:doc:`PcaConnectorAd <../../pca-connector-ad>` / Client / create_template_group_access_control_entry

******************************************
create_template_group_access_control_entry
******************************************



.. py:method:: PcaConnectorAd.Client.create_template_group_access_control_entry(**kwargs)

  

  Create a group access control entry. Allow or deny Active Directory groups from enrolling and/or autoenrolling with the template based on the group security identifiers (SIDs).

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/pca-connector-ad-2018-05-10/CreateTemplateGroupAccessControlEntry>`_  


  **Request Syntax**
  ::

    response = client.create_template_group_access_control_entry(
        AccessRights={
            'AutoEnroll': 'ALLOW'|'DENY',
            'Enroll': 'ALLOW'|'DENY'
        },
        ClientToken='string',
        GroupDisplayName='string',
        GroupSecurityIdentifier='string',
        TemplateArn='string'
    )
    
  :type AccessRights: dict
  :param AccessRights: **[REQUIRED]** 

    Allow or deny permissions for an Active Directory group to enroll or autoenroll certificates for a template.

    

  
    - **AutoEnroll** *(string) --* 

      Allow or deny an Active Directory group from autoenrolling certificates issued against a template. The Active Directory group must be allowed to enroll to allow autoenrollment

      

    
    - **Enroll** *(string) --* 

      Allow or deny an Active Directory group from enrolling certificates issued against a template.

      

    
  
  :type ClientToken: string
  :param ClientToken: 

    Idempotency token.

    This field is autopopulated if not provided.

  
  :type GroupDisplayName: string
  :param GroupDisplayName: **[REQUIRED]** 

    Name of the Active Directory group. This name does not need to match the group name in Active Directory.

    

  
  :type GroupSecurityIdentifier: string
  :param GroupSecurityIdentifier: **[REQUIRED]** 

    Security identifier (SID) of the group object from Active Directory. The SID starts with "S-".

    

  
  :type TemplateArn: string
  :param TemplateArn: **[REQUIRED]** 

    The Amazon Resource Name (ARN) that was returned when you called `CreateTemplate <https://docs.aws.amazon.com/pca-connector-ad/latest/APIReference/API_CreateTemplate.html>`__.

    

  
  
  :returns: None
  **Exceptions**
  
  *   :py:class:`PcaConnectorAd.Client.exceptions.AccessDeniedException`

  
  *   :py:class:`PcaConnectorAd.Client.exceptions.ValidationException`

  
  *   :py:class:`PcaConnectorAd.Client.exceptions.ResourceNotFoundException`

  
  *   :py:class:`PcaConnectorAd.Client.exceptions.ThrottlingException`

  
  *   :py:class:`PcaConnectorAd.Client.exceptions.ServiceQuotaExceededException`

  
  *   :py:class:`PcaConnectorAd.Client.exceptions.InternalServerException`

  
  *   :py:class:`PcaConnectorAd.Client.exceptions.ConflictException`

  