:doc:`S3Control <../../s3control>` / Client / list_caller_access_grants

*************************
list_caller_access_grants
*************************



.. py:method:: S3Control.Client.list_caller_access_grants(**kwargs)

  

  Use this API to list the access grants that grant the caller access to Amazon S3 data through S3 Access Grants. The caller (grantee) can be an Identity and Access Management (IAM) identity or Amazon Web Services Identity Center corporate directory identity. You must pass the Amazon Web Services account of the S3 data owner (grantor) in the request. You can, optionally, narrow the results by ``GrantScope``, using a fragment of the data's S3 path, and S3 Access Grants will return only the grants with a path that contains the path fragment. You can also pass the ``AllowedByApplication`` filter in the request, which returns only the grants authorized for applications, whether the application is the caller's Identity Center application or any other application ( ``ALL``). For more information, see `List the caller's access grants <https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-grants-list-grants.html>`__ in the *Amazon S3 User Guide*.

    Permissions  

  You must have the ``s3:ListCallerAccessGrants`` permission to use this operation.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/s3control-2018-08-20/ListCallerAccessGrants>`_  


  **Request Syntax**
  ::

    response = client.list_caller_access_grants(
        AccountId='string',
        GrantScope='string',
        NextToken='string',
        MaxResults=123,
        AllowedByApplication=True|False
    )
    
  :type AccountId: string
  :param AccountId: **[REQUIRED]** 

    The Amazon Web Services account ID of the S3 Access Grants instance.

    

  
  :type GrantScope: string
  :param GrantScope: 

    The S3 path of the data that you would like to access. Must start with ``s3://``. You can optionally pass only the beginning characters of a path, and S3 Access Grants will search for all applicable grants for the path fragment.

    

  
  :type NextToken: string
  :param NextToken: 

    A pagination token to request the next page of results. Pass this value into a subsequent ``List Caller Access Grants`` request in order to retrieve the next page of results.

    

  
  :type MaxResults: integer
  :param MaxResults: 

    The maximum number of access grants that you would like returned in the ``List Caller Access Grants`` response. If the results include the pagination token ``NextToken``, make another call using the ``NextToken`` to determine if there are more results.

    

  
  :type AllowedByApplication: boolean
  :param AllowedByApplication: 

    If this optional parameter is passed in the request, a filter is applied to the results. The results will include only the access grants for the caller's Identity Center application or for any other applications ( ``ALL``).

    

  
  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'NextToken': 'string',
          'CallerAccessGrantsList': [
              {
                  'Permission': 'READ'|'WRITE'|'READWRITE',
                  'GrantScope': 'string',
                  'ApplicationArn': 'string'
              },
          ]
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **NextToken** *(string) --* 

        A pagination token that you can use to request the next page of results. Pass this value into a subsequent ``List Caller Access Grants`` request in order to retrieve the next page of results.

        
      

      - **CallerAccessGrantsList** *(list) --* 

        A list of the caller's access grants that were created using S3 Access Grants and that grant the caller access to the S3 data of the Amazon Web Services account ID that was specified in the request.

        
        

        - *(dict) --* 

          Part of ``ListCallerAccessGrantsResult``. Each entry includes the permission level (READ, WRITE, or READWRITE) and the grant scope of the access grant. If the grant also includes an application ARN, the grantee can only access the S3 data through this application.

          
          

          - **Permission** *(string) --* 

            The type of permission granted, which can be one of the following values:

             

            
            * ``READ`` - Grants read-only access to the S3 data.
             
            * ``WRITE`` - Grants write-only access to the S3 data.
             
            * ``READWRITE`` - Grants both read and write access to the S3 data.
            

            
          

          - **GrantScope** *(string) --* 

            The S3 path of the data to which you have been granted access.

            
          

          - **ApplicationArn** *(string) --* 

            The Amazon Resource Name (ARN) of an Amazon Web Services IAM Identity Center application associated with your Identity Center instance. If the grant includes an application ARN, the grantee can only access the S3 data through this application.

            
      
    
  