ESC
Type to search...
Navigate Open ESC Close

AccessReview.ReadWrite.Membership

Export JSON
Export CSV
Copy URL
Print
ApplicationDelegated Read/Write User Scope

Allows the app to read, update, delete and perform actions on access reviews, reviewers, decisions and settings in the organization for group and app memberships, without a signed-in user.

Permission data: April 6, 2026 at 4:06 AM UTC
Delegated Access App-Only Access

Permission Details

Application Permission

Manage access reviews for group and app memberships

Allows the app to read, update, delete and perform actions on access reviews, reviewers, decisions and settings in the organization for group and app memberships, without a signed-in user.

Permission ID: 18228521-a591-40f1-b215-5fad4488c117
Delegated Permission Admin consent required

Manage access reviews for group and app memberships

Allows the app to read, update, delete and perform actions on access reviews, reviewers, decisions and settings for group and app memberships that the signed-in user has access to in the organization.

User sees: Allows the app to read, update and perform action on access reviews, reviewers, decisions and settings that you have access to.
Permission ID: 5af8c3f5-baca-439a-97b0-ea58a435e269

Properties

Microsoft Graph beta exact-category-docs

Properties is shown from beta metadata because a stable v1.0 schema is not available for this resource mapping.

Property Type Description
id String The feature-assigned unique identifier of an access review.
displayName String The access review name. Required on create.
startDateTime DateTimeOffset The date and time when the review is scheduled to be start. This date can be in the future. Required on create.
endDateTime DateTimeOffset The DateTime when the review is scheduled to end. This must be at least one day later than the start date. Required on create.
status StringNullable This read-only field specifies the status of an accessReview. The typical states include Initializing, NotStarted, Starting,InProgress, Completing, Completed, AutoReviewing, and AutoReviewed.
description StringNullable The description provided by the access review creator, to show to the reviewers.
businessFlowTemplateId String The business flow template identifier. Required on create. This value is case sensitive.
reviewerType StringNullable The relationship type of reviewer to the target object, one of: self, delegated, entityOwners. Required on create.
createdBy userIdentity The user who created this review.
reviewedEntity identity The object for which the access review is reviewing the access rights assignments. This identity can be the group for the review of memberships of users in a group, or the app for a review of assignments of users to an application. Required on create.
settings accessReviewSettings The settings of an accessReview, see type definition below.
decisions accessReviewDecision collection The collection of decisions for this access review.
instances accessReview collection The collection of access reviews instances past, present, and future, if this object is a recurring access review.
myDecisions accessReviewDecision collection The collection of decisions for the caller, if the caller is a reviewer.
reviewers accessReviewReviewer collection The collection of reviewers for an access review, if access review reviewerType is of type delegated.

JSON Representation

Microsoft Graph beta exact-category-docs

JSON representation is shown from beta metadata because a stable v1.0 schema is not available for this resource mapping.

JSON representation 
{
  "id": "string (identifier)",
  "displayName": "string",
  "startDateTime": "string (timestamp)",
  "endDateTime": "string (timestamp)",
  "status": "string",
  "description": "string",
  "businessFlowTemplateId": "string (identifier)",
  "reviewerType": "string",
  "createdBy": {
    "@odata.type": "microsoft.graph.userIdentity"
  },
  "reviewedEntity": {
    "@odata.type": "microsoft.graph.identity"
  },
  "settings": {
    "@odata.type": "microsoft.graph.accessReviewSettings"
  },
  "reviewers": [
    {
      "@odata.type": "microsoft.graph.userIdentity"
    }
  ]
}

Relationships

Microsoft Graph beta exact-category-docs

Relationships is shown from beta metadata because a stable v1.0 schema is not available for this resource mapping.

Relationship Type Description
reviewers userIdentity collection The collection of reviewers for an access review, if access review reviewerType is of type delegated.
decisions accessReviewDecision collection The collection of decisions for this access review.
myDecisions accessReviewDecision collection The collection of decisions for the caller, if the caller is a reviewer.
instances accessReview collection The collection of access reviews instances past, present, and future, if this object is a recurring access review.

Graph Methods

Delegated access App-only access
Exact Microsoft Learn match

Microsoft Graph v1.0 endpoints are mapped directly from refreshed Microsoft Learn permissions tables.

No API methods available for this version.

Exact Microsoft Learn match

Microsoft Graph beta endpoints are mapped directly from refreshed Microsoft Learn permissions tables.

Methods
GET /accessReviews?$filter=businessFlowTemplateId eq {businessFlowTemplate-id}&$top={pagesize}&$skip=0
GET /accessReviews/{reviewId}
GET /accessReviews/{reviewId}/decisions
GET /accessReviews/{reviewId}/myDecisions
GET /accessReviews/{reviewId}/reviewers
POST /accessReviews
POST /accessReviews/{reviewId}/applyDecisions
POST /accessReviews/{reviewId}/resetDecisions
POST /accessReviews/{reviewId}/reviewers
POST /accessReviews/{reviewId}/sendReminder
POST /accessReviews/{reviewId}/stop
PATCH /accessReviews/{reviewId}
DELETE /accessReviews/{reviewId}
DELETE /accessReviews/{reviewId}/reviewers/{userId}
Exact Microsoft Learn PowerShell match

Microsoft Graph PowerShell v1.0 commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.

No deterministic PowerShell command map is available for this permission.

Browse PowerShell docs
Exact Microsoft Learn PowerShell match

Microsoft Graph PowerShell beta commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.

Commands
Add-MgBetaAccessReviewDecision /accessReviews/{reviewId}/applyDecisions
Apply accessReview (deprecated)
Get-MgBetaAccessReview /accessReviews?$filter=businessFlowTemplateId eq {businessFlowTemplate-id}&$top={pagesize}&$skip=0
List accessReviews (deprecated)
Get-MgBetaAccessReview /accessReviews/{reviewId}
Get accessReview (deprecated)
Get-MgBetaAccessReviewDecision /accessReviews/{reviewId}/decisions
List accessReview decisions (deprecated)
Get-MgBetaAccessReviewMyDecision /accessReviews/{reviewId}/myDecisions
List my accessReview decisions (deprecated)
Get-MgBetaAccessReviewReviewer /accessReviews/{reviewId}/reviewers
List accessReview reviewers (deprecated)
New-MgBetaAccessReview /accessReviews
Create accessReview (deprecated)
New-MgBetaAccessReviewReviewer /accessReviews/{reviewId}/reviewers
Add accessReview reviewer (deprecated)
Remove-MgBetaAccessReview /accessReviews/{reviewId}
Delete accessReview (deprecated)
Remove-MgBetaAccessReviewReviewer /accessReviews/{reviewId}/reviewers/{userId}
Remove accessReview reviewer (deprecated)
Update-MgBetaAccessReview /accessReviews/{reviewId}
Update accessReview (deprecated)

Code Examples

C# / .NET SDK
Add accessReview reviewer (deprecated)
View official example on Microsoft Learn
// Code snippets are only available for the latest version. Current version is 5.x

// Dependencies
using Microsoft.Graph.Beta.Models;

var requestBody = new AccessReviewReviewer
{
	Id = "006111db-0810-4494-a6df-904d368bd81b",
};

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.AccessReviews["{accessReview-id}"].Reviewers.PostAsync(requestBody);
JavaScript
Add accessReview reviewer (deprecated)
View official example on Microsoft Learn
const options = {
	authProvider,
};

const client = Client.init(options);

const accessReviewReviewer = {
    id: '006111db-0810-4494-a6df-904d368bd81b'
};

await client.api('/accessReviews/2b83cc42-09db-46f6-8c6e-16fec466a82d/reviewers')
	.version('beta')
	.post(accessReviewReviewer);
PowerShell
Add accessReview reviewer (deprecated)
View official example on Microsoft Learn
Import-Module Microsoft.Graph.Beta.Identity.Governance

$params = @{
	id = "006111db-0810-4494-a6df-904d368bd81b"
}

New-MgBetaAccessReviewReviewer -AccessReviewId $accessReviewId -BodyParameter $params
Python
Add accessReview reviewer (deprecated)
View official example on Microsoft Learn
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.access_review_reviewer import AccessReviewReviewer
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = AccessReviewReviewer(
	id = "006111db-0810-4494-a6df-904d368bd81b",
)

result = await graph_client.access_reviews.by_access_review_id('accessReview-id').reviewers.post(request_body)

App Registration

1

Navigate to Azure Portal

Go to App registrations in Microsoft Entra admin center

2

Add API Permission

Select your app → API permissions → Add a permission → Microsoft Graph

3

Select Permission Type

Choose Application permissions or delegated permissions and search for AccessReview.ReadWrite.Membership

4

Grant Admin Consent

Application permissions always require admin consent.