Policy: GCP > IAM > Project User > Role Bindings > Approved

Configure Project User Role Bindings checking. This policy defines whether to verify the project user role bindings are approved, as well as the subsequent action to take on unapproved items.

If set to Enforce: Delete unapproved, any unapproved role bindings will be removed from the user while preserving the user account and their approved roles.

Targets

This policy targets the following resource types:

GCP > IAM > Project User

Primary Policy

This policy is used with the following primary policy:

GCP > IAM > Project User > Role Bindings

Rules

Controls

Setting this policy configures this control:

GCP > IAM > Project User > Role Bindings > Approved

Policy Specification

Schema Type	`string`
Default	`Skip`
Valid Values [YAML]	`Skip` `Check: Approved` `Enforce: Delete unapproved`
Examples [YAML]	`Skip`

In Your Workspace

Policy Settings by Type report

Developers

Category URI

tmod:@turbot/turbot#/control/categories/resourceApproved

Policy Type URI

tmod:@turbot/gcp-iam#/policy/types/projectUserRoleBindingsApproved

GraphQL

query policyType(id: "tmod:@turbot/gcp-iam#/policy/types/projectUserRoleBindingsApproved") { … }

query policySettings(filter: "policyTypeId:'tmod:@turbot/gcp-iam#/policy/types/projectUserRoleBindingsApproved'") { … }

query policyValues(filter: "policyTypeId:'tmod:@turbot/gcp-iam#/policy/types/projectUserRoleBindingsApproved'") { … }

CLI

Get Policy Type

turbot graphql policy-type --id "tmod:@turbot/gcp-iam#/policy/types/projectUserRoleBindingsApproved"

Get Policy Settings

turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/gcp-iam#/policy/types/projectUserRoleBindingsApproved"