Skip to main content
Google Cloud
Documentation Technology areas
  • AI and ML
  • Application development
  • Application hosting
  • Compute
  • Data analytics and pipelines
  • Databases
  • Distributed, hybrid, and multicloud
  • Generative AI
  • Industry solutions
  • Networking
  • Observability and monitoring
  • Security
  • Storage
Cross-product tools
  • Access and resources management
  • Costs and usage management
  • Google Cloud SDK, languages, frameworks, and tools
  • Infrastructure as code
  • Migration
Related sites
  • Google Cloud Home
  • Free Trial and Free Tier
  • Architecture Center
  • Blog
  • Contact Sales
  • Google Cloud Developer Center
  • Google Developer Center
  • Google Cloud Marketplace
  • Google Cloud Marketplace Documentation
  • Google Cloud Skills Boost
  • Google Cloud Solution Center
  • Google Cloud Support
  • Google Cloud Tech Youtube Channel
/
  • English
  • Deutsch
  • Español – América Latina
  • Français
  • Português – Brasil
  • 中文 – 简体
  • 日本語
  • 한국어
Console Sign in
  • IAM
Guides Reference Samples Resources
Contact Us Start free
Google Cloud
  • Documentation
    • Guides
    • Reference
    • Samples
    • Resources
  • Technology areas
    • More
  • Cross-product tools
    • More
  • Related sites
    • More
  • Console
  • Contact Us
  • Start free
  • Identity and Access Management
  • All APIs and reference
  • Authenticate to IAM
  • Retry failed requests
  • Client libraries
  • gcloud iam commands
  • REST API reference
    • IAM REST API
      • Overview
      • v3
        • REST Resources
        • folders.locations.operations
          • Overview
          • get
        • folders.locations.policyBindings
          • Overview
          • create
          • delete
          • get
          • list
          • patch
          • searchTargetPolicyBindings
        • organizations.locations.operations
          • Overview
          • get
        • organizations.locations.policyBindings
          • Overview
          • create
          • delete
          • get
          • list
          • patch
          • searchTargetPolicyBindings
        • organizations.locations.principalAccessBoundaryPolicies
          • Overview
          • create
          • delete
          • get
          • list
          • patch
          • searchPolicyBindings
        • projects.locations.operations
          • Overview
          • get
        • projects.locations.policyBindings
          • Overview
          • create
          • delete
          • get
          • list
          • patch
          • searchTargetPolicyBindings
        • Types
        • ListPolicyBindingsResponse
        • SearchTargetPolicyBindingsResponse
      • v2
        • REST Resources
        • policies
          • Overview
          • createPolicy
          • delete
          • get
          • listPolicies
          • update
        • policies.operations
          • Overview
          • get
      • v1
        • REST Resources
        • iamPolicies
          • Overview
          • lintPolicy
          • queryAuditableServices
        • locations.workforcePools
          • Overview
          • create
          • delete
          • get
          • getIamPolicy
          • list
          • patch
          • setIamPolicy
          • testIamPermissions
          • undelete
        • locations.workforcePools.operations
          • Overview
          • get
        • locations.workforcePools.providers
          • Overview
          • create
          • delete
          • get
          • list
          • patch
          • undelete
        • locations.workforcePools.providers.keys
          • Overview
          • create
          • delete
          • get
          • list
          • undelete
        • locations.workforcePools.providers.operations
          • Overview
          • get
        • locations.workforcePools.providers.scimTenants
          • Overview
          • create
          • delete
          • get
          • list
          • patch
          • undelete
        • locations.workforcePools.providers.scimTenants.tokens
          • Overview
          • create
          • delete
          • get
          • list
          • patch
          • undelete
        • locations.workforcePools.subjects
          • Overview
          • delete
          • undelete
        • organizations.roles
          • Overview
          • create
          • delete
          • get
          • list
          • patch
          • undelete
        • permissions
          • Overview
          • queryTestablePermissions
        • projects.locations.oauthClients
          • Overview
          • create
          • delete
          • get
          • list
          • patch
          • undelete
        • projects.locations.oauthClients.credentials
          • Overview
          • create
          • delete
          • get
          • list
          • patch
        • projects.locations.workloadIdentityPools
          • Overview
          • create
          • delete
          • get
          • getIamPolicy
          • list
          • patch
          • setIamPolicy
          • testIamPermissions
          • undelete
        • projects.locations.workloadIdentityPools.namespaces
          • Overview
          • create
          • delete
          • get
          • list
          • patch
          • undelete
        • projects.locations.workloadIdentityPools.namespaces.managedIdentities
          • Overview
          • addAttestationRule
          • create
          • delete
          • get
          • list
          • listAttestationRules
          • patch
          • removeAttestationRule
          • setAttestationRules
          • undelete
        • projects.locations.workloadIdentityPools.operations
          • Overview
          • get
        • projects.locations.workloadIdentityPools.providers
          • Overview
          • create
          • delete
          • get
          • list
          • patch
          • undelete
        • projects.locations.workloadIdentityPools.providers.keys
          • Overview
          • create
          • delete
          • get
          • list
          • undelete
        • projects.locations.workloadIdentityPools.providers.operations
          • Overview
          • get
        • projects.roles
          • Overview
          • create
          • delete
          • get
          • list
          • patch
          • undelete
        • projects.serviceAccounts
          • Overview
          • create
          • delete
          • disable
          • enable
          • get
          • getIamPolicy
          • list
          • patch
          • setIamPolicy
          • signBlob
          • signJwt
          • testIamPermissions
          • undelete
          • update
        • projects.serviceAccounts.keys
          • Overview
          • create
          • delete
          • disable
          • enable
          • get
          • list
          • upload
        • roles
          • Overview
          • get
          • list
          • queryGrantableRoles
        • Types
        • AttestationRule
        • GetPolicyOptions
        • KeyData
        • ListRolesResponse
        • Policy
        • RoleView
        • TestIamPermissionsResponse
        • TrustStore
      • v2beta
        • REST Resources
        • policies
          • Overview
          • createPolicy
          • delete
          • get
          • listPolicies
          • update
        • policies.operations
          • Overview
          • get
      • v1beta
        • REST Resources
        • projects.locations.workloadIdentityPools
          • Overview
          • create
          • delete
          • get
          • list
          • patch
          • undelete
        • projects.locations.workloadIdentityPools.operations
          • Overview
          • get
        • projects.locations.workloadIdentityPools.providers
          • Overview
          • create
          • delete
          • get
          • list
          • patch
          • undelete
        • projects.locations.workloadIdentityPools.providers.operations
          • Overview
          • get
      • Shared types
        • Types
        • Expr
        • GetOperationRequest
        • Operation
    • PAM REST API
      • Overview
      • v1
        • REST Resources
        • folders.locations
          • Overview
          • checkOnboardingStatus
          • get
          • list
        • folders.locations.entitlements
          • Overview
          • create
          • delete
          • get
          • list
          • patch
          • search
        • folders.locations.entitlements.grants
          • Overview
          • approve
          • create
          • deny
          • get
          • list
          • revoke
          • search
        • folders.locations.operations
          • Overview
          • delete
          • get
          • list
        • organizations.locations
          • Overview
          • checkOnboardingStatus
          • get
          • list
        • organizations.locations.entitlements
          • Overview
          • create
          • delete
          • get
          • list
          • patch
          • search
        • organizations.locations.entitlements.grants
          • Overview
          • approve
          • create
          • deny
          • get
          • list
          • revoke
          • search
        • organizations.locations.operations
          • Overview
          • delete
          • get
          • list
        • projects.locations
          • Overview
          • checkOnboardingStatus
          • get
          • list
        • projects.locations.entitlements
          • Overview
          • create
          • delete
          • get
          • list
          • patch
          • search
        • projects.locations.entitlements.grants
          • Overview
          • approve
          • create
          • deny
          • get
          • list
          • revoke
          • search
        • projects.locations.operations
          • Overview
          • delete
          • get
          • list
        • Types
        • CallerAccessType
        • CallerRelationshipType
        • CheckOnboardingStatusResponse
        • ListEntitlementsResponse
        • ListGrantsResponse
        • PrivilegedAccess
        • SearchEntitlementsResponse
        • SearchGrantsResponse
      • v1beta
        • REST Resources
        • folders.locations
          • Overview
          • checkOnboardingStatus
          • fetchEffectiveSettings
          • get
          • getSettings
          • list
          • updateSettings
        • folders.locations.entitlements
          • Overview
          • create
          • delete
          • get
          • list
          • patch
          • search
        • folders.locations.entitlements.grants
          • Overview
          • approve
          • create
          • deny
          • get
          • list
          • revoke
          • search
          • withdraw
        • folders.locations.operations
          • Overview
          • delete
          • get
          • list
        • organizations.locations
          • Overview
          • checkOnboardingStatus
          • fetchEffectiveSettings
          • get
          • getSettings
          • list
          • updateSettings
        • organizations.locations.entitlements
          • Overview
          • create
          • delete
          • get
          • list
          • patch
          • search
        • organizations.locations.entitlements.grants
          • Overview
          • approve
          • create
          • deny
          • get
          • list
          • revoke
          • search
          • withdraw
        • organizations.locations.operations
          • Overview
          • delete
          • get
          • list
        • projects.locations
          • Overview
          • checkOnboardingStatus
          • fetchEffectiveSettings
          • get
          • getSettings
          • list
          • updateSettings
        • projects.locations.entitlements
          • Overview
          • create
          • delete
          • get
          • list
          • patch
          • search
        • projects.locations.entitlements.grants
          • Overview
          • approve
          • create
          • deny
          • get
          • list
          • revoke
          • search
          • withdraw
        • projects.locations.operations
          • Overview
          • delete
          • get
          • list
        • Types
        • CallerAccessType
        • CallerRelationshipType
        • CheckOnboardingStatusResponse
        • FetchEffectiveSettingsResponse
        • ListEntitlementsResponse
        • ListGrantsResponse
        • PrivilegedAccess
        • SearchEntitlementsResponse
        • SearchGrantsResponse
        • Settings
      • Shared types
        • Types
        • DeleteOperationRequest
        • GetLocationRequest
        • GetOperationRequest
        • ListLocationsRequest
        • ListLocationsResponse
        • ListOperationsRequest
        • ListOperationsResponse
    • Security Token Service REST API
      • Overview
      • v1
        • TopLevel
          • token
        • Types
        • AccessBoundary
        • Binding
        • Options
      • v1beta
        • TopLevel
          • token
        • Types
        • AccessBoundary
        • Options
    • Service Account Credentials REST API
      • Overview
      • v1
        • REST Resources
        • locations.workforcePools
          • Overview
          • getAllowedLocations
        • projects.locations.workloadIdentityPools
          • Overview
          • getAllowedLocations
        • projects.serviceAccounts
          • Overview
          • generateAccessToken
          • generateIdToken
          • getAllowedLocations
          • signBlob
          • signJwt
  • RPC API reference
    • IAM RPC API
      • Overview
      • cloud.control2.shared.operations
      • google.cloud.common
      • google.iam.admin.v1
      • google.iam.v1
        • Overview
        • logging
      • google.iam.v1beta
      • google.iam.v2
      • google.iam.v2beta
      • google.iam.v3
      • google.iam.v3beta
      • google.longrunning
      • google.rpc
      • google.type
    • PAM RPC API
      • Overview
      • google.cloud.common
      • google.cloud.location
      • google.cloud.privilegedaccessmanager.v1
      • google.cloud.privilegedaccessmanager.v1alpha
      • google.cloud.privilegedaccessmanager.v1beta
      • google.longrunning
      • google.rpc
  • IAM Conditions reference
    • Conditions attribute reference
    • Conditions resource attribute value reference
    • Services that allow conditional role bindings
  • Roles and permissions reference
    • Roles and permissions index
    • A-C
      • Access Approval
      • Access Context Manager
      • Access Transparency
      • Actions
      • Advisory Notifications
      • AI Edge Portal
      • AI Platform
      • AI Platform Data Labeling Service
      • AlloyDB for PostgreSQL
      • Android Management
      • Anthos
      • Anthos Audit API
      • Anthos Support
      • API Gateway
      • API Hub
      • API Keys
      • API Management
      • Apigee
      • Apigee Connect
      • Apigee Registry
      • App Development Experience
      • App Engine
      • App Engine flexible environment
      • App Hub
      • Appliance Activation Service
      • Application Design Center
      • Artifact Analysis
      • Artifact Registry
      • Assured Open Source Software
      • Assured Workloads
      • Audit Manager
      • AutoML
      • Backup and Disaster Recovery
      • Backup for GKE
      • Bare Metal Solution
      • Batch
      • BigLake
      • BigQuery
      • BigQuery Connection API
      • BigQuery Continuous Query
      • BigQuery Data Policy
      • BigQuery Data Transfer Service
      • BigQuery Engine for Apache Flink
      • BigQuery Migration API
      • BigQuery Omni
      • BigQuery sharing
      • Bigtable
      • Binary Authorization
      • Blockchain Node Engine
      • Blockchain Validator Manager
      • Capacity Planner
      • Care Studio
      • Certificate Authority Service
      • Certificate Manager
      • Chrome Enterprise Premium
      • Client Auth Config
      • Cloud Asset Inventory
      • Cloud Autoscaling
      • Cloud Billing
      • Cloud Build
      • Cloud Commerce Consumer Procurement
      • Cloud Composer
      • Cloud Config Manager API
      • Cloud Controls Partner API
      • Cloud Data Fusion
      • Cloud Debugger
      • Cloud Deploy
      • Cloud Deployment Manager
      • Cloud DNS
      • Cloud Domains
      • Cloud Endpoints
      • Cloud Endpoints Portal
      • Cloud Healthcare API
      • Cloud Hub
      • Cloud Infrastructure Entitlement Management (CIEM)
      • Cloud Integrations
      • Cloud Intrusion Detection System
      • Cloud IoT
      • Cloud Key Management Service
      • Cloud License Manager
      • Cloud Life Sciences
      • Cloud Location Finder
      • Cloud Logging
      • Cloud Monitoring
      • Cloud Notifications
      • Cloud Optimization
      • Cloud OS Config
      • Cloud Profiler
      • Cloud Quotas
      • Cloud Run
      • Cloud Run functions
      • Cloud Runtime Configuration API
      • Cloud Scheduler
      • Cloud Security Compliance
      • Cloud Service Mesh
      • Cloud Service Mesh control plane
      • Cloud Source Repositories
      • Cloud SQL
      • Cloud Storage
      • Cloud Tasks
      • Cloud Tool Results
      • Cloud TPU
      • Cloud Trace
      • Cloud Workstations
      • Cluster Director
      • Commerce Agreement Publishing
      • Commerce Business Enablement
      • Commerce Offer Catalog
      • Commerce Org Governance
      • Commerce Price Management
      • Commerce Producer
      • Compliance Scanning
      • Compute Engine
      • Confidential Computing
      • Config Delivery
      • Config Management
      • Connectors
      • Container Registry
      • Container Scanning
      • Container Security
      • Container Threat Detection
      • Content Warehouse
      • Conversational Insights
      • Customer Engagement Suite with Google AI
      • Customer Usage Data Processing
      • Cyber Insurance Hub
    • D-F
      • Data Catalog
      • Data Connectors
      • Data Lineage API
      • Data Pipelines
      • Data Security Posture Management
      • Database Center
      • Database Insights
      • Database Migration Service
      • Dataflow
      • Dataform
      • Dataplex Universal Catalog
      • Dataprep by Trifacta
      • Dataproc
      • Dataproc Metastore
      • Dataproc Resource Manager
      • Datastream
      • Dell EMC Cloud OneFS
      • Developer Connect
      • Device Streaming API
      • Dialogflow
      • Discovery Engine
      • Distributed Cloud Edge Container
      • Distributed Cloud Edge Network
      • Document AI
      • Enterprise Knowledge Graph
      • Enterprise Purchasing API
      • Error Reporting
      • Essential Contacts
      • Eventarc
      • Filestore
      • Financial Services
      • Firebase
      • Firebase A/B Testing
      • Firebase App Check
      • Firebase App Distribution
      • Firebase App Hosting
      • Firebase Authentication
      • Firebase Cloud Messaging
      • Firebase Cloud Messaging Data
      • Firebase Crashlytics
      • Firebase Data Connect
      • Firebase Dynamic Links
      • Firebase Extensions
      • Firebase Extensions Publisher
      • Firebase Hosting
      • Firebase In-App Messaging
      • Firebase In-App Messaging Campaigns
      • Firebase Mods
      • Firebase Performance Monitoring
      • Firebase Realtime Database
      • Firebase Remote Config
      • Firebase Security Rules
      • Firebase Storage
      • Firebase Test Lab
      • Firestore
      • Firewall Insights
      • FleetEngine
    • G-I
      • Game Servers
      • GDC Hardware Management API
      • Gemini Cloud Assist
      • Gemini Code Assist Management
      • Gemini Data Analytics
      • Gemini for Google Cloud API
      • GKE Dataplane Management
      • GKE Hub
      • GKE Identity Service
      • GKE Multi-Cloud
      • Google Analytics
      • Google Cloud
      • Google Cloud Contact Center as a Service
      • Google Cloud Managed Lustre
      • Google Cloud Managed Service for Apache Kafka
      • Google Cloud Migration Center
      • Google Cloud NetApp Volumes
      • Google Cloud Observability
      • Google Cloud Support
      • Google Cloud VMware Engine
      • Google Distributed Cloud
      • Google Earth
      • Google Earth Engine
      • Google Kubernetes Engine
      • Google Security Operations
      • Google Security Operations Service Management
      • Google Workspace add-ons
      • Google Workspace Marketplace
      • Hangouts Chat
      • Identity and Access Management
      • Identity Platform
      • Identity Toolkit
      • Identity-Aware Proxy
    • J-L
      • Knative serving
      • KRM API Hosting
      • Kubernetes Metadata API
      • Live Stream
      • Looker
      • Looker Studio
    • M-O
      • Maintenance API
      • Managed Service for Microsoft Active Directory
      • Mandiant
      • Maps Admin
      • Maps Analytics
      • Maps Platform Datasets
      • Marketplace Solutions API
      • Media Asset
      • Memorystore
      • Memorystore for Memcached
      • Memorystore for Redis
      • Migrate to Virtual Machines
      • ML Kit for Firebase
      • Model Armor
      • Multi-Cluster Ingress
      • Multi-Cluster Metering
      • Multi-Cluster Service Discovery
      • Nest Console
      • NetApp Cloud Volumes Service
      • Network Connectivity Center
      • Network Management API
      • Network Security
      • Network Services
      • Notebooks
      • OAuthConfig
      • On-Demand Scanning API
      • Open Service Broker for Google Cloud
      • Oracle Database@Google Cloud
      • Oracle Database@Google Cloud service agent
      • Organization Policy Service
    • P-R
      • Parallelstore
      • Parameter Manager
      • Payment Gateway issuer switch
      • Payments Reseller Subscription
      • Personalized Service Health
      • Policy Analyzer
      • Policy Controller
      • Policy Remediator Manager
      • Policy Simulator
      • Privileged Access Manager
      • Progressive Rollout
      • Project
      • Proxmity Beacon
      • Pub/Sub
      • Pub/Sub Lite
      • Public Certificate Authority
      • Rapid Migration Assessment
      • Recommendations
      • Recommender
      • Redis Enterprise Cloud
      • Remote Build Execution
      • Remoting Cloud
      • Resource Manager
      • Resource Settings
      • Retail API
      • RISC Configuration Service
      • Route Optimization
    • S-U
      • SaaS Service Management
      • SecLM
      • Secret Manager
      • Secure Source Manager
      • Secured Landing Zone
      • Security Center Management API
      • Security Command Center
      • Security Posture API
      • Sensitive Data Protection
      • Serverless Integrations
      • Serverless VPC Access
      • Service Catalog
      • Service Consumer Management
      • Service Directory
      • Service Extensions
      • Service Management
      • Service Networking
      • Service Security Insights
      • Service Usage
      • Spanner
      • Spark connector for BigQuery
      • Speaker ID
      • Spectrum Access System (SAS)
      • Speech-to-Text
      • Storage Insights
      • Storage Transfer Service
      • Stream
      • Studio Query
      • Subscribe with Google
      • Subscription Linking
      • Talent Solution
      • Telco Automation API
      • Telemetry API
      • Timeseries Insights API
      • Transcoder API
      • Transfer Appliance
      • Translation
      • Translation Hub
    • V-Z
      • Vector Search
      • Vertex AI
      • Vertex AI in Firebase
      • Video Stitcher API
      • Vision AI
      • Visual Inspection AI
      • VM Migration
      • Web Security Scanner
      • Workflows
      • Workload Certificate
      • Workload Manager
  • Full resource names
  • Identity federation: products and limitations
  • Permissions supported in deny policies
  • Permissions blocked by principal access boundary policies
  • Principal identifiers
  • Resource types that accept allow policies
  • Resource types with built-in identities
  • Service agents
  • Support levels for permissions in custom roles
  • AI and ML
  • Application development
  • Application hosting
  • Compute
  • Data analytics and pipelines
  • Databases
  • Distributed, hybrid, and multicloud
  • Generative AI
  • Industry solutions
  • Networking
  • Observability and monitoring
  • Security
  • Storage
  • Access and resources management
  • Costs and usage management
  • Google Cloud SDK, languages, frameworks, and tools
  • Infrastructure as code
  • Migration
  • Google Cloud Home
  • Free Trial and Free Tier
  • Architecture Center
  • Blog
  • Contact Sales
  • Google Cloud Developer Center
  • Google Developer Center
  • Google Cloud Marketplace
  • Google Cloud Marketplace Documentation
  • Google Cloud Skills Boost
  • Google Cloud Solution Center
  • Google Cloud Support
  • Google Cloud Tech Youtube Channel
  • Home
  • Documentation
  • Security
  • IAM
  • Reference

REST Resource: permissions

  • Resource
  • Methods

Resource

There is no persistent data associated with this resource.

Methods

queryTestablePermissions

Lists every permission that you can test on a resource.

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-05-21 UTC.

  • Why Google

    • Choosing Google Cloud
    • Trust and security
    • Modern Infrastructure Cloud
    • Multicloud
    • Global infrastructure
    • Customers and case studies
    • Analyst reports
    • Whitepapers
  • Products and pricing

    • See all products
    • See all solutions
    • Google Cloud for Startups
    • Google Cloud Marketplace
    • Google Cloud pricing
    • Contact sales
  • Support

    • Community forums
    • Support
    • Release Notes
    • System status
  • Resources

    • GitHub
    • Getting Started with Google Cloud
    • Google Cloud documentation
    • Code samples
    • Cloud Architecture Center
    • Training and Certification
    • Developer Center
  • Engage

    • Blog
    • Events
    • X (Twitter)
    • Google Cloud on YouTube
    • Google Cloud Tech on YouTube
    • Become a Partner
    • Google Cloud Affiliate Program
    • Press Corner
  • About Google
  • Privacy
  • Site terms
  • Google Cloud terms
  • Manage cookies
  • Our third decade of climate action: join us
  • Sign up for the Google Cloud newsletter Subscribe
  • English
  • Deutsch
  • Español – América Latina
  • Français
  • Português – Brasil
  • 中文 – 简体
  • 日本語
  • 한국어