Binding(mapping=None, *, ignore_unknown_fields=False, **kwargs)Associates members with a role.
.. attribute:: binding_id
:type: str
Attributes
| Name | Description |
condition |
google.cloud.compute_v1.types.Expr
The condition that is associated with this binding. If the condition evaluates to true, then this binding
applies to the current request.
If the condition evaluates to false, then this binding
does not apply to the current request. However, a different
role binding might grant the same role to one or more of the
members in this binding.
To learn which resources support conditions in their IAM
policies, see the `IAM
documentation |
members |
Sequence[str]
Specifies the identities requesting access for a Cloud Platform resource. members can have the following
values:
- allUsers: A special identifier that represents anyone
who is on the internet; with or without a Google account.
- allAuthenticatedUsers: A special identifier that
represents anyone who is authenticated with a Google
account or a service account.
- user:{emailid}: An email address that represents a
specific Google account. For example,
alice@example.com .
- serviceAccount:{emailid}: An email address that
represents a service account. For example,
my-other-app@appspot.gserviceaccount.com.
- group:{emailid}: An email address that represents a
Google group. For example, admins@example.com.
- deleted:user:{emailid}?uid={uniqueid}: An email
address (plus unique identifier) representing a user that
has been recently deleted. For example,
alice@example.com?uid=123456789012345678901. If the
user is recovered, this value reverts to
user:{emailid} and the recovered user retains the
role in the binding.
- deleted:serviceAccount:{emailid}?uid={uniqueid}: An
email address (plus unique identifier) representing a
service account that has been recently deleted. For
example,
my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901.
If the service account is undeleted, this value reverts
to serviceAccount:{emailid} and the undeleted service
account retains the role in the binding.
- deleted:group:{emailid}?uid={uniqueid}: An email
address (plus unique identifier) representing a Google
group that has been recently deleted. For example,
admins@example.com?uid=123456789012345678901. If the
group is recovered, this value reverts to
group:{emailid} and the recovered group retains the
role in the binding.
- domain:{domain}: The G Suite domain (primary) that
represents all the users of that domain. For example,
google.com or example.com.
|
role |
str
Role that is assigned to members. For example,
roles/viewer, roles/editor, or roles/owner.
|