2025/05/05 - Amazon DataZone - 3 updated api methods
Changes This release adds a new authorization policy to control the usage of custom AssetType when creating an Asset. Customer can now add new grant(s) of policyType USE_ASSET_TYPE for custom AssetTypes to apply authorization policy to projects members and domain unit owners.
{'detail': {'useAssetType': {'domainUnitId': 'string'}}, 'entityType': {'ASSET_TYPE'}, 'policyType': {'USE_ASSET_TYPE'}}
Adds a policy grant (an authorization policy) to a specified entity, including domain units, environment blueprint configurations, or environment profiles.
See also: AWS API Documentation
Request Syntax
client.add_policy_grant( clientToken='string', detail={ 'addToProjectMemberPool': { 'includeChildDomainUnits': True|False }, 'createAssetType': { 'includeChildDomainUnits': True|False }, 'createDomainUnit': { 'includeChildDomainUnits': True|False }, 'createEnvironment': {} , 'createEnvironmentFromBlueprint': {} , 'createEnvironmentProfile': { 'domainUnitId': 'string' }, 'createFormType': { 'includeChildDomainUnits': True|False }, 'createGlossary': { 'includeChildDomainUnits': True|False }, 'createProject': { 'includeChildDomainUnits': True|False }, 'createProjectFromProjectProfile': { 'includeChildDomainUnits': True|False, 'projectProfiles': [ 'string', ] }, 'delegateCreateEnvironmentProfile': {} , 'overrideDomainUnitOwners': { 'includeChildDomainUnits': True|False }, 'overrideProjectOwners': { 'includeChildDomainUnits': True|False }, 'useAssetType': { 'domainUnitId': 'string' } }, domainIdentifier='string', entityIdentifier='string', entityType='DOMAIN_UNIT'|'ENVIRONMENT_BLUEPRINT_CONFIGURATION'|'ENVIRONMENT_PROFILE'|'ASSET_TYPE', policyType='CREATE_DOMAIN_UNIT'|'OVERRIDE_DOMAIN_UNIT_OWNERS'|'ADD_TO_PROJECT_MEMBER_POOL'|'OVERRIDE_PROJECT_OWNERS'|'CREATE_GLOSSARY'|'CREATE_FORM_TYPE'|'CREATE_ASSET_TYPE'|'CREATE_PROJECT'|'CREATE_ENVIRONMENT_PROFILE'|'DELEGATE_CREATE_ENVIRONMENT_PROFILE'|'CREATE_ENVIRONMENT'|'CREATE_ENVIRONMENT_FROM_BLUEPRINT'|'CREATE_PROJECT_FROM_PROJECT_PROFILE'|'USE_ASSET_TYPE', principal={ 'domainUnit': { 'domainUnitDesignation': 'OWNER', 'domainUnitGrantFilter': { 'allDomainUnitsGrantFilter': {} }, 'domainUnitIdentifier': 'string' }, 'group': { 'groupIdentifier': 'string' }, 'project': { 'projectDesignation': 'OWNER'|'CONTRIBUTOR'|'PROJECT_CATALOG_STEWARD', 'projectGrantFilter': { 'domainUnitFilter': { 'domainUnit': 'string', 'includeChildDomainUnits': True|False } }, 'projectIdentifier': 'string' }, 'user': { 'allUsersGrantFilter': {} , 'userIdentifier': 'string' } } )
string
A unique, case-sensitive identifier that is provided to ensure the idempotency of the request.
This field is autopopulated if not provided.
dict
[REQUIRED]
The details of the policy grant.
addToProjectMemberPool (dict) --
Specifies that the policy grant is to be added to the members of the project.
includeChildDomainUnits (boolean) --
Specifies whether the policy grant is applied to child domain units.
createAssetType (dict) --
Specifies that this is a create asset type policy.
includeChildDomainUnits (boolean) --
Specifies whether the policy grant is applied to child domain units.
createDomainUnit (dict) --
Specifies that this is a create domain unit policy.
includeChildDomainUnits (boolean) --
Specifies whether the policy grant is applied to child domain units.
createEnvironment (dict) --
Specifies that this is a create environment policy.
createEnvironmentFromBlueprint (dict) --
The details of the policy of creating an environment.
createEnvironmentProfile (dict) --
Specifies that this is a create environment profile policy.
domainUnitId (string) --
The ID of the domain unit.
createFormType (dict) --
Specifies that this is a create form type policy.
includeChildDomainUnits (boolean) --
Specifies whether the policy grant is applied to child domain units.
createGlossary (dict) --
Specifies that this is a create glossary policy.
includeChildDomainUnits (boolean) --
Specifies whether the policy grant is applied to child domain units.
createProject (dict) --
Specifies that this is a create project policy.
includeChildDomainUnits (boolean) --
Specifies whether the policy grant is applied to child domain units.
createProjectFromProjectProfile (dict) --
Specifies whether to create a project from project profile.
includeChildDomainUnits (boolean) --
Specifies whether to include child domain units when creating a project from project profile policy grant details
projectProfiles (list) --
Specifies project profiles when creating a project from project profile policy grant details
(string) --
delegateCreateEnvironmentProfile (dict) --
Specifies that this is the delegation of the create environment profile policy.
overrideDomainUnitOwners (dict) --
Specifies whether to override domain unit owners.
includeChildDomainUnits (boolean) --
Specifies whether the policy is inherited by child domain units.
overrideProjectOwners (dict) --
Specifies whether to override project owners.
includeChildDomainUnits (boolean) --
Specifies whether the policy is inherited by child domain units.
useAssetType (dict) --
Specifies the domain unit(s) whose projects can use this asset type while creating asset or asset revisions.
domainUnitId (string) --
The ID of the domain unit.
string
[REQUIRED]
The ID of the domain where you want to add a policy grant.
string
[REQUIRED]
The ID of the entity (resource) to which you want to add a policy grant.
string
[REQUIRED]
The type of entity (resource) to which the grant is added.
string
[REQUIRED]
The type of policy that you want to grant.
dict
[REQUIRED]
The principal to whom the permissions are granted.
domainUnit (dict) --
The domain unit of the policy grant principal.
domainUnitDesignation (string) -- [REQUIRED]
Specifes the designation of the domain unit users.
domainUnitGrantFilter (dict) --
The grant filter for the domain unit.
allDomainUnitsGrantFilter (dict) --
Specifies a grant filter containing all domain units.
domainUnitIdentifier (string) --
The ID of the domain unit.
group (dict) --
The group of the policy grant principal.
groupIdentifier (string) --
The ID Of the group of the group principal.
project (dict) --
The project of the policy grant principal.
projectDesignation (string) -- [REQUIRED]
The project designation of the project policy grant principal.
projectGrantFilter (dict) --
The project grant filter of the project policy grant principal.
domainUnitFilter (dict) --
The domain unit filter of the project grant filter.
domainUnit (string) -- [REQUIRED]
The domain unit ID to use in the filter.
includeChildDomainUnits (boolean) --
Specifies whether to include child domain units.
projectIdentifier (string) --
The project ID of the project policy grant principal.
user (dict) --
The user of the policy grant principal.
allUsersGrantFilter (dict) --
The all users grant filter of the user policy grant principal.
userIdentifier (string) --
The user ID of the user policy grant principal.
dict
Response Syntax
{}
Response Structure
(dict) --
{'entityType': {'ASSET_TYPE'}, 'policyType': {'USE_ASSET_TYPE'}}Response
{'grantList': {'detail': {'useAssetType': {'domainUnitId': 'string'}}}}
Lists policy grants.
See also: AWS API Documentation
Request Syntax
client.list_policy_grants( domainIdentifier='string', entityIdentifier='string', entityType='DOMAIN_UNIT'|'ENVIRONMENT_BLUEPRINT_CONFIGURATION'|'ENVIRONMENT_PROFILE'|'ASSET_TYPE', maxResults=123, nextToken='string', policyType='CREATE_DOMAIN_UNIT'|'OVERRIDE_DOMAIN_UNIT_OWNERS'|'ADD_TO_PROJECT_MEMBER_POOL'|'OVERRIDE_PROJECT_OWNERS'|'CREATE_GLOSSARY'|'CREATE_FORM_TYPE'|'CREATE_ASSET_TYPE'|'CREATE_PROJECT'|'CREATE_ENVIRONMENT_PROFILE'|'DELEGATE_CREATE_ENVIRONMENT_PROFILE'|'CREATE_ENVIRONMENT'|'CREATE_ENVIRONMENT_FROM_BLUEPRINT'|'CREATE_PROJECT_FROM_PROJECT_PROFILE'|'USE_ASSET_TYPE' )
string
[REQUIRED]
The ID of the domain where you want to list policy grants.
string
[REQUIRED]
The ID of the entity for which you want to list policy grants.
string
[REQUIRED]
The type of entity for which you want to list policy grants.
integer
The maximum number of grants to return in a single call to ListPolicyGrants. When the number of grants to be listed is greater than the value of MaxResults, the response contains a NextToken value that you can use in a subsequent call to ListPolicyGrants to list the next set of grants.
string
When the number of grants is greater than the default value for the MaxResults parameter, or if you explicitly specify a value for MaxResults that is less than the number of grants, the response includes a pagination token named NextToken. You can specify this NextToken value in a subsequent call to ListPolicyGrants to list the next set of grants.
string
[REQUIRED]
The type of policy that you want to list.
dict
Response Syntax
{ 'grantList': [ { 'createdAt': datetime(2015, 1, 1), 'createdBy': 'string', 'detail': { 'addToProjectMemberPool': { 'includeChildDomainUnits': True|False }, 'createAssetType': { 'includeChildDomainUnits': True|False }, 'createDomainUnit': { 'includeChildDomainUnits': True|False }, 'createEnvironment': {}, 'createEnvironmentFromBlueprint': {}, 'createEnvironmentProfile': { 'domainUnitId': 'string' }, 'createFormType': { 'includeChildDomainUnits': True|False }, 'createGlossary': { 'includeChildDomainUnits': True|False }, 'createProject': { 'includeChildDomainUnits': True|False }, 'createProjectFromProjectProfile': { 'includeChildDomainUnits': True|False, 'projectProfiles': [ 'string', ] }, 'delegateCreateEnvironmentProfile': {}, 'overrideDomainUnitOwners': { 'includeChildDomainUnits': True|False }, 'overrideProjectOwners': { 'includeChildDomainUnits': True|False }, 'useAssetType': { 'domainUnitId': 'string' } }, 'principal': { 'domainUnit': { 'domainUnitDesignation': 'OWNER', 'domainUnitGrantFilter': { 'allDomainUnitsGrantFilter': {} }, 'domainUnitIdentifier': 'string' }, 'group': { 'groupIdentifier': 'string' }, 'project': { 'projectDesignation': 'OWNER'|'CONTRIBUTOR'|'PROJECT_CATALOG_STEWARD', 'projectGrantFilter': { 'domainUnitFilter': { 'domainUnit': 'string', 'includeChildDomainUnits': True|False } }, 'projectIdentifier': 'string' }, 'user': { 'allUsersGrantFilter': {}, 'userIdentifier': 'string' } } }, ], 'nextToken': 'string' }
Response Structure
(dict) --
grantList (list) --
The results of this action - the listed grants.
(dict) --
A member of the policy grant list.
createdAt (datetime) --
Specifies the timestamp at which policy grant member was created.
createdBy (string) --
Specifies the user who created the policy grant member.
detail (dict) --
The details of the policy grant member.
addToProjectMemberPool (dict) --
Specifies that the policy grant is to be added to the members of the project.
includeChildDomainUnits (boolean) --
Specifies whether the policy grant is applied to child domain units.
createAssetType (dict) --
Specifies that this is a create asset type policy.
includeChildDomainUnits (boolean) --
Specifies whether the policy grant is applied to child domain units.
createDomainUnit (dict) --
Specifies that this is a create domain unit policy.
includeChildDomainUnits (boolean) --
Specifies whether the policy grant is applied to child domain units.
createEnvironment (dict) --
Specifies that this is a create environment policy.
createEnvironmentFromBlueprint (dict) --
The details of the policy of creating an environment.
createEnvironmentProfile (dict) --
Specifies that this is a create environment profile policy.
domainUnitId (string) --
The ID of the domain unit.
createFormType (dict) --
Specifies that this is a create form type policy.
includeChildDomainUnits (boolean) --
Specifies whether the policy grant is applied to child domain units.
createGlossary (dict) --
Specifies that this is a create glossary policy.
includeChildDomainUnits (boolean) --
Specifies whether the policy grant is applied to child domain units.
createProject (dict) --
Specifies that this is a create project policy.
includeChildDomainUnits (boolean) --
Specifies whether the policy grant is applied to child domain units.
createProjectFromProjectProfile (dict) --
Specifies whether to create a project from project profile.
includeChildDomainUnits (boolean) --
Specifies whether to include child domain units when creating a project from project profile policy grant details
projectProfiles (list) --
Specifies project profiles when creating a project from project profile policy grant details
(string) --
delegateCreateEnvironmentProfile (dict) --
Specifies that this is the delegation of the create environment profile policy.
overrideDomainUnitOwners (dict) --
Specifies whether to override domain unit owners.
includeChildDomainUnits (boolean) --
Specifies whether the policy is inherited by child domain units.
overrideProjectOwners (dict) --
Specifies whether to override project owners.
includeChildDomainUnits (boolean) --
Specifies whether the policy is inherited by child domain units.
useAssetType (dict) --
Specifies the domain unit(s) whose projects can use this asset type while creating asset or asset revisions.
domainUnitId (string) --
The ID of the domain unit.
principal (dict) --
The principal of the policy grant member.
domainUnit (dict) --
The domain unit of the policy grant principal.
domainUnitDesignation (string) --
Specifes the designation of the domain unit users.
domainUnitGrantFilter (dict) --
The grant filter for the domain unit.
allDomainUnitsGrantFilter (dict) --
Specifies a grant filter containing all domain units.
domainUnitIdentifier (string) --
The ID of the domain unit.
group (dict) --
The group of the policy grant principal.
groupIdentifier (string) --
The ID Of the group of the group principal.
project (dict) --
The project of the policy grant principal.
projectDesignation (string) --
The project designation of the project policy grant principal.
projectGrantFilter (dict) --
The project grant filter of the project policy grant principal.
domainUnitFilter (dict) --
The domain unit filter of the project grant filter.
domainUnit (string) --
The domain unit ID to use in the filter.
includeChildDomainUnits (boolean) --
Specifies whether to include child domain units.
projectIdentifier (string) --
The project ID of the project policy grant principal.
user (dict) --
The user of the policy grant principal.
allUsersGrantFilter (dict) --
The all users grant filter of the user policy grant principal.
userIdentifier (string) --
The user ID of the user policy grant principal.
nextToken (string) --
When the number of grants is greater than the default value for the MaxResults parameter, or if you explicitly specify a value for MaxResults that is less than the number of grants, the response includes a pagination token named NextToken. You can specify this NextToken value in a subsequent call to ListPolicyGrants to list the next set of grants.
{'entityType': {'ASSET_TYPE'}, 'policyType': {'USE_ASSET_TYPE'}}
Removes a policy grant.
See also: AWS API Documentation
Request Syntax
client.remove_policy_grant( clientToken='string', domainIdentifier='string', entityIdentifier='string', entityType='DOMAIN_UNIT'|'ENVIRONMENT_BLUEPRINT_CONFIGURATION'|'ENVIRONMENT_PROFILE'|'ASSET_TYPE', policyType='CREATE_DOMAIN_UNIT'|'OVERRIDE_DOMAIN_UNIT_OWNERS'|'ADD_TO_PROJECT_MEMBER_POOL'|'OVERRIDE_PROJECT_OWNERS'|'CREATE_GLOSSARY'|'CREATE_FORM_TYPE'|'CREATE_ASSET_TYPE'|'CREATE_PROJECT'|'CREATE_ENVIRONMENT_PROFILE'|'DELEGATE_CREATE_ENVIRONMENT_PROFILE'|'CREATE_ENVIRONMENT'|'CREATE_ENVIRONMENT_FROM_BLUEPRINT'|'CREATE_PROJECT_FROM_PROJECT_PROFILE'|'USE_ASSET_TYPE', principal={ 'domainUnit': { 'domainUnitDesignation': 'OWNER', 'domainUnitGrantFilter': { 'allDomainUnitsGrantFilter': {} }, 'domainUnitIdentifier': 'string' }, 'group': { 'groupIdentifier': 'string' }, 'project': { 'projectDesignation': 'OWNER'|'CONTRIBUTOR'|'PROJECT_CATALOG_STEWARD', 'projectGrantFilter': { 'domainUnitFilter': { 'domainUnit': 'string', 'includeChildDomainUnits': True|False } }, 'projectIdentifier': 'string' }, 'user': { 'allUsersGrantFilter': {} , 'userIdentifier': 'string' } } )
string
A unique, case-sensitive identifier that is provided to ensure the idempotency of the request.
This field is autopopulated if not provided.
string
[REQUIRED]
The ID of the domain where you want to remove a policy grant.
string
[REQUIRED]
The ID of the entity from which you want to remove a policy grant.
string
[REQUIRED]
The type of the entity from which you want to remove a policy grant.
string
[REQUIRED]
The type of the policy that you want to remove.
dict
[REQUIRED]
The principal from which you want to remove a policy grant.
domainUnit (dict) --
The domain unit of the policy grant principal.
domainUnitDesignation (string) -- [REQUIRED]
Specifes the designation of the domain unit users.
domainUnitGrantFilter (dict) --
The grant filter for the domain unit.
allDomainUnitsGrantFilter (dict) --
Specifies a grant filter containing all domain units.
domainUnitIdentifier (string) --
The ID of the domain unit.
group (dict) --
The group of the policy grant principal.
groupIdentifier (string) --
The ID Of the group of the group principal.
project (dict) --
The project of the policy grant principal.
projectDesignation (string) -- [REQUIRED]
The project designation of the project policy grant principal.
projectGrantFilter (dict) --
The project grant filter of the project policy grant principal.
domainUnitFilter (dict) --
The domain unit filter of the project grant filter.
domainUnit (string) -- [REQUIRED]
The domain unit ID to use in the filter.
includeChildDomainUnits (boolean) --
Specifies whether to include child domain units.
projectIdentifier (string) --
The project ID of the project policy grant principal.
user (dict) --
The user of the policy grant principal.
allUsersGrantFilter (dict) --
The all users grant filter of the user policy grant principal.
userIdentifier (string) --
The user ID of the user policy grant principal.
dict
Response Syntax
{}
Response Structure
(dict) --