PcaConnectorAd / Client / list_template_group_access_control_entries

list_template_group_access_control_entries

PcaConnectorAd.Client.list_template_group_access_control_entries(**kwargs)

Lists group access control entries you created.

See also: AWS API Documentation

Request Syntax

response = client.list_template_group_access_control_entries(
    MaxResults=123,
    NextToken='string',
    TemplateArn='string'
)

Parameters:

• MaxResults (integer) – Use this parameter when paginating results to specify the maximum number of items to return in the response on each page. If additional items exist beyond the number you specify, the NextToken element is sent in the response. Use this NextToken value in a subsequent request to retrieve additional items.

• NextToken (string) – Use this parameter when paginating results in a subsequent request after you receive a response with truncated results. Set it to the value of the NextToken parameter from the response you just received.

• TemplateArn (string) –

  [REQUIRED]

  The Amazon Resource Name (ARN) that was returned when you called CreateTemplate.

Return type:

dict

Returns:

Response Syntax

{
    'AccessControlEntries': [
        {
            'AccessRights': {
                'AutoEnroll': 'ALLOW'|'DENY',
                'Enroll': 'ALLOW'|'DENY'
            },
            'CreatedAt': datetime(2015, 1, 1),
            'GroupDisplayName': 'string',
            'GroupSecurityIdentifier': 'string',
            'TemplateArn': 'string',
            'UpdatedAt': datetime(2015, 1, 1)
        },
    ],
    'NextToken': 'string'
}

Response Structure

• (dict) –

  • AccessControlEntries (list) –

    An access control entry grants or denies permission to an Active Directory group to enroll certificates for a template.

    • (dict) –

      Summary of group access control entries that allow or deny Active Directory groups based on their security identifiers (SIDs) from enrolling and/or autofenrolling with the template.

      • AccessRights (dict) –

        Allow or deny an Active Directory group from enrolling and autoenrolling certificates issued against a template.

        • AutoEnroll (string) –

          Allow or deny an Active Directory group from autoenrolling certificates issued against a template. The Active Directory group must be allowed to enroll to allow autoenrollment

        • Enroll (string) –

          Allow or deny an Active Directory group from enrolling certificates issued against a template.

      • CreatedAt (datetime) –

        The date and time that the Access Control Entry was created.

      • GroupDisplayName (string) –

        Name of the Active Directory group. This name does not need to match the group name in Active Directory.

      • GroupSecurityIdentifier (string) –

        Security identifier (SID) of the group object from Active Directory. The SID starts with “S-“.

      • TemplateArn (string) –

        The Amazon Resource Name (ARN) that was returned when you called CreateTemplate.

      • UpdatedAt (datetime) –

        The date and time that the Access Control Entry was updated.

  • NextToken (string) –

    Use this parameter when paginating results in a subsequent request after you receive a response with truncated results. Set it to the value of the NextToken parameter from the response you just received.

Exceptions

• PcaConnectorAd.Client.exceptions.AccessDeniedException

• PcaConnectorAd.Client.exceptions.ValidationException

• PcaConnectorAd.Client.exceptions.ResourceNotFoundException

• PcaConnectorAd.Client.exceptions.ThrottlingException

• PcaConnectorAd.Client.exceptions.InternalServerException