GoogleCloudPolicytroubleshooterV1BindingExplanation
import type { GoogleCloudPolicytroubleshooterV1BindingExplanation } from "https://googleapis.deno.dev/v1/policytroubleshooter:v1.ts";
Details about how a binding in a policy affects a principal's ability to use a permission.
§Properties
Required. Indicates whether this binding provides the specified
permission to the specified principal for the specified resource. This
field does not indicate whether the principal actually has the permission
for the resource. There might be another binding that overrides this
binding. To determine whether the principal actually has the permission,
use the access
field in the TroubleshootIamPolicyResponse.
A condition expression that prevents this binding from granting access
unless the expression evaluates to true
. To learn about IAM Conditions,
see https://cloud.google.com/iam/help/conditions/overview.
Indicates whether each principal in the binding includes the principal
specified in the request, either directly or indirectly. Each key
identifies a principal in the binding, and each value indicates whether the
principal in the binding includes the principal in the request. For
example, suppose that a binding includes the following principals: *
user:alice@example.com
* group:product-eng@example.com
You want to
troubleshoot access for user:bob@example.com
. This user is a principal of
the group group:product-eng@example.com
. For the first principal in the
binding, the key is user:alice@example.com
, and the membership
field in
the value is set to MEMBERSHIP_NOT_INCLUDED
. For the second principal in
the binding, the key is group:product-eng@example.com
, and the
membership
field in the value is set to MEMBERSHIP_INCLUDED
.
The relevance of this binding to the overall determination for the entire policy.
The role that this binding grants. For example,
roles/compute.serviceAgent
. For a complete list of predefined IAM roles,
as well as the permissions in each role, see
https://cloud.google.com/iam/help/roles/reference.