Optional. If true, the response will include access analysis from identities to
resources via service account impersonation. This is a very expensive
operation, because many derived queries will be executed. We highly
recommend you use ExportIamPolicyAnalysis rpc instead.
For example, if the request analyzes for which resources user A has
permission P, and there's an IAM policy states user A has
iam.serviceAccounts.getAccessToken permission to a service account SA,
and there's another IAM policy states service account SA has permission P
to a GCP folder F, then user A potentially has access to the GCP folder
F. And those advanced analysis results will be included in
AnalyzeIamPolicyResponse.service_account_impersonation_analysis.
Another example, if the request analyzes for who has
permission P to a GCP folder F, and there's an IAM policy states user A
has iam.serviceAccounts.actAs permission to a service account SA, and
there's another IAM policy states service account SA has permission P to
the GCP folder F, then user A potentially has access to the GCP folder
F. And those advanced analysis results will be included in
AnalyzeIamPolicyResponse.service_account_impersonation_analysis.
Default is false.
Optional. Amount of time executable has to complete. See JSON representation of
Duration.
If this field is set with a value less than the RPC deadline, and the
execution of your query hasn't finished in the specified
execution timeout, you will get a response with partial result.
Otherwise, your query's execution will continue until the RPC deadline.
If it's not finished until then, you will get a DEADLINE_EXCEEDED error.
Default is empty.
Optional. Amount of time executable has to complete. See JSON representation of
Duration.
If this field is set with a value less than the RPC deadline, and the
execution of your query hasn't finished in the specified
execution timeout, you will get a response with partial result.
Otherwise, your query's execution will continue until the RPC deadline.
If it's not finished until then, you will get a DEADLINE_EXCEEDED error.
Default is empty.
Optional. If true, the identities section of the result will expand any
Google groups appearing in an IAM policy binding.
If [identity_selector][] is specified, the identity in the result will
be determined by the selector, and this flag will have no effect.
Default is false.
Optional. If true, the resource section of the result will expand any
resource attached to an IAM policy to include resources lower in the
resource hierarchy.
For example, if the request analyzes for which resources user A has
permission P, and the results include an IAM policy with P on a GCP
folder, the results will also include resources in that folder with
permission P.
If [resource_selector][] is specified, the resource section of the result
will be determined by the selector, and this flag will have no effect.
Default is false.
Optional. If true, the access section of result will expand any roles
appearing in IAM policy bindings to include their permissions.
If [access_selector][] is specified, the access section of the result
will be determined by the selector, and this flag will have no effect.
Default is false.
Optional. If true, the result will output group identity edges, starting
from the binding's group members, to any expanded identities.
Default is false.
Optional. Amount of time executable has to complete. See JSON representation of
Duration.
If this field is set with a value less than the RPC deadline, and the
execution of your query hasn't finished in the specified
execution timeout, you will get a response with partial result.
Otherwise, your query's execution will continue until the RPC deadline.
If it's not finished until then, you will get a DEADLINE_EXCEEDED error.
Default is empty.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-01-28 UTC."],[],[]]
