Identity and Access Management (IAM) v1 API - Class IAM (2.4.0)

Reference documentation and code samples for the Identity and Access Management (IAM) v1 API class IAM.

Creates and manages Identity and Access Management (IAM) resources.

You can use this service to work with all of the following resources:

• Service accounts, which identify an application or a virtual machine (VM) instance rather than a person
• Service account keys, which service accounts use to authenticate with Google APIs
• IAM policies for service accounts, which specify the roles that a principal has for the service account
• IAM custom roles, which help you limit the number of permissions that you grant to principals

In addition, you can use this service to complete the following tasks, among others:

• Test whether a service account can use specific permissions
• Check which roles you can grant for a specific resource
• Lint, or validate, condition expressions in an IAM policy

When you read data from the IAM API, each read is eventually consistent. In other words, if you write data with the IAM API, then immediately read that data, the read operation might return an older version of the data. To deal with this behavior, your application can retry the request with truncated exponential backoff.

In contrast, writing data to the IAM API is sequentially consistent. In other words, write operations are always processed in the order in which they were received.

Creates service definition that can be registered with a server

Register service method with a service binder with or without implementation. Useful when customizing the service binding logic. Note: this method is part of an experimental API that can change or be removed without any prior notice.