How do I list and view users' permissions with gcloud?

Question

If I go to "IAM & admin" in the google cloud console and select the "IAM" tab on the left I see a list of users (username@mydomain).

How do I list these users with gcloud? And how do I see what access a user has been given with gcloud?

I have not been able to find out how to do this in the terrible google docs.

Answer 1

I believe you'll find some answers on this Stack Overflow thread. Good luck! The docs took me a bit to grok, too. Usually assembling search engine strings like gcloud [title of console tool i was trying to find a CLI version of] seems to work.

EDIT, 3 years later!

The command you're looking for is get-iam-policy:

gcloud projects get-iam-policy <project-id>

# Example:
gcloud projects get-iam-policy my-fancy-project

This is assuming, of course, that the IAM permissions are assigned to the users at the project level. You may also want to use get-ancestors-iam-policy, which includes project AND inherited roles from the folder and org levels:

gcloud projects get-ancestors-iam-policy <project-id>

# Example:
gcloud projects get-ancestors-iam-policy my-fancy-project

EDIT 2: Props to @jelle-den-burger for following up about the get-ancestors-iam-policy command, added in v311.0.0 in Sept 2020.

Answer 2

The accepted answer is correct and you do indeed get the permissions. But when you look into the Google Cloud Console online, there might be many more permissions applied, coming from the Folder & Organizations level.

Luckily Google thought about this and they also offer a get-ancestors-iam-policy command. You use it as such:

gcloud projects get-ancestors-iam-policy <project-id>

# Example:
gcloud projects get-ancestors-iam-policy my-fancy-project

It will returns all permissions: on the Project, Folder, and Organization level, just as you would in the Google Cloud Console.