Create historyDefinitions
Article
03/02/2023
6 minutes to read
4 contributors
Feedback
In this article
Namespace: microsoft.graph
Create a new accessReviewHistoryDefinition object.
Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions .
Permission type
Permissions (from least to most privileged)
Delegated (work or school account)
AccessReview.ReadWrite.All
Delegated (personal Microsoft account)
Not supported.
Application
AccessReview.ReadWrite.All
The signed-in user must also be in a directory role that permits them to read an access review to retrieve any data. For more details, see the role and permission requirements for access reviews .
HTTP request
POST /identityGovernance/accessReviews/historyDefinitions
Name
Description
Authorization
Bearer {token}. Required.
Content-Type
application/json. Required.
Request body
In the request body, supply a JSON representation of the accessReviewHistoryDefinition object.
The following table shows the required properties used to create an accessReviewHistoryDefinition .
Property
Type
Description
displayName
String
Name for the access review history data collection. Required.
reviewHistoryPeriodStartDateTime
DateTimeOffset
A timestamp. Reviews starting on or after this date will be included in the fetched history data. Only required if scheduleSettings is not defined.
reviewHistoryPeriodEndDateTime
DateTimeOffset
A timestamp. Reviews starting on or before this date will be included in the fetched history data. Only required if scheduleSettings is not defined.
scopes
accessReviewQueryScope collection
Used to filter which reviews are included in the fetched history data. Fetches reviews whose scope matches with this provided scope. Required. For more, see Supported scope queries for accessReviewHistoryDefinition .
scheduleSettings
accessReviewHistoryScheduleSettings
Not supported yet. The settings for a recurring access review history definition series. Only required if reviewHistoryPeriodStartDateTime or reviewHistoryPeriodEndDateTime are not defined.
Supported scope queries for accessReviewHistoryDefinition
The scopes property of accessReviewHistoryDefinition is based on accessReviewQueryScope , a resource that allows you to configure different resources in it's query property. These resources then represent the scope of the history definition and dictate the type of review history data that is included in the downloadable CSV file which is generated when the history definition's accessReviewHistoryInstances are created.
The $filter
query parameter with the contains
operator is supported on the scope property of accessReviewScheduleDefinition . Use the following format for the request:
/identityGovernance/accessReviews/definitions?$filter=contains(scope/microsoft.graph.accessReviewQueryScope/query, '{object}')
The value of {object}
can be one of the following:
Value
Description
/groups
List every accessReviewScheduleDefinition on individual groups (excludes definitions scoped to all Microsoft 365 groups with guest users).
/groups/{group id}
List every accessReviewScheduleDefinition on a specific group (excludes definitions scoped to all Microsoft 365 groups with guest users).
./members
List every accessReviewScheduleDefinition scoped to all Microsoft 365 groups with guest users.
accessPackageAssignments
List every accessReviewScheduleDefinition on an access package.
roleAssignmentScheduleInstances
List every accessReviewScheduleDefinition for principals that are assigned to a privileged role.
The $filter
query parameter is not supported on accessReviewInactiveUserQueryScope or principalResourceMembershipScope .
Response
If successful, this method returns a 201 Created
response code and an accessReviewHistoryDefinition object in the response body.
Examples
The following example shows how to create an access review history definition scoped to access reviews on access packages and groups, running between the start date of 01/01/2021 and end date of 04/05/2021.
Request
POST https://graph.microsoft.com/v1.0/identityGovernance/accessReviews/historyDefinitions
Content-Type: application/json
{
"displayName": "Last quarter's group reviews April 2021",
"decisions": [
"approve",
"deny",
"dontKnow",
"notReviewed",
"notNotified"
],
"reviewHistoryPeriodStartDateTime": "2021-01-01T00:00:00Z",
"reviewHistoryPeriodEndDateTime": "2021-04-30T23:59:59Z",
"scopes": [
{
"@odata.type": "#microsoft.graph.accessReviewQueryScope",
"queryType": "MicrosoftGraph",
"query": "/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, 'accessPackageAssignments')",
"queryRoot": null
},
{
"@odata.type": "#microsoft.graph.accessReviewQueryScope",
"queryType": "MicrosoftGraph",
"query": "/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, '/groups')",
"queryRoot": null
}
]
}
var graphClient = new GraphServiceClient(requestAdapter);
var requestBody = new AccessReviewHistoryDefinition
{
DisplayName = "Last quarter's group reviews April 2021",
Decisions = new List<AccessReviewHistoryDecisionFilter?>
{
AccessReviewHistoryDecisionFilter.Approve,
AccessReviewHistoryDecisionFilter.Deny,
AccessReviewHistoryDecisionFilter.DontKnow,
AccessReviewHistoryDecisionFilter.NotReviewed,
AccessReviewHistoryDecisionFilter.NotNotified,
},
ReviewHistoryPeriodStartDateTime = DateTimeOffset.Parse("2021-01-01T00:00:00Z"),
ReviewHistoryPeriodEndDateTime = DateTimeOffset.Parse("2021-04-30T23:59:59Z"),
Scopes = new List<AccessReviewScope>
{
new AccessReviewScope
{
OdataType = "#microsoft.graph.accessReviewQueryScope",
AdditionalData = new Dictionary<string, object>
{
{
"queryType" , "MicrosoftGraph"
},
{
"query" , "/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, 'accessPackageAssignments')"
},
{
"queryRoot" , null
},
},
},
new AccessReviewScope
{
OdataType = "#microsoft.graph.accessReviewQueryScope",
AdditionalData = new Dictionary<string, object>
{
{
"queryType" , "MicrosoftGraph"
},
{
"query" , "/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, '/groups')"
},
{
"queryRoot" , null
},
},
},
},
};
var result = await graphClient.IdentityGovernance.AccessReviews.HistoryDefinitions.PostAsync(requestBody);
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation .
const options = {
authProvider,
};
const client = Client.init(options);
const accessReviewHistoryDefinition = {
displayName: 'Last quarter\'s group reviews April 2021',
decisions: [
'approve',
'deny',
'dontKnow',
'notReviewed',
'notNotified'
],
reviewHistoryPeriodStartDateTime: '2021-01-01T00:00:00Z',
reviewHistoryPeriodEndDateTime: '2021-04-30T23:59:59Z',
scopes: [
{
'@odata.type': '#microsoft.graph.accessReviewQueryScope',
queryType: 'MicrosoftGraph',
query: '/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, \'accessPackageAssignments\')',
queryRoot: null
},
{
'@odata.type': '#microsoft.graph.accessReviewQueryScope',
queryType: 'MicrosoftGraph',
query: '/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, \'/groups\')',
queryRoot: null
}
]
};
await client.api('/identityGovernance/accessReviews/historyDefinitions')
.post(accessReviewHistoryDefinition);
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation .
GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();
AccessReviewHistoryDefinition accessReviewHistoryDefinition = new AccessReviewHistoryDefinition();
accessReviewHistoryDefinition.displayName = "Last quarter's group reviews April 2021";
LinkedList<AccessReviewHistoryDecisionFilter> decisionsList = new LinkedList<AccessReviewHistoryDecisionFilter>();
decisionsList.add(AccessReviewHistoryDecisionFilter.APPROVE);
decisionsList.add(AccessReviewHistoryDecisionFilter.DENY);
decisionsList.add(AccessReviewHistoryDecisionFilter.DONT_KNOW);
decisionsList.add(AccessReviewHistoryDecisionFilter.NOT_REVIEWED);
decisionsList.add(AccessReviewHistoryDecisionFilter.NOT_NOTIFIED);
accessReviewHistoryDefinition.decisions = decisionsList;
accessReviewHistoryDefinition.reviewHistoryPeriodStartDateTime = OffsetDateTimeSerializer.deserialize("2021-01-01T00:00:00Z");
accessReviewHistoryDefinition.reviewHistoryPeriodEndDateTime = OffsetDateTimeSerializer.deserialize("2021-04-30T23:59:59Z");
LinkedList<AccessReviewScope> scopesList = new LinkedList<AccessReviewScope>();
AccessReviewQueryScope scopes = new AccessReviewQueryScope();
scopes.queryType = "MicrosoftGraph";
scopes.query = "/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, 'accessPackageAssignments')";
scopes.queryRoot = null;
scopesList.add(scopes);
AccessReviewQueryScope scopes1 = new AccessReviewQueryScope();
scopes1.queryType = "MicrosoftGraph";
scopes1.query = "/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, '/groups')";
scopes1.queryRoot = null;
scopesList.add(scopes1);
accessReviewHistoryDefinition.scopes = scopesList;
graphClient.identityGovernance().accessReviews().historyDefinitions()
.buildRequest()
.post(accessReviewHistoryDefinition);
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation .
//THE GO SDK IS IN PREVIEW. NON-PRODUCTION USE ONLY
graphClient := msgraphsdk.NewGraphServiceClientWithCredentials(cred, scopes)
requestBody := graphmodels.NewAccessReviewHistoryDefinition()
displayName := "Last quarter's group reviews April 2021"
requestBody.SetDisplayName(&displayName)
decisions := []graphmodels.AccessReviewHistoryDecisionFilterable {
accessReviewHistoryDecisionFilter := graphmodels.APPROVE_ACCESSREVIEWHISTORYDECISIONFILTER
requestBody.SetAccessReviewHistoryDecisionFilter(&accessReviewHistoryDecisionFilter)
accessReviewHistoryDecisionFilter := graphmodels.DENY_ACCESSREVIEWHISTORYDECISIONFILTER
requestBody.SetAccessReviewHistoryDecisionFilter(&accessReviewHistoryDecisionFilter)
accessReviewHistoryDecisionFilter := graphmodels.DONTKNOW_ACCESSREVIEWHISTORYDECISIONFILTER
requestBody.SetAccessReviewHistoryDecisionFilter(&accessReviewHistoryDecisionFilter)
accessReviewHistoryDecisionFilter := graphmodels.NOTREVIEWED_ACCESSREVIEWHISTORYDECISIONFILTER
requestBody.SetAccessReviewHistoryDecisionFilter(&accessReviewHistoryDecisionFilter)
accessReviewHistoryDecisionFilter := graphmodels.NOTNOTIFIED_ACCESSREVIEWHISTORYDECISIONFILTER
requestBody.SetAccessReviewHistoryDecisionFilter(&accessReviewHistoryDecisionFilter)
}
requestBody.SetDecisions(decisions)
reviewHistoryPeriodStartDateTime , err := time.Parse(time.RFC3339, "2021-01-01T00:00:00Z")
requestBody.SetReviewHistoryPeriodStartDateTime(&reviewHistoryPeriodStartDateTime)
reviewHistoryPeriodEndDateTime , err := time.Parse(time.RFC3339, "2021-04-30T23:59:59Z")
requestBody.SetReviewHistoryPeriodEndDateTime(&reviewHistoryPeriodEndDateTime)
accessReviewScope := graphmodels.NewAccessReviewScope()
additionalData := map[string]interface{}{
"queryType" : "MicrosoftGraph",
"query" : "/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, 'accessPackageAssignments')",
queryRoot := null
accessReviewScope.SetQueryRoot(&queryRoot)
}
accessReviewScope.SetAdditionalData(additionalData)
accessReviewScope1 := graphmodels.NewAccessReviewScope()
additionalData := map[string]interface{}{
"queryType" : "MicrosoftGraph",
"query" : "/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, '/groups')",
queryRoot := null
accessReviewScope1.SetQueryRoot(&queryRoot)
}
accessReviewScope1.SetAdditionalData(additionalData)
scopes := []graphmodels.AccessReviewScopeable {
accessReviewScope,
accessReviewScope1,
}
requestBody.SetScopes(scopes)
result, err := graphClient.IdentityGovernance().AccessReviews().HistoryDefinitions().Post(context.Background(), requestBody, nil)
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation .
Import-Module Microsoft.Graph.Identity.Governance
$params = @{
DisplayName = "Last quarter's group reviews April 2021"
Decisions = @(
"approve"
"deny"
"dontKnow"
"notReviewed"
"notNotified"
)
ReviewHistoryPeriodStartDateTime = [System.DateTime]::Parse("2021-01-01T00:00:00Z")
ReviewHistoryPeriodEndDateTime = [System.DateTime]::Parse("2021-04-30T23:59:59Z")
Scopes = @(
@{
"@odata.type" = "#microsoft.graph.accessReviewQueryScope"
QueryType = "MicrosoftGraph"
Query = "/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, 'accessPackageAssignments')"
QueryRoot = $null
}
@{
"@odata.type" = "#microsoft.graph.accessReviewQueryScope"
QueryType = "MicrosoftGraph"
Query = "/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, '/groups')"
QueryRoot = $null
}
)
}
New-MgIdentityGovernanceAccessReviewHistoryDefinition -BodyParameter $params
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation .
<?php
// THIS SNIPPET IS A PREVIEW FOR THE KIOTA BASED SDK. NON-PRODUCTION USE ONLY
$graphServiceClient = new GraphServiceClient($requestAdapter);
$requestBody = new AccessReviewHistoryDefinition();
$requestBody->setDisplayName('Last quarter\'s group reviews April 2021');
$requestBody->setDecisions([$requestBody->setAccessReviewHistoryDecisionFilter(new AccessReviewHistoryDecisionFilter('approve'));
$requestBody->setAccessReviewHistoryDecisionFilter(new AccessReviewHistoryDecisionFilter('deny'));
$requestBody->setAccessReviewHistoryDecisionFilter(new AccessReviewHistoryDecisionFilter('dontknow'));
$requestBody->setAccessReviewHistoryDecisionFilter(new AccessReviewHistoryDecisionFilter('notreviewed'));
$requestBody->setAccessReviewHistoryDecisionFilter(new AccessReviewHistoryDecisionFilter('notnotified'));
]);
$requestBody->setReviewHistoryPeriodStartDateTime(new DateTime('2021-01-01T00:00:00Z'));
$requestBody->setReviewHistoryPeriodEndDateTime(new DateTime('2021-04-30T23:59:59Z'));
$scopesAccessReviewScope1 = new AccessReviewScope();
$scopesAccessReviewScope1->set@odatatype('#microsoft.graph.accessReviewQueryScope');
$additionalData = [
'queryType' => 'MicrosoftGraph',
'query' => '/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, \'accessPackageAssignments\')',
'queryRoot' => null,
];
$scopesAccessReviewScope1->setAdditionalData($additionalData);
$scopesArray []= $scopesAccessReviewScope1;
$scopesAccessReviewScope2 = new AccessReviewScope();
$scopesAccessReviewScope2->set@odatatype('#microsoft.graph.accessReviewQueryScope');
$additionalData = [
'queryType' => 'MicrosoftGraph',
'query' => '/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, \'/groups\')',
'queryRoot' => null,
];
$scopesAccessReviewScope2->setAdditionalData($additionalData);
$scopesArray []= $scopesAccessReviewScope2;
$requestBody->setScopes($scopesArray);
$requestResult = $graphServiceClient->identityGovernance()->accessReviews()->historyDefinitions()->post($requestBody);
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation .
Response
Note: The response object shown here might be shortened for readability.
HTTP/1.1 201 Created
Content-Type: application/json
{
"@odata.type": "#microsoft.graph.accessReviewHistoryDefinition",
"id": "b2cb022f-b7e1-40f3-9854-c65a40861c38",
"displayName": "Last quarter's group reviews April 2021",
"reviewHistoryPeriodStartDateTime": "2021-01-01T00:00:00Z",
"reviewHistoryPeriodEndDateTime": "2021-04-30T23:59:59Z",
"decisions": [
"approve",
"deny",
"dontKnow",
"notReviewed",
"notNotified"
],
"status": "requested",
"createdDateTime": "2021-04-14T00:22:48.9392594Z",
"createdBy": {
"id": "957f1027-c0ee-460d-9269-b8444459e0fe",
"displayName": "MOD Administrator",
"userPrincipalName": "admin@contoso.com"
},
"scopes": [
{
"@odata.type": "#microsoft.graph.accessReviewQueryScope",
"queryType": "MicrosoftGraph",
"query": "/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, 'accessPackageAssignments')",
"queryRoot": null
},
{
"@odata.type": "#microsoft.graph.accessReviewQueryScope",
"queryType": "MicrosoftGraph",
"query": "/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, '/groups')",
"queryRoot": null
}
]
}