Skip to main content

Google Cloud CLI (gcloud) IAM & Permissions Cheat Sheet 2026

2 min read

Google Cloud CLI (gcloud) — IAM & Permissions Cheat Sheet 2026

Google Cloud CLI (gcloud) IAM & Permissions Cheat Sheet is the complete quick-reference of Google Cloud CLI (gcloud) IAM & Permissions commands grouped by function. Copy any command with one click and find what you need with Ctrl+F in under 3 seconds.

IAM & Permissions

Action Command Useful flags
Iam list-testable-permissions 
gcloud iam list-testable-permissions <uri>
 -testable-permissions
Iam list-testable-permissions 
gcloud iam list-testable-permissions
 -testable-permissions
Resource-manager folders 
gcloud resource-manager folders get-iam-policy $FOLDER_ID
 -iam-policy -manager
Resource-manager folders 
gcloud resource-manager folders add-iam-policy-binding ${folder_id}
-iam-policy-binding -manager
Iam roles 
gcloud iam roles describe roles/container.admin
Iam list-grantable-roles 
gcloud iam list-grantable-roles <uri>
 -grantable-roles
Iam list-grantable-roles 
gcloud iam list-grantable-roles //cloudresourcemanager.googleapis.com/projects/$PROJECT_ID
 -grantable-roles
Iam list-grantable-roles 
gcloud iam list-grantable-roles https://www.googleapis.com/compute/v1/projects/$PROJECT_ID/zones/us-central1-a/instances/iowa1
 -central1-a -grantable-roles
Iam service-accounts 
gcloud iam service-accounts create jenkins --display-name jenkins
 --display-name -accounts
List 
gcloud iam service-accounts list
 -accounts
Iam service-accounts 
gcloud iam service-accounts list   --filter='email ~ [0-9]*-compute@.*'   --format='table(email)'
 --filter --format -accounts -compute

⚠️ Dangerous / Destructive Commands

These commands are irreversible. Verify your environment (dev/staging vs prod) before running them.

Action Command Warning
⚠️ Iam service-accounts 
gcloud iam service-accounts list   --filter='email ~ [0-9]*-compute@.*'   --format='table(email)'
 Irreversible — verify the target before running

FAQ — Frequently Asked Questions

What is the difference between IAM & Permissions and the other groups?

Each group in this Google Cloud CLI (gcloud) cheat sheet covers a distinct area. IAM & Permissions focuses on its specific scope, while the other groups and the remaining groups cover networking, storage, security and diagnostics respectively.

How do I check the installed Google Cloud CLI (gcloud) version?

Run the version command (usually google version or google --version). The output shows the client and, when applicable, the server version.

Why does Google Cloud CLI (gcloud) return ‘permission denied’?

A ‘permission denied’ error in Google Cloud CLI (gcloud) usually means the current user lacks sufficient privileges or credentials are not configured. Check: (1) assigned IAM/RBAC roles, (2) an active authentication context via the corresponding login command.

How do I filter Google Cloud CLI (gcloud) output by status or name?

Use flags such as --filter, --selector or --query depending on the tool. You can also pipe into grep or jq to process JSON: 

google list | grep RUNNING

What is the fastest way to debug a Google Cloud CLI (gcloud) error?

Add the verbose flag (--verbose, -v or --debug) to the failing command. This reveals the underlying HTTP/API calls and the full error response body.

Official sources & references

Commands cross-checked against vendor documentation and high-authority repositories: