Method: iamPolicies.searchAll

HTTP request
Path parameters
Query parameters
Request body
Response body
- JSON representation
Authorization scopes
IamPolicySearchResult
- JSON representation
Explanation
- JSON representation
Permissions
- JSON representation
Try it!

Searches all the IAM policies within a given accessible Resource Manager scope (project/folder/organization). This RPC gives callers especially administrators the ability to search all the IAM policies within a scope, even if they don't have .getIamPolicy permission of all the IAM policies. Callers should have cloudasset.assets.searchAllIamPolicies permission on the requested scope, otherwise the request will be rejected.

HTTP request

GET https://cloudasset.googleapis.com/v1p1beta1/{scope=*/*}/iamPolicies:searchAll

The URL uses gRPC Transcoding syntax.

Path parameters

Parameters

Parameters
`scope`	`string` Required. The relative name of an asset. The search is limited to the resources within the `scope`. The allowed value must be: Organization number (such as "organizations/123") Folder number (such as "folders/1234") Project number (such as "projects/12345") Project ID (such as "projects/abc") Authorization requires the following IAM permission on the specified resource `scope`: `cloudasset.assets.searchAllIamPolicies`

scope

string

Required. The relative name of an asset. The search is limited to the resources within the scope. The allowed value must be:

Organization number (such as "organizations/123")
Folder number (such as "folders/1234")
Project number (such as "projects/12345")
Project ID (such as "projects/abc")

Authorization requires the following IAM permission on the specified resource scope:

cloudasset.assets.searchAllIamPolicies

Query parameters

Parameters

Parameters
`query`	`string` Optional. The query statement. Examples: "policy:myuser@mydomain.com" "policy:(myuser@mydomain.com viewer)"
`pageSize`	`integer` Optional. The page size for search result pagination. Page size is capped at 500 even if a larger value is given. If set to zero, server will pick an appropriate default. Returned results may be fewer than requested. When this happens, there could be more results as long as `nextPageToken` is returned.
`pageToken`	`string` Optional. If present, retrieve the next batch of results from the preceding call to this method. `pageToken` must be the value of `nextPageToken` from the previous response. The values of all other method parameters must be identical to those in the previous call.

query

string

Optional. The query statement. Examples:

"policy:myuser@mydomain.com"
"policy:(myuser@mydomain.com viewer)"

pageSize

integer

Optional. The page size for search result pagination. Page size is capped at 500 even if a larger value is given. If set to zero, server will pick an appropriate default. Returned results may be fewer than requested. When this happens, there could be more results as long as nextPageToken is returned.

pageToken

string

Optional. If present, retrieve the next batch of results from the preceding call to this method. pageToken must be the value of nextPageToken from the previous response. The values of all other method parameters must be identical to those in the previous call.

Request body

The request body must be empty.

Response body

Search all IAM policies response.

If successful, the response body contains data with the following structure:

JSON representation
{ "results": [ { object (`IamPolicySearchResult`) } ], "nextPageToken": string }

Fields

Fields
`results[]`	`object (IamPolicySearchResult)` A list of IAM policies that match the search query. Related information such as the associated resource is returned along with the policy.
`nextPageToken`	`string` Set if there are more results than those appearing in this response; to get the next set of results, call this method again, using this value as the `pageToken`.

results[]

object (IamPolicySearchResult)

A list of IAM policies that match the search query. Related information such as the associated resource is returned along with the policy.

nextPageToken

string

Set if there are more results than those appearing in this response; to get the next set of results, call this method again, using this value as the pageToken.

Authorization scopes

Requires the following OAuth scope:

https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

IamPolicySearchResult

The result for an IAM policy search.

JSON representation
{ "resource": string, "project": string, "policy": { object (`Policy`) }, "explanation": { object (`Explanation`) } }

Fields
`resource`	`string` The full resource name of the resource associated with this IAM policy.
`project`	`string` The project that the associated Google Cloud resource belongs to, in the form of `projects/{projectNumber}`. If an IAM policy is set on a resource -- such as a Compute Engine instance or a Cloud Storage bucket -- the project field will indicate the project that contains the resource. If an IAM policy is set on a folder or orgnization, the project field will be empty.
`policy`	`object (Policy)` The IAM policy attached to the specified resource. Note that the original IAM policy can contain multiple bindings. This only contains the bindings that match the given query. For queries that don't contain a constraint on policies (e.g. an empty query), this contains all the bindings.
`explanation`	`object (Explanation)` Explanation about the IAM policy search result. It contains additional information that explains why the search result matches the query.

Explanation

Explanation about the IAM policy search result.

JSON representation
{ "matchedPermissions": { string: { object (`Permissions`) }, ... } }

Fields

Fields
`matchedPermissions`	`map (key: string, value: object (Permissions))` The map from roles to their included permission matching the permission query (e.g. containing `policy.role.permissions:`). Example role string: "roles/compute.instanceAdmin". The roles can also be found in the returned `policy` bindings. Note that the map is populated only if requesting with a permission query. An object containing a list of `"key": value` pairs. Example: `{ "name": "wrench", "mass": "1.3kg", "count": "3" }`.

matchedPermissions

map (key: string, value: object (Permissions))

The map from roles to their included permission matching the permission query (e.g. containing policy.role.permissions:). Example role string: "roles/compute.instanceAdmin". The roles can also be found in the returned policy bindings. Note that the map is populated only if requesting with a permission query.

An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.

Permissions

IAM permissions.

JSON representation
{ "permissions": [ string ] }

Fields

Fields
`permissions[]`	`string` A list of permissions. Example permission string: "compute.disk.get".

permissions[]

string

A list of permissions. Example permission string: "compute.disk.get".