Skip to main content

access_levels

Creates, updates, deletes, gets or lists a access_levels resource.

Overview

Nameaccess_levels
TypeResource
Idgoogle.accesscontextmanager.access_levels

Fields

NameDatatypeDescription
namestringIdentifier. Resource name for the AccessLevel. Format: accessPolicies/{access_policy}/accessLevels/{access_level}. The access_level component must begin with a letter, followed by alphanumeric characters or _. Its maximum length is 50 characters. After you create an AccessLevel, you cannot change its name.
descriptionstringDescription of the AccessLevel and its use. Does not affect behavior.
basicobjectBasicLevel is an AccessLevel using a set of recommended features.
customobjectCustomLevel is an AccessLevel using the Cloud Common Expression Language to represent the necessary conditions for the level to apply to a request. See CEL spec at: https://github.com/google/cel-spec
titlestringHuman readable title. Must be unique within the Policy.

Methods

NameAccessible byRequired ParamsDescription
getSELECTaccessLevelsId, accessPoliciesIdGets an access level based on the resource name.
listSELECTaccessPoliciesIdLists all access levels for an access policy.
createINSERTaccessPoliciesIdCreates an access level. The long-running operation from this RPC has a successful status after the access level propagates to long-lasting storage. If access levels contain errors, an error response is returned for the first error encountered.
deleteDELETEaccessLevelsId, accessPoliciesIdDeletes an access level based on the resource name. The long-running operation from this RPC has a successful status after the access level has been removed from long-lasting storage.
patchUPDATEaccessLevelsId, accessPoliciesIdUpdates an access level. The long-running operation from this RPC has a successful status after the changes to the access level propagate to long-lasting storage. If access levels contain errors, an error response is returned for the first error encountered.
replace_allREPLACEaccessPoliciesIdReplaces all existing access levels in an access policy with the access levels provided. This is done atomically. The long-running operation from this RPC has a successful status after all replacements propagate to long-lasting storage. If the replacement contains errors, an error response is returned for the first error encountered. Upon error, the replacement is cancelled, and existing access levels are not affected. The Operation.response field contains ReplaceAccessLevelsResponse. Removing access levels contained in existing service perimeters result in an error.

SELECT examples

Lists all access levels for an access policy.

SELECT
name,
description,
basic,
custom,
title
FROM google.accesscontextmanager.access_levels
WHERE accessPoliciesId = '{{ accessPoliciesId }}';

INSERT example

Use the following StackQL query and manifest file to create a new access_levels resource.

/*+ create */
INSERT INTO google.accesscontextmanager.access_levels (
accessPoliciesId,
name,
title,
description,
basic,
custom
)
SELECT 
'{{ accessPoliciesId }}',
'{{ name }}',
'{{ title }}',
'{{ description }}',
'{{ basic }}',
'{{ custom }}'
;

UPDATE example

Updates a access_levels resource.

/*+ update */
UPDATE google.accesscontextmanager.access_levels
SET 
name = '{{ name }}',
title = '{{ title }}',
description = '{{ description }}',
basic = '{{ basic }}',
custom = '{{ custom }}'
WHERE 
accessLevelsId = '{{ accessLevelsId }}'
AND accessPoliciesId = '{{ accessPoliciesId }}';

REPLACE example

Replaces all fields in the specified access_levels resource.

/*+ update */
REPLACE google.accesscontextmanager.access_levels
SET 
accessLevels = '{{ accessLevels }}',
etag = '{{ etag }}'
WHERE 
accessPoliciesId = '{{ accessPoliciesId }}';

DELETE example

Deletes the specified access_levels resource.

/*+ delete */
DELETE FROM google.accesscontextmanager.access_levels
WHERE accessLevelsId = '{{ accessLevelsId }}'
AND accessPoliciesId = '{{ accessPoliciesId }}';