:doc:`Connect <../../connect>` / Client / update_security_profile

***********************
update_security_profile
***********************



.. py:method:: Connect.Client.update_security_profile(**kwargs)

  

  Updates a security profile.

   

  For information about security profiles, see `Security Profiles <https://docs.aws.amazon.com/connect/latest/adminguide/connect-security-profiles.html>`__ in the *Amazon Connect Administrator Guide*. For a mapping of the API name and user interface name of the security profile permissions, see `List of security profile permissions <https://docs.aws.amazon.com/connect/latest/adminguide/security-profile-list.html>`__.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/connect-2017-08-08/UpdateSecurityProfile>`_  


  **Request Syntax**
  ::

    response = client.update_security_profile(
        Description='string',
        Permissions=[
            'string',
        ],
        SecurityProfileId='string',
        InstanceId='string',
        AllowedAccessControlTags={
            'string': 'string'
        },
        TagRestrictedResources=[
            'string',
        ],
        Applications=[
            {
                'Namespace': 'string',
                'ApplicationPermissions': [
                    'string',
                ],
                'Type': 'MCP'|'THIRD_PARTY_APPLICATION'
            },
        ],
        HierarchyRestrictedResources=[
            'string',
        ],
        AllowedAccessControlHierarchyGroupId='string',
        AllowedFlowModules=[
            {
                'Type': 'MCP',
                'FlowModuleId': 'string'
            },
        ],
        GranularAccessControlConfiguration={
            'DataTableAccessControlConfiguration': {
                'PrimaryAttributeAccessControlConfiguration': {
                    'PrimaryAttributeValues': [
                        {
                            'AccessType': 'ALLOW',
                            'AttributeName': 'string',
                            'Values': [
                                'string',
                            ]
                        },
                    ]
                }
            }
        }
    )
    
  :type Description: string
  :param Description: 

    The description of the security profile.

    

  
  :type Permissions: list
  :param Permissions: 

    The permissions granted to a security profile. For a list of valid permissions, see `List of security profile permissions <https://docs.aws.amazon.com/connect/latest/adminguide/security-profile-list.html>`__.

    

  
    - *(string) --* 

    

  :type SecurityProfileId: string
  :param SecurityProfileId: **[REQUIRED]** 

    The identifier for the security profle.

    

  
  :type InstanceId: string
  :param InstanceId: **[REQUIRED]** 

    The identifier of the Amazon Connect instance. You can `find the instance ID <https://docs.aws.amazon.com/connect/latest/adminguide/find-instance-arn.html>`__ in the Amazon Resource Name (ARN) of the instance.

    

  
  :type AllowedAccessControlTags: dict
  :param AllowedAccessControlTags: 

    The list of tags that a security profile uses to restrict access to resources in Amazon Connect.

    

  
    - *(string) --* 

    
      - *(string) --* 

      


  :type TagRestrictedResources: list
  :param TagRestrictedResources: 

    The list of resources that a security profile applies tag restrictions to in Amazon Connect.

    

  
    - *(string) --* 

    

  :type Applications: list
  :param Applications: 

    A list of the third-party application's metadata.

    

  
    - *(dict) --* 

      This API is in preview release for Amazon Connect and is subject to change.

       

      A third-party application's metadata.

      

    
      - **Namespace** *(string) --* 

        Namespace of the application that you want to give access to.

        

      
      - **ApplicationPermissions** *(list) --* 

        The permissions that the agent is granted on the application. For third-party applications, only the ``ACCESS`` permission is supported. For MCP Servers, the permissions are tool Identifiers accepted by MCP Server.

        

      
        - *(string) --* 

        
    
      - **Type** *(string) --* 

        Type of Application.

        

      
    

  :type HierarchyRestrictedResources: list
  :param HierarchyRestrictedResources: 

    The list of resources that a security profile applies hierarchy restrictions to in Amazon Connect. Following are acceptable ResourceNames: ``User``.

    

  
    - *(string) --* 

    

  :type AllowedAccessControlHierarchyGroupId: string
  :param AllowedAccessControlHierarchyGroupId: 

    The identifier of the hierarchy group that a security profile uses to restrict access to resources in Amazon Connect.

    

  
  :type AllowedFlowModules: list
  :param AllowedFlowModules: 

    A list of Flow Modules an AI Agent can invoke as a tool

    

  
    - *(dict) --* 

      A list of Flow Modules an AI Agent can invoke as a tool

      

    
      - **Type** *(string) --* 

        Only Type we support is MCP.

        

      
      - **FlowModuleId** *(string) --* 

        If of Flow Modules invocable as tool

        

      
    

  :type GranularAccessControlConfiguration: dict
  :param GranularAccessControlConfiguration: 

    The granular access control configuration for the security profile, including data table permissions.

    

  
    - **DataTableAccessControlConfiguration** *(dict) --* 

      The access control configuration for data tables.

      

    
      - **PrimaryAttributeAccessControlConfiguration** *(dict) --* 

        The configuration's primary attribute access control configuration.

        

      
        - **PrimaryAttributeValues** *(list) --* 

          The item's primary attribute values.

          

        
          - *(dict) --* 

            A primary attribute value.

            

          
            - **AccessType** *(string) --* 

              The value's access type.

              

            
            - **AttributeName** *(string) --* 

              The value's attribute name.

              

            
            - **Values** *(list) --* 

              The value's values.

              

            
              - *(string) --* 

              
          
          
      
      
    
  
  
  :returns: None
  **Exceptions**
  
  *   :py:class:`Connect.Client.exceptions.InvalidRequestException`

  
  *   :py:class:`Connect.Client.exceptions.InvalidParameterException`

  
  *   :py:class:`Connect.Client.exceptions.ResourceNotFoundException`

  
  *   :py:class:`Connect.Client.exceptions.ThrottlingException`

  
  *   :py:class:`Connect.Client.exceptions.InternalServiceException`

  