Method: projects.locations.entryGroups.setIamPolicy

Sets an access control policy for a resource. Replaces any existing policy.

Supported resources are:

  • Tag templates
  • Entry groups

Note: This method sets policies only within Data Catalog and can't be used to manage policies in BigQuery, Pub/Sub, Dataproc Metastore, and any external Google Cloud Platform resources synced with the Data Catalog.

To call this method, you must have the following Google IAM permissions:

  • datacatalog.tagTemplates.setIamPolicy to set policies on tag templates.
  • datacatalog.entryGroups.setIamPolicy to set policies on entry groups.

HTTP request


Path parameters



REQUIRED: The resource for which the policy is being specified. See Resource names for the appropriate value for this field. It takes the form projects/{project}/locations/{location}/entryGroups/{entrygroup}.

Request body

The request body contains data with the following structure:

JSON representation
  "policy": {
    object (Policy)
  "updateMask": string

object (Policy)

REQUIRED: The complete policy to be applied to the resource. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Google Cloud services (such as Projects) might reject them.


string (FieldMask format)

OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only the fields in the mask will be modified. If no mask is provided, the following default mask is used:

paths: "bindings, etag"

This is a comma-separated list of fully qualified names of fields. Example: "user.displayName,photo".

Response body

If successful, the response body contains an instance of Policy.

Authorization scopes

Requires the following OAuth scope:


For more information, see the Authentication Overview.