| <html><body> |
| <style> |
| |
| body, h1, h2, h3, div, span, p, pre, a { |
| margin: 0; |
| padding: 0; |
| border: 0; |
| font-weight: inherit; |
| font-style: inherit; |
| font-size: 100%; |
| font-family: inherit; |
| vertical-align: baseline; |
| } |
| |
| body { |
| font-size: 13px; |
| padding: 1em; |
| } |
| |
| h1 { |
| font-size: 26px; |
| margin-bottom: 1em; |
| } |
| |
| h2 { |
| font-size: 24px; |
| margin-bottom: 1em; |
| } |
| |
| h3 { |
| font-size: 20px; |
| margin-bottom: 1em; |
| margin-top: 1em; |
| } |
| |
| pre, code { |
| line-height: 1.5; |
| font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace; |
| } |
| |
| pre { |
| margin-top: 0.5em; |
| } |
| |
| h1, h2, h3, p { |
| font-family: Arial, sans serif; |
| } |
| |
| h1, h2, h3 { |
| border-bottom: solid #CCC 1px; |
| } |
| |
| .toc_element { |
| margin-top: 0.5em; |
| } |
| |
| .firstline { |
| margin-left: 2 em; |
| } |
| |
| .method { |
| margin-top: 1em; |
| border: solid 1px #CCC; |
| padding: 1em; |
| background: #EEE; |
| } |
| |
| .details { |
| font-weight: bold; |
| font-size: 14px; |
| } |
| |
| </style> |
| |
| <h1><a href="admin_directory_v1.html">Admin SDK API</a> . <a href="admin_directory_v1.roleAssignments.html">roleAssignments</a></h1> |
| <h2>Instance Methods</h2> |
| <p class="toc_element"> |
| <code><a href="#close">close()</a></code></p> |
| <p class="firstline">Close httplib2 connections.</p> |
| <p class="toc_element"> |
| <code><a href="#delete">delete(customer, roleAssignmentId, x__xgafv=None)</a></code></p> |
| <p class="firstline">Deletes a role assignment.</p> |
| <p class="toc_element"> |
| <code><a href="#get">get(customer, roleAssignmentId, x__xgafv=None)</a></code></p> |
| <p class="firstline">Retrieves a role assignment.</p> |
| <p class="toc_element"> |
| <code><a href="#insert">insert(customer, body=None, x__xgafv=None)</a></code></p> |
| <p class="firstline">Creates a role assignment.</p> |
| <p class="toc_element"> |
| <code><a href="#list">list(customer, includeIndirectRoleAssignments=None, maxResults=None, pageToken=None, roleId=None, userKey=None, x__xgafv=None)</a></code></p> |
| <p class="firstline">Retrieves a paginated list of all roleAssignments.</p> |
| <p class="toc_element"> |
| <code><a href="#list_next">list_next()</a></code></p> |
| <p class="firstline">Retrieves the next page of results.</p> |
| <h3>Method Details</h3> |
| <div class="method"> |
| <code class="details" id="close">close()</code> |
| <pre>Close httplib2 connections.</pre> |
| </div> |
| |
| <div class="method"> |
| <code class="details" id="delete">delete(customer, roleAssignmentId, x__xgafv=None)</code> |
| <pre>Deletes a role assignment. |
| |
| Args: |
| customer: string, Immutable ID of the Google Workspace account. (required) |
| roleAssignmentId: string, Immutable ID of the role assignment. (required) |
| x__xgafv: string, V1 error format. |
| Allowed values |
| 1 - v1 error format |
| 2 - v2 error format |
| </pre> |
| </div> |
| |
| <div class="method"> |
| <code class="details" id="get">get(customer, roleAssignmentId, x__xgafv=None)</code> |
| <pre>Retrieves a role assignment. |
| |
| Args: |
| customer: string, The unique ID for the customer's Google Workspace account. In case of a multi-domain account, to fetch all groups for a customer, use this field instead of `domain`. You can also use the `my_customer` alias to represent your account's `customerId`. The `customerId` is also returned as part of the [Users](/admin-sdk/directory/v1/reference/users) resource. You must provide either the `customer` or the `domain` parameter. (required) |
| roleAssignmentId: string, Immutable ID of the role assignment. (required) |
| x__xgafv: string, V1 error format. |
| Allowed values |
| 1 - v1 error format |
| 2 - v2 error format |
| |
| Returns: |
| An object of the form: |
| |
| { # Defines an assignment of a role. |
| "assignedTo": "A String", # The unique ID of the entity this role is assigned to—either the `user_id` of a user, the `group_id` of a group, or the `uniqueId` of a service account as defined in [Identity and Access Management (IAM)](https://cloud.google.com/iam/docs/reference/rest/v1/projects.serviceAccounts). |
| "assigneeType": "A String", # Output only. The type of the assignee (`USER` or `GROUP`). |
| "condition": "A String", # Optional. The condition associated with this role assignment. Note: Feature is available to Enterprise Standard, Enterprise Plus, Google Workspace for Education Plus and Cloud Identity Premium customers. A `RoleAssignment` with the `condition` field set will only take effect when the resource being accessed meets the condition. If `condition` is empty, the role (`role_id`) is applied to the actor (`assigned_to`) at the scope (`scope_type`) unconditionally. Currently, the following conditions are supported: - To make the `RoleAssignment` only applicable to [Security Groups](https://cloud.google.com/identity/docs/groups#group_types): `api.getAttribute('cloudidentity.googleapis.com/groups.labels', []).hasAny(['groups.security']) && resource.type == 'cloudidentity.googleapis.com/Group'` - To make the `RoleAssignment` not applicable to [Security Groups](https://cloud.google.com/identity/docs/groups#group_types): `!api.getAttribute('cloudidentity.googleapis.com/groups.labels', []).hasAny(['groups.security']) && resource.type == 'cloudidentity.googleapis.com/Group'` Currently, the condition strings have to be verbatim and they only work with the following [pre-built administrator roles](https://support.google.com/a/answer/2405986): - Groups Editor - Groups Reader The condition follows [Cloud IAM condition syntax](https://cloud.google.com/iam/docs/conditions-overview). Additional conditions related to Locked Groups are available under Open Beta. - To make the `RoleAssignment` not applicable to [Locked Groups](https://cloud.google.com/identity/docs/groups#group_types): `!api.getAttribute('cloudidentity.googleapis.com/groups.labels', []).hasAny(['groups.locked']) && resource.type == 'cloudidentity.googleapis.com/Group'` This condition can also be used in conjunction with a Security-related condition. |
| "etag": "A String", # ETag of the resource. |
| "kind": "admin#directory#roleAssignment", # The type of the API resource. This is always `admin#directory#roleAssignment`. |
| "orgUnitId": "A String", # If the role is restricted to an organization unit, this contains the ID for the organization unit the exercise of this role is restricted to. |
| "roleAssignmentId": "A String", # ID of this roleAssignment. |
| "roleId": "A String", # The ID of the role that is assigned. |
| "scopeType": "A String", # The scope in which this role is assigned. |
| }</pre> |
| </div> |
| |
| <div class="method"> |
| <code class="details" id="insert">insert(customer, body=None, x__xgafv=None)</code> |
| <pre>Creates a role assignment. |
| |
| Args: |
| customer: string, Immutable ID of the Google Workspace account. (required) |
| body: object, The request body. |
| The object takes the form of: |
| |
| { # Defines an assignment of a role. |
| "assignedTo": "A String", # The unique ID of the entity this role is assigned to—either the `user_id` of a user, the `group_id` of a group, or the `uniqueId` of a service account as defined in [Identity and Access Management (IAM)](https://cloud.google.com/iam/docs/reference/rest/v1/projects.serviceAccounts). |
| "assigneeType": "A String", # Output only. The type of the assignee (`USER` or `GROUP`). |
| "condition": "A String", # Optional. The condition associated with this role assignment. Note: Feature is available to Enterprise Standard, Enterprise Plus, Google Workspace for Education Plus and Cloud Identity Premium customers. A `RoleAssignment` with the `condition` field set will only take effect when the resource being accessed meets the condition. If `condition` is empty, the role (`role_id`) is applied to the actor (`assigned_to`) at the scope (`scope_type`) unconditionally. Currently, the following conditions are supported: - To make the `RoleAssignment` only applicable to [Security Groups](https://cloud.google.com/identity/docs/groups#group_types): `api.getAttribute('cloudidentity.googleapis.com/groups.labels', []).hasAny(['groups.security']) && resource.type == 'cloudidentity.googleapis.com/Group'` - To make the `RoleAssignment` not applicable to [Security Groups](https://cloud.google.com/identity/docs/groups#group_types): `!api.getAttribute('cloudidentity.googleapis.com/groups.labels', []).hasAny(['groups.security']) && resource.type == 'cloudidentity.googleapis.com/Group'` Currently, the condition strings have to be verbatim and they only work with the following [pre-built administrator roles](https://support.google.com/a/answer/2405986): - Groups Editor - Groups Reader The condition follows [Cloud IAM condition syntax](https://cloud.google.com/iam/docs/conditions-overview). Additional conditions related to Locked Groups are available under Open Beta. - To make the `RoleAssignment` not applicable to [Locked Groups](https://cloud.google.com/identity/docs/groups#group_types): `!api.getAttribute('cloudidentity.googleapis.com/groups.labels', []).hasAny(['groups.locked']) && resource.type == 'cloudidentity.googleapis.com/Group'` This condition can also be used in conjunction with a Security-related condition. |
| "etag": "A String", # ETag of the resource. |
| "kind": "admin#directory#roleAssignment", # The type of the API resource. This is always `admin#directory#roleAssignment`. |
| "orgUnitId": "A String", # If the role is restricted to an organization unit, this contains the ID for the organization unit the exercise of this role is restricted to. |
| "roleAssignmentId": "A String", # ID of this roleAssignment. |
| "roleId": "A String", # The ID of the role that is assigned. |
| "scopeType": "A String", # The scope in which this role is assigned. |
| } |
| |
| x__xgafv: string, V1 error format. |
| Allowed values |
| 1 - v1 error format |
| 2 - v2 error format |
| |
| Returns: |
| An object of the form: |
| |
| { # Defines an assignment of a role. |
| "assignedTo": "A String", # The unique ID of the entity this role is assigned to—either the `user_id` of a user, the `group_id` of a group, or the `uniqueId` of a service account as defined in [Identity and Access Management (IAM)](https://cloud.google.com/iam/docs/reference/rest/v1/projects.serviceAccounts). |
| "assigneeType": "A String", # Output only. The type of the assignee (`USER` or `GROUP`). |
| "condition": "A String", # Optional. The condition associated with this role assignment. Note: Feature is available to Enterprise Standard, Enterprise Plus, Google Workspace for Education Plus and Cloud Identity Premium customers. A `RoleAssignment` with the `condition` field set will only take effect when the resource being accessed meets the condition. If `condition` is empty, the role (`role_id`) is applied to the actor (`assigned_to`) at the scope (`scope_type`) unconditionally. Currently, the following conditions are supported: - To make the `RoleAssignment` only applicable to [Security Groups](https://cloud.google.com/identity/docs/groups#group_types): `api.getAttribute('cloudidentity.googleapis.com/groups.labels', []).hasAny(['groups.security']) && resource.type == 'cloudidentity.googleapis.com/Group'` - To make the `RoleAssignment` not applicable to [Security Groups](https://cloud.google.com/identity/docs/groups#group_types): `!api.getAttribute('cloudidentity.googleapis.com/groups.labels', []).hasAny(['groups.security']) && resource.type == 'cloudidentity.googleapis.com/Group'` Currently, the condition strings have to be verbatim and they only work with the following [pre-built administrator roles](https://support.google.com/a/answer/2405986): - Groups Editor - Groups Reader The condition follows [Cloud IAM condition syntax](https://cloud.google.com/iam/docs/conditions-overview). Additional conditions related to Locked Groups are available under Open Beta. - To make the `RoleAssignment` not applicable to [Locked Groups](https://cloud.google.com/identity/docs/groups#group_types): `!api.getAttribute('cloudidentity.googleapis.com/groups.labels', []).hasAny(['groups.locked']) && resource.type == 'cloudidentity.googleapis.com/Group'` This condition can also be used in conjunction with a Security-related condition. |
| "etag": "A String", # ETag of the resource. |
| "kind": "admin#directory#roleAssignment", # The type of the API resource. This is always `admin#directory#roleAssignment`. |
| "orgUnitId": "A String", # If the role is restricted to an organization unit, this contains the ID for the organization unit the exercise of this role is restricted to. |
| "roleAssignmentId": "A String", # ID of this roleAssignment. |
| "roleId": "A String", # The ID of the role that is assigned. |
| "scopeType": "A String", # The scope in which this role is assigned. |
| }</pre> |
| </div> |
| |
| <div class="method"> |
| <code class="details" id="list">list(customer, includeIndirectRoleAssignments=None, maxResults=None, pageToken=None, roleId=None, userKey=None, x__xgafv=None)</code> |
| <pre>Retrieves a paginated list of all roleAssignments. |
| |
| Args: |
| customer: string, The unique ID for the customer's Google Workspace account. In case of a multi-domain account, to fetch all groups for a customer, use this field instead of `domain`. You can also use the `my_customer` alias to represent your account's `customerId`. The `customerId` is also returned as part of the [Users](/admin-sdk/directory/v1/reference/users) resource. You must provide either the `customer` or the `domain` parameter. (required) |
| includeIndirectRoleAssignments: boolean, When set to `true`, fetches indirect role assignments (i.e. role assignment via a group) as well as direct ones. Defaults to `false`. You must specify `user_key` or the indirect role assignments will not be included. |
| maxResults: integer, Maximum number of results to return. |
| pageToken: string, Token to specify the next page in the list. |
| roleId: string, Immutable ID of a role. If included in the request, returns only role assignments containing this role ID. |
| userKey: string, The primary email address, alias email address, or unique user or group ID. If included in the request, returns role assignments only for this user or group. |
| x__xgafv: string, V1 error format. |
| Allowed values |
| 1 - v1 error format |
| 2 - v2 error format |
| |
| Returns: |
| An object of the form: |
| |
| { |
| "etag": "A String", # ETag of the resource. |
| "items": [ # A list of RoleAssignment resources. |
| { # Defines an assignment of a role. |
| "assignedTo": "A String", # The unique ID of the entity this role is assigned to—either the `user_id` of a user, the `group_id` of a group, or the `uniqueId` of a service account as defined in [Identity and Access Management (IAM)](https://cloud.google.com/iam/docs/reference/rest/v1/projects.serviceAccounts). |
| "assigneeType": "A String", # Output only. The type of the assignee (`USER` or `GROUP`). |
| "condition": "A String", # Optional. The condition associated with this role assignment. Note: Feature is available to Enterprise Standard, Enterprise Plus, Google Workspace for Education Plus and Cloud Identity Premium customers. A `RoleAssignment` with the `condition` field set will only take effect when the resource being accessed meets the condition. If `condition` is empty, the role (`role_id`) is applied to the actor (`assigned_to`) at the scope (`scope_type`) unconditionally. Currently, the following conditions are supported: - To make the `RoleAssignment` only applicable to [Security Groups](https://cloud.google.com/identity/docs/groups#group_types): `api.getAttribute('cloudidentity.googleapis.com/groups.labels', []).hasAny(['groups.security']) && resource.type == 'cloudidentity.googleapis.com/Group'` - To make the `RoleAssignment` not applicable to [Security Groups](https://cloud.google.com/identity/docs/groups#group_types): `!api.getAttribute('cloudidentity.googleapis.com/groups.labels', []).hasAny(['groups.security']) && resource.type == 'cloudidentity.googleapis.com/Group'` Currently, the condition strings have to be verbatim and they only work with the following [pre-built administrator roles](https://support.google.com/a/answer/2405986): - Groups Editor - Groups Reader The condition follows [Cloud IAM condition syntax](https://cloud.google.com/iam/docs/conditions-overview). Additional conditions related to Locked Groups are available under Open Beta. - To make the `RoleAssignment` not applicable to [Locked Groups](https://cloud.google.com/identity/docs/groups#group_types): `!api.getAttribute('cloudidentity.googleapis.com/groups.labels', []).hasAny(['groups.locked']) && resource.type == 'cloudidentity.googleapis.com/Group'` This condition can also be used in conjunction with a Security-related condition. |
| "etag": "A String", # ETag of the resource. |
| "kind": "admin#directory#roleAssignment", # The type of the API resource. This is always `admin#directory#roleAssignment`. |
| "orgUnitId": "A String", # If the role is restricted to an organization unit, this contains the ID for the organization unit the exercise of this role is restricted to. |
| "roleAssignmentId": "A String", # ID of this roleAssignment. |
| "roleId": "A String", # The ID of the role that is assigned. |
| "scopeType": "A String", # The scope in which this role is assigned. |
| }, |
| ], |
| "kind": "admin#directory#roleAssignments", # The type of the API resource. This is always `admin#directory#roleAssignments`. |
| "nextPageToken": "A String", |
| }</pre> |
| </div> |
| |
| <div class="method"> |
| <code class="details" id="list_next">list_next()</code> |
| <pre>Retrieves the next page of results. |
| |
| Args: |
| previous_request: The request for the previous page. (required) |
| previous_response: The response from the request for the previous page. (required) |
| |
| Returns: |
| A request object that you can call 'execute()' on to request the next |
| page. Returns None if there are no more items in the collection. |
| </pre> |
| </div> |
| |
| </body></html> |
