🔍 Code Extractor

class RoleManagement

Maturity: 52

A class representing Microsoft 365 role-based access control (RBAC) role management entity that provides access to role definitions and assignments from various RBAC providers.

File:
/tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/rolemanagement/management.py
Lines:
6 - 32
Complexity:
moderate

Purpose

This class serves as a container and access point for Microsoft 365 RBAC resources across multiple providers including Azure Active Directory (directory), entitlement management, and Intune (deviceManagement). It inherits from Entity and provides property-based access to RbacApplication instances for different RBAC providers, enabling management of role definitions and role assignments within the Microsoft 365 ecosystem.

Source Code

class RoleManagement(Entity):
    """
    Represents a Microsoft 365 role-based access control (RBAC) role management entity.
    This resource provides access to role definitions and role assignments surfaced from RBAC providers.
    directory (Azure Active Directory), entitlementManagement, and deviceManagement (Intune) providers
    are currently supported.
    """

    @property
    def directory(self):
        """"""
        return self.properties.get(
            "directory",
            RbacApplication(
                self.context, ResourcePath("directory", self.resource_path)
            ),
        )

    @property
    def entitlement_management(self):
        """Container for roles and assignments for entitlement management resources."""
        return self.properties.get(
            "entitlementManagement",
            RbacApplication(
                self.context, ResourcePath("entitlementManagement", self.resource_path)
            ),
        )

Parameters

Name Type Default Kind
bases Entity -

Parameter Details

context: The context object inherited from Entity base class, typically containing authentication and connection information for Microsoft Graph API calls

resource_path: The resource path inherited from Entity base class, representing the URL path segment for this role management resource in the Microsoft Graph API

Return Value

Instantiation returns a RoleManagement object that provides access to RBAC providers through properties. The directory and entitlement_management properties return RbacApplication instances that can be used to query and manage role definitions and assignments for their respective providers.

Class Interface

Methods

@property directory(self) -> RbacApplication property

Purpose: Provides access to the Azure Active Directory RBAC provider for managing directory role definitions and assignments

Returns: RbacApplication instance for the directory (Azure AD) RBAC provider, cached in the properties dictionary

@property entitlement_management(self) -> RbacApplication property

Purpose: Provides access to the entitlement management RBAC provider for managing roles and assignments related to entitlement management resources

Returns: RbacApplication instance for the entitlement management RBAC provider, cached in the properties dictionary

Attributes

Name Type Description Scope
context ClientContext Inherited from Entity, contains the authentication context and connection information for Microsoft Graph API calls instance
resource_path ResourcePath Inherited from Entity, represents the URL path segment for this resource in the Microsoft Graph API hierarchy instance
properties dict Inherited from Entity, dictionary that caches property values including RbacApplication instances for different providers instance

Dependencies

  • office365

Required Imports

from office365.directory.rolemanagement.application import RbacApplication
from office365.entity import Entity
from office365.runtime.paths.resource_path import ResourcePath

Usage Example

from office365.graph_client import GraphClient
from office365.directory.rolemanagement.role_management import RoleManagement

# Authenticate and create client
client = GraphClient.with_client_secret(tenant_id, client_id, client_secret)

# Access role management
role_mgmt = client.role_management

# Access directory RBAC provider
directory_rbac = role_mgmt.directory
role_definitions = directory_rbac.role_definitions.get().execute_query()

# Access entitlement management RBAC provider
entitlement_rbac = role_mgmt.entitlement_management
role_assignments = entitlement_rbac.role_assignments.get().execute_query()

Best Practices

  • Always ensure proper authentication context is established before accessing role management resources
  • Use appropriate Microsoft Graph API permissions based on the RBAC provider being accessed
  • Properties are lazily loaded and cached in the properties dictionary to avoid redundant object creation
  • The class follows the Entity pattern from the office365 library, so standard Entity lifecycle methods apply
  • Access RBAC providers through properties (directory, entitlement_management) rather than directly instantiating RbacApplication
  • Remember that role management operations typically require elevated permissions in Microsoft 365
  • The deviceManagement provider is mentioned in the docstring but not implemented as a property in this code snippet

Tags

rbac role-management microsoft-365 azure-ad access-control entitlement-management intune directory permissions graph-api

Similar Components

AI-powered semantic similarity - components with related functionality:

  • class RbacApplication 86.4% similar

    A container class for managing Microsoft 365 role-based access control (RBAC) that provides unified access to role definitions and role assignments.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/rolemanagement/application.py

  • class AppRole 70.3% similar

    Represents an application role in Microsoft Graph API that can be assigned to users, groups, or other applications to define permissions and access control.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/applications/roles/role.py

  • class UnifiedRoleAssignment 69.7% similar

    Represents a role assignment in Microsoft Graph API that grants access to resources by associating a role definition with a principal (user or group) at a specific scope.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/rolemanagement/unified_role_assignment.py

  • class UnifiedRoleDefinition 67.7% similar

    Represents an Azure Active Directory (Azure AD) role definition, which is a collection of permissions listing operations that can be performed and resources against which they can be performed.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/rolemanagement/unified_role_definition.py

  • class DirectoryRole 66.6% similar

    Represents an Azure AD directory role (also known as administrator roles) with properties like description, display name, and members.

    From: /tf/active/vicechatdev/SPFCsync/venv/lib64/python3.11/site-packages/office365/directory/rolemanagement/role.py
← Back to Browse