accessPackageAssignmentPolicy resource type
Namespace: microsoft.graph
Important
APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.
In Microsoft Entra entitlement management, an access package assignment policy specifies the policy by which subjects can request or be assigned an access package via an access package assignment. An access package can have zero or more policies. When a request from a subject is received, the subject is matched against each policy to find the policy (if any) with requestorSettings that include that subject. The policy then determines whether the request requires approval, the duration of the access package assignment, and whether the assignment needs regularly review.
To assign a user to an access package, create an accessPackageAssignmentRequest which references the access package and access package assignment policy.
Methods
| Method | Return Type | Description |
|---|---|---|
| List | accessPackageAssignmentPolicy collection | Retrieve a list of accessPackageAssignmentPolicy objects. |
| Create | accessPackageAssignmentPolicy | Create a new accessPackageAssignmentPolicy object. |
| Get | accessPackageAssignmentPolicy | Read properties and relationships of an accessPackageAssignmentPolicy object. |
| Update | accessPackageAssignmentPolicy | Update the properties of an accessPackageAssignmentPolicy object. |
| Delete | Delete an accessPackageAssignmentPolicy. |
Properties
| Property | Type | Description |
|---|---|---|
| accessPackageId | String | Identifier of the access package. |
| accessReviewSettings | assignmentReviewSettings | Who must review, and how often, the assignments to the access package from this policy. This property is null if reviews aren't required. |
| canExtend | Boolean | Indicates whether a user can extend the access package assignment duration after approval. |
| createdBy | String | Read-only. |
| createdDateTime | DateTimeOffset | The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z |
| description | String | The description of the policy. |
| displayName | String | The display name of the policy. Supports $filter (eq). |
| durationInDays | Int32 | The number of days in which assignments from this policy last until they're expired. |
| expirationDateTime | DateTimeOffset | The expiration date for assignments created in this policy. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z |
| id | String | Read-only. |
| modifiedBy | String | Read-only. |
| modifiedDateTime | DateTimeOffset | The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z |
| requestApprovalSettings | approvalSettings | Who must approve requests for access package in this policy. |
| requestorSettings | requestorSettings | Who can request this access package from this policy. |
| questions | accessPackageQuestion collection | Questions that are posed to the requestor. |
| verifiableCredentialSettings | verifiableCredentialSettings | Settings for verifiable credentials set up through the Microsoft Entra Verified I D service. These settings represent the verifiable credentials that a requestor of an access package in this policy can present to be assigned the access package. |
Relationships
| Relationship | Type | Description |
|---|---|---|
| accessPackage | accessPackage | The access package with this policy. Read-only. Nullable. Supports $expand. |
| customExtensionHandlers | customExtensionHandler collection | The collection of stages when to execute one or more custom access package workflow extensions. Supports $expand. |
| customExtensionStageSettings | customExtensionStageSetting collection | The collection of stages when to execute one or more custom access package workflow extensions. Supports $expand. |
JSON representation
The following JSON representation shows the resource type.
{
"@odata.type": "#microsoft.graph.accessPackageAssignmentPolicy",
"id": "String (identifier)",
"accessPackageId": "String",
"displayName": "String",
"description": "String",
"canExtend": "Boolean",
"durationInDays": "Integer",
"expirationDateTime": "String (timestamp)",
"createdBy": "String",
"createdDateTime": "String (timestamp)",
"modifiedBy": "String",
"modifiedDateTime": "String (timestamp)",
"questions":[
{
"@odata.type": "microsoft.graph.accessPackageQuestion"
}
],
"requestorSettings": {
"@odata.type": "microsoft.graph.requestorSettings"
},
"requestApprovalSettings": {
"@odata.type": "microsoft.graph.approvalSettings"
},
"accessReviewSettings": {
"@odata.type": "microsoft.graph.assignmentReviewSettings"
},
"verifiableCredentialSettings": {
"@odata.type": "microsoft.graph.verifiableCredentialSettings"
}
}