CreatePermissionGroup - Amazon FinSpace
Request SyntaxURI Request ParametersRequest BodyResponse SyntaxResponse ElementsErrorsSee Also

Amazon FinSpace Dataset Browser will be discontinued on November 29, 2024. Starting November 29, 2023, FinSpace will no longer accept the creation of new Dataset Browser environments. Customers using Amazon FinSpace with Managed Kdb Insights will not be affected. For more information, review the FAQ or contact AWS Support to assist with your transition.

CreatePermissionGroup

Creates a group of permissions for various actions that a user can perform in FinSpace.

Request Syntax

POST /permission-group HTTP/1.1
Content-type: application/json

{
   "applicationPermissions": [ "string" ],
   "clientToken": "string",
   "description": "string",
   "name": "string"
}

URI Request Parameters

The request does not use any URI parameters.

Request Body

The request accepts the following data in JSON format.

applicationPermissions

The option to indicate FinSpace application permissions that are granted to a specific group.

Important

When assigning application permissions, be aware that the permission ManageUsersAndGroups allows users to grant themselves or others access to any functionality in their FinSpace environment's application. It should only be granted to trusted users.

  • CreateDataset – Group members can create new datasets.

  • ManageClusters – Group members can manage Apache Spark clusters from FinSpace notebooks.

  • ManageUsersAndGroups – Group members can manage users and permission groups. This is a privileged permission that allows users to grant themselves or others access to any functionality in the application. It should only be granted to trusted users.

  • ManageAttributeSets – Group members can manage attribute sets.

  • ViewAuditData – Group members can view audit data.

  • AccessNotebooks – Group members will have access to FinSpace notebooks.

  • GetTemporaryCredentials – Group members can get temporary API credentials.

Type: Array of strings

Valid Values: CreateDataset | ManageClusters | ManageUsersAndGroups | ManageAttributeSets | ViewAuditData | AccessNotebooks | GetTemporaryCredentials

Required: Yes

name

The name of the permission group.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 255.

Pattern: .*\S.*

Required: Yes

clientToken

A token that ensures idempotency. This token expires in 10 minutes.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: .*\S.*

Required: No

description

A brief description for the permission group.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 4000.

Pattern: [\s\S]*

Required: No

Response Syntax

HTTP/1.1 200
Content-type: application/json

{
   "permissionGroupId": "string"
}

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

permissionGroupId

The unique identifier for the permission group.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 26.

Pattern: .*\S.*

Errors

For information about the errors that are common to all actions, see Common Errors.

AccessDeniedException

You do not have sufficient access to perform this action.

HTTP Status Code: 403

ConflictException

The request conflicts with an existing resource.

HTTP Status Code: 409

InternalServerException

The request processing has failed because of an unknown error, exception or failure.

HTTP Status Code: 500

LimitExceededException

A limit has exceeded.

HTTP Status Code: 400

ThrottlingException

The request was denied due to request throttling.

HTTP Status Code: 429

ValidationException

The input fails to satisfy the constraints specified by an AWS service.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: