public sealed class ExplainedDenyResource : IMessage<ExplainedDenyResource>, IEquatable<ExplainedDenyResource>, IDeepCloneable<ExplainedDenyResource>, IBufferMessage, IMessageReference documentation and code samples for the Policy Troubleshooter v3 API class ExplainedDenyResource.
Details about how a specific resource contributed to the deny policy evaluation.
Implements
IMessageExplainedDenyResource, IEquatableExplainedDenyResource, IDeepCloneableExplainedDenyResource, IBufferMessage, IMessageNamespace
Google.Cloud.PolicyTroubleshooter.Iam.V3Assembly
Google.Cloud.PolicyTroubleshooter.Iam.V3.dll
Constructors
ExplainedDenyResource()
public ExplainedDenyResource()ExplainedDenyResource(ExplainedDenyResource)
public ExplainedDenyResource(ExplainedDenyResource other)| Parameter | |
|---|---|
| Name | Description |
other |
ExplainedDenyResource |
Properties
DenyAccessState
public DenyAccessState DenyAccessState { get; set; }Required. Indicates whether any policies attached to this resource deny the specific permission to the specified principal for the specified resource.
This field does not indicate whether the principal actually has the
permission for the resource. There might be another policy that overrides
this policy. To determine whether the principal actually has the
permission, use the overall_access_state field in the
[TroubleshootIamPolicyResponse][google.cloud.policytroubleshooter.iam.v3.TroubleshootIamPolicyResponse].
| Property Value | |
|---|---|
| Type | Description |
DenyAccessState |
|
ExplainedPolicies
public RepeatedField<ExplainedDenyPolicy> ExplainedPolicies { get; }List of IAM deny policies that were evaluated to check the principal's denied permissions, with annotations to indicate how each policy contributed to the final result.
| Property Value | |
|---|---|
| Type | Description |
RepeatedFieldExplainedDenyPolicy |
|
FullResourceName
public string FullResourceName { get; set; }The full resource name that identifies the resource. For example,
//compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/my-instance.
If the sender of the request does not have access to the policy, this field is omitted.
For examples of full resource names for Google Cloud services, see https://cloud.google.com/iam/help/troubleshooter/full-resource-names.
| Property Value | |
|---|---|
| Type | Description |
string |
|
Relevance
public HeuristicRelevance Relevance { get; set; }The relevance of this policy to the overall access state in the [TroubleshootIamPolicyResponse][google.cloud.policytroubleshooter.iam.v3.TroubleshootIamPolicyResponse].
If the sender of the request does not have access to the policy, this field is omitted.
| Property Value | |
|---|---|
| Type | Description |
HeuristicRelevance |
|