Gets a Role definition.
list(parent=None, pageSize=None, showDeleted=None, pageToken=None, x__xgafv=None, view=None)
Lists the Roles defined on a resource.
list_next(previous_request=*, previous_response=*)
Retrieves the next page of results.
queryGrantableRoles(body=None, x__xgafv=None)
Queries roles that can be granted on a particular resource.
queryGrantableRoles_next(previous_request=*, previous_response=*)
Retrieves the next page of results.
get(name=None, x__xgafv=None)
Gets a Role definition. Args: name: string, The `name` parameter's value depends on the target resource for the request, namely [`roles`](/iam/reference/rest/v1/roles), [`projects`](/iam/reference/rest/v1/projects.roles), or [`organizations`](/iam/reference/rest/v1/organizations.roles). Each resource type's `name` value format is described below: * [`roles.get()`](/iam/reference/rest/v1/roles/get): `roles/{ROLE_NAME}`. This method returns results from all [predefined roles](/iam/docs/understanding-roles#predefined_roles) in Cloud IAM. Example request URL: `https://iam.googleapis.com/v1/roles/{ROLE_NAME}` * [`projects.roles.get()`](/iam/reference/rest/v1/projects.roles/get): `projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method returns only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the project level. Example request URL: `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}` * [`organizations.roles.get()`](/iam/reference/rest/v1/organizations.roles/get): `organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This method returns only [custom roles](/iam/docs/understanding-custom-roles) that have been created at the organization level. Example request URL: `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}` Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID. (required) x__xgafv: string, V1 error format. Allowed values 1 - v1 error format 2 - v2 error format Returns: An object of the form: { # A role in the Identity and Access Management API. "name": "A String", # The name of the role. # # When Role is used in CreateRole, the role name must not be set. # # When Role is used in output and other input such as UpdateRole, the role # name is the complete path, e.g., roles/logging.viewer for predefined roles # and organizations/{ORGANIZATION_ID}/roles/logging.viewer for custom roles. "title": "A String", # Optional. A human-readable title for the role. Typically this # is limited to 100 UTF-8 bytes. "deleted": True or False, # The current deleted state of the role. This field is read only. # It will be ignored in calls to CreateRole and UpdateRole. "description": "A String", # Optional. A human-readable description for the role. "etag": "A String", # Used to perform a consistent read-modify-write. "includedPermissions": [ # The names of the permissions this role grants when bound in an IAM policy. "A String", ], "stage": "A String", # The current launch stage of the role. If the `ALPHA` launch stage has been # selected for a role, the `stage` field will not be included in the # returned definition for the role. }
list(parent=None, pageSize=None, showDeleted=None, pageToken=None, x__xgafv=None, view=None)
Lists the Roles defined on a resource. Args: parent: string, The `parent` parameter's value depends on the target resource for the request, namely [`roles`](/iam/reference/rest/v1/roles), [`projects`](/iam/reference/rest/v1/projects.roles), or [`organizations`](/iam/reference/rest/v1/organizations.roles). Each resource type's `parent` value format is described below: * [`roles.list()`](/iam/reference/rest/v1/roles/list): An empty string. This method doesn't require a resource; it simply returns all [predefined roles](/iam/docs/understanding-roles#predefined_roles) in Cloud IAM. Example request URL: `https://iam.googleapis.com/v1/roles` * [`projects.roles.list()`](/iam/reference/rest/v1/projects.roles/list): `projects/{PROJECT_ID}`. This method lists all project-level [custom roles](/iam/docs/understanding-custom-roles). Example request URL: `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles` * [`organizations.roles.list()`](/iam/reference/rest/v1/organizations.roles/list): `organizations/{ORGANIZATION_ID}`. This method lists all organization-level [custom roles](/iam/docs/understanding-custom-roles). Example request URL: `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles` Note: Wildcard (*) values are invalid; you must specify a complete project ID or organization ID. pageSize: integer, Optional limit on the number of roles to include in the response. showDeleted: boolean, Include Roles that have been deleted. pageToken: string, Optional pagination token returned in an earlier ListRolesResponse. x__xgafv: string, V1 error format. Allowed values 1 - v1 error format 2 - v2 error format view: string, Optional view for the returned Role objects. When `FULL` is specified, the `includedPermissions` field is returned, which includes a list of all permissions in the role. The default value is `BASIC`, which does not return the `includedPermissions` field. Returns: An object of the form: { # The response containing the roles defined under a resource. "nextPageToken": "A String", # To retrieve the next page of results, set # `ListRolesRequest.page_token` to this value. "roles": [ # The Roles defined on this resource. { # A role in the Identity and Access Management API. "name": "A String", # The name of the role. # # When Role is used in CreateRole, the role name must not be set. # # When Role is used in output and other input such as UpdateRole, the role # name is the complete path, e.g., roles/logging.viewer for predefined roles # and organizations/{ORGANIZATION_ID}/roles/logging.viewer for custom roles. "title": "A String", # Optional. A human-readable title for the role. Typically this # is limited to 100 UTF-8 bytes. "deleted": True or False, # The current deleted state of the role. This field is read only. # It will be ignored in calls to CreateRole and UpdateRole. "description": "A String", # Optional. A human-readable description for the role. "etag": "A String", # Used to perform a consistent read-modify-write. "includedPermissions": [ # The names of the permissions this role grants when bound in an IAM policy. "A String", ], "stage": "A String", # The current launch stage of the role. If the `ALPHA` launch stage has been # selected for a role, the `stage` field will not be included in the # returned definition for the role. }, ], }
list_next(previous_request=*, previous_response=*)
Retrieves the next page of results. Args: previous_request: The request for the previous page. (required) previous_response: The response from the request for the previous page. (required) Returns: A request object that you can call 'execute()' on to request the next page. Returns None if there are no more items in the collection.
queryGrantableRoles(body=None, x__xgafv=None)
Queries roles that can be granted on a particular resource. A role is grantable if it can be used as the role in a binding for a policy for that resource. Args: body: object, The request body. The object takes the form of: { # The grantable role query request. "pageToken": "A String", # Optional pagination token returned in an earlier # QueryGrantableRolesResponse. "fullResourceName": "A String", # Required. The full resource name to query from the list of grantable roles. # # The name follows the Google Cloud Platform resource format. # For example, a Cloud Platform project with id `my-project` will be named # `//cloudresourcemanager.googleapis.com/projects/my-project`. "pageSize": 42, # Optional limit on the number of roles to include in the response. "view": "A String", } x__xgafv: string, V1 error format. Allowed values 1 - v1 error format 2 - v2 error format Returns: An object of the form: { # The grantable role query response. "nextPageToken": "A String", # To retrieve the next page of results, set # `QueryGrantableRolesRequest.page_token` to this value. "roles": [ # The list of matching roles. { # A role in the Identity and Access Management API. "name": "A String", # The name of the role. # # When Role is used in CreateRole, the role name must not be set. # # When Role is used in output and other input such as UpdateRole, the role # name is the complete path, e.g., roles/logging.viewer for predefined roles # and organizations/{ORGANIZATION_ID}/roles/logging.viewer for custom roles. "title": "A String", # Optional. A human-readable title for the role. Typically this # is limited to 100 UTF-8 bytes. "deleted": True or False, # The current deleted state of the role. This field is read only. # It will be ignored in calls to CreateRole and UpdateRole. "description": "A String", # Optional. A human-readable description for the role. "etag": "A String", # Used to perform a consistent read-modify-write. "includedPermissions": [ # The names of the permissions this role grants when bound in an IAM policy. "A String", ], "stage": "A String", # The current launch stage of the role. If the `ALPHA` launch stage has been # selected for a role, the `stage` field will not be included in the # returned definition for the role. }, ], }
queryGrantableRoles_next(previous_request=*, previous_response=*)
Retrieves the next page of results. Args: previous_request: The request for the previous page. (required) previous_response: The response from the request for the previous page. (required) Returns: A request object that you can call 'execute()' on to request the next page. Returns None if there are no more items in the collection.