Settings

Settings resource defines the properties, applied directly to the resource or inherited through the hierarchy, to enable consistent, federated use of PAM.

The behavior is as follows: 1. If explicitly set to empty at the node level, PAM's default settings are applied for that node. 2. If not set at the node level, settings are inherited from the closest ancestor with a non-empty value. If none of the ancestors has the field set, PAM's default settings are applied. 3. If explicitly set to a non-empty value at the node level, the specified settings are applied for that node.

JSON representation

JSON representation
{ "name": string, "createTime": string, "updateTime": string, "etag": string, "serviceAccountApproverSettings": { object (`ServiceAccountApproverSettings`) }, "emailNotificationSettings": { object (`EmailNotificationSettings`) } }

{
  "name": string,
  "createTime": string,
  "updateTime": string,
  "etag": string,
  "serviceAccountApproverSettings": {
    object (ServiceAccountApproverSettings)
  },
  "emailNotificationSettings": {
    object (EmailNotificationSettings)
  }
}

Fields
`name`	`string` Identifier. Name of the settings resource. Possible formats: projects/{project-id\|project-number}/locations/{location}/settings folders/{folder-number}/locations/{location}/settings organizations/{organization-number}/locations/{location}/settings
`createTime`	`string (Timestamp format)` Output only. Create timestamp. Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: `"2014-10-02T15:01:23Z"`, `"2014-10-02T15:01:23.045123456Z"` or `"2014-10-02T15:01:23+05:30"`.
`updateTime`	`string (Timestamp format)` Output only. Update timestamp. Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: `"2014-10-02T15:01:23Z"`, `"2014-10-02T15:01:23.045123456Z"` or `"2014-10-02T15:01:23+05:30"`.
`etag`	`string` Fingerprint for optimistic concurrency returned in the response of `GetSettings`. Must be provided in the requests to `UpdateSettings`. If the value provided does not match the value known to the server, ABORTED will be thrown, and the client should retry the read-modify-write cycle.
`serviceAccountApproverSettings`	`object (ServiceAccountApproverSettings)` Optional. This controls the node-level settings for allowing service accounts as approvers.
`emailNotificationSettings`	`object (EmailNotificationSettings)` Optional. `EmailNotificationSettings` defines node-wide email notification preferences for various PAM events.

ServiceAccountApproverSettings

This controls whether service accounts are allowed to approve grants or can be designated as approvers within PAM entitlements.

JSON representation
{ "enabled": boolean }

Fields

Fields
`enabled`	`boolean` Optional. Indicates whether service account is allowed to grant approvals.

enabled

boolean

Optional. Indicates whether service account is allowed to grant approvals.

EmailNotificationSettings

EmailNotificationSettings defines the node-wide email notification settings.

JSON representation

JSON representation
{ // Union field `notification_behavior` can be only one of the following: "disableAllNotifications": { object (`DisableAllNotifications`) }, "customNotificationBehavior": { object (`CustomNotificationBehavior`) } // End of list of possible types for union field `notification_behavior`. }

{

  // Union field notification_behavior can be only one of the following:
  "disableAllNotifications": {
    object (DisableAllNotifications)
  },
  "customNotificationBehavior": {
    object (CustomNotificationBehavior)
  }
  // End of list of possible types for union field notification_behavior.
}

Fields

Fields
Union field `notification_behavior`. Notification behavior. 1. If set to `DisableAllNotifications`, all notifications are disabled for the node. 2. If set to `CustomNotificationBehavior`, notifications are customized as per the specified settings. 3. If notification_behavior is not set (none of the options selected), PAM's default settings are applied for that node. `notification_behavior` can be only one of the following:
`disableAllNotifications`	`object (DisableAllNotifications)` Disable all notifications.
`customNotificationBehavior`	`object (CustomNotificationBehavior)` Granular settings of notifications.

Union field notification_behavior. Notification behavior. 1. If set to DisableAllNotifications, all notifications are disabled for the node. 2. If set to CustomNotificationBehavior, notifications are customized as per the specified settings. 3. If notification_behavior is not set (none of the options selected), PAM's default settings are applied for that node. notification_behavior can be only one of the following:

disableAllNotifications

object (DisableAllNotifications)

Disable all notifications.

customNotificationBehavior

object (CustomNotificationBehavior)

Granular settings of notifications.

DisableAllNotifications

This type has no fields.

This option indicates that all email notifications are disabled.

CustomNotificationBehavior

CustomNotificationBehavior provides granular control over email notification delivery. Allows admins to selectively enable/disable notifications for specific events and specific personas.

JSON representation
{ "requesterNotifications": { object (`RequesterNotifications`) }, "adminNotifications": { object (`AdminNotifications`) }, "approverNotifications": { object (`ApproverNotifications`) } }

Fields

Fields
`requesterNotifications`	`object (RequesterNotifications)` Optional. Requester email notifications.
`adminNotifications`	`object (AdminNotifications)` Optional. Admin email notifications.
`approverNotifications`	`object (ApproverNotifications)` Optional. Approver email notifications.

requesterNotifications

object (RequesterNotifications)

Optional. Requester email notifications.

adminNotifications

object (AdminNotifications)

Optional. Admin email notifications.

approverNotifications

object (ApproverNotifications)

Optional. Approver email notifications.

RequesterNotifications

Email notifications specific to Requesters.

JSON representation

JSON representation
{ "entitlementAssigned": enum (`NotificationMode`), "grantActivated": enum (`NotificationMode`), "grantDenied": enum (`NotificationMode`), "grantExpired": enum (`NotificationMode`), "grantEnded": enum (`NotificationMode`), "grantRevoked": enum (`NotificationMode`), "grantExternallyModified": enum (`NotificationMode`), "grantActivationFailed": enum (`NotificationMode`) }

{
  "entitlementAssigned": enum (NotificationMode),
  "grantActivated": enum (NotificationMode),
  "grantDenied": enum (NotificationMode),
  "grantExpired": enum (NotificationMode),
  "grantEnded": enum (NotificationMode),
  "grantRevoked": enum (NotificationMode),
  "grantExternallyModified": enum (NotificationMode),
  "grantActivationFailed": enum (NotificationMode)
}

Fields
`entitlementAssigned`	`enum (NotificationMode)` Optional. Notification mode for entitlement assigned.
`grantActivated`	`enum (NotificationMode)` Optional. Notification mode for grant activated.
`grantDenied`	`enum (NotificationMode)` Optional. Notification mode for grant denied.
`grantExpired`	`enum (NotificationMode)` Optional. Notification mode for grant request expired.
`grantEnded`	`enum (NotificationMode)` Optional. Notification mode for grant ended.
`grantRevoked`	`enum (NotificationMode)` Optional. Notification mode for grant revoked.
`grantExternallyModified`	`enum (NotificationMode)` Optional. Notification mode for grant externally modified.
`grantActivationFailed`	`enum (NotificationMode)` Optional. Notification mode for grant activation failed.

NotificationMode

NotificationMode represents the notification delivery setting.

Enums
`NOTIFICATION_MODE_UNSPECIFIED`	Default notification behavior following PAM's standard settings.
`ENABLED`	Notifications are enabled.
`DISABLED`	Notifications are disabled.

AdminNotifications

Email notifications specific to Admins.

JSON representation
{ "grantActivated": enum (`NotificationMode`), "grantEnded": enum (`NotificationMode`), "grantExternallyModified": enum (`NotificationMode`), "grantActivationFailed": enum (`NotificationMode`) }

Fields
`grantActivated`	`enum (NotificationMode)` Optional. Notification mode for grant activated.
`grantEnded`	`enum (NotificationMode)` Optional. Notification mode for grant ended.
`grantExternallyModified`	`enum (NotificationMode)` Optional. Notification mode for grant externally modified.
`grantActivationFailed`	`enum (NotificationMode)` Optional. Notification mode for grant activation failed.

ApproverNotifications

Email notifications specific to Approvers.

JSON representation
{ "pendingApproval": enum (`NotificationMode`) }

Fields

Fields
`pendingApproval`	`enum (NotificationMode)` Optional. Notification mode for pending approval.

pendingApproval

enum (NotificationMode)

Optional. Notification mode for pending approval.

Settings Stay organized with collections Save and categorize content based on your preferences.

ServiceAccountApproverSettings

EmailNotificationSettings

DisableAllNotifications

CustomNotificationBehavior

RequesterNotifications

NotificationMode

AdminNotifications

ApproverNotifications

Settings