Method: projects.instances.testIamPermissions

Returns permissions that the caller has on the specified instance resource.

Attempting this RPC on a non-existent Cloud Spanner instance resource will result in a NOT_FOUND error if the user has spanner.instances.list permission on the containing Google Cloud Project. Otherwise returns an empty set of permissions.

POST https://spanner.googleapis.com/v1/{resource=projects/*/instances/*}:testIamPermissions

The URL uses gRPC Transcoding syntax.

Parameters
resource

string

REQUIRED: The Cloud Spanner resource for which permissions are being tested. The format is projects/<project ID>/instances/<instance ID> for instance resources and projects/<project ID>/instances/<instance ID>/databases/<database ID> for database resources.

Request body

The request body contains data with the following structure:

JSON representation
{
  "permissions": [
    string
  ]
}
Fields
permissions[]

string

REQUIRED: The set of permissions to check for 'resource'. Permissions with wildcards (such as '*', 'spanner.*', 'spanner.instances.*') are not allowed.

Response body

If successful, the response body contains an instance of TestIamPermissionsResponse.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/spanner.admin
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.