ServiceCatalog / Client / disassociate_principal_from_portfolio

disassociate_principal_from_portfolio#

ServiceCatalog.Client.disassociate_principal_from_portfolio(**kwargs)#

Disassociates a previously associated principal ARN from a specified portfolio.

The PrincipalType and PrincipalARN must match the AssociatePrincipalWithPortfolio call request details. For example, to disassociate an association created with a PrincipalARN of PrincipalType IAM you must use the PrincipalType IAM when calling DisassociatePrincipalFromPortfolio.

For portfolios that have been shared with principal name sharing enabled: after disassociating a principal, share recipient accounts will no longer be able to provision products in this portfolio using a role matching the name of the associated principal.

For more information, review associate-principal-with-portfolio in the Amazon Web Services CLI Command Reference.

Note

If you disassociate a principal from a portfolio, with PrincipalType as IAM, the same principal will still have access to the portfolio if it matches one of the associated principals of type IAM_PATTERN. To fully remove access for a principal, verify all the associated Principals of type IAM_PATTERN, and then ensure you disassociate any IAM_PATTERN principals that match the principal whose access you are removing.

See also: AWS API Documentation

Request Syntax

response = client.disassociate_principal_from_portfolio(
    AcceptLanguage='string',
    PortfolioId='string',
    PrincipalARN='string',
    PrincipalType='IAM'|'IAM_PATTERN'
)
Parameters:
  • AcceptLanguage (string) –

    The language code.

    • jp - Japanese

    • zh - Chinese

  • PortfolioId (string) –

    [REQUIRED]

    The portfolio identifier.

  • PrincipalARN (string) –

    [REQUIRED]

    The ARN of the principal (user, role, or group). This field allows an ARN with no accountID with or without wildcard characters if PrincipalType is IAM_PATTERN.

  • PrincipalType (string) – The supported value is IAM if you use a fully defined ARN, or IAM_PATTERN if you specify an IAM ARN with no AccountId, with or without wildcard characters.

Return type:

dict

Returns:

Response Syntax

{}

Response Structure

  • (dict) –

Exceptions

  • ServiceCatalog.Client.exceptions.InvalidParametersException

  • ServiceCatalog.Client.exceptions.ResourceNotFoundException