ManagedZones: setiampolicy

Stay organized with collections Save and categorize content based on your preferences.

Sets the access control policy on the specified resource. Replaces any existing policy.

Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors.

Request

HTTP request

POST https://dns.googleapis.com/dns/v1beta2/managedZones/setiampolicy

Authorization

This request requires authorization with at least one of the following scopes:

Scope
https://www.googleapis.com/auth/ndev.clouddns.readwrite
https://www.googleapis.com/auth/cloud-platform

Request body

In the request body, supply data with the following structure:

{
  "resource": string,
  "policy": {
    "version": integer,
    "bindings": [
      {
        "role": string,
        "members": [
          string
        ],
        "condition": {
          "expression": string,
          "title": string,
          "description": string,
          "location": string
        },
        "bindingId": string
      }
    ],
    "auditConfigs": [
      {
        "service": string,
        "auditLogConfigs": [
          {
            "logType": string,
            "exemptedMembers": [
              string
            ],
            "ignoreChildExemptions": boolean
          }
        ]
      }
    ],
    "rules": [
      {
        "description": string,
        "permissions": [
          string
        ],
        "action": string,
        "ins": [
          string
        ],
        "notIns": [
          string
        ],
        "conditions": [
          {
            "iam": string,
            "sys": string,
            "svc": string,
            "op": string,
            "values": [
              string
            ]
          }
        ],
        "logConfigs": [
          {
            "counter": {
              "metric": string,
              "field": string,
              "customFields": [
                {
                  "name": string,
                  "value": string
                }
              ]
            },
            "dataAccess": {
              "logMode": string
            },
            "cloudAudit": {
              "logName": string,
              "authorizationLoggingOptions": {
                "permissionType": string
              }
            }
          }
        ]
      }
    ],
    "etag": bytes
  },
  "updateMask": {
    "paths": [
      string
    ]
  }
}
Property name Value Description Notes
resource string
policy nested object
policy.version integer
policy.bindings[] list
policy.bindings[].role string
policy.bindings[].members[] list
policy.bindings[].condition nested object
policy.bindings[].condition.expression string
policy.bindings[].condition.title string
policy.bindings[].condition.description string
policy.bindings[].condition.location string
policy.bindings[].bindingId string
policy.auditConfigs[] list
policy.auditConfigs[].service string
policy.auditConfigs[].auditLogConfigs[] list
policy.auditConfigs[].auditLogConfigs[].logType string

Acceptable values are:
  • "adminRead"
  • "dataRead"
  • "dataWrite"
  • "logTypeUnspecified"
policy.auditConfigs[].auditLogConfigs[].exemptedMembers[] list
policy.auditConfigs[].auditLogConfigs[].ignoreChildExemptions boolean
policy.rules[] list
policy.rules[].description string
policy.rules[].permissions[] list
policy.rules[].action string

Acceptable values are:
  • "allow"
  • "allowWithLog"
  • "deny"
  • "denyWithLog"
  • "log"
  • "noAction"
policy.rules[].ins[] list
policy.rules[].notIns[] list
policy.rules[].conditions[] list
policy.rules[].conditions[].iam string

Acceptable values are:
  • "approver"
  • "attribution"
  • "authority"
  • "credentialsType"
  • "credsAssertion"
  • "justificationType"
  • "noAttr"
  • "securityRealm"
policy.rules[].conditions[].sys string

Acceptable values are:
  • "ip"
  • "name"
  • "noAttr"
  • "region"
  • "service"
policy.rules[].conditions[].svc string
policy.rules[].conditions[].op string

Acceptable values are:
  • "discharged"
  • "equals"
  • "in"
  • "noOp"
  • "notEquals"
  • "notIn"
policy.rules[].conditions[].values[] list
policy.rules[].logConfigs[] list
policy.rules[].logConfigs[].counter nested object
policy.rules[].logConfigs[].counter.metric string
policy.rules[].logConfigs[].counter.field string
policy.rules[].logConfigs[].counter.customFields[] list
policy.rules[].logConfigs[].counter.customFields[].name string
policy.rules[].logConfigs[].counter.customFields[].value string
policy.rules[].logConfigs[].dataAccess nested object
policy.rules[].logConfigs[].dataAccess.logMode string

Acceptable values are:
  • "logFailClosed"
  • "logModeUnspecified"
policy.rules[].logConfigs[].cloudAudit nested object
policy.rules[].logConfigs[].cloudAudit.logName string

Acceptable values are:
  • "adminActivity"
  • "dataAccess"
  • "unspecifiedLogName"
policy.rules[].logConfigs[].cloudAudit.authorizationLoggingOptions nested object
policy.rules[].logConfigs[].cloudAudit.authorizationLoggingOptions.permissionType string

Acceptable values are:
  • "adminRead"
  • "adminWrite"
  • "dataRead"
  • "dataWrite"
  • "permissionTypeUnspecified"
policy.etag bytes
updateMask nested object
updateMask.paths[] list

Response

If successful, this method returns a response body with the following structure:

{
  "version": integer,
  "bindings": [
    {
      "role": string,
      "members": [
        string
      ],
      "condition": {
        "expression": string,
        "title": string,
        "description": string,
        "location": string
      },
      "bindingId": string
    }
  ],
  "auditConfigs": [
    {
      "service": string,
      "auditLogConfigs": [
        {
          "logType": string,
          "exemptedMembers": [
            string
          ],
          "ignoreChildExemptions": boolean
        }
      ]
    }
  ],
  "rules": [
    {
      "description": string,
      "permissions": [
        string
      ],
      "action": string,
      "ins": [
        string
      ],
      "notIns": [
        string
      ],
      "conditions": [
        {
          "iam": string,
          "sys": string,
          "svc": string,
          "op": string,
          "values": [
            string
          ]
        }
      ],
      "logConfigs": [
        {
          "counter": {
            "metric": string,
            "field": string,
            "customFields": [
              {
                "name": string,
                "value": string
              }
            ]
          },
          "dataAccess": {
            "logMode": string
          },
          "cloudAudit": {
            "logName": string,
            "authorizationLoggingOptions": {
              "permissionType": string
            }
          }
        }
      ]
    }
  ],
  "etag": bytes
}
Property name Value Description Notes
version integer
bindings[] list
bindings[].role string
bindings[].members[] list
bindings[].condition nested object
bindings[].condition.expression string
bindings[].condition.title string
bindings[].condition.description string
bindings[].condition.location string
bindings[].bindingId string
auditConfigs[] list
auditConfigs[].service string
auditConfigs[].auditLogConfigs[] list
auditConfigs[].auditLogConfigs[].logType string

Acceptable values are:
  • "adminRead"
  • "dataRead"
  • "dataWrite"
  • "logTypeUnspecified"
auditConfigs[].auditLogConfigs[].exemptedMembers[] list
auditConfigs[].auditLogConfigs[].ignoreChildExemptions boolean
rules[] list
rules[].description string
rules[].permissions[] list
rules[].action string

Acceptable values are:
  • "allow"
  • "allowWithLog"
  • "deny"
  • "denyWithLog"
  • "log"
  • "noAction"
rules[].ins[] list
rules[].notIns[] list
rules[].conditions[] list
rules[].conditions[].iam string

Acceptable values are:
  • "approver"
  • "attribution"
  • "authority"
  • "credentialsType"
  • "credsAssertion"
  • "justificationType"
  • "noAttr"
  • "securityRealm"
rules[].conditions[].sys string

Acceptable values are:
  • "ip"
  • "name"
  • "noAttr"
  • "region"
  • "service"
rules[].conditions[].svc string
rules[].conditions[].op string

Acceptable values are:
  • "discharged"
  • "equals"
  • "in"
  • "noOp"
  • "notEquals"
  • "notIn"
rules[].conditions[].values[] list
rules[].logConfigs[] list
rules[].logConfigs[].counter nested object
rules[].logConfigs[].counter.metric string
rules[].logConfigs[].counter.field string
rules[].logConfigs[].counter.customFields[] list
rules[].logConfigs[].counter.customFields[].name string
rules[].logConfigs[].counter.customFields[].value string
rules[].logConfigs[].dataAccess nested object
rules[].logConfigs[].dataAccess.logMode string

Acceptable values are:
  • "logFailClosed"
  • "logModeUnspecified"
rules[].logConfigs[].cloudAudit nested object
rules[].logConfigs[].cloudAudit.logName string

Acceptable values are:
  • "adminActivity"
  • "dataAccess"
  • "unspecifiedLogName"
rules[].logConfigs[].cloudAudit.authorizationLoggingOptions nested object
rules[].logConfigs[].cloudAudit.authorizationLoggingOptions.permissionType string

Acceptable values are:
  • "adminRead"
  • "adminWrite"
  • "dataRead"
  • "dataWrite"
  • "permissionTypeUnspecified"
etag bytes