REST Resource: roleAssignments

    Resource: RoleAssignment

    Defines an assignment of a role.

    JSON representation 
     { 
 "roleAssignmentId" 
 : 
 string 
 , 
 "roleId" 
 : 
 string 
 , 
 "kind" 
 : 
 string 
 , 
 "etag" 
 : 
 string 
 , 
 "assignedTo" 
 : 
 string 
 , 
 "assigneeType" 
 : 
 enum (  AssigneeType 
 
) 
 , 
 "scopeType" 
 : 
 string 
 , 
 "orgUnitId" 
 : 
 string 
 , 
 "condition" 
 : 
 string 
 }
    Fields
    roleAssignmentId

    string ( int64 format)

    ID of this roleAssignment.

    roleId

    string ( int64 format)

    The ID of the role that is assigned.

    kind

    string

    The type of the API resource. This is always admin#directory#roleAssignment .

    etag

    string

    ETag of the resource.

    assignedTo

    string

    The unique ID of the entity this role is assigned to—either the userId of a user, the groupId of a group, or the uniqueId of a service account as defined in Identity and Access Management (IAM) .

    assigneeType

    enum ( AssigneeType )

    Output only. The type of the assignee ( USER or GROUP ).

    scopeType

    string

    The scope in which this role is assigned.

    Acceptable values are:

    • CUSTOMER
    • ORG_UNIT
    orgUnitId

    string

    If the role is restricted to an organization unit, this contains the ID for the organization unit the exercise of this role is restricted to.

    condition

    string

    Optional. The condition associated with this role assignment.

    Note: Feature is available to Enterprise Standard, Enterprise Plus, Google Workspace for Education Plus and Cloud Identity Premium customers.

    A RoleAssignment with the condition field set will only take effect when the resource being accessed meets the condition. If condition is empty, the role ( roleId ) is applied to the actor ( assignedTo ) at the scope ( scopeType ) unconditionally.

    Currently, the following conditions are supported:

    • To make the RoleAssignment only applicable to Security Groups : api.getAttribute('cloudidentity.googleapis.com/groups.labels', []).hasAny(['groups.security']) && resource.type == 'cloudidentity.googleapis.com/Group'

    • To make the RoleAssignment not applicable to Security Groups : !api.getAttribute('cloudidentity.googleapis.com/groups.labels', []).hasAny(['groups.security']) && resource.type == 'cloudidentity.googleapis.com/Group'

    Currently, the condition strings have to be verbatim and they only work with the following pre-built administrator roles :

    • Groups Editor
    • Groups Reader

    The condition follows Cloud IAM condition syntax .

    • To make the RoleAssignment not applicable to Locked Groups : !api.getAttribute('cloudidentity.googleapis.com/groups.labels', []).hasAny(['groups.locked']) && resource.type == 'cloudidentity.googleapis.com/Group'

    This condition can also be used in conjunction with a Security-related condition.

    AssigneeType

    The type of identity to which a role is assigned.

    Enums
    USER An individual user within the domain.
    GROUP A group within the domain.

    Methods

    delete

    		Deletes a role assignment.

    get

    		Retrieves a role assignment.

    insert

    		Creates a role assignment.

    list

    		Retrieves a paginated list of all roleAssignments.
    Design a Mobile Site
    View Site in Mobile | Classic
    Share by: