WorkMail / Client / get_impersonation_role_effect

get_impersonation_role_effect#

WorkMail.Client.get_impersonation_role_effect(**kwargs)#

Tests whether the given impersonation role can impersonate a target user.

See also: AWS API Documentation

Request Syntax

response = client.get_impersonation_role_effect(
    OrganizationId='string',
    ImpersonationRoleId='string',
    TargetUser='string'
)
Parameters:
  • OrganizationId (string) –

    [REQUIRED]

    The WorkMail organization where the impersonation role is defined.

  • ImpersonationRoleId (string) –

    [REQUIRED]

    The impersonation role ID to test.

  • TargetUser (string) –

    [REQUIRED]

    The WorkMail organization user chosen to test the impersonation role. The following identity formats are available:

    • User ID: 12345678-1234-1234-1234-123456789012 or S-1-1-12-1234567890-123456789-123456789-1234

    • Email address: user@domain.tld

    • User name: user

Return type:

dict

Returns:

Response Syntax

{
    'Type': 'FULL_ACCESS'|'READ_ONLY',
    'Effect': 'ALLOW'|'DENY',
    'MatchedRules': [
        {
            'ImpersonationRuleId': 'string',
            'Name': 'string'
        },
    ]
}

Response Structure

  • (dict) –

    • Type (string) –

      The impersonation role type.

    • Effect (string) –

      Effect of the impersonation role on the target user based on its rules. Available effects are ALLOW or DENY.

    • MatchedRules (list) –

      A list of the rules that match the input and produce the configured effect.

      • (dict) –

        The impersonation rule that matched the input.

        • ImpersonationRuleId (string) –

          The ID of the rule that matched the input

        • Name (string) –

          The name of the rule that matched the input.

Exceptions