- NAME
-
- gcloud alpha pam entitlements - manage Privileged Access Manager entitlements
- SYNOPSIS
-
-
gcloud alpha pam entitlementsCOMMAND[GCLOUD_WIDE_FLAG …]
-
- DESCRIPTION
-
(ALPHA)Thegcloud pam entitlementscommand group lets you manage Privileged Access Manager (PAM) entitlements. - EXAMPLES
- To create a new entitlement with a name of
sample-entitlement, in a project namedsample-project, in locationglobal, and the entitlement configuration stored in a file namedsample-entitlement.yaml, run:gcloud alpha pam entitlements create sample-entitlement --project = sample-project --location = global --entitlement-file = sample-entitlement.yamlTo create a new entitlement with a name of
sample-entitlement, in a folder with IDFOLDER_IDglobal, and the entitlement configuration stored in a file namedsample-entitlement.yaml, run:gcloud alpha pam entitlements create sample-entitlement --folder = FOLDER_ID --location = global --entitlement-file = sample-entitlement.yamlTo create a new entitlement with a name of
sample-entitlement, in an organization with IDORGANIZATION_IDglobal, and the entitlement configuration stored in a file namedsample-entitlement.yaml, run:gcloud alpha pam entitlements create sample-entitlement --organization = ORGANIZATION_ID --location = global --entitlement-file = sample-entitlement.yamlTo update an entitlement with a name of
sample-entitlement, in a project namedsample-project, in locationglobal, and the new entitlement configuration stored in a file namedsample-entitlement.yaml, run:gcloud alpha pam entitlements update sample-entitlement --project = sample-project --location = global --entitlement-file = sample-entitlement.yamlTo update an entitlement with a name of
sample-entitlement, in a folder with IDFOLDER_IDglobal, and the new entitlement configuration stored in a file namedsample-entitlement.yaml, run:gcloud alpha pam entitlements update sample-entitlement --folder = FOLDER_ID --location = global --entitlement-file = sample-entitlement.yamlTo update an entitlement with a name of
sample-entitlement, in an organization with IDORGANIZATION_IDglobal, and the new entitlement configuration stored in a file namedsample-entitlement.yaml, run:gcloud alpha pam entitlements update sample-entitlement --organization = ORGANIZATION_ID --location = global --entitlement-file = sample-entitlement.yamlTo describe an entitlement with a name of
sample-entitlement, in a project namedsample-project, and in locationglobal, run:gcloud alpha pam entitlements describe sample-entitlement --project = sample-project --location = globalTo describe an entitlement with a name of
sample-entitlement, in a folder with IDFOLDER_IDglobal, run:gcloud alpha pam entitlements describe sample-entitlement --folder = FOLDER_ID --location = globalTo describe an entitlement with a name of
sample-entitlement, in an organization with IDORGANIZATION_IDglobal, run:gcloud alpha pam entitlements describe sample-entitlement --organization = ORGANIZATION_ID --location = globalTo search for and list all entitlements for which you are a requester, in a project named
sample-project, and in locationglobal, run:gcloud alpha pam entitlements search --project = sample-project --location = global --caller-access-type = grant-requesterTo search for and list all entitlements for which you are an approver, in a project named
sample-project, and in locationglobal, run:gcloud alpha pam entitlements search --project = sample-project --location = global --caller-access-type = grant-approverTo search for and list all entitlements for which you are a requester, in a folder with ID
FOLDER_IDglobal, run:gcloud alpha pam entitlements search --folder = FOLDER_ID --location = global --caller-access-type = grant-requesterTo search for and list all entitlements for which you are an approver, in a folder with ID
FOLDER_IDglobal, run:gcloud alpha pam entitlements search --folder = FOLDER_ID --location = global --caller-access-type = grant-approverTo search for and list all entitlements for which you are a requester, in an organization with ID
ORGANIZATION_IDglobal, run:gcloud alpha pam entitlements search --organization = ORGANIZATION_ID --location = global --caller-access-type = grant-requesterTo search for and list all entitlements for which you are an approver, in an organization with ID
ORGANIZATION_IDglobal, run:gcloud alpha pam entitlements search --organization = ORGANIZATION_ID --location = global --caller-access-type = grant-approverTo list all entitlements in a project named
sample-projectand in locationglobal, run:gcloud alpha pam entitlements list --project = sample-project --location = globalTo list all entitlements in a folder with ID
FOLDER_IDglobal, run:gcloud alpha pam entitlements list --folder = FOLDER_ID --location = globalTo list all entitlements in an organization with ID
ORGANIZATION_IDglobal, run:gcloud alpha pam entitlements list --organization = ORGANIZATION_ID --location = globalTo delete an entitlement with a name of
sample-entitlement, in a project namedsample-project, and in locationglobal, run:gcloud alpha pam entitlements delete sample-entitlement --project = sample-project --location = globalTo delete an entitlement with a name of
sample-entitlement, in a folder with IDFOLDER_IDglobal, run:gcloud alpha pam entitlements delete sample-entitlement --folder = FOLDER_ID --location = globalTo delete an entitlement with a name of
sample-entitlement, in an organization with IDORGANIZATION_IDglobal, run:gcloud alpha pam entitlements delete sample-entitlement --organization = ORGANIZATION_ID --location = globalTo export an entitlement with a name of
sample-entitlement, in a project namedsample-project, and in locationglobalto a local YAML file namedsample-entitlement.yaml, run:gcloud alpha pam entitlements export sample-entitlement --project = sample-project --location = global --destination = sample-entitlement.yamlTo export an entitlement with a name of
sample-entitlement, in a folder with IDFOLDER_IDglobalto a local YAML file namedsample-entitlement.yaml, run:gcloud alpha pam entitlements export sample-entitlement --folder = FOLDER_ID --location = global --destination = sample-entitlement.yamlTo export an entitlement with a name of
sample-entitlement, in an organization with IDORGANIZATION_IDglobalto a local YAML file namedsample-entitlement.yaml, run:gcloud alpha pam entitlements export sample-entitlement --organization = ORGANIZATION_ID --location = global --destination = sample-entitlement.yaml - GCLOUD WIDE FLAGS
- These flags are available to all commands:
--help.Run
$ gcloud helpfor details. - COMMANDS
-
COMMAND-
create -
(ALPHA)Create a new Privileged Access Manager (PAM) entitlement. -
delete -
(ALPHA)Delete a Privileged Access Manager (PAM) entitlement. -
describe -
(ALPHA)Show details of a Privileged Access Manager (PAM) entitlement. -
export -
(ALPHA)Export a Privileged Access Manager (PAM) entitlement into a local YAML file. -
list -
(ALPHA)List all Privileged Access Manager (PAM) entitlements under a parent. -
search -
(ALPHA)Search and list all Privileged Access Manager (PAM) entitlements in a parent for which you are a requester/approver. -
update -
(ALPHA)Update an existing Privileged Access Manager (PAM) entitlement.
-
- NOTES
- This command is currently in alpha and might change without notice. If this
command fails with API permission errors despite specifying the correct project,
you might be trying to access an API with an invitation-only early access
allowlist. These variants are also available:
gcloud pam entitlementsgcloud beta pam entitlements
gcloud alpha pam entitlements
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License , and code samples are licensed under the Apache 2.0 License . For details, see the Google Developers Site Policies . Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2026-05-27 UTC.
