- NAME
-
- gcloud iam principal-access-boundary-policies create - create PrincipalAccessBoundaryPolicy instance
- SYNOPSIS
-
-
gcloud iam principal-access-boundary-policies create
(PRINCIPAL_ACCESS_BOUNDARY_POLICY
:--location
=LOCATION
--organization
=ORGANIZATION
) [--annotations
=[ANNOTATIONS
,…]] [--async
] [--display-name
=DISPLAY_NAME
] [--etag
=ETAG
] [[--details-rules
=[description
=DESCRIPTION
],[effect
=EFFECT
],[resources
=RESOURCES
] :--details-enforcement-version
=DETAILS_ENFORCEMENT_VERSION
]] [GCLOUD_WIDE_FLAG …
]
-
- DESCRIPTION
- Create PrincipalAccessBoundaryPolicy instance.
- EXAMPLES
-
To create a policy instance called
my-policy
, run:gcloud iam principal-access-boundary-policies create my-policy --organization=123 --location=global
- POSITIONAL ARGUMENTS
-
-
PrincipalAccessBoundaryPolicy resource - Identifier. The resource name of the
principal access boundary policy.
The following format is supported:
organizations/{organization_id}/locations/{location}/principalAccessBoundaryPolicies/{policy_id}
The arguments in this group can be used to specify the attributes of this resource.This must be specified.
PRINCIPAL_ACCESS_BOUNDARY_POLICY
-
ID of the principalAccessBoundaryPolicy or fully qualified identifier for the
principalAccessBoundaryPolicy.
To set the
principal_access_boundary_policy
attribute:-
provide the argument
principal_access_boundary_policy
on the command line.
This positional argument must be specified if any of the other arguments in this group are specified.
-
provide the argument
--location
=LOCATION
-
The location id of the principalAccessBoundaryPolicy resource.
To set the
location
attribute:-
provide the argument
principal_access_boundary_policy
on the command line with a fully specified name; -
provide the argument
--location
on the command line.
-
provide the argument
--organization
=ORGANIZATION
-
The organization id of the principalAccessBoundaryPolicy resource.
To set the
organization
attribute:-
provide the argument
principal_access_boundary_policy
on the command line with a fully specified name; -
provide the argument
--organization
on the command line.
-
provide the argument
-
PrincipalAccessBoundaryPolicy resource - Identifier. The resource name of the
principal access boundary policy.
- FLAGS
-
--annotations
=[ANNOTATIONS
,…]-
User defined annotations. See https://google.aip.dev/148#annotations
for more details such as format and size limitations.
KEY
-
Sets
KEY
value. VALUE
-
Sets
VALUE
value.
Shorthand Example:
--annotations=string=string
JSON Example:
--annotations='{"string": "string"}'
File Example:
--annotations=path_to_file.(yaml|json)
--async
- Return immediately, without waiting for the operation in progress to complete.
--display-name
=DISPLAY_NAME
- The description of the principal access boundary policy. Must be less than or equal to 63 characters.
--etag
=ETAG
- The etag for the principal access boundary. If this is provided on update, it must match the server's etag.
-
Principal access boundary policy details
--details-rules
=[description
=DESCRIPTION
],[effect
=EFFECT
],[resources
=RESOURCES
]-
Required, A list of principal access boundary policy rules. The number of rules
in a policy is limited to 500.
description
- The description of the principal access boundary policy rule. Must be less than or equal to 256 characters.
effect
- The access relationship of principals to the resources in this rule.
resources
-
A list of Cloud Resource Manager resources. The resource and all the descendants
are included. The number of resources in a policy is limited to 500 across all
rules.
The following resource types are supported:
-
Organizations, such as
//cloudresourcemanager.googleapis.com/organizations/123
. -
Folders, such as
//cloudresourcemanager.googleapis.com/folders/123
. -
Projects, such as
//cloudresourcemanager.googleapis.com/projects/123
or//cloudresourcemanager.googleapis.com/projects/my-project-id
.
-
Organizations, such as
Shorthand Example:
--details-rules=description=string,effect=string,resources=["string"] --details-rules=description=string,effect=string,resources=["string"]
JSON Example:
--details-rules='[{"description": "string", "effect": "string", "resources": ["string"]}]'
File Example:
--details-rules=path_to_file.(yaml|json)
This flag argument must be specified if any of the other arguments in this group are specified.
--details-enforcement-version
=DETAILS_ENFORCEMENT_VERSION
- The version number that indicates which Google Cloud services are included in the enforcement (e.g. "latest", "1", …). If empty, the PAB policy version will be set to the current latest version, and this version won't get updated when new versions are released.
- GCLOUD WIDE FLAGS
-
These flags are available to all commands:
--access-token-file
,--account
,--billing-project
,--configuration
,--flags-file
,--flatten
,--format
,--help
,--impersonate-service-account
,--log-http
,--project
,--quiet
,--trace-token
,--user-output-enabled
,--verbosity
.Run
$ gcloud help
for details. - API REFERENCE
-
This command uses the
iam/v3
API. The full documentation for this API can be found at: https://cloud.google.com/iam/ - NOTES
-
This variant is also available:
gcloud beta iam principal-access-boundary-policies create
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2024-12-10 UTC.