Resource types that accept allow policies

This page lists the resource types on which you can set allow policies.

Select a service to see which of its resource types support allow policies:

Service Resources that accept allow policies
BigQuery   Datasets
Routines
Tables
Identity-Aware Proxy   All web services
Individual web services
Tunnel
Tunnel instances
Tunnel zones
Web service types
Web service versions
Access Context Manager   Access policies
Vertex AI   Entity types
Feature online stores
Feature views
Featurestores
Models
Notebook runtime templates
Analytics Hub   Data exchanges
Listings
Subscriptions
API Gateway   APIs
Configs
Gateways
Apigee   Deployments
Environments
Apigee Registry   APIs
Artifacts
Deployments
Documents
Instances
Runtime
Specs
Versions
App Hub   Applications
Artifact Registry   Repositories
AutoML   Datasets
Locations
Models
Backup and Disaster Recovery   Management servers
Chrome Enterprise Premium   App connections
App connectors
App gateways
Applications
Browser DLP rules
Client connector services
Client gateways
Partner tenants
Proxy configs
Security gateways
BigQuery Connection API   Connections
BigQuery Data Policy   Data policies
Bigtable   Authorized views
Backups
Instances
Tables
Binary Authorization   Attestors
Policy
Cloud Billing   Billing accounts
Cloud Build   Connections
Cloud Deploy   Custom target types
Delivery pipelines
Targets
Cloud Run functions   Functions
Cloud Key Management Service   Crypto keys
EKM config
EKM connections
Import jobs
Key rings
Resource Manager   Folders
Organizations
Projects
Tag keys
Tag values
Cloud Tasks   Queues
Compute Engine   Backend buckets
Backend services
Disks
Firewall policies
Images
Instance templates
Instances
Instant snapshots
Licenses
Machine images
Network attachments
Network firewall policies
Node groups
Node templates
Region backend services
Region disks
Region instant snapshots
Region network firewall policies
Reservations
Resource policies
Service attachments
Snapshots
Storage pools
Subnetworks
Cloud Config Manager API   Deployments
Conversational Insights   Authorized views
Artifact Analysis   Notes
Occurrences
Data Catalog   Entry groups
Policy tags
Tag templates
Taxonomies
Dataform   Collections
Comment threads
Comments
Repositories
Workspaces
Cloud Data Fusion   Instances
Database Migration Service   Connection profiles
Conversion workspaces
Migration jobs
Objects
Private connections
Dataplex   Aspect types
Assets
Attributes
Categories
Content
Content items
Data attribute bindings
Data scans
Data taxonomies
Encryption configs
Entry groups
Entry link types
Entry types
Environments
Glossaries
Governance rules
Lakes
Tasks
Terms
Zones
Dataproc   Autoscaling policies
Clusters
Jobs
Operations
Workflow templates
Cloud Deployment Manager   Deployments
Cloud DNS   Managed zones
Cloud Domains   Registrations
Eventarc   Channel connections
Channels
Enrollments
Google API sources
Message buses
Pipelines
Triggers
Backup for GKE   Backup plans
Backups
Restore plans
Restores
Volume backups
Volume restores
GKE Hub   Features
Memberships
Scopes
Google Distributed Cloud   Bare metal admin clusters
Bare metal clusters
Bare metal node pools
VMware admin clusters
VMware clusters
VMware node pools
Cloud Healthcare API   Consent stores
Data mapper workspaces
Datasets
DICOM stores
FHIR stores
HL7v2 stores
Identity and Access Management   Service accounts
Workforce identity pools
Cloud Intrusion Detection System   Endpoints
Cloud Logging   Views
Looker   Backups
Instances
Managed Service for Microsoft Active Directory   Backups
Domains
Peerings
Dataproc Metastore   Backups
Databases
Federations
Services
Tables
AI Platform   Jobs
Models
Network Connectivity Center   Groups
Hubs
Policy-based routes
Service classes
Service connection maps
Service connection policies
Spokes
Network Management API   Connectivity tests
Network Security   Address groups
Authorization policies
Authz policies
Client TLS policies
Server TLS policies
Network Services   Edge cache keysets
Edge cache origins
Edge cache services
Notebooks   Instances
Runtimes
Certificate Authority Service   CA pools
Certificate revocation lists
Certificate templates
Pub/Sub   Schemas
Snapshots
Subscriptions
Topics
Cloud Run   Jobs
Services
Secret Manager   Secrets
Security Command Center   Sources
Service Directory   Namespaces
Services
Service Management   Consumers
Services
Spanner   Backup schedules
Backups
Databases
Instances
Cloud Storage   Buckets
Managed folders
Google Cloud VMware Engine   Clusters
HCX activation keys
Private clouds
Cloud Workstations   Workstation configs
Workstations