Package types (0.1.7)

Information about the principal, resource, and permission to check.

Whether IAM allow policies gives the principal the permission.

Details about how a role binding in an allow policy affects a principal's ability to use a permission.

Details about how the relevant IAM allow policies affect the final access state.

Additional context for troubleshooting conditional role bindings and deny rules.

Explanation for how a condition affects a principal's access

Whether IAM deny policies deny the principal the permission.

Details about how the relevant IAM deny policies affect the final access state.

Details about how a deny rule in a deny policy affects a principal's ability to use a permission.

Details about how a specific IAM allow policy contributed to the final access state.

Details about how a specific IAM deny policy Policy][google.iam.v2.Policy] contributed to the access check.

Details about how a specific resource contributed to the deny policy evaluation.

The extent to which a single data point contributes to an overall determination.

Whether the principal in the request matches the principal in the policy.

    -  A principal is included directly if that principal is
       listed in the role binding.
    -  A principal is included indirectly if that principal is
       in a Google group, Google Workspace account, or Cloud
       Identity domain that is listed in the policy.
MEMBERSHIP_NOT_MATCHED (2):
    The principal in the request doesn't match
    the principal in the policy.
MEMBERSHIP_UNKNOWN_INFO (3):
    The principal in the policy is a group or
    domain, and the sender of the request doesn't
    have permission to view whether the principal in
    the request is a member of the group or domain.
MEMBERSHIP_UNKNOWN_UNSUPPORTED (4):
    The principal is an unsupported type.

Whether the permission in the request matches the permission in the policy.

Whether a role includes a specific permission.

Request for TroubleshootIamPolicy.

Response for TroubleshootIamPolicy.