Share via

Error "Request doesn't allow Self-Approval" while get roleAssignmentApprovals from Management Azure API

Abdulrahman Elheyb 20 Reputation points
2025-09-03T11:51:37.9666667+00:00

I am trying get my PIM Azure resource requests using API and get approval steps but doesn't work I getting an error "Request doesn't allow Self-Approval" I tried use $filter=asTarget or asCreatedBy or as Approver but doesn't work when I trying to get my request approval steps

Resources:
https://management.azure.com/providers/Microsoft.Authorization/roleAssignmentApprovals/{approvalId}?api-version=2021-01-01-preview

Microsoft Security | Microsoft Entra | Microsoft Entra ID

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2025-09-16T10:59:10.05+00:00

    Hi Abdulrahman Elheyb,

    Thank you for posting your query on Microsoft Q&A.

    Based on your description, you are encountering the error message "Request doesn't allow Self-Approval" when trying to retrieve role assignment approval steps using the Azure Management API. This error typically occurs because the system prohibits users from approving their own requests in Privileged Identity Management (PIM).

    • The error "Request doesn't allow Self-Approval" indicates that the user who created the approval request (the requester) is the same user attempting to approve it. Azure PIM enforces separation of duties and does not allow self-approval of role activation or assignment requests.
    • Even if you are listed as an approver, you must have another authorized user approve your requests.
    • The API filters you tried ($filter=asTarget, $filter=asCreatedBy, $filter=asApprover) do not bypass this restriction and are used to retrieve approval requests based on the user's role but do not change the self-approval policy behavior.

    Next Steps and Recommendations:

    1. Confirm User Roles: Ensure that the user making the API call is not the one who submitted the request. Approval must come from a different user assigned as an approver.
    2. Use Correct API Version: Verify that you are using the supported and stable API version (currently 2021-01-01-preview is valid for roleAssignmentApprovals).
    3. Sample API Call: To list approval requests assigned to you as an approver, you can use:
    GET https://management.azure.com/providers/Microsoft.Authorization/roleAssignmentApprovals?api-version=2021-01-01-preview&$filter=asApprover eq 'user_object_id'

    Replace 'user_object_id' with the object ID of the user who is the approver.

    1. Get Approval Steps: Once you have the approval ID, you can get details of approval stages via:
    GET https://management.azure.com/providers/Microsoft.Authorization/roleAssignmentApprovals/{approvalId}/stages?api-version=2021-01-01-preview
    1. Approval Process: If you need your request approved, coordinate with another eligible approver in your organization who has permissions to approve the request.

    References:

    Please "Accept as Answer" if the answer provided is useful, so that you can help others in the community looking for remediation for similar issues.

    Was this answer helpful?

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.