Amazon DataZone

2025/05/05 - Amazon DataZone - 3 updated api methods

Changes  This release adds a new authorization policy to control the usage of custom AssetType when creating an Asset. Customer can now add new grant(s) of policyType USE_ASSET_TYPE for custom AssetTypes to apply authorization policy to projects members and domain unit owners.

AddPolicyGrant (updated) Link ¶
Changes (request)
{'detail': {'useAssetType': {'domainUnitId': 'string'}},
 'entityType': {'ASSET_TYPE'},
 'policyType': {'USE_ASSET_TYPE'}}

Adds a policy grant (an authorization policy) to a specified entity, including domain units, environment blueprint configurations, or environment profiles.

See also: AWS API Documentation

Request Syntax

client.add_policy_grant(
    clientToken='string',
    detail={
        'addToProjectMemberPool': {
            'includeChildDomainUnits': True|False
        },
        'createAssetType': {
            'includeChildDomainUnits': True|False
        },
        'createDomainUnit': {
            'includeChildDomainUnits': True|False
        },
        'createEnvironment': {}
        ,
        'createEnvironmentFromBlueprint': {}
        ,
        'createEnvironmentProfile': {
            'domainUnitId': 'string'
        },
        'createFormType': {
            'includeChildDomainUnits': True|False
        },
        'createGlossary': {
            'includeChildDomainUnits': True|False
        },
        'createProject': {
            'includeChildDomainUnits': True|False
        },
        'createProjectFromProjectProfile': {
            'includeChildDomainUnits': True|False,
            'projectProfiles': [
                'string',
            ]
        },
        'delegateCreateEnvironmentProfile': {}
        ,
        'overrideDomainUnitOwners': {
            'includeChildDomainUnits': True|False
        },
        'overrideProjectOwners': {
            'includeChildDomainUnits': True|False
        },
        'useAssetType': {
            'domainUnitId': 'string'
        }
    },
    domainIdentifier='string',
    entityIdentifier='string',
    entityType='DOMAIN_UNIT'|'ENVIRONMENT_BLUEPRINT_CONFIGURATION'|'ENVIRONMENT_PROFILE'|'ASSET_TYPE',
    policyType='CREATE_DOMAIN_UNIT'|'OVERRIDE_DOMAIN_UNIT_OWNERS'|'ADD_TO_PROJECT_MEMBER_POOL'|'OVERRIDE_PROJECT_OWNERS'|'CREATE_GLOSSARY'|'CREATE_FORM_TYPE'|'CREATE_ASSET_TYPE'|'CREATE_PROJECT'|'CREATE_ENVIRONMENT_PROFILE'|'DELEGATE_CREATE_ENVIRONMENT_PROFILE'|'CREATE_ENVIRONMENT'|'CREATE_ENVIRONMENT_FROM_BLUEPRINT'|'CREATE_PROJECT_FROM_PROJECT_PROFILE'|'USE_ASSET_TYPE',
    principal={
        'domainUnit': {
            'domainUnitDesignation': 'OWNER',
            'domainUnitGrantFilter': {
                'allDomainUnitsGrantFilter': {}

            },
            'domainUnitIdentifier': 'string'
        },
        'group': {
            'groupIdentifier': 'string'
        },
        'project': {
            'projectDesignation': 'OWNER'|'CONTRIBUTOR'|'PROJECT_CATALOG_STEWARD',
            'projectGrantFilter': {
                'domainUnitFilter': {
                    'domainUnit': 'string',
                    'includeChildDomainUnits': True|False
                }
            },
            'projectIdentifier': 'string'
        },
        'user': {
            'allUsersGrantFilter': {}
            ,
            'userIdentifier': 'string'
        }
    }
)
type clientToken:

string

param clientToken:

A unique, case-sensitive identifier that is provided to ensure the idempotency of the request.

This field is autopopulated if not provided.

type detail:

dict

param detail:

[REQUIRED]

The details of the policy grant.

  • addToProjectMemberPool (dict) --

    Specifies that the policy grant is to be added to the members of the project.

    • includeChildDomainUnits (boolean) --

      Specifies whether the policy grant is applied to child domain units.

  • createAssetType (dict) --

    Specifies that this is a create asset type policy.

    • includeChildDomainUnits (boolean) --

      Specifies whether the policy grant is applied to child domain units.

  • createDomainUnit (dict) --

    Specifies that this is a create domain unit policy.

    • includeChildDomainUnits (boolean) --

      Specifies whether the policy grant is applied to child domain units.

  • createEnvironment (dict) --

    Specifies that this is a create environment policy.

  • createEnvironmentFromBlueprint (dict) --

    The details of the policy of creating an environment.

  • createEnvironmentProfile (dict) --

    Specifies that this is a create environment profile policy.

    • domainUnitId (string) --

      The ID of the domain unit.

  • createFormType (dict) --

    Specifies that this is a create form type policy.

    • includeChildDomainUnits (boolean) --

      Specifies whether the policy grant is applied to child domain units.

  • createGlossary (dict) --

    Specifies that this is a create glossary policy.

    • includeChildDomainUnits (boolean) --

      Specifies whether the policy grant is applied to child domain units.

  • createProject (dict) --

    Specifies that this is a create project policy.

    • includeChildDomainUnits (boolean) --

      Specifies whether the policy grant is applied to child domain units.

  • createProjectFromProjectProfile (dict) --

    Specifies whether to create a project from project profile.

    • includeChildDomainUnits (boolean) --

      Specifies whether to include child domain units when creating a project from project profile policy grant details

    • projectProfiles (list) --

      Specifies project profiles when creating a project from project profile policy grant details

      • (string) --

  • delegateCreateEnvironmentProfile (dict) --

    Specifies that this is the delegation of the create environment profile policy.

  • overrideDomainUnitOwners (dict) --

    Specifies whether to override domain unit owners.

    • includeChildDomainUnits (boolean) --

      Specifies whether the policy is inherited by child domain units.

  • overrideProjectOwners (dict) --

    Specifies whether to override project owners.

    • includeChildDomainUnits (boolean) --

      Specifies whether the policy is inherited by child domain units.

  • useAssetType (dict) --

    Specifies the domain unit(s) whose projects can use this asset type while creating asset or asset revisions.

    • domainUnitId (string) --

      The ID of the domain unit.

type domainIdentifier:

string

param domainIdentifier:

[REQUIRED]

The ID of the domain where you want to add a policy grant.

type entityIdentifier:

string

param entityIdentifier:

[REQUIRED]

The ID of the entity (resource) to which you want to add a policy grant.

type entityType:

string

param entityType:

[REQUIRED]

The type of entity (resource) to which the grant is added.

type policyType:

string

param policyType:

[REQUIRED]

The type of policy that you want to grant.

type principal:

dict

param principal:

[REQUIRED]

The principal to whom the permissions are granted.

  • domainUnit (dict) --

    The domain unit of the policy grant principal.

    • domainUnitDesignation (string) -- [REQUIRED]

      Specifes the designation of the domain unit users.

    • domainUnitGrantFilter (dict) --

      The grant filter for the domain unit.

      • allDomainUnitsGrantFilter (dict) --

        Specifies a grant filter containing all domain units.

    • domainUnitIdentifier (string) --

      The ID of the domain unit.

  • group (dict) --

    The group of the policy grant principal.

    • groupIdentifier (string) --

      The ID Of the group of the group principal.

  • project (dict) --

    The project of the policy grant principal.

    • projectDesignation (string) -- [REQUIRED]

      The project designation of the project policy grant principal.

    • projectGrantFilter (dict) --

      The project grant filter of the project policy grant principal.

      • domainUnitFilter (dict) --

        The domain unit filter of the project grant filter.

        • domainUnit (string) -- [REQUIRED]

          The domain unit ID to use in the filter.

        • includeChildDomainUnits (boolean) --

          Specifies whether to include child domain units.

    • projectIdentifier (string) --

      The project ID of the project policy grant principal.

  • user (dict) --

    The user of the policy grant principal.

    • allUsersGrantFilter (dict) --

      The all users grant filter of the user policy grant principal.

    • userIdentifier (string) --

      The user ID of the user policy grant principal.

rtype:

dict

returns:

Response Syntax

{}

Response Structure

  • (dict) --

ListPolicyGrants (updated) Link ¶
Changes (request, response)
Request
{'entityType': {'ASSET_TYPE'}, 'policyType': {'USE_ASSET_TYPE'}}
Response
{'grantList': {'detail': {'useAssetType': {'domainUnitId': 'string'}}}}

Lists policy grants.

See also: AWS API Documentation

Request Syntax

client.list_policy_grants(
    domainIdentifier='string',
    entityIdentifier='string',
    entityType='DOMAIN_UNIT'|'ENVIRONMENT_BLUEPRINT_CONFIGURATION'|'ENVIRONMENT_PROFILE'|'ASSET_TYPE',
    maxResults=123,
    nextToken='string',
    policyType='CREATE_DOMAIN_UNIT'|'OVERRIDE_DOMAIN_UNIT_OWNERS'|'ADD_TO_PROJECT_MEMBER_POOL'|'OVERRIDE_PROJECT_OWNERS'|'CREATE_GLOSSARY'|'CREATE_FORM_TYPE'|'CREATE_ASSET_TYPE'|'CREATE_PROJECT'|'CREATE_ENVIRONMENT_PROFILE'|'DELEGATE_CREATE_ENVIRONMENT_PROFILE'|'CREATE_ENVIRONMENT'|'CREATE_ENVIRONMENT_FROM_BLUEPRINT'|'CREATE_PROJECT_FROM_PROJECT_PROFILE'|'USE_ASSET_TYPE'
)
type domainIdentifier:

string

param domainIdentifier:

[REQUIRED]

The ID of the domain where you want to list policy grants.

type entityIdentifier:

string

param entityIdentifier:

[REQUIRED]

The ID of the entity for which you want to list policy grants.

type entityType:

string

param entityType:

[REQUIRED]

The type of entity for which you want to list policy grants.

type maxResults:

integer

param maxResults:

The maximum number of grants to return in a single call to ListPolicyGrants. When the number of grants to be listed is greater than the value of MaxResults, the response contains a NextToken value that you can use in a subsequent call to ListPolicyGrants to list the next set of grants.

type nextToken:

string

param nextToken:

When the number of grants is greater than the default value for the MaxResults parameter, or if you explicitly specify a value for MaxResults that is less than the number of grants, the response includes a pagination token named NextToken. You can specify this NextToken value in a subsequent call to ListPolicyGrants to list the next set of grants.

type policyType:

string

param policyType:

[REQUIRED]

The type of policy that you want to list.

rtype:

dict

returns:

Response Syntax

{
    'grantList': [
        {
            'createdAt': datetime(2015, 1, 1),
            'createdBy': 'string',
            'detail': {
                'addToProjectMemberPool': {
                    'includeChildDomainUnits': True|False
                },
                'createAssetType': {
                    'includeChildDomainUnits': True|False
                },
                'createDomainUnit': {
                    'includeChildDomainUnits': True|False
                },
                'createEnvironment': {},
                'createEnvironmentFromBlueprint': {},
                'createEnvironmentProfile': {
                    'domainUnitId': 'string'
                },
                'createFormType': {
                    'includeChildDomainUnits': True|False
                },
                'createGlossary': {
                    'includeChildDomainUnits': True|False
                },
                'createProject': {
                    'includeChildDomainUnits': True|False
                },
                'createProjectFromProjectProfile': {
                    'includeChildDomainUnits': True|False,
                    'projectProfiles': [
                        'string',
                    ]
                },
                'delegateCreateEnvironmentProfile': {},
                'overrideDomainUnitOwners': {
                    'includeChildDomainUnits': True|False
                },
                'overrideProjectOwners': {
                    'includeChildDomainUnits': True|False
                },
                'useAssetType': {
                    'domainUnitId': 'string'
                }
            },
            'principal': {
                'domainUnit': {
                    'domainUnitDesignation': 'OWNER',
                    'domainUnitGrantFilter': {
                        'allDomainUnitsGrantFilter': {}
                    },
                    'domainUnitIdentifier': 'string'
                },
                'group': {
                    'groupIdentifier': 'string'
                },
                'project': {
                    'projectDesignation': 'OWNER'|'CONTRIBUTOR'|'PROJECT_CATALOG_STEWARD',
                    'projectGrantFilter': {
                        'domainUnitFilter': {
                            'domainUnit': 'string',
                            'includeChildDomainUnits': True|False
                        }
                    },
                    'projectIdentifier': 'string'
                },
                'user': {
                    'allUsersGrantFilter': {},
                    'userIdentifier': 'string'
                }
            }
        },
    ],
    'nextToken': 'string'
}

Response Structure

  • (dict) --

    • grantList (list) --

      The results of this action - the listed grants.

      • (dict) --

        A member of the policy grant list.

        • createdAt (datetime) --

          Specifies the timestamp at which policy grant member was created.

        • createdBy (string) --

          Specifies the user who created the policy grant member.

        • detail (dict) --

          The details of the policy grant member.

          • addToProjectMemberPool (dict) --

            Specifies that the policy grant is to be added to the members of the project.

            • includeChildDomainUnits (boolean) --

              Specifies whether the policy grant is applied to child domain units.

          • createAssetType (dict) --

            Specifies that this is a create asset type policy.

            • includeChildDomainUnits (boolean) --

              Specifies whether the policy grant is applied to child domain units.

          • createDomainUnit (dict) --

            Specifies that this is a create domain unit policy.

            • includeChildDomainUnits (boolean) --

              Specifies whether the policy grant is applied to child domain units.

          • createEnvironment (dict) --

            Specifies that this is a create environment policy.

          • createEnvironmentFromBlueprint (dict) --

            The details of the policy of creating an environment.

          • createEnvironmentProfile (dict) --

            Specifies that this is a create environment profile policy.

            • domainUnitId (string) --

              The ID of the domain unit.

          • createFormType (dict) --

            Specifies that this is a create form type policy.

            • includeChildDomainUnits (boolean) --

              Specifies whether the policy grant is applied to child domain units.

          • createGlossary (dict) --

            Specifies that this is a create glossary policy.

            • includeChildDomainUnits (boolean) --

              Specifies whether the policy grant is applied to child domain units.

          • createProject (dict) --

            Specifies that this is a create project policy.

            • includeChildDomainUnits (boolean) --

              Specifies whether the policy grant is applied to child domain units.

          • createProjectFromProjectProfile (dict) --

            Specifies whether to create a project from project profile.

            • includeChildDomainUnits (boolean) --

              Specifies whether to include child domain units when creating a project from project profile policy grant details

            • projectProfiles (list) --

              Specifies project profiles when creating a project from project profile policy grant details

              • (string) --

          • delegateCreateEnvironmentProfile (dict) --

            Specifies that this is the delegation of the create environment profile policy.

          • overrideDomainUnitOwners (dict) --

            Specifies whether to override domain unit owners.

            • includeChildDomainUnits (boolean) --

              Specifies whether the policy is inherited by child domain units.

          • overrideProjectOwners (dict) --

            Specifies whether to override project owners.

            • includeChildDomainUnits (boolean) --

              Specifies whether the policy is inherited by child domain units.

          • useAssetType (dict) --

            Specifies the domain unit(s) whose projects can use this asset type while creating asset or asset revisions.

            • domainUnitId (string) --

              The ID of the domain unit.

        • principal (dict) --

          The principal of the policy grant member.

          • domainUnit (dict) --

            The domain unit of the policy grant principal.

            • domainUnitDesignation (string) --

              Specifes the designation of the domain unit users.

            • domainUnitGrantFilter (dict) --

              The grant filter for the domain unit.

              • allDomainUnitsGrantFilter (dict) --

                Specifies a grant filter containing all domain units.

            • domainUnitIdentifier (string) --

              The ID of the domain unit.

          • group (dict) --

            The group of the policy grant principal.

            • groupIdentifier (string) --

              The ID Of the group of the group principal.

          • project (dict) --

            The project of the policy grant principal.

            • projectDesignation (string) --

              The project designation of the project policy grant principal.

            • projectGrantFilter (dict) --

              The project grant filter of the project policy grant principal.

              • domainUnitFilter (dict) --

                The domain unit filter of the project grant filter.

                • domainUnit (string) --

                  The domain unit ID to use in the filter.

                • includeChildDomainUnits (boolean) --

                  Specifies whether to include child domain units.

            • projectIdentifier (string) --

              The project ID of the project policy grant principal.

          • user (dict) --

            The user of the policy grant principal.

            • allUsersGrantFilter (dict) --

              The all users grant filter of the user policy grant principal.

            • userIdentifier (string) --

              The user ID of the user policy grant principal.

    • nextToken (string) --

      When the number of grants is greater than the default value for the MaxResults parameter, or if you explicitly specify a value for MaxResults that is less than the number of grants, the response includes a pagination token named NextToken. You can specify this NextToken value in a subsequent call to ListPolicyGrants to list the next set of grants.

RemovePolicyGrant (updated) Link ¶
Changes (request)
{'entityType': {'ASSET_TYPE'}, 'policyType': {'USE_ASSET_TYPE'}}

Removes a policy grant.

See also: AWS API Documentation

Request Syntax

client.remove_policy_grant(
    clientToken='string',
    domainIdentifier='string',
    entityIdentifier='string',
    entityType='DOMAIN_UNIT'|'ENVIRONMENT_BLUEPRINT_CONFIGURATION'|'ENVIRONMENT_PROFILE'|'ASSET_TYPE',
    policyType='CREATE_DOMAIN_UNIT'|'OVERRIDE_DOMAIN_UNIT_OWNERS'|'ADD_TO_PROJECT_MEMBER_POOL'|'OVERRIDE_PROJECT_OWNERS'|'CREATE_GLOSSARY'|'CREATE_FORM_TYPE'|'CREATE_ASSET_TYPE'|'CREATE_PROJECT'|'CREATE_ENVIRONMENT_PROFILE'|'DELEGATE_CREATE_ENVIRONMENT_PROFILE'|'CREATE_ENVIRONMENT'|'CREATE_ENVIRONMENT_FROM_BLUEPRINT'|'CREATE_PROJECT_FROM_PROJECT_PROFILE'|'USE_ASSET_TYPE',
    principal={
        'domainUnit': {
            'domainUnitDesignation': 'OWNER',
            'domainUnitGrantFilter': {
                'allDomainUnitsGrantFilter': {}

            },
            'domainUnitIdentifier': 'string'
        },
        'group': {
            'groupIdentifier': 'string'
        },
        'project': {
            'projectDesignation': 'OWNER'|'CONTRIBUTOR'|'PROJECT_CATALOG_STEWARD',
            'projectGrantFilter': {
                'domainUnitFilter': {
                    'domainUnit': 'string',
                    'includeChildDomainUnits': True|False
                }
            },
            'projectIdentifier': 'string'
        },
        'user': {
            'allUsersGrantFilter': {}
            ,
            'userIdentifier': 'string'
        }
    }
)
type clientToken:

string

param clientToken:

A unique, case-sensitive identifier that is provided to ensure the idempotency of the request.

This field is autopopulated if not provided.

type domainIdentifier:

string

param domainIdentifier:

[REQUIRED]

The ID of the domain where you want to remove a policy grant.

type entityIdentifier:

string

param entityIdentifier:

[REQUIRED]

The ID of the entity from which you want to remove a policy grant.

type entityType:

string

param entityType:

[REQUIRED]

The type of the entity from which you want to remove a policy grant.

type policyType:

string

param policyType:

[REQUIRED]

The type of the policy that you want to remove.

type principal:

dict

param principal:

[REQUIRED]

The principal from which you want to remove a policy grant.

  • domainUnit (dict) --

    The domain unit of the policy grant principal.

    • domainUnitDesignation (string) -- [REQUIRED]

      Specifes the designation of the domain unit users.

    • domainUnitGrantFilter (dict) --

      The grant filter for the domain unit.

      • allDomainUnitsGrantFilter (dict) --

        Specifies a grant filter containing all domain units.

    • domainUnitIdentifier (string) --

      The ID of the domain unit.

  • group (dict) --

    The group of the policy grant principal.

    • groupIdentifier (string) --

      The ID Of the group of the group principal.

  • project (dict) --

    The project of the policy grant principal.

    • projectDesignation (string) -- [REQUIRED]

      The project designation of the project policy grant principal.

    • projectGrantFilter (dict) --

      The project grant filter of the project policy grant principal.

      • domainUnitFilter (dict) --

        The domain unit filter of the project grant filter.

        • domainUnit (string) -- [REQUIRED]

          The domain unit ID to use in the filter.

        • includeChildDomainUnits (boolean) --

          Specifies whether to include child domain units.

    • projectIdentifier (string) --

      The project ID of the project policy grant principal.

  • user (dict) --

    The user of the policy grant principal.

    • allUsersGrantFilter (dict) --

      The all users grant filter of the user policy grant principal.

    • userIdentifier (string) --

      The user ID of the user policy grant principal.

rtype:

dict

returns:

Response Syntax

{}

Response Structure

  • (dict) --