Google Cloud Policy Troubleshooter Iam V3 Client - Class DenyPolicyExplanation (0.2.5)

Reference documentation and code samples for the Google Cloud Policy Troubleshooter Iam V3 Client class DenyPolicyExplanation.

Details about how the relevant IAM deny policies affect the final access state.

Generated from protobuf message google.cloud.policytroubleshooter.iam.v3.DenyPolicyExplanation

Namespace

Google \ Cloud \ PolicyTroubleshooter \ Iam \ V3

Methods

__construct

Constructor.

Parameters
Name Description
data array

Optional. Data for populating the Message object.
↳ deny_access_state int

Indicates whether the principal is denied the specified permission for the specified resource, based on evaluating all applicable IAM deny policies.
↳ explained_resources array<Google\Cloud\PolicyTroubleshooter\Iam\V3\ExplainedDenyResource>

List of resources with IAM deny policies that were evaluated to check the principal's denied permissions, with annotations to indicate how each policy contributed to the final result. The list of resources includes the policy for the resource itself, as well as policies that are inherited from higher levels of the resource hierarchy, including the organization, the folder, and the project. The order of the resources starts from the resource and climbs up the resource hierarchy. To learn more about the resource hierarchy, see https://cloud.google.com/iam/help/resource-hierarchy.
↳ relevance int

The relevance of the deny policy result to the overall access state.
↳ permission_deniable bool

Indicates whether the permission to troubleshoot is supported in deny policies.

getDenyAccessState

Indicates whether the principal is denied the specified permission for the specified resource, based on evaluating all applicable IAM deny policies.

Returns
Type Description
int

setDenyAccessState

Indicates whether the principal is denied the specified permission for the specified resource, based on evaluating all applicable IAM deny policies.

Parameter
Name Description
var int
Returns
Type Description
$this

getExplainedResources

List of resources with IAM deny policies that were evaluated to check the principal's denied permissions, with annotations to indicate how each policy contributed to the final result.

The list of resources includes the policy for the resource itself, as well as policies that are inherited from higher levels of the resource hierarchy, including the organization, the folder, and the project. The order of the resources starts from the resource and climbs up the resource hierarchy. To learn more about the resource hierarchy, see https://cloud.google.com/iam/help/resource-hierarchy.

Returns
Type Description
Google\Protobuf\Internal\RepeatedField

setExplainedResources

List of resources with IAM deny policies that were evaluated to check the principal's denied permissions, with annotations to indicate how each policy contributed to the final result.

The list of resources includes the policy for the resource itself, as well as policies that are inherited from higher levels of the resource hierarchy, including the organization, the folder, and the project. The order of the resources starts from the resource and climbs up the resource hierarchy. To learn more about the resource hierarchy, see https://cloud.google.com/iam/help/resource-hierarchy.

Parameter
Name Description
var array<Google\Cloud\PolicyTroubleshooter\Iam\V3\ExplainedDenyResource>
Returns
Type Description
$this

getRelevance

The relevance of the deny policy result to the overall access state.

Returns
Type Description
int

setRelevance

The relevance of the deny policy result to the overall access state.

Parameter
Name Description
var int
Returns
Type Description
$this

getPermissionDeniable

Indicates whether the permission to troubleshoot is supported in deny policies.

Returns
Type Description
bool

setPermissionDeniable

Indicates whether the permission to troubleshoot is supported in deny policies.

Parameter
Name Description
var bool
Returns
Type Description
$this