gcloud beta container fleet scopes add-app-operator-binding SCOPE (--custom-role=CUSTOM_ROLE | --role=ROLE) (--group=GROUP | --user=USER) [--labels=[KEY=VALUE,…]] [GCLOUD_WIDE_FLAG …]
(BETA) One binding consists of an app operator principal
(user/group) and a role (view/edit/admin or a custom role).
This command sets up the different permissions required for an app operator, including usage of fleet scopes, connect gateway, logging, and metrics. The authoritative list for adding the permissions is the existing RBAC role bindings under the specified scope.
This command can fail for the following reasons:gcloud beta container fleet scopes add-app-operator-binding SCOPE --role=view --group=people@google.com --project=PROJECT_IDSCOPE
PROJECT_ID
PROJECT_ID
with condition where bucket corresponds to SCOPE
view with a random ID
for group people@google.com.
---
The following command:
gcloud beta container fleet scopes add-app-operator-binding SCOPE --role=edit --user=person@google.com --project=PROJECT_IDSCOPE
PROJECT_ID
PROJECT_ID
with condition where bucket corresponds to SCOPE
edit with a random ID
for user person@google.com.
---
The following command:
gcloud beta container fleet scopes add-app-operator-binding SCOPE --role=admin --user=person@google.com --project=PROJECT_IDSCOPE
PROJECT_ID
PROJECT_ID
with condition where bucket corresponds to SCOPE
admin with a random ID
for user person@google.com.
---
The following command:
gcloud beta container fleet scopes add-app-operator-binding SCOPE --custom-role=my-custom-role --user=person@google.com --project=PROJECT_IDSCOPE
PROJECT_ID
PROJECT_ID
with condition where bucket corresponds to SCOPE
my-custom-role with a
random ID for user person@google.com.
To set the project attribute:
SCOPE on the command line with a fully
specified name;
--project on the command line;
core/project.
To set the location attribute:
SCOPE on the command line with a fully
specified name;
SCOPEscope attribute:
SCOPE on the command line.
--custom-role=CUSTOM_ROLE--role=ROLEROLE must be one of: admin,
edit, view.
--group=GROUP--user=USER--labels=[KEY=VALUE,…]-), underscores (_), lowercase characters, and
numbers. Values must contain only hyphens (-), underscores
(_), lowercase characters, and numbers.
--access-token-file,
--account, --billing-project,
--configuration,
--flags-file,
--flatten, --format, --help, --impersonate-service-account,
--log-http,
--project, --quiet, --trace-token, --user-output-enabled,
--verbosity.
Run $ gcloud help for details.
gcloud alpha container fleet scopes add-app-operator-binding
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2026-05-27 UTC.