Skip to main content

tables_iam_policies

Overview

Name	`tables_iam_policies`
Type	Resource
Id	`google.bigtableadmin.tables_iam_policies`

Fields

Name	Datatype	Description
`condition`	`object`	Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.
`members`	`array`	Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a Kubernetes service account. For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.
`role`	`string`	Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.

Methods

Name	Accessible by	Required Params	Description
`get_iam_policy`	`SELECT`	`instancesId, projectsId, tablesId`	Gets the access control policy for a Table resource. Returns an empty policy if the resource exists but does not have a policy set.
`_get_iam_policy`	`EXEC`	`instancesId, projectsId, tablesId`	Gets the access control policy for a Table resource. Returns an empty policy if the resource exists but does not have a policy set.
`set_iam_policy`	`EXEC`	`instancesId, projectsId, tablesId`	Sets the access control policy on a Table resource. Replaces any existing policy.
`test_iam_permissions`	`EXEC`	`instancesId, projectsId, tablesId`	Returns permissions that the caller has on the specified table resource.

Overview
Fields
Methods