Reference documentation and code samples for the Access Context Manager V1 API class Google::Identity::AccessContextManager::V1::DevicePolicy.
DevicePolicy specifies device specific restrictions necessary to acquire a
given access level. A DevicePolicy specifies requirements for requests from
devices to be granted access levels, it does not do any enforcement on the
device. DevicePolicy acts as an AND over all specified fields, and each
repeated field is an OR over its elements. Any unset fields are ignored. For
example, if the proto is { os_type : DESKTOP_WINDOWS, os_type :
DESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be
true for requests originating from encrypted Linux desktops and encrypted
Windows desktops.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-09 UTC."],[],[],null,["# Access Context Manager V1 API - Class Google::Identity::AccessContextManager::V1::DevicePolicy (v0.11.0)\n\nVersion latestkeyboard_arrow_down\n\n- [0.11.0 (latest)](/ruby/docs/reference/google-identity-access_context_manager-v1/latest/Google-Identity-AccessContextManager-V1-DevicePolicy)\n- [0.10.1](/ruby/docs/reference/google-identity-access_context_manager-v1/0.10.1/Google-Identity-AccessContextManager-V1-DevicePolicy)\n- [0.9.0](/ruby/docs/reference/google-identity-access_context_manager-v1/0.9.0/Google-Identity-AccessContextManager-V1-DevicePolicy)\n- [0.8.2](/ruby/docs/reference/google-identity-access_context_manager-v1/0.8.2/Google-Identity-AccessContextManager-V1-DevicePolicy)\n- [0.7.2](/ruby/docs/reference/google-identity-access_context_manager-v1/0.7.2/Google-Identity-AccessContextManager-V1-DevicePolicy)\n- [0.6.0](/ruby/docs/reference/google-identity-access_context_manager-v1/0.6.0/Google-Identity-AccessContextManager-V1-DevicePolicy)\n- [0.5.2](/ruby/docs/reference/google-identity-access_context_manager-v1/0.5.2/Google-Identity-AccessContextManager-V1-DevicePolicy)\n- [0.4.0](/ruby/docs/reference/google-identity-access_context_manager-v1/0.4.0/Google-Identity-AccessContextManager-V1-DevicePolicy)\n- [0.3.0](/ruby/docs/reference/google-identity-access_context_manager-v1/0.3.0/Google-Identity-AccessContextManager-V1-DevicePolicy)\n- [0.2.0](/ruby/docs/reference/google-identity-access_context_manager-v1/0.2.0/Google-Identity-AccessContextManager-V1-DevicePolicy)\n- [0.1.2](/ruby/docs/reference/google-identity-access_context_manager-v1/0.1.2/Google-Identity-AccessContextManager-V1-DevicePolicy) \nReference documentation and code samples for the Access Context Manager V1 API class Google::Identity::AccessContextManager::V1::DevicePolicy.\n\n`DevicePolicy` specifies device specific restrictions necessary to acquire a\ngiven access level. A `DevicePolicy` specifies requirements for requests from\ndevices to be granted access levels, it does not do any enforcement on the\ndevice. `DevicePolicy` acts as an AND over all specified fields, and each\nrepeated field is an OR over its elements. Any unset fields are ignored. For\nexample, if the proto is { os_type : DESKTOP_WINDOWS, os_type :\nDESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be\ntrue for requests originating from encrypted Linux desktops and encrypted\nWindows desktops. \n\nInherits\n--------\n\n- Object \n\nExtended By\n-----------\n\n- Google::Protobuf::MessageExts::ClassMethods \n\nIncludes\n--------\n\n- Google::Protobuf::MessageExts\n\nMethods\n-------\n\n### #allowed_device_management_levels\n\n def allowed_device_management_levels() -\u003e ::Array\u003c::Google::Identity::AccessContextManager::Type::DeviceManagementLevel\u003e\n\n**Returns**\n\n- (::Array\\\u003c[::Google::Identity::AccessContextManager::Type::DeviceManagementLevel](./Google-Identity-AccessContextManager-Type-DeviceManagementLevel)\\\u003e) --- Allowed device management levels, an empty list allows all management levels.\n\n### #allowed_device_management_levels=\n\n def allowed_device_management_levels=(value) -\u003e ::Array\u003c::Google::Identity::AccessContextManager::Type::DeviceManagementLevel\u003e\n\n**Parameter**\n\n- **value** (::Array\\\u003c[::Google::Identity::AccessContextManager::Type::DeviceManagementLevel](./Google-Identity-AccessContextManager-Type-DeviceManagementLevel)\\\u003e) --- Allowed device management levels, an empty list allows all management levels. \n**Returns**\n\n- (::Array\\\u003c[::Google::Identity::AccessContextManager::Type::DeviceManagementLevel](./Google-Identity-AccessContextManager-Type-DeviceManagementLevel)\\\u003e) --- Allowed device management levels, an empty list allows all management levels.\n\n### #allowed_encryption_statuses\n\n def allowed_encryption_statuses() -\u003e ::Array\u003c::Google::Identity::AccessContextManager::Type::DeviceEncryptionStatus\u003e\n\n**Returns**\n\n- (::Array\\\u003c[::Google::Identity::AccessContextManager::Type::DeviceEncryptionStatus](./Google-Identity-AccessContextManager-Type-DeviceEncryptionStatus)\\\u003e) --- Allowed encryptions statuses, an empty list allows all statuses.\n\n### #allowed_encryption_statuses=\n\n def allowed_encryption_statuses=(value) -\u003e ::Array\u003c::Google::Identity::AccessContextManager::Type::DeviceEncryptionStatus\u003e\n\n**Parameter**\n\n- **value** (::Array\\\u003c[::Google::Identity::AccessContextManager::Type::DeviceEncryptionStatus](./Google-Identity-AccessContextManager-Type-DeviceEncryptionStatus)\\\u003e) --- Allowed encryptions statuses, an empty list allows all statuses. \n**Returns**\n\n- (::Array\\\u003c[::Google::Identity::AccessContextManager::Type::DeviceEncryptionStatus](./Google-Identity-AccessContextManager-Type-DeviceEncryptionStatus)\\\u003e) --- Allowed encryptions statuses, an empty list allows all statuses.\n\n### #os_constraints\n\n def os_constraints() -\u003e ::Array\u003c::Google::Identity::AccessContextManager::V1::OsConstraint\u003e\n\n**Returns**\n\n- (::Array\\\u003c[::Google::Identity::AccessContextManager::V1::OsConstraint](./Google-Identity-AccessContextManager-V1-OsConstraint)\\\u003e) --- Allowed OS versions, an empty list allows all types and all versions.\n\n### #os_constraints=\n\n def os_constraints=(value) -\u003e ::Array\u003c::Google::Identity::AccessContextManager::V1::OsConstraint\u003e\n\n**Parameter**\n\n- **value** (::Array\\\u003c[::Google::Identity::AccessContextManager::V1::OsConstraint](./Google-Identity-AccessContextManager-V1-OsConstraint)\\\u003e) --- Allowed OS versions, an empty list allows all types and all versions. \n**Returns**\n\n- (::Array\\\u003c[::Google::Identity::AccessContextManager::V1::OsConstraint](./Google-Identity-AccessContextManager-V1-OsConstraint)\\\u003e) --- Allowed OS versions, an empty list allows all types and all versions.\n\n### #require_admin_approval\n\n def require_admin_approval() -\u003e ::Boolean\n\n**Returns**\n\n- (::Boolean) --- Whether the device needs to be approved by the customer admin.\n\n### #require_admin_approval=\n\n def require_admin_approval=(value) -\u003e ::Boolean\n\n**Parameter**\n\n- **value** (::Boolean) --- Whether the device needs to be approved by the customer admin. \n**Returns**\n\n- (::Boolean) --- Whether the device needs to be approved by the customer admin.\n\n### #require_corp_owned\n\n def require_corp_owned() -\u003e ::Boolean\n\n**Returns**\n\n- (::Boolean) --- Whether the device needs to be corp owned.\n\n### #require_corp_owned=\n\n def require_corp_owned=(value) -\u003e ::Boolean\n\n**Parameter**\n\n- **value** (::Boolean) --- Whether the device needs to be corp owned. \n**Returns**\n\n- (::Boolean) --- Whether the device needs to be corp owned.\n\n### #require_screenlock\n\n def require_screenlock() -\u003e ::Boolean\n\n**Returns**\n\n- (::Boolean) --- Whether or not screenlock is required for the DevicePolicy to be true. Defaults to `false`.\n\n### #require_screenlock=\n\n def require_screenlock=(value) -\u003e ::Boolean\n\n**Parameter**\n\n- **value** (::Boolean) --- Whether or not screenlock is required for the DevicePolicy to be true. Defaults to `false`. \n**Returns**\n\n- (::Boolean) --- Whether or not screenlock is required for the DevicePolicy to be true. Defaults to `false`."]]