| title | Create permissionGrantPreApprovalPolicy |
|---|---|
| description | Create a new permissionGrantPreApprovalPolicy object. |
| author | yuhko-msft |
| ms.localizationpriority | medium |
| ms.subservice | entra-applications |
| doc_type | apiPageType |
| ms.date | 07/22/2024 |
Namespace: microsoft.graph
[!INCLUDE beta-disclaimer]
Create a new permissionGrantPreApprovalPolicy object.
[!INCLUDE national-cloud-support]
Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions only if your app requires it. For details about delegated and application permissions, see Permission types. To learn more about these permissions, see the permissions reference.
[!INCLUDE permissions-table]
[!INCLUDE rbac-permission-grant-preapproval-policy-write]
POST /policies/permissionGrantPreApprovalPolicies| Name | Description |
|---|---|
| Authorization | Bearer {token}. Required. Learn more about authentication and authorization. |
| Content-Type | application/json. Required. |
In the request body, supply a JSON representation of the permissionGrantPreApprovalPolicy object.
You can specify the following properties when creating a permissionGrantPreApprovalPolicy.
| Property | Type | Description |
|---|---|---|
| conditions | preApprovalDetail collection | A list of conditions that are preapproved in the policy. Required. |
If successful, this method returns a 201 Created response code and a permissionGrantPreApprovalPolicy object in the response body.
In the following example:
- The condition for the
chatresource type:- Indicates that all chats regardless of sensitivity labels are in scope
- Specifies that all application permissions for all APIs are preapproved
- The condition for the
groupresource type:- Specifies two sensitivity labels that are in scope
- Specifies two application permissions for the
00000003-0000-0000-c000-000000000000resource app are preapproved
POST https://graph.microsoft.com/beta/policies/permissionGrantPreApprovalPolicies
Content-Type: application/json
{
"conditions": [
{
"scopeType": "chat",
"sensitivityLabels": {
"@odata.type": "#microsoft.graph.allScopeSensitivityLabels",
"labelKind": "all"
},
"permissions": {
"@odata.type": "#microsoft.graph.allPreApprovedPermissions",
"permissionKind": "all",
"permissionType": "application"
}
},
{
"scopeType": "group",
"scopeSensitivityLabels": {
"@odata.type": "microsoft.graph.enumeratedScopeSensitivityLabels",
"labelKind": "enumerated",
"sensitivityLabels": [
"d9c43deb-f3e1-4422-9fd6-ccf22a3206b8",
"c99dade2-aa54-4890-ac1c-a146fa26bd1e"
]
},
"permissions": {
"@odata.type": "#microsoft.graph.enumeratedPreApprovedPermissions",
"permissionKind": "enumerated",
"permissionType": "application",
"resourceApplicationId": "00000003-0000-0000-c000-000000000000",
"permissionIds": [
"134483aa-3dda-4d65-ac91-b8dda1417875",
"9d33613d-f855-483b-bca7-ea63ac9f5485"
]
}
}
]
}[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
Note: The response object shown here might be shortened for readability.
HTTP/1.1 201 Created
Content-Type: application/json
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#policies/permissionGrantPreApprovalPolicies/$entity",
"id": "71ba13dc-5947-4e59-bcc5-0ad5c339a853",
"deletedDateTime": null,
"conditions": [
{
"scopeType": "chat",
"sensitivityLabels": {
"@odata.type": "#microsoft.graph.enumeratedScopeSensitivityLabels",
"labelKind": "enumerated",
"sensitivityLabels": [
"d9c43deb-f3e1-4422-9fd6-ccf22a3206b8",
"c99dade2-aa54-4890-ac1c-a146fa26bd1e"
]
},
"permissions": {
"@odata.type": "#microsoft.graph.allPreApprovedPermissions",
"permissionKind": "all",
"permissionType": "application"
}
},
{
"scopeType": "group",
"sensitivityLabels": {
"@odata.type": "#microsoft.graph.allScopeSensitivityLabels",
"labelKind": "all"
},
"permissions": {
"@odata.type": "#microsoft.graph.enumeratedPreApprovedPermissions",
"permissionKind": "enumerated",
"resourceApplicationId": "00000003-0000-0000-c000-000000000000",
"permissionIds": [
"134483aa-3dda-4d65-ac91-b8dda1417875",
"9d33613d-f855-483b-bca7-ea63ac9f5485"
],
"permissionType": "application"
}
}
]
}Example 2: Create a preapproval policy for group scope and preapprove all permissions from a given API
POST https://graph.microsoft.com/beta/policies/permissionGrantPreApprovalPolicies
Content-Type: application/json
{
"conditions": [
{
"scopeType": "group",
"sensitivityLabels": {
"@odata.type": "#microsoft.graph.allScopeSensitivityLabels",
"labelKind": "all"
},
"permissions": {
"@odata.type": "#microsoft.graph.allPermissionsOnResourceApp",
"permissionKind": "allPermissionsOnResourceApp",
"permissionType": "application",
"resourceApplicationId": "00000003-0000-0000-c000-000000000000"
}
}
]
}[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
Note: The response object shown here might be shortened for readability.
HTTP/1.1 201 Created
Content-Type: application/json
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#policies/permissionGrantPreApprovalPolicies/$entity",
"id": "81cc4c53-1333-47b3-9fa5-1963876e0c5c",
"deletedDateTime": null,
"conditions": [
{
"scopeType": "group",
"sensitivityLabels": {
"@odata.type": "#microsoft.graph.allScopeSensitivityLabels",
"labelKind": "all"
},
"permissions": {
"@odata.type": "#microsoft.graph.allPermissionsOnResourceApp",
"permissionKind": "allPermissionsOnResourceApp",
"permissionType": "application",
"resourceApplicationId": "00000003-0000-0000-c000-000000000000"
}
}
]
}