Gets the IAM policy that is attached to a ServiceAccount. This IAM policy specifies which principals have access to the service account.
This method does not tell you whether the service account has been granted any roles on other resources. To check whether a service account has role grants on a resource, use the getIamPolicy method for that resource. For example, to view the role grants for a project, call the Resource Manager API's projects.getIamPolicy method.
HTTP request
POST https://iam.googleapis.com/v1/{resource=projects/*/serviceAccounts/*}:getIamPolicy
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-05-21 UTC."],[[["\u003cp\u003eThis API retrieves the IAM policy for a specified ServiceAccount, detailing which principals have access.\u003c/p\u003e\n"],["\u003cp\u003eThe HTTP request is a POST operation using gRPC Transcoding syntax and requires a resource path parameter.\u003c/p\u003e\n"],["\u003cp\u003eAn optional \u003ccode\u003eGetPolicyOptions\u003c/code\u003e object can be provided via query parameters to configure the \u003ccode\u003eserviceAccounts.getIamPolicy\u003c/code\u003e method.\u003c/p\u003e\n"],["\u003cp\u003eThe request body should be empty, while the response body will contain a \u003ccode\u003ePolicy\u003c/code\u003e instance upon successful execution.\u003c/p\u003e\n"],["\u003cp\u003eAuthorization requires either the \u003ccode\u003ehttps://www.googleapis.com/auth/iam\u003c/code\u003e or \u003ccode\u003ehttps://www.googleapis.com/auth/cloud-platform\u003c/code\u003e OAuth scope.\u003c/p\u003e\n"]]],[],null,["# Method: projects.serviceAccounts.getIamPolicy\n\n- [HTTP request](#body.HTTP_TEMPLATE)\n- [Path parameters](#body.PATH_PARAMETERS)\n- [Query parameters](#body.QUERY_PARAMETERS)\n- [Request body](#body.request_body)\n- [Response body](#body.response_body)\n- [Authorization scopes](#body.aspect)\n- [Examples](#examples)\n- [Try it!](#try-it)\n\nGets the IAM policy that is attached to a [ServiceAccount](/iam/docs/reference/rest/v1/projects.serviceAccounts#ServiceAccount). This IAM policy specifies which principals have access to the service account.\n\nThis method does not tell you whether the service account has been granted any roles on other resources. To check whether a service account has role grants on a resource, use the `getIamPolicy` method for that resource. For example, to view the role grants for a project, call the Resource Manager API's [projects.getIamPolicy](https://cloud.google.com/resource-manager/reference/rest/v1/projects/getIamPolicy) method.\n\n### HTTP request\n\n`POST https://iam.googleapis.com/v1/{resource=projects/*/serviceAccounts/*}:getIamPolicy`\n\nThe URL uses [gRPC Transcoding](https://google.aip.dev/127) syntax.\n\n### Path parameters\n\n### Query parameters\n\n### Request body\n\nThe request body must be empty.\n\n### Response body\n\nIf successful, the response body contains an instance of [Policy](/iam/docs/reference/rest/v1/Policy).\n\n### Authorization scopes\n\nRequires one of the following OAuth scopes:\n\n- `https://www.googleapis.com/auth/iam`\n- `\n https://www.googleapis.com/auth/cloud-platform`\n\nFor more information, see the [Authentication Overview](/docs/authentication#authorization-gcp)."]]
