accessReviewInstance resource type
Namespace: microsoft.graph
Important
APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.
Note
This is the recommended API for access reviews. The previous version of the access reviews API is deprecated.
Represents a Microsoft Entra access review recurrence. If the parent accessReviewScheduleDefinition is a recurring access review, instances represent each recurrence. A review that doesn't recur will have exactly one instance. Instances also represent each unique group being reviewed in the schedule definition. If a schedule definition reviews multiple groups, each group has a unique instance for each recurrence.
Every accessReviewInstance contains a list of decisions that reviewers can take action on. There's one decision per identity being reviewed.
Methods
| Method | Return Type | Description |
|---|---|---|
| List | accessReviewInstance collection | Get a list of the accessReviewInstance objects and their properties. |
| Get | accessReviewInstance | Read the properties and relationships of an accessReviewInstance object. |
| Update | accessReviewInstance | Update the reviewers of an accessReviewInstance object. |
| Filter by current user | accessReviewInstance collection | Returns all instances on a given accessReviewScheduleDefinition for which the calling user is the reviewer of one or more decisions. |
| List contacted reviewers | accessReviewReviewer collection | Get the reviewers who received notifications for an access review instance. |
| Send reminder | None. | Send a reminder to the reviewers of an accessReviewInstance. |
| Stop | None. | Manually stop an accessReviewInstance. |
| Accept recommendations | None. | Allows the calling user to accept the decision recommendation for each NotReviewed accessReviewInstanceDecisionItem that they're the reviewer on for a specific accessReviewInstance. |
| Apply decisions | None. | Manually apply decisions on an accessReviewInstance. |
| Stop apply decisions | None. | Allows the calling user to stop the apply decision action on a specific accessReviewInstance. |
| Batch record decisions | None | Review batches of principals or resources in one call. |
| Reset decisions | None | Resets all decision items on an instance to notReviewed. |
| List stages | accessReviewStage collection | Retrieve the stages in a multi-stage access review instance. |
| List decisions | accessReviewInstanceDecisionItem collection | Get the accessReviewInstanceDecisionItem resources from the decisions navigation property. |
| List pending access review instances (deprecated) | accessReviewInstance collection. | Get all pending accessReviewInstance resources assigned to the calling user. This method is being deprecated and replaced by filterByCurrentUser. |
Properties
| Property | Type | Description |
|---|---|---|
| endDateTime | DateTimeOffset | DateTime when review instance is scheduled to end. The DatetimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Supports $select. Read-only. |
| errors | accessReviewError collection | Collection of errors in an access review instance lifecycle. Read-only. |
| fallbackReviewers | accessReviewReviewerScope collection | This collection of reviewer scopes is used to define the list of fallback reviewers. These fallback reviewers are notified to take action if no users are found from the list of reviewers specified. This could occur when either the group owner is specified as the reviewer but the group owner doesn't exist, or manager is specified as reviewer but a user's manager doesn't exist. Supports $select. |
| id | String | Unique identifier of the instance. Supports $select. Read-only. |
| scope | accessReviewScope | Created based on scope and instanceEnumerationScope at the accessReviewScheduleDefinition level. Defines the scope of users reviewed in a group. Supports $select and $filter (contains only). Read-only. |
| startDateTime | DateTimeOffset | DateTime when review instance is scheduled to start. May be in the future. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Supports $select. Read-only. |
| status | String | Specifies the status of an accessReview. Possible values: Initializing, NotStarted, Starting, InProgress, Completing, Completed, AutoReviewing, and AutoReviewed. Supports $select, $orderby, and $filter (eq only). Read-only. |
| reviewers | accessReviewReviewerScope collection | This collection of access review scopes is used to define who the reviewers are. Supports $select. For examples of options for assigning reviewers, see Assign reviewers to your access review definition using the Microsoft Graph API. |
Relationships
| Relationship | Type | Description |
|---|---|---|
| contactedReviewers | accessReviewReviewer collection | Returns the collection of reviewers who were contacted to complete this review. While the reviewers and fallbackReviewers properties of the accessReviewScheduleDefinition might specify group owners or managers as reviewers, contactedReviewers returns their individual identities. Supports $select. Read-only. |
| definition | accessReviewScheduleDefinition | There's exactly one accessReviewScheduleDefinition associated with each instance. It's the parent schedule for the instance, where instances are created for each recurrence of a review definition and each group selected to review by the definition. |
| stages | accessReviewStage collection | If the instance has multiple stages, this returns the collection of stages. A new stage will only be created when the previous stage ends. The existence, number, and settings of stages on a review instance are created based on the accessReviewStageSettings on the parent accessReviewScheduleDefinition. |
| decisions | accessReviewInstanceDecisionItem collection | Each user reviewed in an accessReviewInstance has a decision item representing if they were approved, denied, or not yet reviewed. |
JSON representation
The following JSON representation shows the resource type.
{
"@odata.type": "#microsoft.graph.accessReviewInstance",
"id": "string (identifier)",
"startDateTime": "string (timestamp)",
"endDateTime": "string (timestamp)",
"status": "string",
"scope": {
"@odata.type": "microsoft.graph.accessReviewScope"
},
"reviewers": [
{
"@odata.type": "microsoft.graph.accessReviewReviewerScope"
}
],
"fallbackReviewers": [
{
"@odata.type": "microsoft.graph.accessReviewReviewerScope"
}
],
"contactedReviewers": [
{
"@odata.type": "microsoft.graph.accessReviewReviewer"
}
]
}