Class: Google::Cloud::PrivilegedAccessManager::V1::ManualApprovals

Inherits:
Object
  • Object
show all
Extended by:
Protobuf::MessageExts::ClassMethods
Includes:
Protobuf::MessageExts
Defined in:
proto_docs/google/cloud/privilegedaccessmanager/v1/privilegedaccessmanager.rb

Overview

A manual approval workflow where users who are designated as approvers need to call the ApproveGrant/DenyGrant APIs for a grant. The workflow can consist of multiple serial steps where each step defines who can act as approver in that step and how many of those users should approve before the workflow moves to the next step.

This can be used to create approval workflows such as:

  • Require an approval from any user in a group G.
  • Require an approval from any k number of users from a Group G.
  • Require an approval from any user in a group G and then from a user U.

A single user might be part of the approvers ACL for multiple steps in this workflow, but they can only approve once and that approval is only considered to satisfy the approval step at which it was granted.

Defined Under Namespace

Classes: Step

Instance Attribute Summary collapse

Instance Attribute Details

#require_approver_justification::Boolean

Returns Optional. Do the approvers need to provide a justification for their actions?.

Returns:

  • (::Boolean)

    Optional. Do the approvers need to provide a justification for their actions?



242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
 
# File 'proto_docs/google/cloud/privilegedaccessmanager/v1/privilegedaccessmanager.rb', line 242

class ManualApprovals
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Step represents a logical step in a manual approval workflow.
  # @!attribute [rw] approvers
  #   @return [::Array<::Google::Cloud::PrivilegedAccessManager::V1::AccessControlEntry>]
  #     Optional. The potential set of approvers in this step. This list must
  #     contain at most one entry.
  # @!attribute [rw] approvals_needed
  #   @return [::Integer]
  #     Required. How many users from the above list need to approve. If there
  #     aren't enough distinct users in the list, then the workflow indefinitely
  #     blocks. Should always be greater than 0. 1 is the only supported value.
  # @!attribute [rw] approver_email_recipients
  #   @return [::Array<::String>]
  #     Optional. Additional email addresses to be notified when a grant is
  #     pending approval.
  class Step
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#steps::Array<::Google::Cloud::PrivilegedAccessManager::V1::ManualApprovals::Step>

Returns Optional. List of approval steps in this workflow. These steps are followed in the specified order sequentially. Only 1 step is supported.

Returns:



242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
 
# File 'proto_docs/google/cloud/privilegedaccessmanager/v1/privilegedaccessmanager.rb', line 242

class ManualApprovals
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Step represents a logical step in a manual approval workflow.
  # @!attribute [rw] approvers
  #   @return [::Array<::Google::Cloud::PrivilegedAccessManager::V1::AccessControlEntry>]
  #     Optional. The potential set of approvers in this step. This list must
  #     contain at most one entry.
  # @!attribute [rw] approvals_needed
  #   @return [::Integer]
  #     Required. How many users from the above list need to approve. If there
  #     aren't enough distinct users in the list, then the workflow indefinitely
  #     blocks. Should always be greater than 0. 1 is the only supported value.
  # @!attribute [rw] approver_email_recipients
  #   @return [::Array<::String>]
  #     Optional. Additional email addresses to be notified when a grant is
  #     pending approval.
  class Step
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end