- NAME
-
- gcloud beta access-approval settings update - update Access Approval settings
- SYNOPSIS
-
-
gcloud beta access-approval settings update
[--active_key_version
=ACTIVE_KEY_VERSION
] [--enrolled_services
=ENROLLED_SERVICES
] [--notification_emails
=NOTIFICATION_EMAILS
] [--notification_pubsub_topic
=NOTIFICATION_PUBSUB_TOPIC
] [--prefer_no_broad_approval_requests
=PREFER_NO_BROAD_APPROVAL_REQUESTS
] [--preferred_request_expiration_days
=PREFERRED_REQUEST_EXPIRATION_DAYS
] [--request_scope_max_width_preference
=REQUEST_SCOPE_MAX_WIDTH_PREFERENCE
] [--require_customer_visible_justification
=REQUIRE_CUSTOMER_VISIBLE_JUSTIFICATION
] [--folder
=FOLDER
|--organization
=ORGANIZATION
|--project
=PROJECT
] [GCLOUD_WIDE_FLAG …
]
-
- DESCRIPTION
-
(BETA)
Update the Access Approval settings associated with a project, a folder, or organization. Partial updates are supported (for example, you can update the notification emails without modifying the enrolled services). - EXAMPLES
-
Update notification emails associated with project
p1
, run:gcloud beta access-approval settings update --project=p1 --notification_emails='foo@example.com, bar@example.com'
Enable Access Approval enforcement for folder
f1
:gcloud beta access-approval settings update --folder=f1 --enrolled_services=all
Enable Access Approval enforcement for organization
org1
for only Cloud Storage and Compute products and set the notification emails at the same time:gcloud beta access-approval settings update --organization=org1 --enrolled_services='storage.googleapis.com,compute.googleapis.com' --notification_emails='security_team@example.com'
Update active key version for project
p1
:gcloud beta access-approval settings update --project=p1 --active_key_version='projects/p1/locations/global/keyRings/signing-keys/cryptoKeys/signing-key/cryptoKeyVersions/1'
Update preferred request expiration days for project
p1
:gcloud beta access-approval settings update --project=p1 --preferred_request_expiration_days=5
Enable prefer no broad approval requests for project
p1
:gcloud beta access-approval settings update --project=p1 --prefer_no_broad_approval_requests=true
Update notification pubsub topic for project
p1
:gcloud beta access-approval settings update --project=p1 --notification_pubsub_topic='exampleTopic'
Update request scope max width preference for project
p1
:gcloud beta access-approval settings update --project=p1 --request_scope_max_width_preference=PROJECT
- FLAGS
-
--active_key_version
=ACTIVE_KEY_VERSION
- The asymmetric crypto key version to use for signing approval requests. Use '' to remove the custom signing key.
--enrolled_services
=ENROLLED_SERVICES
- Comma-separated list of services to enroll for Access Approval or 'all' for all supported services. Note for project and folder enrollments, only 'all' is supported. Use '' to clear all enrolled services.
--notification_emails
=NOTIFICATION_EMAILS
- Comma-separated list of email addresses to which notifications relating to approval requests should be sent or '' to clear all saved notification emails.
--notification_pubsub_topic
=NOTIFICATION_PUBSUB_TOPIC
- The pubsub topic to publish notifications to when approval requests are made.
--prefer_no_broad_approval_requests
=PREFER_NO_BROAD_APPROVAL_REQUESTS
- If set to true it will communicate the preference to Google personnel to request access with as targeted a resource scope as possible.
--preferred_request_expiration_days
=PREFERRED_REQUEST_EXPIRATION_DAYS
- The default expiration time for approval requests. This value must be between 1 and 30. Note that this can be overridden at time of Approval Request creation and modified by the customer at approval time.
--request_scope_max_width_preference
=REQUEST_SCOPE_MAX_WIDTH_PREFERENCE
-
The preference for the broadest scope of access for access requests without a
specific method.
REQUEST_SCOPE_MAX_WIDTH_PREFERENCE
must be one of:ORGANIZATION
,FOLDER
,PROJECT
. --require_customer_visible_justification
=REQUIRE_CUSTOMER_VISIBLE_JUSTIFICATION
- The preference to configure if a customer visible justification (i.e. Vector Case) is required for a Googler to create an Access Ticket to send to the customer when attempting to access customer resources.
-
At most one of these can be specified:
--folder
=FOLDER
- Folder number. Only one of --project, --folder, or --organization can be provided. If none are provided then it uses config property [core/project].
--organization
=ORGANIZATION
- Organization number. Either --project, --folder, or --organization must be provided. If none are provided then it uses config property [core/project].
--project
=PROJECT
- Project number or id. Only one of --project, --folder, or --organization can be provided. If none are provided then it uses config property [core/project].
- GCLOUD WIDE FLAGS
-
These flags are available to all commands:
--access-token-file
,--account
,--billing-project
,--configuration
,--flags-file
,--flatten
,--format
,--help
,--impersonate-service-account
,--log-http
,--project
,--quiet
,--trace-token
,--user-output-enabled
,--verbosity
.Run
$ gcloud help
for details. - NOTES
-
This command is currently in beta and might change without notice. These
variants are also available:
gcloud access-approval settings update
gcloud alpha access-approval settings update
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2024-10-29 UTC.