Class IamPolicySearchResult (1.1.0)

A result of IAM Policy search, containing information of an IAM policy. .. attribute:: resource

The full resource name of the resource associated with this IAM policy. Example: //compute.googleapis.com/projects/my_pr oject_123/zones/zone1/instances/instance1. See Cloud Asset Inventory Resource Name Format <https://cloud.google.com/asset-inventory/docs/resource-name- format>__ for more information. To search against the resource: - use a field query. Example: resource : "organizations/123"

The IAM policy directly set on the given resource. Note that the original IAM policy can contain multiple bindings. This only contains the bindings that match the given query. For queries that don’t contain a constrain on policies (e.g., an empty query), this contains all the bindings. To search against the policy bindings: - use a field query, as following: - query by the policy contained members. Example: policy : "amy@gmail.com" - query by the policy contained roles. Example: policy : "roles/compute.admin" - query by the policy contained roles’ implied permissions. Example: policy.role.permissions : "compute.instances.create"

Classes

Explanation

Explanation about the IAM policy search result. .. attribute:: matched_permissions

The map from roles to their included permissions that match the permission query (i.e., a query containing policy.role.permissions:). Example: if query policy.role.permissions : "compute.disk.get" matches a policy binding that contains owner role, the matched_permissions will be {"roles/owner": ["compute.disk.get"]}. The roles can also be found in the returned policy bindings. Note that the map is populated only for requests with permission queries.