Class: Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation

Inherits:

Object

• Object
• Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation

Extended by:

Protobuf::MessageExts::ClassMethods

Includes:

Protobuf::MessageExts

Defined in:

proto_docs/google/cloud/policytroubleshooter/iam/v3/troubleshooter.rb

Overview

Details about how a deny rule in a deny policy affects a principal's ability to use a permission.

Defined Under Namespace

Classes: AnnotatedDenyPrincipalMatching, AnnotatedPermissionMatching, DeniedPermissionsEntry, DeniedPrincipalsEntry, ExceptionPermissionsEntry, ExceptionPrincipalsEntry

Instance Attribute Summary

• #combined_denied_permission ⇒ ::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedPermissionMatching

  Indicates whether the permission in the request is listed as a denied permission in the deny rule.

• #combined_denied_principal ⇒ ::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedDenyPrincipalMatching

  Indicates whether the principal is listed as a denied principal in the deny rule, either directly or through membership in a principal set.

• #combined_exception_permission ⇒ ::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedPermissionMatching

  Indicates whether the permission in the request is listed as an exception permission in the deny rule.

• #combined_exception_principal ⇒ ::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedDenyPrincipalMatching

  Indicates whether the principal is listed as an exception principal in the deny rule, either directly or through membership in a principal set.

• #condition ⇒ ::Google::Type::Expr

  A condition expression that specifies when the deny rule denies the principal access.

• #condition_explanation ⇒ ::Google::Cloud::PolicyTroubleshooter::Iam::V3::ConditionExplanation

  Condition evaluation state for this role binding.

• #denied_permissions ⇒ ::Google::Protobuf::Map{::String => ::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedPermissionMatching}

  Lists all denied permissions in the deny rule and indicates whether each permission matches the permission in the request.

• #denied_principals ⇒ ::Google::Protobuf::Map{::String => ::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedDenyPrincipalMatching}

  Lists all denied principals in the deny rule and indicates whether each principal matches the principal in the request, either directly or through membership in a principal set.

• #deny_access_state ⇒ ::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyAccessState

  Required.

• #exception_permissions ⇒ ::Google::Protobuf::Map{::String => ::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedPermissionMatching}

  Lists all exception permissions in the deny rule and indicates whether each permission matches the permission in the request.

• #exception_principals ⇒ ::Google::Protobuf::Map{::String => ::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedDenyPrincipalMatching}

  Lists all exception principals in the deny rule and indicates whether each principal matches the principal in the request, either directly or through membership in a principal set.

• #relevance ⇒ ::Google::Cloud::PolicyTroubleshooter::Iam::V3::HeuristicRelevance

  The relevance of this role binding to the overall determination for the entire policy.

Instance Attribute Details

#combined_denied_permission ⇒ ::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedPermissionMatching

Returns Indicates whether the permission in the request is listed as a denied permission in the deny rule.

Returns:

• (::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedPermissionMatching) —

  Indicates whether the permission in the request is listed as a denied permission in the deny rule.

# File 'proto_docs/google/cloud/policytroubleshooter/iam/v3/troubleshooter.rb', line 600

class DenyRuleExplanation
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Details about whether the permission in the request is denied by the
  # deny rule.
  # @!attribute [rw] permission_matching_state
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::PermissionPatternMatchingState]
  #     Indicates whether the permission in the request is denied by the deny
  #     rule.
  # @!attribute [rw] relevance
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::HeuristicRelevance]
  #     The relevance of the permission status to the overall determination for
  #     the rule.
  class AnnotatedPermissionMatching
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Details about whether the principal in the request is listed as a denied
  # principal in the deny rule, either directly or through membership in a
  # principal set.
  # @!attribute [rw] membership
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::MembershipMatchingState]
  #     Indicates whether the principal is listed as a denied principal in the
  #     deny rule, either directly or through membership in a principal set.
  # @!attribute [rw] relevance
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::HeuristicRelevance]
  #     The relevance of the principal's status to the overall determination for
  #     the role binding.
  class AnnotatedDenyPrincipalMatching
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedPermissionMatching]
  class DeniedPermissionsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedPermissionMatching]
  class ExceptionPermissionsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedDenyPrincipalMatching]
  class DeniedPrincipalsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedDenyPrincipalMatching]
  class ExceptionPrincipalsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#combined_denied_principal ⇒ ::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedDenyPrincipalMatching

Returns Indicates whether the principal is listed as a denied principal in the deny rule, either directly or through membership in a principal set.

Returns:

• (::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedDenyPrincipalMatching) —

  Indicates whether the principal is listed as a denied principal in the deny rule, either directly or through membership in a principal set.

# File 'proto_docs/google/cloud/policytroubleshooter/iam/v3/troubleshooter.rb', line 600

class DenyRuleExplanation
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Details about whether the permission in the request is denied by the
  # deny rule.
  # @!attribute [rw] permission_matching_state
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::PermissionPatternMatchingState]
  #     Indicates whether the permission in the request is denied by the deny
  #     rule.
  # @!attribute [rw] relevance
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::HeuristicRelevance]
  #     The relevance of the permission status to the overall determination for
  #     the rule.
  class AnnotatedPermissionMatching
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Details about whether the principal in the request is listed as a denied
  # principal in the deny rule, either directly or through membership in a
  # principal set.
  # @!attribute [rw] membership
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::MembershipMatchingState]
  #     Indicates whether the principal is listed as a denied principal in the
  #     deny rule, either directly or through membership in a principal set.
  # @!attribute [rw] relevance
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::HeuristicRelevance]
  #     The relevance of the principal's status to the overall determination for
  #     the role binding.
  class AnnotatedDenyPrincipalMatching
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedPermissionMatching]
  class DeniedPermissionsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedPermissionMatching]
  class ExceptionPermissionsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedDenyPrincipalMatching]
  class DeniedPrincipalsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedDenyPrincipalMatching]
  class ExceptionPrincipalsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#combined_exception_permission ⇒ ::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedPermissionMatching

Returns Indicates whether the permission in the request is listed as an exception permission in the deny rule.

Returns:

• (::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedPermissionMatching) —

  Indicates whether the permission in the request is listed as an exception permission in the deny rule.

# File 'proto_docs/google/cloud/policytroubleshooter/iam/v3/troubleshooter.rb', line 600

class DenyRuleExplanation
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Details about whether the permission in the request is denied by the
  # deny rule.
  # @!attribute [rw] permission_matching_state
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::PermissionPatternMatchingState]
  #     Indicates whether the permission in the request is denied by the deny
  #     rule.
  # @!attribute [rw] relevance
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::HeuristicRelevance]
  #     The relevance of the permission status to the overall determination for
  #     the rule.
  class AnnotatedPermissionMatching
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Details about whether the principal in the request is listed as a denied
  # principal in the deny rule, either directly or through membership in a
  # principal set.
  # @!attribute [rw] membership
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::MembershipMatchingState]
  #     Indicates whether the principal is listed as a denied principal in the
  #     deny rule, either directly or through membership in a principal set.
  # @!attribute [rw] relevance
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::HeuristicRelevance]
  #     The relevance of the principal's status to the overall determination for
  #     the role binding.
  class AnnotatedDenyPrincipalMatching
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedPermissionMatching]
  class DeniedPermissionsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedPermissionMatching]
  class ExceptionPermissionsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedDenyPrincipalMatching]
  class DeniedPrincipalsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedDenyPrincipalMatching]
  class ExceptionPrincipalsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#combined_exception_principal ⇒ ::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedDenyPrincipalMatching

Returns Indicates whether the principal is listed as an exception principal in the deny rule, either directly or through membership in a principal set.

Returns:

• (::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedDenyPrincipalMatching) —

  Indicates whether the principal is listed as an exception principal in the deny rule, either directly or through membership in a principal set.

# File 'proto_docs/google/cloud/policytroubleshooter/iam/v3/troubleshooter.rb', line 600

class DenyRuleExplanation
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Details about whether the permission in the request is denied by the
  # deny rule.
  # @!attribute [rw] permission_matching_state
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::PermissionPatternMatchingState]
  #     Indicates whether the permission in the request is denied by the deny
  #     rule.
  # @!attribute [rw] relevance
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::HeuristicRelevance]
  #     The relevance of the permission status to the overall determination for
  #     the rule.
  class AnnotatedPermissionMatching
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Details about whether the principal in the request is listed as a denied
  # principal in the deny rule, either directly or through membership in a
  # principal set.
  # @!attribute [rw] membership
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::MembershipMatchingState]
  #     Indicates whether the principal is listed as a denied principal in the
  #     deny rule, either directly or through membership in a principal set.
  # @!attribute [rw] relevance
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::HeuristicRelevance]
  #     The relevance of the principal's status to the overall determination for
  #     the role binding.
  class AnnotatedDenyPrincipalMatching
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedPermissionMatching]
  class DeniedPermissionsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedPermissionMatching]
  class ExceptionPermissionsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedDenyPrincipalMatching]
  class DeniedPrincipalsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedDenyPrincipalMatching]
  class ExceptionPrincipalsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#condition ⇒ ::Google::Type::Expr

Returns A condition expression that specifies when the deny rule denies the principal access.

To learn about IAM Conditions, see https://cloud.google.com/iam/help/conditions/overview.

Returns:

• (::Google::Type::Expr) —

  A condition expression that specifies when the deny rule denies the principal access.

  To learn about IAM Conditions, see https://cloud.google.com/iam/help/conditions/overview.

# File 'proto_docs/google/cloud/policytroubleshooter/iam/v3/troubleshooter.rb', line 600

class DenyRuleExplanation
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Details about whether the permission in the request is denied by the
  # deny rule.
  # @!attribute [rw] permission_matching_state
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::PermissionPatternMatchingState]
  #     Indicates whether the permission in the request is denied by the deny
  #     rule.
  # @!attribute [rw] relevance
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::HeuristicRelevance]
  #     The relevance of the permission status to the overall determination for
  #     the rule.
  class AnnotatedPermissionMatching
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Details about whether the principal in the request is listed as a denied
  # principal in the deny rule, either directly or through membership in a
  # principal set.
  # @!attribute [rw] membership
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::MembershipMatchingState]
  #     Indicates whether the principal is listed as a denied principal in the
  #     deny rule, either directly or through membership in a principal set.
  # @!attribute [rw] relevance
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::HeuristicRelevance]
  #     The relevance of the principal's status to the overall determination for
  #     the role binding.
  class AnnotatedDenyPrincipalMatching
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedPermissionMatching]
  class DeniedPermissionsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedPermissionMatching]
  class ExceptionPermissionsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedDenyPrincipalMatching]
  class DeniedPrincipalsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedDenyPrincipalMatching]
  class ExceptionPrincipalsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#condition_explanation ⇒ ::Google::Cloud::PolicyTroubleshooter::Iam::V3::ConditionExplanation

Returns Condition evaluation state for this role binding.

Returns:

• (::Google::Cloud::PolicyTroubleshooter::Iam::V3::ConditionExplanation) —

  Condition evaluation state for this role binding.

# File 'proto_docs/google/cloud/policytroubleshooter/iam/v3/troubleshooter.rb', line 600

class DenyRuleExplanation
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Details about whether the permission in the request is denied by the
  # deny rule.
  # @!attribute [rw] permission_matching_state
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::PermissionPatternMatchingState]
  #     Indicates whether the permission in the request is denied by the deny
  #     rule.
  # @!attribute [rw] relevance
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::HeuristicRelevance]
  #     The relevance of the permission status to the overall determination for
  #     the rule.
  class AnnotatedPermissionMatching
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Details about whether the principal in the request is listed as a denied
  # principal in the deny rule, either directly or through membership in a
  # principal set.
  # @!attribute [rw] membership
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::MembershipMatchingState]
  #     Indicates whether the principal is listed as a denied principal in the
  #     deny rule, either directly or through membership in a principal set.
  # @!attribute [rw] relevance
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::HeuristicRelevance]
  #     The relevance of the principal's status to the overall determination for
  #     the role binding.
  class AnnotatedDenyPrincipalMatching
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedPermissionMatching]
  class DeniedPermissionsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedPermissionMatching]
  class ExceptionPermissionsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedDenyPrincipalMatching]
  class DeniedPrincipalsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedDenyPrincipalMatching]
  class ExceptionPrincipalsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#denied_permissions ⇒ ::Google::Protobuf::Map{::String => ::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedPermissionMatching}

Returns Lists all denied permissions in the deny rule and indicates whether each permission matches the permission in the request.

Each key identifies a denied permission in the rule, and each value indicates whether the denied permission matches the permission in the request.

Returns:

• (::Google::Protobuf::Map{::String => ::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedPermissionMatching}) —

  Lists all denied permissions in the deny rule and indicates whether each permission matches the permission in the request.

  Each key identifies a denied permission in the rule, and each value indicates whether the denied permission matches the permission in the request.

# File 'proto_docs/google/cloud/policytroubleshooter/iam/v3/troubleshooter.rb', line 600

class DenyRuleExplanation
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Details about whether the permission in the request is denied by the
  # deny rule.
  # @!attribute [rw] permission_matching_state
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::PermissionPatternMatchingState]
  #     Indicates whether the permission in the request is denied by the deny
  #     rule.
  # @!attribute [rw] relevance
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::HeuristicRelevance]
  #     The relevance of the permission status to the overall determination for
  #     the rule.
  class AnnotatedPermissionMatching
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Details about whether the principal in the request is listed as a denied
  # principal in the deny rule, either directly or through membership in a
  # principal set.
  # @!attribute [rw] membership
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::MembershipMatchingState]
  #     Indicates whether the principal is listed as a denied principal in the
  #     deny rule, either directly or through membership in a principal set.
  # @!attribute [rw] relevance
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::HeuristicRelevance]
  #     The relevance of the principal's status to the overall determination for
  #     the role binding.
  class AnnotatedDenyPrincipalMatching
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedPermissionMatching]
  class DeniedPermissionsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedPermissionMatching]
  class ExceptionPermissionsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedDenyPrincipalMatching]
  class DeniedPrincipalsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedDenyPrincipalMatching]
  class ExceptionPrincipalsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#denied_principals ⇒ ::Google::Protobuf::Map{::String => ::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedDenyPrincipalMatching}

Returns Lists all denied principals in the deny rule and indicates whether each principal matches the principal in the request, either directly or through membership in a principal set.

Each key identifies a denied principal in the rule, and each value indicates whether the denied principal matches the principal in the request.

Returns:

• (::Google::Protobuf::Map{::String => ::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedDenyPrincipalMatching}) —

  Lists all denied principals in the deny rule and indicates whether each principal matches the principal in the request, either directly or through membership in a principal set.

  Each key identifies a denied principal in the rule, and each value indicates whether the denied principal matches the principal in the request.

# File 'proto_docs/google/cloud/policytroubleshooter/iam/v3/troubleshooter.rb', line 600

class DenyRuleExplanation
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Details about whether the permission in the request is denied by the
  # deny rule.
  # @!attribute [rw] permission_matching_state
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::PermissionPatternMatchingState]
  #     Indicates whether the permission in the request is denied by the deny
  #     rule.
  # @!attribute [rw] relevance
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::HeuristicRelevance]
  #     The relevance of the permission status to the overall determination for
  #     the rule.
  class AnnotatedPermissionMatching
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Details about whether the principal in the request is listed as a denied
  # principal in the deny rule, either directly or through membership in a
  # principal set.
  # @!attribute [rw] membership
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::MembershipMatchingState]
  #     Indicates whether the principal is listed as a denied principal in the
  #     deny rule, either directly or through membership in a principal set.
  # @!attribute [rw] relevance
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::HeuristicRelevance]
  #     The relevance of the principal's status to the overall determination for
  #     the role binding.
  class AnnotatedDenyPrincipalMatching
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedPermissionMatching]
  class DeniedPermissionsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedPermissionMatching]
  class ExceptionPermissionsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedDenyPrincipalMatching]
  class DeniedPrincipalsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedDenyPrincipalMatching]
  class ExceptionPrincipalsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#deny_access_state ⇒ ::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyAccessState

Returns Required. Indicates whether this rule denies the specified permission to the specified principal for the specified resource.

This field does not indicate whether the principal is actually denied on the permission for the resource. There might be another rule that overrides this rule. To determine whether the principal actually has the permission, use the overall_access_state field in the TroubleshootIamPolicyResponse.

Returns:

• (::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyAccessState) —

  Required. Indicates whether this rule denies the specified permission to the specified principal for the specified resource.

  This field does not indicate whether the principal is actually denied on the permission for the resource. There might be another rule that overrides this rule. To determine whether the principal actually has the permission, use the overall_access_state field in the TroubleshootIamPolicyResponse.

# File 'proto_docs/google/cloud/policytroubleshooter/iam/v3/troubleshooter.rb', line 600

class DenyRuleExplanation
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Details about whether the permission in the request is denied by the
  # deny rule.
  # @!attribute [rw] permission_matching_state
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::PermissionPatternMatchingState]
  #     Indicates whether the permission in the request is denied by the deny
  #     rule.
  # @!attribute [rw] relevance
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::HeuristicRelevance]
  #     The relevance of the permission status to the overall determination for
  #     the rule.
  class AnnotatedPermissionMatching
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Details about whether the principal in the request is listed as a denied
  # principal in the deny rule, either directly or through membership in a
  # principal set.
  # @!attribute [rw] membership
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::MembershipMatchingState]
  #     Indicates whether the principal is listed as a denied principal in the
  #     deny rule, either directly or through membership in a principal set.
  # @!attribute [rw] relevance
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::HeuristicRelevance]
  #     The relevance of the principal's status to the overall determination for
  #     the role binding.
  class AnnotatedDenyPrincipalMatching
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedPermissionMatching]
  class DeniedPermissionsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedPermissionMatching]
  class ExceptionPermissionsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedDenyPrincipalMatching]
  class DeniedPrincipalsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedDenyPrincipalMatching]
  class ExceptionPrincipalsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#exception_permissions ⇒ ::Google::Protobuf::Map{::String => ::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedPermissionMatching}

Returns Lists all exception permissions in the deny rule and indicates whether each permission matches the permission in the request.

Each key identifies a exception permission in the rule, and each value indicates whether the exception permission matches the permission in the request.

Returns:

• (::Google::Protobuf::Map{::String => ::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedPermissionMatching}) —

  Lists all exception permissions in the deny rule and indicates whether each permission matches the permission in the request.

  Each key identifies a exception permission in the rule, and each value indicates whether the exception permission matches the permission in the request.

# File 'proto_docs/google/cloud/policytroubleshooter/iam/v3/troubleshooter.rb', line 600

class DenyRuleExplanation
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Details about whether the permission in the request is denied by the
  # deny rule.
  # @!attribute [rw] permission_matching_state
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::PermissionPatternMatchingState]
  #     Indicates whether the permission in the request is denied by the deny
  #     rule.
  # @!attribute [rw] relevance
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::HeuristicRelevance]
  #     The relevance of the permission status to the overall determination for
  #     the rule.
  class AnnotatedPermissionMatching
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Details about whether the principal in the request is listed as a denied
  # principal in the deny rule, either directly or through membership in a
  # principal set.
  # @!attribute [rw] membership
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::MembershipMatchingState]
  #     Indicates whether the principal is listed as a denied principal in the
  #     deny rule, either directly or through membership in a principal set.
  # @!attribute [rw] relevance
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::HeuristicRelevance]
  #     The relevance of the principal's status to the overall determination for
  #     the role binding.
  class AnnotatedDenyPrincipalMatching
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedPermissionMatching]
  class DeniedPermissionsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedPermissionMatching]
  class ExceptionPermissionsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedDenyPrincipalMatching]
  class DeniedPrincipalsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedDenyPrincipalMatching]
  class ExceptionPrincipalsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#exception_principals ⇒ ::Google::Protobuf::Map{::String => ::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedDenyPrincipalMatching}

Returns Lists all exception principals in the deny rule and indicates whether each principal matches the principal in the request, either directly or through membership in a principal set.

Each key identifies a exception principal in the rule, and each value indicates whether the exception principal matches the principal in the request.

Returns:

• (::Google::Protobuf::Map{::String => ::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedDenyPrincipalMatching}) —

  Lists all exception principals in the deny rule and indicates whether each principal matches the principal in the request, either directly or through membership in a principal set.

  Each key identifies a exception principal in the rule, and each value indicates whether the exception principal matches the principal in the request.

# File 'proto_docs/google/cloud/policytroubleshooter/iam/v3/troubleshooter.rb', line 600

class DenyRuleExplanation
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Details about whether the permission in the request is denied by the
  # deny rule.
  # @!attribute [rw] permission_matching_state
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::PermissionPatternMatchingState]
  #     Indicates whether the permission in the request is denied by the deny
  #     rule.
  # @!attribute [rw] relevance
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::HeuristicRelevance]
  #     The relevance of the permission status to the overall determination for
  #     the rule.
  class AnnotatedPermissionMatching
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Details about whether the principal in the request is listed as a denied
  # principal in the deny rule, either directly or through membership in a
  # principal set.
  # @!attribute [rw] membership
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::MembershipMatchingState]
  #     Indicates whether the principal is listed as a denied principal in the
  #     deny rule, either directly or through membership in a principal set.
  # @!attribute [rw] relevance
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::HeuristicRelevance]
  #     The relevance of the principal's status to the overall determination for
  #     the role binding.
  class AnnotatedDenyPrincipalMatching
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedPermissionMatching]
  class DeniedPermissionsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedPermissionMatching]
  class ExceptionPermissionsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedDenyPrincipalMatching]
  class DeniedPrincipalsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedDenyPrincipalMatching]
  class ExceptionPrincipalsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#relevance ⇒ ::Google::Cloud::PolicyTroubleshooter::Iam::V3::HeuristicRelevance

Returns The relevance of this role binding to the overall determination for the entire policy.

Returns:

• (::Google::Cloud::PolicyTroubleshooter::Iam::V3::HeuristicRelevance) —

  The relevance of this role binding to the overall determination for the entire policy.

# File 'proto_docs/google/cloud/policytroubleshooter/iam/v3/troubleshooter.rb', line 600

class DenyRuleExplanation
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Details about whether the permission in the request is denied by the
  # deny rule.
  # @!attribute [rw] permission_matching_state
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::PermissionPatternMatchingState]
  #     Indicates whether the permission in the request is denied by the deny
  #     rule.
  # @!attribute [rw] relevance
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::HeuristicRelevance]
  #     The relevance of the permission status to the overall determination for
  #     the rule.
  class AnnotatedPermissionMatching
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Details about whether the principal in the request is listed as a denied
  # principal in the deny rule, either directly or through membership in a
  # principal set.
  # @!attribute [rw] membership
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::MembershipMatchingState]
  #     Indicates whether the principal is listed as a denied principal in the
  #     deny rule, either directly or through membership in a principal set.
  # @!attribute [rw] relevance
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::HeuristicRelevance]
  #     The relevance of the principal's status to the overall determination for
  #     the role binding.
  class AnnotatedDenyPrincipalMatching
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedPermissionMatching]
  class DeniedPermissionsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedPermissionMatching]
  class ExceptionPermissionsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedDenyPrincipalMatching]
  class DeniedPrincipalsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedDenyPrincipalMatching]
  class ExceptionPrincipalsEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end