Policy Troubleshooter v3 API - Class AllowPolicyExplanation (1.2.0)

public sealed class AllowPolicyExplanation : IMessage<AllowPolicyExplanation>, IEquatable<AllowPolicyExplanation>, IDeepCloneable<AllowPolicyExplanation>, IBufferMessage, IMessage

Reference documentation and code samples for the Policy Troubleshooter v3 API class AllowPolicyExplanation.

Details about how the relevant IAM allow policies affect the final access state.

Inheritance

object > AllowPolicyExplanation

Namespace

Google.Cloud.PolicyTroubleshooter.Iam.V3

Assembly

Google.Cloud.PolicyTroubleshooter.Iam.V3.dll

Constructors

AllowPolicyExplanation()

public AllowPolicyExplanation()

AllowPolicyExplanation(AllowPolicyExplanation)

public AllowPolicyExplanation(AllowPolicyExplanation other)
Parameter
Name Description
other AllowPolicyExplanation

Properties

AllowAccessState

public AllowAccessState AllowAccessState { get; set; }

Indicates whether the principal has the specified permission for the specified resource, based on evaluating all applicable IAM allow policies.

Property Value
Type Description
AllowAccessState

ExplainedPolicies

public RepeatedField<ExplainedAllowPolicy> ExplainedPolicies { get; }

List of IAM allow policies that were evaluated to check the principal's permissions, with annotations to indicate how each policy contributed to the final result.

The list of policies includes the policy for the resource itself, as well as allow policies that are inherited from higher levels of the resource hierarchy, including the organization, the folder, and the project.

To learn more about the resource hierarchy, see https://cloud.google.com/iam/help/resource-hierarchy.

Property Value
Type Description
RepeatedFieldExplainedAllowPolicy

Relevance

public HeuristicRelevance Relevance { get; set; }

The relevance of the allow policy type to the overall access state.

Property Value
Type Description
HeuristicRelevance