Interface AccessTupleOrBuilder (1.40.0)

Optional. Additional context for the request, such as the request time or IP address. This context allows Policy Troubleshooter to troubleshoot conditional role bindings and deny rules.

.google.cloud.policytroubleshooter.iam.v3.ConditionContext condition_context = 5 [(.google.api.field_behavior) = OPTIONAL];

Optional. Additional context for the request, such as the request time or IP address. This context allows Policy Troubleshooter to troubleshoot conditional role bindings and deny rules.

.google.cloud.policytroubleshooter.iam.v3.ConditionContext condition_context = 5 [(.google.api.field_behavior) = OPTIONAL];

Required. The full resource name that identifies the resource. For example, //compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/my-instance.

For examples of full resource names for Google Cloud services, see https://cloud.google.com/iam/help/troubleshooter/full-resource-names.

string full_resource_name = 2 [(.google.api.field_behavior) = REQUIRED];

Required. The full resource name that identifies the resource. For example, //compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/my-instance.

For examples of full resource names for Google Cloud services, see https://cloud.google.com/iam/help/troubleshooter/full-resource-names.

string full_resource_name = 2 [(.google.api.field_behavior) = REQUIRED];

Required. The IAM permission to check for, either in the v1 permission format or the v2 permission format.

For a complete list of IAM permissions in the v1 format, see https://cloud.google.com/iam/help/permissions/reference.

For a list of IAM permissions in the v2 format, see https://cloud.google.com/iam/help/deny/supported-permissions.

For a complete list of predefined IAM roles and the permissions in each role, see https://cloud.google.com/iam/help/roles/reference.

string permission = 3 [(.google.api.field_behavior) = REQUIRED];

Required. The IAM permission to check for, either in the v1 permission format or the v2 permission format.

For a complete list of IAM permissions in the v1 format, see https://cloud.google.com/iam/help/permissions/reference.

For a list of IAM permissions in the v2 format, see https://cloud.google.com/iam/help/deny/supported-permissions.

For a complete list of predefined IAM roles and the permissions in each role, see https://cloud.google.com/iam/help/roles/reference.

string permission = 3 [(.google.api.field_behavior) = REQUIRED];

Output only. The permission that Policy Troubleshooter checked for, in the v2 format.

string permission_fqdn = 4 [(.google.api.field_behavior) = OUTPUT_ONLY];

Output only. The permission that Policy Troubleshooter checked for, in the v2 format.

string permission_fqdn = 4 [(.google.api.field_behavior) = OUTPUT_ONLY];

Required. The email address of the principal whose access you want to check. For example, alice@example.com or my-service-account@my-project.iam.gserviceaccount.com.

The principal must be a Google Account or a service account. Other types of principals are not supported.

string principal = 1 [(.google.api.field_behavior) = REQUIRED];

Required. The email address of the principal whose access you want to check. For example, alice@example.com or my-service-account@my-project.iam.gserviceaccount.com.

The principal must be a Google Account or a service account. Other types of principals are not supported.

string principal = 1 [(.google.api.field_behavior) = REQUIRED];

Optional. Additional context for the request, such as the request time or IP address. This context allows Policy Troubleshooter to troubleshoot conditional role bindings and deny rules.

.google.cloud.policytroubleshooter.iam.v3.ConditionContext condition_context = 5 [(.google.api.field_behavior) = OPTIONAL];