0
# Access Reviews
1
2
Systematic access certification and compliance management with configurable review cycles, approval workflows, and automated remediation. Access reviews enable organizations to regularly validate access permissions and maintain security compliance.
3
4
## Capabilities
5
6
### Access Review Schedule Definitions
7
8
Define and manage recurring access review processes with configurable settings, reviewers, and scope.
9
10
```python { .api }
11
def create_or_update_by_id(schedule_definition_id: str, properties: AccessReviewScheduleDefinition) -> AccessReviewScheduleDefinition:
12
"""
13
Create or update an access review schedule definition.
14
15
Parameters:
16
- schedule_definition_id: GUID for the schedule definition
17
- properties: Access review schedule definition properties
18
19
Returns:
20
AccessReviewScheduleDefinition object with created/updated definition
21
"""
22
23
def delete_by_id(schedule_definition_id: str) -> None:
24
"""
25
Delete an access review schedule definition.
26
27
Parameters:
28
- schedule_definition_id: ID of the schedule definition to delete
29
"""
30
31
def get_by_id(schedule_definition_id: str) -> AccessReviewScheduleDefinition:
32
"""
33
Get details of an access review schedule definition.
34
35
Parameters:
36
- schedule_definition_id: ID of the schedule definition
37
38
Returns:
39
AccessReviewScheduleDefinition object
40
"""
41
42
def list() -> Iterator[AccessReviewScheduleDefinition]:
43
"""
44
List all access review schedule definitions.
45
46
Returns:
47
Iterator of AccessReviewScheduleDefinition objects
48
"""
49
50
def stop(schedule_definition_id: str) -> None:
51
"""
52
Stop a running access review schedule definition.
53
54
Parameters:
55
- schedule_definition_id: ID of the schedule definition to stop
56
"""
57
```
58
59
### Access Review Instances
60
61
Manage individual instances of access reviews that are created from schedule definitions.
62
63
```python { .api }
64
def create(schedule_definition_id: str, id: str, properties: AccessReviewInstance) -> AccessReviewInstance:
65
"""
66
Create an access review instance manually.
67
68
Parameters:
69
- schedule_definition_id: ID of the parent schedule definition
70
- id: GUID for the review instance
71
- properties: Access review instance properties
72
73
Returns:
74
AccessReviewInstance object
75
"""
76
77
def get_by_id(schedule_definition_id: str, id: str) -> AccessReviewInstance:
78
"""
79
Get details of an access review instance.
80
81
Parameters:
82
- schedule_definition_id: ID of the parent schedule definition
83
- id: ID of the review instance
84
85
Returns:
86
AccessReviewInstance object
87
"""
88
89
def list(schedule_definition_id: str, filter: Optional[str] = None) -> Iterator[AccessReviewInstance]:
90
"""
91
List access review instances for a schedule definition.
92
93
Parameters:
94
- schedule_definition_id: ID of the schedule definition
95
- filter: OData filter expression (optional)
96
97
Returns:
98
Iterator of AccessReviewInstance objects
99
"""
100
101
def stop(schedule_definition_id: str, id: str) -> None:
102
"""
103
Stop an active access review instance.
104
105
Parameters:
106
- schedule_definition_id: ID of the parent schedule definition
107
- id: ID of the review instance to stop
108
"""
109
110
def reset_decisions(schedule_definition_id: str, id: str) -> None:
111
"""
112
Reset all decisions in an access review instance.
113
114
Parameters:
115
- schedule_definition_id: ID of the parent schedule definition
116
- id: ID of the review instance
117
"""
118
119
def apply_decisions(schedule_definition_id: str, id: str) -> None:
120
"""
121
Apply the decisions from a completed access review instance.
122
123
Parameters:
124
- schedule_definition_id: ID of the parent schedule definition
125
- id: ID of the review instance
126
"""
127
128
def send_reminders(schedule_definition_id: str, id: str) -> None:
129
"""
130
Send reminder notifications to reviewers.
131
132
Parameters:
133
- schedule_definition_id: ID of the parent schedule definition
134
- id: ID of the review instance
135
"""
136
```
137
138
### Access Review Instance Decisions
139
140
Manage individual decisions made by reviewers within access review instances.
141
142
```python { .api }
143
def list(schedule_definition_id: str, id: str, filter: Optional[str] = None) -> Iterator[AccessReviewDecision]:
144
"""
145
List decisions for an access review instance.
146
147
Parameters:
148
- schedule_definition_id: ID of the schedule definition
149
- id: ID of the review instance
150
- filter: OData filter expression (optional)
151
152
Returns:
153
Iterator of AccessReviewDecision objects
154
"""
155
156
def patch(schedule_definition_id: str, id: str, decision_id: str, properties: AccessReviewDecision) -> AccessReviewDecision:
157
"""
158
Update a decision in an access review instance.
159
160
Parameters:
161
- schedule_definition_id: ID of the schedule definition
162
- id: ID of the review instance
163
- decision_id: ID of the decision to update
164
- properties: Updated decision properties
165
166
Returns:
167
Updated AccessReviewDecision object
168
"""
169
```
170
171
### Access Review Instance My Decisions
172
173
Manage decisions that the current user is responsible for reviewing.
174
175
```python { .api }
176
def list(schedule_definition_id: str, id: str, filter: Optional[str] = None) -> Iterator[AccessReviewDecision]:
177
"""
178
List decisions assigned to the current user for review.
179
180
Parameters:
181
- schedule_definition_id: ID of the schedule definition
182
- id: ID of the review instance
183
- filter: OData filter expression (optional)
184
185
Returns:
186
Iterator of AccessReviewDecision objects assigned to current user
187
"""
188
189
def patch(schedule_definition_id: str, id: str, decision_id: str, properties: AccessReviewDecision) -> AccessReviewDecision:
190
"""
191
Update a decision that the current user is reviewing.
192
193
Parameters:
194
- schedule_definition_id: ID of the schedule definition
195
- id: ID of the review instance
196
- decision_id: ID of the decision to update
197
- properties: Updated decision properties
198
199
Returns:
200
Updated AccessReviewDecision object
201
"""
202
```
203
204
### Access Review Instance Contacted Reviewers
205
206
Query information about reviewers who have been contacted for an access review.
207
208
```python { .api }
209
def list(schedule_definition_id: str, id: str) -> Iterator[AccessReviewReviewer]:
210
"""
211
List reviewers who have been contacted for an access review instance.
212
213
Parameters:
214
- schedule_definition_id: ID of the schedule definition
215
- id: ID of the review instance
216
217
Returns:
218
Iterator of AccessReviewReviewer objects
219
"""
220
```
221
222
### Access Review Instances Assigned for My Approval
223
224
Query access review instances where the current user is assigned as a reviewer.
225
226
```python { .api }
227
def list(filter: Optional[str] = None) -> Iterator[AccessReviewInstance]:
228
"""
229
List access review instances assigned to the current user for approval.
230
231
Parameters:
232
- filter: OData filter expression (optional)
233
234
Returns:
235
Iterator of AccessReviewInstance objects assigned to current user
236
"""
237
```
238
239
### Access Review Schedule Definitions Assigned for My Approval
240
241
Query access review schedule definitions where the current user is assigned as a reviewer.
242
243
```python { .api }
244
def list(filter: Optional[str] = None) -> Iterator[AccessReviewScheduleDefinition]:
245
"""
246
List access review schedule definitions assigned to the current user.
247
248
Parameters:
249
- filter: OData filter expression (optional)
250
251
Returns:
252
Iterator of AccessReviewScheduleDefinition objects
253
"""
254
```
255
256
### Access Review History Definitions
257
258
Configure and manage historical data export for access reviews to support compliance reporting.
259
260
```python { .api }
261
def create(history_definition_id: str, properties: AccessReviewHistoryDefinition) -> AccessReviewHistoryDefinition:
262
"""
263
Create an access review history definition for data export.
264
265
Parameters:
266
- history_definition_id: GUID for the history definition
267
- properties: History definition properties including scope and schedule
268
269
Returns:
270
AccessReviewHistoryDefinition object
271
"""
272
273
def delete_by_id(history_definition_id: str) -> None:
274
"""
275
Delete an access review history definition.
276
277
Parameters:
278
- history_definition_id: ID of the history definition to delete
279
"""
280
281
def get_by_id(history_definition_id: str) -> AccessReviewHistoryDefinition:
282
"""
283
Get details of an access review history definition.
284
285
Parameters:
286
- history_definition_id: ID of the history definition
287
288
Returns:
289
AccessReviewHistoryDefinition object
290
"""
291
292
def list() -> Iterator[AccessReviewHistoryDefinition]:
293
"""
294
List all access review history definitions.
295
296
Returns:
297
Iterator of AccessReviewHistoryDefinition objects
298
"""
299
```
300
301
### Access Review History Definition Instances
302
303
Manage specific instances of history data exports.
304
305
```python { .api }
306
def list(definition_id: str) -> Iterator[AccessReviewHistoryInstance]:
307
"""
308
List history instances for a history definition.
309
310
Parameters:
311
- definition_id: ID of the history definition
312
313
Returns:
314
Iterator of AccessReviewHistoryInstance objects
315
"""
316
317
def generate_download_uri(definition_id: str, instance_id: str) -> AccessReviewHistoryDefinitionInstanceDownloadUri:
318
"""
319
Generate a download URI for a history instance.
320
321
Parameters:
322
- definition_id: ID of the history definition
323
- instance_id: ID of the history instance
324
325
Returns:
326
AccessReviewHistoryDefinitionInstanceDownloadUri with download link
327
"""
328
```
329
330
### Access Review Default Settings
331
332
Configure default settings that apply to new access reviews.
333
334
```python { .api }
335
def get() -> AccessReviewDefaultSettings:
336
"""
337
Get the current access review default settings.
338
339
Returns:
340
AccessReviewDefaultSettings object with current defaults
341
"""
342
343
def put(settings: AccessReviewDefaultSettings) -> AccessReviewDefaultSettings:
344
"""
345
Update access review default settings.
346
347
Parameters:
348
- settings: New default settings to apply
349
350
Returns:
351
Updated AccessReviewDefaultSettings object
352
"""
353
```
354
355
### Scope-specific Access Reviews
356
357
Manage access reviews at specific scope levels with dedicated operation groups for fine-grained control. These operations provide resource, subscription, and management group-level access review management.
358
359
#### Scope Access Review Default Settings
360
361
```python { .api }
362
def get_scope_default_settings(scope: str) -> AccessReviewDefaultSettings:
363
"""
364
Get access review default settings for a specific scope.
365
366
Parameters:
367
- scope: The scope to get default settings for (e.g., "/subscriptions/{id}")
368
369
Returns:
370
AccessReviewDefaultSettings object for the scope
371
"""
372
373
def put_scope_default_settings(scope: str, settings: AccessReviewDefaultSettings) -> AccessReviewDefaultSettings:
374
"""
375
Update access review default settings for a specific scope.
376
377
Parameters:
378
- scope: The scope to update settings for
379
- settings: New default settings to apply
380
381
Returns:
382
Updated AccessReviewDefaultSettings object
383
"""
384
```
385
386
#### Scope Access Review Schedule Definitions
387
388
```python { .api }
389
def create_scope_schedule_definition(scope: str, schedule_definition_id: str, properties: AccessReviewScheduleDefinition) -> AccessReviewScheduleDefinition:
390
"""
391
Create a scope-specific access review schedule definition.
392
393
Parameters:
394
- scope: The scope for the review definition
395
- schedule_definition_id: GUID for the schedule definition
396
- properties: Access review schedule definition properties
397
398
Returns:
399
AccessReviewScheduleDefinition object
400
"""
401
402
def delete_scope_schedule_definition(scope: str, schedule_definition_id: str) -> None:
403
"""
404
Delete a scope-specific access review schedule definition.
405
406
Parameters:
407
- scope: The scope of the schedule definition
408
- schedule_definition_id: ID of the schedule definition to delete
409
"""
410
411
def get_scope_schedule_definition(scope: str, schedule_definition_id: str) -> AccessReviewScheduleDefinition:
412
"""
413
Get a scope-specific access review schedule definition.
414
415
Parameters:
416
- scope: The scope of the schedule definition
417
- schedule_definition_id: ID of the schedule definition
418
419
Returns:
420
AccessReviewScheduleDefinition object
421
"""
422
423
def list_scope_schedule_definitions(scope: str) -> Iterator[AccessReviewScheduleDefinition]:
424
"""
425
List scope-specific access review schedule definitions.
426
427
Parameters:
428
- scope: The scope to list definitions for
429
430
Returns:
431
Iterator of AccessReviewScheduleDefinition objects
432
"""
433
```
434
435
#### Scope Access Review Instances
436
437
```python { .api }
438
def get_scope_instance(scope: str, schedule_definition_id: str, id: str) -> AccessReviewInstance:
439
"""
440
Get a scope-specific access review instance.
441
442
Parameters:
443
- scope: The scope of the review instance
444
- schedule_definition_id: ID of the parent schedule definition
445
- id: ID of the review instance
446
447
Returns:
448
AccessReviewInstance object
449
"""
450
451
def list_scope_instances(scope: str, filter: Optional[str] = None) -> Iterator[AccessReviewInstance]:
452
"""
453
List access review instances for a specific scope.
454
455
Parameters:
456
- scope: The scope to list instances for
457
- filter: OData filter expression (optional)
458
459
Returns:
460
Iterator of AccessReviewInstance objects for the scope
461
"""
462
463
def stop_scope_instance(scope: str, schedule_definition_id: str, id: str) -> None:
464
"""
465
Stop a scope-specific access review instance.
466
467
Parameters:
468
- scope: The scope of the review instance
469
- schedule_definition_id: ID of the parent schedule definition
470
- id: ID of the review instance to stop
471
"""
472
```
473
474
#### Scope Access Review Instance Decisions
475
476
```python { .api }
477
def list_scope_instance_decisions(scope: str, schedule_definition_id: str, id: str, filter: Optional[str] = None) -> Iterator[AccessReviewDecision]:
478
"""
479
List decisions for a scope-specific access review instance.
480
481
Parameters:
482
- scope: The scope of the review instance
483
- schedule_definition_id: ID of the parent schedule definition
484
- id: ID of the review instance
485
- filter: OData filter expression (optional)
486
487
Returns:
488
Iterator of AccessReviewDecision objects
489
"""
490
491
def patch_scope_instance_decision(scope: str, schedule_definition_id: str, id: str, decision_id: str, properties: AccessReviewDecision) -> AccessReviewDecision:
492
"""
493
Update a decision in a scope-specific access review instance.
494
495
Parameters:
496
- scope: The scope of the review instance
497
- schedule_definition_id: ID of the parent schedule definition
498
- id: ID of the review instance
499
- decision_id: ID of the decision to update
500
- properties: Updated decision properties
501
502
Returns:
503
Updated AccessReviewDecision object
504
"""
505
```
506
507
#### Scope Access Review Instance Contacted Reviewers
508
509
```python { .api }
510
def list_scope_contacted_reviewers(scope: str, schedule_definition_id: str, id: str) -> Iterator[AccessReviewReviewer]:
511
"""
512
List reviewers contacted for a scope-specific access review instance.
513
514
Parameters:
515
- scope: The scope of the review instance
516
- schedule_definition_id: ID of the parent schedule definition
517
- id: ID of the review instance
518
519
Returns:
520
Iterator of AccessReviewReviewer objects
521
"""
522
```
523
524
#### Scope Access Review History Definitions
525
526
```python { .api }
527
def create_scope_history_definition(scope: str, history_definition_id: str, properties: AccessReviewHistoryDefinition) -> AccessReviewHistoryDefinition:
528
"""
529
Create a scope-specific access review history definition.
530
531
Parameters:
532
- scope: The scope for the history definition
533
- history_definition_id: GUID for the history definition
534
- properties: History definition properties
535
536
Returns:
537
AccessReviewHistoryDefinition object
538
"""
539
540
def delete_scope_history_definition(scope: str, history_definition_id: str) -> None:
541
"""
542
Delete a scope-specific access review history definition.
543
544
Parameters:
545
- scope: The scope of the history definition
546
- history_definition_id: ID of the history definition to delete
547
"""
548
549
def get_scope_history_definition(scope: str, history_definition_id: str) -> AccessReviewHistoryDefinition:
550
"""
551
Get a scope-specific access review history definition.
552
553
Parameters:
554
- scope: The scope of the history definition
555
- history_definition_id: ID of the history definition
556
557
Returns:
558
AccessReviewHistoryDefinition object
559
"""
560
561
def list_scope_history_definitions(scope: str) -> Iterator[AccessReviewHistoryDefinition]:
562
"""
563
List scope-specific access review history definitions.
564
565
Parameters:
566
- scope: The scope to list definitions for
567
568
Returns:
569
Iterator of AccessReviewHistoryDefinition objects
570
"""
571
```
572
573
#### Scope Access Review History Definition Instance
574
575
```python { .api }
576
def generate_scope_history_download_uri(scope: str, history_definition_id: str, instance_id: str) -> AccessReviewHistoryDefinitionInstanceDownloadUri:
577
"""
578
Generate a download URI for a scope-specific history instance.
579
580
Parameters:
581
- scope: The scope of the history definition
582
- history_definition_id: ID of the history definition
583
- instance_id: ID of the history instance
584
585
Returns:
586
AccessReviewHistoryDefinitionInstanceDownloadUri with download link
587
"""
588
```
589
590
#### Scope Access Review History Definition Instances
591
592
```python { .api }
593
def list_scope_history_instances(scope: str, history_definition_id: str) -> Iterator[AccessReviewHistoryInstance]:
594
"""
595
List history instances for a scope-specific history definition.
596
597
Parameters:
598
- scope: The scope of the history definition
599
- history_definition_id: ID of the history definition
600
601
Returns:
602
Iterator of AccessReviewHistoryInstance objects
603
"""
604
```
605
606
### Tenant-level Access Reviews
607
608
Manage tenant-wide access reviews and reviewer operations at the organizational level.
609
610
```python { .api }
611
def list_tenant_contacted_reviewers(schedule_definition_id: str, id: str) -> Iterator[AccessReviewReviewer]:
612
"""
613
List reviewers contacted for a tenant-level access review instance.
614
615
Parameters:
616
- schedule_definition_id: ID of the schedule definition
617
- id: ID of the review instance
618
619
Returns:
620
Iterator of AccessReviewReviewer objects for tenant-level reviews
621
"""
622
```
623
624
## Usage Examples
625
626
### Creating a Recurring Access Review
627
628
```python
629
from azure.mgmt.authorization.models import AccessReviewScheduleDefinition
630
from datetime import datetime, timedelta
631
632
# Create a monthly access review for a resource group
633
review_definition = AccessReviewScheduleDefinition(
634
display_name="Monthly Resource Group Access Review",
635
description="Review access to production resource group monthly",
636
settings={
637
"instance_duration_in_days": 7,
638
"recurrence": {
639
"pattern": {
640
"type": "absoluteMonthly",
641
"interval": 1,
642
"month": 0,
643
"day_of_month": 1
644
},
645
"range": {
646
"type": "numbered",
647
"number_of_occurrences": 12,
648
"start_date": datetime.utcnow().isoformat()
649
}
650
},
651
"default_decision": "Deny",
652
"default_decision_enabled": True,
653
"justification_required_on_approval": True,
654
"mail_notifications_enabled": True,
655
"reminder_notifications_enabled": True,
656
"auto_apply_decisions_enabled": True
657
},
658
reviewers=[{
659
"principal_id": "reviewer-object-id",
660
"principal_type": "User"
661
}],
662
scope={
663
"resource_id": "/subscriptions/sub-id/resourceGroups/prod-rg",
664
"role_definition_id": "/subscriptions/sub-id/providers/Microsoft.Authorization/roleDefinitions/role-id"
665
}
666
)
667
668
# Create the review definition
669
created_review = client.access_review_schedule_definitions.create_or_update_by_id(
670
schedule_definition_id="review-definition-guid",
671
properties=review_definition
672
)
673
```
674
675
### Making Access Review Decisions
676
677
```python
678
from azure.mgmt.authorization.models import AccessReviewDecision
679
680
# Approve access with justification
681
decision_update = AccessReviewDecision(
682
decision="Approve",
683
justification="User still requires access for their current role responsibilities"
684
)
685
686
# Update the decision
687
updated_decision = client.access_review_instance_decisions.patch(
688
schedule_definition_id="review-definition-id",
689
id="review-instance-id",
690
decision_id="decision-id",
691
properties=decision_update
692
)
693
694
# Deny access with justification
695
deny_decision = AccessReviewDecision(
696
decision="Deny",
697
justification="User has changed roles and no longer needs this access"
698
)
699
700
denied_decision = client.access_review_instance_decisions.patch(
701
schedule_definition_id="review-definition-id",
702
id="review-instance-id",
703
decision_id="another-decision-id",
704
properties=deny_decision
705
)
706
```
707
708
### Configuring Review History Export
709
710
```python
711
from azure.mgmt.authorization.models import AccessReviewHistoryDefinition
712
713
# Create history definition for compliance reporting
714
history_definition = AccessReviewHistoryDefinition(
715
display_name="Quarterly Compliance Report",
716
review_history_period_start_date_time=datetime.utcnow() - timedelta(days=90),
717
review_history_period_end_date_time=datetime.utcnow(),
718
decisions=["Approve", "Deny", "NotReviewed"],
719
status="Requested",
720
settings={
721
"range": {
722
"type": "numbered",
723
"number_of_occurrences": 4,
724
"start_date": datetime.utcnow().isoformat()
725
},
726
"pattern": {
727
"type": "absoluteMonthly",
728
"interval": 3,
729
"day_of_month": 1
730
}
731
}
732
)
733
734
# Create the history definition
735
history_export = client.access_review_history_definitions.create(
736
history_definition_id="history-guid",
737
properties=history_definition
738
)
739
```
740
741
### Managing Review Instances
742
743
```python
744
# List active review instances for a definition
745
active_reviews = client.access_review_instances.list(
746
schedule_definition_id="review-definition-id",
747
filter="status eq 'InProgress'"
748
)
749
750
for review in active_reviews:
751
print(f"Review: {review.display_name}")
752
print(f"Status: {review.status}")
753
print(f"End Date: {review.end_date_time}")
754
755
# Send reminders to reviewers
756
client.access_review_instances.send_reminders(
757
schedule_definition_id="review-definition-id",
758
id=review.name
759
)
760
761
# Apply decisions for completed reviews
762
completed_reviews = client.access_review_instances.list(
763
schedule_definition_id="review-definition-id",
764
filter="status eq 'Completed'"
765
)
766
767
for review in completed_reviews:
768
client.access_review_instances.apply_decisions(
769
schedule_definition_id="review-definition-id",
770
id=review.name
771
)
772
```
773
774
## Types
775
776
### Access Review Definition Types
777
778
```python { .api }
779
class AccessReviewScheduleSettings:
780
instance_duration_in_days: Optional[int]
781
recurrence: Optional[AccessReviewRecurrenceSettings]
782
default_decision: Optional[str]
783
default_decision_enabled: Optional[bool]
784
justification_required_on_approval: Optional[bool]
785
mail_notifications_enabled: Optional[bool]
786
reminder_notifications_enabled: Optional[bool]
787
auto_apply_decisions_enabled: Optional[bool]
788
recommendations_enabled: Optional[bool]
789
790
class AccessReviewRecurrenceSettings:
791
pattern: Optional[AccessReviewRecurrencePattern]
792
range: Optional[AccessReviewRecurrenceRange]
793
794
class AccessReviewRecurrencePattern:
795
type: Optional[str] # "weekly", "absoluteMonthly", etc.
796
interval: Optional[int]
797
month: Optional[int]
798
day_of_month: Optional[int]
799
800
class AccessReviewRecurrenceRange:
801
type: Optional[str] # "endDate", "noEnd", "numbered"
802
number_of_occurrences: Optional[int]
803
start_date: Optional[str]
804
end_date: Optional[str]
805
806
class AccessReviewReviewer:
807
principal_id: Optional[str]
808
principal_type: Optional[str]
809
810
class AccessReviewScope:
811
resource_id: Optional[str]
812
role_definition_id: Optional[str]
813
principal_type: Optional[str]
814
assignment_state: Optional[str]
815
inactive_duration: Optional[str]
816
```
817
818
### Access Review Instance Types
819
820
```python { .api }
821
class AccessReviewInstanceProperties:
822
status: Optional[str]
823
start_date_time: Optional[datetime]
824
end_date_time: Optional[datetime]
825
reviewers: Optional[List[AccessReviewReviewer]]
826
backup_reviewers: Optional[List[AccessReviewReviewer]]
827
reviewers_type: Optional[str]
828
829
class AccessReviewDecisionPrincipal:
830
id: Optional[str]
831
display_name: Optional[str]
832
type: Optional[str]
833
principal_name: Optional[str]
834
835
class AccessReviewDecisionTarget:
836
id: Optional[str]
837
display_name: Optional[str]
838
type: Optional[str]
839
principal_name: Optional[str]
840
```
841
842
### Access Review History Types
843
844
```python { .api }
845
class AccessReviewHistoryDefinitionProperties:
846
display_name: Optional[str]
847
review_history_period_start_date_time: Optional[datetime]
848
review_history_period_end_date_time: Optional[datetime]
849
decisions: Optional[List[str]]
850
status: Optional[str]
851
created_date_time: Optional[datetime]
852
reviewed_date_time: Optional[datetime]
853
settings: Optional[AccessReviewHistoryScheduleSettings]
854
scopes: Optional[List[AccessReviewScope]]
855
856
class AccessReviewHistoryInstance:
857
id: Optional[str]
858
name: Optional[str]
859
display_name: Optional[str]
860
status: Optional[str]
861
reviewed_date_time: Optional[datetime]
862
download_uri: Optional[str]
863
expiration: Optional[datetime]
864
865
class AccessReviewHistoryDefinitionInstanceDownloadUri:
866
uri: Optional[str]
867
868
class AccessReviewDefaultSettings:
869
mail_notifications_enabled: Optional[bool]
870
reminder_notifications_enabled: Optional[bool]
871
justification_required_on_approval: Optional[bool]
872
default_decision_enabled: Optional[bool]
873
default_decision: Optional[str]
874
instance_duration_in_days: Optional[int]
875
auto_apply_decisions_enabled: Optional[bool]
876
recommendations_enabled: Optional[bool]
877
```
878
879
## Constants
880
881
### Access Review Results
882
883
```python { .api }
884
class AccessReviewResult:
885
APPROVE = "Approve"
886
DENY = "Deny"
887
NOT_REVIEWED = "NotReviewed"
888
DONT_KNOW = "DontKnow"
889
890
class DefaultDecisionType:
891
APPROVE = "Approve"
892
DENY = "Deny"
893
RECOMMENDATION = "Recommendation"
894
895
class AccessReviewInstanceStatus:
896
NOT_STARTED = "NotStarted"
897
IN_PROGRESS = "InProgress"
898
COMPLETED = "Completed"
899
APPLIED = "Applied"
900
INITIALIZING = "Initializing"
901
APPLYING = "Applying"
902
COMPLETING = "Completing"
903
SCHEDULED = "Scheduled"
904
AUTO_REVIEWING = "AutoReviewing"
905
AUTO_REVIEWED = "AutoReviewed"
906
STARTING = "Starting"
907
```
908
909
### Access Review Recurrence Types
910
911
```python { .api }
912
class AccessReviewRecurrencePatternType:
913
WEEKLY = "weekly"
914
ABSOLUTE_MONTHLY = "absoluteMonthly"
915
916
class AccessReviewRecurrenceRangeType:
917
END_DATE = "endDate"
918
NO_END = "noEnd"
919
NUMBERED = "numbered"
920
921
class ReviewersType:
922
ASSIGNED = "Assigned"
923
SELF = "Self"
924
MANAGERS = "Managers"
925
```
926
927
### Access Review History Status
928
929
```python { .api }
930
class AccessReviewHistoryStatus:
931
REQUESTED = "Requested"
932
IN_PROGRESS = "InProgress"
933
COMPLETED = "Completed"
934
ERROR = "Error"
935
```
936
937
## Error Handling
938
939
Common access review exceptions:
940
941
- **BadRequestError**: Invalid review configuration or malformed request
942
- **ForbiddenError**: Insufficient permissions to create or manage reviews
943
- **ResourceNotFoundError**: Review definition or instance not found
944
- **ConflictError**: Review already exists or conflicting operation
945
946
```python
947
from azure.core.exceptions import BadRequestError, ResourceNotFoundError
948
949
try:
950
review_instance = client.access_review_instances.get_by_id(
951
schedule_definition_id, instance_id
952
)
953
except ResourceNotFoundError:
954
print("Access review instance not found")
955
except BadRequestError as e:
956
print(f"Invalid request: {e.message}")
957
```