A RetroSearch Logo

Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Search Query:

Showing content from http://cloud.google.com/access-context-manager/docs/access-level-attributes below:

Access level attributes | Access Context Manager

Skip to main content Access level attributes

Stay organized with collections Save and categorize content based on your preferences.

Access levels define various attributes that are used to filter requests made to certain resources. The following table lists the attributes supported by access levels and provides additional details about each attribute.

When you create or modify an access level using the gcloud command-line tool, you must format the attributes in YAML. This table includes the YAML syntax for each attribute, and the valid values. Links to the REST and RPC reference information for each attribute are also included.

For more information about access levels and YAML, refer to the example YAML for an access level.

You can include the following attributes in your access level:

Attributes IP subnetworks Description

Checks whether a request is coming from one or more IPv4 and/or IPv6 CIDR blocks that you specify.

When you specify more than one IP subnetwork, the values you enter are combined using an OR operator when the condition is evaluated. The request has to match any one of the values that you specify in order for the condition to evaluate to true.

YAML ipSubnetworks Valid values A list of one or more IPv4 and/or IPv6 CIDR blocks. API reference Regions Description

Checks whether a request originated from a specific region. Regions are identified by the corresponding ISO 3166-1 alpha-2 codes.

Caution: The origin of a request is determined by the geolocation of the IP address that the request originated from. Because of this, the region attribute only works for requests that originate from a public IP address.

Because private IP addresses cannot be geolocated, access levels that require a region will always deny requests from private IP addresses and do not support requests made using Private Google Access.

When you specify more than one region, the values you enter are ORd when the condition is evaluated. Users are granted access if they are in one of the regions that you specify.

YAML regions Valid values A list of one or more ISO 3166-1 alpha-2 codes. API reference None Access level dependency Description

Checks whether a request meets the criteria of one or more access levels.

YAML requiredAccessLevels Valid values

A list of one or more existing access levels formatted as:

accessPolicies/POLICY-NAME/accessLevels/LEVEL-NAME

Where:

API reference Principals Description

Checks whether a request is coming from a specific user or service account.

This attribute can only be included in conditions when creating or modifying an access level using the gcloud command-line tool or the Access Context Manager API. If you created an access level using Google Cloud console, either of the methods previously mentioned can be used to add principals to that access level.

YAML members Valid values

A list of one or more user or service accounts, formatted as:

Where:

Groups are not supported.

API reference Device policy Requirements

To use the device policy attributes with mobile devices, you must configure MDM for your organization.

To use the device policy attributes with other devices, Endpoint Verification must be enabled.

Description

A device policy is a collection of attributes that are used to filter requests based on information about the device where the request originated.

For example, device policy attributes are used in conjunction with Identity-Aware Proxy to support context-aware access.

YAML devicePolicy Valid values

devicePolicy is a list of one or more device policy attributes. The following attributes are supported:

Only certain device policy attributes can be used with mobile devices. The Supports mobile devices row identifies whether an attribute can be used with mobile devices.

API reference Device policy attributes Require screen lock Description

Checks if a device has screen lock enabled.

Supports mobile devices Yes YAML requireScreenlock Valid values

If omitted, defaults to false.

API reference Storage encryption Description Checks whether the device is encrypted, not encrypted, or does not support storage encryption. Supports mobile devices

Yes

Important: For an iOS device to satisfy the the storage encryption attribute, screen lock must be enabled on the device. YAML allowedEncryptionStatuses Valid values

One or more of the following values:

API reference Require admin approval Description Checks whether the device has been approved by a an administrator. Supports mobile devices Yes YAML requireAdminApproval Valid values API reference None Require corp owned device Description Checks whether the device is owned by your enterprise. Supports mobile devices Yes YAML requireCorpOwned Valid values API reference None OS policy Description

Checks whether a device is using a specified operating system. Additionally, you can specify a minimum version of an OS that a device must be using.

If you create a Chrome OS policy, you can also specify that it must be a verified Chrome OS .

When you select more than one operating system, the values you select are ORd when the condition is evaluated. Users are granted access if they have one of the operating systems that you specify.

Supports mobile devices Yes YAML osConstraints Valid values

osConstraints is a list that must include one or more instances of osType. osType can be paired with an instance of minimumVersion, but minimumVersion is not required.

API reference

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-08-07 UTC.

[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-07 UTC."],[[["Access levels utilize attributes to filter resource requests, and when using the `gcloud` tool, these attributes are defined in YAML format."],["Attributes like `ipSubnetworks`, `regions`, and `requiredAccessLevels` allow for filtering requests based on IP ranges, geographical location, and compliance with other access levels, respectively."],["The `principals` attribute enables request filtering by specific user or service account emails, using the format `user:` or `serviceAccount:`."],["The `devicePolicy` attribute filters requests based on device information and features, including requirements for screen lock, storage encryption, admin approval, corporate ownership, and specified OS policies."],["Device policy attributes such as `requireScreenlock`, `allowedEncryptionStatuses`, `requireAdminApproval`, `requireCorpOwned` and `osConstraints` are used to enforce specific device security settings before granting access."]]],[]]

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4