:doc:`IoTSiteWise <../../iotsitewise>` / Client / create_access_policy

********************
create_access_policy
********************



.. py:method:: IoTSiteWise.Client.create_access_policy(**kwargs)

  

  Creates an access policy that grants the specified identity (IAM Identity Center user, IAM Identity Center group, or IAM user) access to the specified IoT SiteWise Monitor portal or project resource.

   

  .. note::

    

    Support for access policies that use an SSO Group as the identity is not supported at this time.

    

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/iotsitewise-2019-12-02/CreateAccessPolicy>`_  


  **Request Syntax**
  ::

    response = client.create_access_policy(
        accessPolicyIdentity={
            'user': {
                'id': 'string'
            },
            'group': {
                'id': 'string'
            },
            'iamUser': {
                'arn': 'string'
            },
            'iamRole': {
                'arn': 'string'
            }
        },
        accessPolicyResource={
            'portal': {
                'id': 'string'
            },
            'project': {
                'id': 'string'
            }
        },
        accessPolicyPermission='ADMINISTRATOR'|'VIEWER',
        clientToken='string',
        tags={
            'string': 'string'
        }
    )
    
  :type accessPolicyIdentity: dict
  :param accessPolicyIdentity: **[REQUIRED]** 

    The identity for this access policy. Choose an IAM Identity Center user, an IAM Identity Center group, or an IAM user.

    

  
    - **user** *(dict) --* 

      An IAM Identity Center user identity.

      

    
      - **id** *(string) --* **[REQUIRED]** 

        The IAM Identity Center ID of the user.

        

      
    
    - **group** *(dict) --* 

      An IAM Identity Center group identity.

      

    
      - **id** *(string) --* **[REQUIRED]** 

        The IAM Identity Center ID of the group.

        

      
    
    - **iamUser** *(dict) --* 

      An IAM user identity.

      

    
      - **arn** *(string) --* **[REQUIRED]** 

        The ARN of the IAM user. For more information, see `IAM ARNs <https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html>`__ in the *IAM User Guide*.

         

        .. note::

          

          If you delete the IAM user, access policies that contain this identity include an empty ``arn``. You can delete the access policy for the IAM user that no longer exists.

          

        

      
    
    - **iamRole** *(dict) --* 

      An IAM role identity.

      

    
      - **arn** *(string) --* **[REQUIRED]** 

        The ARN of the IAM role. For more information, see `IAM ARNs <https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html>`__ in the *IAM User Guide*.

        

      
    
  
  :type accessPolicyResource: dict
  :param accessPolicyResource: **[REQUIRED]** 

    The IoT SiteWise Monitor resource for this access policy. Choose either a portal or a project.

    

  
    - **portal** *(dict) --* 

      A portal resource.

      

    
      - **id** *(string) --* **[REQUIRED]** 

        The ID of the portal.

        

      
    
    - **project** *(dict) --* 

      A project resource.

      

    
      - **id** *(string) --* **[REQUIRED]** 

        The ID of the project.

        

      
    
  
  :type accessPolicyPermission: string
  :param accessPolicyPermission: **[REQUIRED]** 

    The permission level for this access policy. Note that a project ``ADMINISTRATOR`` is also known as a project owner.

    

  
  :type clientToken: string
  :param clientToken: 

    A unique case-sensitive identifier that you can provide to ensure the idempotency of the request. Don't reuse this client token if a new idempotent request is required.

    This field is autopopulated if not provided.

  
  :type tags: dict
  :param tags: 

    A list of key-value pairs that contain metadata for the access policy. For more information, see `Tagging your IoT SiteWise resources <https://docs.aws.amazon.com/iot-sitewise/latest/userguide/tag-resources.html>`__ in the *IoT SiteWise User Guide*.

    

  
    - *(string) --* 

    
      - *(string) --* 

      


  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'accessPolicyId': 'string',
          'accessPolicyArn': 'string'
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **accessPolicyId** *(string) --* 

        The ID of the access policy.

        
      

      - **accessPolicyArn** *(string) --* 

        The `ARN <https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html>`__ of the access policy, which has the following format.

         

        ``arn:${Partition}:iotsitewise:${Region}:${Account}:access-policy/${AccessPolicyId}``

        
  
  **Exceptions**
  
  *   :py:class:`IoTSiteWise.Client.exceptions.InvalidRequestException`

  
  *   :py:class:`IoTSiteWise.Client.exceptions.ResourceNotFoundException`

  
  *   :py:class:`IoTSiteWise.Client.exceptions.InternalFailureException`

  
  *   :py:class:`IoTSiteWise.Client.exceptions.ThrottlingException`

  
  *   :py:class:`IoTSiteWise.Client.exceptions.LimitExceededException`

  