gcloud beta pam grants

NAME: gcloud beta pam grants - manage Privileged Access Manager grants
SYNOPSIS: gcloud beta pam grants COMMAND [GCLOUD_WIDE_FLAG …]
DESCRIPTION: (BETA) The gcloud pam grants command group lets you manage Privileged Access Manager (PAM) grants.
EXAMPLES: To create a new grant against an entitlement with the full name ENTITLEMENT_NAME, a requested duration of 1 hour 30 minutes, a justification of some justification, and two additional email recipients abc@example.com and xyz@example.com, run:
gcloud beta pam grants create --entitlement=ENTITLEMENT_NAME --requested-duration=5400s --justification="some justification" --additional-email-recipients=abc@example.com,xyz@example.com

To describe a grant with the full name GRANT_NAME, run:
gcloud beta pam grants describe GRANT_NAME

To list all grants associated with an entitlement with the full name ENTITLEMENT_NAME, run:
gcloud beta pam grants list --entitlement=ENTITLEMENT_NAME

To deny a grant with the full name GRANT_NAME and a reason denial reason, run:
gcloud beta pam grants deny GRANT_NAME --reason="denial reason"

To approve a grant with the full name GRANT_NAME and a reason approval reason, run:
gcloud beta pam grants approve GRANT_NAME --reason="approval reason"

To revoke a grant with the full name GRANT_NAME and a reason revoke reason, run:
gcloud beta pam grants revoke GRANT_NAME --reason="revoke reason"

To search for and list all grants that you have created that are associated with an entitlement with the full name ENTITLEMENT_NAME, run:
gcloud beta pam grants search --entitlement=ENTITLEMENT_NAME --caller-relationship=had-created

To search for and list all grants that you have approved or denied, that are associated with an entitlement with the full name ENTITLEMENT_NAME, run:
gcloud beta pam grants search --entitlement=ENTITLEMENT_NAME --caller-relationship=had-approved

To search for and list all grants that you can approve that are associated with an entitlement with the full name ENTITLEMENT_NAME, run:
gcloud beta pam grants search --entitlement=ENTITLEMENT_NAME --caller-relationship=can-approve

To withdraw a grant with the full name GRANT_NAME, run:
gcloud beta pam grants withdraw GRANT_NAME
GCLOUD WIDE FLAGS: These flags are available to all commands: --help.
Run $ gcloud help for details.
COMMANDS: COMMAND is one of the following:

approve

(BETA) Approve a Privileged Access Manager (PAM) grant.

create

(BETA) Create a new Privileged Access Manager (PAM) grant.

deny

(BETA) Deny a Privileged Access Manager (PAM) grant.

describe

(BETA) Show details of a Privileged Access Manager (PAM) grant.

list

(BETA) List all Privileged Access Manager (PAM) grants associated with an entitlement.

revoke

(BETA) Revoke a Privileged Access Manager (PAM) grant.

search

(BETA) Search for and list all Privileged Access Manager (PAM) grants you have created, have approved, or can approve.

withdraw

(BETA) Withdraw a Privileged Access Manager (PAM) grant.
NOTES: This command is currently in beta and might change without notice. These variants are also available:
gcloud pam grants

gcloud alpha pam grants

gcloud beta pam grants Stay organized with collections Save and categorize content based on your preferences.

gcloud beta pam grants