🔍 Code Extractor

class ResourceSpecificPermissionGrant

Maturity: 48

Represents a resource-specific permission grant for an Azure AD application, providing read-only access to permission details granted to apps for Microsoft Graph resources.

File:
/tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/permissions/grants/resource_specific.py
Lines:
6 - 40
Complexity:
simple

Purpose

This class models the permission grants that have been assigned to specific Azure AD applications for accessing resources in Microsoft Graph. It inherits from DirectoryObject and provides read-only properties to access information about the granted permission, including the client app details, permission name and type, and the resource app being accessed. This is typically used when querying or auditing permissions granted to applications in an Azure AD environment.

Source Code

class ResourceSpecificPermissionGrant(DirectoryObject):
    """
    Declares the permission that has been granted to a specific Azure AD app for an instance of a resource
    in Microsoft Graph.
    """

    @property
    def client_id(self):
        # type: () -> Optional[str]
        """ID of the Azure AD app that has been granted access."""
        return self.properties.get("clientId", None)

    @property
    def client_app_id(self):
        # type: () -> Optional[str]
        """ID of the service principal of the Azure AD app that has been granted access."""
        return self.properties.get("clientAppId", None)

    @property
    def permission(self):
        # type: () -> Optional[str]
        """The name of the resource-specific permission."""
        return self.properties.get("permission", None)

    @property
    def permission_type(self):
        # type: () -> Optional[str]
        """The type of permission. Possible values are: Application, Delegated. Read-only."""
        return self.properties.get("permissionType", None)

    @property
    def resource_app_id(self):
        # type: () -> Optional[str]
        """ID of the Azure AD app that is hosting the resource. Read-only."""
        return self.properties.get("resourceAppId", None)

Parameters

Name Type Default Kind
bases DirectoryObject -

Parameter Details

bases: Inherits from DirectoryObject, which provides the base functionality for directory objects in Microsoft Graph. The parent class likely handles the underlying properties dictionary and common directory object operations.

Return Value

Instantiation returns a ResourceSpecificPermissionGrant object that provides read-only access to permission grant details through its properties. All property methods return Optional[str] values, which will be None if the property is not present in the underlying data.

Class Interface

Methods

@property client_id() -> Optional[str] property

Purpose: Returns the ID of the Azure AD app that has been granted access

Returns: Optional string containing the client ID, or None if not present

@property client_app_id() -> Optional[str] property

Purpose: Returns the ID of the service principal of the Azure AD app that has been granted access

Returns: Optional string containing the client app ID (service principal ID), or None if not present

@property permission() -> Optional[str] property

Purpose: Returns the name of the resource-specific permission that was granted

Returns: Optional string containing the permission name, or None if not present

@property permission_type() -> Optional[str] property

Purpose: Returns the type of permission granted (Application or Delegated)

Returns: Optional string containing either 'Application' or 'Delegated', or None if not present. This is a read-only property.

@property resource_app_id() -> Optional[str] property

Purpose: Returns the ID of the Azure AD app that is hosting the resource

Returns: Optional string containing the resource app ID, or None if not present. This is a read-only property.

Attributes

Name Type Description Scope
properties dict Inherited from DirectoryObject. Dictionary containing the raw permission grant data retrieved from Microsoft Graph API. All property accessors read from this dictionary. instance

Dependencies

  • typing
  • office365.directory.object

Required Imports

from office365.directory.permissions.grant import ResourceSpecificPermissionGrant
from typing import Optional

Usage Example

# Assuming you have an authenticated Office365 client
from office365.directory.permissions.grant import ResourceSpecificPermissionGrant

# Typically retrieved from Microsoft Graph API query
# grant = client.directory.permission_grants.get_by_id('grant_id')

# Access permission grant properties
if grant.client_id:
    print(f"Client ID: {grant.client_id}")
    print(f"Client App ID: {grant.client_app_id}")
    print(f"Permission: {grant.permission}")
    print(f"Permission Type: {grant.permission_type}")
    print(f"Resource App ID: {grant.resource_app_id}")

# Check permission type
if grant.permission_type == 'Application':
    print("This is an application permission")
elif grant.permission_type == 'Delegated':
    print("This is a delegated permission")

Best Practices

  • This class is read-only; all properties return data from the underlying properties dictionary without modification capabilities
  • Always check for None values when accessing properties, as they return Optional[str] types
  • This object is typically obtained through Microsoft Graph API queries rather than instantiated directly
  • The permission_type property will only contain 'Application' or 'Delegated' values as per Microsoft Graph specifications
  • Use this class for auditing and reporting on granted permissions, not for modifying permission grants
  • The class inherits from DirectoryObject, so it may have additional methods and properties from the parent class
  • Properties are lazily evaluated from the underlying properties dictionary, so there's no performance penalty for unused properties

Tags

azure-ad permissions microsoft-graph directory-object authorization security read-only oauth app-permissions

Similar Components

AI-powered semantic similarity - components with related functionality:

  • class OAuth2PermissionGrant 73.9% similar

    Represents OAuth 2.0 delegated permissions granted to an application's service principal, allowing it to act on behalf of users when accessing APIs.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/permissions/grants/oauth2.py

  • class SPO3rdPartyAADPermissionGrant 65.7% similar

    A SharePoint Online entity class representing a third-party Azure Active Directory (AAD) permission grant for SharePoint tenant administration.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/sharepoint/tenant/administration/internal/permission_grant.py

  • class PermissionScope 61.0% similar

    Represents a delegated permission definition for Microsoft identity platform applications, encapsulating permission metadata such as consent descriptions and enabled status.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/permissions/scope.py

  • class PermissionGrantConditionSet 59.5% similar

    A class representing a permission grant condition set that specifies matching rules in a permission grant policy to include or exclude permission grant events in Microsoft Graph API.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/permissions/grants/condition_set.py

  • class AppRoleAssignment 59.4% similar

    Represents an app role assignment in Microsoft Graph API, recording when a user, group, or service principal is assigned an app role for an application.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/applications/roles/assignment.py
← Back to Browse