Interface DenyRuleExplanationOrBuilder (1.53.0)

public interface DenyRuleExplanationOrBuilder extends MessageOrBuilder

Implements

MessageOrBuilder

Methods

containsDeniedPermissions(String key)

public abstract boolean containsDeniedPermissions(String key)

Lists all denied permissions in the deny rule and indicates whether each permission matches the permission in the request.

Each key identifies a denied permission in the rule, and each value indicates whether the denied permission matches the permission in the request.

map<string, .google.cloud.policytroubleshooter.iam.v3.DenyRuleExplanation.AnnotatedPermissionMatching> denied_permissions = 3;

Parameter
Name Description
key String
Returns
Type Description
boolean

containsDeniedPrincipals(String key)

public abstract boolean containsDeniedPrincipals(String key)

Lists all denied principals in the deny rule and indicates whether each principal matches the principal in the request, either directly or through membership in a principal set.

Each key identifies a denied principal in the rule, and each value indicates whether the denied principal matches the principal in the request.

map<string, .google.cloud.policytroubleshooter.iam.v3.DenyRuleExplanation.AnnotatedDenyPrincipalMatching> denied_principals = 7;

Parameter
Name Description
key String
Returns
Type Description
boolean

containsExceptionPermissions(String key)

public abstract boolean containsExceptionPermissions(String key)

Lists all exception permissions in the deny rule and indicates whether each permission matches the permission in the request.

Each key identifies a exception permission in the rule, and each value indicates whether the exception permission matches the permission in the request.

map<string, .google.cloud.policytroubleshooter.iam.v3.DenyRuleExplanation.AnnotatedPermissionMatching> exception_permissions = 5;

Parameter
Name Description
key String
Returns
Type Description
boolean

containsExceptionPrincipals(String key)

public abstract boolean containsExceptionPrincipals(String key)

Lists all exception principals in the deny rule and indicates whether each principal matches the principal in the request, either directly or through membership in a principal set.

Each key identifies a exception principal in the rule, and each value indicates whether the exception principal matches the principal in the request.

map<string, .google.cloud.policytroubleshooter.iam.v3.DenyRuleExplanation.AnnotatedDenyPrincipalMatching> exception_principals = 9;

Parameter
Name Description
key String
Returns
Type Description
boolean

getCombinedDeniedPermission()

public abstract DenyRuleExplanation.AnnotatedPermissionMatching getCombinedDeniedPermission()

Indicates whether the permission in the request is listed as a denied permission in the deny rule.

.google.cloud.policytroubleshooter.iam.v3.DenyRuleExplanation.AnnotatedPermissionMatching combined_denied_permission = 2;

Returns
Type Description
DenyRuleExplanation.AnnotatedPermissionMatching

The combinedDeniedPermission.

getCombinedDeniedPermissionOrBuilder()

public abstract DenyRuleExplanation.AnnotatedPermissionMatchingOrBuilder getCombinedDeniedPermissionOrBuilder()

Indicates whether the permission in the request is listed as a denied permission in the deny rule.

.google.cloud.policytroubleshooter.iam.v3.DenyRuleExplanation.AnnotatedPermissionMatching combined_denied_permission = 2;

Returns
Type Description
DenyRuleExplanation.AnnotatedPermissionMatchingOrBuilder

getCombinedDeniedPrincipal()

public abstract DenyRuleExplanation.AnnotatedDenyPrincipalMatching getCombinedDeniedPrincipal()

Indicates whether the principal is listed as a denied principal in the deny rule, either directly or through membership in a principal set.

.google.cloud.policytroubleshooter.iam.v3.DenyRuleExplanation.AnnotatedDenyPrincipalMatching combined_denied_principal = 6;

Returns
Type Description
DenyRuleExplanation.AnnotatedDenyPrincipalMatching

The combinedDeniedPrincipal.

getCombinedDeniedPrincipalOrBuilder()

public abstract DenyRuleExplanation.AnnotatedDenyPrincipalMatchingOrBuilder getCombinedDeniedPrincipalOrBuilder()

Indicates whether the principal is listed as a denied principal in the deny rule, either directly or through membership in a principal set.

.google.cloud.policytroubleshooter.iam.v3.DenyRuleExplanation.AnnotatedDenyPrincipalMatching combined_denied_principal = 6;

Returns
Type Description
DenyRuleExplanation.AnnotatedDenyPrincipalMatchingOrBuilder

getCombinedExceptionPermission()

public abstract DenyRuleExplanation.AnnotatedPermissionMatching getCombinedExceptionPermission()

Indicates whether the permission in the request is listed as an exception permission in the deny rule.

.google.cloud.policytroubleshooter.iam.v3.DenyRuleExplanation.AnnotatedPermissionMatching combined_exception_permission = 4;

Returns
Type Description
DenyRuleExplanation.AnnotatedPermissionMatching

The combinedExceptionPermission.

getCombinedExceptionPermissionOrBuilder()

public abstract DenyRuleExplanation.AnnotatedPermissionMatchingOrBuilder getCombinedExceptionPermissionOrBuilder()

Indicates whether the permission in the request is listed as an exception permission in the deny rule.

.google.cloud.policytroubleshooter.iam.v3.DenyRuleExplanation.AnnotatedPermissionMatching combined_exception_permission = 4;

Returns
Type Description
DenyRuleExplanation.AnnotatedPermissionMatchingOrBuilder

getCombinedExceptionPrincipal()

public abstract DenyRuleExplanation.AnnotatedDenyPrincipalMatching getCombinedExceptionPrincipal()

Indicates whether the principal is listed as an exception principal in the deny rule, either directly or through membership in a principal set.

.google.cloud.policytroubleshooter.iam.v3.DenyRuleExplanation.AnnotatedDenyPrincipalMatching combined_exception_principal = 8;

Returns
Type Description
DenyRuleExplanation.AnnotatedDenyPrincipalMatching

The combinedExceptionPrincipal.

getCombinedExceptionPrincipalOrBuilder()

public abstract DenyRuleExplanation.AnnotatedDenyPrincipalMatchingOrBuilder getCombinedExceptionPrincipalOrBuilder()

Indicates whether the principal is listed as an exception principal in the deny rule, either directly or through membership in a principal set.

.google.cloud.policytroubleshooter.iam.v3.DenyRuleExplanation.AnnotatedDenyPrincipalMatching combined_exception_principal = 8;

Returns
Type Description
DenyRuleExplanation.AnnotatedDenyPrincipalMatchingOrBuilder

getCondition()

public abstract Expr getCondition()

A condition expression that specifies when the deny rule denies the principal access.

To learn about IAM Conditions, see https://cloud.google.com/iam/help/conditions/overview.

.google.type.Expr condition = 11;

Returns
Type Description
com.google.type.Expr

The condition.

getConditionExplanation()

public abstract ConditionExplanation getConditionExplanation()

Condition evaluation state for this role binding.

.google.cloud.policytroubleshooter.iam.v3.ConditionExplanation condition_explanation = 12;

Returns
Type Description
ConditionExplanation

The conditionExplanation.

getConditionExplanationOrBuilder()

public abstract ConditionExplanationOrBuilder getConditionExplanationOrBuilder()

Condition evaluation state for this role binding.

.google.cloud.policytroubleshooter.iam.v3.ConditionExplanation condition_explanation = 12;

Returns
Type Description
ConditionExplanationOrBuilder

getConditionOrBuilder()

public abstract ExprOrBuilder getConditionOrBuilder()

A condition expression that specifies when the deny rule denies the principal access.

To learn about IAM Conditions, see https://cloud.google.com/iam/help/conditions/overview.

.google.type.Expr condition = 11;

Returns
Type Description
com.google.type.ExprOrBuilder

getDeniedPermissions() (deprecated)

public abstract Map<String,DenyRuleExplanation.AnnotatedPermissionMatching> getDeniedPermissions()
Returns
Type Description
Map<String,AnnotatedPermissionMatching>

getDeniedPermissionsCount()

public abstract int getDeniedPermissionsCount()

Lists all denied permissions in the deny rule and indicates whether each permission matches the permission in the request.

Each key identifies a denied permission in the rule, and each value indicates whether the denied permission matches the permission in the request.

map<string, .google.cloud.policytroubleshooter.iam.v3.DenyRuleExplanation.AnnotatedPermissionMatching> denied_permissions = 3;

Returns
Type Description
int

getDeniedPermissionsMap()

public abstract Map<String,DenyRuleExplanation.AnnotatedPermissionMatching> getDeniedPermissionsMap()

Lists all denied permissions in the deny rule and indicates whether each permission matches the permission in the request.

Each key identifies a denied permission in the rule, and each value indicates whether the denied permission matches the permission in the request.

map<string, .google.cloud.policytroubleshooter.iam.v3.DenyRuleExplanation.AnnotatedPermissionMatching> denied_permissions = 3;

Returns
Type Description
Map<String,AnnotatedPermissionMatching>

getDeniedPermissionsOrDefault(String key, DenyRuleExplanation.AnnotatedPermissionMatching defaultValue)

public abstract DenyRuleExplanation.AnnotatedPermissionMatching getDeniedPermissionsOrDefault(String key, DenyRuleExplanation.AnnotatedPermissionMatching defaultValue)

Lists all denied permissions in the deny rule and indicates whether each permission matches the permission in the request.

Each key identifies a denied permission in the rule, and each value indicates whether the denied permission matches the permission in the request.

map<string, .google.cloud.policytroubleshooter.iam.v3.DenyRuleExplanation.AnnotatedPermissionMatching> denied_permissions = 3;

Parameters
Name Description
key String
defaultValue DenyRuleExplanation.AnnotatedPermissionMatching
Returns
Type Description
DenyRuleExplanation.AnnotatedPermissionMatching

getDeniedPermissionsOrThrow(String key)

public abstract DenyRuleExplanation.AnnotatedPermissionMatching getDeniedPermissionsOrThrow(String key)

Lists all denied permissions in the deny rule and indicates whether each permission matches the permission in the request.

Each key identifies a denied permission in the rule, and each value indicates whether the denied permission matches the permission in the request.

map<string, .google.cloud.policytroubleshooter.iam.v3.DenyRuleExplanation.AnnotatedPermissionMatching> denied_permissions = 3;

Parameter
Name Description
key String
Returns
Type Description
DenyRuleExplanation.AnnotatedPermissionMatching

getDeniedPrincipals() (deprecated)

public abstract Map<String,DenyRuleExplanation.AnnotatedDenyPrincipalMatching> getDeniedPrincipals()
Returns
Type Description
Map<String,AnnotatedDenyPrincipalMatching>

getDeniedPrincipalsCount()

public abstract int getDeniedPrincipalsCount()

Lists all denied principals in the deny rule and indicates whether each principal matches the principal in the request, either directly or through membership in a principal set.

Each key identifies a denied principal in the rule, and each value indicates whether the denied principal matches the principal in the request.

map<string, .google.cloud.policytroubleshooter.iam.v3.DenyRuleExplanation.AnnotatedDenyPrincipalMatching> denied_principals = 7;

Returns
Type Description
int

getDeniedPrincipalsMap()

public abstract Map<String,DenyRuleExplanation.AnnotatedDenyPrincipalMatching> getDeniedPrincipalsMap()

Lists all denied principals in the deny rule and indicates whether each principal matches the principal in the request, either directly or through membership in a principal set.

Each key identifies a denied principal in the rule, and each value indicates whether the denied principal matches the principal in the request.

map<string, .google.cloud.policytroubleshooter.iam.v3.DenyRuleExplanation.AnnotatedDenyPrincipalMatching> denied_principals = 7;

Returns
Type Description
Map<String,AnnotatedDenyPrincipalMatching>

getDeniedPrincipalsOrDefault(String key, DenyRuleExplanation.AnnotatedDenyPrincipalMatching defaultValue)

public abstract DenyRuleExplanation.AnnotatedDenyPrincipalMatching getDeniedPrincipalsOrDefault(String key, DenyRuleExplanation.AnnotatedDenyPrincipalMatching defaultValue)

Lists all denied principals in the deny rule and indicates whether each principal matches the principal in the request, either directly or through membership in a principal set.

Each key identifies a denied principal in the rule, and each value indicates whether the denied principal matches the principal in the request.

map<string, .google.cloud.policytroubleshooter.iam.v3.DenyRuleExplanation.AnnotatedDenyPrincipalMatching> denied_principals = 7;

Parameters
Name Description
key String
defaultValue DenyRuleExplanation.AnnotatedDenyPrincipalMatching
Returns
Type Description
DenyRuleExplanation.AnnotatedDenyPrincipalMatching

getDeniedPrincipalsOrThrow(String key)

public abstract DenyRuleExplanation.AnnotatedDenyPrincipalMatching getDeniedPrincipalsOrThrow(String key)

Lists all denied principals in the deny rule and indicates whether each principal matches the principal in the request, either directly or through membership in a principal set.

Each key identifies a denied principal in the rule, and each value indicates whether the denied principal matches the principal in the request.

map<string, .google.cloud.policytroubleshooter.iam.v3.DenyRuleExplanation.AnnotatedDenyPrincipalMatching> denied_principals = 7;

Parameter
Name Description
key String
Returns
Type Description
DenyRuleExplanation.AnnotatedDenyPrincipalMatching

getDenyAccessState()

public abstract DenyAccessState getDenyAccessState()

Required. Indicates whether this rule denies the specified permission to the specified principal for the specified resource.

This field does not indicate whether the principal is actually denied on the permission for the resource. There might be another rule that overrides this rule. To determine whether the principal actually has the permission, use the overall_access_state field in the TroubleshootIamPolicyResponse.

.google.cloud.policytroubleshooter.iam.v3.DenyAccessState deny_access_state = 1 [(.google.api.field_behavior) = REQUIRED];

Returns
Type Description
DenyAccessState

The denyAccessState.

getDenyAccessStateValue()

public abstract int getDenyAccessStateValue()

Required. Indicates whether this rule denies the specified permission to the specified principal for the specified resource.

This field does not indicate whether the principal is actually denied on the permission for the resource. There might be another rule that overrides this rule. To determine whether the principal actually has the permission, use the overall_access_state field in the TroubleshootIamPolicyResponse.

.google.cloud.policytroubleshooter.iam.v3.DenyAccessState deny_access_state = 1 [(.google.api.field_behavior) = REQUIRED];

Returns
Type Description
int

The enum numeric value on the wire for denyAccessState.

getExceptionPermissions() (deprecated)

public abstract Map<String,DenyRuleExplanation.AnnotatedPermissionMatching> getExceptionPermissions()
Returns
Type Description
Map<String,AnnotatedPermissionMatching>

getExceptionPermissionsCount()

public abstract int getExceptionPermissionsCount()

Lists all exception permissions in the deny rule and indicates whether each permission matches the permission in the request.

Each key identifies a exception permission in the rule, and each value indicates whether the exception permission matches the permission in the request.

map<string, .google.cloud.policytroubleshooter.iam.v3.DenyRuleExplanation.AnnotatedPermissionMatching> exception_permissions = 5;

Returns
Type Description
int

getExceptionPermissionsMap()

public abstract Map<String,DenyRuleExplanation.AnnotatedPermissionMatching> getExceptionPermissionsMap()

Lists all exception permissions in the deny rule and indicates whether each permission matches the permission in the request.

Each key identifies a exception permission in the rule, and each value indicates whether the exception permission matches the permission in the request.

map<string, .google.cloud.policytroubleshooter.iam.v3.DenyRuleExplanation.AnnotatedPermissionMatching> exception_permissions = 5;

Returns
Type Description
Map<String,AnnotatedPermissionMatching>

getExceptionPermissionsOrDefault(String key, DenyRuleExplanation.AnnotatedPermissionMatching defaultValue)

public abstract DenyRuleExplanation.AnnotatedPermissionMatching getExceptionPermissionsOrDefault(String key, DenyRuleExplanation.AnnotatedPermissionMatching defaultValue)

Lists all exception permissions in the deny rule and indicates whether each permission matches the permission in the request.

Each key identifies a exception permission in the rule, and each value indicates whether the exception permission matches the permission in the request.

map<string, .google.cloud.policytroubleshooter.iam.v3.DenyRuleExplanation.AnnotatedPermissionMatching> exception_permissions = 5;

Parameters
Name Description
key String
defaultValue DenyRuleExplanation.AnnotatedPermissionMatching
Returns
Type Description
DenyRuleExplanation.AnnotatedPermissionMatching

getExceptionPermissionsOrThrow(String key)

public abstract DenyRuleExplanation.AnnotatedPermissionMatching getExceptionPermissionsOrThrow(String key)

Lists all exception permissions in the deny rule and indicates whether each permission matches the permission in the request.

Each key identifies a exception permission in the rule, and each value indicates whether the exception permission matches the permission in the request.

map<string, .google.cloud.policytroubleshooter.iam.v3.DenyRuleExplanation.AnnotatedPermissionMatching> exception_permissions = 5;

Parameter
Name Description
key String
Returns
Type Description
DenyRuleExplanation.AnnotatedPermissionMatching

getExceptionPrincipals() (deprecated)

public abstract Map<String,DenyRuleExplanation.AnnotatedDenyPrincipalMatching> getExceptionPrincipals()
Returns
Type Description
Map<String,AnnotatedDenyPrincipalMatching>

getExceptionPrincipalsCount()

public abstract int getExceptionPrincipalsCount()

Lists all exception principals in the deny rule and indicates whether each principal matches the principal in the request, either directly or through membership in a principal set.

Each key identifies a exception principal in the rule, and each value indicates whether the exception principal matches the principal in the request.

map<string, .google.cloud.policytroubleshooter.iam.v3.DenyRuleExplanation.AnnotatedDenyPrincipalMatching> exception_principals = 9;

Returns
Type Description
int

getExceptionPrincipalsMap()

public abstract Map<String,DenyRuleExplanation.AnnotatedDenyPrincipalMatching> getExceptionPrincipalsMap()

Lists all exception principals in the deny rule and indicates whether each principal matches the principal in the request, either directly or through membership in a principal set.

Each key identifies a exception principal in the rule, and each value indicates whether the exception principal matches the principal in the request.

map<string, .google.cloud.policytroubleshooter.iam.v3.DenyRuleExplanation.AnnotatedDenyPrincipalMatching> exception_principals = 9;

Returns
Type Description
Map<String,AnnotatedDenyPrincipalMatching>

getExceptionPrincipalsOrDefault(String key, DenyRuleExplanation.AnnotatedDenyPrincipalMatching defaultValue)

public abstract DenyRuleExplanation.AnnotatedDenyPrincipalMatching getExceptionPrincipalsOrDefault(String key, DenyRuleExplanation.AnnotatedDenyPrincipalMatching defaultValue)

Lists all exception principals in the deny rule and indicates whether each principal matches the principal in the request, either directly or through membership in a principal set.

Each key identifies a exception principal in the rule, and each value indicates whether the exception principal matches the principal in the request.

map<string, .google.cloud.policytroubleshooter.iam.v3.DenyRuleExplanation.AnnotatedDenyPrincipalMatching> exception_principals = 9;

Parameters
Name Description
key String
defaultValue DenyRuleExplanation.AnnotatedDenyPrincipalMatching
Returns
Type Description
DenyRuleExplanation.AnnotatedDenyPrincipalMatching

getExceptionPrincipalsOrThrow(String key)

public abstract DenyRuleExplanation.AnnotatedDenyPrincipalMatching getExceptionPrincipalsOrThrow(String key)

Lists all exception principals in the deny rule and indicates whether each principal matches the principal in the request, either directly or through membership in a principal set.

Each key identifies a exception principal in the rule, and each value indicates whether the exception principal matches the principal in the request.

map<string, .google.cloud.policytroubleshooter.iam.v3.DenyRuleExplanation.AnnotatedDenyPrincipalMatching> exception_principals = 9;

Parameter
Name Description
key String
Returns
Type Description
DenyRuleExplanation.AnnotatedDenyPrincipalMatching

getRelevance()

public abstract HeuristicRelevance getRelevance()

The relevance of this role binding to the overall determination for the entire policy.

.google.cloud.policytroubleshooter.iam.v3.HeuristicRelevance relevance = 10;

Returns
Type Description
HeuristicRelevance

The relevance.

getRelevanceValue()

public abstract int getRelevanceValue()

The relevance of this role binding to the overall determination for the entire policy.

.google.cloud.policytroubleshooter.iam.v3.HeuristicRelevance relevance = 10;

Returns
Type Description
int

The enum numeric value on the wire for relevance.

hasCombinedDeniedPermission()

public abstract boolean hasCombinedDeniedPermission()

Indicates whether the permission in the request is listed as a denied permission in the deny rule.

.google.cloud.policytroubleshooter.iam.v3.DenyRuleExplanation.AnnotatedPermissionMatching combined_denied_permission = 2;

Returns
Type Description
boolean

Whether the combinedDeniedPermission field is set.

hasCombinedDeniedPrincipal()

public abstract boolean hasCombinedDeniedPrincipal()

Indicates whether the principal is listed as a denied principal in the deny rule, either directly or through membership in a principal set.

.google.cloud.policytroubleshooter.iam.v3.DenyRuleExplanation.AnnotatedDenyPrincipalMatching combined_denied_principal = 6;

Returns
Type Description
boolean

Whether the combinedDeniedPrincipal field is set.

hasCombinedExceptionPermission()

public abstract boolean hasCombinedExceptionPermission()

Indicates whether the permission in the request is listed as an exception permission in the deny rule.

.google.cloud.policytroubleshooter.iam.v3.DenyRuleExplanation.AnnotatedPermissionMatching combined_exception_permission = 4;

Returns
Type Description
boolean

Whether the combinedExceptionPermission field is set.

hasCombinedExceptionPrincipal()

public abstract boolean hasCombinedExceptionPrincipal()

Indicates whether the principal is listed as an exception principal in the deny rule, either directly or through membership in a principal set.

.google.cloud.policytroubleshooter.iam.v3.DenyRuleExplanation.AnnotatedDenyPrincipalMatching combined_exception_principal = 8;

Returns
Type Description
boolean

Whether the combinedExceptionPrincipal field is set.

hasCondition()

public abstract boolean hasCondition()

A condition expression that specifies when the deny rule denies the principal access.

To learn about IAM Conditions, see https://cloud.google.com/iam/help/conditions/overview.

.google.type.Expr condition = 11;

Returns
Type Description
boolean

Whether the condition field is set.

hasConditionExplanation()

public abstract boolean hasConditionExplanation()

Condition evaluation state for this role binding.

.google.cloud.policytroubleshooter.iam.v3.ConditionExplanation condition_explanation = 12;

Returns
Type Description
boolean

Whether the conditionExplanation field is set.