GoogleCloudPolicysimulatorV1BindingExplanation
import type { GoogleCloudPolicysimulatorV1BindingExplanation } from "https://googleapis.deno.dev/v1/policysimulator:v1.ts";
Details about how a binding in a policy affects a principal's ability to use a permission.
§Properties
Required. Indicates whether this binding provides the specified
permission to the specified principal for the specified resource. This
field does not indicate whether the principal actually has the permission
for the resource. There might be another binding that overrides this
binding. To determine whether the principal actually has the permission,
use the access
field in the TroubleshootIamPolicyResponse.
A condition expression that prevents this binding from granting access
unless the expression evaluates to true
. To learn about IAM Conditions,
see https://cloud.google.com/iam/docs/conditions-overview.
Indicates whether each principal in the binding includes the principal
specified in the request, either directly or indirectly. Each key
identifies a principal in the binding, and each value indicates whether the
principal in the binding includes the principal in the request. For
example, suppose that a binding includes the following principals: *
user:alice@example.com
* group:product-eng@example.com
The principal in
the replayed access tuple is user:bob@example.com
. This user is a
principal of the group group:product-eng@example.com
. For the first
principal in the binding, the key is user:alice@example.com
, and the
membership
field in the value is set to MEMBERSHIP_NOT_INCLUDED
. For
the second principal in the binding, the key is
group:product-eng@example.com
, and the membership
field in the value is
set to MEMBERSHIP_INCLUDED
.
The relevance of this binding to the overall determination for the entire policy.
The role that this binding grants. For example,
roles/compute.serviceAgent
. For a complete list of predefined IAM roles,
as well as the permissions in each role, see
https://cloud.google.com/iam/help/roles/reference.