public sealed class Access : IMessage<Access>, IEquatable<Access>, IDeepCloneable<Access>, IBufferMessage, IMessage
Reference documentation and code samples for the Google Cloud Security Command Center v1 API class Access.
Represents an access event.
Namespace
Google.Cloud.SecurityCenter.V1Assembly
Google.Cloud.SecurityCenter.V1.dll
Constructors
Access()
public Access()
Access(Access)
public Access(Access other)
Parameter | |
---|---|
Name | Description |
other | Access |
Properties
CallerIp
public string CallerIp { get; set; }
Caller's IP address, such as "1.1.1.1".
Property Value | |
---|---|
Type | Description |
string |
CallerIpGeo
public Geolocation CallerIpGeo { get; set; }
The caller IP's geolocation, which identifies where the call came from.
Property Value | |
---|---|
Type | Description |
Geolocation |
MethodName
public string MethodName { get; set; }
The method that the service account called, e.g. "SetIamPolicy".
Property Value | |
---|---|
Type | Description |
string |
PrincipalEmail
public string PrincipalEmail { get; set; }
Associated email, such as "foo@google.com".
The email address of the authenticated user or a service account acting on
behalf of a third party principal making the request. For third party
identity callers, the principal_subject
field is populated instead of
this field. For privacy reasons, the principal email address is sometimes
redacted. For more information, see Caller identities in audit
logs.
Property Value | |
---|---|
Type | Description |
string |
PrincipalSubject
public string PrincipalSubject { get; set; }
A string that represents the principal_subject that is associated with the
identity. Unlike principal_email
, principal_subject
supports principals
that aren't associated with email addresses, such as third party
principals. For most identities, the format is
principal://iam.googleapis.com/{identity pool name}/subject/{subject}
.
Some GKE identities, such as GKE_WORKLOAD, FREEFORM, and GKE_HUB_WORKLOAD,
still use the legacy format serviceAccount:{identity pool
name}[{subject}]
.
Property Value | |
---|---|
Type | Description |
string |
ServiceAccountDelegationInfo
public RepeatedField<ServiceAccountDelegationInfo> ServiceAccountDelegationInfo { get; }
The identity delegation history of an authenticated service account that
made the request. The serviceAccountDelegationInfo[]
object contains
information about the real authorities that try to access Google Cloud
resources by delegating on a service account. When multiple authorities are
present, they are guaranteed to be sorted based on the original ordering of
the identity delegation events.
Property Value | |
---|---|
Type | Description |
RepeatedFieldServiceAccountDelegationInfo |
ServiceAccountKeyName
public string ServiceAccountKeyName { get; set; }
The name of the service account key that was used to create or exchange credentials when authenticating the service account that made the request. This is a scheme-less URI full resource name. For example:
"//iam.googleapis.com/projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}".
Property Value | |
---|---|
Type | Description |
string |
ServiceName
public string ServiceName { get; set; }
This is the API service that the service account made a call to, e.g. "iam.googleapis.com"
Property Value | |
---|---|
Type | Description |
string |
UserAgentFamily
public string UserAgentFamily { get; set; }
Type of user agent associated with the finding. For example, an operating system shell or an embedded or standalone application.
Property Value | |
---|---|
Type | Description |
string |
UserName
public string UserName { get; set; }
A string that represents a username. The username provided depends on the type of the finding and is likely not an IAM principal. For example, this can be a system username if the finding is related to a virtual machine, or it can be an application login username.
Property Value | |
---|---|
Type | Description |
string |