Returns an IAM policy for the specified bucket. Try it now.
The authenticated user must have sufficient permission to use this method.
Request
HTTP request
GET https://storage.googleapis.com/storage/v1/b/bucket/iam
Parameters
Parameter name | Value | Description |
---|---|---|
Path parameters | ||
bucket |
string |
Name of a bucket. |
Optional query parameters | ||
userProject |
string |
The project to be billed for this request. Required for Requester Pays buckets. |
Request body
Do not supply a request body with this method.
Response
If successful, this method returns a response body with the following structure:
{ "kind": "storage#policy", "resourceId": string, "bindings": [ { "role": string, "members": [ string ] } ], "etag": bytes }
Property name | Value | Description | Notes |
---|---|---|---|
kind |
string |
The kind of item this is. For policies, this field is ignored in a request and is
storage#policy in a response. |
|
resourceId |
string |
The ID of the resource to which this policy belongs. The response for this field is of
the form projects/_/buckets/bucket . This field is ignored in a
request. |
|
bindings[] |
list |
An association between a role, which comes with a set of permissions, and members who may assume that role. | |
bindings[].role |
string |
The role to which members belong. Two types of roles are supported: standard IAM roles,
which grant permissions that do not map directly to those provided by ACLs, and legacy
IAM roles, which do map directly to ACL permissions. All roles are of the format
roles/storage.specificRole .
See Cloud Storage IAM Roles for a list of available roles. |
|
bindings[].members[] |
list |
A collection of identifiers for members who may assume the provided role. Recognized identifiers are as follows:
|
|
etag |
bytes |
HTTP 1.1 Entity tag for the policy. | writable |
Try it!
Use the APIs Explorer below to call this method on live data and see the response.