PrivilegedAssignmentSchedule.ReadWrite.AzureADGroup
Allows the app to read, create, and delete time-based assignment schedules for access to Azure AD groups, on behalf of the signed-in user.
Merill's Note
For an app to access data in Microsoft Graph, the user or administrator must grant it the permissions it needs. This article lists all the Microsoft Graph APIs and your tenant data that can be accessed by the application (vendor/developer) if you consent to the
PrivilegedAssignmentSchedule.ReadWrite.AzureADGroup
permission.If you need to create an audit report of the permissions granted to all the apps in your tenant, you can run the
Export-MsIdAppConsentGrantReport
command. See How To: Run a quick OAuth app audit of your tenant
Category | Application | Delegated |
---|---|---|
Identifier | 41202f2c-f7ab-45be-b001-85c9728b9d69 | 06dbc45d-6708-4ef0-a797-f797ee68bf4b |
DisplayText | Read, create, and delete assignment schedules for access to Azure AD groups | Read, create, and delete assignment schedules for access to Azure AD groups |
Description | Allows the app to read, create, and delete time-based assignment schedules for access to Azure AD groups, without a signed-in user. | Allows the app to read, create, and delete time-based assignment schedules for access to Azure AD groups, on behalf of the signed-in user. |
AdminConsentRequired | Yes | Yes |
Graph Methods
→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)
Methods | |
---|---|
Resources
Granting this permission allows the calling application to access (and/or update) the following information in your tenant.
- accessPackageAssignmentRequest
- approval
- approvalStage
- approvalStep
- entitlementmanagement-overview
- privilegedAccessGroupAssignmentSchedule
- privilegedAccessGroupAssignmentScheduleInstance
- privilegedAccessGroupAssignmentScheduleRequest
- privilegedidentitymanagement-for-groups-api-overview
- privilegedidentitymanagementv3-overview
- requestSchedule
- ticketInfo
- unifiedRoleAssignmentScheduleRequest
Graph reference: accessPackageAssignmentRequest
Property | Type | Description |
---|---|---|
answers | accessPackageAnswer collection | Answers provided by the requestor to accessPackageQuestions asked of them at the time of request. |
completedDateTime | DateTimeOffset | The date of the end of processing, either successful or failure, of a request. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z . Read-only. |
customExtensionCalloutInstances | customExtensionCalloutInstance collection | Information about all the custom extension calls that were made during the access package assignment workflow. |
createdDateTime | DateTimeOffset | The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z . Read-only. Supports $filter . |
id | String | Read-only. |
requestType | accessPackageRequestType | The type of the request. The possible values are: notSpecified , userAdd , UserExtend , userUpdate , userRemove , adminAdd , adminUpdate , adminRemove , systemAdd , systemUpdate , systemRemove , onBehalfAdd (not supported), unknownFutureValue . Requests from the user have a requestType of userAdd , userUpdate , or userRemove . This property can't be changed once set. |
schedule | entitlementManagementSchedule | The range of dates that access is to be assigned to the requestor. This property can't be changed once set. |
state | accessPackageRequestState | The state of the request. The possible values are: submitted , pendingApproval , delivering , delivered , deliveryFailed , denied , scheduled , canceled , partiallyDelivered , unknownFutureValue . Read-only. Supports $filter (eq ). |
status | String | More information on the request processing status. Read-only. |