azure.mgmt.authorization.v2022_04_01.models module

class azure.mgmt.authorization.v2022_04_01.models.ApprovalMode(value)

Bases: str, enum.Enum

The type of rule.

NO_APPROVAL = 'NoApproval'

PARALLEL = 'Parallel'

SERIAL = 'Serial'

SINGLE_STAGE = 'SingleStage'

class azure.mgmt.authorization.v2022_04_01.models.ApprovalSettings(*, is_approval_required: Optional[bool] = None, is_approval_required_for_extension: Optional[bool] = None, is_requestor_justification_required: Optional[bool] = None, approval_mode: Optional[Union[str, _models.ApprovalMode]] = None, approval_stages: Optional[List[_models.ApprovalStage]] = None, **kwargs: Any)

Bases: azure.mgmt.authorization._serialization.Model

The approval settings.

Variables

• is_approval_required (bool) – Determines whether approval is required or not.

• is_approval_required_for_extension (bool) – Determines whether approval is required for assignment extension.

• is_requestor_justification_required (bool) – Determine whether requestor justification is required.

• approval_mode (str or ApprovalMode) – The type of rule. Known values are: “SingleStage”, “Serial”, “Parallel”, and “NoApproval”.

• approval_stages (list[ApprovalStage]) – The approval stages of the request.

Keyword Arguments

• is_approval_required (bool) – Determines whether approval is required or not.

• is_approval_required_for_extension (bool) – Determines whether approval is required for assignment extension.

• is_requestor_justification_required (bool) – Determine whether requestor justification is required.

• approval_mode (str or ApprovalMode) – The type of rule. Known values are: “SingleStage”, “Serial”, “Parallel”, and “NoApproval”.

• approval_stages (list[ApprovalStage]) – The approval stages of the request.

class azure.mgmt.authorization.v2022_04_01.models.ApprovalStage(*, approval_stage_time_out_in_days: Optional[int] = None, is_approver_justification_required: Optional[bool] = None, escalation_time_in_minutes: Optional[int] = None, primary_approvers: Optional[List[_models.UserSet]] = None, is_escalation_enabled: Optional[bool] = None, escalation_approvers: Optional[List[_models.UserSet]] = None, **kwargs: Any)

Bases: azure.mgmt.authorization._serialization.Model

The approval stage.

Variables

• approval_stage_time_out_in_days (int) – The time in days when approval request would be timed out.

• is_approver_justification_required (bool) – Determines whether approver need to provide justification for his decision.

• escalation_time_in_minutes (int) – The time in minutes when the approval request would be escalated if the primary approver does not approve.

• primary_approvers (list[UserSet]) – The primary approver of the request.

• is_escalation_enabled (bool) – The value determine whether escalation feature is enabled.

• escalation_approvers (list[UserSet]) – The escalation approver of the request.

Keyword Arguments

• approval_stage_time_out_in_days (int) – The time in days when approval request would be timed out.

• is_approver_justification_required (bool) – Determines whether approver need to provide justification for his decision.

• escalation_time_in_minutes (int) – The time in minutes when the approval request would be escalated if the primary approver does not approve.

• primary_approvers (list[UserSet]) – The primary approver of the request.

• is_escalation_enabled (bool) – The value determine whether escalation feature is enabled.

• escalation_approvers (list[UserSet]) – The escalation approver of the request.

class azure.mgmt.authorization.v2022_04_01.models.DenyAssignment(*, deny_assignment_name: Optional[str] = None, description: Optional[str] = None, permissions: Optional[List[_models.DenyAssignmentPermission]] = None, scope: Optional[str] = None, do_not_apply_to_child_scopes: Optional[bool] = None, principals: Optional[List[_models.Principal]] = None, exclude_principals: Optional[List[_models.Principal]] = None, is_system_protected: Optional[bool] = None, condition: Optional[str] = None, condition_version: Optional[str] = None, **kwargs: Any)

Bases: azure.mgmt.authorization._serialization.Model

Deny Assignment.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

• id (str) – The deny assignment ID.

• name (str) – The deny assignment name.

• type (str) – The deny assignment type.

• deny_assignment_name (str) – The display name of the deny assignment.

• description (str) – The description of the deny assignment.

• permissions (list[DenyAssignmentPermission]) – An array of permissions that are denied by the deny assignment.

• scope (str) – The deny assignment scope.

• do_not_apply_to_child_scopes (bool) – Determines if the deny assignment applies to child scopes. Default value is false.

• principals (list[Principal]) – Array of principals to which the deny assignment applies.

• exclude_principals (list[Principal]) – Array of principals to which the deny assignment does not apply.

• is_system_protected (bool) – Specifies whether this deny assignment was created by Azure and cannot be edited or deleted.

• condition (str) – The conditions on the deny assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase ‘foo_storage_container’.

• condition_version (str) – Version of the condition.

• created_on (datetime) – Time it was created.

• updated_on (datetime) – Time it was updated.

• created_by (str) – Id of the user who created the assignment.

• updated_by (str) – Id of the user who updated the assignment.

Keyword Arguments

• deny_assignment_name (str) – The display name of the deny assignment.

• description (str) – The description of the deny assignment.

• permissions (list[DenyAssignmentPermission]) – An array of permissions that are denied by the deny assignment.

• scope (str) – The deny assignment scope.

• do_not_apply_to_child_scopes (bool) – Determines if the deny assignment applies to child scopes. Default value is false.

• principals (list[Principal]) – Array of principals to which the deny assignment applies.

• exclude_principals (list[Principal]) – Array of principals to which the deny assignment does not apply.

• is_system_protected (bool) – Specifies whether this deny assignment was created by Azure and cannot be edited or deleted.

• condition (str) – The conditions on the deny assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase ‘foo_storage_container’.

• condition_version (str) – Version of the condition.

class azure.mgmt.authorization.v2022_04_01.models.DenyAssignmentFilter(*, deny_assignment_name: Optional[str] = None, principal_id: Optional[str] = None, gdpr_export_principal_id: Optional[str] = None, **kwargs: Any)

Bases: azure.mgmt.authorization._serialization.Model

Deny Assignments filter.

Variables

• deny_assignment_name (str) – Return deny assignment with specified name.

• principal_id (str) – Return all deny assignments where the specified principal is listed in the principals list of deny assignments.

• gdpr_export_principal_id (str) – Return all deny assignments where the specified principal is listed either in the principals list or exclude principals list of deny assignments.

Keyword Arguments

• deny_assignment_name (str) – Return deny assignment with specified name.

• principal_id (str) – Return all deny assignments where the specified principal is listed in the principals list of deny assignments.

• gdpr_export_principal_id (str) – Return all deny assignments where the specified principal is listed either in the principals list or exclude principals list of deny assignments.

class azure.mgmt.authorization.v2022_04_01.models.DenyAssignmentListResult(*, value: Optional[List[_models.DenyAssignment]] = None, next_link: Optional[str] = None, **kwargs: Any)

Bases: azure.mgmt.authorization._serialization.Model

Deny assignment list operation result.

Variables

• value (list[DenyAssignment]) – Deny assignment list.

• next_link (str) – The URL to use for getting the next set of results.

Keyword Arguments

• value (list[DenyAssignment]) – Deny assignment list.

• next_link (str) – The URL to use for getting the next set of results.

class azure.mgmt.authorization.v2022_04_01.models.DenyAssignmentPermission(*, actions: Optional[List[str]] = None, not_actions: Optional[List[str]] = None, data_actions: Optional[List[str]] = None, not_data_actions: Optional[List[str]] = None, condition: Optional[str] = None, condition_version: Optional[str] = None, **kwargs: Any)

Bases: azure.mgmt.authorization._serialization.Model

Deny assignment permissions.

Variables

• actions (list[str]) – Actions to which the deny assignment does not grant access.

• not_actions (list[str]) – Actions to exclude from that the deny assignment does not grant access.

• data_actions (list[str]) – Data actions to which the deny assignment does not grant access.

• not_data_actions (list[str]) – Data actions to exclude from that the deny assignment does not grant access.

• condition (str) – The conditions on the Deny assignment permission. This limits the resources it applies to.

• condition_version (str) – Version of the condition.

Keyword Arguments

• actions (list[str]) – Actions to which the deny assignment does not grant access.

• not_actions (list[str]) – Actions to exclude from that the deny assignment does not grant access.

• data_actions (list[str]) – Data actions to which the deny assignment does not grant access.

• not_data_actions (list[str]) – Data actions to exclude from that the deny assignment does not grant access.

• condition (str) – The conditions on the Deny assignment permission. This limits the resources it applies to.

• condition_version (str) – Version of the condition.

class azure.mgmt.authorization.v2022_04_01.models.EnablementRules(value)

Bases: str, enum.Enum

The type of enablement rule.

JUSTIFICATION = 'Justification'

MULTI_FACTOR_AUTHENTICATION = 'MultiFactorAuthentication'

TICKETING = 'Ticketing'

class azure.mgmt.authorization.v2022_04_01.models.ErrorAdditionalInfo(**kwargs: Any)

Bases: azure.mgmt.authorization._serialization.Model

The resource management error additional info.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

• type (str) – The additional info type.

• info (JSON) – The additional info.

class azure.mgmt.authorization.v2022_04_01.models.ErrorDetail(**kwargs: Any)

Bases: azure.mgmt.authorization._serialization.Model

The error detail.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

• code (str) – The error code.

• message (str) – The error message.

• target (str) – The error target.

• details (list[ErrorDetail]) – The error details.

• additional_info (list[ErrorAdditionalInfo]) – The error additional info.

class azure.mgmt.authorization.v2022_04_01.models.ErrorResponse(*, error: Optional[_models.ErrorDetail] = None, **kwargs: Any)

Bases: azure.mgmt.authorization._serialization.Model

Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.).

Variables

error (ErrorDetail) – The error object.

Keyword Arguments

error (ErrorDetail) – The error object.

class azure.mgmt.authorization.v2022_04_01.models.NotificationDeliveryMechanism(value)

Bases: str, enum.Enum

The type of notification.

EMAIL = 'Email'

class azure.mgmt.authorization.v2022_04_01.models.NotificationLevel(value)

Bases: str, enum.Enum

The notification level.

ALL = 'All'

CRITICAL = 'Critical'

NONE = 'None'

class azure.mgmt.authorization.v2022_04_01.models.Permission(*, actions: Optional[List[str]] = None, not_actions: Optional[List[str]] = None, data_actions: Optional[List[str]] = None, not_data_actions: Optional[List[str]] = None, **kwargs: Any)

Bases: azure.mgmt.authorization._serialization.Model

Role definition permissions.

Variables

• actions (list[str]) – Allowed actions.

• not_actions (list[str]) – Denied actions.

• data_actions (list[str]) – Allowed Data actions.

• not_data_actions (list[str]) – Denied Data actions.

Keyword Arguments

• actions (list[str]) – Allowed actions.

• not_actions (list[str]) – Denied actions.

• data_actions (list[str]) – Allowed Data actions.

• not_data_actions (list[str]) – Denied Data actions.

class azure.mgmt.authorization.v2022_04_01.models.PermissionGetResult(*, value: Optional[List[_models.Permission]] = None, next_link: Optional[str] = None, **kwargs: Any)

Bases: azure.mgmt.authorization._serialization.Model

Permissions information.

Variables

• value (list[Permission]) – An array of permissions.

• next_link (str) – The URL to use for getting the next set of results.

Keyword Arguments

• value (list[Permission]) – An array of permissions.

• next_link (str) – The URL to use for getting the next set of results.

class azure.mgmt.authorization.v2022_04_01.models.Principal(*, id: Optional[str] = None, display_name: Optional[str] = None, type: Optional[str] = None, email: Optional[str] = None, **kwargs: Any)

Bases: azure.mgmt.authorization._serialization.Model

The name of the entity last modified it.

Variables

• id (str) – The id of the principal made changes.

• display_name (str) – The name of the principal made changes.

• type (str) – Type of principal such as user , group etc.

• email (str) – Email of principal.

Keyword Arguments

• id (str) – The id of the principal made changes.

• display_name (str) – The name of the principal made changes.

• type (str) – Type of principal such as user , group etc.

• email (str) – Email of principal.

class azure.mgmt.authorization.v2022_04_01.models.PrincipalType(value)

Bases: str, enum.Enum

The principal type of the assigned principal ID.

DEVICE = 'Device'

FOREIGN_GROUP = 'ForeignGroup'

GROUP = 'Group'

SERVICE_PRINCIPAL = 'ServicePrincipal'

USER = 'User'

class azure.mgmt.authorization.v2022_04_01.models.ProviderOperation(*, name: Optional[str] = None, display_name: Optional[str] = None, description: Optional[str] = None, origin: Optional[str] = None, properties: Optional[collections.abc.MutableMapping[str, Any]] = None, is_data_action: Optional[bool] = None, **kwargs: Any)

Bases: azure.mgmt.authorization._serialization.Model

Operation.

Variables

• name (str) – The operation name.

• display_name (str) – The operation display name.

• description (str) – The operation description.

• origin (str) – The operation origin.

• properties (JSON) – The operation properties.

• is_data_action (bool) – The dataAction flag to specify the operation type.

Keyword Arguments

• name (str) – The operation name.

• display_name (str) – The operation display name.

• description (str) – The operation description.

• origin (str) – The operation origin.

• properties (JSON) – The operation properties.

• is_data_action (bool) – The dataAction flag to specify the operation type.

class azure.mgmt.authorization.v2022_04_01.models.ProviderOperationsMetadata(*, id: Optional[str] = None, name: Optional[str] = None, type: Optional[str] = None, display_name: Optional[str] = None, resource_types: Optional[List[_models.ResourceType]] = None, operations: Optional[List[_models.ProviderOperation]] = None, **kwargs: Any)

Bases: azure.mgmt.authorization._serialization.Model

Provider Operations metadata.

Variables

• id (str) – The provider id.

• name (str) – The provider name.

• type (str) – The provider type.

• display_name (str) – The provider display name.

• resource_types (list[ResourceType]) – The provider resource types.

• operations (list[ProviderOperation]) – The provider operations.

Keyword Arguments

• id (str) – The provider id.

• name (str) – The provider name.

• type (str) – The provider type.

• display_name (str) – The provider display name.

• resource_types (list[ResourceType]) – The provider resource types.

• operations (list[ProviderOperation]) – The provider operations.

class azure.mgmt.authorization.v2022_04_01.models.ProviderOperationsMetadataListResult(*, value: Optional[List[_models.ProviderOperationsMetadata]] = None, next_link: Optional[str] = None, **kwargs: Any)

Bases: azure.mgmt.authorization._serialization.Model

Provider operations metadata list.

Variables

• value (list[ProviderOperationsMetadata]) – The list of providers.

• next_link (str) – The URL to use for getting the next set of results.

Keyword Arguments

• value (list[ProviderOperationsMetadata]) – The list of providers.

• next_link (str) – The URL to use for getting the next set of results.

class azure.mgmt.authorization.v2022_04_01.models.RecipientType(value)

Bases: str, enum.Enum

The recipient type.

ADMIN = 'Admin'

APPROVER = 'Approver'

REQUESTOR = 'Requestor'

class azure.mgmt.authorization.v2022_04_01.models.ResourceType(*, name: Optional[str] = None, display_name: Optional[str] = None, operations: Optional[List[_models.ProviderOperation]] = None, **kwargs: Any)

Bases: azure.mgmt.authorization._serialization.Model

Resource Type.

Variables

• name (str) – The resource type name.

• display_name (str) – The resource type display name.

• operations (list[ProviderOperation]) – The resource type operations.

Keyword Arguments

• name (str) – The resource type name.

• display_name (str) – The resource type display name.

• operations (list[ProviderOperation]) – The resource type operations.

class azure.mgmt.authorization.v2022_04_01.models.RoleAssignment(*, role_definition_id: Optional[str] = None, principal_id: Optional[str] = None, principal_type: Union[str, _models.PrincipalType] = 'User', description: Optional[str] = None, condition: Optional[str] = None, condition_version: Optional[str] = None, delegated_managed_identity_resource_id: Optional[str] = None, **kwargs: Any)

Bases: azure.mgmt.authorization._serialization.Model

Role Assignments.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

• id (str) – The role assignment ID.

• name (str) – The role assignment name.

• type (str) – The role assignment type.

• scope (str) – The role assignment scope.

• role_definition_id (str) – The role definition ID.

• principal_id (str) – The principal ID.

• principal_type (str or PrincipalType) – The principal type of the assigned principal ID. Known values are: “User”, “Group”, “ServicePrincipal”, “ForeignGroup”, and “Device”.

• description (str) – Description of role assignment.

• condition (str) – The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase ‘foo_storage_container’.

• condition_version (str) – Version of the condition. Currently the only accepted value is ‘2.0’.

• created_on (datetime) – Time it was created.

• updated_on (datetime) – Time it was updated.

• created_by (str) – Id of the user who created the assignment.

• updated_by (str) – Id of the user who updated the assignment.

• delegated_managed_identity_resource_id (str) – Id of the delegated managed identity resource.

Keyword Arguments

• role_definition_id (str) – The role definition ID.

• principal_id (str) – The principal ID.

• principal_type (str or PrincipalType) – The principal type of the assigned principal ID. Known values are: “User”, “Group”, “ServicePrincipal”, “ForeignGroup”, and “Device”.

• description (str) – Description of role assignment.

• condition (str) – The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase ‘foo_storage_container’.

• condition_version (str) – Version of the condition. Currently the only accepted value is ‘2.0’.

• delegated_managed_identity_resource_id (str) – Id of the delegated managed identity resource.

class azure.mgmt.authorization.v2022_04_01.models.RoleAssignmentCreateParameters(*, role_definition_id: str, principal_id: str, principal_type: Union[str, _models.PrincipalType] = 'User', description: Optional[str] = None, condition: Optional[str] = None, condition_version: Optional[str] = None, delegated_managed_identity_resource_id: Optional[str] = None, **kwargs: Any)

Bases: azure.mgmt.authorization._serialization.Model

Role assignment create parameters.

Variables are only populated by the server, and will be ignored when sending a request.

All required parameters must be populated in order to send to Azure.

Variables

• scope (str) – The role assignment scope.

• role_definition_id (str) – The role definition ID. Required.

• principal_id (str) – The principal ID. Required.

• principal_type (str or PrincipalType) – The principal type of the assigned principal ID. Known values are: “User”, “Group”, “ServicePrincipal”, “ForeignGroup”, and “Device”.

• description (str) – Description of role assignment.

• condition (str) – The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase ‘foo_storage_container’.

• condition_version (str) – Version of the condition. Currently the only accepted value is ‘2.0’.

• created_on (datetime) – Time it was created.

• updated_on (datetime) – Time it was updated.

• created_by (str) – Id of the user who created the assignment.

• updated_by (str) – Id of the user who updated the assignment.

• delegated_managed_identity_resource_id (str) – Id of the delegated managed identity resource.

Keyword Arguments

• role_definition_id (str) – The role definition ID. Required.

• principal_id (str) – The principal ID. Required.

• principal_type (str or PrincipalType) – The principal type of the assigned principal ID. Known values are: “User”, “Group”, “ServicePrincipal”, “ForeignGroup”, and “Device”.

• description (str) – Description of role assignment.

• condition (str) – The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase ‘foo_storage_container’.

• condition_version (str) – Version of the condition. Currently the only accepted value is ‘2.0’.

• delegated_managed_identity_resource_id (str) – Id of the delegated managed identity resource.

class azure.mgmt.authorization.v2022_04_01.models.RoleAssignmentFilter(*, principal_id: Optional[str] = None, **kwargs: Any)

Bases: azure.mgmt.authorization._serialization.Model

Role Assignments filter.

Variables

principal_id (str) – Returns role assignment of the specific principal.

Keyword Arguments

principal_id (str) – Returns role assignment of the specific principal.

class azure.mgmt.authorization.v2022_04_01.models.RoleAssignmentListResult(*, value: Optional[List[_models.RoleAssignment]] = None, **kwargs: Any)

Bases: azure.mgmt.authorization._serialization.Model

Role assignment list operation result.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

• value (list[RoleAssignment]) – Role assignment list.

• next_link (str) – The skipToken to use for getting the next set of results.

Keyword Arguments

value (list[RoleAssignment]) – Role assignment list.

class azure.mgmt.authorization.v2022_04_01.models.RoleDefinition(*, role_name: Optional[str] = None, description: Optional[str] = None, role_type: Optional[str] = None, permissions: Optional[List[_models.Permission]] = None, assignable_scopes: Optional[List[str]] = None, **kwargs: Any)

Bases: azure.mgmt.authorization._serialization.Model

Role definition.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

• id (str) – The role definition ID.

• name (str) – The role definition name.

• type (str) – The role definition type.

• role_name (str) – The role name.

• description (str) – The role definition description.

• role_type (str) – The role type.

• permissions (list[Permission]) – Role definition permissions.

• assignable_scopes (list[str]) – Role definition assignable scopes.

• created_on (datetime) – Time it was created.

• updated_on (datetime) – Time it was updated.

• created_by (str) – Id of the user who created the assignment.

• updated_by (str) – Id of the user who updated the assignment.

Keyword Arguments

• role_name (str) – The role name.

• description (str) – The role definition description.

• role_type (str) – The role type.

• permissions (list[Permission]) – Role definition permissions.

• assignable_scopes (list[str]) – Role definition assignable scopes.

class azure.mgmt.authorization.v2022_04_01.models.RoleDefinitionFilter(*, role_name: Optional[str] = None, type: Optional[str] = None, **kwargs: Any)

Bases: azure.mgmt.authorization._serialization.Model

Role Definitions filter.

Variables

• role_name (str) – Returns role definition with the specific name.

• type (str) – Returns role definition with the specific type.

Keyword Arguments

• role_name (str) – Returns role definition with the specific name.

• type (str) – Returns role definition with the specific type.

class azure.mgmt.authorization.v2022_04_01.models.RoleDefinitionListResult(*, value: Optional[List[_models.RoleDefinition]] = None, next_link: Optional[str] = None, **kwargs: Any)

Bases: azure.mgmt.authorization._serialization.Model

Role definition list operation result.

Variables

• value (list[RoleDefinition]) – Role definition list.

• next_link (str) – The URL to use for getting the next set of results.

Keyword Arguments

• value (list[RoleDefinition]) – Role definition list.

• next_link (str) – The URL to use for getting the next set of results.

class azure.mgmt.authorization.v2022_04_01.models.RoleManagementPolicyApprovalRule(*, id: Optional[str] = None, target: Optional[_models.RoleManagementPolicyRuleTarget] = None, setting: Optional[_models.ApprovalSettings] = None, **kwargs: Any)

Bases: azure.mgmt.authorization.v2022_04_01.models._models_py3.RoleManagementPolicyRule

The role management policy approval rule.

All required parameters must be populated in order to send to Azure.

Variables

• id (str) – The id of the rule.

• rule_type (str or RoleManagementPolicyRuleType) – The type of rule. Required. Known values are: “RoleManagementPolicyApprovalRule”, “RoleManagementPolicyAuthenticationContextRule”, “RoleManagementPolicyEnablementRule”, “RoleManagementPolicyExpirationRule”, and “RoleManagementPolicyNotificationRule”.

• target (RoleManagementPolicyRuleTarget) – The target of the current rule.

• setting (ApprovalSettings) – The approval setting.

Keyword Arguments

• id (str) – The id of the rule.

• target (RoleManagementPolicyRuleTarget) – The target of the current rule.

• setting (ApprovalSettings) – The approval setting.

class azure.mgmt.authorization.v2022_04_01.models.RoleManagementPolicyAuthenticationContextRule(*, id: Optional[str] = None, target: Optional[_models.RoleManagementPolicyRuleTarget] = None, is_enabled: Optional[bool] = None, claim_value: Optional[str] = None, **kwargs: Any)

Bases: azure.mgmt.authorization.v2022_04_01.models._models_py3.RoleManagementPolicyRule

The role management policy authentication context rule.

All required parameters must be populated in order to send to Azure.

Variables

• id (str) – The id of the rule.

• rule_type (str or RoleManagementPolicyRuleType) – The type of rule. Required. Known values are: “RoleManagementPolicyApprovalRule”, “RoleManagementPolicyAuthenticationContextRule”, “RoleManagementPolicyEnablementRule”, “RoleManagementPolicyExpirationRule”, and “RoleManagementPolicyNotificationRule”.

• target (RoleManagementPolicyRuleTarget) – The target of the current rule.

• is_enabled (bool) – The value indicating if rule is enabled.

• claim_value (str) – The claim value.

Keyword Arguments

• id (str) – The id of the rule.

• target (RoleManagementPolicyRuleTarget) – The target of the current rule.

• is_enabled (bool) – The value indicating if rule is enabled.

• claim_value (str) – The claim value.

class azure.mgmt.authorization.v2022_04_01.models.RoleManagementPolicyEnablementRule(*, id: Optional[str] = None, target: Optional[_models.RoleManagementPolicyRuleTarget] = None, enabled_rules: Optional[List[Union[str, _models.EnablementRules]]] = None, **kwargs: Any)

Bases: azure.mgmt.authorization.v2022_04_01.models._models_py3.RoleManagementPolicyRule

The role management policy enablement rule.

All required parameters must be populated in order to send to Azure.

Variables

• id (str) – The id of the rule.

• rule_type (str or RoleManagementPolicyRuleType) – The type of rule. Required. Known values are: “RoleManagementPolicyApprovalRule”, “RoleManagementPolicyAuthenticationContextRule”, “RoleManagementPolicyEnablementRule”, “RoleManagementPolicyExpirationRule”, and “RoleManagementPolicyNotificationRule”.

• target (RoleManagementPolicyRuleTarget) – The target of the current rule.

• enabled_rules (list[str or EnablementRules]) – The list of enabled rules.

Keyword Arguments

• id (str) – The id of the rule.

• target (RoleManagementPolicyRuleTarget) – The target of the current rule.

• enabled_rules (list[str or EnablementRules]) – The list of enabled rules.

class azure.mgmt.authorization.v2022_04_01.models.RoleManagementPolicyExpirationRule(*, id: Optional[str] = None, target: Optional[_models.RoleManagementPolicyRuleTarget] = None, is_expiration_required: Optional[bool] = None, maximum_duration: Optional[str] = None, **kwargs: Any)

Bases: azure.mgmt.authorization.v2022_04_01.models._models_py3.RoleManagementPolicyRule

The role management policy expiration rule.

All required parameters must be populated in order to send to Azure.

Variables

• id (str) – The id of the rule.

• rule_type (str or RoleManagementPolicyRuleType) – The type of rule. Required. Known values are: “RoleManagementPolicyApprovalRule”, “RoleManagementPolicyAuthenticationContextRule”, “RoleManagementPolicyEnablementRule”, “RoleManagementPolicyExpirationRule”, and “RoleManagementPolicyNotificationRule”.

• target (RoleManagementPolicyRuleTarget) – The target of the current rule.

• is_expiration_required (bool) – The value indicating whether expiration is required.

• maximum_duration (str) – The maximum duration of expiration in timespan.

Keyword Arguments

• id (str) – The id of the rule.

• target (RoleManagementPolicyRuleTarget) – The target of the current rule.

• is_expiration_required (bool) – The value indicating whether expiration is required.

• maximum_duration (str) – The maximum duration of expiration in timespan.

class azure.mgmt.authorization.v2022_04_01.models.RoleManagementPolicyNotificationRule(*, id: Optional[str] = None, target: Optional[_models.RoleManagementPolicyRuleTarget] = None, notification_type: Optional[Union[str, _models.NotificationDeliveryMechanism]] = None, notification_level: Optional[Union[str, _models.NotificationLevel]] = None, recipient_type: Optional[Union[str, _models.RecipientType]] = None, notification_recipients: Optional[List[str]] = None, is_default_recipients_enabled: Optional[bool] = None, **kwargs: Any)

Bases: azure.mgmt.authorization.v2022_04_01.models._models_py3.RoleManagementPolicyRule

The role management policy notification rule.

All required parameters must be populated in order to send to Azure.

Variables

• id (str) – The id of the rule.

• rule_type (str or RoleManagementPolicyRuleType) – The type of rule. Required. Known values are: “RoleManagementPolicyApprovalRule”, “RoleManagementPolicyAuthenticationContextRule”, “RoleManagementPolicyEnablementRule”, “RoleManagementPolicyExpirationRule”, and “RoleManagementPolicyNotificationRule”.

• target (RoleManagementPolicyRuleTarget) – The target of the current rule.

• notification_type (str or NotificationDeliveryMechanism) – The type of notification. “Email”

• notification_level (str or NotificationLevel) – The notification level. Known values are: “None”, “Critical”, and “All”.

• recipient_type (str or RecipientType) – The recipient type. Known values are: “Requestor”, “Approver”, and “Admin”.

• notification_recipients (list[str]) – The list of notification recipients.

• is_default_recipients_enabled (bool) – Determines if the notification will be sent to the recipient type specified in the policy rule.

Keyword Arguments

• id (str) – The id of the rule.

• target (RoleManagementPolicyRuleTarget) – The target of the current rule.

• notification_type (str or NotificationDeliveryMechanism) – The type of notification. “Email”

• notification_level (str or NotificationLevel) – The notification level. Known values are: “None”, “Critical”, and “All”.

• recipient_type (str or RecipientType) – The recipient type. Known values are: “Requestor”, “Approver”, and “Admin”.

• notification_recipients (list[str]) – The list of notification recipients.

• is_default_recipients_enabled (bool) – Determines if the notification will be sent to the recipient type specified in the policy rule.

class azure.mgmt.authorization.v2022_04_01.models.RoleManagementPolicyRule(*, id: Optional[str] = None, target: Optional[_models.RoleManagementPolicyRuleTarget] = None, **kwargs: Any)

Bases: azure.mgmt.authorization._serialization.Model

The role management policy rule.

You probably want to use the sub-classes and not this class directly. Known sub-classes are: RoleManagementPolicyApprovalRule, RoleManagementPolicyAuthenticationContextRule, RoleManagementPolicyEnablementRule, RoleManagementPolicyExpirationRule, RoleManagementPolicyNotificationRule

All required parameters must be populated in order to send to Azure.

Variables

• id (str) – The id of the rule.

• rule_type (str or RoleManagementPolicyRuleType) – The type of rule. Required. Known values are: “RoleManagementPolicyApprovalRule”, “RoleManagementPolicyAuthenticationContextRule”, “RoleManagementPolicyEnablementRule”, “RoleManagementPolicyExpirationRule”, and “RoleManagementPolicyNotificationRule”.

• target (RoleManagementPolicyRuleTarget) – The target of the current rule.

Keyword Arguments

• id (str) – The id of the rule.

• target (RoleManagementPolicyRuleTarget) – The target of the current rule.

class azure.mgmt.authorization.v2022_04_01.models.RoleManagementPolicyRuleTarget(*, caller: Optional[str] = None, operations: Optional[List[str]] = None, level: Optional[str] = None, target_objects: Optional[List[str]] = None, inheritable_settings: Optional[List[str]] = None, enforced_settings: Optional[List[str]] = None, **kwargs: Any)

Bases: azure.mgmt.authorization._serialization.Model

The role management policy rule target.

Variables

• caller (str) – The caller of the setting.

• operations (list[str]) – The type of operation.

• level (str) – The assignment level to which rule is applied.

• target_objects (list[str]) – The list of target objects.

• inheritable_settings (list[str]) – The list of inheritable settings.

• enforced_settings (list[str]) – The list of enforced settings.

Keyword Arguments

• caller (str) – The caller of the setting.

• operations (list[str]) – The type of operation.

• level (str) – The assignment level to which rule is applied.

• target_objects (list[str]) – The list of target objects.

• inheritable_settings (list[str]) – The list of inheritable settings.

• enforced_settings (list[str]) – The list of enforced settings.

class azure.mgmt.authorization.v2022_04_01.models.RoleManagementPolicyRuleType(value)

Bases: str, enum.Enum

The type of rule.

ROLE_MANAGEMENT_POLICY_APPROVAL_RULE = 'RoleManagementPolicyApprovalRule'

ROLE_MANAGEMENT_POLICY_AUTHENTICATION_CONTEXT_RULE = 'RoleManagementPolicyAuthenticationContextRule'

ROLE_MANAGEMENT_POLICY_ENABLEMENT_RULE = 'RoleManagementPolicyEnablementRule'

ROLE_MANAGEMENT_POLICY_EXPIRATION_RULE = 'RoleManagementPolicyExpirationRule'

ROLE_MANAGEMENT_POLICY_NOTIFICATION_RULE = 'RoleManagementPolicyNotificationRule'

class azure.mgmt.authorization.v2022_04_01.models.UserSet(*, user_type: Optional[Union[str, _models.UserType]] = None, is_backup: Optional[bool] = None, id: Optional[str] = None, description: Optional[str] = None, **kwargs: Any)

Bases: azure.mgmt.authorization._serialization.Model

The detail of a user.

Variables

• user_type (str or UserType) – The type of user. Known values are: “User” and “Group”.

• is_backup (bool) – The value indicating whether the user is a backup fallback approver.

• id (str) – The object id of the user.

• description (str) – The description of the user.

Keyword Arguments

• user_type (str or UserType) – The type of user. Known values are: “User” and “Group”.

• is_backup (bool) – The value indicating whether the user is a backup fallback approver.

• id (str) – The object id of the user.

• description (str) – The description of the user.

class azure.mgmt.authorization.v2022_04_01.models.UserType(value)

Bases: str, enum.Enum

The type of user.

GROUP = 'Group'

USER = 'User'

class azure.mgmt.authorization.v2022_04_01.models.ValidationResponse(*, error_info: Optional[_models.ValidationResponseErrorInfo] = None, **kwargs: Any)

Bases: azure.mgmt.authorization._serialization.Model

Validation response.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

• is_valid (bool) – Whether or not validation succeeded.

• error_info (ValidationResponseErrorInfo) – Failed validation result details.

Keyword Arguments

error_info (ValidationResponseErrorInfo) – Failed validation result details.

class azure.mgmt.authorization.v2022_04_01.models.ValidationResponseErrorInfo(**kwargs: Any)

Bases: azure.mgmt.authorization._serialization.Model

Failed validation result details.

Variables are only populated by the server, and will be ignored when sending a request.

Variables

• code (str) – Error code indicating why validation failed.

• message (str) – Message indicating why validation failed.