This page provides an archive of changes to Identity and Access Management (IAM) permissions that occurred before 2022. For more recent changes, see IAM permissions change log.
You can see the latest product updates for all of Google Cloud on the Google Cloud page, browse and filter all release notes in the Google Cloud console, or programmatically access release notes in BigQuery.
To get the latest product updates delivered to you, add the URL of this page to your
feed
reader, or add the feed URL directly: https://cloud.google.com/feeds/cloud-iam-permissions-change-log.xml
Cloud IAM changes as of 2021-12-03
Service | Change | Description |
---|---|---|
Anthos Service Mesh | Role Updated |
The following permissions have been added to the role container.namespaces.create |
Apigee | Now GA |
The role |
Apigee | Now GA |
The role |
Cloud Build | Role Updated |
The following permissions have been added to the role logging.logEntries.list logging.privateLogEntries.list logging.views.access |
Cloud Build | Role Updated |
The following permissions have been added to the role logging.logEntries.list logging.privateLogEntries.list logging.views.access |
Cloud Composer | Role Updated |
The following permissions have been added to the role orgpolicy.policy.get |
Cloud Composer | Role Updated |
The following permissions have been added to the role logging.logEntries.list logging.privateLogEntries.list logging.views.access orgpolicy.policy.get |
Dataflow | Role Updated |
The following permissions have been added to the role orgpolicy.policy.get |
Cloud Data Fusion | Role Updated |
The following permissions have been added to the role orgpolicy.policy.get |
Data Pipelines | Role Updated |
The following permissions have been added to the role orgpolicy.policy.get |
Dataprep by Trifacta | Role Updated |
The following permissions have been added to the role orgpolicy.policy.get |
Dataproc | Role Updated |
The following permissions have been added to the role orgpolicy.policy.get |
Sensitive Data Protection | Role Updated |
The following permissions have been added to the role orgpolicy.policy.get |
Firebase | Role Updated |
The following permissions have been added to the role orgpolicy.policy.get |
Firebase | Role Updated |
The following permissions have been added to the role orgpolicy.policy.get |
Firebase | Role Updated |
The following permissions have been added to the role orgpolicy.policy.get |
AI Platform | Role Updated |
The following permissions have been added to the role orgpolicy.policy.get |
Cloud Storage | Role Updated |
The following permissions have been added to the role orgpolicy.policy.get |
Cloud Storage | Role Updated |
The following permissions have been added to the role orgpolicy.policy.get |
Cloud Storage | Role Updated |
The following permissions have been added to the role orgpolicy.policy.get |
Cloud Storage | Role Updated |
The following permissions have been added to the role orgpolicy.policy.get |
Visual Inspection AI | Role Updated |
The following permissions have been added to the role orgpolicy.policy.get |
Certificate Manager | Added |
certificatemanager.certmapentries.create certificatemanager.certmapentries.delete certificatemanager.certmapentries.get certificatemanager.certmapentries.getIamPolicy certificatemanager.certmapentries.list certificatemanager.certmapentries.setIamPolicy certificatemanager.certmapentries.update certificatemanager.certmaps.create certificatemanager.certmaps.delete certificatemanager.certmaps.get certificatemanager.certmaps.getIamPolicy certificatemanager.certmaps.list certificatemanager.certmaps.setIamPolicy certificatemanager.certmaps.update certificatemanager.certmaps.use certificatemanager.certs.create certificatemanager.certs.delete certificatemanager.certs.get certificatemanager.certs.getIamPolicy certificatemanager.certs.list certificatemanager.certs.setIamPolicy certificatemanager.certs.update certificatemanager.certs.use certificatemanager.dnsauthorizations.create certificatemanager.dnsauthorizations.delete certificatemanager.dnsauthorizations.get certificatemanager.dnsauthorizations.getIamPolicy certificatemanager.dnsauthorizations.list certificatemanager.dnsauthorizations.setIamPolicy certificatemanager.dnsauthorizations.update certificatemanager.dnsauthorizations.use certificatemanager.locations.get certificatemanager.locations.list certificatemanager.operations.cancel certificatemanager.operations.delete certificatemanager.operations.get certificatemanager.operations.list |
Certificate Manager | Supported In Custom Roles |
certificatemanager.certmapentries.create certificatemanager.certmapentries.delete certificatemanager.certmapentries.get certificatemanager.certmapentries.getIamPolicy certificatemanager.certmapentries.list certificatemanager.certmapentries.setIamPolicy certificatemanager.certmapentries.update certificatemanager.certmaps.create certificatemanager.certmaps.delete certificatemanager.certmaps.get certificatemanager.certmaps.getIamPolicy certificatemanager.certmaps.list certificatemanager.certmaps.setIamPolicy certificatemanager.certmaps.update certificatemanager.certmaps.use certificatemanager.certs.create certificatemanager.certs.delete certificatemanager.certs.get certificatemanager.certs.getIamPolicy certificatemanager.certs.list certificatemanager.certs.setIamPolicy certificatemanager.certs.update certificatemanager.certs.use certificatemanager.dnsauthorizations.create certificatemanager.dnsauthorizations.delete certificatemanager.dnsauthorizations.get certificatemanager.dnsauthorizations.getIamPolicy certificatemanager.dnsauthorizations.list certificatemanager.dnsauthorizations.setIamPolicy certificatemanager.dnsauthorizations.update certificatemanager.dnsauthorizations.use certificatemanager.locations.get certificatemanager.locations.list certificatemanager.operations.cancel certificatemanager.operations.delete certificatemanager.operations.get certificatemanager.operations.list |
Compute Engine | Added |
compute.commitments.update |
Compute Engine | Supported In Custom Roles |
compute.commitments.update |
Compute Engine | Now GA |
compute.commitments.update |
Cloud Commerce Consumer Procurement | Added |
consumerprocurement.orderAttributions.get consumerprocurement.orderAttributions.list consumerprocurement.orderAttributions.update |
Cloud Commerce Consumer Procurement | Supported In Custom Roles |
consumerprocurement.orderAttributions.get consumerprocurement.orderAttributions.list consumerprocurement.orderAttributions.update |
Data Connectors | Added |
dataconnectors.connectors.create dataconnectors.connectors.delete dataconnectors.connectors.get dataconnectors.connectors.getIamPolicy dataconnectors.connectors.list dataconnectors.connectors.setIamPolicy dataconnectors.connectors.update dataconnectors.connectors.use dataconnectors.locations.get dataconnectors.locations.list dataconnectors.operations.cancel dataconnectors.operations.delete dataconnectors.operations.get dataconnectors.operations.list |
Data Connectors | Supported In Custom Roles |
dataconnectors.connectors.create dataconnectors.connectors.delete dataconnectors.connectors.get dataconnectors.connectors.getIamPolicy dataconnectors.connectors.list dataconnectors.connectors.setIamPolicy dataconnectors.connectors.update dataconnectors.connectors.use dataconnectors.locations.get dataconnectors.locations.list dataconnectors.operations.cancel dataconnectors.operations.delete dataconnectors.operations.get dataconnectors.operations.list |
Dataflow | Added |
dataflow.shuffle.read dataflow.shuffle.write dataflow.streamingWorkItems.commitWork dataflow.streamingWorkItems.getData dataflow.streamingWorkItems.getWork dataflow.workItems.lease dataflow.workItems.sendMessage dataflow.workItems.update |
Network Services | Added |
networkservices.serviceBindings.create networkservices.serviceBindings.delete networkservices.serviceBindings.get networkservices.serviceBindings.list networkservices.serviceBindings.update |
VM Migration | Added |
vmmigration.datacenterConnectors.update |
VM Migration | Supported In Custom Roles |
vmmigration.datacenterConnectors.update |
Cloud IAM changes as of 2021-11-12
Service | Change | Description |
---|---|---|
Vertex AI | Role Updated |
The following permissions have been added to the role resourcemanager.projects.get resourcemanager.projects.list |
Vertex AI | Role Updated |
The following permissions have been added to the role resourcemanager.projects.get resourcemanager.projects.list |
Vertex AI | Role Updated |
The following permissions have been added to the role resourcemanager.projects.get resourcemanager.projects.list |
Vertex AI | Role Updated |
The following permissions have been added to the role resourcemanager.projects.get resourcemanager.projects.list |
Anthos Service Mesh | Role Updated |
The following permissions have been added to the role container.clusterRoles.update |
Apigee | Now GA |
The role |
Apigee | Now GA |
The role |
Apigee | Role Updated |
The following permissions have been added to the role apigee.environments.update |
Binary Authorization | Role Updated |
The following permissions have been added to the role cloudasset.feeds.create cloudasset.feeds.delete cloudasset.feeds.get cloudasset.feeds.update |
Compute Engine | Role Updated |
The following permissions have been added to the role networksecurity.clientTlsPolicies.get networksecurity.clientTlsPolicies.list networksecurity.clientTlsPolicies.use networksecurity.serverTlsPolicies.get networksecurity.serverTlsPolicies.list networksecurity.serverTlsPolicies.use |
Datastore | Now GA |
The role |
Dialogflow | Role Updated |
The following permissions have been added to the role dlp.deidentifyTemplates.get dlp.deidentifyTemplates.list |
Sensitive Data Protection | Role Updated |
The following permissions have been added to the role dlp.deidentifyTemplates.get dlp.deidentifyTemplates.list |
Google Earth Engine | Role Updated |
The following permissions have been added to the role serviceusage.services.get |
Enterprise Knowledge Graph | Role Updated |
The following permissions have been added to the role bigquery.readsessions.getData |
Firebase App Check | Now GA |
The role |
GKE Multi-Cloud | Now GA |
The role |
GKE Multi-Cloud | Now GA |
The role |
GKE Multi-Cloud | Now GA |
The role |
Dataproc Metastore | Role Updated |
The following permissions have been added to the role servicedirectory.namespaces.create servicedirectory.namespaces.delete servicedirectory.services.create servicedirectory.services.delete |
Cloud Monitoring | Role Updated |
The following permissions have been added to the role servicedirectory.networks.access servicedirectory.services.resolve |
Multi Cluster Ingress | Role Updated |
The following permissions have been added to the role compute.subnetworks.use |
Network Connectivity Center | Role Updated |
The following permissions have been added to the role networkconnectivity.operations.get networkconnectivity.operations.list |
Security Command Center | Now GA |
The role |
Security Command Center | Now GA |
The role |
Security Command Center | Now GA |
The role |
Security Command Center | Now GA |
The role |
Security Command Center | Now GA |
The role |
Web Security Scanner | Role Updated |
The following permissions have been added to the role cloudasset.assets.listResource |
Vertex AI | Added |
aiplatform.tensorboardRuns.batchCreate aiplatform.tensorboardTimeSeries.batchCreate aiplatform.tensorboardTimeSeries.batchRead |
Apigee | Added |
apigee.developerbalances.adjust |
Apigee | Supported In Custom Roles |
apigee.developerbalances.adjust |
Apigee | Now GA |
apigee.developerbalances.adjust |
Artifact Registry | Added |
artifactregistry.dockerimages.get artifactregistry.dockerimages.list |
Artifact Registry | Now GA |
artifactregistry.dockerimages.get artifactregistry.dockerimages.list |
Compute Engine | Added |
compute.disks.createTagBinding compute.disks.deleteTagBinding compute.disks.listTagBindings compute.images.createTagBinding compute.images.deleteTagBinding compute.images.listTagBindings compute.snapshots.createTagBinding compute.snapshots.deleteTagBinding compute.snapshots.listTagBindings |
Compute Engine | Now GA |
compute.disks.createTagBinding compute.disks.deleteTagBinding compute.disks.listTagBindings compute.images.createTagBinding compute.images.deleteTagBinding compute.images.listTagBindings compute.machineImages.create compute.machineImages.delete compute.machineImages.get compute.machineImages.getIamPolicy compute.machineImages.list compute.machineImages.setIamPolicy compute.machineImages.useReadOnly compute.snapshots.createTagBinding compute.snapshots.deleteTagBinding compute.snapshots.listTagBindings |
Datastore | Added |
datastore.keyVisualizerScans.get datastore.keyVisualizerScans.list |
Datastore | Now GA |
datastore.keyVisualizerScans.get datastore.keyVisualizerScans.list |
Datastream | Added |
datastream.objects.get datastream.objects.list datastream.objects.startBackfillJob datastream.objects.stopBackfillJob |
Document AI | Added |
documentai.datasetSchemas.get documentai.datasetSchemas.update documentai.datasets.get documentai.datasets.update documentai.processorTypes.get |
Firebase App Check | Added |
firebaseappcheck.recaptchaEnterpriseConfig.get firebaseappcheck.recaptchaEnterpriseConfig.update |
Firebase App Check | Supported In Custom Roles |
firebaseappcheck.recaptchaEnterpriseConfig.get firebaseappcheck.recaptchaEnterpriseConfig.update |
GKE Hub | Added |
gkehub.fleet.create gkehub.fleet.delete gkehub.fleet.get gkehub.fleet.update |
GKE Hub | Now GA |
gkehub.fleet.create gkehub.fleet.delete gkehub.fleet.get gkehub.fleet.update |
GKE Multi-Cloud | Added |
gkemulticloud.awsClusters.generateAccessToken gkemulticloud.azureClusters.generateAccessToken |
GKE Multi-Cloud | Now GA |
gkemulticloud.awsClusters.create gkemulticloud.awsClusters.delete gkemulticloud.awsClusters.generateAccessToken gkemulticloud.awsClusters.get gkemulticloud.awsClusters.getAdminKubeconfig gkemulticloud.awsClusters.list gkemulticloud.awsClusters.update gkemulticloud.awsNodePools.create gkemulticloud.awsNodePools.delete gkemulticloud.awsNodePools.get gkemulticloud.awsNodePools.list gkemulticloud.awsNodePools.update gkemulticloud.awsServerConfigs.get gkemulticloud.azureClients.create gkemulticloud.azureClients.delete gkemulticloud.azureClients.get gkemulticloud.azureClients.list gkemulticloud.azureClusters.create gkemulticloud.azureClusters.delete gkemulticloud.azureClusters.generateAccessToken gkemulticloud.azureClusters.get gkemulticloud.azureClusters.getAdminKubeconfig gkemulticloud.azureClusters.list gkemulticloud.azureClusters.update gkemulticloud.azureNodePools.create gkemulticloud.azureNodePools.delete gkemulticloud.azureNodePools.get gkemulticloud.azureNodePools.list gkemulticloud.azureNodePools.update gkemulticloud.azureServerConfigs.get gkemulticloud.operations.cancel gkemulticloud.operations.delete gkemulticloud.operations.get gkemulticloud.operations.list gkemulticloud.operations.wait |
Identity and Access Management | Added |
iam.denypolicies.create iam.denypolicies.delete iam.denypolicies.get iam.denypolicies.list iam.denypolicies.replace iam.denypolicies.update |
Identity and Access Management | Added |
iam.googleapis.com/denypolicies.create iam.googleapis.com/denypolicies.delete iam.googleapis.com/denypolicies.get iam.googleapis.com/denypolicies.list iam.googleapis.com/denypolicies.replace |
Cloud Run | Added |
run.operations.delete run.operations.get run.operations.list |
Cloud Run | Now GA |
run.operations.delete run.operations.get run.operations.list |
Security Command Center | Added |
securitycenter.findingexternalsystems.update securitycenter.findings.bulkMuteUpdate securitycenter.findings.setMute securitycenter.muteconfigs.create securitycenter.muteconfigs.delete securitycenter.muteconfigs.get securitycenter.muteconfigs.list securitycenter.muteconfigs.update |
Security Command Center | Supported In Custom Roles |
securitycenter.findingexternalsystems.update securitycenter.findings.bulkMuteUpdate securitycenter.findings.setMute securitycenter.muteconfigs.create securitycenter.muteconfigs.delete securitycenter.muteconfigs.get securitycenter.muteconfigs.list securitycenter.muteconfigs.update |
Security Command Center | Now GA |
securitycenter.findingexternalsystems.update securitycenter.findings.bulkMuteUpdate securitycenter.findings.setMute securitycenter.muteconfigs.create securitycenter.muteconfigs.delete securitycenter.muteconfigs.get securitycenter.muteconfigs.list securitycenter.muteconfigs.update |
Video Stitcher API | Added |
videostitcher.cdnKeys.create videostitcher.cdnKeys.delete videostitcher.cdnKeys.get videostitcher.cdnKeys.list videostitcher.cdnKeys.update videostitcher.liveAdTagDetails.get videostitcher.liveAdTagDetails.list videostitcher.liveSessions.create videostitcher.liveSessions.get videostitcher.slates.create videostitcher.slates.delete videostitcher.slates.get videostitcher.slates.list videostitcher.slates.update videostitcher.vodAdTagDetails.get videostitcher.vodAdTagDetails.list videostitcher.vodSessions.create videostitcher.vodSessions.get videostitcher.vodStitchDetails.get videostitcher.vodStitchDetails.list |
Cloud IAM changes as of 2021-10-22
Service | Change | Description |
---|---|---|
Anthos Support | Now GA |
The role |
Cloud Functions | Role Updated |
The following permissions have been added to the role source.repos.get source.repos.list |
Cloud Key Management Service | Now GA |
The role |
Cloud Key Management Service | Now GA |
The role |
Cloud Key Management Service | Now GA |
The role |
Cloud Key Management Service | Now GA |
The role |
Cloud Key Management Service | Now GA |
The role |
Cloud Data Fusion | Role Updated |
The following permissions have been added to the role dataproc.operations.cancel |
Data Pipelines | Now GA |
The role |
Data Pipelines | Now GA |
The role |
Data Pipelines | Now GA |
The role |
Dataproc | Role Updated |
The following permissions have been added to the role dataproc.operations.cancel |
Dataproc | Role Updated |
The following permissions have been added to the role dataproc.autoscalingPolicies.create dataproc.autoscalingPolicies.delete dataproc.autoscalingPolicies.getIamPolicy dataproc.autoscalingPolicies.update |
Customer Usage Data Processing | Now GA |
The role |
Dialogflow | Role Updated |
The following permissions have been added to the role storage.objects.create |
Cloud Domains | Now GA |
The role |
Cloud Domains | Now GA |
The role |
Game Servers | Role Updated |
The following permissions have been added to the role iam.serviceAccounts.actAs |
Managed Service for Microsoft Active Directory | Now GA |
The role |
Managed Service for Microsoft Active Directory | Now GA |
The role |
Multi Cluster Ingress | Role Updated |
The following permissions have been added to the role compute.addresses.createInternal compute.addresses.deleteInternal compute.addresses.useInternal |
Security Command Center | Now GA |
The role |
Cloud Key Management Service | Added |
cloudkms.cryptoKeyVersions.manageRawPKCS1Keys cloudkms.cryptoKeyVersions.useToDecryptViaDelegation cloudkms.cryptoKeyVersions.useToEncryptViaDelegation |
Cloud Key Management Service | Supported In Custom Roles |
cloudkms.cryptoKeyVersions.manageRawPKCS1Keys cloudkms.cryptoKeyVersions.useToDecryptViaDelegation cloudkms.cryptoKeyVersions.useToEncryptViaDelegation |
Cloud Key Management Service | Now GA |
cloudkms.cryptoKeyVersions.manageRawPKCS1Keys cloudkms.cryptoKeyVersions.useToDecryptViaDelegation cloudkms.cryptoKeyVersions.useToEncryptViaDelegation |
Compute Engine | Added |
compute.reservations.update |
Compute Engine | Supported In Custom Roles |
compute.reservations.update |
Data Pipelines | Now GA |
datapipelines.pipelines.create datapipelines.pipelines.delete datapipelines.pipelines.get datapipelines.pipelines.list datapipelines.pipelines.run datapipelines.pipelines.stop datapipelines.pipelines.update |
Cloud Domains | Supported In Custom Roles |
domains.locations.get domains.locations.list domains.operations.cancel domains.operations.get domains.operations.list |
Cloud Domains | Now GA |
domains.locations.get domains.locations.list domains.operations.cancel domains.operations.get domains.operations.list domains.registrations.configureContact domains.registrations.configureDns domains.registrations.configureManagement domains.registrations.create domains.registrations.delete domains.registrations.get domains.registrations.getIamPolicy domains.registrations.list domains.registrations.setIamPolicy domains.registrations.update |
Firebase Cloud Messaging | Added |
firebasecloudmessaging.messages.create |
Managed Service for Microsoft Active Directory | Now GA |
managedidentities.peerings.create managedidentities.peerings.delete managedidentities.peerings.get managedidentities.peerings.getIamPolicy managedidentities.peerings.list managedidentities.peerings.setIamPolicy managedidentities.peerings.update |
reCAPTCHA Enterprise | Added |
recaptchaenterprise.relatedaccountgroupmemberships.list recaptchaenterprise.relatedaccountgroups.list |
Cloud IAM changes as of 2021-10-01
Service | Change | Description |
---|---|---|
Vertex AI | Role Updated |
The following permissions have been added to the role compute.machineTypes.get dataflow.jobs.cancel dataflow.jobs.create dataflow.jobs.get dataflow.jobs.list dataflow.jobs.snapshot dataflow.jobs.updateContents dataflow.messages.list dataflow.metrics.get dataflow.snapshots.delete dataflow.snapshots.get dataflow.snapshots.list |
Artifact Registry | Role Updated |
The following permissions have been added to the role artifactregistry.repositories.downloadArtifacts |
Cloud TPU | Role Updated |
The following permissions have been added to the role servicedirectory.namespaces.create servicedirectory.namespaces.delete servicedirectory.services.create servicedirectory.services.delete |
Cloud Composer | Role Updated |
The following permissions have been added to the role servicedirectory.namespaces.create servicedirectory.namespaces.delete servicedirectory.services.create servicedirectory.services.delete |
Compute Engine | Role Updated |
The following permissions have been added to the role servicedirectory.namespaces.create servicedirectory.namespaces.delete servicedirectory.services.create servicedirectory.services.delete |
Connectors | Now GA |
The role |
Connectors | Now GA |
The role |
Google Kubernetes Engine | Role Updated |
The following permissions have been added to the role servicedirectory.namespaces.create servicedirectory.namespaces.delete servicedirectory.services.create servicedirectory.services.delete |
Dataflow | Role Updated |
The following permissions have been added to the role servicedirectory.namespaces.create servicedirectory.namespaces.delete servicedirectory.services.create servicedirectory.services.delete |
Sensitive Data Protection | Role Updated |
The following permissions have been added to the role datacatalog.categories.fineGrainedGet |
Firebase Mods | Role Updated |
The following permissions have been added to the role resourcemanager.projects.updateLiens |
GKE Hub | Now GA |
The role |
Transcoder API | Role Updated |
The following permissions have been added to the role transcoder.jobs.delete |
Basic Role | Role Updated |
The following permissions have been added to the role firebaserules.rulesets.test |
Connectors | Added |
connectors.connections.create connectors.connections.delete connectors.connections.get connectors.connections.getConnectionSchemaMetadata connectors.connections.getIamPolicy connectors.connections.getRuntimeActionSchema connectors.connections.getRuntimeEntitySchema connectors.connections.list connectors.connections.setIamPolicy connectors.connections.update connectors.connectors.get connectors.connectors.list connectors.locations.get connectors.locations.list connectors.operations.cancel connectors.operations.delete connectors.operations.get connectors.operations.list connectors.providers.get connectors.providers.list connectors.runtimeconfig.get connectors.versions.get connectors.versions.list |
Connectors | Supported In Custom Roles |
connectors.connections.create connectors.connections.delete connectors.connections.get connectors.connections.getConnectionSchemaMetadata connectors.connections.getIamPolicy connectors.connections.getRuntimeActionSchema connectors.connections.getRuntimeEntitySchema connectors.connections.list connectors.connections.setIamPolicy connectors.connections.update connectors.connectors.get connectors.connectors.list connectors.locations.get connectors.locations.list connectors.operations.cancel connectors.operations.delete connectors.operations.get connectors.operations.list connectors.providers.get connectors.providers.list connectors.runtimeconfig.get connectors.versions.get connectors.versions.list |
Connectors | Now GA |
connectors.connections.create connectors.connections.delete connectors.connections.get connectors.connections.getConnectionSchemaMetadata connectors.connections.getIamPolicy connectors.connections.getRuntimeActionSchema connectors.connections.getRuntimeEntitySchema connectors.connections.list connectors.connections.setIamPolicy connectors.connections.update connectors.connectors.get connectors.connectors.list connectors.locations.get connectors.locations.list connectors.operations.cancel connectors.operations.delete connectors.operations.get connectors.operations.list connectors.providers.get connectors.providers.list connectors.runtimeconfig.get connectors.versions.get connectors.versions.list |
Cloud IAM changes as of 2021-09-24
Service | Change | Description |
---|---|---|
Anthos Service Mesh | Role Updated |
The following permissions have been added to the role container.clusterRoleBindings.create container.clusterRoleBindings.delete container.clusterRoleBindings.get container.clusterRoleBindings.list container.clusterRoleBindings.update container.clusterRoles.bind container.clusterRoles.create container.clusterRoles.delete container.clusterRoles.escalate container.clusterRoles.get container.clusterRoles.list container.configMaps.create container.configMaps.delete container.configMaps.update container.daemonSets.create container.daemonSets.delete container.daemonSets.get container.daemonSets.getStatus container.daemonSets.list container.daemonSets.update container.serviceAccounts.create container.serviceAccounts.delete container.serviceAccounts.get container.serviceAccounts.list container.serviceAccounts.update |
Cloud SQL | Role Updated |
The following permissions have been added to the role recommender.cloudsqlIdleInstanceRecommendations.get recommender.cloudsqlIdleInstanceRecommendations.list recommender.cloudsqlIdleInstanceRecommendations.update recommender.cloudsqlInstanceActivityInsights.get recommender.cloudsqlInstanceActivityInsights.list recommender.cloudsqlInstanceActivityInsights.update recommender.cloudsqlInstanceCpuUsageInsights.get recommender.cloudsqlInstanceCpuUsageInsights.list recommender.cloudsqlInstanceCpuUsageInsights.update recommender.cloudsqlInstanceMemoryUsageInsights.get recommender.cloudsqlInstanceMemoryUsageInsights.list recommender.cloudsqlInstanceMemoryUsageInsights.update recommender.cloudsqlOverprovisionedInstanceRecommendations.get recommender.cloudsqlOverprovisionedInstanceRecommendations.list recommender.cloudsqlOverprovisionedInstanceRecommendations.update |
Cloud SQL | Role Updated |
The following permissions have been added to the role recommender.cloudsqlIdleInstanceRecommendations.get recommender.cloudsqlIdleInstanceRecommendations.list recommender.cloudsqlIdleInstanceRecommendations.update recommender.cloudsqlInstanceActivityInsights.get recommender.cloudsqlInstanceActivityInsights.list recommender.cloudsqlInstanceActivityInsights.update recommender.cloudsqlInstanceCpuUsageInsights.get recommender.cloudsqlInstanceCpuUsageInsights.list recommender.cloudsqlInstanceCpuUsageInsights.update recommender.cloudsqlInstanceMemoryUsageInsights.get recommender.cloudsqlInstanceMemoryUsageInsights.list recommender.cloudsqlInstanceMemoryUsageInsights.update recommender.cloudsqlOverprovisionedInstanceRecommendations.get recommender.cloudsqlOverprovisionedInstanceRecommendations.list recommender.cloudsqlOverprovisionedInstanceRecommendations.update |
Cloud SQL | Role Updated |
The following permissions have been added to the role recommender.cloudsqlIdleInstanceRecommendations.get recommender.cloudsqlIdleInstanceRecommendations.list recommender.cloudsqlInstanceActivityInsights.get recommender.cloudsqlInstanceActivityInsights.list recommender.cloudsqlInstanceCpuUsageInsights.get recommender.cloudsqlInstanceCpuUsageInsights.list recommender.cloudsqlInstanceMemoryUsageInsights.get recommender.cloudsqlInstanceMemoryUsageInsights.list recommender.cloudsqlOverprovisionedInstanceRecommendations.get recommender.cloudsqlOverprovisionedInstanceRecommendations.list |
Cloud Composer | Role Updated |
The following permissions have been added to the role logging.notificationRules.create logging.notificationRules.delete logging.notificationRules.get logging.notificationRules.list logging.notificationRules.update recommender.cloudsqlIdleInstanceRecommendations.get recommender.cloudsqlIdleInstanceRecommendations.list recommender.cloudsqlIdleInstanceRecommendations.update recommender.cloudsqlInstanceActivityInsights.get recommender.cloudsqlInstanceActivityInsights.list recommender.cloudsqlInstanceActivityInsights.update recommender.cloudsqlInstanceCpuUsageInsights.get recommender.cloudsqlInstanceCpuUsageInsights.list recommender.cloudsqlInstanceCpuUsageInsights.update recommender.cloudsqlInstanceMemoryUsageInsights.get recommender.cloudsqlInstanceMemoryUsageInsights.list recommender.cloudsqlInstanceMemoryUsageInsights.update recommender.cloudsqlOverprovisionedInstanceRecommendations.get recommender.cloudsqlOverprovisionedInstanceRecommendations.list recommender.cloudsqlOverprovisionedInstanceRecommendations.update |
Google Kubernetes Engine | Role Updated |
The following permissions have been added to the role dns.responsePolicies.create dns.responsePolicies.delete dns.responsePolicies.get dns.responsePolicies.list dns.responsePolicies.update dns.responsePolicyRules.create dns.responsePolicyRules.delete dns.responsePolicyRules.get dns.responsePolicyRules.list dns.responsePolicyRules.update |
Dataflow | Role Updated |
The following permissions have been added to the role logging.notificationRules.create logging.notificationRules.delete logging.notificationRules.get logging.notificationRules.list logging.notificationRules.update |
Firebase Mods | Role Updated |
The following permissions have been added to the role iam.serviceAccounts.create iam.serviceAccounts.get iam.serviceAccounts.list |
Game Servers | Role Updated |
The following permissions have been added to the role container.mutatingWebhookConfigurations.create container.mutatingWebhookConfigurations.delete container.mutatingWebhookConfigurations.update |
Cloud Logging | Role Updated |
The following permissions have been added to the role logging.notificationRules.create logging.notificationRules.delete logging.notificationRules.get logging.notificationRules.list logging.notificationRules.update |
Dataproc Metastore | Role Updated |
The following permissions have been added to the role compute.addresses.createInternal compute.addresses.deleteInternal compute.addresses.get compute.addresses.use compute.forwardingRules.create compute.forwardingRules.delete compute.forwardingRules.get compute.forwardingRules.pscCreate compute.forwardingRules.pscDelete compute.regionOperations.get compute.subnetworks.get compute.subnetworks.use |
Multi Cluster Ingress | Role Updated |
The following permissions have been added to the role compute.addresses.use compute.regionSslCertificates.create compute.regionSslCertificates.delete compute.regionSslCertificates.get compute.regionSslCertificates.list |
Recommender | Role Added |
The role cloudresourcemanager.googleapis.com/projects.get cloudresourcemanager.googleapis.com/projects.list recommender.bigqueryCapacityCommitmentsInsights.get recommender.bigqueryCapacityCommitmentsInsights.list recommender.bigqueryCapacityCommitmentsInsights.update recommender.bigqueryCapacityCommitmentsRecommendations.get recommender.bigqueryCapacityCommitmentsRecommendations.list recommender.bigqueryCapacityCommitmentsRecommendations.update recommender.googleapis.com/bigqueryCapacityCommitmentsInsights.get recommender.googleapis.com/bigqueryCapacityCommitmentsInsights.list recommender.googleapis.com/bigqueryCapacityCommitmentsInsights.update recommender.googleapis.com/bigqueryCapacityCommitmentsRecommendations.get recommender.googleapis.com/bigqueryCapacityCommitmentsRecommendations.list recommender.googleapis.com/bigqueryCapacityCommitmentsRecommendations.update recommender.googleapis.com/locations.get recommender.googleapis.com/locations.list recommender.locations.get recommender.locations.list resourcemanager.projects.get resourcemanager.projects.list |
Recommender | Role Added |
The role cloudresourcemanager.googleapis.com/projects.get cloudresourcemanager.googleapis.com/projects.list recommender.bigqueryCapacityCommitmentsInsights.get recommender.bigqueryCapacityCommitmentsInsights.list recommender.bigqueryCapacityCommitmentsRecommendations.get recommender.bigqueryCapacityCommitmentsRecommendations.list recommender.googleapis.com/bigqueryCapacityCommitmentsInsights.get recommender.googleapis.com/bigqueryCapacityCommitmentsInsights.list recommender.googleapis.com/bigqueryCapacityCommitmentsRecommendations.get recommender.googleapis.com/bigqueryCapacityCommitmentsRecommendations.list recommender.googleapis.com/locations.get recommender.googleapis.com/locations.list recommender.locations.get recommender.locations.list resourcemanager.projects.get resourcemanager.projects.list |
Datastore | Added |
datastore.databases.getMetadata |
Datastore | Now GA |
datastore.databases.getMetadata |
Cloud Integrations | Added |
integrations.securityAuthConfigs.create integrations.securityAuthConfigs.delete integrations.securityAuthConfigs.get integrations.securityAuthConfigs.list integrations.securityAuthConfigs.update integrations.securityExecutions.cancel integrations.securityExecutions.get integrations.securityExecutions.list integrations.securityIntegTempVers.create integrations.securityIntegTempVers.get integrations.securityIntegTempVers.list integrations.securityIntegrationVers.create integrations.securityIntegrationVers.deploy integrations.securityIntegrationVers.get integrations.securityIntegrationVers.list integrations.securityIntegrationVers.update integrations.securityIntegrations.invoke integrations.securityIntegrations.list |
Recommender | Added |
recommender.bigqueryCapacityCommitmentsInsights.get recommender.bigqueryCapacityCommitmentsInsights.list recommender.bigqueryCapacityCommitmentsInsights.update recommender.bigqueryCapacityCommitmentsRecommendations.get recommender.bigqueryCapacityCommitmentsRecommendations.list recommender.bigqueryCapacityCommitmentsRecommendations.update recommender.cloudsqlIdleInstanceRecommendations.get recommender.cloudsqlIdleInstanceRecommendations.list recommender.cloudsqlIdleInstanceRecommendations.update recommender.cloudsqlInstanceActivityInsights.get recommender.cloudsqlInstanceActivityInsights.list recommender.cloudsqlInstanceActivityInsights.update recommender.cloudsqlInstanceCpuUsageInsights.get recommender.cloudsqlInstanceCpuUsageInsights.list recommender.cloudsqlInstanceCpuUsageInsights.update recommender.cloudsqlInstanceMemoryUsageInsights.get recommender.cloudsqlInstanceMemoryUsageInsights.list recommender.cloudsqlInstanceMemoryUsageInsights.update recommender.cloudsqlOverprovisionedInstanceRecommendations.get recommender.cloudsqlOverprovisionedInstanceRecommendations.list recommender.cloudsqlOverprovisionedInstanceRecommendations.update |
Recommender | Supported In Custom Roles |
recommender.bigqueryCapacityCommitmentsInsights.get recommender.bigqueryCapacityCommitmentsInsights.list recommender.bigqueryCapacityCommitmentsInsights.update recommender.bigqueryCapacityCommitmentsRecommendations.get recommender.bigqueryCapacityCommitmentsRecommendations.list recommender.bigqueryCapacityCommitmentsRecommendations.update recommender.cloudsqlIdleInstanceRecommendations.get recommender.cloudsqlIdleInstanceRecommendations.list recommender.cloudsqlIdleInstanceRecommendations.update recommender.cloudsqlInstanceActivityInsights.get recommender.cloudsqlInstanceActivityInsights.list recommender.cloudsqlInstanceActivityInsights.update recommender.cloudsqlInstanceCpuUsageInsights.get recommender.cloudsqlInstanceCpuUsageInsights.list recommender.cloudsqlInstanceCpuUsageInsights.update recommender.cloudsqlInstanceMemoryUsageInsights.get recommender.cloudsqlInstanceMemoryUsageInsights.list recommender.cloudsqlInstanceMemoryUsageInsights.update recommender.cloudsqlOverprovisionedInstanceRecommendations.get recommender.cloudsqlOverprovisionedInstanceRecommendations.list recommender.cloudsqlOverprovisionedInstanceRecommendations.update |
Cloud IAM changes as of 2021-09-10
Service | Change | Description |
---|---|---|
BigQuery | Added |
bigquery.tables.createSnapshot bigquery.tables.deleteSnapshot bigquery.tables.restoreSnapshot |
BigQuery | Supported In Custom Roles |
bigquery.tables.createSnapshot bigquery.tables.deleteSnapshot bigquery.tables.restoreSnapshot |
Firebase | Added |
firebase.playLinks.get firebase.playLinks.list firebase.playLinks.update |
Firebase | Supported In Custom Roles |
firebase.playLinks.get firebase.playLinks.list firebase.playLinks.update |
Firebase | Now GA |
firebase.playLinks.get firebase.playLinks.list firebase.playLinks.update |
Cloud IAM changes as of 2021-08-30
Service | Change | Description |
---|---|---|
Cloud Build | Role Updated |
The following permissions have been added to the role binaryauthorization.attestors.create binaryauthorization.attestors.delete binaryauthorization.attestors.get binaryauthorization.attestors.list binaryauthorization.attestors.update binaryauthorization.attestors.verifyImageAttested containeranalysis.notes.attachOccurrence containeranalysis.notes.create containeranalysis.notes.delete containeranalysis.notes.get containeranalysis.notes.list containeranalysis.notes.update |
Data Catalog | Role Updated |
The following permissions have been added to the role bigquery.connections.get bigquery.routines.get |
Data Catalog | Role Updated |
The following permissions have been added to the role bigquery.connections.get bigquery.routines.get |
GKE Hub | Now GA |
The role |
GKE Hub | Role Updated |
The following permissions have been added to the role gkemulticloud.awsClusters.get gkemulticloud.azureClusters.get |
Multi Cluster Ingress | Role Updated |
The following permissions have been added to the role compute.sslPolicies.use |
Cloud OS Config | Now GA |
The role |
Cloud OS Config | Now GA |
The role |
Security Command Center | Now GA |
The role |
Storage Transfer Service | Role Updated |
The following permissions have been added to the role storagetransfer.agentpools.get storagetransfer.agentpools.list |
Cloud OS Config | Now GA |
osconfig.inventories.get osconfig.inventories.list osconfig.vulnerabilityReports.get osconfig.vulnerabilityReports.list |
Cloud IAM changes as of 2021-08-27
Service | Change | Description |
---|---|---|
Anthos Service Mesh | Role Updated |
The following permissions have been added to the role container.thirdPartyObjects.create |
Bare Metal Solution | Now GA |
The role |
Bare Metal Solution | Now GA |
The role |
Cloud Deploy | Role Added |
The role clouddeploy.deliveryPipelines.get clouddeploy.googleapis.com/deliveryPipelines.get clouddeploy.googleapis.com/locations.get clouddeploy.googleapis.com/locations.list clouddeploy.googleapis.com/operations.cancel clouddeploy.googleapis.com/operations.delete clouddeploy.googleapis.com/operations.get clouddeploy.googleapis.com/operations.list clouddeploy.googleapis.com/releases.create clouddeploy.googleapis.com/releases.get clouddeploy.googleapis.com/releases.list clouddeploy.googleapis.com/rollouts.create clouddeploy.googleapis.com/rollouts.get clouddeploy.googleapis.com/rollouts.list clouddeploy.googleapis.com/targets.get clouddeploy.locations.get clouddeploy.locations.list clouddeploy.operations.cancel clouddeploy.operations.delete clouddeploy.operations.get clouddeploy.operations.list clouddeploy.releases.create clouddeploy.releases.get clouddeploy.releases.list clouddeploy.rollouts.create clouddeploy.rollouts.get clouddeploy.rollouts.list clouddeploy.targets.get cloudresourcemanager.googleapis.com/projects.get cloudresourcemanager.googleapis.com/projects.list resourcemanager.projects.get resourcemanager.projects.list |
Cloud Deploy | Role Updated |
The following permissions have been added to the role cloudbuild.workerpools.use |
Content Warehouse | Role Updated |
The following permissions have been added to the role cloudfunctions.functions.invoke pubsub.topics.publish pubsublite.topics.publish |
Sensitive Data Protection | Now GA |
The role |
Sensitive Data Protection | Now GA |
The role |
Sensitive Data Protection | Role Updated |
The following permissions have been added to the role cloudasset.assets.analyzeIamPolicy cloudasset.assets.exportResource |
GKE Hub | Role Updated |
The following permissions have been added to the role serviceusage.services.get |
Cloud Logging | Now GA |
The role |
Apigee | Added |
apigee.proxies.update |
Apigee | Supported In Custom Roles |
apigee.proxies.update |
Apigee | Now GA |
apigee.proxies.update |
Bare Metal Solution | Added |
baremetalsolution.instances.create baremetalsolution.instances.get baremetalsolution.instances.list |
Bare Metal Solution | Supported In Custom Roles |
baremetalsolution.instances.create baremetalsolution.instances.get baremetalsolution.instances.list |
Bare Metal Solution | Now GA |
baremetalsolution.instances.create baremetalsolution.instances.get baremetalsolution.instances.list |
BigQuery | Added |
bigquery.jobs.delete |
BigQuery | Supported In Custom Roles |
bigquery.jobs.delete |
BigQuery | Now GA |
bigquery.jobs.delete |
Cloud Deploy | Added |
clouddeploy.config.get clouddeploy.deliveryPipelines.create clouddeploy.deliveryPipelines.delete clouddeploy.deliveryPipelines.get clouddeploy.deliveryPipelines.getIamPolicy clouddeploy.deliveryPipelines.list clouddeploy.deliveryPipelines.setIamPolicy clouddeploy.deliveryPipelines.update clouddeploy.locations.get clouddeploy.locations.list clouddeploy.operations.cancel clouddeploy.operations.delete clouddeploy.operations.get clouddeploy.operations.list clouddeploy.releases.create clouddeploy.releases.delete clouddeploy.releases.get clouddeploy.releases.list clouddeploy.rollouts.approve clouddeploy.rollouts.create clouddeploy.rollouts.get clouddeploy.rollouts.list clouddeploy.targets.create clouddeploy.targets.delete clouddeploy.targets.get clouddeploy.targets.getIamPolicy clouddeploy.targets.list clouddeploy.targets.setIamPolicy clouddeploy.targets.update |
Cloud Deploy | Supported In Custom Roles |
clouddeploy.config.get clouddeploy.deliveryPipelines.create clouddeploy.deliveryPipelines.delete clouddeploy.deliveryPipelines.get clouddeploy.deliveryPipelines.getIamPolicy clouddeploy.deliveryPipelines.list clouddeploy.deliveryPipelines.setIamPolicy clouddeploy.deliveryPipelines.update clouddeploy.locations.get clouddeploy.locations.list clouddeploy.operations.cancel clouddeploy.operations.delete clouddeploy.operations.get clouddeploy.operations.list clouddeploy.releases.create clouddeploy.releases.delete clouddeploy.releases.get clouddeploy.releases.list clouddeploy.rollouts.approve clouddeploy.rollouts.create clouddeploy.rollouts.get clouddeploy.rollouts.list clouddeploy.targets.create clouddeploy.targets.delete clouddeploy.targets.get clouddeploy.targets.getIamPolicy clouddeploy.targets.list clouddeploy.targets.setIamPolicy clouddeploy.targets.update |
Cloud Functions | Added |
cloudfunctions.functions.generateUploadUrl |
Compute Engine | Added |
compute.forwardingRules.use |
Dialogflow | Added |
dialogflow.conversations.update |
Dialogflow | Now GA |
dialogflow.conversations.update |
Cloud Integrations | Added |
integrations.apigeeIntegrationVers.delete |
Cloud Integrations | Now GA |
integrations.apigeeIntegrationVers.delete |
Cloud Logging | Now GA |
logging.fields.access |
Storage Transfer Service | Added |
storagetransfer.agentpools.create storagetransfer.agentpools.delete storagetransfer.agentpools.get storagetransfer.agentpools.list storagetransfer.agentpools.update |
Storage Transfer Service | Now GA |
storagetransfer.agentpools.create storagetransfer.agentpools.delete storagetransfer.agentpools.get storagetransfer.agentpools.list storagetransfer.agentpools.update |
Cloud IAM changes as of 2021-08-20
Service | Change | Description |
---|---|---|
Anthos Service Mesh | Role Updated |
The following permissions have been added to the role container.thirdPartyObjects.create |
Bare Metal Solution | Now GA |
The role |
Bare Metal Solution | Now GA |
The role |
Cloud Deploy | Role Added |
The role clouddeploy.deliveryPipelines.get clouddeploy.googleapis.com/deliveryPipelines.get clouddeploy.googleapis.com/locations.get clouddeploy.googleapis.com/locations.list clouddeploy.googleapis.com/operations.cancel clouddeploy.googleapis.com/operations.delete clouddeploy.googleapis.com/operations.get clouddeploy.googleapis.com/operations.list clouddeploy.googleapis.com/releases.create clouddeploy.googleapis.com/releases.get clouddeploy.googleapis.com/releases.list clouddeploy.googleapis.com/rollouts.create clouddeploy.googleapis.com/rollouts.get clouddeploy.googleapis.com/rollouts.list clouddeploy.googleapis.com/targets.get clouddeploy.locations.get clouddeploy.locations.list clouddeploy.operations.cancel clouddeploy.operations.delete clouddeploy.operations.get clouddeploy.operations.list clouddeploy.releases.create clouddeploy.releases.get clouddeploy.releases.list clouddeploy.rollouts.create clouddeploy.rollouts.get clouddeploy.rollouts.list clouddeploy.targets.get cloudresourcemanager.googleapis.com/projects.get cloudresourcemanager.googleapis.com/projects.list resourcemanager.projects.get resourcemanager.projects.list |
Cloud Deploy | Role Updated |
The following permissions have been added to the role cloudbuild.workerpools.use |
Content Warehouse | Role Updated |
The following permissions have been added to the role cloudfunctions.functions.invoke pubsub.topics.publish pubsublite.topics.publish |
Sensitive Data Protection | Now GA |
The role |
Sensitive Data Protection | Now GA |
The role |
Sensitive Data Protection | Role Updated |
The following permissions have been added to the role cloudasset.assets.analyzeIamPolicy cloudasset.assets.exportResource |
GKE Hub | Role Updated |
The following permissions have been added to the role serviceusage.services.get |
Cloud Logging | Now GA |
The role |
Apigee | Added |
apigee.proxies.update |
Apigee | Supported In Custom Roles |
apigee.proxies.update |
Apigee | Now GA |
apigee.proxies.update |
Bare Metal Solution | Added |
baremetalsolution.instances.create baremetalsolution.instances.get baremetalsolution.instances.list |
Bare Metal Solution | Supported In Custom Roles |
baremetalsolution.instances.create baremetalsolution.instances.get baremetalsolution.instances.list |
Bare Metal Solution | Now GA |
baremetalsolution.instances.create baremetalsolution.instances.get baremetalsolution.instances.list |
BigQuery | Added |
bigquery.jobs.delete |
BigQuery | Supported In Custom Roles |
bigquery.jobs.delete |
BigQuery | Now GA |
bigquery.jobs.delete |
Cloud Deploy | Added |
clouddeploy.config.get clouddeploy.deliveryPipelines.create clouddeploy.deliveryPipelines.delete clouddeploy.deliveryPipelines.get clouddeploy.deliveryPipelines.getIamPolicy clouddeploy.deliveryPipelines.list clouddeploy.deliveryPipelines.setIamPolicy clouddeploy.deliveryPipelines.update clouddeploy.locations.get clouddeploy.locations.list clouddeploy.operations.cancel clouddeploy.operations.delete clouddeploy.operations.get clouddeploy.operations.list clouddeploy.releases.create clouddeploy.releases.delete clouddeploy.releases.get clouddeploy.releases.list clouddeploy.rollouts.approve clouddeploy.rollouts.create clouddeploy.rollouts.get clouddeploy.rollouts.list clouddeploy.targets.create clouddeploy.targets.delete clouddeploy.targets.get clouddeploy.targets.getIamPolicy clouddeploy.targets.list clouddeploy.targets.setIamPolicy clouddeploy.targets.update |
Cloud Deploy | Supported In Custom Roles |
clouddeploy.config.get clouddeploy.deliveryPipelines.create clouddeploy.deliveryPipelines.delete clouddeploy.deliveryPipelines.get clouddeploy.deliveryPipelines.getIamPolicy clouddeploy.deliveryPipelines.list clouddeploy.deliveryPipelines.setIamPolicy clouddeploy.deliveryPipelines.update clouddeploy.locations.get clouddeploy.locations.list clouddeploy.operations.cancel clouddeploy.operations.delete clouddeploy.operations.get clouddeploy.operations.list clouddeploy.releases.create clouddeploy.releases.delete clouddeploy.releases.get clouddeploy.releases.list clouddeploy.rollouts.approve clouddeploy.rollouts.create clouddeploy.rollouts.get clouddeploy.rollouts.list clouddeploy.targets.create clouddeploy.targets.delete clouddeploy.targets.get clouddeploy.targets.getIamPolicy clouddeploy.targets.list clouddeploy.targets.setIamPolicy clouddeploy.targets.update |
Cloud Functions | Added |
cloudfunctions.functions.generateUploadUrl |
Compute Engine | Added |
compute.forwardingRules.use |
Dialogflow | Added |
dialogflow.conversations.update |
Dialogflow | Now GA |
dialogflow.conversations.update |
Cloud Integrations | Added |
integrations.apigeeIntegrationVers.delete |
Cloud Integrations | Now GA |
integrations.apigeeIntegrationVers.delete |
Cloud Logging | Now GA |
logging.fields.access |
Storage Transfer Service | Added |
storagetransfer.agentpools.create storagetransfer.agentpools.delete storagetransfer.agentpools.get storagetransfer.agentpools.list storagetransfer.agentpools.update |
Storage Transfer Service | Now GA |
storagetransfer.agentpools.create storagetransfer.agentpools.delete storagetransfer.agentpools.get storagetransfer.agentpools.list storagetransfer.agentpools.update |
Cloud IAM changes as of 2021-08-13
Service | Change | Description |
---|---|---|
Artifact Registry | Now GA |
The role |
Artifact Registry | Now GA |
The role |
Artifact Registry | Now GA |
The role |
Artifact Registry | Now GA |
The role |
Cloud Build | Now GA |
The role |
Cloud Build | Now GA |
The role |
Cloud Build | Now GA |
The role |
Basic Role | Role Updated |
The following permissions have been added to the role logging.notificationRules.create logging.notificationRules.delete logging.notificationRules.update |
Network Connectivity Center | Now GA |
The role |
Network Connectivity Center | Now GA |
The role |
Network Connectivity Center | Now GA |
The role |
Speech-to-Text | Now GA |
The role |
Speech-to-Text | Now GA |
The role |
Speech-to-Text | Now GA |
The role |
Artifact Registry | Now GA |
artifactregistry.aptartifacts.create artifactregistry.files.get artifactregistry.files.list artifactregistry.packages.delete artifactregistry.packages.get artifactregistry.packages.list artifactregistry.repositories.create artifactregistry.repositories.delete artifactregistry.repositories.deleteArtifacts artifactregistry.repositories.downloadArtifacts artifactregistry.repositories.get artifactregistry.repositories.getIamPolicy artifactregistry.repositories.list artifactregistry.repositories.setIamPolicy artifactregistry.repositories.update artifactregistry.repositories.uploadArtifacts artifactregistry.tags.create artifactregistry.tags.delete artifactregistry.tags.get artifactregistry.tags.list artifactregistry.tags.update artifactregistry.versions.delete artifactregistry.versions.get artifactregistry.versions.list artifactregistry.yumartifacts.create |
Network Connectivity Center | Now GA |
networkconnectivity.hubs.create networkconnectivity.hubs.delete networkconnectivity.hubs.get networkconnectivity.hubs.getIamPolicy networkconnectivity.hubs.list networkconnectivity.hubs.setIamPolicy networkconnectivity.hubs.update networkconnectivity.locations.get networkconnectivity.locations.list networkconnectivity.operations.cancel networkconnectivity.operations.delete networkconnectivity.operations.get networkconnectivity.operations.list networkconnectivity.spokes.create networkconnectivity.spokes.delete networkconnectivity.spokes.get networkconnectivity.spokes.getIamPolicy networkconnectivity.spokes.list networkconnectivity.spokes.setIamPolicy networkconnectivity.spokes.update |
Network Services | Added |
networkservices.endpointPolicies.create networkservices.endpointPolicies.delete networkservices.endpointPolicies.get networkservices.endpointPolicies.getIamPolicy networkservices.endpointPolicies.list networkservices.endpointPolicies.setIamPolicy networkservices.endpointPolicies.update networkservices.endpointPolicies.use |
Notebooks | Added |
notebooks.instances.getHealth |
Notebooks | Now GA |
notebooks.instances.getHealth |
Speech-to-Text | Added |
speech.adaptations.execute speech.customClasses.create speech.customClasses.delete speech.customClasses.get speech.customClasses.list speech.customClasses.update speech.phraseSets.create speech.phraseSets.delete speech.phraseSets.get speech.phraseSets.list speech.phraseSets.update |
Speech-to-Text | Supported In Custom Roles |
speech.adaptations.execute speech.customClasses.create speech.customClasses.delete speech.customClasses.get speech.customClasses.list speech.customClasses.update speech.phraseSets.create speech.phraseSets.delete speech.phraseSets.get speech.phraseSets.list speech.phraseSets.update |
Speech-to-Text | Now GA |
speech.adaptations.execute speech.customClasses.create speech.customClasses.delete speech.customClasses.get speech.customClasses.list speech.customClasses.update speech.phraseSets.create speech.phraseSets.delete speech.phraseSets.get speech.phraseSets.list speech.phraseSets.update |
Cloud IAM changes as of 2021-08-06
Service | Change | Description |
---|---|---|
Vertex AI | Role Updated |
The following permissions have been added to the role bigquery.readsessions.getData |
Vertex AI | Role Updated |
The following permissions have been added to the role aiplatform.annotationSpecs.create aiplatform.annotationSpecs.delete aiplatform.annotationSpecs.get aiplatform.annotationSpecs.list aiplatform.annotationSpecs.update aiplatform.annotations.create aiplatform.annotations.delete aiplatform.annotations.get aiplatform.annotations.list aiplatform.annotations.update aiplatform.batchPredictionJobs.cancel aiplatform.batchPredictionJobs.delete aiplatform.customJobs.delete aiplatform.dataItems.create aiplatform.dataItems.delete aiplatform.dataItems.get aiplatform.dataItems.list aiplatform.dataItems.update aiplatform.dataLabelingJobs.cancel aiplatform.dataLabelingJobs.create aiplatform.dataLabelingJobs.delete aiplatform.dataLabelingJobs.get aiplatform.dataLabelingJobs.list aiplatform.datasets.delete aiplatform.datasets.export aiplatform.datasets.list aiplatform.edgeDeploymentJobs.create aiplatform.edgeDeploymentJobs.delete aiplatform.edgeDeploymentJobs.get aiplatform.edgeDeploymentJobs.list aiplatform.edgeDeviceDebugInfo.get aiplatform.edgeDevices.create aiplatform.edgeDevices.delete aiplatform.edgeDevices.get aiplatform.edgeDevices.list aiplatform.edgeDevices.update aiplatform.endpoints.create aiplatform.endpoints.delete aiplatform.endpoints.deploy aiplatform.endpoints.get aiplatform.endpoints.list aiplatform.endpoints.undeploy aiplatform.endpoints.update aiplatform.entityTypes.create aiplatform.entityTypes.delete aiplatform.entityTypes.importFeatureValues aiplatform.entityTypes.list aiplatform.entityTypes.readFeatureValues aiplatform.entityTypes.streamingReadFeatureValues aiplatform.entityTypes.update aiplatform.entityTypes.writeFeatureValues aiplatform.features.create aiplatform.features.delete aiplatform.features.get aiplatform.features.list aiplatform.features.update aiplatform.featurestores.batchReadFeatureValues aiplatform.featurestores.create aiplatform.featurestores.delete aiplatform.featurestores.importFeatures aiplatform.featurestores.list aiplatform.featurestores.readFeatures aiplatform.featurestores.update aiplatform.featurestores.writeFeatures aiplatform.humanInTheLoops.create aiplatform.humanInTheLoops.delete aiplatform.humanInTheLoops.get aiplatform.humanInTheLoops.list aiplatform.humanInTheLoops.send aiplatform.humanInTheLoops.update aiplatform.hyperparameterTuningJobs.cancel aiplatform.hyperparameterTuningJobs.create aiplatform.hyperparameterTuningJobs.delete aiplatform.hyperparameterTuningJobs.get aiplatform.hyperparameterTuningJobs.list aiplatform.indexEndpoints.create aiplatform.indexEndpoints.delete aiplatform.indexEndpoints.deploy aiplatform.indexEndpoints.get aiplatform.indexEndpoints.list aiplatform.indexEndpoints.undeploy aiplatform.indexEndpoints.update aiplatform.indexes.create aiplatform.indexes.delete aiplatform.indexes.get aiplatform.indexes.list aiplatform.indexes.update aiplatform.locations.get aiplatform.locations.list aiplatform.metadataSchemas.delete aiplatform.modelDeploymentMonitoringJobs.delete aiplatform.modelDeploymentMonitoringJobs.get aiplatform.modelDeploymentMonitoringJobs.list aiplatform.modelDeploymentMonitoringJobs.pause aiplatform.modelDeploymentMonitoringJobs.resume aiplatform.modelDeploymentMonitoringJobs.searchStatsAnomalies aiplatform.modelEvaluationSlices.get aiplatform.modelEvaluationSlices.list aiplatform.modelEvaluations.exportEvaluatedDataItems aiplatform.modelEvaluations.get aiplatform.modelEvaluations.list aiplatform.models.delete aiplatform.models.export aiplatform.models.get aiplatform.models.list aiplatform.models.update aiplatform.models.upload aiplatform.nasJobs.cancel aiplatform.nasJobs.create aiplatform.nasJobs.delete aiplatform.nasJobs.get aiplatform.nasJobs.list aiplatform.operations.list aiplatform.pipelineJobs.cancel aiplatform.pipelineJobs.create aiplatform.pipelineJobs.delete aiplatform.pipelineJobs.get aiplatform.pipelineJobs.list aiplatform.specialistPools.create aiplatform.specialistPools.delete aiplatform.specialistPools.get aiplatform.specialistPools.list aiplatform.specialistPools.update aiplatform.studies.create aiplatform.studies.delete aiplatform.studies.get aiplatform.studies.list aiplatform.studies.update aiplatform.tensorboardExperiments.create aiplatform.tensorboardExperiments.delete aiplatform.tensorboardExperiments.get aiplatform.tensorboardExperiments.list aiplatform.tensorboardExperiments.update aiplatform.tensorboardExperiments.write aiplatform.tensorboardRuns.create aiplatform.tensorboardRuns.delete aiplatform.tensorboardRuns.get aiplatform.tensorboardRuns.list aiplatform.tensorboardRuns.update aiplatform.tensorboardRuns.write aiplatform.tensorboardTimeSeries.create aiplatform.tensorboardTimeSeries.delete aiplatform.tensorboardTimeSeries.get aiplatform.tensorboardTimeSeries.list aiplatform.tensorboardTimeSeries.read aiplatform.tensorboardTimeSeries.update aiplatform.tensorboards.create aiplatform.tensorboards.delete aiplatform.tensorboards.get aiplatform.tensorboards.list aiplatform.tensorboards.update aiplatform.trainingPipelines.cancel aiplatform.trainingPipelines.create aiplatform.trainingPipelines.delete aiplatform.trainingPipelines.get aiplatform.trainingPipelines.list aiplatform.trials.create aiplatform.trials.delete aiplatform.trials.get aiplatform.trials.list aiplatform.trials.update |
Dialogflow | Now GA |
The role |
Dialogflow | Now GA |
The role |
Dialogflow | Now GA |
The role |
Dialogflow | Now GA |
The role |
Dialogflow | Now GA |
The role |
Dialogflow | Now GA |
The role |
Cloud Integrations | Role Updated |
The following permissions have been added to the role integrations.apigeeExecutions.list integrations.apigeeIntegrationVers.deploy integrations.apigeeIntegrations.invoke |
Network Connectivity Center | Role Updated |
The following permissions have been added to the role networkconnectivity.hubs.get networkconnectivity.hubs.getIamPolicy networkconnectivity.hubs.list |
Transcoder API | Now GA |
The role |
Transcoder API | Now GA |
The role |
Compute Engine | Added |
compute.backendServices.getIamPolicy compute.backendServices.setIamPolicy compute.regionBackendServices.getIamPolicy compute.regionBackendServices.setIamPolicy |
Compute Engine | Supported In Custom Roles |
compute.backendServices.getIamPolicy compute.backendServices.setIamPolicy |
Risk Manager | Added |
riskmanager.operations.delete riskmanager.operations.get riskmanager.operations.list riskmanager.policies.get riskmanager.policies.list riskmanager.reports.create riskmanager.reports.delete riskmanager.reports.get riskmanager.reports.list riskmanager.reports.review riskmanager.reports.share riskmanager.serviceAccount.create riskmanager.settings.get riskmanager.settings.update |
Risk Manager | Supported In Custom Roles |
riskmanager.settings.get riskmanager.settings.update |
Transcoder API | Now GA |
transcoder.jobTemplates.create transcoder.jobTemplates.delete transcoder.jobTemplates.get transcoder.jobTemplates.list transcoder.jobs.create transcoder.jobs.delete transcoder.jobs.get transcoder.jobs.list |
Cloud IAM changes as of 2021-07-30
Service | Change | Description |
---|---|---|
Vertex AI | Role Updated |
The following permissions have been added to the role aiplatform.modelDeploymentMonitoringJobs.create aiplatform.modelDeploymentMonitoringJobs.update |
API Gateway | Role Updated |
The following permissions have been added to the role monitoring.metricDescriptors.list monitoring.monitoredResourceDescriptors.get monitoring.timeSeries.list servicemanagement.services.get serviceusage.services.list |
API Gateway | Role Updated |
The following permissions have been added to the role monitoring.metricDescriptors.list monitoring.monitoredResourceDescriptors.get monitoring.timeSeries.list servicemanagement.services.get serviceusage.services.list |
Bare Metal Solution | Role Updated |
The following permissions have been added to the role resourcemanager.projects.get resourcemanager.projects.list |
Bare Metal Solution | Role Updated |
The following permissions have been added to the role resourcemanager.projects.get resourcemanager.projects.list |
Bare Metal Solution | Role Updated |
The following permissions have been added to the role resourcemanager.projects.get resourcemanager.projects.list |
Cloud Build | Now GA |
The role |
Cloud Key Management Service | Now GA |
The role |
Cloud Key Management Service | Now GA |
The role |
Contact Center AI Insights | Role Updated |
The following permissions have been added to the role datalabeling.dataitems.get datalabeling.dataitems.list datalabeling.datasets.create datalabeling.datasets.delete datalabeling.datasets.export datalabeling.datasets.get datalabeling.datasets.import datalabeling.operations.get datalabeling.operations.list |
Dataflow | Role Updated |
The following permissions have been added to the role autoscaling.sites.readRecommendations autoscaling.sites.writeMetrics autoscaling.sites.writeState |
Dataproc | Role Updated |
The following permissions have been added to the role logging.operations.get logging.operations.list |
Dataproc | Role Updated |
The following permissions have been added to the role storage.multipartUploads.list |
Enterprise Knowledge Graph | Role Updated |
The following permissions have been added to the role bigquery.jobs.create resourcemanager.projects.get resourcemanager.projects.list |
Cloud Integrations | Now GA |
The role |
Cloud Integrations | Now GA |
The role |
Cloud Integrations | Now GA |
The role |
Cloud Integrations | Now GA |
The role |
Cloud Integrations | Now GA |
The role |
Cloud Integrations | Now GA |
The role |
Cloud Logging | Role Updated |
The following permissions have been added to the role logging.operations.get logging.operations.list |
Media Asset | Role Updated |
The following permissions have been added to the role transcoder.jobs.create transcoder.jobs.delete transcoder.jobs.get |
Multi Cluster Ingress | Role Updated |
The following permissions have been added to the role container.frontendConfigs.create container.frontendConfigs.delete container.frontendConfigs.get container.frontendConfigs.list container.frontendConfigs.update container.thirdPartyObjects.delete |
Security Command Center | Role Updated |
The following permissions have been added to the role binaryauthorization.policy.get logging.operations.get logging.operations.list |
Security Command Center | Role Updated |
The following permissions have been added to the role binaryauthorization.policy.get logging.operations.get logging.operations.list |
Security Command Center | Role Updated |
The following permissions have been added to the role binaryauthorization.policy.get logging.operations.get logging.operations.list |
Cloud Storage | Role Updated |
The following permissions have been added to the role storage.multipartUploads.list |
Artifact Registry | Added |
artifactregistry.aptartifacts.create artifactregistry.yumartifacts.create |
Cloud Build | Added |
cloudbuild.builds.approve |
Cloud Build | Supported In Custom Roles |
cloudbuild.builds.approve |
Cloud Build | Now GA |
cloudbuild.builds.approve |
Cloud Key Management Service | Added |
cloudkms.cryptoKeyVersions.useToVerify cloudkms.keyRings.createTagBinding cloudkms.keyRings.deleteTagBinding cloudkms.keyRings.listTagBindings cloudkms.locations.generateRandomBytes |
Cloud Key Management Service | Supported In Custom Roles |
cloudkms.cryptoKeyVersions.useToVerify cloudkms.locations.generateRandomBytes |
Cloud Key Management Service | Now GA |
cloudkms.cryptoKeyVersions.useToVerify cloudkms.keyRings.createTagBinding cloudkms.keyRings.deleteTagBinding cloudkms.keyRings.listTagBindings cloudkms.locations.generateRandomBytes |
Data Pipelines | Added |
datapipelines.pipelines.create datapipelines.pipelines.delete datapipelines.pipelines.get datapipelines.pipelines.list datapipelines.pipelines.run datapipelines.pipelines.stop datapipelines.pipelines.update |
Firebase App Check | Added |
firebaseappcheck.appAttestConfig.get firebaseappcheck.appAttestConfig.update firebaseappcheck.safetyNetConfig.get firebaseappcheck.safetyNetConfig.update |
Firebase App Check | Supported In Custom Roles |
firebaseappcheck.appAttestConfig.get firebaseappcheck.appAttestConfig.update firebaseappcheck.safetyNetConfig.get firebaseappcheck.safetyNetConfig.update |
Cloud Integrations | Now GA |
integrations.apigeeAuthConfigs.create integrations.apigeeAuthConfigs.delete integrations.apigeeAuthConfigs.get integrations.apigeeAuthConfigs.list integrations.apigeeAuthConfigs.update integrations.apigeeCertificates.get integrations.apigeeExecutions.list integrations.apigeeIntegrationVers.create integrations.apigeeIntegrationVers.deploy integrations.apigeeIntegrationVers.get integrations.apigeeIntegrationVers.list integrations.apigeeIntegrationVers.update integrations.apigeeIntegrations.invoke integrations.apigeeIntegrations.list integrations.apigeeSfdcChannels.create integrations.apigeeSfdcChannels.delete integrations.apigeeSfdcChannels.get integrations.apigeeSfdcChannels.list integrations.apigeeSfdcChannels.update integrations.apigeeSfdcInstances.create integrations.apigeeSfdcInstances.delete integrations.apigeeSfdcInstances.get integrations.apigeeSfdcInstances.list integrations.apigeeSfdcInstances.update integrations.apigeeSuspensions.list integrations.apigeeSuspensions.resolve |
Managed Service for Microsoft Active Directory | Added |
managedidentities.peerings.create managedidentities.peerings.delete managedidentities.peerings.get managedidentities.peerings.getIamPolicy managedidentities.peerings.list managedidentities.peerings.setIamPolicy managedidentities.peerings.update |
Managed Service for Microsoft Active Directory | Supported In Custom Roles |
managedidentities.peerings.create managedidentities.peerings.delete managedidentities.peerings.get managedidentities.peerings.getIamPolicy managedidentities.peerings.list managedidentities.peerings.setIamPolicy managedidentities.peerings.update |
Recommender | Added |
recommender.resources.export |
Recommender | Supported In Custom Roles |
recommender.resources.export |
Cloud IAM changes as of 2021-07-16
Service | Change | Description |
---|---|---|
Anthos Service Mesh | Role Updated |
The following permissions have been added to the role container.customResourceDefinitions.update |
Cloud Build | Now GA |
The role |
Cloud Build | Now GA |
The role |
Cloud Build | Now GA |
The role |
Cloud Build | Now GA |
The role |
Cloud TPU | Role Updated |
The following permissions have been added to the role networkconnectivity.locations.get networkconnectivity.locations.list networkconnectivity.operations.cancel networkconnectivity.operations.delete networkconnectivity.operations.get networkconnectivity.operations.list |
Compliance Scanning | Now GA |
The role |
Cloud Composer | Role Updated |
The following permissions have been added to the role networkconnectivity.locations.get networkconnectivity.locations.list networkconnectivity.operations.cancel networkconnectivity.operations.delete networkconnectivity.operations.get networkconnectivity.operations.list |
Compute Engine | Role Updated |
The following permissions have been added to the role networkconnectivity.locations.get networkconnectivity.locations.list networkconnectivity.operations.cancel networkconnectivity.operations.delete networkconnectivity.operations.get networkconnectivity.operations.list |
Compute Engine | Role Updated |
The following permissions have been added to the role networkconnectivity.locations.get networkconnectivity.locations.list networkconnectivity.operations.get networkconnectivity.operations.list |
Compute Engine | Role Updated |
The following permissions have been added to the role networkconnectivity.locations.get networkconnectivity.locations.list networkconnectivity.operations.get networkconnectivity.operations.list |
Compute Engine | Role Updated |
The following permissions have been added to the role compute.regionOperations.get compute.regionOperations.getIamPolicy compute.regionOperations.list compute.regionOperations.setIamPolicy |
Compute Engine | Role Updated |
The following permissions have been added to the role compute.regionOperations.get compute.regionOperations.getIamPolicy compute.regionOperations.list |
Google Kubernetes Engine | Role Updated |
The following permissions have been added to the role networkconnectivity.locations.get networkconnectivity.locations.list networkconnectivity.operations.cancel networkconnectivity.operations.delete networkconnectivity.operations.get networkconnectivity.operations.list |
Dataflow | Role Updated |
The following permissions have been added to the role networkconnectivity.locations.get networkconnectivity.locations.list networkconnectivity.operations.cancel networkconnectivity.operations.delete networkconnectivity.operations.get networkconnectivity.operations.list |
Cloud Data Fusion | Role Updated |
The following permissions have been added to the role networkconnectivity.locations.get networkconnectivity.locations.list networkconnectivity.operations.get networkconnectivity.operations.list |
Data Pipelines | Now GA |
The role |
GKE Multi-Cloud | Role Updated |
The following permissions have been added to the role gkemulticloud.awsClusters.delete gkemulticloud.awsNodePools.delete gkemulticloud.azureClients.delete gkemulticloud.azureClusters.delete gkemulticloud.azureNodePools.delete |
Vertex AI | Added |
aiplatform.artifacts.delete aiplatform.entityTypes.writeFeatureValues aiplatform.executions.delete aiplatform.metadataSchemas.delete aiplatform.tensorboardExperiments.write |
Cloud Build | Added |
cloudbuild.workerpools.create cloudbuild.workerpools.delete cloudbuild.workerpools.get cloudbuild.workerpools.list cloudbuild.workerpools.update cloudbuild.workerpools.use |
Cloud Build | Supported In Custom Roles |
cloudbuild.workerpools.create cloudbuild.workerpools.delete cloudbuild.workerpools.get cloudbuild.workerpools.list cloudbuild.workerpools.update cloudbuild.workerpools.use |
Cloud Build | Now GA |
cloudbuild.workerpools.create cloudbuild.workerpools.delete cloudbuild.workerpools.get cloudbuild.workerpools.list cloudbuild.workerpools.update cloudbuild.workerpools.use |
GKE Multi-Cloud | Added |
gkemulticloud.awsNodePools.update gkemulticloud.azureNodePools.update |
Cloud Monitoring | Added |
monitoring.metricsScopes.link |
Cloud Monitoring | Supported In Custom Roles |
monitoring.metricsScopes.link |
Policy Analyzer | Added |
policyanalyzer.serviceAccountKeyLastAuthenticationActivities.query policyanalyzer.serviceAccountLastAuthenticationActivities.query |
Pub/Sub Lite | Added |
pubsublite.operations.get pubsublite.operations.list |
Pub/Sub Lite | Now GA |
pubsublite.operations.get pubsublite.operations.list |
Cloud IAM changes as of 2021-07-02
Service | Change | Description |
---|---|---|
Anthos Service Mesh | Role Updated |
The following permissions have been added to the role container.mutatingWebhookConfigurations.create container.mutatingWebhookConfigurations.get container.mutatingWebhookConfigurations.list container.mutatingWebhookConfigurations.update container.validatingWebhookConfigurations.create container.validatingWebhookConfigurations.get container.validatingWebhookConfigurations.list container.validatingWebhookConfigurations.update |
Cloud Composer | Now GA |
The role |
Visual Inspection AI | Now GA |
The role |
Visual Inspection AI | Now GA |
The role |
Visual Inspection AI | Now GA |
The role |
Compute Engine | Added |
compute.instances.sendDiagnosticInterrupt |
Compute Engine | Now GA |
compute.instances.sendDiagnosticInterrupt |
Visual Inspection AI | Added |
visualinspection.annotationSets.create visualinspection.annotationSets.delete visualinspection.annotationSets.get visualinspection.annotationSets.list visualinspection.annotationSets.update visualinspection.annotationSpecs.create visualinspection.annotationSpecs.delete visualinspection.annotationSpecs.get visualinspection.annotationSpecs.list visualinspection.annotations.create visualinspection.annotations.delete visualinspection.annotations.get visualinspection.annotations.list visualinspection.annotations.update visualinspection.datasets.create visualinspection.datasets.delete visualinspection.datasets.export visualinspection.datasets.get visualinspection.datasets.import visualinspection.datasets.list visualinspection.datasets.update visualinspection.images.delete visualinspection.images.get visualinspection.images.list visualinspection.images.update visualinspection.locations.get visualinspection.locations.list visualinspection.locations.reportUsageMetrics visualinspection.modelEvaluations.get visualinspection.modelEvaluations.list visualinspection.models.create visualinspection.models.delete visualinspection.models.get visualinspection.models.list visualinspection.models.update visualinspection.models.writePrediction visualinspection.modules.create visualinspection.modules.delete visualinspection.modules.get visualinspection.modules.list visualinspection.modules.update visualinspection.operations.get visualinspection.operations.list visualinspection.solutionArtifacts.create visualinspection.solutionArtifacts.delete visualinspection.solutionArtifacts.get visualinspection.solutionArtifacts.list visualinspection.solutionArtifacts.predict visualinspection.solutionArtifacts.update visualinspection.solutions.create visualinspection.solutions.delete visualinspection.solutions.get visualinspection.solutions.list |
Visual Inspection AI | Supported In Custom Roles |
visualinspection.annotationSets.create visualinspection.annotationSets.delete visualinspection.annotationSets.get visualinspection.annotationSets.list visualinspection.annotationSets.update visualinspection.annotationSpecs.create visualinspection.annotationSpecs.delete visualinspection.annotationSpecs.get visualinspection.annotationSpecs.list visualinspection.annotations.create visualinspection.annotations.delete visualinspection.annotations.get visualinspection.annotations.list visualinspection.annotations.update visualinspection.datasets.create visualinspection.datasets.delete visualinspection.datasets.export visualinspection.datasets.get visualinspection.datasets.import visualinspection.datasets.list visualinspection.datasets.update visualinspection.images.delete visualinspection.images.get visualinspection.images.list visualinspection.images.update visualinspection.locations.get visualinspection.locations.list visualinspection.locations.reportUsageMetrics visualinspection.modelEvaluations.get visualinspection.modelEvaluations.list visualinspection.models.create visualinspection.models.delete visualinspection.models.get visualinspection.models.list visualinspection.models.update visualinspection.models.writePrediction visualinspection.modules.create visualinspection.modules.delete visualinspection.modules.get visualinspection.modules.list visualinspection.modules.update visualinspection.operations.get visualinspection.operations.list visualinspection.solutionArtifacts.create visualinspection.solutionArtifacts.delete visualinspection.solutionArtifacts.get visualinspection.solutionArtifacts.list visualinspection.solutionArtifacts.predict visualinspection.solutionArtifacts.update visualinspection.solutions.create visualinspection.solutions.delete visualinspection.solutions.get visualinspection.solutions.list |
Visual Inspection AI | Now GA |
visualinspection.annotationSets.create visualinspection.annotationSets.delete visualinspection.annotationSets.get visualinspection.annotationSets.list visualinspection.annotationSets.update visualinspection.annotationSpecs.create visualinspection.annotationSpecs.delete visualinspection.annotationSpecs.get visualinspection.annotationSpecs.list visualinspection.annotations.create visualinspection.annotations.delete visualinspection.annotations.get visualinspection.annotations.list visualinspection.annotations.update visualinspection.datasets.create visualinspection.datasets.delete visualinspection.datasets.export visualinspection.datasets.get visualinspection.datasets.import visualinspection.datasets.list visualinspection.datasets.update visualinspection.images.delete visualinspection.images.get visualinspection.images.list visualinspection.images.update visualinspection.locations.get visualinspection.locations.list visualinspection.locations.reportUsageMetrics visualinspection.modelEvaluations.get visualinspection.modelEvaluations.list visualinspection.models.create visualinspection.models.delete visualinspection.models.get visualinspection.models.list visualinspection.models.update visualinspection.models.writePrediction visualinspection.modules.create visualinspection.modules.delete visualinspection.modules.get visualinspection.modules.list visualinspection.modules.update visualinspection.operations.get visualinspection.operations.list visualinspection.solutionArtifacts.create visualinspection.solutionArtifacts.delete visualinspection.solutionArtifacts.get visualinspection.solutionArtifacts.list visualinspection.solutionArtifacts.predict visualinspection.solutionArtifacts.update visualinspection.solutions.create visualinspection.solutions.delete visualinspection.solutions.get visualinspection.solutions.list |
Cloud IAM changes as of 2021-06-25
Service | Change | Description |
---|---|---|
Bare Metal Solution | Now GA |
The role |
Bare Metal Solution | Now GA |
The role |
Bare Metal Solution | Now GA |
The role |
Cloud Functions | Role Updated |
The following permissions have been added to the role recommender.locations.get recommender.locations.list |
Cloud Functions | Role Updated |
The following permissions have been added to the role recommender.locations.get recommender.locations.list |
Cloud Functions | Role Updated |
The following permissions have been added to the role recommender.locations.get recommender.locations.list |
Cloud Functions | Role Updated |
The following permissions have been added to the role recommender.locations.get recommender.locations.list |
Google Kubernetes Engine | Role Updated |
The following permissions have been added to the role container.deployments.getScale container.statefulSets.getScale container.storageStates.getStatus container.storageVersionMigrations.getStatus container.volumeSnapshotContents.getStatus |
Container Threat Detection | Role Updated |
The following permissions have been added to the role container.deployments.getScale container.statefulSets.getScale container.storageStates.getStatus container.storageVersionMigrations.getStatus container.volumeSnapshotContents.getStatus |
Data Catalog | Role Updated |
The following permissions have been added to the role bigquery.connections.updateTag |
Data Catalog | Role Updated |
The following permissions have been added to the role bigquery.connections.updateTag |
Dialogflow | Role Updated |
The following permissions have been added to the role dialogflow.agents.searchResources |
Dialogflow | Role Updated |
The following permissions have been added to the role dialogflow.agents.searchResources |
Dialogflow | Role Updated |
The following permissions have been added to the role dialogflow.agents.searchResources |
Dialogflow | Role Updated |
The following permissions have been added to the role dialogflow.agents.searchResources |
Dialogflow | Role Updated |
The following permissions have been added to the role dialogflow.agents.searchResources |
Dialogflow | Role Updated |
The following permissions have been added to the role dialogflow.agents.searchResources |
Dialogflow | Role Updated |
The following permissions have been added to the role dialogflow.agents.searchResources |
Eventarc | Role Updated |
The following permissions have been added to the role storage.buckets.get storage.buckets.update |
Firebase | Role Updated |
The following permissions have been added to the role recommender.locations.get recommender.locations.list |
Firebase | Role Updated |
The following permissions have been added to the role recommender.locations.get recommender.locations.list |
Firebase | Role Updated |
The following permissions have been added to the role recommender.locations.get recommender.locations.list |
Firebase | Role Updated |
The following permissions have been added to the role recommender.locations.get recommender.locations.list |
Network Connectivity Center | Role Updated |
The following permissions have been added to the role networkconnectivity.locations.get networkconnectivity.locations.list networkconnectivity.operations.cancel networkconnectivity.operations.delete networkconnectivity.operations.get networkconnectivity.operations.list |
Network Connectivity Center | Role Updated |
The following permissions have been added to the role networkconnectivity.locations.get networkconnectivity.locations.list |
Network Connectivity Center | Role Updated |
The following permissions have been added to the role networkconnectivity.locations.get networkconnectivity.locations.list |
Cloud Run | Role Updated |
The following permissions have been added to the role recommender.locations.get recommender.locations.list |
Cloud Run | Role Updated |
The following permissions have been added to the role recommender.locations.get recommender.locations.list |
Cloud Run | Role Updated |
The following permissions have been removed from the role pubsub.subscriptions.create pubsub.subscriptions.delete pubsub.subscriptions.get pubsub.subscriptions.list pubsub.topics.attachSubscription pubsub.topics.create pubsub.topics.delete pubsub.topics.get pubsub.topics.list pubsub.topics.publish |
Cloud Run | Role Updated |
The following permissions have been added to the role recommender.locations.get recommender.locations.list |
Security Command Center | Role Updated |
The following permissions have been added to the role container.deployments.getScale container.statefulSets.getScale container.storageStates.getStatus container.storageVersionMigrations.getStatus container.volumeSnapshotContents.getStatus |
Security Command Center | Role Updated |
The following permissions have been added to the role container.deployments.getScale container.statefulSets.getScale container.storageStates.getStatus container.storageVersionMigrations.getStatus container.volumeSnapshotContents.getStatus |
Apigee | Added |
apigee.runtimeconfigs.get |
Apigee | Supported In Custom Roles |
apigee.runtimeconfigs.get |
Apigee | Now GA |
apigee.runtimeconfigs.get |
BigQuery | Added |
bigquery.connections.updateTag |
BigQuery | Supported In Custom Roles |
bigquery.connections.updateTag |
Dialogflow | Added |
dialogflow.agents.searchResources |
Dialogflow | Now GA |
dialogflow.agents.searchResources |
Firebase Cloud Messaging Data | Added |
fcmdata.deliverydata.list |
Firebase Cloud Messaging Data | Supported In Custom Roles |
fcmdata.deliverydata.list |
Live Stream | Added |
livestream.channels.create livestream.channels.delete livestream.channels.get livestream.channels.list livestream.channels.start livestream.channels.stop livestream.channels.update livestream.events.create livestream.events.delete livestream.events.get livestream.events.list livestream.inputs.create livestream.inputs.delete livestream.inputs.get livestream.inputs.list livestream.inputs.update livestream.locations.get livestream.locations.list livestream.operations.cancel livestream.operations.delete livestream.operations.get livestream.operations.list |
Live Stream | Supported In Custom Roles |
livestream.channels.create livestream.channels.delete livestream.channels.get livestream.channels.list livestream.channels.start livestream.channels.stop livestream.channels.update livestream.events.create livestream.events.delete livestream.events.get livestream.events.list livestream.inputs.create livestream.inputs.delete livestream.inputs.get livestream.inputs.list livestream.inputs.update livestream.locations.get livestream.locations.list livestream.operations.cancel livestream.operations.delete livestream.operations.get livestream.operations.list |
Pub/Sub Lite | Added |
pubsublite.reservations.attachTopic pubsublite.reservations.create pubsublite.reservations.delete pubsublite.reservations.get pubsublite.reservations.list pubsublite.reservations.listTopics pubsublite.reservations.update |
Pub/Sub Lite | Now GA |
pubsublite.reservations.attachTopic pubsublite.reservations.create pubsublite.reservations.delete pubsublite.reservations.get pubsublite.reservations.list pubsublite.reservations.listTopics pubsublite.reservations.update |
Cloud Storage | Added |
storage.buckets.createTagBinding storage.buckets.deleteTagBinding storage.buckets.listTagBindings |
Cloud Storage | Now GA |
storage.buckets.createTagBinding storage.buckets.deleteTagBinding storage.buckets.listTagBindings |
Cloud IAM changes as of 2021-06-18
Service | Change | Description |
---|---|---|
Assured Workloads | Role Updated |
The following permissions have been added to the role resourcemanager.folders.create resourcemanager.folders.get resourcemanager.folders.list |
Assured Workloads | Role Updated |
The following permissions have been added to the role resourcemanager.folders.create resourcemanager.folders.get resourcemanager.folders.list |
Assured Workloads | Role Updated |
The following permissions have been added to the role resourcemanager.folders.get resourcemanager.folders.list |
Dialogflow | Now GA |
The role |
Firestore | Now GA |
The role |
Apigee | Added |
apigee.developerbalances.get apigee.developerbalances.update apigee.developermonetizationconfigs.get apigee.developermonetizationconfigs.update |
Apigee | Supported In Custom Roles |
apigee.developerbalances.get apigee.developerbalances.update apigee.developermonetizationconfigs.get apigee.developermonetizationconfigs.update |
Apigee | Now GA |
apigee.developerbalances.get apigee.developerbalances.update apigee.developermonetizationconfigs.get apigee.developermonetizationconfigs.update |
Dialogflow | Added |
dialogflow.changelogs.get dialogflow.changelogs.list |
Dialogflow | Now GA |
dialogflow.changelogs.get dialogflow.changelogs.list |
Cloud DNS | Added |
dns.networks.bindDNSResponsePolicy dns.responsePolicies.create dns.responsePolicies.delete dns.responsePolicies.get dns.responsePolicies.list dns.responsePolicies.update dns.responsePolicyRules.create dns.responsePolicyRules.delete dns.responsePolicyRules.get dns.responsePolicyRules.list dns.responsePolicyRules.update |
Cloud DNS | Supported In Custom Roles |
dns.networks.bindDNSResponsePolicy dns.responsePolicies.create dns.responsePolicies.delete dns.responsePolicies.get dns.responsePolicies.list dns.responsePolicies.update dns.responsePolicyRules.create dns.responsePolicyRules.delete dns.responsePolicyRules.get dns.responsePolicyRules.list dns.responsePolicyRules.update |
GKE Multi-Cloud | Added |
gkemulticloud.awsServerConfigs.get gkemulticloud.azureServerConfigs.get |
Managed Service for Microsoft Active Directory | Added |
managedidentities.sqlintegrations.get managedidentities.sqlintegrations.list |
Managed Service for Microsoft Active Directory | Supported In Custom Roles |
managedidentities.sqlintegrations.get managedidentities.sqlintegrations.list |
Recommender | Added |
recommender.iamPolicyLateralMovementInsights.get recommender.iamPolicyLateralMovementInsights.list recommender.iamPolicyLateralMovementInsights.update recommender.resourcemanagerProjectUtilizationInsights.get recommender.resourcemanagerProjectUtilizationInsights.list recommender.resourcemanagerProjectUtilizationInsights.update recommender.resourcemanagerProjectUtilizationRecommendations.get recommender.resourcemanagerProjectUtilizationRecommendations.list recommender.resourcemanagerProjectUtilizationRecommendations.update |
Recommender | Supported In Custom Roles |
recommender.iamPolicyLateralMovementInsights.get recommender.iamPolicyLateralMovementInsights.list recommender.iamPolicyLateralMovementInsights.update |
Recommender | Now GA |
recommender.iamPolicyLateralMovementInsights.get recommender.iamPolicyLateralMovementInsights.list recommender.iamPolicyLateralMovementInsights.update |
Cloud IAM changes as of 2021-06-11
Service | Change | Description |
---|---|---|
BigQuery | Now GA |
The role |
FleetEngine | Now GA |
The role |
Notebooks | Role Updated |
The following permissions have been added to the role aiplatform.customJobs.cancel aiplatform.customJobs.create aiplatform.customJobs.get aiplatform.customJobs.list |
BigQuery | Added |
bigquery.rowAccessPolicies.create bigquery.rowAccessPolicies.delete bigquery.rowAccessPolicies.getFilteredData bigquery.rowAccessPolicies.getIamPolicy bigquery.rowAccessPolicies.list bigquery.rowAccessPolicies.setIamPolicy bigquery.rowAccessPolicies.update |
BigQuery | Supported In Custom Roles |
bigquery.rowAccessPolicies.create bigquery.rowAccessPolicies.delete bigquery.rowAccessPolicies.getFilteredData bigquery.rowAccessPolicies.getIamPolicy bigquery.rowAccessPolicies.list bigquery.rowAccessPolicies.setIamPolicy bigquery.rowAccessPolicies.update |
BigQuery | Now GA |
bigquery.rowAccessPolicies.create bigquery.rowAccessPolicies.delete bigquery.rowAccessPolicies.getFilteredData bigquery.rowAccessPolicies.getIamPolicy bigquery.rowAccessPolicies.list bigquery.rowAccessPolicies.setIamPolicy bigquery.rowAccessPolicies.update |
Cloud Functions | Added |
cloudfunctions.locations.get |
Cloud Functions | Now GA |
cloudfunctions.locations.get |
Contact Center AI Insights | Added |
contactcenterinsights.analyses.create contactcenterinsights.analyses.delete contactcenterinsights.analyses.get contactcenterinsights.analyses.list contactcenterinsights.conversations.create contactcenterinsights.conversations.delete contactcenterinsights.conversations.get contactcenterinsights.conversations.list contactcenterinsights.conversations.update contactcenterinsights.issueModels.create contactcenterinsights.issueModels.delete contactcenterinsights.issueModels.deploy contactcenterinsights.issueModels.get contactcenterinsights.issueModels.list contactcenterinsights.issueModels.undeploy contactcenterinsights.issueModels.update contactcenterinsights.issues.get contactcenterinsights.issues.list contactcenterinsights.issues.update contactcenterinsights.operations.get contactcenterinsights.operations.list contactcenterinsights.phraseMatchers.create contactcenterinsights.phraseMatchers.delete contactcenterinsights.phraseMatchers.get contactcenterinsights.phraseMatchers.list contactcenterinsights.phraseMatchers.update contactcenterinsights.settings.get contactcenterinsights.settings.update |
Cloud Healthcare API | Added |
healthcare.fhirStores.configureSearch |
Cloud Healthcare API | Supported In Custom Roles |
healthcare.fhirStores.configureSearch |
Cloud Healthcare API | Now GA |
healthcare.fhirStores.configureSearch |
Pub/Sub Lite | Added |
pubsublite.subscriptions.seek |
Pub/Sub Lite | Now GA |
pubsublite.subscriptions.seek |
Cloud IAM changes as of 2021-06-04
Service | Change | Description |
---|---|---|
Apigee | Role Updated |
The following permissions have been added to the role apigee.organizations.get |
Cloud Functions | Role Updated |
The following permissions have been added to the role artifactregistry.files.get artifactregistry.files.list artifactregistry.packages.delete artifactregistry.packages.get artifactregistry.packages.list artifactregistry.repositories.create artifactregistry.repositories.delete artifactregistry.repositories.deleteArtifacts artifactregistry.repositories.downloadArtifacts artifactregistry.repositories.get artifactregistry.repositories.getIamPolicy artifactregistry.repositories.list artifactregistry.repositories.setIamPolicy artifactregistry.repositories.update artifactregistry.repositories.uploadArtifacts artifactregistry.tags.create artifactregistry.tags.delete artifactregistry.tags.get artifactregistry.tags.list artifactregistry.tags.update artifactregistry.versions.delete artifactregistry.versions.get artifactregistry.versions.list |
Contact Center AI Insights | Role Updated |
The following permissions have been added to the role dialogflow.participants.suggest |
Data Catalog | Role Updated |
The following permissions have been added to the role bigquery.routines.updateTag |
Data Catalog | Role Updated |
The following permissions have been added to the role bigquery.routines.updateTag |
Dialogflow | Now GA |
The role |
Dialogflow | Now GA |
The role |
Dialogflow | Now GA |
The role |
Dialogflow | Now GA |
The role |
Sensitive Data Protection | Role Updated |
The following permissions have been added to the role dlp.columnDataProfiles.get dlp.columnDataProfiles.list dlp.projectDataProfiles.get dlp.projectDataProfiles.list dlp.tableDataProfiles.get dlp.tableDataProfiles.list |
Enterprise Knowledge Graph | Now GA |
The role |
Essential Contacts | Now GA |
The role |
Essential Contacts | Now GA |
The role |
Explore Anthos | Role Updated |
The following permissions have been added to the role serviceusage.services.use |
Multi Cluster Ingress | Role Updated |
The following permissions have been added to the role compute.networkEndpointGroups.get container.deployments.create container.deployments.delete container.deployments.get container.deployments.getScale container.deployments.getStatus container.deployments.list container.deployments.rollback container.deployments.update container.deployments.updateScale container.deployments.updateStatus |
reCAPTCHA Enterprise | Role Updated |
The following permissions have been added to the role monitoring.timeSeries.list |
reCAPTCHA Enterprise | Role Updated |
The following permissions have been added to the role monitoring.timeSeries.list |
Security Command Center | Role Updated |
The following permissions have been added to the role bigquery.datasets.get |
Security Command Center | Role Updated |
The following permissions have been added to the role bigquery.datasets.get |
Security Command Center | Role Updated |
The following permissions have been added to the role bigquery.datasets.get |
Cloud Storage | Role Updated |
The following permissions have been added to the role storage.multipartUploads.list |
Vertex AI | Added |
aiplatform.artifacts.create aiplatform.artifacts.get aiplatform.artifacts.list aiplatform.artifacts.update aiplatform.contexts.addContextArtifactsAndExecutions aiplatform.contexts.addContextChildren aiplatform.contexts.create aiplatform.contexts.delete aiplatform.contexts.get aiplatform.contexts.list aiplatform.contexts.queryContextLineageSubgraph aiplatform.contexts.update aiplatform.edgeDeploymentJobs.create aiplatform.edgeDeploymentJobs.delete aiplatform.edgeDeploymentJobs.get aiplatform.edgeDeploymentJobs.list aiplatform.edgeDeviceDebugInfo.get aiplatform.edgeDevices.create aiplatform.edgeDevices.delete aiplatform.edgeDevices.get aiplatform.edgeDevices.list aiplatform.edgeDevices.update aiplatform.entityTypes.create aiplatform.entityTypes.delete aiplatform.entityTypes.exportFeatureValues aiplatform.entityTypes.get aiplatform.entityTypes.importFeatureValues aiplatform.entityTypes.list aiplatform.entityTypes.readFeatureValues aiplatform.entityTypes.streamingReadFeatureValues aiplatform.entityTypes.update aiplatform.executions.addExecutionEvents aiplatform.executions.create aiplatform.executions.get aiplatform.executions.list aiplatform.executions.queryExecutionInputsAndOutputs aiplatform.executions.update aiplatform.features.create aiplatform.features.delete aiplatform.features.get aiplatform.features.list aiplatform.features.update aiplatform.featurestores.batchReadFeatureValues aiplatform.featurestores.create aiplatform.featurestores.delete aiplatform.featurestores.exportFeatures aiplatform.featurestores.get aiplatform.featurestores.importFeatures aiplatform.featurestores.list aiplatform.featurestores.readFeatures aiplatform.featurestores.update aiplatform.featurestores.writeFeatures aiplatform.humanInTheLoops.create aiplatform.humanInTheLoops.delete aiplatform.humanInTheLoops.get aiplatform.humanInTheLoops.list aiplatform.humanInTheLoops.send aiplatform.humanInTheLoops.update aiplatform.indexEndpoints.create aiplatform.indexEndpoints.delete aiplatform.indexEndpoints.deploy aiplatform.indexEndpoints.get aiplatform.indexEndpoints.list aiplatform.indexEndpoints.undeploy aiplatform.indexEndpoints.update aiplatform.indexes.create aiplatform.indexes.delete aiplatform.indexes.get aiplatform.indexes.list aiplatform.indexes.update aiplatform.metadataSchemas.create aiplatform.metadataSchemas.get aiplatform.metadataSchemas.list aiplatform.metadataStores.create aiplatform.metadataStores.delete aiplatform.metadataStores.get aiplatform.metadataStores.list aiplatform.modelDeploymentMonitoringJobs.create aiplatform.modelDeploymentMonitoringJobs.delete aiplatform.modelDeploymentMonitoringJobs.get aiplatform.modelDeploymentMonitoringJobs.list aiplatform.modelDeploymentMonitoringJobs.pause aiplatform.modelDeploymentMonitoringJobs.resume aiplatform.modelDeploymentMonitoringJobs.searchStatsAnomalies aiplatform.modelDeploymentMonitoringJobs.update aiplatform.models.update aiplatform.nasJobs.cancel aiplatform.nasJobs.create aiplatform.nasJobs.delete aiplatform.nasJobs.get aiplatform.nasJobs.list aiplatform.pipelineJobs.cancel aiplatform.pipelineJobs.create aiplatform.pipelineJobs.delete aiplatform.pipelineJobs.get aiplatform.pipelineJobs.list aiplatform.tensorboardExperiments.create aiplatform.tensorboardExperiments.delete aiplatform.tensorboardExperiments.get aiplatform.tensorboardExperiments.list aiplatform.tensorboardExperiments.update aiplatform.tensorboardRuns.create aiplatform.tensorboardRuns.delete aiplatform.tensorboardRuns.get aiplatform.tensorboardRuns.list aiplatform.tensorboardRuns.update aiplatform.tensorboardRuns.write aiplatform.tensorboardTimeSeries.create aiplatform.tensorboardTimeSeries.delete aiplatform.tensorboardTimeSeries.get aiplatform.tensorboardTimeSeries.list aiplatform.tensorboardTimeSeries.read aiplatform.tensorboardTimeSeries.update aiplatform.tensorboards.create aiplatform.tensorboards.delete aiplatform.tensorboards.get aiplatform.tensorboards.list aiplatform.tensorboards.update |
Apigee | Added |
apigee.archivedeployments.create apigee.archivedeployments.delete apigee.archivedeployments.download apigee.archivedeployments.get apigee.archivedeployments.list apigee.archivedeployments.update apigee.archivedeployments.upload |
Apigee | Now GA |
apigee.archivedeployments.create apigee.archivedeployments.delete apigee.archivedeployments.download apigee.archivedeployments.get apigee.archivedeployments.list apigee.archivedeployments.update apigee.archivedeployments.upload |
BigQuery | Added |
bigquery.routines.updateTag |
BigQuery | Supported In Custom Roles |
bigquery.routines.updateTag |
Cloud Asset Inventory | Added |
cloudasset.assets.listAccessPolicy cloudasset.assets.listIamPolicy cloudasset.assets.listOSInventories cloudasset.assets.listOrgPolicy cloudasset.assets.listResource |
Datastore | Supported In Custom Roles |
datastore.databases.export datastore.databases.get datastore.databases.import datastore.entities.allocateIds datastore.entities.create datastore.entities.delete datastore.entities.get datastore.entities.list datastore.entities.update datastore.indexes.create datastore.indexes.delete datastore.indexes.get datastore.indexes.list datastore.indexes.update datastore.locations.get datastore.locations.list datastore.namespaces.get datastore.namespaces.list datastore.operations.cancel datastore.operations.delete datastore.operations.get datastore.operations.list datastore.statistics.get datastore.statistics.list |
Datastream | Added |
datastream.connectionProfiles.create datastream.connectionProfiles.delete datastream.connectionProfiles.destinationTypes datastream.connectionProfiles.discover datastream.connectionProfiles.get datastream.connectionProfiles.getIamPolicy datastream.connectionProfiles.list datastream.connectionProfiles.listStaticServiceIps datastream.connectionProfiles.setIamPolicy datastream.connectionProfiles.sourceTypes datastream.connectionProfiles.update datastream.locations.fetchStaticIps datastream.locations.get datastream.locations.list datastream.operations.cancel datastream.operations.delete datastream.operations.get datastream.operations.list datastream.privateConnections.create datastream.privateConnections.delete datastream.privateConnections.get datastream.privateConnections.getIamPolicy datastream.privateConnections.list datastream.privateConnections.setIamPolicy datastream.routes.create datastream.routes.delete datastream.routes.get datastream.routes.getIamPolicy datastream.routes.list datastream.routes.setIamPolicy datastream.streams.computeState datastream.streams.create datastream.streams.delete datastream.streams.fetchErrors datastream.streams.get datastream.streams.getIamPolicy datastream.streams.list datastream.streams.pause datastream.streams.resume datastream.streams.setIamPolicy datastream.streams.start datastream.streams.update |
Datastream | Supported In Custom Roles |
datastream.connectionProfiles.create datastream.connectionProfiles.delete datastream.connectionProfiles.destinationTypes datastream.connectionProfiles.discover datastream.connectionProfiles.get datastream.connectionProfiles.getIamPolicy datastream.connectionProfiles.list datastream.connectionProfiles.listStaticServiceIps datastream.connectionProfiles.setIamPolicy datastream.connectionProfiles.sourceTypes datastream.connectionProfiles.update datastream.locations.fetchStaticIps datastream.locations.get datastream.locations.list datastream.operations.cancel datastream.operations.delete datastream.operations.get datastream.operations.list datastream.privateConnections.create datastream.privateConnections.delete datastream.privateConnections.get datastream.privateConnections.getIamPolicy datastream.privateConnections.list datastream.privateConnections.setIamPolicy datastream.routes.create datastream.routes.delete datastream.routes.get datastream.routes.getIamPolicy datastream.routes.list datastream.routes.setIamPolicy datastream.streams.computeState datastream.streams.create datastream.streams.delete datastream.streams.fetchErrors datastream.streams.get datastream.streams.getIamPolicy datastream.streams.list datastream.streams.pause datastream.streams.resume datastream.streams.setIamPolicy datastream.streams.start datastream.streams.update |
Essential Contacts | Added |
essentialcontacts.contacts.send |
Essential Contacts | Supported In Custom Roles |
essentialcontacts.contacts.send |
Essential Contacts | Now GA |
essentialcontacts.contacts.create essentialcontacts.contacts.delete essentialcontacts.contacts.get essentialcontacts.contacts.list essentialcontacts.contacts.send essentialcontacts.contacts.update |
Cloud Integrations | Added |
integrations.apigeeAuthConfigs.create integrations.apigeeAuthConfigs.delete integrations.apigeeAuthConfigs.get integrations.apigeeAuthConfigs.list integrations.apigeeAuthConfigs.update integrations.apigeeCertificates.get integrations.apigeeExecutions.list integrations.apigeeIntegrationVers.create integrations.apigeeIntegrationVers.deploy integrations.apigeeIntegrationVers.get integrations.apigeeIntegrationVers.list integrations.apigeeIntegrationVers.update integrations.apigeeIntegrations.invoke integrations.apigeeIntegrations.list integrations.apigeeSfdcChannels.create integrations.apigeeSfdcChannels.delete integrations.apigeeSfdcChannels.get integrations.apigeeSfdcChannels.list integrations.apigeeSfdcChannels.update integrations.apigeeSfdcInstances.create integrations.apigeeSfdcInstances.delete integrations.apigeeSfdcInstances.get integrations.apigeeSfdcInstances.list integrations.apigeeSfdcInstances.update integrations.apigeeSuspensions.list integrations.apigeeSuspensions.resolve |
Payments Reseller Subscription | Added |
paymentsresellersubscription.products.list paymentsresellersubscription.promotions.list paymentsresellersubscription.subscriptions.cancel paymentsresellersubscription.subscriptions.extend paymentsresellersubscription.subscriptions.get paymentsresellersubscription.subscriptions.provision paymentsresellersubscription.subscriptions.undoCancel |
Payments Reseller Subscription | Supported In Custom Roles |
paymentsresellersubscription.products.list paymentsresellersubscription.promotions.list paymentsresellersubscription.subscriptions.cancel paymentsresellersubscription.subscriptions.extend paymentsresellersubscription.subscriptions.get paymentsresellersubscription.subscriptions.provision paymentsresellersubscription.subscriptions.undoCancel |
Cloud IAM changes as of 2021-05-28
Service | Change | Description |
---|---|---|
Anthos Service Mesh | Role Updated |
The following permissions have been added to the role container.clusters.get |
Apigee | Role Updated |
The following permissions have been added to the role apigee.developersubscriptions.create apigee.developersubscriptions.get apigee.developersubscriptions.list apigee.developersubscriptions.update apigee.rateplans.get apigee.rateplans.list |
Apigee | Role Updated |
The following permissions have been added to the role iam.serviceAccounts.getAccessToken iam.serviceAccounts.getOpenIdToken |
Content Warehouse | Now GA |
The role |
Resource Settings | Now GA |
The role |
Resource Settings | Now GA |
The role |
Cloud Asset Inventory | Added |
cloudasset.assets.analyzeMove |
Cloud Asset Inventory | Now GA |
cloudasset.assets.analyzeMove |
Dialogflow | Added |
dialogflow.securitySettings.create dialogflow.securitySettings.delete dialogflow.securitySettings.get dialogflow.securitySettings.list dialogflow.securitySettings.update |
Dialogflow | Now GA |
dialogflow.securitySettings.create dialogflow.securitySettings.delete dialogflow.securitySettings.get dialogflow.securitySettings.list dialogflow.securitySettings.update |
Cloud DNS | Added |
dns.resourceRecordSets.get |
Cloud DNS | Supported In Custom Roles |
dns.resourceRecordSets.get |
Cloud DNS | Now GA |
dns.resourceRecordSets.get |
Resource Settings | Added |
resourcesettings.settings.get resourcesettings.settings.list resourcesettings.settings.update |
Resource Settings | Supported In Custom Roles |
resourcesettings.settings.get resourcesettings.settings.list |
Resource Settings | Now GA |
resourcesettings.settings.get resourcesettings.settings.list resourcesettings.settings.update |
Cloud IAM changes as of 2021-05-14
Service | Change | Description |
---|---|---|
Sensitive Data Protection | Now GA |
The role |
Sensitive Data Protection | Now GA |
The role |
Sensitive Data Protection | Now GA |
The role |
Sensitive Data Protection | Now GA |
The role |
Sensitive Data Protection | Now GA |
The role |
Security Command Center | Role Updated |
The following permissions have been added to the role resourcemanager.folders.get |
Security Command Center | Role Updated |
The following permissions have been added to the role resourcemanager.folders.get |
Security Command Center | Role Updated |
The following permissions have been added to the role resourcemanager.folders.get resourcemanag |