Class AccessPolicy.Builder (1.53.0)

AccessPolicy is a container for AccessLevels (which define the necessary attributes to use Google Cloud services) and ServicePerimeters (which define regions of services able to freely pass data within a perimeter). An access policy is globally visible within an organization, and the restrictions it specifies apply to all projects within an organization.

Protobuf type google.identity.accesscontextmanager.v1.AccessPolicy

The scopes of a policy define which resources an ACM policy can restrict, and where ACM resources can be referenced. For example, a policy with scopes=["folders/123"] has the following behavior:

• vpcsc perimeters can only restrict projects within folders/123
• access levels can only be referenced by resources within folders/123. If empty, there are no limitations on which resources can be restricted by an ACM policy, and there are no limitations on where ACM resources can be referenced. Only one policy can include a given scope (attempting to create a second policy which includes "folders/123" will result in an error). Currently, scopes cannot be modified after a policy is created. Currently, policies can only have a single scope. Format: list of folders/{folder_number} or projects/{project_number}

repeated string scopes = 7;

The scopes of a policy define which resources an ACM policy can restrict, and where ACM resources can be referenced. For example, a policy with scopes=["folders/123"] has the following behavior:

• vpcsc perimeters can only restrict projects within folders/123
• access levels can only be referenced by resources within folders/123. If empty, there are no limitations on which resources can be restricted by an ACM policy, and there are no limitations on where ACM resources can be referenced. Only one policy can include a given scope (attempting to create a second policy which includes "folders/123" will result in an error). Currently, scopes cannot be modified after a policy is created. Currently, policies can only have a single scope. Format: list of folders/{folder_number} or projects/{project_number}

repeated string scopes = 7;

The scopes of a policy define which resources an ACM policy can restrict, and where ACM resources can be referenced. For example, a policy with scopes=["folders/123"] has the following behavior:

• vpcsc perimeters can only restrict projects within folders/123
• access levels can only be referenced by resources within folders/123. If empty, there are no limitations on which resources can be restricted by an ACM policy, and there are no limitations on where ACM resources can be referenced. Only one policy can include a given scope (attempting to create a second policy which includes "folders/123" will result in an error). Currently, scopes cannot be modified after a policy is created. Currently, policies can only have a single scope. Format: list of folders/{folder_number} or projects/{project_number}

repeated string scopes = 7;

Output only. Time the AccessPolicy was created in UTC.

.google.protobuf.Timestamp create_time = 4;

Output only. An opaque identifier for the current version of the AccessPolicy. This will always be a strongly validated etag, meaning that two Access Polices will be identical if and only if their etags are identical. Clients should not expect this to be in any specific format.

string etag = 6;

Output only. Resource name of the AccessPolicy. Format: accessPolicies/{access_policy}

string name = 1;

Required. The parent of this AccessPolicy in the Cloud Resource Hierarchy. Currently immutable once created. Format: organizations/{organization_id}

string parent = 2;

The scopes of a policy define which resources an ACM policy can restrict, and where ACM resources can be referenced. For example, a policy with scopes=["folders/123"] has the following behavior:

• vpcsc perimeters can only restrict projects within folders/123
• access levels can only be referenced by resources within folders/123. If empty, there are no limitations on which resources can be restricted by an ACM policy, and there are no limitations on where ACM resources can be referenced. Only one policy can include a given scope (attempting to create a second policy which includes "folders/123" will result in an error). Currently, scopes cannot be modified after a policy is created. Currently, policies can only have a single scope. Format: list of folders/{folder_number} or projects/{project_number}

repeated string scopes = 7;

Required. Human readable title. Does not affect behavior.

string title = 3;

Output only. Time the AccessPolicy was updated in UTC.

.google.protobuf.Timestamp update_time = 5;

Output only. Time the AccessPolicy was created in UTC.

.google.protobuf.Timestamp create_time = 4;

Output only. Time the AccessPolicy was created in UTC.

.google.protobuf.Timestamp create_time = 4;

Output only. Time the AccessPolicy was created in UTC.

.google.protobuf.Timestamp create_time = 4;

Output only. An opaque identifier for the current version of the AccessPolicy. This will always be a strongly validated etag, meaning that two Access Polices will be identical if and only if their etags are identical. Clients should not expect this to be in any specific format.

string etag = 6;

Output only. An opaque identifier for the current version of the AccessPolicy. This will always be a strongly validated etag, meaning that two Access Polices will be identical if and only if their etags are identical. Clients should not expect this to be in any specific format.

string etag = 6;

Output only. Resource name of the AccessPolicy. Format: accessPolicies/{access_policy}

string name = 1;

Output only. Resource name of the AccessPolicy. Format: accessPolicies/{access_policy}

string name = 1;

Required. The parent of this AccessPolicy in the Cloud Resource Hierarchy. Currently immutable once created. Format: organizations/{organization_id}

string parent = 2;

Required. The parent of this AccessPolicy in the Cloud Resource Hierarchy. Currently immutable once created. Format: organizations/{organization_id}

string parent = 2;

The scopes of a policy define which resources an ACM policy can restrict, and where ACM resources can be referenced. For example, a policy with scopes=["folders/123"] has the following behavior:

• vpcsc perimeters can only restrict projects within folders/123
• access levels can only be referenced by resources within folders/123. If empty, there are no limitations on which resources can be restricted by an ACM policy, and there are no limitations on where ACM resources can be referenced. Only one policy can include a given scope (attempting to create a second policy which includes "folders/123" will result in an error). Currently, scopes cannot be modified after a policy is created. Currently, policies can only have a single scope. Format: list of folders/{folder_number} or projects/{project_number}

repeated string scopes = 7;

The scopes of a policy define which resources an ACM policy can restrict, and where ACM resources can be referenced. For example, a policy with scopes=["folders/123"] has the following behavior:

• vpcsc perimeters can only restrict projects within folders/123
• access levels can only be referenced by resources within folders/123. If empty, there are no limitations on which resources can be restricted by an ACM policy, and there are no limitations on where ACM resources can be referenced. Only one policy can include a given scope (attempting to create a second policy which includes "folders/123" will result in an error). Currently, scopes cannot be modified after a policy is created. Currently, policies can only have a single scope. Format: list of folders/{folder_number} or projects/{project_number}

repeated string scopes = 7;

The scopes of a policy define which resources an ACM policy can restrict, and where ACM resources can be referenced. For example, a policy with scopes=["folders/123"] has the following behavior:

• vpcsc perimeters can only restrict projects within folders/123
• access levels can only be referenced by resources within folders/123. If empty, there are no limitations on which resources can be restricted by an ACM policy, and there are no limitations on where ACM resources can be referenced. Only one policy can include a given scope (attempting to create a second policy which includes "folders/123" will result in an error). Currently, scopes cannot be modified after a policy is created. Currently, policies can only have a single scope. Format: list of folders/{folder_number} or projects/{project_number}

repeated string scopes = 7;

The scopes of a policy define which resources an ACM policy can restrict, and where ACM resources can be referenced. For example, a policy with scopes=["folders/123"] has the following behavior:

• vpcsc perimeters can only restrict projects within folders/123
• access levels can only be referenced by resources within folders/123. If empty, there are no limitations on which resources can be restricted by an ACM policy, and there are no limitations on where ACM resources can be referenced. Only one policy can include a given scope (attempting to create a second policy which includes "folders/123" will result in an error). Currently, scopes cannot be modified after a policy is created. Currently, policies can only have a single scope. Format: list of folders/{folder_number} or projects/{project_number}

repeated string scopes = 7;

Required. Human readable title. Does not affect behavior.

string title = 3;

Required. Human readable title. Does not affect behavior.

string title = 3;

Output only. Time the AccessPolicy was updated in UTC.

.google.protobuf.Timestamp update_time = 5;

Output only. Time the AccessPolicy was updated in UTC.

.google.protobuf.Timestamp update_time = 5;

Output only. Time the AccessPolicy was updated in UTC.

.google.protobuf.Timestamp update_time = 5;

Output only. Time the AccessPolicy was created in UTC.

.google.protobuf.Timestamp create_time = 4;

Output only. Time the AccessPolicy was updated in UTC.

.google.protobuf.Timestamp update_time = 5;

Output only. Time the AccessPolicy was created in UTC.

.google.protobuf.Timestamp create_time = 4;

Output only. Time the AccessPolicy was updated in UTC.

.google.protobuf.Timestamp update_time = 5;

Output only. Time the AccessPolicy was created in UTC.

.google.protobuf.Timestamp create_time = 4;

Output only. Time the AccessPolicy was created in UTC.

.google.protobuf.Timestamp create_time = 4;

Output only. An opaque identifier for the current version of the AccessPolicy. This will always be a strongly validated etag, meaning that two Access Polices will be identical if and only if their etags are identical. Clients should not expect this to be in any specific format.

string etag = 6;

Output only. An opaque identifier for the current version of the AccessPolicy. This will always be a strongly validated etag, meaning that two Access Polices will be identical if and only if their etags are identical. Clients should not expect this to be in any specific format.

string etag = 6;

Output only. Resource name of the AccessPolicy. Format: accessPolicies/{access_policy}

string name = 1;

Output only. Resource name of the AccessPolicy. Format: accessPolicies/{access_policy}

string name = 1;

Required. The parent of this AccessPolicy in the Cloud Resource Hierarchy. Currently immutable once created. Format: organizations/{organization_id}

string parent = 2;

Required. The parent of this AccessPolicy in the Cloud Resource Hierarchy. Currently immutable once created. Format: organizations/{organization_id}

string parent = 2;

The scopes of a policy define which resources an ACM policy can restrict, and where ACM resources can be referenced. For example, a policy with scopes=["folders/123"] has the following behavior:

• vpcsc perimeters can only restrict projects within folders/123
• access levels can only be referenced by resources within folders/123. If empty, there are no limitations on which resources can be restricted by an ACM policy, and there are no limitations on where ACM resources can be referenced. Only one policy can include a given scope (attempting to create a second policy which includes "folders/123" will result in an error). Currently, scopes cannot be modified after a policy is created. Currently, policies can only have a single scope. Format: list of folders/{folder_number} or projects/{project_number}

repeated string scopes = 7;

Required. Human readable title. Does not affect behavior.

string title = 3;

Required. Human readable title. Does not affect behavior.

string title = 3;

Output only. Time the AccessPolicy was updated in UTC.

.google.protobuf.Timestamp update_time = 5;

Output only. Time the AccessPolicy was updated in UTC.

.google.protobuf.Timestamp update_time = 5;