:doc:`PcaConnectorAd <../../pca-connector-ad>` / Client / list_template_group_access_control_entries

******************************************
list_template_group_access_control_entries
******************************************



.. py:method:: PcaConnectorAd.Client.list_template_group_access_control_entries(**kwargs)

  

  Lists group access control entries you created.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/pca-connector-ad-2018-05-10/ListTemplateGroupAccessControlEntries>`_  


  **Request Syntax**
  ::

    response = client.list_template_group_access_control_entries(
        MaxResults=123,
        NextToken='string',
        TemplateArn='string'
    )
    
  :type MaxResults: integer
  :param MaxResults: 

    Use this parameter when paginating results to specify the maximum number of items to return in the response on each page. If additional items exist beyond the number you specify, the ``NextToken`` element is sent in the response. Use this ``NextToken`` value in a subsequent request to retrieve additional items.

    

  
  :type NextToken: string
  :param NextToken: 

    Use this parameter when paginating results in a subsequent request after you receive a response with truncated results. Set it to the value of the ``NextToken`` parameter from the response you just received.

    

  
  :type TemplateArn: string
  :param TemplateArn: **[REQUIRED]** 

    The Amazon Resource Name (ARN) that was returned when you called `CreateTemplate <https://docs.aws.amazon.com/pca-connector-ad/latest/APIReference/API_CreateTemplate.html>`__.

    

  
  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'AccessControlEntries': [
              {
                  'AccessRights': {
                      'AutoEnroll': 'ALLOW'|'DENY',
                      'Enroll': 'ALLOW'|'DENY'
                  },
                  'CreatedAt': datetime(2015, 1, 1),
                  'GroupDisplayName': 'string',
                  'GroupSecurityIdentifier': 'string',
                  'TemplateArn': 'string',
                  'UpdatedAt': datetime(2015, 1, 1)
              },
          ],
          'NextToken': 'string'
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **AccessControlEntries** *(list) --* 

        An access control entry grants or denies permission to an Active Directory group to enroll certificates for a template.

        
        

        - *(dict) --* 

          Summary of group access control entries that allow or deny Active Directory groups based on their security identifiers (SIDs) from enrolling and/or autofenrolling with the template.

          
          

          - **AccessRights** *(dict) --* 

            Allow or deny an Active Directory group from enrolling and autoenrolling certificates issued against a template.

            
            

            - **AutoEnroll** *(string) --* 

              Allow or deny an Active Directory group from autoenrolling certificates issued against a template. The Active Directory group must be allowed to enroll to allow autoenrollment

              
            

            - **Enroll** *(string) --* 

              Allow or deny an Active Directory group from enrolling certificates issued against a template.

              
        
          

          - **CreatedAt** *(datetime) --* 

            The date and time that the Access Control Entry was created.

            
          

          - **GroupDisplayName** *(string) --* 

            Name of the Active Directory group. This name does not need to match the group name in Active Directory.

            
          

          - **GroupSecurityIdentifier** *(string) --* 

            Security identifier (SID) of the group object from Active Directory. The SID starts with "S-".

            
          

          - **TemplateArn** *(string) --* 

            The Amazon Resource Name (ARN) that was returned when you called `CreateTemplate <https://docs.aws.amazon.com/pca-connector-ad/latest/APIReference/API_CreateTemplate.html>`__.

            
          

          - **UpdatedAt** *(datetime) --* 

            The date and time that the Access Control Entry was updated.

            
      
    
      

      - **NextToken** *(string) --* 

        Use this parameter when paginating results in a subsequent request after you receive a response with truncated results. Set it to the value of the ``NextToken`` parameter from the response you just received.

        
  
  **Exceptions**
  
  *   :py:class:`PcaConnectorAd.Client.exceptions.AccessDeniedException`

  
  *   :py:class:`PcaConnectorAd.Client.exceptions.ValidationException`

  
  *   :py:class:`PcaConnectorAd.Client.exceptions.ResourceNotFoundException`

  
  *   :py:class:`PcaConnectorAd.Client.exceptions.ThrottlingException`

  
  *   :py:class:`PcaConnectorAd.Client.exceptions.InternalServerException`

  