Stay organized with collections
Save and categorize content based on your preferences.
Identity and Access Management (IAM) lets you
grant roles conditionally. However, some Google Cloud
services don't allow conditional role bindings in their resources' allow
policies.
This page lists the services that allow conditional role bindings in their
resources' allow policies. To see which resource types for these services have
allow policies, see Resource types that accept allow
policies.
If you need to grant conditional access to a resource that doesn't allow
conditions or a resource that doesn't have an allow policy, see Support for
inherited conditions.
Services that allow conditions
You can add conditions to allow policies for resources from the
following services:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-28 UTC."],[],[],null,["# Services that allow conditional role bindings\n\nIdentity and Access Management (IAM) lets you\n[grant roles conditionally](/iam/docs/conditions-overview). However, some Google Cloud\nservices don't allow conditional role bindings in their resources' allow\npolicies.\n\nThis page lists the services that allow conditional role bindings in their\nresources' allow policies. To see which resource types for these services have\nallow policies, see [Resource types that accept allow\npolicies](/iam/docs/resource-types-with-policies).\n\nIf you need to grant conditional access to a resource that doesn't allow\nconditions or a resource that doesn't have an allow policy, see [Support for\ninherited conditions](/iam/docs/conditions-attribute-reference#inherited-support).\n\nServices that allow conditions\n------------------------------\n\nYou can add conditions to allow policies for resources from the\nfollowing services:\n\n- [Cloud Bigtable Admin API](/bigtable/docs)\n\n\u003c!-- --\u003e\n\n- [Binary Authorization](/binary-authorization/docs)\n\n\u003c!-- --\u003e\n\n- [BigQuery](/bigquery/docs)\n\n\u003c!-- --\u003e\n\n- [Certificate Authority Service](/certificate-authority-service/docs)\n\n\u003c!-- --\u003e\n\n- [Chrome Enterprise Premium](/chrome-enterprise-premium/docs)\n\n\u003c!-- --\u003e\n\n- [Cloud Deploy](/deploy/docs)\n\n\u003c!-- --\u003e\n\n- [Cloud Key Management Service (Cloud KMS)](/kms/docs)\n- [Cloud Logging](/logging/docs)\n\n\u003c!-- --\u003e\n\n- [Cloud Run](/run/docs)\n\n\u003c!-- --\u003e\n\n- [Cloud Storage](/storage/docs)\n\n\u003c!-- --\u003e\n\n- [Cloud Workstations](/workstations/docs)\n\n\u003c!-- --\u003e\n\n- [Compute Engine](/compute/docs)\n\n\u003c!-- --\u003e\n\n- [Dataproc](/dataproc/docs)\n\n\u003c!-- --\u003e\n\n- [Identity-Aware Proxy (IAP)](/iap/docs)\n\n\u003c!-- --\u003e\n\n- [Identity and Access Management (IAM)](/iam/docs)\n- [Resource Manager](/resource-manager/docs)\n\n\u003c!-- --\u003e\n\n- [Secret Manager](/secret-manager/docs)\n\n\u003c!-- --\u003e\n\n- [Service Management](/service-infrastructure/docs/service-management/getting-started)\n\n\u003c!-- --\u003e\n\n- [Spanner](/spanner/docs)"]]