public sealed class IdentitySelector : IMessage<IamPolicyAnalysisQuery.Types.IdentitySelector>, IEquatable<IamPolicyAnalysisQuery.Types.IdentitySelector>, IDeepCloneable<IamPolicyAnalysisQuery.Types.IdentitySelector>, IBufferMessage, IMessage
Specifies an identity for which to determine resource access, based on
roles assigned either directly to them or to the groups they belong to,
directly or indirectly.
Required. The identity appear in the form of principals in
IAM policy
binding.
The examples of supported forms are:
"user:mike@example.com",
"group:admins@example.com",
"domain:google.com",
"serviceAccount:my-project-id@appspot.gserviceaccount.com".
Notice that wildcard characters (such as * and ?) are not supported.
You must give a specific identity.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-07 UTC."],[[["\u003cp\u003eThis page provides documentation for the \u003ccode\u003eIdentitySelector\u003c/code\u003e class within the \u003ccode\u003eGoogle.Cloud.Asset.V1\u003c/code\u003e namespace, focusing on its use in determining resource access based on assigned roles.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003eIdentitySelector\u003c/code\u003e class is part of the \u003ccode\u003eIamPolicyAnalysisQuery.Types\u003c/code\u003e and is used to specify a user or group for access analysis, supporting various forms of identity specifications.\u003c/p\u003e\n"],["\u003cp\u003eThe most recent version of this documentation is \u003ccode\u003e3.12.0\u003c/code\u003e, but a variety of older versions from \u003ccode\u003e3.11.0\u003c/code\u003e to \u003ccode\u003e2.7.0\u003c/code\u003e are also available for reference, with \u003ccode\u003e2.11.0\u003c/code\u003e being the default version displayed.\u003c/p\u003e\n"],["\u003cp\u003e\u003ccode\u003eIdentitySelector\u003c/code\u003e is a sealed class that implements several interfaces, including \u003ccode\u003eIMessage\u003c/code\u003e, \u003ccode\u003eIEquatable\u003c/code\u003e, \u003ccode\u003eIDeepCloneable\u003c/code\u003e, and \u003ccode\u003eIBufferMessage\u003c/code\u003e, showing it's designed for complex data handling.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003eIdentity\u003c/code\u003e property within \u003ccode\u003eIdentitySelector\u003c/code\u003e is required and accepts a string representing the identity, and the examples of identity forms are provided such as user, group, domain, and service account, all without wildcard support.\u003c/p\u003e\n"]]],[],null,[]]
