File: //snap/google-cloud-cli/396/help/man/man1/gcloud_access-context-manager_policies_create.1
.TH "GCLOUD_ACCESS\-CONTEXT\-MANAGER_POLICIES_CREATE" 1
.SH "NAME"
.HP
gcloud access\-context\-manager policies create \- create a new access policy
.SH "SYNOPSIS"
.HP
\f5gcloud access\-context\-manager policies create\fR \fB\-\-organization\fR=\fIORGANIZATION\fR \fB\-\-title\fR=\fITITLE\fR [\fB\-\-async\fR] [\fB\-\-scopes\fR=[\fISCOPES\fR,...]] [\fIGCLOUD_WIDE_FLAG\ ...\fR]
.SH "DESCRIPTION"
Create a new Access Context Manager policy. An Access Context Manager policy,
also known as an access policy, is a container for access levels and VPC Service
Controls service perimeters.
You can optionally specify either a folder or a project as a scope of an access
policy. A scoped policy only allows projects under that scope to be restricted
by any service perimeters defined with that policy. The scope must be within the
organization that this policy is associated with. You can specify only one
folder or project as the scope for an access policy. If you don't specify a
scope, then the scope extends to the entire organization and any projects within
the organization can be added to service perimeters in this policy.
This command only creates an access policy. Access levels and service perimeters
need to be created explicitly.
.SH "EXAMPLES"
To create an access policy that applies to the entire organization, run:
.RS 2m
$ gcloud access\-context\-manager policies create \e
\-\-organization=organizations/123 \-\-title="My Policy"
.RE
To create an access policy that applies to the folder with the ID 345, run:
.RS 2m
$ gcloud access\-context\-manager policies create \e
\-\-organization=organizations/123 \-\-scopes=folders/345 \e
\-\-title="My Folder Policy"
.RE
Only projects within this folder can be added to service perimeters within this
policy.
To create an access policy that applies only to the project with the project
number 567, run:
.RS 2m
$ gcloud access\-context\-manager policies create \e
\-\-organization=organizations/123 \-\-scopes=projects/567 \e
\-\-title="My Project Policy"
.RE
.SH "REQUIRED FLAGS"
.RS 2m
.TP 2m
\fB\-\-organization\fR=\fIORGANIZATION\fR
Parent organization for the access policies.
.TP 2m
\fB\-\-title\fR=\fITITLE\fR
Short human\-readable title of the access policy.
.RE
.sp
.SH "OPTIONAL FLAGS"
.RS 2m
.TP 2m
\fB\-\-async\fR
Return immediately, without waiting for the operation in progress to complete.
.TP 2m
\fB\-\-scopes\fR=[\fISCOPES\fR,...]
Folder or project on which this policy is applicable. You can specify only one
folder or project as the scope and the scope must exist within the specified
organization. If you don't specify a scope, the policy applies to the entire
organization.
.RE
.sp
.SH "GCLOUD WIDE FLAGS"
These flags are available to all commands: \-\-access\-token\-file, \-\-account,
\-\-billing\-project, \-\-configuration, \-\-flags\-file, \-\-flatten,
\-\-format, \-\-help, \-\-impersonate\-service\-account, \-\-log\-http,
\-\-project, \-\-quiet, \-\-trace\-token, \-\-user\-output\-enabled,
\-\-verbosity.
Run \fB$ gcloud help\fR for details.
.SH "API REFERENCE"
This command uses the \fBaccesscontextmanager/v1\fR API. The full documentation
for this API can be found at:
https://cloud.google.com/access\-context\-manager/docs/reference/rest/
.SH "NOTES"
These variants are also available:
.RS 2m
$ gcloud alpha access\-context\-manager policies create
.RE
.RS 2m
$ gcloud beta access\-context\-manager policies create
.RE