enumDeviceEncryptionStatus{// The encryption status of the device is not specified or not known.ENCRYPTION_UNSPECIFIED==0;// The device does not support encryption.ENCRYPTION_UNSUPPORTED==1;// The device supports encryption, but is currently unencrypted.UNENCRYPTED==2;// The device is encrypted.ENCRYPTED==3;}
enumOsType{// The operating system of the device is not specified or not known.OS_UNSPECIFIED==0;// A desktop Mac operating system.DESKTOP_MAC==1;// A desktop Windows operating system.DESKTOP_WINDOWS==2;// A desktop Linux operating system.DESKTOP_LINUX==3;// An Android operating system.ANDROID==4;// An iOS operating system.IOS==5;// A desktop ChromeOS operating system.DESKTOP_CHROME_OS==6;}
此外,供应商可以提供使用 data 属性引用的自己的密钥和值。data 属性的可用密钥因供应商而异。 在政策表达式中比较键值对时,请确保一致性。例如,如果您希望键值对为字符串或布尔值,请确保相应地在政策表达式中将其与字符串或布尔值进行比较。请注意,当值是整数时,应在政策表达式中将其与双精度数字进行比较。
枚举值:
// Health score of the device as provided by the vendor (possibly third party).enumDeviceHealthScore{// The health score for the device is not specified or unknown.DEVICE_HEALTH_SCORE_UNSPECIFIED=0;// The health of the device is very poor.VERY_POOR=1;// The health of the device is poor.POOR=2;// The health of the device is ok.NEUTRAL=3;// The health of the device is good.GOOD=4;// The health of the device is very good.VERY_GOOD=5;}
// Checks if the enterprise certificate associated with the origin matches the device.device.certificates.exists(cert,cert.is_valid && cert.cert_fingerprint==origin.clientCertFingerprint())
[[["易于理解","easyToUnderstand","thumb-up"],["解决了我的问题","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["很难理解","hardToUnderstand","thumb-down"],["信息或示例代码不正确","incorrectInformationOrSampleCode","thumb-down"],["没有我需要的信息/示例","missingTheInformationSamplesINeed","thumb-down"],["翻译问题","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],["最后更新时间 (UTC):2025-06-16。"],[[["This document outlines four primary objects—`origin`, `request.auth`, `levels`, and `device`—used to construct Common Expression Language (CEL) expressions for Access Context Manager, each containing specific attributes to evaluate access levels."],["The `origin` object offers attributes like `ip` and `region_code` to define the request's source, allowing checks like whether a user is within a specific IP range or region, and supports the use of `inIpRange` to compare ip addresses."],["The `request.auth` object verifies user authentication, identifying the user's ID (`principal`) and the method used for authentication, such as password, push notification, or security key, via `claims.crd_str` attributes."],["The `device` object provides detailed information about the requesting device, including its encryption status, admin approval, ownership, OS type, and device-specific attributes for third-party vendor data, and the use of security protocols."],["The document also includes function and macro details for defining CEL expressions, such as `inIpRange`, `device.versionAtLeast`, `certificateBindingState`, `has`, and `e.all` , `e.exists` and `e.exists_one` for constructing complex access control rules."]]],[]]
