在 Azure AD 权利管理中批准或拒绝访问请求Approve or deny access requests in Azure AD entitlement management

可以使用 Azure AD 权利管理来配置策略,要求对访问包进行审批,并选择一个或多个审批者。With Azure AD entitlement management, you can configure policies to require approval for access packages, and choose one or more approvers. 本文介绍指定的审批者如何批准或拒绝针对访问包的请求。This article describes how designated approvers can approve or deny requests for access packages.

打开请求Open request

若要批准或拒绝访问请求,第一步是找到并打开待审批的访问请求。The first step to approve or deny access requests is to find and open the access request pending approval. 可通过两种方式打开访问请求。There are two ways to open the access request.

必备角色: 审批者Prerequisite role: Approver

  1. 找到要求你批准或拒绝请求的 Azure 电子邮件。Look for an email from Azure that asks you to approve or deny a request. 以下是示例电子邮件:Here is an example email:

    批准对访问包的请求的电子邮件

  2. 单击“批准或拒绝请求”链接,打开访问请求。Click the Approve or deny request link to open the access request.

  3. 登录到“我的访问权限”门户。Sign in to the My Access portal.

如果没有电子邮件,可以通过以下步骤来查找待审批的访问请求。If you don't have the email, you can find the access requests pending your approval by following these steps.

  1. https://myaccess.microsoft.com 登录到“我的访问权限”门户。Sign in to the My Access portal at https://myaccess.microsoft.com.

  2. 在左侧菜单中,单击“审批”即可看到待审批的访问请求列表。In the left menu, click Approvals to see a list of access requests pending approval.

  3. 在“等待处理”选项卡上找到请求。On the Pending tab, find the request.

查看请求者的问题答案(预览版)View requestor's answers to questions (Preview)

  1. 导航到“我的访问权限”中的“审批”选项卡。Navigate to the Approvals tab in My Access.

  2. 转到要审批的请求,然后单击“详细信息”。Go to the request you'd like to approve and click details. 如果已准备好做决定,也可以单击“批准”或“拒绝”。You can also click Approve or Deny if you are ready to make a decision.

  3. 单击“请求详细信息”。Click on Request details.

    “我的访问权限”门户 - 访问请求 - 单击“请求详细信息”

  4. 请求者提供的信息将位于面板的底部。The information provided by the requestor will be at the bottom of the panel.

    我的访问权限门户 - 访问请求

  5. 你可以随后根据请求者提供的信息批准或拒绝该请求。Based on the information the requestor provided, you can then approve or deny the request. 请参阅“批准或拒绝请求”中的步骤以获得指导。See the steps in Approve or deny request for guidance.

批准或拒绝请求Approve or deny request

打开待审批的访问请求以后,即可查看详细信息,这些信息有助于你进行批准或拒绝决策。After you open an access request pending approval, you can see details that will help you make an approve or deny decision.

必备角色: 审批者Prerequisite role: Approver

  1. 单击“查看”链接打开“访问请求”窗格。Click the View link to open the Access request pane.

  2. 单击“详细信息”,查看有关访问请求的详细信息。Click Details to see details about the access request.

    详细信息包括用户的姓名、组织、访问开始和结束日期(如果已提供)、业务理由、提交请求时间以及请求过期时间。The details include the user's name, organization, access start and end date if provided, business justification, when the request was submitted, and when the request will expire.

  3. 单击“批准”或“拒绝”。 Click Approve or Deny.

  4. 必要时输入原因。If necessary, enter a reason.

    我的访问权限门户 - 访问请求

  5. 单击“提交”以提交所做的决定。Click Submit to submit your decision.

    如果为某个策略配置了多个审批者,则只有一个审批者需要进行审批决策。If a policy is configured with multiple approvers, only one approver needs to make a decision about the pending approval. 在某个审批者提交其访问请求决策以后,就完成了该请求,该请求不再可供其他审批者来审批。After an approver has submitted their decision to the access request, the request is completed and is no longer available for the other approvers to approve or deny the request. 其他审批者可以在“我的访问权限”门户中查看请求决策和决策者。The other approvers can see the request decision and the decision maker in their My Access portal. 目前仅支持单阶段审批。At this time, only single-stage approval is supported.

    如果配置的审批者都无法审批或拒绝访问请求,则在配置的请求期限过后,请求会到期。If none of the configured approvers are able to approve or deny the access request, the request expires after the configured request duration. 系统会通知用户,告知其访问请求已过期,需重新提交访问请求。The user gets notified that their access request has expired and that they need to resubmit the access request.

后续步骤Next steps