REST Resource: projects.locations.entitlements.grants

Resource: Grant

A grant represents a request from a user for obtaining the access specified in an entitlement they are eligible for.

JSON representation
{
  "name": string,
  "createTime": string,
  "updateTime": string,
  "requester": string,
  "requestedDuration": string,
  "justification": {
    object (Justification)
  },
  "state": enum (State),
  "timeline": {
    object (Timeline)
  },
  "privilegedAccess": {
    object (PrivilegedAccess)
  },
  "auditTrail": {
    object (AuditTrail)
  },
  "additionalEmailRecipients": [
    string
  ],
  "externallyModified": boolean
}
Fields
name

string

Identifier. Name of this grant. Possible formats:

  • organizations/{organization-number}/locations/{region}/entitlements/{entitlement-id}/grants/{grant-id}
  • folders/{folder-number}/locations/{region}/entitlements/{entitlement-id}/grants/{grant-id}
  • projects/{project-id|project-number}/locations/{region}/entitlements/{entitlement-id}/grants/{grant-id}

The last segment of this name ({grant-id}) is autogenerated.

createTime

string (Timestamp format)

Output only. Create time stamp.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

updateTime

string (Timestamp format)

Output only. Update time stamp.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

requester

string

Output only. Username of the user who created this grant.

requestedDuration

string (Duration format)

Required. The amount of time access is needed for. This value should be less than the maxRequestDuration value of the entitlement.

A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".

justification

object (Justification)

Optional. Justification of why this access is needed.

state

enum (State)

Output only. Current state of this grant.

timeline

object (Timeline)

Output only. Timeline of this grant.

privilegedAccess

object (PrivilegedAccess)

Output only. The access that would be granted by this grant.

auditTrail

object (AuditTrail)

Output only. Audit trail of access provided by this grant. If unspecified then access was never granted.

additionalEmailRecipients[]

string

Optional. Additional email addresses to notify for all the actions performed on the grant.

externallyModified

boolean

Output only. Flag set by the PAM system to indicate that policy bindings made by this grant have been modified from outside PAM.

After it is set, this flag remains set forever irrespective of the grant state. A true value here indicates that PAM no longer has any certainty on the access a user has because of this grant.

Methods

approve

ApproveGrant is used to approve a grant.

create

Creates a new grant in a given project/folder/organization and location.

deny

DenyGrant is used to deny a grant.

get

Get details of a single grant.

list

Lists grants for a given entitlement.

revoke

RevokeGrant is used to immediately revoke access for a grant.
SearchGrants returns grants that are related to the calling user in the specified way.