Console
    Start free

    gcloud beta pam grants

    NAME
    gcloud beta pam grants - manage Privileged Access Manager grants
    SYNOPSIS
    gcloud beta pam grants COMMAND [ GCLOUD_WIDE_FLAG ]
    DESCRIPTION
    (BETA) The gcloud pam grants command group lets you manage Privileged Access Manager (PAM) grants.
    EXAMPLES
    To create a new grant against an entitlement with the full name ENTITLEMENT_NAME , a requested duration of 1 hour 30 minutes , a justification of some justification , and two additional email recipients abc@example.com and xyz@example.com , run: 
      gcloud  
beta  
pam  
grants  
create 
  
 --entitlement 
 = 
ENTITLEMENT_NAME  
 --requested-duration 
 = 
5400s  
 --justification 
 = 
 "some justification" 
  
 --additional-email-recipients 
 = 
abc@example.com,xyz@example.com

    To describe a grant with the full name GRANT_NAME , run:

      gcloud  
beta  
pam  
grants  
describe 
  
GRANT_NAME

    To list all grants associated with an entitlement with the full name ENTITLEMENT_NAME , run:

      gcloud  
beta  
pam  
grants  
list 
  
 --entitlement 
 = 
ENTITLEMENT_NAME

    To deny a grant with the full name GRANT_NAME and a reason denial reason , run:

      gcloud  
beta  
pam  
grants  
deny 
  
GRANT_NAME  
 --reason 
 = 
 "denial reason"

    To approve a grant with the full name GRANT_NAME and a reason approval reason , run:

      gcloud  
beta  
pam  
grants  
approve 
  
GRANT_NAME  
 --reason 
 = 
 "approval reason"

    To revoke a grant with the full name GRANT_NAME and a reason revoke reason , run:

      gcloud  
beta  
pam  
grants  
revoke 
  
GRANT_NAME  
 --reason 
 = 
 "revoke reason"

    To search for and list all grants that you have created that are associated with an entitlement with the full name ENTITLEMENT_NAME , run:

      gcloud  
beta  
pam  
grants  
search 
  
 --entitlement 
 = 
ENTITLEMENT_NAME  
 --caller-relationship 
 = 
had-created

    To search for and list all grants that you have approved or denied, that are associated with an entitlement with the full name ENTITLEMENT_NAME , run:

      gcloud  
beta  
pam  
grants  
search 
  
 --entitlement 
 = 
ENTITLEMENT_NAME  
 --caller-relationship 
 = 
had-approved

    To search for and list all grants that you can approve that are associated with an entitlement with the full name ENTITLEMENT_NAME , run:

      gcloud  
beta  
pam  
grants  
search 
  
 --entitlement 
 = 
ENTITLEMENT_NAME  
 --caller-relationship 
 = 
can-approve

    To withdraw a grant with the full name GRANT_NAME , run:

      gcloud  
beta  
pam  
grants  
withdraw 
  
GRANT_NAME
    GCLOUD WIDE FLAGS
    These flags are available to all commands: --help .

    Run $ gcloud help for details.

    COMMANDS
    COMMAND is one of the following:
    approve
    (BETA) Approve a Privileged Access Manager (PAM) grant.
    create
    (BETA) Create a new Privileged Access Manager (PAM) grant.
    deny
    (BETA) Deny a Privileged Access Manager (PAM) grant.
    describe
    (BETA) Show details of a Privileged Access Manager (PAM) grant.
    list
    (BETA) List all Privileged Access Manager (PAM) grants associated with an entitlement.
    revoke
    (BETA) Revoke a Privileged Access Manager (PAM) grant.
    (BETA) Search for and list all Privileged Access Manager (PAM) grants you have created, have approved, or can approve.
    withdraw
    (BETA) Withdraw a Privileged Access Manager (PAM) grant.
    NOTES
    This command is currently in beta and might change without notice. These variants are also available: 
      gcloud  
pam  
grants 
 

      gcloud  
alpha  
pam  
grants
    Create a Mobile Website
    View Site in Mobile | Classic
    Share by: