Class AccessControlList (3.26.0)

AccessControlList(mapping=None, *, ignore_unknown_fields=False, **kwargs)

An access control list, derived from the above IAM policy binding, which contains a set of resources and accesses. May include one item from each set to compose an access control entry.

NOTICE that there could be multiple access control lists for one IAM policy binding. The access control lists are created based on resource and access combinations.

For example, assume we have the following cases in one IAM policy binding:

  • Permission P1 and P2 apply to resource R1 and R2;
  • Permission P3 applies to resource R2 and R3;

This will result in the following access control lists:

  • AccessControlList 1: [R1, R2], [P1, P2]
  • AccessControlList 2: [R2, R3], [P3]

Attributes

NameDescription
resources MutableSequence[google.cloud.asset_v1.types.IamPolicyAnalysisResult.Resource]
The resources that match one of the following conditions: - The resource_selector, if it is specified in request; - Otherwise, resources reachable from the policy attached resource.
accesses MutableSequence[google.cloud.asset_v1.types.IamPolicyAnalysisResult.Access]
The accesses that match one of the following conditions: - The access_selector, if it is specified in request; - Otherwise, access specifiers reachable from the policy binding's role.
resource_edges MutableSequence[google.cloud.asset_v1.types.IamPolicyAnalysisResult.Edge]
Resource edges of the graph starting from the policy attached resource to any descendant resources. The Edge.source_node contains the full resource name of a parent resource and Edge.target_node contains the full resource name of a child resource. This field is present only if the output_resource_edges option is enabled in request.
condition_evaluation google.cloud.asset_v1.types.ConditionEvaluation
Condition evaluation for this AccessControlList, if there is a condition defined in the above IAM policy binding.