create(parent=None, body=None, x__xgafv=None)
Creates a new Role.
delete(name=None, etag=None, x__xgafv=None)
Soft deletes a role. The role is suspended and cannot be used to create new
Gets a Role definition.
list(parent=None, pageSize=None, showDeleted=None, pageToken=None, x__xgafv=None, view=None)
Lists the Roles defined on a resource.
list_next(previous_request=*, previous_response=*)
Retrieves the next page of results.
patch(name=None, body=None, updateMask=None, x__xgafv=None)
Updates a Role definition.
undelete(name=None, body=None, x__xgafv=None)
Undelete a Role, bringing it back in its previous state.
create(parent=None, body=None, x__xgafv=None)
Creates a new Role.
Args:
parent: string, The `parent` parameter's value depends on the target resource for the
request, namely
[`projects`](/iam/reference/rest/v1/projects.roles) or
[`organizations`](/iam/reference/rest/v1/organizations.roles). Each
resource type's `parent` value format is described below:
* [`projects.roles.create()`](/iam/reference/rest/v1/projects.roles/create):
`projects/{PROJECT_ID}`. This method creates project-level
[custom roles](/iam/docs/understanding-custom-roles).
Example request URL:
`https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles`
* [`organizations.roles.create()`](/iam/reference/rest/v1/organizations.roles/create):
`organizations/{ORGANIZATION_ID}`. This method creates organization-level
[custom roles](/iam/docs/understanding-custom-roles). Example request
URL:
`https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles`
Note: Wildcard (*) values are invalid; you must specify a complete project
ID or organization ID. (required)
body: object, The request body.
The object takes the form of:
{ # The request to create a new role.
"roleId": "A String", # The role ID to use for this role.
"role": { # A role in the Identity and Access Management API. # The Role resource to create.
"name": "A String", # The name of the role.
#
# When Role is used in CreateRole, the role name must not be set.
#
# When Role is used in output and other input such as UpdateRole, the role
# name is the complete path, e.g., roles/logging.viewer for predefined roles
# and organizations/{ORGANIZATION_ID}/roles/logging.viewer for custom roles.
"title": "A String", # Optional. A human-readable title for the role. Typically this
# is limited to 100 UTF-8 bytes.
"deleted": True or False, # The current deleted state of the role. This field is read only.
# It will be ignored in calls to CreateRole and UpdateRole.
"description": "A String", # Optional. A human-readable description for the role.
"etag": "A String", # Used to perform a consistent read-modify-write.
"includedPermissions": [ # The names of the permissions this role grants when bound in an IAM policy.
"A String",
],
"stage": "A String", # The current launch stage of the role. If the `ALPHA` launch stage has been
# selected for a role, the `stage` field will not be included in the
# returned definition for the role.
},
}
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
Returns:
An object of the form:
{ # A role in the Identity and Access Management API.
"name": "A String", # The name of the role.
#
# When Role is used in CreateRole, the role name must not be set.
#
# When Role is used in output and other input such as UpdateRole, the role
# name is the complete path, e.g., roles/logging.viewer for predefined roles
# and organizations/{ORGANIZATION_ID}/roles/logging.viewer for custom roles.
"title": "A String", # Optional. A human-readable title for the role. Typically this
# is limited to 100 UTF-8 bytes.
"deleted": True or False, # The current deleted state of the role. This field is read only.
# It will be ignored in calls to CreateRole and UpdateRole.
"description": "A String", # Optional. A human-readable description for the role.
"etag": "A String", # Used to perform a consistent read-modify-write.
"includedPermissions": [ # The names of the permissions this role grants when bound in an IAM policy.
"A String",
],
"stage": "A String", # The current launch stage of the role. If the `ALPHA` launch stage has been
# selected for a role, the `stage` field will not be included in the
# returned definition for the role.
}
delete(name=None, etag=None, x__xgafv=None)
Soft deletes a role. The role is suspended and cannot be used to create new
IAM Policy Bindings.
The Role will not be included in `ListRoles()` unless `show_deleted` is set
in the `ListRolesRequest`. The Role contains the deleted boolean set.
Existing Bindings remains, but are inactive. The Role can be undeleted
within 7 days. After 7 days the Role is deleted and all Bindings associated
with the role are removed.
Args:
name: string, The `name` parameter's value depends on the target resource for the
request, namely
[`projects`](/iam/reference/rest/v1/projects.roles) or
[`organizations`](/iam/reference/rest/v1/organizations.roles). Each
resource type's `name` value format is described below:
* [`projects.roles.delete()`](/iam/reference/rest/v1/projects.roles/delete):
`projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method deletes only
[custom roles](/iam/docs/understanding-custom-roles) that have been
created at the project level. Example request URL:
`https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`
* [`organizations.roles.delete()`](/iam/reference/rest/v1/organizations.roles/delete):
`organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This method
deletes only [custom roles](/iam/docs/understanding-custom-roles) that
have been created at the organization level. Example request URL:
`https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`
Note: Wildcard (*) values are invalid; you must specify a complete project
ID or organization ID. (required)
etag: string, Used to perform a consistent read-modify-write.
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
Returns:
An object of the form:
{ # A role in the Identity and Access Management API.
"name": "A String", # The name of the role.
#
# When Role is used in CreateRole, the role name must not be set.
#
# When Role is used in output and other input such as UpdateRole, the role
# name is the complete path, e.g., roles/logging.viewer for predefined roles
# and organizations/{ORGANIZATION_ID}/roles/logging.viewer for custom roles.
"title": "A String", # Optional. A human-readable title for the role. Typically this
# is limited to 100 UTF-8 bytes.
"deleted": True or False, # The current deleted state of the role. This field is read only.
# It will be ignored in calls to CreateRole and UpdateRole.
"description": "A String", # Optional. A human-readable description for the role.
"etag": "A String", # Used to perform a consistent read-modify-write.
"includedPermissions": [ # The names of the permissions this role grants when bound in an IAM policy.
"A String",
],
"stage": "A String", # The current launch stage of the role. If the `ALPHA` launch stage has been
# selected for a role, the `stage` field will not be included in the
# returned definition for the role.
}
get(name=None, x__xgafv=None)
Gets a Role definition.
Args:
name: string, The `name` parameter's value depends on the target resource for the
request, namely
[`roles`](/iam/reference/rest/v1/roles),
[`projects`](/iam/reference/rest/v1/projects.roles), or
[`organizations`](/iam/reference/rest/v1/organizations.roles). Each
resource type's `name` value format is described below:
* [`roles.get()`](/iam/reference/rest/v1/roles/get): `roles/{ROLE_NAME}`.
This method returns results from all
[predefined roles](/iam/docs/understanding-roles#predefined_roles) in
Cloud IAM. Example request URL:
`https://iam.googleapis.com/v1/roles/{ROLE_NAME}`
* [`projects.roles.get()`](/iam/reference/rest/v1/projects.roles/get):
`projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method returns only
[custom roles](/iam/docs/understanding-custom-roles) that have been
created at the project level. Example request URL:
`https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`
* [`organizations.roles.get()`](/iam/reference/rest/v1/organizations.roles/get):
`organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This method
returns only [custom roles](/iam/docs/understanding-custom-roles) that
have been created at the organization level. Example request URL:
`https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`
Note: Wildcard (*) values are invalid; you must specify a complete project
ID or organization ID. (required)
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
Returns:
An object of the form:
{ # A role in the Identity and Access Management API.
"name": "A String", # The name of the role.
#
# When Role is used in CreateRole, the role name must not be set.
#
# When Role is used in output and other input such as UpdateRole, the role
# name is the complete path, e.g., roles/logging.viewer for predefined roles
# and organizations/{ORGANIZATION_ID}/roles/logging.viewer for custom roles.
"title": "A String", # Optional. A human-readable title for the role. Typically this
# is limited to 100 UTF-8 bytes.
"deleted": True or False, # The current deleted state of the role. This field is read only.
# It will be ignored in calls to CreateRole and UpdateRole.
"description": "A String", # Optional. A human-readable description for the role.
"etag": "A String", # Used to perform a consistent read-modify-write.
"includedPermissions": [ # The names of the permissions this role grants when bound in an IAM policy.
"A String",
],
"stage": "A String", # The current launch stage of the role. If the `ALPHA` launch stage has been
# selected for a role, the `stage` field will not be included in the
# returned definition for the role.
}
list(parent=None, pageSize=None, showDeleted=None, pageToken=None, x__xgafv=None, view=None)
Lists the Roles defined on a resource.
Args:
parent: string, The `parent` parameter's value depends on the target resource for the
request, namely
[`roles`](/iam/reference/rest/v1/roles),
[`projects`](/iam/reference/rest/v1/projects.roles), or
[`organizations`](/iam/reference/rest/v1/organizations.roles). Each
resource type's `parent` value format is described below:
* [`roles.list()`](/iam/reference/rest/v1/roles/list): An empty string.
This method doesn't require a resource; it simply returns all
[predefined roles](/iam/docs/understanding-roles#predefined_roles) in
Cloud IAM. Example request URL:
`https://iam.googleapis.com/v1/roles`
* [`projects.roles.list()`](/iam/reference/rest/v1/projects.roles/list):
`projects/{PROJECT_ID}`. This method lists all project-level
[custom roles](/iam/docs/understanding-custom-roles).
Example request URL:
`https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles`
* [`organizations.roles.list()`](/iam/reference/rest/v1/organizations.roles/list):
`organizations/{ORGANIZATION_ID}`. This method lists all
organization-level [custom roles](/iam/docs/understanding-custom-roles).
Example request URL:
`https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles`
Note: Wildcard (*) values are invalid; you must specify a complete project
ID or organization ID. (required)
pageSize: integer, Optional limit on the number of roles to include in the response.
showDeleted: boolean, Include Roles that have been deleted.
pageToken: string, Optional pagination token returned in an earlier ListRolesResponse.
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
view: string, Optional view for the returned Role objects. When `FULL` is specified,
the `includedPermissions` field is returned, which includes a list of all
permissions in the role. The default value is `BASIC`, which does not
return the `includedPermissions` field.
Returns:
An object of the form:
{ # The response containing the roles defined under a resource.
"nextPageToken": "A String", # To retrieve the next page of results, set
# `ListRolesRequest.page_token` to this value.
"roles": [ # The Roles defined on this resource.
{ # A role in the Identity and Access Management API.
"name": "A String", # The name of the role.
#
# When Role is used in CreateRole, the role name must not be set.
#
# When Role is used in output and other input such as UpdateRole, the role
# name is the complete path, e.g., roles/logging.viewer for predefined roles
# and organizations/{ORGANIZATION_ID}/roles/logging.viewer for custom roles.
"title": "A String", # Optional. A human-readable title for the role. Typically this
# is limited to 100 UTF-8 bytes.
"deleted": True or False, # The current deleted state of the role. This field is read only.
# It will be ignored in calls to CreateRole and UpdateRole.
"description": "A String", # Optional. A human-readable description for the role.
"etag": "A String", # Used to perform a consistent read-modify-write.
"includedPermissions": [ # The names of the permissions this role grants when bound in an IAM policy.
"A String",
],
"stage": "A String", # The current launch stage of the role. If the `ALPHA` launch stage has been
# selected for a role, the `stage` field will not be included in the
# returned definition for the role.
},
],
}
list_next(previous_request=*, previous_response=*)
Retrieves the next page of results.
Args:
previous_request: The request for the previous page. (required)
previous_response: The response from the request for the previous page. (required)
Returns:
A request object that you can call 'execute()' on to request the next
page. Returns None if there are no more items in the collection.
patch(name=None, body=None, updateMask=None, x__xgafv=None)
Updates a Role definition.
Args:
name: string, The `name` parameter's value depends on the target resource for the
request, namely
[`projects`](/iam/reference/rest/v1/projects.roles) or
[`organizations`](/iam/reference/rest/v1/organizations.roles). Each
resource type's `name` value format is described below:
* [`projects.roles.patch()`](/iam/reference/rest/v1/projects.roles/patch):
`projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method updates only
[custom roles](/iam/docs/understanding-custom-roles) that have been
created at the project level. Example request URL:
`https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`
* [`organizations.roles.patch()`](/iam/reference/rest/v1/organizations.roles/patch):
`organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This method
updates only [custom roles](/iam/docs/understanding-custom-roles) that
have been created at the organization level. Example request URL:
`https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`
Note: Wildcard (*) values are invalid; you must specify a complete project
ID or organization ID. (required)
body: object, The request body.
The object takes the form of:
{ # A role in the Identity and Access Management API.
"name": "A String", # The name of the role.
#
# When Role is used in CreateRole, the role name must not be set.
#
# When Role is used in output and other input such as UpdateRole, the role
# name is the complete path, e.g., roles/logging.viewer for predefined roles
# and organizations/{ORGANIZATION_ID}/roles/logging.viewer for custom roles.
"title": "A String", # Optional. A human-readable title for the role. Typically this
# is limited to 100 UTF-8 bytes.
"deleted": True or False, # The current deleted state of the role. This field is read only.
# It will be ignored in calls to CreateRole and UpdateRole.
"description": "A String", # Optional. A human-readable description for the role.
"etag": "A String", # Used to perform a consistent read-modify-write.
"includedPermissions": [ # The names of the permissions this role grants when bound in an IAM policy.
"A String",
],
"stage": "A String", # The current launch stage of the role. If the `ALPHA` launch stage has been
# selected for a role, the `stage` field will not be included in the
# returned definition for the role.
}
updateMask: string, A mask describing which fields in the Role have changed.
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
Returns:
An object of the form:
{ # A role in the Identity and Access Management API.
"name": "A String", # The name of the role.
#
# When Role is used in CreateRole, the role name must not be set.
#
# When Role is used in output and other input such as UpdateRole, the role
# name is the complete path, e.g., roles/logging.viewer for predefined roles
# and organizations/{ORGANIZATION_ID}/roles/logging.viewer for custom roles.
"title": "A String", # Optional. A human-readable title for the role. Typically this
# is limited to 100 UTF-8 bytes.
"deleted": True or False, # The current deleted state of the role. This field is read only.
# It will be ignored in calls to CreateRole and UpdateRole.
"description": "A String", # Optional. A human-readable description for the role.
"etag": "A String", # Used to perform a consistent read-modify-write.
"includedPermissions": [ # The names of the permissions this role grants when bound in an IAM policy.
"A String",
],
"stage": "A String", # The current launch stage of the role. If the `ALPHA` launch stage has been
# selected for a role, the `stage` field will not be included in the
# returned definition for the role.
}
undelete(name=None, body=None, x__xgafv=None)
Undelete a Role, bringing it back in its previous state.
Args:
name: string, The `name` parameter's value depends on the target resource for the
request, namely
[`projects`](/iam/reference/rest/v1/projects.roles) or
[`organizations`](/iam/reference/rest/v1/organizations.roles). Each
resource type's `name` value format is described below:
* [`projects.roles.undelete()`](/iam/reference/rest/v1/projects.roles/undelete):
`projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method undeletes
only [custom roles](/iam/docs/understanding-custom-roles) that have been
created at the project level. Example request URL:
`https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`
* [`organizations.roles.undelete()`](/iam/reference/rest/v1/organizations.roles/undelete):
`organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This method
undeletes only [custom roles](/iam/docs/understanding-custom-roles) that
have been created at the organization level. Example request URL:
`https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`
Note: Wildcard (*) values are invalid; you must specify a complete project
ID or organization ID. (required)
body: object, The request body.
The object takes the form of:
{ # The request to undelete an existing role.
"etag": "A String", # Used to perform a consistent read-modify-write.
}
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
Returns:
An object of the form:
{ # A role in the Identity and Access Management API.
"name": "A String", # The name of the role.
#
# When Role is used in CreateRole, the role name must not be set.
#
# When Role is used in output and other input such as UpdateRole, the role
# name is the complete path, e.g., roles/logging.viewer for predefined roles
# and organizations/{ORGANIZATION_ID}/roles/logging.viewer for custom roles.
"title": "A String", # Optional. A human-readable title for the role. Typically this
# is limited to 100 UTF-8 bytes.
"deleted": True or False, # The current deleted state of the role. This field is read only.
# It will be ignored in calls to CreateRole and UpdateRole.
"description": "A String", # Optional. A human-readable description for the role.
"etag": "A String", # Used to perform a consistent read-modify-write.
"includedPermissions": [ # The names of the permissions this role grants when bound in an IAM policy.
"A String",
],
"stage": "A String", # The current launch stage of the role. If the `ALPHA` launch stage has been
# selected for a role, the `stage` field will not be included in the
# returned definition for the role.
}