gcloud alpha resource-manager org-policies deny - add values to an Organization Policy denied_values list policy
gcloud alpha resource-manager org-policies deny ORG_POLICY_ID DENIED_VALUE [DENIED_VALUE ...] (--folder=FOLDER_ID | --organization=ORGANIZATION_ID | --project=PROJECT_ID) [GCLOUD_WIDE_FLAG ...]
(ALPHA) Adds one or more values to the specified Organization Policy denied_values list policy associated with the specified resource.
The following command adds devEnv and prodEnv to an Organization Policy denied_values list policy for constraint serviceuser.services on project foo-project:
$ gcloud alpha resource-manager org-policies deny \ serviceuser.services --project=foo-project devEnv prodEnv
- ORG_POLICY_ID
The Org Policy constraint name.
- DENIED_VALUE [DENIED_VALUE ...]
The values to add to the denied_values list policy.
- Resource that is associated with the organization policy.
Exactly one of these must be specified:
- --folder=FOLDER_ID
Folder ID.
- --organization=ORGANIZATION_ID
Organization ID.
- --project=PROJECT_ID
Project ID. Overrides the default core/project property value for this command invocation.
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.
This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early access allowlist. These variants are also available:
$ gcloud resource-manager org-policies deny
$ gcloud beta resource-manager org-policies deny