Binding(mapping=None, *, ignore_unknown_fields=False, **kwargs)Associates members with a role.
Attributes
| Name | Description |
binding_id |
str
This is deprecated and has no effect. Do not use. This field is a member of oneof_ _binding_id.
|
condition |
google.cloud.compute_v1.types.Expr
The condition that is associated with this binding. If the condition evaluates to true, then this binding applies
to the current request. If the condition evaluates to
false, then this binding does not apply to the current
request. However, a different role binding might grant the
same role to one or more of the members in this binding. To
learn which resources support conditions in their IAM
policies, see the `IAM
documentation |
members |
Sequence[str]
Specifies the identities requesting access for a Cloud Platform resource. members can have the following
values: \* allUsers: A special identifier that
represents anyone who is on the internet; with or without a
Google account. \* allAuthenticatedUsers: A special
identifier that represents anyone who is authenticated with
a Google account or a service account. \*
user:{emailid}: An email address that represents a
specific Google account. For example, alice@example.com
. \* serviceAccount:{emailid}: An email address that
represents a service account. For example,
my-other-app@appspot.gserviceaccount.com. \*
group:{emailid}: An email address that represents a
Google group. For example, admins@example.com. \*
deleted:user:{emailid}?uid={uniqueid}: An email address
(plus unique identifier) representing a user that has been
recently deleted. For example,
alice@example.com?uid=123456789012345678901. If the user
is recovered, this value reverts to user:{emailid} and
the recovered user retains the role in the binding. \*
deleted:serviceAccount:{emailid}?uid={uniqueid}: An
email address (plus unique identifier) representing a
service account that has been recently deleted. For example,
my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901.
If the service account is undeleted, this value reverts to
serviceAccount:{emailid} and the undeleted service
account retains the role in the binding. \*
deleted:group:{emailid}?uid={uniqueid}: An email address
(plus unique identifier) representing a Google group that
has been recently deleted. For example,
admins@example.com?uid=123456789012345678901. If the
group is recovered, this value reverts to
group:{emailid} and the recovered group retains the role
in the binding. \* domain:{domain}: The G Suite domain
(primary) that represents all the users of that domain. For
example, google.com or example.com.
|
role |
str
Role that is assigned to members. For example,
roles/viewer, roles/editor, or roles/owner.
This field is a member of oneof_ _role.
|