English
Deutsch
Español – América Latina
Français
Indonesia
Italiano
Português – Brasil
中文 – 简体
中文 – 繁體
日本語
한국어

Console

Contact Us Start free

Services that allow conditional role bindings

Identity and Access Management (IAM) lets you grant roles conditionally. However, some Google Cloud services don't allow conditional role bindings in their resources' allow policies.

This page lists the services that allow conditional role bindings in their resources' allow policies. To see which resource types for these services have allow policies, see Resource types that accept allow policies.

If you need to grant conditional access to a resource that doesn't allow conditions or a resource that doesn't have an allow policy, see Support for inherited conditions.

Services that allow conditions

You can add conditions to allow policies for resources from the following services:

Cloud Bigtable Admin API

Binary Authorization

BigQuery

Certificate Authority Service

Chrome Enterprise Premium

Cloud Deploy

Cloud Run

Cloud Storage

Cloud Workstations

Compute Engine

Dataproc

Identity-Aware Proxy (IAP)

Secret Manager

Service Management

Spanner

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-08-07 UTC.