Policy Troubleshooter V3 API - Class Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation (v0.4.0)

Reference documentation and code samples for the Policy Troubleshooter V3 API class Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation.

Details about how a deny rule in a deny policy affects a principal's ability to use a permission.

Inherits

  • Object

Extended By

  • Google::Protobuf::MessageExts::ClassMethods

Includes

  • Google::Protobuf::MessageExts

Methods

#combined_denied_permission

def combined_denied_permission() -> ::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedPermissionMatching
Returns

#combined_denied_permission=

def combined_denied_permission=(value) -> ::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedPermissionMatching
Parameter
Returns

#combined_denied_principal

def combined_denied_principal() -> ::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedDenyPrincipalMatching
Returns

#combined_denied_principal=

def combined_denied_principal=(value) -> ::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedDenyPrincipalMatching
Parameter
Returns

#combined_exception_permission

def combined_exception_permission() -> ::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedPermissionMatching
Returns

#combined_exception_permission=

def combined_exception_permission=(value) -> ::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedPermissionMatching
Parameter
Returns

#combined_exception_principal

def combined_exception_principal() -> ::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedDenyPrincipalMatching
Returns

#combined_exception_principal=

def combined_exception_principal=(value) -> ::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedDenyPrincipalMatching
Parameter
Returns

#condition

def condition() -> ::Google::Type::Expr
Returns
  • (::Google::Type::Expr) — A condition expression that specifies when the deny rule denies the principal access.

    To learn about IAM Conditions, see https://cloud.google.com/iam/help/conditions/overview.

#condition=

def condition=(value) -> ::Google::Type::Expr
Parameter
  • value (::Google::Type::Expr) — A condition expression that specifies when the deny rule denies the principal access.

    To learn about IAM Conditions, see https://cloud.google.com/iam/help/conditions/overview.

Returns
  • (::Google::Type::Expr) — A condition expression that specifies when the deny rule denies the principal access.

    To learn about IAM Conditions, see https://cloud.google.com/iam/help/conditions/overview.

#condition_explanation

def condition_explanation() -> ::Google::Cloud::PolicyTroubleshooter::Iam::V3::ConditionExplanation
Returns

#condition_explanation=

def condition_explanation=(value) -> ::Google::Cloud::PolicyTroubleshooter::Iam::V3::ConditionExplanation
Parameter
Returns

#denied_permissions

def denied_permissions() -> ::Google::Protobuf::Map{::String => ::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedPermissionMatching}
Returns
  • (::Google::Protobuf::Map{::String => ::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedPermissionMatching}) — Lists all denied permissions in the deny rule and indicates whether each permission matches the permission in the request.

    Each key identifies a denied permission in the rule, and each value indicates whether the denied permission matches the permission in the request.

#denied_permissions=

def denied_permissions=(value) -> ::Google::Protobuf::Map{::String => ::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedPermissionMatching}
Parameter
  • value (::Google::Protobuf::Map{::String => ::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedPermissionMatching}) — Lists all denied permissions in the deny rule and indicates whether each permission matches the permission in the request.

    Each key identifies a denied permission in the rule, and each value indicates whether the denied permission matches the permission in the request.

Returns
  • (::Google::Protobuf::Map{::String => ::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedPermissionMatching}) — Lists all denied permissions in the deny rule and indicates whether each permission matches the permission in the request.

    Each key identifies a denied permission in the rule, and each value indicates whether the denied permission matches the permission in the request.

#denied_principals

def denied_principals() -> ::Google::Protobuf::Map{::String => ::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedDenyPrincipalMatching}
Returns
  • (::Google::Protobuf::Map{::String => ::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedDenyPrincipalMatching}) — Lists all denied principals in the deny rule and indicates whether each principal matches the principal in the request, either directly or through membership in a principal set.

    Each key identifies a denied principal in the rule, and each value indicates whether the denied principal matches the principal in the request.

#denied_principals=

def denied_principals=(value) -> ::Google::Protobuf::Map{::String => ::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedDenyPrincipalMatching}
Parameter
  • value (::Google::Protobuf::Map{::String => ::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedDenyPrincipalMatching}) — Lists all denied principals in the deny rule and indicates whether each principal matches the principal in the request, either directly or through membership in a principal set.

    Each key identifies a denied principal in the rule, and each value indicates whether the denied principal matches the principal in the request.

Returns
  • (::Google::Protobuf::Map{::String => ::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedDenyPrincipalMatching}) — Lists all denied principals in the deny rule and indicates whether each principal matches the principal in the request, either directly or through membership in a principal set.

    Each key identifies a denied principal in the rule, and each value indicates whether the denied principal matches the principal in the request.

#deny_access_state

def deny_access_state() -> ::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyAccessState
Returns
  • (::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyAccessState) — Required. Indicates whether this rule denies the specified permission to the specified principal for the specified resource.

    This field does not indicate whether the principal is actually denied on the permission for the resource. There might be another rule that overrides this rule. To determine whether the principal actually has the permission, use the overall_access_state field in the TroubleshootIamPolicyResponse.

#deny_access_state=

def deny_access_state=(value) -> ::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyAccessState
Parameter
  • value (::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyAccessState) — Required. Indicates whether this rule denies the specified permission to the specified principal for the specified resource.

    This field does not indicate whether the principal is actually denied on the permission for the resource. There might be another rule that overrides this rule. To determine whether the principal actually has the permission, use the overall_access_state field in the TroubleshootIamPolicyResponse.

Returns
  • (::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyAccessState) — Required. Indicates whether this rule denies the specified permission to the specified principal for the specified resource.

    This field does not indicate whether the principal is actually denied on the permission for the resource. There might be another rule that overrides this rule. To determine whether the principal actually has the permission, use the overall_access_state field in the TroubleshootIamPolicyResponse.

#exception_permissions

def exception_permissions() -> ::Google::Protobuf::Map{::String => ::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedPermissionMatching}
Returns
  • (::Google::Protobuf::Map{::String => ::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedPermissionMatching}) — Lists all exception permissions in the deny rule and indicates whether each permission matches the permission in the request.

    Each key identifies a exception permission in the rule, and each value indicates whether the exception permission matches the permission in the request.

#exception_permissions=

def exception_permissions=(value) -> ::Google::Protobuf::Map{::String => ::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedPermissionMatching}
Parameter
  • value (::Google::Protobuf::Map{::String => ::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedPermissionMatching}) — Lists all exception permissions in the deny rule and indicates whether each permission matches the permission in the request.

    Each key identifies a exception permission in the rule, and each value indicates whether the exception permission matches the permission in the request.

Returns
  • (::Google::Protobuf::Map{::String => ::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedPermissionMatching}) — Lists all exception permissions in the deny rule and indicates whether each permission matches the permission in the request.

    Each key identifies a exception permission in the rule, and each value indicates whether the exception permission matches the permission in the request.

#exception_principals

def exception_principals() -> ::Google::Protobuf::Map{::String => ::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedDenyPrincipalMatching}
Returns
  • (::Google::Protobuf::Map{::String => ::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedDenyPrincipalMatching}) — Lists all exception principals in the deny rule and indicates whether each principal matches the principal in the request, either directly or through membership in a principal set.

    Each key identifies a exception principal in the rule, and each value indicates whether the exception principal matches the principal in the request.

#exception_principals=

def exception_principals=(value) -> ::Google::Protobuf::Map{::String => ::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedDenyPrincipalMatching}
Parameter
  • value (::Google::Protobuf::Map{::String => ::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedDenyPrincipalMatching}) — Lists all exception principals in the deny rule and indicates whether each principal matches the principal in the request, either directly or through membership in a principal set.

    Each key identifies a exception principal in the rule, and each value indicates whether the exception principal matches the principal in the request.

Returns
  • (::Google::Protobuf::Map{::String => ::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation::AnnotatedDenyPrincipalMatching}) — Lists all exception principals in the deny rule and indicates whether each principal matches the principal in the request, either directly or through membership in a principal set.

    Each key identifies a exception principal in the rule, and each value indicates whether the exception principal matches the principal in the request.

#relevance

def relevance() -> ::Google::Cloud::PolicyTroubleshooter::Iam::V3::HeuristicRelevance
Returns

#relevance=

def relevance=(value) -> ::Google::Cloud::PolicyTroubleshooter::Iam::V3::HeuristicRelevance
Parameter
Returns