Referência rápida de operações de API de Gerenciamento de Permissões para sistemas de autorização do GCP
Artigo
As APIs de gerenciamento de permissões permitem descobrir permissões atribuídas a todas as identidades em várias nuvens; permissões de solicitação; aprovar, rejeitar e cancelar solicitações de permissões. Este artigo fornece um guia de referência rápido para operações de API em sistemas de autorização GCP, com suporte por meio das APIs de gerenciamento de permissões.
Obter todos os sistemas de autorização
Liste todos os sistemas de autorização integrados ao Gerenciamento de Permissões.
GET https://graph.microsoft.com/beta/external/authorizationSystems
Filtrar sistemas de autorização pelo nome.
GET https://graph.microsoft.com/beta/external/authorizationSystems?$filter=contains(authorizationSystemName, 'cloud')
Obter um sistema de autorização
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}
Listar sistemas de autorização do GCP
Liste sistemas de autorização do GCP integrados ao Gerenciamento de Permissões filtrando pela propriedade authorizationSystemType .
GET https://graph.microsoft.com/beta/external/authorizationSystems?$filter=authorizationSystemType eq 'gcp'
// Code snippets are only available for the latest version. Current version is 5.x
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.External.AuthorizationSystems.GetAsync((requestConfiguration) =>
{
requestConfiguration.QueryParameters.Filter = "authorizationSystemType eq 'gcp'";
});
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphexternal "github.com/microsoftgraph/msgraph-beta-sdk-go/external"
//other-imports
)
requestFilter := "authorizationSystemType eq 'gcp'"
requestParameters := &graphexternal.ExternalAuthorizationSystemsRequestBuilderGetQueryParameters{
Filter: &requestFilter,
}
configuration := &graphexternal.ExternalAuthorizationSystemsRequestBuilderGetRequestConfiguration{
QueryParameters: requestParameters,
}
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
authorizationSystems, err := graphClient.External().AuthorizationSystems().Get(context.Background(), configuration)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
AuthorizationSystemCollectionResponse result = graphClient.external().authorizationSystems().get(requestConfiguration -> {
requestConfiguration.queryParameters.filter = "authorizationSystemType eq 'gcp'";
});
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.external.authorization_systems.authorization_systems_request_builder import AuthorizationSystemsRequestBuilder
from kiota_abstractions.base_request_configuration import RequestConfiguration
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
query_params = AuthorizationSystemsRequestBuilder.AuthorizationSystemsRequestBuilderGetQueryParameters(
filter = "authorizationSystemType eq 'gcp'",
)
request_configuration = RequestConfiguration(
query_parameters = query_params,
)
result = await graph_client.external.authorization_systems.get(request_configuration = request_configuration)
GET https://graph.microsoft.com/beta/external/authorizationSystems/microsoft.graph.gcpAuthorizationSystem
// Code snippets are only available for the latest version. Current version is 5.x
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.External.AuthorizationSystems["{authorizationSystem-id}"].GetAsync();
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
//other-imports
)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
authorizationSystems, err := graphClient.External().AuthorizationSystems().ByAuthorizationSystemId("authorizationSystem-id").Get(context.Background(), nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
AuthorizationSystem result = graphClient.external().authorizationSystems().byAuthorizationSystemId("{authorizationSystem-id}").get();
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
result = await graph_client.external.authorization_systems.by_authorization_system_id('authorizationSystem-id').get()
GET https://graph.microsoft.com/beta/external/authorizationSystems?$filter=authorizationSystemType eq 'gcp' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/permissionsModificationCapability eq 'enabled' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/status eq 'online'
// Code snippets are only available for the latest version. Current version is 5.x
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.External.AuthorizationSystems.GetAsync((requestConfiguration) =>
{
requestConfiguration.QueryParameters.Filter = "authorizationSystemType eq 'gcp' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/permissionsModificationCapability eq 'enabled' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/status eq 'online'";
});
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphexternal "github.com/microsoftgraph/msgraph-beta-sdk-go/external"
//other-imports
)
requestFilter := "authorizationSystemType eq 'gcp' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/permissionsModificationCapability eq 'enabled' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/status eq 'online'"
requestParameters := &graphexternal.ExternalAuthorizationSystemsRequestBuilderGetQueryParameters{
Filter: &requestFilter,
}
configuration := &graphexternal.ExternalAuthorizationSystemsRequestBuilderGetRequestConfiguration{
QueryParameters: requestParameters,
}
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
authorizationSystems, err := graphClient.External().AuthorizationSystems().Get(context.Background(), configuration)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
AuthorizationSystemCollectionResponse result = graphClient.external().authorizationSystems().get(requestConfiguration -> {
requestConfiguration.queryParameters.filter = "authorizationSystemType eq 'gcp' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/permissionsModificationCapability eq 'enabled' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/status eq 'online'";
});
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.external.authorization_systems.authorization_systems_request_builder import AuthorizationSystemsRequestBuilder
from kiota_abstractions.base_request_configuration import RequestConfiguration
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
query_params = AuthorizationSystemsRequestBuilder.AuthorizationSystemsRequestBuilderGetQueryParameters(
filter = "authorizationSystemType eq 'gcp' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/permissionsModificationCapability eq 'enabled' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/status eq 'online'",
)
request_configuration = RequestConfiguration(
query_parameters = query_params,
)
result = await graph_client.external.authorization_systems.get(request_configuration = request_configuration)
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.gcpAuthorizationSystem/associatedIdentities/all(externalId='{externalId}')
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.gcpAuthorizationSystem/associatedIdentities/serviceAccounts/{id}
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.gcpAuthorizationSystem/associatedIdentities/serviceAccounts(externalId='{externalId}')
POST https://graph.microsoft.com/beta/identityGovernance/permissionsManagement/scheduledPermissionsRequests
Content-Type: application/json
{
"requestedPermissions": {
"@odata.type": "microsoft.graph.singleResourceGcpPermissionsDefinition",
"authorizationSystemInfo": {
"authorizationSystemId": "carbide-bonsai-205017",
"authorizationSystemType": "GCP"
},
"actionInfo": {
"@odata.type": "microsoft.graph.gcpActionPermissionsDefinitionAction",
"actions": [
"aiplatform:dataitems"
]
},
"identityInfo": {
"externalId": "alex@contoso.com",
"source": {
"@odata.type": "microsoft.graph.edIdentitySource"
},
"identityType": "user"
},
"resourceId": "carbide-bonsai-205017"
},
"justification": "I need to do this because I want to code my own chat GPT-3 bot on GCP",
"notes": "Pretty Pleaseeeee",
"scheduleInfo": {
"expiration": {
"duration": "PT1H"
}
},
"ticketInfo": {
"ticketNumber": "INC1234567",
"ticketSystem": "ServiceNow",
"ticketSubmitterIdentityId": "alex@contoso.com",
"ticketApproverIdentityId": "alexmanager@contoso.com"
}
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models;
var requestBody = new ScheduledPermissionsRequest
{
RequestedPermissions = new SingleResourceGcpPermissionsDefinition
{
OdataType = "microsoft.graph.singleResourceGcpPermissionsDefinition",
AuthorizationSystemInfo = new PermissionsDefinitionAuthorizationSystem
{
AuthorizationSystemId = "carbide-bonsai-205017",
AuthorizationSystemType = "GCP",
},
ActionInfo = new GcpActionPermissionsDefinitionAction
{
OdataType = "microsoft.graph.gcpActionPermissionsDefinitionAction",
Actions = new List<string>
{
"aiplatform:dataitems",
},
},
IdentityInfo = new PermissionsDefinitionAuthorizationSystemIdentity
{
ExternalId = "alex@contoso.com",
Source = new EdIdentitySource
{
OdataType = "microsoft.graph.edIdentitySource",
},
IdentityType = PermissionsDefinitionIdentityType.User,
},
ResourceId = "carbide-bonsai-205017",
},
Justification = "I need to do this because I want to code my own chat GPT-3 bot on GCP",
Notes = "Pretty Pleaseeeee",
ScheduleInfo = new RequestSchedule
{
Expiration = new ExpirationPattern
{
Duration = TimeSpan.Parse("PT1H"),
},
},
TicketInfo = new TicketInfo
{
TicketNumber = "INC1234567",
TicketSystem = "ServiceNow",
TicketSubmitterIdentityId = "alex@contoso.com",
TicketApproverIdentityId = "alexmanager@contoso.com",
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.PermissionsManagement.ScheduledPermissionsRequests.PostAsync(requestBody);
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
ScheduledPermissionsRequest scheduledPermissionsRequest = new ScheduledPermissionsRequest();
SingleResourceGcpPermissionsDefinition requestedPermissions = new SingleResourceGcpPermissionsDefinition();
requestedPermissions.setOdataType("microsoft.graph.singleResourceGcpPermissionsDefinition");
PermissionsDefinitionAuthorizationSystem authorizationSystemInfo = new PermissionsDefinitionAuthorizationSystem();
authorizationSystemInfo.setAuthorizationSystemId("carbide-bonsai-205017");
authorizationSystemInfo.setAuthorizationSystemType("GCP");
requestedPermissions.setAuthorizationSystemInfo(authorizationSystemInfo);
GcpActionPermissionsDefinitionAction actionInfo = new GcpActionPermissionsDefinitionAction();
actionInfo.setOdataType("microsoft.graph.gcpActionPermissionsDefinitionAction");
LinkedList<String> actions = new LinkedList<String>();
actions.add("aiplatform:dataitems");
actionInfo.setActions(actions);
requestedPermissions.setActionInfo(actionInfo);
PermissionsDefinitionAuthorizationSystemIdentity identityInfo = new PermissionsDefinitionAuthorizationSystemIdentity();
identityInfo.setExternalId("alex@contoso.com");
EdIdentitySource source = new EdIdentitySource();
source.setOdataType("microsoft.graph.edIdentitySource");
identityInfo.setSource(source);
identityInfo.setIdentityType(PermissionsDefinitionIdentityType.User);
requestedPermissions.setIdentityInfo(identityInfo);
requestedPermissions.setResourceId("carbide-bonsai-205017");
scheduledPermissionsRequest.setRequestedPermissions(requestedPermissions);
scheduledPermissionsRequest.setJustification("I need to do this because I want to code my own chat GPT-3 bot on GCP");
scheduledPermissionsRequest.setNotes("Pretty Pleaseeeee");
RequestSchedule scheduleInfo = new RequestSchedule();
ExpirationPattern expiration = new ExpirationPattern();
PeriodAndDuration duration = PeriodAndDuration.ofDuration(Duration.parse("PT1H"));
expiration.setDuration(duration);
scheduleInfo.setExpiration(expiration);
scheduledPermissionsRequest.setScheduleInfo(scheduleInfo);
TicketInfo ticketInfo = new TicketInfo();
ticketInfo.setTicketNumber("INC1234567");
ticketInfo.setTicketSystem("ServiceNow");
ticketInfo.setTicketSubmitterIdentityId("alex@contoso.com");
ticketInfo.setTicketApproverIdentityId("alexmanager@contoso.com");
scheduledPermissionsRequest.setTicketInfo(ticketInfo);
ScheduledPermissionsRequest result = graphClient.identityGovernance().permissionsManagement().scheduledPermissionsRequests().post(scheduledPermissionsRequest);
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\ScheduledPermissionsRequest;
use Microsoft\Graph\Beta\Generated\Models\SingleResourceGcpPermissionsDefinition;
use Microsoft\Graph\Beta\Generated\Models\PermissionsDefinitionAuthorizationSystem;
use Microsoft\Graph\Beta\Generated\Models\GcpActionPermissionsDefinitionAction;
use Microsoft\Graph\Beta\Generated\Models\PermissionsDefinitionAuthorizationSystemIdentity;
use Microsoft\Graph\Beta\Generated\Models\EdIdentitySource;
use Microsoft\Graph\Beta\Generated\Models\PermissionsDefinitionIdentityType;
use Microsoft\Graph\Beta\Generated\Models\RequestSchedule;
use Microsoft\Graph\Beta\Generated\Models\ExpirationPattern;
use Microsoft\Graph\Beta\Generated\Models\TicketInfo;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new ScheduledPermissionsRequest();
$requestedPermissions = new SingleResourceGcpPermissionsDefinition();
$requestedPermissions->setOdataType('microsoft.graph.singleResourceGcpPermissionsDefinition');
$requestedPermissionsAuthorizationSystemInfo = new PermissionsDefinitionAuthorizationSystem();
$requestedPermissionsAuthorizationSystemInfo->setAuthorizationSystemId('carbide-bonsai-205017');
$requestedPermissionsAuthorizationSystemInfo->setAuthorizationSystemType('GCP');
$requestedPermissions->setAuthorizationSystemInfo($requestedPermissionsAuthorizationSystemInfo);
$requestedPermissionsActionInfo = new GcpActionPermissionsDefinitionAction();
$requestedPermissionsActionInfo->setOdataType('microsoft.graph.gcpActionPermissionsDefinitionAction');
$requestedPermissionsActionInfo->setActions(['aiplatform:dataitems', ]);
$requestedPermissions->setActionInfo($requestedPermissionsActionInfo);
$requestedPermissionsIdentityInfo = new PermissionsDefinitionAuthorizationSystemIdentity();
$requestedPermissionsIdentityInfo->setExternalId('alex@contoso.com');
$requestedPermissionsIdentityInfoSource = new EdIdentitySource();
$requestedPermissionsIdentityInfoSource->setOdataType('microsoft.graph.edIdentitySource');
$requestedPermissionsIdentityInfo->setSource($requestedPermissionsIdentityInfoSource);
$requestedPermissionsIdentityInfo->setIdentityType(new PermissionsDefinitionIdentityType('user'));
$requestedPermissions->setIdentityInfo($requestedPermissionsIdentityInfo);
$requestedPermissions->setResourceId('carbide-bonsai-205017');
$requestBody->setRequestedPermissions($requestedPermissions);
$requestBody->setJustification('I need to do this because I want to code my own chat GPT-3 bot on GCP');
$requestBody->setNotes('Pretty Pleaseeeee');
$scheduleInfo = new RequestSchedule();
$scheduleInfoExpiration = new ExpirationPattern();
$scheduleInfoExpiration->setDuration(new \DateInterval('PT1H'));
$scheduleInfo->setExpiration($scheduleInfoExpiration);
$requestBody->setScheduleInfo($scheduleInfo);
$ticketInfo = new TicketInfo();
$ticketInfo->setTicketNumber('INC1234567');
$ticketInfo->setTicketSystem('ServiceNow');
$ticketInfo->setTicketSubmitterIdentityId('alex@contoso.com');
$ticketInfo->setTicketApproverIdentityId('alexmanager@contoso.com');
$requestBody->setTicketInfo($ticketInfo);
$result = $graphServiceClient->identityGovernance()->permissionsManagement()->scheduledPermissionsRequests()->post($requestBody)->wait();
POST https://graph.microsoft.com/beta/identityGovernance/permissionsManagement/scheduledPermissionsRequests
Content-Type: application/json
{
"requestedPermissions": {
"@odata.type": "microsoft.graph.singleResourceGcpPermissionsDefinition",
"authorizationSystemInfo": {
"authorizationSystemId": "carbide-bonsai-205017",
"authorizationSystemType": "GCP"
},
"actionInfo": {
"@odata.type": "microsoft.graph.gcpRolePermissionsDefinitionAction",
"roles": [
{
"id": "roles/dialogflow.aamAdmin"
}
]
},
"identityInfo": {
"externalId": "alex@contoso.com",
"source": {
"@odata.type": "microsoft.graph.edIdentitySource"
},
"identityType": "user"
},
"resourceId": "carbide-bonsai-205017"
},
"justification": "I need to do this because I want to be an administrator",
"notes": "Pretty Pleaseeeee",
"scheduleInfo": {
"startDateTime": null,
"expiration": {
"duration": "PT1H"
},
"recurrence": null
},
"ticketInfo": {
"ticketNumber": "123456",
"ticketSystem": "ServiceNow",
"ticketSubmitterIdentityId": "alex@contoso.com",
"ticketApproverIdentityId": "alexmanager@contoso.com"
}
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models;
var requestBody = new ScheduledPermissionsRequest
{
RequestedPermissions = new SingleResourceGcpPermissionsDefinition
{
OdataType = "microsoft.graph.singleResourceGcpPermissionsDefinition",
AuthorizationSystemInfo = new PermissionsDefinitionAuthorizationSystem
{
AuthorizationSystemId = "carbide-bonsai-205017",
AuthorizationSystemType = "GCP",
},
ActionInfo = new GcpRolePermissionsDefinitionAction
{
OdataType = "microsoft.graph.gcpRolePermissionsDefinitionAction",
Roles = new List<PermissionsDefinitionGcpRole>
{
new PermissionsDefinitionGcpRole
{
Id = "roles/dialogflow.aamAdmin",
},
},
},
IdentityInfo = new PermissionsDefinitionAuthorizationSystemIdentity
{
ExternalId = "alex@contoso.com",
Source = new EdIdentitySource
{
OdataType = "microsoft.graph.edIdentitySource",
},
IdentityType = PermissionsDefinitionIdentityType.User,
},
ResourceId = "carbide-bonsai-205017",
},
Justification = "I need to do this because I want to be an administrator",
Notes = "Pretty Pleaseeeee",
ScheduleInfo = new RequestSchedule
{
StartDateTime = null,
Expiration = new ExpirationPattern
{
Duration = TimeSpan.Parse("PT1H"),
},
Recurrence = null,
},
TicketInfo = new TicketInfo
{
TicketNumber = "123456",
TicketSystem = "ServiceNow",
TicketSubmitterIdentityId = "alex@contoso.com",
TicketApproverIdentityId = "alexmanager@contoso.com",
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.PermissionsManagement.ScheduledPermissionsRequests.PostAsync(requestBody);
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
ScheduledPermissionsRequest scheduledPermissionsRequest = new ScheduledPermissionsRequest();
SingleResourceGcpPermissionsDefinition requestedPermissions = new SingleResourceGcpPermissionsDefinition();
requestedPermissions.setOdataType("microsoft.graph.singleResourceGcpPermissionsDefinition");
PermissionsDefinitionAuthorizationSystem authorizationSystemInfo = new PermissionsDefinitionAuthorizationSystem();
authorizationSystemInfo.setAuthorizationSystemId("carbide-bonsai-205017");
authorizationSystemInfo.setAuthorizationSystemType("GCP");
requestedPermissions.setAuthorizationSystemInfo(authorizationSystemInfo);
GcpRolePermissionsDefinitionAction actionInfo = new GcpRolePermissionsDefinitionAction();
actionInfo.setOdataType("microsoft.graph.gcpRolePermissionsDefinitionAction");
LinkedList<PermissionsDefinitionGcpRole> roles = new LinkedList<PermissionsDefinitionGcpRole>();
PermissionsDefinitionGcpRole permissionsDefinitionGcpRole = new PermissionsDefinitionGcpRole();
permissionsDefinitionGcpRole.setId("roles/dialogflow.aamAdmin");
roles.add(permissionsDefinitionGcpRole);
actionInfo.setRoles(roles);
requestedPermissions.setActionInfo(actionInfo);
PermissionsDefinitionAuthorizationSystemIdentity identityInfo = new PermissionsDefinitionAuthorizationSystemIdentity();
identityInfo.setExternalId("alex@contoso.com");
EdIdentitySource source = new EdIdentitySource();
source.setOdataType("microsoft.graph.edIdentitySource");
identityInfo.setSource(source);
identityInfo.setIdentityType(PermissionsDefinitionIdentityType.User);
requestedPermissions.setIdentityInfo(identityInfo);
requestedPermissions.setResourceId("carbide-bonsai-205017");
scheduledPermissionsRequest.setRequestedPermissions(requestedPermissions);
scheduledPermissionsRequest.setJustification("I need to do this because I want to be an administrator");
scheduledPermissionsRequest.setNotes("Pretty Pleaseeeee");
RequestSchedule scheduleInfo = new RequestSchedule();
scheduleInfo.setStartDateTime(null);
ExpirationPattern expiration = new ExpirationPattern();
PeriodAndDuration duration = PeriodAndDuration.ofDuration(Duration.parse("PT1H"));
expiration.setDuration(duration);
scheduleInfo.setExpiration(expiration);
scheduleInfo.setRecurrence(null);
scheduledPermissionsRequest.setScheduleInfo(scheduleInfo);
TicketInfo ticketInfo = new TicketInfo();
ticketInfo.setTicketNumber("123456");
ticketInfo.setTicketSystem("ServiceNow");
ticketInfo.setTicketSubmitterIdentityId("alex@contoso.com");
ticketInfo.setTicketApproverIdentityId("alexmanager@contoso.com");
scheduledPermissionsRequest.setTicketInfo(ticketInfo);
ScheduledPermissionsRequest result = graphClient.identityGovernance().permissionsManagement().scheduledPermissionsRequests().post(scheduledPermissionsRequest);
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\ScheduledPermissionsRequest;
use Microsoft\Graph\Beta\Generated\Models\SingleResourceGcpPermissionsDefinition;
use Microsoft\Graph\Beta\Generated\Models\PermissionsDefinitionAuthorizationSystem;
use Microsoft\Graph\Beta\Generated\Models\GcpRolePermissionsDefinitionAction;
use Microsoft\Graph\Beta\Generated\Models\PermissionsDefinitionGcpRole;
use Microsoft\Graph\Beta\Generated\Models\PermissionsDefinitionAuthorizationSystemIdentity;
use Microsoft\Graph\Beta\Generated\Models\EdIdentitySource;
use Microsoft\Graph\Beta\Generated\Models\PermissionsDefinitionIdentityType;
use Microsoft\Graph\Beta\Generated\Models\RequestSchedule;
use Microsoft\Graph\Beta\Generated\Models\ExpirationPattern;
use Microsoft\Graph\Beta\Generated\Models\TicketInfo;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new ScheduledPermissionsRequest();
$requestedPermissions = new SingleResourceGcpPermissionsDefinition();
$requestedPermissions->setOdataType('microsoft.graph.singleResourceGcpPermissionsDefinition');
$requestedPermissionsAuthorizationSystemInfo = new PermissionsDefinitionAuthorizationSystem();
$requestedPermissionsAuthorizationSystemInfo->setAuthorizationSystemId('carbide-bonsai-205017');
$requestedPermissionsAuthorizationSystemInfo->setAuthorizationSystemType('GCP');
$requestedPermissions->setAuthorizationSystemInfo($requestedPermissionsAuthorizationSystemInfo);
$requestedPermissionsActionInfo = new GcpRolePermissionsDefinitionAction();
$requestedPermissionsActionInfo->setOdataType('microsoft.graph.gcpRolePermissionsDefinitionAction');
$rolesPermissionsDefinitionGcpRole1 = new PermissionsDefinitionGcpRole();
$rolesPermissionsDefinitionGcpRole1->setId('roles/dialogflow.aamAdmin');
$rolesArray []= $rolesPermissionsDefinitionGcpRole1;
$requestedPermissionsActionInfo->setRoles($rolesArray);
$requestedPermissions->setActionInfo($requestedPermissionsActionInfo);
$requestedPermissionsIdentityInfo = new PermissionsDefinitionAuthorizationSystemIdentity();
$requestedPermissionsIdentityInfo->setExternalId('alex@contoso.com');
$requestedPermissionsIdentityInfoSource = new EdIdentitySource();
$requestedPermissionsIdentityInfoSource->setOdataType('microsoft.graph.edIdentitySource');
$requestedPermissionsIdentityInfo->setSource($requestedPermissionsIdentityInfoSource);
$requestedPermissionsIdentityInfo->setIdentityType(new PermissionsDefinitionIdentityType('user'));
$requestedPermissions->setIdentityInfo($requestedPermissionsIdentityInfo);
$requestedPermissions->setResourceId('carbide-bonsai-205017');
$requestBody->setRequestedPermissions($requestedPermissions);
$requestBody->setJustification('I need to do this because I want to be an administrator');
$requestBody->setNotes('Pretty Pleaseeeee');
$scheduleInfo = new RequestSchedule();
$scheduleInfo->setStartDateTime(null);
$scheduleInfoExpiration = new ExpirationPattern();
$scheduleInfoExpiration->setDuration(new \DateInterval('PT1H'));
$scheduleInfo->setExpiration($scheduleInfoExpiration);
$scheduleInfo->setRecurrence(null);
$requestBody->setScheduleInfo($scheduleInfo);
$ticketInfo = new TicketInfo();
$ticketInfo->setTicketNumber('123456');
$ticketInfo->setTicketSystem('ServiceNow');
$ticketInfo->setTicketSubmitterIdentityId('alex@contoso.com');
$ticketInfo->setTicketApproverIdentityId('alexmanager@contoso.com');
$requestBody->setTicketInfo($ticketInfo);
$result = $graphServiceClient->identityGovernance()->permissionsManagement()->scheduledPermissionsRequests()->post($requestBody)->wait();
O solicitante ou um administrador podem cancelar uma solicitação aprovada, enquanto apenas o solicitante pode cancelar uma solicitação pendente (statusDetail de submitted) .
POST https://graph.microsoft.com/beta/identityGovernance/permissionsManagement/scheduledPermissionsRequests/{id}/cancelAll
Listar detalhes de todas as solicitações de permissão
GET https://graph.microsoft.com/beta/identityGovernance/permissionsManagement/permissionsRequestChanges
Listar detalhes de todas as solicitações de permissão filtradas pela data em que foram modificadas
GET https://graph.microsoft.com/beta/identityGovernance/permissionsManagement/permissionsRequestChanges?$filter=modificationDateTime gt {t}
Obter detalhes de uma solicitação de permissões
GET https://graph.microsoft.com/beta/identityGovernance/permissionsManagement/permissionsRequestChanges/{id}