The condition that is associated with this binding.
If the condition evaluates to true, then this binding applies to the
current request.
If the condition evaluates to false, then this binding does not apply to
the current request. However, a different role binding might grant the same
role to one or more of the principals in this binding.
To learn which resources support conditions in their IAM policies, see the
IAM
documentation.
Specifies the principals requesting access for a Google Cloud resource.
members can have the following values:
allUsers: A special identifier that represents anyone who is
on the internet; with or without a Google account.
allAuthenticatedUsers: A special identifier that represents anyone
who is authenticated with a Google account or a service account.
user:{emailid}: An email address that represents a specific Google
account. For example, alice@example.com .
serviceAccount:{emailid}: An email address that represents a service
account. For example, my-other-app@appspot.gserviceaccount.com.
group:{emailid}: An email address that represents a Google group.
For example, admins@example.com.
deleted:user:{emailid}?uid={uniqueid}: An email address (plus unique
identifier) representing a user that has been recently deleted. For
example, alice@example.com?uid=123456789012345678901. If the user is
recovered, this value reverts to user:{emailid} and the recovered user
retains the role in the binding.
deleted:serviceAccount:{emailid}?uid={uniqueid}: An email address (plus
unique identifier) representing a service account that has been recently
deleted. For example,
my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901.
If the service account is undeleted, this value reverts to
serviceAccount:{emailid} and the undeleted service account retains the
role in the binding.
deleted:group:{emailid}?uid={uniqueid}: An email address (plus unique
identifier) representing a Google group that has been recently
deleted. For example, admins@example.com?uid=123456789012345678901. If
the group is recovered, this value reverts to group:{emailid} and the
recovered group retains the role in the binding.
domain:{domain}: The G Suite domain (primary) that represents all the
users of that domain. For example, google.com or example.com.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-07 UTC."],[[["\u003cp\u003eThis documentation provides details for the \u003ccode\u003eBinding\u003c/code\u003e class within the Google Cloud Identity and Access Management (IAM) v1 API, which associates principals with roles.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003eBinding\u003c/code\u003e class implements several interfaces, including \u003ccode\u003eIMessage\u003c/code\u003e, \u003ccode\u003eIEquatable\u003c/code\u003e, \u003ccode\u003eIDeepCloneable\u003c/code\u003e, and \u003ccode\u003eIBufferMessage\u003c/code\u003e, and inherits members from the base \u003ccode\u003eobject\u003c/code\u003e class.\u003c/p\u003e\n"],["\u003cp\u003eKey properties of the \u003ccode\u003eBinding\u003c/code\u003e class include \u003ccode\u003eCondition\u003c/code\u003e (an \u003ccode\u003eExpr\u003c/code\u003e object representing a condition for the binding), \u003ccode\u003eMembers\u003c/code\u003e (a list of principals), and \u003ccode\u003eRole\u003c/code\u003e (the role assigned to the members).\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003eMembers\u003c/code\u003e property supports various types of principals, including individual users, service accounts, Google groups, and special identifiers like \u003ccode\u003eallUsers\u003c/code\u003e and \u003ccode\u003eallAuthenticatedUsers\u003c/code\u003e, as well as deleted user types.\u003c/p\u003e\n"],["\u003cp\u003eMultiple versions of the documentation are available, with the latest being version 3.4.0.\u003c/p\u003e\n"]]],[],null,["# Google Cloud Identity and Access Management (IAM) v1 API - Class Binding (3.4.0)\n\nVersion latestkeyboard_arrow_down\n\n- [3.4.0 (latest)](/dotnet/docs/reference/Google.Cloud.Iam.V1/latest/Google.Cloud.Iam.V1.Binding)\n- [3.3.0](/dotnet/docs/reference/Google.Cloud.Iam.V1/3.3.0/Google.Cloud.Iam.V1.Binding)\n- [3.2.0](/dotnet/docs/reference/Google.Cloud.Iam.V1/3.2.0/Google.Cloud.Iam.V1.Binding)\n- [3.1.0](/dotnet/docs/reference/Google.Cloud.Iam.V1/3.1.0/Google.Cloud.Iam.V1.Binding)\n- [3.0.0](/dotnet/docs/reference/Google.Cloud.Iam.V1/3.0.0/Google.Cloud.Iam.V1.Binding)\n- [2.4.0](/dotnet/docs/reference/Google.Cloud.Iam.V1/2.4.0/Google.Cloud.Iam.V1.Binding)\n- [2.3.0](/dotnet/docs/reference/Google.Cloud.Iam.V1/2.3.0/Google.Cloud.Iam.V1.Binding)\n- [2.2.0](/dotnet/docs/reference/Google.Cloud.Iam.V1/2.2.0/Google.Cloud.Iam.V1.Binding) \n\n public sealed class Binding : IMessage\u003cBinding\u003e, IEquatable\u003cBinding\u003e, IDeepCloneable\u003cBinding\u003e, IBufferMessage, IMessage\n\nReference documentation and code samples for the Google Cloud Identity and Access Management (IAM) v1 API class Binding.\n\nAssociates `members`, or principals, with a `role`. \n\nInheritance\n-----------\n\n[object](https://learn.microsoft.com/dotnet/api/system.object) \\\u003e Binding \n\nImplements\n----------\n\n[IMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IMessage-1.html)[Binding](/dotnet/docs/reference/Google.Cloud.Iam.V1/latest/Google.Cloud.Iam.V1.Binding), [IEquatable](https://learn.microsoft.com/dotnet/api/system.iequatable-1)[Binding](/dotnet/docs/reference/Google.Cloud.Iam.V1/latest/Google.Cloud.Iam.V1.Binding), [IDeepCloneable](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IDeepCloneable-1.html)[Binding](/dotnet/docs/reference/Google.Cloud.Iam.V1/latest/Google.Cloud.Iam.V1.Binding), [IBufferMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IBufferMessage.html), [IMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IMessage.html) \n\nInherited Members\n-----------------\n\n[object.GetHashCode()](https://learn.microsoft.com/dotnet/api/system.object.gethashcode) \n[object.GetType()](https://learn.microsoft.com/dotnet/api/system.object.gettype) \n[object.ToString()](https://learn.microsoft.com/dotnet/api/system.object.tostring)\n\nNamespace\n---------\n\n[Google.Cloud.Iam.V1](/dotnet/docs/reference/Google.Cloud.Iam.V1/latest/Google.Cloud.Iam.V1)\n\nAssembly\n--------\n\nGoogle.Cloud.Iam.V1.dll\n\nConstructors\n------------\n\n### Binding()\n\n public Binding()\n\n### Binding(Binding)\n\n public Binding(Binding other)\n\nProperties\n----------\n\n### Condition\n\n public Expr Condition { get; set; }\n\nThe condition that is associated with this binding.\n\nIf the condition evaluates to `true`, then this binding applies to the\ncurrent request.\n\nIf the condition evaluates to `false`, then this binding does not apply to\nthe current request. However, a different role binding might grant the same\nrole to one or more of the principals in this binding.\n\nTo learn which resources support conditions in their IAM policies, see the\n[IAM\ndocumentation](https://cloud.google.com/iam/help/conditions/resource-policies).\n\n### Members\n\n public RepeatedField\u003cstring\u003e Members { get; }\n\nSpecifies the principals requesting access for a Google Cloud resource.\n`members` can have the following values:\n\n- `allUsers`: A special identifier that represents anyone who is\n on the internet; with or without a Google account.\n\n- `allAuthenticatedUsers`: A special identifier that represents anyone\n who is authenticated with a Google account or a service account.\n\n- `user:{emailid}`: An email address that represents a specific Google\n account. For example, `alice@example.com` .\n\n- `serviceAccount:{emailid}`: An email address that represents a service\n account. For example, `my-other-app@appspot.gserviceaccount.com`.\n\n- `group:{emailid}`: An email address that represents a Google group.\n For example, `admins@example.com`.\n\n- `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique\n identifier) representing a user that has been recently deleted. For\n example, `alice@example.com?uid=123456789012345678901`. If the user is\n recovered, this value reverts to `user:{emailid}` and the recovered user\n retains the role in the binding.\n\n- `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus\n unique identifier) representing a service account that has been recently\n deleted. For example,\n `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`.\n If the service account is undeleted, this value reverts to\n `serviceAccount:{emailid}` and the undeleted service account retains the\n role in the binding.\n\n- `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique\n identifier) representing a Google group that has been recently\n deleted. For example, `admins@example.com?uid=123456789012345678901`. If\n the group is recovered, this value reverts to `group:{emailid}` and the\n recovered group retains the role in the binding.\n\n- `domain:{domain}`: The G Suite domain (primary) that represents all the\n users of that domain. For example, `google.com` or `example.com`.\n\n### Role\n\n public string Role { get; set; }\n\nRole that is assigned to the list of `members`, or principals.\nFor example, `roles/viewer`, `roles/editor`, or `roles/owner`."]]
