Tests the access control policy for a billing account. This method takes the resource and a set of permissions as input and returns the subset of the input permissions that the caller is allowed for that resource.
HTTP request
POST https://cloudbilling.googleapis.com/v1/{resource=billingAccounts/*}:testIamPermissions
REQUIRED: The resource for which the policy detail is being requested. SeeResource namesfor the appropriate value for this field.
Request body
The request body contains data with the following structure:
JSON representation
{"permissions":[string]}
Fields
permissions[]
string
The set of permissions to check for theresource. Permissions with wildcards (such as*orstorage.*) are not allowed. For more information seeIAM Overview.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[[["\u003cp\u003eThis webpage details how to test access control policies for billing accounts using the \u003ccode\u003etestIamPermissions\u003c/code\u003e method.\u003c/p\u003e\n"],["\u003cp\u003eThe HTTP request is a POST method to a specific URL that includes a \u003ccode\u003eresource\u003c/code\u003e path parameter indicating the billing account.\u003c/p\u003e\n"],["\u003cp\u003eThe request body requires a JSON structure listing the \u003ccode\u003epermissions\u003c/code\u003e to be checked, while the response body returns a JSON structure listing the subset of \u003ccode\u003epermissions\u003c/code\u003e the caller is allowed.\u003c/p\u003e\n"],["\u003cp\u003eThe API method requires one of the listed OAuth scopes for authorization, ensuring the caller has proper access rights.\u003c/p\u003e\n"],["\u003cp\u003eThe resource being tested must follow the Google Cloud resource naming convention, as it's required to be able to test the access control policy.\u003c/p\u003e\n"]]],[],null,["# Method: billingAccounts.testIamPermissions\n\n- [HTTP request](#body.HTTP_TEMPLATE)\n- [Path parameters](#body.PATH_PARAMETERS)\n- [Request body](#body.request_body)\n - [JSON representation](#body.request_body.SCHEMA_REPRESENTATION)\n- [Response body](#body.response_body)\n - [JSON representation](#body.TestIamPermissionsResponse.SCHEMA_REPRESENTATION)\n- [Authorization scopes](#body.aspect)\n- [Try it!](#try-it)\n\nTests the access control policy for a billing account. This method takes the resource and a set of permissions as input and returns the subset of the input permissions that the caller is allowed for that resource.\n\n### HTTP request\n\n`POST https://cloudbilling.googleapis.com/v1/{resource=billingAccounts/*}:testIamPermissions`\n\nThe URL uses [gRPC Transcoding](https://google.aip.dev/127) syntax.\n\n### Path parameters\n\n### Request body\n\nThe request body contains data with the following structure:\n\n### Response body\n\nResponse message for `billingAccounts.testIamPermissions` method.\n\nIf successful, the response body contains data with the following structure:\n\n### Authorization scopes\n\nRequires one of the following OAuth scopes:\n\n- `https://www.googleapis.com/auth/cloud-platform`\n- `https://www.googleapis.com/auth/cloud-billing`\n- `https://www.googleapis.com/auth/cloud-billing.readonly`\n\nFor more information, see the [Authentication Overview](https://cloud.google.com/docs/authentication/)."]]
