Policy: GCP > KMS > Permissions > Levels > Modifiers
A map of GCP API to Guardrails Permission Level used to customize Guardrails' standard permissions. You can add, remove or redefine the mapping of GCP API operations to Guardrails permissions levels here.
Note: Modifiers are cumulative - if you add a permission to the metadata level, it is also added to readOnly, operator and admin. Modifier policies set here will “roll up” to the GCP level too - if you add a permission to Admin, it will be granted to GCP/Storage/Admin and also GCP/Adminexample: - "storage.bucket.create": admin - "sql.database.create": metadata
Resource Types
This policy targets the following resource types:
Primary Policy
This policy is used with the following primary policy:
Category
In Your Workspace
Developers
- tmod:@turbot/turbot#/control/categories/iamPermissions
- tmod:@turbot/gcp-kms#/policy/types/kmsPermissionsLevelsModifiers
- turbot graphql policy-type --id "tmod:@turbot/gcp-kms#/policy/types/kmsPermissionsLevelsModifiers"
- turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/gcp-kms#/policy/types/kmsPermissionsLevelsModifiers"
Get Policy TypeGet Policy Settings
Category URI
Policy Type URI
GraphQL
CLI