| title | permissionGrantPolicy resource type |
|---|---|
| description | Specifies the conditions under which consent can be authorized. |
| ms.localizationpriority | high |
| doc_type | resourcePageType |
| ms.subservice | entra-sign-in |
| author | psignoret |
| ms.date | 05/23/2024 |
Namespace: microsoft.graph
[!INCLUDE beta-disclaimer]
A permission grant policy is used to specify the conditions under which consent can be granted.
A permission grant policy consists of a list of includes condition sets, and a list of excludes condition sets. For an event to match a permission grant policy, it must match at least one of the includes conditions sets, and none of the excludes condition sets.
For more information, see Manage app consent policies.
| Method | Return Type | Description |
|---|---|---|
| List | permissionGrantPolicy collection | Retrieve a list of permissionGrantPolicy objects. |
| Create | permissionGrantPolicy | Creates a new permissionGrantPolicy object. |
| Get | permissionGrantPolicy | Read properties and relationships of permissionGrantPolicy object. |
| Update | permissionGrantPolicy | Update permissionGrantPolicy object. |
| Include condition sets | ||
| List includes | permissionGrantConditionSet collection | Get the condition sets that are included in this permission grant policy. |
| Create in includes | permissionGrantConditionSet | Add a condition set that is included from this permission grant policy. |
| Delete from includes | None | Remove a condition set that is excluded from this permission grant policy. |
| Exclude condition sets | ||
| List excludes | permissionGrantConditionSet collection | Get the condition sets that are excluded in this permission grant policy. |
| Create in excludes | permissionGrantConditionSet | Add a condition set that is excluded from this permission grant policy. |
| Delete from excludes | None | Remove a condition set that is excluded from this permission grant policy. |
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier for the permission grant policy. The id prefix microsoft- is reserved for built-in permission grant policies, and may not be used in a custom permission grant policy. Only letters, numbers, hyphens (-) and underscores (_) are allowed. Key. Not nullable. Required on create. Immutable. |
| displayName | String | The display name for the permission grant policy. |
| description | String | The description for the permission grant policy. |
| includes | permissionGrantConditionSet collection | Condition sets that are included in this permission grant policy. Automatically expanded on GET. |
| excludes | permissionGrantConditionSet collection | Condition sets that are excluded in this permission grant policy. Automatically expanded on GET. |
| includeAllPreApprovedApplications | Boolean | Set to true to create all pre-approval policies in the tenant. Set to false to disable all pre-approval policies in the tenant. The default is false. |
| resourceScopeType | String | The resource type the pre-approval policy applies to. Possible values: team for groups and teams, chat for chats, tenant for all supported resources in the tenant. Required. |
| Relationship | Type | Description |
|---|---|---|
| includes | permissionGrantConditionSet collection | Condition sets that are included in this permission grant policy. This navigation is automatically expanded on GET. |
| excludes | permissionGrantConditionSet collection | Condition sets that are excluded in this permission grant policy. This navigation is automatically expanded on GET. |
{
"id": "string (identifier)",
"displayName": "string",
"description": "string",
"includes": "collection(microsoft.graph.permissionGrantConditionSet)",
"excludes": "collection(microsoft.graph.permissionGrantConditionSet)"
}