REST Resource: policies

Resource: Policy

A Policy resource binds an instance of a single Setting with the scope of a PolicyQuery. The Setting instance will be applied to all entities that satisfy the query.

JSON representation
{
  "name": string,
  "customer": string,
  "policyQuery": {
    object (PolicyQuery)
  },
  "setting": {
    object (Setting)
  },
  "type": enum (PolicyType)
}
Fields
name

string

Output only. Identifier. The resource name of the Policy. Format: policies/{policy}.

customer

string

Immutable. Customer that the Policy belongs to. The value is in the format 'customers/{customerId}'. The customerId must begin with "C" To find your customer ID in Admin Console see https://support.google.com/a/answer/10070793.

policyQuery

object (PolicyQuery)

Required. The PolicyQuery the Setting applies to.

setting

object (Setting)

Required. The Setting configured by this Policy.

type

enum (PolicyType)

Output only. The type of the policy.

PolicyQuery

PolicyQuery

JSON representation
{
  "query": string,
  "orgUnit": string,
  "group": string,
  "sortOrder": number
}
Fields
query

string

Immutable. The CEL query that defines which entities the Policy applies to —for example, a User entity.

For details about CEL see https://opensource.google.com/projects/cel.

The OrgUnits that the Policy applies to are represented by a function like so: entity.org_units.exists(orgUnit, orgUnit.org_unit_id == orgUnitId('{orgUnitId}'))

The Group the Policy applies to are represented by a function like so: entity.groups.exists(group, group.group_id == groupId('{groupId}'))

The Licenses the Policy applies to are represented by a function like so: entity.licenses.exists(license, license in ['/product/{productId}/sku/{skuId}'])

These functions can be declared in any combination, and used in conjunction with the &&, || and ! operators.

The orgUnit and group fields below are helper fields that contain the corresponding value(s) as the query to make the query easier to use.

orgUnit

string

Required. Immutable. Non-empty default. The OrgUnit the query applies to. This field is only set if there is a single value for orgUnit that satisfies all functions of the query.

group

string

Immutable. The group that the query applies to. This field is only set if there is a single value for group that satisfies all functions of the query. If no group applies, this will be the empty string.

sortOrder

number

Output only. The decimal sort order of this PolicyQuery. The value is relative to all other policies with the same setting type for the customer. (There are no duplicates within this set).

Setting

Setting

JSON representation
{
  "type": string,
  "value": {
    object
  }
}
Fields
type

string

Required. Immutable. The type of the Setting. .

value

object (Struct format)

Required. The value of the Setting.

PolicyType

The type of the policy. This denotes whether the policy is system-configured or admin-configurable.

Enums
POLICY_TYPE_UNSPECIFIED Unspecified policy type.
SYSTEM Policy type denoting the system-configured policies.
ADMIN Policy type denoting the admin-configurable policies.

Methods

get

Get a Policy

list

List Policies