Class ExplainedPolicy (0.2.0)

ExplainedPolicy(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Details about how a specific IAM Policy][google.iam.v1.Policy] contributed to the access check.

Attributes

NameDescription
access google.cloud.policytroubleshooter_v1.types.AccessState
Indicates whether *this policy* provides the specified permission to the specified member for the specified resource. This field does *not* indicate whether the member actually has the permission for the resource. There might be another policy that overrides this policy. To determine whether the member actually has the permission, use the access field in the TroubleshootIamPolicyResponse][IamChecker.TroubleshootIamPolicyResponse].
full_resource_name str
The full resource name that identifies the resource. For example, //compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/my-instance. If the sender of the request does not have access to the policy, this field is omitted. For examples of full resource names for Google Cloud services, see https://cloud.google.com/iam/help/troubleshooter/full-resource-names.
policy google.iam.v1.policy_pb2.Policy
The IAM policy attached to the resource. If the sender of the request does not have access to the policy, this field is empty.
binding_explanations Sequence[google.cloud.policytroubleshooter_v1.types.BindingExplanation]
Details about how each binding in the policy affects the member's ability, or inability, to use the permission for the resource. If the sender of the request does not have access to the policy, this field is omitted.
relevance google.cloud.policytroubleshooter_v1.types.HeuristicRelevance
The relevance of this policy to the overall determination in the TroubleshootIamPolicyResponse][IamChecker.TroubleshootIamPolicyResponse]. If the sender of the request does not have access to the policy, this field is omitted.