permissionGrantPolicy resource type
Namespace: microsoft.graph
Important
APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.
A permission grant policy is used to specify the conditions under which consent can be granted.
A permission grant policy consists of a list of includes condition sets, and a list of excludes condition sets. For an event to match a permission grant policy, it must match at least one of the includes conditions sets, and none of the excludes condition sets.
For more information, see Manage app consent policies.
Methods
| Method | Return Type | Description |
|---|---|---|
| List | permissionGrantPolicy collection | Retrieve a list of permissionGrantPolicy objects. |
| Create | permissionGrantPolicy | Creates a new permissionGrantPolicy object. |
| Get | permissionGrantPolicy | Read properties and relationships of permissionGrantPolicy object. |
| Update | permissionGrantPolicy | Update permissionGrantPolicy object. |
| Include condition sets | ||
| List includes | permissionGrantConditionSet collection | Get the condition sets that are included in this permission grant policy. |
| Create in includes | permissionGrantConditionSet | Add a condition set that is included from this permission grant policy. |
| Delete from includes | None | Remove a condition set that is excluded from this permission grant policy. |
| Exclude condition sets | ||
| List excludes | permissionGrantConditionSet collection | Get the condition sets that are excluded in this permission grant policy. |
| Create in excludes | permissionGrantConditionSet | Add a condition set that is excluded from this permission grant policy. |
| Delete from excludes | None | Remove a condition set that is excluded from this permission grant policy. |
Properties
| Property | Type | Description |
|---|---|---|
| id | String | The unique identifier for the permission grant policy. The id prefix microsoft- is reserved for built-in permission grant policies, and may not be used in a custom permission grant policy. Only letters, numbers, hyphens (-) and underscores (_) are allowed. Key. Not nullable. Required on create. Immutable. |
| displayName | String | The display name for the permission grant policy. |
| description | String | The description for the permission grant policy. |
| includes | permissionGrantConditionSet collection | Condition sets that are included in this permission grant policy. Automatically expanded on GET. |
| excludes | permissionGrantConditionSet collection | Condition sets that are excluded in this permission grant policy. Automatically expanded on GET. |
| includeAllPreApprovedApplications | Boolean | Set to true to create all pre-approval policies in the tenant. Set to false to disable all pre-approval policies in the tenant. The default is false. |
| resourceScopeType | String | The resource type the pre-approval policy applies to. Possible values: team for groups and teams, chat for chats, tenant for all supported resources in the tenant. Required. |
Relationships
| Relationship | Type | Description |
|---|---|---|
| includes | permissionGrantConditionSet collection | Condition sets that are included in this permission grant policy. This navigation is automatically expanded on GET. |
| excludes | permissionGrantConditionSet collection | Condition sets that are excluded in this permission grant policy. This navigation is automatically expanded on GET. |
JSON representation
{
"id": "string (identifier)",
"displayName": "string",
"description": "string",
"includes": "collection(microsoft.graph.permissionGrantConditionSet)",
"excludes": "collection(microsoft.graph.permissionGrantConditionSet)"
}