DataZone / Client / list_policy_grants

list_policy_grants#

DataZone.Client.list_policy_grants(**kwargs)#

Lists policy grants.

See also: AWS API Documentation

Request Syntax

response = client.list_policy_grants(
    domainIdentifier='string',
    entityIdentifier='string',
    entityType='DOMAIN_UNIT'|'ENVIRONMENT_BLUEPRINT_CONFIGURATION'|'ENVIRONMENT_PROFILE',
    maxResults=123,
    nextToken='string',
    policyType='CREATE_DOMAIN_UNIT'|'OVERRIDE_DOMAIN_UNIT_OWNERS'|'ADD_TO_PROJECT_MEMBER_POOL'|'OVERRIDE_PROJECT_OWNERS'|'CREATE_GLOSSARY'|'CREATE_FORM_TYPE'|'CREATE_ASSET_TYPE'|'CREATE_PROJECT'|'CREATE_ENVIRONMENT_PROFILE'|'DELEGATE_CREATE_ENVIRONMENT_PROFILE'|'CREATE_ENVIRONMENT'
)
Parameters:
  • domainIdentifier (string) –

    [REQUIRED]

    The ID of the domain where you want to list policy grants.

  • entityIdentifier (string) –

    [REQUIRED]

    The ID of the entity for which you want to list policy grants.

  • entityType (string) –

    [REQUIRED]

    The type of entity for which you want to list policy grants.

  • maxResults (integer) – The maximum number of grants to return in a single call to ListPolicyGrants. When the number of grants to be listed is greater than the value of MaxResults, the response contains a NextToken value that you can use in a subsequent call to ListPolicyGrants to list the next set of grants.

  • nextToken (string) – When the number of grants is greater than the default value for the MaxResults parameter, or if you explicitly specify a value for MaxResults that is less than the number of grants, the response includes a pagination token named NextToken. You can specify this NextToken value in a subsequent call to ListPolicyGrants to list the next set of grants.

  • policyType (string) –

    [REQUIRED]

    The type of policy that you want to list.

Return type:

dict

Returns:

Response Syntax

{
    'grantList': [
        {
            'createdAt': datetime(2015, 1, 1),
            'createdBy': 'string',
            'detail': {
                'addToProjectMemberPool': {
                    'includeChildDomainUnits': True|False
                },
                'createAssetType': {
                    'includeChildDomainUnits': True|False
                },
                'createDomainUnit': {
                    'includeChildDomainUnits': True|False
                },
                'createEnvironment': {},
                'createEnvironmentProfile': {
                    'domainUnitId': 'string'
                },
                'createFormType': {
                    'includeChildDomainUnits': True|False
                },
                'createGlossary': {
                    'includeChildDomainUnits': True|False
                },
                'createProject': {
                    'includeChildDomainUnits': True|False
                },
                'delegateCreateEnvironmentProfile': {},
                'overrideDomainUnitOwners': {
                    'includeChildDomainUnits': True|False
                },
                'overrideProjectOwners': {
                    'includeChildDomainUnits': True|False
                }
            },
            'principal': {
                'domainUnit': {
                    'domainUnitDesignation': 'OWNER',
                    'domainUnitGrantFilter': {
                        'allDomainUnitsGrantFilter': {}
                    },
                    'domainUnitIdentifier': 'string'
                },
                'group': {
                    'groupIdentifier': 'string'
                },
                'project': {
                    'projectDesignation': 'OWNER'|'CONTRIBUTOR'|'PROJECT_CATALOG_STEWARD',
                    'projectGrantFilter': {
                        'domainUnitFilter': {
                            'domainUnit': 'string',
                            'includeChildDomainUnits': True|False
                        }
                    },
                    'projectIdentifier': 'string'
                },
                'user': {
                    'allUsersGrantFilter': {},
                    'userIdentifier': 'string'
                }
            }
        },
    ],
    'nextToken': 'string'
}

Response Structure

  • (dict) –

    • grantList (list) –

      The results of this action - the listed grants.

      • (dict) –

        A member of the policy grant list.

        • createdAt (datetime) –

          Specifies the timestamp at which policy grant member was created.

        • createdBy (string) –

          Specifies the user who created the policy grant member.

        • detail (dict) –

          The details of the policy grant member.

          Note

          This is a Tagged Union structure. Only one of the following top level keys will be set: addToProjectMemberPool, createAssetType, createDomainUnit, createEnvironment, createEnvironmentProfile, createFormType, createGlossary, createProject, delegateCreateEnvironmentProfile, overrideDomainUnitOwners, overrideProjectOwners. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:

          'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
          
          • addToProjectMemberPool (dict) –

            Specifies that the policy grant is to be added to the members of the project.

            • includeChildDomainUnits (boolean) –

              Specifies whether the policy grant is applied to child domain units.

          • createAssetType (dict) –

            Specifies that this is a create asset type policy.

            • includeChildDomainUnits (boolean) –

              Specifies whether the policy grant is applied to child domain units.

          • createDomainUnit (dict) –

            Specifies that this is a create domain unit policy.

            • includeChildDomainUnits (boolean) –

              Specifies whether the policy grant is applied to child domain units.

          • createEnvironment (dict) –

            Specifies that this is a create environment policy.

          • createEnvironmentProfile (dict) –

            Specifies that this is a create environment profile policy.

            • domainUnitId (string) –

              The ID of the domain unit.

          • createFormType (dict) –

            Specifies that this is a create form type policy.

            • includeChildDomainUnits (boolean) –

              Specifies whether the policy grant is applied to child domain units.

          • createGlossary (dict) –

            Specifies that this is a create glossary policy.

            • includeChildDomainUnits (boolean) –

              Specifies whether the policy grant is applied to child domain units.

          • createProject (dict) –

            Specifies that this is a create project policy.

            • includeChildDomainUnits (boolean) –

              Specifies whether the policy grant is applied to child domain units.

          • delegateCreateEnvironmentProfile (dict) –

            Specifies that this is the delegation of the create environment profile policy.

          • overrideDomainUnitOwners (dict) –

            Specifies whether to override domain unit owners.

            • includeChildDomainUnits (boolean) –

              Specifies whether the policy is inherited by child domain units.

          • overrideProjectOwners (dict) –

            Specifies whether to override project owners.

            • includeChildDomainUnits (boolean) –

              Specifies whether the policy is inherited by child domain units.

        • principal (dict) –

          The principal of the policy grant member.

          Note

          This is a Tagged Union structure. Only one of the following top level keys will be set: domainUnit, group, project, user. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:

          'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
          
          • domainUnit (dict) –

            The domain unit of the policy grant principal.

            • domainUnitDesignation (string) –

              Specifes the designation of the domain unit users.

            • domainUnitGrantFilter (dict) –

              The grant filter for the domain unit.

              Note

              This is a Tagged Union structure. Only one of the following top level keys will be set: allDomainUnitsGrantFilter. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:

              'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
              
              • allDomainUnitsGrantFilter (dict) –

                Specifies a grant filter containing all domain units.

            • domainUnitIdentifier (string) –

              The ID of the domain unit.

          • group (dict) –

            The group of the policy grant principal.

            Note

            This is a Tagged Union structure. Only one of the following top level keys will be set: groupIdentifier. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:

            'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
            
            • groupIdentifier (string) –

              The ID Of the group of the group principal.

          • project (dict) –

            The project of the policy grant principal.

            • projectDesignation (string) –

              The project designation of the project policy grant principal.

            • projectGrantFilter (dict) –

              The project grant filter of the project policy grant principal.

              Note

              This is a Tagged Union structure. Only one of the following top level keys will be set: domainUnitFilter. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:

              'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
              
              • domainUnitFilter (dict) –

                The domain unit filter of the project grant filter.

                • domainUnit (string) –

                  The domain unit ID to use in the filter.

                • includeChildDomainUnits (boolean) –

                  Specifies whether to include child domain units.

            • projectIdentifier (string) –

              The project ID of the project policy grant principal.

          • user (dict) –

            The user of the policy grant principal.

            Note

            This is a Tagged Union structure. Only one of the following top level keys will be set: allUsersGrantFilter, userIdentifier. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:

            'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
            
            • allUsersGrantFilter (dict) –

              The all users grant filter of the user policy grant principal.

            • userIdentifier (string) –

              The user ID of the user policy grant principal.

    • nextToken (string) –

      When the number of grants is greater than the default value for the MaxResults parameter, or if you explicitly specify a value for MaxResults that is less than the number of grants, the response includes a pagination token named NextToken. You can specify this NextToken value in a subsequent call to ListPolicyGrants to list the next set of grants.

Exceptions

  • DataZone.Client.exceptions.InternalServerException

  • DataZone.Client.exceptions.AccessDeniedException

  • DataZone.Client.exceptions.ThrottlingException

  • DataZone.Client.exceptions.ValidationException

  • DataZone.Client.exceptions.UnauthorizedException