Class: Google::Iam::V1::Policy
- Inherits:
-
Object
- Object
- Google::Iam::V1::Policy
- Defined in:
- lib/google/cloud/spanner/admin/database/v1/doc/google/iam/v1/policy.rb,
lib/google/cloud/spanner/admin/instance/v1/doc/google/iam/v1/policy.rb
Overview
Defines an Identity and Access Management (IAM) policy. It is used to specify access control policies for Cloud Platform resources.
A +Policy+ consists of a list of +bindings+. A +Binding+ binds a list of +members+ to a +role+, where the members can be user accounts, Google groups, Google domains, and service accounts. A +role+ is a named list of permissions defined by IAM.
Example
{
"bindings": [
{
"role": "roles/owner",
"members": [
"user:mike@example.com",
"group:admins@example.com",
"domain:google.com",
"serviceAccount:my-other-app@appspot.gserviceaccount.com",
]
},
{
"role": "roles/viewer",
"members": ["user:sean@example.com"]
}
]
}
For a description of IAM and its features, see the IAM developer's guide.
Instance Attribute Summary collapse
-
#bindings ⇒ Array<Google::Iam::V1::Binding>
Associates a list of +members+ to a +role+.
-
#etag ⇒ String
+etag+ is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.
-
#version ⇒ Integer
Version of the +Policy+.
Instance Attribute Details
#bindings ⇒ Array<Google::Iam::V1::Binding>
Returns Associates a list of +members+ to a +role+. Multiple +bindings+ must not be specified for the same +role+. +bindings+ with no members will result in an error.
70 |
# File 'lib/google/cloud/spanner/admin/database/v1/doc/google/iam/v1/policy.rb', line 70 class Policy; end |
#etag ⇒ String
Returns +etag+ is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the +etag+ in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An +etag+ is returned in the response to +getIamPolicy+, and systems are expected to put that etag in the request to +setIamPolicy+ to ensure that their change will be applied to the same version of the policy.
If no +etag+ is provided in the call to +setIamPolicy+, then the existing policy is overwritten blindly.
70 |
# File 'lib/google/cloud/spanner/admin/database/v1/doc/google/iam/v1/policy.rb', line 70 class Policy; end |
#version ⇒ Integer
Returns Version of the +Policy+. The default version is 0.
70 |
# File 'lib/google/cloud/spanner/admin/database/v1/doc/google/iam/v1/policy.rb', line 70 class Policy; end |