Query Grantable Roles

4 variables

9 variables

Queries roles that can be granted on a particular resource. A role is grantable if it can be used as the role in a binding for a policy for that resource

Authorization

To use this building block you will have to grant access to at least one of the following scopes:

View and manage your data across Google Cloud Platform services

Input

This building block consumes 4 input parameters

Name	Format	Description
`pageSize`	`INTEGER`	Optional limit on the number of roles to include in the response
`view`	`ENUMERATION`
`fullResourceName`	`STRING`	Required. The full resource name to query from the list of grantable roles. The name follows the Google Cloud Platform resource format. For example, a Cloud Platform project with id `my-project` will be named `//cloudresourcemanager.googleapis.com/projects/my-project`
`pageToken`	`STRING`	Optional pagination token returned in an earlier QueryGrantableRolesResponse

= Parameter name
= Format

pageSize INTEGER

Optional limit on the number of roles to include in the response

view ENUMERATION

fullResourceName STRING

Required. The full resource name to query from the list of grantable roles.

The name follows the Google Cloud Platform resource format. For example, a Cloud Platform project with id my-project will be named //cloudresourcemanager.googleapis.com/projects/my-project

pageToken STRING

Optional pagination token returned in an earlier QueryGrantableRolesResponse

Output

This building block provides 9 output parameters

Name	Format	Description
`roles[]`	`OBJECT`	A role in the Identity and Access Management API
`roles[].title`	`STRING`	Optional. A human-readable title for the role. Typically this is limited to 100 UTF-8 bytes
`roles[].includedPermissions[]`	`STRING`
`roles[].description`	`STRING`	Optional. A human-readable description for the role
`roles[].etag`	`BINARY`	Used to perform a consistent read-modify-write
`roles[].stage`	`ENUMERATION`	The current launch stage of the role. If the `ALPHA` launch stage has been selected for a role, the `stage` field will not be included in the returned definition for the role
`roles[].name`	`STRING`	The name of the role. When Role is used in CreateRole, the role name must not be set. When Role is used in output and other input such as UpdateRole, the role name is the complete path, e.g., roles/logging.viewer for curated roles and organizations/{ORGANIZATION_ID}/roles/logging.viewer for custom roles
`roles[].deleted`	`BOOLEAN`	The current deleted state of the role. This field is read only. It will be ignored in calls to CreateRole and UpdateRole
`nextPageToken`	`STRING`	To retrieve the next page of results, set `QueryGrantableRolesRequest.page_token` to this value

= Parameter name
= Format

roles[] OBJECT

A role in the Identity and Access Management API

roles[].title STRING

Optional. A human-readable title for the role. Typically this is limited to 100 UTF-8 bytes

roles[].includedPermissions[] STRING

roles[].description STRING

Optional. A human-readable description for the role

roles[].etag BINARY

Used to perform a consistent read-modify-write

roles[].stage ENUMERATION

The current launch stage of the role. If the ALPHA launch stage has been selected for a role, the stage field will not be included in the returned definition for the role

roles[].name STRING

The name of the role.

When Role is used in CreateRole, the role name must not be set.

When Role is used in output and other input such as UpdateRole, the role name is the complete path, e.g., roles/logging.viewer for curated roles and organizations/{ORGANIZATION_ID}/roles/logging.viewer for custom roles

roles[].deleted BOOLEAN

The current deleted state of the role. This field is read only. It will be ignored in calls to CreateRole and UpdateRole

nextPageToken STRING

To retrieve the next page of results, set QueryGrantableRolesRequest.page_token to this value