public sealed class AccessPolicy : IMessage<AccessPolicy>, IEquatable<AccessPolicy>, IDeepCloneable<AccessPolicy>, IBufferMessage, IMessage
Reference documentation and code samples for the Identity Access Context Manager v1 API class AccessPolicy.
AccessPolicy
is a container for AccessLevels
(which define the necessary
attributes to use Google Cloud services) and ServicePerimeters
(which
define regions of services able to freely pass data within a perimeter). An
access policy is globally visible within an organization, and the
restrictions it specifies apply to all projects within an organization.
Implements
IMessageAccessPolicy, IEquatableAccessPolicy, IDeepCloneableAccessPolicy, IBufferMessage, IMessageNamespace
Google.Identity.AccessContextManager.V1Assembly
Google.Identity.AccessContextManager.V1.dll
Constructors
AccessPolicy()
public AccessPolicy()
AccessPolicy(AccessPolicy)
public AccessPolicy(AccessPolicy other)
Parameter | |
---|---|
Name | Description |
other |
AccessPolicy |
Properties
AccessPolicyName
public AccessPolicyName AccessPolicyName { get; set; }
AccessPolicyName-typed view over the Name resource name property.
Property Value | |
---|---|
Type | Description |
AccessPolicyName |
CreateTime
public Timestamp CreateTime { get; set; }
Output only. Time the AccessPolicy
was created in UTC.
Property Value | |
---|---|
Type | Description |
Timestamp |
Etag
public string Etag { get; set; }
Output only. An opaque identifier for the current version of the
AccessPolicy
. This will always be a strongly validated etag, meaning that
two Access Polices will be identical if and only if their etags are
identical. Clients should not expect this to be in any specific format.
Property Value | |
---|---|
Type | Description |
string |
Name
public string Name { get; set; }
Output only. Resource name of the AccessPolicy
. Format:
accessPolicies/{access_policy}
Property Value | |
---|---|
Type | Description |
string |
Parent
public string Parent { get; set; }
Required. The parent of this AccessPolicy
in the Cloud Resource
Hierarchy. Currently immutable once created. Format:
organizations/{organization_id}
Property Value | |
---|---|
Type | Description |
string |
Scopes
public RepeatedField<string> Scopes { get; }
The scopes of a policy define which resources an ACM policy can restrict, and where ACM resources can be referenced. For example, a policy with scopes=["folders/123"] has the following behavior:
- vpcsc perimeters can only restrict projects within folders/123
- access levels can only be referenced by resources within folders/123.
If empty, there are no limitations on which resources can be restricted by
an ACM policy, and there are no limitations on where ACM resources can be
referenced.
Only one policy can include a given scope (attempting to create a second
policy which includes "folders/123" will result in an error).
Currently, scopes cannot be modified after a policy is created.
Currently, policies can only have a single scope.
Format: list of
folders/{folder_number}
orprojects/{project_number}
Property Value | |
---|---|
Type | Description |
RepeatedFieldstring |
Title
public string Title { get; set; }
Required. Human readable title. Does not affect behavior.
Property Value | |
---|---|
Type | Description |
string |
UpdateTime
public Timestamp UpdateTime { get; set; }
Output only. Time the AccessPolicy
was updated in UTC.
Property Value | |
---|---|
Type | Description |
Timestamp |