Resource: Policy
A Policy resource binds an instance of a single Setting with the scope of a PolicyQuery. The Setting instance will be applied to all entities that satisfy the query.
JSON representation |
---|
{ "name": string, "customer": string, "policyQuery": { object ( |
Fields | |
---|---|
name |
Output only. Identifier. The resource name of the Policy. Format: policies/{policy}. |
customer |
Immutable. Customer that the Policy belongs to. The value is in the format 'customers/{customerId}'. The |
policy |
Required. The PolicyQuery the Setting applies to. |
setting |
Required. The Setting configured by this Policy. |
type |
Output only. The type of the policy. |
PolicyQuery
PolicyQuery
JSON representation |
---|
{ "query": string, "orgUnit": string, "group": string, "sortOrder": number } |
Fields | |
---|---|
query |
Immutable. The CEL query that defines which entities the Policy applies to (ex. a User entity). For details about CEL see https://opensource.google.com/projects/cel. The OrgUnits the Policy applies to are represented by a clause like so: entity.org_units.exists(orgUnit, orgUnit.org_unit_id == orgUnitId('{orgUnitId}')) The Group the Policy applies to are represented by a clause like so: entity.groups.exists(group, group.group_id == groupId('{groupId}')) The Licenses the Policy applies to are represented by a clause like so: entity.licenses.exists(license, license in ['/product/{productId}/sku/{skuId}']) The above clauses can be present in any combination, and used in conjunction with the &&, || and ! operators. The orgUnit and group fields below are helper fields that contain the corresponding value(s) as the query to make the query easier to use. |
org |
Required. Immutable. Non-empty default. The OrgUnit the query applies to. This field is only set if there is a single value for orgUnit that satisfies all clauses of the query. |
group |
Immutable. The group that the query applies to. This field is only set if there is a single value for group that satisfies all clauses of the query. If no group applies, this will be the empty string. |
sort |
Output only. The decimal sort order of this PolicyQuery. The value is relative to all other policies with the same setting type for the customer. (There are no duplicates within this set). |
Setting
Setting
JSON representation |
---|
{ "type": string, "value": { object } } |
Fields | |
---|---|
type |
Required. Immutable. The type of the Setting. . |
value |
Required. The value of the Setting. |
PolicyType
The type of the policy. This denotes whether the policy is system-configured or admin-configurable.
Enums | |
---|---|
POLICY_TYPE_UNSPECIFIED |
Unspecified policy type. |
SYSTEM |
Policy type denoting the system-configured policies. |
ADMIN |
Policy type denoting the admin-configurable policies. |
Methods |
|
---|---|
|
Get a Policy |
|
List Policies |