Console
    Contact Us Start free

    Method: accessPolicies.create

    Creates an access policy. This method fails if the organization already has an access policy. The long-running operation has a successful status after the access policy propagates to long-lasting storage. Syntactic and basic semantic errors are returned in metadata as a BadRequest proto.

    HTTP request

    POST https://accesscontextmanager.googleapis.com/v1alpha/accessPolicies

    The URL uses gRPC Transcoding syntax.

    Request body

    The request body contains data with the following structure:

    JSON representation 
     { 
 "name" 
 : 
 string 
 , 
 "parent" 
 : 
 string 
 , 
 "title" 
 : 
 string 
 , 
 "scopes" 
 : 
 [ 
 string 
 ] 
 , 
 "etag" 
 : 
 string 
 }
    Fields
    name

    string

    Identifier. Resource name of the AccessPolicy . Format: accessPolicies/{access_policy}

    parent

    string

    Immutable. The parent of this AccessPolicy in the Cloud Resource Hierarchy Format: organizations/{organizationId}

    title

    string

    Required. Human readable title. Does not affect behavior.

    scopes[]

    string

    The scopes of the AccessPolicy . Scopes define which resources a policy can restrict and where its resources can be referenced. For example, policy A with scopes=["folders/123"] has the following behavior:

    • ServicePerimeter can only restrict projects within folders/123 .
    • ServicePerimeter within policy A can only reference access levels defined within policy A.
    • Only one policy can include a given scope; thus, attempting to create a second policy which includes folders/123 will result in an error.

    If no scopes are provided, then any resource within the organization can be restricted. Scopes cannot be modified after a policy is created. Policies can only have a single scope. Format: list of folders/{folder_number} or projects/{projectNumber}

    etag

    string

    Output only. An opaque identifier for the current version of the AccessPolicy . This will always be a strongly validated etag, meaning that two Access Policies will be identical if and only if their etags are identical. Clients should not expect this to be in any specific format.

    Response body

    If successful, the response body contains a newly created instance of Operation .

    Authorization scopes

    Requires the following OAuth scope:

    • https://www.googleapis.com/auth/cloud-platform

    For more information, see the Authentication Overview .
    Design a Mobile Site
    View Site in Mobile | Classic
    Share by: