- NAME
-
- gcloud iam list-grantable-roles - list IAM grantable roles for a resource
- SYNOPSIS
-
-
gcloud iam list-grantable-roles
RESOURCE
[ --filter
=EXPRESSION
][ --page-size
=PAGE_SIZE
; default=100][ GCLOUD_WIDE_FLAG …
]
-
- DESCRIPTION
- This command displays the list of grantable roles for a resource. The resource can be referenced either via the full resource name or via a URI. User can then add IAM policy bindings to grant the roles.
- POSITIONAL ARGUMENTS
-
RESOURCE
-
The full resource name or URI to get the list of roles for.
See "Resource Names" for details. To get a URI from most
list
commands ingcloud
, pass the--uri
flag. For example:$ gcloud compute instances list --project prj --uri https://www.googleapis.com/compute/v1/projects/prj/zones/us-east1-c/instances/i1 https://www.googleapis.com/compute/v1/projects/prj/zones/us-east1-d/instances/i2
- LIST COMMAND FLAGS
-
--filter
=EXPRESSION
-
Apply a Boolean filter
EXPRESSION
to each resource item to be listed. If the expression evaluatesTrue
, then that item is listed. For more details and examples of filter expressions, run $ gcloud topic filters. This flag interacts with other flags that are applied in this order:--flatten
,--sort-by
,--filter
,--limit
. --page-size
=PAGE_SIZE
; default=100-
Some services group resource list output into pages. This flag specifies the
maximum number of resources per page. The default is
100
. Paging may be applied before or after--filter
and--limit
depending on the service.
- GCLOUD WIDE FLAGS
-
These flags are available to all commands: --account, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account,
--log-http, --project, --quiet, --trace-token, --user-output-enabled,
--verbosity. Run
$ gcloud help
for details. - EXAMPLES
-
List grantable roles for a project:
$ gcloud iam list-grantable-roles \ //cloudresourcemanager.googleapis.com/projects/PROJECT_ID
List grantable roles for a resource identified via full resource name:
$ gcloud iam list-grantable-roles \ //compute.googleapis.com/projects/example-project/zones/\ us-central1-f/instances/example-instance
List grantable roles for a resource identified via URI:
$ gcloud iam list-grantable-roles \ https://www.googleapis.com/compute/v1/projects/example-project/\ zones/us-central1-f/instances/example-instance
- NOTES
-
These variants are also available:
$ gcloud alpha iam list-grantable-roles $ gcloud beta iam list-grantable-roles
- Cloud SDK
- Product Overview
- Documentation
- gcloud CLI Overview
- Quickstarts
- All Quickstarts
- For Linux
- For Debian and Ubuntu
- For Red Hat and CentOS
- For macOS
- For Windows
- How-to Guides
- All How-to Guides
- Installing the SDK
- Setting up the SDK
- Managing SDK Components
- Scripting gcloud CLI Commands
- Using gcloud Interactive Shell
- APIs & Reference
- gcloud Reference
- Overview
- gcloud access-context-manager
- gcloud alpha
- Overview
- access-context-manager
- app
- asset
- auth
- bigtable
- billing
- bq
- builds
- cloud-shell
- composer
- compute
- Overview
- accelerator-types
- addresses
- backend-buckets
- backend-services
- commitments
- config-ssh
- connect-to-serial-port
- copy-files
- disk-types
- disks
- external-vpn-gateways
- firewall-rules
- forwarding-rules
- health-checks
- http-health-checks
- https-health-checks
- images
- instance-groups
- Overview
- describe
- get-named-ports
- list
- list-instances
- managed
- Overview
- abandon-instances
- create
- create-instance
- delete
- delete-instances
- describe
- export-autoscaling
- get-named-ports
- instance-configs
- list
- list-instances
- recreate-instances
- resize
- rolling-action
- set-autohealing
- set-autoscaling
- set-instance-template
- set-named-ports
- set-target-pools
- stop-autoscaling
- update
- update-autoscaling
- wait-until
- wait-until-stable
- set-named-ports
- unmanaged
- instance-templates
- instances
- Overview
- add-access-config
- add-iam-policy-binding
- add-labels
- add-metadata
- add-resource-policies
- add-tags
- attach-disk
- create
- create-with-container
- delete
- delete-access-config
- describe
- detach-disk
- get-guest-attributes
- get-iam-policy
- get-serial-port-output
- get-shielded-identity
- list
- move
- network-interfaces
- os-inventory
- remove-iam-policy-binding
- remove-labels
- remove-metadata
- remove-resource-policies
- remove-tags
- reset
- resume
- set-disk-auto-delete
- set-iam-policy
- set-machine-type
- set-min-cpu-platform
- set-scheduling
- set-scopes
- simulate-maintenance-event
- start
- stop
- suspend
- tail-serial-port-output
- update
- update-access-config
- update-container
- interconnects
- machine-images
- machine-types
- network-endpoint-groups
- networks
- operations
- os-login
- project-info
- regions
- reservations
- reset-windows-password
- resource-policies
- routers
- routes
- scp
- security-policies
- shared-vpc
- Overview
- associated-projects
- disable
- enable
- get-host-project
- list-associated-resources
- organizations
- sign-url
- snapshots
- sole-tenancy
- ssh
- ssl-certificates
- ssl-policies
- start-iap-tunnel
- target-http-proxies
- target-https-proxies
- target-instances
- target-pools
- target-ssl-proxies
- target-tcp-proxies
- target-vpn-gateways
- tpus
- url-maps
- vpn-gateways
- vpn-tunnels
- zones
- config
- container
- Overview
- binauthz
- Overview
- attestations
- attestors
- create-signature-payload
- policy
- clusters
- get-server-config
- images
- memberships
- node-pools
- operations
- subnets
- data-catalog
- dataflow
- dataproc
- Overview
- autoscaling-policies
- clusters
- jobs
- operations
- workflow-templates
- datastore
- deployment-manager
- dlp
- domains
- emulators
- endpoints
- filestore
- firebase
- firestore
- functions
- genomics
- healthcare
- Overview
- annotation-stores
- datasets
- dicom-stores
- fhir-stores
- hl7v2-stores
- operations
- help
- iam
- Overview
- list-grantable-roles
- list-testable-permissions
- policies
- roles
- service-accounts
- iap
- init
- interactive
- iot
- Overview
- devices
- registries
- kms
- Overview
- asymmetric-decrypt
- asymmetric-sign
- decrypt
- encrypt
- keyrings
- keys
- locations
- logging
- ml
- Overview
- language
- speech
- video
- vision
- ml-engine
- monitoring
- organizations
- projects
- pubsub
- Overview
- snapshots
- subscriptions
- topics
- redis
- remote-build-execution
- resource-manager
- resources
- run
- scc
- scheduler
- search-help
- services
- source
- spanner
- Overview
- databases
- instance-configs
- instances
- operations
- rows
- sql
- tasks
- web-security-scanner
- gcloud app
- gcloud asset
- gcloud auth
- gcloud beta
- Overview
- access-context-manager
- app
- Overview
- browse
- create
- deploy
- describe
- domain-mappings
- firewall-rules
- gen-config
- instances
- logs
- migrate-config
- open-console
- operations
- regions
- repair
- services
- ssl-certificates
- update
- versions
- asset
- auth
- bigtable
- billing
- builds
- composer
- compute
- Overview
- accelerator-types
- addresses
- backend-buckets
- backend-services
- commitments
- config-ssh
- connect-to-serial-port
- copy-files
- disk-types
- disks
- external-vpn-gateways
- firewall-rules
- forwarding-rules
- health-checks
- http-health-checks
- https-health-checks
- images
- instance-groups
- Overview
- describe
- get-named-ports
- list
- list-instances
- managed
- set-named-ports
- unmanaged
- instance-templates
- instances
- Overview
- add-access-config
- add-iam-policy-binding
- add-labels
- add-metadata
- add-tags
- attach-disk
- create
- create-with-container
- delete
- delete-access-config
- describe
- detach-disk
- get-guest-attributes
- get-iam-policy
- get-serial-port-output
- get-shielded-identity
- list
- move
- network-interfaces
- remove-iam-policy-binding
- remove-labels
- remove-metadata
- remove-tags
- reset
- set-disk-auto-delete
- set-iam-policy
- set-machine-type
- set-scheduling
- set-scopes
- simulate-maintenance-event
- start
- stop
- tail-serial-port-output
- update
- update-access-config
- update-container
- interconnects
- machine-types
- network-endpoint-groups
- networks
- operations
- os-login
- project-info
- regions
- reservations
- reset-windows-password
- resource-policies
- routers
- routes
- scp
- security-policies
- shared-vpc
- Overview
- associated-projects
- disable
- enable
- get-host-project
- list-associated-resources
- organizations
- sign-url
- snapshots
- sole-tenancy
- ssh
- ssl-certificates
- ssl-policies
- start-iap-tunnel
- target-http-proxies
- target-https-proxies
- target-instances
- target-pools
- target-ssl-proxies
- target-tcp-proxies
- target-vpn-gateways
- tpus
- url-maps
- vpn-gateways
- vpn-tunnels
- zones
- config
- container
- Overview
- binauthz
- Overview
- attestations
- attestors
- create-signature-payload
- policy
- clusters
- get-server-config
- images
- node-pools
- operations
- subnets
- data-catalog
- dataflow
- dataproc
- Overview
- autoscaling-policies
- clusters
- jobs
- operations
- workflow-templates
- datastore
- debug
- deployment-manager
- dns
- Overview
- dns-keys
- managed-zones
- operations
- policies
- project-info
- record-sets
- domains
- emulators
- endpoints
- error-reporting
- filestore
- firebase
- firestore
- functions
- help
- iam
- init
- interactive
- iot
- Overview
- devices
- registries
- kms
- logging
- ml
- Overview
- language
- speech
- video
- vision
- ml-engine
- organizations
- projects
- pubsub
- Overview
- snapshots
- subscriptions
- topics
- redis
- resource-manager
- run
- runtime-config
- scheduler
- services
- source
- spanner
- Overview
- databases
- instance-configs
- instances
- operations
- rows
- sql
- tasks
- gcloud bigtable
- gcloud builds
- gcloud components
- gcloud composer
- gcloud compute
- Overview
- accelerator-types
- addresses
- backend-buckets
- backend-services
- commitments
- config-ssh
- connect-to-serial-port
- copy-files
- disk-types
- disks
- firewall-rules
- forwarding-rules
- health-checks
- http-health-checks
- https-health-checks
- images
- instance-groups
- Overview
- describe
- get-named-ports
- list
- list-instances
- managed
- set-named-ports
- unmanaged
- instance-templates
- instances
- Overview
- add-access-config
- add-iam-policy-binding
- add-labels
- add-metadata
- add-tags
- attach-disk
- create
- create-with-container
- delete
- delete-access-config
- describe
- detach-disk
- get-iam-policy
- get-serial-port-output
- get-shielded-identity
- list
- move
- network-interfaces
- remove-iam-policy-binding
- remove-labels
- remove-metadata
- remove-tags
- reset
- set-disk-auto-delete
- set-iam-policy
- set-machine-type
- set-scheduling
- set-service-account
- simulate-maintenance-event
- start
- stop
- tail-serial-port-output
- update
- update-access-config
- update-container
- interconnects
- machine-types
- networks
- operations
- os-login
- project-info
- regions
- reset-windows-password
- routers
- routes
- scp
- security-policies
- shared-vpc
- Overview
- associated-projects
- disable
- enable
- get-host-project
- list-associated-resources
- organizations
- sign-url
- snapshots
- sole-tenancy
- ssh
- ssl-certificates
- ssl-policies
- target-http-proxies
- target-https-proxies
- target-instances
- target-pools
- target-ssl-proxies
- target-tcp-proxies
- target-vpn-gateways
- tpus
- url-maps
- vpn-tunnels
- zones
- gcloud config
- gcloud container
- gcloud dataflow
- gcloud dataproc
- Overview
- clusters
- jobs
- operations
- workflow-templates
- gcloud datastore
- gcloud debug
- gcloud deployment-manager
- gcloud dns
- gcloud docker
- gcloud domains
- gcloud endpoints
- gcloud feedback
- gcloud filestore
- gcloud firebase
- gcloud functions
- gcloud help
- gcloud iam
- gcloud info
- gcloud init
- gcloud iot
- Overview
- devices
- registries
- gcloud kms
- gcloud logging
- gcloud ml
- Overview
- language
- speech
- video
- vision
- gcloud ml-engine
- gcloud organizations
- gcloud projects
- gcloud pubsub
- gcloud redis
- gcloud resource-manager
- gcloud services
- gcloud source
- gcloud spanner
- Overview
- databases
- instance-configs
- instances
- operations
- rows
- gcloud sql
- gcloud topic
- gcloud version
- Google Cloud Client Libraries
- Resources
- All Resources
- Release Notes
- Usage Statistics
- Support
- Getting Support