AddPolicyGrant - Amazon DataZone
Request SyntaxURI Request ParametersRequest BodyResponse SyntaxResponse ElementsErrorsSee Also

AddPolicyGrant

Adds a policy grant (an authorization policy) to a specified entity, including domain units, environment blueprint configurations, or environment profiles.

Request Syntax

POST /v2/domains/domainIdentifier/policies/managed/entityType/entityIdentifier/addGrant HTTP/1.1
Content-type: application/json

{
   "clientToken": "string",
   "detail": { ... },
   "policyType": "string",
   "principal": { ... }
}

URI Request Parameters

The request uses the following URI parameters.

domainIdentifier

The ID of the domain where you want to add a policy grant.

Pattern: ^dzd[-_][a-zA-Z0-9_-]{1,36}$

Required: Yes

entityIdentifier

The ID of the entity (resource) to which you want to add a policy grant.

Required: Yes

entityType

The type of entity (resource) to which the grant is added.

Valid Values: DOMAIN_UNIT | ENVIRONMENT_BLUEPRINT_CONFIGURATION | ENVIRONMENT_PROFILE

Required: Yes

Request Body

The request accepts the following data in JSON format.

clientToken

A unique, case-sensitive identifier that is provided to ensure the idempotency of the request.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: ^[\x21-\x7E]+$

Required: No

detail

The details of the policy grant.

Type: PolicyGrantDetail object

Note: This object is a Union. Only one member of this object can be specified or returned.

Required: Yes

policyType

The type of policy that you want to grant.

Type: String

Valid Values: CREATE_DOMAIN_UNIT | OVERRIDE_DOMAIN_UNIT_OWNERS | ADD_TO_PROJECT_MEMBER_POOL | OVERRIDE_PROJECT_OWNERS | CREATE_GLOSSARY | CREATE_FORM_TYPE | CREATE_ASSET_TYPE | CREATE_PROJECT | CREATE_ENVIRONMENT_PROFILE | DELEGATE_CREATE_ENVIRONMENT_PROFILE | CREATE_ENVIRONMENT

Required: Yes

principal

The principal to whom the permissions are granted.

Type: PolicyGrantPrincipal object

Note: This object is a Union. Only one member of this object can be specified or returned.

Required: Yes

Response Syntax

HTTP/1.1 201

Response Elements

If the action is successful, the service sends back an HTTP 201 response with an empty HTTP body.

Errors

For information about the errors that are common to all actions, see Common Errors.

AccessDeniedException

You do not have sufficient access to perform this action.

HTTP Status Code: 403

ConflictException

There is a conflict while performing this action.

HTTP Status Code: 409

InternalServerException

The request has failed because of an unknown error, exception or failure.

HTTP Status Code: 500

ServiceQuotaExceededException

The request has exceeded the specified service quota.

HTTP Status Code: 402

ThrottlingException

The request was denied due to request throttling.

HTTP Status Code: 429

UnauthorizedException

You do not have permission to perform this action.

HTTP Status Code: 401

ValidationException

The input fails to satisfy the constraints specified by the AWS service.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: