Returns permissions that a caller has on the specified resource. If the resource does not exist, this returns an empty set of permissions, not a NOT_FOUND error.
Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may "fail open" without warning.
HTTP request
POST https://dns.googleapis.com/dns/v1/{resource=projects/*/managedZones/*}:testIamPermissions
REQUIRED: The resource for which the policy detail is being requested. See Resource names for the appropriate value for this field. It takes the form projects/{project}/managedZones/{managedzone}.
Request body
The request body contains data with the following structure:
JSON representation
{"permissions": [string]}
Fields
permissions[]
string
The set of permissions to check for the resource. Permissions with wildcards (such as * or storage.*) are not allowed. For more information see IAM Overview.
Response body
Response message for managedZones.testIamPermissions method.
If successful, the response body contains data with the following structure:
JSON representation
{"permissions": [string]}
Fields
permissions[]
string
A subset of TestPermissionsRequest.permissions that the caller is allowed.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-05-19 UTC."],[[["\u003cp\u003eThis endpoint (\u003ccode\u003etestIamPermissions\u003c/code\u003e) returns the permissions a caller has on a specified resource within the Google Cloud DNS API.\u003c/p\u003e\n"],["\u003cp\u003eThe request is made via an HTTP POST to a URL with a specific format that includes a project and managed zone resource path.\u003c/p\u003e\n"],["\u003cp\u003eThe request body must include a JSON array of permissions to check against, and wildcards within permissions are not allowed.\u003c/p\u003e\n"],["\u003cp\u003eThe response body will contain a JSON array listing the permissions from the request that the caller is actually allowed.\u003c/p\u003e\n"],["\u003cp\u003eThe operation is designed for UI and command-line tooling and requires one of four specified OAuth scopes for authorization.\u003c/p\u003e\n"]]],[],null,["# Method: managedZones.testIamPermissions\n\n- [HTTP request](#body.HTTP_TEMPLATE)\n- [Path parameters](#body.PATH_PARAMETERS)\n- [Request body](#body.request_body)\n - [JSON representation](#body.request_body.SCHEMA_REPRESENTATION)\n- [Response body](#body.response_body)\n - [JSON representation](#body.TestIamPermissionsResponse.SCHEMA_REPRESENTATION)\n- [Authorization scopes](#body.aspect)\n- [Examples](#examples)\n- [Try it!](#try-it)\n\nReturns permissions that a caller has on the specified resource. If the resource does not exist, this returns an empty set of permissions, not a `NOT_FOUND` error.\n\nNote: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may \"fail open\" without warning.\n\n### HTTP request\n\n`POST https://dns.googleapis.com/dns/v1/{resource=projects/*/managedZones/*}:testIamPermissions`\n\nThe URL uses [gRPC Transcoding](https://google.aip.dev/127) syntax.\n\n### Path parameters\n\n### Request body\n\nThe request body contains data with the following structure:\n\n### Response body\n\nResponse message for `managedZones.testIamPermissions` method.\n\nIf successful, the response body contains data with the following structure:\n\n### Authorization scopes\n\nRequires one of the following OAuth scopes:\n\n- `https://www.googleapis.com/auth/cloud-platform`\n- `\n https://www.googleapis.com/auth/cloud-platform.read-only`\n- `\n https://www.googleapis.com/auth/ndev.clouddns.readonly`\n- `\n https://www.googleapis.com/auth/ndev.clouddns.readwrite`\n\nFor more information, see the [Authentication Overview](https://cloud.google.com/docs/authentication/external/authorization-gcp)."]]
