Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Get-MgIdentityGovernancePrivilegedAccessGroupEligibilityScheduleRequest..... -All and -Top don't Return Results #2580

Open
rpstester opened this issue Feb 9, 2024 · 1 comment
Open

Get-MgIdentityGovernancePrivilegedAccessGroupEligibilityScheduleRequest..... -All and -Top don't Return Results #2580

rpstester opened this issue Feb 9, 2024 · 1 comment
Labels
Status: Needs Investigation

Comments

@rpstester
Copy link

Describe the bug
When I run Get-MgIdentityGovernancePrivilegedAccessGroupEligibilityScheduleRequest with either -All or -Top 1, I get no results. If instead I use a filter, like Get-MgIdentityGovernancePrivilegedAccessGroupEligibilityScheduleRequest -Filter "groupId eq '$myGroupID' and principalId eq '$myPrincipalId'"
Then I get a result. Thus, I conclude that -All and -Top are broken in that they are not returning any results.

To Reproduce
Steps to reproduce the behavior:

  1. Create an Entra ID group and enable it for PIM
  2. Make an Eligible Assignment for a user or group on your PIM group
  3. Start PowerShell and Connect-MgGraph
  4. Run Get-MgIdentityGovernancePrivilegedAccessGroupEligibilityScheduleRequest -Filter "groupId eq '$myGroupID' and principalId eq '$myPrincipalId'" but fill in the variables with the IDs in your reproduction; it will return the assignment you just made.
  5. Run Get-MgIdentityGovernancePrivilegedAccessGroupEligibilityScheduleRequest -All or Get-MgIdentityGovernancePrivilegedAccessGroupEligibilityScheduleRequest -Top 1; it will return nothing

Expected behavior
I expect Get-MgIdentityGovernancePrivilegedAccessGroupEligibilityScheduleRequest -All to return every eligibility assignment that the current user can access. If I can see it with a filter, then I should be able to see it without a filter.

Debug Output
Get-MgIdentityGovernancePrivilegedAccessGroupEligibilityScheduleRequest -Debug
DEBUG: [CmdletBeginProcessing]: - Get-MgIdentityGovernancePrivilegedAccessGroupEligibilityScheduleRequest begin processing with parameterSet 'List'.
DEBUG: [Authentication]: - AuthType: 'Delegated', TokenCredentialType: 'InteractiveBrowser', ContextScope: 'CurrentUser', AppName: 'Microsoft Graph Command Line Tools'.
DEBUG: [Authentication]: - Scopes: [AdministrativeUnit.Read.All, AdministrativeUnit.ReadWrite.All, Directory.Read.All, Group.Read.All, Group.ReadWrite.All, openid, PrivilegedAccess.ReadWrite.AzureADGroup, PrivilegedAssignmentSchedule.ReadWrite.AzureADGroup, profile, RoleAssignmentSchedule.ReadWrite.Directory, RoleEligibilitySchedule.ReadWrite.Directory, RoleManagement.ReadWrite.Directory, User.Read, User.Read.All, User.ReadWrite.All, email].
DEBUG: ============================ HTTP REQUEST ============================

HTTP Method:
GET

Absolute Uri:
https://graph.microsoft.com/v1.0/identityGovernance/privilegedAccess/group/eligibilityScheduleRequests

Headers:
FeatureFlag : 00000043
Cache-Control : no-store, no-cache
User-Agent : Mozilla/5.0,(Windows NT 10.0; Microsoft Windows 10.0.19045; en-US),PowerShell/2024.0.0
Accept-Encoding : gzip
SdkVersion : graph-powershell/2.13.1
client-request-id : edec2145-6125-49d5-8cc0-1ec85e6705b3

Body:

DEBUG: ============================ HTTP RESPONSE ============================

Status Code:
OK

Headers:
Cache-Control : private
Vary : Accept-Encoding
Strict-Transport-Security : max-age=31536000
request-id : 34c4fa8b-b334-46b5-8865-c5ad81c14af1
client-request-id : edec2145-6125-49d5-8cc0-1ec85e6705b3
x-ms-ags-diagnostic : {"ServerInfo":{"DataCenter":"North Central US","Slice":"E","Ring":"3","ScaleUnit":"000","RoleInstance":"CH01EPF0002F35D"}}
odata-version : 4.0
Date : Fri, 09 Feb 2024 20:50:54 GMT

Body:
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#identityGovernance/privilegedAccess/group/eligibilityScheduleRequests",
"value": []
}

DEBUG: [CmdletEndProcessing]: - Get-MgIdentityGovernancePrivilegedAccessGroupEligibilityScheduleRequest end processing.

Module Version
ModuleType Version Name prerelease
Script 2.13.1 Microsoft.Graph.Authentication
Script 2.13.1 Microsoft.Graph.Beta.Identity.Governance
Script 2.13.1 Microsoft.Graph.DirectoryObjects
Script 2.13.1 Microsoft.Graph.Groups
Script 2.13.1 Microsoft.Graph.Identity.Governance
Script 2.13.1 Microsoft.Graph.Users

Environment Data
Name Value
PSVersion 7.4.1
PSEdition Core
GitCommitId 7.4.1
OS Microsoft Windows 10.0.19045
Platform Win32NT
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
WSManStackVersion 3.0
This was referenced Feb 10, 2025
Closed
Closed
@mlibenocg
Copy link

Re: Get-MgIdentityGovernanceLifecycleWorkflow, some workflows are not returned even when specified by -WorkflowID or filtered by DisplayName or Type.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Status: Needs Investigation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@timayabi2020 @rpstester @mlibenocg