DescribeApplicationAssignment
Retrieves a direct assignment of a user or group to an application. If the user doesn’t have a direct assignment to the application, the user may still have access to the application through a group. Therefore, don’t use this API to test access to an application for a user. Instead use ListApplicationAssignmentsForPrincipal.
Request Syntax
{
"ApplicationArn": "string
",
"PrincipalId": "string
",
"PrincipalType": "string
"
}
Request Parameters
For information about the parameters that are common to all actions, see Common Parameters.
The request accepts the following data in JSON format.
- ApplicationArn
-
Specifies the ARN of the application. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
Type: String
Length Constraints: Minimum length of 10. Maximum length of 1224.
Pattern:
arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):sso::\d{12}:application/(sso)?ins-[a-zA-Z0-9-.]{16}/apl-[a-zA-Z0-9]{16}
Required: Yes
- PrincipalId
-
An identifier for an object in IAM Identity Center, such as a user or group. PrincipalIds are GUIDs (For example, f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about PrincipalIds in IAM Identity Center, see the IAM Identity Center Identity Store API Reference.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 47.
Pattern:
([0-9a-f]{10}-|)[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}
Required: Yes
- PrincipalType
-
The entity type for which the assignment will be created.
Type: String
Valid Values:
USER | GROUP
Required: Yes
Response Syntax
{
"ApplicationArn": "string",
"PrincipalId": "string",
"PrincipalType": "string"
}
Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
- ApplicationArn
-
Specifies the ARN of the application. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.
Type: String
Length Constraints: Minimum length of 10. Maximum length of 1224.
Pattern:
arn:(aws|aws-us-gov|aws-cn|aws-iso|aws-iso-b):sso::\d{12}:application/(sso)?ins-[a-zA-Z0-9-.]{16}/apl-[a-zA-Z0-9]{16}
- PrincipalId
-
An identifier for an object in IAM Identity Center, such as a user or group. PrincipalIds are GUIDs (For example, f81d4fae-7dec-11d0-a765-00a0c91e6bf6). For more information about PrincipalIds in IAM Identity Center, see the IAM Identity Center Identity Store API Reference.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 47.
Pattern:
([0-9a-f]{10}-|)[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}
- PrincipalType
-
The entity type for which the assignment will be created.
Type: String
Valid Values:
USER | GROUP
Errors
For information about the errors that are common to all actions, see Common Errors.
- AccessDeniedException
-
You do not have sufficient access to perform this action.
HTTP Status Code: 400
- InternalServerException
-
The request processing has failed because of an unknown error, exception, or failure with an internal server.
HTTP Status Code: 500
- ResourceNotFoundException
-
Indicates that a requested resource is not found.
HTTP Status Code: 400
- ThrottlingException
-
Indicates that the principal has crossed the throttling limits of the API operations.
HTTP Status Code: 400
- ValidationException
-
The request failed because it contains a syntax error.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following: