AccessReview.ReadWrite.Membership
Allows the app to read, update, delete and perform actions on access reviews, reviewers, decisions and settings for group and app memberships that the signed-in user has access to in the organization.
Graph Methods
Type: A = Application Permission, D = Delegate Permission
Ver |
Type |
Method |
V1 |
A,D |
DELETE /accessReviews/{reviewId} |
V1 |
A,D |
DELETE /accessReviews/{reviewId}/reviewers/{userId} |
V1 |
A,D |
GET /accessReviews?$filter=businessFlowTemplateId eq {businessFlowTemplate-id}&$top={pagesize}&$skip=0 |
V1 |
A,D |
GET /accessReviews/{reviewId} |
V1 |
A,D |
GET /accessReviews/{reviewId}/decisions |
V1 |
D |
GET /accessReviews/{reviewId}/myDecisions |
V1 |
A,D |
GET /accessReviews/{reviewId}/reviewers |
V1 |
A,D |
GET /businessFlowTemplates |
V1 |
A,D |
PATCH /accessReviews/{reviewId} |
V1 |
A,D |
POST /accessReviews |
V1 |
A,D |
POST /accessReviews/{reviewId}/applyDecisions |
V1 |
A,D |
POST /accessReviews/{reviewId}/resetDecisions |
V1 |
A,D |
POST /accessReviews/{reviewId}/reviewers |
V1 |
A,D |
POST /accessReviews/{reviewId}/sendReminder |
V1 |
A,D |
POST /accessReviews/{reviewId}/stop |
Delegate Permission
|
|
Id |
5af8c3f5-baca-439a-97b0-ea58a435e269 |
Consent Type |
Admin |
Display String |
Manage access reviews for group and app memberships |
Description |
Allows the app to read, update, delete and perform actions on access reviews, reviewers, decisions and settings for group and app memberships that the signed-in user has access to in the organization. |
Application Permission
|
|
Id |
18228521-a591-40f1-b215-5fad4488c117 |
Display String |
Manage access reviews for group and app memberships |
Description |
Allows the app to read, update, delete and perform actions on access reviews, reviewers, decisions and settings in the organization for group and app memberships, without a signed-in user. |
Resources
Property |
Type |
Description |
id |
String |
The feature-assigned unique identifier of an access review. |
displayName |
String |
The access review name. Required on create. |
startDateTime |
DateTimeOffset |
The DateTime when the review is scheduled to be start. This could be a date in the future. Required on create. |
endDateTime |
DateTimeOffset |
The DateTime when the review is scheduled to end. This must be at least one day later than the start date. Required on create. |
status |
String |
This read-only field specifies the status of an accessReview. The typical states include Initializing , NotStarted , Starting ,InProgress , Completing , Completed , AutoReviewing , and AutoReviewed . |
description |
String |
The description provided by the access review creator, to show to the reviewers. |
businessFlowTemplateId |
String |
The business flow template identifier. Required on create. This value is case sensitive. |
reviewerType |
String |
The relationship type of reviewer to the target object, one of self , delegated or entityOwners . Required on create. |
createdBy |
userIdentity |
The user who created this review. |
reviewedEntity |
identity |
The object for which the access reviews is reviewing the access rights assignments. This can be the group for the review of memberships of users in a group, or the app for a review of assignments of users to an application. Required on create. |
settings |
accessReviewSettings |
The settings of an accessReview, see type definition below. |
Property |
Type |
Description |
id |
String |
The id of the decision within the access review. |
accessReviewId |
String |
The feature-generated id of the access review. |
reviewedBy |
userIdentity |
The identity of the reviewer. If the recommendation was used as the review, the userPrincipalName is empty. |
reviewedDate |
DateTimeOffset |
The date and time the most recent review for this access right was supplied. |
reviewResult |
String |
The result of the review, one of NotReviewed , Deny , DontKnow or Approve . |
justification |
String |
The reviewer's business justification, if supplied. |
appliedBy |
userIdentity |
When the review completes, if the results were manually applied, the user identity of the user who applied the decision. If the review was auto-applied, the userPrincipalName is empty. |
appliedDateTime |
DateTimeOffset |
The date and time when the review decision was applied. |
applyResult |
String |
The outcome of applying the decision, one of NotApplied , Success , Failed , NotFound or NotSupported . |
accessRecommendation |
String |
The feature- generated recommendation shown to the reviewer, one of Approve , Deny or NotAvailable . |
Property |
Type |
Description |
recurrenceType |
String |
The recurrence interval. Possible vaules: onetime , weekly , monthly , quarterly , halfyearly or annual . |
recurrenceEndType |
String |
How the recurrence ends. Possible values: never , endBy , occurrences , or recurrenceCount . If it is never , then there is no explicit end of the recurrence series. If it is endBy , then the recurrence ends at a certain date. If it is occurrences , then the series ends after recurrenceCount instances of the review have completed. |
durationInDays |
Int32 |
The duration in days for recurrence. |
recurrenceCount |
Int32 |
The count of recurrences, if the value of **r |
Property |
Type |
Description |
id |
String |
The feature-assigned identifier of the business flow template. These values are case sensitive. |
displayName |
String |
The name of the business flow template |
Property |
Type |
Description |
displayName |
String |
The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. |
id |
String |
Unique identifier for the identity. |
Property |
Type |
Description |
id |
String |
The feature-assigned identifier of the link between program and control. |
programId |
String |
The programId of the program this control is a part of. Required on create. |
controlId |
String |
The controlId of the control, in particular the identifier of an access review. Required on create. |
controlTypeId |
String |
The programControlType identifies the type of program control - for example, a control linking to guest access reviews. Required on create. |
displayName |
String |
The name of the control. |
status |
String |
The life cycle status of the control. |
createdDateTime |
DateTimeOffset |
The creation date and time of the program control. |
owner |
userIdentity |
The user who created the program control. |
resource |
programResource |
The resource, a group or an app, targeted by this program control's access review. |
Property |
Type |
Description |
displayName |
String |
The identity's display name. Note that this may not always be available or up-to-date. |
id |
String |
Unique identifier for the identity. |
ipAddress |
String |
Indicates the client IP address used by user performing the activity (audit log only). |
userPrincipalName |
String |
The userPrincipalName attribute of the user. |