Policy Troubleshooter v3 API - Class DenyRuleExplanation (1.0.0-beta02)

public sealed class DenyRuleExplanation : IMessage<DenyRuleExplanation>, IEquatable<DenyRuleExplanation>, IDeepCloneable<DenyRuleExplanation>, IBufferMessage, IMessage

Reference documentation and code samples for the Policy Troubleshooter v3 API class DenyRuleExplanation.

Details about how a deny rule in a deny policy affects a principal's ability to use a permission.

Inheritance

object > DenyRuleExplanation

Namespace

Google.Cloud.PolicyTroubleshooter.Iam.V3

Assembly

Google.Cloud.PolicyTroubleshooter.Iam.V3.dll

Constructors

DenyRuleExplanation()

public DenyRuleExplanation()

DenyRuleExplanation(DenyRuleExplanation)

public DenyRuleExplanation(DenyRuleExplanation other)
Parameter
NameDescription
otherDenyRuleExplanation

Properties

CombinedDeniedPermission

public DenyRuleExplanation.Types.AnnotatedPermissionMatching CombinedDeniedPermission { get; set; }

Indicates whether the permission in the request is listed as a denied permission in the deny rule.

Property Value
TypeDescription
DenyRuleExplanationTypesAnnotatedPermissionMatching

CombinedDeniedPrincipal

public DenyRuleExplanation.Types.AnnotatedDenyPrincipalMatching CombinedDeniedPrincipal { get; set; }

Indicates whether the principal is listed as a denied principal in the deny rule, either directly or through membership in a principal set.

Property Value
TypeDescription
DenyRuleExplanationTypesAnnotatedDenyPrincipalMatching

CombinedExceptionPermission

public DenyRuleExplanation.Types.AnnotatedPermissionMatching CombinedExceptionPermission { get; set; }

Indicates whether the permission in the request is listed as an exception permission in the deny rule.

Property Value
TypeDescription
DenyRuleExplanationTypesAnnotatedPermissionMatching

CombinedExceptionPrincipal

public DenyRuleExplanation.Types.AnnotatedDenyPrincipalMatching CombinedExceptionPrincipal { get; set; }

Indicates whether the principal is listed as an exception principal in the deny rule, either directly or through membership in a principal set.

Property Value
TypeDescription
DenyRuleExplanationTypesAnnotatedDenyPrincipalMatching

Condition

public Expr Condition { get; set; }

A condition expression that specifies when the deny rule denies the principal access.

To learn about IAM Conditions, see https://cloud.google.com/iam/help/conditions/overview.

Property Value
TypeDescription
Expr

ConditionExplanation

public ConditionExplanation ConditionExplanation { get; set; }

Condition evaluation state for this role binding.

Property Value
TypeDescription
ConditionExplanation

DeniedPermissions

public MapField<string, DenyRuleExplanation.Types.AnnotatedPermissionMatching> DeniedPermissions { get; }

Lists all denied permissions in the deny rule and indicates whether each permission matches the permission in the request.

Each key identifies a denied permission in the rule, and each value indicates whether the denied permission matches the permission in the request.

Property Value
TypeDescription
MapFieldstringDenyRuleExplanationTypesAnnotatedPermissionMatching

DeniedPrincipals

public MapField<string, DenyRuleExplanation.Types.AnnotatedDenyPrincipalMatching> DeniedPrincipals { get; }

Lists all denied principals in the deny rule and indicates whether each principal matches the principal in the request, either directly or through membership in a principal set.

Each key identifies a denied principal in the rule, and each value indicates whether the denied principal matches the principal in the request.

Property Value
TypeDescription
MapFieldstringDenyRuleExplanationTypesAnnotatedDenyPrincipalMatching

DenyAccessState

public DenyAccessState DenyAccessState { get; set; }

Required. Indicates whether this rule denies the specified permission to the specified principal for the specified resource.

This field does not indicate whether the principal is actually denied on the permission for the resource. There might be another rule that overrides this rule. To determine whether the principal actually has the permission, use the overall_access_state field in the [TroubleshootIamPolicyResponse][google.cloud.policytroubleshooter.iam.v3.TroubleshootIamPolicyResponse].

Property Value
TypeDescription
DenyAccessState

ExceptionPermissions

public MapField<string, DenyRuleExplanation.Types.AnnotatedPermissionMatching> ExceptionPermissions { get; }

Lists all exception permissions in the deny rule and indicates whether each permission matches the permission in the request.

Each key identifies a exception permission in the rule, and each value indicates whether the exception permission matches the permission in the request.

Property Value
TypeDescription
MapFieldstringDenyRuleExplanationTypesAnnotatedPermissionMatching

ExceptionPrincipals

public MapField<string, DenyRuleExplanation.Types.AnnotatedDenyPrincipalMatching> ExceptionPrincipals { get; }

Lists all exception principals in the deny rule and indicates whether each principal matches the principal in the request, either directly or through membership in a principal set.

Each key identifies a exception principal in the rule, and each value indicates whether the exception principal matches the principal in the request.

Property Value
TypeDescription
MapFieldstringDenyRuleExplanationTypesAnnotatedDenyPrincipalMatching

Relevance

public HeuristicRelevance Relevance { get; set; }

The relevance of this role binding to the overall determination for the entire policy.

Property Value
TypeDescription
HeuristicRelevance