更新 accessPackageAssignmentPolicy

项目
05/05/2022

命名空间：microsoft.graph

更新现有 accessPackageAssignmentPolicy 对象以更改其一个或多个属性，例如显示名称或说明。

权限

要调用此 API，需要以下权限之一。要了解详细信息，包括如何选择权限的信息，请参阅权限。

权限类型	权限（从最低特权到最高特权）
委派（工作或学校帐户）	EntitlementManagement.ReadWrite.All
委派（个人 Microsoft 帐户）	不支持。
Application	EntitlementManagement.ReadWrite.All

HTTP 请求

PUT /identityGovernance/entitlementManagement/assignmentPolicies/{accessPackageAssignmentPolicyId}

请求标头

名称	说明
Authorization	Bearer {token}。必需。
Content-Type	application/json. Required.

请求正文

在请求正文中，仅提供应更新的属性的值。未包含在请求正文中的现有属性将保留其以前的值或根据对其他属性值的更改重新计算。

下表指定可以更新的属性。

属性	类型	说明
displayName	字符串	策略的显示名称。
说明	字符串	策略的说明。
allowedTargetScope	allowedTargetScope	允许Who通过此策略请求访问包。可取值包括：`notSpecified`、`specificDirectoryUsers`、`specificConnectedOrganizationUsers`、`specificDirectoryServicePrincipals`、`allMemberUsers`、`allDirectoryUsers`、`allDirectoryServicePrincipals`、`allConfiguredConnectedOrganizationUsers`、`allExternalUsers`、`unknownFutureValue`。
specificAllowedTargets	subjectSet 集合	可通过此策略从访问包分配访问权限的主体。
到期	expirationPattern	在此策略中创建的分配的到期日期。
requestorSettings	accessPackageAssignmentRequestorSettings	提供其他设置，以选择谁可以通过此策略创建访问包分配请求，以及它们可以包含在请求中的内容。
requestApprovalSettings	accessPackageAssignmentApprovalSettings	指定通过此策略批准访问包分配请求的设置。例如，如果新请求需要审批。
reviewSettings	accessPackageReviewSettings	设置通过此策略对分配进行访问评审。

响应

如果成功，此方法在响应正文中返回 200 OK 响应代码和更新的 accessPackageAssignmentPolicy 对象。

示例

请求

PUT https://graph.microsoft.com/v1.0/identityGovernance/entitlementManagement/assignmentPolicies/87e1c7f7-c7f7-87e1-f7c7-e187f7c7e187
Content-Type: application/json

{
  "id":"87e1c7f7-c7f7-87e1-f7c7-e187f7c7e187",
  "displayName": "All Users",
  "description": "All users can request for access to the directory.",
  "allowedTargetScope": "allDirectoryUsers",
  "specificAllowedTargets": [],
  "expiration": {
      "type": "noExpiration"
  },
  "requestorSettings": {
      "enableTargetsToSelfAddAccess": true,
      "enableTargetsToSelfUpdateAccess": false,
      "enableTargetsToSelfRemoveAccess": true,
      "allowCustomAssignmentSchedule": false,
      "enableOnBehalfRequestorsToAddAccess": false,
      "enableOnBehalfRequestorsToUpdateAccess": false,
      "enableOnBehalfRequestorsToRemoveAccess": false,
      "onBehalfRequestors": []
  },
  "requestApprovalSettings": {
      "isApprovalRequiredForAdd": true,
      "isApprovalRequiredForUpdate": false,
      "stages": [
          {
              "durationBeforeAutomaticDenial": "P2D",
              "isApproverJustificationRequired": false,
              "isEscalationEnabled": false,
              "durationBeforeEscalation": "PT0S",
              "primaryApprovers": [
                  {
                      "@odata.type": "#microsoft.graph.requestorManager",
                      "managerLevel": 1
                  }
              ],
              "fallbackPrimaryApprovers": [
                  {
                      "@odata.type": "#microsoft.graph.singleUser",
                      "userId": "e6bf4d7d-6824-4dd0-809d-5bf42d4817c2",
                      "description": "user"
                  }
              ],
              "escalationApprovers": [],
              "fallbackEscalationApprovers": []
          }
      ]
  },
  "accessPackage": {
        "id": "49d2c59b-0a81-463d-a8ec-ddad3935d8a0"
  }
}


GraphServiceClient graphClient = new GraphServiceClient( authProvider );

var accessPackageAssignmentPolicy = new AccessPackageAssignmentPolicy
{
    Id = "87e1c7f7-c7f7-87e1-f7c7-e187f7c7e187",
    DisplayName = "All Users",
    Description = "All users can request for access to the directory.",
    AllowedTargetScope = AllowedTargetScope.AllDirectoryUsers,
    SpecificAllowedTargets = new List<SubjectSet>()
    {
    },
    Expiration = new ExpirationPattern
    {
        Type = ExpirationPatternType.NoExpiration
    },
    RequestorSettings = new AccessPackageAssignmentRequestorSettings
    {
        EnableTargetsToSelfAddAccess = true,
        EnableTargetsToSelfUpdateAccess = false,
        EnableTargetsToSelfRemoveAccess = true,
        AllowCustomAssignmentSchedule = false,
        EnableOnBehalfRequestorsToAddAccess = false,
        EnableOnBehalfRequestorsToUpdateAccess = false,
        EnableOnBehalfRequestorsToRemoveAccess = false,
        OnBehalfRequestors = new List<SubjectSet>()
        {
        }
    },
    RequestApprovalSettings = new AccessPackageAssignmentApprovalSettings
    {
        IsApprovalRequiredForAdd = true,
        IsApprovalRequiredForUpdate = false,
        Stages = new List<AccessPackageApprovalStage>()
        {
            new AccessPackageApprovalStage
            {
                DurationBeforeAutomaticDenial = new Duration("P2D"),
                IsApproverJustificationRequired = false,
                IsEscalationEnabled = false,
                DurationBeforeEscalation = new Duration("PT0S"),
                PrimaryApprovers = new List<SubjectSet>()
                {
                    new RequestorManager
                    {
                        ManagerLevel = 1
                    }
                },
                FallbackPrimaryApprovers = new List<SubjectSet>()
                {
                    new SingleUser
                    {
                        UserId = "e6bf4d7d-6824-4dd0-809d-5bf42d4817c2",
                        Description = "user"
                    }
                },
                EscalationApprovers = new List<SubjectSet>()
                {
                },
                FallbackEscalationApprovers = new List<SubjectSet>()
                {
                }
            }
        }
    },
    AccessPackage = new AccessPackage
    {
        Id = "49d2c59b-0a81-463d-a8ec-ddad3935d8a0"
    }
};

await graphClient.IdentityGovernance.EntitlementManagement.AssignmentPolicies["{accessPackageAssignmentPolicy-id}"]
    .Request()
    .PutAsync(accessPackageAssignmentPolicy);

有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息，请参阅 SDK 文档。


const options = {
    authProvider,
};

const client = Client.init(options);

const accessPackageAssignmentPolicy = {
  id: '87e1c7f7-c7f7-87e1-f7c7-e187f7c7e187',
  displayName: 'All Users',
  description: 'All users can request for access to the directory.',
  allowedTargetScope: 'allDirectoryUsers',
  specificAllowedTargets: [],
  expiration: {
      type: 'noExpiration'
  },
  requestorSettings: {
      enableTargetsToSelfAddAccess: true,
      enableTargetsToSelfUpdateAccess: false,
      enableTargetsToSelfRemoveAccess: true,
      allowCustomAssignmentSchedule: false,
      enableOnBehalfRequestorsToAddAccess: false,
      enableOnBehalfRequestorsToUpdateAccess: false,
      enableOnBehalfRequestorsToRemoveAccess: false,
      onBehalfRequestors: []
  },
  requestApprovalSettings: {
      isApprovalRequiredForAdd: true,
      isApprovalRequiredForUpdate: false,
      stages: [
          {
              durationBeforeAutomaticDenial: 'P2D',
              isApproverJustificationRequired: false,
              isEscalationEnabled: false,
              durationBeforeEscalation: 'PT0S',
              primaryApprovers: [
                  {
                      '@odata.type': '#microsoft.graph.requestorManager',
                      managerLevel: 1
                  }
              ],
              fallbackPrimaryApprovers: [
                  {
                      '@odata.type': '#microsoft.graph.singleUser',
                      userId: 'e6bf4d7d-6824-4dd0-809d-5bf42d4817c2',
                      description: 'user'
                  }
              ],
              escalationApprovers: [],
              fallbackEscalationApprovers: []
          }
      ]
  },
  accessPackage: {
        id: '49d2c59b-0a81-463d-a8ec-ddad3935d8a0'
  }
};

await client.api('/identityGovernance/entitlementManagement/assignmentPolicies/87e1c7f7-c7f7-87e1-f7c7-e187f7c7e187')
    .put(accessPackageAssignmentPolicy);

有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息，请参阅 SDK 文档。


MSHTTPClient *httpClient = [MSClientFactory createHTTPClientWithAuthenticationProvider:authenticationProvider];

NSString *MSGraphBaseURL = @"https://graph.microsoft.com/v1.0/";
NSMutableURLRequest *urlRequest = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:[MSGraphBaseURL stringByAppendingString:@"/identityGovernance/entitlementManagement/assignmentPolicies/87e1c7f7-c7f7-87e1-f7c7-e187f7c7e187"]]];
[urlRequest setHTTPMethod:@"PUT"];
[urlRequest setValue:@"application/json" forHTTPHeaderField:@"Content-Type"];

MSGraphAccessPackageAssignmentPolicy *accessPackageAssignmentPolicy = [[MSGraphAccessPackageAssignmentPolicy alloc] init];
[accessPackageAssignmentPolicy setId:@"87e1c7f7-c7f7-87e1-f7c7-e187f7c7e187"];
[accessPackageAssignmentPolicy setDisplayName:@"All Users"];
[accessPackageAssignmentPolicy setDescription:@"All users can request for access to the directory."];
[accessPackageAssignmentPolicy setAllowedTargetScope: [MSGraphAllowedTargetScope allDirectoryUsers]];
NSMutableArray *specificAllowedTargetsList = [[NSMutableArray alloc] init];
[accessPackageAssignmentPolicy setSpecificAllowedTargets:specificAllowedTargetsList];
MSGraphExpirationPattern *expiration = [[MSGraphExpirationPattern alloc] init];
[expiration setType: [MSGraphExpirationPatternType noExpiration]];
[accessPackageAssignmentPolicy setExpiration:expiration];
MSGraphAccessPackageAssignmentRequestorSettings *requestorSettings = [[MSGraphAccessPackageAssignmentRequestorSettings alloc] init];
[requestorSettings setEnableTargetsToSelfAddAccess: true];
[requestorSettings setEnableTargetsToSelfUpdateAccess: false];
[requestorSettings setEnableTargetsToSelfRemoveAccess: true];
[requestorSettings setAllowCustomAssignmentSchedule: false];
[requestorSettings setEnableOnBehalfRequestorsToAddAccess: false];
[requestorSettings setEnableOnBehalfRequestorsToUpdateAccess: false];
[requestorSettings setEnableOnBehalfRequestorsToRemoveAccess: false];
NSMutableArray *onBehalfRequestorsList = [[NSMutableArray alloc] init];
[requestorSettings setOnBehalfRequestors:onBehalfRequestorsList];
[accessPackageAssignmentPolicy setRequestorSettings:requestorSettings];
MSGraphAccessPackageAssignmentApprovalSettings *requestApprovalSettings = [[MSGraphAccessPackageAssignmentApprovalSettings alloc] init];
[requestApprovalSettings setIsApprovalRequiredForAdd: true];
[requestApprovalSettings setIsApprovalRequiredForUpdate: false];
NSMutableArray *stagesList = [[NSMutableArray alloc] init];
MSGraphAccessPackageApprovalStage *stages = [[MSGraphAccessPackageApprovalStage alloc] init];
[stages setDurationBeforeAutomaticDenial:@"P2D"];
[stages setIsApproverJustificationRequired: false];
[stages setIsEscalationEnabled: false];
[stages setDurationBeforeEscalation:@"PT0S"];
NSMutableArray *primaryApproversList = [[NSMutableArray alloc] init];
MSGraphSubjectSet *primaryApprovers = [[MSGraphSubjectSet alloc] init];
[primaryApprovers setManagerLevel: 1];
[primaryApproversList addObject: primaryApprovers];
[stages setPrimaryApprovers:primaryApproversList];
NSMutableArray *fallbackPrimaryApproversList = [[NSMutableArray alloc] init];
MSGraphSubjectSet *fallbackPrimaryApprovers = [[MSGraphSubjectSet alloc] init];
[fallbackPrimaryApprovers setUserId:@"e6bf4d7d-6824-4dd0-809d-5bf42d4817c2"];
[fallbackPrimaryApprovers setDescription:@"user"];
[fallbackPrimaryApproversList addObject: fallbackPrimaryApprovers];
[stages setFallbackPrimaryApprovers:fallbackPrimaryApproversList];
NSMutableArray *escalationApproversList = [[NSMutableArray alloc] init];
[stages setEscalationApprovers:escalationApproversList];
NSMutableArray *fallbackEscalationApproversList = [[NSMutableArray alloc] init];
[stages setFallbackEscalationApprovers:fallbackEscalationApproversList];
[stagesList addObject: stages];
[requestApprovalSettings setStages:stagesList];
[accessPackageAssignmentPolicy setRequestApprovalSettings:requestApprovalSettings];
MSGraphAccessPackage *accessPackage = [[MSGraphAccessPackage alloc] init];
[accessPackage setId:@"49d2c59b-0a81-463d-a8ec-ddad3935d8a0"];
[accessPackageAssignmentPolicy setAccessPackage:accessPackage];

NSError *error;
NSData *accessPackageAssignmentPolicyData = [accessPackageAssignmentPolicy getSerializedDataWithError:&error];
[urlRequest setHTTPBody:accessPackageAssignmentPolicyData];

MSURLSessionDataTask *meDataTask = [httpClient dataTaskWithRequest:urlRequest 
    completionHandler: ^(NSData *data, NSURLResponse *response, NSError *nserror) {

        //Request Completed

}];

[meDataTask execute];

有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息，请参阅 SDK 文档。


GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();

AccessPackageAssignmentPolicy accessPackageAssignmentPolicy = new AccessPackageAssignmentPolicy();
accessPackageAssignmentPolicy.id = "87e1c7f7-c7f7-87e1-f7c7-e187f7c7e187";
accessPackageAssignmentPolicy.displayName = "All Users";
accessPackageAssignmentPolicy.description = "All users can request for access to the directory.";
accessPackageAssignmentPolicy.allowedTargetScope = AllowedTargetScope.ALL_DIRECTORY_USERS;
LinkedList<SubjectSet> specificAllowedTargetsList = new LinkedList<SubjectSet>();
accessPackageAssignmentPolicy.specificAllowedTargets = specificAllowedTargetsList;
ExpirationPattern expiration = new ExpirationPattern();
expiration.type = ExpirationPatternType.NO_EXPIRATION;
accessPackageAssignmentPolicy.expiration = expiration;
AccessPackageAssignmentRequestorSettings requestorSettings = new AccessPackageAssignmentRequestorSettings();
requestorSettings.enableTargetsToSelfAddAccess = true;
requestorSettings.enableTargetsToSelfUpdateAccess = false;
requestorSettings.enableTargetsToSelfRemoveAccess = true;
requestorSettings.allowCustomAssignmentSchedule = false;
requestorSettings.enableOnBehalfRequestorsToAddAccess = false;
requestorSettings.enableOnBehalfRequestorsToUpdateAccess = false;
requestorSettings.enableOnBehalfRequestorsToRemoveAccess = false;
LinkedList<SubjectSet> onBehalfRequestorsList = new LinkedList<SubjectSet>();
requestorSettings.onBehalfRequestors = onBehalfRequestorsList;
accessPackageAssignmentPolicy.requestorSettings = requestorSettings;
AccessPackageAssignmentApprovalSettings requestApprovalSettings = new AccessPackageAssignmentApprovalSettings();
requestApprovalSettings.isApprovalRequiredForAdd = true;
requestApprovalSettings.isApprovalRequiredForUpdate = false;
LinkedList<AccessPackageApprovalStage> stagesList = new LinkedList<AccessPackageApprovalStage>();
AccessPackageApprovalStage stages = new AccessPackageApprovalStage();
stages.durationBeforeAutomaticDenial = DatatypeFactory.newInstance().newDuration("P2D");
stages.isApproverJustificationRequired = false;
stages.isEscalationEnabled = false;
stages.durationBeforeEscalation = DatatypeFactory.newInstance().newDuration("PT0S");
LinkedList<SubjectSet> primaryApproversList = new LinkedList<SubjectSet>();
RequestorManager primaryApprovers = new RequestorManager();
primaryApprovers.managerLevel = 1;
primaryApproversList.add(primaryApprovers);
stages.primaryApprovers = primaryApproversList;
LinkedList<SubjectSet> fallbackPrimaryApproversList = new LinkedList<SubjectSet>();
SingleUser fallbackPrimaryApprovers = new SingleUser();
fallbackPrimaryApprovers.userId = "e6bf4d7d-6824-4dd0-809d-5bf42d4817c2";
fallbackPrimaryApprovers.description = "user";
fallbackPrimaryApproversList.add(fallbackPrimaryApprovers);
stages.fallbackPrimaryApprovers = fallbackPrimaryApproversList;
LinkedList<SubjectSet> escalationApproversList = new LinkedList<SubjectSet>();
stages.escalationApprovers = escalationApproversList;
LinkedList<SubjectSet> fallbackEscalationApproversList = new LinkedList<SubjectSet>();
stages.fallbackEscalationApprovers = fallbackEscalationApproversList;
stagesList.add(stages);
requestApprovalSettings.stages = stagesList;
accessPackageAssignmentPolicy.requestApprovalSettings = requestApprovalSettings;
AccessPackage accessPackage = new AccessPackage();
accessPackage.id = "49d2c59b-0a81-463d-a8ec-ddad3935d8a0";
accessPackageAssignmentPolicy.accessPackage = accessPackage;

graphClient.identityGovernance().entitlementManagement().assignmentPolicies("87e1c7f7-c7f7-87e1-f7c7-e187f7c7e187")
    .buildRequest()
    .put(accessPackageAssignmentPolicy);

有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息，请参阅 SDK 文档。

响应

注意： 为了提高可读性，可能缩短了此处显示的响应对象。

HTTP/1.1 200 OK
Content-Type: application/json

{
  "id": "87e1c7f7-c7f7-87e1-f7c7-e187f7c7e187",
  "displayName": "All Users",
  "description": "All users can request for access to the directory."
}

更新 accessPackageAssignmentPolicy

权限

HTTP 请求

请求标头

请求正文

响应

示例

请求

响应

反馈