This page describes how to manage an existing access policy. You can:
Get the name and etag of an access policy
Console
The Cloud Console does not currently support managing
access policies. If you want to manage your access policy, you must
use the gcloud
command-line tool or the API.
gcloud
To get the name of your access policy, use the list
command. The access policy name is required for all access level commands
for the gcloud
command-line tool.
gcloud access-context-manager policies list \ --organization ORGANIZATION_ID
Where:
- ORGANIZATION_ID is the numeric ID of your organization.
You should see output similar to:
NAME ORGANIZATION TITLE ETAG 1034095178592 511928527926 Corp Policy 10bc3c76ca809ab2
API
To get the name of your access policy, call accessPolicies.list
.
GET https://accesscontextmanager.googleapis.com/v1/accessPolicies
Request body
The request body must be empty.
Response body
If successful, the response body will look similar to:
{ "accessPolicies": [ { object(AccessPolicy) } ], "nextPageToken": string }
Where:
accessPolicies
is a list ofAccessPolicy
objects.
Set the default access policy for the gcloud
command-line tool
When using the gcloud
command-line tool, you can set a default access policy. When
you set a default policy, you no longer need to specify a policy each time you
use an Access Context Manager command.
To set a default access policy, use the config
command.
gcloud config set access_context_manager/policy POLICY_NAME
Where:
- POLICY_NAME is the numeric name of your access policy.
Describe an access policy
Console
The Cloud Console does not currently support managing
access policies. If you want to manage your access policy, you must
use the gcloud
command-line tool or the API.
gcloud
To describe your access policy, use the describe
command.
gcloud access-context-manager policies describe POLICY_NAME
Where:
- POLICY_NAME is the numeric name of your policy.
You should see output similar to:
name: accessPolicies/1034095178592 parent: organizations/511928527926 title: Corp Policy
API
To describe your access policy, call accessPolicies.get
GET https://accesscontextmanager.googleapis.com/v1/accessPolicies/POLICY_NAME
Where:
- POLICY_NAME is the numeric name of your policy.
Request body
The request body must be empty.
Response body
If successful, the response body contains an
AccessPolicy
object.
Update an access policy
Console
The Cloud Console does not currently support managing
access policies. If you want to manage your access policy, you must
use the gcloud
command-line tool or the API.
gcloud
To update your access policy, use the update
command. Currently, you can change only the title of the policy.
gcloud access-context-manager policies update POLICY_NAME \ --title=POLICY_TITLE
Where:
POLICY_NAME is the numeric name of your policy.
POLICY_TITLE is a human-readable title for your policy.
You should see output similar to:
Waiting for PATCH operation [accessPolicies/POLICY_NAME/update/1542234231134882]...done.
API
Currently, you can change only the title of your access policy.
To update your policy:
Craft a request body.
{ "parent": "ORGANIZATION_ID", "title": "POLICY_TITLE" }
Where:
ORGANIZATION_ID is the numeric ID of your organization.
POLICY_TITLE is a human-readable title for your policy.
Call
accessPolicies.patch
.PATCH https://accesscontextmanager.googleapis.com/v1/accessPolicies/POLICY_NAME/UPDATE_MASK
Where:
POLICY_NAME is the numeric name of your policy.
UPDATE_MASK is a string that represents the value you want to update. For example,
title
.
Response body
If successful, the response body for the call contains an
Operation
resource that provides details about thePATCH
operation.
Delete an access policy
Console
The Cloud Console does not currently support managing
access policies. If you want to manage your access policy, you must
use the gcloud
command-line tool or the API.
gcloud
To delete an access policy:
Use the
delete
command.gcloud access-context-manager policies delete POLICY_NAME
Where:
- POLICY_NAME is the numeric name of your policy.
Confirm that you want to delete the access policy.
For example:
You are about to delete policy [POLICY_NAME] Do you want to continue (Y/n)?
You should see output similar to the following:
Deleted policy [1034095178592].
API
To delete your access policy, call accessPolicies.delete
.
DELETE https://accesscontextmanager.googleapis.com/v1/accessPolicies/POLICY_NAME
Where:
- POLICY_NAME is the numeric name of your policy.
Request body
The request body must be empty.
Response body
If successful, the response body for the call contains an
Operation
resource that provides details about the
DELETE
operation.