AccessReview.ReadWrite.Membership
Allows the app to read, update, delete and perform actions on access reviews, reviewers, decisions and settings for group and app memberships that the signed-in user has access to in the organization.
Graph Methods
Type: A = Application Permission, D = Delegate Permission
| Ver |
Type |
Method |
| V1 |
A,D |
DELETE /accessReviews/{reviewId} |
| V1 |
A,D |
DELETE /accessReviews/{reviewId}/reviewers/{userId} |
| V1 |
A,D |
GET /accessReviews?$filter=businessFlowTemplateId eq {businessFlowTemplate-id}&$top={pagesize}&$skip=0 |
| V1 |
A,D |
GET /accessReviews/{reviewId} |
| V1 |
A,D |
GET /accessReviews/{reviewId}/decisions |
| V1 |
D |
GET /accessReviews/{reviewId}/myDecisions |
| V1 |
A,D |
GET /accessReviews/{reviewId}/reviewers |
| V1 |
A,D |
GET /businessFlowTemplates |
| V1 |
A,D |
PATCH /accessReviews/{reviewId} |
| V1 |
A,D |
POST /accessReviews |
| V1 |
A,D |
POST /accessReviews/{reviewId}/applyDecisions |
| V1 |
A,D |
POST /accessReviews/{reviewId}/resetDecisions |
| V1 |
A,D |
POST /accessReviews/{reviewId}/reviewers |
| V1 |
A,D |
POST /accessReviews/{reviewId}/sendReminder |
| V1 |
A,D |
POST /accessReviews/{reviewId}/stop |
Delegate Permission
|
|
| Id |
5af8c3f5-baca-439a-97b0-ea58a435e269 |
| Consent Type |
Admin |
| Display String |
Manage access reviews for group and app memberships |
| Description |
Allows the app to read, update, delete and perform actions on access reviews, reviewers, decisions and settings for group and app memberships that the signed-in user has access to in the organization. |
Application Permission
|
|
| Id |
18228521-a591-40f1-b215-5fad4488c117 |
| Display String |
Manage access reviews for group and app memberships |
| Description |
Allows the app to read, update, delete and perform actions on access reviews, reviewers, decisions and settings in the organization for group and app memberships, without a signed-in user. |
Resources
| Property |
Type |
Description |
| id |
String |
The feature-assigned unique identifier of an access review. |
| displayName |
String |
The access review name. Required on create. |
| startDateTime |
DateTimeOffset |
The DateTime when the review is scheduled to be start. This could be a date in the future. Required on create. |
| endDateTime |
DateTimeOffset |
The DateTime when the review is scheduled to end. This must be at least one day later than the start date. Required on create. |
| status |
String |
This read-only field specifies the status of an accessReview. The typical states include Initializing, NotStarted, Starting,InProgress, Completing, Completed, AutoReviewing, and AutoReviewed. |
| description |
String |
The description provided by the access review creator, to show to the reviewers. |
| businessFlowTemplateId |
String |
The business flow template identifier. Required on create. This value is case sensitive. |
| reviewerType |
String |
The relationship type of reviewer to the target object, one of self, delegated or entityOwners. Required on create. |
| createdBy |
userIdentity |
The user who created this review. |
| reviewedEntity |
identity |
The object for which the access reviews is reviewing the access rights assignments. This can be the group for the review of memberships of users in a group, or the app for a review of assignments of users to an application. Required on create. |
| settings |
accessReviewSettings |
The settings of an accessReview, see type definition below. |
| Property |
Type |
Description |
id |
String |
The id of the decision within the access review. |
accessReviewId |
String |
The feature-generated id of the access review. |
reviewedBy |
userIdentity |
The identity of the reviewer. If the recommendation was used as the review, the userPrincipalName is empty. |
reviewedDate |
DateTimeOffset |
The date and time the most recent review for this access right was supplied. |
reviewResult |
String |
The result of the review, one of NotReviewed, Deny, DontKnow or Approve. |
justification |
String |
The reviewer's business justification, if supplied. |
appliedBy |
userIdentity |
When the review completes, if the results were manually applied, the user identity of the user who applied the decision. If the review was auto-applied, the userPrincipalName is empty. |
appliedDateTime |
DateTimeOffset |
The date and time when the review decision was applied. |
applyResult |
String |
The outcome of applying the decision, one of NotApplied, Success, Failed, NotFound or NotSupported. |
accessRecommendation |
String |
The feature- generated recommendation shown to the reviewer, one of Approve, Deny or NotAvailable. |
| Property |
Type |
Description |
| recurrenceType |
String |
The recurrence interval. Possible vaules: onetime, weekly, monthly, quarterly, halfyearly or annual. |
| recurrenceEndType |
String |
How the recurrence ends. Possible values: never, endBy, occurrences, or recurrenceCount. If it is never, then there is no explicit end of the recurrence series. If it is endBy, then the recurrence ends at a certain date. If it is occurrences, then the series ends after recurrenceCount instances of the review have completed. |
| durationInDays |
Int32 |
The duration in days for recurrence. |
| recurrenceCount |
Int32 |
The count of recurrences, if the value of **r |
| Property |
Type |
Description |
| id |
String |
The feature-assigned identifier of the business flow template. These values are case sensitive. |
| displayName |
String |
The name of the business flow template |
| Property |
Type |
Description |
| displayName |
String |
The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. |
| id |
String |
Unique identifier for the identity. |
| Property |
Type |
Description |
| id |
String |
The feature-assigned identifier of the link between program and control. |
| programId |
String |
The programId of the program this control is a part of. Required on create. |
| controlId |
String |
The controlId of the control, in particular the identifier of an access review. Required on create. |
| controlTypeId |
String |
The programControlType identifies the type of program control - for example, a control linking to guest access reviews. Required on create. |
| displayName |
String |
The name of the control. |
| status |
String |
The life cycle status of the control. |
| createdDateTime |
DateTimeOffset |
The creation date and time of the program control. |
| owner |
userIdentity |
The user who created the program control. |
| resource |
programResource |
The resource, a group or an app, targeted by this program control's access review. |
| Property |
Type |
Description |
| displayName |
String |
The identity's display name. Note that this may not always be available or up-to-date. |
| id |
String |
Unique identifier for the identity. |
| ipAddress |
String |
Indicates the client IP address used by user performing the activity (audit log only). |
| userPrincipalName |
String |
The userPrincipalName attribute of the user. |