1// Copyright 2023 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15syntax = "proto3"; 16 17package google.ai.generativelanguage.v1beta; 18 19import "google/api/field_behavior.proto"; 20import "google/api/resource.proto"; 21 22option go_package = "cloud.google.com/go/ai/generativelanguage/apiv1beta/generativelanguagepb;generativelanguagepb"; 23option java_multiple_files = true; 24option java_outer_classname = "PermissionProto"; 25option java_package = "com.google.ai.generativelanguage.v1beta"; 26 27// Permission resource grants user, group or the rest of the world access to the 28// PaLM API resource (e.g. a tuned model, corpus). 29// 30// A role is a collection of permitted operations that allows users to perform 31// specific actions on PaLM API resources. To make them available to users, 32// groups, or service accounts, you assign roles. When you assign a role, you 33// grant permissions that the role contains. 34// 35// There are three concentric roles. Each role is a superset of the previous 36// role's permitted operations: 37// 38// - reader can use the resource (e.g. tuned model, corpus) for inference 39// - writer has reader's permissions and additionally can edit and share 40// - owner has writer's permissions and additionally can delete 41message Permission { 42 option (google.api.resource) = { 43 type: "generativelanguage.googleapis.com/Permission" 44 pattern: "tunedModels/{tuned_model}/permissions/{permission}" 45 pattern: "corpora/{corpus}/permissions/{permission}" 46 plural: "permissions" 47 singular: "permission" 48 }; 49 50 // Defines types of the grantee of this permission. 51 enum GranteeType { 52 // The default value. This value is unused. 53 GRANTEE_TYPE_UNSPECIFIED = 0; 54 55 // Represents a user. When set, you must provide email_address for the user. 56 USER = 1; 57 58 // Represents a group. When set, you must provide email_address for the 59 // group. 60 GROUP = 2; 61 62 // Represents access to everyone. No extra information is required. 63 EVERYONE = 3; 64 } 65 66 // Defines the role granted by this permission. 67 enum Role { 68 // The default value. This value is unused. 69 ROLE_UNSPECIFIED = 0; 70 71 // Owner can use, update, share and delete the resource. 72 OWNER = 1; 73 74 // Writer can use, update and share the resource. 75 WRITER = 2; 76 77 // Reader can use the resource. 78 READER = 3; 79 } 80 81 // Output only. Identifier. The permission name. A unique name will be 82 // generated on create. Examples: 83 // tunedModels/{tuned_model}/permissions/{permission} 84 // corpora/{corpus}/permissions/{permission} 85 // Output only. 86 string name = 1 [ 87 (google.api.field_behavior) = OUTPUT_ONLY, 88 (google.api.field_behavior) = IDENTIFIER 89 ]; 90 91 // Optional. Immutable. The type of the grantee. 92 optional GranteeType grantee_type = 2 [ 93 (google.api.field_behavior) = OPTIONAL, 94 (google.api.field_behavior) = IMMUTABLE 95 ]; 96 97 // Optional. Immutable. The email address of the user of group which this 98 // permission refers. Field is not set when permission's grantee type is 99 // EVERYONE. 100 optional string email_address = 3 [ 101 (google.api.field_behavior) = OPTIONAL, 102 (google.api.field_behavior) = IMMUTABLE 103 ]; 104 105 // Required. The role granted by this permission. 106 optional Role role = 4 [(google.api.field_behavior) = REQUIRED]; 107} 108