cloudasset_iam_policies
Creates, updates, deletes, gets or lists a cloudasset_iam_policies resource.
Overview
| Name | cloudasset_iam_policies |
| Type | Resource |
| Id | google.cloudasset.cloudasset_iam_policies |
Fields
The following fields are returned by SELECT queries:
- batch_get
Successful response
| Name | Datatype | Description |
|---|---|---|
policyResults | array | The effective policies for a batch of resources. Note that the results order is the same as the order of BatchGetEffectiveIamPoliciesRequest.names. When a resource does not have any effective IAM policies, its corresponding policy_result will contain empty EffectiveIamPolicy.policies. |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
batch_get | select | scope | names | Gets effective IAM policies for a batch of resources. |
analyze_iam_policy_longrunning | exec | scope | Analyzes IAM policies asynchronously to answer which identities have what accesses on which resources, and writes the analysis results to a Google Cloud Storage or a BigQuery destination. For Cloud Storage destination, the output format is the JSON format that represents a AnalyzeIamPolicyResponse. This method implements the google.longrunning.Operation, which allows you to track the operation status. We recommend intervals of at least 2 seconds with exponential backoff retry to poll the operation result. The metadata contains the metadata for the long-running operation. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
scope | string | |
names | string |
SELECT examples
- batch_get
Gets effective IAM policies for a batch of resources.
SELECT
policyResults
FROM google.cloudasset.cloudasset_iam_policies
WHERE scope = '{{ scope }}' -- required
AND names = '{{ names }}';
Lifecycle Methods
- analyze_iam_policy_longrunning
Analyzes IAM policies asynchronously to answer which identities have what accesses on which resources, and writes the analysis results to a Google Cloud Storage or a BigQuery destination. For Cloud Storage destination, the output format is the JSON format that represents a AnalyzeIamPolicyResponse. This method implements the google.longrunning.Operation, which allows you to track the operation status. We recommend intervals of at least 2 seconds with exponential backoff retry to poll the operation result. The metadata contains the metadata for the long-running operation.
EXEC google.cloudasset.cloudasset_iam_policies.analyze_iam_policy_longrunning
@scope='{{ scope }}' --required
@@json=
'{
"analysisQuery": "{{ analysisQuery }}",
"savedAnalysisQuery": "{{ savedAnalysisQuery }}",
"outputConfig": "{{ outputConfig }}"
}';