Policy Troubleshooter V3 API - Class Google::Cloud::PolicyTroubleshooter::Iam::V3::ExplainedDenyPolicy (v0.4.0)

Reference documentation and code samples for the Policy Troubleshooter V3 API class Google::Cloud::PolicyTroubleshooter::Iam::V3::ExplainedDenyPolicy.

Details about how a specific IAM deny policy Policy contributed to the access check.

Inherits

  • Object

Extended By

  • Google::Protobuf::MessageExts::ClassMethods

Includes

  • Google::Protobuf::MessageExts

Methods

#deny_access_state

def deny_access_state() -> ::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyAccessState
Returns
  • (::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyAccessState) — Required. Indicates whether this policy denies the specified permission to the specified principal for the specified resource.

    This field does not indicate whether the principal actually has the permission for the resource. There might be another policy that overrides this policy. To determine whether the principal actually has the permission, use the overall_access_state field in the TroubleshootIamPolicyResponse.

#deny_access_state=

def deny_access_state=(value) -> ::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyAccessState
Parameter
  • value (::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyAccessState) — Required. Indicates whether this policy denies the specified permission to the specified principal for the specified resource.

    This field does not indicate whether the principal actually has the permission for the resource. There might be another policy that overrides this policy. To determine whether the principal actually has the permission, use the overall_access_state field in the TroubleshootIamPolicyResponse.

Returns
  • (::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyAccessState) — Required. Indicates whether this policy denies the specified permission to the specified principal for the specified resource.

    This field does not indicate whether the principal actually has the permission for the resource. There might be another policy that overrides this policy. To determine whether the principal actually has the permission, use the overall_access_state field in the TroubleshootIamPolicyResponse.

#policy

def policy() -> ::Google::Iam::V2::Policy
Returns
  • (::Google::Iam::V2::Policy) — The IAM deny policy attached to the resource.

    If the sender of the request does not have access to the policy, this field is omitted.

#policy=

def policy=(value) -> ::Google::Iam::V2::Policy
Parameter
  • value (::Google::Iam::V2::Policy) — The IAM deny policy attached to the resource.

    If the sender of the request does not have access to the policy, this field is omitted.

Returns
  • (::Google::Iam::V2::Policy) — The IAM deny policy attached to the resource.

    If the sender of the request does not have access to the policy, this field is omitted.

#relevance

def relevance() -> ::Google::Cloud::PolicyTroubleshooter::Iam::V3::HeuristicRelevance
Returns

#relevance=

def relevance=(value) -> ::Google::Cloud::PolicyTroubleshooter::Iam::V3::HeuristicRelevance
Parameter
Returns

#rule_explanations

def rule_explanations() -> ::Array<::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation>
Returns
  • (::Array<::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation>) — Details about how each rule in the policy affects the principal's inability to use the permission for the resource. The order of the deny rule matches the order of the rules in the deny policy.

    If the sender of the request does not have access to the policy, this field is omitted.

#rule_explanations=

def rule_explanations=(value) -> ::Array<::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation>
Parameter
  • value (::Array<::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation>) — Details about how each rule in the policy affects the principal's inability to use the permission for the resource. The order of the deny rule matches the order of the rules in the deny policy.

    If the sender of the request does not have access to the policy, this field is omitted.

Returns
  • (::Array<::Google::Cloud::PolicyTroubleshooter::Iam::V3::DenyRuleExplanation>) — Details about how each rule in the policy affects the principal's inability to use the permission for the resource. The order of the deny rule matches the order of the rules in the deny policy.

    If the sender of the request does not have access to the policy, this field is omitted.