gcloud iam

NAME
gcloud iam - manage IAM service accounts and keys
SYNOPSIS
gcloud iamGROUP |COMMAND[GCLOUD_WIDE_FLAG]
DESCRIPTION
The gcloud iam command group lets you manage Google Cloud Identity & AccessManagement (IAM) service accounts and keys.

Cloud IAM authorizes who can take action on specific resources, giving you fullcontrol and visibility to manage cloud resources centrally. For establishedenterprises with complex organizational structures, hundreds of workgroups andpotentially many more projects, Cloud IAM provides a unified view into securitypolicy across your entire organization, with built-in auditing to easecompliance processes.

More information on Cloud IAM can be found here:https://cloud.google.com/iam anddetailed documentation can be found here:https://cloud.google.com/iam/docs/.

GCLOUD WIDE FLAGS
These flags are available to all commands:--help.

Run$gcloud help for details.

GROUPS
GROUP is one of the following:
oauth-clients
Create and manage OAuth clients.
policies
Manage IAM deny policies.
policy-bindings
Manage policy bindings.
principal-access-boundary-policies
Manage principal access boundary policies.
roles
Create and manipulate roles.
service-accounts
Create and manipulate service accounts.
simulator
Understand how an IAM policy change could impact access before deploying thechange.
workforce-pools
Create and manage workforce pools.
workload-identity-pools
Manage IAM workload identity pools.
COMMANDS
COMMAND is one of the following:
list-grantable-roles
List IAM grantable roles for a resource.
list-testable-permissions
List IAM testable permissions for a resource.
NOTES
These variants are also available:
gcloudalphaiam
gcloudbetaiam

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-05-07 UTC.