Returns the IAM permissions that the caller has on the specified Access Context Manager resource. The resource can be an AccessPolicy, AccessLevel, or ServicePerimeter. This method does not support other resources.
HTTP request
POST https://accesscontextmanager.googleapis.com/v1/{resource=accessPolicies/*}:testIamPermissions
REQUIRED: The resource for which the policy detail is being requested. See Resource names for the appropriate value for this field.
Request body
The request body contains data with the following structure:
JSON representation
{"permissions": [string]}
Fields
permissions[]
string
The set of permissions to check for the resource. Permissions with wildcards (such as * or storage.*) are not allowed. For more information see IAM Overview.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-07-17 UTC."],[[["This endpoint retrieves the IAM permissions the caller has on a specified Access Context Manager resource (AccessPolicy, AccessLevel, or ServicePerimeter)."],["The HTTP request method is `POST` to the URL `https://accesscontextmanager.googleapis.com/v1/{resource=accessPolicies/*}:testIamPermissions` using gRPC Transcoding syntax."],["The required path parameter, `resource`, is a string representing the Access Context Manager resource being queried, and it must follow the format specified in [Resource names](https://cloud.google.com/apis/design/resource_names)."],["The request body must be in JSON format, containing an array of strings (`permissions`) representing the specific permissions being checked, and wildcards are not permitted."],["Successful calls return an instance of [TestIamPermissionsResponse](/access-context-manager/docs/reference/rest/Shared.Types/TestIamPermissionsResponse) in the response body, and requires the `https://www.googleapis.com/auth/cloud-platform` OAuth scope."]]],[]]
