title	Create eligibilityScheduleRequest
description	Create a new privilegedAccessGroupEligibilityScheduleRequest object.
author	ilyalushnikov
ms.localizationpriority	medium
ms.subservice	entra-id-governance
doc_type	apiPageType
ms.date	04/05/2024

Create eligibilityScheduleRequest

Namespace: microsoft.graph

[!INCLUDE beta-disclaimer]

Create a new privilegedAccessGroupEligibilityScheduleRequest object.

[!INCLUDE national-cloud-support]

Permissions

Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions only if your app requires it. For details about delegated and application permissions, see Permission types. To learn more about these permissions, see the permissions reference.

[!INCLUDE permissions-table]

[!INCLUDE rbac-pim-groups-apis-write-eligibilityschedulerequests]

HTTP request

POST /identityGovernance/privilegedAccess/group/eligibilityScheduleRequests

Request headers

Name	Description
Authorization	Bearer {token}. Required. Learn more about authentication and authorization.
Content-Type	application/json. Required.

Request body

In the request body, supply a JSON representation of the privilegedAccessGroupEligibilityScheduleRequest object.

You can specify the following properties when creating a privilegedAccessGroupEligibilityScheduleRequest.

Property	Type	Description
accessId	privilegedAccessGroupRelationships	The identifier of the membership or ownership eligibility relationship to the group. The possible values are: `owner`, `member`. Required.
action	String	Represents the type of operation on the group membership or ownership eligibility assignment request. The possible values are: `adminAssign`, `adminUpdate`, `adminRemove`, `selfActivate`, `selfDeactivate`, `adminExtend`, `adminRenew`. `adminAssign`: For administrators to assign group membership or ownership eligibility to principals. `adminRemove`: For administrators to remove principals from group membership or ownership eligibilities. `adminUpdate`: For administrators to change existing eligible assignments. `adminExtend`: For administrators to extend expiring eligible assignments. `adminRenew`: For administrators to renew expired eligible assignments. `selfActivate`: For principals to activate their eligible assignments. `selfDeactivate`: For principals to deactivate their eligible assignments.
groupId	String	The identifier of the group representing the scope of the membership or ownership eligibility through PIM for Groups. Required.
justification	String	A message provided by users and administrators when they create the privilegedAccessGroupAssignmentScheduleRequest object.
principalId	String	The identifier of the principal whose membership or ownership eligibility to the group is managed through PIM for Groups. Required.
scheduleInfo	requestSchedule	The period of the group membership or ownership assignment for PIM for Groups. Recurring schedules are currently unsupported. Required.
ticketInfo	ticketInfo	Ticket details linked to the group membership or ownership assignment request including details of the ticket number and ticket system. Optional.

Response

If successful, this method returns a 201 Created response code and a privilegedAccessGroupEligibilityScheduleRequest object in the response body.

Examples

Example 1: An admin creates an eligible group ownership request for a principal

The following request creates an eligibility schedule request to make a principal eligible to be a group owner. The eligible ownership expires after two hours.

Request

HTTP

POST https://graph.microsoft.com/beta/identityGovernance/privilegedAccess/group/eligibilityScheduleRequests
Content-Type: application/json

{
    "accessId": "member",
    "principalId": "3cce9d87-3986-4f19-8335-7ed075408ca2",
    "groupId": "2b5ed229-4072-478d-9504-a047ebd4b07d",
    "action": "AdminAssign",
    "scheduleInfo": {
        "startDateTime": "2023-02-06T19:25:00.000Z",
        "expiration": {
            "type": "AfterDateTime",
            "endDateTime": "2023-02-07T19:56:00.000Z"
        }
    },
    "justification": "Assign eligible request."
}

C#

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

Go

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

Java

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

JavaScript

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

PHP

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

PowerShell

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

Python

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

Response

The following example shows the response.

Note: The response object shown here might be shortened for readability.

HTTP/1.1 201 Created
Content-Type: application/json

{
    "@odata.context": "https://graph.microsoft.com/beta/$metadata#identityGovernance/privilegedAccess/group/eligibilityScheduleRequests/$entity",
    "id": "f8bd9e2d-bc15-49b1-8a9b-c571b3cf9555",
    "status": "Provisioned",
    "createdDateTime": "2023-02-07T06:57:54.1633903Z",
    "completedDateTime": "2023-02-07T06:57:55.6183972Z",
    "action": "adminAssign",
    "isValidationOnly": false,
    "justification": "Assign eligible request.",
    "principalId": "3cce9d87-3986-4f19-8335-7ed075408ca2",
    "accessId": "member",
    "groupId": "2b5ed229-4072-478d-9504-a047ebd4b07d",
    "targetScheduleId": "2b5ed229-4072-478d-9504-a047ebd4b07d_member_f8bd9e2d-bc15-49b1-8a9b-c571b3cf9555",
    "createdBy": {
        "user": {
            "id": "3cce9d87-3986-4f19-8335-7ed075408ca2"
        }
    },
    "scheduleInfo": {
        "startDateTime": "2023-02-07T06:57:55.6183972Z",
        "recurrence": null,
        "expiration": {
            "type": "afterDateTime",
            "endDateTime": "2023-02-07T19:56:00Z",
            "duration": null
        }
    }
}

Example 2: An admin extends an eligible group membership for a principal

The following request extends an existing eligibility schedule request before it expires.

Request

HTTP

POST https://graph.microsoft.com/beta/identityGovernance/privilegedAccess/group/eligibilityScheduleRequests
Content-Type: application/json

{
    "accessId": "member",
    "principalId": "3cce9d87-3986-4f19-8335-7ed075408ca2",
    "groupId": "2b5ed229-4072-478d-9504-a047ebd4b07d",
    "action": "AdminExtend",
    "scheduleInfo": {
        "startDateTime": "2023-02-06T19:25:00.000Z",
        "expiration": {
            "type": "AfterDateTime",
            "endDateTime": "2023-02-07T20:56:00.000Z"
        }
    },
    "justification": "Extend eligible request."
}

C#

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

Go

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

Java

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

JavaScript

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

PHP

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

PowerShell

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

Python

[!INCLUDE sample-code] [!INCLUDE sdk-documentation]

Response

The following example shows the response.

Note: The response object shown here might be shortened for readability.

HTTP/1.1 201 Created
Content-Type: application/json

{
    "@odata.context": "https://graph.microsoft.com/beta/$metadata#identityGovernance/privilegedAccess/group/eligibilityScheduleRequests/$entity",
    "id": "e3405b79-c0d8-4597-87b5-a84451e29224",
    "status": "Provisioned",
    "createdDateTime": "2023-02-07T07:01:25.9239454Z",
    "completedDateTime": "2023-02-07T07:01:27.3379548Z",
    "action": "adminExtend",
    "isValidationOnly": false,
    "justification": "Extend eligible request.",
    "principalId": "3cce9d87-3986-4f19-8335-7ed075408ca2",
    "accessId": "member",
    "groupId": "2b5ed229-4072-478d-9504-a047ebd4b07d",
    "targetScheduleId": "2b5ed229-4072-478d-9504-a047ebd4b07d_member_e3405b79-c0d8-4597-87b5-a84451e29224",
    "createdBy": {
        "user": {
            "id": "3cce9d87-3986-4f19-8335-7ed075408ca2"
        }
    },
    "scheduleInfo": {
        "startDateTime": "2023-02-07T07:01:27.3379548Z",
        "expiration": {
            "type": "afterDateTime",
            "endDateTime": "2023-02-07T20:56:00Z",
            "duration": null
        }
    }
}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Create eligibilityScheduleRequest

Permissions

HTTP request

Request headers

Request body

Response

Examples

Example 1: An admin creates an eligible group ownership request for a principal

Request

HTTP

C#

Go

Java

JavaScript

PHP

PowerShell

Python

Response

Example 2: An admin extends an eligible group membership for a principal

Request

HTTP

C#

Go

Java

JavaScript

PHP

PowerShell

Python

Response

FilesExpand file tree

privilegedaccessgroup-post-eligibilityschedulerequests.md

Latest commit

History

privilegedaccessgroup-post-eligibilityschedulerequests.md

File metadata and controls

Create eligibilityScheduleRequest

Permissions

HTTP request

Request headers

Request body

Response

Examples

Example 1: An admin creates an eligible group ownership request for a principal

Request

Response

Example 2: An admin extends an eligible group membership for a principal

Request

Response