Policy Troubleshooter v3 API - Class ExplainedAllowPolicy (1.2.0)

public sealed class ExplainedAllowPolicy : IMessage<ExplainedAllowPolicy>, IEquatable<ExplainedAllowPolicy>, IDeepCloneable<ExplainedAllowPolicy>, IBufferMessage, IMessage

Reference documentation and code samples for the Policy Troubleshooter v3 API class ExplainedAllowPolicy.

Details about how a specific IAM allow policy contributed to the final access state.

Inheritance

object > ExplainedAllowPolicy

Namespace

Google.Cloud.PolicyTroubleshooter.Iam.V3

Assembly

Google.Cloud.PolicyTroubleshooter.Iam.V3.dll

Constructors

ExplainedAllowPolicy()

public ExplainedAllowPolicy()

ExplainedAllowPolicy(ExplainedAllowPolicy)

public ExplainedAllowPolicy(ExplainedAllowPolicy other)
Parameter
Name Description
other ExplainedAllowPolicy

Properties

AllowAccessState

public AllowAccessState AllowAccessState { get; set; }

Required. Indicates whether this policy provides the specified permission to the specified principal for the specified resource.

This field does not indicate whether the principal actually has the permission for the resource. There might be another policy that overrides this policy. To determine whether the principal actually has the permission, use the overall_access_state field in the [TroubleshootIamPolicyResponse][google.cloud.policytroubleshooter.iam.v3.TroubleshootIamPolicyResponse].

Property Value
Type Description
AllowAccessState

BindingExplanations

public RepeatedField<AllowBindingExplanation> BindingExplanations { get; }

Details about how each role binding in the policy affects the principal's ability, or inability, to use the permission for the resource. The order of the role bindings matches the role binding order in the policy.

If the sender of the request does not have access to the policy, this field is omitted.

Property Value
Type Description
RepeatedFieldAllowBindingExplanation

FullResourceName

public string FullResourceName { get; set; }

The full resource name that identifies the resource. For example, //compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/my-instance.

If the sender of the request does not have access to the policy, this field is omitted.

For examples of full resource names for Google Cloud services, see https://cloud.google.com/iam/help/troubleshooter/full-resource-names.

Property Value
Type Description
string

Policy

public Policy Policy { get; set; }

The IAM allow policy attached to the resource.

If the sender of the request does not have access to the policy, this field is empty.

Property Value
Type Description
Policy

Relevance

public HeuristicRelevance Relevance { get; set; }

The relevance of this policy to the overall access state in the [TroubleshootIamPolicyResponse][google.cloud.policytroubleshooter.iam.v3.TroubleshootIamPolicyResponse].

If the sender of the request does not have access to the policy, this field is omitted.

Property Value
Type Description
HeuristicRelevance