Amazon DataZone

2024/10/18 - Amazon DataZone - 5 updated api methods

Changes  Adding the following project member designations: PROJECT_CATALOG_VIEWER, PROJECT_CATALOG_CONSUMER and PROJECT_CATALOG_STEWARD in the CreateProjectMembership API and PROJECT_CATALOG_STEWARD designation in the AddPolicyGrant API.

AddPolicyGrant (updated) Link ¶
Changes (request)
{'principal': {'project': {'projectDesignation': {'PROJECT_CATALOG_STEWARD'}}}}

Adds a policy grant (an authorization policy) to a specified entity, including domain units, environment blueprint configurations, or environment profiles.

See also: AWS API Documentation

Request Syntax

client.add_policy_grant(
    clientToken='string',
    detail={
        'addToProjectMemberPool': {
            'includeChildDomainUnits': True|False
        },
        'createAssetType': {
            'includeChildDomainUnits': True|False
        },
        'createDomainUnit': {
            'includeChildDomainUnits': True|False
        },
        'createEnvironment': {}
        ,
        'createEnvironmentProfile': {
            'domainUnitId': 'string'
        },
        'createFormType': {
            'includeChildDomainUnits': True|False
        },
        'createGlossary': {
            'includeChildDomainUnits': True|False
        },
        'createProject': {
            'includeChildDomainUnits': True|False
        },
        'delegateCreateEnvironmentProfile': {}
        ,
        'overrideDomainUnitOwners': {
            'includeChildDomainUnits': True|False
        },
        'overrideProjectOwners': {
            'includeChildDomainUnits': True|False
        }
    },
    domainIdentifier='string',
    entityIdentifier='string',
    entityType='DOMAIN_UNIT'|'ENVIRONMENT_BLUEPRINT_CONFIGURATION'|'ENVIRONMENT_PROFILE',
    policyType='CREATE_DOMAIN_UNIT'|'OVERRIDE_DOMAIN_UNIT_OWNERS'|'ADD_TO_PROJECT_MEMBER_POOL'|'OVERRIDE_PROJECT_OWNERS'|'CREATE_GLOSSARY'|'CREATE_FORM_TYPE'|'CREATE_ASSET_TYPE'|'CREATE_PROJECT'|'CREATE_ENVIRONMENT_PROFILE'|'DELEGATE_CREATE_ENVIRONMENT_PROFILE'|'CREATE_ENVIRONMENT',
    principal={
        'domainUnit': {
            'domainUnitDesignation': 'OWNER',
            'domainUnitGrantFilter': {
                'allDomainUnitsGrantFilter': {}

            },
            'domainUnitIdentifier': 'string'
        },
        'group': {
            'groupIdentifier': 'string'
        },
        'project': {
            'projectDesignation': 'OWNER'|'CONTRIBUTOR'|'PROJECT_CATALOG_STEWARD',
            'projectGrantFilter': {
                'domainUnitFilter': {
                    'domainUnit': 'string',
                    'includeChildDomainUnits': True|False
                }
            },
            'projectIdentifier': 'string'
        },
        'user': {
            'allUsersGrantFilter': {}
            ,
            'userIdentifier': 'string'
        }
    }
)
type clientToken

string

param clientToken

A unique, case-sensitive identifier that is provided to ensure the idempotency of the request.

This field is autopopulated if not provided.

type detail

dict

param detail

[REQUIRED]

The details of the policy grant.

Note

This is a Tagged Union structure. Only one of the following top level keys can be set: addToProjectMemberPool, createAssetType, createDomainUnit, createEnvironment, createEnvironmentProfile, createFormType, createGlossary, createProject, delegateCreateEnvironmentProfile, overrideDomainUnitOwners, overrideProjectOwners.

  • addToProjectMemberPool (dict) --

    Specifies that the policy grant is to be added to the members of the project.

    • includeChildDomainUnits (boolean) --

      Specifies whether the policy grant is applied to child domain units.

  • createAssetType (dict) --

    Specifies that this is a create asset type policy.

    • includeChildDomainUnits (boolean) --

      Specifies whether the policy grant is applied to child domain units.

  • createDomainUnit (dict) --

    Specifies that this is a create domain unit policy.

    • includeChildDomainUnits (boolean) --

      Specifies whether the policy grant is applied to child domain units.

  • createEnvironment (dict) --

    Specifies that this is a create environment policy.

  • createEnvironmentProfile (dict) --

    Specifies that this is a create environment profile policy.

    • domainUnitId (string) --

      The ID of the domain unit.

  • createFormType (dict) --

    Specifies that this is a create form type policy.

    • includeChildDomainUnits (boolean) --

      Specifies whether the policy grant is applied to child domain units.

  • createGlossary (dict) --

    Specifies that this is a create glossary policy.

    • includeChildDomainUnits (boolean) --

      Specifies whether the policy grant is applied to child domain units.

  • createProject (dict) --

    Specifies that this is a create project policy.

    • includeChildDomainUnits (boolean) --

      Specifies whether the policy grant is applied to child domain units.

  • delegateCreateEnvironmentProfile (dict) --

    Specifies that this is the delegation of the create environment profile policy.

  • overrideDomainUnitOwners (dict) --

    Specifies whether to override domain unit owners.

    • includeChildDomainUnits (boolean) --

      Specifies whether the policy is inherited by child domain units.

  • overrideProjectOwners (dict) --

    Specifies whether to override project owners.

    • includeChildDomainUnits (boolean) --

      Specifies whether the policy is inherited by child domain units.

type domainIdentifier

string

param domainIdentifier

[REQUIRED]

The ID of the domain where you want to add a policy grant.

type entityIdentifier

string

param entityIdentifier

[REQUIRED]

The ID of the entity (resource) to which you want to add a policy grant.

type entityType

string

param entityType

[REQUIRED]

The type of entity (resource) to which the grant is added.

type policyType

string

param policyType

[REQUIRED]

The type of policy that you want to grant.

type principal

dict

param principal

[REQUIRED]

The principal to whom the permissions are granted.

Note

This is a Tagged Union structure. Only one of the following top level keys can be set: domainUnit, group, project, user.

  • domainUnit (dict) --

    The domain unit of the policy grant principal.

    • domainUnitDesignation (string) -- [REQUIRED]

      Specifes the designation of the domain unit users.

    • domainUnitGrantFilter (dict) --

      The grant filter for the domain unit.

      Note

      This is a Tagged Union structure. Only one of the following top level keys can be set: allDomainUnitsGrantFilter.

      • allDomainUnitsGrantFilter (dict) --

        Specifies a grant filter containing all domain units.

    • domainUnitIdentifier (string) --

      The ID of the domain unit.

  • group (dict) --

    The group of the policy grant principal.

    Note

    This is a Tagged Union structure. Only one of the following top level keys can be set: groupIdentifier.

    • groupIdentifier (string) --

      The ID Of the group of the group principal.

  • project (dict) --

    The project of the policy grant principal.

    • projectDesignation (string) -- [REQUIRED]

      The project designation of the project policy grant principal.

    • projectGrantFilter (dict) --

      The project grant filter of the project policy grant principal.

      Note

      This is a Tagged Union structure. Only one of the following top level keys can be set: domainUnitFilter.

      • domainUnitFilter (dict) --

        The domain unit filter of the project grant filter.

        • domainUnit (string) -- [REQUIRED]

          The domain unit ID to use in the filter.

        • includeChildDomainUnits (boolean) --

          Specifies whether to include child domain units.

    • projectIdentifier (string) --

      The project ID of the project policy grant principal.

  • user (dict) --

    The user of the policy grant principal.

    Note

    This is a Tagged Union structure. Only one of the following top level keys can be set: allUsersGrantFilter, userIdentifier.

    • allUsersGrantFilter (dict) --

      The all users grant filter of the user policy grant principal.

    • userIdentifier (string) --

      The user ID of the user policy grant principal.

rtype

dict

returns

Response Syntax

{}

Response Structure

  • (dict) --

CreateProjectMembership (updated) Link ¶
Changes (request)
{'designation': {'PROJECT_CATALOG_CONSUMER',
                 'PROJECT_CATALOG_STEWARD',
                 'PROJECT_CATALOG_VIEWER'}}

Creates a project membership in Amazon DataZone.

See also: AWS API Documentation

Request Syntax

client.create_project_membership(
    designation='PROJECT_OWNER'|'PROJECT_CONTRIBUTOR'|'PROJECT_CATALOG_VIEWER'|'PROJECT_CATALOG_CONSUMER'|'PROJECT_CATALOG_STEWARD',
    domainIdentifier='string',
    member={
        'groupIdentifier': 'string',
        'userIdentifier': 'string'
    },
    projectIdentifier='string'
)
type designation

string

param designation

[REQUIRED]

The designation of the project membership.

type domainIdentifier

string

param domainIdentifier

[REQUIRED]

The ID of the Amazon DataZone domain in which project membership is created.

type member

dict

param member

[REQUIRED]

The project member whose project membership was created.

Note

This is a Tagged Union structure. Only one of the following top level keys can be set: groupIdentifier, userIdentifier.

  • groupIdentifier (string) --

    The ID of the group of a project member.

  • userIdentifier (string) --

    The user ID of a project member.

type projectIdentifier

string

param projectIdentifier

[REQUIRED]

The ID of the project for which this project membership was created.

rtype

dict

returns

Response Syntax

{}

Response Structure

  • (dict) --

ListPolicyGrants (updated) Link ¶
Changes (response)
{'grantList': {'principal': {'project': {'projectDesignation': {'PROJECT_CATALOG_STEWARD'}}}}}

Lists policy grants.

See also: AWS API Documentation

Request Syntax

client.list_policy_grants(
    domainIdentifier='string',
    entityIdentifier='string',
    entityType='DOMAIN_UNIT'|'ENVIRONMENT_BLUEPRINT_CONFIGURATION'|'ENVIRONMENT_PROFILE',
    maxResults=123,
    nextToken='string',
    policyType='CREATE_DOMAIN_UNIT'|'OVERRIDE_DOMAIN_UNIT_OWNERS'|'ADD_TO_PROJECT_MEMBER_POOL'|'OVERRIDE_PROJECT_OWNERS'|'CREATE_GLOSSARY'|'CREATE_FORM_TYPE'|'CREATE_ASSET_TYPE'|'CREATE_PROJECT'|'CREATE_ENVIRONMENT_PROFILE'|'DELEGATE_CREATE_ENVIRONMENT_PROFILE'|'CREATE_ENVIRONMENT'
)
type domainIdentifier

string

param domainIdentifier

[REQUIRED]

The ID of the domain where you want to list policy grants.

type entityIdentifier

string

param entityIdentifier

[REQUIRED]

The ID of the entity for which you want to list policy grants.

type entityType

string

param entityType

[REQUIRED]

The type of entity for which you want to list policy grants.

type maxResults

integer

param maxResults

The maximum number of grants to return in a single call to ListPolicyGrants . When the number of grants to be listed is greater than the value of MaxResults , the response contains a NextToken value that you can use in a subsequent call to ListPolicyGrants to list the next set of grants.

type nextToken

string

param nextToken

When the number of grants is greater than the default value for the MaxResults parameter, or if you explicitly specify a value for MaxResults that is less than the number of grants, the response includes a pagination token named NextToken . You can specify this NextToken value in a subsequent call to ListPolicyGrants to list the next set of grants.

type policyType

string

param policyType

[REQUIRED]

The type of policy that you want to list.

rtype

dict

returns

Response Syntax

{
    'grantList': [
        {
            'createdAt': datetime(2015, 1, 1),
            'createdBy': 'string',
            'detail': {
                'addToProjectMemberPool': {
                    'includeChildDomainUnits': True|False
                },
                'createAssetType': {
                    'includeChildDomainUnits': True|False
                },
                'createDomainUnit': {
                    'includeChildDomainUnits': True|False
                },
                'createEnvironment': {},
                'createEnvironmentProfile': {
                    'domainUnitId': 'string'
                },
                'createFormType': {
                    'includeChildDomainUnits': True|False
                },
                'createGlossary': {
                    'includeChildDomainUnits': True|False
                },
                'createProject': {
                    'includeChildDomainUnits': True|False
                },
                'delegateCreateEnvironmentProfile': {},
                'overrideDomainUnitOwners': {
                    'includeChildDomainUnits': True|False
                },
                'overrideProjectOwners': {
                    'includeChildDomainUnits': True|False
                }
            },
            'principal': {
                'domainUnit': {
                    'domainUnitDesignation': 'OWNER',
                    'domainUnitGrantFilter': {
                        'allDomainUnitsGrantFilter': {}
                    },
                    'domainUnitIdentifier': 'string'
                },
                'group': {
                    'groupIdentifier': 'string'
                },
                'project': {
                    'projectDesignation': 'OWNER'|'CONTRIBUTOR'|'PROJECT_CATALOG_STEWARD',
                    'projectGrantFilter': {
                        'domainUnitFilter': {
                            'domainUnit': 'string',
                            'includeChildDomainUnits': True|False
                        }
                    },
                    'projectIdentifier': 'string'
                },
                'user': {
                    'allUsersGrantFilter': {},
                    'userIdentifier': 'string'
                }
            }
        },
    ],
    'nextToken': 'string'
}

Response Structure

  • (dict) --

    • grantList (list) --

      The results of this action - the listed grants.

      • (dict) --

        A member of the policy grant list.

        • createdAt (datetime) --

          Specifies the timestamp at which policy grant member was created.

        • createdBy (string) --

          Specifies the user who created the policy grant member.

        • detail (dict) --

          The details of the policy grant member.

          Note

          This is a Tagged Union structure. Only one of the following top level keys will be set: addToProjectMemberPool, createAssetType, createDomainUnit, createEnvironment, createEnvironmentProfile, createFormType, createGlossary, createProject, delegateCreateEnvironmentProfile, overrideDomainUnitOwners, overrideProjectOwners. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:

          'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
          • addToProjectMemberPool (dict) --

            Specifies that the policy grant is to be added to the members of the project.

            • includeChildDomainUnits (boolean) --

              Specifies whether the policy grant is applied to child domain units.

          • createAssetType (dict) --

            Specifies that this is a create asset type policy.

            • includeChildDomainUnits (boolean) --

              Specifies whether the policy grant is applied to child domain units.

          • createDomainUnit (dict) --

            Specifies that this is a create domain unit policy.

            • includeChildDomainUnits (boolean) --

              Specifies whether the policy grant is applied to child domain units.

          • createEnvironment (dict) --

            Specifies that this is a create environment policy.

          • createEnvironmentProfile (dict) --

            Specifies that this is a create environment profile policy.

            • domainUnitId (string) --

              The ID of the domain unit.

          • createFormType (dict) --

            Specifies that this is a create form type policy.

            • includeChildDomainUnits (boolean) --

              Specifies whether the policy grant is applied to child domain units.

          • createGlossary (dict) --

            Specifies that this is a create glossary policy.

            • includeChildDomainUnits (boolean) --

              Specifies whether the policy grant is applied to child domain units.

          • createProject (dict) --

            Specifies that this is a create project policy.

            • includeChildDomainUnits (boolean) --

              Specifies whether the policy grant is applied to child domain units.

          • delegateCreateEnvironmentProfile (dict) --

            Specifies that this is the delegation of the create environment profile policy.

          • overrideDomainUnitOwners (dict) --

            Specifies whether to override domain unit owners.

            • includeChildDomainUnits (boolean) --

              Specifies whether the policy is inherited by child domain units.

          • overrideProjectOwners (dict) --

            Specifies whether to override project owners.

            • includeChildDomainUnits (boolean) --

              Specifies whether the policy is inherited by child domain units.

        • principal (dict) --

          The principal of the policy grant member.

          Note

          This is a Tagged Union structure. Only one of the following top level keys will be set: domainUnit, group, project, user. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:

          'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
          • domainUnit (dict) --

            The domain unit of the policy grant principal.

            • domainUnitDesignation (string) --

              Specifes the designation of the domain unit users.

            • domainUnitGrantFilter (dict) --

              The grant filter for the domain unit.

              Note

              This is a Tagged Union structure. Only one of the following top level keys will be set: allDomainUnitsGrantFilter. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:

              'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
              • allDomainUnitsGrantFilter (dict) --

                Specifies a grant filter containing all domain units.

            • domainUnitIdentifier (string) --

              The ID of the domain unit.

          • group (dict) --

            The group of the policy grant principal.

            Note

            This is a Tagged Union structure. Only one of the following top level keys will be set: groupIdentifier. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:

            'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
            • groupIdentifier (string) --

              The ID Of the group of the group principal.

          • project (dict) --

            The project of the policy grant principal.

            • projectDesignation (string) --

              The project designation of the project policy grant principal.

            • projectGrantFilter (dict) --

              The project grant filter of the project policy grant principal.

              Note

              This is a Tagged Union structure. Only one of the following top level keys will be set: domainUnitFilter. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:

              'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
              • domainUnitFilter (dict) --

                The domain unit filter of the project grant filter.

                • domainUnit (string) --

                  The domain unit ID to use in the filter.

                • includeChildDomainUnits (boolean) --

                  Specifies whether to include child domain units.

            • projectIdentifier (string) --

              The project ID of the project policy grant principal.

          • user (dict) --

            The user of the policy grant principal.

            Note

            This is a Tagged Union structure. Only one of the following top level keys will be set: allUsersGrantFilter, userIdentifier. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:

            'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
            • allUsersGrantFilter (dict) --

              The all users grant filter of the user policy grant principal.

            • userIdentifier (string) --

              The user ID of the user policy grant principal.

    • nextToken (string) --

      When the number of grants is greater than the default value for the MaxResults parameter, or if you explicitly specify a value for MaxResults that is less than the number of grants, the response includes a pagination token named NextToken . You can specify this NextToken value in a subsequent call to ListPolicyGrants to list the next set of grants.

ListProjectMemberships (updated) Link ¶
Changes (response)
{'members': {'designation': {'PROJECT_CATALOG_CONSUMER',
                             'PROJECT_CATALOG_STEWARD',
                             'PROJECT_CATALOG_VIEWER'}}}

Lists all members of the specified project.

See also: AWS API Documentation

Request Syntax

client.list_project_memberships(
    domainIdentifier='string',
    maxResults=123,
    nextToken='string',
    projectIdentifier='string',
    sortBy='NAME',
    sortOrder='ASCENDING'|'DESCENDING'
)
type domainIdentifier

string

param domainIdentifier

[REQUIRED]

The identifier of the Amazon DataZone domain in which you want to list project memberships.

type maxResults

integer

param maxResults

The maximum number of memberships to return in a single call to ListProjectMemberships . When the number of memberships to be listed is greater than the value of MaxResults , the response contains a NextToken value that you can use in a subsequent call to ListProjectMemberships to list the next set of memberships.

type nextToken

string

param nextToken

When the number of memberships is greater than the default value for the MaxResults parameter, or if you explicitly specify a value for MaxResults that is less than the number of memberships, the response includes a pagination token named NextToken . You can specify this NextToken value in a subsequent call to ListProjectMemberships to list the next set of memberships.

type projectIdentifier

string

param projectIdentifier

[REQUIRED]

The identifier of the project whose memberships you want to list.

type sortBy

string

param sortBy

The method by which you want to sort the project memberships.

type sortOrder

string

param sortOrder

The sort order of the project memberships.

rtype

dict

returns

Response Syntax

{
    'members': [
        {
            'designation': 'PROJECT_OWNER'|'PROJECT_CONTRIBUTOR'|'PROJECT_CATALOG_VIEWER'|'PROJECT_CATALOG_CONSUMER'|'PROJECT_CATALOG_STEWARD',
            'memberDetails': {
                'group': {
                    'groupId': 'string'
                },
                'user': {
                    'userId': 'string'
                }
            }
        },
    ],
    'nextToken': 'string'
}

Response Structure

  • (dict) --

    • members (list) --

      The members of the project.

      • (dict) --

        The details of a project member.

        • designation (string) --

          The designated role of a project member.

        • memberDetails (dict) --

          The membership details of a project member.

          Note

          This is a Tagged Union structure. Only one of the following top level keys will be set: group, user. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:

          'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
          • group (dict) --

            The group details of a project member.

            • groupId (string) --

              The identifier of the group in Amazon DataZone.

          • user (dict) --

            The user details of a project member.

            • userId (string) --

              The identifier of the Amazon DataZone user.

    • nextToken (string) --

      When the number of memberships is greater than the default value for the MaxResults parameter, or if you explicitly specify a value for MaxResults that is less than the number of memberships, the response includes a pagination token named NextToken . You can specify this NextToken value in a subsequent call to ListProjectMemberships to list the next set of memberships.

RemovePolicyGrant (updated) Link ¶
Changes (request)
{'principal': {'project': {'projectDesignation': {'PROJECT_CATALOG_STEWARD'}}}}

Removes a policy grant.

See also: AWS API Documentation

Request Syntax

client.remove_policy_grant(
    clientToken='string',
    domainIdentifier='string',
    entityIdentifier='string',
    entityType='DOMAIN_UNIT'|'ENVIRONMENT_BLUEPRINT_CONFIGURATION'|'ENVIRONMENT_PROFILE',
    policyType='CREATE_DOMAIN_UNIT'|'OVERRIDE_DOMAIN_UNIT_OWNERS'|'ADD_TO_PROJECT_MEMBER_POOL'|'OVERRIDE_PROJECT_OWNERS'|'CREATE_GLOSSARY'|'CREATE_FORM_TYPE'|'CREATE_ASSET_TYPE'|'CREATE_PROJECT'|'CREATE_ENVIRONMENT_PROFILE'|'DELEGATE_CREATE_ENVIRONMENT_PROFILE'|'CREATE_ENVIRONMENT',
    principal={
        'domainUnit': {
            'domainUnitDesignation': 'OWNER',
            'domainUnitGrantFilter': {
                'allDomainUnitsGrantFilter': {}

            },
            'domainUnitIdentifier': 'string'
        },
        'group': {
            'groupIdentifier': 'string'
        },
        'project': {
            'projectDesignation': 'OWNER'|'CONTRIBUTOR'|'PROJECT_CATALOG_STEWARD',
            'projectGrantFilter': {
                'domainUnitFilter': {
                    'domainUnit': 'string',
                    'includeChildDomainUnits': True|False
                }
            },
            'projectIdentifier': 'string'
        },
        'user': {
            'allUsersGrantFilter': {}
            ,
            'userIdentifier': 'string'
        }
    }
)
type clientToken

string

param clientToken

A unique, case-sensitive identifier that is provided to ensure the idempotency of the request.

This field is autopopulated if not provided.

type domainIdentifier

string

param domainIdentifier

[REQUIRED]

The ID of the domain where you want to remove a policy grant.

type entityIdentifier

string

param entityIdentifier

[REQUIRED]

The ID of the entity from which you want to remove a policy grant.

type entityType

string

param entityType

[REQUIRED]

The type of the entity from which you want to remove a policy grant.

type policyType

string

param policyType

[REQUIRED]

The type of the policy that you want to remove.

type principal

dict

param principal

[REQUIRED]

The principal from which you want to remove a policy grant.

Note

This is a Tagged Union structure. Only one of the following top level keys can be set: domainUnit, group, project, user.

  • domainUnit (dict) --

    The domain unit of the policy grant principal.

    • domainUnitDesignation (string) -- [REQUIRED]

      Specifes the designation of the domain unit users.

    • domainUnitGrantFilter (dict) --

      The grant filter for the domain unit.

      Note

      This is a Tagged Union structure. Only one of the following top level keys can be set: allDomainUnitsGrantFilter.

      • allDomainUnitsGrantFilter (dict) --

        Specifies a grant filter containing all domain units.

    • domainUnitIdentifier (string) --

      The ID of the domain unit.

  • group (dict) --

    The group of the policy grant principal.

    Note

    This is a Tagged Union structure. Only one of the following top level keys can be set: groupIdentifier.

    • groupIdentifier (string) --

      The ID Of the group of the group principal.

  • project (dict) --

    The project of the policy grant principal.

    • projectDesignation (string) -- [REQUIRED]

      The project designation of the project policy grant principal.

    • projectGrantFilter (dict) --

      The project grant filter of the project policy grant principal.

      Note

      This is a Tagged Union structure. Only one of the following top level keys can be set: domainUnitFilter.

      • domainUnitFilter (dict) --

        The domain unit filter of the project grant filter.

        • domainUnit (string) -- [REQUIRED]

          The domain unit ID to use in the filter.

        • includeChildDomainUnits (boolean) --

          Specifies whether to include child domain units.

    • projectIdentifier (string) --

      The project ID of the project policy grant principal.

  • user (dict) --

    The user of the policy grant principal.

    Note

    This is a Tagged Union structure. Only one of the following top level keys can be set: allUsersGrantFilter, userIdentifier.

    • allUsersGrantFilter (dict) --

      The all users grant filter of the user policy grant principal.

    • userIdentifier (string) --

      The user ID of the user policy grant principal.

rtype

dict

returns

Response Syntax

{}

Response Structure

  • (dict) --