Sets the access control policy on the specified resource. Replaces any
existing policy.
Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors.
Request
HTTP request
POST https://dns.googleapis.com/dns/v1/managedZones/setiampolicy
Authorization
This request requires authorization with at least one of the following scopes:
Scope |
---|
https://www.googleapis.com/auth/ndev.clouddns.readwrite |
https://www.googleapis.com/auth/cloud-platform |
Request body
In the request body, supply data with the following structure:
{ "resource": string, "policy": { "version": integer, "bindings": [ { "role": string, "members": [ string ], "condition": { "expression": string, "title": string, "description": string, "location": string }, "bindingId": string } ], "auditConfigs": [ { "service": string, "auditLogConfigs": [ { "logType": string, "exemptedMembers": [ string ], "ignoreChildExemptions": boolean } ] } ], "rules": [ { "description": string, "permissions": [ string ], "action": string, "ins": [ string ], "notIns": [ string ], "conditions": [ { "iam": string, "sys": string, "svc": string, "op": string, "values": [ string ] } ], "logConfigs": [ { "counter": { "metric": string, "field": string, "customFields": [ { "name": string, "value": string } ] }, "dataAccess": { "logMode": string }, "cloudAudit": { "logName": string, "authorizationLoggingOptions": { "permissionType": string } } } ] } ], "etag": bytes }, "updateMask": { "paths": [ string ] } }
Property name | Value | Description | Notes |
---|---|---|---|
resource |
string |
||
policy |
nested object |
||
policy.version |
integer |
||
policy.bindings[] |
list |
||
policy.bindings[].role |
string |
||
policy.bindings[].members[] |
list |
||
policy.bindings[].condition |
nested object |
||
policy.bindings[].condition.expression |
string |
||
policy.bindings[].condition.title |
string |
||
policy.bindings[].condition.description |
string |
||
policy.bindings[].condition.location |
string |
||
policy.bindings[].bindingId |
string |
||
policy.auditConfigs[] |
list |
||
policy.auditConfigs[].service |
string |
||
policy.auditConfigs[].auditLogConfigs[] |
list |
||
policy.auditConfigs[].auditLogConfigs[].logType |
string |
Acceptable values are:
|
|
policy.auditConfigs[].auditLogConfigs[].exemptedMembers[] |
list |
||
policy.auditConfigs[].auditLogConfigs[].ignoreChildExemptions |
boolean |
||
policy.rules[] |
list |
||
policy.rules[].description |
string |
||
policy.rules[].permissions[] |
list |
||
policy.rules[].action |
string |
Acceptable values are:
|
|
policy.rules[].ins[] |
list |
||
policy.rules[].notIns[] |
list |
||
policy.rules[].conditions[] |
list |
||
policy.rules[].conditions[].iam |
string |
Acceptable values are:
|
|
policy.rules[].conditions[].sys |
string |
Acceptable values are:
|
|
policy.rules[].conditions[].svc |
string |
||
policy.rules[].conditions[].op |
string |
Acceptable values are:
|
|
policy.rules[].conditions[].values[] |
list |
||
policy.rules[].logConfigs[] |
list |
||
policy.rules[].logConfigs[].counter |
nested object |
||
policy.rules[].logConfigs[].counter.metric |
string |
||
policy.rules[].logConfigs[].counter.field |
string |
||
policy.rules[].logConfigs[].counter.customFields[] |
list |
||
policy.rules[].logConfigs[].counter.customFields[].name |
string |
||
policy.rules[].logConfigs[].counter.customFields[].value |
string |
||
policy.rules[].logConfigs[].dataAccess |
nested object |
||
policy.rules[].logConfigs[].dataAccess.logMode |
string |
Acceptable values are:
|
|
policy.rules[].logConfigs[].cloudAudit |
nested object |
||
policy.rules[].logConfigs[].cloudAudit.logName |
string |
Acceptable values are:
|
|
policy.rules[].logConfigs[].cloudAudit.authorizationLoggingOptions |
nested object |
||
policy.rules[].logConfigs[].cloudAudit.authorizationLoggingOptions.permissionType |
string |
Acceptable values are:
|
|
policy.etag |
bytes |
||
updateMask |
nested object |
||
updateMask.paths[] |
list |
Response
If successful, this method returns a response body with the following structure:
{ "version": integer, "bindings": [ { "role": string, "members": [ string ], "condition": { "expression": string, "title": string, "description": string, "location": string }, "bindingId": string } ], "auditConfigs": [ { "service": string, "auditLogConfigs": [ { "logType": string, "exemptedMembers": [ string ], "ignoreChildExemptions": boolean } ] } ], "rules": [ { "description": string, "permissions": [ string ], "action": string, "ins": [ string ], "notIns": [ string ], "conditions": [ { "iam": string, "sys": string, "svc": string, "op": string, "values": [ string ] } ], "logConfigs": [ { "counter": { "metric": string, "field": string, "customFields": [ { "name": string, "value": string } ] }, "dataAccess": { "logMode": string }, "cloudAudit": { "logName": string, "authorizationLoggingOptions": { "permissionType": string } } } ] } ], "etag": bytes }
Property name | Value | Description | Notes |
---|---|---|---|
version |
integer |
||
bindings[] |
list |
||
bindings[].role |
string |
||
bindings[].members[] |
list |
||
bindings[].condition |
nested object |
||
bindings[].condition.expression |
string |
||
bindings[].condition.title |
string |
||
bindings[].condition.description |
string |
||
bindings[].condition.location |
string |
||
bindings[].bindingId |
string |
||
auditConfigs[] |
list |
||
auditConfigs[].service |
string |
||
auditConfigs[].auditLogConfigs[] |
list |
||
auditConfigs[].auditLogConfigs[].logType |
string |
Acceptable values are:
|
|
auditConfigs[].auditLogConfigs[].exemptedMembers[] |
list |
||
auditConfigs[].auditLogConfigs[].ignoreChildExemptions |
boolean |
||
rules[] |
list |
||
rules[].description |
string |
||
rules[].permissions[] |
list |
||
rules[].action |
string |
Acceptable values are:
|
|
rules[].ins[] |
list |
||
rules[].notIns[] |
list |
||
rules[].conditions[] |
list |
||
rules[].conditions[].iam |
string |
Acceptable values are:
|
|
rules[].conditions[].sys |
string |
Acceptable values are:
|
|
rules[].conditions[].svc |
string |
||
rules[].conditions[].op |
string |
Acceptable values are:
|
|
rules[].conditions[].values[] |
list |
||
rules[].logConfigs[] |
list |
||
rules[].logConfigs[].counter |
nested object |
||
rules[].logConfigs[].counter.metric |
string |
||
rules[].logConfigs[].counter.field |
string |
||
rules[].logConfigs[].counter.customFields[] |
list |
||
rules[].logConfigs[].counter.customFields[].name |
string |
||
rules[].logConfigs[].counter.customFields[].value |
string |
||
rules[].logConfigs[].dataAccess |
nested object |
||
rules[].logConfigs[].dataAccess.logMode |
string |
Acceptable values are:
|
|
rules[].logConfigs[].cloudAudit |
nested object |
||
rules[].logConfigs[].cloudAudit.logName |
string |
Acceptable values are:
|
|
rules[].logConfigs[].cloudAudit.authorizationLoggingOptions |
nested object |
||
rules[].logConfigs[].cloudAudit.authorizationLoggingOptions.permissionType |
string |
Acceptable values are:
|
|
etag |
bytes |