🔍 Code Extractor

class RbacApplication

Maturity: 51

A container class for managing Microsoft 365 role-based access control (RBAC) that provides unified access to role definitions and role assignments.

File:
/tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/rolemanagement/application.py
Lines:
12 - 50
Complexity:
moderate

Purpose

RbacApplication serves as a centralized management interface for Microsoft 365 RBAC operations. It provides access to role assignments (granting access to users/groups) and role definitions (defining permissions for roles). This class supports directory and entitlementManagement RBAC providers, with role assignments limited to a single principal and single scope. It inherits from Entity and provides lazy-loaded collections for both role assignments and definitions.

Source Code

class RbacApplication(Entity):
    """Role management container for unified role definitions and role assignments for Microsoft 365 role-based
    access control (RBAC) providers. The role assignments support only a single principal and a single scope.
    Currently directory and entitlementManagement are the two RBAC providers supported.
    """

    @property
    def role_assignments(self):
        # type: () -> EntityCollection[UnifiedRoleAssignment]
        """Resource to grant access to users or groups."""
        return self.properties.get(
            "roleAssignments",
            EntityCollection(
                self.context,
                UnifiedRoleAssignment,
                ResourcePath("roleAssignments", self.resource_path),
            ),
        )

    def role_definitions(self):
        # type: () -> EntityCollection[UnifiedRoleDefinition]
        """Resource representing the roles allowed by RBAC providers and the permissions assigned to the roles."""
        return self.properties.get(
            "roleDefinitions",
            EntityCollection(
                self.context,
                UnifiedRoleDefinition,
                ResourcePath("roleDefinitions", self.resource_path),
            ),
        )

    def get_property(self, name, default_value=None):
        if default_value is None:
            property_mapping = {
                "roleAssignments": self.role_assignments,
                "roleDefinitions": self.role_definitions,
            }
            default_value = property_mapping.get(name, None)
        return super(RbacApplication, self).get_property(name, default_value)

Parameters

Name Type Default Kind
bases Entity -

Parameter Details

context: The execution context required by the parent Entity class, typically containing authentication and connection information for Microsoft 365 services

resource_path: The resource path inherited from Entity that identifies this RBAC application instance within the Microsoft 365 service hierarchy

Return Value

Instantiation returns an RbacApplication object that provides access to role management capabilities. The role_assignments property returns an EntityCollection of UnifiedRoleAssignment objects. The role_definitions method returns an EntityCollection of UnifiedRoleDefinition objects. Both collections are lazily initialized and cached in the properties dictionary.

Class Interface

Methods

role_assignments() -> EntityCollection[UnifiedRoleAssignment] property

Purpose: Provides access to the collection of role assignments that grant access to users or groups

Returns: An EntityCollection containing UnifiedRoleAssignment objects representing role grants to principals

role_definitions() -> EntityCollection[UnifiedRoleDefinition]

Purpose: Provides access to the collection of role definitions that represent roles allowed by RBAC providers and their associated permissions

Returns: An EntityCollection containing UnifiedRoleDefinition objects representing available roles and their permissions

get_property(name: str, default_value=None) -> Any

Purpose: Retrieves a property value by name with support for lazy-loaded collections and fallback values

Parameters:

  • name: The name of the property to retrieve (e.g., 'roleAssignments', 'roleDefinitions')
  • default_value: Optional default value to return if the property is not found; if None, uses internal property mapping

Returns: The property value if found, the mapped collection for known properties, or the default_value if provided

Attributes

Name Type Description Scope
context ClientContext Inherited from Entity; the execution context containing authentication and connection information instance
resource_path ResourcePath Inherited from Entity; the path identifying this resource in the Microsoft 365 service hierarchy instance
properties dict Inherited from Entity; dictionary storing cached property values including lazy-loaded collections instance

Dependencies

  • office365

Required Imports

from office365.directory.rolemanagement.rbac_application import RbacApplication
from office365.directory.rolemanagement.unified_role_assignment import UnifiedRoleAssignment
from office365.directory.rolemanagement.unified_role_definition import UnifiedRoleDefinition
from office365.entity import Entity
from office365.entity_collection import EntityCollection
from office365.runtime.paths.resource_path import ResourcePath

Usage Example

# Assuming you have a configured Microsoft 365 context
from office365.directory.rolemanagement.rbac_application import RbacApplication

# Instantiate through the context (typical usage)
rbac_app = context.directory.role_management

# Access role assignments
role_assignments = rbac_app.role_assignments
for assignment in role_assignments:
    print(f"Assignment ID: {assignment.id}")

# Access role definitions
role_definitions = rbac_app.role_definitions()
for definition in role_definitions:
    print(f"Role: {definition.display_name}")

# Get property with fallback
value = rbac_app.get_property('roleAssignments')

Best Practices

  • Always access role_assignments and role_definitions through the provided properties/methods rather than directly manipulating the properties dictionary
  • The collections are lazily loaded and cached, so repeated access to the same property returns the same collection instance
  • Role assignments support only a single principal and single scope - do not attempt to assign multiple principals or scopes
  • Ensure proper authentication and permissions are configured before accessing RBAC resources
  • Use the get_property method for safe property access with fallback values
  • The class is designed to work within the office365 SDK context - do not instantiate directly without proper context setup
  • Remember that only directory and entitlementManagement RBAC providers are currently supported

Tags

rbac role-management microsoft-365 access-control permissions entity directory entitlement-management role-assignments role-definitions

Similar Components

AI-powered semantic similarity - components with related functionality:

  • class RoleManagement 86.4% similar

    A class representing Microsoft 365 role-based access control (RBAC) role management entity that provides access to role definitions and assignments from various RBAC providers.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/rolemanagement/management.py

  • class AppRole 64.8% similar

    Represents an application role in Microsoft Graph API that can be assigned to users, groups, or other applications to define permissions and access control.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/applications/roles/role.py

  • class UnifiedRoleAssignment 61.3% similar

    Represents a role assignment in Microsoft Graph API that grants access to resources by associating a role definition with a principal (user or group) at a specific scope.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/rolemanagement/unified_role_assignment.py

  • class AppRoleAssignmentCollection 59.3% similar

    A collection class that manages and provides access to AppRoleAssignment entities, inheriting from EntityCollection to handle groups of application role assignments.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/applications/roles/assignment_collection.py

  • class AppRoleAssignment 59.0% similar

    Represents an app role assignment in Microsoft Graph API, recording when a user, group, or service principal is assigned an app role for an application.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/applications/roles/assignment.py
← Back to Browse