Method: projects.instances.databases.testIamPermissions

Returns permissions that the caller has on the specified database or backup resource.

Attempting this RPC on a non-existent Cloud Spanner database will result in a NOT_FOUND error if the user has spanner.databases.list permission on the containing Cloud Spanner instance. Otherwise returns an empty set of permissions. Calling this method on a backup that does not exist will result in a NOT_FOUND error if the user has spanner.backups.list permission on the containing instance.

HTTP request

POST https://spanner.googleapis.com/v1/{resource=projects/*/instances/*/databases/*}:testIamPermissions

The URL uses gRPC Transcoding syntax.

Path parameters

Parameters
resource

string

REQUIRED: The Cloud Spanner resource for which permissions are being tested. The format is projects/<project ID>/instances/<instance ID> for instance resources and projects/<project ID>/instances/<instance ID>/databases/<database ID> for database resources.

Request body

The request body contains data with the following structure:

JSON representation
{
  "permissions": [
    string
  ]
}
Fields
permissions[]

string

REQUIRED: The set of permissions to check for 'resource'. Permissions with wildcards (such as '*', 'spanner.*', 'spanner.instances.*') are not allowed.

Response body

If successful, the response body contains an instance of TestIamPermissionsResponse.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/spanner.admin
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.