REST Resource: folders.approvalRequests

Resource: ApprovalRequest

A request for the customer to approve access to a resource.

JSON representation 
{
  "name": string,
  "requestedResourceName": string,
  "requestedResourceProperties": {
    object (ResourceProperties)
  },
  "requestedReason": {
    object (AccessReason)
  },
  "requestedLocations": {
    object (AccessLocations)
  },
  "requestTime": string,
  "requestedExpiration": string,

  // Union field decision can be only one of the following:
  "approve": {
    object (ApproveDecision)
  },
  "dismiss": {
    object (DismissDecision)
  }
  // End of list of possible types for union field decision.
}
Fields
name

string

The resource name of the request. Format is "{projects|folders|organizations}/{id}/approvalRequests/{approval_request}".
requestedResourceName

string

The resource for which approval is being requested. The format of the resource name is defined at https://cloud.google.com/apis/design/resource_names. The resource name here may either be a "full" resource name (e.g. "//library.googleapis.com/shelves/shelf1/books/book2") or a "relative" resource name (e.g. "shelves/shelf1/books/book2") as described in the resource name specification.
requestedResourceProperties

object (ResourceProperties)

Properties related to the resource represented by requestedResourceName.
requestedReason

object (AccessReason)

The justification for which approval is being requested.
requestedLocations

object (AccessLocations)

The locations for which approval is being requested.
requestTime

string (Timestamp format)

The time at which approval was requested.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
requestedExpiration

string (Timestamp format)

The requested expiration for the approval. If the request is approved, access will be granted from the time of approval until the expiration time.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
Union field decision. The current decision on the approval request. decision can be only one of the following:
approve

object (ApproveDecision)

Access was approved.
dismiss

object (DismissDecision)

The request was dismissed.

ResourceProperties

The properties associated with the resource of the request.

JSON representation 
{
  "excludesDescendants": boolean
}
Fields
excludesDescendants

boolean

Whether an approval will exclude the descendants of the resource being requested.

AccessReason

JSON representation 
{
  "type": enum (Type),
  "detail": string
}
Fields
type

enum (Type)

Type of access justification.
detail

string

More detail about certain reason types. See comments for each type above.

Type

Type of access justification.

Enums
TYPE_UNSPECIFIED Default value for proto, shouldn't be used.
CUSTOMER_INITIATED_SUPPORT

Customer made a request or raised an issue that required the principal to access customer data. detail is of the form ("#####" is the issue ID):

  • "Feedback Report: #####"
  • "Case Number: #####"
  • "Case ID: #####"
  • "E-PIN Reference: #####"
  • "Google-#####"
  • "T-#####"
GOOGLE_INITIATED_SERVICE The principal accessed customer data in order to diagnose or resolve a suspected issue in services. Often this access is used to confirm that customers are not affected by a suspected service issue or to remediate a reversible system issue.
GOOGLE_INITIATED_REVIEW Google initiated service for security, fraud, abuse, or compliance purposes.
THIRD_PARTY_DATA_REQUEST The principal was compelled to access customer data in order to respond to a legal third party data request or process, including legal processes from customers themselves.
GOOGLE_RESPONSE_TO_PRODUCTION_ALERT The principal accessed customer data in order to diagnose or resolve a suspected issue in services or a known outage.

AccessLocations

Home office and physical location of the principal.

JSON representation 
{
  "principalOfficeCountry": string,
  "principalPhysicalLocationCountry": string
}
Fields
principalOfficeCountry

string

The "home office" location of the principal. A two-letter country code (ISO 3166-1 alpha-2), such as "US", "DE" or "GB" or a region code. In some limited situations Google systems may refer refer to a region code instead of a country code. Possible Region Codes:

  • ASI: Asia
  • EUR: Europe
  • OCE: Oceania
  • AFR: Africa
  • NAM: North America
  • SAM: South America
  • ANT: Antarctica
  • ANY: Any location
principalPhysicalLocationCountry

string

Physical location of the principal at the time of the access. A two-letter country code (ISO 3166-1 alpha-2), such as "US", "DE" or "GB" or a region code. In some limited situations Google systems may refer refer to a region code instead of a country code. Possible Region Codes:

  • ASI: Asia
  • EUR: Europe
  • OCE: Oceania
  • AFR: Africa
  • NAM: North America
  • SAM: South America
  • ANT: Antarctica
  • ANY: Any location

ApproveDecision

A decision that has been made to approve access to a resource.

JSON representation 
{
  "approveTime": string,
  "expireTime": string,
  "invalidateTime": string,
  "signatureInfo": {
    object (SignatureInfo)
  },
  "autoApproved": boolean
}
Fields
approveTime

string (Timestamp format)

The time at which approval was granted.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
expireTime

string (Timestamp format)

The time at which the approval expires.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
invalidateTime

string (Timestamp format)

If set, denotes the timestamp at which the approval is invalidated.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
signatureInfo

object (SignatureInfo)

The signature for the ApprovalRequest and details on how it was signed.
autoApproved

boolean

True when the request has been auto-approved.

SignatureInfo

Information about the digital signature of the resource.

JSON representation 
{
  "signature": string,

  // Union field verification_info can be only one of the following:
  "googlePublicKeyPem": string,
  "customerKmsKeyVersion": string
  // End of list of possible types for union field verification_info.
}
Fields
signature

string (bytes format)

The digital signature.

A base64-encoded string.
Union field verification_info. How this signature may be verified. verification_info can be only one of the following:
googlePublicKeyPem

string

The public key for the Google default signing, encoded in PEM format. The signature was created using a private key which may be verified using this public key.
customerKmsKeyVersion

string

The resource name of the customer CryptoKeyVersion used for signing.

DismissDecision

A decision that has been made to dismiss an approval request.

JSON representation 
{
  "dismissTime": string,
  "implicit": boolean
}
Fields
dismissTime

string (Timestamp format)

The time at which the approval request was dismissed.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
implicit

boolean

This field will be true if the ApprovalRequest was implicitly dismissed due to inaction by the access approval approvers (the request is not acted on by the approvers before the exiration time).

Methods

approve

 Approves a request and returns the updated ApprovalRequest.

dismiss

 Dismisses a request.

get

 Gets an approval request.

invalidate

 Invalidates an existing ApprovalRequest.

list

 Lists approval requests associated with a project, folder, or organization.