Policy Troubleshooter V3 API - Class Google::Cloud::PolicyTroubleshooter::Iam::V3::AllowBindingExplanation (v0.4.0)

Reference documentation and code samples for the Policy Troubleshooter V3 API class Google::Cloud::PolicyTroubleshooter::Iam::V3::AllowBindingExplanation.

Details about how a role binding in an allow policy affects a principal's ability to use a permission.

Inherits

  • Object

Extended By

  • Google::Protobuf::MessageExts::ClassMethods

Includes

  • Google::Protobuf::MessageExts

Methods

#allow_access_state

def allow_access_state() -> ::Google::Cloud::PolicyTroubleshooter::Iam::V3::AllowAccessState
Returns
  • (::Google::Cloud::PolicyTroubleshooter::Iam::V3::AllowAccessState) — Required. Indicates whether this role binding gives the specified permission to the specified principal on the specified resource.

    This field does not indicate whether the principal actually has the permission on the resource. There might be another role binding that overrides this role binding. To determine whether the principal actually has the permission, use the overall_access_state field in the TroubleshootIamPolicyResponse.

#allow_access_state=

def allow_access_state=(value) -> ::Google::Cloud::PolicyTroubleshooter::Iam::V3::AllowAccessState
Parameter
  • value (::Google::Cloud::PolicyTroubleshooter::Iam::V3::AllowAccessState) — Required. Indicates whether this role binding gives the specified permission to the specified principal on the specified resource.

    This field does not indicate whether the principal actually has the permission on the resource. There might be another role binding that overrides this role binding. To determine whether the principal actually has the permission, use the overall_access_state field in the TroubleshootIamPolicyResponse.

Returns
  • (::Google::Cloud::PolicyTroubleshooter::Iam::V3::AllowAccessState) — Required. Indicates whether this role binding gives the specified permission to the specified principal on the specified resource.

    This field does not indicate whether the principal actually has the permission on the resource. There might be another role binding that overrides this role binding. To determine whether the principal actually has the permission, use the overall_access_state field in the TroubleshootIamPolicyResponse.

#combined_membership

def combined_membership() -> ::Google::Cloud::PolicyTroubleshooter::Iam::V3::AllowBindingExplanation::AnnotatedAllowMembership
Returns

#combined_membership=

def combined_membership=(value) -> ::Google::Cloud::PolicyTroubleshooter::Iam::V3::AllowBindingExplanation::AnnotatedAllowMembership
Parameter
Returns

#condition

def condition() -> ::Google::Type::Expr
Returns
  • (::Google::Type::Expr) — A condition expression that specifies when the role binding grants access.

    To learn about IAM Conditions, see https://cloud.google.com/iam/help/conditions/overview.

#condition=

def condition=(value) -> ::Google::Type::Expr
Parameter
  • value (::Google::Type::Expr) — A condition expression that specifies when the role binding grants access.

    To learn about IAM Conditions, see https://cloud.google.com/iam/help/conditions/overview.

Returns
  • (::Google::Type::Expr) — A condition expression that specifies when the role binding grants access.

    To learn about IAM Conditions, see https://cloud.google.com/iam/help/conditions/overview.

#condition_explanation

def condition_explanation() -> ::Google::Cloud::PolicyTroubleshooter::Iam::V3::ConditionExplanation
Returns

#condition_explanation=

def condition_explanation=(value) -> ::Google::Cloud::PolicyTroubleshooter::Iam::V3::ConditionExplanation
Parameter
Returns

#memberships

def memberships() -> ::Google::Protobuf::Map{::String => ::Google::Cloud::PolicyTroubleshooter::Iam::V3::AllowBindingExplanation::AnnotatedAllowMembership}
Returns
  • (::Google::Protobuf::Map{::String => ::Google::Cloud::PolicyTroubleshooter::Iam::V3::AllowBindingExplanation::AnnotatedAllowMembership}) — Indicates whether each role binding includes the principal specified in the request, either directly or indirectly. Each key identifies a principal in the role binding, and each value indicates whether the principal in the role binding includes the principal in the request.

    For example, suppose that a role binding includes the following principals:

    • user:alice@example.com
    • group:product-eng@example.com

    You want to troubleshoot access for user:bob@example.com. This user is a member of the group group:product-eng@example.com.

    For the first principal in the role binding, the key is user:alice@example.com, and the membership field in the value is set to NOT_INCLUDED.

    For the second principal in the role binding, the key is group:product-eng@example.com, and the membership field in the value is set to INCLUDED.

#memberships=

def memberships=(value) -> ::Google::Protobuf::Map{::String => ::Google::Cloud::PolicyTroubleshooter::Iam::V3::AllowBindingExplanation::AnnotatedAllowMembership}
Parameter
  • value (::Google::Protobuf::Map{::String => ::Google::Cloud::PolicyTroubleshooter::Iam::V3::AllowBindingExplanation::AnnotatedAllowMembership}) — Indicates whether each role binding includes the principal specified in the request, either directly or indirectly. Each key identifies a principal in the role binding, and each value indicates whether the principal in the role binding includes the principal in the request.

    For example, suppose that a role binding includes the following principals:

    • user:alice@example.com
    • group:product-eng@example.com

    You want to troubleshoot access for user:bob@example.com. This user is a member of the group group:product-eng@example.com.

    For the first principal in the role binding, the key is user:alice@example.com, and the membership field in the value is set to NOT_INCLUDED.

    For the second principal in the role binding, the key is group:product-eng@example.com, and the membership field in the value is set to INCLUDED.

Returns
  • (::Google::Protobuf::Map{::String => ::Google::Cloud::PolicyTroubleshooter::Iam::V3::AllowBindingExplanation::AnnotatedAllowMembership}) — Indicates whether each role binding includes the principal specified in the request, either directly or indirectly. Each key identifies a principal in the role binding, and each value indicates whether the principal in the role binding includes the principal in the request.

    For example, suppose that a role binding includes the following principals:

    • user:alice@example.com
    • group:product-eng@example.com

    You want to troubleshoot access for user:bob@example.com. This user is a member of the group group:product-eng@example.com.

    For the first principal in the role binding, the key is user:alice@example.com, and the membership field in the value is set to NOT_INCLUDED.

    For the second principal in the role binding, the key is group:product-eng@example.com, and the membership field in the value is set to INCLUDED.

#relevance

def relevance() -> ::Google::Cloud::PolicyTroubleshooter::Iam::V3::HeuristicRelevance
Returns

#relevance=

def relevance=(value) -> ::Google::Cloud::PolicyTroubleshooter::Iam::V3::HeuristicRelevance
Parameter
Returns

#role

def role() -> ::String
Returns
  • (::String) — The role that this role binding grants. For example, roles/compute.admin.

    For a complete list of predefined IAM roles, as well as the permissions in each role, see https://cloud.google.com/iam/help/roles/reference.

#role=

def role=(value) -> ::String
Parameter
  • value (::String) — The role that this role binding grants. For example, roles/compute.admin.

    For a complete list of predefined IAM roles, as well as the permissions in each role, see https://cloud.google.com/iam/help/roles/reference.

Returns
  • (::String) — The role that this role binding grants. For example, roles/compute.admin.

    For a complete list of predefined IAM roles, as well as the permissions in each role, see https://cloud.google.com/iam/help/roles/reference.

#role_permission

def role_permission() -> ::Google::Cloud::PolicyTroubleshooter::Iam::V3::RolePermissionInclusionState
Returns

#role_permission=

def role_permission=(value) -> ::Google::Cloud::PolicyTroubleshooter::Iam::V3::RolePermissionInclusionState
Parameter
Returns

#role_permission_relevance

def role_permission_relevance() -> ::Google::Cloud::PolicyTroubleshooter::Iam::V3::HeuristicRelevance
Returns

#role_permission_relevance=

def role_permission_relevance=(value) -> ::Google::Cloud::PolicyTroubleshooter::Iam::V3::HeuristicRelevance
Parameter
Returns