gcloud asset get-effective-iam-policy

NAME
gcloud asset get-effective-iam-policy - get effective IAM policies for a specified list of resources within accessible scope, such as a project, folder or organization
SYNOPSIS
gcloud asset get-effective-iam-policy--names=NAMES,[NAMES,…]--scope=SCOPE[GCLOUD_WIDE_FLAG]
DESCRIPTION
Batch get effective IAM policies that match a request.
EXAMPLES
To list effective IAM policies of 1 resource in an organization, run:
gcloudassetget-effective-iam-policy--scope=organizations/YOUR_ORG_ID--names=RESOURCE_NAME1

To list effective IAM policies of 2 resources in a folder, run:

gcloudassetget-effective-iam-policy--scope=folders/YOUR_FOLDER_ID--names=RESOURCE_NAME1,RESOURCE_NAME2

To list effective IAM policies of 3 resources in a project using project ID,run:

gcloudassetget-effective-iam-policy--scope=projects/YOUR_PROJECT_ID--names=RESOURCE_NAME1,RESOURCE_NAME2,RESOURCE_NAME3

To list effective IAM policies of 2 resources in a project using project number,run:

gcloudassetget-effective-iam-policy--scope=projects/YOUR_PROJECT_NUMBER--names=RESOURCE_NAME1,RESOURCE_NAME2
REQUIRED FLAGS
--names=NAMES,[NAMES,…]
Names refer to a list offullresource names ofsearchableasset types. For each batch call, total number of names provided is between1 and 20.

The example value is:

  • //cloudsql.googleapis.com/projects/{PROJECT_ID}/instances/{INSTANCE}(e.g.//cloudsql.googleapis.com/projects/probe-per-rt-project/instances/instance1)
--scope=SCOPE
Scope can be a project, a folder, or an organization. The search is limited tothe IAM policies within this scope. The caller must be granted thecloudasset.assets.analyzeIamPolicy,cloudasset.assets.searchAllResources,cloudasset.assets.searchAllIamPoliciespermissions on the desired scope.

The allowed values are:

  • projects/{PROJECT_ID} (e.g.projects/foo-bar)
  • projects/{PROJECT_NUMBER} (e.g.projects/12345678)
  • folders/{FOLDER_NUMBER} (e.g.folders/1234567)
  • organizations/{ORGANIZATION_NUMBER} (e.g.organizations/123456)
GCLOUD WIDE FLAGS
These flags are available to all commands:--access-token-file,--account,--billing-project,--configuration,--flags-file,--flatten,--format,--help,--impersonate-service-account,--log-http,--project,--quiet,--trace-token,--user-output-enabled,--verbosity.

Run$gcloud help for details.

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-05-07 UTC.