Add a new role binding

Demonstrates adding a new role binding to an IAM policy.

Explore further

For detailed documentation that includes this code sample, see the following:

Manage access to projects, folders, and organizations

Code sample

C#

To learn how to install and use the client library for IAM, see IAM client libraries. For more information, see the IAM C# API reference documentation.

To authenticate to IAM, set up Application Default Credentials. For more information, see Set up authentication for a local development environment.


using System.Collections.Generic;
using Google.Apis.CloudResourceManager.v1.Data;

public partial class AccessManager
{
    public static Policy AddBinding(Policy policy, string role, string member)
    {
        var binding = new Binding
        {
            Role = role,
            Members = new List<string> { member }
        };
        policy.Bindings.Add(binding);
        return policy;
    }
}

Java

To learn how to install and use the client library for IAM, see IAM client libraries. For more information, see the IAM Java API reference documentation.

To authenticate to IAM, set up Application Default Credentials. For more information, see Set up authentication for a local development environment.


import com.google.iam.v1.Binding;
import com.google.iam.v1.Policy;
import java.util.Collections;
import java.util.List;

public class AddBinding {
  public static void main(String[] args) {
    // TODO(developer): Replace the variables before running the sample.
    // TODO: Replace with your policy: GetPolicy.getPolicy(projectId, serviceAccount).
    Policy policy = Policy.newBuilder().build();
    // TODO: Replace with your role.
    String role = "roles/role-to-add";
    // TODO: Replace with your members.
    List<String> members = Collections.singletonList("user:member-to-add@example.com");

    addBinding(policy, role, members);
  }

  // Adds a member to a role.
  public static Policy addBinding(Policy policy, String role, List<String> members) {
    Binding binding = Binding.newBuilder()
            .setRole(role)
            .addAllMembers(members)
            .build();

    // Update bindings for the policy.
    Policy updatedPolicy = policy.toBuilder().addBindings(binding).build();

    System.out.println("Added binding: " + updatedPolicy.getBindingsList());

    return updatedPolicy;
  }
}

Python

To learn how to install and use the client library for IAM, see IAM client libraries. For more information, see the IAM Python API reference documentation.

To authenticate to IAM, set up Application Default Credentials. For more information, see Set up authentication for a local development environment.

def modify_policy_add_role(policy: dict, role: str, member: str) -> dict:
    """Adds a new role binding to a policy."""

    binding = {"role": role, "members": [member]}
    policy["bindings"].append(binding)
    print(policy)
    return policy

What's next

To search and filter code samples for other Google Cloud products, see the Google Cloud sample browser.