HEX
Server: Apache/2.4.65 (Ubuntu)
System: Linux ielts-store-v2 6.8.0-1036-gcp #38~22.04.1-Ubuntu SMP Thu Aug 14 01:19:18 UTC 2025 x86_64
User: root (0)
PHP: 7.2.34-54+ubuntu20.04.1+deb.sury.org+1
Disabled: pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,
$ pwd: /snap/google-cloud-cli/394/help/man/man1/
Upload Files
File: //snap/google-cloud-cli/394/help/man/man1/gcloud_access-approval_settings_update.1
.TH "GCLOUD_ACCESS\-APPROVAL_SETTINGS_UPDATE" 1



.SH "NAME"
.HP
gcloud access\-approval settings update \- update Access Approval settings



.SH "SYNOPSIS"
.HP
\f5gcloud access\-approval settings update\fR [\fB\-\-active_key_version\fR=\fIACTIVE_KEY_VERSION\fR] [\fB\-\-approval_policy\fR=\fIAPPROVAL_POLICY\fR] [\fB\-\-enrolled_services\fR=\fIENROLLED_SERVICES\fR] [\fB\-\-notification_emails\fR=\fINOTIFICATION_EMAILS\fR] [\fB\-\-notification_pubsub_topic\fR=\fINOTIFICATION_PUBSUB_TOPIC\fR] [\fB\-\-prefer_no_broad_approval_requests\fR=\fIPREFER_NO_BROAD_APPROVAL_REQUESTS\fR] [\fB\-\-preferred_request_expiration_days\fR=\fIPREFERRED_REQUEST_EXPIRATION_DAYS\fR] [\fB\-\-request_scope_max_width_preference\fR=\fIREQUEST_SCOPE_MAX_WIDTH_PREFERENCE\fR] [\fB\-\-require_customer_visible_justification\fR=\fIREQUIRE_CUSTOMER_VISIBLE_JUSTIFICATION\fR] [\fB\-\-folder\fR=\fIFOLDER\fR\ |\ \fB\-\-organization\fR=\fIORGANIZATION\fR\ |\ \fB\-\-project\fR=\fIPROJECT\fR] [\fIGCLOUD_WIDE_FLAG\ ...\fR]



.SH "DESCRIPTION"

Update the Access Approval settings associated with a project, a folder, or
organization. Partial updates are supported (for example, you can update the
notification emails without modifying the enrolled services).



.SH "EXAMPLES"

Update notification emails associated with project \f5p1\fR, run:

.RS 2m
$ gcloud access\-approval settings update \-\-project=p1 \e
  \-\-notification_emails='foo@example.com, bar@example.com'
.RE

Enable Access Approval enforcement for folder \f5f1\fR:

.RS 2m
$ gcloud access\-approval settings update \-\-folder=f1 \e
  \-\-enrolled_services=all
.RE

Enable Access Approval enforcement for organization \f5org1\fR for only Cloud
Storage and Compute products and set the notification emails at the same time:

.RS 2m
$ gcloud access\-approval settings update \-\-organization=org1 \e
  \-\-enrolled_services='storage.googleapis.com,compute.googleapis.c\e
om' \-\-notification_emails='security_team@example.com'
.RE

Update active key version for project \f5p1\fR:

.RS 2m
$ gcloud access\-approval settings update \-\-project=p1 \e
  \-\-active_key_version='projects/p1/locations/global/keyRings/sign\e
ing\-keys/cryptoKeys/signing\-key/cryptoKeyVersions/1'
.RE

Update preferred request expiration days for project \f5p1\fR:

.RS 2m
$ gcloud access\-approval settings update \-\-project=p1 \e
  \-\-preferred_request_expiration_days=5
.RE

Enable prefer no broad approval requests for project \f5p1\fR:

.RS 2m
$ gcloud access\-approval settings update \-\-project=p1 \e
  \-\-prefer_no_broad_approval_requests=true
.RE

Update notification pubsub topic for project \f5p1\fR:

.RS 2m
$ gcloud access\-approval settings update \-\-project=p1 \e
  \-\-notification_pubsub_topic='exampleTopic'
.RE

Update request scope max width preference for project \f5p1\fR:

.RS 2m
$ gcloud access\-approval settings update \-\-project=p1 \e
  \-\-request_scope_max_width_preference=PROJECT
.RE

Update approval policy for project \f5p1\fR:

.RS 2m
$ gcloud access\-approval settings update \-\-project=p1 \e
  \-\-approval_policy=transparency
.RE



.SH "FLAGS"

.RS 2m
.TP 2m
\fB\-\-active_key_version\fR=\fIACTIVE_KEY_VERSION\fR

The asymmetric crypto key version to use for signing approval requests. Use ''
to remove the custom signing key.

.TP 2m
\fB\-\-approval_policy\fR=\fIAPPROVAL_POLICY\fR

The preference to configure the approval policy for access requests.
\fIAPPROVAL_POLICY\fR must be one of: \fBtransparency\fR,
\fBstreamlined\-support\fR, \fBaccess\-approval\fR,
\fBinherit\-policy\-from\-parent\fR.

.TP 2m
\fB\-\-enrolled_services\fR=\fIENROLLED_SERVICES\fR

Comma\-separated list of services to enroll for Access Approval or 'all' for all
supported services. Note for project and folder enrollments, only 'all' is
supported. Use '' to clear all enrolled services.

.TP 2m
\fB\-\-notification_emails\fR=\fINOTIFICATION_EMAILS\fR

Comma\-separated list of email addresses to which notifications relating to
approval requests should be sent or '' to clear all saved notification emails.

.TP 2m
\fB\-\-notification_pubsub_topic\fR=\fINOTIFICATION_PUBSUB_TOPIC\fR

The pubsub topic to publish notifications to when approval requests are made.

.TP 2m
\fB\-\-prefer_no_broad_approval_requests\fR=\fIPREFER_NO_BROAD_APPROVAL_REQUESTS\fR

If set to true it will communicate the preference to Google personnel to request
access with as targeted a resource scope as possible.

.TP 2m
\fB\-\-preferred_request_expiration_days\fR=\fIPREFERRED_REQUEST_EXPIRATION_DAYS\fR

The default expiration time for approval requests. This value must be between 1
and 30. Note that this can be overridden at time of Approval Request creation
and modified by the customer at approval time.

.TP 2m
\fB\-\-request_scope_max_width_preference\fR=\fIREQUEST_SCOPE_MAX_WIDTH_PREFERENCE\fR

The preference for the broadest scope of access for access requests without a
specific method. \fIREQUEST_SCOPE_MAX_WIDTH_PREFERENCE\fR must be one of:
\fBORGANIZATION\fR, \fBFOLDER\fR, \fBPROJECT\fR.

.TP 2m
\fB\-\-require_customer_visible_justification\fR=\fIREQUIRE_CUSTOMER_VISIBLE_JUSTIFICATION\fR

The preference to configure if a customer visible justification (i.e. Vector
Case) is required for a Googler to create an Access Ticket to send to the
customer when attempting to access customer resources.

.TP 2m

At most one of these can be specified:


.RS 2m
.TP 2m
\fB\-\-folder\fR=\fIFOLDER\fR

Folder number. Only one of \-\-project, \-\-folder, or \-\-organization can be
provided. If none are provided then it uses config property [core/project].

.TP 2m
\fB\-\-organization\fR=\fIORGANIZATION\fR

Organization number. Either \-\-project, \-\-folder, or \-\-organization must be
provided. If none are provided then it uses config property [core/project].

.TP 2m
\fB\-\-project\fR=\fIPROJECT\fR

Project number or id. Only one of \-\-project, \-\-folder, or \-\-organization
can be provided. If none are provided then it uses config property
[core/project].


.RE
.RE
.sp

.SH "GCLOUD WIDE FLAGS"

These flags are available to all commands: \-\-access\-token\-file, \-\-account,
\-\-billing\-project, \-\-configuration, \-\-flags\-file, \-\-flatten,
\-\-format, \-\-help, \-\-impersonate\-service\-account, \-\-log\-http,
\-\-project, \-\-quiet, \-\-trace\-token, \-\-user\-output\-enabled,
\-\-verbosity.

Run \fB$ gcloud help\fR for details.



.SH "NOTES"

These variants are also available:

.RS 2m
$ gcloud alpha access\-approval settings update
.RE

.RS 2m
$ gcloud beta access\-approval settings update
.RE
@ Telegram