Abstract types

Binding

static

Associates members with a role.

Properties

Parameter

role

string

Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner. Required

members

Array of string

Specifies the identities requesting access for a Cloud Platform resource. members can have the following values:

See also

google.iam.v1.Binding definition in proto format

BindingDelta

static

One delta entry for Binding. Each individual change (only one member in each entry) to a binding will be a separate entry.

Properties

Parameter

action

number

The action that was performed on a Binding. Required

The number should be among the values of Action

role

string

Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner. Required

member

string

A single identity requesting access for a Cloud Platform resource. Follows the same format of Binding.members. Required

See also

google.iam.v1.BindingDelta definition in proto format

Policy

static

Defines an Identity and Access Management (IAM) policy. It is used to specify access control policies for Cloud Platform resources.

A Policy consists of a list of bindings. A Binding binds a list of members to a role, where the members can be user accounts, Google groups, Google domains, and service accounts. A role is a named list of permissions defined by IAM.

Example

{
  "bindings": [
    {
      "role": "roles/owner",
      "members": [
        "user:mike@example.com",
        "group:admins@example.com",
        "domain:google.com",
        "serviceAccount:my-other-app@appspot.gserviceaccount.com",
      ]
    },
    {
      "role": "roles/viewer",
      "members": ["user:sean@example.com"]
    }
  ]
}

For a description of IAM and its features, see the IAM developer's guide.

Properties

Parameter

version

number

Version of the Policy. The default version is 0.

bindings

Array of Object

Associates a list of members to a role. Multiple bindings must not be specified for the same role. bindings with no members will result in an error.

This object should have the same structure as Binding

etag

string

etag is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the etag in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An etag is returned in the response to getIamPolicy, and systems are expected to put that etag in the request to setIamPolicy to ensure that their change will be applied to the same version of the policy.

If no etag is provided in the call to setIamPolicy, then the existing policy is overwritten blindly.

See also

google.iam.v1.Policy definition in proto format

PolicyDelta

static

The difference delta between two policies.

Property

Parameter

bindingDeltas

Array of Object

The delta for Bindings between two policies.

This object should have the same structure as BindingDelta

See also

google.iam.v1.PolicyDelta definition in proto format