PrivilegedEligibilitySchedule.ReadWrite.AzureADGroup
Allows the app to read, create, and delete time-based eligibility schedules for access to Azure AD groups, on behalf of the signed-in user.
Graph Methods
Type: A = Application Permission, D = Delegate Permission
Ver |
Type |
Method |
V1 |
A,D |
GET /identityGovernance/privilegedAccess/group/eligibilityScheduleInstances?$filter=groupId eq 'groupId' |
V1 |
A,D |
GET /identityGovernance/privilegedAccess/group/eligibilityScheduleInstances?filter=principalId eq 'principalId' |
V1 |
A,D |
GET /identityGovernance/privilegedAccess/group/eligibilityScheduleInstances/{privilegedAccessGroupEligibilityScheduleInstanceId} |
V1 |
A,D |
GET /identityGovernance/privilegedAccess/group/eligibilityScheduleInstances/filterByCurrentUser(on='parameterValue') |
V1 |
A,D |
GET /identityGovernance/privilegedAccess/group/eligibilityScheduleRequests |
V1 |
A,D |
GET /identityGovernance/privilegedAccess/group/eligibilityScheduleRequests/{privilegedAccessGroupEligibilityScheduleRequestId} |
V1 |
A,D |
GET /identityGovernance/privilegedAccess/group/eligibilityScheduleRequests/filterByCurrentUser(on='parameterValue') |
V1 |
A,D |
GET /identityGovernance/privilegedAccess/group/eligibilitySchedules?$filter=groupId eq 'groupId' |
V1 |
A,D |
GET /identityGovernance/privilegedAccess/group/eligibilitySchedules?filter=principalId eq 'principalId' |
V1 |
A,D |
GET /identityGovernance/privilegedAccess/group/eligibilitySchedules/{privilegedAccessGroupEligibilityScheduleId} |
V1 |
A,D |
GET /identityGovernance/privilegedAccess/group/eligibilitySchedules/filterByCurrentUser(on='parameterValue') |
V1 |
A,D |
POST /identityGovernance/privilegedAccess/group/eligibilityScheduleRequests |
V1 |
A,D |
POST /identityGovernance/privilegedAccess/group/eligibilityScheduleRequests/{privilegedAccessGroupEligibilityScheduleRequestId}/cancel |
Delegate Permission
|
|
Id |
ba974594-d163-484e-ba39-c330d5897667 |
Consent Type |
Admin |
Display String |
Read, create, and delete eligibility schedules for access to Azure AD groups |
Description |
Allows the app to read, create, and delete time-based eligibility schedules for access to Azure AD groups, on behalf of the signed-in user. |
Application Permission
|
|
Id |
618b6020-bca8-4de6-99f6-ef445fa4d857 |
Display String |
Read, create, and delete eligibility schedules for access to Azure AD groups |
Description |
Allows the app to read, create, and delete time-based eligibility schedules for access to Azure AD groups, without a signed-in user. |
Resources
Property |
Type |
Description |
accessId |
privilegedAccessGroupRelationships |
The identifier of the membership or ownership eligibility to the group that is governed by PIM. Required. The possible values are: owner , member . |
createdDateTime |
DateTimeOffset |
When the schedule was created. Optional. Inherited from privilegedAccessSchedule. |
createdUsing |
String |
The identifier of the access assignment or eligibility request that creates this schedule. Optional. Inherited from privilegedAccessSchedule. |
groupId |
String |
The identifier of the group representing the scope of the membership or ownership eligibility through PIM for groups. Required. |
id |
String |
The identifier of the schedule. Required. Inherited from entity. |
memberType |
privilegedAccessGroupMemberType |
Indicates whether the assignment is derived from a group assignment. It can further imply whether the caller can manage the schedule. Required. The possible values are: direct , group , unknownFutureValue . |
modifiedDateTime |
DateTimeOffset |
When the schedule was last modified. Optional. Inherited from privilegedAccessSchedule. |
principalId |
String |
The identifier of the principal whose membership or ownership eligibility is granted through PIM for groups. Required. |
scheduleInfo |
requestSchedule |
Represents the period of the access assignment or eligibility. The scheduleInfo can represent a single occurrence or multiple recurring instances. Required. Inherited from privilegedAccessSchedule. |
status |
String |
The status of the access assignment or eligibility request. The possible values are: Canceled , Denied , Failed , Granted , PendingAdminDecision , PendingApproval , PendingProvisioning , PendingScheduleCreation , Provisioned , Revoked , and ScheduleCreated . Not nullable. Optional. Inherited from privilegedAccessSchedule. |
Property |
Type |
Description |
accessId |
privilegedAccessGroupRelationships |
The identifier of the membership or ownership eligibility relationship to the group. Required. The possible values are: owner , member . |
eligibilityScheduleId |
String |
The identifier of the privilegedAccessGroupEligibilitySchedule from which this instance was created. Required. |
endDateTime |
DateTimeOffset |
When the schedule instance ends. Required. |
groupId |
String |
The identifier of the group representing the scope of the membership or ownership eligibility through PIM for groups. Required. |
id |
String |
The identifier of the access assignment schedule instance. Required. Inherited from entity. |
memberType |
privilegedAccessGroupMemberType |
Indicates whether the assignment is derived from a group assignment. It can further imply whether the calling principal can manage the assignment schedule. Required. The possible values are: direct , group , unknownFutureValue . |
principalId |
String |
The identifier of the principal whose membership or ownership eligibility to the group is managed through PIM for groups. Required. |
startDateTime |
DateTimeOffset |
When this instance starts. Required. |
Property |
Type |
Description |
accessId |
privilegedAccessGroupRelationships |
The identifier of membership or ownership eligibility relationship to the group. Required. The possible values are: owner , member , unknownFutureValue . |
action |
String |
Represents the type of operation on the group membership or ownership eligibility assignment request. The possible values are: adminAssign , adminUpdate , adminRemove , selfActivate , selfDeactivate , adminExtend , adminRenew .
adminAssign : For administrators to assign group membership or ownership eligibility to principals.adminRemove : For administrators to remove principals from group membership or ownership eligibilities.-
adminUpdate : For administrators to change existing eligible assignments. adminExtend : For administrators to extend expiring eligible assignments.adminRenew : For administrators to renew expired eligible assignments.selfActivate : For principals to activate their eligible assignments.selfDeactivate : For principals to deactivate their eligible assignments.
|
approvalId |
String |
The identifier of the approval of the request. Inherited from request. |
completedDateTime |
DateTimeOffset |
The request completion date time. Inherited from request. |
createdBy |
identitySet |
The principal that created this request. Inherited from request. Read-only. Supports $filter (eq , ne , and on null values). |
createdDateTime |
DateTimeOffset |
The request creation date time. Inherited from request. Read-only. |
customData |
String |
Free text field to define any custom data for the request. Not used. Inherited from request. |
groupId |
String |
The identifier of the group representing the scope of the membership and ownership eligibility through PIM for groups. Required. |
id |
String |
The unique identifier for the privilegedAccessGroupEligibilityScheduleRequest object. Key, not nullable, read-only. Inherited from entity. Supports $filter (eq , ne ). |
isValidationOnly |
Boolean |
Determines whether the call is a validation or an actual call. Only set this property if you want to check whether an activation is subject to additional rules like MFA before actually submitting the request. |
justification |
String |
A message provided by users and administrators when they create the privilegedAccessGroupEligibilityScheduleRequest object. |
principalId |
String |
The identifier of the principal whose membership or ownership eligibility to the group is managed through PIM for groups. Required. |
scheduleInfo |
requestSchedule |
The period of the group membership or ownership assignment. Recurring schedules are currently unsupported. |
status |
String |
The status of the group membership or ownership assignment request. Inherited from request. Read-only. Supports $filter (eq , ne ). |
targetScheduleId |
String |
The identifier of the schedule that's created from the eligibility request. Optional. |
ticketInfo |
ticketInfo |
Ticket details linked to the group membership or ownership assignment request including details of the ticket number and ticket system. |
Property |
Type |
Description |
expiration |
expirationPattern |
When the eligible or active assignment expires. |
recurrence |
patternedRecurrence |
The frequency of the eligible or active assignment. This property is currently unsupported in PIM. |
startDateTime |
DateTimeOffset |
When the eligible or active assignment becomes active. |
Property |
Type |
Description |
ticketNumber |
String |
The ticket number. |
ticketSystem |
String |
The description of the ticket system. |