List Scope Access
const url = 'https://example.com/iam/v1/scopes/example/example/access';const options = {method: 'GET'};
try { const response = await fetch(url, options); const data = await response.json(); console.log(data);} catch (error) { console.error(error);}curl --request GET \ --url https://example.com/iam/v1/scopes/example/example/accessReturns every principal with effective access at a scope, each role tagged direct or inherited (rolled down from ancestor scopes).
Parameters
Section titled “ Parameters ”Path Parameters
Section titled “Path Parameters ”The scope type: ORGANISATION, WORKSPACE, or GROUP.
The unique identifier of the scope.
Query Parameters
Section titled “Query Parameters ”The maximum number of entries to return. The service may return fewer than this value. If unspecified, at most 20 entries will be returned. The maximum value is 100; values above 100 will be coerced to 100.
A page token from a previous ListScopeAccess call.
AIP-160 filter expression.
AIP-132 order_by expression.
Responses
Section titled “ Responses ”OK
ListScopeAccessResponse
Response message for ListScopeAccess.
object
One entry per principal with effective access at the requested scope.
One principal’s effective access at a scope: the principal plus every role they hold there, each tagged direct/inherited.
object
The principal that has access.
object
The unique identifier of the principal.
Polymorphic human-readable label — a Person’s “name surname” or a service account’s service email.
The lifecycle status of the principal.
The discriminated kind of the principal.
Best-effort last-authentication instant; absent until the principal first authenticates.
The timestamp when the principal was created.
The timestamp when the principal was last updated.
Every effective role the principal holds at the requested scope.
A single effective role a principal holds at a scope, tagged with its origin.
object
The unique identifier of the role.
The human-readable name of the role.
Whether the role is direct or inherited.
The scope type the role was inherited from; empty when origin is DIRECT.
The scope id the role was inherited from; empty when origin is DIRECT.
A token to retrieve the next page; empty when there are no further pages.
Example
{ "entries": [ { "principal": { "status": "PRINCIPAL_STATUS_UNSPECIFIED", "type": "PRINCIPAL_TYPE_UNSPECIFIED" }, "roles": [ { "origin": "ROLE_ORIGIN_UNSPECIFIED" } ] } ]}default
Section titled “default ”Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
object
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
A list of messages that carry the error details. There is a common set of message types for APIs to use.
Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.
object
The type of the serialized message.
Example generated
{ "code": 1, "message": "example", "details": [ { "@type": "example" } ]}