Tetap teratur dengan koleksi
Simpan dan kategorikan konten berdasarkan preferensi Anda.
Contoh berikut menyertakan semua atribut yang dapat ditentukan saat
Anda membuat file .yaml untuk tingkat akses. File .yaml hanya diperlukan
jika Anda membuat atau mengubah tingkat akses menggunakan alat command line gcloud.
Meskipun Anda dapat menyertakan identitas dalam atribut members, Google
tidak merekomendasikannya. Lihat identities di Aturan masuk dan keluar untuk mengetahui cara mengizinkan
perimeter berkomunikasi satu sama lain.
# Attributes can be included in any order in the condition-devicePolicy:# Must include at least one of the following:allowedEncryptionStatuses:# Must include at least one of the following:-ENCRYPTION_UNSUPPORTED-ENCRYPTED-UNENCRYPTEDosConstraints:# Must include at least one of the following:-osType:DESKTOP_CHROME_OSminimumVersion:11316.165.0# minimumVersion must be formatted as x.x.xrequireVerifiedChromeOs:true-osType:DESKTOP_MAC-osType:DESKTOP_WINDOWS# minimumVersion is not requiredrequireScreenlock:true# requireScreenlock defaults to false if not includedrequireAdminApproval:true# requireAdminApproval defaults to false if not includedrequireCorpOwned:true# requireCorpOwned defaults to false if not includedipSubnetworks:# Must include one or more IPv4 and IPv6 CIDRs-252.0.2.0/24-2001:db8::/32regions:# Must include one or more regions as ISO 3166-1 alpha-2 codes-US-CH-SGrequiredAccessLevels:# Must include one or more existing access levels# Must be formatted as accessPolicies/policy-name/accessLevels/level-name-accessPolicies/247332951433/accessLevels/Device_Trustmembers:# Must include one or more valid IAM users or service accounts-user:exampleuser@example.com-serviceAccount:exampleaccount@example.iam.gserviceaccount.com
negate:true# negate is not required and can only be included with other attributes# If negate is included, none of the attributes included in the condition# can be true for the condition to be met.# You can include more than one condition in the .yaml file-ipSubnetworks:-176.0.2.0/24
[[["Mudah dipahami","easyToUnderstand","thumb-up"],["Memecahkan masalah saya","solvedMyProblem","thumb-up"],["Lainnya","otherUp","thumb-up"]],[["Sulit dipahami","hardToUnderstand","thumb-down"],["Informasi atau kode contoh salah","incorrectInformationOrSampleCode","thumb-down"],["Informasi/contoh yang saya butuhkan tidak ada","missingTheInformationSamplesINeed","thumb-down"],["Masalah terjemahan","translationIssue","thumb-down"],["Lainnya","otherDown","thumb-down"]],["Terakhir diperbarui pada 2025-08-18 UTC."],[[["\u003cp\u003eA \u003ccode\u003e.yaml\u003c/code\u003e file is required when creating or modifying access levels using the \u003ccode\u003egcloud\u003c/code\u003e command-line tool.\u003c/p\u003e\n"],["\u003cp\u003eConditions within the \u003ccode\u003e.yaml\u003c/code\u003e file must include at least one attribute, which can be combined with others using AND or NAND operations.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003edevicePolicy\u003c/code\u003e attribute requires at least one allowed encryption status and one os constraint, and can optionally include requirements such as screen lock, admin approval, and corporate ownership.\u003c/p\u003e\n"],["\u003cp\u003eOther attributes that can be specified include \u003ccode\u003eipSubnetworks\u003c/code\u003e, \u003ccode\u003eregions\u003c/code\u003e, and \u003ccode\u003erequiredAccessLevels\u003c/code\u003e.\u003c/p\u003e\n"],["\u003cp\u003eWhile \u003ccode\u003emembers\u003c/code\u003e can include identities, it is recommended to refer to ingress and egress rules for perimeter communication; you can use the \u003ccode\u003enegate\u003c/code\u003e attribute to invert the condition's requirement.\u003c/p\u003e\n"]]],[],null,[]]
