Buckets: setIamPolicy

Updates an IAM policy for the specified bucket. Try it now.

Request

HTTP request

PUT https://www.googleapis.com/storage/v1/b/bucket/iam

Parameters

Parameter name Value Description
Path parameters
bucket string Name of a bucket.
Optional query parameters
userProject string The project to be billed for this request. Required for Requester Pays buckets.

Request body

In the request body, supply data with the following structure:

{
  "kind": "storage#policy",
  "resourceId": string,
  "bindings": [
    {
      "role": string,
      "members": [
        string
      ]
    }
  ],
  "etag": bytes
}
Property name Value Description Notes
kind string The kind of item this is. For policies, this field is ignored in a request and is storage#policy in a response.
resourceId string The ID of the resource to which this policy belongs. The response for this field is of the form projects/_/buckets/bucket. This field is ignored in a request.
bindings[] list An association between a role, which comes with a set of permissions, and members who may assume that role.
bindings[].role string The role to which members belong. Two types of roles are supported: standard IAM roles, which grant permissions that do not map directly to those provided by ACLs, and legacy IAM roles, which do map directly to ACL permissions. All roles are of the format roles/storage.specificRole.
See Cloud Storage IAM Roles for a list of available roles.
bindings[].members[] list A collection of identifiers for members who may assume the provided role. Recognized identifiers are as follows:
  • allUsers — A special identifier that represents anyone on the internet; with or without a Google account.
  • allAuthenticatedUsers — A special identifier that represents anyone who is authenticated with a Google account or a service account.
  • user:emailid — An email address that represents a specific account. For example, user:alice@gmail.com or user:joe@example.com.
  • serviceAccount:emailid — An email address that represents a service account. For example, serviceAccount:my-other-app@appspot.gserviceaccount.com .
  • group:emailid — An email address that represents a Google group. For example, group:admins@example.com.
  • domain:domain — A G Suite domain name that represents all the users of that domain. For example, domain:google.com or domain:example.com.
  • projectOwner:projectid — Owners of the given project. For example, projectOwner:my-example-project
  • projectEditor:projectid — Editors of the given project. For example, projectEditor:my-example-project
  • projectViewer:projectid — Viewers of the given project. For example, projectViewer:my-example-project
etag bytes HTTP 1.1 Entity tag for the policy. writable

Response

If successful, this method returns a response body with the following structure:

{
  "kind": "storage#policy",
  "resourceId": string,
  "bindings": [
    {
      "role": string,
      "members": [
        string
      ]
    }
  ],
  "etag": bytes
}
Property name Value Description Notes
kind string The kind of item this is. For policies, this field is ignored in a request and is storage#policy in a response.
resourceId string The ID of the resource to which this policy belongs. The response for this field is of the form projects/_/buckets/bucket. This field is ignored in a request.
bindings[] list An association between a role, which comes with a set of permissions, and members who may assume that role.
bindings[].role string The role to which members belong. Two types of roles are supported: standard IAM roles, which grant permissions that do not map directly to those provided by ACLs, and legacy IAM roles, which do map directly to ACL permissions. All roles are of the format roles/storage.specificRole.
See Cloud Storage IAM Roles for a list of available roles.
bindings[].members[] list A collection of identifiers for members who may assume the provided role. Recognized identifiers are as follows:
  • allUsers — A special identifier that represents anyone on the internet; with or without a Google account.
  • allAuthenticatedUsers — A special identifier that represents anyone who is authenticated with a Google account or a service account.
  • user:emailid — An email address that represents a specific account. For example, user:alice@gmail.com or user:joe@example.com.
  • serviceAccount:emailid — An email address that represents a service account. For example, serviceAccount:my-other-app@appspot.gserviceaccount.com .
  • group:emailid — An email address that represents a Google group. For example, group:admins@example.com.
  • domain:domain — A G Suite domain name that represents all the users of that domain. For example, domain:google.com or domain:example.com.
  • projectOwner:projectid — Owners of the given project. For example, projectOwner:my-example-project
  • projectEditor:projectid — Editors of the given project. For example, projectEditor:my-example-project
  • projectViewer:projectid — Viewers of the given project. For example, projectViewer:my-example-project
etag bytes HTTP 1.1 Entity tag for the policy. writable

Try it!

Use the APIs Explorer below to call this method on live data and see the response.

Var denne side nyttig? Giv os en anmeldelse af den:

Send feedback om...

Har du brug for hjælp? Besøg vores supportside.