public sealed class AccessTuple : IMessage<AccessTuple>, IEquatable<AccessTuple>, IDeepCloneable<AccessTuple>, IBufferMessage, IMessage
Reference documentation and code samples for the Policy Troubleshooter v3 API class AccessTuple.
Information about the principal, resource, and permission to check.
Implements
IMessageAccessTuple, IEquatableAccessTuple, IDeepCloneableAccessTuple, IBufferMessage, IMessageNamespace
Google.Cloud.PolicyTroubleshooter.Iam.V3Assembly
Google.Cloud.PolicyTroubleshooter.Iam.V3.dll
Constructors
AccessTuple()
public AccessTuple()
AccessTuple(AccessTuple)
public AccessTuple(AccessTuple other)
Parameter | |
---|---|
Name | Description |
other |
AccessTuple |
Properties
ConditionContext
public ConditionContext ConditionContext { get; set; }
Optional. Additional context for the request, such as the request time or IP address. This context allows Policy Troubleshooter to troubleshoot conditional role bindings and deny rules.
Property Value | |
---|---|
Type | Description |
ConditionContext |
FullResourceName
public string FullResourceName { get; set; }
Required. The full resource name that identifies the resource. For example,
//compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/my-instance
.
For examples of full resource names for Google Cloud services, see https://cloud.google.com/iam/help/troubleshooter/full-resource-names.
Property Value | |
---|---|
Type | Description |
string |
Permission
public string Permission { get; set; }
Required. The IAM permission to check for, either in the v1
permission
format or the v2
permission format.
For a complete list of IAM permissions in the v1
format, see
https://cloud.google.com/iam/help/permissions/reference.
For a list of IAM permissions in the v2
format, see
https://cloud.google.com/iam/help/deny/supported-permissions.
For a complete list of predefined IAM roles and the permissions in each role, see https://cloud.google.com/iam/help/roles/reference.
Property Value | |
---|---|
Type | Description |
string |
PermissionFqdn
public string PermissionFqdn { get; set; }
Output only. The permission that Policy Troubleshooter checked for, in
the v2
format.
Property Value | |
---|---|
Type | Description |
string |
Principal
public string Principal { get; set; }
Required. The email address of the principal whose access you want to
check. For example, alice@example.com
or
my-service-account@my-project.iam.gserviceaccount.com
.
The principal must be a Google Account or a service account. Other types of principals are not supported.
Property Value | |
---|---|
Type | Description |
string |