

*******************
VerifiedPermissions
*******************



======
Client
======



.. py:class:: VerifiedPermissions.Client

  A low-level client representing Amazon Verified Permissions
  

  Amazon Verified Permissions is a permissions management service from Amazon Web Services. You can use Verified Permissions to manage permissions for your application, and authorize user access based on those permissions. Using Verified Permissions, application developers can grant access based on information about the users, resources, and requested actions. You can also evaluate additional information like group membership, attributes of the resources, and session context, such as time of request and IP addresses. Verified Permissions manages these permissions by letting you create and store authorization policies for your applications, such as consumer-facing web sites and enterprise business systems.

   

  Verified Permissions uses Cedar as the policy language to express your permission requirements. Cedar supports both role-based access control (RBAC) and attribute-based access control (ABAC) authorization models.

   

  For more information about configuring, administering, and using Amazon Verified Permissions in your applications, see the `Amazon Verified Permissions User Guide <https://docs.aws.amazon.com/verifiedpermissions/latest/userguide/>`__.

   

  For more information about the Cedar policy language, see the `Cedar Policy Language Guide <https://docs.cedarpolicy.com/>`__.

   

  .. warning::

     

    When you write Cedar policies that reference principals, resources and actions, you can define the unique identifiers used for each of those elements. We strongly recommend that you follow these best practices:

     

    
    * **Use values like universally unique identifiers (UUIDs) for all principal and resource identifiers.** For example, if user ``jane`` leaves the company, and you later let someone else use the name ``jane``, then that new user automatically gets access to everything granted by policies that still reference ``User::"jane"``. Cedar can’t distinguish between the new user and the old. This applies to both principal and resource identifiers. Always use identifiers that are guaranteed unique and never reused to ensure that you don’t unintentionally grant access because of the presence of an old identifier in a policy. Where you use a UUID for an entity, we recommend that you follow it with the // comment specifier and the ‘friendly’ name of your entity. This helps to make your policies easier to understand. For example: principal == User::"a1b2c3d4-e5f6-a1b2-c3d4-EXAMPLE11111", // alice
     
    * **Do not include personally identifying, confidential, or sensitive information as part of the unique identifier for your principals or resources.** These identifiers are included in log entries shared in CloudTrail trails.
    

     

   

  Several operations return structures that appear similar, but have different purposes. As new functionality is added to the product, the structure used in a parameter of one operation might need to change in a way that wouldn't make sense for the same parameter in a different operation. To help you understand the purpose of each, the following naming convention is used for the structures:

   

  
  * Parameter type structures that end in ``Detail`` are used in ``Get`` operations.
   
  * Parameter type structures that end in ``Item`` are used in ``List`` operations.
   
  * Parameter type structures that use neither suffix are used in the mutating (create and update) operations.
  

  ::

    
    import boto3
    
    client = boto3.client('verifiedpermissions')

  

These are the available methods:

.. toctree::
  :maxdepth: 1
  :titlesonly:

  verifiedpermissions/client/batch_get_policy
  verifiedpermissions/client/batch_is_authorized
  verifiedpermissions/client/batch_is_authorized_with_token
  verifiedpermissions/client/can_paginate
  verifiedpermissions/client/close
  verifiedpermissions/client/create_identity_source
  verifiedpermissions/client/create_policy
  verifiedpermissions/client/create_policy_store
  verifiedpermissions/client/create_policy_template
  verifiedpermissions/client/delete_identity_source
  verifiedpermissions/client/delete_policy
  verifiedpermissions/client/delete_policy_store
  verifiedpermissions/client/delete_policy_template
  verifiedpermissions/client/get_identity_source
  verifiedpermissions/client/get_paginator
  verifiedpermissions/client/get_policy
  verifiedpermissions/client/get_policy_store
  verifiedpermissions/client/get_policy_template
  verifiedpermissions/client/get_schema
  verifiedpermissions/client/get_waiter
  verifiedpermissions/client/is_authorized
  verifiedpermissions/client/is_authorized_with_token
  verifiedpermissions/client/list_identity_sources
  verifiedpermissions/client/list_policies
  verifiedpermissions/client/list_policy_stores
  verifiedpermissions/client/list_policy_templates
  verifiedpermissions/client/list_tags_for_resource
  verifiedpermissions/client/put_schema
  verifiedpermissions/client/tag_resource
  verifiedpermissions/client/untag_resource
  verifiedpermissions/client/update_identity_source
  verifiedpermissions/client/update_policy
  verifiedpermissions/client/update_policy_store
  verifiedpermissions/client/update_policy_template


==========
Paginators
==========


Paginators are available on a client instance via the ``get_paginator`` method. For more detailed instructions and examples on the usage of paginators, see the paginators `user guide <https://boto3.amazonaws.com/v1/documentation/api/latest/guide/paginators.html>`_.

The available paginators are:

.. toctree::
  :maxdepth: 1
  :titlesonly:

  verifiedpermissions/paginator/ListIdentitySources
  verifiedpermissions/paginator/ListPolicies
  verifiedpermissions/paginator/ListPolicyStores
  verifiedpermissions/paginator/ListPolicyTemplates
