This page lists the resource types on which you can set allow policies.
Select a service to see which of its resource types support allow policies:
Service | Resources that accept allow policies |
---|---|
BigQuery |
Datasets Routines Tables |
Identity-Aware Proxy |
All web services Individual web services Tunnel Tunnel instances Tunnel zones Web service types Web service versions |
Access Context Manager | Access policies |
Vertex AI |
Entity types Feature online stores Feature views Featurestores Models Notebook runtime templates |
Analytics Hub |
Data exchanges Listings Subscriptions |
API Gateway |
APIs Configs Gateways |
Apigee |
Deployments Environments |
Apigee Registry |
APIs Artifacts Deployments Documents Instances Runtime Specs Versions |
App Hub | Applications |
Artifact Registry | Repositories |
AutoML |
Datasets Locations Models |
Backup and Disaster Recovery | Management servers |
Chrome Enterprise Premium |
App connections App connectors App gateways Applications Browser DLP rules Client connector services Client gateways Partner tenants Proxy configs Security gateways |
BigQuery Connection API | Connections |
BigQuery Data Policy | Data policies |
Bigtable |
Authorized views Backups Instances Tables |
Binary Authorization |
Attestors Policy |
Cloud Billing | Billing accounts |
Cloud Build | Connections |
Cloud Deploy |
Custom target types Delivery pipelines Targets |
Cloud Run functions | Functions |
Cloud Key Management Service |
Crypto keys EKM config EKM connections Import jobs Key rings |
Resource Manager |
Folders Organizations Projects Tag keys Tag values |
Cloud Tasks | Queues |
Compute Engine |
Backend buckets Backend services Disks Firewall policies Images Instance templates Instances Instant snapshots Licenses Machine images Network attachments Network firewall policies Node groups Node templates Region backend services Region disks Region instant snapshots Region network firewall policies Reservations Resource policies Service attachments Snapshots Storage pools Subnetworks |
Cloud Config Manager API | Deployments |
Artifact Analysis |
Notes Occurrences |
Data Catalog |
Entry groups Policy tags Tag templates Taxonomies |
Dataform |
Repositories Workspaces |
Cloud Data Fusion | Instances |
Database Migration Service |
Connection profiles Conversion workspaces Migration jobs Objects Private connections |
Dataplex |
Aspect types Assets Attributes Categories Content Content items Data attribute bindings Data scans Data taxonomies Encryption configs Entry groups Entry link types Entry types Environments Glossaries Governance rules Lakes Tasks Terms Zones |
Dataproc |
Autoscaling policies Clusters Jobs Operations Workflow templates |
Cloud Deployment Manager | Deployments |
Cloud DNS | Managed zones |
Cloud Domains | Registrations |
Eventarc |
Channel connections Channels Enrollments Google API sources Message buses Pipelines Triggers |
Backup for GKE |
Backup plans Backups Restore plans Restores Volume backups Volume restores |
GKE Hub |
Features Memberships Scopes |
Google Distributed Cloud |
Bare metal admin clusters Bare metal clusters Bare metal node pools VMware admin clusters VMware clusters VMware node pools |
Cloud Healthcare API |
Consent stores Data mapper workspaces Datasets DICOM stores FHIR stores HL7v2 stores |
Identity and Access Management |
Service accounts Workforce identity pools |
Cloud Intrusion Detection System | Endpoints |
Cloud Logging | Views |
Looker |
Backups Instances |
Managed Service for Microsoft Active Directory |
Backups Domains Peerings |
Dataproc Metastore |
Backups Databases Federations Services Tables |
AI Platform |
Jobs Models |
Network Connectivity Center |
Groups Hubs Policy-based routes Service classes Service connection maps Service connection policies Spokes |
Network Management API | Connectivity tests |
Network Security |
Address groups Authorization policies Authz policies Client TLS policies Server TLS policies |
Network Services |
Edge cache keysets Edge cache origins Edge cache services |
Notebooks |
Instances Runtimes |
Certificate Authority Service |
CA pools Certificate revocation lists Certificate templates |
Pub/Sub |
Schemas Snapshots Subscriptions Topics |
Cloud Run |
Jobs Services |
Secret Manager | Secrets |
Security Command Center | Sources |
Service Directory |
Namespaces Services |
Service Management |
Consumers Services |
Spanner |
Backup schedules Backups Databases Instances |
Cloud Storage |
Buckets Managed folders |
Google Cloud VMware Engine |
Clusters HCX activation keys Private clouds |
Cloud Workstations |
Workstation configs Workstations |