Google Cloud Policy Troubleshooter Iam V3 Client - Class AllowBindingExplanation (0.2.7)

Reference documentation and code samples for the Google Cloud Policy Troubleshooter Iam V3 Client class AllowBindingExplanation.

Details about how a role binding in an allow policy affects a principal's ability to use a permission.

Generated from protobuf message google.cloud.policytroubleshooter.iam.v3.AllowBindingExplanation

Namespace

Google \ Cloud \ PolicyTroubleshooter \ Iam \ V3

Methods

__construct

Constructor.

Parameters
Name Description
data array

Optional. Data for populating the Message object.

↳ allow_access_state int

Required. Indicates whether this role binding gives the specified permission to the specified principal on the specified resource. This field does not indicate whether the principal actually has the permission on the resource. There might be another role binding that overrides this role binding. To determine whether the principal actually has the permission, use the overall_access_state field in the TroubleshootIamPolicyResponse.

↳ role string

The role that this role binding grants. For example, roles/compute.admin. For a complete list of predefined IAM roles, as well as the permissions in each role, see https://cloud.google.com/iam/help/roles/reference.

↳ role_permission int

Indicates whether the role granted by this role binding contains the specified permission.

↳ role_permission_relevance int

The relevance of the permission's existence, or nonexistence, in the role to the overall determination for the entire policy.

↳ combined_membership AllowBindingExplanation\AnnotatedAllowMembership

The combined result of all memberships. Indicates if the principal is included in any role binding, either directly or indirectly.

↳ memberships array|Google\Protobuf\Internal\MapField

Indicates whether each role binding includes the principal specified in the request, either directly or indirectly. Each key identifies a principal in the role binding, and each value indicates whether the principal in the role binding includes the principal in the request. For example, suppose that a role binding includes the following principals: * * user:alice@example.com * * group:product-eng@example.com You want to troubleshoot access for user:bob@example.com. This user is a member of the group group:product-eng@example.com. For the first principal in the role binding, the key is user:alice@example.com, and the membership field in the value is set to NOT_INCLUDED. For the second principal in the role binding, the key is group:product-eng@example.com, and the membership field in the value is set to INCLUDED.

↳ relevance int

The relevance of this role binding to the overall determination for the entire policy.

↳ condition Google\Type\Expr

A condition expression that specifies when the role binding grants access. To learn about IAM Conditions, see https://cloud.google.com/iam/help/conditions/overview.

↳ condition_explanation ConditionExplanation

Condition evaluation state for this role binding.

getAllowAccessState

Required. Indicates whether this role binding gives the specified permission to the specified principal on the specified resource.

This field does not indicate whether the principal actually has the permission on the resource. There might be another role binding that overrides this role binding. To determine whether the principal actually has the permission, use the overall_access_state field in the TroubleshootIamPolicyResponse.

Returns
Type Description
int

setAllowAccessState

Required. Indicates whether this role binding gives the specified permission to the specified principal on the specified resource.

This field does not indicate whether the principal actually has the permission on the resource. There might be another role binding that overrides this role binding. To determine whether the principal actually has the permission, use the overall_access_state field in the TroubleshootIamPolicyResponse.

Parameter
Name Description
var int
Returns
Type Description
$this

getRole

The role that this role binding grants. For example, roles/compute.admin.

For a complete list of predefined IAM roles, as well as the permissions in each role, see https://cloud.google.com/iam/help/roles/reference.

Returns
Type Description
string

setRole

The role that this role binding grants. For example, roles/compute.admin.

For a complete list of predefined IAM roles, as well as the permissions in each role, see https://cloud.google.com/iam/help/roles/reference.

Parameter
Name Description
var string
Returns
Type Description
$this

getRolePermission

Indicates whether the role granted by this role binding contains the specified permission.

Returns
Type Description
int

setRolePermission

Indicates whether the role granted by this role binding contains the specified permission.

Parameter
Name Description
var int
Returns
Type Description
$this

getRolePermissionRelevance

The relevance of the permission's existence, or nonexistence, in the role to the overall determination for the entire policy.

Returns
Type Description
int

setRolePermissionRelevance

The relevance of the permission's existence, or nonexistence, in the role to the overall determination for the entire policy.

Parameter
Name Description
var int
Returns
Type Description
$this

getCombinedMembership

The combined result of all memberships. Indicates if the principal is included in any role binding, either directly or indirectly.

Returns
Type Description
AllowBindingExplanation\AnnotatedAllowMembership|null

hasCombinedMembership

clearCombinedMembership

setCombinedMembership

The combined result of all memberships. Indicates if the principal is included in any role binding, either directly or indirectly.

Parameter
Name Description
var AllowBindingExplanation\AnnotatedAllowMembership
Returns
Type Description
$this

getMemberships

Indicates whether each role binding includes the principal specified in the request, either directly or indirectly. Each key identifies a principal in the role binding, and each value indicates whether the principal in the role binding includes the principal in the request.

For example, suppose that a role binding includes the following principals:

  • user:alice@example.com
  • group:product-eng@example.com You want to troubleshoot access for user:bob@example.com. This user is a member of the group group:product-eng@example.com. For the first principal in the role binding, the key is user:alice@example.com, and the membership field in the value is set to NOT_INCLUDED. For the second principal in the role binding, the key is group:product-eng@example.com, and the membership field in the value is set to INCLUDED.
Returns
Type Description
Google\Protobuf\Internal\MapField

setMemberships

Indicates whether each role binding includes the principal specified in the request, either directly or indirectly. Each key identifies a principal in the role binding, and each value indicates whether the principal in the role binding includes the principal in the request.

For example, suppose that a role binding includes the following principals:

  • user:alice@example.com
  • group:product-eng@example.com You want to troubleshoot access for user:bob@example.com. This user is a member of the group group:product-eng@example.com. For the first principal in the role binding, the key is user:alice@example.com, and the membership field in the value is set to NOT_INCLUDED. For the second principal in the role binding, the key is group:product-eng@example.com, and the membership field in the value is set to INCLUDED.
Parameter
Name Description
var array|Google\Protobuf\Internal\MapField
Returns
Type Description
$this

getRelevance

The relevance of this role binding to the overall determination for the entire policy.

Returns
Type Description
int

setRelevance

The relevance of this role binding to the overall determination for the entire policy.

Parameter
Name Description
var int
Returns
Type Description
$this

getCondition

A condition expression that specifies when the role binding grants access.

To learn about IAM Conditions, see https://cloud.google.com/iam/help/conditions/overview.

Returns
Type Description
Google\Type\Expr|null

hasCondition

clearCondition

setCondition

A condition expression that specifies when the role binding grants access.

To learn about IAM Conditions, see https://cloud.google.com/iam/help/conditions/overview.

Parameter
Name Description
var Google\Type\Expr
Returns
Type Description
$this

getConditionExplanation

Condition evaluation state for this role binding.

Returns
Type Description
ConditionExplanation|null

hasConditionExplanation

clearConditionExplanation

setConditionExplanation

Condition evaluation state for this role binding.

Parameter
Name Description
var ConditionExplanation
Returns
Type Description
$this