Reference documentation and code samples for the Google Cloud Policy Troubleshooter Iam V3 Client class DenyPolicyExplanation.
Details about how the relevant IAM deny policies affect the final access state.
Generated from protobuf message google.cloud.policytroubleshooter.iam.v3.DenyPolicyExplanation
Namespace
Google \ Cloud \ PolicyTroubleshooter \ Iam \ V3Methods
__construct
Constructor.
| Parameters | |
|---|---|
| Name | Description | 
| data | arrayOptional. Data for populating the Message object. | 
| ↳ deny_access_state | intIndicates whether the principal is denied the specified permission for the specified resource, based on evaluating all applicable IAM deny policies. | 
| ↳ explained_resources | array<ExplainedDenyResource>List of resources with IAM deny policies that were evaluated to check the principal's denied permissions, with annotations to indicate how each policy contributed to the final result. The list of resources includes the policy for the resource itself, as well as policies that are inherited from higher levels of the resource hierarchy, including the organization, the folder, and the project. The order of the resources starts from the resource and climbs up the resource hierarchy. To learn more about the resource hierarchy, see https://cloud.google.com/iam/help/resource-hierarchy. | 
| ↳ relevance | intThe relevance of the deny policy result to the overall access state. | 
| ↳ permission_deniable | boolIndicates whether the permission to troubleshoot is supported in deny policies. | 
getDenyAccessState
Indicates whether the principal is denied the specified permission for the specified resource, based on evaluating all applicable IAM deny policies.
| Returns | |
|---|---|
| Type | Description | 
| int | Enum of type DenyAccessState. | 
setDenyAccessState
Indicates whether the principal is denied the specified permission for the specified resource, based on evaluating all applicable IAM deny policies.
| Parameter | |
|---|---|
| Name | Description | 
| var | intEnum of type DenyAccessState. | 
| Returns | |
|---|---|
| Type | Description | 
| $this | |
getExplainedResources
List of resources with IAM deny policies that were evaluated to check the principal's denied permissions, with annotations to indicate how each policy contributed to the final result.
The list of resources includes the policy for the resource itself, as well as policies that are inherited from higher levels of the resource hierarchy, including the organization, the folder, and the project. The order of the resources starts from the resource and climbs up the resource hierarchy. To learn more about the resource hierarchy, see https://cloud.google.com/iam/help/resource-hierarchy.
| Returns | |
|---|---|
| Type | Description | 
| Google\Protobuf\Internal\RepeatedField | |
setExplainedResources
List of resources with IAM deny policies that were evaluated to check the principal's denied permissions, with annotations to indicate how each policy contributed to the final result.
The list of resources includes the policy for the resource itself, as well as policies that are inherited from higher levels of the resource hierarchy, including the organization, the folder, and the project. The order of the resources starts from the resource and climbs up the resource hierarchy. To learn more about the resource hierarchy, see https://cloud.google.com/iam/help/resource-hierarchy.
| Parameter | |
|---|---|
| Name | Description | 
| var | array<ExplainedDenyResource> | 
| Returns | |
|---|---|
| Type | Description | 
| $this | |
getRelevance
The relevance of the deny policy result to the overall access state.
| Returns | |
|---|---|
| Type | Description | 
| int | Enum of type HeuristicRelevance. | 
setRelevance
The relevance of the deny policy result to the overall access state.
| Parameter | |
|---|---|
| Name | Description | 
| var | intEnum of type HeuristicRelevance. | 
| Returns | |
|---|---|
| Type | Description | 
| $this | |
getPermissionDeniable
Indicates whether the permission to troubleshoot is supported in deny policies.
| Returns | |
|---|---|
| Type | Description | 
| bool | |
setPermissionDeniable
Indicates whether the permission to troubleshoot is supported in deny policies.
| Parameter | |
|---|---|
| Name | Description | 
| var | bool | 
| Returns | |
|---|---|
| Type | Description | 
| $this | |