Update-MgIdentityGovernanceAccessReviewDefinitionInstance
Update the properties of an accessReviewInstance object. Only the reviewers and fallbackReviewers properties can be updated but the scope property is also required in the request body. You can only add reviewers to the fallbackReviewers property but can't remove existing fallbackReviewers. To update an accessReviewInstance, it's status must be InProgress.
Note
To view the beta release of this cmdlet, view Update-MgBetaIdentityGovernanceAccessReviewDefinitionInstance
Syntax
Update-MgIdentityGovernanceAccessReviewDefinitionInstance
-AccessReviewInstanceId <String>
-AccessReviewScheduleDefinitionId <String>
[-ResponseHeadersVariable <String>]
[-AdditionalProperties <Hashtable>]
[-ContactedReviewers <IMicrosoftGraphAccessReviewReviewer[]>]
[-Decisions <IMicrosoftGraphAccessReviewInstanceDecisionItem[]>]
[-EndDateTime <DateTime>]
[-FallbackReviewers <IMicrosoftGraphAccessReviewReviewerScope[]>]
[-Id <String>]
[-Reviewers <IMicrosoftGraphAccessReviewReviewerScope[]>]
[-Scope <Hashtable>]
[-Stages <IMicrosoftGraphAccessReviewStage[]>]
[-StartDateTime <DateTime>]
[-Status <String>]
[-Headers <IDictionary>]
[-ProgressAction <ActionPreference>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Update-MgIdentityGovernanceAccessReviewDefinitionInstance
-AccessReviewInstanceId <String>
-AccessReviewScheduleDefinitionId <String>
-BodyParameter <IMicrosoftGraphAccessReviewInstance>
[-ResponseHeadersVariable <String>]
[-Headers <IDictionary>]
[-ProgressAction <ActionPreference>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Update-MgIdentityGovernanceAccessReviewDefinitionInstance
-InputObject <IIdentityGovernanceIdentity>
[-ResponseHeadersVariable <String>]
[-AdditionalProperties <Hashtable>]
[-ContactedReviewers <IMicrosoftGraphAccessReviewReviewer[]>]
[-Decisions <IMicrosoftGraphAccessReviewInstanceDecisionItem[]>]
[-EndDateTime <DateTime>]
[-FallbackReviewers <IMicrosoftGraphAccessReviewReviewerScope[]>]
[-Id <String>]
[-Reviewers <IMicrosoftGraphAccessReviewReviewerScope[]>]
[-Scope <Hashtable>]
[-Stages <IMicrosoftGraphAccessReviewStage[]>]
[-StartDateTime <DateTime>]
[-Status <String>]
[-Headers <IDictionary>]
[-ProgressAction <ActionPreference>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Update-MgIdentityGovernanceAccessReviewDefinitionInstance
-InputObject <IIdentityGovernanceIdentity>
-BodyParameter <IMicrosoftGraphAccessReviewInstance>
[-ResponseHeadersVariable <String>]
[-Headers <IDictionary>]
[-ProgressAction <ActionPreference>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
Update the properties of an accessReviewInstance object. Only the reviewers and fallbackReviewers properties can be updated but the scope property is also required in the request body. You can only add reviewers to the fallbackReviewers property but can't remove existing fallbackReviewers. To update an accessReviewInstance, it's status must be InProgress.
Permissions
Permission type | Least privileged permissions | Higher privileged permissions |
---|---|---|
Delegated (work or school account) | AccessReview.ReadWrite.All | Not available. |
Delegated (personal Microsoft account) | Not supported. | Not supported. |
Application | AccessReview.ReadWrite.All | Not available. |
Examples
Example 1: Code snippet
Import-Module Microsoft.Graph.Identity.Governance
$params = @{
scope = @{
"@odata.type" = "#microsoft.graph.principalResourceMembershipsScope"
principalScopes = @(
@{
"@odata.type" = "#microsoft.graph.accessReviewQueryScope"
query = "/v1.0/users"
queryType = "MicrosoftGraph"
}
@{
"@odata.type" = "#microsoft.graph.accessReviewQueryScope"
query = "/v1.0/groups"
queryType = "MicrosoftGraph"
}
)
resourceScopes = @(
@{
"@odata.type" = "#microsoft.graph.accessReviewQueryScope"
query = "/beta/roleManagement/directory/roleDefinitions/9b895d92-2cd3-44c7-9d02-a6ac2d5ea5c3"
queryType = "MicrosoftGraph"
}
)
}
reviewers = @(
@{
query = "/users/1ed8ac56-4827-4733-8f80-86adc2e67db5"
queryType = "MicrosoftGraph"
}
)
fallbackReviewers = @(
@{
query = "/users/4562bcc8-c436-4f95-b7c0-4f8ce89dca5e"
queryType = "MicrosoftGraph"
}
@{
query = "/users/1ed8ac56-4827-4733-8f80-86adc2e67db5"
queryType = "MicrosoftGraph"
}
)
}
Update-MgIdentityGovernanceAccessReviewDefinitionInstance -AccessReviewScheduleDefinitionId $accessReviewScheduleDefinitionId -AccessReviewInstanceId $accessReviewInstanceId -BodyParameter $params
This example shows how to use the Update-MgIdentityGovernanceAccessReviewDefinitionInstance Cmdlet.
To learn about permissions for this resource, see the permissions reference.
Parameters
-AccessReviewInstanceId
The unique identifier of accessReviewInstance
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-AccessReviewScheduleDefinitionId
The unique identifier of accessReviewScheduleDefinition
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-AdditionalProperties
Additional Parameters
Type: | Hashtable |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-BodyParameter
accessReviewInstance To construct, see NOTES section for BODYPARAMETER properties and create a hash table.
Type: | IMicrosoftGraphAccessReviewInstance |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-Confirm
Prompts you for confirmation before running the cmdlet.
Type: | SwitchParameter |
Aliases: | cf |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ContactedReviewers
Returns the collection of reviewers who were contacted to complete this review. While the reviewers and fallbackReviewers properties of the accessReviewScheduleDefinition might specify group owners or managers as reviewers, contactedReviewers returns their individual identities. Supports $select. Read-only. To construct, see NOTES section for CONTACTEDREVIEWERS properties and create a hash table.
Type: | IMicrosoftGraphAccessReviewReviewer[] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Decisions
Each user reviewed in an accessReviewInstance has a decision item representing if they were approved, denied, or not yet reviewed. To construct, see NOTES section for DECISIONS properties and create a hash table.
Type: | IMicrosoftGraphAccessReviewInstanceDecisionItem[] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-EndDateTime
DateTime when review instance is scheduled to end.The DatetimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Supports $select. Read-only.
Type: | DateTime |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-FallbackReviewers
This collection of reviewer scopes is used to define the list of fallback reviewers. These fallback reviewers will be notified to take action if no users are found from the list of reviewers specified. This could occur when either the group owner is specified as the reviewer but the group owner does not exist, or manager is specified as reviewer but a user's manager does not exist. Supports $select. To construct, see NOTES section for FALLBACKREVIEWERS properties and create a hash table.
Type: | IMicrosoftGraphAccessReviewReviewerScope[] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Headers
Optional headers that will be added to the request.
Type: | IDictionary |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-Id
The unique identifier for an entity. Read-only.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-InputObject
Identity Parameter To construct, see NOTES section for INPUTOBJECT properties and create a hash table.
Type: | IIdentityGovernanceIdentity |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-ProgressAction
{{ Fill ProgressAction Description }}
Type: | ActionPreference |
Aliases: | proga |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ResponseHeadersVariable
Optional Response Headers Variable.
Type: | String |
Aliases: | RHV |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Reviewers
This collection of access review scopes is used to define who the reviewers are. Supports $select. For examples of options for assigning reviewers, see Assign reviewers to your access review definition using the Microsoft Graph API. To construct, see NOTES section for REVIEWERS properties and create a hash table.
Type: | IMicrosoftGraphAccessReviewReviewerScope[] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Scope
accessReviewScope
Type: | Hashtable |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Stages
If the instance has multiple stages, this returns the collection of stages. A new stage will only be created when the previous stage ends. The existence, number, and settings of stages on a review instance are created based on the accessReviewStageSettings on the parent accessReviewScheduleDefinition. To construct, see NOTES section for STAGES properties and create a hash table.
Type: | IMicrosoftGraphAccessReviewStage[] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-StartDateTime
DateTime when review instance is scheduled to start. May be in the future. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Supports $select. Read-only.
Type: | DateTime |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Status
Specifies the status of an accessReview. Possible values: Initializing, NotStarted, Starting, InProgress, Completing, Completed, AutoReviewing, and AutoReviewed. Supports $select, $orderby, and $filter (eq only). Read-only.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Type: | SwitchParameter |
Aliases: | wi |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Inputs
Microsoft.Graph.PowerShell.Models.IIdentityGovernanceIdentity
Microsoft.Graph.PowerShell.Models.IMicrosoftGraphAccessReviewInstance
System.Collections.IDictionary
Outputs
Microsoft.Graph.PowerShell.Models.IMicrosoftGraphAccessReviewInstance
Notes
COMPLEX PARAMETER PROPERTIES
To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables.
BODYPARAMETER <IMicrosoftGraphAccessReviewInstance>
: accessReviewInstance
[(Any) <Object>]
: This indicates any property can be added to this object.[Id <String>]
: The unique identifier for an entity. Read-only.[ContactedReviewers <IMicrosoftGraphAccessReviewReviewer-
[]>]
: Returns the collection of reviewers who were contacted to complete this review. While the reviewers and fallbackReviewers properties of the accessReviewScheduleDefinition might specify group owners or managers as reviewers, contactedReviewers returns their individual identities. Supports $select. Read-only.[Id <String>]
: The unique identifier for an entity. Read-only.[CreatedDateTime <DateTime?>]
: The date when the reviewer was added for the access review.[DisplayName <String>]
: Name of reviewer.[UserPrincipalName <String>]
: User principal name of the reviewer.
[Decisions <IMicrosoftGraphAccessReviewInstanceDecisionItem-
[]>]
: Each user reviewed in an accessReviewInstance has a decision item representing if they were approved, denied, or not yet reviewed.[Id <String>]
: The unique identifier for an entity. Read-only.[AccessReviewId <String>]
: The identifier of the accessReviewInstance parent. Supports $select. Read-only.[AppliedBy <IMicrosoftGraphUserIdentity>]
: userIdentity[(Any) <Object>]
: This indicates any property can be added to this object.[DisplayName <String>]
: The display name of the identity.For drive items, the display name might not always be available or up to date. For example, if a user changes their display name the API might show the new value in a future response, but the items associated with the user don't show up as changed when using delta.[Id <String>]
: Unique identifier for the identity or actor. For example, in the access reviews decisions API, this property might record the id of the principal, that is, the group, user, or application that's subject to review.[IPAddress <String>]
: Indicates the client IP address associated with the user performing the activity (audit log only).[UserPrincipalName <String>]
: The userPrincipalName attribute of the user.
[AppliedDateTime <DateTime?>]
: The timestamp when the approval decision was applied.00000000-0000-0000-0000-000000000000 if the assigned reviewer hasn't applied the decision or it was automatically applied. The DatetimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Supports $select. Read-only.[ApplyResult <String>]
: The result of applying the decision. Possible values: New, AppliedSuccessfully, AppliedWithUnknownFailure, AppliedSuccessfullyButObjectNotFound and ApplyNotSupported. Supports $select, $orderby, and $filter (eq only). Read-only.[Decision <String>]
: Result of the review. Possible values: Approve, Deny, NotReviewed, or DontKnow. Supports $select, $orderby, and $filter (eq only).[Insights <IMicrosoftGraphGovernanceInsight-
[]>]
: Insights are recommendations to reviewers on whether to approve or deny a decision. There can be multiple insights associated with an accessReviewInstanceDecisionItem.[Id <String>]
: The unique identifier for an entity. Read-only.[InsightCreatedDateTime <DateTime?>]
: Indicates when the insight was created.
[Justification <String>]
: Justification left by the reviewer when they made the decision.[Principal <IMicrosoftGraphIdentity>]
: identity[(Any) <Object>]
: This indicates any property can be added to this object.[DisplayName <String>]
: The display name of the identity.For drive items, the display name might not always be available or up to date. For example, if a user changes their display name the API might show the new value in a future response, but the items associated with the user don't show up as changed when using delta.[Id <String>]
: Unique identifier for the identity or actor. For example, in the access reviews decisions API, this property might record the id of the principal, that is, the group, user, or application that's subject to review.
[PrincipalLink <String>]
: A link to the principal object. For example, https://graph.microsoft.com/v1.0/users/a6c7aecb-cbfd-4763-87ef-e91b4bd509d9. Read-only.[Recommendation <String>]
: A system-generated recommendation for the approval decision based off last interactive sign-in to tenant. The value is Approve if the sign-in is fewer than 30 days after the start of review, Deny if the sign-in is greater than 30 days after, or NoInfoAvailable. Possible values: Approve, Deny, or NoInfoAvailable. Supports $select, $orderby, and $filter (eq only). Read-only.[Resource <IMicrosoftGraphAccessReviewInstanceDecisionItemResource>]
: accessReviewInstanceDecisionItemResource[(Any) <Object>]
: This indicates any property can be added to this object.[DisplayName <String>]
: Display name of the resource[Id <String>]
: Identifier of the resource[Type <String>]
: Type of resource. Types include: Group, ServicePrincipal, DirectoryRole, AzureRole, AccessPackageAssignmentPolicy.
[ResourceLink <String>]
: A link to the resource. For example, https://graph.microsoft.com/v1.0/servicePrincipals/c86300f3-8695-4320-9f6e-32a2555f5ff8. Supports $select. Read-only.[ReviewedBy <IMicrosoftGraphUserIdentity>]
: userIdentity[ReviewedDateTime <DateTime?>]
: The timestamp when the review decision occurred. Supports $select. Read-only.
[EndDateTime <DateTime?>]
: DateTime when review instance is scheduled to end.The DatetimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Supports $select. Read-only.[FallbackReviewers <IMicrosoftGraphAccessReviewReviewerScope-
[]>]
: This collection of reviewer scopes is used to define the list of fallback reviewers. These fallback reviewers will be notified to take action if no users are found from the list of reviewers specified. This could occur when either the group owner is specified as the reviewer but the group owner does not exist, or manager is specified as reviewer but a user's manager does not exist. Supports $select.[Query <String>]
: The query specifying who will be the reviewer.[QueryRoot <String>]
: In the scenario where reviewers need to be specified dynamically, this property is used to indicate the relative source of the query. This property is only required if a relative query, for example, ./manager, is specified. Possible value: decisions.[QueryType <String>]
: The type of query. Examples include MicrosoftGraph and ARM.
[Reviewers <IMicrosoftGraphAccessReviewReviewerScope-
[]>]
: This collection of access review scopes is used to define who the reviewers are. Supports $select. For examples of options for assigning reviewers, see Assign reviewers to your access review definition using the Microsoft Graph API.[Scope <IMicrosoftGraphAccessReviewScope>]
: accessReviewScope[(Any) <Object>]
: This indicates any property can be added to this object.
[Stages <IMicrosoftGraphAccessReviewStage-
[]>]
: If the instance has multiple stages, this returns the collection of stages. A new stage will only be created when the previous stage ends. The existence, number, and settings of stages on a review instance are created based on the accessReviewStageSettings on the parent accessReviewScheduleDefinition.[Id <String>]
: The unique identifier for an entity. Read-only.[Decisions <IMicrosoftGraphAccessReviewInstanceDecisionItem-
[]>]
: Each user reviewed in an accessReviewStage has a decision item representing if they were approved, denied, or not yet reviewed.[EndDateTime <DateTime?>]
: The date and time in ISO 8601 format and UTC time when the review stage is scheduled to end. This property is the cumulative total of the durationInDays for all stages. Read-only.[FallbackReviewers <IMicrosoftGraphAccessReviewReviewerScope-
[]>]
: This collection of reviewer scopes is used to define the list of fallback reviewers. These fallback reviewers are notified to take action if no users are found from the list of reviewers specified. This could occur when either the group owner is specified as the reviewer but the group owner doesn't exist, or manager is specified as reviewer but a user's manager doesn't exist.[Reviewers <IMicrosoftGraphAccessReviewReviewerScope-
[]>]
: This collection of access review scopes is used to define who the reviewers are. For examples of options for assigning reviewers, see Assign reviewers to your access review definition using the Microsoft Graph API.[StartDateTime <DateTime?>]
: The date and time in ISO 8601 format and UTC time when the review stage is scheduled to start. Read-only.[Status <String>]
: Specifies the status of an accessReviewStage. Possible values: Initializing, NotStarted, Starting, InProgress, Completing, Completed, AutoReviewing, and AutoReviewed. Supports $orderby, and $filter (eq only). Read-only.
[StartDateTime <DateTime?>]
: DateTime when review instance is scheduled to start. May be in the future. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Supports $select. Read-only.[Status <String>]
: Specifies the status of an accessReview. Possible values: Initializing, NotStarted, Starting, InProgress, Completing, Completed, AutoReviewing, and AutoReviewed. Supports $select, $orderby, and $filter (eq only). Read-only.
CONTACTEDREVIEWERS <IMicrosoftGraphAccessReviewReviewer- []
>: Returns the collection of reviewers who were contacted to complete this review.
While the reviewers and fallbackReviewers properties of the accessReviewScheduleDefinition might specify group owners or managers as reviewers, contactedReviewers returns their individual identities.
Supports $select.
Read-only.
[Id <String>]
: The unique identifier for an entity. Read-only.[CreatedDateTime <DateTime?>]
: The date when the reviewer was added for the access review.[DisplayName <String>]
: Name of reviewer.[UserPrincipalName <String>]
: User principal name of the reviewer.
DECISIONS <IMicrosoftGraphAccessReviewInstanceDecisionItem- []
>: Each user reviewed in an accessReviewInstance has a decision item representing if they were approved, denied, or not yet reviewed.
[Id <String>]
: The unique identifier for an entity. Read-only.[AccessReviewId <String>]
: The identifier of the accessReviewInstance parent. Supports $select. Read-only.[AppliedBy <IMicrosoftGraphUserIdentity>]
: userIdentity[(Any) <Object>]
: This indicates any property can be added to this object.[DisplayName <String>]
: The display name of the identity.For drive items, the display name might not always be available or up to date. For example, if a user changes their display name the API might show the new value in a future response, but the items associated with the user don't show up as changed when using delta.[Id <String>]
: Unique identifier for the identity or actor. For example, in the access reviews decisions API, this property might record the id of the principal, that is, the group, user, or application that's subject to review.[IPAddress <String>]
: Indicates the client IP address associated with the user performing the activity (audit log only).[UserPrincipalName <String>]
: The userPrincipalName attribute of the user.
[AppliedDateTime <DateTime?>]
: The timestamp when the approval decision was applied.00000000-0000-0000-0000-000000000000 if the assigned reviewer hasn't applied the decision or it was automatically applied. The DatetimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Supports $select. Read-only.[ApplyResult <String>]
: The result of applying the decision. Possible values: New, AppliedSuccessfully, AppliedWithUnknownFailure, AppliedSuccessfullyButObjectNotFound and ApplyNotSupported. Supports $select, $orderby, and $filter (eq only). Read-only.[Decision <String>]
: Result of the review. Possible values: Approve, Deny, NotReviewed, or DontKnow. Supports $select, $orderby, and $filter (eq only).[Insights <IMicrosoftGraphGovernanceInsight-
[]>]
: Insights are recommendations to reviewers on whether to approve or deny a decision. There can be multiple insights associated with an accessReviewInstanceDecisionItem.[Id <String>]
: The unique identifier for an entity. Read-only.[InsightCreatedDateTime <DateTime?>]
: Indicates when the insight was created.
[Justification <String>]
: Justification left by the reviewer when they made the decision.[Principal <IMicrosoftGraphIdentity>]
: identity[(Any) <Object>]
: This indicates any property can be added to this object.[DisplayName <String>]
: The display name of the identity.For drive items, the display name might not always be available or up to date. For example, if a user changes their display name the API might show the new value in a future response, but the items associated with the user don't show up as changed when using delta.[Id <String>]
: Unique identifier for the identity or actor. For example, in the access reviews decisions API, this property might record the id of the principal, that is, the group, user, or application that's subject to review.
[PrincipalLink <String>]
: A link to the principal object. For example, https://graph.microsoft.com/v1.0/users/a6c7aecb-cbfd-4763-87ef-e91b4bd509d9. Read-only.[Recommendation <String>]
: A system-generated recommendation for the approval decision based off last interactive sign-in to tenant. The value is Approve if the sign-in is fewer than 30 days after the start of review, Deny if the sign-in is greater than 30 days after, or NoInfoAvailable. Possible values: Approve, Deny, or NoInfoAvailable. Supports $select, $orderby, and $filter (eq only). Read-only.[Resource <IMicrosoftGraphAccessReviewInstanceDecisionItemResource>]
: accessReviewInstanceDecisionItemResource[(Any) <Object>]
: This indicates any property can be added to this object.[DisplayName <String>]
: Display name of the resource[Id <String>]
: Identifier of the resource[Type <String>]
: Type of resource. Types include: Group, ServicePrincipal, DirectoryRole, AzureRole, AccessPackageAssignmentPolicy.
[ResourceLink <String>]
: A link to the resource. For example, https://graph.microsoft.com/v1.0/servicePrincipals/c86300f3-8695-4320-9f6e-32a2555f5ff8. Supports $select. Read-only.[ReviewedBy <IMicrosoftGraphUserIdentity>]
: userIdentity[ReviewedDateTime <DateTime?>]
: The timestamp when the review decision occurred. Supports $select. Read-only.
FALLBACKREVIEWERS <IMicrosoftGraphAccessReviewReviewerScope- []
>: This collection of reviewer scopes is used to define the list of fallback reviewers.
These fallback reviewers will be notified to take action if no users are found from the list of reviewers specified.
This could occur when either the group owner is specified as the reviewer but the group owner does not exist, or manager is specified as reviewer but a user's manager does not exist.
Supports $select.
[Query <String>]
: The query specifying who will be the reviewer.[QueryRoot <String>]
: In the scenario where reviewers need to be specified dynamically, this property is used to indicate the relative source of the query. This property is only required if a relative query, for example, ./manager, is specified. Possible value: decisions.[QueryType <String>]
: The type of query. Examples include MicrosoftGraph and ARM.
INPUTOBJECT <IIdentityGovernanceIdentity>
: Identity Parameter
[AccessPackageAssignmentId <String>]
: The unique identifier of accessPackageAssignment[AccessPackageAssignmentPolicyId <String>]
: The unique identifier of accessPackageAssignmentPolicy[AccessPackageAssignmentRequestId <String>]
: The unique identifier of accessPackageAssignmentRequest[AccessPackageCatalogId <String>]
: The unique identifier of accessPackageCatalog[AccessPackageId <String>]
: The unique identifier of accessPackage[AccessPackageId1 <String>]
: The unique identifier of accessPackage[AccessPackageQuestionId <String>]
: The unique identifier of accessPackageQuestion[AccessPackageResourceEnvironmentId <String>]
: The unique identifier of accessPackageResourceEnvironment[AccessPackageResourceId <String>]
: The unique identifier of accessPackageResource[AccessPackageResourceRequestId <String>]
: The unique identifier of accessPackageResourceRequest[AccessPackageResourceRoleId <String>]
: The unique identifier of accessPackageResourceRole[AccessPackageResourceRoleId1 <String>]
: The unique identifier of accessPackageResourceRole[AccessPackageResourceRoleScopeId <String>]
: The unique identifier of accessPackageResourceRoleScope[AccessPackageResourceScopeId <String>]
: The unique identifier of accessPackageResourceScope[AccessPackageResourceScopeId1 <String>]
: The unique identifier of accessPackageResourceScope[AccessReviewHistoryDefinitionId <String>]
: The unique identifier of accessReviewHistoryDefinition[AccessReviewHistoryInstanceId <String>]
: The unique identifier of accessReviewHistoryInstance[AccessReviewInstanceDecisionItemId <String>]
: The unique identifier of accessReviewInstanceDecisionItem[AccessReviewInstanceId <String>]
: The unique identifier of accessReviewInstance[AccessReviewReviewerId <String>]
: The unique identifier of accessReviewReviewer[AccessReviewScheduleDefinitionId <String>]
: The unique identifier of accessReviewScheduleDefinition[AccessReviewStageId <String>]
: The unique identifier of accessReviewStage[AgreementAcceptanceId <String>]
: The unique identifier of agreementAcceptance[AgreementFileLocalizationId <String>]
: The unique identifier of agreementFileLocalization[AgreementFileVersionId <String>]
: The unique identifier of agreementFileVersion[AgreementId <String>]
: The unique identifier of agreement[AppConsentRequestId <String>]
: The unique identifier of appConsentRequest[ApprovalId <String>]
: The unique identifier of approval[ApprovalStageId <String>]
: The unique identifier of approvalStage[ConnectedOrganizationId <String>]
: The unique identifier of connectedOrganization[CustomCalloutExtensionId <String>]
: The unique identifier of customCalloutExtension[CustomExtensionStageSettingId <String>]
: The unique identifier of customExtensionStageSetting[CustomTaskExtensionId <String>]
: The unique identifier of customTaskExtension[DirectoryObjectId <String>]
: The unique identifier of directoryObject[EndDateTime <DateTime?>]
: Usage: endDateTime={endDateTime}[GovernanceInsightId <String>]
: The unique identifier of governanceInsight[IncompatibleAccessPackageId <String>]
: Usage: incompatibleAccessPackageId='{incompatibleAccessPackageId}'[On <String>]
: Usage: on='{on}'[PrivilegedAccessGroupAssignmentScheduleId <String>]
: The unique identifier of privilegedAccessGroupAssignmentSchedule[PrivilegedAccessGroupAssignmentScheduleInstanceId <String>]
: The unique identifier of privilegedAccessGroupAssignmentScheduleInstance[PrivilegedAccessGroupAssignmentScheduleRequestId <String>]
: The unique identifier of privilegedAccessGroupAssignmentScheduleRequest[PrivilegedAccessGroupEligibilityScheduleId <String>]
: The unique identifier of privilegedAccessGroupEligibilitySchedule[PrivilegedAccessGroupEligibilityScheduleInstanceId <String>]
: The unique identifier of privilegedAccessGroupEligibilityScheduleInstance[PrivilegedAccessGroupEligibilityScheduleRequestId <String>]
: The unique identifier of privilegedAccessGroupEligibilityScheduleRequest[RunId <String>]
: The unique identifier of run[StartDateTime <DateTime?>]
: Usage: startDateTime={startDateTime}[TaskDefinitionId <String>]
: The unique identifier of taskDefinition[TaskId <String>]
: The unique identifier of task[TaskProcessingResultId <String>]
: The unique identifier of taskProcessingResult[TaskReportId <String>]
: The unique identifier of taskReport[UnifiedRbacResourceActionId <String>]
: The unique identifier of unifiedRbacResourceAction[UnifiedRbacResourceNamespaceId <String>]
: The unique identifier of unifiedRbacResourceNamespace[UnifiedRoleAssignmentId <String>]
: The unique identifier of unifiedRoleAssignment[UnifiedRoleAssignmentScheduleId <String>]
: The unique identifier of unifiedRoleAssignmentSchedule[UnifiedRoleAssignmentScheduleInstanceId <String>]
: The unique identifier of unifiedRoleAssignmentScheduleInstance[UnifiedRoleAssignmentScheduleRequestId <String>]
: The unique identifier of unifiedRoleAssignmentScheduleRequest[UnifiedRoleDefinitionId <String>]
: The unique identifier of unifiedRoleDefinition[UnifiedRoleDefinitionId1 <String>]
: The unique identifier of unifiedRoleDefinition[UnifiedRoleEligibilityScheduleId <String>]
: The unique identifier of unifiedRoleEligibilitySchedule[UnifiedRoleEligibilityScheduleInstanceId <String>]
: The unique identifier of unifiedRoleEligibilityScheduleInstance[UnifiedRoleEligibilityScheduleRequestId <String>]
: The unique identifier of unifiedRoleEligibilityScheduleRequest[UserConsentRequestId <String>]
: The unique identifier of userConsentRequest[UserId <String>]
: The unique identifier of user[UserProcessingResultId <String>]
: The unique identifier of userProcessingResult[WorkflowId <String>]
: The unique identifier of workflow[WorkflowTemplateId <String>]
: The unique identifier of workflowTemplate[WorkflowVersionNumber <Int32?>]
: The unique identifier of workflowVersion
REVIEWERS <IMicrosoftGraphAccessReviewReviewerScope- []
>: This collection of access review scopes is used to define who the reviewers are.
Supports $select.
For examples of options for assigning reviewers, see Assign reviewers to your access review definition using the Microsoft Graph API.
[Query <String>]
: The query specifying who will be the reviewer.[QueryRoot <String>]
: In the scenario where reviewers need to be specified dynamically, this property is used to indicate the relative source of the query. This property is only required if a relative query, for example, ./manager, is specified. Possible value: decisions.[QueryType <String>]
: The type of query. Examples include MicrosoftGraph and ARM.
STAGES <IMicrosoftGraphAccessReviewStage- []
>: If the instance has multiple stages, this returns the collection of stages.
A new stage will only be created when the previous stage ends.
The existence, number, and settings of stages on a review instance are created based on the accessReviewStageSettings on the parent accessReviewScheduleDefinition.
[Id <String>]
: The unique identifier for an entity. Read-only.[Decisions <IMicrosoftGraphAccessReviewInstanceDecisionItem-
[]>]
: Each user reviewed in an accessReviewStage has a decision item representing if they were approved, denied, or not yet reviewed.[Id <String>]
: The unique identifier for an entity. Read-only.[AccessReviewId <String>]
: The identifier of the accessReviewInstance parent. Supports $select. Read-only.[AppliedBy <IMicrosoftGraphUserIdentity>]
: userIdentity[(Any) <Object>]
: This indicates any property can be added to this object.[DisplayName <String>]
: The display name of the identity.For drive items, the display name might not always be available or up to date. For example, if a user changes their display name the API might show the new value in a future response, but the items associated with the user don't show up as changed when using delta.[Id <String>]
: Unique identifier for the identity or actor. For example, in the access reviews decisions API, this property might record the id of the principal, that is, the group, user, or application that's subject to review.[IPAddress <String>]
: Indicates the client IP address associated with the user performing the activity (audit log only).[UserPrincipalName <String>]
: The userPrincipalName attribute of the user.
[AppliedDateTime <DateTime?>]
: The timestamp when the approval decision was applied.00000000-0000-0000-0000-000000000000 if the assigned reviewer hasn't applied the decision or it was automatically applied. The DatetimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Supports $select. Read-only.[ApplyResult <String>]
: The result of applying the decision. Possible values: New, AppliedSuccessfully, AppliedWithUnknownFailure, AppliedSuccessfullyButObjectNotFound and ApplyNotSupported. Supports $select, $orderby, and $filter (eq only). Read-only.[Decision <String>]
: Result of the review. Possible values: Approve, Deny, NotReviewed, or DontKnow. Supports $select, $orderby, and $filter (eq only).[Insights <IMicrosoftGraphGovernanceInsight-
[]>]
: Insights are recommendations to reviewers on whether to approve or deny a decision. There can be multiple insights associated with an accessReviewInstanceDecisionItem.[Id <String>]
: The unique identifier for an entity. Read-only.[InsightCreatedDateTime <DateTime?>]
: Indicates when the insight was created.
[Justification <String>]
: Justification left by the reviewer when they made the decision.[Principal <IMicrosoftGraphIdentity>]
: identity[(Any) <Object>]
: This indicates any property can be added to this object.[DisplayName <String>]
: The display name of the identity.For drive items, the display name might not always be available or up to date. For example, if a user changes their display name the API might show the new value in a future response, but the items associated with the user don't show up as changed when using delta.[Id <String>]
: Unique identifier for the identity or actor. For example, in the access reviews decisions API, this property might record the id of the principal, that is, the group, user, or application that's subject to review.
[PrincipalLink <String>]
: A link to the principal object. For example, https://graph.microsoft.com/v1.0/users/a6c7aecb-cbfd-4763-87ef-e91b4bd509d9. Read-only.[Recommendation <String>]
: A system-generated recommendation for the approval decision based off last interactive sign-in to tenant. The value is Approve if the sign-in is fewer than 30 days after the start of review, Deny if the sign-in is greater than 30 days after, or NoInfoAvailable. Possible values: Approve, Deny, or NoInfoAvailable. Supports $select, $orderby, and $filter (eq only). Read-only.[Resource <IMicrosoftGraphAccessReviewInstanceDecisionItemResource>]
: accessReviewInstanceDecisionItemResource[(Any) <Object>]
: This indicates any property can be added to this object.[DisplayName <String>]
: Display name of the resource[Id <String>]
: Identifier of the resource[Type <String>]
: Type of resource. Types include: Group, ServicePrincipal, DirectoryRole, AzureRole, AccessPackageAssignmentPolicy.
[ResourceLink <String>]
: A link to the resource. For example, https://graph.microsoft.com/v1.0/servicePrincipals/c86300f3-8695-4320-9f6e-32a2555f5ff8. Supports $select. Read-only.[ReviewedBy <IMicrosoftGraphUserIdentity>]
: userIdentity[ReviewedDateTime <DateTime?>]
: The timestamp when the review decision occurred. Supports $select. Read-only.
[EndDateTime <DateTime?>]
: The date and time in ISO 8601 format and UTC time when the review stage is scheduled to end. This property is the cumulative total of the durationInDays for all stages. Read-only.[FallbackReviewers <IMicrosoftGraphAccessReviewReviewerScope-
[]>]
: This collection of reviewer scopes is used to define the list of fallback reviewers. These fallback reviewers are notified to take action if no users are found from the list of reviewers specified. This could occur when either the group owner is specified as the reviewer but the group owner doesn't exist, or manager is specified as reviewer but a user's manager doesn't exist.[Query <String>]
: The query specifying who will be the reviewer.[QueryRoot <String>]
: In the scenario where reviewers need to be specified dynamically, this property is used to indicate the relative source of the query. This property is only required if a relative query, for example, ./manager, is specified. Possible value: decisions.[QueryType <String>]
: The type of query. Examples include MicrosoftGraph and ARM.
[Reviewers <IMicrosoftGraphAccessReviewReviewerScope-
[]>]
: This collection of access review scopes is used to define who the reviewers are. For examples of options for assigning reviewers, see Assign reviewers to your access review definition using the Microsoft Graph API.[StartDateTime <DateTime?>]
: The date and time in ISO 8601 format and UTC time when the review stage is scheduled to start. Read-only.[Status <String>]
: Specifies the status of an accessReviewStage. Possible values: Initializing, NotStarted, Starting, InProgress, Completing, Completed, AutoReviewing, and AutoReviewed. Supports $orderby, and $filter (eq only). Read-only.
RELATED LINKS
https://zcusa.951200.xyz/graph/api/accessreviewinstance-update?view=graph-rest-1.0