BERJAYA

gcloud organizations add-iam-policy-binding

NAME: gcloud organizations add-iam-policy-binding - add IAM policy binding for an organization
SYNOPSIS: gcloud organizations add-iam-policy-binding ORGANIZATION --member=MEMBER --role=ROLE [GCLOUD_WIDE_FLAG …]
DESCRIPTION: Adds a policy binding to the IAM policy of an organization, given an organization ID and the binding. One binding consists of a member and a role.
POSITIONAL ARGUMENTS: Organization resource - The organization to add the IAM policy binding. This represents a Cloud resource. This must be specified.

ORGANIZATION

ID of the organization or fully qualified identifier for the organization.
REQUIRED FLAGS: --member=MEMBER

The member to add the binding for. Should be of the form user|group|serviceAccount:email or domain:domain.
Examples: user:test-user@gmail.com, group:admins@example.com, serviceAccount:test123@example.domain.com, or domain:example.domain.com.
Can also be one of the following special values:

allUsers - Special identifier that represents anyone who is on the internet, with or without a Google account.

allAuthenticatedUsers - Special identifier that represents anyone who is authenticated with a Google account or a service account.

--role=ROLE

Define the role of the member.
GCLOUD WIDE FLAGS: These flags are available to all commands: --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity. Run $ gcloud help for details.
API REFERENCE: This command uses the cloudresourcemanager/v1 API. The full documentation for this API can be found at: https://cloud.google.com/resource-manager
EXAMPLES: To add an IAM policy binding for the role of 'roles/editor' for the user 'test-user@gmail.com' on an organization with identifier 'example-organization-id-1', run:
$ gcloud organizations add-iam-policy-binding \ example-organization-id-1 --member='user:test-user@gmail.com' \ --role='roles/editor'

To add an IAM policy binding for the role of 'roles/editor' to the service account 'test-proj1@example.domain.com', run:
$ gcloud organizations add-iam-policy-binding \ example-organization-id-1 \ --member='serviceAccount:test-proj1@example.domain.com' \ --role='roles/editor'

To add an IAM policy binding for the role of 'roles/editor' for all authenticated users on an organization with identifier 'example-organization-id-1', run:
$ gcloud organizations add-iam-policy-binding \ example-organization-id-1 --member='allAuthenticatedUsers' \ --role='roles/editor'

See https://cloud.google.com/iam/docs/managing-policies for details of policy role and member types.
NOTES: These variants are also available:
$ gcloud alpha organizations add-iam-policy-binding $ gcloud beta organizations add-iam-policy-binding

Was this page helpful? Let us know how we did:

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see our Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated May 14, 2019.

May	JUN	Jul
	01
2018	2019	2020

gcloud organizations add-iam-policy-binding

Send feedback about...