Sets the access control policy on the specified resource. Replaces any
existing policy.
Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors.
Request
HTTP request
POST https://dns.googleapis.com/dns/v1/managedZones/setiampolicy
Authorization
This request requires authorization with at least one of the following scopes:
| Scope |
|---|
https://www.googleapis.com/auth/ndev.clouddns.readwrite |
https://www.googleapis.com/auth/cloud-platform |
Request body
In the request body, supply data with the following structure:
{
"resource": string,
"policy": {
"version": integer,
"bindings": [
{
"role": string,
"members": [
string
],
"condition": {
"expression": string,
"title": string,
"description": string,
"location": string
},
"bindingId": string
}
],
"auditConfigs": [
{
"service": string,
"auditLogConfigs": [
{
"logType": string,
"exemptedMembers": [
string
],
"ignoreChildExemptions": boolean
}
]
}
],
"rules": [
{
"description": string,
"permissions": [
string
],
"action": string,
"ins": [
string
],
"notIns": [
string
],
"conditions": [
{
"iam": string,
"sys": string,
"svc": string,
"op": string,
"values": [
string
]
}
],
"logConfigs": [
{
"counter": {
"metric": string,
"field": string,
"customFields": [
{
"name": string,
"value": string
}
]
},
"dataAccess": {
"logMode": string
},
"cloudAudit": {
"logName": string,
"authorizationLoggingOptions": {
"permissionType": string
}
}
}
]
}
],
"etag": bytes
},
"updateMask": {
"paths": [
string
]
}
}
| Property name | Value | Description | Notes |
|---|---|---|---|
resource |
string |
||
policy |
nested object |
||
policy.version |
integer |
||
policy.bindings[] |
list |
||
policy.bindings[].role |
string |
||
policy.bindings[].members[] |
list |
||
policy.bindings[].condition |
nested object |
||
policy.bindings[].condition.expression |
string |
||
policy.bindings[].condition.title |
string |
||
policy.bindings[].condition.description |
string |
||
policy.bindings[].condition.location |
string |
||
policy.bindings[].bindingId |
string |
||
policy.auditConfigs[] |
list |
||
policy.auditConfigs[].service |
string |
||
policy.auditConfigs[].auditLogConfigs[] |
list |
||
policy.auditConfigs[].auditLogConfigs[].logType |
string |
Acceptable values are:
|
|
policy.auditConfigs[].auditLogConfigs[].exemptedMembers[] |
list |
||
policy.auditConfigs[].auditLogConfigs[].ignoreChildExemptions |
boolean |
||
policy.rules[] |
list |
||
policy.rules[].description |
string |
||
policy.rules[].permissions[] |
list |
||
policy.rules[].action |
string |
Acceptable values are:
|
|
policy.rules[].ins[] |
list |
||
policy.rules[].notIns[] |
list |
||
policy.rules[].conditions[] |
list |
||
policy.rules[].conditions[].iam |
string |
Acceptable values are:
|
|
policy.rules[].conditions[].sys |
string |
Acceptable values are:
|
|
policy.rules[].conditions[].svc |
string |
||
policy.rules[].conditions[].op |
string |
Acceptable values are:
|
|
policy.rules[].conditions[].values[] |
list |
||
policy.rules[].logConfigs[] |
list |
||
policy.rules[].logConfigs[].counter |
nested object |
||
policy.rules[].logConfigs[].counter.metric |
string |
||
policy.rules[].logConfigs[].counter.field |
string |
||
policy.rules[].logConfigs[].counter.customFields[] |
list |
||
policy.rules[].logConfigs[].counter.customFields[].name |
string |
||
policy.rules[].logConfigs[].counter.customFields[].value |
string |
||
policy.rules[].logConfigs[].dataAccess |
nested object |
||
policy.rules[].logConfigs[].dataAccess.logMode |
string |
Acceptable values are:
|
|
policy.rules[].logConfigs[].cloudAudit |
nested object |
||
policy.rules[].logConfigs[].cloudAudit.logName |
string |
Acceptable values are:
|
|
policy.rules[].logConfigs[].cloudAudit.authorizationLoggingOptions |
nested object |
||
policy.rules[].logConfigs[].cloudAudit.authorizationLoggingOptions.permissionType |
string |
Acceptable values are:
|
|
policy.etag |
bytes |
||
updateMask |
nested object |
||
updateMask.paths[] |
list |
Response
If successful, this method returns a response body with the following structure:
{
"version": integer,
"bindings": [
{
"role": string,
"members": [
string
],
"condition": {
"expression": string,
"title": string,
"description": string,
"location": string
},
"bindingId": string
}
],
"auditConfigs": [
{
"service": string,
"auditLogConfigs": [
{
"logType": string,
"exemptedMembers": [
string
],
"ignoreChildExemptions": boolean
}
]
}
],
"rules": [
{
"description": string,
"permissions": [
string
],
"action": string,
"ins": [
string
],
"notIns": [
string
],
"conditions": [
{
"iam": string,
"sys": string,
"svc": string,
"op": string,
"values": [
string
]
}
],
"logConfigs": [
{
"counter": {
"metric": string,
"field": string,
"customFields": [
{
"name": string,
"value": string
}
]
},
"dataAccess": {
"logMode": string
},
"cloudAudit": {
"logName": string,
"authorizationLoggingOptions": {
"permissionType": string
}
}
}
]
}
],
"etag": bytes
}
| Property name | Value | Description | Notes |
|---|---|---|---|
version |
integer |
||
bindings[] |
list |
||
bindings[].role |
string |
||
bindings[].members[] |
list |
||
bindings[].condition |
nested object |
||
bindings[].condition.expression |
string |
||
bindings[].condition.title |
string |
||
bindings[].condition.description |
string |
||
bindings[].condition.location |
string |
||
bindings[].bindingId |
string |
||
auditConfigs[] |
list |
||
auditConfigs[].service |
string |
||
auditConfigs[].auditLogConfigs[] |
list |
||
auditConfigs[].auditLogConfigs[].logType |
string |
Acceptable values are:
|
|
auditConfigs[].auditLogConfigs[].exemptedMembers[] |
list |
||
auditConfigs[].auditLogConfigs[].ignoreChildExemptions |
boolean |
||
rules[] |
list |
||
rules[].description |
string |
||
rules[].permissions[] |
list |
||
rules[].action |
string |
Acceptable values are:
|
|
rules[].ins[] |
list |
||
rules[].notIns[] |
list |
||
rules[].conditions[] |
list |
||
rules[].conditions[].iam |
string |
Acceptable values are:
|
|
rules[].conditions[].sys |
string |
Acceptable values are:
|
|
rules[].conditions[].svc |
string |
||
rules[].conditions[].op |
string |
Acceptable values are:
|
|
rules[].conditions[].values[] |
list |
||
rules[].logConfigs[] |
list |
||
rules[].logConfigs[].counter |
nested object |
||
rules[].logConfigs[].counter.metric |
string |
||
rules[].logConfigs[].counter.field |
string |
||
rules[].logConfigs[].counter.customFields[] |
list |
||
rules[].logConfigs[].counter.customFields[].name |
string |
||
rules[].logConfigs[].counter.customFields[].value |
string |
||
rules[].logConfigs[].dataAccess |
nested object |
||
rules[].logConfigs[].dataAccess.logMode |
string |
Acceptable values are:
|
|
rules[].logConfigs[].cloudAudit |
nested object |
||
rules[].logConfigs[].cloudAudit.logName |
string |
Acceptable values are:
|
|
rules[].logConfigs[].cloudAudit.authorizationLoggingOptions |
nested object |
||
rules[].logConfigs[].cloudAudit.authorizationLoggingOptions.permissionType |
string |
Acceptable values are:
|
|
etag |
bytes |