azure.graphrbac.models module¶
-
class
azure.graphrbac.models.
GraphError
(code=None, message=None)[source]¶ Bases:
msrest.serialization.Model
Active Directory error information.
- Parameters
code (str) – Error code.
message (str) – Error message value.
-
exception
azure.graphrbac.models.
GraphErrorException
(deserialize, response, *args)[source]¶ Bases:
msrest.exceptions.HttpOperationError
Server responsed with exception of type: ‘GraphError’.
- Parameters
deserialize – A deserializer
response – Server response to be deserialized.
-
class
azure.graphrbac.models.
DirectoryObject
(additional_properties=None)[source]¶ Bases:
msrest.serialization.Model
Represents an Azure Active Directory object.
You probably want to use the sub-classes and not this class directly. Known sub-classes are: Application, ADGroup, ServicePrincipal, User
Variables are only populated by the server, and will be ignored when sending a request.
- Parameters
additional_properties (dict[str, object]) – Unmatched properties from the message are deserialized this collection
object_type (str) – Constant filled by server.
- Variables
object_id (str) – The object ID.
deletion_timestamp (datetime) – The time at which the directory object was deleted.
-
class
azure.graphrbac.models.
KeyCredential
(additional_properties=None, start_date=None, end_date=None, value=None, key_id=None, usage=None, type=None)[source]¶ Bases:
msrest.serialization.Model
Active Directory Key Credential information.
- Parameters
additional_properties (dict[str, object]) – Unmatched properties from the message are deserialized this collection
start_date (datetime) – Start date.
end_date (datetime) – End date.
value (str) – Key value.
key_id (str) – Key ID.
usage (str) – Usage. Acceptable values are ‘Verify’ and ‘Sign’.
type (str) – Type. Acceptable values are ‘AsymmetricX509Cert’ and ‘Symmetric’.
-
class
azure.graphrbac.models.
PasswordCredential
(additional_properties=None, start_date=None, end_date=None, key_id=None, value=None)[source]¶ Bases:
msrest.serialization.Model
Active Directory Password Credential information.
- Parameters
additional_properties (dict[str, object]) – Unmatched properties from the message are deserialized this collection
start_date (datetime) – Start date.
end_date (datetime) – End date.
key_id (str) – Key ID.
value (str) – Key value.
-
class
azure.graphrbac.models.
ResourceAccess
(id, additional_properties=None, type=None)[source]¶ Bases:
msrest.serialization.Model
Specifies an OAuth 2.0 permission scope or an app role that an application requires. The resourceAccess property of the RequiredResourceAccess type is a collection of ResourceAccess.
- Parameters
additional_properties (dict[str, object]) – Unmatched properties from the message are deserialized this collection
id (str) – The unique identifier for one of the OAuth2Permission or AppRole instances that the resource application exposes.
type (str) – Specifies whether the id property references an OAuth2Permission or an AppRole. Possible values are “scope” or “role”.
-
class
azure.graphrbac.models.
RequiredResourceAccess
(resource_access, additional_properties=None, resource_app_id=None)[source]¶ Bases:
msrest.serialization.Model
Specifies the set of OAuth 2.0 permission scopes and app roles under the specified resource that an application requires access to. The specified OAuth 2.0 permission scopes may be requested by client applications (through the requiredResourceAccess collection) when calling a resource application. The requiredResourceAccess property of the Application entity is a collection of ReqiredResourceAccess.
- Parameters
additional_properties (dict[str, object]) – Unmatched properties from the message are deserialized this collection
resource_access (list[ResourceAccess]) – The list of OAuth2.0 permission scopes and app roles that the application requires from the specified resource.
resource_app_id (str) – The unique identifier for the resource that the application requires access to. This should be equal to the appId declared on the target resource application.
-
class
azure.graphrbac.models.
ApplicationCreateParameters
(available_to_other_tenants, display_name, identifier_uris, additional_properties=None, homepage=None, reply_urls=None, key_credentials=None, password_credentials=None, oauth2_allow_implicit_flow=None, required_resource_access=None)[source]¶ Bases:
msrest.serialization.Model
Request parameters for creating a new application.
- Parameters
additional_properties (dict[str, object]) – Unmatched properties from the message are deserialized this collection
available_to_other_tenants (bool) – Whether the application is available to other tenants.
display_name (str) – The display name of the application.
homepage (str) – The home page of the application.
identifier_uris (list[str]) – A collection of URIs for the application.
reply_urls (list[str]) – A collection of reply URLs for the application.
key_credentials (list[KeyCredential]) – The list of KeyCredential objects.
password_credentials (list[PasswordCredential]) – The list of PasswordCredential objects.
oauth2_allow_implicit_flow (bool) – Whether to allow implicit grant flow for OAuth2
required_resource_access (list[RequiredResourceAccess]) – Specifies resources that this application requires access to and the set of OAuth permission scopes and application roles that it needs under each of those resources. This pre-configuration of required resource access drives the consent experience.
-
class
azure.graphrbac.models.
ApplicationUpdateParameters
(additional_properties=None, available_to_other_tenants=None, display_name=None, homepage=None, identifier_uris=None, reply_urls=None, key_credentials=None, password_credentials=None, oauth2_allow_implicit_flow=None, required_resource_access=None)[source]¶ Bases:
msrest.serialization.Model
Request parameters for updating an existing application.
- Parameters
additional_properties (dict[str, object]) – Unmatched properties from the message are deserialized this collection
available_to_other_tenants (bool) – Whether the application is available to other tenants
display_name (str) – The display name of the application.
homepage (str) – The home page of the application.
identifier_uris (list[str]) – A collection of URIs for the application.
reply_urls (list[str]) – A collection of reply URLs for the application.
key_credentials (list[KeyCredential]) – The list of KeyCredential objects.
password_credentials (list[PasswordCredential]) – The list of PasswordCredential objects.
oauth2_allow_implicit_flow (bool) – Whether to allow implicit grant flow for OAuth2
required_resource_access (list[RequiredResourceAccess]) – Specifies resources that this application requires access to and the set of OAuth permission scopes and application roles that it needs under each of those resources. This pre-configuration of required resource access drives the consent experience.
-
class
azure.graphrbac.models.
Application
(additional_properties=None, app_id=None, app_permissions=None, available_to_other_tenants=None, display_name=None, identifier_uris=None, reply_urls=None, homepage=None, oauth2_allow_implicit_flow=None)[source]¶ Bases:
azure.graphrbac.models.directory_object.DirectoryObject
Active Directory application information.
Variables are only populated by the server, and will be ignored when sending a request.
- Parameters
additional_properties (dict[str, object]) – Unmatched properties from the message are deserialized this collection
object_type (str) – Constant filled by server.
app_id (str) – The application ID.
app_permissions (list[str]) – The application permissions.
available_to_other_tenants (bool) – Whether the application is be available to other tenants.
display_name (str) – The display name of the application.
identifier_uris (list[str]) – A collection of URIs for the application.
reply_urls (list[str]) – A collection of reply URLs for the application.
homepage (str) – The home page of the application.
oauth2_allow_implicit_flow (bool) – Whether to allow implicit grant flow for OAuth2
- Variables
object_id (str) – The object ID.
deletion_timestamp (datetime) – The time at which the directory object was deleted.
-
class
azure.graphrbac.models.
ApplicationAddOwnerParameters
(url, additional_properties=None)[source]¶ Bases:
msrest.serialization.Model
Request parameters for adding a owner to an application.
- Parameters
additional_properties (dict[str, object]) – Unmatched properties from the message are deserialized this collection
url (str) – A owner object URL, such as “https://graph.windows.net/0b1f9851-1bf0-433f-aec3-cb9272f093dc/directoryObjects/f260bbc4-c254-447b-94cf-293b5ec434dd”, where “0b1f9851-1bf0-433f-aec3-cb9272f093dc” is the tenantId and “f260bbc4-c254-447b-94cf-293b5ec434dd” is the objectId of the owner (user, application, servicePrincipal, group) to be added.
-
class
azure.graphrbac.models.
KeyCredentialsUpdateParameters
(value)[source]¶ Bases:
msrest.serialization.Model
Request parameters for a KeyCredentials update operation.
- Parameters
value (list[KeyCredential]) – A collection of KeyCredentials.
-
class
azure.graphrbac.models.
PasswordCredentialsUpdateParameters
(value)[source]¶ Bases:
msrest.serialization.Model
Request parameters for a PasswordCredentials update operation.
- Parameters
value (list[PasswordCredential]) – A collection of PasswordCredentials.
-
class
azure.graphrbac.models.
AADObject
(additional_properties=None, object_id=None, object_type=None, display_name=None, user_principal_name=None, mail=None, mail_enabled=None, security_enabled=None, sign_in_name=None, service_principal_names=None, user_type=None)[source]¶ Bases:
msrest.serialization.Model
The properties of an Active Directory object.
Variables are only populated by the server, and will be ignored when sending a request.
- Parameters
additional_properties (dict[str, object]) – Unmatched properties from the message are deserialized this collection
object_id (str) – The ID of the object.
object_type (str) – The type of AAD object.
display_name (str) – The display name of the object.
user_principal_name (str) – The principal name of the object.
mail (str) – The primary email address of the object.
mail_enabled (bool) – Whether the AAD object is mail-enabled.
security_enabled (bool) – Whether the AAD object is security-enabled.
sign_in_name (str) – The sign-in name of the object.
service_principal_names (list[str]) – A collection of service principal names associated with the object.
user_type (str) – The user type of the object.
- Variables
mail_nickname (str) – The mail alias for the user.
usage_location (str) – A two letter country code (ISO standard 3166). Required for users that will be assigned licenses due to legal requirement to check for availability of services in countries. Examples include: “US”, “JP”, and “GB”.
app_id (str) – The application ID.
app_permissions (list[str]) – The application permissions.
available_to_other_tenants (bool) – Whether the application is be available to other tenants.
identifier_uris (list[str]) – A collection of URIs for the application.
reply_urls (list[str]) – A collection of reply URLs for the application.
homepage (str) – The home page of the application.
-
class
azure.graphrbac.models.
GroupAddMemberParameters
(url, additional_properties=None)[source]¶ Bases:
msrest.serialization.Model
Request parameters for adding a member to a group.
- Parameters
additional_properties (dict[str, object]) – Unmatched properties from the message are deserialized this collection
url (str) – A member object URL, such as “https://graph.windows.net/0b1f9851-1bf0-433f-aec3-cb9272f093dc/directoryObjects/f260bbc4-c254-447b-94cf-293b5ec434dd”, where “0b1f9851-1bf0-433f-aec3-cb9272f093dc” is the tenantId and “f260bbc4-c254-447b-94cf-293b5ec434dd” is the objectId of the member (user, application, servicePrincipal, group) to be added.
-
class
azure.graphrbac.models.
GroupCreateParameters
(display_name, mail_nickname, additional_properties=None)[source]¶ Bases:
msrest.serialization.Model
Request parameters for creating a new group.
Variables are only populated by the server, and will be ignored when sending a request.
- Parameters
additional_properties (dict[str, object]) – Unmatched properties from the message are deserialized this collection
display_name (str) – Group display name
mail_nickname (str) – Mail nickname
- Variables
mail_enabled (bool) – Whether the group is mail-enabled. Must be false. This is because only pure security groups can be created using the Graph API. Default value: False .
security_enabled (bool) – Whether the group is a security group. Must be true. This is because only pure security groups can be created using the Graph API. Default value: True .
-
mail_enabled
= False¶
-
security_enabled
= True¶
-
class
azure.graphrbac.models.
ADGroup
(additional_properties=None, display_name=None, security_enabled=None, mail=None)[source]¶ Bases:
azure.graphrbac.models.directory_object.DirectoryObject
Active Directory group information.
Variables are only populated by the server, and will be ignored when sending a request.
- Parameters
additional_properties (dict[str, object]) – Unmatched properties from the message are deserialized this collection
object_type (str) – Constant filled by server.
display_name (str) – The display name of the group.
security_enabled (bool) – Whether the group is security-enable.
mail (str) – The primary email address of the group.
- Variables
object_id (str) – The object ID.
deletion_timestamp (datetime) – The time at which the directory object was deleted.
-
class
azure.graphrbac.models.
GroupGetMemberGroupsParameters
(security_enabled_only, additional_properties=None)[source]¶ Bases:
msrest.serialization.Model
Request parameters for GetMemberGroups API call.
- Parameters
additional_properties (dict[str, object]) – Unmatched properties from the message are deserialized this collection
security_enabled_only (bool) – If true, only membership in security-enabled groups should be checked. Otherwise, membership in all groups should be checked.
-
class
azure.graphrbac.models.
CheckGroupMembershipParameters
(group_id, member_id, additional_properties=None)[source]¶ Bases:
msrest.serialization.Model
Request parameters for IsMemberOf API call.
- Parameters
additional_properties (dict[str, object]) – Unmatched properties from the message are deserialized this collection
group_id (str) – The object ID of the group to check.
member_id (str) – The object ID of the contact, group, user, or service principal to check for membership in the specified group.
-
class
azure.graphrbac.models.
CheckGroupMembershipResult
(additional_properties=None, value=None)[source]¶ Bases:
msrest.serialization.Model
Server response for IsMemberOf API call.
- Parameters
additional_properties (dict[str, object]) – Unmatched properties from the message are deserialized this collection
value (bool) – True if the specified user, group, contact, or service principal has either direct or transitive membership in the specified group; otherwise, false.
-
class
azure.graphrbac.models.
ServicePrincipalCreateParameters
(app_id, account_enabled, additional_properties=None, key_credentials=None, password_credentials=None)[source]¶ Bases:
msrest.serialization.Model
Request parameters for creating a new service principal.
- Parameters
additional_properties (dict[str, object]) – Unmatched properties from the message are deserialized this collection
app_id (str) – application Id
account_enabled (bool) – Whether the account is enabled
key_credentials (list[KeyCredential]) – A collection of KeyCredential objects.
password_credentials (list[PasswordCredential]) – A collection of PasswordCredential objects
-
class
azure.graphrbac.models.
ServicePrincipal
(additional_properties=None, display_name=None, app_id=None, service_principal_names=None)[source]¶ Bases:
azure.graphrbac.models.directory_object.DirectoryObject
Active Directory service principal information.
Variables are only populated by the server, and will be ignored when sending a request.
- Parameters
additional_properties (dict[str, object]) – Unmatched properties from the message are deserialized this collection
object_type (str) – Constant filled by server.
display_name (str) – The display name of the service principal.
app_id (str) – The application ID.
service_principal_names (list[str]) – A collection of service principal names.
- Variables
object_id (str) – The object ID.
deletion_timestamp (datetime) – The time at which the directory object was deleted.
-
class
azure.graphrbac.models.
PasswordProfile
(password, additional_properties=None, force_change_password_next_login=None)[source]¶ Bases:
msrest.serialization.Model
The password profile associated with a user.
- Parameters
additional_properties (dict[str, object]) – Unmatched properties from the message are deserialized this collection
password (str) – Password
force_change_password_next_login (bool) – Whether to force a password change on next login.
-
class
azure.graphrbac.models.
UserBase
(additional_properties=None, immutable_id=None, usage_location=None, given_name=None, surname=None, user_type=None)[source]¶ Bases:
msrest.serialization.Model
UserBase.
- Parameters
additional_properties (dict[str, object]) – Unmatched properties from the message are deserialized this collection
immutable_id (str) – This must be specified if you are using a federated domain for the user’s userPrincipalName (UPN) property when creating a new user account. It is used to associate an on-premises Active Directory user account with their Azure AD user object.
usage_location (str) – A two letter country code (ISO standard 3166). Required for users that will be assigned licenses due to legal requirement to check for availability of services in countries. Examples include: “US”, “JP”, and “GB”.
given_name (str) – The given name for the user.
surname (str) – The user’s surname (family name or last name).
user_type (str or UserType) – A string value that can be used to classify user types in your directory, such as ‘Member’ and ‘Guest’. Possible values include: ‘Member’, ‘Guest’
-
class
azure.graphrbac.models.
UserCreateParameters
(account_enabled, display_name, password_profile, user_principal_name, mail_nickname, additional_properties=None, immutable_id=None, usage_location=None, given_name=None, surname=None, user_type=None, mail=None)[source]¶ Bases:
azure.graphrbac.models.user_base.UserBase
Request parameters for creating a new work or school account user.
- Parameters
additional_properties (dict[str, object]) – Unmatched properties from the message are deserialized this collection
immutable_id (str) – This must be specified if you are using a federated domain for the user’s userPrincipalName (UPN) property when creating a new user account. It is used to associate an on-premises Active Directory user account with their Azure AD user object.
usage_location (str) – A two letter country code (ISO standard 3166). Required for users that will be assigned licenses due to legal requirement to check for availability of services in countries. Examples include: “US”, “JP”, and “GB”.
given_name (str) – The given name for the user.
surname (str) – The user’s surname (family name or last name).
user_type (str or UserType) – A string value that can be used to classify user types in your directory, such as ‘Member’ and ‘Guest’. Possible values include: ‘Member’, ‘Guest’
account_enabled (bool) – Whether the account is enabled.
display_name (str) – The display name of the user.
password_profile (PasswordProfile) – Password Profile
user_principal_name (str) – The user principal name (someuser@contoso.com). It must contain one of the verified domains for the tenant.
mail_nickname (str) – The mail alias for the user.
mail (str) – The primary email address of the user.
-
class
azure.graphrbac.models.
UserUpdateParameters
(additional_properties=None, immutable_id=None, usage_location=None, given_name=None, surname=None, user_type=None, account_enabled=None, display_name=None, password_profile=None, user_principal_name=None, mail_nickname=None)[source]¶ Bases:
azure.graphrbac.models.user_base.UserBase
Request parameters for updating an existing work or school account user.
- Parameters
additional_properties (dict[str, object]) – Unmatched properties from the message are deserialized this collection
immutable_id (str) – This must be specified if you are using a federated domain for the user’s userPrincipalName (UPN) property when creating a new user account. It is used to associate an on-premises Active Directory user account with their Azure AD user object.
usage_location (str) – A two letter country code (ISO standard 3166). Required for users that will be assigned licenses due to legal requirement to check for availability of services in countries. Examples include: “US”, “JP”, and “GB”.
given_name (str) – The given name for the user.
surname (str) – The user’s surname (family name or last name).
user_type (str or UserType) – A string value that can be used to classify user types in your directory, such as ‘Member’ and ‘Guest’. Possible values include: ‘Member’, ‘Guest’
account_enabled (bool) – Whether the account is enabled.
display_name (str) – The display name of the user.
password_profile (PasswordProfile) – The password profile of the user.
user_principal_name (str) – The user principal name (someuser@contoso.com). It must contain one of the verified domains for the tenant.
mail_nickname (str) – The mail alias for the user.
-
class
azure.graphrbac.models.
SignInName
(additional_properties=None, type=None, value=None)[source]¶ Bases:
msrest.serialization.Model
Contains information about a sign-in name of a local account user in an Azure Active Directory B2C tenant.
- Parameters
additional_properties (dict[str, object]) – Unmatched properties from the message are deserialized this collection
type (str) – A string value that can be used to classify user sign-in types in your directory, such as ‘emailAddress’ or ‘userName’.
value (str) – The sign-in used by the local account. Must be unique across the company/tenant. For example, ‘johnc@example.com’.
-
class
azure.graphrbac.models.
User
(additional_properties=None, immutable_id=None, usage_location=None, given_name=None, surname=None, user_type=None, account_enabled=None, display_name=None, user_principal_name=None, mail_nickname=None, mail=None, sign_in_names=None)[source]¶ Bases:
azure.graphrbac.models.directory_object.DirectoryObject
Active Directory user information.
Variables are only populated by the server, and will be ignored when sending a request.
- Parameters
additional_properties (dict[str, object]) – Unmatched properties from the message are deserialized this collection
object_type (str) – Constant filled by server.
immutable_id (str) – This must be specified if you are using a federated domain for the user’s userPrincipalName (UPN) property when creating a new user account. It is used to associate an on-premises Active Directory user account with their Azure AD user object.
usage_location (str) – A two letter country code (ISO standard 3166). Required for users that will be assigned licenses due to legal requirement to check for availability of services in countries. Examples include: “US”, “JP”, and “GB”.
given_name (str) – The given name for the user.
surname (str) – The user’s surname (family name or last name).
user_type (str or UserType) – A string value that can be used to classify user types in your directory, such as ‘Member’ and ‘Guest’. Possible values include: ‘Member’, ‘Guest’
account_enabled (bool) – Whether the account is enabled.
display_name (str) – The display name of the user.
user_principal_name (str) – The principal name of the user.
mail_nickname (str) – The mail alias for the user.
mail (str) – The primary email address of the user.
sign_in_names (list[SignInName]) – The sign-in names of the user.
- Variables
object_id (str) – The object ID.
deletion_timestamp (datetime) – The time at which the directory object was deleted.
-
class
azure.graphrbac.models.
UserGetMemberGroupsParameters
(security_enabled_only, additional_properties=None)[source]¶ Bases:
msrest.serialization.Model
Request parameters for GetMemberGroups API call.
- Parameters
additional_properties (dict[str, object]) – Unmatched properties from the message are deserialized this collection
security_enabled_only (bool) – If true, only membership in security-enabled groups should be checked. Otherwise, membership in all groups should be checked.
-
class
azure.graphrbac.models.
GetObjectsParameters
(include_directory_object_references, additional_properties=None, object_ids=None, types=None)[source]¶ Bases:
msrest.serialization.Model
Request parameters for the GetObjectsByObjectIds API.
- Parameters
additional_properties (dict[str, object]) – Unmatched properties from the message are deserialized this collection
object_ids (list[str]) – The requested object IDs.
types (list[str]) – The requested object types.
include_directory_object_references (bool) – If true, also searches for object IDs in the partner tenant.
-
class
azure.graphrbac.models.
Domain
(name, additional_properties=None)[source]¶ Bases:
msrest.serialization.Model
Active Directory Domain information.
Variables are only populated by the server, and will be ignored when sending a request.
- Parameters
additional_properties (dict[str, object]) – Unmatched properties from the message are deserialized this collection
name (str) – the domain name.
- Variables
authentication_type (str) – the type of the authentication into the domain.
is_default (bool) – if this is the default domain in the tenant.
is_verified (bool) – if this domain’s ownership is verified.
-
class
azure.graphrbac.models.
AADObjectPaged
(*args, **kwargs)[source]¶ Bases:
msrest.paging.Paged
A paging container for iterating over a list of
AADObject
objectBring async to Paging.
“async_command” is mandatory keyword argument for this mixin to work.
-
class
azure.graphrbac.models.
ApplicationPaged
(*args, **kwargs)[source]¶ Bases:
msrest.paging.Paged
A paging container for iterating over a list of
Application
objectBring async to Paging.
“async_command” is mandatory keyword argument for this mixin to work.
-
class
azure.graphrbac.models.
DirectoryObjectPaged
(*args, **kwargs)[source]¶ Bases:
msrest.paging.Paged
A paging container for iterating over a list of
DirectoryObject
objectBring async to Paging.
“async_command” is mandatory keyword argument for this mixin to work.
-
class
azure.graphrbac.models.
KeyCredentialPaged
(*args, **kwargs)[source]¶ Bases:
msrest.paging.Paged
A paging container for iterating over a list of
KeyCredential
objectBring async to Paging.
“async_command” is mandatory keyword argument for this mixin to work.
-
class
azure.graphrbac.models.
PasswordCredentialPaged
(*args, **kwargs)[source]¶ Bases:
msrest.paging.Paged
A paging container for iterating over a list of
PasswordCredential
objectBring async to Paging.
“async_command” is mandatory keyword argument for this mixin to work.
-
class
azure.graphrbac.models.
ADGroupPaged
(*args, **kwargs)[source]¶ Bases:
msrest.paging.Paged
A paging container for iterating over a list of
ADGroup
objectBring async to Paging.
“async_command” is mandatory keyword argument for this mixin to work.
-
class
azure.graphrbac.models.
StrPaged
(*args, **kwargs)[source]¶ Bases:
msrest.paging.Paged
A paging container for iterating over a list of str object
Bring async to Paging.
“async_command” is mandatory keyword argument for this mixin to work.
-
class
azure.graphrbac.models.
ServicePrincipalPaged
(*args, **kwargs)[source]¶ Bases:
msrest.paging.Paged
A paging container for iterating over a list of
ServicePrincipal
objectBring async to Paging.
“async_command” is mandatory keyword argument for this mixin to work.
-
class
azure.graphrbac.models.
UserPaged
(*args, **kwargs)[source]¶ Bases:
msrest.paging.Paged
A paging container for iterating over a list of
User
objectBring async to Paging.
“async_command” is mandatory keyword argument for this mixin to work.