Class Access (1.16.2)

Access(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Represents an access event.

Attributes

NameDescription
principal_email str
Associated email, such as "foo@google.com". The email address of the authenticated user (or service account on behalf of third party principal) making the request. For third party identity callers, the principal_subject field is populated instead of this field. For privacy reasons, the principal email address is sometimes redacted. For more information, see `Caller identities in audit logs
caller_ip str
Caller's IP address, such as "1.1.1.1".
caller_ip_geo google.cloud.securitycenter_v1.types.Geolocation
The caller IP's geolocation, which identifies where the call came from.
user_agent_family str
What kind of user agent is associated, e.g. operating system shells, embedded or stand-alone applications, etc.
service_name str
This is the API service that the service account made a call to, e.g. "iam.googleapis.com".
method_name str
The method that the service account called, e.g. "SetIamPolicy".
principal_subject str
A string representing the principal_subject associated with the identity. As compared to principal_email, supports principals that aren't associated with email addresses, such as third party principals. For most identities, the format will be principal://iam.googleapis.com/{identity pool name}/subjects/{subject} except for some GKE identities (GKE_WORKLOAD, FREEFORM, GKE_HUB_WORKLOAD) that are still in the legacy format serviceAccount:{identity pool name}[{subject}]
service_account_key_name str
The name of the service account key used to create or exchange credentials for authenticating the service account making the request. This is a scheme-less URI full resource name. For example: "//iam.googleapis.com/projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}".
service_account_delegation_info Sequence[google.cloud.securitycenter_v1.types.ServiceAccountDelegationInfo]
Identity delegation history of an authenticated service account that makes the request. It contains information on the real authorities that try to access GCP resources by delegating on a service account. When multiple authorities are present, they are guaranteed to be sorted based on the original ordering of the identity delegation events.