gcloud alpha pam grants

NAME: gcloud alpha pam grants - manage Privileged Access Manager grants
SYNOPSIS: gcloud alpha pam grantsCOMMAND[GCLOUD_WIDE_FLAG …]
DESCRIPTION: (ALPHA) Thegcloudpam grants command group lets you manage Privileged Access Manager(PAM) grants.
EXAMPLES: To create a new grant against an entitlement with the full nameENTITLEMENT_NAME, a requested duration of1 hour 30 minutes, a justification ofsomejustification, and two additional email recipientsabc@example.com andxyz@example.com, run:
gcloudalphapamgrantscreate--entitlement=ENTITLEMENT_NAME--requested-duration=5400s--justification="some justification"--additional-email-recipients=abc@example.com,xyz@example.com
To describe a grant with the full nameGRANT_NAME, run:
gcloudalphapamgrantsdescribeGRANT_NAME
To list all grants associated with an entitlement with the full nameENTITLEMENT_NAME, run:
gcloudalphapamgrantslist--entitlement=ENTITLEMENT_NAME
To deny a grant with the full nameGRANT_NAME and a reasondenialreason, run:
gcloudalphapamgrantsdenyGRANT_NAME--reason="denial reason"
To approve a grant with the full nameGRANT_NAME and a reasonapprovalreason, run:
gcloudalphapamgrantsapproveGRANT_NAME--reason="approval reason"
To revoke a grant with the full nameGRANT_NAME and a reasonrevokereason, run:
gcloudalphapamgrantsrevokeGRANT_NAME--reason="revoke reason"
To search for and list all grants that you have created that are associated withan entitlement with the full nameENTITLEMENT_NAME, run:
gcloudalphapamgrantssearch--entitlement=ENTITLEMENT_NAME--caller-relationship=had-created
To search for and list all grants that you have approved or denied, that areassociated with an entitlement with the full nameENTITLEMENT_NAME, run:
gcloudalphapamgrantssearch--entitlement=ENTITLEMENT_NAME--caller-relationship=had-approved
To search for and list all grants that you can approve that are associated withan entitlement with the full nameENTITLEMENT_NAME, run:
gcloudalphapamgrantssearch--entitlement=ENTITLEMENT_NAME--caller-relationship=can-approve
To withdraw a grant with the full nameGRANT_NAME, run:
gcloudalphapamgrantswithdrawGRANT_NAME
GCLOUD WIDE FLAGS: These flags are available to all commands:--help.
Run$gcloud help for details.
COMMANDS: COMMAND is one of the following:
approve
(ALPHA) Approve a Privileged Access Manager (PAM) grant.
create
(ALPHA) Create a new Privileged Access Manager (PAM) grant.
deny
(ALPHA) Deny a Privileged Access Manager (PAM) grant.
describe
(ALPHA) Show details of a Privileged Access Manager (PAM) grant.
list
(ALPHA) List all Privileged Access Manager (PAM) grants associatedwith an entitlement.
revoke
(ALPHA) Revoke a Privileged Access Manager (PAM) grant.
search
(ALPHA) Search for and list all Privileged Access Manager (PAM)grants you have created, have approved, or can approve.
withdraw
(ALPHA) Withdraw a Privileged Access Manager (PAM) grant.
NOTES: This command is currently in alpha and might change without notice. If thiscommand fails with API permission errors despite specifying the correct project,you might be trying to access an API with an invitation-only early accessallowlist. These variants are also available:
gcloudpamgrants
gcloudbetapamgrants

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-09-24 UTC.

Movatterモバイル変換

gcloud alpha pam grants Stay organized with collections Save and categorize content based on your preferences.

gcloud alpha pam grants