gcloud beta iam GROUP | COMMAND [GCLOUD_WIDE_FLAG …]
(BETA) The gcloud iam command group lets you manage Google Cloud
Identity & Access Management (IAM) service accounts and keys.
Cloud IAM authorizes who can take action on specific resources, giving you full control and visibility to manage cloud resources centrally. For established enterprises with complex organizational structures, hundreds of workgroups and potentially many more projects, Cloud IAM provides a unified view into security policy across your entire organization, with built-in auditing to ease compliance processes.
More information on Cloud IAM can be found here: https://cloud.google.com/iam and detailed documentation can be found here: https://cloud.google.com/iam/docs/.--help.
Run $ gcloud help for details.
GROUP
access-policies(BETA) Manage Access Policy resources.
policies(BETA) Manage IAM deny policies.
policy-bindings(BETA) Manage PolicyBinding instances.
principal-access-boundary-policies(BETA) Manage PrincipalAccessBoundaryPolicy instances.
roles(BETA) Create and manipulate roles.
service-accounts(BETA) Create and manipulate service accounts.
workforce-pools(BETA) Create and manage workforce pools.
workload-identity-pools(BETA) Manage IAM workload identity pools.
COMMAND
list-grantable-roles(BETA) List IAM grantable roles for a resource.
list-testable-permissions(BETA) List IAM testable permissions for a resource.
gcloud iamgcloud alpha iam
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2026-05-27 UTC.