| title | accessReviewInstanceDecisionItem: filterByCurrentUser |
|---|---|
| description | Retrieve all decision items on an instance of an access review or a stage of an instance of a multi-stage access review, for which the calling user is the reviewer. |
| author | jyothig123 |
| ms.localizationpriority | medium |
| ms.subservice | entra-id-governance |
| doc_type | apiPageType |
| ms.date | 04/05/2024 |
Namespace: microsoft.graph
[!INCLUDE beta-disclaimer]
Retrieve all decision items on an instance of an access review or a stage of an instance of a multi-stage access review, for which the calling user is the reviewer. The decision items are presented by a accessReviewInstanceDecisionItem objects on a given accessReviewInstance or accessReviewStage for which the calling user is the reviewer.
[!INCLUDE national-cloud-support]
Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions only if your app requires it. For details about delegated and application permissions, see Permission types. To learn more about these permissions, see the permissions reference.
[!INCLUDE permissions-table]
To retrieve decisions for an instance of an access review for which the calling user is the reviewer:
GET /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/decisions/filterByCurrentUser(on='reviewer')To retrieve decisions for a stage in an instance of an access review for which the calling user is the reviewer:
GET /identityGovernance/accessReviews/definitions/{accessReviewScheduleDefinitionId}/instances/{accessReviewInstanceId}/stages/{accessReviewStageId}/decisions/filterByCurrentUser(on='reviewer')Note
Reviewers of multi-stage reviews can retrieve the decisions from previous stages if the decisionHistoriesForReviewersEnabled property is enabled in the settings of the accessReviewScheduleDefinition object.
The following table shows the query parameters that can be used with this method.
| Parameter | Type | Description |
|---|---|---|
| on | accessReviewInstanceDecisionItemFilterByCurrentUserOptions | Filter to query decision objects for the current user. Possible values are reviewer, unknownFutureValue. Use reviewer. Required. |
This method supports the $select, $filter, $orderby, $skip, $apply, and $top OData query parameters to help customize the response. For general information, see OData query parameters.
The default page size for this API is 100 accessReviewInstanceDecisionItem objects. To improve efficiency and avoid timeouts due to large result sets, apply pagination using the $skip and $top query parameters. For more information, see Paging Microsoft Graph data in your app.
| Name | Description |
|---|---|
| Authorization | Bearer {token}. Required. Learn more about authentication and authorization. |
Don't supply a request body for this method.
If successful, this function returns a 200 OK response code and a accessReviewInstanceDecisionItem collection in the response body.
Example 1: Retrieve all decisions on an accessReviewInstance for which the calling user is the reviewer
GET https://graph.microsoft.com/beta/identityGovernance/accessReviews/definitions/0185aab8-9a7e-44b5-ae36-41b923c3bf87/instances/1234aab8-9a7e-5678-ae36-41b923c3bf87/decisions/filterByCurrentUser(on='reviewer')[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
Note: The response object shown here might be shortened for readability.
HTTP/1.1 200 OK
Content-Type: application/json
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#Collection(accessReviewInstanceDecisionItem)",
"@odata.count": 1,
"value": [
{
"@odata.type": "#microsoft.graph.accessReviewInstanceDecisionItem",
"id": "139166ec-d214-4835-95aa-3c1d89581e51",
"accessReviewId": "8d035c9d-798d-47fa-beb4-f986a4b8126f",
"reviewedDateTime": "2021-05-03T19:28:25.02Z",
"decision": "Approve",
"justification": "Christie still needs access to the Marketing group as she works in the Marketing organization.",
"appliedDateTime": null,
"applyResult": "New",
"recommendation": "Deny",
"principalLink": "https://graph.microsoft.com/v1.0/users/1800bb2c-955d-4205-8471-3a6c3116435d",
"resourceLink": null,
"resource": null,
"reviewedBy": {
"id": "36c4c56e-fce3-4e2d-b28e-4ac0c7d2fa10",
"displayName": "MOD Administrator",
"userPrincipalName": "MOD Administrator"
},
"appliedBy": {
"id": "00000000-0000-0000-0000-000000000000",
"displayName": "",
"userPrincipalName": ""
},
"target": {
"@odata.type": "#microsoft.graph.accessReviewInstanceDecisionItemUserTarget",
"userId": "1800bb2c-955d-4205-8471-3a6c3116435d",
"userDisplayName": "Christie Cline",
"userPrincipalName": "ChristieC@contoso.com"
},
"principal": {
"@odata.type": "#microsoft.graph.userIdentity",
"id": "1800bb2c-955d-4205-8471-3a6c3116435d",
"displayName": "Christie Cline",
"userPrincipalName": "ChristieC@contoso.com"
}
}
]
}Example 2: Retrieve all decisions on an accessReviewStage of a multi-stage access review for which the calling user is the reviewer
GET https://graph.microsoft.com/beta/identityGovernance/accessReviews/definitions/0185aab8-9a7e-44b5-ae36-41b923c3bf87/instances/1234aab8-9a7e-5678-ae36-41b923c3bf87/stages/9458f255-dff2-4d86-9a05-69438f49d7f8/decisions/filterByCurrentUser(on='reviewer')[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
Note: The response object shown here might be shortened for readability.
HTTP/1.1 200 OK
Content-Type: application/json
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#Collection(accessReviewInstanceDecisionItem)",
"@odata.count": 1,
"value": [
{
"@odata.type": "#microsoft.graph.accessReviewInstanceDecisionItem",
"id": "139166ec-d214-4835-95aa-3c1d89581e51",
"accessReviewId": "8d035c9d-798d-47fa-beb4-f986a4b8126f",
"reviewedDateTime": "2021-05-03T19:28:25.02Z",
"decision": "Approve",
"justification": "Christie still needs access to the Marketing group as she works in the Marketing organization.",
"appliedDateTime": null,
"applyResult": "New",
"recommendation": "Deny",
"principalLink": "https://graph.microsoft.com/v1.0/users/1800bb2c-955d-4205-8471-3a6c3116435d",
"resourceLink": null,
"resource": null,
"reviewedBy": {
"id": "36c4c56e-fce3-4e2d-b28e-4ac0c7d2fa10",
"displayName": "MOD Administrator",
"userPrincipalName": "MOD Administrator"
},
"appliedBy": {
"id": "00000000-0000-0000-0000-000000000000",
"displayName": "",
"userPrincipalName": ""
},
"target": {
"@odata.type": "#microsoft.graph.accessReviewInstanceDecisionItemUserTarget",
"userId": "1800bb2c-955d-4205-8471-3a6c3116435d",
"userDisplayName": "Christie Cline",
"userPrincipalName": "ChristieC@contoso.com"
},
"principal": {
"@odata.type": "#microsoft.graph.userIdentity",
"id": "1800bb2c-955d-4205-8471-3a6c3116435d",
"displayName": "Christie Cline",
"userPrincipalName": "ChristieC@contoso.com"
}
}
]
}Example 3: Retrieve an unique list of principals on an user centric access review or BYOD review instance for which the calling user is the reviewer
GET https://graph.microsoft.com/beta/identityGovernance/accessReviews/definitions/0185aab8-9a7e-44b5-ae36-41b923c3bf87/instances/1234aab8-9a7e-5678-ae36-41b923c3bf87/decisions/filterByCurrentUser(on='reviewer')?$apply=groupby(principal/id, principal/displayName)[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE snippet-not-available] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
Note: The response object shown here might be shortened for readability.
HTTP/1.1 200 OK
Content-Type: application/json
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#Collection(accessReviewInstanceDecisionItem)",
"value": [
{
"principal": {
"displayName": "John Doe",
"id": "c1dc83de-40f6-4ff8-999f-7597bd036fb3"
}
},
{
"principal": {
"displayName": "Dave Smith",
"id": "a0528a38-5992-4a2b-b27b-939d46040e6e"
}
}
]
}Example 4: Retrieve an unique list of resources for an user centric access review or BYOD review instance for which the calling user is the reviewer
GET https://graph.microsoft.com/beta/identityGovernance/accessReviews/definitions/0185aab8-9a7e-44b5-ae36-41b923c3bf87/instances/1234aab8-9a7e-5678-ae36-41b923c3bf87/decisions/filterByCurrentUser(on='reviewer')?$apply=groupby((resource/id, resource/displayName))[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
Note: The response object shown here might be shortened for readability.
HTTP/1.1 200 OK
Content-Type: application/json
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#Collection(accessReviewInstanceDecisionItem)",
"value": [
{
"resource": {
"displayName": "Sample resource",
"id": "f83a9c09-3248-41f7-adcb-d68dd59f9477"
}
}
]
}