Privileged Access Manager v1 API - Namespace Google.Cloud.PrivilegedAccessManager.V1 (1.0.0)

AccessControlEntry is used to control who can do some operation.

Different types of approval workflows that can be used to gate privileged access granting.

Request message for ApproveGrant method.

Request message for CheckOnboardingStatus method.

Response message for CheckOnboardingStatus method.

Container for nested types declared in the CheckOnboardingStatusResponse message type.

Finding represents an issue which prevents PAM from functioning properly for this resource.

Container for nested types declared in the Finding message type.

PAM's service account is being denied access by Cloud IAM. This can be fixed by granting a role that contains the missing permissions to the service account or exempting it from deny policies if they are blocking the access.

Message for creating an entitlement.

Message for creating a grant

Message for deleting an entitlement.

Request message for DenyGrant method.

An entitlement defines the eligibility of a set of users to obtain predefined access for some time possibly after going through an approval workflow.

Container for nested types declared in the Entitlement message type.

AdditionalNotificationTargets includes email addresses to be notified.

Defines how a requester must provide a justification when requesting access.

Container for nested types declared in the RequesterJustificationConfig message type.

The justification is not mandatory but can be provided in any of the supported formats.

The requester has to provide a justification in the form of a string.

Resource name for the Entitlement resource.

Resource name for the FolderLocation resource.

Message for getting an entitlement.

Message for getting a grant.

A grant represents a request from a user for obtaining the access specified in an entitlement they are eligible for.

Container for nested types declared in the Grant message type.

Audit trail for the access provided by this grant.

Timeline of a grant describing what happened to it and when.

Container for nested types declared in the Timeline message type.

A single operation on the grant.

Container for nested types declared in the Event message type.

An event representing that the grant was successfully activated.

An event representing that the grant activation failed.

An event representing that the grant was approved.

An event representing that the grant was denied.

An event representing that the grant has ended.

An event representing that the grant was expired.

An event representing that the policy bindings made by this grant were modified externally.

An event representing that a grant was requested.

An event representing that the grant was revoked.

An event representing that the grant has been scheduled to be activated later.

Resource name for the Grant resource.

Justification represents a justification for requesting access.

Message for requesting list of entitlements.

Message for response to listing entitlements.

Message for requesting list of grants.

Message for response to listing grants.

A manual approval workflow where users who are designated as approvers need to call the ApproveGrant/DenyGrant APIs for a grant. The workflow can consist of multiple serial steps where each step defines who can act as approver in that step and how many of those users should approve before the workflow moves to the next step.

This can be used to create approval workflows such as:

• Require an approval from any user in a group G.
• Require an approval from any k number of users from a Group G.
• Require an approval from any user in a group G and then from a user U.

A single user might be part of the approvers ACL for multiple steps in this workflow, but they can only approve once and that approval is only considered to satisfy the approval step at which it was granted.

Container for nested types declared in the ManualApprovals message type.

Step represents a logical step in a manual approval workflow.

Represents the metadata of the long-running operation.

Resource name for the OrganizationLocation resource.

Privileged access that this service can be used to gate.

Container for nested types declared in the PrivilegedAccess message type.

GcpIamAccess represents IAM based access control on a Google Cloud resource. Refer to https://cloud.google.com/iam/docs to understand more about IAM.

Container for nested types declared in the GcpIamAccess message type.

IAM role bindings that are created after a successful grant.

This API allows customers to manage temporary, request based privileged access to their resources.

It defines the following resource model:

• A collection of Entitlement resources. An entitlement allows configuring (among other things):

  • Some kind of privileged access that users can request.
  • A set of users called requesters who can request this access.
  • A maximum duration for which the access can be requested.
  • An optional approval workflow which must be satisfied before access is granted.

• A collection of Grant resources. A grant is a request by a requester to get the privileged access specified in an entitlement for some duration.

  After the approval workflow as specified in the entitlement is satisfied, the specified access is given to the requester. The access is automatically taken back after the requested duration is over.

Base class for server-side implementations of PrivilegedAccessManager

Client for PrivilegedAccessManager

PrivilegedAccessManager client wrapper, for convenient use.

Builder class for PrivilegedAccessManagerClient to provide simple configuration of credentials, endpoint etc.

PrivilegedAccessManager client wrapper implementation, for convenient use.

Settings for PrivilegedAccessManagerClient instances.

Request message for RevokeGrant method.

Request message for SearchEntitlements method.

Container for nested types declared in the SearchEntitlementsRequest message type.

Response message for SearchEntitlements method.

Request message for SearchGrants method.

Container for nested types declared in the SearchGrantsRequest message type.

Response message for SearchGrants method.

Message for updating an entitlement.

Enum of possible cases for the "approval_workflow" oneof.

Enum of possible cases for the "finding_type" oneof.

Enum of possible cases for the "justification_type" oneof.

Different states an entitlement can be in.

The possible contents of EntitlementName.

The possible contents of FolderLocationName.

Different states a grant can be in.

Enum of possible cases for the "event" oneof.

The possible contents of GrantName.

Enum of possible cases for the "justification" oneof.

The possible contents of OrganizationLocationName.

Enum of possible cases for the "access_type" oneof.

Different types of access a user can have on the entitlement resource.

Different types of relationships a user can have with a grant.