backup_schedules_iam_policies

Creates, updates, deletes, gets or lists a backup_schedules_iam_policies resource.

Overview

Name	`backup_schedules_iam_policies`
Type	Resource
Id	`google.spanner.backup_schedules_iam_policies`

Fields

The following fields are returned by SELECT queries:

projects_instances_databases_backup_schedules_get_iam_policy

Successful response

Name	Datatype	Description
`condition`	`object`	The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the IAM documentation. (id: Expr)
`members`	`array`	Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a Kubernetes service account. For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workforce identity pool. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`: All workforce identities in a group. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All workforce identities with a specific attribute value. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/`: All identities in a workforce identity pool. `principal://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workload identity pool. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload identity pool group. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All identities in a workload identity pool with a certain attribute. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/`: All identities in a workload identity pool. `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: Deleted single identity in a workforce identity pool. For example, `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`.
`role`	`string`	Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. For an overview of the IAM roles and permissions, see the IAM documentation. For a list of the available pre-defined roles, see here.

Methods

The following methods are available for this resource:

Name	Accessible by	Required Params	Description
`projects_instances_databases_backup_schedules_get_iam_policy`	`select`	`projectsId`, `instancesId`, `databasesId`, `backupSchedulesId`	Gets the access control policy for a database or backup resource. Returns an empty policy if a database or backup exists but does not have a policy set. Authorization requires `spanner.databases.getIamPolicy` permission on resource. For backups, authorization requires `spanner.backups.getIamPolicy` permission on resource. For backup schedules, authorization requires `spanner.backupSchedules.getIamPolicy` permission on resource.
`projects_instances_databases_backup_schedules_set_iam_policy`	`replace`	`projectsId`, `instancesId`, `databasesId`, `backupSchedulesId`	Sets the access control policy on a database or backup resource. Replaces any existing policy. Authorization requires `spanner.databases.setIamPolicy` permission on resource. For backups, authorization requires `spanner.backups.setIamPolicy` permission on resource. For backup schedules, authorization requires `spanner.backupSchedules.setIamPolicy` permission on resource.
`projects_instances_databases_backup_schedules_test_iam_permissions`	`exec`	`projectsId`, `instancesId`, `databasesId`, `backupSchedulesId`	Returns permissions that the caller has on the specified database or backup resource. Attempting this RPC on a non-existent Cloud Spanner database will result in a NOT_FOUND error if the user has `spanner.databases.list` permission on the containing Cloud Spanner instance. Otherwise returns an empty set of permissions. Calling this method on a backup that does not exist will result in a NOT_FOUND error if the user has `spanner.backups.list` permission on the containing instance. Calling this method on a backup schedule that does not exist will result in a NOT_FOUND error if the user has `spanner.backupSchedules.list` permission on the containing database.

Parameters

Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.

Name	Datatype	Description
`backupSchedulesId`	`string`
`databasesId`	`string`
`instancesId`	`string`
`projectsId`	`string`

`SELECT` examples

projects_instances_databases_backup_schedules_get_iam_policy

Gets the access control policy for a database or backup resource. Returns an empty policy if a database or backup exists but does not have a policy set. Authorization requires spanner.databases.getIamPolicy permission on resource. For backups, authorization requires spanner.backups.getIamPolicy permission on resource. For backup schedules, authorization requires spanner.backupSchedules.getIamPolicy permission on resource.

SELECT
condition,
members,
role
FROM google.spanner.backup_schedules_iam_policies
WHERE projectsId = '{{ projectsId }}' -- required
AND instancesId = '{{ instancesId }}' -- required
AND databasesId = '{{ databasesId }}' -- required
AND backupSchedulesId = '{{ backupSchedulesId }}' -- required;

`REPLACE` examples

projects_instances_databases_backup_schedules_set_iam_policy

Sets the access control policy on a database or backup resource. Replaces any existing policy. Authorization requires spanner.databases.setIamPolicy permission on resource. For backups, authorization requires spanner.backups.setIamPolicy permission on resource. For backup schedules, authorization requires spanner.backupSchedules.setIamPolicy permission on resource.

REPLACE google.spanner.backup_schedules_iam_policies
SET 
data__policy = '{{ policy }}'
WHERE 
projectsId = '{{ projectsId }}' --required
AND instancesId = '{{ instancesId }}' --required
AND databasesId = '{{ databasesId }}' --required
AND backupSchedulesId = '{{ backupSchedulesId }}' --required
RETURNING
bindings,
etag,
version;

Lifecycle Methods

projects_instances_databases_backup_schedules_test_iam_permissions

Returns permissions that the caller has on the specified database or backup resource. Attempting this RPC on a non-existent Cloud Spanner database will result in a NOT_FOUND error if the user has spanner.databases.list permission on the containing Cloud Spanner instance. Otherwise returns an empty set of permissions. Calling this method on a backup that does not exist will result in a NOT_FOUND error if the user has spanner.backups.list permission on the containing instance. Calling this method on a backup schedule that does not exist will result in a NOT_FOUND error if the user has spanner.backupSchedules.list permission on the containing database.

EXEC google.spanner.backup_schedules_iam_policies.projects_instances_databases_backup_schedules_test_iam_permissions 
@projectsId='{{ projectsId }}' --required, 
@instancesId='{{ instancesId }}' --required, 
@databasesId='{{ databasesId }}' --required, 
@backupSchedulesId='{{ backupSchedulesId }}' --required 
@@json=
'{
"permissions": "{{ permissions }}"
}';

Overview​

Fields​

Methods​

Parameters​

SELECT examples​

REPLACE examples​

Lifecycle Methods​