IAM permissions change log

Subscribe to the Cloud IAM permissions change log Subscribe

This page describes recent changes to public IAM permissions for all Generally Available and Beta GCP services.

These change notes can help you to maintain and troubleshoot your custom roles. While permissions that are retired or no longer supported for use in custom roles are removed automatically from your custom roles, new Google Cloud Platform permissions are not added to custom roles automatically. Refer the access control information for each service for further information.

IAM Permissions Change Log

Cloud IAM changes as of 2019-06-28

Service Change Description
Primitive Role Role Updated

The following permissions have been added to the role roles/viewer (Viewer):

pubsub.snapshots.seek
Firebase Crashlytics Added firebasecrashlytics.config.get
firebasecrashlytics.config.update
firebasecrashlytics.data.get
firebasecrashlytics.issues.get
firebasecrashlytics.issues.list
firebasecrashlytics.issues.update
firebasecrashlytics.sessions.get
Firebase Crashlytics Supported In Custom Roles firebasecrashlytics.config.get
firebasecrashlytics.config.update
firebasecrashlytics.data.get
firebasecrashlytics.issues.get
firebasecrashlytics.issues.list
firebasecrashlytics.issues.update
firebasecrashlytics.sessions.get
Cloud Memorystore for Redis API Added redis.instances.export
redis.instances.import
Cloud Memorystore for Redis API Supported In Custom Roles redis.instances.export
redis.instances.import

Cloud IAM changes as of 2019-06-21

Service Change Description
VM Migration API Role Updated

The following permissions have been added to the role roles/cloudmigration.inframanager (Velostrata Manager):

compute.instances.updateShieldedInstanceConfig
Cloud Translation Role Updated

The following permissions have been added to the role roles/cloudtranslate.viewer (Cloud Translation API Viewer):

cloudtranslate.operations.wait
Google Compute Engine Role Updated

The following permissions have been added to the role roles/compute.networkUser (Compute Network User):

compute.vpnGateways.use
Firebase Services API Role Updated

The following permissions have been added to the role roles/firebase.admin (Firebase Admin):

cloudmessaging.messages.create
Firebase Services API Role Updated

The following permissions have been added to the role roles/firebase.growthAdmin (Firebase Grow Admin):

cloudmessaging.messages.create
Cloud Resource Manager Role Updated

The following permissions have been added to the role roles/resourcemanager.projectMover (Project Mover):

resourcemanager.projects.move
Cloud Security Command Center Role Updated

The following permissions have been added to the role roles/securitycenter.adminEditor (Security Center Admin Editor):

securitycenter.assets.group
securitycenter.assets.list
securitycenter.assets.listAssetPropertyNames
Google BigQuery Added bigquery.connections.create
bigquery.connections.delete
bigquery.connections.get
bigquery.connections.getIamPolicy
bigquery.connections.list
bigquery.connections.setIamPolicy
bigquery.connections.update
bigquery.connections.use
bigquery.routines.create
bigquery.routines.delete
bigquery.routines.get
bigquery.routines.list
bigquery.routines.update
Google BigQuery Supported In Custom Roles bigquery.routines.create
bigquery.routines.delete
bigquery.routines.get
bigquery.routines.list
bigquery.routines.update
Cloud Translation Supported In Custom Roles cloudtranslate.generalModels.batchPredict
cloudtranslate.generalModels.get
cloudtranslate.generalModels.predict
cloudtranslate.glossaries.batchPredict
cloudtranslate.glossaries.create
cloudtranslate.glossaries.delete
cloudtranslate.glossaries.get
cloudtranslate.glossaries.list
cloudtranslate.glossaries.predict
cloudtranslate.languageDetectionModels.predict
cloudtranslate.operations.cancel
cloudtranslate.operations.delete
cloudtranslate.operations.get
cloudtranslate.operations.list
cloudtranslate.operations.wait
Cloud Composer Added composer.imageversions.list
Cloud Composer Supported In Custom Roles composer.imageversions.list
Cloud Composer Now GA composer.imageversions.list
Google Compute Engine Added compute.vpnGateways.create
compute.vpnGateways.delete
compute.vpnGateways.get
compute.vpnGateways.list
compute.vpnGateways.setLabels
compute.vpnGateways.use
Google Compute Engine Supported In Custom Roles compute.vpnGateways.create
compute.vpnGateways.delete
compute.vpnGateways.get
compute.vpnGateways.list
compute.vpnGateways.setLabels
compute.vpnGateways.use
Google Compute Engine Now GA compute.vpnGateways.create
compute.vpnGateways.delete
compute.vpnGateways.get
compute.vpnGateways.list
compute.vpnGateways.setLabels
compute.vpnGateways.use

Cloud IAM changes as of 2019-06-14

Service Change Description
Cloud Identity and Access Management Now GA

The role roles/iam.workloadIdentityUser (Workload Identity User) is now GA.

Google Cloud Functions Added cloudfunctions.functions.getIamPolicy
cloudfunctions.functions.invoke
cloudfunctions.functions.setIamPolicy
Google Cloud Functions Supported In Custom Roles cloudfunctions.functions.getIamPolicy
cloudfunctions.functions.invoke
cloudfunctions.functions.setIamPolicy
Google Compute Engine Now GA compute.disks.addResourcePolicies
compute.disks.removeResourcePolicies
compute.resourcePolicies.create
compute.resourcePolicies.delete
compute.resourcePolicies.get
compute.resourcePolicies.list
compute.resourcePolicies.use

Cloud IAM changes as of 2019-05-31

Service Change Description
Google Cloud Data Catalog API Role Updated

The following permissions have been added to the role roles/datacatalog.admin (Data Catalog Admin):

bigquery.datasets.updateTag
bigquery.models.updateTag
bigquery.tables.updateTag
pubsub.topics.updateTag
VM Migration API Added cloudmigration.velostrataendpoints.connect
Cloud Identity and Access Management Available In Custom Roles iam.serviceAccounts.actAs
iam.serviceAccounts.getAccessToken
iam.serviceAccounts.implicitDelegation
iam.serviceAccounts.signBlob
iam.serviceAccounts.signJwt

Cloud IAM changes as of 2019-05-24

Service Change Description
Primitive Role Role Updated

The following permissions have been added to the role roles/viewer (Viewer):

managedidentities.domains.validateTrust
Recommendations AI Supported In Custom Roles automlrecommendations.apiKeys.create
automlrecommendations.apiKeys.delete
automlrecommendations.apiKeys.list
automlrecommendations.catalogItems.create
automlrecommendations.catalogItems.delete
automlrecommendations.catalogItems.get
automlrecommendations.catalogItems.list
automlrecommendations.catalogItems.update
automlrecommendations.events.list
automlrecommendations.events.purge
Google BigQuery Added bigquery.datasets.updateTag
bigquery.models.updateTag
bigquery.tables.updateTag
Google BigQuery Supported In Custom Roles bigquery.datasets.updateTag
bigquery.models.updateTag
bigquery.tables.updateTag
Google Cloud Data Catalog API Added datacatalog.tagTemplates.create
datacatalog.tagTemplates.delete
datacatalog.tagTemplates.get
datacatalog.tagTemplates.getIamPolicy
datacatalog.tagTemplates.getTag
datacatalog.tagTemplates.setIamPolicy
datacatalog.tagTemplates.update
datacatalog.tagTemplates.use
Google Cloud Data Catalog API Supported In Custom Roles datacatalog.tagTemplates.create
datacatalog.tagTemplates.delete
datacatalog.tagTemplates.get
datacatalog.tagTemplates.getIamPolicy
datacatalog.tagTemplates.getTag
datacatalog.tagTemplates.setIamPolicy
datacatalog.tagTemplates.update
datacatalog.tagTemplates.use
Cloud Filestore API Added file.snapshots.update
Cloud Filestore API Supported In Custom Roles file.snapshots.update
Google Cloud Pub/Sub API Added pubsub.topics.updateTag
Google Cloud Pub/Sub API Supported In Custom Roles pubsub.topics.updateTag

IAM changes as of 2019-05-17

Service Change Description
Dialogflow Added dialogflow.agents.create
dialogflow.agents.delete
Dialogflow Supported In Custom Roles dialogflow.agents.create
dialogflow.agents.delete
Dialogflow Now GA dialogflow.agents.create
dialogflow.agents.delete

Cloud IAM changes as of 2019-05-10

Service Change Description
Cloud Identity and Access Management Now GA

The role roles/iam.securityAdmin (Security Admin) is now GA.

Google Cloud IoT API Added cloudiot.devices.bindGateway
cloudiot.devices.sendCommand
cloudiot.devices.unbindGateway
Google Cloud IoT API Supported In Custom Roles cloudiot.devices.bindGateway
cloudiot.devices.sendCommand
cloudiot.devices.unbindGateway
Google Cloud IoT API Now GA cloudiot.devices.bindGateway
cloudiot.devices.sendCommand
cloudiot.devices.unbindGateway
Google Compute Engine Supported In Custom Roles compute.healthChecks.create
compute.healthChecks.delete
compute.healthChecks.get
compute.healthChecks.list
compute.healthChecks.update
compute.healthChecks.use
compute.healthChecks.useReadOnly
compute.instanceGroups.use
Cloud Healthcare API Added healthcare.fhirResources.purge
Managed Service for Microsoft Active Directory API Added managedidentities.domains.attachTrust
managedidentities.domains.create
managedidentities.domains.delete
managedidentities.domains.detachTrust
managedidentities.domains.get
managedidentities.domains.getIamPolicy
managedidentities.domains.list
managedidentities.domains.reconfigureTrust
managedidentities.domains.resetpassword
managedidentities.domains.setIamPolicy
managedidentities.domains.update
managedidentities.domains.validateTrust
managedidentities.locations.get
managedidentities.locations.list
managedidentities.operations.cancel
managedidentities.operations.delete
managedidentities.operations.get
managedidentities.operations.list
Managed Service for Microsoft Active Directory API Supported In Custom Roles managedidentities.domains.attachTrust
managedidentities.domains.create
managedidentities.domains.delete
managedidentities.domains.detachTrust
managedidentities.domains.get
managedidentities.domains.getIamPolicy
managedidentities.domains.list
managedidentities.domains.reconfigureTrust
managedidentities.domains.resetpassword
managedidentities.domains.setIamPolicy
managedidentities.domains.update
managedidentities.domains.validateTrust
managedidentities.locations.get
managedidentities.locations.list
managedidentities.operations.cancel
managedidentities.operations.delete
managedidentities.operations.get
managedidentities.operations.list

Cloud IAM changes as of 2019-05-03

Service Change Description
Cloud Security Command Center Now GA

The role roles/securitycenter.admin (Security Center Admin) is now GA.

Cloud Security Command Center Now GA

The role roles/securitycenter.adminEditor (Security Center Admin Editor) is now GA.

Cloud Security Command Center Now GA

The role roles/securitycenter.adminViewer (Security Center Admin Viewer) is now GA.

Cloud Security Command Center Now GA

The role roles/securitycenter.assetsDiscoveryRunner (Security Center Assets Discovery Runner) is now GA.

Cloud Security Command Center Now GA

The role roles/securitycenter.assetSecurityMarksWriter (Security Center Asset Security Marks Writer) is now GA.

Cloud Security Command Center Now GA

The role roles/securitycenter.assetsViewer (Security Center Assets Viewer) is now GA.

Cloud Security Command Center Now GA

The role roles/securitycenter.findingSecurityMarksWriter (Security Center Finding Security Marks Writer) is now GA.

Cloud Security Command Center Now GA

The role roles/securitycenter.findingsEditor (Security Center Findings Editor) is now GA.

Cloud Security Command Center Now GA

The role roles/securitycenter.findingsStateSetter (Security Center Findings State Setter) is now GA.

Cloud Security Command Center Now GA

The role roles/securitycenter.findingsViewer (Security Center Findings Viewer) is now GA.

Cloud Security Command Center Now GA

The role roles/securitycenter.sourcesAdmin (Security Center Sources Admin) is now GA.

Cloud Security Command Center Now GA

The role roles/securitycenter.sourcesEditor (Security Center Sources Editor) is now GA.

Cloud Security Command Center Now GA

The role roles/securitycenter.sourcesViewer (Security Center Sources Viewer) is now GA.

Recommendations AI Added automlrecommendations.apiKeys.create
automlrecommendations.apiKeys.delete
automlrecommendations.apiKeys.get
automlrecommendations.apiKeys.list
automlrecommendations.catalogItems.create
automlrecommendations.catalogItems.delete
automlrecommendations.catalogItems.get
automlrecommendations.catalogItems.list
automlrecommendations.catalogItems.update
automlrecommendations.catalogs.get
automlrecommendations.catalogs.getStats
automlrecommendations.catalogs.list
automlrecommendations.eventStores.get
automlrecommendations.eventStores.getStats
automlrecommendations.eventStores.list
automlrecommendations.events.create
automlrecommendations.events.delete
automlrecommendations.events.get
automlrecommendations.events.list
automlrecommendations.events.purge
automlrecommendations.events.update
automlrecommendations.placements.get
automlrecommendations.placements.getStats
automlrecommendations.placements.list
automlrecommendations.recommendations.get
automlrecommendations.recommendations.list
Google BigQuery Added bigquery.models.create
bigquery.models.delete
bigquery.models.getData
bigquery.models.getMetadata
bigquery.models.list
bigquery.models.updateData
bigquery.models.updateMetadata
Firebase Cloud Messaging API Added cloudmessaging.messages.create
Firebase Cloud Messaging API Supported In Custom Roles cloudmessaging.messages.create
Firebase Cloud Messaging API Now GA cloudmessaging.messages.create
Cloud Security Command Center Now GA securitycenter.assets.group
securitycenter.assets.list
securitycenter.assets.listAssetPropertyNames
securitycenter.assets.runDiscovery
securitycenter.assetsecuritymarks.update
securitycenter.findings.group
securitycenter.findings.list
securitycenter.findings.listFindingPropertyNames
securitycenter.findings.setState
securitycenter.findings.update
securitycenter.findingsecuritymarks.update
securitycenter.organizationsettings.get
securitycenter.organizationsettings.update
securitycenter.sources.get
securitycenter.sources.getIamPolicy
securitycenter.sources.list
securitycenter.sources.setIamPolicy
securitycenter.sources.update

Cloud IAM changes as of 2019-04-19

Service Change Description
Primitive Role Role Updated

The following permissions have been removed from the role roles/editor (Editor):

firebasedynamiclinks.domains.delete
Cloud Security Command Center Role Updated

The following permissions have been added to the role roles/securitycenter.admin (Security Center Admin):

securitycenter.findings.setState
Cloud Security Command Center Role Updated

The following permissions have been added to the role roles/securitycenter.adminEditor (Security Center Admin Editor):

securitycenter.findings.setState
Cloud Security Command Center Role Updated

The following permissions have been added to the role roles/securitycenter.findingsEditor (Security Center Findings Editor):

securitycenter.findings.setState
Access Approval API Added accessapproval.requests.approve
accessapproval.requests.dismiss
accessapproval.requests.get
accessapproval.requests.list
accessapproval.settings.get
accessapproval.settings.update
Access Approval API Supported In Custom Roles accessapproval.requests.approve
accessapproval.requests.dismiss
accessapproval.requests.get
accessapproval.requests.list
accessapproval.settings.get
accessapproval.settings.update
Google Bigtable API Added bigtable.locations.list
Google Bigtable API Supported In Custom Roles bigtable.locations.list
Google Bigtable API Now GA bigtable.locations.list
Cloud Scheduler Added cloudscheduler.locations.get
cloudscheduler.locations.list
Google Compute Engine Added compute.networkEndpointGroups.attachNetworkEndpoints
compute.networkEndpointGroups.create
compute.networkEndpointGroups.delete
compute.networkEndpointGroups.detachNetworkEndpoints
compute.networkEndpointGroups.get
compute.networkEndpointGroups.getIamPolicy
compute.networkEndpointGroups.list
compute.networkEndpointGroups.setIamPolicy
compute.networkEndpointGroups.use
compute.reservations.create
compute.reservations.delete
compute.reservations.get
compute.reservations.list
compute.reservations.resize
Google Compute Engine Supported In Custom Roles compute.networkEndpointGroups.attachNetworkEndpoints
compute.networkEndpointGroups.create
compute.networkEndpointGroups.delete
compute.networkEndpointGroups.detachNetworkEndpoints
compute.networkEndpointGroups.get
compute.networkEndpointGroups.getIamPolicy
compute.networkEndpointGroups.list
compute.networkEndpointGroups.setIamPolicy
compute.networkEndpointGroups.use
compute.reservations.create
compute.reservations.delete
compute.reservations.get
compute.reservations.list
compute.reservations.resize
Google Compute Engine Now GA compute.networkEndpointGroups.attachNetworkEndpoints
compute.networkEndpointGroups.create
compute.networkEndpointGroups.delete
compute.networkEndpointGroups.detachNetworkEndpoints
compute.networkEndpointGroups.get
compute.networkEndpointGroups.getIamPolicy
compute.networkEndpointGroups.list
compute.networkEndpointGroups.setIamPolicy
compute.networkEndpointGroups.use
Remote Build Execution API Added remotebuildexecution.actions.create
remotebuildexecution.actions.get
remotebuildexecution.actions.set
remotebuildexecution.actions.update
remotebuildexecution.blobs.create
remotebuildexecution.blobs.get
remotebuildexecution.botsessions.create
remotebuildexecution.botsessions.update
remotebuildexecution.instances.create
remotebuildexecution.instances.delete
remotebuildexecution.instances.get
remotebuildexecution.instances.list
remotebuildexecution.logstreams.create
remotebuildexecution.logstreams.get
remotebuildexecution.logstreams.update
remotebuildexecution.workerpools.create
remotebuildexecution.workerpools.delete
remotebuildexecution.workerpools.get
remotebuildexecution.workerpools.list
remotebuildexecution.workerpools.update
Remote Build Execution API Supported In Custom Roles remotebuildexecution.actions.create
remotebuildexecution.actions.get
remotebuildexecution.actions.set
remotebuildexecution.actions.update
remotebuildexecution.blobs.create
remotebuildexecution.blobs.get
remotebuildexecution.botsessions.create
remotebuildexecution.botsessions.update
remotebuildexecution.instances.create
remotebuildexecution.instances.delete
remotebuildexecution.instances.get
remotebuildexecution.instances.list
remotebuildexecution.logstreams.create
remotebuildexecution.logstreams.get
remotebuildexecution.logstreams.update
remotebuildexecution.workerpools.create
remotebuildexecution.workerpools.delete
remotebuildexecution.workerpools.get
remotebuildexecution.workerpools.list
remotebuildexecution.workerpools.update
Serverless VPC Access API Added vpcaccess.connectors.create
vpcaccess.connectors.delete
vpcaccess.connectors.get
vpcaccess.connectors.list
vpcaccess.connectors.use
vpcaccess.locations.list
vpcaccess.operations.get
vpcaccess.operations.list

Cloud IAM changes as of 2019-03-29

Service Change Description
Google Compute Engine Role Updated

The following permissions have been added to the role roles/compute.networkUser (Compute Network User):

servicenetworking.services.get
Stackdriver Monitoring API Role Updated

The following permissions have been added to the role roles/monitoring.admin (Monitoring Admin):

serviceusage.services.enable
Stackdriver Monitoring API Role Updated

The following permissions have been added to the role roles/monitoring.editor (Monitoring Editor):

serviceusage.services.enable
Google Stackdriver Role Updated

The following permissions have been added to the role roles/stackdriver.accounts.editor (Stackdriver Accounts Editor):

serviceusage.services.enable
Google Cloud SQL Added cloudsql.instances.addServerCa
cloudsql.instances.listServerCas
cloudsql.instances.rotateServerCa
Google Cloud SQL Supported In Custom Roles cloudsql.instances.addServerCa
cloudsql.instances.listServerCas
cloudsql.instances.rotateServerCa
Google Cloud SQL Now GA cloudsql.instances.addServerCa
cloudsql.instances.listServerCas
cloudsql.instances.rotateServerCa
Cloud Translation Added cloudtranslate.generalModels.batchPredict
cloudtranslate.generalModels.get
cloudtranslate.generalModels.getIamPolicy
cloudtranslate.generalModels.predict
cloudtranslate.generalModels.setIamPolicy
cloudtranslate.glossaries.batchPredict
cloudtranslate.glossaries.create
cloudtranslate.glossaries.delete
cloudtranslate.glossaries.get
cloudtranslate.glossaries.getIamPolicy
cloudtranslate.glossaries.list
cloudtranslate.glossaries.predict
cloudtranslate.glossaries.setIamPolicy
cloudtranslate.languageDetectionModels.getIamPolicy
cloudtranslate.languageDetectionModels.predict
cloudtranslate.languageDetectionModels.setIamPolicy
cloudtranslate.locations.get
cloudtranslate.locations.getIamPolicy
cloudtranslate.locations.list
cloudtranslate.locations.setIamPolicy
cloudtranslate.operations.cancel
cloudtranslate.operations.delete
cloudtranslate.operations.get
cloudtranslate.operations.getIamPolicy
cloudtranslate.operations.list
cloudtranslate.operations.setIamPolicy
cloudtranslate.operations.wait
Google Cloud DNS API Added dns.networks.targetWithPeeringZone
Google Cloud DNS API Supported In Custom Roles dns.networks.targetWithPeeringZone
Event Threat Detection Added threatdetection.detectorSettings.clear
threatdetection.detectorSettings.get
threatdetection.detectorSettings.update
threatdetection.sinkSettings.get
threatdetection.sinkSettings.update
threatdetection.sourceSettings.get
threatdetection.sourceSettings.update

Cloud IAM changes as of 2019-03-22

Service Change Description
Google Cloud Job Discovery Now GA

The role roles/cloudjobdiscovery.admin (Admin) is now GA.

Google Cloud Job Discovery Now GA

The role roles/cloudjobdiscovery.jobsEditor (Job Editor) is now GA.

Google Cloud Job Discovery Now GA

The role roles/cloudjobdiscovery.jobsViewer (Job Viewer) is now GA.

Google Cloud Job Discovery Now GA

The role roles/cloudjobdiscovery.profilesEditor (Profile Editor) is now GA.

Google Cloud Job Discovery Now GA

The role roles/cloudjobdiscovery.profilesViewer (Profile Viewer) is now GA.

Primitive Role Role Updated

The following permissions have been added to the role roles/editor (Editor):

file.instances.restore
healthcare.datasets.deidentify
Cloud Filestore API Role Updated

The following permissions have been added to the role roles/file.editor (Cloud Filestore Editor):

file.instances.restore
Primitive Role Role Updated

The following permissions have been added to the role roles/owner (Owner):

file.instances.restore
healthcare.datasets.deidentify
Google Cloud Job Discovery Now GA cloudjobdiscovery.companies.create
cloudjobdiscovery.companies.delete
cloudjobdiscovery.companies.get
cloudjobdiscovery.companies.list
cloudjobdiscovery.companies.update
cloudjobdiscovery.events.create
cloudjobdiscovery.jobs.create
cloudjobdiscovery.jobs.delete
cloudjobdiscovery.jobs.get
cloudjobdiscovery.jobs.search
cloudjobdiscovery.jobs.update
cloudjobdiscovery.profiles.create
cloudjobdiscovery.profiles.delete
cloudjobdiscovery.profiles.get
cloudjobdiscovery.profiles.search
cloudjobdiscovery.profiles.update
cloudjobdiscovery.tenants.create
cloudjobdiscovery.tenants.delete
cloudjobdiscovery.tenants.get
cloudjobdiscovery.tenants.update
cloudjobdiscovery.tools.access
Google Compute Engine Added compute.instances.getShieldedInstanceIdentity
compute.instances.getShieldedVmIdentity
compute.instances.setShieldedInstanceIntegrityPolicy
compute.instances.updateShieldedInstanceConfig
Google Compute Engine Supported In Custom Roles compute.instances.getShieldedInstanceIdentity
compute.instances.getShieldedVmIdentity
compute.instances.setShieldedInstanceIntegrityPolicy
compute.instances.updateShieldedInstanceConfig
Google Compute Engine Now GA compute.instances.getShieldedInstanceIdentity
compute.instances.getShieldedVmIdentity
compute.instances.setShieldedInstanceIntegrityPolicy
compute.instances.updateShieldedInstanceConfig
Cloud Filestore API Added file.instances.restore
Identity Toolkit API Added firebaseauth.configs.getHashConfig
Identity Toolkit API Supported In Custom Roles firebaseauth.configs.getHashConfig
Cloud Healthcare API Added healthcare.datasets.create
healthcare.datasets.deidentify
healthcare.datasets.delete
healthcare.datasets.get
healthcare.datasets.getIamPolicy
healthcare.datasets.list
healthcare.datasets.setIamPolicy
healthcare.datasets.update
healthcare.dicomStores.create
healthcare.dicomStores.delete
healthcare.dicomStores.dicomWebDelete
healthcare.dicomStores.dicomWebRead
healthcare.dicomStores.dicomWebWrite
healthcare.dicomStores.export
healthcare.dicomStores.get
healthcare.dicomStores.getIamPolicy
healthcare.dicomStores.import
healthcare.dicomStores.list
healthcare.dicomStores.setIamPolicy
healthcare.dicomStores.update
healthcare.fhirResources.create
healthcare.fhirResources.delete
healthcare.fhirResources.get
healthcare.fhirResources.patch
healthcare.fhirResources.update
healthcare.fhirSecurityLabels.getIamPolicy
healthcare.fhirSecurityLabels.setIamPolicy
healthcare.fhirStores.create
healthcare.fhirStores.delete
healthcare.fhirStores.export
healthcare.fhirStores.get
healthcare.fhirStores.getIamPolicy
healthcare.fhirStores.import
healthcare.fhirStores.list
healthcare.fhirStores.searchResources
healthcare.fhirStores.setIamPolicy
healthcare.fhirStores.update
healthcare.hl7V2Messages.create
healthcare.hl7V2Messages.delete
healthcare.hl7V2Messages.get
healthcare.hl7V2Messages.ingest
healthcare.hl7V2Messages.list
healthcare.hl7V2Messages.update
healthcare.hl7V2Stores.create
healthcare.hl7V2Stores.delete
healthcare.hl7V2Stores.get
healthcare.hl7V2Stores.getIamPolicy
healthcare.hl7V2Stores.list
healthcare.hl7V2Stores.setIamPolicy
healthcare.hl7V2Stores.update
healthcare.operations.cancel
healthcare.operations.get
healthcare.operations.list

Cloud IAM changes as of 2019-03-15

Service Change Description
Google Cloud Job Discovery Role Updated

The following permissions have been added to the role roles/cloudjobdiscovery.profilesEditor (Profile Editor):

cloudjobdiscovery.tenants.create
cloudjobdiscovery.tenants.delete
cloudjobdiscovery.tenants.get
cloudjobdiscovery.tenants.update
Google Cloud Job Discovery Role Updated

The following permissions have been removed from the role roles/cloudjobdiscovery.profilesEditor (Profile Editor):

cloudjobdiscovery.companies.create
cloudjobdiscovery.companies.delete
cloudjobdiscovery.companies.get
cloudjobdiscovery.companies.list
cloudjobdiscovery.companies.update
Google Cloud Job Discovery Role Updated

The following permissions have been added to the role roles/cloudjobdiscovery.profilesViewer (Profile Viewer):

cloudjobdiscovery.tenants.get
Google Cloud Job Discovery Role Updated

The following permissions have been removed from the role roles/cloudjobdiscovery.profilesViewer (Profile Viewer):

cloudjobdiscovery.companies.get
cloudjobdiscovery.companies.list
Primitive Role Role Updated

The following permissions have been added to the role roles/editor (Editor):

cloudjobdiscovery.tenants.create
cloudjobdiscovery.tenants.delete
cloudjobdiscovery.tenants.get
cloudjobdiscovery.tenants.update
Primitive Role Role Updated

The following permissions have been added to the role roles/owner (Owner):

cloudjobdiscovery.tenants.create
cloudjobdiscovery.tenants.delete
cloudjobdiscovery.tenants.get
cloudjobdiscovery.tenants.update
Cloud Storage Transfer Service Now GA

The role roles/storagetransfer.admin (Storage Transfer Admin) is now GA.

Cloud Storage Transfer Service Now GA

The role roles/storagetransfer.user (Storage Transfer User) is now GA.

Cloud Storage Transfer Service Now GA

The role roles/storagetransfer.viewer (Storage Transfer Viewer) is now GA.

Primitive Role Role Updated

The following permissions have been added to the role roles/viewer (Viewer):

cloudjobdiscovery.tenants.get
Google Cloud Job Discovery Added cloudjobdiscovery.tenants.create
cloudjobdiscovery.tenants.delete
cloudjobdiscovery.tenants.get
cloudjobdiscovery.tenants.update
Google Cloud DNS API Now GA dns.networks.bindPrivateDNSZone
Cloud Run Added run.configurations.get
run.configurations.list
run.locations.list
run.revisions.delete
run.revisions.get
run.revisions.list
run.routes.get
run.routes.invoke
run.routes.list
run.services.create
run.services.delete
run.services.get
run.services.getIamPolicy
run.services.list
run.services.setIamPolicy
run.services.update
Cloud Run Not Supported In Custom Roles run.routes.invoke
Cloud Run Supported In Custom Roles run.configurations.get
run.configurations.list
run.locations.list
run.revisions.delete
run.revisions.get
run.revisions.list
run.routes.get
run.routes.list
run.services.create
run.services.delete
run.services.get
run.services.getIamPolicy
run.services.list
run.services.setIamPolicy
run.services.update
Cloud Storage Transfer Service Added storagetransfer.jobs.create
storagetransfer.jobs.delete
storagetransfer.jobs.get
storagetransfer.jobs.list
storagetransfer.jobs.update
storagetransfer.operations.cancel
storagetransfer.operations.get
storagetransfer.operations.list
storagetransfer.operations.pause
storagetransfer.operations.resume
storagetransfer.projects.getServiceAccount
Cloud Storage Transfer Service Supported In Custom Roles storagetransfer.jobs.create
storagetransfer.jobs.delete
storagetransfer.jobs.get
storagetransfer.jobs.list
storagetransfer.jobs.update
storagetransfer.operations.cancel
storagetransfer.operations.get
storagetransfer.operations.list
storagetransfer.operations.pause
storagetransfer.operations.resume
storagetransfer.projects.getServiceAccount
Cloud Storage Transfer Service Now GA storagetransfer.jobs.create
storagetransfer.jobs.delete
storagetransfer.jobs.get
storagetransfer.jobs.list
storagetransfer.jobs.update
storagetransfer.operations.cancel
storagetransfer.operations.get
storagetransfer.operations.list
storagetransfer.operations.pause
storagetransfer.operations.resume
storagetransfer.projects.getServiceAccount

Cloud IAM changes as of 2019-03-07

Service Change Description
Google BigQuery Role Added

The role roles/bigquery.connectionAdmin (BigQuery Connection Admin) has been added with the following permissions:

bigquery.connections.create
bigquery.connections.delete
bigquery.connections.get
bigquery.connections.getIamPolicy
bigquery.connections.list
bigquery.connections.setIamPolicy
bigquery.connections.update
bigquery.connections.use
Google BigQuery Role Added

The role roles/bigquery.connectionUser (BigQuery Connection User) has been added with the following permissions:

bigquery.connections.get
bigquery.connections.getIamPolicy
bigquery.connections.list
bigquery.connections.use
Dialogflow Role Updated

The following permissions have been added to the role roles/dialogflow.admin (Dialogflow API Admin):

dialogflow.agents.update
Dialogflow Role Updated

The following permissions have been added to the role roles/dialogflow.consoleAgentEditor (Dialogflow Console Agent Editor):

dialogflow.agents.update
Primitive Role Role Updated

The following permissions have been added to the role roles/editor (Editor):

dialogflow.agents.update
file.snapshots.create
file.snapshots.delete
file.snapshots.get
file.snapshots.list
Cloud Filestore API Role Updated

The following permissions have been added to the role roles/file.editor (Cloud Filestore Editor):

file.snapshots.create
file.snapshots.delete
file.snapshots.get
file.snapshots.list
Cloud Filestore API Role Updated

The following permissions have been added to the role roles/file.viewer (Cloud Filestore Viewer):

file.snapshots.get
file.snapshots.list
Cloud Identity and Access Management Now GA

The role roles/iam.serviceAccountCreator (Create Service Accounts) is now GA.

Cloud Identity and Access Management Role Updated

The following permissions have been added to the role roles/iam.securityReviewer (Security Reviewer):

file.snapshots.list
Primitive Role Role Updated

The following permissions have been added to the role roles/owner (Owner):

dialogflow.agents.update
file.snapshots.create
file.snapshots.delete
file.snapshots.get
file.snapshots.list
Service Usage API Role Updated

The following permissions have been added to the role roles/serviceusage.apiKeysAdmin (API Keys Admin):

serviceusage.operations.get
Primitive Role Role Updated

The following permissions have been added to the role roles/viewer (Viewer):

file.snapshots.get
file.snapshots.list
Data Labeling API Added datalabeling.annotateddatasets.delete
datalabeling.annotateddatasets.get
datalabeling.annotateddatasets.label
datalabeling.annotateddatasets.list
datalabeling.annotationspecsets.create
datalabeling.annotationspecsets.delete
datalabeling.annotationspecsets.get
datalabeling.annotationspecsets.list
datalabeling.dataitems.get
datalabeling.dataitems.list
datalabeling.datasets.create
datalabeling.datasets.delete
datalabeling.datasets.export
datalabeling.datasets.get
datalabeling.datasets.import
datalabeling.datasets.list
datalabeling.examples.get
datalabeling.examples.list
datalabeling.instructions.create
datalabeling.instructions.delete
datalabeling.instructions.get
datalabeling.instructions.list
datalabeling.operations.cancel
datalabeling.operations.get
datalabeling.operations.list
Data Labeling API Supported In Custom Roles datalabeling.annotateddatasets.delete
datalabeling.annotateddatasets.get
datalabeling.annotateddatasets.label
datalabeling.annotateddatasets.list
datalabeling.annotationspecsets.create
datalabeling.annotationspecsets.delete
datalabeling.annotationspecsets.get
datalabeling.annotationspecsets.list
datalabeling.dataitems.get
datalabeling.dataitems.list
datalabeling.datasets.create
datalabeling.datasets.delete
datalabeling.datasets.export
datalabeling.datasets.get
datalabeling.datasets.import
datalabeling.datasets.list
datalabeling.examples.get
datalabeling.examples.list
datalabeling.instructions.create
datalabeling.instructions.delete
datalabeling.instructions.get
datalabeling.instructions.list
datalabeling.operations.cancel
datalabeling.operations.get
datalabeling.operations.list
Dialogflow Added dialogflow.agents.update
Cloud Filestore API Added file.snapshots.create
file.snapshots.delete
file.snapshots.get
file.snapshots.list

Cloud IAM changes as of 2019-03-01

Service Change Description
Google Compute Engine Role Updated

The following permissions have been added to the role roles/compute.instanceAdmin.v1 (Compute Instance Admin (v1)):

compute.resourcePolicies.create
compute.resourcePolicies.delete
compute.resourcePolicies.get
compute.resourcePolicies.list
compute.resourcePolicies.use
Google Cloud Dataproc Role Added

The role roles/dataproc.admin (Dataproc Administrator) has been added with the following permissions:

compute.machineTypes.get
compute.machineTypes.list
compute.networks.get
compute.networks.list
compute.projects.get
compute.regions.get
compute.regions.list
compute.zones.get
compute.zones.list
dataproc.autoscalingPolicies.create
dataproc.autoscalingPolicies.delete
dataproc.autoscalingPolicies.get
dataproc.autoscalingPolicies.getIamPolicy
dataproc.autoscalingPolicies.list
dataproc.autoscalingPolicies.setIamPolicy
dataproc.autoscalingPolicies.update
dataproc.autoscalingPolicies.use
dataproc.clusters.create
dataproc.clusters.delete
dataproc.clusters.get
dataproc.clusters.getIamPolicy
dataproc.clusters.list
dataproc.clusters.setIamPolicy
dataproc.clusters.update
dataproc.clusters.use
dataproc.jobs.cancel
dataproc.jobs.create
dataproc.jobs.delete
dataproc.jobs.get
dataproc.jobs.getIamPolicy
dataproc.jobs.list
dataproc.jobs.setIamPolicy
dataproc.jobs.update
dataproc.operations.cancel
dataproc.operations.delete
dataproc.operations.get
dataproc.operations.getIamPolicy
dataproc.operations.list
dataproc.operations.setIamPolicy
dataproc.workflowTemplates.create
dataproc.workflowTemplates.delete
dataproc.workflowTemplates.get
dataproc.workflowTemplates.getIamPolicy
dataproc.workflowTemplates.instantiate
dataproc.workflowTemplates.instantiateInline
dataproc.workflowTemplates.list
dataproc.workflowTemplates.setIamPolicy
dataproc.workflowTemplates.update
resourcemanager.projects.get
resourcemanager.projects.list
Primitive Role Role Updated

The following permissions have been added to the role roles/editor (Editor):

dataproc.clusters.getIamPolicy
dataproc.jobs.getIamPolicy
dataproc.operations.getIamPolicy
Cloud Identity and Access Management Role Updated

The following permissions have been added to the role roles/iam.serviceAccountDeleter (Delete Service Accounts):

iam.serviceAccounts.get
iam.serviceAccounts.list
Primitive Role Role Updated

The following permissions have been added to the role roles/viewer (Viewer):

dataproc.clusters.getIamPolicy
dataproc.jobs.getIamPolicy
dataproc.operations.getIamPolicy
Cloud AutoML Added automl.columnSpecs.get
automl.columnSpecs.list
automl.columnSpecs.update
automl.datasets.update
automl.models.export
automl.tableSpecs.get
automl.tableSpecs.list
automl.tableSpecs.update
Cloud AutoML Supported In Custom Roles automl.columnSpecs.list
automl.columnSpecs.update
automl.datasets.update
automl.models.deploy
automl.models.export
automl.models.undeploy
automl.tableSpecs.get
automl.tableSpecs.list
automl.tableSpecs.update
Google Compute Engine Added compute.disks.addResourcePolicies
compute.disks.removeResourcePolicies
compute.resourcePolicies.create
compute.resourcePolicies.delete
compute.resourcePolicies.get
compute.resourcePolicies.list
compute.resourcePolicies.use
Google Compute Engine Supported In Custom Roles compute.disks.addResourcePolicies
compute.disks.removeResourcePolicies
compute.resourcePolicies.create
compute.resourcePolicies.delete
compute.resourcePolicies.get
compute.resourcePolicies.list
compute.resourcePolicies.use

Cloud IAM changes as of 2019-02-15

Service Change Description
Access Context Manager Now GA

The role roles/accesscontextmanager.policyAdmin (Access Context Manager Admin) is now GA.

Access Context Manager Now GA

The role roles/accesscontextmanager.policyEditor (Access Context Manager Editor) is now GA.

Access Context Manager Now GA

The role roles/accesscontextmanager.policyReader (Access Context Manager Reader) is now GA.

Google Cloud Job Discovery Role Added

The role roles/cloudjobdiscovery.profilesEditor (Profile Editor) has been added with the following permissions:

cloudjobdiscovery.companies.create
cloudjobdiscovery.companies.delete
cloudjobdiscovery.companies.get
cloudjobdiscovery.companies.list
cloudjobdiscovery.companies.update
cloudjobdiscovery.events.create
cloudjobdiscovery.events.delete
cloudjobdiscovery.events.get
cloudjobdiscovery.events.list
cloudjobdiscovery.events.update
cloudjobdiscovery.profiles.create
cloudjobdiscovery.profiles.delete
cloudjobdiscovery.profiles.get
cloudjobdiscovery.profiles.search
cloudjobdiscovery.profiles.update
resourcemanager.projects.get
resourcemanager.projects.list
Google Cloud Job Discovery Role Added

The role roles/cloudjobdiscovery.profilesViewer (Profile Viewer) has been added with the following permissions:

cloudjobdiscovery.companies.get
cloudjobdiscovery.companies.list
cloudjobdiscovery.events.get
cloudjobdiscovery.events.list
cloudjobdiscovery.profiles.get
cloudjobdiscovery.profiles.search
resourcemanager.projects.get
resourcemanager.projects.list
Primitive Role Role Updated

The following permissions have been added to the role roles/editor (Editor):

cloudjobdiscovery.profiles.create
cloudjobdiscovery.profiles.delete
cloudjobdiscovery.profiles.get
cloudjobdiscovery.profiles.search
cloudjobdiscovery.profiles.update
Primitive Role Role Updated

The following permissions have been added to the role roles/owner (Owner):

cloudjobdiscovery.profiles.create
cloudjobdiscovery.profiles.delete
cloudjobdiscovery.profiles.get
cloudjobdiscovery.profiles.search
cloudjobdiscovery.profiles.update
Primitive Role Role Updated

The following permissions have been added to the role roles/viewer (Viewer):

cloudjobdiscovery.profiles.get
cloudjobdiscovery.profiles.search
Google Stackdriver Role Updated

The following permissions have been added to the role roles/stackdriver.accounts.editor (Stackdriver Account Editor):

resourcemanager.projects.get
resourcemanager.projects.list
Google Stackdriver Role Updated

The following permissions have been added to the role roles/stackdriver.accounts.viewer (Stackdriver Account Viewer):

resourcemanager.projects.get
resourcemanager.projects.list
Access Context Manager Supported In Custom Roles accesscontextmanager.accessLevels.create
accesscontextmanager.accessLevels.delete
accesscontextmanager.accessLevels.get
accesscontextmanager.accessLevels.list
accesscontextmanager.accessLevels.update
accesscontextmanager.accessPolicies.create
accesscontextmanager.accessPolicies.delete
accesscontextmanager.accessPolicies.get
accesscontextmanager.accessPolicies.getIamPolicy
accesscontextmanager.accessPolicies.list
accesscontextmanager.accessPolicies.setIamPolicy
accesscontextmanager.accessPolicies.update
accesscontextmanager.accessZones.create
accesscontextmanager.accessZones.delete
accesscontextmanager.accessZones.get
accesscontextmanager.accessZones.list
accesscontextmanager.accessZones.update
accesscontextmanager.policies.create
accesscontextmanager.policies.delete
accesscontextmanager.policies.get
accesscontextmanager.policies.getIamPolicy
accesscontextmanager.policies.list
accesscontextmanager.policies.setIamPolicy
accesscontextmanager.policies.update
accesscontextmanager.servicePerimeters.create
accesscontextmanager.servicePerimeters.delete
accesscontextmanager.servicePerimeters.get
accesscontextmanager.servicePerimeters.list
accesscontextmanager.servicePerimeters.update
Access Context Manager Now GA accesscontextmanager.accessLevels.create
accesscontextmanager.accessLevels.delete
accesscontextmanager.accessLevels.get
accesscontextmanager.accessLevels.list
accesscontextmanager.accessLevels.update
accesscontextmanager.accessPolicies.create
accesscontextmanager.accessPolicies.delete
accesscontextmanager.accessPolicies.get
accesscontextmanager.accessPolicies.getIamPolicy
accesscontextmanager.accessPolicies.list
accesscontextmanager.accessPolicies.setIamPolicy
accesscontextmanager.accessPolicies.update
accesscontextmanager.accessZones.create
accesscontextmanager.accessZones.delete
accesscontextmanager.accessZones.get
accesscontextmanager.accessZones.list
accesscontextmanager.accessZones.update
accesscontextmanager.policies.create
accesscontextmanager.policies.delete
accesscontextmanager.policies.get
accesscontextmanager.policies.getIamPolicy
accesscontextmanager.policies.list
accesscontextmanager.policies.setIamPolicy
accesscontextmanager.policies.update
accesscontextmanager.servicePerimeters.create
accesscontextmanager.servicePerimeters.delete
accesscontextmanager.servicePerimeters.get
accesscontextmanager.servicePerimeters.list
accesscontextmanager.servicePerimeters.update
Google Cloud Job Discovery Added cloudjobdiscovery.profiles.create
cloudjobdiscovery.profiles.delete
cloudjobdiscovery.profiles.get
cloudjobdiscovery.profiles.search
cloudjobdiscovery.profiles.update

Cloud IAM changes as of 2019-02-08

Service Change Description
Cloud Security Command Center Supported In Custom Roles securitycenter.assets.group
securitycenter.assets.list
securitycenter.assets.listAssetPropertyNames
securitycenter.assets.runDiscovery
securitycenter.assetsecuritymarks.update
securitycenter.findings.group
securitycenter.findings.list
securitycenter.findings.listFindingPropertyNames
securitycenter.findings.setState
securitycenter.findings.update
securitycenter.findingsecuritymarks.update
securitycenter.organizationsettings.get
securitycenter.organizationsettings.update
securitycenter.sources.get
securitycenter.sources.getIamPolicy
securitycenter.sources.list
securitycenter.sources.setIamPolicy
securitycenter.sources.update

Cloud IAM changes as of 2019-02-01

Service Change Description
Dialogflow Now GA

The role roles/dialogflow.admin (Dialogflow API Admin) is now GA.

Dialogflow Now GA

The role roles/dialogflow.client (Dialogflow API Client) is now GA.

Dialogflow Now GA

The role roles/dialogflow.consoleAgentEditor (Dialogflow Console Agent Editor) is now GA.

Dialogflow Now GA

The role roles/dialogflow.reader (Dialogflow API Reader) is now GA.

Cloud Asset Inventory Added cloudasset.assets.exportIamPolicy
cloudasset.assets.exportResource
Cloud Asset Inventory Supported In Custom Roles cloudasset.assets.exportIamPolicy
cloudasset.assets.exportResource
Cloud Asset Inventory Now GA cloudasset.assets.exportIamPolicy
cloudasset.assets.exportResource
Dialogflow Supported In Custom Roles dialogflow.agents.search
dialogflow.agents.train
Dialogflow Now GA dialogflow.agents.export
dialogflow.agents.get
dialogflow.agents.import
dialogflow.agents.restore
dialogflow.agents.search
dialogflow.agents.train
dialogflow.contexts.create
dialogflow.contexts.delete
dialogflow.contexts.get
dialogflow.contexts.list
dialogflow.contexts.update
dialogflow.entityTypes.create
dialogflow.entityTypes.createEntity
dialogflow.entityTypes.delete
dialogflow.entityTypes.deleteEntity
dialogflow.entityTypes.get
dialogflow.entityTypes.list
dialogflow.entityTypes.update
dialogflow.entityTypes.updateEntity
dialogflow.intents.create
dialogflow.intents.delete
dialogflow.intents.get
dialogflow.intents.list
dialogflow.intents.update
dialogflow.operations.get
dialogflow.sessionEntityTypes.create
dialogflow.sessionEntityTypes.delete
dialogflow.sessionEntityTypes.get
dialogflow.sessionEntityTypes.list
dialogflow.sessionEntityTypes.update
dialogflow.sessions.detectIntent
dialogflow.sessions.streamingDetectIntent

Cloud IAM changes as of 2019-01-25

Service Change Description
Google Compute Engine Added compute.instances.updateDisplayDevice

Cloud IAM changes as of 2019-01-11

Service Change Description
Cloud Identity-Aware Proxy Now GA

The role roles/iap.admin (IAP Policy Admin) is now GA.

Cloud Identity-Aware Proxy Supported In Custom Roles iap.web.getIamPolicy
iap.web.setIamPolicy
iap.webServiceVersions.accessViaIAP
iap.webServiceVersions.getIamPolicy
iap.webServiceVersions.setIamPolicy
iap.webServices.getIamPolicy
iap.webServices.setIamPolicy
iap.webTypes.getIamPolicy
iap.webTypes.setIamPolicy

Cloud IAM changes as of 2018-12-21

Service Change Description
Google Cloud DNS API Added dns.networks.bindPrivateDNSZone
Google Cloud DNS API Supported In Custom Roles dns.networks.bindPrivateDNSZone

Cloud IAM changes as of 2018-12-14

Service Change Description
Identity Toolkit API Added firebaseauth.configs.create
Identity Toolkit API Supported In Custom Roles firebaseauth.configs.create

Cloud IAM changes as of 2018-12-07

Service Change Description
Google BigQuery Added bigquery.readsessions.create
Google BigQuery Supported In Custom Roles bigquery.readsessions.create
Google Kubernetes Engine Supported In Custom Roles container.backendConfigs.create
container.backendConfigs.delete
container.backendConfigs.get
container.backendConfigs.list
container.backendConfigs.update
container.tokenReviews.create
Google Kubernetes Engine Now GA container.backendConfigs.create
container.backendConfigs.delete
container.backendConfigs.get
container.backendConfigs.list
container.backendConfigs.update
container.tokenReviews.create

Cloud IAM changes as of 2018-11-30

Service Change Description
Cloud Asset Inventory Now GA

The role roles/cloudasset.viewer (Cloud Asset Viewer) is now GA.

Cloud Asset Inventory Now GA cloudasset.assets.exportAll
Google Compute Engine Added compute.licenseCodes.getIamPolicy
compute.licenseCodes.setIamPolicy
compute.nodeGroups.getIamPolicy
compute.nodeGroups.setIamPolicy
compute.nodeTemplates.getIamPolicy
compute.nodeTemplates.setIamPolicy
Google Compute Engine Supported In Custom Roles compute.disks.getIamPolicy
compute.disks.setIamPolicy
compute.images.getIamPolicy
compute.instances.getIamPolicy
compute.instances.setIamPolicy
compute.licenseCodes.getIamPolicy
compute.licenseCodes.setIamPolicy
compute.licenses.getIamPolicy
compute.licenses.setIamPolicy
compute.nodeGroups.getIamPolicy
compute.nodeGroups.setIamPolicy
compute.nodeTemplates.getIamPolicy
compute.nodeTemplates.setIamPolicy
compute.snapshots.getIamPolicy
compute.snapshots.setIamPolicy
compute.subnetworks.getIamPolicy
compute.subnetworks.setIamPolicy
Google Compute Engine Now GA compute.licenseCodes.getIamPolicy
compute.licenseCodes.setIamPolicy
compute.nodeGroups.getIamPolicy
compute.nodeGroups.setIamPolicy
compute.nodeTemplates.getIamPolicy
compute.nodeTemplates.setIamPolicy
compute.subnetworks.getIamPolicy
compute.subnetworks.setIamPolicy

Cloud IAM changes as of 2018-11-16

Service Change Description
Cloud AutoML Added automl.locations.getIamPolicy
automl.locations.setIamPolicy
Cloud AutoML Supported In Custom Roles automl.locations.getIamPolicy
automl.locations.setIamPolicy
Google Cloud Job Discovery Added cloudjobdiscovery.events.create
cloudjobdiscovery.events.delete
cloudjobdiscovery.events.get
cloudjobdiscovery.events.list
cloudjobdiscovery.events.update
Google Compute Engine Added compute.instanceTemplates.getIamPolicy
compute.instanceTemplates.setIamPolicy
Google Compute Engine Supported In Custom Roles compute.instanceTemplates.getIamPolicy
compute.instanceTemplates.setIamPolicy
Google Compute Engine Now GA compute.instanceTemplates.getIamPolicy
compute.instanceTemplates.setIamPolicy
Google Kubernetes Engine Added container.backendConfigs.create
container.backendConfigs.delete
container.backendConfigs.get
container.backendConfigs.list
container.backendConfigs.update
container.tokenReviews.create

Cloud IAM changes as of 2018-11-09

Service Change Description
Firebase Services API Added firebaseanalytics.resources.googleAnalyticsEdit
firebaseanalytics.resources.googleAnalyticsReadAndAnalyze
Firebase Services API Supported In Custom Roles firebaseanalytics.resources.googleAnalyticsEdit
firebaseanalytics.resources.googleAnalyticsReadAndAnalyze

Cloud IAM changes as of 2018-11-02

Service Change Description
Google Compute Engine Now GA compute.globalAddresses.createInternal
compute.globalAddresses.deleteInternal
Cloud Filestore API Supported In Custom Roles file.instances.create
file.instances.delete
file.instances.get
file.instances.list
file.instances.update
file.locations.get
file.locations.list
file.operations.get
file.operations.list
Google Stackdriver Added stackdriver.resourceMetadata.write
Google Stackdriver Supported In Custom Roles stackdriver.resourceMetadata.write

Cloud IAM changes as of 2018-10-26

Service Change Description
Google BigQuery Now GA

The role roles/bigquery.metadataViewer (BigQuery Metadata Viewer) is now GA.

Cloud Identity and Access Management Now GA

The role roles/iam.serviceAccountDeleter (Delete Service Accounts) is now GA.

Firebase Services API Added firebasedatabase.instances.create
firebasedatabase.instances.list
Firebase Services API Supported In Custom Roles firebasedatabase.instances.create
firebasedatabase.instances.list
Firebase Extensions API Added firebaseextensions.configs.create
firebaseextensions.configs.delete
firebaseextensions.configs.list
firebaseextensions.configs.update
Firebase Extensions API Supported In Custom Roles firebaseextensions.configs.create
firebaseextensions.configs.delete
firebaseextensions.configs.list
firebaseextensions.configs.update

Cloud IAM changes as of 2018-10-19

Service Change Description
Google Cloud Support API Now GA

The role roles/cloudsupport.admin (Support Account Administrator) is now GA.

Google Cloud Support API Now GA

The role roles/cloudsupport.viewer (Support Account Viewer) is now GA.

Firebase Remote Config Added cloudconfig.configs.get
cloudconfig.configs.update
Firebase Remote Config Supported In Custom Roles cloudconfig.configs.get
cloudconfig.configs.update
Google Cloud Support API Supported In Custom Roles cloudsupport.accounts.create
cloudsupport.accounts.delete
cloudsupport.accounts.get
cloudsupport.accounts.getIamPolicy
cloudsupport.accounts.getUserRoles
cloudsupport.accounts.list
cloudsupport.accounts.setIamPolicy
cloudsupport.accounts.update
cloudsupport.accounts.updateUserRoles
cloudsupport.operations.get
Google Cloud Support API Now GA cloudsupport.accounts.create
cloudsupport.accounts.delete
cloudsupport.accounts.get
cloudsupport.accounts.getIamPolicy
cloudsupport.accounts.getUserRoles
cloudsupport.accounts.list
cloudsupport.accounts.setIamPolicy
cloudsupport.accounts.update
cloudsupport.accounts.updateUserRoles
cloudsupport.operations.get
Google Compute Engine Added compute.networks.updatePeering
Google Compute Engine Supported In Custom Roles compute.networks.updatePeering
Mobile Crash Reporting API Added firebasecrash.issues.update
firebasecrash.reports.get
Mobile Crash Reporting API Supported In Custom Roles firebasecrash.issues.update
firebasecrash.reports.get
Firebase Dynamic Links API Added firebasedynamiclinks.destinations.list
firebasedynamiclinks.destinations.update
firebasedynamiclinks.domains.create
firebasedynamiclinks.domains.delete
firebasedynamiclinks.domains.get
firebasedynamiclinks.domains.list
firebasedynamiclinks.domains.update
firebasedynamiclinks.links.create
firebasedynamiclinks.links.get
firebasedynamiclinks.links.list
firebasedynamiclinks.links.update
firebasedynamiclinks.stats.get
Firebase Dynamic Links API Supported In Custom Roles firebasedynamiclinks.destinations.list
firebasedynamiclinks.destinations.update
firebasedynamiclinks.domains.create
firebasedynamiclinks.domains.delete
firebasedynamiclinks.domains.get
firebasedynamiclinks.domains.list
firebasedynamiclinks.domains.update
firebasedynamiclinks.links.create
firebasedynamiclinks.links.get
firebasedynamiclinks.links.list
firebasedynamiclinks.links.update
firebasedynamiclinks.stats.get
Firebase In-App Messaging API Added firebaseinappmessaging.campaigns.create
firebaseinappmessaging.campaigns.delete
firebaseinappmessaging.campaigns.get
firebaseinappmessaging.campaigns.list
firebaseinappmessaging.campaigns.update
Firebase In-App Messaging API Supported In Custom Roles firebaseinappmessaging.campaigns.create
firebaseinappmessaging.campaigns.delete
firebaseinappmessaging.campaigns.get
firebaseinappmessaging.campaigns.list
firebaseinappmessaging.campaigns.update
Firebase Notifications API Added firebasenotifications.messages.create
firebasenotifications.messages.delete
firebasenotifications.messages.get
firebasenotifications.messages.list
firebasenotifications.messages.update
Firebase Notifications API Supported In Custom Roles firebasenotifications.messages.create
firebasenotifications.messages.delete
firebasenotifications.messages.get
firebasenotifications.messages.list
firebasenotifications.messages.update
Mobile Performance Reporting API Added firebaseperformance.config.create
firebaseperformance.config.delete
firebaseperformance.config.update
firebaseperformance.data.get
Mobile Performance Reporting API Supported In Custom Roles firebaseperformance.config.create
firebaseperformance.config.delete
firebaseperformance.config.update
firebaseperformance.data.get
Firebase Predictions API Added firebasepredictions.predictions.create
firebasepredictions.predictions.delete
firebasepredictions.predictions.list
firebasepredictions.predictions.update
Firebase Predictions API Supported In Custom Roles firebasepredictions.predictions.create
firebasepredictions.predictions.delete
firebasepredictions.predictions.list
firebasepredictions.predictions.update
Cloud Security Command Center Added securitycenter.assets.get
securitycenter.assets.getFieldNames
securitycenter.assets.group
securitycenter.assets.list
securitycenter.assets.listAssetPropertyNames
securitycenter.assets.runDiscovery
securitycenter.assets.triggerDiscovery
securitycenter.assets.update
securitycenter.assetsecuritymarks.update
securitycenter.configs.get
securitycenter.configs.getIamPolicy
securitycenter.configs.setIamPolicy
securitycenter.configs.update
securitycenter.findings.group
securitycenter.findings.list
securitycenter.findings.listFindingPropertyNames
securitycenter.findings.setState
securitycenter.findings.update
securitycenter.findingsecuritymarks.update
securitycenter.organizationsettings.get
securitycenter.organizationsettings.update
securitycenter.scans.get
securitycenter.scans.list
securitycenter.sources.get
securitycenter.sources.getIamPolicy
securitycenter.sources.list
securitycenter.sources.setIamPolicy
securitycenter.sources.update
Service Consumer Management Added serviceconsumermanagement.tenancyu.addResource
serviceconsumermanagement.tenancyu.create
serviceconsumermanagement.tenancyu.delete
serviceconsumermanagement.tenancyu.list
serviceconsumermanagement.tenancyu.removeResource
Service Consumer Management Supported In Custom Roles serviceconsumermanagement.tenancyu.addResource
serviceconsumermanagement.tenancyu.create
serviceconsumermanagement.tenancyu.delete
serviceconsumermanagement.tenancyu.list
serviceconsumermanagement.tenancyu.removeResource

Cloud IAM changes as of 2018-10-12

Service Change Description
Data Loss Prevention API Now GA

The role roles/dlp.admin (DLP Administrator) is now GA.

Data Loss Prevention API Now GA

The role roles/dlp.analyzeRiskTemplatesEditor (DLP Analyze Risk Templates Editor) is now GA.

Data Loss Prevention API Now GA

The role roles/dlp.analyzeRiskTemplatesReader (DLP Analyze Risk Templates Reader) is now GA.

Data Loss Prevention API Now GA

The role roles/dlp.deidentifyTemplatesEditor (DLP De-identify Templates Editor) is now GA.

Data Loss Prevention API Now GA

The role roles/dlp.deidentifyTemplatesReader (DLP De-identify Templates Reader) is now GA.

Data Loss Prevention API Now GA

The role roles/dlp.inspectTemplatesEditor (DLP Inspect Templates Editor) is now GA.

Data Loss Prevention API Now GA

The role roles/dlp.inspectTemplatesReader (DLP Inspect Templates Reader) is now GA.

Data Loss Prevention API Now GA

The role roles/dlp.jobsEditor (DLP Jobs Editor) is now GA.

Data Loss Prevention API Now GA

The role roles/dlp.jobsReader (DLP Jobs Reader) is now GA.

Data Loss Prevention API Now GA

The role roles/dlp.jobTriggersEditor (DLP Job Triggers Editor) is now GA.

Data Loss Prevention API Now GA

The role roles/dlp.jobTriggersReader (DLP Job Triggers Reader) is now GA.

Data Loss Prevention API Now GA

The role roles/dlp.reader (DLP Reader) is now GA.

Data Loss Prevention API Now GA

The role roles/dlp.storedInfoTypesEditor (DLP Stored InfoTypes Editor) is now GA.

Data Loss Prevention API Now GA

The role roles/dlp.storedInfoTypesReader (DLP Stored InfoTypes Reader) is now GA.

Data Loss Prevention API Now GA

The role roles/dlp.user (DLP User) is now GA.

Google Kubernetes Engine Supported In Custom Roles container.certificateSigningRequests.approve
container.clusterRoles.bind
container.deployments.rollback
container.nodes.proxy
container.pods.attach
container.pods.evict
container.pods.exec
container.pods.getLogs
container.pods.portForward
container.pods.proxy
container.roles.bind
container.services.proxy
container.thirdPartyObjects.create
container.thirdPartyObjects.delete
container.thirdPartyObjects.get
container.thirdPartyObjects.list
container.thirdPartyObjects.update
Data Loss Prevention API Supported In Custom Roles dlp.analyzeRiskTemplates.create
dlp.analyzeRiskTemplates.delete
dlp.analyzeRiskTemplates.get
dlp.analyzeRiskTemplates.list
dlp.analyzeRiskTemplates.update
dlp.deidentifyTemplates.create
dlp.deidentifyTemplates.delete
dlp.deidentifyTemplates.get
dlp.deidentifyTemplates.list
dlp.deidentifyTemplates.update
dlp.inspectTemplates.create
dlp.inspectTemplates.delete
dlp.inspectTemplates.get
dlp.inspectTemplates.list
dlp.inspectTemplates.update
dlp.jobTriggers.create
dlp.jobTriggers.delete
dlp.jobTriggers.get
dlp.jobTriggers.list
dlp.jobTriggers.update
dlp.jobs.cancel
dlp.jobs.create
dlp.jobs.delete
dlp.jobs.get
dlp.jobs.list
dlp.kms.encrypt
Data Loss Prevention API Now GA dlp.analyzeRiskTemplates.create
dlp.analyzeRiskTemplates.delete
dlp.analyzeRiskTemplates.get
dlp.analyzeRiskTemplates.list
dlp.analyzeRiskTemplates.update
dlp.deidentifyTemplates.create
dlp.deidentifyTemplates.delete
dlp.deidentifyTemplates.get
dlp.deidentifyTemplates.list
dlp.deidentifyTemplates.update
dlp.inspectTemplates.create
dlp.inspectTemplates.delete
dlp.inspectTemplates.get
dlp.inspectTemplates.list
dlp.inspectTemplates.update
dlp.jobTriggers.create
dlp.jobTriggers.delete
dlp.jobTriggers.get
dlp.jobTriggers.list
dlp.jobTriggers.update
dlp.jobs.cancel
dlp.jobs.create
dlp.jobs.delete
dlp.jobs.get
dlp.jobs.list
dlp.kms.encrypt
dlp.storedInfoTypes.create
dlp.storedInfoTypes.delete
dlp.storedInfoTypes.get
dlp.storedInfoTypes.list
dlp.storedInfoTypes.update
Google Cloud DNS API Supported In Custom Roles dns.dnsKeys.get
dns.dnsKeys.list
dns.managedZoneOperations.get
dns.managedZoneOperations.list
dns.managedZones.update
Firebase Services API Added firebase.billingPlans.get
firebase.billingPlans.update
firebase.clients.create
firebase.clients.delete
firebase.clients.get
firebase.links.create
firebase.links.delete
firebase.links.list
firebase.links.update
firebase.projects.delete
firebase.projects.get
firebase.projects.update
Firebase Services API Supported In Custom Roles firebase.billingPlans.get
firebase.billingPlans.update
firebase.clients.create
firebase.clients.delete
firebase.clients.get
firebase.links.create
firebase.links.delete
firebase.links.list
firebase.links.update
firebase.projects.delete
firebase.projects.get
firebase.projects.update
Firebase Services API Added firebaseabt.experimentresults.get
firebaseabt.experiments.create
firebaseabt.experiments.delete
firebaseabt.experiments.get
firebaseabt.experiments.list
firebaseabt.experiments.update
firebaseabt.projectmetadata.get
Firebase Services API Supported In Custom Roles firebaseabt.experimentresults.get
firebaseabt.experiments.create
firebaseabt.experiments.delete
firebaseabt.experiments.get
firebaseabt.experiments.list
firebaseabt.experiments.update
firebaseabt.projectmetadata.get
Identity Toolkit API Added firebaseauth.configs.get
firebaseauth.configs.update
firebaseauth.users.create
firebaseauth.users.createSession
firebaseauth.users.delete
firebaseauth.users.get
firebaseauth.users.sendEmail
firebaseauth.users.update
Identity Toolkit API Supported In Custom Roles firebaseauth.configs.get
firebaseauth.configs.update
firebaseauth.users.create
firebaseauth.users.createSession
firebaseauth.users.delete
firebaseauth.users.get
firebaseauth.users.sendEmail
firebaseauth.users.update
Firebase Services API Added firebasedatabase.instances.get
firebasedatabase.instances.update
Firebase Services API Supported In Custom Roles firebasedatabase.instances.get
firebasedatabase.instances.update
Firebase Hosting API Added firebasehosting.sites.create
firebasehosting.sites.delete
firebasehosting.sites.get
firebasehosting.sites.list
firebasehosting.sites.update
Firebase Hosting API Supported In Custom Roles firebasehosting.sites.create
firebasehosting.sites.delete
firebasehosting.sites.get
firebasehosting.sites.list
firebasehosting.sites.update
ML Kit API Added firebaseml.compressionjobs.create
firebaseml.compressionjobs.delete
firebaseml.compressionjobs.get
firebaseml.compressionjobs.list
firebaseml.compressionjobs.start
firebaseml.compressionjobs.update
firebaseml.models.create
firebaseml.models.delete
firebaseml.models.get
firebaseml.models.list
firebaseml.modelversions.create
firebaseml.modelversions.get
firebaseml.modelversions.list
firebaseml.modelversions.update
ML Kit API Supported In Custom Roles firebaseml.compressionjobs.create
firebaseml.compressionjobs.delete
firebaseml.compressionjobs.get
firebaseml.compressionjobs.list
firebaseml.compressionjobs.start
firebaseml.compressionjobs.update
firebaseml.models.create
firebaseml.models.delete
firebaseml.models.get
firebaseml.models.list
firebaseml.modelversions.create
firebaseml.modelversions.get
firebaseml.modelversions.list
firebaseml.modelversions.update
Firebase Rules API Added firebaserules.releases.create
firebaserules.releases.delete
firebaserules.releases.get
firebaserules.releases.getExecutable
firebaserules.releases.list
firebaserules.releases.update
firebaserules.rulesets.create
firebaserules.rulesets.delete
firebaserules.rulesets.get
firebaserules.rulesets.list
firebaserules.rulesets.test
Firebase Rules API Supported In Custom Roles firebaserules.releases.create
firebaserules.releases.delete
firebaserules.releases.get
firebaserules.releases.getExecutable
firebaserules.releases.list
firebaserules.releases.update
firebaserules.rulesets.create
firebaserules.rulesets.delete
firebaserules.rulesets.get
firebaserules.rulesets.list
firebaserules.rulesets.test

Cloud IAM changes as of 2018-10-05

Service Change Description
Google Compute Engine Added compute.instances.resume
compute.instances.suspend
Google Compute Engine Supported In Custom Roles compute.instances.resume
compute.instances.suspend
Google Compute Engine Now GA compute.instances.resume
compute.instances.suspend
Google Kubernetes Engine Supported In Custom Roles container.apiServices.updateStatus
container.certificateSigningRequests.updateStatus
container.cronJobs.getStatus
container.cronJobs.updateStatus
container.customResourceDefinitions.updateStatus
container.daemonSets.getStatus
container.daemonSets.updateStatus
container.deployments.getScale
container.deployments.getStatus
container.deployments.updateScale
container.deployments.updateStatus
container.horizontalPodAutoscalers.getStatus
container.horizontalPodAutoscalers.updateStatus
container.ingresses.getStatus
container.ingresses.updateStatus
container.jobs.getStatus
container.jobs.updateStatus
container.namespaces.getStatus
container.namespaces.updateStatus
container.nodes.getStatus
container.nodes.updateStatus
container.persistentVolumeClaims.getStatus
container.persistentVolumeClaims.updateStatus
container.persistentVolumes.getStatus
container.persistentVolumes.updateStatus
container.podDisruptionBudgets.getStatus
container.podDisruptionBudgets.updateStatus
container.pods.getStatus
container.pods.updateStatus
container.replicaSets.getScale
container.replicaSets.getStatus
container.replicaSets.updateScale
container.replicaSets.updateStatus
container.replicationControllers.getScale
container.replicationControllers.getStatus
container.replicationControllers.updateScale
container.replicationControllers.updateStatus
container.resourceQuotas.getStatus
container.resourceQuotas.updateStatus
container.services.getStatus
container.services.updateStatus
container.statefulSets.getScale
container.statefulSets.getStatus
container.statefulSets.updateScale
container.statefulSets.updateStatus
Google Kubernetes Engine Now GA container.cronJobs.getStatus
container.daemonSets.getStatus
container.deployments.getStatus
container.horizontalPodAutoscalers.getStatus
container.ingresses.getStatus
container.jobs.getStatus
container.namespaces.getStatus
container.nodes.getStatus
container.persistentVolumeClaims.getStatus
container.persistentVolumes.getStatus
container.podDisruptionBudgets.getStatus
container.pods.getStatus
container.replicaSets.getScale
container.replicaSets.getStatus
container.replicaSets.updateScale
container.replicationControllers.getScale
container.replicationControllers.getStatus
container.replicationControllers.updateScale
container.resourceQuotas.getStatus
container.services.getStatus
container.statefulSets.getStatus

Cloud IAM changes as of 2018-09-21

Service Change Description
Cloud AutoML Added automl.datasets.getIamPolicy
automl.datasets.setIamPolicy
automl.models.getIamPolicy
automl.models.setIamPolicy
Cloud AutoML Supported In Custom Roles automl.datasets.getIamPolicy
automl.datasets.setIamPolicy
automl.models.getIamPolicy
automl.models.setIamPolicy
Cloud Asset Inventory Added cloudasset.assets.exportAll
Cloud Asset Inventory Supported In Custom Roles cloudasset.assets.exportAll
Google Compute Engine Added compute.licenses.delete
Google Kubernetes Engine Supported In Custom Roles container.apiServices.create
container.apiServices.delete
container.apiServices.get
container.apiServices.list
container.apiServices.update
container.bindings.create
container.certificateSigningRequests.create
container.certificateSigningRequests.delete
container.certificateSigningRequests.get
container.certificateSigningRequests.list
container.certificateSigningRequests.update
container.clusterRoleBindings.create
container.clusterRoleBindings.delete
container.clusterRoleBindings.get
container.clusterRoleBindings.list
container.clusterRoleBindings.update
container.clusterRoles.create
container.clusterRoles.delete
container.clusterRoles.get
container.clusterRoles.list
container.clusterRoles.update
container.componentStatuses.get
container.componentStatuses.list
container.configMaps.create
container.configMaps.delete
container.configMaps.get
container.configMaps.list
container.configMaps.update
container.controllerRevisions.create
container.controllerRevisions.delete
container.controllerRevisions.get
container.controllerRevisions.list
container.controllerRevisions.update
container.cronJobs.create
container.cronJobs.delete
container.cronJobs.get
container.cronJobs.list
container.cronJobs.update
container.customResourceDefinitions.create
container.customResourceDefinitions.delete
container.customResourceDefinitions.get
container.customResourceDefinitions.list
container.customResourceDefinitions.update
container.daemonSets.create
container.daemonSets.delete
container.daemonSets.get
container.daemonSets.list
container.daemonSets.update
container.deployments.create
container.deployments.delete
container.deployments.get
container.deployments.list
container.deployments.update
container.endpoints.create
container.endpoints.delete
container.endpoints.get
container.endpoints.list
container.endpoints.update
container.events.create
container.events.delete
container.events.get
container.events.list
container.events.update
container.horizontalPodAutoscalers.create
container.horizontalPodAutoscalers.delete
container.horizontalPodAutoscalers.get
container.horizontalPodAutoscalers.list
container.horizontalPodAutoscalers.update
container.ingresses.create
container.ingresses.delete
container.ingresses.get
container.ingresses.list
container.ingresses.update
container.jobs.create
container.jobs.delete
container.jobs.get
container.jobs.list
container.jobs.update
container.limitRanges.create
container.limitRanges.delete
container.limitRanges.get
container.limitRanges.list
container.limitRanges.update
container.localSubjectAccessReviews.create
container.namespaces.create
container.namespaces.delete
container.namespaces.get
container.namespaces.list
container.namespaces.update
container.networkPolicies.create
container.networkPolicies.delete
container.networkPolicies.get
container.networkPolicies.list
container.networkPolicies.update
container.nodes.create
container.nodes.delete
container.nodes.get
container.nodes.list
container.nodes.update
container.persistentVolumeClaims.create
container.persistentVolumeClaims.delete
container.persistentVolumeClaims.get
container.persistentVolumeClaims.list
container.persistentVolumeClaims.update
container.persistentVolumes.create
container.persistentVolumes.delete
container.persistentVolumes.get
container.persistentVolumes.list
container.persistentVolumes.update
container.podDisruptionBudgets.create
container.podDisruptionBudgets.delete
container.podDisruptionBudgets.get
container.podDisruptionBudgets.list
container.podDisruptionBudgets.update
container.podSecurityPolicies.create
container.podSecurityPolicies.delete
container.podSecurityPolicies.get
container.podSecurityPolicies.list
container.podSecurityPolicies.update
container.podTemplates.create
container.podTemplates.delete
container.podTemplates.get
container.podTemplates.list
container.podTemplates.update
container.pods.create
container.pods.delete
container.pods.get
container.pods.list
container.pods.update
container.replicaSets.create
container.replicaSets.delete
container.replicaSets.get
container.replicaSets.list
container.replicaSets.update
container.replicationControllers.create
container.replicationControllers.delete
container.replicationControllers.get
container.replicationControllers.list
container.replicationControllers.update
container.resourceQuotas.create
container.resourceQuotas.delete
container.resourceQuotas.get
container.resourceQuotas.list
container.resourceQuotas.update
container.roleBindings.create
container.roleBindings.delete
container.roleBindings.get
container.roleBindings.list
container.roleBindings.update
container.roles.create
container.roles.delete
container.roles.get
container.roles.list
container.roles.update
container.secrets.create
container.secrets.delete
container.secrets.get
container.secrets.list
container.secrets.update
container.selfSubjectAccessReviews.create
container.serviceAccounts.create
container.serviceAccounts.delete
container.serviceAccounts.get
container.serviceAccounts.list
container.serviceAccounts.update
container.services.create
container.services.delete
container.services.get
container.services.list
container.services.update
container.statefulSets.create
container.statefulSets.delete
container.statefulSets.get
container.statefulSets.list
container.statefulSets.update
container.storageClasses.create
container.storageClasses.delete
container.storageClasses.get
container.storageClasses.list
container.storageClasses.update
container.subjectAccessReviews.create

Cloud IAM changes as of 2018-09-07

Service Change Description
Cloud Memorystore for Redis API Supported In Custom Roles redis.operations.cancel
redis.operations.delete

Cloud IAM changes as of 2018-08-31

Service Change Description
Google Kubernetes Engine Added container.cronJobs.getStatus
container.daemonSets.getStatus
container.deployments.getStatus
container.horizontalPodAutoscalers.getStatus
container.ingresses.getStatus
container.jobs.getStatus
container.namespaces.getStatus
container.nodes.getStatus
container.persistentVolumeClaims.getStatus
container.persistentVolumes.getStatus
container.podDisruptionBudgets.getStatus
container.pods.getStatus
container.replicaSets.getScale
container.replicaSets.getStatus
container.replicaSets.updateScale
container.replicationControllers.getScale
container.replicationControllers.getStatus
container.replicationControllers.updateScale
container.resourceQuotas.getStatus
container.services.getStatus
container.statefulSets.getStatus
Data Loss Prevention API Added dlp.storedInfoTypes.create
dlp.storedInfoTypes.delete
dlp.storedInfoTypes.get
dlp.storedInfoTypes.list
dlp.storedInfoTypes.update
Data Loss Prevention API Supported In Custom Roles dlp.storedInfoTypes.create
dlp.storedInfoTypes.delete
dlp.storedInfoTypes.get
dlp.storedInfoTypes.list
dlp.storedInfoTypes.update
Cloud Source Repositories Added source.repos.getProjectConfig
source.repos.updateProjectConfig
source.repos.updateRepoConfig
Cloud Source Repositories Supported In Custom Roles source.repos.getProjectConfig
source.repos.updateProjectConfig
source.repos.updateRepoConfig
Cloud Source Repositories Now GA source.repos.getProjectConfig
source.repos.updateProjectConfig
source.repos.updateRepoConfig

Cloud IAM changes as of 2018-08-10

Service Change Description
Binary Authorization Added binaryauthorization.attestors.verifyImageAttested
Binary Authorization Supported In Custom Roles binaryauthorization.attestors.verifyImageAttested
Google Compute Engine Added compute.globalAddresses.createInternal
compute.globalAddresses.deleteInternal
Google Compute Engine Supported In Custom Roles compute.globalAddresses.createInternal
compute.globalAddresses.deleteInternal
Cloud Filestore API Added file.instances.create
file.instances.delete
file.instances.get
file.instances.list
file.instances.update
file.locations.get
file.locations.list
file.operations.cancel
file.operations.delete
file.operations.get
file.operations.list

Cloud IAM changes as of 2018-08-03

Service Change Description
Android Management API Supported In Custom Roles androidmanagement.enterprises.manage
Android Management API Now GA androidmanagement.enterprises.manage
Google Cloud Billing API Supported In Custom Roles billing.resourceCosts.get
Binary Authorization Added binaryauthorization.policy.get
binaryauthorization.policy.getIamPolicy
binaryauthorization.policy.setIamPolicy
binaryauthorization.policy.update
Cloud Composer Now GA composer.environments.create
composer.environments.delete
composer.environments.get
composer.environments.list
composer.environments.update
composer.operations.delete
composer.operations.get
composer.operations.list
Google Compute Engine Now GA compute.nodeGroups.addNodes
compute.nodeGroups.create
compute.nodeGroups.delete
compute.nodeGroups.deleteNodes
compute.nodeGroups.get
compute.nodeGroups.list
compute.nodeGroups.setNodeTemplate
compute.nodeTemplates.create
compute.nodeTemplates.delete
compute.nodeTemplates.get
compute.nodeTemplates.list
compute.nodeTypes.get
compute.nodeTypes.list
Google Kubernetes Engine Now GA container.hostServiceAgent.use
Cloud Memorystore for Redis API Added redis.operations.cancel
Cloud Memorystore for Redis API Supported In Custom Roles redis.instances.create
redis.instances.delete
redis.instances.get
redis.instances.list
redis.instances.update
redis.locations.get
redis.locations.list
redis.operations.get
redis.operations.list
Subscribe with Google Developer API Added subscribewithgoogledeveloper.tools.get
Subscribe with Google Developer API Supported In Custom Roles subscribewithgoogledeveloper.tools.get

Cloud IAM changes as of 2018-07-20

Service Change Description
Access Context Manager Added accesscontextmanager.accessLevels.create
accesscontextmanager.accessLevels.delete
accesscontextmanager.accessLevels.get
accesscontextmanager.accessLevels.list
accesscontextmanager.accessLevels.update
accesscontextmanager.accessPolicies.create
accesscontextmanager.accessPolicies.delete
accesscontextmanager.accessPolicies.get
accesscontextmanager.accessPolicies.getIamPolicy
accesscontextmanager.accessPolicies.list
accesscontextmanager.accessPolicies.setIamPolicy
accesscontextmanager.accessPolicies.update
accesscontextmanager.accessZones.create
accesscontextmanager.accessZones.delete
accesscontextmanager.accessZones.get
accesscontextmanager.accessZones.list
accesscontextmanager.accessZones.update
accesscontextmanager.policies.create
accesscontextmanager.policies.delete
accesscontextmanager.policies.get
accesscontextmanager.policies.getIamPolicy
accesscontextmanager.policies.list
accesscontextmanager.policies.setIamPolicy
accesscontextmanager.policies.update
accesscontextmanager.servicePerimeters.create
accesscontextmanager.servicePerimeters.delete
accesscontextmanager.servicePerimeters.get
accesscontextmanager.servicePerimeters.list
accesscontextmanager.servicePerimeters.update
Cloud AutoML Added automl.annotationSpecs.create
automl.annotationSpecs.delete
automl.annotationSpecs.get
automl.annotationSpecs.list
automl.annotationSpecs.update
automl.annotations.approve
automl.annotations.create
automl.annotations.list
automl.annotations.manipulate
automl.annotations.reject
automl.datasets.create
automl.datasets.delete
automl.datasets.export
automl.datasets.get
automl.datasets.import
automl.datasets.list
automl.examples.delete
automl.examples.get
automl.examples.list
automl.humanAnnotationTasks.create
automl.humanAnnotationTasks.delete
automl.humanAnnotationTasks.get
automl.humanAnnotationTasks.list
automl.locations.get
automl.locations.list
automl.modelEvaluations.create
automl.modelEvaluations.get
automl.modelEvaluations.list
automl.models.create
automl.models.delete
automl.models.deploy
automl.models.get
automl.models.list
automl.models.predict
automl.models.undeploy
automl.operations.cancel
automl.operations.delete
automl.operations.get
automl.operations.list
Cloud AutoML Supported In Custom Roles automl.annotationSpecs.create
automl.annotationSpecs.delete
automl.annotationSpecs.get
automl.annotationSpecs.list
automl.annotationSpecs.update
automl.annotations.approve
automl.annotations.create
automl.annotations.list
automl.annotations.manipulate
automl.annotations.reject
automl.datasets.create
automl.datasets.delete
automl.datasets.export
automl.datasets.get
automl.datasets.import
automl.datasets.list
automl.examples.delete
automl.examples.get
automl.examples.list
automl.humanAnnotationTasks.create
automl.humanAnnotationTasks.get
automl.humanAnnotationTasks.list
automl.locations.get
automl.locations.list
automl.modelEvaluations.get
automl.modelEvaluations.list
automl.models.create
automl.models.delete
automl.models.get
automl.models.list
automl.models.predict
automl.operations.cancel
automl.operations.delete
automl.operations.get
automl.operations.list
Binary Authorization Added binaryauthorization.attestors.create
binaryauthorization.attestors.delete
binaryauthorization.attestors.get
binaryauthorization.attestors.getIamPolicy
binaryauthorization.attestors.list
binaryauthorization.attestors.setIamPolicy
binaryauthorization.attestors.update
Binary Authorization Supported In Custom Roles binaryauthorization.attestors.create
binaryauthorization.attestors.delete
binaryauthorization.attestors.get
binaryauthorization.attestors.getIamPolicy
binaryauthorization.attestors.list
binaryauthorization.attestors.setIamPolicy
binaryauthorization.attestors.update
Google Cloud DNS API Supported In Custom Roles dns.changes.create
dns.changes.get
dns.changes.list
dns.managedZones.create
dns.managedZones.delete
dns.managedZones.get
dns.managedZones.list
dns.projects.get
dns.resourceRecordSets.create
dns.resourceRecordSets.delete
dns.resourceRecordSets.list
dns.resourceRecordSets.update

Cloud IAM changes as of 2018-07-13

Service Change Description
Google BigQuery Added bigquery.datasets.getIamPolicy
bigquery.datasets.setIamPolicy
Cloud Datastore Added datastore.locations.get
datastore.locations.list

Cloud IAM changes as of 2018-07-06

Service Change Description
Cloud Composer Supported In Custom Roles composer.environments.create
composer.environments.delete
composer.environments.get
composer.environments.list
composer.environments.update
composer.operations.delete
composer.operations.get
composer.operations.list
Cloud Endpoints Added endpoints.portals.attachCustomDomain
endpoints.portals.detachCustomDomain
endpoints.portals.listCustomDomains
endpoints.portals.update
Cloud Endpoints Supported In Custom Roles endpoints.portals.attachCustomDomain
endpoints.portals.detachCustomDomain
endpoints.portals.listCustomDomains
endpoints.portals.update
Cloud TPU Added tpu.acceleratortypes.get
tpu.acceleratortypes.list
tpu.locations.get
tpu.locations.list
tpu.nodes.create
tpu.nodes.delete
tpu.nodes.get
tpu.nodes.list
tpu.nodes.reimage
tpu.nodes.reset
tpu.nodes.start
tpu.nodes.stop
tpu.operations.get
tpu.operations.list
tpu.tensorflowversions.get
tpu.tensorflowversions.list
Cloud TPU Supported In Custom Roles tpu.acceleratortypes.get
tpu.acceleratortypes.list
tpu.locations.get
tpu.locations.list
tpu.nodes.create
tpu.nodes.delete
tpu.nodes.get
tpu.nodes.list
tpu.nodes.reimage
tpu.nodes.reset
tpu.nodes.start
tpu.nodes.stop
tpu.operations.get
tpu.operations.list
tpu.tensorflowversions.get
tpu.tensorflowversions.list

Cloud IAM changes as of 2018-06-29

Service Change Description
Cloud Identity and Access Management Now GA iam.serviceAccounts.implicitDelegation

Cloud IAM changes as of 2018-06-15

Service Change Description
Google Compute Engine Supported In Custom Roles compute.backendServices.create
compute.backendServices.delete
compute.backendServices.get
compute.backendServices.list
compute.backendServices.setSecurityPolicy
compute.backendServices.update
compute.backendServices.use
compute.regionBackendServices.create
compute.regionBackendServices.delete
compute.regionBackendServices.get
compute.regionBackendServices.list
compute.regionBackendServices.setSecurityPolicy
compute.regionBackendServices.update
compute.regionBackendServices.use
compute.targetHttpProxies.create
compute.targetHttpProxies.setUrlMap
compute.targetHttpsProxies.create
compute.targetHttpsProxies.setUrlMap
compute.targetSslProxies.create
compute.targetSslProxies.setBackendService
compute.targetTcpProxies.create
compute.targetTcpProxies.update
Google Compute Engine Now GA compute.regionBackendServices.create
compute.regionBackendServices.delete
compute.regionBackendServices.get
compute.regionBackendServices.list
compute.regionBackendServices.setSecurityPolicy
compute.regionBackendServices.update
compute.regionBackendServices.use

Cloud IAM changes as of 2018-06-08

Service Change Description
Google Compute Engine Added compute.nodeGroups.addNodes
compute.nodeGroups.create
compute.nodeGroups.delete
compute.nodeGroups.deleteNodes
compute.nodeGroups.get
compute.nodeGroups.list
compute.nodeGroups.setNodeTemplate
compute.nodeTemplates.create
compute.nodeTemplates.delete
compute.nodeTemplates.get
compute.nodeTemplates.list
compute.nodeTypes.get
compute.nodeTypes.list
Google Compute Engine Supported In Custom Roles compute.nodeGroups.addNodes
compute.nodeGroups.create
compute.nodeGroups.delete
compute.nodeGroups.deleteNodes
compute.nodeGroups.get
compute.nodeGroups.list
compute.nodeGroups.setNodeTemplate
compute.nodeTemplates.create
compute.nodeTemplates.delete
compute.nodeTemplates.get
compute.nodeTemplates.list
compute.nodeTypes.get
compute.nodeTypes.list

Cloud IAM changes as of 2018-05-11

Service Change Description
Google BigQuery Supported In Custom Roles bigquery.jobs.listAll
Google Bigtable API Supported In Custom Roles bigtable.appProfiles.create
bigtable.appProfiles.delete
bigtable.appProfiles.get
bigtable.appProfiles.list
bigtable.appProfiles.update
bigtable.clusters.create
bigtable.clusters.delete
bigtable.tables.checkConsistency
bigtable.tables.generateConsistencyToken
Google Bigtable API Now GA bigtable.appProfiles.create
bigtable.appProfiles.delete
bigtable.appProfiles.get
bigtable.appProfiles.list
bigtable.appProfiles.update
bigtable.tables.checkConsistency
bigtable.tables.generateConsistencyToken
Cloud Composer Now Beta composer.environments.create
composer.environments.delete
composer.environments.get
composer.environments.list
composer.environments.update
composer.operations.delete
composer.operations.get
composer.operations.list
Genomics API Supported In Custom Roles genomics.operations.cancel
genomics.operations.create
genomics.operations.get
genomics.operations.list
Stackdriver Monitoring API Supported In Custom Roles monitoring.dashboards.create
monitoring.dashboards.delete
monitoring.dashboards.get
monitoring.dashboards.list
monitoring.dashboards.update
monitoring.publicWidgets.create
monitoring.publicWidgets.delete
monitoring.publicWidgets.get
monitoring.publicWidgets.list
monitoring.publicWidgets.update
monitoring.uptimeCheckConfigs.create
monitoring.uptimeCheckConfigs.delete
monitoring.uptimeCheckConfigs.get
monitoring.uptimeCheckConfigs.list
monitoring.uptimeCheckConfigs.update
Stackdriver Monitoring API Now GA monitoring.dashboards.create
monitoring.dashboards.delete
monitoring.dashboards.get
monitoring.dashboards.list
monitoring.dashboards.update
monitoring.publicWidgets.create
monitoring.publicWidgets.delete
monitoring.publicWidgets.get
monitoring.publicWidgets.list
monitoring.publicWidgets.update

Cloud IAM changes as of 2018-05-04

Service Change Description
Google BigQuery Available In Custom Roles bigquery.jobs.listAll
Google Bigtable API Added bigtable.instances.getIamPolicy
bigtable.instances.setIamPolicy
Google Bigtable API Supported In Custom Roles bigtable.instances.getIamPolicy
bigtable.instances.setIamPolicy
Google Bigtable API Now GA bigtable.instances.getIamPolicy
bigtable.instances.setIamPolicy
Google Compute Engine Supported In Custom Roles compute.instances.osAdminLogin
compute.instances.osLogin
compute.oslogin.updateExternalUser
Google Compute Engine Now GA compute.oslogin.updateExternalUser
Google Service Management Supported In Custom Roles servicemanagement.services.bind

Cloud IAM changes as of 2018-04-06

Service Change Description
Google Compute Engine Supported In Custom Roles compute.instances.setShieldedVmIntegrityPolicy
compute.instances.updateShieldedVmConfig
Google Compute Engine Now GA compute.instances.setShieldedVmIntegrityPolicy
Google Kubernetes Engine Supported In Custom Roles container.hostServiceAgent.use
Google Cloud Dataproc Supported In Custom Roles dataproc.jobs.getIamPolicy
dataproc.jobs.setIamPolicy
dataproc.operations.getIamPolicy
dataproc.operations.setIamPolicy
dataproc.workflowTemplates.getIamPolicy
dataproc.workflowTemplates.setIamPolicy
Google Cloud Dataproc Now GA dataproc.jobs.getIamPolicy
dataproc.jobs.setIamPolicy
dataproc.operations.getIamPolicy
dataproc.operations.setIamPolicy
dataproc.workflowTemplates.getIamPolicy
dataproc.workflowTemplates.setIamPolicy

Cloud IAM changes as of 2018-03-30

Service Change Description
Google Cloud IoT API Now GA cloudiot.devices.create
cloudiot.devices.delete
cloudiot.devices.get
cloudiot.devices.list
cloudiot.devices.update
cloudiot.devices.updateConfig
cloudiot.registries.create
cloudiot.registries.delete
cloudiot.registries.get
cloudiot.registries.getIamPolicy
cloudiot.registries.list
cloudiot.registries.setIamPolicy
cloudiot.registries.update

Cloud IAM changes as of 2018-03-23

Service Change Description
Genomics API Supported In Custom Roles genomics.datasets.create
genomics.datasets.delete
genomics.datasets.get
genomics.datasets.getIamPolicy
genomics.datasets.list
genomics.datasets.setIamPolicy
genomics.datasets.update
Google Cloud Pub/Sub API Supported In Custom Roles pubsub.snapshots.create
pubsub.snapshots.delete
pubsub.snapshots.list

Cloud IAM changes as of 2018-03-09

Service Change Description
Google Cloud Job Discovery Added cloudjobdiscovery.companies.create
cloudjobdiscovery.companies.delete
cloudjobdiscovery.companies.get
cloudjobdiscovery.companies.list
cloudjobdiscovery.companies.update
cloudjobdiscovery.jobs.create
cloudjobdiscovery.jobs.delete
cloudjobdiscovery.jobs.deleteByFilter
cloudjobdiscovery.jobs.get
cloudjobdiscovery.jobs.search
cloudjobdiscovery.jobs.update
cloudjobdiscovery.tools.access
Google Cloud Job Discovery Supported In Custom Roles cloudjobdiscovery.companies.create
cloudjobdiscovery.companies.delete
cloudjobdiscovery.companies.get
cloudjobdiscovery.companies.list
cloudjobdiscovery.companies.update
cloudjobdiscovery.jobs.create
cloudjobdiscovery.jobs.delete
cloudjobdiscovery.jobs.deleteByFilter
cloudjobdiscovery.jobs.get
cloudjobdiscovery.jobs.search
cloudjobdiscovery.jobs.update
cloudjobdiscovery.tools.access
Google Cloud Profiler Added cloudprofiler.profiles.create
cloudprofiler.profiles.list
cloudprofiler.profiles.update
Google Cloud Profiler Supported In Custom Roles cloudprofiler.profiles.create
cloudprofiler.profiles.list
cloudprofiler.profiles.update

Cloud IAM changes as of 2018-03-02

Service Change Description
Service Broker API Added servicebroker.bindingoperations.get
servicebroker.bindingoperations.list
servicebroker.bindings.create
servicebroker.bindings.delete
servicebroker.bindings.get
servicebroker.bindings.getIamPolicy
servicebroker.bindings.list
servicebroker.bindings.setIamPolicy
servicebroker.catalogs.create
servicebroker.catalogs.delete
servicebroker.catalogs.get
servicebroker.catalogs.getIamPolicy
servicebroker.catalogs.list
servicebroker.catalogs.setIamPolicy
servicebroker.catalogs.validate
servicebroker.instanceoperations.get
servicebroker.instanceoperations.list
servicebroker.instances.create
servicebroker.instances.delete
servicebroker.instances.get
servicebroker.instances.getIamPolicy
servicebroker.instances.list
servicebroker.instances.setIamPolicy
servicebroker.instances.update
Service Broker API Supported In Custom Roles servicebroker.bindingoperations.get
servicebroker.bindingoperations.list
servicebroker.bindings.create
servicebroker.bindings.delete
servicebroker.bindings.get
servicebroker.bindings.getIamPolicy
servicebroker.bindings.list
servicebroker.bindings.setIamPolicy
servicebroker.catalogs.create
servicebroker.catalogs.delete
servicebroker.catalogs.get
servicebroker.catalogs.getIamPolicy
servicebroker.catalogs.list
servicebroker.catalogs.setIamPolicy
servicebroker.catalogs.validate
servicebroker.instanceoperations.get
servicebroker.instanceoperations.list
servicebroker.instances.create
servicebroker.instances.delete
servicebroker.instances.get
servicebroker.instances.getIamPolicy
servicebroker.instances.list
servicebroker.instances.setIamPolicy
servicebroker.instances.update

Cloud IAM changes as of 2018-02-23

Service Change Description
Cloud Resource Manager Supported In Custom Roles resourcemanager.projects.list
resourcemanager.projects.move
Google Service Management Added servicemanagement.services.quota
Google Service Management Supported In Custom Roles servicemanagement.services.quota
Cloud Source Repositories Supported In Custom Roles source.repos.create

Cloud IAM changes as of 2018-02-16

Service Change Description
Google BigQuery Supported In Custom Roles bigquery.tables.update
bigquery.tables.updateData
Google Cloud IoT API Supported In Custom Roles cloudiot.devices.create
cloudiot.devices.delete
cloudiot.devices.get
cloudiot.devices.list
cloudiot.devices.update
cloudiot.devices.updateConfig
cloudiot.registries.create
cloudiot.registries.delete
cloudiot.registries.get
cloudiot.registries.getIamPolicy
cloudiot.registries.list
cloudiot.registries.setIamPolicy
cloudiot.registries.update
Google Cloud SQL Supported In Custom Roles cloudsql.instances.demoteMaster
Google Cloud Support API Added cloudsupport.accounts.create
cloudsupport.accounts.delete
cloudsupport.accounts.get
cloudsupport.accounts.getIamPolicy
cloudsupport.accounts.getUserRoles
cloudsupport.accounts.list
cloudsupport.accounts.setIamPolicy
cloudsupport.accounts.update
cloudsupport.accounts.updateUserRoles
cloudsupport.operations.get
Google Compute Engine Added compute.oslogin.updateExternalUser
Google Compute Engine Supported In Custom Roles compute.addresses.create
compute.disks.create
compute.disks.setLabels
compute.forwardingRules.create
compute.globalAddresses.create
compute.globalForwardingRules.create
compute.images.create
compute.images.setLabels
compute.snapshots.create
compute.snapshots.setLabels
compute.targetVpnGateways.create
compute.vpnTunnels.create
Google Cloud Dataproc Supported In Custom Roles dataproc.agents.create
dataproc.agents.delete
dataproc.agents.get
dataproc.agents.list
dataproc.agents.update
dataproc.tasks.lease
dataproc.tasks.listInvalidatedLeases
dataproc.tasks.reportStatus
dataproc.workflowTemplates.instantiateInline
Google Cloud DNS API Added dns.changes.create
dns.changes.get
dns.changes.list
dns.dnsKeys.create
dns.dnsKeys.delete
dns.dnsKeys.get
dns.dnsKeys.list
dns.dnsKeys.update
dns.managedZoneOperations.get
dns.managedZoneOperations.list
dns.managedZones.create
dns.managedZones.delete
dns.managedZones.get
dns.managedZones.list
dns.managedZones.update
dns.projects.get
dns.resourceRecordSets.create
dns.resourceRecordSets.delete
dns.resourceRecordSets.get
dns.resourceRecordSets.list
dns.resourceRecordSets.update

Cloud IAM changes as of 2018-02-02

Service Change Description
Google Compute Engine Available In Custom Roles compute.interconnectAttachments.create
compute.interconnectAttachments.delete
compute.interconnectAttachments.get
compute.interconnectAttachments.list
compute.interconnectAttachments.setLabels
compute.interconnectAttachments.update
compute.interconnectAttachments.use
compute.interconnectLocations.get
compute.interconnectLocations.list
compute.interconnects.create
compute.interconnects.delete
compute.interconnects.get
compute.interconnects.list
compute.interconnects.setLabels
compute.interconnects.update
compute.interconnects.use
Data Loss Prevention API Added dlp.jobTriggers.create
dlp.jobTriggers.delete
dlp.jobTriggers.get
dlp.jobTriggers.list
dlp.jobTriggers.update

Cloud IAM changes as of 2018-01-26

Service Change Description
Google BigQuery Added bigquery.jobs.listAll
Google Kubernetes Engine Added container.podSecurityPolicies.create
container.podSecurityPolicies.delete
container.podSecurityPolicies.get
container.podSecurityPolicies.list
container.podSecurityPolicies.update
container.podSecurityPolicies.use

Cloud IAM changes as of 2018-01-19

Service Change Description
Google Compute Engine Added compute.addresses.createInternal
compute.addresses.deleteInternal
compute.addresses.useInternal

Cloud IAM changes as of 2018-01-12

Service Change Description
Google App Engine Not Supported In Custom Roles appengine.runtimes.actAsAdmin
Google Compute Engine Added compute.backendServices.setSecurityPolicy
compute.securityPolicies.create
compute.securityPolicies.delete
compute.securityPolicies.get
compute.securityPolicies.getIamPolicy
compute.securityPolicies.list
compute.securityPolicies.setIamPolicy
compute.securityPolicies.update
compute.securityPolicies.use
Google Compute Engine Not Supported In Custom Roles compute.organizations.administerXpn
compute.targetHttpProxies.create
compute.targetHttpProxies.setUrlMap
compute.targetHttpsProxies.create
compute.targetHttpsProxies.setUrlMap
compute.targetSslProxies.create
compute.targetSslProxies.setBackendService
compute.targetTcpProxies.create
compute.targetTcpProxies.update
Google Compute Engine Now GA compute.instances.osAdminLogin
compute.instances.osLogin

Cloud IAM changes as of 2017-12-22

Service Change Description
Google App Engine Supported In Custom Roles appengine.applications.create
appengine.applications.get
appengine.applications.update
appengine.instances.delete
appengine.instances.get
appengine.instances.list
appengine.operations.get
appengine.operations.list
appengine.services.delete
appengine.services.get
appengine.services.list
appengine.services.update
appengine.versions.create
appengine.versions.delete
appengine.versions.get
appengine.versions.list
appengine.versions.update
Google App Engine Not Supported In Custom Roles appengine.applications.list
appengine.operations.cancel
appengine.operations.delete
appengine.services.create
Google Cloud Billing API Supported In Custom Roles billing.accounts.close
billing.accounts.reopen
billing.budgets.delete
billing.budgets.update
Stackdriver Debugger Supported In Custom Roles clouddebugger.breakpoints.create
clouddebugger.breakpoints.delete
clouddebugger.breakpoints.get
clouddebugger.breakpoints.list
clouddebugger.breakpoints.listActive
clouddebugger.breakpoints.update
clouddebugger.debuggees.create
clouddebugger.debuggees.list
Cloud Key Management Service API Supported In Custom Roles cloudkms.cryptoKeyVersions.create
cloudkms.cryptoKeyVersions.destroy
cloudkms.cryptoKeyVersions.get
cloudkms.cryptoKeyVersions.list
cloudkms.cryptoKeyVersions.restore
cloudkms.cryptoKeyVersions.update
cloudkms.cryptoKeyVersions.useToDecrypt
cloudkms.cryptoKeyVersions.useToEncrypt
cloudkms.cryptoKeys.create
cloudkms.cryptoKeys.get
cloudkms.cryptoKeys.getIamPolicy
cloudkms.cryptoKeys.list
cloudkms.cryptoKeys.setIamPolicy
cloudkms.cryptoKeys.update
cloudkms.keyRings.create
cloudkms.keyRings.get
cloudkms.keyRings.getIamPolicy
cloudkms.keyRings.list
cloudkms.keyRings.setIamPolicy
Google Cloud SQL Supported In Custom Roles cloudsql.backupRuns.create
cloudsql.backupRuns.delete
cloudsql.backupRuns.get
cloudsql.backupRuns.list
cloudsql.databases.create
cloudsql.databases.delete
cloudsql.databases.get
cloudsql.databases.list
cloudsql.databases.update
cloudsql.instances.clone
cloudsql.instances.connect
cloudsql.instances.create
cloudsql.instances.delete
cloudsql.instances.export
cloudsql.instances.failover
cloudsql.instances.get
cloudsql.instances.import
cloudsql.instances.list
cloudsql.instances.promoteReplica
cloudsql.instances.resetSslConfig
cloudsql.instances.restart
cloudsql.instances.restoreBackup
cloudsql.instances.startReplica
cloudsql.instances.stopReplica
cloudsql.instances.truncateLog
cloudsql.instances.update
cloudsql.sslCerts.create
cloudsql.sslCerts.delete
cloudsql.sslCerts.get
cloudsql.sslCerts.list
cloudsql.users.create
cloudsql.users.delete
cloudsql.users.list
cloudsql.users.update
Google Cloud SQL Not Supported In Custom Roles cloudsql.databases.getIamPolicy
cloudsql.databases.setIamPolicy
cloudsql.instances.demoteMaster
cloudsql.instances.getIamPolicy
cloudsql.instances.migrate
cloudsql.instances.setIamPolicy
cloudsql.sslCerts.createEphemeral
Stackdriver Trace API Supported In Custom Roles cloudtrace.insights.get
cloudtrace.insights.list
cloudtrace.stats.get
cloudtrace.tasks.create
cloudtrace.tasks.delete
cloudtrace.tasks.get
cloudtrace.tasks.list
cloudtrace.traces.get
cloudtrace.traces.list
cloudtrace.traces.patch
Google Compute Engine Added compute.instances.setMachineResources
compute.instances.setMinCpuPlatform
compute.instances.setServiceAccount
compute.instances.updateAccessConfig
compute.instances.updateNetworkInterface
compute.licenseCodes.get
compute.licenseCodes.list
compute.licenseCodes.update
compute.licenseCodes.use
Google Compute Engine Supported In Custom Roles compute.acceleratorTypes.get
compute.acceleratorTypes.list
compute.addresses.delete
compute.addresses.get
compute.addresses.list
compute.addresses.use
compute.autoscalers.create
compute.autoscalers.delete
compute.autoscalers.get
compute.autoscalers.list
compute.autoscalers.update
compute.backendBuckets.create
compute.backendBuckets.delete
compute.backendBuckets.get
compute.backendBuckets.list
compute.backendBuckets.update
compute.commitments.list
compute.diskTypes.get
compute.diskTypes.list
compute.disks.createSnapshot
compute.disks.delete
compute.disks.get
compute.disks.list
compute.disks.resize
compute.disks.update
compute.disks.use
compute.disks.useReadOnly
compute.firewalls.create
compute.firewalls.delete
compute.firewalls.get
compute.firewalls.list
compute.firewalls.update
compute.forwardingRules.delete
compute.forwardingRules.get
compute.forwardingRules.list
compute.forwardingRules.setTarget
compute.globalAddresses.delete
compute.globalAddresses.get
compute.globalAddresses.list
compute.globalAddresses.use
compute.globalForwardingRules.delete
compute.globalForwardingRules.get
compute.globalForwardingRules.list
compute.globalOperations.delete
compute.globalOperations.get
compute.globalOperations.list
compute.httpHealthChecks.create
compute.httpHealthChecks.delete
compute.httpHealthChecks.get
compute.httpHealthChecks.list
compute.httpHealthChecks.update
compute.httpHealthChecks.useReadOnly
compute.httpsHealthChecks.create
compute.httpsHealthChecks.delete
compute.httpsHealthChecks.get
compute.httpsHealthChecks.list
compute.httpsHealthChecks.update
compute.httpsHealthChecks.useReadOnly
compute.images.delete
compute.images.deprecate
compute.images.get
compute.images.getFromFamily
compute.images.list
compute.instanceGroupManagers.create
compute.instanceGroupManagers.delete
compute.instanceGroupManagers.get
compute.instanceGroupManagers.list
compute.instanceGroupManagers.update
compute.instanceGroupManagers.use
compute.instanceGroups.create
compute.instanceGroups.delete
compute.instanceGroups.get
compute.instanceGroups.list
compute.instanceGroups.update
compute.instanceTemplates.create
compute.instanceTemplates.delete
compute.instanceTemplates.get
compute.instanceTemplates.list
compute.instanceTemplates.useReadOnly
compute.instances.addAccessConfig
compute.instances.attachDisk
compute.instances.create
compute.instances.delete
compute.instances.deleteAccessConfig
compute.instances.detachDisk
compute.instances.get
compute.instances.getSerialPortOutput
compute.instances.list
compute.instances.listReferrers
compute.instances.reset
compute.instances.setDiskAutoDelete
compute.instances.setLabels
compute.instances.setMachineType
compute.instances.setMetadata
compute.instances.setScheduling
compute.instances.setTags
compute.instances.start
compute.instances.stop
compute.instances.use
compute.machineTypes.get
compute.machineTypes.list
compute.networks.create
compute.networks.delete
compute.networks.get
compute.networks.list
compute.networks.updatePolicy
compute.organizations.disableXpnHost
compute.organizations.disableXpnResource
compute.organizations.enableXpnHost
compute.organizations.enableXpnResource
compute.projects.get
compute.projects.setCommonInstanceMetadata
compute.projects.setUsageExportBucket
compute.regionOperations.delete
compute.regionOperations.get
compute.regionOperations.list
compute.regions.get
compute.regions.list
compute.routers.create
compute.routers.delete
compute.routers.get
compute.routers.list
compute.routers.update
compute.routers.use
compute.routes.create
compute.routes.delete
compute.routes.get
compute.routes.list
compute.snapshots.delete
compute.snapshots.get
compute.snapshots.list
compute.snapshots.useReadOnly
compute.sslCertificates.create
compute.sslCertificates.delete
compute.sslCertificates.get
compute.sslCertificates.list
compute.subnetworks.use
compute.subnetworks.useExternalIp
compute.targetHttpProxies.create
compute.targetHttpProxies.delete
compute.targetHttpProxies.get
compute.targetHttpProxies.list
compute.targetHttpProxies.setUrlMap
compute.targetHttpProxies.use
compute.targetHttpsProxies.create
compute.targetHttpsProxies.delete
compute.targetHttpsProxies.get
compute.targetHttpsProxies.list
compute.targetHttpsProxies.setSslCertificates
compute.targetHttpsProxies.setUrlMap
compute.targetHttpsProxies.use
compute.targetInstances.create
compute.targetInstances.delete
compute.targetInstances.get
compute.targetInstances.list
compute.targetInstances.use
compute.targetPools.addHealthCheck
compute.targetPools.addInstance
compute.targetPools.create
compute.targetPools.delete
compute.targetPools.get
compute.targetPools.list
compute.targetPools.removeHealthCheck
compute.targetPools.removeInstance
compute.targetPools.update
compute.targetPools.use
compute.targetSslProxies.create
compute.targetSslProxies.delete
compute.targetSslProxies.get
compute.targetSslProxies.list
compute.targetSslProxies.setBackendService
compute.targetSslProxies.setProxyHeader
compute.targetSslProxies.setSslCertificates
compute.targetSslProxies.use
compute.targetTcpProxies.create
compute.targetTcpProxies.delete
compute.targetTcpProxies.get
compute.targetTcpProxies.list
compute.targetTcpProxies.update
compute.targetTcpProxies.use
compute.targetVpnGateways.delete
compute.targetVpnGateways.get
compute.targetVpnGateways.list
compute.targetVpnGateways.use
compute.vpnTunnels.delete
compute.vpnTunnels.get
compute.vpnTunnels.list
compute.zoneOperations.delete
compute.zoneOperations.get
compute.zoneOperations.list
compute.zones.get
compute.zones.list
Google Compute Engine Not Supported In Custom Roles compute.backendServices.create
compute.backendServices.delete
compute.backendServices.get
compute.backendServices.list
compute.backendServices.update
compute.backendServices.use
compute.healthChecks.create
compute.healthChecks.delete
compute.healthChecks.get
compute.healthChecks.list
compute.healthChecks.update
compute.healthChecks.use
compute.healthChecks.useReadOnly
compute.interconnectAttachments.create
compute.interconnectAttachments.delete
compute.interconnectAttachments.get
compute.interconnectAttachments.list
compute.interconnectAttachments.setLabels
compute.interconnectAttachments.update
compute.interconnectAttachments.use
compute.interconnectLocations.get
compute.interconnectLocations.list
compute.interconnects.create
compute.interconnects.delete
compute.interconnects.get
compute.interconnects.list
compute.interconnects.setLabels
compute.interconnects.update
compute.interconnects.use
compute.urlMaps.create
compute.urlMaps.delete
compute.urlMaps.get
compute.urlMaps.invalidateCache
compute.urlMaps.list
compute.urlMaps.update
compute.urlMaps.use
compute.urlMaps.validate
Google Kubernetes Engine Added container.services.updateStatus
Google Kubernetes Engine Supported In Custom Roles container.clusters.create
container.clusters.delete
container.clusters.get
container.clusters.getCredentials
container.clusters.list
container.clusters.update
container.operations.get
container.operations.list
Google Cloud Dataproc Supported In Custom Roles dataproc.clusters.create
dataproc.clusters.delete
dataproc.clusters.get
dataproc.clusters.getIamPolicy
dataproc.clusters.list
dataproc.clusters.setIamPolicy
dataproc.clusters.update
dataproc.clusters.use
dataproc.jobs.cancel
dataproc.jobs.create
dataproc.jobs.delete
dataproc.jobs.get
dataproc.jobs.list
dataproc.jobs.update
dataproc.operations.cancel
dataproc.operations.delete
dataproc.operations.get
dataproc.operations.list
dataproc.workflowTemplates.create
dataproc.workflowTemplates.delete
dataproc.workflowTemplates.get
dataproc.workflowTemplates.instantiate
dataproc.workflowTemplates.list
dataproc.workflowTemplates.update
Cloud Datastore Not Supported In Custom Roles datastore.databases.create
datastore.databases.delete
datastore.databases.export
datastore.databases.get
datastore.databases.getIamPolicy
datastore.databases.import
datastore.databases.list
datastore.databases.setIamPolicy
datastore.databases.update
datastore.entities.allocateIds
datastore.entities.create
datastore.entities.delete
datastore.entities.get
datastore.entities.list
datastore.entities.update
datastore.indexes.create
datastore.indexes.delete
datastore.indexes.get
datastore.indexes.list
datastore.indexes.update
datastore.namespaces.get
datastore.namespaces.getIamPolicy
datastore.namespaces.list
datastore.namespaces.setIamPolicy
datastore.operations.cancel
datastore.operations.delete
datastore.operations.get
datastore.operations.list
datastore.statistics.get
datastore.statistics.list
Cloud Deployment Manager Supported In Custom Roles deploymentmanager.compositeTypes.create
deploymentmanager.compositeTypes.delete
deploymentmanager.compositeTypes.get
deploymentmanager.compositeTypes.list
deploymentmanager.compositeTypes.update
deploymentmanager.deployments.cancelPreview
deploymentmanager.deployments.create
deploymentmanager.deployments.delete
deploymentmanager.deployments.get
deploymentmanager.deployments.getIamPolicy
deploymentmanager.deployments.list
deploymentmanager.deployments.setIamPolicy
deploymentmanager.deployments.stop
deploymentmanager.deployments.update
deploymentmanager.manifests.get
deploymentmanager.manifests.list
deploymentmanager.operations.get
deploymentmanager.operations.list
deploymentmanager.resources.get
deploymentmanager.resources.list
deploymentmanager.typeProviders.create
deploymentmanager.typeProviders.delete
deploymentmanager.typeProviders.get
deploymentmanager.typeProviders.list
deploymentmanager.typeProviders.update
deploymentmanager.types.list
Dialogflow Supported In Custom Roles dialogflow.agents.export
dialogflow.agents.get
dialogflow.agents.import
dialogflow.agents.restore
dialogflow.contexts.create
dialogflow.contexts.delete
dialogflow.contexts.get
dialogflow.contexts.list
dialogflow.contexts.update
dialogflow.entityTypes.create
dialogflow.entityTypes.createEntity
dialogflow.entityTypes.delete
dialogflow.entityTypes.deleteEntity
dialogflow.entityTypes.get
dialogflow.entityTypes.list
dialogflow.entityTypes.update
dialogflow.entityTypes.updateEntity
dialogflow.intents.create
dialogflow.intents.delete
dialogflow.intents.get
dialogflow.intents.list
dialogflow.intents.update
dialogflow.operations.get
dialogflow.sessionEntityTypes.create
dialogflow.sessionEntityTypes.delete
dialogflow.sessionEntityTypes.get
dialogflow.sessionEntityTypes.list
dialogflow.sessionEntityTypes.update
dialogflow.sessions.detectIntent
dialogflow.sessions.streamingDetectIntent
Stackdriver Error Reporting Supported In Custom Roles errorreporting.applications.list
errorreporting.errorEvents.create
errorreporting.errorEvents.delete
errorreporting.errorEvents.list
errorreporting.groupMetadata.get
errorreporting.groupMetadata.update
errorreporting.groups.list
Cloud Identity and Access Management Not Supported In Custom Roles iam.serviceAccounts.actAs
iam.serviceAccounts.getAccessToken
iam.serviceAccounts.signBlob
iam.serviceAccounts.signJwt
Stackdriver Logging Supported In Custom Roles logging.exclusions.create
logging.exclusions.delete
logging.exclusions.get
logging.exclusions.list
logging.exclusions.update
logging.logEntries.create
logging.logEntries.list
logging.logMetrics.create
logging.logMetrics.delete
logging.logMetrics.get
logging.logMetrics.list
logging.logMetrics.update
logging.logServiceIndexes.list
logging.logServices.list
logging.logs.delete
logging.logs.list
logging.privateLogEntries.list
logging.sinks.create
logging.sinks.delete
logging.sinks.get
logging.sinks.list
logging.sinks.update
logging.usage.get
Google Cloud Machine Learning Engine Supported In Custom Roles ml.jobs.cancel
ml.jobs.create
ml.jobs.get
ml.jobs.getIamPolicy
ml.jobs.list
ml.jobs.setIamPolicy
ml.jobs.update
ml.locations.get
ml.locations.list
ml.models.create
ml.models.delete
ml.models.get
ml.models.getIamPolicy
ml.models.list
ml.models.predict
ml.models.setIamPolicy
ml.models.update
ml.operations.cancel
ml.operations.get
ml.operations.list
ml.projects.getConfig
ml.versions.create
ml.versions.delete
ml.versions.get
ml.versions.list
ml.versions.predict
ml.versions.update
Stackdriver Monitoring API Supported In Custom Roles monitoring.groups.create
monitoring.groups.delete
monitoring.groups.get
monitoring.groups.list
monitoring.groups.update
monitoring.metricDescriptors.create
monitoring.metricDescriptors.delete
monitoring.metricDescriptors.get
monitoring.metricDescriptors.list
monitoring.monitoredResourceDescriptors.get
monitoring.monitoredResourceDescriptors.list
monitoring.timeSeries.create
monitoring.timeSeries.list
Google Cloud Pub/Sub API Supported In Custom Roles pubsub.topics.setIamPolicy
Google Service Management Supported In Custom Roles servicemanagement.services.check
servicemanagement.services.report
Google Service Management Not Supported In Custom Roles servicemanagement.consumerSettings.get
servicemanagement.consumerSettings.getIamPolicy
servicemanagement.consumerSettings.list
servicemanagement.consumerSettings.setIamPolicy
servicemanagement.consumerSettings.update
Cloud Source Repositories Supported In Custom Roles source.repos.delete
source.repos.get
source.repos.getIamPolicy
source.repos.list
source.repos.setIamPolicy
Cloud Source Repositories Not Supported In Custom Roles source.repos.update
Cloud Spanner Supported In Custom Roles spanner.databaseOperations.cancel
spanner.databaseOperations.get
spanner.databaseOperations.list
spanner.databases.beginOrRollbackReadWriteTransaction
spanner.databases.beginReadOnlyTransaction
spanner.databases.create
spanner.databases.drop
spanner.databases.get
spanner.databases.getDdl
spanner.databases.getIamPolicy
spanner.databases.list
spanner.databases.read
spanner.databases.select
spanner.databases.setIamPolicy
spanner.databases.updateDdl
spanner.databases.write
spanner.instanceConfigs.get
spanner.instanceConfigs.list
spanner.instanceOperations.cancel
spanner.instanceOperations.delete
spanner.instanceOperations.get
spanner.instanceOperations.list
spanner.instances.create
spanner.instances.delete
spanner.instances.get
spanner.instances.getIamPolicy
spanner.instances.list
spanner.instances.setIamPolicy
spanner.instances.update
spanner.sessions.create
spanner.sessions.delete
spanner.sessions.get
spanner.sessions.list
Cloud Spanner Not Supported In Custom Roles spanner.databaseOperations.delete
spanner.databases.update
Google Cloud Storage Supported In Custom Roles storage.buckets.create
storage.buckets.delete
storage.buckets.get
storage.buckets.getIamPolicy
storage.buckets.list
storage.buckets.setIamPolicy
storage.buckets.update
storage.objects.create
storage.objects.delete
storage.objects.get
storage.objects.getIamPolicy
storage.objects.list
storage.objects.setIamPolicy
storage.objects.update

Cloud IAM changes as of 2017-12-08

Service Change Description
Google BigQuery Supported In Custom Roles bigquery.datasets.create
bigquery.datasets.delete
bigquery.datasets.get
bigquery.datasets.update
bigquery.jobs.create
bigquery.jobs.get
bigquery.jobs.list
bigquery.jobs.update
bigquery.savedqueries.create
bigquery.savedqueries.delete
bigquery.savedqueries.get
bigquery.savedqueries.list
bigquery.savedqueries.update
bigquery.tables.create
bigquery.tables.delete
bigquery.tables.export
bigquery.tables.get
bigquery.tables.getData
bigquery.tables.list
Google BigQuery Not Supported In Custom Roles bigquery.config.get
bigquery.config.update
bigquery.service.actAsSuperuser
bigquery.tables.update
bigquery.tables.updateData
bigquery.transfers.get
bigquery.transfers.update
Google Bigtable API Supported In Custom Roles bigtable.clusters.get
bigtable.clusters.list
bigtable.clusters.update
bigtable.instances.create
bigtable.instances.delete
bigtable.instances.get
bigtable.instances.list
bigtable.instances.update
bigtable.tables.create
bigtable.tables.delete
bigtable.tables.get
bigtable.tables.list
bigtable.tables.mutateRows
bigtable.tables.readRows
bigtable.tables.sampleRowKeys
bigtable.tables.update
Google Compute Engine Added compute.disks.getIamPolicy
compute.disks.setIamPolicy
compute.globalOperations.getIamPolicy
compute.globalOperations.setIamPolicy
compute.images.getIamPolicy
compute.images.setIamPolicy
compute.instances.getIamPolicy
compute.instances.setIamPolicy
compute.licenses.getIamPolicy
compute.licenses.setIamPolicy
compute.organizations.administerXpn
compute.organizations.disableXpnHost
compute.organizations.disableXpnResource
compute.organizations.enableXpnHost
compute.organizations.enableXpnResource
compute.regionOperations.getIamPolicy
compute.regionOperations.setIamPolicy
compute.snapshots.getIamPolicy
compute.snapshots.setIamPolicy
compute.vpnGateways.create
compute.vpnGateways.delete
compute.vpnGateways.get
compute.vpnGateways.list
compute.vpnGateways.setLabels
compute.vpnGateways.use
compute.zoneOperations.getIamPolicy
compute.zoneOperations.setIamPolicy
Google Dataflow API Supported In Custom Roles dataflow.jobs.cancel
dataflow.jobs.create
dataflow.jobs.get
dataflow.jobs.list
dataflow.jobs.updateContents
dataflow.messages.list
dataflow.metrics.get
Google Cloud Dataproc Added dataproc.workflowTemplates.instantiateInline
Data Loss Prevention API Added dlp.analyzeRiskTemplates.create
dlp.analyzeRiskTemplates.delete
dlp.analyzeRiskTemplates.get
dlp.analyzeRiskTemplates.list
dlp.analyzeRiskTemplates.update
dlp.deidentifyTemplates.create
dlp.deidentifyTemplates.delete
dlp.deidentifyTemplates.get
dlp.deidentifyTemplates.list
dlp.deidentifyTemplates.update
dlp.inspectTemplates.create
dlp.inspectTemplates.delete
dlp.inspectTemplates.get
dlp.inspectTemplates.list
dlp.inspectTemplates.update
dlp.jobs.cancel
dlp.jobs.create
dlp.jobs.delete
dlp.jobs.get
dlp.jobs.list
Google Cloud Pub/Sub API Added pubsub.snapshots.create
pubsub.snapshots.delete
pubsub.snapshots.get
pubsub.snapshots.getIamPolicy
pubsub.snapshots.list
pubsub.snapshots.seek
pubsub.snapshots.setIamPolicy
pubsub.snapshots.update
Google Cloud Pub/Sub API Supported In Custom Roles pubsub.subscriptions.consume
pubsub.subscriptions.create
pubsub.subscriptions.delete
pubsub.subscriptions.get
pubsub.subscriptions.getIamPolicy
pubsub.subscriptions.list
pubsub.subscriptions.setIamPolicy
pubsub.subscriptions.update
pubsub.topics.attachSubscription
pubsub.topics.create
pubsub.topics.delete
pubsub.topics.get
pubsub.topics.getIamPolicy
pubsub.topics.list
pubsub.topics.publish

Cloud IAM changes as of 2017-12-01

Service Change Description
Google Cloud Build API Supported In Custom Roles cloudbuild.builds.create
cloudbuild.builds.get
cloudbuild.builds.list
cloudbuild.builds.update
Cloud Tool Results API Now GA cloudtoolresults.executions.create
cloudtoolresults.executions.get
cloudtoolresults.executions.list
cloudtoolresults.executions.update
cloudtoolresults.histories.create
cloudtoolresults.histories.get
cloudtoolresults.histories.list
cloudtoolresults.settings.create
cloudtoolresults.settings.get
cloudtoolresults.settings.update
cloudtoolresults.steps.create
cloudtoolresults.steps.get
cloudtoolresults.steps.list
cloudtoolresults.steps.update
Google Compute Engine Now GA compute.instances.addMaintenancePolicies
compute.instances.removeMaintenancePolicies
compute.maintenancePolicies.create
compute.maintenancePolicies.delete
compute.maintenancePolicies.get
compute.maintenancePolicies.getIamPolicy
compute.maintenancePolicies.list
compute.maintenancePolicies.setIamPolicy
compute.maintenancePolicies.use
compute.targetTcpProxies.create
compute.targetTcpProxies.delete
compute.targetTcpProxies.get
compute.targetTcpProxies.getIamPolicy
compute.targetTcpProxies.list
compute.targetTcpProxies.setIamPolicy
compute.targetTcpProxies.update
compute.targetTcpProxies.use
Google Kubernetes Engine Added container.initializerConfigurations.create
container.initializerConfigurations.delete
container.initializerConfigurations.get
container.initializerConfigurations.list
container.initializerConfigurations.update
container.pods.initialize
Google Kubernetes Engine Now GA container.deployments.getScale
container.deployments.updateScale
Cloud Dataprep Supported In Custom Roles dataprep.projects.use
Cloud Identity and Access Management Supported In Custom Roles iam.roles.create
iam.roles.delete
iam.roles.get
iam.roles.list
iam.roles.undelete
iam.roles.update

Cloud IAM changes as of 2017-11-10

Service Change Description
Google Kubernetes Engine Added container.clusters.getIamPolicy
container.clusters.setIamPolicy
Google Cloud Machine Learning Engine Added ml.locations.get
ml.locations.list
Stackdriver Monitoring API Added monitoring.metricDescriptors.update

Cloud IAM changes as of 2017-10-27

Service Change Description
Google Compute Engine Added compute.instances.updateShieldedVmConfig
Cloud Identity-Aware Proxy Added iap.web.getIamPolicy
iap.web.setIamPolicy
iap.webServiceVersions.accessViaIAP
iap.webServiceVersions.getIamPolicy
iap.webServiceVersions.setIamPolicy
iap.webServiceVersions.updateIAP
iap.webServices.getIamPolicy
iap.webServices.setIamPolicy
iap.webServices.updateIAP
iap.webTypes.getIamPolicy
iap.webTypes.setIamPolicy
iap.webTypes.updateIAP
Google Service Management Supported In Custom Roles servicemanagement.services.create
servicemanagement.services.delete
servicemanagement.services.get
servicemanagement.services.getIamPolicy
servicemanagement.services.list
servicemanagement.services.setIamPolicy
servicemanagement.services.update

Cloud IAM changes as of 2017-10-06

Service Change Description
Google Cloud Dataproc Now GA dataproc.workflowTemplates.create
dataproc.workflowTemplates.delete
dataproc.workflowTemplates.get
dataproc.workflowTemplates.getIamPolicy
dataproc.workflowTemplates.instantiate
dataproc.workflowTemplates.list
dataproc.workflowTemplates.setIamPolicy
dataproc.workflowTemplates.update

Cloud IAM changes as of 2017-09-22

Service Change Description
Google App Engine Added appengine.memcache.addKey
appengine.memcache.flush
appengine.memcache.get
appengine.memcache.getKey
appengine.memcache.list
appengine.memcache.update
Google Cloud SQL Added cloudsql.instances.demoteMaster
Google Cloud SQL Now GA cloudsql.instances.demoteMaster

Cloud IAM changes as of 2017-09-08

Service Change Description
Google Cloud Functions Added cloudfunctions.functions.call
cloudfunctions.functions.create
cloudfunctions.functions.delete
cloudfunctions.functions.get
cloudfunctions.functions.list
cloudfunctions.functions.sourceCodeGet
cloudfunctions.functions.sourceCodeSet
cloudfunctions.functions.update
cloudfunctions.locations.list
cloudfunctions.operations.get
cloudfunctions.operations.list
Google Compute Engine Added compute.instances.setDeletionProtection
compute.targetHttpsProxies.setUrlMap
Google Kubernetes Engine Added container.statefulSets.getScale
container.statefulSets.updateScale
Google Kubernetes Engine Now GA container.statefulSets.getScale
container.statefulSets.updateScale
Google Cloud Functions Added dlp.kms.encrypt
dlp.riskAnalysisOperations.cancel
dlp.riskAnalysisOperations.create
dlp.riskAnalysisOperations.get
dlp.riskAnalysisOperations.list
Was this page helpful? Let us know how we did:

Send feedback about...

Cloud Identity and Access Management Documentation