accessPackageAssignmentPolicy resource type
Namespace: microsoft.graph
In Microsoft Entra entitlement management, an access package assignment policy specifies the policy by which subjects can request or be assigned an access package via an access package assignment. An access package can have zero or more policies. When a request from a subject is received, the subject is matched against each policy to find the policy (if any) with requestorSettings that include that subject. The policy then determines whether the request requires approval, the duration of the access package assignment, and whether the assignment needs regular reviews.
To assign a user to an access package, create an accessPackageAssignmentRequest which references the access package and access package assignment policy.
Methods
| Method | Return type | Description |
|---|---|---|
| List | accessPackageAssignmentPolicy collection | Get a list of the accessPackageAssignmentPolicy objects and their properties. |
| Create | accessPackageAssignmentPolicy | Create a new accessPackageAssignmentPolicy object. |
| Get | accessPackageAssignmentPolicy | Read the properties and relationships of an accessPackageAssignmentPolicy object. |
| Update | accessPackageAssignmentPolicy | Update the properties of an accessPackageAssignmentPolicy object. |
| Delete | None | Deletes an accessPackageAssignmentPolicy object. |
Properties
| Property | Type | Description |
|---|---|---|
| allowedTargetScope | allowedTargetScope | Principals that can be assigned the access package through this policy. The possible values are: notSpecified, specificDirectoryUsers, specificConnectedOrganizationUsers, specificDirectoryServicePrincipals, allMemberUsers, allDirectoryUsers, allDirectoryServicePrincipals, allConfiguredConnectedOrganizationUsers, allExternalUsers, unknownFutureValue. |
| automaticRequestSettings | accessPackageAutomaticRequestSettings | This property is only present for an auto assignment policy; if absent, this is a request-based policy. |
| createdDateTime | DateTimeOffset | The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. |
| description | String | The description of the policy. |
| displayName | String | The display name of the policy. |
| expiration | expirationPattern | The expiration date for assignments created in this policy. |
| id | String | Read only. |
| modifiedDateTime | DateTimeOffset | The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. |
| requestApprovalSettings | accessPackageAssignmentApprovalSettings | Specifies the settings for approval of requests for an access package assignment through this policy. For example, if approval is required for new requests. |
| requestorSettings | accessPackageAssignmentRequestorSettings | Provides additional settings to select who can create a request for an access package assignment through this policy, and what they can include in their request. |
| reviewSettings | accessPackageAssignmentReviewSettings | Settings for access reviews of assignments through this policy. |
| specificAllowedTargets | subjectSet collection | The principals that can be assigned access from an access package through this policy. |
Relationships
| Relationship | Type | Description |
|---|---|---|
| accessPackage | accessPackage | Access package containing this policy. Read-only. Supports $expand. |
| catalog | accessPackageCatalog | Catalog of the access package containing this policy. Read-only. |
| questions | accessPackageQuestion collection | Questions that are posed to the requestor. |
| customExtensionStageSettings | customExtensionStageSetting collection | The collection of stages when to execute one or more custom access package workflow extensions. Supports $expand. |
JSON representation
The following JSON representation shows the resource type.
{
"@odata.type": "#microsoft.graph.accessPackageAssignmentPolicy",
"allowedTargetScope": "String",
"automaticRequestSettings": {
"@odata.type": "microsoft.graph.accessPackageAutomaticRequestSettings"
},
"createdDateTime": "String (timestamp)",
"description": "String",
"displayName": "String",
"expiration": {
"@odata.type": "microsoft.graph.expirationPattern"
},
"id": "String (identifier)",
"modifiedDateTime": "String (timestamp)",
"requestorSettings": {
"@odata.type": "microsoft.graph.accessPackageAssignmentRequestorSettings"
},
"questions": [
{
"@odata.type": "microsoft.graph.accessPackageQuestion"
}
],
"requestApprovalSettings": {
"@odata.type": "microsoft.graph.accessPackageAssignmentApprovalSettings"
},
"reviewSettings": {
"@odata.type": "microsoft.graph.accessPackageAssignmentReviewSettings"
},
"specificAllowedTargets": [
{
"@odata.type": "microsoft.graph.singleUser"
}
]
}