Creating an access policy

This page describes how to create an access policy for your organization.

Before you begin

Ensure you have the correct permissions to use Access Context Manager.

Create an access policy

Console

When you create an access level or VPC Service Controls service perimeter, a default access policy is created automatically. No additional manual steps are required.

gcloud

To create an access policy, use the create command.

gcloud access-context-manager policies create \
--organization ORGANIZATION_ID --title POLICY_TITLE

Where:

ORGANIZATION_ID is the numeric ID of your organization.
POLICY_TITLE is a human-readable title for your policy.

You should see output similar to the following (where POLICY_NAME is a unique numeric identifier for the policy assigned by GCP):

Create request issued
Waiting for operation [accessPolicies/POLICY_NAME/create/1521580097614100] to complete...done.
Created.

Next, set your default policy.

API

To create an access policy:

Craft a request body.
```
{
 "parent": "ORGANIZATION_ID",
 "title": "POLICY_TITLE"
}
```
Where:
- ORGANIZATION_ID is the numeric ID of your organization.
- POLICY_TITLE is a human-readable title for your policy.

Create the access policy by calling accessPolicies.create.

POST https://accesscontextmanager.googleapis.com/v1/accessPolicies

Response body

If successful, the response body for the call contains an Operation resource that provides details about the POST operation.