Settings available in the API

This document describes the settings that the Policy API supports.

Security Settings

Page in Admin Console Specific Setting in Admin Console Policy API setting type Admin Console Caption Policy API Field Name Data Type
Account Recovery Super Admin Account Recovery security.super_admin_account_recovery Allow super admins to recover their account enableAccountRecovery Boolean
User Account Recovery security.user_account_recovery Allow users and non-super admins to recover their account enableAccountRecovery Boolean
Password Management Password Management security.password Expiration expirationDuration Seconds (0 seconds means Never Expire)
Reuse allowReuse Boolean
Strength and Length enforcement enforceRequirementsAtLogin Boolean
Length (Maximum length) maximumLength Integer
Length (Minimum length) minimumLength Integer
Strength allowedStrength Enum: STRONG, WEAK
Google Session Control Session Control security.session_controls Web session duration webSessionDuration Seconds
Less secure apps Less secure apps security.less_secure_apps Control user access to apps that use less secure sign-in technology and make accounts more vulnerable. allowLessSecureApps Boolean
Login challenges Login Challenges security.login_challenges Use employee ID to keep my users more secure enableEmployeeIdChallenge Boolean
Advanced Protection Program Enrollment security.advanced_protection_program Use employee ID to keep my users more secure enableAdvancedProtectionSelfEnrollment Boolean
Security Codes securityCodeOption Enum: ALLOWED_WITH_REMOTE_ACCESS, ALLOWED_WITHOUT_REMOTE_ACCESS, CODES_NOT_ALLOWED

UserTakeout Settings

Page in Admin Console Specific Setting in Admin Console Policy API setting type Admin Console Caption Policy API Field Name Data Type
Data Data import & export > Google Takeout > User access to Takeout for Google services blogger.user_takeout books.user_takeout maps.user_takeout pay.user_takeout photos.user_takeout play.user_takeout play_console.user_takeout location_history.user_takeout youtube.user_takeout Manage user access to Takeout for Google services takeout_status enum: TAKEOUT_STATUS_UNSPECIFIED, ENABLED, DISABLED

Marketplace Settings

Page in Admin Console Specific Setting in Admin Console Policy API setting type Admin Console Caption Policy API Field Name Data Type
Apps list Apps list workspace_marketplace.apps_allowlist Showing apps for users in all organizational units apps List of apps containing application_id and access status as ALLOWED or BLOCKED.
Settings Manage access to apps > Manage Google Workspace Marketplace allowlist access workspace_marketplace.apps_access_options Select which Marketplace apps users can run and install. access_level Enum: ALLOW_ALL, ALLOW_LISTED_APPS, ALLOW_NONE

The Setting workspace_marketplace.apps_allowlist in the API response exposes the Marketplace application_id instead of application_name. The following Python script can be used to convert one or more application_id that are specified on the command line to application_name.

import re
import requests
import sys

output = {}
app_ids = sys.argv[1:]

for id in app_ids:
  url = f"https://workspace.google.com/marketplace/app/_/{id}"
  response = requests.get(url, allow_redirects=False)
  final_url = response.headers['Location']
  pattern = f"^https://workspace.google.com/marketplace/app/(.*)/{id}$"
  a = re.search(pattern, final_url)
  output[id] = a.group(1)

# Output application name captured from returned URL
print(output)

Service Status Settings

The service_status setting contains a Boolean value implying a service is enabled for a certain OrgUnit or Group.

The Policy API supports service status settings for both Workspace services and Additional services listed in the Admin Console under Apps.

Service Name in Admin Console Policy API service name
Calendar calendar
Cloud Search cloud_search
Drive and Docs drive_and_editors
Currents currents
Groups for Business groups_for_business
Jamboard jamboard
Keep keep
Google Chat chat
Google Meet meet
Google Voice voice
Google Sites sites
Tasks tasks
Vault vault
Work Insights work_insights
AppSheet appsheet
Applied Digital Skills applied_digital_skills
Assignments assignments
Blogger blogger
Brand Accounts brand_accounts
Campaign Manager 360 campaign_manager
Chrome Canvas chrome_canvas
Chrome Remote Desktop chrome_remote_desktop
Chrome Web Store chrome_web_store
Classroom classroom
CS First cs_first
Experimental Apps experimental_apps
FeedBurner feedburner
Google Ad Manager ad_manager
Google Ads ads
Google AdSense adsense
Google Alerts alerts
Google Analytics analytics
Google Arts & Culture arts_and_culture
Google Bookmarks bookmarks
Google Books books
Google Chrome Sync chrome_sync
Google Cloud cloud
Google Cloud Print cloud_print
Google Colab colab
Google Developer developers
Google Domains domains
Google Earth earth
Google Fi fi
Google Groups groups
Google Maps maps
Google Messages messages
Google My Business my_business
Google My Maps my_maps
Google News news
Google Pay pay
Google Photos photos
Google Play play
Google Play Console play_console
Google Public Data Explorer public_data
Google Read Along read_along
Google Search Console search_console
Google Takeout takeout
Google Translate translate
Google Trips trips
Location History location_history
Looker Studio data_studio
Managed Google Play managed_play
Material Gallery material_gallery
Merchant Center merchant_center
Partner Dash partner_dash
Pinpoint pinpoint
Play Books Partner Center play_books_partner_center
Programmable Search Engine programmable_search_engine
QuestionHub question_hub
Scholar Profiles scholar_profiles
Search Ads 360 search_ads_360
Search and Assistant search_and_assistant
Socratic socratic
Studio studio
Third-party App Backups third_party_app_backups
Tour Creator tour_creator
YouTube youtube
Additional services without individual control enterprise_service_restrictions

Gmail Settings

Page in Admin Console Specific Setting in Admin Console Policy API setting type Admin Console Caption Policy API Field Name Data Type
Gmail User Settings > Confidential Model gmail.confidential_mode Enable confidential mode enable_confidential_mode boolean
User Settings > S/MIME gmail.enhanced_smime_encryption Allow users to upload their own certificates allow_user_to_upload_certificates boolean
Accept these additional root certificates for specific domains: custom_root_certificates A list of CustomRootCertificates which contains a list of root certificates, a list of intermediate CA certificates, a list of restricted domain names, a boolean to allow address mismatch and an enum with different validation levels.
Spam, phishing, and malware > Enhanced pre-delivery message scanning gmail.enhanced_pre_delivery_message_scanning Enables improved detection of suspicious content prior to delivery enable_improved_suspicious_content_detection boolean
Spam, phishing, and malware > Email allowlist gmail.email_spam_filter_ip_allowlist Enter the IP addresses for your email allowlist allowed_ip_addresses A list of strings
Safety > Spoofing and authentication gmail.spoofing_and_authentication Protect against domain spoofing based on similar domain names detect_domain_name_spoofing boolean
Choose an action domain_name_spoofing_consequence Enum: WARNING, SPAM_FOLDER, QUARANTINE, NO_ACTION
Protect against spoofing of employee names detect_employee_name_spoofing boolean
Choose an action employee_name_spoofing_consequences Enum: WARNING, SPAM_FOLDER, QUARANTINE, NO_ACTION
Protect against inbound emails spoofing your domain detect_domain_spoofing_from_unauthenticated_senders boolean
Choose an action domain_spoofing_consequences Enum: WARNING, SPAM_FOLDER, QUARANTINE, NO_ACTION
Protect against any unauthenticated emails detect_unauthenticated_emails boolean
Choose an action unauthenticated_email_consequences Enum: WARNING, SPAM_FOLDER, QUARANTINE, NO_ACTION
Protect your Groups from inbound emails spoofing your domain detect_groups_spoofing boolean
Apply this setting to groups_spoofing_group_type Enum: PRIVATE_GROUPS_ONLY, ALL_GROUPS
Choose an action groups_spoofing_consequences Enum: WARNING, SPAM_FOLDER, QUARANTINE, NO_ACTION
Apply future recommended settings automatically apply_future_settings_automatically boolean
Safety > Links and external images gmail.links_and_external_images Identify links behind shortened URLs enable_shortener_scanning boolean
Scan linked images enable_external_image_scanning boolean
Show warning prompt for any click on links to untrusted domains enable_aggressive_warnings_on_untrusted_links boolean
Apply future recommended settings automatically apply_future_settings_automatically boolean
Safety > Attachments gmail.email_attachment_safety Protect against encrypted attachments from untrusted senders enable_encrypted_attachment_protection boolean
Choose an action encrypted_attachment_protection_consequence enum: WARNING, SPAM_FOLDER, QUARANTINE
Protect against attachments with scripts from untrusted senders enable_attachment_with_scripts_protection boolean
Choose an action attachment_with_scripts_protection_consequence enum: WARNING, SPAM_FOLDER, QUARANTINE
Protect against anomalous attachment types in emails enable_anomalous_attachment_protection boolean
Choose an action anomalous_attachment_protection_consequence enum: WARNING, SPAM_FOLDER, QUARANTINE
Apply future recommended settings automatically apply_future_recommended_settings_automatically boolean

Chat Settings

Page in Admin Console Specific Setting in Admin Console Policy API setting type Admin Console Caption Policy API Field Name Data Type
Google Chat History for chats chat.chat_history History is ON/OFF history_on_by_default boolean
Allow users to change their history setting allow_user_modification boolean
Chat File Sharing chat.chat_file_sharing External filesharing external_file_sharing enum: ALL_FILES, IMAGES_ONLY, NO_FILES, FILE_SHARING_OPTION_UNSPECIFIED
internal_file_sharing same
History for spaces chat.space_history Conversation history settings for spaces history_state enum: DEFAULT_HISTORY_ON, DEFAULT_HISTORY_OFF, HISTORY_ALWAYS_ON, HISTORY_ALWAYS_OFF, HISTORY_STATE_UNSPECIFIED
External Chat Settings chat.external_chat_restriction Allow users to send messages outside organization in chats and spaces allow_external_chat boolean
external_chat_restriction enum: NO_RESTRICTION, TRUSTED_DOMAINS, RESTRICTION_UNSPECIFIED
Chat apps chat.chat_apps_access Allow users to install Chat apps enable_apps boolean
Allow users to add and use incoming webhooks enable_webhooks boolean

Drive and Docs Settings

Page in Admin Console Specific Setting in Admin Console Policy API setting type Admin Console Caption Policy API Field Name Data Type
Drive and Docs Sharing settings > Sharing options drive_and_docs.external_sharing Select the highest level of sharing outside of $CUSTOMER_NAME that you want to allow external_sharing_mode Enum: DISALLOWED, ALLOWLISTED_DOMAINS, ALLOWED
Allow users in $ORG_UNIT_NAME to receive files from users or shared drives outside of $CUSTOMER_NAME allow_receiving_external_files Boolean
Warn when files owned by users or shared drives in $ORG_UNIT_NAME are shared with users in allowlisted domains warn_for_sharing_outside_allowlisted_domains Boolean
Allow users in $ORG_UNIT_NAME to receive files from users or shared drives outside of allowlisted domains allow_receiving_files_outside_allowlisted_domains Boolean
Allow users or shared drives in $ORG_UNIT_NAME to share items with non-Google users in trusted domains using visitor sharing allow_non_google_invites_in_allowlisted_domains Boolean
Warn when files owned by users or shared drives in $ORG_UNIT_NAME are shared outside of $CUSTOMER_NAME warn_for_external_sharing Boolean
Allow users or shared drives in $ORG_UNIT_NAME to share items with people outside $CUSTOMER_NAME who aren't using a Google Account allow_non_google_invites Boolean
When sharing outside of $CUSTOMER_NAME is allowed, users in $ORG_UNIT_NAME can make files and published web content visible to anyone with the link allow_publishing_files Boolean
When a user shares a file via a Google product other than Docs or Drive (e.g. by pasting a link in Gmail), Google can check that the recipients have access. If not, when possible, Google will ask the user to pick if they want to share the file to access_checker_suggestions Enum: RECIPIENTS_OR_AUDIENCE_OR_PUBLIC, RECIPIENTS_OR_AUDIENCE, RECIPIENTS_ONLY
Select who should be allowed to distribute content in $ORG_UNIT_NAME outside of $CUSTOMER_NAME. This restricts who can upload or move content to shared drives owned by another organization allowed_parties_for_distributing_content Enum: ALL_ELIGIBLE_USERS, ELIGIBLE_INTERNAL_USERS, NONE
Sharing settings > General access default drive_and_docs.general_access_default When users in $ORG_UNIT_NAME create items, the default access will be default_file_access Enum: PRIVATE_TO_OWNER, PRIMARY_AUDIENCE_WITH_LINK, PRIMARY_AUDIENCE_WITH_LINK_OR_SEARCH
Sharing settings > Shared drive creation drive_and_docs.shared_drive_creation Prevent users in $ORG_UNIT_NAME from creating new shared drives allow_shared_drive_creation Boolean (The API response returns the opposite of the UI value)
When users in $ORG_UNIT_NAME create a shared drive, it will be assigned to the following organizational unit org_unit_for_new_shared_drives Enum: CREATOR_ORG_UNIT, CUSTOM_ORG_UNIT
Selected organizational unit custom_org_unit String
Allow members with manager access to override the settings below allow_managers_to_override_settings Boolean
Allow users outside $CUSTOMER_NAME to access files in shared drives allow_external_user_access Boolean
Allow people who aren't shared drive members to be added to files allow_non_member_access Boolean
Allow viewers and commenters to download, print, and copy files allowed_parties_for_download_print_copy Enum: ALL (when the checkbox in the UI is checked), EDITORS_ONLY (when the checkbox in the UI is unchecked)
Allow content managers to share folders allow_content_managers_to_share_folders Boolean
Sharing settings > Security update for files drive_and_docs.file_security_update Applying this update will make file links more secure. This may cause users to receive file access requests security_update Enum: APPLY_TO_IMPACTED_FILES, REMOVE_FROM_IMPACTED_FILES
Allow users to remove/apply the security update for files they own or manage allow_users_to_manage_update Boolean
Features and Applications > Drive SDK drive_and_docs.drive_sdk Allow users to access Google Drive with the Drive SDK API enable_drive_sdk_api_access Boolean
Google Drive for desktop > Enable Drive for desktop drive_and_docs.drive_for_desktop Allow Google Drive for desktop in your organization allow_drive_for_desktop Boolean
Only allow Google Drive for desktop on authorized devices restrict_to_authorized_devices Boolean
Show Google Drive for desktop download link show_download_link Boolean
Allow users to enable real-time presence in Microsoft Office from Google Drive for desktop allow_real_time_presence Boolean

Meet Settings

Page in Admin Console Specific Setting in Admin Console Policy API setting type Admin Console Caption Policy API Field Name Data Type
Google Meet Meet video settings > Recording meet.video_recording Let people record their meetings. enable_recording boolean
Meet safety settings > Domain meet.safety_domain Who can join meetings created by your organization. users_allowed_to_join Enum: SAME_ORGANIZATION_ONLY, LOGGED_IN, ALL
Meet safety settings > Access meet.safety_access Which meetings or calls users in the organization can join. "Incoming call restrictions" can further limit the calls that users can receive. meetings_allowed_to_join Enum: SAME_ORGANIZATION_ONLY, ANY_WORKSPACE_ORGANIZATION, ALL
Meet safety settings > Host management meet.safety_host_management Default host management enable_host_management Boolean
Meet safety settings > Warn for external participants meet.safety_external_participants Indicates participants who are outside "Organization" or whose identities are unconfirmed. enable_external_label Boolean

Sites Settings

Page in Admin Console Specific Setting in Admin Console Policy API setting type Admin Console Caption Policy API Field Name Data Type
Sites New Sites > Site creation and editing sites.sites_creation_and_modification Allow users to create new sites allowSitesCreation Boolean
Users can/cannot edit sites allowSitesModification Boolean

Groups For Business Settings

Page in Admin Console Specific Setting in Admin Console Policy API setting type Admin Console Caption Policy API Field Name Data Type
Groups For Business Sharing settings > Sharing options groups_for_business.groups_sharing Set policies for changing group sharing settings collaborationCapability Enum: ANYONE_CAN_ACCESS, DOMAIN_USERS_ONLY
Creating groups createGroupsAccessLevel Enum: ADMIN_ONLY, USERS_IN_DOMAIN, ANYONE_CAN_CREATE
Group owners can allow external members ownersCanAllowExternalMembers Boolean
Group owners can allow incoming email from outside the organization ownersCanAllowIncomingMailFromPublic Boolean
Default for permission to view conversations viewTopicsDefaultAccessLevel Enum: OWNERS, MANAGERS, GROUP_MEMBERS, DOMAIN_USERS, ANYONE_CAN_VIEE_TOPICS
Group owners can hide groups from the directory ownersCanHideGroups Boolean
Hide newly created groups from the directory newGroupsAreHidden Boolean

Classroom Settings

Page in Admin Console Specific Setting in Admin Console Policy API setting type Admin Console Caption Policy API Field Name Data Type
Classroom General Settings > Teacher permissions classroom.teacher_permissions Who can create classes whoCanCreateClasses Enum: ANYONE_IN_DOMAIN, ALL_PENDING_AND_VERIFIED_TEACHERS, VERIFIED_TEACHERS_ONLY
General Settings > Guardian access classroom.guardian_access Allow parents and guardians to access Classroom information allowAccess Boolean
Who can manage parents and guardians whoCanManageGuardianAccess Enum: VERIFIED_TEACHERS_AND_DOMAIN_ADMINS, DOMAIN_ADMINS_ONLY
Class settings > About class membership classroom.class_membership Who can join classes in your domain whoCanJoinClasses Enum: ANYONE_IN_DOMAIN, ANYONE_IN_ALLOWLISTED_DOMAINS, ANY_GOOGLE_WORKSPACE_USER, ANYONE
Which classes can users in your domain join whichClassesCanUsersJoin Enum: CLASSES_IN_DOMAIN, CLASSES_IN_ALLOWLISTED_DOMAINS, ANY_GOOGLE_WORKSPACE_CLASS
Data access > Classroom API classroom.api_data_access Users can authorize apps to access their Google Classroom data enableApiAccess Boolean
Originality Reports > School Matches classroom.originality_reports Enable originality reports school matches enableOriginalityReportsSchoolMatches Boolean
Student unenrollment > Unenrollment permissions classroom.student_unenrollment Who can unenroll students from classes whoCanUnenrollStudents Enum STUDENTS_AND_TEACHERS, TEACHERS_ONLY
Roster import > Settings classroom.roster_import Roster import rosterImportOption Enum: OFF, ON_CLEVER

Data Protection Rules Settings

For an overview of data protection rules and detectors, see Create DLP for Drive rules and custom content detectors.

Page in Admin Console Specific Setting in Admin Console Policy API setting type Admin Console Caption Policy API Field Name Data Type
Data Protection Security > Access and data control > Data Protection > Manage Rules rule.dlp Name display_name String
Description description String
Apps triggers String[] - List of app specific trigger strings. The list of available app triggers is provided in the following Triggers section.
Conditions condition String - Common Expression Language (CEL) expression of the data conditions the rule scans for. The CEL syntax and some common examples are provided in the following Conditions section.
Actions action Struct - nested object representing app specific actions to take when the conditions are met. The available actions per app trigger are provided in the following Actions section.
State state Enum: ACTIVE, INACTIVE
Created create_time Timestamp
Last modified update_time Timestamp
Rule type specific metadata rule_type_metadata Struct - nested object representing rule type specific metadata. For Data Protection rules, this contains the severity level of the triggered events.

Triggers

The list of available applications and their triggers.

  • "google.workspace.chrome.file.v1.upload"
  • "google.workspace.chrome.file.v1.download"
  • "google.workspace.chrome.web_content.v1.upload"
  • "google.workspace.chrome.page.v1.print"
  • "google.workspace.chrome.url.v1.navigation"
  • "google.workspace.chromeos.file.v1.transfer"
  • "google.workspace.chat.message.v1.send"
  • "google.workspace.chat.attachment.v1.upload"
  • "google.workspace.drive.file.v1.share"
  • "google.workspace.gmail.email.v1.send"

Conditions

To represent data conditions, the API uses Common Expressions Language (CEL) expressions. Each condition follows the pattern of {content type}.{content to scan for}({additional scan parameters}). For example, all_content.contains('apple') represents a data condition that matches if any of the scanned content (e.g. Drive doc, chat message, etc) contains the substring apple.

Content type

The list of available content types, corresponding to the matching configurations of the same names in the Admin Console.

  • access_levels
  • all_content
  • all_headers
  • body
  • destination_type
  • destination_url
  • drive_enterprise_metadata
  • encryption_state
  • envelope_from
  • file_size_in_bytes
  • file_type
  • from_header
  • message_security_status
  • request_attributes
  • sender_header
  • source_chrome_context
  • source_url
  • source_url_category
  • subject
  • suggestion
  • target_user
  • title
  • to_header_recipients
  • url
  • url_category

Content to scan for

The list of available content to scan for, corresponding to the matching configurations of the same names in the Admin Console.

  • contains({string})
  • starts_with({string})
  • ends_with({string})
  • equals({string})
  • matches_dlp_detector({detector name}, {likelihood}, {minimum_match_count: {count}, minimum_unique_match_count: {count}})
    • Corresponds to the matches predefined data type option in the Admin Console.
    • {detector name} denotes the predefined data type to scan for, which can be one of the built-in infotypes supported by Cloud DLP: https://cloud.google.com/sensitive-data-protection/docs/infotypes-reference. For example, CREDIT_CARD_NUMBER or US_SOCIAL_SECURITY_NUMBER
    • {likelihood} denotes the likelihood threshold of the match. For example, google.privacy.dlp.v2.Likelihood.LIKELY corresponds to the High threshold in the Admin Console.
  • matches_regex_detector({detector name}, {minimum_match_count: {count}})
    • Corresponds to the matches regular expression option in the Admin Console.
    • {detector name} is the resource name of the policy that represents the regular expression detector. See Data Protection Detector section on how to query detector policies in the API.
  • matches_word_list({detector name}, {minimum_match_count: {count}, minimum_unique_match_count: {count}})
    • Corresponds to the matches words from word list option in the Admin Console.
    • {detector name} is the resource name of the policy that represents the word list detector. See Data Protection Detector section on how to query detector policies in the API.
  • matches_web_category({category})
    • Corresponds to the URL category matches option in the Admin Console for Chrome URL visited trigger.
    • {category} denotes the URL category supported by the Admin Console configuration. For example ADULT or ONLINE_COMMUNITIES__SOCIAL_NETWORKS.

Composite conditions

Multiple base conditions can be mixed with AND (&&), OR (||), or NOT (!) operators to form a composite condition. For example, "all_content.contains('apple') && all_content.contains('banana')" represents a condition that matches if any of the scanned content contains both 'apple' and 'banana' substrings.

Actions

Each application specifies the action to take when the data condition matches in a nested message. For example, { "driveAction" { "warnUser" { } } } represents a Drive action that warns users on external sharing. The application specific actions available are following:

Application Action Key Subaction Admin Console Caption
Drive driveAction blockAccess Block external sharing
warnUser Warn on external sharing
auditOnly no action
restrictCopyPrintDownload Disable download, print, and copy
applyLabels Apply Classification labels
Gmail gmailAction blockContent Block message
warnUser Warn users
auditOnly Audit only
quarantineMessage Quarantine message
Chat chatAction blockContent Block message
warnUser Warn users
auditOnly Audit only
Chrome chromeAction blockContent Block
warnUser Allow with warning

Rule type specific metadata

This attribute contains the metadata specific to the rule type. For Data Protection rules, it contains the alerting event severity when the event is reported under the security dashboard and alert center. An example value of the metadata representing LOW alert severity:

fields {
  key: "ruleTypeMetadata"
  value {
    struct_value {
      fields {
        key: "dlpRuleMetadata"
        value {
          struct_value {
            fields {
              key: "alertSeverity"
              value {
                string_value: "LOW"
              }
            }
          }
        }
      }
    }
  }
}

Data Protection Detectors Settings

For an overview of data protection rules and detectors, see Create DLP for Drive rules and custom content detectors.

Page in Admin Console Specific Setting in Admin Console Policy API setting type Admin Console Caption Policy API Field Name Data Type
Data Protection Security > Access and data control > Data Protection > Manage Detectors detector.regular_expression detector.word_list Name display_name String
Description description String
Regular Expression regular_expression Struct - contains the regular expression string. Only set if the detector type is detector.regular_expression.
Word List word_list String - contains the list of word strings. Only set if the detector type is detector.word_list.
Created create_time Timestamp
Last modified update_time Timestamp

System Defined Alert Rules Settings

This section describes Google Workspace system-defined alert rules. The API returns only system-defined alerts that are modified from the default value by the administrator.

Page in Admin Console Specific Setting in Admin Console Policy API setting type Admin Console Caption Policy API Field Name Data Type
Data Protection Rules (for "system defined' rule type) rule.system_defined_alerts Name display_name String
Description description String
Actions action Struct - nested object representing notification settings when the system defined alert is triggered. Details are provided in the following Actions section.
State state Enum: ACTIVE, INACTIVE
Created create_time Timestamp
Last modified update_time Timestamp

Actions

System defined alert rules have a single action that denotes the notification settings for the alert.

Action key Subaction Admin Console Caption
alertCenterAction alertCenterConfig Send to alert center
recipients Send email notifications