NAME
    gcloud alpha access-context-manager policies create - create a new access
        policy

SYNOPSIS
    gcloud alpha access-context-manager policies create
        --organization=ORGANIZATION --title=TITLE [--async]
        [--scopes=[SCOPES,...]] [GCLOUD_WIDE_FLAG ...]

DESCRIPTION
    (ALPHA) Create a new Access Context Manager policy. An Access Context
    Manager policy, also known as an access policy, is a container for access
    levels and VPC Service Controls service perimeters.

    You can optionally specify either a folder or a project as a scope of an
    access policy. A scoped policy only allows projects under that scope to be
    restricted by any service perimeters defined with that policy. The scope
    must be within the organization that this policy is associated with. You
    can specify only one folder or project as the scope for an access policy.
    If you don't specify a scope, then the scope extends to the entire
    organization and any projects within the organization can be added to
    service perimeters in this policy.

    This command only creates an access policy. Access levels and service
    perimeters need to be created explicitly.

EXAMPLES
    To create an access policy that applies to the entire organization, run:

        $ gcloud alpha access-context-manager policies create \
            --organization=organizations/123 --title="My Policy"

    To create an access policy that applies to the folder with the ID 345, run:

        $ gcloud alpha access-context-manager policies create \
            --organization=organizations/123 --scopes=folders/345 \
            --title="My Folder Policy"

    Only projects within this folder can be added to service perimeters within
    this policy.

    To create an access policy that applies only to the project with the
    project number 567, run:

        $ gcloud alpha access-context-manager policies create \
            --organization=organizations/123 --scopes=projects/567 \
            --title="My Project Policy"

REQUIRED FLAGS
     --organization=ORGANIZATION
        Parent organization for the access policies.

     --title=TITLE
        Short human-readable title of the access policy.

OPTIONAL FLAGS
     --async
        Return immediately, without waiting for the operation in progress to
        complete.

     --scopes=[SCOPES,...]
        Folder or project on which this policy is applicable. You can specify
        only one folder or project as the scope and the scope must exist within
        the specified organization. If you don't specify a scope, the policy
        applies to the entire organization.

GCLOUD WIDE FLAGS
    These flags are available to all commands: --access-token-file, --account,
    --billing-project, --configuration, --flags-file, --flatten, --format,
    --help, --impersonate-service-account, --log-http, --project, --quiet,
    --trace-token, --user-output-enabled, --verbosity.

    Run $ gcloud help for details.

API REFERENCE
    This command uses the accesscontextmanager/v1alpha API. The full
    documentation for this API can be found at:
    https://cloud.google.com/access-context-manager/docs/reference/rest/

NOTES
    This command is currently in alpha and might change without notice. If this
    command fails with API permission errors despite specifying the correct
    project, you might be trying to access an API with an invitation-only early
    access allowlist. These variants are also available:

        $ gcloud access-context-manager policies create

        $ gcloud beta access-context-manager policies create

