Crear assignmentPolicies
- Artículo
Espacio de nombres: microsoft.graph
En Microsoft Entra administración de derechos, cree un nuevo objeto accessPackageAssignmentPolicy. La solicitud incluirá una referencia al accessPackage que contendrá esta directiva, que ya debe existir.
Esta API está disponible en las siguientes implementaciones nacionales de nube.
Servicio global | Gobierno de EE. UU. L4 | Us Government L5 (DOD) | China operada por 21Vianet |
---|---|---|---|
✅ | ✅ | ✅ | ✅ |
Permissions
Elija el permiso o los permisos marcados como con privilegios mínimos para esta API. Use un permiso o permisos con privilegios superiores solo si la aplicación lo requiere. Para obtener más información sobre los permisos delegados y de aplicación, consulte Tipos de permisos. Para obtener más información sobre estos permisos, consulte la referencia de permisos.
Tipo de permiso | Permisos con privilegios mínimos | Permisos con privilegios más altos |
---|---|---|
Delegado (cuenta profesional o educativa) | EntitlementManagement.ReadWrite.All | No disponible. |
Delegado (cuenta personal de Microsoft) | No admitida. | No admitida. |
Aplicación | EntitlementManagement.ReadWrite.All | No disponible. |
Solicitud HTTP
POST /identityGovernance/entitlementManagement/assignmentPolicies
Encabezados de solicitud
Nombre | Descripción |
---|---|
Authorization | {token} de portador. Obligatorio. Obtenga más información sobre la autenticación y la autorización. |
Content-Type | application/json. Obligatorio. |
Cuerpo de la solicitud
En el cuerpo de la solicitud, proporcione una representación JSON del objeto accessPackageAssignmentPolicy .
Puede especificar las siguientes propiedades al crear un accessPackageAssignmentPolicy.
Propiedad | Tipo | Descripción |
---|---|---|
description | Cadena | Descripción de la directiva. |
displayName | Cadena | Nombre para mostrar de la directiva. |
allowedTargetScope | allowedTargetScope | A quién se le permite asignar el paquete de acceso a través de esta directiva. Los valores posibles son: notSpecified , specificDirectoryUsers , specificConnectedOrganizationUsers , specificDirectoryServicePrincipals , allMemberUsers , allDirectoryUsers , allDirectoryServicePrincipals , allConfiguredConnectedOrganizationUsers , allExternalUsers y unknownFutureValue . Opcional. |
expiración | expirationPattern | Fecha de expiración de las asignaciones creadas en esta directiva. |
requestApprovalSettings | accessPackageAssignmentApprovalSettings | Especifica la configuración para la aprobación de solicitudes para una asignación de paquetes de acceso a través de esta directiva. Por ejemplo, si se requiere aprobación para las nuevas solicitudes. |
requestorSettings | accessPackageAssignmentRequestorSettings | Proporciona una configuración adicional para seleccionar quién puede crear una solicitud para una asignación de paquete de acceso a través de esta directiva y lo que pueden incluir en su solicitud. |
reviewSettings | accessPackageAssignmentReviewSettings | Configuración de las revisiones de acceso de las asignaciones a través de esta directiva. |
specificAllowedTargets | subjectSet (colección) | Las entidades de seguridad a las que se puede asignar acceso desde un paquete de acceso a través de esta directiva. |
automaticRequestSettings | accessPackageAutomaticRequestSettings | Esta propiedad solo está presente para una directiva de asignación automática; si no está presente, se trata de una directiva basada en solicitudes. |
accessPackage | accessPackage | Referencia al paquete de acceso que contendrá la directiva, que ya debe existir. |
Preguntas | colección accessPackageQuestion | Preguntas que se presentan al solicitante. |
Respuesta
Si se ejecuta correctamente, este método devuelve un 201 Created
código de respuesta y un objeto accessPackageAssignmentPolicy en el cuerpo de la respuesta.
Ejemplos
Ejemplo 1: Creación de una directiva de asignación directa
Una directiva de asignación directa es útil cuando las solicitudes de asignación de paquetes de acceso solo las creará un administrador, no los propios usuarios.
Solicitud
En el ejemplo siguiente se muestra una solicitud para crear una directiva de asignación de paquetes de acceso. En esta directiva, ningún usuario puede solicitar, no se requiere aprobación y no hay revisiones de acceso.
POST https://graph.microsoft.com/v1.0/identityGovernance/entitlementManagement/assignmentPolicies
Content-Type: application/json
{
"displayName": "New Policy",
"description": "policy for assignment",
"allowedTargetScope": "notSpecified",
"specificAllowedTargets": [],
"expiration": {
"endDateTime": null,
"duration": null,
"type": "noExpiration"
},
"requestorSettings": {
"enableTargetsToSelfAddAccess": false,
"enableTargetsToSelfUpdateAccess": false,
"enableTargetsToSelfRemoveAccess": false,
"allowCustomAssignmentSchedule": true,
"enableOnBehalfRequestorsToAddAccess": false,
"enableOnBehalfRequestorsToUpdateAccess": false,
"enableOnBehalfRequestorsToRemoveAccess": false,
"onBehalfRequestors": []
},
"requestApprovalSettings": {
"isApprovalRequiredForAdd": false,
"isApprovalRequiredForUpdate": false,
"stages": []
},
"accessPackage": {
"id": "a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b"
}
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Models;
var requestBody = new AccessPackageAssignmentPolicy
{
DisplayName = "New Policy",
Description = "policy for assignment",
AllowedTargetScope = AllowedTargetScope.NotSpecified,
SpecificAllowedTargets = new List<SubjectSet>
{
},
Expiration = new ExpirationPattern
{
EndDateTime = null,
Duration = null,
Type = ExpirationPatternType.NoExpiration,
},
RequestorSettings = new AccessPackageAssignmentRequestorSettings
{
EnableTargetsToSelfAddAccess = false,
EnableTargetsToSelfUpdateAccess = false,
EnableTargetsToSelfRemoveAccess = false,
AllowCustomAssignmentSchedule = true,
EnableOnBehalfRequestorsToAddAccess = false,
EnableOnBehalfRequestorsToUpdateAccess = false,
EnableOnBehalfRequestorsToRemoveAccess = false,
OnBehalfRequestors = new List<SubjectSet>
{
},
},
RequestApprovalSettings = new AccessPackageAssignmentApprovalSettings
{
IsApprovalRequiredForAdd = false,
IsApprovalRequiredForUpdate = false,
Stages = new List<AccessPackageApprovalStage>
{
},
},
AccessPackage = new AccessPackage
{
Id = "a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b",
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.EntitlementManagement.AssignmentPolicies.PostAsync(requestBody);
Para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider, consulte la documentación del SDK.
// THE CLI IS IN PREVIEW. NON-PRODUCTION USE ONLY
mgc identity-governance entitlement-management assignment-policies create --body '{\
"displayName": "New Policy",\
"description": "policy for assignment",\
"allowedTargetScope": "notSpecified",\
"specificAllowedTargets": [],\
"expiration": {\
"endDateTime": null,\
"duration": null,\
"type": "noExpiration"\
},\
"requestorSettings": {\
"enableTargetsToSelfAddAccess": false,\
"enableTargetsToSelfUpdateAccess": false,\
"enableTargetsToSelfRemoveAccess": false,\
"allowCustomAssignmentSchedule": true,\
"enableOnBehalfRequestorsToAddAccess": false,\
"enableOnBehalfRequestorsToUpdateAccess": false,\
"enableOnBehalfRequestorsToRemoveAccess": false,\
"onBehalfRequestors": []\
},\
"requestApprovalSettings": {\
"isApprovalRequiredForAdd": false,\
"isApprovalRequiredForUpdate": false,\
"stages": []\
},\
"accessPackage": {\
"id": "a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b"\
}\
}\
'
Para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider, consulte la documentación del SDK.
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
//other-imports
)
graphClient := msgraphsdk.NewGraphServiceClientWithCredentials(cred, scopes)
requestBody := graphmodels.NewAccessPackageAssignmentPolicy()
displayName := "New Policy"
requestBody.SetDisplayName(&displayName)
description := "policy for assignment"
requestBody.SetDescription(&description)
allowedTargetScope := graphmodels.NOTSPECIFIED_ALLOWEDTARGETSCOPE
requestBody.SetAllowedTargetScope(&allowedTargetScope)
specificAllowedTargets := []graphmodels.SubjectSetable {
}
requestBody.SetSpecificAllowedTargets(specificAllowedTargets)
expiration := graphmodels.NewExpirationPattern()
endDateTime := null
expiration.SetEndDateTime(&endDateTime)
duration := null
expiration.SetDuration(&duration)
type := graphmodels.NOEXPIRATION_EXPIRATIONPATTERNTYPE
expiration.SetType(&type)
requestBody.SetExpiration(expiration)
requestorSettings := graphmodels.NewAccessPackageAssignmentRequestorSettings()
enableTargetsToSelfAddAccess := false
requestorSettings.SetEnableTargetsToSelfAddAccess(&enableTargetsToSelfAddAccess)
enableTargetsToSelfUpdateAccess := false
requestorSettings.SetEnableTargetsToSelfUpdateAccess(&enableTargetsToSelfUpdateAccess)
enableTargetsToSelfRemoveAccess := false
requestorSettings.SetEnableTargetsToSelfRemoveAccess(&enableTargetsToSelfRemoveAccess)
allowCustomAssignmentSchedule := true
requestorSettings.SetAllowCustomAssignmentSchedule(&allowCustomAssignmentSchedule)
enableOnBehalfRequestorsToAddAccess := false
requestorSettings.SetEnableOnBehalfRequestorsToAddAccess(&enableOnBehalfRequestorsToAddAccess)
enableOnBehalfRequestorsToUpdateAccess := false
requestorSettings.SetEnableOnBehalfRequestorsToUpdateAccess(&enableOnBehalfRequestorsToUpdateAccess)
enableOnBehalfRequestorsToRemoveAccess := false
requestorSettings.SetEnableOnBehalfRequestorsToRemoveAccess(&enableOnBehalfRequestorsToRemoveAccess)
onBehalfRequestors := []graphmodels.SubjectSetable {
}
requestorSettings.SetOnBehalfRequestors(onBehalfRequestors)
requestBody.SetRequestorSettings(requestorSettings)
requestApprovalSettings := graphmodels.NewAccessPackageAssignmentApprovalSettings()
isApprovalRequiredForAdd := false
requestApprovalSettings.SetIsApprovalRequiredForAdd(&isApprovalRequiredForAdd)
isApprovalRequiredForUpdate := false
requestApprovalSettings.SetIsApprovalRequiredForUpdate(&isApprovalRequiredForUpdate)
stages := []graphmodels.AccessPackageApprovalStageable {
}
requestApprovalSettings.SetStages(stages)
requestBody.SetRequestApprovalSettings(requestApprovalSettings)
accessPackage := graphmodels.NewAccessPackage()
id := "a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b"
accessPackage.SetId(&id)
requestBody.SetAccessPackage(accessPackage)
assignmentPolicies, err := graphClient.IdentityGovernance().EntitlementManagement().AssignmentPolicies().Post(context.Background(), requestBody, nil)
Para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider, consulte la documentación del SDK.
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
AccessPackageAssignmentPolicy accessPackageAssignmentPolicy = new AccessPackageAssignmentPolicy();
accessPackageAssignmentPolicy.setDisplayName("New Policy");
accessPackageAssignmentPolicy.setDescription("policy for assignment");
accessPackageAssignmentPolicy.setAllowedTargetScope(AllowedTargetScope.NotSpecified);
LinkedList<SubjectSet> specificAllowedTargets = new LinkedList<SubjectSet>();
accessPackageAssignmentPolicy.setSpecificAllowedTargets(specificAllowedTargets);
ExpirationPattern expiration = new ExpirationPattern();
expiration.setEndDateTime(null);
expiration.setDuration(null);
expiration.setType(ExpirationPatternType.NoExpiration);
accessPackageAssignmentPolicy.setExpiration(expiration);
AccessPackageAssignmentRequestorSettings requestorSettings = new AccessPackageAssignmentRequestorSettings();
requestorSettings.setEnableTargetsToSelfAddAccess(false);
requestorSettings.setEnableTargetsToSelfUpdateAccess(false);
requestorSettings.setEnableTargetsToSelfRemoveAccess(false);
requestorSettings.setAllowCustomAssignmentSchedule(true);
requestorSettings.setEnableOnBehalfRequestorsToAddAccess(false);
requestorSettings.setEnableOnBehalfRequestorsToUpdateAccess(false);
requestorSettings.setEnableOnBehalfRequestorsToRemoveAccess(false);
LinkedList<SubjectSet> onBehalfRequestors = new LinkedList<SubjectSet>();
requestorSettings.setOnBehalfRequestors(onBehalfRequestors);
accessPackageAssignmentPolicy.setRequestorSettings(requestorSettings);
AccessPackageAssignmentApprovalSettings requestApprovalSettings = new AccessPackageAssignmentApprovalSettings();
requestApprovalSettings.setIsApprovalRequiredForAdd(false);
requestApprovalSettings.setIsApprovalRequiredForUpdate(false);
LinkedList<AccessPackageApprovalStage> stages = new LinkedList<AccessPackageApprovalStage>();
requestApprovalSettings.setStages(stages);
accessPackageAssignmentPolicy.setRequestApprovalSettings(requestApprovalSettings);
AccessPackage accessPackage = new AccessPackage();
accessPackage.setId("a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b");
accessPackageAssignmentPolicy.setAccessPackage(accessPackage);
AccessPackageAssignmentPolicy result = graphClient.identityGovernance().entitlementManagement().assignmentPolicies().post(accessPackageAssignmentPolicy);
Para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider, consulte la documentación del SDK.
const options = {
authProvider,
};
const client = Client.init(options);
const accessPackageAssignmentPolicy = {
displayName: 'New Policy',
description: 'policy for assignment',
allowedTargetScope: 'notSpecified',
specificAllowedTargets: [],
expiration: {
endDateTime: null,
duration: null,
type: 'noExpiration'
},
requestorSettings: {
enableTargetsToSelfAddAccess: false,
enableTargetsToSelfUpdateAccess: false,
enableTargetsToSelfRemoveAccess: false,
allowCustomAssignmentSchedule: true,
enableOnBehalfRequestorsToAddAccess: false,
enableOnBehalfRequestorsToUpdateAccess: false,
enableOnBehalfRequestorsToRemoveAccess: false,
onBehalfRequestors: []
},
requestApprovalSettings: {
isApprovalRequiredForAdd: false,
isApprovalRequiredForUpdate: false,
stages: []
},
accessPackage: {
id: 'a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b'
}
};
await client.api('/identityGovernance/entitlementManagement/assignmentPolicies')
.post(accessPackageAssignmentPolicy);
Para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider, consulte la documentación del SDK.
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\AccessPackageAssignmentPolicy;
use Microsoft\Graph\Generated\Models\SubjectSet;
use Microsoft\Graph\Generated\Models\ExpirationPattern;
use Microsoft\Graph\Generated\Models\AccessPackageAssignmentRequestorSettings;
use Microsoft\Graph\Generated\Models\AccessPackageAssignmentApprovalSettings;
use Microsoft\Graph\Generated\Models\AccessPackageApprovalStage;
use Microsoft\Graph\Generated\Models\AccessPackage;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new AccessPackageAssignmentPolicy();
$requestBody->setDisplayName('New Policy');
$requestBody->setDescription('policy for assignment');
$requestBody->setAllowedTargetScope(new AllowedTargetScope('notSpecified'));
$requestBody->setSpecificAllowedTargets([ ]);
$expiration = new ExpirationPattern();
$expiration->setEndDateTime(null);
$expiration->setDuration(null);
$expiration->setType(new ExpirationPatternType('noExpiration'));
$requestBody->setExpiration($expiration);
$requestorSettings = new AccessPackageAssignmentRequestorSettings();
$requestorSettings->setEnableTargetsToSelfAddAccess(false);
$requestorSettings->setEnableTargetsToSelfUpdateAccess(false);
$requestorSettings->setEnableTargetsToSelfRemoveAccess(false);
$requestorSettings->setAllowCustomAssignmentSchedule(true);
$requestorSettings->setEnableOnBehalfRequestorsToAddAccess(false);
$requestorSettings->setEnableOnBehalfRequestorsToUpdateAccess(false);
$requestorSettings->setEnableOnBehalfRequestorsToRemoveAccess(false);
$requestorSettings->setOnBehalfRequestors([ ]);
$requestBody->setRequestorSettings($requestorSettings);
$requestApprovalSettings = new AccessPackageAssignmentApprovalSettings();
$requestApprovalSettings->setIsApprovalRequiredForAdd(false);
$requestApprovalSettings->setIsApprovalRequiredForUpdate(false);
$requestApprovalSettings->setStages([ ]);
$requestBody->setRequestApprovalSettings($requestApprovalSettings);
$accessPackage = new AccessPackage();
$accessPackage->setId('a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b');
$requestBody->setAccessPackage($accessPackage);
$result = $graphServiceClient->identityGovernance()->entitlementManagement()->assignmentPolicies()->post($requestBody)->wait();
Para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider, consulte la documentación del SDK.
Import-Module Microsoft.Graph.Identity.Governance
$params = @{
displayName = "New Policy"
description = "policy for assignment"
allowedTargetScope = "notSpecified"
specificAllowedTargets = @(
)
expiration = @{
endDateTime = $null
duration = $null
type = "noExpiration"
}
requestorSettings = @{
enableTargetsToSelfAddAccess = $false
enableTargetsToSelfUpdateAccess = $false
enableTargetsToSelfRemoveAccess = $false
allowCustomAssignmentSchedule = $true
enableOnBehalfRequestorsToAddAccess = $false
enableOnBehalfRequestorsToUpdateAccess = $false
enableOnBehalfRequestorsToRemoveAccess = $false
onBehalfRequestors = @(
)
}
requestApprovalSettings = @{
isApprovalRequiredForAdd = $false
isApprovalRequiredForUpdate = $false
stages = @(
)
}
accessPackage = @{
id = "a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b"
}
}
New-MgEntitlementManagementAssignmentPolicy -BodyParameter $params
Para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider, consulte la documentación del SDK.
from msgraph import GraphServiceClient
from msgraph.generated.models.access_package_assignment_policy import AccessPackageAssignmentPolicy
from msgraph.generated.models.subject_set import SubjectSet
from msgraph.generated.models.expiration_pattern import ExpirationPattern
from msgraph.generated.models.access_package_assignment_requestor_settings import AccessPackageAssignmentRequestorSettings
from msgraph.generated.models.access_package_assignment_approval_settings import AccessPackageAssignmentApprovalSettings
from msgraph.generated.models.access_package_approval_stage import AccessPackageApprovalStage
from msgraph.generated.models.access_package import AccessPackage
graph_client = GraphServiceClient(credentials, scopes)
request_body = AccessPackageAssignmentPolicy(
display_name = "New Policy",
description = "policy for assignment",
allowed_target_scope = AllowedTargetScope.NotSpecified,
specific_allowed_targets = [
],
expiration = ExpirationPattern(
end_date_time = None,
duration = None,
type = ExpirationPatternType.NoExpiration,
),
requestor_settings = AccessPackageAssignmentRequestorSettings(
enable_targets_to_self_add_access = False,
enable_targets_to_self_update_access = False,
enable_targets_to_self_remove_access = False,
allow_custom_assignment_schedule = True,
enable_on_behalf_requestors_to_add_access = False,
enable_on_behalf_requestors_to_update_access = False,
enable_on_behalf_requestors_to_remove_access = False,
on_behalf_requestors = [
],
),
request_approval_settings = AccessPackageAssignmentApprovalSettings(
is_approval_required_for_add = False,
is_approval_required_for_update = False,
stages = [
],
),
access_package = AccessPackage(
id = "a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b",
),
)
result = await graph_client.identity_governance.entitlement_management.assignment_policies.post(request_body)
Para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider, consulte la documentación del SDK.
Respuesta
Nota: Se puede acortar el objeto de respuesta que se muestra aquí para mejorar la legibilidad.
HTTP/1.1 201 Created
Content-Type: application/json
{
"id": "87e1c7f7-c7f7-87e1-f7c7-e187f7c7e187",
"displayName": "New policy",
"description": "policy for assignment"
}
Ejemplo 2: Creación de una directiva para que los usuarios de otras organizaciones soliciten
En el ejemplo siguiente se muestra una directiva más compleja con dos fases de aprobación y revisiones periódicas de acceso.
Solicitud
POST https://graph.microsoft.com/v1.0/identityGovernance/entitlementManagement/assignmentPolicies
Content-Type: application/json
{
"displayName": "policy for external access requests",
"description": "policy for users from connected organizations to request access, with two stages of approval.",
"allowedTargetScope": "allConfiguredConnectedOrganizationUsers",
"specificAllowedTargets": [],
"expiration": {
"type": "noExpiration"
},
"requestorSettings": {
"enableTargetsToSelfAddAccess": true,
"enableTargetsToSelfUpdateAccess": true,
"enableTargetsToSelfRemoveAccess": true,
"allowCustomAssignmentSchedule": false,
"enableOnBehalfRequestorsToAddAccess": false,
"enableOnBehalfRequestorsToUpdateAccess": false,
"enableOnBehalfRequestorsToRemoveAccess": false,
"onBehalfRequestors": []
},
"requestApprovalSettings": {
"isApprovalRequiredForAdd": true,
"isApprovalRequiredForUpdate": false,
"stages": [
{
"durationBeforeAutomaticDenial": "P14D",
"isApproverJustificationRequired": false,
"isEscalationEnabled": false,
"durationBeforeEscalation": "PT0S",
"primaryApprovers": [
{
"@odata.type": "#microsoft.graph.internalSponsors"
}
],
"fallbackPrimaryApprovers": [
{
"@odata.type": "#microsoft.graph.singleUser",
"userId": "7deff43e-1f17-44ef-9e5f-d516b0ba11d4"
},
{
"@odata.type": "#microsoft.graph.groupMembers",
"groupId": "1623f912-5e86-41c2-af47-39dd67582b66"
}
],
"escalationApprovers": [],
"fallbackEscalationApprovers": []
},
{
"durationBeforeAutomaticDenial": "P14D",
"isApproverJustificationRequired": false,
"isEscalationEnabled": false,
"durationBeforeEscalation": "PT0S",
"primaryApprovers": [],
"fallbackPrimaryApprovers": [
{
"@odata.type": "#microsoft.graph.singleUser",
"userId": "46184453-e63b-4f20-86c2-c557ed5d5df9"
},
{
"@odata.type": "#microsoft.graph.groupMembers",
"groupId": "1623f912-5e86-41c2-af47-39dd67582b66"
}
],
"escalationApprovers": [],
"fallbackEscalationApprovers": []
}
]
},
"reviewSettings": {
"isEnabled": true,
"expirationBehavior": "keepAccess",
"isRecommendationEnabled": true,
"isReviewerJustificationRequired": true,
"isSelfReview": false,
"schedule": {
"startDateTime": "2022-07-02T06:59:59.998Z",
"expiration": {
"duration": "P14D",
"type": "afterDuration"
},
"recurrence": {
"pattern": {
"type": "absoluteMonthly",
"interval": 3,
"month": 0,
"dayOfMonth": 0,
"daysOfWeek": []
},
"range": {
"type": "noEnd",
"numberOfOccurrences": 0
}
}
},
"primaryReviewers": [
{
"@odata.type": "#microsoft.graph.groupMembers",
"groupId": "1623f912-5e86-41c2-af47-39dd67582b66"
}
],
"fallbackReviewers": []
},
"accessPackage": {
"id": "a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b"
}
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Models;
var requestBody = new AccessPackageAssignmentPolicy
{
DisplayName = "policy for external access requests",
Description = "policy for users from connected organizations to request access, with two stages of approval.",
AllowedTargetScope = AllowedTargetScope.AllConfiguredConnectedOrganizationUsers,
SpecificAllowedTargets = new List<SubjectSet>
{
},
Expiration = new ExpirationPattern
{
Type = ExpirationPatternType.NoExpiration,
},
RequestorSettings = new AccessPackageAssignmentRequestorSettings
{
EnableTargetsToSelfAddAccess = true,
EnableTargetsToSelfUpdateAccess = true,
EnableTargetsToSelfRemoveAccess = true,
AllowCustomAssignmentSchedule = false,
EnableOnBehalfRequestorsToAddAccess = false,
EnableOnBehalfRequestorsToUpdateAccess = false,
EnableOnBehalfRequestorsToRemoveAccess = false,
OnBehalfRequestors = new List<SubjectSet>
{
},
},
RequestApprovalSettings = new AccessPackageAssignmentApprovalSettings
{
IsApprovalRequiredForAdd = true,
IsApprovalRequiredForUpdate = false,
Stages = new List<AccessPackageApprovalStage>
{
new AccessPackageApprovalStage
{
DurationBeforeAutomaticDenial = TimeSpan.Parse("P14D"),
IsApproverJustificationRequired = false,
IsEscalationEnabled = false,
DurationBeforeEscalation = TimeSpan.Parse("PT0S"),
PrimaryApprovers = new List<SubjectSet>
{
new InternalSponsors
{
OdataType = "#microsoft.graph.internalSponsors",
},
},
FallbackPrimaryApprovers = new List<SubjectSet>
{
new SingleUser
{
OdataType = "#microsoft.graph.singleUser",
UserId = "7deff43e-1f17-44ef-9e5f-d516b0ba11d4",
},
new GroupMembers
{
OdataType = "#microsoft.graph.groupMembers",
GroupId = "1623f912-5e86-41c2-af47-39dd67582b66",
},
},
EscalationApprovers = new List<SubjectSet>
{
},
FallbackEscalationApprovers = new List<SubjectSet>
{
},
},
new AccessPackageApprovalStage
{
DurationBeforeAutomaticDenial = TimeSpan.Parse("P14D"),
IsApproverJustificationRequired = false,
IsEscalationEnabled = false,
DurationBeforeEscalation = TimeSpan.Parse("PT0S"),
PrimaryApprovers = new List<SubjectSet>
{
},
FallbackPrimaryApprovers = new List<SubjectSet>
{
new SingleUser
{
OdataType = "#microsoft.graph.singleUser",
UserId = "46184453-e63b-4f20-86c2-c557ed5d5df9",
},
new GroupMembers
{
OdataType = "#microsoft.graph.groupMembers",
GroupId = "1623f912-5e86-41c2-af47-39dd67582b66",
},
},
EscalationApprovers = new List<SubjectSet>
{
},
FallbackEscalationApprovers = new List<SubjectSet>
{
},
},
},
},
ReviewSettings = new AccessPackageAssignmentReviewSettings
{
IsEnabled = true,
ExpirationBehavior = AccessReviewExpirationBehavior.KeepAccess,
IsRecommendationEnabled = true,
IsReviewerJustificationRequired = true,
IsSelfReview = false,
Schedule = new EntitlementManagementSchedule
{
StartDateTime = DateTimeOffset.Parse("2022-07-02T06:59:59.998Z"),
Expiration = new ExpirationPattern
{
Duration = TimeSpan.Parse("P14D"),
Type = ExpirationPatternType.AfterDuration,
},
Recurrence = new PatternedRecurrence
{
Pattern = new RecurrencePattern
{
Type = RecurrencePatternType.AbsoluteMonthly,
Interval = 3,
Month = 0,
DayOfMonth = 0,
DaysOfWeek = new List<DayOfWeekObject>
{
},
},
Range = new RecurrenceRange
{
Type = RecurrenceRangeType.NoEnd,
NumberOfOccurrences = 0,
},
},
},
PrimaryReviewers = new List<SubjectSet>
{
new GroupMembers
{
OdataType = "#microsoft.graph.groupMembers",
GroupId = "1623f912-5e86-41c2-af47-39dd67582b66",
},
},
FallbackReviewers = new List<SubjectSet>
{
},
},
AccessPackage = new AccessPackage
{
Id = "a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b",
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.EntitlementManagement.AssignmentPolicies.PostAsync(requestBody);
Para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider, consulte la documentación del SDK.
// THE CLI IS IN PREVIEW. NON-PRODUCTION USE ONLY
mgc identity-governance entitlement-management assignment-policies create --body '{\
"displayName": "policy for external access requests",\
"description": "policy for users from connected organizations to request access, with two stages of approval.",\
"allowedTargetScope": "allConfiguredConnectedOrganizationUsers",\
"specificAllowedTargets": [],\
"expiration": {\
"type": "noExpiration"\
},\
"requestorSettings": {\
"enableTargetsToSelfAddAccess": true,\
"enableTargetsToSelfUpdateAccess": true,\
"enableTargetsToSelfRemoveAccess": true,\
"allowCustomAssignmentSchedule": false,\
"enableOnBehalfRequestorsToAddAccess": false,\
"enableOnBehalfRequestorsToUpdateAccess": false,\
"enableOnBehalfRequestorsToRemoveAccess": false,\
"onBehalfRequestors": []\
},\
"requestApprovalSettings": {\
"isApprovalRequiredForAdd": true,\
"isApprovalRequiredForUpdate": false,\
"stages": [\
{\
"durationBeforeAutomaticDenial": "P14D",\
"isApproverJustificationRequired": false,\
"isEscalationEnabled": false,\
"durationBeforeEscalation": "PT0S",\
"primaryApprovers": [\
{\
"@odata.type": "#microsoft.graph.internalSponsors"\
}\
],\
"fallbackPrimaryApprovers": [\
{\
"@odata.type": "#microsoft.graph.singleUser",\
"userId": "7deff43e-1f17-44ef-9e5f-d516b0ba11d4"\
},\
{\
"@odata.type": "#microsoft.graph.groupMembers",\
"groupId": "1623f912-5e86-41c2-af47-39dd67582b66"\
}\
],\
"escalationApprovers": [],\
"fallbackEscalationApprovers": []\
},\
{\
"durationBeforeAutomaticDenial": "P14D",\
"isApproverJustificationRequired": false,\
"isEscalationEnabled": false,\
"durationBeforeEscalation": "PT0S",\
"primaryApprovers": [],\
"fallbackPrimaryApprovers": [\
{\
"@odata.type": "#microsoft.graph.singleUser",\
"userId": "46184453-e63b-4f20-86c2-c557ed5d5df9"\
},\
{\
"@odata.type": "#microsoft.graph.groupMembers",\
"groupId": "1623f912-5e86-41c2-af47-39dd67582b66"\
}\
],\
"escalationApprovers": [],\
"fallbackEscalationApprovers": []\
}\
]\
},\
"reviewSettings": {\
"isEnabled": true,\
"expirationBehavior": "keepAccess",\
"isRecommendationEnabled": true,\
"isReviewerJustificationRequired": true,\
"isSelfReview": false,\
"schedule": {\
"startDateTime": "2022-07-02T06:59:59.998Z",\
"expiration": {\
"duration": "P14D",\
"type": "afterDuration"\
},\
"recurrence": {\
"pattern": {\
"type": "absoluteMonthly",\
"interval": 3,\
"month": 0,\
"dayOfMonth": 0,\
"daysOfWeek": []\
},\
"range": {\
"type": "noEnd",\
"numberOfOccurrences": 0\
}\
}\
},\
"primaryReviewers": [\
{\
"@odata.type": "#microsoft.graph.groupMembers",\
"groupId": "1623f912-5e86-41c2-af47-39dd67582b66"\
}\
],\
"fallbackReviewers": []\
},\
"accessPackage": {\
"id": "a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b"\
}\
}\
'
Para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider, consulte la documentación del SDK.
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
//other-imports
)
graphClient := msgraphsdk.NewGraphServiceClientWithCredentials(cred, scopes)
requestBody := graphmodels.NewAccessPackageAssignmentPolicy()
displayName := "policy for external access requests"
requestBody.SetDisplayName(&displayName)
description := "policy for users from connected organizations to request access, with two stages of approval."
requestBody.SetDescription(&description)
allowedTargetScope := graphmodels.ALLCONFIGUREDCONNECTEDORGANIZATIONUSERS_ALLOWEDTARGETSCOPE
requestBody.SetAllowedTargetScope(&allowedTargetScope)
specificAllowedTargets := []graphmodels.SubjectSetable {
}
requestBody.SetSpecificAllowedTargets(specificAllowedTargets)
expiration := graphmodels.NewExpirationPattern()
type := graphmodels.NOEXPIRATION_EXPIRATIONPATTERNTYPE
expiration.SetType(&type)
requestBody.SetExpiration(expiration)
requestorSettings := graphmodels.NewAccessPackageAssignmentRequestorSettings()
enableTargetsToSelfAddAccess := true
requestorSettings.SetEnableTargetsToSelfAddAccess(&enableTargetsToSelfAddAccess)
enableTargetsToSelfUpdateAccess := true
requestorSettings.SetEnableTargetsToSelfUpdateAccess(&enableTargetsToSelfUpdateAccess)
enableTargetsToSelfRemoveAccess := true
requestorSettings.SetEnableTargetsToSelfRemoveAccess(&enableTargetsToSelfRemoveAccess)
allowCustomAssignmentSchedule := false
requestorSettings.SetAllowCustomAssignmentSchedule(&allowCustomAssignmentSchedule)
enableOnBehalfRequestorsToAddAccess := false
requestorSettings.SetEnableOnBehalfRequestorsToAddAccess(&enableOnBehalfRequestorsToAddAccess)
enableOnBehalfRequestorsToUpdateAccess := false
requestorSettings.SetEnableOnBehalfRequestorsToUpdateAccess(&enableOnBehalfRequestorsToUpdateAccess)
enableOnBehalfRequestorsToRemoveAccess := false
requestorSettings.SetEnableOnBehalfRequestorsToRemoveAccess(&enableOnBehalfRequestorsToRemoveAccess)
onBehalfRequestors := []graphmodels.SubjectSetable {
}
requestorSettings.SetOnBehalfRequestors(onBehalfRequestors)
requestBody.SetRequestorSettings(requestorSettings)
requestApprovalSettings := graphmodels.NewAccessPackageAssignmentApprovalSettings()
isApprovalRequiredForAdd := true
requestApprovalSettings.SetIsApprovalRequiredForAdd(&isApprovalRequiredForAdd)
isApprovalRequiredForUpdate := false
requestApprovalSettings.SetIsApprovalRequiredForUpdate(&isApprovalRequiredForUpdate)
accessPackageApprovalStage := graphmodels.NewAccessPackageApprovalStage()
durationBeforeAutomaticDenial , err := abstractions.ParseISODuration("P14D")
accessPackageApprovalStage.SetDurationBeforeAutomaticDenial(&durationBeforeAutomaticDenial)
isApproverJustificationRequired := false
accessPackageApprovalStage.SetIsApproverJustificationRequired(&isApproverJustificationRequired)
isEscalationEnabled := false
accessPackageApprovalStage.SetIsEscalationEnabled(&isEscalationEnabled)
durationBeforeEscalation , err := abstractions.ParseISODuration("PT0S")
accessPackageApprovalStage.SetDurationBeforeEscalation(&durationBeforeEscalation)
subjectSet := graphmodels.NewInternalSponsors()
primaryApprovers := []graphmodels.SubjectSetable {
subjectSet,
}
accessPackageApprovalStage.SetPrimaryApprovers(primaryApprovers)
subjectSet := graphmodels.NewSingleUser()
userId := "7deff43e-1f17-44ef-9e5f-d516b0ba11d4"
subjectSet.SetUserId(&userId)
subjectSet1 := graphmodels.NewGroupMembers()
groupId := "1623f912-5e86-41c2-af47-39dd67582b66"
subjectSet1.SetGroupId(&groupId)
fallbackPrimaryApprovers := []graphmodels.SubjectSetable {
subjectSet,
subjectSet1,
}
accessPackageApprovalStage.SetFallbackPrimaryApprovers(fallbackPrimaryApprovers)
escalationApprovers := []graphmodels.SubjectSetable {
}
accessPackageApprovalStage.SetEscalationApprovers(escalationApprovers)
fallbackEscalationApprovers := []graphmodels.SubjectSetable {
}
accessPackageApprovalStage.SetFallbackEscalationApprovers(fallbackEscalationApprovers)
accessPackageApprovalStage1 := graphmodels.NewAccessPackageApprovalStage()
durationBeforeAutomaticDenial , err := abstractions.ParseISODuration("P14D")
accessPackageApprovalStage1.SetDurationBeforeAutomaticDenial(&durationBeforeAutomaticDenial)
isApproverJustificationRequired := false
accessPackageApprovalStage1.SetIsApproverJustificationRequired(&isApproverJustificationRequired)
isEscalationEnabled := false
accessPackageApprovalStage1.SetIsEscalationEnabled(&isEscalationEnabled)
durationBeforeEscalation , err := abstractions.ParseISODuration("PT0S")
accessPackageApprovalStage1.SetDurationBeforeEscalation(&durationBeforeEscalation)
primaryApprovers := []graphmodels.SubjectSetable {
}
accessPackageApprovalStage1.SetPrimaryApprovers(primaryApprovers)
subjectSet := graphmodels.NewSingleUser()
userId := "46184453-e63b-4f20-86c2-c557ed5d5df9"
subjectSet.SetUserId(&userId)
subjectSet1 := graphmodels.NewGroupMembers()
groupId := "1623f912-5e86-41c2-af47-39dd67582b66"
subjectSet1.SetGroupId(&groupId)
fallbackPrimaryApprovers := []graphmodels.SubjectSetable {
subjectSet,
subjectSet1,
}
accessPackageApprovalStage1.SetFallbackPrimaryApprovers(fallbackPrimaryApprovers)
escalationApprovers := []graphmodels.SubjectSetable {
}
accessPackageApprovalStage1.SetEscalationApprovers(escalationApprovers)
fallbackEscalationApprovers := []graphmodels.SubjectSetable {
}
accessPackageApprovalStage1.SetFallbackEscalationApprovers(fallbackEscalationApprovers)
stages := []graphmodels.AccessPackageApprovalStageable {
accessPackageApprovalStage,
accessPackageApprovalStage1,
}
requestApprovalSettings.SetStages(stages)
requestBody.SetRequestApprovalSettings(requestApprovalSettings)
reviewSettings := graphmodels.NewAccessPackageAssignmentReviewSettings()
isEnabled := true
reviewSettings.SetIsEnabled(&isEnabled)
expirationBehavior := graphmodels.KEEPACCESS_ACCESSREVIEWEXPIRATIONBEHAVIOR
reviewSettings.SetExpirationBehavior(&expirationBehavior)
isRecommendationEnabled := true
reviewSettings.SetIsRecommendationEnabled(&isRecommendationEnabled)
isReviewerJustificationRequired := true
reviewSettings.SetIsReviewerJustificationRequired(&isReviewerJustificationRequired)
isSelfReview := false
reviewSettings.SetIsSelfReview(&isSelfReview)
schedule := graphmodels.NewEntitlementManagementSchedule()
startDateTime , err := time.Parse(time.RFC3339, "2022-07-02T06:59:59.998Z")
schedule.SetStartDateTime(&startDateTime)
expiration := graphmodels.NewExpirationPattern()
duration , err := abstractions.ParseISODuration("P14D")
expiration.SetDuration(&duration)
type := graphmodels.AFTERDURATION_EXPIRATIONPATTERNTYPE
expiration.SetType(&type)
schedule.SetExpiration(expiration)
recurrence := graphmodels.NewPatternedRecurrence()
pattern := graphmodels.NewRecurrencePattern()
type := graphmodels.ABSOLUTEMONTHLY_RECURRENCEPATTERNTYPE
pattern.SetType(&type)
interval := int32(3)
pattern.SetInterval(&interval)
month := int32(0)
pattern.SetMonth(&month)
dayOfMonth := int32(0)
pattern.SetDayOfMonth(&dayOfMonth)
daysOfWeek := []graphmodels.DayOfWeekable {
}
pattern.SetDaysOfWeek(daysOfWeek)
recurrence.SetPattern(pattern)
range := graphmodels.NewRecurrenceRange()
type := graphmodels.NOEND_RECURRENCERANGETYPE
range.SetType(&type)
numberOfOccurrences := int32(0)
range.SetNumberOfOccurrences(&numberOfOccurrences)
recurrence.SetRange(range)
schedule.SetRecurrence(recurrence)
reviewSettings.SetSchedule(schedule)
subjectSet := graphmodels.NewGroupMembers()
groupId := "1623f912-5e86-41c2-af47-39dd67582b66"
subjectSet.SetGroupId(&groupId)
primaryReviewers := []graphmodels.SubjectSetable {
subjectSet,
}
reviewSettings.SetPrimaryReviewers(primaryReviewers)
fallbackReviewers := []graphmodels.SubjectSetable {
}
reviewSettings.SetFallbackReviewers(fallbackReviewers)
requestBody.SetReviewSettings(reviewSettings)
accessPackage := graphmodels.NewAccessPackage()
id := "a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b"
accessPackage.SetId(&id)
requestBody.SetAccessPackage(accessPackage)
assignmentPolicies, err := graphClient.IdentityGovernance().EntitlementManagement().AssignmentPolicies().Post(context.Background(), requestBody, nil)
Para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider, consulte la documentación del SDK.
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
AccessPackageAssignmentPolicy accessPackageAssignmentPolicy = new AccessPackageAssignmentPolicy();
accessPackageAssignmentPolicy.setDisplayName("policy for external access requests");
accessPackageAssignmentPolicy.setDescription("policy for users from connected organizations to request access, with two stages of approval.");
accessPackageAssignmentPolicy.setAllowedTargetScope(AllowedTargetScope.AllConfiguredConnectedOrganizationUsers);
LinkedList<SubjectSet> specificAllowedTargets = new LinkedList<SubjectSet>();
accessPackageAssignmentPolicy.setSpecificAllowedTargets(specificAllowedTargets);
ExpirationPattern expiration = new ExpirationPattern();
expiration.setType(ExpirationPatternType.NoExpiration);
accessPackageAssignmentPolicy.setExpiration(expiration);
AccessPackageAssignmentRequestorSettings requestorSettings = new AccessPackageAssignmentRequestorSettings();
requestorSettings.setEnableTargetsToSelfAddAccess(true);
requestorSettings.setEnableTargetsToSelfUpdateAccess(true);
requestorSettings.setEnableTargetsToSelfRemoveAccess(true);
requestorSettings.setAllowCustomAssignmentSchedule(false);
requestorSettings.setEnableOnBehalfRequestorsToAddAccess(false);
requestorSettings.setEnableOnBehalfRequestorsToUpdateAccess(false);
requestorSettings.setEnableOnBehalfRequestorsToRemoveAccess(false);
LinkedList<SubjectSet> onBehalfRequestors = new LinkedList<SubjectSet>();
requestorSettings.setOnBehalfRequestors(onBehalfRequestors);
accessPackageAssignmentPolicy.setRequestorSettings(requestorSettings);
AccessPackageAssignmentApprovalSettings requestApprovalSettings = new AccessPackageAssignmentApprovalSettings();
requestApprovalSettings.setIsApprovalRequiredForAdd(true);
requestApprovalSettings.setIsApprovalRequiredForUpdate(false);
LinkedList<AccessPackageApprovalStage> stages = new LinkedList<AccessPackageApprovalStage>();
AccessPackageApprovalStage accessPackageApprovalStage = new AccessPackageApprovalStage();
PeriodAndDuration durationBeforeAutomaticDenial = PeriodAndDuration.ofDuration(Duration.parse("P14D"));
accessPackageApprovalStage.setDurationBeforeAutomaticDenial(durationBeforeAutomaticDenial);
accessPackageApprovalStage.setIsApproverJustificationRequired(false);
accessPackageApprovalStage.setIsEscalationEnabled(false);
PeriodAndDuration durationBeforeEscalation = PeriodAndDuration.ofDuration(Duration.parse("PT0S"));
accessPackageApprovalStage.setDurationBeforeEscalation(durationBeforeEscalation);
LinkedList<SubjectSet> primaryApprovers = new LinkedList<SubjectSet>();
InternalSponsors subjectSet = new InternalSponsors();
subjectSet.setOdataType("#microsoft.graph.internalSponsors");
primaryApprovers.add(subjectSet);
accessPackageApprovalStage.setPrimaryApprovers(primaryApprovers);
LinkedList<SubjectSet> fallbackPrimaryApprovers = new LinkedList<SubjectSet>();
SingleUser subjectSet1 = new SingleUser();
subjectSet1.setOdataType("#microsoft.graph.singleUser");
subjectSet1.setUserId("7deff43e-1f17-44ef-9e5f-d516b0ba11d4");
fallbackPrimaryApprovers.add(subjectSet1);
GroupMembers subjectSet2 = new GroupMembers();
subjectSet2.setOdataType("#microsoft.graph.groupMembers");
subjectSet2.setGroupId("1623f912-5e86-41c2-af47-39dd67582b66");
fallbackPrimaryApprovers.add(subjectSet2);
accessPackageApprovalStage.setFallbackPrimaryApprovers(fallbackPrimaryApprovers);
LinkedList<SubjectSet> escalationApprovers = new LinkedList<SubjectSet>();
accessPackageApprovalStage.setEscalationApprovers(escalationApprovers);
LinkedList<SubjectSet> fallbackEscalationApprovers = new LinkedList<SubjectSet>();
accessPackageApprovalStage.setFallbackEscalationApprovers(fallbackEscalationApprovers);
stages.add(accessPackageApprovalStage);
AccessPackageApprovalStage accessPackageApprovalStage1 = new AccessPackageApprovalStage();
PeriodAndDuration durationBeforeAutomaticDenial1 = PeriodAndDuration.ofDuration(Duration.parse("P14D"));
accessPackageApprovalStage1.setDurationBeforeAutomaticDenial(durationBeforeAutomaticDenial1);
accessPackageApprovalStage1.setIsApproverJustificationRequired(false);
accessPackageApprovalStage1.setIsEscalationEnabled(false);
PeriodAndDuration durationBeforeEscalation1 = PeriodAndDuration.ofDuration(Duration.parse("PT0S"));
accessPackageApprovalStage1.setDurationBeforeEscalation(durationBeforeEscalation1);
LinkedList<SubjectSet> primaryApprovers1 = new LinkedList<SubjectSet>();
accessPackageApprovalStage1.setPrimaryApprovers(primaryApprovers1);
LinkedList<SubjectSet> fallbackPrimaryApprovers1 = new LinkedList<SubjectSet>();
SingleUser subjectSet3 = new SingleUser();
subjectSet3.setOdataType("#microsoft.graph.singleUser");
subjectSet3.setUserId("46184453-e63b-4f20-86c2-c557ed5d5df9");
fallbackPrimaryApprovers1.add(subjectSet3);
GroupMembers subjectSet4 = new GroupMembers();
subjectSet4.setOdataType("#microsoft.graph.groupMembers");
subjectSet4.setGroupId("1623f912-5e86-41c2-af47-39dd67582b66");
fallbackPrimaryApprovers1.add(subjectSet4);
accessPackageApprovalStage1.setFallbackPrimaryApprovers(fallbackPrimaryApprovers1);
LinkedList<SubjectSet> escalationApprovers1 = new LinkedList<SubjectSet>();
accessPackageApprovalStage1.setEscalationApprovers(escalationApprovers1);
LinkedList<SubjectSet> fallbackEscalationApprovers1 = new LinkedList<SubjectSet>();
accessPackageApprovalStage1.setFallbackEscalationApprovers(fallbackEscalationApprovers1);
stages.add(accessPackageApprovalStage1);
requestApprovalSettings.setStages(stages);
accessPackageAssignmentPolicy.setRequestApprovalSettings(requestApprovalSettings);
AccessPackageAssignmentReviewSettings reviewSettings = new AccessPackageAssignmentReviewSettings();
reviewSettings.setIsEnabled(true);
reviewSettings.setExpirationBehavior(AccessReviewExpirationBehavior.KeepAccess);
reviewSettings.setIsRecommendationEnabled(true);
reviewSettings.setIsReviewerJustificationRequired(true);
reviewSettings.setIsSelfReview(false);
EntitlementManagementSchedule schedule = new EntitlementManagementSchedule();
OffsetDateTime startDateTime = OffsetDateTime.parse("2022-07-02T06:59:59.998Z");
schedule.setStartDateTime(startDateTime);
ExpirationPattern expiration1 = new ExpirationPattern();
PeriodAndDuration duration = PeriodAndDuration.ofDuration(Duration.parse("P14D"));
expiration1.setDuration(duration);
expiration1.setType(ExpirationPatternType.AfterDuration);
schedule.setExpiration(expiration1);
PatternedRecurrence recurrence = new PatternedRecurrence();
RecurrencePattern pattern = new RecurrencePattern();
pattern.setType(RecurrencePatternType.AbsoluteMonthly);
pattern.setInterval(3);
pattern.setMonth(0);
pattern.setDayOfMonth(0);
LinkedList<DayOfWeek> daysOfWeek = new LinkedList<DayOfWeek>();
pattern.setDaysOfWeek(daysOfWeek);
recurrence.setPattern(pattern);
RecurrenceRange range = new RecurrenceRange();
range.setType(RecurrenceRangeType.NoEnd);
range.setNumberOfOccurrences(0);
recurrence.setRange(range);
schedule.setRecurrence(recurrence);
reviewSettings.setSchedule(schedule);
LinkedList<SubjectSet> primaryReviewers = new LinkedList<SubjectSet>();
GroupMembers subjectSet5 = new GroupMembers();
subjectSet5.setOdataType("#microsoft.graph.groupMembers");
subjectSet5.setGroupId("1623f912-5e86-41c2-af47-39dd67582b66");
primaryReviewers.add(subjectSet5);
reviewSettings.setPrimaryReviewers(primaryReviewers);
LinkedList<SubjectSet> fallbackReviewers = new LinkedList<SubjectSet>();
reviewSettings.setFallbackReviewers(fallbackReviewers);
accessPackageAssignmentPolicy.setReviewSettings(reviewSettings);
AccessPackage accessPackage = new AccessPackage();
accessPackage.setId("a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b");
accessPackageAssignmentPolicy.setAccessPackage(accessPackage);
AccessPackageAssignmentPolicy result = graphClient.identityGovernance().entitlementManagement().assignmentPolicies().post(accessPackageAssignmentPolicy);
Para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider, consulte la documentación del SDK.
const options = {
authProvider,
};
const client = Client.init(options);
const accessPackageAssignmentPolicy = {
displayName: 'policy for external access requests',
description: 'policy for users from connected organizations to request access, with two stages of approval.',
allowedTargetScope: 'allConfiguredConnectedOrganizationUsers',
specificAllowedTargets: [],
expiration: {
type: 'noExpiration'
},
requestorSettings: {
enableTargetsToSelfAddAccess: true,
enableTargetsToSelfUpdateAccess: true,
enableTargetsToSelfRemoveAccess: true,
allowCustomAssignmentSchedule: false,
enableOnBehalfRequestorsToAddAccess: false,
enableOnBehalfRequestorsToUpdateAccess: false,
enableOnBehalfRequestorsToRemoveAccess: false,
onBehalfRequestors: []
},
requestApprovalSettings: {
isApprovalRequiredForAdd: true,
isApprovalRequiredForUpdate: false,
stages: [
{
durationBeforeAutomaticDenial: 'P14D',
isApproverJustificationRequired: false,
isEscalationEnabled: false,
durationBeforeEscalation: 'PT0S',
primaryApprovers: [
{
'@odata.type': '#microsoft.graph.internalSponsors'
}
],
fallbackPrimaryApprovers: [
{
'@odata.type': '#microsoft.graph.singleUser',
userId: '7deff43e-1f17-44ef-9e5f-d516b0ba11d4'
},
{
'@odata.type': '#microsoft.graph.groupMembers',
groupId: '1623f912-5e86-41c2-af47-39dd67582b66'
}
],
escalationApprovers: [],
fallbackEscalationApprovers: []
},
{
durationBeforeAutomaticDenial: 'P14D',
isApproverJustificationRequired: false,
isEscalationEnabled: false,
durationBeforeEscalation: 'PT0S',
primaryApprovers: [],
fallbackPrimaryApprovers: [
{
'@odata.type': '#microsoft.graph.singleUser',
userId: '46184453-e63b-4f20-86c2-c557ed5d5df9'
},
{
'@odata.type': '#microsoft.graph.groupMembers',
groupId: '1623f912-5e86-41c2-af47-39dd67582b66'
}
],
escalationApprovers: [],
fallbackEscalationApprovers: []
}
]
},
reviewSettings: {
isEnabled: true,
expirationBehavior: 'keepAccess',
isRecommendationEnabled: true,
isReviewerJustificationRequired: true,
isSelfReview: false,
schedule: {
startDateTime: '2022-07-02T06:59:59.998Z',
expiration: {
duration: 'P14D',
type: 'afterDuration'
},
recurrence: {
pattern: {
type: 'absoluteMonthly',
interval: 3,
month: 0,
dayOfMonth: 0,
daysOfWeek: []
},
range: {
type: 'noEnd',
numberOfOccurrences: 0
}
}
},
primaryReviewers: [
{
'@odata.type': '#microsoft.graph.groupMembers',
groupId: '1623f912-5e86-41c2-af47-39dd67582b66'
}
],
fallbackReviewers: []
},
accessPackage: {
id: 'a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b'
}
};
await client.api('/identityGovernance/entitlementManagement/assignmentPolicies')
.post(accessPackageAssignmentPolicy);
Para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider, consulte la documentación del SDK.
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\AccessPackageAssignmentPolicy;
use Microsoft\Graph\Generated\Models\SubjectSet;
use Microsoft\Graph\Generated\Models\ExpirationPattern;
use Microsoft\Graph\Generated\Models\AccessPackageAssignmentRequestorSettings;
use Microsoft\Graph\Generated\Models\AccessPackageAssignmentApprovalSettings;
use Microsoft\Graph\Generated\Models\AccessPackageApprovalStage;
use Microsoft\Graph\Generated\Models\InternalSponsors;
use Microsoft\Graph\Generated\Models\SingleUser;
use Microsoft\Graph\Generated\Models\GroupMembers;
use Microsoft\Graph\Generated\Models\AccessPackageAssignmentReviewSettings;
use Microsoft\Graph\Generated\Models\EntitlementManagementSchedule;
use Microsoft\Graph\Generated\Models\PatternedRecurrence;
use Microsoft\Graph\Generated\Models\RecurrencePattern;
use Microsoft\Graph\Generated\Models\DayOfWeek;
use Microsoft\Graph\Generated\Models\RecurrenceRange;
use Microsoft\Graph\Generated\Models\AccessPackage;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new AccessPackageAssignmentPolicy();
$requestBody->setDisplayName('policy for external access requests');
$requestBody->setDescription('policy for users from connected organizations to request access, with two stages of approval.');
$requestBody->setAllowedTargetScope(new AllowedTargetScope('allConfiguredConnectedOrganizationUsers'));
$requestBody->setSpecificAllowedTargets([ ]);
$expiration = new ExpirationPattern();
$expiration->setType(new ExpirationPatternType('noExpiration'));
$requestBody->setExpiration($expiration);
$requestorSettings = new AccessPackageAssignmentRequestorSettings();
$requestorSettings->setEnableTargetsToSelfAddAccess(true);
$requestorSettings->setEnableTargetsToSelfUpdateAccess(true);
$requestorSettings->setEnableTargetsToSelfRemoveAccess(true);
$requestorSettings->setAllowCustomAssignmentSchedule(false);
$requestorSettings->setEnableOnBehalfRequestorsToAddAccess(false);
$requestorSettings->setEnableOnBehalfRequestorsToUpdateAccess(false);
$requestorSettings->setEnableOnBehalfRequestorsToRemoveAccess(false);
$requestorSettings->setOnBehalfRequestors([ ]);
$requestBody->setRequestorSettings($requestorSettings);
$requestApprovalSettings = new AccessPackageAssignmentApprovalSettings();
$requestApprovalSettings->setIsApprovalRequiredForAdd(true);
$requestApprovalSettings->setIsApprovalRequiredForUpdate(false);
$stagesAccessPackageApprovalStage1 = new AccessPackageApprovalStage();
$stagesAccessPackageApprovalStage1->setDurationBeforeAutomaticDenial(new \DateInterval('P14D'));
$stagesAccessPackageApprovalStage1->setIsApproverJustificationRequired(false);
$stagesAccessPackageApprovalStage1->setIsEscalationEnabled(false);
$stagesAccessPackageApprovalStage1->setDurationBeforeEscalation(new \DateInterval('PT0S'));
$primaryApproversSubjectSet1 = new InternalSponsors();
$primaryApproversSubjectSet1->setOdataType('#microsoft.graph.internalSponsors');
$primaryApproversArray []= $primaryApproversSubjectSet1;
$stagesAccessPackageApprovalStage1->setPrimaryApprovers($primaryApproversArray);
$fallbackPrimaryApproversSubjectSet1 = new SingleUser();
$fallbackPrimaryApproversSubjectSet1->setOdataType('#microsoft.graph.singleUser');
$fallbackPrimaryApproversSubjectSet1->setUserId('7deff43e-1f17-44ef-9e5f-d516b0ba11d4');
$fallbackPrimaryApproversArray []= $fallbackPrimaryApproversSubjectSet1;
$fallbackPrimaryApproversSubjectSet2 = new GroupMembers();
$fallbackPrimaryApproversSubjectSet2->setOdataType('#microsoft.graph.groupMembers');
$fallbackPrimaryApproversSubjectSet2->setGroupId('1623f912-5e86-41c2-af47-39dd67582b66');
$fallbackPrimaryApproversArray []= $fallbackPrimaryApproversSubjectSet2;
$stagesAccessPackageApprovalStage1->setFallbackPrimaryApprovers($fallbackPrimaryApproversArray);
$stagesAccessPackageApprovalStage1->setEscalationApprovers([]);
$stagesAccessPackageApprovalStage1->setFallbackEscalationApprovers([]);
$stagesArray []= $stagesAccessPackageApprovalStage1;
$stagesAccessPackageApprovalStage2 = new AccessPackageApprovalStage();
$stagesAccessPackageApprovalStage2->setDurationBeforeAutomaticDenial(new \DateInterval('P14D'));
$stagesAccessPackageApprovalStage2->setIsApproverJustificationRequired(false);
$stagesAccessPackageApprovalStage2->setIsEscalationEnabled(false);
$stagesAccessPackageApprovalStage2->setDurationBeforeEscalation(new \DateInterval('PT0S'));
$stagesAccessPackageApprovalStage2->setPrimaryApprovers([]);
$fallbackPrimaryApproversSubjectSet1 = new SingleUser();
$fallbackPrimaryApproversSubjectSet1->setOdataType('#microsoft.graph.singleUser');
$fallbackPrimaryApproversSubjectSet1->setUserId('46184453-e63b-4f20-86c2-c557ed5d5df9');
$fallbackPrimaryApproversArray []= $fallbackPrimaryApproversSubjectSet1;
$fallbackPrimaryApproversSubjectSet2 = new GroupMembers();
$fallbackPrimaryApproversSubjectSet2->setOdataType('#microsoft.graph.groupMembers');
$fallbackPrimaryApproversSubjectSet2->setGroupId('1623f912-5e86-41c2-af47-39dd67582b66');
$fallbackPrimaryApproversArray []= $fallbackPrimaryApproversSubjectSet2;
$stagesAccessPackageApprovalStage2->setFallbackPrimaryApprovers($fallbackPrimaryApproversArray);
$stagesAccessPackageApprovalStage2->setEscalationApprovers([]);
$stagesAccessPackageApprovalStage2->setFallbackEscalationApprovers([]);
$stagesArray []= $stagesAccessPackageApprovalStage2;
$requestApprovalSettings->setStages($stagesArray);
$requestBody->setRequestApprovalSettings($requestApprovalSettings);
$reviewSettings = new AccessPackageAssignmentReviewSettings();
$reviewSettings->setIsEnabled(true);
$reviewSettings->setExpirationBehavior(new AccessReviewExpirationBehavior('keepAccess'));
$reviewSettings->setIsRecommendationEnabled(true);
$reviewSettings->setIsReviewerJustificationRequired(true);
$reviewSettings->setIsSelfReview(false);
$reviewSettingsSchedule = new EntitlementManagementSchedule();
$reviewSettingsSchedule->setStartDateTime(new \DateTime('2022-07-02T06:59:59.998Z'));
$reviewSettingsScheduleExpiration = new ExpirationPattern();
$reviewSettingsScheduleExpiration->setDuration(new \DateInterval('P14D'));
$reviewSettingsScheduleExpiration->setType(new ExpirationPatternType('afterDuration'));
$reviewSettingsSchedule->setExpiration($reviewSettingsScheduleExpiration);
$reviewSettingsScheduleRecurrence = new PatternedRecurrence();
$reviewSettingsScheduleRecurrencePattern = new RecurrencePattern();
$reviewSettingsScheduleRecurrencePattern->setType(new RecurrencePatternType('absoluteMonthly'));
$reviewSettingsScheduleRecurrencePattern->setInterval(3);
$reviewSettingsScheduleRecurrencePattern->setMonth(0);
$reviewSettingsScheduleRecurrencePattern->setDayOfMonth(0);
$reviewSettingsScheduleRecurrencePattern->setDaysOfWeek([]);
$reviewSettingsScheduleRecurrence->setPattern($reviewSettingsScheduleRecurrencePattern);
$reviewSettingsScheduleRecurrenceRange = new RecurrenceRange();
$reviewSettingsScheduleRecurrenceRange->setType(new RecurrenceRangeType('noEnd'));
$reviewSettingsScheduleRecurrenceRange->setNumberOfOccurrences(0);
$reviewSettingsScheduleRecurrence->setRange($reviewSettingsScheduleRecurrenceRange);
$reviewSettingsSchedule->setRecurrence($reviewSettingsScheduleRecurrence);
$reviewSettings->setSchedule($reviewSettingsSchedule);
$primaryReviewersSubjectSet1 = new GroupMembers();
$primaryReviewersSubjectSet1->setOdataType('#microsoft.graph.groupMembers');
$primaryReviewersSubjectSet1->setGroupId('1623f912-5e86-41c2-af47-39dd67582b66');
$primaryReviewersArray []= $primaryReviewersSubjectSet1;
$reviewSettings->setPrimaryReviewers($primaryReviewersArray);
$reviewSettings->setFallbackReviewers([]);
$requestBody->setReviewSettings($reviewSettings);
$accessPackage = new AccessPackage();
$accessPackage->setId('a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b');
$requestBody->setAccessPackage($accessPackage);
$result = $graphServiceClient->identityGovernance()->entitlementManagement()->assignmentPolicies()->post($requestBody)->wait();
Para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider, consulte la documentación del SDK.
Import-Module Microsoft.Graph.Identity.Governance
$params = @{
displayName = "policy for external access requests"
description = "policy for users from connected organizations to request access, with two stages of approval."
allowedTargetScope = "allConfiguredConnectedOrganizationUsers"
specificAllowedTargets = @(
)
expiration = @{
type = "noExpiration"
}
requestorSettings = @{
enableTargetsToSelfAddAccess = $true
enableTargetsToSelfUpdateAccess = $true
enableTargetsToSelfRemoveAccess = $true
allowCustomAssignmentSchedule = $false
enableOnBehalfRequestorsToAddAccess = $false
enableOnBehalfRequestorsToUpdateAccess = $false
enableOnBehalfRequestorsToRemoveAccess = $false
onBehalfRequestors = @(
)
}
requestApprovalSettings = @{
isApprovalRequiredForAdd = $true
isApprovalRequiredForUpdate = $false
stages = @(
@{
durationBeforeAutomaticDenial = "P14D"
isApproverJustificationRequired = $false
isEscalationEnabled = $false
durationBeforeEscalation = "PT0S"
primaryApprovers = @(
@{
"@odata.type" = "#microsoft.graph.internalSponsors"
}
)
fallbackPrimaryApprovers = @(
@{
"@odata.type" = "#microsoft.graph.singleUser"
userId = "7deff43e-1f17-44ef-9e5f-d516b0ba11d4"
}
@{
"@odata.type" = "#microsoft.graph.groupMembers"
groupId = "1623f912-5e86-41c2-af47-39dd67582b66"
}
)
escalationApprovers = @(
)
fallbackEscalationApprovers = @(
)
}
@{
durationBeforeAutomaticDenial = "P14D"
isApproverJustificationRequired = $false
isEscalationEnabled = $false
durationBeforeEscalation = "PT0S"
primaryApprovers = @(
)
fallbackPrimaryApprovers = @(
@{
"@odata.type" = "#microsoft.graph.singleUser"
userId = "46184453-e63b-4f20-86c2-c557ed5d5df9"
}
@{
"@odata.type" = "#microsoft.graph.groupMembers"
groupId = "1623f912-5e86-41c2-af47-39dd67582b66"
}
)
escalationApprovers = @(
)
fallbackEscalationApprovers = @(
)
}
)
}
reviewSettings = @{
isEnabled = $true
expirationBehavior = "keepAccess"
isRecommendationEnabled = $true
isReviewerJustificationRequired = $true
isSelfReview = $false
schedule = @{
startDateTime = [System.DateTime]::Parse("2022-07-02T06:59:59.998Z")
expiration = @{
duration = "P14D"
type = "afterDuration"
}
recurrence = @{
pattern = @{
type = "absoluteMonthly"
interval = 3
month = 0
dayOfMonth = 0
daysOfWeek = @(
)
}
range = @{
type = "noEnd"
numberOfOccurrences = 0
}
}
}
primaryReviewers = @(
@{
"@odata.type" = "#microsoft.graph.groupMembers"
groupId = "1623f912-5e86-41c2-af47-39dd67582b66"
}
)
fallbackReviewers = @(
)
}
accessPackage = @{
id = "a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b"
}
}
New-MgEntitlementManagementAssignmentPolicy -BodyParameter $params
Para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider, consulte la documentación del SDK.
from msgraph import GraphServiceClient
from msgraph.generated.models.access_package_assignment_policy import AccessPackageAssignmentPolicy
from msgraph.generated.models.subject_set import SubjectSet
from msgraph.generated.models.expiration_pattern import ExpirationPattern
from msgraph.generated.models.access_package_assignment_requestor_settings import AccessPackageAssignmentRequestorSettings
from msgraph.generated.models.access_package_assignment_approval_settings import AccessPackageAssignmentApprovalSettings
from msgraph.generated.models.access_package_approval_stage import AccessPackageApprovalStage
from msgraph.generated.models.internal_sponsors import InternalSponsors
from msgraph.generated.models.single_user import SingleUser
from msgraph.generated.models.group_members import GroupMembers
from msgraph.generated.models.access_package_assignment_review_settings import AccessPackageAssignmentReviewSettings
from msgraph.generated.models.entitlement_management_schedule import EntitlementManagementSchedule
from msgraph.generated.models.patterned_recurrence import PatternedRecurrence
from msgraph.generated.models.recurrence_pattern import RecurrencePattern
from msgraph.generated.models.day_of_week import DayOfWeek
from msgraph.generated.models.recurrence_range import RecurrenceRange
from msgraph.generated.models.access_package import AccessPackage
graph_client = GraphServiceClient(credentials, scopes)
request_body = AccessPackageAssignmentPolicy(
display_name = "policy for external access requests",
description = "policy for users from connected organizations to request access, with two stages of approval.",
allowed_target_scope = AllowedTargetScope.AllConfiguredConnectedOrganizationUsers,
specific_allowed_targets = [
],
expiration = ExpirationPattern(
type = ExpirationPatternType.NoExpiration,
),
requestor_settings = AccessPackageAssignmentRequestorSettings(
enable_targets_to_self_add_access = True,
enable_targets_to_self_update_access = True,
enable_targets_to_self_remove_access = True,
allow_custom_assignment_schedule = False,
enable_on_behalf_requestors_to_add_access = False,
enable_on_behalf_requestors_to_update_access = False,
enable_on_behalf_requestors_to_remove_access = False,
on_behalf_requestors = [
],
),
request_approval_settings = AccessPackageAssignmentApprovalSettings(
is_approval_required_for_add = True,
is_approval_required_for_update = False,
stages = [
AccessPackageApprovalStage(
duration_before_automatic_denial = "P14D",
is_approver_justification_required = False,
is_escalation_enabled = False,
duration_before_escalation = "PT0S",
primary_approvers = [
InternalSponsors(
odata_type = "#microsoft.graph.internalSponsors",
),
],
fallback_primary_approvers = [
SingleUser(
odata_type = "#microsoft.graph.singleUser",
user_id = "7deff43e-1f17-44ef-9e5f-d516b0ba11d4",
),
GroupMembers(
odata_type = "#microsoft.graph.groupMembers",
group_id = "1623f912-5e86-41c2-af47-39dd67582b66",
),
],
escalation_approvers = [
],
fallback_escalation_approvers = [
],
),
AccessPackageApprovalStage(
duration_before_automatic_denial = "P14D",
is_approver_justification_required = False,
is_escalation_enabled = False,
duration_before_escalation = "PT0S",
primary_approvers = [
],
fallback_primary_approvers = [
SingleUser(
odata_type = "#microsoft.graph.singleUser",
user_id = "46184453-e63b-4f20-86c2-c557ed5d5df9",
),
GroupMembers(
odata_type = "#microsoft.graph.groupMembers",
group_id = "1623f912-5e86-41c2-af47-39dd67582b66",
),
],
escalation_approvers = [
],
fallback_escalation_approvers = [
],
),
],
),
review_settings = AccessPackageAssignmentReviewSettings(
is_enabled = True,
expiration_behavior = AccessReviewExpirationBehavior.KeepAccess,
is_recommendation_enabled = True,
is_reviewer_justification_required = True,
is_self_review = False,
schedule = EntitlementManagementSchedule(
start_date_time = "2022-07-02T06:59:59.998Z",
expiration = ExpirationPattern(
duration = "P14D",
type = ExpirationPatternType.AfterDuration,
),
recurrence = PatternedRecurrence(
pattern = RecurrencePattern(
type = RecurrencePatternType.AbsoluteMonthly,
interval = 3,
month = 0,
day_of_month = 0,
days_of_week = [
],
),
range = RecurrenceRange(
type = RecurrenceRangeType.NoEnd,
number_of_occurrences = 0,
),
),
),
primary_reviewers = [
GroupMembers(
odata_type = "#microsoft.graph.groupMembers",
group_id = "1623f912-5e86-41c2-af47-39dd67582b66",
),
],
fallback_reviewers = [
],
),
access_package = AccessPackage(
id = "a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b",
),
)
result = await graph_client.identity_governance.entitlement_management.assignment_policies.post(request_body)
Para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider, consulte la documentación del SDK.
Respuesta
Nota: Se puede acortar el objeto de respuesta que se muestra aquí para mejorar la legibilidad.
HTTP/1.1 201 Created
Content-Type: application/json
{
"id": "9d8f2361-39be-482e-b267-34ad6baef4d3",
"displayName": "policy for external access requests",
"description": "policy for users from connected organizations to request access, with two stages of approval."
}
Ejemplo 3: Creación de una directiva que crea automáticamente asignaciones basadas en una regla de pertenencia
En el ejemplo siguiente se muestra una directiva que crea automáticamente asignaciones para los usuarios del departamento de ventas.
Solicitud
POST https://graph.microsoft.com/v1.0/identityGovernance/entitlementManagement/assignmentPolicies
Content-Type: application/json
{
"displayName": "Sales department users",
"description": "All users from sales department",
"allowedTargetScope": "specificDirectoryUsers",
"specificAllowedTargets": [
{
"@odata.type": "#microsoft.graph.attributeRuleMembers",
"description": "Membership rule for all users from sales department",
"membershipRule": "(user.department -eq \"Sales\")"
}
],
"automaticRequestSettings": {
"requestAccessForAllowedTargets": true,
"removeAccessWhenTargetLeavesAllowedTargets": true,
"gracePeriodBeforeAccessRemoval": "P7D"
},
"accessPackage": {
"id": "8a36831e-1527-4b2b-aff2-81259a8d8e76"
}
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Models;
var requestBody = new AccessPackageAssignmentPolicy
{
DisplayName = "Sales department users",
Description = "All users from sales department",
AllowedTargetScope = AllowedTargetScope.SpecificDirectoryUsers,
SpecificAllowedTargets = new List<SubjectSet>
{
new AttributeRuleMembers
{
OdataType = "#microsoft.graph.attributeRuleMembers",
Description = "Membership rule for all users from sales department",
MembershipRule = "(user.department -eq \"Sales\")",
},
},
AutomaticRequestSettings = new AccessPackageAutomaticRequestSettings
{
RequestAccessForAllowedTargets = true,
RemoveAccessWhenTargetLeavesAllowedTargets = true,
GracePeriodBeforeAccessRemoval = TimeSpan.Parse("P7D"),
},
AccessPackage = new AccessPackage
{
Id = "8a36831e-1527-4b2b-aff2-81259a8d8e76",
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.EntitlementManagement.AssignmentPolicies.PostAsync(requestBody);
Para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider, consulte la documentación del SDK.
// THE CLI IS IN PREVIEW. NON-PRODUCTION USE ONLY
mgc identity-governance entitlement-management assignment-policies create --body '{\
"displayName": "Sales department users",\
"description": "All users from sales department",\
"allowedTargetScope": "specificDirectoryUsers",\
"specificAllowedTargets": [\
{\
"@odata.type": "#microsoft.graph.attributeRuleMembers",\
"description": "Membership rule for all users from sales department",\
"membershipRule": "(user.department -eq \"Sales\")"\
}\
],\
"automaticRequestSettings": {\
"requestAccessForAllowedTargets": true,\
"removeAccessWhenTargetLeavesAllowedTargets": true,\
"gracePeriodBeforeAccessRemoval": "P7D"\
},\
"accessPackage": {\
"id": "8a36831e-1527-4b2b-aff2-81259a8d8e76"\
}\
}\
'
Para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider, consulte la documentación del SDK.
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
//other-imports
)
graphClient := msgraphsdk.NewGraphServiceClientWithCredentials(cred, scopes)
requestBody := graphmodels.NewAccessPackageAssignmentPolicy()
displayName := "Sales department users"
requestBody.SetDisplayName(&displayName)
description := "All users from sales department"
requestBody.SetDescription(&description)
allowedTargetScope := graphmodels.SPECIFICDIRECTORYUSERS_ALLOWEDTARGETSCOPE
requestBody.SetAllowedTargetScope(&allowedTargetScope)
subjectSet := graphmodels.NewAttributeRuleMembers()
description := "Membership rule for all users from sales department"
subjectSet.SetDescription(&description)
membershipRule := "(user.department -eq \"Sales\")"
subjectSet.SetMembershipRule(&membershipRule)
specificAllowedTargets := []graphmodels.SubjectSetable {
subjectSet,
}
requestBody.SetSpecificAllowedTargets(specificAllowedTargets)
automaticRequestSettings := graphmodels.NewAccessPackageAutomaticRequestSettings()
requestAccessForAllowedTargets := true
automaticRequestSettings.SetRequestAccessForAllowedTargets(&requestAccessForAllowedTargets)
removeAccessWhenTargetLeavesAllowedTargets := true
automaticRequestSettings.SetRemoveAccessWhenTargetLeavesAllowedTargets(&removeAccessWhenTargetLeavesAllowedTargets)
gracePeriodBeforeAccessRemoval , err := abstractions.ParseISODuration("P7D")
automaticRequestSettings.SetGracePeriodBeforeAccessRemoval(&gracePeriodBeforeAccessRemoval)
requestBody.SetAutomaticRequestSettings(automaticRequestSettings)
accessPackage := graphmodels.NewAccessPackage()
id := "8a36831e-1527-4b2b-aff2-81259a8d8e76"
accessPackage.SetId(&id)
requestBody.SetAccessPackage(accessPackage)
assignmentPolicies, err := graphClient.IdentityGovernance().EntitlementManagement().AssignmentPolicies().Post(context.Background(), requestBody, nil)
Para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider, consulte la documentación del SDK.
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
AccessPackageAssignmentPolicy accessPackageAssignmentPolicy = new AccessPackageAssignmentPolicy();
accessPackageAssignmentPolicy.setDisplayName("Sales department users");
accessPackageAssignmentPolicy.setDescription("All users from sales department");
accessPackageAssignmentPolicy.setAllowedTargetScope(AllowedTargetScope.SpecificDirectoryUsers);
LinkedList<SubjectSet> specificAllowedTargets = new LinkedList<SubjectSet>();
AttributeRuleMembers subjectSet = new AttributeRuleMembers();
subjectSet.setOdataType("#microsoft.graph.attributeRuleMembers");
subjectSet.setDescription("Membership rule for all users from sales department");
subjectSet.setMembershipRule("(user.department -eq \"Sales\")");
specificAllowedTargets.add(subjectSet);
accessPackageAssignmentPolicy.setSpecificAllowedTargets(specificAllowedTargets);
AccessPackageAutomaticRequestSettings automaticRequestSettings = new AccessPackageAutomaticRequestSettings();
automaticRequestSettings.setRequestAccessForAllowedTargets(true);
automaticRequestSettings.setRemoveAccessWhenTargetLeavesAllowedTargets(true);
PeriodAndDuration gracePeriodBeforeAccessRemoval = PeriodAndDuration.ofDuration(Duration.parse("P7D"));
automaticRequestSettings.setGracePeriodBeforeAccessRemoval(gracePeriodBeforeAccessRemoval);
accessPackageAssignmentPolicy.setAutomaticRequestSettings(automaticRequestSettings);
AccessPackage accessPackage = new AccessPackage();
accessPackage.setId("8a36831e-1527-4b2b-aff2-81259a8d8e76");
accessPackageAssignmentPolicy.setAccessPackage(accessPackage);
AccessPackageAssignmentPolicy result = graphClient.identityGovernance().entitlementManagement().assignmentPolicies().post(accessPackageAssignmentPolicy);
Para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider, consulte la documentación del SDK.
const options = {
authProvider,
};
const client = Client.init(options);
const accessPackageAssignmentPolicy = {
displayName: 'Sales department users',
description: 'All users from sales department',
allowedTargetScope: 'specificDirectoryUsers',
specificAllowedTargets: [
{
'@odata.type': '#microsoft.graph.attributeRuleMembers',
description: 'Membership rule for all users from sales department',
membershipRule: '(user.department -eq \"Sales\")'
}
],
automaticRequestSettings: {
requestAccessForAllowedTargets: true,
removeAccessWhenTargetLeavesAllowedTargets: true,
gracePeriodBeforeAccessRemoval: 'P7D'
},
accessPackage: {
id: '8a36831e-1527-4b2b-aff2-81259a8d8e76'
}
};
await client.api('/identityGovernance/entitlementManagement/assignmentPolicies')
.post(accessPackageAssignmentPolicy);
Para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider, consulte la documentación del SDK.
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\AccessPackageAssignmentPolicy;
use Microsoft\Graph\Generated\Models\SubjectSet;
use Microsoft\Graph\Generated\Models\AttributeRuleMembers;
use Microsoft\Graph\Generated\Models\AccessPackageAutomaticRequestSettings;
use Microsoft\Graph\Generated\Models\AccessPackage;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new AccessPackageAssignmentPolicy();
$requestBody->setDisplayName('Sales department users');
$requestBody->setDescription('All users from sales department');
$requestBody->setAllowedTargetScope(new AllowedTargetScope('specificDirectoryUsers'));
$specificAllowedTargetsSubjectSet1 = new AttributeRuleMembers();
$specificAllowedTargetsSubjectSet1->setOdataType('#microsoft.graph.attributeRuleMembers');
$specificAllowedTargetsSubjectSet1->setDescription('Membership rule for all users from sales department');
$specificAllowedTargetsSubjectSet1->setMembershipRule('(user.department -eq \"Sales\")');
$specificAllowedTargetsArray []= $specificAllowedTargetsSubjectSet1;
$requestBody->setSpecificAllowedTargets($specificAllowedTargetsArray);
$automaticRequestSettings = new AccessPackageAutomaticRequestSettings();
$automaticRequestSettings->setRequestAccessForAllowedTargets(true);
$automaticRequestSettings->setRemoveAccessWhenTargetLeavesAllowedTargets(true);
$automaticRequestSettings->setGracePeriodBeforeAccessRemoval(new \DateInterval('P7D'));
$requestBody->setAutomaticRequestSettings($automaticRequestSettings);
$accessPackage = new AccessPackage();
$accessPackage->setId('8a36831e-1527-4b2b-aff2-81259a8d8e76');
$requestBody->setAccessPackage($accessPackage);
$result = $graphServiceClient->identityGovernance()->entitlementManagement()->assignmentPolicies()->post($requestBody)->wait();
Para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider, consulte la documentación del SDK.
Import-Module Microsoft.Graph.Identity.Governance
$params = @{
displayName = "Sales department users"
description = "All users from sales department"
allowedTargetScope = "specificDirectoryUsers"
specificAllowedTargets = @(
@{
"@odata.type" = "#microsoft.graph.attributeRuleMembers"
description = "Membership rule for all users from sales department"
membershipRule = "(user.department -eq "Sales")"
}
)
automaticRequestSettings = @{
requestAccessForAllowedTargets = $true
removeAccessWhenTargetLeavesAllowedTargets = $true
gracePeriodBeforeAccessRemoval = "P7D"
}
accessPackage = @{
id = "8a36831e-1527-4b2b-aff2-81259a8d8e76"
}
}
New-MgEntitlementManagementAssignmentPolicy -BodyParameter $params
Para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider, consulte la documentación del SDK.
from msgraph import GraphServiceClient
from msgraph.generated.models.access_package_assignment_policy import AccessPackageAssignmentPolicy
from msgraph.generated.models.subject_set import SubjectSet
from msgraph.generated.models.attribute_rule_members import AttributeRuleMembers
from msgraph.generated.models.access_package_automatic_request_settings import AccessPackageAutomaticRequestSettings
from msgraph.generated.models.access_package import AccessPackage
graph_client = GraphServiceClient(credentials, scopes)
request_body = AccessPackageAssignmentPolicy(
display_name = "Sales department users",
description = "All users from sales department",
allowed_target_scope = AllowedTargetScope.SpecificDirectoryUsers,
specific_allowed_targets = [
AttributeRuleMembers(
odata_type = "#microsoft.graph.attributeRuleMembers",
description = "Membership rule for all users from sales department",
membership_rule = "(user.department -eq \"Sales\")",
),
],
automatic_request_settings = AccessPackageAutomaticRequestSettings(
request_access_for_allowed_targets = True,
remove_access_when_target_leaves_allowed_targets = True,
grace_period_before_access_removal = "P7D",
),
access_package = AccessPackage(
id = "8a36831e-1527-4b2b-aff2-81259a8d8e76",
),
)
result = await graph_client.identity_governance.entitlement_management.assignment_policies.post(request_body)
Para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider, consulte la documentación del SDK.
Respuesta
Nota: Se puede acortar el objeto de respuesta que se muestra aquí para mejorar la legibilidad.
HTTP/1.1 201 Created
Content-Type: application/json
{
"id": "962493bb-be02-4aeb-a233-a205bbfe1d8d",
"displayName": "Sales department users",
"description": "All users from sales department"
}
Ejemplo 4: Cree una directiva en la que se pida a los solicitantes que respondan a las preguntas mientras solicitan acceso para proporcionar información adicional a los aprobadores.
En el ejemplo siguiente se muestra una directiva que crea automáticamente asignaciones para los usuarios del departamento de ventas.
Solicitud
POST https://graph.microsoft.com/v1.0/identityGovernance/entitlementManagement/assignmentPolicies
Content-Type: application/json
{
"displayName": "A Policy With Questions",
"description": "",
"allowedTargetScope": "allMemberUsers",
"expiration": {
"type": "noExpiration"
},
"requestorSettings": {
"enableTargetsToSelfAddAccess": "true",
"enableTargetsToSelfUpdateAccess": "true",
"enableTargetsToSelfRemoveAccess": "true"
},
"requestApprovalSettings": {
"isApprovalRequiredForAdd": "true",
"isApprovalRequiredForUpdate": "true",
"stages": [
{
"durationBeforeAutomaticDenial": "P7D",
"isApproverJustificationRequired": "false",
"isEscalationEnabled": "false",
"fallbackPrimaryApprovers": [],
"escalationApprovers": [],
"fallbackEscalationApprovers": [],
"primaryApprovers": [
{
"@odata.type": "#microsoft.graph.singleUser",
"userId": "08a551cb-575a-4343-b914-f6e42798bd20"
}
]
}
]
},
"questions": [
{
"@odata.type": "#microsoft.graph.accessPackageMultipleChoiceQuestion",
"sequence": "1",
"isRequired": "true",
"isAnswerEditable": "true",
"text": "What country are you working from?",
"isMultipleSelectionAllowed": "false",
"choices": [
{
"@odata.type": "microsoft.graph.accessPackageAnswerChoice",
"actualValue": "KE",
"text": "Kenya"
},
{
"@odata.type": "microsoft.graph.accessPackageAnswerChoice",
"actualValue": "US",
"text": "United States"
},
{
"@odata.type": "microsoft.graph.accessPackageAnswerChoice",
"actualValue": "GY",
"text": "Guyana"
},
{
"@odata.type": "microsoft.graph.accessPackageAnswerChoice",
"actualValue": "BD",
"text": "Bangladesh"
},
{
"@odata.type": "microsoft.graph.accessPackageAnswerChoice",
"actualValue": "JP",
"text": "Japan"
}
]
},
{
"@odata.type": "#microsoft.graph.accessPackageTextInputQuestion",
"sequence": "2",
"isRequired": "true",
"isAnswerEditable": "true",
"text": "What do you do for work?",
"localizations": [
{
"languageCode": "fr-CA",
"text": "Que fais-tu comme travail?"
}
],
"isSingleLineQuestion": "false",
"regexPattern": "[a-zA-Z]+[a-zA-Z\\s]*"
}
],
"accessPackage": {
"id": "977c7ff4-ef8f-4910-9d31-49048ddf3120"
}
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Models;
var requestBody = new AccessPackageAssignmentPolicy
{
DisplayName = "A Policy With Questions",
Description = "",
AllowedTargetScope = AllowedTargetScope.AllMemberUsers,
Expiration = new ExpirationPattern
{
Type = ExpirationPatternType.NoExpiration,
},
RequestorSettings = new AccessPackageAssignmentRequestorSettings
{
EnableTargetsToSelfAddAccess = true,
EnableTargetsToSelfUpdateAccess = true,
EnableTargetsToSelfRemoveAccess = true,
},
RequestApprovalSettings = new AccessPackageAssignmentApprovalSettings
{
IsApprovalRequiredForAdd = true,
IsApprovalRequiredForUpdate = true,
Stages = new List<AccessPackageApprovalStage>
{
new AccessPackageApprovalStage
{
DurationBeforeAutomaticDenial = TimeSpan.Parse("P7D"),
IsApproverJustificationRequired = false,
IsEscalationEnabled = false,
FallbackPrimaryApprovers = new List<SubjectSet>
{
},
EscalationApprovers = new List<SubjectSet>
{
},
FallbackEscalationApprovers = new List<SubjectSet>
{
},
PrimaryApprovers = new List<SubjectSet>
{
new SingleUser
{
OdataType = "#microsoft.graph.singleUser",
UserId = "08a551cb-575a-4343-b914-f6e42798bd20",
},
},
},
},
},
Questions = new List<AccessPackageQuestion>
{
new AccessPackageMultipleChoiceQuestion
{
OdataType = "#microsoft.graph.accessPackageMultipleChoiceQuestion",
Sequence = 1,
IsRequired = true,
IsAnswerEditable = true,
Text = "What country are you working from?",
IsMultipleSelectionAllowed = false,
Choices = new List<AccessPackageAnswerChoice>
{
new AccessPackageAnswerChoice
{
OdataType = "microsoft.graph.accessPackageAnswerChoice",
ActualValue = "KE",
Text = "Kenya",
},
new AccessPackageAnswerChoice
{
OdataType = "microsoft.graph.accessPackageAnswerChoice",
ActualValue = "US",
Text = "United States",
},
new AccessPackageAnswerChoice
{
OdataType = "microsoft.graph.accessPackageAnswerChoice",
ActualValue = "GY",
Text = "Guyana",
},
new AccessPackageAnswerChoice
{
OdataType = "microsoft.graph.accessPackageAnswerChoice",
ActualValue = "BD",
Text = "Bangladesh",
},
new AccessPackageAnswerChoice
{
OdataType = "microsoft.graph.accessPackageAnswerChoice",
ActualValue = "JP",
Text = "Japan",
},
},
},
new AccessPackageTextInputQuestion
{
OdataType = "#microsoft.graph.accessPackageTextInputQuestion",
Sequence = 2,
IsRequired = true,
IsAnswerEditable = true,
Text = "What do you do for work?",
Localizations = new List<AccessPackageLocalizedText>
{
new AccessPackageLocalizedText
{
LanguageCode = "fr-CA",
Text = "Que fais-tu comme travail?",
},
},
IsSingleLineQuestion = false,
RegexPattern = "[a-zA-Z]+[a-zA-Z\s]*",
},
},
AccessPackage = new AccessPackage
{
Id = "977c7ff4-ef8f-4910-9d31-49048ddf3120",
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.EntitlementManagement.AssignmentPolicies.PostAsync(requestBody);
Para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider, consulte la documentación del SDK.
// THE CLI IS IN PREVIEW. NON-PRODUCTION USE ONLY
mgc identity-governance entitlement-management assignment-policies create --body '{\
"displayName": "A Policy With Questions",\
"description": "",\
"allowedTargetScope": "allMemberUsers",\
"expiration": {\
"type": "noExpiration"\
},\
"requestorSettings": {\
"enableTargetsToSelfAddAccess": "true",\
"enableTargetsToSelfUpdateAccess": "true",\
"enableTargetsToSelfRemoveAccess": "true"\
},\
"requestApprovalSettings": {\
"isApprovalRequiredForAdd": "true",\
"isApprovalRequiredForUpdate": "true",\
"stages": [\
{\
"durationBeforeAutomaticDenial": "P7D",\
"isApproverJustificationRequired": "false",\
"isEscalationEnabled": "false",\
"fallbackPrimaryApprovers": [],\
"escalationApprovers": [],\
"fallbackEscalationApprovers": [],\
"primaryApprovers": [\
{\
"@odata.type": "#microsoft.graph.singleUser",\
"userId": "08a551cb-575a-4343-b914-f6e42798bd20"\
}\
]\
}\
]\
},\
"questions": [\
{\
"@odata.type": "#microsoft.graph.accessPackageMultipleChoiceQuestion",\
"sequence": "1",\
"isRequired": "true",\
"isAnswerEditable": "true",\
"text": "What country are you working from?",\
"isMultipleSelectionAllowed": "false",\
"choices": [\
{\
"@odata.type": "microsoft.graph.accessPackageAnswerChoice",\
"actualValue": "KE",\
"text": "Kenya"\
},\
{\
"@odata.type": "microsoft.graph.accessPackageAnswerChoice",\
"actualValue": "US",\
"text": "United States"\
},\
{\
"@odata.type": "microsoft.graph.accessPackageAnswerChoice",\
"actualValue": "GY",\
"text": "Guyana"\
},\
{\
"@odata.type": "microsoft.graph.accessPackageAnswerChoice",\
"actualValue": "BD",\
"text": "Bangladesh"\
},\
{\
"@odata.type": "microsoft.graph.accessPackageAnswerChoice",\
"actualValue": "JP",\
"text": "Japan"\
}\
]\
},\
{\
"@odata.type": "#microsoft.graph.accessPackageTextInputQuestion",\
"sequence": "2",\
"isRequired": "true",\
"isAnswerEditable": "true",\
"text": "What do you do for work?",\
"localizations": [\
{\
"languageCode": "fr-CA",\
"text": "Que fais-tu comme travail?"\
}\
],\
"isSingleLineQuestion": "false",\
"regexPattern": "[a-zA-Z]+[a-zA-Z\\s]*"\
}\
],\
"accessPackage": {\
"id": "977c7ff4-ef8f-4910-9d31-49048ddf3120"\
}\
}\
'
Para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider, consulte la documentación del SDK.
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
//other-imports
)
graphClient := msgraphsdk.NewGraphServiceClientWithCredentials(cred, scopes)
requestBody := graphmodels.NewAccessPackageAssignmentPolicy()
displayName := "A Policy With Questions"
requestBody.SetDisplayName(&displayName)
description := ""
requestBody.SetDescription(&description)
allowedTargetScope := graphmodels.ALLMEMBERUSERS_ALLOWEDTARGETSCOPE
requestBody.SetAllowedTargetScope(&allowedTargetScope)
expiration := graphmodels.NewExpirationPattern()
type := graphmodels.NOEXPIRATION_EXPIRATIONPATTERNTYPE
expiration.SetType(&type)
requestBody.SetExpiration(expiration)
requestorSettings := graphmodels.NewAccessPackageAssignmentRequestorSettings()
enableTargetsToSelfAddAccess := true
requestorSettings.SetEnableTargetsToSelfAddAccess(&enableTargetsToSelfAddAccess)
enableTargetsToSelfUpdateAccess := true
requestorSettings.SetEnableTargetsToSelfUpdateAccess(&enableTargetsToSelfUpdateAccess)
enableTargetsToSelfRemoveAccess := true
requestorSettings.SetEnableTargetsToSelfRemoveAccess(&enableTargetsToSelfRemoveAccess)
requestBody.SetRequestorSettings(requestorSettings)
requestApprovalSettings := graphmodels.NewAccessPackageAssignmentApprovalSettings()
isApprovalRequiredForAdd := true
requestApprovalSettings.SetIsApprovalRequiredForAdd(&isApprovalRequiredForAdd)
isApprovalRequiredForUpdate := true
requestApprovalSettings.SetIsApprovalRequiredForUpdate(&isApprovalRequiredForUpdate)
accessPackageApprovalStage := graphmodels.NewAccessPackageApprovalStage()
durationBeforeAutomaticDenial , err := abstractions.ParseISODuration("P7D")
accessPackageApprovalStage.SetDurationBeforeAutomaticDenial(&durationBeforeAutomaticDenial)
isApproverJustificationRequired := false
accessPackageApprovalStage.SetIsApproverJustificationRequired(&isApproverJustificationRequired)
isEscalationEnabled := false
accessPackageApprovalStage.SetIsEscalationEnabled(&isEscalationEnabled)
fallbackPrimaryApprovers := []graphmodels.SubjectSetable {
}
accessPackageApprovalStage.SetFallbackPrimaryApprovers(fallbackPrimaryApprovers)
escalationApprovers := []graphmodels.SubjectSetable {
}
accessPackageApprovalStage.SetEscalationApprovers(escalationApprovers)
fallbackEscalationApprovers := []graphmodels.SubjectSetable {
}
accessPackageApprovalStage.SetFallbackEscalationApprovers(fallbackEscalationApprovers)
subjectSet := graphmodels.NewSingleUser()
userId := "08a551cb-575a-4343-b914-f6e42798bd20"
subjectSet.SetUserId(&userId)
primaryApprovers := []graphmodels.SubjectSetable {
subjectSet,
}
accessPackageApprovalStage.SetPrimaryApprovers(primaryApprovers)
stages := []graphmodels.AccessPackageApprovalStageable {
accessPackageApprovalStage,
}
requestApprovalSettings.SetStages(stages)
requestBody.SetRequestApprovalSettings(requestApprovalSettings)
accessPackageQuestion := graphmodels.NewAccessPackageMultipleChoiceQuestion()
sequence := int32(1)
accessPackageQuestion.SetSequence(&sequence)
isRequired := true
accessPackageQuestion.SetIsRequired(&isRequired)
isAnswerEditable := true
accessPackageQuestion.SetIsAnswerEditable(&isAnswerEditable)
text := "What country are you working from?"
accessPackageQuestion.SetText(&text)
isMultipleSelectionAllowed := false
accessPackageQuestion.SetIsMultipleSelectionAllowed(&isMultipleSelectionAllowed)
accessPackageAnswerChoice := graphmodels.NewAccessPackageAnswerChoice()
actualValue := "KE"
accessPackageAnswerChoice.SetActualValue(&actualValue)
text := "Kenya"
accessPackageAnswerChoice.SetText(&text)
accessPackageAnswerChoice1 := graphmodels.NewAccessPackageAnswerChoice()
actualValue := "US"
accessPackageAnswerChoice1.SetActualValue(&actualValue)
text := "United States"
accessPackageAnswerChoice1.SetText(&text)
accessPackageAnswerChoice2 := graphmodels.NewAccessPackageAnswerChoice()
actualValue := "GY"
accessPackageAnswerChoice2.SetActualValue(&actualValue)
text := "Guyana"
accessPackageAnswerChoice2.SetText(&text)
accessPackageAnswerChoice3 := graphmodels.NewAccessPackageAnswerChoice()
actualValue := "BD"
accessPackageAnswerChoice3.SetActualValue(&actualValue)
text := "Bangladesh"
accessPackageAnswerChoice3.SetText(&text)
accessPackageAnswerChoice4 := graphmodels.NewAccessPackageAnswerChoice()
actualValue := "JP"
accessPackageAnswerChoice4.SetActualValue(&actualValue)
text := "Japan"
accessPackageAnswerChoice4.SetText(&text)
choices := []graphmodels.AccessPackageAnswerChoiceable {
accessPackageAnswerChoice,
accessPackageAnswerChoice1,
accessPackageAnswerChoice2,
accessPackageAnswerChoice3,
accessPackageAnswerChoice4,
}
accessPackageQuestion.SetChoices(choices)
accessPackageQuestion1 := graphmodels.NewAccessPackageTextInputQuestion()
sequence := int32(2)
accessPackageQuestion1.SetSequence(&sequence)
isRequired := true
accessPackageQuestion1.SetIsRequired(&isRequired)
isAnswerEditable := true
accessPackageQuestion1.SetIsAnswerEditable(&isAnswerEditable)
text := "What do you do for work?"
accessPackageQuestion1.SetText(&text)
accessPackageLocalizedText := graphmodels.NewAccessPackageLocalizedText()
languageCode := "fr-CA"
accessPackageLocalizedText.SetLanguageCode(&languageCode)
text := "Que fais-tu comme travail?"
accessPackageLocalizedText.SetText(&text)
localizations := []graphmodels.AccessPackageLocalizedTextable {
accessPackageLocalizedText,
}
accessPackageQuestion1.SetLocalizations(localizations)
isSingleLineQuestion := false
accessPackageQuestion1.SetIsSingleLineQuestion(&isSingleLineQuestion)
regexPattern := "[a-zA-Z]+[a-zA-Z\s]*"
accessPackageQuestion1.SetRegexPattern(®exPattern)
questions := []graphmodels.AccessPackageQuestionable {
accessPackageQuestion,
accessPackageQuestion1,
}
requestBody.SetQuestions(questions)
accessPackage := graphmodels.NewAccessPackage()
id := "977c7ff4-ef8f-4910-9d31-49048ddf3120"
accessPackage.SetId(&id)
requestBody.SetAccessPackage(accessPackage)
assignmentPolicies, err := graphClient.IdentityGovernance().EntitlementManagement().AssignmentPolicies().Post(context.Background(), requestBody, nil)
Para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider, consulte la documentación del SDK.
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
AccessPackageAssignmentPolicy accessPackageAssignmentPolicy = new AccessPackageAssignmentPolicy();
accessPackageAssignmentPolicy.setDisplayName("A Policy With Questions");
accessPackageAssignmentPolicy.setDescription("");
accessPackageAssignmentPolicy.setAllowedTargetScope(AllowedTargetScope.AllMemberUsers);
ExpirationPattern expiration = new ExpirationPattern();
expiration.setType(ExpirationPatternType.NoExpiration);
accessPackageAssignmentPolicy.setExpiration(expiration);
AccessPackageAssignmentRequestorSettings requestorSettings = new AccessPackageAssignmentRequestorSettings();
requestorSettings.setEnableTargetsToSelfAddAccess(true);
requestorSettings.setEnableTargetsToSelfUpdateAccess(true);
requestorSettings.setEnableTargetsToSelfRemoveAccess(true);
accessPackageAssignmentPolicy.setRequestorSettings(requestorSettings);
AccessPackageAssignmentApprovalSettings requestApprovalSettings = new AccessPackageAssignmentApprovalSettings();
requestApprovalSettings.setIsApprovalRequiredForAdd(true);
requestApprovalSettings.setIsApprovalRequiredForUpdate(true);
LinkedList<AccessPackageApprovalStage> stages = new LinkedList<AccessPackageApprovalStage>();
AccessPackageApprovalStage accessPackageApprovalStage = new AccessPackageApprovalStage();
PeriodAndDuration durationBeforeAutomaticDenial = PeriodAndDuration.ofDuration(Duration.parse("P7D"));
accessPackageApprovalStage.setDurationBeforeAutomaticDenial(durationBeforeAutomaticDenial);
accessPackageApprovalStage.setIsApproverJustificationRequired(false);
accessPackageApprovalStage.setIsEscalationEnabled(false);
LinkedList<SubjectSet> fallbackPrimaryApprovers = new LinkedList<SubjectSet>();
accessPackageApprovalStage.setFallbackPrimaryApprovers(fallbackPrimaryApprovers);
LinkedList<SubjectSet> escalationApprovers = new LinkedList<SubjectSet>();
accessPackageApprovalStage.setEscalationApprovers(escalationApprovers);
LinkedList<SubjectSet> fallbackEscalationApprovers = new LinkedList<SubjectSet>();
accessPackageApprovalStage.setFallbackEscalationApprovers(fallbackEscalationApprovers);
LinkedList<SubjectSet> primaryApprovers = new LinkedList<SubjectSet>();
SingleUser subjectSet = new SingleUser();
subjectSet.setOdataType("#microsoft.graph.singleUser");
subjectSet.setUserId("08a551cb-575a-4343-b914-f6e42798bd20");
primaryApprovers.add(subjectSet);
accessPackageApprovalStage.setPrimaryApprovers(primaryApprovers);
stages.add(accessPackageApprovalStage);
requestApprovalSettings.setStages(stages);
accessPackageAssignmentPolicy.setRequestApprovalSettings(requestApprovalSettings);
LinkedList<AccessPackageQuestion> questions = new LinkedList<AccessPackageQuestion>();
AccessPackageMultipleChoiceQuestion accessPackageQuestion = new AccessPackageMultipleChoiceQuestion();
accessPackageQuestion.setOdataType("#microsoft.graph.accessPackageMultipleChoiceQuestion");
accessPackageQuestion.setSequence(1);
accessPackageQuestion.setIsRequired(true);
accessPackageQuestion.setIsAnswerEditable(true);
accessPackageQuestion.setText("What country are you working from?");
accessPackageQuestion.setIsMultipleSelectionAllowed(false);
LinkedList<AccessPackageAnswerChoice> choices = new LinkedList<AccessPackageAnswerChoice>();
AccessPackageAnswerChoice accessPackageAnswerChoice = new AccessPackageAnswerChoice();
accessPackageAnswerChoice.setOdataType("microsoft.graph.accessPackageAnswerChoice");
accessPackageAnswerChoice.setActualValue("KE");
accessPackageAnswerChoice.setText("Kenya");
choices.add(accessPackageAnswerChoice);
AccessPackageAnswerChoice accessPackageAnswerChoice1 = new AccessPackageAnswerChoice();
accessPackageAnswerChoice1.setOdataType("microsoft.graph.accessPackageAnswerChoice");
accessPackageAnswerChoice1.setActualValue("US");
accessPackageAnswerChoice1.setText("United States");
choices.add(accessPackageAnswerChoice1);
AccessPackageAnswerChoice accessPackageAnswerChoice2 = new AccessPackageAnswerChoice();
accessPackageAnswerChoice2.setOdataType("microsoft.graph.accessPackageAnswerChoice");
accessPackageAnswerChoice2.setActualValue("GY");
accessPackageAnswerChoice2.setText("Guyana");
choices.add(accessPackageAnswerChoice2);
AccessPackageAnswerChoice accessPackageAnswerChoice3 = new AccessPackageAnswerChoice();
accessPackageAnswerChoice3.setOdataType("microsoft.graph.accessPackageAnswerChoice");
accessPackageAnswerChoice3.setActualValue("BD");
accessPackageAnswerChoice3.setText("Bangladesh");
choices.add(accessPackageAnswerChoice3);
AccessPackageAnswerChoice accessPackageAnswerChoice4 = new AccessPackageAnswerChoice();
accessPackageAnswerChoice4.setOdataType("microsoft.graph.accessPackageAnswerChoice");
accessPackageAnswerChoice4.setActualValue("JP");
accessPackageAnswerChoice4.setText("Japan");
choices.add(accessPackageAnswerChoice4);
accessPackageQuestion.setChoices(choices);
questions.add(accessPackageQuestion);
AccessPackageTextInputQuestion accessPackageQuestion1 = new AccessPackageTextInputQuestion();
accessPackageQuestion1.setOdataType("#microsoft.graph.accessPackageTextInputQuestion");
accessPackageQuestion1.setSequence(2);
accessPackageQuestion1.setIsRequired(true);
accessPackageQuestion1.setIsAnswerEditable(true);
accessPackageQuestion1.setText("What do you do for work?");
LinkedList<AccessPackageLocalizedText> localizations = new LinkedList<AccessPackageLocalizedText>();
AccessPackageLocalizedText accessPackageLocalizedText = new AccessPackageLocalizedText();
accessPackageLocalizedText.setLanguageCode("fr-CA");
accessPackageLocalizedText.setText("Que fais-tu comme travail?");
localizations.add(accessPackageLocalizedText);
accessPackageQuestion1.setLocalizations(localizations);
accessPackageQuestion1.setIsSingleLineQuestion(false);
accessPackageQuestion1.setRegexPattern("[a-zA-Z]+[a-zA-Z\s]*");
questions.add(accessPackageQuestion1);
accessPackageAssignmentPolicy.setQuestions(questions);
AccessPackage accessPackage = new AccessPackage();
accessPackage.setId("977c7ff4-ef8f-4910-9d31-49048ddf3120");
accessPackageAssignmentPolicy.setAccessPackage(accessPackage);
AccessPackageAssignmentPolicy result = graphClient.identityGovernance().entitlementManagement().assignmentPolicies().post(accessPackageAssignmentPolicy);
Para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider, consulte la documentación del SDK.
const options = {
authProvider,
};
const client = Client.init(options);
const accessPackageAssignmentPolicy = {
displayName: 'A Policy With Questions',
description: '',
allowedTargetScope: 'allMemberUsers',
expiration: {
type: 'noExpiration'
},
requestorSettings: {
enableTargetsToSelfAddAccess: 'true',
enableTargetsToSelfUpdateAccess: 'true',
enableTargetsToSelfRemoveAccess: 'true'
},
requestApprovalSettings: {
isApprovalRequiredForAdd: 'true',
isApprovalRequiredForUpdate: 'true',
stages: [
{
durationBeforeAutomaticDenial: 'P7D',
isApproverJustificationRequired: 'false',
isEscalationEnabled: 'false',
fallbackPrimaryApprovers: [],
escalationApprovers: [],
fallbackEscalationApprovers: [],
primaryApprovers: [
{
'@odata.type': '#microsoft.graph.singleUser',
userId: '08a551cb-575a-4343-b914-f6e42798bd20'
}
]
}
]
},
questions: [
{
'@odata.type': '#microsoft.graph.accessPackageMultipleChoiceQuestion',
sequence: '1',
isRequired: 'true',
isAnswerEditable: 'true',
text: 'What country are you working from?',
isMultipleSelectionAllowed: 'false',
choices: [
{
'@odata.type': 'microsoft.graph.accessPackageAnswerChoice',
actualValue: 'KE',
text: 'Kenya'
},
{
'@odata.type': 'microsoft.graph.accessPackageAnswerChoice',
actualValue: 'US',
text: 'United States'
},
{
'@odata.type': 'microsoft.graph.accessPackageAnswerChoice',
actualValue: 'GY',
text: 'Guyana'
},
{
'@odata.type': 'microsoft.graph.accessPackageAnswerChoice',
actualValue: 'BD',
text: 'Bangladesh'
},
{
'@odata.type': 'microsoft.graph.accessPackageAnswerChoice',
actualValue: 'JP',
text: 'Japan'
}
]
},
{
'@odata.type': '#microsoft.graph.accessPackageTextInputQuestion',
sequence: '2',
isRequired: 'true',
isAnswerEditable: 'true',
text: 'What do you do for work?',
localizations: [
{
languageCode: 'fr-CA',
text: 'Que fais-tu comme travail?'
}
],
isSingleLineQuestion: 'false',
regexPattern: '[a-zA-Z]+[a-zA-Z\\s]*'
}
],
accessPackage: {
id: '977c7ff4-ef8f-4910-9d31-49048ddf3120'
}
};
await client.api('/identityGovernance/entitlementManagement/assignmentPolicies')
.post(accessPackageAssignmentPolicy);
Para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider, consulte la documentación del SDK.
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\AccessPackageAssignmentPolicy;
use Microsoft\Graph\Generated\Models\ExpirationPattern;
use Microsoft\Graph\Generated\Models\AccessPackageAssignmentRequestorSettings;
use Microsoft\Graph\Generated\Models\AccessPackageAssignmentApprovalSettings;
use Microsoft\Graph\Generated\Models\AccessPackageApprovalStage;
use Microsoft\Graph\Generated\Models\SubjectSet;
use Microsoft\Graph\Generated\Models\SingleUser;
use Microsoft\Graph\Generated\Models\AccessPackageQuestion;
use Microsoft\Graph\Generated\Models\AccessPackageMultipleChoiceQuestion;
use Microsoft\Graph\Generated\Models\AccessPackageAnswerChoice;
use Microsoft\Graph\Generated\Models\AccessPackageTextInputQuestion;
use Microsoft\Graph\Generated\Models\AccessPackageLocalizedText;
use Microsoft\Graph\Generated\Models\AccessPackage;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new AccessPackageAssignmentPolicy();
$requestBody->setDisplayName('A Policy With Questions');
$requestBody->setDescription('');
$requestBody->setAllowedTargetScope(new AllowedTargetScope('allMemberUsers'));
$expiration = new ExpirationPattern();
$expiration->setType(new ExpirationPatternType('noExpiration'));
$requestBody->setExpiration($expiration);
$requestorSettings = new AccessPackageAssignmentRequestorSettings();
$requestorSettings->setEnableTargetsToSelfAddAccess(true);
$requestorSettings->setEnableTargetsToSelfUpdateAccess(true);
$requestorSettings->setEnableTargetsToSelfRemoveAccess(true);
$requestBody->setRequestorSettings($requestorSettings);
$requestApprovalSettings = new AccessPackageAssignmentApprovalSettings();
$requestApprovalSettings->setIsApprovalRequiredForAdd(true);
$requestApprovalSettings->setIsApprovalRequiredForUpdate(true);
$stagesAccessPackageApprovalStage1 = new AccessPackageApprovalStage();
$stagesAccessPackageApprovalStage1->setDurationBeforeAutomaticDenial(new \DateInterval('P7D'));
$stagesAccessPackageApprovalStage1->setIsApproverJustificationRequired(false);
$stagesAccessPackageApprovalStage1->setIsEscalationEnabled(false);
$stagesAccessPackageApprovalStage1->setFallbackPrimaryApprovers([ ]);
$stagesAccessPackageApprovalStage1->setEscalationApprovers([ ]);
$stagesAccessPackageApprovalStage1->setFallbackEscalationApprovers([ ]);
$primaryApproversSubjectSet1 = new SingleUser();
$primaryApproversSubjectSet1->setOdataType('#microsoft.graph.singleUser');
$primaryApproversSubjectSet1->setUserId('08a551cb-575a-4343-b914-f6e42798bd20');
$primaryApproversArray []= $primaryApproversSubjectSet1;
$stagesAccessPackageApprovalStage1->setPrimaryApprovers($primaryApproversArray);
$stagesArray []= $stagesAccessPackageApprovalStage1;
$requestApprovalSettings->setStages($stagesArray);
$requestBody->setRequestApprovalSettings($requestApprovalSettings);
$questionsAccessPackageQuestion1 = new AccessPackageMultipleChoiceQuestion();
$questionsAccessPackageQuestion1->setOdataType('#microsoft.graph.accessPackageMultipleChoiceQuestion');
$questionsAccessPackageQuestion1->setSequence(1);
$questionsAccessPackageQuestion1->setIsRequired(true);
$questionsAccessPackageQuestion1->setIsAnswerEditable(true);
$questionsAccessPackageQuestion1->setText('What country are you working from?');
$questionsAccessPackageQuestion1->setIsMultipleSelectionAllowed(false);
$choicesAccessPackageAnswerChoice1 = new AccessPackageAnswerChoice();
$choicesAccessPackageAnswerChoice1->setOdataType('microsoft.graph.accessPackageAnswerChoice');
$choicesAccessPackageAnswerChoice1->setActualValue('KE');
$choicesAccessPackageAnswerChoice1->setText('Kenya');
$choicesArray []= $choicesAccessPackageAnswerChoice1;
$choicesAccessPackageAnswerChoice2 = new AccessPackageAnswerChoice();
$choicesAccessPackageAnswerChoice2->setOdataType('microsoft.graph.accessPackageAnswerChoice');
$choicesAccessPackageAnswerChoice2->setActualValue('US');
$choicesAccessPackageAnswerChoice2->setText('United States');
$choicesArray []= $choicesAccessPackageAnswerChoice2;
$choicesAccessPackageAnswerChoice3 = new AccessPackageAnswerChoice();
$choicesAccessPackageAnswerChoice3->setOdataType('microsoft.graph.accessPackageAnswerChoice');
$choicesAccessPackageAnswerChoice3->setActualValue('GY');
$choicesAccessPackageAnswerChoice3->setText('Guyana');
$choicesArray []= $choicesAccessPackageAnswerChoice3;
$choicesAccessPackageAnswerChoice4 = new AccessPackageAnswerChoice();
$choicesAccessPackageAnswerChoice4->setOdataType('microsoft.graph.accessPackageAnswerChoice');
$choicesAccessPackageAnswerChoice4->setActualValue('BD');
$choicesAccessPackageAnswerChoice4->setText('Bangladesh');
$choicesArray []= $choicesAccessPackageAnswerChoice4;
$choicesAccessPackageAnswerChoice5 = new AccessPackageAnswerChoice();
$choicesAccessPackageAnswerChoice5->setOdataType('microsoft.graph.accessPackageAnswerChoice');
$choicesAccessPackageAnswerChoice5->setActualValue('JP');
$choicesAccessPackageAnswerChoice5->setText('Japan');
$choicesArray []= $choicesAccessPackageAnswerChoice5;
$questionsAccessPackageQuestion1->setChoices($choicesArray);
$questionsArray []= $questionsAccessPackageQuestion1;
$questionsAccessPackageQuestion2 = new AccessPackageTextInputQuestion();
$questionsAccessPackageQuestion2->setOdataType('#microsoft.graph.accessPackageTextInputQuestion');
$questionsAccessPackageQuestion2->setSequence(2);
$questionsAccessPackageQuestion2->setIsRequired(true);
$questionsAccessPackageQuestion2->setIsAnswerEditable(true);
$questionsAccessPackageQuestion2->setText('What do you do for work?');
$localizationsAccessPackageLocalizedText1 = new AccessPackageLocalizedText();
$localizationsAccessPackageLocalizedText1->setLanguageCode('fr-CA');
$localizationsAccessPackageLocalizedText1->setText('Que fais-tu comme travail?');
$localizationsArray []= $localizationsAccessPackageLocalizedText1;
$questionsAccessPackageQuestion2->setLocalizations($localizationsArray);
$questionsAccessPackageQuestion2->setIsSingleLineQuestion(false);
$questionsAccessPackageQuestion2->setRegexPattern('[a-zA-Z]+[a-zA-Z\s]*');
$questionsArray []= $questionsAccessPackageQuestion2;
$requestBody->setQuestions($questionsArray);
$accessPackage = new AccessPackage();
$accessPackage->setId('977c7ff4-ef8f-4910-9d31-49048ddf3120');
$requestBody->setAccessPackage($accessPackage);
$result = $graphServiceClient->identityGovernance()->entitlementManagement()->assignmentPolicies()->post($requestBody)->wait();
Para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider, consulte la documentación del SDK.
Import-Module Microsoft.Graph.Identity.Governance
$params = @{
displayName = "A Policy With Questions"
description = ""
allowedTargetScope = "allMemberUsers"
expiration = @{
type = "noExpiration"
}
requestorSettings = @{
enableTargetsToSelfAddAccess = "true"
enableTargetsToSelfUpdateAccess = "true"
enableTargetsToSelfRemoveAccess = "true"
}
requestApprovalSettings = @{
isApprovalRequiredForAdd = "true"
isApprovalRequiredForUpdate = "true"
stages = @(
@{
durationBeforeAutomaticDenial = "P7D"
isApproverJustificationRequired = "false"
isEscalationEnabled = "false"
fallbackPrimaryApprovers = @(
)
escalationApprovers = @(
)
fallbackEscalationApprovers = @(
)
primaryApprovers = @(
@{
"@odata.type" = "#microsoft.graph.singleUser"
userId = "08a551cb-575a-4343-b914-f6e42798bd20"
}
)
}
)
}
questions = @(
@{
"@odata.type" = "#microsoft.graph.accessPackageMultipleChoiceQuestion"
sequence = "1"
isRequired = "true"
isAnswerEditable = "true"
text = "What country are you working from?"
isMultipleSelectionAllowed = "false"
choices = @(
@{
"@odata.type" = "microsoft.graph.accessPackageAnswerChoice"
actualValue = "KE"
text = "Kenya"
}
@{
"@odata.type" = "microsoft.graph.accessPackageAnswerChoice"
actualValue = "US"
text = "United States"
}
@{
"@odata.type" = "microsoft.graph.accessPackageAnswerChoice"
actualValue = "GY"
text = "Guyana"
}
@{
"@odata.type" = "microsoft.graph.accessPackageAnswerChoice"
actualValue = "BD"
text = "Bangladesh"
}
@{
"@odata.type" = "microsoft.graph.accessPackageAnswerChoice"
actualValue = "JP"
text = "Japan"
}
)
}
@{
"@odata.type" = "#microsoft.graph.accessPackageTextInputQuestion"
sequence = "2"
isRequired = "true"
isAnswerEditable = "true"
text = "What do you do for work?"
localizations = @(
@{
languageCode = "fr-CA"
text = "Que fais-tu comme travail?"
}
)
isSingleLineQuestion = "false"
regexPattern = "[a-zA-Z]+[a-zA-Z\s]*"
}
)
accessPackage = @{
id = "977c7ff4-ef8f-4910-9d31-49048ddf3120"
}
}
New-MgEntitlementManagementAssignmentPolicy -BodyParameter $params
Para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider, consulte la documentación del SDK.
from msgraph import GraphServiceClient
from msgraph.generated.models.access_package_assignment_policy import AccessPackageAssignmentPolicy
from msgraph.generated.models.expiration_pattern import ExpirationPattern
from msgraph.generated.models.access_package_assignment_requestor_settings import AccessPackageAssignmentRequestorSettings
from msgraph.generated.models.access_package_assignment_approval_settings import AccessPackageAssignmentApprovalSettings
from msgraph.generated.models.access_package_approval_stage import AccessPackageApprovalStage
from msgraph.generated.models.subject_set import SubjectSet
from msgraph.generated.models.single_user import SingleUser
from msgraph.generated.models.access_package_question import AccessPackageQuestion
from msgraph.generated.models.access_package_multiple_choice_question import AccessPackageMultipleChoiceQuestion
from msgraph.generated.models.access_package_answer_choice import AccessPackageAnswerChoice
from msgraph.generated.models.access_package_text_input_question import AccessPackageTextInputQuestion
from msgraph.generated.models.access_package_localized_text import AccessPackageLocalizedText
from msgraph.generated.models.access_package import AccessPackage
graph_client = GraphServiceClient(credentials, scopes)
request_body = AccessPackageAssignmentPolicy(
display_name = "A Policy With Questions",
description = "",
allowed_target_scope = AllowedTargetScope.AllMemberUsers,
expiration = ExpirationPattern(
type = ExpirationPatternType.NoExpiration,
),
requestor_settings = AccessPackageAssignmentRequestorSettings(
enable_targets_to_self_add_access = True,
enable_targets_to_self_update_access = True,
enable_targets_to_self_remove_access = True,
),
request_approval_settings = AccessPackageAssignmentApprovalSettings(
is_approval_required_for_add = True,
is_approval_required_for_update = True,
stages = [
AccessPackageApprovalStage(
duration_before_automatic_denial = "P7D",
is_approver_justification_required = False,
is_escalation_enabled = False,
fallback_primary_approvers = [
],
escalation_approvers = [
],
fallback_escalation_approvers = [
],
primary_approvers = [
SingleUser(
odata_type = "#microsoft.graph.singleUser",
user_id = "08a551cb-575a-4343-b914-f6e42798bd20",
),
],
),
],
),
questions = [
AccessPackageMultipleChoiceQuestion(
odata_type = "#microsoft.graph.accessPackageMultipleChoiceQuestion",
sequence = 1,
is_required = True,
is_answer_editable = True,
text = "What country are you working from?",
is_multiple_selection_allowed = False,
choices = [
AccessPackageAnswerChoice(
odata_type = "microsoft.graph.accessPackageAnswerChoice",
actual_value = "KE",
text = "Kenya",
),
AccessPackageAnswerChoice(
odata_type = "microsoft.graph.accessPackageAnswerChoice",
actual_value = "US",
text = "United States",
),
AccessPackageAnswerChoice(
odata_type = "microsoft.graph.accessPackageAnswerChoice",
actual_value = "GY",
text = "Guyana",
),
AccessPackageAnswerChoice(
odata_type = "microsoft.graph.accessPackageAnswerChoice",
actual_value = "BD",
text = "Bangladesh",
),
AccessPackageAnswerChoice(
odata_type = "microsoft.graph.accessPackageAnswerChoice",
actual_value = "JP",
text = "Japan",
),
],
),
AccessPackageTextInputQuestion(
odata_type = "#microsoft.graph.accessPackageTextInputQuestion",
sequence = 2,
is_required = True,
is_answer_editable = True,
text = "What do you do for work?",
localizations = [
AccessPackageLocalizedText(
language_code = "fr-CA",
text = "Que fais-tu comme travail?",
),
],
is_single_line_question = False,
regex_pattern = "[a-zA-Z]+[a-zA-Z\s]*",
),
],
access_package = AccessPackage(
id = "977c7ff4-ef8f-4910-9d31-49048ddf3120",
),
)
result = await graph_client.identity_governance.entitlement_management.assignment_policies.post(request_body)
Para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider, consulte la documentación del SDK.
Respuesta
Nota: Se puede acortar el objeto de respuesta que se muestra aquí para mejorar la legibilidad.
HTTP/1.1 201 Created
Content-Type: application/json
{
"id": "24e5711e-92f0-41e2-912d-9f4e005f36cc",
"displayName": "A Policy With Questions",
"allowedTargetScope": "allMemberUsers",
"createdDateTime": "2022-09-30T20:32:07.1949218Z",
"modifiedDateTime": "2022-09-30T20:32:07.4173893Z",
}
Comentarios
¿Le ha resultado útil esta página?
Comentarios
Próximamente: A lo largo de 2024 iremos eliminando gradualmente GitHub Issues como mecanismo de comentarios sobre el contenido y lo sustituiremos por un nuevo sistema de comentarios. Para más información, vea: https://aka.ms/ContentUserFeedback.
Enviar y ver comentarios de