Get a connection's IAM policy

Get the current Identity and Access Management (IAM) policy for a BigQuery connection. The policy defines which principals have what permissions on the connection resource.

Code sample

Node.js

Before trying this sample, follow the Node.js setup instructions in the BigQuery quickstart using client libraries . For more information, see the BigQuery Node.js API reference documentation .

To authenticate to BigQuery, set up Application Default Credentials. For more information, see Set up authentication for client libraries .

  const 
  
 { 
 ConnectionServiceClient 
 } 
  
 = 
  
 require 
 ( 
 ' @google-cloud/bigquery-connection 
' 
 ). 
 v1 
 ; 
 const 
  
 { 
 status 
 } 
  
 = 
  
 require 
 ( 
 '@grpc/grpc-js' 
 ); 
 const 
  
 client 
  
 = 
  
 new 
  
  ConnectionServiceClient 
 
 (); 
 /** 
 * Gets the IAM policy for a BigQuery connection. 
 * @param {string} projectId Google Cloud project ID (for example, 'example-project-id'). 
 * @param {string} location The location of the connection (for example, 'us'). 
 * @param {string} connectionId The connection ID (for example, 'example-connection'). 
 */ 
 async 
  
 function 
  
 getIamPolicy 
 ( 
 projectId 
 , 
  
 location 
 , 
  
 connectionId 
 ) 
  
 { 
  
 const 
  
 resource 
  
 = 
  
 client 
 . 
 connectionPath 
 ( 
 projectId 
 , 
  
 location 
 , 
  
 connectionId 
 ); 
  
 const 
  
 request 
  
 = 
  
 { 
  
 resource 
 , 
  
 }; 
  
 try 
  
 { 
  
 const 
  
 [ 
 policy 
 ] 
  
 = 
  
 await 
  
 client 
 . 
 getIamPolicy 
 ( 
 request 
 ); 
  
 console 
 . 
 log 
 ( 
  
 `Successfully retrieved IAM policy for connection: 
 ${ 
 connectionId 
 } 
 ` 
 , 
  
 ); 
  
 if 
  
 ( 
 policy 
 . 
 bindings 
 && 
 policy 
 . 
 bindings 
 . 
 length 
 > 
 0 
 ) 
  
 { 
  
 console 
 . 
 log 
 ( 
 'Bindings:' 
 ); 
  
 policy 
 . 
 bindings 
 . 
 forEach 
 ( 
 binding 
  
 = 
>  
 { 
  
 console 
 . 
 log 
 ( 
 `  Role: 
 ${ 
 binding 
 . 
 role 
 } 
 ` 
 ); 
  
 console 
 . 
 log 
 ( 
 '  Members:' 
 ); 
  
 binding 
 . 
 members 
 . 
 forEach 
 ( 
 member 
  
 = 
>  
 { 
  
 console 
 . 
 log 
 ( 
 `    - 
 ${ 
 member 
 } 
 ` 
 ); 
  
 }); 
  
 }); 
  
 } 
  
 else 
  
 { 
  
 console 
 . 
 log 
 ( 
 'No policy bindings found.' 
 ); 
  
 } 
  
 } 
  
 catch 
  
 ( 
 err 
 ) 
  
 { 
  
 if 
  
 ( 
 err 
 . 
 code 
  
 === 
  
 status 
 . 
 NOT_FOUND 
 ) 
  
 { 
  
 console 
 . 
 log 
 ( 
  
 `Connection ' 
 ${ 
 connectionId 
 } 
 ' not found in project ' 
 ${ 
 projectId 
 } 
 ' at location ' 
 ${ 
 location 
 } 
 '.` 
 , 
  
 ); 
  
 } 
  
 else 
  
 { 
  
 console 
 . 
 error 
 ( 
 'An error occurred while getting the IAM policy:' 
 , 
  
 err 
 ); 
  
 } 
  
 } 
 }

Python

Before trying this sample, follow the Python setup instructions in the BigQuery quickstart using client libraries . For more information, see the BigQuery Python API reference documentation .

To authenticate to BigQuery, set up Application Default Credentials. For more information, see Set up authentication for client libraries .

  import 
  
 google.api_core.exceptions 
 from 
  
 google.cloud 
  
 import 
  bigquery_connection_v1 
 
 client 
 = 
  bigquery_connection_v1 
 
 . 
  ConnectionServiceClient 
 
 () 
 def 
  
 get_connection_iam_policy 
 ( 
 project_id 
 : 
 str 
 , 
 location 
 : 
 str 
 , 
 connection_id 
 : 
 str 
 , 
 ): 
  
 """Gets the IAM policy of a connection. 
 Args: 
 project_id: The Google Cloud project ID. 
 location: The geographic location of the connection (for example, "us"). 
 connection_id: The ID of the connection. 
 """ 
 resource 
 = 
 client 
 . 
  connection_path 
 
 ( 
 project_id 
 , 
 location 
 , 
 connection_id 
 ) 
 try 
 : 
 policy 
 = 
 client 
 . 
  get_iam_policy 
 
 ( 
 resource 
 = 
 resource 
 ) 
 print 
 ( 
 f 
 "Successfully retrieved IAM policy for connection: 
 { 
 resource 
 } 
 " 
 ) 
 if 
 not 
 policy 
 . 
 bindings 
 : 
 print 
 ( 
 "This policy is empty and has no bindings." 
 ) 
 for 
 binding 
 in 
 policy 
 . 
 bindings 
 : 
 print 
 ( 
 f 
 "Role: 
 { 
 binding 
 . 
 role 
 } 
 " 
 ) 
 print 
 ( 
 "Members:" 
 ) 
 for 
 member 
 in 
 binding 
 . 
 members 
 : 
 print 
 ( 
 f 
 "    - 
 { 
 member 
 } 
 " 
 ) 
 except 
 google 
 . 
 api_core 
 . 
 exceptions 
 . 
 NotFound 
 : 
 print 
 ( 
 f 
 "Connection not found: 
 { 
 resource 
 } 
 " 
 )

What's next

To search and filter code samples for other Google Cloud products, see the Google Cloud sample browser .

Get a connection's IAM policy Stay organized with collections Save and categorize content based on your preferences.

Code sample

Node.js

Python

What's next

Get a connection's IAM policy