APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.
Permission type
Permissions (from least to most privileged)
Delegated (work or school account)
AccessReview.ReadWrite.All
Delegated (personal Microsoft account)
Not supported.
Application
AccessReview.ReadWrite.All
The signed-in user must also be in a directory role that permits them to create an access review. For more details, see the role and permission requirements for access reviews.
HTTP request
POST /identityGovernance/accessReviews/definitions
If provided, the fallback reviewers are asked to complete a review if the primary reviewers do not exist. For example, if managers are selected as reviewers and a principal under review does not have a manager in Azure AD, the fallback reviewers are asked to review that principal.
NOTE: The value of this property will be ignored if fallback reviewers are assigned through the stageSettings property.
Defines how many stages each instance of an access review series will have. Stages will be created sequentially based on the dependsOn property. Each stage can have different set of reviewer, fallback reviewers and settings.
When this property is defined, its values are used instead of the corresponding values in the accessReviewScheduleDefinition object and its settings property. Optional.
This property has been replaced by fallbackReviewers. However, specifying either backupReviewers or fallbackReviewers automatically populates the same values to the other property.
Response
If successful, this method returns a 201 Created response code and an accessReviewScheduleDefinition object in the response body.
Examples
Example 1: Create an access review on a group
The following example creates an access review with the following settings:
The review reviews all members of a group with the id02f3bafb-448c-487c-88c2-5fd65ce49a41.
A specific user with the user id398164b1-5196-49dd-ada2-364b49f99b27 is the reviewer.
GraphServiceClient graphClient = new GraphServiceClient( authProvider );
var accessReviewScheduleDefinition = new AccessReviewScheduleDefinition
{
DisplayName = "Test create",
DescriptionForAdmins = "New scheduled access review",
DescriptionForReviewers = "If you have any questions, contact jerry@contoso.com",
Scope = new AccessReviewQueryScope
{
Query = "/groups/02f3bafb-448c-487c-88c2-5fd65ce49a41/transitiveMembers",
QueryType = "MicrosoftGraph"
},
Reviewers = new List<AccessReviewReviewerScope>()
{
new AccessReviewReviewerScope
{
Query = "/users/398164b1-5196-49dd-ada2-364b49f99b27",
QueryType = "MicrosoftGraph"
}
},
Settings = new AccessReviewScheduleSettings
{
MailNotificationsEnabled = true,
ReminderNotificationsEnabled = true,
JustificationRequiredOnApproval = true,
DefaultDecisionEnabled = false,
DefaultDecision = "None",
InstanceDurationInDays = 1,
RecommendationsEnabled = true,
Recurrence = new PatternedRecurrence
{
Pattern = new RecurrencePattern
{
Type = RecurrencePatternType.Weekly,
Interval = 1
},
Range = new RecurrenceRange
{
Type = RecurrenceRangeType.NoEnd,
StartDate = new Date(2020,9,8)
}
}
}
};
await graphClient.IdentityGovernance.AccessReviews.Definitions
.Request()
.AddAsync(accessReviewScheduleDefinition);
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();
AccessReviewScheduleDefinition accessReviewScheduleDefinition = new AccessReviewScheduleDefinition();
accessReviewScheduleDefinition.displayName = "Test create";
accessReviewScheduleDefinition.descriptionForAdmins = "New scheduled access review";
accessReviewScheduleDefinition.descriptionForReviewers = "If you have any questions, contact jerry@contoso.com";
AccessReviewQueryScope scope = new AccessReviewQueryScope();
scope.query = "/groups/02f3bafb-448c-487c-88c2-5fd65ce49a41/transitiveMembers";
scope.queryType = "MicrosoftGraph";
accessReviewScheduleDefinition.scope = scope;
LinkedList<AccessReviewReviewerScope> reviewersList = new LinkedList<AccessReviewReviewerScope>();
AccessReviewReviewerScope reviewers = new AccessReviewReviewerScope();
reviewers.query = "/users/398164b1-5196-49dd-ada2-364b49f99b27";
reviewers.queryType = "MicrosoftGraph";
reviewersList.add(reviewers);
accessReviewScheduleDefinition.reviewers = reviewersList;
AccessReviewScheduleSettings settings = new AccessReviewScheduleSettings();
settings.mailNotificationsEnabled = true;
settings.reminderNotificationsEnabled = true;
settings.justificationRequiredOnApproval = true;
settings.defaultDecisionEnabled = false;
settings.defaultDecision = "None";
settings.instanceDurationInDays = 1;
settings.recommendationsEnabled = true;
PatternedRecurrence recurrence = new PatternedRecurrence();
RecurrencePattern pattern = new RecurrencePattern();
pattern.type = RecurrencePatternType.WEEKLY;
pattern.interval = 1;
recurrence.pattern = pattern;
RecurrenceRange range = new RecurrenceRange();
range.type = RecurrenceRangeType.NO_END;
range.startDate = new DateOnly(1900,1,1);
recurrence.range = range;
settings.recurrence = recurrence;
accessReviewScheduleDefinition.settings = settings;
graphClient.identityGovernance().accessReviews().definitions()
.buildRequest()
.post(accessReviewScheduleDefinition);
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
<?php
// THIS SNIPPET IS A PREVIEW FOR THE KIOTA BASED SDK. NON-PRODUCTION USE ONLY
$graphServiceClient = new GraphServiceClient($requestAdapter);
$requestBody = new AccessReviewScheduleDefinition();
$requestBody->setDisplayName('Test create');
$requestBody->setDescriptionForAdmins('New scheduled access review');
$requestBody->setDescriptionForReviewers('If you have any questions, contact jerry@contoso.com');
$scope = new AccessReviewScope();
$scope->set@odatatype('#microsoft.graph.accessReviewQueryScope');
$additionalData = [
'query' => '/groups/02f3bafb-448c-487c-88c2-5fd65ce49a41/transitiveMembers',
'queryType' => 'MicrosoftGraph',
];
$scope->setAdditionalData($additionalData);
$requestBody->setScope($scope);
$reviewersAccessReviewReviewerScope1 = new AccessReviewReviewerScope();
$reviewersAccessReviewReviewerScope1->setQuery('/users/398164b1-5196-49dd-ada2-364b49f99b27');
$reviewersAccessReviewReviewerScope1->setQueryType('MicrosoftGraph');
$reviewersArray []= $reviewersAccessReviewReviewerScope1;
$requestBody->setReviewers($reviewersArray);
$settings = new AccessReviewScheduleSettings();
$settings->setMailNotificationsEnabled(true);
$settings->setReminderNotificationsEnabled(true);
$settings->setJustificationRequiredOnApproval(true);
$settings->setDefaultDecisionEnabled(false);
$settings->setDefaultDecision('None');
$settings->setInstanceDurationInDays(1);
$settings->setRecommendationsEnabled(true);
$settingsRecurrence = new PatternedRecurrence();
$settingsRecurrencePattern = new RecurrencePattern();
$settingsRecurrencePattern->setType(new RecurrencePatternType('weekly'));
$settingsRecurrencePattern->setInterval(1);
$settingsRecurrence->setPattern($settingsRecurrencePattern);
$settingsRecurrenceRange = new RecurrenceRange();
$settingsRecurrenceRange->setType(new RecurrenceRangeType('noend'));
$settingsRecurrenceRange->setStartDate('2020-09-08T12:02:30.667Z');
$settingsRecurrence->setRange($settingsRecurrenceRange);
$settings->setRecurrence($settingsRecurrence);
$requestBody->setSettings($settings);
$requestResult = $graphServiceClient->identityGovernance()->accessReviews()->definitions()->post($requestBody);
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
GraphServiceClient graphClient = new GraphServiceClient( authProvider );
var accessReviewScheduleDefinition = new AccessReviewScheduleDefinition
{
DisplayName = "Review inactive guests on teams",
DescriptionForAdmins = "Control guest user access to our teams.",
DescriptionForReviewers = "Information security is everyone's responsibility. Review our access policy for more.",
InstanceEnumerationScope = new AccessReviewQueryScope
{
Query = "/groups?$filter=(groupTypes/any(c:c+eq+'Unified') and resourceProvisioningOptions/Any(x:x eq 'Team')')",
QueryType = "MicrosoftGraph"
},
Scope = new AccessReviewInactiveUsersQueryScope
{
Query = "./members/microsoft.graph.user/?$filter=(userType eq 'Guest')",
QueryType = "MicrosoftGraph",
InactiveDuration = new Duration("P30D")
},
Reviewers = new List<AccessReviewReviewerScope>()
{
new AccessReviewReviewerScope
{
Query = "./owners",
QueryType = "MicrosoftGraph"
}
},
FallbackReviewers = new List<AccessReviewReviewerScope>()
{
new AccessReviewReviewerScope
{
Query = "/users/fc9a2c2b-1ddc-486d-a211-5fe8ca77fa1f",
QueryType = "MicrosoftGraph"
}
},
Settings = new AccessReviewScheduleSettings
{
MailNotificationsEnabled = true,
ReminderNotificationsEnabled = true,
JustificationRequiredOnApproval = true,
RecommendationsEnabled = true,
InstanceDurationInDays = 3,
Recurrence = new PatternedRecurrence
{
Pattern = new RecurrencePattern
{
Type = RecurrencePatternType.AbsoluteMonthly,
DayOfMonth = 5,
Interval = 3
},
Range = new RecurrenceRange
{
Type = RecurrenceRangeType.NoEnd,
StartDate = new Date(2020,5,4)
}
},
DefaultDecisionEnabled = true,
DefaultDecision = "Deny",
AutoApplyDecisionsEnabled = true
}
};
await graphClient.IdentityGovernance.AccessReviews.Definitions
.Request()
.AddAsync(accessReviewScheduleDefinition);
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
<?php
// THIS SNIPPET IS A PREVIEW FOR THE KIOTA BASED SDK. NON-PRODUCTION USE ONLY
$graphServiceClient = new GraphServiceClient($requestAdapter);
$requestBody = new AccessReviewScheduleDefinition();
$requestBody->setDisplayName('Review inactive guests on teams');
$requestBody->setDescriptionForAdmins('Control guest user access to our teams.');
$requestBody->setDescriptionForReviewers('Information security is everyone\'s responsibility. Review our access policy for more.');
$instanceEnumerationScope = new AccessReviewScope();
$instanceEnumerationScope->set@odatatype('#microsoft.graph.accessReviewQueryScope');
$additionalData = [
'query' => '/groups?$filter=(groupTypes/any(c:c+eq+\'Unified\') and resourceProvisioningOptions/Any(x:x eq \'Team\')\')',
'queryType' => 'MicrosoftGraph',
];
$instanceEnumerationScope->setAdditionalData($additionalData);
$requestBody->setInstanceEnumerationScope($instanceEnumerationScope);
$scope = new AccessReviewScope();
$scope->set@odatatype('#microsoft.graph.accessReviewInactiveUsersQueryScope');
$additionalData = [
'query' => './members/microsoft.graph.user/?$filter=(userType eq \'Guest\')',
'queryType' => 'MicrosoftGraph',
'inactiveDuration' => 'P30D',
];
$scope->setAdditionalData($additionalData);
$requestBody->setScope($scope);
$reviewersAccessReviewReviewerScope1 = new AccessReviewReviewerScope();
$reviewersAccessReviewReviewerScope1->setQuery('./owners');
$reviewersAccessReviewReviewerScope1->setQueryType('MicrosoftGraph');
$reviewersArray []= $reviewersAccessReviewReviewerScope1;
$requestBody->setReviewers($reviewersArray);
$fallbackReviewersAccessReviewReviewerScope1 = new AccessReviewReviewerScope();
$fallbackReviewersAccessReviewReviewerScope1->setQuery('/users/fc9a2c2b-1ddc-486d-a211-5fe8ca77fa1f');
$fallbackReviewersAccessReviewReviewerScope1->setQueryType('MicrosoftGraph');
$fallbackReviewersArray []= $fallbackReviewersAccessReviewReviewerScope1;
$requestBody->setFallbackReviewers($fallbackReviewersArray);
$settings = new AccessReviewScheduleSettings();
$settings->setMailNotificationsEnabled(true);
$settings->setReminderNotificationsEnabled(true);
$settings->setJustificationRequiredOnApproval(true);
$settings->setRecommendationsEnabled(true);
$settings->setInstanceDurationInDays(3);
$settingsRecurrence = new PatternedRecurrence();
$settingsRecurrencePattern = new RecurrencePattern();
$settingsRecurrencePattern->setType(new RecurrencePatternType('absolutemonthly'));
$settingsRecurrencePattern->setDayOfMonth(5);
$settingsRecurrencePattern->setInterval(3);
$settingsRecurrence->setPattern($settingsRecurrencePattern);
$settingsRecurrenceRange = new RecurrenceRange();
$settingsRecurrenceRange->setType(new RecurrenceRangeType('noend'));
$settingsRecurrenceRange->setStartDate('2020-05-04T00:00:00.000Z');
$settingsRecurrence->setRange($settingsRecurrenceRange);
$settings->setRecurrence($settingsRecurrence);
$settings->setDefaultDecisionEnabled(true);
$settings->setDefaultDecision('Deny');
$settings->setAutoApplyDecisionsEnabled(true);
$requestBody->setSettings($settings);
$requestResult = $graphServiceClient->identityGovernance()->accessReviews()->definitions()->post($requestBody);
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
GraphServiceClient graphClient = new GraphServiceClient( authProvider );
var accessReviewScheduleDefinition = new AccessReviewScheduleDefinition
{
DisplayName = "Review employee access to LinkedIn",
DescriptionForAdmins = "Review employee access to LinkedIn",
Scope = new PrincipalResourceMembershipsScope
{
PrincipalScopes = new List<AccessReviewScope>()
{
new AccessReviewQueryScope
{
Query = "/users",
QueryType = "MicrosoftGraph"
}
},
ResourceScopes = new List<AccessReviewScope>()
{
new AccessReviewQueryScope
{
Query = "/servicePrincipals/bae11f90-7d5d-46ba-9f55-8112b59d92ae",
QueryType = "MicrosoftGraph"
}
}
},
Reviewers = new List<AccessReviewReviewerScope>()
{
new AccessReviewReviewerScope
{
Query = "./manager",
QueryType = "MicrosoftGraph",
QueryRoot = "decisions"
}
},
BackupReviewers = new List<AccessReviewReviewerScope>()
{
new AccessReviewReviewerScope
{
Query = "/groups/072ac5f4-3f13-4088-ab30-0a276f3e6322/transitiveMembers",
QueryType = "MicrosoftGraph"
}
},
FallbackReviewers = new List<AccessReviewReviewerScope>()
{
new AccessReviewReviewerScope
{
Query = "/groups/072ac5f4-3f13-4088-ab30-0a276f3e6322/transitiveMembers",
QueryType = "MicrosoftGraph"
}
},
Settings = new AccessReviewScheduleSettings
{
MailNotificationsEnabled = true,
ReminderNotificationsEnabled = true,
JustificationRequiredOnApproval = true,
DefaultDecisionEnabled = true,
DefaultDecision = "Recommendation",
InstanceDurationInDays = 180,
AutoApplyDecisionsEnabled = true,
RecommendationsEnabled = true,
Recurrence = new PatternedRecurrence
{
Pattern = new RecurrencePattern
{
Type = RecurrencePatternType.AbsoluteMonthly,
Interval = 6,
DayOfMonth = 0
},
Range = new RecurrenceRange
{
Type = RecurrenceRangeType.Numbered,
StartDate = new Date(2021,5,5),
EndDate = new Date(2022,5,5)
}
}
}
};
await graphClient.IdentityGovernance.AccessReviews.Definitions
.Request()
.AddAsync(accessReviewScheduleDefinition);
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
<?php
// THIS SNIPPET IS A PREVIEW FOR THE KIOTA BASED SDK. NON-PRODUCTION USE ONLY
$graphServiceClient = new GraphServiceClient($requestAdapter);
$requestBody = new AccessReviewScheduleDefinition();
$requestBody->setDisplayName('Review employee access to LinkedIn');
$requestBody->setDescriptionForAdmins('Review employee access to LinkedIn');
$scope = new AccessReviewScope();
$scope->set@odatatype('#microsoft.graph.principalResourceMembershipsScope');
$additionalData = [
'principalScopes' => $principalScopes1 = new ();
$ principalScopes1->set@odatatype('#microsoft.graph.accessReviewQueryScope');
$ principalScopes1->setQuery('/users');
$ principalScopes1->setQueryType('MicrosoftGraph');
$principalScopesArray []= $principalScopes1;
$scope->setPrincipalScopes($principalScopesArray);
'resourceScopes' => $resourceScopes1 = new ();
$ resourceScopes1->set@odatatype('#microsoft.graph.accessReviewQueryScope');
$ resourceScopes1->setQuery('/servicePrincipals/bae11f90-7d5d-46ba-9f55-8112b59d92ae');
$ resourceScopes1->setQueryType('MicrosoftGraph');
$resourceScopesArray []= $resourceScopes1;
$scope->setResourceScopes($resourceScopesArray);
];
$scope->setAdditionalData($additionalData);
$requestBody->setScope($scope);
$reviewersAccessReviewReviewerScope1 = new AccessReviewReviewerScope();
$reviewersAccessReviewReviewerScope1->setQuery('./manager');
$reviewersAccessReviewReviewerScope1->setQueryType('MicrosoftGraph');
$reviewersAccessReviewReviewerScope1->setQueryRoot('decisions');
$reviewersArray []= $reviewersAccessReviewReviewerScope1;
$requestBody->setReviewers($reviewersArray);
$backupReviewersAccessReviewReviewerScope1 = new AccessReviewReviewerScope();
$backupReviewersAccessReviewReviewerScope1->setQuery('/groups/072ac5f4-3f13-4088-ab30-0a276f3e6322/transitiveMembers');
$backupReviewersAccessReviewReviewerScope1->setQueryType('MicrosoftGraph');
$backupReviewersArray []= $backupReviewersAccessReviewReviewerScope1;
$requestBody->setBackupReviewers($backupReviewersArray);
$fallbackReviewersAccessReviewReviewerScope1 = new AccessReviewReviewerScope();
$fallbackReviewersAccessReviewReviewerScope1->setQuery('/groups/072ac5f4-3f13-4088-ab30-0a276f3e6322/transitiveMembers');
$fallbackReviewersAccessReviewReviewerScope1->setQueryType('MicrosoftGraph');
$fallbackReviewersArray []= $fallbackReviewersAccessReviewReviewerScope1;
$requestBody->setFallbackReviewers($fallbackReviewersArray);
$settings = new AccessReviewScheduleSettings();
$settings->setMailNotificationsEnabled(true);
$settings->setReminderNotificationsEnabled(true);
$settings->setJustificationRequiredOnApproval(true);
$settings->setDefaultDecisionEnabled(true);
$settings->setDefaultDecision('Recommendation');
$settings->setInstanceDurationInDays(180);
$settings->setAutoApplyDecisionsEnabled(true);
$settings->setRecommendationsEnabled(true);
$settingsRecurrence = new PatternedRecurrence();
$settingsRecurrencePattern = new RecurrencePattern();
$settingsRecurrencePattern->setType(new RecurrencePatternType('absolutemonthly'));
$settingsRecurrencePattern->setInterval(6);
$settingsRecurrencePattern->setDayOfMonth(0);
$settingsRecurrence->setPattern($settingsRecurrencePattern);
$settingsRecurrenceRange = new RecurrenceRange();
$settingsRecurrenceRange->setType(new RecurrenceRangeType('numbered'));
$settingsRecurrenceRange->setStartDate('2021-05-05');
$settingsRecurrenceRange->setEndDate('2022-05-05');
$settingsRecurrence->setRange($settingsRecurrenceRange);
$settings->setRecurrence($settingsRecurrence);
$requestBody->setSettings($settings);
$requestResult = $graphServiceClient->identityGovernance()->accessReviews()->definitions()->post($requestBody);
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
GraphServiceClient graphClient = new GraphServiceClient( authProvider );
var accessReviewScheduleDefinition = new AccessReviewScheduleDefinition
{
DisplayName = "Group Multi-stage Access Review",
DescriptionForAdmins = "New scheduled access review",
DescriptionForReviewers = "If you have any questions, contact jerry@contoso.com",
Scope = new AccessReviewQueryScope
{
Query = "/groups/02f3bafb-448c-487c-88c2-5fd65ce49a41/transitiveMembers",
QueryType = "MicrosoftGraph"
},
StageSettings = new List<AccessReviewStageSettings>()
{
new AccessReviewStageSettings
{
StageId = "1",
DurationInDays = 2,
RecommendationsEnabled = false,
DecisionsThatWillMoveToNextStage = new List<String>()
{
"NotReviewed",
"Approve"
},
Reviewers = new List<AccessReviewReviewerScope>()
{
new AccessReviewReviewerScope
{
Query = "/users/398164b1-5196-49dd-ada2-364b49f99b27",
QueryType = "MicrosoftGraph"
}
}
},
new AccessReviewStageSettings
{
StageId = "2",
DependsOn = new List<String>()
{
"1"
},
DurationInDays = 2,
RecommendationsEnabled = true,
Reviewers = new List<AccessReviewReviewerScope>()
{
new AccessReviewReviewerScope
{
Query = "./manager",
QueryType = "MicrosoftGraph",
QueryRoot = "decisions"
}
},
FallbackReviewers = new List<AccessReviewReviewerScope>()
{
new AccessReviewReviewerScope
{
Query = "/groups/072ac5f4-3f13-4088-ab30-0a276f3e6322/transitiveMembers",
QueryType = "MicrosoftGraph"
}
}
}
},
Settings = new AccessReviewScheduleSettings
{
MailNotificationsEnabled = true,
ReminderNotificationsEnabled = true,
JustificationRequiredOnApproval = true,
DefaultDecisionEnabled = false,
DefaultDecision = "None",
InstanceDurationInDays = 4,
Recurrence = new PatternedRecurrence
{
Pattern = new RecurrencePattern
{
Type = RecurrencePatternType.Weekly,
Interval = 1
},
Range = new RecurrenceRange
{
Type = RecurrenceRangeType.NoEnd,
StartDate = new Date(2020,9,8)
}
},
DecisionHistoriesForReviewersEnabled = true
}
};
await graphClient.IdentityGovernance.AccessReviews.Definitions
.Request()
.AddAsync(accessReviewScheduleDefinition);
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.
<?php
// THIS SNIPPET IS A PREVIEW FOR THE KIOTA BASED SDK. NON-PRODUCTION USE ONLY
$graphServiceClient = new GraphServiceClient($requestAdapter);
$requestBody = new AccessReviewScheduleDefinition();
$requestBody->setDisplayName('Group Multi-stage Access Review');
$requestBody->setDescriptionForAdmins('New scheduled access review');
$requestBody->setDescriptionForReviewers('If you have any questions, contact jerry@contoso.com');
$scope = new AccessReviewScope();
$scope->set@odatatype('#microsoft.graph.accessReviewQueryScope');
$additionalData = [
'query' => '/groups/02f3bafb-448c-487c-88c2-5fd65ce49a41/transitiveMembers',
'queryType' => 'MicrosoftGraph',
];
$scope->setAdditionalData($additionalData);
$requestBody->setScope($scope);
$stageSettingsAccessReviewStageSettings1 = new AccessReviewStageSettings();
$stageSettingsAccessReviewStageSettings1->setStageId('1');
$stageSettingsAccessReviewStageSettings1->setDurationInDays(2);
$stageSettingsAccessReviewStageSettings1->setRecommendationsEnabled(false);
$stageSettingsAccessReviewStageSettings1->setDecisionsThatWillMoveToNextStage(['NotReviewed', 'Approve', ]);
$reviewersAccessReviewReviewerScope1 = new AccessReviewReviewerScope();
$reviewersAccessReviewReviewerScope1->setQuery('/users/398164b1-5196-49dd-ada2-364b49f99b27');
$reviewersAccessReviewReviewerScope1->setQueryType('MicrosoftGraph');
$reviewersArray []= $reviewersAccessReviewReviewerScope1;
$stageSettingsAccessReviewStageSettings1->setReviewers($reviewersArray);
$stageSettingsArray []= $stageSettingsAccessReviewStageSettings1;
$stageSettingsAccessReviewStageSettings2 = new AccessReviewStageSettings();
$stageSettingsAccessReviewStageSettings2->setStageId('2');
$stageSettingsAccessReviewStageSettings2->setDependsOn(['1', ]);
$stageSettingsAccessReviewStageSettings2->setDurationInDays(2);
$stageSettingsAccessReviewStageSettings2->setRecommendationsEnabled(true);
$reviewersAccessReviewReviewerScope1 = new AccessReviewReviewerScope();
$reviewersAccessReviewReviewerScope1->setQuery('./manager');
$reviewersAccessReviewReviewerScope1->setQueryType('MicrosoftGraph');
$reviewersAccessReviewReviewerScope1->setQueryRoot('decisions');
$reviewersArray []= $reviewersAccessReviewReviewerScope1;
$stageSettingsAccessReviewStageSettings2->setReviewers($reviewersArray);
$fallbackReviewersAccessReviewReviewerScope1 = new AccessReviewReviewerScope();
$fallbackReviewersAccessReviewReviewerScope1->setQuery('/groups/072ac5f4-3f13-4088-ab30-0a276f3e6322/transitiveMembers');
$fallbackReviewersAccessReviewReviewerScope1->setQueryType('MicrosoftGraph');
$fallbackReviewersArray []= $fallbackReviewersAccessReviewReviewerScope1;
$stageSettingsAccessReviewStageSettings2->setFallbackReviewers($fallbackReviewersArray);
$stageSettingsArray []= $stageSettingsAccessReviewStageSettings2;
$requestBody->setStageSettings($stageSettingsArray);
$settings = new AccessReviewScheduleSettings();
$settings->setMailNotificationsEnabled(true);
$settings->setReminderNotificationsEnabled(true);
$settings->setJustificationRequiredOnApproval(true);
$settings->setDefaultDecisionEnabled(false);
$settings->setDefaultDecision('None');
$settings->setInstanceDurationInDays(4);
$settingsRecurrence = new PatternedRecurrence();
$settingsRecurrencePattern = new RecurrencePattern();
$settingsRecurrencePattern->setType(new RecurrencePatternType('weekly'));
$settingsRecurrencePattern->setInterval(1);
$settingsRecurrence->setPattern($settingsRecurrencePattern);
$settingsRecurrenceRange = new RecurrenceRange();
$settingsRecurrenceRange->setType(new RecurrenceRangeType('noend'));
$settingsRecurrenceRange->setStartDate('2020-09-08T12:02:30.667Z');
$settingsRecurrence->setRange($settingsRecurrenceRange);
$settings->setRecurrence($settingsRecurrence);
$settings->setDecisionHistoriesForReviewersEnabled(true);
$requestBody->setSettings($settings);
$requestResult = $graphServiceClient->identityGovernance()->accessReviews()->definitions()->post($requestBody);
Important
Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.