gcloud alpha compute backend-buckets add-iam-policy-binding - add an IAM policy binding to a Compute Engine backend bucket
gcloud alpha compute backend-buckets add-iam-policy-binding BACKEND_BUCKET --member=PRINCIPAL --role=ROLE [GCLOUD_WIDE_FLAG ...]
(ALPHA) Add an IAM policy binding to a Compute Engine backend bucket.
To add an IAM policy binding for the role of 'compute.loadBalancerServiceUser' for the user 'test-user@gmail.com' with backend bucket 'my-backend-bucket' run:
$ gcloud alpha compute backend-buckets add-iam-policy-binding \ my-backend-bucket --member='user:test-user@gmail.com' \ --role='roles/compute.loadBalancerServiceUser'
See https://cloud.google.com/iam/docs/managing-policies for details of policy role and member types.
- Backend bucket resource - The backend bucket for which to add the IAM policy
to. This represents a Cloud resource. (NOTE) Some attributes are not given arguments in this group but can be set in other ways. To set the project attribute:
- —
provide the argument backend_bucket on the command line with a fully specified name;
- —
set the property core/project;
- —
provide the argument --project on the command line.
This must be specified.
- BACKEND_BUCKET
ID of the backend bucket or fully qualified identifier for the backend bucket. To set the backend_bucket attribute:
provide the argument backend_bucket on the command line.
- --member=PRINCIPAL
The principal to add the binding for. Should be of the form user|group|serviceAccount:email or domain:domain.
Examples: user:test-user@gmail.com, group:admins@example.com, serviceAccount:test123@example.domain.com, or domain:example.domain.com.
Some resources also accept the following special values:
- —
allUsers - Special identifier that represents anyone who is on the internet, with or without a Google account.
- —
allAuthenticatedUsers - Special identifier that represents anyone who is authenticated with a Google account or a service account.
- --role=ROLE
Role name to assign to the principal. The role name is the complete path of a predefined role, such as roles/logging.viewer, or the role ID for a custom role, such as organizations/{ORGANIZATION_ID}/roles/logging.viewer.
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.
This command uses the compute/alpha API. The full documentation for this API can be found at: https://cloud.google.com/compute/
This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early access allowlist. This variant is also available:
$ gcloud beta compute backend-buckets add-iam-policy-binding