Class: Google::Iam::V1::Policy

Inherits:
Object
  • Object
show all
Defined in:
lib/google/cloud/tasks/v2/doc/google/iam/v1/policy.rb,
lib/google/cloud/tasks/v2beta2/doc/google/iam/v1/policy.rb,
lib/google/cloud/tasks/v2beta3/doc/google/iam/v1/policy.rb

Overview

Defines an Identity and Access Management (IAM) policy. It is used to specify access control policies for Cloud Platform resources.

A Policy is a collection of bindings. A binding binds one or more members to a single role. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A role is a named list of permissions (defined by IAM or configured by users). A binding can optionally specify a condition, which is a logic expression that further constrains the role binding based on attributes about the request and/or target resource.

JSON Example

{
  "bindings": [
    {
      "role": "roles/resourcemanager.organizationAdmin",
      "members": [
        "user:[email protected]",
        "group:[email protected]",
        "domain:google.com",
        "serviceAccount:[email protected]"
      ]
    },
    {
      "role": "roles/resourcemanager.organizationViewer",
      "members": ["user:[email protected]"],
      "condition": {
        "title": "expirable access",
        "description": "Does not grant access after Sep 2020",
        "expression": "request.time <
        timestamp('2020-10-01T00:00:00.000Z')",
      }
    }
  ]
}

YAML Example

bindings:

Instance Attribute Summary collapse

Instance Attribute Details

#bindingsArray<Google::Iam::V1::Binding> 



111
 
# File 'lib/google/cloud/tasks/v2/doc/google/iam/v1/policy.rb', line 111

class Policy; end

#etagString 



111
 
# File 'lib/google/cloud/tasks/v2/doc/google/iam/v1/policy.rb', line 111

class Policy; end

#versionInteger 



111
 
# File 'lib/google/cloud/tasks/v2/doc/google/iam/v1/policy.rb', line 111

class Policy; end