GoogleIdentityStsV1AccessBoundaryRule
import type { GoogleIdentityStsV1AccessBoundaryRule } from "https://googleapis.deno.dev/v1/sts:v1.ts";
An access boundary rule defines an upper bound of IAM permissions on a single resource.
§Properties
The availability condition further constrains the access allowed by the
access boundary rule. If the condition evaluates to true
, then this
access boundary rule will provide access to the specified resource,
assuming the principal has the required permissions for the resource. If
the condition does not evaluate to true
, then access to the specified
resource will not be available. Note that all access boundary rules in an
access boundary are evaluated together as a union. As such, another access
boundary rule may allow access to the resource, even if this access
boundary rule does not allow access. To learn which resources support
conditions in their IAM policies, see the IAM
documentation.
The maximum length of the expression
field is 2048 characters.
A list of permissions that may be allowed for use on the specified
resource. The only supported values in the list are IAM roles, following
the format of google.iam.v1.Binding.role. Example value:
inRole:roles/logging.viewer
for predefined roles and
inRole:organizations/{ORGANIZATION_ID}/roles/logging.viewer
for custom
roles.
The full resource name of a Google Cloud resource entity. The format
definition is at https://cloud.google.com/apis/design/resource_names.
Example value: //cloudresourcemanager.googleapis.com/projects/my-project
.