gcloud iam list-testable-permissions

NAME
gcloud iam list-testable-permissions - list IAM testable permissions for a resource
SYNOPSIS
gcloud iam list-testable-permissions RESOURCE [--filter=EXPRESSION] [GCLOUD_WIDE_FLAG]
DESCRIPTION
Testable permissions mean the permissions that user can add or remove in a role at a given resource. The resource can be referenced either via the full resource name or via a URI.
EXAMPLES
List testable permissions for a resource identified via full resource name:
gcloud iam list-testable-permissions //cloudresourcemanager.googleapis.com/organizations/1234567

List testable permissions for a resource identified via URI:

gcloud iam list-testable-permissions https://www.googleapis.com/compute/v1/projects/example-project
POSITIONAL ARGUMENTS
RESOURCE
The full resource name or URI to get the testable permissions for.

See "Resource Names" for details. To get a URI from most list commands in gcloud, pass the --uri flag. For example:

gcloud compute instances list --project prj --uri https://compute.googleapis.com/compute/v1/projects/prj/zones/us-east1-c/instances/i1 https://compute.googleapis.com/compute/v1/projects/prj/zones/us-east1-d/instances/i2
LIST COMMAND FLAGS
--filter=EXPRESSION
Apply a Boolean filter EXPRESSION to each resource item to be listed. If the expression evaluates True, then that item is listed. For more details and examples of filter expressions, run $ gcloud topic filters. This flag interacts with other flags that are applied in this order: --flatten, --sort-by, --filter, --limit.
GCLOUD WIDE FLAGS
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.

Run $ gcloud help for details.

NOTES
These variants are also available:
gcloud alpha iam list-testable-permissions
gcloud beta iam list-testable-permissions