denyAccessState property

Indicates whether this rule denies the specified permission to the specified principal for the specified resource.

This field does not indicate whether the principal is actually denied on the permission for the resource. There might be another rule that overrides this rule. To determine whether the principal actually has the permission, use the overall_access_state field in the TroubleshootIamPolicyResponse.

Required. Possible string values are:

• "DENY_ACCESS_STATE_UNSPECIFIED" : Not specified.
• "DENY_ACCESS_STATE_DENIED" : The deny policy denies the principal the permission.
• "DENY_ACCESS_STATE_NOT_DENIED" : The deny policy doesn't deny the principal the permission.
• "DENY_ACCESS_STATE_UNKNOWN_CONDITIONAL" : The deny policy denies the principal the permission if a condition expression evaluates to true. However, the sender of the request didn't provide enough context for Policy Troubleshooter to evaluate the condition expression.
• "DENY_ACCESS_STATE_UNKNOWN_INFO" : The sender of the request does not have access to all of the deny policies that Policy Troubleshooter needs to evaluate the principal's access.