Returns permissions that a caller has on the specified resource. If the resource does not exist, this returns an empty set of permissions, not a NOT_FOUND error.
Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may "fail open" without warning.
HTTP request
POST https://dns.googleapis.com/dns/v1beta2/{resource=projects/*/managedZones/*}:testIamPermissions
REQUIRED: The resource for which the policy detail is being requested. See Resource names for the appropriate value for this field. It takes the form projects/{project}/managedZones/{managedzone}.
Request body
The request body contains data with the following structure:
JSON representation
{"permissions": [string]}
Fields
permissions[]
string
The set of permissions to check for the resource. Permissions with wildcards (such as * or storage.*) are not allowed. For more information see IAM Overview.
Response body
Response message for managedZones.testIamPermissions method.
If successful, the response body contains data with the following structure:
JSON representation
{"permissions": [string]}
Fields
permissions[]
string
A subset of TestPermissionsRequest.permissions that the caller is allowed.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-05-19 UTC."],[[["\u003cp\u003eThis endpoint tests the permissions a caller has on a specified resource, returning an empty set if the resource doesn't exist.\u003c/p\u003e\n"],["\u003cp\u003eThe HTTP request uses a \u003ccode\u003ePOST\u003c/code\u003e method to the URL \u003ccode\u003ehttps://dns.googleapis.com/dns/v1beta2/{resource=projects/*/managedZones/*}:testIamPermissions\u003c/code\u003e and follows gRPC Transcoding syntax.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003eresource\u003c/code\u003e path parameter is required and takes the form \u003ccode\u003eprojects/{project}/managedZones/{managedzone}\u003c/code\u003e.\u003c/p\u003e\n"],["\u003cp\u003eThe request body requires a JSON representation containing an array of \u003ccode\u003epermissions\u003c/code\u003e to check, and these permissions cannot contain wildcards.\u003c/p\u003e\n"],["\u003cp\u003eThe response body returns a JSON array of \u003ccode\u003epermissions\u003c/code\u003e that the caller is allowed, and this endpoint requires specific OAuth scopes for authorization.\u003c/p\u003e\n"]]],[],null,[]]