Binding(mapping=None, *, ignore_unknown_fields=False, **kwargs)Associates members, or principals, with a role.
Attributes
| Name | Description |
| binding_id |
str
This is deprecated and has no effect. Do not use. This field is a member of `oneof`_ ``_binding_id``. |
| condition |
google.cloud.compute_v1.types.Expr
The condition that is associated with this binding. If the condition evaluates to ``true``, then this binding applies to the current request. If the condition evaluates to ``false``, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the `IAM documentation |
| members |
Sequence[str]
Specifies the principals requesting access for a Google Cloud resource. ``members`` can have the following values: \* ``allUsers``: A special identifier that represents anyone who is on the internet; with or without a Google account. \* ``allAuthenticatedUsers``: A special identifier that represents anyone who is authenticated with a Google account or a service account. \* ``user:{emailid}``: An email address that represents a specific Google account. For example, ``alice@example.com`` . \* ``serviceAccount:{emailid}``: An email address that represents a service account. For example, ``my-other-app@appspot.gserviceaccount.com``. \* ``group:{emailid}``: An email address that represents a Google group. For example, ``admins@example.com``. \* ``deleted:user:{emailid}?uid={uniqueid}``: An email address (plus unique identifier) representing a user that has been recently deleted. For example, ``alice@example.com?uid=123456789012345678901``. If the user is recovered, this value reverts to ``user:{emailid}`` and the recovered user retains the role in the binding. \* ``deleted:serviceAccount:{emailid}?uid={uniqueid}``: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, ``my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901``. If the service account is undeleted, this value reverts to ``serviceAccount:{emailid}`` and the undeleted service account retains the role in the binding. \* ``deleted:group:{emailid}?uid={uniqueid}``: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, ``admins@example.com?uid=123456789012345678901``. If the group is recovered, this value reverts to ``group:{emailid}`` and the recovered group retains the role in the binding. \* ``domain:{domain}``: The G Suite domain (primary) that represents all the users of that domain. For example, ``google.com`` or ``example.com``. |
| role |
str
Role that is assigned to the list of ``members``, or principals. For example, ``roles/viewer``, ``roles/editor``, or ``roles/owner``. This field is a member of `oneof`_ ``_role``. |