REST Resource: projects.locations.instances.dataAccessScopes

Resource: DataAccessScope

A DataAccessScope is a boolean expression of data access labels used to restrict access to data for users.

JSON representation 
{
  "name": string,
  "allowed_data_access_labels": [
    {
      object (DataAccessLabelReference)
    }
  ],
  "denied_data_access_labels": [
    {
      object (DataAccessLabelReference)
    }
  ],
  "display_name": string,
  "create_time": string,
  "update_time": string,
  "author": string,
  "last_editor": string,
  "description": string
}
Fields
name

string

Required. The unique full name of the data access scope. The name should comply with https://google.aip.dev/122 standards.
allowed_data_access_labels[]

object (DataAccessLabelReference)

Required. The allowed labels for the scope. There has to be at least one label allowed for the scope to be valid. The logical operator for evaluation of the allowed labels is OR. E.g.: A customer with scope with allowed labels A and B will be able to see data with labeled with A or B or (A and B).
denied_data_access_labels[]

object (DataAccessLabelReference)

Optional. The denied labels for the scope. The logical operator for evaluation of the denied labels is AND. E.g.: A customer with scope with denied labels A and B won't be able to see data labeled with A and data labeled with B and data with labels A and B.
display_name

string

Output only. The name to be used for display to customers of the data access scope.
create_time

string (Timestamp format)

Output only. The time at which the data access scope was created.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
update_time

string (Timestamp format)

Output only. The time at which the data access scope was last updated.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
author

string

Output only. The user who created the data access scope.
last_editor

string

Output only. The user who last updated the data access scope.
description

string

Optional. A description of the data access scope for a human reader.

DataAccessLabelReference

Reference object to a data access label.

JSON representation 
{
  "display_name": string,

  // Union field label can be only one of the following:
  "data_access_label": string,
  "log_type": string,
  "asset_namespace": string,
  "ingestion_label": {
    object (IngestionLabel)
  }
  // End of list of possible types for union field label.
}
Fields
display_name

string

Output only. The display name of the label. Data access label and log types's name will match the display name of the resource. The asset namespace will match the namespace itself. The ingestion key value pair will match the key of the tuple.
Union field label. The unique identifier for the label. label can be only one of the following:
data_access_label

string

The name of the data access label.
log_type

string

The name of the log type.
asset_namespace

string

The asset namespace configured in the forwarder of the customer's events.
ingestion_label

object (IngestionLabel)

The ingestion label configured in the forwarder of the customer's events.

IngestionLabel

Representation of an ingestion label type.

JSON representation 
{
  "ingestion_label_key": string,
  "ingestion_label_value": string
}
Fields
ingestion_label_key

string

Required. The key of the ingestion label. Always required.
ingestion_label_value

string

Optional. The value of the ingestion label. Optional. An object with no provided value and some key provided would match against the given key and ANY value.

Methods

create

 Creates a data access scope.

delete

 Deletes a data access scope.

get

 Retrieves an existing data access scope.

list

 Lists all existing data access scopes for the customer.

patch

 Updates a data access scope.