-
Notifications
You must be signed in to change notification settings - Fork 308
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New command: 'm365 entra pim role request list' - Retrieves a list of PIM requests for roles #5781
Comments
Since this is a list command, which properties are we going to display by default? Also, do we need to do any additional work to handle the nested objects in non-JSON outputs? |
Compared to similar ones, looks good. I will take it once is reviewed by other maintainers |
Any comments before we open this up @pnp/cli-for-microsoft-365-maintainers? |
Looks good to me! I'll assign you @MartinM85. |
@martinlingstuyl Do you want to allow filtering by scheduleInfo/startDateTime or createdDateTime? What about an option https://learn.microsoft.com/en-us/graph/api/resources/request?view=graph-rest-1.0 But the option status can be added later. |
Good question.. I now see that its not at alle clear... I think it's more logical to be able to filter from the creation of the request. What about you? Let's rename the option to createdDateTime!
I really like this one, yes... You need to be able to filter requests that have not been approved yet. I'll add it to the specs. Can you review? |
I've updated the specs. We'll need a clear example though, to show how to list requests that need approval. Or something like that. |
I would also prefer createdDateTime. Spec looks good now. I will add clear examples into the doc |
An important part of the PIM space is checking if you've already requested a roleassignment request and if that request has been approved. We need to have a command to list pim requests.
I've not added the roleassignment noun here on purpose, as the request list can encompass requests for multiple types of requests.
Usage
m365 entra pim role request list [options]
Description
Retrieves a list of PIM requests for roles.
Options
--userId [userId]
userId
,userName
,groupId
orgroupName
. If not specified, all requests will be listed.--userName [userName]
userId
,userName
,groupId
orgroupName
. If not specified, all requests will be listed.--groupId [groupId]
userId
,userName
,groupId
orgroupName
. If not specified, all requests will be listed.--groupName [groupName]
userId
,userName
,groupId
orgroupName
. If not specified, all requests will be listed.-c, --createdDateTime [createdDateTime]
-s, --status [status]
Canceled
,Denied
,Failed
,Granted
,PendingAdminDecision
,PendingApproval
,PendingProvisioning
,PendingScheduleCreation
,Provisioned
,Revoked
, andScheduleCreated
.--includePrincipalDetails
Examples
Get a list of all PIM requests for roles.
Get a list of PIM requests for the current user.
m365 entra pim role request list --userId '@meID'
Get a list of PIM requests for a specified user since the first of January 2024
m365 entra pim role request list --userName 'admin-john@contoso.com' --startDateTime 2024-01-01T00:00:00Z
Get a list of PIM requests with principal details
Response
Response with details of the principal
The
roleDefinitionName
property will need to be added to the objects, based on the expanded propertyroleDefinition
.Default properties
From the response output in text mode we'll show
id
,roleDefinitionName
andprincipalId
Additional information
Needs Entra permission scopes "RoleAssignmentSchedule.ReadWrite.Directory" and/or "RoleManagement.Read.Directory" OR "Directory.ReadWrite.All" which we already may have. (I'm using ReadWrite, as we're also writing in other subcommands of pim.)
https://learn.microsoft.com/en-us/graph/api/rbacapplication-list-roleassignmentschedulerequests?view=graph-rest-1.0&tabs=http
The text was updated successfully, but these errors were encountered: