I'm a newbie and was looking for some help.
How do I list all grantable roles within my GCP environment at the organization level?
I am using...
gcloud iam list-grantable-roles
but everywhere I read it says I must specify the resource I want to check. I want it to check all resources.
Thank you for help!
Roles can be used in two ways. Applied to identities and applied to resources. When applied to resources (your example) you must specify the resource because resources only support a subset of all possible roles. For example, it makes no sense to apply a Compute Engine role to a Cloud Storage object.
To list all possible roles for an organization:
gcloud iam roles list --organization ORG_ID