Reference documentation and code samples for the Policy Simulator V1 API class Google::Cloud::PolicySimulator::V1::ExplainedPolicy.
Details about how a specific IAM Policy contributed to the access check.
Inherits
- Object
Extended By
- Google::Protobuf::MessageExts::ClassMethods
Includes
- Google::Protobuf::MessageExts
Methods
#access
def access() -> ::Google::Cloud::PolicySimulator::V1::AccessState
-
(::Google::Cloud::PolicySimulator::V1::AccessState) — Indicates whether this policy provides the specified permission to the
specified principal for the specified resource.
This field does not indicate whether the principal actually has the permission for the resource. There might be another policy that overrides this policy. To determine whether the principal actually has the permission, use the
access
field in the [TroubleshootIamPolicyResponse][IamChecker.TroubleshootIamPolicyResponse].
#access=
def access=(value) -> ::Google::Cloud::PolicySimulator::V1::AccessState
-
value (::Google::Cloud::PolicySimulator::V1::AccessState) — Indicates whether this policy provides the specified permission to the
specified principal for the specified resource.
This field does not indicate whether the principal actually has the permission for the resource. There might be another policy that overrides this policy. To determine whether the principal actually has the permission, use the
access
field in the [TroubleshootIamPolicyResponse][IamChecker.TroubleshootIamPolicyResponse].
-
(::Google::Cloud::PolicySimulator::V1::AccessState) — Indicates whether this policy provides the specified permission to the
specified principal for the specified resource.
This field does not indicate whether the principal actually has the permission for the resource. There might be another policy that overrides this policy. To determine whether the principal actually has the permission, use the
access
field in the [TroubleshootIamPolicyResponse][IamChecker.TroubleshootIamPolicyResponse].
#binding_explanations
def binding_explanations() -> ::Array<::Google::Cloud::PolicySimulator::V1::BindingExplanation>
-
(::Array<::Google::Cloud::PolicySimulator::V1::BindingExplanation>) — Details about how each binding in the policy affects the principal's
ability, or inability, to use the permission for the resource.
If the user who created the Replay does not have access to the policy, this field is omitted.
#binding_explanations=
def binding_explanations=(value) -> ::Array<::Google::Cloud::PolicySimulator::V1::BindingExplanation>
-
value (::Array<::Google::Cloud::PolicySimulator::V1::BindingExplanation>) — Details about how each binding in the policy affects the principal's
ability, or inability, to use the permission for the resource.
If the user who created the Replay does not have access to the policy, this field is omitted.
-
(::Array<::Google::Cloud::PolicySimulator::V1::BindingExplanation>) — Details about how each binding in the policy affects the principal's
ability, or inability, to use the permission for the resource.
If the user who created the Replay does not have access to the policy, this field is omitted.
#full_resource_name
def full_resource_name() -> ::String
-
(::String) — The full resource name that identifies the resource. For example,
//compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/my-instance
.If the user who created the Replay does not have access to the policy, this field is omitted.
For examples of full resource names for Google Cloud services, see https://cloud.google.com/iam/help/troubleshooter/full-resource-names.
#full_resource_name=
def full_resource_name=(value) -> ::String
-
value (::String) — The full resource name that identifies the resource. For example,
//compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/my-instance
.If the user who created the Replay does not have access to the policy, this field is omitted.
For examples of full resource names for Google Cloud services, see https://cloud.google.com/iam/help/troubleshooter/full-resource-names.
-
(::String) — The full resource name that identifies the resource. For example,
//compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/my-instance
.If the user who created the Replay does not have access to the policy, this field is omitted.
For examples of full resource names for Google Cloud services, see https://cloud.google.com/iam/help/troubleshooter/full-resource-names.
#policy
def policy() -> ::Google::Iam::V1::Policy
-
(::Google::Iam::V1::Policy) — The IAM policy attached to the resource.
If the user who created the Replay does not have access to the policy, this field is empty.
#policy=
def policy=(value) -> ::Google::Iam::V1::Policy
-
value (::Google::Iam::V1::Policy) — The IAM policy attached to the resource.
If the user who created the Replay does not have access to the policy, this field is empty.
-
(::Google::Iam::V1::Policy) — The IAM policy attached to the resource.
If the user who created the Replay does not have access to the policy, this field is empty.
#relevance
def relevance() -> ::Google::Cloud::PolicySimulator::V1::HeuristicRelevance
-
(::Google::Cloud::PolicySimulator::V1::HeuristicRelevance) — The relevance of this policy to the overall determination in the
[TroubleshootIamPolicyResponse][IamChecker.TroubleshootIamPolicyResponse].
If the user who created the Replay does not have access to the policy, this field is omitted.
#relevance=
def relevance=(value) -> ::Google::Cloud::PolicySimulator::V1::HeuristicRelevance
-
value (::Google::Cloud::PolicySimulator::V1::HeuristicRelevance) — The relevance of this policy to the overall determination in the
[TroubleshootIamPolicyResponse][IamChecker.TroubleshootIamPolicyResponse].
If the user who created the Replay does not have access to the policy, this field is omitted.
-
(::Google::Cloud::PolicySimulator::V1::HeuristicRelevance) — The relevance of this policy to the overall determination in the
[TroubleshootIamPolicyResponse][IamChecker.TroubleshootIamPolicyResponse].
If the user who created the Replay does not have access to the policy, this field is omitted.