NAME

gcloud ml-engine models add-iam-policy-binding - add IAM policy binding for a model

SYNOPSIS

gcloud ml-engine models add-iam-policy-binding MODEL --member=PRINCIPAL --role=ROLE [--region=REGION] [GCLOUD_WIDE_FLAG ...]

DESCRIPTION

Add IAM policy binding to a model.

EXAMPLES

To add an IAM policy binding for the role of 'roles/ml.admin' for the user 'test-user@gmail.com' on a model with identifier 'my_model', run:

$ gcloud ml-engine models add-iam-policy-binding my_model \ --member='user:test-user@gmail.com' --role='roles/ml.admin'

To add an IAM policy binding for the role of 'roles/ml.admin' to the service account 'test-proj1@example.domain.com', run:

$ gcloud ml-engine models add-iam-policy-binding my_model \ --member='serviceAccount:test-proj1@example.domain.com' \ --role='roles/ml.admin'

To add an IAM policy binding for the role of 'roles/ml.admin' for all authenticated users on a model with identifier 'my_model', run:

$ gcloud ml-engine models add-iam-policy-binding my_model \ --member='allAuthenticatedUsers' --role='roles/ml.admin'

See https://cloud.google.com/iam/docs/managing-policies for details of policy role and principal types.

POSITIONAL ARGUMENTS

MODEL

Name of the model.

REQUIRED FLAGS

--member=PRINCIPAL

The principal to add the binding for. Should be of the form user|group|serviceAccount:email or domain:domain.

Examples: user:test-user@gmail.com, group:admins@example.com, serviceAccount:test123@example.domain.com, or domain:example.domain.com.

Some resources also accept the following special values:

allUsers - Special identifier that represents anyone who is on the internet, with or without a Google account.

allAuthenticatedUsers - Special identifier that represents anyone who is authenticated with a Google account or a service account.

--role=ROLE

Role name to assign to the principal. The role name is the complete path of a predefined role, such as roles/logging.viewer, or the role ID for a custom role, such as organizations/{ORGANIZATION_ID}/roles/logging.viewer.

OPTIONAL FLAGS

--region=REGION

Google Cloud region of the regional endpoint to use for this command. For the global endpoint, the region needs to be specified as global.

Learn more about regional endpoints and see a list of available regions: https://cloud.google.com/ai-platform/prediction/docs/regional-endpoints

REGION must be one of: global, asia-east1, asia-northeast1, asia-southeast1, australia-southeast1, europe-west1, europe-west2, europe-west3, europe-west4, northamerica-northeast1, us-central1, us-east1, us-east4, us-west1.

GCLOUD WIDE FLAGS

These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.

Run $ gcloud help for details.

NOTES

These variants are also available:

$ gcloud alpha ml-engine models add-iam-policy-binding

$ gcloud beta ml-engine models add-iam-policy-binding