roles

Creates, updates, deletes, gets or lists a roles resource.

Overview

Name	`roles`
Type	Resource
Id	`google.iam.roles`

Fields

Name	Datatype	Description
`name`	`string`	The name of the role. When `Role` is used in `CreateRole`, the role name must not be set. When `Role` is used in output and other input such as `UpdateRole`, the role name is the complete path. For example, `roles/logging.viewer` for predefined roles, `organizations/{ORGANIZATION_ID}/roles/myRole` for organization-level custom roles, and `projects/{PROJECT_ID}/roles/myRole` for project-level custom roles.
`description`	`string`	Optional. A human-readable description for the role.
`deleted`	`boolean`	The current deleted state of the role. This field is read only. It will be ignored in calls to CreateRole and UpdateRole.
`etag`	`string`	Used to perform a consistent read-modify-write.
`includedPermissions`	`array`	The names of the permissions this role grants when bound in an IAM policy.
`stage`	`string`	The current launch stage of the role. If the `ALPHA` launch stage has been selected for a role, the `stage` field will not be included in the returned definition for the role.
`title`	`string`	Optional. A human-readable title for the role. Typically this is limited to 100 UTF-8 bytes.

Methods

Name	Accessible by	Required Params	Description
`get`	`SELECT`	`rolesId`	Gets the definition of a Role.
`get_org_roles`	`SELECT`	`organizationsId, rolesId`	Gets the definition of a Role.
`get_project_roles`	`SELECT`	`projectsId, rolesId`	Gets the definition of a Role.
`list`	`SELECT`		Lists every predefined Role that IAM supports, or every custom role that is defined for an organization or project.
`list_org_roles`	`SELECT`	`organizationsId`	Lists every predefined Role that IAM supports, or every custom role that is defined for an organization or project.
`list_project_roles`	`SELECT`	`projectsId`	Lists every predefined Role that IAM supports, or every custom role that is defined for an organization or project.
`create_org_roles`	`INSERT`	`organizationsId`	Creates a new custom Role.
`create_project_roles`	`INSERT`	`projectsId`	Creates a new custom Role.
`delete_org_roles`	`DELETE`	`organizationsId, rolesId`	Deletes a custom Role. When you delete a custom role, the following changes occur immediately: You cannot bind a principal to the custom role in an IAM Policy. Existing bindings to the custom role are not changed, but they have no effect. By default, the response from ListRoles does not include the custom role. A deleted custom role still counts toward the custom role limit until it is permanently deleted. You have 7 days to undelete the custom role. After 7 days, the following changes occur: The custom role is permanently deleted and cannot be recovered. If an IAM policy contains a binding to the custom role, the binding is permanently removed. The custom role no longer counts toward your custom role limit.
`delete_project_roles`	`DELETE`	`projectsId, rolesId`	Deletes a custom Role. When you delete a custom role, the following changes occur immediately: You cannot bind a principal to the custom role in an IAM Policy. Existing bindings to the custom role are not changed, but they have no effect. By default, the response from ListRoles does not include the custom role. A deleted custom role still counts toward the custom role limit until it is permanently deleted. You have 7 days to undelete the custom role. After 7 days, the following changes occur: The custom role is permanently deleted and cannot be recovered. If an IAM policy contains a binding to the custom role, the binding is permanently removed. The custom role no longer counts toward your custom role limit.
`patch_org_roles`	`UPDATE`	`organizationsId, rolesId`	Updates the definition of a custom Role.
`patch_project_roles`	`UPDATE`	`projectsId, rolesId`	Updates the definition of a custom Role.
`query_grantable_roles`	`EXEC`		Lists roles that can be granted on a Google Cloud resource. A role is grantable if the IAM policy for the resource can contain bindings to the role.
`undelete_org_roles`	`EXEC`	`organizationsId, rolesId`	Undeletes a custom Role.
`undelete_project_roles`	`EXEC`	`projectsId, rolesId`	Undeletes a custom Role.

`SELECT` examples

Lists every predefined Role that IAM supports, or every custom role that is defined for an organization or project.

SELECT
name,
description,
deleted,
etag,
includedPermissions,
stage,
title
FROM google.iam.roles
;

`INSERT` example

Use the following StackQL query and manifest file to create a new roles resource.

All Properties
Manifest

/*+ create */
INSERT INTO google.iam.roles (
projectsId,
roleId,
role
)
SELECT 
'{{ projectsId }}',
'{{ roleId }}',
'{{ role }}'
;

- name: your_resource_model_name
  props:
    - name: roleId
      value: string
    - name: role
      value:
        - name: name
          value: string
        - name: title
          value: string
        - name: description
          value: string
        - name: includedPermissions
          value:
            - string
        - name: stage
          value: string
        - name: etag
          value: string
        - name: deleted
          value: boolean

`UPDATE` example

Updates a roles resource.

/*+ update */
UPDATE google.iam.roles
SET 
name = '{{ name }}',
title = '{{ title }}',
description = '{{ description }}',
includedPermissions = '{{ includedPermissions }}',
stage = '{{ stage }}',
etag = '{{ etag }}',
deleted = true|false
WHERE 
projectsId = '{{ projectsId }}'
AND rolesId = '{{ rolesId }}';

`DELETE` example

Deletes the specified roles resource.

/*+ delete */
DELETE FROM google.iam.roles
WHERE projectsId = '{{ projectsId }}'
AND rolesId = '{{ rolesId }}';

Overview​

Fields​

Methods​

SELECT examples​

INSERT example​

UPDATE example​

DELETE example​