🔍 Code Extractor

class AppRoleAssignment

Maturity: 54

Represents an app role assignment in Microsoft Graph API, recording when a user, group, or service principal is assigned an app role for an application.

File:
/tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/applications/roles/assignment.py
Lines:
7 - 68
Complexity:
simple

Purpose

This class models the relationship between a principal (user, group, or service principal) and an app role within a resource application. It provides read-only access to assignment details including the assigned principal's information, the app role identifier, resource application details, and creation timestamp. This is used for managing and querying application permissions and role assignments in Azure Active Directory/Microsoft Entra ID.

Source Code

class AppRoleAssignment(DirectoryObject):
    """
    Used to record when a user, group, or service principal is assigned an app role for an app.

    An app role assignment is a relationship between the assigned principal (a user, a group, or a service principal),
    a resource application (the app's service principal) and an app role defined on the resource application.
    """

    def __str__(self):
        return "Principal: {0}, AppRole: {1}".format(
            self.principal_display_name, self.app_role_id
        )

    @property
    def app_role_id(self):
        # type: () -> Optional[str]
        """
        The identifier (id) for the app role which is assigned to the principal.
        This app role must be exposed in the appRoles property on
        the resource application's service principal (resourceId). If the resource application has not declared
        any app roles, a default app role ID of 00000000-0000-0000-0000-000000000000 can be specified to signal
        that the principal is assigned to the resource app without any specific app roles. Required on create.
        """
        return self.properties.get("appRoleId", None)

    @property
    def created_datetime(self):
        # type: () -> datetime
        """The time when the app role assignment was created."""
        return self.properties.get("createdDateTime", datetime.min)

    @property
    def principal_display_name(self):
        # type: () -> Optional[str]
        """The display name of the user, group, or service principal that was granted the app role assignment."""
        return self.properties.get("principalDisplayName", None)

    @property
    def principal_id(self):
        # type: () -> Optional[str]
        """The unique identifier (id) for the user, security group, or service principal being granted the app role.
        Security groups with dynamic memberships are supported. Required on create."""
        return self.properties.get("principalId", None)

    @property
    def principal_type(self):
        # type: () -> Optional[str]
        """The type of the assigned principal. This can either be User, Group, or ServicePrincipal."""
        return self.properties.get("principalType", None)

    @property
    def resource_display_name(self):
        # type: () -> Optional[str]
        """The display name of the resource app's service principal to which the assignment is made."""
        return self.properties.get("resourceDisplayName", None)

    @property
    def resource_id(self):
        # type: () -> Optional[str]
        """The unique identifier (id) for the resource service principal for which the assignment is made.
        Required on create."""
        return self.properties.get("resourceId", None)

Parameters

Name Type Default Kind
bases DirectoryObject -

Parameter Details

inherited_from_DirectoryObject: This class inherits from DirectoryObject, which likely provides base functionality for Microsoft Graph directory objects. The constructor parameters are inherited from the parent class and typically include properties dictionary containing the assignment data.

Return Value

Instantiation returns an AppRoleAssignment object that provides property-based access to assignment details. All properties return Optional[str] (except created_datetime which returns datetime) and may return None if the property is not present in the underlying data.

Class Interface

Methods

__str__(self) -> str

Purpose: Returns a human-readable string representation of the app role assignment

Returns: Formatted string showing principal display name and app role ID

app_role_id(self) -> Optional[str] property

Purpose: Gets the identifier for the app role assigned to the principal

Returns: The app role ID (GUID) or None if not present. Returns '00000000-0000-0000-0000-000000000000' for assignments without specific app roles

created_datetime(self) -> datetime property

Purpose: Gets the timestamp when the app role assignment was created

Returns: datetime object representing creation time, or datetime.min if not present

principal_display_name(self) -> Optional[str] property

Purpose: Gets the display name of the assigned principal

Returns: Display name of the user, group, or service principal, or None if not present

principal_id(self) -> Optional[str] property

Purpose: Gets the unique identifier of the assigned principal

Returns: GUID of the user, security group, or service principal, or None if not present

principal_type(self) -> Optional[str] property

Purpose: Gets the type of the assigned principal

Returns: One of 'User', 'Group', or 'ServicePrincipal', or None if not present

resource_display_name(self) -> Optional[str] property

Purpose: Gets the display name of the resource application's service principal

Returns: Display name of the resource app, or None if not present

resource_id(self) -> Optional[str] property

Purpose: Gets the unique identifier of the resource service principal

Returns: GUID of the resource service principal, or None if not present

Attributes

Name Type Description Scope
properties dict Inherited from DirectoryObject. Dictionary containing the raw assignment data from Microsoft Graph API. All property methods access this dictionary. instance

Dependencies

  • datetime
  • typing
  • office365.directory.object

Required Imports

from datetime import datetime
from typing import Optional
from office365.directory.object import DirectoryObject

Usage Example

# Assuming you have a Microsoft Graph client configured
# and retrieved an app role assignment object

# The class is typically instantiated by the SDK when fetching assignments
# from Microsoft Graph API, not directly by users

# Example of using the object after retrieval:
assignment = app_role_assignments.get_by_id("assignment_id")

# Access assignment properties
print(assignment)  # Prints: Principal: <name>, AppRole: <id>
print(f"Principal: {assignment.principal_display_name}")
print(f"Principal ID: {assignment.principal_id}")
print(f"Principal Type: {assignment.principal_type}")
print(f"App Role ID: {assignment.app_role_id}")
print(f"Resource: {assignment.resource_display_name}")
print(f"Resource ID: {assignment.resource_id}")
print(f"Created: {assignment.created_datetime}")

# Check if assignment is for a specific principal
if assignment.principal_id == "user-guid":
    print(f"Assignment found for user: {assignment.principal_display_name}")

Best Practices

  • This class is read-only; all properties are getters without setters, indicating it represents data retrieved from Microsoft Graph API
  • The object is typically instantiated by the SDK when fetching data, not created directly by application code
  • Always check for None values when accessing properties as they are Optional
  • The created_datetime property returns datetime.min if not present, rather than None
  • Use the __str__ method for human-readable representation of the assignment
  • The app_role_id of '00000000-0000-0000-0000-000000000000' indicates assignment without specific app roles
  • This class inherits from DirectoryObject, so it has access to parent class properties and methods (like 'properties' dictionary)
  • The properties dictionary is the underlying data store accessed by all property methods

Tags

microsoft-graph azure-ad app-role assignment directory-object rbac permissions service-principal user-management group-management

Similar Components

AI-powered semantic similarity - components with related functionality:

  • class AppRole 83.4% similar

    Represents an application role in Microsoft Graph API that can be assigned to users, groups, or other applications to define permissions and access control.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/applications/roles/role.py

  • class UnifiedRoleAssignment 77.7% similar

    Represents a role assignment in Microsoft Graph API that grants access to resources by associating a role definition with a principal (user or group) at a specific scope.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/rolemanagement/unified_role_assignment.py

  • class RoleAssignment 72.6% similar

    Represents an association between a principal (user or group) and a role definition in SharePoint, managing permissions and role assignments.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/sharepoint/permissions/roles/assignments/assignment.py

  • class AppRoleAssignmentCollection 72.2% similar

    A collection class that manages and provides access to AppRoleAssignment entities, inheriting from EntityCollection to handle groups of application role assignments.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/applications/roles/assignment_collection.py

  • class RoleManagement 63.8% similar

    A class representing Microsoft 365 role-based access control (RBAC) role management entity that provides access to role definitions and assignments from various RBAC providers.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/rolemanagement/management.py
← Back to Browse