- gcloud beta iam service-accounts set-iam-policy - set IAM policy for a service account
gcloud beta iam service-accounts set-iam-policy SERVICE_ACCOUNT POLICY_FILE [GCLOUD_WIDE_FLAG ...]
(BETA) This command replaces the existing IAM policy for a service
When managing IAM roles, you can treat a service account either as a resource or as an identity. This command is to set the iam policy of a service account resource. There are other gcloud commands to manage IAM policies for other types of resources. For example, to manage IAM policies on a project, use the $ gcloud projects commands.
The service account whose policy to set. The account should be formatted either
as a numeric service account ID or as an email, like this: 123456789876543212345
Path to a local JSON or YAML formatted file containing a valid policy.
GCLOUD WIDE FLAGS
These flags are available to all commands: --account, --configuration, --flags-file, --flatten, --format, --help, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity. Run $ gcloud help for details.
The following command will read an IAM policy defined in a JSON file 'policy.json' and set it for a service account with identifier 'firstname.lastname@example.org'
$ gcloud beta iam service-accounts set-iam-policy \
See cloud.google.com/iam/docs/managing-policies for details of the policy file format and contents.
This command is currently in BETA and may change without notice. These variants are also available:
- $ gcloud iam service-accounts set-iam-policy $ gcloud alpha iam service-accounts set-iam-policy