{ "item": [ { "name": "api", "description": "", "item": [ { "name": "v2", "description": "", "item": [ { "name": "privilegedAccess", "description": "", "item": [ { "name": "{provider}", "description": "", "item": [ { "name": "roleAssignments", "description": "", "item": [ { "id": "dbd3ce41-a7cb-4f6c-b93c-e02de813279a", "name": "List role assignments", "request": { "name": "List role assignments", "description": { "content": "Retrieves role assignments for the specified provider. Supports OData filtering\nto query eligible, active, or specific role assignments.\n\nCommon filters:\n- `status eq 'Active'` - Active assignments only\n- `status eq 'Eligible'` - Eligible assignments only\n- `roleDefinitionId eq '{id}'` - Assignments for a specific role\n- `subjectId eq '{id}'` - Assignments for a specific user\n", "type": "text/plain" }, "url": { "path": [ "api", "v2", "privilegedAccess", ":provider", "roleAssignments" ], "host": [ "{{baseUrl}}" ], "query": [ { "disabled": false, "description": { "content": "OData filter expression", "type": "text/plain" }, "key": "$filter", "value": "string" }, { "disabled": false, "description": { "content": "Maximum number of results to return", "type": "text/plain" }, "key": "$top", "value": "8154" }, { "disabled": false, "description": { "content": "Number of results to skip", "type": "text/plain" }, "key": "$skip", "value": "8154" }, { "disabled": false, "description": { "content": "OData order by expression", "type": "text/plain" }, "key": "$orderby", "value": "string" }, { "disabled": false, "description": { "content": "OData expand expression (e.g., linkedEligibleRoleAssignment,subject,roleDefinition)", "type": "text/plain" }, "key": "$expand", "value": "string" } ], "variable": [ { "type": "any", "value": "aadroles", "key": "provider", "disabled": false, "description": { "content": "(Required) The PIM provider type (This can only be one of aadroles,azureResources,aadgroup)", "type": "text/plain" } } ] }, "header": [ { "key": "Accept", "value": "application/json" } ], "method": "GET", "body": {}, "auth": null }, "response": [ { "id": "d7e376a4-d388-4281-be79-53b3778040f7", "name": "List of role assignments", "originalRequest": { "url": { "path": [ "api", "v2", "privilegedAccess", ":provider", "roleAssignments" ], "host": [ "{{baseUrl}}" ], "query": [ { "disabled": false, "description": { "content": "OData filter expression", "type": "text/plain" }, "key": "$filter", "value": "string" }, { "disabled": false, "description": { "content": "Maximum number of results to return", "type": "text/plain" }, "key": "$top", "value": "8154" }, { "disabled": false, "description": { "content": "Number of results to skip", "type": "text/plain" }, "key": "$skip", "value": "8154" }, { "disabled": false, "description": { "content": "OData order by expression", "type": "text/plain" }, "key": "$orderby", "value": "string" }, { "disabled": false, "description": { "content": "OData expand expression (e.g., linkedEligibleRoleAssignment,subject,roleDefinition)", "type": "text/plain" }, "key": "$expand", "value": "string" } ], "variable": [ { "disabled": false, "description": { "content": "(Required) The PIM provider type (This can only be one of aadroles,azureResources,aadgroup)", "type": "text/plain" }, "type": "any", "value": "aadroles", "key": "provider" } ] }, "header": [ { "key": "Accept", "value": "application/json" } ], "method": "GET", "body": {} }, "status": "OK", "code": 200, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"@odata.context\": \"https://api.azrbac.mspim.azure.com/api/v2/$metadata#governanceRoleAssignments(roleDefinition(),subject())\",\n \"value\": [\n {\n \"@odata.id\": \"https://api.azrbac.mspim.azure.com/api/v2/privilegedAccess('aadRoles')/roleAssignments('lAPpYvVpN0KRkAEhdxReEMP_aasI5Y5Pr4uNYm1nZMk-1')\",\n \"id\": \"lAPpYvVpN0KRkAEhdxReEMP_aasI5Y5Pr4uNYm1nZMk-1\",\n \"resourceId\": \"847b5907-ca15-40f4-b171-eb18619dbfab\",\n \"roleDefinitionId\": \"62e90394-69f5-4237-9190-012177145e10\",\n \"subjectId\": \"ab69ffc3-e508-4f8e-af8b-8d626d6764c9\",\n \"scopedResourceId\": null,\n \"linkedEligibleRoleAssignmentId\": null,\n \"externalId\": \"lAPpYvVpN0KRkAEhdxReEMP_aasI5Y5Pr4uNYm1nZMk-1\",\n \"isPermanent\": true,\n \"startDateTime\": \"2023-11-13T04:42:16.297Z\",\n \"endDateTime\": null,\n \"memberType\": \"Direct\",\n \"assignmentState\": \"Active\",\n \"status\": \"Provisioned\",\n \"condition\": null,\n \"conditionVersion\": null,\n \"conditionDescription\": null,\n \"roleDefinition\": {\n \"id\": \"62e90394-69f5-4237-9190-012177145e10\",\n \"resourceId\": \"847b5907-ca15-40f4-b171-eb18619dbfab\",\n \"externalId\": \"62e90394-69f5-4237-9190-012177145e10\"\n },\n \"subject\": {\n \"id\": \"ab69ffc3-e508-4f8e-af8b-8d626d6764c9\",\n \"key_0\": \"string\"\n }\n },\n {\n \"@odata.id\": \"https://api.azrbac.mspim.azure.com/api/v2/privilegedAccess('aadRoles')/roleAssignments('lAPpYvVpN0KRkAEhdxReEMP_aasI5Y5Pr4uNYm1nZMk-1')\",\n \"id\": \"lAPpYvVpN0KRkAEhdxReEMP_aasI5Y5Pr4uNYm1nZMk-1\",\n \"resourceId\": \"847b5907-ca15-40f4-b171-eb18619dbfab\",\n \"roleDefinitionId\": \"62e90394-69f5-4237-9190-012177145e10\",\n \"subjectId\": \"ab69ffc3-e508-4f8e-af8b-8d626d6764c9\",\n \"scopedResourceId\": null,\n \"linkedEligibleRoleAssignmentId\": null,\n \"externalId\": \"lAPpYvVpN0KRkAEhdxReEMP_aasI5Y5Pr4uNYm1nZMk-1\",\n \"isPermanent\": true,\n \"startDateTime\": \"2023-11-13T04:42:16.297Z\",\n \"endDateTime\": null,\n \"memberType\": \"Direct\",\n \"assignmentState\": \"Active\",\n \"status\": \"Provisioned\",\n \"condition\": null,\n \"conditionVersion\": null,\n \"conditionDescription\": null,\n \"roleDefinition\": {\n \"id\": \"62e90394-69f5-4237-9190-012177145e10\",\n \"resourceId\": \"847b5907-ca15-40f4-b171-eb18619dbfab\",\n \"externalId\": \"62e90394-69f5-4237-9190-012177145e10\"\n },\n \"subject\": {\n \"id\": \"ab69ffc3-e508-4f8e-af8b-8d626d6764c9\",\n \"key_0\": 9949\n }\n }\n ]\n}", "cookie": [], "_postman_previewlanguage": "json" } ], "event": [], "protocolProfileBehavior": { "disableBodyPruning": true } } ] }, { "name": "roleAssignmentRequests", "description": "", "item": [ { "id": "47504703-50d2-4761-9e2c-c767eae44b4b", "name": "List role assignment requests", "request": { "name": "List role assignment requests", "description": { "content": "Retrieves role assignment requests (activations, assignments, removals)\nfor the specified provider. Includes pending, approved, denied, and\ncompleted requests.\n", "type": "text/plain" }, "url": { "path": [ "api", "v2", "privilegedAccess", ":provider", "roleAssignmentRequests" ], "host": [ "{{baseUrl}}" ], "query": [ { "disabled": false, "description": { "content": "OData filter expression", "type": "text/plain" }, "key": "$filter", "value": "string" }, { "disabled": false, "description": { "content": "Maximum number of results to return", "type": "text/plain" }, "key": "$top", "value": "8154" }, { "disabled": false, "description": { "content": "Number of results to skip", "type": "text/plain" }, "key": "$skip", "value": "8154" }, { "disabled": false, "description": { "content": "OData order by expression", "type": "text/plain" }, "key": "$orderby", "value": "string" } ], "variable": [ { "type": "any", "value": "aadroles", "key": "provider", "disabled": false, "description": { "content": "(Required) The PIM provider type (This can only be one of aadroles,azureResources,aadgroup)", "type": "text/plain" } } ] }, "header": [ { "key": "Accept", "value": "application/json" } ], "method": "GET", "body": {}, "auth": null }, "response": [ { "id": "078131b7-1867-4718-8056-fdf41d7fbec1", "name": "List of role assignment requests", "originalRequest": { "url": { "path": [ "api", "v2", "privilegedAccess", ":provider", "roleAssignmentRequests" ], "host": [ "{{baseUrl}}" ], "query": [ { "disabled": false, "description": { "content": "OData filter expression", "type": "text/plain" }, "key": "$filter", "value": "string" }, { "disabled": false, "description": { "content": "Maximum number of results to return", "type": "text/plain" }, "key": "$top", "value": "8154" }, { "disabled": false, "description": { "content": "Number of results to skip", "type": "text/plain" }, "key": "$skip", "value": "8154" }, { "disabled": false, "description": { "content": "OData order by expression", "type": "text/plain" }, "key": "$orderby", "value": "string" } ], "variable": [ { "disabled": false, "description": { "content": "(Required) The PIM provider type (This can only be one of aadroles,azureResources,aadgroup)", "type": "text/plain" }, "type": "any", "value": "aadroles", "key": "provider" } ] }, "header": [ { "key": "Accept", "value": "application/json" } ], "method": "GET", "body": {} }, "status": "OK", "code": 200, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{}", "cookie": [], "_postman_previewlanguage": "json" } ], "event": [], "protocolProfileBehavior": { "disableBodyPruning": true } }, { "id": "49064143-efb6-4fd1-a14f-146ec5f63d2f", "name": "Create a role assignment request", "request": { "name": "Create a role assignment request", "description": { "content": "Creates a new role assignment request. This is used for:\n- Activating an eligible role assignment\n- Creating a new eligible or active role assignment\n- Removing or deactivating a role assignment\n\n**Warning:** This endpoint performs write operations.\n", "type": "text/plain" }, "url": { "path": [ "api", "v2", "privilegedAccess", ":provider", "roleAssignmentRequests" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "type": "any", "value": "aadroles", "key": "provider", "disabled": false, "description": { "content": "(Required) The PIM provider type (This can only be one of aadroles,azureResources,aadgroup)", "type": "text/plain" } } ] }, "header": [ { "key": "Content-Type", "value": "application/json" } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"roleDefinitionId\": \"546ad94d-b7ce-0ffc-5ddb-c8d3ee26ca55\",\n \"resourceId\": \"1158d154-cc8f-de09-f43a-2c37fc30527e\",\n \"subjectId\": \"86b3a4e2-0366-43dc-c8a2-94983165889e\",\n \"assignmentState\": \"Eligible\",\n \"type\": \"AdminUpdate\",\n \"reason\": \"string\",\n \"schedule\": {\n \"type\": \"string\",\n \"startDateTime\": \"2014-10-08T16:59:01.508Z\",\n \"endDateTime\": \"1955-12-19T20:31:54.715Z\",\n \"duration\": \"string\"\n }\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } }, "auth": null }, "response": [ { "id": "251ae12b-d1ec-43d2-a818-a73aea52f485", "name": "Role assignment request created", "originalRequest": { "url": { "path": [ "api", "v2", "privilegedAccess", ":provider", "roleAssignmentRequests" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) The PIM provider type (This can only be one of aadroles,azureResources,aadgroup)", "type": "text/plain" }, "type": "any", "value": "aadroles", "key": "provider" } ] }, "header": [ { "key": "Content-Type", "value": "application/json" } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"roleDefinitionId\": \"546ad94d-b7ce-0ffc-5ddb-c8d3ee26ca55\",\n \"resourceId\": \"1158d154-cc8f-de09-f43a-2c37fc30527e\",\n \"subjectId\": \"86b3a4e2-0366-43dc-c8a2-94983165889e\",\n \"assignmentState\": \"Eligible\",\n \"type\": \"AdminUpdate\",\n \"reason\": \"string\",\n \"schedule\": {\n \"type\": \"string\",\n \"startDateTime\": \"2014-10-08T16:59:01.508Z\",\n \"endDateTime\": \"1955-12-19T20:31:54.715Z\",\n \"duration\": \"string\"\n }\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "Created", "code": 201, "header": [], "cookie": [], "_postman_previewlanguage": "text" }, { "id": "04ccd321-fb98-4ec1-93e6-3b2762926688", "name": "Invalid request parameters", "originalRequest": { "url": { "path": [ "api", "v2", "privilegedAccess", ":provider", "roleAssignmentRequests" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) The PIM provider type (This can only be one of aadroles,azureResources,aadgroup)", "type": "text/plain" }, "type": "any", "value": "aadroles", "key": "provider" } ] }, "header": [ { "key": "Content-Type", "value": "application/json" } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"roleDefinitionId\": \"546ad94d-b7ce-0ffc-5ddb-c8d3ee26ca55\",\n \"resourceId\": \"1158d154-cc8f-de09-f43a-2c37fc30527e\",\n \"subjectId\": \"86b3a4e2-0366-43dc-c8a2-94983165889e\",\n \"assignmentState\": \"Eligible\",\n \"type\": \"AdminUpdate\",\n \"reason\": \"string\",\n \"schedule\": {\n \"type\": \"string\",\n \"startDateTime\": \"2014-10-08T16:59:01.508Z\",\n \"endDateTime\": \"1955-12-19T20:31:54.715Z\",\n \"duration\": \"string\"\n }\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "Bad Request", "code": 400, "header": [], "cookie": [], "_postman_previewlanguage": "text" }, { "id": "ec689412-c224-45d2-948b-71609d0f78a8", "name": "Insufficient permissions", "originalRequest": { "url": { "path": [ "api", "v2", "privilegedAccess", ":provider", "roleAssignmentRequests" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) The PIM provider type (This can only be one of aadroles,azureResources,aadgroup)", "type": "text/plain" }, "type": "any", "value": "aadroles", "key": "provider" } ] }, "header": [ { "key": "Content-Type", "value": "application/json" } ], "method": "POST", "body": { "mode": "raw", "raw": "{\n \"roleDefinitionId\": \"546ad94d-b7ce-0ffc-5ddb-c8d3ee26ca55\",\n \"resourceId\": \"1158d154-cc8f-de09-f43a-2c37fc30527e\",\n \"subjectId\": \"86b3a4e2-0366-43dc-c8a2-94983165889e\",\n \"assignmentState\": \"Eligible\",\n \"type\": \"AdminUpdate\",\n \"reason\": \"string\",\n \"schedule\": {\n \"type\": \"string\",\n \"startDateTime\": \"2014-10-08T16:59:01.508Z\",\n \"endDateTime\": \"1955-12-19T20:31:54.715Z\",\n \"duration\": \"string\"\n }\n}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "Forbidden", "code": 403, "header": [], "cookie": [], "_postman_previewlanguage": "text" } ], "event": [], "protocolProfileBehavior": { "disableBodyPruning": true } }, { "name": "{requestId}", "description": "", "item": [ { "name": "cancel", "description": "", "item": [ { "id": "7052853b-eb6d-447d-913c-83abe09b66cf", "name": "Cancel a pending role assignment request", "request": { "name": "Cancel a pending role assignment request", "description": {}, "url": { "path": [ "api", "v2", "privilegedAccess", ":provider", "roleAssignmentRequests", ":requestId", "cancel" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "type": "any", "value": "aadroles", "key": "provider", "disabled": false, "description": { "content": "(Required) The PIM provider type (This can only be one of aadroles,azureResources,aadgroup)", "type": "text/plain" } }, { "type": "any", "value": "69a6cc90-27b8-3efd-9065-e9d7e30a32b8", "key": "requestId", "disabled": false, "description": { "content": "(Required) ", "type": "text/plain" } } ] }, "method": "POST", "body": {}, "auth": null }, "response": [ { "id": "dc087356-23f4-4025-b6e0-955bddcd8561", "name": "Request cancelled successfully", "originalRequest": { "url": { "path": [ "api", "v2", "privilegedAccess", ":provider", "roleAssignmentRequests", ":requestId", "cancel" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) The PIM provider type (This can only be one of aadroles,azureResources,aadgroup)", "type": "text/plain" }, "type": "any", "value": "aadroles", "key": "provider" }, { "disabled": false, "description": { "content": "(Required) ", "type": "text/plain" }, "type": "any", "value": "69a6cc90-27b8-3efd-9065-e9d7e30a32b8", "key": "requestId" } ] }, "method": "POST", "body": {} }, "status": "OK", "code": 200, "header": [], "cookie": [], "_postman_previewlanguage": "text" }, { "id": "84894ac3-d66c-44de-bd62-ce78f8a1d258", "name": "Request not found", "originalRequest": { "url": { "path": [ "api", "v2", "privilegedAccess", ":provider", "roleAssignmentRequests", ":requestId", "cancel" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) The PIM provider type (This can only be one of aadroles,azureResources,aadgroup)", "type": "text/plain" }, "type": "any", "value": "aadroles", "key": "provider" }, { "disabled": false, "description": { "content": "(Required) ", "type": "text/plain" }, "type": "any", "value": "69a6cc90-27b8-3efd-9065-e9d7e30a32b8", "key": "requestId" } ] }, "method": "POST", "body": {} }, "status": "Not Found", "code": 404, "header": [], "cookie": [], "_postman_previewlanguage": "text" } ], "event": [], "protocolProfileBehavior": { "disableBodyPruning": true } } ] } ] } ] }, { "name": "resources", "description": "", "item": [ { "id": "fedb5c2a-01e8-45e8-97f0-b653ba3facaf", "name": "List PIM-managed resources", "request": { "name": "List PIM-managed resources", "description": { "content": "Retrieves resources that are managed by PIM for the specified provider.\nFor aadroles, this returns the tenant. For azureResources, this returns\ndiscovered Azure subscriptions/resource groups. For aadgroup, this returns\nPIM-enabled groups.\n", "type": "text/plain" }, "url": { "path": [ "api", "v2", "privilegedAccess", ":provider", "resources" ], "host": [ "{{baseUrl}}" ], "query": [ { "disabled": false, "description": { "content": "OData filter expression", "type": "text/plain" }, "key": "$filter", "value": "string" }, { "disabled": false, "description": { "content": "Maximum number of results to return", "type": "text/plain" }, "key": "$top", "value": "8154" } ], "variable": [ { "type": "any", "value": "aadroles", "key": "provider", "disabled": false, "description": { "content": "(Required) The PIM provider type (This can only be one of aadroles,azureResources,aadgroup)", "type": "text/plain" } } ] }, "header": [ { "key": "Accept", "value": "application/json" } ], "method": "GET", "body": {}, "auth": null }, "response": [ { "id": "8ba49990-e39e-4e35-9717-3f1027085e0a", "name": "List of PIM-managed resources", "originalRequest": { "url": { "path": [ "api", "v2", "privilegedAccess", ":provider", "resources" ], "host": [ "{{baseUrl}}" ], "query": [ { "disabled": false, "description": { "content": "OData filter expression", "type": "text/plain" }, "key": "$filter", "value": "string" }, { "disabled": false, "description": { "content": "Maximum number of results to return", "type": "text/plain" }, "key": "$top", "value": "8154" } ], "variable": [ { "disabled": false, "description": { "content": "(Required) The PIM provider type (This can only be one of aadroles,azureResources,aadgroup)", "type": "text/plain" }, "type": "any", "value": "aadroles", "key": "provider" } ] }, "header": [ { "key": "Accept", "value": "application/json" } ], "method": "GET", "body": {} }, "status": "OK", "code": 200, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{}", "cookie": [], "_postman_previewlanguage": "json" } ], "event": [], "protocolProfileBehavior": { "disableBodyPruning": true } }, { "name": "{resourceId}", "description": "", "item": [ { "name": "roleDefinitions", "description": "", "item": [ { "id": "c419e10c-d978-4c3f-a114-90865efcf85b", "name": "List role definitions for a resource", "request": { "name": "List role definitions for a resource", "description": { "content": "Retrieves all role definitions available for the specified resource.\nFor Entra roles, this returns all directory roles. For Azure resources,\nthis returns Azure RBAC roles applicable to the resource.\n", "type": "text/plain" }, "url": { "path": [ "api", "v2", "privilegedAccess", ":provider", "resources", ":resourceId", "roleDefinitions" ], "host": [ "{{baseUrl}}" ], "query": [ { "disabled": false, "description": { "content": "OData filter expression", "type": "text/plain" }, "key": "$filter", "value": "string" }, { "disabled": false, "description": { "content": "Maximum number of results to return", "type": "text/plain" }, "key": "$top", "value": "8154" }, { "disabled": false, "description": { "content": "OData expand expression (e.g., linkedEligibleRoleAssignment,subject,roleDefinition)", "type": "text/plain" }, "key": "$expand", "value": "string" } ], "variable": [ { "type": "any", "value": "aadroles", "key": "provider", "disabled": false, "description": { "content": "(Required) The PIM provider type (This can only be one of aadroles,azureResources,aadgroup)", "type": "text/plain" } }, { "type": "any", "value": "69a6cc90-27b8-3efd-9065-e9d7e30a32b8", "key": "resourceId", "disabled": false, "description": { "content": "(Required) The tenant or resource ID (typically the Azure AD tenant ID)", "type": "text/plain" } } ] }, "header": [ { "key": "Accept", "value": "application/json" } ], "method": "GET", "body": {}, "auth": null }, "response": [ { "id": "3ae6f209-b2bd-444b-a9c1-8bcb847f7135", "name": "List of role definitions", "originalRequest": { "url": { "path": [ "api", "v2", "privilegedAccess", ":provider", "resources", ":resourceId", "roleDefinitions" ], "host": [ "{{baseUrl}}" ], "query": [ { "disabled": false, "description": { "content": "OData filter expression", "type": "text/plain" }, "key": "$filter", "value": "string" }, { "disabled": false, "description": { "content": "Maximum number of results to return", "type": "text/plain" }, "key": "$top", "value": "8154" }, { "disabled": false, "description": { "content": "OData expand expression (e.g., linkedEligibleRoleAssignment,subject,roleDefinition)", "type": "text/plain" }, "key": "$expand", "value": "string" } ], "variable": [ { "disabled": false, "description": { "content": "(Required) The PIM provider type (This can only be one of aadroles,azureResources,aadgroup)", "type": "text/plain" }, "type": "any", "value": "aadroles", "key": "provider" }, { "disabled": false, "description": { "content": "(Required) The tenant or resource ID (typically the Azure AD tenant ID)", "type": "text/plain" }, "type": "any", "value": "69a6cc90-27b8-3efd-9065-e9d7e30a32b8", "key": "resourceId" } ] }, "header": [ { "key": "Accept", "value": "application/json" } ], "method": "GET", "body": {} }, "status": "OK", "code": 200, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{}", "cookie": [], "_postman_previewlanguage": "json" } ], "event": [], "protocolProfileBehavior": { "disableBodyPruning": true } }, { "name": "{roleDefinitionId}", "description": "", "item": [ { "id": "803474c2-3baf-44db-af88-9f485538b1a6", "name": "Get a specific role definition", "request": { "name": "Get a specific role definition", "description": {}, "url": { "path": [ "api", "v2", "privilegedAccess", ":provider", "resources", ":resourceId", "roleDefinitions", ":roleDefinitionId" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "type": "any", "value": "aadroles", "key": "provider", "disabled": false, "description": { "content": "(Required) The PIM provider type (This can only be one of aadroles,azureResources,aadgroup)", "type": "text/plain" } }, { "type": "any", "value": "69a6cc90-27b8-3efd-9065-e9d7e30a32b8", "key": "resourceId", "disabled": false, "description": { "content": "(Required) The tenant or resource ID (typically the Azure AD tenant ID)", "type": "text/plain" } }, { "type": "any", "value": "69a6cc90-27b8-3efd-9065-e9d7e30a32b8", "key": "roleDefinitionId", "disabled": false, "description": { "content": "(Required) ", "type": "text/plain" } } ] }, "method": "GET", "body": {}, "auth": null }, "response": [ { "id": "d6134728-dd39-44da-ac2f-fe112f07f399", "name": "Role definition details", "originalRequest": { "url": { "path": [ "api", "v2", "privilegedAccess", ":provider", "resources", ":resourceId", "roleDefinitions", ":roleDefinitionId" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) The PIM provider type (This can only be one of aadroles,azureResources,aadgroup)", "type": "text/plain" }, "type": "any", "value": "aadroles", "key": "provider" }, { "disabled": false, "description": { "content": "(Required) The tenant or resource ID (typically the Azure AD tenant ID)", "type": "text/plain" }, "type": "any", "value": "69a6cc90-27b8-3efd-9065-e9d7e30a32b8", "key": "resourceId" }, { "disabled": false, "description": { "content": "(Required) ", "type": "text/plain" }, "type": "any", "value": "69a6cc90-27b8-3efd-9065-e9d7e30a32b8", "key": "roleDefinitionId" } ] }, "method": "GET", "body": {} }, "status": "OK", "code": 200, "header": [], "cookie": [], "_postman_previewlanguage": "text" } ], "event": [], "protocolProfileBehavior": { "disableBodyPruning": true } } ] } ] }, { "name": "roleSettings", "description": "", "item": [ { "id": "cfe527c4-f136-48ea-b391-8567b28047a7", "name": "List role settings for a resource", "request": { "name": "List role settings for a resource", "description": { "content": "Retrieves PIM settings for all roles on the specified resource. Settings\ninclude activation requirements (MFA, justification, ticket info),\nassignment rules (max duration, permanent eligibility), and notification\nconfiguration.\n", "type": "text/plain" }, "url": { "path": [ "api", "v2", "privilegedAccess", ":provider", "resources", ":resourceId", "roleSettings" ], "host": [ "{{baseUrl}}" ], "query": [ { "disabled": false, "description": { "content": "OData filter expression", "type": "text/plain" }, "key": "$filter", "value": "string" }, { "disabled": false, "description": { "content": "Maximum number of results to return", "type": "text/plain" }, "key": "$top", "value": "8154" }, { "disabled": false, "description": { "content": "OData expand expression (e.g., linkedEligibleRoleAssignment,subject,roleDefinition)", "type": "text/plain" }, "key": "$expand", "value": "string" } ], "variable": [ { "type": "any", "value": "aadroles", "key": "provider", "disabled": false, "description": { "content": "(Required) The PIM provider type (This can only be one of aadroles,azureResources,aadgroup)", "type": "text/plain" } }, { "type": "any", "value": "69a6cc90-27b8-3efd-9065-e9d7e30a32b8", "key": "resourceId", "disabled": false, "description": { "content": "(Required) The tenant or resource ID (typically the Azure AD tenant ID)", "type": "text/plain" } } ] }, "header": [ { "key": "Accept", "value": "application/json" } ], "method": "GET", "body": {}, "auth": null }, "response": [ { "id": "e8146d7f-6d18-4fa0-bfc8-3dc2ad0c958c", "name": "List of role settings", "originalRequest": { "url": { "path": [ "api", "v2", "privilegedAccess", ":provider", "resources", ":resourceId", "roleSettings" ], "host": [ "{{baseUrl}}" ], "query": [ { "disabled": false, "description": { "content": "OData filter expression", "type": "text/plain" }, "key": "$filter", "value": "string" }, { "disabled": false, "description": { "content": "Maximum number of results to return", "type": "text/plain" }, "key": "$top", "value": "8154" }, { "disabled": false, "description": { "content": "OData expand expression (e.g., linkedEligibleRoleAssignment,subject,roleDefinition)", "type": "text/plain" }, "key": "$expand", "value": "string" } ], "variable": [ { "disabled": false, "description": { "content": "(Required) The PIM provider type (This can only be one of aadroles,azureResources,aadgroup)", "type": "text/plain" }, "type": "any", "value": "aadroles", "key": "provider" }, { "disabled": false, "description": { "content": "(Required) The tenant or resource ID (typically the Azure AD tenant ID)", "type": "text/plain" }, "type": "any", "value": "69a6cc90-27b8-3efd-9065-e9d7e30a32b8", "key": "resourceId" } ] }, "header": [ { "key": "Accept", "value": "application/json" } ], "method": "GET", "body": {} }, "status": "OK", "code": 200, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{}", "cookie": [], "_postman_previewlanguage": "json" } ], "event": [], "protocolProfileBehavior": { "disableBodyPruning": true } }, { "name": "{roleSettingId}", "description": "", "item": [ { "id": "6668aaba-b7c7-4e5d-aeee-645491a7c459", "name": "Get settings for a specific role", "request": { "name": "Get settings for a specific role", "description": {}, "url": { "path": [ "api", "v2", "privilegedAccess", ":provider", "resources", ":resourceId", "roleSettings", ":roleSettingId" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "type": "any", "value": "aadroles", "key": "provider", "disabled": false, "description": { "content": "(Required) The PIM provider type (This can only be one of aadroles,azureResources,aadgroup)", "type": "text/plain" } }, { "type": "any", "value": "69a6cc90-27b8-3efd-9065-e9d7e30a32b8", "key": "resourceId", "disabled": false, "description": { "content": "(Required) The tenant or resource ID (typically the Azure AD tenant ID)", "type": "text/plain" } }, { "type": "any", "value": "69a6cc90-27b8-3efd-9065-e9d7e30a32b8", "key": "roleSettingId", "disabled": false, "description": { "content": "(Required) ", "type": "text/plain" } } ] }, "method": "GET", "body": {}, "auth": null }, "response": [ { "id": "20e9f7e1-99dd-4237-83ad-0f2b71b2bb34", "name": "Role setting details", "originalRequest": { "url": { "path": [ "api", "v2", "privilegedAccess", ":provider", "resources", ":resourceId", "roleSettings", ":roleSettingId" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) The PIM provider type (This can only be one of aadroles,azureResources,aadgroup)", "type": "text/plain" }, "type": "any", "value": "aadroles", "key": "provider" }, { "disabled": false, "description": { "content": "(Required) The tenant or resource ID (typically the Azure AD tenant ID)", "type": "text/plain" }, "type": "any", "value": "69a6cc90-27b8-3efd-9065-e9d7e30a32b8", "key": "resourceId" }, { "disabled": false, "description": { "content": "(Required) ", "type": "text/plain" }, "type": "any", "value": "69a6cc90-27b8-3efd-9065-e9d7e30a32b8", "key": "roleSettingId" } ] }, "method": "GET", "body": {} }, "status": "OK", "code": 200, "header": [], "cookie": [], "_postman_previewlanguage": "text" } ], "event": [], "protocolProfileBehavior": { "disableBodyPruning": true } }, { "id": "22efb3ce-74bc-48a6-9779-329708204b92", "name": "Update role settings", "request": { "name": "Update role settings", "description": { "content": "Updates PIM settings for a specific role. Controls activation requirements,\nassignment rules, and notification settings.\n\n**Warning:** This endpoint modifies PIM role configuration.\n", "type": "text/plain" }, "url": { "path": [ "api", "v2", "privilegedAccess", ":provider", "resources", ":resourceId", "roleSettings", ":roleSettingId" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "type": "any", "value": "aadroles", "key": "provider", "disabled": false, "description": { "content": "(Required) The PIM provider type (This can only be one of aadroles,azureResources,aadgroup)", "type": "text/plain" } }, { "type": "any", "value": "69a6cc90-27b8-3efd-9065-e9d7e30a32b8", "key": "resourceId", "disabled": false, "description": { "content": "(Required) The tenant or resource ID (typically the Azure AD tenant ID)", "type": "text/plain" } }, { "type": "any", "value": "69a6cc90-27b8-3efd-9065-e9d7e30a32b8", "key": "roleSettingId", "disabled": false, "description": { "content": "(Required) ", "type": "text/plain" } } ] }, "header": [ { "key": "Content-Type", "value": "application/json" } ], "method": "PATCH", "body": { "mode": "raw", "raw": "{}", "options": { "raw": { "headerFamily": "json", "language": "json" } } }, "auth": null }, "response": [ { "id": "ada8a5b5-395c-4d91-bb8d-f9b1bc121ed6", "name": "Role settings updated", "originalRequest": { "url": { "path": [ "api", "v2", "privilegedAccess", ":provider", "resources", ":resourceId", "roleSettings", ":roleSettingId" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) The PIM provider type (This can only be one of aadroles,azureResources,aadgroup)", "type": "text/plain" }, "type": "any", "value": "aadroles", "key": "provider" }, { "disabled": false, "description": { "content": "(Required) The tenant or resource ID (typically the Azure AD tenant ID)", "type": "text/plain" }, "type": "any", "value": "69a6cc90-27b8-3efd-9065-e9d7e30a32b8", "key": "resourceId" }, { "disabled": false, "description": { "content": "(Required) ", "type": "text/plain" }, "type": "any", "value": "69a6cc90-27b8-3efd-9065-e9d7e30a32b8", "key": "roleSettingId" } ] }, "header": [ { "key": "Content-Type", "value": "application/json" } ], "method": "PATCH", "body": { "mode": "raw", "raw": "{}", "options": { "raw": { "headerFamily": "json", "language": "json" } } } }, "status": "OK", "code": 200, "header": [], "cookie": [], "_postman_previewlanguage": "text" } ], "event": [], "protocolProfileBehavior": { "disableBodyPruning": true } } ] } ] }, { "name": "permissions", "description": "", "item": [ { "id": "9a54f903-e64e-469e-be6f-7b6eb49b921f", "name": "Get current user's PIM permissions for a resource", "request": { "name": "Get current user's PIM permissions for a resource", "description": { "content": "Returns the PIM permissions the current user has for the specified resource.\nUsed by the portal to determine what actions are available in the UI.\n", "type": "text/plain" }, "url": { "path": [ "api", "v2", "privilegedAccess", ":provider", "resources", ":resourceId", "permissions" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "type": "any", "value": "aadroles", "key": "provider", "disabled": false, "description": { "content": "(Required) The PIM provider type (This can only be one of aadroles,azureResources,aadgroup)", "type": "text/plain" } }, { "type": "any", "value": "69a6cc90-27b8-3efd-9065-e9d7e30a32b8", "key": "resourceId", "disabled": false, "description": { "content": "(Required) The tenant or resource ID (typically the Azure AD tenant ID)", "type": "text/plain" } } ] }, "header": [ { "key": "Accept", "value": "application/json" } ], "method": "GET", "body": {}, "auth": null }, "response": [ { "id": "6bbf546c-935e-44f6-ba52-f8c7f4d2971d", "name": "PIM permissions for the current user", "originalRequest": { "url": { "path": [ "api", "v2", "privilegedAccess", ":provider", "resources", ":resourceId", "permissions" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) The PIM provider type (This can only be one of aadroles,azureResources,aadgroup)", "type": "text/plain" }, "type": "any", "value": "aadroles", "key": "provider" }, { "disabled": false, "description": { "content": "(Required) The tenant or resource ID (typically the Azure AD tenant ID)", "type": "text/plain" }, "type": "any", "value": "69a6cc90-27b8-3efd-9065-e9d7e30a32b8", "key": "resourceId" } ] }, "header": [ { "key": "Accept", "value": "application/json" } ], "method": "GET", "body": {} }, "status": "OK", "code": 200, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{\n \"@odata.context\": \"https://api.azrbac.mspim.azure.com/api/v2/$metadata#Collection(Microsoft.Identity.Governance.Common.Data.ExternalModels.V1.governancePermission)\",\n \"value\": [\n {\n \"accessLevel\": \"AdminRead\",\n \"isActive\": true,\n \"isEligible\": false\n },\n {\n \"accessLevel\": \"AdminRead\",\n \"isActive\": true,\n \"isEligible\": false\n }\n ]\n}", "cookie": [], "_postman_previewlanguage": "json" } ], "event": [], "protocolProfileBehavior": { "disableBodyPruning": true } } ] }, { "name": "alerts", "description": "", "item": [ { "id": "cb96d6c2-784a-4c7b-9663-97c09e63a1b2", "name": "List PIM alerts for a resource", "request": { "name": "List PIM alerts for a resource", "description": { "content": "Retrieves security alerts generated by PIM for the specified resource.\nAlerts include issues like roles with too many permanent assignments,\nunused eligible roles, and potential security risks.\n", "type": "text/plain" }, "url": { "path": [ "api", "v2", "privilegedAccess", ":provider", "resources", ":resourceId", "alerts" ], "host": [ "{{baseUrl}}" ], "query": [ { "disabled": false, "description": { "content": "OData filter expression", "type": "text/plain" }, "key": "$filter", "value": "string" } ], "variable": [ { "type": "any", "value": "aadroles", "key": "provider", "disabled": false, "description": { "content": "(Required) The PIM provider type (This can only be one of aadroles,azureResources,aadgroup)", "type": "text/plain" } }, { "type": "any", "value": "69a6cc90-27b8-3efd-9065-e9d7e30a32b8", "key": "resourceId", "disabled": false, "description": { "content": "(Required) The tenant or resource ID (typically the Azure AD tenant ID)", "type": "text/plain" } } ] }, "header": [ { "key": "Accept", "value": "application/json" } ], "method": "GET", "body": {}, "auth": null }, "response": [ { "id": "c916ea37-f5ac-4670-92cc-5e5299d5a063", "name": "List of PIM alerts", "originalRequest": { "url": { "path": [ "api", "v2", "privilegedAccess", ":provider", "resources", ":resourceId", "alerts" ], "host": [ "{{baseUrl}}" ], "query": [ { "disabled": false, "description": { "content": "OData filter expression", "type": "text/plain" }, "key": "$filter", "value": "string" } ], "variable": [ { "disabled": false, "description": { "content": "(Required) The PIM provider type (This can only be one of aadroles,azureResources,aadgroup)", "type": "text/plain" }, "type": "any", "value": "aadroles", "key": "provider" }, { "disabled": false, "description": { "content": "(Required) The tenant or resource ID (typically the Azure AD tenant ID)", "type": "text/plain" }, "type": "any", "value": "69a6cc90-27b8-3efd-9065-e9d7e30a32b8", "key": "resourceId" } ] }, "header": [ { "key": "Accept", "value": "application/json" } ], "method": "GET", "body": {} }, "status": "OK", "code": 200, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{}", "cookie": [], "_postman_previewlanguage": "json" } ], "event": [], "protocolProfileBehavior": { "disableBodyPruning": true } }, { "name": "{alertId}", "description": "", "item": [ { "id": "48632d2a-b379-4748-9a6e-bfa18ef7fa32", "name": "Get a specific PIM alert", "request": { "name": "Get a specific PIM alert", "description": {}, "url": { "path": [ "api", "v2", "privilegedAccess", ":provider", "resources", ":resourceId", "alerts", ":alertId" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "type": "any", "value": "aadroles", "key": "provider", "disabled": false, "description": { "content": "(Required) The PIM provider type (This can only be one of aadroles,azureResources,aadgroup)", "type": "text/plain" } }, { "type": "any", "value": "69a6cc90-27b8-3efd-9065-e9d7e30a32b8", "key": "resourceId", "disabled": false, "description": { "content": "(Required) The tenant or resource ID (typically the Azure AD tenant ID)", "type": "text/plain" } }, { "type": "any", "value": "string", "key": "alertId", "disabled": false, "description": { "content": "(Required) ", "type": "text/plain" } } ] }, "method": "GET", "body": {}, "auth": null }, "response": [ { "id": "454391ae-61a0-45d7-9808-f377b953f2ad", "name": "Alert details", "originalRequest": { "url": { "path": [ "api", "v2", "privilegedAccess", ":provider", "resources", ":resourceId", "alerts", ":alertId" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) The PIM provider type (This can only be one of aadroles,azureResources,aadgroup)", "type": "text/plain" }, "type": "any", "value": "aadroles", "key": "provider" }, { "disabled": false, "description": { "content": "(Required) The tenant or resource ID (typically the Azure AD tenant ID)", "type": "text/plain" }, "type": "any", "value": "69a6cc90-27b8-3efd-9065-e9d7e30a32b8", "key": "resourceId" }, { "disabled": false, "description": { "content": "(Required) ", "type": "text/plain" }, "type": "any", "value": "string", "key": "alertId" } ] }, "method": "GET", "body": {} }, "status": "OK", "code": 200, "header": [], "cookie": [], "_postman_previewlanguage": "text" } ], "event": [], "protocolProfileBehavior": { "disableBodyPruning": true } }, { "name": "alertIncidents", "description": "", "item": [ { "id": "0053b7f2-814c-4cdb-8154-dc93ab356f7d", "name": "List incidents for a PIM alert", "request": { "name": "List incidents for a PIM alert", "description": { "content": "Retrieves the individual incidents that triggered a specific alert.\nFor example, for a \"too many permanent admins\" alert, each incident\nrepresents one permanent admin assignment.\n", "type": "text/plain" }, "url": { "path": [ "api", "v2", "privilegedAccess", ":provider", "resources", ":resourceId", "alerts", ":alertId", "alertIncidents" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "type": "any", "value": "aadroles", "key": "provider", "disabled": false, "description": { "content": "(Required) The PIM provider type (This can only be one of aadroles,azureResources,aadgroup)", "type": "text/plain" } }, { "type": "any", "value": "69a6cc90-27b8-3efd-9065-e9d7e30a32b8", "key": "resourceId", "disabled": false, "description": { "content": "(Required) The tenant or resource ID (typically the Azure AD tenant ID)", "type": "text/plain" } }, { "type": "any", "value": "string", "key": "alertId", "disabled": false, "description": { "content": "(Required) ", "type": "text/plain" } } ] }, "method": "GET", "body": {}, "auth": null }, "response": [ { "id": "5c443bd2-1a4d-444d-97a1-1fd228d3687b", "name": "List of alert incidents", "originalRequest": { "url": { "path": [ "api", "v2", "privilegedAccess", ":provider", "resources", ":resourceId", "alerts", ":alertId", "alertIncidents" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) The PIM provider type (This can only be one of aadroles,azureResources,aadgroup)", "type": "text/plain" }, "type": "any", "value": "aadroles", "key": "provider" }, { "disabled": false, "description": { "content": "(Required) The tenant or resource ID (typically the Azure AD tenant ID)", "type": "text/plain" }, "type": "any", "value": "69a6cc90-27b8-3efd-9065-e9d7e30a32b8", "key": "resourceId" }, { "disabled": false, "description": { "content": "(Required) ", "type": "text/plain" }, "type": "any", "value": "string", "key": "alertId" } ] }, "method": "GET", "body": {} }, "status": "OK", "code": 200, "header": [], "cookie": [], "_postman_previewlanguage": "text" } ], "event": [], "protocolProfileBehavior": { "disableBodyPruning": true } } ] } ] } ] } ] } ] }, { "name": "activities", "description": "", "item": [ { "id": "74e8b31f-6a1a-4042-be58-18179ebb88c5", "name": "List PIM activities (audit log)", "request": { "name": "List PIM activities (audit log)", "description": { "content": "Retrieves the PIM activity/audit log for the specified provider.\nIncludes role activations, assignments, removals, and setting changes.\n", "type": "text/plain" }, "url": { "path": [ "api", "v2", "privilegedAccess", ":provider", "activities" ], "host": [ "{{baseUrl}}" ], "query": [ { "disabled": false, "description": { "content": "OData filter expression", "type": "text/plain" }, "key": "$filter", "value": "string" }, { "disabled": false, "description": { "content": "Maximum number of results to return", "type": "text/plain" }, "key": "$top", "value": "8154" }, { "disabled": false, "description": { "content": "Number of results to skip", "type": "text/plain" }, "key": "$skip", "value": "8154" }, { "disabled": false, "description": { "content": "OData order by expression", "type": "text/plain" }, "key": "$orderby", "value": "string" } ], "variable": [ { "type": "any", "value": "aadroles", "key": "provider", "disabled": false, "description": { "content": "(Required) The PIM provider type (This can only be one of aadroles,azureResources,aadgroup)", "type": "text/plain" } } ] }, "header": [ { "key": "Accept", "value": "application/json" } ], "method": "GET", "body": {}, "auth": null }, "response": [ { "id": "49930ca2-4d4c-4d2d-8bb8-fd1a74b290a8", "name": "List of PIM activities", "originalRequest": { "url": { "path": [ "api", "v2", "privilegedAccess", ":provider", "activities" ], "host": [ "{{baseUrl}}" ], "query": [ { "disabled": false, "description": { "content": "OData filter expression", "type": "text/plain" }, "key": "$filter", "value": "string" }, { "disabled": false, "description": { "content": "Maximum number of results to return", "type": "text/plain" }, "key": "$top", "value": "8154" }, { "disabled": false, "description": { "content": "Number of results to skip", "type": "text/plain" }, "key": "$skip", "value": "8154" }, { "disabled": false, "description": { "content": "OData order by expression", "type": "text/plain" }, "key": "$orderby", "value": "string" } ], "variable": [ { "disabled": false, "description": { "content": "(Required) The PIM provider type (This can only be one of aadroles,azureResources,aadgroup)", "type": "text/plain" }, "type": "any", "value": "aadroles", "key": "provider" } ] }, "header": [ { "key": "Accept", "value": "application/json" } ], "method": "GET", "body": {} }, "status": "OK", "code": 200, "header": [ { "key": "Content-Type", "value": "application/json" } ], "body": "{}", "cookie": [], "_postman_previewlanguage": "json" } ], "event": [], "protocolProfileBehavior": { "disableBodyPruning": true } }, { "name": "getExpiredAssignmentAudits(roleAssignmentLevel='{level}',resourceId='{resourceId}',subjectId='{subjectId}')", "description": "", "item": [ { "id": "54d3d68d-1ccb-4663-ae15-c11a4ba57988", "name": "Get expired assignment audit records", "request": { "name": "Get expired assignment audit records", "description": { "content": "Retrieves audit records for expired role assignments. Used by the portal\nto show expired assignments in the PIM Expired Assignments tab.\n", "type": "text/plain" }, "url": { "path": [ "api", "v2", "privilegedAccess", ":provider", "activities", "getExpiredAssignmentAudits(roleAssignmentLevel='{{level}}',resourceId='{{resourceId}}',subjectId='{{subjectId}}')" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "type": "any", "value": "aadroles", "key": "provider", "disabled": false, "description": { "content": "(Required) The PIM provider type (This can only be one of aadroles,azureResources,aadgroup)", "type": "text/plain" } } ] }, "method": "GET", "body": {}, "auth": null }, "response": [ { "id": "3c692baf-e90e-4358-bfb9-aa0a7e25f0f1", "name": "Expired assignment audit records", "originalRequest": { "url": { "path": [ "api", "v2", "privilegedAccess", ":provider", "activities", "getExpiredAssignmentAudits(roleAssignmentLevel='{{level}}',resourceId='{{resourceId}}',subjectId='{{subjectId}}')" ], "host": [ "{{baseUrl}}" ], "query": [], "variable": [ { "disabled": false, "description": { "content": "(Required) The PIM provider type (This can only be one of aadroles,azureResources,aadgroup)", "type": "text/plain" }, "type": "any", "value": "aadroles", "key": "provider" } ] }, "method": "GET", "body": {} }, "status": "OK", "code": 200, "header": [], "cookie": [], "_postman_previewlanguage": "text" } ], "event": [], "protocolProfileBehavior": { "disableBodyPruning": true } } ] } ] } ] } ] } ] } ] } ], "auth": { "type": "bearer", "bearer": [ { "type": "any", "value": "{{bearerToken}}", "key": "token" } ] }, "event": [], "variable": [ { "key": "baseUrl", "value": "https://api.azrbac.mspim.azure.com" }, { "key": "level", "value": "Eligible" }, { "key": "resourceId", "value": "69a6cc90-27b8-3efd-9065-e9d7e30a32b8" }, { "key": "subjectId", "value": "string" } ], "info": { "_postman_id": "45b96365-89f6-4879-8109-eab52b823310", "name": "Entra PIM", "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json", "description": { "content": "The Entra PIM API is used by the Microsoft Entra Privileged Identity Management portal\n(entra.microsoft.com → Identity Governance → Privileged Identity Management) for managing\njust-in-time privileged access, including:\n\n - Entra Role Assignments (eligible, active, expired)\n - Entra Role Assignment Requests (activation, assignment, removal)\n - Entra Role Definitions and Settings\n - Azure Resource Role Assignments\n - Group-based PIM Assignments\n - PIM Alerts and Audit History\n - Discovery of Unmanaged Resources\n\nAll endpoints are served from `api.azrbac.mspim.azure.com` and require a valid\nAzure AD bearer token with PIM-related permissions.\n\n**Note:** This specification was generated through browser traffic analysis of the\nEntra portal. Some endpoints may require specific PIM licensing (Entra ID P2/Governance).\nEndpoints returning 403 indicate insufficient permissions; 404 may indicate the feature\nis not enabled for the tenant.\n\n\nContact Support:\n Name: nodoc", "type": "text/plain" } } }