Access Review Instance My Decisions - List

Service:

Authorization

API Version:

2021-12-01-preview

Get my access review instance decisions.

GET https://management.azure.com/providers/Microsoft.Authorization/accessReviewScheduleDefinitions/{scheduleDefinitionId}/instances/{id}/decisions?api-version=2021-12-01-preview

With optional parameters:

GET https://management.azure.com/providers/Microsoft.Authorization/accessReviewScheduleDefinitions/{scheduleDefinitionId}/instances/{id}/decisions?api-version=2021-12-01-preview&$filter={$filter}

URI Parameters

Name	In	Required	Type	Description
id	path	True	string	The id of the access review instance.
scheduleDefinitionId	path	True	string	The id of the access review schedule definition.
api-version	query	True	string	The API version to be used with the HTTP request.
$filter	query		string	The filter to apply on the operation. Other than standard filters, one custom filter option is supported : 'assignedToMeToReview()'. When one specified $filter=assignedToMeToReview(), only items that are assigned to the calling user to review are returned

Responses

Name	Type	Description
200 OK	AccessReviewDecisionListResult	Describe the result of a successful operation.
Other Status Codes	ErrorDefinition	Unexpected error

Security

azure_auth

Azure Active Directory OAuth2 Flow

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name	Description
user_impersonation	impersonate your user account

Examples

GetAccessReviews

Sample request

HTTP

GET https://management.azure.com/providers/Microsoft.Authorization/accessReviewScheduleDefinitions/488a6d0e-0a63-4946-86e3-1f5bbc934661/instances/4135f961-be78-4005-8101-c72a5af307a2/decisions?api-version=2021-12-01-preview

Go

package armauthorization_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v3"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/310a0100f5b020c1900c527a6aa70d21992f078a/specification/authorization/resource-manager/Microsoft.Authorization/preview/2021-12-01-preview/examples/GetAccessReviewInstanceMyDecisions.json
func ExampleAccessReviewInstanceMyDecisionsClient_NewListPager() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armauthorization.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	pager := clientFactory.NewAccessReviewInstanceMyDecisionsClient().NewListPager("488a6d0e-0a63-4946-86e3-1f5bbc934661", "4135f961-be78-4005-8101-c72a5af307a2", &armauthorization.AccessReviewInstanceMyDecisionsClientListOptions{Filter: nil})
	for pager.More() {
		page, err := pager.NextPage(ctx)
		if err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		for _, v := range page.Value {
			// You could use page here. We use blank identifier for just demo purposes.
			_ = v
		}
		// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
		// page.AccessReviewDecisionListResult = armauthorization.AccessReviewDecisionListResult{
		// 	Value: []*armauthorization.AccessReviewDecision{
		// 		{
		// 			Name: to.Ptr("fa73e90b-5bf1-45fd-a182-35ce5fc0674d"),
		// 			Type: to.Ptr("Microsoft.Authorization/accessReviewScheduleDefinitions/instances/decisions"),
		// 			ID: to.Ptr("/providers/Microsoft.Authorization/accessReviewScheduleDefinitions/488a6d0e-0a63-4946-86e3-1f5bbc934661/instances/4135f961-be78-4005-8101-c72a5af307a2/decisions/fa73e90b-5bf1-45fd-a182-35ce5fc0674d"),
		// 			Properties: &armauthorization.AccessReviewDecisionProperties{
		// 				AppliedBy: &armauthorization.AccessReviewActorIdentity{
		// 					PrincipalID: to.Ptr("36777fc8-4ec2-49ea-a56c-cec0bd47d83a"),
		// 					PrincipalName: to.Ptr("Amit Ghosh"),
		// 					PrincipalType: to.Ptr(armauthorization.AccessReviewActorIdentityTypeUser),
		// 					UserPrincipalName: to.Ptr("amitgho@microsoft.com"),
		// 				},
		// 				AppliedDateTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2018-10-03T21:02:30.667Z"); return t}()),
		// 				ApplyResult: to.Ptr(armauthorization.AccessReviewApplyResult("Success")),
		// 				Decision: to.Ptr(armauthorization.AccessReviewResultDeny),
		// 				Justification: to.Ptr("This person has left this team"),
		// 				Principal: &armauthorization.AccessReviewDecisionUserIdentity{
		// 					Type: to.Ptr(armauthorization.DecisionTargetTypeUser),
		// 					DisplayName: to.Ptr("Shubham Gupta"),
		// 					ID: to.Ptr("a6c7aecb-cbfd-4763-87ef-e91b4bd509d9"),
		// 					UserPrincipalName: to.Ptr("shugup@microsoft.com"),
		// 				},
		// 				PrincipalResourceMembership: &armauthorization.AccessReviewDecisionPrincipalResourceMembership{
		// 					MembershipTypes: []*armauthorization.AccessReviewDecisionPrincipalResourceMembershipType{
		// 						to.Ptr(armauthorization.AccessReviewDecisionPrincipalResourceMembershipTypeDirect),
		// 						to.Ptr(armauthorization.AccessReviewDecisionPrincipalResourceMembershipTypeIndirect)},
		// 					},
		// 					Recommendation: to.Ptr(armauthorization.AccessRecommendationTypeDeny),
		// 					Resource: &armauthorization.AccessReviewDecisionResource{
		// 						Type: to.Ptr(armauthorization.DecisionResourceTypeAzureRole),
		// 						DisplayName: to.Ptr("Owner"),
		// 						ID: to.Ptr("a6c7aecb-cbfd-4763-87ef-e91b4bd509d9"),
		// 					},
		// 					ReviewedBy: &armauthorization.AccessReviewActorIdentity{
		// 						PrincipalID: to.Ptr("a6c7aecb-cbfd-4763-87ef-e91b4bd509d9"),
		// 						PrincipalName: to.Ptr("Shubham Gupta"),
		// 						PrincipalType: to.Ptr(armauthorization.AccessReviewActorIdentityTypeUser),
		// 						UserPrincipalName: to.Ptr("shugup@microsoft.com"),
		// 					},
		// 					ReviewedDateTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2018-08-03T21:02:30.667Z"); return t}()),
		// 				},
		// 		}},
		// 	}
	}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { AuthorizationManagementClient } = require("@azure/arm-authorization");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Get my access review instance decisions.
 *
 * @summary Get my access review instance decisions.
 * x-ms-original-file: specification/authorization/resource-manager/Microsoft.Authorization/preview/2021-12-01-preview/examples/GetAccessReviewInstanceMyDecisions.json
 */
async function getAccessReviews() {
  const scheduleDefinitionId = "488a6d0e-0a63-4946-86e3-1f5bbc934661";
  const id = "4135f961-be78-4005-8101-c72a5af307a2";
  const credential = new DefaultAzureCredential();
  const client = new AuthorizationManagementClient(credential);
  const resArray = new Array();
  for await (let item of client.accessReviewInstanceMyDecisions.list(scheduleDefinitionId, id)) {
    resArray.push(item);
  }
  console.log(resArray);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample response

Status code:

200

{
  "value": [
    {
      "id": "/providers/Microsoft.Authorization/accessReviewScheduleDefinitions/488a6d0e-0a63-4946-86e3-1f5bbc934661/instances/4135f961-be78-4005-8101-c72a5af307a2/decisions/fa73e90b-5bf1-45fd-a182-35ce5fc0674d",
      "type": "Microsoft.Authorization/accessReviewScheduleDefinitions/instances/decisions",
      "name": "fa73e90b-5bf1-45fd-a182-35ce5fc0674d",
      "properties": {
        "reviewedBy": {
          "principalType": "user",
          "principalId": "a6c7aecb-cbfd-4763-87ef-e91b4bd509d9",
          "principalName": "Shubham Gupta",
          "userPrincipalName": "shugup@microsoft.com"
        },
        "reviewedDateTime": "2018-08-03T21:02:30.667Z",
        "decision": "Deny",
        "justification": "This person has left this team",
        "appliedBy": {
          "principalType": "user",
          "principalId": "36777fc8-4ec2-49ea-a56c-cec0bd47d83a",
          "principalName": "Amit Ghosh",
          "userPrincipalName": "amitgho@microsoft.com"
        },
        "appliedDateTime": "2018-10-03T21:02:30.667Z",
        "applyResult": "Success",
        "recommendation": "Deny",
        "principal": {
          "type": "user",
          "id": "a6c7aecb-cbfd-4763-87ef-e91b4bd509d9",
          "displayName": "Shubham Gupta",
          "userPrincipalName": "shugup@microsoft.com"
        },
        "resource": {
          "type": "azureRole",
          "id": "a6c7aecb-cbfd-4763-87ef-e91b4bd509d9",
          "displayName": "Owner"
        },
        "principalResourceMembership": {
          "membershipTypes": [
            "direct",
            "indirect"
          ]
        }
      }
    }
  ]
}

Definitions

Name	Description
AccessRecommendationType	The feature- generated recommendation shown to the reviewer.
AccessReviewActorIdentityType	The identity type : user/servicePrincipal
AccessReviewApplyResult	The outcome of applying the decision.
AccessReviewDecision	Access Review.
AccessReviewDecisionInsight	Access Review Decision Insight.
AccessReviewDecisionListResult	List of access review decisions.
AccessReviewDecisionPrincipalResourceMembershipType	Every decision item in an access review represents a principal's membership to a resource. This property represents details of the membership. Examples of this detail might be whether the principal has direct access or indirect access
AccessReviewResult	Collection of review decisions which the history data should be filtered on. For example if Approve and Deny are supplied the data will only contain review results in which the decision maker approved or denied a review request.
DecisionResourceType	The type of resource
ErrorDefinition	Error
ErrorDefinitionProperties	Error

AccessRecommendationType

Enumeration

The feature- generated recommendation shown to the reviewer.

Value	Description
Approve
Deny
NoInfoAvailable

AccessReviewActorIdentityType

Enumeration

The identity type : user/servicePrincipal

Value	Description
user
servicePrincipal

AccessReviewApplyResult

Enumeration

The outcome of applying the decision.

Value	Description
New
Applying
AppliedSuccessfully
AppliedWithUnknownFailure
AppliedSuccessfullyButObjectNotFound
ApplyNotSupported

AccessReviewDecision

Object

Access Review.

Name	Type	Description
id	string	The access review decision id.
name	string	The access review decision name.
properties.appliedBy.principalId	string	The identity id
properties.appliedBy.principalName	string	The identity display name
properties.appliedBy.principalType	AccessReviewActorIdentityType	The identity type : user/servicePrincipal
properties.appliedBy.userPrincipalName	string	The user principal name(if valid)
properties.appliedDateTime	string (date-time)	The date and time when the review decision was applied.
properties.applyResult	AccessReviewApplyResult	The outcome of applying the decision.
properties.decision	AccessReviewResult	The decision on the approval step. This value is initially set to NotReviewed. Approvers can take action of Approve/Deny
properties.insights	AccessReviewDecisionInsight[]	This is the collection of insights for this decision item.
properties.justification	string	Justification provided by approvers for their action
properties.principal.displayName	string	The display name of the user whose access was reviewed.
properties.principal.id	string	The id of principal whose access was reviewed.
properties.principal.type	DecisionTargetType	The type of decision target : User/ServicePrincipal
properties.principalResourceMembership.membershipTypes	AccessReviewDecisionPrincipalResourceMembershipType[]	Every decision item in an access review represents a principal's membership to a resource. This property represents details of the membership. Examples of this detail might be whether the principal has direct access or indirect access
properties.recommendation	AccessRecommendationType	The feature- generated recommendation shown to the reviewer.
properties.resource.displayName	string	The display name of resource associated with a decision record.
properties.resource.id	string	The id of resource associated with a decision record.
properties.resource.type	DecisionResourceType	The type of resource
properties.reviewedBy.principalId	string	The identity id
properties.reviewedBy.principalName	string	The identity display name
properties.reviewedBy.principalType	AccessReviewActorIdentityType	The identity type : user/servicePrincipal
properties.reviewedBy.userPrincipalName	string	The user principal name(if valid)
properties.reviewedDateTime	string (date-time)	Date Time when a decision was taken.
type	string	The resource type.

AccessReviewDecisionInsight

Object

Access Review Decision Insight.

Name	Type	Description
id	string	The access review insight id.
name	string	The access review insight name.
properties.insightCreatedDateTime	(date-time)	Date Time when the insight was created.
properties.type	AccessReviewDecisionInsightType	The type of insight
type	string	The resource type.

AccessReviewDecisionListResult

Object

List of access review decisions.

Name	Type	Description
nextLink	string	The URL to use for getting the next set of results.
value	AccessReviewDecision[]	Access Review Decision list.

AccessReviewDecisionPrincipalResourceMembershipType

Enumeration

Every decision item in an access review represents a principal's membership to a resource. This property represents details of the membership. Examples of this detail might be whether the principal has direct access or indirect access

Value	Description
direct
indirect

AccessReviewResult

Enumeration

Collection of review decisions which the history data should be filtered on. For example if Approve and Deny are supplied the data will only contain review results in which the decision maker approved or denied a review request.

Value	Description
Approve
Deny
NotReviewed
DontKnow
NotNotified

DecisionResourceType

Enumeration

The type of resource

Value	Description
azureRole

ErrorDefinition

Object

Error

Name	Type	Description
error	ErrorDefinitionProperties	Error Error of the list gateway status.

ErrorDefinitionProperties

Object

Error

Name	Type	Description
code	string	Error code of list gateway.
message	string	Description of the error.