PcaConnectorAd / Client / create_template_group_access_control_entry
create_template_group_access_control_entry#
- PcaConnectorAd.Client.create_template_group_access_control_entry(**kwargs)#
Create a group access control entry. Allow or deny Active Directory groups from enrolling and/or autoenrolling with the template based on the group security identifiers (SIDs).
See also: AWS API Documentation
Request Syntax
response = client.create_template_group_access_control_entry( AccessRights={ 'AutoEnroll': 'ALLOW'|'DENY', 'Enroll': 'ALLOW'|'DENY' }, ClientToken='string', GroupDisplayName='string', GroupSecurityIdentifier='string', TemplateArn='string' )
- Parameters:
AccessRights (dict) –
[REQUIRED]
Allow or deny permissions for an Active Directory group to enroll or autoenroll certificates for a template.
AutoEnroll (string) –
Allow or deny an Active Directory group from autoenrolling certificates issued against a template. The Active Directory group must be allowed to enroll to allow autoenrollment
Enroll (string) –
Allow or deny an Active Directory group from enrolling certificates issued against a template.
ClientToken (string) –
Idempotency token.
This field is autopopulated if not provided.
GroupDisplayName (string) –
[REQUIRED]
Name of the Active Directory group. This name does not need to match the group name in Active Directory.
GroupSecurityIdentifier (string) –
[REQUIRED]
Security identifier (SID) of the group object from Active Directory. The SID starts with “S-“.
TemplateArn (string) –
[REQUIRED]
The Amazon Resource Name (ARN) that was returned when you called CreateTemplate.
- Returns:
None
Exceptions
PcaConnectorAd.Client.exceptions.AccessDeniedException
PcaConnectorAd.Client.exceptions.ValidationException
PcaConnectorAd.Client.exceptions.ResourceNotFoundException
PcaConnectorAd.Client.exceptions.ThrottlingException
PcaConnectorAd.Client.exceptions.ServiceQuotaExceededException
PcaConnectorAd.Client.exceptions.InternalServerException
PcaConnectorAd.Client.exceptions.ConflictException