Smaws_Client_KMS.ListGrantsval request :
Smaws_Lib.Context.t ->
list_grants_request ->
(list_grants_response,
[> Smaws_Lib.Protocols.AwsJson.error
| `DependencyTimeoutException of dependency_timeout_exception
| `InvalidArnException of invalid_arn_exception
| `InvalidGrantIdException of invalid_grant_id_exception
| `InvalidMarkerException of invalid_marker_exception
| `KMSInternalException of kms_internal_exception
| `KMSInvalidStateException of kms_invalid_state_exception
| `NotFoundException of not_found_exception ])
Stdlib.resultGets a list of all grants for the specified KMS key.
You must specify the KMS key in all requests. You can filter the grant list by grant ID or grantee principal.
For detailed information about grants, including grant terminology, see Grants in KMS in the Key Management Service Developer Guide. For examples of working with grants in several programming languages, see Programming grants.
The GranteePrincipal field in the ListGrants response usually contains the user or role designated as the grantee principal in the grant. However, when the grantee principal in the grant is an Amazon Web Services service, the GranteePrincipal field contains the service principal, which might represent several different grantee principals.
Cross-account use: Yes. To perform this operation on a KMS key in a different Amazon Web Services account, specify the key ARN in the value of the KeyId parameter.
Required permissions: kms:ListGrants (key policy)
Related operations:
CreateGrantListRetirableGrantsRetireGrantRevokeGrantEventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.