CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl/pypi-azure-mgmt-authorization

Microsoft Azure Authorization Management Client Library for Python providing RBAC, PIM, and access control capabilities

Pending

Quality

Pending

Does it follow best practices?

Impact

Pending

No eval scenarios have been run

Overview
Eval results
Files

pim.mddocs/

Privileged Identity Management

Advanced access control capabilities with time-bound assignments, approval workflows, eligibility management, and policy enforcement. PIM enables just-in-time access patterns and comprehensive governance for privileged roles in Azure.

Capabilities

Role Assignment Scheduling

Manage time-bound role assignments with configurable start and end times, supporting both immediate and scheduled activation patterns.

def create(scope: str, role_assignment_schedule_request_name: str, parameters: RoleAssignmentScheduleRequest) -> RoleAssignmentScheduleRequest:
    """
    Create a role assignment schedule request for time-bound access.
    
    Parameters:
    - scope: The scope of the role assignment
    - role_assignment_schedule_request_name: GUID for the request name
    - parameters: Schedule request parameters including principal, role, and timing
    
    Returns:
    RoleAssignmentScheduleRequest object with request details
    """

def cancel(scope: str, role_assignment_schedule_request_name: str) -> None:
    """
    Cancel a pending role assignment schedule request.
    
    Parameters:
    - scope: The scope of the role assignment request
    - role_assignment_schedule_request_name: Name of the request to cancel
    """

def get(scope: str, role_assignment_schedule_request_name: str) -> RoleAssignmentScheduleRequest:
    """
    Get details of a role assignment schedule request.
    
    Parameters:
    - scope: The scope of the role assignment request
    - role_assignment_schedule_request_name: Name of the schedule request
    
    Returns:
    RoleAssignmentScheduleRequest object
    """

def list_for_scope(scope: str, filter: Optional[str] = None) -> Iterator[RoleAssignmentScheduleRequest]:
    """
    List role assignment schedule requests for a scope.
    
    Parameters:
    - scope: The scope to list requests for
    - filter: OData filter expression (optional)
    
    Returns:
    Iterator of RoleAssignmentScheduleRequest objects
    """

Role Assignment Schedule Instances

Query and manage active time-bound role assignment instances that are currently effective.

def get(scope: str, role_assignment_schedule_instance_name: str) -> RoleAssignmentScheduleInstance:
    """
    Get details of an active role assignment schedule instance.
    
    Parameters:
    - scope: The scope of the role assignment instance
    - role_assignment_schedule_instance_name: Name of the instance
    
    Returns:
    RoleAssignmentScheduleInstance object
    """

def list_for_scope(scope: str, filter: Optional[str] = None) -> Iterator[RoleAssignmentScheduleInstance]:
    """
    List active role assignment schedule instances for a scope.
    
    Parameters:
    - scope: The scope to list instances for
    - filter: OData filter expression (optional)
    
    Returns:
    Iterator of RoleAssignmentScheduleInstance objects
    """

Role Assignment Schedules

Manage the schedules that define when role assignments become active and expire.

def get(scope: str, role_assignment_schedule_name: str) -> RoleAssignmentSchedule:
    """
    Get details of a role assignment schedule.
    
    Parameters:
    - scope: The scope of the role assignment schedule
    - role_assignment_schedule_name: Name of the schedule
    
    Returns:
    RoleAssignmentSchedule object
    """

def list_for_scope(scope: str, filter: Optional[str] = None) -> Iterator[RoleAssignmentSchedule]:
    """
    List role assignment schedules for a scope.
    
    Parameters:
    - scope: The scope to list schedules for
    - filter: OData filter expression (optional)
    
    Returns:
    Iterator of RoleAssignmentSchedule objects
    """

Role Eligibility Management

Manage role eligibility that allows principals to activate roles on-demand rather than having permanent assignments.

def create(scope: str, role_eligibility_schedule_request_name: str, parameters: RoleEligibilityScheduleRequest) -> RoleEligibilityScheduleRequest:
    """
    Create a role eligibility schedule request.
    
    Parameters:
    - scope: The scope of the role eligibility
    - role_eligibility_schedule_request_name: GUID for the request name
    - parameters: Eligibility request parameters
    
    Returns:
    RoleEligibilityScheduleRequest object
    """

def cancel(scope: str, role_eligibility_schedule_request_name: str) -> None:
    """
    Cancel a pending role eligibility schedule request.
    
    Parameters:
    - scope: The scope of the eligibility request
    - role_eligibility_schedule_request_name: Name of the request to cancel
    """

def get(scope: str, role_eligibility_schedule_request_name: str) -> RoleEligibilityScheduleRequest:
    """
    Get details of a role eligibility schedule request.
    
    Parameters:
    - scope: The scope of the eligibility request
    - role_eligibility_schedule_request_name: Name of the request
    
    Returns:
    RoleEligibilityScheduleRequest object
    """

def list_for_scope(scope: str, filter: Optional[str] = None) -> Iterator[RoleEligibilityScheduleRequest]:
    """
    List role eligibility schedule requests for a scope.
    
    Parameters:
    - scope: The scope to list requests for
    - filter: OData filter expression (optional)
    
    Returns:
    Iterator of RoleEligibilityScheduleRequest objects
    """

Role Eligibility Schedule Instances

Query active role eligibility instances that define current eligibility status for principals.

def get(scope: str, role_eligibility_schedule_instance_name: str) -> RoleEligibilityScheduleInstance:
    """
    Get details of a role eligibility schedule instance.
    
    Parameters:
    - scope: The scope of the eligibility instance
    - role_eligibility_schedule_instance_name: Name of the instance
    
    Returns:
    RoleEligibilityScheduleInstance object
    """

def list_for_scope(scope: str, filter: Optional[str] = None) -> Iterator[RoleEligibilityScheduleInstance]:
    """
    List role eligibility schedule instances for a scope.
    
    Parameters:
    - scope: The scope to list instances for
    - filter: OData filter expression (optional)
    
    Returns:
    Iterator of RoleEligibilityScheduleInstance objects
    """

Role Eligibility Schedules

Manage the schedules that define when role eligibility is available for activation.

def get(scope: str, role_eligibility_schedule_name: str) -> RoleEligibilitySchedule:
    """
    Get details of a role eligibility schedule.
    
    Parameters:
    - scope: The scope of the eligibility schedule
    - role_eligibility_schedule_name: Name of the schedule
    
    Returns:
    RoleEligibilitySchedule object
    """

def list_for_scope(scope: str, filter: Optional[str] = None) -> Iterator[RoleEligibilitySchedule]:
    """
    List role eligibility schedules for a scope.
    
    Parameters:
    - scope: The scope to list schedules for
    - filter: OData filter expression (optional)
    
    Returns:
    Iterator of RoleEligibilitySchedule objects
    """

Role Management Policies

Configure PIM policies that govern how role assignments and eligibility work, including approval requirements, activation duration, and MFA requirements.

def get(scope: str, role_management_policy_name: str) -> RoleManagementPolicy:
    """
    Get details of a role management policy.
    
    Parameters:
    - scope: The scope of the policy
    - role_management_policy_name: Name of the policy
    
    Returns:
    RoleManagementPolicy object
    """

def update(scope: str, role_management_policy_name: str, parameters: RoleManagementPolicy) -> RoleManagementPolicy:
    """
    Update a role management policy.
    
    Parameters:
    - scope: The scope of the policy
    - role_management_policy_name: Name of the policy to update
    - parameters: Updated policy parameters
    
    Returns:
    Updated RoleManagementPolicy object
    """

def list_for_scope(scope: str, filter: Optional[str] = None) -> Iterator[RoleManagementPolicy]:
    """
    List role management policies for a scope.
    
    Parameters:
    - scope: The scope to list policies for
    - filter: OData filter expression (optional)
    
    Returns:
    Iterator of RoleManagementPolicy objects
    """

Role Management Policy Assignments

Assign policies to specific roles to enforce governance rules for those roles.

def create(scope: str, role_management_policy_assignment_name: str, parameters: RoleManagementPolicyAssignment) -> RoleManagementPolicyAssignment:
    """
    Create a role management policy assignment.
    
    Parameters:
    - scope: The scope of the policy assignment
    - role_management_policy_assignment_name: GUID for the assignment name
    - parameters: Policy assignment parameters
    
    Returns:
    RoleManagementPolicyAssignment object
    """

def delete(scope: str, role_management_policy_assignment_name: str) -> None:
    """
    Delete a role management policy assignment.
    
    Parameters:
    - scope: The scope of the policy assignment
    - role_management_policy_assignment_name: Name of the assignment to delete
    """

def get(scope: str, role_management_policy_assignment_name: str) -> RoleManagementPolicyAssignment:
    """
    Get details of a role management policy assignment.
    
    Parameters:
    - scope: The scope of the policy assignment
    - role_management_policy_assignment_name: Name of the assignment
    
    Returns:
    RoleManagementPolicyAssignment object
    """

def list_for_scope(scope: str, filter: Optional[str] = None) -> Iterator[RoleManagementPolicyAssignment]:
    """
    List role management policy assignments for a scope.
    
    Parameters:
    - scope: The scope to list assignments for
    - filter: OData filter expression (optional)
    
    Returns:
    Iterator of RoleManagementPolicyAssignment objects
    """

Eligible Child Resources

Discover child resources that can be managed through PIM for hierarchical access control.

def get(scope: str) -> EligibleChildResourcesListResult:
    """
    Get eligible child resources for PIM management.
    
    Parameters:
    - scope: The parent scope to discover child resources for
    
    Returns:
    EligibleChildResourcesListResult with child resource information
    """

Role Assignment Approval

Manage approval workflows for role assignment requests in PIM scenarios.

def get(scope: str, role_assignment_approval_id: str) -> RoleAssignmentApproval:
    """
    Get details of a role assignment approval.
    
    Parameters:
    - scope: The scope of the approval
    - role_assignment_approval_id: ID of the approval
    
    Returns:
    RoleAssignmentApproval object
    """

def patch(scope: str, role_assignment_approval_id: str, parameters: RoleAssignmentApproval) -> RoleAssignmentApproval:
    """
    Update a role assignment approval.
    
    Parameters:
    - scope: The scope of the approval
    - role_assignment_approval_id: ID of the approval to update
    - parameters: Updated approval parameters
    
    Returns:
    Updated RoleAssignmentApproval object
    """

Role Assignment Approval Steps

Manage individual approval steps within multi-stage approval workflows.

def get(scope: str, role_assignment_approval_id: str, role_assignment_approval_step_id: str) -> RoleAssignmentApprovalStep:
    """
    Get details of a specific approval step.
    
    Parameters:
    - scope: The scope of the approval
    - role_assignment_approval_id: ID of the parent approval
    - role_assignment_approval_step_id: ID of the approval step
    
    Returns:
    RoleAssignmentApprovalStep object
    """

def patch(scope: str, role_assignment_approval_id: str, role_assignment_approval_step_id: str, parameters: RoleAssignmentApprovalStep) -> RoleAssignmentApprovalStep:
    """
    Update an approval step (approve or deny).
    
    Parameters:
    - scope: The scope of the approval
    - role_assignment_approval_id: ID of the parent approval
    - role_assignment_approval_step_id: ID of the approval step to update
    - parameters: Updated approval step parameters
    
    Returns:
    Updated RoleAssignmentApprovalStep object
    """

def list(scope: str, role_assignment_approval_id: str, filter: Optional[str] = None) -> Iterator[RoleAssignmentApprovalStep]:
    """
    List approval steps for a role assignment approval.
    
    Parameters:
    - scope: The scope of the approval
    - role_assignment_approval_id: ID of the parent approval
    - filter: OData filter expression (optional)
    
    Returns:
    Iterator of RoleAssignmentApprovalStep objects
    """

Scope-specific Role Assignment Approvals

Manage approvals at specific scope levels with dedicated operation groups.

def get_scope_approval(scope: str, role_assignment_approval_id: str) -> RoleAssignmentApproval:
    """
    Get scope-specific role assignment approval.
    
    Parameters:
    - scope: The specific scope of the approval
    - role_assignment_approval_id: ID of the approval
    
    Returns:
    RoleAssignmentApproval object with scope-specific details
    """

def patch_scope_approval(scope: str, role_assignment_approval_id: str, parameters: RoleAssignmentApproval) -> RoleAssignmentApproval:
    """
    Update scope-specific role assignment approval.
    
    Parameters:
    - scope: The specific scope of the approval
    - role_assignment_approval_id: ID of the approval to update
    - parameters: Updated approval parameters
    
    Returns:
    Updated RoleAssignmentApproval object
    """

def get_scope_approval_step(scope: str, role_assignment_approval_id: str, role_assignment_approval_step_id: str) -> RoleAssignmentApprovalStep:
    """
    Get scope-specific approval step.
    
    Parameters:
    - scope: The specific scope of the approval
    - role_assignment_approval_id: ID of the parent approval
    - role_assignment_approval_step_id: ID of the approval step
    
    Returns:
    RoleAssignmentApprovalStep object
    """

def patch_scope_approval_step(scope: str, role_assignment_approval_id: str, role_assignment_approval_step_id: str, parameters: RoleAssignmentApprovalStep) -> RoleAssignmentApprovalStep:
    """
    Update scope-specific approval step.
    
    Parameters:
    - scope: The specific scope of the approval
    - role_assignment_approval_id: ID of the parent approval
    - role_assignment_approval_step_id: ID of the approval step to update
    - parameters: Updated approval step parameters
    
    Returns:
    Updated RoleAssignmentApprovalStep object
    """

def list_scope_approval_steps(scope: str, role_assignment_approval_id: str) -> Iterator[RoleAssignmentApprovalStep]:
    """
    List scope-specific approval steps.
    
    Parameters:
    - scope: The specific scope of the approval
    - role_assignment_approval_id: ID of the parent approval
    
    Returns:
    Iterator of RoleAssignmentApprovalStep objects
    """

Scope-specific Role Assignment Approval Operations

Manage PIM approval workflows at specific scope levels for fine-grained governance control. These operations provide resource, subscription, and management group-level approval management for role assignments.

Scope Role Assignment Approval

def get_scope_approval(scope: str, role_assignment_schedule_request_name: str) -> RoleAssignmentApproval:
    """
    Get a scope-specific role assignment approval.
    
    Parameters:
    - scope: The scope of the approval (e.g., "/subscriptions/{id}")
    - role_assignment_schedule_request_name: Name of the schedule request
    
    Returns:
    RoleAssignmentApproval object with approval details
    """

Scope Role Assignment Approval Step

def get_scope_approval_step(scope: str, role_assignment_schedule_request_name: str, step_id: str) -> RoleAssignmentApprovalStep:
    """
    Get a specific approval step for a scope-specific role assignment.
    
    Parameters:
    - scope: The scope of the approval
    - role_assignment_schedule_request_name: Name of the schedule request
    - step_id: ID of the approval step
    
    Returns:
    RoleAssignmentApprovalStep object with step details
    """

def patch_scope_approval_step(scope: str, role_assignment_schedule_request_name: str, step_id: str, properties: RoleAssignmentApprovalStep) -> RoleAssignmentApprovalStep:
    """
    Update (approve/deny) a scope-specific role assignment approval step.
    
    Parameters:
    - scope: The scope of the approval
    - role_assignment_schedule_request_name: Name of the schedule request
    - step_id: ID of the approval step to update
    - properties: Updated approval step properties (decision, justification)
    
    Returns:
    Updated RoleAssignmentApprovalStep object
    """

Scope Role Assignment Approval Steps

def list_scope_approval_steps(scope: str, role_assignment_schedule_request_name: str, filter: Optional[str] = None) -> Iterator[RoleAssignmentApprovalStep]:
    """
    List all approval steps for a scope-specific role assignment approval.
    
    Parameters:
    - scope: The scope of the approval
    - role_assignment_schedule_request_name: Name of the schedule request
    - filter: OData filter expression (optional)
    
    Returns:
    Iterator of RoleAssignmentApprovalStep objects
    """

Usage Examples

Creating a Time-bound Role Assignment

from azure.mgmt.authorization.models import RoleAssignmentScheduleRequest
from datetime import datetime, timedelta

# Create a time-bound role assignment request
schedule_request = RoleAssignmentScheduleRequest(
    request_type="AdminAssign",
    principal_id="user-object-id",
    role_definition_id="/subscriptions/sub-id/providers/Microsoft.Authorization/roleDefinitions/role-id",
    justification="Temporary access for maintenance work",
    schedule_info={
        "start_date_time": datetime.utcnow(),
        "expiration": {
            "type": "AfterDuration",
            "duration": "PT8H"  # 8 hours duration
        }
    }
)

# Submit the request
request = client.role_assignment_schedule_requests.create(
    scope="/subscriptions/your-subscription-id",
    role_assignment_schedule_request_name="request-guid",
    parameters=schedule_request
)

Creating Role Eligibility

from azure.mgmt.authorization.models import RoleEligibilityScheduleRequest

# Create role eligibility that allows on-demand activation
eligibility_request = RoleEligibilityScheduleRequest(
    request_type="AdminAssign",
    principal_id="user-object-id", 
    role_definition_id="/subscriptions/sub-id/providers/Microsoft.Authorization/roleDefinitions/role-id",
    justification="Eligible for on-demand access",
    schedule_info={
        "start_date_time": datetime.utcnow(),
        "expiration": {
            "type": "AfterDuration",
            "duration": "P30D"  # 30 days eligibility
        }
    }
)

# Submit the eligibility request
eligibility = client.role_eligibility_schedule_requests.create(
    scope="/subscriptions/your-subscription-id",
    role_eligibility_schedule_request_name="eligibility-guid",
    parameters=eligibility_request
)

Configuring PIM Policy

from azure.mgmt.authorization.models import RoleManagementPolicy

# Update a role management policy to require approval and MFA
policy_update = RoleManagementPolicy(
    rules=[
        {
            "rule_type": "RoleManagementPolicyApprovalRule",
            "id": "Approval_EndUser_Assignment",
            "setting": {
                "is_approval_required": True,
                "is_approval_required_for_extension": True,
                "approval_stages": [{
                    "approval_stage_time_out_in_days": 1,
                    "is_approver_justification_required": True,
                    "escalation_time_in_minutes": 0,
                    "primary_approvers": [{
                        "id": "approver-object-id",
                        "user_type": "User"
                    }]
                }]
            }
        },
        {
            "rule_type": "RoleManagementPolicyAuthenticationContextRule", 
            "id": "AuthenticationContext_EndUser_Assignment",
            "is_enabled": True,
            "claim_value": "c1"  # MFA requirement
        }
    ]
)

# Apply the policy update
updated_policy = client.role_management_policies.update(
    scope="/subscriptions/your-subscription-id",
    role_management_policy_name="policy-name",
    parameters=policy_update
)

Activating an Eligible Role

# Self-activate an eligible role assignment
activation_request = RoleAssignmentScheduleRequest(
    request_type="SelfActivate",
    principal_id="current-user-object-id",
    role_definition_id="/subscriptions/sub-id/providers/Microsoft.Authorization/roleDefinitions/role-id",
    justification="Need access to troubleshoot production issue",
    schedule_info={
        "start_date_time": datetime.utcnow(),
        "expiration": {
            "type": "AfterDuration", 
            "duration": "PT4H"  # 4 hours activation
        }
    }
)

# Submit activation request
activation = client.role_assignment_schedule_requests.create(
    scope="/subscriptions/your-subscription-id",
    role_assignment_schedule_request_name="activation-guid",
    parameters=activation_request
)

Types

PIM Request Types

class RoleAssignmentScheduleRequestPropertiesScheduleInfo:
    start_date_time: Optional[datetime]
    expiration: Optional[RoleAssignmentScheduleRequestPropertiesScheduleInfoExpiration]

class RoleAssignmentScheduleRequestPropertiesScheduleInfoExpiration:
    type: Optional[str]  # "AfterDuration", "AfterDateTime", "NoExpiration"
    end_date_time: Optional[datetime]
    duration: Optional[str]  # ISO 8601 duration format

class RoleEligibilityScheduleRequestPropertiesScheduleInfo:
    start_date_time: Optional[datetime]
    expiration: Optional[RoleEligibilityScheduleRequestPropertiesScheduleInfoExpiration]

class RoleEligibilityScheduleRequestPropertiesScheduleInfoExpiration:
    type: Optional[str]  # "AfterDuration", "AfterDateTime", "NoExpiration"
    end_date_time: Optional[datetime]
    duration: Optional[str]  # ISO 8601 duration format

PIM Schedule Types

class RoleAssignmentScheduleInstance:
    id: Optional[str]
    name: Optional[str]
    type: Optional[str]
    scope: Optional[str]
    role_definition_id: Optional[str]
    principal_id: Optional[str]
    principal_type: Optional[str]
    role_assignment_schedule_id: Optional[str]
    start_date_time: Optional[datetime]
    end_date_time: Optional[datetime]
    assignment_state: Optional[str]
    member_type: Optional[str]

class RoleEligibilityScheduleInstance:
    id: Optional[str]
    name: Optional[str]
    type: Optional[str]
    scope: Optional[str]
    role_definition_id: Optional[str]
    principal_id: Optional[str]
    principal_type: Optional[str]
    role_eligibility_schedule_id: Optional[str]
    start_date_time: Optional[datetime]
    end_date_time: Optional[datetime]
    member_type: Optional[str]

PIM Policy Types

class RoleManagementPolicyRule:
    id: Optional[str]
    rule_type: Optional[str]
    target: Optional[RoleManagementPolicyRuleTarget]

class RoleManagementPolicyRuleTarget:
    caller: Optional[str]
    operations: Optional[List[str]]
    level: Optional[str]
    targetObjects: Optional[List[str]]

class RoleManagementPolicyAssignment:
    id: Optional[str]
    name: Optional[str]
    type: Optional[str]
    scope: Optional[str]
    role_definition_id: Optional[str]
    policy_id: Optional[str]
    policy_assignment_properties: Optional[dict]

class EligibleChildResource:
    id: Optional[str]
    name: Optional[str]
    type: Optional[str]
    has_eligible_child_resources: Optional[bool]

PIM Approval Types

class RoleAssignmentApproval:
    id: Optional[str]
    name: Optional[str]
    type: Optional[str]
    stages: Optional[List[RoleAssignmentApprovalStep]]

class RoleAssignmentApprovalStep:
    id: Optional[str]
    display_name: Optional[str]
    review_result: Optional[str]
    status: Optional[str]
    assigned_to_me: Optional[bool]
    reviewers: Optional[List[RoleAssignmentApprovalStepReviewer]]
    justification: Optional[str]
    review_date_time: Optional[datetime]

class RoleAssignmentApprovalStepReviewer:
    id: Optional[str]
    display_name: Optional[str]
    user_type: Optional[str]

Constants

PIM Request Types

class RequestType:
    ADMIN_ASSIGN = "AdminAssign"
    ADMIN_REMOVE = "AdminRemove"
    ADMIN_UPDATE = "AdminUpdate"
    ADMIN_EXTEND = "AdminExtend"
    ADMIN_RENEW = "AdminRenew"
    SELF_ACTIVATE = "SelfActivate"
    SELF_DEACTIVATE = "SelfDeactivate"
    SELF_EXTEND = "SelfExtend"
    SELF_RENEW = "SelfRenew"

class AssignmentState:
    ELIGIBLE = "Eligible"
    ACTIVE = "Active"

class MemberType:
    INHERITED = "Inherited"
    DIRECT = "Direct"
    GROUP = "Group"

class ExpirationType:
    AFTER_DURATION = "AfterDuration"
    AFTER_DATE_TIME = "AfterDateTime"
    NO_EXPIRATION = "NoExpiration"

PIM Policy Rule Types

class PolicyRuleType:
    ROLE_MANAGEMENT_POLICY_APPROVAL_RULE = "RoleManagementPolicyApprovalRule"
    ROLE_MANAGEMENT_POLICY_AUTHENTICATION_CONTEXT_RULE = "RoleManagementPolicyAuthenticationContextRule"
    ROLE_MANAGEMENT_POLICY_ENABLEMENT_RULE = "RoleManagementPolicyEnablementRule"
    ROLE_MANAGEMENT_POLICY_EXPIRATION_RULE = "RoleManagementPolicyExpirationRule"
    ROLE_MANAGEMENT_POLICY_NOTIFICATION_RULE = "RoleManagementPolicyNotificationRule"

Error Handling

Common PIM-specific exceptions:

  • BadRequestError: Invalid schedule parameters or conflicting requests
  • ForbiddenError: Insufficient privileges for PIM operations or policy violations
  • ConflictError: Overlapping schedules or duplicate requests
  • RequestTimeoutError: Approval timeout or schedule activation timeout
from azure.core.exceptions import BadRequestError, ConflictError

try:
    schedule_request = client.role_assignment_schedule_requests.create(
        scope, request_name, parameters
    )
except BadRequestError as e:
    print(f"Invalid request parameters: {e.message}")
except ConflictError as e:
    print(f"Schedule conflict: {e.message}")

Install with Tessl CLI

npx tessl i tessl/pypi-azure-mgmt-authorization

docs

access-reviews.md

alerts.md

auth-config.md

core-rbac.md

index.md

legacy-admin.md

metrics.md

pim.md

tile.json