IAM Policy Troubleshooter V1 API - Class Google::Cloud::PolicyTroubleshooter::V1::BindingExplanation (v0.7.1)

Reference documentation and code samples for the IAM Policy Troubleshooter V1 API class Google::Cloud::PolicyTroubleshooter::V1::BindingExplanation.

Details about how a binding in a policy affects a member's ability to use a permission.

Inherits

  • Object

Extended By

  • Google::Protobuf::MessageExts::ClassMethods

Includes

  • Google::Protobuf::MessageExts

Methods

#access

def access() -> ::Google::Cloud::PolicyTroubleshooter::V1::AccessState
Returns
  • (::Google::Cloud::PolicyTroubleshooter::V1::AccessState) — Required. Indicates whether this binding provides the specified permission to the specified member for the specified resource.

    This field does not indicate whether the member actually has the permission for the resource. There might be another binding that overrides this binding. To determine whether the member actually has the permission, use the access field in the [TroubleshootIamPolicyResponse][IamChecker.TroubleshootIamPolicyResponse].

#access=

def access=(value) -> ::Google::Cloud::PolicyTroubleshooter::V1::AccessState
Parameter
  • value (::Google::Cloud::PolicyTroubleshooter::V1::AccessState) — Required. Indicates whether this binding provides the specified permission to the specified member for the specified resource.

    This field does not indicate whether the member actually has the permission for the resource. There might be another binding that overrides this binding. To determine whether the member actually has the permission, use the access field in the [TroubleshootIamPolicyResponse][IamChecker.TroubleshootIamPolicyResponse].

Returns
  • (::Google::Cloud::PolicyTroubleshooter::V1::AccessState) — Required. Indicates whether this binding provides the specified permission to the specified member for the specified resource.

    This field does not indicate whether the member actually has the permission for the resource. There might be another binding that overrides this binding. To determine whether the member actually has the permission, use the access field in the [TroubleshootIamPolicyResponse][IamChecker.TroubleshootIamPolicyResponse].

#condition

def condition() -> ::Google::Type::Expr
Returns
  • (::Google::Type::Expr) — A condition expression that prevents access unless the expression evaluates to true.

    To learn about IAM Conditions, see http://cloud.google.com/iam/help/conditions/overview.

#condition=

def condition=(value) -> ::Google::Type::Expr
Parameter
  • value (::Google::Type::Expr) — A condition expression that prevents access unless the expression evaluates to true.

    To learn about IAM Conditions, see http://cloud.google.com/iam/help/conditions/overview.

Returns
  • (::Google::Type::Expr) — A condition expression that prevents access unless the expression evaluates to true.

    To learn about IAM Conditions, see http://cloud.google.com/iam/help/conditions/overview.

#memberships

def memberships() -> ::Google::Protobuf::Map{::String => ::Google::Cloud::PolicyTroubleshooter::V1::BindingExplanation::AnnotatedMembership}
Returns
  • (::Google::Protobuf::Map{::String => ::Google::Cloud::PolicyTroubleshooter::V1::BindingExplanation::AnnotatedMembership}) — Indicates whether each member in the binding includes the member specified in the request, either directly or indirectly. Each key identifies a member in the binding, and each value indicates whether the member in the binding includes the member in the request.

    For example, suppose that a binding includes the following members:

    • user:alice@example.com
    • group:product-eng@example.com

    You want to troubleshoot access for user:bob@example.com. This user is a member of the group group:product-eng@example.com.

    For the first member in the binding, the key is user:alice@example.com, and the membership field in the value is set to MEMBERSHIP_NOT_INCLUDED.

    For the second member in the binding, the key is group:product-eng@example.com, and the membership field in the value is set to MEMBERSHIP_INCLUDED.

#memberships=

def memberships=(value) -> ::Google::Protobuf::Map{::String => ::Google::Cloud::PolicyTroubleshooter::V1::BindingExplanation::AnnotatedMembership}
Parameter
  • value (::Google::Protobuf::Map{::String => ::Google::Cloud::PolicyTroubleshooter::V1::BindingExplanation::AnnotatedMembership}) — Indicates whether each member in the binding includes the member specified in the request, either directly or indirectly. Each key identifies a member in the binding, and each value indicates whether the member in the binding includes the member in the request.

    For example, suppose that a binding includes the following members:

    • user:alice@example.com
    • group:product-eng@example.com

    You want to troubleshoot access for user:bob@example.com. This user is a member of the group group:product-eng@example.com.

    For the first member in the binding, the key is user:alice@example.com, and the membership field in the value is set to MEMBERSHIP_NOT_INCLUDED.

    For the second member in the binding, the key is group:product-eng@example.com, and the membership field in the value is set to MEMBERSHIP_INCLUDED.

Returns
  • (::Google::Protobuf::Map{::String => ::Google::Cloud::PolicyTroubleshooter::V1::BindingExplanation::AnnotatedMembership}) — Indicates whether each member in the binding includes the member specified in the request, either directly or indirectly. Each key identifies a member in the binding, and each value indicates whether the member in the binding includes the member in the request.

    For example, suppose that a binding includes the following members:

    • user:alice@example.com
    • group:product-eng@example.com

    You want to troubleshoot access for user:bob@example.com. This user is a member of the group group:product-eng@example.com.

    For the first member in the binding, the key is user:alice@example.com, and the membership field in the value is set to MEMBERSHIP_NOT_INCLUDED.

    For the second member in the binding, the key is group:product-eng@example.com, and the membership field in the value is set to MEMBERSHIP_INCLUDED.

#relevance

def relevance() -> ::Google::Cloud::PolicyTroubleshooter::V1::HeuristicRelevance
Returns

#relevance=

def relevance=(value) -> ::Google::Cloud::PolicyTroubleshooter::V1::HeuristicRelevance
Parameter
Returns

#role

def role() -> ::String
Returns
  • (::String) — The role that this binding grants. For example, roles/compute.serviceAgent.

    For a complete list of predefined IAM roles, as well as the permissions in each role, see https://cloud.google.com/iam/help/roles/reference.

#role=

def role=(value) -> ::String
Parameter
  • value (::String) — The role that this binding grants. For example, roles/compute.serviceAgent.

    For a complete list of predefined IAM roles, as well as the permissions in each role, see https://cloud.google.com/iam/help/roles/reference.

Returns
  • (::String) — The role that this binding grants. For example, roles/compute.serviceAgent.

    For a complete list of predefined IAM roles, as well as the permissions in each role, see https://cloud.google.com/iam/help/roles/reference.

#role_permission

def role_permission() -> ::Google::Cloud::PolicyTroubleshooter::V1::BindingExplanation::RolePermission
Returns

#role_permission=

def role_permission=(value) -> ::Google::Cloud::PolicyTroubleshooter::V1::BindingExplanation::RolePermission
Parameter
Returns

#role_permission_relevance

def role_permission_relevance() -> ::Google::Cloud::PolicyTroubleshooter::V1::HeuristicRelevance
Returns

#role_permission_relevance=

def role_permission_relevance=(value) -> ::Google::Cloud::PolicyTroubleshooter::V1::HeuristicRelevance
Parameter
Returns