Создание определений
Статья 04/04/2024
Участники: 11
Обратная связь
В этой статье
Пространство имен: microsoft.graph
Создайте объект accessReviewScheduleDefinition .
Этот API доступен в следующих национальных облачных развертываниях .
Глобальная служба
Правительство США L4
Правительство США L5 (DOD)
Китай управляется 21Vianet
✅
✅
✅
✅
Разрешения
Выберите разрешение или разрешения, помеченные как наименее привилегированные для этого API. Используйте более привилегированное разрешение или разрешения только в том случае, если это требуется приложению . Дополнительные сведения о делегированных разрешениях и разрешениях приложений см. в разделе Типы разрешений . Дополнительные сведения об этих разрешениях см. в справочнике по разрешениям .
Тип разрешения
Разрешения с наименьшими привилегиями
Более высокие привилегированные разрешения
Делегированные (рабочая или учебная учетная запись)
AccessReview.ReadWrite.All
Недоступно.
Делегированные (личная учетная запись Майкрософт)
Не поддерживается.
Не поддерживается.
Приложение
AccessReview.ReadWrite.All
Недоступно.
Пользователь, вошедшего в систему, также должен быть в роли каталога, которая позволяет ему создавать проверку доступа. Дополнительные сведения см. в разделе Требования к роли и разрешениям для проверок доступа .
HTTP-запрос
POST /identityGovernance/accessReviews/definitions
Текст запроса
В тексте запроса укажите представление объекта accessReviewScheduleDefinition в формате JSON.
В следующей таблице показаны свойства, принятые для создания accessReview.
Свойство
Тип
Описание
additionalNotificationRecipients
коллекция accessReviewNotificationRecipientItem
Определяет список дополнительных пользователей или членов группы, которые будут уведомлены о ходе проверки доступа.
descriptionForAdmins
String
Контекст проверки, предоставляемой администраторам. Обязательно.
descriptionForReviewers
String
Контекст проверки, предоставляемой рецензентам в уведомлениях по электронной почте. Уведомления по электронной почте поддерживают до 256 символов. Обязательно.
displayName
String
Имя ряда проверки доступа. Обязательно.
fallbackReviewers
коллекция accessReviewReviewerScope
Если это указано, резервным рецензентам будет предложено завершить проверку, если основные рецензенты не существуют. Например, если менеджеры выбраны в качестве reviewers , а проверяемая субъект не имеет руководителя с идентификатором Microsoft Entra, рецензентам будет предложено проверить этот субъект. ЗАМЕТКА: Значение этого свойства будет игнорироваться, если резервные рецензенты назначаются с помощью свойства stageSettings .
instanceEnumerationScope
accessReviewScope
В случае проверки всех групп это определяет область действия групп, которые будут проверяться. См. раздел accessReviewScope , а также сведения о настройке области определения проверки доступа .
Авторам
коллекция accessReviewReviewerScope
Определяет, кто являются рецензентами. Если ни один из них не указан, проверка выполняется самостоятельно (пользователи просматривают собственный доступ). Примеры параметров назначения рецензентов см. в статье Назначение рецензентов определению проверки доступа с помощью API Microsoft Graph . ЗАМЕТКА: Значение этого свойства будет игнорироваться, если рецензенты назначаются с помощью свойства stageSettings .
область
accessReviewScope
Определяет сущности, доступ к которым проверяется. См. раздел accessReviewScope , а также сведения о настройке области определения проверки доступа . Обязательно.
stageSettings
коллекция accessReviewStageSettings
Определяет, сколько этапов будет иметь каждый экземпляр серии проверки доступа. Этапы создаются последовательно на основе свойства dependsOn . Каждый этап может иметь свой набор рецензентов, резервных рецензентов и параметров. accessReviewScheduleDefinition и его свойстве settings . Необязательный параметр.
settings
accessReviewScheduleSettings
Параметры для ряда проверок доступа. Здесь определяется повторение. См . раздел accessReviewScheduleSettings .
Отклик
В случае успешного выполнения этот метод возвращает код отклика 201 Created и объект accessReviewScheduleDefinition в тексте отклика.
Примеры
Пример 1. Создание проверки доступа в группе
В следующем примере создается проверка доступа со следующими параметрами:
Проверка проверяет всех членов группы с идентификатором 02f3bafb-448c-487c-88c2-5fd65ce49a41.
Проверяющим является конкретный пользователь с идентификатором 398164b1-5196-49dd-ada2-364b49f99b27 пользователя.
Он повторяется еженедельно и продолжается бесконечно.
Запрос
POST https://graph.microsoft.com/v1.0/identityGovernance/accessReviews/definitions
Content-type: application/json
{
"displayName": "Test create",
"descriptionForAdmins": "New scheduled access review",
"descriptionForReviewers": "If you have any questions, contact jerry@contoso.com",
"scope": {
"@odata.type": "#microsoft.graph.accessReviewQueryScope",
"query": "/groups/02f3bafb-448c-487c-88c2-5fd65ce49a41/transitiveMembers",
"queryType": "MicrosoftGraph"
},
"reviewers": [
{
"query": "/users/398164b1-5196-49dd-ada2-364b49f99b27",
"queryType": "MicrosoftGraph"
}
],
"settings": {
"mailNotificationsEnabled": true,
"reminderNotificationsEnabled": true,
"justificationRequiredOnApproval": true,
"defaultDecisionEnabled": false,
"defaultDecision": "None",
"instanceDurationInDays": 1,
"recommendationsEnabled": true,
"recurrence": {
"pattern": {
"type": "weekly",
"interval": 1
},
"range": {
"type": "noEnd",
"startDate": "2020-09-08T12:02:30.667Z"
}
}
}
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Models;
var requestBody = new AccessReviewScheduleDefinition
{
DisplayName = "Test create",
DescriptionForAdmins = "New scheduled access review",
DescriptionForReviewers = "If you have any questions, contact jerry@contoso.com",
Scope = new AccessReviewQueryScope
{
OdataType = "#microsoft.graph.accessReviewQueryScope",
Query = "/groups/02f3bafb-448c-487c-88c2-5fd65ce49a41/transitiveMembers",
QueryType = "MicrosoftGraph",
},
Reviewers = new List<AccessReviewReviewerScope>
{
new AccessReviewReviewerScope
{
Query = "/users/398164b1-5196-49dd-ada2-364b49f99b27",
QueryType = "MicrosoftGraph",
},
},
Settings = new AccessReviewScheduleSettings
{
MailNotificationsEnabled = true,
ReminderNotificationsEnabled = true,
JustificationRequiredOnApproval = true,
DefaultDecisionEnabled = false,
DefaultDecision = "None",
InstanceDurationInDays = 1,
RecommendationsEnabled = true,
Recurrence = new PatternedRecurrence
{
Pattern = new RecurrencePattern
{
Type = RecurrencePatternType.Weekly,
Interval = 1,
},
Range = new RecurrenceRange
{
Type = RecurrenceRangeType.NoEnd,
StartDate = new Date(DateTime.Parse("2020-09-08T12:02:30.667Z")),
},
},
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.AccessReviews.Definitions.PostAsync(requestBody);
Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider , см. в документации по SDK .
mgc identity-governance access-reviews definitions create --body '{\
"displayName": "Test create",\
"descriptionForAdmins": "New scheduled access review",\
"descriptionForReviewers": "If you have any questions, contact jerry@contoso.com",\
"scope": {\
"@odata.type": "#microsoft.graph.accessReviewQueryScope",\
"query": "/groups/02f3bafb-448c-487c-88c2-5fd65ce49a41/transitiveMembers",\
"queryType": "MicrosoftGraph"\
},\
"reviewers": [\
{\
"query": "/users/398164b1-5196-49dd-ada2-364b49f99b27",\
"queryType": "MicrosoftGraph"\
}\
], \
"settings": {\
"mailNotificationsEnabled": true,\
"reminderNotificationsEnabled": true,\
"justificationRequiredOnApproval": true,\
"defaultDecisionEnabled": false,\
"defaultDecision": "None",\
"instanceDurationInDays": 1,\
"recommendationsEnabled": true,\
"recurrence": {\
"pattern": {\
"type": "weekly",\
"interval": 1\
},\
"range": {\
"type": "noEnd",\
"startDate": "2020-09-08T12:02:30.667Z"\
}\
}\
}\
}\
'
Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider , см. в документации по SDK .
// Code snippets are only available for the latest major version. Current major version is $v1.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewAccessReviewScheduleDefinition()
displayName := "Test create"
requestBody.SetDisplayName(&displayName)
descriptionForAdmins := "New scheduled access review"
requestBody.SetDescriptionForAdmins(&descriptionForAdmins)
descriptionForReviewers := "If you have any questions, contact jerry@contoso.com"
requestBody.SetDescriptionForReviewers(&descriptionForReviewers)
scope := graphmodels.NewAccessReviewQueryScope()
query := "/groups/02f3bafb-448c-487c-88c2-5fd65ce49a41/transitiveMembers"
scope.SetQuery(&query)
queryType := "MicrosoftGraph"
scope.SetQueryType(&queryType)
requestBody.SetScope(scope)
accessReviewReviewerScope := graphmodels.NewAccessReviewReviewerScope()
query := "/users/398164b1-5196-49dd-ada2-364b49f99b27"
accessReviewReviewerScope.SetQuery(&query)
queryType := "MicrosoftGraph"
accessReviewReviewerScope.SetQueryType(&queryType)
reviewers := []graphmodels.AccessReviewReviewerScopeable {
accessReviewReviewerScope,
}
requestBody.SetReviewers(reviewers)
settings := graphmodels.NewAccessReviewScheduleSettings()
mailNotificationsEnabled := true
settings.SetMailNotificationsEnabled(&mailNotificationsEnabled)
reminderNotificationsEnabled := true
settings.SetReminderNotificationsEnabled(&reminderNotificationsEnabled)
justificationRequiredOnApproval := true
settings.SetJustificationRequiredOnApproval(&justificationRequiredOnApproval)
defaultDecisionEnabled := false
settings.SetDefaultDecisionEnabled(&defaultDecisionEnabled)
defaultDecision := "None"
settings.SetDefaultDecision(&defaultDecision)
instanceDurationInDays := int32(1)
settings.SetInstanceDurationInDays(&instanceDurationInDays)
recommendationsEnabled := true
settings.SetRecommendationsEnabled(&recommendationsEnabled)
recurrence := graphmodels.NewPatternedRecurrence()
pattern := graphmodels.NewRecurrencePattern()
type := graphmodels.WEEKLY_RECURRENCEPATTERNTYPE
pattern.SetType(&type)
interval := int32(1)
pattern.SetInterval(&interval)
recurrence.SetPattern(pattern)
range := graphmodels.NewRecurrenceRange()
type := graphmodels.NOEND_RECURRENCERANGETYPE
range.SetType(&type)
startDate := 2020-09-08T12:02:30.667Z
range.SetStartDate(&startDate)
recurrence.SetRange(range)
settings.SetRecurrence(recurrence)
requestBody.SetSettings(settings)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
definitions, err := graphClient.IdentityGovernance().AccessReviews().Definitions().Post(context.Background(), requestBody, nil)
Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider , см. в документации по SDK .
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
AccessReviewScheduleDefinition accessReviewScheduleDefinition = new AccessReviewScheduleDefinition();
accessReviewScheduleDefinition.setDisplayName("Test create");
accessReviewScheduleDefinition.setDescriptionForAdmins("New scheduled access review");
accessReviewScheduleDefinition.setDescriptionForReviewers("If you have any questions, contact jerry@contoso.com");
AccessReviewQueryScope scope = new AccessReviewQueryScope();
scope.setOdataType("#microsoft.graph.accessReviewQueryScope");
scope.setQuery("/groups/02f3bafb-448c-487c-88c2-5fd65ce49a41/transitiveMembers");
scope.setQueryType("MicrosoftGraph");
accessReviewScheduleDefinition.setScope(scope);
LinkedList<AccessReviewReviewerScope> reviewers = new LinkedList<AccessReviewReviewerScope>();
AccessReviewReviewerScope accessReviewReviewerScope = new AccessReviewReviewerScope();
accessReviewReviewerScope.setQuery("/users/398164b1-5196-49dd-ada2-364b49f99b27");
accessReviewReviewerScope.setQueryType("MicrosoftGraph");
reviewers.add(accessReviewReviewerScope);
accessReviewScheduleDefinition.setReviewers(reviewers);
AccessReviewScheduleSettings settings = new AccessReviewScheduleSettings();
settings.setMailNotificationsEnabled(true);
settings.setReminderNotificationsEnabled(true);
settings.setJustificationRequiredOnApproval(true);
settings.setDefaultDecisionEnabled(false);
settings.setDefaultDecision("None");
settings.setInstanceDurationInDays(1);
settings.setRecommendationsEnabled(true);
PatternedRecurrence recurrence = new PatternedRecurrence();
RecurrencePattern pattern = new RecurrencePattern();
pattern.setType(RecurrencePatternType.Weekly);
pattern.setInterval(1);
recurrence.setPattern(pattern);
RecurrenceRange range = new RecurrenceRange();
range.setType(RecurrenceRangeType.NoEnd);
LocalDate startDate = LocalDate.parse("2020-09-08T12:02:30.667Z");
range.setStartDate(startDate);
recurrence.setRange(range);
settings.setRecurrence(recurrence);
accessReviewScheduleDefinition.setSettings(settings);
AccessReviewScheduleDefinition result = graphClient.identityGovernance().accessReviews().definitions().post(accessReviewScheduleDefinition);
Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider , см. в документации по SDK .
const options = {
authProvider,
};
const client = Client.init(options);
const accessReviewScheduleDefinition = {
displayName: 'Test create',
descriptionForAdmins: 'New scheduled access review',
descriptionForReviewers: 'If you have any questions, contact jerry@contoso.com',
scope: {
'@odata.type': '#microsoft.graph.accessReviewQueryScope',
query: '/groups/02f3bafb-448c-487c-88c2-5fd65ce49a41/transitiveMembers',
queryType: 'MicrosoftGraph'
},
reviewers: [
{
query: '/users/398164b1-5196-49dd-ada2-364b49f99b27',
queryType: 'MicrosoftGraph'
}
],
settings: {
mailNotificationsEnabled: true,
reminderNotificationsEnabled: true,
justificationRequiredOnApproval: true,
defaultDecisionEnabled: false,
defaultDecision: 'None',
instanceDurationInDays: 1,
recommendationsEnabled: true,
recurrence: {
pattern: {
type: 'weekly',
interval: 1
},
range: {
type: 'noEnd',
startDate: '2020-09-08T12:02:30.667Z'
}
}
}
};
await client.api('/identityGovernance/accessReviews/definitions')
.post(accessReviewScheduleDefinition);
Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider , см. в документации по SDK .
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\AccessReviewScheduleDefinition;
use Microsoft\Graph\Generated\Models\AccessReviewQueryScope;
use Microsoft\Graph\Generated\Models\AccessReviewReviewerScope;
use Microsoft\Graph\Generated\Models\AccessReviewScheduleSettings;
use Microsoft\Graph\Generated\Models\PatternedRecurrence;
use Microsoft\Graph\Generated\Models\RecurrencePattern;
use Microsoft\Graph\Generated\Models\RecurrencePatternType;
use Microsoft\Graph\Generated\Models\RecurrenceRange;
use Microsoft\Graph\Generated\Models\RecurrenceRangeType;
use Microsoft\Kiota\Abstractions\Types\Date;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new AccessReviewScheduleDefinition();
$requestBody->setDisplayName('Test create');
$requestBody->setDescriptionForAdmins('New scheduled access review');
$requestBody->setDescriptionForReviewers('If you have any questions, contact jerry@contoso.com');
$scope = new AccessReviewQueryScope();
$scope->setOdataType('#microsoft.graph.accessReviewQueryScope');
$scope->setQuery('/groups/02f3bafb-448c-487c-88c2-5fd65ce49a41/transitiveMembers');
$scope->setQueryType('MicrosoftGraph');
$requestBody->setScope($scope);
$reviewersAccessReviewReviewerScope1 = new AccessReviewReviewerScope();
$reviewersAccessReviewReviewerScope1->setQuery('/users/398164b1-5196-49dd-ada2-364b49f99b27');
$reviewersAccessReviewReviewerScope1->setQueryType('MicrosoftGraph');
$reviewersArray []= $reviewersAccessReviewReviewerScope1;
$requestBody->setReviewers($reviewersArray);
$settings = new AccessReviewScheduleSettings();
$settings->setMailNotificationsEnabled(true);
$settings->setReminderNotificationsEnabled(true);
$settings->setJustificationRequiredOnApproval(true);
$settings->setDefaultDecisionEnabled(false);
$settings->setDefaultDecision('None');
$settings->setInstanceDurationInDays(1);
$settings->setRecommendationsEnabled(true);
$settingsRecurrence = new PatternedRecurrence();
$settingsRecurrencePattern = new RecurrencePattern();
$settingsRecurrencePattern->setType(new RecurrencePatternType('weekly'));
$settingsRecurrencePattern->setInterval(1);
$settingsRecurrence->setPattern($settingsRecurrencePattern);
$settingsRecurrenceRange = new RecurrenceRange();
$settingsRecurrenceRange->setType(new RecurrenceRangeType('noEnd'));
$settingsRecurrenceRange->setStartDate(new Date('2020-09-08T12:02:30.667Z'));
$settingsRecurrence->setRange($settingsRecurrenceRange);
$settings->setRecurrence($settingsRecurrence);
$requestBody->setSettings($settings);
$result = $graphServiceClient->identityGovernance()->accessReviews()->definitions()->post($requestBody)->wait();
Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider , см. в документации по SDK .
Import-Module Microsoft.Graph.Identity.Governance
$params = @{
displayName = "Test create"
descriptionForAdmins = "New scheduled access review"
descriptionForReviewers = "If you have any questions, contact jerry@contoso.com"
scope = @{
"@odata.type" = "#microsoft.graph.accessReviewQueryScope"
query = "/groups/02f3bafb-448c-487c-88c2-5fd65ce49a41/transitiveMembers"
queryType = "MicrosoftGraph"
}
reviewers = @(
@{
query = "/users/398164b1-5196-49dd-ada2-364b49f99b27"
queryType = "MicrosoftGraph"
}
)
settings = @{
mailNotificationsEnabled = $true
reminderNotificationsEnabled = $true
justificationRequiredOnApproval = $true
defaultDecisionEnabled = $false
defaultDecision = "None"
instanceDurationInDays = 1
recommendationsEnabled = $true
recurrence = @{
pattern = @{
type = "weekly"
interval = 1
}
range = @{
type = "noEnd"
startDate = "2020-09-08T12:02:30.667Z"
}
}
}
}
New-MgIdentityGovernanceAccessReviewDefinition -BodyParameter $params
Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider , см. в документации по SDK .
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.models.access_review_schedule_definition import AccessReviewScheduleDefinition
from msgraph.generated.models.access_review_query_scope import AccessReviewQueryScope
from msgraph.generated.models.access_review_reviewer_scope import AccessReviewReviewerScope
from msgraph.generated.models.access_review_schedule_settings import AccessReviewScheduleSettings
from msgraph.generated.models.patterned_recurrence import PatternedRecurrence
from msgraph.generated.models.recurrence_pattern import RecurrencePattern
from msgraph.generated.models.recurrence_pattern_type import RecurrencePatternType
from msgraph.generated.models.recurrence_range import RecurrenceRange
from msgraph.generated.models.recurrence_range_type import RecurrenceRangeType
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = AccessReviewScheduleDefinition(
display_name = "Test create",
description_for_admins = "New scheduled access review",
description_for_reviewers = "If you have any questions, contact jerry@contoso.com",
scope = AccessReviewQueryScope(
odata_type = "#microsoft.graph.accessReviewQueryScope",
query = "/groups/02f3bafb-448c-487c-88c2-5fd65ce49a41/transitiveMembers",
query_type = "MicrosoftGraph",
),
reviewers = [
AccessReviewReviewerScope(
query = "/users/398164b1-5196-49dd-ada2-364b49f99b27",
query_type = "MicrosoftGraph",
),
],
settings = AccessReviewScheduleSettings(
mail_notifications_enabled = True,
reminder_notifications_enabled = True,
justification_required_on_approval = True,
default_decision_enabled = False,
default_decision = "None",
instance_duration_in_days = 1,
recommendations_enabled = True,
recurrence = PatternedRecurrence(
pattern = RecurrencePattern(
type = RecurrencePatternType.Weekly,
interval = 1,
),
range = RecurrenceRange(
type = RecurrenceRangeType.NoEnd,
start_date = "2020-09-08T12:02:30.667Z",
),
),
),
)
result = await graph_client.identity_governance.access_reviews.definitions.post(request_body)
Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider , см. в документации по SDK .
Отклик
Примечание. Объект отклика, показанный здесь, может быть сокращен для удобочитаемости.
HTTP/1.1 201 Created
Content-type: application/json
{
"id": "29f2d16e-9ca6-4052-bbfe-802c48944448",
"displayName": "Test create",
"createdDateTime": "0001-01-01T00:00:00Z",
"lastModifiedDateTime": "0001-01-01T00:00:00Z",
"status": "NotStarted",
"descriptionForAdmins": "Test create",
"descriptionForReviewers": "Test create",
"instanceEnumerationScope": null,
"createdBy": {
"id": "957f1027-c0ee-460d-9269-b8444459e0fe",
"displayName": "MOD Administrator",
"userPrincipalName": "admin@contoso.com"
},
"scope": {
"@odata.type": "#microsoft.graph.accessReviewQueryScope",
"query": "/groups/b74444cb-038a-4802-8fc9-b9d1ed0cf11f/transitiveMembers",
"queryType": "MicrosoftGraph"
},
"reviewers": [
{
"query": "/users/7eae986b-d425-48b2-adf2-3c777f4444f3",
"queryType": "MicrosoftGraph",
"queryRoot": "decisions"
}
],
"settings": {
"mailNotificationsEnabled": true,
"reminderNotificationsEnabled": true,
"justificationRequiredOnApproval": true,
"defaultDecisionEnabled": false,
"defaultDecision": "None",
"instanceDurationInDays": 1,
"autoApplyDecisionsEnabled": false,
"recommendationsEnabled": true,
"recurrence": {
"pattern": {
"type": "weekly",
"interval": 1,
"month": 0,
"dayOfMonth": 0,
"daysOfWeek": [],
"firstDayOfWeek": "sunday",
"index": "first"
},
"range": {
"type": "noEnd",
"numberOfOccurrences": 0,
"recurrenceTimeZone": null,
"startDate": "2020-09-08",
"endDate": null
}
},
"applyActions": []
},
"additionalNotificationRecipients": []
}
Пример 2. Создание проверки доступа для всех команд с неактивными гостевыми пользователями
В следующем примере создается проверка доступа со следующими параметрами:
Проверка проверяет все команды с неактивными гостевыми пользователями. Период бездействия составляет 30 дней с даты начала проверки доступа.
Владельцами групп являются рецензенты, а резервные рецензенты назначаются.
Она повторяется на пятый день каждого квартала и продолжается бесконечно.
параметр autoApplyDecisionsEnabled имеет значение true , а для параметра defaultDecision — значение Deny.
Запрос
В тексте запроса укажите представление объекта accessReviewScheduleDefinition в формате JSON.
POST https://graph.microsoft.com/v1.0/identityGovernance/accessReviews/definitions
Content-type: application/json
{
"displayName": "Review inactive guests on teams",
"descriptionForAdmins": "Control guest user access to our teams.",
"descriptionForReviewers": "Information security is everyone's responsibility. Review our access policy for more.",
"instanceEnumerationScope": {
"@odata.type": "#microsoft.graph.accessReviewQueryScope",
"query": "/groups?$filter=(groupTypes/any(c:c+eq+'Unified') and resourceProvisioningOptions/Any(x:x eq 'Team')')",
"queryType": "MicrosoftGraph"
},
"scope": {
"@odata.type": "#microsoft.graph.accessReviewInactiveUsersQueryScope",
"query": "./members/microsoft.graph.user/?$filter=(userType eq 'Guest')",
"queryType": "MicrosoftGraph",
"inactiveDuration": "P30D"
},
"reviewers": [
{
"query": "./owners",
"queryType": "MicrosoftGraph"
}
],
"fallbackReviewers": [
{
"query": "/users/fc9a2c2b-1ddc-486d-a211-5fe8ca77fa1f",
"queryType": "MicrosoftGraph"
}
],
"settings": {
"mailNotificationsEnabled": true,
"reminderNotificationsEnabled": true,
"justificationRequiredOnApproval": true,
"recommendationsEnabled": true,
"instanceDurationInDays": 3,
"recurrence": {
"pattern": {
"type": "absoluteMonthly",
"dayOfMonth": 5,
"interval": 3
},
"range": {
"type": "noEnd",
"startDate": "2020-05-04T00:00:00.000Z"
}
},
"defaultDecisionEnabled": true,
"defaultDecision": "Deny",
"autoApplyDecisionsEnabled": true
}
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Models;
var requestBody = new AccessReviewScheduleDefinition
{
DisplayName = "Review inactive guests on teams",
DescriptionForAdmins = "Control guest user access to our teams.",
DescriptionForReviewers = "Information security is everyone's responsibility. Review our access policy for more.",
InstanceEnumerationScope = new AccessReviewQueryScope
{
OdataType = "#microsoft.graph.accessReviewQueryScope",
Query = "/groups?$filter=(groupTypes/any(c:c+eq+'Unified') and resourceProvisioningOptions/Any(x:x eq 'Team')')",
QueryType = "MicrosoftGraph",
},
Scope = new AccessReviewInactiveUsersQueryScope
{
OdataType = "#microsoft.graph.accessReviewInactiveUsersQueryScope",
Query = "./members/microsoft.graph.user/?$filter=(userType eq 'Guest')",
QueryType = "MicrosoftGraph",
InactiveDuration = TimeSpan.Parse("P30D"),
},
Reviewers = new List<AccessReviewReviewerScope>
{
new AccessReviewReviewerScope
{
Query = "./owners",
QueryType = "MicrosoftGraph",
},
},
FallbackReviewers = new List<AccessReviewReviewerScope>
{
new AccessReviewReviewerScope
{
Query = "/users/fc9a2c2b-1ddc-486d-a211-5fe8ca77fa1f",
QueryType = "MicrosoftGraph",
},
},
Settings = new AccessReviewScheduleSettings
{
MailNotificationsEnabled = true,
ReminderNotificationsEnabled = true,
JustificationRequiredOnApproval = true,
RecommendationsEnabled = true,
InstanceDurationInDays = 3,
Recurrence = new PatternedRecurrence
{
Pattern = new RecurrencePattern
{
Type = RecurrencePatternType.AbsoluteMonthly,
DayOfMonth = 5,
Interval = 3,
},
Range = new RecurrenceRange
{
Type = RecurrenceRangeType.NoEnd,
StartDate = new Date(DateTime.Parse("2020-05-04T00:00:00.000Z")),
},
},
DefaultDecisionEnabled = true,
DefaultDecision = "Deny",
AutoApplyDecisionsEnabled = true,
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.AccessReviews.Definitions.PostAsync(requestBody);
Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider , см. в документации по SDK .
mgc identity-governance access-reviews definitions create --body '{\
"displayName": "Review inactive guests on teams",\
"descriptionForAdmins": "Control guest user access to our teams.",\
"descriptionForReviewers": "Information security is everyone's responsibility. Review our access policy for more.",\
"instanceEnumerationScope": {\
"@odata.type": "#microsoft.graph.accessReviewQueryScope",\
"query": "/groups?$filter=(groupTypes/any(c:c+eq+'Unified') and resourceProvisioningOptions/Any(x:x eq 'Team')')",\
"queryType": "MicrosoftGraph"\
},\
"scope": {\
"@odata.type": "#microsoft.graph.accessReviewInactiveUsersQueryScope",\
"query": "./members/microsoft.graph.user/?$filter=(userType eq 'Guest')",\
"queryType": "MicrosoftGraph",\
"inactiveDuration": "P30D"\
},\
"reviewers": [\
{\
"query": "./owners",\
"queryType": "MicrosoftGraph"\
}\
],\
"fallbackReviewers": [\
{\
"query": "/users/fc9a2c2b-1ddc-486d-a211-5fe8ca77fa1f",\
"queryType": "MicrosoftGraph"\
}\
],\
"settings": {\
"mailNotificationsEnabled": true,\
"reminderNotificationsEnabled": true,\
"justificationRequiredOnApproval": true,\
"recommendationsEnabled": true,\
"instanceDurationInDays": 3,\
"recurrence": {\
"pattern": {\
"type": "absoluteMonthly",\
"dayOfMonth": 5,\
"interval": 3\
},\
"range": {\
"type": "noEnd",\
"startDate": "2020-05-04T00:00:00.000Z"\
}\
},\
"defaultDecisionEnabled": true,\
"defaultDecision": "Deny",\
"autoApplyDecisionsEnabled": true\
}\
}\
'
Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider , см. в документации по SDK .
// Code snippets are only available for the latest major version. Current major version is $v1.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewAccessReviewScheduleDefinition()
displayName := "Review inactive guests on teams"
requestBody.SetDisplayName(&displayName)
descriptionForAdmins := "Control guest user access to our teams."
requestBody.SetDescriptionForAdmins(&descriptionForAdmins)
descriptionForReviewers := "Information security is everyone's responsibility. Review our access policy for more."
requestBody.SetDescriptionForReviewers(&descriptionForReviewers)
instanceEnumerationScope := graphmodels.NewAccessReviewQueryScope()
query := "/groups?$filter=(groupTypes/any(c:c+eq+'Unified') and resourceProvisioningOptions/Any(x:x eq 'Team')')"
instanceEnumerationScope.SetQuery(&query)
queryType := "MicrosoftGraph"
instanceEnumerationScope.SetQueryType(&queryType)
requestBody.SetInstanceEnumerationScope(instanceEnumerationScope)
scope := graphmodels.NewAccessReviewInactiveUsersQueryScope()
query := "./members/microsoft.graph.user/?$filter=(userType eq 'Guest')"
scope.SetQuery(&query)
queryType := "MicrosoftGraph"
scope.SetQueryType(&queryType)
inactiveDuration , err := abstractions.ParseISODuration("P30D")
scope.SetInactiveDuration(&inactiveDuration)
requestBody.SetScope(scope)
accessReviewReviewerScope := graphmodels.NewAccessReviewReviewerScope()
query := "./owners"
accessReviewReviewerScope.SetQuery(&query)
queryType := "MicrosoftGraph"
accessReviewReviewerScope.SetQueryType(&queryType)
reviewers := []graphmodels.AccessReviewReviewerScopeable {
accessReviewReviewerScope,
}
requestBody.SetReviewers(reviewers)
accessReviewReviewerScope := graphmodels.NewAccessReviewReviewerScope()
query := "/users/fc9a2c2b-1ddc-486d-a211-5fe8ca77fa1f"
accessReviewReviewerScope.SetQuery(&query)
queryType := "MicrosoftGraph"
accessReviewReviewerScope.SetQueryType(&queryType)
fallbackReviewers := []graphmodels.AccessReviewReviewerScopeable {
accessReviewReviewerScope,
}
requestBody.SetFallbackReviewers(fallbackReviewers)
settings := graphmodels.NewAccessReviewScheduleSettings()
mailNotificationsEnabled := true
settings.SetMailNotificationsEnabled(&mailNotificationsEnabled)
reminderNotificationsEnabled := true
settings.SetReminderNotificationsEnabled(&reminderNotificationsEnabled)
justificationRequiredOnApproval := true
settings.SetJustificationRequiredOnApproval(&justificationRequiredOnApproval)
recommendationsEnabled := true
settings.SetRecommendationsEnabled(&recommendationsEnabled)
instanceDurationInDays := int32(3)
settings.SetInstanceDurationInDays(&instanceDurationInDays)
recurrence := graphmodels.NewPatternedRecurrence()
pattern := graphmodels.NewRecurrencePattern()
type := graphmodels.ABSOLUTEMONTHLY_RECURRENCEPATTERNTYPE
pattern.SetType(&type)
dayOfMonth := int32(5)
pattern.SetDayOfMonth(&dayOfMonth)
interval := int32(3)
pattern.SetInterval(&interval)
recurrence.SetPattern(pattern)
range := graphmodels.NewRecurrenceRange()
type := graphmodels.NOEND_RECURRENCERANGETYPE
range.SetType(&type)
startDate := 2020-05-04T00:00:00.000Z
range.SetStartDate(&startDate)
recurrence.SetRange(range)
settings.SetRecurrence(recurrence)
defaultDecisionEnabled := true
settings.SetDefaultDecisionEnabled(&defaultDecisionEnabled)
defaultDecision := "Deny"
settings.SetDefaultDecision(&defaultDecision)
autoApplyDecisionsEnabled := true
settings.SetAutoApplyDecisionsEnabled(&autoApplyDecisionsEnabled)
requestBody.SetSettings(settings)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
definitions, err := graphClient.IdentityGovernance().AccessReviews().Definitions().Post(context.Background(), requestBody, nil)
Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider , см. в документации по SDK .
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
AccessReviewScheduleDefinition accessReviewScheduleDefinition = new AccessReviewScheduleDefinition();
accessReviewScheduleDefinition.setDisplayName("Review inactive guests on teams");
accessReviewScheduleDefinition.setDescriptionForAdmins("Control guest user access to our teams.");
accessReviewScheduleDefinition.setDescriptionForReviewers("Information security is everyone's responsibility. Review our access policy for more.");
AccessReviewQueryScope instanceEnumerationScope = new AccessReviewQueryScope();
instanceEnumerationScope.setOdataType("#microsoft.graph.accessReviewQueryScope");
instanceEnumerationScope.setQuery("/groups?$filter=(groupTypes/any(c:c+eq+'Unified') and resourceProvisioningOptions/Any(x:x eq 'Team')')");
instanceEnumerationScope.setQueryType("MicrosoftGraph");
accessReviewScheduleDefinition.setInstanceEnumerationScope(instanceEnumerationScope);
AccessReviewInactiveUsersQueryScope scope = new AccessReviewInactiveUsersQueryScope();
scope.setOdataType("#microsoft.graph.accessReviewInactiveUsersQueryScope");
scope.setQuery("./members/microsoft.graph.user/?$filter=(userType eq 'Guest')");
scope.setQueryType("MicrosoftGraph");
PeriodAndDuration inactiveDuration = PeriodAndDuration.ofDuration(Duration.parse("P30D"));
scope.setInactiveDuration(inactiveDuration);
accessReviewScheduleDefinition.setScope(scope);
LinkedList<AccessReviewReviewerScope> reviewers = new LinkedList<AccessReviewReviewerScope>();
AccessReviewReviewerScope accessReviewReviewerScope = new AccessReviewReviewerScope();
accessReviewReviewerScope.setQuery("./owners");
accessReviewReviewerScope.setQueryType("MicrosoftGraph");
reviewers.add(accessReviewReviewerScope);
accessReviewScheduleDefinition.setReviewers(reviewers);
LinkedList<AccessReviewReviewerScope> fallbackReviewers = new LinkedList<AccessReviewReviewerScope>();
AccessReviewReviewerScope accessReviewReviewerScope1 = new AccessReviewReviewerScope();
accessReviewReviewerScope1.setQuery("/users/fc9a2c2b-1ddc-486d-a211-5fe8ca77fa1f");
accessReviewReviewerScope1.setQueryType("MicrosoftGraph");
fallbackReviewers.add(accessReviewReviewerScope1);
accessReviewScheduleDefinition.setFallbackReviewers(fallbackReviewers);
AccessReviewScheduleSettings settings = new AccessReviewScheduleSettings();
settings.setMailNotificationsEnabled(true);
settings.setReminderNotificationsEnabled(true);
settings.setJustificationRequiredOnApproval(true);
settings.setRecommendationsEnabled(true);
settings.setInstanceDurationInDays(3);
PatternedRecurrence recurrence = new PatternedRecurrence();
RecurrencePattern pattern = new RecurrencePattern();
pattern.setType(RecurrencePatternType.AbsoluteMonthly);
pattern.setDayOfMonth(5);
pattern.setInterval(3);
recurrence.setPattern(pattern);
RecurrenceRange range = new RecurrenceRange();
range.setType(RecurrenceRangeType.NoEnd);
LocalDate startDate = LocalDate.parse("2020-05-04T00:00:00.000Z");
range.setStartDate(startDate);
recurrence.setRange(range);
settings.setRecurrence(recurrence);
settings.setDefaultDecisionEnabled(true);
settings.setDefaultDecision("Deny");
settings.setAutoApplyDecisionsEnabled(true);
accessReviewScheduleDefinition.setSettings(settings);
AccessReviewScheduleDefinition result = graphClient.identityGovernance().accessReviews().definitions().post(accessReviewScheduleDefinition);
Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider , см. в документации по SDK .
const options = {
authProvider,
};
const client = Client.init(options);
const accessReviewScheduleDefinition = {
displayName: 'Review inactive guests on teams',
descriptionForAdmins: 'Control guest user access to our teams.',
descriptionForReviewers: 'Information security is everyone\'s responsibility. Review our access policy for more.',
instanceEnumerationScope: {
'@odata.type': '#microsoft.graph.accessReviewQueryScope',
query: '/groups?$filter=(groupTypes/any(c:c+eq+\'Unified\') and resourceProvisioningOptions/Any(x:x eq \'Team\')\')',
queryType: 'MicrosoftGraph'
},
scope: {
'@odata.type': '#microsoft.graph.accessReviewInactiveUsersQueryScope',
query: './members/microsoft.graph.user/?$filter=(userType eq \'Guest\')',
queryType: 'MicrosoftGraph',
inactiveDuration: 'P30D'
},
reviewers: [
{
query: './owners',
queryType: 'MicrosoftGraph'
}
],
fallbackReviewers: [
{
query: '/users/fc9a2c2b-1ddc-486d-a211-5fe8ca77fa1f',
queryType: 'MicrosoftGraph'
}
],
settings: {
mailNotificationsEnabled: true,
reminderNotificationsEnabled: true,
justificationRequiredOnApproval: true,
recommendationsEnabled: true,
instanceDurationInDays: 3,
recurrence: {
pattern: {
type: 'absoluteMonthly',
dayOfMonth: 5,
interval: 3
},
range: {
type: 'noEnd',
startDate: '2020-05-04T00:00:00.000Z'
}
},
defaultDecisionEnabled: true,
defaultDecision: 'Deny',
autoApplyDecisionsEnabled: true
}
};
await client.api('/identityGovernance/accessReviews/definitions')
.post(accessReviewScheduleDefinition);
Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider , см. в документации по SDK .
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\AccessReviewScheduleDefinition;
use Microsoft\Graph\Generated\Models\AccessReviewQueryScope;
use Microsoft\Graph\Generated\Models\AccessReviewInactiveUsersQueryScope;
use Microsoft\Graph\Generated\Models\AccessReviewReviewerScope;
use Microsoft\Graph\Generated\Models\AccessReviewScheduleSettings;
use Microsoft\Graph\Generated\Models\PatternedRecurrence;
use Microsoft\Graph\Generated\Models\RecurrencePattern;
use Microsoft\Graph\Generated\Models\RecurrencePatternType;
use Microsoft\Graph\Generated\Models\RecurrenceRange;
use Microsoft\Graph\Generated\Models\RecurrenceRangeType;
use Microsoft\Kiota\Abstractions\Types\Date;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new AccessReviewScheduleDefinition();
$requestBody->setDisplayName('Review inactive guests on teams');
$requestBody->setDescriptionForAdmins('Control guest user access to our teams.');
$requestBody->setDescriptionForReviewers('Information security is everyone\'s responsibility. Review our access policy for more.');
$instanceEnumerationScope = new AccessReviewQueryScope();
$instanceEnumerationScope->setOdataType('#microsoft.graph.accessReviewQueryScope');
$instanceEnumerationScope->setQuery('/groups?$filter=(groupTypes/any(c:c+eq+\'Unified\') and resourceProvisioningOptions/Any(x:x eq \'Team\')\')');
$instanceEnumerationScope->setQueryType('MicrosoftGraph');
$requestBody->setInstanceEnumerationScope($instanceEnumerationScope);
$scope = new AccessReviewInactiveUsersQueryScope();
$scope->setOdataType('#microsoft.graph.accessReviewInactiveUsersQueryScope');
$scope->setQuery('./members/microsoft.graph.user/?$filter=(userType eq \'Guest\')');
$scope->setQueryType('MicrosoftGraph');
$scope->setInactiveDuration(new \DateInterval('P30D'));
$requestBody->setScope($scope);
$reviewersAccessReviewReviewerScope1 = new AccessReviewReviewerScope();
$reviewersAccessReviewReviewerScope1->setQuery('./owners');
$reviewersAccessReviewReviewerScope1->setQueryType('MicrosoftGraph');
$reviewersArray []= $reviewersAccessReviewReviewerScope1;
$requestBody->setReviewers($reviewersArray);
$fallbackReviewersAccessReviewReviewerScope1 = new AccessReviewReviewerScope();
$fallbackReviewersAccessReviewReviewerScope1->setQuery('/users/fc9a2c2b-1ddc-486d-a211-5fe8ca77fa1f');
$fallbackReviewersAccessReviewReviewerScope1->setQueryType('MicrosoftGraph');
$fallbackReviewersArray []= $fallbackReviewersAccessReviewReviewerScope1;
$requestBody->setFallbackReviewers($fallbackReviewersArray);
$settings = new AccessReviewScheduleSettings();
$settings->setMailNotificationsEnabled(true);
$settings->setReminderNotificationsEnabled(true);
$settings->setJustificationRequiredOnApproval(true);
$settings->setRecommendationsEnabled(true);
$settings->setInstanceDurationInDays(3);
$settingsRecurrence = new PatternedRecurrence();
$settingsRecurrencePattern = new RecurrencePattern();
$settingsRecurrencePattern->setType(new RecurrencePatternType('absoluteMonthly'));
$settingsRecurrencePattern->setDayOfMonth(5);
$settingsRecurrencePattern->setInterval(3);
$settingsRecurrence->setPattern($settingsRecurrencePattern);
$settingsRecurrenceRange = new RecurrenceRange();
$settingsRecurrenceRange->setType(new RecurrenceRangeType('noEnd'));
$settingsRecurrenceRange->setStartDate(new Date('2020-05-04T00:00:00.000Z'));
$settingsRecurrence->setRange($settingsRecurrenceRange);
$settings->setRecurrence($settingsRecurrence);
$settings->setDefaultDecisionEnabled(true);
$settings->setDefaultDecision('Deny');
$settings->setAutoApplyDecisionsEnabled(true);
$requestBody->setSettings($settings);
$result = $graphServiceClient->identityGovernance()->accessReviews()->definitions()->post($requestBody)->wait();
Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider , см. в документации по SDK .
Import-Module Microsoft.Graph.Identity.Governance
$params = @{
displayName = "Review inactive guests on teams"
descriptionForAdmins = "Control guest user access to our teams."
descriptionForReviewers = "Information security is everyone's responsibility. Review our access policy for more."
instanceEnumerationScope = @{
"@odata.type" = "#microsoft.graph.accessReviewQueryScope"
query = "/groups?$filter=(groupTypes/any(c:c+eq+'Unified') and resourceProvisioningOptions/Any(x:x eq 'Team')')"
queryType = "MicrosoftGraph"
}
scope = @{
"@odata.type" = "#microsoft.graph.accessReviewInactiveUsersQueryScope"
query = "./members/microsoft.graph.user/?$filter=(userType eq 'Guest')"
queryType = "MicrosoftGraph"
inactiveDuration = "P30D"
}
reviewers = @(
@{
query = "./owners"
queryType = "MicrosoftGraph"
}
)
fallbackReviewers = @(
@{
query = "/users/fc9a2c2b-1ddc-486d-a211-5fe8ca77fa1f"
queryType = "MicrosoftGraph"
}
)
settings = @{
mailNotificationsEnabled = $true
reminderNotificationsEnabled = $true
justificationRequiredOnApproval = $true
recommendationsEnabled = $true
instanceDurationInDays = 3
recurrence = @{
pattern = @{
type = "absoluteMonthly"
dayOfMonth = 5
interval = 3
}
range = @{
type = "noEnd"
startDate = "2020-05-04T00:00:00.000Z"
}
}
defaultDecisionEnabled = $true
defaultDecision = "Deny"
autoApplyDecisionsEnabled = $true
}
}
New-MgIdentityGovernanceAccessReviewDefinition -BodyParameter $params
Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider , см. в документации по SDK .
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.models.access_review_schedule_definition import AccessReviewScheduleDefinition
from msgraph.generated.models.access_review_query_scope import AccessReviewQueryScope
from msgraph.generated.models.access_review_inactive_users_query_scope import AccessReviewInactiveUsersQueryScope
from msgraph.generated.models.access_review_reviewer_scope import AccessReviewReviewerScope
from msgraph.generated.models.access_review_schedule_settings import AccessReviewScheduleSettings
from msgraph.generated.models.patterned_recurrence import PatternedRecurrence
from msgraph.generated.models.recurrence_pattern import RecurrencePattern
from msgraph.generated.models.recurrence_pattern_type import RecurrencePatternType
from msgraph.generated.models.recurrence_range import RecurrenceRange
from msgraph.generated.models.recurrence_range_type import RecurrenceRangeType
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = AccessReviewScheduleDefinition(
display_name = "Review inactive guests on teams",
description_for_admins = "Control guest user access to our teams.",
description_for_reviewers = "Information security is everyone's responsibility. Review our access policy for more.",
instance_enumeration_scope = AccessReviewQueryScope(
odata_type = "#microsoft.graph.accessReviewQueryScope",
query = "/groups?$filter=(groupTypes/any(c:c+eq+'Unified') and resourceProvisioningOptions/Any(x:x eq 'Team')')",
query_type = "MicrosoftGraph",
),
scope = AccessReviewInactiveUsersQueryScope(
odata_type = "#microsoft.graph.accessReviewInactiveUsersQueryScope",
query = "./members/microsoft.graph.user/?$filter=(userType eq 'Guest')",
query_type = "MicrosoftGraph",
inactive_duration = "P30D",
),
reviewers = [
AccessReviewReviewerScope(
query = "./owners",
query_type = "MicrosoftGraph",
),
],
fallback_reviewers = [
AccessReviewReviewerScope(
query = "/users/fc9a2c2b-1ddc-486d-a211-5fe8ca77fa1f",
query_type = "MicrosoftGraph",
),
],
settings = AccessReviewScheduleSettings(
mail_notifications_enabled = True,
reminder_notifications_enabled = True,
justification_required_on_approval = True,
recommendations_enabled = True,
instance_duration_in_days = 3,
recurrence = PatternedRecurrence(
pattern = RecurrencePattern(
type = RecurrencePatternType.AbsoluteMonthly,
day_of_month = 5,
interval = 3,
),
range = RecurrenceRange(
type = RecurrenceRangeType.NoEnd,
start_date = "2020-05-04T00:00:00.000Z",
),
),
default_decision_enabled = True,
default_decision = "Deny",
auto_apply_decisions_enabled = True,
),
)
result = await graph_client.identity_governance.access_reviews.definitions.post(request_body)
Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider , см. в документации по SDK .
Отклик
Примечание. Объект отклика, показанный здесь, может быть сокращен для удобочитаемости.
HTTP/1.1 201 Created
Content-type: application/json
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#identityGovernance/accessReviews/definitions/$entity",
"id": "b0966e21-a01e-43c9-8f8b-9ba30ed5710a",
"displayName": "Review inactive guests on teams",
"createdDateTime": "2021-05-04T18:27:02.6719849Z",
"lastModifiedDateTime": "2021-05-04T18:27:24.0889623Z",
"status": "InProgress",
"descriptionForAdmins": "Control guest user access to our teams.",
"descriptionForReviewers": "Information security is everyone's responsibility. Review our access policy for more.",
"createdBy": {
"id": "fc9a2c2b-1ddc-486d-a211-5fe8ca77fa1f",
"displayName": "MOD Administrator",
"userPrincipalName": "admin@contoso.com"
},
"scope": {
"@odata.type": "#microsoft.graph.accessReviewInactiveUsersQueryScope",
"query": "./members/microsoft.graph.user/?$count=true&$filter=(userType eq 'Guest')",
"queryType": "MicrosoftGraph",
"queryRoot": null,
"inactiveDuration": "P30D"
},
"instanceEnumerationScope": {
"@odata.type": "#microsoft.graph.accessReviewQueryScope",
"query": "/groups?$filter=(groupTypes/any(c:c+eq+'Unified') and resourceProvisioningOptions/Any(x:x eq 'Team'))&$count=true",
"queryType": "MicrosoftGraph",
"queryRoot": null
},
"reviewers": [
{
"query": "./owners",
"queryType": "MicrosoftGraph",
"queryRoot": null
}
],
"backupReviewers": [],
"fallbackReviewers": [
{
"query": "/users/fc9a2c2b-1ddc-486d-a211-5fe8ca77fa1f",
"queryType": "MicrosoftGraph",
"queryRoot": null
}
],
"settings": {
"mailNotificationsEnabled": true,
"reminderNotificationsEnabled": true,
"justificationRequiredOnApproval": true,
"defaultDecisionEnabled": true,
"defaultDecision": "Deny",
"instanceDurationInDays": 3,
"autoApplyDecisionsEnabled": true,
"recommendationsEnabled": true,
"recurrence": {
"pattern": {
"type": "absoluteMonthly",
"interval": 3,
"month": 0,
"dayOfMonth": 5,
"daysOfWeek": [],
"firstDayOfWeek": "sunday",
"index": "first"
},
"range": {
"type": "noEnd",
"numberOfOccurrences": 0,
"recurrenceTimeZone": null,
"startDate": "2021-05-05",
"endDate": "null"
}
},
"applyActions": []
},
"additionalNotificationRecipients": []
}
Пример 3. Создание проверки доступа всех пользователей к приложению
В следующем примере создается проверка доступа со следующими параметрами:
Проверка проверяет доступ пользователей к приложению.
Руководители людей являются рецензентами, а резервные рецензенты являются членами группы.
Он повторяется в течение полугода и заканчивается через 1 год с момента началаDate.
Запрос
POST https://graph.microsoft.com/v1.0/identityGovernance/accessReviews/definitions
Content-type: application/json
{
"displayName": "Review employee access to LinkedIn",
"descriptionForAdmins": "Review employee access to LinkedIn",
"scope": {
"@odata.type": "#microsoft.graph.principalResourceMembershipsScope",
"principalScopes": [
{
"@odata.type": "#microsoft.graph.accessReviewQueryScope",
"query": "/users",
"queryType": "MicrosoftGraph"
}
],
"resourceScopes": [
{
"@odata.type": "#microsoft.graph.accessReviewQueryScope",
"query": "/servicePrincipals/bae11f90-7d5d-46ba-9f55-8112b59d92ae",
"queryType": "MicrosoftGraph"
}
]
},
"reviewers": [
{
"query": "./manager",
"queryType": "MicrosoftGraph",
"queryRoot": "decisions"
}
],
"backupReviewers": [
{
"query": "/groups/072ac5f4-3f13-4088-ab30-0a276f3e6322/transitiveMembers",
"queryType": "MicrosoftGraph"
}
],
"fallbackReviewers": [
{
"query": "/groups/072ac5f4-3f13-4088-ab30-0a276f3e6322/transitiveMembers",
"queryType": "MicrosoftGraph"
}
],
"settings": {
"mailNotificationsEnabled": true,
"reminderNotificationsEnabled": true,
"justificationRequiredOnApproval": true,
"defaultDecisionEnabled": true,
"defaultDecision": "Recommendation",
"instanceDurationInDays": 180,
"autoApplyDecisionsEnabled": true,
"recommendationsEnabled": true,
"recurrence": {
"pattern": {
"type": "absoluteMonthly",
"interval": 6,
"dayOfMonth": 0
},
"range": {
"type": "numbered",
"startDate": "2021-05-05",
"endDate": "2022-05-05"
}
}
}
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Models;
using Microsoft.Kiota.Abstractions.Serialization;
var requestBody = new AccessReviewScheduleDefinition
{
DisplayName = "Review employee access to LinkedIn",
DescriptionForAdmins = "Review employee access to LinkedIn",
Scope = new PrincipalResourceMembershipsScope
{
OdataType = "#microsoft.graph.principalResourceMembershipsScope",
PrincipalScopes = new List<AccessReviewScope>
{
new AccessReviewQueryScope
{
OdataType = "#microsoft.graph.accessReviewQueryScope",
Query = "/users",
QueryType = "MicrosoftGraph",
},
},
ResourceScopes = new List<AccessReviewScope>
{
new AccessReviewQueryScope
{
OdataType = "#microsoft.graph.accessReviewQueryScope",
Query = "/servicePrincipals/bae11f90-7d5d-46ba-9f55-8112b59d92ae",
QueryType = "MicrosoftGraph",
},
},
},
Reviewers = new List<AccessReviewReviewerScope>
{
new AccessReviewReviewerScope
{
Query = "./manager",
QueryType = "MicrosoftGraph",
QueryRoot = "decisions",
},
},
FallbackReviewers = new List<AccessReviewReviewerScope>
{
new AccessReviewReviewerScope
{
Query = "/groups/072ac5f4-3f13-4088-ab30-0a276f3e6322/transitiveMembers",
QueryType = "MicrosoftGraph",
},
},
Settings = new AccessReviewScheduleSettings
{
MailNotificationsEnabled = true,
ReminderNotificationsEnabled = true,
JustificationRequiredOnApproval = true,
DefaultDecisionEnabled = true,
DefaultDecision = "Recommendation",
InstanceDurationInDays = 180,
AutoApplyDecisionsEnabled = true,
RecommendationsEnabled = true,
Recurrence = new PatternedRecurrence
{
Pattern = new RecurrencePattern
{
Type = RecurrencePatternType.AbsoluteMonthly,
Interval = 6,
DayOfMonth = 0,
},
Range = new RecurrenceRange
{
Type = RecurrenceRangeType.Numbered,
StartDate = new Date(DateTime.Parse("2021-05-05")),
EndDate = new Date(DateTime.Parse("2022-05-05")),
},
},
},
AdditionalData = new Dictionary<string, object>
{
{
"backupReviewers" , new List<object>
{
new UntypedObject(new Dictionary<string, UntypedNode>
{
{
"query", new UntypedString("/groups/072ac5f4-3f13-4088-ab30-0a276f3e6322/transitiveMembers")
},
{
"queryType", new UntypedString("MicrosoftGraph")
},
}),
}
},
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.AccessReviews.Definitions.PostAsync(requestBody);
Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider , см. в документации по SDK .
mgc identity-governance access-reviews definitions create --body '{\
"displayName": "Review employee access to LinkedIn",\
"descriptionForAdmins": "Review employee access to LinkedIn",\
"scope": {\
"@odata.type": "#microsoft.graph.principalResourceMembershipsScope",\
"principalScopes": [\
{\
"@odata.type": "#microsoft.graph.accessReviewQueryScope",\
"query": "/users",\
"queryType": "MicrosoftGraph"\
}\
],\
"resourceScopes": [\
{\
"@odata.type": "#microsoft.graph.accessReviewQueryScope",\
"query": "/servicePrincipals/bae11f90-7d5d-46ba-9f55-8112b59d92ae",\
"queryType": "MicrosoftGraph"\
}\
]\
},\
"reviewers": [\
{\
"query": "./manager",\
"queryType": "MicrosoftGraph",\
"queryRoot": "decisions"\
}\
],\
"backupReviewers": [\
{\
"query": "/groups/072ac5f4-3f13-4088-ab30-0a276f3e6322/transitiveMembers",\
"queryType": "MicrosoftGraph"\
}\
],\
"fallbackReviewers": [\
{\
"query": "/groups/072ac5f4-3f13-4088-ab30-0a276f3e6322/transitiveMembers",\
"queryType": "MicrosoftGraph"\
}\
],\
"settings": {\
"mailNotificationsEnabled": true,\
"reminderNotificationsEnabled": true,\
"justificationRequiredOnApproval": true,\
"defaultDecisionEnabled": true,\
"defaultDecision": "Recommendation",\
"instanceDurationInDays": 180,\
"autoApplyDecisionsEnabled": true,\
"recommendationsEnabled": true,\
"recurrence": {\
"pattern": {\
"type": "absoluteMonthly",\
"interval": 6,\
"dayOfMonth": 0\
},\
"range": {\
"type": "numbered",\
"startDate": "2021-05-05",\
"endDate": "2022-05-05"\
}\
}\
}\
}\
'
Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider , см. в документации по SDK .
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
AccessReviewScheduleDefinition accessReviewScheduleDefinition = new AccessReviewScheduleDefinition();
accessReviewScheduleDefinition.setDisplayName("Review employee access to LinkedIn");
accessReviewScheduleDefinition.setDescriptionForAdmins("Review employee access to LinkedIn");
PrincipalResourceMembershipsScope scope = new PrincipalResourceMembershipsScope();
scope.setOdataType("#microsoft.graph.principalResourceMembershipsScope");
LinkedList<AccessReviewScope> principalScopes = new LinkedList<AccessReviewScope>();
AccessReviewQueryScope accessReviewScope = new AccessReviewQueryScope();
accessReviewScope.setOdataType("#microsoft.graph.accessReviewQueryScope");
accessReviewScope.setQuery("/users");
accessReviewScope.setQueryType("MicrosoftGraph");
principalScopes.add(accessReviewScope);
scope.setPrincipalScopes(principalScopes);
LinkedList<AccessReviewScope> resourceScopes = new LinkedList<AccessReviewScope>();
AccessReviewQueryScope accessReviewScope1 = new AccessReviewQueryScope();
accessReviewScope1.setOdataType("#microsoft.graph.accessReviewQueryScope");
accessReviewScope1.setQuery("/servicePrincipals/bae11f90-7d5d-46ba-9f55-8112b59d92ae");
accessReviewScope1.setQueryType("MicrosoftGraph");
resourceScopes.add(accessReviewScope1);
scope.setResourceScopes(resourceScopes);
accessReviewScheduleDefinition.setScope(scope);
LinkedList<AccessReviewReviewerScope> reviewers = new LinkedList<AccessReviewReviewerScope>();
AccessReviewReviewerScope accessReviewReviewerScope = new AccessReviewReviewerScope();
accessReviewReviewerScope.setQuery("./manager");
accessReviewReviewerScope.setQueryType("MicrosoftGraph");
accessReviewReviewerScope.setQueryRoot("decisions");
reviewers.add(accessReviewReviewerScope);
accessReviewScheduleDefinition.setReviewers(reviewers);
LinkedList<AccessReviewReviewerScope> fallbackReviewers = new LinkedList<AccessReviewReviewerScope>();
AccessReviewReviewerScope accessReviewReviewerScope1 = new AccessReviewReviewerScope();
accessReviewReviewerScope1.setQuery("/groups/072ac5f4-3f13-4088-ab30-0a276f3e6322/transitiveMembers");
accessReviewReviewerScope1.setQueryType("MicrosoftGraph");
fallbackReviewers.add(accessReviewReviewerScope1);
accessReviewScheduleDefinition.setFallbackReviewers(fallbackReviewers);
AccessReviewScheduleSettings settings = new AccessReviewScheduleSettings();
settings.setMailNotificationsEnabled(true);
settings.setReminderNotificationsEnabled(true);
settings.setJustificationRequiredOnApproval(true);
settings.setDefaultDecisionEnabled(true);
settings.setDefaultDecision("Recommendation");
settings.setInstanceDurationInDays(180);
settings.setAutoApplyDecisionsEnabled(true);
settings.setRecommendationsEnabled(true);
PatternedRecurrence recurrence = new PatternedRecurrence();
RecurrencePattern pattern = new RecurrencePattern();
pattern.setType(RecurrencePatternType.AbsoluteMonthly);
pattern.setInterval(6);
pattern.setDayOfMonth(0);
recurrence.setPattern(pattern);
RecurrenceRange range = new RecurrenceRange();
range.setType(RecurrenceRangeType.Numbered);
LocalDate startDate = LocalDate.parse("2021-05-05");
range.setStartDate(startDate);
LocalDate endDate = LocalDate.parse("2022-05-05");
range.setEndDate(endDate);
recurrence.setRange(range);
settings.setRecurrence(recurrence);
accessReviewScheduleDefinition.setSettings(settings);
HashMap<String, Object> additionalData = new HashMap<String, Object>();
LinkedList<Object> backupReviewers = new LinkedList<Object>();
property = new ();
property.setQuery("/groups/072ac5f4-3f13-4088-ab30-0a276f3e6322/transitiveMembers");
property.setQueryType("MicrosoftGraph");
backupReviewers.add(property);
additionalData.put("backupReviewers", backupReviewers);
accessReviewScheduleDefinition.setAdditionalData(additionalData);
AccessReviewScheduleDefinition result = graphClient.identityGovernance().accessReviews().definitions().post(accessReviewScheduleDefinition);
Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider , см. в документации по SDK .
const options = {
authProvider,
};
const client = Client.init(options);
const accessReviewScheduleDefinition = {
displayName: 'Review employee access to LinkedIn',
descriptionForAdmins: 'Review employee access to LinkedIn',
scope: {
'@odata.type': '#microsoft.graph.principalResourceMembershipsScope',
principalScopes: [
{
'@odata.type': '#microsoft.graph.accessReviewQueryScope',
query: '/users',
queryType: 'MicrosoftGraph'
}
],
resourceScopes: [
{
'@odata.type': '#microsoft.graph.accessReviewQueryScope',
query: '/servicePrincipals/bae11f90-7d5d-46ba-9f55-8112b59d92ae',
queryType: 'MicrosoftGraph'
}
]
},
reviewers: [
{
query: './manager',
queryType: 'MicrosoftGraph',
queryRoot: 'decisions'
}
],
backupReviewers: [
{
query: '/groups/072ac5f4-3f13-4088-ab30-0a276f3e6322/transitiveMembers',
queryType: 'MicrosoftGraph'
}
],
fallbackReviewers: [
{
query: '/groups/072ac5f4-3f13-4088-ab30-0a276f3e6322/transitiveMembers',
queryType: 'MicrosoftGraph'
}
],
settings: {
mailNotificationsEnabled: true,
reminderNotificationsEnabled: true,
justificationRequiredOnApproval: true,
defaultDecisionEnabled: true,
defaultDecision: 'Recommendation',
instanceDurationInDays: 180,
autoApplyDecisionsEnabled: true,
recommendationsEnabled: true,
recurrence: {
pattern: {
type: 'absoluteMonthly',
interval: 6,
dayOfMonth: 0
},
range: {
type: 'numbered',
startDate: '2021-05-05',
endDate: '2022-05-05'
}
}
}
};
await client.api('/identityGovernance/accessReviews/definitions')
.post(accessReviewScheduleDefinition);
Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider , см. в документации по SDK .
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\AccessReviewScheduleDefinition;
use Microsoft\Graph\Generated\Models\PrincipalResourceMembershipsScope;
use Microsoft\Graph\Generated\Models\AccessReviewScope;
use Microsoft\Graph\Generated\Models\AccessReviewQueryScope;
use Microsoft\Graph\Generated\Models\AccessReviewReviewerScope;
use Microsoft\Graph\Generated\Models\AccessReviewScheduleSettings;
use Microsoft\Graph\Generated\Models\PatternedRecurrence;
use Microsoft\Graph\Generated\Models\RecurrencePattern;
use Microsoft\Graph\Generated\Models\RecurrencePatternType;
use Microsoft\Graph\Generated\Models\RecurrenceRange;
use Microsoft\Graph\Generated\Models\RecurrenceRangeType;
use Microsoft\Kiota\Abstractions\Types\Date;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new AccessReviewScheduleDefinition();
$requestBody->setDisplayName('Review employee access to LinkedIn');
$requestBody->setDescriptionForAdmins('Review employee access to LinkedIn');
$scope = new PrincipalResourceMembershipsScope();
$scope->setOdataType('#microsoft.graph.principalResourceMembershipsScope');
$principalScopesAccessReviewScope1 = new AccessReviewQueryScope();
$principalScopesAccessReviewScope1->setOdataType('#microsoft.graph.accessReviewQueryScope');
$principalScopesAccessReviewScope1->setQuery('/users');
$principalScopesAccessReviewScope1->setQueryType('MicrosoftGraph');
$principalScopesArray []= $principalScopesAccessReviewScope1;
$scope->setPrincipalScopes($principalScopesArray);
$resourceScopesAccessReviewScope1 = new AccessReviewQueryScope();
$resourceScopesAccessReviewScope1->setOdataType('#microsoft.graph.accessReviewQueryScope');
$resourceScopesAccessReviewScope1->setQuery('/servicePrincipals/bae11f90-7d5d-46ba-9f55-8112b59d92ae');
$resourceScopesAccessReviewScope1->setQueryType('MicrosoftGraph');
$resourceScopesArray []= $resourceScopesAccessReviewScope1;
$scope->setResourceScopes($resourceScopesArray);
$requestBody->setScope($scope);
$reviewersAccessReviewReviewerScope1 = new AccessReviewReviewerScope();
$reviewersAccessReviewReviewerScope1->setQuery('./manager');
$reviewersAccessReviewReviewerScope1->setQueryType('MicrosoftGraph');
$reviewersAccessReviewReviewerScope1->setQueryRoot('decisions');
$reviewersArray []= $reviewersAccessReviewReviewerScope1;
$requestBody->setReviewers($reviewersArray);
$fallbackReviewersAccessReviewReviewerScope1 = new AccessReviewReviewerScope();
$fallbackReviewersAccessReviewReviewerScope1->setQuery('/groups/072ac5f4-3f13-4088-ab30-0a276f3e6322/transitiveMembers');
$fallbackReviewersAccessReviewReviewerScope1->setQueryType('MicrosoftGraph');
$fallbackReviewersArray []= $fallbackReviewersAccessReviewReviewerScope1;
$requestBody->setFallbackReviewers($fallbackReviewersArray);
$settings = new AccessReviewScheduleSettings();
$settings->setMailNotificationsEnabled(true);
$settings->setReminderNotificationsEnabled(true);
$settings->setJustificationRequiredOnApproval(true);
$settings->setDefaultDecisionEnabled(true);
$settings->setDefaultDecision('Recommendation');
$settings->setInstanceDurationInDays(180);
$settings->setAutoApplyDecisionsEnabled(true);
$settings->setRecommendationsEnabled(true);
$settingsRecurrence = new PatternedRecurrence();
$settingsRecurrencePattern = new RecurrencePattern();
$settingsRecurrencePattern->setType(new RecurrencePatternType('absoluteMonthly'));
$settingsRecurrencePattern->setInterval(6);
$settingsRecurrencePattern->setDayOfMonth(0);
$settingsRecurrence->setPattern($settingsRecurrencePattern);
$settingsRecurrenceRange = new RecurrenceRange();
$settingsRecurrenceRange->setType(new RecurrenceRangeType('numbered'));
$settingsRecurrenceRange->setStartDate(new Date('2021-05-05'));
$settingsRecurrenceRange->setEndDate(new Date('2022-05-05'));
$settingsRecurrence->setRange($settingsRecurrenceRange);
$settings->setRecurrence($settingsRecurrence);
$requestBody->setSettings($settings);
$additionalData = [
'backupReviewers' => [
[
'query' => '/groups/072ac5f4-3f13-4088-ab30-0a276f3e6322/transitiveMembers',
'queryType' => 'MicrosoftGraph',
],
],
];
$requestBody->setAdditionalData($additionalData);
$result = $graphServiceClient->identityGovernance()->accessReviews()->definitions()->post($requestBody)->wait();
Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider , см. в документации по SDK .
Import-Module Microsoft.Graph.Identity.Governance
$params = @{
displayName = "Review employee access to LinkedIn"
descriptionForAdmins = "Review employee access to LinkedIn"
scope = @{
"@odata.type" = "#microsoft.graph.principalResourceMembershipsScope"
principalScopes = @(
@{
"@odata.type" = "#microsoft.graph.accessReviewQueryScope"
query = "/users"
queryType = "MicrosoftGraph"
}
)
resourceScopes = @(
@{
"@odata.type" = "#microsoft.graph.accessReviewQueryScope"
query = "/servicePrincipals/bae11f90-7d5d-46ba-9f55-8112b59d92ae"
queryType = "MicrosoftGraph"
}
)
}
reviewers = @(
@{
query = "./manager"
queryType = "MicrosoftGraph"
queryRoot = "decisions"
}
)
backupReviewers = @(
@{
query = "/groups/072ac5f4-3f13-4088-ab30-0a276f3e6322/transitiveMembers"
queryType = "MicrosoftGraph"
}
)
fallbackReviewers = @(
@{
query = "/groups/072ac5f4-3f13-4088-ab30-0a276f3e6322/transitiveMembers"
queryType = "MicrosoftGraph"
}
)
settings = @{
mailNotificationsEnabled = $true
reminderNotificationsEnabled = $true
justificationRequiredOnApproval = $true
defaultDecisionEnabled = $true
defaultDecision = "Recommendation"
instanceDurationInDays = 180
autoApplyDecisionsEnabled = $true
recommendationsEnabled = $true
recurrence = @{
pattern = @{
type = "absoluteMonthly"
interval = 6
dayOfMonth = 0
}
range = @{
type = "numbered"
startDate = "2021-05-05"
endDate = "2022-05-05"
}
}
}
}
New-MgIdentityGovernanceAccessReviewDefinition -BodyParameter $params
Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider , см. в документации по SDK .
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.models.access_review_schedule_definition import AccessReviewScheduleDefinition
from msgraph.generated.models.principal_resource_memberships_scope import PrincipalResourceMembershipsScope
from msgraph.generated.models.access_review_scope import AccessReviewScope
from msgraph.generated.models.access_review_query_scope import AccessReviewQueryScope
from msgraph.generated.models.access_review_reviewer_scope import AccessReviewReviewerScope
from msgraph.generated.models.access_review_schedule_settings import AccessReviewScheduleSettings
from msgraph.generated.models.patterned_recurrence import PatternedRecurrence
from msgraph.generated.models.recurrence_pattern import RecurrencePattern
from msgraph.generated.models.recurrence_pattern_type import RecurrencePatternType
from msgraph.generated.models.recurrence_range import RecurrenceRange
from msgraph.generated.models.recurrence_range_type import RecurrenceRangeType
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = AccessReviewScheduleDefinition(
display_name = "Review employee access to LinkedIn",
description_for_admins = "Review employee access to LinkedIn",
scope = PrincipalResourceMembershipsScope(
odata_type = "#microsoft.graph.principalResourceMembershipsScope",
principal_scopes = [
AccessReviewQueryScope(
odata_type = "#microsoft.graph.accessReviewQueryScope",
query = "/users",
query_type = "MicrosoftGraph",
),
],
resource_scopes = [
AccessReviewQueryScope(
odata_type = "#microsoft.graph.accessReviewQueryScope",
query = "/servicePrincipals/bae11f90-7d5d-46ba-9f55-8112b59d92ae",
query_type = "MicrosoftGraph",
),
],
),
reviewers = [
AccessReviewReviewerScope(
query = "./manager",
query_type = "MicrosoftGraph",
query_root = "decisions",
),
],
fallback_reviewers = [
AccessReviewReviewerScope(
query = "/groups/072ac5f4-3f13-4088-ab30-0a276f3e6322/transitiveMembers",
query_type = "MicrosoftGraph",
),
],
settings = AccessReviewScheduleSettings(
mail_notifications_enabled = True,
reminder_notifications_enabled = True,
justification_required_on_approval = True,
default_decision_enabled = True,
default_decision = "Recommendation",
instance_duration_in_days = 180,
auto_apply_decisions_enabled = True,
recommendations_enabled = True,
recurrence = PatternedRecurrence(
pattern = RecurrencePattern(
type = RecurrencePatternType.AbsoluteMonthly,
interval = 6,
day_of_month = 0,
),
range = RecurrenceRange(
type = RecurrenceRangeType.Numbered,
start_date = "2021-05-05",
end_date = "2022-05-05",
),
),
),
additional_data = {
"backup_reviewers" : [
{
"query" : "/groups/072ac5f4-3f13-4088-ab30-0a276f3e6322/transitiveMembers",
"query_type" : "MicrosoftGraph",
},
],
}
)
result = await graph_client.identity_governance.access_reviews.definitions.post(request_body)
Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider , см. в документации по SDK .
Отклик
Примечание. Объект отклика, показанный здесь, может быть сокращен для удобочитаемости.
HTTP/1.1 201 Created
Content-type: application/json
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#identityGovernance/accessReviews/definitions/$entity",
"id": "1f79f34b-8667-40d9-875c-893b630b3dec",
"scope": {
"@odata.type": "#microsoft.graph.principalResourceMembershipsScope",
"principalScopes": [
{
"@odata.type": "#microsoft.graph.accessReviewQueryScope",
"query": "/users"
}
],
"resourceScopes": [
{
"@odata.type": "#microsoft.graph.accessReviewQueryScope",
"query": "/servicePrincipals/bae11f90-7d5d-46ba-9f55-8112b59d92ae"
}
]
},
"reviewers": [
{
"query": "./manager"
}
],
"fallbackReviewers": [
{
"query": "/groups/072ac5f4-3f13-4088-ab30-0a276f3e6322/transitiveMembers"
}
]
}
Пример 4. Создание проверки доступа в группе с несколькими этапами
В следующем примере создается проверка доступа со следующими параметрами:
Проверка проверяет всех членов группы с идентификатором 02f3bafb-448c-487c-88c2-5fd65ce49a41.
Он состоит из двух этапов:
Конкретный пользователь с идентификатором 398164b1-5196-49dd-ada2-364b49f99b27 пользователя является рецензентом на первом этапе.
Менеджеры людей являются рецензентами и резервными рецензентами для второго этапа.
Он повторяется еженедельно и продолжается бесконечно.
Запрос
POST https://graph.microsoft.com/v1.0/identityGovernance/accessReviews/definitions
Content-type: application/json
{
"displayName": "Group Multi-stage Access Review",
"descriptionForAdmins": "New scheduled access review",
"descriptionForReviewers": "If you have any questions, contact jerry@contoso.com",
"scope": {
"@odata.type": "#microsoft.graph.accessReviewQueryScope",
"query": "/groups/02f3bafb-448c-487c-88c2-5fd65ce49a41/transitiveMembers",
"queryType": "MicrosoftGraph"
},
"stageSettings": [
{
"stageId": "1",
"durationInDays": 2,
"recommendationsEnabled": false,
"decisionsThatWillMoveToNextStage": [
"NotReviewed",
"Approve"
],
"reviewers": [
{
"query": "/users/398164b1-5196-49dd-ada2-364b49f99b27",
"queryType": "MicrosoftGraph"
}
]
},
{
"stageId": "2",
"dependsOn": [
"1"
],
"durationInDays": 2,
"recommendationsEnabled": true,
"reviewers": [
{
"query": "./manager",
"queryType": "MicrosoftGraph",
"queryRoot": "decisions"
}
],
"fallbackReviewers": [
{
"query": "/groups/072ac5f4-3f13-4088-ab30-0a276f3e6322/transitiveMembers",
"queryType": "MicrosoftGraph"
}
]
}
],
"settings": {
"instanceDurationInDays": 4,
"recurrence": {
"pattern": {
"type": "weekly",
"interval": 1
},
"range": {
"type": "noEnd",
"startDate": "2020-09-08T12:02:30.667Z"
}
},
"decisionHistoriesForReviewersEnabled": true
}
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Models;
var requestBody = new AccessReviewScheduleDefinition
{
DisplayName = "Group Multi-stage Access Review",
DescriptionForAdmins = "New scheduled access review",
DescriptionForReviewers = "If you have any questions, contact jerry@contoso.com",
Scope = new AccessReviewQueryScope
{
OdataType = "#microsoft.graph.accessReviewQueryScope",
Query = "/groups/02f3bafb-448c-487c-88c2-5fd65ce49a41/transitiveMembers",
QueryType = "MicrosoftGraph",
},
StageSettings = new List<AccessReviewStageSettings>
{
new AccessReviewStageSettings
{
StageId = "1",
DurationInDays = 2,
RecommendationsEnabled = false,
DecisionsThatWillMoveToNextStage = new List<string>
{
"NotReviewed",
"Approve",
},
Reviewers = new List<AccessReviewReviewerScope>
{
new AccessReviewReviewerScope
{
Query = "/users/398164b1-5196-49dd-ada2-364b49f99b27",
QueryType = "MicrosoftGraph",
},
},
},
new AccessReviewStageSettings
{
StageId = "2",
DependsOn = new List<string>
{
"1",
},
DurationInDays = 2,
RecommendationsEnabled = true,
Reviewers = new List<AccessReviewReviewerScope>
{
new AccessReviewReviewerScope
{
Query = "./manager",
QueryType = "MicrosoftGraph",
QueryRoot = "decisions",
},
},
FallbackReviewers = new List<AccessReviewReviewerScope>
{
new AccessReviewReviewerScope
{
Query = "/groups/072ac5f4-3f13-4088-ab30-0a276f3e6322/transitiveMembers",
QueryType = "MicrosoftGraph",
},
},
},
},
Settings = new AccessReviewScheduleSettings
{
InstanceDurationInDays = 4,
Recurrence = new PatternedRecurrence
{
Pattern = new RecurrencePattern
{
Type = RecurrencePatternType.Weekly,
Interval = 1,
},
Range = new RecurrenceRange
{
Type = RecurrenceRangeType.NoEnd,
StartDate = new Date(DateTime.Parse("2020-09-08T12:02:30.667Z")),
},
},
DecisionHistoriesForReviewersEnabled = true,
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.AccessReviews.Definitions.PostAsync(requestBody);
Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider , см. в документации по SDK .
mgc identity-governance access-reviews definitions create --body '{\
"displayName": "Group Multi-stage Access Review",\
"descriptionForAdmins": "New scheduled access review",\
"descriptionForReviewers": "If you have any questions, contact jerry@contoso.com",\
"scope": {\
"@odata.type": "#microsoft.graph.accessReviewQueryScope",\
"query": "/groups/02f3bafb-448c-487c-88c2-5fd65ce49a41/transitiveMembers",\
"queryType": "MicrosoftGraph"\
},\
"stageSettings": [\
{\
"stageId": "1",\
"durationInDays": 2,\
"recommendationsEnabled": false,\
"decisionsThatWillMoveToNextStage": [\
"NotReviewed",\
"Approve"\
],\
"reviewers": [\
{\
"query": "/users/398164b1-5196-49dd-ada2-364b49f99b27",\
"queryType": "MicrosoftGraph"\
}\
]\
},\
{\
"stageId": "2",\
"dependsOn": [\
"1"\
],\
"durationInDays": 2,\
"recommendationsEnabled": true,\
"reviewers": [\
{\
"query": "./manager",\
"queryType": "MicrosoftGraph",\
"queryRoot": "decisions"\
}\
],\
"fallbackReviewers": [\
{\
"query": "/groups/072ac5f4-3f13-4088-ab30-0a276f3e6322/transitiveMembers",\
"queryType": "MicrosoftGraph"\
}\
]\
}\
],\
"settings": {\
"instanceDurationInDays": 4,\
"recurrence": {\
"pattern": {\
"type": "weekly",\
"interval": 1\
},\
"range": {\
"type": "noEnd",\
"startDate": "2020-09-08T12:02:30.667Z"\
}\
},\
"decisionHistoriesForReviewersEnabled": true\
}\
}\
\
'
Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider , см. в документации по SDK .
// Code snippets are only available for the latest major version. Current major version is $v1.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewAccessReviewScheduleDefinition()
displayName := "Group Multi-stage Access Review"
requestBody.SetDisplayName(&displayName)
descriptionForAdmins := "New scheduled access review"
requestBody.SetDescriptionForAdmins(&descriptionForAdmins)
descriptionForReviewers := "If you have any questions, contact jerry@contoso.com"
requestBody.SetDescriptionForReviewers(&descriptionForReviewers)
scope := graphmodels.NewAccessReviewQueryScope()
query := "/groups/02f3bafb-448c-487c-88c2-5fd65ce49a41/transitiveMembers"
scope.SetQuery(&query)
queryType := "MicrosoftGraph"
scope.SetQueryType(&queryType)
requestBody.SetScope(scope)
accessReviewStageSettings := graphmodels.NewAccessReviewStageSettings()
stageId := "1"
accessReviewStageSettings.SetStageId(&stageId)
durationInDays := int32(2)
accessReviewStageSettings.SetDurationInDays(&durationInDays)
recommendationsEnabled := false
accessReviewStageSettings.SetRecommendationsEnabled(&recommendationsEnabled)
decisionsThatWillMoveToNextStage := []string {
"NotReviewed",
"Approve",
}
accessReviewStageSettings.SetDecisionsThatWillMoveToNextStage(decisionsThatWillMoveToNextStage)
accessReviewReviewerScope := graphmodels.NewAccessReviewReviewerScope()
query := "/users/398164b1-5196-49dd-ada2-364b49f99b27"
accessReviewReviewerScope.SetQuery(&query)
queryType := "MicrosoftGraph"
accessReviewReviewerScope.SetQueryType(&queryType)
reviewers := []graphmodels.AccessReviewReviewerScopeable {
accessReviewReviewerScope,
}
accessReviewStageSettings.SetReviewers(reviewers)
accessReviewStageSettings1 := graphmodels.NewAccessReviewStageSettings()
stageId := "2"
accessReviewStageSettings1.SetStageId(&stageId)
dependsOn := []string {
"1",
}
accessReviewStageSettings1.SetDependsOn(dependsOn)
durationInDays := int32(2)
accessReviewStageSettings1.SetDurationInDays(&durationInDays)
recommendationsEnabled := true
accessReviewStageSettings1.SetRecommendationsEnabled(&recommendationsEnabled)
accessReviewReviewerScope := graphmodels.NewAccessReviewReviewerScope()
query := "./manager"
accessReviewReviewerScope.SetQuery(&query)
queryType := "MicrosoftGraph"
accessReviewReviewerScope.SetQueryType(&queryType)
queryRoot := "decisions"
accessReviewReviewerScope.SetQueryRoot(&queryRoot)
reviewers := []graphmodels.AccessReviewReviewerScopeable {
accessReviewReviewerScope,
}
accessReviewStageSettings1.SetReviewers(reviewers)
accessReviewReviewerScope := graphmodels.NewAccessReviewReviewerScope()
query := "/groups/072ac5f4-3f13-4088-ab30-0a276f3e6322/transitiveMembers"
accessReviewReviewerScope.SetQuery(&query)
queryType := "MicrosoftGraph"
accessReviewReviewerScope.SetQueryType(&queryType)
fallbackReviewers := []graphmodels.AccessReviewReviewerScopeable {
accessReviewReviewerScope,
}
accessReviewStageSettings1.SetFallbackReviewers(fallbackReviewers)
stageSettings := []graphmodels.AccessReviewStageSettingsable {
accessReviewStageSettings,
accessReviewStageSettings1,
}
requestBody.SetStageSettings(stageSettings)
settings := graphmodels.NewAccessReviewScheduleSettings()
instanceDurationInDays := int32(4)
settings.SetInstanceDurationInDays(&instanceDurationInDays)
recurrence := graphmodels.NewPatternedRecurrence()
pattern := graphmodels.NewRecurrencePattern()
type := graphmodels.WEEKLY_RECURRENCEPATTERNTYPE
pattern.SetType(&type)
interval := int32(1)
pattern.SetInterval(&interval)
recurrence.SetPattern(pattern)
range := graphmodels.NewRecurrenceRange()
type := graphmodels.NOEND_RECURRENCERANGETYPE
range.SetType(&type)
startDate := 2020-09-08T12:02:30.667Z
range.SetStartDate(&startDate)
recurrence.SetRange(range)
settings.SetRecurrence(recurrence)
decisionHistoriesForReviewersEnabled := true
settings.SetDecisionHistoriesForReviewersEnabled(&decisionHistoriesForReviewersEnabled)
requestBody.SetSettings(settings)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
definitions, err := graphClient.IdentityGovernance().AccessReviews().Definitions().Post(context.Background(), requestBody, nil)
Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider , см. в документации по SDK .
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
AccessReviewScheduleDefinition accessReviewScheduleDefinition = new AccessReviewScheduleDefinition();
accessReviewScheduleDefinition.setDisplayName("Group Multi-stage Access Review");
accessReviewScheduleDefinition.setDescriptionForAdmins("New scheduled access review");
accessReviewScheduleDefinition.setDescriptionForReviewers("If you have any questions, contact jerry@contoso.com");
AccessReviewQueryScope scope = new AccessReviewQueryScope();
scope.setOdataType("#microsoft.graph.accessReviewQueryScope");
scope.setQuery("/groups/02f3bafb-448c-487c-88c2-5fd65ce49a41/transitiveMembers");
scope.setQueryType("MicrosoftGraph");
accessReviewScheduleDefinition.setScope(scope);
LinkedList<AccessReviewStageSettings> stageSettings = new LinkedList<AccessReviewStageSettings>();
AccessReviewStageSettings accessReviewStageSettings = new AccessReviewStageSettings();
accessReviewStageSettings.setStageId("1");
accessReviewStageSettings.setDurationInDays(2);
accessReviewStageSettings.setRecommendationsEnabled(false);
LinkedList<String> decisionsThatWillMoveToNextStage = new LinkedList<String>();
decisionsThatWillMoveToNextStage.add("NotReviewed");
decisionsThatWillMoveToNextStage.add("Approve");
accessReviewStageSettings.setDecisionsThatWillMoveToNextStage(decisionsThatWillMoveToNextStage);
LinkedList<AccessReviewReviewerScope> reviewers = new LinkedList<AccessReviewReviewerScope>();
AccessReviewReviewerScope accessReviewReviewerScope = new AccessReviewReviewerScope();
accessReviewReviewerScope.setQuery("/users/398164b1-5196-49dd-ada2-364b49f99b27");
accessReviewReviewerScope.setQueryType("MicrosoftGraph");
reviewers.add(accessReviewReviewerScope);
accessReviewStageSettings.setReviewers(reviewers);
stageSettings.add(accessReviewStageSettings);
AccessReviewStageSettings accessReviewStageSettings1 = new AccessReviewStageSettings();
accessReviewStageSettings1.setStageId("2");
LinkedList<String> dependsOn = new LinkedList<String>();
dependsOn.add("1");
accessReviewStageSettings1.setDependsOn(dependsOn);
accessReviewStageSettings1.setDurationInDays(2);
accessReviewStageSettings1.setRecommendationsEnabled(true);
LinkedList<AccessReviewReviewerScope> reviewers1 = new LinkedList<AccessReviewReviewerScope>();
AccessReviewReviewerScope accessReviewReviewerScope1 = new AccessReviewReviewerScope();
accessReviewReviewerScope1.setQuery("./manager");
accessReviewReviewerScope1.setQueryType("MicrosoftGraph");
accessReviewReviewerScope1.setQueryRoot("decisions");
reviewers1.add(accessReviewReviewerScope1);
accessReviewStageSettings1.setReviewers(reviewers1);
LinkedList<AccessReviewReviewerScope> fallbackReviewers = new LinkedList<AccessReviewReviewerScope>();
AccessReviewReviewerScope accessReviewReviewerScope2 = new AccessReviewReviewerScope();
accessReviewReviewerScope2.setQuery("/groups/072ac5f4-3f13-4088-ab30-0a276f3e6322/transitiveMembers");
accessReviewReviewerScope2.setQueryType("MicrosoftGraph");
fallbackReviewers.add(accessReviewReviewerScope2);
accessReviewStageSettings1.setFallbackReviewers(fallbackReviewers);
stageSettings.add(accessReviewStageSettings1);
accessReviewScheduleDefinition.setStageSettings(stageSettings);
AccessReviewScheduleSettings settings = new AccessReviewScheduleSettings();
settings.setInstanceDurationInDays(4);
PatternedRecurrence recurrence = new PatternedRecurrence();
RecurrencePattern pattern = new RecurrencePattern();
pattern.setType(RecurrencePatternType.Weekly);
pattern.setInterval(1);
recurrence.setPattern(pattern);
RecurrenceRange range = new RecurrenceRange();
range.setType(RecurrenceRangeType.NoEnd);
LocalDate startDate = LocalDate.parse("2020-09-08T12:02:30.667Z");
range.setStartDate(startDate);
recurrence.setRange(range);
settings.setRecurrence(recurrence);
settings.setDecisionHistoriesForReviewersEnabled(true);
accessReviewScheduleDefinition.setSettings(settings);
AccessReviewScheduleDefinition result = graphClient.identityGovernance().accessReviews().definitions().post(accessReviewScheduleDefinition);
Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider , см. в документации по SDK .
const options = {
authProvider,
};
const client = Client.init(options);
const accessReviewScheduleDefinition = {
displayName: 'Group Multi-stage Access Review',
descriptionForAdmins: 'New scheduled access review',
descriptionForReviewers: 'If you have any questions, contact jerry@contoso.com',
scope: {
'@odata.type': '#microsoft.graph.accessReviewQueryScope',
query: '/groups/02f3bafb-448c-487c-88c2-5fd65ce49a41/transitiveMembers',
queryType: 'MicrosoftGraph'
},
stageSettings: [
{
stageId: '1',
durationInDays: 2,
recommendationsEnabled: false,
decisionsThatWillMoveToNextStage: [
'NotReviewed',
'Approve'
],
reviewers: [
{
query: '/users/398164b1-5196-49dd-ada2-364b49f99b27',
queryType: 'MicrosoftGraph'
}
]
},
{
stageId: '2',
dependsOn: [
'1'
],
durationInDays: 2,
recommendationsEnabled: true,
reviewers: [
{
query: './manager',
queryType: 'MicrosoftGraph',
queryRoot: 'decisions'
}
],
fallbackReviewers: [
{
query: '/groups/072ac5f4-3f13-4088-ab30-0a276f3e6322/transitiveMembers',
queryType: 'MicrosoftGraph'
}
]
}
],
settings: {
instanceDurationInDays: 4,
recurrence: {
pattern: {
type: 'weekly',
interval: 1
},
range: {
type: 'noEnd',
startDate: '2020-09-08T12:02:30.667Z'
}
},
decisionHistoriesForReviewersEnabled: true
}
};
await client.api('/identityGovernance/accessReviews/definitions')
.post(accessReviewScheduleDefinition);
Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider , см. в документации по SDK .
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\AccessReviewScheduleDefinition;
use Microsoft\Graph\Generated\Models\AccessReviewQueryScope;
use Microsoft\Graph\Generated\Models\AccessReviewStageSettings;
use Microsoft\Graph\Generated\Models\AccessReviewReviewerScope;
use Microsoft\Graph\Generated\Models\AccessReviewScheduleSettings;
use Microsoft\Graph\Generated\Models\PatternedRecurrence;
use Microsoft\Graph\Generated\Models\RecurrencePattern;
use Microsoft\Graph\Generated\Models\RecurrencePatternType;
use Microsoft\Graph\Generated\Models\RecurrenceRange;
use Microsoft\Graph\Generated\Models\RecurrenceRangeType;
use Microsoft\Kiota\Abstractions\Types\Date;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new AccessReviewScheduleDefinition();
$requestBody->setDisplayName('Group Multi-stage Access Review');
$requestBody->setDescriptionForAdmins('New scheduled access review');
$requestBody->setDescriptionForReviewers('If you have any questions, contact jerry@contoso.com');
$scope = new AccessReviewQueryScope();
$scope->setOdataType('#microsoft.graph.accessReviewQueryScope');
$scope->setQuery('/groups/02f3bafb-448c-487c-88c2-5fd65ce49a41/transitiveMembers');
$scope->setQueryType('MicrosoftGraph');
$requestBody->setScope($scope);
$stageSettingsAccessReviewStageSettings1 = new AccessReviewStageSettings();
$stageSettingsAccessReviewStageSettings1->setStageId('1');
$stageSettingsAccessReviewStageSettings1->setDurationInDays(2);
$stageSettingsAccessReviewStageSettings1->setRecommendationsEnabled(false);
$stageSettingsAccessReviewStageSettings1->setDecisionsThatWillMoveToNextStage(['NotReviewed', 'Approve', ]);
$reviewersAccessReviewReviewerScope1 = new AccessReviewReviewerScope();
$reviewersAccessReviewReviewerScope1->setQuery('/users/398164b1-5196-49dd-ada2-364b49f99b27');
$reviewersAccessReviewReviewerScope1->setQueryType('MicrosoftGraph');
$reviewersArray []= $reviewersAccessReviewReviewerScope1;
$stageSettingsAccessReviewStageSettings1->setReviewers($reviewersArray);
$stageSettingsArray []= $stageSettingsAccessReviewStageSettings1;
$stageSettingsAccessReviewStageSettings2 = new AccessReviewStageSettings();
$stageSettingsAccessReviewStageSettings2->setStageId('2');
$stageSettingsAccessReviewStageSettings2->setDependsOn(['1', ]);
$stageSettingsAccessReviewStageSettings2->setDurationInDays(2);
$stageSettingsAccessReviewStageSettings2->setRecommendationsEnabled(true);
$reviewersAccessReviewReviewerScope1 = new AccessReviewReviewerScope();
$reviewersAccessReviewReviewerScope1->setQuery('./manager');
$reviewersAccessReviewReviewerScope1->setQueryType('MicrosoftGraph');
$reviewersAccessReviewReviewerScope1->setQueryRoot('decisions');
$reviewersArray []= $reviewersAccessReviewReviewerScope1;
$stageSettingsAccessReviewStageSettings2->setReviewers($reviewersArray);
$fallbackReviewersAccessReviewReviewerScope1 = new AccessReviewReviewerScope();
$fallbackReviewersAccessReviewReviewerScope1->setQuery('/groups/072ac5f4-3f13-4088-ab30-0a276f3e6322/transitiveMembers');
$fallbackReviewersAccessReviewReviewerScope1->setQueryType('MicrosoftGraph');
$fallbackReviewersArray []= $fallbackReviewersAccessReviewReviewerScope1;
$stageSettingsAccessReviewStageSettings2->setFallbackReviewers($fallbackReviewersArray);
$stageSettingsArray []= $stageSettingsAccessReviewStageSettings2;
$requestBody->setStageSettings($stageSettingsArray);
$settings = new AccessReviewScheduleSettings();
$settings->setInstanceDurationInDays(4);
$settingsRecurrence = new PatternedRecurrence();
$settingsRecurrencePattern = new RecurrencePattern();
$settingsRecurrencePattern->setType(new RecurrencePatternType('weekly'));
$settingsRecurrencePattern->setInterval(1);
$settingsRecurrence->setPattern($settingsRecurrencePattern);
$settingsRecurrenceRange = new RecurrenceRange();
$settingsRecurrenceRange->setType(new RecurrenceRangeType('noEnd'));
$settingsRecurrenceRange->setStartDate(new Date('2020-09-08T12:02:30.667Z'));
$settingsRecurrence->setRange($settingsRecurrenceRange);
$settings->setRecurrence($settingsRecurrence);
$settings->setDecisionHistoriesForReviewersEnabled(true);
$requestBody->setSettings($settings);
$result = $graphServiceClient->identityGovernance()->accessReviews()->definitions()->post($requestBody)->wait();
Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider , см. в документации по SDK .
Import-Module Microsoft.Graph.Identity.Governance
$params = @{
displayName = "Group Multi-stage Access Review"
descriptionForAdmins = "New scheduled access review"
descriptionForReviewers = "If you have any questions, contact jerry@contoso.com"
scope = @{
"@odata.type" = "#microsoft.graph.accessReviewQueryScope"
query = "/groups/02f3bafb-448c-487c-88c2-5fd65ce49a41/transitiveMembers"
queryType = "MicrosoftGraph"
}
stageSettings = @(
@{
stageId = "1"
durationInDays = 2
recommendationsEnabled = $false
decisionsThatWillMoveToNextStage = @(
"NotReviewed"
"Approve"
)
reviewers = @(
@{
query = "/users/398164b1-5196-49dd-ada2-364b49f99b27"
queryType = "MicrosoftGraph"
}
)
}
@{
stageId = "2"
dependsOn = @(
"1"
)
durationInDays = 2
recommendationsEnabled = $true
reviewers = @(
@{
query = "./manager"
queryType = "MicrosoftGraph"
queryRoot = "decisions"
}
)
fallbackReviewers = @(
@{
query = "/groups/072ac5f4-3f13-4088-ab30-0a276f3e6322/transitiveMembers"
queryType = "MicrosoftGraph"
}
)
}
)
settings = @{
instanceDurationInDays = 4
recurrence = @{
pattern = @{
type = "weekly"
interval = 1
}
range = @{
type = "noEnd"
startDate = "2020-09-08T12:02:30.667Z"
}
}
decisionHistoriesForReviewersEnabled = $true
}
}
New-MgIdentityGovernanceAccessReviewDefinition -BodyParameter $params
Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider , см. в документации по SDK .
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.models.access_review_schedule_definition import AccessReviewScheduleDefinition
from msgraph.generated.models.access_review_query_scope import AccessReviewQueryScope
from msgraph.generated.models.access_review_stage_settings import AccessReviewStageSettings
from msgraph.generated.models.access_review_reviewer_scope import AccessReviewReviewerScope
from msgraph.generated.models.access_review_schedule_settings import AccessReviewScheduleSettings
from msgraph.generated.models.patterned_recurrence import PatternedRecurrence
from msgraph.generated.models.recurrence_pattern import RecurrencePattern
from msgraph.generated.models.recurrence_pattern_type import RecurrencePatternType
from msgraph.generated.models.recurrence_range import RecurrenceRange
from msgraph.generated.models.recurrence_range_type import RecurrenceRangeType
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = AccessReviewScheduleDefinition(
display_name = "Group Multi-stage Access Review",
description_for_admins = "New scheduled access review",
description_for_reviewers = "If you have any questions, contact jerry@contoso.com",
scope = AccessReviewQueryScope(
odata_type = "#microsoft.graph.accessReviewQueryScope",
query = "/groups/02f3bafb-448c-487c-88c2-5fd65ce49a41/transitiveMembers",
query_type = "MicrosoftGraph",
),
stage_settings = [
AccessReviewStageSettings(
stage_id = "1",
duration_in_days = 2,
recommendations_enabled = False,
decisions_that_will_move_to_next_stage = [
"NotReviewed",
"Approve",
],
reviewers = [
AccessReviewReviewerScope(
query = "/users/398164b1-5196-49dd-ada2-364b49f99b27",
query_type = "MicrosoftGraph",
),
],
),
AccessReviewStageSettings(
stage_id = "2",
depends_on = [
"1",
],
duration_in_days = 2,
recommendations_enabled = True,
reviewers = [
AccessReviewReviewerScope(
query = "./manager",
query_type = "MicrosoftGraph",
query_root = "decisions",
),
],
fallback_reviewers = [
AccessReviewReviewerScope(
query = "/groups/072ac5f4-3f13-4088-ab30-0a276f3e6322/transitiveMembers",
query_type = "MicrosoftGraph",
),
],
),
],
settings = AccessReviewScheduleSettings(
instance_duration_in_days = 4,
recurrence = PatternedRecurrence(
pattern = RecurrencePattern(
type = RecurrencePatternType.Weekly,
interval = 1,
),
range = RecurrenceRange(
type = RecurrenceRangeType.NoEnd,
start_date = "2020-09-08T12:02:30.667Z",
),
),
decision_histories_for_reviewers_enabled = True,
),
)
result = await graph_client.identity_governance.access_reviews.definitions.post(request_body)
Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider , см. в документации по SDK .
Отклик
Примечание. Объект отклика, показанный здесь, может быть сокращен для удобочитаемости.
HTTP/1.1 201 Created
Content-type: application/json
{
"id": "29f2d16e-9ca6-4052-bbfe-802c48944448",
"displayName": "Group Multi-stage Access Review",
"createdDateTime": "0001-01-01T00:00:00Z",
"lastModifiedDateTime": "0001-01-01T00:00:00Z",
"status": "NotStarted",
"descriptionForAdmins": "New scheduled access review",
"descriptionForReviewers": "If you have any questions, contact jerry@contoso.com",
"instanceEnumerationScope": null,
"createdBy": {
"id": "957f1027-c0ee-460d-9269-b8444459e0fe",
"displayName": "MOD Administrator",
"userPrincipalName": "admin@contoso.com"
},
"scope": {
"@odata.type": "#microsoft.graph.accessReviewQueryScope",
"query": "/groups/b74444cb-038a-4802-8fc9-b9d1ed0cf11f/transitiveMembers",
"queryType": "MicrosoftGraph"
},
"stageSettings": [
{
"stageId": "1",
"durationInDays": 2,
"recommendationsEnabled": false,
"decisionsThatWillMoveToNextStage": [
"NotReviewed",
"Approve"
],
"reviewers": [
{
"query": "/users/398164b1-5196-49dd-ada2-364b49f99b27",
"queryType": "MicrosoftGraph"
}
]
},
{
"stageId": "2",
"dependsOn": [
"1"
],
"durationInDays": 2,
"recommendationsEnabled": true,
"reviewers": [
{
"query": "./manager",
"queryType": "MicrosoftGraph",
"queryRoot": "decisions"
}
],
"fallbackReviewers": [
{
"query": "/groups/072ac5f4-3f13-4088-ab30-0a276f3e6322/transitiveMembers",
"queryType": "MicrosoftGraph"
}
]
}
],
"settings": {
"mailNotificationsEnabled": true,
"reminderNotificationsEnabled": true,
"justificationRequiredOnApproval": true,
"defaultDecisionEnabled": false,
"defaultDecision": "None",
"instanceDurationInDays": 1,
"autoApplyDecisionsEnabled": false,
"recommendationsEnabled": false,
"recurrence": {
"pattern": {
"type": "weekly",
"interval": 1,
"month": 0,
"dayOfMonth": 0,
"daysOfWeek": [],
"firstDayOfWeek": "sunday",
"index": "first"
},
"range": {
"type": "noEnd",
"numberOfOccurrences": 0,
"recurrenceTimeZone": null,
"startDate": "2020-09-08",
"endDate": null
}
},
"decisionHistoriesForReviewersEnabled": true,
"applyActions": []
},
"additionalNotificationRecipients": []
}