accessPackageAssignmentPolicy resource type
Namespace: microsoft.graph
Important
APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.
In Azure AD entitlement management, an access package assignment policy specifies the policy by which subjects can request or be assigned an access package via an access package assignment. An access package can have zero or more policies. When a request from a subject is received, the subject is matched against each policy to find the policy (if any) with requestorSettings that include that subject. The policy then determines whether the request requires approval, the duration of the access package assignment, and whether the assignment needs regularly review.
To assign a user to an access package, create an accessPackageAssignmentRequest which references the access package and access package assignment policy.
Methods
| Method | Return Type | Description |
|---|---|---|
| List accessPackageAssignmentPolicies | accessPackageAssignmentPolicy collection | Retrieve a list of accessPackageAssignmentPolicy objects. |
| Create accessPackageAssignmentPolicy | accessPackageAssignmentPolicy | Create a new accessPackageAssignmentPolicy object. |
| Get accessPackageAssignmentPolicy | accessPackageAssignmentPolicy | Read properties and relationships of an accessPackageAssignmentPolicy object. |
| Update accessPackageAssignmentPolicy | accessPackageAssignmentPolicy | Update the properties of an accessPackageAssignmentPolicy object. |
| Delete accessPackageAssignmentPolicy | Delete an accessPackageAssignmentPolicy. |
Properties
| Property | Type | Description |
|---|---|---|
| accessPackageId | String | ID of the access package. |
| accessReviewSettings | assignmentReviewSettings | Who must review, and how often, the assignments to the access package from this policy. This property is null if reviews are not required. |
| canExtend | Boolean | Indicates whether a user can extend the access package assignment duration after approval. |
| createdBy | String | Read-only. |
| createdDateTime | DateTimeOffset | The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z |
| description | String | The description of the policy. |
| displayName | String | The display name of the policy. |
| durationInDays | Int32 | The number of days in which assignments from this policy last until they are expired. |
| expirationDateTime | DateTimeOffset | The expiration date for assignments created in this policy. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z |
| id | String | Read-only. |
| modifiedBy | String | Read-only. |
| modifiedDateTime | DateTimeOffset | The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z |
| requestApprovalSettings | approvalSettings | Who must approve requests for access package in this policy. |
| requestorSettings | requestorSettings | Who can request this access package from this policy. |
| questions | accessPackageQuestion collection | Questions that are posed to the requestor. |
Relationships
| Relationship | Type | Description |
|---|---|---|
| accessPackage | accessPackage | The access package with this policy. Read-only. Nullable. |
JSON representation
The following is a JSON representation of the resource.
{
"id": "string",
"accessPackageId": "string",
"displayName": "string",
"description": "string",
"isDenyPolicy": false,
"canExtend": false,
"durationInDays": 365,
"requestorSettings": {
"scopeType": "string",
"acceptRequests": true,
"allowedRequestors": [{
"@odata.type": "#microsoft.graph.userSet"
}]
},
"requestApprovalSettings": {
"isApprovalRequired": false,
"isApprovalRequiredForExtension": false,
"isRequestorJustificationRequired": false,
"approvalMode": "string",
"approvalStages": [{
"approvalStageTimeOutInDays": 14,
"isApproverJustificationRequired": true,
"isEscalationEnabled": true,
"escalationTimeInMinutes": 11520,
"primaryApprovers": [{
"@odata.type": "#microsoft.graph.userSet"
}],
"escalationApprovers": [{
"@odata.type": "#microsoft.graph.userSet"
}]
}]
},
"accessReviewSettings": null,
"questions": [{
"@odata.type": "#microsoft.graph.question"
}]
}