创建已弃用的 accessReview ()
命名空间:microsoft.graph
重要
Microsoft Graph版本下的 /beta API 可能会发生更改。 不支持在生产应用程序中使用这些 API。 若要确定 API 是否在 v1.0 中可用,请使用 版本 选择器。
备注
访问评审 API 已弃用,将在 2023 年 5 月 19 日停止返回数据。 请使用 访问评审。
在 Azure AD 访问评审 功能中,创建新的 accessReview 对象。
发出此请求之前,调用方必须以前 检索业务流模板列表,才能在请求中包含 businessFlowTemplateId 的值。
发出此请求后,调用方应 创建 programControl,以将访问评审链接到程序。
权限
要调用此 API,需要以下权限之一。要了解详细信息,包括如何选择权限的信息,请参阅权限。
| 权限类型 |
权限(从最低特权到最高特权) |
| 委派(工作或学校帐户) |
AccessReview.ReadWrite.Membership、AccessReview.ReadWrite.All |
| 委派(个人 Microsoft 帐户) |
不支持。 |
| 应用程序 |
AccessReview.ReadWrite.Membership |
调用方还应具有 ProgramControl.ReadWrite.All 权限,以便在创建访问评审后,调用方可以创建 programControl。
此外,已登录的用户还必须具有允许其创建访问评审的目录角色。 有关详细信息,请参阅 访问评审的角色和权限要求。
HTTP 请求
POST /accessReviews
| 名称 |
说明 |
| Authorization |
持有者 {token}。 必需。 |
| Content-type |
application/json. Required. |
请求正文
在请求正文中,提供 accessReview 对象的 JSON 表示形式。
下表显示了创建 accessReview 时所需的属性。
| 属性 |
类型 |
说明 |
| displayName |
String |
访问评审名称。 |
| startDateTime |
DateTimeOffset |
计划开始评审时的 DateTime。 这必须是将来的日期。 |
| endDateTime |
DateTimeOffset |
计划结束评审时的 DateTime。 这必须至少比开始日期晚一天。 |
| description |
String |
要向审阅者显示的说明。 |
| businessFlowTemplateId |
String |
从 businessFlowTemplate 获取的业务流模板标识符。 |
| reviewerType |
String |
审阅者与审阅对象的访问权限的关系类型,其中 self之一, delegated或 entityOwners。 |
| reviewedEntity |
identity |
为其创建访问评审的对象,例如组的成员身份或用户对应用程序的分配。 |
如果 reviewerType 具有该值 delegated,则调用方还必须包含 审阅者 属性,其中包含一个表示审阅者的 userIdentity 对象集合。
如果应用在没有登录用户的情况下调用此 API,则调用方还必须包括 createdBy 属性,该属性的值是将标识为评审创建者的用户的 userIdentity 。
此外,调用方可以包括 设置、创建定期评审系列或更改默认审阅行为。 特别是,若要创建定期评审,调用方必须在访问评审设置中包含 accessReviewRecurrenceSettings ,
响应
如果成功,此方法在响应正文中返回 201 Created 响应代码和 accessReview 对象。
示例
这是创建一次性 (不定期) 访问评审的示例,明确指定两个用户为审阅者。
请求
在请求正文中,提供 accessReview 对象的 JSON 表示形式。
POST https://graph.microsoft.com/beta/accessReviews
Content-type: application/json
{
"displayName":"TestReview",
"startDateTime":"2017-02-10T00:35:53.214Z",
"endDateTime":"2017-03-12T00:35:53.214Z",
"reviewedEntity": {
"id": "99025615-a0b1-47ec-9117-35377b10998b"
},
"reviewerType" : "delegated",
"businessFlowTemplateId": "6e4f3d20-c5c3-407f-9695-8460952bcc68",
"description":"Sample description",
"reviewers":
[
{
"id":"f260246a-09b1-4fd5-8d18-daed736071ec"
},
{
"id":"5a4e184c-4ee5-4883-96e9-b371f8da88e3"
}
],
"settings":
{
"mailNotificationsEnabled": true,
"remindersEnabled": true,
"justificationRequiredOnApproval":true,
"autoReviewEnabled":false,
"activityDurationInDays":30,
"autoApplyReviewResultsEnabled":false,
"accessRecommendationsEnabled":false,
"recurrenceSettings":{
"recurrenceType":"onetime",
"recurrenceEndType":"endBy",
"durationInDays":0,
"recurrenceCount":0
},
"autoReviewSettings":{
"notReviewedResult":"Deny"
}
}
}
GraphServiceClient graphClient = new GraphServiceClient( authProvider );
var accessReview = new AccessReview
{
DisplayName = "TestReview",
StartDateTime = DateTimeOffset.Parse("2017-02-10T00:35:53.214Z"),
EndDateTime = DateTimeOffset.Parse("2017-03-12T00:35:53.214Z"),
ReviewedEntity = new Identity
{
Id = "99025615-a0b1-47ec-9117-35377b10998b"
},
ReviewerType = "delegated",
BusinessFlowTemplateId = "6e4f3d20-c5c3-407f-9695-8460952bcc68",
Description = "Sample description",
Reviewers = new AccessReviewReviewersCollectionPage()
{
new AccessReviewReviewer
{
Id = "f260246a-09b1-4fd5-8d18-daed736071ec"
},
new AccessReviewReviewer
{
Id = "5a4e184c-4ee5-4883-96e9-b371f8da88e3"
}
},
Settings = new AccessReviewSettings
{
MailNotificationsEnabled = true,
RemindersEnabled = true,
JustificationRequiredOnApproval = true,
AutoReviewEnabled = false,
ActivityDurationInDays = 30,
AutoApplyReviewResultsEnabled = false,
AccessRecommendationsEnabled = false,
RecurrenceSettings = new AccessReviewRecurrenceSettings
{
RecurrenceType = "onetime",
RecurrenceEndType = "endBy",
DurationInDays = 0,
RecurrenceCount = 0
},
AutoReviewSettings = new AutoReviewSettings
{
NotReviewedResult = "Deny"
}
}
};
await graphClient.AccessReviews
.Request()
.AddAsync(accessReview);
const options = {
authProvider,
};
const client = Client.init(options);
const accessReview = {
displayName: 'TestReview',
startDateTime: '2017-02-10T00:35:53.214Z',
endDateTime: '2017-03-12T00:35:53.214Z',
reviewedEntity: {
id: '99025615-a0b1-47ec-9117-35377b10998b'
},
reviewerType: 'delegated',
businessFlowTemplateId: '6e4f3d20-c5c3-407f-9695-8460952bcc68',
description: 'Sample description',
reviewers:
[
{
id: 'f260246a-09b1-4fd5-8d18-daed736071ec'
},
{
id: '5a4e184c-4ee5-4883-96e9-b371f8da88e3'
}
],
settings:
{
mailNotificationsEnabled: true,
remindersEnabled: true,
justificationRequiredOnApproval: true,
autoReviewEnabled: false,
activityDurationInDays: 30,
autoApplyReviewResultsEnabled: false,
accessRecommendationsEnabled: false,
recurrenceSettings: {
recurrenceType: 'onetime',
recurrenceEndType: 'endBy',
durationInDays: 0,
recurrenceCount: 0
},
autoReviewSettings: {
notReviewedResult: 'Deny'
}
}
};
await client.api('/accessReviews')
.version('beta')
.post(accessReview);
MSHTTPClient *httpClient = [MSClientFactory createHTTPClientWithAuthenticationProvider:authenticationProvider];
NSString *MSGraphBaseURL = @"https://graph.microsoft.com/beta/";
NSMutableURLRequest *urlRequest = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:[MSGraphBaseURL stringByAppendingString:@"/accessReviews"]]];
[urlRequest setHTTPMethod:@"POST"];
[urlRequest setValue:@"application/json" forHTTPHeaderField:@"Content-Type"];
MSGraphAccessReview *accessReview = [[MSGraphAccessReview alloc] init];
[accessReview setDisplayName:@"TestReview"];
[accessReview setStartDateTime: "2017-02-10T00:35:53.214Z"];
[accessReview setEndDateTime: "2017-03-12T00:35:53.214Z"];
MSGraphIdentity *reviewedEntity = [[MSGraphIdentity alloc] init];
[reviewedEntity setId:@"99025615-a0b1-47ec-9117-35377b10998b"];
[accessReview setReviewedEntity:reviewedEntity];
[accessReview setReviewerType:@"delegated"];
[accessReview setBusinessFlowTemplateId:@"6e4f3d20-c5c3-407f-9695-8460952bcc68"];
[accessReview setDescription:@"Sample description"];
NSMutableArray *reviewersList = [[NSMutableArray alloc] init];
MSGraphAccessReviewReviewer *reviewers = [[MSGraphAccessReviewReviewer alloc] init];
[reviewers setId:@"f260246a-09b1-4fd5-8d18-daed736071ec"];
[reviewersList addObject: reviewers];
MSGraphAccessReviewReviewer *reviewers = [[MSGraphAccessReviewReviewer alloc] init];
[reviewers setId:@"5a4e184c-4ee5-4883-96e9-b371f8da88e3"];
[reviewersList addObject: reviewers];
[accessReview setReviewers:reviewersList];
MSGraphAccessReviewSettings *settings = [[MSGraphAccessReviewSettings alloc] init];
[settings setMailNotificationsEnabled: true];
[settings setRemindersEnabled: true];
[settings setJustificationRequiredOnApproval: true];
[settings setAutoReviewEnabled: false];
[settings setActivityDurationInDays: 30];
[settings setAutoApplyReviewResultsEnabled: false];
[settings setAccessRecommendationsEnabled: false];
MSGraphAccessReviewRecurrenceSettings *recurrenceSettings = [[MSGraphAccessReviewRecurrenceSettings alloc] init];
[recurrenceSettings setRecurrenceType:@"onetime"];
[recurrenceSettings setRecurrenceEndType:@"endBy"];
[recurrenceSettings setDurationInDays: 0];
[recurrenceSettings setRecurrenceCount: 0];
[settings setRecurrenceSettings:recurrenceSettings];
MSGraphAutoReviewSettings *autoReviewSettings = [[MSGraphAutoReviewSettings alloc] init];
[autoReviewSettings setNotReviewedResult:@"Deny"];
[settings setAutoReviewSettings:autoReviewSettings];
[accessReview setSettings:settings];
NSError *error;
NSData *accessReviewData = [accessReview getSerializedDataWithError:&error];
[urlRequest setHTTPBody:accessReviewData];
MSURLSessionDataTask *meDataTask = [httpClient dataTaskWithRequest:urlRequest
completionHandler: ^(NSData *data, NSURLResponse *response, NSError *nserror) {
//Request Completed
}];
[meDataTask execute];
GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();
AccessReview accessReview = new AccessReview();
accessReview.displayName = "TestReview";
accessReview.startDateTime = OffsetDateTimeSerializer.deserialize("2017-02-10T00:35:53.214Z");
accessReview.endDateTime = OffsetDateTimeSerializer.deserialize("2017-03-12T00:35:53.214Z");
Identity reviewedEntity = new Identity();
reviewedEntity.id = "99025615-a0b1-47ec-9117-35377b10998b";
accessReview.reviewedEntity = reviewedEntity;
accessReview.reviewerType = "delegated";
accessReview.businessFlowTemplateId = "6e4f3d20-c5c3-407f-9695-8460952bcc68";
accessReview.description = "Sample description";
LinkedList<AccessReviewReviewer> reviewersList = new LinkedList<AccessReviewReviewer>();
AccessReviewReviewer reviewers = new AccessReviewReviewer();
reviewers.id = "f260246a-09b1-4fd5-8d18-daed736071ec";
reviewersList.add(reviewers);
AccessReviewReviewer reviewers1 = new AccessReviewReviewer();
reviewers1.id = "5a4e184c-4ee5-4883-96e9-b371f8da88e3";
reviewersList.add(reviewers1);
AccessReviewReviewerCollectionResponse accessReviewReviewerCollectionResponse = new AccessReviewReviewerCollectionResponse();
accessReviewReviewerCollectionResponse.value = reviewersList;
AccessReviewReviewerCollectionPage accessReviewReviewerCollectionPage = new AccessReviewReviewerCollectionPage(accessReviewReviewerCollectionResponse, null);
accessReview.reviewers = accessReviewReviewerCollectionPage;
AccessReviewSettings settings = new AccessReviewSettings();
settings.mailNotificationsEnabled = true;
settings.remindersEnabled = true;
settings.justificationRequiredOnApproval = true;
settings.autoReviewEnabled = false;
settings.activityDurationInDays = 30;
settings.autoApplyReviewResultsEnabled = false;
settings.accessRecommendationsEnabled = false;
AccessReviewRecurrenceSettings recurrenceSettings = new AccessReviewRecurrenceSettings();
recurrenceSettings.recurrenceType = "onetime";
recurrenceSettings.recurrenceEndType = "endBy";
recurrenceSettings.durationInDays = 0;
recurrenceSettings.recurrenceCount = 0;
settings.recurrenceSettings = recurrenceSettings;
AutoReviewSettings autoReviewSettings = new AutoReviewSettings();
autoReviewSettings.notReviewedResult = "Deny";
settings.autoReviewSettings = autoReviewSettings;
accessReview.settings = settings;
graphClient.accessReviews()
.buildRequest()
.post(accessReview);
//THE GO SDK IS IN PREVIEW. NON-PRODUCTION USE ONLY
graphClient := msgraphsdk.NewGraphServiceClient(requestAdapter)
requestBody := msgraphsdk.NewAccessReview()
displayName := "TestReview"
requestBody.SetDisplayName(&displayName)
startDateTime, err := time.Parse(time.RFC3339, "2017-02-10T00:35:53.214Z")
requestBody.SetStartDateTime(&startDateTime)
endDateTime, err := time.Parse(time.RFC3339, "2017-03-12T00:35:53.214Z")
requestBody.SetEndDateTime(&endDateTime)
reviewedEntity := msgraphsdk.NewIdentity()
requestBody.SetReviewedEntity(reviewedEntity)
id := "99025615-a0b1-47ec-9117-35377b10998b"
reviewedEntity.SetId(&id)
reviewerType := "delegated"
requestBody.SetReviewerType(&reviewerType)
businessFlowTemplateId := "6e4f3d20-c5c3-407f-9695-8460952bcc68"
requestBody.SetBusinessFlowTemplateId(&businessFlowTemplateId)
description := "Sample description"
requestBody.SetDescription(&description)
requestBody.SetReviewers( []AccessReviewReviewer {
msgraphsdk.NewAccessReviewReviewer(),
id := "f260246a-09b1-4fd5-8d18-daed736071ec"
SetId(&id)
msgraphsdk.NewAccessReviewReviewer(),
id := "5a4e184c-4ee5-4883-96e9-b371f8da88e3"
SetId(&id)
}
settings := msgraphsdk.NewAccessReviewSettings()
requestBody.SetSettings(settings)
mailNotificationsEnabled := true
settings.SetMailNotificationsEnabled(&mailNotificationsEnabled)
remindersEnabled := true
settings.SetRemindersEnabled(&remindersEnabled)
justificationRequiredOnApproval := true
settings.SetJustificationRequiredOnApproval(&justificationRequiredOnApproval)
autoReviewEnabled := false
settings.SetAutoReviewEnabled(&autoReviewEnabled)
activityDurationInDays := int32(30)
settings.SetActivityDurationInDays(&activityDurationInDays)
autoApplyReviewResultsEnabled := false
settings.SetAutoApplyReviewResultsEnabled(&autoApplyReviewResultsEnabled)
accessRecommendationsEnabled := false
settings.SetAccessRecommendationsEnabled(&accessRecommendationsEnabled)
recurrenceSettings := msgraphsdk.NewAccessReviewRecurrenceSettings()
settings.SetRecurrenceSettings(recurrenceSettings)
recurrenceType := "onetime"
recurrenceSettings.SetRecurrenceType(&recurrenceType)
recurrenceEndType := "endBy"
recurrenceSettings.SetRecurrenceEndType(&recurrenceEndType)
durationInDays := int32(0)
recurrenceSettings.SetDurationInDays(&durationInDays)
recurrenceCount := int32(0)
recurrenceSettings.SetRecurrenceCount(&recurrenceCount)
autoReviewSettings := msgraphsdk.NewAutoReviewSettings()
settings.SetAutoReviewSettings(autoReviewSettings)
notReviewedResult := "Deny"
autoReviewSettings.SetNotReviewedResult(¬ReviewedResult)
result, err := graphClient.AccessReviews().Post(requestBody)
Import-Module Microsoft.Graph.Identity.Governance
$params = @{
DisplayName = "TestReview"
StartDateTime = [System.DateTime]::Parse("2017-02-10T00:35:53.214Z")
EndDateTime = [System.DateTime]::Parse("2017-03-12T00:35:53.214Z")
ReviewedEntity = @{
Id = "99025615-a0b1-47ec-9117-35377b10998b"
}
ReviewerType = "delegated"
BusinessFlowTemplateId = "6e4f3d20-c5c3-407f-9695-8460952bcc68"
Description = "Sample description"
Reviewers = @(
@{
Id = "f260246a-09b1-4fd5-8d18-daed736071ec"
}
@{
Id = "5a4e184c-4ee5-4883-96e9-b371f8da88e3"
}
)
Settings = @{
MailNotificationsEnabled = $true
RemindersEnabled = $true
JustificationRequiredOnApproval = $true
AutoReviewEnabled = $false
ActivityDurationInDays = 30
AutoApplyReviewResultsEnabled = $false
AccessRecommendationsEnabled = $false
RecurrenceSettings = @{
RecurrenceType = "onetime"
RecurrenceEndType = "endBy"
DurationInDays = 0
RecurrenceCount = 0
}
AutoReviewSettings = @{
NotReviewedResult = "Deny"
}
}
}
New-MgAccessReview -BodyParameter $params
响应
注意: 为了提高可读性,可能缩短了此处显示的响应对象。
HTTP/1.1 201 Created
Content-type: application/json
{
"id": "006111db-0810-4494-a6df-904d368bd81b",
"displayName": "TestReview",
"startDateTime": "2017-02-10T00:35:53.214Z",
"endDateTime": "2017-03-12T00:35:53.214Z",
"status": "Initializing",
"businessFlowTemplateId": "6e4f3d20-c5c3-407f-9695-8460952bcc68",
"reviewerType": "delegated",
"description": "Sample description"
}