accessPackageAssignmentPolicy resource type

Namespace: microsoft.graph

In Azure AD entitlement management, an access package assignment policy specifies the policy by which subjects can request or be assigned an access package via an access package assignment. An access package can have zero or more policies. When a request from a subject is received, the subject is matched against each policy to find the policy (if any) with requestorSettings that include that subject. The policy then determines whether the request requires approval, the duration of the access package assignment, and whether the assignment needs regular reviews.

To assign a user to an access package, create an accessPackageAssignmentRequest which references the access package and access package assignment policy.

Methods

Method Return type Description
List accessPackageAssignmentPolicies accessPackageAssignmentPolicy collection Get a list of the accessPackageAssignmentPolicy objects and their properties.
Create accessPackageAssignmentPolicy accessPackageAssignmentPolicy Create a new accessPackageAssignmentPolicy object.
Get accessPackageAssignmentPolicy accessPackageAssignmentPolicy Read the properties and relationships of an accessPackageAssignmentPolicy object.
Update accessPackageAssignmentPolicy accessPackageAssignmentPolicy Update the properties of an accessPackageAssignmentPolicy object.
Delete accessPackageAssignmentPolicy None Deletes an accessPackageAssignmentPolicy object.

Properties

Property Type Description
allowedTargetScope allowedTargetScope Principals that can be assigned the access package through this policy. The possible values are: notSpecified, specificDirectoryUsers, specificConnectedOrganizationUsers, specificDirectoryServicePrincipals, allMemberUsers, allDirectoryUsers, allDirectoryServicePrincipals, allConfiguredConnectedOrganizationUsers, allExternalUsers, unknownFutureValue.
createdDateTime DateTimeOffset The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
description String The description of the policy.
displayName String The display name of the policy.
expiration expirationPattern The expiration date for assignments created in this policy.
id String Read only.
modifiedDateTime DateTimeOffset The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
requestApprovalSettings accessPackageAssignmentApprovalSettings Specifies the settings for approval of requests for an access package assignment through this policy. For example, if approval is required for new requests.
requestorSettings accessPackageAssignmentRequestorSettings Provides additional settings to select who can create a request for an access package assignment through this policy, and what they can include in their request.
reviewSettings accessPackageAssignmentReviewSettings Settings for access reviews of assignments through this policy.
specificAllowedTargets subjectSet collection The principals that can be assigned access from an access package through this policy.

Relationships

Relationship Type Description
accessPackage accessPackage Access package containing this policy. Read-only.
catalog accessPackageCatalog Catalog of the access package containing this policy. Read-only.

JSON representation

The following is a JSON representation of the resource.

{
  "@odata.type": "#microsoft.graph.accessPackageAssignmentPolicy",
  "id": "String (identifier)",
  "displayName": "String",
  "description": "String",
  "allowedTargetScope": "String",
  "specificAllowedTargets": [
    {
      "@odata.type": "microsoft.graph.singleUser"
    }
  ],
  "expiration": {
    "@odata.type": "microsoft.graph.expirationPattern"
  },
  "requestorSettings": {
    "@odata.type": "microsoft.graph.accessPackageAssignmentRequestorSettings"
  },
  "requestApprovalSettings": {
    "@odata.type": "microsoft.graph.accessPackageAssignmentApprovalSettings"
  },
  "reviewSettings": {
    "@odata.type": "microsoft.graph.accessPackageAssignmentReviewSettings"
  },
  "createdDateTime": "String (timestamp)",
  "modifiedDateTime": "String (timestamp)"
}