이름
gdcloud iam roles update - 커스텀 역할을 업데이트합니다.
개요
gdcloud iam roles update ROLE_NAME
{ --file=ROLE_FILE |
[--description=DESCRIPTION]
[--title=TITLE]
[--permissions=[permissions1,...]]
[--stage=[ALPHA | BETA | GA | DISABLED]]
[--projects=[project1,...]]
} [flags]
설명
프로젝트 또는 조직 범위에 대해 좁게 정의된 권한으로 커스텀 역할을 업데이트합니다. 이 역할은 최소 권한의 원칙에 따라 특정 작업을 수행하는 데 필요한 최소한의 액세스 권한만 부여합니다.
EXAMPLES
To update an organization-level custom role with specific permissions, run:
gdcloud iam roles update org-viewer --permissions=storageAdmin:compute:instances.get,storageAdmin:storage:buckets.list
To update a project-level custom role for deploying resources in specific project namespaces, run:
gdcloud iam roles update project-resource-manager --permissions=storageAdmin:compute:instances.get,storageAdmin:compute:disks.create --projects=project-id-1,project-id-2
To update a project-level custom role applicable to all projects, run:
gdcloud iam roles update project-instance-operator --permissions=admin:compute:instances.start,admin:compute:instances.stop
To update title and description of a custom role, run:
gdcloud iam roles update org-viewer --title="Organization Viewer v2" --description="Grants read-only access to storage buckets and compute instances at the organization level v2"
To add additional projects to an existing project-level custom role, run:
gdcloud iam roles update project-resource-manager --projects=project-id-3,project-id-4
To update a custom role from a YAML configuration file, run:
gdcloud iam roles update my_role --file=ROLE_FILE
선택적 플래그
--description string Overrides description of the CustomRole custom resource.
--file string Path to a file containing YAML configuration for a CustomRole custom resource. If set, the gdcloud CLI updates the CustomRole from the YAML configuration and ignores the other flags. The YAML file can contain any combination of the following fields: 'title', 'description', 'permissions', 'stage', and 'projects'. The 'permissions' field, if provided, must adhere to the 'iamRoleName:apiGroup:resource:verb' or 'iamRoleName:apiGroup:resource:resourceName:verb' format (no wildcards). All fields are optional during an update but must follow the format and restrictions of their corresponding command-line flags.
--permissions iamRoleName:apiGroup:resource:verb Overrides a list of permissions granted to this CustomRole. Each permission must be specified in one of the following formats: iamRoleName:apiGroup:resource:verb (for resource that don't have individual name) or `iamRoleName:apiGroup:resource:resourceName:verb` (for resource with specific name). Wildcards (`*`) are explicitly prohibited in any part of the permission string (apiGroup, resource, verb, or resourceName) to enforce the principle of least privilege.
--projects strings Comma-separated list of project IDs where the CustomRole will be applied. When updating project-scoped custom roles, the specified projects are merged with existing projects, unless the existing projects contain a wildcard (*). In that case, the wildcard is preserved, indicating that the role applies to all projects. Required when updating project-scoped custom roles; not applicable for 'organization' scope. Example: --projects=project-id-1,project-id-2,project-id-3.
--stage string Overrides release stage of the CustomRole (ALPHA, BETA, GA or DISABLED). Use DISABLED to disable the CustomRole.
--title string Overrides title of the CustomRole custom resource.
GDCLOUD 전체 플래그
이러한 플래그는 모든 명령어에서 사용할 수 있습니다(--configuration, --format, --help, --project, --quiet).
자세한 내용은 gdcloud CLI 참조 개요 페이지를 참고하세요.