Package com.google.iam.v1 (1.20.1)

Classes

AuditConfig

Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs.

If there are AuditConfigs for both allServices and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted.

Example Policy with multiple AuditConfigs:

 {
   "audit_configs": [
     {
       "service": "allServices",
       "audit_log_configs": [
         {
           "log_type": "DATA_READ",
           "exempted_members": [
             "user:jose@example.com"
           ]
         },
         {
           "log_type": "DATA_WRITE"
         },
         {
           "log_type": "ADMIN_READ"
         }
       ]
     },
     {
       "service": "sampleservice.googleapis.com",
       "audit_log_configs": [
         {
           "log_type": "DATA_READ"
         },
         {
           "log_type": "DATA_WRITE",
           "exempted_members": [
             "user:aliya@example.com"
           ]
         }
       ]
     }
   ]
 }

For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.

Protobuf type google.iam.v1.AuditConfig

AuditConfig.Builder

Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs.

If there are AuditConfigs for both allServices and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted.

Example Policy with multiple AuditConfigs:

 {
   "audit_configs": [
     {
       "service": "allServices",
       "audit_log_configs": [
         {
           "log_type": "DATA_READ",
           "exempted_members": [
             "user:jose@example.com"
           ]
         },
         {
           "log_type": "DATA_WRITE"
         },
         {
           "log_type": "ADMIN_READ"
         }
       ]
     },
     {
       "service": "sampleservice.googleapis.com",
       "audit_log_configs": [
         {
           "log_type": "DATA_READ"
         },
         {
           "log_type": "DATA_WRITE",
           "exempted_members": [
             "user:aliya@example.com"
           ]
         }
       ]
     }
   ]
 }

For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.

Protobuf type google.iam.v1.AuditConfig

AuditConfigDelta

One delta entry for AuditConfig. Each individual change (only one exempted_member in each entry) to a AuditConfig will be a separate entry.

Protobuf type google.iam.v1.AuditConfigDelta

AuditConfigDelta.Builder

One delta entry for AuditConfig. Each individual change (only one exempted_member in each entry) to a AuditConfig will be a separate entry.

Protobuf type google.iam.v1.AuditConfigDelta

AuditLogConfig

Provides the configuration for logging a type of permissions. Example:

 {
   "audit_log_configs": [
     {
       "log_type": "DATA_READ",
       "exempted_members": [
         "user:jose@example.com"
       ]
     },
     {
       "log_type": "DATA_WRITE"
     }
   ]
 }

This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ logging.

Protobuf type google.iam.v1.AuditLogConfig

AuditLogConfig.Builder

Provides the configuration for logging a type of permissions. Example:

 {
   "audit_log_configs": [
     {
       "log_type": "DATA_READ",
       "exempted_members": [
         "user:jose@example.com"
       ]
     },
     {
       "log_type": "DATA_WRITE"
     }
   ]
 }

This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ logging.

Protobuf type google.iam.v1.AuditLogConfig

Binding

Associates members, or principals, with a role.

Protobuf type google.iam.v1.Binding

Binding.Builder

Associates members, or principals, with a role.

Protobuf type google.iam.v1.Binding

BindingDelta

One delta entry for Binding. Each individual change (only one member in each entry) to a binding will be a separate entry.

Protobuf type google.iam.v1.BindingDelta

BindingDelta.Builder

One delta entry for Binding. Each individual change (only one member in each entry) to a binding will be a separate entry.

Protobuf type google.iam.v1.BindingDelta

GetIamPolicyRequest

Request message for GetIamPolicy method.

Protobuf type google.iam.v1.GetIamPolicyRequest

GetIamPolicyRequest.Builder

Request message for GetIamPolicy method.

Protobuf type google.iam.v1.GetIamPolicyRequest

GetPolicyOptions

Encapsulates settings provided to GetIamPolicy.

Protobuf type google.iam.v1.GetPolicyOptions

GetPolicyOptions.Builder

Encapsulates settings provided to GetIamPolicy.

Protobuf type google.iam.v1.GetPolicyOptions

IAMPolicyGrpc

API Overview Manages Identity and Access Management (IAM) policies. Any implementation of an API that offers access control features implements the google.iam.v1.IAMPolicy interface.

Data model

Access control is applied when a principal (user or service account), takes some action on a resource exposed by a service. Resources, identified by URI-like names, are the unit of access control specification. Service implementations can choose the granularity of access control and the supported permissions for their resources. For example one database service may allow access control to be specified only at the Table level, whereas another might allow access control to also be specified at the Column level.

Policy Structure

See google.iam.v1.Policy This is intentionally not a CRUD style API because access control policies are created and deleted implicitly with the resources to which they are attached.

IAMPolicyGrpc.IAMPolicyBlockingStub

A stub to allow clients to do synchronous rpc calls to service IAMPolicy.

API Overview Manages Identity and Access Management (IAM) policies. Any implementation of an API that offers access control features implements the google.iam.v1.IAMPolicy interface.

Data model

Access control is applied when a principal (user or service account), takes some action on a resource exposed by a service. Resources, identified by URI-like names, are the unit of access control specification. Service implementations can choose the granularity of access control and the supported permissions for their resources. For example one database service may allow access control to be specified only at the Table level, whereas another might allow access control to also be specified at the Column level.

Policy Structure

See google.iam.v1.Policy This is intentionally not a CRUD style API because access control policies are created and deleted implicitly with the resources to which they are attached.

IAMPolicyGrpc.IAMPolicyFutureStub

A stub to allow clients to do ListenableFuture-style rpc calls to service IAMPolicy.

API Overview Manages Identity and Access Management (IAM) policies. Any implementation of an API that offers access control features implements the google.iam.v1.IAMPolicy interface.

Data model

Access control is applied when a principal (user or service account), takes some action on a resource exposed by a service. Resources, identified by URI-like names, are the unit of access control specification. Service implementations can choose the granularity of access control and the supported permissions for their resources. For example one database service may allow access control to be specified only at the Table level, whereas another might allow access control to also be specified at the Column level.

Policy Structure

See google.iam.v1.Policy This is intentionally not a CRUD style API because access control policies are created and deleted implicitly with the resources to which they are attached.

IAMPolicyGrpc.IAMPolicyImplBase

Base class for the server implementation of the service IAMPolicy.

API Overview Manages Identity and Access Management (IAM) policies. Any implementation of an API that offers access control features implements the google.iam.v1.IAMPolicy interface.

Data model

Access control is applied when a principal (user or service account), takes some action on a resource exposed by a service. Resources, identified by URI-like names, are the unit of access control specification. Service implementations can choose the granularity of access control and the supported permissions for their resources. For example one database service may allow access control to be specified only at the Table level, whereas another might allow access control to also be specified at the Column level.

Policy Structure

See google.iam.v1.Policy This is intentionally not a CRUD style API because access control policies are created and deleted implicitly with the resources to which they are attached.

IAMPolicyGrpc.IAMPolicyStub

A stub to allow clients to do asynchronous rpc calls to service IAMPolicy.

API Overview Manages Identity and Access Management (IAM) policies. Any implementation of an API that offers access control features implements the google.iam.v1.IAMPolicy interface.

Data model

Access control is applied when a principal (user or service account), takes some action on a resource exposed by a service. Resources, identified by URI-like names, are the unit of access control specification. Service implementations can choose the granularity of access control and the supported permissions for their resources. For example one database service may allow access control to be specified only at the Table level, whereas another might allow access control to also be specified at the Column level.

Policy Structure

See google.iam.v1.Policy This is intentionally not a CRUD style API because access control policies are created and deleted implicitly with the resources to which they are attached.

IamPolicyProto

OptionsProto

Policy

An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources.

A Policy is a collection of bindings. A binding binds one or more members, or principals, to a single role. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A role is a named list of permissions; each role can be an IAM predefined role or a user-created custom role.

For some types of Google Cloud resources, a binding can also specify a condition, which is a logical expression that allows access to a resource only if the expression evaluates to true. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the IAM documentation.

JSON example:

` { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 }

YAML example:

bindings:

  • members:
    • user:mike@example.com
    • group:admins@example.com
    • domain:google.com
    • serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin
  • members:

    • user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3
`

For a description of IAM and its features, see the IAM documentation.

Protobuf type google.iam.v1.Policy

Policy.Builder

An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources.

A Policy is a collection of bindings. A binding binds one or more members, or principals, to a single role. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A role is a named list of permissions; each role can be an IAM predefined role or a user-created custom role.

For some types of Google Cloud resources, a binding can also specify a condition, which is a logical expression that allows access to a resource only if the expression evaluates to true. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the IAM documentation.

JSON example:

` { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 }

YAML example:

bindings:

  • members:
    • user:mike@example.com
    • group:admins@example.com
    • domain:google.com
    • serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin
  • members:

    • user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3
`

For a description of IAM and its features, see the IAM documentation.

Protobuf type google.iam.v1.Policy

PolicyDelta

The difference delta between two policies.

Protobuf type google.iam.v1.PolicyDelta

PolicyDelta.Builder

The difference delta between two policies.

Protobuf type google.iam.v1.PolicyDelta

PolicyProto

SetIamPolicyRequest

Request message for SetIamPolicy method.

Protobuf type google.iam.v1.SetIamPolicyRequest

SetIamPolicyRequest.Builder

Request message for SetIamPolicy method.

Protobuf type google.iam.v1.SetIamPolicyRequest

TestIamPermissionsRequest

Request message for TestIamPermissions method.

Protobuf type google.iam.v1.TestIamPermissionsRequest

TestIamPermissionsRequest.Builder

Request message for TestIamPermissions method.

Protobuf type google.iam.v1.TestIamPermissionsRequest

TestIamPermissionsResponse

Response message for TestIamPermissions method.

Protobuf type google.iam.v1.TestIamPermissionsResponse

TestIamPermissionsResponse.Builder

Response message for TestIamPermissions method.

Protobuf type google.iam.v1.TestIamPermissionsResponse

Interfaces

AuditConfigDeltaOrBuilder

AuditConfigOrBuilder

AuditLogConfigOrBuilder

BindingDeltaOrBuilder

BindingOrBuilder

GetIamPolicyRequestOrBuilder

GetPolicyOptionsOrBuilder

IAMPolicyGrpc.AsyncService

API Overview Manages Identity and Access Management (IAM) policies. Any implementation of an API that offers access control features implements the google.iam.v1.IAMPolicy interface.

Data model

Access control is applied when a principal (user or service account), takes some action on a resource exposed by a service. Resources, identified by URI-like names, are the unit of access control specification. Service implementations can choose the granularity of access control and the supported permissions for their resources. For example one database service may allow access control to be specified only at the Table level, whereas another might allow access control to also be specified at the Column level.

Policy Structure

See google.iam.v1.Policy This is intentionally not a CRUD style API because access control policies are created and deleted implicitly with the resources to which they are attached.

PolicyDeltaOrBuilder

PolicyOrBuilder

SetIamPolicyRequestOrBuilder

TestIamPermissionsRequestOrBuilder

TestIamPermissionsResponseOrBuilder

Enums

AuditConfigDelta.Action

The type of action performed on an audit configuration in a policy.

Protobuf enum google.iam.v1.AuditConfigDelta.Action

AuditLogConfig.LogType

The list of valid permission types for which logging can be configured. Admin writes are always logged, and are not configurable.

Protobuf enum google.iam.v1.AuditLogConfig.LogType

BindingDelta.Action

The type of action performed on a Binding in a policy.

Protobuf enum google.iam.v1.BindingDelta.Action