RoleManagementPolicy.Read.AzureADGroup
Allows the app to read policies in Privileged Identity Management for Groups, on behalf of the signed-in user.
Graph Methods
Type: A = Application Permission, D = Delegate Permission
Delegate Permission
|
|
Id |
7e26fdff-9cb1-4e56-bede-211fe0e420e8 |
Consent Type |
Admin |
Display String |
Read all policies in PIM for Groups |
Description |
Allows the app to read policies in Privileged Identity Management for Groups, on behalf of the signed-in user. |
Application Permission
|
|
Id |
69e67828-780e-47fd-b28c-7b27d14864e6 |
Display String |
Read all policies in PIM for Groups |
Description |
Allows the app to read policies in Privileged Identity Management for Groups, without a signed-in user. |
Resources
Property |
Type |
Description |
description |
String |
Description for the policy. |
displayName |
String |
Display name for the policy. |
id |
String |
Unique identifier for the policy. |
isOrganizationDefault |
Boolean |
This can only be set to true for a single tenant-wide policy which will apply to all scopes and roles. Set the scopeId to / and scopeType to Directory . Supports $filter (eq , ne ). |
lastModifiedBy |
identity |
The identity who last modified the role setting. |
lastModifiedDateTime |
DateTimeOffset |
The time when the role setting was last modified. |
scopeId |
String |
The identifier of the scope where the policy is created. Can be / for the tenant or a group ID. Required. |
scopeType |
String |
The type of the scope where the policy is created. One of Directory , DirectoryRole . Required. |
Property |
Type |
Description |
id |
String |
Identifier for the rule. Inherited from entity. |
setting |
approvalSettings |
The settings for approval of the role assignment. |
target |
unifiedRoleManagementPolicyRuleTarget |
Defines details of the scope that's targeted by the approval rule. The details can include the principal type, the role assignment type, and actions affecting a role. Inherited from unifiedRoleManagementPolicyRule. Supports $filter (eq , ne ). |
Property |
Type |
Description |
id |
String |
Unique identifier for the policy assignment. The ID is typically a concatenation of the unifiedRoleManagementPolicy ID and the roleDefinitionId separated by an underscore. |
policyId |
String |
The id of the policy. Inherited from entity. |
roleDefinitionId |
String |
The identifier of the role definition object where the policy applies. If not specified, the policy applies to all roles. Supports $filter (eq ). |
scopeId |
String |
The identifier of the scope where the policy is assigned. Can be / for the tenant or a group ID. Required. |
scopeType |
String |
The type of the scope where the policy is assigned. One of Directory , DirectoryRole . Required. |
Property |
Type |
Description |
claimValue |
String |
The value of the authentication context claim. |
id |
String |
Identifier for the rule. Inherited from entity. |
isEnabled |
Boolean |
Whether this rule is enabled. |
target |
unifiedRoleManagementPolicyRuleTarget |
Defines details of the scope that's targeted by the enablement rule. The details can include the principal type, the role assignment type, and actions affecting a role. Inherited from unifiedRoleManagementPolicyRule. Supports $filter (eq , ne ). |
Property |
Type |
Description |
enabledRules |
String collection |
The collection of rules that are enabled for this policy rule. For example, MultiFactorAuthentication , Ticketing , and Justification . |
id |
String |
Identifier for the rule. Inherited from entity. |
target |
unifiedRoleManagementPolicyRuleTarget |
Defines details of the scope that's targeted by the enablement rule. The details can include the principal type, the role assignment type, and actions affecting a role. Inherited from unifiedRoleManagementPolicyRule. Supports $filter (eq , ne ). |
Property |
Type |
Description |
id |
String |
Identifier for the rule. Inherited from entity. |
isExpirationRequired |
Boolean |
Indicates whether expiration is required or if it's a permanently active assignment or eligibility. |
maximumDuration |
Duration |
The maximum duration allowed for eligibility or assignment which is not permanent. Required when isExpirationRequired is true . |
target |
unifiedRoleManagementPolicyRuleTarget |
Defines details of the scope that's targeted by the expiration rule. The details can include the principal type, the role assignment type, and actions affecting a role. Inherited from unifiedRoleManagementPolicyRule. Supports $filter (eq , ne ). |
Property |
Type |
Description |
id |
String |
Identifier for the rule. Inherited from entity. |
isDefaultRecipientsEnabled |
Boolean |
Indicates whether a default recipient will receive the notification email. |
notificationLevel |
String |
The level of notification. The possible values are None , Critical , All . |
notificationRecipients |
String collection |
The list of recipients of the email notifications. |
notificationType |
String |
The type of notification. Only Email is supported. |
recipientType |
String |
The type of recipient of the notification. The possible values are Requestor , Approver , Admin . |
target |
unifiedRoleManagementPolicyRuleTarget |
Defines details of the scope that's targeted by the notification rule. The details can include the principal type, the role assignment type, and actions affecting a role. Inherited from unifiedRoleManagementPolicyRule. Supports $filter (eq , ne ). |
Property |
Type |
Description |
id |
String |
Identifier for the rule. Inherited from entity. Read-only. |
target |
unifiedRoleManagementPolicyRuleTarget |
Defines details of scope that's targeted by role management policy rule. The details can include the principal type, the role assignment type, and actions affecting a role. Supports $filter (eq , ne ). |