gcloud alpha source-manager instances add-iam-policy-binding

NAME
gcloud alpha source-manager instances add-iam-policy-binding - add an IAM policy binding to a Secure Source Manager instance
SYNOPSIS
gcloud alpha source-manager instances add-iam-policy-binding(INSTANCE :--region=REGION)--member=PRINCIPAL--role=ROLE[GCLOUD_WIDE_FLAG]
DESCRIPTION
(ALPHA) Add an IAM policy binding to a Secure Source Managerinstance.
EXAMPLES
To add an IAM policy binding for the role of 'roles/editor' for the user'test-user@gmail.com' with instance named 'my-instance' and location'us-central1', run:
gcloudalphasource-managerinstancesadd-iam-policy-bindingmy-instance--region='us-central1'--member='user:test-user@gmail.com'--role='roles/editor'

Seehttps://cloud.google.com/iam/docs/managing-policiesfor details of policy role and member types.

POSITIONAL ARGUMENTS
Instance resource - The instance for which to add the IAM policy binding. Thearguments in this group can be used to specify the attributes of this resource.(NOTE) Some attributes are not given arguments in this group but can be set inother ways.

To set theproject attribute:

  • provide the argumentinstance on the command line with a fullyspecified name;
  • provide the argument--project on the command line;
  • set the propertycore/project.

This must be specified.

INSTANCE
ID of the instance or fully qualified identifier for the instance.

To set theinstance attribute:

  • provide the argumentinstance on the command line.

This positional argument must be specified if any of the other arguments in thisgroup are specified.

--region=REGION
Secure Source Manager location.

To set theregion attribute:

  • provide the argumentinstance on the command line with a fullyspecified name;
  • provide the argument--region on the command line.
REQUIRED FLAGS
--member=PRINCIPAL
The principal to add the binding for. Should be of the formuser|group|serviceAccount:email ordomain:domain.

Examples:user:test-user@gmail.com,group:admins@example.com,serviceAccount:test123@example.domain.com, ordomain:example.domain.com.

Some resources also accept the following special values:

  • allUsers - Special identifier that represents anyone who is on theinternet, with or without a Google account.
  • allAuthenticatedUsers - Special identifier that represents anyonewho is authenticated with a Google account or a service account.
--role=ROLE
Role name to assign to the principal. The role name is the complete path of apredefined role, such asroles/logging.viewer, or the role ID for acustom role, such asorganizations/{ORGANIZATION_ID}/roles/logging.viewer.
GCLOUD WIDE FLAGS
These flags are available to all commands:--access-token-file,--account,--billing-project,--configuration,--flags-file,--flatten,--format,--help,--impersonate-service-account,--log-http,--project,--quiet,--trace-token,--user-output-enabled,--verbosity.

Run$gcloud help for details.

API REFERENCE
This command uses thesecuresourcemanager/v1 API. The fulldocumentation for this API can be found at:https://cloud.google.com/secure-source-manager
NOTES
This command is currently in alpha and might change without notice. If thiscommand fails with API permission errors despite specifying the correct project,you might be trying to access an API with an invitation-only early accessallowlist. These variants are also available:
gcloudsource-managerinstancesadd-iam-policy-binding
gcloudbetasource-managerinstancesadd-iam-policy-binding

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-08-26 UTC.