Class ExplainedPolicy (2.0.0)

public sealed class ExplainedPolicy : IMessage<ExplainedPolicy>, IEquatable<ExplainedPolicy>, IDeepCloneable<ExplainedPolicy>, IBufferMessage, IMessage

Details about how a specific IAM [Policy][google.iam.v1.Policy] contributed to the access check.

Inheritance

Object > ExplainedPolicy

Namespace

Google.Cloud.PolicyTroubleshooter.V1

Assembly

Google.Cloud.PolicyTroubleshooter.V1.dll

Constructors

ExplainedPolicy()

public ExplainedPolicy()

ExplainedPolicy(ExplainedPolicy)

public ExplainedPolicy(ExplainedPolicy other)
Parameter
NameDescription
otherExplainedPolicy

Properties

Access

public AccessState Access { get; set; }

Indicates whether this policy provides the specified permission to the specified member for the specified resource.

This field does not indicate whether the member actually has the permission for the resource. There might be another policy that overrides this policy. To determine whether the member actually has the permission, use the access field in the [TroubleshootIamPolicyResponse][IamChecker.TroubleshootIamPolicyResponse].

Property Value
TypeDescription
AccessState

BindingExplanations

public RepeatedField<BindingExplanation> BindingExplanations { get; }

Details about how each binding in the policy affects the member's ability, or inability, to use the permission for the resource.

If the sender of the request does not have access to the policy, this field is omitted.

Property Value
TypeDescription
RepeatedField<BindingExplanation>

FullResourceName

public string FullResourceName { get; set; }

The full resource name that identifies the resource. For example, //compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/my-instance.

If the sender of the request does not have access to the policy, this field is omitted.

For examples of full resource names for Google Cloud services, see https://cloud.google.com/iam/help/troubleshooter/full-resource-names.

Property Value
TypeDescription
String

Policy

public Policy Policy { get; set; }

The IAM policy attached to the resource.

If the sender of the request does not have access to the policy, this field is empty.

Property Value
TypeDescription
Policy

Relevance

public HeuristicRelevance Relevance { get; set; }

The relevance of this policy to the overall determination in the [TroubleshootIamPolicyResponse][IamChecker.TroubleshootIamPolicyResponse].

If the sender of the request does not have access to the policy, this field is omitted.

Property Value
TypeDescription
HeuristicRelevance