Policy Troubleshooter V3 API - Class Google::Cloud::PolicyTroubleshooter::Iam::V3::ExplainedDenyResource (v0.3.0)

Reference documentation and code samples for the Policy Troubleshooter V3 API class Google::Cloud::PolicyTroubleshooter::Iam::V3::ExplainedDenyResource.

Details about how a specific resource contributed to the deny policy evaluation.

Inherits

Object

Extended By

Google::Protobuf::MessageExts::ClassMethods

Includes

Google::Protobuf::MessageExts

Methods

#deny_access_state

def deny_access_state() -> ::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyAccessState

Returns

(::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyAccessState) — Required. Indicates whether any policies attached to this resource deny the specific permission to the specified principal for the specified resource.

This field does not indicate whether the principal actually has the permission for the resource. There might be another policy that overrides this policy. To determine whether the principal actually has the permission, use the overall_access_state field in the TroubleshootIamPolicyResponse.

#deny_access_state=

def deny_access_state=(value) -> ::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyAccessState

Parameter

value (::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyAccessState) — Required. Indicates whether any policies attached to this resource deny the specific permission to the specified principal for the specified resource.

This field does not indicate whether the principal actually has the permission for the resource. There might be another policy that overrides this policy. To determine whether the principal actually has the permission, use the overall_access_state field in the TroubleshootIamPolicyResponse.

Returns

(::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyAccessState) — Required. Indicates whether any policies attached to this resource deny the specific permission to the specified principal for the specified resource.

This field does not indicate whether the principal actually has the permission for the resource. There might be another policy that overrides this policy. To determine whether the principal actually has the permission, use the overall_access_state field in the TroubleshootIamPolicyResponse.

#explained_policies

def explained_policies() -> ::Array<::Google::Cloud::PolicyTroubleshooter::Iam::V3::ExplainedDenyPolicy>

Returns

(::Array<::Google::Cloud::PolicyTroubleshooter::Iam::V3::ExplainedDenyPolicy>) — List of IAM deny policies that were evaluated to check the principal's denied permissions, with annotations to indicate how each policy contributed to the final result.

#explained_policies=

def explained_policies=(value) -> ::Array<::Google::Cloud::PolicyTroubleshooter::Iam::V3::ExplainedDenyPolicy>

Parameter

value (::Array<::Google::Cloud::PolicyTroubleshooter::Iam::V3::ExplainedDenyPolicy>) — List of IAM deny policies that were evaluated to check the principal's denied permissions, with annotations to indicate how each policy contributed to the final result.

Returns

(::Array<::Google::Cloud::PolicyTroubleshooter::Iam::V3::ExplainedDenyPolicy>) — List of IAM deny policies that were evaluated to check the principal's denied permissions, with annotations to indicate how each policy contributed to the final result.

#full_resource_name

def full_resource_name() -> ::String

Returns

(::String) — The full resource name that identifies the resource. For example, //compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/my-instance.

If the sender of the request does not have access to the policy, this field is omitted.

For examples of full resource names for Google Cloud services, see https://cloud.google.com/iam/help/troubleshooter/full-resource-names.

#full_resource_name=

def full_resource_name=(value) -> ::String

Parameter

value (::String) — The full resource name that identifies the resource. For example, //compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/my-instance.

If the sender of the request does not have access to the policy, this field is omitted.

For examples of full resource names for Google Cloud services, see https://cloud.google.com/iam/help/troubleshooter/full-resource-names.

Returns

(::String) — The full resource name that identifies the resource. For example, //compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/my-instance.

If the sender of the request does not have access to the policy, this field is omitted.

For examples of full resource names for Google Cloud services, see https://cloud.google.com/iam/help/troubleshooter/full-resource-names.

#relevance

def relevance() -> ::Google::Cloud::PolicyTroubleshooter::Iam::V3::HeuristicRelevance

Returns

(::Google::Cloud::PolicyTroubleshooter::Iam::V3::HeuristicRelevance) — The relevance of this policy to the overall access state in the TroubleshootIamPolicyResponse.

If the sender of the request does not have access to the policy, this field is omitted.

#relevance=

def relevance=(value) -> ::Google::Cloud::PolicyTroubleshooter::Iam::V3::HeuristicRelevance

Parameter

value (::Google::Cloud::PolicyTroubleshooter::Iam::V3::HeuristicRelevance) — The relevance of this policy to the overall access state in the TroubleshootIamPolicyResponse.

If the sender of the request does not have access to the policy, this field is omitted.

Returns

(::Google::Cloud::PolicyTroubleshooter::Iam::V3::HeuristicRelevance) — The relevance of this policy to the overall access state in the TroubleshootIamPolicyResponse.

If the sender of the request does not have access to the policy, this field is omitted.