Policy Troubleshooter V3 API - Class Google::Cloud::PolicyTroubleshooter::Iam::V3::ExplainedAllowPolicy (v0.4.0)

Reference documentation and code samples for the Policy Troubleshooter V3 API class Google::Cloud::PolicyTroubleshooter::Iam::V3::ExplainedAllowPolicy.

Details about how a specific IAM allow policy contributed to the final access state.

Inherits

  • Object

Extended By

  • Google::Protobuf::MessageExts::ClassMethods

Includes

  • Google::Protobuf::MessageExts

Methods

#allow_access_state

def allow_access_state() -> ::Google::Cloud::PolicyTroubleshooter::Iam::V3::AllowAccessState
Returns
  • (::Google::Cloud::PolicyTroubleshooter::Iam::V3::AllowAccessState) — Required. Indicates whether this policy provides the specified permission to the specified principal for the specified resource.

    This field does not indicate whether the principal actually has the permission for the resource. There might be another policy that overrides this policy. To determine whether the principal actually has the permission, use the overall_access_state field in the TroubleshootIamPolicyResponse.

#allow_access_state=

def allow_access_state=(value) -> ::Google::Cloud::PolicyTroubleshooter::Iam::V3::AllowAccessState
Parameter
  • value (::Google::Cloud::PolicyTroubleshooter::Iam::V3::AllowAccessState) — Required. Indicates whether this policy provides the specified permission to the specified principal for the specified resource.

    This field does not indicate whether the principal actually has the permission for the resource. There might be another policy that overrides this policy. To determine whether the principal actually has the permission, use the overall_access_state field in the TroubleshootIamPolicyResponse.

Returns
  • (::Google::Cloud::PolicyTroubleshooter::Iam::V3::AllowAccessState) — Required. Indicates whether this policy provides the specified permission to the specified principal for the specified resource.

    This field does not indicate whether the principal actually has the permission for the resource. There might be another policy that overrides this policy. To determine whether the principal actually has the permission, use the overall_access_state field in the TroubleshootIamPolicyResponse.

#binding_explanations

def binding_explanations() -> ::Array<::Google::Cloud::PolicyTroubleshooter::Iam::V3::AllowBindingExplanation>
Returns
  • (::Array<::Google::Cloud::PolicyTroubleshooter::Iam::V3::AllowBindingExplanation>) — Details about how each role binding in the policy affects the principal's ability, or inability, to use the permission for the resource. The order of the role bindings matches the role binding order in the policy.

    If the sender of the request does not have access to the policy, this field is omitted.

#binding_explanations=

def binding_explanations=(value) -> ::Array<::Google::Cloud::PolicyTroubleshooter::Iam::V3::AllowBindingExplanation>
Parameter
  • value (::Array<::Google::Cloud::PolicyTroubleshooter::Iam::V3::AllowBindingExplanation>) — Details about how each role binding in the policy affects the principal's ability, or inability, to use the permission for the resource. The order of the role bindings matches the role binding order in the policy.

    If the sender of the request does not have access to the policy, this field is omitted.

Returns
  • (::Array<::Google::Cloud::PolicyTroubleshooter::Iam::V3::AllowBindingExplanation>) — Details about how each role binding in the policy affects the principal's ability, or inability, to use the permission for the resource. The order of the role bindings matches the role binding order in the policy.

    If the sender of the request does not have access to the policy, this field is omitted.

#full_resource_name

def full_resource_name() -> ::String
Returns
  • (::String) — The full resource name that identifies the resource. For example, //compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/my-instance.

    If the sender of the request does not have access to the policy, this field is omitted.

    For examples of full resource names for Google Cloud services, see https://cloud.google.com/iam/help/troubleshooter/full-resource-names.

#full_resource_name=

def full_resource_name=(value) -> ::String
Parameter
  • value (::String) — The full resource name that identifies the resource. For example, //compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/my-instance.

    If the sender of the request does not have access to the policy, this field is omitted.

    For examples of full resource names for Google Cloud services, see https://cloud.google.com/iam/help/troubleshooter/full-resource-names.

Returns
  • (::String) — The full resource name that identifies the resource. For example, //compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/my-instance.

    If the sender of the request does not have access to the policy, this field is omitted.

    For examples of full resource names for Google Cloud services, see https://cloud.google.com/iam/help/troubleshooter/full-resource-names.

#policy

def policy() -> ::Google::Iam::V1::Policy
Returns
  • (::Google::Iam::V1::Policy) — The IAM allow policy attached to the resource.

    If the sender of the request does not have access to the policy, this field is empty.

#policy=

def policy=(value) -> ::Google::Iam::V1::Policy
Parameter
  • value (::Google::Iam::V1::Policy) — The IAM allow policy attached to the resource.

    If the sender of the request does not have access to the policy, this field is empty.

Returns
  • (::Google::Iam::V1::Policy) — The IAM allow policy attached to the resource.

    If the sender of the request does not have access to the policy, this field is empty.

#relevance

def relevance() -> ::Google::Cloud::PolicyTroubleshooter::Iam::V3::HeuristicRelevance
Returns

#relevance=

def relevance=(value) -> ::Google::Cloud::PolicyTroubleshooter::Iam::V3::HeuristicRelevance
Parameter
Returns