scope_access_review_instances
Creates, updates, deletes, gets or lists a scope_access_review_instances resource.
Overview
| Name | scope_access_review_instances |
| Type | Resource |
| Id | azure.authorization.scope_access_review_instances |
Fields
The following fields are returned by SELECT queries:
- get_by_id
- list
Describe the result of a successful operation.
| Name | Datatype | Description |
|---|---|---|
id | string | The access review instance id. |
name | string | The access review instance name. |
properties | object | Access Review properties. |
type | string | The resource type. |
Describe the result of a successful operation.
| Name | Datatype | Description |
|---|---|---|
id | string | The access review instance id. |
name | string | The access review instance name. |
properties | object | Access Review properties. |
type | string | The resource type. |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
get_by_id | select | scope, scheduleDefinitionId, id | Get access review instances | |
list | select | scope, scheduleDefinitionId | $filter | Get access review instances |
create | insert | scope, scheduleDefinitionId, id | Update access review instance. | |
stop | exec | scope, scheduleDefinitionId, id | An action to stop an access review instance. | |
record_all_decisions | exec | scope, scheduleDefinitionId, id | An action to approve/deny all decisions for a review with certain filters. | |
reset_decisions | exec | scope, scheduleDefinitionId, id | An action to reset all decisions for an access review instance. | |
apply_decisions | exec | scope, scheduleDefinitionId, id | An action to apply all decisions for an access review instance. | |
send_reminders | exec | scope, scheduleDefinitionId, id | An action to send reminders for an access review instance. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
id | string | The id of the access review instance. |
scheduleDefinitionId | string | The id of the access review schedule definition. |
scope | string | The scope of the operation or resource. Valid scopes are: subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}' |
$filter | string | The filter to apply on the operation. Other than standard filters, one custom filter option is supported : 'assignedToMeToReview()'. When one specified $filter=assignedToMeToReview(), only items that are assigned to the calling user to review are returned |
SELECT examples
- get_by_id
- list
Get access review instances
SELECT
id,
name,
properties,
type
FROM azure.authorization.scope_access_review_instances
WHERE scope = '{{ scope }}' -- required
AND scheduleDefinitionId = '{{ scheduleDefinitionId }}' -- required
AND id = '{{ id }}' -- required
;
Get access review instances
SELECT
id,
name,
properties,
type
FROM azure.authorization.scope_access_review_instances
WHERE scope = '{{ scope }}' -- required
AND scheduleDefinitionId = '{{ scheduleDefinitionId }}' -- required
AND $filter = '{{ $filter }}'
;
INSERT examples
- create
- Manifest
Update access review instance.
INSERT INTO azure.authorization.scope_access_review_instances (
data__startDateTime,
data__endDateTime,
data__reviewers,
data__backupReviewers,
scope,
scheduleDefinitionId,
id
)
SELECT
'{{ startDateTime }}',
'{{ endDateTime }}',
'{{ reviewers }}',
'{{ backupReviewers }}',
'{{ scope }}',
'{{ scheduleDefinitionId }}',
'{{ id }}'
RETURNING
id,
name,
properties,
type
;
# Description fields are for documentation purposes
- name: scope_access_review_instances
props:
- name: scope
value: string
description: Required parameter for the scope_access_review_instances resource.
- name: scheduleDefinitionId
value: string
description: Required parameter for the scope_access_review_instances resource.
- name: id
value: string
description: Required parameter for the scope_access_review_instances resource.
- name: startDateTime
value: string
description: |
The DateTime when the review instance is scheduled to be start.
- name: endDateTime
value: string
description: |
The DateTime when the review instance is scheduled to end.
- name: reviewers
value: array
description: |
This is the collection of reviewers.
- name: backupReviewers
value: array
description: |
This is the collection of backup reviewers.
Lifecycle Methods
- stop
- record_all_decisions
- reset_decisions
- apply_decisions
- send_reminders
An action to stop an access review instance.
EXEC azure.authorization.scope_access_review_instances.stop
@scope='{{ scope }}' --required,
@scheduleDefinitionId='{{ scheduleDefinitionId }}' --required,
@id='{{ id }}' --required
;
An action to approve/deny all decisions for a review with certain filters.
EXEC azure.authorization.scope_access_review_instances.record_all_decisions
@scope='{{ scope }}' --required,
@scheduleDefinitionId='{{ scheduleDefinitionId }}' --required,
@id='{{ id }}' --required
@@json=
'{
"decision": "{{ decision }}",
"justification": "{{ justification }}"
}'
;
An action to reset all decisions for an access review instance.
EXEC azure.authorization.scope_access_review_instances.reset_decisions
@scope='{{ scope }}' --required,
@scheduleDefinitionId='{{ scheduleDefinitionId }}' --required,
@id='{{ id }}' --required
;
An action to apply all decisions for an access review instance.
EXEC azure.authorization.scope_access_review_instances.apply_decisions
@scope='{{ scope }}' --required,
@scheduleDefinitionId='{{ scheduleDefinitionId }}' --required,
@id='{{ id }}' --required
;
An action to send reminders for an access review instance.
EXEC azure.authorization.scope_access_review_instances.send_reminders
@scope='{{ scope }}' --required,
@scheduleDefinitionId='{{ scheduleDefinitionId }}' --required,
@id='{{ id }}' --required
;