Access Review Instance My Decisions - Patch

Service:

Authorization

API Version:

2021-12-01-preview

Record a decision.

PATCH https://management.azure.com/providers/Microsoft.Authorization/accessReviewScheduleDefinitions/{scheduleDefinitionId}/instances/{id}/decisions/{decisionId}?api-version=2021-12-01-preview

URI Parameters

Name	In	Required	Type	Description
decisionId	path	True	string	The id of the decision record.
id	path	True	string	The id of the access review instance.
scheduleDefinitionId	path	True	string	The id of the access review schedule definition.
api-version	query	True	string	The API version to be used with the HTTP request.

Request Body

Name	Required	Type	Description
principal.type	True	DecisionTargetType	The type of decision target : User/ServicePrincipal
resource.type	True	DecisionResourceType	The type of resource
decision		AccessReviewResult	The decision on the approval step. This value is initially set to NotReviewed. Approvers can take action of Approve/Deny
insights		AccessReviewDecisionInsight[]	This is the collection of insights for this decision item.
justification		string	Justification provided by approvers for their action
principalResourceMembership.membershipTypes		AccessReviewDecisionPrincipalResourceMembershipType[]	Every decision item in an access review represents a principal's membership to a resource. This property represents details of the membership. Examples of this detail might be whether the principal has direct access or indirect access

Responses

Name	Type	Description
200 OK	AccessReviewDecision	Describe the result of a successful operation.
Other Status Codes	ErrorDefinition	Unexpected error

Security

azure_auth

Azure Active Directory OAuth2 Flow

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name	Description
user_impersonation	impersonate your user account

Examples

GetAccessReviews

Sample request

HTTP

PATCH https://management.azure.com/providers/Microsoft.Authorization/accessReviewScheduleDefinitions/488a6d0e-0a63-4946-86e3-1f5bbc934661/instances/4135f961-be78-4005-8101-c72a5af307a2/decisions/fa73e90b-5bf1-45fd-a182-35ce5fc0674d?api-version=2021-12-01-preview

{}

Go

package armauthorization_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v3"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/310a0100f5b020c1900c527a6aa70d21992f078a/specification/authorization/resource-manager/Microsoft.Authorization/preview/2021-12-01-preview/examples/PatchAccessReviewInstanceMyDecisionById.json
func ExampleAccessReviewInstanceMyDecisionsClient_Patch() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armauthorization.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewAccessReviewInstanceMyDecisionsClient().Patch(ctx, "488a6d0e-0a63-4946-86e3-1f5bbc934661", "4135f961-be78-4005-8101-c72a5af307a2", "fa73e90b-5bf1-45fd-a182-35ce5fc0674d", armauthorization.AccessReviewDecisionProperties{}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.AccessReviewDecision = armauthorization.AccessReviewDecision{
	// 	Name: to.Ptr("fa73e90b-5bf1-45fd-a182-35ce5fc0674d"),
	// 	Type: to.Ptr("Microsoft.Authorization/accessReviewScheduleDefinitions/instances/decisions"),
	// 	ID: to.Ptr("/providers/Microsoft.Authorization/accessReviewScheduleDefinitions/488a6d0e-0a63-4946-86e3-1f5bbc934661/instances/4135f961-be78-4005-8101-c72a5af307a2/decisions/fa73e90b-5bf1-45fd-a182-35ce5fc0674d"),
	// 	Properties: &armauthorization.AccessReviewDecisionProperties{
	// 		AppliedBy: &armauthorization.AccessReviewActorIdentity{
	// 			PrincipalID: to.Ptr("36777fc8-4ec2-49ea-a56c-cec0bd47d83a"),
	// 			PrincipalName: to.Ptr("Amit Ghosh"),
	// 			PrincipalType: to.Ptr(armauthorization.AccessReviewActorIdentityTypeUser),
	// 			UserPrincipalName: to.Ptr("amitgho@microsoft.com"),
	// 		},
	// 		AppliedDateTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2018-10-03T21:02:30.667Z"); return t}()),
	// 		ApplyResult: to.Ptr(armauthorization.AccessReviewApplyResult("Success")),
	// 		Decision: to.Ptr(armauthorization.AccessReviewResultDeny),
	// 		Justification: to.Ptr("This person has left this team"),
	// 		Principal: &armauthorization.AccessReviewDecisionUserIdentity{
	// 			Type: to.Ptr(armauthorization.DecisionTargetTypeUser),
	// 			DisplayName: to.Ptr("Shubham Gupta"),
	// 			ID: to.Ptr("a6c7aecb-cbfd-4763-87ef-e91b4bd509d9"),
	// 			UserPrincipalName: to.Ptr("shugup@microsoft.com"),
	// 		},
	// 		Recommendation: to.Ptr(armauthorization.AccessRecommendationTypeDeny),
	// 		Resource: &armauthorization.AccessReviewDecisionResource{
	// 			Type: to.Ptr(armauthorization.DecisionResourceTypeAzureRole),
	// 			DisplayName: to.Ptr("Owner"),
	// 			ID: to.Ptr("a6c7aecb-cbfd-4763-87ef-e91b4bd509d9"),
	// 		},
	// 		ReviewedBy: &armauthorization.AccessReviewActorIdentity{
	// 			PrincipalID: to.Ptr("a6c7aecb-cbfd-4763-87ef-e91b4bd509d9"),
	// 			PrincipalName: to.Ptr("Shubham Gupta"),
	// 			PrincipalType: to.Ptr(armauthorization.AccessReviewActorIdentityTypeUser),
	// 			UserPrincipalName: to.Ptr("shugup@microsoft.com"),
	// 		},
	// 		ReviewedDateTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2018-08-03T21:02:30.667Z"); return t}()),
	// 	},
	// }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { AuthorizationManagementClient } = require("@azure/arm-authorization");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Record a decision.
 *
 * @summary Record a decision.
 * x-ms-original-file: specification/authorization/resource-manager/Microsoft.Authorization/preview/2021-12-01-preview/examples/PatchAccessReviewInstanceMyDecisionById.json
 */
async function getAccessReviews() {
  const scheduleDefinitionId = "488a6d0e-0a63-4946-86e3-1f5bbc934661";
  const id = "4135f961-be78-4005-8101-c72a5af307a2";
  const decisionId = "fa73e90b-5bf1-45fd-a182-35ce5fc0674d";
  const properties = {};
  const credential = new DefaultAzureCredential();
  const client = new AuthorizationManagementClient(credential);
  const result = await client.accessReviewInstanceMyDecisions.patch(
    scheduleDefinitionId,
    id,
    decisionId,
    properties
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample response

Status code:

200

{
  "id": "/providers/Microsoft.Authorization/accessReviewScheduleDefinitions/488a6d0e-0a63-4946-86e3-1f5bbc934661/instances/4135f961-be78-4005-8101-c72a5af307a2/decisions/fa73e90b-5bf1-45fd-a182-35ce5fc0674d",
  "type": "Microsoft.Authorization/accessReviewScheduleDefinitions/instances/decisions",
  "name": "fa73e90b-5bf1-45fd-a182-35ce5fc0674d",
  "properties": {
    "reviewedBy": {
      "principalType": "user",
      "principalId": "a6c7aecb-cbfd-4763-87ef-e91b4bd509d9",
      "principalName": "Shubham Gupta",
      "userPrincipalName": "shugup@microsoft.com"
    },
    "reviewedDateTime": "2018-08-03T21:02:30.667Z",
    "decision": "Deny",
    "justification": "This person has left this team",
    "appliedBy": {
      "principalType": "user",
      "principalId": "36777fc8-4ec2-49ea-a56c-cec0bd47d83a",
      "principalName": "Amit Ghosh",
      "userPrincipalName": "amitgho@microsoft.com"
    },
    "appliedDateTime": "2018-10-03T21:02:30.667Z",
    "applyResult": "Success",
    "recommendation": "Deny",
    "principal": {
      "type": "user",
      "id": "a6c7aecb-cbfd-4763-87ef-e91b4bd509d9",
      "displayName": "Shubham Gupta",
      "userPrincipalName": "shugup@microsoft.com"
    },
    "resource": {
      "type": "azureRole",
      "id": "a6c7aecb-cbfd-4763-87ef-e91b4bd509d9",
      "displayName": "Owner"
    }
  }
}

Definitions

Name	Description
AccessRecommendationType	The feature- generated recommendation shown to the reviewer.
AccessReviewActorIdentityType	The identity type : user/servicePrincipal
AccessReviewApplyResult	The outcome of applying the decision.
AccessReviewDecision	Access Review.
AccessReviewDecisionInsight	Access Review Decision Insight.
AccessReviewDecisionPrincipalResourceMembershipType	Every decision item in an access review represents a principal's membership to a resource. This property represents details of the membership. Examples of this detail might be whether the principal has direct access or indirect access
AccessReviewDecisionProperties	Approval Step.
AccessReviewResult	Collection of review decisions which the history data should be filtered on. For example if Approve and Deny are supplied the data will only contain review results in which the decision maker approved or denied a review request.
DecisionResourceType	The type of resource
ErrorDefinition	Error
ErrorDefinitionProperties	Error

AccessRecommendationType

Enumeration

The feature- generated recommendation shown to the reviewer.

Value	Description
Approve
Deny
NoInfoAvailable

AccessReviewActorIdentityType

Enumeration

The identity type : user/servicePrincipal

Value	Description
user
servicePrincipal

AccessReviewApplyResult

Enumeration

The outcome of applying the decision.

Value	Description
New
Applying
AppliedSuccessfully
AppliedWithUnknownFailure
AppliedSuccessfullyButObjectNotFound
ApplyNotSupported

AccessReviewDecision

Object

Access Review.

Name	Type	Description
id	string	The access review decision id.
name	string	The access review decision name.
properties.appliedBy.principalId	string	The identity id
properties.appliedBy.principalName	string	The identity display name
properties.appliedBy.principalType	AccessReviewActorIdentityType	The identity type : user/servicePrincipal
properties.appliedBy.userPrincipalName	string	The user principal name(if valid)
properties.appliedDateTime	string (date-time)	The date and time when the review decision was applied.
properties.applyResult	AccessReviewApplyResult	The outcome of applying the decision.
properties.decision	AccessReviewResult	The decision on the approval step. This value is initially set to NotReviewed. Approvers can take action of Approve/Deny
properties.insights	AccessReviewDecisionInsight[]	This is the collection of insights for this decision item.
properties.justification	string	Justification provided by approvers for their action
properties.principal.displayName	string	The display name of the user whose access was reviewed.
properties.principal.id	string	The id of principal whose access was reviewed.
properties.principal.type	DecisionTargetType	The type of decision target : User/ServicePrincipal
properties.principalResourceMembership.membershipTypes	AccessReviewDecisionPrincipalResourceMembershipType[]	Every decision item in an access review represents a principal's membership to a resource. This property represents details of the membership. Examples of this detail might be whether the principal has direct access or indirect access
properties.recommendation	AccessRecommendationType	The feature- generated recommendation shown to the reviewer.
properties.resource.displayName	string	The display name of resource associated with a decision record.
properties.resource.id	string	The id of resource associated with a decision record.
properties.resource.type	DecisionResourceType	The type of resource
properties.reviewedBy.principalId	string	The identity id
properties.reviewedBy.principalName	string	The identity display name
properties.reviewedBy.principalType	AccessReviewActorIdentityType	The identity type : user/servicePrincipal
properties.reviewedBy.userPrincipalName	string	The user principal name(if valid)
properties.reviewedDateTime	string (date-time)	Date Time when a decision was taken.
type	string	The resource type.

AccessReviewDecisionInsight

Object

Access Review Decision Insight.

Name	Type	Description
id	string	The access review insight id.
name	string	The access review insight name.
properties.insightCreatedDateTime	(date-time)	Date Time when the insight was created.
properties.type	AccessReviewDecisionInsightType	The type of insight
type	string	The resource type.

AccessReviewDecisionPrincipalResourceMembershipType

Enumeration

Every decision item in an access review represents a principal's membership to a resource. This property represents details of the membership. Examples of this detail might be whether the principal has direct access or indirect access

Value	Description
direct
indirect

AccessReviewDecisionProperties

Object

Approval Step.

Name	Type	Description
appliedBy.principalId	string	The identity id
appliedBy.principalName	string	The identity display name
appliedBy.principalType	AccessReviewActorIdentityType	The identity type : user/servicePrincipal
appliedBy.userPrincipalName	string	The user principal name(if valid)
appliedDateTime	string (date-time)	The date and time when the review decision was applied.
applyResult	AccessReviewApplyResult	The outcome of applying the decision.
decision	AccessReviewResult	The decision on the approval step. This value is initially set to NotReviewed. Approvers can take action of Approve/Deny
insights	AccessReviewDecisionInsight[]	This is the collection of insights for this decision item.
justification	string	Justification provided by approvers for their action
principal.displayName	string	The display name of the user whose access was reviewed.
principal.id	string	The id of principal whose access was reviewed.
principal.type	DecisionTargetType	The type of decision target : User/ServicePrincipal
principalResourceMembership.membershipTypes	AccessReviewDecisionPrincipalResourceMembershipType[]	Every decision item in an access review represents a principal's membership to a resource. This property represents details of the membership. Examples of this detail might be whether the principal has direct access or indirect access
recommendation	AccessRecommendationType	The feature- generated recommendation shown to the reviewer.
resource.displayName	string	The display name of resource associated with a decision record.
resource.id	string	The id of resource associated with a decision record.
resource.type	DecisionResourceType	The type of resource
reviewedBy.principalId	string	The identity id
reviewedBy.principalName	string	The identity display name
reviewedBy.principalType	AccessReviewActorIdentityType	The identity type : user/servicePrincipal
reviewedBy.userPrincipalName	string	The user principal name(if valid)
reviewedDateTime	string (date-time)	Date Time when a decision was taken.

AccessReviewResult

Enumeration

Collection of review decisions which the history data should be filtered on. For example if Approve and Deny are supplied the data will only contain review results in which the decision maker approved or denied a review request.

Value	Description
Approve
Deny
NotReviewed
DontKnow
NotNotified

DecisionResourceType

Enumeration

The type of resource

Value	Description
azureRole

ErrorDefinition

Object

Error

Name	Type	Description
error	ErrorDefinitionProperties	Error Error of the list gateway status.

ErrorDefinitionProperties

Object

Error

Name	Type	Description
code	string	Error code of list gateway.
message	string	Description of the error.