Optional. A list of asset types that the IAM policies are attached to. If
empty, it will search the IAM policies that are attached to all the asset
types supported by search
APIs
Regular expressions are also supported. For example:
"compute.googleapis.com.*" snapshots IAM policies attached to asset type
starts with "compute.googleapis.com".
".*Instance" snapshots IAM policies attached to asset type ends with
"Instance".
".Instance." snapshots IAM policies attached to asset type contains
"Instance".
See RE2 for all supported
regular expression syntax. If the regular expression does not match any
supported asset type, an INVALID_ARGUMENT error will be returned.
Optional. A comma-separated list of fields specifying the sorting order of
the results. The default order is ascending. Add " DESC" after the field
name to indicate descending order. Redundant space characters are ignored.
Example: "assetType DESC, resource".
Only singular primitive fields in the response are sortable:
resource
assetType
project
All the other fields such as repeated fields (e.g., folders) and
non-primitive fields (e.g., policy) are not supported.
Optional. The page size for search result pagination. Page size is capped
at 500 even if a larger value is given. If set to zero or a negative value,
server will pick an appropriate default. Returned results may be fewer than
requested. When this happens, there could be more results as long as
next_page_token is returned.
Optional. If present, retrieve the next batch of results from the preceding
call to this method. page_token must be the value of next_page_token
from the previous response. The values of all other method parameters must
be identical to those in the previous call.
Optional. The query statement. See how to construct a
query
for more information. If not specified or empty, it will search all the
IAM policies within the specified scope. Note that the query string is
compared against each IAM policy binding, including its principals,
roles, and IAM conditions. The returned IAM policies will only
contain the bindings that match your query. To learn more about the IAM
policy structure, see the IAM policy
documentation.
Examples:
policy:amy@gmail.com to find IAM policy bindings that specify user
"amy@gmail.com".
policy:roles/compute.admin to find IAM policy bindings that specify
the Compute Admin role.
policy:comp* to find IAM policy bindings that contain "comp" as a
prefix of any word in the binding.
policy.role.permissions:storage.buckets.update to find IAM policy
bindings that specify a role containing "storage.buckets.update"
permission. Note that if callers don't have iam.roles.get access to a
role's included permissions, policy bindings that specify this role will
be dropped from the search results.
policy.role.permissions:upd* to find IAM policy bindings that specify a
role containing "upd" as a prefix of any word in the role permission.
Note that if callers don't have iam.roles.get access to a role's
included permissions, policy bindings that specify this role will be
dropped from the search results.
resource:organizations/123456 to find IAM policy bindings
that are set on "organizations/123456".
resource=//cloudresourcemanager.googleapis.com/projects/myproject to
find IAM policy bindings that are set on the project named "myproject".
Important to find IAM policy bindings that contain "Important" as a
word in any of the searchable fields (except for the included
permissions).
resource:(instance1 OR instance2) policy:amy to find
IAM policy bindings that are set on resources "instance1" or
"instance2" and also specify user "amy".
roles:roles/compute.admin to find IAM policy bindings that specify the
Compute Admin role.
memberTypes:user to find IAM policy bindings that contain the
principal type "user".
Required. A scope can be a project, a folder, or an organization. The
search is limited to the IAM policies within the scope. The caller must
be granted the
cloudasset.assets.searchAllIamPolicies
permission on the desired scope.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-07 UTC."],[[["\u003cp\u003eThis document provides reference documentation for the \u003ccode\u003eSearchAllIamPoliciesRequest\u003c/code\u003e class within the Google Cloud Asset Inventory v1 API.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003eSearchAllIamPoliciesRequest\u003c/code\u003e class is used to search for IAM policies across a specified scope, supporting features like filtering by asset types, ordering results, and pagination.\u003c/p\u003e\n"],["\u003cp\u003eUsers can query IAM policies by various criteria, including email addresses, roles, permissions, resources, and more, using the \u003ccode\u003eQuery\u003c/code\u003e property and the supported syntax.\u003c/p\u003e\n"],["\u003cp\u003eThe latest version of this class is \u003ccode\u003e3.12.0\u003c/code\u003e, with several previous versions available, all under the \u003ccode\u003eGoogle.Cloud.Asset.V1\u003c/code\u003e namespace.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003eScope\u003c/code\u003e property allows you to search for IAM policies within a project, folder, or organization and requires specific permissions.\u003c/p\u003e\n"]]],[],null,["# Google Cloud Asset Inventory v1 API - Class SearchAllIamPoliciesRequest (3.13.0)\n\nVersion latestkeyboard_arrow_down\n\n- [3.13.0 (latest)](/dotnet/docs/reference/Google.Cloud.Asset.V1/latest/Google.Cloud.Asset.V1.SearchAllIamPoliciesRequest)\n- [3.12.0](/dotnet/docs/reference/Google.Cloud.Asset.V1/3.12.0/Google.Cloud.Asset.V1.SearchAllIamPoliciesRequest)\n- [3.11.0](/dotnet/docs/reference/Google.Cloud.Asset.V1/3.11.0/Google.Cloud.Asset.V1.SearchAllIamPoliciesRequest)\n- [3.10.0](/dotnet/docs/reference/Google.Cloud.Asset.V1/3.10.0/Google.Cloud.Asset.V1.SearchAllIamPoliciesRequest)\n- [3.9.0](/dotnet/docs/reference/Google.Cloud.Asset.V1/3.9.0/Google.Cloud.Asset.V1.SearchAllIamPoliciesRequest)\n- [3.8.0](/dotnet/docs/reference/Google.Cloud.Asset.V1/3.8.0/Google.Cloud.Asset.V1.SearchAllIamPoliciesRequest)\n- [3.7.0](/dotnet/docs/reference/Google.Cloud.Asset.V1/3.7.0/Google.Cloud.Asset.V1.SearchAllIamPoliciesRequest)\n- [3.6.0](/dotnet/docs/reference/Google.Cloud.Asset.V1/3.6.0/Google.Cloud.Asset.V1.SearchAllIamPoliciesRequest)\n- [3.5.0](/dotnet/docs/reference/Google.Cloud.Asset.V1/3.5.0/Google.Cloud.Asset.V1.SearchAllIamPoliciesRequest)\n- [3.4.0](/dotnet/docs/reference/Google.Cloud.Asset.V1/3.4.0/Google.Cloud.Asset.V1.SearchAllIamPoliciesRequest)\n- [3.3.0](/dotnet/docs/reference/Google.Cloud.Asset.V1/3.3.0/Google.Cloud.Asset.V1.SearchAllIamPoliciesRequest)\n- [3.2.0](/dotnet/docs/reference/Google.Cloud.Asset.V1/3.2.0/Google.Cloud.Asset.V1.SearchAllIamPoliciesRequest)\n- [3.1.0](/dotnet/docs/reference/Google.Cloud.Asset.V1/3.1.0/Google.Cloud.Asset.V1.SearchAllIamPoliciesRequest)\n- [3.0.0](/dotnet/docs/reference/Google.Cloud.Asset.V1/3.0.0/Google.Cloud.Asset.V1.SearchAllIamPoliciesRequest)\n- [2.11.0](/dotnet/docs/reference/Google.Cloud.Asset.V1/2.11.0/Google.Cloud.Asset.V1.SearchAllIamPoliciesRequest)\n- [2.10.0](/dotnet/docs/reference/Google.Cloud.Asset.V1/2.10.0/Google.Cloud.Asset.V1.SearchAllIamPoliciesRequest)\n- [2.9.0](/dotnet/docs/reference/Google.Cloud.Asset.V1/2.9.0/Google.Cloud.Asset.V1.SearchAllIamPoliciesRequest)\n- [2.8.0](/dotnet/docs/reference/Google.Cloud.Asset.V1/2.8.0/Google.Cloud.Asset.V1.SearchAllIamPoliciesRequest)\n- [2.7.0](/dotnet/docs/reference/Google.Cloud.Asset.V1/2.7.0/Google.Cloud.Asset.V1.SearchAllIamPoliciesRequest) \n\n public sealed class SearchAllIamPoliciesRequest : IMessage\u003cSearchAllIamPoliciesRequest\u003e, IEquatable\u003cSearchAllIamPoliciesRequest\u003e, IDeepCloneable\u003cSearchAllIamPoliciesRequest\u003e, IBufferMessage, IMessage, IPageRequest\n\nReference documentation and code samples for the Google Cloud Asset Inventory v1 API class SearchAllIamPoliciesRequest.\n\nSearch all IAM policies request. \n\nInheritance\n-----------\n\n[object](https://learn.microsoft.com/dotnet/api/system.object) \\\u003e SearchAllIamPoliciesRequest \n\nImplements\n----------\n\n[IMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IMessage-1.html)[SearchAllIamPoliciesRequest](/dotnet/docs/reference/Google.Cloud.Asset.V1/latest/Google.Cloud.Asset.V1.SearchAllIamPoliciesRequest), [IEquatable](https://learn.microsoft.com/dotnet/api/system.iequatable-1)[SearchAllIamPoliciesRequest](/dotnet/docs/reference/Google.Cloud.Asset.V1/latest/Google.Cloud.Asset.V1.SearchAllIamPoliciesRequest), [IDeepCloneable](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IDeepCloneable-1.html)[SearchAllIamPoliciesRequest](/dotnet/docs/reference/Google.Cloud.Asset.V1/latest/Google.Cloud.Asset.V1.SearchAllIamPoliciesRequest), [IBufferMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IBufferMessage.html), [IMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IMessage.html), [IPageRequest](https://cloud.google.com/dotnet/docs/reference/Google.Api.Gax/latest/Google.Api.Gax.Grpc.IPageRequest.html) \n\nInherited Members\n-----------------\n\n[object.GetHashCode()](https://learn.microsoft.com/dotnet/api/system.object.gethashcode) \n[object.GetType()](https://learn.microsoft.com/dotnet/api/system.object.gettype) \n[object.ToString()](https://learn.microsoft.com/dotnet/api/system.object.tostring)\n\nNamespace\n---------\n\n[Google.Cloud.Asset.V1](/dotnet/docs/reference/Google.Cloud.Asset.V1/latest/Google.Cloud.Asset.V1)\n\nAssembly\n--------\n\nGoogle.Cloud.Asset.V1.dll\n\nConstructors\n------------\n\n### SearchAllIamPoliciesRequest()\n\n public SearchAllIamPoliciesRequest()\n\n### SearchAllIamPoliciesRequest(SearchAllIamPoliciesRequest)\n\n public SearchAllIamPoliciesRequest(SearchAllIamPoliciesRequest other)\n\nProperties\n----------\n\n### AssetTypes\n\n public RepeatedField\u003cstring\u003e AssetTypes { get; }\n\nOptional. A list of asset types that the IAM policies are attached to. If\nempty, it will search the IAM policies that are attached to all the asset\ntypes [supported by search\nAPIs](https://cloud.google.com/asset-inventory/docs/supported-asset-types)\n\nRegular expressions are also supported. For example:\n\n- \"compute.googleapis.com.\\*\" snapshots IAM policies attached to asset type starts with \"compute.googleapis.com\".\n- \".\\*Instance\" snapshots IAM policies attached to asset type ends with \"Instance\".\n- \".*Instance.*\" snapshots IAM policies attached to asset type contains \"Instance\".\n\nSee [RE2](https://github.com/google/re2/wiki/Syntax) for all supported\nregular expression syntax. If the regular expression does not match any\nsupported asset type, an INVALID_ARGUMENT error will be returned.\n\n### OrderBy\n\n public string OrderBy { get; set; }\n\nOptional. A comma-separated list of fields specifying the sorting order of\nthe results. The default order is ascending. Add \" DESC\" after the field\nname to indicate descending order. Redundant space characters are ignored.\nExample: \"assetType DESC, resource\".\nOnly singular primitive fields in the response are sortable:\n\n- resource\n- assetType\n- project All the other fields such as repeated fields (e.g., `folders`) and non-primitive fields (e.g., `policy`) are not supported.\n\n### PageSize\n\n public int PageSize { get; set; }\n\nOptional. The page size for search result pagination. Page size is capped\nat 500 even if a larger value is given. If set to zero or a negative value,\nserver will pick an appropriate default. Returned results may be fewer than\nrequested. When this happens, there could be more results as long as\n`next_page_token` is returned.\n\n### PageToken\n\n public string PageToken { get; set; }\n\nOptional. If present, retrieve the next batch of results from the preceding\ncall to this method. `page_token` must be the value of `next_page_token`\nfrom the previous response. The values of all other method parameters must\nbe identical to those in the previous call.\n\n### Query\n\n public string Query { get; set; }\n\nOptional. The query statement. See [how to construct a\nquery](https://cloud.google.com/asset-inventory/docs/searching-iam-policies#how_to_construct_a_query)\nfor more information. If not specified or empty, it will search all the\nIAM policies within the specified `scope`. Note that the query string is\ncompared against each IAM policy binding, including its principals,\nroles, and IAM conditions. The returned IAM policies will only\ncontain the bindings that match your query. To learn more about the IAM\npolicy structure, see the [IAM policy\ndocumentation](https://cloud.google.com/iam/help/allow-policies/structure).\n\nExamples:\n\n- `policy:amy@gmail.com` to find IAM policy bindings that specify user \"amy@gmail.com\".\n- `policy:roles/compute.admin` to find IAM policy bindings that specify the Compute Admin role.\n- `policy:comp*` to find IAM policy bindings that contain \"comp\" as a prefix of any word in the binding.\n- `policy.role.permissions:storage.buckets.update` to find IAM policy bindings that specify a role containing \"storage.buckets.update\" permission. Note that if callers don't have `iam.roles.get` access to a role's included permissions, policy bindings that specify this role will be dropped from the search results.\n- `policy.role.permissions:upd*` to find IAM policy bindings that specify a role containing \"upd\" as a prefix of any word in the role permission. Note that if callers don't have `iam.roles.get` access to a role's included permissions, policy bindings that specify this role will be dropped from the search results.\n- `resource:organizations/123456` to find IAM policy bindings that are set on \"organizations/123456\".\n- `resource=//cloudresourcemanager.googleapis.com/projects/myproject` to find IAM policy bindings that are set on the project named \"myproject\".\n- `Important` to find IAM policy bindings that contain \"Important\" as a word in any of the searchable fields (except for the included permissions).\n- `resource:(instance1 OR instance2) policy:amy` to find IAM policy bindings that are set on resources \"instance1\" or \"instance2\" and also specify user \"amy\".\n- `roles:roles/compute.admin` to find IAM policy bindings that specify the Compute Admin role.\n- `memberTypes:user` to find IAM policy bindings that contain the principal type \"user\".\n\n### Scope\n\n public string Scope { get; set; }\n\nRequired. A scope can be a project, a folder, or an organization. The\nsearch is limited to the IAM policies within the `scope`. The caller must\nbe granted the\n[`cloudasset.assets.searchAllIamPolicies`](https://cloud.google.com/asset-inventory/docs/access-control#required_permissions)\npermission on the desired scope.\n\nThe allowed values are:\n\n- projects/{PROJECT_ID} (e.g., \"projects/foo-bar\")\n- projects/{PROJECT_NUMBER} (e.g., \"projects/12345678\")\n- folders/{FOLDER_NUMBER} (e.g., \"folders/1234567\")\n- organizations/{ORGANIZATION_NUMBER} (e.g., \"organizations/123456\")"]]
