REQUIRED: The complete policy to be applied to theresource. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Google Cloud services (such as Projects) might reject them.
Response body
If successful, the response body contains an instance ofPolicy.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-06-17 UTC."],[[["\u003cp\u003eThis document describes how to set the access control policy for an Identity-Aware Proxy (IAP) protected resource using the \u003ccode\u003esetIamPolicy\u003c/code\u003e method, replacing any existing policy.\u003c/p\u003e\n"],["\u003cp\u003eThe HTTP request to set the policy is a \u003ccode\u003ePOST\u003c/code\u003e request to \u003ccode\u003ehttps://iap.googleapis.com/v1beta1/{resource=**}:setIamPolicy\u003c/code\u003e, with the \u003ccode\u003eresource\u003c/code\u003e being a required path parameter.\u003c/p\u003e\n"],["\u003cp\u003eThe request body must include a \u003ccode\u003epolicy\u003c/code\u003e field, which contains the complete policy to be applied and is limited to a few tens of KB.\u003c/p\u003e\n"],["\u003cp\u003eA successful request returns a \u003ccode\u003ePolicy\u003c/code\u003e object, and requires the \u003ccode\u003ehttps://www.googleapis.com/auth/cloud-platform\u003c/code\u003e OAuth scope.\u003c/p\u003e\n"],["\u003cp\u003eSetting the IAM policy requires one of several specified \u003ccode\u003esetIamPolicy\u003c/code\u003e permissions depending on the resource type, such as \u003ccode\u003eiap.gateway.setIamPolicy\u003c/code\u003e, \u003ccode\u003eiap.tunnel.setIamPolicy\u003c/code\u003e and more.\u003c/p\u003e\n"]]],[],null,["# Method: setIamPolicy\n\n- [HTTP request](#body.HTTP_TEMPLATE)\n- [Path parameters](#body.PATH_PARAMETERS)\n- [Request body](#body.request_body)\n - [JSON representation](#body.request_body.SCHEMA_REPRESENTATION)\n- [Response body](#body.response_body)\n- [Authorization scopes](#body.aspect)\n- [IAM Permissions](#body.aspect_1)\n- [Try it!](#try-it)\n\nSets the access control policy for an Identity-Aware Proxy protected resource. Replaces any existing policy. More information about managing access via IAP can be found at: \u003chttps://cloud.google.com/iap/docs/managing-access#managing_access_via_the_api\u003e\n\n### HTTP request\n\n`POST https://iap.googleapis.com/v1beta1/{resource=**}:setIamPolicy`\n\nThe URL uses [gRPC Transcoding](https://google.aip.dev/127) syntax.\n\n### Path parameters\n\n### Request body\n\nThe request body contains data with the following structure:\n\n### Response body\n\nIf successful, the response body contains an instance of [Policy](/iap/docs/reference/rest/Shared.Types/Policy).\n\n### Authorization scopes\n\nRequires the following OAuth scope:\n\n- `https://www.googleapis.com/auth/cloud-platform`\n\nFor more information, see the [Authentication Overview](/docs/authentication#authorization-gcp).\n\n### IAM Permissions\n\nRequires **one of** the following [IAM](https://cloud.google.com/iam/docs) permissions on the `resource` resource, depending on the resource type:\n\n- `iap.gateway.setIamPolicy`\n- `iap.tunnel.setIamPolicy`\n- `iap.tunnelDestGroups.setIamPolicy`\n- `iap.tunnelInstances.setIamPolicy`\n- `iap.tunnelLocations.setIamPolicy`\n- `iap.tunnelZones.setIamPolicy`\n- `iap.web.setIamPolicy`\n- `iap.webServices.setIamPolicy`\n- `iap.webServiceVersions.setIamPolicy`\n- `iap.webTypes.setIamPolicy`\n\nFor more information, see the [IAM documentation](https://cloud.google.com/iam/docs)."]]
