AccessPolicy is a container for AccessLevels (which define the necessary attributes to use Google Cloud services) and ServicePerimeters (which define regions of services able to freely pass data within a perimeter). An access policy is globally visible within an organization, and the restrictions it specifies apply to all projects within an organization.
Output only. Identifier. Resource name of the AccessPolicy. Format: accessPolicies/{access_policy}
parent
string
Required. The parent of this AccessPolicy in the Cloud Resource Hierarchy. Currently immutable once created. Format: organizations/{organizationId}
title
string
Required. Human readable title. Does not affect behavior.
scopes[]
string
The scopes of the AccessPolicy. Scopes define which resources a policy can restrict and where its resources can be referenced. For example, policy A with scopes=["folders/123"] has the following behavior:
ServicePerimeter within policy A can only reference access levels defined within policy A.
Only one policy can include a given scope; thus, attempting to create a second policy which includes folders/123 will result in an error.
If no scopes are provided, then any resource within the organization can be restricted. Scopes cannot be modified after a policy is created. Policies can only have a single scope. Format: list of folders/{folder_number} or projects/{projectNumber}
etag
string
Output only. An opaque identifier for the current version of the AccessPolicy. This will always be a strongly validated etag, meaning that two Access Policies will be identical if and only if their etags are identical. Clients should not expect this to be in any specific format.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2024-11-22 UTC."],[[["`AccessPolicy` is a global container within an organization for `AccessLevels` and `ServicePerimeters` that define attribute requirements and data flow regions for Google Cloud services."],["An `AccessPolicy`'s scope determines which resources it can restrict and where its resources can be referenced, with each policy only allowing a single, unmodifiable scope, and no two policies being able to have overlapping scopes."],["The JSON representation of an `AccessPolicy` includes its name, parent organization, title, scopes, and an etag for version identification."],["`AccessPolicy` objects can be created, deleted, retrieved, updated, and listed, and their IAM policies can be managed via dedicated methods."],["An `AccessPolicy`'s restrictions apply to all projects within an organization."]]],[]]
