@@ -511,9 +511,22 @@ message CheckPermissionRequest {
511511
512512message CheckPermissionResponse {
513513 enum Permissionship {
514+ // PERMISSIONSHIP_UNSPECIFIED is the default value and should not be used or
515+ // relied upon. Servers should not return this value.
514516 PERMISSIONSHIP_UNSPECIFIED = 0 ;
517+
518+ // PERMISSIONSHIP_NO_PERMISSION indicates that the subject does not have the
519+ // requested permission on the resource.
515520 PERMISSIONSHIP_NO_PERMISSION = 1 ;
521+
522+ // PERMISSIONSHIP_HAS_PERMISSION indicates that the subject has the requested
523+ // permission on the resource.
516524 PERMISSIONSHIP_HAS_PERMISSION = 2 ;
525+
526+ // PERMISSIONSHIP_CONDITIONAL_PERMISSION indicates that the subject has the
527+ // requested permission on the resource, but only if a caveat condition is met.
528+ // The `partial_caveat_info` field in the response should contain the missing
529+ // context fields that must be provided to fully evaluate the caveat.
517530 PERMISSIONSHIP_CONDITIONAL_PERMISSION = 3 ;
518531 }
519532
@@ -742,8 +755,18 @@ message LookupResourcesRequest {
742755
743756// LookupPermissionship represents whether a Lookup response was partially evaluated or not
744757enum LookupPermissionship {
758+ // LOOKUP_PERMISSIONSHIP_UNSPECIFIED is the default value and should not be used or
759+ // relied upon. Servers should not return this value.
745760 LOOKUP_PERMISSIONSHIP_UNSPECIFIED = 0 ;
761+
762+ // LOOKUP_PERMISSIONSHIP_HAS_PERMISSION indicates that the subject has permission
763+ // on the resource with no missing caveat context.
746764 LOOKUP_PERMISSIONSHIP_HAS_PERMISSION = 1 ;
765+
766+ // LOOKUP_PERMISSIONSHIP_CONDITIONAL_PERMISSION indicates that the subject has
767+ // permission on the resource, but only if a caveat condition is met. The
768+ // `partial_caveat_info` field in the response should contain the missing context
769+ // fields that must be provided to fully evaluate the caveat.
747770 LOOKUP_PERMISSIONSHIP_CONDITIONAL_PERMISSION = 2 ;
748771}
749772
0 commit comments