PcaConnectorAd / Client / get_template_group_access_control_entry

get_template_group_access_control_entry

PcaConnectorAd.Client.get_template_group_access_control_entry(**kwargs)

Retrieves the group access control entries for a template.

See also: AWS API Documentation

Request Syntax

response = client.get_template_group_access_control_entry(
    GroupSecurityIdentifier='string',
    TemplateArn='string'
)

Parameters:

• GroupSecurityIdentifier (string) –

  [REQUIRED]

  Security identifier (SID) of the group object from Active Directory. The SID starts with “S-“.

• TemplateArn (string) –

  [REQUIRED]

  The Amazon Resource Name (ARN) that was returned when you called CreateTemplate.

Return type:

dict

Returns:

Response Syntax

{
    'AccessControlEntry': {
        'AccessRights': {
            'AutoEnroll': 'ALLOW'|'DENY',
            'Enroll': 'ALLOW'|'DENY'
        },
        'CreatedAt': datetime(2015, 1, 1),
        'GroupDisplayName': 'string',
        'GroupSecurityIdentifier': 'string',
        'TemplateArn': 'string',
        'UpdatedAt': datetime(2015, 1, 1)
    }
}

Response Structure

• (dict) –

  • AccessControlEntry (dict) –

    An access control entry allows or denies an Active Directory group from enrolling and/or autoenrolling with a template.

    • AccessRights (dict) –

      Permissions to allow or deny an Active Directory group to enroll or autoenroll certificates issued against a template.

      • AutoEnroll (string) –

        Allow or deny an Active Directory group from autoenrolling certificates issued against a template. The Active Directory group must be allowed to enroll to allow autoenrollment

      • Enroll (string) –

        Allow or deny an Active Directory group from enrolling certificates issued against a template.

    • CreatedAt (datetime) –

      The date and time that the Access Control Entry was created.

    • GroupDisplayName (string) –

      Name of the Active Directory group. This name does not need to match the group name in Active Directory.

    • GroupSecurityIdentifier (string) –

      Security identifier (SID) of the group object from Active Directory. The SID starts with “S-“.

    • TemplateArn (string) –

      The Amazon Resource Name (ARN) that was returned when you called CreateTemplate.

    • UpdatedAt (datetime) –

      The date and time that the Access Control Entry was updated.

Exceptions

• PcaConnectorAd.Client.exceptions.AccessDeniedException

• PcaConnectorAd.Client.exceptions.ValidationException

• PcaConnectorAd.Client.exceptions.ResourceNotFoundException

• PcaConnectorAd.Client.exceptions.ThrottlingException

• PcaConnectorAd.Client.exceptions.InternalServerException