access_levels
Creates, updates, deletes, gets or lists an access_levels resource.
Overview
| Name | access_levels |
| Type | Resource |
| Id | google.accesscontextmanager.access_levels |
Fields
The following fields are returned by SELECT queries:
- get
- list
Successful response
| Name | Datatype | Description |
|---|---|---|
name | string | Identifier. Resource name for the AccessLevel. Format: accessPolicies/{access_policy}/accessLevels/{access_level}. The access_level component must begin with a letter, followed by alphanumeric characters or _. Its maximum length is 50 characters. After you create an AccessLevel, you cannot change its name. |
basic | object | A BasicLevel composed of Conditions. (id: BasicLevel) |
custom | object | A CustomLevel written in the Common Expression Language. (id: CustomLevel) |
description | string | Description of the AccessLevel and its use. Does not affect behavior. |
title | string | Human readable title. Must be unique within the Policy. |
Successful response
| Name | Datatype | Description |
|---|---|---|
name | string | Identifier. Resource name for the AccessLevel. Format: accessPolicies/{access_policy}/accessLevels/{access_level}. The access_level component must begin with a letter, followed by alphanumeric characters or _. Its maximum length is 50 characters. After you create an AccessLevel, you cannot change its name. |
basic | object | A BasicLevel composed of Conditions. (id: BasicLevel) |
custom | object | A CustomLevel written in the Common Expression Language. (id: CustomLevel) |
description | string | Description of the AccessLevel and its use. Does not affect behavior. |
title | string | Human readable title. Must be unique within the Policy. |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
get | select | accessPoliciesId, accessLevelsId | accessLevelFormat | Gets an access level based on the resource name. |
list | select | accessPoliciesId | pageSize, pageToken, accessLevelFormat | Lists all access levels for an access policy. |
create | insert | accessPoliciesId | Creates an access level. The long-running operation from this RPC has a successful status after the access level propagates to long-lasting storage. If access levels contain errors, an error response is returned for the first error encountered. | |
patch | update | accessPoliciesId, accessLevelsId | updateMask | Updates an access level. The long-running operation from this RPC has a successful status after the changes to the access level propagate to long-lasting storage. If access levels contain errors, an error response is returned for the first error encountered. |
replace_all | replace | accessPoliciesId | Replaces all existing access levels in an access policy with the access levels provided. This is done atomically. The long-running operation from this RPC has a successful status after all replacements propagate to long-lasting storage. If the replacement contains errors, an error response is returned for the first error encountered. Upon error, the replacement is cancelled, and existing access levels are not affected. The Operation.response field contains ReplaceAccessLevelsResponse. Removing access levels contained in existing service perimeters result in an error. | |
delete | delete | accessPoliciesId, accessLevelsId | Deletes an access level based on the resource name. The long-running operation from this RPC has a successful status after the access level has been removed from long-lasting storage. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
accessLevelsId | string | |
accessPoliciesId | string | |
accessLevelFormat | string | |
pageSize | integer (int32) | |
pageToken | string | |
updateMask | string (google-fieldmask) |
SELECT examples
- get
- list
Gets an access level based on the resource name.
SELECT
name,
basic,
custom,
description,
title
FROM google.accesscontextmanager.access_levels
WHERE accessPoliciesId = '{{ accessPoliciesId }}' -- required
AND accessLevelsId = '{{ accessLevelsId }}' -- required
AND accessLevelFormat = '{{ accessLevelFormat }}';
Lists all access levels for an access policy.
SELECT
name,
basic,
custom,
description,
title
FROM google.accesscontextmanager.access_levels
WHERE accessPoliciesId = '{{ accessPoliciesId }}' -- required
AND pageSize = '{{ pageSize }}'
AND pageToken = '{{ pageToken }}'
AND accessLevelFormat = '{{ accessLevelFormat }}';
INSERT examples
- create
- Manifest
Creates an access level. The long-running operation from this RPC has a successful status after the access level propagates to long-lasting storage. If access levels contain errors, an error response is returned for the first error encountered.
INSERT INTO google.accesscontextmanager.access_levels (
data__name,
data__title,
data__description,
data__basic,
data__custom,
accessPoliciesId
)
SELECT
'{{ name }}',
'{{ title }}',
'{{ description }}',
'{{ basic }}',
'{{ custom }}',
'{{ accessPoliciesId }}'
RETURNING
name,
done,
error,
metadata,
response
;
# Description fields are for documentation purposes
- name: access_levels
props:
- name: accessPoliciesId
value: string
description: Required parameter for the access_levels resource.
- name: name
value: string
description: >
Identifier. Resource name for the `AccessLevel`. Format: `accessPolicies/{access_policy}/accessLevels/{access_level}`. The `access_level` component must begin with a letter, followed by alphanumeric characters or `_`. Its maximum length is 50 characters. After you create an `AccessLevel`, you cannot change its `name`.
- name: title
value: string
description: >
Human readable title. Must be unique within the Policy.
- name: description
value: string
description: >
Description of the `AccessLevel` and its use. Does not affect behavior.
- name: basic
value: object
description: >
A `BasicLevel` composed of `Conditions`.
- name: custom
value: object
description: >
A `CustomLevel` written in the Common Expression Language.
UPDATE examples
- patch
Updates an access level. The long-running operation from this RPC has a successful status after the changes to the access level propagate to long-lasting storage. If access levels contain errors, an error response is returned for the first error encountered.
UPDATE google.accesscontextmanager.access_levels
SET
data__name = '{{ name }}',
data__title = '{{ title }}',
data__description = '{{ description }}',
data__basic = '{{ basic }}',
data__custom = '{{ custom }}'
WHERE
accessPoliciesId = '{{ accessPoliciesId }}' --required
AND accessLevelsId = '{{ accessLevelsId }}' --required
AND updateMask = '{{ updateMask}}'
RETURNING
name,
done,
error,
metadata,
response;
REPLACE examples
- replace_all
Replaces all existing access levels in an access policy with the access levels provided. This is done atomically. The long-running operation from this RPC has a successful status after all replacements propagate to long-lasting storage. If the replacement contains errors, an error response is returned for the first error encountered. Upon error, the replacement is cancelled, and existing access levels are not affected. The Operation.response field contains ReplaceAccessLevelsResponse. Removing access levels contained in existing service perimeters result in an error.
REPLACE google.accesscontextmanager.access_levels
SET
data__accessLevels = '{{ accessLevels }}',
data__etag = '{{ etag }}'
WHERE
accessPoliciesId = '{{ accessPoliciesId }}' --required
RETURNING
name,
done,
error,
metadata,
response;
DELETE examples
- delete
Deletes an access level based on the resource name. The long-running operation from this RPC has a successful status after the access level has been removed from long-lasting storage.
DELETE FROM google.accesscontextmanager.access_levels
WHERE accessPoliciesId = '{{ accessPoliciesId }}' --required
AND accessLevelsId = '{{ accessLevelsId }}' --required;