accessReviewInstanceDecisionItem resource type
Namespace: microsoft.graph
Represents a Microsoft Entra access review decision on an instance of a review. This decision is the determination of an identity's access to a resource for a given accessReviewInstance. accessReviewInstanceDecisionItem is an open type and allows other properties to be passed in.
Each decision item is system-generated based off of the parent accessReviewInstance.
Inherits from entity.
Methods
| Method | Return type | Description |
|---|---|---|
| List decisions (from an access review instance) | accessReviewInstanceDecisionItem collection | Get a list of the accessReviewInstanceDecisionItem objects and their properties. |
| List decisions (from a stage of an access review instance) | accessReviewInstanceDecisionItem collection | Get a list of the accessReviewInstanceDecisionItem objects for a stage of an acecss review instance. |
| Get accessReviewInstanceDecisionItem | accessReviewInstanceDecisionItem | Read the properties and relationships of an accessReviewInstanceDecisionItem object. |
| Update accessReviewInstanceDecisionItem | accessReviewInstanceDecisionItem | Update the properties of an accessReviewInstanceDecisionItem object. |
| filterByCurrentUser | accessReviewInstanceDecisionItem collection | Returns the decision items for which the calling user is the reviewer. |
Properties
| Property | Type | Description |
|---|---|---|
| accessReviewId | String | The identifier of the accessReviewInstance parent. Supports $select. Read-only. |
| appliedBy | userIdentity | The identifier of the user who applied the decision. Read-only. |
| appliedDateTime | DateTimeOffset | The timestamp when the approval decision was applied.00000000-0000-0000-0000-000000000000 if the assigned reviewer hasn't applied the decision or it was automatically applied. The DatetimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Supports $select. Read-only. |
| applyResult | String | The result of applying the decision. Possible values: New, AppliedSuccessfully, AppliedWithUnknownFailure, AppliedSuccessfullyButObjectNotFound and ApplyNotSupported. Supports $select, $orderby, and $filter (eq only). Read-only. |
| decision | String | Result of the review. Possible values: Approve, Deny, NotReviewed, or DontKnow. Supports $select, $orderby, and $filter (eq only). |
| id | String | The identifier of the decision. Inherited from entity. Supports $select. Read-only. |
| justification | String | Justification left by the reviewer when they made the decision. |
| principal | identity | Every decision item in an access review represents a principal's access to a resource. This property represents details of the principal. For example, if a decision item represents access of User "Bob" to Group "Sales" - The principal is "Bob" and the resource is "Sales". Principals can be of two types - userIdentity and servicePrincipalIdentity. Supports $select. Read-only. |
| principalLink | String | A link to the principal object. For example, https://graph.microsoft.com/v1.0/users/a6c7aecb-cbfd-4763-87ef-e91b4bd509d9. Read-only. |
| recommendation | String | A system-generated recommendation for the approval decision based off last interactive sign-in to tenant. Recommend approve if sign-in is within thirty days of start of review. Recommend deny if sign-in is greater than thirty days of start of review. Recommendation not available otherwise. Possible values: Approve, Deny, or NoInfoAvailable. Supports $select, $orderby, and $filter (eq only). Read-only. |
| resource | accessReviewInstanceDecisionItemResource | Every decision item in an access review represents a principal's access to a resource. This property represents details of the resource. For example, if a decision item represents access of User "Bob" to Group "Sales" - The principal is Bob and the resource is "Sales". Resources can be of multiple types. See accessReviewInstanceDecisionItemResource. Read-only. |
| resourceLink | String | A link to the resource. For example, https://graph.microsoft.com/v1.0/servicePrincipals/c86300f3-8695-4320-9f6e-32a2555f5ff8. Supports $select. Read-only. |
| reviewedBy | userIdentity | The identifier of the reviewer.00000000-0000-0000-0000-000000000000 if the assigned reviewer hasn't reviewed. Supports $select. Read-only. |
| reviewedDateTime | DateTimeOffset | The timestamp when the review decision occurred. Supports $select. Read-only. |
Relationships
| Relationship | Type | Description |
|---|---|---|
| insights | governanceInsight collection | Insights are recommendations to reviewers on whether to approve or deny a decision. There can be multiple insights associated with an accessReviewInstanceDecisionItem. |
JSON representation
The following is a JSON representation of the resource.
{
"@odata.type": "#microsoft.graph.accessReviewInstanceDecisionItem",
"accessReviewId": "String",
"appliedBy": {
"@odata.type": "microsoft.graph.userIdentity"
},
"appliedDateTime": "String (timestamp)",
"applyResult": "String",
"decision": "String",
"id": "String (identifier)",
"justification": "String",
"principal": {
"@odata.type": "microsoft.graph.identity"
},
"principalLink": "String",
"reviewedBy": {
"@odata.type": "microsoft.graph.userIdentity"
},
"reviewedDateTime": "String (timestamp)",
"recommendation": "String",
"resource": {
"@odata.type": "microsoft.graph.accessReviewInstanceDecisionItemResource"
},
"resourceLink": "String"
}
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for