Method: managedZones.testIamPermissions

Returns permissions that a caller has on the specified resource. If the resource does not exist, this returns an empty set of permissions, not a NOT_FOUND error.

Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may "fail open" without warning.

HTTP request

POST https://dns.googleapis.com/dns/v1/{resource=projects/*/managedZones/*}:testIamPermissions

The URL uses gRPC Transcoding syntax.

Path parameters

Parameters
resource

string

REQUIRED: The resource for which the policy detail is being requested. See Resource names for the appropriate value for this field. It takes the form projects/{project}/managedZones/{managedzone}.

Request body

The request body contains data with the following structure:

JSON representation
{
  "permissions": [
    string
  ]
}
Fields
permissions[]

string

The set of permissions to check for the resource. Permissions with wildcards (such as * or storage.*) are not allowed. For more information see IAM Overview.

Response body

Response message for managedZones.testIamPermissions method.

If successful, the response body contains data with the following structure:

JSON representation
{
  "permissions": [
    string
  ]
}
Fields
permissions[]

string

A subset of TestPermissionsRequest.permissions that the caller is allowed.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-platform
  • https://www.googleapis.com/auth/cloud-platform.read-only
  • https://www.googleapis.com/auth/ndev.clouddns.readonly
  • https://www.googleapis.com/auth/ndev.clouddns.readwrite

For more information, see the Authentication Overview.