Custom access levels

Using Access Context Manager, you can create access levels that permit access to data based on the context of a request. While Access Context Manager already provides a method of creating basic access levels, you can also create custom access levels. Custom access levels enable your organization to use the device and context data of third-party security and endpoint management vendors to permit access to Google Cloud resources.

Custom access levels use boolean expressions written in a subset of Common Expression Language (CEL) to test the attributes of a client making a request.

In the Google Cloud console, custom access levels are configured using Advanced Mode when you create an access level.

To learn more about building CEL expressions for custom access levels, see the custom access level specification.

To start using custom access levels, see Creating custom access levels.

After custom access levels are created, they can be managed like other access levels.

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025年12月09日 UTC.