Skip to content

/AWS1/CL_AANACCESSPREVIEWFNDG

An access preview finding generated by the access preview.

CONSTRUCTOR

IMPORTING

Required arguments:

iv_id TYPE /AWS1/AANACCESSPREVIEWFNDGID /AWS1/AANACCESSPREVIEWFNDGID

The ID of the access preview finding. This ID uniquely identifies the element in the list of access preview findings and is not related to the finding ID in Access Analyzer.

iv_resourcetype TYPE /AWS1/AANRESOURCETYPE /AWS1/AANRESOURCETYPE

The type of the resource that can be accessed in the finding.

iv_createdat TYPE /AWS1/AANTIMESTAMP /AWS1/AANTIMESTAMP

The time at which the access preview finding was created.

iv_changetype TYPE /AWS1/AANFINDINGCHANGETYPE /AWS1/AANFINDINGCHANGETYPE

Provides context on how the access preview finding compares to existing access identified in IAM Access Analyzer.

  • New - The finding is for newly-introduced access.

  • Unchanged - The preview finding is an existing finding that would remain unchanged.

  • Changed - The preview finding is an existing finding with a change in status.

For example, a Changed finding with preview status Resolved and existing status Active indicates the existing Active finding would become Resolved as a result of the proposed permissions change.

iv_status TYPE /AWS1/AANFINDINGSTATUS /AWS1/AANFINDINGSTATUS

The preview status of the finding. This is what the status of the finding would be after permissions deployment. For example, a Changed finding with preview status Resolved and existing status Active indicates the existing Active finding would become Resolved as a result of the proposed permissions change.

iv_resourceowneraccount TYPE /AWS1/AANSTRING /AWS1/AANSTRING

The Amazon Web Services account ID that owns the resource. For most Amazon Web Services resources, the owning account is the account in which the resource was created.

Optional arguments:

iv_existingfindingid TYPE /AWS1/AANFINDINGID /AWS1/AANFINDINGID

The existing ID of the finding in IAM Access Analyzer, provided only for existing findings.

iv_existingfindingstatus TYPE /AWS1/AANFINDINGSTATUS /AWS1/AANFINDINGSTATUS

The existing status of the finding, provided only for existing findings.

it_principal TYPE /AWS1/CL_AANPRINCIPALMAP_W=>TT_PRINCIPALMAP TT_PRINCIPALMAP

The external principal that has access to a resource within the zone of trust.

it_action TYPE /AWS1/CL_AANACTIONLIST_W=>TT_ACTIONLIST TT_ACTIONLIST

The action in the analyzed policy statement that an external principal has permission to perform.

it_condition TYPE /AWS1/CL_AANCONDITIONKEYMAP_W=>TT_CONDITIONKEYMAP TT_CONDITIONKEYMAP

The condition in the analyzed policy statement that resulted in a finding.

iv_resource TYPE /AWS1/AANSTRING /AWS1/AANSTRING

The resource that an external principal has access to. This is the resource associated with the access preview.

iv_ispublic TYPE /AWS1/AANBOOLEAN /AWS1/AANBOOLEAN

Indicates whether the policy that generated the finding allows public access to the resource.

iv_error TYPE /AWS1/AANSTRING /AWS1/AANSTRING

An error.

it_sources TYPE /AWS1/CL_AANFINDINGSOURCE=>TT_FINDINGSOURCELIST TT_FINDINGSOURCELIST

The sources of the finding. This indicates how the access that generated the finding is granted. It is populated for Amazon S3 bucket findings.

iv_resourcectlplyrestriction TYPE /AWS1/AANRESRCCTLPLYRESTRICT00 /AWS1/AANRESRCCTLPLYRESTRICT00

The type of restriction applied to the finding by the resource owner with an Organizations resource control policy (RCP).

Queryable Attributes

id

The ID of the access preview finding. This ID uniquely identifies the element in the list of access preview findings and is not related to the finding ID in Access Analyzer.

Accessible with the following methods

Method Description
GET_ID() Getter for ID, with configurable default
ASK_ID() Getter for ID w/ exceptions if field has no value
HAS_ID() Determine if ID has a value

existingFindingId

The existing ID of the finding in IAM Access Analyzer, provided only for existing findings.

Accessible with the following methods

Method Description
GET_EXISTINGFINDINGID() Getter for EXISTINGFINDINGID, with configurable default
ASK_EXISTINGFINDINGID() Getter for EXISTINGFINDINGID w/ exceptions if field has no v
HAS_EXISTINGFINDINGID() Determine if EXISTINGFINDINGID has a value

existingFindingStatus

The existing status of the finding, provided only for existing findings.

Accessible with the following methods

Method Description
GET_EXISTINGFINDINGSTATUS() Getter for EXISTINGFINDINGSTATUS, with configurable default
ASK_EXISTINGFINDINGSTATUS() Getter for EXISTINGFINDINGSTATUS w/ exceptions if field has
HAS_EXISTINGFINDINGSTATUS() Determine if EXISTINGFINDINGSTATUS has a value

principal

The external principal that has access to a resource within the zone of trust.

Accessible with the following methods

Method Description
GET_PRINCIPAL() Getter for PRINCIPAL, with configurable default
ASK_PRINCIPAL() Getter for PRINCIPAL w/ exceptions if field has no value
HAS_PRINCIPAL() Determine if PRINCIPAL has a value

action

The action in the analyzed policy statement that an external principal has permission to perform.

Accessible with the following methods

Method Description
GET_ACTION() Getter for ACTION, with configurable default
ASK_ACTION() Getter for ACTION w/ exceptions if field has no value
HAS_ACTION() Determine if ACTION has a value

condition

The condition in the analyzed policy statement that resulted in a finding.

Accessible with the following methods

Method Description
GET_CONDITION() Getter for CONDITION, with configurable default
ASK_CONDITION() Getter for CONDITION w/ exceptions if field has no value
HAS_CONDITION() Determine if CONDITION has a value

resource

The resource that an external principal has access to. This is the resource associated with the access preview.

Accessible with the following methods

Method Description
GET_RESOURCE() Getter for RESOURCE, with configurable default
ASK_RESOURCE() Getter for RESOURCE w/ exceptions if field has no value
HAS_RESOURCE() Determine if RESOURCE has a value

isPublic

Indicates whether the policy that generated the finding allows public access to the resource.

Accessible with the following methods

Method Description
GET_ISPUBLIC() Getter for ISPUBLIC, with configurable default
ASK_ISPUBLIC() Getter for ISPUBLIC w/ exceptions if field has no value
HAS_ISPUBLIC() Determine if ISPUBLIC has a value

resourceType

The type of the resource that can be accessed in the finding.

Accessible with the following methods

Method Description
GET_RESOURCETYPE() Getter for RESOURCETYPE, with configurable default
ASK_RESOURCETYPE() Getter for RESOURCETYPE w/ exceptions if field has no value
HAS_RESOURCETYPE() Determine if RESOURCETYPE has a value

createdAt

The time at which the access preview finding was created.

Accessible with the following methods

Method Description
GET_CREATEDAT() Getter for CREATEDAT, with configurable default
ASK_CREATEDAT() Getter for CREATEDAT w/ exceptions if field has no value
HAS_CREATEDAT() Determine if CREATEDAT has a value

changeType

Provides context on how the access preview finding compares to existing access identified in IAM Access Analyzer.

  • New - The finding is for newly-introduced access.

  • Unchanged - The preview finding is an existing finding that would remain unchanged.

  • Changed - The preview finding is an existing finding with a change in status.

For example, a Changed finding with preview status Resolved and existing status Active indicates the existing Active finding would become Resolved as a result of the proposed permissions change.

Accessible with the following methods

Method Description
GET_CHANGETYPE() Getter for CHANGETYPE, with configurable default
ASK_CHANGETYPE() Getter for CHANGETYPE w/ exceptions if field has no value
HAS_CHANGETYPE() Determine if CHANGETYPE has a value

status

The preview status of the finding. This is what the status of the finding would be after permissions deployment. For example, a Changed finding with preview status Resolved and existing status Active indicates the existing Active finding would become Resolved as a result of the proposed permissions change.

Accessible with the following methods

Method Description
GET_STATUS() Getter for STATUS, with configurable default
ASK_STATUS() Getter for STATUS w/ exceptions if field has no value
HAS_STATUS() Determine if STATUS has a value

resourceOwnerAccount

The Amazon Web Services account ID that owns the resource. For most Amazon Web Services resources, the owning account is the account in which the resource was created.

Accessible with the following methods

Method Description
GET_RESOURCEOWNERACCOUNT() Getter for RESOURCEOWNERACCOUNT, with configurable default
ASK_RESOURCEOWNERACCOUNT() Getter for RESOURCEOWNERACCOUNT w/ exceptions if field has n
HAS_RESOURCEOWNERACCOUNT() Determine if RESOURCEOWNERACCOUNT has a value

error

An error.

Accessible with the following methods

Method Description
GET_ERROR() Getter for ERROR, with configurable default
ASK_ERROR() Getter for ERROR w/ exceptions if field has no value
HAS_ERROR() Determine if ERROR has a value

sources

The sources of the finding. This indicates how the access that generated the finding is granted. It is populated for Amazon S3 bucket findings.

Accessible with the following methods

Method Description
GET_SOURCES() Getter for SOURCES, with configurable default
ASK_SOURCES() Getter for SOURCES w/ exceptions if field has no value
HAS_SOURCES() Determine if SOURCES has a value

resourceControlPolicyRestriction

The type of restriction applied to the finding by the resource owner with an Organizations resource control policy (RCP).

Accessible with the following methods

Method Description
GET_RESRCCTLPLYRESTRICTION() Getter for RESOURCECTLPOLICYRESTRICTION, with configurable d
ASK_RESRCCTLPLYRESTRICTION() Getter for RESOURCECTLPOLICYRESTRICTION w/ exceptions if fie
HAS_RESRCCTLPLYRESTRICTION() Determine if RESOURCECTLPOLICYRESTRICTION has a value

Public Local Types In This Class

Internal table types, representing arrays and maps of this class, are defined as local types:

TT_ACCESSPREVIEWFINDINGSLIST

TYPES TT_ACCESSPREVIEWFINDINGSLIST TYPE STANDARD TABLE OF REF TO /AWS1/CL_AANACCESSPREVIEWFNDG WITH DEFAULT KEY
.