The Access Context Manager date and time restriction feature gives enterprises the ability to set access controls based on the date and time.
When evaluating zero-trust access, it is often necessary to restrict user access to resources to specific days and times. For example, shift workers may only be allowed to access company resources during their shift hours, or users may be given temporary access between a particular time of the day.
To apply the time and day access level condition, use the functions listed in the following table. The format of the functions is function(timezone)
.
You can specify timezone
as UTC, fixed time zones which are explicit hour and minute offsets from UTC, or as long timezone
names like Europe/Paris
, CET
, or US/Central
. For a complete listing, see the Timezone section of the Common Express Language definition.
If you don't specify a 'timezone', the expression defaults to UTC.
Function | Description | Example |
---|---|---|
getFullYear |
Retrieve the number that represents the current year, such as 2020. | Is the year 2020? request.time.getFullYear("America/Los_Angeles") == 2020
|
getMonth |
Retrieve the month of the year. The month values range from 0 to 11, where 0 == January and 11 == December. | Is the month January? request.time.getMonth("America/Los_Angeles") == 1
|
getDate |
Retrieve the date of the month. The date values range from 1 to 31, where 1 is the first of the month, and 31 is the 31st of the month. |
Is it the first of the month? request.time.getDate("America/Los_Angeles") == 1
|
getDayOfMonth |
Retrieve the day of the month. The day values range from 0 to 30, where 0 is the first of the month, and 30 is the 31st of the month. | Is it the first of the month? request.time.getDayOfMonth("America/Los_Angeles") == 0 |
getDayOfWeek |
Retrieve the day of the week. The day values range from 0 to 6, where 0 is Sunday, and 6 is Saturday. | Is it Monday? request.time.getDayOfWeek("America/Los_Angeles") == 1 |
getDayOfYear |
Retrieve the day of the year. The day values range from 0 to 365, where 0 is the first day of the year, and 365 is the 366th day of the year. |
Is it the first day of the year? request.time.getDayOfYear("America/Los_Angeles") == 0
|
getHours |
Retrieve the hour of the day. The hour values range from 0 to 23, where 0 is midnight and 23 is 11 PM. |
Is it 7 PM? request.time.getHours("America/Los_Angeles") == 19 |
getMinutes |
Retrieve the minute of the hour. The minute values range from 0 to 59, where 0 is the first minute and 59 is the last minute of the hour. |
Is it 7:30 PM? request.time.getHours("America/Los_Angeles") == 19 && request.time.getMinutes("America/Los_Angeles") == 30 |
date |
Return the timestamp representing the date normalized to midnight UTC. | Current time in UTC. request.time.date()
|
date(tz string) |
Return the timestamp representing the date normalized to midnight relative to the TimeZone string <tz>. | Current time in Pacific time.
|
timeOfDay |
Return the google.type.TimeOfDay associated with the timestamp in UTC. |
Current time of day in UTC, such as '09:30:00' request.time.timeOfDay() |
timeOfDay(tz string) |
Return the google.type.TimeOfDay associated with the timestamp and relative to the TimeZone string <tz>. | Current time of day in pacific time, such as '09:30:00' request.time.timeOfDay('America/Los_Angeles') |
between(start, stop) (for timestamp) |
For a given timestamp, return 'Start' and 'stop' can be | Is the current timestamp, in PST, between Jan 10, 2020 00:00 (inclusive) and Jan 11, 2020 00:00 (exclusive)? request.time.date('08:00')
.between('2020-10-01T00:00:00+08:00', '2020-10-01T00:00:00+08:00')
|
between(start, stop string) (for TimeOfDay) |
For a given type.TimeOfDay or string, which will be converted to type.TimeOfDay .
|
Is the current time of day, in Pacific time, between 09:30 AM (inclusive) and 05:30 PM (exclusive)? request.time.timeOfDay('America/Los_Angeles').between('09:30:00', '17:30:00')
|
The following table contains examples of how to use time and date restrictions:
Example Policy | Expression |
---|---|
Allow shift workers to access resources from Monday to Friday between 9 AM to 5 PM, except for July fourth. | Option 1: request.time.getDayOfWeek("America/Los_Angeles") >= 1 && request.time.getDayOfWeek("America/Los_Angeles") <= 5 && request.time.getHours("America/Los_Angeles") >= 9 && request.time.getHours("America/Los_Angeles") <= 17 && !(request.time.getMonth("America/Los_Angeles") == 6 && request.time.getDayOfMonth("America/Los_Angeles") == 3)
Option 2:
|
Allow temporary access to resources on March 1, 2020, between 10 PM to midnight. | Option 1: Option 2:
|
Following are some example expressions that use some of the functions to capture specific time ranges:
Express the range during business hours
The date-time format is 'HH:MM:SS' and follows the RFC 3339 standard.
request.time.timeOfDay('America/Los_Angeles').between('09:30:00', '17:30:00')
request.time.date('America/Los_Angeles')
.between('01-10-2020T00:00:00+08:00', '01-11-2020T00:00:00-07:00')
Express specific days of the month, first week
(Note support for alternative timezone format)
request.time.getDayOfMonth('America/Los_Angeles') < 7
Express specific date ranges, yearly
For example, for quarterly reporting.
request.time.date('Asia/Hong_Kong').between(
request.time.getFullYear('08:00') + '-12-15T00:00:00+08:00',
request.time.getFullYear('08:00')+1 + '-01-01T00:00:00+08:00')