AccessReview.ReadWrite.All
Allows the app to read, update, delete and perform actions on access reviews, reviewers, decisions and settings that the signed-in user has access to in the organization.
Merill's Note
For an app to access data in Microsoft Graph, the user or administrator must grant it the permissions it needs. This article lists all the Microsoft Graph APIs and your tenant data that can be accessed by the application (vendor/developer) if you consent to the
AccessReview.ReadWrite.All
permission.If you need to create an audit report of the permissions granted to all the apps in your tenant, you can run the
Export-MsIdAppConsentGrantReport
command. See How To: Run a quick OAuth app audit of your tenant
Category | Application | Delegated |
---|---|---|
Identifier | ef5f7d5c-338f-44b0-86c3-351f46c8bb5f | e4aa47b9-9a69-4109-82ed-36ec70d85ff1 |
DisplayText | Manage all access reviews | Manage all access reviews that user can access |
Description | Allows the app to read, update, delete and perform actions on access reviews, reviewers, decisions and settings in the organization, without a signed-in user. | Allows the app to read, update, delete and perform actions on access reviews, reviewers, decisions and settings that the signed-in user has access to in the organization. |
AdminConsentRequired | Yes | Yes |
Graph Methods
→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)
Methods | |
---|---|
Resources
Granting this permission allows the calling application to access (and/or update) the following information in your tenant.
- accessreview
- accessreviewdecision
- accessReviewHistoryDefinition
- accessReviewHistoryInstance
- accessReviewInstance
- accessReviewInstanceDecisionItem
- accessReviewQueryScope
- accessreviewrecurrencesettings
- accessReviewReviewer
- accessReviewReviewerScope
- accessreviews-root
- accessReviewScheduleDefinition
- accessReviewScheduleSettings
- accessReviewScope
- accessReviewStage
- accessReviewStageSettings
- accessreviewsv2-overview
- businessflowtemplate
- identity
- programcontrol
- userIdentity
Graph reference: accessreview
Property | Type | Description |
---|---|---|
id | String | The feature-assigned unique identifier of an access review. |
displayName | String | The access review name. Required on create. |
startDateTime | DateTimeOffset | The date and time when the review is scheduled to be start. This date can be in the future. Required on create. |
endDateTime | DateTimeOffset | The DateTime when the review is scheduled to end. This must be at least one day later than the start date. Required on create. |
status | String | This read-only field specifies the status of an accessReview. The typical states include Initializing , NotStarted , Starting ,InProgress , Completing , Completed , AutoReviewing , and AutoReviewed . |
description | String | The description provided by the access review creator, to show to the reviewers. |
businessFlowTemplateId | String | The business flow template identifier. Required on create. This value is case sensitive. |
reviewerType | String | The relationship type of reviewer to the target object, one of: self , delegated , entityOwners . Required on create. |
createdBy | userIdentity | The user who created this review. |
reviewedEntity | identity | The object for which the access review is reviewing the access rights assignments. This identity can be the group for the review of memberships of users in a group, or the app for a review of assignments of users to an application. Required on create. |
settings | accessReviewSettings | The settings of an accessReview, see type definition below. |