Struct google_cloudresourcemanager1::ProjectSetIamPolicyCall[][src]

pub struct ProjectSetIamPolicyCall<'a, C, A> where
    C: 'a,
    A: 'a,  { /* fields omitted */ }

Sets the IAM access control policy for the specified Project. Overwrites any existing policy.

The following constraints apply when using setIamPolicy():

  • Project does not support allUsers and allAuthenticatedUsers as members in a Binding of a Policy.

  • The owner role can be granted only to user and serviceAccount.

  • Service accounts can be made owners of a project directly without any restrictions. However, to be added as an owner, a user must be invited via Cloud Platform console and must accept the invitation.

  • A user cannot be granted the owner role using setIamPolicy(). The user must be granted the owner role using the Cloud Platform Console and must explicitly accept the invitation.

  • You can only grant ownership of a project to a member by using the GCP Console. Inviting a member will deliver an invitation email that they must accept. An invitation email is not generated if you are granting a role other than owner, or if both the member you are inviting and the project are part of your organization.

  • Membership changes that leave the project without any owners that have accepted the Terms of Service (ToS) will be rejected.

  • If the project is not part of an organization, there must be at least one owner who has accepted the Terms of Service (ToS) agreement in the policy. Calling setIamPolicy() to remove the last ToS-accepted owner from the policy will fail. This restriction also applies to legacy projects that no longer have owners who have accepted the ToS. Edits to IAM policies will be rejected until the lack of a ToS-accepting owner is rectified.

  • This method will replace the existing policy, and cannot be used to append additional IAM settings.

Note: Removing service accounts from policies or changing their roles can render services completely inoperable. It is important to understand how the service account is being used before removing or updating its roles.

Authorization requires the Google IAM permission resourcemanager.projects.setIamPolicy on the project

A builder for the setIamPolicy method supported by a project resource. It is not used directly, but through a ProjectMethods instance.

Example

Instantiate a resource method builder

use cloudresourcemanager1::SetIamPolicyRequest;
 
// As the method needs a request, you would usually fill it with the desired information
// into the respective structure. Some of the parts shown here might not be applicable !
// Values shown here are possibly random and not representative !
let mut req = SetIamPolicyRequest::default();
 
// You can configure optional parameters by calling the respective setters at will, and
// execute the final call using `doit()`.
// Values shown here are possibly random and not representative !
let result = hub.projects().set_iam_policy(req, "resource")
             .doit();

Methods

impl<'a, C, A> ProjectSetIamPolicyCall<'a, C, A> where
    C: BorrowMut<Client>,
    A: GetToken
[src]

Perform the operation you have build so far.

Sets the request property to the given value.

Even though the property as already been set when instantiating this call, we provide this method for API completeness.

REQUIRED: The resource for which the policy is being specified. See the operation documentation for the appropriate value for this field.

Sets the resource path property to the given value.

Even though the property as already been set when instantiating this call, we provide this method for API completeness.

The delegate implementation is consulted whenever there is an intermediate result, or if something goes wrong while executing the actual API request.

It should be used to handle progress information, and to implement a certain level of resilience.

Sets the delegate property to the given value.

Set any additional parameter of the query string used in the request. It should be used to set parameters which are not yet available through their own setters.

Please note that this method must not be used to set any of the known paramters which have their own setter method. If done anyway, the request will fail.

Additional Parameters

  • upload_protocol (query-string) - Upload protocol for media (e.g. "raw", "multipart").
  • prettyPrint (query-boolean) - Returns response with indentations and line breaks.
  • access_token (query-string) - OAuth access token.
  • fields (query-string) - Selector specifying which fields to include in a partial response.
  • quotaUser (query-string) - Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters.
  • callback (query-string) - JSONP
  • oauth_token (query-string) - OAuth 2.0 token for the current user.
  • key (query-string) - API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token.
  • uploadType (query-string) - Legacy upload protocol for media (e.g. "media", "multipart").
  • alt (query-string) - Data format for response.
  • $.xgafv (query-string) - V1 error format.

Identifies the authorization scope for the method you are building.

Use this method to actively specify which scope should be used, instead the default Scope variant Scope::CloudPlatform.

The scope will be added to a set of scopes. This is important as one can maintain access tokens for more than one scope. If None is specified, then all scopes will be removed and no default scope will be used either. In that case, you have to specify your API-key using the key parameter (see the param() function for details).

Usually there is more than one suitable scope to authorize an operation, some of which may encompass more rights than others. For example, for listing resources, a read-only scope will be sufficient, a read-write scope will do as well.

Trait Implementations

impl<'a, C, A> CallBuilder for ProjectSetIamPolicyCall<'a, C, A>
[src]

Auto Trait Implementations

impl<'a, C, A> !Send for ProjectSetIamPolicyCall<'a, C, A>

impl<'a, C, A> !Sync for ProjectSetIamPolicyCall<'a, C, A>