Method: permissions.queryTestablePermissions

Lists every permission that you can test on a resource. A permission is testable if you can check whether a principal has that permission on the resource.

HTTP request

POST https://iam.googleapis.com/v1/permissions:queryTestablePermissions

The URL uses gRPC Transcoding syntax.

Request body

The request body contains data with the following structure:

JSON representation 
{
  "fullResourceName": string,
  "pageSize": integer,
  "pageToken": string
}
Fields
fullResourceName

string

Required. The full resource name to query from the list of testable permissions.

The name follows the Google Cloud Platform resource format. For example, a Cloud Platform project with id my-project will be named //cloudresourcemanager.googleapis.com/projects/my-project.
pageSize

integer

Optional limit on the number of permissions to include in the response.

The default is 100, and the maximum is 1,000.
pageToken

string

Optional pagination token returned in an earlier QueryTestablePermissionsRequest.

Response body

The response containing permissions which can be tested on a resource.

If successful, the response body contains data with the following structure:

JSON representation 
{
  "permissions": [
    {
      object (Permission)
    }
  ],
  "nextPageToken": string
}
Fields
permissions[]

object (Permission)

The Permissions testable on the requested resource.
nextPageToken

string

To retrieve the next page of results, set QueryTestableRolesRequest.page_token to this value.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/iam
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

Permission

A permission which can be included by a role.

JSON representation 
{
  "name": string,
  "title": string,
  "description": string,
  "onlyInPredefinedRoles": boolean,
  "stage": enum (PermissionLaunchStage),
  "customRolesSupportLevel": enum (CustomRolesSupportLevel),
  "apiDisabled": boolean,
  "primaryPermission": string
}
Fields
name

string

The name of this Permission.
title

string

The title of this Permission.
description

string

A brief description of what this Permission is used for. This permission can ONLY be used in predefined roles.
onlyInPredefinedRoles
(deprecated)

boolean
stage

enum (PermissionLaunchStage)

The current launch stage of the permission.
customRolesSupportLevel

enum (CustomRolesSupportLevel)

The current custom role support level.
apiDisabled

boolean

The service API associated with the permission is not enabled.
primaryPermission

string

The preferred name for this permission. If present, then this permission is an alias of, and equivalent to, the listed primaryPermission.

PermissionLaunchStage

A stage representing a permission's lifecycle phase.

Enums
ALPHA The permission is currently in an alpha phase.
BETA The permission is currently in a beta phase.
GA The permission is generally available.
DEPRECATED The permission is being deprecated.

CustomRolesSupportLevel

The state of the permission with regards to custom roles.

Enums
SUPPORTED Default state. Permission is fully supported for custom role use.
TESTING Permission is being tested to check custom role compatibility.
NOT_SUPPORTED Permission is not supported for custom role use.