Set IAM policy

Stay organized with collections Save and categorize content based on your preferences.

Set an IAM policy.

Code sample


Before trying this sample, follow the Go setup instructions in the Data Catalog quickstart using client libraries. For more information, see the Data Catalog Go API reference documentation.

import (

	datacatalog ""
	iampb ""

// setIAMPolicy demonstrates altering the policy of a given taxonomy or policy
// tag resource.  In this example, we append a binding to the existing policy
// to add the fine grained reader role to a specific member.
func setIAMPolicy(w io.Writer, resourceID, member string) error {
	// resourceID := "projects/myproject/locations/us/taxonomies/1234/policyTags/5678"
	// member := ""
	ctx := context.Background()
	policyClient, err := datacatalog.NewPolicyTagManagerClient(ctx)
	if err != nil {
		return fmt.Errorf("datacatalog.NewPolicyTagManagerClient: %v", err)
	defer policyClient.Close()

	// First, retrieve the existing policy.
	req := &iampb.GetIamPolicyRequest{
		Resource: resourceID,
		Options: &iampb.GetPolicyOptions{
			RequestedPolicyVersion: 3,
	policy, err := policyClient.GetIamPolicy(ctx, req)
	if err != nil {
		return fmt.Errorf("GetIamPolicy: %v", err)

	// Alter the policy to add an additional binding.
	newPolicy := policy
	newPolicy.Bindings = append(newPolicy.Bindings, &iampb.Binding{
		Role:    "roles/datacatalog.categoryFineGrainedReader",
		Members: []string{member},

	sReq := &iampb.SetIamPolicyRequest{
		Resource: resourceID,
		Policy:   newPolicy,
	updatedPolicy, err := policyClient.SetIamPolicy(ctx, sReq)
	if err != nil {
		return fmt.Errorf("SetIamPolicy: %v", err)
	fmt.Fprintf(w, "set policy on resource %s with Etag %x\n", resourceID, updatedPolicy.Etag)
	return nil

What's next

To search and filter code samples for other Google Cloud products, see the Google Cloud sample browser.