Manage permissions
This guide shows you how to grant and manage user permissions using the evroc CLI.
Prerequisites
Before managing permissions, you need:
- The evroc CLI installed and configured. See Install the evroc CLI
- Admin permissions in your organization or project
Grant admin access to a user
Create a permission set to grant a user admin access:
evroc iam permissionset create alice-admin \
--admin \
--email alice@example.com
CLI parameters
<permissionset_id>- (Required) Unique identifier for the permission set. Use a descriptive name likealice-adminorbob-dev.--admin- (Required) Grant admin permissions.--email- (Required) Email address of the user receiving access.
Example: Grant access to multiple users
Grant admin access to team members:
evroc iam permissionset create alice-admin \
--admin \
--email alice@example.com
evroc iam permissionset create bob-admin \
--admin \
--email bob@example.com
List permission sets
View all permission sets in the current project:
evroc iam permissionset list
# alice-admin
# bob-admin
Filter permission sets using label selectors:
evroc iam permissionset list --label-selector "team=frontend"
View permission set details
Get details for a specific permission set:
evroc iam permissionset get alice-admin
Update a permission set
Update a user's email address or permissions:
evroc iam permissionset update alice-admin \
--admin \
--email alice-new@example.com
Add labels to permission sets
Use labels to organize and filter permission sets:
evroc iam permissionset label alice-admin \
-a team=frontend \
-a role=developer
Remove labels:
evroc iam permissionset label alice-admin \
-r team
Revoke access
Delete a permission set to revoke a user's access:
evroc iam permissionset delete alice-admin
Use the --force flag to skip the confirmation prompt:
evroc iam permissionset delete alice-admin --force
Note: Deleting a permission set immediately revokes the user's access. The user can no longer access resources in the project.
Next steps
- Learn about permission sets in detail
- Create a project to organize your resources
- Review the IAM CLI reference for all available commands