列出决策
本文内容
命名空间:microsoft.graph
重要
Microsoft Graph /beta
版本下的 API 可能会发生更改。 不支持在生产应用程序中使用这些 API。 若要确定 API 是否在 v1.0 中可用,请使用 版本 选择器。
检索特定 accessReviewInstance 的 accessReviewInstanceDecisionItem 对象。 返回零个或多个 accessReviewInstanceDecisionItem 对象的列表,包括其所有嵌套属性。
此 API 可用于以下国家级云部署 。
全局服务
美国政府 L4
美国政府 L5 (DOD)
由世纪互联运营的中国
✅
✅
✅
❌
权限
为此 API 选择标记为最低特权的权限。 只有在应用需要它时 ,才使用更高的特权权限。 有关委派权限和应用程序权限的详细信息,请参阅权限类型 。 要了解有关这些权限的详细信息,请参阅 权限参考 。
权限类型
最低特权权限
更高特权权限
委派(工作或学校帐户)
AccessReview.Read.All
AccessReview.ReadWrite.All
委派(个人 Microsoft 帐户)
不支持。
不支持。
应用程序
AccessReview.Read.All
AccessReview.ReadWrite.All
对于委托方案,已登录用户必须至少具有以下Microsoft Entra角色 之一。
读取组或应用的访问评审
读取Microsoft Entra角色的访问评审
访问评审计划定义的创建者 全局读取者 安全读取者 用户管理员 标识治理管理员 安全管理员
安全信息读取者 标识治理管理员 特权角色管理员 安全管理员
HTTP 请求
GET /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/decisions
可选的查询参数
此方法支持 $select
、 $filter
、 $orderby
、 $skip
和 $top
OData 查询参数,以帮助自定义响应。 若要了解一般信息,请参阅 OData 查询参数 。
此 API 的默认页面大小为 100 个 accessReviewInstance 对象。 若要提高效率并避免由于大型结果集而超时,请使用 $skip
和 $top
查询参数应用分页。 有关详细信息,请参阅在应用中对 Microsoft Graph 数据进行分页 。
名称
说明
Authorization
持有者 {token}。 必填。 详细了解 身份验证和授权 。
请求正文
请勿提供此方法的请求正文。
响应
如果成功,此方法在响应正文中返回响应 200 OK
代码和 accessReviewInstanceDecisionItem 对象的集合。
示例
示例 1:检索访问评审实例的所有决策
请求
GET https://graph.microsoft.com/beta/identityGovernance/accessReviews/definitions/60860cdd-fb4d-4054-91ba-444404f3baa6/instances/14444cdb-6a18-4c08-ba2c-48c02f0a0138/decisions?$top=100&$skip=0
// Code snippets are only available for the latest version. Current version is 5.x
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.AccessReviews.Definitions["{accessReviewScheduleDefinition-id}"].Instances["{accessReviewInstance-id}"].Decisions.GetAsync((requestConfiguration) =>
{
requestConfiguration.QueryParameters.Top = 100;
requestConfiguration.QueryParameters.Skip = 0;
});
// THE CLI IS IN PREVIEW. NON-PRODUCTION USE ONLY
mgc-beta identity-governance access-reviews definitions instances decisions list --access-review-schedule-definition-id {accessReviewScheduleDefinition-id} --access-review-instance-id {accessReviewInstance-id} --top "100" --skip "0"
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphidentitygovernance "github.com/microsoftgraph/msgraph-beta-sdk-go/identitygovernance"
//other-imports
)
graphClient := msgraphsdk.NewGraphServiceClientWithCredentials(cred, scopes)
requestTop := int32(100)
requestSkip := int32(0)
requestParameters := &graphidentitygovernance.IdentityGovernanceAccessReviewsDefinitionItemInstanceItemDecisionsRequestBuilderGetQueryParameters{
Top: &requestTop,
Skip: &requestSkip,
}
configuration := &graphidentitygovernance.IdentityGovernanceAccessReviewsDefinitionItemInstanceItemDecisionsRequestBuilderGetRequestConfiguration{
QueryParameters: requestParameters,
}
decisions, err := graphClient.IdentityGovernance().AccessReviews().Definitions().ByAccessReviewScheduleDefinitionId("accessReviewScheduleDefinition-id").Instances().ByAccessReviewInstanceId("accessReviewInstance-id").Decisions().Get(context.Background(), configuration)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
AccessReviewInstanceDecisionItemCollectionResponse result = graphClient.identityGovernance().accessReviews().definitions().byAccessReviewScheduleDefinitionId("{accessReviewScheduleDefinition-id}").instances().byAccessReviewInstanceId("{accessReviewInstance-id}").decisions().get(requestConfiguration -> {
requestConfiguration.queryParameters.top = 100;
requestConfiguration.queryParameters.skip = 0;
});
const options = {
authProvider,
};
const client = Client.init(options);
let decisions = await client.api('/identityGovernance/accessReviews/definitions/60860cdd-fb4d-4054-91ba-444404f3baa6/instances/14444cdb-6a18-4c08-ba2c-48c02f0a0138/decisions')
.version('beta')
.skip(0)
.top(100)
.get();
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\IdentityGovernance\AccessReviews\Definitions\Item\Instances\Item\Decisions\DecisionsRequestBuilderGetRequestConfiguration;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestConfiguration = new DecisionsRequestBuilderGetRequestConfiguration();
$queryParameters = DecisionsRequestBuilderGetRequestConfiguration::createQueryParameters();
$queryParameters->top = 100;
$queryParameters->skip = 0;
$requestConfiguration->queryParameters = $queryParameters;
$result = $graphServiceClient->identityGovernance()->accessReviews()->definitions()->byAccessReviewScheduleDefinitionId('accessReviewScheduleDefinition-id')->instances()->byAccessReviewInstanceId('accessReviewInstance-id')->decisions()->get($requestConfiguration)->wait();
Import-Module Microsoft.Graph.Beta.Identity.Governance
Get-MgBetaIdentityGovernanceAccessReviewDefinitionInstanceDecision -AccessReviewScheduleDefinitionId $accessReviewScheduleDefinitionId -AccessReviewInstanceId $accessReviewInstanceId -Top 100 -Skip 0
from msgraph import GraphServiceClient
from msgraph.generated.identityGovernance.accessReviews.definitions.item.instances.item.decisions.decisions_request_builder import DecisionsRequestBuilder
graph_client = GraphServiceClient(credentials, scopes)
query_params = DecisionsRequestBuilder.DecisionsRequestBuilderGetQueryParameters(
top = 100,
skip = 0,
)
request_configuration = DecisionsRequestBuilder.DecisionsRequestBuilderGetRequestConfiguration(
query_parameters = query_params,
)
result = await graph_client.identity_governance.access_reviews.definitions.by_access_review_schedule_definition_id('accessReviewScheduleDefinition-id').instances.by_access_review_instance_id('accessReviewInstance-id').decisions.get(request_configuration = request_configuration)
响应
注意: 为了提高可读性,可能缩短了此处显示的响应对象。
HTTP/1.1 200 OK
Content-Type: application/json
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#identityGovernance/accessReviews/definitions('5eac5a70-7cd7-4f20-92b0-f9dba70dd7f0')/instances('6444d4fd-ab55-4608-8cf9-c6702d172bcc')/decisions",
"@odata.count": 2,
"value": [
{
"id": "e6cafba0-cbf0-4748-8868-0810c7f4cc06",
"accessReviewId": "6444d4fd-ab55-4608-8cf9-c6702d172bcc",
"reviewedDateTime": null,
"decision": "NotReviewed",
"justification": "",
"appliedDateTime": null,
"applyResult": "New",
"recommendation": "Approve",
"principalLink": "https://graph.microsoft.com/v1.0/users/04777c4b-4d43-4d32-a2e7-1eba5d03f8cf",
"resourceLink": null,
"resource": null,
"reviewedBy": {
"id": "00000000-0000-0000-0000-000000000000",
"displayName": "",
"userPrincipalName": ""
},
"appliedBy": {
"id": "00000000-0000-0000-0000-000000000000",
"displayName": "",
"userPrincipalName": ""
},
"target": {
"@odata.type": "#microsoft.graph.accessReviewInstanceDecisionItemUserTarget",
"userId": "04777c4b-4d43-4d32-a2e7-1eba5d03f8cf",
"userDisplayName": "Diego Siciliani",
"userPrincipalName": "DiegoS@contoso.com"
},
"principal": {
"@odata.type": "#microsoft.graph.userIdentity",
"id": "04777c4b-4d43-4d32-a2e7-1eba5d03f8cf",
"displayName": "Diego Siciliani",
"userPrincipalName": "DiegoS@contoso.com"
}
},
{
"id": "4bde8d40-9224-4aa3-936b-08d73e1baf47",
"accessReviewId": "6444d4fd-ab55-4608-8cf9-c6702d172bcc",
"reviewedDateTime": null,
"decision": "NotReviewed",
"justification": "",
"appliedDateTime": null,
"applyResult": "New",
"recommendation": "Approve",
"principalLink": "https://graph.microsoft.com/v1.0/users/11feb738-0039-4a6c-a045-dcb91a47969a",
"resourceLink": null,
"resource": null,
"reviewedBy": {
"id": "00000000-0000-0000-0000-000000000000",
"displayName": "",
"userPrincipalName": ""
},
"appliedBy": {
"id": "00000000-0000-0000-0000-000000000000",
"displayName": "",
"userPrincipalName": ""
},
"target": {
"@odata.type": "#microsoft.graph.accessReviewInstanceDecisionItemUserTarget",
"userId": "11feb738-0039-4a6c-a045-dcb91a47969a",
"userDisplayName": "Johanna Lorenz",
"userPrincipalName": "JohannaL@contoso.com"
},
"principal": {
"@odata.type": "#microsoft.graph.userIdentity",
"id": "11feb738-0039-4a6c-a045-dcb91a47969a",
"displayName": "Johanna Lorenz",
"userPrincipalName": "JohannaL@contoso.com"
}
}
]
}
示例 2:检索你作为审阅者的所有决策项并展开定义
请求
以下示例演示了检索每个实例的所有决策的请求,以及调用用户作为其审阅者的定义。
GET https://graph.microsoft.com/beta/identityGovernance/accessReviews/decisions/filterByCurrentUser(on='reviewer')?$expand=instance($expand=definition)
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models;
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.AccessReviews.Decisions.FilterByCurrentUserWithOn("reviewer").GetAsFilterByCurrentUserWithOnGetResponseAsync((requestConfiguration) =>
{
requestConfiguration.QueryParameters.Expand = new string []{ "instance($expand=definition)" };
});
// THE CLI IS IN PREVIEW. NON-PRODUCTION USE ONLY
mgc-beta identity-governance access-reviews decisions filter-by-current-user-with-on get --on {on-id} --expand "instance(\$expand=definition)"
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphidentitygovernance "github.com/microsoftgraph/msgraph-beta-sdk-go/identitygovernance"
//other-imports
)
graphClient := msgraphsdk.NewGraphServiceClientWithCredentials(cred, scopes)
requestParameters := &graphidentitygovernance.IdentityGovernanceAccessReviewsDecisionsFilterByCurrentUser(on='{on}')RequestBuilderGetQueryParameters{
Expand: [] string {"instance($expand=definition)"},
}
configuration := &graphidentitygovernance.IdentityGovernanceAccessReviewsDecisionsFilterByCurrentUser(on='{on}')RequestBuilderGetRequestConfiguration{
QueryParameters: requestParameters,
}
on := "reviewer"
filterByCurrentUser, err := graphClient.IdentityGovernance().AccessReviews().Decisions().FilterByCurrentUserWithOn(&on).GetAsFilterByCurrentUserWithOnGetResponse(context.Background(), configuration)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
var result = graphClient.identityGovernance().accessReviews().decisions().filterByCurrentUserWithOn("reviewer").get(requestConfiguration -> {
requestConfiguration.queryParameters.expand = new String []{"instance($expand=definition)"};
});
const options = {
authProvider,
};
const client = Client.init(options);
let filterByCurrentUser = await client.api('/identityGovernance/accessReviews/decisions/filterByCurrentUser(on='reviewer')')
.version('beta')
.expand('instance($expand=definition)')
.get();
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\IdentityGovernance\AccessReviews\Decisions\FilterByCurrentUser(on='{on}')\FilterByCurrentUserWithOnRequestBuilderGetRequestConfiguration;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestConfiguration = new FilterByCurrentUserWithOnRequestBuilderGetRequestConfiguration();
$queryParameters = FilterByCurrentUserWithOnRequestBuilderGetRequestConfiguration::createQueryParameters();
$queryParameters->expand = ["instance(\$expand=definition)"];
$requestConfiguration->queryParameters = $queryParameters;
$result = $graphServiceClient->identityGovernance()->accessReviews()->decisions()->filterByCurrentUserWithOn('reviewer', )->get($requestConfiguration)->wait();
Import-Module Microsoft.Graph.Beta.Identity.Governance
Invoke-MgBetaFilterIdentityGovernanceAccessReviewDecisionByCurrentUser -ExpandProperty "instance(`$expand=definition)" -On $onId
from msgraph import GraphServiceClient
from msgraph.generated.identityGovernance.accessReviews.decisions.filterByCurrentUser(on='{on}').filter_by_current_user_with_on_request_builder import FilterByCurrentUserWithOnRequestBuilder
graph_client = GraphServiceClient(credentials, scopes)
query_params = FilterByCurrentUserWithOnRequestBuilder.FilterByCurrentUserWithOnRequestBuilderGetQueryParameters(
expand = ["instance($expand=definition)"],
)
request_configuration = FilterByCurrentUserWithOnRequestBuilder.FilterByCurrentUserWithOnRequestBuilderGetRequestConfiguration(
query_parameters = query_params,
)
result = await graph_client.identity_governance.access_reviews.decisions.filter_by_current_user_with_on("reviewer").get(request_configuration = request_configuration)
响应
注意: 为了提高可读性,可能缩短了此处显示的响应对象。
HTTP/1.1 200 OK
Content-type: application/json
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#accessReviewInstanceDecisionItems",
"@odata.count": 10,
"value": [
{
"id": "fa73e90b-5bf1-45fd-a182-35ce5fc0674d",
"principal": {
"odata.type": "#microsoft.graph.userIdentity",
"id": "a6c7aecb-cbfd-4763-87ef-e91b4bd509d9",
"displayName": "Adele Vance",
"userPrincipalName": "adele@contoso.com"
},
"resource": {
"odata.type": "#microsoft.graph.accessReviewInstanceDecisionItemAzureRoleResource",
"id": "b4cbd87c-0ee2-4647-a7e3-41b580ea6fed",
"displayName": "Priviliged Role Administrator",
"type": "azureRole",
"scope": {
"id": "b649368b-d667-40c6-acc9-b45b822a3037",
"displayName": "Hello world",
"type": "subscription"
}
},
"instance": {
"startDate": "2018-08-03T21:02:30.667Z",
"endDate": "2018-08-05T21:02:30.667Z",
"definition": {
"displayName": "Hello world",
"descriptionForAdmins": "Hello world"
}
}
}
]
}
示例 3:检索访问评审实例的所有决策以及见解
请求
GET https://graph.microsoft.com/beta/identityGovernance/accessReviews/definitions/60860cdd-fb4d-4054-91ba-444404f3baa6/instances/14444cdb-6a18-4c08-ba2c-48c02f0a0138/decisions?$expand=insights
// Code snippets are only available for the latest version. Current version is 5.x
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.AccessReviews.Definitions["{accessReviewScheduleDefinition-id}"].Instances["{accessReviewInstance-id}"].Decisions.GetAsync((requestConfiguration) =>
{
requestConfiguration.QueryParameters.Expand = new string []{ "insights" };
});
// THE CLI IS IN PREVIEW. NON-PRODUCTION USE ONLY
mgc-beta identity-governance access-reviews definitions instances decisions list --access-review-schedule-definition-id {accessReviewScheduleDefinition-id} --access-review-instance-id {accessReviewInstance-id} --expand "insights"
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphidentitygovernance "github.com/microsoftgraph/msgraph-beta-sdk-go/identitygovernance"
//other-imports
)
graphClient := msgraphsdk.NewGraphServiceClientWithCredentials(cred, scopes)
requestParameters := &graphidentitygovernance.IdentityGovernanceAccessReviewsDefinitionItemInstanceItemDecisionsRequestBuilderGetQueryParameters{
Expand: [] string {"insights"},
}
configuration := &graphidentitygovernance.IdentityGovernanceAccessReviewsDefinitionItemInstanceItemDecisionsRequestBuilderGetRequestConfiguration{
QueryParameters: requestParameters,
}
decisions, err := graphClient.IdentityGovernance().AccessReviews().Definitions().ByAccessReviewScheduleDefinitionId("accessReviewScheduleDefinition-id").Instances().ByAccessReviewInstanceId("accessReviewInstance-id").Decisions().Get(context.Background(), configuration)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
AccessReviewInstanceDecisionItemCollectionResponse result = graphClient.identityGovernance().accessReviews().definitions().byAccessReviewScheduleDefinitionId("{accessReviewScheduleDefinition-id}").instances().byAccessReviewInstanceId("{accessReviewInstance-id}").decisions().get(requestConfiguration -> {
requestConfiguration.queryParameters.expand = new String []{"insights"};
});
const options = {
authProvider,
};
const client = Client.init(options);
let decisions = await client.api('/identityGovernance/accessReviews/definitions/60860cdd-fb4d-4054-91ba-444404f3baa6/instances/14444cdb-6a18-4c08-ba2c-48c02f0a0138/decisions')
.version('beta')
.expand('insights')
.get();
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\IdentityGovernance\AccessReviews\Definitions\Item\Instances\Item\Decisions\DecisionsRequestBuilderGetRequestConfiguration;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestConfiguration = new DecisionsRequestBuilderGetRequestConfiguration();
$queryParameters = DecisionsRequestBuilderGetRequestConfiguration::createQueryParameters();
$queryParameters->expand = ["insights"];
$requestConfiguration->queryParameters = $queryParameters;
$result = $graphServiceClient->identityGovernance()->accessReviews()->definitions()->byAccessReviewScheduleDefinitionId('accessReviewScheduleDefinition-id')->instances()->byAccessReviewInstanceId('accessReviewInstance-id')->decisions()->get($requestConfiguration)->wait();
Import-Module Microsoft.Graph.Beta.Identity.Governance
Get-MgBetaIdentityGovernanceAccessReviewDefinitionInstanceDecision -AccessReviewScheduleDefinitionId $accessReviewScheduleDefinitionId -AccessReviewInstanceId $accessReviewInstanceId -ExpandProperty "insights"
from msgraph import GraphServiceClient
from msgraph.generated.identityGovernance.accessReviews.definitions.item.instances.item.decisions.decisions_request_builder import DecisionsRequestBuilder
graph_client = GraphServiceClient(credentials, scopes)
query_params = DecisionsRequestBuilder.DecisionsRequestBuilderGetQueryParameters(
expand = ["insights"],
)
request_configuration = DecisionsRequestBuilder.DecisionsRequestBuilderGetRequestConfiguration(
query_parameters = query_params,
)
result = await graph_client.identity_governance.access_reviews.definitions.by_access_review_schedule_definition_id('accessReviewScheduleDefinition-id').instances.by_access_review_instance_id('accessReviewInstance-id').decisions.get(request_configuration = request_configuration)
响应
注意: 为了提高可读性,可能缩短了此处显示的响应对象。
HTTP/1.1 200 OK
Content-Type: application/json
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#identityGovernance/accessReviews/definitions('5eac5a70-7cd7-4f20-92b0-f9dba70dd7f0')/instances('6444d4fd-ab55-4608-8cf9-c6702d172bcc')/decisions(insights())",
"@odata.count": 2,
"value": [
{
"id": "e6cafba0-cbf0-4748-8868-0810c7f4cc06",
"accessReviewId": "6444d4fd-ab55-4608-8cf9-c6702d172bcc",
"applyResult": "New",
"recommendation": "Approve",
"principalLink": "https://graph.microsoft.com/v1.0/users/04777c4b-4d43-4d32-a2e7-1eba5d03f8cf",
"resourceLink": "https://graph.microsoft.com/v1.0/groups/98f41dad-68d5-42f6-a50f-ddd75c5c5539",
"reviewedBy": {
"id": "00000000-0000-0000-0000-000000000000"
},
"appliedBy": {
"id": "00000000-0000-0000-0000-000000000000"
},
"resource": {
"id": "98f41dad-68d5-42f6-a50f-ddd75c5c5539",
"displayName": "poltest1_g01",
"type": "group"
},
"principal": {
"@odata.type": "#microsoft.graph.userIdentity",
"id": "04777c4b-4d43-4d32-a2e7-1eba5d03f8cf"
},
"insights@odata.context": "https://graph.microsoft.com/beta/$metadata#identityGovernance/accessReviews/definitions('5eac5a70-7cd7-4f20-92b0-f9dba70dd7f0')/instances('6444d4fd-ab55-4608-8cf9-c6702d172bcc')/decisions('e6cafba0-cbf0-4748-8868-0810c7f4cc06')/insights",
"insights": [
{
"@odata.type": "#microsoft.graph.userSignInInsight",
"id": "00000000-0000-0000-0000-000000000000",
"insightCreatedDateTime": null,
"lastSignInDateTime": "2022-02-11T20:00:34Z"
},
{
"@odata.type": "#microsoft.graph.membershipOutlierInsight",
"id": "f8b5b125-2df6-405c-9cab-6c0e477cbf0a",
"insightCreatedDateTime": "2022-08-09T08:25:00Z",
"memberId": "04777c4b-4d43-4d32-a2e7-1eba5d03f8cf",
"containerId": "98f41dad-68d5-42f6-a50f-ddd75c5c5539",
"outlierMemberType": "user",
"outlierContainerType": "group"
}
]
}
]
}