Policy Troubleshooter v3 API - Namespace Google.Cloud.PolicyTroubleshooter.Iam.V3 (1.0.0)

Information about the principal, resource, and permission to check.

Details about how a role binding in an allow policy affects a principal's ability to use a permission.

Container for nested types declared in the AllowBindingExplanation message type.

Details about whether the role binding includes the principal.

Details about how the relevant IAM allow policies affect the final access state.

Additional context for troubleshooting conditional role bindings and deny rules.

Container for nested types declared in the ConditionContext message type.

A tag that applies to a resource during policy evaluation. Tags can be either directly bound to a resource or inherited from its ancestor. EffectiveTag contains the name and namespaced_name of the tag value and tag key, with additional fields of inherited to indicate the inheritance status of the effective tag.

This message defines attributes for a node that handles a network request. The node can be either a service or an application that sends, forwards, or receives the request. Service peers should fill in principal and labels as appropriate.

This message defines attributes for an HTTP request. If the actual request is not an HTTP request, the runtime system should try to map the actual request to an equivalent HTTP request.

Core attributes for a resource. A resource is an addressable (named) entity provided by the destination service. For example, a Compute Engine instance.

Explanation for how a condition affects a principal's access

Container for nested types declared in the ConditionExplanation message type.

Evaluated state of a condition expression.

Details about how the relevant IAM deny policies affect the final access state.

Details about how a deny rule in a deny policy affects a principal's ability to use a permission.

Container for nested types declared in the DenyRuleExplanation message type.

Details about whether the principal in the request is listed as a denied principal in the deny rule, either directly or through membership in a principal set.

Details about whether the permission in the request is denied by the deny rule.

Details about how a specific IAM allow policy contributed to the final access state.

Details about how a specific IAM deny policy [Policy][google.iam.v2.Policy] contributed to the access check.

Details about how a specific resource contributed to the deny policy evaluation.

IAM Policy Troubleshooter service.

This service helps you troubleshoot access issues for Google Cloud resources.

Base class for server-side implementations of PolicyTroubleshooter

Client for PolicyTroubleshooter

PolicyTroubleshooter client wrapper, for convenient use.

Builder class for PolicyTroubleshooterClient to provide simple configuration of credentials, endpoint etc.

PolicyTroubleshooter client wrapper implementation, for convenient use.

Settings for PolicyTroubleshooterClient instances.

Request for [TroubleshootIamPolicy][google.cloud.policytroubleshooter.iam.v3.PolicyTroubleshooter.TroubleshootIamPolicy].

Response for [TroubleshootIamPolicy][google.cloud.policytroubleshooter.iam.v3.PolicyTroubleshooter.TroubleshootIamPolicy].

Container for nested types declared in the TroubleshootIamPolicyResponse message type.

Whether IAM allow policies gives the principal the permission.

Whether IAM deny policies deny the principal the permission.

The extent to which a single data point contributes to an overall determination.

Whether the principal in the request matches the principal in the policy.

Whether the permission in the request matches the permission in the policy.

Whether a role includes a specific permission.

Whether the principal has the permission on the resource.