Linux command
gcloud-iam 命令
文本
复制后可按需替换文件名、目录或参数。
常用示例
List service accounts in the current project
gcloud iam service-accounts list
Create a service account
gcloud iam service-accounts create [name] --display-name="[description]"
Create a key for a service account
gcloud iam service-accounts keys create [key.json] --iam-account=[email]
List keys for a service account
gcloud iam service-accounts keys list --iam-account=[email]
List all predefined roles
gcloud iam roles list
Describe a specific role and its permissions
gcloud iam roles describe [roles/editor]
List grantable roles for a resource
gcloud iam list-grantable-roles [//cloudresourcemanager.googleapis.com/projects/my-project]
说明
gcloud iam provides command-line access to Google Cloud's Identity and Access Management system, which controls who (identity) has what access (role) to which resources. Service accounts represent non-human identities for applications and services. Keys can be created for service accounts to enable authentication from external environments. Roles bundle related permissions into assignable units. IAM policies bind roles to principals (users, groups, or service accounts) on specific resources. Note that adding role bindings to projects is done via gcloud projects add-iam-policy-binding, not through the gcloud iam command group directly.
参数
- service-accounts _CMD_
- Manage service accounts (create, delete, describe, list, update, add/get/set-iam-policy-binding, keys).
- roles _CMD_
- Manage IAM roles (create, delete, describe, list, update, copy, undelete).
- policies _CMD_
- Manage IAM deny policies.
- workload-identity-pools _CMD_
- Manage workload identity pools for external identity federation.
- list-grantable-roles _RESOURCE_
- List grantable roles for a given resource.
- --iam-account _EMAIL_
- Service account email (used with service-accounts keys subcommands).
- --help
- Display help information.
FAQ
What is the gcloud-iam command used for?
gcloud iam provides command-line access to Google Cloud's Identity and Access Management system, which controls who (identity) has what access (role) to which resources. Service accounts represent non-human identities for applications and services. Keys can be created for service accounts to enable authentication from external environments. Roles bundle related permissions into assignable units. IAM policies bind roles to principals (users, groups, or service accounts) on specific resources. Note that adding role bindings to projects is done via gcloud projects add-iam-policy-binding, not through the gcloud iam command group directly.
How do I run a basic gcloud-iam example?
Run `gcloud iam service-accounts list` in a terminal, then adjust file names, paths, flags, or remote targets for your system.
What does service-accounts _CMD_ do in gcloud-iam?
Manage service accounts (create, delete, describe, list, update, add/get/set-iam-policy-binding, keys).