azure.graphrbac.models module

class azure.graphrbac.models.GraphError(code=None, message=None)[source]

Bases: msrest.serialization.Model

Active Directory error information.

Parameters:
  • code (str) – Error code.
  • message (str) – Error message value.
exception azure.graphrbac.models.GraphErrorException(deserialize, response, *args)[source]

Bases: msrest.exceptions.HttpOperationError

Server responsed with exception of type: ‘GraphError’.

Parameters:
  • deserialize – A deserializer
  • response – Server response to be deserialized.
class azure.graphrbac.models.KeyCredential(start_date=None, end_date=None, value=None, key_id=None, usage=None, type=None)[source]

Bases: msrest.serialization.Model

Active Directory Key Credential information.

Parameters:
  • start_date (datetime) – Start date.
  • end_date (datetime) – End date.
  • value (str) – Key value.
  • key_id (str) – Key ID.
  • usage (str) – Usage. Acceptable values are ‘Verify’ and ‘Sign’.
  • type (str) – Type. Acceptable values are ‘AsymmetricX509Cert’ and ‘Symmetric’.
class azure.graphrbac.models.PasswordCredential(start_date=None, end_date=None, key_id=None, value=None)[source]

Bases: msrest.serialization.Model

Active Directory Password Credential information.

Parameters:
  • start_date (datetime) – Start date.
  • end_date (datetime) – End date.
  • key_id (str) – Key ID.
  • value (str) – Key value.
class azure.graphrbac.models.ApplicationCreateParameters(available_to_other_tenants, display_name, identifier_uris, homepage=None, reply_urls=None, key_credentials=None, password_credentials=None)[source]

Bases: msrest.serialization.Model

Request parameters for creating a new application.

Parameters:
  • available_to_other_tenants (bool) – Whether the application is available to other tenants.
  • display_name (str) – The display name of the application.
  • homepage (str) – The home page of the application.
  • identifier_uris (list of str) – A collection of URIs for the application.
  • reply_urls (list of str) – A collection of reply URLs for the application.
  • key_credentials (list of KeyCredential) – The list of KeyCredential objects.
  • password_credentials (list of PasswordCredential) – The list of PasswordCredential objects.
class azure.graphrbac.models.ApplicationUpdateParameters(available_to_other_tenants=None, display_name=None, homepage=None, identifier_uris=None, reply_urls=None, key_credentials=None, password_credentials=None)[source]

Bases: msrest.serialization.Model

Request parameters for updating an existing application.

Parameters:
  • available_to_other_tenants (bool) – Whether the application is available to other tenants
  • display_name (str) – The display name of the application.
  • homepage (str) – The home page of the application.
  • identifier_uris (list of str) – A collection of URIs for the application.
  • reply_urls (list of str) – A collection of reply URLs for the application.
  • key_credentials (list of KeyCredential) – The list of KeyCredential objects.
  • password_credentials (list of PasswordCredential) – The list of PasswordCredential objects.
class azure.graphrbac.models.Application(object_id=None, object_type=None, app_id=None, app_permissions=None, available_to_other_tenants=None, display_name=None, identifier_uris=None, reply_urls=None, homepage=None)[source]

Bases: msrest.serialization.Model

Active Directory application information.

Parameters:
  • object_id (str) – The object ID.
  • object_type (str) – The object type.
  • app_id (str) – The application ID.
  • app_permissions (list of str) – The application permissions.
  • available_to_other_tenants (bool) – Whether the application is be available to other tenants.
  • display_name (str) – The display name of the application.
  • identifier_uris (list of str) – A collection of URIs for the application.
  • reply_urls (list of str) – A collection of reply URLs for the application.
  • homepage (str) – The home page of the application.
class azure.graphrbac.models.KeyCredentialsUpdateParameters(value)[source]

Bases: msrest.serialization.Model

Request parameters for a KeyCredentials update operation.

Parameters:value (list of KeyCredential) – A collection of KeyCredentials.
class azure.graphrbac.models.PasswordCredentialsUpdateParameters(value)[source]

Bases: msrest.serialization.Model

Request parameters for a PasswordCredentials update operation.

Parameters:value (list of PasswordCredential) – A collection of PasswordCredentials.
class azure.graphrbac.models.AADObject(object_id=None, object_type=None, display_name=None, user_principal_name=None, mail=None, mail_enabled=None, security_enabled=None, sign_in_name=None, service_principal_names=None, user_type=None)[source]

Bases: msrest.serialization.Model

The properties of an Active Directory object.

Parameters:
  • object_id (str) – The ID of the object.
  • object_type (str) – The type of AAD object.
  • display_name (str) – The display name of the object.
  • user_principal_name (str) – The principal name of the object.
  • mail (str) – The primary email address of the object.
  • mail_enabled (bool) – Whether the AAD object is mail-enabled.
  • security_enabled (bool) – Whether the AAD object is security-enabled.
  • sign_in_name (str) – The sign-in name of the object.
  • service_principal_names (list of str) – A collection of service principal names associated with the object.
  • user_type (str) – The user type of the object.
class azure.graphrbac.models.GroupAddMemberParameters(url)[source]

Bases: msrest.serialization.Model

Request parameters for adding a member to a group.

Parameters:url (str) – A member object URL, such as “https://graph.windows.net/0b1f9851-1bf0-433f-aec3-cb9272f093dc/directoryObjects/f260bbc4-c254-447b-94cf-293b5ec434dd”, where “0b1f9851-1bf0-433f-aec3-cb9272f093dc” is the tenantId and “f260bbc4-c254-447b-94cf-293b5ec434dd” is the objectId of the member (user, application, servicePrincipal, group) to be added.
class azure.graphrbac.models.GroupCreateParameters(display_name, mail_nickname)[source]

Bases: msrest.serialization.Model

Request parameters for creating a new group.

Variables are only populated by the server, and will be ignored when sending a request.

Parameters:
  • display_name (str) – Group display name
  • mail_nickname (str) – Mail nickname
Variables:
  • mail_enabled (bool) – Whether the group is mail-enabled. Must be false. This is because only pure security groups can be created using the Graph API. Default value: False .
  • security_enabled (bool) – Whether the group is a security group. Must be true. This is because only pure security groups can be created using the Graph API. Default value: True .
mail_enabled = False
security_enabled = True
class azure.graphrbac.models.ADGroup(object_id=None, object_type=None, display_name=None, security_enabled=None, mail=None)[source]

Bases: msrest.serialization.Model

Active Directory group information.

Parameters:
  • object_id (str) – The object ID.
  • object_type (str) – The object type.
  • display_name (str) – The display name of the group.
  • security_enabled (bool) – Whether the group is security-enable.
  • mail (str) – The primary email address of the group.
class azure.graphrbac.models.GroupGetMemberGroupsParameters(security_enabled_only)[source]

Bases: msrest.serialization.Model

Request parameters for GetMemberGroups API call.

Parameters:security_enabled_only (bool) – If true, only membership in security-enabled groups should be checked. Otherwise, membership in all groups should be checked.
class azure.graphrbac.models.CheckGroupMembershipParameters(group_id, member_id)[source]

Bases: msrest.serialization.Model

Request parameters for IsMemberOf API call.

Parameters:
  • group_id (str) – The object ID of the group to check.
  • member_id (str) – The object ID of the contact, group, user, or service principal to check for membership in the specified group.
class azure.graphrbac.models.CheckGroupMembershipResult(value=None)[source]

Bases: msrest.serialization.Model

Server response for IsMemberOf API call.

Parameters:value (bool) – True if the specified user, group, contact, or service principal has either direct or transitive membership in the specified group; otherwise, false.
class azure.graphrbac.models.ServicePrincipalCreateParameters(app_id, account_enabled, key_credentials=None, password_credentials=None)[source]

Bases: msrest.serialization.Model

Request parameters for creating a new service principal.

Parameters:
  • app_id (str) – application Id
  • account_enabled (bool) – Whether the account is enabled
  • key_credentials (list of KeyCredential) – A collection of KeyCredential objects.
  • password_credentials (list of PasswordCredential) – A collection of PasswordCredential objects
class azure.graphrbac.models.ServicePrincipal(object_id=None, object_type=None, display_name=None, app_id=None, service_principal_names=None)[source]

Bases: msrest.serialization.Model

Active Directory service principal information.

Parameters:
  • object_id (str) – The object ID.
  • object_type (str) – The object type.
  • display_name (str) – The display name of the service principal.
  • app_id (str) – The application ID.
  • service_principal_names (list of str) – A collection of service principal names.
class azure.graphrbac.models.PasswordProfile(password, force_change_password_next_login=None)[source]

Bases: msrest.serialization.Model

The password profile associated with a user.

Parameters:
  • password (str) – Password
  • force_change_password_next_login (bool) – Whether to force a password change on next login.
class azure.graphrbac.models.UserCreateParameters(account_enabled, display_name, password_profile, user_principal_name, mail_nickname, immutable_id=None)[source]

Bases: msrest.serialization.Model

Request parameters for creating a new work or school account user.

Parameters:
  • account_enabled (bool) – Whether the account is enabled.
  • display_name (str) – The display name of the user.
  • password_profile (PasswordProfile) – Password Profile
  • user_principal_name (str) – The user principal name (someuser@contoso.com). It must contain one of the verified domains for the tenant.
  • mail_nickname (str) – The mail alias for the user.
  • immutable_id (str) – This must be specified if you are using a federated domain for the user’s userPrincipalName (UPN) property when creating a new user account. It is used to associate an on-premises Active Directory user account with their Azure AD user object.
class azure.graphrbac.models.UserUpdateParameters(account_enabled=None, display_name=None, password_profile=None, mail_nickname=None)[source]

Bases: msrest.serialization.Model

Request parameters for updating an existing work or school account user.

Parameters:
  • account_enabled (bool) – Whether the account is enabled.
  • display_name (str) – The display name of the user.
  • password_profile (PasswordProfile) – The password profile of the user.
  • mail_nickname (str) – The mail alias for the user.
class azure.graphrbac.models.User(object_id=None, object_type=None, user_principal_name=None, display_name=None, sign_in_name=None, mail=None, mail_nickname=None)[source]

Bases: msrest.serialization.Model

Active Directory user information.

Parameters:
  • object_id (str) – The object ID.
  • object_type (str) – The object type.
  • user_principal_name (str) – The principal name of the user.
  • display_name (str) – The display name of the user.
  • sign_in_name (str) – The sign-in name of the user.
  • mail (str) – The primary email address of the user.
  • mail_nickname (str) – The mail alias for the user.
class azure.graphrbac.models.UserGetMemberGroupsParameters(security_enabled_only)[source]

Bases: msrest.serialization.Model

Request parameters for GetMemberGroups API call.

Parameters:security_enabled_only (bool) – If true, only membership in security-enabled groups should be checked. Otherwise, membership in all groups should be checked.
class azure.graphrbac.models.GetObjectsParameters(include_directory_object_references, object_ids=None, types=None)[source]

Bases: msrest.serialization.Model

Request parameters for the GetObjectsByObjectIds API.

Parameters:
  • object_ids (list of str) – The requested object IDs.
  • types (list of str) – The requested object types.
  • include_directory_object_references (bool) – If true, also searches for object IDs in the partner tenant.
class azure.graphrbac.models.AADObjectPaged(*args, **kwargs)[source]

Bases: msrest.paging.Paged

A paging container for iterating over a list of AADObject object

class azure.graphrbac.models.ApplicationPaged(*args, **kwargs)[source]

Bases: msrest.paging.Paged

A paging container for iterating over a list of Application object

class azure.graphrbac.models.KeyCredentialPaged(*args, **kwargs)[source]

Bases: msrest.paging.Paged

A paging container for iterating over a list of KeyCredential object

class azure.graphrbac.models.PasswordCredentialPaged(*args, **kwargs)[source]

Bases: msrest.paging.Paged

A paging container for iterating over a list of PasswordCredential object

class azure.graphrbac.models.ADGroupPaged(*args, **kwargs)[source]

Bases: msrest.paging.Paged

A paging container for iterating over a list of ADGroup object

class azure.graphrbac.models.StrPaged(*args, **kwargs)[source]

Bases: msrest.paging.Paged

A paging container for iterating over a list of str object

class azure.graphrbac.models.ServicePrincipalPaged(*args, **kwargs)[source]

Bases: msrest.paging.Paged

A paging container for iterating over a list of ServicePrincipal object

class azure.graphrbac.models.UserPaged(*args, **kwargs)[source]

Bases: msrest.paging.Paged

A paging container for iterating over a list of User object