Policy class
An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources.
A Policy
is a collection of bindings
. A binding
binds one or more
members
, or principals, to a single role
. Principals can be user
accounts, service accounts, Google groups, and domains (such as G Suite). A
role
is a named list of permissions; each role
can be an IAM predefined
role or a user-created custom role. For some types of Google Cloud
resources, a binding
can also specify a condition
, which is a logical
expression that allows access to a resource only if the expression evaluates
to true
. A condition can add constraints based on attributes of the
request, the resource, or both. To learn which resources support conditions
in their IAM policies, see the
IAM documentation.
JSON example: { "bindings": [ { "role":
"roles/resourcemanager.organizationAdmin", "members": [
"user:mike@example.com", "group:admins@example.com", "domain:google.com",
"serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role":
"roles/resourcemanager.organizationViewer", "members": [
"user:eve@example.com" ], "condition": { "title": "expirable access",
"description": "Does not grant access after Sep 2020", "expression":
"request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag":
"BwWWja0YfJA=", "version": 3 } YAML example: bindings: - members: -
user:mike@example.com - group:admins@example.com - domain:google.com -
serviceAccount:my-project-id@appspot.gserviceaccount.com role:
roles/resourcemanager.organizationAdmin - members: - user:eve@example.com
role: roles/resourcemanager.organizationViewer condition: title: expirable
access description: Does not grant access after Sep 2020 expression:
request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA=
version: 3 For a description of IAM and its features, see the
IAM documentation.
Constructors
-
Policy({List<
AuditConfig> ? auditConfigs, List<Binding> ? bindings, String? etag, int? version}) - Policy.fromJson(Map _json)
Properties
-
auditConfigs
↔ List<
AuditConfig> ? -
Specifies cloud audit logging configuration for this policy.
getter/setter pair
-
bindings
↔ List<
Binding> ? -
Associates a list of
members
, or principals, with arole
.getter/setter pair - etag ↔ String?
-
etag
is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.getter/setter pair -
etagAsBytes
↔ List<
int> -
getter/setter pair
- hashCode → int
-
The hash code for this object.
no setterinherited
- runtimeType → Type
-
A representation of the runtime type of the object.
no setterinherited
- version ↔ int?
-
Specifies the format of the policy.
getter/setter pair
Methods
-
noSuchMethod(
Invocation invocation) → dynamic -
Invoked when a nonexistent method or property is accessed.
inherited
-
toJson(
) → Map< String, dynamic> -
toString(
) → String -
A string representation of this object.
inherited
Operators
-
operator ==(
Object other) → bool -
The equality operator.
inherited