Reference documentation and code samples for the IAM Policy Troubleshooter V1 API class Google::Cloud::PolicyTroubleshooter::V1::BindingExplanation.
Details about how a binding in a policy affects a principal's ability to use a permission.
Inherits
- Object
Extended By
- Google::Protobuf::MessageExts::ClassMethods
Includes
- Google::Protobuf::MessageExts
Methods
#access
def access() -> ::Google::Cloud::PolicyTroubleshooter::V1::AccessState
-
(::Google::Cloud::PolicyTroubleshooter::V1::AccessState) — Required. Indicates whether this binding provides the specified
permission to the specified principal for the specified resource.
This field does not indicate whether the principal actually has the permission for the resource. There might be another binding that overrides this binding. To determine whether the principal actually has the permission, use the
access
field in the [TroubleshootIamPolicyResponse][IamChecker.TroubleshootIamPolicyResponse].
#access=
def access=(value) -> ::Google::Cloud::PolicyTroubleshooter::V1::AccessState
-
value (::Google::Cloud::PolicyTroubleshooter::V1::AccessState) — Required. Indicates whether this binding provides the specified
permission to the specified principal for the specified resource.
This field does not indicate whether the principal actually has the permission for the resource. There might be another binding that overrides this binding. To determine whether the principal actually has the permission, use the
access
field in the [TroubleshootIamPolicyResponse][IamChecker.TroubleshootIamPolicyResponse].
-
(::Google::Cloud::PolicyTroubleshooter::V1::AccessState) — Required. Indicates whether this binding provides the specified
permission to the specified principal for the specified resource.
This field does not indicate whether the principal actually has the permission for the resource. There might be another binding that overrides this binding. To determine whether the principal actually has the permission, use the
access
field in the [TroubleshootIamPolicyResponse][IamChecker.TroubleshootIamPolicyResponse].
#condition
def condition() -> ::Google::Type::Expr
-
(::Google::Type::Expr) — A condition expression that prevents this binding from granting access
unless the expression evaluates to
true
.To learn about IAM Conditions, see https://cloud.google.com/iam/help/conditions/overview.
#condition=
def condition=(value) -> ::Google::Type::Expr
-
value (::Google::Type::Expr) — A condition expression that prevents this binding from granting access
unless the expression evaluates to
true
.To learn about IAM Conditions, see https://cloud.google.com/iam/help/conditions/overview.
-
(::Google::Type::Expr) — A condition expression that prevents this binding from granting access
unless the expression evaluates to
true
.To learn about IAM Conditions, see https://cloud.google.com/iam/help/conditions/overview.
#memberships
def memberships() -> ::Google::Protobuf::Map{::String => ::Google::Cloud::PolicyTroubleshooter::V1::BindingExplanation::AnnotatedMembership}
-
(::Google::Protobuf::Map{::String => ::Google::Cloud::PolicyTroubleshooter::V1::BindingExplanation::AnnotatedMembership}) — Indicates whether each principal in the binding includes the principal
specified in the request, either directly or indirectly. Each key
identifies a principal in the binding, and each value indicates whether the
principal in the binding includes the principal in the request.
For example, suppose that a binding includes the following principals:
user:alice@example.com
group:product-eng@example.com
You want to troubleshoot access for
user:bob@example.com
. This user is a principal of the groupgroup:product-eng@example.com
.For the first principal in the binding, the key is
user:alice@example.com
, and themembership
field in the value is set toMEMBERSHIP_NOT_INCLUDED
.For the second principal in the binding, the key is
group:product-eng@example.com
, and themembership
field in the value is set toMEMBERSHIP_INCLUDED
.
#memberships=
def memberships=(value) -> ::Google::Protobuf::Map{::String => ::Google::Cloud::PolicyTroubleshooter::V1::BindingExplanation::AnnotatedMembership}
-
value (::Google::Protobuf::Map{::String => ::Google::Cloud::PolicyTroubleshooter::V1::BindingExplanation::AnnotatedMembership}) — Indicates whether each principal in the binding includes the principal
specified in the request, either directly or indirectly. Each key
identifies a principal in the binding, and each value indicates whether the
principal in the binding includes the principal in the request.
For example, suppose that a binding includes the following principals:
user:alice@example.com
group:product-eng@example.com
You want to troubleshoot access for
user:bob@example.com
. This user is a principal of the groupgroup:product-eng@example.com
.For the first principal in the binding, the key is
user:alice@example.com
, and themembership
field in the value is set toMEMBERSHIP_NOT_INCLUDED
.For the second principal in the binding, the key is
group:product-eng@example.com
, and themembership
field in the value is set toMEMBERSHIP_INCLUDED
.
-
(::Google::Protobuf::Map{::String => ::Google::Cloud::PolicyTroubleshooter::V1::BindingExplanation::AnnotatedMembership}) — Indicates whether each principal in the binding includes the principal
specified in the request, either directly or indirectly. Each key
identifies a principal in the binding, and each value indicates whether the
principal in the binding includes the principal in the request.
For example, suppose that a binding includes the following principals:
user:alice@example.com
group:product-eng@example.com
You want to troubleshoot access for
user:bob@example.com
. This user is a principal of the groupgroup:product-eng@example.com
.For the first principal in the binding, the key is
user:alice@example.com
, and themembership
field in the value is set toMEMBERSHIP_NOT_INCLUDED
.For the second principal in the binding, the key is
group:product-eng@example.com
, and themembership
field in the value is set toMEMBERSHIP_INCLUDED
.
#relevance
def relevance() -> ::Google::Cloud::PolicyTroubleshooter::V1::HeuristicRelevance
- (::Google::Cloud::PolicyTroubleshooter::V1::HeuristicRelevance) — The relevance of this binding to the overall determination for the entire policy.
#relevance=
def relevance=(value) -> ::Google::Cloud::PolicyTroubleshooter::V1::HeuristicRelevance
- value (::Google::Cloud::PolicyTroubleshooter::V1::HeuristicRelevance) — The relevance of this binding to the overall determination for the entire policy.
- (::Google::Cloud::PolicyTroubleshooter::V1::HeuristicRelevance) — The relevance of this binding to the overall determination for the entire policy.
#role
def role() -> ::String
-
(::String) — The role that this binding grants. For example,
roles/compute.serviceAgent
.For a complete list of predefined IAM roles, as well as the permissions in each role, see https://cloud.google.com/iam/help/roles/reference.
#role=
def role=(value) -> ::String
-
value (::String) — The role that this binding grants. For example,
roles/compute.serviceAgent
.For a complete list of predefined IAM roles, as well as the permissions in each role, see https://cloud.google.com/iam/help/roles/reference.
-
(::String) — The role that this binding grants. For example,
roles/compute.serviceAgent
.For a complete list of predefined IAM roles, as well as the permissions in each role, see https://cloud.google.com/iam/help/roles/reference.
#role_permission
def role_permission() -> ::Google::Cloud::PolicyTroubleshooter::V1::BindingExplanation::RolePermission
- (::Google::Cloud::PolicyTroubleshooter::V1::BindingExplanation::RolePermission) — Indicates whether the role granted by this binding contains the specified permission.
#role_permission=
def role_permission=(value) -> ::Google::Cloud::PolicyTroubleshooter::V1::BindingExplanation::RolePermission
- value (::Google::Cloud::PolicyTroubleshooter::V1::BindingExplanation::RolePermission) — Indicates whether the role granted by this binding contains the specified permission.
- (::Google::Cloud::PolicyTroubleshooter::V1::BindingExplanation::RolePermission) — Indicates whether the role granted by this binding contains the specified permission.
#role_permission_relevance
def role_permission_relevance() -> ::Google::Cloud::PolicyTroubleshooter::V1::HeuristicRelevance
- (::Google::Cloud::PolicyTroubleshooter::V1::HeuristicRelevance) — The relevance of the permission's existence, or nonexistence, in the role to the overall determination for the entire policy.
#role_permission_relevance=
def role_permission_relevance=(value) -> ::Google::Cloud::PolicyTroubleshooter::V1::HeuristicRelevance
- value (::Google::Cloud::PolicyTroubleshooter::V1::HeuristicRelevance) — The relevance of the permission's existence, or nonexistence, in the role to the overall determination for the entire policy.
- (::Google::Cloud::PolicyTroubleshooter::V1::HeuristicRelevance) — The relevance of the permission's existence, or nonexistence, in the role to the overall determination for the entire policy.