REST Resource: organizations.gcpUserAccessBindings

Resource: GcpUserAccessBinding

Restricts access to Cloud Console and Google Cloud APIs for a set of users using Context-Aware Access.

JSON representation
{
  "name": string,
  "groupKey": string,
  "accessLevels": [
    string
  ],
  "dryRunAccessLevels": [
    string
  ],
  "restrictedClientApplications": [
    {
      object (Application)
    }
  ]
}
Fields
name

string

Immutable. Assigned by the server during creation. The last segment has an arbitrary length and has only URI unreserved characters (as defined by RFC 3986 Section 2.3). Should not be specified by the client during creation. Example: "organizations/256/gcpUserAccessBindings/b3-BhcX_Ud5N"

groupKey

string

Required. Immutable. Google Group id whose members are subject to this binding's restrictions. See "id" in the G Suite Directory API's Groups resource. If a group's email address/alias is changed, this resource will continue to point at the changed group. This field does not accept group email addresses or aliases. Example: "01d520gv4vjcrht"

accessLevels[]

string

Optional. Access level that a user must have to be granted access. Only one access level is supported, not multiple. This repeated field must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"

dryRunAccessLevels[]

string

Optional. Dry run access level that will be evaluated but will not be enforced. The access denial based on dry run policy will be logged. Only one access level is supported, not multiple. This list must have exactly one element. Example: "accessPolicies/9522/accessLevels/device_trusted"

restrictedClientApplications[]

object (Application)

Optional. A list of applications that are subject to this binding's restrictions. If the list is empty, the binding restrictions will universally apply to all applications.

Application

An application that accesses Google Cloud APIs.

JSON representation
{

  // Union field identifier can be only one of the following:
  "clientId": string,
  "name": string
  // End of list of possible types for union field identifier.
}
Fields
Union field identifier. An identifier of the application. identifier can be only one of the following:
clientId

string

The OAuth client ID of the application.

name

string

The name of the application. Example: "Cloud Console"

Methods

create

Creates a GcpUserAccessBinding.

delete

Deletes a GcpUserAccessBinding.

get

Gets the GcpUserAccessBinding with the given name.

list

Lists all GcpUserAccessBindings for a Google Cloud organization.

patch

Updates a GcpUserAccessBinding.