public sealed class DataAccessScope : IMessage<DataAccessScope>, IEquatable<DataAccessScope>, IDeepCloneable<DataAccessScope>, IBufferMessage, IMessage
Reference documentation and code samples for the Chronicle v1 API class DataAccessScope.
A DataAccessScope is a boolean expression of data access labels used
to restrict access to data for users.
Optional. Whether or not the scope allows all labels, allow_all and
allowed_data_access_labels are mutually exclusive and one of them must be
present. denied_data_access_labels can still be used along with allow_all.
When combined with denied_data_access_labels, access will be granted to all
data that doesn't have labels mentioned in denied_data_access_labels. E.g.:
A customer with scope with denied labels A and B and allow_all will be able
to see all data except data labeled with A and data labeled with B and data
with labels A and B.
public RepeatedField<DataAccessLabelReference> AllowedDataAccessLabels { get; }
Optional. The allowed labels for the scope.
Either allow_all or allowed_data_access_labels needs to be provided.
When provided, there has to be at least one label allowed for the scope to
be valid.
The logical operator for evaluation of the allowed labels is OR.
E.g.: A customer with scope with allowed labels A and B will be able
to see data with labeled with A or B or (A and B).
public RepeatedField<DataAccessLabelReference> DeniedDataAccessLabels { get; }
Optional. The denied labels for the scope.
The logical operator for evaluation of the denied labels is AND.
E.g.: A customer with scope with denied labels A and B won't be able
to see data labeled with A and data labeled with B
and data with labels A and B.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-07 UTC."],[],[],null,["# Chronicle v1 API - Class DataAccessScope (1.0.0-beta02)\n\nVersion latestkeyboard_arrow_down\n\n- [1.0.0-beta02 (latest)](/dotnet/docs/reference/Google.Cloud.Chronicle.V1/latest/Google.Cloud.Chronicle.V1.DataAccessScope)\n- [1.0.0-beta01](/dotnet/docs/reference/Google.Cloud.Chronicle.V1/1.0.0-beta01/Google.Cloud.Chronicle.V1.DataAccessScope) \n\n public sealed class DataAccessScope : IMessage\u003cDataAccessScope\u003e, IEquatable\u003cDataAccessScope\u003e, IDeepCloneable\u003cDataAccessScope\u003e, IBufferMessage, IMessage\n\nReference documentation and code samples for the Chronicle v1 API class DataAccessScope.\n\nA DataAccessScope is a boolean expression of data access labels used\nto restrict access to data for users. \n\nInheritance\n-----------\n\n[object](https://learn.microsoft.com/dotnet/api/system.object) \\\u003e DataAccessScope \n\nImplements\n----------\n\n[IMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IMessage-1.html)[DataAccessScope](/dotnet/docs/reference/Google.Cloud.Chronicle.V1/latest/Google.Cloud.Chronicle.V1.DataAccessScope), [IEquatable](https://learn.microsoft.com/dotnet/api/system.iequatable-1)[DataAccessScope](/dotnet/docs/reference/Google.Cloud.Chronicle.V1/latest/Google.Cloud.Chronicle.V1.DataAccessScope), [IDeepCloneable](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IDeepCloneable-1.html)[DataAccessScope](/dotnet/docs/reference/Google.Cloud.Chronicle.V1/latest/Google.Cloud.Chronicle.V1.DataAccessScope), [IBufferMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IBufferMessage.html), [IMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IMessage.html) \n\nInherited Members\n-----------------\n\n[object.GetHashCode()](https://learn.microsoft.com/dotnet/api/system.object.gethashcode) \n[object.GetType()](https://learn.microsoft.com/dotnet/api/system.object.gettype) \n[object.ToString()](https://learn.microsoft.com/dotnet/api/system.object.tostring)\n\nNamespace\n---------\n\n[Google.Cloud.Chronicle.V1](/dotnet/docs/reference/Google.Cloud.Chronicle.V1/latest/Google.Cloud.Chronicle.V1)\n\nAssembly\n--------\n\nGoogle.Cloud.Chronicle.V1.dll\n\nConstructors\n------------\n\n### DataAccessScope()\n\n public DataAccessScope()\n\n### DataAccessScope(DataAccessScope)\n\n public DataAccessScope(DataAccessScope other)\n\nProperties\n----------\n\n### AllowAll\n\n public bool AllowAll { get; set; }\n\nOptional. Whether or not the scope allows all labels, allow_all and\nallowed_data_access_labels are mutually exclusive and one of them must be\npresent. denied_data_access_labels can still be used along with allow_all.\nWhen combined with denied_data_access_labels, access will be granted to all\ndata that doesn't have labels mentioned in denied_data_access_labels. E.g.:\nA customer with scope with denied labels A and B and allow_all will be able\nto see all data except data labeled with A and data labeled with B and data\nwith labels A and B.\n\n### AllowedDataAccessLabels\n\n public RepeatedField\u003cDataAccessLabelReference\u003e AllowedDataAccessLabels { get; }\n\nOptional. The allowed labels for the scope.\nEither allow_all or allowed_data_access_labels needs to be provided.\nWhen provided, there has to be at least one label allowed for the scope to\nbe valid.\nThe logical operator for evaluation of the allowed labels is OR.\nE.g.: A customer with scope with allowed labels A and B will be able\nto see data with labeled with A or B or (A and B).\n\n### Author\n\n public string Author { get; set; }\n\nOutput only. The user who created the data access scope.\n\n### CreateTime\n\n public Timestamp CreateTime { get; set; }\n\nOutput only. The time at which the data access scope was created.\n\n### DataAccessScopeName\n\n public DataAccessScopeName DataAccessScopeName { get; set; }\n\n[DataAccessScopeName](/dotnet/docs/reference/Google.Cloud.Chronicle.V1/latest/Google.Cloud.Chronicle.V1.DataAccessScopeName)-typed view over the [Name](/dotnet/docs/reference/Google.Cloud.Chronicle.V1/latest/Google.Cloud.Chronicle.V1.DataAccessScope#Google_Cloud_Chronicle_V1_DataAccessScope_Name) resource name property.\n\n### DeniedDataAccessLabels\n\n public RepeatedField\u003cDataAccessLabelReference\u003e DeniedDataAccessLabels { get; }\n\nOptional. The denied labels for the scope.\nThe logical operator for evaluation of the denied labels is AND.\nE.g.: A customer with scope with denied labels A and B won't be able\nto see data labeled with A and data labeled with B\nand data with labels A and B.\n\n### Description\n\n public string Description { get; set; }\n\nOptional. A description of the data access scope for a human reader.\n\n### DisplayName\n\n public string DisplayName { get; set; }\n\nOutput only. The name to be used for display to customers of the data\naccess scope.\n\n### LastEditor\n\n public string LastEditor { get; set; }\n\nOutput only. The user who last updated the data access scope.\n\n### Name\n\n public string Name { get; set; }\n\nRequired. The unique full name of the data access scope.\nThe name should comply with \u003chttps://google.aip.dev/122\u003e standards.\n\n### UpdateTime\n\n public Timestamp UpdateTime { get; set; }\n\nOutput only. The time at which the data access scope was last updated."]]
