Table of Contents

AccessReview.ReadWrite.All

Allows the app to read, update, delete and perform actions on access reviews, reviewers, decisions and settings that the signed-in user has access to in the organization.

Merill's Note

For an app to access data in Microsoft Graph, the user or administrator must grant it the permissions it needs. This article lists all the Microsoft Graph APIs and your tenant data that can be accessed by the application (vendor/developer) if you consent to the AccessReview.ReadWrite.All permission.

If you need to create an audit report of the permissions granted to all the apps in your tenant, you can run the Export-MsIdAppConsentGrantReport command. See How To: Run a quick OAuth app audit of your tenant

Category Application Delegated
Identifier ef5f7d5c-338f-44b0-86c3-351f46c8bb5f e4aa47b9-9a69-4109-82ed-36ec70d85ff1
DisplayText Manage all access reviews Manage all access reviews that user can access
Description Allows the app to read, update, delete and perform actions on access reviews, reviewers, decisions and settings in the organization, without a signed-in user. Allows the app to read, update, delete and perform actions on access reviews, reviewers, decisions and settings that the signed-in user has access to in the organization.
AdminConsentRequired Yes Yes

Graph Methods

API supports delegated access (access on behalf of a user)
API supports app-only access (access without a user)

Methods

Resources

Granting this permission allows the calling application to access (and/or update) the following information in your tenant.

Graph reference: accessreview

Property Type Description
id String The feature-assigned unique identifier of an access review.
displayName String The access review name. Required on create.
startDateTime DateTimeOffset The date and time when the review is scheduled to be start. This date can be in the future. Required on create.
endDateTime DateTimeOffset The DateTime when the review is scheduled to end. This must be at least one day later than the start date. Required on create.
status String This read-only field specifies the status of an accessReview. The typical states include Initializing, NotStarted, Starting,InProgress, Completing, Completed, AutoReviewing, and AutoReviewed.
description String The description provided by the access review creator, to show to the reviewers.
businessFlowTemplateId String The business flow template identifier. Required on create. This value is case sensitive.
reviewerType String The relationship type of reviewer to the target object, one of: self, delegated, entityOwners. Required on create.
createdBy userIdentity The user who created this review.
reviewedEntity identity The object for which the access review is reviewing the access rights assignments. This identity can be the group for the review of memberships of users in a group, or the app for a review of assignments of users to an application. Required on create.
settings accessReviewSettings The settings of an accessReview, see type definition below.