HEX
Server: Apache/2.4.65 (Ubuntu)
System: Linux ielts-store-v2 6.8.0-1036-gcp #38~22.04.1-Ubuntu SMP Thu Aug 14 01:19:18 UTC 2025 x86_64
User: root (0)
PHP: 7.2.34-54+ubuntu20.04.1+deb.sury.org+1
Disabled: pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,
$ pwd: /snap/google-cloud-cli/current/help/man/man1/
Upload Files
File: //snap/google-cloud-cli/current/help/man/man1/gcloud_iam_policy-bindings_create.1
.TH "GCLOUD_IAM_POLICY\-BINDINGS_CREATE" 1



.SH "NAME"
.HP
gcloud iam policy\-bindings create \- create PolicyBinding instance



.SH "SYNOPSIS"
.HP
\f5gcloud iam policy\-bindings create\fR (\fIPOLICY_BINDING\fR\ :\ \fB\-\-folder\fR=\fIFOLDER\fR\ \fB\-\-location\fR=\fILOCATION\fR\ \fB\-\-organization\fR=\fIORGANIZATION\fR) \fB\-\-policy\fR=\fIPOLICY\fR \fB\-\-target\-principal\-set\fR=\fITARGET_PRINCIPAL_SET\fR [\fB\-\-annotations\fR=[\fIANNOTATIONS\fR,...]] [\fB\-\-async\fR] [\fB\-\-display\-name\fR=\fIDISPLAY_NAME\fR] [\fB\-\-etag\fR=\fIETAG\fR] [\fB\-\-policy\-kind\fR=\fIPOLICY_KIND\fR] [\fB\-\-condition\-description\fR=\fICONDITION_DESCRIPTION\fR\ \fB\-\-condition\-expression\fR=\fICONDITION_EXPRESSION\fR\ \fB\-\-condition\-location\fR=\fICONDITION_LOCATION\fR\ \fB\-\-condition\-title\fR=\fICONDITION_TITLE\fR] [\fIGCLOUD_WIDE_FLAG\ ...\fR]



.SH "DESCRIPTION"

Create PolicyBinding instance.



.SH "EXAMPLES"

To create a policy binding instance called \f5my\-binding\fR that references a
principal access boundary policy run:

.RS 2m
$ gcloud iam policy\-bindings create my\-binding \-\-organization=123 \e
    \-\-location=global \e
    \-\-policy=organizations/123/locations/global/\e
principalAccessBoundaryPolicies/my\-policy \e
    \-\-target\-principal\-set=//cloudresourcemanager.googleapis.com/\e
organizations/123
.RE



.SH "POSITIONAL ARGUMENTS"

.RS 2m
.TP 2m

PolicyBinding resource \- Identifier. The name of the policy binding, in the
format
\f5{binding_parent/locations/{location}/policyBindings/{policy_binding_id}\fR.
The binding parent is the closest Resource Manager resource (i.e., Project,
Folder or Organization) to the binding target.

Format:

.RS 2m
.IP "\(em" 2m

\f5projects/{project_id}/locations/{location}/policyBindings/{policy_binding_id}\fR
.IP "\(em" 2m

\f5projects/{project_number}/locations/{location}/policyBindings/{policy_binding_id}\fR
.IP "\(em" 2m

\f5folders/{folder_id}/locations/{location}/policyBindings/{policy_binding_id}\fR
.IP "\(em" 2m

\f5organizations/{organization_id}/locations/{location}/policyBindings/{policy_binding_id}\fR
The arguments in this group can be used to specify the attributes of this
resource. (NOTE) Some attributes are not given arguments in this group but can
be set in other ways.
.RE
.sp

To set the \f5project\fR attribute:
.RS 2m
.IP "\(em" 2m
provide the argument \f5policy_binding\fR on the command line with a fully
specified name;
.IP "\(em" 2m
provide the argument \f5\-\-project\fR on the command line;
.IP "\(em" 2m
set the property \f5core/project\fR. This resource can be one of the following
types: [iam.folders.locations.policyBindings,
iam.organizations.locations.policyBindings,
iam.projects.locations.policyBindings].
.RE
.sp

This must be specified.


.RS 2m
.TP 2m
\fIPOLICY_BINDING\fR

ID of the policyBinding or fully qualified identifier for the policyBinding.

To set the \f5policy_binding\fR attribute:
.RS 2m
.IP "\(bu" 2m
provide the argument \f5policy_binding\fR on the command line.
.RE
.sp

This positional argument must be specified if any of the other arguments in this
group are specified.

.TP 2m
\fB\-\-folder\fR=\fIFOLDER\fR

The folder id of the policyBinding resource.

To set the \f5folder\fR attribute:
.RS 2m
.IP "\(bu" 2m
provide the argument \f5policy_binding\fR on the command line with a fully
specified name;
.IP "\(bu" 2m
provide the argument \f5\-\-folder\fR on the command line. Must be specified for
resource of type [iam.folders.locations.policyBindings].
.RE
.sp

.TP 2m
\fB\-\-location\fR=\fILOCATION\fR

The location id of the policyBinding resource.

To set the \f5location\fR attribute:
.RS 2m
.IP "\(bu" 2m
provide the argument \f5policy_binding\fR on the command line with a fully
specified name;
.IP "\(bu" 2m
provide the argument \f5\-\-location\fR on the command line.
.RE
.sp

.TP 2m
\fB\-\-organization\fR=\fIORGANIZATION\fR

The organization id of the policyBinding resource.

To set the \f5organization\fR attribute:
.RS 2m
.IP "\(bu" 2m
provide the argument \f5policy_binding\fR on the command line with a fully
specified name;
.IP "\(bu" 2m
provide the argument \f5\-\-organization\fR on the command line. Must be
specified for resource of type [iam.organizations.locations.policyBindings].
.RE
.sp


.RE
.RE
.sp

.SH "REQUIRED FLAGS"

.RS 2m
.TP 2m
\fB\-\-policy\fR=\fIPOLICY\fR

The resource name of the policy to be bound. The binding parent and policy must
belong to the same Organization (or Project).

.TP 2m

Target is the full resource name of the resource to which the policy will be
bound. Immutable once set.

This must be specified.


.RS 2m
.TP 2m

Arguments for the target.


.RS 2m
.TP 2m
\fB\-\-target\-principal\-set\fR=\fITARGET_PRINCIPAL_SET\fR

Full Resource Name used for principal access boundary policy bindings Examples:

.RS 2m
.IP "\(em" 2m
Organization:
\f5//cloudresourcemanager.googleapis.com/organizations/ORGANIZATION_ID\fR
.IP "\(em" 2m
Folder: \f5//cloudresourcemanager.googleapis.com/folders/FOLDER_ID\fR
.IP "\(em" 2m
Project:
.RS 2m
.IP "\(bu" 2m
\f5//cloudresourcemanager.googleapis.com/projects/PROJECT_NUMBER\fR
.IP "\(bu" 2m
\f5//cloudresourcemanager.googleapis.com/projects/PROJECT_ID\fR
.RE
.sp
.IP "\(em" 2m
Workload Identity Pool:
\f5//iam.googleapis.com/projects/PROJECT_NUMBER/locations/LOCATION/workloadIdentityPools/WORKLOAD_POOL_ID\fR
.IP "\(em" 2m
Workforce Identity:
\f5//iam.googleapis.com/locations/global/workforcePools/WORKFORCE_POOL_ID\fR
.IP "\(em" 2m
Workspace Identity:
\f5//iam.googleapis.com/locations/global/workspace/WORKSPACE_ID\fR
.RE
.sp


.RE
.RE
.RE
.sp

.SH "OPTIONAL FLAGS"

.RS 2m
.TP 2m
\fB\-\-annotations\fR=[\fIANNOTATIONS\fR,...]

User defined annotations. See https://google.aip.dev/148#annotations for more
details such as format and size limitations.

.RS 2m
.TP 2m
\fBKEY\fR
Sets \f5KEY\fR value.

.TP 2m
\fBVALUE\fR
Sets \f5VALUE\fR value.

.RE
.sp
\fBShorthand Example:\fR


.RS 2m
\-\-annotations=string=string
.RE


\fBJSON Example:\fR


.RS 2m
\-\-annotations='{"string": "string"}'
.RE


\fBFile Example:\fR


.RS 2m
\-\-annotations=path_to_file.(yaml|json)
.RE


.TP 2m
\fB\-\-async\fR

Return immediately, without waiting for the operation in progress to complete.

.TP 2m
\fB\-\-display\-name\fR=\fIDISPLAY_NAME\fR

The description of the policy binding. Must be less than or equal to 63
characters.

.TP 2m
\fB\-\-etag\fR=\fIETAG\fR

The etag for the policy binding. If this is provided on update, it must match
the server's etag.

.TP 2m
\fB\-\-policy\-kind\fR=\fIPOLICY_KIND\fR

The kind of the policy to attach in this binding. This field must be one of the
following:

.RS 2m
.IP "\(em" 2m
Left empty (will be automatically set to the policy kind)
.IP "\(em" 2m
The input policy kind.
.RE
.sp

\fIPOLICY_KIND\fR must be (only one value is supported):

.RS 2m
.TP 2m
\fBprincipal\-access\-boundary\fR
Principal access boundary policy kind
.RE
.sp


.TP 2m

Represents a textual expression in the Common Expression Language (CEL) syntax.
CEL is a C\-like expression language. The syntax and semantics of CEL are
documented at https://github.com/google/cel\-spec.

Example (Comparison):

.RS 2m
title: "Summary size limit"
description: "Determines if a summary is less than 100 chars"
expression: "document.summary.size() < 100"
.RE

Example (Equality):

.RS 2m
title: "Requestor is owner"
description: "Determines if requestor is the document owner"
expression: "document.owner == request.auth.claims.email"
.RE

Example (Logic):

.RS 2m
title: "Public documents"
description: "Determine whether the document should be publicly visible"
expression: "document.type != 'private' && document.type != 'internal'"
.RE

Example (Data Manipulation):

.RS 2m
title: "Notification string"
description: "Create a notification string with a timestamp."
expression: "'New message received at ' + string(document.create_time)"
.RE

The exact variables and functions that may be referenced within an expression
are determined by the service that evaluates it. See the service documentation
for additional information.


.RS 2m
.TP 2m
\fB\-\-condition\-description\fR=\fICONDITION_DESCRIPTION\fR

Description of the expression. This is a longer text which describes the
expression, e.g. when hovered over it in a UI.

.TP 2m
\fB\-\-condition\-expression\fR=\fICONDITION_EXPRESSION\fR

Textual representation of an expression in Common Expression Language syntax.

.TP 2m
\fB\-\-condition\-location\fR=\fICONDITION_LOCATION\fR

String indicating the location of the expression for error reporting, e.g. a
file name and a position in the file.

.TP 2m
\fB\-\-condition\-title\fR=\fICONDITION_TITLE\fR

Title for the expression, i.e. a short string describing its purpose. This can
be used e.g. in UIs which allow to enter the expression.


.RE
.RE
.sp

.SH "GCLOUD WIDE FLAGS"

These flags are available to all commands: \-\-access\-token\-file, \-\-account,
\-\-billing\-project, \-\-configuration, \-\-flags\-file, \-\-flatten,
\-\-format, \-\-help, \-\-impersonate\-service\-account, \-\-log\-http,
\-\-project, \-\-quiet, \-\-trace\-token, \-\-user\-output\-enabled,
\-\-verbosity.

Run \fB$ gcloud help\fR for details.



.SH "API REFERENCE"

This command uses the \fBiam/v3\fR API. The full documentation for this API can
be found at: https://cloud.google.com/iam/



.SH "NOTES"

This variant is also available:

.RS 2m
$ gcloud beta iam policy\-bindings create
.RE
@ Telegram