gcloud iam roles create

NAME

gcloud iam roles create - create a custom role for a project or an organization

SYNOPSIS

gcloud iam roles create ROLE_ID (--organization=ORGANIZATION | --project=PROJECT_ID) [--file=FILE | --description=DESCRIPTION --permissions=PERMISSIONS --stage=STAGE --title=TITLE] [GCLOUD_WIDE_FLAG …]

DESCRIPTION

This command creates a custom role with the provided information.

EXAMPLES

To create a custom role ProjectUpdater from a YAML file, run:

gcloud iam roles create ProjectUpdater --organization=12345 --file=role_file_path

To create a custom role ProjectUpdater with flags, run:

gcloud iam roles create ProjectUpdater --project=myproject --title=ProjectUpdater --description="Have access to get and update the project" --permissions=resourcemanager.projects.get,resourcemanager.projects.update

POSITIONAL ARGUMENTS

ROLE_ID: ID of the custom role to create. You must also specify the --organization or --project flag.

REQUIRED FLAGS

Exactly one of these must be specified:

--organization=ORGANIZATION

Organization of the role you want to create.

--project=PROJECT_ID

Project of the role you want to create.

The Google Cloud project ID to use for this invocation. If omitted, then the current project is assumed; the current project can be listed using gcloud config list --format='text(core.project)' and can be set using gcloud config set project PROJECTID.

--project and its fallback core/project property play two roles in the invocation. It specifies the project of the resource to operate on. It also specifies the project for API enablement check, quota, and billing. To specify a different project for quota and billing, use --billing-project or billing/quota_project property.

OPTIONAL FLAGS

At most one of these can be specified:

--file=FILE: The JSON or YAML file with the IAM Role to create. See https://docs.cloud.google.com/iam/docs/reference/rest/v1/projects.roles.
Or at least one of these can be specified: Roles Settings --description=DESCRIPTION The description of the role you want to create. --permissions=PERMISSIONS The permissions of the role you want to create. Use commas to separate them. --stage=STAGE The state of the role you want to create. This represents a role's lifecycle phase: ALPHA, BETA, GA, DEPRECATED, DISABLED, EAP. --title=TITLE The title of the role you want to create.

GCLOUD WIDE FLAGS

These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.

Run $ gcloud help for details.

NOTES

These variants are also available:

gcloud alpha iam roles create

gcloud beta iam roles create

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2026-05-27 UTC.

gcloud iam roles create Stay organized with collections Save and categorize content based on your preferences.

gcloud iam roles create