创建 accessPackageAssignmentPolicy
本文内容
命名空间:microsoft.graph
重要
Microsoft Graph版本下的 /beta API 可能会发生更改。 不支持在生产应用程序中使用这些 API。 若要确定 API 是否在 v1.0 中可用,请使用 版本 选择器。
在Azure AD中 ,创建新的 accessPackageAssignmentPolicy 对象。
权限
要调用此 API,需要以下权限之一。要了解详细信息,包括如何选择权限的信息,请参阅权限 。
权限类型
权限(从最低特权到最高特权)
委派(工作或学校帐户)
EntitlementManagement.ReadWrite.All
委派(个人 Microsoft 帐户)
不支持。
应用程序
EntitlementManagement.ReadWrite.All
HTTP 请求
POST /identityGovernance/entitlementManagement/accessPackageAssignmentPolicies
名称
说明
Authorization
持有者 {token}。必需。
Content-Type
application/json. Required.
请求正文
在请求正文中,提供 accessPackageAssignmentPolicy 对象的 JSON 表示形式。
响应
如果成功,此方法在响应正文中返回 200 系列响应代码和新 accessPackageAssignmentPolicy 对象。
示例
示例 1:创建直接分配策略
如果访问包分配请求仅由管理员创建,而不是由用户本身创建,则直接分配策略非常有用。
请求
以下示例显示创建访问包分配策略的请求。 在此策略中,任何用户均无法请求,也不需要批准,也无需访问评审。
POST https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageAssignmentPolicies
Content-type: application/json
{
"accessPackageId": "56ff43fd-6b05-48df-9634-956a777fce6d",
"displayName": "direct",
"description": "direct assignments by administrator",
"accessReviewSettings": null,
"requestorSettings": {
"scopeType": "NoSubjects",
"acceptRequests": true,
"allowedRequestors": []
},
"requestApprovalSettings": {
"isApprovalRequired": false,
"isApprovalRequiredForExtension": false,
"isRequestorJustificationRequired": false,
"approvalMode": "NoApproval",
"approvalStages": []
}
}
GraphServiceClient graphClient = new GraphServiceClient( authProvider );
var accessPackageAssignmentPolicy = new AccessPackageAssignmentPolicy
{
AccessPackageId = "56ff43fd-6b05-48df-9634-956a777fce6d",
DisplayName = "direct",
Description = "direct assignments by administrator",
AccessReviewSettings = null,
RequestorSettings = new RequestorSettings
{
ScopeType = "NoSubjects",
AcceptRequests = true,
AllowedRequestors = new List<UserSet>()
{
}
},
RequestApprovalSettings = new ApprovalSettings
{
IsApprovalRequired = false,
IsApprovalRequiredForExtension = false,
IsRequestorJustificationRequired = false,
ApprovalMode = "NoApproval",
ApprovalStages = new List<ApprovalStage>()
{
}
}
};
await graphClient.IdentityGovernance.EntitlementManagement.AccessPackageAssignmentPolicies
.Request()
.AddAsync(accessPackageAssignmentPolicy);
const options = {
authProvider,
};
const client = Client.init(options);
const accessPackageAssignmentPolicy = {
accessPackageId: '56ff43fd-6b05-48df-9634-956a777fce6d',
displayName: 'direct',
description: 'direct assignments by administrator',
accessReviewSettings: null,
requestorSettings: {
scopeType: 'NoSubjects',
acceptRequests: true,
allowedRequestors: []
},
requestApprovalSettings: {
isApprovalRequired: false,
isApprovalRequiredForExtension: false,
isRequestorJustificationRequired: false,
approvalMode: 'NoApproval',
approvalStages: []
}
};
await client.api('/identityGovernance/entitlementManagement/accessPackageAssignmentPolicies')
.version('beta')
.post(accessPackageAssignmentPolicy);
MSHTTPClient *httpClient = [MSClientFactory createHTTPClientWithAuthenticationProvider:authenticationProvider];
NSString *MSGraphBaseURL = @"https://graph.microsoft.com/beta/";
NSMutableURLRequest *urlRequest = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:[MSGraphBaseURL stringByAppendingString:@"/identityGovernance/entitlementManagement/accessPackageAssignmentPolicies"]]];
[urlRequest setHTTPMethod:@"POST"];
[urlRequest setValue:@"application/json" forHTTPHeaderField:@"Content-Type"];
MSGraphAccessPackageAssignmentPolicy *accessPackageAssignmentPolicy = [[MSGraphAccessPackageAssignmentPolicy alloc] init];
[accessPackageAssignmentPolicy setAccessPackageId:@"56ff43fd-6b05-48df-9634-956a777fce6d"];
[accessPackageAssignmentPolicy setDisplayName:@"direct"];
[accessPackageAssignmentPolicy setDescription:@"direct assignments by administrator"];
[accessPackageAssignmentPolicy setAccessReviewSettings: null];
MSGraphRequestorSettings *requestorSettings = [[MSGraphRequestorSettings alloc] init];
[requestorSettings setScopeType:@"NoSubjects"];
[requestorSettings setAcceptRequests: true];
NSMutableArray *allowedRequestorsList = [[NSMutableArray alloc] init];
[requestorSettings setAllowedRequestors:allowedRequestorsList];
[accessPackageAssignmentPolicy setRequestorSettings:requestorSettings];
MSGraphApprovalSettings *requestApprovalSettings = [[MSGraphApprovalSettings alloc] init];
[requestApprovalSettings setIsApprovalRequired: false];
[requestApprovalSettings setIsApprovalRequiredForExtension: false];
[requestApprovalSettings setIsRequestorJustificationRequired: false];
[requestApprovalSettings setApprovalMode:@"NoApproval"];
NSMutableArray *approvalStagesList = [[NSMutableArray alloc] init];
[requestApprovalSettings setApprovalStages:approvalStagesList];
[accessPackageAssignmentPolicy setRequestApprovalSettings:requestApprovalSettings];
NSError *error;
NSData *accessPackageAssignmentPolicyData = [accessPackageAssignmentPolicy getSerializedDataWithError:&error];
[urlRequest setHTTPBody:accessPackageAssignmentPolicyData];
MSURLSessionDataTask *meDataTask = [httpClient dataTaskWithRequest:urlRequest
completionHandler: ^(NSData *data, NSURLResponse *response, NSError *nserror) {
//Request Completed
}];
[meDataTask execute];
GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();
AccessPackageAssignmentPolicy accessPackageAssignmentPolicy = new AccessPackageAssignmentPolicy();
accessPackageAssignmentPolicy.accessPackageId = "56ff43fd-6b05-48df-9634-956a777fce6d";
accessPackageAssignmentPolicy.displayName = "direct";
accessPackageAssignmentPolicy.description = "direct assignments by administrator";
accessPackageAssignmentPolicy.accessReviewSettings = null;
RequestorSettings requestorSettings = new RequestorSettings();
requestorSettings.scopeType = "NoSubjects";
requestorSettings.acceptRequests = true;
LinkedList<UserSet> allowedRequestorsList = new LinkedList<UserSet>();
requestorSettings.allowedRequestors = allowedRequestorsList;
accessPackageAssignmentPolicy.requestorSettings = requestorSettings;
ApprovalSettings requestApprovalSettings = new ApprovalSettings();
requestApprovalSettings.isApprovalRequired = false;
requestApprovalSettings.isApprovalRequiredForExtension = false;
requestApprovalSettings.isRequestorJustificationRequired = false;
requestApprovalSettings.approvalMode = "NoApproval";
LinkedList<ApprovalStage> approvalStagesList = new LinkedList<ApprovalStage>();
requestApprovalSettings.approvalStages = approvalStagesList;
accessPackageAssignmentPolicy.requestApprovalSettings = requestApprovalSettings;
graphClient.identityGovernance().entitlementManagement().accessPackageAssignmentPolicies()
.buildRequest()
.post(accessPackageAssignmentPolicy);
//THE GO SDK IS IN PREVIEW. NON-PRODUCTION USE ONLY
graphClient := msgraphsdk.NewGraphServiceClient(requestAdapter)
requestBody := msgraphsdk.NewAccessPackageAssignmentPolicy()
accessPackageId := "56ff43fd-6b05-48df-9634-956a777fce6d"
requestBody.SetAccessPackageId(&accessPackageId)
displayName := "direct"
requestBody.SetDisplayName(&displayName)
description := "direct assignments by administrator"
requestBody.SetDescription(&description)
requestBody.SetAccessReviewSettings(nil)
requestorSettings := msgraphsdk.NewRequestorSettings()
requestBody.SetRequestorSettings(requestorSettings)
scopeType := "NoSubjects"
requestorSettings.SetScopeType(&scopeType)
acceptRequests := true
requestorSettings.SetAcceptRequests(&acceptRequests)
requestorSettings.SetAllowedRequestors( []UserSet {
}
requestApprovalSettings := msgraphsdk.NewApprovalSettings()
requestBody.SetRequestApprovalSettings(requestApprovalSettings)
isApprovalRequired := false
requestApprovalSettings.SetIsApprovalRequired(&isApprovalRequired)
isApprovalRequiredForExtension := false
requestApprovalSettings.SetIsApprovalRequiredForExtension(&isApprovalRequiredForExtension)
isRequestorJustificationRequired := false
requestApprovalSettings.SetIsRequestorJustificationRequired(&isRequestorJustificationRequired)
approvalMode := "NoApproval"
requestApprovalSettings.SetApprovalMode(&approvalMode)
requestApprovalSettings.SetApprovalStages( []ApprovalStage {
}
result, err := graphClient.IdentityGovernance().EntitlementManagement().AccessPackageAssignmentPolicies().Post(requestBody)
Import-Module Microsoft.Graph.Identity.Governance
$params = @{
AccessPackageId = "56ff43fd-6b05-48df-9634-956a777fce6d"
DisplayName = "direct"
Description = "direct assignments by administrator"
AccessReviewSettings = $null
RequestorSettings = @{
ScopeType = "NoSubjects"
AcceptRequests = $true
AllowedRequestors = @(
)
}
RequestApprovalSettings = @{
IsApprovalRequired = $false
IsApprovalRequiredForExtension = $false
IsRequestorJustificationRequired = $false
ApprovalMode = "NoApproval"
ApprovalStages = @(
)
}
}
New-MgEntitlementManagementAccessPackageAssignmentPolicy -BodyParameter $params
响应
下面展示了示例响应。
注意: 为了提高可读性,可能缩短了此处显示的响应对象。
HTTP/1.1 201 Created
Content-type: application/json
{
"id": "4c02f928-7752-49aa-8fc8-e286d973a965",
"accessPackageId": "56ff43fd-6b05-48df-9634-956a777fce6d",
"displayName": "direct",
"description": "direct assignments by administrator"
}
示例 2:为来自其他组织的用户创建策略以请求
以下示例显示了一个更复杂的策略,该策略具有两个阶段的审批和访问评审。
请求
下面是创建访问包分配策略的请求示例。
POST https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageAssignmentPolicies
Content-type: application/json
{
"accessPackageId": "string (identifier)",
"displayName": "Users from connected organizations can request",
"description": "Allow users from configured connected organizations to request and be approved by their sponsors",
"canExtend": false,
"durationInDays": 365,
"expirationDateTime": null,
"requestorSettings": {
"scopeType": "AllExistingConnectedOrganizationSubjects",
"acceptRequests": true,
"allowedRequestors": []
},
"requestApprovalSettings": {
"isApprovalRequired": true,
"isApprovalRequiredForExtension": false,
"isRequestorJustificationRequired": true,
"approvalMode": "Serial",
"approvalStages": [
{
"approvalStageTimeOutInDays": 14,
"isApproverJustificationRequired": true,
"isEscalationEnabled": true,
"escalationTimeInMinutes": 11520,
"primaryApprovers": [
{
"@odata.type": "#microsoft.graph.groupMembers",
"isBackup": true,
"id": "string (identifier)",
"description": "group for users from connected organizations which have no external sponsor"
},
{
"@odata.type": "#microsoft.graph.externalSponsors",
"isBackup": false
}
],
"escalationApprovers": [
{
"@odata.type": "#microsoft.graph.singleUser",
"isBackup": true,
"id": "string (identifier)",
"description": "user if the external sponsor does not respond"
}
]
},
{
"approvalStageTimeOutInDays": 14,
"isApproverJustificationRequired": true,
"isEscalationEnabled": true,
"escalationTimeInMinutes": 11520,
"primaryApprovers": [
{
"@odata.type": "#microsoft.graph.groupMembers",
"isBackup": true,
"id": "string (identifier)",
"description": "group for users from connected organizations which have no internal sponsor"
},
{
"@odata.type": "#microsoft.graph.internalSponsors",
"isBackup": false
}
],
"escalationApprovers": [
{
"@odata.type": "#microsoft.graph.singleUser",
"isBackup": true,
"id": "string (identifier)",
"description": "user if the internal sponsor does not respond"
}
]
}
]
},
"accessReviewSettings": {
"isEnabled": true,
"recurrenceType": "quarterly",
"reviewerType": "Self",
"startDateTime": "2020-04-01T07:59:59.998Z",
"durationInDays": 25,
"reviewers": []
}
}
GraphServiceClient graphClient = new GraphServiceClient( authProvider );
var accessPackageAssignmentPolicy = new AccessPackageAssignmentPolicy
{
AccessPackageId = "string (identifier)",
DisplayName = "Users from connected organizations can request",
Description = "Allow users from configured connected organizations to request and be approved by their sponsors",
CanExtend = false,
DurationInDays = 365,
ExpirationDateTime = null,
RequestorSettings = new RequestorSettings
{
ScopeType = "AllExistingConnectedOrganizationSubjects",
AcceptRequests = true,
AllowedRequestors = new List<UserSet>()
{
}
},
RequestApprovalSettings = new ApprovalSettings
{
IsApprovalRequired = true,
IsApprovalRequiredForExtension = false,
IsRequestorJustificationRequired = true,
ApprovalMode = "Serial",
ApprovalStages = new List<ApprovalStage>()
{
new ApprovalStage
{
ApprovalStageTimeOutInDays = 14,
IsApproverJustificationRequired = true,
IsEscalationEnabled = true,
EscalationTimeInMinutes = 11520,
PrimaryApprovers = new List<UserSet>()
{
new GroupMembers
{
IsBackup = true,
Id = "string (identifier)",
Description = "group for users from connected organizations which have no external sponsor"
},
new ExternalSponsors
{
IsBackup = false
}
},
EscalationApprovers = new List<UserSet>()
{
new SingleUser
{
IsBackup = true,
Id = "string (identifier)",
Description = "user if the external sponsor does not respond"
}
}
},
new ApprovalStage
{
ApprovalStageTimeOutInDays = 14,
IsApproverJustificationRequired = true,
IsEscalationEnabled = true,
EscalationTimeInMinutes = 11520,
PrimaryApprovers = new List<UserSet>()
{
new GroupMembers
{
IsBackup = true,
Id = "string (identifier)",
Description = "group for users from connected organizations which have no internal sponsor"
},
new InternalSponsors
{
IsBackup = false
}
},
EscalationApprovers = new List<UserSet>()
{
new SingleUser
{
IsBackup = true,
Id = "string (identifier)",
Description = "user if the internal sponsor does not respond"
}
}
}
}
},
AccessReviewSettings = new AssignmentReviewSettings
{
IsEnabled = true,
RecurrenceType = "quarterly",
ReviewerType = "Self",
StartDateTime = DateTimeOffset.Parse("2020-04-01T07:59:59.998Z"),
DurationInDays = 25,
Reviewers = new List<UserSet>()
{
}
}
};
await graphClient.IdentityGovernance.EntitlementManagement.AccessPackageAssignmentPolicies
.Request()
.AddAsync(accessPackageAssignmentPolicy);
const options = {
authProvider,
};
const client = Client.init(options);
const accessPackageAssignmentPolicy = {
accessPackageId: 'string (identifier)',
displayName: 'Users from connected organizations can request',
description: 'Allow users from configured connected organizations to request and be approved by their sponsors',
canExtend: false,
durationInDays: 365,
expirationDateTime: null,
requestorSettings: {
scopeType: 'AllExistingConnectedOrganizationSubjects',
acceptRequests: true,
allowedRequestors: []
},
requestApprovalSettings: {
isApprovalRequired: true,
isApprovalRequiredForExtension: false,
isRequestorJustificationRequired: true,
approvalMode: 'Serial',
approvalStages: [
{
approvalStageTimeOutInDays: 14,
isApproverJustificationRequired: true,
isEscalationEnabled: true,
escalationTimeInMinutes: 11520,
primaryApprovers: [
{
'@odata.type': '#microsoft.graph.groupMembers',
isBackup: true,
id: 'string (identifier)',
description: 'group for users from connected organizations which have no external sponsor'
},
{
'@odata.type': '#microsoft.graph.externalSponsors',
isBackup: false
}
],
escalationApprovers: [
{
'@odata.type': '#microsoft.graph.singleUser',
isBackup: true,
id: 'string (identifier)',
description: 'user if the external sponsor does not respond'
}
]
},
{
approvalStageTimeOutInDays: 14,
isApproverJustificationRequired: true,
isEscalationEnabled: true,
escalationTimeInMinutes: 11520,
primaryApprovers: [
{
'@odata.type': '#microsoft.graph.groupMembers',
isBackup: true,
id: 'string (identifier)',
description: 'group for users from connected organizations which have no internal sponsor'
},
{
'@odata.type': '#microsoft.graph.internalSponsors',
isBackup: false
}
],
escalationApprovers: [
{
'@odata.type': '#microsoft.graph.singleUser',
isBackup: true,
id: 'string (identifier)',
description: 'user if the internal sponsor does not respond'
}
]
}
]
},
accessReviewSettings: {
isEnabled: true,
recurrenceType: 'quarterly',
reviewerType: 'Self',
startDateTime: '2020-04-01T07:59:59.998Z',
durationInDays: 25,
reviewers: []
}
};
await client.api('/identityGovernance/entitlementManagement/accessPackageAssignmentPolicies')
.version('beta')
.post(accessPackageAssignmentPolicy);
MSHTTPClient *httpClient = [MSClientFactory createHTTPClientWithAuthenticationProvider:authenticationProvider];
NSString *MSGraphBaseURL = @"https://graph.microsoft.com/beta/";
NSMutableURLRequest *urlRequest = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:[MSGraphBaseURL stringByAppendingString:@"/identityGovernance/entitlementManagement/accessPackageAssignmentPolicies"]]];
[urlRequest setHTTPMethod:@"POST"];
[urlRequest setValue:@"application/json" forHTTPHeaderField:@"Content-Type"];
MSGraphAccessPackageAssignmentPolicy *accessPackageAssignmentPolicy = [[MSGraphAccessPackageAssignmentPolicy alloc] init];
[accessPackageAssignmentPolicy setAccessPackageId:@"string (identifier)"];
[accessPackageAssignmentPolicy setDisplayName:@"Users from connected organizations can request"];
[accessPackageAssignmentPolicy setDescription:@"Allow users from configured connected organizations to request and be approved by their sponsors"];
[accessPackageAssignmentPolicy setCanExtend: false];
[accessPackageAssignmentPolicy setDurationInDays: 365];
[accessPackageAssignmentPolicy setExpirationDateTime: null];
MSGraphRequestorSettings *requestorSettings = [[MSGraphRequestorSettings alloc] init];
[requestorSettings setScopeType:@"AllExistingConnectedOrganizationSubjects"];
[requestorSettings setAcceptRequests: true];
NSMutableArray *allowedRequestorsList = [[NSMutableArray alloc] init];
[requestorSettings setAllowedRequestors:allowedRequestorsList];
[accessPackageAssignmentPolicy setRequestorSettings:requestorSettings];
MSGraphApprovalSettings *requestApprovalSettings = [[MSGraphApprovalSettings alloc] init];
[requestApprovalSettings setIsApprovalRequired: true];
[requestApprovalSettings setIsApprovalRequiredForExtension: false];
[requestApprovalSettings setIsRequestorJustificationRequired: true];
[requestApprovalSettings setApprovalMode:@"Serial"];
NSMutableArray *approvalStagesList = [[NSMutableArray alloc] init];
MSGraphApprovalStage *approvalStages = [[MSGraphApprovalStage alloc] init];
[approvalStages setApprovalStageTimeOutInDays: 14];
[approvalStages setIsApproverJustificationRequired: true];
[approvalStages setIsEscalationEnabled: true];
[approvalStages setEscalationTimeInMinutes: 11520];
NSMutableArray *primaryApproversList = [[NSMutableArray alloc] init];
MSGraphUserSet *primaryApprovers = [[MSGraphUserSet alloc] init];
[primaryApprovers setIsBackup: true];
[primaryApprovers setId:@"string (identifier)"];
[primaryApprovers setDescription:@"group for users from connected organizations which have no external sponsor"];
[primaryApproversList addObject: primaryApprovers];
MSGraphUserSet *primaryApprovers = [[MSGraphUserSet alloc] init];
[primaryApprovers setIsBackup: false];
[primaryApproversList addObject: primaryApprovers];
[approvalStages setPrimaryApprovers:primaryApproversList];
NSMutableArray *escalationApproversList = [[NSMutableArray alloc] init];
MSGraphUserSet *escalationApprovers = [[MSGraphUserSet alloc] init];
[escalationApprovers setIsBackup: true];
[escalationApprovers setId:@"string (identifier)"];
[escalationApprovers setDescription:@"user if the external sponsor does not respond"];
[escalationApproversList addObject: escalationApprovers];
[approvalStages setEscalationApprovers:escalationApproversList];
[approvalStagesList addObject: approvalStages];
MSGraphApprovalStage *approvalStages = [[MSGraphApprovalStage alloc] init];
[approvalStages setApprovalStageTimeOutInDays: 14];
[approvalStages setIsApproverJustificationRequired: true];
[approvalStages setIsEscalationEnabled: true];
[approvalStages setEscalationTimeInMinutes: 11520];
NSMutableArray *primaryApproversList = [[NSMutableArray alloc] init];
MSGraphUserSet *primaryApprovers = [[MSGraphUserSet alloc] init];
[primaryApprovers setIsBackup: true];
[primaryApprovers setId:@"string (identifier)"];
[primaryApprovers setDescription:@"group for users from connected organizations which have no internal sponsor"];
[primaryApproversList addObject: primaryApprovers];
MSGraphUserSet *primaryApprovers = [[MSGraphUserSet alloc] init];
[primaryApprovers setIsBackup: false];
[primaryApproversList addObject: primaryApprovers];
[approvalStages setPrimaryApprovers:primaryApproversList];
NSMutableArray *escalationApproversList = [[NSMutableArray alloc] init];
MSGraphUserSet *escalationApprovers = [[MSGraphUserSet alloc] init];
[escalationApprovers setIsBackup: true];
[escalationApprovers setId:@"string (identifier)"];
[escalationApprovers setDescription:@"user if the internal sponsor does not respond"];
[escalationApproversList addObject: escalationApprovers];
[approvalStages setEscalationApprovers:escalationApproversList];
[approvalStagesList addObject: approvalStages];
[requestApprovalSettings setApprovalStages:approvalStagesList];
[accessPackageAssignmentPolicy setRequestApprovalSettings:requestApprovalSettings];
MSGraphAssignmentReviewSettings *accessReviewSettings = [[MSGraphAssignmentReviewSettings alloc] init];
[accessReviewSettings setIsEnabled: true];
[accessReviewSettings setRecurrenceType:@"quarterly"];
[accessReviewSettings setReviewerType:@"Self"];
[accessReviewSettings setStartDateTime: "2020-04-01T07:59:59.998Z"];
[accessReviewSettings setDurationInDays: 25];
NSMutableArray *reviewersList = [[NSMutableArray alloc] init];
[accessReviewSettings setReviewers:reviewersList];
[accessPackageAssignmentPolicy setAccessReviewSettings:accessReviewSettings];
NSError *error;
NSData *accessPackageAssignmentPolicyData = [accessPackageAssignmentPolicy getSerializedDataWithError:&error];
[urlRequest setHTTPBody:accessPackageAssignmentPolicyData];
MSURLSessionDataTask *meDataTask = [httpClient dataTaskWithRequest:urlRequest
completionHandler: ^(NSData *data, NSURLResponse *response, NSError *nserror) {
//Request Completed
}];
[meDataTask execute];
GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();
AccessPackageAssignmentPolicy accessPackageAssignmentPolicy = new AccessPackageAssignmentPolicy();
accessPackageAssignmentPolicy.accessPackageId = "string (identifier)";
accessPackageAssignmentPolicy.displayName = "Users from connected organizations can request";
accessPackageAssignmentPolicy.description = "Allow users from configured connected organizations to request and be approved by their sponsors";
accessPackageAssignmentPolicy.canExtend = false;
accessPackageAssignmentPolicy.durationInDays = 365;
accessPackageAssignmentPolicy.expirationDateTime = OffsetDateTimeSerializer.deserialize("null");
RequestorSettings requestorSettings = new RequestorSettings();
requestorSettings.scopeType = "AllExistingConnectedOrganizationSubjects";
requestorSettings.acceptRequests = true;
LinkedList<UserSet> allowedRequestorsList = new LinkedList<UserSet>();
requestorSettings.allowedRequestors = allowedRequestorsList;
accessPackageAssignmentPolicy.requestorSettings = requestorSettings;
ApprovalSettings requestApprovalSettings = new ApprovalSettings();
requestApprovalSettings.isApprovalRequired = true;
requestApprovalSettings.isApprovalRequiredForExtension = false;
requestApprovalSettings.isRequestorJustificationRequired = true;
requestApprovalSettings.approvalMode = "Serial";
LinkedList<ApprovalStage> approvalStagesList = new LinkedList<ApprovalStage>();
ApprovalStage approvalStages = new ApprovalStage();
approvalStages.approvalStageTimeOutInDays = 14;
approvalStages.isApproverJustificationRequired = true;
approvalStages.isEscalationEnabled = true;
approvalStages.escalationTimeInMinutes = 11520;
LinkedList<UserSet> primaryApproversList = new LinkedList<UserSet>();
GroupMembers primaryApprovers = new GroupMembers();
primaryApprovers.isBackup = true;
primaryApprovers.id = "string (identifier)";
primaryApprovers.description = "group for users from connected organizations which have no external sponsor";
primaryApproversList.add(primaryApprovers);
ExternalSponsors primaryApprovers1 = new ExternalSponsors();
primaryApprovers1.isBackup = false;
primaryApproversList.add(primaryApprovers1);
approvalStages.primaryApprovers = primaryApproversList;
LinkedList<UserSet> escalationApproversList = new LinkedList<UserSet>();
SingleUser escalationApprovers = new SingleUser();
escalationApprovers.isBackup = true;
escalationApprovers.id = "string (identifier)";
escalationApprovers.description = "user if the external sponsor does not respond";
escalationApproversList.add(escalationApprovers);
approvalStages.escalationApprovers = escalationApproversList;
approvalStagesList.add(approvalStages);
ApprovalStage approvalStages1 = new ApprovalStage();
approvalStages1.approvalStageTimeOutInDays = 14;
approvalStages1.isApproverJustificationRequired = true;
approvalStages1.isEscalationEnabled = true;
approvalStages1.escalationTimeInMinutes = 11520;
LinkedList<UserSet> primaryApproversList1 = new LinkedList<UserSet>();
GroupMembers primaryApprovers2 = new GroupMembers();
primaryApprovers2.isBackup = true;
primaryApprovers2.id = "string (identifier)";
primaryApprovers2.description = "group for users from connected organizations which have no internal sponsor";
primaryApproversList1.add(primaryApprovers2);
InternalSponsors primaryApprovers3 = new InternalSponsors();
primaryApprovers3.isBackup = false;
primaryApproversList1.add(primaryApprovers3);
approvalStages1.primaryApprovers = primaryApproversList1;
LinkedList<UserSet> escalationApproversList1 = new LinkedList<UserSet>();
SingleUser escalationApprovers1 = new SingleUser();
escalationApprovers1.isBackup = true;
escalationApprovers1.id = "string (identifier)";
escalationApprovers1.description = "user if the internal sponsor does not respond";
escalationApproversList1.add(escalationApprovers1);
approvalStages1.escalationApprovers = escalationApproversList1;
approvalStagesList.add(approvalStages1);
requestApprovalSettings.approvalStages = approvalStagesList;
accessPackageAssignmentPolicy.requestApprovalSettings = requestApprovalSettings;
AssignmentReviewSettings accessReviewSettings = new AssignmentReviewSettings();
accessReviewSettings.isEnabled = true;
accessReviewSettings.recurrenceType = "quarterly";
accessReviewSettings.reviewerType = "Self";
accessReviewSettings.startDateTime = OffsetDateTimeSerializer.deserialize("2020-04-01T07:59:59.998Z");
accessReviewSettings.durationInDays = 25;
LinkedList<UserSet> reviewersList = new LinkedList<UserSet>();
accessReviewSettings.reviewers = reviewersList;
accessPackageAssignmentPolicy.accessReviewSettings = accessReviewSettings;
graphClient.identityGovernance().entitlementManagement().accessPackageAssignmentPolicies()
.buildRequest()
.post(accessPackageAssignmentPolicy);
//THE GO SDK IS IN PREVIEW. NON-PRODUCTION USE ONLY
graphClient := msgraphsdk.NewGraphServiceClient(requestAdapter)
requestBody := msgraphsdk.NewAccessPackageAssignmentPolicy()
accessPackageId := "string (identifier)"
requestBody.SetAccessPackageId(&accessPackageId)
displayName := "Users from connected organizations can request"
requestBody.SetDisplayName(&displayName)
description := "Allow users from configured connected organizations to request and be approved by their sponsors"
requestBody.SetDescription(&description)
canExtend := false
requestBody.SetCanExtend(&canExtend)
durationInDays := int32(365)
requestBody.SetDurationInDays(&durationInDays)
requestBody.SetExpirationDateTime(nil)
requestorSettings := msgraphsdk.NewRequestorSettings()
requestBody.SetRequestorSettings(requestorSettings)
scopeType := "AllExistingConnectedOrganizationSubjects"
requestorSettings.SetScopeType(&scopeType)
acceptRequests := true
requestorSettings.SetAcceptRequests(&acceptRequests)
requestorSettings.SetAllowedRequestors( []UserSet {
}
requestApprovalSettings := msgraphsdk.NewApprovalSettings()
requestBody.SetRequestApprovalSettings(requestApprovalSettings)
isApprovalRequired := true
requestApprovalSettings.SetIsApprovalRequired(&isApprovalRequired)
isApprovalRequiredForExtension := false
requestApprovalSettings.SetIsApprovalRequiredForExtension(&isApprovalRequiredForExtension)
isRequestorJustificationRequired := true
requestApprovalSettings.SetIsRequestorJustificationRequired(&isRequestorJustificationRequired)
approvalMode := "Serial"
requestApprovalSettings.SetApprovalMode(&approvalMode)
requestApprovalSettings.SetApprovalStages( []ApprovalStage {
msgraphsdk.NewApprovalStage(),
approvalStageTimeOutInDays := int32(14)
SetApprovalStageTimeOutInDays(&approvalStageTimeOutInDays)
isApproverJustificationRequired := true
SetIsApproverJustificationRequired(&isApproverJustificationRequired)
isEscalationEnabled := true
SetIsEscalationEnabled(&isEscalationEnabled)
escalationTimeInMinutes := int32(11520)
SetEscalationTimeInMinutes(&escalationTimeInMinutes)
SetPrimaryApprovers( []UserSet {
msgraphsdk.NewUserSet(),
isBackup := true
SetIsBackup(&isBackup)
SetAdditionalData(map[string]interface{}{
"@odata.type": "#microsoft.graph.groupMembers",
"id": "string (identifier)",
"description": "group for users from connected organizations which have no external sponsor",
}
msgraphsdk.NewUserSet(),
isBackup := false
SetIsBackup(&isBackup)
SetAdditionalData(map[string]interface{}{
"@odata.type": "#microsoft.graph.externalSponsors",
}
}
SetEscalationApprovers( []UserSet {
msgraphsdk.NewUserSet(),
isBackup := true
SetIsBackup(&isBackup)
SetAdditionalData(map[string]interface{}{
"@odata.type": "#microsoft.graph.singleUser",
"id": "string (identifier)",
"description": "user if the external sponsor does not respond",
}
}
msgraphsdk.NewApprovalStage(),
approvalStageTimeOutInDays := int32(14)
SetApprovalStageTimeOutInDays(&approvalStageTimeOutInDays)
isApproverJustificationRequired := true
SetIsApproverJustificationRequired(&isApproverJustificationRequired)
isEscalationEnabled := true
SetIsEscalationEnabled(&isEscalationEnabled)
escalationTimeInMinutes := int32(11520)
SetEscalationTimeInMinutes(&escalationTimeInMinutes)
SetPrimaryApprovers( []UserSet {
msgraphsdk.NewUserSet(),
isBackup := true
SetIsBackup(&isBackup)
SetAdditionalData(map[string]interface{}{
"@odata.type": "#microsoft.graph.groupMembers",
"id": "string (identifier)",
"description": "group for users from connected organizations which have no internal sponsor",
}
msgraphsdk.NewUserSet(),
isBackup := false
SetIsBackup(&isBackup)
SetAdditionalData(map[string]interface{}{
"@odata.type": "#microsoft.graph.internalSponsors",
}
}
SetEscalationApprovers( []UserSet {
msgraphsdk.NewUserSet(),
isBackup := true
SetIsBackup(&isBackup)
SetAdditionalData(map[string]interface{}{
"@odata.type": "#microsoft.graph.singleUser",
"id": "string (identifier)",
"description": "user if the internal sponsor does not respond",
}
}
}
accessReviewSettings := msgraphsdk.NewAssignmentReviewSettings()
requestBody.SetAccessReviewSettings(accessReviewSettings)
isEnabled := true
accessReviewSettings.SetIsEnabled(&isEnabled)
recurrenceType := "quarterly"
accessReviewSettings.SetRecurrenceType(&recurrenceType)
reviewerType := "Self"
accessReviewSettings.SetReviewerType(&reviewerType)
startDateTime, err := time.Parse(time.RFC3339, "2020-04-01T07:59:59.998Z")
accessReviewSettings.SetStartDateTime(&startDateTime)
durationInDays := int32(25)
accessReviewSettings.SetDurationInDays(&durationInDays)
accessReviewSettings.SetReviewers( []UserSet {
}
result, err := graphClient.IdentityGovernance().EntitlementManagement().AccessPackageAssignmentPolicies().Post(requestBody)
Import-Module Microsoft.Graph.Identity.Governance
$params = @{
AccessPackageId = "string (identifier)"
DisplayName = "Users from connected organizations can request"
Description = "Allow users from configured connected organizations to request and be approved by their sponsors"
CanExtend = $false
DurationInDays = 365
ExpirationDateTime = $null
RequestorSettings = @{
ScopeType = "AllExistingConnectedOrganizationSubjects"
AcceptRequests = $true
AllowedRequestors = @(
)
}
RequestApprovalSettings = @{
IsApprovalRequired = $true
IsApprovalRequiredForExtension = $false
IsRequestorJustificationRequired = $true
ApprovalMode = "Serial"
ApprovalStages = @(
@{
ApprovalStageTimeOutInDays = 14
IsApproverJustificationRequired = $true
IsEscalationEnabled = $true
EscalationTimeInMinutes = 11520
PrimaryApprovers = @(
@{
"@odata.type" = "#microsoft.graph.groupMembers"
IsBackup = $true
Id = "string (identifier)"
Description = "group for users from connected organizations which have no external sponsor"
}
@{
"@odata.type" = "#microsoft.graph.externalSponsors"
IsBackup = $false
}
)
EscalationApprovers = @(
@{
"@odata.type" = "#microsoft.graph.singleUser"
IsBackup = $true
Id = "string (identifier)"
Description = "user if the external sponsor does not respond"
}
)
}
@{
ApprovalStageTimeOutInDays = 14
IsApproverJustificationRequired = $true
IsEscalationEnabled = $true
EscalationTimeInMinutes = 11520
PrimaryApprovers = @(
@{
"@odata.type" = "#microsoft.graph.groupMembers"
IsBackup = $true
Id = "string (identifier)"
Description = "group for users from connected organizations which have no internal sponsor"
}
@{
"@odata.type" = "#microsoft.graph.internalSponsors"
IsBackup = $false
}
)
EscalationApprovers = @(
@{
"@odata.type" = "#microsoft.graph.singleUser"
IsBackup = $true
Id = "string (identifier)"
Description = "user if the internal sponsor does not respond"
}
)
}
)
}
AccessReviewSettings = @{
IsEnabled = $true
RecurrenceType = "quarterly"
ReviewerType = "Self"
StartDateTime = [System.DateTime]::Parse("2020-04-01T07:59:59.998Z")
DurationInDays = 25
Reviewers = @(
)
}
}
New-MgEntitlementManagementAccessPackageAssignmentPolicy -BodyParameter $params
响应
下面展示了示例响应。
注意: 为了提高可读性,可能缩短了此处显示的响应对象。
HTTP/1.1 201 Created
Content-type: application/json
{
"id": "4c02f928-7752-49aa-8fc8-e286d973a965",
"accessPackageId": "string (identifier)",
"displayName": "Users from connected organizations can request",
"description": "Allow users from configured connected organizations to request and be approved by their sponsors"
}
示例 3:创建带问题的分配策略
将在分配策略范围内向请求者提出在分配策略中配置的问题。 他们的回答将显示给审批者。 问题 ID 是只读的,并且默认包含在响应中。
请求
以下示例显示创建访问包分配策略的请求。
POST https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageAssignmentPolicies
Content-type: application/json
{
"accessPackageId": "b2eba9a1-b357-42ee-83a8-336522ed6cbf",
"displayName": "Users from connected organizations can request",
"description": "Allow users from configured connected organizations to request and be approved by their sponsors",
"canExtend": false,
"durationInDays": 365,
"expirationDateTime": null,
"requestorSettings": {
"scopeType": "AllExistingConnectedOrganizationSubjects",
"acceptRequests": true
},
"requestApprovalSettings": {
"isApprovalRequired": true,
"isApprovalRequiredForExtension": false,
"isRequestorJustificationRequired": true,
"approvalMode": "SingleStage",
"approvalStages": [{
"approvalStageTimeOutInDays": 14,
"isApproverJustificationRequired": true,
"isEscalationEnabled": false,
"escalationTimeInMinutes": 11520,
"primaryApprovers": [{
"@odata.type": "#microsoft.graph.groupMembers",
"isBackup": true,
"id": "d2dcb9a1-a445-42ee-83a8-476522ed6cbf",
"description": "group for users from connected organizations which have no external sponsor"
},
{
"@odata.type": "#microsoft.graph.externalSponsors",
"isBackup": false
}
]
}
]
},
"questions": [{
"isRequired": false,
"text": {
"defaultText": "what state are you from?",
"localizedTexts": [{
"text": "¿De qué estado eres?",
"languageCode": "es"
}]
},
"@odata.type": "#microsoft.graph.accessPackageMultipleChoiceQuestion",
"choices": [{
"actualValue": "AZ",
"displayValue": {
"localizedTexts": [{
"text": "Arizona",
"languageCode": "es"
}]
}
}, {
"actualValue": "CA",
"displayValue": {
"localizedTexts": [{
"text": "California",
"languageCode": "es"
}]
}
}, {
"actualValue": "OH",
"displayValue": {
"localizedTexts": [{
"text": "Ohio",
"languageCode": "es"
}]
}
}],
"allowsMultipleSelection": false
}, {
"isRequired": false,
"text": {
"defaultText": "Who is your manager?",
"localizedTexts": [{
"text": "por qué necesita acceso a este paquete",
"languageCode": "es"
}]
},
"@odata.type": "#microsoft.graph.accessPackageTextInputQuestion",
"isSingleLineQuestion": false
}]
}
GraphServiceClient graphClient = new GraphServiceClient( authProvider );
var accessPackageAssignmentPolicy = new AccessPackageAssignmentPolicy
{
AccessPackageId = "b2eba9a1-b357-42ee-83a8-336522ed6cbf",
DisplayName = "Users from connected organizations can request",
Description = "Allow users from configured connected organizations to request and be approved by their sponsors",
CanExtend = false,
DurationInDays = 365,
ExpirationDateTime = null,
RequestorSettings = new RequestorSettings
{
ScopeType = "AllExistingConnectedOrganizationSubjects",
AcceptRequests = true
},
RequestApprovalSettings = new ApprovalSettings
{
IsApprovalRequired = true,
IsApprovalRequiredForExtension = false,
IsRequestorJustificationRequired = true,
ApprovalMode = "SingleStage",
ApprovalStages = new List<ApprovalStage>()
{
new ApprovalStage
{
ApprovalStageTimeOutInDays = 14,
IsApproverJustificationRequired = true,
IsEscalationEnabled = false,
EscalationTimeInMinutes = 11520,
PrimaryApprovers = new List<UserSet>()
{
new GroupMembers
{
IsBackup = true,
Id = "d2dcb9a1-a445-42ee-83a8-476522ed6cbf",
Description = "group for users from connected organizations which have no external sponsor"
},
new ExternalSponsors
{
IsBackup = false
}
}
}
}
},
Questions = new List<AccessPackageQuestion>()
{
new AccessPackageMultipleChoiceQuestion
{
IsRequired = false,
Text = new AccessPackageLocalizedContent
{
DefaultText = "what state are you from?",
LocalizedTexts = new List<AccessPackageLocalizedText>()
{
new AccessPackageLocalizedText
{
Text = "¿De qué estado eres?",
LanguageCode = "es"
}
}
},
Choices = new List<AccessPackageAnswerChoice>()
{
new AccessPackageAnswerChoice
{
ActualValue = "AZ",
DisplayValue = new AccessPackageLocalizedContent
{
LocalizedTexts = new List<AccessPackageLocalizedText>()
{
new AccessPackageLocalizedText
{
Text = "Arizona",
LanguageCode = "es"
}
}
}
},
new AccessPackageAnswerChoice
{
ActualValue = "CA",
DisplayValue = new AccessPackageLocalizedContent
{
LocalizedTexts = new List<AccessPackageLocalizedText>()
{
new AccessPackageLocalizedText
{
Text = "California",
LanguageCode = "es"
}
}
}
},
new AccessPackageAnswerChoice
{
ActualValue = "OH",
DisplayValue = new AccessPackageLocalizedContent
{
LocalizedTexts = new List<AccessPackageLocalizedText>()
{
new AccessPackageLocalizedText
{
Text = "Ohio",
LanguageCode = "es"
}
}
}
}
},
AllowsMultipleSelection = false
},
new AccessPackageTextInputQuestion
{
IsRequired = false,
Text = new AccessPackageLocalizedContent
{
DefaultText = "Who is your manager?",
LocalizedTexts = new List<AccessPackageLocalizedText>()
{
new AccessPackageLocalizedText
{
Text = "por qué necesita acceso a este paquete",
LanguageCode = "es"
}
}
},
IsSingleLineQuestion = false
}
}
};
await graphClient.IdentityGovernance.EntitlementManagement.AccessPackageAssignmentPolicies
.Request()
.AddAsync(accessPackageAssignmentPolicy);
const options = {
authProvider,
};
const client = Client.init(options);
const accessPackageAssignmentPolicy = {
accessPackageId: 'b2eba9a1-b357-42ee-83a8-336522ed6cbf',
displayName: 'Users from connected organizations can request',
description: 'Allow users from configured connected organizations to request and be approved by their sponsors',
canExtend: false,
durationInDays: 365,
expirationDateTime: null,
requestorSettings: {
scopeType: 'AllExistingConnectedOrganizationSubjects',
acceptRequests: true
},
requestApprovalSettings: {
isApprovalRequired: true,
isApprovalRequiredForExtension: false,
isRequestorJustificationRequired: true,
approvalMode: 'SingleStage',
approvalStages: [{
approvalStageTimeOutInDays: 14,
isApproverJustificationRequired: true,
isEscalationEnabled: false,
escalationTimeInMinutes: 11520,
primaryApprovers: [{
'@odata.type': '#microsoft.graph.groupMembers',
isBackup: true,
id: 'd2dcb9a1-a445-42ee-83a8-476522ed6cbf',
description: 'group for users from connected organizations which have no external sponsor'
},
{
'@odata.type': '#microsoft.graph.externalSponsors',
isBackup: false
}
]
}
]
},
questions: [{
isRequired: false,
text: {
defaultText: 'what state are you from?',
localizedTexts: [{
text: '¿De qué estado eres?',
languageCode: 'es'
}]
},
'@odata.type': '#microsoft.graph.accessPackageMultipleChoiceQuestion',
choices: [{
actualValue: 'AZ',
displayValue: {
localizedTexts: [{
text: 'Arizona',
languageCode: 'es'
}]
}
}, {
actualValue: 'CA',
displayValue: {
localizedTexts: [{
text: 'California',
languageCode: 'es'
}]
}
}, {
actualValue: 'OH',
displayValue: {
localizedTexts: [{
text: 'Ohio',
languageCode: 'es'
}]
}
}],
allowsMultipleSelection: false
}, {
isRequired: false,
text: {
defaultText: 'Who is your manager?',
localizedTexts: [{
text: 'por qué necesita acceso a este paquete',
languageCode: 'es'
}]
},
'@odata.type': '#microsoft.graph.accessPackageTextInputQuestion',
isSingleLineQuestion: false
}]
};
await client.api('/identityGovernance/entitlementManagement/accessPackageAssignmentPolicies')
.version('beta')
.post(accessPackageAssignmentPolicy);
MSHTTPClient *httpClient = [MSClientFactory createHTTPClientWithAuthenticationProvider:authenticationProvider];
NSString *MSGraphBaseURL = @"https://graph.microsoft.com/beta/";
NSMutableURLRequest *urlRequest = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:[MSGraphBaseURL stringByAppendingString:@"/identityGovernance/entitlementManagement/accessPackageAssignmentPolicies"]]];
[urlRequest setHTTPMethod:@"POST"];
[urlRequest setValue:@"application/json" forHTTPHeaderField:@"Content-Type"];
MSGraphAccessPackageAssignmentPolicy *accessPackageAssignmentPolicy = [[MSGraphAccessPackageAssignmentPolicy alloc] init];
[accessPackageAssignmentPolicy setAccessPackageId:@"b2eba9a1-b357-42ee-83a8-336522ed6cbf"];
[accessPackageAssignmentPolicy setDisplayName:@"Users from connected organizations can request"];
[accessPackageAssignmentPolicy setDescription:@"Allow users from configured connected organizations to request and be approved by their sponsors"];
[accessPackageAssignmentPolicy setCanExtend: false];
[accessPackageAssignmentPolicy setDurationInDays: 365];
[accessPackageAssignmentPolicy setExpirationDateTime: null];
MSGraphRequestorSettings *requestorSettings = [[MSGraphRequestorSettings alloc] init];
[requestorSettings setScopeType:@"AllExistingConnectedOrganizationSubjects"];
[requestorSettings setAcceptRequests: true];
[accessPackageAssignmentPolicy setRequestorSettings:requestorSettings];
MSGraphApprovalSettings *requestApprovalSettings = [[MSGraphApprovalSettings alloc] init];
[requestApprovalSettings setIsApprovalRequired: true];
[requestApprovalSettings setIsApprovalRequiredForExtension: false];
[requestApprovalSettings setIsRequestorJustificationRequired: true];
[requestApprovalSettings setApprovalMode:@"SingleStage"];
NSMutableArray *approvalStagesList = [[NSMutableArray alloc] init];
MSGraphApprovalStage *approvalStages = [[MSGraphApprovalStage alloc] init];
[approvalStages setApprovalStageTimeOutInDays: 14];
[approvalStages setIsApproverJustificationRequired: true];
[approvalStages setIsEscalationEnabled: false];
[approvalStages setEscalationTimeInMinutes: 11520];
NSMutableArray *primaryApproversList = [[NSMutableArray alloc] init];
MSGraphUserSet *primaryApprovers = [[MSGraphUserSet alloc] init];
[primaryApprovers setIsBackup: true];
[primaryApprovers setId:@"d2dcb9a1-a445-42ee-83a8-476522ed6cbf"];
[primaryApprovers setDescription:@"group for users from connected organizations which have no external sponsor"];
[primaryApproversList addObject: primaryApprovers];
MSGraphUserSet *primaryApprovers = [[MSGraphUserSet alloc] init];
[primaryApprovers setIsBackup: false];
[primaryApproversList addObject: primaryApprovers];
[approvalStages setPrimaryApprovers:primaryApproversList];
[approvalStagesList addObject: approvalStages];
[requestApprovalSettings setApprovalStages:approvalStagesList];
[accessPackageAssignmentPolicy setRequestApprovalSettings:requestApprovalSettings];
NSMutableArray *questionsList = [[NSMutableArray alloc] init];
MSGraphAccessPackageQuestion *questions = [[MSGraphAccessPackageQuestion alloc] init];
[questions setIsRequired: false];
MSGraphAccessPackageLocalizedContent *text = [[MSGraphAccessPackageLocalizedContent alloc] init];
[text setDefaultText:@"what state are you from?"];
NSMutableArray *localizedTextsList = [[NSMutableArray alloc] init];
MSGraphAccessPackageLocalizedText *localizedTexts = [[MSGraphAccessPackageLocalizedText alloc] init];
[localizedTexts setText:@"¿De qué estado eres?"];
[localizedTexts setLanguageCode:@"es"];
[localizedTextsList addObject: localizedTexts];
[text setLocalizedTexts:localizedTextsList];
[questions setText:text];
NSMutableArray *choicesList = [[NSMutableArray alloc] init];
MSGraphAccessPackageAnswerChoice *choices = [[MSGraphAccessPackageAnswerChoice alloc] init];
[choices setActualValue:@"AZ"];
MSGraphAccessPackageLocalizedContent *displayValue = [[MSGraphAccessPackageLocalizedContent alloc] init];
NSMutableArray *localizedTextsList = [[NSMutableArray alloc] init];
MSGraphAccessPackageLocalizedText *localizedTexts = [[MSGraphAccessPackageLocalizedText alloc] init];
[localizedTexts setText:@"Arizona"];
[localizedTexts setLanguageCode:@"es"];
[localizedTextsList addObject: localizedTexts];
[displayValue setLocalizedTexts:localizedTextsList];
[choices setDisplayValue:displayValue];
[choicesList addObject: choices];
MSGraphAccessPackageAnswerChoice *choices = [[MSGraphAccessPackageAnswerChoice alloc] init];
[choices setActualValue:@"CA"];
MSGraphAccessPackageLocalizedContent *displayValue = [[MSGraphAccessPackageLocalizedContent alloc] init];
NSMutableArray *localizedTextsList = [[NSMutableArray alloc] init];
MSGraphAccessPackageLocalizedText *localizedTexts = [[MSGraphAccessPackageLocalizedText alloc] init];
[localizedTexts setText:@"California"];
[localizedTexts setLanguageCode:@"es"];
[localizedTextsList addObject: localizedTexts];
[displayValue setLocalizedTexts:localizedTextsList];
[choices setDisplayValue:displayValue];
[choicesList addObject: choices];
MSGraphAccessPackageAnswerChoice *choices = [[MSGraphAccessPackageAnswerChoice alloc] init];
[choices setActualValue:@"OH"];
MSGraphAccessPackageLocalizedContent *displayValue = [[MSGraphAccessPackageLocalizedContent alloc] init];
NSMutableArray *localizedTextsList = [[NSMutableArray alloc] init];
MSGraphAccessPackageLocalizedText *localizedTexts = [[MSGraphAccessPackageLocalizedText alloc] init];
[localizedTexts setText:@"Ohio"];
[localizedTexts setLanguageCode:@"es"];
[localizedTextsList addObject: localizedTexts];
[displayValue setLocalizedTexts:localizedTextsList];
[choices setDisplayValue:displayValue];
[choicesList addObject: choices];
[questions setChoices:choicesList];
[questions setAllowsMultipleSelection: false];
[questionsList addObject: questions];
MSGraphAccessPackageQuestion *questions = [[MSGraphAccessPackageQuestion alloc] init];
[questions setIsRequired: false];
MSGraphAccessPackageLocalizedContent *text = [[MSGraphAccessPackageLocalizedContent alloc] init];
[text setDefaultText:@"Who is your manager?"];
NSMutableArray *localizedTextsList = [[NSMutableArray alloc] init];
MSGraphAccessPackageLocalizedText *localizedTexts = [[MSGraphAccessPackageLocalizedText alloc] init];
[localizedTexts setText:@"por qué necesita acceso a este paquete"];
[localizedTexts setLanguageCode:@"es"];
[localizedTextsList addObject: localizedTexts];
[text setLocalizedTexts:localizedTextsList];
[questions setText:text];
[questions setIsSingleLineQuestion: false];
[questionsList addObject: questions];
[accessPackageAssignmentPolicy setQuestions:questionsList];
NSError *error;
NSData *accessPackageAssignmentPolicyData = [accessPackageAssignmentPolicy getSerializedDataWithError:&error];
[urlRequest setHTTPBody:accessPackageAssignmentPolicyData];
MSURLSessionDataTask *meDataTask = [httpClient dataTaskWithRequest:urlRequest
completionHandler: ^(NSData *data, NSURLResponse *response, NSError *nserror) {
//Request Completed
}];
[meDataTask execute];
GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();
AccessPackageAssignmentPolicy accessPackageAssignmentPolicy = new AccessPackageAssignmentPolicy();
accessPackageAssignmentPolicy.accessPackageId = "b2eba9a1-b357-42ee-83a8-336522ed6cbf";
accessPackageAssignmentPolicy.displayName = "Users from connected organizations can request";
accessPackageAssignmentPolicy.description = "Allow users from configured connected organizations to request and be approved by their sponsors";
accessPackageAssignmentPolicy.canExtend = false;
accessPackageAssignmentPolicy.durationInDays = 365;
accessPackageAssignmentPolicy.expirationDateTime = OffsetDateTimeSerializer.deserialize("null");
RequestorSettings requestorSettings = new RequestorSettings();
requestorSettings.scopeType = "AllExistingConnectedOrganizationSubjects";
requestorSettings.acceptRequests = true;
accessPackageAssignmentPolicy.requestorSettings = requestorSettings;
ApprovalSettings requestApprovalSettings = new ApprovalSettings();
requestApprovalSettings.isApprovalRequired = true;
requestApprovalSettings.isApprovalRequiredForExtension = false;
requestApprovalSettings.isRequestorJustificationRequired = true;
requestApprovalSettings.approvalMode = "SingleStage";
LinkedList<ApprovalStage> approvalStagesList = new LinkedList<ApprovalStage>();
ApprovalStage approvalStages = new ApprovalStage();
approvalStages.approvalStageTimeOutInDays = 14;
approvalStages.isApproverJustificationRequired = true;
approvalStages.isEscalationEnabled = false;
approvalStages.escalationTimeInMinutes = 11520;
LinkedList<UserSet> primaryApproversList = new LinkedList<UserSet>();
GroupMembers primaryApprovers = new GroupMembers();
primaryApprovers.isBackup = true;
primaryApprovers.id = "d2dcb9a1-a445-42ee-83a8-476522ed6cbf";
primaryApprovers.description = "group for users from connected organizations which have no external sponsor";
primaryApproversList.add(primaryApprovers);
ExternalSponsors primaryApprovers1 = new ExternalSponsors();
primaryApprovers1.isBackup = false;
primaryApproversList.add(primaryApprovers1);
approvalStages.primaryApprovers = primaryApproversList;
approvalStagesList.add(approvalStages);
requestApprovalSettings.approvalStages = approvalStagesList;
accessPackageAssignmentPolicy.requestApprovalSettings = requestApprovalSettings;
LinkedList<AccessPackageQuestion> questionsList = new LinkedList<AccessPackageQuestion>();
AccessPackageMultipleChoiceQuestion questions = new AccessPackageMultipleChoiceQuestion();
questions.isRequired = false;
AccessPackageLocalizedContent text = new AccessPackageLocalizedContent();
text.defaultText = "what state are you from?";
LinkedList<AccessPackageLocalizedText> localizedTextsList = new LinkedList<AccessPackageLocalizedText>();
AccessPackageLocalizedText localizedTexts = new AccessPackageLocalizedText();
localizedTexts.text = "¿De qué estado eres?";
localizedTexts.languageCode = "es";
localizedTextsList.add(localizedTexts);
text.localizedTexts = localizedTextsList;
questions.text = text1;
LinkedList<AccessPackageAnswerChoice> choicesList = new LinkedList<AccessPackageAnswerChoice>();
AccessPackageAnswerChoice choices = new AccessPackageAnswerChoice();
choices.actualValue = "AZ";
AccessPackageLocalizedContent displayValue = new AccessPackageLocalizedContent();
LinkedList<AccessPackageLocalizedText> localizedTextsList1 = new LinkedList<AccessPackageLocalizedText>();
AccessPackageLocalizedText localizedTexts1 = new AccessPackageLocalizedText();
localizedTexts1.text = "Arizona";
localizedTexts1.languageCode = "es";
localizedTextsList1.add(localizedTexts1);
displayValue.localizedTexts = localizedTextsList1;
choices.displayValue = displayValue;
choicesList.add(choices);
AccessPackageAnswerChoice choices1 = new AccessPackageAnswerChoice();
choices1.actualValue = "CA";
AccessPackageLocalizedContent displayValue1 = new AccessPackageLocalizedContent();
LinkedList<AccessPackageLocalizedText> localizedTextsList2 = new LinkedList<AccessPackageLocalizedText>();
AccessPackageLocalizedText localizedTexts2 = new AccessPackageLocalizedText();
localizedTexts2.text = "California";
localizedTexts2.languageCode = "es";
localizedTextsList2.add(localizedTexts2);
displayValue1.localizedTexts = localizedTextsList2;
choices1.displayValue = displayValue1;
choicesList.add(choices1);
AccessPackageAnswerChoice choices2 = new AccessPackageAnswerChoice();
choices2.actualValue = "OH";
AccessPackageLocalizedContent displayValue2 = new AccessPackageLocalizedContent();
LinkedList<AccessPackageLocalizedText> localizedTextsList3 = new LinkedList<AccessPackageLocalizedText>();
AccessPackageLocalizedText localizedTexts3 = new AccessPackageLocalizedText();
localizedTexts3.text = "Ohio";
localizedTexts3.languageCode = "es";
localizedTextsList3.add(localizedTexts3);
displayValue2.localizedTexts = localizedTextsList3;
choices2.displayValue = displayValue2;
choicesList.add(choices2);
questions.choices = choicesList;
questions.allowsMultipleSelection = false;
questionsList.add(questions);
AccessPackageTextInputQuestion questions1 = new AccessPackageTextInputQuestion();
questions1.isRequired = false;
AccessPackageLocalizedContent text5 = new AccessPackageLocalizedContent();
text5.defaultText = "Who is your manager?";
LinkedList<AccessPackageLocalizedText> localizedTextsList4 = new LinkedList<AccessPackageLocalizedText>();
AccessPackageLocalizedText localizedTexts4 = new AccessPackageLocalizedText();
localizedTexts4.text = "por qué necesita acceso a este paquete";
localizedTexts4.languageCode = "es";
localizedTextsList4.add(localizedTexts4);
text5.localizedTexts = localizedTextsList4;
questions1.text = text6;
questions1.isSingleLineQuestion = false;
questionsList.add(questions1);
accessPackageAssignmentPolicy.questions = questionsList;
graphClient.identityGovernance().entitlementManagement().accessPackageAssignmentPolicies()
.buildRequest()
.post(accessPackageAssignmentPolicy);
//THE GO SDK IS IN PREVIEW. NON-PRODUCTION USE ONLY
graphClient := msgraphsdk.NewGraphServiceClient(requestAdapter)
requestBody := msgraphsdk.NewAccessPackageAssignmentPolicy()
accessPackageId := "b2eba9a1-b357-42ee-83a8-336522ed6cbf"
requestBody.SetAccessPackageId(&accessPackageId)
displayName := "Users from connected organizations can request"
requestBody.SetDisplayName(&displayName)
description := "Allow users from configured connected organizations to request and be approved by their sponsors"
requestBody.SetDescription(&description)
canExtend := false
requestBody.SetCanExtend(&canExtend)
durationInDays := int32(365)
requestBody.SetDurationInDays(&durationInDays)
requestBody.SetExpirationDateTime(nil)
requestorSettings := msgraphsdk.NewRequestorSettings()
requestBody.SetRequestorSettings(requestorSettings)
scopeType := "AllExistingConnectedOrganizationSubjects"
requestorSettings.SetScopeType(&scopeType)
acceptRequests := true
requestorSettings.SetAcceptRequests(&acceptRequests)
requestApprovalSettings := msgraphsdk.NewApprovalSettings()
requestBody.SetRequestApprovalSettings(requestApprovalSettings)
isApprovalRequired := true
requestApprovalSettings.SetIsApprovalRequired(&isApprovalRequired)
isApprovalRequiredForExtension := false
requestApprovalSettings.SetIsApprovalRequiredForExtension(&isApprovalRequiredForExtension)
isRequestorJustificationRequired := true
requestApprovalSettings.SetIsRequestorJustificationRequired(&isRequestorJustificationRequired)
approvalMode := "SingleStage"
requestApprovalSettings.SetApprovalMode(&approvalMode)
requestApprovalSettings.SetApprovalStages( []ApprovalStage {
msgraphsdk.NewApprovalStage(),
approvalStageTimeOutInDays := int32(14)
SetApprovalStageTimeOutInDays(&approvalStageTimeOutInDays)
isApproverJustificationRequired := true
SetIsApproverJustificationRequired(&isApproverJustificationRequired)
isEscalationEnabled := false
SetIsEscalationEnabled(&isEscalationEnabled)
escalationTimeInMinutes := int32(11520)
SetEscalationTimeInMinutes(&escalationTimeInMinutes)
SetPrimaryApprovers( []UserSet {
msgraphsdk.NewUserSet(),
isBackup := true
SetIsBackup(&isBackup)
SetAdditionalData(map[string]interface{}{
"@odata.type": "#microsoft.graph.groupMembers",
"id": "d2dcb9a1-a445-42ee-83a8-476522ed6cbf",
"description": "group for users from connected organizations which have no external sponsor",
}
msgraphsdk.NewUserSet(),
isBackup := false
SetIsBackup(&isBackup)
SetAdditionalData(map[string]interface{}{
"@odata.type": "#microsoft.graph.externalSponsors",
}
}
}
requestBody.SetQuestions( []AccessPackageQuestion {
msgraphsdk.NewAccessPackageQuestion(),
isRequired := false
SetIsRequired(&isRequired)
text := msgraphsdk.NewAccessPackageLocalizedContent()
SetText(text)
defaultText := "what state are you from?"
text.SetDefaultText(&defaultText)
text.SetLocalizedTexts( []AccessPackageLocalizedText {
msgraphsdk.NewAccessPackageLocalizedText(),
text := "¿De qué estado eres?"
SetText(&text)
languageCode := "es"
SetLanguageCode(&languageCode)
}
SetAdditionalData(map[string]interface{}{
"@odata.type": "#microsoft.graph.accessPackageMultipleChoiceQuestion",
"choices": []Object {
}
"allowsMultipleSelection": false,
}
msgraphsdk.NewAccessPackageQuestion(),
isRequired := false
SetIsRequired(&isRequired)
text := msgraphsdk.NewAccessPackageLocalizedContent()
SetText(text)
defaultText := "Who is your manager?"
text.SetDefaultText(&defaultText)
text.SetLocalizedTexts( []AccessPackageLocalizedText {
msgraphsdk.NewAccessPackageLocalizedText(),
text := "por qué necesita acceso a este paquete"
SetText(&text)
languageCode := "es"
SetLanguageCode(&languageCode)
}
SetAdditionalData(map[string]interface{}{
"@odata.type": "#microsoft.graph.accessPackageTextInputQuestion",
"isSingleLineQuestion": false,
}
}
result, err := graphClient.IdentityGovernance().EntitlementManagement().AccessPackageAssignmentPolicies().Post(requestBody)
Import-Module Microsoft.Graph.Identity.Governance
$params = @{
AccessPackageId = "b2eba9a1-b357-42ee-83a8-336522ed6cbf"
DisplayName = "Users from connected organizations can request"
Description = "Allow users from configured connected organizations to request and be approved by their sponsors"
CanExtend = $false
DurationInDays = 365
ExpirationDateTime = $null
RequestorSettings = @{
ScopeType = "AllExistingConnectedOrganizationSubjects"
AcceptRequests = $true
}
RequestApprovalSettings = @{
IsApprovalRequired = $true
IsApprovalRequiredForExtension = $false
IsRequestorJustificationRequired = $true
ApprovalMode = "SingleStage"
ApprovalStages = @(
@{
ApprovalStageTimeOutInDays = 14
IsApproverJustificationRequired = $true
IsEscalationEnabled = $false
EscalationTimeInMinutes = 11520
PrimaryApprovers = @(
@{
"@odata.type" = "#microsoft.graph.groupMembers"
IsBackup = $true
Id = "d2dcb9a1-a445-42ee-83a8-476522ed6cbf"
Description = "group for users from connected organizations which have no external sponsor"
}
@{
"@odata.type" = "#microsoft.graph.externalSponsors"
IsBackup = $false
}
)
}
)
}
Questions = @(
@{
IsRequired = $false
Text = @{
DefaultText = "what state are you from?"
LocalizedTexts = @(
@{
Text = "¿De qué estado eres?"
LanguageCode = "es"
}
)
}
"@odata.type" = "#microsoft.graph.accessPackageMultipleChoiceQuestion"
Choices = @(
)
AllowsMultipleSelection = $false
}
@{
IsRequired = $false
Text = @{
DefaultText = "Who is your manager?"
LocalizedTexts = @(
@{
Text = "por qué necesita acceso a este paquete"
LanguageCode = "es"
}
)
}
"@odata.type" = "#microsoft.graph.accessPackageTextInputQuestion"
IsSingleLineQuestion = $false
}
)
}
New-MgEntitlementManagementAccessPackageAssignmentPolicy -BodyParameter $params
响应
下面展示了示例响应。
注意: 为了提高可读性,可能缩短了此处显示的响应对象。
HTTP/1.1 201 Created
Content-type: application/json
{
"id": "4c02f928-7752-49aa-8fc8-e286d973a965",
"accessPackageId": "string (identifier)",
"displayName": "Users from connected organizations can request",
"description": "Allow users from configured connected organizations to request and be approved by their sponsors",
"questions": [{
"id" : "BD3F6B95-458D-4BC8-A9A6-8D4B29F64F3D",
"isRequired": false,
"text": {
"defaultText": "what state are you from?",
"localizedTexts": [{
"text": "¿De qué estado eres?",
"languageCode": "es"
}]
},
"@odata.type": "#microsoft.graph.accessPackageMultipleChoiceQuestion",
"choices": [{
"actualValue": "AZ",
"displayValue": {
"localizedTexts": [{
"text": "Arizona?",
"languageCode": "es"
}]
}
}, {
"actualValue": "CA",
"displayValue": {
"localizedTexts": [{
"text": "California",
"languageCode": "es"
}]
}
}, {
"actualValue": "OH",
"displayValue": {
"localizedTexts": [{
"text": "Ohio",
"languageCode": "es"
}]
}
}],
"allowsMultipleSelection": false
}, {
"id" : "F652C13C-A660-4E4C-A1E0-CE9FEC6EE57A",
"isRequired": false,
"text": {
"defaultText": "Who is your manager?",
"localizedTexts": [{
"text": "por qué necesita acceso a este paquete",
"languageCode": "es"
}]
},
"@odata.type": "#microsoft.graph.accessPackageTextInputQuestion",
"isSingleLineQuestion": false
}]
}
示例 4:创建策略并指定触发预定义自定义工作流扩展的阶段
请求
在下面的示例中,预定义的 customAccessPackageWorkflowExtension 对象是在创建访问包分配的请求时和授予请求时触发的。
POST https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageAssignmentPolicies
Content-type: application/json
{
"displayName": "extension-policy",
"description": "test",
"accessPackageId": "ba5807c7-2aa9-4c8a-907e-4a17ee587500",
"expiration": {
"type": "afterDuration",
"duration": "P365D"
},
"canExtend": false,
"requestApprovalSettings": null,
"requestorSettings": {
"acceptRequests": true,
"scopeType": "AllExistingDirectorySubjects",
"allowedRequestors": [],
"isOnBehalfAllowed": false
},
"accessReviewSettings": null,
"questions": [],
"customExtensionHandlers": [
{
"stage": "assignmentRequestCreated",
"customExtension": {
"id": "219f57b6-7983-45a1-be01-2c228b7a43f8" //customAccessPackageWorkflowExtension.id
}
},
{
"stage": "assignmentRequestGranted",
"customExtension": {
"id": "219f57b6-7983-45a1-be01-2c228b7a43f8"
}
}
]
}
const options = {
authProvider,
};
const client = Client.init(options);
const accessPackageAssignmentPolicy = {
displayName: 'extension-policy',
description: 'test',
accessPackageId: 'ba5807c7-2aa9-4c8a-907e-4a17ee587500',
expiration: {
type: 'afterDuration',
duration: 'P365D'
},
canExtend: false,
requestApprovalSettings: null,
requestorSettings: {
acceptRequests: true,
scopeType: 'AllExistingDirectorySubjects',
allowedRequestors: [],
isOnBehalfAllowed: false
},
accessReviewSettings: null,
questions: [],
customExtensionHandlers: [
{
stage: 'assignmentRequestCreated',
customExtension: {
id: '219f57b6-7983-45a1-be01-2c228b7a43f8' //customAccessPackageWorkflowExtension.id
}
},
{
stage: 'assignmentRequestGranted',
customExtension: {
id: '219f57b6-7983-45a1-be01-2c228b7a43f8'
}
}
]
};
await client.api('/identityGovernance/entitlementManagement/accessPackageAssignmentPolicies')
.version('beta')
.post(accessPackageAssignmentPolicy);
//THE GO SDK IS IN PREVIEW. NON-PRODUCTION USE ONLY
graphClient := msgraphsdk.NewGraphServiceClient(requestAdapter)
result, err := graphClient.IdentityGovernance().EntitlementManagement().AccessPackageAssignmentPolicies().Post()
响应
下面展示了示例响应。 默认情况下,不返回 customExtensionHandlers 对象。 若要检索此对象,请使用 GET 方法 $expand。 有关详细信息,请参阅检索策略 的自定义扩展处理程序
注意: 为了提高可读性,可能缩短了此处显示的响应对象。
HTTP/1.1 201 Created
Content-type: application/json
{
"id": "d0324cbb-24a2-4edb-acca-fee5384c6a5e",
"displayName": "extension-policy",
"description": "test",
"canExtend": false,
"durationInDays": 0,
"expirationDateTime": null,
"accessPackageId": "ba5807c7-2aa9-4c8a-907e-4a17ee587500",
"accessReviewSettings": null,
"questions": [],
"requestorSettings": {
"scopeType": "AllExistingDirectorySubjects",
"acceptRequests": true,
"allowedRequestors": []
},
"requestApprovalSettings": {
"isApprovalRequired": false,
"isApprovalRequiredForExtension": false,
"isRequestorJustificationRequired": false,
"approvalMode": "NoApproval",
"approvalStages": []
}
}