DevicePolicy specifies device specific restrictions necessary to acquire a given access level. A DevicePolicy specifies requirements for requests from devices to be granted access levels, it does not do any enforcement on the device. DevicePolicy acts as an AND over all specified fields, and each repeated field is an OR over its elements. Any unset fields are ignored. For example, if the proto is { os_type : DESKTOP_WINDOWS, os_type : DESKTOP_LINUX, encryption_status: ENCRYPTED}, then the DevicePolicy will be true for requests originating from encrypted Linux desktops and encrypted Windows desktops.

Attributes

• allowedDeviceManagementLevels (type: list(String.t), default: nil) - Allowed device management levels, an empty list allows all management levels.
• allowedEncryptionStatuses (type: list(String.t), default: nil) - Allowed encryptions statuses, an empty list allows all statuses.
• osConstraints (type: list(GoogleApi.CloudAsset.V1.Model.GoogleIdentityAccesscontextmanagerV1OsConstraint.t), default: nil) - Allowed OS versions, an empty list allows all types and all versions.
• requireAdminApproval (type: boolean(), default: nil) - Whether the device needs to be approved by the customer admin.
• requireCorpOwned (type: boolean(), default: nil) - Whether the device needs to be corp owned.
• requireScreenlock (type: boolean(), default: nil) - Whether or not screenlock is required for the DevicePolicy to be true. Defaults to false.