gcloud active-directory domains set-iam-policy - set the IAM policy for a Managed Microsoft AD domain
gcloud active-directory domains set-iam-policy DOMAIN POLICY_FILE [GCLOUD_WIDE_FLAG ...]
Set the IAM policy associated with a Managed Microsoft AD domain.
This command can fail for the following reasons:
The domain specified does not exist.
The active account does not have permission to access the given domain's IAM policies.
To set the IAM policy for my-domain.com, run:
$ gcloud active-directory domains set-iam-policy my-domain.com \ policy.json
See https://cloud.google.com/iam/docs/managing-policies for details of the policy file format and contents.
- Domain resource - Name of the Managed Microsoft AD domain you want to set the
IAM policy for. This represents a Cloud resource. (NOTE) Some attributes are not given arguments in this group but can be set in other ways. To set the project attribute:
- —
provide the argument domain on the command line with a fully specified name;
- —
set the property core/project;
- —
provide the argument --project on the command line.
This must be specified.
- DOMAIN
ID of the domain or fully qualified identifier for the domain. To set the domain attribute:
provide the argument domain on the command line.
- POLICY_FILE
Path to a local JSON or YAML formatted file containing a valid policy.
The output of the get-iam-policy command is a valid file, as is any JSON or YAML file conforming to the structure of a Policy https://cloud.google.com/iam/reference/rest/v1/Policy.
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.
This command uses the managedidentities/v1 API. The full documentation for this API can be found at: https://cloud.google.com/managed-microsoft-ad/
These variants are also available:
$ gcloud alpha active-directory domains set-iam-policy
$ gcloud beta active-directory domains set-iam-policy