Method: services.roles.add

HTTP request
Path parameters
Request body
- JSON representation
Response body
Authorization Scopes
PolicyBinding
- JSON representation
Try it!

Service producers can use this method to add roles in the shared VPC host project. Each role is bound to the provided member. Each role must be selected from within an allowlisted set of roles. Each role is applied at only the granularity specified in the allowlist.

HTTP request

POST https://servicenetworking.googleapis.com/v1/{parent=services/*}/roles:add

The URL uses gRPC Transcoding syntax.

Path parameters

Parameters

Parameters
`parent`	`string` Required. This is in a form services/{service} where {service} is the name of the private access management service. For example 'service-peering.example.com'. Authorization requires the following IAM permission on the specified resource `parent`: `servicenetworking.services.addSubnetwork`

parent

string

Required. This is in a form services/{service} where {service} is the name of the private access management service. For example 'service-peering.example.com'.

Authorization requires the following IAM permission on the specified resource parent:

servicenetworking.services.addSubnetwork

Request body

The request body contains data with the following structure:

JSON representation
{ "consumerNetwork": string, "policyBinding": [ { object (`PolicyBinding`) } ] }

Fields

Fields
`consumerNetwork`	`string` Required. The network that the consumer is using to connect with services. Must be in the form of projects/{project}/global/networks/{network} {project} is a project number, as in '12345' {network} is a network name.
`policyBinding[]`	`object (PolicyBinding)` Required. List of policy bindings to add to shared VPC host project.

consumerNetwork

string

Required. The network that the consumer is using to connect with services. Must be in the form of projects/{project}/global/networks/{network} {project} is a project number, as in '12345' {network} is a network name.

policyBinding[]

object (PolicyBinding)

Required. List of policy bindings to add to shared VPC host project.

Response body

If successful, the response body contains an instance of Operation.

Authorization Scopes

Requires one of the following OAuth scopes:

https://www.googleapis.com/auth/service.management
https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

PolicyBinding

Grouping of IAM role and IAM member.

JSON representation
{ "role": string, "member": string }

Fields

Fields
`role`	`string` Required. Role to apply. Only allowlisted roles can be used at the specified granularity. The role must be one of the following: - 'roles/container.hostServiceAgentUser' applied on the shared VPC host project - 'roles/compute.securityAdmin' applied on the shared VPC host project
`member`	`string` Required. Member to bind the role with. See /iam/docs/reference/rest/v1/Policy#Binding for how to format each member. Eg. - user:myuser@mydomain.com - serviceAccount:my-service-account@app.gserviceaccount.com

role

string

Required. Role to apply. Only allowlisted roles can be used at the specified granularity. The role must be one of the following: - 'roles/container.hostServiceAgentUser' applied on the shared VPC host project - 'roles/compute.securityAdmin' applied on the shared VPC host project

member

string

Required. Member to bind the role with. See /iam/docs/reference/rest/v1/Policy#Binding for how to format each member. Eg. - user:myuser@mydomain.com - serviceAccount:my-service-account@app.gserviceaccount.com