Entitlement(mapping=None, *, ignore_unknown_fields=False, **kwargs)
An entitlement defines the eligibility of a set of users to obtain predefined access for some time possibly after going through an approval workflow.
Attributes |
|
---|---|
Name | Description |
name |
str
Identifier. Name of the entitlement. Possible formats: - organizations/{organization-number}/locations/{region}/entitlements/{entitlement-id}
- folders/{folder-number}/locations/{region}/entitlements/{entitlement-id}
- projects/{project-id|project-number}/locations/{region}/entitlements/{entitlement-id}
|
create_time |
google.protobuf.timestamp_pb2.Timestamp
Output only. Create time stamp. |
update_time |
google.protobuf.timestamp_pb2.Timestamp
Output only. Update time stamp. |
eligible_users |
MutableSequence[google.cloud.privilegedaccessmanager_v1.types.AccessControlEntry]
Optional. Who can create grants using this entitlement. This list should contain at most one entry. |
approval_workflow |
google.cloud.privilegedaccessmanager_v1.types.ApprovalWorkflow
Optional. The approvals needed before access are granted to a requester. No approvals are needed if this field is null. |
privileged_access |
google.cloud.privilegedaccessmanager_v1.types.PrivilegedAccess
The access granted to a requester on successful approval. |
max_request_duration |
google.protobuf.duration_pb2.Duration
Required. The maximum amount of time that access is granted for a request. A requester can ask for a duration less than this, but never more. |
state |
google.cloud.privilegedaccessmanager_v1.types.Entitlement.State
Output only. Current state of this entitlement. |
requester_justification_config |
google.cloud.privilegedaccessmanager_v1.types.Entitlement.RequesterJustificationConfig
Required. The manner in which the requester should provide a justification for requesting access. |
additional_notification_targets |
google.cloud.privilegedaccessmanager_v1.types.Entitlement.AdditionalNotificationTargets
Optional. Additional email addresses to be notified based on actions taken. |
etag |
str
An etag is used for optimistic concurrency control as a
way to prevent simultaneous updates to the same entitlement.
An etag is returned in the response to
GetEntitlement and the caller should put the etag in
the request to UpdateEntitlement so that their change is
applied on the same version. If this field is omitted or if
there is a mismatch while updating an entitlement, then the
server rejects the request.
|
Classes
AdditionalNotificationTargets
AdditionalNotificationTargets(
mapping=None, *, ignore_unknown_fields=False, **kwargs
)
AdditionalNotificationTargets
includes email addresses to be
notified.
RequesterJustificationConfig
RequesterJustificationConfig(
mapping=None, *, ignore_unknown_fields=False, **kwargs
)
Defines how a requester must provide a justification when requesting access.
This message has oneof
_ fields (mutually exclusive fields).
For each oneof, at most one member field can be set at the same time.
Setting any member of the oneof automatically clears all other
members.
.. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields
State
State(value)
Different states an entitlement can be in.