EntitlementManagement.Read.All
Allows the app to read access packages and related entitlement management resources without a signed-in user.
Permission Details
Read all entitlement management resources
Allows the app to read access packages and related entitlement management resources without a signed-in user.
c74fd47d-ed3c-45c3-9a9e-b8676de685d2
Read all entitlement management resources
Allows the app to read access packages and related entitlement management resources on behalf of the signed-in user.
5449aa12-1393-4ea2-a7c7-d0e06c1a56b2
Properties
Properties is shown from stable Microsoft Graph v1.0 metadata.
| Property | Type | Description |
|---|---|---|
id |
String |
This value indicates the resource is a singleton. Read-only. Inherited from entity. |
accessPackageAssignmentApprovals |
approval collection |
Approval stages for decisions associated with access package assignment requests. |
accessPackages |
accessPackage collection |
Access packages define the collection of resource roles and the policies for which subjects can request or be assigned access to those resources. |
accessPackageSuggestions |
accessPackageSuggestion collection |
Suggested access packages for end users based on various criteria such as related people insights and assignment history. |
assignmentPolicies |
accessPackageAssignmentPolicy collection |
Access package assignment policies govern which subjects can request or be assigned an access package via an access package assignment. |
assignmentRequests |
accessPackageAssignmentRequest collection |
Access package assignment requests created by or on behalf of a subject. |
assignments |
accessPackageAssignment collection |
The assignment of an access package to a subject for a period of time. |
availableAccessPackages |
availableAccessPackage collection |
Access packages available for end users to browse and request. |
catalogs |
accessPackageCatalog collection |
A container for access packages. |
connectedOrganizations |
connectedOrganization collection |
References to a directory or domain of another organization whose users can request access. |
controlConfigurations |
controlConfiguration collection |
Configuration settings that control the lifecycle and access policies of entitlement management within a tenant. |
resourceEnvironments |
accessPackageResourceEnvironment collection |
A reference to the geolocation environments in which a resource is located. |
resourceRequests |
accessPackageResourceRequest collection |
Represents a request to add or remove a resource to or from a catalog respectively. |
resourceRoleScopes |
accessPackageResourceRoleScope collection |
|
resources |
accessPackageResource collection |
The resources associated with the catalogs. |
Showing 15 of 17 properties.
JSON Representation
JSON representation is shown from stable Microsoft Graph v1.0 metadata.
{
"@odata.type": "#microsoft.graph.entitlementManagement",
"id": "String (identifier)"
}
Relationships
Relationships is shown from stable Microsoft Graph v1.0 metadata.
| Relationship | Type | Description |
|---|---|---|
accessPackageAssignmentApprovals |
approval collection |
Approval stages for decisions associated with access package assignment requests. |
accessPackages |
accessPackage collection |
Access packages define the collection of resource roles and the policies for which subjects can request or be assigned access to those resources. |
accessPackageSuggestions |
accessPackageSuggestion collection |
Suggested access packages for end users based on various criteria such as related people insights and assignment history. |
availableAccessPackages |
availableAccessPackage collection |
Access packages available for end users to browse and request. |
assignmentPolicies |
accessPackageAssignmentPolicy collection |
Access package assignment policies govern which subjects can request or be assigned an access package via an access package assignment. |
assignmentRequests |
accessPackageAssignmentRequest collection |
Access package assignment requests created by or on behalf of a subject. |
assignments |
accessPackageAssignment collection |
The assignment of an access package to a subject for a period of time. |
catalogs |
accessPackageCatalog collection |
A container for access packages. |
connectedOrganizations |
connectedOrganization collection |
References to a directory or domain of another organization whose users can request access. |
controlConfigurations |
controlConfiguration collection |
Configuration settings that control the lifecycle and access policies of entitlement management within a tenant. |
resourceEnvironments |
accessPackageResourceEnvironment collection |
A reference to the geolocation environments in which a resource is located. |
resourceRequests |
accessPackageResourceRequest collection |
Represents a request to add or remove a resource to or from a catalog respectively. |
resources |
accessPackageResource collection |
The resources associated with the catalogs. |
settings |
entitlementManagementSettings |
The settings that control the behavior of Microsoft Entra entitlement management. |
resourceRoleScopes |
accessPackageResourceRoleScope collection |
Related resourceRoleScopes data exposed by this resource. |
subjects |
accessPackageSubject collection |
Related subjects data exposed by this resource. |
accessPackageAssignmentPolicies |
accessPackageAssignmentPolicy collection |
Represents the policy that governs which subjects can request or be assigned an access package via an access package assignment. |
accessPackageAssignmentRequests |
accessPackageAssignmentRequest collection |
Represents access package assignment requests created by or on behalf of a user. DO NOT USE. TO BE RETIRED SOON. Use the assignmentRequests relationship instead. |
accessPackageAssignmentResourceRoles |
accessPackageAssignmentResourceRole collection |
Represents the resource-specific role which a subject has been assigned through an access package assignment. |
accessPackageAssignments |
accessPackageAssignment collection |
The assignment of an access package to a subject for a period of time. |
accessPackageCatalogs |
accessPackageCatalog collection |
A container of access packages. |
Graph Methods
Microsoft Graph v1.0 endpoints are mapped directly from refreshed Microsoft Learn permissions tables.
Microsoft Graph beta endpoints are mapped directly from refreshed Microsoft Learn permissions tables.
Microsoft Graph PowerShell v1.0 commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.
Microsoft Graph PowerShell beta commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.
Code Examples
// Code snippets are only available for the latest version. Current version is 5.x
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.EntitlementManagement.Assignments.AdditionalAccessWithAccessPackageIdWithIncompatibleAccessPackageId("{accessPackageId}","{incompatibleAccessPackageId}").GetAsAdditionalAccessWithAccessPackageIdWithIncompatibleAccessPackageIdGetResponseAsync((requestConfiguration) =>
{
requestConfiguration.QueryParameters.Expand = new string []{ "target" };
});
const options = {
authProvider,
};
const client = Client.init(options);
let additionalAccess = await client.api('/identityGovernance/entitlementManagement/assignments/additionalAccess(accessPackageId='2506aef1-3929-4d24-a61e-7c8b83d95e6f',incompatibleAccessPackageId='d5d99728-8c0b-4ede-83d2-cf9b0e8dabfb')')
.expand('target')
.get();
Import-Module Microsoft.Graph.Identity.Governance
Get-MgEntitlementManagementAccessPackage -AccessPackageId $accessPackageId
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.identity_governance.entitlement_management.assignments.additional_access(access_package_id='{access_package_id}',incompatible_access_package_id='{incompatible_access_package_id}').additional_access_with_access_package_id_with_incompatible_access_package_id_request_builder import AdditionalAccessWithAccessPackageIdWithIncompatibleAccessPackageIdRequestBuilder
from kiota_abstractions.base_request_configuration import RequestConfiguration
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
query_params = AdditionalAccessWithAccessPackageIdWithIncompatibleAccessPackageIdRequestBuilder.AdditionalAccessWithAccessPackageIdWithIncompatibleAccessPackageIdRequestBuilderGetQueryParameters(
expand = ["target"],
)
request_configuration = RequestConfiguration(
query_parameters = query_params,
)
result = await graph_client.identity_governance.entitlement_management.assignments.additional_access_with_access_package_id_with_incompatible_access_package_id("{accessPackageId}","{incompatibleAccessPackageId}").get(request_configuration = request_configuration)
App Registration
Navigate to Azure Portal
Go to App registrations in Microsoft Entra admin center
Add API Permission
Select your app → API permissions → Add a permission → Microsoft Graph
Select Permission Type
Choose Application permissions or delegated permissions and search for EntitlementManagement.Read.All
Grant Admin Consent
Application permissions always require admin consent.