:doc:`PcaConnectorAd <../../pca-connector-ad>` / Client / get_template_group_access_control_entry

***************************************
get_template_group_access_control_entry
***************************************



.. py:method:: PcaConnectorAd.Client.get_template_group_access_control_entry(**kwargs)

  

  Retrieves the group access control entries for a template.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/pca-connector-ad-2018-05-10/GetTemplateGroupAccessControlEntry>`_  


  **Request Syntax**
  ::

    response = client.get_template_group_access_control_entry(
        GroupSecurityIdentifier='string',
        TemplateArn='string'
    )
    
  :type GroupSecurityIdentifier: string
  :param GroupSecurityIdentifier: **[REQUIRED]** 

    Security identifier (SID) of the group object from Active Directory. The SID starts with "S-".

    

  
  :type TemplateArn: string
  :param TemplateArn: **[REQUIRED]** 

    The Amazon Resource Name (ARN) that was returned when you called `CreateTemplate <https://docs.aws.amazon.com/pca-connector-ad/latest/APIReference/API_CreateTemplate.html>`__.

    

  
  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'AccessControlEntry': {
              'AccessRights': {
                  'AutoEnroll': 'ALLOW'|'DENY',
                  'Enroll': 'ALLOW'|'DENY'
              },
              'CreatedAt': datetime(2015, 1, 1),
              'GroupDisplayName': 'string',
              'GroupSecurityIdentifier': 'string',
              'TemplateArn': 'string',
              'UpdatedAt': datetime(2015, 1, 1)
          }
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **AccessControlEntry** *(dict) --* 

        An access control entry allows or denies an Active Directory group from enrolling and/or autoenrolling with a template.

        
        

        - **AccessRights** *(dict) --* 

          Permissions to allow or deny an Active Directory group to enroll or autoenroll certificates issued against a template.

          
          

          - **AutoEnroll** *(string) --* 

            Allow or deny an Active Directory group from autoenrolling certificates issued against a template. The Active Directory group must be allowed to enroll to allow autoenrollment

            
          

          - **Enroll** *(string) --* 

            Allow or deny an Active Directory group from enrolling certificates issued against a template.

            
      
        

        - **CreatedAt** *(datetime) --* 

          The date and time that the Access Control Entry was created.

          
        

        - **GroupDisplayName** *(string) --* 

          Name of the Active Directory group. This name does not need to match the group name in Active Directory.

          
        

        - **GroupSecurityIdentifier** *(string) --* 

          Security identifier (SID) of the group object from Active Directory. The SID starts with "S-".

          
        

        - **TemplateArn** *(string) --* 

          The Amazon Resource Name (ARN) that was returned when you called `CreateTemplate <https://docs.aws.amazon.com/pca-connector-ad/latest/APIReference/API_CreateTemplate.html>`__.

          
        

        - **UpdatedAt** *(datetime) --* 

          The date and time that the Access Control Entry was updated.

          
    
  
  **Exceptions**
  
  *   :py:class:`PcaConnectorAd.Client.exceptions.AccessDeniedException`

  
  *   :py:class:`PcaConnectorAd.Client.exceptions.ValidationException`

  
  *   :py:class:`PcaConnectorAd.Client.exceptions.ResourceNotFoundException`

  
  *   :py:class:`PcaConnectorAd.Client.exceptions.ThrottlingException`

  
  *   :py:class:`PcaConnectorAd.Client.exceptions.InternalServerException`

  