NAME

gcloud beta ai-platform models add-iam-policy-binding - add IAM policy binding for a model

SYNOPSIS

gcloud beta ai-platform models add-iam-policy-binding MODEL --member=PRINCIPAL --role=ROLE [--region=REGION] [GCLOUD_WIDE_FLAG ...]

DESCRIPTION

(BETA) Add IAM policy binding to a model.

EXAMPLES

To add an IAM policy binding for the role of 'roles/ml.admin' for the user 'test-user@gmail.com' on a model with identifier 'my_model', run:

$ gcloud beta ai-platform models add-iam-policy-binding my_model \ --member='user:test-user@gmail.com' --role='roles/ml.admin'

To add an IAM policy binding for the role of 'roles/ml.admin' to the service account 'test-proj1@example.domain.com', run:

$ gcloud beta ai-platform models add-iam-policy-binding my_model \ --member='serviceAccount:test-proj1@example.domain.com' \ --role='roles/ml.admin'

To add an IAM policy binding for the role of 'roles/ml.admin' for all authenticated users on a model with identifier 'my_model', run:

$ gcloud beta ai-platform models add-iam-policy-binding my_model \ --member='allAuthenticatedUsers' --role='roles/ml.admin'

See https://cloud.google.com/iam/docs/managing-policies for details of policy role and principal types.

POSITIONAL ARGUMENTS

MODEL

Name of the model.

REQUIRED FLAGS

--member=PRINCIPAL

The principal to add the binding for. Should be of the form user|group|serviceAccount:email or domain:domain.

Examples: user:test-user@gmail.com, group:admins@example.com, serviceAccount:test123@example.domain.com, or domain:example.domain.com.

Some resources also accept the following special values:

allUsers - Special identifier that represents anyone who is on the internet, with or without a Google account.

allAuthenticatedUsers - Special identifier that represents anyone who is authenticated with a Google account or a service account.

--role=ROLE

Role name to assign to the principal. The role name is the complete path of a predefined role, such as roles/logging.viewer, or the role ID for a custom role, such as organizations/{ORGANIZATION_ID}/roles/logging.viewer.

OPTIONAL FLAGS

--region=REGION

Google Cloud region of the regional endpoint to use for this command. For the global endpoint, the region needs to be specified as global.

Learn more about regional endpoints and see a list of available regions: https://cloud.google.com/ai-platform/prediction/docs/regional-endpoints

REGION must be one of: global, asia-east1, asia-northeast1, asia-southeast1, australia-southeast1, europe-west1, europe-west2, europe-west3, europe-west4, northamerica-northeast1, us-central1, us-east1, us-east4, us-west1.

GCLOUD WIDE FLAGS

These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.

Run $ gcloud help for details.

NOTES

This command is currently in beta and might change without notice. These variants are also available:

$ gcloud ai-platform models add-iam-policy-binding

$ gcloud alpha ai-platform models add-iam-policy-binding