To grant the role "pr-test-role" for user "test-user@example.com" with IdP prefix "fop" in organization "org-1", run:
gdcloud organizations add-iam-policy-binding org-1 --role=pr-test-role --member=user:fop-test-user@example.com
To grant the role "pr-test-role" for service account "test-sa" of project "test-sa-project" in the organization "org-1", run:
gdcloud organizations add-iam-policy-binding org-1 --role=pr-test-role --member=serviceAccount:test-sa-project:test-sa
必需标志
--member string The member to add binding for, defined by either user:EMAIL or serviceAccount:SERVICE_ACCOUNT_PROJECT:SERVICE_ACCOUNT_NAME. The email must contain the IdP prefix for the user.
--role string Role name to assign to the member.
[[["易于理解","easyToUnderstand","thumb-up"],["解决了我的问题","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["很难理解","hardToUnderstand","thumb-down"],["信息或示例代码不正确","incorrectInformationOrSampleCode","thumb-down"],["没有我需要的信息/示例","missingTheInformationSamplesINeed","thumb-down"],["翻译问题","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],["最后更新时间 (UTC):2025-09-04。"],[[["\u003cp\u003eThis command, \u003ccode\u003egdcloud organizations add-iam-policy-binding\u003c/code\u003e, is used to grant a specific role to a user or service account within an organization.\u003c/p\u003e\n"],["\u003cp\u003eThe command requires the organization ID, the desired role to be granted, and the member's details, which include either a user email with an IdP prefix or service account information.\u003c/p\u003e\n"],["\u003cp\u003eThe member specification format can either be \u003ccode\u003euser:EMAIL\u003c/code\u003e or \u003ccode\u003eserviceAccount:SERVICE_ACCOUNT_PROJECT:SERVICE_ACCOUNT_NAME\u003c/code\u003e.\u003c/p\u003e\n"],["\u003cp\u003eThe role is assigned to a member within a specified organization using the \u003ccode\u003e--role\u003c/code\u003e and \u003ccode\u003e--member\u003c/code\u003e flags, respectively.\u003c/p\u003e\n"],["\u003cp\u003eCommon flags such as \u003ccode\u003e--configuration\u003c/code\u003e, \u003ccode\u003e--format\u003c/code\u003e, \u003ccode\u003e--help\u003c/code\u003e, \u003ccode\u003e--project\u003c/code\u003e, and \u003ccode\u003e--quiet\u003c/code\u003e are available for use with this command.\u003c/p\u003e\n"]]],[],null,["# gdcloud organizations add-iam-policy-binding\n\nNAME\n----\n\ngdcloud organizations add-iam-policy-binding - Grant a role to a member in an organization\n\nSYNOPSIS\n--------\n\n gdcloud organizations add-iam-policy-binding ORGANIZATION_ID [flags]\n\nDESCRIPTION\n-----------\n\nGrant a role to a member in an organization. The member can either be a human user or a service account. The name of the binding is auto-generated.\n\n### EXAMPLES\n\n\n To grant the role \"pr-test-role\" for user \"test-user@example.com\" with IdP prefix \"fop\" in organization \"org-1\", run:\n\n gdcloud organizations add-iam-policy-binding org-1 --role=pr-test-role --member=user:fop-test-user@example.com\n\n To grant the role \"pr-test-role\" for service account \"test-sa\" of project \"test-sa-project\" in the organization \"org-1\", run:\n\n gdcloud organizations add-iam-policy-binding org-1 --role=pr-test-role --member=serviceAccount:test-sa-project:test-sa\n\n### REQUIRED FLAGS\n\n --member string The member to add binding for, defined by either user:EMAIL or serviceAccount:SERVICE_ACCOUNT_PROJECT:SERVICE_ACCOUNT_NAME. The email must contain the IdP prefix for the user.\n --role string Role name to assign to the member.\n\n### GDCLOUD WIDE FLAGS\n\nThese flags are available to all commands: `--configuration`, `--format`, `--help`, `--project`, `--quiet`.\n\nFor more information, see the [gdcloud CLI reference overview](/distributed-cloud/hosted/docs/latest/gdch/resources/gdcloud-reference/gdcloud) page."]]
