1// Copyright 2023 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15syntax = "proto3"; 16 17package google.cloud.dataplex.v1; 18 19import "google/api/field_behavior.proto"; 20 21option go_package = "cloud.google.com/go/dataplex/apiv1/dataplexpb;dataplexpb"; 22option java_multiple_files = true; 23option java_outer_classname = "SecurityProto"; 24option java_package = "com.google.cloud.dataplex.v1"; 25 26// ResourceAccessSpec holds the access control configuration to be enforced 27// on the resources, for example, Cloud Storage bucket, BigQuery dataset, 28// BigQuery table. 29message ResourceAccessSpec { 30 // Optional. The format of strings follows the pattern followed by IAM in the 31 // bindings. user:{email}, serviceAccount:{email} group:{email}. 32 // The set of principals to be granted reader role on the resource. 33 repeated string readers = 1 [(google.api.field_behavior) = OPTIONAL]; 34 35 // Optional. The set of principals to be granted writer role on the resource. 36 repeated string writers = 2 [(google.api.field_behavior) = OPTIONAL]; 37 38 // Optional. The set of principals to be granted owner role on the resource. 39 repeated string owners = 3 [(google.api.field_behavior) = OPTIONAL]; 40} 41 42// DataAccessSpec holds the access control configuration to be enforced on data 43// stored within resources (eg: rows, columns in BigQuery Tables). When 44// associated with data, the data is only accessible to 45// principals explicitly granted access through the DataAccessSpec. Principals 46// with access to the containing resource are not implicitly granted access. 47message DataAccessSpec { 48 // Optional. The format of strings follows the pattern followed by IAM in the 49 // bindings. user:{email}, serviceAccount:{email} group:{email}. 50 // The set of principals to be granted reader role on data 51 // stored within resources. 52 repeated string readers = 1 [(google.api.field_behavior) = OPTIONAL]; 53} 54