gcloud alpha iam roles update - update an IAM custom role
gcloud alpha iam roles update ROLE_ID (--organization=ORGANIZATION | --project=PROJECT_ID) [--file=FILE] [--add-permissions=ADD_PERMISSIONS --description=DESCRIPTION --permissions=PERMISSIONS --remove-permissions=REMOVE_PERMISSIONS --stage=STAGE --title=TITLE] [GCLOUD_WIDE_FLAG ...]
(ALPHA) This command updates an IAM custom role.
To update the role ProjectUpdater from a YAML file, run:
$ gcloud alpha iam roles update roles/ProjectUpdater \ --organization=123 --file=role_file_path
To update the role ProjectUpdater with flags, run:
$ gcloud alpha iam roles update roles/ProjectUpdater \ --project=myproject --permissions=permission1,permission2
- ROLE_ID
The id of the custom role to update. For example: CustomRole. You must also specify the --organization or --project flag.
- Exactly one of these must be specified:
- --organization=ORGANIZATION
The organization of the role you want to update.
- --project=PROJECT_ID
The project of the role you want to update.
The Google Cloud project ID to use for this invocation. If omitted, then the current project is assumed; the current project can be listed using gcloud config list --format='text(core.project)' and can be set using gcloud config set project PROJECTID.
--project and its fallback core/project property play two roles in the invocation. It specifies the project of the resource to operate on. It also specifies the project for API enablement check, quota, and billing. To specify a different project for quota and billing, use --billing-project or billing/quota_project property.
- --file=FILE
The YAML file you want to use to update a role. Can not be specified with other flags except role-id.
- The following flags determine the fields need to be updated. You can update a
role by specifying the following flags, or you can update a role from a YAML file by specifying the file flag.
- --add-permissions=ADD_PERMISSIONS
The permissions you want to add to the role. Use commas to separate them.
- --description=DESCRIPTION
The description of the role you want to update.
- --permissions=PERMISSIONS
The permissions of the role you want to set. Use commas to separate them.
- --remove-permissions=REMOVE_PERMISSIONS
The permissions you want to remove from the role. Use commas to separate them.
- --stage=STAGE
The state of the role you want to update.
- --title=TITLE
The title of the role you want to update.
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.
This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early access allowlist. These variants are also available:
$ gcloud iam roles update
$ gcloud beta iam roles update