创建 historyDefinitions
本文内容
命名空间:microsoft.graph
创建新的 accessReviewHistoryDefinition 对象。
此 API 可用于以下国家级云部署 。
全局服务
美国政府 L4
美国政府 L5 (DOD)
由世纪互联运营的中国
✅
✅
✅
✅
权限
为此 API 选择标记为最低特权的权限。
只有在应用需要它时 ,才使用更高的特权权限。 有关委派权限和应用程序权限的详细信息,请参阅权限类型 。 要了解有关这些权限的详细信息,请参阅 权限参考 。
权限类型
最低特权权限
更高特权权限
委派(工作或学校帐户)
AccessReview.ReadWrite.All
不可用。
委派(个人 Microsoft 帐户)
不支持。
不支持。
应用程序
AccessReview.ReadWrite.All
不可用。
重要
在具有工作或学校帐户的委托方案中,必须为登录用户分配受支持的Microsoft Entra角色 或具有支持的角色权限的自定义角色。 此操作支持以下最低特权角色。
若要编写组或应用的访问评审,请执行以下操作: 用户管理员 、 标识治理管理员
若要编写Microsoft Entra角色的访问评审,请执行以下操作:标识治理管理员 、特权角色管理员
HTTP 请求
POST /identityGovernance/accessReviews/historyDefinitions
名称
说明
Authorization
持有者 {token}。 必填。 详细了解 身份验证和授权 。
Content-Type
application/json. 必需。
请求正文
在请求正文中,提供 accessReviewHistoryDefinition 对象的 JSON 表示形式。
下表显示了用于创建 accessReviewHistoryDefinition 的必需属性。
属性
类型
说明
displayName
String
访问评审历史记录数据收集的名称。 必填。
reviewHistoryPeriodStartDateTime
DateTimeOffset
时间戳。 从此日期开始或之后的评审将包含在提取的历史记录数据中。 仅当未定义 scheduleSettings 时才需要。
reviewHistoryPeriodEndDateTime
DateTimeOffset
时间戳。 从此日期开始或之前开始的审阅将包含在提取的历史记录数据中。 仅当未定义 scheduleSettings 时才需要。
scopes
accessReviewQueryScope 集合
用于筛选提取的历史记录数据中包含的评审。 提取其范围与此提供的范围匹配的评审。 必填。 有关详细信息,请参阅 accessReviewHistoryDefinition 支持的范围查询 。
scheduleSettings
accessReviewHistoryScheduleSettings
尚不支持。 定期访问评审历史记录定义系列的设置。 仅当未定义 reviewHistoryPeriodStartDateTime 或 reviewHistoryPeriodEndDateTime 时才需要。
accessReviewHistoryDefinition 支持的范围查询
accessReviewHistoryDefinition 的 scopes 属性基于 accessReviewQueryScope ,该资源允许在查询属性中 配置不同的资源。 然后,这些资源表示历史记录定义的范围,并指定在创建历史记录定义的 accessReviewHistoryInstances 时生成的可下载 CSV 文件中包含的审阅历史记录数据的类型。
$filter
accessReviewScheduleDefinition 的 scope 属性支持使用 contains
运算符的查询参数。 对请求使用以下格式:
/identityGovernance/accessReviews/definitions?$filter=contains(scope/microsoft.graph.accessReviewQueryScope/query, '{object}')
可以 {object}
具有以下值之一:
值
说明
/groups
列出单个组的每个 accessReviewScheduleDefinition (不包括作用域为来宾) 的所有Microsoft 365 个组的定义。
/groups/{group id}
列出特定组的每个 accessReviewScheduleDefinition (不包括作用域为来宾) 的所有Microsoft 365 个组的定义。
./members
列出每个 accessReviewScheduleDefinition 作用域为包含来宾的所有Microsoft 365 个组。
accessPackageAssignments
列出访问包上的每个 accessReviewScheduleDefinition。
roleAssignmentScheduleInstances
列出分配给特权角色的主体的每个 accessReviewScheduleDefinition。
$filter
accessReviewInactiveUserQueryScope 或 principalResourceMembershipScope 不支持查询参数。
响应
如果成功,此方法在响应正文中返回响应 201 Created
代码和 accessReviewHistoryDefinition 对象。
示例
以下示例演示如何创建访问评审历史记录定义,该定义的范围限定为访问包和组的访问评审,该定义在开始日期 01/01/2021 和结束日期 04/05/2021 之间运行。
请求
POST https://graph.microsoft.com/v1.0/identityGovernance/accessReviews/historyDefinitions
Content-Type: application/json
{
"displayName": "Last quarter's group reviews April 2021",
"decisions": [
"approve",
"deny",
"dontKnow",
"notReviewed",
"notNotified"
],
"reviewHistoryPeriodStartDateTime": "2021-01-01T00:00:00Z",
"reviewHistoryPeriodEndDateTime": "2021-04-30T23:59:59Z",
"scopes": [
{
"@odata.type": "#microsoft.graph.accessReviewQueryScope",
"queryType": "MicrosoftGraph",
"query": "/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, 'accessPackageAssignments')",
"queryRoot": null
},
{
"@odata.type": "#microsoft.graph.accessReviewQueryScope",
"queryType": "MicrosoftGraph",
"query": "/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, '/groups')",
"queryRoot": null
}
]
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Models;
var requestBody = new AccessReviewHistoryDefinition
{
DisplayName = "Last quarter's group reviews April 2021",
Decisions = new List<AccessReviewHistoryDecisionFilter?>
{
AccessReviewHistoryDecisionFilter.Approve,
AccessReviewHistoryDecisionFilter.Deny,
AccessReviewHistoryDecisionFilter.DontKnow,
AccessReviewHistoryDecisionFilter.NotReviewed,
AccessReviewHistoryDecisionFilter.NotNotified,
},
ReviewHistoryPeriodStartDateTime = DateTimeOffset.Parse("2021-01-01T00:00:00Z"),
ReviewHistoryPeriodEndDateTime = DateTimeOffset.Parse("2021-04-30T23:59:59Z"),
Scopes = new List<AccessReviewScope>
{
new AccessReviewQueryScope
{
OdataType = "#microsoft.graph.accessReviewQueryScope",
QueryType = "MicrosoftGraph",
Query = "/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, 'accessPackageAssignments')",
QueryRoot = null,
},
new AccessReviewQueryScope
{
OdataType = "#microsoft.graph.accessReviewQueryScope",
QueryType = "MicrosoftGraph",
Query = "/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, '/groups')",
QueryRoot = null,
},
},
};
// To initialize your graphClient, see https://zcusa.951200.xyz/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.AccessReviews.HistoryDefinitions.PostAsync(requestBody);
有关如何将 SDK 添加 到项目并创建 authProvider 实例的详细信息,请参阅 SDK 文档 。
mgc identity-governance access-reviews history-definitions create --body '{\
"displayName": "Last quarter's group reviews April 2021",\
"decisions": [\
"approve",\
"deny",\
"dontKnow",\
"notReviewed",\
"notNotified"\
],\
"reviewHistoryPeriodStartDateTime": "2021-01-01T00:00:00Z",\
"reviewHistoryPeriodEndDateTime": "2021-04-30T23:59:59Z",\
"scopes": [\
{\
"@odata.type": "#microsoft.graph.accessReviewQueryScope",\
"queryType": "MicrosoftGraph", \
"query": "/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, 'accessPackageAssignments')",\
"queryRoot": null\
}, \
{\
"@odata.type": "#microsoft.graph.accessReviewQueryScope",\
"queryType": "MicrosoftGraph", \
"query": "/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, '/groups')",\
"queryRoot": null\
}\
]\
}\
'
有关如何将 SDK 添加 到项目并创建 authProvider 实例的详细信息,请参阅 SDK 文档 。
// Code snippets are only available for the latest major version. Current major version is $v1.*
// Dependencies
import (
"context"
"time"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewAccessReviewHistoryDefinition()
displayName := "Last quarter's group reviews April 2021"
requestBody.SetDisplayName(&displayName)
decisions := []graphmodels.AccessReviewHistoryDecisionFilterable {
accessReviewHistoryDecisionFilter := graphmodels.APPROVE_ACCESSREVIEWHISTORYDECISIONFILTER
requestBody.SetAccessReviewHistoryDecisionFilter(&accessReviewHistoryDecisionFilter)
accessReviewHistoryDecisionFilter := graphmodels.DENY_ACCESSREVIEWHISTORYDECISIONFILTER
requestBody.SetAccessReviewHistoryDecisionFilter(&accessReviewHistoryDecisionFilter)
accessReviewHistoryDecisionFilter := graphmodels.DONTKNOW_ACCESSREVIEWHISTORYDECISIONFILTER
requestBody.SetAccessReviewHistoryDecisionFilter(&accessReviewHistoryDecisionFilter)
accessReviewHistoryDecisionFilter := graphmodels.NOTREVIEWED_ACCESSREVIEWHISTORYDECISIONFILTER
requestBody.SetAccessReviewHistoryDecisionFilter(&accessReviewHistoryDecisionFilter)
accessReviewHistoryDecisionFilter := graphmodels.NOTNOTIFIED_ACCESSREVIEWHISTORYDECISIONFILTER
requestBody.SetAccessReviewHistoryDecisionFilter(&accessReviewHistoryDecisionFilter)
}
requestBody.SetDecisions(decisions)
reviewHistoryPeriodStartDateTime , err := time.Parse(time.RFC3339, "2021-01-01T00:00:00Z")
requestBody.SetReviewHistoryPeriodStartDateTime(&reviewHistoryPeriodStartDateTime)
reviewHistoryPeriodEndDateTime , err := time.Parse(time.RFC3339, "2021-04-30T23:59:59Z")
requestBody.SetReviewHistoryPeriodEndDateTime(&reviewHistoryPeriodEndDateTime)
accessReviewScope := graphmodels.NewAccessReviewQueryScope()
queryType := "MicrosoftGraph"
accessReviewScope.SetQueryType(&queryType)
query := "/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, 'accessPackageAssignments')"
accessReviewScope.SetQuery(&query)
queryRoot := null
accessReviewScope.SetQueryRoot(&queryRoot)
accessReviewScope1 := graphmodels.NewAccessReviewQueryScope()
queryType := "MicrosoftGraph"
accessReviewScope1.SetQueryType(&queryType)
query := "/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, '/groups')"
accessReviewScope1.SetQuery(&query)
queryRoot := null
accessReviewScope1.SetQueryRoot(&queryRoot)
scopes := []graphmodels.AccessReviewScopeable {
accessReviewScope,
accessReviewScope1,
}
requestBody.SetScopes(scopes)
// To initialize your graphClient, see https://zcusa.951200.xyz/en-us/graph/sdks/create-client?from=snippets&tabs=go
historyDefinitions, err := graphClient.IdentityGovernance().AccessReviews().HistoryDefinitions().Post(context.Background(), requestBody, nil)
有关如何将 SDK 添加 到项目并创建 authProvider 实例的详细信息,请参阅 SDK 文档 。
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
AccessReviewHistoryDefinition accessReviewHistoryDefinition = new AccessReviewHistoryDefinition();
accessReviewHistoryDefinition.setDisplayName("Last quarter's group reviews April 2021");
LinkedList<AccessReviewHistoryDecisionFilter> decisions = new LinkedList<AccessReviewHistoryDecisionFilter>();
decisions.add(AccessReviewHistoryDecisionFilter.Approve);
decisions.add(AccessReviewHistoryDecisionFilter.Deny);
decisions.add(AccessReviewHistoryDecisionFilter.DontKnow);
decisions.add(AccessReviewHistoryDecisionFilter.NotReviewed);
decisions.add(AccessReviewHistoryDecisionFilter.NotNotified);
accessReviewHistoryDefinition.setDecisions(decisions);
OffsetDateTime reviewHistoryPeriodStartDateTime = OffsetDateTime.parse("2021-01-01T00:00:00Z");
accessReviewHistoryDefinition.setReviewHistoryPeriodStartDateTime(reviewHistoryPeriodStartDateTime);
OffsetDateTime reviewHistoryPeriodEndDateTime = OffsetDateTime.parse("2021-04-30T23:59:59Z");
accessReviewHistoryDefinition.setReviewHistoryPeriodEndDateTime(reviewHistoryPeriodEndDateTime);
LinkedList<AccessReviewScope> scopes = new LinkedList<AccessReviewScope>();
AccessReviewQueryScope accessReviewScope = new AccessReviewQueryScope();
accessReviewScope.setOdataType("#microsoft.graph.accessReviewQueryScope");
accessReviewScope.setQueryType("MicrosoftGraph");
accessReviewScope.setQuery("/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, 'accessPackageAssignments')");
accessReviewScope.setQueryRoot(null);
scopes.add(accessReviewScope);
AccessReviewQueryScope accessReviewScope1 = new AccessReviewQueryScope();
accessReviewScope1.setOdataType("#microsoft.graph.accessReviewQueryScope");
accessReviewScope1.setQueryType("MicrosoftGraph");
accessReviewScope1.setQuery("/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, '/groups')");
accessReviewScope1.setQueryRoot(null);
scopes.add(accessReviewScope1);
accessReviewHistoryDefinition.setScopes(scopes);
AccessReviewHistoryDefinition result = graphClient.identityGovernance().accessReviews().historyDefinitions().post(accessReviewHistoryDefinition);
有关如何将 SDK 添加 到项目并创建 authProvider 实例的详细信息,请参阅 SDK 文档 。
const options = {
authProvider,
};
const client = Client.init(options);
const accessReviewHistoryDefinition = {
displayName: 'Last quarter\'s group reviews April 2021',
decisions: [
'approve',
'deny',
'dontKnow',
'notReviewed',
'notNotified'
],
reviewHistoryPeriodStartDateTime: '2021-01-01T00:00:00Z',
reviewHistoryPeriodEndDateTime: '2021-04-30T23:59:59Z',
scopes: [
{
'@odata.type': '#microsoft.graph.accessReviewQueryScope',
queryType: 'MicrosoftGraph',
query: '/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, \'accessPackageAssignments\')',
queryRoot: null
},
{
'@odata.type': '#microsoft.graph.accessReviewQueryScope',
queryType: 'MicrosoftGraph',
query: '/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, \'/groups\')',
queryRoot: null
}
]
};
await client.api('/identityGovernance/accessReviews/historyDefinitions')
.post(accessReviewHistoryDefinition);
有关如何将 SDK 添加 到项目并创建 authProvider 实例的详细信息,请参阅 SDK 文档 。
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\AccessReviewHistoryDefinition;
use Microsoft\Graph\Generated\Models\AccessReviewHistoryDecisionFilter;
use Microsoft\Graph\Generated\Models\AccessReviewScope;
use Microsoft\Graph\Generated\Models\AccessReviewQueryScope;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new AccessReviewHistoryDefinition();
$requestBody->setDisplayName('Last quarter\'s group reviews April 2021');
$requestBody->setDecisions([new AccessReviewHistoryDecisionFilter('approve'),new AccessReviewHistoryDecisionFilter('deny'),new AccessReviewHistoryDecisionFilter('dontKnow'),new AccessReviewHistoryDecisionFilter('notReviewed'),new AccessReviewHistoryDecisionFilter('notNotified'), ]);
$requestBody->setReviewHistoryPeriodStartDateTime(new \DateTime('2021-01-01T00:00:00Z'));
$requestBody->setReviewHistoryPeriodEndDateTime(new \DateTime('2021-04-30T23:59:59Z'));
$scopesAccessReviewScope1 = new AccessReviewQueryScope();
$scopesAccessReviewScope1->setOdataType('#microsoft.graph.accessReviewQueryScope');
$scopesAccessReviewScope1->setQueryType('MicrosoftGraph');
$scopesAccessReviewScope1->setQuery('/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, \'accessPackageAssignments\')');
$scopesAccessReviewScope1->setQueryRoot(null);
$scopesArray []= $scopesAccessReviewScope1;
$scopesAccessReviewScope2 = new AccessReviewQueryScope();
$scopesAccessReviewScope2->setOdataType('#microsoft.graph.accessReviewQueryScope');
$scopesAccessReviewScope2->setQueryType('MicrosoftGraph');
$scopesAccessReviewScope2->setQuery('/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, \'/groups\')');
$scopesAccessReviewScope2->setQueryRoot(null);
$scopesArray []= $scopesAccessReviewScope2;
$requestBody->setScopes($scopesArray);
$result = $graphServiceClient->identityGovernance()->accessReviews()->historyDefinitions()->post($requestBody)->wait();
有关如何将 SDK 添加 到项目并创建 authProvider 实例的详细信息,请参阅 SDK 文档 。
Import-Module Microsoft.Graph.Identity.Governance
$params = @{
displayName = "Last quarter's group reviews April 2021"
decisions = @(
"approve"
"deny"
"dontKnow"
"notReviewed"
"notNotified"
)
reviewHistoryPeriodStartDateTime = [System.DateTime]::Parse("2021-01-01T00:00:00Z")
reviewHistoryPeriodEndDateTime = [System.DateTime]::Parse("2021-04-30T23:59:59Z")
scopes = @(
@{
"@odata.type" = "#microsoft.graph.accessReviewQueryScope"
queryType = "MicrosoftGraph"
query = "/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, 'accessPackageAssignments')"
queryRoot = $null
}
@{
"@odata.type" = "#microsoft.graph.accessReviewQueryScope"
queryType = "MicrosoftGraph"
query = "/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, '/groups')"
queryRoot = $null
}
)
}
New-MgIdentityGovernanceAccessReviewHistoryDefinition -BodyParameter $params
有关如何将 SDK 添加 到项目并创建 authProvider 实例的详细信息,请参阅 SDK 文档 。
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.models.access_review_history_definition import AccessReviewHistoryDefinition
from msgraph.generated.models.access_review_history_decision_filter import AccessReviewHistoryDecisionFilter
from msgraph.generated.models.access_review_scope import AccessReviewScope
from msgraph.generated.models.access_review_query_scope import AccessReviewQueryScope
# To initialize your graph_client, see https://zcusa.951200.xyz/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = AccessReviewHistoryDefinition(
display_name = "Last quarter's group reviews April 2021",
decisions = [
AccessReviewHistoryDecisionFilter.Approve,
AccessReviewHistoryDecisionFilter.Deny,
AccessReviewHistoryDecisionFilter.DontKnow,
AccessReviewHistoryDecisionFilter.NotReviewed,
AccessReviewHistoryDecisionFilter.NotNotified,
],
review_history_period_start_date_time = "2021-01-01T00:00:00Z",
review_history_period_end_date_time = "2021-04-30T23:59:59Z",
scopes = [
AccessReviewQueryScope(
odata_type = "#microsoft.graph.accessReviewQueryScope",
query_type = "MicrosoftGraph",
query = "/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, 'accessPackageAssignments')",
query_root = None,
),
AccessReviewQueryScope(
odata_type = "#microsoft.graph.accessReviewQueryScope",
query_type = "MicrosoftGraph",
query = "/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, '/groups')",
query_root = None,
),
],
)
result = await graph_client.identity_governance.access_reviews.history_definitions.post(request_body)
有关如何将 SDK 添加 到项目并创建 authProvider 实例的详细信息,请参阅 SDK 文档 。
响应
注意: 为了提高可读性,可能缩短了此处显示的响应对象。
HTTP/1.1 201 Created
Content-Type: application/json
{
"@odata.type": "#microsoft.graph.accessReviewHistoryDefinition",
"id": "b2cb022f-b7e1-40f3-9854-c65a40861c38",
"displayName": "Last quarter's group reviews April 2021",
"reviewHistoryPeriodStartDateTime": "2021-01-01T00:00:00Z",
"reviewHistoryPeriodEndDateTime": "2021-04-30T23:59:59Z",
"decisions": [
"approve",
"deny",
"dontKnow",
"notReviewed",
"notNotified"
],
"status": "requested",
"createdDateTime": "2021-04-14T00:22:48.9392594Z",
"createdBy": {
"id": "957f1027-c0ee-460d-9269-b8444459e0fe",
"displayName": "MOD Administrator",
"userPrincipalName": "admin@contoso.com"
},
"scopes": [
{
"@odata.type": "#microsoft.graph.accessReviewQueryScope",
"queryType": "MicrosoftGraph",
"query": "/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, 'accessPackageAssignments')",
"queryRoot": null
},
{
"@odata.type": "#microsoft.graph.accessReviewQueryScope",
"queryType": "MicrosoftGraph",
"query": "/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, '/groups')",
"queryRoot": null
}
]
}