- NAME
-
- gcloud alpha compute instance-groups managed test-iam-permissions - test IAM permissions for a Compute Engine managed instance group
- SYNOPSIS
-
-
gcloud alpha compute instance-groups managed test-iam-permissionsNAME--permissions=[PERMISSION,…] [--region=REGION|--zone=ZONE] [GCLOUD_WIDE_FLAG …]
-
- DESCRIPTION
-
(ALPHA)gcloud alpha compute instance-groups managed test-iam-permissionstests the IAM permissions that a caller has on a Compute Engine managed instance group.Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may "fail open" without warning.
- EXAMPLES
-
To test if the caller has
compute.instanceGroupManagers.getandcompute.instanceGroupManagers.updatepermissions on a zonal managed instance groupmy-migin zoneus-central1-a, run:gcloud alpha compute instance-groups managed test-iam-permissions my-mig --zone=us-central1-a --permissions=compute.instanceGroupManagers.get,compute.instanceGroupManagers.updateTo test permissions on a regional managed instance group
my-rmigin regionus-central1, run:gcloud alpha compute instance-groups managed test-iam-permissions my-rmig --region=us-central1 --permissions=compute.instanceGroupManagers.get,compute.instanceGroupManagers.update - POSITIONAL ARGUMENTS
-
NAME- Name of the managed instance group to test IAM permissions for.
- REQUIRED FLAGS
-
--permissions=[PERMISSION,…]- The set of permissions to check for the resource.
- OPTIONAL FLAGS
-
-
At most one of these can be specified:
--region=REGION-
Region of the managed instance group to test IAM permissions for. If not
specified, you might be prompted to select a region (interactive mode only).
A list of regions can be fetched by running:
gcloud compute regions listOverrides the default
compute/regionproperty value for this command invocation. --zone=ZONE-
Zone of the managed instance group to test IAM permissions for. If not
specified, you might be prompted to select a zone (interactive mode only).
A list of zones can be fetched by running:
gcloud compute zones listOverrides the default
compute/zoneproperty value for this command invocation.
-
At most one of these can be specified:
- GCLOUD WIDE FLAGS
-
These flags are available to all commands:
--access-token-file,--account,--billing-project,--configuration,--flags-file,--flatten,--format,--help,--impersonate-service-account,--log-http,--project,--quiet,--trace-token,--user-output-enabled,--verbosity.Run
$ gcloud helpfor details. - NOTES
- This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early access allowlist.
gcloud alpha compute instance-groups managed test-iam-permissions
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2026-06-23 UTC.