- NAME
-
- gcloud access-context-manager cloud-bindings create - create cloud access bindings for a specific group
- SYNOPSIS
-
-
gcloud access-context-manager cloud-bindings create--group-key=GROUP_KEY[--binding-file=YAML_FILE] [--dry-run-level=[DRY_RUN_LEVEL,…]] [--level=[LEVEL,…]] [--organization=ORGANIZATION] [GCLOUD_WIDE_FLAG …]
-
- DESCRIPTION
-
Create a new cloud access binding. The access level will be globally bound with
the group.
Allowlisted Applications can be specified to limit the scope of the cloud access binding in the 'binding-file'. In such case, the access level specified in the yaml file will be bound with the group and the allowlisted applications.
- EXAMPLES
-
To create a new cloud access binding, run:
gcloud access-context-manager cloud-bindings create --group-key=my-group-key --level=accessPolicies/123/accessLevels/abcTo create a new cloud access binding for particular applications using a yaml file, run:
gcloud access-context-manager cloud-bindings create --group-key=my-group-key --organization='1234567890' --binding-file='binding.yaml'To create a new global cloud access binding, and for particular applications using a yaml file, run:
gcloud access-context-manager cloud-bindings create --group-key=my-group-key --level=accessPolicies/123/accessLevels/abc --organization='1234567890' --binding-file='binding.yaml'To create a new cloud access binding for the dry run access level, run:
gcloud access-context-manager cloud-bindings create --group-key=my-group-key --level=accessPolicies/123/accessLevels/abc --dry-run-level=accessPolicies/123/accessLevels/def - REQUIRED FLAGS
-
--group-key=GROUP_KEY- Google Group id whose members are subject to the restrictions of this binding.
- OPTIONAL FLAGS
-
--binding-file=YAML_FILE-
Path to the file that contains a Google Cloud Platform user access binding.
This file contains a YAML-compliant object representing a GcpUserAccessBinding (as described in the API reference) containing ScopedAccessSettings only. No other binding fields are allowed.
--dry-run-level=[DRY_RUN_LEVEL,…]-
The dry run access level that binds to the given group. The dry run access level
will be evaluated but won't be enforced. Denial on dry run access level will be
logged. The input must be the full identifier of an access level, such as
accessPolicies/123/accessLevels/new-def. --level=[LEVEL,…]-
The access level that binds to the given group. The input must be the full
identifier of an access level, such as
accessPolicies/123/accessLevels/abc. --organization=ORGANIZATION- Parent organization for this binding.
- GCLOUD WIDE FLAGS
-
These flags are available to all commands:
--access-token-file,--account,--billing-project,--configuration,--flags-file,--flatten,--format,--help,--impersonate-service-account,--log-http,--project,--quiet,--trace-token,--user-output-enabled,--verbosity.Run
$ gcloud helpfor details. - API REFERENCE
-
This command uses the
accesscontextmanager/v1API. The full documentation for this API can be found at: https://cloud.google.com/access-context-manager/docs/reference/rest/ - NOTES
-
This variant is also available:
gcloud alpha access-context-manager cloud-bindings create
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2024-10-01 UTC.