Method: projects.instances.testIamPermissions

Stay organized with collections Save and categorize content based on your preferences.

Returns permissions that the caller has on the specified instance resource.

Attempting this RPC on a non-existent Cloud Spanner instance resource will result in a NOT_FOUND error if the user has spanner.instances.list permission on the containing Google Cloud Project. Otherwise returns an empty set of permissions.

HTTP request


The URL uses gRPC Transcoding syntax.

Path parameters



REQUIRED: The Cloud Spanner resource for which permissions are being tested. The format is projects/<project ID>/instances/<instance ID> for instance resources and projects/<project ID>/instances/<instance ID>/databases/<database ID> for database resources.

Request body

The request body contains data with the following structure:

JSON representation
  "permissions": [


REQUIRED: The set of permissions to check for 'resource'. Permissions with wildcards (such as '*', 'spanner.*', 'spanner.instances.*') are not allowed.

Response body

If successful, the response body contains an instance of TestIamPermissionsResponse.

Authorization Scopes

Requires one of the following OAuth scopes:


For more information, see the Authentication Overview.