Update governanceRoleAssignmentRequests

Namespace: microsoft.graph

Important

APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.

Caution

This version of the Privileged Identity Management (PIM) API for Azure Resource roles will be deprecated soon. Please use the new Azure REST PIM API for Azure resource roles.

Enable administrators to update their decisions (AdminApproved or AdminDenied) on governanceRoleAssignmentRequests that are in status of PendingAdminDecision.

Permissions

One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.

Note: This API also requires that the requester have at least one Active administrator role assignment (owner or user access administrator) on the resource that the governanceRoleAssignmentRequest belongs to.

Azure resources

Permission type Permissions
Delegated (work or school account) PrivilegedAccess.ReadWrite.AzureResources
Delegated (personal Microsoft account) Not supported.
Application Not supported.

Azure AD

Permission type Permissions
Delegated (work or school account) PrivilegedAccess.ReadWrite.AzureAD
Delegated (personal Microsoft account) Not supported.
Application Not supported.

Groups

Permission type Permissions
Delegated (work or school account) PrivilegedAccess.ReadWrite.AzureADGroup
Delegated (personal Microsoft account) Not supported.
Application Not supported.

HTTP request

POST /privilegedAccess/azureResources/roleAssignmentRequests/{id}/updateRequest   

Request headers

Name Description
Authorization Bearer {code}
Content-type application/json

Request body

Parameters Type Required Description
reason String The reason provided by the administrator for his decision.
decision String The administrator decision of the role assignment request. The value should be updated as AdminApproved or AdminDenied.
schedule governanceSchedule The schedule of the role assignment request. For status of AdminApproved, it is required.
assignmentState String The state of assignment, and the values can be Eligible or Active. For decision of AdminApproved, it is required.

Response

This method can only be applied to requests that are in status of PendingAdminDecision.

If successful, this method returns a 204 No Content response code. It does not return anything in the response body.

Example

Request
POST https://graph.microsoft.com/beta/privilegedAccess/azureResources/roleAssignmentRequests/7c53453e-d5a4-41e0-8eb1-32d5ec8bfdee/updateRequest
Request body
{
  "reason":"approve the request to extend role assignment",
  "schedule":{
    "type":"Once",
    "startDateTime":"2018-02-20T07:31:13.451Z",
    "stopDateTime":"2018-05-21T07:31:13.451Z",
    },
  "decision":"AdminApproved",
  "assignmentState": "Eligible"
}
Response
HTTP/1.1 204 No Content