REST Resource: policies

Resource: Policy

A Policy resource binds an instance of a single Setting with the scope of a PolicyQuery. The Setting instance will be applied to all entities that satisfy the query.

JSON representation 
{
  "name": string,
  "customer": string,
  "policyQuery": {
    object (PolicyQuery)
  },
  "setting": {
    object (Setting)
  },
  "type": enum (PolicyType)
}
Fields
name

string

Output only. Identifier. The resource name of the policy. Format: policies/{policy}
customer

string

Immutable. Customer that the policy belongs to. The value is in the format customers/{customerId}. The customerId must begin with "C" To find your customer ID in Admin Console see https://support.google.com/a/answer/10070793.
policyQuery

object (PolicyQuery)

Required. The PolicyQuery the setting applies to.
setting

object (Setting)

Required. The setting configured by this policy.
type

enum (PolicyType)

Output only. The type of the policy.

PolicyQuery

PolicyQuery

JSON representation 
{
  "query": string,
  "orgUnit": string,
  "group": string,
  "sortOrder": number
}
Fields
query

string

Immutable. The CEL query that defines which entities the Policy applies to (ex. a User entity).

For details about CEL see https://opensource.google.com/projects/cel.

The organizational units the policy applies to are represented by a clause like so: entity.org_units.exists(orgUnit, orgUnit.org_unit_id == orgUnitId('{orgUnitId}'))

The Group the Policy applies to are represented by a clause like so: entity.groups.exists(group, group.group_id == groupId('{groupId}'))

The Licenses the Policy applies to are represented by a clause like so: entity.licenses.exists(license, license in ['/product/{productId}/sku/{skuId}'])

The list of SKUs can be found in this documentation.

The above clauses can be present in any combination, and used in conjunction with the &&, || and ! operators.

The orgUnit and group fields below are helper fields that contain the corresponding value(s) as the query to make the query easier to use.
orgUnit

string

Output only. Non-empty default. The organizational unit the query applies to. This field is only set if there is a single value for orgUnit that satisfies all clauses of the query.
group

string

Output only. The group that the query applies to. This field is only set if there is a single value for group that satisfies all clauses of the query. If no group applies, this field will be absent.
sortOrder

number

Output only. The numeric sort order of this PolicyQuery. The value is relative to all other policies with the same setting type within the whole customer. Policies are sorted in ascending order. (There are no duplicates within this set).

Setting

Setting

JSON representation 
{
  "type": string,
  "value": {
    object
  }
}
Fields
type

string

Required. Immutable. The type of the setting.
value

object (Struct format)

Required. The value of the setting.

PolicyType

The type of the policy. This denotes whether the policy is system-configured or admin-configurable.

Enums
POLICY_TYPE_UNSPECIFIED Unspecified policy type.
SYSTEM Policy type denoting the system-configured policies.
ADMIN Policy type denoting the admin-configurable policies.

Methods

get

 Get a policy

list

 List policies