gcloud iam roles create

NAME
gcloud iam roles create - create a custom role for a project or an organization
SYNOPSIS
gcloud iam roles createROLE_ID(--organization=ORGANIZATION    |--project=PROJECT_ID)[--file=FILE    |--description=DESCRIPTION--permissions=PERMISSIONS--stage=STAGE--title=TITLE][GCLOUD_WIDE_FLAG]
DESCRIPTION
This command creates a custom role with the provided information.
EXAMPLES
To create a custom roleProjectUpdater froma YAML file, run:
gcloudiamrolescreateProjectUpdater--organization=12345--file=role_file_path

To create a custom roleProjectUpdater withflags, run:

gcloudiamrolescreateProjectUpdater--project=myproject--title=ProjectUpdater--description="Have access to get and update the project"--permissions=resourcemanager.projects.get,resourcemanager.projects.update
POSITIONAL ARGUMENTS
ROLE_ID
ID of the custom role to create. You must also specify the--organization or--project flag.
REQUIRED FLAGS
Exactly one of these must be specified:
--organization=ORGANIZATION
Organization of the role you want to create.
--project=PROJECT_ID
Project of the role you want to create.

The Google Cloud project ID to use for this invocation. If omitted, then thecurrent project is assumed; the current project can be listed usinggcloudconfig list --format='text(core.project)' and can be set usinggcloud config set project PROJECTID.

--project and its fallbackcore/project property playtwo roles in the invocation. It specifies the project of the resource to operateon. It also specifies the project for API enablement check, quota, and billing.To specify a different project for quota and billing, use--billing-project orbilling/quota_project property.

OPTIONAL FLAGS
At most one of these can be specified:
--file=FILE
The JSON or YAML file with the IAM Role to create. Seehttps://docs.cloud.google.com/iam/docs/reference/rest/v1/projects.roles.
Or at least one of these can be specified:
Roles Settings
--description=DESCRIPTION
The description of the role you want to create.
--permissions=PERMISSIONS
The permissions of the role you want to create. Use commas to separate them.
--stage=STAGE
The state of the role you want to create. This represents a role's lifecyclephase:ALPHA,BETA,GA,DEPRECATED,DISABLED,EAP.
--title=TITLE
The title of the role you want to create.
GCLOUD WIDE FLAGS
These flags are available to all commands:--access-token-file,--account,--billing-project,--configuration,--flags-file,--flatten,--format,--help,--impersonate-service-account,--log-http,--project,--quiet,--trace-token,--user-output-enabled,--verbosity.

Run$gcloud help for details.

NOTES
These variants are also available:
gcloudalphaiamrolescreate
gcloudbetaiamrolescreate

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2026-01-21 UTC.