Escolha a permissão ou permissões marcadas como menos privilegiadas para esta API. Utilize uma permissão ou permissões com privilégios mais elevados apenas se a sua aplicação o exigir. Para obter detalhes sobre as permissões delegadas e de aplicação, veja Tipos de permissão. Para saber mais sobre estas permissões, veja a referência de permissões.
Tipo de permissão
Permissões com menos privilégios
Permissões com privilégios superiores
Delegado (conta corporativa ou de estudante)
AccessReview.ReadWrite.All
Indisponível.
Delegado (conta pessoal da Microsoft)
Sem suporte.
Sem suporte.
Application
AccessReview.ReadWrite.All
Indisponível.
Importante
Em cenários delegados com contas escolares ou profissionais, o utilizador com sessão iniciada tem de ter uma função de Microsoft Entra suportada ou uma função personalizada com uma permissão de função suportada. As seguintes funções com menos privilégios são suportadas para esta operação.
Para escrever revisões de acesso de um grupo ou aplicação: Administrador de Utilizadores, Administrador de Governação de Identidades
Para escrever revisões de acesso de uma função de Microsoft Entra: Administrador de Governação de Identidades, Administrador de Funções Com Privilégios
Solicitação HTTP
POST /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/batchRecordDecisions
Decisão de acesso para a entidade que está a ser revista. Os valores possíveis são: Approve, Deny, NotReviewed, DontKnow. Obrigatório.
justificação
Cadeia de caracteres
Contexto da revisão fornecida aos administradores. Necessário se a justificaçãoRequiredOnApproval da propriedade de definições do accessReviewScheduleDefinition for true .
principalId
Cadeia de caracteres
Se for fornecido, todos os accessReviewInstanceDecisionItems com valoresde principalId correspondentes serão revistos neste lote. Se não for fornecido, todos os accessReviewInstanceDecisionItems serão revistos .
resourceId
Cadeia de caracteres
Se for fornecido, todos os accessReviewInstanceDecisionItems com resourceId correspondente serão revistos neste lote. Se não for fornecido, todos os accessReviewInstanceDecisionItems serão revistos .
Resposta
Se tiver êxito, esta ação retornará um código de resposta 204 No Content.
POST https://graph.microsoft.com/v1.0/identityGovernance/accessReviews/definitions/e6cafba0-cbf0-4748-8868-0810c7f4cc06/instances/1234fba0-cbf0-6778-8868-9999c7f4cc06/batchRecordDecisions
Content-type: application/json
{
"decision": "Approve",
"justification": "All principals with access need continued access to the resource (Marketing Group) as all the principals are on the marketing team",
"resourceId": "a5c51e59-3fcd-4a37-87a1-835c0c21488a"
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.IdentityGovernance.AccessReviews.Definitions.Item.Instances.Item.BatchRecordDecisions;
var requestBody = new BatchRecordDecisionsPostRequestBody
{
Decision = "Approve",
Justification = "All principals with access need continued access to the resource (Marketing Group) as all the principals are on the marketing team",
ResourceId = "a5c51e59-3fcd-4a37-87a1-835c0c21488a",
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
await graphClient.IdentityGovernance.AccessReviews.Definitions["{accessReviewScheduleDefinition-id}"].Instances["{accessReviewInstance-id}"].BatchRecordDecisions.PostAsync(requestBody);
mgc identity-governance access-reviews definitions instances batch-record-decisions post --access-review-schedule-definition-id {accessReviewScheduleDefinition-id} --access-review-instance-id {accessReviewInstance-id} --body '{\
"decision": "Approve",\
"justification": "All principals with access need continued access to the resource (Marketing Group) as all the principals are on the marketing team",\
"resourceId": "a5c51e59-3fcd-4a37-87a1-835c0c21488a"\
}\
'
// Code snippets are only available for the latest major version. Current major version is $v1.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
graphidentitygovernance "github.com/microsoftgraph/msgraph-sdk-go/identitygovernance"
//other-imports
)
requestBody := graphidentitygovernance.NewBatchRecordDecisionsPostRequestBody()
decision := "Approve"
requestBody.SetDecision(&decision)
justification := "All principals with access need continued access to the resource (Marketing Group) as all the principals are on the marketing team"
requestBody.SetJustification(&justification)
resourceId := "a5c51e59-3fcd-4a37-87a1-835c0c21488a"
requestBody.SetResourceId(&resourceId)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
graphClient.IdentityGovernance().AccessReviews().Definitions().ByAccessReviewScheduleDefinitionId("accessReviewScheduleDefinition-id").Instances().ByAccessReviewInstanceId("accessReviewInstance-id").BatchRecordDecisions().Post(context.Background(), requestBody, nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
com.microsoft.graph.identitygovernance.accessreviews.definitions.item.instances.item.batchrecorddecisions.BatchRecordDecisionsPostRequestBody batchRecordDecisionsPostRequestBody = new com.microsoft.graph.identitygovernance.accessreviews.definitions.item.instances.item.batchrecorddecisions.BatchRecordDecisionsPostRequestBody();
batchRecordDecisionsPostRequestBody.setDecision("Approve");
batchRecordDecisionsPostRequestBody.setJustification("All principals with access need continued access to the resource (Marketing Group) as all the principals are on the marketing team");
batchRecordDecisionsPostRequestBody.setResourceId("a5c51e59-3fcd-4a37-87a1-835c0c21488a");
graphClient.identityGovernance().accessReviews().definitions().byAccessReviewScheduleDefinitionId("{accessReviewScheduleDefinition-id}").instances().byAccessReviewInstanceId("{accessReviewInstance-id}").batchRecordDecisions().post(batchRecordDecisionsPostRequestBody);
const options = {
authProvider,
};
const client = Client.init(options);
const batchRecordDecisions = {
decision: 'Approve',
justification: 'All principals with access need continued access to the resource (Marketing Group) as all the principals are on the marketing team',
resourceId: 'a5c51e59-3fcd-4a37-87a1-835c0c21488a'
};
await client.api('/identityGovernance/accessReviews/definitions/e6cafba0-cbf0-4748-8868-0810c7f4cc06/instances/1234fba0-cbf0-6778-8868-9999c7f4cc06/batchRecordDecisions')
.post(batchRecordDecisions);
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\IdentityGovernance\AccessReviews\Definitions\Item\Instances\Item\BatchRecordDecisions\BatchRecordDecisionsPostRequestBody;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new BatchRecordDecisionsPostRequestBody();
$requestBody->setDecision('Approve');
$requestBody->setJustification('All principals with access need continued access to the resource (Marketing Group) as all the principals are on the marketing team');
$requestBody->setResourceId('a5c51e59-3fcd-4a37-87a1-835c0c21488a');
$graphServiceClient->identityGovernance()->accessReviews()->definitions()->byAccessReviewScheduleDefinitionId('accessReviewScheduleDefinition-id')->instances()->byAccessReviewInstanceId('accessReviewInstance-id')->batchRecordDecisions()->post($requestBody)->wait();
Import-Module Microsoft.Graph.Identity.Governance
$params = @{
decision = "Approve"
justification = "All principals with access need continued access to the resource (Marketing Group) as all the principals are on the marketing team"
resourceId = "a5c51e59-3fcd-4a37-87a1-835c0c21488a"
}
Invoke-MgBatchIdentityGovernanceAccessReviewDefinitionInstanceRecordDecision -AccessReviewScheduleDefinitionId $accessReviewScheduleDefinitionId -AccessReviewInstanceId $accessReviewInstanceId -BodyParameter $params
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.identitygovernance.accessreviews.definitions.item.instances.item.batch_record_decisions.batch_record_decisions_post_request_body import BatchRecordDecisionsPostRequestBody
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = BatchRecordDecisionsPostRequestBody(
decision = "Approve",
justification = "All principals with access need continued access to the resource (Marketing Group) as all the principals are on the marketing team",
resource_id = "a5c51e59-3fcd-4a37-87a1-835c0c21488a",
)
await graph_client.identity_governance.access_reviews.definitions.by_access_review_schedule_definition_id('accessReviewScheduleDefinition-id').instances.by_access_review_instance_id('accessReviewInstance-id').batch_record_decisions.post(request_body)