Forum Discussion
Weird result when using MS Graph for Access Review Owners
Greetings,
I am trying to create an Azure Access Review which includes both members and owners for the review process, where the group owners are also the reviewer in said Access Review. Since there are over 500+ groups in our tenant, I am using Microsoft Graph to automate this using a powershell script.
When I use the members value in the request body, everything works out fine, but when I use owners in the request body, I get a weird result which I was able to replicate using the MS Graph Explorer.
As an exercise, I used the MS Graph explorer for the following:
Best Case Scenario
POST (beta): https://graph.microsoft.com/beta/identityGovernance/accessReviews/definitions
Request Body:
{
"displayName": "Group Members Access Review",
"descriptionForAdmins": "Reviews access to all group members in the organization",
"reviewType": "AccessReview",
"scope": {
"query": "/groups/{group id}/members",
"queryType": "MicrosoftGraph"
}
}
Result is:
The access review is successfully created in Azure. You can see it in the GUI on the web.
=====================
Bad Case Scenario
POST (beta): https://graph.microsoft.com/beta/identityGovernance/accessReviews/definitions
Request Body:
{
"displayName": "Group Owners Access Review",
"descriptionForAdmins": "Group owners in the organization",
"reviewType": "AccessReview",
"scope": {
"query": "/groups/{group id}/owners",
"queryType": "MicrosoftGraph"
}
}
The result is:
{
"error": {
"code": "",
"message": "PartnerData | Partner Record with Id 00000000-0000-0000-0000-000000000000 not found in repository",
"innerError": {
"date": "2023-08-18T16:17:48",
"request-id": "{request id auto-generated}",
"client-request-id": "{client-request-id auto-generated}"
}
}
}
I don’t have this PartnerData in my tenant, but I get the feeling this is something from within Graph API maybe.
All I want to do is create an access review that includes both group members and owners.
Any ideas?