The input identities contains an array of service accounts to grant access to the respective control plane resource, with each service account specified using the following format:serviceAccount:***service-account-name***.
Theservice-account-nameis formatted like an email address. For example:my-control-plane-serviceAccount@my_project_id.iam.gserviceaccount.com
You might specify multiple service accounts, for example, if you have multiple environments and wish to assign a unique service account to each one.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-03 UTC."],[[["\u003cp\u003e\u003ccode\u003eControlPlaneAccess\u003c/code\u003e is used as both the request and response body for updating and retrieving control plane access information via the \u003ccode\u003eorganizations.updateControlPlaneAccess\u003c/code\u003e and \u003ccode\u003eorganizations.getControlPlaneAccess\u003c/code\u003e APIs.\u003c/p\u003e\n"],["\u003cp\u003eInput identities for control plane access are specified as an array of service accounts, formatted as \u003ccode\u003eserviceAccount:\u003c/code\u003e***service-account-name***, with each name resembling an email address.\u003c/p\u003e\n"],["\u003cp\u003eThe JSON representation of \u003ccode\u003eControlPlaneAccess\u003c/code\u003e includes \u003ccode\u003ename\u003c/code\u003e, \u003ccode\u003esynchronizerIdentities\u003c/code\u003e, and \u003ccode\u003eanalyticsPublisherIdentities\u003c/code\u003e, where the last two are arrays of service accounts.\u003c/p\u003e\n"],["\u003cp\u003e\u003ccode\u003esynchronizerIdentities\u003c/code\u003e are service accounts granted access to control plane resources for the Synchronizer, and these service accounts must have the \u003cstrong\u003eApigee Synchronizer Manager\u003c/strong\u003e role.\u003c/p\u003e\n"],["\u003cp\u003e\u003ccode\u003eanalyticsPublisherIdentities\u003c/code\u003e are service accounts that are authorized to publish analytics data to the control plane, typically for the Message Processor component.\u003c/p\u003e\n"]]],[],null,["# ControlPlaneAccess\n\n- [JSON representation](#SCHEMA_REPRESENTATION)\n\nControlPlaneAccess is the request body and response body of [organizations.updateControlPlaneAccess](/apigee/docs/reference/apis/apigee/rest/v1/organizations/updateControlPlaneAccess#google.cloud.apigee.v1.OrganizationService.UpdateControlPlaneAccess). and the response body of [organizations.getControlPlaneAccess](/apigee/docs/reference/apis/apigee/rest/v1/organizations/getControlPlaneAccess#google.cloud.apigee.v1.OrganizationService.GetControlPlaneAccess).\n\nThe input identities contains an array of service accounts to grant access to the respective control plane resource, with each service account specified using the following format: `serviceAccount:`\\*\\*\\*service-account-name\\*\\*\\*.\n\nThe ***service-account-name*** is formatted like an email address. For example: `my-control-plane-serviceAccount@my_project_id.iam.gserviceaccount.com`\n\nYou might specify multiple service accounts, for example, if you have multiple environments and wish to assign a unique service account to each one."]]
