Class IamPolicyAnalysisResult (3.10.0)

IamPolicyAnalysisResult(mapping=None, *, ignore_unknown_fields=False, **kwargs)

IAM Policy analysis result, consisting of one IAM policy binding and derived access control lists.

Attributes

NameDescription
attached_resource_full_name str
The `full resource name
iam_binding google.iam.v1.policy_pb2.Binding
The Cloud IAM policy binding under analysis.
access_control_lists Sequence[google.cloud.asset_v1.types.IamPolicyAnalysisResult.AccessControlList]
The access control lists derived from the iam_binding that match or potentially match resource and access selectors specified in the request.
identity_list google.cloud.asset_v1.types.IamPolicyAnalysisResult.IdentityList
The identity list derived from members of the iam_binding that match or potentially match identity selector specified in the request.
fully_explored bool
Represents whether all analyses on the iam_binding have successfully finished.

Classes

Access

Access(mapping=None, *, ignore_unknown_fields=False, **kwargs)

An IAM role or permission under analysis.

This message has oneof_ fields (mutually exclusive fields). For each oneof, at most one member field can be set at the same time. Setting any member of the oneof automatically clears all other members.

.. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields

AccessControlList

AccessControlList(mapping=None, *, ignore_unknown_fields=False, **kwargs)

An access control list, derived from the above IAM policy binding, which contains a set of resources and accesses. May include one item from each set to compose an access control entry.

NOTICE that there could be multiple access control lists for one IAM policy binding. The access control lists are created based on resource and access combinations.

For example, assume we have the following cases in one IAM policy binding:

  • Permission P1 and P2 apply to resource R1 and R2;
  • Permission P3 applies to resource R2 and R3;

This will result in the following access control lists:

  • AccessControlList 1: [R1, R2], [P1, P2]
  • AccessControlList 2: [R2, R3], [P3]

Edge

Edge(mapping=None, *, ignore_unknown_fields=False, **kwargs)

A directional edge.

Identity

Identity(mapping=None, *, ignore_unknown_fields=False, **kwargs)

An identity under analysis.

IdentityList

IdentityList(mapping=None, *, ignore_unknown_fields=False, **kwargs)

The identities and group edges.

Resource

Resource(mapping=None, *, ignore_unknown_fields=False, **kwargs)

A Google Cloud resource under analysis.