Reference documentation and code samples for the BigQuery API class Google::Cloud::Bigquery::Policy::Binding.
Policy::Binding
Represents a Cloud IAM Binding for BigQuery resources within the context of a Google::Cloud::Bigquery::Policy.
A binding binds one or more members to a single role. Member strings can describe user accounts, service accounts, Google groups, and domains. A role is a named list of permissions; each role can be an IAM predefined role or a user-created custom role.
Inherits
- Object
Examples
require "google/cloud/bigquery" bigquery = Google::Cloud::Bigquery.new dataset = bigquery.dataset "my_dataset" table = dataset.table "my_table" policy = table.policy binding_owner = policy.bindings.find { |b| b.role == "roles/owner" } binding_owner.role #=> "roles/owner" binding_owner.members #=> ["user:owner@example.com"] binding_owner.frozen? #=> true binding_owner.members.frozen? #=> true
Update mutable bindings.
require "google/cloud/bigquery" bigquery = Google::Cloud::Bigquery.new dataset = bigquery.dataset "my_dataset" table = dataset.table "my_table" table.update_policy do |p| binding_owner = p.bindings.find { |b| b.role == "roles/owner" } binding_owner.members.delete_if { |m| m.include? "@example.com" } end
Methods
#members
def members() -> Array<String>
Specifies the identities requesting access for a Cloud Platform resource.
members
can have the following values. Required.
allUsers
: A special identifier that represents anyone who is on the internet; with or without a Google account.allAuthenticatedUsers
: A special identifier that represents anyone who is authenticated with a Google account or a service account.user:<emailid>
: An email address that represents a specific Google account. For example,alice@example.com
.serviceAccount:<emailid>
: An email address that represents a service account. For example,my-other-app@appspot.gserviceaccount.com
.group:<emailid>
: An email address that represents a Google group. For example,admins@example.com
.deleted:user:<emailid>?uid=<uniqueid>
: An email address (plus unique identifier) representing a user that has been recently deleted. For example,alice@example.com?uid=123456789012345678901
. If the user is recovered, this value reverts touser:<emailid>
and the recovered user retains the role in the binding.deleted: serviceAccount:<emailid>?uid=<uniqueid>
: An email address (plus unique identifier) representing a service account that has been recently deleted. For example,my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901
. If the service account is undeleted, this value reverts toserviceAccount:<emailid>
and the undeleted service account retains the role in the binding.deleted:group:<emailid>?uid=<uniqueid>
: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example,admins@example.com?uid=123456789012345678901
. If the group is recovered, this value reverts togroup:<emailid>
and the recovered group retains the role in the binding.domain:<domain>
: The G Suite domain (primary) that represents all the users of that domain. For example,google.com
orexample.com
.
- (Array<String>) — the current value of members
#members=
def members=(new_members)
Sets the binding members.
#role
def role() -> String
The role that is assigned to members
. For example, roles/viewer
, roles/editor
, or
roles/owner
. Required.
- (String) — the current value of role
#role=
def role=(value) -> String
The role that is assigned to members
. For example, roles/viewer
, roles/editor
, or
roles/owner
. Required.
- value (String) — the newly set value
- (String) — the newly set value