🔍 Code Extractor

class UnifiedRoleAssignment

Maturity: 51

Represents a role assignment in Microsoft Graph API that grants access to resources by associating a role definition with a principal (user or group) at a specific scope.

File:
/tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/rolemanagement/unified_role_assignment.py
Lines:
10 - 51
Complexity:
moderate

Purpose

This class models a unified role assignment entity from Microsoft Graph API's directory role management system. It provides access to role assignment properties including app-specific scopes, directory scopes, conditions, and the associated role definition. The class is used to query and manage role-based access control (RBAC) assignments within Microsoft 365 and Azure AD environments.

Source Code

class UnifiedRoleAssignment(Entity):
    """
    A role assignment is used to grant access to resources. It represents a role definition assigned to a principal
    (for example, a user or a role-assignable group) at a particular scope.
    """

    @property
    def app_scope_id(self):
        # type: () -> Optional[str]
        """
        Identifier of the app-specific scope when the assignment scope is app-specific. Either this property or
        directoryScopeId is required. App scopes are scopes that are defined and understood by this application only.
        Use / for tenant-wide app scopes. Use directoryScopeId to limit the scope to particular directory objects,
        for example, administrative units. Supports $filter (eq, in).
        """
        return self.properties.get("appScopeId", None)

    @property
    def condition(self):
        # type: () -> Optional[str]
        """ """
        return self.properties.get("condition", None)

    @property
    def role_definition(self):
        """
        The roleDefinition the assignment is for. Supports $expand. roleDefinition.Id will be auto expanded.
        """
        return self.properties.get(
            "roleDefinition",
            UnifiedRoleDefinition(
                self.context, ResourcePath("roleDefinition", self.resource_path)
            ),
        )

    def get_property(self, name, default_value=None):
        if default_value is None:
            property_mapping = {
                "roleDefinition": self.role_definition,
            }
            default_value = property_mapping.get(name, None)
        return super(UnifiedRoleAssignment, self).get_property(name, default_value)

Parameters

Name Type Default Kind
bases Entity -

Parameter Details

context: The client context object used for API communication with Microsoft Graph services. Inherited from Entity base class.

resource_path: The resource path identifying this specific role assignment in the Microsoft Graph API hierarchy. Inherited from Entity base class.

Return Value

Instantiation returns a UnifiedRoleAssignment object that provides access to role assignment properties through property accessors. The object maintains state about a specific role assignment including its scope, conditions, and associated role definition.

Class Interface

Methods

@property app_scope_id() -> Optional[str] property

Purpose: Gets the identifier of the app-specific scope when the assignment scope is app-specific

Returns: String identifier of the app scope, or None if not set. Use '/' for tenant-wide app scopes.

@property condition() -> Optional[str] property

Purpose: Gets the condition associated with the role assignment

Returns: String representing the condition for this role assignment, or None if no condition is set

@property role_definition() -> UnifiedRoleDefinition property

Purpose: Gets the role definition that this assignment is for, with support for $expand

Returns: UnifiedRoleDefinition object representing the role being assigned. The roleDefinition.Id will be auto-expanded.

get_property(name: str, default_value: Any = None) -> Any

Purpose: Retrieves a property value by name with optional default value, providing special handling for complex properties like roleDefinition

Parameters:

  • name: The name of the property to retrieve
  • default_value: Optional default value to return if property is not found. If None, uses internal property mapping for special properties.

Returns: The property value if found, otherwise the default_value. For 'roleDefinition', returns a UnifiedRoleDefinition object.

Attributes

Name Type Description Scope
properties dict Dictionary containing the raw property values for this role assignment, inherited from Entity base class instance
context ClientContext The client context used for API communication, inherited from Entity base class instance
resource_path ResourcePath The resource path identifying this entity in the API hierarchy, inherited from Entity base class instance

Dependencies

  • typing
  • office365.directory.rolemanagement.unified_role_definition
  • office365.entity
  • office365.runtime.paths.resource_path

Required Imports

from office365.directory.rolemanagement.unified_role_assignment import UnifiedRoleAssignment
from office365.directory.rolemanagement.unified_role_definition import UnifiedRoleDefinition
from office365.entity import Entity
from office365.runtime.paths.resource_path import ResourcePath
from typing import Optional

Usage Example

# Assuming you have a configured client context
from office365.graph_client import GraphClient
from office365.directory.rolemanagement.unified_role_assignment import UnifiedRoleAssignment

# Initialize Graph client with credentials
client = GraphClient(credentials)

# Get a specific role assignment
role_assignment = client.directory.role_assignments.get_by_id('assignment-id').get().execute_query()

# Access properties
app_scope = role_assignment.app_scope_id
condition = role_assignment.condition

# Access the associated role definition (auto-expanded)
role_def = role_assignment.role_definition
role_name = role_def.display_name

# Use get_property for flexible property access
role_def_alt = role_assignment.get_property('roleDefinition')

Best Practices

  • Always ensure the client context is properly authenticated before accessing role assignment properties
  • Use execute_query() to fetch data from the API before accessing properties
  • The role_definition property is lazily loaded and will create a UnifiedRoleDefinition object on first access
  • Use $expand query parameter when fetching role assignments to include roleDefinition details in a single request
  • Check for None values when accessing optional properties like app_scope_id and condition
  • The class inherits from Entity, so all Entity methods and properties are available
  • Use get_property() method for dynamic property access with default values
  • Role assignments are read-only in most scenarios; modifications should be done through proper Graph API endpoints

Tags

microsoft-graph role-assignment rbac access-control azure-ad directory permissions entity role-management

Similar Components

AI-powered semantic similarity - components with related functionality:

  • class AppRoleAssignment 77.7% similar

    Represents an app role assignment in Microsoft Graph API, recording when a user, group, or service principal is assigned an app role for an application.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/applications/roles/assignment.py

  • class UnifiedRoleDefinition 77.6% similar

    Represents an Azure Active Directory (Azure AD) role definition, which is a collection of permissions listing operations that can be performed and resources against which they can be performed.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/rolemanagement/unified_role_definition.py

  • class RoleAssignment 73.8% similar

    Represents an association between a principal (user or group) and a role definition in SharePoint, managing permissions and role assignments.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/sharepoint/permissions/roles/assignments/assignment.py

  • class RoleManagement 69.7% similar

    A class representing Microsoft 365 role-based access control (RBAC) role management entity that provides access to role definitions and assignments from various RBAC providers.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/rolemanagement/management.py

  • class UserRoleAssignment 68.8% similar

    A data class representing the assignment of a role to a user in SharePoint, inheriting from ClientValue for serialization support.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/sharepoint/sharing/user_role_assignment.py
← Back to Browse