Announcement: All noncommercial projects registered to use Earth Engine before
April 15, 2025 must
verify noncommercial eligibility to maintain Earth Engine access.
Method: projects.assets.testIamPermissions
Stay organized with collections
Save and categorize content based on your preferences.
Returns permissions that a caller has on the specified resource. If the resource does not exist, this will return an empty set of permissions, not a NOT_FOUND error.
Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may "fail open" without warning.
HTTP request
POST https://earthengine.googleapis.com/v1/{resource=projects/*/assets/**}:testIamPermissions
The URL uses gRPC Transcoding syntax.
Path parameters
| Parameters |
resource |
string
REQUIRED: The resource for which the policy detail is being requested. See Resource names for the appropriate value for this field.
|
Request body
The request body contains data with the following structure:
| JSON representation |
{
"permissions": [
string
]
} |
| Fields |
permissions[] |
string
The set of permissions to check for the resource. Permissions with wildcards (such as * or storage.*) are not allowed. For more information see IAM Overview.
|
Response body
If successful, the response body contains an instance of TestIamPermissionsResponse.
Authorization scopes
Requires one of the following OAuth scopes:
https://www.googleapis.com/auth/earthengine
https://www.googleapis.com/auth/earthengine.readonly
https://www.googleapis.com/auth/cloud-platform
https://www.googleapis.com/auth/cloud-platform.read-only
For more information, see the OAuth 2.0 Overview.
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-03-06 UTC.
[null,null,["Last updated 2025-03-06 UTC."],[[["\u003cp\u003eReturns caller permissions for a specified Earth Engine resource, even if the resource doesn't exist, providing an empty set instead of an error.\u003c/p\u003e\n"],["\u003cp\u003ePrimarily designed for building permission-aware user interfaces and command-line tools, not for strict authorization checks.\u003c/p\u003e\n"],["\u003cp\u003eAccepts a list of specific permissions to check against the resource, using a POST request to a defined endpoint.\u003c/p\u003e\n"],["\u003cp\u003eRequires specific OAuth scopes for authentication, like \u003ccode\u003ehttps://www.googleapis.com/auth/earthengine\u003c/code\u003e or \u003ccode\u003ehttps://www.googleapis.com/auth/cloud-platform\u003c/code\u003e.\u003c/p\u003e\n"]]],["This endpoint, using a POST request to the specified URL, retrieves a caller's permissions for a given resource. It requires the resource path as a parameter and a JSON request body with a list of permissions to check. Wildcard permissions are not permitted. The response indicates the permissions held, returning an empty set if the resource doesn't exist. This is designed for UI/tool development, not for authorization checks, and can \"fail open.\" OAuth scopes are required for authorization.\n"],null,["# Method: projects.assets.testIamPermissions\n\nReturns permissions that a caller has on the specified resource. If the resource does not exist, this will return an empty set of permissions, not a NOT_FOUND error.\n\nNote: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may \"fail open\" without warning.\n\n### HTTP request\n\n`POST https://earthengine.googleapis.com/v1/{resource=projects/*/assets/**}:testIamPermissions`\n\nThe URL uses [gRPC Transcoding](https://google.aip.dev/127) syntax.\n\n### Path parameters\n\n| Parameters ||\n|------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| `resource` | `string` REQUIRED: The resource for which the policy detail is being requested. See [Resource names](https://cloud.google.com/apis/design/resource_names) for the appropriate value for this field. |\n\n### Request body\n\nThe request body contains data with the following structure:\n\n| JSON representation |\n|---------------------------------------|\n| ``` { \"permissions\": [ string ] } ``` |\n\n| Fields ||\n|-----------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| `permissions[]` | `string` The set of permissions to check for the `resource`. Permissions with wildcards (such as `*` or `storage.*`) are not allowed. For more information see [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions). |\n\n### Response body\n\nIf successful, the response body contains an instance of [TestIamPermissionsResponse](/earth-engine/reference/rest/Shared.Types/TestIamPermissionsResponse).\n\n### Authorization scopes\n\nRequires one of the following OAuth scopes:\n\n- `https://www.googleapis.com/auth/earthengine`\n- `\n https://www.googleapis.com/auth/earthengine.readonly`\n- `\n https://www.googleapis.com/auth/cloud-platform`\n- `\n https://www.googleapis.com/auth/cloud-platform.read-only`\n\nFor more information, see the [OAuth 2.0 Overview](/identity/protocols/OAuth2)."]]