Dans Microsoft Entra gestion des droits d’utilisation, lorsqu’une stratégie de package d’accès a été activée pour appeler une extension personnalisée et que le traitement de la demande attend le rappel du client, le client peut lancer une action de reprise. Elle est effectuée sur un objet accessPackageAssignmentRequest dont requestStatus est dans un WaitingForCallback état.
Dans le corps de la demande, fournissez une représentation JSON des paramètres.
Le tableau suivant indique les paramètres utilisables avec cette action.
Paramètre
Type
Description
source
Chaîne
Source à partir de laquelle le client tente de reprendre la demande, qui peut être stockée dans le service et sera utile pour l’audit.
type
Chaîne
Indiquez à quel stade l’extension de légende personnalisée a été exécutée. Les valeurs possibles sont : microsoft.graph.accessPackageCustomExtensionStage.assignmentRequestCreated, microsoft.graph.accessPackageCustomExtensionStage.assignmentRequestApproved, microsoft.graph.accessPackageCustomExtensionStage.assignmentRequestGranted, microsoft.graph.accessPackageCustomExtensionStage.assignmentRequestRemoved
POST https://graph.microsoft.com/v1.0/identityGovernance/entitlementManagement/assignmentRequests/0e60f18c-b2a0-4887-9da8-da2e30a39d99/resume
Content-Type: application/json
{
"source": "Contoso.SodCheckProcess",
"type": "microsoft.graph.accessPackageCustomExtensionStage.assignmentRequestCreated",
"data": {
"@odata.type": "microsoft.graph.accessPackageAssignmentRequestCallbackData",
"stage": "assignmentRequestCreated",
"customExtensionStageInstanceId": "957d0c50-466b-4840-bb5b-c92cea7141ff",
"customExtensionStageInstanceDetail": "This user is all verified"
}
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.IdentityGovernance.EntitlementManagement.AssignmentRequests.Item.Resume;
using Microsoft.Graph.Models;
var requestBody = new ResumePostRequestBody
{
Source = "Contoso.SodCheckProcess",
Type = "microsoft.graph.accessPackageCustomExtensionStage.assignmentRequestCreated",
Data = new AccessPackageAssignmentRequestCallbackData
{
OdataType = "microsoft.graph.accessPackageAssignmentRequestCallbackData",
Stage = AccessPackageCustomExtensionStage.AssignmentRequestCreated,
CustomExtensionStageInstanceId = "957d0c50-466b-4840-bb5b-c92cea7141ff",
CustomExtensionStageInstanceDetail = "This user is all verified",
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
await graphClient.IdentityGovernance.EntitlementManagement.AssignmentRequests["{accessPackageAssignmentRequest-id}"].Resume.PostAsync(requestBody);
// THE CLI IS IN PREVIEW. NON-PRODUCTION USE ONLY
mgc identity-governance entitlement-management assignment-requests resume post --access-package-assignment-request-id {accessPackageAssignmentRequest-id} --body '{\
"source": "Contoso.SodCheckProcess",\
"type": "microsoft.graph.accessPackageCustomExtensionStage.assignmentRequestCreated",\
"data": {\
"@odata.type": "microsoft.graph.accessPackageAssignmentRequestCallbackData",\
"stage": "assignmentRequestCreated",\
"customExtensionStageInstanceId": "957d0c50-466b-4840-bb5b-c92cea7141ff",\
"customExtensionStageInstanceDetail": "This user is all verified"\
}\
}\
'
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
com.microsoft.graph.identitygovernance.entitlementmanagement.assignmentrequests.item.resume.ResumePostRequestBody resumePostRequestBody = new com.microsoft.graph.identitygovernance.entitlementmanagement.assignmentrequests.item.resume.ResumePostRequestBody();
resumePostRequestBody.setSource("Contoso.SodCheckProcess");
resumePostRequestBody.setType("microsoft.graph.accessPackageCustomExtensionStage.assignmentRequestCreated");
AccessPackageAssignmentRequestCallbackData data = new AccessPackageAssignmentRequestCallbackData();
data.setOdataType("microsoft.graph.accessPackageAssignmentRequestCallbackData");
data.setStage(AccessPackageCustomExtensionStage.AssignmentRequestCreated);
data.setCustomExtensionStageInstanceId("957d0c50-466b-4840-bb5b-c92cea7141ff");
data.setCustomExtensionStageInstanceDetail("This user is all verified");
resumePostRequestBody.setData(data);
graphClient.identityGovernance().entitlementManagement().assignmentRequests().byAccessPackageAssignmentRequestId("{accessPackageAssignmentRequest-id}").resume().post(resumePostRequestBody);
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\ResumePostRequestBody;
use Microsoft\Graph\Generated\Models\AccessPackageAssignmentRequestCallbackData;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new ResumePostRequestBody();
$requestBody->setSource('Contoso.SodCheckProcess');
$requestBody->setType('microsoft.graph.accessPackageCustomExtensionStage.assignmentRequestCreated');
$data = new AccessPackageAssignmentRequestCallbackData();
$data->setOdataType('microsoft.graph.accessPackageAssignmentRequestCallbackData');
$data->setStage(new AccessPackageCustomExtensionStage('assignmentRequestCreated'));
$data->setCustomExtensionStageInstanceId('957d0c50-466b-4840-bb5b-c92cea7141ff');
$data->setCustomExtensionStageInstanceDetail('This user is all verified');
$requestBody->setData($data);
$graphServiceClient->identityGovernance()->entitlementManagement()->assignmentRequests()->byAccessPackageAssignmentRequestId('accessPackageAssignmentRequest-id')->resume()->post($requestBody)->wait();
Exemple 2 : Reprendre et refuser une demande d’attribution de package d’accès
Demande
Voici un exemple pour reprendre le traitement d’une demande d’attribution de package d’accès en refusant la requête qui attend un rappel. Une demande ne peut pas être refusée au assignmentRequestCreated stade de la légende.
POST https://graph.microsoft.com/v1.0/identityGovernance/entitlementManagement/assignmentRequests/9e60f18c-b2a0-4887-9da8-da2e30a39d99/resume
Content-Type: application/json
{
"source": "Contoso.SodCheckProcess",
"type": "microsoft.graph.accessPackageCustomExtensionStage.assignmentRequestCreated",
"data": {
"@odata.type": "microsoft.graph.accessPackageAssignmentRequestCallbackData",
"stage": "AssignmentRequestCreated",
"customExtensionStageInstanceId": "857d0c50-466b-4840-bb5b-c92cea7141ff",
"state": "denied",
"customExtensionStageInstanceDetail": "Potential risk user based on the SOD check"
}
}
Bientôt disponible : Tout au long de 2024, nous allons supprimer progressivement GitHub Issues comme mécanisme de commentaires pour le contenu et le remplacer par un nouveau système de commentaires. Pour plus d’informations, consultez https://aka.ms/ContentUserFeedback.