gcloud pam grants

NAME
gcloud pam grants - manage Privileged Access Manager grants
SYNOPSIS
gcloud pam grants COMMAND [GCLOUD_WIDE_FLAG]
DESCRIPTION
The gcloud pam grants command group lets you manage Privileged Access Manager (PAM) grants.
EXAMPLES
To create a new grant against an entitlement with the full name ENTITLEMENT_NAME, a requested duration of 1 hour 30 minutes, a justification of some justification, and two additional email recipients [email protected] and [email protected], run:
gcloud pam grants create --entitlement=ENTITLEMENT_NAME --requested-duration=5400s --justification="some justification" --additional-email-recipients=[email protected],[email protected]

To describe a grant with the full name GRANT_NAME, run:

gcloud pam grants describe GRANT_NAME

To list all grants associated with an entitlement with the full name ENTITLEMENT_NAME, run:

gcloud pam grants list --entitlement=ENTITLEMENT_NAME

To deny a grant with the full name GRANT_NAME and a reason denial reason, run:

gcloud pam grants deny GRANT_NAME --reason="denial reason"

To approve a grant with the full name GRANT_NAME and a reason approval reason, run:

gcloud pam grants approve GRANT_NAME --reason="approval reason"

To revoke a grant with the full name GRANT_NAME and a reason revoke reason, run:

gcloud pam grants revoke GRANT_NAME --reason="revoke reason"

To search for and list all grants that you have created that are associated with an entitlement with the full name ENTITLEMENT_NAME, run:

gcloud pam grants search --entitlement=ENTITLEMENT_NAME --caller-relationship=had-created

To search for and list all grants that you have approved or denied, that are associated with an entitlement with the full name ENTITLEMENT_NAME, run:

gcloud pam grants search --entitlement=ENTITLEMENT_NAME --caller-relationship=had-approved

To search for and list all grants that you can approve that are associated with an entitlement with the full name ENTITLEMENT_NAME, run:

gcloud pam grants search --entitlement=ENTITLEMENT_NAME --caller-relationship=can-approve
GCLOUD WIDE FLAGS
These flags are available to all commands: --help.

Run $ gcloud help for details.

COMMANDS
COMMAND is one of the following:
approve
Approve a Privileged Access Manager (PAM) grant.
create
Create a new Privileged Access Manager (PAM) grant.
deny
Deny a Privileged Access Manager (PAM) grant.
describe
Show details of a Privileged Access Manager (PAM) grant.
list
List all Privileged Access Manager (PAM) grants associated with an entitlement.
revoke
Revoke a Privileged Access Manager (PAM) grant.
Search for and list all Privileged Access Manager (PAM) grants you have created, have approved, or can approve.
NOTES
These variants are also available:
gcloud alpha pam grants
gcloud beta pam grants