Выберите разрешение или разрешения, помеченные как наименее привилегированные для этого API. Используйте более привилегированное разрешение или разрешения только в том случае, если это требуется приложению. Дополнительные сведения о делегированных разрешениях и разрешениях приложений см. в разделе Типы разрешений. Дополнительные сведения об этих разрешениях см. в справочнике по разрешениям.
PUT https://graph.microsoft.com/v1.0/identityGovernance/entitlementManagement/assignmentPolicies/87e1c7f7-c7f7-87e1-f7c7-e187f7c7e187
Content-Type: application/json
{
"id":"87e1c7f7-c7f7-87e1-f7c7-e187f7c7e187",
"displayName": "All Users",
"description": "All users can request for access to the directory.",
"allowedTargetScope": "allDirectoryUsers",
"automaticRequestSettings": null,
"specificAllowedTargets": [],
"expiration": {
"type": "noExpiration"
},
"requestorSettings": {
"enableTargetsToSelfAddAccess": true,
"enableTargetsToSelfUpdateAccess": false,
"enableTargetsToSelfRemoveAccess": true,
"allowCustomAssignmentSchedule": false,
"enableOnBehalfRequestorsToAddAccess": false,
"enableOnBehalfRequestorsToUpdateAccess": false,
"enableOnBehalfRequestorsToRemoveAccess": false,
"onBehalfRequestors": []
},
"requestApprovalSettings": {
"isApprovalRequiredForAdd": true,
"isApprovalRequiredForUpdate": false,
"stages": [
{
"durationBeforeAutomaticDenial": "P2D",
"isApproverJustificationRequired": false,
"isEscalationEnabled": false,
"durationBeforeEscalation": "PT0S",
"primaryApprovers": [
{
"@odata.type": "#microsoft.graph.requestorManager",
"managerLevel": 1
}
],
"fallbackPrimaryApprovers": [
{
"@odata.type": "#microsoft.graph.singleUser",
"userId": "e6bf4d7d-6824-4dd0-809d-5bf42d4817c2",
"description": "user"
}
],
"escalationApprovers": [],
"fallbackEscalationApprovers": []
}
]
},
"accessPackage": {
"id": "49d2c59b-0a81-463d-a8ec-ddad3935d8a0"
}
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Models;
var requestBody = new AccessPackageAssignmentPolicy
{
Id = "87e1c7f7-c7f7-87e1-f7c7-e187f7c7e187",
DisplayName = "All Users",
Description = "All users can request for access to the directory.",
AllowedTargetScope = AllowedTargetScope.AllDirectoryUsers,
AutomaticRequestSettings = null,
SpecificAllowedTargets = new List<SubjectSet>
{
},
Expiration = new ExpirationPattern
{
Type = ExpirationPatternType.NoExpiration,
},
RequestorSettings = new AccessPackageAssignmentRequestorSettings
{
EnableTargetsToSelfAddAccess = true,
EnableTargetsToSelfUpdateAccess = false,
EnableTargetsToSelfRemoveAccess = true,
AllowCustomAssignmentSchedule = false,
EnableOnBehalfRequestorsToAddAccess = false,
EnableOnBehalfRequestorsToUpdateAccess = false,
EnableOnBehalfRequestorsToRemoveAccess = false,
OnBehalfRequestors = new List<SubjectSet>
{
},
},
RequestApprovalSettings = new AccessPackageAssignmentApprovalSettings
{
IsApprovalRequiredForAdd = true,
IsApprovalRequiredForUpdate = false,
Stages = new List<AccessPackageApprovalStage>
{
new AccessPackageApprovalStage
{
DurationBeforeAutomaticDenial = TimeSpan.Parse("P2D"),
IsApproverJustificationRequired = false,
IsEscalationEnabled = false,
DurationBeforeEscalation = TimeSpan.Parse("PT0S"),
PrimaryApprovers = new List<SubjectSet>
{
new RequestorManager
{
OdataType = "#microsoft.graph.requestorManager",
ManagerLevel = 1,
},
},
FallbackPrimaryApprovers = new List<SubjectSet>
{
new SingleUser
{
OdataType = "#microsoft.graph.singleUser",
UserId = "e6bf4d7d-6824-4dd0-809d-5bf42d4817c2",
Description = "user",
},
},
EscalationApprovers = new List<SubjectSet>
{
},
FallbackEscalationApprovers = new List<SubjectSet>
{
},
},
},
},
AccessPackage = new AccessPackage
{
Id = "49d2c59b-0a81-463d-a8ec-ddad3935d8a0",
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.EntitlementManagement.AssignmentPolicies["{accessPackageAssignmentPolicy-id}"].PutAsync(requestBody);
Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider, см. в документации по SDK.
// THE CLI IS IN PREVIEW. NON-PRODUCTION USE ONLY
mgc identity-governance entitlement-management assignment-policies put --access-package-assignment-policy-id {accessPackageAssignmentPolicy-id} --body '{\
"id":"87e1c7f7-c7f7-87e1-f7c7-e187f7c7e187",\
"displayName": "All Users",\
"description": "All users can request for access to the directory.",\
"allowedTargetScope": "allDirectoryUsers",\
"automaticRequestSettings": null,\
"specificAllowedTargets": [],\
"expiration": {\
"type": "noExpiration"\
},\
"requestorSettings": {\
"enableTargetsToSelfAddAccess": true,\
"enableTargetsToSelfUpdateAccess": false,\
"enableTargetsToSelfRemoveAccess": true,\
"allowCustomAssignmentSchedule": false,\
"enableOnBehalfRequestorsToAddAccess": false,\
"enableOnBehalfRequestorsToUpdateAccess": false,\
"enableOnBehalfRequestorsToRemoveAccess": false,\
"onBehalfRequestors": []\
},\
"requestApprovalSettings": {\
"isApprovalRequiredForAdd": true,\
"isApprovalRequiredForUpdate": false,\
"stages": [\
{\
"durationBeforeAutomaticDenial": "P2D",\
"isApproverJustificationRequired": false,\
"isEscalationEnabled": false,\
"durationBeforeEscalation": "PT0S",\
"primaryApprovers": [\
{\
"@odata.type": "#microsoft.graph.requestorManager",\
"managerLevel": 1\
}\
],\
"fallbackPrimaryApprovers": [\
{\
"@odata.type": "#microsoft.graph.singleUser",\
"userId": "e6bf4d7d-6824-4dd0-809d-5bf42d4817c2",\
"description": "user"\
}\
],\
"escalationApprovers": [],\
"fallbackEscalationApprovers": []\
}\
]\
},\
"accessPackage": {\
"id": "49d2c59b-0a81-463d-a8ec-ddad3935d8a0"\
}\
}\
'
Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider, см. в документации по SDK.
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
//other-imports
)
graphClient := msgraphsdk.NewGraphServiceClientWithCredentials(cred, scopes)
requestBody := graphmodels.NewAccessPackageAssignmentPolicy()
id := "87e1c7f7-c7f7-87e1-f7c7-e187f7c7e187"
requestBody.SetId(&id)
displayName := "All Users"
requestBody.SetDisplayName(&displayName)
description := "All users can request for access to the directory."
requestBody.SetDescription(&description)
allowedTargetScope := graphmodels.ALLDIRECTORYUSERS_ALLOWEDTARGETSCOPE
requestBody.SetAllowedTargetScope(&allowedTargetScope)
automaticRequestSettings := null
requestBody.SetAutomaticRequestSettings(&automaticRequestSettings)
specificAllowedTargets := []graphmodels.SubjectSetable {
}
requestBody.SetSpecificAllowedTargets(specificAllowedTargets)
expiration := graphmodels.NewExpirationPattern()
type := graphmodels.NOEXPIRATION_EXPIRATIONPATTERNTYPE
expiration.SetType(&type)
requestBody.SetExpiration(expiration)
requestorSettings := graphmodels.NewAccessPackageAssignmentRequestorSettings()
enableTargetsToSelfAddAccess := true
requestorSettings.SetEnableTargetsToSelfAddAccess(&enableTargetsToSelfAddAccess)
enableTargetsToSelfUpdateAccess := false
requestorSettings.SetEnableTargetsToSelfUpdateAccess(&enableTargetsToSelfUpdateAccess)
enableTargetsToSelfRemoveAccess := true
requestorSettings.SetEnableTargetsToSelfRemoveAccess(&enableTargetsToSelfRemoveAccess)
allowCustomAssignmentSchedule := false
requestorSettings.SetAllowCustomAssignmentSchedule(&allowCustomAssignmentSchedule)
enableOnBehalfRequestorsToAddAccess := false
requestorSettings.SetEnableOnBehalfRequestorsToAddAccess(&enableOnBehalfRequestorsToAddAccess)
enableOnBehalfRequestorsToUpdateAccess := false
requestorSettings.SetEnableOnBehalfRequestorsToUpdateAccess(&enableOnBehalfRequestorsToUpdateAccess)
enableOnBehalfRequestorsToRemoveAccess := false
requestorSettings.SetEnableOnBehalfRequestorsToRemoveAccess(&enableOnBehalfRequestorsToRemoveAccess)
onBehalfRequestors := []graphmodels.SubjectSetable {
}
requestorSettings.SetOnBehalfRequestors(onBehalfRequestors)
requestBody.SetRequestorSettings(requestorSettings)
requestApprovalSettings := graphmodels.NewAccessPackageAssignmentApprovalSettings()
isApprovalRequiredForAdd := true
requestApprovalSettings.SetIsApprovalRequiredForAdd(&isApprovalRequiredForAdd)
isApprovalRequiredForUpdate := false
requestApprovalSettings.SetIsApprovalRequiredForUpdate(&isApprovalRequiredForUpdate)
accessPackageApprovalStage := graphmodels.NewAccessPackageApprovalStage()
durationBeforeAutomaticDenial , err := abstractions.ParseISODuration("P2D")
accessPackageApprovalStage.SetDurationBeforeAutomaticDenial(&durationBeforeAutomaticDenial)
isApproverJustificationRequired := false
accessPackageApprovalStage.SetIsApproverJustificationRequired(&isApproverJustificationRequired)
isEscalationEnabled := false
accessPackageApprovalStage.SetIsEscalationEnabled(&isEscalationEnabled)
durationBeforeEscalation , err := abstractions.ParseISODuration("PT0S")
accessPackageApprovalStage.SetDurationBeforeEscalation(&durationBeforeEscalation)
subjectSet := graphmodels.NewRequestorManager()
managerLevel := int32(1)
subjectSet.SetManagerLevel(&managerLevel)
primaryApprovers := []graphmodels.SubjectSetable {
subjectSet,
}
accessPackageApprovalStage.SetPrimaryApprovers(primaryApprovers)
subjectSet := graphmodels.NewSingleUser()
userId := "e6bf4d7d-6824-4dd0-809d-5bf42d4817c2"
subjectSet.SetUserId(&userId)
description := "user"
subjectSet.SetDescription(&description)
fallbackPrimaryApprovers := []graphmodels.SubjectSetable {
subjectSet,
}
accessPackageApprovalStage.SetFallbackPrimaryApprovers(fallbackPrimaryApprovers)
escalationApprovers := []graphmodels.SubjectSetable {
}
accessPackageApprovalStage.SetEscalationApprovers(escalationApprovers)
fallbackEscalationApprovers := []graphmodels.SubjectSetable {
}
accessPackageApprovalStage.SetFallbackEscalationApprovers(fallbackEscalationApprovers)
stages := []graphmodels.AccessPackageApprovalStageable {
accessPackageApprovalStage,
}
requestApprovalSettings.SetStages(stages)
requestBody.SetRequestApprovalSettings(requestApprovalSettings)
accessPackage := graphmodels.NewAccessPackage()
id := "49d2c59b-0a81-463d-a8ec-ddad3935d8a0"
accessPackage.SetId(&id)
requestBody.SetAccessPackage(accessPackage)
assignmentPolicies, err := graphClient.IdentityGovernance().EntitlementManagement().AssignmentPolicies().ByAccessPackageAssignmentPolicyId("accessPackageAssignmentPolicy-id").Put(context.Background(), requestBody, nil)
Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider, см. в документации по SDK.
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
AccessPackageAssignmentPolicy accessPackageAssignmentPolicy = new AccessPackageAssignmentPolicy();
accessPackageAssignmentPolicy.setId("87e1c7f7-c7f7-87e1-f7c7-e187f7c7e187");
accessPackageAssignmentPolicy.setDisplayName("All Users");
accessPackageAssignmentPolicy.setDescription("All users can request for access to the directory.");
accessPackageAssignmentPolicy.setAllowedTargetScope(AllowedTargetScope.AllDirectoryUsers);
accessPackageAssignmentPolicy.setAutomaticRequestSettings(null);
LinkedList<SubjectSet> specificAllowedTargets = new LinkedList<SubjectSet>();
accessPackageAssignmentPolicy.setSpecificAllowedTargets(specificAllowedTargets);
ExpirationPattern expiration = new ExpirationPattern();
expiration.setType(ExpirationPatternType.NoExpiration);
accessPackageAssignmentPolicy.setExpiration(expiration);
AccessPackageAssignmentRequestorSettings requestorSettings = new AccessPackageAssignmentRequestorSettings();
requestorSettings.setEnableTargetsToSelfAddAccess(true);
requestorSettings.setEnableTargetsToSelfUpdateAccess(false);
requestorSettings.setEnableTargetsToSelfRemoveAccess(true);
requestorSettings.setAllowCustomAssignmentSchedule(false);
requestorSettings.setEnableOnBehalfRequestorsToAddAccess(false);
requestorSettings.setEnableOnBehalfRequestorsToUpdateAccess(false);
requestorSettings.setEnableOnBehalfRequestorsToRemoveAccess(false);
LinkedList<SubjectSet> onBehalfRequestors = new LinkedList<SubjectSet>();
requestorSettings.setOnBehalfRequestors(onBehalfRequestors);
accessPackageAssignmentPolicy.setRequestorSettings(requestorSettings);
AccessPackageAssignmentApprovalSettings requestApprovalSettings = new AccessPackageAssignmentApprovalSettings();
requestApprovalSettings.setIsApprovalRequiredForAdd(true);
requestApprovalSettings.setIsApprovalRequiredForUpdate(false);
LinkedList<AccessPackageApprovalStage> stages = new LinkedList<AccessPackageApprovalStage>();
AccessPackageApprovalStage accessPackageApprovalStage = new AccessPackageApprovalStage();
PeriodAndDuration durationBeforeAutomaticDenial = PeriodAndDuration.ofDuration(Duration.parse("P2D"));
accessPackageApprovalStage.setDurationBeforeAutomaticDenial(durationBeforeAutomaticDenial);
accessPackageApprovalStage.setIsApproverJustificationRequired(false);
accessPackageApprovalStage.setIsEscalationEnabled(false);
PeriodAndDuration durationBeforeEscalation = PeriodAndDuration.ofDuration(Duration.parse("PT0S"));
accessPackageApprovalStage.setDurationBeforeEscalation(durationBeforeEscalation);
LinkedList<SubjectSet> primaryApprovers = new LinkedList<SubjectSet>();
RequestorManager subjectSet = new RequestorManager();
subjectSet.setOdataType("#microsoft.graph.requestorManager");
subjectSet.setManagerLevel(1);
primaryApprovers.add(subjectSet);
accessPackageApprovalStage.setPrimaryApprovers(primaryApprovers);
LinkedList<SubjectSet> fallbackPrimaryApprovers = new LinkedList<SubjectSet>();
SingleUser subjectSet1 = new SingleUser();
subjectSet1.setOdataType("#microsoft.graph.singleUser");
subjectSet1.setUserId("e6bf4d7d-6824-4dd0-809d-5bf42d4817c2");
subjectSet1.setDescription("user");
fallbackPrimaryApprovers.add(subjectSet1);
accessPackageApprovalStage.setFallbackPrimaryApprovers(fallbackPrimaryApprovers);
LinkedList<SubjectSet> escalationApprovers = new LinkedList<SubjectSet>();
accessPackageApprovalStage.setEscalationApprovers(escalationApprovers);
LinkedList<SubjectSet> fallbackEscalationApprovers = new LinkedList<SubjectSet>();
accessPackageApprovalStage.setFallbackEscalationApprovers(fallbackEscalationApprovers);
stages.add(accessPackageApprovalStage);
requestApprovalSettings.setStages(stages);
accessPackageAssignmentPolicy.setRequestApprovalSettings(requestApprovalSettings);
AccessPackage accessPackage = new AccessPackage();
accessPackage.setId("49d2c59b-0a81-463d-a8ec-ddad3935d8a0");
accessPackageAssignmentPolicy.setAccessPackage(accessPackage);
AccessPackageAssignmentPolicy result = graphClient.identityGovernance().entitlementManagement().assignmentPolicies().byAccessPackageAssignmentPolicyId("{accessPackageAssignmentPolicy-id}").put(accessPackageAssignmentPolicy);
Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider, см. в документации по SDK.
const options = {
authProvider,
};
const client = Client.init(options);
const accessPackageAssignmentPolicy = {
id: '87e1c7f7-c7f7-87e1-f7c7-e187f7c7e187',
displayName: 'All Users',
description: 'All users can request for access to the directory.',
allowedTargetScope: 'allDirectoryUsers',
automaticRequestSettings: null,
specificAllowedTargets: [],
expiration: {
type: 'noExpiration'
},
requestorSettings: {
enableTargetsToSelfAddAccess: true,
enableTargetsToSelfUpdateAccess: false,
enableTargetsToSelfRemoveAccess: true,
allowCustomAssignmentSchedule: false,
enableOnBehalfRequestorsToAddAccess: false,
enableOnBehalfRequestorsToUpdateAccess: false,
enableOnBehalfRequestorsToRemoveAccess: false,
onBehalfRequestors: []
},
requestApprovalSettings: {
isApprovalRequiredForAdd: true,
isApprovalRequiredForUpdate: false,
stages: [
{
durationBeforeAutomaticDenial: 'P2D',
isApproverJustificationRequired: false,
isEscalationEnabled: false,
durationBeforeEscalation: 'PT0S',
primaryApprovers: [
{
'@odata.type': '#microsoft.graph.requestorManager',
managerLevel: 1
}
],
fallbackPrimaryApprovers: [
{
'@odata.type': '#microsoft.graph.singleUser',
userId: 'e6bf4d7d-6824-4dd0-809d-5bf42d4817c2',
description: 'user'
}
],
escalationApprovers: [],
fallbackEscalationApprovers: []
}
]
},
accessPackage: {
id: '49d2c59b-0a81-463d-a8ec-ddad3935d8a0'
}
};
await client.api('/identityGovernance/entitlementManagement/assignmentPolicies/87e1c7f7-c7f7-87e1-f7c7-e187f7c7e187')
.put(accessPackageAssignmentPolicy);
Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider, см. в документации по SDK.
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\AccessPackageAssignmentPolicy;
use Microsoft\Graph\Generated\Models\SubjectSet;
use Microsoft\Graph\Generated\Models\ExpirationPattern;
use Microsoft\Graph\Generated\Models\AccessPackageAssignmentRequestorSettings;
use Microsoft\Graph\Generated\Models\AccessPackageAssignmentApprovalSettings;
use Microsoft\Graph\Generated\Models\AccessPackageApprovalStage;
use Microsoft\Graph\Generated\Models\RequestorManager;
use Microsoft\Graph\Generated\Models\SingleUser;
use Microsoft\Graph\Generated\Models\AccessPackage;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new AccessPackageAssignmentPolicy();
$requestBody->setId('87e1c7f7-c7f7-87e1-f7c7-e187f7c7e187');
$requestBody->setDisplayName('All Users');
$requestBody->setDescription('All users can request for access to the directory.');
$requestBody->setAllowedTargetScope(new AllowedTargetScope('allDirectoryUsers'));
$requestBody->setAutomaticRequestSettings(null);
$requestBody->setSpecificAllowedTargets([ ]);
$expiration = new ExpirationPattern();
$expiration->setType(new ExpirationPatternType('noExpiration'));
$requestBody->setExpiration($expiration);
$requestorSettings = new AccessPackageAssignmentRequestorSettings();
$requestorSettings->setEnableTargetsToSelfAddAccess(true);
$requestorSettings->setEnableTargetsToSelfUpdateAccess(false);
$requestorSettings->setEnableTargetsToSelfRemoveAccess(true);
$requestorSettings->setAllowCustomAssignmentSchedule(false);
$requestorSettings->setEnableOnBehalfRequestorsToAddAccess(false);
$requestorSettings->setEnableOnBehalfRequestorsToUpdateAccess(false);
$requestorSettings->setEnableOnBehalfRequestorsToRemoveAccess(false);
$requestorSettings->setOnBehalfRequestors([ ]);
$requestBody->setRequestorSettings($requestorSettings);
$requestApprovalSettings = new AccessPackageAssignmentApprovalSettings();
$requestApprovalSettings->setIsApprovalRequiredForAdd(true);
$requestApprovalSettings->setIsApprovalRequiredForUpdate(false);
$stagesAccessPackageApprovalStage1 = new AccessPackageApprovalStage();
$stagesAccessPackageApprovalStage1->setDurationBeforeAutomaticDenial(new \DateInterval('P2D'));
$stagesAccessPackageApprovalStage1->setIsApproverJustificationRequired(false);
$stagesAccessPackageApprovalStage1->setIsEscalationEnabled(false);
$stagesAccessPackageApprovalStage1->setDurationBeforeEscalation(new \DateInterval('PT0S'));
$primaryApproversSubjectSet1 = new RequestorManager();
$primaryApproversSubjectSet1->setOdataType('#microsoft.graph.requestorManager');
$primaryApproversSubjectSet1->setManagerLevel(1);
$primaryApproversArray []= $primaryApproversSubjectSet1;
$stagesAccessPackageApprovalStage1->setPrimaryApprovers($primaryApproversArray);
$fallbackPrimaryApproversSubjectSet1 = new SingleUser();
$fallbackPrimaryApproversSubjectSet1->setOdataType('#microsoft.graph.singleUser');
$fallbackPrimaryApproversSubjectSet1->setUserId('e6bf4d7d-6824-4dd0-809d-5bf42d4817c2');
$fallbackPrimaryApproversSubjectSet1->setDescription('user');
$fallbackPrimaryApproversArray []= $fallbackPrimaryApproversSubjectSet1;
$stagesAccessPackageApprovalStage1->setFallbackPrimaryApprovers($fallbackPrimaryApproversArray);
$stagesAccessPackageApprovalStage1->setEscalationApprovers([]);
$stagesAccessPackageApprovalStage1->setFallbackEscalationApprovers([]);
$stagesArray []= $stagesAccessPackageApprovalStage1;
$requestApprovalSettings->setStages($stagesArray);
$requestBody->setRequestApprovalSettings($requestApprovalSettings);
$accessPackage = new AccessPackage();
$accessPackage->setId('49d2c59b-0a81-463d-a8ec-ddad3935d8a0');
$requestBody->setAccessPackage($accessPackage);
$result = $graphServiceClient->identityGovernance()->entitlementManagement()->assignmentPolicies()->byAccessPackageAssignmentPolicyId('accessPackageAssignmentPolicy-id')->put($requestBody)->wait();
Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider, см. в документации по SDK.
Import-Module Microsoft.Graph.Identity.Governance
$params = @{
id = "87e1c7f7-c7f7-87e1-f7c7-e187f7c7e187"
displayName = "All Users"
description = "All users can request for access to the directory."
allowedTargetScope = "allDirectoryUsers"
automaticRequestSettings = $null
specificAllowedTargets = @(
)
expiration = @{
type = "noExpiration"
}
requestorSettings = @{
enableTargetsToSelfAddAccess = $true
enableTargetsToSelfUpdateAccess = $false
enableTargetsToSelfRemoveAccess = $true
allowCustomAssignmentSchedule = $false
enableOnBehalfRequestorsToAddAccess = $false
enableOnBehalfRequestorsToUpdateAccess = $false
enableOnBehalfRequestorsToRemoveAccess = $false
onBehalfRequestors = @(
)
}
requestApprovalSettings = @{
isApprovalRequiredForAdd = $true
isApprovalRequiredForUpdate = $false
stages = @(
@{
durationBeforeAutomaticDenial = "P2D"
isApproverJustificationRequired = $false
isEscalationEnabled = $false
durationBeforeEscalation = "PT0S"
primaryApprovers = @(
@{
"@odata.type" = "#microsoft.graph.requestorManager"
managerLevel =
}
)
fallbackPrimaryApprovers = @(
@{
"@odata.type" = "#microsoft.graph.singleUser"
userId = "e6bf4d7d-6824-4dd0-809d-5bf42d4817c2"
description = "user"
}
)
escalationApprovers = @(
)
fallbackEscalationApprovers = @(
)
}
)
}
accessPackage = @{
id = "49d2c59b-0a81-463d-a8ec-ddad3935d8a0"
}
}
Set-MgEntitlementManagementAssignmentPolicy -AccessPackageAssignmentPolicyId $accessPackageAssignmentPolicyId -BodyParameter $params
Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider, см. в документации по SDK.
from msgraph import GraphServiceClient
from msgraph.generated.models.access_package_assignment_policy import AccessPackageAssignmentPolicy
from msgraph.generated.models.subject_set import SubjectSet
from msgraph.generated.models.expiration_pattern import ExpirationPattern
from msgraph.generated.models.access_package_assignment_requestor_settings import AccessPackageAssignmentRequestorSettings
from msgraph.generated.models.access_package_assignment_approval_settings import AccessPackageAssignmentApprovalSettings
from msgraph.generated.models.access_package_approval_stage import AccessPackageApprovalStage
from msgraph.generated.models.requestor_manager import RequestorManager
from msgraph.generated.models.single_user import SingleUser
from msgraph.generated.models.access_package import AccessPackage
graph_client = GraphServiceClient(credentials, scopes)
request_body = AccessPackageAssignmentPolicy(
id = "87e1c7f7-c7f7-87e1-f7c7-e187f7c7e187",
display_name = "All Users",
description = "All users can request for access to the directory.",
allowed_target_scope = AllowedTargetScope.AllDirectoryUsers,
automatic_request_settings = None,
specific_allowed_targets = [
],
expiration = ExpirationPattern(
type = ExpirationPatternType.NoExpiration,
),
requestor_settings = AccessPackageAssignmentRequestorSettings(
enable_targets_to_self_add_access = True,
enable_targets_to_self_update_access = False,
enable_targets_to_self_remove_access = True,
allow_custom_assignment_schedule = False,
enable_on_behalf_requestors_to_add_access = False,
enable_on_behalf_requestors_to_update_access = False,
enable_on_behalf_requestors_to_remove_access = False,
on_behalf_requestors = [
],
),
request_approval_settings = AccessPackageAssignmentApprovalSettings(
is_approval_required_for_add = True,
is_approval_required_for_update = False,
stages = [
AccessPackageApprovalStage(
duration_before_automatic_denial = "P2D",
is_approver_justification_required = False,
is_escalation_enabled = False,
duration_before_escalation = "PT0S",
primary_approvers = [
RequestorManager(
odata_type = "#microsoft.graph.requestorManager",
manager_level = 1,
),
],
fallback_primary_approvers = [
SingleUser(
odata_type = "#microsoft.graph.singleUser",
user_id = "e6bf4d7d-6824-4dd0-809d-5bf42d4817c2",
description = "user",
),
],
escalation_approvers = [
],
fallback_escalation_approvers = [
],
),
],
),
access_package = AccessPackage(
id = "49d2c59b-0a81-463d-a8ec-ddad3935d8a0",
),
)
result = await graph_client.identity_governance.entitlement_management.assignment_policies.by_access_package_assignment_policy_id('accessPackageAssignmentPolicy-id').put(request_body)
Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider, см. в документации по SDK.