Method: testIamPermissions

Returns permissions that a caller has on the Identity-Aware Proxy protected resource. If the resource does not exist or the caller does not have Identity-Aware Proxy permissions a google.rpc.Code.PERMISSION_DENIED will be returned. More information about managing access via IAP can be found at:

HTTP request


The URL uses gRPC Transcoding syntax.

Path parameters



REQUIRED: The resource for which the policy detail is being requested. See the operation documentation for the appropriate value for this field.

Request body

The request body contains data with the following structure:

JSON representation
  "permissions": [


The set of permissions to check for the resource. Permissions with wildcards (such as '*' or 'storage.*') are not allowed. For more information see IAM Overview.

Response body

If successful, the response body contains an instance of TestIamPermissionsResponse.

Authorization Scopes

Requires the following OAuth scope:


For more information, see the Authentication Overview.

Try it!

Was this page helpful? Let us know how we did:

Send feedback about...

Identity-Aware Proxy Documentation