命名空间:microsoft.graph
在等待来自自定义扩展的回调后恢复用户的访问包请求。
在Microsoft Entra权利管理中,如果启用了访问包策略来调用自定义扩展,并且请求处理正在等待客户的回调,则客户可以启动恢复操作。 它在 requestStatus 处于状态WaitingForCallback的 accessPackageAssignmentRequest 对象上执行。
此 API 可用于以下国家级云部署。
| 全局服务 |
美国政府 L4 |
美国政府 L5 (DOD) |
由世纪互联运营的中国 |
| ✅ |
❌ |
❌ |
❌ |
权限
为此 API 选择标记为最低特权的权限。
只有在应用需要它时,才使用更高的特权权限。 有关委派权限和应用程序权限的详细信息,请参阅权限类型。 要了解有关这些权限的详细信息,请参阅 权限参考。
| 权限类型 |
最低特权权限 |
更高特权权限 |
| 委派(工作或学校帐户) |
EntitlementManagement.ReadWrite.All |
不可用。 |
| 委派(个人 Microsoft 帐户) |
不支持。 |
不支持。 |
| 应用程序 |
EntitlementManagement.ReadWrite.All |
不可用。 |
提示
在具有工作或学校帐户的委托方案中,还必须通过以下选项之一为已登录用户分配具有支持的角色权限的管理员角色:
在仅限应用的情况下,可为调用应用分配上述受支持的角色之一,而不是 EntitlementManagement.ReadWrite.All 应用程序权限。
访问包分配管理员角色的特权低于EntitlementManagement.ReadWrite.All应用程序权限。
有关详细信息,请参阅 权利管理中的委派和角色 以及如何 在权利管理中将访问管理委托给访问包管理员。
HTTP 请求
POST /identityGovernance/entitlementManagement/assignmentRequests/{accessPackageAssignmentRequestId}/resume
| 名称 |
说明 |
| Authorization |
持有者 {token}。 必填。 详细了解 身份验证和授权。 |
| Content-Type |
application/json. 必需。 |
请求正文
在请求正文中,提供参数的 JSON 表示形式。
下表显示了可用于此操作的参数。
| 参数 |
类型 |
说明 |
| source |
String |
来自客户尝试恢复请求的源,请求可以存储在服务中,并且有助于审核。 |
| type |
String |
指示在哪个阶段执行自定义标注扩展。 可能的值为: microsoft.graph.accessPackageCustomExtensionStage.assignmentRequestCreated、 microsoft.graph.accessPackageCustomExtensionStage.assignmentRequestApproved、、 microsoft.graph.accessPackageCustomExtensionStage.assignmentRequestGranted、 microsoft.graph.accessPackageCustomExtensionStage.assignmentRequestRemoved |
| data |
accessPackageAssignmentRequestCallbackData |
包含有关对客户终结点进行的标注实例的信息。 |
响应
如果成功,此操作返回 204 No Content 响应代码。
示例
示例 1:恢复访问包分配请求
请求
以下示例演示调用的请求,以恢复正在等待回调的访问包分配请求。
POST https://graph.microsoft.com/v1.0/identityGovernance/entitlementManagement/assignmentRequests/0e60f18c-b2a0-4887-9da8-da2e30a39d99/resume
Content-Type: application/json
{
"source": "Contoso.SodCheckProcess",
"type": "microsoft.graph.accessPackageCustomExtensionStage.assignmentRequestCreated",
"data": {
"@odata.type": "microsoft.graph.accessPackageAssignmentRequestCallbackData",
"stage": "assignmentRequestCreated",
"customExtensionStageInstanceId": "957d0c50-466b-4840-bb5b-c92cea7141ff",
"customExtensionStageInstanceDetail": "This user is all verified"
}
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.IdentityGovernance.EntitlementManagement.AssignmentRequests.Item.Resume;
using Microsoft.Graph.Models;
var requestBody = new ResumePostRequestBody
{
Source = "Contoso.SodCheckProcess",
Type = "microsoft.graph.accessPackageCustomExtensionStage.assignmentRequestCreated",
Data = new AccessPackageAssignmentRequestCallbackData
{
OdataType = "microsoft.graph.accessPackageAssignmentRequestCallbackData",
Stage = AccessPackageCustomExtensionStage.AssignmentRequestCreated,
CustomExtensionStageInstanceId = "957d0c50-466b-4840-bb5b-c92cea7141ff",
CustomExtensionStageInstanceDetail = "This user is all verified",
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
await graphClient.IdentityGovernance.EntitlementManagement.AssignmentRequests["{accessPackageAssignmentRequest-id}"].Resume.PostAsync(requestBody);
有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息,请参阅 SDK 文档。
mgc identity-governance entitlement-management assignment-requests resume post --access-package-assignment-request-id {accessPackageAssignmentRequest-id} --body '{\
"source": "Contoso.SodCheckProcess",\
"type": "microsoft.graph.accessPackageCustomExtensionStage.assignmentRequestCreated",\
"data": {\
"@odata.type": "microsoft.graph.accessPackageAssignmentRequestCallbackData",\
"stage": "assignmentRequestCreated",\
"customExtensionStageInstanceId": "957d0c50-466b-4840-bb5b-c92cea7141ff",\
"customExtensionStageInstanceDetail": "This user is all verified"\
}\
}\
'
有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息,请参阅 SDK 文档。
// Code snippets are only available for the latest major version. Current major version is $v1.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
graphidentitygovernance "github.com/microsoftgraph/msgraph-sdk-go/identitygovernance"
graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
//other-imports
)
requestBody := graphidentitygovernance.NewResumePostRequestBody()
source := "Contoso.SodCheckProcess"
requestBody.SetSource(&source)
type := "microsoft.graph.accessPackageCustomExtensionStage.assignmentRequestCreated"
requestBody.SetType(&type)
data := graphmodels.NewAccessPackageAssignmentRequestCallbackData()
stage := graphmodels.ASSIGNMENTREQUESTCREATED_ACCESSPACKAGECUSTOMEXTENSIONSTAGE
data.SetStage(&stage)
customExtensionStageInstanceId := "957d0c50-466b-4840-bb5b-c92cea7141ff"
data.SetCustomExtensionStageInstanceId(&customExtensionStageInstanceId)
customExtensionStageInstanceDetail := "This user is all verified"
data.SetCustomExtensionStageInstanceDetail(&customExtensionStageInstanceDetail)
requestBody.SetData(data)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
graphClient.IdentityGovernance().EntitlementManagement().AssignmentRequests().ByAccessPackageAssignmentRequestId("accessPackageAssignmentRequest-id").Resume().Post(context.Background(), requestBody, nil)
有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息,请参阅 SDK 文档。
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
com.microsoft.graph.identitygovernance.entitlementmanagement.assignmentrequests.item.resume.ResumePostRequestBody resumePostRequestBody = new com.microsoft.graph.identitygovernance.entitlementmanagement.assignmentrequests.item.resume.ResumePostRequestBody();
resumePostRequestBody.setSource("Contoso.SodCheckProcess");
resumePostRequestBody.setType("microsoft.graph.accessPackageCustomExtensionStage.assignmentRequestCreated");
AccessPackageAssignmentRequestCallbackData data = new AccessPackageAssignmentRequestCallbackData();
data.setOdataType("microsoft.graph.accessPackageAssignmentRequestCallbackData");
data.setStage(AccessPackageCustomExtensionStage.AssignmentRequestCreated);
data.setCustomExtensionStageInstanceId("957d0c50-466b-4840-bb5b-c92cea7141ff");
data.setCustomExtensionStageInstanceDetail("This user is all verified");
resumePostRequestBody.setData(data);
graphClient.identityGovernance().entitlementManagement().assignmentRequests().byAccessPackageAssignmentRequestId("{accessPackageAssignmentRequest-id}").resume().post(resumePostRequestBody);
有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息,请参阅 SDK 文档。
const options = {
authProvider,
};
const client = Client.init(options);
const resume = {
source: 'Contoso.SodCheckProcess',
type: 'microsoft.graph.accessPackageCustomExtensionStage.assignmentRequestCreated',
data: {
'@odata.type': 'microsoft.graph.accessPackageAssignmentRequestCallbackData',
stage: 'assignmentRequestCreated',
customExtensionStageInstanceId: '957d0c50-466b-4840-bb5b-c92cea7141ff',
customExtensionStageInstanceDetail: 'This user is all verified'
}
};
await client.api('/identityGovernance/entitlementManagement/assignmentRequests/0e60f18c-b2a0-4887-9da8-da2e30a39d99/resume')
.post(resume);
有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息,请参阅 SDK 文档。
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\IdentityGovernance\EntitlementManagement\AssignmentRequests\Item\Resume\ResumePostRequestBody;
use Microsoft\Graph\Generated\Models\AccessPackageAssignmentRequestCallbackData;
use Microsoft\Graph\Generated\Models\AccessPackageCustomExtensionStage;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new ResumePostRequestBody();
$requestBody->setSource('Contoso.SodCheckProcess');
$requestBody->setType('microsoft.graph.accessPackageCustomExtensionStage.assignmentRequestCreated');
$data = new AccessPackageAssignmentRequestCallbackData();
$data->setOdataType('microsoft.graph.accessPackageAssignmentRequestCallbackData');
$data->setStage(new AccessPackageCustomExtensionStage('assignmentRequestCreated'));
$data->setCustomExtensionStageInstanceId('957d0c50-466b-4840-bb5b-c92cea7141ff');
$data->setCustomExtensionStageInstanceDetail('This user is all verified');
$requestBody->setData($data);
$graphServiceClient->identityGovernance()->entitlementManagement()->assignmentRequests()->byAccessPackageAssignmentRequestId('accessPackageAssignmentRequest-id')->resume()->post($requestBody)->wait();
有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息,请参阅 SDK 文档。
Import-Module Microsoft.Graph.Identity.Governance
$params = @{
source = "Contoso.SodCheckProcess"
type = "microsoft.graph.accessPackageCustomExtensionStage.assignmentRequestCreated"
data = @{
"@odata.type" = "microsoft.graph.accessPackageAssignmentRequestCallbackData"
stage = "assignmentRequestCreated"
customExtensionStageInstanceId = "957d0c50-466b-4840-bb5b-c92cea7141ff"
customExtensionStageInstanceDetail = "This user is all verified"
}
}
Resume-MgEntitlementManagementAssignmentRequest -AccessPackageAssignmentRequestId $accessPackageAssignmentRequestId -BodyParameter $params
有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息,请参阅 SDK 文档。
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.identitygovernance.entitlementmanagement.assignmentrequests.item.resume.resume_post_request_body import ResumePostRequestBody
from msgraph.generated.models.access_package_assignment_request_callback_data import AccessPackageAssignmentRequestCallbackData
from msgraph.generated.models.access_package_custom_extension_stage import AccessPackageCustomExtensionStage
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = ResumePostRequestBody(
source = "Contoso.SodCheckProcess",
type = "microsoft.graph.accessPackageCustomExtensionStage.assignmentRequestCreated",
data = AccessPackageAssignmentRequestCallbackData(
odata_type = "microsoft.graph.accessPackageAssignmentRequestCallbackData",
stage = AccessPackageCustomExtensionStage.AssignmentRequestCreated,
custom_extension_stage_instance_id = "957d0c50-466b-4840-bb5b-c92cea7141ff",
custom_extension_stage_instance_detail = "This user is all verified",
),
)
await graph_client.identity_governance.entitlement_management.assignment_requests.by_access_package_assignment_request_id('accessPackageAssignmentRequest-id').resume.post(request_body)
有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息,请参阅 SDK 文档。
响应
以下示例显示了相应的响应。
HTTP/1.1 204 No Content
示例 2:恢复和拒绝访问包分配请求
请求
以下示例演示通过拒绝正在等待回调的请求来恢复访问包分配请求的处理。 不能在 assignmentRequestCreated 标注阶段拒绝请求。
POST https://graph.microsoft.com/v1.0/identityGovernance/entitlementManagement/assignmentRequests/9e60f18c-b2a0-4887-9da8-da2e30a39d99/resume
Content-Type: application/json
{
"source": "Contoso.SodCheckProcess",
"type": "microsoft.graph.accessPackageCustomExtensionStage.assignmentRequestCreated",
"data": {
"@odata.type": "microsoft.graph.accessPackageAssignmentRequestCallbackData",
"stage": "AssignmentRequestCreated",
"customExtensionStageInstanceId": "857d0c50-466b-4840-bb5b-c92cea7141ff",
"state": "denied",
"customExtensionStageInstanceDetail": "Potential risk user based on the SOD check"
}
}
响应
以下示例显示了相应的响应。
HTTP/1.1 204 No Content