This is the new *Amazon CloudFormation Template Reference Guide*. Please update your bookmarks and links. For help getting started with CloudFormation, see the [Amazon CloudFormation User Guide](https://docs.amazonaws.cn/AWSCloudFormation/latest/UserGuide/Welcome.html). # AWS::PCAConnectorAD::TemplateGroupAccessControlEntry AccessRights Allow or deny permissions for an Active Directory group to enroll or autoenroll certificates for a template. ## Syntax To declare this entity in your Amazon CloudFormation template, use the following syntax: ### JSON ``` { "[AutoEnroll](#cfn-pcaconnectorad-templategroupaccesscontrolentry-accessrights-autoenroll)" : {{String}}, "[Enroll](#cfn-pcaconnectorad-templategroupaccesscontrolentry-accessrights-enroll)" : {{String}} } ``` ### YAML ``` [AutoEnroll](#cfn-pcaconnectorad-templategroupaccesscontrolentry-accessrights-autoenroll): {{String}} [Enroll](#cfn-pcaconnectorad-templategroupaccesscontrolentry-accessrights-enroll): {{String}} ``` ## Properties `AutoEnroll` Allow or deny an Active Directory group from autoenrolling certificates issued against a template. The Active Directory group must be allowed to enroll to allow autoenrollment *Required*: No *Type*: String *Allowed values*: `ALLOW | DENY` *Update requires*: [No interruption](https://docs.amazonaws.cn/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Enroll` Allow or deny an Active Directory group from enrolling certificates issued against a template. *Required*: No *Type*: String *Allowed values*: `ALLOW | DENY` *Update requires*: [No interruption](https://docs.amazonaws.cn/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)