REST Resource: accessPolicies

Resource: AccessPolicy

AccessPolicy is a container for AccessLevels (which define the necessary attributes to use Google Cloud services) and ServicePerimeters (which define regions of services able to freely pass data within a perimeter). An access policy is globally visible within an organization, and the restrictions it specifies apply to all projects within an organization.

JSON representation 
{
  "name": string,
  "parent": string,
  "title": string,
  "scopes": [
    string
  ],
  "etag": string
}
Fields
name

string

Identifier. Resource name of the AccessPolicy. Format: accessPolicies/{access_policy}
parent

string

Immutable. The parent of this AccessPolicy in the Cloud Resource Hierarchy Format: organizations/{organizationId}
title

string

Required. Human readable title. Does not affect behavior.
scopes[]

string

The scopes of the AccessPolicy. Scopes define which resources a policy can restrict and where its resources can be referenced. For example, policy A with scopes=["folders/123"] has the following behavior:

  • ServicePerimeter can only restrict projects within folders/123.
  • ServicePerimeter within policy A can only reference access levels defined within policy A.
  • Only one policy can include a given scope; thus, attempting to create a second policy which includes folders/123 will result in an error.

If no scopes are provided, then any resource within the organization can be restricted. Scopes cannot be modified after a policy is created. Policies can only have a single scope. Format: list of folders/{folder_number} or projects/{projectNumber}
etag

string

Output only. An opaque identifier for the current version of the AccessPolicy. This will always be a strongly validated etag, meaning that two Access Policies will be identical if and only if their etags are identical. Clients should not expect this to be in any specific format.

Methods

create

 The method google.identity.accesscontextmanager.v1alpha.AccessContextManager.CreateAccessPolicy is not available in this (s3nsapis.fr) universe.

delete

 The method google.identity.accesscontextmanager.v1alpha.AccessContextManager.DeleteAccessPolicy is not available in this (s3nsapis.fr) universe.

get

 The method google.identity.accesscontextmanager.v1alpha.AccessContextManager.GetAccessPolicy is not available in this (s3nsapis.fr) universe.

getIamPolicy

 The method google.identity.accesscontextmanager.v1alpha.AccessContextManager.GetIamPolicy is not available in this (s3nsapis.fr) universe.

list

 The method google.identity.accesscontextmanager.v1alpha.AccessContextManager.ListAccessPolicies is not available in this (s3nsapis.fr) universe.

patch

 The method google.identity.accesscontextmanager.v1alpha.AccessContextManager.UpdateAccessPolicy is not available in this (s3nsapis.fr) universe.

setIamPolicy

 The method google.identity.accesscontextmanager.v1alpha.AccessContextManager.SetIamPolicy is not available in this (s3nsapis.fr) universe.

testIamPermissions

 The method google.identity.accesscontextmanager.v1alpha.AccessContextManager.TestIamPermissions is not available in this (s3nsapis.fr) universe.