Mantieni tutto organizzato con le raccolte
Salva e classifica i contenuti in base alle tue preferenze.
L'esempio seguente include tutti gli attributi che possono essere specificati quando crei un file .yaml per un livello di accesso. Un file .yaml è necessario solo se crei o modifichi un livello di accesso utilizzando lo strumento a riga di comando gcloud.
Sebbene sia possibile includere le identità nell'attributo members, Google sconsiglia di farlo. Consulta identities in Regole di ingresso e uscita per scoprire come consentire ai perimetri di comunicare tra loro.
# Attributes can be included in any order in the condition-devicePolicy:# Must include at least one of the following:allowedEncryptionStatuses:# Must include at least one of the following:-ENCRYPTION_UNSUPPORTED-ENCRYPTED-UNENCRYPTEDosConstraints:# Must include at least one of the following:-osType:DESKTOP_CHROME_OSminimumVersion:11316.165.0# minimumVersion must be formatted as x.x.xrequireVerifiedChromeOs:true-osType:DESKTOP_MAC-osType:DESKTOP_WINDOWS# minimumVersion is not requiredrequireScreenlock:true# requireScreenlock defaults to false if not includedrequireAdminApproval:true# requireAdminApproval defaults to false if not includedrequireCorpOwned:true# requireCorpOwned defaults to false if not includedipSubnetworks:# Must include one or more IPv4 and IPv6 CIDRs-252.0.2.0/24-2001:db8::/32regions:# Must include one or more regions as ISO 3166-1 alpha-2 codes-US-CH-SGrequiredAccessLevels:# Must include one or more existing access levels# Must be formatted as accessPolicies/policy-name/accessLevels/level-name-accessPolicies/247332951433/accessLevels/Device_Trustmembers:# Must include one or more valid IAM users or service accounts-user:exampleuser@example.com-serviceAccount:exampleaccount@example.iam.gserviceaccount.com
negate:true# negate is not required and can only be included with other attributes# If negate is included, none of the attributes included in the condition# can be true for the condition to be met.# You can include more than one condition in the .yaml file-ipSubnetworks:-176.0.2.0/24
[[["Facile da capire","easyToUnderstand","thumb-up"],["Il problema è stato risolto","solvedMyProblem","thumb-up"],["Altra","otherUp","thumb-up"]],[["Difficile da capire","hardToUnderstand","thumb-down"],["Informazioni o codice di esempio errati","incorrectInformationOrSampleCode","thumb-down"],["Mancano le informazioni o gli esempi di cui ho bisogno","missingTheInformationSamplesINeed","thumb-down"],["Problema di traduzione","translationIssue","thumb-down"],["Altra","otherDown","thumb-down"]],["Ultimo aggiornamento 2025-08-18 UTC."],[[["\u003cp\u003eA \u003ccode\u003e.yaml\u003c/code\u003e file is required when creating or modifying access levels using the \u003ccode\u003egcloud\u003c/code\u003e command-line tool.\u003c/p\u003e\n"],["\u003cp\u003eConditions within the \u003ccode\u003e.yaml\u003c/code\u003e file must include at least one attribute, which can be combined with others using AND or NAND operations.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003edevicePolicy\u003c/code\u003e attribute requires at least one allowed encryption status and one os constraint, and can optionally include requirements such as screen lock, admin approval, and corporate ownership.\u003c/p\u003e\n"],["\u003cp\u003eOther attributes that can be specified include \u003ccode\u003eipSubnetworks\u003c/code\u003e, \u003ccode\u003eregions\u003c/code\u003e, and \u003ccode\u003erequiredAccessLevels\u003c/code\u003e.\u003c/p\u003e\n"],["\u003cp\u003eWhile \u003ccode\u003emembers\u003c/code\u003e can include identities, it is recommended to refer to ingress and egress rules for perimeter communication; you can use the \u003ccode\u003enegate\u003c/code\u003e attribute to invert the condition's requirement.\u003c/p\u003e\n"]]],[],null,[]]
