Class: Google::Cloud::PolicyTroubleshooter::Iam::V3::ExplainedAllowPolicy

Inherits:

Object

• Object
• Google::Cloud::PolicyTroubleshooter::Iam::V3::ExplainedAllowPolicy

Extended by:

Protobuf::MessageExts::ClassMethods

Includes:

Protobuf::MessageExts

Defined in:

proto_docs/google/cloud/policytroubleshooter/iam/v3/troubleshooter.rb

Overview

Details about how a specific IAM allow policy contributed to the final access state.

Instance Attribute Summary

• #allow_access_state ⇒ ::Google::Cloud::PolicyTroubleshooter::Iam::V3::AllowAccessState

  Required.

• #binding_explanations ⇒ ::Array<::Google::Cloud::PolicyTroubleshooter::Iam::V3::AllowBindingExplanation>

  Details about how each role binding in the policy affects the principal's ability, or inability, to use the permission for the resource.

• #full_resource_name ⇒ ::String

  The full resource name that identifies the resource.

• #policy ⇒ ::Google::Iam::V1::Policy

  The IAM allow policy attached to the resource.

• #relevance ⇒ ::Google::Cloud::PolicyTroubleshooter::Iam::V3::HeuristicRelevance

  The relevance of this policy to the overall access state in the TroubleshootIamPolicyResponse.

Instance Attribute Details

#allow_access_state ⇒ ::Google::Cloud::PolicyTroubleshooter::Iam::V3::AllowAccessState

Returns Required. Indicates whether this policy provides the specified permission to the specified principal for the specified resource.

This field does not indicate whether the principal actually has the permission for the resource. There might be another policy that overrides this policy. To determine whether the principal actually has the permission, use the overall_access_state field in the TroubleshootIamPolicyResponse.

Returns:

• (::Google::Cloud::PolicyTroubleshooter::Iam::V3::AllowAccessState) —

  Required. Indicates whether this policy provides the specified permission to the specified principal for the specified resource.

  This field does not indicate whether the principal actually has the permission for the resource. There might be another policy that overrides this policy. To determine whether the principal actually has the permission, use the overall_access_state field in the TroubleshootIamPolicyResponse.

# File 'proto_docs/google/cloud/policytroubleshooter/iam/v3/troubleshooter.rb', line 315

class ExplainedAllowPolicy
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods
end

#binding_explanations ⇒ ::Array<::Google::Cloud::PolicyTroubleshooter::Iam::V3::AllowBindingExplanation>

Returns Details about how each role binding in the policy affects the principal's ability, or inability, to use the permission for the resource. The order of the role bindings matches the role binding order in the policy.

If the sender of the request does not have access to the policy, this field is omitted.

Returns:

• (::Array<::Google::Cloud::PolicyTroubleshooter::Iam::V3::AllowBindingExplanation>) —

  Details about how each role binding in the policy affects the principal's ability, or inability, to use the permission for the resource. The order of the role bindings matches the role binding order in the policy.

  If the sender of the request does not have access to the policy, this field is omitted.

# File 'proto_docs/google/cloud/policytroubleshooter/iam/v3/troubleshooter.rb', line 315

class ExplainedAllowPolicy
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods
end

#full_resource_name ⇒ ::String

Returns The full resource name that identifies the resource. For example, //compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/my-instance.

If the sender of the request does not have access to the policy, this field is omitted.

For examples of full resource names for Google Cloud services, see https://cloud.google.com/iam/help/troubleshooter/full-resource-names.

Returns:

• (::String) —

  The full resource name that identifies the resource. For example, //compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/my-instance.

  If the sender of the request does not have access to the policy, this field is omitted.

  For examples of full resource names for Google Cloud services, see https://cloud.google.com/iam/help/troubleshooter/full-resource-names.

# File 'proto_docs/google/cloud/policytroubleshooter/iam/v3/troubleshooter.rb', line 315

class ExplainedAllowPolicy
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods
end

#policy ⇒ ::Google::Iam::V1::Policy

Returns The IAM allow policy attached to the resource.

If the sender of the request does not have access to the policy, this field is empty.

Returns:

• (::Google::Iam::V1::Policy) —

  The IAM allow policy attached to the resource.

  If the sender of the request does not have access to the policy, this field is empty.

# File 'proto_docs/google/cloud/policytroubleshooter/iam/v3/troubleshooter.rb', line 315

class ExplainedAllowPolicy
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods
end

#relevance ⇒ ::Google::Cloud::PolicyTroubleshooter::Iam::V3::HeuristicRelevance

Returns The relevance of this policy to the overall access state in the TroubleshootIamPolicyResponse.

If the sender of the request does not have access to the policy, this field is omitted.

Returns:

• (::Google::Cloud::PolicyTroubleshooter::Iam::V3::HeuristicRelevance) —

  The relevance of this policy to the overall access state in the TroubleshootIamPolicyResponse.

  If the sender of the request does not have access to the policy, this field is omitted.

# File 'proto_docs/google/cloud/policytroubleshooter/iam/v3/troubleshooter.rb', line 315

class ExplainedAllowPolicy
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods
end