DataZone / Client / add_policy_grant

add_policy_grant#

DataZone.Client.add_policy_grant(**kwargs)#

Adds a policy grant (an authorization policy) to a specified entity, including domain units, environment blueprint configurations, or environment profiles.

Request Syntax

response = client.add_policy_grant(
    clientToken='string',
    detail={
        'addToProjectMemberPool': {
            'includeChildDomainUnits': True|False
        },
        'createAssetType': {
            'includeChildDomainUnits': True|False
        },
        'createDomainUnit': {
            'includeChildDomainUnits': True|False
        },
        'createEnvironment': {}
        ,
        'createEnvironmentProfile': {
            'domainUnitId': 'string'
        },
        'createFormType': {
            'includeChildDomainUnits': True|False
        },
        'createGlossary': {
            'includeChildDomainUnits': True|False
        },
        'createProject': {
            'includeChildDomainUnits': True|False
        },
        'delegateCreateEnvironmentProfile': {}
        ,
        'overrideDomainUnitOwners': {
            'includeChildDomainUnits': True|False
        },
        'overrideProjectOwners': {
            'includeChildDomainUnits': True|False
        }
    },
    domainIdentifier='string',
    entityIdentifier='string',
    entityType='DOMAIN_UNIT'|'ENVIRONMENT_BLUEPRINT_CONFIGURATION'|'ENVIRONMENT_PROFILE',
    policyType='CREATE_DOMAIN_UNIT'|'OVERRIDE_DOMAIN_UNIT_OWNERS'|'ADD_TO_PROJECT_MEMBER_POOL'|'OVERRIDE_PROJECT_OWNERS'|'CREATE_GLOSSARY'|'CREATE_FORM_TYPE'|'CREATE_ASSET_TYPE'|'CREATE_PROJECT'|'CREATE_ENVIRONMENT_PROFILE'|'DELEGATE_CREATE_ENVIRONMENT_PROFILE'|'CREATE_ENVIRONMENT',
    principal={
        'domainUnit': {
            'domainUnitDesignation': 'OWNER',
            'domainUnitGrantFilter': {
                'allDomainUnitsGrantFilter': {}

            },
            'domainUnitIdentifier': 'string'
        },
        'group': {
            'groupIdentifier': 'string'
        },
        'project': {
            'projectDesignation': 'OWNER'|'CONTRIBUTOR',
            'projectGrantFilter': {
                'domainUnitFilter': {
                    'domainUnit': 'string',
                    'includeChildDomainUnits': True|False
                }
            },
            'projectIdentifier': 'string'
        },
        'user': {
            'allUsersGrantFilter': {}
            ,
            'userIdentifier': 'string'
        }
    }
)

Parameters:

clientToken (string) –
A unique, case-sensitive identifier that is provided to ensure the idempotency of the request.

This field is autopopulated if not provided.
detail (dict) –
[REQUIRED]

The details of the policy grant.

Note
This is a Tagged Union structure. Only one of the following top level keys can be set: addToProjectMemberPool, createAssetType, createDomainUnit, createEnvironment, createEnvironmentProfile, createFormType, createGlossary, createProject, delegateCreateEnvironmentProfile, overrideDomainUnitOwners, overrideProjectOwners.
- addToProjectMemberPool (dict) –
  
  Specifies that the policy grant is to be added to the members of the project.
  - includeChildDomainUnits (boolean) –
    
    Specifies whether the policy grant is applied to child domain units.
- createAssetType (dict) –
  
  Specifies that this is a create asset type policy.
  - includeChildDomainUnits (boolean) –
    
    Specifies whether the policy grant is applied to child domain units.
- createDomainUnit (dict) –
  
  Specifies that this is a create domain unit policy.
  - includeChildDomainUnits (boolean) –
    
    Specifies whether the policy grant is applied to child domain units.
- createEnvironment (dict) –
  
  Specifies that this is a create environment policy.
- createEnvironmentProfile (dict) –
  
  Specifies that this is a create environment profile policy.
  - domainUnitId (string) –
    
    The ID of the domain unit.
- createFormType (dict) –
  
  Specifies that this is a create form type policy.
  - includeChildDomainUnits (boolean) –
    
    Specifies whether the policy grant is applied to child domain units.
- createGlossary (dict) –
  
  Specifies that this is a create glossary policy.
  - includeChildDomainUnits (boolean) –
    
    Specifies whether the policy grant is applied to child domain units.
- createProject (dict) –
  
  Specifies that this is a create project policy.
  - includeChildDomainUnits (boolean) –
    
    Specifies whether the policy grant is applied to child domain units.
- delegateCreateEnvironmentProfile (dict) –
  
  Specifies that this is the delegation of the create environment profile policy.
- overrideDomainUnitOwners (dict) –
  
  Specifies whether to override domain unit owners.
  - includeChildDomainUnits (boolean) –
    
    Specifies whether the policy is inherited by child domain units.
- overrideProjectOwners (dict) –
  
  Specifies whether to override project owners.
  - includeChildDomainUnits (boolean) –
    
    Specifies whether the policy is inherited by child domain units.
domainIdentifier (string) –
[REQUIRED]

The ID of the domain where you want to add a policy grant.
entityIdentifier (string) –
[REQUIRED]

The ID of the entity (resource) to which you want to add a policy grant.
entityType (string) –
[REQUIRED]

The type of entity (resource) to which the grant is added.
policyType (string) –
[REQUIRED]

The type of policy that you want to grant.
principal (dict) –
[REQUIRED]

The principal to whom the permissions are granted.

Note
This is a Tagged Union structure. Only one of the following top level keys can be set: domainUnit, group, project, user.
- domainUnit (dict) –
  
  The domain unit of the policy grant principal.
  - domainUnitDesignation (string) – [REQUIRED]
    
    Specifes the designation of the domain unit users.
  - domainUnitGrantFilter (dict) –
    
    The grant filter for the domain unit.
    
    Note
    This is a Tagged Union structure. Only one of the following top level keys can be set: allDomainUnitsGrantFilter.
    - allDomainUnitsGrantFilter (dict) –
      
      Specifies a grant filter containing all domain units.
  - domainUnitIdentifier (string) –
    
    The ID of the domain unit.
- group (dict) –
  
  The group of the policy grant principal.
  
  Note
  This is a Tagged Union structure. Only one of the following top level keys can be set: groupIdentifier.
  - groupIdentifier (string) –
    
    The ID Of the group of the group principal.
- project (dict) –
  
  The project of the policy grant principal.
  - projectDesignation (string) – [REQUIRED]
    
    The project designation of the project policy grant principal.
  - projectGrantFilter (dict) –
    
    The project grant filter of the project policy grant principal.
    
    Note
    This is a Tagged Union structure. Only one of the following top level keys can be set: domainUnitFilter.
    - domainUnitFilter (dict) –
      
      The domain unit filter of the project grant filter.
      - domainUnit (string) – [REQUIRED]
        
        The domain unit ID to use in the filter.
      - includeChildDomainUnits (boolean) –
        
        Specifies whether to include child domain units.
  - projectIdentifier (string) –
    
    The project ID of the project policy grant principal.
- user (dict) –
  
  The user of the policy grant principal.
  
  Note
  This is a Tagged Union structure. Only one of the following top level keys can be set: allUsersGrantFilter, userIdentifier.
  - allUsersGrantFilter (dict) –
    
    The all users grant filter of the user policy grant principal.
  - userIdentifier (string) –
    
    The user ID of the user policy grant principal.

Return type:

dict

Returns:

Response Syntax

{}

Response Structure

(dict) –

Exceptions

DataZone.Client.exceptions.InternalServerException
DataZone.Client.exceptions.AccessDeniedException
DataZone.Client.exceptions.ThrottlingException
DataZone.Client.exceptions.ServiceQuotaExceededException
DataZone.Client.exceptions.ConflictException
DataZone.Client.exceptions.ValidationException
DataZone.Client.exceptions.UnauthorizedException