PrivilegedEligibilitySchedule.ReadWrite.AzureADGroup
Allows the app to read, create, and delete time-based eligibility schedules for access to Azure AD groups, on behalf of the signed-in user.
Graph Methods
Type: A = Application Permission, D = Delegate Permission
| Ver |
Type |
Method |
| V1 |
A,D |
GET /identityGovernance/privilegedAccess/group/eligibilityScheduleInstances?$filter=groupId eq 'groupId' |
| V1 |
A,D |
GET /identityGovernance/privilegedAccess/group/eligibilityScheduleInstances?filter=principalId eq 'principalId' |
| V1 |
A,D |
GET /identityGovernance/privilegedAccess/group/eligibilityScheduleInstances/{privilegedAccessGroupEligibilityScheduleInstanceId} |
| V1 |
A,D |
GET /identityGovernance/privilegedAccess/group/eligibilityScheduleInstances/filterByCurrentUser(on='parameterValue') |
| V1 |
A,D |
GET /identityGovernance/privilegedAccess/group/eligibilityScheduleRequests |
| V1 |
A,D |
GET /identityGovernance/privilegedAccess/group/eligibilityScheduleRequests/{privilegedAccessGroupEligibilityScheduleRequestId} |
| V1 |
A,D |
GET /identityGovernance/privilegedAccess/group/eligibilityScheduleRequests/filterByCurrentUser(on='parameterValue') |
| V1 |
A,D |
GET /identityGovernance/privilegedAccess/group/eligibilitySchedules?$filter=groupId eq 'groupId' |
| V1 |
A,D |
GET /identityGovernance/privilegedAccess/group/eligibilitySchedules?filter=principalId eq 'principalId' |
| V1 |
A,D |
GET /identityGovernance/privilegedAccess/group/eligibilitySchedules/{privilegedAccessGroupEligibilityScheduleId} |
| V1 |
A,D |
GET /identityGovernance/privilegedAccess/group/eligibilitySchedules/filterByCurrentUser(on='parameterValue') |
| V1 |
A,D |
POST /identityGovernance/privilegedAccess/group/eligibilityScheduleRequests |
| V1 |
A,D |
POST /identityGovernance/privilegedAccess/group/eligibilityScheduleRequests/{privilegedAccessGroupEligibilityScheduleRequestId}/cancel |
Delegate Permission
|
|
| Id |
ba974594-d163-484e-ba39-c330d5897667 |
| Consent Type |
Admin |
| Display String |
Read, create, and delete eligibility schedules for access to Azure AD groups |
| Description |
Allows the app to read, create, and delete time-based eligibility schedules for access to Azure AD groups, on behalf of the signed-in user. |
Application Permission
|
|
| Id |
618b6020-bca8-4de6-99f6-ef445fa4d857 |
| Display String |
Read, create, and delete eligibility schedules for access to Azure AD groups |
| Description |
Allows the app to read, create, and delete time-based eligibility schedules for access to Azure AD groups, without a signed-in user. |
Resources
| Property |
Type |
Description |
| accessId |
privilegedAccessGroupRelationships |
The identifier of the membership or ownership eligibility to the group that is governed by PIM. Required. The possible values are: owner, member. |
| createdDateTime |
DateTimeOffset |
When the schedule was created. Optional. Inherited from privilegedAccessSchedule. |
| createdUsing |
String |
The identifier of the access assignment or eligibility request that creates this schedule. Optional. Inherited from privilegedAccessSchedule. |
| groupId |
String |
The identifier of the group representing the scope of the membership or ownership eligibility through PIM for groups. Required. |
| id |
String |
The identifier of the schedule. Required. Inherited from entity. |
| memberType |
privilegedAccessGroupMemberType |
Indicates whether the assignment is derived from a group assignment. It can further imply whether the caller can manage the schedule. Required. The possible values are: direct, group, unknownFutureValue. |
| modifiedDateTime |
DateTimeOffset |
When the schedule was last modified. Optional. Inherited from privilegedAccessSchedule. |
| principalId |
String |
The identifier of the principal whose membership or ownership eligibility is granted through PIM for groups. Required. |
| scheduleInfo |
requestSchedule |
Represents the period of the access assignment or eligibility. The scheduleInfo can represent a single occurrence or multiple recurring instances. Required. Inherited from privilegedAccessSchedule. |
| status |
String |
The status of the access assignment or eligibility request. The possible values are: Canceled, Denied, Failed, Granted, PendingAdminDecision, PendingApproval, PendingProvisioning, PendingScheduleCreation, Provisioned, Revoked, and ScheduleCreated. Not nullable. Optional. Inherited from privilegedAccessSchedule. |
| Property |
Type |
Description |
| accessId |
privilegedAccessGroupRelationships |
The identifier of the membership or ownership eligibility relationship to the group. Required. The possible values are: owner, member. |
| eligibilityScheduleId |
String |
The identifier of the privilegedAccessGroupEligibilitySchedule from which this instance was created. Required. |
| endDateTime |
DateTimeOffset |
When the schedule instance ends. Required. |
| groupId |
String |
The identifier of the group representing the scope of the membership or ownership eligibility through PIM for groups. Required. |
| id |
String |
The identifier of the access assignment schedule instance. Required. Inherited from entity. |
| memberType |
privilegedAccessGroupMemberType |
Indicates whether the assignment is derived from a group assignment. It can further imply whether the calling principal can manage the assignment schedule. Required. The possible values are: direct, group, unknownFutureValue. |
| principalId |
String |
The identifier of the principal whose membership or ownership eligibility to the group is managed through PIM for groups. Required. |
| startDateTime |
DateTimeOffset |
When this instance starts. Required. |
| Property |
Type |
Description |
| accessId |
privilegedAccessGroupRelationships |
The identifier of membership or ownership eligibility relationship to the group. Required. The possible values are: owner, member, unknownFutureValue. |
| action |
String |
Represents the type of operation on the group membership or ownership eligibility assignment request. The possible values are: adminAssign, adminUpdate, adminRemove, selfActivate, selfDeactivate, adminExtend, adminRenew.
adminAssign: For administrators to assign group membership or ownership eligibility to principals.adminRemove: For administrators to remove principals from group membership or ownership eligibilities.-
adminUpdate: For administrators to change existing eligible assignments. adminExtend: For administrators to extend expiring eligible assignments.adminRenew: For administrators to renew expired eligible assignments.selfActivate: For principals to activate their eligible assignments.selfDeactivate: For principals to deactivate their eligible assignments.
|
| approvalId |
String |
The identifier of the approval of the request. Inherited from request. |
| completedDateTime |
DateTimeOffset |
The request completion date time. Inherited from request. |
| createdBy |
identitySet |
The principal that created this request. Inherited from request. Read-only. Supports $filter (eq, ne, and on null values). |
| createdDateTime |
DateTimeOffset |
The request creation date time. Inherited from request. Read-only. |
| customData |
String |
Free text field to define any custom data for the request. Not used. Inherited from request. |
| groupId |
String |
The identifier of the group representing the scope of the membership and ownership eligibility through PIM for groups. Required. |
| id |
String |
The unique identifier for the privilegedAccessGroupEligibilityScheduleRequest object. Key, not nullable, read-only. Inherited from entity. Supports $filter (eq, ne). |
| isValidationOnly |
Boolean |
Determines whether the call is a validation or an actual call. Only set this property if you want to check whether an activation is subject to additional rules like MFA before actually submitting the request. |
| justification |
String |
A message provided by users and administrators when they create the privilegedAccessGroupEligibilityScheduleRequest object. |
| principalId |
String |
The identifier of the principal whose membership or ownership eligibility to the group is managed through PIM for groups. Required. |
| scheduleInfo |
requestSchedule |
The period of the group membership or ownership assignment. Recurring schedules are currently unsupported. |
| status |
String |
The status of the group membership or ownership assignment request. Inherited from request. Read-only. Supports $filter (eq, ne). |
| targetScheduleId |
String |
The identifier of the schedule that's created from the eligibility request. Optional. |
| ticketInfo |
ticketInfo |
Ticket details linked to the group membership or ownership assignment request including details of the ticket number and ticket system. |
| Property |
Type |
Description |
| expiration |
expirationPattern |
When the eligible or active assignment expires. |
| recurrence |
patternedRecurrence |
The frequency of the eligible or active assignment. This property is currently unsupported in PIM. |
| startDateTime |
DateTimeOffset |
When the eligible or active assignment becomes active. |
| Property |
Type |
Description |
| ticketNumber |
String |
The ticket number. |
| ticketSystem |
String |
The description of the ticket system. |