Amazon FinSpace Dataset Browser will be discontinued on November 29,
2024
. Starting November 29, 2023
, FinSpace will no longer accept the creation of new Dataset Browser
environments. Customers using Amazon FinSpace with Managed Kdb Insights
CreatePermissionGroup
Creates a group of permissions for various actions that a user can perform in FinSpace.
Request Syntax
POST /permission-group HTTP/1.1
Content-type: application/json
{
"applicationPermissions": [ "string
" ],
"clientToken": "string
",
"description": "string
",
"name": "string
"
}
URI Request Parameters
The request does not use any URI parameters.
Request Body
The request accepts the following data in JSON format.
- applicationPermissions
-
The option to indicate FinSpace application permissions that are granted to a specific group.
Important
When assigning application permissions, be aware that the permission
ManageUsersAndGroups
allows users to grant themselves or others access to any functionality in their FinSpace environment's application. It should only be granted to trusted users.-
CreateDataset
– Group members can create new datasets. -
ManageClusters
– Group members can manage Apache Spark clusters from FinSpace notebooks. -
ManageUsersAndGroups
– Group members can manage users and permission groups. This is a privileged permission that allows users to grant themselves or others access to any functionality in the application. It should only be granted to trusted users. -
ManageAttributeSets
– Group members can manage attribute sets. -
ViewAuditData
– Group members can view audit data. -
AccessNotebooks
– Group members will have access to FinSpace notebooks. -
GetTemporaryCredentials
– Group members can get temporary API credentials.
Type: Array of strings
Valid Values:
CreateDataset | ManageClusters | ManageUsersAndGroups | ManageAttributeSets | ViewAuditData | AccessNotebooks | GetTemporaryCredentials
Required: Yes
-
- name
-
The name of the permission group.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 255.
Pattern:
.*\S.*
Required: Yes
- clientToken
-
A token that ensures idempotency. This token expires in 10 minutes.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern:
.*\S.*
Required: No
- description
-
A brief description for the permission group.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 4000.
Pattern:
[\s\S]*
Required: No
Response Syntax
HTTP/1.1 200
Content-type: application/json
{
"permissionGroupId": "string"
}
Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
- permissionGroupId
-
The unique identifier for the permission group.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 26.
Pattern:
.*\S.*
Errors
For information about the errors that are common to all actions, see Common Errors.
- AccessDeniedException
-
You do not have sufficient access to perform this action.
HTTP Status Code: 403
- ConflictException
-
The request conflicts with an existing resource.
HTTP Status Code: 409
- InternalServerException
-
The request processing has failed because of an unknown error, exception or failure.
HTTP Status Code: 500
- LimitExceededException
-
A limit has exceeded.
HTTP Status Code: 400
- ThrottlingException
-
The request was denied due to request throttling.
HTTP Status Code: 429
- ValidationException
-
The input fails to satisfy the constraints specified by an AWS service.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following: