Google Cloud Policy Troubleshooter Iam V3 Client - Class ExplainedAllowPolicy (0.2.7)

Reference documentation and code samples for the Google Cloud Policy Troubleshooter Iam V3 Client class ExplainedAllowPolicy.

Details about how a specific IAM allow policy contributed to the final access state.

Generated from protobuf message google.cloud.policytroubleshooter.iam.v3.ExplainedAllowPolicy

Namespace

Google \ Cloud \ PolicyTroubleshooter \ Iam \ V3

Methods

__construct

Constructor.

Parameters
Name Description
data array

Optional. Data for populating the Message object.

↳ allow_access_state int

Required. Indicates whether this policy provides the specified permission to the specified principal for the specified resource. This field does not indicate whether the principal actually has the permission for the resource. There might be another policy that overrides this policy. To determine whether the principal actually has the permission, use the overall_access_state field in the TroubleshootIamPolicyResponse.

↳ full_resource_name string

The full resource name that identifies the resource. For example, //compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/my-instance. If the sender of the request does not have access to the policy, this field is omitted. For examples of full resource names for Google Cloud services, see https://cloud.google.com/iam/help/troubleshooter/full-resource-names.

↳ binding_explanations array<AllowBindingExplanation>

Details about how each role binding in the policy affects the principal's ability, or inability, to use the permission for the resource. The order of the role bindings matches the role binding order in the policy. If the sender of the request does not have access to the policy, this field is omitted.

↳ relevance int

The relevance of this policy to the overall access state in the TroubleshootIamPolicyResponse. If the sender of the request does not have access to the policy, this field is omitted.

↳ policy Google\Cloud\Iam\V1\Policy

The IAM allow policy attached to the resource. If the sender of the request does not have access to the policy, this field is empty.

getAllowAccessState

Required. Indicates whether this policy provides the specified permission to the specified principal for the specified resource.

This field does not indicate whether the principal actually has the permission for the resource. There might be another policy that overrides this policy. To determine whether the principal actually has the permission, use the overall_access_state field in the TroubleshootIamPolicyResponse.

Returns
Type Description
int

setAllowAccessState

Required. Indicates whether this policy provides the specified permission to the specified principal for the specified resource.

This field does not indicate whether the principal actually has the permission for the resource. There might be another policy that overrides this policy. To determine whether the principal actually has the permission, use the overall_access_state field in the TroubleshootIamPolicyResponse.

Parameter
Name Description
var int
Returns
Type Description
$this

getFullResourceName

The full resource name that identifies the resource. For example, //compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/my-instance.

If the sender of the request does not have access to the policy, this field is omitted. For examples of full resource names for Google Cloud services, see https://cloud.google.com/iam/help/troubleshooter/full-resource-names.

Returns
Type Description
string

setFullResourceName

The full resource name that identifies the resource. For example, //compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/my-instance.

If the sender of the request does not have access to the policy, this field is omitted. For examples of full resource names for Google Cloud services, see https://cloud.google.com/iam/help/troubleshooter/full-resource-names.

Parameter
Name Description
var string
Returns
Type Description
$this

getBindingExplanations

Details about how each role binding in the policy affects the principal's ability, or inability, to use the permission for the resource. The order of the role bindings matches the role binding order in the policy.

If the sender of the request does not have access to the policy, this field is omitted.

Returns
Type Description
Google\Protobuf\Internal\RepeatedField

setBindingExplanations

Details about how each role binding in the policy affects the principal's ability, or inability, to use the permission for the resource. The order of the role bindings matches the role binding order in the policy.

If the sender of the request does not have access to the policy, this field is omitted.

Parameter
Name Description
var array<AllowBindingExplanation>
Returns
Type Description
$this

getRelevance

The relevance of this policy to the overall access state in the TroubleshootIamPolicyResponse.

If the sender of the request does not have access to the policy, this field is omitted.

Returns
Type Description
int

setRelevance

The relevance of this policy to the overall access state in the TroubleshootIamPolicyResponse.

If the sender of the request does not have access to the policy, this field is omitted.

Parameter
Name Description
var int
Returns
Type Description
$this

getPolicy

The IAM allow policy attached to the resource.

If the sender of the request does not have access to the policy, this field is empty.

Returns
Type Description
Google\Cloud\Iam\V1\Policy|null

hasPolicy

clearPolicy

setPolicy

The IAM allow policy attached to the resource.

If the sender of the request does not have access to the policy, this field is empty.

Parameter
Name Description
var Google\Cloud\Iam\V1\Policy
Returns
Type Description
$this