public sealed class IdentitySelector : IMessage<IamPolicyAnalysisQuery.Types.IdentitySelector>, IEquatable<IamPolicyAnalysisQuery.Types.IdentitySelector>, IDeepCloneable<IamPolicyAnalysisQuery.Types.IdentitySelector>, IBufferMessage, IMessage
Specifies an identity for which to determine resource access, based on
roles assigned either directly to them or to the groups they belong to,
directly or indirectly.
Required. The identity appear in the form of principals in
IAM policy
binding.
The examples of supported forms are:
"user:mike@example.com",
"group:admins@example.com",
"domain:google.com",
"serviceAccount:my-project-id@appspot.gserviceaccount.com".
Notice that wildcard characters (such as * and ?) are not supported.
You must give a specific identity.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-07 UTC."],[[["\u003cp\u003eThe latest version of the \u003ccode\u003eIdentitySelector\u003c/code\u003e class is 3.12.0, while it has a history of versions, starting from 2.7.0, all available for reference.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003eIdentitySelector\u003c/code\u003e class, part of the \u003ccode\u003eGoogle.Cloud.Asset.V1\u003c/code\u003e namespace, specifies an identity for determining resource access based on assigned roles.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003eIdentitySelector\u003c/code\u003e class implements several interfaces, including \u003ccode\u003eIMessage\u003c/code\u003e, \u003ccode\u003eIEquatable\u003c/code\u003e, \u003ccode\u003eIDeepCloneable\u003c/code\u003e, and \u003ccode\u003eIBufferMessage\u003c/code\u003e, and inherits from the \u003ccode\u003eObject\u003c/code\u003e class.\u003c/p\u003e\n"],["\u003cp\u003eYou can create an instance of \u003ccode\u003eIdentitySelector\u003c/code\u003e using either the default constructor \u003ccode\u003eIdentitySelector()\u003c/code\u003e or a constructor that accepts another \u003ccode\u003eIdentitySelector\u003c/code\u003e object as a parameter.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003eIdentity\u003c/code\u003e property within the \u003ccode\u003eIdentitySelector\u003c/code\u003e class is a required string that represents the principal in IAM policy bindings, such as users, groups, domains, or service accounts.\u003c/p\u003e\n"]]],[],null,[]]
