policy_grants_list_only
Lists policy_grants in a region or regions, for all properties use policy_grants
Overview
| Name | policy_grants_list_only |
| Type | Resource |
| Description | Policy Grant in AWS DataZone is an explicit authorization assignment that allows a specific principal (user, group, or project) to perform particular actions (such as creating glossary terms, managing projects, or accessing resources) on governed resources within a certain scope (like a Domain Unit or Project). Policy Grants are essentially the mechanism by which DataZone enforces fine-grained, role-based access control beyond what is possible through AWS IAM alone. |
| Id | awscc.datazone.policy_grants_list_only |
Fields
| Name | Datatype | Description |
|---|---|---|
entity_type | string | |
policy_type | string | |
grant_id | string | The unique identifier of the policy grant returned by the AddPolicyGrant API |
entity_identifier | string | |
domain_identifier | string | |
region | string | AWS region. |
Methods
| Name | Accessible by | Required Params |
|---|---|---|
list_resources | SELECT | region |
SELECT examples
Lists all policy_grants in a region.
SELECT
region,
domain_identifier,
grant_id,
entity_identifier,
entity_type,
policy_type
FROM awscc.datazone.policy_grants_list_only
WHERE region = 'us-east-1';
Permissions
For permissions required to operate on the policy_grants_list_only resource, see policy_grants