| <html><body> |
| <style> |
| |
| body, h1, h2, h3, div, span, p, pre, a { |
| margin: 0; |
| padding: 0; |
| border: 0; |
| font-weight: inherit; |
| font-style: inherit; |
| font-size: 100%; |
| font-family: inherit; |
| vertical-align: baseline; |
| } |
| |
| body { |
| font-size: 13px; |
| padding: 1em; |
| } |
| |
| h1 { |
| font-size: 26px; |
| margin-bottom: 1em; |
| } |
| |
| h2 { |
| font-size: 24px; |
| margin-bottom: 1em; |
| } |
| |
| h3 { |
| font-size: 20px; |
| margin-bottom: 1em; |
| margin-top: 1em; |
| } |
| |
| pre, code { |
| line-height: 1.5; |
| font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace; |
| } |
| |
| pre { |
| margin-top: 0.5em; |
| } |
| |
| h1, h2, h3, p { |
| font-family: Arial, sans serif; |
| } |
| |
| h1, h2, h3 { |
| border-bottom: solid #CCC 1px; |
| } |
| |
| .toc_element { |
| margin-top: 0.5em; |
| } |
| |
| .firstline { |
| margin-left: 2 em; |
| } |
| |
| .method { |
| margin-top: 1em; |
| border: solid 1px #CCC; |
| padding: 1em; |
| background: #EEE; |
| } |
| |
| .details { |
| font-weight: bold; |
| font-size: 14px; |
| } |
| |
| </style> |
| |
| <h1><a href="iam_v1.html">Identity and Access Management (IAM) API</a> . <a href="iam_v1.organizations.html">organizations</a> . <a href="iam_v1.organizations.roles.html">roles</a></h1> |
| <h2>Instance Methods</h2> |
| <p class="toc_element"> |
| <code><a href="#create">create(parent, body=None, x__xgafv=None)</a></code></p> |
| <p class="firstline">Creates a new custom Role.</p> |
| <p class="toc_element"> |
| <code><a href="#delete">delete(name, etag=None, x__xgafv=None)</a></code></p> |
| <p class="firstline">Deletes a custom Role.</p> |
| <p class="toc_element"> |
| <code><a href="#get">get(name, x__xgafv=None)</a></code></p> |
| <p class="firstline">Gets the definition of a Role.</p> |
| <p class="toc_element"> |
| <code><a href="#list">list(parent, pageSize=None, view=None, pageToken=None, showDeleted=None, x__xgafv=None)</a></code></p> |
| <p class="firstline">Lists every predefined Role that IAM supports, or every custom role</p> |
| <p class="toc_element"> |
| <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p> |
| <p class="firstline">Retrieves the next page of results.</p> |
| <p class="toc_element"> |
| <code><a href="#patch">patch(name, body=None, updateMask=None, x__xgafv=None)</a></code></p> |
| <p class="firstline">Updates the definition of a custom Role.</p> |
| <p class="toc_element"> |
| <code><a href="#undelete">undelete(name, body=None, x__xgafv=None)</a></code></p> |
| <p class="firstline">Undeletes a custom Role.</p> |
| <h3>Method Details</h3> |
| <div class="method"> |
| <code class="details" id="create">create(parent, body=None, x__xgafv=None)</code> |
| <pre>Creates a new custom Role. |
| |
| Args: |
| parent: string, The `parent` parameter's value depends on the target resource for the |
| request, namely |
| [`projects`](/iam/reference/rest/v1/projects.roles) or |
| [`organizations`](/iam/reference/rest/v1/organizations.roles). Each |
| resource type's `parent` value format is described below: |
| |
| * [`projects.roles.create()`](/iam/reference/rest/v1/projects.roles/create): |
| `projects/{PROJECT_ID}`. This method creates project-level |
| [custom roles](/iam/docs/understanding-custom-roles). |
| Example request URL: |
| `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles` |
| |
| * [`organizations.roles.create()`](/iam/reference/rest/v1/organizations.roles/create): |
| `organizations/{ORGANIZATION_ID}`. This method creates organization-level |
| [custom roles](/iam/docs/understanding-custom-roles). Example request |
| URL: |
| `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles` |
| |
| Note: Wildcard (*) values are invalid; you must specify a complete project |
| ID or organization ID. (required) |
| body: object, The request body. |
| The object takes the form of: |
| |
| { # The request to create a new role. |
| "role": { # A role in the Identity and Access Management API. # The Role resource to create. |
| "name": "A String", # The name of the role. |
| # |
| # When Role is used in CreateRole, the role name must not be set. |
| # |
| # When Role is used in output and other input such as UpdateRole, the role |
| # name is the complete path, e.g., roles/logging.viewer for predefined roles |
| # and organizations/{ORGANIZATION_ID}/roles/logging.viewer for custom roles. |
| "deleted": True or False, # The current deleted state of the role. This field is read only. |
| # It will be ignored in calls to CreateRole and UpdateRole. |
| "title": "A String", # Optional. A human-readable title for the role. Typically this |
| # is limited to 100 UTF-8 bytes. |
| "description": "A String", # Optional. A human-readable description for the role. |
| "etag": "A String", # Used to perform a consistent read-modify-write. |
| "includedPermissions": [ # The names of the permissions this role grants when bound in an IAM policy. |
| "A String", |
| ], |
| "stage": "A String", # The current launch stage of the role. If the `ALPHA` launch stage has been |
| # selected for a role, the `stage` field will not be included in the |
| # returned definition for the role. |
| }, |
| "roleId": "A String", # The role ID to use for this role. |
| # |
| # A role ID may contain alphanumeric characters, underscores (`_`), and |
| # periods (`.`). It must contain a minimum of 3 characters and a maximum of |
| # 64 characters. |
| } |
| |
| x__xgafv: string, V1 error format. |
| Allowed values |
| 1 - v1 error format |
| 2 - v2 error format |
| |
| Returns: |
| An object of the form: |
| |
| { # A role in the Identity and Access Management API. |
| "name": "A String", # The name of the role. |
| # |
| # When Role is used in CreateRole, the role name must not be set. |
| # |
| # When Role is used in output and other input such as UpdateRole, the role |
| # name is the complete path, e.g., roles/logging.viewer for predefined roles |
| # and organizations/{ORGANIZATION_ID}/roles/logging.viewer for custom roles. |
| "deleted": True or False, # The current deleted state of the role. This field is read only. |
| # It will be ignored in calls to CreateRole and UpdateRole. |
| "title": "A String", # Optional. A human-readable title for the role. Typically this |
| # is limited to 100 UTF-8 bytes. |
| "description": "A String", # Optional. A human-readable description for the role. |
| "etag": "A String", # Used to perform a consistent read-modify-write. |
| "includedPermissions": [ # The names of the permissions this role grants when bound in an IAM policy. |
| "A String", |
| ], |
| "stage": "A String", # The current launch stage of the role. If the `ALPHA` launch stage has been |
| # selected for a role, the `stage` field will not be included in the |
| # returned definition for the role. |
| }</pre> |
| </div> |
| |
| <div class="method"> |
| <code class="details" id="delete">delete(name, etag=None, x__xgafv=None)</code> |
| <pre>Deletes a custom Role. |
| |
| When you delete a custom role, the following changes occur immediately: |
| |
| * You cannot bind a member to the custom role in an IAM |
| Policy. |
| * Existing bindings to the custom role are not changed, but they have no |
| effect. |
| * By default, the response from ListRoles does not include the custom |
| role. |
| |
| You have 7 days to undelete the custom role. After 7 days, the following |
| changes occur: |
| |
| * The custom role is permanently deleted and cannot be recovered. |
| * If an IAM policy contains a binding to the custom role, the binding is |
| permanently removed. |
| |
| Args: |
| name: string, The `name` parameter's value depends on the target resource for the |
| request, namely |
| [`projects`](/iam/reference/rest/v1/projects.roles) or |
| [`organizations`](/iam/reference/rest/v1/organizations.roles). Each |
| resource type's `name` value format is described below: |
| |
| * [`projects.roles.delete()`](/iam/reference/rest/v1/projects.roles/delete): |
| `projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method deletes only |
| [custom roles](/iam/docs/understanding-custom-roles) that have been |
| created at the project level. Example request URL: |
| `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}` |
| |
| * [`organizations.roles.delete()`](/iam/reference/rest/v1/organizations.roles/delete): |
| `organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This method |
| deletes only [custom roles](/iam/docs/understanding-custom-roles) that |
| have been created at the organization level. Example request URL: |
| `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}` |
| |
| Note: Wildcard (*) values are invalid; you must specify a complete project |
| ID or organization ID. (required) |
| etag: string, Used to perform a consistent read-modify-write. |
| x__xgafv: string, V1 error format. |
| Allowed values |
| 1 - v1 error format |
| 2 - v2 error format |
| |
| Returns: |
| An object of the form: |
| |
| { # A role in the Identity and Access Management API. |
| "name": "A String", # The name of the role. |
| # |
| # When Role is used in CreateRole, the role name must not be set. |
| # |
| # When Role is used in output and other input such as UpdateRole, the role |
| # name is the complete path, e.g., roles/logging.viewer for predefined roles |
| # and organizations/{ORGANIZATION_ID}/roles/logging.viewer for custom roles. |
| "deleted": True or False, # The current deleted state of the role. This field is read only. |
| # It will be ignored in calls to CreateRole and UpdateRole. |
| "title": "A String", # Optional. A human-readable title for the role. Typically this |
| # is limited to 100 UTF-8 bytes. |
| "description": "A String", # Optional. A human-readable description for the role. |
| "etag": "A String", # Used to perform a consistent read-modify-write. |
| "includedPermissions": [ # The names of the permissions this role grants when bound in an IAM policy. |
| "A String", |
| ], |
| "stage": "A String", # The current launch stage of the role. If the `ALPHA` launch stage has been |
| # selected for a role, the `stage` field will not be included in the |
| # returned definition for the role. |
| }</pre> |
| </div> |
| |
| <div class="method"> |
| <code class="details" id="get">get(name, x__xgafv=None)</code> |
| <pre>Gets the definition of a Role. |
| |
| Args: |
| name: string, The `name` parameter's value depends on the target resource for the |
| request, namely |
| [`roles`](/iam/reference/rest/v1/roles), |
| [`projects`](/iam/reference/rest/v1/projects.roles), or |
| [`organizations`](/iam/reference/rest/v1/organizations.roles). Each |
| resource type's `name` value format is described below: |
| |
| * [`roles.get()`](/iam/reference/rest/v1/roles/get): `roles/{ROLE_NAME}`. |
| This method returns results from all |
| [predefined roles](/iam/docs/understanding-roles#predefined_roles) in |
| Cloud IAM. Example request URL: |
| `https://iam.googleapis.com/v1/roles/{ROLE_NAME}` |
| |
| * [`projects.roles.get()`](/iam/reference/rest/v1/projects.roles/get): |
| `projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method returns only |
| [custom roles](/iam/docs/understanding-custom-roles) that have been |
| created at the project level. Example request URL: |
| `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}` |
| |
| * [`organizations.roles.get()`](/iam/reference/rest/v1/organizations.roles/get): |
| `organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This method |
| returns only [custom roles](/iam/docs/understanding-custom-roles) that |
| have been created at the organization level. Example request URL: |
| `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}` |
| |
| Note: Wildcard (*) values are invalid; you must specify a complete project |
| ID or organization ID. (required) |
| x__xgafv: string, V1 error format. |
| Allowed values |
| 1 - v1 error format |
| 2 - v2 error format |
| |
| Returns: |
| An object of the form: |
| |
| { # A role in the Identity and Access Management API. |
| "name": "A String", # The name of the role. |
| # |
| # When Role is used in CreateRole, the role name must not be set. |
| # |
| # When Role is used in output and other input such as UpdateRole, the role |
| # name is the complete path, e.g., roles/logging.viewer for predefined roles |
| # and organizations/{ORGANIZATION_ID}/roles/logging.viewer for custom roles. |
| "deleted": True or False, # The current deleted state of the role. This field is read only. |
| # It will be ignored in calls to CreateRole and UpdateRole. |
| "title": "A String", # Optional. A human-readable title for the role. Typically this |
| # is limited to 100 UTF-8 bytes. |
| "description": "A String", # Optional. A human-readable description for the role. |
| "etag": "A String", # Used to perform a consistent read-modify-write. |
| "includedPermissions": [ # The names of the permissions this role grants when bound in an IAM policy. |
| "A String", |
| ], |
| "stage": "A String", # The current launch stage of the role. If the `ALPHA` launch stage has been |
| # selected for a role, the `stage` field will not be included in the |
| # returned definition for the role. |
| }</pre> |
| </div> |
| |
| <div class="method"> |
| <code class="details" id="list">list(parent, pageSize=None, view=None, pageToken=None, showDeleted=None, x__xgafv=None)</code> |
| <pre>Lists every predefined Role that IAM supports, or every custom role |
| that is defined for an organization or project. |
| |
| Args: |
| parent: string, The `parent` parameter's value depends on the target resource for the |
| request, namely |
| [`roles`](/iam/reference/rest/v1/roles), |
| [`projects`](/iam/reference/rest/v1/projects.roles), or |
| [`organizations`](/iam/reference/rest/v1/organizations.roles). Each |
| resource type's `parent` value format is described below: |
| |
| * [`roles.list()`](/iam/reference/rest/v1/roles/list): An empty string. |
| This method doesn't require a resource; it simply returns all |
| [predefined roles](/iam/docs/understanding-roles#predefined_roles) in |
| Cloud IAM. Example request URL: |
| `https://iam.googleapis.com/v1/roles` |
| |
| * [`projects.roles.list()`](/iam/reference/rest/v1/projects.roles/list): |
| `projects/{PROJECT_ID}`. This method lists all project-level |
| [custom roles](/iam/docs/understanding-custom-roles). |
| Example request URL: |
| `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles` |
| |
| * [`organizations.roles.list()`](/iam/reference/rest/v1/organizations.roles/list): |
| `organizations/{ORGANIZATION_ID}`. This method lists all |
| organization-level [custom roles](/iam/docs/understanding-custom-roles). |
| Example request URL: |
| `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles` |
| |
| Note: Wildcard (*) values are invalid; you must specify a complete project |
| ID or organization ID. (required) |
| pageSize: integer, Optional limit on the number of roles to include in the response. |
| |
| The default is 300, and the maximum is 1,000. |
| view: string, Optional view for the returned Role objects. When `FULL` is specified, |
| the `includedPermissions` field is returned, which includes a list of all |
| permissions in the role. The default value is `BASIC`, which does not |
| return the `includedPermissions` field. |
| pageToken: string, Optional pagination token returned in an earlier ListRolesResponse. |
| showDeleted: boolean, Include Roles that have been deleted. |
| x__xgafv: string, V1 error format. |
| Allowed values |
| 1 - v1 error format |
| 2 - v2 error format |
| |
| Returns: |
| An object of the form: |
| |
| { # The response containing the roles defined under a resource. |
| "nextPageToken": "A String", # To retrieve the next page of results, set |
| # `ListRolesRequest.page_token` to this value. |
| "roles": [ # The Roles defined on this resource. |
| { # A role in the Identity and Access Management API. |
| "name": "A String", # The name of the role. |
| # |
| # When Role is used in CreateRole, the role name must not be set. |
| # |
| # When Role is used in output and other input such as UpdateRole, the role |
| # name is the complete path, e.g., roles/logging.viewer for predefined roles |
| # and organizations/{ORGANIZATION_ID}/roles/logging.viewer for custom roles. |
| "deleted": True or False, # The current deleted state of the role. This field is read only. |
| # It will be ignored in calls to CreateRole and UpdateRole. |
| "title": "A String", # Optional. A human-readable title for the role. Typically this |
| # is limited to 100 UTF-8 bytes. |
| "description": "A String", # Optional. A human-readable description for the role. |
| "etag": "A String", # Used to perform a consistent read-modify-write. |
| "includedPermissions": [ # The names of the permissions this role grants when bound in an IAM policy. |
| "A String", |
| ], |
| "stage": "A String", # The current launch stage of the role. If the `ALPHA` launch stage has been |
| # selected for a role, the `stage` field will not be included in the |
| # returned definition for the role. |
| }, |
| ], |
| }</pre> |
| </div> |
| |
| <div class="method"> |
| <code class="details" id="list_next">list_next(previous_request, previous_response)</code> |
| <pre>Retrieves the next page of results. |
| |
| Args: |
| previous_request: The request for the previous page. (required) |
| previous_response: The response from the request for the previous page. (required) |
| |
| Returns: |
| A request object that you can call 'execute()' on to request the next |
| page. Returns None if there are no more items in the collection. |
| </pre> |
| </div> |
| |
| <div class="method"> |
| <code class="details" id="patch">patch(name, body=None, updateMask=None, x__xgafv=None)</code> |
| <pre>Updates the definition of a custom Role. |
| |
| Args: |
| name: string, The `name` parameter's value depends on the target resource for the |
| request, namely |
| [`projects`](/iam/reference/rest/v1/projects.roles) or |
| [`organizations`](/iam/reference/rest/v1/organizations.roles). Each |
| resource type's `name` value format is described below: |
| |
| * [`projects.roles.patch()`](/iam/reference/rest/v1/projects.roles/patch): |
| `projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method updates only |
| [custom roles](/iam/docs/understanding-custom-roles) that have been |
| created at the project level. Example request URL: |
| `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}` |
| |
| * [`organizations.roles.patch()`](/iam/reference/rest/v1/organizations.roles/patch): |
| `organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This method |
| updates only [custom roles](/iam/docs/understanding-custom-roles) that |
| have been created at the organization level. Example request URL: |
| `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}` |
| |
| Note: Wildcard (*) values are invalid; you must specify a complete project |
| ID or organization ID. (required) |
| body: object, The request body. |
| The object takes the form of: |
| |
| { # A role in the Identity and Access Management API. |
| "name": "A String", # The name of the role. |
| # |
| # When Role is used in CreateRole, the role name must not be set. |
| # |
| # When Role is used in output and other input such as UpdateRole, the role |
| # name is the complete path, e.g., roles/logging.viewer for predefined roles |
| # and organizations/{ORGANIZATION_ID}/roles/logging.viewer for custom roles. |
| "deleted": True or False, # The current deleted state of the role. This field is read only. |
| # It will be ignored in calls to CreateRole and UpdateRole. |
| "title": "A String", # Optional. A human-readable title for the role. Typically this |
| # is limited to 100 UTF-8 bytes. |
| "description": "A String", # Optional. A human-readable description for the role. |
| "etag": "A String", # Used to perform a consistent read-modify-write. |
| "includedPermissions": [ # The names of the permissions this role grants when bound in an IAM policy. |
| "A String", |
| ], |
| "stage": "A String", # The current launch stage of the role. If the `ALPHA` launch stage has been |
| # selected for a role, the `stage` field will not be included in the |
| # returned definition for the role. |
| } |
| |
| updateMask: string, A mask describing which fields in the Role have changed. |
| x__xgafv: string, V1 error format. |
| Allowed values |
| 1 - v1 error format |
| 2 - v2 error format |
| |
| Returns: |
| An object of the form: |
| |
| { # A role in the Identity and Access Management API. |
| "name": "A String", # The name of the role. |
| # |
| # When Role is used in CreateRole, the role name must not be set. |
| # |
| # When Role is used in output and other input such as UpdateRole, the role |
| # name is the complete path, e.g., roles/logging.viewer for predefined roles |
| # and organizations/{ORGANIZATION_ID}/roles/logging.viewer for custom roles. |
| "deleted": True or False, # The current deleted state of the role. This field is read only. |
| # It will be ignored in calls to CreateRole and UpdateRole. |
| "title": "A String", # Optional. A human-readable title for the role. Typically this |
| # is limited to 100 UTF-8 bytes. |
| "description": "A String", # Optional. A human-readable description for the role. |
| "etag": "A String", # Used to perform a consistent read-modify-write. |
| "includedPermissions": [ # The names of the permissions this role grants when bound in an IAM policy. |
| "A String", |
| ], |
| "stage": "A String", # The current launch stage of the role. If the `ALPHA` launch stage has been |
| # selected for a role, the `stage` field will not be included in the |
| # returned definition for the role. |
| }</pre> |
| </div> |
| |
| <div class="method"> |
| <code class="details" id="undelete">undelete(name, body=None, x__xgafv=None)</code> |
| <pre>Undeletes a custom Role. |
| |
| Args: |
| name: string, The `name` parameter's value depends on the target resource for the |
| request, namely |
| [`projects`](/iam/reference/rest/v1/projects.roles) or |
| [`organizations`](/iam/reference/rest/v1/organizations.roles). Each |
| resource type's `name` value format is described below: |
| |
| * [`projects.roles.undelete()`](/iam/reference/rest/v1/projects.roles/undelete): |
| `projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method undeletes |
| only [custom roles](/iam/docs/understanding-custom-roles) that have been |
| created at the project level. Example request URL: |
| `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}` |
| |
| * [`organizations.roles.undelete()`](/iam/reference/rest/v1/organizations.roles/undelete): |
| `organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This method |
| undeletes only [custom roles](/iam/docs/understanding-custom-roles) that |
| have been created at the organization level. Example request URL: |
| `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}` |
| |
| Note: Wildcard (*) values are invalid; you must specify a complete project |
| ID or organization ID. (required) |
| body: object, The request body. |
| The object takes the form of: |
| |
| { # The request to undelete an existing role. |
| "etag": "A String", # Used to perform a consistent read-modify-write. |
| } |
| |
| x__xgafv: string, V1 error format. |
| Allowed values |
| 1 - v1 error format |
| 2 - v2 error format |
| |
| Returns: |
| An object of the form: |
| |
| { # A role in the Identity and Access Management API. |
| "name": "A String", # The name of the role. |
| # |
| # When Role is used in CreateRole, the role name must not be set. |
| # |
| # When Role is used in output and other input such as UpdateRole, the role |
| # name is the complete path, e.g., roles/logging.viewer for predefined roles |
| # and organizations/{ORGANIZATION_ID}/roles/logging.viewer for custom roles. |
| "deleted": True or False, # The current deleted state of the role. This field is read only. |
| # It will be ignored in calls to CreateRole and UpdateRole. |
| "title": "A String", # Optional. A human-readable title for the role. Typically this |
| # is limited to 100 UTF-8 bytes. |
| "description": "A String", # Optional. A human-readable description for the role. |
| "etag": "A String", # Used to perform a consistent read-modify-write. |
| "includedPermissions": [ # The names of the permissions this role grants when bound in an IAM policy. |
| "A String", |
| ], |
| "stage": "A String", # The current launch stage of the role. If the `ALPHA` launch stage has been |
| # selected for a role, the `stage` field will not be included in the |
| # returned definition for the role. |
| }</pre> |
| </div> |
| |
| </body></html> |