:doc:`DataZone <../../datazone>` / Client / add_policy_grant

****************
add_policy_grant
****************



.. py:method:: DataZone.Client.add_policy_grant(**kwargs)

  

  Adds a policy grant (an authorization policy) to a specified entity, including domain units, environment blueprint configurations, or environment profiles.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/datazone-2018-05-10/AddPolicyGrant>`_  


  **Request Syntax**
  ::

    response = client.add_policy_grant(
        domainIdentifier='string',
        entityType='DOMAIN_UNIT'|'ENVIRONMENT_BLUEPRINT_CONFIGURATION'|'ENVIRONMENT_PROFILE'|'ASSET_TYPE',
        entityIdentifier='string',
        policyType='CREATE_DOMAIN_UNIT'|'OVERRIDE_DOMAIN_UNIT_OWNERS'|'ADD_TO_PROJECT_MEMBER_POOL'|'OVERRIDE_PROJECT_OWNERS'|'CREATE_GLOSSARY'|'CREATE_FORM_TYPE'|'CREATE_ASSET_TYPE'|'CREATE_PROJECT'|'CREATE_ENVIRONMENT_PROFILE'|'DELEGATE_CREATE_ENVIRONMENT_PROFILE'|'CREATE_ENVIRONMENT'|'CREATE_ENVIRONMENT_FROM_BLUEPRINT'|'CREATE_PROJECT_FROM_PROJECT_PROFILE'|'USE_ASSET_TYPE',
        principal={
            'user': {
                'userIdentifier': 'string',
                'allUsersGrantFilter': {}
                
            },
            'group': {
                'groupIdentifier': 'string'
            },
            'project': {
                'projectDesignation': 'OWNER'|'CONTRIBUTOR'|'PROJECT_CATALOG_STEWARD',
                'projectIdentifier': 'string',
                'projectGrantFilter': {
                    'domainUnitFilter': {
                        'domainUnit': 'string',
                        'includeChildDomainUnits': True|False
                    }
                }
            },
            'domainUnit': {
                'domainUnitDesignation': 'OWNER',
                'domainUnitIdentifier': 'string',
                'domainUnitGrantFilter': {
                    'allDomainUnitsGrantFilter': {}
                    
                }
            }
        },
        detail={
            'createDomainUnit': {
                'includeChildDomainUnits': True|False
            },
            'overrideDomainUnitOwners': {
                'includeChildDomainUnits': True|False
            },
            'addToProjectMemberPool': {
                'includeChildDomainUnits': True|False
            },
            'overrideProjectOwners': {
                'includeChildDomainUnits': True|False
            },
            'createGlossary': {
                'includeChildDomainUnits': True|False
            },
            'createFormType': {
                'includeChildDomainUnits': True|False
            },
            'createAssetType': {
                'includeChildDomainUnits': True|False
            },
            'createProject': {
                'includeChildDomainUnits': True|False
            },
            'createEnvironmentProfile': {
                'domainUnitId': 'string'
            },
            'delegateCreateEnvironmentProfile': {}
            ,
            'createEnvironment': {}
            ,
            'createEnvironmentFromBlueprint': {}
            ,
            'createProjectFromProjectProfile': {
                'includeChildDomainUnits': True|False,
                'projectProfiles': [
                    'string',
                ]
            },
            'useAssetType': {
                'domainUnitId': 'string'
            }
        },
        clientToken='string'
    )
    
  :type domainIdentifier: string
  :param domainIdentifier: **[REQUIRED]** 

    The ID of the domain where you want to add a policy grant.

    

  
  :type entityType: string
  :param entityType: **[REQUIRED]** 

    The type of entity (resource) to which the grant is added.

    

  
  :type entityIdentifier: string
  :param entityIdentifier: **[REQUIRED]** 

    The ID of the entity (resource) to which you want to add a policy grant.

    

  
  :type policyType: string
  :param policyType: **[REQUIRED]** 

    The type of policy that you want to grant.

    

  
  :type principal: dict
  :param principal: **[REQUIRED]** 

    The principal to whom the permissions are granted.

    .. note::    This is a Tagged Union structure. Only one of the     following top level keys can be set: ``user``, ``group``, ``project``, ``domainUnit``. 

  
    - **user** *(dict) --* 

      The user of the policy grant principal.

      .. note::    This is a Tagged Union structure. Only one of the     following top level keys can be set: ``userIdentifier``, ``allUsersGrantFilter``. 

    
      - **userIdentifier** *(string) --* 

        The user ID of the user policy grant principal.

        

      
      - **allUsersGrantFilter** *(dict) --* 

        The all users grant filter of the user policy grant principal.

        

      
      
    
    - **group** *(dict) --* 

      The group of the policy grant principal.

      .. note::    This is a Tagged Union structure. Only one of the     following top level keys can be set: ``groupIdentifier``. 

    
      - **groupIdentifier** *(string) --* 

        The ID Of the group of the group principal.

        

      
    
    - **project** *(dict) --* 

      The project of the policy grant principal.

      

    
      - **projectDesignation** *(string) --* **[REQUIRED]** 

        The project designation of the project policy grant principal.

        

      
      - **projectIdentifier** *(string) --* 

        The project ID of the project policy grant principal.

        

      
      - **projectGrantFilter** *(dict) --* 

        The project grant filter of the project policy grant principal.

        .. note::    This is a Tagged Union structure. Only one of the     following top level keys can be set: ``domainUnitFilter``. 

      
        - **domainUnitFilter** *(dict) --* 

          The domain unit filter of the project grant filter.

          

        
          - **domainUnit** *(string) --* **[REQUIRED]** 

            The domain unit ID to use in the filter.

            

          
          - **includeChildDomainUnits** *(boolean) --* 

            Specifies whether to include child domain units.

            

          
        
      
    
    - **domainUnit** *(dict) --* 

      The domain unit of the policy grant principal.

      

    
      - **domainUnitDesignation** *(string) --* **[REQUIRED]** 

        Specifes the designation of the domain unit users.

        

      
      - **domainUnitIdentifier** *(string) --* 

        The ID of the domain unit.

        

      
      - **domainUnitGrantFilter** *(dict) --* 

        The grant filter for the domain unit.

        .. note::    This is a Tagged Union structure. Only one of the     following top level keys can be set: ``allDomainUnitsGrantFilter``. 

      
        - **allDomainUnitsGrantFilter** *(dict) --* 

          Specifies a grant filter containing all domain units.

          

        
        
      
    
  
  :type detail: dict
  :param detail: **[REQUIRED]** 

    The details of the policy grant.

    .. note::    This is a Tagged Union structure. Only one of the     following top level keys can be set: ``createDomainUnit``, ``overrideDomainUnitOwners``, ``addToProjectMemberPool``, ``overrideProjectOwners``, ``createGlossary``, ``createFormType``, ``createAssetType``, ``createProject``, ``createEnvironmentProfile``, ``delegateCreateEnvironmentProfile``, ``createEnvironment``, ``createEnvironmentFromBlueprint``, ``createProjectFromProjectProfile``, ``useAssetType``. 

  
    - **createDomainUnit** *(dict) --* 

      Specifies that this is a create domain unit policy.

      

    
      - **includeChildDomainUnits** *(boolean) --* 

        Specifies whether the policy grant is applied to child domain units.

        

      
    
    - **overrideDomainUnitOwners** *(dict) --* 

      Specifies whether to override domain unit owners.

      

    
      - **includeChildDomainUnits** *(boolean) --* 

        Specifies whether the policy is inherited by child domain units.

        

      
    
    - **addToProjectMemberPool** *(dict) --* 

      Specifies that the policy grant is to be added to the members of the project.

      

    
      - **includeChildDomainUnits** *(boolean) --* 

        Specifies whether the policy grant is applied to child domain units.

        

      
    
    - **overrideProjectOwners** *(dict) --* 

      Specifies whether to override project owners.

      

    
      - **includeChildDomainUnits** *(boolean) --* 

        Specifies whether the policy is inherited by child domain units.

        

      
    
    - **createGlossary** *(dict) --* 

      Specifies that this is a create glossary policy.

      

    
      - **includeChildDomainUnits** *(boolean) --* 

        Specifies whether the policy grant is applied to child domain units.

        

      
    
    - **createFormType** *(dict) --* 

      Specifies that this is a create form type policy.

      

    
      - **includeChildDomainUnits** *(boolean) --* 

        Specifies whether the policy grant is applied to child domain units.

        

      
    
    - **createAssetType** *(dict) --* 

      Specifies that this is a create asset type policy.

      

    
      - **includeChildDomainUnits** *(boolean) --* 

        Specifies whether the policy grant is applied to child domain units.

        

      
    
    - **createProject** *(dict) --* 

      Specifies that this is a create project policy.

      

    
      - **includeChildDomainUnits** *(boolean) --* 

        Specifies whether the policy grant is applied to child domain units.

        

      
    
    - **createEnvironmentProfile** *(dict) --* 

      Specifies that this is a create environment profile policy.

      

    
      - **domainUnitId** *(string) --* 

        The ID of the domain unit.

        

      
    
    - **delegateCreateEnvironmentProfile** *(dict) --* 

      Specifies that this is the delegation of the create environment profile policy.

      

    
    
    - **createEnvironment** *(dict) --* 

      Specifies that this is a create environment policy.

      

    
    
    - **createEnvironmentFromBlueprint** *(dict) --* 

      The details of the policy of creating an environment.

      

    
    
    - **createProjectFromProjectProfile** *(dict) --* 

      Specifies whether to create a project from project profile.

      

    
      - **includeChildDomainUnits** *(boolean) --* 

        Specifies whether to include child domain units when creating a project from project profile policy grant details

        

      
      - **projectProfiles** *(list) --* 

        Specifies project profiles when creating a project from project profile policy grant details

        

      
        - *(string) --* 

        
    
    
    - **useAssetType** *(dict) --* 

      Specifies the domain unit(s) whose projects can use this asset type while creating asset or asset revisions.

      

    
      - **domainUnitId** *(string) --* 

        The ID of the domain unit.

        

      
    
  
  :type clientToken: string
  :param clientToken: 

    A unique, case-sensitive identifier that is provided to ensure the idempotency of the request.

    This field is autopopulated if not provided.

  
  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'grantId': 'string'
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **grantId** *(string) --* 

        The ID of the policy grant that was added to a specified entity.

        
  
  **Exceptions**
  
  *   :py:class:`DataZone.Client.exceptions.InternalServerException`

  
  *   :py:class:`DataZone.Client.exceptions.AccessDeniedException`

  
  *   :py:class:`DataZone.Client.exceptions.ThrottlingException`

  
  *   :py:class:`DataZone.Client.exceptions.ServiceQuotaExceededException`

  
  *   :py:class:`DataZone.Client.exceptions.ConflictException`

  
  *   :py:class:`DataZone.Client.exceptions.ValidationException`

  
  *   :py:class:`DataZone.Client.exceptions.UnauthorizedException`

  