AssignmentPolicies erstellen

Artikel
07/18/2022
16 Minuten Lesedauer

Namespace: microsoft.graph

Erstellen Sie in der Azure AD-Berechtigungsverwaltung ein neues accessPackageAssignmentPolicy-Objekt . Die Anforderung enthält einen Verweis auf das accessPackage , das diese Richtlinie enthält, die bereits vorhanden sein muss.

Berechtigungen

Eine der nachfolgenden Berechtigungen ist erforderlich, um diese API aufrufen zu können. Weitere Informationen, unter anderem zur Auswahl von Berechtigungen, finden Sie im Artikel zum Thema Berechtigungen.

Berechtigungstyp	Berechtigungen (von der Berechtigung mit den wenigsten Rechten zu der mit den meisten Rechten)
Delegiert (Geschäfts-, Schul- oder Unikonto)	EntitlementManagement.ReadWrite.All
Delegiert (persönliches Microsoft-Konto)	Nicht unterstützt
Anwendung	EntitlementManagement.ReadWrite.All

HTTP-Anforderung

POST /identityGovernance/entitlementManagement/assignmentPolicies

Anforderungsheader

Name	Beschreibung
Authorization	Bearer {token}. Erforderlich.
Content-Type	application/json. Erforderlich.

Anforderungstext

Geben Sie im Anforderungstext eine JSON-Darstellung des objekts accessPackageAssignmentPolicy an.

Sie können beim Erstellen einer accessPackageAssignmentPolicy die folgenden Eigenschaften angeben.

Eigenschaft	Typ	Beschreibung
description	Zeichenfolge	Die Beschreibung der Richtlinie.
displayName	Zeichenfolge	Der Anzeigename der Richtlinie.
allowedTargetScope	allowedTargetScope	Wer kann das Zugriffspaket über diese Richtlinie zugewiesen werden. Mögliche Werte sind: `notSpecified`, `specificDirectoryUsers`, `specificConnectedOrganizationUsers`, `specificDirectoryServicePrincipals`, `allMemberUsers`, `allDirectoryUsers`, `allDirectoryServicePrincipals`, `allConfiguredConnectedOrganizationUsers`, `allExternalUsers`, `unknownFutureValue`. Optional.
Ablauf	expirationPattern	Das Ablaufdatum für in dieser Richtlinie erstellte Zuordnungen.
requestApprovalSettings	accessPackageAssignmentApprovalSettings	Gibt die Einstellungen für die Genehmigung von Anforderungen für eine Zugriffspaketzuweisung über diese Richtlinie an. Wenn z. B. eine Genehmigung für neue Anforderungen erforderlich ist.
requestorSettings	accessPackageAssignmentRequestorSettings	Stellt zusätzliche Einstellungen bereit, um auszuwählen, wer eine Anforderung für eine Zugriffspaketzuweisung über diese Richtlinie erstellen kann und was diese in ihre Anforderung aufnehmen können.
reviewSettings	accessPackageAssignmentReviewSettings	Einstellungen für Zugriffsüberprüfungen von Aufgaben über diese Richtlinie.
specificAllowedTargets	subjectSet-Sammlung	Die Ziele für den zugewiesenen Zugriff über ein Zugriffspaket aus dieser Richtlinie.
accessPackage	accessPackage	Ein Verweis auf das Zugriffspaket, das die Richtlinie enthalten soll, die bereits vorhanden sein muss.

Antwort

Bei erfolgreicher Ausführung gibt die Methode einen 201 Created Antwortcode und ein accessPackageAssignmentPolicy-Objekt im Antworttext zurück.

Beispiele

Beispiel 1: Erstellen einer Direktzuweisungsrichtlinie

Eine direkte Zuweisungsrichtlinie ist nützlich, wenn Zugriffspaketzuweisungsanforderungen nur von einem Administrator und nicht von Benutzern selbst erstellt werden.

Anforderung

Das folgende Beispiel zeigt eine Anforderung zum Erstellen einer Zugriffspaketzuweisungsrichtlinie. In dieser Richtlinie können keine Benutzer eine Anforderung stellen, es ist keine Genehmigung erforderlich, und es gibt keine Zugriffsüberprüfungen.

POST https://graph.microsoft.com/v1.0/identityGovernance/entitlementManagement/assignmentPolicies
Content-Type: application/json

{
  "displayName": "New Policy",
  "description": "policy for assignment",
  "allowedTargetScope": "notSpecified",
  "specificAllowedTargets": [],
  "expiration": {
      "endDateTime": null,
      "duration": null,
      "type": "noExpiration"
  },
  "requestorSettings": {
      "enableTargetsToSelfAddAccess": false,
      "enableTargetsToSelfUpdateAccess": false,
      "enableTargetsToSelfRemoveAccess": false,
      "allowCustomAssignmentSchedule": true,
      "enableOnBehalfRequestorsToAddAccess": false,
      "enableOnBehalfRequestorsToUpdateAccess": false,
      "enableOnBehalfRequestorsToRemoveAccess": false,
      "onBehalfRequestors": []
  },
  "requestApprovalSettings": {
      "isApprovalRequiredForAdd": false,
      "isApprovalRequiredForUpdate": false,
      "stages": []
  },
  "accessPackage": {
      "id": "a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b"
  }
}


GraphServiceClient graphClient = new GraphServiceClient( authProvider );

var accessPackageAssignmentPolicy = new AccessPackageAssignmentPolicy
{
    DisplayName = "New Policy",
    Description = "policy for assignment",
    AllowedTargetScope = AllowedTargetScope.NotSpecified,
    SpecificAllowedTargets = new List<SubjectSet>()
    {
    },
    Expiration = new ExpirationPattern
    {
        EndDateTime = null,
        Duration = null,
        Type = ExpirationPatternType.NoExpiration
    },
    RequestorSettings = new AccessPackageAssignmentRequestorSettings
    {
        EnableTargetsToSelfAddAccess = false,
        EnableTargetsToSelfUpdateAccess = false,
        EnableTargetsToSelfRemoveAccess = false,
        AllowCustomAssignmentSchedule = true,
        EnableOnBehalfRequestorsToAddAccess = false,
        EnableOnBehalfRequestorsToUpdateAccess = false,
        EnableOnBehalfRequestorsToRemoveAccess = false,
        OnBehalfRequestors = new List<SubjectSet>()
        {
        }
    },
    RequestApprovalSettings = new AccessPackageAssignmentApprovalSettings
    {
        IsApprovalRequiredForAdd = false,
        IsApprovalRequiredForUpdate = false,
        Stages = new List<AccessPackageApprovalStage>()
        {
        }
    },
    AccessPackage = new AccessPackage
    {
        Id = "a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b"
    }
};

await graphClient.IdentityGovernance.EntitlementManagement.AssignmentPolicies
    .Request()
    .AddAsync(accessPackageAssignmentPolicy);


const options = {
    authProvider,
};

const client = Client.init(options);

const accessPackageAssignmentPolicy = {
  displayName: 'New Policy',
  description: 'policy for assignment',
  allowedTargetScope: 'notSpecified',
  specificAllowedTargets: [],
  expiration: {
      endDateTime: null,
      duration: null,
      type: 'noExpiration'
  },
  requestorSettings: {
      enableTargetsToSelfAddAccess: false,
      enableTargetsToSelfUpdateAccess: false,
      enableTargetsToSelfRemoveAccess: false,
      allowCustomAssignmentSchedule: true,
      enableOnBehalfRequestorsToAddAccess: false,
      enableOnBehalfRequestorsToUpdateAccess: false,
      enableOnBehalfRequestorsToRemoveAccess: false,
      onBehalfRequestors: []
  },
  requestApprovalSettings: {
      isApprovalRequiredForAdd: false,
      isApprovalRequiredForUpdate: false,
      stages: []
  },
  accessPackage: {
      id: 'a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b'
  }
};

await client.api('/identityGovernance/entitlementManagement/assignmentPolicies')
    .post(accessPackageAssignmentPolicy);


MSHTTPClient *httpClient = [MSClientFactory createHTTPClientWithAuthenticationProvider:authenticationProvider];

NSString *MSGraphBaseURL = @"https://graph.microsoft.com/v1.0/";
NSMutableURLRequest *urlRequest = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:[MSGraphBaseURL stringByAppendingString:@"/identityGovernance/entitlementManagement/assignmentPolicies"]]];
[urlRequest setHTTPMethod:@"POST"];
[urlRequest setValue:@"application/json" forHTTPHeaderField:@"Content-Type"];

MSGraphAccessPackageAssignmentPolicy *accessPackageAssignmentPolicy = [[MSGraphAccessPackageAssignmentPolicy alloc] init];
[accessPackageAssignmentPolicy setDisplayName:@"New Policy"];
[accessPackageAssignmentPolicy setDescription:@"policy for assignment"];
[accessPackageAssignmentPolicy setAllowedTargetScope: [MSGraphAllowedTargetScope notSpecified]];
NSMutableArray *specificAllowedTargetsList = [[NSMutableArray alloc] init];
[accessPackageAssignmentPolicy setSpecificAllowedTargets:specificAllowedTargetsList];
MSGraphExpirationPattern *expiration = [[MSGraphExpirationPattern alloc] init];
[expiration setEndDateTime: null];
[expiration setDuration: null];
[expiration setType: [MSGraphExpirationPatternType noExpiration]];
[accessPackageAssignmentPolicy setExpiration:expiration];
MSGraphAccessPackageAssignmentRequestorSettings *requestorSettings = [[MSGraphAccessPackageAssignmentRequestorSettings alloc] init];
[requestorSettings setEnableTargetsToSelfAddAccess: false];
[requestorSettings setEnableTargetsToSelfUpdateAccess: false];
[requestorSettings setEnableTargetsToSelfRemoveAccess: false];
[requestorSettings setAllowCustomAssignmentSchedule: true];
[requestorSettings setEnableOnBehalfRequestorsToAddAccess: false];
[requestorSettings setEnableOnBehalfRequestorsToUpdateAccess: false];
[requestorSettings setEnableOnBehalfRequestorsToRemoveAccess: false];
NSMutableArray *onBehalfRequestorsList = [[NSMutableArray alloc] init];
[requestorSettings setOnBehalfRequestors:onBehalfRequestorsList];
[accessPackageAssignmentPolicy setRequestorSettings:requestorSettings];
MSGraphAccessPackageAssignmentApprovalSettings *requestApprovalSettings = [[MSGraphAccessPackageAssignmentApprovalSettings alloc] init];
[requestApprovalSettings setIsApprovalRequiredForAdd: false];
[requestApprovalSettings setIsApprovalRequiredForUpdate: false];
NSMutableArray *stagesList = [[NSMutableArray alloc] init];
[requestApprovalSettings setStages:stagesList];
[accessPackageAssignmentPolicy setRequestApprovalSettings:requestApprovalSettings];
MSGraphAccessPackage *accessPackage = [[MSGraphAccessPackage alloc] init];
[accessPackage setId:@"a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b"];
[accessPackageAssignmentPolicy setAccessPackage:accessPackage];

NSError *error;
NSData *accessPackageAssignmentPolicyData = [accessPackageAssignmentPolicy getSerializedDataWithError:&error];
[urlRequest setHTTPBody:accessPackageAssignmentPolicyData];

MSURLSessionDataTask *meDataTask = [httpClient dataTaskWithRequest:urlRequest 
    completionHandler: ^(NSData *data, NSURLResponse *response, NSError *nserror) {

        //Request Completed

}];

[meDataTask execute];


GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();

AccessPackageAssignmentPolicy accessPackageAssignmentPolicy = new AccessPackageAssignmentPolicy();
accessPackageAssignmentPolicy.displayName = "New Policy";
accessPackageAssignmentPolicy.description = "policy for assignment";
accessPackageAssignmentPolicy.allowedTargetScope = AllowedTargetScope.NOT_SPECIFIED;
LinkedList<SubjectSet> specificAllowedTargetsList = new LinkedList<SubjectSet>();
accessPackageAssignmentPolicy.specificAllowedTargets = specificAllowedTargetsList;
ExpirationPattern expiration = new ExpirationPattern();
expiration.endDateTime = OffsetDateTimeSerializer.deserialize("null");
expiration.duration = DatatypeFactory.newInstance().newDuration("null");
expiration.type = ExpirationPatternType.NO_EXPIRATION;
accessPackageAssignmentPolicy.expiration = expiration;
AccessPackageAssignmentRequestorSettings requestorSettings = new AccessPackageAssignmentRequestorSettings();
requestorSettings.enableTargetsToSelfAddAccess = false;
requestorSettings.enableTargetsToSelfUpdateAccess = false;
requestorSettings.enableTargetsToSelfRemoveAccess = false;
requestorSettings.allowCustomAssignmentSchedule = true;
requestorSettings.enableOnBehalfRequestorsToAddAccess = false;
requestorSettings.enableOnBehalfRequestorsToUpdateAccess = false;
requestorSettings.enableOnBehalfRequestorsToRemoveAccess = false;
LinkedList<SubjectSet> onBehalfRequestorsList = new LinkedList<SubjectSet>();
requestorSettings.onBehalfRequestors = onBehalfRequestorsList;
accessPackageAssignmentPolicy.requestorSettings = requestorSettings;
AccessPackageAssignmentApprovalSettings requestApprovalSettings = new AccessPackageAssignmentApprovalSettings();
requestApprovalSettings.isApprovalRequiredForAdd = false;
requestApprovalSettings.isApprovalRequiredForUpdate = false;
LinkedList<AccessPackageApprovalStage> stagesList = new LinkedList<AccessPackageApprovalStage>();
requestApprovalSettings.stages = stagesList;
accessPackageAssignmentPolicy.requestApprovalSettings = requestApprovalSettings;
AccessPackage accessPackage = new AccessPackage();
accessPackage.id = "a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b";
accessPackageAssignmentPolicy.accessPackage = accessPackage;

graphClient.identityGovernance().entitlementManagement().assignmentPolicies()
    .buildRequest()
    .post(accessPackageAssignmentPolicy);


//THE GO SDK IS IN PREVIEW. NON-PRODUCTION USE ONLY
graphClient := msgraphsdk.NewGraphServiceClient(requestAdapter)

requestBody := msgraphsdk.NewAccessPackageAssignmentPolicy()
displayName := "New Policy"
requestBody.SetDisplayName(&displayName)
description := "policy for assignment"
requestBody.SetDescription(&description)
allowedTargetScope := "notSpecified"
requestBody.SetAllowedTargetScope(&allowedTargetScope)
requestBody.SetSpecificAllowedTargets( []SubjectSet {
}
expiration := msgraphsdk.NewExpirationPattern()
requestBody.SetExpiration(expiration)
expiration.SetEndDateTime(nil)
expiration.SetDuration(nil)
type := "noExpiration"
expiration.SetType(&type)
requestorSettings := msgraphsdk.NewAccessPackageAssignmentRequestorSettings()
requestBody.SetRequestorSettings(requestorSettings)
enableTargetsToSelfAddAccess := false
requestorSettings.SetEnableTargetsToSelfAddAccess(&enableTargetsToSelfAddAccess)
enableTargetsToSelfUpdateAccess := false
requestorSettings.SetEnableTargetsToSelfUpdateAccess(&enableTargetsToSelfUpdateAccess)
enableTargetsToSelfRemoveAccess := false
requestorSettings.SetEnableTargetsToSelfRemoveAccess(&enableTargetsToSelfRemoveAccess)
allowCustomAssignmentSchedule := true
requestorSettings.SetAllowCustomAssignmentSchedule(&allowCustomAssignmentSchedule)
enableOnBehalfRequestorsToAddAccess := false
requestorSettings.SetEnableOnBehalfRequestorsToAddAccess(&enableOnBehalfRequestorsToAddAccess)
enableOnBehalfRequestorsToUpdateAccess := false
requestorSettings.SetEnableOnBehalfRequestorsToUpdateAccess(&enableOnBehalfRequestorsToUpdateAccess)
enableOnBehalfRequestorsToRemoveAccess := false
requestorSettings.SetEnableOnBehalfRequestorsToRemoveAccess(&enableOnBehalfRequestorsToRemoveAccess)
requestorSettings.SetOnBehalfRequestors( []SubjectSet {
}
requestApprovalSettings := msgraphsdk.NewAccessPackageAssignmentApprovalSettings()
requestBody.SetRequestApprovalSettings(requestApprovalSettings)
isApprovalRequiredForAdd := false
requestApprovalSettings.SetIsApprovalRequiredForAdd(&isApprovalRequiredForAdd)
isApprovalRequiredForUpdate := false
requestApprovalSettings.SetIsApprovalRequiredForUpdate(&isApprovalRequiredForUpdate)
requestApprovalSettings.SetStages( []AccessPackageApprovalStage {
}
accessPackage := msgraphsdk.NewAccessPackage()
requestBody.SetAccessPackage(accessPackage)
id := "a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b"
accessPackage.SetId(&id)
result, err := graphClient.IdentityGovernance().EntitlementManagement().AssignmentPolicies().Post(requestBody)


Import-Module Microsoft.Graph.Identity.Governance

$params = @{
    DisplayName = "New Policy"
    Description = "policy for assignment"
    AllowedTargetScope = "notSpecified"
    SpecificAllowedTargets = @(
    )
    Expiration = @{
        EndDateTime = $null
        Duration = $null
        Type = "noExpiration"
    }
    RequestorSettings = @{
        EnableTargetsToSelfAddAccess = $false
        EnableTargetsToSelfUpdateAccess = $false
        EnableTargetsToSelfRemoveAccess = $false
        AllowCustomAssignmentSchedule = $true
        EnableOnBehalfRequestorsToAddAccess = $false
        EnableOnBehalfRequestorsToUpdateAccess = $false
        EnableOnBehalfRequestorsToRemoveAccess = $false
        OnBehalfRequestors = @(
        )
    }
    RequestApprovalSettings = @{
        IsApprovalRequiredForAdd = $false
        IsApprovalRequiredForUpdate = $false
        Stages = @(
        )
    }
    AccessPackage = @{
        Id = "a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b"
    }
}

New-MgEntitlementManagementAssignmentPolicy -BodyParameter $params

Antwort

HTTP/1.1 201 Created
Content-Type: application/json

{
  "id": "87e1c7f7-c7f7-87e1-f7c7-e187f7c7e187",
  "displayName": "New policy",
  "description": "policy for assignment"
}

Beispiel 2: Erstellen einer Richtlinie für Benutzer aus anderen Organisationen zum Anfordern

Das folgende Beispiel zeigt eine komplexere Richtlinie mit zwei Phasen der Genehmigung und wiederkehrenden Zugriffsüberprüfungen.

Anforderung

POST https://graph.microsoft.com/v1.0/identityGovernance/entitlementManagement/assignmentPolicies
Content-Type: application/json

{
    "displayName": "policy for external access requests",
    "description": "policy for users from connected organizations to request access, with two stages of approval.",
    "allowedTargetScope": "allConfiguredConnectedOrganizationUsers",
    "specificAllowedTargets": [],
    "expiration": {
        "type": "noExpiration"
    },
    "requestorSettings": {
        "enableTargetsToSelfAddAccess": true,
        "enableTargetsToSelfUpdateAccess": true,
        "enableTargetsToSelfRemoveAccess": true,
        "allowCustomAssignmentSchedule": false,
        "enableOnBehalfRequestorsToAddAccess": false,
        "enableOnBehalfRequestorsToUpdateAccess": false,
        "enableOnBehalfRequestorsToRemoveAccess": false,
        "onBehalfRequestors": []
    },
    "requestApprovalSettings": {
        "isApprovalRequiredForAdd": true,
        "isApprovalRequiredForUpdate": false,
        "stages": [
            {
                "durationBeforeAutomaticDenial": "P14D",
                "isApproverJustificationRequired": false,
                "isEscalationEnabled": false,
                "durationBeforeEscalation": "PT0S",
                "primaryApprovers": [
                    {
                        "@odata.type": "#microsoft.graph.internalSponsors"
                    }
                ],
                "fallbackPrimaryApprovers": [
                    {
                        "@odata.type": "#microsoft.graph.singleUser",
                        "userId": "7deff43e-1f17-44ef-9e5f-d516b0ba11d4"
                    },
                    {
                        "@odata.type": "#microsoft.graph.groupMembers",
                        "groupId": "1623f912-5e86-41c2-af47-39dd67582b66"
                    }
                ],
                "escalationApprovers": [],
                "fallbackEscalationApprovers": []
            },
            {
                "durationBeforeAutomaticDenial": "P14D",
                "isApproverJustificationRequired": false,
                "isEscalationEnabled": false,
                "durationBeforeEscalation": "PT0S",
                "primaryApprovers": [],
                "fallbackPrimaryApprovers": [
                    {
                        "@odata.type": "#microsoft.graph.singleUser",
                        "userId": "46184453-e63b-4f20-86c2-c557ed5d5df9"
                    },
                    {
                        "@odata.type": "#microsoft.graph.groupMembers",
                        "groupId": "1623f912-5e86-41c2-af47-39dd67582b66"
                    }
                ],
                "escalationApprovers": [],
                "fallbackEscalationApprovers": []
            }
        ]
    },
    "reviewSettings": {
        "isEnabled": true,
        "expirationBehavior": "keepAccess",
        "isRecommendationEnabled": true,
        "isReviewerJustificationRequired": true,
        "isSelfReview": false,
        "schedule": {
            "startDateTime": "2022-07-02T06:59:59.998Z",
            "expiration": {
                "duration": "P14D",
                "type": "afterDuration"
            },
            "recurrence": {
                "pattern": {
                    "type": "absoluteMonthly",
                    "interval": 3,
                    "month": 0,
                    "dayOfMonth": 0,
                    "daysOfWeek": []
                },
                "range": {
                    "type": "noEnd",
                    "numberOfOccurrences": 0
                }
            }
        },
        "primaryReviewers": [
            {
                "@odata.type": "#microsoft.graph.groupMembers",
                "groupId": "1623f912-5e86-41c2-af47-39dd67582b66"
            }
        ],
        "fallbackReviewers": []
    },
    "accessPackage": {
        "id": "a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b"
    }
}


GraphServiceClient graphClient = new GraphServiceClient( authProvider );

var accessPackageAssignmentPolicy = new AccessPackageAssignmentPolicy
{
    DisplayName = "policy for external access requests",
    Description = "policy for users from connected organizations to request access, with two stages of approval.",
    AllowedTargetScope = AllowedTargetScope.AllConfiguredConnectedOrganizationUsers,
    SpecificAllowedTargets = new List<SubjectSet>()
    {
    },
    Expiration = new ExpirationPattern
    {
        Type = ExpirationPatternType.NoExpiration
    },
    RequestorSettings = new AccessPackageAssignmentRequestorSettings
    {
        EnableTargetsToSelfAddAccess = true,
        EnableTargetsToSelfUpdateAccess = true,
        EnableTargetsToSelfRemoveAccess = true,
        AllowCustomAssignmentSchedule = false,
        EnableOnBehalfRequestorsToAddAccess = false,
        EnableOnBehalfRequestorsToUpdateAccess = false,
        EnableOnBehalfRequestorsToRemoveAccess = false,
        OnBehalfRequestors = new List<SubjectSet>()
        {
        }
    },
    RequestApprovalSettings = new AccessPackageAssignmentApprovalSettings
    {
        IsApprovalRequiredForAdd = true,
        IsApprovalRequiredForUpdate = false,
        Stages = new List<AccessPackageApprovalStage>()
        {
            new AccessPackageApprovalStage
            {
                DurationBeforeAutomaticDenial = new Duration("P14D"),
                IsApproverJustificationRequired = false,
                IsEscalationEnabled = false,
                DurationBeforeEscalation = new Duration("PT0S"),
                PrimaryApprovers = new List<SubjectSet>()
                {
                    new InternalSponsors
                    {
                    }
                },
                FallbackPrimaryApprovers = new List<SubjectSet>()
                {
                    new SingleUser
                    {
                        UserId = "7deff43e-1f17-44ef-9e5f-d516b0ba11d4"
                    },
                    new GroupMembers
                    {
                        GroupId = "1623f912-5e86-41c2-af47-39dd67582b66"
                    }
                },
                EscalationApprovers = new List<SubjectSet>()
                {
                },
                FallbackEscalationApprovers = new List<SubjectSet>()
                {
                }
            },
            new AccessPackageApprovalStage
            {
                DurationBeforeAutomaticDenial = new Duration("P14D"),
                IsApproverJustificationRequired = false,
                IsEscalationEnabled = false,
                DurationBeforeEscalation = new Duration("PT0S"),
                PrimaryApprovers = new List<SubjectSet>()
                {
                },
                FallbackPrimaryApprovers = new List<SubjectSet>()
                {
                    new SingleUser
                    {
                        UserId = "46184453-e63b-4f20-86c2-c557ed5d5df9"
                    },
                    new GroupMembers
                    {
                        GroupId = "1623f912-5e86-41c2-af47-39dd67582b66"
                    }
                },
                EscalationApprovers = new List<SubjectSet>()
                {
                },
                FallbackEscalationApprovers = new List<SubjectSet>()
                {
                }
            }
        }
    },
    ReviewSettings = new AccessPackageAssignmentReviewSettings
    {
        IsEnabled = true,
        ExpirationBehavior = AccessReviewExpirationBehavior.KeepAccess,
        IsRecommendationEnabled = true,
        IsReviewerJustificationRequired = true,
        IsSelfReview = false,
        Schedule = new EntitlementManagementSchedule
        {
            StartDateTime = DateTimeOffset.Parse("2022-07-02T06:59:59.998Z"),
            Expiration = new ExpirationPattern
            {
                Duration = new Duration("P14D"),
                Type = ExpirationPatternType.AfterDuration
            },
            Recurrence = new PatternedRecurrence
            {
                Pattern = new RecurrencePattern
                {
                    Type = RecurrencePatternType.AbsoluteMonthly,
                    Interval = 3,
                    Month = 0,
                    DayOfMonth = 0,
                    DaysOfWeek = new List<DayOfWeek>()
                    {
                    }
                },
                Range = new RecurrenceRange
                {
                    Type = RecurrenceRangeType.NoEnd,
                    NumberOfOccurrences = 0
                }
            }
        },
        PrimaryReviewers = new List<SubjectSet>()
        {
            new GroupMembers
            {
                GroupId = "1623f912-5e86-41c2-af47-39dd67582b66"
            }
        },
        FallbackReviewers = new List<SubjectSet>()
        {
        }
    },
    AccessPackage = new AccessPackage
    {
        Id = "a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b"
    }
};

await graphClient.IdentityGovernance.EntitlementManagement.AssignmentPolicies
    .Request()
    .AddAsync(accessPackageAssignmentPolicy);


const options = {
    authProvider,
};

const client = Client.init(options);

const accessPackageAssignmentPolicy = {
    displayName: 'policy for external access requests',
    description: 'policy for users from connected organizations to request access, with two stages of approval.',
    allowedTargetScope: 'allConfiguredConnectedOrganizationUsers',
    specificAllowedTargets: [],
    expiration: {
        type: 'noExpiration'
    },
    requestorSettings: {
        enableTargetsToSelfAddAccess: true,
        enableTargetsToSelfUpdateAccess: true,
        enableTargetsToSelfRemoveAccess: true,
        allowCustomAssignmentSchedule: false,
        enableOnBehalfRequestorsToAddAccess: false,
        enableOnBehalfRequestorsToUpdateAccess: false,
        enableOnBehalfRequestorsToRemoveAccess: false,
        onBehalfRequestors: []
    },
    requestApprovalSettings: {
        isApprovalRequiredForAdd: true,
        isApprovalRequiredForUpdate: false,
        stages: [
            {
                durationBeforeAutomaticDenial: 'P14D',
                isApproverJustificationRequired: false,
                isEscalationEnabled: false,
                durationBeforeEscalation: 'PT0S',
                primaryApprovers: [
                    {
                        '@odata.type': '#microsoft.graph.internalSponsors'
                    }
                ],
                fallbackPrimaryApprovers: [
                    {
                        '@odata.type': '#microsoft.graph.singleUser',
                        userId: '7deff43e-1f17-44ef-9e5f-d516b0ba11d4'
                    },
                    {
                        '@odata.type': '#microsoft.graph.groupMembers',
                        groupId: '1623f912-5e86-41c2-af47-39dd67582b66'
                    }
                ],
                escalationApprovers: [],
                fallbackEscalationApprovers: []
            },
            {
                durationBeforeAutomaticDenial: 'P14D',
                isApproverJustificationRequired: false,
                isEscalationEnabled: false,
                durationBeforeEscalation: 'PT0S',
                primaryApprovers: [],
                fallbackPrimaryApprovers: [
                    {
                        '@odata.type': '#microsoft.graph.singleUser',
                        userId: '46184453-e63b-4f20-86c2-c557ed5d5df9'
                    },
                    {
                        '@odata.type': '#microsoft.graph.groupMembers',
                        groupId: '1623f912-5e86-41c2-af47-39dd67582b66'
                    }
                ],
                escalationApprovers: [],
                fallbackEscalationApprovers: []
            }
        ]
    },
    reviewSettings: {
        isEnabled: true,
        expirationBehavior: 'keepAccess',
        isRecommendationEnabled: true,
        isReviewerJustificationRequired: true,
        isSelfReview: false,
        schedule: {
            startDateTime: '2022-07-02T06:59:59.998Z',
            expiration: {
                duration: 'P14D',
                type: 'afterDuration'
            },
            recurrence: {
                pattern: {
                    type: 'absoluteMonthly',
                    interval: 3,
                    month: 0,
                    dayOfMonth: 0,
                    daysOfWeek: []
                },
                range: {
                    type: 'noEnd',
                    numberOfOccurrences: 0
                }
            }
        },
        primaryReviewers: [
            {
                '@odata.type': '#microsoft.graph.groupMembers',
                groupId: '1623f912-5e86-41c2-af47-39dd67582b66'
            }
        ],
        fallbackReviewers: []
    },
    accessPackage: {
        id: 'a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b'
    }
};

await client.api('/identityGovernance/entitlementManagement/assignmentPolicies')
    .post(accessPackageAssignmentPolicy);


MSHTTPClient *httpClient = [MSClientFactory createHTTPClientWithAuthenticationProvider:authenticationProvider];

NSString *MSGraphBaseURL = @"https://graph.microsoft.com/v1.0/";
NSMutableURLRequest *urlRequest = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:[MSGraphBaseURL stringByAppendingString:@"/identityGovernance/entitlementManagement/assignmentPolicies"]]];
[urlRequest setHTTPMethod:@"POST"];
[urlRequest setValue:@"application/json" forHTTPHeaderField:@"Content-Type"];

MSGraphAccessPackageAssignmentPolicy *accessPackageAssignmentPolicy = [[MSGraphAccessPackageAssignmentPolicy alloc] init];
[accessPackageAssignmentPolicy setDisplayName:@"policy for external access requests"];
[accessPackageAssignmentPolicy setDescription:@"policy for users from connected organizations to request access, with two stages of approval."];
[accessPackageAssignmentPolicy setAllowedTargetScope: [MSGraphAllowedTargetScope allConfiguredConnectedOrganizationUsers]];
NSMutableArray *specificAllowedTargetsList = [[NSMutableArray alloc] init];
[accessPackageAssignmentPolicy setSpecificAllowedTargets:specificAllowedTargetsList];
MSGraphExpirationPattern *expiration = [[MSGraphExpirationPattern alloc] init];
[expiration setType: [MSGraphExpirationPatternType noExpiration]];
[accessPackageAssignmentPolicy setExpiration:expiration];
MSGraphAccessPackageAssignmentRequestorSettings *requestorSettings = [[MSGraphAccessPackageAssignmentRequestorSettings alloc] init];
[requestorSettings setEnableTargetsToSelfAddAccess: true];
[requestorSettings setEnableTargetsToSelfUpdateAccess: true];
[requestorSettings setEnableTargetsToSelfRemoveAccess: true];
[requestorSettings setAllowCustomAssignmentSchedule: false];
[requestorSettings setEnableOnBehalfRequestorsToAddAccess: false];
[requestorSettings setEnableOnBehalfRequestorsToUpdateAccess: false];
[requestorSettings setEnableOnBehalfRequestorsToRemoveAccess: false];
NSMutableArray *onBehalfRequestorsList = [[NSMutableArray alloc] init];
[requestorSettings setOnBehalfRequestors:onBehalfRequestorsList];
[accessPackageAssignmentPolicy setRequestorSettings:requestorSettings];
MSGraphAccessPackageAssignmentApprovalSettings *requestApprovalSettings = [[MSGraphAccessPackageAssignmentApprovalSettings alloc] init];
[requestApprovalSettings setIsApprovalRequiredForAdd: true];
[requestApprovalSettings setIsApprovalRequiredForUpdate: false];
NSMutableArray *stagesList = [[NSMutableArray alloc] init];
MSGraphAccessPackageApprovalStage *stages = [[MSGraphAccessPackageApprovalStage alloc] init];
[stages setDurationBeforeAutomaticDenial:@"P14D"];
[stages setIsApproverJustificationRequired: false];
[stages setIsEscalationEnabled: false];
[stages setDurationBeforeEscalation:@"PT0S"];
NSMutableArray *primaryApproversList = [[NSMutableArray alloc] init];
MSGraphSubjectSet *primaryApprovers = [[MSGraphSubjectSet alloc] init];
[primaryApproversList addObject: primaryApprovers];
[stages setPrimaryApprovers:primaryApproversList];
NSMutableArray *fallbackPrimaryApproversList = [[NSMutableArray alloc] init];
MSGraphSubjectSet *fallbackPrimaryApprovers = [[MSGraphSubjectSet alloc] init];
[fallbackPrimaryApprovers setUserId:@"7deff43e-1f17-44ef-9e5f-d516b0ba11d4"];
[fallbackPrimaryApproversList addObject: fallbackPrimaryApprovers];
MSGraphSubjectSet *fallbackPrimaryApprovers = [[MSGraphSubjectSet alloc] init];
[fallbackPrimaryApprovers setGroupId:@"1623f912-5e86-41c2-af47-39dd67582b66"];
[fallbackPrimaryApproversList addObject: fallbackPrimaryApprovers];
[stages setFallbackPrimaryApprovers:fallbackPrimaryApproversList];
NSMutableArray *escalationApproversList = [[NSMutableArray alloc] init];
[stages setEscalationApprovers:escalationApproversList];
NSMutableArray *fallbackEscalationApproversList = [[NSMutableArray alloc] init];
[stages setFallbackEscalationApprovers:fallbackEscalationApproversList];
[stagesList addObject: stages];
MSGraphAccessPackageApprovalStage *stages = [[MSGraphAccessPackageApprovalStage alloc] init];
[stages setDurationBeforeAutomaticDenial:@"P14D"];
[stages setIsApproverJustificationRequired: false];
[stages setIsEscalationEnabled: false];
[stages setDurationBeforeEscalation:@"PT0S"];
NSMutableArray *primaryApproversList = [[NSMutableArray alloc] init];
[stages setPrimaryApprovers:primaryApproversList];
NSMutableArray *fallbackPrimaryApproversList = [[NSMutableArray alloc] init];
MSGraphSubjectSet *fallbackPrimaryApprovers = [[MSGraphSubjectSet alloc] init];
[fallbackPrimaryApprovers setUserId:@"46184453-e63b-4f20-86c2-c557ed5d5df9"];
[fallbackPrimaryApproversList addObject: fallbackPrimaryApprovers];
MSGraphSubjectSet *fallbackPrimaryApprovers = [[MSGraphSubjectSet alloc] init];
[fallbackPrimaryApprovers setGroupId:@"1623f912-5e86-41c2-af47-39dd67582b66"];
[fallbackPrimaryApproversList addObject: fallbackPrimaryApprovers];
[stages setFallbackPrimaryApprovers:fallbackPrimaryApproversList];
NSMutableArray *escalationApproversList = [[NSMutableArray alloc] init];
[stages setEscalationApprovers:escalationApproversList];
NSMutableArray *fallbackEscalationApproversList = [[NSMutableArray alloc] init];
[stages setFallbackEscalationApprovers:fallbackEscalationApproversList];
[stagesList addObject: stages];
[requestApprovalSettings setStages:stagesList];
[accessPackageAssignmentPolicy setRequestApprovalSettings:requestApprovalSettings];
MSGraphAccessPackage *accessPackage = [[MSGraphAccessPackage alloc] init];
[accessPackage setId:@"a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b"];
[accessPackageAssignmentPolicy setAccessPackage:accessPackage];

NSError *error;
NSData *accessPackageAssignmentPolicyData = [accessPackageAssignmentPolicy getSerializedDataWithError:&error];
[urlRequest setHTTPBody:accessPackageAssignmentPolicyData];

MSURLSessionDataTask *meDataTask = [httpClient dataTaskWithRequest:urlRequest 
    completionHandler: ^(NSData *data, NSURLResponse *response, NSError *nserror) {

        //Request Completed

}];

[meDataTask execute];


GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();

AccessPackageAssignmentPolicy accessPackageAssignmentPolicy = new AccessPackageAssignmentPolicy();
accessPackageAssignmentPolicy.displayName = "policy for external access requests";
accessPackageAssignmentPolicy.description = "policy for users from connected organizations to request access, with two stages of approval.";
accessPackageAssignmentPolicy.allowedTargetScope = AllowedTargetScope.ALL_CONFIGURED_CONNECTED_ORGANIZATION_USERS;
LinkedList<SubjectSet> specificAllowedTargetsList = new LinkedList<SubjectSet>();
accessPackageAssignmentPolicy.specificAllowedTargets = specificAllowedTargetsList;
ExpirationPattern expiration = new ExpirationPattern();
expiration.type = ExpirationPatternType.NO_EXPIRATION;
accessPackageAssignmentPolicy.expiration = expiration;
AccessPackageAssignmentRequestorSettings requestorSettings = new AccessPackageAssignmentRequestorSettings();
requestorSettings.enableTargetsToSelfAddAccess = true;
requestorSettings.enableTargetsToSelfUpdateAccess = true;
requestorSettings.enableTargetsToSelfRemoveAccess = true;
requestorSettings.allowCustomAssignmentSchedule = false;
requestorSettings.enableOnBehalfRequestorsToAddAccess = false;
requestorSettings.enableOnBehalfRequestorsToUpdateAccess = false;
requestorSettings.enableOnBehalfRequestorsToRemoveAccess = false;
LinkedList<SubjectSet> onBehalfRequestorsList = new LinkedList<SubjectSet>();
requestorSettings.onBehalfRequestors = onBehalfRequestorsList;
accessPackageAssignmentPolicy.requestorSettings = requestorSettings;
AccessPackageAssignmentApprovalSettings requestApprovalSettings = new AccessPackageAssignmentApprovalSettings();
requestApprovalSettings.isApprovalRequiredForAdd = true;
requestApprovalSettings.isApprovalRequiredForUpdate = false;
LinkedList<AccessPackageApprovalStage> stagesList = new LinkedList<AccessPackageApprovalStage>();
AccessPackageApprovalStage stages = new AccessPackageApprovalStage();
stages.durationBeforeAutomaticDenial = DatatypeFactory.newInstance().newDuration("P14D");
stages.isApproverJustificationRequired = false;
stages.isEscalationEnabled = false;
stages.durationBeforeEscalation = DatatypeFactory.newInstance().newDuration("PT0S");
LinkedList<SubjectSet> primaryApproversList = new LinkedList<SubjectSet>();
InternalSponsors primaryApprovers = new InternalSponsors();
primaryApproversList.add(primaryApprovers);
stages.primaryApprovers = primaryApproversList;
LinkedList<SubjectSet> fallbackPrimaryApproversList = new LinkedList<SubjectSet>();
SingleUser fallbackPrimaryApprovers = new SingleUser();
fallbackPrimaryApprovers.userId = "7deff43e-1f17-44ef-9e5f-d516b0ba11d4";
fallbackPrimaryApproversList.add(fallbackPrimaryApprovers);
GroupMembers fallbackPrimaryApprovers1 = new GroupMembers();
fallbackPrimaryApprovers1.groupId = "1623f912-5e86-41c2-af47-39dd67582b66";
fallbackPrimaryApproversList.add(fallbackPrimaryApprovers1);
stages.fallbackPrimaryApprovers = fallbackPrimaryApproversList;
LinkedList<SubjectSet> escalationApproversList = new LinkedList<SubjectSet>();
stages.escalationApprovers = escalationApproversList;
LinkedList<SubjectSet> fallbackEscalationApproversList = new LinkedList<SubjectSet>();
stages.fallbackEscalationApprovers = fallbackEscalationApproversList;
stagesList.add(stages);
AccessPackageApprovalStage stages1 = new AccessPackageApprovalStage();
stages1.durationBeforeAutomaticDenial = DatatypeFactory.newInstance().newDuration("P14D");
stages1.isApproverJustificationRequired = false;
stages1.isEscalationEnabled = false;
stages1.durationBeforeEscalation = DatatypeFactory.newInstance().newDuration("PT0S");
LinkedList<SubjectSet> primaryApproversList1 = new LinkedList<SubjectSet>();
stages1.primaryApprovers = primaryApproversList1;
LinkedList<SubjectSet> fallbackPrimaryApproversList1 = new LinkedList<SubjectSet>();
SingleUser fallbackPrimaryApprovers2 = new SingleUser();
fallbackPrimaryApprovers2.userId = "46184453-e63b-4f20-86c2-c557ed5d5df9";
fallbackPrimaryApproversList1.add(fallbackPrimaryApprovers2);
GroupMembers fallbackPrimaryApprovers3 = new GroupMembers();
fallbackPrimaryApprovers3.groupId = "1623f912-5e86-41c2-af47-39dd67582b66";
fallbackPrimaryApproversList1.add(fallbackPrimaryApprovers3);
stages1.fallbackPrimaryApprovers = fallbackPrimaryApproversList1;
LinkedList<SubjectSet> escalationApproversList1 = new LinkedList<SubjectSet>();
stages1.escalationApprovers = escalationApproversList1;
LinkedList<SubjectSet> fallbackEscalationApproversList1 = new LinkedList<SubjectSet>();
stages1.fallbackEscalationApprovers = fallbackEscalationApproversList1;
stagesList.add(stages1);
requestApprovalSettings.stages = stagesList;
accessPackageAssignmentPolicy.requestApprovalSettings = requestApprovalSettings;
AccessPackageAssignmentReviewSettings reviewSettings = new AccessPackageAssignmentReviewSettings();
reviewSettings.isEnabled = true;
reviewSettings.expirationBehavior = AccessReviewExpirationBehavior.KEEP_ACCESS;
reviewSettings.isRecommendationEnabled = true;
reviewSettings.isReviewerJustificationRequired = true;
reviewSettings.isSelfReview = false;
EntitlementManagementSchedule schedule = new EntitlementManagementSchedule();
schedule.startDateTime = OffsetDateTimeSerializer.deserialize("2022-07-02T06:59:59.998Z");
ExpirationPattern expiration1 = new ExpirationPattern();
expiration1.duration = DatatypeFactory.newInstance().newDuration("P14D");
expiration1.type = ExpirationPatternType.AFTER_DURATION;
schedule.expiration = expiration1;
PatternedRecurrence recurrence = new PatternedRecurrence();
RecurrencePattern pattern = new RecurrencePattern();
pattern.type = RecurrencePatternType.ABSOLUTE_MONTHLY;
pattern.interval = 3;
pattern.month = 0;
pattern.dayOfMonth = 0;
LinkedList<DayOfWeek> daysOfWeekList = new LinkedList<DayOfWeek>();
pattern.daysOfWeek = daysOfWeekList;
recurrence.pattern = pattern;
RecurrenceRange range = new RecurrenceRange();
range.type = RecurrenceRangeType.NO_END;
range.numberOfOccurrences = 0;
recurrence.range = range;
schedule.recurrence = recurrence;
reviewSettings.schedule = schedule;
LinkedList<SubjectSet> primaryReviewersList = new LinkedList<SubjectSet>();
GroupMembers primaryReviewers = new GroupMembers();
primaryReviewers.groupId = "1623f912-5e86-41c2-af47-39dd67582b66";
primaryReviewersList.add(primaryReviewers);
reviewSettings.primaryReviewers = primaryReviewersList;
LinkedList<SubjectSet> fallbackReviewersList = new LinkedList<SubjectSet>();
reviewSettings.fallbackReviewers = fallbackReviewersList;
accessPackageAssignmentPolicy.reviewSettings = reviewSettings;
AccessPackage accessPackage = new AccessPackage();
accessPackage.id = "a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b";
accessPackageAssignmentPolicy.accessPackage = accessPackage;

graphClient.identityGovernance().entitlementManagement().assignmentPolicies()
    .buildRequest()
    .post(accessPackageAssignmentPolicy);


Import-Module Microsoft.Graph.Identity.Governance

$params = @{
    DisplayName = "policy for external access requests"
    Description = "policy for users from connected organizations to request access, with two stages of approval."
    AllowedTargetScope = "allConfiguredConnectedOrganizationUsers"
    SpecificAllowedTargets = @(
    )
    Expiration = @{
        Type = "noExpiration"
    }
    RequestorSettings = @{
        EnableTargetsToSelfAddAccess = $true
        EnableTargetsToSelfUpdateAccess = $true
        EnableTargetsToSelfRemoveAccess = $true
        AllowCustomAssignmentSchedule = $false
        EnableOnBehalfRequestorsToAddAccess = $false
        EnableOnBehalfRequestorsToUpdateAccess = $false
        EnableOnBehalfRequestorsToRemoveAccess = $false
        OnBehalfRequestors = @(
        )
    }
    RequestApprovalSettings = @{
        IsApprovalRequiredForAdd = $true
        IsApprovalRequiredForUpdate = $false
        Stages = @(
            @{
                DurationBeforeAutomaticDenial = "P14D"
                IsApproverJustificationRequired = $false
                IsEscalationEnabled = $false
                DurationBeforeEscalation = "PT0S"
                PrimaryApprovers = @(
                    @{
                        "@odata.type" = "#microsoft.graph.internalSponsors"
                    }
                )
                FallbackPrimaryApprovers = @(
                    @{
                        "@odata.type" = "#microsoft.graph.singleUser"
                        UserId = "7deff43e-1f17-44ef-9e5f-d516b0ba11d4"
                    }
                    @{
                        "@odata.type" = "#microsoft.graph.groupMembers"
                        GroupId = "1623f912-5e86-41c2-af47-39dd67582b66"
                    }
                )
                EscalationApprovers = @(
                )
                FallbackEscalationApprovers = @(
                )
            }
            @{
                DurationBeforeAutomaticDenial = "P14D"
                IsApproverJustificationRequired = $false
                IsEscalationEnabled = $false
                DurationBeforeEscalation = "PT0S"
                PrimaryApprovers = @(
                )
                FallbackPrimaryApprovers = @(
                    @{
                        "@odata.type" = "#microsoft.graph.singleUser"
                        UserId = "46184453-e63b-4f20-86c2-c557ed5d5df9"
                    }
                    @{
                        "@odata.type" = "#microsoft.graph.groupMembers"
                        GroupId = "1623f912-5e86-41c2-af47-39dd67582b66"
                    }
                )
                EscalationApprovers = @(
                )
                FallbackEscalationApprovers = @(
                )
            }
        )
    }
    ReviewSettings = @{
        IsEnabled = $true
        ExpirationBehavior = "keepAccess"
        IsRecommendationEnabled = $true
        IsReviewerJustificationRequired = $true
        IsSelfReview = $false
        Schedule = @{
            StartDateTime = [System.DateTime]::Parse("2022-07-02T06:59:59.998Z")
            Expiration = @{
                Duration = "P14D"
                Type = "afterDuration"
            }
            Recurrence = @{
                Pattern = @{
                    Type = "absoluteMonthly"
                    Interval = 3
                    Month = 0
                    DayOfMonth = 0
                    DaysOfWeek = @(
                    )
                }
                Range = @{
                    Type = "noEnd"
                    NumberOfOccurrences = 0
                }
            }
        }
        PrimaryReviewers = @(
            @{
                "@odata.type" = "#microsoft.graph.groupMembers"
                GroupId = "1623f912-5e86-41c2-af47-39dd67582b66"
            }
        )
        FallbackReviewers = @(
        )
    }
    AccessPackage = @{
        Id = "a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b"
    }
}

New-MgEntitlementManagementAssignmentPolicy -BodyParameter $params


//THE GO SDK IS IN PREVIEW. NON-PRODUCTION USE ONLY
graphClient := msgraphsdk.NewGraphServiceClient(requestAdapter)

requestBody := msgraphsdk.NewAccessPackageAssignmentPolicy()
displayName := "policy for external access requests"
requestBody.SetDisplayName(&displayName)
description := "policy for users from connected organizations to request access, with two stages of approval."
requestBody.SetDescription(&description)
allowedTargetScope := "allConfiguredConnectedOrganizationUsers"
requestBody.SetAllowedTargetScope(&allowedTargetScope)
requestBody.SetSpecificAllowedTargets( []SubjectSet {
}
expiration := msgraphsdk.NewExpirationPattern()
requestBody.SetExpiration(expiration)
type := "noExpiration"
expiration.SetType(&type)
requestorSettings := msgraphsdk.NewAccessPackageAssignmentRequestorSettings()
requestBody.SetRequestorSettings(requestorSettings)
enableTargetsToSelfAddAccess := true
requestorSettings.SetEnableTargetsToSelfAddAccess(&enableTargetsToSelfAddAccess)
enableTargetsToSelfUpdateAccess := true
requestorSettings.SetEnableTargetsToSelfUpdateAccess(&enableTargetsToSelfUpdateAccess)
enableTargetsToSelfRemoveAccess := true
requestorSettings.SetEnableTargetsToSelfRemoveAccess(&enableTargetsToSelfRemoveAccess)
allowCustomAssignmentSchedule := false
requestorSettings.SetAllowCustomAssignmentSchedule(&allowCustomAssignmentSchedule)
enableOnBehalfRequestorsToAddAccess := false
requestorSettings.SetEnableOnBehalfRequestorsToAddAccess(&enableOnBehalfRequestorsToAddAccess)
enableOnBehalfRequestorsToUpdateAccess := false
requestorSettings.SetEnableOnBehalfRequestorsToUpdateAccess(&enableOnBehalfRequestorsToUpdateAccess)
enableOnBehalfRequestorsToRemoveAccess := false
requestorSettings.SetEnableOnBehalfRequestorsToRemoveAccess(&enableOnBehalfRequestorsToRemoveAccess)
requestorSettings.SetOnBehalfRequestors( []SubjectSet {
}
requestApprovalSettings := msgraphsdk.NewAccessPackageAssignmentApprovalSettings()
requestBody.SetRequestApprovalSettings(requestApprovalSettings)
isApprovalRequiredForAdd := true
requestApprovalSettings.SetIsApprovalRequiredForAdd(&isApprovalRequiredForAdd)
isApprovalRequiredForUpdate := false
requestApprovalSettings.SetIsApprovalRequiredForUpdate(&isApprovalRequiredForUpdate)
requestApprovalSettings.SetStages( []AccessPackageApprovalStage {
    msgraphsdk.NewAccessPackageApprovalStage(),
durationBeforeAutomaticDenial := "P14D"
    SetDurationBeforeAutomaticDenial(&durationBeforeAutomaticDenial)
isApproverJustificationRequired := false
    SetIsApproverJustificationRequired(&isApproverJustificationRequired)
isEscalationEnabled := false
    SetIsEscalationEnabled(&isEscalationEnabled)
durationBeforeEscalation := "PT0S"
    SetDurationBeforeEscalation(&durationBeforeEscalation)
    SetPrimaryApprovers( []SubjectSet {
        msgraphsdk.NewSubjectSet(),
        SetAdditionalData(map[string]interface{}{
            "@odata.type": "#microsoft.graph.internalSponsors",
        }
    }
    SetFallbackPrimaryApprovers( []SubjectSet {
        msgraphsdk.NewSubjectSet(),
        SetAdditionalData(map[string]interface{}{
            "@odata.type": "#microsoft.graph.singleUser",
            "userId": "7deff43e-1f17-44ef-9e5f-d516b0ba11d4",
        }
        msgraphsdk.NewSubjectSet(),
        SetAdditionalData(map[string]interface{}{
            "@odata.type": "#microsoft.graph.groupMembers",
            "groupId": "1623f912-5e86-41c2-af47-39dd67582b66",
        }
    }
    SetEscalationApprovers( []SubjectSet {
    }
    SetFallbackEscalationApprovers( []SubjectSet {
    }
    msgraphsdk.NewAccessPackageApprovalStage(),
durationBeforeAutomaticDenial := "P14D"
    SetDurationBeforeAutomaticDenial(&durationBeforeAutomaticDenial)
isApproverJustificationRequired := false
    SetIsApproverJustificationRequired(&isApproverJustificationRequired)
isEscalationEnabled := false
    SetIsEscalationEnabled(&isEscalationEnabled)
durationBeforeEscalation := "PT0S"
    SetDurationBeforeEscalation(&durationBeforeEscalation)
    SetPrimaryApprovers( []SubjectSet {
    }
    SetFallbackPrimaryApprovers( []SubjectSet {
        msgraphsdk.NewSubjectSet(),
        SetAdditionalData(map[string]interface{}{
            "@odata.type": "#microsoft.graph.singleUser",
            "userId": "46184453-e63b-4f20-86c2-c557ed5d5df9",
        }
        msgraphsdk.NewSubjectSet(),
        SetAdditionalData(map[string]interface{}{
            "@odata.type": "#microsoft.graph.groupMembers",
            "groupId": "1623f912-5e86-41c2-af47-39dd67582b66",
        }
    }
    SetEscalationApprovers( []SubjectSet {
    }
    SetFallbackEscalationApprovers( []SubjectSet {
    }
}
reviewSettings := msgraphsdk.NewAccessPackageAssignmentReviewSettings()
requestBody.SetReviewSettings(reviewSettings)
isEnabled := true
reviewSettings.SetIsEnabled(&isEnabled)
expirationBehavior := "keepAccess"
reviewSettings.SetExpirationBehavior(&expirationBehavior)
isRecommendationEnabled := true
reviewSettings.SetIsRecommendationEnabled(&isRecommendationEnabled)
isReviewerJustificationRequired := true
reviewSettings.SetIsReviewerJustificationRequired(&isReviewerJustificationRequired)
isSelfReview := false
reviewSettings.SetIsSelfReview(&isSelfReview)
schedule := msgraphsdk.NewEntitlementManagementSchedule()
reviewSettings.SetSchedule(schedule)
startDateTime, err := time.Parse(time.RFC3339, "2022-07-02T06:59:59.998Z")
schedule.SetStartDateTime(&startDateTime)
expiration := msgraphsdk.NewExpirationPattern()
schedule.SetExpiration(expiration)
duration := "P14D"
expiration.SetDuration(&duration)
type := "afterDuration"
expiration.SetType(&type)
recurrence := msgraphsdk.NewPatternedRecurrence()
schedule.SetRecurrence(recurrence)
pattern := msgraphsdk.NewRecurrencePattern()
recurrence.SetPattern(pattern)
type := "absoluteMonthly"
pattern.SetType(&type)
interval := int32(3)
pattern.SetInterval(&interval)
month := int32(0)
pattern.SetMonth(&month)
dayOfMonth := int32(0)
pattern.SetDayOfMonth(&dayOfMonth)
pattern.SetDaysOfWeek( []DayOfWeek {
}
range := msgraphsdk.NewRecurrenceRange()
recurrence.SetRange(range)
type := "noEnd"
range.SetType(&type)
numberOfOccurrences := int32(0)
range.SetNumberOfOccurrences(&numberOfOccurrences)
reviewSettings.SetPrimaryReviewers( []SubjectSet {
    msgraphsdk.NewSubjectSet(),
    SetAdditionalData(map[string]interface{}{
        "@odata.type": "#microsoft.graph.groupMembers",
        "groupId": "1623f912-5e86-41c2-af47-39dd67582b66",
    }
}
reviewSettings.SetFallbackReviewers( []SubjectSet {
}
accessPackage := msgraphsdk.NewAccessPackage()
requestBody.SetAccessPackage(accessPackage)
id := "a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b"
accessPackage.SetId(&id)
result, err := graphClient.IdentityGovernance().EntitlementManagement().AssignmentPolicies().Post(requestBody)

Antwort

HTTP/1.1 201 Created
Content-Type: application/json

{
  "id": "9d8f2361-39be-482e-b267-34ad6baef4d3",
    "displayName": "policy for external access requests",
    "description": "policy for users from connected organizations to request access, with two stages of approval."
}

AssignmentPolicies erstellen

Berechtigungen

HTTP-Anforderung

Anforderungsheader

Anforderungstext

Antwort

Beispiele

Beispiel 1: Erstellen einer Direktzuweisungsrichtlinie

Anforderung

Antwort

Beispiel 2: Erstellen einer Richtlinie für Benutzer aus anderen Organisationen zum Anfordern

Anforderung

Antwort

Feedback