gcloud-iam
Identity and Access Management for Google Cloud
TLDR
SYNOPSIS
gcloud iam group command [options]
DESCRIPTION
gcloud iam provides command-line access to Google Cloud's Identity and Access Management system, which controls who (identity) has what access (role) to which resources.Service accounts represent non-human identities for applications and services. Keys can be created for service accounts to enable authentication from external environments. Roles bundle related permissions into assignable units. IAM policies bind roles to principals (users, groups, or service accounts) on specific resources.Note that adding role bindings to projects is done via gcloud projects add-iam-policy-binding, not through the gcloud iam command group directly.
PARAMETERS
service-accounts CMD
Manage service accounts (create, delete, describe, list, update, add/get/set-iam-policy-binding, keys).roles CMD
Manage IAM roles (create, delete, describe, list, update, copy, undelete).policies CMD
Manage IAM deny policies.workload-identity-pools CMD
Manage workload identity pools for external identity federation.list-grantable-roles RESOURCE
List grantable roles for a given resource.--iam-account EMAIL
Service account email (used with service-accounts keys subcommands).--help
Display help information.
CAVEATS
IAM changes may take time to propagate. Service account keys are security-sensitive credentials and should be rotated regularly. Role bindings are additive; removing access requires explicit policy modification.
HISTORY
gcloud iam is part of the Google Cloud SDK for managing IAM, Google Cloud's identity and access control system.
SEE ALSO
gcloud(1), gcloud-auth(1), gcloud-config(1), gcloud-projects(1)
