A result of IAM Policy search, containing information of an
IAM policy.
Attributes
Name
Description
resource
str
The full resource name of the resource associated with this
IAM policy. Example:
//compute.googleapis.com/projects/my_project_123/zones/zone1/instances/instance1.
See `Cloud Asset Inventory Resource Name
Format
asset_type
str
The type of the resource associated with this IAM policy.
Example: compute.googleapis.com/Disk.
To search against the asset_type:
- specify the asset_types field in your search request.
project
str
The project that the associated Google Cloud resource
belongs to, in the form of projects/{PROJECT_NUMBER}. If an
IAM policy is set on a resource (like VM instance, Cloud
Storage bucket), the project field will indicate the project
that contains the resource. If an IAM policy is set on a
folder or organization, this field will be empty.
To search against the project:
- specify the scope field as this project in your
search request.
folders
MutableSequence[str]
The folder(s) that the IAM policy belongs to, in the form of
folders/{FOLDER_NUMBER}. This field is available when the
IAM policy belongs to one or more folders.
To search against folders:
- use a field query. Example: folders:(123 OR 456)
- use a free text query. Example: 123
- specify the scope field as this folder in your search
request.
organization
str
The organization that the IAM policy belongs to, in the form
of organizations/{ORGANIZATION_NUMBER}. This field is
available when the IAM policy belongs to an organization.
To search against organization:
- use a field query. Example: organization:123
- use a free text query. Example: 123
- specify the scope field as this organization in your
search request.
policy
google.iam.v1.policy_pb2.Policy
The IAM policy directly set on the given resource. Note that
the original IAM policy can contain multiple bindings. This
only contains the bindings that match the given query. For
queries that don't contain a constrain on policies (e.g., an
empty query), this contains all the bindings.
To search against the policy bindings:
- use a field query:
- query by the policy contained members. Example:
policy:amy@gmail.com
- query by the policy contained roles. Example:
policy:roles/compute.admin
- query by the policy contained roles' included
permissions. Example:
policy.role.permissions:compute.instances.create
