HEX
Server: Apache/2.4.65 (Ubuntu)
System: Linux ielts-store-v2 6.8.0-1036-gcp #38~22.04.1-Ubuntu SMP Thu Aug 14 01:19:18 UTC 2025 x86_64
User: root (0)
PHP: 7.2.34-54+ubuntu20.04.1+deb.sury.org+1
Disabled: pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,
$ pwd: /snap/google-cloud-cli/current/help/man/man1/
Upload Files
File: //snap/google-cloud-cli/current/help/man/man1/gcloud_asset_get-effective-iam-policy.1
.TH "GCLOUD_ASSET_GET\-EFFECTIVE\-IAM\-POLICY" 1



.SH "NAME"
.HP
gcloud asset get\-effective\-iam\-policy \- get effective IAM policies for a specified list of resources within accessible scope, such as a project, folder or organization



.SH "SYNOPSIS"
.HP
\f5gcloud asset get\-effective\-iam\-policy\fR \fB\-\-names\fR=\fINAMES\fR,[\fINAMES\fR,...] \fB\-\-scope\fR=\fISCOPE\fR [\fIGCLOUD_WIDE_FLAG\ ...\fR]



.SH "DESCRIPTION"

Batch get effective IAM policies that match a request.



.SH "EXAMPLES"

To list effective IAM policies of 1 resource in an organization, run:

.RS 2m
$ gcloud asset get\-effective\-iam\-policy \e
    \-\-scope=organizations/YOUR_ORG_ID \-\-names=RESOURCE_NAME1
.RE

To list effective IAM policies of 2 resources in a folder, run:

.RS 2m
$ gcloud asset get\-effective\-iam\-policy \e
    \-\-scope=folders/YOUR_FOLDER_ID \e
    \-\-names=RESOURCE_NAME1,RESOURCE_NAME2
.RE

To list effective IAM policies of 3 resources in a project using project ID,
run:

.RS 2m
$ gcloud asset get\-effective\-iam\-policy \e
    \-\-scope=projects/YOUR_PROJECT_ID \e
    \-\-names=RESOURCE_NAME1,RESOURCE_NAME2,RESOURCE_NAME3
.RE

To list effective IAM policies of 2 resources in a project using project number,
run:

.RS 2m
$ gcloud asset get\-effective\-iam\-policy \e
    \-\-scope=projects/YOUR_PROJECT_NUMBER \e
    \-\-names=RESOURCE_NAME1,RESOURCE_NAME2
.RE



.SH "REQUIRED FLAGS"

.RS 2m
.TP 2m
\fB\-\-names\fR=\fINAMES\fR,[\fINAMES\fR,...]

Names refer to a list of full resource names
(https://cloud.google.com/asset\-inventory/docs/resource\-name\-format) of
searchable asset types
(https://cloud.google.com/asset\-inventory/docs/supported\-asset\-types). For
each batch call, total number of names provided is between 1 and 20.

The example value is:

.RS 2m
.IP "\(em" 2m
\f5//cloudsql.googleapis.com/projects/{PROJECT_ID}/instances/{INSTANCE}\fR (e.g.
\f5\fI//cloudsql.googleapis.com/projects/probe\-per\-rt\-project/instances/instance1\fR\fR)
.RE
.sp

.TP 2m
\fB\-\-scope\fR=\fISCOPE\fR

Scope can be a project, a folder, or an organization. The search is limited to
the IAM policies within this scope. The caller must be granted the
\f5\fIcloudasset.assets.analyzeIamPolicy\fR\fR,
\f5\fIcloudasset.assets.searchAllResources\fR\fR,
\f5\fIcloudasset.assets.searchAllIamPolicies\fR\fR permissions on the desired
scope.

The allowed values are:

.RS 2m
.IP "\(em" 2m
\f5projects/{PROJECT_ID}\fR (e.g. \f5\fIprojects/foo\-bar\fR\fR)
.IP "\(em" 2m
\f5projects/{PROJECT_NUMBER}\fR (e.g. \f5\fIprojects/12345678\fR\fR)
.IP "\(em" 2m
\f5folders/{FOLDER_NUMBER}\fR (e.g. \f5\fIfolders/1234567\fR\fR)
.IP "\(em" 2m
\f5organizations/{ORGANIZATION_NUMBER}\fR (e.g.
\f5\fIorganizations/123456\fR\fR)
.RE
.sp


.RE
.sp

.SH "GCLOUD WIDE FLAGS"

These flags are available to all commands: \-\-access\-token\-file, \-\-account,
\-\-billing\-project, \-\-configuration, \-\-flags\-file, \-\-flatten,
\-\-format, \-\-help, \-\-impersonate\-service\-account, \-\-log\-http,
\-\-project, \-\-quiet, \-\-trace\-token, \-\-user\-output\-enabled,
\-\-verbosity.

Run \fB$ gcloud help\fR for details.
@ Telegram