Method: organizations.setIamPolicy

Sets the access control policy on an Organization resource. Replaces any existing policy. The resource field should be the organization's resource name, e.g. "organizations/123".

HTTP request

POST https://cloudresourcemanager.googleapis.com/v1beta1/{resource=organizations/*}:setIamPolicy

The URL uses gRPC Transcoding syntax.

Path parameters

Parameters
resource

string

REQUIRED: The resource for which the policy is being specified. See Resource names for the appropriate value for this field.

Request body

The request body contains data with the following structure:

JSON representation 
 { 
 "policy" 
 : 
 { 
 object (  Policy 
 
) 
 } 
 , 
 "updateMask" 
 : 
 string 
 }
Fields
policy

object ( Policy )

REQUIRED: The complete policy to be applied to the resource . The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Google Cloud services (such as Projects) might reject them.
updateMask

string ( FieldMask format)

OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only the fields in the mask will be modified. If no mask is provided, the following default mask is used:

paths: "bindings, etag"

This is a comma-separated list of fully qualified names of fields. Example: "user.displayName,photo" .

Response body

If successful, the response body contains an instance of Policy .

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-platform
  • https://www.googleapis.com/auth/cloudplatformorganizations

For more information, see the Authentication Overview .