NAME
    gcloud beta asset search-all-iam-policies - searches all IAM policies
        within the specified accessible scope, such as a project, folder or
        organization

SYNOPSIS
    gcloud beta asset search-all-iam-policies [--query=QUERY] [--scope=SCOPE]
        [--filter=EXPRESSION] [--limit=LIMIT] [--page-size=PAGE_SIZE]
        [--sort-by=[FIELD,...]] [GCLOUD_WIDE_FLAG ...]

DESCRIPTION
    (BETA) Searches all IAM policies within the specified scope, such as a
    project, folder or organization. The caller must be granted the
    cloudasset.assets.searchAllIamPolicies permission on the desired scope.

    Note: The query is compared against each IAM policy binding, including its
    principals, roles and conditions. The returned IAM policies, will only
    contain the bindings that match your query. To learn more about the IAM
    policy structure, see the IAM policy documentation
    (https://cloud.google.com/iam/help/allow-policies/structure).

EXAMPLES
    To search all the IAM policies that specify amy@mycompany.com within
    organizations/123456, ensure the caller has been granted the
    cloudasset.assets.searchAllIamPolicies permission on the organization and
    run:

        $ gcloud beta asset search-all-iam-policies \
            --scope='organizations/123456' \
            --query='policy:amy@mycompany.com'

FLAGS
     --query=QUERY
        Query statement. See how to construct a query
        (https://cloud.google.com/asset-inventory/docs/searching-iam-policies#how_to_construct_a_query)
        for more information. If not specified or empty, it will search all the
        IAM policies within the specified scope. Note that the query string is
        compared against each Cloud IAM policy binding, including its
        principals, roles, and Cloud IAM conditions. The returned Cloud IAM
        policies will only contain the bindings that match your query. To learn
        more about the IAM policy structure, see the IAM policy documentation
        (https://cloud.google.com/iam/help/allow-policies/structure).

        Examples:

        ◆ policy:amy@gmail.com to find IAM policy bindings that specify user
          amy@gmail.com.
        ◆ policy:roles/compute.admin to find IAM policy bindings that specify
          the Compute Admin role.
        ◆ policy:comp* to find IAM policy bindings that contain comp as a
          prefix of any word in the binding.
        ◆ policy.role.permissions:storage.buckets.update to find IAM policy
          bindings that specify a role containing the storage.buckets.update
          permission. Note that if callers haven't been granted the
          iam.roles.get permission for a role's included permissions, policy
          bindings that specify this role will be dropped from the search
          results.
        ◆ policy.role.permissions:upd* to find IAM policy bindings that
          specify a role containing upd as a prefix of any word in the role
          permission. Note that if callers haven't been granted the
          iam.roles.get permission for a role's included permissions, policy
          bindings that specify this role will be dropped from the search
          results.
        ◆ resource:organizations/123456 to find IAM policy bindings that are
          set on organizations/123456.
        ◆ resource=//cloudresourcemanager.googleapis.com/projects/myproject
          to find IAM policy bindings that are set on the project named
          myproject.
        ◆ Important to find IAM policy bindings that contain Important as a
          word in any of the searchable fields (except for the included
          permissions).
        ◆ resource:(instance1 OR instance2) policy:amy to find IAM policy
          bindings that are set on resources instance1 or instance2 and also
          specify user amy.
        ◆ roles:roles/compute.admin to find IAM policy bindings that specify
          the Compute Admin role.
        ◆ memberTypes:user to find IAM policy bindings that contain the user
          principal type.

     --scope=SCOPE
        Scope can be a project, a folder, or an organization. The search is
        limited to the IAM policies within this scope. The caller must be
        granted the cloudasset.assets.searchAllIamPolicies permission on the
        desired scope. If not specified, the configured project property
        (https://cloud.google.com//sdk/docs/configurations#setting_configuration_properties)
        will be used. To find the configured project, run: gcloud config get
        project. To change the setting, run: gcloud config set project
        PROJECT_ID.

        The allowed values are:

        ◆ projects/{PROJECT_ID} (e.g. projects/foo-bar)
        ◆ projects/{PROJECT_NUMBER} (e.g. projects/12345678)
        ◆ folders/{FOLDER_NUMBER} (e.g. folders/1234567)
        ◆ organizations/{ORGANIZATION_NUMBER} (e.g. organizations/123456)

LIST COMMAND FLAGS
     --filter=EXPRESSION
        Apply a Boolean filter EXPRESSION to each resource item to be listed.
        If the expression evaluates True, then that item is listed. For more
        details and examples of filter expressions, run $ gcloud topic filters.
        This flag interacts with other flags that are applied in this order:
        --flatten, --sort-by, --filter, --limit.

     --limit=LIMIT
        Maximum number of resources to list. The default is unlimited. This
        flag interacts with other flags that are applied in this order:
        --flatten, --sort-by, --filter, --limit.

     --page-size=PAGE_SIZE
        Some services group resource list output into pages. This flag
        specifies the maximum number of resources per page. The default is
        determined by the service if it supports paging, otherwise it is
        unlimited (no paging). Paging may be applied before or after --filter
        and --limit depending on the service.

     --sort-by=[FIELD,...]
        Comma-separated list of resource field key names to sort by. The
        default order is ascending. Prefix a field with ``~'' for descending
        order on that field. This flag interacts with other flags that are
        applied in this order: --flatten, --sort-by, --filter, --limit.

GCLOUD WIDE FLAGS
    These flags are available to all commands: --access-token-file, --account,
    --billing-project, --configuration, --flags-file, --flatten, --format,
    --help, --impersonate-service-account, --log-http, --project, --quiet,
    --trace-token, --user-output-enabled, --verbosity.

    Run $ gcloud help for details.

NOTES
    This command is currently in beta and might change without notice. This
    variant is also available:

        $ gcloud asset search-all-iam-policies

