IAM Permissions Change Log

This page describes recent changes to public IAM permissions for all Generally Available and Beta GCP services.

These change notes can help you to maintain and troubleshoot your custom roles. While permissions that are retired or no longer supported for use in custom roles are removed automatically from your custom roles, new Google Cloud Platform permissions are not added to custom roles automatically. Refer the access control information for each service for further information.

Upcoming Cloud IAM changes for the week of 2018-10-07

Service Change Description
Data Loss Prevention API Now GA

The role roles/dlp.admin (DLP Administrator) is now GA.

Data Loss Prevention API Now GA

The role roles/dlp.analyzeRiskTemplatesEditor (DLP Analyze Risk Templates Editor) is now GA.

Data Loss Prevention API Now GA

The role roles/dlp.analyzeRiskTemplatesReader (DLP Analyze Risk Templates Reader) is now GA.

Data Loss Prevention API Now GA

The role roles/dlp.deidentifyTemplatesEditor (DLP De-identify Templates Editor) is now GA.

Data Loss Prevention API Now GA

The role roles/dlp.deidentifyTemplatesReader (DLP De-identify Templates Reader) is now GA.

Data Loss Prevention API Now GA

The role roles/dlp.inspectTemplatesEditor (DLP Inspect Templates Editor) is now GA.

Data Loss Prevention API Now GA

The role roles/dlp.inspectTemplatesReader (DLP Inspect Templates Reader) is now GA.

Data Loss Prevention API Now GA

The role roles/dlp.jobsEditor (DLP Jobs Editor) is now GA.

Data Loss Prevention API Now GA

The role roles/dlp.jobsReader (DLP Jobs Reader) is now GA.

Data Loss Prevention API Now GA

The role roles/dlp.jobTriggersEditor (DLP Job Triggers Editor) is now GA.

Data Loss Prevention API Now GA

The role roles/dlp.jobTriggersReader (DLP Job Triggers Reader) is now GA.

Data Loss Prevention API Now GA

The role roles/dlp.reader (DLP Reader) is now GA.

Data Loss Prevention API Now GA

The role roles/dlp.storedInfoTypesEditor (DLP Stored InfoTypes Editor) is now GA.

Data Loss Prevention API Now GA

The role roles/dlp.storedInfoTypesReader (DLP Stored InfoTypes Reader) is now GA.

Data Loss Prevention API Now GA

The role roles/dlp.user (DLP User) is now GA.

Google Kubernetes Engine Supported In Custom Roles container.certificateSigningRequests.approve
container.clusterRoles.bind
container.deployments.rollback
container.nodes.proxy
container.pods.attach
container.pods.evict
container.pods.exec
container.pods.getLogs
container.pods.portForward
container.pods.proxy
container.roles.bind
container.services.proxy
container.thirdPartyObjects.create
container.thirdPartyObjects.delete
container.thirdPartyObjects.get
container.thirdPartyObjects.list
container.thirdPartyObjects.update
Data Loss Prevention API Supported In Custom Roles dlp.analyzeRiskTemplates.create
dlp.analyzeRiskTemplates.delete
dlp.analyzeRiskTemplates.get
dlp.analyzeRiskTemplates.list
dlp.analyzeRiskTemplates.update
dlp.deidentifyTemplates.create
dlp.deidentifyTemplates.delete
dlp.deidentifyTemplates.get
dlp.deidentifyTemplates.list
dlp.deidentifyTemplates.update
dlp.inspectTemplates.create
dlp.inspectTemplates.delete
dlp.inspectTemplates.get
dlp.inspectTemplates.list
dlp.inspectTemplates.update
dlp.jobTriggers.create
dlp.jobTriggers.delete
dlp.jobTriggers.get
dlp.jobTriggers.list
dlp.jobTriggers.update
dlp.jobs.cancel
dlp.jobs.create
dlp.jobs.delete
dlp.jobs.get
dlp.jobs.list
dlp.kms.encrypt
Data Loss Prevention API Now GA dlp.analyzeRiskTemplates.create
dlp.analyzeRiskTemplates.delete
dlp.analyzeRiskTemplates.get
dlp.analyzeRiskTemplates.list
dlp.analyzeRiskTemplates.update
dlp.deidentifyTemplates.create
dlp.deidentifyTemplates.delete
dlp.deidentifyTemplates.get
dlp.deidentifyTemplates.list
dlp.deidentifyTemplates.update
dlp.inspectTemplates.create
dlp.inspectTemplates.delete
dlp.inspectTemplates.get
dlp.inspectTemplates.list
dlp.inspectTemplates.update
dlp.jobTriggers.create
dlp.jobTriggers.delete
dlp.jobTriggers.get
dlp.jobTriggers.list
dlp.jobTriggers.update
dlp.jobs.cancel
dlp.jobs.create
dlp.jobs.delete
dlp.jobs.get
dlp.jobs.list
dlp.kms.encrypt
dlp.storedInfoTypes.create
dlp.storedInfoTypes.delete
dlp.storedInfoTypes.get
dlp.storedInfoTypes.list
dlp.storedInfoTypes.update
Google Cloud DNS API Supported In Custom Roles dns.dnsKeys.get
dns.dnsKeys.list
dns.managedZoneOperations.get
dns.managedZoneOperations.list
dns.managedZones.update
Firebase Services API Added firebase.billingPlans.get
firebase.billingPlans.update
firebase.clients.create
firebase.clients.delete
firebase.clients.get
firebase.links.create
firebase.links.delete
firebase.links.list
firebase.links.update
firebase.projects.delete
firebase.projects.get
firebase.projects.update
Firebase Services API Supported In Custom Roles firebase.billingPlans.get
firebase.billingPlans.update
firebase.clients.create
firebase.clients.delete
firebase.clients.get
firebase.links.create
firebase.links.delete
firebase.links.list
firebase.links.update
firebase.projects.delete
firebase.projects.get
firebase.projects.update
Firebase Services API Added firebaseabt.experimentresults.get
firebaseabt.experiments.create
firebaseabt.experiments.delete
firebaseabt.experiments.get
firebaseabt.experiments.list
firebaseabt.experiments.update
firebaseabt.projectmetadata.get
Firebase Services API Supported In Custom Roles firebaseabt.experimentresults.get
firebaseabt.experiments.create
firebaseabt.experiments.delete
firebaseabt.experiments.get
firebaseabt.experiments.list
firebaseabt.experiments.update
firebaseabt.projectmetadata.get
Identity Toolkit API Added firebaseauth.configs.get
firebaseauth.configs.update
firebaseauth.users.create
firebaseauth.users.createSession
firebaseauth.users.delete
firebaseauth.users.get
firebaseauth.users.sendEmail
firebaseauth.users.update
Identity Toolkit API Supported In Custom Roles firebaseauth.configs.get
firebaseauth.configs.update
firebaseauth.users.create
firebaseauth.users.createSession
firebaseauth.users.delete
firebaseauth.users.get
firebaseauth.users.sendEmail
firebaseauth.users.update
Firebase Services API Added firebasedatabase.instances.get
firebasedatabase.instances.update
Firebase Services API Supported In Custom Roles firebasedatabase.instances.get
firebasedatabase.instances.update
Firebase Hosting API Added firebasehosting.sites.create
firebasehosting.sites.delete
firebasehosting.sites.get
firebasehosting.sites.list
firebasehosting.sites.update
Firebase Hosting API Supported In Custom Roles firebasehosting.sites.create
firebasehosting.sites.delete
firebasehosting.sites.get
firebasehosting.sites.list
firebasehosting.sites.update
ML Kit API Added firebaseml.compressionjobs.create
firebaseml.compressionjobs.delete
firebaseml.compressionjobs.get
firebaseml.compressionjobs.list
firebaseml.compressionjobs.start
firebaseml.compressionjobs.update
firebaseml.models.create
firebaseml.models.delete
firebaseml.models.get
firebaseml.models.list
firebaseml.modelversions.create
firebaseml.modelversions.get
firebaseml.modelversions.list
firebaseml.modelversions.update
ML Kit API Supported In Custom Roles firebaseml.compressionjobs.create
firebaseml.compressionjobs.delete
firebaseml.compressionjobs.get
firebaseml.compressionjobs.list
firebaseml.compressionjobs.start
firebaseml.compressionjobs.update
firebaseml.models.create
firebaseml.models.delete
firebaseml.models.get
firebaseml.models.list
firebaseml.modelversions.create
firebaseml.modelversions.get
firebaseml.modelversions.list
firebaseml.modelversions.update
Firebase Rules API Added firebaserules.releases.create
firebaserules.releases.delete
firebaserules.releases.get
firebaserules.releases.getExecutable
firebaserules.releases.list
firebaserules.releases.update
firebaserules.rulesets.create
firebaserules.rulesets.delete
firebaserules.rulesets.get
firebaserules.rulesets.list
firebaserules.rulesets.test
Firebase Rules API Supported In Custom Roles firebaserules.releases.create
firebaserules.releases.delete
firebaserules.releases.get
firebaserules.releases.getExecutable
firebaserules.releases.list
firebaserules.releases.update
firebaserules.rulesets.create
firebaserules.rulesets.delete
firebaserules.rulesets.get
firebaserules.rulesets.list
firebaserules.rulesets.test

Cloud IAM changes as of 2018-10-05

Service Change Description
Google Compute Engine Added compute.instances.resume
compute.instances.suspend
Google Compute Engine Supported In Custom Roles compute.instances.resume
compute.instances.suspend
Google Compute Engine Now GA compute.instances.resume
compute.instances.suspend
Google Kubernetes Engine Supported In Custom Roles container.apiServices.updateStatus
container.certificateSigningRequests.updateStatus
container.cronJobs.getStatus
container.cronJobs.updateStatus
container.customResourceDefinitions.updateStatus
container.daemonSets.getStatus
container.daemonSets.updateStatus
container.deployments.getScale
container.deployments.getStatus
container.deployments.updateScale
container.deployments.updateStatus
container.horizontalPodAutoscalers.getStatus
container.horizontalPodAutoscalers.updateStatus
container.ingresses.getStatus
container.ingresses.updateStatus
container.jobs.getStatus
container.jobs.updateStatus
container.namespaces.getStatus
container.namespaces.updateStatus
container.nodes.getStatus
container.nodes.updateStatus
container.persistentVolumeClaims.getStatus
container.persistentVolumeClaims.updateStatus
container.persistentVolumes.getStatus
container.persistentVolumes.updateStatus
container.podDisruptionBudgets.getStatus
container.podDisruptionBudgets.updateStatus
container.pods.getStatus
container.pods.updateStatus
container.replicaSets.getScale
container.replicaSets.getStatus
container.replicaSets.updateScale
container.replicaSets.updateStatus
container.replicationControllers.getScale
container.replicationControllers.getStatus
container.replicationControllers.updateScale
container.replicationControllers.updateStatus
container.resourceQuotas.getStatus
container.resourceQuotas.updateStatus
container.services.getStatus
container.services.updateStatus
container.statefulSets.getScale
container.statefulSets.getStatus
container.statefulSets.updateScale
container.statefulSets.updateStatus
Google Kubernetes Engine Now GA container.cronJobs.getStatus
container.daemonSets.getStatus
container.deployments.getStatus
container.horizontalPodAutoscalers.getStatus
container.ingresses.getStatus
container.jobs.getStatus
container.namespaces.getStatus
container.nodes.getStatus
container.persistentVolumeClaims.getStatus
container.persistentVolumes.getStatus
container.podDisruptionBudgets.getStatus
container.pods.getStatus
container.replicaSets.getScale
container.replicaSets.getStatus
container.replicaSets.updateScale
container.replicationControllers.getScale
container.replicationControllers.getStatus
container.replicationControllers.updateScale
container.resourceQuotas.getStatus
container.services.getStatus
container.statefulSets.getStatus

Cloud IAM changes as of 2018-09-21

Service Change Description
Cloud AutoML Added automl.datasets.getIamPolicy
automl.datasets.setIamPolicy
automl.models.getIamPolicy
automl.models.setIamPolicy
Cloud AutoML Supported In Custom Roles automl.datasets.getIamPolicy
automl.datasets.setIamPolicy
automl.models.getIamPolicy
automl.models.setIamPolicy
Cloud Asset Inventory Added cloudasset.assets.exportAll
Cloud Asset Inventory Supported In Custom Roles cloudasset.assets.exportAll
Google Compute Engine Added compute.licenses.delete
Google Kubernetes Engine Supported In Custom Roles container.apiServices.create
container.apiServices.delete
container.apiServices.get
container.apiServices.list
container.apiServices.update
container.bindings.create
container.certificateSigningRequests.create
container.certificateSigningRequests.delete
container.certificateSigningRequests.get
container.certificateSigningRequests.list
container.certificateSigningRequests.update
container.clusterRoleBindings.create
container.clusterRoleBindings.delete
container.clusterRoleBindings.get
container.clusterRoleBindings.list
container.clusterRoleBindings.update
container.clusterRoles.create
container.clusterRoles.delete
container.clusterRoles.get
container.clusterRoles.list
container.clusterRoles.update
container.componentStatuses.get
container.componentStatuses.list
container.configMaps.create
container.configMaps.delete
container.configMaps.get
container.configMaps.list
container.configMaps.update
container.controllerRevisions.create
container.controllerRevisions.delete
container.controllerRevisions.get
container.controllerRevisions.list
container.controllerRevisions.update
container.cronJobs.create
container.cronJobs.delete
container.cronJobs.get
container.cronJobs.list
container.cronJobs.update
container.customResourceDefinitions.create
container.customResourceDefinitions.delete
container.customResourceDefinitions.get
container.customResourceDefinitions.list
container.customResourceDefinitions.update
container.daemonSets.create
container.daemonSets.delete
container.daemonSets.get
container.daemonSets.list
container.daemonSets.update
container.deployments.create
container.deployments.delete
container.deployments.get
container.deployments.list
container.deployments.update
container.endpoints.create
container.endpoints.delete
container.endpoints.get
container.endpoints.list
container.endpoints.update
container.events.create
container.events.delete
container.events.get
container.events.list
container.events.update
container.horizontalPodAutoscalers.create
container.horizontalPodAutoscalers.delete
container.horizontalPodAutoscalers.get
container.horizontalPodAutoscalers.list
container.horizontalPodAutoscalers.update
container.ingresses.create
container.ingresses.delete
container.ingresses.get
container.ingresses.list
container.ingresses.update
container.jobs.create
container.jobs.delete
container.jobs.get
container.jobs.list
container.jobs.update
container.limitRanges.create
container.limitRanges.delete
container.limitRanges.get
container.limitRanges.list
container.limitRanges.update
container.localSubjectAccessReviews.create
container.namespaces.create
container.namespaces.delete
container.namespaces.get
container.namespaces.list
container.namespaces.update
container.networkPolicies.create
container.networkPolicies.delete
container.networkPolicies.get
container.networkPolicies.list
container.networkPolicies.update
container.nodes.create
container.nodes.delete
container.nodes.get
container.nodes.list
container.nodes.update
container.persistentVolumeClaims.create
container.persistentVolumeClaims.delete
container.persistentVolumeClaims.get
container.persistentVolumeClaims.list
container.persistentVolumeClaims.update
container.persistentVolumes.create
container.persistentVolumes.delete
container.persistentVolumes.get
container.persistentVolumes.list
container.persistentVolumes.update
container.podDisruptionBudgets.create
container.podDisruptionBudgets.delete
container.podDisruptionBudgets.get
container.podDisruptionBudgets.list
container.podDisruptionBudgets.update
container.podSecurityPolicies.create
container.podSecurityPolicies.delete
container.podSecurityPolicies.get
container.podSecurityPolicies.list
container.podSecurityPolicies.update
container.podTemplates.create
container.podTemplates.delete
container.podTemplates.get
container.podTemplates.list
container.podTemplates.update
container.pods.create
container.pods.delete
container.pods.get
container.pods.list
container.pods.update
container.replicaSets.create
container.replicaSets.delete
container.replicaSets.get
container.replicaSets.list
container.replicaSets.update
container.replicationControllers.create
container.replicationControllers.delete
container.replicationControllers.get
container.replicationControllers.list
container.replicationControllers.update
container.resourceQuotas.create
container.resourceQuotas.delete
container.resourceQuotas.get
container.resourceQuotas.list
container.resourceQuotas.update
container.roleBindings.create
container.roleBindings.delete
container.roleBindings.get
container.roleBindings.list
container.roleBindings.update
container.roles.create
container.roles.delete
container.roles.get
container.roles.list
container.roles.update
container.secrets.create
container.secrets.delete
container.secrets.get
container.secrets.list
container.secrets.update
container.selfSubjectAccessReviews.create
container.serviceAccounts.create
container.serviceAccounts.delete
container.serviceAccounts.get
container.serviceAccounts.list
container.serviceAccounts.update
container.services.create
container.services.delete
container.services.get
container.services.list
container.services.update
container.statefulSets.create
container.statefulSets.delete
container.statefulSets.get
container.statefulSets.list
container.statefulSets.update
container.storageClasses.create
container.storageClasses.delete
container.storageClasses.get
container.storageClasses.list
container.storageClasses.update
container.subjectAccessReviews.create

Cloud IAM changes as of 2018-09-07

Service Change Description
Cloud Memorystore for Redis API Supported In Custom Roles redis.operations.cancel
redis.operations.delete

Cloud IAM changes as of 2018-08-31

Service Change Description
Google Kubernetes Engine Added container.cronJobs.getStatus
container.daemonSets.getStatus
container.deployments.getStatus
container.horizontalPodAutoscalers.getStatus
container.ingresses.getStatus
container.jobs.getStatus
container.namespaces.getStatus
container.nodes.getStatus
container.persistentVolumeClaims.getStatus
container.persistentVolumes.getStatus
container.podDisruptionBudgets.getStatus
container.pods.getStatus
container.replicaSets.getScale
container.replicaSets.getStatus
container.replicaSets.updateScale
container.replicationControllers.getScale
container.replicationControllers.getStatus
container.replicationControllers.updateScale
container.resourceQuotas.getStatus
container.services.getStatus
container.statefulSets.getStatus
Data Loss Prevention API Added dlp.storedInfoTypes.create
dlp.storedInfoTypes.delete
dlp.storedInfoTypes.get
dlp.storedInfoTypes.list
dlp.storedInfoTypes.update
Data Loss Prevention API Supported In Custom Roles dlp.storedInfoTypes.create
dlp.storedInfoTypes.delete
dlp.storedInfoTypes.get
dlp.storedInfoTypes.list
dlp.storedInfoTypes.update
Cloud Source Repositories Added source.repos.getProjectConfig
source.repos.updateProjectConfig
source.repos.updateRepoConfig
Cloud Source Repositories Supported In Custom Roles source.repos.getProjectConfig
source.repos.updateProjectConfig
source.repos.updateRepoConfig
Cloud Source Repositories Now GA source.repos.getProjectConfig
source.repos.updateProjectConfig
source.repos.updateRepoConfig

Cloud IAM changes as of 2018-08-10

Service Change Description
Binary Authorization Added binaryauthorization.attestors.verifyImageAttested
Binary Authorization Supported In Custom Roles binaryauthorization.attestors.verifyImageAttested
Google Compute Engine Added compute.globalAddresses.createInternal
compute.globalAddresses.deleteInternal
Google Compute Engine Supported In Custom Roles compute.globalAddresses.createInternal
compute.globalAddresses.deleteInternal
Cloud Filestore API Added file.instances.create
file.instances.delete
file.instances.get
file.instances.list
file.instances.update
file.locations.get
file.locations.list
file.operations.cancel
file.operations.delete
file.operations.get
file.operations.list

Cloud IAM changes as of 2018-08-03

Service Change Description
Android Management API Supported In Custom Roles androidmanagement.enterprises.manage
Android Management API Now GA androidmanagement.enterprises.manage
Google Cloud Billing API Supported In Custom Roles billing.resourceCosts.get
Binary Authorization Added binaryauthorization.policy.get
binaryauthorization.policy.getIamPolicy
binaryauthorization.policy.setIamPolicy
binaryauthorization.policy.update
Cloud Composer Now GA composer.environments.create
composer.environments.delete
composer.environments.get
composer.environments.list
composer.environments.update
composer.operations.delete
composer.operations.get
composer.operations.list
Google Compute Engine Now GA compute.nodeGroups.addNodes
compute.nodeGroups.create
compute.nodeGroups.delete
compute.nodeGroups.deleteNodes
compute.nodeGroups.get
compute.nodeGroups.list
compute.nodeGroups.setNodeTemplate
compute.nodeTemplates.create
compute.nodeTemplates.delete
compute.nodeTemplates.get
compute.nodeTemplates.list
compute.nodeTypes.get
compute.nodeTypes.list
Google Kubernetes Engine Now GA container.hostServiceAgent.use
Cloud Memorystore for Redis API Added redis.operations.cancel
Cloud Memorystore for Redis API Supported In Custom Roles redis.instances.create
redis.instances.delete
redis.instances.get
redis.instances.list
redis.instances.update
redis.locations.get
redis.locations.list
redis.operations.get
redis.operations.list
Subscribe with Google Developer API Added subscribewithgoogledeveloper.tools.get
Subscribe with Google Developer API Supported In Custom Roles subscribewithgoogledeveloper.tools.get

Cloud IAM changes as of 2018-07-20

Service Change Description
Access Context Manager Added accesscontextmanager.accessLevels.create
accesscontextmanager.accessLevels.delete
accesscontextmanager.accessLevels.get
accesscontextmanager.accessLevels.list
accesscontextmanager.accessLevels.update
accesscontextmanager.accessPolicies.create
accesscontextmanager.accessPolicies.delete
accesscontextmanager.accessPolicies.get
accesscontextmanager.accessPolicies.getIamPolicy
accesscontextmanager.accessPolicies.list
accesscontextmanager.accessPolicies.setIamPolicy
accesscontextmanager.accessPolicies.update
accesscontextmanager.accessZones.create
accesscontextmanager.accessZones.delete
accesscontextmanager.accessZones.get
accesscontextmanager.accessZones.list
accesscontextmanager.accessZones.update
accesscontextmanager.policies.create
accesscontextmanager.policies.delete
accesscontextmanager.policies.get
accesscontextmanager.policies.getIamPolicy
accesscontextmanager.policies.list
accesscontextmanager.policies.setIamPolicy
accesscontextmanager.policies.update
accesscontextmanager.servicePerimeters.create
accesscontextmanager.servicePerimeters.delete
accesscontextmanager.servicePerimeters.get
accesscontextmanager.servicePerimeters.list
accesscontextmanager.servicePerimeters.update
Cloud AutoML Added automl.annotationSpecs.create
automl.annotationSpecs.delete
automl.annotationSpecs.get
automl.annotationSpecs.list
automl.annotationSpecs.update
automl.annotations.approve
automl.annotations.create
automl.annotations.list
automl.annotations.manipulate
automl.annotations.reject
automl.datasets.create
automl.datasets.delete
automl.datasets.export
automl.datasets.get
automl.datasets.import
automl.datasets.list
automl.examples.delete
automl.examples.get
automl.examples.list
automl.humanAnnotationTasks.create
automl.humanAnnotationTasks.delete
automl.humanAnnotationTasks.get
automl.humanAnnotationTasks.list
automl.locations.get
automl.locations.list
automl.modelEvaluations.create
automl.modelEvaluations.get
automl.modelEvaluations.list
automl.models.create
automl.models.delete
automl.models.deploy
automl.models.get
automl.models.list
automl.models.predict
automl.models.undeploy
automl.operations.cancel
automl.operations.delete
automl.operations.get
automl.operations.list
Cloud AutoML Supported In Custom Roles automl.annotationSpecs.create
automl.annotationSpecs.delete
automl.annotationSpecs.get
automl.annotationSpecs.list
automl.annotationSpecs.update
automl.annotations.approve
automl.annotations.create
automl.annotations.list
automl.annotations.manipulate
automl.annotations.reject
automl.datasets.create
automl.datasets.delete
automl.datasets.export
automl.datasets.get
automl.datasets.import
automl.datasets.list
automl.examples.delete
automl.examples.get
automl.examples.list
automl.humanAnnotationTasks.create
automl.humanAnnotationTasks.get
automl.humanAnnotationTasks.list
automl.locations.get
automl.locations.list
automl.modelEvaluations.get
automl.modelEvaluations.list
automl.models.create
automl.models.delete
automl.models.get
automl.models.list
automl.models.predict
automl.operations.cancel
automl.operations.delete
automl.operations.get
automl.operations.list
Binary Authorization Added binaryauthorization.attestors.create
binaryauthorization.attestors.delete
binaryauthorization.attestors.get
binaryauthorization.attestors.getIamPolicy
binaryauthorization.attestors.list
binaryauthorization.attestors.setIamPolicy
binaryauthorization.attestors.update
Binary Authorization Supported In Custom Roles binaryauthorization.attestors.create
binaryauthorization.attestors.delete
binaryauthorization.attestors.get
binaryauthorization.attestors.getIamPolicy
binaryauthorization.attestors.list
binaryauthorization.attestors.setIamPolicy
binaryauthorization.attestors.update
Google Cloud DNS API Supported In Custom Roles dns.changes.create
dns.changes.get
dns.changes.list
dns.managedZones.create
dns.managedZones.delete
dns.managedZones.get
dns.managedZones.list
dns.projects.get
dns.resourceRecordSets.create
dns.resourceRecordSets.delete
dns.resourceRecordSets.list
dns.resourceRecordSets.update

Cloud IAM changes as of 2018-07-13

Service Change Description
Google BigQuery Added bigquery.datasets.getIamPolicy
bigquery.datasets.setIamPolicy
Cloud Datastore Added datastore.locations.get
datastore.locations.list

Cloud IAM changes as of 2018-07-06

Service Change Description
Cloud Composer Supported In Custom Roles composer.environments.create
composer.environments.delete
composer.environments.get
composer.environments.list
composer.environments.update
composer.operations.delete
composer.operations.get
composer.operations.list
Cloud Endpoints Added endpoints.portals.attachCustomDomain
endpoints.portals.detachCustomDomain
endpoints.portals.listCustomDomains
endpoints.portals.update
Cloud Endpoints Supported In Custom Roles endpoints.portals.attachCustomDomain
endpoints.portals.detachCustomDomain
endpoints.portals.listCustomDomains
endpoints.portals.update
Cloud TPU Added tpu.acceleratortypes.get
tpu.acceleratortypes.list
tpu.locations.get
tpu.locations.list
tpu.nodes.create
tpu.nodes.delete
tpu.nodes.get
tpu.nodes.list
tpu.nodes.reimage
tpu.nodes.reset
tpu.nodes.start
tpu.nodes.stop
tpu.operations.get
tpu.operations.list
tpu.tensorflowversions.get
tpu.tensorflowversions.list
Cloud TPU Supported In Custom Roles tpu.acceleratortypes.get
tpu.acceleratortypes.list
tpu.locations.get
tpu.locations.list
tpu.nodes.create
tpu.nodes.delete
tpu.nodes.get
tpu.nodes.list
tpu.nodes.reimage
tpu.nodes.reset
tpu.nodes.start
tpu.nodes.stop
tpu.operations.get
tpu.operations.list
tpu.tensorflowversions.get
tpu.tensorflowversions.list

Cloud IAM changes as of 2018-06-29

Service Change Description
Cloud Identity and Access Management Now GA iam.serviceAccounts.implicitDelegation

Cloud IAM changes as of 2018-06-15

Service Change Description
Google Compute Engine Supported In Custom Roles compute.backendServices.create
compute.backendServices.delete
compute.backendServices.get
compute.backendServices.list
compute.backendServices.setSecurityPolicy
compute.backendServices.update
compute.backendServices.use
compute.regionBackendServices.create
compute.regionBackendServices.delete
compute.regionBackendServices.get
compute.regionBackendServices.list
compute.regionBackendServices.setSecurityPolicy
compute.regionBackendServices.update
compute.regionBackendServices.use
compute.targetHttpProxies.create
compute.targetHttpProxies.setUrlMap
compute.targetHttpsProxies.create
compute.targetHttpsProxies.setUrlMap
compute.targetSslProxies.create
compute.targetSslProxies.setBackendService
compute.targetTcpProxies.create
compute.targetTcpProxies.update
Google Compute Engine Now GA compute.regionBackendServices.create
compute.regionBackendServices.delete
compute.regionBackendServices.get
compute.regionBackendServices.list
compute.regionBackendServices.setSecurityPolicy
compute.regionBackendServices.update
compute.regionBackendServices.use

Cloud IAM changes as of 2018-06-08

Service Change Description
Google Compute Engine Added compute.nodeGroups.addNodes
compute.nodeGroups.create
compute.nodeGroups.delete
compute.nodeGroups.deleteNodes
compute.nodeGroups.get
compute.nodeGroups.list
compute.nodeGroups.setNodeTemplate
compute.nodeTemplates.create
compute.nodeTemplates.delete
compute.nodeTemplates.get
compute.nodeTemplates.list
compute.nodeTypes.get
compute.nodeTypes.list
Google Compute Engine Supported In Custom Roles compute.nodeGroups.addNodes
compute.nodeGroups.create
compute.nodeGroups.delete
compute.nodeGroups.deleteNodes
compute.nodeGroups.get
compute.nodeGroups.list
compute.nodeGroups.setNodeTemplate
compute.nodeTemplates.create
compute.nodeTemplates.delete
compute.nodeTemplates.get
compute.nodeTemplates.list
compute.nodeTypes.get
compute.nodeTypes.list

Cloud IAM changes as of 2018-05-11

Service Change Description
Google BigQuery Supported In Custom Roles bigquery.jobs.listAll
Google Bigtable API Supported In Custom Roles bigtable.appProfiles.create
bigtable.appProfiles.delete
bigtable.appProfiles.get
bigtable.appProfiles.list
bigtable.appProfiles.update
bigtable.clusters.create
bigtable.clusters.delete
bigtable.tables.checkConsistency
bigtable.tables.generateConsistencyToken
Google Bigtable API Now GA bigtable.appProfiles.create
bigtable.appProfiles.delete
bigtable.appProfiles.get
bigtable.appProfiles.list
bigtable.appProfiles.update
bigtable.tables.checkConsistency
bigtable.tables.generateConsistencyToken
Cloud Composer Now Beta composer.environments.create
composer.environments.delete
composer.environments.get
composer.environments.list
composer.environments.update
composer.operations.delete
composer.operations.get
composer.operations.list
Genomics API Supported In Custom Roles genomics.operations.cancel
genomics.operations.create
genomics.operations.get
genomics.operations.list
Stackdriver Monitoring API Supported In Custom Roles monitoring.dashboards.create
monitoring.dashboards.delete
monitoring.dashboards.get
monitoring.dashboards.list
monitoring.dashboards.update
monitoring.publicWidgets.create
monitoring.publicWidgets.delete
monitoring.publicWidgets.get
monitoring.publicWidgets.list
monitoring.publicWidgets.update
monitoring.uptimeCheckConfigs.create
monitoring.uptimeCheckConfigs.delete
monitoring.uptimeCheckConfigs.get
monitoring.uptimeCheckConfigs.list
monitoring.uptimeCheckConfigs.update
Stackdriver Monitoring API Now GA monitoring.dashboards.create
monitoring.dashboards.delete
monitoring.dashboards.get
monitoring.dashboards.list
monitoring.dashboards.update
monitoring.publicWidgets.create
monitoring.publicWidgets.delete
monitoring.publicWidgets.get
monitoring.publicWidgets.list
monitoring.publicWidgets.update

Cloud IAM changes as of 2018-05-04

Service Change Description
Google BigQuery Available In Custom Roles bigquery.jobs.listAll
Google Bigtable API Added bigtable.instances.getIamPolicy
bigtable.instances.setIamPolicy
Google Bigtable API Supported In Custom Roles bigtable.instances.getIamPolicy
bigtable.instances.setIamPolicy
Google Bigtable API Now GA bigtable.instances.getIamPolicy
bigtable.instances.setIamPolicy
Google Compute Engine Supported In Custom Roles compute.instances.osAdminLogin
compute.instances.osLogin
compute.oslogin.updateExternalUser
Google Compute Engine Now GA compute.oslogin.updateExternalUser
Google Service Management Supported In Custom Roles servicemanagement.services.bind

Cloud IAM changes as of 2018-04-06

Service Change Description
Google Compute Engine Supported In Custom Roles compute.instances.setShieldedVmIntegrityPolicy
compute.instances.updateShieldedVmConfig
Google Compute Engine Now GA compute.instances.setShieldedVmIntegrityPolicy
Google Kubernetes Engine Supported In Custom Roles container.hostServiceAgent.use
Google Cloud Dataproc Supported In Custom Roles dataproc.jobs.getIamPolicy
dataproc.jobs.setIamPolicy
dataproc.operations.getIamPolicy
dataproc.operations.setIamPolicy
dataproc.workflowTemplates.getIamPolicy
dataproc.workflowTemplates.setIamPolicy
Google Cloud Dataproc Now GA dataproc.jobs.getIamPolicy
dataproc.jobs.setIamPolicy
dataproc.operations.getIamPolicy
dataproc.operations.setIamPolicy
dataproc.workflowTemplates.getIamPolicy
dataproc.workflowTemplates.setIamPolicy

Cloud IAM changes as of 2018-03-30

Service Change Description
Google Cloud IoT API Now GA cloudiot.devices.create
cloudiot.devices.delete
cloudiot.devices.get
cloudiot.devices.list
cloudiot.devices.update
cloudiot.devices.updateConfig
cloudiot.registries.create
cloudiot.registries.delete
cloudiot.registries.get
cloudiot.registries.getIamPolicy
cloudiot.registries.list
cloudiot.registries.setIamPolicy
cloudiot.registries.update

Cloud IAM changes as of 2018-03-23

Service Change Description
Genomics API Supported In Custom Roles genomics.datasets.create
genomics.datasets.delete
genomics.datasets.get
genomics.datasets.getIamPolicy
genomics.datasets.list
genomics.datasets.setIamPolicy
genomics.datasets.update
Google Cloud Pub/Sub API Supported In Custom Roles pubsub.snapshots.create
pubsub.snapshots.delete
pubsub.snapshots.list

Cloud IAM changes as of 2018-03-09

Service Change Description
Google Cloud Job Discovery Added cloudjobdiscovery.companies.create
cloudjobdiscovery.companies.delete
cloudjobdiscovery.companies.get
cloudjobdiscovery.companies.list
cloudjobdiscovery.companies.update
cloudjobdiscovery.jobs.create
cloudjobdiscovery.jobs.delete
cloudjobdiscovery.jobs.deleteByFilter
cloudjobdiscovery.jobs.get
cloudjobdiscovery.jobs.search
cloudjobdiscovery.jobs.update
cloudjobdiscovery.tools.access
Google Cloud Job Discovery Supported In Custom Roles cloudjobdiscovery.companies.create
cloudjobdiscovery.companies.delete
cloudjobdiscovery.companies.get
cloudjobdiscovery.companies.list
cloudjobdiscovery.companies.update
cloudjobdiscovery.jobs.create
cloudjobdiscovery.jobs.delete
cloudjobdiscovery.jobs.deleteByFilter
cloudjobdiscovery.jobs.get
cloudjobdiscovery.jobs.search
cloudjobdiscovery.jobs.update
cloudjobdiscovery.tools.access
Google Cloud Profiler Added cloudprofiler.profiles.create
cloudprofiler.profiles.list
cloudprofiler.profiles.update
Google Cloud Profiler Supported In Custom Roles cloudprofiler.profiles.create
cloudprofiler.profiles.list
cloudprofiler.profiles.update

Cloud IAM changes as of 2018-03-02

Service Change Description
Service Broker API Added servicebroker.bindingoperations.get
servicebroker.bindingoperations.list
servicebroker.bindings.create
servicebroker.bindings.delete
servicebroker.bindings.get
servicebroker.bindings.getIamPolicy
servicebroker.bindings.list
servicebroker.bindings.setIamPolicy
servicebroker.catalogs.create
servicebroker.catalogs.delete
servicebroker.catalogs.get
servicebroker.catalogs.getIamPolicy
servicebroker.catalogs.list
servicebroker.catalogs.setIamPolicy
servicebroker.catalogs.validate
servicebroker.instanceoperations.get
servicebroker.instanceoperations.list
servicebroker.instances.create
servicebroker.instances.delete
servicebroker.instances.get
servicebroker.instances.getIamPolicy
servicebroker.instances.list
servicebroker.instances.setIamPolicy
servicebroker.instances.update
Service Broker API Supported In Custom Roles servicebroker.bindingoperations.get
servicebroker.bindingoperations.list
servicebroker.bindings.create
servicebroker.bindings.delete
servicebroker.bindings.get
servicebroker.bindings.getIamPolicy
servicebroker.bindings.list
servicebroker.bindings.setIamPolicy
servicebroker.catalogs.create
servicebroker.catalogs.delete
servicebroker.catalogs.get
servicebroker.catalogs.getIamPolicy
servicebroker.catalogs.list
servicebroker.catalogs.setIamPolicy
servicebroker.catalogs.validate
servicebroker.instanceoperations.get
servicebroker.instanceoperations.list
servicebroker.instances.create
servicebroker.instances.delete
servicebroker.instances.get
servicebroker.instances.getIamPolicy
servicebroker.instances.list
servicebroker.instances.setIamPolicy
servicebroker.instances.update

Cloud IAM changes as of 2018-02-23

Service Change Description
Cloud Resource Manager Supported In Custom Roles resourcemanager.projects.list
resourcemanager.projects.move
Google Service Management Added servicemanagement.services.quota
Google Service Management Supported In Custom Roles servicemanagement.services.quota
Cloud Source Repositories Supported In Custom Roles source.repos.create

Cloud IAM changes as of 2018-02-16

Service Change Description
Google BigQuery Supported In Custom Roles bigquery.tables.update
bigquery.tables.updateData
Google Cloud IoT API Supported In Custom Roles cloudiot.devices.create
cloudiot.devices.delete
cloudiot.devices.get
cloudiot.devices.list
cloudiot.devices.update
cloudiot.devices.updateConfig
cloudiot.registries.create
cloudiot.registries.delete
cloudiot.registries.get
cloudiot.registries.getIamPolicy
cloudiot.registries.list
cloudiot.registries.setIamPolicy
cloudiot.registries.update
Google Cloud SQL Supported In Custom Roles cloudsql.instances.demoteMaster
Google Cloud Support API Added cloudsupport.accounts.create
cloudsupport.accounts.delete
cloudsupport.accounts.get
cloudsupport.accounts.getIamPolicy
cloudsupport.accounts.getUserRoles
cloudsupport.accounts.list
cloudsupport.accounts.setIamPolicy
cloudsupport.accounts.update
cloudsupport.accounts.updateUserRoles
cloudsupport.operations.get
Google Compute Engine Added compute.oslogin.updateExternalUser
Google Compute Engine Supported In Custom Roles compute.addresses.create
compute.disks.create
compute.disks.setLabels
compute.forwardingRules.create
compute.globalAddresses.create
compute.globalForwardingRules.create
compute.images.create
compute.images.setLabels
compute.snapshots.create
compute.snapshots.setLabels
compute.targetVpnGateways.create
compute.vpnTunnels.create
Google Cloud Dataproc Supported In Custom Roles dataproc.agents.create
dataproc.agents.delete
dataproc.agents.get
dataproc.agents.list
dataproc.agents.update
dataproc.tasks.lease
dataproc.tasks.listInvalidatedLeases
dataproc.tasks.reportStatus
dataproc.workflowTemplates.instantiateInline
Google Cloud DNS API Added dns.changes.create
dns.changes.get
dns.changes.list
dns.dnsKeys.create
dns.dnsKeys.delete
dns.dnsKeys.get
dns.dnsKeys.list
dns.dnsKeys.update
dns.managedZoneOperations.get
dns.managedZoneOperations.list
dns.managedZones.create
dns.managedZones.delete
dns.managedZones.get
dns.managedZones.list
dns.managedZones.update
dns.projects.get
dns.resourceRecordSets.create
dns.resourceRecordSets.delete
dns.resourceRecordSets.get
dns.resourceRecordSets.list
dns.resourceRecordSets.update

Cloud IAM changes as of 2018-02-02

Service Change Description
Google Compute Engine Available In Custom Roles compute.interconnectAttachments.create
compute.interconnectAttachments.delete
compute.interconnectAttachments.get
compute.interconnectAttachments.list
compute.interconnectAttachments.setLabels
compute.interconnectAttachments.update
compute.interconnectAttachments.use
compute.interconnectLocations.get
compute.interconnectLocations.list
compute.interconnects.create
compute.interconnects.delete
compute.interconnects.get
compute.interconnects.list
compute.interconnects.setLabels
compute.interconnects.update
compute.interconnects.use
Data Loss Prevention API Added dlp.jobTriggers.create
dlp.jobTriggers.delete
dlp.jobTriggers.get
dlp.jobTriggers.list
dlp.jobTriggers.update

Cloud IAM changes as of 2018-01-26

Service Change Description
Google BigQuery Added bigquery.jobs.listAll
Google Kubernetes Engine Added container.podSecurityPolicies.create
container.podSecurityPolicies.delete
container.podSecurityPolicies.get
container.podSecurityPolicies.list
container.podSecurityPolicies.update
container.podSecurityPolicies.use

Cloud IAM changes as of 2018-01-19

Service Change Description
Google Compute Engine Added compute.addresses.createInternal
compute.addresses.deleteInternal
compute.addresses.useInternal

Cloud IAM changes as of 2018-01-12

Service Change Description
Google App Engine Not Supported In Custom Roles appengine.runtimes.actAsAdmin
Google Compute Engine Added compute.backendServices.setSecurityPolicy
compute.securityPolicies.create
compute.securityPolicies.delete
compute.securityPolicies.get
compute.securityPolicies.getIamPolicy
compute.securityPolicies.list
compute.securityPolicies.setIamPolicy
compute.securityPolicies.update
compute.securityPolicies.use
Google Compute Engine Not Supported In Custom Roles compute.organizations.administerXpn
compute.targetHttpProxies.create
compute.targetHttpProxies.setUrlMap
compute.targetHttpsProxies.create
compute.targetHttpsProxies.setUrlMap
compute.targetSslProxies.create
compute.targetSslProxies.setBackendService
compute.targetTcpProxies.create
compute.targetTcpProxies.update
Google Compute Engine Now GA compute.instances.osAdminLogin
compute.instances.osLogin

Cloud IAM changes as of 2017-12-22

Service Change Description
Google App Engine Supported In Custom Roles appengine.applications.create
appengine.applications.get
appengine.applications.update
appengine.instances.delete
appengine.instances.get
appengine.instances.list
appengine.operations.get
appengine.operations.list
appengine.services.delete
appengine.services.get
appengine.services.list
appengine.services.update
appengine.versions.create
appengine.versions.delete
appengine.versions.get
appengine.versions.list
appengine.versions.update
Google App Engine Not Supported In Custom Roles appengine.applications.list
appengine.operations.cancel
appengine.operations.delete
appengine.services.create
Google Cloud Billing API Supported In Custom Roles billing.accounts.close
billing.accounts.reopen
billing.budgets.delete
billing.budgets.update
Stackdriver Debugger Supported In Custom Roles clouddebugger.breakpoints.create
clouddebugger.breakpoints.delete
clouddebugger.breakpoints.get
clouddebugger.breakpoints.list
clouddebugger.breakpoints.listActive
clouddebugger.breakpoints.update
clouddebugger.debuggees.create
clouddebugger.debuggees.list
Google Cloud Key Management Service API Supported In Custom Roles cloudkms.cryptoKeyVersions.create
cloudkms.cryptoKeyVersions.destroy
cloudkms.cryptoKeyVersions.get
cloudkms.cryptoKeyVersions.list
cloudkms.cryptoKeyVersions.restore
cloudkms.cryptoKeyVersions.update
cloudkms.cryptoKeyVersions.useToDecrypt
cloudkms.cryptoKeyVersions.useToEncrypt
cloudkms.cryptoKeys.create
cloudkms.cryptoKeys.get
cloudkms.cryptoKeys.getIamPolicy
cloudkms.cryptoKeys.list
cloudkms.cryptoKeys.setIamPolicy
cloudkms.cryptoKeys.update
cloudkms.keyRings.create
cloudkms.keyRings.get
cloudkms.keyRings.getIamPolicy
cloudkms.keyRings.list
cloudkms.keyRings.setIamPolicy
Google Cloud SQL Supported In Custom Roles cloudsql.backupRuns.create
cloudsql.backupRuns.delete
cloudsql.backupRuns.get
cloudsql.backupRuns.list
cloudsql.databases.create
cloudsql.databases.delete
cloudsql.databases.get
cloudsql.databases.list
cloudsql.databases.update
cloudsql.instances.clone
cloudsql.instances.connect
cloudsql.instances.create
cloudsql.instances.delete
cloudsql.instances.export
cloudsql.instances.failover
cloudsql.instances.get
cloudsql.instances.import
cloudsql.instances.list
cloudsql.instances.promoteReplica
cloudsql.instances.resetSslConfig
cloudsql.instances.restart
cloudsql.instances.restoreBackup
cloudsql.instances.startReplica
cloudsql.instances.stopReplica
cloudsql.instances.truncateLog
cloudsql.instances.update
cloudsql.sslCerts.create
cloudsql.sslCerts.delete
cloudsql.sslCerts.get
cloudsql.sslCerts.list
cloudsql.users.create
cloudsql.users.delete
cloudsql.users.list
cloudsql.users.update
Google Cloud SQL Not Supported In Custom Roles cloudsql.databases.getIamPolicy
cloudsql.databases.setIamPolicy
cloudsql.instances.demoteMaster
cloudsql.instances.getIamPolicy
cloudsql.instances.migrate
cloudsql.instances.setIamPolicy
cloudsql.sslCerts.createEphemeral
Stackdriver Trace API Supported In Custom Roles cloudtrace.insights.get
cloudtrace.insights.list
cloudtrace.stats.get
cloudtrace.tasks.create
cloudtrace.tasks.delete
cloudtrace.tasks.get
cloudtrace.tasks.list
cloudtrace.traces.get
cloudtrace.traces.list
cloudtrace.traces.patch
Google Compute Engine Added compute.instances.setMachineResources
compute.instances.setMinCpuPlatform
compute.instances.setServiceAccount
compute.instances.updateAccessConfig
compute.instances.updateNetworkInterface
compute.licenseCodes.get
compute.licenseCodes.list
compute.licenseCodes.update
compute.licenseCodes.use
Google Compute Engine Supported In Custom Roles compute.acceleratorTypes.get
compute.acceleratorTypes.list
compute.addresses.delete
compute.addresses.get
compute.addresses.list
compute.addresses.use
compute.autoscalers.create
compute.autoscalers.delete
compute.autoscalers.get
compute.autoscalers.list
compute.autoscalers.update
compute.backendBuckets.create
compute.backendBuckets.delete
compute.backendBuckets.get
compute.backendBuckets.list
compute.backendBuckets.update
compute.commitments.list
compute.diskTypes.get
compute.diskTypes.list
compute.disks.createSnapshot
compute.disks.delete
compute.disks.get
compute.disks.list
compute.disks.resize
compute.disks.update
compute.disks.use
compute.disks.useReadOnly
compute.firewalls.create
compute.firewalls.delete
compute.firewalls.get
compute.firewalls.list
compute.firewalls.update
compute.forwardingRules.delete
compute.forwardingRules.get
compute.forwardingRules.list
compute.forwardingRules.setTarget
compute.globalAddresses.delete
compute.globalAddresses.get
compute.globalAddresses.list
compute.globalAddresses.use
compute.globalForwardingRules.delete
compute.globalForwardingRules.get
compute.globalForwardingRules.list
compute.globalOperations.delete
compute.globalOperations.get
compute.globalOperations.list
compute.httpHealthChecks.create
compute.httpHealthChecks.delete
compute.httpHealthChecks.get
compute.httpHealthChecks.list
compute.httpHealthChecks.update
compute.httpHealthChecks.useReadOnly
compute.httpsHealthChecks.create
compute.httpsHealthChecks.delete
compute.httpsHealthChecks.get
compute.httpsHealthChecks.list
compute.httpsHealthChecks.update
compute.httpsHealthChecks.useReadOnly
compute.images.delete
compute.images.deprecate
compute.images.get
compute.images.getFromFamily
compute.images.list
compute.instanceGroupManagers.create
compute.instanceGroupManagers.delete
compute.instanceGroupManagers.get
compute.instanceGroupManagers.list
compute.instanceGroupManagers.update
compute.instanceGroupManagers.use
compute.instanceGroups.create
compute.instanceGroups.delete
compute.instanceGroups.get
compute.instanceGroups.list
compute.instanceGroups.update
compute.instanceTemplates.create
compute.instanceTemplates.delete
compute.instanceTemplates.get
compute.instanceTemplates.list
compute.instanceTemplates.useReadOnly
compute.instances.addAccessConfig
compute.instances.attachDisk
compute.instances.create
compute.instances.delete
compute.instances.deleteAccessConfig
compute.instances.detachDisk
compute.instances.get
compute.instances.getSerialPortOutput
compute.instances.list
compute.instances.listReferrers
compute.instances.reset
compute.instances.setDiskAutoDelete
compute.instances.setLabels
compute.instances.setMachineType
compute.instances.setMetadata
compute.instances.setScheduling
compute.instances.setTags
compute.instances.start
compute.instances.stop
compute.instances.use
compute.machineTypes.get
compute.machineTypes.list
compute.networks.create
compute.networks.delete
compute.networks.get
compute.networks.list
compute.networks.updatePolicy
compute.organizations.disableXpnHost
compute.organizations.disableXpnResource
compute.organizations.enableXpnHost
compute.organizations.enableXpnResource
compute.projects.get
compute.projects.setCommonInstanceMetadata
compute.projects.setUsageExportBucket
compute.regionOperations.delete
compute.regionOperations.get
compute.regionOperations.list
compute.regions.get
compute.regions.list
compute.routers.create
compute.routers.delete
compute.routers.get
compute.routers.list
compute.routers.update
compute.routers.use
compute.routes.create
compute.routes.delete
compute.routes.get
compute.routes.list
compute.snapshots.delete
compute.snapshots.get
compute.snapshots.list
compute.snapshots.useReadOnly
compute.sslCertificates.create
compute.sslCertificates.delete
compute.sslCertificates.get
compute.sslCertificates.list
compute.subnetworks.use
compute.subnetworks.useExternalIp
compute.targetHttpProxies.create
compute.targetHttpProxies.delete
compute.targetHttpProxies.get
compute.targetHttpProxies.list
compute.targetHttpProxies.setUrlMap
compute.targetHttpProxies.use
compute.targetHttpsProxies.create
compute.targetHttpsProxies.delete
compute.targetHttpsProxies.get
compute.targetHttpsProxies.list
compute.targetHttpsProxies.setSslCertificates
compute.targetHttpsProxies.setUrlMap
compute.targetHttpsProxies.use
compute.targetInstances.create
compute.targetInstances.delete
compute.targetInstances.get
compute.targetInstances.list
compute.targetInstances.use
compute.targetPools.addHealthCheck
compute.targetPools.addInstance
compute.targetPools.create
compute.targetPools.delete
compute.targetPools.get
compute.targetPools.list
compute.targetPools.removeHealthCheck
compute.targetPools.removeInstance
compute.targetPools.update
compute.targetPools.use
compute.targetSslProxies.create
compute.targetSslProxies.delete
compute.targetSslProxies.get
compute.targetSslProxies.list
compute.targetSslProxies.setBackendService
compute.targetSslProxies.setProxyHeader
compute.targetSslProxies.setSslCertificates
compute.targetSslProxies.use
compute.targetTcpProxies.create
compute.targetTcpProxies.delete
compute.targetTcpProxies.get
compute.targetTcpProxies.list
compute.targetTcpProxies.update
compute.targetTcpProxies.use
compute.targetVpnGateways.delete
compute.targetVpnGateways.get
compute.targetVpnGateways.list
compute.targetVpnGateways.use
compute.vpnTunnels.delete
compute.vpnTunnels.get
compute.vpnTunnels.list
compute.zoneOperations.delete
compute.zoneOperations.get
compute.zoneOperations.list
compute.zones.get
compute.zones.list
Google Compute Engine Not Supported In Custom Roles compute.backendServices.create
compute.backendServices.delete
compute.backendServices.get
compute.backendServices.list
compute.backendServices.update
compute.backendServices.use
compute.healthChecks.create
compute.healthChecks.delete
compute.healthChecks.get
compute.healthChecks.list
compute.healthChecks.update
compute.healthChecks.use
compute.healthChecks.useReadOnly
compute.interconnectAttachments.create
compute.interconnectAttachments.delete
compute.interconnectAttachments.get
compute.interconnectAttachments.list
compute.interconnectAttachments.setLabels
compute.interconnectAttachments.update
compute.interconnectAttachments.use
compute.interconnectLocations.get
compute.interconnectLocations.list
compute.interconnects.create
compute.interconnects.delete
compute.interconnects.get
compute.interconnects.list
compute.interconnects.setLabels
compute.interconnects.update
compute.interconnects.use
compute.urlMaps.create
compute.urlMaps.delete
compute.urlMaps.get
compute.urlMaps.invalidateCache
compute.urlMaps.list
compute.urlMaps.update
compute.urlMaps.use
compute.urlMaps.validate
Google Kubernetes Engine Added container.services.updateStatus
Google Kubernetes Engine Supported In Custom Roles container.clusters.create
container.clusters.delete
container.clusters.get
container.clusters.getCredentials
container.clusters.list
container.clusters.update
container.operations.get
container.operations.list
Google Cloud Dataproc Supported In Custom Roles dataproc.clusters.create
dataproc.clusters.delete
dataproc.clusters.get
dataproc.clusters.getIamPolicy
dataproc.clusters.list
dataproc.clusters.setIamPolicy
dataproc.clusters.update
dataproc.clusters.use
dataproc.jobs.cancel
dataproc.jobs.create
dataproc.jobs.delete
dataproc.jobs.get
dataproc.jobs.list
dataproc.jobs.update
dataproc.operations.cancel
dataproc.operations.delete
dataproc.operations.get
dataproc.operations.list
dataproc.workflowTemplates.create
dataproc.workflowTemplates.delete
dataproc.workflowTemplates.get
dataproc.workflowTemplates.instantiate
dataproc.workflowTemplates.list
dataproc.workflowTemplates.update
Cloud Datastore Not Supported In Custom Roles datastore.databases.create
datastore.databases.delete
datastore.databases.export
datastore.databases.get
datastore.databases.getIamPolicy
datastore.databases.import
datastore.databases.list
datastore.databases.setIamPolicy
datastore.databases.update
datastore.entities.allocateIds
datastore.entities.create
datastore.entities.delete
datastore.entities.get
datastore.entities.list
datastore.entities.update
datastore.indexes.create
datastore.indexes.delete
datastore.indexes.get
datastore.indexes.list
datastore.indexes.update
datastore.namespaces.get
datastore.namespaces.getIamPolicy
datastore.namespaces.list
datastore.namespaces.setIamPolicy
datastore.operations.cancel
datastore.operations.delete
datastore.operations.get
datastore.operations.list
datastore.statistics.get
datastore.statistics.list
Cloud Deployment Manager Supported In Custom Roles deploymentmanager.compositeTypes.create
deploymentmanager.compositeTypes.delete
deploymentmanager.compositeTypes.get
deploymentmanager.compositeTypes.list
deploymentmanager.compositeTypes.update
deploymentmanager.deployments.cancelPreview
deploymentmanager.deployments.create
deploymentmanager.deployments.delete
deploymentmanager.deployments.get
deploymentmanager.deployments.getIamPolicy
deploymentmanager.deployments.list
deploymentmanager.deployments.setIamPolicy
deploymentmanager.deployments.stop
deploymentmanager.deployments.update
deploymentmanager.manifests.get
deploymentmanager.manifests.list
deploymentmanager.operations.get
deploymentmanager.operations.list
deploymentmanager.resources.get
deploymentmanager.resources.list
deploymentmanager.typeProviders.create
deploymentmanager.typeProviders.delete
deploymentmanager.typeProviders.get
deploymentmanager.typeProviders.list
deploymentmanager.typeProviders.update
deploymentmanager.types.list
Dialogflow Supported In Custom Roles dialogflow.agents.export
dialogflow.agents.get
dialogflow.agents.import
dialogflow.agents.restore
dialogflow.contexts.create
dialogflow.contexts.delete
dialogflow.contexts.get
dialogflow.contexts.list
dialogflow.contexts.update
dialogflow.entityTypes.create
dialogflow.entityTypes.createEntity
dialogflow.entityTypes.delete
dialogflow.entityTypes.deleteEntity
dialogflow.entityTypes.get
dialogflow.entityTypes.list
dialogflow.entityTypes.update
dialogflow.entityTypes.updateEntity
dialogflow.intents.create
dialogflow.intents.delete
dialogflow.intents.get
dialogflow.intents.list
dialogflow.intents.update
dialogflow.operations.get
dialogflow.sessionEntityTypes.create
dialogflow.sessionEntityTypes.delete
dialogflow.sessionEntityTypes.get
dialogflow.sessionEntityTypes.list
dialogflow.sessionEntityTypes.update
dialogflow.sessions.detectIntent
dialogflow.sessions.streamingDetectIntent
Stackdriver Error Reporting Supported In Custom Roles errorreporting.applications.list
errorreporting.errorEvents.create
errorreporting.errorEvents.delete
errorreporting.errorEvents.list
errorreporting.groupMetadata.get
errorreporting.groupMetadata.update
errorreporting.groups.list
Cloud Identity and Access Management Not Supported In Custom Roles iam.serviceAccounts.actAs
iam.serviceAccounts.getAccessToken
iam.serviceAccounts.signBlob
iam.serviceAccounts.signJwt
Stackdriver Logging Supported In Custom Roles logging.exclusions.create
logging.exclusions.delete
logging.exclusions.get
logging.exclusions.list
logging.exclusions.update
logging.logEntries.create
logging.logEntries.list
logging.logMetrics.create
logging.logMetrics.delete
logging.logMetrics.get
logging.logMetrics.list
logging.logMetrics.update
logging.logServiceIndexes.list
logging.logServices.list
logging.logs.delete
logging.logs.list
logging.privateLogEntries.list
logging.sinks.create
logging.sinks.delete
logging.sinks.get
logging.sinks.list
logging.sinks.update
logging.usage.get
Google Cloud Machine Learning Engine Supported In Custom Roles ml.jobs.cancel
ml.jobs.create
ml.jobs.get
ml.jobs.getIamPolicy
ml.jobs.list
ml.jobs.setIamPolicy
ml.jobs.update
ml.locations.get
ml.locations.list
ml.models.create
ml.models.delete
ml.models.get
ml.models.getIamPolicy
ml.models.list
ml.models.predict
ml.models.setIamPolicy
ml.models.update
ml.operations.cancel
ml.operations.get
ml.operations.list
ml.projects.getConfig
ml.versions.create
ml.versions.delete
ml.versions.get
ml.versions.list
ml.versions.predict
ml.versions.update
Stackdriver Monitoring API Supported In Custom Roles monitoring.groups.create
monitoring.groups.delete
monitoring.groups.get
monitoring.groups.list
monitoring.groups.update
monitoring.metricDescriptors.create
monitoring.metricDescriptors.delete
monitoring.metricDescriptors.get
monitoring.metricDescriptors.list
monitoring.monitoredResourceDescriptors.get
monitoring.monitoredResourceDescriptors.list
monitoring.timeSeries.create
monitoring.timeSeries.list
Google Cloud Pub/Sub API Supported In Custom Roles pubsub.topics.setIamPolicy
Google Service Management Supported In Custom Roles servicemanagement.services.check
servicemanagement.services.report
Google Service Management Not Supported In Custom Roles servicemanagement.consumerSettings.get
servicemanagement.consumerSettings.getIamPolicy
servicemanagement.consumerSettings.list
servicemanagement.consumerSettings.setIamPolicy
servicemanagement.consumerSettings.update
Cloud Source Repositories Supported In Custom Roles source.repos.delete
source.repos.get
source.repos.getIamPolicy
source.repos.list
source.repos.setIamPolicy
Cloud Source Repositories Not Supported In Custom Roles source.repos.update
Cloud Spanner Supported In Custom Roles spanner.databaseOperations.cancel
spanner.databaseOperations.get
spanner.databaseOperations.list
spanner.databases.beginOrRollbackReadWriteTransaction
spanner.databases.beginReadOnlyTransaction
spanner.databases.create
spanner.databases.drop
spanner.databases.get
spanner.databases.getDdl
spanner.databases.getIamPolicy
spanner.databases.list
spanner.databases.read
spanner.databases.select
spanner.databases.setIamPolicy
spanner.databases.updateDdl
spanner.databases.write
spanner.instanceConfigs.get
spanner.instanceConfigs.list
spanner.instanceOperations.cancel
spanner.instanceOperations.delete
spanner.instanceOperations.get
spanner.instanceOperations.list
spanner.instances.create
spanner.instances.delete
spanner.instances.get
spanner.instances.getIamPolicy
spanner.instances.list
spanner.instances.setIamPolicy
spanner.instances.update
spanner.sessions.create
spanner.sessions.delete
spanner.sessions.get
spanner.sessions.list
Cloud Spanner Not Supported In Custom Roles spanner.databaseOperations.delete
spanner.databases.update
Google Cloud Storage Supported In Custom Roles storage.buckets.create
storage.buckets.delete
storage.buckets.get
storage.buckets.getIamPolicy
storage.buckets.list
storage.buckets.setIamPolicy
storage.buckets.update
storage.objects.create
storage.objects.delete
storage.objects.get
storage.objects.getIamPolicy
storage.objects.list
storage.objects.setIamPolicy
storage.objects.update

Cloud IAM changes as of 2017-12-08

Service Change Description
Google BigQuery Supported In Custom Roles bigquery.datasets.create
bigquery.datasets.delete
bigquery.datasets.get
bigquery.datasets.update
bigquery.jobs.create
bigquery.jobs.get
bigquery.jobs.list
bigquery.jobs.update
bigquery.savedqueries.create
bigquery.savedqueries.delete
bigquery.savedqueries.get
bigquery.savedqueries.list
bigquery.savedqueries.update
bigquery.tables.create
bigquery.tables.delete
bigquery.tables.export
bigquery.tables.get
bigquery.tables.getData
bigquery.tables.list
Google BigQuery Not Supported In Custom Roles bigquery.config.get
bigquery.config.update
bigquery.service.actAsSuperuser
bigquery.tables.update
bigquery.tables.updateData
bigquery.transfers.get
bigquery.transfers.update
Google Bigtable API Supported In Custom Roles bigtable.clusters.get
bigtable.clusters.list
bigtable.clusters.update
bigtable.instances.create
bigtable.instances.delete
bigtable.instances.get
bigtable.instances.list
bigtable.instances.update
bigtable.tables.create
bigtable.tables.delete
bigtable.tables.get
bigtable.tables.list
bigtable.tables.mutateRows
bigtable.tables.readRows
bigtable.tables.sampleRowKeys
bigtable.tables.update
Google Compute Engine Added compute.disks.getIamPolicy
compute.disks.setIamPolicy
compute.globalOperations.getIamPolicy
compute.globalOperations.setIamPolicy
compute.images.getIamPolicy
compute.images.setIamPolicy
compute.instances.getIamPolicy
compute.instances.setIamPolicy
compute.licenses.getIamPolicy
compute.licenses.setIamPolicy
compute.organizations.administerXpn
compute.organizations.disableXpnHost
compute.organizations.disableXpnResource
compute.organizations.enableXpnHost
compute.organizations.enableXpnResource
compute.regionOperations.getIamPolicy
compute.regionOperations.setIamPolicy
compute.snapshots.getIamPolicy
compute.snapshots.setIamPolicy
compute.vpnGateways.create
compute.vpnGateways.delete
compute.vpnGateways.get
compute.vpnGateways.list
compute.vpnGateways.setLabels
compute.vpnGateways.use
compute.zoneOperations.getIamPolicy
compute.zoneOperations.setIamPolicy
Google Dataflow API Supported In Custom Roles dataflow.jobs.cancel
dataflow.jobs.create
dataflow.jobs.get
dataflow.jobs.list
dataflow.jobs.updateContents
dataflow.messages.list
dataflow.metrics.get
Google Cloud Dataproc Added dataproc.workflowTemplates.instantiateInline
Data Loss Prevention API Added dlp.analyzeRiskTemplates.create
dlp.analyzeRiskTemplates.delete
dlp.analyzeRiskTemplates.get
dlp.analyzeRiskTemplates.list
dlp.analyzeRiskTemplates.update
dlp.deidentifyTemplates.create
dlp.deidentifyTemplates.delete
dlp.deidentifyTemplates.get
dlp.deidentifyTemplates.list
dlp.deidentifyTemplates.update
dlp.inspectTemplates.create
dlp.inspectTemplates.delete
dlp.inspectTemplates.get
dlp.inspectTemplates.list
dlp.inspectTemplates.update
dlp.jobs.cancel
dlp.jobs.create
dlp.jobs.delete
dlp.jobs.get
dlp.jobs.list
Google Cloud Pub/Sub API Added pubsub.snapshots.create
pubsub.snapshots.delete
pubsub.snapshots.get
pubsub.snapshots.getIamPolicy
pubsub.snapshots.list
pubsub.snapshots.seek
pubsub.snapshots.setIamPolicy
pubsub.snapshots.update
Google Cloud Pub/Sub API Supported In Custom Roles pubsub.subscriptions.consume
pubsub.subscriptions.create
pubsub.subscriptions.delete
pubsub.subscriptions.get
pubsub.subscriptions.getIamPolicy
pubsub.subscriptions.list
pubsub.subscriptions.setIamPolicy
pubsub.subscriptions.update
pubsub.topics.attachSubscription
pubsub.topics.create
pubsub.topics.delete
pubsub.topics.get
pubsub.topics.getIamPolicy
pubsub.topics.list
pubsub.topics.publish

Cloud IAM changes as of 2017-12-01

Service Change Description
Google Cloud Build API Supported In Custom Roles cloudbuild.builds.create
cloudbuild.builds.get
cloudbuild.builds.list
cloudbuild.builds.update
Cloud Tool Results API Now GA cloudtoolresults.executions.create
cloudtoolresults.executions.get
cloudtoolresults.executions.list
cloudtoolresults.executions.update
cloudtoolresults.histories.create
cloudtoolresults.histories.get
cloudtoolresults.histories.list
cloudtoolresults.settings.create
cloudtoolresults.settings.get
cloudtoolresults.settings.update
cloudtoolresults.steps.create
cloudtoolresults.steps.get
cloudtoolresults.steps.list
cloudtoolresults.steps.update
Google Compute Engine Now GA compute.instances.addMaintenancePolicies
compute.instances.removeMaintenancePolicies
compute.maintenancePolicies.create
compute.maintenancePolicies.delete
compute.maintenancePolicies.get
compute.maintenancePolicies.getIamPolicy
compute.maintenancePolicies.list
compute.maintenancePolicies.setIamPolicy
compute.maintenancePolicies.use
compute.targetTcpProxies.create
compute.targetTcpProxies.delete
compute.targetTcpProxies.get
compute.targetTcpProxies.getIamPolicy
compute.targetTcpProxies.list
compute.targetTcpProxies.setIamPolicy
compute.targetTcpProxies.update
compute.targetTcpProxies.use
Google Kubernetes Engine Added container.initializerConfigurations.create
container.initializerConfigurations.delete
container.initializerConfigurations.get
container.initializerConfigurations.list
container.initializerConfigurations.update
container.pods.initialize
Google Kubernetes Engine Now GA container.deployments.getScale
container.deployments.updateScale
Cloud Dataprep Supported In Custom Roles dataprep.projects.use
Cloud Identity and Access Management Supported In Custom Roles iam.roles.create
iam.roles.delete
iam.roles.get
iam.roles.list
iam.roles.undelete
iam.roles.update

Cloud IAM changes as of 2017-11-10

Service Change Description
Google Kubernetes Engine Added container.clusters.getIamPolicy
container.clusters.setIamPolicy
Google Cloud Machine Learning Engine Added ml.locations.get
ml.locations.list
Stackdriver Monitoring API Added monitoring.metricDescriptors.update

Cloud IAM changes as of 2017-10-27

Service Change Description
Google Compute Engine Added compute.instances.updateShieldedVmConfig
Cloud Identity-Aware Proxy Added iap.web.getIamPolicy
iap.web.setIamPolicy
iap.webServiceVersions.accessViaIAP
iap.webServiceVersions.getIamPolicy
iap.webServiceVersions.setIamPolicy
iap.webServiceVersions.updateIAP
iap.webServices.getIamPolicy
iap.webServices.setIamPolicy
iap.webServices.updateIAP
iap.webTypes.getIamPolicy
iap.webTypes.setIamPolicy
iap.webTypes.updateIAP
Google Service Management Supported In Custom Roles servicemanagement.services.create
servicemanagement.services.delete
servicemanagement.services.get
servicemanagement.services.getIamPolicy
servicemanagement.services.list
servicemanagement.services.setIamPolicy
servicemanagement.services.update

Cloud IAM changes as of 2017-10-06

Service Change Description
Google Cloud Dataproc Now GA dataproc.workflowTemplates.create
dataproc.workflowTemplates.delete
dataproc.workflowTemplates.get
dataproc.workflowTemplates.getIamPolicy
dataproc.workflowTemplates.instantiate
dataproc.workflowTemplates.list
dataproc.workflowTemplates.setIamPolicy
dataproc.workflowTemplates.update

Cloud IAM changes as of 2017-09-22

Service Change Description
Google App Engine Added appengine.memcache.addKey
appengine.memcache.flush
appengine.memcache.get
appengine.memcache.getKey
appengine.memcache.list
appengine.memcache.update
Google Cloud SQL Added cloudsql.instances.demoteMaster
Google Cloud SQL Now GA cloudsql.instances.demoteMaster

Cloud IAM changes as of 2017-09-08

Service Change Description
Google Cloud Functions Added cloudfunctions.functions.call
cloudfunctions.functions.create
cloudfunctions.functions.delete
cloudfunctions.functions.get
cloudfunctions.functions.list
cloudfunctions.functions.sourceCodeGet
cloudfunctions.functions.sourceCodeSet
cloudfunctions.functions.update
cloudfunctions.locations.list
cloudfunctions.operations.get
cloudfunctions.operations.list
Google Compute Engine Added compute.instances.setDeletionProtection
compute.targetHttpsProxies.setUrlMap
Google Kubernetes Engine Added container.statefulSets.getScale
container.statefulSets.updateScale
Google Kubernetes Engine Now GA container.statefulSets.getScale
container.statefulSets.updateScale
Google Cloud Functions Added dlp.kms.encrypt
dlp.riskAnalysisOperations.cancel
dlp.riskAnalysisOperations.create
dlp.riskAnalysisOperations.get
dlp.riskAnalysisOperations.list
Was this page helpful? Let us know how we did:

Send feedback about...

Cloud Identity and Access Management Documentation