Access Review Instance My Decisions - Patch
Record a decision.
PATCH https://management.azure.com/providers/Microsoft.Authorization/accessReviewScheduleDefinitions/{scheduleDefinitionId}/instances/{id}/decisions/{decisionId}?api-version=2021-12-01-preview
URI Parameters
Name | In | Required | Type | Description |
---|---|---|---|---|
decision
|
path | True |
string |
The id of the decision record. |
id
|
path | True |
string |
The id of the access review instance. |
schedule
|
path | True |
string |
The id of the access review schedule definition. |
api-version
|
query | True |
string |
The API version to be used with the HTTP request. |
Request Body
Name | Required | Type | Description |
---|---|---|---|
principal.type | True |
Decision |
The type of decision target : User/ServicePrincipal |
resource.type | True |
The type of resource |
|
decision |
The decision on the approval step. This value is initially set to NotReviewed. Approvers can take action of Approve/Deny |
||
insights |
This is the collection of insights for this decision item. |
||
justification |
string |
Justification provided by approvers for their action |
|
principalResourceMembership.membershipTypes |
Every decision item in an access review represents a principal's membership to a resource. This property represents details of the membership. Examples of this detail might be whether the principal has direct access or indirect access |
Responses
Name | Type | Description |
---|---|---|
200 OK |
Describe the result of a successful operation. |
|
Other Status Codes |
Unexpected error |
Security
azure_auth
Azure Active Directory OAuth2 Flow
Type:
oauth2
Flow:
implicit
Authorization URL:
https://login.microsoftonline.com/common/oauth2/authorize
Scopes
Name | Description |
---|---|
user_impersonation | impersonate your user account |
Examples
GetAccessReviews
Sample request
PATCH https://management.azure.com/providers/Microsoft.Authorization/accessReviewScheduleDefinitions/488a6d0e-0a63-4946-86e3-1f5bbc934661/instances/4135f961-be78-4005-8101-c72a5af307a2/decisions/fa73e90b-5bf1-45fd-a182-35ce5fc0674d?api-version=2021-12-01-preview
{}
Sample response
{
"id": "/providers/Microsoft.Authorization/accessReviewScheduleDefinitions/488a6d0e-0a63-4946-86e3-1f5bbc934661/instances/4135f961-be78-4005-8101-c72a5af307a2/decisions/fa73e90b-5bf1-45fd-a182-35ce5fc0674d",
"type": "Microsoft.Authorization/accessReviewScheduleDefinitions/instances/decisions",
"name": "fa73e90b-5bf1-45fd-a182-35ce5fc0674d",
"properties": {
"reviewedBy": {
"principalType": "user",
"principalId": "a6c7aecb-cbfd-4763-87ef-e91b4bd509d9",
"principalName": "Shubham Gupta",
"userPrincipalName": "shugup@microsoft.com"
},
"reviewedDateTime": "2018-08-03T21:02:30.667Z",
"decision": "Deny",
"justification": "This person has left this team",
"appliedBy": {
"principalType": "user",
"principalId": "36777fc8-4ec2-49ea-a56c-cec0bd47d83a",
"principalName": "Amit Ghosh",
"userPrincipalName": "amitgho@microsoft.com"
},
"appliedDateTime": "2018-10-03T21:02:30.667Z",
"applyResult": "Success",
"recommendation": "Deny",
"principal": {
"type": "user",
"id": "a6c7aecb-cbfd-4763-87ef-e91b4bd509d9",
"displayName": "Shubham Gupta",
"userPrincipalName": "shugup@microsoft.com"
},
"resource": {
"type": "azureRole",
"id": "a6c7aecb-cbfd-4763-87ef-e91b4bd509d9",
"displayName": "Owner"
}
}
}
Definitions
Name | Description |
---|---|
Access |
The feature- generated recommendation shown to the reviewer. |
Access |
The identity type : user/servicePrincipal |
Access |
The outcome of applying the decision. |
Access |
Access Review. |
Access |
Access Review Decision Insight. |
Access |
Every decision item in an access review represents a principal's membership to a resource. This property represents details of the membership. Examples of this detail might be whether the principal has direct access or indirect access |
Access |
Approval Step. |
Access |
Collection of review decisions which the history data should be filtered on. For example if Approve and Deny are supplied the data will only contain review results in which the decision maker approved or denied a review request. |
Decision |
The type of resource |
Error |
Error |
Error |
Error |
AccessRecommendationType
The feature- generated recommendation shown to the reviewer.
Value | Description |
---|---|
Approve | |
Deny | |
NoInfoAvailable |
AccessReviewActorIdentityType
The identity type : user/servicePrincipal
Value | Description |
---|---|
user | |
servicePrincipal |
AccessReviewApplyResult
The outcome of applying the decision.
Value | Description |
---|---|
New | |
Applying | |
AppliedSuccessfully | |
AppliedWithUnknownFailure | |
AppliedSuccessfullyButObjectNotFound | |
ApplyNotSupported |
AccessReviewDecision
Access Review.
Name | Type | Description |
---|---|---|
id |
string |
The access review decision id. |
name |
string |
The access review decision name. |
properties.appliedBy.principalId |
string |
The identity id |
properties.appliedBy.principalName |
string |
The identity display name |
properties.appliedBy.principalType |
The identity type : user/servicePrincipal |
|
properties.appliedBy.userPrincipalName |
string |
The user principal name(if valid) |
properties.appliedDateTime |
string (date-time) |
The date and time when the review decision was applied. |
properties.applyResult |
The outcome of applying the decision. |
|
properties.decision |
The decision on the approval step. This value is initially set to NotReviewed. Approvers can take action of Approve/Deny |
|
properties.insights |
This is the collection of insights for this decision item. |
|
properties.justification |
string |
Justification provided by approvers for their action |
properties.principal.displayName |
string |
The display name of the user whose access was reviewed. |
properties.principal.id |
string |
The id of principal whose access was reviewed. |
properties.principal.type |
Decision |
The type of decision target : User/ServicePrincipal |
properties.principalResourceMembership.membershipTypes |
Every decision item in an access review represents a principal's membership to a resource. This property represents details of the membership. Examples of this detail might be whether the principal has direct access or indirect access |
|
properties.recommendation |
The feature- generated recommendation shown to the reviewer. |
|
properties.resource.displayName |
string |
The display name of resource associated with a decision record. |
properties.resource.id |
string |
The id of resource associated with a decision record. |
properties.resource.type |
The type of resource |
|
properties.reviewedBy.principalId |
string |
The identity id |
properties.reviewedBy.principalName |
string |
The identity display name |
properties.reviewedBy.principalType |
The identity type : user/servicePrincipal |
|
properties.reviewedBy.userPrincipalName |
string |
The user principal name(if valid) |
properties.reviewedDateTime |
string (date-time) |
Date Time when a decision was taken. |
type |
string |
The resource type. |
AccessReviewDecisionInsight
Access Review Decision Insight.
Name | Type | Description |
---|---|---|
id |
string |
The access review insight id. |
name |
string |
The access review insight name. |
properties.insightCreatedDateTime |
(date-time) |
Date Time when the insight was created. |
properties.type |
Access |
The type of insight |
type |
string |
The resource type. |
AccessReviewDecisionPrincipalResourceMembershipType
Every decision item in an access review represents a principal's membership to a resource. This property represents details of the membership. Examples of this detail might be whether the principal has direct access or indirect access
Value | Description |
---|---|
direct | |
indirect |
AccessReviewDecisionProperties
Approval Step.
Name | Type | Description |
---|---|---|
appliedBy.principalId |
string |
The identity id |
appliedBy.principalName |
string |
The identity display name |
appliedBy.principalType |
The identity type : user/servicePrincipal |
|
appliedBy.userPrincipalName |
string |
The user principal name(if valid) |
appliedDateTime |
string (date-time) |
The date and time when the review decision was applied. |
applyResult |
The outcome of applying the decision. |
|
decision |
The decision on the approval step. This value is initially set to NotReviewed. Approvers can take action of Approve/Deny |
|
insights |
This is the collection of insights for this decision item. |
|
justification |
string |
Justification provided by approvers for their action |
principal.displayName |
string |
The display name of the user whose access was reviewed. |
principal.id |
string |
The id of principal whose access was reviewed. |
principal.type |
Decision |
The type of decision target : User/ServicePrincipal |
principalResourceMembership.membershipTypes |
Every decision item in an access review represents a principal's membership to a resource. This property represents details of the membership. Examples of this detail might be whether the principal has direct access or indirect access |
|
recommendation |
The feature- generated recommendation shown to the reviewer. |
|
resource.displayName |
string |
The display name of resource associated with a decision record. |
resource.id |
string |
The id of resource associated with a decision record. |
resource.type |
The type of resource |
|
reviewedBy.principalId |
string |
The identity id |
reviewedBy.principalName |
string |
The identity display name |
reviewedBy.principalType |
The identity type : user/servicePrincipal |
|
reviewedBy.userPrincipalName |
string |
The user principal name(if valid) |
reviewedDateTime |
string (date-time) |
Date Time when a decision was taken. |
AccessReviewResult
Collection of review decisions which the history data should be filtered on. For example if Approve and Deny are supplied the data will only contain review results in which the decision maker approved or denied a review request.
Value | Description |
---|---|
Approve | |
Deny | |
NotReviewed | |
DontKnow | |
NotNotified |
DecisionResourceType
The type of resource
Value | Description |
---|---|
azureRole |
ErrorDefinition
Error
Name | Type | Description |
---|---|---|
error |
Error |
ErrorDefinitionProperties
Error
Name | Type | Description |
---|---|---|
code |
string |
Error code of list gateway. |
message |
string |
Description of the error. |