gcloud ml-engine models add-iam-policy-binding - add IAM policy binding for a model
gcloud ml-engine models add-iam-policy-binding MODEL --member=PRINCIPAL --role=ROLE [--region=REGION] [GCLOUD_WIDE_FLAG ...]
Add IAM policy binding to a model.
To add an IAM policy binding for the role of 'roles/ml.admin' for the user 'test-user@gmail.com' on a model with identifier 'my_model', run:
$ gcloud ml-engine models add-iam-policy-binding my_model \ --member='user:test-user@gmail.com' --role='roles/ml.admin'
To add an IAM policy binding for the role of 'roles/ml.admin' to the service account 'test-proj1@example.domain.com', run:
$ gcloud ml-engine models add-iam-policy-binding my_model \ --member='serviceAccount:test-proj1@example.domain.com' \ --role='roles/ml.admin'
To add an IAM policy binding for the role of 'roles/ml.admin' for all authenticated users on a model with identifier 'my_model', run:
$ gcloud ml-engine models add-iam-policy-binding my_model \ --member='allAuthenticatedUsers' --role='roles/ml.admin'
See https://cloud.google.com/iam/docs/managing-policies for details of policy role and principal types.
- MODEL
Name of the model.
- --member=PRINCIPAL
The principal to add the binding for. Should be of the form user|group|serviceAccount:email or domain:domain.
Examples: user:test-user@gmail.com, group:admins@example.com, serviceAccount:test123@example.domain.com, or domain:example.domain.com.
Some resources also accept the following special values:
- —
allUsers - Special identifier that represents anyone who is on the internet, with or without a Google account.
- —
allAuthenticatedUsers - Special identifier that represents anyone who is authenticated with a Google account or a service account.
- --role=ROLE
Role name to assign to the principal. The role name is the complete path of a predefined role, such as roles/logging.viewer, or the role ID for a custom role, such as organizations/{ORGANIZATION_ID}/roles/logging.viewer.
- --region=REGION
Google Cloud region of the regional endpoint to use for this command. For the global endpoint, the region needs to be specified as global.
Learn more about regional endpoints and see a list of available regions: https://cloud.google.com/ai-platform/prediction/docs/regional-endpoints
REGION must be one of: global, asia-east1, asia-northeast1, asia-southeast1, australia-southeast1, europe-west1, europe-west2, europe-west3, europe-west4, northamerica-northeast1, us-central1, us-east1, us-east4, us-west1.
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.
These variants are also available:
$ gcloud alpha ml-engine models add-iam-policy-binding
$ gcloud beta ml-engine models add-iam-policy-binding