azure.graphrbac.models module

class azure.graphrbac.models.GraphError(code=None, message=None)[source]

Bases: msrest.serialization.Model

Active Directory error information.

Parameters:
  • code (str) – Error code.
  • message (str) – Error message value.
exception azure.graphrbac.models.GraphErrorException(deserialize, response, *args)[source]

Bases: msrest.exceptions.HttpOperationError

Server responsed with exception of type: ‘GraphError’.

Parameters:
  • deserialize – A deserializer
  • response – Server response to be deserialized.
class azure.graphrbac.models.KeyCredential(start_date=None, end_date=None, value=None, key_id=None, usage=None, type=None)[source]

Bases: msrest.serialization.Model

Active Directory Key Credential information.

Parameters:
  • start_date (datetime) – Start date.
  • end_date (datetime) – End date.
  • value (str) – Key value.
  • key_id (str) – Key ID.
  • usage (str) – Usage. Acceptable values are ‘Verify’ and ‘Sign’.
  • type (str) – Type. Acceptable values are ‘AsymmetricX509Cert’ and ‘Symmetric’.
class azure.graphrbac.models.PasswordCredential(start_date=None, end_date=None, key_id=None, value=None)[source]

Bases: msrest.serialization.Model

Active Directory Password Credential information.

Parameters:
  • start_date (datetime) – Start date.
  • end_date (datetime) – End date.
  • key_id (str) – Key ID.
  • value (str) – Key value.
class azure.graphrbac.models.ApplicationCreateParameters(available_to_other_tenants, display_name, identifier_uris, homepage=None, reply_urls=None, key_credentials=None, password_credentials=None, oauth2_allow_implicit_flow=None)[source]

Bases: msrest.serialization.Model

Request parameters for creating a new application.

Parameters:
  • available_to_other_tenants (bool) – Whether the application is available to other tenants.
  • display_name (str) – The display name of the application.
  • homepage (str) – The home page of the application.
  • identifier_uris (list of str) – A collection of URIs for the application.
  • reply_urls (list of str) – A collection of reply URLs for the application.
  • key_credentials (list of KeyCredential) – The list of KeyCredential objects.
  • password_credentials (list of PasswordCredential) – The list of PasswordCredential objects.
  • oauth2_allow_implicit_flow (bool) – Whether to allow implicit grant flow for OAuth2
class azure.graphrbac.models.ApplicationUpdateParameters(available_to_other_tenants=None, display_name=None, homepage=None, identifier_uris=None, reply_urls=None, key_credentials=None, password_credentials=None, oauth2_allow_implicit_flow=None)[source]

Bases: msrest.serialization.Model

Request parameters for updating an existing application.

Parameters:
  • available_to_other_tenants (bool) – Whether the application is available to other tenants
  • display_name (str) – The display name of the application.
  • homepage (str) – The home page of the application.
  • identifier_uris (list of str) – A collection of URIs for the application.
  • reply_urls (list of str) – A collection of reply URLs for the application.
  • key_credentials (list of KeyCredential) – The list of KeyCredential objects.
  • password_credentials (list of PasswordCredential) – The list of PasswordCredential objects.
  • oauth2_allow_implicit_flow (bool) – Whether to allow implicit grant flow for OAuth2
class azure.graphrbac.models.Application(object_id=None, object_type=None, app_id=None, app_permissions=None, available_to_other_tenants=None, display_name=None, identifier_uris=None, reply_urls=None, homepage=None, oauth2_allow_implicit_flow=None)[source]

Bases: msrest.serialization.Model

Active Directory application information.

Parameters:
  • object_id (str) – The object ID.
  • object_type (str) – The object type.
  • app_id (str) – The application ID.
  • app_permissions (list of str) – The application permissions.
  • available_to_other_tenants (bool) – Whether the application is be available to other tenants.
  • display_name (str) – The display name of the application.
  • identifier_uris (list of str) – A collection of URIs for the application.
  • reply_urls (list of str) – A collection of reply URLs for the application.
  • homepage (str) – The home page of the application.
  • oauth2_allow_implicit_flow (bool) – Whether to allow implicit grant flow for OAuth2
class azure.graphrbac.models.KeyCredentialsUpdateParameters(value)[source]

Bases: msrest.serialization.Model

Request parameters for a KeyCredentials update operation.

Parameters:value (list of KeyCredential) – A collection of KeyCredentials.
class azure.graphrbac.models.PasswordCredentialsUpdateParameters(value)[source]

Bases: msrest.serialization.Model

Request parameters for a PasswordCredentials update operation.

Parameters:value (list of PasswordCredential) – A collection of PasswordCredentials.
class azure.graphrbac.models.AADObject(object_id=None, object_type=None, display_name=None, user_principal_name=None, mail=None, mail_enabled=None, security_enabled=None, sign_in_name=None, service_principal_names=None, user_type=None)[source]

Bases: msrest.serialization.Model

The properties of an Active Directory object.

Variables are only populated by the server, and will be ignored when sending a request.

Parameters:
  • object_id (str) – The ID of the object.
  • object_type (str) – The type of AAD object.
  • display_name (str) – The display name of the object.
  • user_principal_name (str) – The principal name of the object.
  • mail (str) – The primary email address of the object.
  • mail_enabled (bool) – Whether the AAD object is mail-enabled.
  • security_enabled (bool) – Whether the AAD object is security-enabled.
  • sign_in_name (str) – The sign-in name of the object.
  • service_principal_names (list of str) – A collection of service principal names associated with the object.
  • user_type (str) – The user type of the object.
Variables:
  • mail_nickname (str) – The mail alias for the user.
  • usage_location (str) – A two letter country code (ISO standard 3166). Required for users that will be assigned licenses due to legal requirement to check for availability of services in countries. Examples include: “US”, “JP”, and “GB”.
  • app_id (str) – The application ID.
  • app_permissions (list of str) – The application permissions.
  • available_to_other_tenants (bool) – Whether the application is be available to other tenants.
  • identifier_uris (list of str) – A collection of URIs for the application.
  • reply_urls (list of str) – A collection of reply URLs for the application.
  • homepage (str) – The home page of the application.
class azure.graphrbac.models.GroupAddMemberParameters(url)[source]

Bases: msrest.serialization.Model

Request parameters for adding a member to a group.

Parameters:url (str) – A member object URL, such as “https://graph.windows.net/0b1f9851-1bf0-433f-aec3-cb9272f093dc/directoryObjects/f260bbc4-c254-447b-94cf-293b5ec434dd”, where “0b1f9851-1bf0-433f-aec3-cb9272f093dc” is the tenantId and “f260bbc4-c254-447b-94cf-293b5ec434dd” is the objectId of the member (user, application, servicePrincipal, group) to be added.
class azure.graphrbac.models.GroupCreateParameters(display_name, mail_nickname)[source]

Bases: msrest.serialization.Model

Request parameters for creating a new group.

Variables are only populated by the server, and will be ignored when sending a request.

Parameters:
  • display_name (str) – Group display name
  • mail_nickname (str) – Mail nickname
Variables:
  • mail_enabled (bool) – Whether the group is mail-enabled. Must be false. This is because only pure security groups can be created using the Graph API. Default value: False .
  • security_enabled (bool) – Whether the group is a security group. Must be true. This is because only pure security groups can be created using the Graph API. Default value: True .
mail_enabled = False
security_enabled = True
class azure.graphrbac.models.ADGroup(object_id=None, object_type=None, display_name=None, security_enabled=None, mail=None)[source]

Bases: msrest.serialization.Model

Active Directory group information.

Parameters:
  • object_id (str) – The object ID.
  • object_type (str) – The object type.
  • display_name (str) – The display name of the group.
  • security_enabled (bool) – Whether the group is security-enable.
  • mail (str) – The primary email address of the group.
class azure.graphrbac.models.GroupGetMemberGroupsParameters(security_enabled_only)[source]

Bases: msrest.serialization.Model

Request parameters for GetMemberGroups API call.

Parameters:security_enabled_only (bool) – If true, only membership in security-enabled groups should be checked. Otherwise, membership in all groups should be checked.
class azure.graphrbac.models.CheckGroupMembershipParameters(group_id, member_id)[source]

Bases: msrest.serialization.Model

Request parameters for IsMemberOf API call.

Parameters:
  • group_id (str) – The object ID of the group to check.
  • member_id (str) – The object ID of the contact, group, user, or service principal to check for membership in the specified group.
class azure.graphrbac.models.CheckGroupMembershipResult(value=None)[source]

Bases: msrest.serialization.Model

Server response for IsMemberOf API call.

Parameters:value (bool) – True if the specified user, group, contact, or service principal has either direct or transitive membership in the specified group; otherwise, false.
class azure.graphrbac.models.ServicePrincipalCreateParameters(app_id, account_enabled, key_credentials=None, password_credentials=None)[source]

Bases: msrest.serialization.Model

Request parameters for creating a new service principal.

Parameters:
  • app_id (str) – application Id
  • account_enabled (bool) – Whether the account is enabled
  • key_credentials (list of KeyCredential) – A collection of KeyCredential objects.
  • password_credentials (list of PasswordCredential) – A collection of PasswordCredential objects
class azure.graphrbac.models.ServicePrincipal(object_id=None, object_type=None, display_name=None, app_id=None, service_principal_names=None)[source]

Bases: msrest.serialization.Model

Active Directory service principal information.

Parameters:
  • object_id (str) – The object ID.
  • object_type (str) – The object type.
  • display_name (str) – The display name of the service principal.
  • app_id (str) – The application ID.
  • service_principal_names (list of str) – A collection of service principal names.
class azure.graphrbac.models.PasswordProfile(password, force_change_password_next_login=None)[source]

Bases: msrest.serialization.Model

The password profile associated with a user.

Parameters:
  • password (str) – Password
  • force_change_password_next_login (bool) – Whether to force a password change on next login.
class azure.graphrbac.models.UserBase(immutable_id=None, usage_location=None, given_name=None, surname=None, user_type=None)[source]

Bases: msrest.serialization.Model

UserBase.

Parameters:
  • immutable_id (str) – This must be specified if you are using a federated domain for the user’s userPrincipalName (UPN) property when creating a new user account. It is used to associate an on-premises Active Directory user account with their Azure AD user object.
  • usage_location (str) – A two letter country code (ISO standard 3166). Required for users that will be assigned licenses due to legal requirement to check for availability of services in countries. Examples include: “US”, “JP”, and “GB”.
  • given_name (str) – The given name for the user.
  • surname (str) – The user’s surname (family name or last name).
  • user_type (str or UserType) – A string value that can be used to classify user types in your directory, such as ‘Member’ and ‘Guest’. Possible values include: ‘Member’, ‘Guest’
class azure.graphrbac.models.UserCreateParameters(account_enabled, display_name, password_profile, user_principal_name, mail_nickname, immutable_id=None, usage_location=None, given_name=None, surname=None, user_type=None, mail=None)[source]

Bases: azure.graphrbac.models.user_base.UserBase

Request parameters for creating a new work or school account user.

Parameters:
  • immutable_id (str) – This must be specified if you are using a federated domain for the user’s userPrincipalName (UPN) property when creating a new user account. It is used to associate an on-premises Active Directory user account with their Azure AD user object.
  • usage_location (str) – A two letter country code (ISO standard 3166). Required for users that will be assigned licenses due to legal requirement to check for availability of services in countries. Examples include: “US”, “JP”, and “GB”.
  • given_name (str) – The given name for the user.
  • surname (str) – The user’s surname (family name or last name).
  • user_type (str or UserType) – A string value that can be used to classify user types in your directory, such as ‘Member’ and ‘Guest’. Possible values include: ‘Member’, ‘Guest’
  • account_enabled (bool) – Whether the account is enabled.
  • display_name (str) – The display name of the user.
  • password_profile (PasswordProfile) – Password Profile
  • user_principal_name (str) – The user principal name (someuser@contoso.com). It must contain one of the verified domains for the tenant.
  • mail_nickname (str) – The mail alias for the user.
  • mail (str) – The primary email address of the user.
class azure.graphrbac.models.UserUpdateParameters(immutable_id=None, usage_location=None, given_name=None, surname=None, user_type=None, account_enabled=None, display_name=None, password_profile=None, user_principal_name=None, mail_nickname=None)[source]

Bases: azure.graphrbac.models.user_base.UserBase

Request parameters for updating an existing work or school account user.

Parameters:
  • immutable_id (str) – This must be specified if you are using a federated domain for the user’s userPrincipalName (UPN) property when creating a new user account. It is used to associate an on-premises Active Directory user account with their Azure AD user object.
  • usage_location (str) – A two letter country code (ISO standard 3166). Required for users that will be assigned licenses due to legal requirement to check for availability of services in countries. Examples include: “US”, “JP”, and “GB”.
  • given_name (str) – The given name for the user.
  • surname (str) – The user’s surname (family name or last name).
  • user_type (str or UserType) – A string value that can be used to classify user types in your directory, such as ‘Member’ and ‘Guest’. Possible values include: ‘Member’, ‘Guest’
  • account_enabled (bool) – Whether the account is enabled.
  • display_name (str) – The display name of the user.
  • password_profile (PasswordProfile) – The password profile of the user.
  • user_principal_name (str) – The user principal name (someuser@contoso.com). It must contain one of the verified domains for the tenant.
  • mail_nickname (str) – The mail alias for the user.
class azure.graphrbac.models.SignInName(type=None, value=None)[source]

Bases: msrest.serialization.Model

Contains information about a sign-in name of a local account user in an Azure Active Directory B2C tenant.

Parameters:
  • type (str) – A string value that can be used to classify user sign-in types in your directory, such as ‘emailAddress’ or ‘userName’.
  • value (str) – The sign-in used by the local account. Must be unique across the company/tenant. For example, 'johnc@example.com‘.
class azure.graphrbac.models.User(immutable_id=None, usage_location=None, given_name=None, surname=None, user_type=None, account_enabled=None, display_name=None, user_principal_name=None, mail_nickname=None, mail=None, object_id=None, object_type=None, sign_in_names=None)[source]

Bases: azure.graphrbac.models.user_base.UserBase

Active Directory user information.

Parameters:
  • immutable_id (str) – This must be specified if you are using a federated domain for the user’s userPrincipalName (UPN) property when creating a new user account. It is used to associate an on-premises Active Directory user account with their Azure AD user object.
  • usage_location (str) – A two letter country code (ISO standard 3166). Required for users that will be assigned licenses due to legal requirement to check for availability of services in countries. Examples include: “US”, “JP”, and “GB”.
  • given_name (str) – The given name for the user.
  • surname (str) – The user’s surname (family name or last name).
  • user_type (str or UserType) – A string value that can be used to classify user types in your directory, such as ‘Member’ and ‘Guest’. Possible values include: ‘Member’, ‘Guest’
  • account_enabled (bool) – Whether the account is enabled.
  • display_name (str) – The display name of the user.
  • user_principal_name (str) – The principal name of the user.
  • mail_nickname (str) – The mail alias for the user.
  • mail (str) – The primary email address of the user.
  • object_id (str) – The object ID.
  • object_type (str) – The object type.
  • sign_in_names (list of SignInName) – The sign-in names of the user.
class azure.graphrbac.models.UserGetMemberGroupsParameters(security_enabled_only)[source]

Bases: msrest.serialization.Model

Request parameters for GetMemberGroups API call.

Parameters:security_enabled_only (bool) – If true, only membership in security-enabled groups should be checked. Otherwise, membership in all groups should be checked.
class azure.graphrbac.models.GetObjectsParameters(include_directory_object_references, object_ids=None, types=None)[source]

Bases: msrest.serialization.Model

Request parameters for the GetObjectsByObjectIds API.

Parameters:
  • object_ids (list of str) – The requested object IDs.
  • types (list of str) – The requested object types.
  • include_directory_object_references (bool) – If true, also searches for object IDs in the partner tenant.
class azure.graphrbac.models.Domain(name)[source]

Bases: msrest.serialization.Model

Active Directory Domain information.

Variables are only populated by the server, and will be ignored when sending a request.

Variables:
  • authentication_type (str) – the type of the authentication into the domain.
  • is_default (bool) – if this is the default domain in the tenant.
  • is_verified (bool) – if this domain’s ownership is verified.
Parameters:

name (str) – the domain name.

class azure.graphrbac.models.AADObjectPaged(*args, **kwargs)[source]

Bases: msrest.paging.Paged

A paging container for iterating over a list of AADObject object

class azure.graphrbac.models.ApplicationPaged(*args, **kwargs)[source]

Bases: msrest.paging.Paged

A paging container for iterating over a list of Application object

class azure.graphrbac.models.KeyCredentialPaged(*args, **kwargs)[source]

Bases: msrest.paging.Paged

A paging container for iterating over a list of KeyCredential object

class azure.graphrbac.models.PasswordCredentialPaged(*args, **kwargs)[source]

Bases: msrest.paging.Paged

A paging container for iterating over a list of PasswordCredential object

class azure.graphrbac.models.ADGroupPaged(*args, **kwargs)[source]

Bases: msrest.paging.Paged

A paging container for iterating over a list of ADGroup object

class azure.graphrbac.models.StrPaged(*args, **kwargs)[source]

Bases: msrest.paging.Paged

A paging container for iterating over a list of str object

class azure.graphrbac.models.ServicePrincipalPaged(*args, **kwargs)[source]

Bases: msrest.paging.Paged

A paging container for iterating over a list of ServicePrincipal object

class azure.graphrbac.models.UserPaged(*args, **kwargs)[source]

Bases: msrest.paging.Paged

A paging container for iterating over a list of User object

class azure.graphrbac.models.DomainPaged(*args, **kwargs)[source]

Bases: msrest.paging.Paged

A paging container for iterating over a list of Domain object

class azure.graphrbac.models.UserType[source]

Bases: enum.Enum

guest = 'Guest'
member = 'Member'