- NAME
- 
- gcloud iam simulator replay-recent-access - determine affected recent access attempts before IAM policy change deployment
 
- SYNOPSIS
- 
- 
gcloud iam simulator replay-recent-accessRESOURCEPOLICY_FILE[GCLOUD_WIDE_FLAG …]
 
- 
- DESCRIPTION
- Replay the most recent 1,000 access logs from the past 90 days using the simulated policy. For each log entry, the replay determines if setting the provided policy on the given resource would result in a change in the access state, e.g. a previously granted access becoming denied. Any differences found are returned.
- EXAMPLES
- 
To simulate a permission change of a member on a resource, run:
gcloud iam simulator replay-recent-access projects/project-id path/to/policy_file.jsonSee https://cloud.google.com/iam/docs/managing-policies for details of policy role and member types. 
- POSITIONAL ARGUMENTS
- 
- RESOURCE
- 
Full resource name to simulate the IAM policy for.
See: https://cloud.google.com/apis/design/resource_names#full_resource_name. 
- POLICY_FILE
- 
Path to a local JSON or YAML formatted file containing a valid policy.
The output of the get-iam-policycommand is a valid file, as is any JSON or YAML file conforming to the structure of a Policy. See the Policy reference for details.
 
- GCLOUD WIDE FLAGS
- 
These flags are available to all commands: --access-token-file,--account,--billing-project,--configuration,--flags-file,--flatten,--format,--help,--impersonate-service-account,--log-http,--project,--quiet,--trace-token,--user-output-enabled,--verbosity.Run $ gcloud helpfor details.
      gcloud iam simulator replay-recent-access
  
  
  Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-05-07 UTC.