#[non_exhaustive]pub struct AccessAnalysisResult {
pub access_level: Option<String>,
pub access_type: Option<String>,
pub accessors: Option<Vec<User>>,
pub additional_restrictions: Option<Vec<AdditionalRestriction>>,
pub condition_keys: Option<Vec<KeyValueObject>>,
pub granted_privileges: Option<Vec<String>>,
}Expand description
Access Analysis Result
The Access Analysis Result object describes access relationships and pathways between identities, resources, focusing on who can access what and through which mechanisms. This evaluates access levels (read/write/admin), access types (direct, cross-account, public, federated), and the conditions under which access is granted. Use this for resource-centric security assessments such as external access discovery, public exposure analysis, etc.
[] Category: | Name: access_analysis_result
Fields (Non-exhaustive)§
This struct is marked as non-exhaustive
Struct { .. } syntax; cannot be matched against without a wildcard ..; and struct update syntax will not work.access_level: Option<String>Access Level
The generalized access level or permission scope granted to the identity through the analyzed policy configuration. Common examples include Read, Write, List, Delete, Admin, or custom permission levels.
recommended
access_type: Option<String>Access Type
The type or category of access being granted to the identity. This describes the nature of the access relationship, such as cross-account access, public access, federated access, or third-party integration access. Examples include ‘Cross-Account’, ‘Public’, ‘Federated’, ‘Service-to-Service’, etc.
optional
accessors: Option<Vec<User>>Accessors
The identities that are granted access through the analyzed policy configuration. This identifies the specific entity that can exercise the permissions and helps assess the access relationship and potential security implications. Examples include user accounts, service principals, roles, account identifiers, or system identities.
required
additional_restrictions: Option<Vec<AdditionalRestriction>>Additional Restrictions
Details about supplementary restrictions and guardrails that may limit the granted access, applied through additional policy types such as Resource Control Policies (RCPs) and Service Control Policies (SCPs) in AWS, or other policy constraints.
optional
condition_keys: Option<Vec<KeyValueObject>>Condition Keys
The condition keys and their values that constrain when and how the granted access can be exercised. These conditions define the circumstances under which the access relationship is valid and the privileges can be used. Examples: IP address restrictions like ‘aws:SourceIp:192.0.2.0/24’, time-based constraints like ‘aws:RequestedRegion:us-east-1’, MFA requirements like ‘aws:MultiFactorAuthPresent:true’, or custom conditions based on resource tags and request context.
optional
granted_privileges: Option<Vec<String>>Granted Privileges
The specific privileges, actions, or permissions that are granted through the analyzed access relationship. This includes the actual operations that the accessor can perform on the target resource. Examples: AWS actions like ‘sts:AssumeRole’, ‘s3:GetObject’, ‘ec2:DescribeInstances’; Azure actions like ‘Microsoft.Storage/storageAccounts/read’; or GCP permissions like ‘storage.objects.get’.
optional
Trait Implementations§
Source§impl Clone for AccessAnalysisResult
impl Clone for AccessAnalysisResult
Source§fn clone(&self) -> AccessAnalysisResult
fn clone(&self) -> AccessAnalysisResult
1.0.0 · Source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source. Read more