Reference documentation and code samples for the Google Cloud Security Command Center V1 Client class Access.
Represents an access event.
Generated from protobuf message google.cloud.securitycenter.v1.Access
Namespace
Google \ Cloud \ SecurityCenter \ V1Methods
__construct
Constructor.
data
array
Optional. Data for populating the Message object.
↳ principal_email
string
Associated email, such as "foo@google.com". The email address of the authenticated user or a service account acting on behalf of a third party principal making the request. For third party identity callers, the principal_subject
field is populated instead of this field. For privacy reasons, the principal email address is sometimes redacted. For more information, see Caller identities in audit logs
.
↳ caller_ip
string
Caller's IP address, such as "1.1.1.1".
↳ caller_ip_geo
Google\Cloud\SecurityCenter\V1\Geolocation
The caller IP's geolocation, which identifies where the call came from.
↳ user_agent_family
string
Type of user agent associated with the finding. For example, an operating system shell or an embedded or standalone application.
↳ user_agent
string
The caller's user agent string associated with the finding.
↳ service_name
string
This is the API service that the service account made a call to, e.g. "iam.googleapis.com"
↳ method_name
string
The method that the service account called, e.g. "SetIamPolicy".
↳ principal_subject
string
A string that represents the principal_subject that is associated with the identity. Unlike principal_email
, principal_subject
supports principals that aren't associated with email addresses, such as third party principals. For most identities, the format is principal://iam.googleapis.com/{identity pool name}/subject/{subject}
. Some GKE identities, such as GKE_WORKLOAD, FREEFORM, and GKE_HUB_WORKLOAD, still use the legacy format serviceAccount:{identity pool name}[{subject}]
.
↳ service_account_key_name
string
The name of the service account key that was used to create or exchange credentials when authenticating the service account that made the request. This is a scheme-less URI full resource name. For example: "//iam.googleapis.com/projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}".
↳ service_account_delegation_info
array< Google\Cloud\SecurityCenter\V1\ServiceAccountDelegationInfo
>
The identity delegation history of an authenticated service account that made the request. The serviceAccountDelegationInfo[]
object contains information about the real authorities that try to access Google Cloud resources by delegating on a service account. When multiple authorities are present, they are guaranteed to be sorted based on the original ordering of the identity delegation events.
↳ user_name
string
A string that represents a username. The username provided depends on the type of the finding and is likely not an IAM principal. For example, this can be a system username if the finding is related to a virtual machine, or it can be an application login username.
getPrincipalEmail
Associated email, such as "foo@google.com".
The email address of the authenticated user or a service account acting on
behalf of a third party principal making the request. For third party
identity callers, the principal_subject
field is populated instead of
this field. For privacy reasons, the principal email address is sometimes
redacted. For more information, see Caller identities in audit
logs
.
string
setPrincipalEmail
Associated email, such as "foo@google.com".
The email address of the authenticated user or a service account acting on
behalf of a third party principal making the request. For third party
identity callers, the principal_subject
field is populated instead of
this field. For privacy reasons, the principal email address is sometimes
redacted. For more information, see Caller identities in audit
logs
.
var
string
$this
getCallerIp
Caller's IP address, such as "1.1.1.1".
string
setCallerIp
Caller's IP address, such as "1.1.1.1".
var
string
$this
getCallerIpGeo
The caller IP's geolocation, which identifies where the call came from.
hasCallerIpGeo
clearCallerIpGeo
setCallerIpGeo
The caller IP's geolocation, which identifies where the call came from.
$this
getUserAgentFamily
Type of user agent associated with the finding. For example, an operating system shell or an embedded or standalone application.
string
setUserAgentFamily
Type of user agent associated with the finding. For example, an operating system shell or an embedded or standalone application.
var
string
$this
getUserAgent
The caller's user agent string associated with the finding.
string
setUserAgent
The caller's user agent string associated with the finding.
var
string
$this
getServiceName
This is the API service that the service account made a call to, e.g.
"iam.googleapis.com"
string
setServiceName
This is the API service that the service account made a call to, e.g.
"iam.googleapis.com"
var
string
$this
getMethodName
The method that the service account called, e.g. "SetIamPolicy".
string
setMethodName
The method that the service account called, e.g. "SetIamPolicy".
var
string
$this
getPrincipalSubject
A string that represents the principal_subject that is associated with the
identity. Unlike principal_email
, principal_subject
supports principals
that aren't associated with email addresses, such as third party
principals. For most identities, the format is principal://iam.googleapis.com/{identity pool name}/subject/{subject}
.
Some GKE identities, such as GKE_WORKLOAD, FREEFORM, and GKE_HUB_WORKLOAD,
still use the legacy format serviceAccount:{identity pool
name}[{subject}]
.
string
setPrincipalSubject
A string that represents the principal_subject that is associated with the
identity. Unlike principal_email
, principal_subject
supports principals
that aren't associated with email addresses, such as third party
principals. For most identities, the format is principal://iam.googleapis.com/{identity pool name}/subject/{subject}
.
Some GKE identities, such as GKE_WORKLOAD, FREEFORM, and GKE_HUB_WORKLOAD,
still use the legacy format serviceAccount:{identity pool
name}[{subject}]
.
var
string
$this
getServiceAccountKeyName
The name of the service account key that was used to create or exchange credentials when authenticating the service account that made the request.
This is a scheme-less URI full resource name. For example: "//iam.googleapis.com/projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}".
string
setServiceAccountKeyName
The name of the service account key that was used to create or exchange credentials when authenticating the service account that made the request.
This is a scheme-less URI full resource name. For example: "//iam.googleapis.com/projects/{PROJECT_ID}/serviceAccounts/{ACCOUNT}/keys/{key}".
var
string
$this
getServiceAccountDelegationInfo
The identity delegation history of an authenticated service account that
made the request. The serviceAccountDelegationInfo[]
object contains
information about the real authorities that try to access Google Cloud
resources by delegating on a service account. When multiple authorities are
present, they are guaranteed to be sorted based on the original ordering of
the identity delegation events.
setServiceAccountDelegationInfo
The identity delegation history of an authenticated service account that
made the request. The serviceAccountDelegationInfo[]
object contains
information about the real authorities that try to access Google Cloud
resources by delegating on a service account. When multiple authorities are
present, they are guaranteed to be sorted based on the original ordering of
the identity delegation events.
$this
getUserName
A string that represents a username. The username provided depends on the type of the finding and is likely not an IAM principal. For example, this can be a system username if the finding is related to a virtual machine, or it can be an application login username.
string
setUserName
A string that represents a username. The username provided depends on the type of the finding and is likely not an IAM principal. For example, this can be a system username if the finding is related to a virtual machine, or it can be an application login username.
var
string
$this
