Method: projects.locations.entryGroups.testIamPermissions

Returns the caller's permissions on a resource. If the resource does not exist, an empty set of permissions is returned (We don't return a NOT_FOUND error).

Supported resources are: - Tag templates. - Entries. - Entry groups. Note, this method cannot be used to manage policies for BigQuery, Pub/Sub and any external Google Cloud Platform resources synced to Data Catalog.

A caller is not required to have Google IAM permission to make this request.

HTTP request


Path parameters



REQUIRED: The resource for which the policy detail is being requested. See Resource names for the appropriate value for this field. It takes the form projects/{project}/locations/{location}/entryGroups/{entrygroup}.

Request body

The request body contains data with the following structure:

JSON representation
  "permissions": [


The set of permissions to check for the resource. Permissions with wildcards (such as * or storage.*) are not allowed. For more information see IAM Overview.

Response body

If successful, the response body contains an instance of TestIamPermissionsResponse.

Authorization scopes

Requires the following OAuth scope:


For more information, see the Authentication Overview.