BigQuery API - Class Google::Cloud::Bigquery::Policy::Binding (v1.42.0)

Reference documentation and code samples for the BigQuery API class Google::Cloud::Bigquery::Policy::Binding.

Policy::Binding

Represents a Cloud IAM Binding for BigQuery resources within the context of a Google::Cloud::Bigquery::Policy.

A binding binds one or more members to a single role. Member strings can describe user accounts, service accounts, Google groups, and domains. A role is a named list of permissions; each role can be an IAM predefined role or a user-created custom role.

Inherits

  • Object

Examples

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"
table = dataset.table "my_table"

policy = table.policy
binding_owner = policy.bindings.find { |b| b.role == "roles/owner" }

binding_owner.role #=> "roles/owner"
binding_owner.members #=> ["user:owner@example.com"]

binding_owner.frozen? #=> true
binding_owner.members.frozen? #=> true

Update mutable bindings.

require "google/cloud/bigquery"

bigquery = Google::Cloud::Bigquery.new
dataset = bigquery.dataset "my_dataset"
table = dataset.table "my_table"

table.update_policy do |p|
  binding_owner = p.bindings.find { |b| b.role == "roles/owner" }
  binding_owner.members.delete_if { |m| m.include? "@example.com" }
end

Methods

#members

def members() -> Array<String>

Specifies the identities requesting access for a Cloud Platform resource. members can have the following values. Required.

  • allUsers: A special identifier that represents anyone who is on the internet; with or without a Google account.
  • allAuthenticatedUsers: A special identifier that represents anyone who is authenticated with a Google account or a service account.
  • user:<emailid>: An email address that represents a specific Google account. For example, alice@example.com.
  • serviceAccount:<emailid>: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
  • group:<emailid>: An email address that represents a Google group. For example, admins@example.com.
  • deleted:user:<emailid>?uid=<uniqueid>: An email address (plus unique identifier) representing a user that has been recently deleted. For example, alice@example.com?uid=123456789012345678901. If the user is recovered, this value reverts to user:<emailid> and the recovered user retains the role in the binding.
  • deleted: serviceAccount:<emailid>?uid=<uniqueid>: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901. If the service account is undeleted, this value reverts to serviceAccount:<emailid> and the undeleted service account retains the role in the binding.
  • deleted:group:<emailid>?uid=<uniqueid>: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, admins@example.com?uid=123456789012345678901. If the group is recovered, this value reverts to group:<emailid> and the recovered group retains the role in the binding.
  • domain:<domain>: The G Suite domain (primary) that represents all the users of that domain. For example, google.com or example.com.
Returns
  • (Array<String>) — the current value of members

#members=

def members=(new_members)

Sets the binding members.

#role

def role() -> String

The role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner. Required.

Returns
  • (String) — the current value of role

#role=

def role=(value) -> String

The role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner. Required.

Parameter
  • value (String) — the newly set value
Returns
  • (String) — the newly set value