Reference documentation and code samples for the Google Cloud PHP shared dependency, providing functionality useful to all components. Client class PolicyBuilder.
Helper class for creating valid IAM policies
Example:
use Google\Cloud\Core\Iam\PolicyBuilder;
$builder = new PolicyBuilder();
$builder->addBinding('roles/admin', [ 'user:admin@domain.com' ]);
$result = $builder->result();
This method will fail with an InvalidOpereationException if it is
called on a Policy with a version greater than 1 as that indicates
a more complicated policy than this method is prepared to handle.
Changes to such policies must be made manually by the setBindings()
method.
This method will fail with a BadMethodCallException if it is
called on a Policy with a version greater than 1 as that indicates
a more complicated policy than this method is prepared to handle.
Changes to such policies must be made manually by the setBindings()
method.
used for optimistic concurrency control as a way to help prevent simultaneous updates of a
policy from overwriting each other. It is strongly suggested that updates to existing policies make use
of the etag to avoid race conditions.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[],[],null,["# Google Cloud PHP shared dependency, providing functionality useful to all components. Client - Class PolicyBuilder (1.64.2)\n\nVersion latestkeyboard_arrow_down\n\n- [1.64.2 (latest)](/php/docs/reference/cloud-core/latest/Iam.PolicyBuilder)\n- [1.64.1](/php/docs/reference/cloud-core/1.64.1/Iam.PolicyBuilder)\n- [1.63.0](/php/docs/reference/cloud-core/1.63.0/Iam.PolicyBuilder)\n- [1.62.3](/php/docs/reference/cloud-core/1.62.3/Iam.PolicyBuilder)\n- [1.61.0](/php/docs/reference/cloud-core/1.61.0/Iam.PolicyBuilder)\n- [1.60.1](/php/docs/reference/cloud-core/1.60.1/Iam.PolicyBuilder)\n- [1.59.1](/php/docs/reference/cloud-core/1.59.1/Iam.PolicyBuilder)\n- [1.58.2](/php/docs/reference/cloud-core/1.58.2/Iam.PolicyBuilder)\n- [1.53.0](/php/docs/reference/cloud-core/1.53.0/Iam.PolicyBuilder)\n- [1.52.11](/php/docs/reference/cloud-core/1.52.11/Iam.PolicyBuilder)\n- [1.51.2](/php/docs/reference/cloud-core/1.51.2/Iam.PolicyBuilder)\n- [1.50.0](/php/docs/reference/cloud-core/1.50.0/Iam.PolicyBuilder)\n- [1.49.3](/php/docs/reference/cloud-core/1.49.3/Iam.PolicyBuilder)\n- [1.48.1](/php/docs/reference/cloud-core/1.48.1/Iam.PolicyBuilder) \nReference documentation and code samples for the Google Cloud PHP shared dependency, providing functionality useful to all components. Client class PolicyBuilder.\n\nHelper class for creating valid IAM policies\n\nExample: \n\n use Google\\Cloud\\Core\\Iam\\PolicyBuilder;\n\n $builder = new PolicyBuilder();\n $builder-\u003eaddBinding('roles/admin', [ 'user:admin@domain.com' ]);\n $result = $builder-\u003eresult();\n\nNamespace\n---------\n\nGoogle \\\\ Cloud \\\\ Core \\\\ Iam\n\nMethods\n-------\n\n### __construct\n\nSee also:\n\n- [Policy versioning](https://cloud.google.com/iam/docs/policies#versions)\n- [Using Cloud IAM Conditions on buckets](https://cloud-dot-devsite.googleplex.com/storage/docs/access-control/using-iam-permissions#conditions-iam)\n\nExample:\n\\`\\`\\`\n$policy = \\[\n'etag' =\\\u003e 'AgIc==',\n'version' =\\\u003e 3,\n'bindings' =\\\u003e \\[\n\\[\n'role' =\\\u003e 'roles/admin',\n'members' =\\\u003e \\[\n'user:admin@domain.com',\n'user2:admin@domain.com'\n\\],\n'condition' =\\\u003e \\[\n'title' =\\\u003e 'match-prefix',\n'description' =\\\u003e 'Applies to objects matching a prefix',\n'expression' =\\\u003e\n'resource.name.startsWith(\"projects/_/buckets/bucket-name/objects/prefix-a-\")'\n\\]\n\\]\n\\],\n\\];\n\n$builder = new PolicyBuilder($policy);\n\\`\\`\\`\n\n### setBindings\n\nOverride all stored bindings on the policy.\n\nExample: \n\n $builder-\u003esetBindings([\n [\n 'role' =\u003e 'roles/admin',\n 'members' =\u003e [\n 'user:admin@domain.com'\n ],\n 'condition' =\u003e [\n 'expression' =\u003e\n 'request.time \u003c timestamp(\"2020-07-01T00:00:00.000Z\")'\n ]\n ]\n ]);\n\n### addBinding\n\nAdd a new binding to the policy.\n\nThis method will fail with an InvalidOpereationException if it is\ncalled on a Policy with a version greater than 1 as that indicates\na more complicated policy than this method is prepared to handle.\nChanges to such policies must be made manually by the setBindings()\nmethod.\n\nExample: \n\n $builder-\u003eaddBinding('roles/admin', [ 'user:admin@domain.com' ]);\n\n### removeBinding\n\nRemove a binding from the policy.\n\nThis method will fail with a BadMethodCallException if it is\ncalled on a Policy with a version greater than 1 as that indicates\na more complicated policy than this method is prepared to handle.\nChanges to such policies must be made manually by the setBindings()\nmethod.\n\nExample: \n\n $builder-\u003esetBindings([\n [\n 'role' =\u003e 'roles/admin',\n 'members' =\u003e [\n 'user:admin@domain.com',\n 'user2:admin@domain.com'\n ]\n ]\n ]);\n $builder-\u003eremoveBinding('roles/admin', [ 'user:admin@domain.com' ]);\n\n### setEtag\n\nUpdate the etag on the policy.\n\nExample: \n\n $builder-\u003esetEtag($oldPolicy['etag']);\n\n### setVersion\n\nUpdate the version of the policy.\n\nExample: \n\n $builder-\u003esetVersion(1);\n\n### result\n\nCreate a policy array with data in the correct format.\n\nExample: \n\n $policy = $builder-\u003eresult();"]]
