microsoft.graph.accessPackageMultipleChoiceQuestion');
$questionsAccessPackageQuestion1->setSequence(1);
$questionsAccessPackageQuestion1->setIsRequired(true);
$questionsAccessPackageQuestion1->setIsAnswerEditable(true);
$questionsAccessPackageQuestion1->setText('What country are you working from?');
$questionsAccessPackageQuestion1->setIsMultipleSelectionAllowed(false);
$choicesAccessPackageAnswerChoice1 = new AccessPackageAnswerChoice();
$choicesAccessPackageAnswerChoice1->setOdataType('microsoft.graph.accessPackageAnswerChoice');
$choicesAccessPackageAnswerChoice1->setActualValue('KE');
$choicesAccessPackageAnswerChoice1->setText('Kenya');
$choicesArray []= $choicesAccessPackageAnswerChoice1;
$choicesAccessPackageAnswerChoice2 = new AccessPackageAnswerChoice();
$choicesAccessPackageAnswerChoice2->setOdataType('microsoft.graph.accessPackageAnswerChoice');
$choicesAccessPackageAnswerChoice2->setActualValue('US');
$choicesAccessPackageAnswerChoice2->setText('United States');
$choicesArray []= $choicesAccessPackageAnswerChoice2;
$choicesAccessPackageAnswerChoice3 = new AccessPackageAnswerChoice();
$choicesAccessPackageAnswerChoice3->setOdataType('microsoft.graph.accessPackageAnswerChoice');
$choicesAccessPackageAnswerChoice3->setActualValue('GY');
$choicesAccessPackageAnswerChoice3->setText('Guyana');
$choicesArray []= $choicesAccessPackageAnswerChoice3;
$choicesAccessPackageAnswerChoice4 = new AccessPackageAnswerChoice();
$choicesAccessPackageAnswerChoice4->setOdataType('microsoft.graph.accessPackageAnswerChoice');
$choicesAccessPackageAnswerChoice4->setActualValue('BD');
$choicesAccessPackageAnswerChoice4->setText('Bangladesh');
$choicesArray []= $choicesAccessPackageAnswerChoice4;
$choicesAccessPackageAnswerChoice5 = new AccessPackageAnswerChoice();
$choicesAccessPackageAnswerChoice5->setOdataType('microsoft.graph.accessPackageAnswerChoice');
$choicesAccessPackageAnswerChoice5->setActualValue('JP');
$choicesAccessPackageAnswerChoice5->setText('Japan');
$choicesArray []= $choicesAccessPackageAnswerChoice5;
$questionsAccessPackageQuestion1->setChoices($choicesArray);
$questionsArray []= $questionsAccessPackageQuestion1;
$questionsAccessPackageQuestion2 = new AccessPackageTextInputQuestion();
$questionsAccessPackageQuestion2->setOdataType('#microsoft.graph.accessPackageTextInputQuestion');
$questionsAccessPackageQuestion2->setSequence(2);
$questionsAccessPackageQuestion2->setIsRequired(true);
$questionsAccessPackageQuestion2->setIsAnswerEditable(true);
$questionsAccessPackageQuestion2->setText('What do you do for work?');
$localizationsAccessPackageLocalizedText1 = new AccessPackageLocalizedText();
$localizationsAccessPackageLocalizedText1->setLanguageCode('fr-CA');
$localizationsAccessPackageLocalizedText1->setText('Que fais-tu comme travail?');
$localizationsArray []= $localizationsAccessPackageLocalizedText1;
$questionsAccessPackageQuestion2->setLocalizations($localizationsArray);
$questionsAccessPackageQuestion2->setIsSingleLineQuestion(false);
$questionsAccessPackageQuestion2->setRegexPattern('[a-zA-Z]+[a-zA-Z\s]*');
$questionsArray []= $questionsAccessPackageQuestion2;
$requestBody->setQuestions($questionsArray);
$accessPackage = new AccessPackage();
$accessPackage->setId('977c7ff4-ef8f-4910-9d31-49048ddf3120');
$requestBody->setAccessPackage($accessPackage);
$result = $graphServiceClient->identityGovernance()->entitlementManagement()->assignmentPolicies()->post($requestBody)->wait();
プロジェクトに SDK を追加し、authProvider インスタンスを作成する方法の詳細については、SDK のドキュメントを参照してください。
Import-Module Microsoft.Graph.Identity.Governance
$params = @{
displayName = "A Policy With Questions"
description = ""
allowedTargetScope = "allMemberUsers"
expiration = @{
type = "noExpiration"
}
requestorSettings = @{
enableTargetsToSelfAddAccess = "true"
enableTargetsToSelfUpdateAccess = "true"
enableTargetsToSelfRemoveAccess = "true"
}
requestApprovalSettings = @{
isApprovalRequiredForAdd = "true"
isApprovalRequiredForUpdate = "true"
stages = @(
@{
durationBeforeAutomaticDenial = "P7D"
isApproverJustificationRequired = "false"
isEscalationEnabled = "false"
fallbackPrimaryApprovers = @(
)
escalationApprovers = @(
)
fallbackEscalationApprovers = @(
)
primaryApprovers = @(
@{
"@odata.type" = "#microsoft.graph.singleUser"
userId = "08a551cb-575a-4343-b914-f6e42798bd20"
}
)
}
)
}
questions = @(
@{
"@odata.type" = "#microsoft.graph.accessPackageMultipleChoiceQuestion"
sequence = "1"
isRequired = "true"
isAnswerEditable = "true"
text = "What country are you working from?"
isMultipleSelectionAllowed = "false"
choices = @(
@{
"@odata.type" = "microsoft.graph.accessPackageAnswerChoice"
actualValue = "KE"
text = "Kenya"
}
@{
"@odata.type" = "microsoft.graph.accessPackageAnswerChoice"
actualValue = "US"
text = "United States"
}
@{
"@odata.type" = "microsoft.graph.accessPackageAnswerChoice"
actualValue = "GY"
text = "Guyana"
}
@{
"@odata.type" = "microsoft.graph.accessPackageAnswerChoice"
actualValue = "BD"
text = "Bangladesh"
}
@{
"@odata.type" = "microsoft.graph.accessPackageAnswerChoice"
actualValue = "JP"
text = "Japan"
}
)
}
@{
"@odata.type" = "#microsoft.graph.accessPackageTextInputQuestion"
sequence = "2"
isRequired = "true"
isAnswerEditable = "true"
text = "What do you do for work?"
localizations = @(
@{
languageCode = "fr-CA"
text = "Que fais-tu comme travail?"
}
)
isSingleLineQuestion = "false"
regexPattern = "[a-zA-Z]+[a-zA-Z\s]*"
}
)
accessPackage = @{
id = "977c7ff4-ef8f-4910-9d31-49048ddf3120"
}
}
New-MgEntitlementManagementAssignmentPolicy -BodyParameter $params
プロジェクトに SDK を追加し、authProvider インスタンスを作成する方法の詳細については、SDK のドキュメントを参照してください。
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.models.access_package_assignment_policy import AccessPackageAssignmentPolicy
from msgraph.generated.models.allowed_target_scope import AllowedTargetScope
from msgraph.generated.models.expiration_pattern import ExpirationPattern
from msgraph.generated.models.expiration_pattern_type import ExpirationPatternType
from msgraph.generated.models.access_package_assignment_requestor_settings import AccessPackageAssignmentRequestorSettings
from msgraph.generated.models.access_package_assignment_approval_settings import AccessPackageAssignmentApprovalSettings
from msgraph.generated.models.access_package_approval_stage import AccessPackageApprovalStage
from msgraph.generated.models.subject_set import SubjectSet
from msgraph.generated.models.single_user import SingleUser
from msgraph.generated.models.access_package_question import AccessPackageQuestion
from msgraph.generated.models.access_package_multiple_choice_question import AccessPackageMultipleChoiceQuestion
from msgraph.generated.models.access_package_answer_choice import AccessPackageAnswerChoice
from msgraph.generated.models.access_package_text_input_question import AccessPackageTextInputQuestion
from msgraph.generated.models.access_package_localized_text import AccessPackageLocalizedText
from msgraph.generated.models.access_package import AccessPackage
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = AccessPackageAssignmentPolicy(
display_name = "A Policy With Questions",
description = "",
allowed_target_scope = AllowedTargetScope.AllMemberUsers,
expiration = ExpirationPattern(
type = ExpirationPatternType.NoExpiration,
),
requestor_settings = AccessPackageAssignmentRequestorSettings(
enable_targets_to_self_add_access = True,
enable_targets_to_self_update_access = True,
enable_targets_to_self_remove_access = True,
),
request_approval_settings = AccessPackageAssignmentApprovalSettings(
is_approval_required_for_add = True,
is_approval_required_for_update = True,
stages = [
AccessPackageApprovalStage(
duration_before_automatic_denial = "P7D",
is_approver_justification_required = False,
is_escalation_enabled = False,
fallback_primary_approvers = [
],
escalation_approvers = [
],
fallback_escalation_approvers = [
],
primary_approvers = [
SingleUser(
odata_type = "#microsoft.graph.singleUser",
user_id = "08a551cb-575a-4343-b914-f6e42798bd20",
),
],
),
],
),
questions = [
AccessPackageMultipleChoiceQuestion(
odata_type = "#microsoft.graph.accessPackageMultipleChoiceQuestion",
sequence = 1,
is_required = True,
is_answer_editable = True,
text = "What country are you working from?",
is_multiple_selection_allowed = False,
choices = [
AccessPackageAnswerChoice(
odata_type = "microsoft.graph.accessPackageAnswerChoice",
actual_value = "KE",
text = "Kenya",
),
AccessPackageAnswerChoice(
odata_type = "microsoft.graph.accessPackageAnswerChoice",
actual_value = "US",
text = "United States",
),
AccessPackageAnswerChoice(
odata_type = "microsoft.graph.accessPackageAnswerChoice",
actual_value = "GY",
text = "Guyana",
),
AccessPackageAnswerChoice(
odata_type = "microsoft.graph.accessPackageAnswerChoice",
actual_value = "BD",
text = "Bangladesh",
),
AccessPackageAnswerChoice(
odata_type = "microsoft.graph.accessPackageAnswerChoice",
actual_value = "JP",
text = "Japan",
),
],
),
AccessPackageTextInputQuestion(
odata_type = "#microsoft.graph.accessPackageTextInputQuestion",
sequence = 2,
is_required = True,
is_answer_editable = True,
text = "What do you do for work?",
localizations = [
AccessPackageLocalizedText(
language_code = "fr-CA",
text = "Que fais-tu comme travail?",
),
],
is_single_line_question = False,
regex_pattern = "[a-zA-Z]+[a-zA-Z\s]*",
),
],
access_package = AccessPackage(
id = "977c7ff4-ef8f-4910-9d31-49048ddf3120",
),
)
result = await graph_client.identity_governance.entitlement_management.assignment_policies.post(request_body)
プロジェクトに SDK を追加し、authProvider インスタンスを作成する方法の詳細については、SDK のドキュメントを参照してください。
応答
注: ここに示す応答オブジェクトは、読みやすさのために短縮されている場合があります。
HTTP/1.1 201 Created
Content-Type: application/json
{
"id": "24e5711e-92f0-41e2-912d-9f4e005f36cc",
"displayName": "A Policy With Questions",
"allowedTargetScope": "allMemberUsers",
"createdDateTime": "2022-09-30T20:32:07.1949218Z",
"modifiedDateTime": "2022-09-30T20:32:07.4173893Z",
}
例 5: ポリシーを作成し、定義済みのアクセス パッケージカスタム拡張機能をトリガーするステージを指定する
次の例では、定義済みの accessPackageCustomWorkflowExtension オブジェクトは、アクセス パッケージの割り当て要求の作成または承認によってトリガーされます。 customExtension プロパティの識別子は、accessPackageCustomWorkflowExtension オブジェクトの ID に対応します。
要求
次の例は要求を示しています。
POST https://graph.microsoft.com/v1.0/identityGovernance/entitlementManagement/assignmentPolicies/
Content-type: application/json
{
"displayName": "customExtensionStageSettings policy",
"description": "policy with specified stages for custom extension assignment",
"allowedTargetScope": "notSpecified",
"specificAllowedTargets": [],
"expiration": {
"endDateTime": null,
"duration": null,
"type": "noExpiration"
},
"requestorSettings": {
"enableTargetsToSelfAddAccess": false,
"enableTargetsToSelfUpdateAccess": false,
"enableTargetsToSelfRemoveAccess": false,
"allowCustomAssignmentSchedule": true,
"enableOnBehalfRequestorsToAddAccess": false,
"enableOnBehalfRequestorsToUpdateAccess": false,
"enableOnBehalfRequestorsToRemoveAccess": false,
"onBehalfRequestors": []
},
"requestApprovalSettings": {
"isApprovalRequiredForAdd": false,
"isApprovalRequiredForUpdate": false,
"stages": []
},
"accessPackage": {
"id": "5ad1eb64-15f7-4614-b419-05d11ee266bf"
},
"customExtensionStageSettings": [
{
"stage": "assignmentRequestCreated",
"customExtension": {
"@odata.type": "#microsoft.graph.accessPackageAssignmentRequestWorkflowExtension",
"id": "bebe7873-1f0d-4db9-b6c3-01f7ebfe8476"
}
}
]
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Models;
var requestBody = new AccessPackageAssignmentPolicy
{
DisplayName = "customExtensionStageSettings policy",
Description = "policy with specified stages for custom extension assignment",
AllowedTargetScope = AllowedTargetScope.NotSpecified,
SpecificAllowedTargets = new List<SubjectSet>
{
},
Expiration = new ExpirationPattern
{
EndDateTime = null,
Duration = null,
Type = ExpirationPatternType.NoExpiration,
},
RequestorSettings = new AccessPackageAssignmentRequestorSettings
{
EnableTargetsToSelfAddAccess = false,
EnableTargetsToSelfUpdateAccess = false,
EnableTargetsToSelfRemoveAccess = false,
AllowCustomAssignmentSchedule = true,
EnableOnBehalfRequestorsToAddAccess = false,
EnableOnBehalfRequestorsToUpdateAccess = false,
EnableOnBehalfRequestorsToRemoveAccess = false,
OnBehalfRequestors = new List<SubjectSet>
{
},
},
RequestApprovalSettings = new AccessPackageAssignmentApprovalSettings
{
IsApprovalRequiredForAdd = false,
IsApprovalRequiredForUpdate = false,
Stages = new List<AccessPackageApprovalStage>
{
},
},
AccessPackage = new AccessPackage
{
Id = "5ad1eb64-15f7-4614-b419-05d11ee266bf",
},
CustomExtensionStageSettings = new List<CustomExtensionStageSetting>
{
new CustomExtensionStageSetting
{
Stage = AccessPackageCustomExtensionStage.AssignmentRequestCreated,
CustomExtension = new AccessPackageAssignmentRequestWorkflowExtension
{
OdataType = "#microsoft.graph.accessPackageAssignmentRequestWorkflowExtension",
Id = "bebe7873-1f0d-4db9-b6c3-01f7ebfe8476",
},
},
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.EntitlementManagement.AssignmentPolicies.PostAsync(requestBody);
プロジェクトに SDK を追加し、authProvider インスタンスを作成する方法の詳細については、SDK のドキュメントを参照してください。
mgc identity-governance entitlement-management assignment-policies create --body '{\
"displayName": "customExtensionStageSettings policy",\
"description": "policy with specified stages for custom extension assignment",\
"allowedTargetScope": "notSpecified",\
"specificAllowedTargets": [],\
"expiration": {\
"endDateTime": null,\
"duration": null,\
"type": "noExpiration"\
},\
"requestorSettings": {\
"enableTargetsToSelfAddAccess": false,\
"enableTargetsToSelfUpdateAccess": false,\
"enableTargetsToSelfRemoveAccess": false,\
"allowCustomAssignmentSchedule": true,\
"enableOnBehalfRequestorsToAddAccess": false,\
"enableOnBehalfRequestorsToUpdateAccess": false,\
"enableOnBehalfRequestorsToRemoveAccess": false,\
"onBehalfRequestors": []\
},\
"requestApprovalSettings": {\
"isApprovalRequiredForAdd": false,\
"isApprovalRequiredForUpdate": false,\
"stages": []\
},\
"accessPackage": {\
"id": "5ad1eb64-15f7-4614-b419-05d11ee266bf"\
},\
"customExtensionStageSettings": [\
{\
"stage": "assignmentRequestCreated",\
"customExtension": {\
"@odata.type": "#microsoft.graph.accessPackageAssignmentRequestWorkflowExtension",\
"id": "bebe7873-1f0d-4db9-b6c3-01f7ebfe8476"\
}\
}\
]\
}\
'
プロジェクトに SDK を追加し、authProvider インスタンスを作成する方法の詳細については、SDK のドキュメントを参照してください。
// Code snippets are only available for the latest major version. Current major version is $v1.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewAccessPackageAssignmentPolicy()
displayName := "customExtensionStageSettings policy"
requestBody.SetDisplayName(&displayName)
description := "policy with specified stages for custom extension assignment"
requestBody.SetDescription(&description)
allowedTargetScope := graphmodels.NOTSPECIFIED_ALLOWEDTARGETSCOPE
requestBody.SetAllowedTargetScope(&allowedTargetScope)
specificAllowedTargets := []graphmodels.SubjectSetable {
}
requestBody.SetSpecificAllowedTargets(specificAllowedTargets)
expiration := graphmodels.NewExpirationPattern()
endDateTime := null
expiration.SetEndDateTime(&endDateTime)
duration := null
expiration.SetDuration(&duration)
type := graphmodels.NOEXPIRATION_EXPIRATIONPATTERNTYPE
expiration.SetType(&type)
requestBody.SetExpiration(expiration)
requestorSettings := graphmodels.NewAccessPackageAssignmentRequestorSettings()
enableTargetsToSelfAddAccess := false
requestorSettings.SetEnableTargetsToSelfAddAccess(&enableTargetsToSelfAddAccess)
enableTargetsToSelfUpdateAccess := false
requestorSettings.SetEnableTargetsToSelfUpdateAccess(&enableTargetsToSelfUpdateAccess)
enableTargetsToSelfRemoveAccess := false
requestorSettings.SetEnableTargetsToSelfRemoveAccess(&enableTargetsToSelfRemoveAccess)
allowCustomAssignmentSchedule := true
requestorSettings.SetAllowCustomAssignmentSchedule(&allowCustomAssignmentSchedule)
enableOnBehalfRequestorsToAddAccess := false
requestorSettings.SetEnableOnBehalfRequestorsToAddAccess(&enableOnBehalfRequestorsToAddAccess)
enableOnBehalfRequestorsToUpdateAccess := false
requestorSettings.SetEnableOnBehalfRequestorsToUpdateAccess(&enableOnBehalfRequestorsToUpdateAccess)
enableOnBehalfRequestorsToRemoveAccess := false
requestorSettings.SetEnableOnBehalfRequestorsToRemoveAccess(&enableOnBehalfRequestorsToRemoveAccess)
onBehalfRequestors := []graphmodels.SubjectSetable {
}
requestorSettings.SetOnBehalfRequestors(onBehalfRequestors)
requestBody.SetRequestorSettings(requestorSettings)
requestApprovalSettings := graphmodels.NewAccessPackageAssignmentApprovalSettings()
isApprovalRequiredForAdd := false
requestApprovalSettings.SetIsApprovalRequiredForAdd(&isApprovalRequiredForAdd)
isApprovalRequiredForUpdate := false
requestApprovalSettings.SetIsApprovalRequiredForUpdate(&isApprovalRequiredForUpdate)
stages := []graphmodels.AccessPackageApprovalStageable {
}
requestApprovalSettings.SetStages(stages)
requestBody.SetRequestApprovalSettings(requestApprovalSettings)
accessPackage := graphmodels.NewAccessPackage()
id := "5ad1eb64-15f7-4614-b419-05d11ee266bf"
accessPackage.SetId(&id)
requestBody.SetAccessPackage(accessPackage)
customExtensionStageSetting := graphmodels.NewCustomExtensionStageSetting()
stage := graphmodels.ASSIGNMENTREQUESTCREATED_ACCESSPACKAGECUSTOMEXTENSIONSTAGE
customExtensionStageSetting.SetStage(&stage)
customExtension := graphmodels.NewAccessPackageAssignmentRequestWorkflowExtension()
id := "bebe7873-1f0d-4db9-b6c3-01f7ebfe8476"
customExtension.SetId(&id)
customExtensionStageSetting.SetCustomExtension(customExtension)
customExtensionStageSettings := []graphmodels.CustomExtensionStageSettingable {
customExtensionStageSetting,
}
requestBody.SetCustomExtensionStageSettings(customExtensionStageSettings)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
assignmentPolicies, err := graphClient.IdentityGovernance().EntitlementManagement().AssignmentPolicies().Post(context.Background(), requestBody, nil)
プロジェクトに SDK を追加し、authProvider インスタンスを作成する方法の詳細については、SDK のドキュメントを参照してください。
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
AccessPackageAssignmentPolicy accessPackageAssignmentPolicy = new AccessPackageAssignmentPolicy();
accessPackageAssignmentPolicy.setDisplayName("customExtensionStageSettings policy");
accessPackageAssignmentPolicy.setDescription("policy with specified stages for custom extension assignment");
accessPackageAssignmentPolicy.setAllowedTargetScope(AllowedTargetScope.NotSpecified);
LinkedList<SubjectSet> specificAllowedTargets = new LinkedList<SubjectSet>();
accessPackageAssignmentPolicy.setSpecificAllowedTargets(specificAllowedTargets);
ExpirationPattern expiration = new ExpirationPattern();
expiration.setEndDateTime(null);
expiration.setDuration(null);
expiration.setType(ExpirationPatternType.NoExpiration);
accessPackageAssignmentPolicy.setExpiration(expiration);
AccessPackageAssignmentRequestorSettings requestorSettings = new AccessPackageAssignmentRequestorSettings();
requestorSettings.setEnableTargetsToSelfAddAccess(false);
requestorSettings.setEnableTargetsToSelfUpdateAccess(false);
requestorSettings.setEnableTargetsToSelfRemoveAccess(false);
requestorSettings.setAllowCustomAssignmentSchedule(true);
requestorSettings.setEnableOnBehalfRequestorsToAddAccess(false);
requestorSettings.setEnableOnBehalfRequestorsToUpdateAccess(false);
requestorSettings.setEnableOnBehalfRequestorsToRemoveAccess(false);
LinkedList<SubjectSet> onBehalfRequestors = new LinkedList<SubjectSet>();
requestorSettings.setOnBehalfRequestors(onBehalfRequestors);
accessPackageAssignmentPolicy.setRequestorSettings(requestorSettings);
AccessPackageAssignmentApprovalSettings requestApprovalSettings = new AccessPackageAssignmentApprovalSettings();
requestApprovalSettings.setIsApprovalRequiredForAdd(false);
requestApprovalSettings.setIsApprovalRequiredForUpdate(false);
LinkedList<AccessPackageApprovalStage> stages = new LinkedList<AccessPackageApprovalStage>();
requestApprovalSettings.setStages(stages);
accessPackageAssignmentPolicy.setRequestApprovalSettings(requestApprovalSettings);
AccessPackage accessPackage = new AccessPackage();
accessPackage.setId("5ad1eb64-15f7-4614-b419-05d11ee266bf");
accessPackageAssignmentPolicy.setAccessPackage(accessPackage);
LinkedList<CustomExtensionStageSetting> customExtensionStageSettings = new LinkedList<CustomExtensionStageSetting>();
CustomExtensionStageSetting customExtensionStageSetting = new CustomExtensionStageSetting();
customExtensionStageSetting.setStage(AccessPackageCustomExtensionStage.AssignmentRequestCreated);
AccessPackageAssignmentRequestWorkflowExtension customExtension = new AccessPackageAssignmentRequestWorkflowExtension();
customExtension.setOdataType("#microsoft.graph.accessPackageAssignmentRequestWorkflowExtension");
customExtension.setId("bebe7873-1f0d-4db9-b6c3-01f7ebfe8476");
customExtensionStageSetting.setCustomExtension(customExtension);
customExtensionStageSettings.add(customExtensionStageSetting);
accessPackageAssignmentPolicy.setCustomExtensionStageSettings(customExtensionStageSettings);
AccessPackageAssignmentPolicy result = graphClient.identityGovernance().entitlementManagement().assignmentPolicies().post(accessPackageAssignmentPolicy);
プロジェクトに SDK を追加し、authProvider インスタンスを作成する方法の詳細については、SDK のドキュメントを参照してください。
const options = {
authProvider,
};
const client = Client.init(options);
const accessPackageAssignmentPolicy = {
displayName: 'customExtensionStageSettings policy',
description: 'policy with specified stages for custom extension assignment',
allowedTargetScope: 'notSpecified',
specificAllowedTargets: [],
expiration: {
endDateTime: null,
duration: null,
type: 'noExpiration'
},
requestorSettings: {
enableTargetsToSelfAddAccess: false,
enableTargetsToSelfUpdateAccess: false,
enableTargetsToSelfRemoveAccess: false,
allowCustomAssignmentSchedule: true,
enableOnBehalfRequestorsToAddAccess: false,
enableOnBehalfRequestorsToUpdateAccess: false,
enableOnBehalfRequestorsToRemoveAccess: false,
onBehalfRequestors: []
},
requestApprovalSettings: {
isApprovalRequiredForAdd: false,
isApprovalRequiredForUpdate: false,
stages: []
},
accessPackage: {
id: '5ad1eb64-15f7-4614-b419-05d11ee266bf'
},
customExtensionStageSettings: [
{
stage: 'assignmentRequestCreated',
customExtension: {
'@odata.type': '#microsoft.graph.accessPackageAssignmentRequestWorkflowExtension',
id: 'bebe7873-1f0d-4db9-b6c3-01f7ebfe8476'
}
}
]
};
await client.api('/identityGovernance/entitlementManagement/assignmentPolicies/')
.post(accessPackageAssignmentPolicy);
プロジェクトに SDK を追加し、authProvider インスタンスを作成する方法の詳細については、SDK のドキュメントを参照してください。
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\AccessPackageAssignmentPolicy;
use Microsoft\Graph\Generated\Models\AllowedTargetScope;
use Microsoft\Graph\Generated\Models\SubjectSet;
use Microsoft\Graph\Generated\Models\ExpirationPattern;
use Microsoft\Graph\Generated\Models\ExpirationPatternType;
use Microsoft\Graph\Generated\Models\AccessPackageAssignmentRequestorSettings;
use Microsoft\Graph\Generated\Models\AccessPackageAssignmentApprovalSettings;
use Microsoft\Graph\Generated\Models\AccessPackageApprovalStage;
use Microsoft\Graph\Generated\Models\AccessPackage;
use Microsoft\Graph\Generated\Models\CustomExtensionStageSetting;
use Microsoft\Graph\Generated\Models\AccessPackageCustomExtensionStage;
use Microsoft\Graph\Generated\Models\AccessPackageAssignmentRequestWorkflowExtension;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new AccessPackageAssignmentPolicy();
$requestBody->setDisplayName('customExtensionStageSettings policy');
$requestBody->setDescription('policy with specified stages for custom extension assignment');
$requestBody->setAllowedTargetScope(new AllowedTargetScope('notSpecified'));
$requestBody->setSpecificAllowedTargets([ ]);
$expiration = new ExpirationPattern();
$expiration->setEndDateTime(null);
$expiration->setDuration(null);
$expiration->setType(new ExpirationPatternType('noExpiration'));
$requestBody->setExpiration($expiration);
$requestorSettings = new AccessPackageAssignmentRequestorSettings();
$requestorSettings->setEnableTargetsToSelfAddAccess(false);
$requestorSettings->setEnableTargetsToSelfUpdateAccess(false);
$requestorSettings->setEnableTargetsToSelfRemoveAccess(false);
$requestorSettings->setAllowCustomAssignmentSchedule(true);
$requestorSettings->setEnableOnBehalfRequestorsToAddAccess(false);
$requestorSettings->setEnableOnBehalfRequestorsToUpdateAccess(false);
$requestorSettings->setEnableOnBehalfRequestorsToRemoveAccess(false);
$requestorSettings->setOnBehalfRequestors([ ]);
$requestBody->setRequestorSettings($requestorSettings);
$requestApprovalSettings = new AccessPackageAssignmentApprovalSettings();
$requestApprovalSettings->setIsApprovalRequiredForAdd(false);
$requestApprovalSettings->setIsApprovalRequiredForUpdate(false);
$requestApprovalSettings->setStages([ ]);
$requestBody->setRequestApprovalSettings($requestApprovalSettings);
$accessPackage = new AccessPackage();
$accessPackage->setId('5ad1eb64-15f7-4614-b419-05d11ee266bf');
$requestBody->setAccessPackage($accessPackage);
$customExtensionStageSettingsCustomExtensionStageSetting1 = new CustomExtensionStageSetting();
$customExtensionStageSettingsCustomExtensionStageSetting1->setStage(new AccessPackageCustomExtensionStage('assignmentRequestCreated'));
$customExtensionStageSettingsCustomExtensionStageSetting1CustomExtension = new AccessPackageAssignmentRequestWorkflowExtension();
$customExtensionStageSettingsCustomExtensionStageSetting1CustomExtension->setOdataType('#microsoft.graph.accessPackageAssignmentRequestWorkflowExtension');
$customExtensionStageSettingsCustomExtensionStageSetting1CustomExtension->setId('bebe7873-1f0d-4db9-b6c3-01f7ebfe8476');
$customExtensionStageSettingsCustomExtensionStageSetting1->setCustomExtension($customExtensionStageSettingsCustomExtensionStageSetting1CustomExtension);
$customExtensionStageSettingsArray []= $customExtensionStageSettingsCustomExtensionStageSetting1;
$requestBody->setCustomExtensionStageSettings($customExtensionStageSettingsArray);
$result = $graphServiceClient->identityGovernance()->entitlementManagement()->assignmentPolicies()->post($requestBody)->wait();
プロジェクトに SDK を追加し、authProvider インスタンスを作成する方法の詳細については、SDK のドキュメントを参照してください。
Import-Module Microsoft.Graph.Identity.Governance
$params = @{
displayName = "customExtensionStageSettings policy"
description = "policy with specified stages for custom extension assignment"
allowedTargetScope = "notSpecified"
specificAllowedTargets = @(
)
expiration = @{
endDateTime = $null
duration = $null
type = "noExpiration"
}
requestorSettings = @{
enableTargetsToSelfAddAccess = $false
enableTargetsToSelfUpdateAccess = $false
enableTargetsToSelfRemoveAccess = $false
allowCustomAssignmentSchedule = $true
enableOnBehalfRequestorsToAddAccess = $false
enableOnBehalfRequestorsToUpdateAccess = $false
enableOnBehalfRequestorsToRemoveAccess = $false
onBehalfRequestors = @(
)
}
requestApprovalSettings = @{
isApprovalRequiredForAdd = $false
isApprovalRequiredForUpdate = $false
stages = @(
)
}
accessPackage = @{
id = "5ad1eb64-15f7-4614-b419-05d11ee266bf"
}
customExtensionStageSettings = @(
@{
stage = "assignmentRequestCreated"
customExtension = @{
"@odata.type" = "#microsoft.graph.accessPackageAssignmentRequestWorkflowExtension"
id = "bebe7873-1f0d-4db9-b6c3-01f7ebfe8476"
}
}
)
}
New-MgEntitlementManagementAssignmentPolicy -BodyParameter $params
プロジェクトに SDK を追加し、authProvider インスタンスを作成する方法の詳細については、SDK のドキュメントを参照してください。
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.models.access_package_assignment_policy import AccessPackageAssignmentPolicy
from msgraph.generated.models.allowed_target_scope import AllowedTargetScope
from msgraph.generated.models.subject_set import SubjectSet
from msgraph.generated.models.expiration_pattern import ExpirationPattern
from msgraph.generated.models.expiration_pattern_type import ExpirationPatternType
from msgraph.generated.models.access_package_assignment_requestor_settings import AccessPackageAssignmentRequestorSettings
from msgraph.generated.models.access_package_assignment_approval_settings import AccessPackageAssignmentApprovalSettings
from msgraph.generated.models.access_package_approval_stage import AccessPackageApprovalStage
from msgraph.generated.models.access_package import AccessPackage
from msgraph.generated.models.custom_extension_stage_setting import CustomExtensionStageSetting
from msgraph.generated.models.access_package_custom_extension_stage import AccessPackageCustomExtensionStage
from msgraph.generated.models.access_package_assignment_request_workflow_extension import AccessPackageAssignmentRequestWorkflowExtension
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = AccessPackageAssignmentPolicy(
display_name = "customExtensionStageSettings policy",
description = "policy with specified stages for custom extension assignment",
allowed_target_scope = AllowedTargetScope.NotSpecified,
specific_allowed_targets = [
],
expiration = ExpirationPattern(
end_date_time = None,
duration = None,
type = ExpirationPatternType.NoExpiration,
),
requestor_settings = AccessPackageAssignmentRequestorSettings(
enable_targets_to_self_add_access = False,
enable_targets_to_self_update_access = False,
enable_targets_to_self_remove_access = False,
allow_custom_assignment_schedule = True,
enable_on_behalf_requestors_to_add_access = False,
enable_on_behalf_requestors_to_update_access = False,
enable_on_behalf_requestors_to_remove_access = False,
on_behalf_requestors = [
],
),
request_approval_settings = AccessPackageAssignmentApprovalSettings(
is_approval_required_for_add = False,
is_approval_required_for_update = False,
stages = [
],
),
access_package = AccessPackage(
id = "5ad1eb64-15f7-4614-b419-05d11ee266bf",
),
custom_extension_stage_settings = [
CustomExtensionStageSetting(
stage = AccessPackageCustomExtensionStage.AssignmentRequestCreated,
custom_extension = AccessPackageAssignmentRequestWorkflowExtension(
odata_type = "#microsoft.graph.accessPackageAssignmentRequestWorkflowExtension",
id = "bebe7873-1f0d-4db9-b6c3-01f7ebfe8476",
),
),
],
)
result = await graph_client.identity_governance.entitlement_management.assignment_policies.post(request_body)
プロジェクトに SDK を追加し、authProvider インスタンスを作成する方法の詳細については、SDK のドキュメントを参照してください。
応答
次の例は応答を示しています。
customExtensionStageSettings オブジェクトは、既定では返されません。 このオブジェクトを取得するには、 get accessPackageAssignmentPolicy メソッドと $expand
を使用します。 詳細については、「 例 2: ポリシーのカスタム拡張機能ステージ設定を取得する」を参照してください。
注: ここに示す応答オブジェクトは、読みやすさのために短縮されている場合があります。
HTTP/1.1 201 Created
Content-type: application/json
{
"id": "d0324cbb-24a2-4edb-acca-fee5384c6a5e",
"displayName": "customExtensionStageSettings policy",
"description": "policy with specified stages for custom extension assignment",
"canExtend": false,
"durationInDays": 0,
"expirationDateTime": null,
"accessPackageId": "5ad1eb64-15f7-4614-b419-05d11ee266bf",
"accessReviewSettings": null,
"questions": [],
"requestorSettings": {
"scopeType": "AllExistingDirectorySubjects",
"acceptRequests": true,
"allowedRequestors": []
},
"requestApprovalSettings": {
"isApprovalRequired": false,
"isApprovalRequiredForExtension": false,
"isRequestorJustificationRequired": false,
"approvalMode": "NoApproval",
"approvalStages": []
},
"customExtensionStageSettings": [
{
"stage": "assignmentRequestCreated",
"customExtension": {
"@odata.type": "#microsoft.graph.accessPackageAssignmentRequestWorkflowExtension",
"id": "bebe7873-1f0d-4db9-b6c3-01f7ebfe8476"
}
}
]
}
フィードバック
このページはお役に立ちましたか?