REST Resource: organizations.locations.principalAccessBoundaryPolicies

{
  "name": string,
  "uid": string,
  "etag": string,
  "displayName": string,
  "annotations": {
    string: string,
    ...
  },
  "createTime": string,
  "updateTime": string,
  "details": {
    object (PrincipalAccessBoundaryPolicyDetails)
  }
}

string

Identifier. The resource name of the principal access boundary policy.

The following format is supported: organizations/{organizationId}/locations/{location}/principalAccessBoundaryPolicies/{policyId}

string

Output only. The globally unique ID of the principal access boundary policy.

string

Optional. The etag for the principal access boundary. If this is provided on update, it must match the server's etag.

string

Optional. The description of the principal access boundary policy. Must be less than or equal to 63 characters.

map (key: string, value: string)

Optional. User defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size limitations

An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.

string (Timestamp format)

Output only. The time when the principal access boundary policy was created.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

string (Timestamp format)

Output only. The time when the principal access boundary policy was most recently updated.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

object (PrincipalAccessBoundaryPolicyDetails)

Optional. The details for the principal access boundary policy.

{
  "rules": [
    {
      object (PrincipalAccessBoundaryPolicyRule)
    }
  ],
  "enforcementVersion": string
}

object (PrincipalAccessBoundaryPolicyRule)

Required. A list of principal access boundary policy rules.

string

Optional. The version number that indicates which Google Cloud services are included in the enforcement (e.g. "latest", "1", ...). If empty, the PAB policy version will be set to the current latest version, and this version won't get updated when new versions are released.

{
  "description": string,
  "resources": [
    string
  ],
  "effect": enum (Effect)
}

string

Optional. The description of the principal access boundary policy rule. Must be less than or equal to 256 characters.

string

Required. A list of Cloud Resource Manager resources. The resource and all the descendants are included. The number of resources in a policy is limited to 500 across all rules.

The following resource types are supported:

• Organizations, such as `//cloudresourcemanager.googleapis.com/organizations/123`.
• Folders, such as `//cloudresourcemanager.googleapis.com/folders/123`.
• Projects, such as `//cloudresourcemanager.googleapis.com/projects/123` or `//cloudresourcemanager.googleapis.com/projects/my-project-id`.

enum (Effect)

Required. The access relationship of principals to the resources in this rule.