gcloud alpha iam roles create - create a custom role for a project or an organization
gcloud alpha iam roles create ROLE_ID (--organization=ORGANIZATION | --project=PROJECT_ID) [--file=FILE | --description=DESCRIPTION --permissions=PERMISSIONS --stage=STAGE --title=TITLE] [GCLOUD_WIDE_FLAG ...]
(ALPHA) This command creates a custom role with the provided information.
To create a custom role ProjectUpdater from a YAML file, run:
$ gcloud alpha iam roles create ProjectUpdater \ --organization=12345 --file=role_file_path
To create a custom role ProjectUpdater with flags, run:
$ gcloud alpha iam roles create ProjectUpdater --project=myproject \ --title=ProjectUpdater \ --description="Have access to get and update the project" \ --permissions=resourcemanager.projects.get,\ resourcemanager.projects.update
- ROLE_ID
The id of the custom role to create. For example: CustomRole. You must also specify the --organization or --project flag.
- Exactly one of these must be specified:
- --organization=ORGANIZATION
The organization of the role you want to create.
- --project=PROJECT_ID
The project of the role you want to create.
The Google Cloud project ID to use for this invocation. If omitted, then the current project is assumed; the current project can be listed using gcloud config list --format='text(core.project)' and can be set using gcloud config set project PROJECTID.
--project and its fallback core/project property play two roles in the invocation. It specifies the project of the resource to operate on. It also specifies the project for API enablement check, quota, and billing. To specify a different project for quota and billing, use --billing-project or billing/quota_project property.
- At most one of these can be specified:
- --file=FILE
The JSON or YAML file with the IAM Role to create. See https://cloud.google.com/iam/reference/rest/v1/projects.roles.
- Roles Settings
- --description=DESCRIPTION
The description of the role you want to create.
- --permissions=PERMISSIONS
The permissions of the role you want to create. Use commas to separate them.
- --stage=STAGE
The state of the role you want to create. This represents a role's lifecycle phase: ALPHA, BETA, GA, DEPRECATED, DISABLED, EAP.
- --title=TITLE
The title of the role you want to create.
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.
This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early access allowlist. These variants are also available:
$ gcloud iam roles create
$ gcloud beta iam roles create