Set Iam Policy

16 variables

11 variables

Updates an IAM policy for the specified object

Authorization

To use this building block you will have to grant access to at least one of the following scopes:

View and manage your data across Google Cloud Platform services
Manage your data and permissions in Google Cloud Storage
Manage your data in Google Cloud Storage

Input

This building block consumes 16 input parameters

Name	Format	Description
`bucket` Required	`STRING`	Name of the bucket in which the object resides
`object` Required	`STRING`	Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts
`generation`	`INTEGER`	If present, selects a specific revision of this object (as opposed to the latest version, the default)
`provisionalUserProject`	`STRING`	The project to be billed for this request if the target bucket is requester-pays bucket
`userProject`	`STRING`	The project to be billed for this request. Required for Requester Pays buckets
`bindings[]`	`OBJECT`
`bindings[].condition`	`OBJECT`	Represents an expression text. Example: title: "User account presence" description: "Determines whether the request has a user account" expression: "size(request.user) > 0"
`bindings[].condition.description`	`STRING`	An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI
`bindings[].condition.expression`	`STRING`	Textual representation of an expression in Common Expression Language syntax. The application context of the containing message determines which well-known feature set of CEL is supported
`bindings[].condition.location`	`STRING`	An optional string indicating the location of the expression for error reporting, e.g. a file name and a position in the file
`bindings[].condition.title`	`STRING`	An optional title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression
`bindings[].members[]`	`STRING`
`bindings[].role`	`STRING`	The role to which members belong. Two types of roles are supported: new IAM roles, which grant permissions that do not map directly to those provided by ACLs, and legacy IAM roles, which do map directly to ACL permissions. All roles are of the format roles/storage.specificRole. The new IAM roles are: roles/storage.admin — Full control of Google Cloud Storage resources. roles/storage.objectViewer — Read-Only access to Google Cloud Storage objects. roles/storage.objectCreator — Access to create objects in Google Cloud Storage. roles/storage.objectAdmin — Full control of Google Cloud Storage objects. The legacy IAM roles are: roles/storage.legacyObjectReader — Read-only access to objects without listing. Equivalent to an ACL entry on an object with the READER role. roles/storage.legacyObjectOwner — Read/write access to existing objects without listing. Equivalent to an ACL entry on an object with the OWNER role. roles/storage.legacyBucketReader — Read access to buckets with object listing. Equivalent to an ACL entry on a bucket with the READER role. roles/storage.legacyBucketWriter — Read access to buckets with object listing/creation/deletion. Equivalent to an ACL entry on a bucket with the WRITER role. roles/storage.legacyBucketOwner — Read and write access to existing buckets with object listing/creation/deletion. Equivalent to an ACL entry on a bucket with the OWNER role.
`etag`	`BINARY`	HTTP 1.1 Entity tag for the policy
`kind`	`STRING`	The kind of item this is. For policies, this is always storage#policy. This field is ignored on input
`resourceId`	`STRING`	The ID of the resource to which this policy belongs. Will be of the form projects//buckets/bucket for buckets, and projects//buckets/bucket/objects/object for objects. A specific generation may be specified by appending #generationNumber to the end of the object name, e.g. projects/_/buckets/my-bucket/objects/data.txt#17. The current generation can be denoted with #0. This field is ignored on input

= Parameter name
= Format

bucket STRING Required

Name of the bucket in which the object resides

object STRING Required

Name of the object. For information about how to URL encode object names to be path safe, see Encoding URI Path Parts

generation INTEGER

If present, selects a specific revision of this object (as opposed to the latest version, the default)

provisionalUserProject STRING

The project to be billed for this request if the target bucket is requester-pays bucket

userProject STRING

The project to be billed for this request. Required for Requester Pays buckets

bindings[] OBJECT

bindings[].condition OBJECT

Represents an expression text. Example: title: "User account presence" description: "Determines whether the request has a user account" expression: "size(request.user) > 0"

bindings[].condition.description STRING

An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI

bindings[].condition.expression STRING

Textual representation of an expression in Common Expression Language syntax. The application context of the containing message determines which well-known feature set of CEL is supported

bindings[].condition.location STRING

An optional string indicating the location of the expression for error reporting, e.g. a file name and a position in the file

bindings[].condition.title STRING

An optional title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression

bindings[].members[] STRING

bindings[].role STRING

The role to which members belong. Two types of roles are supported: new IAM roles, which grant permissions that do not map directly to those provided by ACLs, and legacy IAM roles, which do map directly to ACL permissions. All roles are of the format roles/storage.specificRole. The new IAM roles are:

roles/storage.admin — Full control of Google Cloud Storage resources.
roles/storage.objectViewer — Read-Only access to Google Cloud Storage objects.
roles/storage.objectCreator — Access to create objects in Google Cloud Storage.
roles/storage.objectAdmin — Full control of Google Cloud Storage objects. The legacy IAM roles are:
roles/storage.legacyObjectReader — Read-only access to objects without listing. Equivalent to an ACL entry on an object with the READER role.
roles/storage.legacyObjectOwner — Read/write access to existing objects without listing. Equivalent to an ACL entry on an object with the OWNER role.
roles/storage.legacyBucketReader — Read access to buckets with object listing. Equivalent to an ACL entry on a bucket with the READER role.
roles/storage.legacyBucketWriter — Read access to buckets with object listing/creation/deletion. Equivalent to an ACL entry on a bucket with the WRITER role.
roles/storage.legacyBucketOwner — Read and write access to existing buckets with object listing/creation/deletion. Equivalent to an ACL entry on a bucket with the OWNER role.

etag BINARY

HTTP 1.1 Entity tag for the policy

kind STRING

The kind of item this is. For policies, this is always storage#policy. This field is ignored on input

resourceId STRING

The ID of the resource to which this policy belongs. Will be of the form projects//buckets/bucket for buckets, and projects//buckets/bucket/objects/object for objects. A specific generation may be specified by appending #generationNumber to the end of the object name, e.g. projects/_/buckets/my-bucket/objects/data.txt#17. The current generation can be denoted with #0. This field is ignored on input

Output

This building block provides 11 output parameters

Name	Format	Description
`bindings[]`	`OBJECT`
`bindings[].condition`	`OBJECT`	Represents an expression text. Example: title: "User account presence" description: "Determines whether the request has a user account" expression: "size(request.user) > 0"
`bindings[].condition.description`	`STRING`	An optional description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI
`bindings[].condition.expression`	`STRING`	Textual representation of an expression in Common Expression Language syntax. The application context of the containing message determines which well-known feature set of CEL is supported
`bindings[].condition.location`	`STRING`	An optional string indicating the location of the expression for error reporting, e.g. a file name and a position in the file
`bindings[].condition.title`	`STRING`	An optional title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression
`bindings[].members[]`	`STRING`
`bindings[].role`	`STRING`	The role to which members belong. Two types of roles are supported: new IAM roles, which grant permissions that do not map directly to those provided by ACLs, and legacy IAM roles, which do map directly to ACL permissions. All roles are of the format roles/storage.specificRole. The new IAM roles are: roles/storage.admin — Full control of Google Cloud Storage resources. roles/storage.objectViewer — Read-Only access to Google Cloud Storage objects. roles/storage.objectCreator — Access to create objects in Google Cloud Storage. roles/storage.objectAdmin — Full control of Google Cloud Storage objects. The legacy IAM roles are: roles/storage.legacyObjectReader — Read-only access to objects without listing. Equivalent to an ACL entry on an object with the READER role. roles/storage.legacyObjectOwner — Read/write access to existing objects without listing. Equivalent to an ACL entry on an object with the OWNER role. roles/storage.legacyBucketReader — Read access to buckets with object listing. Equivalent to an ACL entry on a bucket with the READER role. roles/storage.legacyBucketWriter — Read access to buckets with object listing/creation/deletion. Equivalent to an ACL entry on a bucket with the WRITER role. roles/storage.legacyBucketOwner — Read and write access to existing buckets with object listing/creation/deletion. Equivalent to an ACL entry on a bucket with the OWNER role.
`etag`	`BINARY`	HTTP 1.1 Entity tag for the policy
`kind`	`STRING`	The kind of item this is. For policies, this is always storage#policy. This field is ignored on input
`resourceId`	`STRING`	The ID of the resource to which this policy belongs. Will be of the form projects//buckets/bucket for buckets, and projects//buckets/bucket/objects/object for objects. A specific generation may be specified by appending #generationNumber to the end of the object name, e.g. projects/_/buckets/my-bucket/objects/data.txt#17. The current generation can be denoted with #0. This field is ignored on input