Policy Troubleshooter v3 API - Class ExplainedDenyPolicy (1.1.0)

public sealed class ExplainedDenyPolicy : IMessage<ExplainedDenyPolicy>, IEquatable<ExplainedDenyPolicy>, IDeepCloneable<ExplainedDenyPolicy>, IBufferMessage, IMessage

Reference documentation and code samples for the Policy Troubleshooter v3 API class ExplainedDenyPolicy.

Details about how a specific IAM deny policy [Policy][google.iam.v2.Policy] contributed to the access check.

Inheritance

object > ExplainedDenyPolicy

Implements

IMessage ExplainedDenyPolicy, IEquatable ExplainedDenyPolicy, IDeepCloneable ExplainedDenyPolicy, IBufferMessage, IMessage

Inherited Members

object.GetHashCode()

object.GetType()

object.ToString()

Namespace

Google.Cloud.PolicyTroubleshooter.Iam.V3

Assembly

Google.Cloud.PolicyTroubleshooter.Iam.V3.dll

Constructors

ExplainedDenyPolicy()

public ExplainedDenyPolicy()

ExplainedDenyPolicy(ExplainedDenyPolicy)

public ExplainedDenyPolicy(ExplainedDenyPolicy other)

Parameter
Name	Description
`other`	`ExplainedDenyPolicy`

Properties

DenyAccessState

public DenyAccessState DenyAccessState { get; set; }

Required. Indicates whether this policy denies the specified permission to the specified principal for the specified resource.

This field does not indicate whether the principal actually has the permission for the resource. There might be another policy that overrides this policy. To determine whether the principal actually has the permission, use the overall_access_state field in the [TroubleshootIamPolicyResponse][google.cloud.policytroubleshooter.iam.v3.TroubleshootIamPolicyResponse].

Property Value
Type	Description
`DenyAccessState`

Policy

public Policy Policy { get; set; }

The IAM deny policy attached to the resource.

If the sender of the request does not have access to the policy, this field is omitted.

Property Value
Type	Description
`Policy`

Relevance

public HeuristicRelevance Relevance { get; set; }

The relevance of this policy to the overall access state in the [TroubleshootIamPolicyResponse][google.cloud.policytroubleshooter.iam.v3.TroubleshootIamPolicyResponse].

If the sender of the request does not have access to the policy, this field is omitted.

Property Value
Type	Description
`HeuristicRelevance`

RuleExplanations

public RepeatedField<DenyRuleExplanation> RuleExplanations { get; }

Details about how each rule in the policy affects the principal's inability to use the permission for the resource. The order of the deny rule matches the order of the rules in the deny policy.

If the sender of the request does not have access to the policy, this field is omitted.

Property Value
Type	Description
`RepeatedFieldDenyRuleExplanation`