diff --git a/docs/d/google_iam_policy.html.markdown b/docs/d/google_iam_policy.html.markdown
index fe0c4dcab54..8d263159768 100644
--- a/docs/d/google_iam_policy.html.markdown
+++ b/docs/d/google_iam_policy.html.markdown
@@ -26,7 +26,7 @@ data "google_iam_policy" "admin" {
role = "roles/storage.objectViewer"
members = [
- "user:evanbrown@google.com",
+ "user:jane@example.com",
]
}
}
@@ -53,11 +53,15 @@ each accept the following arguments:
* `role` (Required) - The role/permission that will be granted to the members.
See the [IAM Roles](https://cloud.google.com/compute/docs/access/iam) documentation for a complete list of roles.
-* `members` (Required) - An array of users/principals that will be granted
- the privilege in the `role`. For a human user, prefix the user's e-mail
- address with `user:` (e.g., `user:evandbrown@gmail.com`). For a service
- account, prefix the service account e-mail address with `serviceAccount:`
- (e.g., `serviceAccount:your-service-account@your-project.iam.gserviceaccount.com`).
+
+* `members` (Required) - An array of identites that will be granted the privilege in the `role`.
+ Each entry can have one of the following values:
+ * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
+ * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
+ * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
+ * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
+ * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
+ * **domain:{domain}**: A Google Apps domain name that represents all the users of that domain. For example, google.com or example.com.
## Attributes Reference
diff --git a/docs/r/google_project_iam_binding.html.markdown b/docs/r/google_project_iam_binding.html.markdown
index b7916aa2d2b..59a9c90eaf9 100644
--- a/docs/r/google_project_iam_binding.html.markdown
+++ b/docs/r/google_project_iam_binding.html.markdown
@@ -32,7 +32,14 @@ resource "google_project_iam_binding" "project" {
The following arguments are supported:
-* `members` - (Required) A list of users that the role should apply to.
+* `members` (Required) - An array of identites that will be granted the privilege in the `role`.
+ Each entry can have one of the following values:
+ * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
+ * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
+ * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
+ * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
+ * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
+ * **domain:{domain}**: A Google Apps domain name that represents all the users of that domain. For example, google.com or example.com.
* `role` - (Required) The role that should be applied. Only one
`google_project_iam_binding` can be used per role.
diff --git a/docs/r/google_project_iam_member.html.markdown b/docs/r/google_project_iam_member.html.markdown
index a9419f8124b..82b7b328175 100644
--- a/docs/r/google_project_iam_member.html.markdown
+++ b/docs/r/google_project_iam_member.html.markdown
@@ -30,7 +30,14 @@ resource "google_project_iam_member" "project" {
The following arguments are supported:
-* `member` - (Required) The user that the role should apply to.
+* `member` - (Required) The identity that will be granted the privilege in the `role`.
+ This field can have one of the following values:
+ * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
+ * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
+ * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
+ * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
+ * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
+ * **domain:{domain}**: A Google Apps domain name that represents all the users of that domain. For example, google.com or example.com.
* `role` - (Required) The role that should be applied.