Set IAM policy

Set an IAM policy.

Code sample

Go

Before trying this sample, follow the Go setup instructions in the Data Catalog quickstart using client libraries. For more information, see the Data Catalog Go API reference documentation.

To authenticate to Data Catalog, set up Application Default Credentials. For more information, see Set up authentication for a local development environment. 

import (
	"context"
	"fmt"
	"io"

	datacatalog "cloud.google.com/go/datacatalog/apiv1beta1"
	iampb "google.golang.org/genproto/googleapis/iam/v1"
)

// setIAMPolicy demonstrates altering the policy of a given taxonomy or policy
// tag resource.  In this example, we append a binding to the existing policy
// to add the fine grained reader role to a specific member.
func setIAMPolicy(w io.Writer, resourceID, member string) error {
	// resourceID := "projects/myproject/locations/us/taxonomies/1234/policyTags/5678"
	// member := "group:my-trusted-group@example.com"
	ctx := context.Background()
	policyClient, err := datacatalog.NewPolicyTagManagerClient(ctx)
	if err != nil {
		return fmt.Errorf("datacatalog.NewPolicyTagManagerClient: %w", err)
	}
	defer policyClient.Close()

	// First, retrieve the existing policy.
	req := &iampb.GetIamPolicyRequest{
		Resource: resourceID,
		Options: &iampb.GetPolicyOptions{
			RequestedPolicyVersion: 3,
		},
	}
	policy, err := policyClient.GetIamPolicy(ctx, req)
	if err != nil {
		return fmt.Errorf("GetIamPolicy: %w", err)
	}

	// Alter the policy to add an additional binding.
	newPolicy := policy
	newPolicy.Bindings = append(newPolicy.Bindings, &iampb.Binding{
		Role:    "roles/datacatalog.categoryFineGrainedReader",
		Members: []string{member},
	})

	sReq := &iampb.SetIamPolicyRequest{
		Resource: resourceID,
		Policy:   newPolicy,
	}
	updatedPolicy, err := policyClient.SetIamPolicy(ctx, sReq)
	if err != nil {
		return fmt.Errorf("SetIamPolicy: %w", err)
	}
	fmt.Fprintf(w, "set policy on resource %s with Etag %x\n", resourceID, updatedPolicy.Etag)
	return nil
}

What's next

To search and filter code samples for other Google Cloud products, see the Google Cloud sample browser.