Reference documentation and code samples for the Google Cloud Policy Troubleshooter Iam V3 Client class AllowBindingExplanation.
Details about how a role binding in an allow policy affects a principal's ability to use a permission.
Generated from protobuf message google.cloud.policytroubleshooter.iam.v3.AllowBindingExplanation
Namespace
Google \ Cloud \ PolicyTroubleshooter \ Iam \ V3Methods
__construct
Constructor.
Parameters | |
---|---|
Name | Description |
data |
array
Optional. Data for populating the Message object. |
↳ allow_access_state |
int
Required. Indicates whether this role binding gives the specified permission to the specified principal on the specified resource. This field does not indicate whether the principal actually has the permission on the resource. There might be another role binding that overrides this role binding. To determine whether the principal actually has the permission, use the |
↳ role |
string
The role that this role binding grants. For example, |
↳ role_permission |
int
Indicates whether the role granted by this role binding contains the specified permission. |
↳ role_permission_relevance |
int
The relevance of the permission's existence, or nonexistence, in the role to the overall determination for the entire policy. |
↳ combined_membership |
AllowBindingExplanation\AnnotatedAllowMembership
The combined result of all memberships. Indicates if the principal is included in any role binding, either directly or indirectly. |
↳ memberships |
array|Google\Protobuf\Internal\MapField
Indicates whether each role binding includes the principal specified in the request, either directly or indirectly. Each key identifies a principal in the role binding, and each value indicates whether the principal in the role binding includes the principal in the request. For example, suppose that a role binding includes the following principals: * * |
↳ relevance |
int
The relevance of this role binding to the overall determination for the entire policy. |
↳ condition |
Google\Type\Expr
A condition expression that specifies when the role binding grants access. To learn about IAM Conditions, see https://cloud.google.com/iam/help/conditions/overview. |
↳ condition_explanation |
ConditionExplanation
Condition evaluation state for this role binding. |
getAllowAccessState
Required. Indicates whether this role binding gives the specified permission to the specified principal on the specified resource.
This field does not indicate whether the principal actually has the
permission on the resource. There might be another role binding that
overrides this role binding. To determine whether the principal actually
has the permission, use the overall_access_state
field in the
TroubleshootIamPolicyResponse.
Returns | |
---|---|
Type | Description |
int |
setAllowAccessState
Required. Indicates whether this role binding gives the specified permission to the specified principal on the specified resource.
This field does not indicate whether the principal actually has the
permission on the resource. There might be another role binding that
overrides this role binding. To determine whether the principal actually
has the permission, use the overall_access_state
field in the
TroubleshootIamPolicyResponse.
Parameter | |
---|---|
Name | Description |
var |
int
|
Returns | |
---|---|
Type | Description |
$this |
getRole
The role that this role binding grants. For example,
roles/compute.admin
.
For a complete list of predefined IAM roles, as well as the permissions in each role, see https://cloud.google.com/iam/help/roles/reference.
Returns | |
---|---|
Type | Description |
string |
setRole
The role that this role binding grants. For example,
roles/compute.admin
.
For a complete list of predefined IAM roles, as well as the permissions in each role, see https://cloud.google.com/iam/help/roles/reference.
Parameter | |
---|---|
Name | Description |
var |
string
|
Returns | |
---|---|
Type | Description |
$this |
getRolePermission
Indicates whether the role granted by this role binding contains the specified permission.
Returns | |
---|---|
Type | Description |
int |
setRolePermission
Indicates whether the role granted by this role binding contains the specified permission.
Parameter | |
---|---|
Name | Description |
var |
int
|
Returns | |
---|---|
Type | Description |
$this |
getRolePermissionRelevance
The relevance of the permission's existence, or nonexistence, in the role to the overall determination for the entire policy.
Returns | |
---|---|
Type | Description |
int |
setRolePermissionRelevance
The relevance of the permission's existence, or nonexistence, in the role to the overall determination for the entire policy.
Parameter | |
---|---|
Name | Description |
var |
int
|
Returns | |
---|---|
Type | Description |
$this |
getCombinedMembership
The combined result of all memberships. Indicates if the principal is included in any role binding, either directly or indirectly.
Returns | |
---|---|
Type | Description |
AllowBindingExplanation\AnnotatedAllowMembership|null |
hasCombinedMembership
clearCombinedMembership
setCombinedMembership
The combined result of all memberships. Indicates if the principal is included in any role binding, either directly or indirectly.
Parameter | |
---|---|
Name | Description |
var |
AllowBindingExplanation\AnnotatedAllowMembership
|
Returns | |
---|---|
Type | Description |
$this |
getMemberships
Indicates whether each role binding includes the principal specified in the request, either directly or indirectly. Each key identifies a principal in the role binding, and each value indicates whether the principal in the role binding includes the principal in the request.
For example, suppose that a role binding includes the following principals:
user:alice@example.com
group:product-eng@example.com
You want to troubleshoot access foruser:bob@example.com
. This user is a member of the groupgroup:product-eng@example.com
. For the first principal in the role binding, the key isuser:alice@example.com
, and themembership
field in the value is set toNOT_INCLUDED
. For the second principal in the role binding, the key isgroup:product-eng@example.com
, and themembership
field in the value is set toINCLUDED
.
Returns | |
---|---|
Type | Description |
Google\Protobuf\Internal\MapField |
setMemberships
Indicates whether each role binding includes the principal specified in the request, either directly or indirectly. Each key identifies a principal in the role binding, and each value indicates whether the principal in the role binding includes the principal in the request.
For example, suppose that a role binding includes the following principals:
user:alice@example.com
group:product-eng@example.com
You want to troubleshoot access foruser:bob@example.com
. This user is a member of the groupgroup:product-eng@example.com
. For the first principal in the role binding, the key isuser:alice@example.com
, and themembership
field in the value is set toNOT_INCLUDED
. For the second principal in the role binding, the key isgroup:product-eng@example.com
, and themembership
field in the value is set toINCLUDED
.
Parameter | |
---|---|
Name | Description |
var |
array|Google\Protobuf\Internal\MapField
|
Returns | |
---|---|
Type | Description |
$this |
getRelevance
The relevance of this role binding to the overall determination for the entire policy.
Returns | |
---|---|
Type | Description |
int |
setRelevance
The relevance of this role binding to the overall determination for the entire policy.
Parameter | |
---|---|
Name | Description |
var |
int
|
Returns | |
---|---|
Type | Description |
$this |
getCondition
A condition expression that specifies when the role binding grants access.
To learn about IAM Conditions, see https://cloud.google.com/iam/help/conditions/overview.
Returns | |
---|---|
Type | Description |
Google\Type\Expr|null |
hasCondition
clearCondition
setCondition
A condition expression that specifies when the role binding grants access.
To learn about IAM Conditions, see https://cloud.google.com/iam/help/conditions/overview.
Parameter | |
---|---|
Name | Description |
var |
Google\Type\Expr
|
Returns | |
---|---|
Type | Description |
$this |
getConditionExplanation
Condition evaluation state for this role binding.
Returns | |
---|---|
Type | Description |
ConditionExplanation|null |
hasConditionExplanation
clearConditionExplanation
setConditionExplanation
Condition evaluation state for this role binding.
Parameter | |
---|---|
Name | Description |
var |
ConditionExplanation
|
Returns | |
---|---|
Type | Description |
$this |