Statements (40)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
Google Cloud feature
|
| gptkbp:allows |
conditional access policies
|
| gptkbp:appliesTo |
IAM policy bindings
|
| gptkbp:auditedBy |
gptkb:Cloud_Audit_Logs
|
| gptkbp:canBe |
gptkb:REST_API
gptkb:Google_Cloud_Console gptkb:gcloud_CLI IAM policies IAM roles IAM bindings Policy Simulator Policy Troubleshooter |
| gptkbp:documentation |
https://cloud.google.com/iam/docs/conditions-overview
|
| gptkbp:enables |
fine-grained access control
|
| gptkbp:example |
Allow access only to resources with a specific label
Allow access only during business hours Allow access only if request is from a specific IP range |
| gptkbp:hasSyntax |
Common Expression Language (CEL)
|
| https://www.w3.org/2000/01/rdf-schema#label |
Cloud IAM Conditions
|
| gptkbp:introducedIn |
2019
|
| gptkbp:limitation |
Not all services support conditions
Some roles do not support conditions |
| gptkbp:partOf |
Google Cloud Identity and Access Management
|
| gptkbp:prohibits |
access to organizations
access to APIs access to Google Cloud resources access to folders access to projects |
| gptkbp:relatedTo |
IAM custom roles
IAM policy evaluation IAM policy inheritance |
| gptkbp:securityBestPractice |
gptkb:Principle_of_least_privilege
Use conditions to minimize access |
| gptkbp:supports |
attribute-based access control
|
| gptkbp:usedFor |
restricting access based on environment attributes
restricting access based on request attributes restricting access based on resource attributes restricting access based on user attributes |
| gptkbp:bfsParent |
gptkb:VPC_Service_Controls
|
| gptkbp:bfsLayer |
6
|