Show / Hide Table of Contents

AccessReview.ReadWrite.Membership

Allows the app to read, update, delete and perform actions on access reviews, reviewers, decisions and settings for group and app memberships that the signed-in user has access to in the organization.

Graph Methods

Type: A = Application Permission, D = Delegate Permission

Ver Type Method
V1 A,D DELETE /accessReviews/{reviewId}
V1 A,D DELETE /accessReviews/{reviewId}/reviewers/{userId}
V1 A,D GET /accessReviews?$filter=businessFlowTemplateId eq {businessFlowTemplate-id}&$top={pagesize}&$skip=0
V1 A,D GET /accessReviews/{reviewId}
V1 A,D GET /accessReviews/{reviewId}/decisions
V1 D GET /accessReviews/{reviewId}/myDecisions
V1 A,D GET /accessReviews/{reviewId}/reviewers
V1 A,D GET /businessFlowTemplates
V1 A,D PATCH /accessReviews/{reviewId}
V1 A,D POST /accessReviews
V1 A,D POST /accessReviews/{reviewId}/applyDecisions
V1 A,D POST /accessReviews/{reviewId}/resetDecisions
V1 A,D POST /accessReviews/{reviewId}/reviewers
V1 A,D POST /accessReviews/{reviewId}/sendReminder
V1 A,D POST /accessReviews/{reviewId}/stop

Delegate Permission

Id 5af8c3f5-baca-439a-97b0-ea58a435e269
Consent Type Admin
Display String Manage access reviews for group and app memberships
Description Allows the app to read, update, delete and perform actions on access reviews, reviewers, decisions and settings for group and app memberships that the signed-in user has access to in the organization.

Application Permission

Id 18228521-a591-40f1-b215-5fad4488c117
Display String Manage access reviews for group and app memberships
Description Allows the app to read, update, delete and perform actions on access reviews, reviewers, decisions and settings in the organization for group and app memberships, without a signed-in user.

Resources

accessreview

Property Type Description
id String The feature-assigned unique identifier of an access review.
displayName String The access review name. Required on create.
startDateTime DateTimeOffset The DateTime when the review is scheduled to be start. This could be a date in the future. Required on create.
endDateTime DateTimeOffset The DateTime when the review is scheduled to end. This must be at least one day later than the start date. Required on create.
status String This read-only field specifies the status of an accessReview. The typical states include Initializing, NotStarted, Starting,InProgress, Completing, Completed, AutoReviewing, and AutoReviewed.
description String The description provided by the access review creator, to show to the reviewers.
businessFlowTemplateId String The business flow template identifier. Required on create. This value is case sensitive.
reviewerType String The relationship type of reviewer to the target object, one of self, delegated or entityOwners. Required on create.
createdBy userIdentity The user who created this review.
reviewedEntity identity The object for which the access reviews is reviewing the access rights assignments. This can be the group for the review of memberships of users in a group, or the app for a review of assignments of users to an application. Required on create.
settings accessReviewSettings The settings of an accessReview, see type definition below.

accessreviewdecision

Property Type Description
id String The id of the decision within the access review.
accessReviewId String The feature-generated id of the access review.
reviewedBy userIdentity The identity of the reviewer. If the recommendation was used as the review, the userPrincipalName is empty.
reviewedDate DateTimeOffset The date and time the most recent review for this access right was supplied.
reviewResult String The result of the review, one of NotReviewed, Deny, DontKnow or Approve.
justification String The reviewer's business justification, if supplied.
appliedBy userIdentity When the review completes, if the results were manually applied, the user identity of the user who applied the decision. If the review was auto-applied, the userPrincipalName is empty.
appliedDateTime DateTimeOffset The date and time when the review decision was applied.
applyResult String The outcome of applying the decision, one of NotApplied, Success, Failed, NotFound or NotSupported.
accessRecommendation String The feature- generated recommendation shown to the reviewer, one of Approve, Deny or NotAvailable.

accessreviewrecurrencesettings

Property Type Description
recurrenceType String The recurrence interval. Possible vaules: onetime, weekly, monthly, quarterly, halfyearly or annual.
recurrenceEndType String How the recurrence ends. Possible values: never, endBy, occurrences, or recurrenceCount. If it is never, then there is no explicit end of the recurrence series. If it is endBy, then the recurrence ends at a certain date. If it is occurrences, then the series ends after recurrenceCount instances of the review have completed.
durationInDays Int32 The duration in days for recurrence.
recurrenceCount Int32 The count of recurrences, if the value of **r

accessreviews-root

businessflowtemplate

Property Type Description
id String The feature-assigned identifier of the business flow template. These values are case sensitive.
displayName String The name of the business flow template

identity

Property Type Description
displayName String The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta.
id String Unique identifier for the identity.

programcontrol

Property Type Description
id String The feature-assigned identifier of the link between program and control.
programId String The programId of the program this control is a part of. Required on create.
controlId String The controlId of the control, in particular the identifier of an access review. Required on create.
controlTypeId String The programControlType identifies the type of program control - for example, a control linking to guest access reviews. Required on create.
displayName String The name of the control.
status String The life cycle status of the control.
createdDateTime DateTimeOffset The creation date and time of the program control.
owner userIdentity The user who created the program control.
resource programResource The resource, a group or an app, targeted by this program control's access review.

userIdentity

Property Type Description
displayName String The identity's display name. Note that this may not always be available or up-to-date.
id String Unique identifier for the identity.
ipAddress String Indicates the client IP address used by user performing the activity (audit log only).
userPrincipalName String The userPrincipalName attribute of the user.
In This Article
Back to top Created by merill | Submit feedback