Updates an IAM policy for the specified bucket. Try it now.
The authenticated user must have sufficient permission to use this method.
Request
HTTP request
PUT https://storage.googleapis.com/storage/v1/b/bucket/iam
Parameters
Parameter name | Value | Description |
---|---|---|
Path parameters | ||
bucket |
string |
Name of a bucket. |
Optional query parameters | ||
userProject |
string |
The project to be billed for this request. Required for Requester Pays buckets. |
Request body
In the request body, supply data with the following structure:
{ "version": int, "kind": "storage#policy", "resourceId": string, "bindings": [ { "role": string, "members": [ string ], "condition": { "title": string, "description": string, "expression": RFC 3339 format string } }], "etag": bytes }
Property name | Value | Description | Notes |
---|---|---|---|
version |
int |
The Cloud IAM policy version. Required to be 3 or greater for buckets with Cloud IAM Conditions. | |
kind |
string |
The kind of item this is. For policies, this field is ignored in a request and is
storage#policy in a response. |
|
resourceId |
string |
The ID of the resource to which this policy belongs. The response for this field is of
the form projects/_/buckets/bucket . This field is ignored in a
request. |
|
bindings[] |
list |
An association between a role, which comes with a set of permissions, and members who may assume that role. | |
bindings[].role |
string |
The role to which members belong. Two types of roles are supported: standard IAM roles,
which grant permissions that do not map directly to those provided by ACLs, and legacy
IAM roles, which do map directly to ACL permissions. All roles are of the format
roles/storage.specificRole .
See Cloud Storage IAM Roles for a list of available roles. |
|
bindings[].members[] |
list |
A collection of identifiers for members who may assume the provided role. Recognized identifiers are as follows:
|
|
bindings[].condition |
object |
A condition object associated with this binding. Each role binding can only contain one condition. |
optional |
bindings[].condition.title |
string |
Title of the condition. For example, "expires_end_of_2018" .
|
|
bindings[].condition.description |
string |
Optional description of the condition. For example, "Expires at midnight on 2018-12-31" .
|
optional |
bindings[].condition.expression |
string |
Attribute-based logic expression using a subset of the Common Expression Language (CEL). For example, "request.time < timestamp('2019-01-01T00:00:00Z')" .
|
|
etag |
bytes |
HTTP 1.1 Entity tag for the policy. | writable |
Response
If successful, this method returns a response body with the following structure:
{ "version": int, "kind": "storage#policy", "resourceId": string, "bindings": [ { "role": string, "members": [ string ] "condition": { "title": string, "description": string, "expression": RFC 3339 format string } } ], "etag": bytes }
Property name | Value | Description | Notes |
---|---|---|---|
version |
int |
The Cloud IAM policy version. | |
kind |
string |
The kind of item this is. For policies, this field is ignored in a request and is
storage#policy in a response. |
|
resourceId |
string |
The ID of the resource to which this policy belongs. The response for this field is of
the form projects/_/buckets/bucket . This field is ignored in a
request. |
|
bindings[] |
list |
An association between a role, which comes with a set of permissions, and members who may assume that role. | |
bindings[].role |
string |
The role to which members belong. Two types of roles are supported: standard IAM roles,
which grant permissions that do not map directly to those provided by ACLs, and legacy
IAM roles, which do map directly to ACL permissions. All roles are of the format
roles/storage.specificRole .
See Cloud Storage IAM Roles for a list of available roles. |
|
bindings[].members[] |
list |
A collection of identifiers for members who may assume the provided role. Recognized identifiers are as follows:
|
|
bindings[].condition |
object |
A condition object associated with this binding. Each role binding can only contain one condition. |
optional |
bindings[].condition.title |
string |
Title of the condition. For example, "expires_end_of_2018" .
|
|
bindings[].condition.description |
string |
Optional description of the condition. For example, "Expires at midnight on 2018-12-31" .
|
optional |
bindings[].condition.expression |
string |
Attribute-based logic expression using a subset of the Common Expression Language (CEL). For example, "request.time < timestamp('2019-01-01T00:00:00Z')" .
|
|
etag |
bytes |
HTTP 1.1 Entity tag for the policy. | writable |
Try it!
Use the APIs Explorer below to call this method on live data and see the response.