HEX
Server: Apache/2.4.65 (Ubuntu)
System: Linux ielts-store-v2 6.8.0-1036-gcp #38~22.04.1-Ubuntu SMP Thu Aug 14 01:19:18 UTC 2025 x86_64
User: root (0)
PHP: 7.2.34-54+ubuntu20.04.1+deb.sury.org+1
Disabled: pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,
$ pwd: /snap/google-cloud-cli/396/lib/surface/access_context_manager/policies/
Upload Files
File: //snap/google-cloud-cli/396/lib/surface/access_context_manager/policies/create.yaml
- release_tracks: [ALPHA, BETA, GA]

  help_text:
    brief: Create a new access policy.
    description: |
      Create a new Access Context Manager policy. An Access Context Manager policy, also known as
      an access policy, is a container for access levels and VPC Service Controls service
      perimeters.

      You can optionally specify either a folder or a project as a scope of an access policy. A
      scoped policy only allows projects under that scope to be restricted by any service perimeters
      defined with that policy. The scope must be within the organization that this policy is
      associated with. You can specify only one folder or project as the scope for an access
      policy. If you don't specify a scope, then the scope extends to the entire organization and
      any projects within the organization can be added to service perimeters in this policy.

      This command only creates an access policy. Access levels and service perimeters need to be
      created explicitly.
    examples: |
      To create an access policy that applies to the entire organization, run:

        $ {command} --organization=organizations/123 --title="My Policy"

      To create an access policy that applies to the folder with the ID 345, run:

        $ {command} --organization=organizations/123 --scopes=folders/345 \
          --title="My Folder Policy"

      Only projects within this folder can be added to service perimeters within this policy.

      To create an access policy that applies only to the project with the project number 567, run:

        $ {command} --organization=organizations/123 --scopes=projects/567 \
          --title="My Project Policy"

  request:
    collection: accesscontextmanager.accessPolicies
    api_version: v1
    BETA:
      api_version: v1
    ALPHA:
      api_version: v1alpha

  async:
    collection: accesscontextmanager.operations
    result_attribute: response
    extract_resource_result: false

  arguments:
    params:
    - api_field: title
      arg_name: title
      required: true
      help_text: Short human-readable title of the access policy.
    - api_field: parent
      arg_name: organization
      required: true
      type: googlecloudsdk.command_lib.util.hooks.types:Resource:collection=cloudresourcemanager.organizations
      processor: googlecloudsdk.command_lib.util.hooks.processors:RelativeName
      help_text: Parent organization for the access policies.
    - api_field: scopes
      arg_name: scopes
      required: false
      help_text: |
        Folder or project on which this policy is applicable. You can specify only one folder or
        project as the scope and the scope must exist within the specified organization. If you
        don't specify a scope, the policy applies to the entire organization.
@ Telegram