PrivilegedAssignmentSchedule.ReadWrite.AzureADGroup
Allows the app to read, create, and delete time-based assignment schedules for access to Azure AD groups, on behalf of the signed-in user.
Graph Methods
Type: A = Application Permission, D = Delegate Permission
Delegate Permission
|
|
Id |
06dbc45d-6708-4ef0-a797-f797ee68bf4b |
Consent Type |
Admin |
Display String |
Read, create, and delete assignment schedules for access to Azure AD groups |
Description |
Allows the app to read, create, and delete time-based assignment schedules for access to Azure AD groups, on behalf of the signed-in user. |
Application Permission
|
|
Id |
41202f2c-f7ab-45be-b001-85c9728b9d69 |
Display String |
Read, create, and delete assignment schedules for access to Azure AD groups |
Description |
Allows the app to read, create, and delete time-based assignment schedules for access to Azure AD groups, without a signed-in user. |
Resources
Property |
Type |
Description |
answers |
accessPackageAnswer collection |
Answers provided by the requestor to accessPackageQuestions asked of them at the time of request. |
completedDateTime |
DateTimeOffset |
The date of the end of processing, either successful or failure, of a request. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z . Read-only. |
customExtensionCalloutInstances |
customExtensionCalloutInstance collection |
Information about all the custom extension calls that were made during the access package assignment workflow. |
createdDateTime |
DateTimeOffset |
The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z . Read-only. Supports $filter . |
id |
String |
Read-only. |
requestType |
accessPackageRequestType |
The type of the request. The possible values are: notSpecified , userAdd , UserExtend , userUpdate , userRemove , adminAdd , adminUpdate , adminRemove , systemAdd , systemUpdate , systemRemove , onBehalfAdd (not supported), unknownFutureValue . A request from the user themselves would have requestType of userAdd , userUpdate or userRemove . This property can't be changed once set. |
schedule |
entitlementManagementSchedule |
The range of dates that access is to be assigned to the requestor. This property can't be changed once set. |
state |
accessPackageRequestState |
The state of the request. The possible values are: submitted , pendingApproval , delivering , delivered , deliveryFailed , denied , scheduled , canceled , partiallyDelivered , unknownFutureValue . Read-only. Supports $filter (eq ). |
status |
String |
More information on the request processing status. Read-only. |
Property |
Type |
Description |
id |
String |
Identifier of the approval decision. In PIM for groups, it is the same identifier as the identifier of the assignment schedule request. |
Property |
Type |
Description |
assignedToMe |
Boolean |
Indicates whether the stage is assigned to the calling user to review. Read-only. |
displayName |
String |
The label provided by the policy creator to identify an approval stage. Read-only. |
id |
String |
The identifier of the stage associated with an approval object. Read-only. |
justification |
String |
The justification associated with the approval stage decision. |
reviewResult |
String |
The result of this approval record. Possible values include: NotReviewed , Approved , Denied . |
reviewedBy |
identity |
The identifier of the reviewer. 00000000-0000-0000-0000-000000000000 if the assigned reviewer hasn't reviewed. Read-only. |
reviewedDateTime |
DateTimeOffset |
The date and time when a decision was recorded. The date and time information uses ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z . Read-only. |
status |
String |
The stage status. Possible values: InProgress , Initializing , Completed , Expired . Read-only. |
Property |
Type |
Description |
accessId |
privilegedAccessGroupRelationships |
The identifier of a membership or ownership assignment relationship to the group. Required. The possible values are: owner , member , unknownFutureValue . |
action |
String |
Represents the type of operation on the group membership or ownership assignment request. The possible values are: adminAssign , adminUpdate , adminRemove , selfActivate , selfDeactivate , adminExtend , adminRenew .
adminAssign : For administrators to assign group membership or ownership to principals.adminRemove : For administrators to remove principals from group membership or ownership.-
adminUpdate : For administrators to change existing group membership or ownership assignments. adminExtend : For administrators to extend expiring assignments.adminRenew : For administrators to renew expired assignments.selfActivate : For principals to activate their assignments.selfDeactivate : For principals to deactivate their active assignments.
|
approvalId |
String |
The identifier of the approval of the request. Inherited from request. |
completedDateTime |
DateTimeOffset |
The request completion date time. Inherited from request. |
createdBy |
identitySet |
The principal that created this request. Inherited from request. Read-only. Supports $filter (eq , ne , and on null values). |
createdDateTime |
DateTimeOffset |
The request creation date time. Inherited from request. Read-only. |
customData |
String |
Free text field to define any custom data for the request. Not used. Inherited from request. |
groupId |
String |
The identifier of the group representing the scope of the membership or ownership assignment through PIM for groups. Required. |
id |
String |
The unique identifier for the privilegedAccessGroupAssignmentScheduleRequest object. Key, not nullable, Read-only. Inherited from entity. Supports $filter (eq , ne ). |
isValidationOnly |
Boolean |
Determines whether the call is a validation or an actual call. Only set this property if you want to check whether an activation is subject to additional rules like MFA before actually submitting the request. |
justification |
String |
A message provided by users and administrators when they create the privilegedAccessGroupAssignmentScheduleRequest object. |
principalId |
String |
The identifier of the principal whose membership or ownership assignment to the group is managed through PIM for groups. Supports $filter (eq , ne ). |
scheduleInfo |
requestSchedule |
The period of the group membership or ownership assignment. Recurring schedules are currently unsupported. |
status |
String |
The status of the group membership or ownership assignment request. Inherited from request. Read-only. Supports $filter (eq , ne ). |
targetScheduleId |
String |
The identifier of the schedule that's created from the membership or ownership assignment request. Supports $filter (eq , ne ). |
ticketInfo |
ticketInfo |
Ticket details linked to the group membership or ownership assignment request including details of the ticket number and ticket system. |
Property |
Type |
Description |
action |
String |
Represents the type of the operation on the role assignment request. The possible values are: adminAssign , adminUpdate , adminRemove , selfActivate , selfDeactivate , adminExtend , adminRenew , selfExtend , selfRenew , unknownFutureValue .
adminAssign : For administrators to assign roles to principals.adminRemove : For administrators to remove principals from roles.-
adminUpdate : For administrators to change existing role assignments. adminExtend : For administrators to extend expiring assignments.adminRenew : For administrators to renew expired assignments.selfActivate : For principals to activate their assignments.selfDeactivate : For principals to deactivate their active assignments.selfExtend : For principals to request to extend their expiring assignments.selfRenew : For principals to request to renew their expired assignments.
|
approvalId |
String |
The identifier of the approval of the request. Inherited from request. |
appScopeId |
String |
Identifier of the app-specific scope when the assignment is scoped to an app. The scope of an assignment determines the set of resources for which the principal has been granted access. App scopes are scopes that are defined and understood by this application only. Use / for tenant-wide app scopes. Use directoryScopeId to limit the scope to particular directory objects, for example, administrative units. Supports $filter (eq , ne , and on null values). |
completedDateTime |
DateTimeOffset |
The request completion date time. Inherited from request. |
createdBy |
identitySet |
The principal that created this request. Inherited from request. Read-only. Supports $filter (eq , ne , and on null values). |
createdDateTime |
DateTimeOffset |
The request creation date time. Inherited from request. Read-only. |
customData |
String |
Free text field to define any custom data for the request. Not used. Inherited from request. |
directoryScopeId |
String |
Identifier of the directory object representing the scope of the assignment. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use / for tenant-wide scope. Use appScopeId to limit the scope to an application only. Supports $filter (eq , ne , and on null values). |
id |
String |
The unique identifier for the unifiedRoleAssignmentScheduleRequest object. Key, not nullable, Read-only. Inherited from entity. Supports $filter (eq , ne ). |
isValidationOnly |
Boolean |
Determines whether the call is a validation or an actual call. Only set this property if you want to check whether an activation is subject to additional rules like MFA before actually submitting the request. |
justification |
String |
A message provided by users and administrators when create they create the unifiedRoleAssignmentScheduleRequest object. |
principalId |
String |
Identifier of the principal that has been granted the assignment. Can be a user, role-assignable group, or a service principal. Supports $filter (eq , ne ). |
roleDefinitionId |
String |
Identifier of the unifiedRoleDefinition object that is being assigned to the principal. Supports $filter (eq , ne ). |
scheduleInfo |
requestSchedule |
The period of the role assignment. Recurring schedules are currently unsupported. |
status |
String |
The status of the role assignment request. Inherited from request. Read-only. Supports $filter (eq , ne ). |
targetScheduleId |
String |
Identifier of the schedule object that's linked to the assignment request. Supports $filter (eq , ne ). |
ticketInfo |
ticketInfo |
Ticket details linked to the role assignment request including details of the ticket number and ticket system. |