Policy: GCP > IAM > Service Account > Project Role Bindings > Approved > Rules
An Object Control List (OCL) with a list of filter rules to approve or reject service account project role bindings.
Examples: Approve viewer and monitoring roles APPROVE $.turbot.role:=roles/viewer APPROVE $.turbot.role:=roles/monitoring.viewer<br /><br /> Reject administrative roles REJECT $.turbot.role:=roles/owner REJECT $.turbot.role:=roles/editor<br /><br /> Reject all other roles REJECT *
Targets
This policy targets the following resource types:
Primary Policy
This policy is used with the following primary policy:
Controls
Setting this policy configures this control:
Policy Specification
Schema Type | |
|---|---|
Default | |
Category
In Your Workspace
Developers
- tmod:@turbot/turbot#/control/categories/resourceApproved
- tmod:@turbot/gcp-iam#/policy/types/serviceAccountProjectRoleBindingsApprovedRules
- turbot graphql policy-type --id "tmod:@turbot/gcp-iam#/policy/types/serviceAccountProjectRoleBindingsApprovedRules"
- turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/gcp-iam#/policy/types/serviceAccountProjectRoleBindingsApprovedRules"
Get Policy TypeGet Policy Settings
Category URI
Policy Type URI
GraphQL
CLI