- Navigation GuideYou are on a Command (operation) page with structural examples. Use the navigation breadcrumb if you would like to return to the Client landing page.
AddPolicyGrantCommand
Adds a policy grant (an authorization policy) to a specified entity, including domain units, environment blueprint configurations, or environment profiles.
Example Syntax
Use a bare-bones client and the command you need to make an API call.
import { DataZoneClient, AddPolicyGrantCommand } from "@aws-sdk/client-datazone"; // ES Modules import
// const { DataZoneClient, AddPolicyGrantCommand } = require("@aws-sdk/client-datazone"); // CommonJS import
const client = new DataZoneClient(config);
const input = { // AddPolicyGrantInput
domainIdentifier: "STRING_VALUE", // required
entityType: "DOMAIN_UNIT" || "ENVIRONMENT_BLUEPRINT_CONFIGURATION" || "ENVIRONMENT_PROFILE", // required
entityIdentifier: "STRING_VALUE", // required
policyType: "CREATE_DOMAIN_UNIT" || "OVERRIDE_DOMAIN_UNIT_OWNERS" || "ADD_TO_PROJECT_MEMBER_POOL" || "OVERRIDE_PROJECT_OWNERS" || "CREATE_GLOSSARY" || "CREATE_FORM_TYPE" || "CREATE_ASSET_TYPE" || "CREATE_PROJECT" || "CREATE_ENVIRONMENT_PROFILE" || "DELEGATE_CREATE_ENVIRONMENT_PROFILE" || "CREATE_ENVIRONMENT" || "CREATE_ENVIRONMENT_FROM_BLUEPRINT" || "CREATE_PROJECT_FROM_PROJECT_PROFILE", // required
principal: { // PolicyGrantPrincipal Union: only one key present
user: { // UserPolicyGrantPrincipal Union: only one key present
userIdentifier: "STRING_VALUE",
allUsersGrantFilter: {},
},
group: { // GroupPolicyGrantPrincipal Union: only one key present
groupIdentifier: "STRING_VALUE",
},
project: { // ProjectPolicyGrantPrincipal
projectDesignation: "OWNER" || "CONTRIBUTOR" || "PROJECT_CATALOG_STEWARD", // required
projectIdentifier: "STRING_VALUE",
projectGrantFilter: { // ProjectGrantFilter Union: only one key present
domainUnitFilter: { // DomainUnitFilterForProject
domainUnit: "STRING_VALUE", // required
includeChildDomainUnits: true || false,
},
},
},
domainUnit: { // DomainUnitPolicyGrantPrincipal
domainUnitDesignation: "OWNER", // required
domainUnitIdentifier: "STRING_VALUE",
domainUnitGrantFilter: { // DomainUnitGrantFilter Union: only one key present
allDomainUnitsGrantFilter: {},
},
},
},
detail: { // PolicyGrantDetail Union: only one key present
createDomainUnit: { // CreateDomainUnitPolicyGrantDetail
includeChildDomainUnits: true || false,
},
overrideDomainUnitOwners: { // OverrideDomainUnitOwnersPolicyGrantDetail
includeChildDomainUnits: true || false,
},
addToProjectMemberPool: { // AddToProjectMemberPoolPolicyGrantDetail
includeChildDomainUnits: true || false,
},
overrideProjectOwners: { // OverrideProjectOwnersPolicyGrantDetail
includeChildDomainUnits: true || false,
},
createGlossary: { // CreateGlossaryPolicyGrantDetail
includeChildDomainUnits: true || false,
},
createFormType: { // CreateFormTypePolicyGrantDetail
includeChildDomainUnits: true || false,
},
createAssetType: { // CreateAssetTypePolicyGrantDetail
includeChildDomainUnits: true || false,
},
createProject: { // CreateProjectPolicyGrantDetail
includeChildDomainUnits: true || false,
},
createEnvironmentProfile: { // CreateEnvironmentProfilePolicyGrantDetail
domainUnitId: "STRING_VALUE",
},
delegateCreateEnvironmentProfile: {},
createEnvironment: {},
createEnvironmentFromBlueprint: {},
createProjectFromProjectProfile: { // CreateProjectFromProjectProfilePolicyGrantDetail
includeChildDomainUnits: true || false,
projectProfiles: [ // ProjectProfileList
"STRING_VALUE",
],
},
},
clientToken: "STRING_VALUE",
};
const command = new AddPolicyGrantCommand(input);
const response = await client.send(command);
// {};
AddPolicyGrantCommand Input
See AddPolicyGrantCommandInput for more details
Parameter | Type | Description |
|---|
Parameter | Type | Description |
|---|---|---|
detailRequired | PolicyGrantDetail | undefined | The details of the policy grant. |
domainIdentifierRequired | string | undefined | The ID of the domain where you want to add a policy grant. |
entityIdentifierRequired | string | undefined | The ID of the entity (resource) to which you want to add a policy grant. |
entityTypeRequired | TargetEntityType | undefined | The type of entity (resource) to which the grant is added. |
policyTypeRequired | ManagedPolicyType | undefined | The type of policy that you want to grant. |
principalRequired | PolicyGrantPrincipal | undefined | The principal to whom the permissions are granted. |
clientToken | string | undefined | A unique, case-sensitive identifier that is provided to ensure the idempotency of the request. |
AddPolicyGrantCommand Output
See AddPolicyGrantCommandOutput for details
Parameter | Type | Description |
|---|
Parameter | Type | Description |
|---|---|---|
$metadataRequired | ResponseMetadata | Metadata pertaining to this request. |
Throws
Name | Fault | Details |
|---|
Name | Fault | Details |
|---|---|---|
| AccessDeniedException | client | You do not have sufficient access to perform this action. |
| ConflictException | client | There is a conflict while performing this action. |
| InternalServerException | server | The request has failed because of an unknown error, exception or failure. |
| ServiceQuotaExceededException | client | The request has exceeded the specified service quota. |
| ThrottlingException | client | The request was denied due to request throttling. |
| ValidationException | client | The input fails to satisfy the constraints specified by the Amazon Web Services service. |
| UnauthorizedException | client | You do not have permission to perform this action. |
| DataZoneServiceException | Base exception class for all service exceptions from DataZone service. |