NAME
    gcloud iam principal-access-boundary-policies update - update
        PrincipalAccessBoundaryPolicy instance

SYNOPSIS
    gcloud iam principal-access-boundary-policies update
        (PRINCIPAL_ACCESS_BOUNDARY_POLICY
          : --location=LOCATION --organization=ORGANIZATION) [--async]
        [--display-name=DISPLAY_NAME] [--etag=ETAG]
        [--annotations=[ANNOTATIONS,...]
          | --update-annotations=[UPDATE_ANNOTATIONS,...] --clear-annotations
          | --remove-annotations=REMOVE_ANNOTATIONS]
        [--clear-details
          --details-enforcement-version=DETAILS_ENFORCEMENT_VERSION
          --details-rules=[description=DESCRIPTION],
          [effect=EFFECT],[resources=RESOURCES]
          | --add-details-rules=[description=DESCRIPTION],
          [effect=EFFECT],[resources=RESOURCES] --clear-details-rules
          | --remove-details-rules=[description=DESCRIPTION],
          [effect=EFFECT],[resources=RESOURCES]] [GCLOUD_WIDE_FLAG ...]

DESCRIPTION
    Update PrincipalAccessBoundaryPolicy instance.

EXAMPLES
    To update display name of my-policy in organization 123, run:

        $ gcloud iam principal-access-boundary-policies update my-policy \
            --organization=123 --location=global \
            --display-name=new-display-name

POSITIONAL ARGUMENTS
     PrincipalAccessBoundaryPolicy resource - Identifier. The resource name of
     the principal access boundary policy.

     The following format is supported:
     organizations/{organization_id}/locations/{location}/principalAccessBoundaryPolicies/{policy_id}
     The arguments in this group can be used to specify the attributes of this
     resource.

     This must be specified.

       PRINCIPAL_ACCESS_BOUNDARY_POLICY
          ID of the principalAccessBoundaryPolicy or fully qualified identifier
          for the principalAccessBoundaryPolicy.

          To set the principal_access_boundary_policy attribute:
          ▸ provide the argument principal_access_boundary_policy on the
            command line.

          This positional argument must be specified if any of the other
          arguments in this group are specified.

       --location=LOCATION
          The location id of the principalAccessBoundaryPolicy resource.

          To set the location attribute:
          ▸ provide the argument principal_access_boundary_policy on the
            command line with a fully specified name;
          ▸ provide the argument --location on the command line.

       --organization=ORGANIZATION
          The organization id of the principalAccessBoundaryPolicy resource.

          To set the organization attribute:
          ▸ provide the argument principal_access_boundary_policy on the
            command line with a fully specified name;
          ▸ provide the argument --organization on the command line.

FLAGS
     --async
        Return immediately, without waiting for the operation in progress to
        complete.

     --display-name=DISPLAY_NAME
        The description of the principal access boundary policy. Must be less
        than or equal to 63 characters.

     --etag=ETAG
        The etag for the principal access boundary. If this is provided on
        update, it must match the server's etag.

     Update annotations.

     At most one of these can be specified:

       --annotations=[ANNOTATIONS,...]
          Set annotations to new value. User defined annotations. See
          https://google.aip.dev/148#annotations for more details such as
          format and size limitations.

           KEY
              Sets KEY value.

           VALUE
              Sets VALUE value.

          Shorthand Example:

              --annotations=string=string

          JSON Example:

              --annotations='{"string": "string"}'

          File Example:

              --annotations=path_to_file.(yaml|json)

       Or at least one of these can be specified:

         --update-annotations=[UPDATE_ANNOTATIONS,...]
            Update annotations value or add key value pair. User defined
            annotations. See https://google.aip.dev/148#annotations for more
            details such as format and size limitations.

             KEY
                Sets KEY value.

             VALUE
                Sets VALUE value.

            Shorthand Example:

                --update-annotations=string=string

            JSON Example:

                --update-annotations='{"string": "string"}'

            File Example:

                --update-annotations=path_to_file.(yaml|json)

         At most one of these can be specified:

           --clear-annotations
              Clear annotations value and set to empty map.

           --remove-annotations=REMOVE_ANNOTATIONS
              Remove existing value from map annotations. Sets
              remove_annotations value.

              Shorthand Example:

                  --remove-annotations=string,string

              JSON Example:

                  --remove-annotations=["string"]

              File Example:

                  --remove-annotations=path_to_file.(yaml|json)

     Principal access boundary policy details

     --clear-details
        Set googleIamV3PrincipalAccessBoundaryPolicy.details back to default
        value.

     --details-enforcement-version=DETAILS_ENFORCEMENT_VERSION
        The version number (for example, 1 or latest) that indicates which
        permissions are able to be blocked by the policy. If empty, the PAB
        policy version will be set to the most recent version number at the
        time of the policy's creation.

     Update details_rules.

     At most one of these can be specified:

       --details-rules=[description=DESCRIPTION],[effect=EFFECT],[resources=RESOURCES]
          Set details_rules to new value. A list of principal access boundary
          policy rules. The number of rules in a policy is limited to 500.

           description
              The description of the principal access boundary policy rule.
              Must be less than or equal to 256 characters.

           effect
              The access relationship of principals to the resources in this
              rule.

           resources
              A list of Resource Manager resources. If a resource is listed in
              the rule, then the rule applies for that resource and its
              descendants. The number of resources in a policy is limited to
              500 across all rules in the policy.

              The following resource types are supported:

              ▫ Organizations, such as
                //cloudresourcemanager.googleapis.com/organizations/123.
              ▫ Folders, such as
                //cloudresourcemanager.googleapis.com/folders/123.
              ▫ Projects, such as
                //cloudresourcemanager.googleapis.com/projects/123 or
                //cloudresourcemanager.googleapis.com/projects/my-project-id.

          Shorthand Example:

              --details-rules=description=string,effect=string,resources=[string] --details-rules=description=string,effect=string,resources=[string]

          JSON Example:

              --details-rules='[{"description": "string", "effect": "string", "resources": ["string"]}]'

          File Example:

              --details-rules=path_to_file.(yaml|json)

       Or at least one of these can be specified:

         --add-details-rules=[description=DESCRIPTION],[effect=EFFECT],[resources=RESOURCES]
            Add new value to details_rules list. A list of principal access
            boundary policy rules. The number of rules in a policy is limited
            to 500.

             description
                The description of the principal access boundary policy rule.
                Must be less than or equal to 256 characters.

             effect
                The access relationship of principals to the resources in this
                rule.

             resources
                A list of Resource Manager resources. If a resource is listed
                in the rule, then the rule applies for that resource and its
                descendants. The number of resources in a policy is limited to
                500 across all rules in the policy.

                The following resource types are supported:

                ◇ Organizations, such as
                  //cloudresourcemanager.googleapis.com/organizations/123.
                ◇ Folders, such as
                  //cloudresourcemanager.googleapis.com/folders/123.
                ◇ Projects, such as
                  //cloudresourcemanager.googleapis.com/projects/123 or
                  //cloudresourcemanager.googleapis.com/projects/my-project-id.

            Shorthand Example:

                --add-details-rules=description=string,effect=string,resources=[string] --add-details-rules=description=string,effect=string,resources=[string]

            JSON Example:

                --add-details-rules='[{"description": "string", "effect": "string", "resources": ["string"]}]'

            File Example:

                --add-details-rules=path_to_file.(yaml|json)

         At most one of these can be specified:

           --clear-details-rules
              Clear details_rules value and set to empty list.

           --remove-details-rules=[description=DESCRIPTION],[effect=EFFECT],[resources=RESOURCES]
              Remove existing value from details_rules list. A list of
              principal access boundary policy rules. The number of rules in a
              policy is limited to 500.

               description
                  The description of the principal access boundary policy rule.
                  Must be less than or equal to 256 characters.

               effect
                  The access relationship of principals to the resources in
                  this rule.

               resources
                  A list of Resource Manager resources. If a resource is listed
                  in the rule, then the rule applies for that resource and its
                  descendants. The number of resources in a policy is limited
                  to 500 across all rules in the policy.

                  The following resource types are supported:

                  ▹ Organizations, such as
                    //cloudresourcemanager.googleapis.com/organizations/123.
                  ▹ Folders, such as
                    //cloudresourcemanager.googleapis.com/folders/123.
                  ▹ Projects, such as
                    //cloudresourcemanager.googleapis.com/projects/123 or
                    //cloudresourcemanager.googleapis.com/projects/my-project-id.

              Shorthand Example:

                  --remove-details-rules=description=string,effect=string,resources=[string] --remove-details-rules=description=string,effect=string,resources=[string]

              JSON Example:

                  --remove-details-rules='[{"description": "string", "effect": "string", "resources": ["string"]}]'

              File Example:

                  --remove-details-rules=path_to_file.(yaml|json)

GCLOUD WIDE FLAGS
    These flags are available to all commands: --access-token-file, --account,
    --billing-project, --configuration, --flags-file, --flatten, --format,
    --help, --impersonate-service-account, --log-http, --project, --quiet,
    --trace-token, --user-output-enabled, --verbosity.

    Run $ gcloud help for details.

API REFERENCE
    This command uses the iam/v3 API. The full documentation for this API can
    be found at: https://cloud.google.com/iam/

NOTES
    This variant is also available:

        $ gcloud beta iam principal-access-boundary-policies update

