NAME
    gcloud iam principal-access-boundary-policies create - create
        PrincipalAccessBoundaryPolicy instance

SYNOPSIS
    gcloud iam principal-access-boundary-policies create
        (PRINCIPAL_ACCESS_BOUNDARY_POLICY
          : --location=LOCATION --organization=ORGANIZATION)
        [--annotations=[ANNOTATIONS,...]] [--async]
        [--display-name=DISPLAY_NAME] [--etag=ETAG]
        [[--details-rules=[description=DESCRIPTION],
          [effect=EFFECT],[resources=RESOURCES]
          : --details-enforcement-version=DETAILS_ENFORCEMENT_VERSION]]
        [GCLOUD_WIDE_FLAG ...]

DESCRIPTION
    Create PrincipalAccessBoundaryPolicy instance.

EXAMPLES
    To create a policy instance called my-policy, run:

        $ gcloud iam principal-access-boundary-policies create my-policy \
            --organization=123 --location=global

POSITIONAL ARGUMENTS
     PrincipalAccessBoundaryPolicy resource - Identifier. The resource name of
     the principal access boundary policy.

     The following format is supported:
     organizations/{organization_id}/locations/{location}/principalAccessBoundaryPolicies/{policy_id}
     The arguments in this group can be used to specify the attributes of this
     resource.

     This must be specified.

       PRINCIPAL_ACCESS_BOUNDARY_POLICY
          ID of the principalAccessBoundaryPolicy or fully qualified identifier
          for the principalAccessBoundaryPolicy.

          To set the principal_access_boundary_policy attribute:
          ▸ provide the argument principal_access_boundary_policy on the
            command line.

          This positional argument must be specified if any of the other
          arguments in this group are specified.

       --location=LOCATION
          The location id of the principalAccessBoundaryPolicy resource.

          To set the location attribute:
          ▸ provide the argument principal_access_boundary_policy on the
            command line with a fully specified name;
          ▸ provide the argument --location on the command line.

       --organization=ORGANIZATION
          The organization id of the principalAccessBoundaryPolicy resource.

          To set the organization attribute:
          ▸ provide the argument principal_access_boundary_policy on the
            command line with a fully specified name;
          ▸ provide the argument --organization on the command line.

FLAGS
     --annotations=[ANNOTATIONS,...]
        User defined annotations. See https://google.aip.dev/148#annotations
        for more details such as format and size limitations.

         KEY
            Sets KEY value.

         VALUE
            Sets VALUE value.

        Shorthand Example:

            --annotations=string=string

        JSON Example:

            --annotations='{"string": "string"}'

        File Example:

            --annotations=path_to_file.(yaml|json)

     --async
        Return immediately, without waiting for the operation in progress to
        complete.

     --display-name=DISPLAY_NAME
        The description of the principal access boundary policy. Must be less
        than or equal to 63 characters.

     --etag=ETAG
        The etag for the principal access boundary. If this is provided on
        update, it must match the server's etag.

     Principal access boundary policy details

       --details-rules=[description=DESCRIPTION],[effect=EFFECT],[resources=RESOURCES]
          Required, A list of principal access boundary policy rules. The
          number of rules in a policy is limited to 500.

           description
              The description of the principal access boundary policy rule.
              Must be less than or equal to 256 characters.

           effect
              The access relationship of principals to the resources in this
              rule.

           resources
              A list of Cloud Resource Manager resources. The resource and all
              the descendants are included. The number of resources in a policy
              is limited to 500 across all rules.

              The following resource types are supported:

              ▫ Organizations, such as
                //cloudresourcemanager.googleapis.com/organizations/123.
              ▫ Folders, such as
                //cloudresourcemanager.googleapis.com/folders/123.
              ▫ Projects, such as
                //cloudresourcemanager.googleapis.com/projects/123 or
                //cloudresourcemanager.googleapis.com/projects/my-project-id.

          Shorthand Example:

              --details-rules=description=string,effect=string,resources=["string"] --details-rules=description=string,effect=string,resources=["string"]

          JSON Example:

              --details-rules='[{"description": "string", "effect": "string", "resources": ["string"]}]'

          File Example:

              --details-rules=path_to_file.(yaml|json)

          This flag argument must be specified if any of the other arguments in
          this group are specified.

       --details-enforcement-version=DETAILS_ENFORCEMENT_VERSION
          The version number that indicates which Google Cloud services are
          included in the enforcement (e.g. "latest", "1", ...). If empty, the
          PAB policy version will be set to the current latest version, and
          this version won't get updated when new versions are released.

GCLOUD WIDE FLAGS
    These flags are available to all commands: --access-token-file, --account,
    --billing-project, --configuration, --flags-file, --flatten, --format,
    --help, --impersonate-service-account, --log-http, --project, --quiet,
    --trace-token, --user-output-enabled, --verbosity.

    Run $ gcloud help for details.

API REFERENCE
    This command uses the iam/v3 API. The full documentation for this API can
    be found at: https://cloud.google.com/iam/

NOTES
    This variant is also available:

        $ gcloud beta iam principal-access-boundary-policies create

