Gets a Role definition.
list(parent=None, pageSize=None, showDeleted=None, pageToken=None, x__xgafv=None, view=None)
Lists the Roles defined on a resource.
list_next(previous_request=*, previous_response=*)
Retrieves the next page of results.
queryGrantableRoles(body=None, x__xgafv=None)
Queries roles that can be granted on a particular resource.
queryGrantableRoles_next(previous_request=*, previous_response=*)
Retrieves the next page of results.
get(name=None, x__xgafv=None)
Gets a Role definition.
Args:
name: string, The `name` parameter's value depends on the target resource for the
request, namely
[`roles`](/iam/reference/rest/v1/roles),
[`projects`](/iam/reference/rest/v1/projects.roles), or
[`organizations`](/iam/reference/rest/v1/organizations.roles). Each
resource type's `name` value format is described below:
* [`roles.get()`](/iam/reference/rest/v1/roles/get): `roles/{ROLE_NAME}`.
This method returns results from all
[predefined roles](/iam/docs/understanding-roles#predefined_roles) in
Cloud IAM. Example request URL:
`https://iam.googleapis.com/v1/roles/{ROLE_NAME}`
* [`projects.roles.get()`](/iam/reference/rest/v1/projects.roles/get):
`projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method returns only
[custom roles](/iam/docs/understanding-custom-roles) that have been
created at the project level. Example request URL:
`https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`
* [`organizations.roles.get()`](/iam/reference/rest/v1/organizations.roles/get):
`organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This method
returns only [custom roles](/iam/docs/understanding-custom-roles) that
have been created at the organization level. Example request URL:
`https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`
Note: Wildcard (*) values are invalid; you must specify a complete project
ID or organization ID. (required)
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
Returns:
An object of the form:
{ # A role in the Identity and Access Management API.
"name": "A String", # The name of the role.
#
# When Role is used in CreateRole, the role name must not be set.
#
# When Role is used in output and other input such as UpdateRole, the role
# name is the complete path, e.g., roles/logging.viewer for predefined roles
# and organizations/{ORGANIZATION_ID}/roles/logging.viewer for custom roles.
"title": "A String", # Optional. A human-readable title for the role. Typically this
# is limited to 100 UTF-8 bytes.
"deleted": True or False, # The current deleted state of the role. This field is read only.
# It will be ignored in calls to CreateRole and UpdateRole.
"description": "A String", # Optional. A human-readable description for the role.
"etag": "A String", # Used to perform a consistent read-modify-write.
"includedPermissions": [ # The names of the permissions this role grants when bound in an IAM policy.
"A String",
],
"stage": "A String", # The current launch stage of the role. If the `ALPHA` launch stage has been
# selected for a role, the `stage` field will not be included in the
# returned definition for the role.
}
list(parent=None, pageSize=None, showDeleted=None, pageToken=None, x__xgafv=None, view=None)
Lists the Roles defined on a resource.
Args:
parent: string, The `parent` parameter's value depends on the target resource for the
request, namely
[`roles`](/iam/reference/rest/v1/roles),
[`projects`](/iam/reference/rest/v1/projects.roles), or
[`organizations`](/iam/reference/rest/v1/organizations.roles). Each
resource type's `parent` value format is described below:
* [`roles.list()`](/iam/reference/rest/v1/roles/list): An empty string.
This method doesn't require a resource; it simply returns all
[predefined roles](/iam/docs/understanding-roles#predefined_roles) in
Cloud IAM. Example request URL:
`https://iam.googleapis.com/v1/roles`
* [`projects.roles.list()`](/iam/reference/rest/v1/projects.roles/list):
`projects/{PROJECT_ID}`. This method lists all project-level
[custom roles](/iam/docs/understanding-custom-roles).
Example request URL:
`https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles`
* [`organizations.roles.list()`](/iam/reference/rest/v1/organizations.roles/list):
`organizations/{ORGANIZATION_ID}`. This method lists all
organization-level [custom roles](/iam/docs/understanding-custom-roles).
Example request URL:
`https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles`
Note: Wildcard (*) values are invalid; you must specify a complete project
ID or organization ID.
pageSize: integer, Optional limit on the number of roles to include in the response.
showDeleted: boolean, Include Roles that have been deleted.
pageToken: string, Optional pagination token returned in an earlier ListRolesResponse.
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
view: string, Optional view for the returned Role objects. When `FULL` is specified,
the `includedPermissions` field is returned, which includes a list of all
permissions in the role. The default value is `BASIC`, which does not
return the `includedPermissions` field.
Returns:
An object of the form:
{ # The response containing the roles defined under a resource.
"nextPageToken": "A String", # To retrieve the next page of results, set
# `ListRolesRequest.page_token` to this value.
"roles": [ # The Roles defined on this resource.
{ # A role in the Identity and Access Management API.
"name": "A String", # The name of the role.
#
# When Role is used in CreateRole, the role name must not be set.
#
# When Role is used in output and other input such as UpdateRole, the role
# name is the complete path, e.g., roles/logging.viewer for predefined roles
# and organizations/{ORGANIZATION_ID}/roles/logging.viewer for custom roles.
"title": "A String", # Optional. A human-readable title for the role. Typically this
# is limited to 100 UTF-8 bytes.
"deleted": True or False, # The current deleted state of the role. This field is read only.
# It will be ignored in calls to CreateRole and UpdateRole.
"description": "A String", # Optional. A human-readable description for the role.
"etag": "A String", # Used to perform a consistent read-modify-write.
"includedPermissions": [ # The names of the permissions this role grants when bound in an IAM policy.
"A String",
],
"stage": "A String", # The current launch stage of the role. If the `ALPHA` launch stage has been
# selected for a role, the `stage` field will not be included in the
# returned definition for the role.
},
],
}
list_next(previous_request=*, previous_response=*)
Retrieves the next page of results.
Args:
previous_request: The request for the previous page. (required)
previous_response: The response from the request for the previous page. (required)
Returns:
A request object that you can call 'execute()' on to request the next
page. Returns None if there are no more items in the collection.
queryGrantableRoles(body=None, x__xgafv=None)
Queries roles that can be granted on a particular resource.
A role is grantable if it can be used as the role in a binding for a policy
for that resource.
Args:
body: object, The request body.
The object takes the form of:
{ # The grantable role query request.
"pageToken": "A String", # Optional pagination token returned in an earlier
# QueryGrantableRolesResponse.
"fullResourceName": "A String", # Required. The full resource name to query from the list of grantable roles.
#
# The name follows the Google Cloud Platform resource format.
# For example, a Cloud Platform project with id `my-project` will be named
# `//cloudresourcemanager.googleapis.com/projects/my-project`.
"pageSize": 42, # Optional limit on the number of roles to include in the response.
"view": "A String",
}
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
Returns:
An object of the form:
{ # The grantable role query response.
"nextPageToken": "A String", # To retrieve the next page of results, set
# `QueryGrantableRolesRequest.page_token` to this value.
"roles": [ # The list of matching roles.
{ # A role in the Identity and Access Management API.
"name": "A String", # The name of the role.
#
# When Role is used in CreateRole, the role name must not be set.
#
# When Role is used in output and other input such as UpdateRole, the role
# name is the complete path, e.g., roles/logging.viewer for predefined roles
# and organizations/{ORGANIZATION_ID}/roles/logging.viewer for custom roles.
"title": "A String", # Optional. A human-readable title for the role. Typically this
# is limited to 100 UTF-8 bytes.
"deleted": True or False, # The current deleted state of the role. This field is read only.
# It will be ignored in calls to CreateRole and UpdateRole.
"description": "A String", # Optional. A human-readable description for the role.
"etag": "A String", # Used to perform a consistent read-modify-write.
"includedPermissions": [ # The names of the permissions this role grants when bound in an IAM policy.
"A String",
],
"stage": "A String", # The current launch stage of the role. If the `ALPHA` launch stage has been
# selected for a role, the `stage` field will not be included in the
# returned definition for the role.
},
],
}
queryGrantableRoles_next(previous_request=*, previous_response=*)
Retrieves the next page of results.
Args:
previous_request: The request for the previous page. (required)
previous_response: The response from the request for the previous page. (required)
Returns:
A request object that you can call 'execute()' on to request the next
page. Returns None if there are no more items in the collection.