Reference documentation and code samples for the Access Context Manager V1 API class Google::Identity::AccessContextManager::V1::AccessPolicy.
AccessPolicy
is a container for AccessLevels
(which define the necessary
attributes to use Google Cloud services) and ServicePerimeters
(which
define regions of services able to freely pass data within a perimeter). An
access policy is globally visible within an organization, and the
restrictions it specifies apply to all projects within an organization.
Inherits
- Object
Extended By
- Google::Protobuf::MessageExts::ClassMethods
Includes
- Google::Protobuf::MessageExts
Methods
#create_time
def create_time() -> ::Google::Protobuf::Timestamp
-
(::Google::Protobuf::Timestamp) — Output only. Time the
AccessPolicy
was created in UTC.
#create_time=
def create_time=(value) -> ::Google::Protobuf::Timestamp
-
value (::Google::Protobuf::Timestamp) — Output only. Time the
AccessPolicy
was created in UTC.
-
(::Google::Protobuf::Timestamp) — Output only. Time the
AccessPolicy
was created in UTC.
#etag
def etag() -> ::String
-
(::String) — Output only. An opaque identifier for the current version of the
AccessPolicy
. This will always be a strongly validated etag, meaning that two Access Polices will be identical if and only if their etags are identical. Clients should not expect this to be in any specific format.
#etag=
def etag=(value) -> ::String
-
value (::String) — Output only. An opaque identifier for the current version of the
AccessPolicy
. This will always be a strongly validated etag, meaning that two Access Polices will be identical if and only if their etags are identical. Clients should not expect this to be in any specific format.
-
(::String) — Output only. An opaque identifier for the current version of the
AccessPolicy
. This will always be a strongly validated etag, meaning that two Access Polices will be identical if and only if their etags are identical. Clients should not expect this to be in any specific format.
#name
def name() -> ::String
-
(::String) — Output only. Resource name of the
AccessPolicy
. Format:accessPolicies/{access_policy}
#name=
def name=(value) -> ::String
-
value (::String) — Output only. Resource name of the
AccessPolicy
. Format:accessPolicies/{access_policy}
-
(::String) — Output only. Resource name of the
AccessPolicy
. Format:accessPolicies/{access_policy}
#parent
def parent() -> ::String
-
(::String) — Required. The parent of this
AccessPolicy
in the Cloud Resource Hierarchy. Currently immutable once created. Format:organizations/{organization_id}
#parent=
def parent=(value) -> ::String
-
value (::String) — Required. The parent of this
AccessPolicy
in the Cloud Resource Hierarchy. Currently immutable once created. Format:organizations/{organization_id}
-
(::String) — Required. The parent of this
AccessPolicy
in the Cloud Resource Hierarchy. Currently immutable once created. Format:organizations/{organization_id}
#scopes
def scopes() -> ::Array<::String>
-
(::Array<::String>) —
The scopes of a policy define which resources an ACM policy can restrict, and where ACM resources can be referenced. For example, a policy with scopes=["folders/123"] has the following behavior:
- vpcsc perimeters can only restrict projects within folders/123
- access levels can only be referenced by resources within folders/123.
If empty, there are no limitations on which resources can be restricted by
an ACM policy, and there are no limitations on where ACM resources can be
referenced.
Only one policy can include a given scope (attempting to create a second
policy which includes "folders/123" will result in an error).
Currently, scopes cannot be modified after a policy is created.
Currently, policies can only have a single scope.
Format: list of
folders/{folder_number}
orprojects/{project_number}
#scopes=
def scopes=(value) -> ::Array<::String>
-
value (::Array<::String>) —
The scopes of a policy define which resources an ACM policy can restrict, and where ACM resources can be referenced. For example, a policy with scopes=["folders/123"] has the following behavior:
- vpcsc perimeters can only restrict projects within folders/123
- access levels can only be referenced by resources within folders/123.
If empty, there are no limitations on which resources can be restricted by
an ACM policy, and there are no limitations on where ACM resources can be
referenced.
Only one policy can include a given scope (attempting to create a second
policy which includes "folders/123" will result in an error).
Currently, scopes cannot be modified after a policy is created.
Currently, policies can only have a single scope.
Format: list of
folders/{folder_number}
orprojects/{project_number}
-
(::Array<::String>) —
The scopes of a policy define which resources an ACM policy can restrict, and where ACM resources can be referenced. For example, a policy with scopes=["folders/123"] has the following behavior:
- vpcsc perimeters can only restrict projects within folders/123
- access levels can only be referenced by resources within folders/123.
If empty, there are no limitations on which resources can be restricted by
an ACM policy, and there are no limitations on where ACM resources can be
referenced.
Only one policy can include a given scope (attempting to create a second
policy which includes "folders/123" will result in an error).
Currently, scopes cannot be modified after a policy is created.
Currently, policies can only have a single scope.
Format: list of
folders/{folder_number}
orprojects/{project_number}
#title
def title() -> ::String
- (::String) — Required. Human readable title. Does not affect behavior.
#title=
def title=(value) -> ::String
- value (::String) — Required. Human readable title. Does not affect behavior.
- (::String) — Required. Human readable title. Does not affect behavior.
#update_time
def update_time() -> ::Google::Protobuf::Timestamp
-
(::Google::Protobuf::Timestamp) — Output only. Time the
AccessPolicy
was updated in UTC.
#update_time=
def update_time=(value) -> ::Google::Protobuf::Timestamp
-
value (::Google::Protobuf::Timestamp) — Output only. Time the
AccessPolicy
was updated in UTC.
-
(::Google::Protobuf::Timestamp) — Output only. Time the
AccessPolicy
was updated in UTC.