diff options
Diffstat (limited to 'google/iam/iam_meta_api.yaml')
-rw-r--r-- | google/iam/iam_meta_api.yaml | 85 |
1 files changed, 0 insertions, 85 deletions
diff --git a/google/iam/iam_meta_api.yaml b/google/iam/iam_meta_api.yaml deleted file mode 100644 index 939856790..000000000 --- a/google/iam/iam_meta_api.yaml +++ /dev/null @@ -1,85 +0,0 @@ -type: google.api.Service -config_version: 2 -name: iam-meta-api.googleapis.com -title: IAM Meta API - -apis: -- name: google.iam.v1.IAMPolicy - -types: -- name: google.iam.v1.PolicyDelta - -documentation: - summary: Manages access control for Google Cloud Platform resources. - overview: |- - # Google Identity and Access Management (IAM) API - - Documentation of the access control API that will be implemented by all - 1st party services provided by the Google Cloud Platform (like Cloud - Storage, Compute Engine, App Engine). - - Any implementation of an API that offers access control features - will implement the google.iam.v1.IAMPolicy interface. - - ## Data model - - Access control is applied when a principal (user or service account), - takes some action on a resource exposed by a service. Resources, - identified by - URI-like names, are the unit of access control specification. It is up to - the service implementations to choose what granularity of access control - to support and what set of actions (permissions) to support for the - resources - they provide. For example one database service may allow access control to - be specified only at the Table level, whereas another might allow access - control to also be specified at the Column level. - - This is intentionally not a CRUD style API because access control policies - are created and deleted implicitly with the resources to which they are - attached. - - ## Policy - - A `Policy` consists of a list of bindings. A `Binding` binds a set of - members to a role, where the members can include user accounts, user - groups, user - domains, and service accounts. A role is a named set of permissions, - defined by the IAM system. The definition of a role is outside the - policy. - - A permission check involves determining the roles that include the - specified permission, and then determining if the principal specified by - the check is a member of a binding to at least one of these roles. The - membership check is recursive when a group is bound to a role. - rules: - - selector: google.iam.v1.IAMPolicy.GetIamPolicy - description: |- - Gets the access control policy for a resource. Returns an empty policy - if the resource exists and does not have a policy set. - - - selector: google.iam.v1.IAMPolicy.SetIamPolicy - description: |- - Sets the access control policy on the specified resource. Replaces - any existing policy. - - - selector: google.iam.v1.IAMPolicy.TestIamPermissions - description: |- - Returns permissions that a caller has on the specified resource. If the - resource does not exist, this will return an empty set of - permissions, not a NOT_FOUND error. - - Note: This operation is designed to be used for building - permission-aware UIs and command-line tools, not for authorization - checking. This operation may "fail open" without warning. - -http: - rules: - - selector: google.iam.v1.IAMPolicy.GetIamPolicy - post: '/v1/{resource=**}:getIamPolicy' - body: '*' - - selector: google.iam.v1.IAMPolicy.SetIamPolicy - post: '/v1/{resource=**}:setIamPolicy' - body: '*' - - selector: google.iam.v1.IAMPolicy.TestIamPermissions - post: '/v1/{resource=**}:testIamPermissions' - body: '*' |