Observação
A partir de 1 de abril de 2025, Gerenciamento de Permissões do Microsoft Entra deixarão de estar disponíveis para compra e, a 1 de outubro de 2025, iremos extinguir e descontinuar o suporte deste produto. Pode encontrar mais informações aqui.
As APIs de gestão de permissões permitem-lhe detetar permissões atribuídas a todas as identidades em várias clouds; pedir permissões; aprovar, rejeitar e cancelar pedidos de permissões. Este artigo fornece um guia de referência rápida para operações do Microsoft API do Graph nos sistemas de autorização suportados.
Obter todos os sistemas de autorização
Listar todos os sistemas de autorização integrados no Gerenciamento de Permissões.
GET https://graph.microsoft.com/beta/external/authorizationSystems
Filtrar sistemas de autorização por nome.
GET https://graph.microsoft.com/beta/external/authorizationSystems?$filter=contains(authorizationSystemName, 'cloud')
Obter um sistema de autorização
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}
Listar sistemas de autorização do Azure
Liste os sistemas de autorização do Azure integrados no Gerenciamento de Permissões ao filtrar pela propriedade authorizationSystemType.
GET https://graph.microsoft.com/beta/external/authorizationSystems?$filter=authorizationSystemType eq 'azure'
// Code snippets are only available for the latest version. Current version is 5.x
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.External.AuthorizationSystems.GetAsync((requestConfiguration) =>
{
requestConfiguration.QueryParameters.Filter = "authorizationSystemType eq 'azure'";
});
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphexternal "github.com/microsoftgraph/msgraph-beta-sdk-go/external"
//other-imports
)
requestFilter := "authorizationSystemType eq 'azure'"
requestParameters := &graphexternal.ExternalAuthorizationSystemsRequestBuilderGetQueryParameters{
Filter: &requestFilter,
}
configuration := &graphexternal.ExternalAuthorizationSystemsRequestBuilderGetRequestConfiguration{
QueryParameters: requestParameters,
}
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
authorizationSystems, err := graphClient.External().AuthorizationSystems().Get(context.Background(), configuration)
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
AuthorizationSystemCollectionResponse result = graphClient.external().authorizationSystems().get(requestConfiguration -> {
requestConfiguration.queryParameters.filter = "authorizationSystemType eq 'azure'";
});
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
const options = {
authProvider,
};
const client = Client.init(options);
let authorizationSystems = await client.api('/external/authorizationSystems')
.version('beta')
.filter('authorizationSystemType eq \'azure\'')
.get();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\External\AuthorizationSystems\AuthorizationSystemsRequestBuilderGetRequestConfiguration;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestConfiguration = new AuthorizationSystemsRequestBuilderGetRequestConfiguration();
$queryParameters = AuthorizationSystemsRequestBuilderGetRequestConfiguration::createQueryParameters();
$queryParameters->filter = "authorizationSystemType eq 'azure'";
$requestConfiguration->queryParameters = $queryParameters;
$result = $graphServiceClient->external()->authorizationSystems()->get($requestConfiguration)->wait();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.external.authorization_systems.authorization_systems_request_builder import AuthorizationSystemsRequestBuilder
from kiota_abstractions.base_request_configuration import RequestConfiguration
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
query_params = AuthorizationSystemsRequestBuilder.AuthorizationSystemsRequestBuilderGetQueryParameters(
filter = "authorizationSystemType eq 'azure'",
)
request_configuration = RequestConfiguration(
query_parameters = query_params,
)
result = await graph_client.external.authorization_systems.get(request_configuration = request_configuration)
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Listar os sistemas de autorização do Azure integrados no Gerenciamento de Permissões.
GET https://graph.microsoft.com/beta/external/authorizationSystems/microsoft.graph.azureAuthorizationSystem
// Code snippets are only available for the latest version. Current version is 5.x
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.External.AuthorizationSystems["{authorizationSystem-id}"].GetAsync();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
//other-imports
)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
authorizationSystems, err := graphClient.External().AuthorizationSystems().ByAuthorizationSystemId("authorizationSystem-id").Get(context.Background(), nil)
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
AuthorizationSystem result = graphClient.external().authorizationSystems().byAuthorizationSystemId("{authorizationSystem-id}").get();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
const options = {
authProvider,
};
const client = Client.init(options);
let azureAuthorizationSystem = await client.api('/external/authorizationSystems/microsoft.graph.azureAuthorizationSystem')
.version('beta')
.get();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$result = $graphServiceClient->external()->authorizationSystems()->byAuthorizationSystemId('authorizationSystem-id')->get()->wait();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
result = await graph_client.external.authorization_systems.by_authorization_system_id('authorizationSystem-id').get()
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Identifique todos os sistemas de autorização do Azure que estejam online e tenham a capacidade de modificação de permissões ativada.
GET https://graph.microsoft.com/beta/external/authorizationSystems?$filter=authorizationSystemType eq 'azure' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/permissionsModificationCapability eq 'enabled' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/status eq 'online'
// Code snippets are only available for the latest version. Current version is 5.x
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.External.AuthorizationSystems.GetAsync((requestConfiguration) =>
{
requestConfiguration.QueryParameters.Filter = "authorizationSystemType eq 'azure' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/permissionsModificationCapability eq 'enabled' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/status eq 'online'";
});
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphexternal "github.com/microsoftgraph/msgraph-beta-sdk-go/external"
//other-imports
)
requestFilter := "authorizationSystemType eq 'azure' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/permissionsModificationCapability eq 'enabled' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/status eq 'online'"
requestParameters := &graphexternal.ExternalAuthorizationSystemsRequestBuilderGetQueryParameters{
Filter: &requestFilter,
}
configuration := &graphexternal.ExternalAuthorizationSystemsRequestBuilderGetRequestConfiguration{
QueryParameters: requestParameters,
}
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
authorizationSystems, err := graphClient.External().AuthorizationSystems().Get(context.Background(), configuration)
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
AuthorizationSystemCollectionResponse result = graphClient.external().authorizationSystems().get(requestConfiguration -> {
requestConfiguration.queryParameters.filter = "authorizationSystemType eq 'azure' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/permissionsModificationCapability eq 'enabled' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/status eq 'online'";
});
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
const options = {
authProvider,
};
const client = Client.init(options);
let authorizationSystems = await client.api('/external/authorizationSystems')
.version('beta')
.filter('authorizationSystemType eq \'azure\' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/permissionsModificationCapability eq \'enabled\' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/status eq \'online\'')
.get();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\External\AuthorizationSystems\AuthorizationSystemsRequestBuilderGetRequestConfiguration;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestConfiguration = new AuthorizationSystemsRequestBuilderGetRequestConfiguration();
$queryParameters = AuthorizationSystemsRequestBuilderGetRequestConfiguration::createQueryParameters();
$queryParameters->filter = "authorizationSystemType eq 'azure' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/permissionsModificationCapability eq 'enabled' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/status eq 'online'";
$requestConfiguration->queryParameters = $queryParameters;
$result = $graphServiceClient->external()->authorizationSystems()->get($requestConfiguration)->wait();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Import-Module Microsoft.Graph.Beta.Search
Get-MgBetaExternalAuthorizationSystem -Filter "authorizationSystemType eq 'azure' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/permissionsModificationCapability eq 'enabled' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/status eq 'online'"
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.external.authorization_systems.authorization_systems_request_builder import AuthorizationSystemsRequestBuilder
from kiota_abstractions.base_request_configuration import RequestConfiguration
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
query_params = AuthorizationSystemsRequestBuilder.AuthorizationSystemsRequestBuilderGetQueryParameters(
filter = "authorizationSystemType eq 'azure' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/permissionsModificationCapability eq 'enabled' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/status eq 'online'",
)
request_configuration = RequestConfiguration(
query_parameters = query_params,
)
result = await graph_client.external.authorization_systems.get(request_configuration = request_configuration)
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Obter identidades num sistema de autorização do Azure
Listar todas as identidades
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/associatedIdentities/all
const options = {
authProvider,
};
const client = Client.init(options);
let all = await client.api('/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/associatedIdentities/all')
.version('beta')
.get();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Obter uma identidade
Por ID da chave primária.
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/associatedIdentities/all/{id}
const options = {
authProvider,
};
const client = Client.init(options);
let azureIdentity = await client.api('/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/associatedIdentities/all/{id}')
.version('beta')
.get();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Por externalId de chave alternativa.
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/associatedIdentities/all(externalId='{externalId}')
Obter identidades geridas do Azure
Listar todas as identidades geridas do Azure
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/associatedIdentities/managedIdentities
const options = {
authProvider,
};
const client = Client.init(options);
let managedIdentities = await client.api('/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/associatedIdentities/managedIdentities')
.version('beta')
.get();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Obter uma identidade gerida do Azure
Por ID de identidade gerida de chave primária.
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/associatedIdentities/managedIdentities/{id}
const options = {
authProvider,
};
const client = Client.init(options);
let azureManagedIdentity = await client.api('/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/associatedIdentities/managedIdentities/{id}')
.version('beta')
.get();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Por externalId de chave alternativa.
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/associatedIdentities/managedIdentities(externalId='{externalId}')
Obter utilizadores do Azure
Listar todos os utilizadores do Azure
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/associatedIdentities/users
const options = {
authProvider,
};
const client = Client.init(options);
let users = await client.api('/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/associatedIdentities/users')
.version('beta')
.get();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Obter um utilizador do Azure
Por ID de utilizador da chave primária.
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/associatedIdentities/users/{id}
const options = {
authProvider,
};
const client = Client.init(options);
let azureUser = await client.api('/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/associatedIdentities/users/{id}')
.version('beta')
.get();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Por externalId de chave alternativa.
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/associatedIdentities/users(externalId='{externalId}')
const options = {
authProvider,
};
const client = Client.init(options);
let azureUser = await client.api('/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/associatedIdentities/users/{id}')
.version('beta')
.get();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Obter principais de serviço do Azure
Listar todos os principais de serviço do Azure
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/associatedIdentities/servicePrincipals
const options = {
authProvider,
};
const client = Client.init(options);
let servicePrincipals = await client.api('/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/associatedIdentities/servicePrincipals')
.version('beta')
.get();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Obter um principal de serviço do Azure
Por ID de utilizador da chave primária.
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/associatedIdentities/servicePrincipals/{id}
const options = {
authProvider,
};
const client = Client.init(options);
let azureServicePrincipal = await client.api('/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/associatedIdentities/servicePrincipals/{id}')
.version('beta')
.get();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Por externalId de chave alternativa.
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/associatedIdentities/servicePrincipals(externalId='{externalId}')
const options = {
authProvider,
};
const client = Client.init(options);
let azureServicePrincipal = await client.api('/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/associatedIdentities/servicePrincipals/{id}')
.version('beta')
.get();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Obter ações
Listar todas as ações
Listar todas as ações.
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/actions
const options = {
authProvider,
};
const client = Client.init(options);
let actions = await client.api('/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/actions')
.version('beta')
.get();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Listar ações para um serviço específico num sistema de autorização do Azure.
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/actions?$filter=service/id eq 'Microsoft.Storage'
const options = {
authProvider,
};
const client = Client.init(options);
let actions = await client.api('/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/actions')
.version('beta')
.filter('service/id eq \'Microsoft.Storage\'')
.get();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Listar ações de eliminação de alto risco para um serviço específico no sistema de autorização do Azure
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/actions?$filter=service/id eq 'Microsoft.Storage' and severity eq 'high' and actionType eq 'delete'
const options = {
authProvider,
};
const client = Client.init(options);
let actions = await client.api('/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/actions')
.version('beta')
.filter('service/id eq \'Microsoft.Storage\' and severity eq \'high\' and actionType eq \'delete\'')
.get();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Obter uma ação
Por ID de ação da chave primária.
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/actions/{id}
const options = {
authProvider,
};
const client = Client.init(options);
let azureAuthorizationSystemTypeAction = await client.api('/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/actions/{id}')
.version('beta')
.get();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Por externalId de chave alternativa.
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/actions(externalId={externalId})
Obter recursos
Listar todos os recursos
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/resources
const options = {
authProvider,
};
const client = Client.init(options);
let resources = await client.api('/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/resources')
.version('beta')
.get();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Obter um recurso
Por ID de recurso de chave primária.
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/resources/{id}
const options = {
authProvider,
};
const client = Client.init(options);
let azureAuthorizationSystemResource = await client.api('/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/resources/{id}')
.version('beta')
.get();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Por externalId de chave alternativa.
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/resources(externalId={externalId})
Obter definição de função
Listar todas as definições de função
Listar todas as definições de função.
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/roleDefinitions
const options = {
authProvider,
};
const client = Client.init(options);
let roleDefinitions = await client.api('/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/roleDefinitions')
.version('beta')
.get();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Liste todas as definições de funções por âmbitos atribuíveis.
GET https://graph.microsoft.com/beta/external/authorizationSystems/{computedId}/graph.azureAuthorizationSystem/roleDefinitions?$filter=assignableScopes/any(p:p eq '/' or '/subscriptions/87eefd90-95a3-480a-ba42-56ff299a05ee' or '/subscriptions/e160b34b-2a0f-41f6-aaf3-09c5a9f43768/resourceGroups/2eResourceGroup')
const options = {
authProvider,
};
const client = Client.init(options);
let roleDefinitions = await client.api('/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/roleDefinitions')
.version('beta')
.get();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Obter uma definição de função
Por ID de definição de função de chave primária atribuída por Gerenciamento de Permissões.
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/roleDefinitions/{id}
const options = {
authProvider,
};
const client = Client.init(options);
let azureRoleDefinition = await client.api('/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/roleDefinitions/{id}')
.version('beta')
.get();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Por externalId de chave alternativa, que é o ID exclusivo global da função no Microsoft Azure.
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/policies(externalId='{externalId}')
Obter serviços
Listar todos os serviços
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/services
const options = {
authProvider,
};
const client = Client.init(options);
let services = await client.api('/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/services')
.version('beta')
.get();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Obter um serviço
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/services/{id}
const options = {
authProvider,
};
const client = Client.init(options);
let authorizationSystemTypeService = await client.api('/external/authorizationSystems/{id}/microsoft.graph.azureAuthorizationSystem/services/{id}')
.version('beta')
.get();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Pedir uma ação do Azure
POST https://graph.microsoft.com/beta/identityGovernance/permissionsManagement/scheduledPermissionsRequests
Content-Type: application/json
{
"requestedPermissions": {
"@odata.type": "microsoft.graph.singleResourceAzurePermissionsDefinition",
"authorizationSystemInfo": {
"authorizationSystemId": "87eefd90-95a3-480a-ba42-56ff299a05ee",
"authorizationSystemType": "AZURE"
},
"actionInfo": {
"@odata.type": "microsoft.graph.azureActionPermissionsDefinitionAction",
"actions": ["Microsoft.Authorization/roleassignments/read", "Microsoft.Authorization/roleassignments/write"]
},
"identityInfo": {
"externalId": "alex@adatum.com"",
"source": {
"@odata.type": "microsoft.graph.edIdentitySource"
},
"identityType": "user"
},
"resourceId": "/subscriptions/87eefd90-95a3-480a-ba42-56ff299a05ee"
},
"justification": "I need to do this because I want to access AAD resources",
"notes": "Pretty Pleaseeeee",
"scheduleInfo": {
"startDateTime": null,
"expiration": {
"duration": "PT1H"
},
"recurrence": null
},
"ticketInfo": {
"ticketNumber": "INC1234567",
"ticketSystem": "ServiceNow",
"ticketSubmitterIdentityId": "alex@contoso.com",
"ticketApproverIdentityId": "alexmanager@contoso.com"
}
}
const options = {
authProvider,
};
const client = Client.init(options);
const scheduledPermissionsRequest = {
requestedPermissions: {
'@odata.type': 'microsoft.graph.singleResourceAzurePermissionsDefinition',
authorizationSystemInfo: {
authorizationSystemId: '87eefd90-95a3-480a-ba42-56ff299a05ee',
authorizationSystemType: 'AZURE'
},
actionInfo: {
'@odata.type': 'microsoft.graph.azureActionPermissionsDefinitionAction',
actions: ['Microsoft.Authorization/roleassignments/read', 'Microsoft.Authorization/roleassignments/write']
},
identityInfo: {
externalId: 'alex@adatum.com'",
source: {
'@odata.type': 'microsoft.graph.edIdentitySource'
},
identityType: 'user'
},
resourceId: '/subscriptions/87eefd90-95a3-480a-ba42-56ff299a05ee'
},
justification: 'I need to do this because I want to access AAD resources',
notes: 'Pretty Pleaseeeee',
scheduleInfo: {
startDateTime: null,
expiration: {
duration: 'PT1H'
},
recurrence: null
},
ticketInfo: {
ticketNumber: 'INC1234567',
ticketSystem: 'ServiceNow',
ticketSubmitterIdentityId: 'alex@contoso.com',
ticketApproverIdentityId: 'alexmanager@contoso.com'
}
};
await client.api('/identityGovernance/permissionsManagement/scheduledPermissionsRequests')
.version('beta')
.post(scheduledPermissionsRequest);
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Pedir uma função do Azure
POST https://graph.microsoft.com/beta/identityGovernance/permissionsManagement/scheduledPermissionsRequests
Content-Type: application/json
{
"requestedPermissions": {
"@odata.type": "microsoft.graph.singleResourceAzurePermissionsDefinition",
"authorizationSystemInfo": {
"authorizationSystemId": "87eefd90-95a3-480a-ba42-56ff299a05ee",
"authorizationSystemType": "AZURE"
},
"actionInfo": {
"@odata.type": "microsoft.graph.azureRolePermissionsDefinitionAction",
"roles": [
{
"id": "cdda3590-29a3-44f6-95f2-9f980659eb04"
},
{
"id": "312a565d-c81f-4fd8-895a-4e21e48d571c"
}
]
},
"identityInfo": {
"externalId": "alex@contoso.com",
"source": {
"@odata.type": "microsoft.graph.edIdentitySource"
},
"identityType": "user"
},
"resourceId": "/subscriptions/87eefd90-95a3-480a-ba42-56ff299a05ee"
},
"justification": "I need to do this because I want to some new azure roles",
"notes": "Pretty Pleaseeeee",
"scheduleInfo": {
"expiration": {
"duration": "PT1H"
},
"recurrence": null
},
"ticketInfo": {
"ticketNumber": "INC1234567",
"ticketSystem": "ServiceNow",
"ticketSubmitterIdentityId": "alex@contoso.com",
"ticketApproverIdentityId": "alexmanager@contoso.com"
}
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models;
var requestBody = new ScheduledPermissionsRequest
{
RequestedPermissions = new SingleResourceAzurePermissionsDefinition
{
OdataType = "microsoft.graph.singleResourceAzurePermissionsDefinition",
AuthorizationSystemInfo = new PermissionsDefinitionAuthorizationSystem
{
AuthorizationSystemId = "87eefd90-95a3-480a-ba42-56ff299a05ee",
AuthorizationSystemType = "AZURE",
},
ActionInfo = new AzureRolePermissionsDefinitionAction
{
OdataType = "microsoft.graph.azureRolePermissionsDefinitionAction",
Roles = new List<PermissionsDefinitionAzureRole>
{
new PermissionsDefinitionAzureRole
{
Id = "cdda3590-29a3-44f6-95f2-9f980659eb04",
},
new PermissionsDefinitionAzureRole
{
Id = "312a565d-c81f-4fd8-895a-4e21e48d571c",
},
},
},
IdentityInfo = new PermissionsDefinitionAuthorizationSystemIdentity
{
ExternalId = "alex@contoso.com",
Source = new EdIdentitySource
{
OdataType = "microsoft.graph.edIdentitySource",
},
IdentityType = PermissionsDefinitionIdentityType.User,
},
ResourceId = "/subscriptions/87eefd90-95a3-480a-ba42-56ff299a05ee",
},
Justification = "I need to do this because I want to some new azure roles",
Notes = "Pretty Pleaseeeee",
ScheduleInfo = new RequestSchedule
{
Expiration = new ExpirationPattern
{
Duration = TimeSpan.Parse("PT1H"),
},
Recurrence = null,
},
TicketInfo = new TicketInfo
{
TicketNumber = "INC1234567",
TicketSystem = "ServiceNow",
TicketSubmitterIdentityId = "alex@contoso.com",
TicketApproverIdentityId = "alexmanager@contoso.com",
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.PermissionsManagement.ScheduledPermissionsRequests.PostAsync(requestBody);
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewScheduledPermissionsRequest()
requestedPermissions := graphmodels.NewSingleResourceAzurePermissionsDefinition()
authorizationSystemInfo := graphmodels.NewPermissionsDefinitionAuthorizationSystem()
authorizationSystemId := "87eefd90-95a3-480a-ba42-56ff299a05ee"
authorizationSystemInfo.SetAuthorizationSystemId(&authorizationSystemId)
authorizationSystemType := "AZURE"
authorizationSystemInfo.SetAuthorizationSystemType(&authorizationSystemType)
requestedPermissions.SetAuthorizationSystemInfo(authorizationSystemInfo)
actionInfo := graphmodels.NewAzureRolePermissionsDefinitionAction()
permissionsDefinitionAzureRole := graphmodels.NewPermissionsDefinitionAzureRole()
id := "cdda3590-29a3-44f6-95f2-9f980659eb04"
permissionsDefinitionAzureRole.SetId(&id)
permissionsDefinitionAzureRole1 := graphmodels.NewPermissionsDefinitionAzureRole()
id := "312a565d-c81f-4fd8-895a-4e21e48d571c"
permissionsDefinitionAzureRole1.SetId(&id)
roles := []graphmodels.PermissionsDefinitionAzureRoleable {
permissionsDefinitionAzureRole,
permissionsDefinitionAzureRole1,
}
actionInfo.SetRoles(roles)
requestedPermissions.SetActionInfo(actionInfo)
identityInfo := graphmodels.NewPermissionsDefinitionAuthorizationSystemIdentity()
externalId := "alex@contoso.com"
identityInfo.SetExternalId(&externalId)
source := graphmodels.NewEdIdentitySource()
identityInfo.SetSource(source)
identityType := graphmodels.USER_PERMISSIONSDEFINITIONIDENTITYTYPE
identityInfo.SetIdentityType(&identityType)
requestedPermissions.SetIdentityInfo(identityInfo)
resourceId := "/subscriptions/87eefd90-95a3-480a-ba42-56ff299a05ee"
requestedPermissions.SetResourceId(&resourceId)
requestBody.SetRequestedPermissions(requestedPermissions)
justification := "I need to do this because I want to some new azure roles"
requestBody.SetJustification(&justification)
notes := "Pretty Pleaseeeee"
requestBody.SetNotes(¬es)
scheduleInfo := graphmodels.NewRequestSchedule()
expiration := graphmodels.NewExpirationPattern()
duration , err := abstractions.ParseISODuration("PT1H")
expiration.SetDuration(&duration)
scheduleInfo.SetExpiration(expiration)
recurrence := null
scheduleInfo.SetRecurrence(&recurrence)
requestBody.SetScheduleInfo(scheduleInfo)
ticketInfo := graphmodels.NewTicketInfo()
ticketNumber := "INC1234567"
ticketInfo.SetTicketNumber(&ticketNumber)
ticketSystem := "ServiceNow"
ticketInfo.SetTicketSystem(&ticketSystem)
ticketSubmitterIdentityId := "alex@contoso.com"
ticketInfo.SetTicketSubmitterIdentityId(&ticketSubmitterIdentityId)
ticketApproverIdentityId := "alexmanager@contoso.com"
ticketInfo.SetTicketApproverIdentityId(&ticketApproverIdentityId)
requestBody.SetTicketInfo(ticketInfo)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
scheduledPermissionsRequests, err := graphClient.IdentityGovernance().PermissionsManagement().ScheduledPermissionsRequests().Post(context.Background(), requestBody, nil)
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
ScheduledPermissionsRequest scheduledPermissionsRequest = new ScheduledPermissionsRequest();
SingleResourceAzurePermissionsDefinition requestedPermissions = new SingleResourceAzurePermissionsDefinition();
requestedPermissions.setOdataType("microsoft.graph.singleResourceAzurePermissionsDefinition");
PermissionsDefinitionAuthorizationSystem authorizationSystemInfo = new PermissionsDefinitionAuthorizationSystem();
authorizationSystemInfo.setAuthorizationSystemId("87eefd90-95a3-480a-ba42-56ff299a05ee");
authorizationSystemInfo.setAuthorizationSystemType("AZURE");
requestedPermissions.setAuthorizationSystemInfo(authorizationSystemInfo);
AzureRolePermissionsDefinitionAction actionInfo = new AzureRolePermissionsDefinitionAction();
actionInfo.setOdataType("microsoft.graph.azureRolePermissionsDefinitionAction");
LinkedList<PermissionsDefinitionAzureRole> roles = new LinkedList<PermissionsDefinitionAzureRole>();
PermissionsDefinitionAzureRole permissionsDefinitionAzureRole = new PermissionsDefinitionAzureRole();
permissionsDefinitionAzureRole.setId("cdda3590-29a3-44f6-95f2-9f980659eb04");
roles.add(permissionsDefinitionAzureRole);
PermissionsDefinitionAzureRole permissionsDefinitionAzureRole1 = new PermissionsDefinitionAzureRole();
permissionsDefinitionAzureRole1.setId("312a565d-c81f-4fd8-895a-4e21e48d571c");
roles.add(permissionsDefinitionAzureRole1);
actionInfo.setRoles(roles);
requestedPermissions.setActionInfo(actionInfo);
PermissionsDefinitionAuthorizationSystemIdentity identityInfo = new PermissionsDefinitionAuthorizationSystemIdentity();
identityInfo.setExternalId("alex@contoso.com");
EdIdentitySource source = new EdIdentitySource();
source.setOdataType("microsoft.graph.edIdentitySource");
identityInfo.setSource(source);
identityInfo.setIdentityType(PermissionsDefinitionIdentityType.User);
requestedPermissions.setIdentityInfo(identityInfo);
requestedPermissions.setResourceId("/subscriptions/87eefd90-95a3-480a-ba42-56ff299a05ee");
scheduledPermissionsRequest.setRequestedPermissions(requestedPermissions);
scheduledPermissionsRequest.setJustification("I need to do this because I want to some new azure roles");
scheduledPermissionsRequest.setNotes("Pretty Pleaseeeee");
RequestSchedule scheduleInfo = new RequestSchedule();
ExpirationPattern expiration = new ExpirationPattern();
PeriodAndDuration duration = PeriodAndDuration.ofDuration(Duration.parse("PT1H"));
expiration.setDuration(duration);
scheduleInfo.setExpiration(expiration);
scheduleInfo.setRecurrence(null);
scheduledPermissionsRequest.setScheduleInfo(scheduleInfo);
TicketInfo ticketInfo = new TicketInfo();
ticketInfo.setTicketNumber("INC1234567");
ticketInfo.setTicketSystem("ServiceNow");
ticketInfo.setTicketSubmitterIdentityId("alex@contoso.com");
ticketInfo.setTicketApproverIdentityId("alexmanager@contoso.com");
scheduledPermissionsRequest.setTicketInfo(ticketInfo);
ScheduledPermissionsRequest result = graphClient.identityGovernance().permissionsManagement().scheduledPermissionsRequests().post(scheduledPermissionsRequest);
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
const options = {
authProvider,
};
const client = Client.init(options);
const scheduledPermissionsRequest = {
requestedPermissions: {
'@odata.type': 'microsoft.graph.singleResourceAzurePermissionsDefinition',
authorizationSystemInfo: {
authorizationSystemId: '87eefd90-95a3-480a-ba42-56ff299a05ee',
authorizationSystemType: 'AZURE'
},
actionInfo: {
'@odata.type': 'microsoft.graph.azureRolePermissionsDefinitionAction',
roles: [
{
id: 'cdda3590-29a3-44f6-95f2-9f980659eb04'
},
{
id: '312a565d-c81f-4fd8-895a-4e21e48d571c'
}
]
},
identityInfo: {
externalId: 'alex@contoso.com',
source: {
'@odata.type': 'microsoft.graph.edIdentitySource'
},
identityType: 'user'
},
resourceId: '/subscriptions/87eefd90-95a3-480a-ba42-56ff299a05ee'
},
justification: 'I need to do this because I want to some new azure roles',
notes: 'Pretty Pleaseeeee',
scheduleInfo: {
expiration: {
duration: 'PT1H'
},
recurrence: null
},
ticketInfo: {
ticketNumber: 'INC1234567',
ticketSystem: 'ServiceNow',
ticketSubmitterIdentityId: 'alex@contoso.com',
ticketApproverIdentityId: 'alexmanager@contoso.com'
}
};
await client.api('/identityGovernance/permissionsManagement/scheduledPermissionsRequests')
.version('beta')
.post(scheduledPermissionsRequest);
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\ScheduledPermissionsRequest;
use Microsoft\Graph\Beta\Generated\Models\SingleResourceAzurePermissionsDefinition;
use Microsoft\Graph\Beta\Generated\Models\PermissionsDefinitionAuthorizationSystem;
use Microsoft\Graph\Beta\Generated\Models\AzureRolePermissionsDefinitionAction;
use Microsoft\Graph\Beta\Generated\Models\PermissionsDefinitionAzureRole;
use Microsoft\Graph\Beta\Generated\Models\PermissionsDefinitionAuthorizationSystemIdentity;
use Microsoft\Graph\Beta\Generated\Models\EdIdentitySource;
use Microsoft\Graph\Beta\Generated\Models\PermissionsDefinitionIdentityType;
use Microsoft\Graph\Beta\Generated\Models\RequestSchedule;
use Microsoft\Graph\Beta\Generated\Models\ExpirationPattern;
use Microsoft\Graph\Beta\Generated\Models\TicketInfo;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new ScheduledPermissionsRequest();
$requestedPermissions = new SingleResourceAzurePermissionsDefinition();
$requestedPermissions->setOdataType('microsoft.graph.singleResourceAzurePermissionsDefinition');
$requestedPermissionsAuthorizationSystemInfo = new PermissionsDefinitionAuthorizationSystem();
$requestedPermissionsAuthorizationSystemInfo->setAuthorizationSystemId('87eefd90-95a3-480a-ba42-56ff299a05ee');
$requestedPermissionsAuthorizationSystemInfo->setAuthorizationSystemType('AZURE');
$requestedPermissions->setAuthorizationSystemInfo($requestedPermissionsAuthorizationSystemInfo);
$requestedPermissionsActionInfo = new AzureRolePermissionsDefinitionAction();
$requestedPermissionsActionInfo->setOdataType('microsoft.graph.azureRolePermissionsDefinitionAction');
$rolesPermissionsDefinitionAzureRole1 = new PermissionsDefinitionAzureRole();
$rolesPermissionsDefinitionAzureRole1->setId('cdda3590-29a3-44f6-95f2-9f980659eb04');
$rolesArray []= $rolesPermissionsDefinitionAzureRole1;
$rolesPermissionsDefinitionAzureRole2 = new PermissionsDefinitionAzureRole();
$rolesPermissionsDefinitionAzureRole2->setId('312a565d-c81f-4fd8-895a-4e21e48d571c');
$rolesArray []= $rolesPermissionsDefinitionAzureRole2;
$requestedPermissionsActionInfo->setRoles($rolesArray);
$requestedPermissions->setActionInfo($requestedPermissionsActionInfo);
$requestedPermissionsIdentityInfo = new PermissionsDefinitionAuthorizationSystemIdentity();
$requestedPermissionsIdentityInfo->setExternalId('alex@contoso.com');
$requestedPermissionsIdentityInfoSource = new EdIdentitySource();
$requestedPermissionsIdentityInfoSource->setOdataType('microsoft.graph.edIdentitySource');
$requestedPermissionsIdentityInfo->setSource($requestedPermissionsIdentityInfoSource);
$requestedPermissionsIdentityInfo->setIdentityType(new PermissionsDefinitionIdentityType('user'));
$requestedPermissions->setIdentityInfo($requestedPermissionsIdentityInfo);
$requestedPermissions->setResourceId('/subscriptions/87eefd90-95a3-480a-ba42-56ff299a05ee');
$requestBody->setRequestedPermissions($requestedPermissions);
$requestBody->setJustification('I need to do this because I want to some new azure roles');
$requestBody->setNotes('Pretty Pleaseeeee');
$scheduleInfo = new RequestSchedule();
$scheduleInfoExpiration = new ExpirationPattern();
$scheduleInfoExpiration->setDuration(new \DateInterval('PT1H'));
$scheduleInfo->setExpiration($scheduleInfoExpiration);
$scheduleInfo->setRecurrence(null);
$requestBody->setScheduleInfo($scheduleInfo);
$ticketInfo = new TicketInfo();
$ticketInfo->setTicketNumber('INC1234567');
$ticketInfo->setTicketSystem('ServiceNow');
$ticketInfo->setTicketSubmitterIdentityId('alex@contoso.com');
$ticketInfo->setTicketApproverIdentityId('alexmanager@contoso.com');
$requestBody->setTicketInfo($ticketInfo);
$result = $graphServiceClient->identityGovernance()->permissionsManagement()->scheduledPermissionsRequests()->post($requestBody)->wait();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Import-Module Microsoft.Graph.Beta.Identity.Governance
$params = @{
requestedPermissions = @{
"@odata.type" = "microsoft.graph.singleResourceAzurePermissionsDefinition"
authorizationSystemInfo = @{
authorizationSystemId = "87eefd90-95a3-480a-ba42-56ff299a05ee"
authorizationSystemType = "AZURE"
}
actionInfo = @{
"@odata.type" = "microsoft.graph.azureRolePermissionsDefinitionAction"
roles = @(
@{
id = "cdda3590-29a3-44f6-95f2-9f980659eb04"
}
@{
id = "312a565d-c81f-4fd8-895a-4e21e48d571c"
}
)
}
identityInfo = @{
externalId = "alex@contoso.com"
source = @{
"@odata.type" = "microsoft.graph.edIdentitySource"
}
identityType = "user"
}
resourceId = "/subscriptions/87eefd90-95a3-480a-ba42-56ff299a05ee"
}
justification = "I need to do this because I want to some new azure roles"
notes = "Pretty Pleaseeeee"
scheduleInfo = @{
expiration = @{
duration = "PT1H"
}
recurrence = $null
}
ticketInfo = @{
ticketNumber = "INC1234567"
ticketSystem = "ServiceNow"
ticketSubmitterIdentityId = "alex@contoso.com"
ticketApproverIdentityId = "alexmanager@contoso.com"
}
}
New-MgBetaIdentityGovernancePermissionManagementScheduledPermissionRequest -BodyParameter $params
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.scheduled_permissions_request import ScheduledPermissionsRequest
from msgraph_beta.generated.models.single_resource_azure_permissions_definition import SingleResourceAzurePermissionsDefinition
from msgraph_beta.generated.models.permissions_definition_authorization_system import PermissionsDefinitionAuthorizationSystem
from msgraph_beta.generated.models.azure_role_permissions_definition_action import AzureRolePermissionsDefinitionAction
from msgraph_beta.generated.models.permissions_definition_azure_role import PermissionsDefinitionAzureRole
from msgraph_beta.generated.models.permissions_definition_authorization_system_identity import PermissionsDefinitionAuthorizationSystemIdentity
from msgraph_beta.generated.models.ed_identity_source import EdIdentitySource
from msgraph_beta.generated.models.permissions_definition_identity_type import PermissionsDefinitionIdentityType
from msgraph_beta.generated.models.request_schedule import RequestSchedule
from msgraph_beta.generated.models.expiration_pattern import ExpirationPattern
from msgraph_beta.generated.models.ticket_info import TicketInfo
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = ScheduledPermissionsRequest(
requested_permissions = SingleResourceAzurePermissionsDefinition(
odata_type = "microsoft.graph.singleResourceAzurePermissionsDefinition",
authorization_system_info = PermissionsDefinitionAuthorizationSystem(
authorization_system_id = "87eefd90-95a3-480a-ba42-56ff299a05ee",
authorization_system_type = "AZURE",
),
action_info = AzureRolePermissionsDefinitionAction(
odata_type = "microsoft.graph.azureRolePermissionsDefinitionAction",
roles = [
PermissionsDefinitionAzureRole(
id = "cdda3590-29a3-44f6-95f2-9f980659eb04",
),
PermissionsDefinitionAzureRole(
id = "312a565d-c81f-4fd8-895a-4e21e48d571c",
),
],
),
identity_info = PermissionsDefinitionAuthorizationSystemIdentity(
external_id = "alex@contoso.com",
source = EdIdentitySource(
odata_type = "microsoft.graph.edIdentitySource",
),
identity_type = PermissionsDefinitionIdentityType.User,
),
resource_id = "/subscriptions/87eefd90-95a3-480a-ba42-56ff299a05ee",
),
justification = "I need to do this because I want to some new azure roles",
notes = "Pretty Pleaseeeee",
schedule_info = RequestSchedule(
expiration = ExpirationPattern(
duration = "PT1H",
),
recurrence = None,
),
ticket_info = TicketInfo(
ticket_number = "INC1234567",
ticket_system = "ServiceNow",
ticket_submitter_identity_id = "alex@contoso.com",
ticket_approver_identity_id = "alexmanager@contoso.com",
),
)
result = await graph_client.identity_governance.permissions_management.scheduled_permissions_requests.post(request_body)
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Listar sistemas de autorização do AWS
Liste os sistemas de autorização do AWS integrados no Gerenciamento de Permissões ao filtrar pela propriedade authorizationSystemType.
GET https://graph.microsoft.com/beta/external/authorizationSystems?$filter=authorizationSystemType eq 'aws'
// Code snippets are only available for the latest version. Current version is 5.x
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.External.AuthorizationSystems.GetAsync((requestConfiguration) =>
{
requestConfiguration.QueryParameters.Filter = "authorizationSystemType eq 'aws'";
});
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphexternal "github.com/microsoftgraph/msgraph-beta-sdk-go/external"
//other-imports
)
requestFilter := "authorizationSystemType eq 'aws'"
requestParameters := &graphexternal.ExternalAuthorizationSystemsRequestBuilderGetQueryParameters{
Filter: &requestFilter,
}
configuration := &graphexternal.ExternalAuthorizationSystemsRequestBuilderGetRequestConfiguration{
QueryParameters: requestParameters,
}
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
authorizationSystems, err := graphClient.External().AuthorizationSystems().Get(context.Background(), configuration)
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
AuthorizationSystemCollectionResponse result = graphClient.external().authorizationSystems().get(requestConfiguration -> {
requestConfiguration.queryParameters.filter = "authorizationSystemType eq 'aws'";
});
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
const options = {
authProvider,
};
const client = Client.init(options);
let authorizationSystems = await client.api('/external/authorizationSystems')
.version('beta')
.filter('authorizationSystemType eq \'aws\'')
.get();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\External\AuthorizationSystems\AuthorizationSystemsRequestBuilderGetRequestConfiguration;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestConfiguration = new AuthorizationSystemsRequestBuilderGetRequestConfiguration();
$queryParameters = AuthorizationSystemsRequestBuilderGetRequestConfiguration::createQueryParameters();
$queryParameters->filter = "authorizationSystemType eq 'aws'";
$requestConfiguration->queryParameters = $queryParameters;
$result = $graphServiceClient->external()->authorizationSystems()->get($requestConfiguration)->wait();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.external.authorization_systems.authorization_systems_request_builder import AuthorizationSystemsRequestBuilder
from kiota_abstractions.base_request_configuration import RequestConfiguration
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
query_params = AuthorizationSystemsRequestBuilder.AuthorizationSystemsRequestBuilderGetQueryParameters(
filter = "authorizationSystemType eq 'aws'",
)
request_configuration = RequestConfiguration(
query_parameters = query_params,
)
result = await graph_client.external.authorization_systems.get(request_configuration = request_configuration)
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Listar sistemas de autorização do AWS integrados no Gerenciamento de Permissões.
GET https://graph.microsoft.com/beta/external/authorizationSystems/microsoft.graph.awsAuthorizationSystem
// Code snippets are only available for the latest version. Current version is 5.x
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.External.AuthorizationSystems["{authorizationSystem-id}"].GetAsync();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
//other-imports
)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
authorizationSystems, err := graphClient.External().AuthorizationSystems().ByAuthorizationSystemId("authorizationSystem-id").Get(context.Background(), nil)
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
AuthorizationSystem result = graphClient.external().authorizationSystems().byAuthorizationSystemId("{authorizationSystem-id}").get();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
const options = {
authProvider,
};
const client = Client.init(options);
let awsAuthorizationSystem = await client.api('/external/authorizationSystems/microsoft.graph.awsAuthorizationSystem')
.version('beta')
.get();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$result = $graphServiceClient->external()->authorizationSystems()->byAuthorizationSystemId('authorizationSystem-id')->get()->wait();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
result = await graph_client.external.authorization_systems.by_authorization_system_id('authorizationSystem-id').get()
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Identifique todos os sistemas de autorização do AWS que estejam online e tenham a capacidade de modificação de permissões ativada.
GET https://graph.microsoft.com/beta/external/authorizationSystems?$filter=authorizationSystemType eq 'aws' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/permissionsModificationCapability eq 'enabled' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/status eq 'online'
// Code snippets are only available for the latest version. Current version is 5.x
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.External.AuthorizationSystems.GetAsync((requestConfiguration) =>
{
requestConfiguration.QueryParameters.Filter = "authorizationSystemType eq 'aws' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/permissionsModificationCapability eq 'enabled' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/status eq 'online'";
});
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphexternal "github.com/microsoftgraph/msgraph-beta-sdk-go/external"
//other-imports
)
requestFilter := "authorizationSystemType eq 'aws' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/permissionsModificationCapability eq 'enabled' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/status eq 'online'"
requestParameters := &graphexternal.ExternalAuthorizationSystemsRequestBuilderGetQueryParameters{
Filter: &requestFilter,
}
configuration := &graphexternal.ExternalAuthorizationSystemsRequestBuilderGetRequestConfiguration{
QueryParameters: requestParameters,
}
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
authorizationSystems, err := graphClient.External().AuthorizationSystems().Get(context.Background(), configuration)
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
AuthorizationSystemCollectionResponse result = graphClient.external().authorizationSystems().get(requestConfiguration -> {
requestConfiguration.queryParameters.filter = "authorizationSystemType eq 'aws' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/permissionsModificationCapability eq 'enabled' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/status eq 'online'";
});
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
const options = {
authProvider,
};
const client = Client.init(options);
let authorizationSystems = await client.api('/external/authorizationSystems')
.version('beta')
.filter('authorizationSystemType eq \'aws\' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/permissionsModificationCapability eq \'enabled\' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/status eq \'online\'')
.get();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\External\AuthorizationSystems\AuthorizationSystemsRequestBuilderGetRequestConfiguration;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestConfiguration = new AuthorizationSystemsRequestBuilderGetRequestConfiguration();
$queryParameters = AuthorizationSystemsRequestBuilderGetRequestConfiguration::createQueryParameters();
$queryParameters->filter = "authorizationSystemType eq 'aws' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/permissionsModificationCapability eq 'enabled' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/status eq 'online'";
$requestConfiguration->queryParameters = $queryParameters;
$result = $graphServiceClient->external()->authorizationSystems()->get($requestConfiguration)->wait();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Import-Module Microsoft.Graph.Beta.Search
Get-MgBetaExternalAuthorizationSystem -Filter "authorizationSystemType eq 'aws' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/permissionsModificationCapability eq 'enabled' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/status eq 'online'"
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.external.authorization_systems.authorization_systems_request_builder import AuthorizationSystemsRequestBuilder
from kiota_abstractions.base_request_configuration import RequestConfiguration
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
query_params = AuthorizationSystemsRequestBuilder.AuthorizationSystemsRequestBuilderGetQueryParameters(
filter = "authorizationSystemType eq 'aws' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/permissionsModificationCapability eq 'enabled' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/status eq 'online'",
)
request_configuration = RequestConfiguration(
query_parameters = query_params,
)
result = await graph_client.external.authorization_systems.get(request_configuration = request_configuration)
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Obter identidades num sistema de autorização do AWS
Listar todas as identidades
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/associatedIdentities/all
const options = {
authProvider,
};
const client = Client.init(options);
let all = await client.api('/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/associatedIdentities/all')
.version('beta')
.get();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Obter uma identidade
Por ID da chave primária.
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/associatedIdentities/all/{id}
const options = {
authProvider,
};
const client = Client.init(options);
let awsIdentity = await client.api('/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/associatedIdentities/all/{id}')
.version('beta')
.get();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Por externalId de chave alternativa.
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/associatedIdentities/all(externalId='{externalId}')
Obter funções do AWS
Listar todas as funções do AWS
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/associatedIdentities/roles
const options = {
authProvider,
};
const client = Client.init(options);
let roles = await client.api('/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/associatedIdentities/roles')
.version('beta')
.get();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Obter uma função do AWS
Por ID da função de chave primária.
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/associatedIdentities/roles/{id}
const options = {
authProvider,
};
const client = Client.init(options);
let awsRole = await client.api('/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/associatedIdentities/roles/{id}')
.version('beta')
.get();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Por externalId de chave alternativa.
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/associatedIdentities/roles(externalId='{externalId}')
Obter utilizadores do AWS
Listar todos os utilizadores do AWS
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/associatedIdentities/users
const options = {
authProvider,
};
const client = Client.init(options);
let users = await client.api('/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/associatedIdentities/users')
.version('beta')
.get();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Obter um utilizador do AWS
Por ID de utilizador da chave primária.
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/associatedIdentities/users/{id}
const options = {
authProvider,
};
const client = Client.init(options);
let awsUser = await client.api('/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/associatedIdentities/users/{id}')
.version('beta')
.get();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Por externalId de chave alternativa.
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/associatedIdentities/users(externalId='{externalId}')
const options = {
authProvider,
};
const client = Client.init(options);
let awsUser = await client.api('/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/associatedIdentities/users/{id}')
.version('beta')
.get();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Listar funções assumaveis para um utilizador do AWS
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/associatedIdentities/users/{id}/assumableRoles
const options = {
authProvider,
};
const client = Client.init(options);
let assumableRoles = await client.api('/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/associatedIdentities/users/{id}/assumableRoles')
.version('beta')
.get();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Obter ações
Listar todas as ações
Listar todas as ações.
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/actions
const options = {
authProvider,
};
const client = Client.init(options);
let actions = await client.api('/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/actions')
.version('beta')
.get();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Listar ações para um serviço específico num sistema de autorização do AWS.
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/actions?$filter=service/id eq 'ec2'
const options = {
authProvider,
};
const client = Client.init(options);
let actions = await client.api('/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/actions')
.version('beta')
.filter('service/id eq \'ec2\'')
.get();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Listar ações de eliminação de alto risco para um serviço específico no sistema de autorização do AWS
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/actions?$filter=service/id eq 'ec2' and severity eq 'high' and actionType eq 'delete'
const options = {
authProvider,
};
const client = Client.init(options);
let actions = await client.api('/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/actions')
.version('beta')
.filter('service/id eq \'ec2\' and severity eq \'high\' and actionType eq \'delete\'')
.get();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Obter uma ação
Por ID de ação da chave primária.
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/actions/{id}
const options = {
authProvider,
};
const client = Client.init(options);
let awsAuthorizationSystemTypeAction = await client.api('/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/actions/{id}')
.version('beta')
.get();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Por externalId de chave alternativa.
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/actions(externalId='{externalId}')
Obter políticas
Listar todas as políticas
Listar todas as políticas.
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/policies
const options = {
authProvider,
};
const client = Client.init(options);
let policies = await client.api('/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/policies')
.version('beta')
.get();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Listar todas as políticas que correspondam a um nome de política específico.
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/policies?$filter=displayName eq 'AdministratorAccess'
const options = {
authProvider,
};
const client = Client.init(options);
let policies = await client.api('/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/policies')
.version('beta')
.filter('displayName eq \'AdministratorAccess\'')
.get();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Liste todas as políticas em que o nome da política contém uma cadeia específica.
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/policies?$filter=contains(displayName, 'Buckets')
const options = {
authProvider,
};
const client = Client.init(options);
let policies = await client.api('/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/policies')
.version('beta')
.filter('contains(displayName, \'Buckets\')')
.get();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Listar todas as políticas personalizadas.
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/policies?$filter=type eq 'custom'
Obter uma política
Por ID da política de chave primária.
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/policies/{id}
const options = {
authProvider,
};
const client = Client.init(options);
let awsPolicy = await client.api('/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/policies/{id}')
.version('beta')
.get();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Por externalId de chave alternativa.
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/policies(externalId='{externalId}')
Obter recursos
Listar todos os recursos
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/resources
const options = {
authProvider,
};
const client = Client.init(options);
let resources = await client.api('/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/resources')
.version('beta')
.get();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Obter um recurso
Por ID de recurso de chave primária.
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/resources/{id}
const options = {
authProvider,
};
const client = Client.init(options);
let awsAuthorizationSystemResource = await client.api('/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/resources/{id}')
.version('beta')
.get();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Por externalId de chave alternativa.
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/resources(externalId='{externalId}')
Obter serviços
Listar todos os serviços
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/services
const options = {
authProvider,
};
const client = Client.init(options);
let services = await client.api('/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/services')
.version('beta')
.get();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Obter um serviço
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/services/{id}
const options = {
authProvider,
};
const client = Client.init(options);
let authorizationSystemTypeService = await client.api('/external/authorizationSystems/{id}/microsoft.graph.awsAuthorizationSystem/services/{id}')
.version('beta')
.get();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Pedir uma política do AWS
POST https://graph.microsoft.com/beta/identityGovernance/permissionsManagement/scheduledPermissionsRequests
Content-Type: application/json
{
"requestedPermissions": {
"@odata.type": "#microsoft.graph.awsPermissionsDefinition",
"authorizationSystemInfo": {
"authorizationSystemId": "956987887735",
"authorizationSystemType": "AWS"
},
"actionInfo": {
"@odata.type": "microsoft.graph.awsPolicyPermissionsDefinitionAction",
"policies": [
{
"id": "arn:aws:iam::956987887735:policy/AddUserToGroup"
}
],
"assignToRoleId": "arn:aws:aim::956987887735:role/saml-user"
},
"identityInfo": {
"externalId": "alex@contoso.com",
"source": {
"@odata.type": "microsoft.graph.samlIdentitySource"
},
"identityType": "user"
}
},
"justification": "I need to do this because I want to add a user to a group",
"notes": "Pretty Please",
"scheduleInfo": {
"expiration": {
"duration": "PT1H"
}
},
"ticketInfo": {
"ticketNumber": "INC1234567",
"ticketSystem": "ServiceNow",
"ticketSubmitterIdentityId": "alex@contoso.com",
"ticketApproverIdentityId": "alexmanager@contoso.com"
}
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models;
var requestBody = new ScheduledPermissionsRequest
{
RequestedPermissions = new AwsPermissionsDefinition
{
OdataType = "#microsoft.graph.awsPermissionsDefinition",
AuthorizationSystemInfo = new PermissionsDefinitionAuthorizationSystem
{
AuthorizationSystemId = "956987887735",
AuthorizationSystemType = "AWS",
},
ActionInfo = new AwsPolicyPermissionsDefinitionAction
{
OdataType = "microsoft.graph.awsPolicyPermissionsDefinitionAction",
Policies = new List<PermissionsDefinitionAwsPolicy>
{
new PermissionsDefinitionAwsPolicy
{
Id = "arn:aws:iam::956987887735:policy/AddUserToGroup",
},
},
AssignToRoleId = "arn:aws:aim::956987887735:role/saml-user",
},
IdentityInfo = new PermissionsDefinitionAuthorizationSystemIdentity
{
ExternalId = "alex@contoso.com",
Source = new SamlIdentitySource
{
OdataType = "microsoft.graph.samlIdentitySource",
},
IdentityType = PermissionsDefinitionIdentityType.User,
},
},
Justification = "I need to do this because I want to add a user to a group",
Notes = "Pretty Please",
ScheduleInfo = new RequestSchedule
{
Expiration = new ExpirationPattern
{
Duration = TimeSpan.Parse("PT1H"),
},
},
TicketInfo = new TicketInfo
{
TicketNumber = "INC1234567",
TicketSystem = "ServiceNow",
TicketSubmitterIdentityId = "alex@contoso.com",
TicketApproverIdentityId = "alexmanager@contoso.com",
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.PermissionsManagement.ScheduledPermissionsRequests.PostAsync(requestBody);
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewScheduledPermissionsRequest()
requestedPermissions := graphmodels.NewAwsPermissionsDefinition()
authorizationSystemInfo := graphmodels.NewPermissionsDefinitionAuthorizationSystem()
authorizationSystemId := "956987887735"
authorizationSystemInfo.SetAuthorizationSystemId(&authorizationSystemId)
authorizationSystemType := "AWS"
authorizationSystemInfo.SetAuthorizationSystemType(&authorizationSystemType)
requestedPermissions.SetAuthorizationSystemInfo(authorizationSystemInfo)
actionInfo := graphmodels.NewAwsPolicyPermissionsDefinitionAction()
permissionsDefinitionAwsPolicy := graphmodels.NewPermissionsDefinitionAwsPolicy()
id := "arn:aws:iam::956987887735:policy/AddUserToGroup"
permissionsDefinitionAwsPolicy.SetId(&id)
policies := []graphmodels.PermissionsDefinitionAwsPolicyable {
permissionsDefinitionAwsPolicy,
}
actionInfo.SetPolicies(policies)
assignToRoleId := "arn:aws:aim::956987887735:role/saml-user"
actionInfo.SetAssignToRoleId(&assignToRoleId)
requestedPermissions.SetActionInfo(actionInfo)
identityInfo := graphmodels.NewPermissionsDefinitionAuthorizationSystemIdentity()
externalId := "alex@contoso.com"
identityInfo.SetExternalId(&externalId)
source := graphmodels.NewSamlIdentitySource()
identityInfo.SetSource(source)
identityType := graphmodels.USER_PERMISSIONSDEFINITIONIDENTITYTYPE
identityInfo.SetIdentityType(&identityType)
requestedPermissions.SetIdentityInfo(identityInfo)
requestBody.SetRequestedPermissions(requestedPermissions)
justification := "I need to do this because I want to add a user to a group"
requestBody.SetJustification(&justification)
notes := "Pretty Please"
requestBody.SetNotes(¬es)
scheduleInfo := graphmodels.NewRequestSchedule()
expiration := graphmodels.NewExpirationPattern()
duration , err := abstractions.ParseISODuration("PT1H")
expiration.SetDuration(&duration)
scheduleInfo.SetExpiration(expiration)
requestBody.SetScheduleInfo(scheduleInfo)
ticketInfo := graphmodels.NewTicketInfo()
ticketNumber := "INC1234567"
ticketInfo.SetTicketNumber(&ticketNumber)
ticketSystem := "ServiceNow"
ticketInfo.SetTicketSystem(&ticketSystem)
ticketSubmitterIdentityId := "alex@contoso.com"
ticketInfo.SetTicketSubmitterIdentityId(&ticketSubmitterIdentityId)
ticketApproverIdentityId := "alexmanager@contoso.com"
ticketInfo.SetTicketApproverIdentityId(&ticketApproverIdentityId)
requestBody.SetTicketInfo(ticketInfo)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
scheduledPermissionsRequests, err := graphClient.IdentityGovernance().PermissionsManagement().ScheduledPermissionsRequests().Post(context.Background(), requestBody, nil)
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
ScheduledPermissionsRequest scheduledPermissionsRequest = new ScheduledPermissionsRequest();
AwsPermissionsDefinition requestedPermissions = new AwsPermissionsDefinition();
requestedPermissions.setOdataType("#microsoft.graph.awsPermissionsDefinition");
PermissionsDefinitionAuthorizationSystem authorizationSystemInfo = new PermissionsDefinitionAuthorizationSystem();
authorizationSystemInfo.setAuthorizationSystemId("956987887735");
authorizationSystemInfo.setAuthorizationSystemType("AWS");
requestedPermissions.setAuthorizationSystemInfo(authorizationSystemInfo);
AwsPolicyPermissionsDefinitionAction actionInfo = new AwsPolicyPermissionsDefinitionAction();
actionInfo.setOdataType("microsoft.graph.awsPolicyPermissionsDefinitionAction");
LinkedList<PermissionsDefinitionAwsPolicy> policies = new LinkedList<PermissionsDefinitionAwsPolicy>();
PermissionsDefinitionAwsPolicy permissionsDefinitionAwsPolicy = new PermissionsDefinitionAwsPolicy();
permissionsDefinitionAwsPolicy.setId("arn:aws:iam::956987887735:policy/AddUserToGroup");
policies.add(permissionsDefinitionAwsPolicy);
actionInfo.setPolicies(policies);
actionInfo.setAssignToRoleId("arn:aws:aim::956987887735:role/saml-user");
requestedPermissions.setActionInfo(actionInfo);
PermissionsDefinitionAuthorizationSystemIdentity identityInfo = new PermissionsDefinitionAuthorizationSystemIdentity();
identityInfo.setExternalId("alex@contoso.com");
SamlIdentitySource source = new SamlIdentitySource();
source.setOdataType("microsoft.graph.samlIdentitySource");
identityInfo.setSource(source);
identityInfo.setIdentityType(PermissionsDefinitionIdentityType.User);
requestedPermissions.setIdentityInfo(identityInfo);
scheduledPermissionsRequest.setRequestedPermissions(requestedPermissions);
scheduledPermissionsRequest.setJustification("I need to do this because I want to add a user to a group");
scheduledPermissionsRequest.setNotes("Pretty Please");
RequestSchedule scheduleInfo = new RequestSchedule();
ExpirationPattern expiration = new ExpirationPattern();
PeriodAndDuration duration = PeriodAndDuration.ofDuration(Duration.parse("PT1H"));
expiration.setDuration(duration);
scheduleInfo.setExpiration(expiration);
scheduledPermissionsRequest.setScheduleInfo(scheduleInfo);
TicketInfo ticketInfo = new TicketInfo();
ticketInfo.setTicketNumber("INC1234567");
ticketInfo.setTicketSystem("ServiceNow");
ticketInfo.setTicketSubmitterIdentityId("alex@contoso.com");
ticketInfo.setTicketApproverIdentityId("alexmanager@contoso.com");
scheduledPermissionsRequest.setTicketInfo(ticketInfo);
ScheduledPermissionsRequest result = graphClient.identityGovernance().permissionsManagement().scheduledPermissionsRequests().post(scheduledPermissionsRequest);
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
const options = {
authProvider,
};
const client = Client.init(options);
const scheduledPermissionsRequest = {
requestedPermissions: {
'@odata.type': '#microsoft.graph.awsPermissionsDefinition',
authorizationSystemInfo: {
authorizationSystemId: '956987887735',
authorizationSystemType: 'AWS'
},
actionInfo: {
'@odata.type': 'microsoft.graph.awsPolicyPermissionsDefinitionAction',
policies: [
{
id: 'arn:aws:iam::956987887735:policy/AddUserToGroup'
}
],
assignToRoleId: 'arn:aws:aim::956987887735:role/saml-user'
},
identityInfo: {
externalId: 'alex@contoso.com',
source: {
'@odata.type': 'microsoft.graph.samlIdentitySource'
},
identityType: 'user'
}
},
justification: 'I need to do this because I want to add a user to a group',
notes: 'Pretty Please',
scheduleInfo: {
expiration: {
duration: 'PT1H'
}
},
ticketInfo: {
ticketNumber: 'INC1234567',
ticketSystem: 'ServiceNow',
ticketSubmitterIdentityId: 'alex@contoso.com',
ticketApproverIdentityId: 'alexmanager@contoso.com'
}
};
await client.api('/identityGovernance/permissionsManagement/scheduledPermissionsRequests')
.version('beta')
.post(scheduledPermissionsRequest);
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\ScheduledPermissionsRequest;
use Microsoft\Graph\Beta\Generated\Models\AwsPermissionsDefinition;
use Microsoft\Graph\Beta\Generated\Models\PermissionsDefinitionAuthorizationSystem;
use Microsoft\Graph\Beta\Generated\Models\AwsPolicyPermissionsDefinitionAction;
use Microsoft\Graph\Beta\Generated\Models\PermissionsDefinitionAwsPolicy;
use Microsoft\Graph\Beta\Generated\Models\PermissionsDefinitionAuthorizationSystemIdentity;
use Microsoft\Graph\Beta\Generated\Models\SamlIdentitySource;
use Microsoft\Graph\Beta\Generated\Models\PermissionsDefinitionIdentityType;
use Microsoft\Graph\Beta\Generated\Models\RequestSchedule;
use Microsoft\Graph\Beta\Generated\Models\ExpirationPattern;
use Microsoft\Graph\Beta\Generated\Models\TicketInfo;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new ScheduledPermissionsRequest();
$requestedPermissions = new AwsPermissionsDefinition();
$requestedPermissions->setOdataType('#microsoft.graph.awsPermissionsDefinition');
$requestedPermissionsAuthorizationSystemInfo = new PermissionsDefinitionAuthorizationSystem();
$requestedPermissionsAuthorizationSystemInfo->setAuthorizationSystemId('956987887735');
$requestedPermissionsAuthorizationSystemInfo->setAuthorizationSystemType('AWS');
$requestedPermissions->setAuthorizationSystemInfo($requestedPermissionsAuthorizationSystemInfo);
$requestedPermissionsActionInfo = new AwsPolicyPermissionsDefinitionAction();
$requestedPermissionsActionInfo->setOdataType('microsoft.graph.awsPolicyPermissionsDefinitionAction');
$policiesPermissionsDefinitionAwsPolicy1 = new PermissionsDefinitionAwsPolicy();
$policiesPermissionsDefinitionAwsPolicy1->setId('arn:aws:iam::956987887735:policy/AddUserToGroup');
$policiesArray []= $policiesPermissionsDefinitionAwsPolicy1;
$requestedPermissionsActionInfo->setPolicies($policiesArray);
$requestedPermissionsActionInfo->setAssignToRoleId('arn:aws:aim::956987887735:role/saml-user');
$requestedPermissions->setActionInfo($requestedPermissionsActionInfo);
$requestedPermissionsIdentityInfo = new PermissionsDefinitionAuthorizationSystemIdentity();
$requestedPermissionsIdentityInfo->setExternalId('alex@contoso.com');
$requestedPermissionsIdentityInfoSource = new SamlIdentitySource();
$requestedPermissionsIdentityInfoSource->setOdataType('microsoft.graph.samlIdentitySource');
$requestedPermissionsIdentityInfo->setSource($requestedPermissionsIdentityInfoSource);
$requestedPermissionsIdentityInfo->setIdentityType(new PermissionsDefinitionIdentityType('user'));
$requestedPermissions->setIdentityInfo($requestedPermissionsIdentityInfo);
$requestBody->setRequestedPermissions($requestedPermissions);
$requestBody->setJustification('I need to do this because I want to add a user to a group');
$requestBody->setNotes('Pretty Please');
$scheduleInfo = new RequestSchedule();
$scheduleInfoExpiration = new ExpirationPattern();
$scheduleInfoExpiration->setDuration(new \DateInterval('PT1H'));
$scheduleInfo->setExpiration($scheduleInfoExpiration);
$requestBody->setScheduleInfo($scheduleInfo);
$ticketInfo = new TicketInfo();
$ticketInfo->setTicketNumber('INC1234567');
$ticketInfo->setTicketSystem('ServiceNow');
$ticketInfo->setTicketSubmitterIdentityId('alex@contoso.com');
$ticketInfo->setTicketApproverIdentityId('alexmanager@contoso.com');
$requestBody->setTicketInfo($ticketInfo);
$result = $graphServiceClient->identityGovernance()->permissionsManagement()->scheduledPermissionsRequests()->post($requestBody)->wait();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Import-Module Microsoft.Graph.Beta.Identity.Governance
$params = @{
requestedPermissions = @{
"@odata.type" = "#microsoft.graph.awsPermissionsDefinition"
authorizationSystemInfo = @{
authorizationSystemId = "956987887735"
authorizationSystemType = "AWS"
}
actionInfo = @{
"@odata.type" = "microsoft.graph.awsPolicyPermissionsDefinitionAction"
policies = @(
@{
id = "arn:aws:iam::956987887735:policy/AddUserToGroup"
}
)
assignToRoleId = "arn:aws:aim::956987887735:role/saml-user"
}
identityInfo = @{
externalId = "alex@contoso.com"
source = @{
"@odata.type" = "microsoft.graph.samlIdentitySource"
}
identityType = "user"
}
}
justification = "I need to do this because I want to add a user to a group"
notes = "Pretty Please"
scheduleInfo = @{
expiration = @{
duration = "PT1H"
}
}
ticketInfo = @{
ticketNumber = "INC1234567"
ticketSystem = "ServiceNow"
ticketSubmitterIdentityId = "alex@contoso.com"
ticketApproverIdentityId = "alexmanager@contoso.com"
}
}
New-MgBetaIdentityGovernancePermissionManagementScheduledPermissionRequest -BodyParameter $params
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.scheduled_permissions_request import ScheduledPermissionsRequest
from msgraph_beta.generated.models.aws_permissions_definition import AwsPermissionsDefinition
from msgraph_beta.generated.models.permissions_definition_authorization_system import PermissionsDefinitionAuthorizationSystem
from msgraph_beta.generated.models.aws_policy_permissions_definition_action import AwsPolicyPermissionsDefinitionAction
from msgraph_beta.generated.models.permissions_definition_aws_policy import PermissionsDefinitionAwsPolicy
from msgraph_beta.generated.models.permissions_definition_authorization_system_identity import PermissionsDefinitionAuthorizationSystemIdentity
from msgraph_beta.generated.models.saml_identity_source import SamlIdentitySource
from msgraph_beta.generated.models.permissions_definition_identity_type import PermissionsDefinitionIdentityType
from msgraph_beta.generated.models.request_schedule import RequestSchedule
from msgraph_beta.generated.models.expiration_pattern import ExpirationPattern
from msgraph_beta.generated.models.ticket_info import TicketInfo
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = ScheduledPermissionsRequest(
requested_permissions = AwsPermissionsDefinition(
odata_type = "#microsoft.graph.awsPermissionsDefinition",
authorization_system_info = PermissionsDefinitionAuthorizationSystem(
authorization_system_id = "956987887735",
authorization_system_type = "AWS",
),
action_info = AwsPolicyPermissionsDefinitionAction(
odata_type = "microsoft.graph.awsPolicyPermissionsDefinitionAction",
policies = [
PermissionsDefinitionAwsPolicy(
id = "arn:aws:iam::956987887735:policy/AddUserToGroup",
),
],
assign_to_role_id = "arn:aws:aim::956987887735:role/saml-user",
),
identity_info = PermissionsDefinitionAuthorizationSystemIdentity(
external_id = "alex@contoso.com",
source = SamlIdentitySource(
odata_type = "microsoft.graph.samlIdentitySource",
),
identity_type = PermissionsDefinitionIdentityType.User,
),
),
justification = "I need to do this because I want to add a user to a group",
notes = "Pretty Please",
schedule_info = RequestSchedule(
expiration = ExpirationPattern(
duration = "PT1H",
),
),
ticket_info = TicketInfo(
ticket_number = "INC1234567",
ticket_system = "ServiceNow",
ticket_submitter_identity_id = "alex@contoso.com",
ticket_approver_identity_id = "alexmanager@contoso.com",
),
)
result = await graph_client.identity_governance.permissions_management.scheduled_permissions_requests.post(request_body)
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Pedir uma ação do AWS
POST https://graph.microsoft.com/beta/identityGovernance/permissionsManagement/scheduledPermissionsRequests
Content-Type: application/json
{
"requestedPermissions": {
"@odata.type": "microsoft.graph.awsPermissionsDefinition",
"authorizationSystemInfo": {
"authorizationSystemId": "956987887735",
"authorizationSystemType": "AWS"
},
"actionInfo": {
"@odata.type": "microsoft.graph.awsActionsPermissionsDefinitionAction",
"statements": [
{
"statementId": "test1",
"actions": ["s3:AbortMultipartUpload", "s3:CreateBucket"],
"notActions": [],
"resources": ["*"],
"notResources": [],
"effect": "allow",
"condition": {
"NumericLessThanEquals": { "aws:MultiFactorAuthAge": "3600" }
}
},
{
"statementId": "test2",
"actions": ["s3:Delete:*"],
"notActions": [],
"resources": ["*"],
"notResources": [],
"effect": "allow",
"condition": {
"NumericLessThanEquals": { "aws:MultiFactorAuthAge": "3600" }
}
}
],
"assignToRoleId": "arn:aws:iam::956987887735:role/ck-saml-power-user"
},
"identityInfo": {
"externalId": "rsn:alex@contoso.com",
"source": {
"@odata.type": "microsoft.graph.samlIdentitySource"
},
"identityType": "user"
}
},
"justification": "I need to do this because I want to access S3 resources",
"notes": "Please",
"scheduleInfo": {
"startDateTime": "2023-02-08T12:15:00Z",
"expiration": {
"duration": "PT1H"
},
"recurrence": {
"pattern": {
"dayOfMonth": 5,
"daysOfWeek": [],
"interval": 1,
"reccurencePatternType": "absoluteMonthly"
},
"range": {
"startDate": "2023-02-08",
"reccurenceRangeType": "noEnd"
}
}
},
"ticketInfo": {
"ticketNumber": "INC1234567",
"ticketSystem": "ServiceNow",
"ticketSubmitterIdentityId": "alex@contoso.com",
"ticketApproverIdentityId": "alexmanager@contoso.com"
}
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models;
using Microsoft.Kiota.Abstractions.Serialization;
var requestBody = new ScheduledPermissionsRequest
{
RequestedPermissions = new AwsPermissionsDefinition
{
OdataType = "microsoft.graph.awsPermissionsDefinition",
AuthorizationSystemInfo = new PermissionsDefinitionAuthorizationSystem
{
AuthorizationSystemId = "956987887735",
AuthorizationSystemType = "AWS",
},
ActionInfo = new AwsActionsPermissionsDefinitionAction
{
OdataType = "microsoft.graph.awsActionsPermissionsDefinitionAction",
Statements = new List<AwsStatement>
{
new AwsStatement
{
StatementId = "test1",
Actions = new List<string>
{
"s3:AbortMultipartUpload",
"s3:CreateBucket",
},
NotActions = new List<string>
{
},
Resources = new List<string>
{
"*",
},
NotResources = new List<string>
{
},
Effect = AwsStatementEffect.Allow,
Condition = new AwsCondition
{
AdditionalData = new Dictionary<string, object>
{
{
"NumericLessThanEquals" , new UntypedObject(new Dictionary<string, UntypedNode>
{
{
"aws:MultiFactorAuthAge", new UntypedString("3600")
},
})
},
},
},
},
new AwsStatement
{
StatementId = "test2",
Actions = new List<string>
{
"s3:Delete:*",
},
NotActions = new List<string>
{
},
Resources = new List<string>
{
"*",
},
NotResources = new List<string>
{
},
Effect = AwsStatementEffect.Allow,
Condition = new AwsCondition
{
AdditionalData = new Dictionary<string, object>
{
{
"NumericLessThanEquals" , new UntypedObject(new Dictionary<string, UntypedNode>
{
{
"aws:MultiFactorAuthAge", new UntypedString("3600")
},
})
},
},
},
},
},
AssignToRoleId = "arn:aws:iam::956987887735:role/ck-saml-power-user",
},
IdentityInfo = new PermissionsDefinitionAuthorizationSystemIdentity
{
ExternalId = "rsn:alex@contoso.com",
Source = new SamlIdentitySource
{
OdataType = "microsoft.graph.samlIdentitySource",
},
IdentityType = PermissionsDefinitionIdentityType.User,
},
},
Justification = "I need to do this because I want to access S3 resources",
Notes = "Please",
ScheduleInfo = new RequestSchedule
{
StartDateTime = DateTimeOffset.Parse("2023-02-08T12:15:00Z"),
Expiration = new ExpirationPattern
{
Duration = TimeSpan.Parse("PT1H"),
},
Recurrence = new PatternedRecurrence
{
Pattern = new RecurrencePattern
{
DayOfMonth = 5,
DaysOfWeek = new List<DayOfWeekObject>
{
},
Interval = 1,
AdditionalData = new Dictionary<string, object>
{
{
"reccurencePatternType" , "absoluteMonthly"
},
},
},
Range = new RecurrenceRange
{
StartDate = new Date(DateTime.Parse("2023-02-08")),
AdditionalData = new Dictionary<string, object>
{
{
"reccurenceRangeType" , "noEnd"
},
},
},
},
},
TicketInfo = new TicketInfo
{
TicketNumber = "INC1234567",
TicketSystem = "ServiceNow",
TicketSubmitterIdentityId = "alex@contoso.com",
TicketApproverIdentityId = "alexmanager@contoso.com",
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.PermissionsManagement.ScheduledPermissionsRequests.PostAsync(requestBody);
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewScheduledPermissionsRequest()
requestedPermissions := graphmodels.NewAwsPermissionsDefinition()
authorizationSystemInfo := graphmodels.NewPermissionsDefinitionAuthorizationSystem()
authorizationSystemId := "956987887735"
authorizationSystemInfo.SetAuthorizationSystemId(&authorizationSystemId)
authorizationSystemType := "AWS"
authorizationSystemInfo.SetAuthorizationSystemType(&authorizationSystemType)
requestedPermissions.SetAuthorizationSystemInfo(authorizationSystemInfo)
actionInfo := graphmodels.NewAwsActionsPermissionsDefinitionAction()
awsStatement := graphmodels.NewAwsStatement()
statementId := "test1"
awsStatement.SetStatementId(&statementId)
actions := []string {
"s3:AbortMultipartUpload",
"s3:CreateBucket",
}
awsStatement.SetActions(actions)
notActions := []string {
}
awsStatement.SetNotActions(notActions)
resources := []string {
"*",
}
awsStatement.SetResources(resources)
notResources := []string {
}
awsStatement.SetNotResources(notResources)
effect := graphmodels.ALLOW_AWSSTATEMENTEFFECT
awsStatement.SetEffect(&effect)
condition := graphmodels.NewAwsCondition()
additionalData := map[string]interface{}{
numericLessThanEquals := graph.New()
aws:MultiFactorAuthAge := "3600"
numericLessThanEquals.SetAws:MultiFactorAuthAge(&aws:MultiFactorAuthAge)
condition.SetNumericLessThanEquals(numericLessThanEquals)
}
condition.SetAdditionalData(additionalData)
awsStatement.SetCondition(condition)
awsStatement1 := graphmodels.NewAwsStatement()
statementId := "test2"
awsStatement1.SetStatementId(&statementId)
actions := []string {
"s3:Delete:*",
}
awsStatement1.SetActions(actions)
notActions := []string {
}
awsStatement1.SetNotActions(notActions)
resources := []string {
"*",
}
awsStatement1.SetResources(resources)
notResources := []string {
}
awsStatement1.SetNotResources(notResources)
effect := graphmodels.ALLOW_AWSSTATEMENTEFFECT
awsStatement1.SetEffect(&effect)
condition := graphmodels.NewAwsCondition()
additionalData := map[string]interface{}{
numericLessThanEquals := graph.New()
aws:MultiFactorAuthAge := "3600"
numericLessThanEquals.SetAws:MultiFactorAuthAge(&aws:MultiFactorAuthAge)
condition.SetNumericLessThanEquals(numericLessThanEquals)
}
condition.SetAdditionalData(additionalData)
awsStatement1.SetCondition(condition)
statements := []graphmodels.AwsStatementable {
awsStatement,
awsStatement1,
}
actionInfo.SetStatements(statements)
assignToRoleId := "arn:aws:iam::956987887735:role/ck-saml-power-user"
actionInfo.SetAssignToRoleId(&assignToRoleId)
requestedPermissions.SetActionInfo(actionInfo)
identityInfo := graphmodels.NewPermissionsDefinitionAuthorizationSystemIdentity()
externalId := "rsn:alex@contoso.com"
identityInfo.SetExternalId(&externalId)
source := graphmodels.NewSamlIdentitySource()
identityInfo.SetSource(source)
identityType := graphmodels.USER_PERMISSIONSDEFINITIONIDENTITYTYPE
identityInfo.SetIdentityType(&identityType)
requestedPermissions.SetIdentityInfo(identityInfo)
requestBody.SetRequestedPermissions(requestedPermissions)
justification := "I need to do this because I want to access S3 resources"
requestBody.SetJustification(&justification)
notes := "Please"
requestBody.SetNotes(¬es)
scheduleInfo := graphmodels.NewRequestSchedule()
startDateTime , err := time.Parse(time.RFC3339, "2023-02-08T12:15:00Z")
scheduleInfo.SetStartDateTime(&startDateTime)
expiration := graphmodels.NewExpirationPattern()
duration , err := abstractions.ParseISODuration("PT1H")
expiration.SetDuration(&duration)
scheduleInfo.SetExpiration(expiration)
recurrence := graphmodels.NewPatternedRecurrence()
pattern := graphmodels.NewRecurrencePattern()
dayOfMonth := int32(5)
pattern.SetDayOfMonth(&dayOfMonth)
daysOfWeek := []graphmodels.DayOfWeekable {
}
pattern.SetDaysOfWeek(daysOfWeek)
interval := int32(1)
pattern.SetInterval(&interval)
additionalData := map[string]interface{}{
"reccurencePatternType" : "absoluteMonthly",
}
pattern.SetAdditionalData(additionalData)
recurrence.SetPattern(pattern)
range := graphmodels.NewRecurrenceRange()
startDate := 2023-02-08
range.SetStartDate(&startDate)
additionalData := map[string]interface{}{
"reccurenceRangeType" : "noEnd",
}
range.SetAdditionalData(additionalData)
recurrence.SetRange(range)
scheduleInfo.SetRecurrence(recurrence)
requestBody.SetScheduleInfo(scheduleInfo)
ticketInfo := graphmodels.NewTicketInfo()
ticketNumber := "INC1234567"
ticketInfo.SetTicketNumber(&ticketNumber)
ticketSystem := "ServiceNow"
ticketInfo.SetTicketSystem(&ticketSystem)
ticketSubmitterIdentityId := "alex@contoso.com"
ticketInfo.SetTicketSubmitterIdentityId(&ticketSubmitterIdentityId)
ticketApproverIdentityId := "alexmanager@contoso.com"
ticketInfo.SetTicketApproverIdentityId(&ticketApproverIdentityId)
requestBody.SetTicketInfo(ticketInfo)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
scheduledPermissionsRequests, err := graphClient.IdentityGovernance().PermissionsManagement().ScheduledPermissionsRequests().Post(context.Background(), requestBody, nil)
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
ScheduledPermissionsRequest scheduledPermissionsRequest = new ScheduledPermissionsRequest();
AwsPermissionsDefinition requestedPermissions = new AwsPermissionsDefinition();
requestedPermissions.setOdataType("microsoft.graph.awsPermissionsDefinition");
PermissionsDefinitionAuthorizationSystem authorizationSystemInfo = new PermissionsDefinitionAuthorizationSystem();
authorizationSystemInfo.setAuthorizationSystemId("956987887735");
authorizationSystemInfo.setAuthorizationSystemType("AWS");
requestedPermissions.setAuthorizationSystemInfo(authorizationSystemInfo);
AwsActionsPermissionsDefinitionAction actionInfo = new AwsActionsPermissionsDefinitionAction();
actionInfo.setOdataType("microsoft.graph.awsActionsPermissionsDefinitionAction");
LinkedList<AwsStatement> statements = new LinkedList<AwsStatement>();
AwsStatement awsStatement = new AwsStatement();
awsStatement.setStatementId("test1");
LinkedList<String> actions = new LinkedList<String>();
actions.add("s3:AbortMultipartUpload");
actions.add("s3:CreateBucket");
awsStatement.setActions(actions);
LinkedList<String> notActions = new LinkedList<String>();
awsStatement.setNotActions(notActions);
LinkedList<String> resources = new LinkedList<String>();
resources.add("*");
awsStatement.setResources(resources);
LinkedList<String> notResources = new LinkedList<String>();
awsStatement.setNotResources(notResources);
awsStatement.setEffect(AwsStatementEffect.Allow);
AwsCondition condition = new AwsCondition();
HashMap<String, Object> additionalData = new HashMap<String, Object>();
numericLessThanEquals = new ();
numericLessThanEquals.setAwsMultiFactorAuthAge("3600");
additionalData.put("NumericLessThanEquals", numericLessThanEquals);
condition.setAdditionalData(additionalData);
awsStatement.setCondition(condition);
statements.add(awsStatement);
AwsStatement awsStatement1 = new AwsStatement();
awsStatement1.setStatementId("test2");
LinkedList<String> actions1 = new LinkedList<String>();
actions1.add("s3:Delete:*");
awsStatement1.setActions(actions1);
LinkedList<String> notActions1 = new LinkedList<String>();
awsStatement1.setNotActions(notActions1);
LinkedList<String> resources1 = new LinkedList<String>();
resources1.add("*");
awsStatement1.setResources(resources1);
LinkedList<String> notResources1 = new LinkedList<String>();
awsStatement1.setNotResources(notResources1);
awsStatement1.setEffect(AwsStatementEffect.Allow);
AwsCondition condition1 = new AwsCondition();
HashMap<String, Object> additionalData1 = new HashMap<String, Object>();
numericLessThanEquals1 = new ();
numericLessThanEquals1.setAwsMultiFactorAuthAge("3600");
additionalData1.put("NumericLessThanEquals", numericLessThanEquals1);
condition1.setAdditionalData(additionalData1);
awsStatement1.setCondition(condition1);
statements.add(awsStatement1);
actionInfo.setStatements(statements);
actionInfo.setAssignToRoleId("arn:aws:iam::956987887735:role/ck-saml-power-user");
requestedPermissions.setActionInfo(actionInfo);
PermissionsDefinitionAuthorizationSystemIdentity identityInfo = new PermissionsDefinitionAuthorizationSystemIdentity();
identityInfo.setExternalId("rsn:alex@contoso.com");
SamlIdentitySource source = new SamlIdentitySource();
source.setOdataType("microsoft.graph.samlIdentitySource");
identityInfo.setSource(source);
identityInfo.setIdentityType(PermissionsDefinitionIdentityType.User);
requestedPermissions.setIdentityInfo(identityInfo);
scheduledPermissionsRequest.setRequestedPermissions(requestedPermissions);
scheduledPermissionsRequest.setJustification("I need to do this because I want to access S3 resources");
scheduledPermissionsRequest.setNotes("Please");
RequestSchedule scheduleInfo = new RequestSchedule();
OffsetDateTime startDateTime = OffsetDateTime.parse("2023-02-08T12:15:00Z");
scheduleInfo.setStartDateTime(startDateTime);
ExpirationPattern expiration = new ExpirationPattern();
PeriodAndDuration duration = PeriodAndDuration.ofDuration(Duration.parse("PT1H"));
expiration.setDuration(duration);
scheduleInfo.setExpiration(expiration);
PatternedRecurrence recurrence = new PatternedRecurrence();
RecurrencePattern pattern = new RecurrencePattern();
pattern.setDayOfMonth(5);
LinkedList<DayOfWeek> daysOfWeek = new LinkedList<DayOfWeek>();
pattern.setDaysOfWeek(daysOfWeek);
pattern.setInterval(1);
HashMap<String, Object> additionalData2 = new HashMap<String, Object>();
additionalData2.put("reccurencePatternType", "absoluteMonthly");
pattern.setAdditionalData(additionalData2);
recurrence.setPattern(pattern);
RecurrenceRange range = new RecurrenceRange();
LocalDate startDate = LocalDate.parse("2023-02-08");
range.setStartDate(startDate);
HashMap<String, Object> additionalData3 = new HashMap<String, Object>();
additionalData3.put("reccurenceRangeType", "noEnd");
range.setAdditionalData(additionalData3);
recurrence.setRange(range);
scheduleInfo.setRecurrence(recurrence);
scheduledPermissionsRequest.setScheduleInfo(scheduleInfo);
TicketInfo ticketInfo = new TicketInfo();
ticketInfo.setTicketNumber("INC1234567");
ticketInfo.setTicketSystem("ServiceNow");
ticketInfo.setTicketSubmitterIdentityId("alex@contoso.com");
ticketInfo.setTicketApproverIdentityId("alexmanager@contoso.com");
scheduledPermissionsRequest.setTicketInfo(ticketInfo);
ScheduledPermissionsRequest result = graphClient.identityGovernance().permissionsManagement().scheduledPermissionsRequests().post(scheduledPermissionsRequest);
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
const options = {
authProvider,
};
const client = Client.init(options);
const scheduledPermissionsRequest = {
requestedPermissions: {
'@odata.type': 'microsoft.graph.awsPermissionsDefinition',
authorizationSystemInfo: {
authorizationSystemId: '956987887735',
authorizationSystemType: 'AWS'
},
actionInfo: {
'@odata.type': 'microsoft.graph.awsActionsPermissionsDefinitionAction',
statements: [
{
statementId: 'test1',
actions: ['s3:AbortMultipartUpload', 's3:CreateBucket'],
notActions: [],
resources: ['*'],
notResources: [],
effect: 'allow',
condition: {
NumericLessThanEquals: { 'aws:MultiFactorAuthAge': '3600' }
}
},
{
statementId: 'test2',
actions: ['s3:Delete:*'],
notActions: [],
resources: ['*'],
notResources: [],
effect: 'allow',
condition: {
NumericLessThanEquals: { 'aws:MultiFactorAuthAge': '3600' }
}
}
],
assignToRoleId: 'arn:aws:iam::956987887735:role/ck-saml-power-user'
},
identityInfo: {
externalId: 'rsn:alex@contoso.com',
source: {
'@odata.type': 'microsoft.graph.samlIdentitySource'
},
identityType: 'user'
}
},
justification: 'I need to do this because I want to access S3 resources',
notes: 'Please',
scheduleInfo: {
startDateTime: '2023-02-08T12:15:00Z',
expiration: {
duration: 'PT1H'
},
recurrence: {
pattern: {
dayOfMonth: 5,
daysOfWeek: [],
interval: 1,
reccurencePatternType: 'absoluteMonthly'
},
range: {
startDate: '2023-02-08',
reccurenceRangeType: 'noEnd'
}
}
},
ticketInfo: {
ticketNumber: 'INC1234567',
ticketSystem: 'ServiceNow',
ticketSubmitterIdentityId: 'alex@contoso.com',
ticketApproverIdentityId: 'alexmanager@contoso.com'
}
};
await client.api('/identityGovernance/permissionsManagement/scheduledPermissionsRequests')
.version('beta')
.post(scheduledPermissionsRequest);
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\ScheduledPermissionsRequest;
use Microsoft\Graph\Beta\Generated\Models\AwsPermissionsDefinition;
use Microsoft\Graph\Beta\Generated\Models\PermissionsDefinitionAuthorizationSystem;
use Microsoft\Graph\Beta\Generated\Models\AwsActionsPermissionsDefinitionAction;
use Microsoft\Graph\Beta\Generated\Models\AwsStatement;
use Microsoft\Graph\Beta\Generated\Models\AwsStatementEffect;
use Microsoft\Graph\Beta\Generated\Models\AwsCondition;
use Microsoft\Graph\Beta\Generated\Models\PermissionsDefinitionAuthorizationSystemIdentity;
use Microsoft\Graph\Beta\Generated\Models\SamlIdentitySource;
use Microsoft\Graph\Beta\Generated\Models\PermissionsDefinitionIdentityType;
use Microsoft\Graph\Beta\Generated\Models\RequestSchedule;
use Microsoft\Graph\Beta\Generated\Models\ExpirationPattern;
use Microsoft\Graph\Beta\Generated\Models\PatternedRecurrence;
use Microsoft\Graph\Beta\Generated\Models\RecurrencePattern;
use Microsoft\Graph\Beta\Generated\Models\DayOfWeek;
use Microsoft\Graph\Beta\Generated\Models\RecurrenceRange;
use Microsoft\Kiota\Abstractions\Types\Date;
use Microsoft\Graph\Beta\Generated\Models\TicketInfo;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new ScheduledPermissionsRequest();
$requestedPermissions = new AwsPermissionsDefinition();
$requestedPermissions->setOdataType('microsoft.graph.awsPermissionsDefinition');
$requestedPermissionsAuthorizationSystemInfo = new PermissionsDefinitionAuthorizationSystem();
$requestedPermissionsAuthorizationSystemInfo->setAuthorizationSystemId('956987887735');
$requestedPermissionsAuthorizationSystemInfo->setAuthorizationSystemType('AWS');
$requestedPermissions->setAuthorizationSystemInfo($requestedPermissionsAuthorizationSystemInfo);
$requestedPermissionsActionInfo = new AwsActionsPermissionsDefinitionAction();
$requestedPermissionsActionInfo->setOdataType('microsoft.graph.awsActionsPermissionsDefinitionAction');
$statementsAwsStatement1 = new AwsStatement();
$statementsAwsStatement1->setStatementId('test1');
$statementsAwsStatement1->setActions(['s3:AbortMultipartUpload', 's3:CreateBucket', ]);
$statementsAwsStatement1->setNotActions([ ]);
$statementsAwsStatement1->setResources(['*', ]);
$statementsAwsStatement1->setNotResources([ ]);
$statementsAwsStatement1->setEffect(new AwsStatementEffect('allow'));
$statementsAwsStatement1Condition = new AwsCondition();
$additionalData = [
'NumericLessThanEquals' => [
'aws:MultiFactorAuthAge' => '3600',
],
];
$statementsAwsStatement1Condition->setAdditionalData($additionalData);
$statementsAwsStatement1->setCondition($statementsAwsStatement1Condition);
$statementsArray []= $statementsAwsStatement1;
$statementsAwsStatement2 = new AwsStatement();
$statementsAwsStatement2->setStatementId('test2');
$statementsAwsStatement2->setActions(['s3:Delete:*', ]);
$statementsAwsStatement2->setNotActions([ ]);
$statementsAwsStatement2->setResources(['*', ]);
$statementsAwsStatement2->setNotResources([ ]);
$statementsAwsStatement2->setEffect(new AwsStatementEffect('allow'));
$statementsAwsStatement2Condition = new AwsCondition();
$additionalData = [
'NumericLessThanEquals' => [
'aws:MultiFactorAuthAge' => '3600',
],
];
$statementsAwsStatement2Condition->setAdditionalData($additionalData);
$statementsAwsStatement2->setCondition($statementsAwsStatement2Condition);
$statementsArray []= $statementsAwsStatement2;
$requestedPermissionsActionInfo->setStatements($statementsArray);
$requestedPermissionsActionInfo->setAssignToRoleId('arn:aws:iam::956987887735:role/ck-saml-power-user');
$requestedPermissions->setActionInfo($requestedPermissionsActionInfo);
$requestedPermissionsIdentityInfo = new PermissionsDefinitionAuthorizationSystemIdentity();
$requestedPermissionsIdentityInfo->setExternalId('rsn:alex@contoso.com');
$requestedPermissionsIdentityInfoSource = new SamlIdentitySource();
$requestedPermissionsIdentityInfoSource->setOdataType('microsoft.graph.samlIdentitySource');
$requestedPermissionsIdentityInfo->setSource($requestedPermissionsIdentityInfoSource);
$requestedPermissionsIdentityInfo->setIdentityType(new PermissionsDefinitionIdentityType('user'));
$requestedPermissions->setIdentityInfo($requestedPermissionsIdentityInfo);
$requestBody->setRequestedPermissions($requestedPermissions);
$requestBody->setJustification('I need to do this because I want to access S3 resources');
$requestBody->setNotes('Please');
$scheduleInfo = new RequestSchedule();
$scheduleInfo->setStartDateTime(new \DateTime('2023-02-08T12:15:00Z'));
$scheduleInfoExpiration = new ExpirationPattern();
$scheduleInfoExpiration->setDuration(new \DateInterval('PT1H'));
$scheduleInfo->setExpiration($scheduleInfoExpiration);
$scheduleInfoRecurrence = new PatternedRecurrence();
$scheduleInfoRecurrencePattern = new RecurrencePattern();
$scheduleInfoRecurrencePattern->setDayOfMonth(5);
$scheduleInfoRecurrencePattern->setDaysOfWeek([]);
$scheduleInfoRecurrencePattern->setInterval(1);
$additionalData = [
'reccurencePatternType' => 'absoluteMonthly',
];
$scheduleInfoRecurrencePattern->setAdditionalData($additionalData);
$scheduleInfoRecurrence->setPattern($scheduleInfoRecurrencePattern);
$scheduleInfoRecurrenceRange = new RecurrenceRange();
$scheduleInfoRecurrenceRange->setStartDate(new Date('2023-02-08'));
$additionalData = [
'reccurenceRangeType' => 'noEnd',
];
$scheduleInfoRecurrenceRange->setAdditionalData($additionalData);
$scheduleInfoRecurrence->setRange($scheduleInfoRecurrenceRange);
$scheduleInfo->setRecurrence($scheduleInfoRecurrence);
$requestBody->setScheduleInfo($scheduleInfo);
$ticketInfo = new TicketInfo();
$ticketInfo->setTicketNumber('INC1234567');
$ticketInfo->setTicketSystem('ServiceNow');
$ticketInfo->setTicketSubmitterIdentityId('alex@contoso.com');
$ticketInfo->setTicketApproverIdentityId('alexmanager@contoso.com');
$requestBody->setTicketInfo($ticketInfo);
$result = $graphServiceClient->identityGovernance()->permissionsManagement()->scheduledPermissionsRequests()->post($requestBody)->wait();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Import-Module Microsoft.Graph.Beta.Identity.Governance
$params = @{
requestedPermissions = @{
"@odata.type" = "microsoft.graph.awsPermissionsDefinition"
authorizationSystemInfo = @{
authorizationSystemId = "956987887735"
authorizationSystemType = "AWS"
}
actionInfo = @{
"@odata.type" = "microsoft.graph.awsActionsPermissionsDefinitionAction"
statements = @(
@{
statementId = "test1"
actions = @(
"s3:AbortMultipartUpload"
"s3:CreateBucket"
)
notActions = @(
)
resources = @(
"*"
)
notResources = @(
)
effect = "allow"
condition = @{
NumericLessThanEquals = @{
"aws:MultiFactorAuthAge" = "3600"
}
}
}
@{
statementId = "test2"
actions = @(
"s3:Delete:*"
)
notActions = @(
)
resources = @(
"*"
)
notResources = @(
)
effect = "allow"
condition = @{
NumericLessThanEquals = @{
"aws:MultiFactorAuthAge" = "3600"
}
}
}
)
assignToRoleId = "arn:aws:iam::956987887735:role/ck-saml-power-user"
}
identityInfo = @{
externalId = "rsn:alex@contoso.com"
source = @{
"@odata.type" = "microsoft.graph.samlIdentitySource"
}
identityType = "user"
}
}
justification = "I need to do this because I want to access S3 resources"
notes = "Please"
scheduleInfo = @{
startDateTime = [System.DateTime]::Parse("2023-02-08T12:15:00Z")
expiration = @{
duration = "PT1H"
}
recurrence = @{
pattern = @{
dayOfMonth = 5
daysOfWeek = @(
)
interval = 1
reccurencePatternType = "absoluteMonthly"
}
range = @{
startDate = "2023-02-08"
reccurenceRangeType = "noEnd"
}
}
}
ticketInfo = @{
ticketNumber = "INC1234567"
ticketSystem = "ServiceNow"
ticketSubmitterIdentityId = "alex@contoso.com"
ticketApproverIdentityId = "alexmanager@contoso.com"
}
}
New-MgBetaIdentityGovernancePermissionManagementScheduledPermissionRequest -BodyParameter $params
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.scheduled_permissions_request import ScheduledPermissionsRequest
from msgraph_beta.generated.models.aws_permissions_definition import AwsPermissionsDefinition
from msgraph_beta.generated.models.permissions_definition_authorization_system import PermissionsDefinitionAuthorizationSystem
from msgraph_beta.generated.models.aws_actions_permissions_definition_action import AwsActionsPermissionsDefinitionAction
from msgraph_beta.generated.models.aws_statement import AwsStatement
from msgraph_beta.generated.models.aws_statement_effect import AwsStatementEffect
from msgraph_beta.generated.models.aws_condition import AwsCondition
from msgraph_beta.generated.models.permissions_definition_authorization_system_identity import PermissionsDefinitionAuthorizationSystemIdentity
from msgraph_beta.generated.models.saml_identity_source import SamlIdentitySource
from msgraph_beta.generated.models.permissions_definition_identity_type import PermissionsDefinitionIdentityType
from msgraph_beta.generated.models.request_schedule import RequestSchedule
from msgraph_beta.generated.models.expiration_pattern import ExpirationPattern
from msgraph_beta.generated.models.patterned_recurrence import PatternedRecurrence
from msgraph_beta.generated.models.recurrence_pattern import RecurrencePattern
from msgraph_beta.generated.models.day_of_week import DayOfWeek
from msgraph_beta.generated.models.recurrence_range import RecurrenceRange
from msgraph_beta.generated.models.ticket_info import TicketInfo
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = ScheduledPermissionsRequest(
requested_permissions = AwsPermissionsDefinition(
odata_type = "microsoft.graph.awsPermissionsDefinition",
authorization_system_info = PermissionsDefinitionAuthorizationSystem(
authorization_system_id = "956987887735",
authorization_system_type = "AWS",
),
action_info = AwsActionsPermissionsDefinitionAction(
odata_type = "microsoft.graph.awsActionsPermissionsDefinitionAction",
statements = [
AwsStatement(
statement_id = "test1",
actions = [
"s3:AbortMultipartUpload",
"s3:CreateBucket",
],
not_actions = [
],
resources = [
"*",
],
not_resources = [
],
effect = AwsStatementEffect.Allow,
condition = AwsCondition(
additional_data = {
"numeric_less_than_equals" : {
"aws:_multi_factor_auth_age" : "3600",
},
}
),
),
AwsStatement(
statement_id = "test2",
actions = [
"s3:Delete:*",
],
not_actions = [
],
resources = [
"*",
],
not_resources = [
],
effect = AwsStatementEffect.Allow,
condition = AwsCondition(
additional_data = {
"numeric_less_than_equals" : {
"aws:_multi_factor_auth_age" : "3600",
},
}
),
),
],
assign_to_role_id = "arn:aws:iam::956987887735:role/ck-saml-power-user",
),
identity_info = PermissionsDefinitionAuthorizationSystemIdentity(
external_id = "rsn:alex@contoso.com",
source = SamlIdentitySource(
odata_type = "microsoft.graph.samlIdentitySource",
),
identity_type = PermissionsDefinitionIdentityType.User,
),
),
justification = "I need to do this because I want to access S3 resources",
notes = "Please",
schedule_info = RequestSchedule(
start_date_time = "2023-02-08T12:15:00Z",
expiration = ExpirationPattern(
duration = "PT1H",
),
recurrence = PatternedRecurrence(
pattern = RecurrencePattern(
day_of_month = 5,
days_of_week = [
],
interval = 1,
additional_data = {
"reccurence_pattern_type" : "absoluteMonthly",
}
),
range = RecurrenceRange(
start_date = "2023-02-08",
additional_data = {
"reccurence_range_type" : "noEnd",
}
),
),
),
ticket_info = TicketInfo(
ticket_number = "INC1234567",
ticket_system = "ServiceNow",
ticket_submitter_identity_id = "alex@contoso.com",
ticket_approver_identity_id = "alexmanager@contoso.com",
),
)
result = await graph_client.identity_governance.permissions_management.scheduled_permissions_requests.post(request_body)
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Listar sistemas de autorização GCP
Liste os sistemas de autorização GCP integrados no Gerenciamento de Permissões ao filtrar pela propriedade authorizationSystemType.
GET https://graph.microsoft.com/beta/external/authorizationSystems?$filter=authorizationSystemType eq 'gcp'
// Code snippets are only available for the latest version. Current version is 5.x
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.External.AuthorizationSystems.GetAsync((requestConfiguration) =>
{
requestConfiguration.QueryParameters.Filter = "authorizationSystemType eq 'gcp'";
});
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphexternal "github.com/microsoftgraph/msgraph-beta-sdk-go/external"
//other-imports
)
requestFilter := "authorizationSystemType eq 'gcp'"
requestParameters := &graphexternal.ExternalAuthorizationSystemsRequestBuilderGetQueryParameters{
Filter: &requestFilter,
}
configuration := &graphexternal.ExternalAuthorizationSystemsRequestBuilderGetRequestConfiguration{
QueryParameters: requestParameters,
}
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
authorizationSystems, err := graphClient.External().AuthorizationSystems().Get(context.Background(), configuration)
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
AuthorizationSystemCollectionResponse result = graphClient.external().authorizationSystems().get(requestConfiguration -> {
requestConfiguration.queryParameters.filter = "authorizationSystemType eq 'gcp'";
});
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
const options = {
authProvider,
};
const client = Client.init(options);
let authorizationSystems = await client.api('/external/authorizationSystems')
.version('beta')
.filter('authorizationSystemType eq \'gcp\'')
.get();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\External\AuthorizationSystems\AuthorizationSystemsRequestBuilderGetRequestConfiguration;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestConfiguration = new AuthorizationSystemsRequestBuilderGetRequestConfiguration();
$queryParameters = AuthorizationSystemsRequestBuilderGetRequestConfiguration::createQueryParameters();
$queryParameters->filter = "authorizationSystemType eq 'gcp'";
$requestConfiguration->queryParameters = $queryParameters;
$result = $graphServiceClient->external()->authorizationSystems()->get($requestConfiguration)->wait();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.external.authorization_systems.authorization_systems_request_builder import AuthorizationSystemsRequestBuilder
from kiota_abstractions.base_request_configuration import RequestConfiguration
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
query_params = AuthorizationSystemsRequestBuilder.AuthorizationSystemsRequestBuilderGetQueryParameters(
filter = "authorizationSystemType eq 'gcp'",
)
request_configuration = RequestConfiguration(
query_parameters = query_params,
)
result = await graph_client.external.authorization_systems.get(request_configuration = request_configuration)
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Listar sistemas de autorização GCP integrados no Gerenciamento de Permissões.
GET https://graph.microsoft.com/beta/external/authorizationSystems/microsoft.graph.gcpAuthorizationSystem
// Code snippets are only available for the latest version. Current version is 5.x
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.External.AuthorizationSystems["{authorizationSystem-id}"].GetAsync();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
//other-imports
)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
authorizationSystems, err := graphClient.External().AuthorizationSystems().ByAuthorizationSystemId("authorizationSystem-id").Get(context.Background(), nil)
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
AuthorizationSystem result = graphClient.external().authorizationSystems().byAuthorizationSystemId("{authorizationSystem-id}").get();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
const options = {
authProvider,
};
const client = Client.init(options);
let gcpAuthorizationSystem = await client.api('/external/authorizationSystems/microsoft.graph.gcpAuthorizationSystem')
.version('beta')
.get();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$result = $graphServiceClient->external()->authorizationSystems()->byAuthorizationSystemId('authorizationSystem-id')->get()->wait();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
result = await graph_client.external.authorization_systems.by_authorization_system_id('authorizationSystem-id').get()
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Identifique todos os sistemas de autorização GCP que estejam online e tenham a capacidade de modificação de permissões ativada.
GET https://graph.microsoft.com/beta/external/authorizationSystems?$filter=authorizationSystemType eq 'gcp' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/permissionsModificationCapability eq 'enabled' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/status eq 'online'
// Code snippets are only available for the latest version. Current version is 5.x
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.External.AuthorizationSystems.GetAsync((requestConfiguration) =>
{
requestConfiguration.QueryParameters.Filter = "authorizationSystemType eq 'gcp' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/permissionsModificationCapability eq 'enabled' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/status eq 'online'";
});
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphexternal "github.com/microsoftgraph/msgraph-beta-sdk-go/external"
//other-imports
)
requestFilter := "authorizationSystemType eq 'gcp' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/permissionsModificationCapability eq 'enabled' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/status eq 'online'"
requestParameters := &graphexternal.ExternalAuthorizationSystemsRequestBuilderGetQueryParameters{
Filter: &requestFilter,
}
configuration := &graphexternal.ExternalAuthorizationSystemsRequestBuilderGetRequestConfiguration{
QueryParameters: requestParameters,
}
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
authorizationSystems, err := graphClient.External().AuthorizationSystems().Get(context.Background(), configuration)
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
AuthorizationSystemCollectionResponse result = graphClient.external().authorizationSystems().get(requestConfiguration -> {
requestConfiguration.queryParameters.filter = "authorizationSystemType eq 'gcp' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/permissionsModificationCapability eq 'enabled' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/status eq 'online'";
});
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
const options = {
authProvider,
};
const client = Client.init(options);
let authorizationSystems = await client.api('/external/authorizationSystems')
.version('beta')
.filter('authorizationSystemType eq \'gcp\' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/permissionsModificationCapability eq \'enabled\' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/status eq \'online\'')
.get();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\External\AuthorizationSystems\AuthorizationSystemsRequestBuilderGetRequestConfiguration;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestConfiguration = new AuthorizationSystemsRequestBuilderGetRequestConfiguration();
$queryParameters = AuthorizationSystemsRequestBuilderGetRequestConfiguration::createQueryParameters();
$queryParameters->filter = "authorizationSystemType eq 'gcp' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/permissionsModificationCapability eq 'enabled' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/status eq 'online'";
$requestConfiguration->queryParameters = $queryParameters;
$result = $graphServiceClient->external()->authorizationSystems()->get($requestConfiguration)->wait();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Import-Module Microsoft.Graph.Beta.Search
Get-MgBetaExternalAuthorizationSystem -Filter "authorizationSystemType eq 'gcp' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/permissionsModificationCapability eq 'enabled' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/status eq 'online'"
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.external.authorization_systems.authorization_systems_request_builder import AuthorizationSystemsRequestBuilder
from kiota_abstractions.base_request_configuration import RequestConfiguration
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
query_params = AuthorizationSystemsRequestBuilder.AuthorizationSystemsRequestBuilderGetQueryParameters(
filter = "authorizationSystemType eq 'gcp' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/permissionsModificationCapability eq 'enabled' and dataCollectionInfo/entitlements/microsoft.graph.entitlementsDataCollection/status eq 'online'",
)
request_configuration = RequestConfiguration(
query_parameters = query_params,
)
result = await graph_client.external.authorization_systems.get(request_configuration = request_configuration)
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Obter identidades num sistema de autorização GCP
Listar todas as identidades
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.gcpAuthorizationSystem/associatedIdentities/all
const options = {
authProvider,
};
const client = Client.init(options);
let all = await client.api('/external/authorizationSystems/{id}/microsoft.graph.gcpAuthorizationSystem/associatedIdentities/all')
.version('beta')
.get();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Obter uma identidade
Por ID da chave primária.
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.gcpAuthorizationSystem/associatedIdentities/all/{id}
const options = {
authProvider,
};
const client = Client.init(options);
let gcpIdentity = await client.api('/external/authorizationSystems/{id}/microsoft.graph.gcpAuthorizationSystem/associatedIdentities/all/{id}')
.version('beta')
.get();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Por externalId de chave alternativa.
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.gcpAuthorizationSystem/associatedIdentities/all(externalId='{externalId}')
Obter utilizadores do GCP
Listar todos os utilizadores do GCP
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.gcpAuthorizationSystem/associatedIdentities/users
const options = {
authProvider,
};
const client = Client.init(options);
let users = await client.api('/external/authorizationSystems/{id}/microsoft.graph.gcpAuthorizationSystem/associatedIdentities/users')
.version('beta')
.get();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Obter um utilizador do GCP
Por ID de utilizador da chave primária.
GET /external/authorizationSystems/{id}/microsoft.graph.gcpAuthorizationSystem/associatedIdentities/users/{id}
Por externalId de chave alternativa.
GET /external/authorizationSystems/{id}/microsoft.graph.gcpAuthorizationSystem/associatedIdentities/users(externalId='{externalId}')
Obter contas de serviço GCP
Listar todas as contas de serviço GCP
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.gcpAuthorizationSystem/associatedIdentities/serviceAccounts
const options = {
authProvider,
};
const client = Client.init(options);
let serviceAccounts = await client.api('/external/authorizationSystems/{id}/microsoft.graph.gcpAuthorizationSystem/associatedIdentities/serviceAccounts')
.version('beta')
.get();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Obter uma conta de serviço GCP
Por ID de utilizador da chave primária.
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.gcpAuthorizationSystem/associatedIdentities/serviceAccounts/{id}
const options = {
authProvider,
};
const client = Client.init(options);
let gcpServiceAccount = await client.api('/external/authorizationSystems/{id}/microsoft.graph.gcpAuthorizationSystem/associatedIdentities/serviceAccounts/{id}')
.version('beta')
.get();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Por externalId de chave alternativa.
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.gcpAuthorizationSystem/associatedIdentities/serviceAccounts(externalId='{externalId}')
const options = {
authProvider,
};
const client = Client.init(options);
let gcpServiceAccount = await client.api('/external/authorizationSystems/{id}/microsoft.graph.gcpAuthorizationSystem/associatedIdentities/serviceAccounts/{id}')
.version('beta')
.get();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Obter ações
Listar todas as ações
Listar todas as ações.
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.gcpAuthorizationSystem/actions
const options = {
authProvider,
};
const client = Client.init(options);
let actions = await client.api('/external/authorizationSystems/{id}/microsoft.graph.gcpAuthorizationSystem/actions')
.version('beta')
.get();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Listar ações para um serviço específico num sistema de autorização GCP.
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.gcpAuthorizationSystem/actions?$filter=service/id eq 'compute'
const options = {
authProvider,
};
const client = Client.init(options);
let actions = await client.api('/external/authorizationSystems/{id}/microsoft.graph.gcpAuthorizationSystem/actions')
.version('beta')
.get();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Obter uma ação
Por ID de ação da chave primária.
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.gcpAuthorizationSystem/actions/{id}
const options = {
authProvider,
};
const client = Client.init(options);
let gcpAuthorizationSystemTypeAction = await client.api('/external/authorizationSystems/{id}/microsoft.graph.gcpAuthorizationSystem/actions/{id}')
.version('beta')
.get();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Por externalId de chave alternativa.
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.gcpAuthorizationSystem/actions(externalId={externalId})
Obter recursos
Listar todos os recursos
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.gcpAuthorizationSystem/resources
const options = {
authProvider,
};
const client = Client.init(options);
let resources = await client.api('/external/authorizationSystems/{id}/microsoft.graph.gcpAuthorizationSystem/resources')
.version('beta')
.get();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Obter um recurso
Por ID de recurso de chave primária.
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.gcpAuthorizationSystem/resources/{id}
const options = {
authProvider,
};
const client = Client.init(options);
let gcpAuthorizationSystemResource = await client.api('/external/authorizationSystems/{id}/microsoft.graph.gcpAuthorizationSystem/resources/{id}')
.version('beta')
.get();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Por externalId de chave alternativa.
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.gcpAuthorizationSystem/resources(externalId={externalId})
Obter funções
Listar todas as funções
Listar todas as funções.
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.gcpAuthorizationSystem/roles
const options = {
authProvider,
};
const client = Client.init(options);
let roles = await client.api('/external/authorizationSystems/{id}/microsoft.graph.gcpAuthorizationSystem/roles')
.version('beta')
.get();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Obter uma definição de função
Por ID da função de chave primária atribuída por Gerenciamento de Permissões.
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.gcpAuthorizationSystem/roles/{id}
const options = {
authProvider,
};
const client = Client.init(options);
let gcpRole = await client.api('/external/authorizationSystems/{id}/microsoft.graph.gcpAuthorizationSystem/roles/{id}')
.version('beta')
.get();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Por externalId de chave alternativa.
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.gcpAuthorizationSystem/roles(externalId='{externalId}')
Obter serviços
Listar todos os serviços
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.gcpAuthorizationSystem/services
const options = {
authProvider,
};
const client = Client.init(options);
let services = await client.api('/external/authorizationSystems/{id}/microsoft.graph.gcpAuthorizationSystem/services')
.version('beta')
.get();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Obter um serviço
GET https://graph.microsoft.com/beta/external/authorizationSystems/{id}/microsoft.graph.gcpAuthorizationSystem/services/{id}
const options = {
authProvider,
};
const client = Client.init(options);
let authorizationSystemTypeService = await client.api('/external/authorizationSystems/{id}/microsoft.graph.gcpAuthorizationSystem/services/{id}')
.version('beta')
.get();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Pedir uma ação do GCP
POST https://graph.microsoft.com/beta/identityGovernance/permissionsManagement/scheduledPermissionsRequests
Content-Type: application/json
{
"requestedPermissions": {
"@odata.type": "microsoft.graph.singleResourceGcpPermissionsDefinition",
"authorizationSystemInfo": {
"authorizationSystemId": "carbide-bonsai-205017",
"authorizationSystemType": "GCP"
},
"actionInfo": {
"@odata.type": "microsoft.graph.gcpActionPermissionsDefinitionAction",
"actions": [
"aiplatform:dataitems"
]
},
"identityInfo": {
"externalId": "alex@contoso.com",
"source": {
"@odata.type": "microsoft.graph.edIdentitySource"
},
"identityType": "user"
},
"resourceId": "carbide-bonsai-205017"
},
"justification": "I need to do this because I want to code my own chat GPT-3 bot on GCP",
"notes": "Pretty Pleaseeeee",
"scheduleInfo": {
"expiration": {
"duration": "PT1H"
}
},
"ticketInfo": {
"ticketNumber": "INC1234567",
"ticketSystem": "ServiceNow",
"ticketSubmitterIdentityId": "alex@contoso.com",
"ticketApproverIdentityId": "alexmanager@contoso.com"
}
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models;
var requestBody = new ScheduledPermissionsRequest
{
RequestedPermissions = new SingleResourceGcpPermissionsDefinition
{
OdataType = "microsoft.graph.singleResourceGcpPermissionsDefinition",
AuthorizationSystemInfo = new PermissionsDefinitionAuthorizationSystem
{
AuthorizationSystemId = "carbide-bonsai-205017",
AuthorizationSystemType = "GCP",
},
ActionInfo = new GcpActionPermissionsDefinitionAction
{
OdataType = "microsoft.graph.gcpActionPermissionsDefinitionAction",
Actions = new List<string>
{
"aiplatform:dataitems",
},
},
IdentityInfo = new PermissionsDefinitionAuthorizationSystemIdentity
{
ExternalId = "alex@contoso.com",
Source = new EdIdentitySource
{
OdataType = "microsoft.graph.edIdentitySource",
},
IdentityType = PermissionsDefinitionIdentityType.User,
},
ResourceId = "carbide-bonsai-205017",
},
Justification = "I need to do this because I want to code my own chat GPT-3 bot on GCP",
Notes = "Pretty Pleaseeeee",
ScheduleInfo = new RequestSchedule
{
Expiration = new ExpirationPattern
{
Duration = TimeSpan.Parse("PT1H"),
},
},
TicketInfo = new TicketInfo
{
TicketNumber = "INC1234567",
TicketSystem = "ServiceNow",
TicketSubmitterIdentityId = "alex@contoso.com",
TicketApproverIdentityId = "alexmanager@contoso.com",
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.PermissionsManagement.ScheduledPermissionsRequests.PostAsync(requestBody);
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewScheduledPermissionsRequest()
requestedPermissions := graphmodels.NewSingleResourceGcpPermissionsDefinition()
authorizationSystemInfo := graphmodels.NewPermissionsDefinitionAuthorizationSystem()
authorizationSystemId := "carbide-bonsai-205017"
authorizationSystemInfo.SetAuthorizationSystemId(&authorizationSystemId)
authorizationSystemType := "GCP"
authorizationSystemInfo.SetAuthorizationSystemType(&authorizationSystemType)
requestedPermissions.SetAuthorizationSystemInfo(authorizationSystemInfo)
actionInfo := graphmodels.NewGcpActionPermissionsDefinitionAction()
actions := []string {
"aiplatform:dataitems",
}
actionInfo.SetActions(actions)
requestedPermissions.SetActionInfo(actionInfo)
identityInfo := graphmodels.NewPermissionsDefinitionAuthorizationSystemIdentity()
externalId := "alex@contoso.com"
identityInfo.SetExternalId(&externalId)
source := graphmodels.NewEdIdentitySource()
identityInfo.SetSource(source)
identityType := graphmodels.USER_PERMISSIONSDEFINITIONIDENTITYTYPE
identityInfo.SetIdentityType(&identityType)
requestedPermissions.SetIdentityInfo(identityInfo)
resourceId := "carbide-bonsai-205017"
requestedPermissions.SetResourceId(&resourceId)
requestBody.SetRequestedPermissions(requestedPermissions)
justification := "I need to do this because I want to code my own chat GPT-3 bot on GCP"
requestBody.SetJustification(&justification)
notes := "Pretty Pleaseeeee"
requestBody.SetNotes(¬es)
scheduleInfo := graphmodels.NewRequestSchedule()
expiration := graphmodels.NewExpirationPattern()
duration , err := abstractions.ParseISODuration("PT1H")
expiration.SetDuration(&duration)
scheduleInfo.SetExpiration(expiration)
requestBody.SetScheduleInfo(scheduleInfo)
ticketInfo := graphmodels.NewTicketInfo()
ticketNumber := "INC1234567"
ticketInfo.SetTicketNumber(&ticketNumber)
ticketSystem := "ServiceNow"
ticketInfo.SetTicketSystem(&ticketSystem)
ticketSubmitterIdentityId := "alex@contoso.com"
ticketInfo.SetTicketSubmitterIdentityId(&ticketSubmitterIdentityId)
ticketApproverIdentityId := "alexmanager@contoso.com"
ticketInfo.SetTicketApproverIdentityId(&ticketApproverIdentityId)
requestBody.SetTicketInfo(ticketInfo)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
scheduledPermissionsRequests, err := graphClient.IdentityGovernance().PermissionsManagement().ScheduledPermissionsRequests().Post(context.Background(), requestBody, nil)
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
ScheduledPermissionsRequest scheduledPermissionsRequest = new ScheduledPermissionsRequest();
SingleResourceGcpPermissionsDefinition requestedPermissions = new SingleResourceGcpPermissionsDefinition();
requestedPermissions.setOdataType("microsoft.graph.singleResourceGcpPermissionsDefinition");
PermissionsDefinitionAuthorizationSystem authorizationSystemInfo = new PermissionsDefinitionAuthorizationSystem();
authorizationSystemInfo.setAuthorizationSystemId("carbide-bonsai-205017");
authorizationSystemInfo.setAuthorizationSystemType("GCP");
requestedPermissions.setAuthorizationSystemInfo(authorizationSystemInfo);
GcpActionPermissionsDefinitionAction actionInfo = new GcpActionPermissionsDefinitionAction();
actionInfo.setOdataType("microsoft.graph.gcpActionPermissionsDefinitionAction");
LinkedList<String> actions = new LinkedList<String>();
actions.add("aiplatform:dataitems");
actionInfo.setActions(actions);
requestedPermissions.setActionInfo(actionInfo);
PermissionsDefinitionAuthorizationSystemIdentity identityInfo = new PermissionsDefinitionAuthorizationSystemIdentity();
identityInfo.setExternalId("alex@contoso.com");
EdIdentitySource source = new EdIdentitySource();
source.setOdataType("microsoft.graph.edIdentitySource");
identityInfo.setSource(source);
identityInfo.setIdentityType(PermissionsDefinitionIdentityType.User);
requestedPermissions.setIdentityInfo(identityInfo);
requestedPermissions.setResourceId("carbide-bonsai-205017");
scheduledPermissionsRequest.setRequestedPermissions(requestedPermissions);
scheduledPermissionsRequest.setJustification("I need to do this because I want to code my own chat GPT-3 bot on GCP");
scheduledPermissionsRequest.setNotes("Pretty Pleaseeeee");
RequestSchedule scheduleInfo = new RequestSchedule();
ExpirationPattern expiration = new ExpirationPattern();
PeriodAndDuration duration = PeriodAndDuration.ofDuration(Duration.parse("PT1H"));
expiration.setDuration(duration);
scheduleInfo.setExpiration(expiration);
scheduledPermissionsRequest.setScheduleInfo(scheduleInfo);
TicketInfo ticketInfo = new TicketInfo();
ticketInfo.setTicketNumber("INC1234567");
ticketInfo.setTicketSystem("ServiceNow");
ticketInfo.setTicketSubmitterIdentityId("alex@contoso.com");
ticketInfo.setTicketApproverIdentityId("alexmanager@contoso.com");
scheduledPermissionsRequest.setTicketInfo(ticketInfo);
ScheduledPermissionsRequest result = graphClient.identityGovernance().permissionsManagement().scheduledPermissionsRequests().post(scheduledPermissionsRequest);
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
const options = {
authProvider,
};
const client = Client.init(options);
const scheduledPermissionsRequest = {
requestedPermissions: {
'@odata.type': 'microsoft.graph.singleResourceGcpPermissionsDefinition',
authorizationSystemInfo: {
authorizationSystemId: 'carbide-bonsai-205017',
authorizationSystemType: 'GCP'
},
actionInfo: {
'@odata.type': 'microsoft.graph.gcpActionPermissionsDefinitionAction',
actions: [
'aiplatform:dataitems'
]
},
identityInfo: {
externalId: 'alex@contoso.com',
source: {
'@odata.type': 'microsoft.graph.edIdentitySource'
},
identityType: 'user'
},
resourceId: 'carbide-bonsai-205017'
},
justification: 'I need to do this because I want to code my own chat GPT-3 bot on GCP',
notes: 'Pretty Pleaseeeee',
scheduleInfo: {
expiration: {
duration: 'PT1H'
}
},
ticketInfo: {
ticketNumber: 'INC1234567',
ticketSystem: 'ServiceNow',
ticketSubmitterIdentityId: 'alex@contoso.com',
ticketApproverIdentityId: 'alexmanager@contoso.com'
}
};
await client.api('/identityGovernance/permissionsManagement/scheduledPermissionsRequests')
.version('beta')
.post(scheduledPermissionsRequest);
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\ScheduledPermissionsRequest;
use Microsoft\Graph\Beta\Generated\Models\SingleResourceGcpPermissionsDefinition;
use Microsoft\Graph\Beta\Generated\Models\PermissionsDefinitionAuthorizationSystem;
use Microsoft\Graph\Beta\Generated\Models\GcpActionPermissionsDefinitionAction;
use Microsoft\Graph\Beta\Generated\Models\PermissionsDefinitionAuthorizationSystemIdentity;
use Microsoft\Graph\Beta\Generated\Models\EdIdentitySource;
use Microsoft\Graph\Beta\Generated\Models\PermissionsDefinitionIdentityType;
use Microsoft\Graph\Beta\Generated\Models\RequestSchedule;
use Microsoft\Graph\Beta\Generated\Models\ExpirationPattern;
use Microsoft\Graph\Beta\Generated\Models\TicketInfo;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new ScheduledPermissionsRequest();
$requestedPermissions = new SingleResourceGcpPermissionsDefinition();
$requestedPermissions->setOdataType('microsoft.graph.singleResourceGcpPermissionsDefinition');
$requestedPermissionsAuthorizationSystemInfo = new PermissionsDefinitionAuthorizationSystem();
$requestedPermissionsAuthorizationSystemInfo->setAuthorizationSystemId('carbide-bonsai-205017');
$requestedPermissionsAuthorizationSystemInfo->setAuthorizationSystemType('GCP');
$requestedPermissions->setAuthorizationSystemInfo($requestedPermissionsAuthorizationSystemInfo);
$requestedPermissionsActionInfo = new GcpActionPermissionsDefinitionAction();
$requestedPermissionsActionInfo->setOdataType('microsoft.graph.gcpActionPermissionsDefinitionAction');
$requestedPermissionsActionInfo->setActions(['aiplatform:dataitems', ]);
$requestedPermissions->setActionInfo($requestedPermissionsActionInfo);
$requestedPermissionsIdentityInfo = new PermissionsDefinitionAuthorizationSystemIdentity();
$requestedPermissionsIdentityInfo->setExternalId('alex@contoso.com');
$requestedPermissionsIdentityInfoSource = new EdIdentitySource();
$requestedPermissionsIdentityInfoSource->setOdataType('microsoft.graph.edIdentitySource');
$requestedPermissionsIdentityInfo->setSource($requestedPermissionsIdentityInfoSource);
$requestedPermissionsIdentityInfo->setIdentityType(new PermissionsDefinitionIdentityType('user'));
$requestedPermissions->setIdentityInfo($requestedPermissionsIdentityInfo);
$requestedPermissions->setResourceId('carbide-bonsai-205017');
$requestBody->setRequestedPermissions($requestedPermissions);
$requestBody->setJustification('I need to do this because I want to code my own chat GPT-3 bot on GCP');
$requestBody->setNotes('Pretty Pleaseeeee');
$scheduleInfo = new RequestSchedule();
$scheduleInfoExpiration = new ExpirationPattern();
$scheduleInfoExpiration->setDuration(new \DateInterval('PT1H'));
$scheduleInfo->setExpiration($scheduleInfoExpiration);
$requestBody->setScheduleInfo($scheduleInfo);
$ticketInfo = new TicketInfo();
$ticketInfo->setTicketNumber('INC1234567');
$ticketInfo->setTicketSystem('ServiceNow');
$ticketInfo->setTicketSubmitterIdentityId('alex@contoso.com');
$ticketInfo->setTicketApproverIdentityId('alexmanager@contoso.com');
$requestBody->setTicketInfo($ticketInfo);
$result = $graphServiceClient->identityGovernance()->permissionsManagement()->scheduledPermissionsRequests()->post($requestBody)->wait();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Import-Module Microsoft.Graph.Beta.Identity.Governance
$params = @{
requestedPermissions = @{
"@odata.type" = "microsoft.graph.singleResourceGcpPermissionsDefinition"
authorizationSystemInfo = @{
authorizationSystemId = "carbide-bonsai-205017"
authorizationSystemType = "GCP"
}
actionInfo = @{
"@odata.type" = "microsoft.graph.gcpActionPermissionsDefinitionAction"
actions = @(
"aiplatform:dataitems"
)
}
identityInfo = @{
externalId = "alex@contoso.com"
source = @{
"@odata.type" = "microsoft.graph.edIdentitySource"
}
identityType = "user"
}
resourceId = "carbide-bonsai-205017"
}
justification = "I need to do this because I want to code my own chat GPT-3 bot on GCP"
notes = "Pretty Pleaseeeee"
scheduleInfo = @{
expiration = @{
duration = "PT1H"
}
}
ticketInfo = @{
ticketNumber = "INC1234567"
ticketSystem = "ServiceNow"
ticketSubmitterIdentityId = "alex@contoso.com"
ticketApproverIdentityId = "alexmanager@contoso.com"
}
}
New-MgBetaIdentityGovernancePermissionManagementScheduledPermissionRequest -BodyParameter $params
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.scheduled_permissions_request import ScheduledPermissionsRequest
from msgraph_beta.generated.models.single_resource_gcp_permissions_definition import SingleResourceGcpPermissionsDefinition
from msgraph_beta.generated.models.permissions_definition_authorization_system import PermissionsDefinitionAuthorizationSystem
from msgraph_beta.generated.models.gcp_action_permissions_definition_action import GcpActionPermissionsDefinitionAction
from msgraph_beta.generated.models.permissions_definition_authorization_system_identity import PermissionsDefinitionAuthorizationSystemIdentity
from msgraph_beta.generated.models.ed_identity_source import EdIdentitySource
from msgraph_beta.generated.models.permissions_definition_identity_type import PermissionsDefinitionIdentityType
from msgraph_beta.generated.models.request_schedule import RequestSchedule
from msgraph_beta.generated.models.expiration_pattern import ExpirationPattern
from msgraph_beta.generated.models.ticket_info import TicketInfo
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = ScheduledPermissionsRequest(
requested_permissions = SingleResourceGcpPermissionsDefinition(
odata_type = "microsoft.graph.singleResourceGcpPermissionsDefinition",
authorization_system_info = PermissionsDefinitionAuthorizationSystem(
authorization_system_id = "carbide-bonsai-205017",
authorization_system_type = "GCP",
),
action_info = GcpActionPermissionsDefinitionAction(
odata_type = "microsoft.graph.gcpActionPermissionsDefinitionAction",
actions = [
"aiplatform:dataitems",
],
),
identity_info = PermissionsDefinitionAuthorizationSystemIdentity(
external_id = "alex@contoso.com",
source = EdIdentitySource(
odata_type = "microsoft.graph.edIdentitySource",
),
identity_type = PermissionsDefinitionIdentityType.User,
),
resource_id = "carbide-bonsai-205017",
),
justification = "I need to do this because I want to code my own chat GPT-3 bot on GCP",
notes = "Pretty Pleaseeeee",
schedule_info = RequestSchedule(
expiration = ExpirationPattern(
duration = "PT1H",
),
),
ticket_info = TicketInfo(
ticket_number = "INC1234567",
ticket_system = "ServiceNow",
ticket_submitter_identity_id = "alex@contoso.com",
ticket_approver_identity_id = "alexmanager@contoso.com",
),
)
result = await graph_client.identity_governance.permissions_management.scheduled_permissions_requests.post(request_body)
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Pedir uma função GCP
POST https://graph.microsoft.com/beta/identityGovernance/permissionsManagement/scheduledPermissionsRequests
Content-Type: application/json
{
"requestedPermissions": {
"@odata.type": "microsoft.graph.singleResourceGcpPermissionsDefinition",
"authorizationSystemInfo": {
"authorizationSystemId": "carbide-bonsai-205017",
"authorizationSystemType": "GCP"
},
"actionInfo": {
"@odata.type": "microsoft.graph.gcpRolePermissionsDefinitionAction",
"roles": [
{
"id": "roles/dialogflow.aamAdmin"
}
]
},
"identityInfo": {
"externalId": "alex@contoso.com",
"source": {
"@odata.type": "microsoft.graph.edIdentitySource"
},
"identityType": "user"
},
"resourceId": "carbide-bonsai-205017"
},
"justification": "I need to do this because I want to be an administrator",
"notes": "Pretty Pleaseeeee",
"scheduleInfo": {
"startDateTime": null,
"expiration": {
"duration": "PT1H"
},
"recurrence": null
},
"ticketInfo": {
"ticketNumber": "123456",
"ticketSystem": "ServiceNow",
"ticketSubmitterIdentityId": "alex@contoso.com",
"ticketApproverIdentityId": "alexmanager@contoso.com"
}
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models;
var requestBody = new ScheduledPermissionsRequest
{
RequestedPermissions = new SingleResourceGcpPermissionsDefinition
{
OdataType = "microsoft.graph.singleResourceGcpPermissionsDefinition",
AuthorizationSystemInfo = new PermissionsDefinitionAuthorizationSystem
{
AuthorizationSystemId = "carbide-bonsai-205017",
AuthorizationSystemType = "GCP",
},
ActionInfo = new GcpRolePermissionsDefinitionAction
{
OdataType = "microsoft.graph.gcpRolePermissionsDefinitionAction",
Roles = new List<PermissionsDefinitionGcpRole>
{
new PermissionsDefinitionGcpRole
{
Id = "roles/dialogflow.aamAdmin",
},
},
},
IdentityInfo = new PermissionsDefinitionAuthorizationSystemIdentity
{
ExternalId = "alex@contoso.com",
Source = new EdIdentitySource
{
OdataType = "microsoft.graph.edIdentitySource",
},
IdentityType = PermissionsDefinitionIdentityType.User,
},
ResourceId = "carbide-bonsai-205017",
},
Justification = "I need to do this because I want to be an administrator",
Notes = "Pretty Pleaseeeee",
ScheduleInfo = new RequestSchedule
{
StartDateTime = null,
Expiration = new ExpirationPattern
{
Duration = TimeSpan.Parse("PT1H"),
},
Recurrence = null,
},
TicketInfo = new TicketInfo
{
TicketNumber = "123456",
TicketSystem = "ServiceNow",
TicketSubmitterIdentityId = "alex@contoso.com",
TicketApproverIdentityId = "alexmanager@contoso.com",
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.PermissionsManagement.ScheduledPermissionsRequests.PostAsync(requestBody);
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewScheduledPermissionsRequest()
requestedPermissions := graphmodels.NewSingleResourceGcpPermissionsDefinition()
authorizationSystemInfo := graphmodels.NewPermissionsDefinitionAuthorizationSystem()
authorizationSystemId := "carbide-bonsai-205017"
authorizationSystemInfo.SetAuthorizationSystemId(&authorizationSystemId)
authorizationSystemType := "GCP"
authorizationSystemInfo.SetAuthorizationSystemType(&authorizationSystemType)
requestedPermissions.SetAuthorizationSystemInfo(authorizationSystemInfo)
actionInfo := graphmodels.NewGcpRolePermissionsDefinitionAction()
permissionsDefinitionGcpRole := graphmodels.NewPermissionsDefinitionGcpRole()
id := "roles/dialogflow.aamAdmin"
permissionsDefinitionGcpRole.SetId(&id)
roles := []graphmodels.PermissionsDefinitionGcpRoleable {
permissionsDefinitionGcpRole,
}
actionInfo.SetRoles(roles)
requestedPermissions.SetActionInfo(actionInfo)
identityInfo := graphmodels.NewPermissionsDefinitionAuthorizationSystemIdentity()
externalId := "alex@contoso.com"
identityInfo.SetExternalId(&externalId)
source := graphmodels.NewEdIdentitySource()
identityInfo.SetSource(source)
identityType := graphmodels.USER_PERMISSIONSDEFINITIONIDENTITYTYPE
identityInfo.SetIdentityType(&identityType)
requestedPermissions.SetIdentityInfo(identityInfo)
resourceId := "carbide-bonsai-205017"
requestedPermissions.SetResourceId(&resourceId)
requestBody.SetRequestedPermissions(requestedPermissions)
justification := "I need to do this because I want to be an administrator"
requestBody.SetJustification(&justification)
notes := "Pretty Pleaseeeee"
requestBody.SetNotes(¬es)
scheduleInfo := graphmodels.NewRequestSchedule()
startDateTime := null
scheduleInfo.SetStartDateTime(&startDateTime)
expiration := graphmodels.NewExpirationPattern()
duration , err := abstractions.ParseISODuration("PT1H")
expiration.SetDuration(&duration)
scheduleInfo.SetExpiration(expiration)
recurrence := null
scheduleInfo.SetRecurrence(&recurrence)
requestBody.SetScheduleInfo(scheduleInfo)
ticketInfo := graphmodels.NewTicketInfo()
ticketNumber := "123456"
ticketInfo.SetTicketNumber(&ticketNumber)
ticketSystem := "ServiceNow"
ticketInfo.SetTicketSystem(&ticketSystem)
ticketSubmitterIdentityId := "alex@contoso.com"
ticketInfo.SetTicketSubmitterIdentityId(&ticketSubmitterIdentityId)
ticketApproverIdentityId := "alexmanager@contoso.com"
ticketInfo.SetTicketApproverIdentityId(&ticketApproverIdentityId)
requestBody.SetTicketInfo(ticketInfo)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
scheduledPermissionsRequests, err := graphClient.IdentityGovernance().PermissionsManagement().ScheduledPermissionsRequests().Post(context.Background(), requestBody, nil)
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
ScheduledPermissionsRequest scheduledPermissionsRequest = new ScheduledPermissionsRequest();
SingleResourceGcpPermissionsDefinition requestedPermissions = new SingleResourceGcpPermissionsDefinition();
requestedPermissions.setOdataType("microsoft.graph.singleResourceGcpPermissionsDefinition");
PermissionsDefinitionAuthorizationSystem authorizationSystemInfo = new PermissionsDefinitionAuthorizationSystem();
authorizationSystemInfo.setAuthorizationSystemId("carbide-bonsai-205017");
authorizationSystemInfo.setAuthorizationSystemType("GCP");
requestedPermissions.setAuthorizationSystemInfo(authorizationSystemInfo);
GcpRolePermissionsDefinitionAction actionInfo = new GcpRolePermissionsDefinitionAction();
actionInfo.setOdataType("microsoft.graph.gcpRolePermissionsDefinitionAction");
LinkedList<PermissionsDefinitionGcpRole> roles = new LinkedList<PermissionsDefinitionGcpRole>();
PermissionsDefinitionGcpRole permissionsDefinitionGcpRole = new PermissionsDefinitionGcpRole();
permissionsDefinitionGcpRole.setId("roles/dialogflow.aamAdmin");
roles.add(permissionsDefinitionGcpRole);
actionInfo.setRoles(roles);
requestedPermissions.setActionInfo(actionInfo);
PermissionsDefinitionAuthorizationSystemIdentity identityInfo = new PermissionsDefinitionAuthorizationSystemIdentity();
identityInfo.setExternalId("alex@contoso.com");
EdIdentitySource source = new EdIdentitySource();
source.setOdataType("microsoft.graph.edIdentitySource");
identityInfo.setSource(source);
identityInfo.setIdentityType(PermissionsDefinitionIdentityType.User);
requestedPermissions.setIdentityInfo(identityInfo);
requestedPermissions.setResourceId("carbide-bonsai-205017");
scheduledPermissionsRequest.setRequestedPermissions(requestedPermissions);
scheduledPermissionsRequest.setJustification("I need to do this because I want to be an administrator");
scheduledPermissionsRequest.setNotes("Pretty Pleaseeeee");
RequestSchedule scheduleInfo = new RequestSchedule();
scheduleInfo.setStartDateTime(null);
ExpirationPattern expiration = new ExpirationPattern();
PeriodAndDuration duration = PeriodAndDuration.ofDuration(Duration.parse("PT1H"));
expiration.setDuration(duration);
scheduleInfo.setExpiration(expiration);
scheduleInfo.setRecurrence(null);
scheduledPermissionsRequest.setScheduleInfo(scheduleInfo);
TicketInfo ticketInfo = new TicketInfo();
ticketInfo.setTicketNumber("123456");
ticketInfo.setTicketSystem("ServiceNow");
ticketInfo.setTicketSubmitterIdentityId("alex@contoso.com");
ticketInfo.setTicketApproverIdentityId("alexmanager@contoso.com");
scheduledPermissionsRequest.setTicketInfo(ticketInfo);
ScheduledPermissionsRequest result = graphClient.identityGovernance().permissionsManagement().scheduledPermissionsRequests().post(scheduledPermissionsRequest);
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
const options = {
authProvider,
};
const client = Client.init(options);
const scheduledPermissionsRequest = {
requestedPermissions: {
'@odata.type': 'microsoft.graph.singleResourceGcpPermissionsDefinition',
authorizationSystemInfo: {
authorizationSystemId: 'carbide-bonsai-205017',
authorizationSystemType: 'GCP'
},
actionInfo: {
'@odata.type': 'microsoft.graph.gcpRolePermissionsDefinitionAction',
roles: [
{
id: 'roles/dialogflow.aamAdmin'
}
]
},
identityInfo: {
externalId: 'alex@contoso.com',
source: {
'@odata.type': 'microsoft.graph.edIdentitySource'
},
identityType: 'user'
},
resourceId: 'carbide-bonsai-205017'
},
justification: 'I need to do this because I want to be an administrator',
notes: 'Pretty Pleaseeeee',
scheduleInfo: {
startDateTime: null,
expiration: {
duration: 'PT1H'
},
recurrence: null
},
ticketInfo: {
ticketNumber: '123456',
ticketSystem: 'ServiceNow',
ticketSubmitterIdentityId: 'alex@contoso.com',
ticketApproverIdentityId: 'alexmanager@contoso.com'
}
};
await client.api('/identityGovernance/permissionsManagement/scheduledPermissionsRequests')
.version('beta')
.post(scheduledPermissionsRequest);
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\ScheduledPermissionsRequest;
use Microsoft\Graph\Beta\Generated\Models\SingleResourceGcpPermissionsDefinition;
use Microsoft\Graph\Beta\Generated\Models\PermissionsDefinitionAuthorizationSystem;
use Microsoft\Graph\Beta\Generated\Models\GcpRolePermissionsDefinitionAction;
use Microsoft\Graph\Beta\Generated\Models\PermissionsDefinitionGcpRole;
use Microsoft\Graph\Beta\Generated\Models\PermissionsDefinitionAuthorizationSystemIdentity;
use Microsoft\Graph\Beta\Generated\Models\EdIdentitySource;
use Microsoft\Graph\Beta\Generated\Models\PermissionsDefinitionIdentityType;
use Microsoft\Graph\Beta\Generated\Models\RequestSchedule;
use Microsoft\Graph\Beta\Generated\Models\ExpirationPattern;
use Microsoft\Graph\Beta\Generated\Models\TicketInfo;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new ScheduledPermissionsRequest();
$requestedPermissions = new SingleResourceGcpPermissionsDefinition();
$requestedPermissions->setOdataType('microsoft.graph.singleResourceGcpPermissionsDefinition');
$requestedPermissionsAuthorizationSystemInfo = new PermissionsDefinitionAuthorizationSystem();
$requestedPermissionsAuthorizationSystemInfo->setAuthorizationSystemId('carbide-bonsai-205017');
$requestedPermissionsAuthorizationSystemInfo->setAuthorizationSystemType('GCP');
$requestedPermissions->setAuthorizationSystemInfo($requestedPermissionsAuthorizationSystemInfo);
$requestedPermissionsActionInfo = new GcpRolePermissionsDefinitionAction();
$requestedPermissionsActionInfo->setOdataType('microsoft.graph.gcpRolePermissionsDefinitionAction');
$rolesPermissionsDefinitionGcpRole1 = new PermissionsDefinitionGcpRole();
$rolesPermissionsDefinitionGcpRole1->setId('roles/dialogflow.aamAdmin');
$rolesArray []= $rolesPermissionsDefinitionGcpRole1;
$requestedPermissionsActionInfo->setRoles($rolesArray);
$requestedPermissions->setActionInfo($requestedPermissionsActionInfo);
$requestedPermissionsIdentityInfo = new PermissionsDefinitionAuthorizationSystemIdentity();
$requestedPermissionsIdentityInfo->setExternalId('alex@contoso.com');
$requestedPermissionsIdentityInfoSource = new EdIdentitySource();
$requestedPermissionsIdentityInfoSource->setOdataType('microsoft.graph.edIdentitySource');
$requestedPermissionsIdentityInfo->setSource($requestedPermissionsIdentityInfoSource);
$requestedPermissionsIdentityInfo->setIdentityType(new PermissionsDefinitionIdentityType('user'));
$requestedPermissions->setIdentityInfo($requestedPermissionsIdentityInfo);
$requestedPermissions->setResourceId('carbide-bonsai-205017');
$requestBody->setRequestedPermissions($requestedPermissions);
$requestBody->setJustification('I need to do this because I want to be an administrator');
$requestBody->setNotes('Pretty Pleaseeeee');
$scheduleInfo = new RequestSchedule();
$scheduleInfo->setStartDateTime(null);
$scheduleInfoExpiration = new ExpirationPattern();
$scheduleInfoExpiration->setDuration(new \DateInterval('PT1H'));
$scheduleInfo->setExpiration($scheduleInfoExpiration);
$scheduleInfo->setRecurrence(null);
$requestBody->setScheduleInfo($scheduleInfo);
$ticketInfo = new TicketInfo();
$ticketInfo->setTicketNumber('123456');
$ticketInfo->setTicketSystem('ServiceNow');
$ticketInfo->setTicketSubmitterIdentityId('alex@contoso.com');
$ticketInfo->setTicketApproverIdentityId('alexmanager@contoso.com');
$requestBody->setTicketInfo($ticketInfo);
$result = $graphServiceClient->identityGovernance()->permissionsManagement()->scheduledPermissionsRequests()->post($requestBody)->wait();
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Import-Module Microsoft.Graph.Beta.Identity.Governance
$params = @{
requestedPermissions = @{
"@odata.type" = "microsoft.graph.singleResourceGcpPermissionsDefinition"
authorizationSystemInfo = @{
authorizationSystemId = "carbide-bonsai-205017"
authorizationSystemType = "GCP"
}
actionInfo = @{
"@odata.type" = "microsoft.graph.gcpRolePermissionsDefinitionAction"
roles = @(
@{
id = "roles/dialogflow.aamAdmin"
}
)
}
identityInfo = @{
externalId = "alex@contoso.com"
source = @{
"@odata.type" = "microsoft.graph.edIdentitySource"
}
identityType = "user"
}
resourceId = "carbide-bonsai-205017"
}
justification = "I need to do this because I want to be an administrator"
notes = "Pretty Pleaseeeee"
scheduleInfo = @{
startDateTime = $null
expiration = @{
duration = "PT1H"
}
recurrence = $null
}
ticketInfo = @{
ticketNumber = "123456"
ticketSystem = "ServiceNow"
ticketSubmitterIdentityId = "alex@contoso.com"
ticketApproverIdentityId = "alexmanager@contoso.com"
}
}
New-MgBetaIdentityGovernancePermissionManagementScheduledPermissionRequest -BodyParameter $params
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.scheduled_permissions_request import ScheduledPermissionsRequest
from msgraph_beta.generated.models.single_resource_gcp_permissions_definition import SingleResourceGcpPermissionsDefinition
from msgraph_beta.generated.models.permissions_definition_authorization_system import PermissionsDefinitionAuthorizationSystem
from msgraph_beta.generated.models.gcp_role_permissions_definition_action import GcpRolePermissionsDefinitionAction
from msgraph_beta.generated.models.permissions_definition_gcp_role import PermissionsDefinitionGcpRole
from msgraph_beta.generated.models.permissions_definition_authorization_system_identity import PermissionsDefinitionAuthorizationSystemIdentity
from msgraph_beta.generated.models.ed_identity_source import EdIdentitySource
from msgraph_beta.generated.models.permissions_definition_identity_type import PermissionsDefinitionIdentityType
from msgraph_beta.generated.models.request_schedule import RequestSchedule
from msgraph_beta.generated.models.expiration_pattern import ExpirationPattern
from msgraph_beta.generated.models.ticket_info import TicketInfo
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = ScheduledPermissionsRequest(
requested_permissions = SingleResourceGcpPermissionsDefinition(
odata_type = "microsoft.graph.singleResourceGcpPermissionsDefinition",
authorization_system_info = PermissionsDefinitionAuthorizationSystem(
authorization_system_id = "carbide-bonsai-205017",
authorization_system_type = "GCP",
),
action_info = GcpRolePermissionsDefinitionAction(
odata_type = "microsoft.graph.gcpRolePermissionsDefinitionAction",
roles = [
PermissionsDefinitionGcpRole(
id = "roles/dialogflow.aamAdmin",
),
],
),
identity_info = PermissionsDefinitionAuthorizationSystemIdentity(
external_id = "alex@contoso.com",
source = EdIdentitySource(
odata_type = "microsoft.graph.edIdentitySource",
),
identity_type = PermissionsDefinitionIdentityType.User,
),
resource_id = "carbide-bonsai-205017",
),
justification = "I need to do this because I want to be an administrator",
notes = "Pretty Pleaseeeee",
schedule_info = RequestSchedule(
start_date_time = None,
expiration = ExpirationPattern(
duration = "PT1H",
),
recurrence = None,
),
ticket_info = TicketInfo(
ticket_number = "123456",
ticket_system = "ServiceNow",
ticket_submitter_identity_id = "alex@contoso.com",
ticket_approver_identity_id = "alexmanager@contoso.com",
),
)
result = await graph_client.identity_governance.permissions_management.scheduled_permissions_requests.post(request_body)
Leia a documentação do SDK para obter detalhes sobre como adicionar o SDK ao projeto e criar uma instância authProvider .
Cancelar um pedido de permissões por ID
O requerente ou um administrador pode cancelar um pedido aprovado, enquanto apenas o requerente pode cancelar um pedido pendente (statusDetail of submitted) .
POST https://graph.microsoft.com/beta/identityGovernance/permissionsManagement/scheduledPermissionsRequests/{id}/cancelAll
Listar detalhes de todos os pedidos de permissões
GET https://graph.microsoft.com/beta/identityGovernance/permissionsManagement/permissionsRequestChanges
Listar detalhes de todos os pedidos de permissões filtrados pela data em que foram modificados
GET https://graph.microsoft.com/beta/identityGovernance/permissionsManagement/permissionsRequestChanges?$filter=modificationDateTime gt {t}
Obter detalhes de um pedido de permissões
GET https://graph.microsoft.com/beta/identityGovernance/permissionsManagement/permissionsRequestChanges/{id}
Conteúdo relacionado