File: //snap/google-cloud-cli/396/help/man/man1/gcloud_projects_add-iam-policy-binding.1
.TH "GCLOUD_PROJECTS_ADD\-IAM\-POLICY\-BINDING" 1
.SH "NAME"
.HP
gcloud projects add\-iam\-policy\-binding \- add IAM policy binding for a project
.SH "SYNOPSIS"
.HP
\f5gcloud projects add\-iam\-policy\-binding\fR \fIPROJECT_ID\fR \fB\-\-member\fR=\fIPRINCIPAL\fR \fB\-\-role\fR=\fIROLE\fR [\fB\-\-condition\fR=[\fIKEY\fR=\fIVALUE\fR,...]\ |\ \fB\-\-condition\-from\-file\fR=\fIPATH_TO_FILE\fR] [\fIGCLOUD_WIDE_FLAG\ ...\fR]
.SH "DESCRIPTION"
Adds a policy binding to the IAM policy of a project, given a project ID and the
binding. One binding consists of a member, a role, and an optional condition.
.SH "EXAMPLES"
To add an IAM policy binding for the role of \f5roles/editor\fR for the user
\f5test\-user@gmail.com\fR on a project with identifier
\f5example\-project\-id\-1\fR, run:
.RS 2m
$ gcloud projects add\-iam\-policy\-binding example\-project\-id\-1 \e
\-\-member='user:test\-user@gmail.com' \-\-role='roles/editor'
.RE
To add an IAM policy binding for the role of \f5roles/editor\fR to the service
account \f5test\-proj1@example.domain.com\fR on a project with identifier
\f5example\-project\-id\-1\fR, run:
.RS 2m
$ gcloud projects add\-iam\-policy\-binding example\-project\-id\-1 \e
\-\-member='serviceAccount:test\-proj1@example.domain.com' \e
\-\-role='roles/editor'
.RE
To add an IAM policy binding that expires at the end of the year 2021 for the
role of \f5roles/browser\fR and the user \f5test\-user@gmail.com\fR on a project
with identifier \f5example\-project\-id\-1\fR, run:
.RS 2m
$ gcloud projects add\-iam\-policy\-binding example\-project\-id\-1 \e
\-\-member='user:test\-user@gmail.com' \-\-role='roles/browser' \e
\-\-condition='expression=request.time <
timestamp("2019\-01\-01T00:00:00Z"),title=expires_end_of_2021,descrip\e
tion=Expires at midnight on 2021\-12\-31'
.RE
See https://cloud.google.com/iam/docs/managing\-policies for details of policy
role and member types.
.SH "POSITIONAL ARGUMENTS"
.RS 2m
.TP 2m
Project resource \- The project to add the IAM policy binding. This represents a
Cloud resource.
This must be specified.
.RS 2m
.TP 2m
\fIPROJECT_ID\fR
ID of the project or fully qualified identifier for the project.
To set the \f5project_id\fR attribute:
.RS 2m
.IP "\(bu" 2m
provide the argument \f5project_id\fR on the command line.
.RE
.sp
.RE
.RE
.sp
.SH "REQUIRED FLAGS"
.RS 2m
.TP 2m
\fB\-\-member\fR=\fIPRINCIPAL\fR
The principal to add the binding for. Should be of the form
\f5user|group|serviceAccount:email\fR or \f5domain:domain\fR.
Examples: \f5user:test\-user@gmail.com\fR, \f5group:admins@example.com\fR,
\f5serviceAccount:test123@example.domain.com\fR, or
\f5domain:example.domain.com\fR.
Some resources also accept the following special values:
.RS 2m
.IP "\(em" 2m
\f5allUsers\fR \- Special identifier that represents anyone who is on the
internet, with or without a Google account.
.IP "\(em" 2m
\f5allAuthenticatedUsers\fR \- Special identifier that represents anyone who is
authenticated with a Google account or a service account.
.RE
.sp
.TP 2m
\fB\-\-role\fR=\fIROLE\fR
Role name to assign to the principal. The role name is the complete path of a
predefined role, such as \f5roles/logging.viewer\fR, or the role ID for a custom
role, such as \f5organizations/{ORGANIZATION_ID}/roles/logging.viewer\fR.
.RE
.sp
.SH "OPTIONAL FLAGS"
.RS 2m
.TP 2m
At most one of these can be specified:
.RS 2m
.TP 2m
\fB\-\-condition\fR=[\fIKEY\fR=\fIVALUE\fR,...]
A condition to include in the binding. When the condition is explicitly
specified as \f5None\fR (\f5\-\-condition=None\fR), a binding without a
condition is added. When the condition is specified and is not \f5None\fR,
\f5\-\-role\fR cannot be a basic role. Basic roles are \f5roles/editor\fR,
\f5roles/owner\fR, and \f5roles/viewer\fR. For more on conditions, refer to the
conditions overview guide:
https://cloud.google.com/iam/docs/conditions\-overview
When using the \f5\-\-condition\fR flag, include the following key\-value pairs:
.RS 2m
.TP 2m
\fBexpression\fR
(Required) Condition expression that evaluates to True or False. This uses a
subset of Common Expression Language syntax.
If the condition expression includes a comma, use a different delimiter to
separate the key\-value pairs. Specify the delimiter before listing the
key\-value pairs. For example, to specify a colon (\f5:\fR) as the delimiter, do
the following: \f5\-\-condition=^:^title=TITLE:expression=EXPRESSION\fR. For
more information, see
https://cloud.google.com/sdk/gcloud/reference/topic/escaping.
.TP 2m
\fBtitle\fR
(Required) A short string describing the purpose of the expression.
.TP 2m
\fBdescription\fR
(Optional) Additional description for the expression.
.RE
.sp
.TP 2m
\fB\-\-condition\-from\-file\fR=\fIPATH_TO_FILE\fR
Path to a local JSON or YAML file that defines the condition. To see available
fields, see the help for \f5\-\-condition\fR. Use a full or relative path to a
local file containing the value of condition.
.RE
.RE
.sp
.SH "GCLOUD WIDE FLAGS"
These flags are available to all commands: \-\-access\-token\-file, \-\-account,
\-\-billing\-project, \-\-configuration, \-\-flags\-file, \-\-flatten,
\-\-format, \-\-help, \-\-impersonate\-service\-account, \-\-log\-http,
\-\-project, \-\-quiet, \-\-trace\-token, \-\-user\-output\-enabled,
\-\-verbosity.
Run \fB$ gcloud help\fR for details.
.SH "API REFERENCE"
This command uses the \fBcloudresourcemanager/v1\fR API. The full documentation
for this API can be found at: https://cloud.google.com/resource\-manager
.SH "NOTES"
These variants are also available:
.RS 2m
$ gcloud alpha projects add\-iam\-policy\-binding
.RE
.RS 2m
$ gcloud beta projects add\-iam\-policy\-binding
.RE