public sealed class ExplainedAllowPolicy : IMessage<ExplainedAllowPolicy>, IEquatable<ExplainedAllowPolicy>, IDeepCloneable<ExplainedAllowPolicy>, IBufferMessage, IMessage
Reference documentation and code samples for the Policy Troubleshooter v3 API class ExplainedAllowPolicy.
Details about how a specific IAM allow policy contributed to the final access state.
Implements
IMessageExplainedAllowPolicy, IEquatableExplainedAllowPolicy, IDeepCloneableExplainedAllowPolicy, IBufferMessage, IMessageNamespace
Google.Cloud.PolicyTroubleshooter.Iam.V3Assembly
Google.Cloud.PolicyTroubleshooter.Iam.V3.dll
Constructors
ExplainedAllowPolicy()
public ExplainedAllowPolicy()
ExplainedAllowPolicy(ExplainedAllowPolicy)
public ExplainedAllowPolicy(ExplainedAllowPolicy other)
Parameter | |
---|---|
Name | Description |
other |
ExplainedAllowPolicy |
Properties
AllowAccessState
public AllowAccessState AllowAccessState { get; set; }
Required. Indicates whether this policy provides the specified permission to the specified principal for the specified resource.
This field does not indicate whether the principal actually has the
permission for the resource. There might be another policy that overrides
this policy. To determine whether the principal actually has the
permission, use the overall_access_state
field in the
[TroubleshootIamPolicyResponse][google.cloud.policytroubleshooter.iam.v3.TroubleshootIamPolicyResponse].
Property Value | |
---|---|
Type | Description |
AllowAccessState |
BindingExplanations
public RepeatedField<AllowBindingExplanation> BindingExplanations { get; }
Details about how each role binding in the policy affects the principal's ability, or inability, to use the permission for the resource. The order of the role bindings matches the role binding order in the policy.
If the sender of the request does not have access to the policy, this field is omitted.
Property Value | |
---|---|
Type | Description |
RepeatedFieldAllowBindingExplanation |
FullResourceName
public string FullResourceName { get; set; }
The full resource name that identifies the resource. For example,
//compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/my-instance
.
If the sender of the request does not have access to the policy, this field is omitted.
For examples of full resource names for Google Cloud services, see https://cloud.google.com/iam/help/troubleshooter/full-resource-names.
Property Value | |
---|---|
Type | Description |
string |
Policy
public Policy Policy { get; set; }
The IAM allow policy attached to the resource.
If the sender of the request does not have access to the policy, this field is empty.
Property Value | |
---|---|
Type | Description |
Policy |
Relevance
public HeuristicRelevance Relevance { get; set; }
The relevance of this policy to the overall access state in the [TroubleshootIamPolicyResponse][google.cloud.policytroubleshooter.iam.v3.TroubleshootIamPolicyResponse].
If the sender of the request does not have access to the policy, this field is omitted.
Property Value | |
---|---|
Type | Description |
HeuristicRelevance |