Class AccessTuple (0.1.10)

AccessTuple(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Information about the principal, resource, and permission to check.

Attributes

Name Description
principal str
Required. The email address of the principal whose access you want to check. For example, alice@example.com or my-service-account@my-project.iam.gserviceaccount.com. The principal must be a Google Account or a service account. Other types of principals are not supported.
full_resource_name str
Required. The full resource name that identifies the resource. For example, //compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/my-instance. For examples of full resource names for Google Cloud services, see https://cloud.google.com/iam/help/troubleshooter/full-resource-names.
permission str
Required. The IAM permission to check for, either in the v1 permission format or the v2 permission format. For a complete list of IAM permissions in the v1 format, see https://cloud.google.com/iam/help/permissions/reference. For a list of IAM permissions in the v2 format, see https://cloud.google.com/iam/help/deny/supported-permissions. For a complete list of predefined IAM roles and the permissions in each role, see https://cloud.google.com/iam/help/roles/reference.
permission_fqdn str
Output only. The permission that Policy Troubleshooter checked for, in the v2 format.
condition_context google.cloud.policytroubleshooter_iam_v3.types.ConditionContext
Optional. Additional context for the request, such as the request time or IP address. This context allows Policy Troubleshooter to troubleshoot conditional role bindings and deny rules.