定義の作成
-
[アーティクル]
-
-
名前空間: microsoft.graph
新しい accessReviewScheduleDefinition オブジェクトを作成 します。
アクセス許可
この API を呼び出すには、次のいずれかのアクセス許可が必要です。アクセス許可の選択方法などの詳細については、「アクセス許可」を参照してください。
| アクセス許可の種類 |
アクセス許可 (特権の小さいものから大きいものへ) |
| 委任 (職場または学校のアカウント) |
AccessReview.ReadWrite.All |
| 委任 (個人用 Microsoft アカウント) |
サポートされていません。 |
| アプリケーション |
AccessReview.ReadWrite.All |
サインインしているユーザーは、アクセス レビューを作成できるディレクトリ ロールに存在する必要があります。 詳細については、「アクセス レビューの役割とアクセス許可の要件 」を参照してください。
HTTP 要求
POST /identityGovernance/accessReviews/definitions
| 名前 |
説明 |
| Authorization |
ベアラー {token}。必須。 |
| Content-type |
application/json. Required. |
要求本文
要求本文で、 accessReviewScheduleDefinition オブジェクトの JSON 表記を指定 します。
次の表に、accessReview の作成に使用できるプロパティを示します。
応答
成功した場合、このメソッドは 201 Created 応答コードと、応答本文の accessReviewScheduleDefinition オブジェクトを返します。
例
例 1: グループにアクセス レビューを作成する
次の設定でアクセス レビューを作成する例を次に示します。
- このレビューでは、グループ ID が . であるグループのすべてのメンバー がレビュー されます
02f3bafb-448c-487c-88c2-5fd65ce49a41。
- ユーザー ID がレビュー者 である 特定
398164b1-5196-49dd-ada2-364b49f99b27 のユーザー。
- 毎週再帰し、無期限に継続します。
要求
要求本文で、 accessReviewScheduleDefinition オブジェクトの JSON 表記を指定 します。
POST https://graph.microsoft.com/v1.0/identityGovernance/accessReviews/definitions
Content-type: application/json
{
"displayName": "Test create",
"descriptionForAdmins": "New scheduled access review",
"descriptionForReviewers": "If you have any questions, contact jerry@contoso.com",
"scope": {
"@odata.type": "#microsoft.graph.accessReviewQueryScope",
"query": "/groups/02f3bafb-448c-487c-88c2-5fd65ce49a41/transitiveMembers",
"queryType": "MicrosoftGraph"
},
"reviewers": [
{
"query": "/users/398164b1-5196-49dd-ada2-364b49f99b27",
"queryType": "MicrosoftGraph"
}
],
"settings": {
"mailNotificationsEnabled": true,
"reminderNotificationsEnabled": true,
"justificationRequiredOnApproval": true,
"defaultDecisionEnabled": false,
"defaultDecision": "None",
"instanceDurationInDays": 1,
"recommendationsEnabled": true,
"recurrence": {
"pattern": {
"type": "weekly",
"interval": 1
},
"range": {
"type": "noEnd",
"startDate": "2020-09-08T12:02:30.667Z"
}
}
}
}
GraphServiceClient graphClient = new GraphServiceClient( authProvider );
var accessReviewScheduleDefinition = new AccessReviewScheduleDefinition
{
DisplayName = "Test create",
DescriptionForAdmins = "New scheduled access review",
DescriptionForReviewers = "If you have any questions, contact jerry@contoso.com",
Scope = new AccessReviewQueryScope
{
Query = "/groups/02f3bafb-448c-487c-88c2-5fd65ce49a41/transitiveMembers",
QueryType = "MicrosoftGraph"
},
Reviewers = new List<AccessReviewReviewerScope>()
{
new AccessReviewReviewerScope
{
Query = "/users/398164b1-5196-49dd-ada2-364b49f99b27",
QueryType = "MicrosoftGraph"
}
},
Settings = new AccessReviewScheduleSettings
{
MailNotificationsEnabled = true,
ReminderNotificationsEnabled = true,
JustificationRequiredOnApproval = true,
DefaultDecisionEnabled = false,
DefaultDecision = "None",
InstanceDurationInDays = 1,
RecommendationsEnabled = true,
Recurrence = new PatternedRecurrence
{
Pattern = new RecurrencePattern
{
Type = RecurrencePatternType.Weekly,
Interval = 1
},
Range = new RecurrenceRange
{
Type = RecurrenceRangeType.NoEnd,
StartDate = new Date(2020,9,8)
}
}
}
};
await graphClient.IdentityGovernance.AccessReviews.Definitions
.Request()
.AddAsync(accessReviewScheduleDefinition);
SDK をプロジェクトに追加し、authProvider インスタンスを作成する方法の詳細については、SDK のドキュメントを参照してください。
const options = {
authProvider,
};
const client = Client.init(options);
const accessReviewScheduleDefinition = {
displayName: 'Test create',
descriptionForAdmins: 'New scheduled access review',
descriptionForReviewers: 'If you have any questions, contact jerry@contoso.com',
scope: {
'@odata.type': '#microsoft.graph.accessReviewQueryScope',
query: '/groups/02f3bafb-448c-487c-88c2-5fd65ce49a41/transitiveMembers',
queryType: 'MicrosoftGraph'
},
reviewers: [
{
query: '/users/398164b1-5196-49dd-ada2-364b49f99b27',
queryType: 'MicrosoftGraph'
}
],
settings: {
mailNotificationsEnabled: true,
reminderNotificationsEnabled: true,
justificationRequiredOnApproval: true,
defaultDecisionEnabled: false,
defaultDecision: 'None',
instanceDurationInDays: 1,
recommendationsEnabled: true,
recurrence: {
pattern: {
type: 'weekly',
interval: 1
},
range: {
type: 'noEnd',
startDate: '2020-09-08T12:02:30.667Z'
}
}
}
};
await client.api('/identityGovernance/accessReviews/definitions')
.post(accessReviewScheduleDefinition);
SDK をプロジェクトに追加し、authProvider インスタンスを作成する方法の詳細については、SDK のドキュメントを参照してください。
MSHTTPClient *httpClient = [MSClientFactory createHTTPClientWithAuthenticationProvider:authenticationProvider];
NSString *MSGraphBaseURL = @"https://graph.microsoft.com/v1.0/";
NSMutableURLRequest *urlRequest = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:[MSGraphBaseURL stringByAppendingString:@"/identityGovernance/accessReviews/definitions"]]];
[urlRequest setHTTPMethod:@"POST"];
[urlRequest setValue:@"application/json" forHTTPHeaderField:@"Content-Type"];
MSGraphAccessReviewScheduleDefinition *accessReviewScheduleDefinition = [[MSGraphAccessReviewScheduleDefinition alloc] init];
[accessReviewScheduleDefinition setDisplayName:@"Test create"];
[accessReviewScheduleDefinition setDescriptionForAdmins:@"New scheduled access review"];
[accessReviewScheduleDefinition setDescriptionForReviewers:@"If you have any questions, contact jerry@contoso.com"];
MSGraphAccessReviewScope *scope = [[MSGraphAccessReviewScope alloc] init];
[scope setQuery:@"/groups/02f3bafb-448c-487c-88c2-5fd65ce49a41/transitiveMembers"];
[scope setQueryType:@"MicrosoftGraph"];
[accessReviewScheduleDefinition setScope:scope];
NSMutableArray *reviewersList = [[NSMutableArray alloc] init];
MSGraphAccessReviewReviewerScope *reviewers = [[MSGraphAccessReviewReviewerScope alloc] init];
[reviewers setQuery:@"/users/398164b1-5196-49dd-ada2-364b49f99b27"];
[reviewers setQueryType:@"MicrosoftGraph"];
[reviewersList addObject: reviewers];
[accessReviewScheduleDefinition setReviewers:reviewersList];
MSGraphAccessReviewScheduleSettings *settings = [[MSGraphAccessReviewScheduleSettings alloc] init];
[settings setMailNotificationsEnabled: true];
[settings setReminderNotificationsEnabled: true];
[settings setJustificationRequiredOnApproval: true];
[settings setDefaultDecisionEnabled: false];
[settings setDefaultDecision:@"None"];
[settings setInstanceDurationInDays: 1];
[settings setRecommendationsEnabled: true];
MSGraphPatternedRecurrence *recurrence = [[MSGraphPatternedRecurrence alloc] init];
MSGraphRecurrencePattern *pattern = [[MSGraphRecurrencePattern alloc] init];
[pattern setType: [MSGraphRecurrencePatternType weekly]];
[pattern setInterval: 1];
[recurrence setPattern:pattern];
MSGraphRecurrenceRange *range = [[MSGraphRecurrenceRange alloc] init];
[range setType: [MSGraphRecurrenceRangeType noEnd]];
[range setStartDate: "2020-09-08T12:02:30.667Z"];
[recurrence setRange:range];
[settings setRecurrence:recurrence];
[accessReviewScheduleDefinition setSettings:settings];
NSError *error;
NSData *accessReviewScheduleDefinitionData = [accessReviewScheduleDefinition getSerializedDataWithError:&error];
[urlRequest setHTTPBody:accessReviewScheduleDefinitionData];
MSURLSessionDataTask *meDataTask = [httpClient dataTaskWithRequest:urlRequest
completionHandler: ^(NSData *data, NSURLResponse *response, NSError *nserror) {
//Request Completed
}];
[meDataTask execute];
SDK をプロジェクトに追加し、authProvider インスタンスを作成する方法の詳細については、SDK のドキュメントを参照してください。
GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();
AccessReviewScheduleDefinition accessReviewScheduleDefinition = new AccessReviewScheduleDefinition();
accessReviewScheduleDefinition.displayName = "Test create";
accessReviewScheduleDefinition.descriptionForAdmins = "New scheduled access review";
accessReviewScheduleDefinition.descriptionForReviewers = "If you have any questions, contact jerry@contoso.com";
AccessReviewQueryScope scope = new AccessReviewQueryScope();
scope.query = "/groups/02f3bafb-448c-487c-88c2-5fd65ce49a41/transitiveMembers";
scope.queryType = "MicrosoftGraph";
accessReviewScheduleDefinition.scope = scope;
LinkedList<AccessReviewReviewerScope> reviewersList = new LinkedList<AccessReviewReviewerScope>();
AccessReviewReviewerScope reviewers = new AccessReviewReviewerScope();
reviewers.query = "/users/398164b1-5196-49dd-ada2-364b49f99b27";
reviewers.queryType = "MicrosoftGraph";
reviewersList.add(reviewers);
accessReviewScheduleDefinition.reviewers = reviewersList;
AccessReviewScheduleSettings settings = new AccessReviewScheduleSettings();
settings.mailNotificationsEnabled = true;
settings.reminderNotificationsEnabled = true;
settings.justificationRequiredOnApproval = true;
settings.defaultDecisionEnabled = false;
settings.defaultDecision = "None";
settings.instanceDurationInDays = 1;
settings.recommendationsEnabled = true;
PatternedRecurrence recurrence = new PatternedRecurrence();
RecurrencePattern pattern = new RecurrencePattern();
pattern.type = RecurrencePatternType.WEEKLY;
pattern.interval = 1;
recurrence.pattern = pattern;
RecurrenceRange range = new RecurrenceRange();
range.type = RecurrenceRangeType.NO_END;
range.startDate = new DateOnly(1900,1,1);
recurrence.range = range;
settings.recurrence = recurrence;
accessReviewScheduleDefinition.settings = settings;
graphClient.identityGovernance().accessReviews().definitions()
.buildRequest()
.post(accessReviewScheduleDefinition);
SDK をプロジェクトに追加し、authProvider インスタンスを作成する方法の詳細については、SDK のドキュメントを参照してください。
//THE GO SDK IS IN PREVIEW. NON-PRODUCTION USE ONLY
graphClient := msgraphsdk.NewGraphServiceClient(requestAdapter)
requestBody := msgraphsdk.NewAccessReviewScheduleDefinition()
displayName := "Test create"
requestBody.SetDisplayName(&displayName)
descriptionForAdmins := "New scheduled access review"
requestBody.SetDescriptionForAdmins(&descriptionForAdmins)
descriptionForReviewers := "If you have any questions, contact jerry@contoso.com"
requestBody.SetDescriptionForReviewers(&descriptionForReviewers)
scope := msgraphsdk.NewAccessReviewScope()
requestBody.SetScope(scope)
scope.SetAdditionalData(map[string]interface{}{
"@odata.type": "#microsoft.graph.accessReviewQueryScope",
"query": "/groups/02f3bafb-448c-487c-88c2-5fd65ce49a41/transitiveMembers",
"queryType": "MicrosoftGraph",
}
requestBody.SetReviewers( []AccessReviewReviewerScope {
msgraphsdk.NewAccessReviewReviewerScope(),
SetAdditionalData(map[string]interface{}{
"query": "/users/398164b1-5196-49dd-ada2-364b49f99b27",
"queryType": "MicrosoftGraph",
}
}
settings := msgraphsdk.NewAccessReviewScheduleSettings()
requestBody.SetSettings(settings)
mailNotificationsEnabled := true
settings.SetMailNotificationsEnabled(&mailNotificationsEnabled)
reminderNotificationsEnabled := true
settings.SetReminderNotificationsEnabled(&reminderNotificationsEnabled)
justificationRequiredOnApproval := true
settings.SetJustificationRequiredOnApproval(&justificationRequiredOnApproval)
defaultDecisionEnabled := false
settings.SetDefaultDecisionEnabled(&defaultDecisionEnabled)
defaultDecision := "None"
settings.SetDefaultDecision(&defaultDecision)
instanceDurationInDays := int32(1)
settings.SetInstanceDurationInDays(&instanceDurationInDays)
recommendationsEnabled := true
settings.SetRecommendationsEnabled(&recommendationsEnabled)
recurrence := msgraphsdk.NewPatternedRecurrence()
settings.SetRecurrence(recurrence)
pattern := msgraphsdk.NewRecurrencePattern()
recurrence.SetPattern(pattern)
type := "weekly"
pattern.SetType(&type)
interval := int32(1)
pattern.SetInterval(&interval)
range := msgraphsdk.NewRecurrenceRange()
recurrence.SetRange(range)
type := "noEnd"
range.SetType(&type)
startDate := "2020-09-08T12:02:30.667Z"
range.SetStartDate(&startDate)
options := &msgraphsdk.DefinitionsRequestBuilderPostOptions{
Body: requestBody,
}
result, err := graphClient.IdentityGovernance().AccessReviews().Definitions().Post(options)
SDK をプロジェクトに追加し、authProvider インスタンスを作成する方法の詳細については、SDK のドキュメントを参照してください。
応答
注: ここに示す応答オブジェクトは、読みやすさのために短縮されている場合があります。
HTTP/1.1 201 Created
Content-type: application/json
{
"id": "29f2d16e-9ca6-4052-bbfe-802c48944448",
"displayName": "Test create",
"createdDateTime": "0001-01-01T00:00:00Z",
"lastModifiedDateTime": "0001-01-01T00:00:00Z",
"status": "NotStarted",
"descriptionForAdmins": "Test create",
"descriptionForReviewers": "Test create",
"instanceEnumerationScope": null,
"createdBy": {
"id": "957f1027-c0ee-460d-9269-b8444459e0fe",
"displayName": "MOD Administrator",
"userPrincipalName": "admin@contoso.com"
},
"scope": {
"@odata.type": "#microsoft.graph.accessReviewQueryScope",
"query": "/groups/b74444cb-038a-4802-8fc9-b9d1ed0cf11f/transitiveMembers",
"queryType": "MicrosoftGraph"
},
"reviewers": [
{
"query": "/users/7eae986b-d425-48b2-adf2-3c777f4444f3",
"queryType": "MicrosoftGraph",
"queryRoot": "decisions"
}
],
"settings": {
"mailNotificationsEnabled": true,
"reminderNotificationsEnabled": true,
"justificationRequiredOnApproval": true,
"defaultDecisionEnabled": false,
"defaultDecision": "None",
"instanceDurationInDays": 1,
"autoApplyDecisionsEnabled": false,
"recommendationsEnabled": true,
"recurrence": {
"pattern": {
"type": "weekly",
"interval": 1,
"month": 0,
"dayOfMonth": 0,
"daysOfWeek": [],
"firstDayOfWeek": "sunday",
"index": "first"
},
"range": {
"type": "noEnd",
"numberOfOccurrences": 0,
"recurrenceTimeZone": null,
"startDate": "2020-09-08",
"endDate": null
}
},
"applyActions": []
},
"additionalNotificationRecipients": []
}
例 2: 非アクティブなゲスト ユーザーを持つすべてのチームにアクセス レビューを作成する
次の設定でアクセス レビューを作成する例を次に示します。
- このレビューでは、非アクティブなゲスト ユーザーを持つすべてのチームがレビューされます。 非アクティブの期間は、アクセス レビューの開始日から 30 日間です。
- グループの所有者はレビュー担当者であり、フォールバック レビュー担当者が割り当てられます。
- 四半期ごとに 3 日目に再帰し、無期限に継続します。
- autoApplyDecisionsEnabled は、
truedefaultDecision がに 設定されているに設定されていますDeny。
要求
要求本文で、 accessReviewScheduleDefinition オブジェクトの JSON 表記を指定 します。
POST https://graph.microsoft.com/v1.0/identityGovernance/accessReviews/definitions
Content-type: application/json
{
"displayName": "Review inactive guests on teams",
"descriptionForAdmins": "Control guest user access to our teams.",
"descriptionForReviewers": "Information security is everyone's responsibility. Review our access policy for more.",
"instanceEnumerationScope": {
"@odata.type": "#microsoft.graph.accessReviewQueryScope",
"query": "/groups?$filter=(groupTypes/any(c:c+eq+'Unified') and resourceProvisioningOptions/Any(x:x eq 'Team')')",
"queryType": "MicrosoftGraph"
},
"scope": {
"@odata.type": "#microsoft.graph.accessReviewInactiveUsersQueryScope",
"query": "./members/microsoft.graph.user/?$filter=(userType eq 'Guest')",
"queryType": "MicrosoftGraph",
"inactiveDuration": "P30D"
},
"reviewers": [
{
"query": "./owners",
"queryType": "MicrosoftGraph"
}
],
"fallbackReviewers": [
{
"query": "/users/fc9a2c2b-1ddc-486d-a211-5fe8ca77fa1f",
"queryType": "MicrosoftGraph"
}
],
"settings": {
"mailNotificationsEnabled": true,
"reminderNotificationsEnabled": true,
"justificationRequiredOnApproval": true,
"recommendationsEnabled": true,
"instanceDurationInDays": 3,
"recurrence": {
"pattern": {
"type": "absoluteMonthly",
"dayOfMonth": 5,
"interval": 3
},
"range": {
"type": "noEnd",
"startDate": "2020-05-04T00:00:00.000Z"
}
},
"defaultDecisionEnabled": true,
"defaultDecision": "Deny",
"autoApplyDecisionsEnabled": true
}
}
GraphServiceClient graphClient = new GraphServiceClient( authProvider );
var accessReviewScheduleDefinition = new AccessReviewScheduleDefinition
{
DisplayName = "Review inactive guests on teams",
DescriptionForAdmins = "Control guest user access to our teams.",
DescriptionForReviewers = "Information security is everyone's responsibility. Review our access policy for more.",
InstanceEnumerationScope = new AccessReviewQueryScope
{
Query = "/groups?$filter=(groupTypes/any(c:c+eq+'Unified') and resourceProvisioningOptions/Any(x:x eq 'Team')')",
QueryType = "MicrosoftGraph"
},
Scope = new AccessReviewInactiveUsersQueryScope
{
Query = "./members/microsoft.graph.user/?$filter=(userType eq 'Guest')",
QueryType = "MicrosoftGraph",
InactiveDuration = new Duration("P30D")
},
Reviewers = new List<AccessReviewReviewerScope>()
{
new AccessReviewReviewerScope
{
Query = "./owners",
QueryType = "MicrosoftGraph"
}
},
FallbackReviewers = new List<AccessReviewReviewerScope>()
{
new AccessReviewReviewerScope
{
Query = "/users/fc9a2c2b-1ddc-486d-a211-5fe8ca77fa1f",
QueryType = "MicrosoftGraph"
}
},
Settings = new AccessReviewScheduleSettings
{
MailNotificationsEnabled = true,
ReminderNotificationsEnabled = true,
JustificationRequiredOnApproval = true,
RecommendationsEnabled = true,
InstanceDurationInDays = 3,
Recurrence = new PatternedRecurrence
{
Pattern = new RecurrencePattern
{
Type = RecurrencePatternType.AbsoluteMonthly,
DayOfMonth = 5,
Interval = 3
},
Range = new RecurrenceRange
{
Type = RecurrenceRangeType.NoEnd,
StartDate = new Date(2020,5,4)
}
},
DefaultDecisionEnabled = true,
DefaultDecision = "Deny",
AutoApplyDecisionsEnabled = true
}
};
await graphClient.IdentityGovernance.AccessReviews.Definitions
.Request()
.AddAsync(accessReviewScheduleDefinition);
SDK をプロジェクトに追加し、authProvider インスタンスを作成する方法の詳細については、SDK のドキュメントを参照してください。
const options = {
authProvider,
};
const client = Client.init(options);
const accessReviewScheduleDefinition = {
displayName: 'Review inactive guests on teams',
descriptionForAdmins: 'Control guest user access to our teams.',
descriptionForReviewers: 'Information security is everyone\'s responsibility. Review our access policy for more.',
instanceEnumerationScope: {
'@odata.type': '#microsoft.graph.accessReviewQueryScope',
query: '/groups?$filter=(groupTypes/any(c:c+eq+\'Unified\') and resourceProvisioningOptions/Any(x:x eq \'Team\')\')',
queryType: 'MicrosoftGraph'
},
scope: {
'@odata.type': '#microsoft.graph.accessReviewInactiveUsersQueryScope',
query: './members/microsoft.graph.user/?$filter=(userType eq \'Guest\')',
queryType: 'MicrosoftGraph',
inactiveDuration: 'P30D'
},
reviewers: [
{
query: './owners',
queryType: 'MicrosoftGraph'
}
],
fallbackReviewers: [
{
query: '/users/fc9a2c2b-1ddc-486d-a211-5fe8ca77fa1f',
queryType: 'MicrosoftGraph'
}
],
settings: {
mailNotificationsEnabled: true,
reminderNotificationsEnabled: true,
justificationRequiredOnApproval: true,
recommendationsEnabled: true,
instanceDurationInDays: 3,
recurrence: {
pattern: {
type: 'absoluteMonthly',
dayOfMonth: 5,
interval: 3
},
range: {
type: 'noEnd',
startDate: '2020-05-04T00:00:00.000Z'
}
},
defaultDecisionEnabled: true,
defaultDecision: 'Deny',
autoApplyDecisionsEnabled: true
}
};
await client.api('/identityGovernance/accessReviews/definitions')
.post(accessReviewScheduleDefinition);
SDK をプロジェクトに追加し、authProvider インスタンスを作成する方法の詳細については、SDK のドキュメントを参照してください。
MSHTTPClient *httpClient = [MSClientFactory createHTTPClientWithAuthenticationProvider:authenticationProvider];
NSString *MSGraphBaseURL = @"https://graph.microsoft.com/v1.0/";
NSMutableURLRequest *urlRequest = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:[MSGraphBaseURL stringByAppendingString:@"/identityGovernance/accessReviews/definitions"]]];
[urlRequest setHTTPMethod:@"POST"];
[urlRequest setValue:@"application/json" forHTTPHeaderField:@"Content-Type"];
MSGraphAccessReviewScheduleDefinition *accessReviewScheduleDefinition = [[MSGraphAccessReviewScheduleDefinition alloc] init];
[accessReviewScheduleDefinition setDisplayName:@"Review inactive guests on teams"];
[accessReviewScheduleDefinition setDescriptionForAdmins:@"Control guest user access to our teams."];
[accessReviewScheduleDefinition setDescriptionForReviewers:@"Information security is everyone's responsibility. Review our access policy for more."];
MSGraphAccessReviewScope *instanceEnumerationScope = [[MSGraphAccessReviewScope alloc] init];
[instanceEnumerationScope setQuery:@"/groups?$filter=(groupTypes/any(c:c+eq+'Unified') and resourceProvisioningOptions/Any(x:x eq 'Team')')"];
[instanceEnumerationScope setQueryType:@"MicrosoftGraph"];
[accessReviewScheduleDefinition setInstanceEnumerationScope:instanceEnumerationScope];
MSGraphAccessReviewScope *scope = [[MSGraphAccessReviewScope alloc] init];
[scope setQuery:@"./members/microsoft.graph.user/?$filter=(userType eq 'Guest')"];
[scope setQueryType:@"MicrosoftGraph"];
[scope setInactiveDuration:@"P30D"];
[accessReviewScheduleDefinition setScope:scope];
NSMutableArray *reviewersList = [[NSMutableArray alloc] init];
MSGraphAccessReviewReviewerScope *reviewers = [[MSGraphAccessReviewReviewerScope alloc] init];
[reviewers setQuery:@"./owners"];
[reviewers setQueryType:@"MicrosoftGraph"];
[reviewersList addObject: reviewers];
[accessReviewScheduleDefinition setReviewers:reviewersList];
NSMutableArray *fallbackReviewersList = [[NSMutableArray alloc] init];
MSGraphAccessReviewReviewerScope *fallbackReviewers = [[MSGraphAccessReviewReviewerScope alloc] init];
[fallbackReviewers setQuery:@"/users/fc9a2c2b-1ddc-486d-a211-5fe8ca77fa1f"];
[fallbackReviewers setQueryType:@"MicrosoftGraph"];
[fallbackReviewersList addObject: fallbackReviewers];
[accessReviewScheduleDefinition setFallbackReviewers:fallbackReviewersList];
MSGraphAccessReviewScheduleSettings *settings = [[MSGraphAccessReviewScheduleSettings alloc] init];
[settings setMailNotificationsEnabled: true];
[settings setReminderNotificationsEnabled: true];
[settings setJustificationRequiredOnApproval: true];
[settings setRecommendationsEnabled: true];
[settings setInstanceDurationInDays: 3];
MSGraphPatternedRecurrence *recurrence = [[MSGraphPatternedRecurrence alloc] init];
MSGraphRecurrencePattern *pattern = [[MSGraphRecurrencePattern alloc] init];
[pattern setType: [MSGraphRecurrencePatternType absoluteMonthly]];
[pattern setDayOfMonth: 5];
[pattern setInterval: 3];
[recurrence setPattern:pattern];
MSGraphRecurrenceRange *range = [[MSGraphRecurrenceRange alloc] init];
[range setType: [MSGraphRecurrenceRangeType noEnd]];
[range setStartDate: "2020-05-04T00:00:00Z"];
[recurrence setRange:range];
[settings setRecurrence:recurrence];
[settings setDefaultDecisionEnabled: true];
[settings setDefaultDecision:@"Deny"];
[settings setAutoApplyDecisionsEnabled: true];
[accessReviewScheduleDefinition setSettings:settings];
NSError *error;
NSData *accessReviewScheduleDefinitionData = [accessReviewScheduleDefinition getSerializedDataWithError:&error];
[urlRequest setHTTPBody:accessReviewScheduleDefinitionData];
MSURLSessionDataTask *meDataTask = [httpClient dataTaskWithRequest:urlRequest
completionHandler: ^(NSData *data, NSURLResponse *response, NSError *nserror) {
//Request Completed
}];
[meDataTask execute];
SDK をプロジェクトに追加し、authProvider インスタンスを作成する方法の詳細については、SDK のドキュメントを参照してください。
GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();
AccessReviewScheduleDefinition accessReviewScheduleDefinition = new AccessReviewScheduleDefinition();
accessReviewScheduleDefinition.displayName = "Review inactive guests on teams";
accessReviewScheduleDefinition.descriptionForAdmins = "Control guest user access to our teams.";
accessReviewScheduleDefinition.descriptionForReviewers = "Information security is everyone's responsibility. Review our access policy for more.";
AccessReviewQueryScope instanceEnumerationScope = new AccessReviewQueryScope();
instanceEnumerationScope.query = "/groups?$filter=(groupTypes/any(c:c+eq+'Unified') and resourceProvisioningOptions/Any(x:x eq 'Team')')";
instanceEnumerationScope.queryType = "MicrosoftGraph";
accessReviewScheduleDefinition.instanceEnumerationScope = instanceEnumerationScope;
AccessReviewInactiveUsersQueryScope scope = new AccessReviewInactiveUsersQueryScope();
scope.query = "./members/microsoft.graph.user/?$filter=(userType eq 'Guest')";
scope.queryType = "MicrosoftGraph";
scope.inactiveDuration = DatatypeFactory.newInstance().newDuration("P30D");
accessReviewScheduleDefinition.scope = scope;
LinkedList<AccessReviewReviewerScope> reviewersList = new LinkedList<AccessReviewReviewerScope>();
AccessReviewReviewerScope reviewers = new AccessReviewReviewerScope();
reviewers.query = "./owners";
reviewers.queryType = "MicrosoftGraph";
reviewersList.add(reviewers);
accessReviewScheduleDefinition.reviewers = reviewersList;
LinkedList<AccessReviewReviewerScope> fallbackReviewersList = new LinkedList<AccessReviewReviewerScope>();
AccessReviewReviewerScope fallbackReviewers = new AccessReviewReviewerScope();
fallbackReviewers.query = "/users/fc9a2c2b-1ddc-486d-a211-5fe8ca77fa1f";
fallbackReviewers.queryType = "MicrosoftGraph";
fallbackReviewersList.add(fallbackReviewers);
accessReviewScheduleDefinition.fallbackReviewers = fallbackReviewersList;
AccessReviewScheduleSettings settings = new AccessReviewScheduleSettings();
settings.mailNotificationsEnabled = true;
settings.reminderNotificationsEnabled = true;
settings.justificationRequiredOnApproval = true;
settings.recommendationsEnabled = true;
settings.instanceDurationInDays = 3;
PatternedRecurrence recurrence = new PatternedRecurrence();
RecurrencePattern pattern = new RecurrencePattern();
pattern.type = RecurrencePatternType.ABSOLUTE_MONTHLY;
pattern.dayOfMonth = 5;
pattern.interval = 3;
recurrence.pattern = pattern;
RecurrenceRange range = new RecurrenceRange();
range.type = RecurrenceRangeType.NO_END;
range.startDate = new DateOnly(1900,1,1);
recurrence.range = range;
settings.recurrence = recurrence;
settings.defaultDecisionEnabled = true;
settings.defaultDecision = "Deny";
settings.autoApplyDecisionsEnabled = true;
accessReviewScheduleDefinition.settings = settings;
graphClient.identityGovernance().accessReviews().definitions()
.buildRequest()
.post(accessReviewScheduleDefinition);
SDK をプロジェクトに追加し、authProvider インスタンスを作成する方法の詳細については、SDK のドキュメントを参照してください。
//THE GO SDK IS IN PREVIEW. NON-PRODUCTION USE ONLY
graphClient := msgraphsdk.NewGraphServiceClient(requestAdapter)
requestBody := msgraphsdk.NewAccessReviewScheduleDefinition()
displayName := "Review inactive guests on teams"
requestBody.SetDisplayName(&displayName)
descriptionForAdmins := "Control guest user access to our teams."
requestBody.SetDescriptionForAdmins(&descriptionForAdmins)
descriptionForReviewers := "Information security is everyone's responsibility. Review our access policy for more."
requestBody.SetDescriptionForReviewers(&descriptionForReviewers)
instanceEnumerationScope := msgraphsdk.NewAccessReviewScope()
requestBody.SetInstanceEnumerationScope(instanceEnumerationScope)
instanceEnumerationScope.SetAdditionalData(map[string]interface{}{
"@odata.type": "#microsoft.graph.accessReviewQueryScope",
"query": "/groups?$filter=(groupTypes/any(c:c+eq+'Unified') and resourceProvisioningOptions/Any(x:x eq 'Team')')",
"queryType": "MicrosoftGraph",
}
scope := msgraphsdk.NewAccessReviewScope()
requestBody.SetScope(scope)
scope.SetAdditionalData(map[string]interface{}{
"@odata.type": "#microsoft.graph.accessReviewInactiveUsersQueryScope",
"query": "./members/microsoft.graph.user/?$filter=(userType eq 'Guest')",
"queryType": "MicrosoftGraph",
"inactiveDuration": "P30D",
}
requestBody.SetReviewers( []AccessReviewReviewerScope {
msgraphsdk.NewAccessReviewReviewerScope(),
SetAdditionalData(map[string]interface{}{
"query": "./owners",
"queryType": "MicrosoftGraph",
}
}
requestBody.SetFallbackReviewers( []AccessReviewReviewerScope {
msgraphsdk.NewAccessReviewReviewerScope(),
SetAdditionalData(map[string]interface{}{
"query": "/users/fc9a2c2b-1ddc-486d-a211-5fe8ca77fa1f",
"queryType": "MicrosoftGraph",
}
}
settings := msgraphsdk.NewAccessReviewScheduleSettings()
requestBody.SetSettings(settings)
mailNotificationsEnabled := true
settings.SetMailNotificationsEnabled(&mailNotificationsEnabled)
reminderNotificationsEnabled := true
settings.SetReminderNotificationsEnabled(&reminderNotificationsEnabled)
justificationRequiredOnApproval := true
settings.SetJustificationRequiredOnApproval(&justificationRequiredOnApproval)
recommendationsEnabled := true
settings.SetRecommendationsEnabled(&recommendationsEnabled)
instanceDurationInDays := int32(3)
settings.SetInstanceDurationInDays(&instanceDurationInDays)
recurrence := msgraphsdk.NewPatternedRecurrence()
settings.SetRecurrence(recurrence)
pattern := msgraphsdk.NewRecurrencePattern()
recurrence.SetPattern(pattern)
type := "absoluteMonthly"
pattern.SetType(&type)
dayOfMonth := int32(5)
pattern.SetDayOfMonth(&dayOfMonth)
interval := int32(3)
pattern.SetInterval(&interval)
range := msgraphsdk.NewRecurrenceRange()
recurrence.SetRange(range)
type := "noEnd"
range.SetType(&type)
startDate := "2020-05-04T00:00:00.000Z"
range.SetStartDate(&startDate)
defaultDecisionEnabled := true
settings.SetDefaultDecisionEnabled(&defaultDecisionEnabled)
defaultDecision := "Deny"
settings.SetDefaultDecision(&defaultDecision)
autoApplyDecisionsEnabled := true
settings.SetAutoApplyDecisionsEnabled(&autoApplyDecisionsEnabled)
options := &msgraphsdk.DefinitionsRequestBuilderPostOptions{
Body: requestBody,
}
result, err := graphClient.IdentityGovernance().AccessReviews().Definitions().Post(options)
SDK をプロジェクトに追加し、authProvider インスタンスを作成する方法の詳細については、SDK のドキュメントを参照してください。
応答
注: ここに示す応答オブジェクトは、読みやすさのために短縮されている場合があります。
HTTP/1.1 201 Created
Content-type: application/json
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#identityGovernance/accessReviews/definitions/$entity",
"id": "b0966e21-a01e-43c9-8f8b-9ba30ed5710a",
"displayName": "Review inactive guests on teams",
"createdDateTime": "2021-05-04T18:27:02.6719849Z",
"lastModifiedDateTime": "2021-05-04T18:27:24.0889623Z",
"status": "InProgress",
"descriptionForAdmins": "Control guest user access to our teams.",
"descriptionForReviewers": "Information security is everyone's responsibility. Review our access policy for more.",
"createdBy": {
"id": "fc9a2c2b-1ddc-486d-a211-5fe8ca77fa1f",
"displayName": "MOD Administrator",
"userPrincipalName": "admin@contoso.com"
},
"scope": {
"@odata.type": "#microsoft.graph.accessReviewInactiveUsersQueryScope",
"query": "./members/microsoft.graph.user/?$count=true&$filter=(userType eq 'Guest')",
"queryType": "MicrosoftGraph",
"queryRoot": null,
"inactiveDuration": "P30D"
},
"instanceEnumerationScope": {
"@odata.type": "#microsoft.graph.accessReviewQueryScope",
"query": "/groups?$filter=(groupTypes/any(c:c+eq+'Unified') and resourceProvisioningOptions/Any(x:x eq 'Team'))&$count=true",
"queryType": "MicrosoftGraph",
"queryRoot": null
},
"reviewers": [
{
"query": "./owners",
"queryType": "MicrosoftGraph",
"queryRoot": null
}
],
"backupReviewers": [
{
"query": "/users/fc9a2c2b-1ddc-486d-a211-5fe8ca77fa1f",
"queryType": "MicrosoftGraph",
"queryRoot": null
}
],
"fallbackReviewers": [
{
"query": "/users/fc9a2c2b-1ddc-486d-a211-5fe8ca77fa1f",
"queryType": "MicrosoftGraph",
"queryRoot": null
}
],
"settings": {
"mailNotificationsEnabled": true,
"reminderNotificationsEnabled": true,
"justificationRequiredOnApproval": true,
"defaultDecisionEnabled": true,
"defaultDecision": "Deny",
"instanceDurationInDays": 3,
"autoApplyDecisionsEnabled": true,
"recommendationsEnabled": true,
"recurrence": {
"pattern": {
"type": "absoluteMonthly",
"interval": 3,
"month": 0,
"dayOfMonth": 0,
"daysOfWeek": [],
"firstDayOfWeek": "sunday",
"index": "first"
},
"range": {
"type": "numbered",
"numberOfOccurrences": 0,
"recurrenceTimeZone": null,
"startDate": "2021-05-05",
"endDate": "9999-12-31"
}
},
"applyActions": [
{
"@odata.type": "#microsoft.graph.removeAccessApplyAction"
}
]
},
"additionalNotificationRecipients": []
}
例 3: アプリケーションへのすべてのユーザーのアクセス レビューを作成する
次の設定でアクセス レビューを作成する例を次に示します。
- レビューでは、アプリケーションへのユーザー アクセスを確認します。
- ユーザー マネージャーはレビュー担当者であり、フォールバック レビュー担当者はグループのメンバーです。
- 半期的に再帰し、startDate から 1 年が終了します。
要求
POST https://graph.microsoft.com/v1.0/identityGovernance/accessReviews/definitions
Content-type: application/json
{
"displayName": "Review employee access to LinkedIn",
"descriptionForAdmins": "Review employee access to LinkedIn",
"scope": {
"@odata.type": "#microsoft.graph.principalResourceMembershipsScope",
"principalScopes": [
{
"@odata.type": "#microsoft.graph.accessReviewQueryScope",
"query": "/users",
"queryType": "MicrosoftGraph"
}
],
"resourceScopes": [
{
"@odata.type": "#microsoft.graph.accessReviewQueryScope",
"query": "/servicePrincipals/bae11f90-7d5d-46ba-9f55-8112b59d92ae",
"queryType": "MicrosoftGraph"
}
]
},
"reviewers": [
{
"query": "./manager",
"queryType": "MicrosoftGraph",
"queryRoot": "decisions"
}
],
"backupReviewers": [
{
"query": "/groups/072ac5f4-3f13-4088-ab30-0a276f3e6322/transitiveMembers",
"queryType": "MicrosoftGraph"
}
],
"fallbackReviewers": [
{
"query": "/groups/072ac5f4-3f13-4088-ab30-0a276f3e6322/transitiveMembers",
"queryType": "MicrosoftGraph"
}
],
"settings": {
"mailNotificationsEnabled": true,
"reminderNotificationsEnabled": true,
"justificationRequiredOnApproval": true,
"defaultDecisionEnabled": true,
"defaultDecision": "Recommendation",
"instanceDurationInDays": 180,
"autoApplyDecisionsEnabled": true,
"recommendationsEnabled": true,
"recurrence": {
"pattern": {
"type": "absoluteMonthly",
"interval": 6,
"dayOfMonth": 0
},
"range": {
"type": "numbered",
"startDate": "2021-05-05",
"endDate": "2022-05-05"
}
}
}
}
const options = {
authProvider,
};
const client = Client.init(options);
const accessReviewScheduleDefinition = {
displayName: 'Review employee access to LinkedIn',
descriptionForAdmins: 'Review employee access to LinkedIn',
scope: {
'@odata.type': '#microsoft.graph.principalResourceMembershipsScope',
principalScopes: [
{
'@odata.type': '#microsoft.graph.accessReviewQueryScope',
query: '/users',
queryType: 'MicrosoftGraph'
}
],
resourceScopes: [
{
'@odata.type': '#microsoft.graph.accessReviewQueryScope',
query: '/servicePrincipals/bae11f90-7d5d-46ba-9f55-8112b59d92ae',
queryType: 'MicrosoftGraph'
}
]
},
reviewers: [
{
query: './manager',
queryType: 'MicrosoftGraph',
queryRoot: 'decisions'
}
],
backupReviewers: [
{
query: '/groups/072ac5f4-3f13-4088-ab30-0a276f3e6322/transitiveMembers',
queryType: 'MicrosoftGraph'
}
],
fallbackReviewers: [
{
query: '/groups/072ac5f4-3f13-4088-ab30-0a276f3e6322/transitiveMembers',
queryType: 'MicrosoftGraph'
}
],
settings: {
mailNotificationsEnabled: true,
reminderNotificationsEnabled: true,
justificationRequiredOnApproval: true,
defaultDecisionEnabled: true,
defaultDecision: 'Recommendation',
instanceDurationInDays: 180,
autoApplyDecisionsEnabled: true,
recommendationsEnabled: true,
recurrence: {
pattern: {
type: 'absoluteMonthly',
interval: 6,
dayOfMonth: 0
},
range: {
type: 'numbered',
startDate: '2021-05-05',
endDate: '2022-05-05'
}
}
}
};
await client.api('/identityGovernance/accessReviews/definitions')
.post(accessReviewScheduleDefinition);
SDK をプロジェクトに追加し、authProvider インスタンスを作成する方法の詳細については、SDK のドキュメントを参照してください。
//THE GO SDK IS IN PREVIEW. NON-PRODUCTION USE ONLY
graphClient := msgraphsdk.NewGraphServiceClient(requestAdapter)
requestBody := graphmodels.NewAccessReviewScheduleDefinition()
displayName := "Review employee access to LinkedIn"
requestBody.SetDisplayName(&displayName)
descriptionForAdmins := "Review employee access to LinkedIn"
requestBody.SetDescriptionForAdmins(&descriptionForAdmins)
scope := graphmodels.NewAccessReviewScope()
"@odata.type" := "#microsoft.graph.principalResourceMembershipsScope"
scope.Set"@odata.type"(&"@odata.type")
additionalData := map[string]interface{}{
:= graphmodels.New()
"@odata.type" := "#microsoft.graph.accessReviewQueryScope"
.Set"@odata.type"(&"@odata.type")
query := "/users"
.SetQuery(&query)
queryType := "MicrosoftGraph"
.SetQueryType(&queryType)
principalScopes := []graphmodels.Objectable {
,
}
:= graphmodels.New()
"@odata.type" := "#microsoft.graph.accessReviewQueryScope"
.Set"@odata.type"(&"@odata.type")
query := "/servicePrincipals/bae11f90-7d5d-46ba-9f55-8112b59d92ae"
.SetQuery(&query)
queryType := "MicrosoftGraph"
.SetQueryType(&queryType)
resourceScopes := []graphmodels.Objectable {
,
}
}
scope.SetAdditionalData(additionalData)
requestBody.SetScope(scope)
accessReviewReviewerScope := graphmodels.NewAccessReviewReviewerScope()
query := "./manager"
accessReviewReviewerScope.SetQuery(&query)
queryType := "MicrosoftGraph"
accessReviewReviewerScope.SetQueryType(&queryType)
queryRoot := "decisions"
accessReviewReviewerScope.SetQueryRoot(&queryRoot)
reviewers := []graphmodels.AccessReviewReviewerScopeable {
accessReviewReviewerScope,
}
requestBody.SetReviewers(reviewers)
accessReviewReviewerScope := graphmodels.NewAccessReviewReviewerScope()
query := "/groups/072ac5f4-3f13-4088-ab30-0a276f3e6322/transitiveMembers"
accessReviewReviewerScope.SetQuery(&query)
queryType := "MicrosoftGraph"
accessReviewReviewerScope.SetQueryType(&queryType)
fallbackReviewers := []graphmodels.AccessReviewReviewerScopeable {
accessReviewReviewerScope,
}
requestBody.SetFallbackReviewers(fallbackReviewers)
settings := graphmodels.NewAccessReviewScheduleSettings()
mailNotificationsEnabled := true
settings.SetMailNotificationsEnabled(&mailNotificationsEnabled)
reminderNotificationsEnabled := true
settings.SetReminderNotificationsEnabled(&reminderNotificationsEnabled)
justificationRequiredOnApproval := true
settings.SetJustificationRequiredOnApproval(&justificationRequiredOnApproval)
defaultDecisionEnabled := true
settings.SetDefaultDecisionEnabled(&defaultDecisionEnabled)
defaultDecision := "Recommendation"
settings.SetDefaultDecision(&defaultDecision)
instanceDurationInDays := int32(180)
settings.SetInstanceDurationInDays(&instanceDurationInDays)
autoApplyDecisionsEnabled := true
settings.SetAutoApplyDecisionsEnabled(&autoApplyDecisionsEnabled)
recommendationsEnabled := true
settings.SetRecommendationsEnabled(&recommendationsEnabled)
recurrence := graphmodels.NewPatternedRecurrence()
pattern := graphmodels.NewRecurrencePattern()
type := graphmodels.ABSOLUTEMONTHLY_RECURRENCEPATTERNTYPE
pattern.SetType(&type)
interval := int32(6)
pattern.SetInterval(&interval)
dayOfMonth := int32(0)
pattern.SetDayOfMonth(&dayOfMonth)
recurrence.SetPattern(pattern)
range := graphmodels.NewRecurrenceRange()
type := graphmodels.NUMBERED_RECURRENCERANGETYPE
range.SetType(&type)
startDate := "2021-05-05"
range.SetStartDate(&startDate)
endDate := "2022-05-05"
range.SetEndDate(&endDate)
recurrence.SetRange(range)
settings.SetRecurrence(recurrence)
requestBody.SetSettings(settings)
additionalData := map[string]interface{}{
:= graphmodels.New()
query := "/groups/072ac5f4-3f13-4088-ab30-0a276f3e6322/transitiveMembers"
.SetQuery(&query)
queryType := "MicrosoftGraph"
.SetQueryType(&queryType)
backupReviewers := []graphmodels.Objectable {
,
}
}
requestBody.SetAdditionalData(additionalData)
result, err := graphClient.IdentityGovernance().AccessReviews().Definitions().Post(requestBody)
SDK をプロジェクトに追加し、authProvider インスタンスを作成する方法の詳細については、SDK のドキュメントを参照してください。
応答
注: ここに示す応答オブジェクトは、読みやすさのために短縮されている場合があります。
HTTP/1.1 201 Created
Content-type: application/json
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#identityGovernance/accessReviews/definitions/$entity",
"id": "1f79f34b-8667-40d9-875c-893b630b3dec",
"scope": {
"@odata.type": "#microsoft.graph.principalResourceMembershipsScope",
"principalScopes": [
{
"@odata.type": "#microsoft.graph.accessReviewQueryScope",
"query": "/users",
"queryType": "MicrosoftGraph",
"queryRoot": null
}
],
"resourceScopes": [
{
"@odata.type": "#microsoft.graph.accessReviewQueryScope",
"query": "/servicePrincipals/bae11f90-7d5d-46ba-9f55-8112b59d92ae",
"queryType": "MicrosoftGraph",
"queryRoot": null
}
]
},
"reviewers": [
{
"query": "./manager",
"queryType": "MicrosoftGraph",
"queryRoot": "decisions"
}
],
"backupReviewers": [
{
"query": "/groups/072ac5f4-3f13-4088-ab30-0a276f3e6322/transitiveMembers",
"queryType": "MicrosoftGraph",
"queryRoot": null
}
],
"fallbackReviewers": [
{
"query": "/groups/072ac5f4-3f13-4088-ab30-0a276f3e6322/transitiveMembers",
"queryType": "MicrosoftGraph",
"queryRoot": null
}
],
"settings": {
"instanceDurationInDays": 180,
"recurrence": {
"pattern": {
"type": "absoluteMonthly",
"interval": 6,
"month": 0,
"dayOfMonth": 0,
"daysOfWeek": [],
"firstDayOfWeek": "sunday",
"index": "first"
},
"range": {
"type": "numbered",
"numberOfOccurrences": 0,
"recurrenceTimeZone": null,
"startDate": "2021-05-05",
"endDate": "2022-05-05"
}
}
},
"additionalNotificationRecipients": []
}