Share via


Access Review Instance My Decisions - Patch

Record a decision.

PATCH https://management.azure.com/providers/Microsoft.Authorization/accessReviewScheduleDefinitions/{scheduleDefinitionId}/instances/{id}/decisions/{decisionId}?api-version=2021-12-01-preview

URI Parameters

Name In Required Type Description
decisionId
path True

string

The id of the decision record.

id
path True

string

The id of the access review instance.

scheduleDefinitionId
path True

string

The id of the access review schedule definition.

api-version
query True

string

The API version to be used with the HTTP request.

Request Body

Name Required Type Description
principal.type True

DecisionTargetType

The type of decision target : User/ServicePrincipal

resource.type True

DecisionResourceType

The type of resource

decision

AccessReviewResult

The decision on the approval step. This value is initially set to NotReviewed. Approvers can take action of Approve/Deny

insights

AccessReviewDecisionInsight[]

This is the collection of insights for this decision item.

justification

string

Justification provided by approvers for their action

principalResourceMembership.membershipTypes

AccessReviewDecisionPrincipalResourceMembershipType[]

Every decision item in an access review represents a principal's membership to a resource. This property represents details of the membership. Examples of this detail might be whether the principal has direct access or indirect access

Responses

Name Type Description
200 OK

AccessReviewDecision

Describe the result of a successful operation.

Other Status Codes

ErrorDefinition

Unexpected error

Security

azure_auth

Azure Active Directory OAuth2 Flow

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name Description
user_impersonation impersonate your user account

Examples

GetAccessReviews

Sample request

PATCH https://management.azure.com/providers/Microsoft.Authorization/accessReviewScheduleDefinitions/488a6d0e-0a63-4946-86e3-1f5bbc934661/instances/4135f961-be78-4005-8101-c72a5af307a2/decisions/fa73e90b-5bf1-45fd-a182-35ce5fc0674d?api-version=2021-12-01-preview

{}

Sample response

{
  "id": "/providers/Microsoft.Authorization/accessReviewScheduleDefinitions/488a6d0e-0a63-4946-86e3-1f5bbc934661/instances/4135f961-be78-4005-8101-c72a5af307a2/decisions/fa73e90b-5bf1-45fd-a182-35ce5fc0674d",
  "type": "Microsoft.Authorization/accessReviewScheduleDefinitions/instances/decisions",
  "name": "fa73e90b-5bf1-45fd-a182-35ce5fc0674d",
  "properties": {
    "reviewedBy": {
      "principalType": "user",
      "principalId": "a6c7aecb-cbfd-4763-87ef-e91b4bd509d9",
      "principalName": "Shubham Gupta",
      "userPrincipalName": "shugup@microsoft.com"
    },
    "reviewedDateTime": "2018-08-03T21:02:30.667Z",
    "decision": "Deny",
    "justification": "This person has left this team",
    "appliedBy": {
      "principalType": "user",
      "principalId": "36777fc8-4ec2-49ea-a56c-cec0bd47d83a",
      "principalName": "Amit Ghosh",
      "userPrincipalName": "amitgho@microsoft.com"
    },
    "appliedDateTime": "2018-10-03T21:02:30.667Z",
    "applyResult": "Success",
    "recommendation": "Deny",
    "principal": {
      "type": "user",
      "id": "a6c7aecb-cbfd-4763-87ef-e91b4bd509d9",
      "displayName": "Shubham Gupta",
      "userPrincipalName": "shugup@microsoft.com"
    },
    "resource": {
      "type": "azureRole",
      "id": "a6c7aecb-cbfd-4763-87ef-e91b4bd509d9",
      "displayName": "Owner"
    }
  }
}

Definitions

Name Description
AccessRecommendationType

The feature- generated recommendation shown to the reviewer.

AccessReviewActorIdentityType

The identity type : user/servicePrincipal

AccessReviewApplyResult

The outcome of applying the decision.

AccessReviewDecision

Access Review.

AccessReviewDecisionInsight

Access Review Decision Insight.

AccessReviewDecisionPrincipalResourceMembershipType

Every decision item in an access review represents a principal's membership to a resource. This property represents details of the membership. Examples of this detail might be whether the principal has direct access or indirect access

AccessReviewDecisionProperties

Approval Step.

AccessReviewResult

Collection of review decisions which the history data should be filtered on. For example if Approve and Deny are supplied the data will only contain review results in which the decision maker approved or denied a review request.

DecisionResourceType

The type of resource

ErrorDefinition

Error

ErrorDefinitionProperties

Error

AccessRecommendationType

The feature- generated recommendation shown to the reviewer.

Value Description
Approve
Deny
NoInfoAvailable

AccessReviewActorIdentityType

The identity type : user/servicePrincipal

Value Description
user
servicePrincipal

AccessReviewApplyResult

The outcome of applying the decision.

Value Description
New
Applying
AppliedSuccessfully
AppliedWithUnknownFailure
AppliedSuccessfullyButObjectNotFound
ApplyNotSupported

AccessReviewDecision

Access Review.

Name Type Description
id

string

The access review decision id.

name

string

The access review decision name.

properties.appliedBy.principalId

string

The identity id

properties.appliedBy.principalName

string

The identity display name

properties.appliedBy.principalType

AccessReviewActorIdentityType

The identity type : user/servicePrincipal

properties.appliedBy.userPrincipalName

string

The user principal name(if valid)

properties.appliedDateTime

string (date-time)

The date and time when the review decision was applied.

properties.applyResult

AccessReviewApplyResult

The outcome of applying the decision.

properties.decision

AccessReviewResult

The decision on the approval step. This value is initially set to NotReviewed. Approvers can take action of Approve/Deny

properties.insights

AccessReviewDecisionInsight[]

This is the collection of insights for this decision item.

properties.justification

string

Justification provided by approvers for their action

properties.principal.displayName

string

The display name of the user whose access was reviewed.

properties.principal.id

string

The id of principal whose access was reviewed.

properties.principal.type

DecisionTargetType

The type of decision target : User/ServicePrincipal

properties.principalResourceMembership.membershipTypes

AccessReviewDecisionPrincipalResourceMembershipType[]

Every decision item in an access review represents a principal's membership to a resource. This property represents details of the membership. Examples of this detail might be whether the principal has direct access or indirect access

properties.recommendation

AccessRecommendationType

The feature- generated recommendation shown to the reviewer.

properties.resource.displayName

string

The display name of resource associated with a decision record.

properties.resource.id

string

The id of resource associated with a decision record.

properties.resource.type

DecisionResourceType

The type of resource

properties.reviewedBy.principalId

string

The identity id

properties.reviewedBy.principalName

string

The identity display name

properties.reviewedBy.principalType

AccessReviewActorIdentityType

The identity type : user/servicePrincipal

properties.reviewedBy.userPrincipalName

string

The user principal name(if valid)

properties.reviewedDateTime

string (date-time)

Date Time when a decision was taken.

type

string

The resource type.

AccessReviewDecisionInsight

Access Review Decision Insight.

Name Type Description
id

string

The access review insight id.

name

string

The access review insight name.

properties.insightCreatedDateTime

(date-time)

Date Time when the insight was created.

properties.type

AccessReviewDecisionInsightType

The type of insight

type

string

The resource type.

AccessReviewDecisionPrincipalResourceMembershipType

Every decision item in an access review represents a principal's membership to a resource. This property represents details of the membership. Examples of this detail might be whether the principal has direct access or indirect access

Value Description
direct
indirect

AccessReviewDecisionProperties

Approval Step.

Name Type Description
appliedBy.principalId

string

The identity id

appliedBy.principalName

string

The identity display name

appliedBy.principalType

AccessReviewActorIdentityType

The identity type : user/servicePrincipal

appliedBy.userPrincipalName

string

The user principal name(if valid)

appliedDateTime

string (date-time)

The date and time when the review decision was applied.

applyResult

AccessReviewApplyResult

The outcome of applying the decision.

decision

AccessReviewResult

The decision on the approval step. This value is initially set to NotReviewed. Approvers can take action of Approve/Deny

insights

AccessReviewDecisionInsight[]

This is the collection of insights for this decision item.

justification

string

Justification provided by approvers for their action

principal.displayName

string

The display name of the user whose access was reviewed.

principal.id

string

The id of principal whose access was reviewed.

principal.type

DecisionTargetType

The type of decision target : User/ServicePrincipal

principalResourceMembership.membershipTypes

AccessReviewDecisionPrincipalResourceMembershipType[]

Every decision item in an access review represents a principal's membership to a resource. This property represents details of the membership. Examples of this detail might be whether the principal has direct access or indirect access

recommendation

AccessRecommendationType

The feature- generated recommendation shown to the reviewer.

resource.displayName

string

The display name of resource associated with a decision record.

resource.id

string

The id of resource associated with a decision record.

resource.type

DecisionResourceType

The type of resource

reviewedBy.principalId

string

The identity id

reviewedBy.principalName

string

The identity display name

reviewedBy.principalType

AccessReviewActorIdentityType

The identity type : user/servicePrincipal

reviewedBy.userPrincipalName

string

The user principal name(if valid)

reviewedDateTime

string (date-time)

Date Time when a decision was taken.

AccessReviewResult

Collection of review decisions which the history data should be filtered on. For example if Approve and Deny are supplied the data will only contain review results in which the decision maker approved or denied a review request.

Value Description
Approve
Deny
NotReviewed
DontKnow
NotNotified

DecisionResourceType

The type of resource

Value Description
azureRole

ErrorDefinition

Error

Name Type Description
error

ErrorDefinitionProperties

Error
Error of the list gateway status.

ErrorDefinitionProperties

Error

Name Type Description
code

string

Error code of list gateway.

message

string

Description of the error.