gcloud beta ai-platform models add-iam-policy-binding - add IAM policy binding for a model
gcloud beta ai-platform models add-iam-policy-binding MODEL --member=PRINCIPAL --role=ROLE [--region=REGION] [GCLOUD_WIDE_FLAG ...]
(BETA) Add IAM policy binding to a model.
To add an IAM policy binding for the role of 'roles/ml.admin' for the user 'test-user@gmail.com' on a model with identifier 'my_model', run:
$ gcloud beta ai-platform models add-iam-policy-binding my_model \ --member='user:test-user@gmail.com' --role='roles/ml.admin'
To add an IAM policy binding for the role of 'roles/ml.admin' to the service account 'test-proj1@example.domain.com', run:
$ gcloud beta ai-platform models add-iam-policy-binding my_model \ --member='serviceAccount:test-proj1@example.domain.com' \ --role='roles/ml.admin'
To add an IAM policy binding for the role of 'roles/ml.admin' for all authenticated users on a model with identifier 'my_model', run:
$ gcloud beta ai-platform models add-iam-policy-binding my_model \ --member='allAuthenticatedUsers' --role='roles/ml.admin'
See https://cloud.google.com/iam/docs/managing-policies for details of policy role and principal types.
- MODEL
Name of the model.
- --member=PRINCIPAL
The principal to add the binding for. Should be of the form user|group|serviceAccount:email or domain:domain.
Examples: user:test-user@gmail.com, group:admins@example.com, serviceAccount:test123@example.domain.com, or domain:example.domain.com.
Some resources also accept the following special values:
- —
allUsers - Special identifier that represents anyone who is on the internet, with or without a Google account.
- —
allAuthenticatedUsers - Special identifier that represents anyone who is authenticated with a Google account or a service account.
- --role=ROLE
Role name to assign to the principal. The role name is the complete path of a predefined role, such as roles/logging.viewer, or the role ID for a custom role, such as organizations/{ORGANIZATION_ID}/roles/logging.viewer.
- --region=REGION
Google Cloud region of the regional endpoint to use for this command. For the global endpoint, the region needs to be specified as global.
Learn more about regional endpoints and see a list of available regions: https://cloud.google.com/ai-platform/prediction/docs/regional-endpoints
REGION must be one of: global, asia-east1, asia-northeast1, asia-southeast1, australia-southeast1, europe-west1, europe-west2, europe-west3, europe-west4, northamerica-northeast1, us-central1, us-east1, us-east4, us-west1.
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.
This command is currently in beta and might change without notice. These variants are also available:
$ gcloud ai-platform models add-iam-policy-binding
$ gcloud alpha ai-platform models add-iam-policy-binding