Boundary Controller HTTP API
Role Service
Lists all Roles.
Request
Query Parameters
scope_id
string
recursive
boolean
filter
string
Response
Successful Response
items
object[]
Role contains all fields related to a Role resource
id
string
Output only. The ID of the Role.
scope_id
string
The ID of the Scope containing this Role.
scope
object
Output only. Scope information for this resource.
id
string
Output only. The ID of the Scope.
type
string
Output only. The type of the Scope.
name
string
Output only. The name of the Scope, if any.
description
string
Output only. The description of the Scope, if any.
parent_scope_id
string
Output only. The ID of the parent Scope, if any. This field will be empty if this is the "global" scope.
name
string
Optional name for identification purposes.
description
string
Optional user-set description for identification purposes.
created_time
string
Output only. The time this resource was created.
updated_time
string
Output only. The time this resource was last updated.
version
integer
Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.
grant_scope_id
string
The Scope the grants will apply to. If the Role is at the global scope, this can be an org or project. If the Role is at an org scope, this can be a project within the org. It is invalid for this to be anything other than the Role's scope when the Role's scope is a project.
principal_ids
string[]
principals
object[]
id
string
Output only. The ID of the principal.
type
string
Output only. The type of the principal.
scope_id
string
Output only. The Scope of the principal.
grant_strings
string[]
grants
object[]
raw
string
Output only. The original user-supplied string.
canonical
string
Output only. The canonically-formatted string.
json
object
Output only. The JSON representation of the grant.
id
string
Output only. The ID, if set.
type
string
Output only. The type, if set.
actions
string[]
authorized_actions
string[]
Creates a single Role.
Request
Body Parameters
scope_id
string
The ID of the Scope containing this Role.
name
string
Optional name for identification purposes.
description
string
Optional user-set description for identification purposes.
version
integer
Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.
grant_scope_id
string
The Scope the grants will apply to. If the Role is at the global scope, this can be an org or project. If the Role is at an org scope, this can be a project within the org. It is invalid for this to be anything other than the Role's scope when the Role's scope is a project.
Response
Successful Response
id
string
Output only. The ID of the Role.
scope_id
string
The ID of the Scope containing this Role.
scope
object
Output only. Scope information for this resource.
id
string
Output only. The ID of the Scope.
type
string
Output only. The type of the Scope.
name
string
Output only. The name of the Scope, if any.
description
string
Output only. The description of the Scope, if any.
parent_scope_id
string
Output only. The ID of the parent Scope, if any. This field will be empty if this is the "global" scope.
name
string
Optional name for identification purposes.
description
string
Optional user-set description for identification purposes.
created_time
string
Output only. The time this resource was created.
updated_time
string
Output only. The time this resource was last updated.
version
integer
Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.
grant_scope_id
string
The Scope the grants will apply to. If the Role is at the global scope, this can be an org or project. If the Role is at an org scope, this can be a project within the org. It is invalid for this to be anything other than the Role's scope when the Role's scope is a project.
principal_ids
string[]
principals
object[]
id
string
Output only. The ID of the principal.
type
string
Output only. The type of the principal.
scope_id
string
Output only. The Scope of the principal.
grant_strings
string[]
grants
object[]
raw
string
Output only. The original user-supplied string.
canonical
string
Output only. The canonically-formatted string.
json
object
Output only. The JSON representation of the grant.
id
string
Output only. The ID, if set.
type
string
Output only. The type, if set.
actions
string[]
authorized_actions
string[]
Gets a single Role.
Request
Path Parameters
id
string
RequiredResponse
Successful Response
id
string
Output only. The ID of the Role.
scope_id
string
The ID of the Scope containing this Role.
scope
object
Output only. Scope information for this resource.
id
string
Output only. The ID of the Scope.
type
string
Output only. The type of the Scope.
name
string
Output only. The name of the Scope, if any.
description
string
Output only. The description of the Scope, if any.
parent_scope_id
string
Output only. The ID of the parent Scope, if any. This field will be empty if this is the "global" scope.
name
string
Optional name for identification purposes.
description
string
Optional user-set description for identification purposes.
created_time
string
Output only. The time this resource was created.
updated_time
string
Output only. The time this resource was last updated.
version
integer
Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.
grant_scope_id
string
The Scope the grants will apply to. If the Role is at the global scope, this can be an org or project. If the Role is at an org scope, this can be a project within the org. It is invalid for this to be anything other than the Role's scope when the Role's scope is a project.
principal_ids
string[]
principals
object[]
id
string
Output only. The ID of the principal.
type
string
Output only. The type of the principal.
scope_id
string
Output only. The Scope of the principal.
grant_strings
string[]
grants
object[]
raw
string
Output only. The original user-supplied string.
canonical
string
Output only. The canonically-formatted string.
json
object
Output only. The JSON representation of the grant.
id
string
Output only. The ID, if set.
type
string
Output only. The type, if set.
actions
string[]
authorized_actions
string[]
Deletes a Role.
Request
Path Parameters
id
string
RequiredResponse
Successful Response
Updates a Role.
Request
Path Parameters
id
string
RequiredQuery Parameters
update_mask
string
Body Parameters
scope_id
string
The ID of the Scope containing this Role.
name
string
Optional name for identification purposes.
description
string
Optional user-set description for identification purposes.
version
integer
Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.
grant_scope_id
string
The Scope the grants will apply to. If the Role is at the global scope, this can be an org or project. If the Role is at an org scope, this can be a project within the org. It is invalid for this to be anything other than the Role's scope when the Role's scope is a project.
Response
Successful Response
id
string
Output only. The ID of the Role.
scope_id
string
The ID of the Scope containing this Role.
scope
object
Output only. Scope information for this resource.
id
string
Output only. The ID of the Scope.
type
string
Output only. The type of the Scope.
name
string
Output only. The name of the Scope, if any.
description
string
Output only. The description of the Scope, if any.
parent_scope_id
string
Output only. The ID of the parent Scope, if any. This field will be empty if this is the "global" scope.
name
string
Optional name for identification purposes.
description
string
Optional user-set description for identification purposes.
created_time
string
Output only. The time this resource was created.
updated_time
string
Output only. The time this resource was last updated.
version
integer
Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.
grant_scope_id
string
The Scope the grants will apply to. If the Role is at the global scope, this can be an org or project. If the Role is at an org scope, this can be a project within the org. It is invalid for this to be anything other than the Role's scope when the Role's scope is a project.
principal_ids
string[]
principals
object[]
id
string
Output only. The ID of the principal.
type
string
Output only. The type of the principal.
scope_id
string
Output only. The Scope of the principal.
grant_strings
string[]
grants
object[]
raw
string
Output only. The original user-supplied string.
canonical
string
Output only. The canonically-formatted string.
json
object
Output only. The JSON representation of the grant.
id
string
Output only. The ID, if set.
type
string
Output only. The type, if set.
actions
string[]
authorized_actions
string[]
Adds grants to a Role
Request
Path Parameters
id
string
RequiredBody Parameters
version
integer
Version is used to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.
grant_strings
string[]
Response
Successful Response
id
string
Output only. The ID of the Role.
scope_id
string
The ID of the Scope containing this Role.
scope
object
Output only. Scope information for this resource.
id
string
Output only. The ID of the Scope.
type
string
Output only. The type of the Scope.
name
string
Output only. The name of the Scope, if any.
description
string
Output only. The description of the Scope, if any.
parent_scope_id
string
Output only. The ID of the parent Scope, if any. This field will be empty if this is the "global" scope.
name
string
Optional name for identification purposes.
description
string
Optional user-set description for identification purposes.
created_time
string
Output only. The time this resource was created.
updated_time
string
Output only. The time this resource was last updated.
version
integer
Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.
grant_scope_id
string
The Scope the grants will apply to. If the Role is at the global scope, this can be an org or project. If the Role is at an org scope, this can be a project within the org. It is invalid for this to be anything other than the Role's scope when the Role's scope is a project.
principal_ids
string[]
principals
object[]
id
string
Output only. The ID of the principal.
type
string
Output only. The type of the principal.
scope_id
string
Output only. The Scope of the principal.
grant_strings
string[]
grants
object[]
raw
string
Output only. The original user-supplied string.
canonical
string
Output only. The canonically-formatted string.
json
object
Output only. The JSON representation of the grant.
id
string
Output only. The ID, if set.
type
string
Output only. The type, if set.
actions
string[]
authorized_actions
string[]
Adds Users and/or Groups to a Role.
Request
Path Parameters
id
string
RequiredBody Parameters
version
integer
Version is used to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.
principal_ids
string[]
Response
Successful Response
id
string
Output only. The ID of the Role.
scope_id
string
The ID of the Scope containing this Role.
scope
object
Output only. Scope information for this resource.
id
string
Output only. The ID of the Scope.
type
string
Output only. The type of the Scope.
name
string
Output only. The name of the Scope, if any.
description
string
Output only. The description of the Scope, if any.
parent_scope_id
string
Output only. The ID of the parent Scope, if any. This field will be empty if this is the "global" scope.
name
string
Optional name for identification purposes.
description
string
Optional user-set description for identification purposes.
created_time
string
Output only. The time this resource was created.
updated_time
string
Output only. The time this resource was last updated.
version
integer
Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.
grant_scope_id
string
The Scope the grants will apply to. If the Role is at the global scope, this can be an org or project. If the Role is at an org scope, this can be a project within the org. It is invalid for this to be anything other than the Role's scope when the Role's scope is a project.
principal_ids
string[]
principals
object[]
id
string
Output only. The ID of the principal.
type
string
Output only. The type of the principal.
scope_id
string
Output only. The Scope of the principal.
grant_strings
string[]
grants
object[]
raw
string
Output only. The original user-supplied string.
canonical
string
Output only. The canonically-formatted string.
json
object
Output only. The JSON representation of the grant.
id
string
Output only. The ID, if set.
type
string
Output only. The type, if set.
actions
string[]
authorized_actions
string[]
Removes grants from a Role.
Request
Path Parameters
id
string
RequiredBody Parameters
version
integer
Version is used to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.
grant_strings
string[]
Response
Successful Response
id
string
Output only. The ID of the Role.
scope_id
string
The ID of the Scope containing this Role.
scope
object
Output only. Scope information for this resource.
id
string
Output only. The ID of the Scope.
type
string
Output only. The type of the Scope.
name
string
Output only. The name of the Scope, if any.
description
string
Output only. The description of the Scope, if any.
parent_scope_id
string
Output only. The ID of the parent Scope, if any. This field will be empty if this is the "global" scope.
name
string
Optional name for identification purposes.
description
string
Optional user-set description for identification purposes.
created_time
string
Output only. The time this resource was created.
updated_time
string
Output only. The time this resource was last updated.
version
integer
Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.
grant_scope_id
string
The Scope the grants will apply to. If the Role is at the global scope, this can be an org or project. If the Role is at an org scope, this can be a project within the org. It is invalid for this to be anything other than the Role's scope when the Role's scope is a project.
principal_ids
string[]
principals
object[]
id
string
Output only. The ID of the principal.
type
string
Output only. The type of the principal.
scope_id
string
Output only. The Scope of the principal.
grant_strings
string[]
grants
object[]
raw
string
Output only. The original user-supplied string.
canonical
string
Output only. The canonically-formatted string.
json
object
Output only. The JSON representation of the grant.
id
string
Output only. The ID, if set.
type
string
Output only. The type, if set.
actions
string[]
authorized_actions
string[]
Removes the specified Users and/or Groups from a Role.
Request
Path Parameters
id
string
RequiredBody Parameters
version
integer
Version is used to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.
principal_ids
string[]
Response
Successful Response
id
string
Output only. The ID of the Role.
scope_id
string
The ID of the Scope containing this Role.
scope
object
Output only. Scope information for this resource.
id
string
Output only. The ID of the Scope.
type
string
Output only. The type of the Scope.
name
string
Output only. The name of the Scope, if any.
description
string
Output only. The description of the Scope, if any.
parent_scope_id
string
Output only. The ID of the parent Scope, if any. This field will be empty if this is the "global" scope.
name
string
Optional name for identification purposes.
description
string
Optional user-set description for identification purposes.
created_time
string
Output only. The time this resource was created.
updated_time
string
Output only. The time this resource was last updated.
version
integer
Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.
grant_scope_id
string
The Scope the grants will apply to. If the Role is at the global scope, this can be an org or project. If the Role is at an org scope, this can be a project within the org. It is invalid for this to be anything other than the Role's scope when the Role's scope is a project.
principal_ids
string[]
principals
object[]
id
string
Output only. The ID of the principal.
type
string
Output only. The type of the principal.
scope_id
string
Output only. The Scope of the principal.
grant_strings
string[]
grants
object[]
raw
string
Output only. The original user-supplied string.
canonical
string
Output only. The canonically-formatted string.
json
object
Output only. The JSON representation of the grant.
id
string
Output only. The ID, if set.
type
string
Output only. The type, if set.
actions
string[]
authorized_actions
string[]
Set grants for a Role, removing any grants that are not specified in the request.
Request
Path Parameters
id
string
RequiredBody Parameters
version
integer
Version is used to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.
grant_strings
string[]
Response
Successful Response
id
string
Output only. The ID of the Role.
scope_id
string
The ID of the Scope containing this Role.
scope
object
Output only. Scope information for this resource.
id
string
Output only. The ID of the Scope.
type
string
Output only. The type of the Scope.
name
string
Output only. The name of the Scope, if any.
description
string
Output only. The description of the Scope, if any.
parent_scope_id
string
Output only. The ID of the parent Scope, if any. This field will be empty if this is the "global" scope.
name
string
Optional name for identification purposes.
description
string
Optional user-set description for identification purposes.
created_time
string
Output only. The time this resource was created.
updated_time
string
Output only. The time this resource was last updated.
version
integer
Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.
grant_scope_id
string
The Scope the grants will apply to. If the Role is at the global scope, this can be an org or project. If the Role is at an org scope, this can be a project within the org. It is invalid for this to be anything other than the Role's scope when the Role's scope is a project.
principal_ids
string[]
principals
object[]
id
string
Output only. The ID of the principal.
type
string
Output only. The type of the principal.
scope_id
string
Output only. The Scope of the principal.
grant_strings
string[]
grants
object[]
raw
string
Output only. The original user-supplied string.
canonical
string
Output only. The canonically-formatted string.
json
object
Output only. The JSON representation of the grant.
id
string
Output only. The ID, if set.
type
string
Output only. The type, if set.
actions
string[]
authorized_actions
string[]
Set Users and/or Groups to a Role, removing any principals that are not specified in the request.
Request
Path Parameters
id
string
RequiredBody Parameters
version
integer
Version is used to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.
principal_ids
string[]
Response
Successful Response
id
string
Output only. The ID of the Role.
scope_id
string
The ID of the Scope containing this Role.
scope
object
Output only. Scope information for this resource.
id
string
Output only. The ID of the Scope.
type
string
Output only. The type of the Scope.
name
string
Output only. The name of the Scope, if any.
description
string
Output only. The description of the Scope, if any.
parent_scope_id
string
Output only. The ID of the parent Scope, if any. This field will be empty if this is the "global" scope.
name
string
Optional name for identification purposes.
description
string
Optional user-set description for identification purposes.
created_time
string
Output only. The time this resource was created.
updated_time
string
Output only. The time this resource was last updated.
version
integer
Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.
grant_scope_id
string
The Scope the grants will apply to. If the Role is at the global scope, this can be an org or project. If the Role is at an org scope, this can be a project within the org. It is invalid for this to be anything other than the Role's scope when the Role's scope is a project.
principal_ids
string[]
principals
object[]
id
string
Output only. The ID of the principal.
type
string
Output only. The type of the principal.
scope_id
string
Output only. The Scope of the principal.
grant_strings
string[]
grants
object[]
raw
string
Output only. The original user-supplied string.
canonical
string
Output only. The canonically-formatted string.
json
object
Output only. The JSON representation of the grant.
id
string
Output only. The ID, if set.
type
string
Output only. The type, if set.
actions
string[]
authorized_actions
string[]