access_policies
Creates, updates, deletes, gets or lists a access_policies resource.
Overview
| Name | access_policies |
| Type | Resource |
| Id | google.accesscontextmanager.access_policies |
Fields
| Name | Datatype | Description |
|---|---|---|
name | string | Output only. Identifier. Resource name of the AccessPolicy. Format: accessPolicies/{access_policy} |
etag | string | Output only. An opaque identifier for the current version of the AccessPolicy. This will always be a strongly validated etag, meaning that two Access Policies will be identical if and only if their etags are identical. Clients should not expect this to be in any specific format. |
parent | string | Required. The parent of this AccessPolicy in the Cloud Resource Hierarchy. Currently immutable once created. Format: organizations/{organization_id} |
scopes | array | The scopes of the AccessPolicy. Scopes define which resources a policy can restrict and where its resources can be referenced. For example, policy A with scopes=["folders/123"] has the following behavior: - ServicePerimeter can only restrict projects within folders/123. - ServicePerimeter within policy A can only reference access levels defined within policy A. - Only one policy can include a given scope; thus, attempting to create a second policy which includes folders/123 will result in an error. If no scopes are provided, then any resource within the organization can be restricted. Scopes cannot be modified after a policy is created. Policies can only have a single scope. Format: list of folders/{folder_number} or projects/{project_number} |
title | string | Required. Human readable title. Does not affect behavior. |
Methods
| Name | Accessible by | Required Params | Description |
|---|---|---|---|
get | SELECT | accessPoliciesId | Returns an access policy based on the name. |
list | SELECT | | Lists all access policies in an organization. |
create | INSERT | | Creates an access policy. This method fails if the organization already has an access policy. The long-running operation has a successful status after the access policy propagates to long-lasting storage. Syntactic and basic semantic errors are returned in metadata as a BadRequest proto. |
delete | DELETE | accessPoliciesId | Deletes an access policy based on the resource name. The long-running operation has a successful status after the access policy is removed from long-lasting storage. |
patch | UPDATE | accessPoliciesId | Updates an access policy. The long-running operation from this RPC has a successful status after the changes to the access policy propagate to long-lasting storage. |
SELECT examples
Lists all access policies in an organization.
SELECT
name,
etag,
parent,
scopes,
title
FROM google.accesscontextmanager.access_policies
;
INSERT example
Use the following StackQL query and manifest file to create a new access_policies resource.
- All Properties
- Manifest
/*+ create */
INSERT INTO google.accesscontextmanager.access_policies (
name,
parent,
title,
scopes
)
SELECT
'{{ name }}',
'{{ parent }}',
'{{ title }}',
'{{ scopes }}'
;
- name: your_resource_model_name
props:
- name: name
value: string
- name: parent
value: string
- name: title
value: string
- name: scopes
value:
- string
- name: etag
value: string
UPDATE example
Updates a access_policies resource.
/*+ update */
UPDATE google.accesscontextmanager.access_policies
SET
name = '{{ name }}',
parent = '{{ parent }}',
title = '{{ title }}',
scopes = '{{ scopes }}'
WHERE
accessPoliciesId = '{{ accessPoliciesId }}';
DELETE example
Deletes the specified access_policies resource.
/*+ delete */
DELETE FROM google.accesscontextmanager.access_policies
WHERE accessPoliciesId = '{{ accessPoliciesId }}';