AccessControlEntry

An access control entry allows or denies Active Directory groups based on their security identifiers (SIDs) from enrolling and/or autoenrolling with the template.

Contents

AccessRights

Permissions to allow or deny an Active Directory group to enroll or autoenroll certificates issued against a template.

Type: AccessRights object

Required: No

CreatedAt

The date and time that the Access Control Entry was created.

Type: Timestamp

Required: No

GroupDisplayName

Name of the Active Directory group. This name does not need to match the group name in Active Directory.

Type: String

Length Constraints: Minimum length of 0. Maximum length of 256.

Pattern: ^[\x20-\x7E]+$

Required: No

GroupSecurityIdentifier

Security identifier (SID) of the group object from Active Directory. The SID starts with "S-".

Type: String

Length Constraints: Minimum length of 7. Maximum length of 256.

Pattern: ^S-[0-9]-([0-9]+-){1,14}[0-9]+$

Required: No

TemplateArn

The Amazon Resource Name (ARN) that was returned when you called CreateTemplate.

Type: String

Length Constraints: Minimum length of 5. Maximum length of 200.

Pattern: ^arn:[\w-]+:pca-connector-ad:[\w-]+:[0-9]+:connector\/[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}\/template\/[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}$

Required: No

UpdatedAt

The date and time that the Access Control Entry was updated.

Type: Timestamp

Required: No

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++

• AWS SDK for Java V2

• AWS SDK for Ruby V3