Method: accessPolicies.accessLevels.replaceAll

Replaces all existing access levels in an access policy with the access levels provided. This is done atomically. The long-running operation from this RPC has a successful status after all replacements propagate to long-lasting storage. If the replacement contains errors, an error response is returned for the first error encountered. Upon error, the replacement is cancelled, and existing access levels are not affected. The Operation.response field contains ReplaceAccessLevelsResponse. Removing access levels contained in existing service perimeters result in an error.

HTTP request


The URL uses gRPC Transcoding syntax.

Path parameters



Required. Resource name for the access policy which owns these Access Levels.

Format: accessPolicies/{policy_id}

Request body

The request body contains data with the following structure:

JSON representation
  "accessLevels": [
      object (AccessLevel)
  "etag": string

object (AccessLevel)

Required. The desired Access Levels that should replace all existing Access Levels in the Access Policy.



Optional. The etag for the version of the Access Policy that this replace operation is to be performed on. If, at the time of replace, the etag for the Access Policy stored in Access Context Manager is different from the specified etag, then the replace operation will not be performed and the call will fail. This field is not required. If etag is not provided, the operation will be performed as if a valid etag is provided.

Response body

If successful, the response body contains an instance of Operation.

Authorization scopes

Requires the following OAuth scope:


For more information, see the Authentication Overview.