gcloud alpha source-manager repos add-iam-policy-binding

NAME
gcloud alpha source-manager repos add-iam-policy-binding - add an IAM policy binding to a Secure Source Manager repository
SYNOPSIS
gcloud alpha source-manager repos add-iam-policy-binding(REPOSITORY :--region=REGION)--member=PRINCIPAL--role=ROLE[GCLOUD_WIDE_FLAG]
DESCRIPTION
(ALPHA) Add an IAM policy binding to a Secure Source Managerrepository.
EXAMPLES
To add an IAM policy binding for the Repository Admin role(roles/securesourcemanager.repoAdmin) for the usertest-user@gmail.com in a repository namedmy-repo andlocationus-central1, run the following command:
gcloudalphasource-managerreposadd-iam-policy-bindingmy-repo--region=us-central1--member=user:test-user@gmail.com--role=roles/securesourcemanager.repoAdmin

Seehttps://cloud.google.com/iam/docs/managing-policiesfor details of policy role and member types.

POSITIONAL ARGUMENTS
Repository resource - Secure Source Manager repository to add the IAM policybinding to. The arguments in this group can be used to specify the attributes ofthis resource. (NOTE) Some attributes are not given arguments in this group butcan be set in other ways.

To set theproject attribute:

  • provide the argumentrepository on the command line with a fullyspecified name;
  • provide the argument--project on the command line;
  • set the propertycore/project.

This must be specified.

REPOSITORY
ID of the repository or fully qualified identifier for the repository.

To set therepository attribute:

  • provide the argumentrepository on the command line.

This positional argument must be specified if any of the other arguments in thisgroup are specified.

--region=REGION
Secure Source Manager location.

To set theregion attribute:

  • provide the argumentrepository on the command line with a fullyspecified name;
  • provide the argument--region on the command line.
REQUIRED FLAGS
--member=PRINCIPAL
The principal to add the binding for. Should be of the formuser|group|serviceAccount:email ordomain:domain.

Examples:user:test-user@gmail.com,group:admins@example.com,serviceAccount:test123@example.domain.com, ordomain:example.domain.com.

Some resources also accept the following special values:

  • allUsers - Special identifier that represents anyone who is on theinternet, with or without a Google account.
  • allAuthenticatedUsers - Special identifier that represents anyonewho is authenticated with a Google account or a service account.
--role=ROLE
Role name to assign to the principal. The role name is the complete path of apredefined role, such asroles/logging.viewer, or the role ID for acustom role, such asorganizations/{ORGANIZATION_ID}/roles/logging.viewer.
GCLOUD WIDE FLAGS
These flags are available to all commands:--access-token-file,--account,--billing-project,--configuration,--flags-file,--flatten,--format,--help,--impersonate-service-account,--log-http,--project,--quiet,--trace-token,--user-output-enabled,--verbosity.

Run$gcloud help for details.

API REFERENCE
This command uses thesecuresourcemanager/v1 API. The fulldocumentation for this API can be found at:https://cloud.google.com/secure-source-manager
NOTES
This command is currently in alpha and might change without notice. If thiscommand fails with API permission errors despite specifying the correct project,you might be trying to access an API with an invitation-only early accessallowlist. These variants are also available:
gcloudsource-managerreposadd-iam-policy-binding
gcloudbetasource-managerreposadd-iam-policy-binding

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-08-26 UTC.