gcloud iam list-testable-permissions - list IAM testable permissions for a resource
gcloud iam list-testable-permissions RESOURCE [--filter=EXPRESSION] [GCLOUD_WIDE_FLAG ...]
Testable permissions mean the permissions that user can add or remove in a role at a given resource. The resource can be referenced either via the full resource name or via a URI.
List testable permissions for a resource identified via full resource name:
$ gcloud iam list-testable-permissions \ //cloudresourcemanager.googleapis.com/organizations/1234567
List testable permissions for a resource identified via URI:
$ gcloud iam list-testable-permissions \ https://www.googleapis.com/compute/v1/projects/example-project
- RESOURCE
The full resource name or URI to get the testable permissions for.
See "Resource Names" https://cloud.google.com/apis/design/resource_names for details. To get a URI from most list commands in gcloud, pass the --uri flag. For example:
$ gcloud compute instances list --project prj --uri \ https://compute.googleapis.com/compute/v1/projects/prj/zones/us-east1-c/instances/i1 \ https://compute.googleapis.com/compute/v1/projects/prj/zones/us-east1-d/instances/i2
- --filter=EXPRESSION
Apply a Boolean filter EXPRESSION to each resource item to be listed. If the expression evaluates True, then that item is listed. For more details and examples of filter expressions, run $ gcloud topic filters. This flag interacts with other flags that are applied in this order: --flatten, --sort-by, --filter, --limit.
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.
These variants are also available:
$ gcloud alpha iam list-testable-permissions
$ gcloud beta iam list-testable-permissions