- gcloud alpha iam service-accounts set-iam-policy - set IAM policy for a service account
gcloud alpha iam service-accounts set-iam-policy SERVICE_ACCOUNT POLICY_FILE [GCLOUD_WIDE_FLAG ...]
(ALPHA) This command replaces the existing IAM policy for a service
When managing IAM roles, you can treat a service account either as a resource or as an identity. This command is to set the iam policy of a service account resource. There are other gcloud commands to manage IAM policies for other types of resources. For example, to manage IAM policies on a project, use the $ gcloud projects commands.
The service account whose policy to set. The account should be formatted either
as a numeric service account ID or as an email, like this: 123456789876543212345
Path to a local JSON or YAML formatted file containing a valid policy.
GCLOUD WIDE FLAGS
These flags are available to all commands: --account, --configuration, --flags-file, --flatten, --format, --help, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity. Run $ gcloud help for details.
The following command will read an IAM policy defined in a JSON file 'policy.json' and set it for a service account with identifier 'firstname.lastname@example.org'
$ gcloud alpha iam service-accounts set-iam-policy \
See cloud.google.com/iam/docs/managing-policies for details of the policy file format and contents.
This command is currently in ALPHA and may change without notice. If this command fails with API permission errors despite specifying the right project, you will have to apply for early access and have your projects registered on the API whitelist to use it. To do so, contact Support at cloud.google.com/support These variants are also available:
- $ gcloud iam service-accounts set-iam-policy $ gcloud beta iam service-accounts set-iam-policy