Contoh berikut menyertakan semua atribut yang dapat ditentukan saat Anda membuat file .yaml untuk tingkat akses. File .yaml hanya diperlukan jika Anda membuat atau mengubah tingkat akses menggunakan alat command line gcloud.
Meskipun Anda dapat menyertakan identitas dalam atribut members, Google tidak merekomendasikannya. Lihat identities di Aturan masuk dan keluar untuk mengetahui cara mengizinkan perimeter berkomunikasi satu sama lain.
# Attributes can be included in any order in the condition - devicePolicy: # Must include at least one of the following: allowedEncryptionStatuses: # Must include at least one of the following: - ENCRYPTION_UNSUPPORTED - ENCRYPTED - UNENCRYPTED osConstraints: # Must include at least one of the following: - osType: DESKTOP_CHROME_OS minimumVersion: 11316.165.0 # minimumVersion must be formatted as x.x.x requireVerifiedChromeOs: true - osType: DESKTOP_MAC - osType: DESKTOP_WINDOWS # minimumVersion is not required requireScreenlock: true # requireScreenlock defaults to false if not included requireAdminApproval: true # requireAdminApproval defaults to false if not included requireCorpOwned: true # requireCorpOwned defaults to false if not included ipSubnetworks: # Must include one or more IPv4 and IPv6 CIDRs - 252.0.2.0/24 - 2001:db8::/32 regions: # Must include one or more regions as ISO 3166-1 alpha-2 codes - US - CH - SG requiredAccessLevels: # Must include one or more existing access levels # Must be formatted as accessPolicies/policy-name/accessLevels/level-name - accessPolicies/247332951433/accessLevels/Device_Trust members: # Must include one or more valid IAM users or service accounts - user:[email protected] - serviceAccount:exampleaccount@example.iam.gserviceaccount.com negate: true # negate is not required and can only be included with other attributes # If negate is included, none of the attributes included in the condition # can be true for the condition to be met. # You can include more than one condition in the .yaml file - ipSubnetworks: - 176.0.2.0/24