Access levels define various attributes that are used to filter
requests made to certain resources. The following table lists the
attributes supported by access levels and provides additional details
about each attribute.
When you create or modify an access level using the gcloud command-line tool, you must format
the attributes in YAML. This table includes the YAML syntax for each attribute,
and the valid values. Links to the REST and RPC reference information for each
attribute are also included.
Checks whether a request is coming from one or more IPv4 and/or
IPv6 CIDR blocks that you specify.
You cannot include private IP ranges for this attribute. For
example, 192.168.0.0/16 or
When you specify more than one IP subnetwork, the values you enter are combined using an OR operator when the condition is evaluated. The request has to match any one of the values that you specify in order for the condition to evaluate to true.
A list of one or more IPv4 and/or IPv6 CIDR blocks.
Checks whether a request is coming from a specific user or
This attribute can only be included in conditions when
creating or modifying an access level using the gcloud command-line tool or the
Access Context Manager API. If you created an access level using
Google Cloud Console, either of the methods previously mentioned
can be used to add principals to that access level.
A list of one or more user or service accounts, formatted as:
EMAIL is the email that corresponds to the user
or service account that you want to include in the access