gcloud alpha iam roles describe - show metadata for a role
gcloud alpha iam roles describe ROLE_ID [--organization=ORGANIZATION | --project=PROJECT_ID] [GCLOUD_WIDE_FLAG ...]
(ALPHA) This command shows metadata for a role.
This command can fail for the following reasons:
The role specified does not exist.
The active user does not have permission to access the given role.
To print metadata for the role spanner.databaseAdmin of the organization 1234567, run:
$ gcloud alpha iam roles describe roles/spanner.databaseAdmin \ --organization=1234567
To print metadata for the role spanner.databaseAdmin of the project myproject, run:
$ gcloud alpha iam roles describe roles/spanner.databaseAdmin \ --project=myproject
To print metadata for a predefined role, spanner.databaseAdmin, run:
$ gcloud alpha iam roles describe roles/spanner.databaseAdmin
- ROLE_ID
The id of the role to describe. Curated roles example: roles/viewer. Custom roles example: CustomRole. For custom roles, you must also specify the --organization or --project flag.
- At most one of these can be specified:
- --organization=ORGANIZATION
The organization of the role you want to describe.
- --project=PROJECT_ID
The project of the role you want to describe.
The Google Cloud project ID to use for this invocation. If omitted, then the current project is assumed; the current project can be listed using gcloud config list --format='text(core.project)' and can be set using gcloud config set project PROJECTID.
--project and its fallback core/project property play two roles in the invocation. It specifies the project of the resource to operate on. It also specifies the project for API enablement check, quota, and billing. To specify a different project for quota and billing, use --billing-project or billing/quota_project property.
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.
This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early access allowlist. These variants are also available:
$ gcloud iam roles describe
$ gcloud beta iam roles describe