AWS 認可システムの Permissions Management API 操作のクイックリファレンス

[アーティクル]
03/21/2024

アクセス許可管理 API を使用すると、複数のクラウドにまたがるすべての ID に割り当てられているアクセス許可を検出できます。アクセス許可を要求する。アクセス許可要求を承認、拒否、取り消します。この記事では、アクセス許可管理 API を通じてサポートされる AWS 承認システムでの API 操作のクイックリファレンスガイドを提供します。

すべての承認システムを取得する

Permissions Management にオンボードされているすべての承認システムを一覧表示します。

GET https://graph.microsoft.com/beta/external/authorizationSystems

承認システムを名前でフィルター処理します。

GET https://graph.microsoft.com/beta/external/authorizationSystems?$filter=contains(authorizationSystemName, 'cloud')

承認システムを取得する

GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}

AWS 承認システムを一覧表示する

authorizationSystemType プロパティでフィルター処理することで、Permissions Management にオンボードされている AWS 承認システムを一覧表示します。

GET https://graph.microsoft.com/beta/external/authorizationSystems?$filter=authorizationSystemType eq 'aws'


// Code snippets are only available for the latest version. Current version is 5.x

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.External.AuthorizationSystems.GetAsync((requestConfiguration) =>
{
	requestConfiguration.QueryParameters.Filter = "authorizationSystemType eq 'aws'";
});



mgc-beta external authorization-systems list --filter "authorizationSystemType eq 'aws'"



// Code snippets are only available for the latest major version. Current major version is $v0.*

// Dependencies
import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
	  graphexternal "github.com/microsoftgraph/msgraph-beta-sdk-go/external"
	  //other-imports
)


requestFilter := "authorizationSystemType eq 'aws'"

requestParameters := &graphexternal.ExternalAuthorizationSystemsRequestBuilderGetQueryParameters{
	Filter: &requestFilter,
}
configuration := &graphexternal.ExternalAuthorizationSystemsRequestBuilderGetRequestConfiguration{
	QueryParameters: requestParameters,
}

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
authorizationSystems, err := graphClient.External().AuthorizationSystems().Get(context.Background(), configuration)


// Code snippets are only available for the latest version. Current version is 6.x

GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);

AuthorizationSystemCollectionResponse result = graphClient.external().authorizationSystems().get(requestConfiguration -> {
	requestConfiguration.queryParameters.filter = "authorizationSystemType eq 'aws'";
});


const options = {
	authProvider,
};

const client = Client.init(options);

let authorizationSystems = await client.api('/external/authorizationSystems')
	.version('beta')
	.filter('authorizationSystemType eq \'aws\'')
	.get();


<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\External\AuthorizationSystems\AuthorizationSystemsRequestBuilderGetRequestConfiguration;


$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);

$requestConfiguration = new AuthorizationSystemsRequestBuilderGetRequestConfiguration();
$queryParameters = AuthorizationSystemsRequestBuilderGetRequestConfiguration::createQueryParameters();
$queryParameters->filter = "authorizationSystemType eq 'aws'";
$requestConfiguration->queryParameters = $queryParameters;


$result = $graphServiceClient->external()->authorizationSystems()->get($requestConfiguration)->wait();


Import-Module Microsoft.Graph.Beta.Search

Get-MgBetaExternalAuthorizationSystem -Filter "authorizationSystemType eq 'aws'"


# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.external.authorization_systems.authorization_systems_request_builder import AuthorizationSystemsRequestBuilder
from kiota_abstractions.base_request_configuration import RequestConfiguration
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
query_params = AuthorizationSystemsRequestBuilder.AuthorizationSystemsRequestBuilderGetQueryParameters(
		filter = "authorizationSystemType eq 'aws'",
)

request_configuration = RequestConfiguration(
query_parameters = query_params,
)

result = await graph_client.external.authorization_systems.get(request_configuration = request_configuration)

Permissions Management にオンボードされている AWS 承認システムを一覧表示します。

GET https://graph.microsoft.com/beta/external/authorizationSystems/microsoft.graph.awsAuthorizationSystem


// Code snippets are only available for the latest version. Current version is 5.x

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.External.AuthorizationSystems["{authorizationSystem-id}"].GetAsync();



mgc-beta external authorization-systems get --authorization-system-id {authorizationSystem-id}



// Code snippets are only available for the latest major version. Current major version is $v0.*

// Dependencies
import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
	  //other-imports
)


// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
authorizationSystems, err := graphClient.External().AuthorizationSystems().ByAuthorizationSystemId("authorizationSystem-id").Get(context.Background(), nil)


// Code snippets are only available for the latest version. Current version is 6.x

GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);

AuthorizationSystem result = graphClient.external().authorizationSystems().byAuthorizationSystemId("{authorizationSystem-id}").get();


const options = {
	authProvider,
};

const client = Client.init(options);

let awsAuthorizationSystem = await client.api('/external/authorizationSystems/microsoft.graph.awsAuthorizationSystem')
	.version('beta')
	.get();


<?php
use Microsoft\Graph\Beta\GraphServiceClient;


$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);


$result = $graphServiceClient->external()->authorizationSystems()->byAuthorizationSystemId('authorizationSystem-id')->get()->wait();


Import-Module Microsoft.Graph.Beta.Search

Get-MgBetaExternalAuthorizationSystem -AuthorizationSystemId $authorizationSystemId


# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python

result = await graph_client.external.authorization_systems.by_authorization_system_id('authorizationSystem-id').get()

オンラインでアクセス許可の変更機能が有効になっているすべての AWS 承認システムを特定します。

GET https://graph.microsoft.com/beta/external/authorizationSystems?$filter=authorizationSystemType eq 'aws' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/permissionsModificationCapability eq 'enabled' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/status eq 'online'


// Code snippets are only available for the latest version. Current version is 5.x

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.External.AuthorizationSystems.GetAsync((requestConfiguration) =>
{
	requestConfiguration.QueryParameters.Filter = "authorizationSystemType eq 'aws' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/permissionsModificationCapability eq 'enabled' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/status eq 'online'";
});



mgc-beta external authorization-systems list --filter "authorizationSystemType eq 'aws' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/permissionsModificationCapability eq 'enabled' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/status eq 'online'"



// Code snippets are only available for the latest major version. Current major version is $v0.*

// Dependencies
import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
	  graphexternal "github.com/microsoftgraph/msgraph-beta-sdk-go/external"
	  //other-imports
)


requestFilter := "authorizationSystemType eq 'aws' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/permissionsModificationCapability eq 'enabled' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/status eq 'online'"

requestParameters := &graphexternal.ExternalAuthorizationSystemsRequestBuilderGetQueryParameters{
	Filter: &requestFilter,
}
configuration := &graphexternal.ExternalAuthorizationSystemsRequestBuilderGetRequestConfiguration{
	QueryParameters: requestParameters,
}

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
authorizationSystems, err := graphClient.External().AuthorizationSystems().Get(context.Background(), configuration)


// Code snippets are only available for the latest version. Current version is 6.x

GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);

AuthorizationSystemCollectionResponse result = graphClient.external().authorizationSystems().get(requestConfiguration -> {
	requestConfiguration.queryParameters.filter = "authorizationSystemType eq 'aws' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/permissionsModificationCapability eq 'enabled' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/status eq 'online'";
});


const options = {
	authProvider,
};

const client = Client.init(options);

let authorizationSystems = await client.api('/external/authorizationSystems')
	.version('beta')
	.filter('authorizationSystemType eq \'aws\' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/permissionsModificationCapability eq \'enabled\' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/status eq \'online\'')
	.get();


<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\External\AuthorizationSystems\AuthorizationSystemsRequestBuilderGetRequestConfiguration;


$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);

$requestConfiguration = new AuthorizationSystemsRequestBuilderGetRequestConfiguration();
$queryParameters = AuthorizationSystemsRequestBuilderGetRequestConfiguration::createQueryParameters();
$queryParameters->filter = "authorizationSystemType eq 'aws' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/permissionsModificationCapability eq 'enabled' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/status eq 'online'";
$requestConfiguration->queryParameters = $queryParameters;


$result = $graphServiceClient->external()->authorizationSystems()->get($requestConfiguration)->wait();


Import-Module Microsoft.Graph.Beta.Search

Get-MgBetaExternalAuthorizationSystem -Filter "authorizationSystemType eq 'aws' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/permissionsModificationCapability eq 'enabled' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/status eq 'online'"


# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.external.authorization_systems.authorization_systems_request_builder import AuthorizationSystemsRequestBuilder
from kiota_abstractions.base_request_configuration import RequestConfiguration
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
query_params = AuthorizationSystemsRequestBuilder.AuthorizationSystemsRequestBuilderGetQueryParameters(
		filter = "authorizationSystemType eq 'aws' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/permissionsModificationCapability eq 'enabled' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/status eq 'online'",
)

request_configuration = RequestConfiguration(
query_parameters = query_params,
)

result = await graph_client.external.authorization_systems.get(request_configuration = request_configuration)

AWS 承認システムで ID を取得する

すべての ID を一覧表示する

GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/associatedIdentities/all

Snippet not available

Snippet not available

Snippet not available

Snippet not available


const options = {
	authProvider,
};

const client = Client.init(options);

let all = await client.api('/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/associatedIdentities/all')
	.version('beta')
	.get();

Snippet not available

Snippet not available

Snippet not available

1 つの ID を取得する

主キー ID による。

GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/associatedIdentities/all/{id}

Snippet not available

Snippet not available

Snippet not available

Snippet not available


const options = {
	authProvider,
};

const client = Client.init(options);

let awsIdentity = await client.api('/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/associatedIdentities/all/{id}')
	.version('beta')
	.get();

Snippet not available

Snippet not available

Snippet not available

代替キー externalId。

GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/associatedIdentities/all(externalId='{externalId}')

AWS ロールを取得する

すべての AWS ロールを一覧表示する

GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/associatedIdentities/roles

Snippet not available

Snippet not available

Snippet not available

Snippet not available


const options = {
	authProvider,
};

const client = Client.init(options);

let roles = await client.api('/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/associatedIdentities/roles')
	.version('beta')
	.get();

Snippet not available

Snippet not available

Snippet not available

1 つの AWS ロールを取得する

主キーロール ID 別。

GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/associatedIdentities/roles/{id}

Snippet not available

Snippet not available

Snippet not available

Snippet not available


const options = {
	authProvider,
};

const client = Client.init(options);

let awsRole = await client.api('/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/associatedIdentities/roles/{id}')
	.version('beta')
	.get();

Snippet not available

Snippet not available

Snippet not available

代替キー externalId。

GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/associatedIdentities/roles(externalId='{externalId}')

AWS ユーザーを取得する

すべての AWS ユーザーを一覧表示する

GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/associatedIdentities/users

Snippet not available

Snippet not available

Snippet not available

Snippet not available


const options = {
	authProvider,
};

const client = Client.init(options);

let users = await client.api('/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/associatedIdentities/users')
	.version('beta')
	.get();

Snippet not available

Snippet not available

Snippet not available

AWS ユーザーを 1 人取得する

主キーユーザー ID。

GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/associatedIdentities/users/{id}

Snippet not available

Snippet not available

Snippet not available

Snippet not available


const options = {
	authProvider,
};

const client = Client.init(options);

let awsUser = await client.api('/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/associatedIdentities/users/{id}')
	.version('beta')
	.get();

Snippet not available

Snippet not available

Snippet not available

代替キー externalId。

GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/associatedIdentities/users(externalId='{externalId}')

Snippet not available

Snippet not available

Snippet not available

Snippet not available


const options = {
	authProvider,
};

const client = Client.init(options);

let awsUser = await client.api('/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/associatedIdentities/users/{id}')
	.version('beta')
	.get();

Snippet not available

Snippet not available

Snippet not available

AWS ユーザーの許容ロールを一覧表示する

GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/associatedIdentities/users/{id}/assumableRoles

Snippet not available

Snippet not available

Snippet not available

Snippet not available


const options = {
	authProvider,
};

const client = Client.init(options);

let assumableRoles = await client.api('/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/associatedIdentities/users/{id}/assumableRoles')
	.version('beta')
	.get();

Snippet not available

Snippet not available

Snippet not available

アクションを取得する

すべてのアクションを一覧表示する

すべてのアクションを一覧表示します。

GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/actions

Snippet not available

Snippet not available

Snippet not available

Snippet not available


const options = {
	authProvider,
};

const client = Client.init(options);

let actions = await client.api('/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/actions')
	.version('beta')
	.get();

Snippet not available

Snippet not available

Snippet not available

AWS 承認システム内の特定のサービスのアクションを一覧表示します。

GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/actions?$filter=service/id eq 'ec2'

Snippet not available

Snippet not available

Snippet not available

Snippet not available


const options = {
	authProvider,
};

const client = Client.init(options);

let actions = await client.api('/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/actions')
	.version('beta')
	.filter('service/id eq \'ec2\'')
	.get();

Snippet not available

Snippet not available

Snippet not available

AWS 承認システムの特定のサービスに対するリスクの高い削除アクションを一覧表示する

GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/actions?$filter=service/id eq 'ec2' and severity eq 'high' and actionType eq 'delete'

Snippet not available

Snippet not available

Snippet not available

Snippet not available


const options = {
	authProvider,
};

const client = Client.init(options);

let actions = await client.api('/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/actions')
	.version('beta')
	.filter('service/id eq \'ec2\' and severity eq \'high\' and actionType eq \'delete\'')
	.get();

Snippet not available

Snippet not available

Snippet not available

アクションを取得する

主キーアクション ID による。

GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/actions/{id}

Snippet not available

Snippet not available

Snippet not available

Snippet not available


const options = {
	authProvider,
};

const client = Client.init(options);

let awsAuthorizationSystemTypeAction = await client.api('/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/actions/{id}')
	.version('beta')
	.get();

Snippet not available

Snippet not available

Snippet not available

代替キー externalId。

GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/actions(externalId='{externalId}')

ポリシーを取得する

すべてのポリシーを一覧表示する

すべてのポリシーを一覧表示します。

GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/policies

Snippet not available

Snippet not available

Snippet not available

Snippet not available


const options = {
	authProvider,
};

const client = Client.init(options);

let policies = await client.api('/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/policies')
	.version('beta')
	.get();

Snippet not available

Snippet not available

Snippet not available

特定のポリシー名に一致するすべてのポリシーを一覧表示します。

GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/policies?$filter=displayName eq 'AdministratorAccess'

Snippet not available

Snippet not available

Snippet not available

Snippet not available


const options = {
	authProvider,
};

const client = Client.init(options);

let policies = await client.api('/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/policies')
	.version('beta')
	.filter('displayName eq \'AdministratorAccess\'')
	.get();

Snippet not available

Snippet not available

Snippet not available

ポリシー名に特定の文字列が含まれるすべてのポリシーを一覧表示します。

GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/policies?$filter=contains(displayName, 'Buckets')

Snippet not available

Snippet not available

Snippet not available

Snippet not available


const options = {
	authProvider,
};

const client = Client.init(options);

let policies = await client.api('/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/policies')
	.version('beta')
	.filter('contains(displayName, \'Buckets\')')
	.get();

Snippet not available

Snippet not available

Snippet not available

すべてのカスタムポリシーを一覧表示します。

GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/policies?$filter=type eq 'custom'

ポリシーを取得する

主キーポリシー ID。

GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/policies/{id}

Snippet not available

Snippet not available

Snippet not available

Snippet not available


const options = {
	authProvider,
};

const client = Client.init(options);

let awsPolicy = await client.api('/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/policies/{id}')
	.version('beta')
	.get();

Snippet not available

Snippet not available

Snippet not available

代替キー externalId。

GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/policies(externalId='{externalId}')

リソースを取得する

すべてのリソースを一覧表示する

GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/resources

Snippet not available

Snippet not available

Snippet not available

Snippet not available


const options = {
	authProvider,
};

const client = Client.init(options);

let resources = await client.api('/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/resources')
	.version('beta')
	.get();

Snippet not available

Snippet not available

Snippet not available

リソースを取得する

主キーリソース ID。

GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/resources/{id}

Snippet not available

Snippet not available

Snippet not available

Snippet not available


const options = {
	authProvider,
};

const client = Client.init(options);

let awsAuthorizationSystemResource = await client.api('/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/resources/{id}')
	.version('beta')
	.get();

Snippet not available

Snippet not available

Snippet not available

代替キー externalId。

GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/resources(externalId='{externalId}')

サービスを取得する

すべてのサービスを一覧表示する

GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/services

Snippet not available

Snippet not available

Snippet not available

Snippet not available


const options = {
	authProvider,
};

const client = Client.init(options);

let services = await client.api('/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/services')
	.version('beta')
	.get();

Snippet not available

Snippet not available

Snippet not available

サービスを取得する

GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/services/{id}

Snippet not available

Snippet not available

Snippet not available

Snippet not available


const options = {
	authProvider,
};

const client = Client.init(options);

let authorizationSystemTypeService = await client.api('/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/services/{id}')
	.version('beta')
	.get();

Snippet not available

Snippet not available

Snippet not available

AWS ポリシーを要求する

POST https://graph.microsoft.com/beta/identityGovernance/permissionsManagement/scheduledPermissionsRequests
Content-Type: application/json

{
  "requestedPermissions": {
    "@odata.type": "#microsoft.graph.awsPermissionsDefinition",
    "authorizationSystemInfo": {
      "authorizationSystemId": "956987887735",
      "authorizationSystemType": "AWS"
    },
    "actionInfo": {
      "@odata.type": "microsoft.graph.awsPolicyPermissionsDefinitionAction",
      "policies": [
        {
          "id": "arn:aws:iam::956987887735:policy/AddUserToGroup"
        }
      ],
      "assignToRoleId": "arn:aws:aim::956987887735:role/saml-user"
    },
    "identityInfo": {
      "externalId": "alex@contoso.com",
      "source": {
        "@odata.type": "microsoft.graph.samlIdentitySource"
      },
      "identityType": "user"
    }
  },
  "justification": "I need to do this because I want to add a user to a group",
  "notes": "Pretty Please",
  "scheduleInfo": {
    "expiration": {
      "duration": "PT1H"
    }
  },
  "ticketInfo": {
    "ticketNumber": "INC1234567",
    "ticketSystem": "ServiceNow",
    "ticketSubmitterIdentityId": "alex@contoso.com",
    "ticketApproverIdentityId": "alexmanager@contoso.com"
  }
}


// Code snippets are only available for the latest version. Current version is 5.x

// Dependencies
using Microsoft.Graph.Beta.Models;

var requestBody = new ScheduledPermissionsRequest
{
	RequestedPermissions = new AwsPermissionsDefinition
	{
		OdataType = "#microsoft.graph.awsPermissionsDefinition",
		AuthorizationSystemInfo = new PermissionsDefinitionAuthorizationSystem
		{
			AuthorizationSystemId = "956987887735",
			AuthorizationSystemType = "AWS",
		},
		ActionInfo = new AwsPolicyPermissionsDefinitionAction
		{
			OdataType = "microsoft.graph.awsPolicyPermissionsDefinitionAction",
			Policies = new List<PermissionsDefinitionAwsPolicy>
			{
				new PermissionsDefinitionAwsPolicy
				{
					Id = "arn:aws:iam::956987887735:policy/AddUserToGroup",
				},
			},
			AssignToRoleId = "arn:aws:aim::956987887735:role/saml-user",
		},
		IdentityInfo = new PermissionsDefinitionAuthorizationSystemIdentity
		{
			ExternalId = "alex@contoso.com",
			Source = new SamlIdentitySource
			{
				OdataType = "microsoft.graph.samlIdentitySource",
			},
			IdentityType = PermissionsDefinitionIdentityType.User,
		},
	},
	Justification = "I need to do this because I want to add a user to a group",
	Notes = "Pretty Please",
	ScheduleInfo = new RequestSchedule
	{
		Expiration = new ExpirationPattern
		{
			Duration = TimeSpan.Parse("PT1H"),
		},
	},
	TicketInfo = new TicketInfo
	{
		TicketNumber = "INC1234567",
		TicketSystem = "ServiceNow",
		TicketSubmitterIdentityId = "alex@contoso.com",
		TicketApproverIdentityId = "alexmanager@contoso.com",
	},
};

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.PermissionsManagement.ScheduledPermissionsRequests.PostAsync(requestBody);



mgc-beta identity-governance permissions-management scheduled-permissions-requests post --body '{\
  "requestedPermissions": {\
    "@odata.type": "#microsoft.graph.awsPermissionsDefinition",\
    "authorizationSystemInfo": {\
      "authorizationSystemId": "956987887735",\
      "authorizationSystemType": "AWS"\
    },\
    "actionInfo": {\
      "@odata.type": "microsoft.graph.awsPolicyPermissionsDefinitionAction",\
      "policies": [\
        {\
          "id": "arn:aws:iam::956987887735:policy/AddUserToGroup"\
        }\
      ],\
      "assignToRoleId": "arn:aws:aim::956987887735:role/saml-user"\
    },\
    "identityInfo": {\
      "externalId": "alex@contoso.com",\
      "source": {\
        "@odata.type": "microsoft.graph.samlIdentitySource"\
      },\
      "identityType": "user"\
    }\
  },\
  "justification": "I need to do this because I want to add a user to a group",\
  "notes": "Pretty Please",\
  "scheduleInfo": {\
    "expiration": {\
      "duration": "PT1H"\
    }\
  },\
  "ticketInfo": {\
    "ticketNumber": "INC1234567",\
    "ticketSystem": "ServiceNow",\
    "ticketSubmitterIdentityId": "alex@contoso.com",\
    "ticketApproverIdentityId": "alexmanager@contoso.com"\
  }\
}\
'



// Code snippets are only available for the latest major version. Current major version is $v0.*

// Dependencies
import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
	  graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
	  //other-imports
)

requestBody := graphmodels.NewScheduledPermissionsRequest()
requestedPermissions := graphmodels.NewAwsPermissionsDefinition()
authorizationSystemInfo := graphmodels.NewPermissionsDefinitionAuthorizationSystem()
authorizationSystemId := "956987887735"
authorizationSystemInfo.SetAuthorizationSystemId(&authorizationSystemId) 
authorizationSystemType := "AWS"
authorizationSystemInfo.SetAuthorizationSystemType(&authorizationSystemType) 
requestedPermissions.SetAuthorizationSystemInfo(authorizationSystemInfo)
actionInfo := graphmodels.NewAwsPolicyPermissionsDefinitionAction()


permissionsDefinitionAwsPolicy := graphmodels.NewPermissionsDefinitionAwsPolicy()
id := "arn:aws:iam::956987887735:policy/AddUserToGroup"
permissionsDefinitionAwsPolicy.SetId(&id) 

policies := []graphmodels.PermissionsDefinitionAwsPolicyable {
	permissionsDefinitionAwsPolicy,
}
actionInfo.SetPolicies(policies)
assignToRoleId := "arn:aws:aim::956987887735:role/saml-user"
actionInfo.SetAssignToRoleId(&assignToRoleId) 
requestedPermissions.SetActionInfo(actionInfo)
identityInfo := graphmodels.NewPermissionsDefinitionAuthorizationSystemIdentity()
externalId := "alex@contoso.com"
identityInfo.SetExternalId(&externalId) 
source := graphmodels.NewSamlIdentitySource()
identityInfo.SetSource(source)
identityType := graphmodels.USER_PERMISSIONSDEFINITIONIDENTITYTYPE 
identityInfo.SetIdentityType(&identityType) 
requestedPermissions.SetIdentityInfo(identityInfo)
requestBody.SetRequestedPermissions(requestedPermissions)
justification := "I need to do this because I want to add a user to a group"
requestBody.SetJustification(&justification) 
notes := "Pretty Please"
requestBody.SetNotes(&notes) 
scheduleInfo := graphmodels.NewRequestSchedule()
expiration := graphmodels.NewExpirationPattern()
duration , err := abstractions.ParseISODuration("PT1H")
expiration.SetDuration(&duration) 
scheduleInfo.SetExpiration(expiration)
requestBody.SetScheduleInfo(scheduleInfo)
ticketInfo := graphmodels.NewTicketInfo()
ticketNumber := "INC1234567"
ticketInfo.SetTicketNumber(&ticketNumber) 
ticketSystem := "ServiceNow"
ticketInfo.SetTicketSystem(&ticketSystem) 
ticketSubmitterIdentityId := "alex@contoso.com"
ticketInfo.SetTicketSubmitterIdentityId(&ticketSubmitterIdentityId) 
ticketApproverIdentityId := "alexmanager@contoso.com"
ticketInfo.SetTicketApproverIdentityId(&ticketApproverIdentityId) 
requestBody.SetTicketInfo(ticketInfo)

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
scheduledPermissionsRequests, err := graphClient.IdentityGovernance().PermissionsManagement().ScheduledPermissionsRequests().Post(context.Background(), requestBody, nil)


// Code snippets are only available for the latest version. Current version is 6.x

GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);

ScheduledPermissionsRequest scheduledPermissionsRequest = new ScheduledPermissionsRequest();
AwsPermissionsDefinition requestedPermissions = new AwsPermissionsDefinition();
requestedPermissions.setOdataType("#microsoft.graph.awsPermissionsDefinition");
PermissionsDefinitionAuthorizationSystem authorizationSystemInfo = new PermissionsDefinitionAuthorizationSystem();
authorizationSystemInfo.setAuthorizationSystemId("956987887735");
authorizationSystemInfo.setAuthorizationSystemType("AWS");
requestedPermissions.setAuthorizationSystemInfo(authorizationSystemInfo);
AwsPolicyPermissionsDefinitionAction actionInfo = new AwsPolicyPermissionsDefinitionAction();
actionInfo.setOdataType("microsoft.graph.awsPolicyPermissionsDefinitionAction");
LinkedList<PermissionsDefinitionAwsPolicy> policies = new LinkedList<PermissionsDefinitionAwsPolicy>();
PermissionsDefinitionAwsPolicy permissionsDefinitionAwsPolicy = new PermissionsDefinitionAwsPolicy();
permissionsDefinitionAwsPolicy.setId("arn:aws:iam::956987887735:policy/AddUserToGroup");
policies.add(permissionsDefinitionAwsPolicy);
actionInfo.setPolicies(policies);
actionInfo.setAssignToRoleId("arn:aws:aim::956987887735:role/saml-user");
requestedPermissions.setActionInfo(actionInfo);
PermissionsDefinitionAuthorizationSystemIdentity identityInfo = new PermissionsDefinitionAuthorizationSystemIdentity();
identityInfo.setExternalId("alex@contoso.com");
SamlIdentitySource source = new SamlIdentitySource();
source.setOdataType("microsoft.graph.samlIdentitySource");
identityInfo.setSource(source);
identityInfo.setIdentityType(PermissionsDefinitionIdentityType.User);
requestedPermissions.setIdentityInfo(identityInfo);
scheduledPermissionsRequest.setRequestedPermissions(requestedPermissions);
scheduledPermissionsRequest.setJustification("I need to do this because I want to add a user to a group");
scheduledPermissionsRequest.setNotes("Pretty Please");
RequestSchedule scheduleInfo = new RequestSchedule();
ExpirationPattern expiration = new ExpirationPattern();
PeriodAndDuration duration = PeriodAndDuration.ofDuration(Duration.parse("PT1H"));
expiration.setDuration(duration);
scheduleInfo.setExpiration(expiration);
scheduledPermissionsRequest.setScheduleInfo(scheduleInfo);
TicketInfo ticketInfo = new TicketInfo();
ticketInfo.setTicketNumber("INC1234567");
ticketInfo.setTicketSystem("ServiceNow");
ticketInfo.setTicketSubmitterIdentityId("alex@contoso.com");
ticketInfo.setTicketApproverIdentityId("alexmanager@contoso.com");
scheduledPermissionsRequest.setTicketInfo(ticketInfo);
ScheduledPermissionsRequest result = graphClient.identityGovernance().permissionsManagement().scheduledPermissionsRequests().post(scheduledPermissionsRequest);


const options = {
	authProvider,
};

const client = Client.init(options);

const scheduledPermissionsRequest = {
  requestedPermissions: {
    '@odata.type': '#microsoft.graph.awsPermissionsDefinition',
    authorizationSystemInfo: {
      authorizationSystemId: '956987887735',
      authorizationSystemType: 'AWS'
    },
    actionInfo: {
      '@odata.type': 'microsoft.graph.awsPolicyPermissionsDefinitionAction',
      policies: [
        {
          id: 'arn:aws:iam::956987887735:policy/AddUserToGroup'
        }
      ],
      assignToRoleId: 'arn:aws:aim::956987887735:role/saml-user'
    },
    identityInfo: {
      externalId: 'alex@contoso.com',
      source: {
        '@odata.type': 'microsoft.graph.samlIdentitySource'
      },
      identityType: 'user'
    }
  },
  justification: 'I need to do this because I want to add a user to a group',
  notes: 'Pretty Please',
  scheduleInfo: {
    expiration: {
      duration: 'PT1H'
    }
  },
  ticketInfo: {
    ticketNumber: 'INC1234567',
    ticketSystem: 'ServiceNow',
    ticketSubmitterIdentityId: 'alex@contoso.com',
    ticketApproverIdentityId: 'alexmanager@contoso.com'
  }
};

await client.api('/identityGovernance/permissionsManagement/scheduledPermissionsRequests')
	.version('beta')
	.post(scheduledPermissionsRequest);


<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\ScheduledPermissionsRequest;
use Microsoft\Graph\Beta\Generated\Models\AwsPermissionsDefinition;
use Microsoft\Graph\Beta\Generated\Models\PermissionsDefinitionAuthorizationSystem;
use Microsoft\Graph\Beta\Generated\Models\AwsPolicyPermissionsDefinitionAction;
use Microsoft\Graph\Beta\Generated\Models\PermissionsDefinitionAwsPolicy;
use Microsoft\Graph\Beta\Generated\Models\PermissionsDefinitionAuthorizationSystemIdentity;
use Microsoft\Graph\Beta\Generated\Models\SamlIdentitySource;
use Microsoft\Graph\Beta\Generated\Models\PermissionsDefinitionIdentityType;
use Microsoft\Graph\Beta\Generated\Models\RequestSchedule;
use Microsoft\Graph\Beta\Generated\Models\ExpirationPattern;
use Microsoft\Graph\Beta\Generated\Models\TicketInfo;


$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);

$requestBody = new ScheduledPermissionsRequest();
$requestedPermissions = new AwsPermissionsDefinition();
$requestedPermissions->setOdataType('#microsoft.graph.awsPermissionsDefinition');
$requestedPermissionsAuthorizationSystemInfo = new PermissionsDefinitionAuthorizationSystem();
$requestedPermissionsAuthorizationSystemInfo->setAuthorizationSystemId('956987887735');
$requestedPermissionsAuthorizationSystemInfo->setAuthorizationSystemType('AWS');
$requestedPermissions->setAuthorizationSystemInfo($requestedPermissionsAuthorizationSystemInfo);
$requestedPermissionsActionInfo = new AwsPolicyPermissionsDefinitionAction();
$requestedPermissionsActionInfo->setOdataType('microsoft.graph.awsPolicyPermissionsDefinitionAction');
$policiesPermissionsDefinitionAwsPolicy1 = new PermissionsDefinitionAwsPolicy();
$policiesPermissionsDefinitionAwsPolicy1->setId('arn:aws:iam::956987887735:policy/AddUserToGroup');
$policiesArray []= $policiesPermissionsDefinitionAwsPolicy1;
$requestedPermissionsActionInfo->setPolicies($policiesArray);

$requestedPermissionsActionInfo->setAssignToRoleId('arn:aws:aim::956987887735:role/saml-user');
$requestedPermissions->setActionInfo($requestedPermissionsActionInfo);
$requestedPermissionsIdentityInfo = new PermissionsDefinitionAuthorizationSystemIdentity();
$requestedPermissionsIdentityInfo->setExternalId('alex@contoso.com');
$requestedPermissionsIdentityInfoSource = new SamlIdentitySource();
$requestedPermissionsIdentityInfoSource->setOdataType('microsoft.graph.samlIdentitySource');
$requestedPermissionsIdentityInfo->setSource($requestedPermissionsIdentityInfoSource);
$requestedPermissionsIdentityInfo->setIdentityType(new PermissionsDefinitionIdentityType('user'));
$requestedPermissions->setIdentityInfo($requestedPermissionsIdentityInfo);
$requestBody->setRequestedPermissions($requestedPermissions);
$requestBody->setJustification('I need to do this because I want to add a user to a group');
$requestBody->setNotes('Pretty Please');
$scheduleInfo = new RequestSchedule();
$scheduleInfoExpiration = new ExpirationPattern();
$scheduleInfoExpiration->setDuration(new \DateInterval('PT1H'));
$scheduleInfo->setExpiration($scheduleInfoExpiration);
$requestBody->setScheduleInfo($scheduleInfo);
$ticketInfo = new TicketInfo();
$ticketInfo->setTicketNumber('INC1234567');
$ticketInfo->setTicketSystem('ServiceNow');
$ticketInfo->setTicketSubmitterIdentityId('alex@contoso.com');
$ticketInfo->setTicketApproverIdentityId('alexmanager@contoso.com');
$requestBody->setTicketInfo($ticketInfo);

$result = $graphServiceClient->identityGovernance()->permissionsManagement()->scheduledPermissionsRequests()->post($requestBody)->wait();


Import-Module Microsoft.Graph.Beta.Identity.Governance

$params = @{
	requestedPermissions = @{
		"@odata.type" = "#microsoft.graph.awsPermissionsDefinition"
		authorizationSystemInfo = @{
			authorizationSystemId = "956987887735"
			authorizationSystemType = "AWS"
		}
		actionInfo = @{
			"@odata.type" = "microsoft.graph.awsPolicyPermissionsDefinitionAction"
			policies = @(
				@{
					id = "arn:aws:iam::956987887735:policy/AddUserToGroup"
				}
			)
			assignToRoleId = "arn:aws:aim::956987887735:role/saml-user"
		}
		identityInfo = @{
			externalId = "alex@contoso.com"
			source = @{
				"@odata.type" = "microsoft.graph.samlIdentitySource"
			}
			identityType = "user"
		}
	}
	justification = "I need to do this because I want to add a user to a group"
	notes = "Pretty Please"
	scheduleInfo = @{
		expiration = @{
			duration = "PT1H"
		}
	}
	ticketInfo = @{
		ticketNumber = "INC1234567"
		ticketSystem = "ServiceNow"
		ticketSubmitterIdentityId = "alex@contoso.com"
		ticketApproverIdentityId = "alexmanager@contoso.com"
	}
}

New-MgBetaIdentityGovernancePermissionManagementScheduledPermissionRequest -BodyParameter $params


# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.scheduled_permissions_request import ScheduledPermissionsRequest
from msgraph_beta.generated.models.aws_permissions_definition import AwsPermissionsDefinition
from msgraph_beta.generated.models.permissions_definition_authorization_system import PermissionsDefinitionAuthorizationSystem
from msgraph_beta.generated.models.aws_policy_permissions_definition_action import AwsPolicyPermissionsDefinitionAction
from msgraph_beta.generated.models.permissions_definition_aws_policy import PermissionsDefinitionAwsPolicy
from msgraph_beta.generated.models.permissions_definition_authorization_system_identity import PermissionsDefinitionAuthorizationSystemIdentity
from msgraph_beta.generated.models.saml_identity_source import SamlIdentitySource
from msgraph_beta.generated.models.permissions_definition_identity_type import PermissionsDefinitionIdentityType
from msgraph_beta.generated.models.request_schedule import RequestSchedule
from msgraph_beta.generated.models.expiration_pattern import ExpirationPattern
from msgraph_beta.generated.models.ticket_info import TicketInfo
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = ScheduledPermissionsRequest(
	requested_permissions = AwsPermissionsDefinition(
		odata_type = "#microsoft.graph.awsPermissionsDefinition",
		authorization_system_info = PermissionsDefinitionAuthorizationSystem(
			authorization_system_id = "956987887735",
			authorization_system_type = "AWS",
		),
		action_info = AwsPolicyPermissionsDefinitionAction(
			odata_type = "microsoft.graph.awsPolicyPermissionsDefinitionAction",
			policies = [
				PermissionsDefinitionAwsPolicy(
					id = "arn:aws:iam::956987887735:policy/AddUserToGroup",
				),
			],
			assign_to_role_id = "arn:aws:aim::956987887735:role/saml-user",
		),
		identity_info = PermissionsDefinitionAuthorizationSystemIdentity(
			external_id = "alex@contoso.com",
			source = SamlIdentitySource(
				odata_type = "microsoft.graph.samlIdentitySource",
			),
			identity_type = PermissionsDefinitionIdentityType.User,
		),
	),
	justification = "I need to do this because I want to add a user to a group",
	notes = "Pretty Please",
	schedule_info = RequestSchedule(
		expiration = ExpirationPattern(
			duration = "PT1H",
		),
	),
	ticket_info = TicketInfo(
		ticket_number = "INC1234567",
		ticket_system = "ServiceNow",
		ticket_submitter_identity_id = "alex@contoso.com",
		ticket_approver_identity_id = "alexmanager@contoso.com",
	),
)

result = await graph_client.identity_governance.permissions_management.scheduled_permissions_requests.post(request_body)

AWS アクションを要求する

POST https://graph.microsoft.com/beta/identityGovernance/permissionsManagement/scheduledPermissionsRequests
Content-Type: application/json

{
  "requestedPermissions": {
    "@odata.type": "microsoft.graph.awsPermissionsDefinition",
    "authorizationSystemInfo": {
      "authorizationSystemId": "956987887735",
      "authorizationSystemType": "AWS"
    },
    "actionInfo": {
      "@odata.type": "microsoft.graph.awsActionsPermissionsDefinitionAction",
      "statements": [
        {
          "statementId": "test1",
          "actions": ["s3:AbortMultipartUpload", "s3:CreateBucket"],
          "notActions": [],
          "resources": ["*"],
          "notResources": [],
          "effect": "allow",
          "condition": {
            "NumericLessThanEquals": { "aws:MultiFactorAuthAge": "3600" }
          }
        },
        {
          "statementId": "test2",
          "actions": ["s3:Delete:*"],
          "notActions": [],
          "resources": ["*"],
          "notResources": [],
          "effect": "allow",
          "condition": {
            "NumericLessThanEquals": { "aws:MultiFactorAuthAge": "3600" }
          }
        }
      ],
      "assignToRoleId": "arn:aws:iam::956987887735:role/ck-saml-power-user"
    },
    "identityInfo": {
      "externalId": "rsn:alex@contoso.com",
      "source": {
        "@odata.type": "microsoft.graph.samlIdentitySource"
      },
      "identityType": "user"
    }
  },
  "justification": "I need to do this because I want to access S3 resources",
  "notes": "Please",
  "scheduleInfo": {
    "startDateTime": "2023-02-08T12:15:00Z",
    "expiration": {
      "duration": "PT1H"
    },
    "recurrence": {
      "pattern": {
        "dayOfMonth": 5,
        "daysOfWeek": [],
        "interval": 1,
        "reccurencePatternType": "absoluteMonthly"
      },
      "range": {
        "startDate": "2023-02-08",
        "reccurenceRangeType": "noEnd"
      }
    }
  },
  "ticketInfo": {
    "ticketNumber": "INC1234567",
    "ticketSystem": "ServiceNow",
    "ticketSubmitterIdentityId": "alex@contoso.com",
    "ticketApproverIdentityId": "alexmanager@contoso.com"
  }
}


// Code snippets are only available for the latest version. Current version is 5.x

// Dependencies
using Microsoft.Graph.Beta.Models;
using Microsoft.Kiota.Abstractions.Serialization;

var requestBody = new ScheduledPermissionsRequest
{
	RequestedPermissions = new AwsPermissionsDefinition
	{
		OdataType = "microsoft.graph.awsPermissionsDefinition",
		AuthorizationSystemInfo = new PermissionsDefinitionAuthorizationSystem
		{
			AuthorizationSystemId = "956987887735",
			AuthorizationSystemType = "AWS",
		},
		ActionInfo = new AwsActionsPermissionsDefinitionAction
		{
			OdataType = "microsoft.graph.awsActionsPermissionsDefinitionAction",
			Statements = new List<AwsStatement>
			{
				new AwsStatement
				{
					StatementId = "test1",
					Actions = new List<string>
					{
						"s3:AbortMultipartUpload",
						"s3:CreateBucket",
					},
					NotActions = new List<string>
					{
					},
					Resources = new List<string>
					{
						"*",
					},
					NotResources = new List<string>
					{
					},
					Effect = AwsStatementEffect.Allow,
					Condition = new AwsCondition
					{
						AdditionalData = new Dictionary<string, object>
						{
							{
								"NumericLessThanEquals" , new UntypedObject(new Dictionary<string, UntypedNode>
								{
									{
										"aws:MultiFactorAuthAge", new UntypedString("3600")
									},
								})
							},
						},
					},
				},
				new AwsStatement
				{
					StatementId = "test2",
					Actions = new List<string>
					{
						"s3:Delete:*",
					},
					NotActions = new List<string>
					{
					},
					Resources = new List<string>
					{
						"*",
					},
					NotResources = new List<string>
					{
					},
					Effect = AwsStatementEffect.Allow,
					Condition = new AwsCondition
					{
						AdditionalData = new Dictionary<string, object>
						{
							{
								"NumericLessThanEquals" , new UntypedObject(new Dictionary<string, UntypedNode>
								{
									{
										"aws:MultiFactorAuthAge", new UntypedString("3600")
									},
								})
							},
						},
					},
				},
			},
			AssignToRoleId = "arn:aws:iam::956987887735:role/ck-saml-power-user",
		},
		IdentityInfo = new PermissionsDefinitionAuthorizationSystemIdentity
		{
			ExternalId = "rsn:alex@contoso.com",
			Source = new SamlIdentitySource
			{
				OdataType = "microsoft.graph.samlIdentitySource",
			},
			IdentityType = PermissionsDefinitionIdentityType.User,
		},
	},
	Justification = "I need to do this because I want to access S3 resources",
	Notes = "Please",
	ScheduleInfo = new RequestSchedule
	{
		StartDateTime = DateTimeOffset.Parse("2023-02-08T12:15:00Z"),
		Expiration = new ExpirationPattern
		{
			Duration = TimeSpan.Parse("PT1H"),
		},
		Recurrence = new PatternedRecurrence
		{
			Pattern = new RecurrencePattern
			{
				DayOfMonth = 5,
				DaysOfWeek = new List<DayOfWeekObject>
				{
				},
				Interval = 1,
				AdditionalData = new Dictionary<string, object>
				{
					{
						"reccurencePatternType" , "absoluteMonthly"
					},
				},
			},
			Range = new RecurrenceRange
			{
				StartDate = new Date(DateTime.Parse("2023-02-08")),
				AdditionalData = new Dictionary<string, object>
				{
					{
						"reccurenceRangeType" , "noEnd"
					},
				},
			},
		},
	},
	TicketInfo = new TicketInfo
	{
		TicketNumber = "INC1234567",
		TicketSystem = "ServiceNow",
		TicketSubmitterIdentityId = "alex@contoso.com",
		TicketApproverIdentityId = "alexmanager@contoso.com",
	},
};

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.PermissionsManagement.ScheduledPermissionsRequests.PostAsync(requestBody);



mgc-beta identity-governance permissions-management scheduled-permissions-requests post --body '{\
  "requestedPermissions": {\
    "@odata.type": "microsoft.graph.awsPermissionsDefinition",\
    "authorizationSystemInfo": {\
      "authorizationSystemId": "956987887735",\
      "authorizationSystemType": "AWS"\
    },\
    "actionInfo": {\
      "@odata.type": "microsoft.graph.awsActionsPermissionsDefinitionAction",\
      "statements": [\
        {\
          "statementId": "test1",\
          "actions": ["s3:AbortMultipartUpload", "s3:CreateBucket"],\
          "notActions": [],\
          "resources": ["*"],\
          "notResources": [],\
          "effect": "allow",\
          "condition": {\
            "NumericLessThanEquals": { "aws:MultiFactorAuthAge": "3600" }\
          }\
        },\
        {\
          "statementId": "test2",\
          "actions": ["s3:Delete:*"],\
          "notActions": [],\
          "resources": ["*"],\
          "notResources": [],\
          "effect": "allow",\
          "condition": {\
            "NumericLessThanEquals": { "aws:MultiFactorAuthAge": "3600" }\
          }\
        }\
      ],\
      "assignToRoleId": "arn:aws:iam::956987887735:role/ck-saml-power-user"\
    },\
    "identityInfo": {\
      "externalId": "rsn:alex@contoso.com",\
      "source": {\
        "@odata.type": "microsoft.graph.samlIdentitySource"\
      },\
      "identityType": "user"\
    }\
  },\
  "justification": "I need to do this because I want to access S3 resources",\
  "notes": "Please",\
  "scheduleInfo": {\
    "startDateTime": "2023-02-08T12:15:00Z",\
    "expiration": {\
      "duration": "PT1H"\
    },\
    "recurrence": {\
      "pattern": {\
        "dayOfMonth": 5,\
        "daysOfWeek": [],\
        "interval": 1,\
        "reccurencePatternType": "absoluteMonthly"\
      },\
      "range": {\
        "startDate": "2023-02-08",\
        "reccurenceRangeType": "noEnd"\
      }\
    }\
  },\
  "ticketInfo": {\
    "ticketNumber": "INC1234567",\
    "ticketSystem": "ServiceNow",\
    "ticketSubmitterIdentityId": "alex@contoso.com",\
    "ticketApproverIdentityId": "alexmanager@contoso.com"\
  }\
}\
'



// Code snippets are only available for the latest major version. Current major version is $v0.*

// Dependencies
import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
	  graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
	  //other-imports
)

requestBody := graphmodels.NewScheduledPermissionsRequest()
requestedPermissions := graphmodels.NewAwsPermissionsDefinition()
authorizationSystemInfo := graphmodels.NewPermissionsDefinitionAuthorizationSystem()
authorizationSystemId := "956987887735"
authorizationSystemInfo.SetAuthorizationSystemId(&authorizationSystemId) 
authorizationSystemType := "AWS"
authorizationSystemInfo.SetAuthorizationSystemType(&authorizationSystemType) 
requestedPermissions.SetAuthorizationSystemInfo(authorizationSystemInfo)
actionInfo := graphmodels.NewAwsActionsPermissionsDefinitionAction()


awsStatement := graphmodels.NewAwsStatement()
statementId := "test1"
awsStatement.SetStatementId(&statementId) 
actions := []string {
	"s3:AbortMultipartUpload",
	"s3:CreateBucket",
}
awsStatement.SetActions(actions)
notActions := []string {

}
awsStatement.SetNotActions(notActions)
resources := []string {
	"*",
}
awsStatement.SetResources(resources)
notResources := []string {

}
awsStatement.SetNotResources(notResources)
effect := graphmodels.ALLOW_AWSSTATEMENTEFFECT 
awsStatement.SetEffect(&effect) 
condition := graphmodels.NewAwsCondition()
additionalData := map[string]interface{}{
numericLessThanEquals := graph.New()
aws:MultiFactorAuthAge := "3600"
numericLessThanEquals.SetAws:MultiFactorAuthAge(&aws:MultiFactorAuthAge) 
	condition.SetNumericLessThanEquals(numericLessThanEquals)
}
condition.SetAdditionalData(additionalData)
awsStatement.SetCondition(condition)
awsStatement1 := graphmodels.NewAwsStatement()
statementId := "test2"
awsStatement1.SetStatementId(&statementId) 
actions := []string {
	"s3:Delete:*",
}
awsStatement1.SetActions(actions)
notActions := []string {

}
awsStatement1.SetNotActions(notActions)
resources := []string {
	"*",
}
awsStatement1.SetResources(resources)
notResources := []string {

}
awsStatement1.SetNotResources(notResources)
effect := graphmodels.ALLOW_AWSSTATEMENTEFFECT 
awsStatement1.SetEffect(&effect) 
condition := graphmodels.NewAwsCondition()
additionalData := map[string]interface{}{
numericLessThanEquals := graph.New()
aws:MultiFactorAuthAge := "3600"
numericLessThanEquals.SetAws:MultiFactorAuthAge(&aws:MultiFactorAuthAge) 
	condition.SetNumericLessThanEquals(numericLessThanEquals)
}
condition.SetAdditionalData(additionalData)
awsStatement1.SetCondition(condition)

statements := []graphmodels.AwsStatementable {
	awsStatement,
	awsStatement1,
}
actionInfo.SetStatements(statements)
assignToRoleId := "arn:aws:iam::956987887735:role/ck-saml-power-user"
actionInfo.SetAssignToRoleId(&assignToRoleId) 
requestedPermissions.SetActionInfo(actionInfo)
identityInfo := graphmodels.NewPermissionsDefinitionAuthorizationSystemIdentity()
externalId := "rsn:alex@contoso.com"
identityInfo.SetExternalId(&externalId) 
source := graphmodels.NewSamlIdentitySource()
identityInfo.SetSource(source)
identityType := graphmodels.USER_PERMISSIONSDEFINITIONIDENTITYTYPE 
identityInfo.SetIdentityType(&identityType) 
requestedPermissions.SetIdentityInfo(identityInfo)
requestBody.SetRequestedPermissions(requestedPermissions)
justification := "I need to do this because I want to access S3 resources"
requestBody.SetJustification(&justification) 
notes := "Please"
requestBody.SetNotes(&notes) 
scheduleInfo := graphmodels.NewRequestSchedule()
startDateTime , err := time.Parse(time.RFC3339, "2023-02-08T12:15:00Z")
scheduleInfo.SetStartDateTime(&startDateTime) 
expiration := graphmodels.NewExpirationPattern()
duration , err := abstractions.ParseISODuration("PT1H")
expiration.SetDuration(&duration) 
scheduleInfo.SetExpiration(expiration)
recurrence := graphmodels.NewPatternedRecurrence()
pattern := graphmodels.NewRecurrencePattern()
dayOfMonth := int32(5)
pattern.SetDayOfMonth(&dayOfMonth) 
daysOfWeek := []graphmodels.DayOfWeekable {

}
pattern.SetDaysOfWeek(daysOfWeek)
interval := int32(1)
pattern.SetInterval(&interval) 
additionalData := map[string]interface{}{
	"reccurencePatternType" : "absoluteMonthly", 
}
pattern.SetAdditionalData(additionalData)
recurrence.SetPattern(pattern)
range := graphmodels.NewRecurrenceRange()
startDate := 2023-02-08
range.SetStartDate(&startDate) 
additionalData := map[string]interface{}{
	"reccurenceRangeType" : "noEnd", 
}
range.SetAdditionalData(additionalData)
recurrence.SetRange(range)
scheduleInfo.SetRecurrence(recurrence)
requestBody.SetScheduleInfo(scheduleInfo)
ticketInfo := graphmodels.NewTicketInfo()
ticketNumber := "INC1234567"
ticketInfo.SetTicketNumber(&ticketNumber) 
ticketSystem := "ServiceNow"
ticketInfo.SetTicketSystem(&ticketSystem) 
ticketSubmitterIdentityId := "alex@contoso.com"
ticketInfo.SetTicketSubmitterIdentityId(&ticketSubmitterIdentityId) 
ticketApproverIdentityId := "alexmanager@contoso.com"
ticketInfo.SetTicketApproverIdentityId(&ticketApproverIdentityId) 
requestBody.SetTicketInfo(ticketInfo)

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
scheduledPermissionsRequests, err := graphClient.IdentityGovernance().PermissionsManagement().ScheduledPermissionsRequests().Post(context.Background(), requestBody, nil)


// Code snippets are only available for the latest version. Current version is 6.x

GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);

ScheduledPermissionsRequest scheduledPermissionsRequest = new ScheduledPermissionsRequest();
AwsPermissionsDefinition requestedPermissions = new AwsPermissionsDefinition();
requestedPermissions.setOdataType("microsoft.graph.awsPermissionsDefinition");
PermissionsDefinitionAuthorizationSystem authorizationSystemInfo = new PermissionsDefinitionAuthorizationSystem();
authorizationSystemInfo.setAuthorizationSystemId("956987887735");
authorizationSystemInfo.setAuthorizationSystemType("AWS");
requestedPermissions.setAuthorizationSystemInfo(authorizationSystemInfo);
AwsActionsPermissionsDefinitionAction actionInfo = new AwsActionsPermissionsDefinitionAction();
actionInfo.setOdataType("microsoft.graph.awsActionsPermissionsDefinitionAction");
LinkedList<AwsStatement> statements = new LinkedList<AwsStatement>();
AwsStatement awsStatement = new AwsStatement();
awsStatement.setStatementId("test1");
LinkedList<String> actions = new LinkedList<String>();
actions.add("s3:AbortMultipartUpload");
actions.add("s3:CreateBucket");
awsStatement.setActions(actions);
LinkedList<String> notActions = new LinkedList<String>();
awsStatement.setNotActions(notActions);
LinkedList<String> resources = new LinkedList<String>();
resources.add("*");
awsStatement.setResources(resources);
LinkedList<String> notResources = new LinkedList<String>();
awsStatement.setNotResources(notResources);
awsStatement.setEffect(AwsStatementEffect.Allow);
AwsCondition condition = new AwsCondition();
HashMap<String, Object> additionalData = new HashMap<String, Object>();
 numericLessThanEquals = new ();
numericLessThanEquals.setAwsMultiFactorAuthAge("3600");
additionalData.put("NumericLessThanEquals", numericLessThanEquals);
condition.setAdditionalData(additionalData);
awsStatement.setCondition(condition);
statements.add(awsStatement);
AwsStatement awsStatement1 = new AwsStatement();
awsStatement1.setStatementId("test2");
LinkedList<String> actions1 = new LinkedList<String>();
actions1.add("s3:Delete:*");
awsStatement1.setActions(actions1);
LinkedList<String> notActions1 = new LinkedList<String>();
awsStatement1.setNotActions(notActions1);
LinkedList<String> resources1 = new LinkedList<String>();
resources1.add("*");
awsStatement1.setResources(resources1);
LinkedList<String> notResources1 = new LinkedList<String>();
awsStatement1.setNotResources(notResources1);
awsStatement1.setEffect(AwsStatementEffect.Allow);
AwsCondition condition1 = new AwsCondition();
HashMap<String, Object> additionalData1 = new HashMap<String, Object>();
 numericLessThanEquals1 = new ();
numericLessThanEquals1.setAwsMultiFactorAuthAge("3600");
additionalData1.put("NumericLessThanEquals", numericLessThanEquals1);
condition1.setAdditionalData(additionalData1);
awsStatement1.setCondition(condition1);
statements.add(awsStatement1);
actionInfo.setStatements(statements);
actionInfo.setAssignToRoleId("arn:aws:iam::956987887735:role/ck-saml-power-user");
requestedPermissions.setActionInfo(actionInfo);
PermissionsDefinitionAuthorizationSystemIdentity identityInfo = new PermissionsDefinitionAuthorizationSystemIdentity();
identityInfo.setExternalId("rsn:alex@contoso.com");
SamlIdentitySource source = new SamlIdentitySource();
source.setOdataType("microsoft.graph.samlIdentitySource");
identityInfo.setSource(source);
identityInfo.setIdentityType(PermissionsDefinitionIdentityType.User);
requestedPermissions.setIdentityInfo(identityInfo);
scheduledPermissionsRequest.setRequestedPermissions(requestedPermissions);
scheduledPermissionsRequest.setJustification("I need to do this because I want to access S3 resources");
scheduledPermissionsRequest.setNotes("Please");
RequestSchedule scheduleInfo = new RequestSchedule();
OffsetDateTime startDateTime = OffsetDateTime.parse("2023-02-08T12:15:00Z");
scheduleInfo.setStartDateTime(startDateTime);
ExpirationPattern expiration = new ExpirationPattern();
PeriodAndDuration duration = PeriodAndDuration.ofDuration(Duration.parse("PT1H"));
expiration.setDuration(duration);
scheduleInfo.setExpiration(expiration);
PatternedRecurrence recurrence = new PatternedRecurrence();
RecurrencePattern pattern = new RecurrencePattern();
pattern.setDayOfMonth(5);
LinkedList<DayOfWeek> daysOfWeek = new LinkedList<DayOfWeek>();
pattern.setDaysOfWeek(daysOfWeek);
pattern.setInterval(1);
HashMap<String, Object> additionalData2 = new HashMap<String, Object>();
additionalData2.put("reccurencePatternType", "absoluteMonthly");
pattern.setAdditionalData(additionalData2);
recurrence.setPattern(pattern);
RecurrenceRange range = new RecurrenceRange();
LocalDate startDate = LocalDate.parse("2023-02-08");
range.setStartDate(startDate);
HashMap<String, Object> additionalData3 = new HashMap<String, Object>();
additionalData3.put("reccurenceRangeType", "noEnd");
range.setAdditionalData(additionalData3);
recurrence.setRange(range);
scheduleInfo.setRecurrence(recurrence);
scheduledPermissionsRequest.setScheduleInfo(scheduleInfo);
TicketInfo ticketInfo = new TicketInfo();
ticketInfo.setTicketNumber("INC1234567");
ticketInfo.setTicketSystem("ServiceNow");
ticketInfo.setTicketSubmitterIdentityId("alex@contoso.com");
ticketInfo.setTicketApproverIdentityId("alexmanager@contoso.com");
scheduledPermissionsRequest.setTicketInfo(ticketInfo);
ScheduledPermissionsRequest result = graphClient.identityGovernance().permissionsManagement().scheduledPermissionsRequests().post(scheduledPermissionsRequest);


const options = {
	authProvider,
};

const client = Client.init(options);

const scheduledPermissionsRequest = {
  requestedPermissions: {
    '@odata.type': 'microsoft.graph.awsPermissionsDefinition',
    authorizationSystemInfo: {
      authorizationSystemId: '956987887735',
      authorizationSystemType: 'AWS'
    },
    actionInfo: {
      '@odata.type': 'microsoft.graph.awsActionsPermissionsDefinitionAction',
      statements: [
        {
          statementId: 'test1',
          actions: ['s3:AbortMultipartUpload', 's3:CreateBucket'],
          notActions: [],
          resources: ['*'],
          notResources: [],
          effect: 'allow',
          condition: {
            NumericLessThanEquals: { 'aws:MultiFactorAuthAge': '3600' }
          }
        },
        {
          statementId: 'test2',
          actions: ['s3:Delete:*'],
          notActions: [],
          resources: ['*'],
          notResources: [],
          effect: 'allow',
          condition: {
            NumericLessThanEquals: { 'aws:MultiFactorAuthAge': '3600' }
          }
        }
      ],
      assignToRoleId: 'arn:aws:iam::956987887735:role/ck-saml-power-user'
    },
    identityInfo: {
      externalId: 'rsn:alex@contoso.com',
      source: {
        '@odata.type': 'microsoft.graph.samlIdentitySource'
      },
      identityType: 'user'
    }
  },
  justification: 'I need to do this because I want to access S3 resources',
  notes: 'Please',
  scheduleInfo: {
    startDateTime: '2023-02-08T12:15:00Z',
    expiration: {
      duration: 'PT1H'
    },
    recurrence: {
      pattern: {
        dayOfMonth: 5,
        daysOfWeek: [],
        interval: 1,
        reccurencePatternType: 'absoluteMonthly'
      },
      range: {
        startDate: '2023-02-08',
        reccurenceRangeType: 'noEnd'
      }
    }
  },
  ticketInfo: {
    ticketNumber: 'INC1234567',
    ticketSystem: 'ServiceNow',
    ticketSubmitterIdentityId: 'alex@contoso.com',
    ticketApproverIdentityId: 'alexmanager@contoso.com'
  }
};

await client.api('/identityGovernance/permissionsManagement/scheduledPermissionsRequests')
	.version('beta')
	.post(scheduledPermissionsRequest);


<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\ScheduledPermissionsRequest;
use Microsoft\Graph\Beta\Generated\Models\AwsPermissionsDefinition;
use Microsoft\Graph\Beta\Generated\Models\PermissionsDefinitionAuthorizationSystem;
use Microsoft\Graph\Beta\Generated\Models\AwsActionsPermissionsDefinitionAction;
use Microsoft\Graph\Beta\Generated\Models\AwsStatement;
use Microsoft\Graph\Beta\Generated\Models\AwsStatementEffect;
use Microsoft\Graph\Beta\Generated\Models\AwsCondition;
use Microsoft\Graph\Beta\Generated\Models\PermissionsDefinitionAuthorizationSystemIdentity;
use Microsoft\Graph\Beta\Generated\Models\SamlIdentitySource;
use Microsoft\Graph\Beta\Generated\Models\PermissionsDefinitionIdentityType;
use Microsoft\Graph\Beta\Generated\Models\RequestSchedule;
use Microsoft\Graph\Beta\Generated\Models\ExpirationPattern;
use Microsoft\Graph\Beta\Generated\Models\PatternedRecurrence;
use Microsoft\Graph\Beta\Generated\Models\RecurrencePattern;
use Microsoft\Graph\Beta\Generated\Models\DayOfWeek;
use Microsoft\Graph\Beta\Generated\Models\RecurrenceRange;
use Microsoft\Kiota\Abstractions\Types\Date;
use Microsoft\Graph\Beta\Generated\Models\TicketInfo;


$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);

$requestBody = new ScheduledPermissionsRequest();
$requestedPermissions = new AwsPermissionsDefinition();
$requestedPermissions->setOdataType('microsoft.graph.awsPermissionsDefinition');
$requestedPermissionsAuthorizationSystemInfo = new PermissionsDefinitionAuthorizationSystem();
$requestedPermissionsAuthorizationSystemInfo->setAuthorizationSystemId('956987887735');
$requestedPermissionsAuthorizationSystemInfo->setAuthorizationSystemType('AWS');
$requestedPermissions->setAuthorizationSystemInfo($requestedPermissionsAuthorizationSystemInfo);
$requestedPermissionsActionInfo = new AwsActionsPermissionsDefinitionAction();
$requestedPermissionsActionInfo->setOdataType('microsoft.graph.awsActionsPermissionsDefinitionAction');
$statementsAwsStatement1 = new AwsStatement();
$statementsAwsStatement1->setStatementId('test1');
$statementsAwsStatement1->setActions(['s3:AbortMultipartUpload', 's3:CreateBucket', 	]);
$statementsAwsStatement1->setNotActions([	]);
$statementsAwsStatement1->setResources(['*', 	]);
$statementsAwsStatement1->setNotResources([	]);
$statementsAwsStatement1->setEffect(new AwsStatementEffect('allow'));
$statementsAwsStatement1Condition = new AwsCondition();
$additionalData = [
	'NumericLessThanEquals' => [
		'aws:MultiFactorAuthAge' => '3600',
	],
];
$statementsAwsStatement1Condition->setAdditionalData($additionalData);
$statementsAwsStatement1->setCondition($statementsAwsStatement1Condition);
$statementsArray []= $statementsAwsStatement1;
$statementsAwsStatement2 = new AwsStatement();
$statementsAwsStatement2->setStatementId('test2');
$statementsAwsStatement2->setActions(['s3:Delete:*', 	]);
$statementsAwsStatement2->setNotActions([	]);
$statementsAwsStatement2->setResources(['*', 	]);
$statementsAwsStatement2->setNotResources([	]);
$statementsAwsStatement2->setEffect(new AwsStatementEffect('allow'));
$statementsAwsStatement2Condition = new AwsCondition();
$additionalData = [
	'NumericLessThanEquals' => [
		'aws:MultiFactorAuthAge' => '3600',
	],
];
$statementsAwsStatement2Condition->setAdditionalData($additionalData);
$statementsAwsStatement2->setCondition($statementsAwsStatement2Condition);
$statementsArray []= $statementsAwsStatement2;
$requestedPermissionsActionInfo->setStatements($statementsArray);

$requestedPermissionsActionInfo->setAssignToRoleId('arn:aws:iam::956987887735:role/ck-saml-power-user');
$requestedPermissions->setActionInfo($requestedPermissionsActionInfo);
$requestedPermissionsIdentityInfo = new PermissionsDefinitionAuthorizationSystemIdentity();
$requestedPermissionsIdentityInfo->setExternalId('rsn:alex@contoso.com');
$requestedPermissionsIdentityInfoSource = new SamlIdentitySource();
$requestedPermissionsIdentityInfoSource->setOdataType('microsoft.graph.samlIdentitySource');
$requestedPermissionsIdentityInfo->setSource($requestedPermissionsIdentityInfoSource);
$requestedPermissionsIdentityInfo->setIdentityType(new PermissionsDefinitionIdentityType('user'));
$requestedPermissions->setIdentityInfo($requestedPermissionsIdentityInfo);
$requestBody->setRequestedPermissions($requestedPermissions);
$requestBody->setJustification('I need to do this because I want to access S3 resources');
$requestBody->setNotes('Please');
$scheduleInfo = new RequestSchedule();
$scheduleInfo->setStartDateTime(new \DateTime('2023-02-08T12:15:00Z'));
$scheduleInfoExpiration = new ExpirationPattern();
$scheduleInfoExpiration->setDuration(new \DateInterval('PT1H'));
$scheduleInfo->setExpiration($scheduleInfoExpiration);
$scheduleInfoRecurrence = new PatternedRecurrence();
$scheduleInfoRecurrencePattern = new RecurrencePattern();
$scheduleInfoRecurrencePattern->setDayOfMonth(5);
$scheduleInfoRecurrencePattern->setDaysOfWeek([]);
$scheduleInfoRecurrencePattern->setInterval(1);
$additionalData = [
'reccurencePatternType' => 'absoluteMonthly',
];
$scheduleInfoRecurrencePattern->setAdditionalData($additionalData);
$scheduleInfoRecurrence->setPattern($scheduleInfoRecurrencePattern);
$scheduleInfoRecurrenceRange = new RecurrenceRange();
$scheduleInfoRecurrenceRange->setStartDate(new Date('2023-02-08'));
$additionalData = [
'reccurenceRangeType' => 'noEnd',
];
$scheduleInfoRecurrenceRange->setAdditionalData($additionalData);
$scheduleInfoRecurrence->setRange($scheduleInfoRecurrenceRange);
$scheduleInfo->setRecurrence($scheduleInfoRecurrence);
$requestBody->setScheduleInfo($scheduleInfo);
$ticketInfo = new TicketInfo();
$ticketInfo->setTicketNumber('INC1234567');
$ticketInfo->setTicketSystem('ServiceNow');
$ticketInfo->setTicketSubmitterIdentityId('alex@contoso.com');
$ticketInfo->setTicketApproverIdentityId('alexmanager@contoso.com');
$requestBody->setTicketInfo($ticketInfo);

$result = $graphServiceClient->identityGovernance()->permissionsManagement()->scheduledPermissionsRequests()->post($requestBody)->wait();


Import-Module Microsoft.Graph.Beta.Identity.Governance

$params = @{
	requestedPermissions = @{
		"@odata.type" = "microsoft.graph.awsPermissionsDefinition"
		authorizationSystemInfo = @{
			authorizationSystemId = "956987887735"
			authorizationSystemType = "AWS"
		}
		actionInfo = @{
			"@odata.type" = "microsoft.graph.awsActionsPermissionsDefinitionAction"
			statements = @(
				@{
					statementId = "test1"
					actions = @(
					"s3:AbortMultipartUpload"
				"s3:CreateBucket"
			)
			notActions = @(
			)
			resources = @(
			"*"
		)
		notResources = @(
		)
		effect = "allow"
		condition = @{
			NumericLessThanEquals = @{
				"aws:MultiFactorAuthAge" = "3600"
			}
		}
	}
	@{
		statementId = "test2"
		actions = @(
		"s3:Delete:*"
	)
	notActions = @(
	)
	resources = @(
	"*"
)
notResources = @(
)
effect = "allow"
condition = @{
	NumericLessThanEquals = @{
		"aws:MultiFactorAuthAge" = "3600"
	}
}
}
)
assignToRoleId = "arn:aws:iam::956987887735:role/ck-saml-power-user"
}
identityInfo = @{
externalId = "rsn:alex@contoso.com"
source = @{
"@odata.type" = "microsoft.graph.samlIdentitySource"
}
identityType = "user"
}
}
justification = "I need to do this because I want to access S3 resources"
notes = "Please"
scheduleInfo = @{
startDateTime = [System.DateTime]::Parse("2023-02-08T12:15:00Z")
expiration = @{
duration = "PT1H"
}
recurrence = @{
pattern = @{
dayOfMonth = 5
daysOfWeek = @(
)
interval = 1
reccurencePatternType = "absoluteMonthly"
}
range = @{
startDate = "2023-02-08"
reccurenceRangeType = "noEnd"
}
}
}
ticketInfo = @{
ticketNumber = "INC1234567"
ticketSystem = "ServiceNow"
ticketSubmitterIdentityId = "alex@contoso.com"
ticketApproverIdentityId = "alexmanager@contoso.com"
}
}

New-MgBetaIdentityGovernancePermissionManagementScheduledPermissionRequest -BodyParameter $params


# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.scheduled_permissions_request import ScheduledPermissionsRequest
from msgraph_beta.generated.models.aws_permissions_definition import AwsPermissionsDefinition
from msgraph_beta.generated.models.permissions_definition_authorization_system import PermissionsDefinitionAuthorizationSystem
from msgraph_beta.generated.models.aws_actions_permissions_definition_action import AwsActionsPermissionsDefinitionAction
from msgraph_beta.generated.models.aws_statement import AwsStatement
from msgraph_beta.generated.models.aws_statement_effect import AwsStatementEffect
from msgraph_beta.generated.models.aws_condition import AwsCondition
from msgraph_beta.generated.models.permissions_definition_authorization_system_identity import PermissionsDefinitionAuthorizationSystemIdentity
from msgraph_beta.generated.models.saml_identity_source import SamlIdentitySource
from msgraph_beta.generated.models.permissions_definition_identity_type import PermissionsDefinitionIdentityType
from msgraph_beta.generated.models.request_schedule import RequestSchedule
from msgraph_beta.generated.models.expiration_pattern import ExpirationPattern
from msgraph_beta.generated.models.patterned_recurrence import PatternedRecurrence
from msgraph_beta.generated.models.recurrence_pattern import RecurrencePattern
from msgraph_beta.generated.models.day_of_week import DayOfWeek
from msgraph_beta.generated.models.recurrence_range import RecurrenceRange
from msgraph_beta.generated.models.ticket_info import TicketInfo
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = ScheduledPermissionsRequest(
	requested_permissions = AwsPermissionsDefinition(
		odata_type = "microsoft.graph.awsPermissionsDefinition",
		authorization_system_info = PermissionsDefinitionAuthorizationSystem(
			authorization_system_id = "956987887735",
			authorization_system_type = "AWS",
		),
		action_info = AwsActionsPermissionsDefinitionAction(
			odata_type = "microsoft.graph.awsActionsPermissionsDefinitionAction",
			statements = [
				AwsStatement(
					statement_id = "test1",
					actions = [
						"s3:AbortMultipartUpload",
						"s3:CreateBucket",
					],
					not_actions = [
					],
					resources = [
						"*",
					],
					not_resources = [
					],
					effect = AwsStatementEffect.Allow,
					condition = AwsCondition(
						additional_data = {
								"numeric_less_than_equals" : {
										"aws:_multi_factor_auth_age" : "3600",
								},
						}
					),
				),
				AwsStatement(
					statement_id = "test2",
					actions = [
						"s3:Delete:*",
					],
					not_actions = [
					],
					resources = [
						"*",
					],
					not_resources = [
					],
					effect = AwsStatementEffect.Allow,
					condition = AwsCondition(
						additional_data = {
								"numeric_less_than_equals" : {
										"aws:_multi_factor_auth_age" : "3600",
								},
						}
					),
				),
			],
			assign_to_role_id = "arn:aws:iam::956987887735:role/ck-saml-power-user",
		),
		identity_info = PermissionsDefinitionAuthorizationSystemIdentity(
			external_id = "rsn:alex@contoso.com",
			source = SamlIdentitySource(
				odata_type = "microsoft.graph.samlIdentitySource",
			),
			identity_type = PermissionsDefinitionIdentityType.User,
		),
	),
	justification = "I need to do this because I want to access S3 resources",
	notes = "Please",
	schedule_info = RequestSchedule(
		start_date_time = "2023-02-08T12:15:00Z",
		expiration = ExpirationPattern(
			duration = "PT1H",
		),
		recurrence = PatternedRecurrence(
			pattern = RecurrencePattern(
				day_of_month = 5,
				days_of_week = [
				],
				interval = 1,
				additional_data = {
						"reccurence_pattern_type" : "absoluteMonthly",
				}
			),
			range = RecurrenceRange(
				start_date = "2023-02-08",
				additional_data = {
						"reccurence_range_type" : "noEnd",
				}
			),
		),
	),
	ticket_info = TicketInfo(
		ticket_number = "INC1234567",
		ticket_system = "ServiceNow",
		ticket_submitter_identity_id = "alex@contoso.com",
		ticket_approver_identity_id = "alexmanager@contoso.com",
	),
)

result = await graph_client.identity_governance.permissions_management.scheduled_permissions_requests.post(request_body)

ID でアクセス許可要求を取り消す

要求者または管理者は承認された要求を取り消すことができますが、要求者のみが保留中 (statusDetail of submitted) 要求を取り消すことができます。

POST https://graph.microsoft.com/beta/identityGovernance/permissionsManagement/scheduledPermissionsRequests/{id}/cancelAll

すべてのアクセス許可要求の詳細を一覧表示する

GET https://graph.microsoft.com/beta/identityGovernance/permissionsManagement/permissionsRequestChanges

変更された日付でフィルター処理されたすべてのアクセス許可要求の詳細を一覧表示する

GET https://graph.microsoft.com/beta/identityGovernance/permissionsManagement/permissionsRequestChanges?$filter=modificationDateTime gt {t}

アクセス許可要求の詳細を取得する

GET https://graph.microsoft.com/beta/identityGovernance/permissionsManagement/permissionsRequestChanges/{id}

アクセス許可管理 API を使用してマルチクラウドインフラストラクチャのアクセス許可を検出、修復、監視する (プレビュー)

次の方法で共有

AWS 認可システムの Permissions Management API 操作のクイックリファレンス

すべての承認システムを取得する

承認システムを取得する

AWS 承認システムを一覧表示する

AWS 承認システムで ID を取得する

すべての ID を一覧表示する

1 つの ID を取得する

AWS ロールを取得する

すべての AWS ロールを一覧表示する

1 つの AWS ロールを取得する

AWS ユーザーを取得する

すべての AWS ユーザーを一覧表示する

AWS ユーザーを 1 人取得する

AWS ユーザーの許容ロールを一覧表示する

アクションを取得する

すべてのアクションを一覧表示する

アクションを取得する

ポリシーを取得する

すべてのポリシーを一覧表示する

ポリシーを取得する

リソースを取得する

すべてのリソースを一覧表示する

リソースを取得する

サービスを取得する

すべてのサービスを一覧表示する

サービスを取得する

AWS ポリシーを要求する

AWS アクションを要求する

ID でアクセス許可要求を取り消す

すべてのアクセス許可要求の詳細を一覧表示する

変更された日付でフィルター処理されたすべてのアクセス許可要求の詳細を一覧表示する

アクセス許可要求の詳細を取得する

フィードバック

その他のリソース

次の方法で共有

AWS 認可システムの Permissions Management API 操作のクイック リファレンス

すべての承認システムを取得する

承認システムを取得する

AWS 承認システムを一覧表示する

AWS 承認システムで ID を取得する

すべての ID を一覧表示する

1 つの ID を取得する

AWS ロールを取得する

すべての AWS ロールを一覧表示する

1 つの AWS ロールを取得する

AWS ユーザーを取得する

すべての AWS ユーザーを一覧表示する

AWS ユーザーを 1 人取得する

AWS ユーザーの許容ロールを一覧表示する

アクションを取得する

すべてのアクションを一覧表示する

アクションを取得する

ポリシーを取得する

すべてのポリシーを一覧表示する

ポリシーを取得する

リソースを取得する

すべてのリソースを一覧表示する

リソースを取得する

サービスを取得する

すべてのサービスを一覧表示する

サービスを取得する

AWS ポリシーを要求する

AWS アクションを要求する

ID でアクセス許可要求を取り消す

すべてのアクセス許可要求の詳細を一覧表示する

変更された日付でフィルター処理されたすべてのアクセス許可要求の詳細を一覧表示する

アクセス許可要求の詳細を取得する

関連コンテンツ

フィードバック

その他のリソース

AWS 認可システムの Permissions Management API 操作のクイックリファレンス