azure.graphrbac.models module

exception azure.graphrbac.models.GraphErrorException(deserialize, response, *args)[source]

Bases: msrest.exceptions.HttpOperationError

Server responsed with exception of type: ‘GraphError’.

Parameters:
  • deserialize – A deserializer
  • response – Server response to be deserialized.
class azure.graphrbac.models.GraphError(*, code: str = None, message: str = None, **kwargs)[source]

Bases: msrest.serialization.Model

Active Directory error information.

Parameters:
  • code (str) – Error code.
  • message (str) – Error message value.
class azure.graphrbac.models.DirectoryObject(*, additional_properties=None, **kwargs)[source]

Bases: msrest.serialization.Model

Represents an Azure Active Directory object.

You probably want to use the sub-classes and not this class directly. Known sub-classes are: Application, ADGroup, ServicePrincipal, User

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Parameters:
  • additional_properties (dict[str, object]) – Unmatched properties from the message are deserialized this collection
  • object_type (str) – Required. Constant filled by server.
Variables:
  • object_id (str) – The object ID.
  • deletion_timestamp (datetime) – The time at which the directory object was deleted.
class azure.graphrbac.models.KeyCredential(*, additional_properties=None, start_date=None, end_date=None, value: str = None, key_id: str = None, usage: str = None, type: str = None, custom_key_identifier: bytearray = None, **kwargs)[source]

Bases: msrest.serialization.Model

Active Directory Key Credential information.

Parameters:
  • additional_properties (dict[str, object]) – Unmatched properties from the message are deserialized this collection
  • start_date (datetime) – Start date.
  • end_date (datetime) – End date.
  • value (str) – Key value.
  • key_id (str) – Key ID.
  • usage (str) – Usage. Acceptable values are ‘Verify’ and ‘Sign’.
  • type (str) – Type. Acceptable values are ‘AsymmetricX509Cert’ and ‘Symmetric’.
  • custom_key_identifier (bytearray) – Custom Key Identifier
class azure.graphrbac.models.PasswordCredential(*, additional_properties=None, start_date=None, end_date=None, key_id: str = None, value: str = None, **kwargs)[source]

Bases: msrest.serialization.Model

Active Directory Password Credential information.

Parameters:
  • additional_properties (dict[str, object]) – Unmatched properties from the message are deserialized this collection
  • start_date (datetime) – Start date.
  • end_date (datetime) – End date.
  • key_id (str) – Key ID.
  • value (str) – Key value.
class azure.graphrbac.models.ResourceAccess(*, id: str, additional_properties=None, type: str = None, **kwargs)[source]

Bases: msrest.serialization.Model

Specifies an OAuth 2.0 permission scope or an app role that an application requires. The resourceAccess property of the RequiredResourceAccess type is a collection of ResourceAccess.

All required parameters must be populated in order to send to Azure.

Parameters:
  • additional_properties (dict[str, object]) – Unmatched properties from the message are deserialized this collection
  • id (str) – Required. The unique identifier for one of the OAuth2Permission or AppRole instances that the resource application exposes.
  • type (str) – Specifies whether the id property references an OAuth2Permission or an AppRole. Possible values are “scope” or “role”.
class azure.graphrbac.models.RequiredResourceAccess(*, resource_access, additional_properties=None, resource_app_id: str = None, **kwargs)[source]

Bases: msrest.serialization.Model

Specifies the set of OAuth 2.0 permission scopes and app roles under the specified resource that an application requires access to. The specified OAuth 2.0 permission scopes may be requested by client applications (through the requiredResourceAccess collection) when calling a resource application. The requiredResourceAccess property of the Application entity is a collection of ReqiredResourceAccess.

All required parameters must be populated in order to send to Azure.

Parameters:
  • additional_properties (dict[str, object]) – Unmatched properties from the message are deserialized this collection
  • resource_access (list[ResourceAccess]) – Required. The list of OAuth2.0 permission scopes and app roles that the application requires from the specified resource.
  • resource_app_id (str) – The unique identifier for the resource that the application requires access to. This should be equal to the appId declared on the target resource application.
class azure.graphrbac.models.AppRole(*, id: str = None, allowed_member_types=None, description: str = None, display_name: str = None, is_enabled: bool = None, value: str = None, **kwargs)[source]

Bases: msrest.serialization.Model

AppRole.

Parameters:
  • id (str) – Unique role identifier inside the appRoles collection.
  • allowed_member_types (list[str]) – Specifies whether this app role definition can be assigned to users and groups by setting to ‘User’, or to other applications (that are accessing this application in daemon service scenarios) by setting to ‘Application’, or to both.
  • description (str) – Permission help text that appears in the admin app assignment and consent experiences.
  • display_name (str) – Display name for the permission that appears in the admin consent and app assignment experiences.
  • is_enabled (bool) – When creating or updating a role definition, this must be set to true (which is the default). To delete a role, this must first be set to false. At that point, in a subsequent call, this role may be removed.
  • value (str) – Specifies the value of the roles claim that the application should expect in the authentication and access tokens.
class azure.graphrbac.models.ApplicationCreateParameters(*, available_to_other_tenants: bool, display_name: str, identifier_uris, additional_properties=None, app_roles=None, homepage: str = None, reply_urls=None, key_credentials=None, password_credentials=None, oauth2_allow_implicit_flow: bool = None, required_resource_access=None, **kwargs)[source]

Bases: msrest.serialization.Model

Request parameters for creating a new application.

All required parameters must be populated in order to send to Azure.

Parameters:
  • additional_properties (dict[str, object]) – Unmatched properties from the message are deserialized this collection
  • app_roles (list[AppRole]) – The collection of application roles that an application may declare. These roles can be assigned to users, groups or service principals.
  • available_to_other_tenants (bool) – Required. Whether the application is available to other tenants.
  • display_name (str) – Required. The display name of the application.
  • homepage (str) – The home page of the application.
  • identifier_uris (list[str]) – Required. A collection of URIs for the application.
  • reply_urls (list[str]) – A collection of reply URLs for the application.
  • key_credentials (list[KeyCredential]) – The list of KeyCredential objects.
  • password_credentials (list[PasswordCredential]) – The list of PasswordCredential objects.
  • oauth2_allow_implicit_flow (bool) – Whether to allow implicit grant flow for OAuth2
  • required_resource_access (list[RequiredResourceAccess]) – Specifies resources that this application requires access to and the set of OAuth permission scopes and application roles that it needs under each of those resources. This pre-configuration of required resource access drives the consent experience.
class azure.graphrbac.models.ApplicationUpdateParameters(*, additional_properties=None, app_roles=None, available_to_other_tenants: bool = None, display_name: str = None, homepage: str = None, identifier_uris=None, reply_urls=None, key_credentials=None, password_credentials=None, oauth2_allow_implicit_flow: bool = None, required_resource_access=None, **kwargs)[source]

Bases: msrest.serialization.Model

Request parameters for updating an existing application.

Parameters:
  • additional_properties (dict[str, object]) – Unmatched properties from the message are deserialized this collection
  • app_roles (list[AppRole]) – The collection of application roles that an application may declare. These roles can be assigned to users, groups or service principals.
  • available_to_other_tenants (bool) – Whether the application is available to other tenants
  • display_name (str) – The display name of the application.
  • homepage (str) – The home page of the application.
  • identifier_uris (list[str]) – A collection of URIs for the application.
  • reply_urls (list[str]) – A collection of reply URLs for the application.
  • key_credentials (list[KeyCredential]) – The list of KeyCredential objects.
  • password_credentials (list[PasswordCredential]) – The list of PasswordCredential objects.
  • oauth2_allow_implicit_flow (bool) – Whether to allow implicit grant flow for OAuth2
  • required_resource_access (list[RequiredResourceAccess]) – Specifies resources that this application requires access to and the set of OAuth permission scopes and application roles that it needs under each of those resources. This pre-configuration of required resource access drives the consent experience.
class azure.graphrbac.models.Application(*, additional_properties=None, app_id: str = None, app_roles=None, app_permissions=None, available_to_other_tenants: bool = None, display_name: str = None, identifier_uris=None, reply_urls=None, homepage: str = None, oauth2_allow_implicit_flow: bool = None, required_resource_access=None, **kwargs)[source]

Bases: azure.graphrbac.models.directory_object_py3.DirectoryObject

Active Directory application information.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Parameters:
  • additional_properties (dict[str, object]) – Unmatched properties from the message are deserialized this collection
  • object_type (str) – Required. Constant filled by server.
  • app_id (str) – The application ID.
  • app_roles (list[AppRole]) – The collection of application roles that an application may declare. These roles can be assigned to users, groups or service principals.
  • app_permissions (list[str]) – The application permissions.
  • available_to_other_tenants (bool) – Whether the application is be available to other tenants.
  • display_name (str) – The display name of the application.
  • identifier_uris (list[str]) – A collection of URIs for the application.
  • reply_urls (list[str]) – A collection of reply URLs for the application.
  • homepage (str) – The home page of the application.
  • oauth2_allow_implicit_flow (bool) – Whether to allow implicit grant flow for OAuth2
  • required_resource_access (list[RequiredResourceAccess]) – Specifies resources that this application requires access to and the set of OAuth permission scopes and application roles that it needs under each of those resources. This pre-configuration of required resource access drives the consent experience.
Variables:
  • object_id (str) – The object ID.
  • deletion_timestamp (datetime) – The time at which the directory object was deleted.
class azure.graphrbac.models.AddOwnerParameters(*, url: str, additional_properties=None, **kwargs)[source]

Bases: msrest.serialization.Model

Request parameters for adding a owner to an application.

All required parameters must be populated in order to send to Azure.

Parameters:
class azure.graphrbac.models.KeyCredentialsUpdateParameters(*, value, **kwargs)[source]

Bases: msrest.serialization.Model

Request parameters for a KeyCredentials update operation.

All required parameters must be populated in order to send to Azure.

Parameters:value (list[KeyCredential]) – Required. A collection of KeyCredentials.
class azure.graphrbac.models.PasswordCredentialsUpdateParameters(*, value, **kwargs)[source]

Bases: msrest.serialization.Model

Request parameters for a PasswordCredentials update operation.

All required parameters must be populated in order to send to Azure.

Parameters:value (list[PasswordCredential]) – Required. A collection of PasswordCredentials.
class azure.graphrbac.models.GroupAddMemberParameters(*, url: str, additional_properties=None, **kwargs)[source]

Bases: msrest.serialization.Model

Request parameters for adding a member to a group.

All required parameters must be populated in order to send to Azure.

Parameters:
class azure.graphrbac.models.GroupCreateParameters(*, display_name: str, mail_nickname: str, additional_properties=None, **kwargs)[source]

Bases: msrest.serialization.Model

Request parameters for creating a new group.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Parameters:
  • additional_properties (dict[str, object]) – Unmatched properties from the message are deserialized this collection
  • display_name (str) – Required. Group display name
  • mail_nickname (str) – Required. Mail nickname
Variables:
  • mail_enabled (bool) – Required. Whether the group is mail-enabled. Must be false. This is because only pure security groups can be created using the Graph API. Default value: False .
  • security_enabled (bool) – Required. Whether the group is a security group. Must be true. This is because only pure security groups can be created using the Graph API. Default value: True .
mail_enabled = False
security_enabled = True
class azure.graphrbac.models.ADGroup(*, additional_properties=None, display_name: str = None, mail_enabled: bool = None, mail_nickname: str = None, security_enabled: bool = None, mail: str = None, **kwargs)[source]

Bases: azure.graphrbac.models.directory_object_py3.DirectoryObject

Active Directory group information.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Parameters:
  • additional_properties (dict[str, object]) – Unmatched properties from the message are deserialized this collection
  • object_type (str) – Required. Constant filled by server.
  • display_name (str) – The display name of the group.
  • mail_enabled (bool) – Whether the group is mail-enabled. Must be false. This is because only pure security groups can be created using the Graph API.
  • mail_nickname (str) – The mail alias for the group.
  • security_enabled (bool) – Whether the group is security-enable.
  • mail (str) – The primary email address of the group.
Variables:
  • object_id (str) – The object ID.
  • deletion_timestamp (datetime) – The time at which the directory object was deleted.
class azure.graphrbac.models.GroupGetMemberGroupsParameters(*, security_enabled_only: bool, additional_properties=None, **kwargs)[source]

Bases: msrest.serialization.Model

Request parameters for GetMemberGroups API call.

All required parameters must be populated in order to send to Azure.

Parameters:
  • additional_properties (dict[str, object]) – Unmatched properties from the message are deserialized this collection
  • security_enabled_only (bool) – Required. If true, only membership in security-enabled groups should be checked. Otherwise, membership in all groups should be checked.
class azure.graphrbac.models.CheckGroupMembershipParameters(*, group_id: str, member_id: str, additional_properties=None, **kwargs)[source]

Bases: msrest.serialization.Model

Request parameters for IsMemberOf API call.

All required parameters must be populated in order to send to Azure.

Parameters:
  • additional_properties (dict[str, object]) – Unmatched properties from the message are deserialized this collection
  • group_id (str) – Required. The object ID of the group to check.
  • member_id (str) – Required. The object ID of the contact, group, user, or service principal to check for membership in the specified group.
class azure.graphrbac.models.CheckGroupMembershipResult(*, additional_properties=None, value: bool = None, **kwargs)[source]

Bases: msrest.serialization.Model

Server response for IsMemberOf API call.

Parameters:
  • additional_properties (dict[str, object]) – Unmatched properties from the message are deserialized this collection
  • value (bool) – True if the specified user, group, contact, or service principal has either direct or transitive membership in the specified group; otherwise, false.
class azure.graphrbac.models.ServicePrincipalCreateParameters(*, app_id: str, additional_properties=None, account_enabled: bool = None, app_role_assignment_required: bool = None, display_name: str = None, error_url: str = None, homepage: str = None, key_credentials=None, password_credentials=None, publisher_name: str = None, reply_urls=None, saml_metadata_url: str = None, service_principal_names=None, tags=None, **kwargs)[source]

Bases: msrest.serialization.Model

Request parameters for creating a new service principal.

All required parameters must be populated in order to send to Azure.

Parameters:
  • additional_properties (dict[str, object]) – Unmatched properties from the message are deserialized this collection
  • account_enabled (bool) – Whether the account is enabled
  • app_id (str) – Required. application Id
  • app_role_assignment_required (bool) – Specifies whether an AppRoleAssignment to a user or group is required before Azure AD will issue a user or access token to the application.
  • display_name (str) – The display name for the service principal.
  • error_url (str) –
  • homepage (str) – The URL to the homepage of the associated application.
  • key_credentials (list[KeyCredential]) – A collection of KeyCredential objects.
  • password_credentials (list[PasswordCredential]) – A collection of PasswordCredential objects
  • publisher_name (str) – The display name of the tenant in which the associated application is specified.
  • reply_urls (list[str]) – A collection of reply URLs for the service principal.
  • saml_metadata_url (str) –
  • service_principal_names (list[str]) – A collection of service principal names.
  • tags (list[str]) –
class azure.graphrbac.models.ServicePrincipalUpdateParameters(*, additional_properties=None, account_enabled: bool = None, app_id: str = None, app_role_assignment_required: bool = None, display_name: str = None, error_url: str = None, homepage: str = None, key_credentials=None, password_credentials=None, publisher_name: str = None, reply_urls=None, saml_metadata_url: str = None, service_principal_names=None, tags=None, **kwargs)[source]

Bases: msrest.serialization.Model

Request parameters for creating a new service principal.

Parameters:
  • additional_properties (dict[str, object]) – Unmatched properties from the message are deserialized this collection
  • account_enabled (bool) – Whether the account is enabled
  • app_id (str) – application Id
  • app_role_assignment_required (bool) – Specifies whether an AppRoleAssignment to a user or group is required before Azure AD will issue a user or access token to the application.
  • display_name (str) – The display name for the service principal.
  • error_url (str) –
  • homepage (str) – The URL to the homepage of the associated application.
  • key_credentials (list[KeyCredential]) – A collection of KeyCredential objects.
  • password_credentials (list[PasswordCredential]) – A collection of PasswordCredential objects
  • publisher_name (str) – The display name of the tenant in which the associated application is specified.
  • reply_urls (list[str]) – A collection of reply URLs for the service principal.
  • saml_metadata_url (str) –
  • service_principal_names (list[str]) – A collection of service principal names.
  • tags (list[str]) –
class azure.graphrbac.models.ServicePrincipal(*, additional_properties=None, display_name: str = None, app_id: str = None, app_roles=None, service_principal_names=None, **kwargs)[source]

Bases: azure.graphrbac.models.directory_object_py3.DirectoryObject

Active Directory service principal information.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Parameters:
  • additional_properties (dict[str, object]) – Unmatched properties from the message are deserialized this collection
  • object_type (str) – Required. Constant filled by server.
  • display_name (str) – The display name of the service principal.
  • app_id (str) – The application ID.
  • app_roles (list[AppRole]) – The collection of application roles that an application may declare. These roles can be assigned to users, groups or service principals.
  • service_principal_names (list[str]) – A collection of service principal names.
Variables:
  • object_id (str) – The object ID.
  • deletion_timestamp (datetime) – The time at which the directory object was deleted.
class azure.graphrbac.models.PasswordProfile(*, password: str, additional_properties=None, force_change_password_next_login: bool = None, **kwargs)[source]

Bases: msrest.serialization.Model

The password profile associated with a user.

All required parameters must be populated in order to send to Azure.

Parameters:
  • additional_properties (dict[str, object]) – Unmatched properties from the message are deserialized this collection
  • password (str) – Required. Password
  • force_change_password_next_login (bool) – Whether to force a password change on next login.
class azure.graphrbac.models.UserBase(*, additional_properties=None, immutable_id: str = None, usage_location: str = None, given_name: str = None, surname: str = None, user_type=None, **kwargs)[source]

Bases: msrest.serialization.Model

UserBase.

Parameters:
  • additional_properties (dict[str, object]) – Unmatched properties from the message are deserialized this collection
  • immutable_id (str) – This must be specified if you are using a federated domain for the user’s userPrincipalName (UPN) property when creating a new user account. It is used to associate an on-premises Active Directory user account with their Azure AD user object.
  • usage_location (str) – A two letter country code (ISO standard 3166). Required for users that will be assigned licenses due to legal requirement to check for availability of services in countries. Examples include: “US”, “JP”, and “GB”.
  • given_name (str) – The given name for the user.
  • surname (str) – The user’s surname (family name or last name).
  • user_type (str or UserType) – A string value that can be used to classify user types in your directory, such as ‘Member’ and ‘Guest’. Possible values include: ‘Member’, ‘Guest’
class azure.graphrbac.models.UserCreateParameters(*, account_enabled: bool, display_name: str, password_profile, user_principal_name: str, mail_nickname: str, additional_properties=None, immutable_id: str = None, usage_location: str = None, given_name: str = None, surname: str = None, user_type=None, mail: str = None, **kwargs)[source]

Bases: azure.graphrbac.models.user_base_py3.UserBase

Request parameters for creating a new work or school account user.

All required parameters must be populated in order to send to Azure.

Parameters:
  • additional_properties (dict[str, object]) – Unmatched properties from the message are deserialized this collection
  • immutable_id (str) – This must be specified if you are using a federated domain for the user’s userPrincipalName (UPN) property when creating a new user account. It is used to associate an on-premises Active Directory user account with their Azure AD user object.
  • usage_location (str) – A two letter country code (ISO standard 3166). Required for users that will be assigned licenses due to legal requirement to check for availability of services in countries. Examples include: “US”, “JP”, and “GB”.
  • given_name (str) – The given name for the user.
  • surname (str) – The user’s surname (family name or last name).
  • user_type (str or UserType) – A string value that can be used to classify user types in your directory, such as ‘Member’ and ‘Guest’. Possible values include: ‘Member’, ‘Guest’
  • account_enabled (bool) – Required. Whether the account is enabled.
  • display_name (str) – Required. The display name of the user.
  • password_profile (PasswordProfile) – Required. Password Profile
  • user_principal_name (str) – Required. The user principal name (someuser@contoso.com). It must contain one of the verified domains for the tenant.
  • mail_nickname (str) – Required. The mail alias for the user.
  • mail (str) – The primary email address of the user.
class azure.graphrbac.models.UserUpdateParameters(*, additional_properties=None, immutable_id: str = None, usage_location: str = None, given_name: str = None, surname: str = None, user_type=None, account_enabled: bool = None, display_name: str = None, password_profile=None, user_principal_name: str = None, mail_nickname: str = None, **kwargs)[source]

Bases: azure.graphrbac.models.user_base_py3.UserBase

Request parameters for updating an existing work or school account user.

Parameters:
  • additional_properties (dict[str, object]) – Unmatched properties from the message are deserialized this collection
  • immutable_id (str) – This must be specified if you are using a federated domain for the user’s userPrincipalName (UPN) property when creating a new user account. It is used to associate an on-premises Active Directory user account with their Azure AD user object.
  • usage_location (str) – A two letter country code (ISO standard 3166). Required for users that will be assigned licenses due to legal requirement to check for availability of services in countries. Examples include: “US”, “JP”, and “GB”.
  • given_name (str) – The given name for the user.
  • surname (str) – The user’s surname (family name or last name).
  • user_type (str or UserType) – A string value that can be used to classify user types in your directory, such as ‘Member’ and ‘Guest’. Possible values include: ‘Member’, ‘Guest’
  • account_enabled (bool) – Whether the account is enabled.
  • display_name (str) – The display name of the user.
  • password_profile (PasswordProfile) – The password profile of the user.
  • user_principal_name (str) – The user principal name (someuser@contoso.com). It must contain one of the verified domains for the tenant.
  • mail_nickname (str) – The mail alias for the user.
class azure.graphrbac.models.SignInName(*, additional_properties=None, type: str = None, value: str = None, **kwargs)[source]

Bases: msrest.serialization.Model

Contains information about a sign-in name of a local account user in an Azure Active Directory B2C tenant.

Parameters:
  • additional_properties (dict[str, object]) – Unmatched properties from the message are deserialized this collection
  • type (str) – A string value that can be used to classify user sign-in types in your directory, such as ‘emailAddress’ or ‘userName’.
  • value (str) – The sign-in used by the local account. Must be unique across the company/tenant. For example, ‘johnc@example.com’.
class azure.graphrbac.models.User(*, additional_properties=None, immutable_id: str = None, usage_location: str = None, given_name: str = None, surname: str = None, user_type=None, account_enabled: bool = None, display_name: str = None, user_principal_name: str = None, mail_nickname: str = None, mail: str = None, sign_in_names=None, **kwargs)[source]

Bases: azure.graphrbac.models.directory_object_py3.DirectoryObject

Active Directory user information.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Parameters:
  • additional_properties (dict[str, object]) – Unmatched properties from the message are deserialized this collection
  • object_type (str) – Required. Constant filled by server.
  • immutable_id (str) – This must be specified if you are using a federated domain for the user’s userPrincipalName (UPN) property when creating a new user account. It is used to associate an on-premises Active Directory user account with their Azure AD user object.
  • usage_location (str) – A two letter country code (ISO standard 3166). Required for users that will be assigned licenses due to legal requirement to check for availability of services in countries. Examples include: “US”, “JP”, and “GB”.
  • given_name (str) – The given name for the user.
  • surname (str) – The user’s surname (family name or last name).
  • user_type (str or UserType) – A string value that can be used to classify user types in your directory, such as ‘Member’ and ‘Guest’. Possible values include: ‘Member’, ‘Guest’
  • account_enabled (bool) – Whether the account is enabled.
  • display_name (str) – The display name of the user.
  • user_principal_name (str) – The principal name of the user.
  • mail_nickname (str) – The mail alias for the user.
  • mail (str) – The primary email address of the user.
  • sign_in_names (list[SignInName]) – The sign-in names of the user.
Variables:
  • object_id (str) – The object ID.
  • deletion_timestamp (datetime) – The time at which the directory object was deleted.
class azure.graphrbac.models.UserGetMemberGroupsParameters(*, security_enabled_only: bool, additional_properties=None, **kwargs)[source]

Bases: msrest.serialization.Model

Request parameters for GetMemberGroups API call.

All required parameters must be populated in order to send to Azure.

Parameters:
  • additional_properties (dict[str, object]) – Unmatched properties from the message are deserialized this collection
  • security_enabled_only (bool) – Required. If true, only membership in security-enabled groups should be checked. Otherwise, membership in all groups should be checked.
class azure.graphrbac.models.GetObjectsParameters(*, additional_properties=None, object_ids=None, types=None, include_directory_object_references: bool = None, **kwargs)[source]

Bases: msrest.serialization.Model

Request parameters for the GetObjectsByObjectIds API.

Parameters:
  • additional_properties (dict[str, object]) – Unmatched properties from the message are deserialized this collection
  • object_ids (list[str]) – The requested object IDs.
  • types (list[str]) – The requested object types.
  • include_directory_object_references (bool) – If true, also searches for object IDs in the partner tenant.
class azure.graphrbac.models.Domain(*, name: str, additional_properties=None, **kwargs)[source]

Bases: msrest.serialization.Model

Active Directory Domain information.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Parameters:
  • additional_properties (dict[str, object]) – Unmatched properties from the message are deserialized this collection
  • name (str) – Required. the domain name.
Variables:
  • authentication_type (str) – the type of the authentication into the domain.
  • is_default (bool) – if this is the default domain in the tenant.
  • is_verified (bool) – if this domain’s ownership is verified.
class azure.graphrbac.models.Permissions(*, odatatype: str = None, client_id: str = None, consent_type: str = None, principal_id=None, resource_id: str = None, scope: str = None, start_time: str = None, expiry_time: str = None, **kwargs)[source]

Bases: msrest.serialization.Model

Permissions.

Parameters:
  • odatatype (str) – Microsoft.DirectoryServices.OAuth2PermissionGrant
  • client_id (str) – The objectId of the Service Principal associated with the app
  • consent_type (str) – Typically set to AllPrincipals
  • principal_id (object) – Set to null if AllPrincipals is set
  • resource_id (str) – Service Principal Id of the resource you want to grant
  • scope (str) – Typically set to user_impersonation
  • start_time (str) – Start time for TTL
  • expiry_time (str) – Expiry time for TTL
class azure.graphrbac.models.DirectoryObjectPaged(*args, **kwargs)[source]

Bases: msrest.paging.Paged

A paging container for iterating over a list of DirectoryObject object

class azure.graphrbac.models.ApplicationPaged(*args, **kwargs)[source]

Bases: msrest.paging.Paged

A paging container for iterating over a list of Application object

class azure.graphrbac.models.KeyCredentialPaged(*args, **kwargs)[source]

Bases: msrest.paging.Paged

A paging container for iterating over a list of KeyCredential object

class azure.graphrbac.models.PasswordCredentialPaged(*args, **kwargs)[source]

Bases: msrest.paging.Paged

A paging container for iterating over a list of PasswordCredential object

class azure.graphrbac.models.ADGroupPaged(*args, **kwargs)[source]

Bases: msrest.paging.Paged

A paging container for iterating over a list of ADGroup object

class azure.graphrbac.models.StrPaged(*args, **kwargs)[source]

Bases: msrest.paging.Paged

A paging container for iterating over a list of str object

class azure.graphrbac.models.ServicePrincipalPaged(*args, **kwargs)[source]

Bases: msrest.paging.Paged

A paging container for iterating over a list of ServicePrincipal object

class azure.graphrbac.models.UserPaged(*args, **kwargs)[source]

Bases: msrest.paging.Paged

A paging container for iterating over a list of User object

class azure.graphrbac.models.DomainPaged(*args, **kwargs)[source]

Bases: msrest.paging.Paged

A paging container for iterating over a list of Domain object

class azure.graphrbac.models.UserType[source]

Bases: str, enum.Enum

An enumeration.

guest = 'Guest'
member = 'Member'