Resource: Policy
Data for an IAM policy.
JSON representation |
---|
{
"name": string,
"uid": string,
"kind": string,
"displayName": string,
"annotations": {
string: string,
...
},
"etag": string,
"createTime": string,
"updateTime": string,
"deleteTime": string,
"rules": [
{
object ( |
Fields | |
---|---|
name |
Immutable. The resource name of the The attachment point is identified by its URL-encoded full resource name, which means that the forward-slash character, For organizations and folders, use the numeric ID in the full resource name. For projects, requests can use the alphanumeric or the numeric ID. Responses always contain the numeric ID. |
uid |
Immutable. The globally unique ID of the |
kind |
Output only. The kind of the |
display |
A user-specified description of the |
annotations |
A key-value map to store arbitrary metadata for the An object containing a list of |
etag |
An opaque tag that identifies the current version of the If this field is present in a |
create |
Output only. The time when the A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
update |
Output only. The time when the A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
delete |
Output only. The time when the A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
rules[] |
A list of rules that specify the behavior of the |
PolicyRule
A single rule in a Policy
.
JSON representation |
---|
{ "description": string, // Union field |
Fields | |
---|---|
description |
A user-specified description of the rule. This value can be up to 256 characters. |
Union field
|
|
deny |
A rule for a deny policy. |
DenyRule
A deny rule in an IAM deny policy.
JSON representation |
---|
{
"deniedPrincipals": [
string
],
"exceptionPrincipals": [
string
],
"deniedPermissions": [
string
],
"exceptionPermissions": [
string
],
"denialCondition": {
object ( |
Fields | |
---|---|
denied |
The identities that are prevented from using one or more permissions on Google Cloud resources. This field can contain the following values:
|
exception |
The identities that are excluded from the deny rule, even if they are listed in the This field can contain the same values as the |
denied |
The permissions that are explicitly denied by this rule. Each permission uses the format |
exception |
Specifies the permissions that this rule excludes from the set of denied permissions given by The excluded permissions can be specified using the same syntax as |
denial |
The condition that determines whether this deny rule applies to a request. If the condition expression evaluates to Each deny rule is evaluated independently. If this deny rule does not apply to a request, other deny rules might still apply. The condition can use CEL functions that evaluate resource tags. Other functions and operators are not supported. |
Methods |
|
---|---|
|
Creates a policy. |
|
Deletes a policy. |
|
Gets a policy. |
|
Retrieves the policies of the specified kind that are attached to a resource. |
|
Updates the specified policy. |