Method: projects.locations.documents.setAcl

Sets the access control policy for a resource. Replaces any existing policy.

HTTP request


Path parameters



Required. REQUIRED: The resource for which the policy is being requested. Format for document: projects/{projectNumber}/locations/{location}/documents/{documentId}. Format for collection: projects/{projectNumber}/locations/{location}/collections/{collectionId}. Format for project: projects/{projectNumber}. It takes the form projects/{project}/locations/{location}/documents/{document}.

Request body

The request body contains data with the following structure:

JSON representation
  "policy": {
    object (Policy)
  "requestMetadata": {
    object (RequestMetadata)
  "projectOwner": boolean

object (Policy)

Required. REQUIRED: The complete policy to be applied to the resource. The size of the policy is limited to a few 10s of KB. This refers to an Identity and Access (IAM) policy, which specifies access controls for the Document.

You can set ACL with condition for projects only.

Supported operators are: =, !=, <, <=, >, and >= where the left of the operator is DocumentSchemaId or property name and the right of the operator is a number or a quoted string. You must escape backslash (\) and quote (") characters.

Boolean expressions (AND/OR) are supported up to 3 levels of nesting (for example, "((A AND B AND C) OR D) AND E"), a maximum of 10 comparisons are allowed in the expression. The expression must be < 6000 bytes in length.

Sample condition: "DocumentSchemaId = \"some schema id\" OR SchemaId.floatPropertyName >= 10"


object (RequestMetadata)

The meta information collected about the end user, used to enforce access control for the service.



For Set Project ACL only. Authorization check for end user will be ignored when projectOwner=true.

Response body

If successful, the response body contains an instance of SetAclResponse.

Authorization scopes

Requires the following OAuth scope:


For more information, see the Authentication Overview.

IAM Permissions

Requires the following IAM permission on the resource resource:

  • contentwarehouse.documents.setIamPolicy

For more information, see the IAM documentation.