Disable a custom role
Stay organized with collections
Save and categorize content based on your preferences.
Demonstrates disabling a custom role.
Explore further
For detailed documentation that includes this code sample, see the following:
Code sample
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],[],[],[],null,["# Disable a custom role\n\nDemonstrates disabling a custom role.\n\nExplore further\n---------------\n\n\nFor detailed documentation that includes this code sample, see the following:\n\n- [Create and manage custom roles](/iam/docs/creating-custom-roles)\n\nCode sample\n-----------\n\n### Java\n\n\nTo learn how to install and use the client library for IAM, see\n[IAM client libraries](/iam/docs/reference/libraries).\n\n\nFor more information, see the\n[IAM Java API\nreference documentation](https://developers.google.com/api-client-library/java/apis/iam/v1).\n\n\nTo authenticate to IAM, set up Application Default Credentials.\nFor more information, see\n\n[Set up authentication for a local development environment](/docs/authentication/set-up-adc-local-dev-environment).\n\n\n import com.google.cloud.iam.admin.v1.https://cloud.google.com/java/docs/reference/google-iam-admin/latest/com.google.cloud.iam.admin.v1.IAMClient.html;\n import com.google.iam.admin.v1.https://cloud.google.com/java/docs/reference/google-iam-admin/latest/com.google.iam.admin.v1.Role.html;\n import com.google.iam.admin.v1.https://cloud.google.com/java/docs/reference/google-iam-admin/latest/com.google.iam.admin.v1.UpdateRoleRequest.html;\n import com.google.protobuf.https://cloud.google.com/java/docs/reference/protobuf/latest/com.google.protobuf.FieldMask.html;\n import java.io.IOException;\n\n public class DisableRole {\n\n public static void main(String[] args) throws IOException {\n // TODO(developer): Replace the variables before running the sample.\n // Role ID must point to an existing role.\n String projectId = \"your-project-id\";\n String roleId = \"testRole\";\n\n https://cloud.google.com/java/docs/reference/google-iam-admin/latest/com.google.iam.admin.v1.Role.html role = disableRole(projectId, roleId);\n System.out.println(\"Role name: \" + role.https://cloud.google.com/java/docs/reference/google-iam-admin/latest/com.google.iam.admin.v1.Role.html#com_google_iam_admin_v1_Role_getName__());\n System.out.println(\"Role stage: \" + role.https://cloud.google.com/java/docs/reference/google-iam-admin/latest/com.google.iam.admin.v1.Role.html#com_google_iam_admin_v1_Role_getStage__());\n }\n\n public static https://cloud.google.com/java/docs/reference/google-iam-admin/latest/com.google.iam.admin.v1.Role.html disableRole(String projectId, String roleId)\n throws IOException {\n String roleName = \"projects/\" + projectId + \"/roles/\" + roleId;\n https://cloud.google.com/java/docs/reference/google-iam-admin/latest/com.google.iam.admin.v1.Role.html role = https://cloud.google.com/java/docs/reference/google-iam-admin/latest/com.google.iam.admin.v1.Role.html.newBuilder()\n .setName(roleName)\n .setStage(https://cloud.google.com/java/docs/reference/google-iam-admin/latest/com.google.iam.admin.v1.Role.html.RoleLaunchStage.DISABLED)\n .build();\n\n https://cloud.google.com/java/docs/reference/protobuf/latest/com.google.protobuf.FieldMask.html fieldMask = https://cloud.google.com/java/docs/reference/protobuf/latest/com.google.protobuf.FieldMask.html.newBuilder().https://cloud.google.com/java/docs/reference/protobuf/latest/com.google.protobuf.FieldMask.Builder.html#com_google_protobuf_FieldMask_Builder_addPaths_java_lang_String_(\"stage\").build();\n https://cloud.google.com/java/docs/reference/google-iam-admin/latest/com.google.iam.admin.v1.UpdateRoleRequest.html updateRoleRequest =\n https://cloud.google.com/java/docs/reference/google-iam-admin/latest/com.google.iam.admin.v1.UpdateRoleRequest.html.newBuilder()\n .setName(roleName)\n .setRole(role)\n .setUpdateMask(fieldMask)\n .build();\n\n // Initialize client for sending requests. This client only needs to be created\n // once, and can be reused for multiple requests.\n try (https://cloud.google.com/java/docs/reference/google-iam-admin/latest/com.google.cloud.iam.admin.v1.IAMClient.html iamClient = https://cloud.google.com/java/docs/reference/google-iam-admin/latest/com.google.cloud.iam.admin.v1.IAMClient.html.create()) {\n return iamClient.updateRole(updateRoleRequest);\n }\n }\n }\n\n### Python\n\n\nTo learn how to install and use the client library for IAM, see\n[IAM client libraries](/iam/docs/reference/libraries).\n\n\nFor more information, see the\n[IAM Python API\nreference documentation](https://developers.google.com/api-client-library/python/apis/iam/v1).\n\n\nTo authenticate to IAM, set up Application Default Credentials.\nFor more information, see\n\n[Set up authentication for a local development environment](/docs/authentication/set-up-adc-local-dev-environment).\n\n from google.api_core.exceptions import NotFound\n from google.cloud.iam_admin_v1 import https://cloud.google.com/python/docs/reference/iam/latest/google.cloud.iam_admin_v1.types.GetRoleRequest.html, https://cloud.google.com/python/docs/reference/iam/latest/google.cloud.iam_admin_v1.services.iam.IAMClient.html, https://cloud.google.com/python/docs/reference/iam/latest/google.cloud.iam_admin_v1.types.Role.html, https://cloud.google.com/python/docs/reference/iam/latest/google.cloud.iam_admin_v1.types.UpdateRoleRequest.html\n\n\n def disable_role(project_id: str, role_id: str) -\u003e Role:\n \"\"\"Disables an IAM role in a GCP project.\n\n Args:\n project_id: GCP project ID\n role_id: ID of GCP IAM role\n\n Returns: Updated google.cloud.iam_admin_v1.Role object with disabled stage\n \"\"\"\n client = IAMClient()\n name = f\"projects/{project_id}/roles/{role_id}\"\n get_request = GetRoleRequest(name=name)\n try:\n role = client.https://cloud.google.com/python/docs/reference/iam/latest/google.cloud.iam_admin_v1.services.iam.IAMClient.html#google_cloud_iam_admin_v1_services_iam_IAMClient_get_role(get_request)\n role.stage = https://cloud.google.com/python/docs/reference/iam/latest/google.cloud.iam_admin_v1.types.Role.html.https://cloud.google.com/python/docs/reference/iam/latest/google.cloud.iam_admin_v1.types.Role.RoleLaunchStage.html.DISABLED\n update_request = UpdateRoleRequest(name=role.name, role=role)\n client.https://cloud.google.com/python/docs/reference/iam/latest/google.cloud.iam_admin_v1.services.iam.IAMClient.html#google_cloud_iam_admin_v1_services_iam_IAMClient_update_role(update_request)\n print(f\"Disabled role: {role_id}: {role}\")\n return role\n except NotFound as exc:\n raise NotFound(f'Role with id [{role_id}] not found, take some actions') from exc\n\nWhat's next\n-----------\n\n\nTo search and filter code samples for other Google Cloud products, see the\n[Google Cloud sample browser](/docs/samples?product=iam)."]]
