Обновление accessPackageAssignmentPolicy

Статья
02/01/2024

Пространство имен: microsoft.graph

Обновите существующий объект accessPackageAssignmentPolicy , чтобы изменить одно или несколько его свойств, таких как отображаемое имя или описание.

Этот API доступен в следующих национальных облачных развертываниях.

Глобальная служба	Правительство США L4	Правительство США L5 (DOD)	Китай управляется 21Vianet
✅	✅	✅	✅

Разрешения

Выберите разрешение или разрешения, помеченные как наименее привилегированные для этого API. Используйте более привилегированное разрешение или разрешения только в том случае, если это требуется приложению. Дополнительные сведения о делегированных разрешениях и разрешениях приложений см. в разделе Типы разрешений. Дополнительные сведения об этих разрешениях см. в справочнике по разрешениям.

Тип разрешения	Разрешения с наименьшими привилегиями	Более высокие привилегированные разрешения
Делегированные (рабочая или учебная учетная запись)	EntitlementManagement.ReadWrite.All	Недоступно.
Делегированные (личная учетная запись Майкрософт)	Не поддерживается.	Не поддерживается.
Приложение	EntitlementManagement.ReadWrite.All	Недоступно.

HTTP-запрос

PUT /identityGovernance/entitlementManagement/assignmentPolicies/{accessPackageAssignmentPolicyId}

Заголовки запросов

Имя	Описание
Авторизация	Bearer {token}. Обязательно. Дополнительные сведения о проверке подлинности и авторизации.
Content-Type	application/json. Обязательно.

Текст запроса

В тексте запроса укажите представление объекта accessPackageAssignmentPolicy в формате JSON.

В следующей таблице показаны свойства, необходимые при обновлении accessPackageAssignmentPolicy.

Свойство	Тип	Описание
accessPackage	accessPackage	Пакет доступа, содержащий эту политику. Требуется только свойство id .
displayName	String	Отображаемое имя политики. Обязательный.
description	String	Описание политики. Обязательно.
allowedTargetScope	allowedTargetScope	Кому разрешено запрашивать пакет доступа с помощью этой политики. Возможные значения: `notSpecified`, `specificDirectoryUsers`, `specificConnectedOrganizationUsers`, `specificDirectoryServicePrincipals`, `allMemberUsers`, `allDirectoryUsers`, `allDirectoryServicePrincipals`, `allConfiguredConnectedOrganizationUsers`, `allExternalUsers`, `unknownFutureValue`. Обязательно.
automaticRequestSettings	accessPackageAutomaticRequestSettings	Это свойство присутствует только для политики автоматического назначения; Если она отсутствует, это политика на основе запросов. Обязательно.
specificAllowedTargets	Коллекция subjectSet	Субъекты, которым можно назначить доступ из пакета доступа с помощью этой политики. Обязательно.
Истечения срока действия	expirationPattern	Дата окончания срока действия назначений, созданных в этой политике. Обязательно.
requestorSettings	accessPackageAssignmentRequestorSettings	Предоставляет дополнительные параметры, позволяющие указать, кто может создавать запрос на назначение пакета доступа с помощью этой политики и что они могут включить в свой запрос. Обязательно.
requestApprovalSettings	accessPackageAssignmentApprovalSettings	Задает параметры для утверждения запросов на назначение пакета доступа с помощью этой политики. Например, если для новых запросов требуется утверждение. Обязательно.
reviewSettings	accessPackageAssignmentReviewSettings	Параметры проверки доступа для назначений с помощью этой политики. Обязательно.
Вопросы	коллекция accessPackageQuestion	Вопросы, которые задаются инициатору запроса. Обязательно.

Отклик

В случае успешного выполнения этот метод возвращает код отклика 200 OK и обновленный объект accessPackageAssignmentPolicy в тексте отклика.

Примеры

Запрос

PUT https://graph.microsoft.com/v1.0/identityGovernance/entitlementManagement/assignmentPolicies/87e1c7f7-c7f7-87e1-f7c7-e187f7c7e187
Content-Type: application/json

{
  "id":"87e1c7f7-c7f7-87e1-f7c7-e187f7c7e187",
  "displayName": "All Users",
  "description": "All users can request for access to the directory.",
  "allowedTargetScope": "allDirectoryUsers",
  "automaticRequestSettings": null,
  "specificAllowedTargets": [],
  "expiration": {
      "type": "noExpiration"
  },
  "requestorSettings": {
      "enableTargetsToSelfAddAccess": true,
      "enableTargetsToSelfUpdateAccess": false,
      "enableTargetsToSelfRemoveAccess": true,
      "allowCustomAssignmentSchedule": false,
      "enableOnBehalfRequestorsToAddAccess": false,
      "enableOnBehalfRequestorsToUpdateAccess": false,
      "enableOnBehalfRequestorsToRemoveAccess": false,
      "onBehalfRequestors": []
  },
  "requestApprovalSettings": {
      "isApprovalRequiredForAdd": true,
      "isApprovalRequiredForUpdate": false,
      "stages": [
          {
              "durationBeforeAutomaticDenial": "P2D",
              "isApproverJustificationRequired": false,
              "isEscalationEnabled": false,
              "durationBeforeEscalation": "PT0S",
              "primaryApprovers": [
                  {
                      "@odata.type": "#microsoft.graph.requestorManager",
                      "managerLevel": 1
                  }
              ],
              "fallbackPrimaryApprovers": [
                  {
                      "@odata.type": "#microsoft.graph.singleUser",
                      "userId": "e6bf4d7d-6824-4dd0-809d-5bf42d4817c2",
                      "description": "user"
                  }
              ],
              "escalationApprovers": [],
              "fallbackEscalationApprovers": []
          }
      ]
  },
  "accessPackage": {
        "id": "49d2c59b-0a81-463d-a8ec-ddad3935d8a0"
  }
}


// Code snippets are only available for the latest version. Current version is 5.x

// Dependencies
using Microsoft.Graph.Models;

var requestBody = new AccessPackageAssignmentPolicy
{
	Id = "87e1c7f7-c7f7-87e1-f7c7-e187f7c7e187",
	DisplayName = "All Users",
	Description = "All users can request for access to the directory.",
	AllowedTargetScope = AllowedTargetScope.AllDirectoryUsers,
	AutomaticRequestSettings = null,
	SpecificAllowedTargets = new List<SubjectSet>
	{
	},
	Expiration = new ExpirationPattern
	{
		Type = ExpirationPatternType.NoExpiration,
	},
	RequestorSettings = new AccessPackageAssignmentRequestorSettings
	{
		EnableTargetsToSelfAddAccess = true,
		EnableTargetsToSelfUpdateAccess = false,
		EnableTargetsToSelfRemoveAccess = true,
		AllowCustomAssignmentSchedule = false,
		EnableOnBehalfRequestorsToAddAccess = false,
		EnableOnBehalfRequestorsToUpdateAccess = false,
		EnableOnBehalfRequestorsToRemoveAccess = false,
		OnBehalfRequestors = new List<SubjectSet>
		{
		},
	},
	RequestApprovalSettings = new AccessPackageAssignmentApprovalSettings
	{
		IsApprovalRequiredForAdd = true,
		IsApprovalRequiredForUpdate = false,
		Stages = new List<AccessPackageApprovalStage>
		{
			new AccessPackageApprovalStage
			{
				DurationBeforeAutomaticDenial = TimeSpan.Parse("P2D"),
				IsApproverJustificationRequired = false,
				IsEscalationEnabled = false,
				DurationBeforeEscalation = TimeSpan.Parse("PT0S"),
				PrimaryApprovers = new List<SubjectSet>
				{
					new RequestorManager
					{
						OdataType = "#microsoft.graph.requestorManager",
						ManagerLevel = 1,
					},
				},
				FallbackPrimaryApprovers = new List<SubjectSet>
				{
					new SingleUser
					{
						OdataType = "#microsoft.graph.singleUser",
						UserId = "e6bf4d7d-6824-4dd0-809d-5bf42d4817c2",
						Description = "user",
					},
				},
				EscalationApprovers = new List<SubjectSet>
				{
				},
				FallbackEscalationApprovers = new List<SubjectSet>
				{
				},
			},
		},
	},
	AccessPackage = new AccessPackage
	{
		Id = "49d2c59b-0a81-463d-a8ec-ddad3935d8a0",
	},
};

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.EntitlementManagement.AssignmentPolicies["{accessPackageAssignmentPolicy-id}"].PutAsync(requestBody);

Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider, см. в документации по SDK.


// THE CLI IS IN PREVIEW. NON-PRODUCTION USE ONLY
mgc identity-governance entitlement-management assignment-policies put --access-package-assignment-policy-id {accessPackageAssignmentPolicy-id} --body '{\
  "id":"87e1c7f7-c7f7-87e1-f7c7-e187f7c7e187",\
  "displayName": "All Users",\
  "description": "All users can request for access to the directory.",\
  "allowedTargetScope": "allDirectoryUsers",\
  "automaticRequestSettings": null,\
  "specificAllowedTargets": [],\
  "expiration": {\
      "type": "noExpiration"\
  },\
  "requestorSettings": {\
      "enableTargetsToSelfAddAccess": true,\
      "enableTargetsToSelfUpdateAccess": false,\
      "enableTargetsToSelfRemoveAccess": true,\
      "allowCustomAssignmentSchedule": false,\
      "enableOnBehalfRequestorsToAddAccess": false,\
      "enableOnBehalfRequestorsToUpdateAccess": false,\
      "enableOnBehalfRequestorsToRemoveAccess": false,\
      "onBehalfRequestors": []\
  },\
  "requestApprovalSettings": {\
      "isApprovalRequiredForAdd": true,\
      "isApprovalRequiredForUpdate": false,\
      "stages": [\
          {\
              "durationBeforeAutomaticDenial": "P2D",\
              "isApproverJustificationRequired": false,\
              "isEscalationEnabled": false,\
              "durationBeforeEscalation": "PT0S",\
              "primaryApprovers": [\
                  {\
                      "@odata.type": "#microsoft.graph.requestorManager",\
                      "managerLevel": 1\
                  }\
              ],\
              "fallbackPrimaryApprovers": [\
                  {\
                      "@odata.type": "#microsoft.graph.singleUser",\
                      "userId": "e6bf4d7d-6824-4dd0-809d-5bf42d4817c2",\
                      "description": "user"\
                  }\
              ],\
              "escalationApprovers": [],\
              "fallbackEscalationApprovers": []\
          }\
      ]\
  },\
  "accessPackage": {\
        "id": "49d2c59b-0a81-463d-a8ec-ddad3935d8a0"\
  }\
}\
'

Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider, см. в документации по SDK.



import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
	  graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
	  //other-imports
)

graphClient := msgraphsdk.NewGraphServiceClientWithCredentials(cred, scopes)


requestBody := graphmodels.NewAccessPackageAssignmentPolicy()
id := "87e1c7f7-c7f7-87e1-f7c7-e187f7c7e187"
requestBody.SetId(&id) 
displayName := "All Users"
requestBody.SetDisplayName(&displayName) 
description := "All users can request for access to the directory."
requestBody.SetDescription(&description) 
allowedTargetScope := graphmodels.ALLDIRECTORYUSERS_ALLOWEDTARGETSCOPE 
requestBody.SetAllowedTargetScope(&allowedTargetScope) 
automaticRequestSettings := null
requestBody.SetAutomaticRequestSettings(&automaticRequestSettings) 
specificAllowedTargets := []graphmodels.SubjectSetable {

}
requestBody.SetSpecificAllowedTargets(specificAllowedTargets)
expiration := graphmodels.NewExpirationPattern()
type := graphmodels.NOEXPIRATION_EXPIRATIONPATTERNTYPE 
expiration.SetType(&type) 
requestBody.SetExpiration(expiration)
requestorSettings := graphmodels.NewAccessPackageAssignmentRequestorSettings()
enableTargetsToSelfAddAccess := true
requestorSettings.SetEnableTargetsToSelfAddAccess(&enableTargetsToSelfAddAccess) 
enableTargetsToSelfUpdateAccess := false
requestorSettings.SetEnableTargetsToSelfUpdateAccess(&enableTargetsToSelfUpdateAccess) 
enableTargetsToSelfRemoveAccess := true
requestorSettings.SetEnableTargetsToSelfRemoveAccess(&enableTargetsToSelfRemoveAccess) 
allowCustomAssignmentSchedule := false
requestorSettings.SetAllowCustomAssignmentSchedule(&allowCustomAssignmentSchedule) 
enableOnBehalfRequestorsToAddAccess := false
requestorSettings.SetEnableOnBehalfRequestorsToAddAccess(&enableOnBehalfRequestorsToAddAccess) 
enableOnBehalfRequestorsToUpdateAccess := false
requestorSettings.SetEnableOnBehalfRequestorsToUpdateAccess(&enableOnBehalfRequestorsToUpdateAccess) 
enableOnBehalfRequestorsToRemoveAccess := false
requestorSettings.SetEnableOnBehalfRequestorsToRemoveAccess(&enableOnBehalfRequestorsToRemoveAccess) 
onBehalfRequestors := []graphmodels.SubjectSetable {

}
requestorSettings.SetOnBehalfRequestors(onBehalfRequestors)
requestBody.SetRequestorSettings(requestorSettings)
requestApprovalSettings := graphmodels.NewAccessPackageAssignmentApprovalSettings()
isApprovalRequiredForAdd := true
requestApprovalSettings.SetIsApprovalRequiredForAdd(&isApprovalRequiredForAdd) 
isApprovalRequiredForUpdate := false
requestApprovalSettings.SetIsApprovalRequiredForUpdate(&isApprovalRequiredForUpdate) 


accessPackageApprovalStage := graphmodels.NewAccessPackageApprovalStage()
durationBeforeAutomaticDenial , err := abstractions.ParseISODuration("P2D")
accessPackageApprovalStage.SetDurationBeforeAutomaticDenial(&durationBeforeAutomaticDenial) 
isApproverJustificationRequired := false
accessPackageApprovalStage.SetIsApproverJustificationRequired(&isApproverJustificationRequired) 
isEscalationEnabled := false
accessPackageApprovalStage.SetIsEscalationEnabled(&isEscalationEnabled) 
durationBeforeEscalation , err := abstractions.ParseISODuration("PT0S")
accessPackageApprovalStage.SetDurationBeforeEscalation(&durationBeforeEscalation) 


subjectSet := graphmodels.NewRequestorManager()
managerLevel := int32(1)
subjectSet.SetManagerLevel(&managerLevel) 

primaryApprovers := []graphmodels.SubjectSetable {
	subjectSet,
}
accessPackageApprovalStage.SetPrimaryApprovers(primaryApprovers)


subjectSet := graphmodels.NewSingleUser()
userId := "e6bf4d7d-6824-4dd0-809d-5bf42d4817c2"
subjectSet.SetUserId(&userId) 
description := "user"
subjectSet.SetDescription(&description) 

fallbackPrimaryApprovers := []graphmodels.SubjectSetable {
	subjectSet,
}
accessPackageApprovalStage.SetFallbackPrimaryApprovers(fallbackPrimaryApprovers)
escalationApprovers := []graphmodels.SubjectSetable {

}
accessPackageApprovalStage.SetEscalationApprovers(escalationApprovers)
fallbackEscalationApprovers := []graphmodels.SubjectSetable {

}
accessPackageApprovalStage.SetFallbackEscalationApprovers(fallbackEscalationApprovers)

stages := []graphmodels.AccessPackageApprovalStageable {
	accessPackageApprovalStage,
}
requestApprovalSettings.SetStages(stages)
requestBody.SetRequestApprovalSettings(requestApprovalSettings)
accessPackage := graphmodels.NewAccessPackage()
id := "49d2c59b-0a81-463d-a8ec-ddad3935d8a0"
accessPackage.SetId(&id) 
requestBody.SetAccessPackage(accessPackage)

assignmentPolicies, err := graphClient.IdentityGovernance().EntitlementManagement().AssignmentPolicies().ByAccessPackageAssignmentPolicyId("accessPackageAssignmentPolicy-id").Put(context.Background(), requestBody, nil)

Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider, см. в документации по SDK.


// Code snippets are only available for the latest version. Current version is 6.x

GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);

AccessPackageAssignmentPolicy accessPackageAssignmentPolicy = new AccessPackageAssignmentPolicy();
accessPackageAssignmentPolicy.setId("87e1c7f7-c7f7-87e1-f7c7-e187f7c7e187");
accessPackageAssignmentPolicy.setDisplayName("All Users");
accessPackageAssignmentPolicy.setDescription("All users can request for access to the directory.");
accessPackageAssignmentPolicy.setAllowedTargetScope(AllowedTargetScope.AllDirectoryUsers);
accessPackageAssignmentPolicy.setAutomaticRequestSettings(null);
LinkedList<SubjectSet> specificAllowedTargets = new LinkedList<SubjectSet>();
accessPackageAssignmentPolicy.setSpecificAllowedTargets(specificAllowedTargets);
ExpirationPattern expiration = new ExpirationPattern();
expiration.setType(ExpirationPatternType.NoExpiration);
accessPackageAssignmentPolicy.setExpiration(expiration);
AccessPackageAssignmentRequestorSettings requestorSettings = new AccessPackageAssignmentRequestorSettings();
requestorSettings.setEnableTargetsToSelfAddAccess(true);
requestorSettings.setEnableTargetsToSelfUpdateAccess(false);
requestorSettings.setEnableTargetsToSelfRemoveAccess(true);
requestorSettings.setAllowCustomAssignmentSchedule(false);
requestorSettings.setEnableOnBehalfRequestorsToAddAccess(false);
requestorSettings.setEnableOnBehalfRequestorsToUpdateAccess(false);
requestorSettings.setEnableOnBehalfRequestorsToRemoveAccess(false);
LinkedList<SubjectSet> onBehalfRequestors = new LinkedList<SubjectSet>();
requestorSettings.setOnBehalfRequestors(onBehalfRequestors);
accessPackageAssignmentPolicy.setRequestorSettings(requestorSettings);
AccessPackageAssignmentApprovalSettings requestApprovalSettings = new AccessPackageAssignmentApprovalSettings();
requestApprovalSettings.setIsApprovalRequiredForAdd(true);
requestApprovalSettings.setIsApprovalRequiredForUpdate(false);
LinkedList<AccessPackageApprovalStage> stages = new LinkedList<AccessPackageApprovalStage>();
AccessPackageApprovalStage accessPackageApprovalStage = new AccessPackageApprovalStage();
PeriodAndDuration durationBeforeAutomaticDenial = PeriodAndDuration.ofDuration(Duration.parse("P2D"));
accessPackageApprovalStage.setDurationBeforeAutomaticDenial(durationBeforeAutomaticDenial);
accessPackageApprovalStage.setIsApproverJustificationRequired(false);
accessPackageApprovalStage.setIsEscalationEnabled(false);
PeriodAndDuration durationBeforeEscalation = PeriodAndDuration.ofDuration(Duration.parse("PT0S"));
accessPackageApprovalStage.setDurationBeforeEscalation(durationBeforeEscalation);
LinkedList<SubjectSet> primaryApprovers = new LinkedList<SubjectSet>();
RequestorManager subjectSet = new RequestorManager();
subjectSet.setOdataType("#microsoft.graph.requestorManager");
subjectSet.setManagerLevel(1);
primaryApprovers.add(subjectSet);
accessPackageApprovalStage.setPrimaryApprovers(primaryApprovers);
LinkedList<SubjectSet> fallbackPrimaryApprovers = new LinkedList<SubjectSet>();
SingleUser subjectSet1 = new SingleUser();
subjectSet1.setOdataType("#microsoft.graph.singleUser");
subjectSet1.setUserId("e6bf4d7d-6824-4dd0-809d-5bf42d4817c2");
subjectSet1.setDescription("user");
fallbackPrimaryApprovers.add(subjectSet1);
accessPackageApprovalStage.setFallbackPrimaryApprovers(fallbackPrimaryApprovers);
LinkedList<SubjectSet> escalationApprovers = new LinkedList<SubjectSet>();
accessPackageApprovalStage.setEscalationApprovers(escalationApprovers);
LinkedList<SubjectSet> fallbackEscalationApprovers = new LinkedList<SubjectSet>();
accessPackageApprovalStage.setFallbackEscalationApprovers(fallbackEscalationApprovers);
stages.add(accessPackageApprovalStage);
requestApprovalSettings.setStages(stages);
accessPackageAssignmentPolicy.setRequestApprovalSettings(requestApprovalSettings);
AccessPackage accessPackage = new AccessPackage();
accessPackage.setId("49d2c59b-0a81-463d-a8ec-ddad3935d8a0");
accessPackageAssignmentPolicy.setAccessPackage(accessPackage);
AccessPackageAssignmentPolicy result = graphClient.identityGovernance().entitlementManagement().assignmentPolicies().byAccessPackageAssignmentPolicyId("{accessPackageAssignmentPolicy-id}").put(accessPackageAssignmentPolicy);

Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider, см. в документации по SDK.


const options = {
	authProvider,
};

const client = Client.init(options);

const accessPackageAssignmentPolicy = {
  id: '87e1c7f7-c7f7-87e1-f7c7-e187f7c7e187',
  displayName: 'All Users',
  description: 'All users can request for access to the directory.',
  allowedTargetScope: 'allDirectoryUsers',
  automaticRequestSettings: null,
  specificAllowedTargets: [],
  expiration: {
      type: 'noExpiration'
  },
  requestorSettings: {
      enableTargetsToSelfAddAccess: true,
      enableTargetsToSelfUpdateAccess: false,
      enableTargetsToSelfRemoveAccess: true,
      allowCustomAssignmentSchedule: false,
      enableOnBehalfRequestorsToAddAccess: false,
      enableOnBehalfRequestorsToUpdateAccess: false,
      enableOnBehalfRequestorsToRemoveAccess: false,
      onBehalfRequestors: []
  },
  requestApprovalSettings: {
      isApprovalRequiredForAdd: true,
      isApprovalRequiredForUpdate: false,
      stages: [
          {
              durationBeforeAutomaticDenial: 'P2D',
              isApproverJustificationRequired: false,
              isEscalationEnabled: false,
              durationBeforeEscalation: 'PT0S',
              primaryApprovers: [
                  {
                      '@odata.type': '#microsoft.graph.requestorManager',
                      managerLevel: 1
                  }
              ],
              fallbackPrimaryApprovers: [
                  {
                      '@odata.type': '#microsoft.graph.singleUser',
                      userId: 'e6bf4d7d-6824-4dd0-809d-5bf42d4817c2',
                      description: 'user'
                  }
              ],
              escalationApprovers: [],
              fallbackEscalationApprovers: []
          }
      ]
  },
  accessPackage: {
        id: '49d2c59b-0a81-463d-a8ec-ddad3935d8a0'
  }
};

await client.api('/identityGovernance/entitlementManagement/assignmentPolicies/87e1c7f7-c7f7-87e1-f7c7-e187f7c7e187')
	.put(accessPackageAssignmentPolicy);

Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider, см. в документации по SDK.


<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\AccessPackageAssignmentPolicy;
use Microsoft\Graph\Generated\Models\SubjectSet;
use Microsoft\Graph\Generated\Models\ExpirationPattern;
use Microsoft\Graph\Generated\Models\AccessPackageAssignmentRequestorSettings;
use Microsoft\Graph\Generated\Models\AccessPackageAssignmentApprovalSettings;
use Microsoft\Graph\Generated\Models\AccessPackageApprovalStage;
use Microsoft\Graph\Generated\Models\RequestorManager;
use Microsoft\Graph\Generated\Models\SingleUser;
use Microsoft\Graph\Generated\Models\AccessPackage;


$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);

$requestBody = new AccessPackageAssignmentPolicy();
$requestBody->setId('87e1c7f7-c7f7-87e1-f7c7-e187f7c7e187');
$requestBody->setDisplayName('All Users');
$requestBody->setDescription('All users can request for access to the directory.');
$requestBody->setAllowedTargetScope(new AllowedTargetScope('allDirectoryUsers'));
$requestBody->setAutomaticRequestSettings(null);
$requestBody->setSpecificAllowedTargets([	]);
$expiration = new ExpirationPattern();
$expiration->setType(new ExpirationPatternType('noExpiration'));
$requestBody->setExpiration($expiration);
$requestorSettings = new AccessPackageAssignmentRequestorSettings();
$requestorSettings->setEnableTargetsToSelfAddAccess(true);
$requestorSettings->setEnableTargetsToSelfUpdateAccess(false);
$requestorSettings->setEnableTargetsToSelfRemoveAccess(true);
$requestorSettings->setAllowCustomAssignmentSchedule(false);
$requestorSettings->setEnableOnBehalfRequestorsToAddAccess(false);
$requestorSettings->setEnableOnBehalfRequestorsToUpdateAccess(false);
$requestorSettings->setEnableOnBehalfRequestorsToRemoveAccess(false);
$requestorSettings->setOnBehalfRequestors([	]);
$requestBody->setRequestorSettings($requestorSettings);
$requestApprovalSettings = new AccessPackageAssignmentApprovalSettings();
$requestApprovalSettings->setIsApprovalRequiredForAdd(true);
$requestApprovalSettings->setIsApprovalRequiredForUpdate(false);
$stagesAccessPackageApprovalStage1 = new AccessPackageApprovalStage();
$stagesAccessPackageApprovalStage1->setDurationBeforeAutomaticDenial(new \DateInterval('P2D'));
$stagesAccessPackageApprovalStage1->setIsApproverJustificationRequired(false);
$stagesAccessPackageApprovalStage1->setIsEscalationEnabled(false);
$stagesAccessPackageApprovalStage1->setDurationBeforeEscalation(new \DateInterval('PT0S'));
$primaryApproversSubjectSet1 = new RequestorManager();
$primaryApproversSubjectSet1->setOdataType('#microsoft.graph.requestorManager');
$primaryApproversSubjectSet1->setManagerLevel(1);
$primaryApproversArray []= $primaryApproversSubjectSet1;
$stagesAccessPackageApprovalStage1->setPrimaryApprovers($primaryApproversArray);

$fallbackPrimaryApproversSubjectSet1 = new SingleUser();
$fallbackPrimaryApproversSubjectSet1->setOdataType('#microsoft.graph.singleUser');
$fallbackPrimaryApproversSubjectSet1->setUserId('e6bf4d7d-6824-4dd0-809d-5bf42d4817c2');
$fallbackPrimaryApproversSubjectSet1->setDescription('user');
$fallbackPrimaryApproversArray []= $fallbackPrimaryApproversSubjectSet1;
$stagesAccessPackageApprovalStage1->setFallbackPrimaryApprovers($fallbackPrimaryApproversArray);

$stagesAccessPackageApprovalStage1->setEscalationApprovers([]);
$stagesAccessPackageApprovalStage1->setFallbackEscalationApprovers([]);
$stagesArray []= $stagesAccessPackageApprovalStage1;
$requestApprovalSettings->setStages($stagesArray);

$requestBody->setRequestApprovalSettings($requestApprovalSettings);
$accessPackage = new AccessPackage();
$accessPackage->setId('49d2c59b-0a81-463d-a8ec-ddad3935d8a0');
$requestBody->setAccessPackage($accessPackage);

$result = $graphServiceClient->identityGovernance()->entitlementManagement()->assignmentPolicies()->byAccessPackageAssignmentPolicyId('accessPackageAssignmentPolicy-id')->put($requestBody)->wait();

Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider, см. в документации по SDK.


Import-Module Microsoft.Graph.Identity.Governance

$params = @{
	id = "87e1c7f7-c7f7-87e1-f7c7-e187f7c7e187"
	displayName = "All Users"
	description = "All users can request for access to the directory."
	allowedTargetScope = "allDirectoryUsers"
	automaticRequestSettings = $null
	specificAllowedTargets = @(
	)
	expiration = @{
		type = "noExpiration"
	}
	requestorSettings = @{
		enableTargetsToSelfAddAccess = $true
		enableTargetsToSelfUpdateAccess = $false
		enableTargetsToSelfRemoveAccess = $true
		allowCustomAssignmentSchedule = $false
		enableOnBehalfRequestorsToAddAccess = $false
		enableOnBehalfRequestorsToUpdateAccess = $false
		enableOnBehalfRequestorsToRemoveAccess = $false
		onBehalfRequestors = @(
		)
	}
	requestApprovalSettings = @{
		isApprovalRequiredForAdd = $true
		isApprovalRequiredForUpdate = $false
		stages = @(
			@{
				durationBeforeAutomaticDenial = "P2D"
				isApproverJustificationRequired = $false
				isEscalationEnabled = $false
				durationBeforeEscalation = "PT0S"
				primaryApprovers = @(
					@{
						"@odata.type" = "#microsoft.graph.requestorManager"
						managerLevel = 
					}
				)
				fallbackPrimaryApprovers = @(
					@{
						"@odata.type" = "#microsoft.graph.singleUser"
						userId = "e6bf4d7d-6824-4dd0-809d-5bf42d4817c2"
						description = "user"
					}
				)
				escalationApprovers = @(
				)
				fallbackEscalationApprovers = @(
				)
			}
		)
	}
	accessPackage = @{
		id = "49d2c59b-0a81-463d-a8ec-ddad3935d8a0"
	}
}

Set-MgEntitlementManagementAssignmentPolicy -AccessPackageAssignmentPolicyId $accessPackageAssignmentPolicyId -BodyParameter $params

Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider, см. в документации по SDK.


from msgraph import GraphServiceClient
from msgraph.generated.models.access_package_assignment_policy import AccessPackageAssignmentPolicy
from msgraph.generated.models.subject_set import SubjectSet
from msgraph.generated.models.expiration_pattern import ExpirationPattern
from msgraph.generated.models.access_package_assignment_requestor_settings import AccessPackageAssignmentRequestorSettings
from msgraph.generated.models.access_package_assignment_approval_settings import AccessPackageAssignmentApprovalSettings
from msgraph.generated.models.access_package_approval_stage import AccessPackageApprovalStage
from msgraph.generated.models.requestor_manager import RequestorManager
from msgraph.generated.models.single_user import SingleUser
from msgraph.generated.models.access_package import AccessPackage

graph_client = GraphServiceClient(credentials, scopes)

request_body = AccessPackageAssignmentPolicy(
	id = "87e1c7f7-c7f7-87e1-f7c7-e187f7c7e187",
	display_name = "All Users",
	description = "All users can request for access to the directory.",
	allowed_target_scope = AllowedTargetScope.AllDirectoryUsers,
	automatic_request_settings = None,
	specific_allowed_targets = [
	],
	expiration = ExpirationPattern(
		type = ExpirationPatternType.NoExpiration,
	),
	requestor_settings = AccessPackageAssignmentRequestorSettings(
		enable_targets_to_self_add_access = True,
		enable_targets_to_self_update_access = False,
		enable_targets_to_self_remove_access = True,
		allow_custom_assignment_schedule = False,
		enable_on_behalf_requestors_to_add_access = False,
		enable_on_behalf_requestors_to_update_access = False,
		enable_on_behalf_requestors_to_remove_access = False,
		on_behalf_requestors = [
		],
	),
	request_approval_settings = AccessPackageAssignmentApprovalSettings(
		is_approval_required_for_add = True,
		is_approval_required_for_update = False,
		stages = [
			AccessPackageApprovalStage(
				duration_before_automatic_denial = "P2D",
				is_approver_justification_required = False,
				is_escalation_enabled = False,
				duration_before_escalation = "PT0S",
				primary_approvers = [
					RequestorManager(
						odata_type = "#microsoft.graph.requestorManager",
						manager_level = 1,
					),
				],
				fallback_primary_approvers = [
					SingleUser(
						odata_type = "#microsoft.graph.singleUser",
						user_id = "e6bf4d7d-6824-4dd0-809d-5bf42d4817c2",
						description = "user",
					),
				],
				escalation_approvers = [
				],
				fallback_escalation_approvers = [
				],
			),
		],
	),
	access_package = AccessPackage(
		id = "49d2c59b-0a81-463d-a8ec-ddad3935d8a0",
	),
)

result = await graph_client.identity_governance.entitlement_management.assignment_policies.by_access_package_assignment_policy_id('accessPackageAssignmentPolicy-id').put(request_body)

Подробнее о том, как добавить SDK в свой проект и создать экземпляр authProvider, см. в документации по SDK.

Отклик

Примечание. Объект отклика, показанный здесь, может быть сокращен для удобочитаемости.

HTTP/1.1 200 OK
Content-Type: application/json

{
  "id": "87e1c7f7-c7f7-87e1-f7c7-e187f7c7e187",
  "displayName": "All Users",
  "description": "All users can request for access to the directory."
}

Обновление accessPackageAssignmentPolicy

Разрешения

HTTP-запрос

Заголовки запросов

Текст запроса

Отклик

Примеры

Запрос

Отклик

Обратная связь

Обратная связь

Дополнительные ресурсы