Create accessReview (deprecated)

Namespace: microsoft.graph


APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.


This version of the access review API is deprecated and will stop returning data on May 19, 2023. Please use access reviews API.

In the Azure AD access reviews feature, create a new accessReview object.

Before making this request, the caller must have previously retrieved the list of business flow templates, to have the value of businessFlowTemplateId to include in the request.

After making this request, the caller should create a programControl, to link the access review to a program.


One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.

Permission type Permissions (from least to most privileged)
Delegated (work or school account) AccessReview.ReadWrite.Membership, AccessReview.ReadWrite.All
Delegated (personal Microsoft account) Not supported.
Application AccessReview.ReadWrite.Membership

The caller should also have ProgramControl.ReadWrite.All permission, so that after creating an access review, the caller can create a programControl. In addition, the signed in user must also be in a directory role that permits them to create an access review. For more details, see the role and permission requirements for access reviews.

HTTP request

POST /accessReviews

Request headers

Name Description
Authorization Bearer {token}. Required.
Content-type application/json. Required.

Request body

In the request body, supply a JSON representation of an accessReview object.

The following table shows the properties that are required when you create an accessReview.

Property Type Description
displayName String The access review name.
startDateTime DateTimeOffset The DateTime when the review is scheduled to be start. This must be a date in the future.
endDateTime DateTimeOffset The DateTime when the review is scheduled to end. This must be at least one day later than the start date.
description String The description, to show to the reviewers.
businessFlowTemplateId String The business flow template identifier, obtained from a businessFlowTemplate.
reviewerType String The relationship type of reviewer to the access rights of the reviewed object, one of self, delegated, or entityOwners.
reviewedEntity identity The object for which an access review is created, such as the membership of a group or the assignments of users to an application.

If the reviewerType has the value delegated, then the caller must also include the reviewers property, with a collection of userIdentity objects representing the reviewers.

If your app is calling this API without a signed-in user, then the caller must also include the createdBy property, the value for which is a userIdentity of the user who will be identified as the creator of the review.

In addition, the caller can include settings, to create a recurring review series or to change from the default review behavior. In particular, to create a recurring review, the caller must include the accessReviewRecurrenceSettings within the access review settings,


If successful, this method returns a 201 Created response code and an accessReview object in the response body.


This is an example of creating a one-time (not recurring) access review, explicitly specifying two users as the reviewers.


In the request body, supply a JSON representation of the accessReview object.

Content-type: application/json

    "reviewedEntity": {
        "id": "99025615-a0b1-47ec-9117-35377b10998b"
    "reviewerType" : "delegated",
    "businessFlowTemplateId": "6e4f3d20-c5c3-407f-9695-8460952bcc68",
    "description":"Sample description",
        "mailNotificationsEnabled": true,
        "remindersEnabled": true,


Note: The response object shown here might be shortened for readability.

HTTP/1.1 201 Created
Content-type: application/json

    "id": "006111db-0810-4494-a6df-904d368bd81b",
    "displayName": "TestReview",
    "startDateTime": "2017-02-10T00:35:53.214Z",
    "endDateTime": "2017-03-12T00:35:53.214Z",
    "status": "Initializing",
    "businessFlowTemplateId": "6e4f3d20-c5c3-407f-9695-8460952bcc68",
    "reviewerType": "delegated",
    "description": "Sample description"