Method: projects.roles.delete

Deletes a custom Role.

When you delete a custom role, the following changes occur immediately:

  • You cannot bind a principal to the custom role in an IAM Policy.
  • Existing bindings to the custom role are not changed, but they have no effect.
  • By default, the response from roles.list does not include the custom role.

A deleted custom role still counts toward the custom role limit until it is permanently deleted. You have 7 days to undelete the custom role. After 7 days, the following changes occur:

  • The custom role is permanently deleted and cannot be recovered.
  • If an IAM policy contains a binding to the custom role, the binding is permanently removed.
  • The custom role no longer counts toward your custom role limit.

HTTP request

DELETE https://iam.googleapis.com/v1/{name=projects/*/roles/*}

The URL uses gRPC Transcoding syntax.

Path parameters

Parameters
name

string

The name parameter's value depends on the target resource for the request, namely projects or organizations. Each resource type's name value format is described below:

  • projects.roles.delete: projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}. This method deletes only custom roles that have been created at the project level. Example request URL: https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}

  • organizations.roles.delete: organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}. This method deletes only custom roles that have been created at the organization level. Example request URL: https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}

Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID.

Authorization requires the following IAM permission on the specified resource name:

  • iam.roles.delete

Query parameters

Parameters
etag

string (bytes format)

Used to perform a consistent read-modify-write.

A base64-encoded string.

Request body

The request body must be empty.

Response body

If successful, the response body contains an instance of Role.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/iam
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

Examples

Uses the .NET client library.

// BEFORE RUNNING:
// ---------------
// 1. If not already done, enable the Identity and Access Management (IAM) API
//    and check the quota for your project at
//    https://console.developers.google.com/apis/api/iam
// 2. This sample uses Application Default Credentials for authentication.
//    If not already done, install the gcloud CLI from
//    https://cloud.google.com/sdk and run
//    `gcloud beta auth application-default login`.
//    For more information, see
//    https://developers.google.com/identity/protocols/application-default-credentials
// 3. Install the C# client library by adding a dependency on the relevant NuGet
//    package. Libraries published by Google are owned by google-apis-packages:
//    https://www.nuget.org/profiles/google-apis-packages

using Google.Apis.Auth.OAuth2;
using Google.Apis.Services;
using Google.Apis.Iam.v1;
using Newtonsoft.Json;
using System;
using System.Threading.Tasks;

using Data = Google.Apis.Iam.v1.Data;

namespace IamSample
{
   
public class IamExample
   
{
       
public static void Main(string[] args)
       
{
           
IamService iamService = new IamService(new BaseClientService.Initializer
           
{
               
HttpClientInitializer = GetCredential(),
               
ApplicationName = "Google-iamSample/0.1",
           
});

           
// The resource name of the role in one of the following formats:
           
// `organizations/{ORGANIZATION_ID}/roles/{ROLE_NAME}`
           
// `projects/{PROJECT_ID}/roles/{ROLE_NAME}`
           
string name = "projects/my-project/roles/my-role";  // TODO: Update placeholder value.

           
ProjectsResource.RolesResource.DeleteRequest request = iamService.Projects.Roles.Delete(name);

           
// To execute asynchronously in an async method, replace `request.Execute()` as shown:
           
Data.Role response = request.Execute();
           
// Data.Role response = await request.ExecuteAsync();

           
// TODO: Change code below to process the `response` object:
           
Console.WriteLine(JsonConvert.SerializeObject(response));
       
}

       
public static GoogleCredential GetCredential()
       
{
           
GoogleCredential credential = Task.Run(() => GoogleCredential.GetApplicationDefaultAsync()).Result;
           
if (credential.IsCreateScopedRequired)
           
{
                credential
= credential.CreateScoped("https://www.googleapis.com/auth/cloud-platform");
           
}
           
return credential;
       
}
   
}
}

Uses the Go client library.

package main

// BEFORE RUNNING:
// ---------------
// 1. If not already done, enable the Identity and Access Management (IAM) API
//    and check the quota for your project at
//    https://console.developers.google.com/apis/api/iam
// 2. This sample uses Application Default Credentials for authentication.
//    If not already done, install the gcloud CLI from
//    https://cloud.google.com/sdk/ and run
//    `gcloud beta auth application-default login`.
//    For more information, see
//    https://developers.google.com/identity/protocols/application-default-credentials
// 3. Install and update the Go dependencies by running `go get -u` in the
//    project directory.

import (
       
"fmt"
       
"log"

       
"golang.org/x/net/context"
       
"golang.org/x/oauth2/google"
       
"google.golang.org/api/iam/v1"
)

func main
() {
        ctx
:= context.Background()

        iamService
, err := iam.NewService(ctx)
       
if err != nil {
                log
.Fatal(err)
       
}

       
// The resource name of the role in one of the following formats:
       
// `organizations/{ORGANIZATION_ID}/roles/{ROLE_NAME}`
       
// `projects/{PROJECT_ID}/roles/{ROLE_NAME}`
        name
:= "projects/my-project/roles/my-role" // TODO: Update placeholder value.

        resp
, err := iamService.Projects.Roles.Delete(name).Context(ctx).Do()
       
if err != nil {
                log
.Fatal(err)
       
}

       
// TODO: Change code below to process the `resp` object:
        fmt
.Printf("%#v\n", resp)
}

Uses the Java client library.

/*
 * BEFORE RUNNING:
 * ---------------
 * 1. If not already done, enable the Identity and Access Management (IAM) API
 *    and check the quota for your project at
 *    https://console.developers.google.com/apis/api/iam
 * 2. This sample uses Application Default Credentials for authentication.
 *    If not already done, install the gcloud CLI from
 *    https://cloud.google.com/sdk and run
 *    `gcloud beta auth application-default login`.
 *    For more information, see
 *    https://developers.google.com/identity/protocols/application-default-credentials
 * 3. Install the Java client library on Maven or Gradle. Check installation
 *    instructions at https://github.com/google/google-api-java-client.
 *    On other build systems, you can add the jar files to your project from
 *    https://developers.google.com/resources/api-libraries/download/iam/v1/java
 */

import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport;
import com.google.api.client.http.HttpTransport;
import com.google.api.client.json.JsonFactory;
import com.google.api.client.json.jackson2.JacksonFactory;
import com.google.api.services.iam.v1.Iam;
import com.google.api.services.iam.v1.model.Role;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.Arrays;

public class IamExample {
 
public static void main(String args[]) throws IOException, GeneralSecurityException {
   
// The resource name of the role in one of the following formats:
   
// `organizations/{ORGANIZATION_ID}/roles/{ROLE_NAME}`
   
// `projects/{PROJECT_ID}/roles/{ROLE_NAME}`
   
String name = "projects/my-project/roles/my-role"; // TODO: Update placeholder value.

   
Iam iamService = createIamService();
   
Iam.Projects.Roles.Delete request = iamService.projects().roles().delete(name);

   
Role response = request.execute();

   
// TODO: Change code below to process the `response` object:
   
System.out.println(response);
 
}

 
public static Iam createIamService() throws IOException, GeneralSecurityException {
   
HttpTransport httpTransport = GoogleNetHttpTransport.newTrustedTransport();
   
JsonFactory jsonFactory = JacksonFactory.getDefaultInstance();

   
GoogleCredential credential = GoogleCredential.getApplicationDefault();
   
if (credential.createScopedRequired()) {
      credential
=
          credential
.createScoped(Arrays.asList("https://www.googleapis.com/auth/cloud-platform"));
   
}

   
return new Iam.Builder(httpTransport, jsonFactory, credential)
       
.setApplicationName("Google-iamSample/0.1")
       
.build();
 
}
}

Uses the Node.js client library.

// BEFORE RUNNING:
// ---------------
// 1. If not already done, enable the Identity and Access Management (IAM) API
//    and check the quota for your project at
//    https://console.developers.google.com/apis/api/iam
// 2. This sample uses Application Default Credentials for authentication.
//    If not already done, install the gcloud CLI from
//    https://cloud.google.com/sdk and run
//    `gcloud beta auth application-default login`.
//    For more information, see
//    https://developers.google.com/identity/protocols/application-default-credentials
// 3. Install the Node.js client library by running
//    `npm install googleapis --save`

const {google} = require('googleapis');
const iam = google.iam('v1');

async
function main () {
 
const authClient = await authorize();
 
const request = {
   
// The `name` parameter's value depends on the target resource for the
   
// request, namely
   
// [`projects`](/iam/reference/rest/v1/projects.roles) or
   
// [`organizations`](/iam/reference/rest/v1/organizations.roles). Each
   
// resource type's `name` value format is described below:
   
// * [`projects.roles.delete()`](/iam/reference/rest/v1/projects.roles/delete):
   
// `projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method deletes only
   
// [custom roles](/iam/docs/understanding-custom-roles) that have been
   
// created at the project level. Example request URL:
   
// `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`
   
// * [`organizations.roles.delete()`](/iam/reference/rest/v1/organizations.roles/delete):
   
// `organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This method
   
// deletes only [custom roles](/iam/docs/understanding-custom-roles) that
   
// have been created at the organization level. Example request URL:
   
// `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`
   
// Note: Wildcard (*) values are invalid; you must specify a complete project
   
// ID or organization ID.
    name
: 'projects/my-project/roles/my-role',  // TODO: Update placeholder value.

    auth
: authClient,
 
};

 
try {
   
const response = (await iam.projects.roles.delete(request)).data;
   
// TODO: Change code below to process the `response` object:
    console
.log(JSON.stringify(response, null, 2));
 
} catch (err) {
    console
.error(err);
 
}
}
main
();

async
function authorize() {
 
const auth = new google.auth.GoogleAuth({
    scopes
: ['https://www.googleapis.com/auth/cloud-platform']
 
});
 
return await auth.getClient();
}

Uses the PHP client library.

<?php
/*
 * BEFORE RUNNING:
 * ---------------
 * 1. If not already done, enable the Identity and Access Management (IAM) API
 *    and check the quota for your project at
 *    https://console.developers.google.com/apis/api/iam
 * 2. This sample uses Application Default Credentials for authentication.
 *    If not already done, install the gcloud CLI from
 *    https://cloud.google.com/sdk and run
 *    `gcloud beta auth application-default login`.
 *    For more information, see
 *    https://developers.google.com/identity/protocols/application-default-credentials
 * 3. Install the PHP client library with Composer. Check installation
 *    instructions at https://github.com/google/google-api-php-client.
 */


// Autoload Composer.
require_once __DIR__
. '/vendor/autoload.php';

$client
= new Google_Client();
$client
->setApplicationName('Google-iamSample/0.1');
$client
->useApplicationDefaultCredentials();
$client
->addScope('https://www.googleapis.com/auth/cloud-platform');

$service
= new Google_Service_Iam($client);

// The resource name of the role in one of the following formats:
// `organizations/{ORGANIZATION_ID}/roles/{ROLE_NAME}`
// `projects/{PROJECT_ID}/roles/{ROLE_NAME}`
$name
= 'projects/my-project/roles/my-role';  // TODO: Update placeholder value.

$response
= $service->projects_roles->delete($name);

// TODO: Change code below to process the `response` object:
echo
'<pre>', var_export($response, true), '</pre>', "\n";
?>

Uses the Python client library.

"""
BEFORE RUNNING:
---------------
1. If not already done, enable the Identity and Access Management (IAM) API
   and check the quota for your project at
   https://console.developers.google.com/apis/api/iam
2. This sample uses Application Default Credentials for authentication.
   If not already done, install the gcloud CLI from
   https://cloud.google.com/sdk and run
   `gcloud beta auth application-default login`.
   For more information, see
   https://developers.google.com/identity/protocols/application-default-credentials
3. Install the Python client library for Google APIs by running
   `pip install --upgrade google-api-python-client`
4. Install the OAuth 2.0 client for Google APIs by running
   `pip install --upgrade oauth2client`
"""

from pprint import pprint

from googleapiclient import discovery
from oauth2client.client import GoogleCredentials

credentials
= GoogleCredentials.get_application_default()

service
= discovery.build('iam', 'v1', credentials=credentials)

# The resource name of the role in one of the following formats:
# `organizations/{ORGANIZATION_ID}/roles/{ROLE_NAME}`
# `projects/{PROJECT_ID}/roles/{ROLE_NAME}`
name
= 'projects/my-project/roles/my-role'  # TODO: Update placeholder value.

request
= service.projects().roles().delete(name=name)
response
= request.execute()

# TODO: Change code below to process the `response` dict:
pprint
(response)

Uses the Ruby client library.

# BEFORE RUNNING:
# ---------------
# 1. If not already done, enable the Identity and Access Management (IAM) API
#    and check the quota for your project at
#    https://console.developers.google.com/apis/api/iam
# 2. This sample uses Application Default Credentials for authentication.
#    If not already done, install the gcloud CLI from
#    https://cloud.google.com/sdk and run
#    `gcloud beta auth application-default login`.
#    For more information, see
#    https://developers.google.com/identity/protocols/application-default-credentials
# 3. Install the Ruby client library and Application Default Credentials
#    library by running `gem install google-api-client` and
#    `gem install googleauth`

require 'googleauth'
require 'google/apis/iam_v1'

service
= Google::Apis::IamV1::IamService.new

service
.authorization = \
   
Google::Auth.get_application_default(['https://www.googleapis.com/auth/cloud-platform'])

# The resource name of the role in one of the following formats:
# `organizations/{ORGANIZATION_ID}/roles/{ROLE_NAME}`
# `projects/{PROJECT_ID}/roles/{ROLE_NAME}`
name
= 'projects/my-project/roles/my-role'  # TODO: Update placeholder value.

response
= service.delete_project_role(name)

# TODO: Change code below to process the `response` object:
puts response
.to_json