Method: roles.queryGrantableRoles

Queries roles that can be granted on a particular resource. A role is grantable if it can be used as the role in a binding for a policy for that resource.

HTTP request

POST https://iam.googleapis.com/v1/roles:queryGrantableRoles

The URL uses Google API HTTP annotation syntax.

Request body

The request body contains data with the following structure:

JSON representation
{
  "fullResourceName": string,
  "view": enum(RoleView),
  "pageSize": number,
  "pageToken": string,
}
Fields
fullResourceName

string

Required. The full resource name to query from the list of grantable roles.

The name follows the Google Cloud Platform resource format. For example, a Cloud Platform project with id my-project will be named //cloudresourcemanager.googleapis.com/projects/my-project.

view

enum(RoleView)

pageSize

number

Optional limit on the number of roles to include in the response.

pageToken

string

Optional pagination token returned in an earlier QueryGrantableRolesResponse.

Response body

If successful, the response body contains data with the following structure:

The grantable role query response.

JSON representation
{
  "roles": [
    {
      object(Role)
    }
  ],
  "nextPageToken": string,
}
Fields
roles[]

object(Role)

The list of matching roles.

nextPageToken

string

To retrieve the next page of results, set QueryGrantableRolesRequest.page_token to this value.

Authorization

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/iam
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Auth Guide.

Monitor your resources on the go

Get the Google Cloud Console app to help you manage your projects.

Send feedback about...

Cloud Identity and Access Management