- Navigation GuideYou are on a Command (operation) page with structural examples. Use the navigation breadcrumb if you would like to return to the Client landing page.
GetTemplateGroupAccessControlEntryCommand
Retrieves the group access control entries for a template.
Example Syntax
Use a bare-bones client and the command you need to make an API call.
import { PcaConnectorAdClient, GetTemplateGroupAccessControlEntryCommand } from "@aws-sdk/client-pca-connector-ad"; // ES Modules import
// const { PcaConnectorAdClient, GetTemplateGroupAccessControlEntryCommand } = require("@aws-sdk/client-pca-connector-ad"); // CommonJS import
const client = new PcaConnectorAdClient(config);
const input = { // GetTemplateGroupAccessControlEntryRequest
TemplateArn: "STRING_VALUE", // required
GroupSecurityIdentifier: "STRING_VALUE", // required
};
const command = new GetTemplateGroupAccessControlEntryCommand(input);
const response = await client.send(command);
// { // GetTemplateGroupAccessControlEntryResponse
// AccessControlEntry: { // AccessControlEntry
// GroupDisplayName: "STRING_VALUE",
// GroupSecurityIdentifier: "STRING_VALUE",
// AccessRights: { // AccessRights
// Enroll: "ALLOW" || "DENY",
// AutoEnroll: "ALLOW" || "DENY",
// },
// TemplateArn: "STRING_VALUE",
// CreatedAt: new Date("TIMESTAMP"),
// UpdatedAt: new Date("TIMESTAMP"),
// },
// };
GetTemplateGroupAccessControlEntryCommand Input
Parameter | Type | Description |
|---|
Parameter | Type | Description |
|---|---|---|
GroupSecurityIdentifierRequired | string | undefined | Security identifier (SID) of the group object from Active Directory. The SID starts with "S-". |
TemplateArnRequired | string | undefined | The Amazon Resource Name (ARN) that was returned when you called CreateTemplate . |
GetTemplateGroupAccessControlEntryCommand Output
Parameter | Type | Description |
|---|
Parameter | Type | Description |
|---|---|---|
$metadataRequired | ResponseMetadata | Metadata pertaining to this request. |
AccessControlEntry | AccessControlEntry | undefined | An access control entry allows or denies an Active Directory group from enrolling and/or autoenrolling with a template. |
Throws
Name | Fault | Details |
|---|
Name | Fault | Details |
|---|---|---|
| AccessDeniedException | client | You can receive this error if you attempt to create a resource share when you don't have the required permissions. This can be caused by insufficient permissions in policies attached to your Amazon Web Services Identity and Access Management (IAM) principal. It can also happen because of restrictions in place from an Amazon Web Services Organizations service control policy (SCP) that affects your Amazon Web Services account. |
| InternalServerException | server | The request processing has failed because of an unknown error, exception or failure with an internal server. |
| ResourceNotFoundException | client | The operation tried to access a nonexistent resource. The resource might not be specified correctly, or its status might not be ACTIVE. |
| ThrottlingException | client | The limit on the number of requests per second was exceeded. |
| ValidationException | client | An input validation error occurred. For example, invalid characters in a template name, or if a pagination token is invalid. |
| PcaConnectorAdServiceException | Base exception class for all service exceptions from PcaConnectorAd service. |