Class: Google::Iam::V1::Policy

Inherits:

Object

• Object
• Google::Iam::V1::Policy

Defined in:

lib/google/cloud/spanner/admin/database/v1/doc/google/iam/v1/policy.rb,
lib/google/cloud/spanner/admin/instance/v1/doc/google/iam/v1/policy.rb

Overview

Defines an Identity and Access Management (IAM) policy. It is used to specify access control policies for Cloud Platform resources.

A +Policy+ consists of a list of +bindings+. A +Binding+ binds a list of +members+ to a +role+, where the members can be user accounts, Google groups, Google domains, and service accounts. A +role+ is a named list of permissions defined by IAM.

Example

{
  "bindings": [
    {
      "role": "roles/owner",
      "members": [
        "user:mike@example.com",
        "group:admins@example.com",
        "domain:google.com",
        "serviceAccount:my-other-app@appspot.gserviceaccount.com",
      ]
    },
    {
      "role": "roles/viewer",
      "members": ["user:sean@example.com"]
    }
  ]
}

For a description of IAM and its features, see the IAM developer's guide.

Instance Attribute Summary

• #bindings ⇒ Array<Google::Iam::V1::Binding>

  Associates a list of +members+ to a +role+.

• #etag ⇒ String

  +etag+ is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.

• #version ⇒ Integer

  Version of the +Policy+.

Instance Attribute Details

#bindings ⇒ Array<Google::Iam::V1::Binding>

Returns Associates a list of +members+ to a +role+. Multiple +bindings+ must not be specified for the same +role+. +bindings+ with no members will result in an error.

Returns:

• (Array<Google::Iam::V1::Binding>) —

  Associates a list of +members+ to a +role+. Multiple +bindings+ must not be specified for the same +role+. +bindings+ with no members will result in an error.

# File 'lib/google/cloud/spanner/admin/database/v1/doc/google/iam/v1/policy.rb', line 69

class Policy; end

#etag ⇒ String

Returns +etag+ is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the +etag+ in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An +etag+ is returned in the response to +getIamPolicy+, and systems are expected to put that etag in the request to +setIamPolicy+ to ensure that their change will be applied to the same version of the policy.

If no +etag+ is provided in the call to +setIamPolicy+, then the existing policy is overwritten blindly.

Returns:

• (String) —

  +etag+ is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the +etag+ in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An +etag+ is returned in the response to +getIamPolicy+, and systems are expected to put that etag in the request to +setIamPolicy+ to ensure that their change will be applied to the same version of the policy.

  If no +etag+ is provided in the call to +setIamPolicy+, then the existing policy is overwritten blindly.

# File 'lib/google/cloud/spanner/admin/database/v1/doc/google/iam/v1/policy.rb', line 69

class Policy; end

#version ⇒ Integer

Returns Version of the +Policy+. The default version is 0.

Returns:

• (Integer) —

  Version of the +Policy+. The default version is 0.

# File 'lib/google/cloud/spanner/admin/database/v1/doc/google/iam/v1/policy.rb', line 69

class Policy; end