DataZone / Client / add_policy_grant

add_policy_grant#

DataZone.Client.add_policy_grant(**kwargs)#

Adds a policy grant (an authorization policy) to a specified entity, including domain units, environment blueprint configurations, or environment profiles.

See also: AWS API Documentation

Request Syntax

response = client.add_policy_grant(
    clientToken='string',
    detail={
        'addToProjectMemberPool': {
            'includeChildDomainUnits': True|False
        },
        'createAssetType': {
            'includeChildDomainUnits': True|False
        },
        'createDomainUnit': {
            'includeChildDomainUnits': True|False
        },
        'createEnvironment': {}
        ,
        'createEnvironmentProfile': {
            'domainUnitId': 'string'
        },
        'createFormType': {
            'includeChildDomainUnits': True|False
        },
        'createGlossary': {
            'includeChildDomainUnits': True|False
        },
        'createProject': {
            'includeChildDomainUnits': True|False
        },
        'delegateCreateEnvironmentProfile': {}
        ,
        'overrideDomainUnitOwners': {
            'includeChildDomainUnits': True|False
        },
        'overrideProjectOwners': {
            'includeChildDomainUnits': True|False
        }
    },
    domainIdentifier='string',
    entityIdentifier='string',
    entityType='DOMAIN_UNIT'|'ENVIRONMENT_BLUEPRINT_CONFIGURATION'|'ENVIRONMENT_PROFILE',
    policyType='CREATE_DOMAIN_UNIT'|'OVERRIDE_DOMAIN_UNIT_OWNERS'|'ADD_TO_PROJECT_MEMBER_POOL'|'OVERRIDE_PROJECT_OWNERS'|'CREATE_GLOSSARY'|'CREATE_FORM_TYPE'|'CREATE_ASSET_TYPE'|'CREATE_PROJECT'|'CREATE_ENVIRONMENT_PROFILE'|'DELEGATE_CREATE_ENVIRONMENT_PROFILE'|'CREATE_ENVIRONMENT',
    principal={
        'domainUnit': {
            'domainUnitDesignation': 'OWNER',
            'domainUnitGrantFilter': {
                'allDomainUnitsGrantFilter': {}

            },
            'domainUnitIdentifier': 'string'
        },
        'group': {
            'groupIdentifier': 'string'
        },
        'project': {
            'projectDesignation': 'OWNER'|'CONTRIBUTOR'|'PROJECT_CATALOG_STEWARD',
            'projectGrantFilter': {
                'domainUnitFilter': {
                    'domainUnit': 'string',
                    'includeChildDomainUnits': True|False
                }
            },
            'projectIdentifier': 'string'
        },
        'user': {
            'allUsersGrantFilter': {}
            ,
            'userIdentifier': 'string'
        }
    }
)
Parameters:
  • clientToken (string) –

    A unique, case-sensitive identifier that is provided to ensure the idempotency of the request.

    This field is autopopulated if not provided.

  • detail (dict) –

    [REQUIRED]

    The details of the policy grant.

    Note

    This is a Tagged Union structure. Only one of the following top level keys can be set: addToProjectMemberPool, createAssetType, createDomainUnit, createEnvironment, createEnvironmentProfile, createFormType, createGlossary, createProject, delegateCreateEnvironmentProfile, overrideDomainUnitOwners, overrideProjectOwners.

    • addToProjectMemberPool (dict) –

      Specifies that the policy grant is to be added to the members of the project.

      • includeChildDomainUnits (boolean) –

        Specifies whether the policy grant is applied to child domain units.

    • createAssetType (dict) –

      Specifies that this is a create asset type policy.

      • includeChildDomainUnits (boolean) –

        Specifies whether the policy grant is applied to child domain units.

    • createDomainUnit (dict) –

      Specifies that this is a create domain unit policy.

      • includeChildDomainUnits (boolean) –

        Specifies whether the policy grant is applied to child domain units.

    • createEnvironment (dict) –

      Specifies that this is a create environment policy.

    • createEnvironmentProfile (dict) –

      Specifies that this is a create environment profile policy.

      • domainUnitId (string) –

        The ID of the domain unit.

    • createFormType (dict) –

      Specifies that this is a create form type policy.

      • includeChildDomainUnits (boolean) –

        Specifies whether the policy grant is applied to child domain units.

    • createGlossary (dict) –

      Specifies that this is a create glossary policy.

      • includeChildDomainUnits (boolean) –

        Specifies whether the policy grant is applied to child domain units.

    • createProject (dict) –

      Specifies that this is a create project policy.

      • includeChildDomainUnits (boolean) –

        Specifies whether the policy grant is applied to child domain units.

    • delegateCreateEnvironmentProfile (dict) –

      Specifies that this is the delegation of the create environment profile policy.

    • overrideDomainUnitOwners (dict) –

      Specifies whether to override domain unit owners.

      • includeChildDomainUnits (boolean) –

        Specifies whether the policy is inherited by child domain units.

    • overrideProjectOwners (dict) –

      Specifies whether to override project owners.

      • includeChildDomainUnits (boolean) –

        Specifies whether the policy is inherited by child domain units.

  • domainIdentifier (string) –

    [REQUIRED]

    The ID of the domain where you want to add a policy grant.

  • entityIdentifier (string) –

    [REQUIRED]

    The ID of the entity (resource) to which you want to add a policy grant.

  • entityType (string) –

    [REQUIRED]

    The type of entity (resource) to which the grant is added.

  • policyType (string) –

    [REQUIRED]

    The type of policy that you want to grant.

  • principal (dict) –

    [REQUIRED]

    The principal to whom the permissions are granted.

    Note

    This is a Tagged Union structure. Only one of the following top level keys can be set: domainUnit, group, project, user.

    • domainUnit (dict) –

      The domain unit of the policy grant principal.

      • domainUnitDesignation (string) – [REQUIRED]

        Specifes the designation of the domain unit users.

      • domainUnitGrantFilter (dict) –

        The grant filter for the domain unit.

        Note

        This is a Tagged Union structure. Only one of the following top level keys can be set: allDomainUnitsGrantFilter.

        • allDomainUnitsGrantFilter (dict) –

          Specifies a grant filter containing all domain units.

      • domainUnitIdentifier (string) –

        The ID of the domain unit.

    • group (dict) –

      The group of the policy grant principal.

      Note

      This is a Tagged Union structure. Only one of the following top level keys can be set: groupIdentifier.

      • groupIdentifier (string) –

        The ID Of the group of the group principal.

    • project (dict) –

      The project of the policy grant principal.

      • projectDesignation (string) – [REQUIRED]

        The project designation of the project policy grant principal.

      • projectGrantFilter (dict) –

        The project grant filter of the project policy grant principal.

        Note

        This is a Tagged Union structure. Only one of the following top level keys can be set: domainUnitFilter.

        • domainUnitFilter (dict) –

          The domain unit filter of the project grant filter.

          • domainUnit (string) – [REQUIRED]

            The domain unit ID to use in the filter.

          • includeChildDomainUnits (boolean) –

            Specifies whether to include child domain units.

      • projectIdentifier (string) –

        The project ID of the project policy grant principal.

    • user (dict) –

      The user of the policy grant principal.

      Note

      This is a Tagged Union structure. Only one of the following top level keys can be set: allUsersGrantFilter, userIdentifier.

      • allUsersGrantFilter (dict) –

        The all users grant filter of the user policy grant principal.

      • userIdentifier (string) –

        The user ID of the user policy grant principal.

Return type:

dict

Returns:

Response Syntax

{}

Response Structure

  • (dict) –

Exceptions

  • DataZone.Client.exceptions.InternalServerException

  • DataZone.Client.exceptions.AccessDeniedException

  • DataZone.Client.exceptions.ThrottlingException

  • DataZone.Client.exceptions.ServiceQuotaExceededException

  • DataZone.Client.exceptions.ConflictException

  • DataZone.Client.exceptions.ValidationException

  • DataZone.Client.exceptions.UnauthorizedException