Sets the IAM policy that is attached to a ServiceAccount
.
Use this method to grant or revoke access to the service account. For example, you could grant a member the ability to impersonate the service account.
This method does not enable the service account to access other resources. To grant roles to a service account on a resource, follow these steps:
- Call the resource's
getIamPolicy
method to get its current IAM policy. - Edit the policy so that it binds the service account to an IAM role for the resource.
- Call the resource's
setIamPolicy
method to update its IAM policy.
For detailed instructions, see Granting roles to a service account for specific resources.
HTTP request
POST https://iam.googleapis.com/v1/{resource=projects/*/serviceAccounts/*}:setIamPolicy
The URL uses gRPC Transcoding syntax.
Path parameters
Parameters | |
---|---|
resource |
REQUIRED: The resource for which the policy is being specified. See the operation documentation for the appropriate value for this field. |
Request body
The request body contains data with the following structure:
JSON representation | |
---|---|
{
"policy": {
object ( |
Fields | |
---|---|
policy |
REQUIRED: The complete policy to be applied to the |
updateMask |
OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only the fields in the mask will be modified. If no mask is provided, the following default mask is used:
A comma-separated list of fully qualified names of fields. Example: |
Response body
If successful, the response body contains an instance of Policy
.
Authorization Scopes
Requires one of the following OAuth scopes:
https://www.googleapis.com/auth/iam
https://www.googleapis.com/auth/cloud-platform
For more information, see the Authentication Overview.