privilegedOperationEvent resource type (deprecated)

Namespace: microsoft.graph


APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.


This version of the Privileged Identity Management (PIM) API for Azure Active Directory (Azure AD) roles is deprecated and stopped returning data on May 31, 2021. Use the new PIM v3 API for managing Azure AD roles or learn how to migrate.

Represents an audit event that is generated by Privileged Identity Management for the role operations, such as an administrator manages privileged roles, a user activates his role, and a user deactivates his role.


Method Return Type Description
List privilegedOperationEvent privilegedOperationEvent collection. Get collection of privilegedOperationEvent objects.


Property Type Description
additionalInformation string Detailed human readable information for the event.
creationDateTime DateTimeOffset Indicates the time when the event is created.
expirationDateTime DateTimeOffset This is only used when the requestType is Activate, and it indicates the expiration time for the role activation.
id string The unique identifier for privilegedOperationEvent. Read-only.
referenceKey string Incident/Request ticket number during role activation. The value is presented only if the ticket number is provided during role activation.
referenceSystem string Incident/Request ticketing system provided during tole activation. The value is presented only if the ticket system is provided during role activation.
requestType String The request operation type. The requestType value can be: Assign (role assignment), Activate (role activation), Unassign (remove role assignment), Deactivate (role deactivation), ScanAlertsNow (scan security alerts), DismissAlert (dismiss security alert), FixAlertItem (fix a security alert issue), AccessReview_Review (review an Access Review), AccessReview_Create (create an Access Review) , AccessReview_Update (update an Access Review), AccessReview_Delete (delete an Access Review).
requestorId string The user id of the requestor who initiates the operation.
requestorName string The user name of the requestor who initiates the operation.
roleId string The id of the role that is associated with the operation.
roleName string The name of the role.
tenantId string The tenant (organization) id.
userId string The id of the user that is associated with the operation.
userMail string The user's email.
userName string The user's display name.



JSON representation

Here is a JSON representation of the resource.

  "additionalInformation": "string",
  "creationDateTime": "String (timestamp)",
  "expirationDateTime": "String (timestamp)",
  "id": "string (identifier)",
  "requestType": "string",
  "requestorId": "string",
  "requestorName": "string",
  "roleId": "string",
  "roleName": "string",
  "tenantId": "string",
  "userId": "string",
  "userMail": "string",
  "userName": "string",
  "referenceKey": "string",
  "referenceSystem": "string"