Show / Hide Table of Contents

AccessReview.ReadWrite.All

Allows the app to read, update, delete and perform actions on access reviews, reviewers, decisions and settings that the signed-in user has access to in the organization.

Graph Methods

Type: A = Application Permission, D = Delegate Permission

Ver Type Method
V1 D DELETE /accessReviews/{reviewId}
V1 D DELETE /accessReviews/{reviewId}/reviewers/{userId}
V1 A,D DELETE /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}
V1 A,D DELETE /identityGovernance/accessReviews/definitions/{review-id}
V1 D GET /accessReviews?$filter=businessFlowTemplateId eq {businessFlowTemplate-id}&$top={pagesize}&$skip=0
V1 D GET /accessReviews/{reviewId}
V1 D GET /accessReviews/{reviewId}/decisions
V1 D GET /accessReviews/{reviewId}/myDecisions
V1 D GET /accessReviews/{reviewId}/reviewers
V1 D GET /businessFlowTemplates
V1 A,D GET /identityGovernance/accessReviews/definitions
V1 A,D GET /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}
V1 A,D GET /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances
V1 A,D GET /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}
V1 A,D GET /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/contactedReviewers
V1 A,D GET /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/decisions
V1 A,D GET /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/decisions/{accessReviewInstanceDecisionItemId}
V1 A,D GET /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/decisions/filterByCurrentUser(on='reviewer')
V1 A,D GET /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/stages
V1 A,D GET /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/stages/{accessReviewStageId}
V1 A,D GET /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/stages/{accessReviewStageId}/decisions
V1 A,D GET /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/stages/filterByCurrentUser(on='reviewer')
V1 A,D GET /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/filterByCurrentUser(on='reviewer')
V1 A,D GET /identityGovernance/accessReviews/definitions/{definition-id}/instances
V1 A,D GET /identityGovernance/accessReviews/definitions/{definition-id}/instances/{instance-id}
V1 A,D GET /identityGovernance/accessReviews/definitions/{review-id}
V1 A,D GET /identityGovernance/accessReviews/definitions/filterByCurrentUser(on='reviewer')
V1 A,D GET /identityGovernance/accessReviews/historyDefinitions
V1 A,D GET /identityGovernance/accessReviews/historyDefinitions/{accessReviewHistoryDefinitionId}/instances
V1 A,D GET /identityGovernance/accessReviews/historyDefinitions/{definition-id}
V1 D GET /me/pendingAccessReviewInstances
V1 D GET /me/pendingAccessReviewInstances/{instance-id}/decisions
V1 D PATCH /accessReviews/{reviewId}
V1 D PATCH /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/decisions/{accessReviewInstanceDecisionItemId}
V1 A,D PATCH /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/stages/{accessReviewStageId}
V1 D POST /accessReviews
V1 D POST /accessReviews/{reviewId}/applyDecisions
V1 D POST /accessReviews/{reviewId}/resetDecisions
V1 D POST /accessReviews/{reviewId}/reviewers
V1 D POST /accessReviews/{reviewId}/sendReminder
V1 D POST /accessReviews/{reviewId}/stop
V1 A,D POST /identityGovernance/accessReviews/decisions/filterByCurrentUser(on='reviewer')/recordAllDecisions
V1 A,D POST /identityGovernance/accessReviews/definitions
V1 D POST /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/acceptRecommendations
V1 A,D POST /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/applyDecisions
V1 A,D POST /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/batchRecordDecisions
V1 A,D POST /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/resetDecisions
V1 A,D POST /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/sendReminder
V1 A,D POST /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/stages/{accessReviewStageId}/stop
V1 A,D POST /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/stop
V1 A,D POST /identityGovernance/accessReviews/definitions/{definition-id}/instances/{instance-id}/applyDecisions
V1 A,D POST /identityGovernance/accessReviews/definitions/{definition-id}/instances/{instance-id}/stop
V1 A,D POST /identityGovernance/accessReviews/definitions/{definitionId}/instances/{instanceId}/sendReminder
V1 A,D POST /identityGovernance/accessReviews/historyDefinitions
V1 A,D POST /identityGovernance/accessReviews/historyDefinitions/{accessReviewHistoryDefinitionId}/instances/{accessReviewHistoryInstanceId}/generateDownloadUri
V1 A,D POST /me/pendingAccessReviewInstances/{accessReviewInstanceId}/batchRecordDecisions
V1 D POST /me/pendingAccessReviewInstances/{instance-id}/acceptRecommendations
V1 A,D PUT /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}
V1 A,D PUT /identityGovernance/accessReviews/definitions/{review-id}

Delegate Permission

Id e4aa47b9-9a69-4109-82ed-36ec70d85ff1
Consent Type Admin
Display String Manage all access reviews that user can access
Description Allows the app to read, update, delete and perform actions on access reviews, reviewers, decisions and settings that the signed-in user has access to in the organization.

Application Permission

Id ef5f7d5c-338f-44b0-86c3-351f46c8bb5f
Display String Manage all access reviews
Description Allows the app to read, update, delete and perform actions on access reviews, reviewers, decisions and settings in the organization, without a signed-in user.

Resources

accessreview

Property Type Description
id String The feature-assigned unique identifier of an access review.
displayName String The access review name. Required on create.
startDateTime DateTimeOffset The DateTime when the review is scheduled to be start. This could be a date in the future. Required on create.
endDateTime DateTimeOffset The DateTime when the review is scheduled to end. This must be at least one day later than the start date. Required on create.
status String This read-only field specifies the status of an accessReview. The typical states include Initializing, NotStarted, Starting,InProgress, Completing, Completed, AutoReviewing, and AutoReviewed.
description String The description provided by the access review creator, to show to the reviewers.
businessFlowTemplateId String The business flow template identifier. Required on create. This value is case sensitive.
reviewerType String The relationship type of reviewer to the target object, one of self, delegated or entityOwners. Required on create.
createdBy userIdentity The user who created this review.
reviewedEntity identity The object for which the access reviews is reviewing the access rights assignments. This can be the group for the review of memberships of users in a group, or the app for a review of assignments of users to an application. Required on create.
settings accessReviewSettings The settings of an accessReview, see type definition below.

accessreviewdecision

Property Type Description
id String The id of the decision within the access review.
accessReviewId String The feature-generated id of the access review.
reviewedBy userIdentity The identity of the reviewer. If the recommendation was used as the review, the userPrincipalName is empty.
reviewedDate DateTimeOffset The date and time the most recent review for this access right was supplied.
reviewResult String The result of the review, one of NotReviewed, Deny, DontKnow or Approve.
justification String The reviewer's business justification, if supplied.
appliedBy userIdentity When the review completes, if the results were manually applied, the user identity of the user who applied the decision. If the review was auto-applied, the userPrincipalName is empty.
appliedDateTime DateTimeOffset The date and time when the review decision was applied.
applyResult String The outcome of applying the decision, one of NotApplied, Success, Failed, NotFound or NotSupported.
accessRecommendation String The feature- generated recommendation shown to the reviewer, one of Approve, Deny or NotAvailable.

accessReviewHistoryDefinition

Property Type Description
createdBy userIdentity User who created this review history definition.
createdDateTime DateTimeOffset Timestamp when the access review definition was created.
decisions String collection Determines which review decisions will be included in the fetched review history data if specified. Optional on create. All decisions will be included by default if no decisions are provided on create. Possible values are: approve, deny, dontKnow, notReviewed, and notNotified.
displayName String Name for the access review history data collection. Required.
id String The assigned unique identifier of an access review history definition.
reviewHistoryPeriodEndDateTime DateTimeOffset A timestamp. Reviews ending on or before this date will be included in the fetched history data. Only required if scheduleSettings is not defined.
reviewHistoryPeriodStartDateTime DateTimeOffset A timestamp. Reviews starting on or before this date will be included in the fetched history data. Only required if scheduleSettings is not defined.
scheduleSettings accessReviewHistoryScheduleSettings The settings for a recurring access review history definition series. Only required if reviewHistoryPeriodStartDateTime or reviewHistoryPeriodEndDateTime are not defined. Not supported yet.
scopes accessReviewScope collection Used to scope what reviews are included in the fetched history data. Fetches reviews whose scope matches with this provided scope. Required.
status accessReviewHistoryStatus Represents the status of the review history data collection. The possible values are: done, inProgress, error, requested, unknownFutureValue.

accessReviewHistoryInstance

Property Type Description
downloadUri String Uri which can be used to retrieve review history data. This URI will be active for 24 hours after being generated. Required.
expirationDateTime DateTimeOffset Timestamp when this instance and associated data expires and the history is deleted. Required.
fulfilledDateTime DateTimeOffset Timestamp when all of the available data for this instance was collected. This will be set after this instance's status is set to done. Required.
id String The assigned unique identifier of an access review history instance. Read-only. Required.
reviewHistoryPeriodEndDateTime DateTimeOffset Timestamp, reviews ending on or before this date will be included in the fetched history data.
reviewHistoryPeriodStartDateTime DateTimeOffset Timestamp, reviews starting on or after this date will be included in the fetched history data.
runDateTime DateTimeOffset Timestamp when the instance's history data is scheduled to be generated.
status accessReviewHistoryStatus Represents the status of the review history data collection. The possible values are: done, inProgress, error, requested, unknownFutureValue. Once the **s

accessReviewInstance

Property Type Description
endDateTime DateTimeOffset DateTime when review instance is scheduled to end.The DatetimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Supports $select. Read-only.
fallbackReviewers accessReviewReviewerScope collection This collection of reviewer scopes is used to define the list of fallback reviewers. These fallback reviewers will be notified to take action if no users are found from the list of reviewers specified. This could occur when either the group owner is specified as the reviewer but the group owner does not exist, or manager is specified as reviewer but a user's manager does not exist. Supports $select.
id String Unique identifier of the instance. Supports $select. Read-only.
reviewers accessReviewReviewerScope collection This collection of access review scopes is used to define who the reviewers are. Supports $select. For examples of options for assigning reviewers, see Assign reviewers to your access review definition using the Microsoft Graph API.
scope accessReviewScope Created based on scope and instanceEnumerationScope at the accessReviewScheduleDefinition level. Defines the scope of users reviewed in a group. Supports $select and $filter (contains only). Read-only.
startDateTime DateTimeOffset DateTime when review instance is scheduled to start. May be in the future. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Supports $select. Read-only.
status String Specifies the status of an accessReview. Possible values: Initializing, NotStarted, Starting, InProgress, Completing, Completed, AutoReviewing, and AutoReviewed. Supports $select, $orderby, and $filter (eq only). Read-only.

accessReviewInstanceDecisionItem

Property Type Description
accessReviewId String The identifier of the accessReviewInstance parent. Supports $select. Read-only.
appliedBy userIdentity The identifier of the user who applied the decision. Read-only.
appliedDateTime DateTimeOffset The timestamp when the approval decision was applied.00000000-0000-0000-0000-000000000000 if the assigned reviewer hasn't applied the decision or it was automatically applied. The DatetimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Supports $select. Read-only.
applyResult String The result of applying the decision. Possible values: New, AppliedSuccessfully, AppliedWithUnknownFailure, AppliedSuccessfullyButObjectNotFound and ApplyNotSupported. Supports $select, $orderby, and $filter (eq only). Read-only.
decision String Result of the review. Possible values: Approve, Deny, NotReviewed, or DontKnow. Supports $select, $orderby, and $filter (eq only).
id String The identifier of the decision. Inherited from entity. Supports $select. Read-only.
justification String Justification left by the reviewer when they made the decision.
principal identity Every decision item in an access review represents a principal's access to a resource. This property represents details of the principal. For example, if a decision item represents access of User "Bob" to Group "Sales" - The principal is "Bob" and the resource is "Sales". Principals can be of two types - userIdentity and servicePrincipalIdentity. Supports $select. Read-only.
principalLink String A link to the principal object. For example, https://graph.microsoft.com/v1.0/users/a6c7aecb-cbfd-4763-87ef-e91b4bd509d9. Read-only.
recommendation String A system-generated recommendation for the approval decision based off last interactive sign-in to tenant. Recommend approve if sign-in is within thirty days of start of review. Recommend deny if sign-in is greater than thirty days of start of review. Recommendation not available otherwise. Possible values: Approve, Deny, or NoInfoAvailable. Supports $select, $orderby, and $filter (eq only). Read-only.
resource accessReviewInstanceDecisionItemResource Every decision item in an access review represents a principal's access to a resource. This property represents details of the resource. For example, if a decision item represents access of User "Bob" to Group "Sales" - The principal is Bob and the resource is "Sales". Resources can be of multiple types. See accessReviewInstanceDecisionItemResource. Read-only.
resourceLink String A link to the resource. For example, https://graph.microsoft.com/v1.0/servicePrincipals/c86300f3-8695-4320-9f6e-32a2555f5ff8. Supports $select. Read-only.
reviewedBy userIdentity The identifier of the reviewer.00000000-0000-0000-0000-000000000000 if the assigned reviewer hasn't reviewed. Supports $select. Read-only.
reviewedDateTime DateTimeOffset The timestamp when the review decision occurred. Supports $select. Read-only.

accessReviewQueryScope

Property Type Description
query String The query representing what will be reviewed in an access review.
queryRoot String In the scenario where reviewers need to be specified dynamically, this property is used to indicate the relative source of the query. This property is only required if a relative query is specified. For example, ./manager.
queryType String Indicates the type of query. Types include MicrosoftGraph and ARM.

accessreviewrecurrencesettings

Property Type Description
recurrenceType String The recurrence interval. Possible vaules: onetime, weekly, monthly, quarterly, halfyearly or annual.
recurrenceEndType String How the recurrence ends. Possible values: never, endBy, occurrences, or recurrenceCount. If it is never, then there is no explicit end of the recurrence series. If it is endBy, then the recurrence ends at a certain date. If it is occurrences, then the series ends after recurrenceCount instances of the review have completed.
durationInDays Int32 The duration in days for recurrence.
recurrenceCount Int32 The count of recurrences, if the value of **r

accessReviewReviewer

Property Type Description
createdDateTime DateTimeOffset The date when the reviewer was added for the access review.
displayName String Name of reviewer.
id String Identifier of the reviewer. Inherited from entity.
userPrincipalName String User principal name of the reviewer.

accessReviewReviewerScope

Property Type Description
query String The query specifying who will be the reviewer.
queryRoot String In the scenario where reviewers need to be specified dynamically, this property is used to indicate the relative source of the query. This property is only required if a relative query, for example, ./manager, is specified. Possible value: decisions.
queryType String The type of query. Examples include MicrosoftGraph and ARM.

accessreviews-root

accessReviewScheduleDefinition

Property Type Description
additionalNotificationRecipients accessReviewNotificationRecipientItem collection Defines the list of additional users or group members to be notified of the access review progress.
backupReviewers (deprecated) accessReviewReviewerScope collection This collection of reviewer scopes is used to define the list of fallback reviewers. These fallback reviewers will be notified to take action if no users are found from the list of reviewers specified. This could occur when either the group owner is specified as the reviewer but the group owner does not exist, or manager is specified as reviewer but a user's manager does not exist. Supports $select.
Note: This property has been replaced by fallbackReviewers. However, specifying either backupReviewers or fallbackReviewers automatically populates the same values to the other property.
createdBy userIdentity User who created this review. Read-only.
createdDateTime DateTimeOffset Timestamp when the access review series was created. Supports $select. Read-only.
descriptionForAdmins String Description provided by review creators to provide more context of the review to admins. Supports $select.
descriptionForReviewers String Description provided by review creators to provide more context of the review to reviewers. Reviewers will see this description in the email sent to them requesting their review. Email notifications support up to 256 characters. Supports $select.
displayName String Name of the access review series. Supports $select and $orderBy. Required on create.
fallbackReviewers accessReviewReviewerScope collection This collection of reviewer scopes is used to define the list of fallback reviewers. These fallback reviewers will be notified to take action if no users are found from the list of reviewers specified. This could occur when either the group owner is specified as the reviewer but the group owner does not exist, or manager is specified as reviewer but a user's manager does not exist. See accessReviewReviewerScope. Replaces backupReviewers. Supports $select.

NOTE: The value of this property will be ignored if fallback reviewers are assigned through the stageSettings property.
id String The feature-assigned unique identifier of an access review. Supports $select. Read-only.
instanceEnumerationScope accessReviewScope This property is required when scoping a review to guest users' access across all Microsoft 365 groups and determines which Microsoft 365 groups are reviewed. Each group will become a unique accessReviewInstance of the access review series. For supported scopes, see accessReviewScope. Supports $select. For examples of options for configuring instanceEnumerationScope, see Configure the scope of your access review definition using the Microsoft Graph API.
lastModifiedDateTime DateTimeOffset Timestamp when the access review series was last modified. Supports $select. Read-only.
reviewers accessReviewReviewerScope collection This collection of access review scopes is used to define who are the reviewers. The reviewers property is only updatable if individual users are assigned as reviewers. Required on create. Supports $select. For examples of options for assigning reviewers, see Assign reviewers to your access review definition using the Microsoft Graph API.

NOTE: The value of this property will be ignored if reviewers are assigned through the stageSettings property.
scope accessReviewScope Defines the entities whose access is reviewed. For supported scopes, see accessReviewScope. Required on create. Supports $select and $filter (contains only). For examples of options for configuring scope, see Configure the scope of your access review definition using the Microsoft Graph API.
settings accessReviewScheduleSettings The settings for an access review series, see type definition below. Supports $select. Required on create.
stageSettings accessReviewStageSettings collection Required only for a multi-stage access review to define the stages and their settings. You can break down each review instance into up to three sequential stages, where each stage can have a different set of reviewers, fallback reviewers, and settings. Stages will be created sequentially based on the dependsOn property. Optional.

When this property is defined, its settings are used instead of the corresponding settings in the accessReviewScheduleDefinition object and its settings, reviewers, and fallbackReviewers properties.
status String This read-only field specifies the status of an access review. The typical states include Initializing, NotStarted, Starting, InProgress, Completing, Completed, AutoReviewing, and AutoReviewed.
Supports $select, $orderby, and $filter (eq only). Read-only.

accessReviewScheduleSettings

Property Type Description
applyActions accessReviewApplyAction collection Optional field. Describes the actions to take once a review is complete. There are two types that are currently supported: removeAccessApplyAction (default) and disableAndDeleteUserApplyAction. Field only needs to be specified in the case of disableAndDeleteUserApplyAction.
autoApplyDecisionsEnabled Boolean Indicates whether decisions are automatically applied. When set to false, an admin must apply the decisions manually once the reviewer completes the access review. When set to true, decisions are applied automatically after the access review instance duration ends, whether or not the reviewers have responded. Default value is false.
decisionHistoriesForReviewersEnabled Boolean Indicates whether decisions on previous access review stages are available for reviewers on an accessReviewInstance with multiple subsequent stages. If not provided, the default is disabled (false).
defaultDecision String Decision chosen if defaultDecisionEnabled is enabled. Can be one of Approve, Deny, or Recommendation.
defaultDecisionEnabled Boolean Indicates whether the default decision is enabled or disabled when reviewers do not respond. Default value is false.
instanceDurationInDays Int32 Duration of an access review instance in days.
NOTE: If the stageSettings of the accessReviewScheduleDefinition object is defined, its durationInDays setting will be used instead of the value of this property.
justificationRequiredOnApproval Boolean Indicates whether reviewers are required to provide justification with their decision. Default value is false.
mailNotificationsEnabled Boolean Indicates whether emails are enabled or disabled. Default value is false.
recommendationsEnabled Boolean Indicates whether decision recommendations are enabled or disabled.
NOTE: If the stageSettings of the accessReviewScheduleDefinition object is defined, its recommendationsEnabled setting will be used instead of the value of this property.
recurrence patternedRecurrence Detailed settings for recurrence using the standard Outlook recurrence object.

Note: Only dayOfMonth, interval, and type (weekly, absoluteMonthly) properties are supported. Use the property startDate on recurrenceRange to determine the day the review starts.
reminderNotificationsEnabled Boolean Indicates whether reminders are enabled or disabled. Default value is false.

accessReviewScope

accessReviewStage

Property Type Description
endDateTime DateTimeOffset The date and time in ISO 8601 format and UTC time when the review stage is scheduled to end. This property is the cumulative total of the durationInDays for all stages. Read-only.
fallbackReviewers accessReviewReviewerScope collection This collection of reviewer scopes is used to define the list of fallback reviewers. These fallback reviewers will be notified to take action if no users are found from the list of reviewers specified. This could occur when either the group owner is specified as the reviewer but the group owner does not exist, or manager is specified as reviewer but a user's manager does not exist.
id String Unique identifier of the stage. Read-only.
reviewers accessReviewReviewerScope collection This collection of access review scopes is used to define who the reviewers are. For examples of options for assigning reviewers, see Assign reviewers to your access review definition using the Microsoft Graph API.
startDateTime DateTimeOffset The date and time in ISO 8601 format and UTC time when the review stage is scheduled to start. Read-only.
status String Specifies the status of an accessReviewStage. Possible values: Initializing, NotStarted, Starting, InProgress, Completing, Completed, AutoReviewing, and AutoReviewed. Supports $orderby, and $filter (eq only). Read-only.

accessReviewStageSettings

Property Type Description
decisionsThatWillMoveToNextStage String collection Indicate which decisions will go to the next stage. Can be a sub-set of Approve, Deny, Recommendation, or NotReviewed. If not provided, all decisions will go to the next stage. Optional.
dependsOn String collection Defines the sequential or parallel order of the stages and depends on the stageId. Only sequential stages are currently supported. For example, if stageId is 2, then dependsOn must be 1. If stageId is 1, do not specify dependsOn. Required if stageId is not 1.
durationInDays Int32 The duration of the stage. Required.

NOTE: The cumulative value of this property across all stages
1. Will override the instanceDurationInDays setting on the accessReviewScheduleDefinition object.
2. Cannot exceed the length of one recurrence. That is, if the review recurs weekly, the cumulative durationInDays cannot exceed 7.
fallbackReviewers accessReviewReviewerScope collection If provided, the fallback reviewers are asked to complete a review if the primary reviewers do not exist. For example, if managers are selected as reviewers and a principal under review does not have a manager in Azure AD, the fallback reviewers are asked to review that principal.

NOTE: The value of this property will override the corresponding setting on the accessReviewScheduleDefinition object.
recommendationsEnabled Boolean Indicates whether showing recommendations to reviewers is enabled. Required.

NOTE: The value of this property will override override the corresponding setting on the accessReviewScheduleDefinition object.
reviewers accessReviewReviewerScope collection Defines who the reviewers are. If none are specified, the review is a self-review (users review their own access). For examples of options for assigning reviewers, see Assign reviewers to your access review definition using the Microsoft Graph API.

NOTE: The value of this property will override the corresponding setting on the accessReviewScheduleDefinition.
stageId String Unique identifier of the **a

accessreviewsv2-overview

businessflowtemplate

Property Type Description
id String The feature-assigned identifier of the business flow template. These values are case sensitive.
displayName String The name of the business flow template

identity

Property Type Description
displayName String The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta.
id String Unique identifier for the identity.

programcontrol

Property Type Description
id String The feature-assigned identifier of the link between program and control.
programId String The programId of the program this control is a part of. Required on create.
controlId String The controlId of the control, in particular the identifier of an access review. Required on create.
controlTypeId String The programControlType identifies the type of program control - for example, a control linking to guest access reviews. Required on create.
displayName String The name of the control.
status String The life cycle status of the control.
createdDateTime DateTimeOffset The creation date and time of the program control.
owner userIdentity The user who created the program control.
resource programResource The resource, a group or an app, targeted by this program control's access review.

userIdentity

Property Type Description
displayName String The identity's display name. Note that this may not always be available or up-to-date.
id String Unique identifier for the identity.
ipAddress String Indicates the client IP address used by user performing the activity (audit log only).
userPrincipalName String The userPrincipalName attribute of the user.
In This Article
Back to top Created by merill | Submit feedback