Privileged Access Manager API
Privileged Access Manager (PAM) helps you to follow least privilege best practice to mitigate risks tied to privileged access misuse and abuse. You can shift from always-on standing privileges to on-demand access using time-bound and approval-based access elevations.
IAM administrators specifically can use PAM to create entitlements that can grant temporary access to a specific resource scope. Requesters can explore eligible entitlements and request the access needed for their task, and approvers are notified when approvals require their attention.
Streamlined workflows facilitated using PAM support several use cases, including the following:
- Emergency access for incident responders
- Time-boxed access for developers for critical deployment or maintenance
- Temporary access for operators for data ingestion and audits
- Temporary access to service accounts for automated tasks
Service: privilegedaccessmanager.googleapis.com
The Service name privilegedaccessmanager.googleapis.com is needed to create RPC client stubs.
| Methods |
GetLocation |
Gets information about a location. |
ListLocations |
Lists information about the supported locations for this service. |
| Methods |
ApproveGrant |
ApproveGrant is used to approve a grant. |
CheckOnboardingStatus |
CheckOnboardingStatus reports the onboarding status for a project, folder, or organization. |
CreateEntitlement |
Creates a new entitlement in a given project, folder, organization, and in a given location. |
CreateGrant |
Creates a grant in a given project, folder, or organization and location. |
DeleteEntitlement |
Deletes a single entitlement. |
DenyGrant |
DenyGrant is used to deny a grant. |
GetEntitlement |
Gets details of a single entitlement. |
GetGrant |
Get details of a single grant. |
ListEntitlements |
Lists the entitlements in a given project, folder, organization, and in a given location. |
ListGrants |
Lists grants for a given entitlement. |
RevokeGrant |
RevokeGrant is used to immediately revoke access for a grant. |
SearchEntitlements |
SearchEntitlements returns entitlements on which the caller has the specified access. |
SearchGrants |
SearchGrants returns grants that are related to the calling user in the specified way. |
UpdateEntitlement |
Updates the entitlement specified in the request. |
| Methods |
ApproveGrant |
ApproveGrant is used to approve a grant. |
CheckOnboardingStatus |
CheckOnboardingStatus reports the onboarding status for a project, folder, or organization. |
CreateEntitlement |
Creates a new entitlement in a given project, folder, organization, and in a given location. |
CreateGrant |
Creates a grant in a given project, folder, or organization and location. |
DeleteEntitlement |
Deletes a single entitlement. |
DenyGrant |
DenyGrant is used to deny a grant. |
FetchEffectiveSettings |
FetchEffectiveSettings returns the effective PAM Settings for the given project, folder, or organization. |
GetEntitlement |
Gets details of a single entitlement. |
GetGrant |
Get details of a single grant. |
GetSettings |
GetSettings returns the PAM Settings for the given project, folder, or organization. |
ListEntitlements |
Lists the entitlements in a given project, folder, organization, and in a given location. |
ListGrants |
Lists grants for a given entitlement. |
RevokeGrant |
RevokeGrant is used to immediately revoke access for a grant. |
SearchEntitlements |
SearchEntitlements returns entitlements on which the caller has the specified access. |
SearchGrants |
SearchGrants returns grants that are related to the calling user in the specified way. |
UpdateEntitlement |
Updates the entitlement specified in the request. |
UpdateSettings |
UpdateSettings updates the PAM Settings resource specified in the request. |
WithdrawGrant |
WithdrawGrant is used to immediately withdraw the grant. |
| Methods |
ApproveGrant |
ApproveGrant is used to approve a grant. |
CheckOnboardingStatus |
CheckOnboardingStatus reports the onboarding status for a project, folder, or organization. |
CreateEntitlement |
Creates a new entitlement in a given project, folder, organization, and in a given location. |
CreateGrant |
Creates a grant in a given project, folder, or organization and location. |
DeleteEntitlement |
Deletes a single entitlement. |
DenyGrant |
DenyGrant is used to deny a grant. |
FetchEffectiveSettings |
FetchEffectiveSettings returns the effective PAM Settings for the given project, folder, or organization. |
GetEntitlement |
Gets details of a single entitlement. |
GetGrant |
Get details of a single grant. |
GetSettings |
GetSettings returns the PAM Settings for the given project, folder, or organization. |
ListEntitlements |
Lists the entitlements in a given project, folder, organization, and in a given location. |
ListGrants |
Lists grants for a given entitlement. |
RevokeGrant |
RevokeGrant is used to immediately revoke access for a grant. |
SearchEntitlements |
SearchEntitlements returns entitlements on which the caller has the specified access. |
SearchGrants |
SearchGrants returns grants that are related to the calling user in the specified way. |
UpdateEntitlement |
Updates the entitlement specified in the request. |
UpdateSettings |
UpdateSettings updates the PAM Settings resource specified in the request. |
WithdrawGrant |
WithdrawGrant is used to immediately withdraw the grant. |
| Methods |
CancelOperation |
Starts asynchronous cancellation on a long-running operation. |
DeleteOperation |
Deletes a long-running operation. |
GetOperation |
Gets the latest state of a long-running operation. |
ListOperations |
Lists operations that match the specified filter in the request. |
WaitOperation |
Waits until the specified long-running operation is done or reaches at most a specified timeout, returning the latest state. |
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-09-26 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-26 UTC."],[],[],null,[]]
