REST Resource: organizations.locations.principalAccessBoundaryPolicies

Resource: PrincipalAccessBoundaryPolicy

An IAM principal access boundary policy resource.

JSON representation
{
  "name": string,
  "uid": string,
  "etag": string,
  "displayName": string,
  "annotations": {
    string: string,
    ...
  },
  "createTime": string,
  "updateTime": string,
  "details": {
    object (PrincipalAccessBoundaryPolicyDetails)
  }
}
Fields
name

string

Identifier. The resource name of the principal access boundary policy.

The following format is supported: organizations/{organizationId}/locations/{location}/principalAccessBoundaryPolicies/{policyId}

uid

string

Output only. The globally unique ID of the principal access boundary policy.

etag

string

Optional. The etag for the principal access boundary. If this is provided on update, it must match the server's etag.

displayName

string

Optional. The description of the principal access boundary policy. Must be less than or equal to 63 characters.

annotations

map (key: string, value: string)

Optional. User defined annotations. See https://google.aip.dev/148#annotations for more details such as format and size limitations

An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.

createTime

string (Timestamp format)

Output only. The time when the principal access boundary policy was created.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

updateTime

string (Timestamp format)

Output only. The time when the principal access boundary policy was most recently updated.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

details

object (PrincipalAccessBoundaryPolicyDetails)

Optional. The details for the principal access boundary policy.

PrincipalAccessBoundaryPolicyDetails

Principal access boundary policy details

JSON representation
{
  "rules": [
    {
      object (PrincipalAccessBoundaryPolicyRule)
    }
  ],
  "enforcementVersion": string
}
Fields
rules[]

object (PrincipalAccessBoundaryPolicyRule)

Required. A list of principal access boundary policy rules. The number of rules in a policy is limited to 500.

enforcementVersion

string

Optional. The version number that indicates which Google Cloud services are included in the enforcement (e.g. "latest", "1", ...). If empty, the PAB policy version will be set to the current latest version, and this version won't get updated when new versions are released.

PrincipalAccessBoundaryPolicyRule

Principal access boundary policy rule that defines the resource boundary.

JSON representation
{
  "description": string,
  "resources": [
    string
  ],
  "effect": enum (Effect)
}
Fields
description

string

Optional. The description of the principal access boundary policy rule. Must be less than or equal to 256 characters.

resources[]

string

Required. A list of Cloud Resource Manager resources. The resource and all the descendants are included. The number of resources in a policy is limited to 500 across all rules.

The following resource types are supported:

  • Organizations, such as //cloudresourcemanager.googleapis.com/organizations/123.
  • Folders, such as //cloudresourcemanager.googleapis.com/folders/123.
  • Projects, such as //cloudresourcemanager.googleapis.com/projects/123 or //cloudresourcemanager.googleapis.com/projects/my-project-id.
effect

enum (Effect)

Required. The access relationship of principals to the resources in this rule.

Effect

An effect to describe the access relationship.

Enums
EFFECT_UNSPECIFIED Effect unspecified.
ALLOW Allows access to the resources in this rule.

Methods

create

Creates a principal access boundary policy, and returns a long running operation.

delete

Deletes a principal access boundary policy.

get

Gets a principal access boundary policy.

list

Lists principal access boundary policies.

patch

Updates a principal access boundary policy.

searchPolicyBindings

Returns all policy bindings that bind a specific policy if a user has searchPolicyBindings permission on that policy.