Returns the caller's permissions on a resource. An error is returned if the resource does not exist. A caller is not required to have Google IAM permission to make this request.
HTTP request
POST https://identitytoolkit.googleapis.com/admin/v2/{resource=projects/*/tenants/*}:testIamPermissions
REQUIRED: The resource for which the policy detail is being requested. See Resource names for the appropriate value for this field.
Request body
The request body contains data with the following structure:
JSON representation
{"permissions": [string]}
Fields
permissions[]
string
The set of permissions to check for the resource. Permissions with wildcards (such as * or storage.*) are not allowed. For more information see IAM Overview.
Response body
Response message for tenants.testIamPermissions method.
If successful, the response body contains data with the following structure:
JSON representation
{"permissions": [string]}
Fields
permissions[]
string
A subset of TestPermissionsRequest.permissions that the caller is allowed.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-05-30 UTC."],[[["\u003cp\u003eThis page details how to use the \u003ccode\u003etestIamPermissions\u003c/code\u003e method to check a caller's permissions on a specified resource.\u003c/p\u003e\n"],["\u003cp\u003eThe HTTP request is made using a \u003ccode\u003ePOST\u003c/code\u003e method to a URL that uses gRPC Transcoding syntax, and requires a resource path parameter.\u003c/p\u003e\n"],["\u003cp\u003eThe request body must contain a JSON structure specifying an array of permissions to check, without any wildcards, for the \u003ccode\u003eresource\u003c/code\u003e.\u003c/p\u003e\n"],["\u003cp\u003eThe response body will be a JSON object that contains a list of permissions the caller is allowed from the initial set of permissions.\u003c/p\u003e\n"],["\u003cp\u003eTo make the request, one of the listed OAuth scopes is needed, which includes \u003ccode\u003ehttps://www.googleapis.com/auth/identitytoolkit\u003c/code\u003e, \u003ccode\u003ehttps://www.googleapis.com/auth/firebase\u003c/code\u003e, or \u003ccode\u003ehttps://www.googleapis.com/auth/cloud-platform\u003c/code\u003e.\u003c/p\u003e\n"]]],[],null,["# Method: projects.tenants.testIamPermissions\n\n- [HTTP request](#body.HTTP_TEMPLATE)\n- [Path parameters](#body.PATH_PARAMETERS)\n- [Request body](#body.request_body)\n - [JSON representation](#body.request_body.SCHEMA_REPRESENTATION)\n- [Response body](#body.response_body)\n - [JSON representation](#body.TestIamPermissionsResponse.SCHEMA_REPRESENTATION)\n- [Authorization scopes](#body.aspect)\n- [Try it!](#try-it)\n\nReturns the caller's permissions on a resource. An error is returned if the resource does not exist. A caller is not required to have Google IAM permission to make this request.\n\n### HTTP request\n\n`POST https://identitytoolkit.googleapis.com/admin/v2/{resource=projects/*/tenants/*}:testIamPermissions`\n\nThe URL uses [gRPC Transcoding](https://google.aip.dev/127) syntax.\n\n### Path parameters\n\n### Request body\n\nThe request body contains data with the following structure:\n\n### Response body\n\nResponse message for `tenants.testIamPermissions` method.\n\nIf successful, the response body contains data with the following structure:\n\n### Authorization scopes\n\nRequires one of the following OAuth scopes:\n\n- `https://www.googleapis.com/auth/identitytoolkit`\n- `\n https://www.googleapis.com/auth/firebase`\n- `\n https://www.googleapis.com/auth/cloud-platform`\n\nFor more information, see the [Authentication Overview](/docs/authentication#authorization-gcp)."]]
