public sealed class AccessPolicy : IMessage<AccessPolicy>, IEquatable<AccessPolicy>, IDeepCloneable<AccessPolicy>, IBufferMessage, IMessage
Reference documentation and code samples for the Identity Access Context Manager v1 API class AccessPolicy.
AccessPolicy is a container for AccessLevels (which define the necessary
attributes to use Google Cloud services) and ServicePerimeters (which
define regions of services able to freely pass data within a perimeter). An
access policy is globally visible within an organization, and the
restrictions it specifies apply to all projects within an organization.
Output only. An opaque identifier for the current version of the
AccessPolicy. This will always be a strongly validated etag, meaning that
two Access Polices will be identical if and only if their etags are
identical. Clients should not expect this to be in any specific format.
The scopes of a policy define which resources an ACM policy can restrict,
and where ACM resources can be referenced.
For example, a policy with scopes=["folders/123"] has the following
behavior:
vpcsc perimeters can only restrict projects within folders/123
access levels can only be referenced by resources within folders/123.
If empty, there are no limitations on which resources can be restricted by
an ACM policy, and there are no limitations on where ACM resources can be
referenced.
Only one policy can include a given scope (attempting to create a second
policy which includes "folders/123" will result in an error).
Currently, scopes cannot be modified after a policy is created.
Currently, policies can only have a single scope.
Format: list of folders/{folder_number} or projects/{project_number}
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-07 UTC."],[[["\u003cp\u003eThe \u003ccode\u003eAccessPolicy\u003c/code\u003e class is a container for \u003ccode\u003eAccessLevels\u003c/code\u003e and \u003ccode\u003eServicePerimeters\u003c/code\u003e, used within Google Cloud services to define access attributes and service boundaries.\u003c/p\u003e\n"],["\u003cp\u003eAn access policy is globally visible within an organization and applies to all projects within that organization.\u003c/p\u003e\n"],["\u003cp\u003eThe latest version of the \u003ccode\u003eAccessPolicy\u003c/code\u003e is 2.5.0, with multiple older versions also available, ranging from 2.4.0 to 1.2.0.\u003c/p\u003e\n"],["\u003cp\u003eKey properties of the \u003ccode\u003eAccessPolicy\u003c/code\u003e class include \u003ccode\u003eName\u003c/code\u003e, \u003ccode\u003eTitle\u003c/code\u003e, \u003ccode\u003eParent\u003c/code\u003e, \u003ccode\u003eCreateTime\u003c/code\u003e, \u003ccode\u003eUpdateTime\u003c/code\u003e, \u003ccode\u003eEtag\u003c/code\u003e, \u003ccode\u003eScopes\u003c/code\u003e, and \u003ccode\u003eAccessPolicyName\u003c/code\u003e.\u003c/p\u003e\n"],["\u003cp\u003e\u003ccode\u003eAccessPolicy\u003c/code\u003e objects implement several interfaces including \u003ccode\u003eIMessage\u003c/code\u003e, \u003ccode\u003eIEquatable\u003c/code\u003e, \u003ccode\u003eIDeepCloneable\u003c/code\u003e, and \u003ccode\u003eIBufferMessage\u003c/code\u003e, and inherit from the base object class.\u003c/p\u003e\n"]]],[],null,["# Identity Access Context Manager v1 API - Class AccessPolicy (2.5.0)\n\nVersion latestkeyboard_arrow_down\n\n- [2.5.0 (latest)](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/latest/Google.Identity.AccessContextManager.V1.AccessPolicy)\n- [2.4.0](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/2.4.0/Google.Identity.AccessContextManager.V1.AccessPolicy)\n- [2.3.0](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/2.3.0/Google.Identity.AccessContextManager.V1.AccessPolicy)\n- [2.2.0](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/2.2.0/Google.Identity.AccessContextManager.V1.AccessPolicy)\n- [2.1.0](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/2.1.0/Google.Identity.AccessContextManager.V1.AccessPolicy)\n- [2.0.0](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/2.0.0/Google.Identity.AccessContextManager.V1.AccessPolicy)\n- [1.5.0](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/1.5.0/Google.Identity.AccessContextManager.V1.AccessPolicy)\n- [1.4.0](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/1.4.0/Google.Identity.AccessContextManager.V1.AccessPolicy)\n- [1.3.0](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/1.3.0/Google.Identity.AccessContextManager.V1.AccessPolicy)\n- [1.2.0](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/1.2.0/Google.Identity.AccessContextManager.V1.AccessPolicy) \n\n public sealed class AccessPolicy : IMessage\u003cAccessPolicy\u003e, IEquatable\u003cAccessPolicy\u003e, IDeepCloneable\u003cAccessPolicy\u003e, IBufferMessage, IMessage\n\nReference documentation and code samples for the Identity Access Context Manager v1 API class AccessPolicy.\n\n`AccessPolicy` is a container for `AccessLevels` (which define the necessary\nattributes to use Google Cloud services) and `ServicePerimeters` (which\ndefine regions of services able to freely pass data within a perimeter). An\naccess policy is globally visible within an organization, and the\nrestrictions it specifies apply to all projects within an organization. \n\nInheritance\n-----------\n\n[object](https://learn.microsoft.com/dotnet/api/system.object) \\\u003e AccessPolicy \n\nImplements\n----------\n\n[IMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IMessage-1.html)[AccessPolicy](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/latest/Google.Identity.AccessContextManager.V1.AccessPolicy), [IEquatable](https://learn.microsoft.com/dotnet/api/system.iequatable-1)[AccessPolicy](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/latest/Google.Identity.AccessContextManager.V1.AccessPolicy), [IDeepCloneable](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IDeepCloneable-1.html)[AccessPolicy](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/latest/Google.Identity.AccessContextManager.V1.AccessPolicy), [IBufferMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IBufferMessage.html), [IMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IMessage.html) \n\nInherited Members\n-----------------\n\n[object.GetHashCode()](https://learn.microsoft.com/dotnet/api/system.object.gethashcode) \n[object.GetType()](https://learn.microsoft.com/dotnet/api/system.object.gettype) \n[object.ToString()](https://learn.microsoft.com/dotnet/api/system.object.tostring)\n\nNamespace\n---------\n\n[Google.Identity.AccessContextManager.V1](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/latest/Google.Identity.AccessContextManager.V1)\n\nAssembly\n--------\n\nGoogle.Identity.AccessContextManager.V1.dll\n\nConstructors\n------------\n\n### AccessPolicy()\n\n public AccessPolicy()\n\n### AccessPolicy(AccessPolicy)\n\n public AccessPolicy(AccessPolicy other)\n\nProperties\n----------\n\n### AccessPolicyName\n\n public AccessPolicyName AccessPolicyName { get; set; }\n\n[AccessPolicyName](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/latest/Google.Identity.AccessContextManager.V1.AccessPolicyName)-typed view over the [Name](/dotnet/docs/reference/Google.Identity.AccessContextManager.V1/latest/Google.Identity.AccessContextManager.V1.AccessPolicy#Google_Identity_AccessContextManager_V1_AccessPolicy_Name) resource name property.\n\n### CreateTime\n\n public Timestamp CreateTime { get; set; }\n\nOutput only. Time the `AccessPolicy` was created in UTC.\n\n### Etag\n\n public string Etag { get; set; }\n\nOutput only. An opaque identifier for the current version of the\n`AccessPolicy`. This will always be a strongly validated etag, meaning that\ntwo Access Polices will be identical if and only if their etags are\nidentical. Clients should not expect this to be in any specific format.\n\n### Name\n\n public string Name { get; set; }\n\nOutput only. Resource name of the `AccessPolicy`. Format:\n`accessPolicies/{access_policy}`\n\n### Parent\n\n public string Parent { get; set; }\n\nRequired. The parent of this `AccessPolicy` in the Cloud Resource\nHierarchy. Currently immutable once created. Format:\n`organizations/{organization_id}`\n\n### Scopes\n\n public RepeatedField\u003cstring\u003e Scopes { get; }\n\nThe scopes of a policy define which resources an ACM policy can restrict,\nand where ACM resources can be referenced.\nFor example, a policy with scopes=\\[\"folders/123\"\\] has the following\nbehavior:\n\n- vpcsc perimeters can only restrict projects within folders/123\n- access levels can only be referenced by resources within folders/123. If empty, there are no limitations on which resources can be restricted by an ACM policy, and there are no limitations on where ACM resources can be referenced. Only one policy can include a given scope (attempting to create a second policy which includes \"folders/123\" will result in an error). Currently, scopes cannot be modified after a policy is created. Currently, policies can only have a single scope. Format: list of `folders/{folder_number}` or `projects/{project_number}`\n\n### Title\n\n public string Title { get; set; }\n\nRequired. Human readable title. Does not affect behavior.\n\n### UpdateTime\n\n public Timestamp UpdateTime { get; set; }\n\nOutput only. Time the `AccessPolicy` was updated in UTC."]]
