Show / Hide Table of Contents

PrivilegedAssignmentSchedule.Read.AzureADGroup

Allows the app to read time-based assignment schedules for access to Azure AD groups, on behalf of the signed-in user.

Graph Methods

Type: A = Application Permission, D = Delegate Permission

Ver	Type	Method
V1	A,D	GET /identityGovernance/privilegedAccess/group/assignmentScheduleInstances?$filter=groupId eq 'groupId'
V1	A,D	GET /identityGovernance/privilegedAccess/group/assignmentScheduleInstances?$filter=principalId eq 'principalId'
V1	A,D	GET /identityGovernance/privilegedAccess/group/assignmentScheduleInstances/{privilegedAccessGroupAssignmentScheduleInstanceId}
V1	A,D	GET /identityGovernance/privilegedAccess/group/assignmentScheduleInstances/filterByCurrentUser(on=parameterValue)
V1	A,D	GET /identityGovernance/privilegedAccess/group/assignmentScheduleRequests/filterByCurrentUser(on='parameterValue')
V1	A,D	GET /identityGovernance/privilegedAccess/group/assignmentSchedules?$filter=groupId eq 'groupId'
V1	A,D	GET /identityGovernance/privilegedAccess/group/assignmentSchedules?$filter=principalId eq 'principalId'
V1	A,D	GET /identityGovernance/privilegedAccess/group/assignmentSchedules/{privilegedAccessGroupAssignmentScheduleId}
V1	A,D	GET /identityGovernance/privilegedAccess/group/assignmentSchedules/filterByCurrentUser(on='parameterValue')

Delegate Permission


Id	02a32cc4-7ab5-4b58-879a-0586e0f7c495
Consent Type	Admin
Display String	Read assignment schedules for access to Azure AD groups
Description	Allows the app to read time-based assignment schedules for access to Azure AD groups, on behalf of the signed-in user.

Application Permission


Id	cd4161cb-f098-48f8-a884-1eda9a42434c
Display String	Read assignment schedules for access to Azure AD groups
Description	Allows the app to read time-based assignment schedules for access to Azure AD groups, without a signed-in user.

Resources

privilegedAccessGroupAssignmentSchedule

Property	Type	Description
accessId	privilegedAccessGroupRelationships	The identifier of the membership or ownership assignment to the group that is governed by PIM. Required. The possible values are: `owner`, `member`, `unknownFutureValue`.
assignmentType	privilegedAccessGroupAssignmentType	Indicates whether the membership or ownership assignment for the principal is granted through activation or direct assignment. Required. The possible values are: `assigned`, `activated`, `unknownFutureValue`.
createdDateTime	DateTimeOffset	When the schedule was created. Optional.
createdUsing	String	The identifier of the access assignment or eligibility request that created this schedule. Optional.
groupId	String	The identifier of the group representing the scope of the membership or ownership assignment through PIM for groups. Required.
id	String	The identifier of the schedule. Required. Inherited from entity.
memberType	privilegedAccessGroupMemberType	Indicates whether the assignment is derived from a direct group assignment or through a transitive assignment. The possible values are: `direct`, `group`, `unknownFutureValue`.
modifiedDateTime	DateTimeOffset	When the schedule was last modified. Optional.
principalId	String	The identifier of the principal whose membership or ownership assignment is granted through PIM for groups. Required.
scheduleInfo	requestSchedule	Represents the period of the access assignment or eligibility. The scheduleInfo can represent a single occurrence or multiple recurring instances. Required.
status	String	The status of the access assignment or eligibility request. The possible values are: `Canceled`, `Denied`, `Failed`, `Granted`, `PendingAdminDecision`, `PendingApproval`, `PendingProvisioning`, `PendingScheduleCreation`, `Provisioned`, `Revoked`, and `ScheduleCreated`. Not nullable. Optional.

privilegedAccessGroupAssignmentScheduleInstance

Property	Type	Description
accessId	privilegedAccessGroupRelationships	The identifier of the membership or ownership assignment relationship to the group. Required. The possible values are: `owner`, `member`, `unknownFutureValue`.
assignmentScheduleId	String	The identifier of the privilegedAccessGroupAssignmentSchedule from which this instance was created. Required.
assignmentType	privilegedAccessGroupAssignmentType	Indicates whether the membership or ownership assignment is granted through activation of an eligibility or through direct assignment. Required. The possible values are: `assigned`, `activated`, `unknownFutureValue`.
endDateTime	DateTimeOffset	When the schedule instance ends. Required.
groupId	String	The identifier of the group representing the scope of the membership or ownership assignment through PIM for groups. Optional.
id	String	The identifier of the access assignment schedule instance. Required. Inherited from entity.
memberType	privilegedAccessGroupMemberType	Indicates whether the assignment is derived from a group assignment. It can further imply whether the caller can manage the assignment schedule. Required. The possible values are: `direct`, `group`, `unknownFutureValue`.
principalId	String	The identifier of the principal whose membership or ownership assignment to the group is managed through PIM for groups. Required.
startDateTime	DateTimeOffset	When this instance starts. Required.

privilegedAccessGroupAssignmentScheduleRequest

Property	Type	Description
accessId	privilegedAccessGroupRelationships	The identifier of a membership or ownership assignment relationship to the group. Required. The possible values are: `owner`, `member`, `unknownFutureValue`.
action	String	Represents the type of operation on the group membership or ownership assignment request. The possible values are: `adminAssign`, `adminUpdate`, `adminRemove`, `selfActivate`, `selfDeactivate`, `adminExtend`, `adminRenew`. `adminAssign`: For administrators to assign group membership or ownership to principals. `adminRemove`: For administrators to remove principals from group membership or ownership. `adminUpdate`: For administrators to change existing group membership or ownership assignments. `adminExtend`: For administrators to extend expiring assignments. `adminRenew`: For administrators to renew expired assignments. `selfActivate`: For principals to activate their assignments. `selfDeactivate`: For principals to deactivate their active assignments.
approvalId	String	The identifier of the approval of the request. Inherited from request.
completedDateTime	DateTimeOffset	The request completion date time. Inherited from request.
createdBy	identitySet	The principal that created this request. Inherited from request. Read-only. Supports `$filter` (`eq`, `ne`, and on `null` values).
createdDateTime	DateTimeOffset	The request creation date time. Inherited from request. Read-only.
customData	String	Free text field to define any custom data for the request. Not used. Inherited from request.
groupId	String	The identifier of the group representing the scope of the membership or ownership assignment through PIM for groups. Required.
id	String	The unique identifier for the privilegedAccessGroupAssignmentScheduleRequest object. Key, not nullable, Read-only. Inherited from entity. Supports `$filter` (`eq`, `ne`).
isValidationOnly	Boolean	Determines whether the call is a validation or an actual call. Only set this property if you want to check whether an activation is subject to additional rules like MFA before actually submitting the request.
justification	String	A message provided by users and administrators when they create the privilegedAccessGroupAssignmentScheduleRequest object.
principalId	String	The identifier of the principal whose membership or ownership assignment to the group is managed through PIM for groups. Supports `$filter` (`eq`, `ne`).
scheduleInfo	requestSchedule	The period of the group membership or ownership assignment. Recurring schedules are currently unsupported.
status	String	The status of the group membership or ownership assignment request. Inherited from request. Read-only. Supports `$filter` (`eq`, `ne`).
targetScheduleId	String	The identifier of the schedule that's created from the membership or ownership assignment request. Supports `$filter` (`eq`, `ne`).
ticketInfo	ticketInfo	Ticket details linked to the group membership or ownership assignment request including details of the ticket number and ticket system.