accessReviewInstance resource type

Namespace: microsoft.graph

Important

APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.

Note

The access review APIs in this section are the recommended access review APIs. The older version, Access reviews, will be deprecated.

Represents an Azure AD access review recurrence. If the parent accessReviewScheduleDefinition is a recurring access review, instances represent each recurrence. A review that does not recur will have exactly one instance. Instances also represent each unique group being reviewed in the schedule definition. If a schedule definition reviews multiple groups, each group will have a unique instance for each recurrence.

Every accessReviewInstance contains a list of decisions that reviewers can take action on. There is one decision per identity being reviewed.

Methods

Method Return Type Description
List accessReviewInstances accessReviewInstance collection Get a list of the accessReviewInstance objects and their properties.
Get accessReviewInstance accessReviewInstance Returns accessReviewInstance for an accessReviewScheduleDefinition. Does not include associated accessReviewInstanceDecisionItem`s in the object.
List pendingAccessReviewInstances accessReviewInstance collection. Get all pending accessReviewInstance resources assigned to the calling user.
Send accessReviewInstance reminder None. Send a reminder to the reviewers of an accessReviewInstance.
Stop accessReviewInstance None. Manually stop an accessReviewInstance.
Accept recommendations None. Allows the calling user to accept the decision recommendation for each NotReviewed accessReviewInstanceDecisionItem that they are the reviewer on for a specific accessReviewInstance.
Apply decisions None. Manually apply decision on an accessReviewInstance.
Batch record decisions None Review batches of principals or resources in one call.

Properties

Property Type Description
id String Unique identifier of the instance.
displayName String Name of the parent accessReviewScheduleDefinition.
startDateTime DateTimeOffset DateTime when review instance is scheduled to start. May be in the future. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
endDateTime DateTimeOffset DateTime when review instance is scheduled to end.The DatetimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
status String Specifies the status of an accessReview. The typical states include Initializing, NotStarted, Starting, InProgress, Completing, Completed, AutoReviewing, and AutoReviewed. Read-only.
scope accessReviewScope Created based on scope and instanceEnumerationScope at the accessReviewScheduleDefinition level. Defines the scope of users reviewed in a group. In the case of a single-group review, the scope defined at the accessReviewScheduleDefinition level applies to all instances. In the case of all groups review, scope may be different for each group. Read-only.
decisions accessReviewInstanceDecisionItem collection Each user reviewed in an accessReviewInstance has a decision item representing if their access was approved, denied, or not yet reviewed.
definition accessReviewScheduleDefinition There is exactly one accessReviewScheduleDefinition associated with each instance. It is the parent schedule for the instance, where instances are created for each recurrence of a review definition and each group selected to review by the definition.

Relationships

Relationship Type Description
definition accessReviewScheduleDefinition There is exactly one accessReviewScheduleDefinition associated with each instance. It is the parent schedule for the instance, where instances are created for each recurrence of a review definition and each group selected to review by the definition.
decisions accessReviewInstanceDecisionItem collection Each user reviewed in an accessReviewInstance has a decision item representing if they were approved, denied, or not yet reviewed.

JSON representation

Here is a JSON representation of the resource.

{
 "@odata.type": "#microsoft.graph.accessReviewInstance",
 "id": "string (identifier)",
 "displayName": "string",
 "startDateTime": "string (timestamp)",
 "endDateTime": "string (timestamp)",
 "status": "string",
 "scope": {
    "@odata.type": "microsoft.graph.accessReviewScope"
  }
}