Returns the IAM permissions that the caller has on the specified Access Context Manager resource. The resource can be an AccessPolicy, AccessLevel, or ServicePerimeter. This method does not support other resources.
HTTP request
POST https://accesscontextmanager.googleapis.com/v1/{resource=accessPolicies/*}:testIamPermissions
REQUIRED: The resource for which the policy detail is being requested. See Resource names for the appropriate value for this field.
Request body
The request body contains data with the following structure:
JSON representation
{"permissions": [string]}
Fields
permissions[]
string
The set of permissions to check for the resource. Permissions with wildcards (such as * or storage.*) are not allowed. For more information see IAM Overview.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-07-17 UTC."],[[["\u003cp\u003eThis endpoint retrieves the IAM permissions the caller has on a specified Access Context Manager resource (AccessPolicy, AccessLevel, or ServicePerimeter).\u003c/p\u003e\n"],["\u003cp\u003eThe HTTP request method is \u003ccode\u003ePOST\u003c/code\u003e to the URL \u003ccode\u003ehttps://accesscontextmanager.googleapis.com/v1/{resource=accessPolicies/*}:testIamPermissions\u003c/code\u003e using gRPC Transcoding syntax.\u003c/p\u003e\n"],["\u003cp\u003eThe required path parameter, \u003ccode\u003eresource\u003c/code\u003e, is a string representing the Access Context Manager resource being queried, and it must follow the format specified in \u003ca href=\"https://cloud.google.com/apis/design/resource_names\"\u003eResource names\u003c/a\u003e.\u003c/p\u003e\n"],["\u003cp\u003eThe request body must be in JSON format, containing an array of strings (\u003ccode\u003epermissions\u003c/code\u003e) representing the specific permissions being checked, and wildcards are not permitted.\u003c/p\u003e\n"],["\u003cp\u003eSuccessful calls return an instance of \u003ca href=\"/access-context-manager/docs/reference/rest/Shared.Types/TestIamPermissionsResponse\"\u003eTestIamPermissionsResponse\u003c/a\u003e in the response body, and requires the \u003ccode\u003ehttps://www.googleapis.com/auth/cloud-platform\u003c/code\u003e OAuth scope.\u003c/p\u003e\n"]]],[],null,["# Method: accessPolicies.testIamPermissions\n\n- [HTTP request](#body.HTTP_TEMPLATE)\n- [Path parameters](#body.PATH_PARAMETERS)\n- [Request body](#body.request_body)\n - [JSON representation](#body.request_body.SCHEMA_REPRESENTATION)\n- [Response body](#body.response_body)\n- [Authorization scopes](#body.aspect)\n- [Try it!](#try-it)\n\nReturns the IAM permissions that the caller has on the specified Access Context Manager resource. The resource can be an [AccessPolicy](/access-context-manager/docs/reference/rest/v1/accessPolicies#AccessPolicy), [AccessLevel](/access-context-manager/docs/reference/rest/v1/accessPolicies.accessLevels#AccessLevel), or [ServicePerimeter](/access-context-manager/docs/reference/rest/v1/accessPolicies.servicePerimeters#ServicePerimeter). This method does not support other resources.\n\n### HTTP request\n\n`POST https://accesscontextmanager.googleapis.com/v1/{resource=accessPolicies/*}:testIamPermissions`\n\nThe URL uses [gRPC Transcoding](https://google.aip.dev/127) syntax.\n\n### Path parameters\n\n### Request body\n\nThe request body contains data with the following structure:\n\n### Response body\n\nIf successful, the response body contains an instance of [TestIamPermissionsResponse](/access-context-manager/docs/reference/rest/Shared.Types/TestIamPermissionsResponse).\n\n### Authorization scopes\n\nRequires the following OAuth scope:\n\n- `https://www.googleapis.com/auth/cloud-platform`\n\nFor more information, see the [Authentication Overview](/docs/authentication#authorization-gcp)."]]