Reference documentation and code samples for the Google Cloud Security Command Center V2 Client class Access.
Represents an access event.
Generated from protobuf message google.cloud.securitycenter.v2.Access
Namespace
Google \ Cloud \ SecurityCenter \ V2Methods
__construct
Constructor.
Parameters | |
---|---|
Name | Description |
data |
array
Optional. Data for populating the Message object. |
↳ principal_email |
string
Associated email, such as "foo@google.com". The email address of the authenticated user or a service account acting on behalf of a third party principal making the request. For third party identity callers, the |
↳ caller_ip |
string
Caller's IP address, such as "1.1.1.1". |
↳ caller_ip_geo |
Geolocation
The caller IP's geolocation, which identifies where the call came from. |
↳ user_agent_family |
string
Type of user agent associated with the finding. For example, an operating system shell or an embedded or standalone application. |
↳ user_agent |
string
The caller's user agent string associated with the finding. |
↳ service_name |
string
This is the API service that the service account made a call to, e.g. "iam.googleapis.com" |
↳ method_name |
string
The method that the service account called, e.g. "SetIamPolicy". |
↳ principal_subject |
string
A string that represents the principal_subject that is associated with the identity. Unlike |
↳ service_account_key_name |
string
The name of the service account key that was used to create or exchange credentials when authenticating the service account that made the request. This is a scheme-less URI full resource name. For example: "//iam.googleapis.com/projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}". |
↳ service_account_delegation_info |
array<ServiceAccountDelegationInfo>
The identity delegation history of an authenticated service account that made the request. The |
↳ user_name |
string
A string that represents a username. The username provided depends on the type of the finding and is likely not an IAM principal. For example, this can be a system username if the finding is related to a virtual machine, or it can be an application login username. |
getPrincipalEmail
Associated email, such as "foo@google.com".
The email address of the authenticated user or a service account acting on
behalf of a third party principal making the request. For third party
identity callers, the principal_subject
field is populated instead of
this field. For privacy reasons, the principal email address is sometimes
redacted. For more information, see Caller identities in audit
logs.
Returns | |
---|---|
Type | Description |
string |
setPrincipalEmail
Associated email, such as "foo@google.com".
The email address of the authenticated user or a service account acting on
behalf of a third party principal making the request. For third party
identity callers, the principal_subject
field is populated instead of
this field. For privacy reasons, the principal email address is sometimes
redacted. For more information, see Caller identities in audit
logs.
Parameter | |
---|---|
Name | Description |
var |
string
|
Returns | |
---|---|
Type | Description |
$this |
getCallerIp
Caller's IP address, such as "1.1.1.1".
Returns | |
---|---|
Type | Description |
string |
setCallerIp
Caller's IP address, such as "1.1.1.1".
Parameter | |
---|---|
Name | Description |
var |
string
|
Returns | |
---|---|
Type | Description |
$this |
getCallerIpGeo
The caller IP's geolocation, which identifies where the call came from.
Returns | |
---|---|
Type | Description |
Geolocation|null |
hasCallerIpGeo
clearCallerIpGeo
setCallerIpGeo
The caller IP's geolocation, which identifies where the call came from.
Parameter | |
---|---|
Name | Description |
var |
Geolocation
|
Returns | |
---|---|
Type | Description |
$this |
getUserAgentFamily
Type of user agent associated with the finding. For example, an operating system shell or an embedded or standalone application.
Returns | |
---|---|
Type | Description |
string |
setUserAgentFamily
Type of user agent associated with the finding. For example, an operating system shell or an embedded or standalone application.
Parameter | |
---|---|
Name | Description |
var |
string
|
Returns | |
---|---|
Type | Description |
$this |
getUserAgent
The caller's user agent string associated with the finding.
Returns | |
---|---|
Type | Description |
string |
setUserAgent
The caller's user agent string associated with the finding.
Parameter | |
---|---|
Name | Description |
var |
string
|
Returns | |
---|---|
Type | Description |
$this |
getServiceName
This is the API service that the service account made a call to, e.g.
"iam.googleapis.com"
Returns | |
---|---|
Type | Description |
string |
setServiceName
This is the API service that the service account made a call to, e.g.
"iam.googleapis.com"
Parameter | |
---|---|
Name | Description |
var |
string
|
Returns | |
---|---|
Type | Description |
$this |
getMethodName
The method that the service account called, e.g. "SetIamPolicy".
Returns | |
---|---|
Type | Description |
string |
setMethodName
The method that the service account called, e.g. "SetIamPolicy".
Parameter | |
---|---|
Name | Description |
var |
string
|
Returns | |
---|---|
Type | Description |
$this |
getPrincipalSubject
A string that represents the principal_subject that is associated with the
identity. Unlike principal_email
, principal_subject
supports principals
that aren't associated with email addresses, such as third party
principals. For most identities, the format is
principal://iam.googleapis.com/{identity pool name}/subject/{subject}
.
Some GKE identities, such as GKE_WORKLOAD, FREEFORM, and GKE_HUB_WORKLOAD,
still use the legacy format serviceAccount:{identity pool
name}[{subject}]
.
Returns | |
---|---|
Type | Description |
string |
setPrincipalSubject
A string that represents the principal_subject that is associated with the
identity. Unlike principal_email
, principal_subject
supports principals
that aren't associated with email addresses, such as third party
principals. For most identities, the format is
principal://iam.googleapis.com/{identity pool name}/subject/{subject}
.
Some GKE identities, such as GKE_WORKLOAD, FREEFORM, and GKE_HUB_WORKLOAD,
still use the legacy format serviceAccount:{identity pool
name}[{subject}]
.
Parameter | |
---|---|
Name | Description |
var |
string
|
Returns | |
---|---|
Type | Description |
$this |
getServiceAccountKeyName
The name of the service account key that was used to create or exchange credentials when authenticating the service account that made the request.
This is a scheme-less URI full resource name. For example: "//iam.googleapis.com/projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}".
Returns | |
---|---|
Type | Description |
string |
setServiceAccountKeyName
The name of the service account key that was used to create or exchange credentials when authenticating the service account that made the request.
This is a scheme-less URI full resource name. For example: "//iam.googleapis.com/projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}".
Parameter | |
---|---|
Name | Description |
var |
string
|
Returns | |
---|---|
Type | Description |
$this |
getServiceAccountDelegationInfo
The identity delegation history of an authenticated service account that
made the request. The serviceAccountDelegationInfo[]
object contains
information about the real authorities that try to access Google Cloud
resources by delegating on a service account. When multiple authorities are
present, they are guaranteed to be sorted based on the original ordering of
the identity delegation events.
Returns | |
---|---|
Type | Description |
Google\Protobuf\Internal\RepeatedField |
setServiceAccountDelegationInfo
The identity delegation history of an authenticated service account that
made the request. The serviceAccountDelegationInfo[]
object contains
information about the real authorities that try to access Google Cloud
resources by delegating on a service account. When multiple authorities are
present, they are guaranteed to be sorted based on the original ordering of
the identity delegation events.
Parameter | |
---|---|
Name | Description |
var |
array<ServiceAccountDelegationInfo>
|
Returns | |
---|---|
Type | Description |
$this |
getUserName
A string that represents a username. The username provided depends on the type of the finding and is likely not an IAM principal. For example, this can be a system username if the finding is related to a virtual machine, or it can be an application login username.
Returns | |
---|---|
Type | Description |
string |
setUserName
A string that represents a username. The username provided depends on the type of the finding and is likely not an IAM principal. For example, this can be a system username if the finding is related to a virtual machine, or it can be an application login username.
Parameter | |
---|---|
Name | Description |
var |
string
|
Returns | |
---|---|
Type | Description |
$this |