gcloud alpha access-approval settings update
- NAME
- gcloud alpha access-approval settings update - update Access Approval settings
- SYNOPSIS
gcloud alpha access-approval settings update[--active_key_version=ACTIVE_KEY_VERSION][--approval_policy=APPROVAL_POLICY][--enrolled_services=ENROLLED_SERVICES][--notification_emails=NOTIFICATION_EMAILS][--notification_pubsub_topic=NOTIFICATION_PUBSUB_TOPIC][--prefer_no_broad_approval_requests=PREFER_NO_BROAD_APPROVAL_REQUESTS][--preferred_request_expiration_days=PREFERRED_REQUEST_EXPIRATION_DAYS][--request_scope_max_width_preference=REQUEST_SCOPE_MAX_WIDTH_PREFERENCE][--require_customer_visible_justification=REQUIRE_CUSTOMER_VISIBLE_JUSTIFICATION][--folder=FOLDER|--organization=ORGANIZATION|--project=PROJECT][GCLOUD_WIDE_FLAG …]
- DESCRIPTION
(ALPHA)Update the Access Approval settings associated with aproject, a folder, or organization. Partial updates are supported (for example,you can update the notification emails without modifying the enrolled services).- EXAMPLES
- Update notification emails associated with project
p1, run:gcloudalphaaccess-approvalsettingsupdate--project=p1--notification_emails='foo@example.com, bar@example.com'Enable Access Approval enforcement for folder
f1:gcloudalphaaccess-approvalsettingsupdate--folder=f1--enrolled_services=allEnable Access Approval enforcement for organization
org1for onlyCloud Storage and Compute products and set the notification emails at the sametime:gcloudalphaaccess-approvalsettingsupdate--organization=org1--enrolled_services='storage.googleapis.com,compute.googleapis.com'--notification_emails='security_team@example.com'Update active key version for project
p1:gcloudalphaaccess-approvalsettingsupdate--project=p1--active_key_version='projects/p1/locations/global/keyRings/signing-keys/cryptoKeys/signing-key/cryptoKeyVersions/1'Update preferred request expiration days for project
p1:gcloudalphaaccess-approvalsettingsupdate--project=p1--preferred_request_expiration_days=5Enable prefer no broad approval requests for project
p1:gcloudalphaaccess-approvalsettingsupdate--project=p1--prefer_no_broad_approval_requests=trueUpdate notification pubsub topic for project
p1:gcloudalphaaccess-approvalsettingsupdate--project=p1--notification_pubsub_topic='exampleTopic'Update request scope max width preference for project
p1:gcloudalphaaccess-approvalsettingsupdate--project=p1--request_scope_max_width_preference=PROJECTUpdate approval policy for project
p1:gcloudalphaaccess-approvalsettingsupdate--project=p1--approval_policy=transparency - FLAGS
--active_key_version=ACTIVE_KEY_VERSION- The asymmetric crypto key version to use for signing approval requests. Use ''to remove the custom signing key.
--approval_policy=APPROVAL_POLICY- The preference to configure the approval policy for access requests.
APPROVAL_POLICYmust be one of:transparency,streamlined-support,access-approval,inherit-policy-from-parent. --enrolled_services=ENROLLED_SERVICES- Comma-separated list of services to enroll for Access Approval or 'all' for allsupported services. Note for project and folder enrollments, only 'all' issupported. Use '' to clear all enrolled services.
--notification_emails=NOTIFICATION_EMAILS- Comma-separated list of email addresses to which notifications relating toapproval requests should be sent or '' to clear all saved notification emails.
--notification_pubsub_topic=NOTIFICATION_PUBSUB_TOPIC- The pubsub topic to publish notifications to when approval requests are made.
--prefer_no_broad_approval_requests=PREFER_NO_BROAD_APPROVAL_REQUESTS- If set to true it will communicate the preference to Google personnel to requestaccess with as targeted a resource scope as possible.
--preferred_request_expiration_days=PREFERRED_REQUEST_EXPIRATION_DAYS- The default expiration time for approval requests. This value must be between 1and 30. Note that this can be overridden at time of Approval Request creationand modified by the customer at approval time.
--request_scope_max_width_preference=REQUEST_SCOPE_MAX_WIDTH_PREFERENCE- The preference for the broadest scope of access for access requests without aspecific method.
REQUEST_SCOPE_MAX_WIDTH_PREFERENCEmustbe one of:ORGANIZATION,FOLDER,PROJECT. --require_customer_visible_justification=REQUIRE_CUSTOMER_VISIBLE_JUSTIFICATION- The preference to configure if a customer visible justification (i.e. VectorCase) is required for a Googler to create an Access Ticket to send to thecustomer when attempting to access customer resources.
- At most one of these can be specified:
--folder=FOLDER- Folder number. Only one of --project, --folder, or --organization can beprovided. If none are provided then it uses config property [core/project].
--organization=ORGANIZATION- Organization number. Either --project, --folder, or --organization must beprovided. If none are provided then it uses config property [core/project].
--project=PROJECT- Project number or id. Only one of --project, --folder, or --organization can beprovided. If none are provided then it uses config property [core/project].
- GCLOUD WIDE FLAGS
- These flags are available to all commands:
--access-token-file,--account,--billing-project,--configuration,--flags-file,--flatten,--format,--help,--impersonate-service-account,--log-http,--project,--quiet,--trace-token,--user-output-enabled,--verbosity.Run
$gcloud helpfor details. - NOTES
- This command is currently in alpha and might change without notice. If thiscommand fails with API permission errors despite specifying the correct project,you might be trying to access an API with an invitation-only early accessallowlist. These variants are also available:
gcloudaccess-approvalsettingsupdategcloudbetaaccess-approvalsettingsupdate
Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-05-07 UTC.