AccessTuple(mapping=None, *, ignore_unknown_fields=False, **kwargs)Information about the principal, resource, and permission to check.
Attributes | |
|---|---|
| Name | Description |
principal |
str
Required. The email address of the principal whose access you want to check. For example, alice@example.com or
my-service-account@my-project.iam.gserviceaccount.com.
The principal must be a Google Account or a service account.
Other types of principals are not supported.
|
full_resource_name |
str
Required. The full resource name that identifies the resource. For example, //compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/my-instance.
For examples of full resource names for Google Cloud
services, see
https://cloud.google.com/iam/help/troubleshooter/full-resource-names.
|
permission |
str
Required. The IAM permission to check for, either in the v1 permission format or the v2 permission format.
For a complete list of IAM permissions in the v1 format,
see https://cloud.google.com/iam/help/permissions/reference.
For a list of IAM permissions in the v2 format, see
https://cloud.google.com/iam/help/deny/supported-permissions.
For a complete list of predefined IAM roles and the
permissions in each role, see
https://cloud.google.com/iam/help/roles/reference.
|
permission_fqdn |
str
Output only. The permission that Policy Troubleshooter checked for, in the v2 format.
|
condition_context |
google.cloud.policytroubleshooter_iam_v3.types.ConditionContext
Optional. Additional context for the request, such as the request time or IP address. This context allows Policy Troubleshooter to troubleshoot conditional role bindings and deny rules. |