Testing permissions

testIamPermissions() allows you to test Cloud IAM permissions on a user for a resource. It takes the resource URL and a set of permissions as input parameters, and returns the set of permissions that the caller is allowed.

You typically don't invoke testIamPermission() if you're using Google Cloud Platform directly to manage permissions. testIamPermissions() is intended for integration with your proprietary software such as a customized graphical user interface. For example, the GCP Console uses testIamPermissions() internally to determine which UI should be available to the logged-in user.

How to test permissions

The following code snippet to test permissions for a project:



POST https://cloudresourcemanager.googleapis.com/v1/projects/[PROJECT_ID]:testIamPermissions

    "permissions":  [

(Substitute your Google Cloud Platform project ID for [PROJECT_ID].)


    "permissions": [


import com.google.api.services.cloudresourcemanager.model.TestIamPermissionsRequest;
import java.util.List;


TestIamPermissionsRequest testIamPermissionsRequest =
    new TestIamPermissionsRequest().setPermissions(
        Arrays.asList("resourcemanager.projects.get", "resourcemanager.projects.delete"));

TestIamPermissionsResponse testIamPermissionsResponse =
        projectId, testIamPermissionsRequest).execute();
List<String> testResults = testIamPermissionsResponse.getPermissions();

What's next

Was this page helpful? Let us know how we did:

Send feedback about...

Cloud Identity and Access Management Documentation