SecuritySettings

The definiion of security settings.

JSON representation
{ "name" : string , "memberRestriction" : { object ( `MemberRestriction` ) } }

Fields

Fields
`name`	`string` Output only. The resource name of the security settings. Shall be of the form `groups/{groupId}/securitySettings` .
`memberRestriction`	`object ( MemberRestriction )` The Member Restriction value

name

string

Output only. The resource name of the security settings.

Shall be of the form groups/{groupId}/securitySettings .

memberRestriction

The Member Restriction value

MemberRestriction

The definition of MemberRestriction

JSON representation
{ "query" : string , "evaluation" : { object ( `RestrictionEvaluation` ) } }

Fields

Fields
`query`	`string` Member Restriction as defined by CEL expression. Supported restrictions are: `member.customer_id` and `member.type` . Valid values for `member.type` are `1` , `2` and `3` . They correspond to USER, SERVICE_ACCOUNT, and GROUP respectively. The value for `member.customer_id` only supports `groupCustomerId()` currently which means the customer id of the group will be used for restriction. Supported operators are `&&` , `\|\|` and `==` , corresponding to AND, OR, and EQUAL. Examples: Allow only service accounts of given customer to be members. `member.type == 2 && member.customer_id == groupCustomerId()` Allow only users or groups to be members. `member.type == 1 \|\| member.type == 3`
`evaluation`	`object ( RestrictionEvaluation )` The evaluated state of this restriction on a group.

query

string

Member Restriction as defined by CEL expression. Supported restrictions are: member.customer_id and member.type .

Valid values for member.type are 1 , 2 and 3 . They correspond to USER, SERVICE_ACCOUNT, and GROUP respectively.

The value for member.customer_id only supports groupCustomerId() currently which means the customer id of the group will be used for restriction.

Supported operators are && , || and == , corresponding to AND, OR, and EQUAL.

Examples: Allow only service accounts of given customer to be members.

member.type == 2 && member.customer_id == groupCustomerId()

Allow only users or groups to be members.

member.type == 1 || member.type == 3

evaluation

The evaluated state of this restriction on a group.

The evaluated state of this restriction.

JSON representation
{ "state" : enum ( `State` ) }

Fields

Fields
`state`	`enum ( State )` Output only. The current state of the restriction

state

enum ( State )

Output only. The current state of the restriction

All possible states of a restriction.

Enums
`STATE_UNSPECIFIED`	Default. Should not be used.
`EVALUATING`	The restriction state is currently being evaluated.
`COMPLIANT`	All transitive memberships are adhering to restriction.
`FORWARD_COMPLIANT`	Some transitive memberships violate the restriction. No new violating memberships can be added.
`NON_COMPLIANT`	Some transitive memberships violate the restriction. New violating direct memberships will be denied while indirect memberships may be added.