Create accessReview (deprecated)

Article
07/20/2022
8 minutes to read

Namespace: microsoft.graph

Important

APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.

Caution

This version of the access review API is deprecated and will stop returning data on May 19, 2023. Please use access reviews API.

In the Azure AD access reviews feature, create a new accessReview object.

Before making this request, the caller must have previously retrieved the list of business flow templates, to have the value of businessFlowTemplateId to include in the request.

After making this request, the caller should create a programControl, to link the access review to a program.

Permissions

One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.

Permission type	Permissions (from least to most privileged)
Delegated (work or school account)	AccessReview.ReadWrite.Membership, AccessReview.ReadWrite.All
Delegated (personal Microsoft account)	Not supported.
Application	AccessReview.ReadWrite.Membership

The caller should also have ProgramControl.ReadWrite.All permission, so that after creating an access review, the caller can create a programControl. In addition, the signed in user must also be in a directory role that permits them to create an access review. For more details, see the role and permission requirements for access reviews.

HTTP request

POST /accessReviews

Request headers

Name	Description
Authorization	Bearer {token}. Required.
Content-type	application/json. Required.

Request body

In the request body, supply a JSON representation of an accessReview object.

The following table shows the properties that are required when you create an accessReview.

Property	Type	Description
displayName	String	The access review name.
startDateTime	DateTimeOffset	The DateTime when the review is scheduled to be start. This must be a date in the future.
endDateTime	DateTimeOffset	The DateTime when the review is scheduled to end. This must be at least one day later than the start date.
description	String	The description, to show to the reviewers.
businessFlowTemplateId	String	The business flow template identifier, obtained from a businessFlowTemplate.
reviewerType	String	The relationship type of reviewer to the access rights of the reviewed object, one of `self`, `delegated`, or `entityOwners`.
reviewedEntity	identity	The object for which an access review is created, such as the membership of a group or the assignments of users to an application.

If the reviewerType has the value delegated, then the caller must also include the reviewers property, with a collection of userIdentity objects representing the reviewers.

If your app is calling this API without a signed-in user, then the caller must also include the createdBy property, the value for which is a userIdentity of the user who will be identified as the creator of the review.

In addition, the caller can include settings, to create a recurring review series or to change from the default review behavior. In particular, to create a recurring review, the caller must include the accessReviewRecurrenceSettings within the access review settings,

Response

If successful, this method returns a 201 Created response code and an accessReview object in the response body.

Example

This is an example of creating a one-time (not recurring) access review, explicitly specifying two users as the reviewers.

Request

In the request body, supply a JSON representation of the accessReview object.

POST https://graph.microsoft.com/beta/accessReviews
Content-type: application/json

{
    "displayName":"TestReview",
    "startDateTime":"2017-02-10T00:35:53.214Z",
    "endDateTime":"2017-03-12T00:35:53.214Z",
    "reviewedEntity": {
        "id": "99025615-a0b1-47ec-9117-35377b10998b"
    },
    "reviewerType" : "delegated",
    "businessFlowTemplateId": "6e4f3d20-c5c3-407f-9695-8460952bcc68",
    "description":"Sample description",
    "reviewers":
    [
        {
            "id":"f260246a-09b1-4fd5-8d18-daed736071ec"
        },
        {
            "id":"5a4e184c-4ee5-4883-96e9-b371f8da88e3"
        }
    ],
    "settings":
    {
        "mailNotificationsEnabled": true,
        "remindersEnabled": true,
        "justificationRequiredOnApproval":true,
        "autoReviewEnabled":false,
        "activityDurationInDays":30,
        "autoApplyReviewResultsEnabled":false,
        "accessRecommendationsEnabled":false,
        "recurrenceSettings":{
            "recurrenceType":"onetime",
            "recurrenceEndType":"endBy",
            "durationInDays":0,
            "recurrenceCount":0
        },
        "autoReviewSettings":{
            "notReviewedResult":"Deny"
        }
    }
}


GraphServiceClient graphClient = new GraphServiceClient( authProvider );

var accessReview = new AccessReview
{
	DisplayName = "TestReview",
	StartDateTime = DateTimeOffset.Parse("2017-02-10T00:35:53.214Z"),
	EndDateTime = DateTimeOffset.Parse("2017-03-12T00:35:53.214Z"),
	ReviewedEntity = new Identity
	{
		Id = "99025615-a0b1-47ec-9117-35377b10998b"
	},
	ReviewerType = "delegated",
	BusinessFlowTemplateId = "6e4f3d20-c5c3-407f-9695-8460952bcc68",
	Description = "Sample description",
	Reviewers = new AccessReviewReviewersCollectionPage()
	{
		new AccessReviewReviewer
		{
			Id = "f260246a-09b1-4fd5-8d18-daed736071ec"
		},
		new AccessReviewReviewer
		{
			Id = "5a4e184c-4ee5-4883-96e9-b371f8da88e3"
		}
	},
	Settings = new AccessReviewSettings
	{
		MailNotificationsEnabled = true,
		RemindersEnabled = true,
		JustificationRequiredOnApproval = true,
		AutoReviewEnabled = false,
		ActivityDurationInDays = 30,
		AutoApplyReviewResultsEnabled = false,
		AccessRecommendationsEnabled = false,
		RecurrenceSettings = new AccessReviewRecurrenceSettings
		{
			RecurrenceType = "onetime",
			RecurrenceEndType = "endBy",
			DurationInDays = 0,
			RecurrenceCount = 0
		},
		AutoReviewSettings = new AutoReviewSettings
		{
			NotReviewedResult = "Deny"
		}
	}
};

await graphClient.AccessReviews
	.Request()
	.AddAsync(accessReview);

Important

Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version. For details about accessing the beta API with the SDK, see Use the Microsoft Graph SDKs with the beta API.

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.


const options = {
	authProvider,
};

const client = Client.init(options);

const accessReview = {
    displayName: 'TestReview',
    startDateTime: '2017-02-10T00:35:53.214Z',
    endDateTime: '2017-03-12T00:35:53.214Z',
    reviewedEntity: {
        id: '99025615-a0b1-47ec-9117-35377b10998b'
    },
    reviewerType: 'delegated',
    businessFlowTemplateId: '6e4f3d20-c5c3-407f-9695-8460952bcc68',
    description: 'Sample description',
    reviewers: 
    [
        {
            id: 'f260246a-09b1-4fd5-8d18-daed736071ec'
        },
        {
            id: '5a4e184c-4ee5-4883-96e9-b371f8da88e3'
        }
    ],
    settings: 
    {
        mailNotificationsEnabled: true,
        remindersEnabled: true,
        justificationRequiredOnApproval: true,
        autoReviewEnabled: false,
        activityDurationInDays: 30,
        autoApplyReviewResultsEnabled: false,
        accessRecommendationsEnabled: false,
        recurrenceSettings: {
            recurrenceType: 'onetime',
            recurrenceEndType: 'endBy',
            durationInDays: 0,
            recurrenceCount: 0
        },
        autoReviewSettings: {
            notReviewedResult: 'Deny'
        }
    }
};

await client.api('/accessReviews')
	.version('beta')
	.post(accessReview);

Important

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.


GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();

AccessReview accessReview = new AccessReview();
accessReview.displayName = "TestReview";
accessReview.startDateTime = OffsetDateTimeSerializer.deserialize("2017-02-10T00:35:53.214Z");
accessReview.endDateTime = OffsetDateTimeSerializer.deserialize("2017-03-12T00:35:53.214Z");
Identity reviewedEntity = new Identity();
reviewedEntity.id = "99025615-a0b1-47ec-9117-35377b10998b";
accessReview.reviewedEntity = reviewedEntity;
accessReview.reviewerType = "delegated";
accessReview.businessFlowTemplateId = "6e4f3d20-c5c3-407f-9695-8460952bcc68";
accessReview.description = "Sample description";
LinkedList<AccessReviewReviewer> reviewersList = new LinkedList<AccessReviewReviewer>();
AccessReviewReviewer reviewers = new AccessReviewReviewer();
reviewers.id = "f260246a-09b1-4fd5-8d18-daed736071ec";
reviewersList.add(reviewers);
AccessReviewReviewer reviewers1 = new AccessReviewReviewer();
reviewers1.id = "5a4e184c-4ee5-4883-96e9-b371f8da88e3";
reviewersList.add(reviewers1);
AccessReviewReviewerCollectionResponse accessReviewReviewerCollectionResponse = new AccessReviewReviewerCollectionResponse();
accessReviewReviewerCollectionResponse.value = reviewersList;
AccessReviewReviewerCollectionPage accessReviewReviewerCollectionPage = new AccessReviewReviewerCollectionPage(accessReviewReviewerCollectionResponse, null);
accessReview.reviewers = accessReviewReviewerCollectionPage;
AccessReviewSettings settings = new AccessReviewSettings();
settings.mailNotificationsEnabled = true;
settings.remindersEnabled = true;
settings.justificationRequiredOnApproval = true;
settings.autoReviewEnabled = false;
settings.activityDurationInDays = 30;
settings.autoApplyReviewResultsEnabled = false;
settings.accessRecommendationsEnabled = false;
AccessReviewRecurrenceSettings recurrenceSettings = new AccessReviewRecurrenceSettings();
recurrenceSettings.recurrenceType = "onetime";
recurrenceSettings.recurrenceEndType = "endBy";
recurrenceSettings.durationInDays = 0;
recurrenceSettings.recurrenceCount = 0;
settings.recurrenceSettings = recurrenceSettings;
AutoReviewSettings autoReviewSettings = new AutoReviewSettings();
autoReviewSettings.notReviewedResult = "Deny";
settings.autoReviewSettings = autoReviewSettings;
accessReview.settings = settings;

graphClient.accessReviews()
	.buildRequest()
	.post(accessReview);

Important

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.


//THE GO SDK IS IN PREVIEW. NON-PRODUCTION USE ONLY
graphClient := msgraphsdk.NewGraphServiceClient(requestAdapter)

requestBody := graphmodels.NewAccessReview()
displayName := "TestReview"
requestBody.SetDisplayName(&displayName) 
startDateTime , err := time.Parse(time.RFC3339, "2017-02-10T00:35:53.214Z")
requestBody.SetStartDateTime(&startDateTime) 
endDateTime , err := time.Parse(time.RFC3339, "2017-03-12T00:35:53.214Z")
requestBody.SetEndDateTime(&endDateTime) 
reviewedEntity := graphmodels.NewIdentity()
id := "99025615-a0b1-47ec-9117-35377b10998b"
reviewedEntity.SetId(&id) 
requestBody.SetReviewedEntity(reviewedEntity)
reviewerType := "delegated"
requestBody.SetReviewerType(&reviewerType) 
businessFlowTemplateId := "6e4f3d20-c5c3-407f-9695-8460952bcc68"
requestBody.SetBusinessFlowTemplateId(&businessFlowTemplateId) 
description := "Sample description"
requestBody.SetDescription(&description) 


accessReviewReviewer := graphmodels.NewAccessReviewReviewer()
id := "f260246a-09b1-4fd5-8d18-daed736071ec"
accessReviewReviewer.SetId(&id) 
accessReviewReviewer1 := graphmodels.NewAccessReviewReviewer()
id := "5a4e184c-4ee5-4883-96e9-b371f8da88e3"
accessReviewReviewer1.SetId(&id) 

reviewers := []graphmodels.AccessReviewReviewerable {
	accessReviewReviewer,
	accessReviewReviewer1,

}
requestBody.SetReviewers(reviewers)
settings := graphmodels.NewAccessReviewSettings()
mailNotificationsEnabled := true
settings.SetMailNotificationsEnabled(&mailNotificationsEnabled) 
remindersEnabled := true
settings.SetRemindersEnabled(&remindersEnabled) 
justificationRequiredOnApproval := true
settings.SetJustificationRequiredOnApproval(&justificationRequiredOnApproval) 
autoReviewEnabled := false
settings.SetAutoReviewEnabled(&autoReviewEnabled) 
activityDurationInDays := int32(30)
settings.SetActivityDurationInDays(&activityDurationInDays) 
autoApplyReviewResultsEnabled := false
settings.SetAutoApplyReviewResultsEnabled(&autoApplyReviewResultsEnabled) 
accessRecommendationsEnabled := false
settings.SetAccessRecommendationsEnabled(&accessRecommendationsEnabled) 
recurrenceSettings := graphmodels.NewAccessReviewRecurrenceSettings()
recurrenceType := "onetime"
recurrenceSettings.SetRecurrenceType(&recurrenceType) 
recurrenceEndType := "endBy"
recurrenceSettings.SetRecurrenceEndType(&recurrenceEndType) 
durationInDays := int32(0)
recurrenceSettings.SetDurationInDays(&durationInDays) 
recurrenceCount := int32(0)
recurrenceSettings.SetRecurrenceCount(&recurrenceCount) 
settings.SetRecurrenceSettings(recurrenceSettings)
autoReviewSettings := graphmodels.NewAutoReviewSettings()
notReviewedResult := "Deny"
autoReviewSettings.SetNotReviewedResult(&notReviewedResult) 
settings.SetAutoReviewSettings(autoReviewSettings)
requestBody.SetSettings(settings)

result, err := graphClient.AccessReviews().Post(context.Background(), requestBody, nil)

Important

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.


Import-Module Microsoft.Graph.Identity.Governance

$params = @{
	DisplayName = "TestReview"
	StartDateTime = [System.DateTime]::Parse("2017-02-10T00:35:53.214Z")
	EndDateTime = [System.DateTime]::Parse("2017-03-12T00:35:53.214Z")
	ReviewedEntity = @{
		Id = "99025615-a0b1-47ec-9117-35377b10998b"
	}
	ReviewerType = "delegated"
	BusinessFlowTemplateId = "6e4f3d20-c5c3-407f-9695-8460952bcc68"
	Description = "Sample description"
	Reviewers = @(
		@{
			Id = "f260246a-09b1-4fd5-8d18-daed736071ec"
		}
		@{
			Id = "5a4e184c-4ee5-4883-96e9-b371f8da88e3"
		}
	)
	Settings = @{
		MailNotificationsEnabled = $true
		RemindersEnabled = $true
		JustificationRequiredOnApproval = $true
		AutoReviewEnabled = $false
		ActivityDurationInDays = 30
		AutoApplyReviewResultsEnabled = $false
		AccessRecommendationsEnabled = $false
		RecurrenceSettings = @{
			RecurrenceType = "onetime"
			RecurrenceEndType = "endBy"
			DurationInDays = 0
			RecurrenceCount = 0
		}
		AutoReviewSettings = @{
			NotReviewedResult = "Deny"
		}
	}
}

New-MgAccessReview -BodyParameter $params

Important

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.


<?php

// THIS SNIPPET IS A PREVIEW FOR THE KIOTA BASED SDK. NON-PRODUCTION USE ONLY
$graphServiceClient = new GraphServiceClient($requestAdapter);

$requestBody = new AccessReview();
$requestBody->setDisplayName('TestReview');

$requestBody->setStartDateTime(new DateTime('2017-02-10T00:35:53.214Z'));

$requestBody->setEndDateTime(new DateTime('2017-03-12T00:35:53.214Z'));

$reviewedEntity = new Identity();
$reviewedEntity->setId('99025615-a0b1-47ec-9117-35377b10998b');


$requestBody->setReviewedEntity($reviewedEntity);
$requestBody->setReviewerType('delegated');

$requestBody->setBusinessFlowTemplateId('6e4f3d20-c5c3-407f-9695-8460952bcc68');

$requestBody->setDescription('Sample description');

$reviewersAccessReviewReviewer1 = new AccessReviewReviewer();
$reviewersAccessReviewReviewer1->setId('f260246a-09b1-4fd5-8d18-daed736071ec');


$reviewersArray []= $reviewersAccessReviewReviewer1;
$reviewersAccessReviewReviewer2 = new AccessReviewReviewer();
$reviewersAccessReviewReviewer2->setId('5a4e184c-4ee5-4883-96e9-b371f8da88e3');


$reviewersArray []= $reviewersAccessReviewReviewer2;
$requestBody->setReviewers($reviewersArray);


$settings = new AccessReviewSettings();
$settings->setMailNotificationsEnabled(true);

$settings->setRemindersEnabled(true);

$settings->setJustificationRequiredOnApproval(true);

$settings->setAutoReviewEnabled(false);

$settings->setActivityDurationInDays(30);

$settings->setAutoApplyReviewResultsEnabled(false);

$settings->setAccessRecommendationsEnabled(false);

$settingsRecurrenceSettings = new AccessReviewRecurrenceSettings();
$settingsRecurrenceSettings->setRecurrenceType('onetime');

$settingsRecurrenceSettings->setRecurrenceEndType('endBy');

$settingsRecurrenceSettings->setDurationInDays(0);

$settingsRecurrenceSettings->setRecurrenceCount(0);


$settings->setRecurrenceSettings($settingsRecurrenceSettings);
$settingsAutoReviewSettings = new AutoReviewSettings();
$settingsAutoReviewSettings->setNotReviewedResult('Deny');


$settings->setAutoReviewSettings($settingsAutoReviewSettings);

$requestBody->setSettings($settings);


$requestResult = $graphServiceClient->accessReviews()->post($requestBody);

Important

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

Response

Note: The response object shown here might be shortened for readability.

HTTP/1.1 201 Created
Content-type: application/json

{
    "id": "006111db-0810-4494-a6df-904d368bd81b",
    "displayName": "TestReview",
    "startDateTime": "2017-02-10T00:35:53.214Z",
    "endDateTime": "2017-03-12T00:35:53.214Z",
    "status": "Initializing",
    "businessFlowTemplateId": "6e4f3d20-c5c3-407f-9695-8460952bcc68",
    "reviewerType": "delegated",
    "description": "Sample description"
}

Create accessReview (deprecated)

Permissions

HTTP request

Request headers

Request body

Response

Example

Request

Response

Feedback

Additional resources

Additional resources