gcloud iam - manage IAM service accounts and keys
gcloud iam GROUP | COMMAND [GCLOUD_WIDE_FLAG ...]
The gcloud iam command group lets you manage Google Cloud Identity & Access Management (IAM) service accounts and keys.
Cloud IAM authorizes who can take action on specific resources, giving you full control and visibility to manage cloud resources centrally. For established enterprises with complex organizational structures, hundreds of workgroups and potentially many more projects, Cloud IAM provides a unified view into security policy across your entire organization, with built-in auditing to ease compliance processes.
More information on Cloud IAM can be found here: https://cloud.google.com/iam and detailed documentation can be found here: https://cloud.google.com/iam/docs/
These flags are available to all commands: --help.
Run $ gcloud help for details.
GROUP is one of the following:
- policies
Manage IAM deny policies.
- roles
Create and manipulate roles.
- service-accounts
Create and manipulate service accounts.
- simulator
Understand how an IAM policy change could impact access before deploying the change.
- workload-identity-pools
Manage IAM workload identity pools.
COMMAND is one of the following:
- list-grantable-roles
List IAM grantable roles for a resource.
- list-testable-permissions
List IAM testable permissions for a resource.
These variants are also available:
$ gcloud alpha iam
$ gcloud beta iam