- HTTP request
- Path parameters
- Query parameters
- Request body
- Response body
- Authorization scopes
- IamPolicySearchResult
- Explanation
- Permissions
- Try it!
Searches all IAM policies within the specified scope, such as a project, folder, or organization. The caller must be granted the cloudasset.assets.searchAllIamPolicies
permission on the desired scope, otherwise the request will be rejected.
HTTP request
GET https://cloudasset.googleapis.com/v1/{scope=*/*}:searchAllIamPolicies
The URL uses gRPC Transcoding syntax.
Path parameters
Parameters | |
---|---|
scope |
Required. A scope can be a project, a folder, or an organization. The search is limited to the IAM policies within the The allowed values are:
Authorization requires the following IAM permission on the specified resource
|
Query parameters
Parameters | |
---|---|
query |
Optional. The query statement. See how to construct a query for more information. If not specified or empty, it will search all the IAM policies within the specified Examples:
|
pageSize |
Optional. The page size for search result pagination. Page size is capped at 500 even if a larger value is given. If set to zero or a negative value, server will pick an appropriate default. Returned results may be fewer than requested. When this happens, there could be more results as long as |
pageToken |
Optional. If present, retrieve the next batch of results from the preceding call to this method. |
assetTypes[] |
Optional. A list of asset types that the IAM policies are attached to. If empty, it will search the IAM policies that are attached to all the asset types supported by search APIs Regular expressions are also supported. For example:
See RE2 for all supported regular expression syntax. If the regular expression does not match any supported asset type, an INVALID_ARGUMENT error will be returned. |
orderBy |
Optional. A comma-separated list of fields specifying the sorting order of the results. The default order is ascending. Add " DESC" after the field name to indicate descending order. Redundant space characters are ignored. Example: "assetType DESC, resource". Only singular primitive fields in the response are sortable: * resource * assetType * project All the other fields such as repeated fields (e.g., |
Request body
The request body must be empty.
Response body
Search all IAM policies response.
If successful, the response body contains data with the following structure:
JSON representation |
---|
{
"results": [
{
object ( |
Fields | |
---|---|
results[] |
A list of IAM policies that match the search query. Related information such as the associated resource is returned along with the policy. |
nextPageToken |
Set if there are more results than those appearing in this response; to get the next set of results, call this method again, using this value as the |
Authorization scopes
Requires the following OAuth scope:
https://www.googleapis.com/auth/cloud-platform
For more information, see the Authentication Overview.
IamPolicySearchResult
A result of IAM Policy search, containing information of an IAM policy.
JSON representation |
---|
{ "resource": string, "assetType": string, "project": string, "folders": [ string ], "organization": string, "policy": { object ( |
Fields | |
---|---|
resource |
The full resource name of the resource associated with this IAM policy. Example: To search against the
|
assetType |
The type of the resource associated with this IAM policy. Example: To search against the
|
project |
The project that the associated Google Cloud resource belongs to, in the form of projects/{PROJECT_NUMBER}. If an IAM policy is set on a resource (like VM instance, Cloud Storage bucket), the project field will indicate the project that contains the resource. If an IAM policy is set on a folder or orgnization, this field will be empty. To search against the
|
folders[] |
The folder(s) that the IAM policy belongs to, in the form of folders/{FOLDER_NUMBER}. This field is available when the IAM policy belongs to one or more folders. To search against
|
organization |
The organization that the IAM policy belongs to, in the form of organizations/{ORGANIZATION_NUMBER}. This field is available when the IAM policy belongs to an organization. To search against
|
policy |
The IAM policy directly set on the given resource. Note that the original IAM policy can contain multiple bindings. This only contains the bindings that match the given query. For queries that don't contain a constrain on policies (e.g., an empty query), this contains all the bindings. To search against the
|
explanation |
Explanation about the IAM policy search result. It contains additional information to explain why the search result matches the query. |
Explanation
Explanation about the IAM policy search result.
JSON representation |
---|
{
"matchedPermissions": {
string: {
object ( |
Fields | |
---|---|
matchedPermissions |
The map from roles to their included permissions that match the permission query (i.e., a query containing An object containing a list of |
Permissions
IAM permissions
JSON representation |
---|
{ "permissions": [ string ] } |
Fields | |
---|---|
permissions[] |
A list of permissions. A sample permission string: |