Testing Permissions

testIamPermissions() allows you to test Cloud IAM permissions on a user for a resource. It takes the resource URL and a set of permissions as input parameters, and returns the set of permissions that the caller is allowed.

You typically don't invoke testIamPermission() if you're using Google Cloud Platform directly to manage permissions. testIamPermissions() is intended for integration with your proprietary software such as a customized graphical user interface. For example, the Cloud Platform Console uses testIamPermissions() internally to determine which UI should be available to the logged-in user.

How to test permissions

The following code snippet to test permissions for a project:

API

Request:

POST https://cloudresourcemanager.googleapis.com/v1/projects/[PROJECT_ID]:testIamPermissions

{
    "permissions":  [
        "resourcemanager.projects.get",
        "resourcemanager.projects.delete"
    ]
}

(Substitute your Google Cloud Platform project ID for [PROJECT_ID].)

Response:

{
    "permissions": [
        "resourcemanager.projects.get"
    ]
}

Java

import com.google.api.services.cloudresourcemanager.model.TestIamPermissionsRequest;
import java.util.List;

...

TestIamPermissionsRequest testIamPermissionsRequest =
    new TestIamPermissionsRequest().setPermissions(
        Arrays.asList("resourcemanager.projects.get", "resourcemanager.projects.delete"));

TestIamPermissionsResponse testIamPermissionsResponse =
    client.projects().testIamPermissions(
        projectId, testIamPermissionsRequest).execute();
List<String> testResults = testIamPermissionsResponse.getPermissions();
...

What's next

Monitor your resources on the go

Get the Google Cloud Console app to help you manage your projects.

Send feedback about...

Cloud Identity and Access Management Documentation