public sealed class ExplainedPolicy : IMessage<ExplainedPolicy>, IEquatable<ExplainedPolicy>, IDeepCloneable<ExplainedPolicy>, IBufferMessage, IMessageReference documentation and code samples for the Policy Simulator v1 API class ExplainedPolicy.
Details about how a specific IAM [Policy][google.iam.v1.Policy] contributed to the access check.
Implements
IMessageExplainedPolicy, IEquatableExplainedPolicy, IDeepCloneableExplainedPolicy, IBufferMessage, IMessageNamespace
Google.Cloud.PolicySimulator.V1Assembly
Google.Cloud.PolicySimulator.V1.dll
Constructors
ExplainedPolicy()
public ExplainedPolicy()ExplainedPolicy(ExplainedPolicy)
public ExplainedPolicy(ExplainedPolicy other)| Parameter | |
|---|---|
| Name | Description |
other |
ExplainedPolicy |
Properties
Access
public AccessState Access { get; set; }Indicates whether this policy provides the specified permission to the specified principal for the specified resource.
This field does not indicate whether the principal actually has the
permission for the resource. There might be another policy that overrides
this policy. To determine whether the principal actually has the
permission, use the access field in the
[TroubleshootIamPolicyResponse][IamChecker.TroubleshootIamPolicyResponse].
| Property Value | |
|---|---|
| Type | Description |
AccessState |
|
BindingExplanations
public RepeatedField<BindingExplanation> BindingExplanations { get; }Details about how each binding in the policy affects the principal's ability, or inability, to use the permission for the resource.
If the user who created the [Replay][google.cloud.policysimulator.v1.Replay] does not have access to the policy, this field is omitted.
| Property Value | |
|---|---|
| Type | Description |
RepeatedFieldBindingExplanation |
|
FullResourceName
public string FullResourceName { get; set; }The full resource name that identifies the resource. For example,
//compute.googleapis.com/projects/my-project/zones/us-central1-a/instances/my-instance.
If the user who created the [Replay][google.cloud.policysimulator.v1.Replay] does not have access to the policy, this field is omitted.
For examples of full resource names for Google Cloud services, see https://cloud.google.com/iam/help/troubleshooter/full-resource-names.
| Property Value | |
|---|---|
| Type | Description |
string |
|
Policy
public Policy Policy { get; set; }The IAM policy attached to the resource.
If the user who created the [Replay][google.cloud.policysimulator.v1.Replay] does not have access to the policy, this field is empty.
| Property Value | |
|---|---|
| Type | Description |
Policy |
|
Relevance
public HeuristicRelevance Relevance { get; set; }The relevance of this policy to the overall determination in the [TroubleshootIamPolicyResponse][IamChecker.TroubleshootIamPolicyResponse].
If the user who created the [Replay][google.cloud.policysimulator.v1.Replay] does not have access to the policy, this field is omitted.
| Property Value | |
|---|---|
| Type | Description |
HeuristicRelevance |
|