- NAME
-
- gcloud alpha iam service-accounts set-iam-policy - set IAM policy for a service account
- SYNOPSIS
-
-
gcloud alpha iam service-accounts set-iam-policy
SERVICE_ACCOUNT
POLICY_FILE
[GCLOUD_WIDE_FLAG …
]
-
- DESCRIPTION
-
(ALPHA)
This command replaces the existing IAM policy for a service account, given an IAM_ACCOUNT and a file encoded in JSON or YAML that contains the IAM policy. If the given policy file specifies an "etag" value, then the replacement will succeed only if the policy already in place matches that etag. (An etag obtained via $ gcloud iam service-accounts get-iam-policy will prevent the replacement if the policy for the service account has been subsequently updated.) A policy file that does not contain an etag value will replace any existing policy for the service account.If the service account does not exist, this command returns a
PERMISSION_DENIED
error.When managing IAM roles, you can treat a service account either as a resource or as an identity. This command is to set the iam policy of a service account resource. There are other gcloud commands to manage IAM policies for other types of resources. For example, to manage IAM policies on a project, use the
$ gcloud projects
commands. - EXAMPLES
-
The following command will read an IAM policy from 'policy.json' and set it for
a service account with 'my-iam-account@my-project.iam.gserviceaccount.com' as
the identifier:
See https://cloud.google.com/iam/docs/managing-policies for details of the policy file format and contents.gcloud alpha iam service-accounts set-iam-policy my-iam-account@my-project.iam.gserviceaccount.com policy.json
- POSITIONAL ARGUMENTS
-
SERVICE_ACCOUNT
- The service account whose policy to set. The account should be formatted either as a numeric service account ID or as an email, like this: 123456789876543212345 or my-iam-account@somedomain.com.
POLICY_FILE
- Path to a local JSON or YAML formatted file containing a valid policy.
- GCLOUD WIDE FLAGS
-
These flags are available to all commands:
--access-token-file
,--account
,--billing-project
,--configuration
,--flags-file
,--flatten
,--format
,--help
,--impersonate-service-account
,--log-http
,--project
,--quiet
,--trace-token
,--user-output-enabled
,--verbosity
.Run
$ gcloud help
for details. - NOTES
-
This command is currently in alpha and might change without notice. If this
command fails with API permission errors despite specifying the correct project,
you might be trying to access an API with an invitation-only early access
allowlist. These variants are also available:
gcloud iam service-accounts set-iam-policy
gcloud beta iam service-accounts set-iam-policy
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2024-10-01 UTC.