SecuritySettings

The definiion of security settings.

JSON representation
{ "name": string, "memberRestriction": { object (`MemberRestriction`) } }

Fields

Fields
`name`	`string` Output only. The resource name of the security settings. Shall be of the form `groups/{groupId}/securitySettings`.
`memberRestriction`	`object (MemberRestriction)` The Member Restriction value

name

string

Output only. The resource name of the security settings.

Shall be of the form groups/{groupId}/securitySettings.

memberRestriction

The Member Restriction value

MemberRestriction

The definition of MemberRestriction

JSON representation
{ "query": string, "evaluation": { object (`RestrictionEvaluation`) } }

Fields

Fields
`query`	`string` Member Restriction as defined by CEL expression. Supported restrictions are: `member.customer_id` and `member.type`. Valid values for `member.type` are `1`, `2` and `3`. They correspond to USER, SERVICE_ACCOUNT, and GROUP respectively. The value for `member.customer_id` only supports `groupCustomerId()` currently which means the customer id of the group will be used for restriction. Supported operators are `&&`, `\|\|` and `==`, corresponding to AND, OR, and EQUAL. Examples: Allow only service accounts of given customer to be members. `member.type == 2 && member.customer_id == groupCustomerId()` Allow only users or groups to be members. `member.type == 1 \|\| member.type == 3`
`evaluation`	`object (RestrictionEvaluation)` The evaluated state of this restriction on a group.

query

string

Member Restriction as defined by CEL expression. Supported restrictions are: member.customer_id and member.type.

Valid values for member.type are 1, 2 and 3. They correspond to USER, SERVICE_ACCOUNT, and GROUP respectively.

The value for member.customer_id only supports groupCustomerId() currently which means the customer id of the group will be used for restriction.

Supported operators are &&, || and ==, corresponding to AND, OR, and EQUAL.

Examples: Allow only service accounts of given customer to be members.

member.type == 2 && member.customer_id == groupCustomerId()

Allow only users or groups to be members.

member.type == 1 || member.type == 3

evaluation

The evaluated state of this restriction on a group.

The evaluated state of this restriction.

JSON representation
{ "state": enum (`State`) }

Fields

Fields
`state`	`enum (State)` Output only. The current state of the restriction

state

enum (State)

Output only. The current state of the restriction

All possible states of a restriction.

Enums
`STATE_UNSPECIFIED`	Default. Should not be used.
`EVALUATING`	The restriction state is currently being evaluated.
`COMPLIANT`	All transitive memberships are adhering to restriction.
`FORWARD_COMPLIANT`	Some transitive memberships violate the restriction. No new violating memberships can be added.
`NON_COMPLIANT`	Some transitive memberships violate the restriction. New violating direct memberships will be denied while indirect memberships may be added.