<html><body>
<style>

body, h1, h2, h3, div, span, p, pre, a {
  margin: 0;
  padding: 0;
  border: 0;
  font-weight: inherit;
  font-style: inherit;
  font-size: 100%;
  font-family: inherit;
  vertical-align: baseline;
}

body {
  font-size: 13px;
  padding: 1em;
}

h1 {
  font-size: 26px;
  margin-bottom: 1em;
}

h2 {
  font-size: 24px;
  margin-bottom: 1em;
}

h3 {
  font-size: 20px;
  margin-bottom: 1em;
  margin-top: 1em;
}

pre, code {
  line-height: 1.5;
  font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
}

pre {
  margin-top: 0.5em;
}

h1, h2, h3, p {
  font-family: Arial, sans serif;
}

h1, h2, h3 {
  border-bottom: solid #CCC 1px;
}

.toc_element {
  margin-top: 0.5em;
}

.firstline {
  margin-left: 2 em;
}

.method  {
  margin-top: 1em;
  border: solid 1px #CCC;
  padding: 1em;
  background: #EEE;
}

.details {
  font-weight: bold;
  font-size: 14px;
}

</style>

<h1><a href="iam_v1.html">Identity and Access Management (IAM) API</a> . <a href="iam_v1.projects.html">projects</a> . <a href="iam_v1.projects.roles.html">roles</a></h1>
<h2>Instance Methods</h2>
<p class="toc_element">
  <code><a href="#create">create(parent, body=None, x__xgafv=None)</a></code></p>
<p class="firstline">Creates a new custom Role.</p>
<p class="toc_element">
  <code><a href="#delete">delete(name, etag=None, x__xgafv=None)</a></code></p>
<p class="firstline">Deletes a custom Role.</p>
<p class="toc_element">
  <code><a href="#get">get(name, x__xgafv=None)</a></code></p>
<p class="firstline">Gets the definition of a Role.</p>
<p class="toc_element">
  <code><a href="#list">list(parent, pageSize=None, view=None, showDeleted=None, pageToken=None, x__xgafv=None)</a></code></p>
<p class="firstline">Lists every predefined Role that IAM supports, or every custom role</p>
<p class="toc_element">
  <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>
<p class="firstline">Retrieves the next page of results.</p>
<p class="toc_element">
  <code><a href="#patch">patch(name, body=None, updateMask=None, x__xgafv=None)</a></code></p>
<p class="firstline">Updates the definition of a custom Role.</p>
<p class="toc_element">
  <code><a href="#undelete">undelete(name, body=None, x__xgafv=None)</a></code></p>
<p class="firstline">Undeletes a custom Role.</p>
<h3>Method Details</h3>
<div class="method">
    <code class="details" id="create">create(parent, body=None, x__xgafv=None)</code>
  <pre>Creates a new custom Role.

Args:
  parent: string, The `parent` parameter&#x27;s value depends on the target resource for the
request, namely
[`projects`](/iam/reference/rest/v1/projects.roles) or
[`organizations`](/iam/reference/rest/v1/organizations.roles). Each
resource type&#x27;s `parent` value format is described below:

* [`projects.roles.create()`](/iam/reference/rest/v1/projects.roles/create):
  `projects/{PROJECT_ID}`. This method creates project-level
  [custom roles](/iam/docs/understanding-custom-roles).
  Example request URL:
  `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles`

* [`organizations.roles.create()`](/iam/reference/rest/v1/organizations.roles/create):
  `organizations/{ORGANIZATION_ID}`. This method creates organization-level
  [custom roles](/iam/docs/understanding-custom-roles). Example request
  URL:
  `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles`

Note: Wildcard (*) values are invalid; you must specify a complete project
ID or organization ID. (required)
  body: object, The request body.
    The object takes the form of:

{ # The request to create a new role.
    &quot;role&quot;: { # A role in the Identity and Access Management API. # The Role resource to create.
        &quot;name&quot;: &quot;A String&quot;, # The name of the role.
            #
            # When Role is used in CreateRole, the role name must not be set.
            #
            # When Role is used in output and other input such as UpdateRole, the role
            # name is the complete path, e.g., roles/logging.viewer for predefined roles
            # and organizations/{ORGANIZATION_ID}/roles/logging.viewer for custom roles.
        &quot;deleted&quot;: True or False, # The current deleted state of the role. This field is read only.
            # It will be ignored in calls to CreateRole and UpdateRole.
        &quot;title&quot;: &quot;A String&quot;, # Optional. A human-readable title for the role.  Typically this
            # is limited to 100 UTF-8 bytes.
        &quot;description&quot;: &quot;A String&quot;, # Optional. A human-readable description for the role.
        &quot;etag&quot;: &quot;A String&quot;, # Used to perform a consistent read-modify-write.
        &quot;includedPermissions&quot;: [ # The names of the permissions this role grants when bound in an IAM policy.
          &quot;A String&quot;,
        ],
        &quot;stage&quot;: &quot;A String&quot;, # The current launch stage of the role. If the `ALPHA` launch stage has been
            # selected for a role, the `stage` field will not be included in the
            # returned definition for the role.
      },
    &quot;roleId&quot;: &quot;A String&quot;, # The role ID to use for this role.
        # 
        # A role ID may contain alphanumeric characters, underscores (`_`), and
        # periods (`.`). It must contain a minimum of 3 characters and a maximum of
        # 64 characters.
  }

  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # A role in the Identity and Access Management API.
      &quot;name&quot;: &quot;A String&quot;, # The name of the role.
          #
          # When Role is used in CreateRole, the role name must not be set.
          #
          # When Role is used in output and other input such as UpdateRole, the role
          # name is the complete path, e.g., roles/logging.viewer for predefined roles
          # and organizations/{ORGANIZATION_ID}/roles/logging.viewer for custom roles.
      &quot;deleted&quot;: True or False, # The current deleted state of the role. This field is read only.
          # It will be ignored in calls to CreateRole and UpdateRole.
      &quot;title&quot;: &quot;A String&quot;, # Optional. A human-readable title for the role.  Typically this
          # is limited to 100 UTF-8 bytes.
      &quot;description&quot;: &quot;A String&quot;, # Optional. A human-readable description for the role.
      &quot;etag&quot;: &quot;A String&quot;, # Used to perform a consistent read-modify-write.
      &quot;includedPermissions&quot;: [ # The names of the permissions this role grants when bound in an IAM policy.
        &quot;A String&quot;,
      ],
      &quot;stage&quot;: &quot;A String&quot;, # The current launch stage of the role. If the `ALPHA` launch stage has been
          # selected for a role, the `stage` field will not be included in the
          # returned definition for the role.
    }</pre>
</div>

<div class="method">
    <code class="details" id="delete">delete(name, etag=None, x__xgafv=None)</code>
  <pre>Deletes a custom Role.

When you delete a custom role, the following changes occur immediately:

* You cannot bind a member to the custom role in an IAM
Policy.
* Existing bindings to the custom role are not changed, but they have no
effect.
* By default, the response from ListRoles does not include the custom
role.

You have 7 days to undelete the custom role. After 7 days, the following
changes occur:

* The custom role is permanently deleted and cannot be recovered.
* If an IAM policy contains a binding to the custom role, the binding is
permanently removed.

Args:
  name: string, The `name` parameter&#x27;s value depends on the target resource for the
request, namely
[`projects`](/iam/reference/rest/v1/projects.roles) or
[`organizations`](/iam/reference/rest/v1/organizations.roles). Each
resource type&#x27;s `name` value format is described below:

* [`projects.roles.delete()`](/iam/reference/rest/v1/projects.roles/delete):
  `projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method deletes only
  [custom roles](/iam/docs/understanding-custom-roles) that have been
  created at the project level. Example request URL:
  `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`

* [`organizations.roles.delete()`](/iam/reference/rest/v1/organizations.roles/delete):
  `organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This method
  deletes only [custom roles](/iam/docs/understanding-custom-roles) that
  have been created at the organization level. Example request URL:
  `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`

Note: Wildcard (*) values are invalid; you must specify a complete project
ID or organization ID. (required)
  etag: string, Used to perform a consistent read-modify-write.
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # A role in the Identity and Access Management API.
      &quot;name&quot;: &quot;A String&quot;, # The name of the role.
          #
          # When Role is used in CreateRole, the role name must not be set.
          #
          # When Role is used in output and other input such as UpdateRole, the role
          # name is the complete path, e.g., roles/logging.viewer for predefined roles
          # and organizations/{ORGANIZATION_ID}/roles/logging.viewer for custom roles.
      &quot;deleted&quot;: True or False, # The current deleted state of the role. This field is read only.
          # It will be ignored in calls to CreateRole and UpdateRole.
      &quot;title&quot;: &quot;A String&quot;, # Optional. A human-readable title for the role.  Typically this
          # is limited to 100 UTF-8 bytes.
      &quot;description&quot;: &quot;A String&quot;, # Optional. A human-readable description for the role.
      &quot;etag&quot;: &quot;A String&quot;, # Used to perform a consistent read-modify-write.
      &quot;includedPermissions&quot;: [ # The names of the permissions this role grants when bound in an IAM policy.
        &quot;A String&quot;,
      ],
      &quot;stage&quot;: &quot;A String&quot;, # The current launch stage of the role. If the `ALPHA` launch stage has been
          # selected for a role, the `stage` field will not be included in the
          # returned definition for the role.
    }</pre>
</div>

<div class="method">
    <code class="details" id="get">get(name, x__xgafv=None)</code>
  <pre>Gets the definition of a Role.

Args:
  name: string, The `name` parameter&#x27;s value depends on the target resource for the
request, namely
[`roles`](/iam/reference/rest/v1/roles),
[`projects`](/iam/reference/rest/v1/projects.roles), or
[`organizations`](/iam/reference/rest/v1/organizations.roles). Each
resource type&#x27;s `name` value format is described below:

* [`roles.get()`](/iam/reference/rest/v1/roles/get): `roles/{ROLE_NAME}`.
  This method returns results from all
  [predefined roles](/iam/docs/understanding-roles#predefined_roles) in
  Cloud IAM. Example request URL:
  `https://iam.googleapis.com/v1/roles/{ROLE_NAME}`

* [`projects.roles.get()`](/iam/reference/rest/v1/projects.roles/get):
  `projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method returns only
  [custom roles](/iam/docs/understanding-custom-roles) that have been
  created at the project level. Example request URL:
  `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`

* [`organizations.roles.get()`](/iam/reference/rest/v1/organizations.roles/get):
  `organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This method
  returns only [custom roles](/iam/docs/understanding-custom-roles) that
  have been created at the organization level. Example request URL:
  `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`

Note: Wildcard (*) values are invalid; you must specify a complete project
ID or organization ID. (required)
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # A role in the Identity and Access Management API.
      &quot;name&quot;: &quot;A String&quot;, # The name of the role.
          #
          # When Role is used in CreateRole, the role name must not be set.
          #
          # When Role is used in output and other input such as UpdateRole, the role
          # name is the complete path, e.g., roles/logging.viewer for predefined roles
          # and organizations/{ORGANIZATION_ID}/roles/logging.viewer for custom roles.
      &quot;deleted&quot;: True or False, # The current deleted state of the role. This field is read only.
          # It will be ignored in calls to CreateRole and UpdateRole.
      &quot;title&quot;: &quot;A String&quot;, # Optional. A human-readable title for the role.  Typically this
          # is limited to 100 UTF-8 bytes.
      &quot;description&quot;: &quot;A String&quot;, # Optional. A human-readable description for the role.
      &quot;etag&quot;: &quot;A String&quot;, # Used to perform a consistent read-modify-write.
      &quot;includedPermissions&quot;: [ # The names of the permissions this role grants when bound in an IAM policy.
        &quot;A String&quot;,
      ],
      &quot;stage&quot;: &quot;A String&quot;, # The current launch stage of the role. If the `ALPHA` launch stage has been
          # selected for a role, the `stage` field will not be included in the
          # returned definition for the role.
    }</pre>
</div>

<div class="method">
    <code class="details" id="list">list(parent, pageSize=None, view=None, showDeleted=None, pageToken=None, x__xgafv=None)</code>
  <pre>Lists every predefined Role that IAM supports, or every custom role
that is defined for an organization or project.

Args:
  parent: string, The `parent` parameter&#x27;s value depends on the target resource for the
request, namely
[`roles`](/iam/reference/rest/v1/roles),
[`projects`](/iam/reference/rest/v1/projects.roles), or
[`organizations`](/iam/reference/rest/v1/organizations.roles). Each
resource type&#x27;s `parent` value format is described below:

* [`roles.list()`](/iam/reference/rest/v1/roles/list): An empty string.
  This method doesn&#x27;t require a resource; it simply returns all
  [predefined roles](/iam/docs/understanding-roles#predefined_roles) in
  Cloud IAM. Example request URL:
  `https://iam.googleapis.com/v1/roles`

* [`projects.roles.list()`](/iam/reference/rest/v1/projects.roles/list):
  `projects/{PROJECT_ID}`. This method lists all project-level
  [custom roles](/iam/docs/understanding-custom-roles).
  Example request URL:
  `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles`

* [`organizations.roles.list()`](/iam/reference/rest/v1/organizations.roles/list):
  `organizations/{ORGANIZATION_ID}`. This method lists all
  organization-level [custom roles](/iam/docs/understanding-custom-roles).
  Example request URL:
  `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles`

Note: Wildcard (*) values are invalid; you must specify a complete project
ID or organization ID. (required)
  pageSize: integer, Optional limit on the number of roles to include in the response.

The default is 300, and the maximum is 1,000.
  view: string, Optional view for the returned Role objects. When `FULL` is specified,
the `includedPermissions` field is returned, which includes a list of all
permissions in the role. The default value is `BASIC`, which does not
return the `includedPermissions` field.
  showDeleted: boolean, Include Roles that have been deleted.
  pageToken: string, Optional pagination token returned in an earlier ListRolesResponse.
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # The response containing the roles defined under a resource.
    &quot;nextPageToken&quot;: &quot;A String&quot;, # To retrieve the next page of results, set
        # `ListRolesRequest.page_token` to this value.
    &quot;roles&quot;: [ # The Roles defined on this resource.
      { # A role in the Identity and Access Management API.
          &quot;name&quot;: &quot;A String&quot;, # The name of the role.
              #
              # When Role is used in CreateRole, the role name must not be set.
              #
              # When Role is used in output and other input such as UpdateRole, the role
              # name is the complete path, e.g., roles/logging.viewer for predefined roles
              # and organizations/{ORGANIZATION_ID}/roles/logging.viewer for custom roles.
          &quot;deleted&quot;: True or False, # The current deleted state of the role. This field is read only.
              # It will be ignored in calls to CreateRole and UpdateRole.
          &quot;title&quot;: &quot;A String&quot;, # Optional. A human-readable title for the role.  Typically this
              # is limited to 100 UTF-8 bytes.
          &quot;description&quot;: &quot;A String&quot;, # Optional. A human-readable description for the role.
          &quot;etag&quot;: &quot;A String&quot;, # Used to perform a consistent read-modify-write.
          &quot;includedPermissions&quot;: [ # The names of the permissions this role grants when bound in an IAM policy.
            &quot;A String&quot;,
          ],
          &quot;stage&quot;: &quot;A String&quot;, # The current launch stage of the role. If the `ALPHA` launch stage has been
              # selected for a role, the `stage` field will not be included in the
              # returned definition for the role.
        },
    ],
  }</pre>
</div>

<div class="method">
    <code class="details" id="list_next">list_next(previous_request, previous_response)</code>
  <pre>Retrieves the next page of results.

Args:
  previous_request: The request for the previous page. (required)
  previous_response: The response from the request for the previous page. (required)

Returns:
  A request object that you can call &#x27;execute()&#x27; on to request the next
  page. Returns None if there are no more items in the collection.
    </pre>
</div>

<div class="method">
    <code class="details" id="patch">patch(name, body=None, updateMask=None, x__xgafv=None)</code>
  <pre>Updates the definition of a custom Role.

Args:
  name: string, The `name` parameter&#x27;s value depends on the target resource for the
request, namely
[`projects`](/iam/reference/rest/v1/projects.roles) or
[`organizations`](/iam/reference/rest/v1/organizations.roles). Each
resource type&#x27;s `name` value format is described below:

* [`projects.roles.patch()`](/iam/reference/rest/v1/projects.roles/patch):
  `projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method updates only
  [custom roles](/iam/docs/understanding-custom-roles) that have been
  created at the project level. Example request URL:
  `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`

* [`organizations.roles.patch()`](/iam/reference/rest/v1/organizations.roles/patch):
  `organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This method
  updates only [custom roles](/iam/docs/understanding-custom-roles) that
  have been created at the organization level. Example request URL:
  `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`

Note: Wildcard (*) values are invalid; you must specify a complete project
ID or organization ID. (required)
  body: object, The request body.
    The object takes the form of:

{ # A role in the Identity and Access Management API.
    &quot;name&quot;: &quot;A String&quot;, # The name of the role.
        # 
        # When Role is used in CreateRole, the role name must not be set.
        # 
        # When Role is used in output and other input such as UpdateRole, the role
        # name is the complete path, e.g., roles/logging.viewer for predefined roles
        # and organizations/{ORGANIZATION_ID}/roles/logging.viewer for custom roles.
    &quot;deleted&quot;: True or False, # The current deleted state of the role. This field is read only.
        # It will be ignored in calls to CreateRole and UpdateRole.
    &quot;title&quot;: &quot;A String&quot;, # Optional. A human-readable title for the role.  Typically this
        # is limited to 100 UTF-8 bytes.
    &quot;description&quot;: &quot;A String&quot;, # Optional. A human-readable description for the role.
    &quot;etag&quot;: &quot;A String&quot;, # Used to perform a consistent read-modify-write.
    &quot;includedPermissions&quot;: [ # The names of the permissions this role grants when bound in an IAM policy.
      &quot;A String&quot;,
    ],
    &quot;stage&quot;: &quot;A String&quot;, # The current launch stage of the role. If the `ALPHA` launch stage has been
        # selected for a role, the `stage` field will not be included in the
        # returned definition for the role.
  }

  updateMask: string, A mask describing which fields in the Role have changed.
  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # A role in the Identity and Access Management API.
      &quot;name&quot;: &quot;A String&quot;, # The name of the role.
          #
          # When Role is used in CreateRole, the role name must not be set.
          #
          # When Role is used in output and other input such as UpdateRole, the role
          # name is the complete path, e.g., roles/logging.viewer for predefined roles
          # and organizations/{ORGANIZATION_ID}/roles/logging.viewer for custom roles.
      &quot;deleted&quot;: True or False, # The current deleted state of the role. This field is read only.
          # It will be ignored in calls to CreateRole and UpdateRole.
      &quot;title&quot;: &quot;A String&quot;, # Optional. A human-readable title for the role.  Typically this
          # is limited to 100 UTF-8 bytes.
      &quot;description&quot;: &quot;A String&quot;, # Optional. A human-readable description for the role.
      &quot;etag&quot;: &quot;A String&quot;, # Used to perform a consistent read-modify-write.
      &quot;includedPermissions&quot;: [ # The names of the permissions this role grants when bound in an IAM policy.
        &quot;A String&quot;,
      ],
      &quot;stage&quot;: &quot;A String&quot;, # The current launch stage of the role. If the `ALPHA` launch stage has been
          # selected for a role, the `stage` field will not be included in the
          # returned definition for the role.
    }</pre>
</div>

<div class="method">
    <code class="details" id="undelete">undelete(name, body=None, x__xgafv=None)</code>
  <pre>Undeletes a custom Role.

Args:
  name: string, The `name` parameter&#x27;s value depends on the target resource for the
request, namely
[`projects`](/iam/reference/rest/v1/projects.roles) or
[`organizations`](/iam/reference/rest/v1/organizations.roles). Each
resource type&#x27;s `name` value format is described below:

* [`projects.roles.undelete()`](/iam/reference/rest/v1/projects.roles/undelete):
  `projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`. This method undeletes
  only [custom roles](/iam/docs/understanding-custom-roles) that have been
  created at the project level. Example request URL:
  `https://iam.googleapis.com/v1/projects/{PROJECT_ID}/roles/{CUSTOM_ROLE_ID}`

* [`organizations.roles.undelete()`](/iam/reference/rest/v1/organizations.roles/undelete):
  `organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`. This method
  undeletes only [custom roles](/iam/docs/understanding-custom-roles) that
  have been created at the organization level. Example request URL:
  `https://iam.googleapis.com/v1/organizations/{ORGANIZATION_ID}/roles/{CUSTOM_ROLE_ID}`

Note: Wildcard (*) values are invalid; you must specify a complete project
ID or organization ID. (required)
  body: object, The request body.
    The object takes the form of:

{ # The request to undelete an existing role.
    &quot;etag&quot;: &quot;A String&quot;, # Used to perform a consistent read-modify-write.
  }

  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # A role in the Identity and Access Management API.
      &quot;name&quot;: &quot;A String&quot;, # The name of the role.
          #
          # When Role is used in CreateRole, the role name must not be set.
          #
          # When Role is used in output and other input such as UpdateRole, the role
          # name is the complete path, e.g., roles/logging.viewer for predefined roles
          # and organizations/{ORGANIZATION_ID}/roles/logging.viewer for custom roles.
      &quot;deleted&quot;: True or False, # The current deleted state of the role. This field is read only.
          # It will be ignored in calls to CreateRole and UpdateRole.
      &quot;title&quot;: &quot;A String&quot;, # Optional. A human-readable title for the role.  Typically this
          # is limited to 100 UTF-8 bytes.
      &quot;description&quot;: &quot;A String&quot;, # Optional. A human-readable description for the role.
      &quot;etag&quot;: &quot;A String&quot;, # Used to perform a consistent read-modify-write.
      &quot;includedPermissions&quot;: [ # The names of the permissions this role grants when bound in an IAM policy.
        &quot;A String&quot;,
      ],
      &quot;stage&quot;: &quot;A String&quot;, # The current launch stage of the role. If the `ALPHA` launch stage has been
          # selected for a role, the `stage` field will not be included in the
          # returned definition for the role.
    }</pre>
</div>

</body></html>