Create historyDefinitions
Article
11/01/2022
5 minutes to read
4 contributors
Feedback
In this article
Namespace: microsoft.graph
Create a new accessReviewHistoryDefinition object.
Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions .
Permission type
Permissions (from least to most privileged)
Delegated (work or school account)
AccessReview.ReadWrite.All
Delegated (personal Microsoft account)
Not supported.
Application
AccessReview.ReadWrite.All
The signed-in user must also be in a directory role that permits them to read an access review to retrieve any data. For more details, see the role and permission requirements for access reviews .
HTTP request
POST /identityGovernance/accessReviews/historyDefinitions
Name
Description
Authorization
Bearer {token}. Required.
Content-Type
application/json. Required.
Request body
In the request body, supply a JSON representation of the accessReviewHistoryDefinition object.
The following table shows the required properties used to create an accessReviewHistoryDefinition .
Property
Type
Description
displayName
String
Name for the access review history data collection. Required.
reviewHistoryPeriodStartDateTime
DateTimeOffset
A timestamp. Reviews starting on or after this date will be included in the fetched history data. Only required if scheduleSettings is not defined.
reviewHistoryPeriodEndDateTime
DateTimeOffset
A timestamp. Reviews starting on or before this date will be included in the fetched history data. Only required if scheduleSettings is not defined.
scopes
accessReviewQueryScope collection
Used to filter which reviews are included in the fetched history data. Fetches reviews whose scope matches with this provided scope. Required. For more, see Supported scope queries for accessReviewHistoryDefinition .
scheduleSettings
accessReviewHistoryScheduleSettings
Not supported yet. The settings for a recurring access review history definition series. Only required if reviewHistoryPeriodStartDateTime or reviewHistoryPeriodEndDateTime are not defined.
Supported scope queries for accessReviewHistoryDefinition
The scopes property of accessReviewHistoryDefinition is based on accessReviewQueryScope , a resource that allows you to configure different resources in it's query property. These resources then represent the scope of the history definition and dictate the type of review history data that is included in the downloadable CSV file which is generated when the history definition's accessReviewHistoryInstances are created.
Use the following format for the query property:
/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, '{object}')
The value of {object}
is one of the resources that can be configured in an accessReviewScheduleDefinition . For example, the following includes every accessReviewScheduleDefinition review result on individual groups (and excludes definitions scoped to all Microsoft 365 groups with guest users).
/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, '/groups')
For more supported values, see Use the $filter query parameter on accessReviewScheduleDefinition .
Response
If successful, this method returns a 201 Created
response code and an accessReviewHistoryDefinition object in the response body.
Examples
The following example shows how to create an access review history definition scoped to access reviews on access packages and groups, running between the start date of 01/01/2021 and end date of 04/05/2021.
Request
POST https://graph.microsoft.com/v1.0/identityGovernance/accessReviews/historyDefinitions
Content-Type: application/json
{
"displayName": "Last quarter's group reviews April 2021",
"decisions": [
"approve",
"deny",
"dontKnow",
"notReviewed",
"notNotified"
],
"reviewHistoryPeriodStartDateTime": "2021-01-01T00:00:00Z",
"reviewHistoryPeriodEndDateTime": "2021-04-30T23:59:59Z",
"scopes": [
{
"@odata.type": "#microsoft.graph.accessReviewQueryScope",
"queryType": "MicrosoftGraph",
"query": "/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, 'accessPackageAssignments')",
"queryRoot": null
},
{
"@odata.type": "#microsoft.graph.accessReviewQueryScope",
"queryType": "MicrosoftGraph",
"query": "/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, '/groups')",
"queryRoot": null
}
]
}
GraphServiceClient graphClient = new GraphServiceClient( authProvider );
var accessReviewHistoryDefinition = new AccessReviewHistoryDefinition
{
DisplayName = "Last quarter's group reviews April 2021",
Decisions = new List<AccessReviewHistoryDecisionFilter>()
{
AccessReviewHistoryDecisionFilter.Approve,
AccessReviewHistoryDecisionFilter.Deny,
AccessReviewHistoryDecisionFilter.DontKnow,
AccessReviewHistoryDecisionFilter.NotReviewed,
AccessReviewHistoryDecisionFilter.NotNotified
},
ReviewHistoryPeriodStartDateTime = DateTimeOffset.Parse("2021-01-01T00:00:00Z"),
ReviewHistoryPeriodEndDateTime = DateTimeOffset.Parse("2021-04-30T23:59:59Z"),
Scopes = new List<AccessReviewScope>()
{
new AccessReviewQueryScope
{
QueryType = "MicrosoftGraph",
Query = "/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, 'accessPackageAssignments')",
QueryRoot = null
},
new AccessReviewQueryScope
{
QueryType = "MicrosoftGraph",
Query = "/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, '/groups')",
QueryRoot = null
}
}
};
await graphClient.IdentityGovernance.AccessReviews.HistoryDefinitions
.Request()
.AddAsync(accessReviewHistoryDefinition);
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation .
const options = {
authProvider,
};
const client = Client.init(options);
const accessReviewHistoryDefinition = {
displayName: 'Last quarter\'s group reviews April 2021',
decisions: [
'approve',
'deny',
'dontKnow',
'notReviewed',
'notNotified'
],
reviewHistoryPeriodStartDateTime: '2021-01-01T00:00:00Z',
reviewHistoryPeriodEndDateTime: '2021-04-30T23:59:59Z',
scopes: [
{
'@odata.type': '#microsoft.graph.accessReviewQueryScope',
queryType: 'MicrosoftGraph',
query: '/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, \'accessPackageAssignments\')',
queryRoot: null
},
{
'@odata.type': '#microsoft.graph.accessReviewQueryScope',
queryType: 'MicrosoftGraph',
query: '/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, \'/groups\')',
queryRoot: null
}
]
};
await client.api('/identityGovernance/accessReviews/historyDefinitions')
.post(accessReviewHistoryDefinition);
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation .
GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();
AccessReviewHistoryDefinition accessReviewHistoryDefinition = new AccessReviewHistoryDefinition();
accessReviewHistoryDefinition.displayName = "Last quarter's group reviews April 2021";
LinkedList<AccessReviewHistoryDecisionFilter> decisionsList = new LinkedList<AccessReviewHistoryDecisionFilter>();
decisionsList.add(AccessReviewHistoryDecisionFilter.APPROVE);
decisionsList.add(AccessReviewHistoryDecisionFilter.DENY);
decisionsList.add(AccessReviewHistoryDecisionFilter.DONT_KNOW);
decisionsList.add(AccessReviewHistoryDecisionFilter.NOT_REVIEWED);
decisionsList.add(AccessReviewHistoryDecisionFilter.NOT_NOTIFIED);
accessReviewHistoryDefinition.decisions = decisionsList;
accessReviewHistoryDefinition.reviewHistoryPeriodStartDateTime = OffsetDateTimeSerializer.deserialize("2021-01-01T00:00:00Z");
accessReviewHistoryDefinition.reviewHistoryPeriodEndDateTime = OffsetDateTimeSerializer.deserialize("2021-04-30T23:59:59Z");
LinkedList<AccessReviewScope> scopesList = new LinkedList<AccessReviewScope>();
AccessReviewQueryScope scopes = new AccessReviewQueryScope();
scopes.queryType = "MicrosoftGraph";
scopes.query = "/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, 'accessPackageAssignments')";
scopes.queryRoot = null;
scopesList.add(scopes);
AccessReviewQueryScope scopes1 = new AccessReviewQueryScope();
scopes1.queryType = "MicrosoftGraph";
scopes1.query = "/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, '/groups')";
scopes1.queryRoot = null;
scopesList.add(scopes1);
accessReviewHistoryDefinition.scopes = scopesList;
graphClient.identityGovernance().accessReviews().historyDefinitions()
.buildRequest()
.post(accessReviewHistoryDefinition);
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation .
//THE GO SDK IS IN PREVIEW. NON-PRODUCTION USE ONLY
graphClient := msgraphsdk.NewGraphServiceClient(requestAdapter)
requestBody := graphmodels.NewAccessReviewHistoryDefinition()
displayName := "Last quarter's group reviews April 2021"
requestBody.SetDisplayName(&displayName)
decisions := []graphmodels.AccessReviewHistoryDecisionFilterable {
accessReviewHistoryDecisionFilter := graphmodels.APPROVE_ACCESSREVIEWHISTORYDECISIONFILTER
requestBody.SetAccessReviewHistoryDecisionFilter(&accessReviewHistoryDecisionFilter)
accessReviewHistoryDecisionFilter := graphmodels.DENY_ACCESSREVIEWHISTORYDECISIONFILTER
requestBody.SetAccessReviewHistoryDecisionFilter(&accessReviewHistoryDecisionFilter)
accessReviewHistoryDecisionFilter := graphmodels.DONTKNOW_ACCESSREVIEWHISTORYDECISIONFILTER
requestBody.SetAccessReviewHistoryDecisionFilter(&accessReviewHistoryDecisionFilter)
accessReviewHistoryDecisionFilter := graphmodels.NOTREVIEWED_ACCESSREVIEWHISTORYDECISIONFILTER
requestBody.SetAccessReviewHistoryDecisionFilter(&accessReviewHistoryDecisionFilter)
accessReviewHistoryDecisionFilter := graphmodels.NOTNOTIFIED_ACCESSREVIEWHISTORYDECISIONFILTER
requestBody.SetAccessReviewHistoryDecisionFilter(&accessReviewHistoryDecisionFilter)
}
requestBody.SetDecisions(decisions)
reviewHistoryPeriodStartDateTime , err := time.Parse(time.RFC3339, "2021-01-01T00:00:00Z")
requestBody.SetReviewHistoryPeriodStartDateTime(&reviewHistoryPeriodStartDateTime)
reviewHistoryPeriodEndDateTime , err := time.Parse(time.RFC3339, "2021-04-30T23:59:59Z")
requestBody.SetReviewHistoryPeriodEndDateTime(&reviewHistoryPeriodEndDateTime)
accessReviewScope := graphmodels.NewAccessReviewScope()
additionalData := map[string]interface{}{
"queryType" : "MicrosoftGraph",
"query" : "/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, 'accessPackageAssignments')",
queryRoot := null
accessReviewScope.SetQueryRoot(&queryRoot)
}
accessReviewScope.SetAdditionalData(additionalData)
accessReviewScope1 := graphmodels.NewAccessReviewScope()
additionalData := map[string]interface{}{
"queryType" : "MicrosoftGraph",
"query" : "/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, '/groups')",
queryRoot := null
accessReviewScope1.SetQueryRoot(&queryRoot)
}
accessReviewScope1.SetAdditionalData(additionalData)
scopes := []graphmodels.AccessReviewScopeable {
accessReviewScope,
accessReviewScope1,
}
requestBody.SetScopes(scopes)
result, err := graphClient.IdentityGovernance().AccessReviews().HistoryDefinitions().Post(context.Background(), requestBody, nil)
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation .
Import-Module Microsoft.Graph.Identity.Governance
$params = @{
DisplayName = "Last quarter's group reviews April 2021"
Decisions = @(
"approve"
"deny"
"dontKnow"
"notReviewed"
"notNotified"
)
ReviewHistoryPeriodStartDateTime = [System.DateTime]::Parse("2021-01-01T00:00:00Z")
ReviewHistoryPeriodEndDateTime = [System.DateTime]::Parse("2021-04-30T23:59:59Z")
Scopes = @(
@{
"@odata.type" = "#microsoft.graph.accessReviewQueryScope"
QueryType = "MicrosoftGraph"
Query = "/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, 'accessPackageAssignments')"
QueryRoot = $null
}
@{
"@odata.type" = "#microsoft.graph.accessReviewQueryScope"
QueryType = "MicrosoftGraph"
Query = "/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, '/groups')"
QueryRoot = $null
}
)
}
New-MgIdentityGovernanceAccessReviewHistoryDefinition -BodyParameter $params
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation .
<?php
// THIS SNIPPET IS A PREVIEW FOR THE KIOTA BASED SDK. NON-PRODUCTION USE ONLY
$graphServiceClient = new GraphServiceClient($requestAdapter);
$requestBody = new AccessReviewHistoryDefinition();
$requestBody->setDisplayName('Last quarter\'s group reviews April 2021');
$requestBody->setDecisions([$requestBody->setAccessReviewHistoryDecisionFilter(new AccessReviewHistoryDecisionFilter('approve'));
$requestBody->setAccessReviewHistoryDecisionFilter(new AccessReviewHistoryDecisionFilter('deny'));
$requestBody->setAccessReviewHistoryDecisionFilter(new AccessReviewHistoryDecisionFilter('dontknow'));
$requestBody->setAccessReviewHistoryDecisionFilter(new AccessReviewHistoryDecisionFilter('notreviewed'));
$requestBody->setAccessReviewHistoryDecisionFilter(new AccessReviewHistoryDecisionFilter('notnotified'));
]);
$requestBody->setReviewHistoryPeriodStartDateTime(new DateTime('2021-01-01T00:00:00Z'));
$requestBody->setReviewHistoryPeriodEndDateTime(new DateTime('2021-04-30T23:59:59Z'));
$scopesAccessReviewScope1 = new AccessReviewScope();
$scopesAccessReviewScope1->set@odatatype('#microsoft.graph.accessReviewQueryScope');
$additionalData = [
'queryType' => 'MicrosoftGraph',
'query' => '/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, \'accessPackageAssignments\')',
'queryRoot' => null,
];
$scopesAccessReviewScope1->setAdditionalData($additionalData);
$scopesArray []= $scopesAccessReviewScope1;
$scopesAccessReviewScope2 = new AccessReviewScope();
$scopesAccessReviewScope2->set@odatatype('#microsoft.graph.accessReviewQueryScope');
$additionalData = [
'queryType' => 'MicrosoftGraph',
'query' => '/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, \'/groups\')',
'queryRoot' => null,
];
$scopesAccessReviewScope2->setAdditionalData($additionalData);
$scopesArray []= $scopesAccessReviewScope2;
$requestBody->setScopes($scopesArray);
$requestResult = $graphServiceClient->identityGovernance()->accessReviews()->historyDefinitions()->post($requestBody);
For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation .
Response
Note: The response object shown here might be shortened for readability.
HTTP/1.1 201 Created
Content-Type: application/json
{
"@odata.type": "#microsoft.graph.accessReviewHistoryDefinition",
"id": "b2cb022f-b7e1-40f3-9854-c65a40861c38",
"displayName": "Last quarter's group reviews April 2021",
"reviewHistoryPeriodStartDateTime": "2021-01-01T00:00:00Z",
"reviewHistoryPeriodEndDateTime": "2021-04-30T23:59:59Z",
"decisions": [
"approve",
"deny",
"dontKnow",
"notReviewed",
"notNotified"
],
"status": "requested",
"createdDateTime": "2021-04-14T00:22:48.9392594Z",
"createdBy": {
"id": "957f1027-c0ee-460d-9269-b8444459e0fe",
"displayName": "MOD Administrator",
"userPrincipalName": "admin@contoso.com"
},
"scopes": [
{
"@odata.type": "#microsoft.graph.accessReviewQueryScope",
"queryType": "MicrosoftGraph",
"query": "/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, 'accessPackageAssignments')",
"queryRoot": null
},
{
"@odata.type": "#microsoft.graph.accessReviewQueryScope",
"queryType": "MicrosoftGraph",
"query": "/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, '/groups')",
"queryRoot": null
}
]
}