Sets the IAM policy that is attached to a ServiceAccount
.
Use this method to grant or revoke access to the service account. For example, you could grant a principal the ability to impersonate the service account.
This method does not enable the service account to access other resources. To grant roles to a service account on a resource, follow these steps:
- Call the resource's
getIamPolicy
method to get its current IAM policy. - Edit the policy so that it binds the service account to an IAM role for the resource.
- Call the resource's
setIamPolicy
method to update its IAM policy.
For detailed instructions, see Manage access to project, folders, and organizations or Manage access to other resources.
HTTP request
POST https://iam.googleapis.com/v1/{resource=projects/*/serviceAccounts/*}:setIamPolicy
The URL uses gRPC Transcoding syntax.
Path parameters
Parameters | |
---|---|
resource |
REQUIRED: The resource for which the policy is being specified. See Resource names for the appropriate value for this field. |
Request body
The request body contains data with the following structure:
JSON representation |
---|
{
"policy": {
object ( |
Fields | |
---|---|
policy |
REQUIRED: The complete policy to be applied to the |
update |
OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only the fields in the mask will be modified. If no mask is provided, the following default mask is used:
This is a comma-separated list of fully qualified names of fields. Example: |
Response body
If successful, the response body contains an instance of Policy
.
Authorization scopes
Requires one of the following OAuth scopes:
https://www.googleapis.com/auth/iam
https://www.googleapis.com/auth/cloud-platform
For more information, see the Authentication Overview.