get_impersonation_role_effect
(**kwargs)¶Tests whether the given impersonation role can impersonate a target user.
See also: AWS API Documentation
Request Syntax
response = client.get_impersonation_role_effect(
OrganizationId='string',
ImpersonationRoleId='string',
TargetUser='string'
)
[REQUIRED]
The WorkMail organization where the impersonation role is defined.
[REQUIRED]
The impersonation role ID to test.
[REQUIRED]
The WorkMail organization user chosen to test the impersonation role. The following identity formats are available:
12345678-1234-1234-1234-123456789012
or S-1-1-12-1234567890-123456789-123456789-1234
user@domain.tld
user
dict
Response Syntax
{
'Type': 'FULL_ACCESS'|'READ_ONLY',
'Effect': 'ALLOW'|'DENY',
'MatchedRules': [
{
'ImpersonationRuleId': 'string',
'Name': 'string'
},
]
}
Response Structure
(dict) --
Type (string) --
The impersonation role type.
Effect (string) --
Effect of the impersonation role on the target user based on its rules. Available effects are
ALLOW
orDENY
.
MatchedRules (list) --
A list of the rules that match the input and produce the configured effect.
(dict) --
The impersonation rule that matched the input.
ImpersonationRuleId (string) --
The ID of the rule that matched the input
Name (string) --
The name of the rule that matched the input.
Exceptions
WorkMail.Client.exceptions.InvalidParameterException
WorkMail.Client.exceptions.OrganizationNotFoundException
WorkMail.Client.exceptions.OrganizationStateException
WorkMail.Client.exceptions.ResourceNotFoundException
WorkMail.Client.exceptions.EntityNotFoundException
WorkMail.Client.exceptions.EntityStateException