gcloud iam roles create - create a custom role for a project or an organization
gcloud iam roles create ROLE_ID (--organization=ORGANIZATION | --project=PROJECT_ID) [--file=FILE | --description=DESCRIPTION --permissions=PERMISSIONS --stage=STAGE --title=TITLE] [GCLOUD_WIDE_FLAG ...]
This command creates a custom role with the provided information.
To create a custom role ProjectUpdater from a YAML file, run:
$ gcloud iam roles create ProjectUpdater --organization=12345 \ --file=role_file_path
To create a custom role ProjectUpdater with flags, run:
$ gcloud iam roles create ProjectUpdater --project=myproject \ --title=ProjectUpdater \ --description="Have access to get and update the project" \ --permissions=resourcemanager.projects.get,\ resourcemanager.projects.update
- ROLE_ID
The id of the custom role to create. For example: CustomRole. You must also specify the --organization or --project flag.
- Exactly one of these must be specified:
- --organization=ORGANIZATION
The organization of the role you want to create.
- --project=PROJECT_ID
The project of the role you want to create.
The Google Cloud project ID to use for this invocation. If omitted, then the current project is assumed; the current project can be listed using gcloud config list --format='text(core.project)' and can be set using gcloud config set project PROJECTID.
--project and its fallback core/project property play two roles in the invocation. It specifies the project of the resource to operate on. It also specifies the project for API enablement check, quota, and billing. To specify a different project for quota and billing, use --billing-project or billing/quota_project property.
- At most one of these can be specified:
- --file=FILE
The JSON or YAML file with the IAM Role to create. See https://cloud.google.com/iam/reference/rest/v1/projects.roles.
- Roles Settings
- --description=DESCRIPTION
The description of the role you want to create.
- --permissions=PERMISSIONS
The permissions of the role you want to create. Use commas to separate them.
- --stage=STAGE
The state of the role you want to create. This represents a role's lifecycle phase: ALPHA, BETA, GA, DEPRECATED, DISABLED, EAP.
- --title=TITLE
The title of the role you want to create.
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.
These variants are also available:
$ gcloud alpha iam roles create
$ gcloud beta iam roles create