Reference documentation and code samples for the Policy Troubleshooter V3 API class Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyPolicyExplanation.
Details about how the relevant IAM deny policies affect the final access state.
Inherits
- Object
Extended By
- Google::Protobuf::MessageExts::ClassMethods
Includes
- Google::Protobuf::MessageExts
Methods
#deny_access_state
def deny_access_state() -> ::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyAccessState
- (::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyAccessState) — Indicates whether the principal is denied the specified permission for the specified resource, based on evaluating all applicable IAM deny policies.
#deny_access_state=
def deny_access_state=(value) -> ::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyAccessState
- value (::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyAccessState) — Indicates whether the principal is denied the specified permission for the specified resource, based on evaluating all applicable IAM deny policies.
- (::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyAccessState) — Indicates whether the principal is denied the specified permission for the specified resource, based on evaluating all applicable IAM deny policies.
#explained_resources
def explained_resources() -> ::Array<::Google::Cloud::PolicyTroubleshooter::Iam::V3::ExplainedDenyResource>
-
(::Array<::Google::Cloud::PolicyTroubleshooter::Iam::V3::ExplainedDenyResource>) — List of resources with IAM deny policies that were evaluated to check the
principal's denied permissions, with annotations to indicate how each
policy contributed to the final result.
The list of resources includes the policy for the resource itself, as well as policies that are inherited from higher levels of the resource hierarchy, including the organization, the folder, and the project. The order of the resources starts from the resource and climbs up the resource hierarchy.
To learn more about the resource hierarchy, see https://cloud.google.com/iam/help/resource-hierarchy.
#explained_resources=
def explained_resources=(value) -> ::Array<::Google::Cloud::PolicyTroubleshooter::Iam::V3::ExplainedDenyResource>
-
value (::Array<::Google::Cloud::PolicyTroubleshooter::Iam::V3::ExplainedDenyResource>) — List of resources with IAM deny policies that were evaluated to check the
principal's denied permissions, with annotations to indicate how each
policy contributed to the final result.
The list of resources includes the policy for the resource itself, as well as policies that are inherited from higher levels of the resource hierarchy, including the organization, the folder, and the project. The order of the resources starts from the resource and climbs up the resource hierarchy.
To learn more about the resource hierarchy, see https://cloud.google.com/iam/help/resource-hierarchy.
-
(::Array<::Google::Cloud::PolicyTroubleshooter::Iam::V3::ExplainedDenyResource>) — List of resources with IAM deny policies that were evaluated to check the
principal's denied permissions, with annotations to indicate how each
policy contributed to the final result.
The list of resources includes the policy for the resource itself, as well as policies that are inherited from higher levels of the resource hierarchy, including the organization, the folder, and the project. The order of the resources starts from the resource and climbs up the resource hierarchy.
To learn more about the resource hierarchy, see https://cloud.google.com/iam/help/resource-hierarchy.
#permission_deniable
def permission_deniable() -> ::Boolean
- (::Boolean) — Indicates whether the permission to troubleshoot is supported in deny policies.
#permission_deniable=
def permission_deniable=(value) -> ::Boolean
- value (::Boolean) — Indicates whether the permission to troubleshoot is supported in deny policies.
- (::Boolean) — Indicates whether the permission to troubleshoot is supported in deny policies.
#relevance
def relevance() -> ::Google::Cloud::PolicyTroubleshooter::Iam::V3::HeuristicRelevance
- (::Google::Cloud::PolicyTroubleshooter::Iam::V3::HeuristicRelevance) — The relevance of the deny policy result to the overall access state.
#relevance=
def relevance=(value) -> ::Google::Cloud::PolicyTroubleshooter::Iam::V3::HeuristicRelevance
- value (::Google::Cloud::PolicyTroubleshooter::Iam::V3::HeuristicRelevance) — The relevance of the deny policy result to the overall access state.
- (::Google::Cloud::PolicyTroubleshooter::Iam::V3::HeuristicRelevance) — The relevance of the deny policy result to the overall access state.