This page provides an archive of changes to Identity and Access Management (IAM) permissions that occurred before 2022. For more recent changes, see IAM permissions change log.
You can see the latest product updates for all of Google Cloud on the Google Cloud page, browse and filter all release notes in the Google Cloud console, or programmatically access release notes in BigQuery.
To get the latest product updates delivered to you, add the URL of this page to your
feed
reader, or add the feed URL directly: https://cloud.google.com/feeds/cloud-iam-permissions-change-log.xml
Cloud IAM changes as of 2021-12-03
| Service | Change | Description |
|---|---|---|
| Anthos Service Mesh | Role Updated |
The following permissions have been added to the role container.namespaces.create |
| Apigee | Now GA |
The role |
| Apigee | Now GA |
The role |
| Cloud Build | Role Updated |
The following permissions have been added to the role logging.logEntries.listlogging.privateLogEntries.listlogging.views.access |
| Cloud Build | Role Updated |
The following permissions have been added to the role logging.logEntries.listlogging.privateLogEntries.listlogging.views.access |
| Cloud Composer | Role Updated |
The following permissions have been added to the role orgpolicy.policy.get |
| Cloud Composer | Role Updated |
The following permissions have been added to the role logging.logEntries.listlogging.privateLogEntries.listlogging.views.accessorgpolicy.policy.get |
| Dataflow | Role Updated |
The following permissions have been added to the role orgpolicy.policy.get |
| Cloud Data Fusion | Role Updated |
The following permissions have been added to the role orgpolicy.policy.get |
| Data Pipelines | Role Updated |
The following permissions have been added to the role orgpolicy.policy.get |
| Dataprep by Trifacta | Role Updated |
The following permissions have been added to the role orgpolicy.policy.get |
| Dataproc | Role Updated |
The following permissions have been added to the role orgpolicy.policy.get |
| Sensitive Data Protection | Role Updated |
The following permissions have been added to the role orgpolicy.policy.get |
| Firebase | Role Updated |
The following permissions have been added to the role orgpolicy.policy.get |
| Firebase | Role Updated |
The following permissions have been added to the role orgpolicy.policy.get |
| Firebase | Role Updated |
The following permissions have been added to the role orgpolicy.policy.get |
| AI Platform | Role Updated |
The following permissions have been added to the role orgpolicy.policy.get |
| Cloud Storage | Role Updated |
The following permissions have been added to the role orgpolicy.policy.get |
| Cloud Storage | Role Updated |
The following permissions have been added to the role orgpolicy.policy.get |
| Cloud Storage | Role Updated |
The following permissions have been added to the role orgpolicy.policy.get |
| Cloud Storage | Role Updated |
The following permissions have been added to the role orgpolicy.policy.get |
| Visual Inspection AI | Role Updated |
The following permissions have been added to the role orgpolicy.policy.get |
| Certificate Manager | Added |
certificatemanager.certmapentries.createcertificatemanager.certmapentries.deletecertificatemanager.certmapentries.getcertificatemanager.certmapentries.getIamPolicycertificatemanager.certmapentries.listcertificatemanager.certmapentries.setIamPolicycertificatemanager.certmapentries.updatecertificatemanager.certmaps.createcertificatemanager.certmaps.deletecertificatemanager.certmaps.getcertificatemanager.certmaps.getIamPolicycertificatemanager.certmaps.listcertificatemanager.certmaps.setIamPolicycertificatemanager.certmaps.updatecertificatemanager.certmaps.usecertificatemanager.certs.createcertificatemanager.certs.deletecertificatemanager.certs.getcertificatemanager.certs.getIamPolicycertificatemanager.certs.listcertificatemanager.certs.setIamPolicycertificatemanager.certs.updatecertificatemanager.certs.usecertificatemanager.dnsauthorizations.createcertificatemanager.dnsauthorizations.deletecertificatemanager.dnsauthorizations.getcertificatemanager.dnsauthorizations.getIamPolicycertificatemanager.dnsauthorizations.listcertificatemanager.dnsauthorizations.setIamPolicycertificatemanager.dnsauthorizations.updatecertificatemanager.dnsauthorizations.usecertificatemanager.locations.getcertificatemanager.locations.listcertificatemanager.operations.cancelcertificatemanager.operations.deletecertificatemanager.operations.getcertificatemanager.operations.list |
| Certificate Manager | Supported In Custom Roles |
certificatemanager.certmapentries.createcertificatemanager.certmapentries.deletecertificatemanager.certmapentries.getcertificatemanager.certmapentries.getIamPolicycertificatemanager.certmapentries.listcertificatemanager.certmapentries.setIamPolicycertificatemanager.certmapentries.updatecertificatemanager.certmaps.createcertificatemanager.certmaps.deletecertificatemanager.certmaps.getcertificatemanager.certmaps.getIamPolicycertificatemanager.certmaps.listcertificatemanager.certmaps.setIamPolicycertificatemanager.certmaps.updatecertificatemanager.certmaps.usecertificatemanager.certs.createcertificatemanager.certs.deletecertificatemanager.certs.getcertificatemanager.certs.getIamPolicycertificatemanager.certs.listcertificatemanager.certs.setIamPolicycertificatemanager.certs.updatecertificatemanager.certs.usecertificatemanager.dnsauthorizations.createcertificatemanager.dnsauthorizations.deletecertificatemanager.dnsauthorizations.getcertificatemanager.dnsauthorizations.getIamPolicycertificatemanager.dnsauthorizations.listcertificatemanager.dnsauthorizations.setIamPolicycertificatemanager.dnsauthorizations.updatecertificatemanager.dnsauthorizations.usecertificatemanager.locations.getcertificatemanager.locations.listcertificatemanager.operations.cancelcertificatemanager.operations.deletecertificatemanager.operations.getcertificatemanager.operations.list |
| Compute Engine | Added |
compute.commitments.update |
| Compute Engine | Supported In Custom Roles |
compute.commitments.update |
| Compute Engine | Now GA |
compute.commitments.update |
| Cloud Commerce Consumer Procurement | Added |
consumerprocurement.orderAttributions.getconsumerprocurement.orderAttributions.listconsumerprocurement.orderAttributions.update |
| Cloud Commerce Consumer Procurement | Supported In Custom Roles |
consumerprocurement.orderAttributions.getconsumerprocurement.orderAttributions.listconsumerprocurement.orderAttributions.update |
| Data Connectors | Added |
dataconnectors.connectors.createdataconnectors.connectors.deletedataconnectors.connectors.getdataconnectors.connectors.getIamPolicydataconnectors.connectors.listdataconnectors.connectors.setIamPolicydataconnectors.connectors.updatedataconnectors.connectors.usedataconnectors.locations.getdataconnectors.locations.listdataconnectors.operations.canceldataconnectors.operations.deletedataconnectors.operations.getdataconnectors.operations.list |
| Data Connectors | Supported In Custom Roles |
dataconnectors.connectors.createdataconnectors.connectors.deletedataconnectors.connectors.getdataconnectors.connectors.getIamPolicydataconnectors.connectors.listdataconnectors.connectors.setIamPolicydataconnectors.connectors.updatedataconnectors.connectors.usedataconnectors.locations.getdataconnectors.locations.listdataconnectors.operations.canceldataconnectors.operations.deletedataconnectors.operations.getdataconnectors.operations.list |
| Dataflow | Added |
dataflow.shuffle.readdataflow.shuffle.writedataflow.streamingWorkItems.commitWorkdataflow.streamingWorkItems.getDatadataflow.streamingWorkItems.getWorkdataflow.workItems.leasedataflow.workItems.sendMessagedataflow.workItems.update |
| Network Services | Added |
networkservices.serviceBindings.createnetworkservices.serviceBindings.deletenetworkservices.serviceBindings.getnetworkservices.serviceBindings.listnetworkservices.serviceBindings.update |
| VM Migration | Added |
vmmigration.datacenterConnectors.update |
| VM Migration | Supported In Custom Roles |
vmmigration.datacenterConnectors.update |
Cloud IAM changes as of 2021-11-12
| Service | Change | Description |
|---|---|---|
| Vertex AI | Role Updated |
The following permissions have been added to the role resourcemanager.projects.getresourcemanager.projects.list |
| Vertex AI | Role Updated |
The following permissions have been added to the role resourcemanager.projects.getresourcemanager.projects.list |
| Vertex AI | Role Updated |
The following permissions have been added to the role resourcemanager.projects.getresourcemanager.projects.list |
| Vertex AI | Role Updated |
The following permissions have been added to the role resourcemanager.projects.getresourcemanager.projects.list |
| Anthos Service Mesh | Role Updated |
The following permissions have been added to the role container.clusterRoles.update |
| Apigee | Now GA |
The role |
| Apigee | Now GA |
The role |
| Apigee | Role Updated |
The following permissions have been added to the role apigee.environments.update |
| Binary Authorization | Role Updated |
The following permissions have been added to the role cloudasset.feeds.createcloudasset.feeds.deletecloudasset.feeds.getcloudasset.feeds.update |
| Compute Engine | Role Updated |
The following permissions have been added to the role networksecurity.clientTlsPolicies.getnetworksecurity.clientTlsPolicies.listnetworksecurity.clientTlsPolicies.usenetworksecurity.serverTlsPolicies.getnetworksecurity.serverTlsPolicies.listnetworksecurity.serverTlsPolicies.use |
| Datastore | Now GA |
The role |
| Dialogflow | Role Updated |
The following permissions have been added to the role dlp.deidentifyTemplates.getdlp.deidentifyTemplates.list |
| Sensitive Data Protection | Role Updated |
The following permissions have been added to the role dlp.deidentifyTemplates.getdlp.deidentifyTemplates.list |
| Google Earth Engine | Role Updated |
The following permissions have been added to the role serviceusage.services.get |
| Enterprise Knowledge Graph | Role Updated |
The following permissions have been added to the role bigquery.readsessions.getData |
| Firebase App Check | Now GA |
The role |
| GKE Multi-Cloud | Now GA |
The role |
| GKE Multi-Cloud | Now GA |
The role |
| GKE Multi-Cloud | Now GA |
The role |
| Dataproc Metastore | Role Updated |
The following permissions have been added to the role servicedirectory.namespaces.createservicedirectory.namespaces.deleteservicedirectory.services.createservicedirectory.services.delete |
| Cloud Monitoring | Role Updated |
The following permissions have been added to the role servicedirectory.networks.accessservicedirectory.services.resolve |
| Multi Cluster Ingress | Role Updated |
The following permissions have been added to the role compute.subnetworks.use |
| Network Connectivity Center | Role Updated |
The following permissions have been added to the role networkconnectivity.operations.getnetworkconnectivity.operations.list |
| Security Command Center | Now GA |
The role |
| Security Command Center | Now GA |
The role |
| Security Command Center | Now GA |
The role |
| Security Command Center | Now GA |
The role |
| Security Command Center | Now GA |
The role |
| Web Security Scanner | Role Updated |
The following permissions have been added to the role cloudasset.assets.listResource |
| Vertex AI | Added |
aiplatform.tensorboardRuns.batchCreateaiplatform.tensorboardTimeSeries.batchCreateaiplatform.tensorboardTimeSeries.batchRead |
| Apigee | Added |
apigee.developerbalances.adjust |
| Apigee | Supported In Custom Roles |
apigee.developerbalances.adjust |
| Apigee | Now GA |
apigee.developerbalances.adjust |
| Artifact Registry | Added |
artifactregistry.dockerimages.getartifactregistry.dockerimages.list |
| Artifact Registry | Now GA |
artifactregistry.dockerimages.getartifactregistry.dockerimages.list |
| Compute Engine | Added |
compute.disks.createTagBindingcompute.disks.deleteTagBindingcompute.disks.listTagBindingscompute.images.createTagBindingcompute.images.deleteTagBindingcompute.images.listTagBindingscompute.snapshots.createTagBindingcompute.snapshots.deleteTagBindingcompute.snapshots.listTagBindings |
| Compute Engine | Now GA |
compute.disks.createTagBindingcompute.disks.deleteTagBindingcompute.disks.listTagBindingscompute.images.createTagBindingcompute.images.deleteTagBindingcompute.images.listTagBindingscompute.machineImages.createcompute.machineImages.deletecompute.machineImages.getcompute.machineImages.getIamPolicycompute.machineImages.listcompute.machineImages.setIamPolicycompute.machineImages.useReadOnlycompute.snapshots.createTagBindingcompute.snapshots.deleteTagBindingcompute.snapshots.listTagBindings |
| Datastore | Added |
datastore.keyVisualizerScans.getdatastore.keyVisualizerScans.list |
| Datastore | Now GA |
datastore.keyVisualizerScans.getdatastore.keyVisualizerScans.list |
| Datastream | Added |
datastream.objects.getdatastream.objects.listdatastream.objects.startBackfillJobdatastream.objects.stopBackfillJob |
| Document AI | Added |
documentai.datasetSchemas.getdocumentai.datasetSchemas.updatedocumentai.datasets.getdocumentai.datasets.updatedocumentai.processorTypes.get |
| Firebase App Check | Added |
firebaseappcheck.recaptchaEnterpriseConfig.getfirebaseappcheck.recaptchaEnterpriseConfig.update |
| Firebase App Check | Supported In Custom Roles |
firebaseappcheck.recaptchaEnterpriseConfig.getfirebaseappcheck.recaptchaEnterpriseConfig.update |
| GKE Hub | Added |
gkehub.fleet.creategkehub.fleet.deletegkehub.fleet.getgkehub.fleet.update |
| GKE Hub | Now GA |
gkehub.fleet.creategkehub.fleet.deletegkehub.fleet.getgkehub.fleet.update |
| GKE Multi-Cloud | Added |
gkemulticloud.awsClusters.generateAccessTokengkemulticloud.azureClusters.generateAccessToken |
| GKE Multi-Cloud | Now GA |
gkemulticloud.awsClusters.creategkemulticloud.awsClusters.deletegkemulticloud.awsClusters.generateAccessTokengkemulticloud.awsClusters.getgkemulticloud.awsClusters.getAdminKubeconfiggkemulticloud.awsClusters.listgkemulticloud.awsClusters.updategkemulticloud.awsNodePools.creategkemulticloud.awsNodePools.deletegkemulticloud.awsNodePools.getgkemulticloud.awsNodePools.listgkemulticloud.awsNodePools.updategkemulticloud.awsServerConfigs.getgkemulticloud.azureClients.creategkemulticloud.azureClients.deletegkemulticloud.azureClients.getgkemulticloud.azureClients.listgkemulticloud.azureClusters.creategkemulticloud.azureClusters.deletegkemulticloud.azureClusters.generateAccessTokengkemulticloud.azureClusters.getgkemulticloud.azureClusters.getAdminKubeconfiggkemulticloud.azureClusters.listgkemulticloud.azureClusters.updategkemulticloud.azureNodePools.creategkemulticloud.azureNodePools.deletegkemulticloud.azureNodePools.getgkemulticloud.azureNodePools.listgkemulticloud.azureNodePools.updategkemulticloud.azureServerConfigs.getgkemulticloud.operations.cancelgkemulticloud.operations.deletegkemulticloud.operations.getgkemulticloud.operations.listgkemulticloud.operations.wait |
| Identity and Access Management | Added |
iam.denypolicies.createiam.denypolicies.deleteiam.denypolicies.getiam.denypolicies.listiam.denypolicies.replaceiam.denypolicies.update |
| Identity and Access Management | Added |
iam.googleapis.com/denypolicies.createiam.googleapis.com/denypolicies.deleteiam.googleapis.com/denypolicies.getiam.googleapis.com/denypolicies.listiam.googleapis.com/denypolicies.replace |
| Cloud Run | Added |
run.operations.deleterun.operations.getrun.operations.list |
| Cloud Run | Now GA |
run.operations.deleterun.operations.getrun.operations.list |
| Security Command Center | Added |
securitycenter.findingexternalsystems.updatesecuritycenter.findings.bulkMuteUpdatesecuritycenter.findings.setMutesecuritycenter.muteconfigs.createsecuritycenter.muteconfigs.deletesecuritycenter.muteconfigs.getsecuritycenter.muteconfigs.listsecuritycenter.muteconfigs.update |
| Security Command Center | Supported In Custom Roles |
securitycenter.findingexternalsystems.updatesecuritycenter.findings.bulkMuteUpdatesecuritycenter.findings.setMutesecuritycenter.muteconfigs.createsecuritycenter.muteconfigs.deletesecuritycenter.muteconfigs.getsecuritycenter.muteconfigs.listsecuritycenter.muteconfigs.update |
| Security Command Center | Now GA |
securitycenter.findingexternalsystems.updatesecuritycenter.findings.bulkMuteUpdatesecuritycenter.findings.setMutesecuritycenter.muteconfigs.createsecuritycenter.muteconfigs.deletesecuritycenter.muteconfigs.getsecuritycenter.muteconfigs.listsecuritycenter.muteconfigs.update |
| Video Stitcher API | Added |
videostitcher.cdnKeys.createvideostitcher.cdnKeys.deletevideostitcher.cdnKeys.getvideostitcher.cdnKeys.listvideostitcher.cdnKeys.updatevideostitcher.liveAdTagDetails.getvideostitcher.liveAdTagDetails.listvideostitcher.liveSessions.createvideostitcher.liveSessions.getvideostitcher.slates.createvideostitcher.slates.deletevideostitcher.slates.getvideostitcher.slates.listvideostitcher.slates.updatevideostitcher.vodAdTagDetails.getvideostitcher.vodAdTagDetails.listvideostitcher.vodSessions.createvideostitcher.vodSessions.getvideostitcher.vodStitchDetails.getvideostitcher.vodStitchDetails.list |
Cloud IAM changes as of 2021-10-22
| Service | Change | Description |
|---|---|---|
| Anthos Support | Now GA |
The role |
| Cloud Functions | Role Updated |
The following permissions have been added to the role source.repos.getsource.repos.list |
| Cloud Key Management Service | Now GA |
The role |
| Cloud Key Management Service | Now GA |
The role |
| Cloud Key Management Service | Now GA |
The role |
| Cloud Key Management Service | Now GA |
The role |
| Cloud Key Management Service | Now GA |
The role |
| Cloud Data Fusion | Role Updated |
The following permissions have been added to the role dataproc.operations.cancel |
| Data Pipelines | Now GA |
The role |
| Data Pipelines | Now GA |
The role |
| Data Pipelines | Now GA |
The role |
| Dataproc | Role Updated |
The following permissions have been added to the role dataproc.operations.cancel |
| Dataproc | Role Updated |
The following permissions have been added to the role dataproc.autoscalingPolicies.createdataproc.autoscalingPolicies.deletedataproc.autoscalingPolicies.getIamPolicydataproc.autoscalingPolicies.update |
| Customer Usage Data Processing | Now GA |
The role |
| Dialogflow | Role Updated |
The following permissions have been added to the role storage.objects.create |
| Cloud Domains | Now GA |
The role |
| Cloud Domains | Now GA |
The role |
| Game Servers | Role Updated |
The following permissions have been added to the role iam.serviceAccounts.actAs |
| Managed Service for Microsoft Active Directory | Now GA |
The role |
| Managed Service for Microsoft Active Directory | Now GA |
The role |
| Multi Cluster Ingress | Role Updated |
The following permissions have been added to the role compute.addresses.createInternalcompute.addresses.deleteInternalcompute.addresses.useInternal |
| Security Command Center | Now GA |
The role |
| Cloud Key Management Service | Added |
cloudkms.cryptoKeyVersions.manageRawPKCS1Keyscloudkms.cryptoKeyVersions.useToDecryptViaDelegationcloudkms.cryptoKeyVersions.useToEncryptViaDelegation |
| Cloud Key Management Service | Supported In Custom Roles |
cloudkms.cryptoKeyVersions.manageRawPKCS1Keyscloudkms.cryptoKeyVersions.useToDecryptViaDelegationcloudkms.cryptoKeyVersions.useToEncryptViaDelegation |
| Cloud Key Management Service | Now GA |
cloudkms.cryptoKeyVersions.manageRawPKCS1Keyscloudkms.cryptoKeyVersions.useToDecryptViaDelegationcloudkms.cryptoKeyVersions.useToEncryptViaDelegation |
| Compute Engine | Added |
compute.reservations.update |
| Compute Engine | Supported In Custom Roles |
compute.reservations.update |
| Data Pipelines | Now GA |
datapipelines.pipelines.createdatapipelines.pipelines.deletedatapipelines.pipelines.getdatapipelines.pipelines.listdatapipelines.pipelines.rundatapipelines.pipelines.stopdatapipelines.pipelines.update |
| Cloud Domains | Supported In Custom Roles |
domains.locations.getdomains.locations.listdomains.operations.canceldomains.operations.getdomains.operations.list |
| Cloud Domains | Now GA |
domains.locations.getdomains.locations.listdomains.operations.canceldomains.operations.getdomains.operations.listdomains.registrations.configureContactdomains.registrations.configureDnsdomains.registrations.configureManagementdomains.registrations.createdomains.registrations.deletedomains.registrations.getdomains.registrations.getIamPolicydomains.registrations.listdomains.registrations.setIamPolicydomains.registrations.update |
| Firebase Cloud Messaging | Added |
firebasecloudmessaging.messages.create |
| Managed Service for Microsoft Active Directory | Now GA |
managedidentities.peerings.createmanagedidentities.peerings.deletemanagedidentities.peerings.getmanagedidentities.peerings.getIamPolicymanagedidentities.peerings.listmanagedidentities.peerings.setIamPolicymanagedidentities.peerings.update |
| reCAPTCHA Enterprise | Added |
recaptchaenterprise.relatedaccountgroupmemberships.listrecaptchaenterprise.relatedaccountgroups.list |
Cloud IAM changes as of 2021-10-01
| Service | Change | Description |
|---|---|---|
| Vertex AI | Role Updated |
The following permissions have been added to the role compute.machineTypes.getdataflow.jobs.canceldataflow.jobs.createdataflow.jobs.getdataflow.jobs.listdataflow.jobs.snapshotdataflow.jobs.updateContentsdataflow.messages.listdataflow.metrics.getdataflow.snapshots.deletedataflow.snapshots.getdataflow.snapshots.list |
| Artifact Registry | Role Updated |
The following permissions have been added to the role artifactregistry.repositories.downloadArtifacts |
| Cloud TPU | Role Updated |
The following permissions have been added to the role servicedirectory.namespaces.createservicedirectory.namespaces.deleteservicedirectory.services.createservicedirectory.services.delete |
| Cloud Composer | Role Updated |
The following permissions have been added to the role servicedirectory.namespaces.createservicedirectory.namespaces.deleteservicedirectory.services.createservicedirectory.services.delete |
| Compute Engine | Role Updated |
The following permissions have been added to the role servicedirectory.namespaces.createservicedirectory.namespaces.deleteservicedirectory.services.createservicedirectory.services.delete |
| Connectors | Now GA |
The role |
| Connectors | Now GA |
The role |
| Google Kubernetes Engine | Role Updated |
The following permissions have been added to the role servicedirectory.namespaces.createservicedirectory.namespaces.deleteservicedirectory.services.createservicedirectory.services.delete |
| Dataflow | Role Updated |
The following permissions have been added to the role servicedirectory.namespaces.createservicedirectory.namespaces.deleteservicedirectory.services.createservicedirectory.services.delete |
| Sensitive Data Protection | Role Updated |
The following permissions have been added to the role datacatalog.categories.fineGrainedGet |
| Firebase Mods | Role Updated |
The following permissions have been added to the role resourcemanager.projects.updateLiens |
| GKE Hub | Now GA |
The role |
| Transcoder API | Role Updated |
The following permissions have been added to the role transcoder.jobs.delete |
| Basic Role | Role Updated |
The following permissions have been added to the role firebaserules.rulesets.test |
| Connectors | Added |
connectors.connections.createconnectors.connections.deleteconnectors.connections.getconnectors.connections.getConnectionSchemaMetadataconnectors.connections.getIamPolicyconnectors.connections.getRuntimeActionSchemaconnectors.connections.getRuntimeEntitySchemaconnectors.connections.listconnectors.connections.setIamPolicyconnectors.connections.updateconnectors.connectors.getconnectors.connectors.listconnectors.locations.getconnectors.locations.listconnectors.operations.cancelconnectors.operations.deleteconnectors.operations.getconnectors.operations.listconnectors.providers.getconnectors.providers.listconnectors.runtimeconfig.getconnectors.versions.getconnectors.versions.list |
| Connectors | Supported In Custom Roles |
connectors.connections.createconnectors.connections.deleteconnectors.connections.getconnectors.connections.getConnectionSchemaMetadataconnectors.connections.getIamPolicyconnectors.connections.getRuntimeActionSchemaconnectors.connections.getRuntimeEntitySchemaconnectors.connections.listconnectors.connections.setIamPolicyconnectors.connections.updateconnectors.connectors.getconnectors.connectors.listconnectors.locations.getconnectors.locations.listconnectors.operations.cancelconnectors.operations.deleteconnectors.operations.getconnectors.operations.listconnectors.providers.getconnectors.providers.listconnectors.runtimeconfig.getconnectors.versions.getconnectors.versions.list |
| Connectors | Now GA |
connectors.connections.createconnectors.connections.deleteconnectors.connections.getconnectors.connections.getConnectionSchemaMetadataconnectors.connections.getIamPolicyconnectors.connections.getRuntimeActionSchemaconnectors.connections.getRuntimeEntitySchemaconnectors.connections.listconnectors.connections.setIamPolicyconnectors.connections.updateconnectors.connectors.getconnectors.connectors.listconnectors.locations.getconnectors.locations.listconnectors.operations.cancelconnectors.operations.deleteconnectors.operations.getconnectors.operations.listconnectors.providers.getconnectors.providers.listconnectors.runtimeconfig.getconnectors.versions.getconnectors.versions.list |
Cloud IAM changes as of 2021-09-24
| Service | Change | Description |
|---|---|---|
| Anthos Service Mesh | Role Updated |
The following permissions have been added to the role container.clusterRoleBindings.createcontainer.clusterRoleBindings.deletecontainer.clusterRoleBindings.getcontainer.clusterRoleBindings.listcontainer.clusterRoleBindings.updatecontainer.clusterRoles.bindcontainer.clusterRoles.createcontainer.clusterRoles.deletecontainer.clusterRoles.escalatecontainer.clusterRoles.getcontainer.clusterRoles.listcontainer.configMaps.createcontainer.configMaps.deletecontainer.configMaps.updatecontainer.daemonSets.createcontainer.daemonSets.deletecontainer.daemonSets.getcontainer.daemonSets.getStatuscontainer.daemonSets.listcontainer.daemonSets.updatecontainer.serviceAccounts.createcontainer.serviceAccounts.deletecontainer.serviceAccounts.getcontainer.serviceAccounts.listcontainer.serviceAccounts.update |
| Cloud SQL | Role Updated |
The following permissions have been added to the role recommender.cloudsqlIdleInstanceRecommendations.getrecommender.cloudsqlIdleInstanceRecommendations.listrecommender.cloudsqlIdleInstanceRecommendations.updaterecommender.cloudsqlInstanceActivityInsights.getrecommender.cloudsqlInstanceActivityInsights.listrecommender.cloudsqlInstanceActivityInsights.updaterecommender.cloudsqlInstanceCpuUsageInsights.getrecommender.cloudsqlInstanceCpuUsageInsights.listrecommender.cloudsqlInstanceCpuUsageInsights.updaterecommender.cloudsqlInstanceMemoryUsageInsights.getrecommender.cloudsqlInstanceMemoryUsageInsights.listrecommender.cloudsqlInstanceMemoryUsageInsights.updaterecommender.cloudsqlOverprovisionedInstanceRecommendations.getrecommender.cloudsqlOverprovisionedInstanceRecommendations.listrecommender.cloudsqlOverprovisionedInstanceRecommendations.update |
| Cloud SQL | Role Updated |
The following permissions have been added to the role recommender.cloudsqlIdleInstanceRecommendations.getrecommender.cloudsqlIdleInstanceRecommendations.listrecommender.cloudsqlIdleInstanceRecommendations.updaterecommender.cloudsqlInstanceActivityInsights.getrecommender.cloudsqlInstanceActivityInsights.listrecommender.cloudsqlInstanceActivityInsights.updaterecommender.cloudsqlInstanceCpuUsageInsights.getrecommender.cloudsqlInstanceCpuUsageInsights.listrecommender.cloudsqlInstanceCpuUsageInsights.updaterecommender.cloudsqlInstanceMemoryUsageInsights.getrecommender.cloudsqlInstanceMemoryUsageInsights.listrecommender.cloudsqlInstanceMemoryUsageInsights.updaterecommender.cloudsqlOverprovisionedInstanceRecommendations.getrecommender.cloudsqlOverprovisionedInstanceRecommendations.listrecommender.cloudsqlOverprovisionedInstanceRecommendations.update |
| Cloud SQL | Role Updated |
The following permissions have been added to the role recommender.cloudsqlIdleInstanceRecommendations.getrecommender.cloudsqlIdleInstanceRecommendations.listrecommender.cloudsqlInstanceActivityInsights.getrecommender.cloudsqlInstanceActivityInsights.listrecommender.cloudsqlInstanceCpuUsageInsights.getrecommender.cloudsqlInstanceCpuUsageInsights.listrecommender.cloudsqlInstanceMemoryUsageInsights.getrecommender.cloudsqlInstanceMemoryUsageInsights.listrecommender.cloudsqlOverprovisionedInstanceRecommendations.getrecommender.cloudsqlOverprovisionedInstanceRecommendations.list |
| Cloud Composer | Role Updated |
The following permissions have been added to the role logging.notificationRules.createlogging.notificationRules.deletelogging.notificationRules.getlogging.notificationRules.listlogging.notificationRules.updaterecommender.cloudsqlIdleInstanceRecommendations.getrecommender.cloudsqlIdleInstanceRecommendations.listrecommender.cloudsqlIdleInstanceRecommendations.updaterecommender.cloudsqlInstanceActivityInsights.getrecommender.cloudsqlInstanceActivityInsights.listrecommender.cloudsqlInstanceActivityInsights.updaterecommender.cloudsqlInstanceCpuUsageInsights.getrecommender.cloudsqlInstanceCpuUsageInsights.listrecommender.cloudsqlInstanceCpuUsageInsights.updaterecommender.cloudsqlInstanceMemoryUsageInsights.getrecommender.cloudsqlInstanceMemoryUsageInsights.listrecommender.cloudsqlInstanceMemoryUsageInsights.updaterecommender.cloudsqlOverprovisionedInstanceRecommendations.getrecommender.cloudsqlOverprovisionedInstanceRecommendations.listrecommender.cloudsqlOverprovisionedInstanceRecommendations.update |
| Google Kubernetes Engine | Role Updated |
The following permissions have been added to the role dns.responsePolicies.createdns.responsePolicies.deletedns.responsePolicies.getdns.responsePolicies.listdns.responsePolicies.updatedns.responsePolicyRules.createdns.responsePolicyRules.deletedns.responsePolicyRules.getdns.responsePolicyRules.listdns.responsePolicyRules.update |
| Dataflow | Role Updated |
The following permissions have been added to the role logging.notificationRules.createlogging.notificationRules.deletelogging.notificationRules.getlogging.notificationRules.listlogging.notificationRules.update |
| Firebase Mods | Role Updated |
The following permissions have been added to the role iam.serviceAccounts.createiam.serviceAccounts.getiam.serviceAccounts.list |
| Game Servers | Role Updated |
The following permissions have been added to the role container.mutatingWebhookConfigurations.createcontainer.mutatingWebhookConfigurations.deletecontainer.mutatingWebhookConfigurations.update |
| Cloud Logging | Role Updated |
The following permissions have been added to the role logging.notificationRules.createlogging.notificationRules.deletelogging.notificationRules.getlogging.notificationRules.listlogging.notificationRules.update |
| Dataproc Metastore | Role Updated |
The following permissions have been added to the role compute.addresses.createInternalcompute.addresses.deleteInternalcompute.addresses.getcompute.addresses.usecompute.forwardingRules.createcompute.forwardingRules.deletecompute.forwardingRules.getcompute.forwardingRules.pscCreatecompute.forwardingRules.pscDeletecompute.regionOperations.getcompute.subnetworks.getcompute.subnetworks.use |
| Multi Cluster Ingress | Role Updated |
The following permissions have been added to the role compute.addresses.usecompute.regionSslCertificates.createcompute.regionSslCertificates.deletecompute.regionSslCertificates.getcompute.regionSslCertificates.list |
| Recommender | Role Added |
The role cloudresourcemanager.googleapis.com/projects.getcloudresourcemanager.googleapis.com/projects.listrecommender.bigqueryCapacityCommitmentsInsights.getrecommender.bigqueryCapacityCommitmentsInsights.listrecommender.bigqueryCapacityCommitmentsInsights.updaterecommender.bigqueryCapacityCommitmentsRecommendations.getrecommender.bigqueryCapacityCommitmentsRecommendations.listrecommender.bigqueryCapacityCommitmentsRecommendations.updaterecommender.googleapis.com/bigqueryCapacityCommitmentsInsights.getrecommender.googleapis.com/bigqueryCapacityCommitmentsInsights.listrecommender.googleapis.com/bigqueryCapacityCommitmentsInsights.updaterecommender.googleapis.com/bigqueryCapacityCommitmentsRecommendations.getrecommender.googleapis.com/bigqueryCapacityCommitmentsRecommendations.listrecommender.googleapis.com/bigqueryCapacityCommitmentsRecommendations.updaterecommender.googleapis.com/locations.getrecommender.googleapis.com/locations.listrecommender.locations.getrecommender.locations.listresourcemanager.projects.getresourcemanager.projects.list |
| Recommender | Role Added |
The role cloudresourcemanager.googleapis.com/projects.getcloudresourcemanager.googleapis.com/projects.listrecommender.bigqueryCapacityCommitmentsInsights.getrecommender.bigqueryCapacityCommitmentsInsights.listrecommender.bigqueryCapacityCommitmentsRecommendations.getrecommender.bigqueryCapacityCommitmentsRecommendations.listrecommender.googleapis.com/bigqueryCapacityCommitmentsInsights.getrecommender.googleapis.com/bigqueryCapacityCommitmentsInsights.listrecommender.googleapis.com/bigqueryCapacityCommitmentsRecommendations.getrecommender.googleapis.com/bigqueryCapacityCommitmentsRecommendations.listrecommender.googleapis.com/locations.getrecommender.googleapis.com/locations.listrecommender.locations.getrecommender.locations.listresourcemanager.projects.getresourcemanager.projects.list |
| Datastore | Added |
datastore.databases.getMetadata |
| Datastore | Now GA |
datastore.databases.getMetadata |
| Cloud Integrations | Added |
integrations.securityAuthConfigs.createintegrations.securityAuthConfigs.deleteintegrations.securityAuthConfigs.getintegrations.securityAuthConfigs.listintegrations.securityAuthConfigs.updateintegrations.securityExecutions.cancelintegrations.securityExecutions.getintegrations.securityExecutions.listintegrations.securityIntegTempVers.createintegrations.securityIntegTempVers.getintegrations.securityIntegTempVers.listintegrations.securityIntegrationVers.createintegrations.securityIntegrationVers.deployintegrations.securityIntegrationVers.getintegrations.securityIntegrationVers.listintegrations.securityIntegrationVers.updateintegrations.securityIntegrations.invokeintegrations.securityIntegrations.list |
| Recommender | Added |
recommender.bigqueryCapacityCommitmentsInsights.getrecommender.bigqueryCapacityCommitmentsInsights.listrecommender.bigqueryCapacityCommitmentsInsights.updaterecommender.bigqueryCapacityCommitmentsRecommendations.getrecommender.bigqueryCapacityCommitmentsRecommendations.listrecommender.bigqueryCapacityCommitmentsRecommendations.updaterecommender.cloudsqlIdleInstanceRecommendations.getrecommender.cloudsqlIdleInstanceRecommendations.listrecommender.cloudsqlIdleInstanceRecommendations.updaterecommender.cloudsqlInstanceActivityInsights.getrecommender.cloudsqlInstanceActivityInsights.listrecommender.cloudsqlInstanceActivityInsights.updaterecommender.cloudsqlInstanceCpuUsageInsights.getrecommender.cloudsqlInstanceCpuUsageInsights.listrecommender.cloudsqlInstanceCpuUsageInsights.updaterecommender.cloudsqlInstanceMemoryUsageInsights.getrecommender.cloudsqlInstanceMemoryUsageInsights.listrecommender.cloudsqlInstanceMemoryUsageInsights.updaterecommender.cloudsqlOverprovisionedInstanceRecommendations.getrecommender.cloudsqlOverprovisionedInstanceRecommendations.listrecommender.cloudsqlOverprovisionedInstanceRecommendations.update |
| Recommender | Supported In Custom Roles |
recommender.bigqueryCapacityCommitmentsInsights.getrecommender.bigqueryCapacityCommitmentsInsights.listrecommender.bigqueryCapacityCommitmentsInsights.updaterecommender.bigqueryCapacityCommitmentsRecommendations.getrecommender.bigqueryCapacityCommitmentsRecommendations.listrecommender.bigqueryCapacityCommitmentsRecommendations.updaterecommender.cloudsqlIdleInstanceRecommendations.getrecommender.cloudsqlIdleInstanceRecommendations.listrecommender.cloudsqlIdleInstanceRecommendations.updaterecommender.cloudsqlInstanceActivityInsights.getrecommender.cloudsqlInstanceActivityInsights.listrecommender.cloudsqlInstanceActivityInsights.updaterecommender.cloudsqlInstanceCpuUsageInsights.getrecommender.cloudsqlInstanceCpuUsageInsights.listrecommender.cloudsqlInstanceCpuUsageInsights.updaterecommender.cloudsqlInstanceMemoryUsageInsights.getrecommender.cloudsqlInstanceMemoryUsageInsights.listrecommender.cloudsqlInstanceMemoryUsageInsights.updaterecommender.cloudsqlOverprovisionedInstanceRecommendations.getrecommender.cloudsqlOverprovisionedInstanceRecommendations.listrecommender.cloudsqlOverprovisionedInstanceRecommendations.update |
Cloud IAM changes as of 2021-09-10
| Service | Change | Description |
|---|---|---|
| BigQuery | Added |
bigquery.tables.createSnapshotbigquery.tables.deleteSnapshotbigquery.tables.restoreSnapshot |
| BigQuery | Supported In Custom Roles |
bigquery.tables.createSnapshotbigquery.tables.deleteSnapshotbigquery.tables.restoreSnapshot |
| Firebase | Added |
firebase.playLinks.getfirebase.playLinks.listfirebase.playLinks.update |
| Firebase | Supported In Custom Roles |
firebase.playLinks.getfirebase.playLinks.listfirebase.playLinks.update |
| Firebase | Now GA |
firebase.playLinks.getfirebase.playLinks.listfirebase.playLinks.update |
Cloud IAM changes as of 2021-08-30
| Service | Change | Description |
|---|---|---|
| Cloud Build | Role Updated |
The following permissions have been added to the role binaryauthorization.attestors.createbinaryauthorization.attestors.deletebinaryauthorization.attestors.getbinaryauthorization.attestors.listbinaryauthorization.attestors.updatebinaryauthorization.attestors.verifyImageAttestedcontaineranalysis.notes.attachOccurrencecontaineranalysis.notes.createcontaineranalysis.notes.deletecontaineranalysis.notes.getcontaineranalysis.notes.listcontaineranalysis.notes.update |
| Data Catalog | Role Updated |
The following permissions have been added to the role bigquery.connections.getbigquery.routines.get |
| Data Catalog | Role Updated |
The following permissions have been added to the role bigquery.connections.getbigquery.routines.get |
| GKE Hub | Now GA |
The role |
| GKE Hub | Role Updated |
The following permissions have been added to the role gkemulticloud.awsClusters.getgkemulticloud.azureClusters.get |
| Multi Cluster Ingress | Role Updated |
The following permissions have been added to the role compute.sslPolicies.use |
| Cloud OS Config | Now GA |
The role |
| Cloud OS Config | Now GA |
The role |
| Security Command Center | Now GA |
The role |
| Storage Transfer Service | Role Updated |
The following permissions have been added to the role storagetransfer.agentpools.getstoragetransfer.agentpools.list |
| Cloud OS Config | Now GA |
osconfig.inventories.getosconfig.inventories.listosconfig.vulnerabilityReports.getosconfig.vulnerabilityReports.list |
Cloud IAM changes as of 2021-08-27
| Service | Change | Description |
|---|---|---|
| Anthos Service Mesh | Role Updated |
The following permissions have been added to the role container.thirdPartyObjects.create |
| Bare Metal Solution | Now GA |
The role |
| Bare Metal Solution | Now GA |
The role |
| Cloud Deploy | Role Added |
The role clouddeploy.deliveryPipelines.getclouddeploy.googleapis.com/deliveryPipelines.getclouddeploy.googleapis.com/locations.getclouddeploy.googleapis.com/locations.listclouddeploy.googleapis.com/operations.cancelclouddeploy.googleapis.com/operations.deleteclouddeploy.googleapis.com/operations.getclouddeploy.googleapis.com/operations.listclouddeploy.googleapis.com/releases.createclouddeploy.googleapis.com/releases.getclouddeploy.googleapis.com/releases.listclouddeploy.googleapis.com/rollouts.createclouddeploy.googleapis.com/rollouts.getclouddeploy.googleapis.com/rollouts.listclouddeploy.googleapis.com/targets.getclouddeploy.locations.getclouddeploy.locations.listclouddeploy.operations.cancelclouddeploy.operations.deleteclouddeploy.operations.getclouddeploy.operations.listclouddeploy.releases.createclouddeploy.releases.getclouddeploy.releases.listclouddeploy.rollouts.createclouddeploy.rollouts.getclouddeploy.rollouts.listclouddeploy.targets.getcloudresourcemanager.googleapis.com/projects.getcloudresourcemanager.googleapis.com/projects.listresourcemanager.projects.getresourcemanager.projects.list |
| Cloud Deploy | Role Updated |
The following permissions have been added to the role cloudbuild.workerpools.use |
| Content Warehouse | Role Updated |
The following permissions have been added to the role cloudfunctions.functions.invokepubsub.topics.publishpubsublite.topics.publish |
| Sensitive Data Protection | Now GA |
The role |
| Sensitive Data Protection | Now GA |
The role |
| Sensitive Data Protection | Role Updated |
The following permissions have been added to the role cloudasset.assets.analyzeIamPolicycloudasset.assets.exportResource |
| GKE Hub | Role Updated |
The following permissions have been added to the role serviceusage.services.get |
| Cloud Logging | Now GA |
The role |
| Apigee | Added |
apigee.proxies.update |
| Apigee | Supported In Custom Roles |
apigee.proxies.update |
| Apigee | Now GA |
apigee.proxies.update |
| Bare Metal Solution | Added |
baremetalsolution.instances.createbaremetalsolution.instances.getbaremetalsolution.instances.list |
| Bare Metal Solution | Supported In Custom Roles |
baremetalsolution.instances.createbaremetalsolution.instances.getbaremetalsolution.instances.list |
| Bare Metal Solution | Now GA |
baremetalsolution.instances.createbaremetalsolution.instances.getbaremetalsolution.instances.list |
| BigQuery | Added |
bigquery.jobs.delete |
| BigQuery | Supported In Custom Roles |
bigquery.jobs.delete |
| BigQuery | Now GA |
bigquery.jobs.delete |
| Cloud Deploy | Added |
clouddeploy.config.getclouddeploy.deliveryPipelines.createclouddeploy.deliveryPipelines.deleteclouddeploy.deliveryPipelines.getclouddeploy.deliveryPipelines.getIamPolicyclouddeploy.deliveryPipelines.listclouddeploy.deliveryPipelines.setIamPolicyclouddeploy.deliveryPipelines.updateclouddeploy.locations.getclouddeploy.locations.listclouddeploy.operations.cancelclouddeploy.operations.deleteclouddeploy.operations.getclouddeploy.operations.listclouddeploy.releases.createclouddeploy.releases.deleteclouddeploy.releases.getclouddeploy.releases.listclouddeploy.rollouts.approveclouddeploy.rollouts.createclouddeploy.rollouts.getclouddeploy.rollouts.listclouddeploy.targets.createclouddeploy.targets.deleteclouddeploy.targets.getclouddeploy.targets.getIamPolicyclouddeploy.targets.listclouddeploy.targets.setIamPolicyclouddeploy.targets.update |
| Cloud Deploy | Supported In Custom Roles |
clouddeploy.config.getclouddeploy.deliveryPipelines.createclouddeploy.deliveryPipelines.deleteclouddeploy.deliveryPipelines.getclouddeploy.deliveryPipelines.getIamPolicyclouddeploy.deliveryPipelines.listclouddeploy.deliveryPipelines.setIamPolicyclouddeploy.deliveryPipelines.updateclouddeploy.locations.getclouddeploy.locations.listclouddeploy.operations.cancelclouddeploy.operations.deleteclouddeploy.operations.getclouddeploy.operations.listclouddeploy.releases.createclouddeploy.releases.deleteclouddeploy.releases.getclouddeploy.releases.listclouddeploy.rollouts.approveclouddeploy.rollouts.createclouddeploy.rollouts.getclouddeploy.rollouts.listclouddeploy.targets.createclouddeploy.targets.deleteclouddeploy.targets.getclouddeploy.targets.getIamPolicyclouddeploy.targets.listclouddeploy.targets.setIamPolicyclouddeploy.targets.update |
| Cloud Functions | Added |
cloudfunctions.functions.generateUploadUrl |
| Compute Engine | Added |
compute.forwardingRules.use |
| Dialogflow | Added |
dialogflow.conversations.update |
| Dialogflow | Now GA |
dialogflow.conversations.update |
| Cloud Integrations | Added |
integrations.apigeeIntegrationVers.delete |
| Cloud Integrations | Now GA |
integrations.apigeeIntegrationVers.delete |
| Cloud Logging | Now GA |
logging.fields.access |
| Storage Transfer Service | Added |
storagetransfer.agentpools.createstoragetransfer.agentpools.deletestoragetransfer.agentpools.getstoragetransfer.agentpools.liststoragetransfer.agentpools.update |
| Storage Transfer Service | Now GA |
storagetransfer.agentpools.createstoragetransfer.agentpools.deletestoragetransfer.agentpools.getstoragetransfer.agentpools.liststoragetransfer.agentpools.update |
Cloud IAM changes as of 2021-08-20
| Service | Change | Description |
|---|---|---|
| Anthos Service Mesh | Role Updated |
The following permissions have been added to the role container.thirdPartyObjects.create |
| Bare Metal Solution | Now GA |
The role |
| Bare Metal Solution | Now GA |
The role |
| Cloud Deploy | Role Added |
The role clouddeploy.deliveryPipelines.getclouddeploy.googleapis.com/deliveryPipelines.getclouddeploy.googleapis.com/locations.getclouddeploy.googleapis.com/locations.listclouddeploy.googleapis.com/operations.cancelclouddeploy.googleapis.com/operations.deleteclouddeploy.googleapis.com/operations.getclouddeploy.googleapis.com/operations.listclouddeploy.googleapis.com/releases.createclouddeploy.googleapis.com/releases.getclouddeploy.googleapis.com/releases.listclouddeploy.googleapis.com/rollouts.createclouddeploy.googleapis.com/rollouts.getclouddeploy.googleapis.com/rollouts.listclouddeploy.googleapis.com/targets.getclouddeploy.locations.getclouddeploy.locations.listclouddeploy.operations.cancelclouddeploy.operations.deleteclouddeploy.operations.getclouddeploy.operations.listclouddeploy.releases.createclouddeploy.releases.getclouddeploy.releases.listclouddeploy.rollouts.createclouddeploy.rollouts.getclouddeploy.rollouts.listclouddeploy.targets.getcloudresourcemanager.googleapis.com/projects.getcloudresourcemanager.googleapis.com/projects.listresourcemanager.projects.getresourcemanager.projects.list |
| Cloud Deploy | Role Updated |
The following permissions have been added to the role cloudbuild.workerpools.use |
| Content Warehouse | Role Updated |
The following permissions have been added to the role cloudfunctions.functions.invokepubsub.topics.publishpubsublite.topics.publish |
| Sensitive Data Protection | Now GA |
The role |
| Sensitive Data Protection | Now GA |
The role |
| Sensitive Data Protection | Role Updated |
The following permissions have been added to the role cloudasset.assets.analyzeIamPolicycloudasset.assets.exportResource |
| GKE Hub | Role Updated |
The following permissions have been added to the role serviceusage.services.get |
| Cloud Logging | Now GA |
The role |
| Apigee | Added |
apigee.proxies.update |
| Apigee | Supported In Custom Roles |
apigee.proxies.update |
| Apigee | Now GA |
apigee.proxies.update |
| Bare Metal Solution | Added |
baremetalsolution.instances.createbaremetalsolution.instances.getbaremetalsolution.instances.list |
| Bare Metal Solution | Supported In Custom Roles |
baremetalsolution.instances.createbaremetalsolution.instances.getbaremetalsolution.instances.list |
| Bare Metal Solution | Now GA |
baremetalsolution.instances.createbaremetalsolution.instances.getbaremetalsolution.instances.list |
| BigQuery | Added |
bigquery.jobs.delete |
| BigQuery | Supported In Custom Roles |
bigquery.jobs.delete |
| BigQuery | Now GA |
bigquery.jobs.delete |
| Cloud Deploy | Added |
clouddeploy.config.getclouddeploy.deliveryPipelines.createclouddeploy.deliveryPipelines.deleteclouddeploy.deliveryPipelines.getclouddeploy.deliveryPipelines.getIamPolicyclouddeploy.deliveryPipelines.listclouddeploy.deliveryPipelines.setIamPolicyclouddeploy.deliveryPipelines.updateclouddeploy.locations.getclouddeploy.locations.listclouddeploy.operations.cancelclouddeploy.operations.deleteclouddeploy.operations.getclouddeploy.operations.listclouddeploy.releases.createclouddeploy.releases.deleteclouddeploy.releases.getclouddeploy.releases.listclouddeploy.rollouts.approveclouddeploy.rollouts.createclouddeploy.rollouts.getclouddeploy.rollouts.listclouddeploy.targets.createclouddeploy.targets.deleteclouddeploy.targets.getclouddeploy.targets.getIamPolicyclouddeploy.targets.listclouddeploy.targets.setIamPolicyclouddeploy.targets.update |
| Cloud Deploy | Supported In Custom Roles |
clouddeploy.config.getclouddeploy.deliveryPipelines.createclouddeploy.deliveryPipelines.deleteclouddeploy.deliveryPipelines.getclouddeploy.deliveryPipelines.getIamPolicyclouddeploy.deliveryPipelines.listclouddeploy.deliveryPipelines.setIamPolicyclouddeploy.deliveryPipelines.updateclouddeploy.locations.getclouddeploy.locations.listclouddeploy.operations.cancelclouddeploy.operations.deleteclouddeploy.operations.getclouddeploy.operations.listclouddeploy.releases.createclouddeploy.releases.deleteclouddeploy.releases.getclouddeploy.releases.listclouddeploy.rollouts.approveclouddeploy.rollouts.createclouddeploy.rollouts.getclouddeploy.rollouts.listclouddeploy.targets.createclouddeploy.targets.deleteclouddeploy.targets.getclouddeploy.targets.getIamPolicyclouddeploy.targets.listclouddeploy.targets.setIamPolicyclouddeploy.targets.update |
| Cloud Functions | Added |
cloudfunctions.functions.generateUploadUrl |
| Compute Engine | Added |
compute.forwardingRules.use |
| Dialogflow | Added |
dialogflow.conversations.update |
| Dialogflow | Now GA |
dialogflow.conversations.update |
| Cloud Integrations | Added |
integrations.apigeeIntegrationVers.delete |
| Cloud Integrations | Now GA |
integrations.apigeeIntegrationVers.delete |
| Cloud Logging | Now GA |
logging.fields.access |
| Storage Transfer Service | Added |
storagetransfer.agentpools.createstoragetransfer.agentpools.deletestoragetransfer.agentpools.getstoragetransfer.agentpools.liststoragetransfer.agentpools.update |
| Storage Transfer Service | Now GA |
storagetransfer.agentpools.createstoragetransfer.agentpools.deletestoragetransfer.agentpools.getstoragetransfer.agentpools.liststoragetransfer.agentpools.update |
Cloud IAM changes as of 2021-08-13
| Service | Change | Description |
|---|---|---|
| Artifact Registry | Now GA |
The role |
| Artifact Registry | Now GA |
The role |
| Artifact Registry | Now GA |
The role |
| Artifact Registry | Now GA |
The role |
| Cloud Build | Now GA |
The role |
| Cloud Build | Now GA |
The role |
| Cloud Build | Now GA |
The role |
| Basic Role | Role Updated |
The following permissions have been added to the role logging.notificationRules.createlogging.notificationRules.deletelogging.notificationRules.update |
| Network Connectivity Center | Now GA |
The role |
| Network Connectivity Center | Now GA |
The role |
| Network Connectivity Center | Now GA |
The role |
| Speech-to-Text | Now GA |
The role |
| Speech-to-Text | Now GA |
The role |
| Speech-to-Text | Now GA |
The role |
| Artifact Registry | Now GA |
artifactregistry.aptartifacts.createartifactregistry.files.getartifactregistry.files.listartifactregistry.packages.deleteartifactregistry.packages.getartifactregistry.packages.listartifactregistry.repositories.createartifactregistry.repositories.deleteartifactregistry.repositories.deleteArtifactsartifactregistry.repositories.downloadArtifactsartifactregistry.repositories.getartifactregistry.repositories.getIamPolicyartifactregistry.repositories.listartifactregistry.repositories.setIamPolicyartifactregistry.repositories.updateartifactregistry.repositories.uploadArtifactsartifactregistry.tags.createartifactregistry.tags.deleteartifactregistry.tags.getartifactregistry.tags.listartifactregistry.tags.updateartifactregistry.versions.deleteartifactregistry.versions.getartifactregistry.versions.listartifactregistry.yumartifacts.create |
| Network Connectivity Center | Now GA |
networkconnectivity.hubs.createnetworkconnectivity.hubs.deletenetworkconnectivity.hubs.getnetworkconnectivity.hubs.getIamPolicynetworkconnectivity.hubs.listnetworkconnectivity.hubs.setIamPolicynetworkconnectivity.hubs.updatenetworkconnectivity.locations.getnetworkconnectivity.locations.listnetworkconnectivity.operations.cancelnetworkconnectivity.operations.deletenetworkconnectivity.operations.getnetworkconnectivity.operations.listnetworkconnectivity.spokes.createnetworkconnectivity.spokes.deletenetworkconnectivity.spokes.getnetworkconnectivity.spokes.getIamPolicynetworkconnectivity.spokes.listnetworkconnectivity.spokes.setIamPolicynetworkconnectivity.spokes.update |
| Network Services | Added |
networkservices.endpointPolicies.createnetworkservices.endpointPolicies.deletenetworkservices.endpointPolicies.getnetworkservices.endpointPolicies.getIamPolicynetworkservices.endpointPolicies.listnetworkservices.endpointPolicies.setIamPolicynetworkservices.endpointPolicies.updatenetworkservices.endpointPolicies.use |
| Notebooks | Added |
notebooks.instances.getHealth |
| Notebooks | Now GA |
notebooks.instances.getHealth |
| Speech-to-Text | Added |
speech.adaptations.executespeech.customClasses.createspeech.customClasses.deletespeech.customClasses.getspeech.customClasses.listspeech.customClasses.updatespeech.phraseSets.createspeech.phraseSets.deletespeech.phraseSets.getspeech.phraseSets.listspeech.phraseSets.update |
| Speech-to-Text | Supported In Custom Roles |
speech.adaptations.executespeech.customClasses.createspeech.customClasses.deletespeech.customClasses.getspeech.customClasses.listspeech.customClasses.updatespeech.phraseSets.createspeech.phraseSets.deletespeech.phraseSets.getspeech.phraseSets.listspeech.phraseSets.update |
| Speech-to-Text | Now GA |
speech.adaptations.executespeech.customClasses.createspeech.customClasses.deletespeech.customClasses.getspeech.customClasses.listspeech.customClasses.updatespeech.phraseSets.createspeech.phraseSets.deletespeech.phraseSets.getspeech.phraseSets.listspeech.phraseSets.update |
Cloud IAM changes as of 2021-08-06
| Service | Change | Description |
|---|---|---|
| Vertex AI | Role Updated |
The following permissions have been added to the role bigquery.readsessions.getData |
| Vertex AI | Role Updated |
The following permissions have been added to the role aiplatform.annotationSpecs.createaiplatform.annotationSpecs.deleteaiplatform.annotationSpecs.getaiplatform.annotationSpecs.listaiplatform.annotationSpecs.updateaiplatform.annotations.createaiplatform.annotations.deleteaiplatform.annotations.getaiplatform.annotations.listaiplatform.annotations.updateaiplatform.batchPredictionJobs.cancelaiplatform.batchPredictionJobs.deleteaiplatform.customJobs.deleteaiplatform.dataItems.createaiplatform.dataItems.deleteaiplatform.dataItems.getaiplatform.dataItems.listaiplatform.dataItems.updateaiplatform.dataLabelingJobs.cancelaiplatform.dataLabelingJobs.createaiplatform.dataLabelingJobs.deleteaiplatform.dataLabelingJobs.getaiplatform.dataLabelingJobs.listaiplatform.datasets.deleteaiplatform.datasets.exportaiplatform.datasets.listaiplatform.edgeDeploymentJobs.createaiplatform.edgeDeploymentJobs.deleteaiplatform.edgeDeploymentJobs.getaiplatform.edgeDeploymentJobs.listaiplatform.edgeDeviceDebugInfo.getaiplatform.edgeDevices.createaiplatform.edgeDevices.deleteaiplatform.edgeDevices.getaiplatform.edgeDevices.listaiplatform.edgeDevices.updateaiplatform.endpoints.createaiplatform.endpoints.deleteaiplatform.endpoints.deployaiplatform.endpoints.getaiplatform.endpoints.listaiplatform.endpoints.undeployaiplatform.endpoints.updateaiplatform.entityTypes.createaiplatform.entityTypes.deleteaiplatform.entityTypes.importFeatureValuesaiplatform.entityTypes.listaiplatform.entityTypes.readFeatureValuesaiplatform.entityTypes.streamingReadFeatureValuesaiplatform.entityTypes.updateaiplatform.entityTypes.writeFeatureValuesaiplatform.features.createaiplatform.features.deleteaiplatform.features.getaiplatform.features.listaiplatform.features.updateaiplatform.featurestores.batchReadFeatureValuesaiplatform.featurestores.createaiplatform.featurestores.deleteaiplatform.featurestores.importFeaturesaiplatform.featurestores.listaiplatform.featurestores.readFeaturesaiplatform.featurestores.updateaiplatform.featurestores.writeFeaturesaiplatform.humanInTheLoops.createaiplatform.humanInTheLoops.deleteaiplatform.humanInTheLoops.getaiplatform.humanInTheLoops.listaiplatform.humanInTheLoops.sendaiplatform.humanInTheLoops.updateaiplatform.hyperparameterTuningJobs.cancelaiplatform.hyperparameterTuningJobs.createaiplatform.hyperparameterTuningJobs.deleteaiplatform.hyperparameterTuningJobs.getaiplatform.hyperparameterTuningJobs.listaiplatform.indexEndpoints.createaiplatform.indexEndpoints.deleteaiplatform.indexEndpoints.deployaiplatform.indexEndpoints.getaiplatform.indexEndpoints.listaiplatform.indexEndpoints.undeployaiplatform.indexEndpoints.updateaiplatform.indexes.createaiplatform.indexes.deleteaiplatform.indexes.getaiplatform.indexes.listaiplatform.indexes.updateaiplatform.locations.getaiplatform.locations.listaiplatform.metadataSchemas.deleteaiplatform.modelDeploymentMonitoringJobs.deleteaiplatform.modelDeploymentMonitoringJobs.getaiplatform.modelDeploymentMonitoringJobs.listaiplatform.modelDeploymentMonitoringJobs.pauseaiplatform.modelDeploymentMonitoringJobs.resumeaiplatform.modelDeploymentMonitoringJobs.searchStatsAnomaliesaiplatform.modelEvaluationSlices.getaiplatform.modelEvaluationSlices.listaiplatform.modelEvaluations.exportEvaluatedDataItemsaiplatform.modelEvaluations.getaiplatform.modelEvaluations.listaiplatform.models.deleteaiplatform.models.exportaiplatform.models.getaiplatform.models.listaiplatform.models.updateaiplatform.models.uploadaiplatform.nasJobs.cancelaiplatform.nasJobs.createaiplatform.nasJobs.deleteaiplatform.nasJobs.getaiplatform.nasJobs.listaiplatform.operations.listaiplatform.pipelineJobs.cancelaiplatform.pipelineJobs.createaiplatform.pipelineJobs.deleteaiplatform.pipelineJobs.getaiplatform.pipelineJobs.listaiplatform.specialistPools.createaiplatform.specialistPools.deleteaiplatform.specialistPools.getaiplatform.specialistPools.listaiplatform.specialistPools.updateaiplatform.studies.createaiplatform.studies.deleteaiplatform.studies.getaiplatform.studies.listaiplatform.studies.updateaiplatform.tensorboardExperiments.createaiplatform.tensorboardExperiments.deleteaiplatform.tensorboardExperiments.getaiplatform.tensorboardExperiments.listaiplatform.tensorboardExperiments.updateaiplatform.tensorboardExperiments.writeaiplatform.tensorboardRuns.createaiplatform.tensorboardRuns.deleteaiplatform.tensorboardRuns.getaiplatform.tensorboardRuns.listaiplatform.tensorboardRuns.updateaiplatform.tensorboardRuns.writeaiplatform.tensorboardTimeSeries.createaiplatform.tensorboardTimeSeries.deleteaiplatform.tensorboardTimeSeries.getaiplatform.tensorboardTimeSeries.listaiplatform.tensorboardTimeSeries.readaiplatform.tensorboardTimeSeries.updateaiplatform.tensorboards.createaiplatform.tensorboards.deleteaiplatform.tensorboards.getaiplatform.tensorboards.listaiplatform.tensorboards.updateaiplatform.trainingPipelines.cancelaiplatform.trainingPipelines.createaiplatform.trainingPipelines.deleteaiplatform.trainingPipelines.getaiplatform.trainingPipelines.listaiplatform.trials.createaiplatform.trials.deleteaiplatform.trials.getaiplatform.trials.listaiplatform.trials.update |
| Dialogflow | Now GA |
The role |
| Dialogflow | Now GA |
The role |
| Dialogflow | Now GA |
The role |
| Dialogflow | Now GA |
The role |
| Dialogflow | Now GA |
The role |
| Dialogflow | Now GA |
The role |
| Cloud Integrations | Role Updated |
The following permissions have been added to the role integrations.apigeeExecutions.listintegrations.apigeeIntegrationVers.deployintegrations.apigeeIntegrations.invoke |
| Network Connectivity Center | Role Updated |
The following permissions have been added to the role networkconnectivity.hubs.getnetworkconnectivity.hubs.getIamPolicynetworkconnectivity.hubs.list |
| Transcoder API | Now GA |
The role |
| Transcoder API | Now GA |
The role |
| Compute Engine | Added |
compute.backendServices.getIamPolicycompute.backendServices.setIamPolicycompute.regionBackendServices.getIamPolicycompute.regionBackendServices.setIamPolicy |
| Compute Engine | Supported In Custom Roles |
compute.backendServices.getIamPolicycompute.backendServices.setIamPolicy |
| Risk Manager | Added |
riskmanager.operations.deleteriskmanager.operations.getriskmanager.operations.listriskmanager.policies.getriskmanager.policies.listriskmanager.reports.createriskmanager.reports.deleteriskmanager.reports.getriskmanager.reports.listriskmanager.reports.reviewriskmanager.reports.shareriskmanager.serviceAccount.createriskmanager.settings.getriskmanager.settings.update |
| Risk Manager | Supported In Custom Roles |
riskmanager.settings.getriskmanager.settings.update |
| Transcoder API | Now GA |
transcoder.jobTemplates.createtranscoder.jobTemplates.deletetranscoder.jobTemplates.gettranscoder.jobTemplates.listtranscoder.jobs.createtranscoder.jobs.deletetranscoder.jobs.gettranscoder.jobs.list |
Cloud IAM changes as of 2021-07-30
| Service | Change | Description |
|---|---|---|
| Vertex AI | Role Updated |
The following permissions have been added to the role aiplatform.modelDeploymentMonitoringJobs.createaiplatform.modelDeploymentMonitoringJobs.update |
| API Gateway | Role Updated |
The following permissions have been added to the role monitoring.metricDescriptors.listmonitoring.monitoredResourceDescriptors.getmonitoring.timeSeries.listservicemanagement.services.getserviceusage.services.list |
| API Gateway | Role Updated |
The following permissions have been added to the role monitoring.metricDescriptors.listmonitoring.monitoredResourceDescriptors.getmonitoring.timeSeries.listservicemanagement.services.getserviceusage.services.list |
| Bare Metal Solution | Role Updated |
The following permissions have been added to the role resourcemanager.projects.getresourcemanager.projects.list |
| Bare Metal Solution | Role Updated |
The following permissions have been added to the role resourcemanager.projects.getresourcemanager.projects.list |
| Bare Metal Solution | Role Updated |
The following permissions have been added to the role resourcemanager.projects.getresourcemanager.projects.list |
| Cloud Build | Now GA |
The role |
| Cloud Key Management Service | Now GA |
The role |
| Cloud Key Management Service | Now GA |
The role |
| Contact Center AI Insights | Role Updated |
The following permissions have been added to the role datalabeling.dataitems.getdatalabeling.dataitems.listdatalabeling.datasets.createdatalabeling.datasets.deletedatalabeling.datasets.exportdatalabeling.datasets.getdatalabeling.datasets.importdatalabeling.operations.getdatalabeling.operations.list |
| Dataflow | Role Updated |
The following permissions have been added to the role autoscaling.sites.readRecommendationsautoscaling.sites.writeMetricsautoscaling.sites.writeState |
| Dataproc | Role Updated |
The following permissions have been added to the role logging.operations.getlogging.operations.list |
| Dataproc | Role Updated |
The following permissions have been added to the role storage.multipartUploads.list |
| Enterprise Knowledge Graph | Role Updated |
The following permissions have been added to the role bigquery.jobs.createresourcemanager.projects.getresourcemanager.projects.list |
| Cloud Integrations | Now GA |
The role |
| Cloud Integrations | Now GA |
The role |
| Cloud Integrations | Now GA |
The role |
| Cloud Integrations | Now GA |
The role |
| Cloud Integrations | Now GA |
The role |
| Cloud Integrations | Now GA |
The role |
| Cloud Logging | Role Updated |
The following permissions have been added to the role logging.operations.getlogging.operations.list |
| Media Asset | Role Updated |
The following permissions have been added to the role transcoder.jobs.createtranscoder.jobs.deletetranscoder.jobs.get |
| Multi Cluster Ingress | Role Updated |
The following permissions have been added to the role container.frontendConfigs.createcontainer.frontendConfigs.deletecontainer.frontendConfigs.getcontainer.frontendConfigs.listcontainer.frontendConfigs.updatecontainer.thirdPartyObjects.delete |
| Security Command Center | Role Updated |
The following permissions have been added to the role binaryauthorization.policy.getlogging.operations.getlogging.operations.list |
| Security Command Center | Role Updated |
The following permissions have been added to the role binaryauthorization.policy.getlogging.operations.getlogging.operations.list |
| Security Command Center | Role Updated |
The following permissions have been added to the role binaryauthorization.policy.getlogging.operations.getlogging.operations.list |
| Cloud Storage | Role Updated |
The following permissions have been added to the role storage.multipartUploads.list |
| Artifact Registry | Added |
artifactregistry.aptartifacts.createartifactregistry.yumartifacts.create |
| Cloud Build | Added |
cloudbuild.builds.approve |
| Cloud Build | Supported In Custom Roles |
cloudbuild.builds.approve |
| Cloud Build | Now GA |
cloudbuild.builds.approve |
| Cloud Key Management Service | Added |
cloudkms.cryptoKeyVersions.useToVerifycloudkms.keyRings.createTagBindingcloudkms.keyRings.deleteTagBindingcloudkms.keyRings.listTagBindingscloudkms.locations.generateRandomBytes |
| Cloud Key Management Service | Supported In Custom Roles |
cloudkms.cryptoKeyVersions.useToVerifycloudkms.locations.generateRandomBytes |
| Cloud Key Management Service | Now GA |
cloudkms.cryptoKeyVersions.useToVerifycloudkms.keyRings.createTagBindingcloudkms.keyRings.deleteTagBindingcloudkms.keyRings.listTagBindingscloudkms.locations.generateRandomBytes |
| Data Pipelines | Added |
datapipelines.pipelines.createdatapipelines.pipelines.deletedatapipelines.pipelines.getdatapipelines.pipelines.listdatapipelines.pipelines.rundatapipelines.pipelines.stopdatapipelines.pipelines.update |
| Firebase App Check | Added |
firebaseappcheck.appAttestConfig.getfirebaseappcheck.appAttestConfig.updatefirebaseappcheck.safetyNetConfig.getfirebaseappcheck.safetyNetConfig.update |
| Firebase App Check | Supported In Custom Roles |
firebaseappcheck.appAttestConfig.getfirebaseappcheck.appAttestConfig.updatefirebaseappcheck.safetyNetConfig.getfirebaseappcheck.safetyNetConfig.update |
| Cloud Integrations | Now GA |
integrations.apigeeAuthConfigs.createintegrations.apigeeAuthConfigs.deleteintegrations.apigeeAuthConfigs.getintegrations.apigeeAuthConfigs.listintegrations.apigeeAuthConfigs.updateintegrations.apigeeCertificates.getintegrations.apigeeExecutions.listintegrations.apigeeIntegrationVers.createintegrations.apigeeIntegrationVers.deployintegrations.apigeeIntegrationVers.getintegrations.apigeeIntegrationVers.listintegrations.apigeeIntegrationVers.updateintegrations.apigeeIntegrations.invokeintegrations.apigeeIntegrations.listintegrations.apigeeSfdcChannels.createintegrations.apigeeSfdcChannels.deleteintegrations.apigeeSfdcChannels.getintegrations.apigeeSfdcChannels.listintegrations.apigeeSfdcChannels.updateintegrations.apigeeSfdcInstances.createintegrations.apigeeSfdcInstances.deleteintegrations.apigeeSfdcInstances.getintegrations.apigeeSfdcInstances.listintegrations.apigeeSfdcInstances.updateintegrations.apigeeSuspensions.listintegrations.apigeeSuspensions.resolve |
| Managed Service for Microsoft Active Directory | Added |
managedidentities.peerings.createmanagedidentities.peerings.deletemanagedidentities.peerings.getmanagedidentities.peerings.getIamPolicymanagedidentities.peerings.listmanagedidentities.peerings.setIamPolicymanagedidentities.peerings.update |
| Managed Service for Microsoft Active Directory | Supported In Custom Roles |
managedidentities.peerings.createmanagedidentities.peerings.deletemanagedidentities.peerings.getmanagedidentities.peerings.getIamPolicymanagedidentities.peerings.listmanagedidentities.peerings.setIamPolicymanagedidentities.peerings.update |
| Recommender | Added |
recommender.resources.export |
| Recommender | Supported In Custom Roles |
recommender.resources.export |
Cloud IAM changes as of 2021-07-16
| Service | Change | Description |
|---|---|---|
| Anthos Service Mesh | Role Updated |
The following permissions have been added to the role container.customResourceDefinitions.update |
| Cloud Build | Now GA |
The role |
| Cloud Build | Now GA |
The role |
| Cloud Build | Now GA |
The role |
| Cloud Build | Now GA |
The role |
| Cloud TPU | Role Updated |
The following permissions have been added to the role networkconnectivity.locations.getnetworkconnectivity.locations.listnetworkconnectivity.operations.cancelnetworkconnectivity.operations.deletenetworkconnectivity.operations.getnetworkconnectivity.operations.list |
| Compliance Scanning | Now GA |
The role |
| Cloud Composer | Role Updated |
The following permissions have been added to the role networkconnectivity.locations.getnetworkconnectivity.locations.listnetworkconnectivity.operations.cancelnetworkconnectivity.operations.deletenetworkconnectivity.operations.getnetworkconnectivity.operations.list |
| Compute Engine | Role Updated |
The following permissions have been added to the role networkconnectivity.locations.getnetworkconnectivity.locations.listnetworkconnectivity.operations.cancelnetworkconnectivity.operations.deletenetworkconnectivity.operations.getnetworkconnectivity.operations.list |
| Compute Engine | Role Updated |
The following permissions have been added to the role networkconnectivity.locations.getnetworkconnectivity.locations.listnetworkconnectivity.operations.getnetworkconnectivity.operations.list |
| Compute Engine | Role Updated |
The following permissions have been added to the role networkconnectivity.locations.getnetworkconnectivity.locations.listnetworkconnectivity.operations.getnetworkconnectivity.operations.list |
| Compute Engine | Role Updated |
The following permissions have been added to the role compute.regionOperations.getcompute.regionOperations.getIamPolicycompute.regionOperations.listcompute.regionOperations.setIamPolicy |
| Compute Engine | Role Updated |
The following permissions have been added to the role compute.regionOperations.getcompute.regionOperations.getIamPolicycompute.regionOperations.list |
| Google Kubernetes Engine | Role Updated |
The following permissions have been added to the role networkconnectivity.locations.getnetworkconnectivity.locations.listnetworkconnectivity.operations.cancelnetworkconnectivity.operations.deletenetworkconnectivity.operations.getnetworkconnectivity.operations.list |
| Dataflow | Role Updated |
The following permissions have been added to the role networkconnectivity.locations.getnetworkconnectivity.locations.listnetworkconnectivity.operations.cancelnetworkconnectivity.operations.deletenetworkconnectivity.operations.getnetworkconnectivity.operations.list |
| Cloud Data Fusion | Role Updated |
The following permissions have been added to the role networkconnectivity.locations.getnetworkconnectivity.locations.listnetworkconnectivity.operations.getnetworkconnectivity.operations.list |
| Data Pipelines | Now GA |
The role |
| GKE Multi-Cloud | Role Updated |
The following permissions have been added to the role gkemulticloud.awsClusters.deletegkemulticloud.awsNodePools.deletegkemulticloud.azureClients.deletegkemulticloud.azureClusters.deletegkemulticloud.azureNodePools.delete |
| Vertex AI | Added |
aiplatform.artifacts.deleteaiplatform.entityTypes.writeFeatureValuesaiplatform.executions.deleteaiplatform.metadataSchemas.deleteaiplatform.tensorboardExperiments.write |
| Cloud Build | Added |
cloudbuild.workerpools.createcloudbuild.workerpools.deletecloudbuild.workerpools.getcloudbuild.workerpools.listcloudbuild.workerpools.updatecloudbuild.workerpools.use |
| Cloud Build | Supported In Custom Roles |
cloudbuild.workerpools.createcloudbuild.workerpools.deletecloudbuild.workerpools.getcloudbuild.workerpools.listcloudbuild.workerpools.updatecloudbuild.workerpools.use |
| Cloud Build | Now GA |
cloudbuild.workerpools.createcloudbuild.workerpools.deletecloudbuild.workerpools.getcloudbuild.workerpools.listcloudbuild.workerpools.updatecloudbuild.workerpools.use |
| GKE Multi-Cloud | Added |
gkemulticloud.awsNodePools.updategkemulticloud.azureNodePools.update |
| Cloud Monitoring | Added |
monitoring.metricsScopes.link |
| Cloud Monitoring | Supported In Custom Roles |
monitoring.metricsScopes.link |
| Policy Analyzer | Added |
policyanalyzer.serviceAccountKeyLastAuthenticationActivities.querypolicyanalyzer.serviceAccountLastAuthenticationActivities.query |
| Pub/Sub Lite | Added |
pubsublite.operations.getpubsublite.operations.list |
| Pub/Sub Lite | Now GA |
pubsublite.operations.getpubsublite.operations.list |
Cloud IAM changes as of 2021-07-02
| Service | Change | Description |
|---|---|---|
| Anthos Service Mesh | Role Updated |
The following permissions have been added to the role container.mutatingWebhookConfigurations.createcontainer.mutatingWebhookConfigurations.getcontainer.mutatingWebhookConfigurations.listcontainer.mutatingWebhookConfigurations.updatecontainer.validatingWebhookConfigurations.createcontainer.validatingWebhookConfigurations.getcontainer.validatingWebhookConfigurations.listcontainer.validatingWebhookConfigurations.update |
| Cloud Composer | Now GA |
The role |
| Visual Inspection AI | Now GA |
The role |
| Visual Inspection AI | Now GA |
The role |
| Visual Inspection AI | Now GA |
The role |
| Compute Engine | Added |
compute.instances.sendDiagnosticInterrupt |
| Compute Engine | Now GA |
compute.instances.sendDiagnosticInterrupt |
| Visual Inspection AI | Added |
visualinspection.annotationSets.createvisualinspection.annotationSets.deletevisualinspection.annotationSets.getvisualinspection.annotationSets.listvisualinspection.annotationSets.updatevisualinspection.annotationSpecs.createvisualinspection.annotationSpecs.deletevisualinspection.annotationSpecs.getvisualinspection.annotationSpecs.listvisualinspection.annotations.createvisualinspection.annotations.deletevisualinspection.annotations.getvisualinspection.annotations.listvisualinspection.annotations.updatevisualinspection.datasets.createvisualinspection.datasets.deletevisualinspection.datasets.exportvisualinspection.datasets.getvisualinspection.datasets.importvisualinspection.datasets.listvisualinspection.datasets.updatevisualinspection.images.deletevisualinspection.images.getvisualinspection.images.listvisualinspection.images.updatevisualinspection.locations.getvisualinspection.locations.listvisualinspection.locations.reportUsageMetricsvisualinspection.modelEvaluations.getvisualinspection.modelEvaluations.listvisualinspection.models.createvisualinspection.models.deletevisualinspection.models.getvisualinspection.models.listvisualinspection.models.updatevisualinspection.models.writePredictionvisualinspection.modules.createvisualinspection.modules.deletevisualinspection.modules.getvisualinspection.modules.listvisualinspection.modules.updatevisualinspection.operations.getvisualinspection.operations.listvisualinspection.solutionArtifacts.createvisualinspection.solutionArtifacts.deletevisualinspection.solutionArtifacts.getvisualinspection.solutionArtifacts.listvisualinspection.solutionArtifacts.predictvisualinspection.solutionArtifacts.updatevisualinspection.solutions.createvisualinspection.solutions.deletevisualinspection.solutions.getvisualinspection.solutions.list |
| Visual Inspection AI | Supported In Custom Roles |
visualinspection.annotationSets.createvisualinspection.annotationSets.deletevisualinspection.annotationSets.getvisualinspection.annotationSets.listvisualinspection.annotationSets.updatevisualinspection.annotationSpecs.createvisualinspection.annotationSpecs.deletevisualinspection.annotationSpecs.getvisualinspection.annotationSpecs.listvisualinspection.annotations.createvisualinspection.annotations.deletevisualinspection.annotations.getvisualinspection.annotations.listvisualinspection.annotations.updatevisualinspection.datasets.createvisualinspection.datasets.deletevisualinspection.datasets.exportvisualinspection.datasets.getvisualinspection.datasets.importvisualinspection.datasets.listvisualinspection.datasets.updatevisualinspection.images.deletevisualinspection.images.getvisualinspection.images.listvisualinspection.images.updatevisualinspection.locations.getvisualinspection.locations.listvisualinspection.locations.reportUsageMetricsvisualinspection.modelEvaluations.getvisualinspection.modelEvaluations.listvisualinspection.models.createvisualinspection.models.deletevisualinspection.models.getvisualinspection.models.listvisualinspection.models.updatevisualinspection.models.writePredictionvisualinspection.modules.createvisualinspection.modules.deletevisualinspection.modules.getvisualinspection.modules.listvisualinspection.modules.updatevisualinspection.operations.getvisualinspection.operations.listvisualinspection.solutionArtifacts.createvisualinspection.solutionArtifacts.deletevisualinspection.solutionArtifacts.getvisualinspection.solutionArtifacts.listvisualinspection.solutionArtifacts.predictvisualinspection.solutionArtifacts.updatevisualinspection.solutions.createvisualinspection.solutions.deletevisualinspection.solutions.getvisualinspection.solutions.list |
| Visual Inspection AI | Now GA |
visualinspection.annotationSets.createvisualinspection.annotationSets.deletevisualinspection.annotationSets.getvisualinspection.annotationSets.listvisualinspection.annotationSets.updatevisualinspection.annotationSpecs.createvisualinspection.annotationSpecs.deletevisualinspection.annotationSpecs.getvisualinspection.annotationSpecs.listvisualinspection.annotations.createvisualinspection.annotations.deletevisualinspection.annotations.getvisualinspection.annotations.listvisualinspection.annotations.updatevisualinspection.datasets.createvisualinspection.datasets.deletevisualinspection.datasets.exportvisualinspection.datasets.getvisualinspection.datasets.importvisualinspection.datasets.listvisualinspection.datasets.updatevisualinspection.images.deletevisualinspection.images.getvisualinspection.images.listvisualinspection.images.updatevisualinspection.locations.getvisualinspection.locations.listvisualinspection.locations.reportUsageMetricsvisualinspection.modelEvaluations.getvisualinspection.modelEvaluations.listvisualinspection.models.createvisualinspection.models.deletevisualinspection.models.getvisualinspection.models.listvisualinspection.models.updatevisualinspection.models.writePredictionvisualinspection.modules.createvisualinspection.modules.deletevisualinspection.modules.getvisualinspection.modules.listvisualinspection.modules.updatevisualinspection.operations.getvisualinspection.operations.listvisualinspection.solutionArtifacts.createvisualinspection.solutionArtifacts.deletevisualinspection.solutionArtifacts.getvisualinspection.solutionArtifacts.listvisualinspection.solutionArtifacts.predictvisualinspection.solutionArtifacts.updatevisualinspection.solutions.createvisualinspection.solutions.deletevisualinspection.solutions.getvisualinspection.solutions.list |
Cloud IAM changes as of 2021-06-25
| Service | Change | Description |
|---|---|---|
| Bare Metal Solution | Now GA |
The role |
| Bare Metal Solution | Now GA |
The role |
| Bare Metal Solution | Now GA |
The role |
| Cloud Functions | Role Updated |
The following permissions have been added to the role recommender.locations.getrecommender.locations.list |
| Cloud Functions | Role Updated |
The following permissions have been added to the role recommender.locations.getrecommender.locations.list |
| Cloud Functions | Role Updated |
The following permissions have been added to the role recommender.locations.getrecommender.locations.list |
| Cloud Functions | Role Updated |
The following permissions have been added to the role recommender.locations.getrecommender.locations.list |
| Google Kubernetes Engine | Role Updated |
The following permissions have been added to the role container.deployments.getScalecontainer.statefulSets.getScalecontainer.storageStates.getStatuscontainer.storageVersionMigrations.getStatuscontainer.volumeSnapshotContents.getStatus |
| Container Threat Detection | Role Updated |
The following permissions have been added to the role container.deployments.getScalecontainer.statefulSets.getScalecontainer.storageStates.getStatuscontainer.storageVersionMigrations.getStatuscontainer.volumeSnapshotContents.getStatus |
| Data Catalog | Role Updated |
The following permissions have been added to the role bigquery.connections.updateTag |
| Data Catalog | Role Updated |
The following permissions have been added to the role bigquery.connections.updateTag |
| Dialogflow | Role Updated |
The following permissions have been added to the role dialogflow.agents.searchResources |
| Dialogflow | Role Updated |
The following permissions have been added to the role dialogflow.agents.searchResources |
| Dialogflow | Role Updated |
The following permissions have been added to the role dialogflow.agents.searchResources |
| Dialogflow | Role Updated |
The following permissions have been added to the role dialogflow.agents.searchResources |
| Dialogflow | Role Updated |
The following permissions have been added to the role dialogflow.agents.searchResources |
| Dialogflow | Role Updated |
The following permissions have been added to the role dialogflow.agents.searchResources |
| Dialogflow | Role Updated |
The following permissions have been added to the role dialogflow.agents.searchResources |
| Eventarc | Role Updated |
The following permissions have been added to the role storage.buckets.getstorage.buckets.update |
| Firebase | Role Updated |
The following permissions have been added to the role recommender.locations.getrecommender.locations.list |
| Firebase | Role Updated |
The following permissions have been added to the role recommender.locations.getrecommender.locations.list |
| Firebase | Role Updated |
The following permissions have been added to the role recommender.locations.getrecommender.locations.list |
| Firebase | Role Updated |
The following permissions have been added to the role recommender.locations.getrecommender.locations.list |
| Network Connectivity Center | Role Updated |
The following permissions have been added to the role networkconnectivity.locations.getnetworkconnectivity.locations.listnetworkconnectivity.operations.cancelnetworkconnectivity.operations.deletenetworkconnectivity.operations.getnetworkconnectivity.operations.list |
| Network Connectivity Center | Role Updated |
The following permissions have been added to the role networkconnectivity.locations.getnetworkconnectivity.locations.list |
| Network Connectivity Center | Role Updated |
The following permissions have been added to the role networkconnectivity.locations.getnetworkconnectivity.locations.list |
| Cloud Run | Role Updated |
The following permissions have been added to the role recommender.locations.getrecommender.locations.list |
| Cloud Run | Role Updated |
The following permissions have been added to the role recommender.locations.getrecommender.locations.list |
| Cloud Run | Role Updated |
The following permissions have been removed from the role pubsub.subscriptions.createpubsub.subscriptions.deletepubsub.subscriptions.getpubsub.subscriptions.listpubsub.topics.attachSubscriptionpubsub.topics.createpubsub.topics.deletepubsub.topics.getpubsub.topics.listpubsub.topics.publish |
| Cloud Run | Role Updated |
The following permissions have been added to the role recommender.locations.getrecommender.locations.list |
| Security Command Center | Role Updated |
The following permissions have been added to the role container.deployments.getScalecontainer.statefulSets.getScalecontainer.storageStates.getStatuscontainer.storageVersionMigrations.getStatuscontainer.volumeSnapshotContents.getStatus |
| Security Command Center | Role Updated |
The following permissions have been added to the role container.deployments.getScalecontainer.statefulSets.getScalecontainer.storageStates.getStatuscontainer.storageVersionMigrations.getStatuscontainer.volumeSnapshotContents.getStatus |
| Apigee | Added |
apigee.runtimeconfigs.get |
| Apigee | Supported In Custom Roles |
apigee.runtimeconfigs.get |
| Apigee | Now GA |
apigee.runtimeconfigs.get |
| BigQuery | Added |
bigquery.connections.updateTag |
| BigQuery | Supported In Custom Roles |
bigquery.connections.updateTag |
| Dialogflow | Added |
dialogflow.agents.searchResources |
| Dialogflow | Now GA |
dialogflow.agents.searchResources |
| Firebase Cloud Messaging Data | Added |
fcmdata.deliverydata.list |
| Firebase Cloud Messaging Data | Supported In Custom Roles |
fcmdata.deliverydata.list |
| Live Stream | Added |
livestream.channels.createlivestream.channels.deletelivestream.channels.getlivestream.channels.listlivestream.channels.startlivestream.channels.stoplivestream.channels.updatelivestream.events.createlivestream.events.deletelivestream.events.getlivestream.events.listlivestream.inputs.createlivestream.inputs.deletelivestream.inputs.getlivestream.inputs.listlivestream.inputs.updatelivestream.locations.getlivestream.locations.listlivestream.operations.cancellivestream.operations.deletelivestream.operations.getlivestream.operations.list |
| Live Stream | Supported In Custom Roles |
livestream.channels.createlivestream.channels.deletelivestream.channels.getlivestream.channels.listlivestream.channels.startlivestream.channels.stoplivestream.channels.updatelivestream.events.createlivestream.events.deletelivestream.events.getlivestream.events.listlivestream.inputs.createlivestream.inputs.deletelivestream.inputs.getlivestream.inputs.listlivestream.inputs.updatelivestream.locations.getlivestream.locations.listlivestream.operations.cancellivestream.operations.deletelivestream.operations.getlivestream.operations.list |
| Pub/Sub Lite | Added |
pubsublite.reservations.attachTopicpubsublite.reservations.createpubsublite.reservations.deletepubsublite.reservations.getpubsublite.reservations.listpubsublite.reservations.listTopicspubsublite.reservations.update |
| Pub/Sub Lite | Now GA |
pubsublite.reservations.attachTopicpubsublite.reservations.createpubsublite.reservations.deletepubsublite.reservations.getpubsublite.reservations.listpubsublite.reservations.listTopicspubsublite.reservations.update |
| Cloud Storage | Added |
storage.buckets.createTagBindingstorage.buckets.deleteTagBindingstorage.buckets.listTagBindings |
| Cloud Storage | Now GA |
storage.buckets.createTagBindingstorage.buckets.deleteTagBindingstorage.buckets.listTagBindings |
Cloud IAM changes as of 2021-06-18
| Service | Change | Description |
|---|---|---|
| Assured Workloads | Role Updated |
The following permissions have been added to the role resourcemanager.folders.createresourcemanager.folders.getresourcemanager.folders.list |
| Assured Workloads | Role Updated |
The following permissions have been added to the role resourcemanager.folders.createresourcemanager.folders.getresourcemanager.folders.list |
| Assured Workloads | Role Updated |
The following permissions have been added to the role resourcemanager.folders.getresourcemanager.folders.list |
| Dialogflow | Now GA |
The role |
| Firestore | Now GA |
The role |
| Apigee | Added |
apigee.developerbalances.getapigee.developerbalances.updateapigee.developermonetizationconfigs.getapigee.developermonetizationconfigs.update |
| Apigee | Supported In Custom Roles |
apigee.developerbalances.getapigee.developerbalances.updateapigee.developermonetizationconfigs.getapigee.developermonetizationconfigs.update |
| Apigee | Now GA |
apigee.developerbalances.getapigee.developerbalances.updateapigee.developermonetizationconfigs.getapigee.developermonetizationconfigs.update |
| Dialogflow | Added |
dialogflow.changelogs.getdialogflow.changelogs.list |
| Dialogflow | Now GA |
dialogflow.changelogs.getdialogflow.changelogs.list |
| Cloud DNS | Added |
dns.networks.bindDNSResponsePolicydns.responsePolicies.createdns.responsePolicies.deletedns.responsePolicies.getdns.responsePolicies.listdns.responsePolicies.updatedns.responsePolicyRules.createdns.responsePolicyRules.deletedns.responsePolicyRules.getdns.responsePolicyRules.listdns.responsePolicyRules.update |
| Cloud DNS | Supported In Custom Roles |
dns.networks.bindDNSResponsePolicydns.responsePolicies.createdns.responsePolicies.deletedns.responsePolicies.getdns.responsePolicies.listdns.responsePolicies.updatedns.responsePolicyRules.createdns.responsePolicyRules.deletedns.responsePolicyRules.getdns.responsePolicyRules.listdns.responsePolicyRules.update |
| GKE Multi-Cloud | Added |
gkemulticloud.awsServerConfigs.getgkemulticloud.azureServerConfigs.get |
| Managed Service for Microsoft Active Directory | Added |
managedidentities.sqlintegrations.getmanagedidentities.sqlintegrations.list |
| Managed Service for Microsoft Active Directory | Supported In Custom Roles |
managedidentities.sqlintegrations.getmanagedidentities.sqlintegrations.list |
| Recommender | Added |
recommender.iamPolicyLateralMovementInsights.getrecommender.iamPolicyLateralMovementInsights.listrecommender.iamPolicyLateralMovementInsights.updaterecommender.resourcemanagerProjectUtilizationInsights.getrecommender.resourcemanagerProjectUtilizationInsights.listrecommender.resourcemanagerProjectUtilizationInsights.updaterecommender.resourcemanagerProjectUtilizationRecommendations.getrecommender.resourcemanagerProjectUtilizationRecommendations.listrecommender.resourcemanagerProjectUtilizationRecommendations.update |
| Recommender | Supported In Custom Roles |
recommender.iamPolicyLateralMovementInsights.getrecommender.iamPolicyLateralMovementInsights.listrecommender.iamPolicyLateralMovementInsights.update |
| Recommender | Now GA |
recommender.iamPolicyLateralMovementInsights.getrecommender.iamPolicyLateralMovementInsights.listrecommender.iamPolicyLateralMovementInsights.update |
Cloud IAM changes as of 2021-06-11
| Service | Change | Description |
|---|---|---|
| BigQuery | Now GA |
The role |
| FleetEngine | Now GA |
The role |
| Notebooks | Role Updated |
The following permissions have been added to the role aiplatform.customJobs.cancelaiplatform.customJobs.createaiplatform.customJobs.getaiplatform.customJobs.list |
| BigQuery | Added |
bigquery.rowAccessPolicies.createbigquery.rowAccessPolicies.deletebigquery.rowAccessPolicies.getFilteredDatabigquery.rowAccessPolicies.getIamPolicybigquery.rowAccessPolicies.listbigquery.rowAccessPolicies.setIamPolicybigquery.rowAccessPolicies.update |
| BigQuery | Supported In Custom Roles |
bigquery.rowAccessPolicies.createbigquery.rowAccessPolicies.deletebigquery.rowAccessPolicies.getFilteredDatabigquery.rowAccessPolicies.getIamPolicybigquery.rowAccessPolicies.listbigquery.rowAccessPolicies.setIamPolicybigquery.rowAccessPolicies.update |
| BigQuery | Now GA |
bigquery.rowAccessPolicies.createbigquery.rowAccessPolicies.deletebigquery.rowAccessPolicies.getFilteredDatabigquery.rowAccessPolicies.getIamPolicybigquery.rowAccessPolicies.listbigquery.rowAccessPolicies.setIamPolicybigquery.rowAccessPolicies.update |
| Cloud Functions | Added |
cloudfunctions.locations.get |
| Cloud Functions | Now GA |
cloudfunctions.locations.get |
| Contact Center AI Insights | Added |
contactcenterinsights.analyses.createcontactcenterinsights.analyses.deletecontactcenterinsights.analyses.getcontactcenterinsights.analyses.listcontactcenterinsights.conversations.createcontactcenterinsights.conversations.deletecontactcenterinsights.conversations.getcontactcenterinsights.conversations.listcontactcenterinsights.conversations.updatecontactcenterinsights.issueModels.createcontactcenterinsights.issueModels.deletecontactcenterinsights.issueModels.deploycontactcenterinsights.issueModels.getcontactcenterinsights.issueModels.listcontactcenterinsights.issueModels.undeploycontactcenterinsights.issueModels.updatecontactcenterinsights.issues.getcontactcenterinsights.issues.listcontactcenterinsights.issues.updatecontactcenterinsights.operations.getcontactcenterinsights.operations.listcontactcenterinsights.phraseMatchers.createcontactcenterinsights.phraseMatchers.deletecontactcenterinsights.phraseMatchers.getcontactcenterinsights.phraseMatchers.listcontactcenterinsights.phraseMatchers.updatecontactcenterinsights.settings.getcontactcenterinsights.settings.update |
| Cloud Healthcare API | Added |
healthcare.fhirStores.configureSearch |
| Cloud Healthcare API | Supported In Custom Roles |
healthcare.fhirStores.configureSearch |
| Cloud Healthcare API | Now GA |
healthcare.fhirStores.configureSearch |
| Pub/Sub Lite | Added |
pubsublite.subscriptions.seek |
| Pub/Sub Lite | Now GA |
pubsublite.subscriptions.seek |
Cloud IAM changes as of 2021-06-04
| Service | Change | Description |
|---|---|---|
| Apigee | Role Updated |
The following permissions have been added to the role apigee.organizations.get |
| Cloud Functions | Role Updated |
The following permissions have been added to the role artifactregistry.files.getartifactregistry.files.listartifactregistry.packages.deleteartifactregistry.packages.getartifactregistry.packages.listartifactregistry.repositories.createartifactregistry.repositories.deleteartifactregistry.repositories.deleteArtifactsartifactregistry.repositories.downloadArtifactsartifactregistry.repositories.getartifactregistry.repositories.getIamPolicyartifactregistry.repositories.listartifactregistry.repositories.setIamPolicyartifactregistry.repositories.updateartifactregistry.repositories.uploadArtifactsartifactregistry.tags.createartifactregistry.tags.deleteartifactregistry.tags.getartifactregistry.tags.listartifactregistry.tags.updateartifactregistry.versions.deleteartifactregistry.versions.getartifactregistry.versions.list |
| Contact Center AI Insights | Role Updated |
The following permissions have been added to the role dialogflow.participants.suggest |
| Data Catalog | Role Updated |
The following permissions have been added to the role bigquery.routines.updateTag |
| Data Catalog | Role Updated |
The following permissions have been added to the role bigquery.routines.updateTag |
| Dialogflow | Now GA |
The role |
| Dialogflow | Now GA |
The role |
| Dialogflow | Now GA |
The role |
| Dialogflow | Now GA |
The role |
| Sensitive Data Protection | Role Updated |
The following permissions have been added to the role dlp.columnDataProfiles.getdlp.columnDataProfiles.listdlp.projectDataProfiles.getdlp.projectDataProfiles.listdlp.tableDataProfiles.getdlp.tableDataProfiles.list |
| Enterprise Knowledge Graph | Now GA |
The role |
| Essential Contacts | Now GA |
The role |
| Essential Contacts | Now GA |
The role |
| Explore Anthos | Role Updated |
The following permissions have been added to the role serviceusage.services.use |
| Multi Cluster Ingress | Role Updated |
The following permissions have been added to the role compute.networkEndpointGroups.getcontainer.deployments.createcontainer.deployments.deletecontainer.deployments.getcontainer.deployments.getScalecontainer.deployments.getStatuscontainer.deployments.listcontainer.deployments.rollbackcontainer.deployments.updatecontainer.deployments.updateScalecontainer.deployments.updateStatus |
| reCAPTCHA Enterprise | Role Updated |
The following permissions have been added to the role monitoring.timeSeries.list |
| reCAPTCHA Enterprise | Role Updated |
The following permissions have been added to the role monitoring.timeSeries.list |
| Security Command Center | Role Updated |
The following permissions have been added to the role bigquery.datasets.get |
| Security Command Center | Role Updated |
The following permissions have been added to the role bigquery.datasets.get |
| Security Command Center | Role Updated |
The following permissions have been added to the role bigquery.datasets.get |
| Cloud Storage | Role Updated |
The following permissions have been added to the role storage.multipartUploads.list |
| Vertex AI | Added |
aiplatform.artifacts.createaiplatform.artifacts.getaiplatform.artifacts.listaiplatform.artifacts.updateaiplatform.contexts.addContextArtifactsAndExecutionsaiplatform.contexts.addContextChildrenaiplatform.contexts.createaiplatform.contexts.deleteaiplatform.contexts.getaiplatform.contexts.listaiplatform.contexts.queryContextLineageSubgraphaiplatform.contexts.updateaiplatform.edgeDeploymentJobs.createaiplatform.edgeDeploymentJobs.deleteaiplatform.edgeDeploymentJobs.getaiplatform.edgeDeploymentJobs.listaiplatform.edgeDeviceDebugInfo.getaiplatform.edgeDevices.createaiplatform.edgeDevices.deleteaiplatform.edgeDevices.getaiplatform.edgeDevices.listaiplatform.edgeDevices.updateaiplatform.entityTypes.createaiplatform.entityTypes.deleteaiplatform.entityTypes.exportFeatureValuesaiplatform.entityTypes.getaiplatform.entityTypes.importFeatureValuesaiplatform.entityTypes.listaiplatform.entityTypes.readFeatureValuesaiplatform.entityTypes.streamingReadFeatureValuesaiplatform.entityTypes.updateaiplatform.executions.addExecutionEventsaiplatform.executions.createaiplatform.executions.getaiplatform.executions.listaiplatform.executions.queryExecutionInputsAndOutputsaiplatform.executions.updateaiplatform.features.createaiplatform.features.deleteaiplatform.features.getaiplatform.features.listaiplatform.features.updateaiplatform.featurestores.batchReadFeatureValuesaiplatform.featurestores.createaiplatform.featurestores.deleteaiplatform.featurestores.exportFeaturesaiplatform.featurestores.getaiplatform.featurestores.importFeaturesaiplatform.featurestores.listaiplatform.featurestores.readFeaturesaiplatform.featurestores.updateaiplatform.featurestores.writeFeaturesaiplatform.humanInTheLoops.createaiplatform.humanInTheLoops.deleteaiplatform.humanInTheLoops.getaiplatform.humanInTheLoops.listaiplatform.humanInTheLoops.sendaiplatform.humanInTheLoops.updateaiplatform.indexEndpoints.createaiplatform.indexEndpoints.deleteaiplatform.indexEndpoints.deployaiplatform.indexEndpoints.getaiplatform.indexEndpoints.listaiplatform.indexEndpoints.undeployaiplatform.indexEndpoints.updateaiplatform.indexes.createaiplatform.indexes.deleteaiplatform.indexes.getaiplatform.indexes.listaiplatform.indexes.updateaiplatform.metadataSchemas.createaiplatform.metadataSchemas.getaiplatform.metadataSchemas.listaiplatform.metadataStores.createaiplatform.metadataStores.deleteaiplatform.metadataStores.getaiplatform.metadataStores.listaiplatform.modelDeploymentMonitoringJobs.createaiplatform.modelDeploymentMonitoringJobs.deleteaiplatform.modelDeploymentMonitoringJobs.getaiplatform.modelDeploymentMonitoringJobs.listaiplatform.modelDeploymentMonitoringJobs.pauseaiplatform.modelDeploymentMonitoringJobs.resumeaiplatform.modelDeploymentMonitoringJobs.searchStatsAnomaliesaiplatform.modelDeploymentMonitoringJobs.updateaiplatform.models.updateaiplatform.nasJobs.cancelaiplatform.nasJobs.createaiplatform.nasJobs.deleteaiplatform.nasJobs.getaiplatform.nasJobs.listaiplatform.pipelineJobs.cancelaiplatform.pipelineJobs.createaiplatform.pipelineJobs.deleteaiplatform.pipelineJobs.getaiplatform.pipelineJobs.listaiplatform.tensorboardExperiments.createaiplatform.tensorboardExperiments.deleteaiplatform.tensorboardExperiments.getaiplatform.tensorboardExperiments.listaiplatform.tensorboardExperiments.updateaiplatform.tensorboardRuns.createaiplatform.tensorboardRuns.deleteaiplatform.tensorboardRuns.getaiplatform.tensorboardRuns.listaiplatform.tensorboardRuns.updateaiplatform.tensorboardRuns.writeaiplatform.tensorboardTimeSeries.createaiplatform.tensorboardTimeSeries.deleteaiplatform.tensorboardTimeSeries.getaiplatform.tensorboardTimeSeries.listaiplatform.tensorboardTimeSeries.readaiplatform.tensorboardTimeSeries.updateaiplatform.tensorboards.createaiplatform.tensorboards.deleteaiplatform.tensorboards.getaiplatform.tensorboards.listaiplatform.tensorboards.update |
| Apigee | Added |
apigee.archivedeployments.createapigee.archivedeployments.deleteapigee.archivedeployments.downloadapigee.archivedeployments.getapigee.archivedeployments.listapigee.archivedeployments.updateapigee.archivedeployments.upload |
| Apigee | Now GA |
apigee.archivedeployments.createapigee.archivedeployments.deleteapigee.archivedeployments.downloadapigee.archivedeployments.getapigee.archivedeployments.listapigee.archivedeployments.updateapigee.archivedeployments.upload |
| BigQuery | Added |
bigquery.routines.updateTag |
| BigQuery | Supported In Custom Roles |
bigquery.routines.updateTag |
| Cloud Asset Inventory | Added |
cloudasset.assets.listAccessPolicycloudasset.assets.listIamPolicycloudasset.assets.listOSInventoriescloudasset.assets.listOrgPolicycloudasset.assets.listResource |
| Datastore | Supported In Custom Roles |
datastore.databases.exportdatastore.databases.getdatastore.databases.importdatastore.entities.allocateIdsdatastore.entities.createdatastore.entities.deletedatastore.entities.getdatastore.entities.listdatastore.entities.updatedatastore.indexes.createdatastore.indexes.deletedatastore.indexes.getdatastore.indexes.listdatastore.indexes.updatedatastore.locations.getdatastore.locations.listdatastore.namespaces.getdatastore.namespaces.listdatastore.operations.canceldatastore.operations.deletedatastore.operations.getdatastore.operations.listdatastore.statistics.getdatastore.statistics.list |
| Datastream | Added |
datastream.connectionProfiles.createdatastream.connectionProfiles.deletedatastream.connectionProfiles.destinationTypesdatastream.connectionProfiles.discoverdatastream.connectionProfiles.getdatastream.connectionProfiles.getIamPolicydatastream.connectionProfiles.listdatastream.connectionProfiles.listStaticServiceIpsdatastream.connectionProfiles.setIamPolicydatastream.connectionProfiles.sourceTypesdatastream.connectionProfiles.updatedatastream.locations.fetchStaticIpsdatastream.locations.getdatastream.locations.listdatastream.operations.canceldatastream.operations.deletedatastream.operations.getdatastream.operations.listdatastream.privateConnections.createdatastream.privateConnections.deletedatastream.privateConnections.getdatastream.privateConnections.getIamPolicydatastream.privateConnections.listdatastream.privateConnections.setIamPolicydatastream.routes.createdatastream.routes.deletedatastream.routes.getdatastream.routes.getIamPolicydatastream.routes.listdatastream.routes.setIamPolicydatastream.streams.computeStatedatastream.streams.createdatastream.streams.deletedatastream.streams.fetchErrorsdatastream.streams.getdatastream.streams.getIamPolicydatastream.streams.listdatastream.streams.pausedatastream.streams.resumedatastream.streams.setIamPolicydatastream.streams.startdatastream.streams.update |
| Datastream | Supported In Custom Roles |
datastream.connectionProfiles.createdatastream.connectionProfiles.deletedatastream.connectionProfiles.destinationTypesdatastream.connectionProfiles.discoverdatastream.connectionProfiles.getdatastream.connectionProfiles.getIamPolicydatastream.connectionProfiles.listdatastream.connectionProfiles.listStaticServiceIpsdatastream.connectionProfiles.setIamPolicydatastream.connectionProfiles.sourceTypesdatastream.connectionProfiles.updatedatastream.locations.fetchStaticIpsdatastream.locations.getdatastream.locations.listdatastream.operations.canceldatastream.operations.deletedatastream.operations.getdatastream.operations.listdatastream.privateConnections.createdatastream.privateConnections.deletedatastream.privateConnections.getdatastream.privateConnections.getIamPolicydatastream.privateConnections.listdatastream.privateConnections.setIamPolicydatastream.routes.createdatastream.routes.deletedatastream.routes.getdatastream.routes.getIamPolicydatastream.routes.listdatastream.routes.setIamPolicydatastream.streams.computeStatedatastream.streams.createdatastream.streams.deletedatastream.streams.fetchErrorsdatastream.streams.getdatastream.streams.getIamPolicydatastream.streams.listdatastream.streams.pausedatastream.streams.resumedatastream.streams.setIamPolicydatastream.streams.startdatastream.streams.update |
| Essential Contacts | Added |
essentialcontacts.contacts.send |
| Essential Contacts | Supported In Custom Roles |
essentialcontacts.contacts.send |
| Essential Contacts | Now GA |
essentialcontacts.contacts.createessentialcontacts.contacts.deleteessentialcontacts.contacts.getessentialcontacts.contacts.listessentialcontacts.contacts.sendessentialcontacts.contacts.update |
| Cloud Integrations | Added |
integrations.apigeeAuthConfigs.createintegrations.apigeeAuthConfigs.deleteintegrations.apigeeAuthConfigs.getintegrations.apigeeAuthConfigs.listintegrations.apigeeAuthConfigs.updateintegrations.apigeeCertificates.getintegrations.apigeeExecutions.listintegrations.apigeeIntegrationVers.createintegrations.apigeeIntegrationVers.deployintegrations.apigeeIntegrationVers.getintegrations.apigeeIntegrationVers.listintegrations.apigeeIntegrationVers.updateintegrations.apigeeIntegrations.invokeintegrations.apigeeIntegrations.listintegrations.apigeeSfdcChannels.createintegrations.apigeeSfdcChannels.deleteintegrations.apigeeSfdcChannels.getintegrations.apigeeSfdcChannels.listintegrations.apigeeSfdcChannels.updateintegrations.apigeeSfdcInstances.createintegrations.apigeeSfdcInstances.deleteintegrations.apigeeSfdcInstances.getintegrations.apigeeSfdcInstances.listintegrations.apigeeSfdcInstances.updateintegrations.apigeeSuspensions.listintegrations.apigeeSuspensions.resolve |
| Payments Reseller Subscription | Added |
paymentsresellersubscription.products.listpaymentsresellersubscription.promotions.listpaymentsresellersubscription.subscriptions.cancelpaymentsresellersubscription.subscriptions.extendpaymentsresellersubscription.subscriptions.getpaymentsresellersubscription.subscriptions.provisionpaymentsresellersubscription.subscriptions.undoCancel |
| Payments Reseller Subscription | Supported In Custom Roles |
paymentsresellersubscription.products.listpaymentsresellersubscription.promotions.listpaymentsresellersubscription.subscriptions.cancelpaymentsresellersubscription.subscriptions.extendpaymentsresellersubscription.subscriptions.getpaymentsresellersubscription.subscriptions.provisionpaymentsresellersubscription.subscriptions.undoCancel |
Cloud IAM changes as of 2021-05-28
| Service | Change | Description |
|---|---|---|
| Anthos Service Mesh | Role Updated |
The following permissions have been added to the role container.clusters.get |
| Apigee | Role Updated |
The following permissions have been added to the role apigee.developersubscriptions.createapigee.developersubscriptions.getapigee.developersubscriptions.listapigee.developersubscriptions.updateapigee.rateplans.getapigee.rateplans.list |
| Apigee | Role Updated |
The following permissions have been added to the role iam.serviceAccounts.getAccessTokeniam.serviceAccounts.getOpenIdToken |
| Content Warehouse | Now GA |
The role |
| Resource Settings | Now GA |
The role |
| Resource Settings | Now GA |
The role |
| Cloud Asset Inventory | Added |
cloudasset.assets.analyzeMove |
| Cloud Asset Inventory | Now GA |
cloudasset.assets.analyzeMove |
| Dialogflow | Added |
dialogflow.securitySettings.createdialogflow.securitySettings.deletedialogflow.securitySettings.getdialogflow.securitySettings.listdialogflow.securitySettings.update |
| Dialogflow | Now GA |
dialogflow.securitySettings.createdialogflow.securitySettings.deletedialogflow.securitySettings.getdialogflow.securitySettings.listdialogflow.securitySettings.update |
| Cloud DNS | Added |
dns.resourceRecordSets.get |
| Cloud DNS | Supported In Custom Roles |
dns.resourceRecordSets.get |
| Cloud DNS | Now GA |
dns.resourceRecordSets.get |
| Resource Settings | Added |
resourcesettings.settings.getresourcesettings.settings.listresourcesettings.settings.update |
| Resource Settings | Supported In Custom Roles |
resourcesettings.settings.getresourcesettings.settings.list |
| Resource Settings | Now GA |
resourcesettings.settings.getresourcesettings.settings.listresourcesettings.settings.update |
Cloud IAM changes as of 2021-05-14
| Service | Change | Description |
|---|---|---|
| Sensitive Data Protection | Now GA |
The role |
| Sensitive Data Protection | Now GA |
The role |
| Sensitive Data Protection | Now GA |
The role |
| Sensitive Data Protection | Now GA |
The role |
| Sensitive Data Protection | Now GA |
The role |
| Security Command Center | Role Updated |
The following permissions have been added to the role resourcemanager.folders.get |
| Security Command Center | Role Updated |
The following permissions have been added to the role resourcemanager.folders.get |
| Security Command Center | Role Updated |
The following permissions have been added to the role resourcemanager.folders.getresourcemanag |