Skip to main content
Skip table of contents

policy

API

Manages IoT Core roles and permissions

Methods

queryGrantableRoles

GET /api/v/4/webhook/execute/{adminSystemKey}/policy?method=queryGrantableRoles
List all grantable roles on a specified resource.

getIamPolicy

GET /api/v/4/webhook/execute/{adminSystemKey}/policy?method=getIamPolicy
Get a specified resource’s IAM policy.

setIamPolicy

PUT /api/v/4/webhook/execute/{adminSystemKey}/policy?method=setIamPolicy
Set a specified resource’s IAM policy.

testIamPermissions

POST /api/v/4/webhook/execute/{adminSystemKey}/policy?method=testIamPermissions
Test whether a user has a list of permissions for a specified resource.

CbPolicy

TYPESCRIPT
type CbPolicy = CbBinding[]

type CbBinding = {
  role_id: string;
  members: {
    principal_type: "user" | "serviceAccount";
    principal: string;    
  }[]
}

Fields

role_id

The role to which the list of members are assigned.

members[]

A list of principals that are assigned to the role in the binding.

principal is the principal’s email.

principal_type is the kind of principal, such as a user or a service account.

IOTRole

TYPESCRIPT
interface IOTRole {
  id: string;
  name: string;
  permissions: string[];
  is_custom: boolean;
  description?: string;
  project_id: string;
}

Fields

id

The role’s unique identifier.

name

The role’s user-readable label.

permissions

A list of permissions that principals receive when assigned this role.

is_custom

Whether the role is built-in to IoT Core or user-created. User-created roles are not yet supported.

description

An optional description of the capabilities the role allows for principals.

project_id

The project’s unique identifier where this role is assignable.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.