Update accessPackageAssignmentPolicy
Namespace: microsoft.graph
Update an existing accessPackageAssignmentPolicy object to change one or more of its properties, such as the display name or description.
This API is available in the following national cloud deployments.
Global service | US Government L4 | US Government L5 (DOD) | China operated by 21Vianet |
---|---|---|---|
✅ | ✅ | ✅ | ✅ |
Permissions
Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions only if your app requires it. For details about delegated and application permissions, see Permission types. To learn more about these permissions, see the permissions reference.
Permission type | Least privileged permissions | Higher privileged permissions |
---|---|---|
Delegated (work or school account) | EntitlementManagement.ReadWrite.All | Not available. |
Delegated (personal Microsoft account) | Not supported. | Not supported. |
Application | EntitlementManagement.ReadWrite.All | Not available. |
HTTP request
PUT /identityGovernance/entitlementManagement/assignmentPolicies/{accessPackageAssignmentPolicyId}
Request headers
Name | Description |
---|---|
Authorization | Bearer {token}. Required. Learn more about authentication and authorization. |
Content-Type | application/json. Required. |
Request body
In the request body, supply a JSON representation of the accessPackageAssignmentPolicy object.
The following table shows the properties that are required when you update an accessPackageAssignmentPolicy.
Property | Type | Description |
---|---|---|
accessPackage | accessPackage | Access package containing this policy. Only the id property is required. |
displayName | String | The display name of the policy. Required. |
description | String | The description of the policy. Required. |
allowedTargetScope | allowedTargetScope | Who is allowed to request the access package through this policy. The possible values are: notSpecified , specificDirectoryUsers , specificConnectedOrganizationUsers , specificDirectoryServicePrincipals , allMemberUsers , allDirectoryUsers , allDirectoryServicePrincipals , allConfiguredConnectedOrganizationUsers , allExternalUsers , unknownFutureValue . Required. |
automaticRequestSettings | accessPackageAutomaticRequestSettings | This property is only present for an auto assignment policy; if absent, this is a request-based policy. Required. |
specificAllowedTargets | subjectSet collection | The principals that can be assigned access from an access package through this policy. Required. |
expiration | expirationPattern | The expiration date for assignments created in this policy. Required. |
requestorSettings | accessPackageAssignmentRequestorSettings | Provides additional settings to select who can create a request for an access package assignment through this policy, and what they can include in their request. Required. |
requestApprovalSettings | accessPackageAssignmentApprovalSettings | Specifies the settings for approval of requests for an access package assignment through this policy. For example, if approval is required for new requests. Required. |
reviewSettings | accessPackageAssignmentReviewSettings | Settings for access reviews of assignments through this policy. Required. |
questions | accessPackageQuestion collection | Questions that are posed to the requestor. Required. |
Response
If successful, this method returns a 200 OK
response code and an updated accessPackageAssignmentPolicy object in the response body.
Examples
Example 1: Update the details of a policy
Request
The following example shows a request.
PUT https://graph.microsoft.com/v1.0/identityGovernance/entitlementManagement/accessPackageassignmentPolicies/87e1c7f7-c7f7-87e1-f7c7-e187f7c7e187
Content-Type: application/json
{
"id":"87e1c7f7-c7f7-87e1-f7c7-e187f7c7e187",
"displayName": "All Users",
"description": "All users can request for access to the directory.",
"allowedTargetScope": "allDirectoryUsers",
"automaticRequestSettings": null,
"specificAllowedTargets": [],
"expiration": {
"type": "noExpiration"
},
"requestorSettings": {
"enableTargetsToSelfAddAccess": true,
"enableTargetsToSelfUpdateAccess": false,
"enableTargetsToSelfRemoveAccess": true,
"allowCustomAssignmentSchedule": false,
"enableOnBehalfRequestorsToAddAccess": false,
"enableOnBehalfRequestorsToUpdateAccess": false,
"enableOnBehalfRequestorsToRemoveAccess": false,
"onBehalfRequestors": []
},
"requestApprovalSettings": {
"isApprovalRequiredForAdd": true,
"isApprovalRequiredForUpdate": false,
"stages": [
{
"durationBeforeAutomaticDenial": "P2D",
"isApproverJustificationRequired": false,
"isEscalationEnabled": false,
"durationBeforeEscalation": "PT0S",
"primaryApprovers": [
{
"@odata.type": "#microsoft.graph.requestorManager",
"managerLevel": 1
}
],
"fallbackPrimaryApprovers": [
{
"@odata.type": "#microsoft.graph.singleUser",
"userId": "e6bf4d7d-6824-4dd0-809d-5bf42d4817c2",
"description": "user"
}
],
"escalationApprovers": [],
"fallbackEscalationApprovers": []
}
]
},
"accessPackage": {
"id": "49d2c59b-0a81-463d-a8ec-ddad3935d8a0"
}
}
Response
The following example shows the response.
Note: The response object shown here might be shortened for readability.
HTTP/1.1 200 OK
Content-Type: application/json
{
"id": "87e1c7f7-c7f7-87e1-f7c7-e187f7c7e187",
"displayName": "All Users",
"description": "All users can request for access to the directory."
}
Example 2: Remove the customExtensionStageSettings from a policy
To remove the collection of customExtensionStageSettings and their associated custom workflow extension objects from a policy, assign an empty collection to the customExtensionStageSettings object.
Request
The following example shows a request.
PUT https://graph.microsoft.com/v1.0/identityGovernance/entitlementManagement/accessPackageAssignmentPolicies/4540a08f-8ab5-43f6-a923-015275799197
Content-Type: application/json
{
"id": "5540a08f-8ab5-43f6-a923-015275799197",
"displayName": "policy with access package custom workflow extension",
"description": "Run specified access package custom workflow extension at different stages.",
"accessPackageId": "ba5807c7-2aa9-4c8a-907e-4a17ee587500",
"expiration": {
"type": "afterDuration",
"duration": "P365D"
},
"requestApprovalSettings": null,
"requestorSettings": {
"acceptRequests": true,
"scopeType": "AllExistingDirectorySubjects",
"allowedRequestors": []
},
"accessReviewSettings": null,
"customExtensionStageSettings": []
}
Response
The following example shows the response.
Note: The response object shown here might be shortened for readability.
HTTP/1.1 200 OK
Content-Type: application/json
{
"id": "4540a08f-8ab5-43f6-a923-015275799197",
"displayName": "policy with access package custom workflow extension",
"description": "Run specified access package custom workflow extension at different stages.",
"accessPackageId": "ba5807c7-2aa9-4c8a-907e-4a17ee587500",
"expiration": {
"type": "afterDuration",
"duration": "P365D"
},
"requestApprovalSettings": null,
"requestorSettings": {
"acceptRequests": true,
"scopeType": "AllExistingDirectorySubjects",
"allowedRequestors": []
},
"accessReviewSettings": null
}
Example 3: Update the customExtensionStageSettings for a policy
The following example shows how to update a policy to include a custom extension.
Request
The following example shows a request.
PUT https://graph.microsoft.com/v1.0/identityGovernance/entitlementManagement/accessPackageAssignmentPolicies/f9afd2e3-7486-40df-9c35-aa2ae108c495
Content-Type: application/json
{
"displayName": "API Created policy with updated customExtensionStageSettings",
"description": "policy with updated customExtensionStageSettings",
"allowedTargetScope": "notSpecified",
"specificAllowedTargets": [],
"expiration": {
"endDateTime": null,
"duration": null,
"type": "noExpiration"
},
"requestorSettings": {
"enableTargetsToSelfAddAccess": false,
"enableTargetsToSelfUpdateAccess": false,
"enableTargetsToSelfRemoveAccess": false,
"allowCustomAssignmentSchedule": true,
"enableOnBehalfRequestorsToAddAccess": false,
"enableOnBehalfRequestorsToUpdateAccess": false,
"enableOnBehalfRequestorsToRemoveAccess": false,
"onBehalfRequestors": []
},
"requestApprovalSettings": {
"isApprovalRequiredForAdd": false,
"isApprovalRequiredForUpdate": false,
"stages": []
},
"accessPackage": {
"id": "f9afd2e3-7486-40df-9c35-aa2ae108c495"
},
"customExtensionStageSettings": [
{
"stage": "assignmentRequestCreated",
"customExtension": {
"@odata.type": "#microsoft.graph.accessPackageAssignmentRequestWorkflowExtension",
"id": "bebe7873-1f0d-4db9-b6c3-01f7ebfe8476"
}
}
]
}
Response
The following example shows the response.
Note: The response object shown here might be shortened for readability.
HTTP/1.1 200 OK
Content-Type: application/json
{
"id": "4540a08f-8ab5-43f6-a923-015275799197",
"displayName": "API Created policy with updated customExtensionStageSettings",
"description": "policy with updated customExtensionStageSettings",
"accessPackageId": "f9afd2e3-7486-40df-9c35-aa2ae108c495",
"expiration": {
"type": "afterDuration",
"duration": "P365D"
},
"requestApprovalSettings": null,
"requestorSettings": {
"acceptRequests": true,
"scopeType": "AllExistingDirectorySubjects",
"allowedRequestors": []
},
"accessReviewSettings": null,
"customExtensionStageSettings": [
{
"stage": "assignmentRequestCreated",
"customExtension": {
"@odata.type": "#microsoft.graph.accessPackageAssignmentRequestWorkflowExtension",
"id": "bebe7873-1f0d-4db9-b6c3-01f7ebfe8476"
}
}
]
}
피드백
https://aka.ms/ContentUserFeedback
출시 예정: 2024년 내내 콘텐츠에 대한 피드백 메커니즘으로 GitHub 문제를 단계적으로 폐지하고 이를 새로운 피드백 시스템으로 바꿀 예정입니다. 자세한 내용은 다음을 참조하세요.다음에 대한 사용자 의견 제출 및 보기