Package iam supports the resource-specific operations of Google Cloud
IAM (Identity and Access Management) for the Google Cloud Libraries.
Seehttps://cloud.google.com/iamfor more about IAM.
Users of the Google Cloud Libraries will typically not use this package
directly. Instead they will begin with some resource that supports IAM, like
a pubsub topic, and call its IAM method to get a Handle for that resource.
Constants
AllUsers, AllAuthenticatedUsers
const(// AllUsers is a special member that denotes all users, even unauthenticated ones.AllUsers="allUsers"// AllAuthenticatedUsers is a special member that denotes all authenticated users.AllAuthenticatedUsers="allAuthenticatedUsers")
Handle
typeHandlestruct{// contains filtered or unexported fields}
V3 returns a Handle3, which is like Handle except it sets
requestedPolicyVersion to 3 when retrieving a policy and policy.version to 3
when storing a policy.
Handle3
typeHandle3struct{// contains filtered or unexported fields}
A Handle3 provides IAM operations for a resource. It is similar to a Handle, but provides access to newer IAM features (e.g., conditions).
TestPermissions returns the subset of permissions that the caller has on the resource.
Policy
typePolicystruct{// This field is exported for use by the Google Cloud Libraries only.// It may become unexported in a future release.InternalProto*pb.Policy}
A Policy is a list of Bindings representing roles
granted to members.
The zero Policy is a valid policy with no bindings.
Members returns the list of members with the supplied role.
The return value should not be modified. Use Add and Remove
to modify the members of a role.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[[["\u003cp\u003eThis page details the Google Cloud IAM (Identity and Access Management) package for Go, which manages resource-specific IAM operations.\u003c/p\u003e\n"],["\u003cp\u003eThe package offers different versions, with the latest being 1.4.2, alongside older versions accessible through links.\u003c/p\u003e\n"],["\u003cp\u003eUsers typically interact with this package indirectly through resources like Pub/Sub, using IAM methods to manage access.\u003c/p\u003e\n"],["\u003cp\u003e\u003ccode\u003eHandle\u003c/code\u003e and \u003ccode\u003eHandle3\u003c/code\u003e types provide IAM operations, with \u003ccode\u003eHandle3\u003c/code\u003e offering access to newer features, and functions like \u003ccode\u003ePolicy\u003c/code\u003e, \u003ccode\u003eSetPolicy\u003c/code\u003e, and \u003ccode\u003eTestPermissions\u003c/code\u003e to manage the resources.\u003c/p\u003e\n"],["\u003cp\u003eThe package includes \u003ccode\u003ePolicy\u003c/code\u003e and \u003ccode\u003ePolicy3\u003c/code\u003e types to handle role assignments and permissions, with functions like \u003ccode\u003eAdd\u003c/code\u003e, \u003ccode\u003eRemove\u003c/code\u003e, \u003ccode\u003eHasRole\u003c/code\u003e, \u003ccode\u003eMembers\u003c/code\u003e, and \u003ccode\u003eRoles\u003c/code\u003e to modify them, along with constants for common roles like \u003ccode\u003eOwner\u003c/code\u003e, \u003ccode\u003eEditor\u003c/code\u003e, and \u003ccode\u003eViewer\u003c/code\u003e.\u003c/p\u003e\n"]]],[],null,["# Cloud IAM - Package cloud.google.com/go/iam (v1.5.2)\n\nVersion latestkeyboard_arrow_down\n\n- [1.5.2 (latest)](/go/docs/reference/cloud.google.com/go/iam/latest)\n- [1.5.1](/go/docs/reference/cloud.google.com/go/iam/1.5.1)\n- [1.4.2](/go/docs/reference/cloud.google.com/go/iam/1.4.2)\n- [1.3.1](/go/docs/reference/cloud.google.com/go/iam/1.3.1)\n- [1.2.2](/go/docs/reference/cloud.google.com/go/iam/1.2.2)\n- [1.1.13](/go/docs/reference/cloud.google.com/go/iam/1.1.13)\n- [1.0.1](/go/docs/reference/cloud.google.com/go/iam/1.0.1)\n- [0.13.0](/go/docs/reference/cloud.google.com/go/iam/0.13.0)\n- [0.12.0](/go/docs/reference/cloud.google.com/go/iam/0.12.0)\n- [0.11.0](/go/docs/reference/cloud.google.com/go/iam/0.11.0)\n- [0.10.0](/go/docs/reference/cloud.google.com/go/iam/0.10.0)\n- [0.9.0](/go/docs/reference/cloud.google.com/go/iam/0.9.0)\n- [0.8.0](/go/docs/reference/cloud.google.com/go/iam/0.8.0)\n- [0.7.0](/go/docs/reference/cloud.google.com/go/iam/0.7.0)\n- [0.6.0](/go/docs/reference/cloud.google.com/go/iam/0.6.0)\n- [0.5.0](/go/docs/reference/cloud.google.com/go/iam/0.5.0)\n- [0.4.0](/go/docs/reference/cloud.google.com/go/iam/0.4.0)\n- [0.3.0](/go/docs/reference/cloud.google.com/go/iam/0.3.0)\n- [0.2.0](/go/docs/reference/cloud.google.com/go/iam/0.2.0)\n- [0.1.1](/go/docs/reference/cloud.google.com/go/iam/0.1.1) \n**Note:** To get more information about this package, such as access to older versions, view [this package on pkg.go.dev](https://pkg.go.dev/cloud.google.com/go/iam). \n\u003cbr /\u003e\n\nPackage iam supports the resource-specific operations of Google Cloud\nIAM (Identity and Access Management) for the Google Cloud Libraries.\nSee \u003chttps://cloud.google.com/iam\u003e for more about IAM.\n\nUsers of the Google Cloud Libraries will typically not use this package\ndirectly. Instead they will begin with some resource that supports IAM, like\na pubsub topic, and call its IAM method to get a Handle for that resource. \n\nConstants\n---------\n\n### AllUsers, AllAuthenticatedUsers\n\n const (\n \t// AllUsers is a special member that denotes all users, even unauthenticated ones.\n \tAllUsers = \"allUsers\"\n\n \t// AllAuthenticatedUsers is a special member that denotes all authenticated users.\n \tAllAuthenticatedUsers = \"allAuthenticatedUsers\"\n )\n\nHandle\n------\n\n type Handle struct {\n \t// contains filtered or unexported fields\n }\n\nA Handle provides IAM operations for a resource. \n\n### func InternalNewHandle\n\n func InternalNewHandle(conn https://pkg.go.dev/google.golang.org/grpc.https://pkg.go.dev/google.golang.org/grpc#ClientConnInterface, resource https://pkg.go.dev/builtin#string) *#cloud_google_com_go_iam_Handle\n\nInternalNewHandle is for use by the Google Cloud Libraries only.\n\nInternalNewHandle returns a Handle for resource.\nThe conn parameter refers to a server that must support the IAMPolicy service. \n\n### func InternalNewHandleClient\n\n func InternalNewHandleClient(c client, resource https://pkg.go.dev/builtin#string) *#cloud_google_com_go_iam_Handle\n\nInternalNewHandleClient is for use by the Google Cloud Libraries only.\n\nInternalNewHandleClient returns a Handle for resource using the given\nclient implementation. \n\n### func InternalNewHandleGRPCClient\n\n func InternalNewHandleGRPCClient(c /go/docs/reference/cloud.google.com/go/iam/latest/apiv1/iampb./go/docs/reference/cloud.google.com/go/iam/latest/apiv1/iampb#cloud_google_com_go_iam_apiv1_iampb_IAMPolicyClient, resource https://pkg.go.dev/builtin#string) *#cloud_google_com_go_iam_Handle\n\nInternalNewHandleGRPCClient is for use by the Google Cloud Libraries only.\n\nInternalNewHandleClient returns a Handle for resource using the given\ngrpc service that implements IAM as a mixin \n\n### func (\\*Handle) Policy\n\n func (h *#cloud_google_com_go_iam_Handle) Policy(ctx https://pkg.go.dev/context.https://pkg.go.dev/context#Context) (*#cloud_google_com_go_iam_Policy, https://pkg.go.dev/builtin#error)\n\nPolicy retrieves the IAM policy for the resource. \n\n### func (\\*Handle) SetPolicy\n\n func (h *#cloud_google_com_go_iam_Handle) SetPolicy(ctx https://pkg.go.dev/context.https://pkg.go.dev/context#Context, policy *#cloud_google_com_go_iam_Policy) https://pkg.go.dev/builtin#error\n\nSetPolicy replaces the resource's current policy with the supplied Policy.\n\nIf policy was created from a prior call to Get, then the modification will\nonly succeed if the policy has not changed since the Get. \n\n### func (\\*Handle) TestPermissions\n\n func (h *#cloud_google_com_go_iam_Handle) TestPermissions(ctx https://pkg.go.dev/context.https://pkg.go.dev/context#Context, permissions []https://pkg.go.dev/builtin#string) ([]https://pkg.go.dev/builtin#string, https://pkg.go.dev/builtin#error)\n\nTestPermissions returns the subset of permissions that the caller has on the resource. \n\n### func (\\*Handle) V3\n\n func (h *#cloud_google_com_go_iam_Handle) V3() *#cloud_google_com_go_iam_Handle3\n\nV3 returns a Handle3, which is like Handle except it sets\nrequestedPolicyVersion to 3 when retrieving a policy and policy.version to 3\nwhen storing a policy. \n\nHandle3\n-------\n\n type Handle3 struct {\n \t// contains filtered or unexported fields\n }\n\nA Handle3 provides IAM operations for a resource. It is similar to a Handle, but provides access to newer IAM features (e.g., conditions). \n\n### func (\\*Handle3) Policy\n\n func (h *#cloud_google_com_go_iam_Handle3) Policy(ctx https://pkg.go.dev/context.https://pkg.go.dev/context#Context) (*#cloud_google_com_go_iam_Policy3, https://pkg.go.dev/builtin#error)\n\nPolicy retrieves the IAM policy for the resource.\n\nrequestedPolicyVersion is always set to 3. \n\n### func (\\*Handle3) SetPolicy\n\n func (h *#cloud_google_com_go_iam_Handle3) SetPolicy(ctx https://pkg.go.dev/context.https://pkg.go.dev/context#Context, policy *#cloud_google_com_go_iam_Policy3) https://pkg.go.dev/builtin#error\n\nSetPolicy replaces the resource's current policy with the supplied Policy.\n\nIf policy was created from a prior call to Get, then the modification will\nonly succeed if the policy has not changed since the Get. \n\n### func (\\*Handle3) TestPermissions\n\n func (h *#cloud_google_com_go_iam_Handle3) TestPermissions(ctx https://pkg.go.dev/context.https://pkg.go.dev/context#Context, permissions []https://pkg.go.dev/builtin#string) ([]https://pkg.go.dev/builtin#string, https://pkg.go.dev/builtin#error)\n\nTestPermissions returns the subset of permissions that the caller has on the resource. \n\nPolicy\n------\n\n type Policy struct {\n\n \t// This field is exported for use by the Google Cloud Libraries only.\n \t// It may become unexported in a future release.\n \tInternalProto */go/docs/reference/cloud.google.com/go/iam/latest/apiv1/iampb./go/docs/reference/cloud.google.com/go/iam/latest/apiv1/iampb#cloud_google_com_go_iam_apiv1_iampb_Policy\n }\n\nA Policy is a list of Bindings representing roles\ngranted to members.\n\nThe zero Policy is a valid policy with no bindings. \n\n### func (\\*Policy) Add\n\n func (p *#cloud_google_com_go_iam_Policy) Add(member https://pkg.go.dev/builtin#string, r #cloud_google_com_go_iam_RoleName)\n\nAdd adds member member to role r if it is not already present.\nA new binding is created if there is no binding for the role. \n\n### func (\\*Policy) HasRole\n\n func (p *#cloud_google_com_go_iam_Policy) HasRole(member https://pkg.go.dev/builtin#string, r #cloud_google_com_go_iam_RoleName) https://pkg.go.dev/builtin#bool\n\nHasRole reports whether member has role r. \n\n### func (\\*Policy) Members\n\n func (p *#cloud_google_com_go_iam_Policy) Members(r #cloud_google_com_go_iam_RoleName) []https://pkg.go.dev/builtin#string\n\nMembers returns the list of members with the supplied role.\nThe return value should not be modified. Use Add and Remove\nto modify the members of a role. \n\n### func (\\*Policy) Remove\n\n func (p *#cloud_google_com_go_iam_Policy) Remove(member https://pkg.go.dev/builtin#string, r #cloud_google_com_go_iam_RoleName)\n\nRemove removes member from role r if it is present. \n\n### func (\\*Policy) Roles\n\n func (p *#cloud_google_com_go_iam_Policy) Roles() []#cloud_google_com_go_iam_RoleName\n\nRoles returns the names of all the roles that appear in the Policy. \n\nPolicy3\n-------\n\n type Policy3 struct {\n \tBindings []*/go/docs/reference/cloud.google.com/go/iam/latest/apiv1/iampb./go/docs/reference/cloud.google.com/go/iam/latest/apiv1/iampb#cloud_google_com_go_iam_apiv1_iampb_Binding\n \t// contains filtered or unexported fields\n }\n\nA Policy3 is a list of Bindings representing roles granted to members.\n\nThe zero Policy3 is a valid policy with no bindings.\n\nIt is similar to a Policy, except a Policy3 provides direct access to the\nlist of Bindings.\n\nThe policy version is always set to 3. \n\nRoleName\n--------\n\n type RoleName https://pkg.go.dev/builtin#string\n\nA RoleName is a name representing a collection of permissions. \n\n### Owner, Editor, Viewer\n\n const (\n \tOwner #cloud_google_com_go_iam_RoleName = \"roles/owner\"\n \tEditor #cloud_google_com_go_iam_RoleName = \"roles/editor\"\n \tViewer #cloud_google_com_go_iam_RoleName = \"roles/viewer\"\n )\n\nCommon role names."]]
