NAME
    gcloud alpha iap web set-iam-policy - set the IAM policy for an IAP IAM
        resource

SYNOPSIS
    gcloud alpha iap web set-iam-policy POLICY_FILE
        [--region=REGION --resource-type=RESOURCE_TYPE
          --service=SERVICE --version=VERSION --agent=AGENT
          | --endpoint=ENDPOINT | --mcp-server=MCP_SERVER]
        [GCLOUD_WIDE_FLAG ...]

DESCRIPTION
    (ALPHA) This command replaces the existing IAM policy for an IAP IAM
    resource, given a file encoded in JSON or YAML that contains the IAM
    policy. If the given policy file specifies an "etag" value, then the
    replacement will succeed only if the policy already in place matches that
    etag. (An etag obtained via $ gcloud alpha iap web get-iam-policy will
    prevent the replacement if the policy for the resource has been
    subsequently updated.) A policy file that does not contain an etag value
    will replace any existing policy for the resource.

EXAMPLES
    To set the IAM policy for the web accesses to the IAP protected resources
    within the active project, run:

        $ gcloud alpha iap web set-iam-policy POLICY_FILE

    To set the IAM policy for the web accesses to the IAP protected resources
    within a project, run:

        $ gcloud alpha iap web set-iam-policy POLICY_FILE \
            --project=PROJECT_ID

    To set the IAM policy for the web accesses to the IAP protected resources
    within an App Engine application, run:

        $ gcloud alpha iap web set-iam-policy POLICY_FILE \
            --resource-type=app-engine

    To set the IAM policy for the web accesses to the IAP protected resources
    within an App Engine service, run:

        $ gcloud alpha iap web set-iam-policy POLICY_FILE \
            --resource-type=app-engine --service=SERVICE_ID

    To set the IAM policy for the web accesses to the IAP protected resources
    within an App Engine service version, run:

        $ gcloud alpha iap web set-iam-policy POLICY_FILE \
            --resource-type=app-engine --service=SERVICE_ID \
            --version=VERSION

    To set the IAM policy for the web accesses to the IAP protected resources
    within all backend services, run:

        $ gcloud alpha iap web set-iam-policy POLICY_FILE \
            --resource-type=backend-services

    To set the IAM policy for the web accesses to the IAP protected resources
    within a backend service, run:

        $ gcloud alpha iap web set-iam-policy POLICY_FILE \
            --resource-type=backend-services --service=SERVICE_ID

    To set the IAM policy for the web accesses to the IAP protected resources
    within a regional backend service, run:

        $ gcloud alpha iap web set-iam-policy POLICY_FILE \
            --resource-type=backend-services --service=SERVICE_ID \
            --region=REGION

    To set the IAM policy for the web accesses to the IAP protected resources
    within a Cloud Run service, run:

        $ gcloud alpha iap web set-iam-policy POLICY_FILE \
            --resource-type=cloud-run --service=SERVICE_ID --region=REGION

POSITIONAL ARGUMENTS
     POLICY_FILE
        JSON or YAML file containing the IAM policy.

FLAGS
     --region=REGION
        Region name. Not applicable for resource-type=app-engine. Required when
        resource-type=backend-services and regional scoped. Not applicable for
        global backend-services. Required when resource-type=cloud-run.

     --resource-type=RESOURCE_TYPE
        Resource type of the IAP resource. RESOURCE_TYPE must be one of:
        app-engine, backend-services, forwarding-rule, cloud-run,
        agent-registry.

     --service=SERVICE
        Service name.

     --version=VERSION
        Service version. Should only be specified with
        --resource-type=app-engine.

     At most one of these can be specified:

       --agent=AGENT
          Agent ID for the agent-registry resource type.

       --endpoint=ENDPOINT
          Endpoint ID for the agent-registry resource type.

       --mcp-server=MCP_SERVER
          MCP server ID for the agent-registry resource type.

GCLOUD WIDE FLAGS
    These flags are available to all commands: --access-token-file, --account,
    --billing-project, --configuration, --flags-file, --flatten, --format,
    --help, --impersonate-service-account, --log-http, --project, --quiet,
    --trace-token, --user-output-enabled, --verbosity.

    Run $ gcloud help for details.

NOTES
    This command is currently in alpha and might change without notice. If this
    command fails with API permission errors despite specifying the correct
    project, you might be trying to access an API with an invitation-only early
    access allowlist. These variants are also available:

        $ gcloud iap web set-iam-policy

        $ gcloud beta iap web set-iam-policy

