accessPackageAssignmentPolicy resource type
Namespace: microsoft.graph
Important
APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.
In Microsoft Entra entitlement management, an access package assignment policy specifies the policy by which subjects can request or be assigned an access package via an access package assignment. An access package can have zero or more policies. When a request from a subject is received, the subject is matched against each policy to find the policy (if any) with requestorSettings that include that subject. The policy then determines whether the request requires approval, the duration of the access package assignment, and whether the assignment needs regularly review.
To assign a user to an access package, create an accessPackageAssignmentRequest which references the access package and access package assignment policy.
Methods
| Method | Return Type | Description |
|---|---|---|
| List accessPackageAssignmentPolicies | accessPackageAssignmentPolicy collection | Retrieve a list of accessPackageAssignmentPolicy objects. |
| Create accessPackageAssignmentPolicy | accessPackageAssignmentPolicy | Create a new accessPackageAssignmentPolicy object. |
| Get accessPackageAssignmentPolicy | accessPackageAssignmentPolicy | Read properties and relationships of an accessPackageAssignmentPolicy object. |
| Update accessPackageAssignmentPolicy | accessPackageAssignmentPolicy | Update the properties of an accessPackageAssignmentPolicy object. |
| Delete accessPackageAssignmentPolicy | Delete an accessPackageAssignmentPolicy. |
Properties
| Property | Type | Description |
|---|---|---|
| accessPackageId | String | Identifier of the access package. |
| accessReviewSettings | assignmentReviewSettings | Who must review, and how often, the assignments to the access package from this policy. This property is null if reviews aren't required. |
| canExtend | Boolean | Indicates whether a user can extend the access package assignment duration after approval. |
| createdBy | String | Read-only. |
| createdDateTime | DateTimeOffset | The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z |
| description | String | The description of the policy. |
| displayName | String | The display name of the policy. Supports $filter (eq). |
| durationInDays | Int32 | The number of days in which assignments from this policy last until they're expired. |
| expirationDateTime | DateTimeOffset | The expiration date for assignments created in this policy. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z |
| id | String | Read-only. |
| modifiedBy | String | Read-only. |
| modifiedDateTime | DateTimeOffset | The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z |
| requestApprovalSettings | approvalSettings | Who must approve requests for access package in this policy. |
| requestorSettings | requestorSettings | Who can request this access package from this policy. |
| questions | accessPackageQuestion collection | Questions that are posed to the requestor. |
| verifiableCredentialSettings | verifiableCredentialSettings | Settings for verifiable credentials set up through the Microsoft Entra Verified I D service. These settings represent the verifiable credentials that a requestor of an access package in this policy can present to be assigned the access package. |
Relationships
| Relationship | Type | Description |
|---|---|---|
| accessPackage | accessPackage | The access package with this policy. Read-only. Nullable. Supports $expand. |
| customExtensionHandlers | customExtensionHandler collection | The collection of stages when to execute one or more custom access package workflow extensions. Supports $expand. |
| customExtensionStageSettings | customExtensionStageSetting collection | The collection of stages when to execute one or more custom access package workflow extensions. Supports $expand. |
JSON representation
The following is a JSON representation of the resource.
{
"@odata.type": "#microsoft.graph.accessPackageAssignmentPolicy",
"id": "String (identifier)",
"accessPackageId": "String",
"displayName": "String",
"description": "String",
"canExtend": "Boolean",
"durationInDays": "Integer",
"expirationDateTime": "String (timestamp)",
"createdBy": "String",
"createdDateTime": "String (timestamp)",
"modifiedBy": "String",
"modifiedDateTime": "String (timestamp)",
"questions":[
{
"@odata.type": "microsoft.graph.accessPackageQuestion"
}
],
"requestorSettings": {
"@odata.type": "microsoft.graph.requestorSettings"
},
"requestApprovalSettings": {
"@odata.type": "microsoft.graph.approvalSettings"
},
"accessReviewSettings": {
"@odata.type": "microsoft.graph.assignmentReviewSettings"
},
"verifiableCredentialSettings": {
"@odata.type": "microsoft.graph.verifiableCredentialSettings"
}
}
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for