1// Copyright 2023 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15syntax = "proto3"; 16 17package google.ai.generativelanguage.v1beta3; 18 19import "google/api/field_behavior.proto"; 20import "google/api/resource.proto"; 21 22option go_package = "cloud.google.com/go/ai/generativelanguage/apiv1beta3/generativelanguagepb;generativelanguagepb"; 23option java_multiple_files = true; 24option java_outer_classname = "PermissionProto"; 25option java_package = "com.google.ai.generativelanguage.v1beta3"; 26 27// Permission resource grants user, group or the rest of the world access to the 28// PaLM API resource (e.g. a tuned model, file). 29// 30// A role is a collection of permitted operations that allows users to perform 31// specific actions on PaLM API resources. To make them available to users, 32// groups, or service accounts, you assign roles. When you assign a role, you 33// grant permissions that the role contains. 34// 35// There are three concentric roles. Each role is a superset of the previous 36// role's permitted operations: 37// - reader can use the resource (e.g. tuned model) for inference 38// - writer has reader's permissions and additionally can edit and share 39// - owner has writer's permissions and additionally can delete 40message Permission { 41 option (google.api.resource) = { 42 type: "generativelanguage.googleapis.com/Permission" 43 pattern: "tunedModels/{tuned_model}/permissions/{permission}" 44 plural: "permissions" 45 singular: "permission" 46 }; 47 48 // Defines types of the grantee of this permission. 49 enum GranteeType { 50 // The default value. This value is unused. 51 GRANTEE_TYPE_UNSPECIFIED = 0; 52 53 // Represents a user. When set, you must provide email_address for the user. 54 USER = 1; 55 56 // Represents a group. When set, you must provide email_address for the 57 // group. 58 GROUP = 2; 59 60 // Represents access to everyone. No extra information is required. 61 EVERYONE = 3; 62 } 63 64 // Defines the role granted by this permission. 65 enum Role { 66 // The default value. This value is unused. 67 ROLE_UNSPECIFIED = 0; 68 69 // Owner can use, update, share and delete the resource. 70 OWNER = 1; 71 72 // Writer can use, update and share the resource. 73 WRITER = 2; 74 75 // Reader can use the resource. 76 READER = 3; 77 } 78 79 // Output only. The permission name. A unique name will be generated on 80 // create. Example: tunedModels/{tuned_model}permssions/{permission} Output 81 // only. 82 string name = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; 83 84 // Required. Immutable. The type of the grantee. 85 optional GranteeType grantee_type = 2 [ 86 (google.api.field_behavior) = REQUIRED, 87 (google.api.field_behavior) = IMMUTABLE 88 ]; 89 90 // Optional. Immutable. The email address of the user of group which this 91 // permission refers. Field is not set when permission's grantee type is 92 // EVERYONE. 93 optional string email_address = 3 [ 94 (google.api.field_behavior) = OPTIONAL, 95 (google.api.field_behavior) = IMMUTABLE 96 ]; 97 98 // Required. The role granted by this permission. 99 optional Role role = 4 [(google.api.field_behavior) = REQUIRED]; 100} 101