To grant the role "pr-test-role" for user "test-user@example.com" with IdP prefix "fop" in organization "org-1", run:
gdcloud organizations add-iam-policy-binding org-1 --role=pr-test-role --member=user:fop-test-user@example.com
To grant the role "pr-test-role" for service account "test-sa" of project "test-sa-project" in the organization "org-1", run:
gdcloud organizations add-iam-policy-binding org-1 --role=pr-test-role --member=serviceAccount:test-sa-project:test-sa
必需标志
--member string The member to add binding for, defined by either user:EMAIL or serviceAccount:SERVICE_ACCOUNT_PROJECT:SERVICE_ACCOUNT_NAME. The email must contain the IdP prefix for the user.
--role string Role name to assign to the member.
[[["易于理解","easyToUnderstand","thumb-up"],["解决了我的问题","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["很难理解","hardToUnderstand","thumb-down"],["信息或示例代码不正确","incorrectInformationOrSampleCode","thumb-down"],["没有我需要的信息/示例","missingTheInformationSamplesINeed","thumb-down"],["翻译问题","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],["最后更新时间 (UTC):2025-09-04。"],[],[],null,["# gdcloud organizations add-iam-policy-binding\n\nNAME\n----\n\ngdcloud organizations add-iam-policy-binding - Grant a role to a member in an organization\n\nSYNOPSIS\n--------\n\n gdcloud organizations add-iam-policy-binding ORGANIZATION_ID [flags]\n\nDESCRIPTION\n-----------\n\nGrant a role to a member in an organization. The member can either be a human user or a service account. The name of the binding is auto-generated.\n\n### EXAMPLES\n\n\n To grant the role \"pr-test-role\" for user \"test-user@example.com\" with IdP prefix \"fop\" in organization \"org-1\", run:\n\n gdcloud organizations add-iam-policy-binding org-1 --role=pr-test-role --member=user:fop-test-user@example.com\n\n To grant the role \"pr-test-role\" for service account \"test-sa\" of project \"test-sa-project\" in the organization \"org-1\", run:\n\n gdcloud organizations add-iam-policy-binding org-1 --role=pr-test-role --member=serviceAccount:test-sa-project:test-sa\n\n### REQUIRED FLAGS\n\n --member string The member to add binding for, defined by either user:EMAIL or serviceAccount:SERVICE_ACCOUNT_PROJECT:SERVICE_ACCOUNT_NAME. The email must contain the IdP prefix for the user.\n --role string Role name to assign to the member.\n\n### GDCLOUD WIDE FLAGS\n\nThese flags are available to all commands: `--configuration`, `--format`, `--help`, `--project`, `--quiet`.\n\nFor more information, see the [gdcloud CLI reference overview](/distributed-cloud/hosted/docs/latest/appliance/resources/gdcloud-reference/gdcloud) page."]]
