Grant¶
-
class
oci.identity_domains.models.
Grant
(**kwargs)¶ Bases:
object
Schema for Grant Resource
Attributes
GRANT_MECHANISM_ACCESS_REQUEST
A constant which can be used with the grant_mechanism property of a Grant. GRANT_MECHANISM_ADMINISTRATOR_TO_APP
A constant which can be used with the grant_mechanism property of a Grant. GRANT_MECHANISM_ADMINISTRATOR_TO_DELEGATED_USER
A constant which can be used with the grant_mechanism property of a Grant. GRANT_MECHANISM_ADMINISTRATOR_TO_DYNAMIC_RESOURCE_GROUP
A constant which can be used with the grant_mechanism property of a Grant. GRANT_MECHANISM_ADMINISTRATOR_TO_GROUP
A constant which can be used with the grant_mechanism property of a Grant. GRANT_MECHANISM_ADMINISTRATOR_TO_USER
A constant which can be used with the grant_mechanism property of a Grant. GRANT_MECHANISM_APP_ENTITLEMENT_COLLECTION
A constant which can be used with the grant_mechanism property of a Grant. GRANT_MECHANISM_GROUP_MEMBERSHIP
A constant which can be used with the grant_mechanism property of a Grant. GRANT_MECHANISM_IMPORT_APPROLE_MEMBERS
A constant which can be used with the grant_mechanism property of a Grant. GRANT_MECHANISM_IMPORT_GRANTS
A constant which can be used with the grant_mechanism property of a Grant. GRANT_MECHANISM_OPC_INFRA_TO_APP
A constant which can be used with the grant_mechanism property of a Grant. GRANT_MECHANISM_SERVICE_MANAGER_TO_APP
A constant which can be used with the grant_mechanism property of a Grant. GRANT_MECHANISM_SERVICE_MANAGER_TO_USER
A constant which can be used with the grant_mechanism property of a Grant. GRANT_MECHANISM_SYNC_TO_USER
A constant which can be used with the grant_mechanism property of a Grant. IDCS_PREVENTED_OPERATIONS_DELETE
A constant which can be used with the idcs_prevented_operations property of a Grant. IDCS_PREVENTED_OPERATIONS_REPLACE
A constant which can be used with the idcs_prevented_operations property of a Grant. IDCS_PREVENTED_OPERATIONS_UPDATE
A constant which can be used with the idcs_prevented_operations property of a Grant. app
Gets the app of this Grant. app_entitlement_collection
Gets the app_entitlement_collection of this Grant. compartment_ocid
Gets the compartment_ocid of this Grant. composite_key
Gets the composite_key of this Grant. delete_in_progress
Gets the delete_in_progress of this Grant. domain_ocid
Gets the domain_ocid of this Grant. entitlement
Gets the entitlement of this Grant. grant_mechanism
[Required] Gets the grant_mechanism of this Grant. granted_attribute_values_json
Gets the granted_attribute_values_json of this Grant. grantee
[Required] Gets the grantee of this Grant. grantor
Gets the grantor of this Grant. id
Gets the id of this Grant. idcs_created_by
Gets the idcs_created_by of this Grant. idcs_last_modified_by
Gets the idcs_last_modified_by of this Grant. idcs_last_upgraded_in_release
Gets the idcs_last_upgraded_in_release of this Grant. idcs_prevented_operations
Gets the idcs_prevented_operations of this Grant. is_fulfilled
Gets the is_fulfilled of this Grant. meta
Gets the meta of this Grant. ocid
Gets the ocid of this Grant. schemas
[Required] Gets the schemas of this Grant. tags
Gets the tags of this Grant. tenancy_ocid
Gets the tenancy_ocid of this Grant. Methods
__init__
(**kwargs)Initializes a new Grant object with values from keyword arguments. -
GRANT_MECHANISM_ACCESS_REQUEST
= 'ACCESS_REQUEST'¶ A constant which can be used with the grant_mechanism property of a Grant. This constant has a value of “ACCESS_REQUEST”
-
GRANT_MECHANISM_ADMINISTRATOR_TO_APP
= 'ADMINISTRATOR_TO_APP'¶ A constant which can be used with the grant_mechanism property of a Grant. This constant has a value of “ADMINISTRATOR_TO_APP”
-
GRANT_MECHANISM_ADMINISTRATOR_TO_DELEGATED_USER
= 'ADMINISTRATOR_TO_DELEGATED_USER'¶ A constant which can be used with the grant_mechanism property of a Grant. This constant has a value of “ADMINISTRATOR_TO_DELEGATED_USER”
-
GRANT_MECHANISM_ADMINISTRATOR_TO_DYNAMIC_RESOURCE_GROUP
= 'ADMINISTRATOR_TO_DYNAMIC_RESOURCE_GROUP'¶ A constant which can be used with the grant_mechanism property of a Grant. This constant has a value of “ADMINISTRATOR_TO_DYNAMIC_RESOURCE_GROUP”
-
GRANT_MECHANISM_ADMINISTRATOR_TO_GROUP
= 'ADMINISTRATOR_TO_GROUP'¶ A constant which can be used with the grant_mechanism property of a Grant. This constant has a value of “ADMINISTRATOR_TO_GROUP”
-
GRANT_MECHANISM_ADMINISTRATOR_TO_USER
= 'ADMINISTRATOR_TO_USER'¶ A constant which can be used with the grant_mechanism property of a Grant. This constant has a value of “ADMINISTRATOR_TO_USER”
-
GRANT_MECHANISM_APP_ENTITLEMENT_COLLECTION
= 'APP_ENTITLEMENT_COLLECTION'¶ A constant which can be used with the grant_mechanism property of a Grant. This constant has a value of “APP_ENTITLEMENT_COLLECTION”
-
GRANT_MECHANISM_GROUP_MEMBERSHIP
= 'GROUP_MEMBERSHIP'¶ A constant which can be used with the grant_mechanism property of a Grant. This constant has a value of “GROUP_MEMBERSHIP”
-
GRANT_MECHANISM_IMPORT_APPROLE_MEMBERS
= 'IMPORT_APPROLE_MEMBERS'¶ A constant which can be used with the grant_mechanism property of a Grant. This constant has a value of “IMPORT_APPROLE_MEMBERS”
-
GRANT_MECHANISM_IMPORT_GRANTS
= 'IMPORT_GRANTS'¶ A constant which can be used with the grant_mechanism property of a Grant. This constant has a value of “IMPORT_GRANTS”
-
GRANT_MECHANISM_OPC_INFRA_TO_APP
= 'OPC_INFRA_TO_APP'¶ A constant which can be used with the grant_mechanism property of a Grant. This constant has a value of “OPC_INFRA_TO_APP”
-
GRANT_MECHANISM_SERVICE_MANAGER_TO_APP
= 'SERVICE_MANAGER_TO_APP'¶ A constant which can be used with the grant_mechanism property of a Grant. This constant has a value of “SERVICE_MANAGER_TO_APP”
-
GRANT_MECHANISM_SERVICE_MANAGER_TO_USER
= 'SERVICE_MANAGER_TO_USER'¶ A constant which can be used with the grant_mechanism property of a Grant. This constant has a value of “SERVICE_MANAGER_TO_USER”
-
GRANT_MECHANISM_SYNC_TO_USER
= 'SYNC_TO_USER'¶ A constant which can be used with the grant_mechanism property of a Grant. This constant has a value of “SYNC_TO_USER”
-
IDCS_PREVENTED_OPERATIONS_DELETE
= 'delete'¶ A constant which can be used with the idcs_prevented_operations property of a Grant. This constant has a value of “delete”
-
IDCS_PREVENTED_OPERATIONS_REPLACE
= 'replace'¶ A constant which can be used with the idcs_prevented_operations property of a Grant. This constant has a value of “replace”
-
IDCS_PREVENTED_OPERATIONS_UPDATE
= 'update'¶ A constant which can be used with the idcs_prevented_operations property of a Grant. This constant has a value of “update”
-
__init__
(**kwargs)¶ Initializes a new Grant object with values from keyword arguments. The following keyword arguments are supported (corresponding to the getters/setters of this class):
Parameters: - id (str) – The value to assign to the id property of this Grant.
- ocid (str) – The value to assign to the ocid property of this Grant.
- schemas (list[str]) – The value to assign to the schemas property of this Grant.
- meta (oci.identity_domains.models.Meta) – The value to assign to the meta property of this Grant.
- idcs_created_by (oci.identity_domains.models.IdcsCreatedBy) – The value to assign to the idcs_created_by property of this Grant.
- idcs_last_modified_by (oci.identity_domains.models.IdcsLastModifiedBy) – The value to assign to the idcs_last_modified_by property of this Grant.
- idcs_prevented_operations (list[str]) – The value to assign to the idcs_prevented_operations property of this Grant. Allowed values for items in this list are: “replace”, “update”, “delete”, ‘UNKNOWN_ENUM_VALUE’. Any unrecognized values returned by a service will be mapped to ‘UNKNOWN_ENUM_VALUE’.
- tags (list[oci.identity_domains.models.Tags]) – The value to assign to the tags property of this Grant.
- delete_in_progress (bool) – The value to assign to the delete_in_progress property of this Grant.
- idcs_last_upgraded_in_release (str) – The value to assign to the idcs_last_upgraded_in_release property of this Grant.
- domain_ocid (str) – The value to assign to the domain_ocid property of this Grant.
- compartment_ocid (str) – The value to assign to the compartment_ocid property of this Grant.
- tenancy_ocid (str) – The value to assign to the tenancy_ocid property of this Grant.
- grant_mechanism (str) – The value to assign to the grant_mechanism property of this Grant. Allowed values for this property are: “IMPORT_APPROLE_MEMBERS”, “ADMINISTRATOR_TO_USER”, “ADMINISTRATOR_TO_DELEGATED_USER”, “ADMINISTRATOR_TO_GROUP”, “SERVICE_MANAGER_TO_USER”, “ADMINISTRATOR_TO_APP”, “SERVICE_MANAGER_TO_APP”, “OPC_INFRA_TO_APP”, “GROUP_MEMBERSHIP”, “IMPORT_GRANTS”, “SYNC_TO_USER”, “ACCESS_REQUEST”, “APP_ENTITLEMENT_COLLECTION”, “ADMINISTRATOR_TO_DYNAMIC_RESOURCE_GROUP”, ‘UNKNOWN_ENUM_VALUE’. Any unrecognized values returned by a service will be mapped to ‘UNKNOWN_ENUM_VALUE’.
- composite_key (str) – The value to assign to the composite_key property of this Grant.
- is_fulfilled (bool) – The value to assign to the is_fulfilled property of this Grant.
- granted_attribute_values_json (str) – The value to assign to the granted_attribute_values_json property of this Grant.
- app_entitlement_collection (oci.identity_domains.models.GrantAppEntitlementCollection) – The value to assign to the app_entitlement_collection property of this Grant.
- grantor (oci.identity_domains.models.GrantGrantor) – The value to assign to the grantor property of this Grant.
- grantee (oci.identity_domains.models.GrantGrantee) – The value to assign to the grantee property of this Grant.
- app (oci.identity_domains.models.GrantApp) – The value to assign to the app property of this Grant.
- entitlement (oci.identity_domains.models.GrantEntitlement) – The value to assign to the entitlement property of this Grant.
-
app
¶ Gets the app of this Grant.
Returns: The app of this Grant. Return type: oci.identity_domains.models.GrantApp
-
app_entitlement_collection
¶ Gets the app_entitlement_collection of this Grant.
Returns: The app_entitlement_collection of this Grant. Return type: oci.identity_domains.models.GrantAppEntitlementCollection
-
compartment_ocid
¶ Gets the compartment_ocid of this Grant. OCI Compartment Id (ocid) in which the resource lives.
- SCIM++ Properties:
- caseExact: false
- idcsSearchable: false
- multiValued: false
- mutability: readOnly
- required: false
- returned: default
- type: string
- uniqueness: none
Returns: The compartment_ocid of this Grant. Return type: str
-
composite_key
¶ Gets the composite_key of this Grant. Unique key of grant, composed by combining a subset of app, entitlement, grantee, grantor and grantMechanism. Used to prevent duplicate Grants.
Added In: 18.1.2
- SCIM++ Properties:
- caseExact: true
- idcsSearchable: true
- multiValued: false
- mutability: readOnly
- required: false
- returned: request
- type: string
- uniqueness: server
Returns: The composite_key of this Grant. Return type: str
-
delete_in_progress
¶ Gets the delete_in_progress of this Grant. A boolean flag indicating this resource in the process of being deleted. Usually set to true when synchronous deletion of the resource would take too long.
- SCIM++ Properties:
- caseExact: false
- idcsSearchable: true
- multiValued: false
- mutability: readOnly
- required: false
- returned: default
- type: boolean
- uniqueness: none
Returns: The delete_in_progress of this Grant. Return type: bool
-
domain_ocid
¶ Gets the domain_ocid of this Grant. OCI Domain Id (ocid) in which the resource lives.
- SCIM++ Properties:
- caseExact: false
- idcsSearchable: false
- multiValued: false
- mutability: readOnly
- required: false
- returned: default
- type: string
- uniqueness: none
Returns: The domain_ocid of this Grant. Return type: str
-
entitlement
¶ Gets the entitlement of this Grant.
Returns: The entitlement of this Grant. Return type: oci.identity_domains.models.GrantEntitlement
-
grant_mechanism
¶ [Required] Gets the grant_mechanism of this Grant. Each value of grantMechanism indicates how (or by what component) some App (or App-Entitlement) was granted. A customer or the UI should use only grantMechanism values that start with ‘ADMINISTRATOR’:
- ‘ADMINISTRATOR_TO_USER’ is for a direct grant to a specific User.
- ‘ADMINISTRATOR_TO_GROUP’ is for a grant to a specific Group, which results in indirect grants to Users who are members of that Group.
- ‘ADMINISTRATOR_TO_APP’ is for a grant to a specific App. The grantee (client) App gains access to the granted (server) App.
- SCIM++ Properties:
- caseExact: true
- idcsCsvAttributeNameMappings: [[defaultValue:IMPORT_GRANTS]]
- idcsSearchable: true
- multiValued: false
- mutability: immutable
- required: true
- returned: default
- type: string
- uniqueness: none
Allowed values for this property are: “IMPORT_APPROLE_MEMBERS”, “ADMINISTRATOR_TO_USER”, “ADMINISTRATOR_TO_DELEGATED_USER”, “ADMINISTRATOR_TO_GROUP”, “SERVICE_MANAGER_TO_USER”, “ADMINISTRATOR_TO_APP”, “SERVICE_MANAGER_TO_APP”, “OPC_INFRA_TO_APP”, “GROUP_MEMBERSHIP”, “IMPORT_GRANTS”, “SYNC_TO_USER”, “ACCESS_REQUEST”, “APP_ENTITLEMENT_COLLECTION”, “ADMINISTRATOR_TO_DYNAMIC_RESOURCE_GROUP”, ‘UNKNOWN_ENUM_VALUE’. Any unrecognized values returned by a service will be mapped to ‘UNKNOWN_ENUM_VALUE’.
Returns: The grant_mechanism of this Grant. Return type: str
-
granted_attribute_values_json
¶ Gets the granted_attribute_values_json of this Grant. Store granted attribute-values as a string in Javascript Object Notation (JSON) format.
Added In: 18.3.4
- SCIM++ Properties:
- idcsSearchable: false
- multiValued: false
- mutability: readWrite
- required: false
- returned: default
- type: string
- uniqueness: none
Returns: The granted_attribute_values_json of this Grant. Return type: str
-
grantee
¶ [Required] Gets the grantee of this Grant.
Returns: The grantee of this Grant. Return type: oci.identity_domains.models.GrantGrantee
-
grantor
¶ Gets the grantor of this Grant.
Returns: The grantor of this Grant. Return type: oci.identity_domains.models.GrantGrantor
-
id
¶ Gets the id of this Grant. Unique identifier for the SCIM Resource as defined by the Service Provider. Each representation of the Resource MUST include a non-empty id value. This identifier MUST be unique across the Service Provider’s entire set of Resources. It MUST be a stable, non-reassignable identifier that does not change when the same Resource is returned in subsequent requests. The value of the id attribute is always issued by the Service Provider and MUST never be specified by the Service Consumer. bulkId: is a reserved keyword and MUST NOT be used in the unique identifier.
- SCIM++ Properties:
- caseExact: false
- idcsSearchable: true
- multiValued: false
- mutability: readOnly
- required: false
- returned: always
- type: string
- uniqueness: global
Returns: The id of this Grant. Return type: str
-
idcs_created_by
¶ Gets the idcs_created_by of this Grant.
Returns: The idcs_created_by of this Grant. Return type: oci.identity_domains.models.IdcsCreatedBy
-
idcs_last_modified_by
¶ Gets the idcs_last_modified_by of this Grant.
Returns: The idcs_last_modified_by of this Grant. Return type: oci.identity_domains.models.IdcsLastModifiedBy
-
idcs_last_upgraded_in_release
¶ Gets the idcs_last_upgraded_in_release of this Grant. The release number when the resource was upgraded.
- SCIM++ Properties:
- caseExact: false
- idcsSearchable: false
- multiValued: false
- mutability: readOnly
- required: false
- returned: request
- type: string
- uniqueness: none
Returns: The idcs_last_upgraded_in_release of this Grant. Return type: str
-
idcs_prevented_operations
¶ Gets the idcs_prevented_operations of this Grant. Each value of this attribute specifies an operation that only an internal client may perform on this particular resource.
- SCIM++ Properties:
- idcsSearchable: false
- multiValued: true
- mutability: readOnly
- required: false
- returned: request
- type: string
- uniqueness: none
Allowed values for items in this list are: “replace”, “update”, “delete”, ‘UNKNOWN_ENUM_VALUE’. Any unrecognized values returned by a service will be mapped to ‘UNKNOWN_ENUM_VALUE’.
Returns: The idcs_prevented_operations of this Grant. Return type: list[str]
-
is_fulfilled
¶ Gets the is_fulfilled of this Grant. If true, this Grant has been fulfilled successfully.
- SCIM++ Properties:
- idcsSearchable: true
- multiValued: false
- mutability: readOnly
- required: false
- returned: default
- type: boolean
- uniqueness: none
Returns: The is_fulfilled of this Grant. Return type: bool
-
meta
¶ Gets the meta of this Grant.
Returns: The meta of this Grant. Return type: oci.identity_domains.models.Meta
-
ocid
¶ Gets the ocid of this Grant. Unique OCI identifier for the SCIM Resource.
- SCIM++ Properties:
- caseExact: true
- idcsSearchable: true
- multiValued: false
- mutability: immutable
- required: false
- returned: default
- type: string
- uniqueness: global
Returns: The ocid of this Grant. Return type: str
-
schemas
¶ [Required] Gets the schemas of this Grant. REQUIRED. The schemas attribute is an array of Strings which allows introspection of the supported schema version for a SCIM representation as well any schema extensions supported by that representation. Each String value must be a unique URI. This specification defines URIs for User, Group, and a standard “enterprise” extension. All representations of SCIM schema MUST include a non-zero value array with value(s) of the URIs supported by that representation. Duplicate values MUST NOT be included. Value order is not specified and MUST not impact behavior.
- SCIM++ Properties:
- caseExact: false
- idcsSearchable: false
- multiValued: true
- mutability: readWrite
- required: true
- returned: default
- type: string
- uniqueness: none
Returns: The schemas of this Grant. Return type: list[str]
Gets the tags of this Grant. A list of tags on this resource.
- SCIM++ Properties:
- idcsCompositeKey: [key, value]
- idcsSearchable: true
- multiValued: true
- mutability: readWrite
- required: false
- returned: request
- type: complex
- uniqueness: none
Returns: The tags of this Grant. Return type: list[oci.identity_domains.models.Tags]
-
tenancy_ocid
¶ Gets the tenancy_ocid of this Grant. OCI Tenant Id (ocid) in which the resource lives.
- SCIM++ Properties:
- caseExact: false
- idcsSearchable: false
- multiValued: false
- mutability: readOnly
- required: false
- returned: default
- type: string
- uniqueness: none
Returns: The tenancy_ocid of this Grant. Return type: str
-