NAME

gcloud alpha access-context-manager cloud-bindings create - create cloud access bindings for a specific group

SYNOPSIS

gcloud alpha access-context-manager cloud-bindings create --group-key=GROUP_KEY [--dry-run-level=[DRY_RUN_LEVEL,...]] [--level=[LEVEL,...]] [--organization=ORGANIZATION] [GCLOUD_WIDE_FLAG ...]

DESCRIPTION

(ALPHA) Create a new cloud access binding. The access level will be bound with the group. The access level will be enforced when any user in the group tries to access the Google cloud console or API.

EXAMPLES

To create a new cloud access binding including the dry run access level, run:

$ gcloud alpha access-context-manager cloud-bindings create \ --group-key=my-group-key \ --level=accessPolicies/123/accessLevels/abc \ --dry-run-level=accessPolicies/123/accessLevels/def

REQUIRED FLAGS

--group-key=GROUP_KEY

Google Group id whose members are subject to the restrictions of this binding.

OPTIONAL FLAGS

--dry-run-level=[DRY_RUN_LEVEL,...]

The dry run access level that will bind to the given group. The dry run access level will be evaluated but won't be enforced. Denial on dry run access level will be logged. The input must be the full identifier for access level, such as accessPolicies/123/accessLevels/new-def.

--level=[LEVEL,...]

The access level that will bind to the given group. The input must be the full identifier for the access level, such as accessPolicies/123/accessLevels/abc.

--organization=ORGANIZATION

Parent organization for this binding.

GCLOUD WIDE FLAGS

These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.

Run $ gcloud help for details.

API REFERENCE

This command uses the accesscontextmanager/v1alpha API. The full documentation for this API can be found at: https://cloud.google.com/access-context-manager/docs/reference/rest/

NOTES

This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early access allowlist. This variant is also available:

$ gcloud access-context-manager cloud-bindings create