Class RoleAssignment
Defines an assignment of a role.
Implements
Inherited Members
Namespace: Google.Apis.Admin.Directory.directory_v1.Data
Assembly: Google.Apis.Admin.Directory.directory_v1.dll
Syntax
public class RoleAssignment : IDirectResponseSchemaProperties
AssignedTo
The unique ID of the entity this role is assigned to—either the user_id of a user, the group_id of a
group, or the uniqueId of a service account as defined in Identity and Access Management
(IAM).
Declaration
[JsonProperty("assignedTo")]
public virtual string AssignedTo { get; set; }Property Value
| Type | Description |
|---|---|
| string |
AssigneeType
Output only. The type of the assignee (USER or GROUP).
Declaration
[JsonProperty("assigneeType")]
public virtual string AssigneeType { get; set; }Property Value
| Type | Description |
|---|---|
| string |
Condition
Optional. The condition associated with this role assignment. Note: Feature is available to Enterprise
Standard, Enterprise Plus, Google Workspace for Education Plus and Cloud Identity Premium customers. A
RoleAssignment with the condition field set will only take effect when the resource being accessed meets
the condition. If condition is empty, the role (role_id) is applied to the actor (assigned_to) at the
scope (scope_type) unconditionally. Currently, the following conditions are supported: - To make the
RoleAssignment only applicable to Security
Groups:
api.getAttribute('cloudidentity.googleapis.com/groups.labels', []).hasAny(['groups.security']) && resource.type == 'cloudidentity.googleapis.com/Group' - To make the RoleAssignment not
applicable to Security Groups:
!api.getAttribute('cloudidentity.googleapis.com/groups.labels', []).hasAny(['groups.security']) && resource.type == 'cloudidentity.googleapis.com/Group' Currently, the condition strings
have to be verbatim and they only work with the following pre-built administrator
roles: - Groups Editor - Groups Reader The condition follows
Cloud IAM condition syntax. Additional conditions
related to Locked Groups are available under Open Beta. - To make the RoleAssignment not applicable to
Locked Groups:
!api.getAttribute('cloudidentity.googleapis.com/groups.labels', []).hasAny(['groups.locked']) && resource.type == 'cloudidentity.googleapis.com/Group' This condition can also be used in
conjunction with a Security-related condition.
Declaration
[JsonProperty("condition")]
public virtual string Condition { get; set; }Property Value
| Type | Description |
|---|---|
| string |
ETag
ETag of the resource.
Declaration
[JsonProperty("etag")]
public virtual string ETag { get; set; }Property Value
| Type | Description |
|---|---|
| string |
Kind
The type of the API resource. This is always admin#directory#roleAssignment.
Declaration
[JsonProperty("kind")]
public virtual string Kind { get; set; }Property Value
| Type | Description |
|---|---|
| string |
OrgUnitId
If the role is restricted to an organization unit, this contains the ID for the organization unit the exercise of this role is restricted to.
Declaration
[JsonProperty("orgUnitId")]
public virtual string OrgUnitId { get; set; }Property Value
| Type | Description |
|---|---|
| string |
RoleAssignmentId
ID of this roleAssignment.
Declaration
[JsonProperty("roleAssignmentId")]
public virtual long? RoleAssignmentId { get; set; }Property Value
| Type | Description |
|---|---|
| long? |
RoleId
The ID of the role that is assigned.
Declaration
[JsonProperty("roleId")]
public virtual long? RoleId { get; set; }Property Value
| Type | Description |
|---|---|
| long? |
ScopeType
The scope in which this role is assigned.
Declaration
[JsonProperty("scopeType")]
public virtual string ScopeType { get; set; }Property Value
| Type | Description |
|---|---|
| string |