Method: licenses.setIamPolicy

Sets the access control policy on the specified resource. Replaces any existing policy.

Caution This resource is intended for use only by third-party partners who are creating Cloud Marketplace images.

HTTP request

POST https://compute.googleapis.com/compute/beta/projects/{project}/global/licenses/{resourceId}/setIamPolicy

The URL uses gRPC Transcoding syntax.

Path parameters

Parameters
project

string

Project ID for this request.

resourceId

string

Name or id of the resource for this request.

Request body

The request body contains data with the following structure:

JSON representation
{
  "policy": {
    "version": integer,
    "bindings": [
      {
        "role": string,
        "members": [
          string
        ],
        "condition": {
          "expression": string,
          "title": string,
          "description": string,
          "location": string
        }
      }
    ],
    "auditConfigs": [
      {
        "service": string,
        "auditLogConfigs": [
          {
            "logType": enum,
            "exemptedMembers": [
              string
            ]
          }
        ]
      }
    ],
    "etag": string
  },
  "bindings": [
    {
      "role": string,
      "members": [
        string
      ],
      "condition": {
        "expression": string,
        "title": string,
        "description": string,
        "location": string
      }
    }
  ],
  "etag": string
}
Fields
policy

object

REQUIRED: The complete policy to be applied to the 'resource'. The size of the policy is limited to a few 10s of KB. An empty policy is in general a valid policy but certain services (like Projects) might reject them.

policy.version

integer

Specifies the format of the policy.

Valid values are 0, 1, and 3. Requests that specify an invalid value are rejected.

Any operation that affects conditional role bindings must specify version 3. This requirement applies to the following operations:

  • Getting a policy that includes a conditional role binding
  • Adding a conditional role binding to a policy
  • Changing a conditional role binding in a policy
  • Removing any role binding, with or without a condition, from a policy that includes conditions

Important: If you use IAM Conditions, you must include the etag field whenever you call setIamPolicy. If you omit this field, then IAM allows you to overwrite a version 3 policy with a version 1 policy, and all of the conditions in the version 3 policy are lost.

If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset.

To learn which resources support conditions in their IAM policies, see the IAM documentation.

policy.bindings[]

object

Associates a list of members to a role. Optionally, may specify a condition that determines how and when the bindings are applied. Each of the bindings must contain at least one member.

policy.bindings[].role

string

Role that is assigned to members. For example, roles/viewer, roles/editor, or roles/owner.

policy.bindings[].members[]

string

Specifies the identities requesting access for a Cloud Platform resource. members can have the following values:

  • allUsers: A special identifier that represents anyone who is on the internet; with or without a Google account.

  • allAuthenticatedUsers: A special identifier that represents anyone who is authenticated with a Google account or a service account.

  • user:{emailid}: An email address that represents a specific Google account. For example, alice@example.com .

  • serviceAccount:{emailid}: An email address that r