Google Cloud Policy Troubleshooter Iam V3 Client - Class DenyRuleExplanation (0.2.8)

Reference documentation and code samples for the Google Cloud Policy Troubleshooter Iam V3 Client class DenyRuleExplanation.

Details about how a deny rule in a deny policy affects a principal's ability to use a permission.

Generated from protobuf message google.cloud.policytroubleshooter.iam.v3.DenyRuleExplanation

Namespace

Google \ Cloud \ PolicyTroubleshooter \ Iam \ V3

Methods

__construct

Constructor.

Parameters
Name Description
data array

Optional. Data for populating the Message object.

↳ deny_access_state int

Required. Indicates whether this rule denies the specified permission to the specified principal for the specified resource. This field does not indicate whether the principal is actually denied on the permission for the resource. There might be another rule that overrides this rule. To determine whether the principal actually has the permission, use the overall_access_state field in the TroubleshootIamPolicyResponse.

↳ combined_denied_permission DenyRuleExplanation\AnnotatedPermissionMatching

Indicates whether the permission in the request is listed as a denied permission in the deny rule.

↳ denied_permissions array|Google\Protobuf\Internal\MapField

Lists all denied permissions in the deny rule and indicates whether each permission matches the permission in the request. Each key identifies a denied permission in the rule, and each value indicates whether the denied permission matches the permission in the request.

↳ combined_exception_permission DenyRuleExplanation\AnnotatedPermissionMatching

Indicates whether the permission in the request is listed as an exception permission in the deny rule.

↳ exception_permissions array|Google\Protobuf\Internal\MapField

Lists all exception permissions in the deny rule and indicates whether each permission matches the permission in the request. Each key identifies a exception permission in the rule, and each value indicates whether the exception permission matches the permission in the request.

↳ combined_denied_principal DenyRuleExplanation\AnnotatedDenyPrincipalMatching

Indicates whether the principal is listed as a denied principal in the deny rule, either directly or through membership in a principal set.

↳ denied_principals array|Google\Protobuf\Internal\MapField

Lists all denied principals in the deny rule and indicates whether each principal matches the principal in the request, either directly or through membership in a principal set. Each key identifies a denied principal in the rule, and each value indicates whether the denied principal matches the principal in the request.

↳ combined_exception_principal DenyRuleExplanation\AnnotatedDenyPrincipalMatching

Indicates whether the principal is listed as an exception principal in the deny rule, either directly or through membership in a principal set.

↳ exception_principals array|Google\Protobuf\Internal\MapField

Lists all exception principals in the deny rule and indicates whether each principal matches the principal in the request, either directly or through membership in a principal set. Each key identifies a exception principal in the rule, and each value indicates whether the exception principal matches the principal in the request.

↳ relevance int

The relevance of this role binding to the overall determination for the entire policy.

↳ condition Google\Type\Expr

A condition expression that specifies when the deny rule denies the principal access. To learn about IAM Conditions, see https://cloud.google.com/iam/help/conditions/overview.

↳ condition_explanation ConditionExplanation

Condition evaluation state for this role binding.

getDenyAccessState

Required. Indicates whether this rule denies the specified permission to the specified principal for the specified resource.

This field does not indicate whether the principal is actually denied on the permission for the resource. There might be another rule that overrides this rule. To determine whether the principal actually has the permission, use the overall_access_state field in the TroubleshootIamPolicyResponse.

Returns
Type Description
int

setDenyAccessState

Required. Indicates whether this rule denies the specified permission to the specified principal for the specified resource.

This field does not indicate whether the principal is actually denied on the permission for the resource. There might be another rule that overrides this rule. To determine whether the principal actually has the permission, use the overall_access_state field in the TroubleshootIamPolicyResponse.

Parameter
Name Description
var int
Returns
Type Description
$this

getCombinedDeniedPermission

Indicates whether the permission in the request is listed as a denied permission in the deny rule.

Returns
Type Description
DenyRuleExplanation\AnnotatedPermissionMatching|null

hasCombinedDeniedPermission

clearCombinedDeniedPermission

setCombinedDeniedPermission

Indicates whether the permission in the request is listed as a denied permission in the deny rule.

Parameter
Name Description
var DenyRuleExplanation\AnnotatedPermissionMatching
Returns
Type Description
$this

getDeniedPermissions

Lists all denied permissions in the deny rule and indicates whether each permission matches the permission in the request.

Each key identifies a denied permission in the rule, and each value indicates whether the denied permission matches the permission in the request.

Returns
Type Description
Google\Protobuf\Internal\MapField

setDeniedPermissions

Lists all denied permissions in the deny rule and indicates whether each permission matches the permission in the request.

Each key identifies a denied permission in the rule, and each value indicates whether the denied permission matches the permission in the request.

Parameter
Name Description
var array|Google\Protobuf\Internal\MapField
Returns
Type Description
$this

getCombinedExceptionPermission

Indicates whether the permission in the request is listed as an exception permission in the deny rule.

Returns
Type Description
DenyRuleExplanation\AnnotatedPermissionMatching|null

hasCombinedExceptionPermission

clearCombinedExceptionPermission

setCombinedExceptionPermission

Indicates whether the permission in the request is listed as an exception permission in the deny rule.

Parameter
Name Description
var DenyRuleExplanation\AnnotatedPermissionMatching
Returns
Type Description
$this

getExceptionPermissions

Lists all exception permissions in the deny rule and indicates whether each permission matches the permission in the request.

Each key identifies a exception permission in the rule, and each value indicates whether the exception permission matches the permission in the request.

Returns
Type Description
Google\Protobuf\Internal\MapField

setExceptionPermissions

Lists all exception permissions in the deny rule and indicates whether each permission matches the permission in the request.

Each key identifies a exception permission in the rule, and each value indicates whether the exception permission matches the permission in the request.

Parameter
Name Description
var array|Google\Protobuf\Internal\MapField
Returns
Type Description
$this

getCombinedDeniedPrincipal

Indicates whether the principal is listed as a denied principal in the deny rule, either directly or through membership in a principal set.

Returns
Type Description
DenyRuleExplanation\AnnotatedDenyPrincipalMatching|null

hasCombinedDeniedPrincipal

clearCombinedDeniedPrincipal

setCombinedDeniedPrincipal

Indicates whether the principal is listed as a denied principal in the deny rule, either directly or through membership in a principal set.

Parameter
Name Description
var DenyRuleExplanation\AnnotatedDenyPrincipalMatching
Returns
Type Description
$this

getDeniedPrincipals

Lists all denied principals in the deny rule and indicates whether each principal matches the principal in the request, either directly or through membership in a principal set.

Each key identifies a denied principal in the rule, and each value indicates whether the denied principal matches the principal in the request.

Returns
Type Description
Google\Protobuf\Internal\MapField

setDeniedPrincipals

Lists all denied principals in the deny rule and indicates whether each principal matches the principal in the request, either directly or through membership in a principal set.

Each key identifies a denied principal in the rule, and each value indicates whether the denied principal matches the principal in the request.

Parameter
Name Description
var array|Google\Protobuf\Internal\MapField
Returns
Type Description
$this

getCombinedExceptionPrincipal

Indicates whether the principal is listed as an exception principal in the deny rule, either directly or through membership in a principal set.

Returns
Type Description
DenyRuleExplanation\AnnotatedDenyPrincipalMatching|null

hasCombinedExceptionPrincipal

clearCombinedExceptionPrincipal

setCombinedExceptionPrincipal

Indicates whether the principal is listed as an exception principal in the deny rule, either directly or through membership in a principal set.

Parameter
Name Description
var DenyRuleExplanation\AnnotatedDenyPrincipalMatching
Returns
Type Description
$this

getExceptionPrincipals

Lists all exception principals in the deny rule and indicates whether each principal matches the principal in the request, either directly or through membership in a principal set.

Each key identifies a exception principal in the rule, and each value indicates whether the exception principal matches the principal in the request.

Returns
Type Description
Google\Protobuf\Internal\MapField

setExceptionPrincipals

Lists all exception principals in the deny rule and indicates whether each principal matches the principal in the request, either directly or through membership in a principal set.

Each key identifies a exception principal in the rule, and each value indicates whether the exception principal matches the principal in the request.

Parameter
Name Description
var array|Google\Protobuf\Internal\MapField
Returns
Type Description
$this

getRelevance

The relevance of this role binding to the overall determination for the entire policy.

Returns
Type Description
int

setRelevance

The relevance of this role binding to the overall determination for the entire policy.

Parameter
Name Description
var int
Returns
Type Description
$this

getCondition

A condition expression that specifies when the deny rule denies the principal access.

To learn about IAM Conditions, see https://cloud.google.com/iam/help/conditions/overview.

Returns
Type Description
Google\Type\Expr|null

hasCondition

clearCondition

setCondition

A condition expression that specifies when the deny rule denies the principal access.

To learn about IAM Conditions, see https://cloud.google.com/iam/help/conditions/overview.

Parameter
Name Description
var Google\Type\Expr
Returns
Type Description
$this

getConditionExplanation

Condition evaluation state for this role binding.

Returns
Type Description
ConditionExplanation|null

hasConditionExplanation

clearConditionExplanation

setConditionExplanation

Condition evaluation state for this role binding.

Parameter
Name Description
var ConditionExplanation
Returns
Type Description
$this