Binding(mapping=None, *, ignore_unknown_fields=False, **kwargs)Associates members, or principals, with a role.
Attributes
| Name | Description |
binding_id |
str
This is deprecated and has no effect. Do not use. This field is a member of oneof_ _binding_id.
|
condition |
google.cloud.compute_v1.types.Expr
The condition that is associated with this binding. If the condition evaluates to true, then this binding applies
to the current request. If the condition evaluates to
false, then this binding does not apply to the current
request. However, a different role binding might grant the
same role to one or more of the principals in this binding.
To learn which resources support conditions in their IAM
policies, see the `IAM
documentation |
members |
Sequence[str]
Specifies the principals requesting access for a Google Cloud resource. members can have the following values:
\* allUsers: A special identifier that represents anyone
who is on the internet; with or without a Google account. \*
allAuthenticatedUsers: A special identifier that
represents anyone who is authenticated with a Google account
or a service account. \* user:{emailid}: An email
address that represents a specific Google account. For
example, alice@example.com . \*
serviceAccount:{emailid}: An email address that
represents a service account. For example,
my-other-app@appspot.gserviceaccount.com. \*
group:{emailid}: An email address that represents a
Google group. For example, admins@example.com. \*
deleted:user:{emailid}?uid={uniqueid}: An email address
(plus unique identifier) representing a user that has been
recently deleted. For example,
alice@example.com?uid=123456789012345678901. If the user
is recovered, this value reverts to user:{emailid} and
the recovered user retains the role in the binding. \*
deleted:serviceAccount:{emailid}?uid={uniqueid}: An
email address (plus unique identifier) representing a
service account that has been recently deleted. For example,
my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901.
If the service account is undeleted, this value reverts to
serviceAccount:{emailid} and the undeleted service
account retains the role in the binding. \*
deleted:group:{emailid}?uid={uniqueid}: An email address
(plus unique identifier) representing a Google group that
has been recently deleted. For example,
admins@example.com?uid=123456789012345678901. If the
group is recovered, this value reverts to
group:{emailid} and the recovered group retains the role
in the binding. \* domain:{domain}: The G Suite domain
(primary) that represents all the users of that domain. For
example, google.com or example.com.
|
role |
str
Role that is assigned to the list of members, or
principals. For example, roles/viewer, roles/editor,
or roles/owner.
This field is a member of oneof_ _role.
|