A rule to be applied in a Policy.

Attributes

• action (String): Required Defaults to: null.

  • Enum - one of [NO_ACTION, ALLOW, ALLOW_WITH_LOG, DENY, DENY_WITH_LOG, LOG]
• conditions (List[Condition]): Additional restrictions that must be met Defaults to: null.
• description (String): Human-readable description of the rule. Defaults to: null.
• in (List[String]): If one or more 'in' clauses are specified, the rule matches if the PRINCIPAL/AUTHORITY_SELECTOR is in at least one of these entries. Defaults to: null.
• logConfig (List[LogConfig]): The config returned to callers of tech.iam.IAM.CheckPolicy for any entries that match the LOG action. Defaults to: null.
• notIn (List[String]): If one or more 'not_in' clauses are specified, the rule matches if the PRINCIPAL/AUTHORITY_SELECTOR is in none of the entries. The format for in and not_in entries is the same as for members in a Binding (see google/iam/v1/policy.proto). Defaults to: null.
• permissions (List[String]): A permission is a string of form '<service>.<resource type>.<verb>' (e.g., 'storage.buckets.list'). A value of '' matches all permissions, and a verb part of '' (e.g., 'storage.buckets.*') matches all verbs. Defaults to: null.