accessPackageAssignmentPolicy aktualisieren
Artikel
05/05/2022
5 Minuten Lesedauer
2 Mitwirkende
In diesem Artikel
Namespace: microsoft.graph
Aktualisieren Sie ein vorhandenes accessPackageAssignmentPolicy-Objekt , um eine oder mehrere seiner Eigenschaften zu ändern, z. B. den Anzeigenamen oder die Beschreibung.
Berechtigungen
Eine der nachfolgenden Berechtigungen ist erforderlich, um diese API aufrufen zu können. Weitere Informationen, unter anderem zur Auswahl von Berechtigungen, finden Sie im Artikel zum Thema Berechtigungen .
Berechtigungstyp
Berechtigungen (von der Berechtigung mit den wenigsten Rechten zu der mit den meisten Rechten)
Delegiert (Geschäfts-, Schul- oder Unikonto)
EntitlementManagement.ReadWrite.All
Delegiert (persönliches Microsoft-Konto)
Nicht unterstützt
Anwendung
EntitlementManagement.ReadWrite.All
HTTP-Anforderung
PUT /identityGovernance/entitlementManagement/assignmentPolicies/{accessPackageAssignmentPolicyId}
Name
Beschreibung
Authorization
Bearer {token}. Erforderlich.
Content-Type
application/json. Erforderlich.
Anforderungstext
Stellen Sie im Anforderungstext nur die Werte für Eigenschaften bereit, die aktualisiert werden sollen. Vorhandene Eigenschaften, die nicht im Anforderungstext enthalten sind, behalten ihre vorherigen Werte bei oder werden basierend auf Änderungen an anderen Eigenschaftswerten neu berechnet.
In der folgenden Tabelle sind die Eigenschaften angegeben, die aktualisiert werden können.
Eigenschaft
Typ
Beschreibung
displayName
Zeichenfolge
Der Anzeigename der Richtlinie.
description
Zeichenfolge
Die Beschreibung der Richtlinie.
allowedTargetScope
allowedTargetScope
Wer kann das Zugriffspaket über diese Richtlinie anfordern. Mögliche Werte sind: notSpecified, specificDirectoryUsers, specificConnectedOrganizationUsers, specificDirectoryServicePrincipals, allMemberUsers, allDirectoryUsers, allDirectoryServicePrincipals, allConfiguredConnectedOrganizationUsers, allExternalUsers, unknownFutureValue.
specificAllowedTargets
subjectSet-Sammlung Die Prinzipale, denen über diese Richtlinie Zugriff über ein Zugriffspaket zugewiesen werden kann.
Ablauf
expirationPattern Das Ablaufdatum für in dieser Richtlinie erstellte Zuordnungen.
requestorSettings
accessPackageAssignmentRequestorSettings Stellt zusätzliche Einstellungen bereit, um auszuwählen, wer eine Anforderung für eine Zugriffspaketzuweisung über diese Richtlinie erstellen kann und was diese in ihre Anforderung aufnehmen können.
requestApprovalSettings
accessPackageAssignmentApprovalSettings Gibt die Einstellungen für die Genehmigung von Anforderungen für eine Zugriffspaketzuweisung über diese Richtlinie an. Wenn z. B. eine Genehmigung für neue Anforderungen erforderlich ist.
reviewSettings
accessPackageReviewSettings Einstellungen für Zugriffsüberprüfungen von Aufgaben über diese Richtlinie.
Antwort
Bei erfolgreicher Ausführung gibt die Methode einen 200 OK Antwortcode und ein aktualisiertes accessPackageAssignmentPolicy-Objekt im Antworttext zurück.
Beispiele
Anforderung
PUT https://graph.microsoft.com/v1.0/identityGovernance/entitlementManagement/assignmentPolicies/87e1c7f7-c7f7-87e1-f7c7-e187f7c7e187
Content-Type: application/json
{
"id":"87e1c7f7-c7f7-87e1-f7c7-e187f7c7e187",
"displayName": "All Users",
"description": "All users can request for access to the directory.",
"allowedTargetScope": "allDirectoryUsers",
"specificAllowedTargets": [],
"expiration": {
"type": "noExpiration"
},
"requestorSettings": {
"enableTargetsToSelfAddAccess": true,
"enableTargetsToSelfUpdateAccess": false,
"enableTargetsToSelfRemoveAccess": true,
"allowCustomAssignmentSchedule": false,
"enableOnBehalfRequestorsToAddAccess": false,
"enableOnBehalfRequestorsToUpdateAccess": false,
"enableOnBehalfRequestorsToRemoveAccess": false,
"onBehalfRequestors": []
},
"requestApprovalSettings": {
"isApprovalRequiredForAdd": true,
"isApprovalRequiredForUpdate": false,
"stages": [
{
"durationBeforeAutomaticDenial": "P2D",
"isApproverJustificationRequired": false,
"isEscalationEnabled": false,
"durationBeforeEscalation": "PT0S",
"primaryApprovers": [
{
"@odata.type": "#microsoft.graph.requestorManager",
"managerLevel": 1
}
],
"fallbackPrimaryApprovers": [
{
"@odata.type": "#microsoft.graph.singleUser",
"userId": "e6bf4d7d-6824-4dd0-809d-5bf42d4817c2",
"description": "user"
}
],
"escalationApprovers": [],
"fallbackEscalationApprovers": []
}
]
},
"accessPackage": {
"id": "49d2c59b-0a81-463d-a8ec-ddad3935d8a0"
}
}
GraphServiceClient graphClient = new GraphServiceClient( authProvider );
var accessPackageAssignmentPolicy = new AccessPackageAssignmentPolicy
{
Id = "87e1c7f7-c7f7-87e1-f7c7-e187f7c7e187",
DisplayName = "All Users",
Description = "All users can request for access to the directory.",
AllowedTargetScope = AllowedTargetScope.AllDirectoryUsers,
SpecificAllowedTargets = new List<SubjectSet>()
{
},
Expiration = new ExpirationPattern
{
Type = ExpirationPatternType.NoExpiration
},
RequestorSettings = new AccessPackageAssignmentRequestorSettings
{
EnableTargetsToSelfAddAccess = true,
EnableTargetsToSelfUpdateAccess = false,
EnableTargetsToSelfRemoveAccess = true,
AllowCustomAssignmentSchedule = false,
EnableOnBehalfRequestorsToAddAccess = false,
EnableOnBehalfRequestorsToUpdateAccess = false,
EnableOnBehalfRequestorsToRemoveAccess = false,
OnBehalfRequestors = new List<SubjectSet>()
{
}
},
RequestApprovalSettings = new AccessPackageAssignmentApprovalSettings
{
IsApprovalRequiredForAdd = true,
IsApprovalRequiredForUpdate = false,
Stages = new List<AccessPackageApprovalStage>()
{
new AccessPackageApprovalStage
{
DurationBeforeAutomaticDenial = new Duration("P2D"),
IsApproverJustificationRequired = false,
IsEscalationEnabled = false,
DurationBeforeEscalation = new Duration("PT0S"),
PrimaryApprovers = new List<SubjectSet>()
{
new RequestorManager
{
ManagerLevel = 1
}
},
FallbackPrimaryApprovers = new List<SubjectSet>()
{
new SingleUser
{
UserId = "e6bf4d7d-6824-4dd0-809d-5bf42d4817c2",
Description = "user"
}
},
EscalationApprovers = new List<SubjectSet>()
{
},
FallbackEscalationApprovers = new List<SubjectSet>()
{
}
}
}
},
AccessPackage = new AccessPackage
{
Id = "49d2c59b-0a81-463d-a8ec-ddad3935d8a0"
}
};
await graphClient.IdentityGovernance.EntitlementManagement.AssignmentPolicies["{accessPackageAssignmentPolicy-id}"]
.Request()
.PutAsync(accessPackageAssignmentPolicy);
Ausführliche Informationen zum Hinzufügen des SDK zu Ihrem Projekt und zum Erstellen einer authProvider-Instanz finden Sie in der SDK-Dokumentation .
const options = {
authProvider,
};
const client = Client.init(options);
const accessPackageAssignmentPolicy = {
id: '87e1c7f7-c7f7-87e1-f7c7-e187f7c7e187',
displayName: 'All Users',
description: 'All users can request for access to the directory.',
allowedTargetScope: 'allDirectoryUsers',
specificAllowedTargets: [],
expiration: {
type: 'noExpiration'
},
requestorSettings: {
enableTargetsToSelfAddAccess: true,
enableTargetsToSelfUpdateAccess: false,
enableTargetsToSelfRemoveAccess: true,
allowCustomAssignmentSchedule: false,
enableOnBehalfRequestorsToAddAccess: false,
enableOnBehalfRequestorsToUpdateAccess: false,
enableOnBehalfRequestorsToRemoveAccess: false,
onBehalfRequestors: []
},
requestApprovalSettings: {
isApprovalRequiredForAdd: true,
isApprovalRequiredForUpdate: false,
stages: [
{
durationBeforeAutomaticDenial: 'P2D',
isApproverJustificationRequired: false,
isEscalationEnabled: false,
durationBeforeEscalation: 'PT0S',
primaryApprovers: [
{
'@odata.type': '#microsoft.graph.requestorManager',
managerLevel: 1
}
],
fallbackPrimaryApprovers: [
{
'@odata.type': '#microsoft.graph.singleUser',
userId: 'e6bf4d7d-6824-4dd0-809d-5bf42d4817c2',
description: 'user'
}
],
escalationApprovers: [],
fallbackEscalationApprovers: []
}
]
},
accessPackage: {
id: '49d2c59b-0a81-463d-a8ec-ddad3935d8a0'
}
};
await client.api('/identityGovernance/entitlementManagement/assignmentPolicies/87e1c7f7-c7f7-87e1-f7c7-e187f7c7e187')
.put(accessPackageAssignmentPolicy);
Ausführliche Informationen zum Hinzufügen des SDK zu Ihrem Projekt und zum Erstellen einer authProvider-Instanz finden Sie in der SDK-Dokumentation .
MSHTTPClient *httpClient = [MSClientFactory createHTTPClientWithAuthenticationProvider:authenticationProvider];
NSString *MSGraphBaseURL = @"https://graph.microsoft.com/v1.0/";
NSMutableURLRequest *urlRequest = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:[MSGraphBaseURL stringByAppendingString:@"/identityGovernance/entitlementManagement/assignmentPolicies/87e1c7f7-c7f7-87e1-f7c7-e187f7c7e187"]]];
[urlRequest setHTTPMethod:@"PUT"];
[urlRequest setValue:@"application/json" forHTTPHeaderField:@"Content-Type"];
MSGraphAccessPackageAssignmentPolicy *accessPackageAssignmentPolicy = [[MSGraphAccessPackageAssignmentPolicy alloc] init];
[accessPackageAssignmentPolicy setId:@"87e1c7f7-c7f7-87e1-f7c7-e187f7c7e187"];
[accessPackageAssignmentPolicy setDisplayName:@"All Users"];
[accessPackageAssignmentPolicy setDescription:@"All users can request for access to the directory."];
[accessPackageAssignmentPolicy setAllowedTargetScope: [MSGraphAllowedTargetScope allDirectoryUsers]];
NSMutableArray *specificAllowedTargetsList = [[NSMutableArray alloc] init];
[accessPackageAssignmentPolicy setSpecificAllowedTargets:specificAllowedTargetsList];
MSGraphExpirationPattern *expiration = [[MSGraphExpirationPattern alloc] init];
[expiration setType: [MSGraphExpirationPatternType noExpiration]];
[accessPackageAssignmentPolicy setExpiration:expiration];
MSGraphAccessPackageAssignmentRequestorSettings *requestorSettings = [[MSGraphAccessPackageAssignmentRequestorSettings alloc] init];
[requestorSettings setEnableTargetsToSelfAddAccess: true];
[requestorSettings setEnableTargetsToSelfUpdateAccess: false];
[requestorSettings setEnableTargetsToSelfRemoveAccess: true];
[requestorSettings setAllowCustomAssignmentSchedule: false];
[requestorSettings setEnableOnBehalfRequestorsToAddAccess: false];
[requestorSettings setEnableOnBehalfRequestorsToUpdateAccess: false];
[requestorSettings setEnableOnBehalfRequestorsToRemoveAccess: false];
NSMutableArray *onBehalfRequestorsList = [[NSMutableArray alloc] init];
[requestorSettings setOnBehalfRequestors:onBehalfRequestorsList];
[accessPackageAssignmentPolicy setRequestorSettings:requestorSettings];
MSGraphAccessPackageAssignmentApprovalSettings *requestApprovalSettings = [[MSGraphAccessPackageAssignmentApprovalSettings alloc] init];
[requestApprovalSettings setIsApprovalRequiredForAdd: true];
[requestApprovalSettings setIsApprovalRequiredForUpdate: false];
NSMutableArray *stagesList = [[NSMutableArray alloc] init];
MSGraphAccessPackageApprovalStage *stages = [[MSGraphAccessPackageApprovalStage alloc] init];
[stages setDurationBeforeAutomaticDenial:@"P2D"];
[stages setIsApproverJustificationRequired: false];
[stages setIsEscalationEnabled: false];
[stages setDurationBeforeEscalation:@"PT0S"];
NSMutableArray *primaryApproversList = [[NSMutableArray alloc] init];
MSGraphSubjectSet *primaryApprovers = [[MSGraphSubjectSet alloc] init];
[primaryApprovers setManagerLevel: 1];
[primaryApproversList addObject: primaryApprovers];
[stages setPrimaryApprovers:primaryApproversList];
NSMutableArray *fallbackPrimaryApproversList = [[NSMutableArray alloc] init];
MSGraphSubjectSet *fallbackPrimaryApprovers = [[MSGraphSubjectSet alloc] init];
[fallbackPrimaryApprovers setUserId:@"e6bf4d7d-6824-4dd0-809d-5bf42d4817c2"];
[fallbackPrimaryApprovers setDescription:@"user"];
[fallbackPrimaryApproversList addObject: fallbackPrimaryApprovers];
[stages setFallbackPrimaryApprovers:fallbackPrimaryApproversList];
NSMutableArray *escalationApproversList = [[NSMutableArray alloc] init];
[stages setEscalationApprovers:escalationApproversList];
NSMutableArray *fallbackEscalationApproversList = [[NSMutableArray alloc] init];
[stages setFallbackEscalationApprovers:fallbackEscalationApproversList];
[stagesList addObject: stages];
[requestApprovalSettings setStages:stagesList];
[accessPackageAssignmentPolicy setRequestApprovalSettings:requestApprovalSettings];
MSGraphAccessPackage *accessPackage = [[MSGraphAccessPackage alloc] init];
[accessPackage setId:@"49d2c59b-0a81-463d-a8ec-ddad3935d8a0"];
[accessPackageAssignmentPolicy setAccessPackage:accessPackage];
NSError *error;
NSData *accessPackageAssignmentPolicyData = [accessPackageAssignmentPolicy getSerializedDataWithError:&error];
[urlRequest setHTTPBody:accessPackageAssignmentPolicyData];
MSURLSessionDataTask *meDataTask = [httpClient dataTaskWithRequest:urlRequest
completionHandler: ^(NSData *data, NSURLResponse *response, NSError *nserror) {
//Request Completed
}];
[meDataTask execute];
Ausführliche Informationen zum Hinzufügen des SDK zu Ihrem Projekt und zum Erstellen einer authProvider-Instanz finden Sie in der SDK-Dokumentation .
GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();
AccessPackageAssignmentPolicy accessPackageAssignmentPolicy = new AccessPackageAssignmentPolicy();
accessPackageAssignmentPolicy.id = "87e1c7f7-c7f7-87e1-f7c7-e187f7c7e187";
accessPackageAssignmentPolicy.displayName = "All Users";
accessPackageAssignmentPolicy.description = "All users can request for access to the directory.";
accessPackageAssignmentPolicy.allowedTargetScope = AllowedTargetScope.ALL_DIRECTORY_USERS;
LinkedList<SubjectSet> specificAllowedTargetsList = new LinkedList<SubjectSet>();
accessPackageAssignmentPolicy.specificAllowedTargets = specificAllowedTargetsList;
ExpirationPattern expiration = new ExpirationPattern();
expiration.type = ExpirationPatternType.NO_EXPIRATION;
accessPackageAssignmentPolicy.expiration = expiration;
AccessPackageAssignmentRequestorSettings requestorSettings = new AccessPackageAssignmentRequestorSettings();
requestorSettings.enableTargetsToSelfAddAccess = true;
requestorSettings.enableTargetsToSelfUpdateAccess = false;
requestorSettings.enableTargetsToSelfRemoveAccess = true;
requestorSettings.allowCustomAssignmentSchedule = false;
requestorSettings.enableOnBehalfRequestorsToAddAccess = false;
requestorSettings.enableOnBehalfRequestorsToUpdateAccess = false;
requestorSettings.enableOnBehalfRequestorsToRemoveAccess = false;
LinkedList<SubjectSet> onBehalfRequestorsList = new LinkedList<SubjectSet>();
requestorSettings.onBehalfRequestors = onBehalfRequestorsList;
accessPackageAssignmentPolicy.requestorSettings = requestorSettings;
AccessPackageAssignmentApprovalSettings requestApprovalSettings = new AccessPackageAssignmentApprovalSettings();
requestApprovalSettings.isApprovalRequiredForAdd = true;
requestApprovalSettings.isApprovalRequiredForUpdate = false;
LinkedList<AccessPackageApprovalStage> stagesList = new LinkedList<AccessPackageApprovalStage>();
AccessPackageApprovalStage stages = new AccessPackageApprovalStage();
stages.durationBeforeAutomaticDenial = DatatypeFactory.newInstance().newDuration("P2D");
stages.isApproverJustificationRequired = false;
stages.isEscalationEnabled = false;
stages.durationBeforeEscalation = DatatypeFactory.newInstance().newDuration("PT0S");
LinkedList<SubjectSet> primaryApproversList = new LinkedList<SubjectSet>();
RequestorManager primaryApprovers = new RequestorManager();
primaryApprovers.managerLevel = 1;
primaryApproversList.add(primaryApprovers);
stages.primaryApprovers = primaryApproversList;
LinkedList<SubjectSet> fallbackPrimaryApproversList = new LinkedList<SubjectSet>();
SingleUser fallbackPrimaryApprovers = new SingleUser();
fallbackPrimaryApprovers.userId = "e6bf4d7d-6824-4dd0-809d-5bf42d4817c2";
fallbackPrimaryApprovers.description = "user";
fallbackPrimaryApproversList.add(fallbackPrimaryApprovers);
stages.fallbackPrimaryApprovers = fallbackPrimaryApproversList;
LinkedList<SubjectSet> escalationApproversList = new LinkedList<SubjectSet>();
stages.escalationApprovers = escalationApproversList;
LinkedList<SubjectSet> fallbackEscalationApproversList = new LinkedList<SubjectSet>();
stages.fallbackEscalationApprovers = fallbackEscalationApproversList;
stagesList.add(stages);
requestApprovalSettings.stages = stagesList;
accessPackageAssignmentPolicy.requestApprovalSettings = requestApprovalSettings;
AccessPackage accessPackage = new AccessPackage();
accessPackage.id = "49d2c59b-0a81-463d-a8ec-ddad3935d8a0";
accessPackageAssignmentPolicy.accessPackage = accessPackage;
graphClient.identityGovernance().entitlementManagement().assignmentPolicies("87e1c7f7-c7f7-87e1-f7c7-e187f7c7e187")
.buildRequest()
.put(accessPackageAssignmentPolicy);
Ausführliche Informationen zum Hinzufügen des SDK zu Ihrem Projekt und zum Erstellen einer authProvider-Instanz finden Sie in der SDK-Dokumentation .
Antwort
Hinweis: Das hier gezeigte Antwortobjekt kann zur besseren Lesbarkeit gekürzt werden.
HTTP/1.1 200 OK
Content-Type: application/json
{
"id": "87e1c7f7-c7f7-87e1-f7c7-e187f7c7e187",
"displayName": "All Users",
"description": "All users can request for access to the directory."
}