Reference documentation and code samples for the Google Cloud Policy Troubleshooter Iam V3 Client class DenyRuleExplanation.
Details about how a deny rule in a deny policy affects a principal's ability to use a permission.
Generated from protobuf message google.cloud.policytroubleshooter.iam.v3.DenyRuleExplanation
Namespace
Google \ Cloud \ PolicyTroubleshooter \ Iam \ V3Methods
__construct
Constructor.
| Parameters | |
|---|---|
| Name | Description |
data |
array
Optional. Data for populating the Message object. |
↳ deny_access_state |
int
Required. Indicates whether this rule denies the specified permission to the specified principal for the specified resource. This field does not indicate whether the principal is actually denied on the permission for the resource. There might be another rule that overrides this rule. To determine whether the principal actually has the permission, use the |
↳ combined_denied_permission |
DenyRuleExplanation\AnnotatedPermissionMatching
Indicates whether the permission in the request is listed as a denied permission in the deny rule. |
↳ denied_permissions |
array|Google\Protobuf\Internal\MapField
Lists all denied permissions in the deny rule and indicates whether each permission matches the permission in the request. Each key identifies a denied permission in the rule, and each value indicates whether the denied permission matches the permission in the request. |
↳ combined_exception_permission |
DenyRuleExplanation\AnnotatedPermissionMatching
Indicates whether the permission in the request is listed as an exception permission in the deny rule. |
↳ exception_permissions |
array|Google\Protobuf\Internal\MapField
Lists all exception permissions in the deny rule and indicates whether each permission matches the permission in the request. Each key identifies a exception permission in the rule, and each value indicates whether the exception permission matches the permission in the request. |
↳ combined_denied_principal |
DenyRuleExplanation\AnnotatedDenyPrincipalMatching
Indicates whether the principal is listed as a denied principal in the deny rule, either directly or through membership in a principal set. |
↳ denied_principals |
array|Google\Protobuf\Internal\MapField
Lists all denied principals in the deny rule and indicates whether each principal matches the principal in the request, either directly or through membership in a principal set. Each key identifies a denied principal in the rule, and each value indicates whether the denied principal matches the principal in the request. |
↳ combined_exception_principal |
DenyRuleExplanation\AnnotatedDenyPrincipalMatching
Indicates whether the principal is listed as an exception principal in the deny rule, either directly or through membership in a principal set. |
↳ exception_principals |
array|Google\Protobuf\Internal\MapField
Lists all exception principals in the deny rule and indicates whether each principal matches the principal in the request, either directly or through membership in a principal set. Each key identifies a exception principal in the rule, and each value indicates whether the exception principal matches the principal in the request. |
↳ relevance |
int
The relevance of this role binding to the overall determination for the entire policy. |
↳ condition |
Google\Type\Expr
A condition expression that specifies when the deny rule denies the principal access. To learn about IAM Conditions, see https://cloud.google.com/iam/help/conditions/overview. |
↳ condition_explanation |
ConditionExplanation
Condition evaluation state for this role binding. |
getDenyAccessState
Required. Indicates whether this rule denies the specified permission to the specified principal for the specified resource.
This field does not indicate whether the principal is actually denied on
the permission for the resource. There might be another rule that overrides
this rule. To determine whether the principal actually has the permission,
use the overall_access_state field in the
TroubleshootIamPolicyResponse.
| Returns | |
|---|---|
| Type | Description |
int |
|
setDenyAccessState
Required. Indicates whether this rule denies the specified permission to the specified principal for the specified resource.
This field does not indicate whether the principal is actually denied on
the permission for the resource. There might be another rule that overrides
this rule. To determine whether the principal actually has the permission,
use the overall_access_state field in the
TroubleshootIamPolicyResponse.
| Parameter | |
|---|---|
| Name | Description |
var |
int
|
| Returns | |
|---|---|
| Type | Description |
$this |
|
getCombinedDeniedPermission
Indicates whether the permission in the request is listed as a denied permission in the deny rule.
| Returns | |
|---|---|
| Type | Description |
DenyRuleExplanation\AnnotatedPermissionMatching|null |
|
hasCombinedDeniedPermission
clearCombinedDeniedPermission
setCombinedDeniedPermission
Indicates whether the permission in the request is listed as a denied permission in the deny rule.
| Parameter | |
|---|---|
| Name | Description |
var |
DenyRuleExplanation\AnnotatedPermissionMatching
|
| Returns | |
|---|---|
| Type | Description |
$this |
|
getDeniedPermissions
Lists all denied permissions in the deny rule and indicates whether each permission matches the permission in the request.
Each key identifies a denied permission in the rule, and each value indicates whether the denied permission matches the permission in the request.
| Returns | |
|---|---|
| Type | Description |
Google\Protobuf\Internal\MapField |
|
setDeniedPermissions
Lists all denied permissions in the deny rule and indicates whether each permission matches the permission in the request.
Each key identifies a denied permission in the rule, and each value indicates whether the denied permission matches the permission in the request.
| Parameter | |
|---|---|
| Name | Description |
var |
array|Google\Protobuf\Internal\MapField
|
| Returns | |
|---|---|
| Type | Description |
$this |
|
getCombinedExceptionPermission
Indicates whether the permission in the request is listed as an exception permission in the deny rule.
| Returns | |
|---|---|
| Type | Description |
DenyRuleExplanation\AnnotatedPermissionMatching|null |
|
hasCombinedExceptionPermission
clearCombinedExceptionPermission
setCombinedExceptionPermission
Indicates whether the permission in the request is listed as an exception permission in the deny rule.
| Parameter | |
|---|---|
| Name | Description |
var |
DenyRuleExplanation\AnnotatedPermissionMatching
|
| Returns | |
|---|---|
| Type | Description |
$this |
|
getExceptionPermissions
Lists all exception permissions in the deny rule and indicates whether each permission matches the permission in the request.
Each key identifies a exception permission in the rule, and each value indicates whether the exception permission matches the permission in the request.
| Returns | |
|---|---|
| Type | Description |
Google\Protobuf\Internal\MapField |
|
setExceptionPermissions
Lists all exception permissions in the deny rule and indicates whether each permission matches the permission in the request.
Each key identifies a exception permission in the rule, and each value indicates whether the exception permission matches the permission in the request.
| Parameter | |
|---|---|
| Name | Description |
var |
array|Google\Protobuf\Internal\MapField
|
| Returns | |
|---|---|
| Type | Description |
$this |
|
getCombinedDeniedPrincipal
Indicates whether the principal is listed as a denied principal in the deny rule, either directly or through membership in a principal set.
| Returns | |
|---|---|
| Type | Description |
DenyRuleExplanation\AnnotatedDenyPrincipalMatching|null |
|
hasCombinedDeniedPrincipal
clearCombinedDeniedPrincipal
setCombinedDeniedPrincipal
Indicates whether the principal is listed as a denied principal in the deny rule, either directly or through membership in a principal set.
| Parameter | |
|---|---|
| Name | Description |
var |
DenyRuleExplanation\AnnotatedDenyPrincipalMatching
|
| Returns | |
|---|---|
| Type | Description |
$this |
|
getDeniedPrincipals
Lists all denied principals in the deny rule and indicates whether each principal matches the principal in the request, either directly or through membership in a principal set.
Each key identifies a denied principal in the rule, and each value indicates whether the denied principal matches the principal in the request.
| Returns | |
|---|---|
| Type | Description |
Google\Protobuf\Internal\MapField |
|
setDeniedPrincipals
Lists all denied principals in the deny rule and indicates whether each principal matches the principal in the request, either directly or through membership in a principal set.
Each key identifies a denied principal in the rule, and each value indicates whether the denied principal matches the principal in the request.
| Parameter | |
|---|---|
| Name | Description |
var |
array|Google\Protobuf\Internal\MapField
|
| Returns | |
|---|---|
| Type | Description |
$this |
|
getCombinedExceptionPrincipal
Indicates whether the principal is listed as an exception principal in the deny rule, either directly or through membership in a principal set.
| Returns | |
|---|---|
| Type | Description |
DenyRuleExplanation\AnnotatedDenyPrincipalMatching|null |
|
hasCombinedExceptionPrincipal
clearCombinedExceptionPrincipal
setCombinedExceptionPrincipal
Indicates whether the principal is listed as an exception principal in the deny rule, either directly or through membership in a principal set.
| Parameter | |
|---|---|
| Name | Description |
var |
DenyRuleExplanation\AnnotatedDenyPrincipalMatching
|
| Returns | |
|---|---|
| Type | Description |
$this |
|
getExceptionPrincipals
Lists all exception principals in the deny rule and indicates whether each principal matches the principal in the request, either directly or through membership in a principal set.
Each key identifies a exception principal in the rule, and each value indicates whether the exception principal matches the principal in the request.
| Returns | |
|---|---|
| Type | Description |
Google\Protobuf\Internal\MapField |
|
setExceptionPrincipals
Lists all exception principals in the deny rule and indicates whether each principal matches the principal in the request, either directly or through membership in a principal set.
Each key identifies a exception principal in the rule, and each value indicates whether the exception principal matches the principal in the request.
| Parameter | |
|---|---|
| Name | Description |
var |
array|Google\Protobuf\Internal\MapField
|
| Returns | |
|---|---|
| Type | Description |
$this |
|
getRelevance
The relevance of this role binding to the overall determination for the entire policy.
| Returns | |
|---|---|
| Type | Description |
int |
|
setRelevance
The relevance of this role binding to the overall determination for the entire policy.
| Parameter | |
|---|---|
| Name | Description |
var |
int
|
| Returns | |
|---|---|
| Type | Description |
$this |
|
getCondition
A condition expression that specifies when the deny rule denies the principal access.
To learn about IAM Conditions, see https://cloud.google.com/iam/help/conditions/overview.
| Returns | |
|---|---|
| Type | Description |
Google\Type\Expr|null |
|
hasCondition
clearCondition
setCondition
A condition expression that specifies when the deny rule denies the principal access.
To learn about IAM Conditions, see https://cloud.google.com/iam/help/conditions/overview.
| Parameter | |
|---|---|
| Name | Description |
var |
Google\Type\Expr
|
| Returns | |
|---|---|
| Type | Description |
$this |
|
getConditionExplanation
Condition evaluation state for this role binding.
| Returns | |
|---|---|
| Type | Description |
ConditionExplanation|null |
|
hasConditionExplanation
clearConditionExplanation
setConditionExplanation
Condition evaluation state for this role binding.
| Parameter | |
|---|---|
| Name | Description |
var |
ConditionExplanation
|
| Returns | |
|---|---|
| Type | Description |
$this |
|