Defines an Identity and Access Management (IAM) policy. It is used to specify access control policies for Cloud Platform resources.
A Policy
consists of a list of bindings
. A binding
binds a list of members
to a role
, where the members can be user accounts, Google groups, Google domains, and service accounts. A role
is a named list of permissions defined by IAM.
JSON Example
{
"bindings": [
{
"role": "roles/owner",
"members": [
"user:mike@example.com",
"group:admins@example.com",
"domain:google.com",
"serviceAccount:my-other-app@appspot.gserviceaccount.com"
]
},
{
"role": "roles/viewer",
"members": ["user:sean@example.com"]
}
]
}
YAML Example
bindings:
- members:
- user:mike@example.com
- group:admins@example.com
- domain:google.com
- serviceAccount:my-other-app@appspot.gserviceaccount.com
role: roles/owner
- members:
- user:sean@example.com
role: roles/viewer
For a description of IAM and its features, see the IAM developer's guide.
JSON representation | |
---|---|
{ "version": number, "bindings": [ { object( |
Fields | |
---|---|
version |
Deprecated. |
bindings[] |
Associates a list of |
auditConfigs[] |
Specifies cloud audit logging configuration for this policy. |
etag |
If no A base64-encoded string. |