Microsoft.Authorization accessReviewScheduleDefinitions
Bicep resource definition
The accessReviewScheduleDefinitions resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Authorization/accessReviewScheduleDefinitions resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Authorization/accessReviewScheduleDefinitions@2021-12-01-preview' = {
name: 'string'
backupReviewers: [
{
principalId: 'string'
}
]
descriptionForAdmins: 'string'
descriptionForReviewers: 'string'
displayName: 'string'
instances: [
{
properties: {
backupReviewers: [
{
principalId: 'string'
}
]
endDateTime: 'string'
reviewers: [
{
principalId: 'string'
}
]
startDateTime: 'string'
}
}
]
reviewers: [
{
principalId: 'string'
}
]
settings: {
autoApplyDecisionsEnabled: bool
defaultDecision: 'string'
defaultDecisionEnabled: bool
instanceDurationInDays: int
justificationRequiredOnApproval: bool
mailNotificationsEnabled: bool
recommendationLookBackDuration: 'string'
recommendationsEnabled: bool
recurrence: {
pattern: {
interval: int
type: 'string'
}
range: {
endDate: 'string'
numberOfOccurrences: int
startDate: 'string'
type: 'string'
}
}
reminderNotificationsEnabled: bool
}
}
Property values
accessReviewScheduleDefinitions
| Name | Description | Value |
|---|---|---|
| name | The resource name | string (required) |
| backupReviewers | This is the collection of backup reviewers. | AccessReviewReviewer[] |
| descriptionForAdmins | The description provided by the access review creator and visible to admins. | string |
| descriptionForReviewers | The description provided by the access review creator to be shown to reviewers. | string |
| displayName | The display name for the schedule definition. | string |
| instances | This is the collection of instances returned when one does an expand on it. | AccessReviewInstance[] |
| reviewers | This is the collection of reviewers. | AccessReviewReviewer[] |
| settings | Access Review Settings. | AccessReviewScheduleSettings |
AccessReviewReviewer
| Name | Description | Value |
|---|---|---|
| principalId | The id of the reviewer(user/servicePrincipal) | string |
AccessReviewInstance
| Name | Description | Value |
|---|---|---|
| properties | Access Review properties. | AccessReviewInstanceProperties |
AccessReviewInstanceProperties
| Name | Description | Value |
|---|---|---|
| backupReviewers | This is the collection of backup reviewers. | AccessReviewReviewer[] |
| endDateTime | The DateTime when the review instance is scheduled to end. | string |
| reviewers | This is the collection of reviewers. | AccessReviewReviewer[] |
| startDateTime | The DateTime when the review instance is scheduled to be start. | string |
AccessReviewScheduleSettings
| Name | Description | Value |
|---|---|---|
| autoApplyDecisionsEnabled | Flag to indicate whether auto-apply capability, to automatically change the target object access resource, is enabled. If not enabled, a user must, after the review completes, apply the access review. | bool |
| defaultDecision | This specifies the behavior for the autoReview feature when an access review completes. | 'Approve' 'Deny' 'Recommendation' |
| defaultDecisionEnabled | Flag to indicate whether reviewers are required to provide a justification when reviewing access. | bool |
| instanceDurationInDays | The duration in days for an instance. | int |
| justificationRequiredOnApproval | Flag to indicate whether the reviewer is required to pass justification when recording a decision. | bool |
| mailNotificationsEnabled | Flag to indicate whether sending mails to reviewers and the review creator is enabled. | bool |
| recommendationLookBackDuration | Recommendations for access reviews are calculated by looking back at 30 days of data(w.r.t the start date of the review) by default. However, in some scenarios, customers want to change how far back to look at and want to configure 60 days, 90 days, etc. instead. This setting allows customers to configure this duration. The value should be in ISO 8601 format (http://en.wikipedia.org/wiki/ISO_8601#Durations).This code can be used to convert TimeSpan to a valid interval string: XmlConvert.ToString(new TimeSpan(hours, minutes, seconds)) | string |
| recommendationsEnabled | Flag to indicate whether showing recommendations to reviewers is enabled. | bool |
| recurrence | Access Review Settings. | AccessReviewRecurrenceSettings |
| reminderNotificationsEnabled | Flag to indicate whether sending reminder emails to reviewers are enabled. | bool |
AccessReviewRecurrenceSettings
| Name | Description | Value |
|---|---|---|
| pattern | Access Review schedule definition recurrence pattern. | AccessReviewRecurrencePattern |
| range | Access Review schedule definition recurrence range. | AccessReviewRecurrenceRange |
AccessReviewRecurrencePattern
| Name | Description | Value |
|---|---|---|
| interval | The interval for recurrence. For a quarterly review, the interval is 3 for type : absoluteMonthly. | int |
| type | The recurrence type : weekly, monthly, etc. | 'absoluteMonthly' 'weekly' |
AccessReviewRecurrenceRange
| Name | Description | Value |
|---|---|---|
| endDate | The DateTime when the review is scheduled to end. Required if type is endDate | string |
| numberOfOccurrences | The number of times to repeat the access review. Required and must be positive if type is numbered. | int |
| startDate | The DateTime when the review is scheduled to be start. This could be a date in the future. Required on create. | string |
| type | The recurrence range type. The possible values are: endDate, noEnd, numbered. | 'endDate' 'noEnd' 'numbered' |
ARM template resource definition
The accessReviewScheduleDefinitions resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Authorization/accessReviewScheduleDefinitions resource, add the following JSON to your template.
{
"type": "Microsoft.Authorization/accessReviewScheduleDefinitions",
"apiVersion": "2021-12-01-preview",
"name": "string",
"backupReviewers": [
{
"principalId": "string"
}
],
"descriptionForAdmins": "string",
"descriptionForReviewers": "string",
"displayName": "string",
"instances": [
{
"properties": {
"backupReviewers": [
{
"principalId": "string"
}
],
"endDateTime": "string",
"reviewers": [
{
"principalId": "string"
}
],
"startDateTime": "string"
}
}
],
"reviewers": [
{
"principalId": "string"
}
],
"settings": {
"autoApplyDecisionsEnabled": "bool",
"defaultDecision": "string",
"defaultDecisionEnabled": "bool",
"instanceDurationInDays": "int",
"justificationRequiredOnApproval": "bool",
"mailNotificationsEnabled": "bool",
"recommendationLookBackDuration": "string",
"recommendationsEnabled": "bool",
"recurrence": {
"pattern": {
"interval": "int",
"type": "string"
},
"range": {
"endDate": "string",
"numberOfOccurrences": "int",
"startDate": "string",
"type": "string"
}
},
"reminderNotificationsEnabled": "bool"
}
}
Property values
accessReviewScheduleDefinitions
| Name | Description | Value |
|---|---|---|
| type | The resource type | 'Microsoft.Authorization/accessReviewScheduleDefinitions' |
| apiVersion | The resource api version | '2021-12-01-preview' |
| name | The resource name | string (required) |
| backupReviewers | This is the collection of backup reviewers. | AccessReviewReviewer[] |
| descriptionForAdmins | The description provided by the access review creator and visible to admins. | string |
| descriptionForReviewers | The description provided by the access review creator to be shown to reviewers. | string |
| displayName | The display name for the schedule definition. | string |
| instances | This is the collection of instances returned when one does an expand on it. | AccessReviewInstance[] |
| reviewers | This is the collection of reviewers. | AccessReviewReviewer[] |
| settings | Access Review Settings. | AccessReviewScheduleSettings |
AccessReviewReviewer
| Name | Description | Value |
|---|---|---|
| principalId | The id of the reviewer(user/servicePrincipal) | string |
AccessReviewInstance
| Name | Description | Value |
|---|---|---|
| properties | Access Review properties. | AccessReviewInstanceProperties |
AccessReviewInstanceProperties
| Name | Description | Value |
|---|---|---|
| backupReviewers | This is the collection of backup reviewers. | AccessReviewReviewer[] |
| endDateTime | The DateTime when the review instance is scheduled to end. | string |
| reviewers | This is the collection of reviewers. | AccessReviewReviewer[] |
| startDateTime | The DateTime when the review instance is scheduled to be start. | string |
AccessReviewScheduleSettings
| Name | Description | Value |
|---|---|---|
| autoApplyDecisionsEnabled | Flag to indicate whether auto-apply capability, to automatically change the target object access resource, is enabled. If not enabled, a user must, after the review completes, apply the access review. | bool |
| defaultDecision | This specifies the behavior for the autoReview feature when an access review completes. | 'Approve' 'Deny' 'Recommendation' |
| defaultDecisionEnabled | Flag to indicate whether reviewers are required to provide a justification when reviewing access. | bool |
| instanceDurationInDays | The duration in days for an instance. | int |
| justificationRequiredOnApproval | Flag to indicate whether the reviewer is required to pass justification when recording a decision. | bool |
| mailNotificationsEnabled | Flag to indicate whether sending mails to reviewers and the review creator is enabled. | bool |
| recommendationLookBackDuration | Recommendations for access reviews are calculated by looking back at 30 days of data(w.r.t the start date of the review) by default. However, in some scenarios, customers want to change how far back to look at and want to configure 60 days, 90 days, etc. instead. This setting allows customers to configure this duration. The value should be in ISO 8601 format (http://en.wikipedia.org/wiki/ISO_8601#Durations).This code can be used to convert TimeSpan to a valid interval string: XmlConvert.ToString(new TimeSpan(hours, minutes, seconds)) | string |
| recommendationsEnabled | Flag to indicate whether showing recommendations to reviewers is enabled. | bool |
| recurrence | Access Review Settings. | AccessReviewRecurrenceSettings |
| reminderNotificationsEnabled | Flag to indicate whether sending reminder emails to reviewers are enabled. | bool |
AccessReviewRecurrenceSettings
| Name | Description | Value |
|---|---|---|
| pattern | Access Review schedule definition recurrence pattern. | AccessReviewRecurrencePattern |
| range | Access Review schedule definition recurrence range. | AccessReviewRecurrenceRange |
AccessReviewRecurrencePattern
| Name | Description | Value |
|---|---|---|
| interval | The interval for recurrence. For a quarterly review, the interval is 3 for type : absoluteMonthly. | int |
| type | The recurrence type : weekly, monthly, etc. | 'absoluteMonthly' 'weekly' |
AccessReviewRecurrenceRange
| Name | Description | Value |
|---|---|---|
| endDate | The DateTime when the review is scheduled to end. Required if type is endDate | string |
| numberOfOccurrences | The number of times to repeat the access review. Required and must be positive if type is numbered. | int |
| startDate | The DateTime when the review is scheduled to be start. This could be a date in the future. Required on create. | string |
| type | The recurrence range type. The possible values are: endDate, noEnd, numbered. | 'endDate' 'noEnd' 'numbered' |
Terraform (AzAPI provider) resource definition
The accessReviewScheduleDefinitions resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Authorization/accessReviewScheduleDefinitions resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Authorization/accessReviewScheduleDefinitions@2021-12-01-preview"
name = "string"
parent_id = "string"
body = jsonencode({
backupReviewers = [
{
principalId = "string"
}
]
descriptionForAdmins = "string"
descriptionForReviewers = "string"
displayName = "string"
instances = [
{
properties = {
backupReviewers = [
{
principalId = "string"
}
]
endDateTime = "string"
reviewers = [
{
principalId = "string"
}
]
startDateTime = "string"
}
}
]
reviewers = [
{
principalId = "string"
}
]
settings = {
autoApplyDecisionsEnabled = bool
defaultDecision = "string"
defaultDecisionEnabled = bool
instanceDurationInDays = int
justificationRequiredOnApproval = bool
mailNotificationsEnabled = bool
recommendationLookBackDuration = "string"
recommendationsEnabled = bool
recurrence = {
pattern = {
interval = int
type = "string"
}
range = {
endDate = "string"
numberOfOccurrences = int
startDate = "string"
type = "string"
}
}
reminderNotificationsEnabled = bool
}
})
}
Property values
accessReviewScheduleDefinitions
| Name | Description | Value |
|---|---|---|
| type | The resource type | "Microsoft.Authorization/accessReviewScheduleDefinitions@2021-12-01-preview" |
| name | The resource name | string (required) |
| parent_id | To deploy to a resource group, use the ID of that resource group. | string (required) |
| backupReviewers | This is the collection of backup reviewers. | AccessReviewReviewer[] |
| descriptionForAdmins | The description provided by the access review creator and visible to admins. | string |
| descriptionForReviewers | The description provided by the access review creator to be shown to reviewers. | string |
| displayName | The display name for the schedule definition. | string |
| instances | This is the collection of instances returned when one does an expand on it. | AccessReviewInstance[] |
| reviewers | This is the collection of reviewers. | AccessReviewReviewer[] |
| settings | Access Review Settings. | AccessReviewScheduleSettings |
AccessReviewReviewer
| Name | Description | Value |
|---|---|---|
| principalId | The id of the reviewer(user/servicePrincipal) | string |
AccessReviewInstance
| Name | Description | Value |
|---|---|---|
| properties | Access Review properties. | AccessReviewInstanceProperties |
AccessReviewInstanceProperties
| Name | Description | Value |
|---|---|---|
| backupReviewers | This is the collection of backup reviewers. | AccessReviewReviewer[] |
| endDateTime | The DateTime when the review instance is scheduled to end. | string |
| reviewers | This is the collection of reviewers. | AccessReviewReviewer[] |
| startDateTime | The DateTime when the review instance is scheduled to be start. | string |
AccessReviewScheduleSettings
| Name | Description | Value |
|---|---|---|
| autoApplyDecisionsEnabled | Flag to indicate whether auto-apply capability, to automatically change the target object access resource, is enabled. If not enabled, a user must, after the review completes, apply the access review. | bool |
| defaultDecision | This specifies the behavior for the autoReview feature when an access review completes. | "Approve" "Deny" "Recommendation" |
| defaultDecisionEnabled | Flag to indicate whether reviewers are required to provide a justification when reviewing access. | bool |
| instanceDurationInDays | The duration in days for an instance. | int |
| justificationRequiredOnApproval | Flag to indicate whether the reviewer is required to pass justification when recording a decision. | bool |
| mailNotificationsEnabled | Flag to indicate whether sending mails to reviewers and the review creator is enabled. | bool |
| recommendationLookBackDuration | Recommendations for access reviews are calculated by looking back at 30 days of data(w.r.t the start date of the review) by default. However, in some scenarios, customers want to change how far back to look at and want to configure 60 days, 90 days, etc. instead. This setting allows customers to configure this duration. The value should be in ISO 8601 format (http://en.wikipedia.org/wiki/ISO_8601#Durations).This code can be used to convert TimeSpan to a valid interval string: XmlConvert.ToString(new TimeSpan(hours, minutes, seconds)) | string |
| recommendationsEnabled | Flag to indicate whether showing recommendations to reviewers is enabled. | bool |
| recurrence | Access Review Settings. | AccessReviewRecurrenceSettings |
| reminderNotificationsEnabled | Flag to indicate whether sending reminder emails to reviewers are enabled. | bool |
AccessReviewRecurrenceSettings
| Name | Description | Value |
|---|---|---|
| pattern | Access Review schedule definition recurrence pattern. | AccessReviewRecurrencePattern |
| range | Access Review schedule definition recurrence range. | AccessReviewRecurrenceRange |
AccessReviewRecurrencePattern
| Name | Description | Value |
|---|---|---|
| interval | The interval for recurrence. For a quarterly review, the interval is 3 for type : absoluteMonthly. | int |
| type | The recurrence type : weekly, monthly, etc. | "absoluteMonthly" "weekly" |
AccessReviewRecurrenceRange
| Name | Description | Value |
|---|---|---|
| endDate | The DateTime when the review is scheduled to end. Required if type is endDate | string |
| numberOfOccurrences | The number of times to repeat the access review. Required and must be positive if type is numbered. | int |
| startDate | The DateTime when the review is scheduled to be start. This could be a date in the future. Required on create. | string |
| type | The recurrence range type. The possible values are: endDate, noEnd, numbered. | "endDate" "noEnd" "numbered" |