Skip to content

Add EntitlementMgmt-SubjectAccess.ReadWrite tip boxes to entitlement management APIs#9935

Closed
simoolchandaney wants to merge 5 commits into
microsoftgraph:mainfrom
simoolchandaney:simranm/add-subject-access-rbac-tips
Closed

Add EntitlementMgmt-SubjectAccess.ReadWrite tip boxes to entitlement management APIs#9935
simoolchandaney wants to merge 5 commits into
microsoftgraph:mainfrom
simoolchandaney:simranm/add-subject-access-rbac-tips

Conversation

@simoolchandaney

@simoolchandaney simoolchandaney commented Jun 10, 2026

Copy link
Copy Markdown
Contributor

Adds new RBAC tip boxes documenting \EntitlementMgmt-SubjectAccess.ReadWrite\ permission behavior to three entitlement management API docs (both v1.0 and beta):

  • entitlementmanagement-post-assignmentrequests — signed-in user doesn't need an admin role; non-user request types (e.g., \�dminAdd) are blocked
  • accesspackageassignmentrequest-cancel — signed-in user doesn't need an admin role; callers can only cancel user-type requests
  • accesspackage-getapplicablepolicyrequirements — signed-in user doesn't need an admin role; \�dminAdd\ request types are blocked

New include files were created to avoid impacting other pages that reference the original RBAC includes.

Add EntitlementMgmt-SubjectAccess.ReadWrite tip boxes to entitlement …
e05bd4c 
…management APIs

- Create new RBAC include for post-assignmentrequests with subject access restriction
- Create new RBAC include for cancel with subject access restriction
- Create new RBAC tip box for getApplicablePolicyRequirements
- All include files created for both v1.0 and beta
- Updated API docs to reference new include files

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@simoolchandaney simoolchandaney force-pushed the simranm/add-subject-access-rbac-tips branch from 0dfac9e to e05bd4c Compare June 10, 2026 22:03
@learn-build-service-prod

learn-build-service-prod Bot commented Jun 11, 2026

Copy link
Copy Markdown
Contributor

Learn Build status updates of commit 0dfac9e:

✅ Validation status: passed

File Status Preview URL Details
api-reference/beta/api/accesspackage-getapplicablepolicyrequirements.md ✅Succeeded
api-reference/beta/api/accesspackageassignmentrequest-cancel.md ✅Succeeded
api-reference/beta/api/entitlementmanagement-post-assignmentrequests.md ✅Succeeded
api-reference/beta/includes/rbac-for-apis/accesspackage-getapplicablepolicyrequirements.md ✅Succeeded
api-reference/beta/includes/rbac-for-apis/rbac-entitlement-management-access-package-assignment-manager-apis-write-including-subject-access.md ✅Succeeded
api-reference/beta/includes/rbac-for-apis/rbac-entitlement-management-end-user-apis-write-including-subject-access.md ✅Succeeded
api-reference/v1.0/api/accesspackage-getapplicablepolicyrequirements.md ✅Succeeded
api-reference/v1.0/api/accesspackageassignmentrequest-cancel.md ✅Succeeded
api-reference/v1.0/api/entitlementmanagement-post-assignmentrequests.md ✅Succeeded
api-reference/v1.0/includes/rbac-for-apis/accesspackage-getapplicablepolicyrequirements.md ✅Succeeded
api-reference/v1.0/includes/rbac-for-apis/rbac-entitlement-management-access-package-assignment-manager-apis-write-including-subject-access.md ✅Succeeded
api-reference/v1.0/includes/rbac-for-apis/rbac-entitlement-management-end-user-apis-write-including-subject-access.md ✅Succeeded

For more details, please refer to the build report.

@learn-build-service-prod

learn-build-service-prod Bot commented Jun 11, 2026

Copy link
Copy Markdown
Contributor

Learn Build status updates of commit e05bd4c:

✅ Validation status: passed

File Status Preview URL Details
api-reference/beta/api/accesspackage-getapplicablepolicyrequirements.md ✅Succeeded
api-reference/beta/api/accesspackageassignmentrequest-cancel.md ✅Succeeded
api-reference/beta/api/entitlementmanagement-post-assignmentrequests.md ✅Succeeded
api-reference/beta/includes/rbac-for-apis/accesspackage-getapplicablepolicyrequirements.md ✅Succeeded
api-reference/beta/includes/rbac-for-apis/rbac-entitlement-management-access-package-assignment-manager-apis-write-including-subject-access.md ✅Succeeded
api-reference/beta/includes/rbac-for-apis/rbac-entitlement-management-end-user-apis-write-including-subject-access.md ✅Succeeded
api-reference/v1.0/api/accesspackage-getapplicablepolicyrequirements.md ✅Succeeded
api-reference/v1.0/api/accesspackageassignmentrequest-cancel.md ✅Succeeded
api-reference/v1.0/api/entitlementmanagement-post-assignmentrequests.md ✅Succeeded
api-reference/v1.0/includes/rbac-for-apis/accesspackage-getapplicablepolicyrequirements.md ✅Succeeded
api-reference/v1.0/includes/rbac-for-apis/rbac-entitlement-management-access-package-assignment-manager-apis-write-including-subject-access.md ✅Succeeded
api-reference/v1.0/includes/rbac-for-apis/rbac-entitlement-management-end-user-apis-write-including-subject-access.md ✅Succeeded

For more details, please refer to the build report.

Simran Moolchandaney (from Dev Box) and others added 2 commits June 12, 2026 11:51
Restructure RBAC tip boxes per review feedback
005bcba 
- POST assignment requests: split into end-user vs admin request type sections
- Cancel request: split into end-user vs admin cancellation scenarios
- Remove app-only note from cancel (not supported)
- v1.0 end-user types: userAdd, userUpdate, userRemove, approverRemove
- Beta end-user types: adds userExtend
- v1.0 references allowedTargetScope, specificAllowedTargets, requestorSettings
- Beta references only requestorSettings (different policy model)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Simplify admin role wording in RBAC tip boxes
ca986f7 
Remove awkward 'or' phrasing in admin sections. State least privileged
permission and role requirement as separate clean bullets.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@learn-build-service-prod

learn-build-service-prod Bot commented Jun 12, 2026

Copy link
Copy Markdown
Contributor

Learn Build status updates of commit ca986f7:

✅ Validation status: passed

File Status Preview URL Details
api-reference/beta/api/accesspackage-getapplicablepolicyrequirements.md ✅Succeeded
api-reference/beta/api/accesspackageassignmentrequest-cancel.md ✅Succeeded
api-reference/beta/api/entitlementmanagement-post-assignmentrequests.md ✅Succeeded
api-reference/beta/includes/rbac-for-apis/accesspackage-getapplicablepolicyrequirements.md ✅Succeeded
api-reference/beta/includes/rbac-for-apis/rbac-entitlement-management-access-package-assignment-manager-apis-write-including-subject-access.md ✅Succeeded
api-reference/beta/includes/rbac-for-apis/rbac-entitlement-management-end-user-apis-write-including-subject-access.md ✅Succeeded
api-reference/v1.0/api/accesspackage-getapplicablepolicyrequirements.md ✅Succeeded
api-reference/v1.0/api/accesspackageassignmentrequest-cancel.md ✅Succeeded
api-reference/v1.0/api/entitlementmanagement-post-assignmentrequests.md ✅Succeeded
api-reference/v1.0/includes/rbac-for-apis/accesspackage-getapplicablepolicyrequirements.md ✅Succeeded
api-reference/v1.0/includes/rbac-for-apis/rbac-entitlement-management-access-package-assignment-manager-apis-write-including-subject-access.md ✅Succeeded
api-reference/v1.0/includes/rbac-for-apis/rbac-entitlement-management-end-user-apis-write-including-subject-access.md ✅Succeeded

For more details, please refer to the build report.

Restructure getApplicablePolicyRequirements RBAC tip with end-user vs…
c928dc2 
… admin sections

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@learn-build-service-prod

learn-build-service-prod Bot commented Jun 12, 2026

Copy link
Copy Markdown
Contributor

Learn Build status updates of commit c928dc2:

✅ Validation status: passed

File Status Preview URL Details
api-reference/beta/api/accesspackage-getapplicablepolicyrequirements.md ✅Succeeded
api-reference/beta/api/accesspackageassignmentrequest-cancel.md ✅Succeeded
api-reference/beta/api/entitlementmanagement-post-assignmentrequests.md ✅Succeeded
api-reference/beta/includes/rbac-for-apis/accesspackage-getapplicablepolicyrequirements.md ✅Succeeded
api-reference/beta/includes/rbac-for-apis/rbac-entitlement-management-access-package-assignment-manager-apis-write-including-subject-access.md ✅Succeeded
api-reference/beta/includes/rbac-for-apis/rbac-entitlement-management-end-user-apis-write-including-subject-access.md ✅Succeeded
api-reference/v1.0/api/accesspackage-getapplicablepolicyrequirements.md ✅Succeeded
api-reference/v1.0/api/accesspackageassignmentrequest-cancel.md ✅Succeeded
api-reference/v1.0/api/entitlementmanagement-post-assignmentrequests.md ✅Succeeded
api-reference/v1.0/includes/rbac-for-apis/accesspackage-getapplicablepolicyrequirements.md ✅Succeeded
api-reference/v1.0/includes/rbac-for-apis/rbac-entitlement-management-access-package-assignment-manager-apis-write-including-subject-access.md ✅Succeeded
api-reference/v1.0/includes/rbac-for-apis/rbac-entitlement-management-end-user-apis-write-including-subject-access.md ✅Succeeded

For more details, please refer to the build report.

@learn-build-service-prod

learn-build-service-prod Bot commented Jun 12, 2026

Copy link
Copy Markdown
Contributor

Learn Build status updates of commit 005bcba:

✅ Validation status: passed

File Status Preview URL Details
api-reference/beta/api/accesspackage-getapplicablepolicyrequirements.md ✅Succeeded
api-reference/beta/api/accesspackageassignmentrequest-cancel.md ✅Succeeded
api-reference/beta/api/entitlementmanagement-post-assignmentrequests.md ✅Succeeded
api-reference/beta/includes/rbac-for-apis/accesspackage-getapplicablepolicyrequirements.md ✅Succeeded
api-reference/beta/includes/rbac-for-apis/rbac-entitlement-management-access-package-assignment-manager-apis-write-including-subject-access.md ✅Succeeded
api-reference/beta/includes/rbac-for-apis/rbac-entitlement-management-end-user-apis-write-including-subject-access.md ✅Succeeded
api-reference/v1.0/api/accesspackage-getapplicablepolicyrequirements.md ✅Succeeded
api-reference/v1.0/api/accesspackageassignmentrequest-cancel.md ✅Succeeded
api-reference/v1.0/api/entitlementmanagement-post-assignmentrequests.md ✅Succeeded
api-reference/v1.0/includes/rbac-for-apis/accesspackage-getapplicablepolicyrequirements.md ✅Succeeded
api-reference/v1.0/includes/rbac-for-apis/rbac-entitlement-management-access-package-assignment-manager-apis-write-including-subject-access.md ✅Succeeded
api-reference/v1.0/includes/rbac-for-apis/rbac-entitlement-management-end-user-apis-write-including-subject-access.md ✅Succeeded

For more details, please refer to the build report.

Align getApplicablePolicyRequirements docs with published schema
cb8337b 
- Beta: Remove Example 2 (subject body) which is not in the published
  CSDL schema; update request body text to 'Don't supply a request body';
  renumber Example 3 to Example 2
- v1.0: Replace empty response example with actual schema properties
  (isApprovalRequiredForAdd, isApprovalRequiredForUpdate,
  allowCustomAssignmentSchedule, schedule, questions)
- Both: Remove RBAC TIP box includes for this API and delete the
  corresponding include files

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@learn-build-service-prod

learn-build-service-prod Bot commented Jun 12, 2026

Copy link
Copy Markdown
Contributor

Learn Build status updates of commit cb8337b:

✅ Validation status: passed

File Status Preview URL Details
api-reference/beta/api/accesspackage-getapplicablepolicyrequirements.md ✅Succeeded
api-reference/beta/api/accesspackageassignmentrequest-cancel.md ✅Succeeded
api-reference/beta/api/entitlementmanagement-post-assignmentrequests.md ✅Succeeded
api-reference/beta/includes/rbac-for-apis/rbac-entitlement-management-access-package-assignment-manager-apis-write-including-subject-access.md ✅Succeeded
api-reference/beta/includes/rbac-for-apis/rbac-entitlement-management-end-user-apis-write-including-subject-access.md ✅Succeeded
api-reference/v1.0/api/accesspackage-getapplicablepolicyrequirements.md ✅Succeeded
api-reference/v1.0/api/accesspackageassignmentrequest-cancel.md ✅Succeeded
api-reference/v1.0/api/entitlementmanagement-post-assignmentrequests.md ✅Succeeded
api-reference/v1.0/includes/rbac-for-apis/rbac-entitlement-management-access-package-assignment-manager-apis-write-including-subject-access.md ✅Succeeded
api-reference/v1.0/includes/rbac-for-apis/rbac-entitlement-management-end-user-apis-write-including-subject-access.md ✅Succeeded

For more details, please refer to the build report.

FaithOmbongi
FaithOmbongi requested changes Jun 16, 2026
View reviewed changes

@FaithOmbongi FaithOmbongi left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@simoolchandaney We don’t accept substantial contributions from internal team members in this repository—especially changes involving schemas. Key validations are not executed here, so we can’t guarantee the integrity of these changes before merge.

Please submit your PR to the private repo: Microsoft Graph Docs repo
If you encounter a 404 error, complete the onboarding steps in: Get started with the Microsoft Graph CDK

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@FaithOmbongi FaithOmbongi FaithOmbongi requested changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@simoolchandaney @FaithOmbongi