Policy Troubleshooter v3 API - Class DenyPolicyExplanation (1.2.0)

public sealed class DenyPolicyExplanation : IMessage<DenyPolicyExplanation>, IEquatable<DenyPolicyExplanation>, IDeepCloneable<DenyPolicyExplanation>, IBufferMessage, IMessage

Reference documentation and code samples for the Policy Troubleshooter v3 API class DenyPolicyExplanation.

Details about how the relevant IAM deny policies affect the final access state.

Inheritance

object > DenyPolicyExplanation

Namespace

Google.Cloud.PolicyTroubleshooter.Iam.V3

Assembly

Google.Cloud.PolicyTroubleshooter.Iam.V3.dll

Constructors

DenyPolicyExplanation()

public DenyPolicyExplanation()

DenyPolicyExplanation(DenyPolicyExplanation)

public DenyPolicyExplanation(DenyPolicyExplanation other)
Parameter
Name Description
other DenyPolicyExplanation

Properties

DenyAccessState

public DenyAccessState DenyAccessState { get; set; }

Indicates whether the principal is denied the specified permission for the specified resource, based on evaluating all applicable IAM deny policies.

Property Value
Type Description
DenyAccessState

ExplainedResources

public RepeatedField<ExplainedDenyResource> ExplainedResources { get; }

List of resources with IAM deny policies that were evaluated to check the principal's denied permissions, with annotations to indicate how each policy contributed to the final result.

The list of resources includes the policy for the resource itself, as well as policies that are inherited from higher levels of the resource hierarchy, including the organization, the folder, and the project. The order of the resources starts from the resource and climbs up the resource hierarchy.

To learn more about the resource hierarchy, see https://cloud.google.com/iam/help/resource-hierarchy.

Property Value
Type Description
RepeatedFieldExplainedDenyResource

PermissionDeniable

public bool PermissionDeniable { get; set; }

Indicates whether the permission to troubleshoot is supported in deny policies.

Property Value
Type Description
bool

Relevance

public HeuristicRelevance Relevance { get; set; }

The relevance of the deny policy result to the overall access state.

Property Value
Type Description
HeuristicRelevance