1 Answers
As far as I understood it the GROUP here will depend on what you want to give access to. For example if you want to assign a role that will apply to a VM you will use "gcloud compute instance add-iam-policy-binding %VMNAME% –member email@acme.come –role/compute.admin" and if you want to add a policy to a project you will use something like "gcloud projects add-iam-policy binding %PROJECTI_D% –member email@acme.com –role roles/owner".
All resources (like VMs) are associated to a project, which can potentially be a part of an org. I guess this can be a bit different than binding policies to a project or organisation conceptually.
BTW there is something seriously wrong with the formatting when using a single quote "`"