PcaConnectorAd / Client / create_template_group_access_control_entry

create_template_group_access_control_entry#

PcaConnectorAd.Client.create_template_group_access_control_entry(**kwargs)#

Create a group access control entry. Allow or deny Active Directory groups from enrolling and/or autoenrolling with the template based on the group security identifiers (SIDs).

Request Syntax

response = client.create_template_group_access_control_entry(
    AccessRights={
        'AutoEnroll': 'ALLOW'|'DENY',
        'Enroll': 'ALLOW'|'DENY'
    },
    ClientToken='string',
    GroupDisplayName='string',
    GroupSecurityIdentifier='string',
    TemplateArn='string'
)

Parameters:

AccessRights (dict) –
[REQUIRED]

Allow or deny permissions for an Active Directory group to enroll or autoenroll certificates for a template.
- AutoEnroll (string) –
  
  Allow or deny an Active Directory group from autoenrolling certificates issued against a template. The Active Directory group must be allowed to enroll to allow autoenrollment
- Enroll (string) –
  
  Allow or deny an Active Directory group from enrolling certificates issued against a template.
ClientToken (string) –
Idempotency token.

This field is autopopulated if not provided.
GroupDisplayName (string) –
[REQUIRED]

Name of the Active Directory group. This name does not need to match the group name in Active Directory.
GroupSecurityIdentifier (string) –
[REQUIRED]

Security identifier (SID) of the group object from Active Directory. The SID starts with “S-“.
TemplateArn (string) –
[REQUIRED]

The Amazon Resource Name (ARN) that was returned when you called CreateTemplate.

Returns:

None

create_template_group_access_control_entry#

Request Syntax

Exceptions