Bewerken

Delen via


ruleBasedSubjectSet resource type

Namespace: microsoft.graph.identityGovernance

Important

APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.

Specifies the rules to define the subjects that are the scope of a lifecycle workflow triggerAndScopeBasedConditions configuration.

Inherits from subjectSet.

Properties

Property Type Description
rule String The rule for the subject set. Lifecycle Workflows supports a rich set of user properties for configuring the rules using $filter query expressions. For more information, see supported user and query parameters.

Note

The rule evaluation is case-sensitive.

Supported user properties and query parameters

Lifecycle Workflows supports the following user properties for configuring the rules that are in the scope of an execution condition. You can use the $filter OData query parameter with either the eq, ne, in, or startsWith operators. You can also combine the filter expressions using one of the following conjunction and disjunction operators:

  • and
  • or
  • and and not
  • or and not
User property Property type Supports eq, ne, in Supports startsWith
accountEnabled Boolean ✔️  
assignedPlans/any(a:a/capabilityStatus) assignedPlan collection ✔️  
assignedPlans/any(a:a/service) assignedPlan collection ✔️  
assignedPlans/any(a:a/servicePlanId) assignedPlan collection ✔️  
city String ✔️ ✔️
companyName String ✔️ ✔️
country String ✔️ ✔️
customSecurityAttributes String ✔️ ✔️
department String ✔️ ✔️
displayName String ✔️ ✔️
employeeId String ✔️  
employeeOrgData/costCenter employeeOrgData ✔️  
employeeOrgData/division employeeOrgData ✔️  
employeeType String ✔️  
faxNumber String ✔️ ✔️
givenName String ✔️ ✔️
jobTitle String ✔️ ✔️
mail String ✔️ ✔️
mailNickname String ✔️ ✔️
mobilePhone String ✔️ ✔️
officeLocation String ✔️ ✔️
onPremisesExtensionAttributes/extensionAttribute1 - 15 onPremisesExtensionAttributes ✔️  
onPremisesSecurityIdentifier String ✔️  
onPremisesSyncEnabled Boolean ✔️  
otherMails/any(p:p) String Collection ✔️ ✔️
postalCode String ✔️ ✔️
preferredLanguage String ✔️ ✔️
proxyAddresses/any(p:p) String collection ✔️ ✔️
state String ✔️ ✔️
streetAddress String ✔️ ✔️
surname String ✔️ ✔️
usageLocation String ✔️ ✔️
userPrincipalName String ✔️ ✔️
userType String ✔️  

You can also configure rules using Directory (Microsoft Entra ID) extensions and custom security attributes. It is not supported to configure rules with schema extensions or open extensions.

Note

Using custom security attributes requires the Attribute Assignment Administrator role. For more information, see: Attribute Assignment Administrator.

Examples of rules

Example rule Description
"rule": "(department eq 'Marketing')" Run the workflow for users in the "Marketing" department.
"rule": "(department ne 'Marketing')" Run the workflow for users not in the "Marketing" department.
"rule": "(department in ('Marketing'))" Run the workflow for users in the "Marketing" department.
"rule": "(accountEnabled eq true)" Run the workflow for users whose account is enabled.
"rule": "(employeeOrgData/costCenter eq '100')" Run the workflow for users whose costCenter is 100.
"rule": "(otherMails/any(p:startsWith(p, 'Av')))" Run the workflow for users whose otherMails starts with Av.
"rule": "(department eq 'Marketing') and (accountEnabled in (true))" Run the workflow for users in the marketing department and whose account is enabled.
"rule": "(department eq 'Marketing') or (not (city eq 'Redmond'))" Run the workflow for users in the marketing department and whose city is not "Redmond".
"rule": "(customSecurityAttributes/OnsightLocation/CustomerOnsite eq true)" Run the workflow for users who have the custom security attribute for CustomerOnSite set as true.

Relationships

None.

JSON representation

The following JSON representation shows the resource type.

{
  "@odata.type": "#microsoft.graph.identityGovernance.ruleBasedSubjectSet",
  "rule": "String"
}