Cloud KMS V1 Client - Class AccessReason (2.5.2)

Reference documentation and code samples for the Cloud KMS V1 Client class AccessReason.

Describes the reason for a data access. Please refer to https://cloud.google.com/assured-workloads/key-access-justifications/docs/justification-codes for the detailed semantic meaning of justification reason codes.

Protobuf type google.cloud.kms.v1.AccessReason

  Value: 0 
 

Unspecified access reason.

Generated from protobuf enum REASON_UNSPECIFIED = 0;

  Value: 1 
 

Customer-initiated support.

Generated from protobuf enum CUSTOMER_INITIATED_SUPPORT = 1;

  Value: 2 
 

Google-initiated access for system management and troubleshooting.

Generated from protobuf enum GOOGLE_INITIATED_SERVICE = 2;

  Value: 3 
 

Google-initiated access in response to a legal request or legal process.

Generated from protobuf enum THIRD_PARTY_DATA_REQUEST = 3;

  Value: 4 
 

Google-initiated access for security, fraud, abuse, or compliance purposes.

Generated from protobuf enum GOOGLE_INITIATED_REVIEW = 4;

  Value: 5 
 

Customer uses their account to perform any access to their own data which their IAM policy authorizes.

Generated from protobuf enum CUSTOMER_INITIATED_ACCESS = 5;

  Value: 6 
 

Google systems access customer data to help optimize the structure of the data or quality for future uses by the customer.

Generated from protobuf enum GOOGLE_INITIATED_SYSTEM_OPERATION = 6;

  Value: 7 
 

No reason is expected for this key request.

Generated from protobuf enum REASON_NOT_EXPECTED = 7;

  Value: 8 
 

Deprecated: This code is no longer generated by Google Cloud. The GOOGLE_RESPONSE_TO_PRODUCTION_ALERT justification codes available in both Key Access Justifications and Access Transparency logs provide customer-visible signals of emergency access in more precise contexts.

Customer uses their account to perform any access to their own data which their IAM policy authorizes, and one of the following is true:

• A Google administrator has reset the root-access account associated with the user's organization within the past 7 days.
• A Google-initiated emergency access operation has interacted with a resource in the same project or folder as the currently accessed resource within the past 7 days.

Generated from protobuf enum MODIFIED_CUSTOMER_INITIATED_ACCESS = 8 [deprecated = true];

  Value: 9 
 

Deprecated: This code is no longer generated by Google Cloud. The GOOGLE_RESPONSE_TO_PRODUCTION_ALERT justification codes available in both Key Access Justifications and Access Transparency logs provide customer-visible signals of emergency access in more precise contexts.

Google systems access customer data to help optimize the structure of the data or quality for future uses by the customer, and one of the following is true:

• A Google administrator has reset the root-access account associated with the user's organization within the past 7 days.
• A Google-initiated emergency access operation has interacted with a resource in the same project or folder as the currently accessed resource within the past 7 days.

Generated from protobuf enum MODIFIED_GOOGLE_INITIATED_SYSTEM_OPERATION = 9 [deprecated = true];

  Value: 10 
 

Google-initiated access to maintain system reliability.

Generated from protobuf enum GOOGLE_RESPONSE_TO_PRODUCTION_ALERT = 10;

  Value: 11 
 

One of the following operations is being executed while simultaneously encountering an internal technical issue which prevented a more precise justification code from being generated:

• Your account has been used to perform any access to your own data which your IAM policy authorizes.

• An automated Google system operates on encrypted customer data which your IAM policy authorizes.

• Customer-initiated Google support access.
• Google-initiated support access to protect system reliability.

Generated from protobuf enum CUSTOMER_AUTHORIZED_WORKFLOW_SERVICING = 11;