Access
import type { Access } from "https://googleapis.deno.dev/v1/securitycenter:v1.ts";
Represents an access event.
§Properties
The caller IP's geolocation, which identifies where the call came from.
Associated email, such as "foo@google.com". The email address of the
authenticated user or a service account acting on behalf of a third party
principal making the request. For third party identity callers, the
principal_subject
field is populated instead of this field. For privacy
reasons, the principal email address is sometimes redacted. For more
information, see Caller identities in audit
logs.
A string that represents the principal_subject that is associated with the
identity. Unlike principal_email
, principal_subject
supports principals
that aren't associated with email addresses, such as third party
principals. For most identities, the format is
principal://iam.googleapis.com/{identity pool name}/subject/{subject}
.
Some GKE identities, such as GKE_WORKLOAD, FREEFORM, and GKE_HUB_WORKLOAD,
still use the legacy format serviceAccount:{identity pool name}[{subject}]
.
The identity delegation history of an authenticated service account that
made the request. The serviceAccountDelegationInfo[]
object contains
information about the real authorities that try to access Google Cloud
resources by delegating on a service account. When multiple authorities are
present, they are guaranteed to be sorted based on the original ordering of
the identity delegation events.
The name of the service account key that was used to create or exchange credentials when authenticating the service account that made the request. This is a scheme-less URI full resource name. For example: "//iam.googleapis.com/projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}".
This is the API service that the service account made a call to, e.g. "iam.googleapis.com"