General API reference documentation
Authenticate to IAM
Authenticate to IAM programmatically so that you can access the IAM API.
Retry failed requests
Find out how to retry failed requests to the IAM API.
Client libraries
Use a client library to integrate your application with IAM.
gcloud iamcommandsUse the
gcloud iamcommands to work with IAM from the command line.
REST API reference documentation
IAM REST API
Manage roles and permissions, and manage your service accounts and keys, with the REST API.
Privileged Access Manager REST API
Manage just-in-time temporary role grants with the REST API.
Security Token Service REST API
Exchange access tokens.
Service Account Credentials REST API
Create short-lived, limited-privilege credentials for service accounts.
RPC API reference documentation
IAM Conditions reference documentation
Conditions attribute reference
Learn about attributes that you can use to conditionally grant or deny access.
Conditions resource attribute value reference
Grant access to specific Google Cloud services, resource types, and resource names.
Services that allow conditional role bindings
Find out which resource types let you add conditional role bindings to their allow policies.
Conditions reference documentation
Conditions attribute reference
Learn about attributes that you can use to conditionally grant or deny access.
Conditions resource attribute value reference
Grant access to specific Google Cloud services, resource types, and resource names.
Services that allow conditional role bindings
Find out which resource types let you add conditional role bindings to their allow policies.
Roles and permissions reference documentation
Other reference documentation
Basic and predefined roles reference
View IAM basic roles, as well as a complete list of IAM predefined roles and the permissions they contain.
Full resource names
Understand the format that IAM uses to identify another service's resources.
Identity federation: supported products and limitations
Lists Google Cloud products that work with workforce identity federation, and provides associated product limitations.
Permissions reference
View a complete list of IAM permissions and the roles that grant them.
Permissions supported in deny policies
Learn which IAM permissions you can use in deny policies.
Permissions that principal access boundary policies can block
Learn which IAM permissions each version of principal access boundary policies can block.
Principal identifiers
Understand the identifiers that you use when listing principals in allow policies and deny policies.
Resource types that accept allow policies
Learn which resource types accept allow policies.
Resource types with built-in identities
Learn which resource have built-in identities and what the principal identifiers for those built-in identities are.
Service agents
Get details about the service accounts that Google Cloud services use to access your resources.
Support levels for permissions in custom roles
Learn which IAM permissions you can use in custom roles.