Skip to content

/AWS1/CL_IAM=>GETROLEPOLICY()

About GetRolePolicy

Retrieves the specified inline policy document that is embedded with the specified IAM role.

Policies returned by this operation are URL-encoded compliant with RFC 3986. You can use a URL decoding method to convert the policy back to plain JSON text. For example, if you use Java, you can use the decode method of the java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs provide similar functionality.

An IAM role can also have managed policies attached to it. To retrieve a managed policy document that is attached to a role, use GetPolicy to determine the policy's default version, then use GetPolicyVersion to retrieve the policy document.

For more information about policies, see Managed policies and inline policies in the IAM User Guide.

For more information about roles, see IAM roles in the IAM User Guide.

Method Signature

IMPORTING

Required arguments:

iv_rolename TYPE /AWS1/IAMROLENAMETYPE /AWS1/IAMROLENAMETYPE

The name of the role associated with the policy.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

iv_policyname TYPE /AWS1/IAMPOLICYNAMETYPE /AWS1/IAMPOLICYNAMETYPE

The name of the policy document to get.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

RETURNING

oo_output TYPE REF TO /aws1/cl_iamgetrolepolicyrsp /AWS1/CL_IAMGETROLEPOLICYRSP

Domain /AWS1/RT_ACCOUNT_ID
Primitive Type NUMC

Examples

Syntax Example

This is an example of the syntax for calling the method. It includes every possible argument and initializes every possible value. The data provided is not necessarily semantically accurate (for example the value "string" may be provided for something that is intended to be an instance ID, or in some cases two arguments may be mutually exclusive). The syntax shows the ABAP syntax for creating the various data structures.

DATA(lo_result) = lo_client->/aws1/if_iam~getrolepolicy(
  iv_policyname = |string|
  iv_rolename = |string|
).

This is an example of reading all possible response values

lo_result = lo_result.
IF lo_result IS NOT INITIAL.
  lv_rolenametype = lo_result->get_rolename( ).
  lv_policynametype = lo_result->get_policyname( ).
  lv_policydocumenttype = lo_result->get_policydocument( ).
ENDIF.