ManagedZones: getiampolicy

Stay organized with collections Save and categorize content based on your preferences.

Gets the access control policy for a resource. Returns an empty policy if the resource exists and does not have a policy set.

Request

HTTP request

POST https://dns.googleapis.com/dns/v1beta2/managedZones/getiampolicy

Authorization

This request requires authorization with at least one of the following scopes:

Scope
https://www.googleapis.com/auth/ndev.clouddns.readonly
https://www.googleapis.com/auth/ndev.clouddns.readwrite
https://www.googleapis.com/auth/cloud-platform
https://www.googleapis.com/auth/cloud-platform.read-only

Request body

In the request body, supply data with the following structure:

{
  "resource": string,
  "options": {
    "requestedPolicyVersion": integer
  }
}
Property name Value Description Notes
resource string
options nested object
options.requestedPolicyVersion integer

Response

If successful, this method returns a response body with the following structure:

{
  "version": integer,
  "bindings": [
    {
      "role": string,
      "members": [
        string
      ],
      "condition": {
        "expression": string,
        "title": string,
        "description": string,
        "location": string
      },
      "bindingId": string
    }
  ],
  "auditConfigs": [
    {
      "service": string,
      "auditLogConfigs": [
        {
          "logType": string,
          "exemptedMembers": [
            string
          ],
          "ignoreChildExemptions": boolean
        }
      ]
    }
  ],
  "rules": [
    {
      "description": string,
      "permissions": [
        string
      ],
      "action": string,
      "ins": [
        string
      ],
      "notIns": [
        string
      ],
      "conditions": [
        {
          "iam": string,
          "sys": string,
          "svc": string,
          "op": string,
          "values": [
            string
          ]
        }
      ],
      "logConfigs": [
        {
          "counter": {
            "metric": string,
            "field": string,
            "customFields": [
              {
                "name": string,
                "value": string
              }
            ]
          },
          "dataAccess": {
            "logMode": string
          },
          "cloudAudit": {
            "logName": string,
            "authorizationLoggingOptions": {
              "permissionType": string
            }
          }
        }
      ]
    }
  ],
  "etag": bytes
}
Property name Value Description Notes
version integer
bindings[] list
bindings[].role string
bindings[].members[] list
bindings[].condition nested object
bindings[].condition.expression string
bindings[].condition.title string
bindings[].condition.description string
bindings[].condition.location string
bindings[].bindingId string
auditConfigs[] list
auditConfigs[].service string
auditConfigs[].auditLogConfigs[] list
auditConfigs[].auditLogConfigs[].logType string

Acceptable values are:
  • "adminRead"
  • "dataRead"
  • "dataWrite"
  • "logTypeUnspecified"
auditConfigs[].auditLogConfigs[].exemptedMembers[] list
auditConfigs[].auditLogConfigs[].ignoreChildExemptions boolean
rules[] list
rules[].description string
rules[].permissions[] list
rules[].action string

Acceptable values are:
  • "allow"
  • "allowWithLog"
  • "deny"
  • "denyWithLog"
  • "log"
  • "noAction"
rules[].ins[] list
rules[].notIns[] list
rules[].conditions[] list
rules[].conditions[].iam string

Acceptable values are:
  • "approver"
  • "attribution"
  • "authority"
  • "credentialsType"
  • "credsAssertion"
  • "justificationType"
  • "noAttr"
  • "securityRealm"
rules[].conditions[].sys string

Acceptable values are:
  • "ip"
  • "name"
  • "noAttr"
  • "region"
  • "service"
rules[].conditions[].svc string
rules[].conditions[].op string

Acceptable values are:
  • "discharged"
  • "equals"
  • "in"
  • "noOp"
  • "notEquals"
  • "notIn"
rules[].conditions[].values[] list
rules[].logConfigs[] list
rules[].logConfigs[].counter nested object
rules[].logConfigs[].counter.metric string
rules[].logConfigs[].counter.field string
rules[].logConfigs[].counter.customFields[] list
rules[].logConfigs[].counter.customFields[].name string
rules[].logConfigs[].counter.customFields[].value string
rules[].logConfigs[].dataAccess nested object
rules[].logConfigs[].dataAccess.logMode string

Acceptable values are:
  • "logFailClosed"
  • "logModeUnspecified"
rules[].logConfigs[].cloudAudit nested object
rules[].logConfigs[].cloudAudit.logName string

Acceptable values are:
  • "adminActivity"
  • "dataAccess"
  • "unspecifiedLogName"
rules[].logConfigs[].cloudAudit.authorizationLoggingOptions nested object
rules[].logConfigs[].cloudAudit.authorizationLoggingOptions.permissionType string

Acceptable values are:
  • "adminRead"
  • "adminWrite"
  • "dataRead"
  • "dataWrite"
  • "permissionTypeUnspecified"
etag bytes