DataZone / Client / add_policy_grant
add_policy_grant#
- DataZone.Client.add_policy_grant(**kwargs)#
Adds a policy grant (an authorization policy) to a specified entity, including domain units, environment blueprint configurations, or environment profiles.
See also: AWS API Documentation
Request Syntax
response = client.add_policy_grant( clientToken='string', detail={ 'addToProjectMemberPool': { 'includeChildDomainUnits': True|False }, 'createAssetType': { 'includeChildDomainUnits': True|False }, 'createDomainUnit': { 'includeChildDomainUnits': True|False }, 'createEnvironment': {} , 'createEnvironmentProfile': { 'domainUnitId': 'string' }, 'createFormType': { 'includeChildDomainUnits': True|False }, 'createGlossary': { 'includeChildDomainUnits': True|False }, 'createProject': { 'includeChildDomainUnits': True|False }, 'delegateCreateEnvironmentProfile': {} , 'overrideDomainUnitOwners': { 'includeChildDomainUnits': True|False }, 'overrideProjectOwners': { 'includeChildDomainUnits': True|False } }, domainIdentifier='string', entityIdentifier='string', entityType='DOMAIN_UNIT'|'ENVIRONMENT_BLUEPRINT_CONFIGURATION'|'ENVIRONMENT_PROFILE', policyType='CREATE_DOMAIN_UNIT'|'OVERRIDE_DOMAIN_UNIT_OWNERS'|'ADD_TO_PROJECT_MEMBER_POOL'|'OVERRIDE_PROJECT_OWNERS'|'CREATE_GLOSSARY'|'CREATE_FORM_TYPE'|'CREATE_ASSET_TYPE'|'CREATE_PROJECT'|'CREATE_ENVIRONMENT_PROFILE'|'DELEGATE_CREATE_ENVIRONMENT_PROFILE'|'CREATE_ENVIRONMENT', principal={ 'domainUnit': { 'domainUnitDesignation': 'OWNER', 'domainUnitGrantFilter': { 'allDomainUnitsGrantFilter': {} }, 'domainUnitIdentifier': 'string' }, 'group': { 'groupIdentifier': 'string' }, 'project': { 'projectDesignation': 'OWNER'|'CONTRIBUTOR'|'PROJECT_CATALOG_STEWARD', 'projectGrantFilter': { 'domainUnitFilter': { 'domainUnit': 'string', 'includeChildDomainUnits': True|False } }, 'projectIdentifier': 'string' }, 'user': { 'allUsersGrantFilter': {} , 'userIdentifier': 'string' } } )
- Parameters:
clientToken (string) –
A unique, case-sensitive identifier that is provided to ensure the idempotency of the request.
This field is autopopulated if not provided.
detail (dict) –
[REQUIRED]
The details of the policy grant.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set:
addToProjectMemberPool
,createAssetType
,createDomainUnit
,createEnvironment
,createEnvironmentProfile
,createFormType
,createGlossary
,createProject
,delegateCreateEnvironmentProfile
,overrideDomainUnitOwners
,overrideProjectOwners
.addToProjectMemberPool (dict) –
Specifies that the policy grant is to be added to the members of the project.
includeChildDomainUnits (boolean) –
Specifies whether the policy grant is applied to child domain units.
createAssetType (dict) –
Specifies that this is a create asset type policy.
includeChildDomainUnits (boolean) –
Specifies whether the policy grant is applied to child domain units.
createDomainUnit (dict) –
Specifies that this is a create domain unit policy.
includeChildDomainUnits (boolean) –
Specifies whether the policy grant is applied to child domain units.
createEnvironment (dict) –
Specifies that this is a create environment policy.
createEnvironmentProfile (dict) –
Specifies that this is a create environment profile policy.
domainUnitId (string) –
The ID of the domain unit.
createFormType (dict) –
Specifies that this is a create form type policy.
includeChildDomainUnits (boolean) –
Specifies whether the policy grant is applied to child domain units.
createGlossary (dict) –
Specifies that this is a create glossary policy.
includeChildDomainUnits (boolean) –
Specifies whether the policy grant is applied to child domain units.
createProject (dict) –
Specifies that this is a create project policy.
includeChildDomainUnits (boolean) –
Specifies whether the policy grant is applied to child domain units.
delegateCreateEnvironmentProfile (dict) –
Specifies that this is the delegation of the create environment profile policy.
overrideDomainUnitOwners (dict) –
Specifies whether to override domain unit owners.
includeChildDomainUnits (boolean) –
Specifies whether the policy is inherited by child domain units.
overrideProjectOwners (dict) –
Specifies whether to override project owners.
includeChildDomainUnits (boolean) –
Specifies whether the policy is inherited by child domain units.
domainIdentifier (string) –
[REQUIRED]
The ID of the domain where you want to add a policy grant.
entityIdentifier (string) –
[REQUIRED]
The ID of the entity (resource) to which you want to add a policy grant.
entityType (string) –
[REQUIRED]
The type of entity (resource) to which the grant is added.
policyType (string) –
[REQUIRED]
The type of policy that you want to grant.
principal (dict) –
[REQUIRED]
The principal to whom the permissions are granted.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set:
domainUnit
,group
,project
,user
.domainUnit (dict) –
The domain unit of the policy grant principal.
domainUnitDesignation (string) – [REQUIRED]
Specifes the designation of the domain unit users.
domainUnitGrantFilter (dict) –
The grant filter for the domain unit.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set:
allDomainUnitsGrantFilter
.allDomainUnitsGrantFilter (dict) –
Specifies a grant filter containing all domain units.
domainUnitIdentifier (string) –
The ID of the domain unit.
group (dict) –
The group of the policy grant principal.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set:
groupIdentifier
.groupIdentifier (string) –
The ID Of the group of the group principal.
project (dict) –
The project of the policy grant principal.
projectDesignation (string) – [REQUIRED]
The project designation of the project policy grant principal.
projectGrantFilter (dict) –
The project grant filter of the project policy grant principal.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set:
domainUnitFilter
.domainUnitFilter (dict) –
The domain unit filter of the project grant filter.
domainUnit (string) – [REQUIRED]
The domain unit ID to use in the filter.
includeChildDomainUnits (boolean) –
Specifies whether to include child domain units.
projectIdentifier (string) –
The project ID of the project policy grant principal.
user (dict) –
The user of the policy grant principal.
Note
This is a Tagged Union structure. Only one of the following top level keys can be set:
allUsersGrantFilter
,userIdentifier
.allUsersGrantFilter (dict) –
The all users grant filter of the user policy grant principal.
userIdentifier (string) –
The user ID of the user policy grant principal.
- Return type:
dict
- Returns:
Response Syntax
{}
Response Structure
(dict) –
Exceptions
DataZone.Client.exceptions.InternalServerException
DataZone.Client.exceptions.AccessDeniedException
DataZone.Client.exceptions.ThrottlingException
DataZone.Client.exceptions.ServiceQuotaExceededException
DataZone.Client.exceptions.ConflictException
DataZone.Client.exceptions.ValidationException
DataZone.Client.exceptions.UnauthorizedException