- NAME
-
- gcloud alpha access-context-manager cloud-bindings create - create cloud access bindings for a specific group
- SYNOPSIS
-
-
gcloud alpha access-context-manager cloud-bindings create
--group-key
=GROUP_KEY
[--dry-run-level
=[DRY_RUN_LEVEL
,…]] [--level
=[LEVEL
,…]] [--organization
=ORGANIZATION
] [--restricted-client-application-client-ids
=[RESTRICTED_CLIENT_APPLICATION_CLIENT_IDS
,…]] [--restricted-client-application-names
=[RESTRICTED_CLIENT_APPLICATION_NAMES
,…]] [GCLOUD_WIDE_FLAG …
]
-
- DESCRIPTION
-
(ALPHA)
Create a new access binding. The access level will be bound with the group and the restricted client application. The access level is enforced at the organization level for all context-aware access group members, as specified in the binding. If a restricted client application is specified, then the enforcement applies only to the specified application, and not to the entire organization. - EXAMPLES
-
To create a new cloud access binding at the organization level, run:
gcloud alpha access-context-manager cloud-bindings create --group-key=my-group-key --level=accessPolicies/123/accessLevels/abc
To create a new cloud access binding for particular applications, run:
gcloud alpha access-context-manager cloud-bindings create --group-key=my-group-key --level=accessPolicies/123/accessLevels/abc --organization='1234567890' --restricted-client-application-names='Google Cloud SDK, Cloud
Console' \ --restricted-client-application-client-ids='123456789.apps.googl\ eusercontent.com'To create a new cloud access binding for the dry run access level at the organization level, run:
gcloud alpha access-context-manager cloud-bindings create --group-key=my-group-key --level=accessPolicies/123/accessLevels/abc --dry-run-level=accessPolicies/123/accessLevels/def
To create a new cloud access binding for the dry run access level for particular applications, run:
gcloud alpha access-context-manager cloud-bindings create --group-key=my-group-key --level=accessPolicies/123/accessLevels/abc --dry-run-level=accessPolicies/123/accessLevels/def --organization='1234567890' --restricted-client-application-names='Google Cloud SDK, Cloud
Console' \ --restricted-client-application-client-ids='123456789.apps.googl\ eusercontent.com' - REQUIRED FLAGS
-
--group-key
=GROUP_KEY
- Google Group id whose members are subject to the restrictions of this binding.
- OPTIONAL FLAGS
-
--dry-run-level
=[DRY_RUN_LEVEL
,…]-
The dry run access level that binds to the given group and restricted client
applications. The dry run access level is evaluated but isn't enforced. Denial
on a dry run access level is logged. The input must be the full identifier of an
access level, such as
accessPolicies/123/accessLevels/new-def
. If norestricted-client-application-client-ids
orrestricted-client-application-names
are provided, then the access level is applied to the entire organization. --level
=[LEVEL
,…]-
The access level that binds to the given group and restricted client
applications. The input must be the full identifier of an access level, such as
accessPolicies/123/accessLevels/abc
. If norestricted-client-application-client-ids
orrestricted-client-application-names
are provided, then the access level is applied to the entire organization. --organization
=ORGANIZATION
- Parent organization for this binding.
--restricted-client-application-client-ids
=[RESTRICTED_CLIENT_APPLICATION_CLIENT_IDS
,…]- Client IDs to which the access level is applied.
--restricted-client-application-names
=[RESTRICTED_CLIENT_APPLICATION_NAMES
,…]- Application names to which the access level is applied.
- GCLOUD WIDE FLAGS
-
These flags are available to all commands:
--access-token-file
,--account
,--billing-project
,--configuration
,--flags-file
,--flatten
,--format
,--help
,--impersonate-service-account
,--log-http
,--project
,--quiet
,--trace-token
,--user-output-enabled
,--verbosity
.Run
$ gcloud help
for details. - API REFERENCE
-
This command uses the
accesscontextmanager/v1alpha
API. The full documentation for this API can be found at: https://cloud.google.com/access-context-manager/docs/reference/rest/ - NOTES
-
This command is currently in alpha and might change without notice. If this
command fails with API permission errors despite specifying the correct project,
you might be trying to access an API with an invitation-only early access
allowlist. This variant is also available:
gcloud access-context-manager cloud-bindings create
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2024-06-18 UTC.
[{
"type": "thumb-down",
"id": "hardToUnderstand",
"label":"Hard to understand"
},{
"type": "thumb-down",
"id": "incorrectInformationOrSampleCode",
"label":"Incorrect information or sample code"
},{
"type": "thumb-down",
"id": "missingTheInformationSamplesINeed",
"label":"Missing the information/samples I need"
},{
"type": "thumb-down",
"id": "otherDown",
"label":"Other"
}]
[{
"type": "thumb-up",
"id": "easyToUnderstand",
"label":"Easy to understand"
},{
"type": "thumb-up",
"id": "solvedMyProblem",
"label":"Solved my problem"
},{
"type": "thumb-up",
"id": "otherUp",
"label":"Other"
}]