permissionGrantPolicy resource type
Namespace: microsoft.graph
A permission grant policy is used to specify the conditions under which consent can be granted.
A permission grant policy consists of a list of includes condition sets, and a list of excludes condition sets. For an event to match a permission grant policy, it must match at least one of the includes conditions sets, and none of the excludes condition sets.
For more information, see Manage app consent policies.
Methods
| Method | Return Type | Description |
|---|---|---|
| List | permissionGrantPolicy collection | Retrieve a list of permissionGrantPolicy objects. |
| Create | permissionGrantPolicy | Creates a new permissionGrantPolicy object. |
| Get | permissionGrantPolicy | Read properties and relationships of permissionGrantPolicy object. |
| Update | permissionGrantPolicy | Update permissionGrantPolicy object. |
| Include condition sets | ||
| List includes | permissionGrantConditionSet collection | Get the condition sets that are included in this permission grant policy. |
| Create in includes | permissionGrantConditionSet | Add a condition set that is included from this permission grant policy. |
| Delete from includes | None | Remove a condition set that is excluded from this permission grant policy. |
| Exclude condition sets | ||
| List excludes | permissionGrantConditionSet collection | Get the condition sets that are excluded in this permission grant policy. |
| Create in excludes | permissionGrantConditionSet | Add a condition set that is excluded from this permission grant policy. |
| Delete from excludes | None | Remove a condition set that is excluded from this permission grant policy. |
Properties
| Property | Type | Description |
|---|---|---|
| displayName | String | The display name for the permission grant policy. |
| description | String | The description for the permission grant policy. |
| excludes | permissionGrantConditionSet collection | Condition sets that are excluded in this permission grant policy. Automatically expanded on GET. |
| id | String | The unique identifier for the permission grant policy. The id prefix microsoft- is reserved for built-in permission grant policies, and may not be used in a custom permission grant policy. Only letters, numbers, hyphens (-) and underscores (_) are allowed. Key. Not nullable. Required on create. Immutable. |
| includes | permissionGrantConditionSet collection | Condition sets that are included in this permission grant policy. Automatically expanded on GET. |
Relationships
| Relationship | Type | Description |
|---|---|---|
| excludes | permissionGrantConditionSet collection | Condition sets that are excluded in this permission grant policy. This navigation is automatically expanded on GET. |
| includes | permissionGrantConditionSet collection | Condition sets that are included in this permission grant policy. This navigation is automatically expanded on GET. |
JSON representation
The following JSON representation shows the resource type.
{
"id": "string (identifier)",
"displayName": "string",
"description": "string",
"includes": "collection(microsoft.graph.permissionGrantConditionSet)",
"excludes": "collection(microsoft.graph.permissionGrantConditionSet)"
}