Defines an Identity and Access Management (IAM) policy. It is used to specify access control policies for Cloud Platform resources.
A Policy consists of a list of bindings. A binding binds a
list of members to a role, where the members can be user
accounts, Google groups, Google domains, and service accounts. A
role is a named list of permissions defined by IAM.
JSON Example
::
{ "bindings": [ { "role": "roles/owner", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-other-app@appspot.gserviceaccount.com" ] }, { "role": "roles/viewer", "members": ["user:sean@example.com"] } ] }
YAML Example
::
bindings:
- members:
- user:mike@example.com
- group:admins@example.com
- domain:google.com
- serviceAccount:my-other-app@appspot.gserviceaccount.com role: roles/owner
- members:
- user:sean@example.com role: roles/viewer
For a description of IAM and its features, see the IAM developer’s
guide <https://cloud.google.com/iam/docs>__.
Associates a list of members to a role. bindings
with no members will result in an error.