- HTTP request
- Path parameters
- Request body
- Response body
- Authorization scopes
- GetPolicyOptions
- Try it!
Gets the access control policy for a resource. An error is returned if the resource does not exist. An empty policy is returned if the resource exists but does not have a policy set on it. Caller must have the right Google IAM permission on the resource.
HTTP request
POST https://identitytoolkit.googleapis.com/admin/v2/{resource=projects/*/tenants/*}:getIamPolicy
The URL uses gRPC Transcoding syntax.
Path parameters
Parameters | |
---|---|
resource |
REQUIRED: The resource for which the policy is being requested. See Resource names for the appropriate value for this field. |
Request body
The request body contains data with the following structure:
JSON representation |
---|
{
"options": {
object ( |
Fields | |
---|---|
options |
OPTIONAL: A |
Response body
If successful, the response body contains an instance of Policy
.
Authorization scopes
Requires one of the following OAuth scopes:
https://www.googleapis.com/auth/identitytoolkit
https://www.googleapis.com/auth/firebase
https://www.googleapis.com/auth/cloud-platform
For more information, see the Authentication Overview.
GetPolicyOptions
Encapsulates settings provided to tenants.getIamPolicy.
JSON representation |
---|
{ "requestedPolicyVersion": integer } |
Fields | |
---|---|
requested |
Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the IAM documentation. |