azure.graphrbac.models module

class azure.graphrbac.models.GraphError(code=None, message=None)[source]

Bases: msrest.serialization.Model

Active Directory error information.

Parameters:
  • code (str) – Error code.
  • message (str) – Error message value.
exception azure.graphrbac.models.GraphErrorException(deserialize, response, *args)[source]

Bases: msrest.exceptions.HttpOperationError

Server responsed with exception of type: ‘GraphError’.

Parameters:
  • deserialize – A deserializer
  • response – Server response to be deserialized.
class azure.graphrbac.models.KeyCredential(start_date=None, end_date=None, value=None, key_id=None, usage=None, type=None)[source]

Bases: msrest.serialization.Model

Active Directory Key Credential information.

Parameters:
  • start_date (datetime) – start date
  • end_date (datetime) – end date
  • value (str) – value
  • key_id (str) – key Id
  • usage (str) – usage. Acceptable values are ‘Verify’ and ‘Sign’.
  • type (str) – type. Acceptable values are ‘AsymmetricX509Cert’ and ‘Symmetric’.
class azure.graphrbac.models.PasswordCredential(start_date=None, end_date=None, key_id=None, value=None)[source]

Bases: msrest.serialization.Model

Active Directory PasswordCredential information.

Parameters:
  • start_date (datetime) – start date
  • end_date (datetime) – end date
  • key_id (str) – key Id
  • value (str) – value
class azure.graphrbac.models.ApplicationCreateParameters(available_to_other_tenants, display_name, identifier_uris, homepage=None, reply_urls=None, key_credentials=None, password_credentials=None)[source]

Bases: msrest.serialization.Model

Request parameters for create a new application.

Parameters:
  • available_to_other_tenants (bool) – Indicates if the application will be available to other tenants
  • display_name (str) – Application display name
  • homepage (str) – Application homepage
  • identifier_uris (list of str) – Application Uris
  • reply_urls (list of str) – Application reply Urls
  • key_credentials (list of KeyCredential) – the list of KeyCredential objects
  • password_credentials (list of PasswordCredential) – the list of PasswordCredential objects
class azure.graphrbac.models.ApplicationUpdateParameters(available_to_other_tenants=None, display_name=None, homepage=None, identifier_uris=None, reply_urls=None, key_credentials=None, password_credentials=None)[source]

Bases: msrest.serialization.Model

Request parameters for updating an existing application.

Parameters:
  • available_to_other_tenants (bool) – Indicates if the application will be available to other tenants
  • display_name (str) – Application display name
  • homepage (str) – Application homepage
  • identifier_uris (list of str) – Application Uris
  • reply_urls (list of str) – Application reply Urls
  • key_credentials (list of KeyCredential) – the list of KeyCredential objects
  • password_credentials (list of PasswordCredential) – the list of PasswordCredential objects
class azure.graphrbac.models.Application(object_id=None, object_type=None, app_id=None, app_permissions=None, available_to_other_tenants=None, display_name=None, identifier_uris=None, reply_urls=None, homepage=None)[source]

Bases: msrest.serialization.Model

Active Directory user information.

Parameters:
  • object_id (str) – object Id
  • object_type (str) – object type
  • app_id (str) – application Id
  • app_permissions (list of str) – application permissions
  • available_to_other_tenants (bool) – Indicates if the application will be available to other tenants
  • display_name (str) – the displayName
  • identifier_uris (list of str) – the application identifier Uris
  • reply_urls (list of str) – the application reply Urls
  • homepage (str) – Application homepage
class azure.graphrbac.models.KeyCredentialsUpdateParameters(value=None)[source]

Bases: msrest.serialization.Model

Request parameters for KeyCredentials update operation.

Parameters:value (list of KeyCredential) – KeyCredential list.
class azure.graphrbac.models.PasswordCredentialsUpdateParameters(value=None)[source]

Bases: msrest.serialization.Model

Request paramters for PasswordCredentials update operation.

Parameters:value (list of PasswordCredential) – PasswordCredential list.
class azure.graphrbac.models.AADObject(object_id=None, object_type=None, display_name=None, user_principal_name=None, mail=None, mail_enabled=None, security_enabled=None, sign_in_name=None, service_principal_names=None, user_type=None)[source]

Bases: msrest.serialization.Model

Active Directory object information.

Parameters:
  • object_id (str) – object Id
  • object_type (str) – object type
  • display_name (str) – object display name
  • user_principal_name (str) – principal name
  • mail (str) – mail
  • mail_enabled (bool) – MailEnabled field
  • security_enabled (bool) – SecurityEnabled field
  • sign_in_name (str) – signIn name
  • service_principal_names (list of str) – the list of service principal names.
  • user_type (str) – the user type
class azure.graphrbac.models.GroupAddMemberParameters(url)[source]

Bases: msrest.serialization.Model

Request parameters for adding a member to a group.

Parameters:url (str) – Member Object Url as “https://graph.windows.net/0b1f9851-1bf0-433f-aec3-cb9272f093dc/directoryObjects/f260bbc4-c254-447b-94cf-293b5ec434dd”, where “0b1f9851-1bf0-433f-aec3-cb9272f093dc” is the tenantId and “f260bbc4-c254-447b-94cf-293b5ec434dd” is the objectId of the member (user, application, servicePrincipal, group) to be added.
class azure.graphrbac.models.GroupCreateParameters(display_name, mail_nickname)[source]

Bases: msrest.serialization.Model

Request parameters for create a new group.

Variables are only populated by the server, and will be ignored when sending a request.

Parameters:
  • display_name (str) – Group display name
  • mail_nickname (str) – Mail nick name
Variables:
  • mail_enabled (bool) – Specifies whether the group is mail-enabled. Must be false. This is because only pure security groups can be created using the Graph API. Default value: False .
  • security_enabled (bool) – Specifies whether the group is a security group. Must be true. This is because only pure security groups can be created using the Graph API. Default value: True .
mail_enabled = False
security_enabled = True
class azure.graphrbac.models.ADGroup(object_id=None, object_type=None, display_name=None, security_enabled=None, mail=None)[source]

Bases: msrest.serialization.Model

Active Directory group information.

Parameters:
  • object_id (str) – object Id
  • object_type (str) – object type
  • display_name (str) – group display name
  • security_enabled (bool) – security enabled field
  • mail (str) – mail field
class azure.graphrbac.models.GroupGetMemberGroupsParameters(security_enabled_only)[source]

Bases: msrest.serialization.Model

Request parameters for GetMemberGroups API call.

Parameters:security_enabled_only (bool) – If true only membership in security enabled groups should be checked. Otherwise membership in all groups should be checked
class azure.graphrbac.models.CheckGroupMembershipParameters(group_id, member_id)[source]

Bases: msrest.serialization.Model

Request parameters for IsMemberOf API call.

Parameters:
  • group_id (str) – The object ID of the group to check.
  • member_id (str) – The object ID of the contact, group, user, or service principal to check for membership in the specified group.
class azure.graphrbac.models.CheckGroupMembershipResult(value=None)[source]

Bases: msrest.serialization.Model

Server response for IsMemberOf API call.

Parameters:value (bool) – true if the specified user, group, contact, or service principal has either direct or transitive membership in the specified group; otherwise, false.
class azure.graphrbac.models.ServicePrincipalCreateParameters(app_id, account_enabled, key_credentials=None, password_credentials=None)[source]

Bases: msrest.serialization.Model

Request parameters for create a new service principal.

Parameters:
  • app_id (str) – application Id
  • account_enabled (bool) – Specifies if the account is enabled
  • key_credentials (list of KeyCredential) – the list of KeyCredential objects
  • password_credentials (list of PasswordCredential) – the list of PasswordCredential objects
class azure.graphrbac.models.ServicePrincipal(object_id=None, object_type=None, display_name=None, app_id=None, service_principal_names=None)[source]

Bases: msrest.serialization.Model

Active Directory service principal information.

Parameters:
  • object_id (str) – object Id
  • object_type (str) – object type
  • display_name (str) – service principal display name
  • app_id (str) – app id
  • service_principal_names (list of str) – the list of names.
class azure.graphrbac.models.PasswordProfile(password, force_change_password_next_login=None)[source]

Bases: msrest.serialization.Model

Contains the password profile associated with a user.

Parameters:
  • password (str) – Password
  • force_change_password_next_login (bool) – Force change password on next login
class azure.graphrbac.models.UserCreateParameters(account_enabled, display_name, password_profile, user_principal_name, mail_nickname, immutable_id=None)[source]

Bases: msrest.serialization.Model

Request parameters for create a new work or school account user.

Parameters:
  • account_enabled (bool) – Enable the account. If it is enabled then true else false.
  • display_name (str) – User display name
  • password_profile (PasswordProfile) – Password Profile
  • user_principal_name (str) – The user principal name (someuser@contoso.com). It must contain one of the verified domains for the tenant.
  • mail_nickname (str) – The mail alias for the user
  • immutable_id (str) – Needs to be specified if you are using a federated domain for the user’s userPrincipalName (UPN) property while creating a new user account. It is used to associate an on-premises Active Directory user account to their Azure AD user object.
class azure.graphrbac.models.UserUpdateParameters(account_enabled=None, display_name=None, password_profile=None, mail_nickname=None)[source]

Bases: msrest.serialization.Model

Request parameters for updating an existing work or school account user.

Parameters:
  • account_enabled (bool) – Enable the account. If it is enabled then true else false.
  • display_name (str) – User display name
  • password_profile (PasswordProfile) – Password Profile
  • mail_nickname (str) – The mail alias for the user
class azure.graphrbac.models.User(object_id=None, object_type=None, user_principal_name=None, display_name=None, sign_in_name=None, mail=None, mail_nickname=None)[source]

Bases: msrest.serialization.Model

Active Directory user information.

Parameters:
  • object_id (str) – object Id
  • object_type (str) – object type
  • user_principal_name (str) – user principal name
  • display_name (str) – user display name
  • sign_in_name (str) – user signIn name
  • mail (str) – user mail
  • mail_nickname (str) – The mail alias for the user
class azure.graphrbac.models.UserGetMemberGroupsParameters(security_enabled_only)[source]

Bases: msrest.serialization.Model

Request parameters for GetMemberGroups API call.

Parameters:security_enabled_only (bool) – If true only membership in security enabled groups should be checked. Otherwise membership in all groups should be checked
class azure.graphrbac.models.GetObjectsParameters(include_directory_object_references, object_ids=None, types=None)[source]

Bases: msrest.serialization.Model

Request parameters for GetObjectsByObjectIds API call.

Parameters:
  • object_ids (list of str) – Requested object Ids
  • types (list of str) – Requested object types
  • include_directory_object_references (bool) – If true, also searches for object ids in the partner tenant
class azure.graphrbac.models.ApplicationPaged(*args, **kwargs)[source]

Bases: msrest.paging.Paged

A paging container for iterating over a list of Application object

class azure.graphrbac.models.KeyCredentialPaged(*args, **kwargs)[source]

Bases: msrest.paging.Paged

A paging container for iterating over a list of KeyCredential object

class azure.graphrbac.models.PasswordCredentialPaged(*args, **kwargs)[source]

Bases: msrest.paging.Paged

A paging container for iterating over a list of PasswordCredential object

class azure.graphrbac.models.ADGroupPaged(*args, **kwargs)[source]

Bases: msrest.paging.Paged

A paging container for iterating over a list of ADGroup object

class azure.graphrbac.models.AADObjectPaged(*args, **kwargs)[source]

Bases: msrest.paging.Paged

A paging container for iterating over a list of AADObject object

class azure.graphrbac.models.strPaged(*args, **kwargs)[source]

Bases: msrest.paging.Paged

A paging container for iterating over a list of str object

class azure.graphrbac.models.ServicePrincipalPaged(*args, **kwargs)[source]

Bases: msrest.paging.Paged

A paging container for iterating over a list of ServicePrincipal object

class azure.graphrbac.models.UserPaged(*args, **kwargs)[source]

Bases: msrest.paging.Paged

A paging container for iterating over a list of User object