命名空间:microsoft.graph
创建新的 accessReviewHistoryDefinition 对象。
此 API 可用于以下国家级云部署。
| 全局服务 |
美国政府 L4 |
美国政府 L5 (DOD) |
由世纪互联运营的中国 |
| ✅ |
✅ |
✅ |
✅ |
权限
为此 API 选择标记为最低特权的权限。
只有在应用需要它时,才使用更高的特权权限。 有关委派权限和应用程序权限的详细信息,请参阅权限类型。 要了解有关这些权限的详细信息,请参阅 权限参考。
| 权限类型 |
最低特权权限 |
更高特权权限 |
| 委派(工作或学校帐户) |
AccessReview.ReadWrite.All |
不可用。 |
| 委派(个人 Microsoft 帐户) |
不支持。 |
不支持。 |
| 应用程序 |
AccessReview.ReadWrite.All |
不可用。 |
重要
在具有工作或学校帐户的委托方案中,必须为登录用户分配受支持的Microsoft Entra角色或具有支持的角色权限的自定义角色。 此操作支持以下最低特权角色。
- 若要编写组或应用的访问评审,请执行以下操作: 用户管理员、 标识治理管理员
- 若要编写Microsoft Entra角色的访问评审,请执行以下操作:标识治理管理员、特权角色管理员
HTTP 请求
POST /identityGovernance/accessReviews/historyDefinitions
| 名称 |
说明 |
| Authorization |
持有者 {token}。 必填。 详细了解 身份验证和授权。 |
| Content-Type |
application/json. 必需。 |
请求正文
在请求正文中,提供 accessReviewHistoryDefinition 对象的 JSON 表示形式。
下表显示了用于创建 accessReviewHistoryDefinition 的必需属性。
| 属性 |
类型 |
说明 |
| displayName |
String |
访问评审历史记录数据收集的名称。 必填。 |
| reviewHistoryPeriodStartDateTime |
DateTimeOffset |
时间戳。 从此日期开始或之后的评审将包含在提取的历史记录数据中。 仅当未定义 scheduleSettings 时才需要。 |
| reviewHistoryPeriodEndDateTime |
DateTimeOffset |
时间戳。 从此日期开始或之前开始的审阅将包含在提取的历史记录数据中。 仅当未定义 scheduleSettings 时才需要。 |
| scopes |
accessReviewQueryScope 集合 |
用于筛选提取的历史记录数据中包含的评审。 提取其范围与此提供的范围匹配的评审。 必填。
有关详细信息,请参阅 accessReviewHistoryDefinition 支持的范围查询。 |
| scheduleSettings |
accessReviewHistoryScheduleSettings |
尚不支持。 定期访问评审历史记录定义系列的设置。 仅当未定义 reviewHistoryPeriodStartDateTime 或 reviewHistoryPeriodEndDateTime 时才需要。 |
accessReviewHistoryDefinition 支持的范围查询
accessReviewHistoryDefinition 的 scopes 属性基于 accessReviewQueryScope,该资源允许在查询属性中配置不同的资源。 然后,这些资源表示历史记录定义的范围,并指定在创建历史记录定义的 accessReviewHistoryInstances 时生成的可下载 CSV 文件中包含的审阅历史记录数据的类型。
$filter
accessReviewScheduleDefinition 的 scope 属性支持使用 contains 运算符的查询参数。 对请求使用以下格式:
/identityGovernance/accessReviews/definitions?$filter=contains(scope/microsoft.graph.accessReviewQueryScope/query, '{object}')
可以 {object} 具有以下值之一:
| 值 |
说明 |
/groups |
列出单个组的每个 accessReviewScheduleDefinition (不包括作用域为来宾) 的所有Microsoft 365 个组的定义。 |
/groups/{group id} |
列出特定组的每个 accessReviewScheduleDefinition (不包括作用域为来宾) 的所有Microsoft 365 个组的定义。 |
./members |
列出每个 accessReviewScheduleDefinition 作用域为包含来宾的所有Microsoft 365 个组。 |
accessPackageAssignments |
列出访问包上的每个 accessReviewScheduleDefinition。 |
roleAssignmentScheduleInstances |
列出分配给特权角色的主体的每个 accessReviewScheduleDefinition。 |
$filter
accessReviewInactiveUserQueryScope 或 principalResourceMembershipScope 不支持查询参数。
响应
如果成功,此方法在响应正文中返回响应 201 Created 代码和 accessReviewHistoryDefinition 对象。
示例
以下示例演示如何创建访问评审历史记录定义,该定义的范围限定为访问包和组的访问评审,该定义在开始日期 01/01/2021 和结束日期 04/05/2021 之间运行。
请求
POST https://graph.microsoft.com/v1.0/identityGovernance/accessReviews/historyDefinitions
Content-Type: application/json
{
"displayName": "Last quarter's group reviews April 2021",
"decisions": [
"approve",
"deny",
"dontKnow",
"notReviewed",
"notNotified"
],
"reviewHistoryPeriodStartDateTime": "2021-01-01T00:00:00Z",
"reviewHistoryPeriodEndDateTime": "2021-04-30T23:59:59Z",
"scopes": [
{
"@odata.type": "#microsoft.graph.accessReviewQueryScope",
"queryType": "MicrosoftGraph",
"query": "/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, 'accessPackageAssignments')",
"queryRoot": null
},
{
"@odata.type": "#microsoft.graph.accessReviewQueryScope",
"queryType": "MicrosoftGraph",
"query": "/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, '/groups')",
"queryRoot": null
}
]
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Models;
var requestBody = new AccessReviewHistoryDefinition
{
DisplayName = "Last quarter's group reviews April 2021",
Decisions = new List<AccessReviewHistoryDecisionFilter?>
{
AccessReviewHistoryDecisionFilter.Approve,
AccessReviewHistoryDecisionFilter.Deny,
AccessReviewHistoryDecisionFilter.DontKnow,
AccessReviewHistoryDecisionFilter.NotReviewed,
AccessReviewHistoryDecisionFilter.NotNotified,
},
ReviewHistoryPeriodStartDateTime = DateTimeOffset.Parse("2021-01-01T00:00:00Z"),
ReviewHistoryPeriodEndDateTime = DateTimeOffset.Parse("2021-04-30T23:59:59Z"),
Scopes = new List<AccessReviewScope>
{
new AccessReviewQueryScope
{
OdataType = "#microsoft.graph.accessReviewQueryScope",
QueryType = "MicrosoftGraph",
Query = "/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, 'accessPackageAssignments')",
QueryRoot = null,
},
new AccessReviewQueryScope
{
OdataType = "#microsoft.graph.accessReviewQueryScope",
QueryType = "MicrosoftGraph",
Query = "/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, '/groups')",
QueryRoot = null,
},
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.AccessReviews.HistoryDefinitions.PostAsync(requestBody);
有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息,请参阅 SDK 文档。
mgc identity-governance access-reviews history-definitions create --body '{\
"displayName": "Last quarter's group reviews April 2021",\
"decisions": [\
"approve",\
"deny",\
"dontKnow",\
"notReviewed",\
"notNotified"\
],\
"reviewHistoryPeriodStartDateTime": "2021-01-01T00:00:00Z",\
"reviewHistoryPeriodEndDateTime": "2021-04-30T23:59:59Z",\
"scopes": [\
{\
"@odata.type": "#microsoft.graph.accessReviewQueryScope",\
"queryType": "MicrosoftGraph", \
"query": "/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, 'accessPackageAssignments')",\
"queryRoot": null\
}, \
{\
"@odata.type": "#microsoft.graph.accessReviewQueryScope",\
"queryType": "MicrosoftGraph", \
"query": "/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, '/groups')",\
"queryRoot": null\
}\
]\
}\
'
有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息,请参阅 SDK 文档。
// Code snippets are only available for the latest major version. Current major version is $v1.*
// Dependencies
import (
"context"
"time"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewAccessReviewHistoryDefinition()
displayName := "Last quarter's group reviews April 2021"
requestBody.SetDisplayName(&displayName)
decisions := []graphmodels.AccessReviewHistoryDecisionFilterable {
accessReviewHistoryDecisionFilter := graphmodels.APPROVE_ACCESSREVIEWHISTORYDECISIONFILTER
requestBody.SetAccessReviewHistoryDecisionFilter(&accessReviewHistoryDecisionFilter)
accessReviewHistoryDecisionFilter := graphmodels.DENY_ACCESSREVIEWHISTORYDECISIONFILTER
requestBody.SetAccessReviewHistoryDecisionFilter(&accessReviewHistoryDecisionFilter)
accessReviewHistoryDecisionFilter := graphmodels.DONTKNOW_ACCESSREVIEWHISTORYDECISIONFILTER
requestBody.SetAccessReviewHistoryDecisionFilter(&accessReviewHistoryDecisionFilter)
accessReviewHistoryDecisionFilter := graphmodels.NOTREVIEWED_ACCESSREVIEWHISTORYDECISIONFILTER
requestBody.SetAccessReviewHistoryDecisionFilter(&accessReviewHistoryDecisionFilter)
accessReviewHistoryDecisionFilter := graphmodels.NOTNOTIFIED_ACCESSREVIEWHISTORYDECISIONFILTER
requestBody.SetAccessReviewHistoryDecisionFilter(&accessReviewHistoryDecisionFilter)
}
requestBody.SetDecisions(decisions)
reviewHistoryPeriodStartDateTime , err := time.Parse(time.RFC3339, "2021-01-01T00:00:00Z")
requestBody.SetReviewHistoryPeriodStartDateTime(&reviewHistoryPeriodStartDateTime)
reviewHistoryPeriodEndDateTime , err := time.Parse(time.RFC3339, "2021-04-30T23:59:59Z")
requestBody.SetReviewHistoryPeriodEndDateTime(&reviewHistoryPeriodEndDateTime)
accessReviewScope := graphmodels.NewAccessReviewQueryScope()
queryType := "MicrosoftGraph"
accessReviewScope.SetQueryType(&queryType)
query := "/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, 'accessPackageAssignments')"
accessReviewScope.SetQuery(&query)
queryRoot := null
accessReviewScope.SetQueryRoot(&queryRoot)
accessReviewScope1 := graphmodels.NewAccessReviewQueryScope()
queryType := "MicrosoftGraph"
accessReviewScope1.SetQueryType(&queryType)
query := "/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, '/groups')"
accessReviewScope1.SetQuery(&query)
queryRoot := null
accessReviewScope1.SetQueryRoot(&queryRoot)
scopes := []graphmodels.AccessReviewScopeable {
accessReviewScope,
accessReviewScope1,
}
requestBody.SetScopes(scopes)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
historyDefinitions, err := graphClient.IdentityGovernance().AccessReviews().HistoryDefinitions().Post(context.Background(), requestBody, nil)
有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息,请参阅 SDK 文档。
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
AccessReviewHistoryDefinition accessReviewHistoryDefinition = new AccessReviewHistoryDefinition();
accessReviewHistoryDefinition.setDisplayName("Last quarter's group reviews April 2021");
LinkedList<AccessReviewHistoryDecisionFilter> decisions = new LinkedList<AccessReviewHistoryDecisionFilter>();
decisions.add(AccessReviewHistoryDecisionFilter.Approve);
decisions.add(AccessReviewHistoryDecisionFilter.Deny);
decisions.add(AccessReviewHistoryDecisionFilter.DontKnow);
decisions.add(AccessReviewHistoryDecisionFilter.NotReviewed);
decisions.add(AccessReviewHistoryDecisionFilter.NotNotified);
accessReviewHistoryDefinition.setDecisions(decisions);
OffsetDateTime reviewHistoryPeriodStartDateTime = OffsetDateTime.parse("2021-01-01T00:00:00Z");
accessReviewHistoryDefinition.setReviewHistoryPeriodStartDateTime(reviewHistoryPeriodStartDateTime);
OffsetDateTime reviewHistoryPeriodEndDateTime = OffsetDateTime.parse("2021-04-30T23:59:59Z");
accessReviewHistoryDefinition.setReviewHistoryPeriodEndDateTime(reviewHistoryPeriodEndDateTime);
LinkedList<AccessReviewScope> scopes = new LinkedList<AccessReviewScope>();
AccessReviewQueryScope accessReviewScope = new AccessReviewQueryScope();
accessReviewScope.setOdataType("#microsoft.graph.accessReviewQueryScope");
accessReviewScope.setQueryType("MicrosoftGraph");
accessReviewScope.setQuery("/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, 'accessPackageAssignments')");
accessReviewScope.setQueryRoot(null);
scopes.add(accessReviewScope);
AccessReviewQueryScope accessReviewScope1 = new AccessReviewQueryScope();
accessReviewScope1.setOdataType("#microsoft.graph.accessReviewQueryScope");
accessReviewScope1.setQueryType("MicrosoftGraph");
accessReviewScope1.setQuery("/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, '/groups')");
accessReviewScope1.setQueryRoot(null);
scopes.add(accessReviewScope1);
accessReviewHistoryDefinition.setScopes(scopes);
AccessReviewHistoryDefinition result = graphClient.identityGovernance().accessReviews().historyDefinitions().post(accessReviewHistoryDefinition);
有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息,请参阅 SDK 文档。
const options = {
authProvider,
};
const client = Client.init(options);
const accessReviewHistoryDefinition = {
displayName: 'Last quarter\'s group reviews April 2021',
decisions: [
'approve',
'deny',
'dontKnow',
'notReviewed',
'notNotified'
],
reviewHistoryPeriodStartDateTime: '2021-01-01T00:00:00Z',
reviewHistoryPeriodEndDateTime: '2021-04-30T23:59:59Z',
scopes: [
{
'@odata.type': '#microsoft.graph.accessReviewQueryScope',
queryType: 'MicrosoftGraph',
query: '/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, \'accessPackageAssignments\')',
queryRoot: null
},
{
'@odata.type': '#microsoft.graph.accessReviewQueryScope',
queryType: 'MicrosoftGraph',
query: '/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, \'/groups\')',
queryRoot: null
}
]
};
await client.api('/identityGovernance/accessReviews/historyDefinitions')
.post(accessReviewHistoryDefinition);
有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息,请参阅 SDK 文档。
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\AccessReviewHistoryDefinition;
use Microsoft\Graph\Generated\Models\AccessReviewHistoryDecisionFilter;
use Microsoft\Graph\Generated\Models\AccessReviewScope;
use Microsoft\Graph\Generated\Models\AccessReviewQueryScope;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new AccessReviewHistoryDefinition();
$requestBody->setDisplayName('Last quarter\'s group reviews April 2021');
$requestBody->setDecisions([new AccessReviewHistoryDecisionFilter('approve'),new AccessReviewHistoryDecisionFilter('deny'),new AccessReviewHistoryDecisionFilter('dontKnow'),new AccessReviewHistoryDecisionFilter('notReviewed'),new AccessReviewHistoryDecisionFilter('notNotified'), ]);
$requestBody->setReviewHistoryPeriodStartDateTime(new \DateTime('2021-01-01T00:00:00Z'));
$requestBody->setReviewHistoryPeriodEndDateTime(new \DateTime('2021-04-30T23:59:59Z'));
$scopesAccessReviewScope1 = new AccessReviewQueryScope();
$scopesAccessReviewScope1->setOdataType('#microsoft.graph.accessReviewQueryScope');
$scopesAccessReviewScope1->setQueryType('MicrosoftGraph');
$scopesAccessReviewScope1->setQuery('/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, \'accessPackageAssignments\')');
$scopesAccessReviewScope1->setQueryRoot(null);
$scopesArray []= $scopesAccessReviewScope1;
$scopesAccessReviewScope2 = new AccessReviewQueryScope();
$scopesAccessReviewScope2->setOdataType('#microsoft.graph.accessReviewQueryScope');
$scopesAccessReviewScope2->setQueryType('MicrosoftGraph');
$scopesAccessReviewScope2->setQuery('/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, \'/groups\')');
$scopesAccessReviewScope2->setQueryRoot(null);
$scopesArray []= $scopesAccessReviewScope2;
$requestBody->setScopes($scopesArray);
$result = $graphServiceClient->identityGovernance()->accessReviews()->historyDefinitions()->post($requestBody)->wait();
有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息,请参阅 SDK 文档。
Import-Module Microsoft.Graph.Identity.Governance
$params = @{
displayName = "Last quarter's group reviews April 2021"
decisions = @(
"approve"
"deny"
"dontKnow"
"notReviewed"
"notNotified"
)
reviewHistoryPeriodStartDateTime = [System.DateTime]::Parse("2021-01-01T00:00:00Z")
reviewHistoryPeriodEndDateTime = [System.DateTime]::Parse("2021-04-30T23:59:59Z")
scopes = @(
@{
"@odata.type" = "#microsoft.graph.accessReviewQueryScope"
queryType = "MicrosoftGraph"
query = "/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, 'accessPackageAssignments')"
queryRoot = $null
}
@{
"@odata.type" = "#microsoft.graph.accessReviewQueryScope"
queryType = "MicrosoftGraph"
query = "/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, '/groups')"
queryRoot = $null
}
)
}
New-MgIdentityGovernanceAccessReviewHistoryDefinition -BodyParameter $params
有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息,请参阅 SDK 文档。
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.models.access_review_history_definition import AccessReviewHistoryDefinition
from msgraph.generated.models.access_review_history_decision_filter import AccessReviewHistoryDecisionFilter
from msgraph.generated.models.access_review_scope import AccessReviewScope
from msgraph.generated.models.access_review_query_scope import AccessReviewQueryScope
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = AccessReviewHistoryDefinition(
display_name = "Last quarter's group reviews April 2021",
decisions = [
AccessReviewHistoryDecisionFilter.Approve,
AccessReviewHistoryDecisionFilter.Deny,
AccessReviewHistoryDecisionFilter.DontKnow,
AccessReviewHistoryDecisionFilter.NotReviewed,
AccessReviewHistoryDecisionFilter.NotNotified,
],
review_history_period_start_date_time = "2021-01-01T00:00:00Z",
review_history_period_end_date_time = "2021-04-30T23:59:59Z",
scopes = [
AccessReviewQueryScope(
odata_type = "#microsoft.graph.accessReviewQueryScope",
query_type = "MicrosoftGraph",
query = "/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, 'accessPackageAssignments')",
query_root = None,
),
AccessReviewQueryScope(
odata_type = "#microsoft.graph.accessReviewQueryScope",
query_type = "MicrosoftGraph",
query = "/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, '/groups')",
query_root = None,
),
],
)
result = await graph_client.identity_governance.access_reviews.history_definitions.post(request_body)
有关如何将 SDK 添加到项目并创建 authProvider 实例的详细信息,请参阅 SDK 文档。
响应
注意:为了提高可读性,可能缩短了此处显示的响应对象。
HTTP/1.1 201 Created
Content-Type: application/json
{
"@odata.type": "#microsoft.graph.accessReviewHistoryDefinition",
"id": "b2cb022f-b7e1-40f3-9854-c65a40861c38",
"displayName": "Last quarter's group reviews April 2021",
"reviewHistoryPeriodStartDateTime": "2021-01-01T00:00:00Z",
"reviewHistoryPeriodEndDateTime": "2021-04-30T23:59:59Z",
"decisions": [
"approve",
"deny",
"dontKnow",
"notReviewed",
"notNotified"
],
"status": "requested",
"createdDateTime": "2021-04-14T00:22:48.9392594Z",
"createdBy": {
"id": "957f1027-c0ee-460d-9269-b8444459e0fe",
"displayName": "MOD Administrator",
"userPrincipalName": "admin@contoso.com"
},
"scopes": [
{
"@odata.type": "#microsoft.graph.accessReviewQueryScope",
"queryType": "MicrosoftGraph",
"query": "/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, 'accessPackageAssignments')",
"queryRoot": null
},
{
"@odata.type": "#microsoft.graph.accessReviewQueryScope",
"queryType": "MicrosoftGraph",
"query": "/identityGovernance/accessReviews/definitions?$filter=contains(scope/query, '/groups')",
"queryRoot": null
}
]
}