1## IAM (Identity and Access Management) Protos 2 3This folder contains [protocol buffer][protobuf] types which represent IAM 4(Identity and Access Management) concepts plus a mix-in service declaration (IAMPolicy) 5which can be inherited by APIs so that they follow a consistent pattern for 6IAM operations. 7 8### Key Concepts 9 10- **Binding**: Associates a list of identities with a particular role. An identity can 11 match things like all users, all authenticated users, a single user, a single service 12 account, a single group, or a single domain. A role is a permission defined by IAM, such as 13 `roles/viewer`, `roles/editor`, or `roles/owner`. 14- **Policy**: A list of bindings where each role can only appear once. It also contains 15 a version to track iterations of the bindings. 16 17### Key Service definitions 18 19- **IAMPolicy**: This is a mix-in service which defines three operations: 20 - `SetIamPolicy`: Sets the access control policy on the specified resource. 21 - `GetIamPolicy`: Gets the access control policy for a resource. 22 - `TestIamPermissions`: Returns permissions that a caller has on the specified resource. 23 24[protobuf]: https://developers.google.com/protocol-buffers/ 25