This page describes changes to the public Identity and Access Management (IAM) permissions for all Generally Available (GA) and Preview services on Google Cloud. This change log can help you maintain and troubleshoot your custom roles.
When a permission is added, IAM does not automatically add the permission to your custom roles.
For changes that occurred before 2022, see Archived permissions change log.
You can see the latest product updates for all of Google Cloud on the Google Cloud page, browse and filter all release notes in the Google Cloud console, or programmatically access release notes in BigQuery.
To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly.
Upcoming IAM changes for the week of 2024-10-28
Service | Description |
---|---|
Artifact Registry |
The Container Registry -> Artifact Registry Migration Admin role ( |
Audit Manager |
The following permissions have been added to the Audit Manager Auditing Service Agent role (
|
Dataplex |
The Dataplex Discovery BigLake Publishing Service Agent role ( |
Dataplex |
The Dataplex Discovery Publishing Service Agent role ( |
Dataplex |
The Dataplex Discovery Service Agent role ( |
Application Design Center |
The DesignCenter Service Agent role ( |
Parallelstore |
The Parallelstore Admin role ( |
Parallelstore |
The Parallelstore Viewer role ( |
Compute Engine |
The following permissions have been added:
|
Compute Engine |
The following permissions are supported in custom roles:
|
Network Services |
The following permissions have been added:
|
Network Services |
The following permissions are supported in custom roles:
|
Cloud OS Config |
The following permissions have been added:
|
Cloud OS Config |
The following permissions are supported in custom roles:
|
Parallelstore |
The following permissions have been added:
|
Parallelstore |
The following permissions are supported in custom roles:
|
Parallelstore |
The following permissions have reached General Availability (GA):
|
Secure Source Manager |
The following permissions have been added:
|
Secure Source Manager |
The following permissions are supported in custom roles:
|
IAM changes as of 2024-10-25
Service | Description |
---|---|
Anthos Support |
The following permissions have been added to the Anthos Support Service Agent role (
|
Batch |
The following permissions have been added to the Google Batch Service Agent role (
|
Cloud TPU |
The following permissions have been added to the Cloud TPU V2 API Service Agent role (
|
Cloud Composer |
The following permissions have been added to the Cloud Composer API Service Agent role (
|
Compute Engine |
The following permissions have been added to the Compute Admin role (
|
Compute Engine |
The following permissions have been added to the Compute Instance Admin (beta) role (
|
Compute Engine |
The following permissions have been added to the Compute Instance Admin (v1) role (
|
Google Kubernetes Engine |
The following permissions have been added to the Kubernetes Engine Service Agent role (
|
Dataflow |
The following permissions have been added to the Cloud Dataflow Service Agent role (
|
Database Migration Service |
The following permissions have been added to the Database Migration Service Agent role (
|
Dataproc |
The following permissions have been added to the Dataproc Service Agent role (
|
Data Security Posture Management |
The following permissions have been added to the DSPM Service Agent role (
|
Cloud Life Sciences |
The following permissions have been added to the Genomics Service Agent role (
|
Cloud Life Sciences |
The following permissions have been added to the Cloud Life Sciences Service Agent role (
|
Notebooks |
The following permissions have been added to the Notebooks Legacy Admin role (
|
Notebooks |
The following permissions have been added to the AI Platform Notebooks Service Agent role (
|
Conversational Insights |
The following permissions have been added:
|
Conversational Insights |
The following permissions are supported in custom roles:
|
Conversational Insights |
The following permissions have reached General Availability (GA):
|
Network Connectivity Center |
The following permissions have been added:
|
Network Connectivity Center |
The following permissions are supported in custom roles:
|
Network Connectivity Center |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2024-10-18
Service | Description |
---|---|
Backup and Disaster Recovery |
The following permissions have been added to the Backup and DR Compute Engine Operator role (
|
BigQuery Data Policy |
The BigQuery Data Policy Admin role ( |
BigQuery Data Policy |
The BigQuery Data Policy Viewer role ( |
Database Migration Service |
The following permissions have been added to the Database Migration Service Agent role (
|
Dataplex |
The following permissions have been added to the Dataplex Aspect Type Owner role (
|
Dataplex |
The following permissions have been added to the Dataplex Aspect Type User role (
|
Dataplex |
The following permissions have been added to the Dataplex Catalog Admin role (
|
Dataplex |
The following permissions have been added to the Dataplex Catalog Editor role (
|
Dataplex |
The following permissions have been added to the Dataplex Catalog Viewer role (
|
Dataplex |
The following permissions have been added to the Dataplex Entry Group Owner role (
|
Dataplex |
The following permissions have been added to the Dataplex Entry Owner role (
|
Dataplex |
The following permissions have been added to the Dataplex Entry Type Owner role (
|
Dataplex |
The following permissions have been added to the Dataplex Entry Type User role (
|
FleetEngine |
The following permissions have been added to the FleetEngine Service Agent role (
|
Service Usage |
The following permissions have been added to the API Keys Admin role (
|
Audit Manager |
The following permissions have been added:
|
Audit Manager |
The following permissions are supported in custom roles:
|
Blockchain Validator Manager |
The following permissions have been added:
|
Blockchain Validator Manager |
The following permissions are supported in custom roles:
|
Compute Engine |
The following permissions have been added:
|
Database Migration Service |
The following permissions have been added:
|
Database Migration Service |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2024-10-11
Service | Description |
---|---|
Backup and Disaster Recovery |
The Backup and DR Backup Vault Accessor role ( |
Backup and Disaster Recovery |
The Backup and DR Backup Vault Admin role ( |
Backup and Disaster Recovery |
The Backup and DR Backup Vault Lister role ( |
Backup and Disaster Recovery |
The Backup and DR Backup Vault Viewer role ( |
Google Security Operations |
The following permissions have been added to the Chronicle SOAR Service Agent role (
|
Cloud Controls Partner API |
The Cloud Controls Partner Support Case Service Agent role ( |
Cloud Composer |
The following permissions have been added to the Cloud Composer API Service Agent role (
|
Google Kubernetes Engine |
The Kubernetes Engine KMS Crypto Key User role ( |
Dataflow |
The following permissions have been added to the Cloud Dataflow Service Agent role (
|
Dataproc Resource Manager |
The Dataproc Resource Manager Node Service Agent role ( |
Eventarc |
The following permissions have been added to the Eventarc Service Agent role (
|
Oracle Database@Google Cloud service agent |
The Oracle Database@Google Cloud Service Agent role ( |
Oracle Database@Google Cloud |
The following permissions have been added to the Oracle Database@Google Cloud VM Cluster Admin role (
|
Backup and Disaster Recovery |
The following permissions have reached General Availability (GA):
|
Cloud Controls Partner API |
The following permissions have been added:
|
Cloud Controls Partner API |
The following permissions are supported in custom roles:
|
Eventarc |
The following permissions have been added:
|
Cloud Integrations |
The following permissions have been added:
|
Cloud Integrations |
The following permissions have reached General Availability (GA):
|
Cloud Logging |
The following permissions have been added:
|
Cloud Logging |
The following permissions are supported in custom roles:
|
Recommender |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2024-10-04
Service | Description |
---|---|
Cloud Billing |
The following permissions have been added to the Billing Account Administrator role (
|
Cloud Build |
The following permissions have been added to the Cloud Build Service Agent role (
|
Dialogflow |
The following permissions have been added to the Dialogflow Service Agent role (
|
Sensitive Data Protection |
The following permissions have been added to the DLP Organization Data Profiles Driver role (
|
Sensitive Data Protection |
The following permissions have been added to the DLP Project Data Profiles Driver role (
|
Spanner |
The following permissions have been added to the Cloud Spanner Backup Admin role (
|
Spanner |
The following permissions have been added to the Cloud Spanner Backup Writer role (
|
Vertex AI |
The following permissions have been added:
|
BigQuery Migration API |
The following permissions have been added:
|
BigQuery Migration API |
The following permissions have reached General Availability (GA):
|
Cloud SQL |
The following permissions have been added:
|
Cloud SQL |
The following permissions are supported in custom roles:
|
Cloud SQL |
The following permissions have reached General Availability (GA):
|
Cloud Trace |
The following permissions have been added:
|
Cloud Trace |
The following permissions are supported in custom roles:
|
Cloud Logging |
The following permissions have been added:
|
Cloud Logging |
The following permissions are supported in custom roles:
|
Cloud Logging |
The following permissions have reached General Availability (GA):
|
Network Security |
The following permissions have been added:
|
Network Security |
The following permissions are supported in custom roles:
|
Cloud Storage |
The following permissions have been added:
|
Cloud Storage |
The following permissions have reached General Availability (GA):
|
Google Cloud VMware Engine |
The following permissions have been added:
|
Google Cloud VMware Engine |
The following permissions are supported in custom roles:
|
Google Cloud VMware Engine |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2024-09-27
Service | Description |
---|---|
Vertex AI |
The following permissions have been added to the Vertex AI RAG Data Service Agent role (
|
Vertex AI |
The following permissions have been added to the Vertex AI Service Agent role (
|
Cloud Key Management Service |
The Cloud KMS Autokey Admin role ( |
Cloud Key Management Service |
The Cloud KMS Autokey User role ( |
Cloud Commerce Consumer Procurement |
The Consumer Procurement License Pool Editor role (
|
Cloud Commerce Consumer Procurement |
The Consumer Procurement License Pool Viewer role (
|
Cloud Commerce Consumer Procurement |
The following permissions have been added to the Consumer Procurement Order Viewer role (
|
Cloud Commerce Consumer Procurement |
The following permissions have been added to the Consumer Procurement Viewer role (
|
Conversational Insights |
The following permissions have been added to the Contact Center AI Insights editor role (
|
Database Migration Service |
The following permissions have been added to the Database Migration Service Agent role (
|
Dialogflow |
The following permissions have been added to the Dialogflow Service Agent role (
|
Oracle Database@Google Cloud |
The Oracle Database@Google Cloud admin role ( |
Oracle Database@Google Cloud |
The Oracle Database@Google Cloud Autonomous Database Admin role ( |
Oracle Database@Google Cloud |
The Oracle Database@Google Cloud Autonomous Database Viewer role ( |
Oracle Database@Google Cloud |
The Oracle Database@Google Cloud Exadata Infrastructure Admin role ( |
Oracle Database@Google Cloud |
The Oracle Database@Google Cloud Exadata Infrastructure Viewer role ( |
Oracle Database@Google Cloud |
The Oracle Database@Google Cloud VM Cluster Admin role ( |
Oracle Database@Google Cloud |
The Oracle Database@Google Cloud VM Cluster Viewer role ( |
Oracle Database@Google Cloud |
The Oracle Database@Google Cloud viewer role ( |
Apigee |
The following permissions have been added:
|
Apigee |
The following permissions are supported in custom roles:
|
Apigee |
The following permissions have reached General Availability (GA):
|
Artifact Registry |
The following permissions have been added:
|
Artifact Registry |
The following permissions have reached General Availability (GA):
|
Backup and Disaster Recovery |
The following permissions have been added:
|
Cloud Key Management Service |
The following permissions have reached General Availability (GA):
|
Compute Engine |
The following permissions have been added:
|
Compute Engine |
The following permissions have reached General Availability (GA):
|
Connectors |
The following permissions have been added:
|
Connectors |
The following permissions are supported in custom roles:
|
Connectors |
The following permissions have reached General Availability (GA):
|
Cloud Commerce Consumer Procurement |
The following permissions have been added:
|
Cloud Commerce Consumer Procurement |
The following permissions are supported in custom roles:
|
Cloud Commerce Consumer Procurement |
The following permissions have reached General Availability (GA):
|
Conversational Insights |
The following permissions have been added:
|
Dataplex |
The following permissions have been added:
|
Dataplex |
The following permissions are supported in custom roles:
|
Dataproc |
The following permissions have been added:
|
Dataproc |
The following permissions are supported in custom roles:
|
Dataproc |
The following permissions have reached General Availability (GA):
|
Google Cloud NetApp Volumes |
The following permissions have been added:
|
Google Cloud NetApp Volumes |
The following permissions are supported in custom roles:
|
Google Cloud Observability |
The following permissions are supported in custom roles:
|
Oracle Database@Google Cloud |
The following permissions have been added:
|
Oracle Database@Google Cloud |
The following permissions are supported in custom roles:
|
Oracle Database@Google Cloud |
The following permissions have reached General Availability (GA):
|
Recommender |
The following permissions have been added:
|
Recommender |
The following permissions are supported in custom roles:
|
Cloud Storage |
The following permissions have been added:
|
Cloud Storage |
The following permissions are supported in custom roles:
|
IAM changes as of 2024-09-20
Service | Description |
---|---|
Vertex AI |
The Vertex AI Batch Prediction Service Agent role ( |
Google Security Operations |
The following permissions have been added to the Chronicle API Admin role (
|
Google Security Operations |
The following permissions have been added to the Chronicle API Editor role (
|
Google Security Operations |
The following permissions have been added to the Chronicle API Viewer role (
|
Cloud SQL |
The Cloud SQL Studio User role ( |
Cloud Trace |
The following permissions have been added to the Cloud Trace Admin role (
|
Cloud Trace |
The following permissions have been added to the Cloud Trace User role (
|
Firebase |
The following permissions have been added to the Firebase Develop Viewer role (
|
Firebase |
The following permissions have been added to the Firebase Grow Admin role (
|
Firebase |
The following permissions have been added to the Firebase Grow Viewer role (
|
Firebase |
The following permissions have been added to the Firebase Quality Admin role (
|
Firebase |
The following permissions have been added to the Firebase Quality Viewer role (
|
Firebase |
The following permissions have been added to the Firebase Viewer role (
|
Dataproc Metastore |
The following permissions have been added to the Dataproc Metastore Service Agent role (
|
Artifact Registry |
The following permissions have been added:
|
Artifact Registry |
The following permissions have reached General Availability (GA):
|
Assured Workloads |
The following permissions have been added:
|
Assured Workloads |
The following permissions have reached General Availability (GA):
|
BigQuery |
The following permissions are supported in custom roles:
|
Google Security Operations |
The following permissions have been added:
|
Google Security Operations |
The following permissions are supported in custom roles:
|
Google Security Operations Service Management |
The following permissions have been added:
|
Google Security Operations Service Management |
The following permissions have reached General Availability (GA):
|
Cloud SQL |
The following permissions have been added:
|
Cloud SQL |
The following permissions are supported in custom roles:
|
Cloud SQL |
The following permissions have reached General Availability (GA):
|
Conversational Insights |
The following permissions have been added:
|
Conversational Insights |
The following permissions are supported in custom roles:
|
Security Command Center |
The following permissions have been added:
|
Security Command Center |
The following permissions are supported in custom roles:
|
Security Command Center |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2024-09-13
Service | Description |
---|---|
Apigee |
The Apigee Deployment Invoker role ( |
Cloud Key Management Service |
The following permissions have been added to the Cloud KMS Autokey User role (
|
Data Catalog |
The following permissions have been added to the DataCatalog Glossary Owner role (
|
Data Catalog |
The following permissions have been added to the DataCatalog Glossary User role (
|
Dialogflow |
The following permissions have been added to the Dialogflow Service Agent role (
|
Google Cloud Managed Service for Apache Kafka |
The following permissions have been added to the Managed Kafka Service Agent role (
|
Cloud Run |
The following permissions have been removed from the Cloud Run Service Agent role (
|
SecLM |
The following permissions have been added to the SecLM Service Agent role (
|
SecLM |
The following permissions have been removed from the SecLM Service Agent role (
|
Cloud Run |
The following permissions have been removed from the Cloud Run Service Agent role (
|
Apigee |
The following permissions have been added:
|
Apigee |
The following permissions are supported in custom roles:
|
Apigee |
The following permissions have reached General Availability (GA):
|
Compute Engine |
The following permissions have been added:
|
Compute Engine |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2024-09-06
Service | Description |
---|---|
Vertex AI |
The following permissions have been added to the Vertex AI Tuning Service Agent role (
|
Compute Engine |
The following permissions have been added to the Compute Load Balancer Services User role (
|
Discovery Engine |
The following permissions have been added to the Discovery Engine Admin role (
|
Discovery Engine |
The following permissions have been added to the Discovery Engine Editor role (
|
Discovery Engine |
The following permissions have been added to the Discovery Engine Viewer role (
|
Distributed Cloud Edge Container |
The following permissions have been added to the Edge Container Cluster Service Agent role (
|
Cloud Run |
The following permissions have been added to the Cloud Run Service Agent role (
|
SecLM |
The following permissions have been added to the SecLM Service Agent role (
|
Cloud Run |
The following permissions have been added to the Cloud Run Service Agent role (
|
Basic Role |
The following permissions have been added to the Viewer role (
|
Compute Engine |
The following permissions are supported in custom roles:
|
Discovery Engine |
The following permissions have been added:
|
Discovery Engine |
The following permissions are supported in custom roles:
|
Google Cloud NetApp Volumes |
The following permissions have been added:
|
Google Cloud NetApp Volumes |
The following permissions are supported in custom roles:
|
Spanner |
The following permissions have been added:
|
Spanner |
The following permissions are supported in custom roles:
|
Spanner |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2024-08-30
Service | Description |
---|---|
Datastore |
The Cloud Datastore Bulk Admin role ( |
Distributed Cloud Edge Container |
The following permissions have been added to the Edge Container Cluster Service Agent role (
|
Distributed Cloud Edge Container |
The following permissions have been added to the Edge Container Service Agent role (
|
Identity and Access Management |
The following permissions have been added to the Principal Access Boundary Policy Admin role (
|
BigQuery Engine for Apache Flink |
The Managed Flink Service Agent role ( |
Remoting Cloud |
The Remoting Cloud Service Agent role ( |
BigQuery |
The following permissions have been added:
|
BigQuery |
The following permissions are supported in custom roles:
|
Gemini for Google Cloud API |
The following permissions have been added:
|
Gemini for Google Cloud API |
The following permissions are supported in custom roles:
|
Datastore |
The following permissions have been added:
|
Datastore |
The following permissions have reached General Availability (GA):
|
BigQuery Engine for Apache Flink |
The following permissions have been added:
|
BigQuery Engine for Apache Flink |
The following permissions are supported in custom roles:
|
Network Services |
The following permissions have been added:
|
Network Services |
The following permissions are supported in custom roles:
|
Secure Source Manager |
The following permissions have been added:
|
Secure Source Manager |
The following permissions are supported in custom roles:
|
IAM changes as of 2024-08-23
Service | Description |
---|---|
Compute Engine |
The following permissions have been added to the Compute Organization Firewall Policy Admin role (
|
Cloud Integrations |
The following permissions have been added to the Application Integration Editor role (
|
Service Networking |
The following permissions have been added to the Service Networking Service Agent role (
|
VM Migration |
The following permissions have been added to the VM Migration Service Agent role (
|
Cloud Integrations |
The following permissions have been added:
|
Cloud Integrations |
The following permissions have reached General Availability (GA):
|
Google Cloud Migration Center |
The following permissions have been added:
|
Network Security |
The following permissions have been added:
|
Network Security |
The following permissions are supported in custom roles:
|
Recommender |
The following permissions have been added:
|
Recommender |
The following permissions are supported in custom roles:
|
Security Command Center |
The following permissions have been added:
|
Security Command Center |
The following permissions are supported in custom roles:
|
IAM changes as of 2024-08-16
Service | Description |
---|---|
Vertex AI |
The following permissions have been added to the Vertex AI RAG Data Service Agent role (
|
Vertex AI |
The following permissions have been added to the Vertex AI Tuning Service Agent role (
|
Backup and Disaster Recovery |
The following permissions have been added to the Backup and DR Compute Engine Operator role (
|
Backup and Disaster Recovery |
The following permissions have been added to the Backup and DR Service Agent role (
|
AlloyDB for PostgreSQL |
The following permissions have been added:
|
AlloyDB for PostgreSQL |
The following permissions are supported in custom roles:
|
Artifact Registry |
The following permissions have been added:
|
Artifact Registry |
The following permissions have reached General Availability (GA):
|
Database Migration Service |
The following permissions have been added:
|
Database Migration Service |
The following permissions are supported in custom roles:
|
Database Migration Service |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2024-08-09
Service | Description |
---|---|
Vertex AI |
The following permissions have been added to the Vertex AI Reasoning Engine Service Agent role (
|
Backup and Disaster Recovery |
The following permissions have been added to the Backup and DR Backup Vault Admin role (
|
Backup and Disaster Recovery |
The following permissions have been added to the Backup and DR Restore User role (
|
Backup and Disaster Recovery |
The following permissions have been added to the Backup and DR User V2 role (
|
Capacity Planner |
The following permissions have been added to the Capacity Planner Usage Viewer role (
|
Google Kubernetes Engine |
The Kubernetes Engine Default Node Service Account role ( |
Google Kubernetes Engine |
The following permissions have been added to the Kubernetes Engine Service Agent role (
|
Discovery Engine |
The following permissions have been added to the Discovery Engine Service Agent role (
|
Dataproc Metastore |
The following permissions have been added to the Dataproc Metastore Managed Migration Admin role (
|
Cloud Monitoring |
The following permissions have been added to the Monitoring Service Agent role (
|
Service Networking |
The following permissions have been removed from the Service Networking Service Agent role (
|
Cloud Key Management Service |
The following permissions have been added:
|
Compute Engine |
The following permissions have reached General Availability (GA):
|
Conversational Insights |
The following permissions have been added:
|
Conversational Insights |
The following permissions are supported in custom roles:
|
BigQuery Engine for Apache Flink |
The following permissions have been added:
|
BigQuery Engine for Apache Flink |
The following permissions are supported in custom roles:
|
Network Management API |
The following permissions have been added:
|
Network Management API |
The following permissions are supported in custom roles:
|
Network Management API |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2024-08-02
Service | Description |
---|---|
Google Security Operations |
The following permissions have been added to the Chronicle SOAR Service Agent role (
|
Cloud Controls Partner API |
The following permissions have been added to the Cloud Controls Partner Admin role (
|
Connectors |
The following permissions have been added to the Connectors Platform Service Agent role (
|
Dataproc |
The following permissions have been added to the Dataproc Worker role (
|
Data Security Posture Management |
The DSPM Service Agent role ( |
Backup and Disaster Recovery |
The following permissions have been added:
|
Backup and Disaster Recovery |
The following permissions are supported in custom roles:
|
Chrome Enterprise Premium |
The following permissions have been added:
|
Data Catalog |
The following permissions have been added:
|
Data Catalog |
The following permissions are supported in custom roles:
|
Dataform |
The following permissions have been added:
|
Dataform |
The following permissions are supported in custom roles:
|
Dataform |
The following permissions have reached General Availability (GA):
|
Discovery Engine |
The following permissions have been added:
|
Discovery Engine |
The following permissions are supported in custom roles:
|
Discovery Engine |
The following permissions have reached General Availability (GA):
|
Memorystore |
The following permissions have been added:
|
Memorystore |
The following permissions are supported in custom roles:
|
IAM changes as of 2024-07-26
Service | Description |
---|---|
Vertex AI |
The following permissions have been added to the Vertex AI Extension Service Agent role (
|
Cloud Service Mesh |
The following permissions have been added to the Anthos Service Mesh Service Agent role (
|
BigQuery |
The following permissions have been added to the BigQuery Admin role (
|
BigQuery |
The following permissions have been added to the BigQuery Metadata Viewer role (
|
BigQuery |
The following permissions have been added to the BigQuery Studio Admin role (
|
BigQuery |
The following permissions have been added to the BigQuery Studio User role (
|
BigQuery |
The following permissions have been added to the BigQuery User role (
|
Google Security Operations |
The following permissions have been added to the Chronicle API Limited Viewer role (
|
Google Security Operations |
The following permissions have been added to the Chronicle API Restricted Data Access Viewer role (
|
Cloud Composer |
The following permissions have been added to the Cloud Composer API Service Agent role (
|
Data Catalog |
The following permissions have been added to the Data Catalog Admin role (
|
Data Catalog |
The following permissions have been added to the DataCatalog Data Steward role (
|
Data Catalog |
The following permissions have been added to the DataCatalog EntryGroup Creator role (
|
Data Catalog |
The following permissions have been added to the DataCatalog EntryGroup Owner role (
|
Data Catalog |
The following permissions have been added to the DataCatalog Entry Owner role (
|
Data Catalog |
The following permissions have been added to the DataCatalog Entry Viewer role (
|
Data Catalog |
The following permissions have been added to the DataCatalog Search Admin role (
|
Data Catalog |
The following permissions have been added to the Data Catalog TagTemplate Creator role (
|
Data Catalog |
The following permissions have been added to the Data Catalog TagTemplate Owner role (
|
Data Catalog |
The following permissions have been added to the Data Catalog TagTemplate User role (
|
Data Catalog |
The following permissions have been added to the Data Catalog TagTemplate Viewer role (
|
Data Catalog |
The following permissions have been added to the Data Catalog Viewer role (
|
Dataflow |
The following permissions have been added to the Cloud Dataflow Service Agent role (
|
Dataplex |
The following permissions have been added to the Cloud Dataplex Service Agent role (
|
Dataprep by Trifacta |
The following permissions have been added to the Dataprep Service Agent role (
|
Dataproc |
The following permissions have been added to the Dataproc Hub Agent role (
|
Sensitive Data Protection |
The following permissions have been added to the DLP Organization Data Profiles Driver role (
|
Sensitive Data Protection |
The following permissions have been added to the DLP Project Data Profiles Driver role (
|
Sensitive Data Protection |
The following permissions have been added to the DLP API Service Agent role (
|
Firebase App Hosting |
The Firebase App Hosting Service Agent role ( |
Cloud Logging |
The following permissions have been added to the Logging Admin role (
|
Cloud Logging |
The following permissions have been added to the Logs Configuration Writer role (
|
Cloud Logging |
The following permissions have been added to the Private Logs Viewer role (
|
Cloud Logging |
The following permissions have been added to the Logs Viewer role (
|
Memorystore |
The Cloud Memorystore Service Agent role ( |
Telco Automation API |
The following permissions have been added to the Telco Automation Admin role (
|
Telco Automation API |
The following permissions have been added to the Telco Automation Tier 1 Operations Admin role (
|
Telco Automation API |
The following permissions have been added to the Telco Automation Tier 4 Operations Admin role (
|
Apigee |
The following permissions have been added:
|
Apigee |
The following permissions are supported in custom roles:
|
Apigee |
The following permissions have reached General Availability (GA):
|
Google Security Operations |
The following permissions have been added:
|
Google Security Operations |
The following permissions are supported in custom roles:
|
Compute Engine |
The following permissions have been added:
|
Compute Engine |
The following permissions are supported in custom roles:
|
Compute Engine |
The following permissions have reached General Availability (GA):
|
Conversational Insights |
The following permissions have been added:
|
Conversational Insights |
The following permissions are supported in custom roles:
|
Dataplex |
The following permissions have been added:
|
Dataplex |
The following permissions are supported in custom roles:
|
Dataplex |
The following permissions have reached General Availability (GA):
|
GDC Hardware Management API |
The following permissions have been added:
|
GDC Hardware Management API |
The following permissions are supported in custom roles:
|
Identity and Access Management |
The following permissions have been added:
|
Identity and Access Management |
The following permissions are supported in custom roles:
|
Retail API |
The following permissions have been added:
|
Retail API |
The following permissions have reached General Availability (GA):
|
Secret Manager |
The following permissions have been added:
|
Secret Manager |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2024-07-19
Service | Description |
---|---|
Vertex AI |
The following permissions have been added to the Vertex AI RAG Data Service Agent role (
|
Vertex AI |
The following permissions have been added to the Vertex AI Service Agent role (
|
Vertex AI |
The following permissions have been added to the Vertex AI Tuning Service Agent role (
|
Cloud Service Mesh |
The following permissions have been added to the Anthos Service Mesh Service Agent role (
|
Batch |
The Batch Administrator role ( |
Batch |
The Batch Agent Reporter role ( |
Batch |
The Batch Job Editor role ( |
Batch |
The Batch Job Viewer role ( |
Batch |
The Batch ResourceAllowance Editor role ( |
Batch |
The Batch ResourceAllowance Viewer role ( |
Recommender |
The BigQuery Materialized View Recommender Admin role ( |
Recommender |
The BigQuery Materialized View Recommender Viewer role ( |
Spectrum Access System (SAS) |
The following permissions have been added to the Spectrum SAS Service Agent role (
|
Workload Manager |
The following permissions have been added to the Workload Manager Workload Viewer role (
|
Vertex AI |
The following permissions have reached General Availability (GA):
|
Batch |
The following permissions have been added:
|
Batch |
The following permissions have reached General Availability (GA):
|
Cloud Deploy |
The following permissions have been added:
|
Cloud Deploy |
The following permissions are supported in custom roles:
|
Discovery Engine |
The following permissions have been added:
|
Discovery Engine |
The following permissions are supported in custom roles:
|
Google Cloud Managed Service for Apache Kafka |
The following permissions have been added:
|
Google Cloud Managed Service for Apache Kafka |
The following permissions are supported in custom roles:
|
Recommender |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2024-07-12
Service | Description |
---|---|
Gemini for Google Cloud API |
The following permissions have been added to the Cloud AI Companion Service Agent role (
|
Cloud Commerce Consumer Procurement |
The following permissions have been added to the Consumer Procurement Entitlement Manager role (
|
Cloud Commerce Consumer Procurement |
The following permissions have been added to the Consumer Procurement Entitlement Viewer role (
|
Cloud Run |
The following permissions have been added to the Cloud Run Service Agent role (
|
AlloyDB for PostgreSQL |
The following permissions have been added:
|
AlloyDB for PostgreSQL |
The following permissions are supported in custom roles:
|
API Management |
The following permissions have been added:
|
API Management |
The following permissions are supported in custom roles:
|
Spanner |
The following permissions have been added:
|
Spanner |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2024-07-05
Service | Description |
---|---|
Cloud TPU |
The following permissions have been added to the Cloud TPU V2 API Service Agent role (
|
Cloud Composer |
The following permissions have been added to the Cloud Composer API Service Agent role (
|
Compute Engine |
The following permissions have been added to the Compute Network Admin role (
|
Compute Engine |
The following permissions have been added to the Compute Network User role (
|
Compute Engine |
The following permissions have been added to the Compute Network Viewer role (
|
Google Kubernetes Engine |
The following permissions have been added to the Kubernetes Engine Service Agent role (
|
Dataflow |
The following permissions have been added to the Cloud Dataflow Service Agent role (
|
Cloud Data Fusion |
The following permissions have been added to the Cloud Data Fusion API Service Agent role (
|
Data Pipelines |
The following permissions have been added to the Datapipelines Service Agent role (
|
Dataplex |
The following permissions have been added to the Cloud Dataplex Service Agent role (
|
Dataproc |
The following permissions have been added to the Dataproc Service Agent role (
|
Sensitive Data Protection |
The following permissions have been added to the DLP Organization Data Profiles Driver role (
|
Sensitive Data Protection |
The following permissions have been added to the DLP Project Data Profiles Driver role (
|
Sensitive Data Protection |
The following permissions have been added to the DLP API Service Agent role (
|
Firebase |
The following permissions have been added to the Firebase Admin role (
|
Firebase |
The following permissions have been added to the Firebase Develop Admin role (
|
Identity and Access Management |
The following permissions have been added to the Security Admin role (
|
Identity and Access Management |
The following permissions have been added to the Security Reviewer role (
|
Dataproc Metastore |
The Dataproc Metastore Managed Migration Admin role ( |
Dataproc Metastore |
The following permissions have been added to the Dataproc Metastore Managed Migration Admin role (
|
AI Platform |
The following permissions have been added to the AI Platform Service Agent role (
|
Cloud Monitoring |
The following permissions have been added to the Monitoring Service Agent role (
|
Cloud Storage |
The following permissions have been added to the Storage Admin role (
|
Vision AI |
The following permissions have been added to the Cloud Vision AI Service Agent role (
|
Visual Inspection AI |
The following permissions have been added to the Visual Inspection AI Service Agent role (
|
Vertex AI |
The following permissions have been added:
|
Bare Metal Solution |
The following permissions have been added:
|
Bare Metal Solution |
The following permissions are supported in custom roles:
|
Bare Metal Solution |
The following permissions have reached General Availability (GA):
|
Bigtable |
The following permissions have been added:
|
Discovery Engine |
The following permissions have been added:
|
Discovery Engine |
The following permissions are supported in custom roles:
|
Discovery Engine |
The following permissions have reached General Availability (GA):
|
Firebase Data Connect |
The following permissions have been added:
|
Firebase Data Connect |
The following permissions are supported in custom roles:
|
Identity and Access Management |
The following permissions have been added:
|
Identity and Access Management |
The following permissions have been added:
|
Dataproc Metastore |
The following permissions have reached General Availability (GA):
|
Google Cloud Observability |
The following permissions have been added:
|
Resource Manager |
The following permissions have been added:
|
IAM changes as of 2024-06-14
Service | Description |
---|---|
Config Management |
The following permissions have been added to the Anthos Config Management Service Agent role (
|
GKE Identity Service |
The following permissions have been added to the Anthos Identity Service Agent role (
|
Policy Controller |
The following permissions have been added to the Anthos Policy Controller Service Agent role (
|
Cloud Service Mesh |
The following permissions have been added to the Anthos Service Mesh Service Agent role (
|
App Development Experience |
The following permissions have been added to the App Development Experience Service Agent role (
|
Backup and Disaster Recovery |
The Backup and DR Management Server Accessor role (
|
Google Security Operations |
The following permissions have been removed from the Chronicle API Restricted Data Access Viewer role (
|
Google Security Operations |
The following permissions have been added to the Chronicle Service Agent role (
|
Google Security Operations |
The following permissions have been added to the Chronicle SOAR Admin role (
|
Google Security Operations |
The following permissions have been added to the Chronicle SOAR Service Agent role (
|
Google Security Operations |
The following permissions have been added to the Chronicle SOAR Threat Manager role (
|
Google Security Operations |
The following permissions have been added to the Chronicle SOAR Vulnerability Manager role (
|
Config Delivery |
The following permissions have been added to the Config Delivery Service Agent role (
|
GKE Hub |
The following permissions have been added to the GKE Hub Service Agent role (
|
Multi-Cluster Ingress |
The following permissions have been added to the Multi Cluster Ingress Service Agent role (
|
Multi-Cluster Metering |
The following permissions have been added to the Multi-cluster metering Service Agent role (
|
Multi-Cluster Service Discovery |
The following permissions have been added to the Multi-Cluster Service Discovery Service Agent role (
|
Network Connectivity Center |
The Regional Endpoint Admin role ( |
Network Connectivity Center |
The Regional Endpoint Viewer role ( |
Privileged Access Manager |
The Privileged Access Manager Admin role ( |
Privileged Access Manager |
The Privileged Access Manager Viewer role ( |
Secure Source Manager |
The Secure Source Manager Service Agent role ( |
Service Directory |
The following permissions have been added to the Service Directory Service Agent role (
|
Personalized Service Health |
The Personalized Service Health Viewer role ( |
Spectrum Access System (SAS) |
The Spectrum SAS Service Agent role ( |
Google Security Operations |
The following permissions have been added:
|
Google Security Operations |
The following permissions are supported in custom roles:
|
Config Delivery |
The following permissions have been added:
|
Config Delivery |
The following permissions are supported in custom roles:
|
Dataproc Resource Manager |
The following permissions have been added:
|
Dataproc Resource Manager |
The following permissions are supported in custom roles:
|
GKE Hub |
The following permissions have been added:
|
GKE Hub |
The following permissions are supported in custom roles:
|
GKE Hub |
The following permissions have reached General Availability (GA):
|
Maps Analytics |
The following permissions have been added:
|
Maps Analytics |
The following permissions are supported in custom roles:
|
Network Connectivity Center |
The following permissions have reached General Availability (GA):
|
Privileged Access Manager |
The following permissions have reached General Availability (GA):
|
Personalized Service Health |
The following permissions have reached General Availability (GA):
|
Spanner |
The following permissions have been added:
|
Spanner |
The following permissions are supported in custom roles:
|
Workload Manager |
The following permissions have been added:
|
IAM changes as of 2024-05-31
Service | Description |
---|---|
Assured Workloads |
The following permissions have been added to the Assured Workloads Administrator role (
|
Assured Workloads |
The following permissions have been added to the Assured Workloads Editor role (
|
Assured Workloads |
The following permissions have been added to the Assured Workloads Reader role (
|
Google Cloud Support |
The following permissions have been added to the Tech Support Editor role (
|
Config Delivery |
The Config Delivery Service Agent role ( |
Workload Manager |
The following permissions have been added to the Workload Manager Service Agent role (
|
Cloud Workstations |
The following permissions have been added to the Workstations Service Agent role (
|
BigQuery |
The following permissions have been added:
|
BigQuery |
The following permissions are supported in custom roles:
|
BigQuery |
The following permissions have reached General Availability (GA):
|
Cloud Logging |
The following permissions have been added:
|
Cloud Logging |
The following permissions are supported in custom roles:
|
Cloud Logging |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2024-05-24
Service | Description |
---|---|
Audit Manager |
The following permissions have been added to the Audit Manager Auditing Service Agent role (
|
Gemini for Google Cloud API |
The Cloud AI Companion Service Agent role (
|
Dataproc |
The following permissions have been added to the Dataproc Service Agent role (
|
Basic Role |
The following permissions have been added to the Editor role (
|
Eventarc |
The following permissions have been added to the Eventarc Service Agent role (
|
GKE Hub |
The following permissions have been added to the Fleet Project-level Scope Viewer role (
|
GKE Hub |
The following permissions have been added to the GKE Hub Service Agent role (
|
Multi-Cluster Metering |
The following permissions have been added to the Multi-cluster metering Service Agent role (
|
Basic Role |
The following permissions have been added to the Owner role (
|
Route Optimization |
The Route Optimization Editor role ( |
Route Optimization |
The Route Optimization Viewer role ( |
Security Command Center |
The following permissions have been added to the Security Center Admin role (
|
Security Command Center |
The following permissions have been added to the Security Center Settings Admin role (
|
Security Command Center |
The following permissions have been added to the Security Center Settings Editor role (
|
Security Center Management API |
The Security Center Management Services Editor role ( |
Security Center Management API |
The Security Center Management Services Viewer role ( |
Security Center Management API |
The following permissions have been added to the Security Center Management Admin role (
|
Security Center Management API |
The following permissions have been added to the Security Center Management Settings Editor role (
|
Basic Role |
The following permissions have been added to the Viewer role (
|
Basic Role |
The following permissions have been removed from the Viewer role (
|
Vertex AI |
The following permissions have been added:
|
Google Security Operations |
The following permissions have been added:
|
Google Security Operations |
The following permissions are supported in custom roles:
|
Cloud Data Fusion |
The following permissions have been added:
|
Cloud Data Fusion |
The following permissions have reached General Availability (GA):
|
Live Stream |
The following permissions have been added:
|
Live Stream |
The following permissions are supported in custom roles:
|
Live Stream |
The following permissions have reached General Availability (GA):
|
Cloud Logging |
The following permissions have been added:
|
Cloud Logging |
The following permissions are supported in custom roles:
|
Cloud Logging |
The following permissions have reached General Availability (GA):
|
Network Services |
The following permissions have been added:
|
reCAPTCHA |
The following permissions have been added:
|
reCAPTCHA |
The following permissions are supported in custom roles:
|
Route Optimization |
The following permissions have been added:
|
Route Optimization |
The following permissions are supported in custom roles:
|
Route Optimization |
The following permissions have reached General Availability (GA):
|
Security Center Management API |
The following permissions have been added:
|
Security Center Management API |
The following permissions are supported in custom roles:
|
Security Center Management API |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2024-05-10
Service | Description |
---|---|
Vertex AI |
The following permissions have been added to the Vertex AI Administrator role (
|
Vertex AI |
The following permissions have been added to the Colab Enterprise Admin role (
|
Vertex AI |
The following permissions have been added to the Vertex AI Colab Service Agent role (
|
Vertex AI |
The following permissions have been added to the Vertex AI Custom Code Service Agent role (
|
Vertex AI |
The following permissions have been added to the Notebook Runtime Admin role (
|
Vertex AI |
The following permissions have been added to the Vertex AI RAG Data Service Agent role (
|
Vertex AI |
The following permissions have been added to the Vertex AI Service Agent role (
|
Vertex AI |
The following permissions have been added to the Vertex AI User role (
|
Vertex AI |
The following permissions have been added to the Vertex AI Viewer role (
|
API Hub |
The following permissions have been added to the Cloud API Hub Editor role (
|
API Hub |
The following permissions have been removed from the Cloud API Hub Editor role (
|
API Hub |
The following permissions have been added to the Cloud API hub Provisioning Admin role (
|
API Hub |
The following permissions have been added to the Cloud API hub Viewer role (
|
Audit Manager |
The following permissions have been added to the Audit Manager Auditing Service Agent role (
|
BigQuery |
The following permissions have been added to the BigQuery Studio Admin role (
|
Blockchain Node Engine |
The Blockchain Node Engine Service Agent role ( |
Google Security Operations |
The following permissions have been added to the Chronicle API Admin role (
|
Google Security Operations |
The following permissions have been added to the Chronicle API Editor role (
|
Google Security Operations |
The following permissions have been removed from the Chronicle API Editor role (
|
Google Security Operations |
The following permissions have been added to the Chronicle API Restricted Data Access Viewer role (
|
Google Security Operations |
The following permissions have been removed from the Chronicle API Restricted Data Access Viewer role (
|
Google Security Operations |
The following permissions have been added to the Chronicle Service Agent role (
|
Google Security Operations |
The following permissions have been added to the Chronicle API Viewer role (
|
Google Security Operations |
The following permissions have been removed from the Chronicle API Viewer role (
|
Cloud Build |
The following permissions have been added to the Cloud Build Service Agent role (
|
Conversational Insights |
The following permissions have been added to the Contact Center AI Insights editor role (
|
Conversational Insights |
The following permissions have been added to the Contact Center AI Insights viewer role (
|
Dataform |
The Code Creator role ( |
Dataform |
The Code Editor role ( |
Dataform |
The Code Owner role ( |
Dataform |
The Code Viewer role ( |
Discovery Engine |
The following permissions have been added to the Discovery Engine Admin role (
|
Discovery Engine |
The following permissions have been added to the Discovery Engine Editor role (
|
Discovery Engine |
The following permissions have been added to the Discovery Engine Viewer role (
|
Sensitive Data Protection |
The DLP File Store Data Profiles Admin role ( |
Sensitive Data Protection |
The DLP File Store Data Profiles Reader role ( |
Sensitive Data Protection |
The following permissions have been added to the DLP Administrator role (
|
Sensitive Data Protection |
The following permissions have been added to the DLP Organization Data Profiles Driver role (
|
Sensitive Data Protection |
The following permissions have been added to the DLP Project Data Profiles Driver role (
|
Cloud DNS |
The Cloud DNS Service Agent role ( |
Basic Role |
The following permissions have been added to the Editor role (
|
GKE Hub |
The Fleet Scope Admin role ( |
GKE Hub |
The Fleet Scope Editor role ( |
GKE Hub |
The Fleet Project-level Scope Editor role ( |
GKE Hub |
The Fleet Project-level Scope Viewer role ( |
Google Cloud Managed Service for Apache Kafka |
The Managed Kafka Service Agent role ( |
Progressive Rollout |
The Progressive Rollout Service Agent role ( |
Basic Role |
The following permissions have been added to the Viewer role (
|
Basic Role |
The following permissions have been removed from the Viewer role (
|
Visual Inspection AI |
The following permissions have been added to the Visual Inspection AI Service Agent role (
|
Cloud Workstations |
The following permissions have been added to the Workstations Service Agent role (
|
Vertex AI |
The following permissions have been added:
|
Vertex AI |
The following permissions have reached General Availability (GA):
|
AlloyDB for PostgreSQL |
The following permissions have been added:
|
AlloyDB for PostgreSQL |
The following permissions are supported in custom roles:
|
Google Security Operations |
The following permissions have been added:
|
Google Security Operations |
The following permissions are supported in custom roles:
|
Cloud Key Management Service |
The following permissions have been added:
|
Conversational Insights |
The following permissions have been added:
|
Conversational Insights |
The following permissions are supported in custom roles:
|
Developer Connect |
The following permissions have been added:
|
Developer Connect |
The following permissions are supported in custom roles:
|
Sensitive Data Protection |
The following permissions have been added:
|
Sensitive Data Protection |
The following permissions have reached General Availability (GA):
|
GKE Hub |
The following permissions have been added:
|
reCAPTCHA |
The following permissions have been added:
|
Security Command Center |
The following permissions have been added:
|
IAM changes as of 2024-04-26
Service | Description |
---|---|
API Hub |
The API-Hub Runtime Project Service Agent role ( |
Capacity Planner |
The following permissions have been added to the Capacity Planner Usage Viewer role (
|
Cloud Infrastructure Entitlement Management (CIEM) |
The CIEM Service Agent role ( |
Cloud Deploy |
The Cloud Deploy Custom Target Type Admin role ( |
Compute Engine |
The following permissions have been added to the Compute Instance Admin (beta) role (
|
Dataproc |
The following permissions have been added to the Dataproc Service Agent role (
|
Firebase Data Connect |
The Firebase Data Connect Service Agent role ( |
Cloud OS Config |
The following permissions have been added to the Cloud OS Config Service Agent role (
|
Security Command Center |
The following permissions have been added to the Security Center Admin role (
|
Security Command Center |
The following permissions have been added to the Security Center Settings Admin role (
|
Security Command Center |
The following permissions have been added to the Security Center Settings Editor role (
|
Security Center Management API |
The following permissions have been added to the Security Center Management Admin role (
|
Security Center Management API |
The following permissions have been added to the Security Center Management Settings Editor role (
|
API Management |
The following permissions have been added:
|
API Management |
The following permissions are supported in custom roles:
|
Cloud Deploy |
The following permissions have reached General Availability (GA):
|
Security Center Management API |
The following permissions have been added:
|
Security Center Management API |
The following permissions are supported in custom roles:
|
Security Center Management API |
The following permissions have reached General Availability (GA):
|
Video Stitcher API |
The following permissions have been added:
|
Video Stitcher API |
The following permissions are supported in custom roles:
|
Video Stitcher API |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2024-04-19
Service | Description |
---|---|
Vertex AI |
The Vertex AI Model Monitoring Service Agent role ( |
AlloyDB for PostgreSQL |
The following permissions have been added to the Cloud AlloyDB Admin role (
|
AlloyDB for PostgreSQL |
The following permissions have been added to the Cloud AlloyDB Viewer role (
|
API Management |
The APIM API Discovery Service Agent role (
|
Assured Open Source Software |
The following permissions have been added to the Assured OSS Admin role (
|
Assured Open Source Software |
The following permissions have been added to the Assured OSS Project Admin role (
|
Assured Open Source Software |
The following permissions have been added to the Assured OSS Reader role (
|
Assured Workloads |
The following permissions have been added to the Assured Workloads Service Agent role (
|
Audit Manager |
The following permissions have been added to the Audit Manager Admin role (
|
Audit Manager |
The following permissions have been added to the Audit Manager Auditor role (
|
Compliance Scanning |
The Compliance Scanning Service Agent role ( |
Cloud Config Manager API |
The following permissions have been added to the Cloud Infrastructure Manager Agent role (
|
Conversational Insights |
The following permissions have been added to the Contact Center AI Insights editor role (
|
Conversational Insights |
The following permissions have been added to the Contact Center AI Insights viewer role (
|
Database Migration Service |
The following permissions have been added to the Database Migration Service Agent role (
|
Dataplex |
The Dataplex Catalog Admin role ( |
Dataplex |
The Dataplex Catalog Editor role ( |
Dataplex |
The Dataplex Catalog Viewer role ( |
Dialogflow |
The following permissions have been added to the Dialogflow Service Agent role (
|
Discovery Engine |
The following permissions have been added to the Discovery Engine Service Agent role (
|
Distributed Cloud Edge Container |
The following permissions have been added to the Edge Container Service Agent role (
|
Basic Role |
The following permissions have been added to the Editor role (
|
Firebase |
The following permissions have been added to the Firebase Service Management Service Agent role (
|
ML Kit for Firebase |
The Firebase Machine Learning Service Agent role ( |
GKE Hub |
The Fleet Scope Viewer role ( |
Identity and Access Management |
The following permissions have been added to the Security Admin role (
|
Identity and Access Management |
The following permissions have been added to the Security Reviewer role (
|
Cloud OS Config |
The Project Feature Settings Editor role ( |
Cloud OS Config |
The Project Feature Settings Viewer role ( |
Basic Role |
The following permissions have been added to the Owner role (
|
Security Command Center |
The following permissions have been added to the Security Center Admin role (
|
Security Command Center |
The following permissions have been added to the Security Center Admin Editor role (
|
Security Command Center |
The following permissions have been added to the Security Center Admin Viewer role (
|
Security Center Management API |
The Security Center Management Admin role ( |
Security Center Management API |
The Security Center Management Settings Editor role ( |
Security Center Management API |
The Security Center Management Settings Viewer role ( |
Security Center Management API |
The Security Center Management Viewer role ( |
Service Networking |
The following permissions have been added to the Service Networking Service Agent role (
|
Basic Role |
The following permissions have been added to the Viewer role (
|
Gemini for Google Cloud API |
The following permissions have been added:
|
Gemini for Google Cloud API |
The following permissions are supported in custom roles:
|
Compute Engine |
The following permissions have reached General Availability (GA):
|
Conversational Insights |
The following permissions have been added:
|
Google Kubernetes Engine |
The following permissions have been added:
|
Google Kubernetes Engine |
The following permissions have reached General Availability (GA):
|
Database Center |
The following permissions have been added:
|
Database Center |
The following permissions are supported in custom roles:
|
Dataproc |
The following permissions have been added:
|
Dataproc |
The following permissions are supported in custom roles:
|
Dataproc |
The following permissions have reached General Availability (GA):
|
Discovery Engine |
The following permissions have reached General Availability (GA):
|
Identity and Access Management |
The following permissions have been added:
|
Identity and Access Management |
The following permissions are supported in custom roles:
|
Identity and Access Management |
The following permissions have been added:
|
Identity and Access Management |
The following permissions are supported in custom roles:
|
Cloud Logging |
The following permissions have been added:
|
Cloud Logging |
The following permissions have reached General Availability (GA):
|
Cloud OS Config |
The following permissions have been added:
|
Cloud OS Config |
The following permissions are supported in custom roles:
|
Cloud OS Config |
The following permissions have reached General Availability (GA):
|
Recommender |
The following permissions have been added:
|
Recommender |
The following permissions are supported in custom roles:
|
Security Center Management API |
The following permissions have been added:
|
Security Center Management API |
The following permissions are supported in custom roles:
|
Security Center Management API |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2024-03-29
Service | Description |
---|---|
Vertex AI |
The Vertex AI Extension Custom Code Service Agent role ( |
Vertex AI |
The Vertex AI Rapid Eval Service Agent role ( |
Vertex AI |
The following permissions have been added to the Vertex AI Colab Service Agent role (
|
Vertex AI |
The following permissions have been added to the Vertex AI Extension Service Agent role (
|
Vertex AI |
The following permissions have been added to the Vertex AI Tuning Service Agent role (
|
API Hub |
The API hub attribute admin role (
|
API Hub |
The API hub plugin admin role (
|
API Hub |
The API hub all permissions related to provisioning role (
|
Assured Open Source Software |
The Assured OSS Admin role ( |
Assured Open Source Software |
The Assured OSS Reader role ( |
Assured Open Source Software |
The Assured OSS User role ( |
Google Security Operations |
The following permissions have been removed from the Chronicle API Restricted Data Access Viewer role (
|
Database Migration Service |
The following permissions have been added to the Database Migration Service Agent role (
|
Discovery Engine |
The following permissions have been added to the Discovery Engine Service Agent role (
|
Distributed Cloud Edge Container |
The following permissions have been added to the Edge Container Cluster Service Agent role (
|
Basic Role |
The following permissions have been added to the Editor role (
|
Identity and Access Management |
The following permissions have been added to the Security Admin role (
|
Identity and Access Management |
The following permissions have been added to the Security Reviewer role (
|
Basic Role |
The following permissions have been added to the Owner role (
|
Privileged Access Manager |
The Privileged Access Manager Service Agent role ( |
Cloud Run |
The following permissions have been removed from the Cloud Run Invoker role (
|
Basic Role |
The following permissions have been added to the Viewer role (
|
API Hub |
The following permissions have been added:
|
API Hub |
The following permissions are supported in custom roles:
|
Artifact Registry |
The following permissions have been added:
|
Artifact Registry |
The following permissions have reached General Availability (GA):
|
Assured Open Source Software |
The following permissions have reached General Availability (GA):
|
Google Security Operations |
The following permissions have been added:
|
Google Security Operations |
The following permissions are supported in custom roles:
|
Commerce Org Governance |
The following permissions have been added:
|
Commerce Org Governance |
The following permissions are supported in custom roles:
|
GDC Hardware Management API |
The following permissions have been added:
|
GDC Hardware Management API |
The following permissions are supported in custom roles:
|
Privileged Access Manager |
The following permissions have been added:
|
Privileged Access Manager |
The following permissions are supported in custom roles:
|
Security Posture API |
The following permissions have been added:
|
Security Posture API |
The following permissions are supported in custom roles:
|
Security Posture API |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2024-03-22
Service | Description |
---|---|
Vertex AI |
The Vertex AI Extension Service Agent role ( |
Vertex AI |
The Vertex AI Reasoning Engine Service Agent role ( |
Vertex AI |
The Vertex AI Tuning Service Agent role ( |
BigQuery |
The BigQuery Studio Admin role ( |
BigQuery |
The BigQuery Studio User role ( |
Google Security Operations |
The Chronicle SOAR Service Agent role ( |
Discovery Engine |
The following permissions have been added to the Discovery Engine Service Agent role (
|
Multi-Cluster Ingress |
The following permissions have been added to the Multi Cluster Ingress Service Agent role (
|
Basic Role |
The following permissions have been removed from the Viewer role (
|
VM Migration |
The following permissions have been added to the VM Migration Service Agent role (
|
Vertex AI |
The following permissions have been added:
|
Assured Open Source Software |
The following permissions have been added:
|
Assured Open Source Software |
The following permissions are supported in custom roles:
|
Bigtable |
The following permissions have been added:
|
Bigtable |
The following permissions have reached General Availability (GA):
|
Cloud SQL |
The following permissions have been added:
|
Cloud SQL |
The following permissions have reached General Availability (GA):
|
Compute Engine |
The following permissions have been added:
|
Dataproc Metastore |
The following permissions have been added:
|
Dataproc Metastore |
The following permissions are supported in custom roles:
|
Recommender |
The following permissions have been added:
|
Recommender |
The following permissions are supported in custom roles:
|
IAM changes as of 2024-03-15
Service | Description |
---|---|
Vertex AI |
The Vertex AI Colab Service Agent role ( |
Vertex AI |
The Vertex AI RAG Data Service Agent role ( |
AlloyDB for PostgreSQL |
The following permissions have been added to the Cloud AlloyDB Admin role (
|
AlloyDB for PostgreSQL |
The following permissions have been added to the Cloud AlloyDB Viewer role (
|
Assured Open Source Software |
The following permissions have been added to the Assured OSS Admin role (
|
Backup and Disaster Recovery |
The following permissions have been added to the Backup and DR Backup User role (
|
Backup and Disaster Recovery |
The following permissions have been added to the Backup and DR Mount User role (
|
Backup and Disaster Recovery |
The following permissions have been added to the Backup and DR Restore User role (
|
Backup and Disaster Recovery |
The following permissions have been added to the Backup and DR User V2 role (
|
Google Security Operations |
The following permissions have been added to the Chronicle API Limited Viewer role (
|
Google Security Operations |
The following permissions have been added to the Chronicle API Restricted Data Access Viewer role (
|
Cloud Config Manager API |
The following permissions have been added to the Cloud Infrastructure Manager Agent role (
|
Container Security |
The following permissions have been added to the GKE Security Posture Viewer role (
|
Database Migration Service |
The following permissions have been added to the Database Migration Admin role (
|
Dialogflow |
The following permissions have been added to the Dialogflow Agent Assist Client role (
|
Discovery Engine |
The following permissions have been added to the Discovery Engine Service Agent role (
|
Distributed Cloud Edge Container |
The following permissions have been removed from the Edge Container Cluster Service Agent role (
|
Security Command Center |
The following permissions have been added to the Security Center Admin role (
|
Security Command Center |
The following permissions have been added to the Security Center Admin Editor role (
|
Security Command Center |
The following permissions have been added to the Security Center Admin Viewer role (
|
Cloud Storage |
The Storage Folder Admin role ( |
Backup and Disaster Recovery |
The following permissions have been added:
|
Backup and Disaster Recovery |
The following permissions are supported in custom roles:
|
Backup and Disaster Recovery |
The following permissions have reached General Availability (GA):
|
BigQuery Reservation API |
The following permissions have been added:
|
Google Security Operations |
The following permissions have been added:
|
Google Security Operations |
The following permissions are supported in custom roles:
|
Compute Engine |
The following permissions have been added:
|
Compute Engine |
The following permissions are supported in custom roles:
|
Compute Engine |
The following permissions have reached General Availability (GA):
|
Discovery Engine |
The following permissions have been added:
|
Discovery Engine |
The following permissions are supported in custom roles:
|
GKE Hub |
The following permissions have been added:
|
GKE Hub |
The following permissions are supported in custom roles:
|
GKE Hub |
The following permissions have reached General Availability (GA):
|
Google Cloud Migration Center |
The following permissions have been added:
|
Privileged Access Manager |
The following permissions have been added:
|
Privileged Access Manager |
The following permissions are supported in custom roles:
|
Cloud Storage |
The following permissions have been added:
|
Cloud Storage |
The following permissions are supported in custom roles:
|
Cloud Storage |
The following permissions have reached General Availability (GA):
|
Workload Manager |
The following permissions have been added:
|
IAM changes as of 2024-03-08
Service | Description |
---|---|
Cloud Service Mesh |
The following permissions have been added to the Anthos Service Mesh Service Agent role (
|
Assured Open Source Software |
The Assured OSS Project Admin role (
|
BigQuery Continuous Query |
The BigQuery Continuous Query Service Agent role ( |
Cloud Controls Partner API |
The Cloud Controls Partner Admin role ( |
Cloud Controls Partner API |
The Cloud Controls Partner Editor role ( |
Cloud Controls Partner API |
The Cloud Controls Partner Inspectability Reader role ( |
Cloud Controls Partner API |
The Cloud Controls Partner Monitoring Reader role ( |
Cloud Controls Partner API |
The Cloud Controls Partner Reader role ( |
Cloud Deployment Manager |
The Cloud Deployment Manager Service Agent role ( |
Cloud SQL |
The following permissions have been added to the Cloud SQL Admin role (
|
Cloud SQL |
The following permissions have been added to the Cloud SQL Editor role (
|
Cloud SQL |
The following permissions have been added to the Cloud SQL Viewer role (
|
Cloud Composer |
The following permissions have been added to the Cloud Composer API Service Agent role (
|
Route Optimization |
The Route Optimization Service Agent role ( |
AlloyDB for PostgreSQL |
The following permissions have been added:
|
Apigee |
The following permissions have been added:
|
Apigee |
The following permissions are supported in custom roles:
|
Apigee |
The following permissions have reached General Availability (GA):
|
Cloud Controls Partner API |
The following permissions have reached General Availability (GA):
|
Compute Engine |
The following permissions have been added:
|
Compute Engine |
The following permissions are supported in custom roles:
|
Compute Engine |
The following permissions have reached General Availability (GA):
|
Cloud Config Manager API |
The following permissions have been added:
|
Cloud Config Manager API |
The following permissions are supported in custom roles:
|
Database Insights |
The following permissions have been added:
|
Database Insights |
The following permissions are supported in custom roles:
|
Sensitive Data Protection |
The following permissions have been added:
|
Sensitive Data Protection |
The following permissions have reached General Availability (GA):
|
Backup for GKE |
The following permissions have been added:
|
Backup for GKE |
The following permissions have reached General Availability (GA):
|
Cloud Run |
The following permissions have been added:
|
Cloud Run |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2024-03-01
Service | Description |
---|---|
Vertex AI |
The following permissions have been added to the Vertex AI Service Agent role (
|
Capacity Planner |
The following permissions have been added to the Capacity Planner Usage Viewer role (
|
Cloud Run functions |
The following permissions have been added to the Cloud Functions Admin role (
|
Cloud Run functions |
The following permissions have been added to the Cloud Functions Developer role (
|
Cloud Run functions |
The following permissions have been added to the Cloud Functions Service Agent role (
|
Cloud Run functions |
The following permissions have been added to the Cloud Functions Viewer role (
|
Compute Engine |
The following permissions have been added to the Compute Load Balancer Admin role (
|
Dataplex |
The Dataplex Aspect Type Owner role ( |
Dataplex |
The Dataplex Aspect Type User role ( |
Dataplex |
The Dataplex Entry Group Owner role ( |
Dataplex |
The Dataplex Entry Owner role ( |
Dataplex |
The Dataplex Entry Type Owner role ( |
Dataplex |
The Dataplex Entry Type User role ( |
Dataplex |
The following permissions have been removed from the Dataplex Administrator role (
|
Dataplex |
The following permissions have been removed from the Dataplex Editor role (
|
Dataplex |
The following permissions have been removed from the Dataplex Metadata Reader role (
|
Dataplex |
The following permissions have been removed from the Dataplex Metadata Writer role (
|
Dataplex |
The following permissions have been removed from the Dataplex Viewer role (
|
Discovery Engine |
The following permissions have been added to the Discovery Engine Service Agent role (
|
Firebase |
The following permissions have been added to the Firebase Admin role (
|
Firebase |
The following permissions have been added to the Firebase Develop Admin role (
|
Firebase |
The following permissions have been added to the Firebase Develop Viewer role (
|
Firebase |
The following permissions have been added to the Firebase Viewer role (
|
Cloud Run |
The following permissions have been added to the Cloud Run Admin role (
|
Cloud Run |
The following permissions have been added to the Cloud Run Developer role (
|
Cloud Run |
The following permissions have been added to the Cloud Run Viewer role (
|
Security Command Center |
The Attack Surface Management Scanner Service Agent role ( |
BigQuery |
The following permissions have been added:
|
Bigtable |
The following permissions have been added:
|
Bigtable |
The following permissions are supported in custom roles:
|
Cloud Controls Partner API |
The following permissions have been added:
|
Cloud Controls Partner API |
The following permissions are supported in custom roles:
|
Dataplex |
The following permissions have been added:
|
Dataplex |
The following permissions are supported in custom roles:
|
Dataplex |
The following permissions have reached General Availability (GA):
|
Recommender |
The following permissions have been added:
|
Recommender |
The following permissions are supported in custom roles:
|
Recommender |
The following permissions have reached General Availability (GA):
|
Security Posture API |
The following permissions have been added:
|
Security Posture API |
The following permissions are supported in custom roles:
|
Security Posture API |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2024-02-23
Service | Description |
---|---|
App Hub |
The App Hub Admin role ( |
App Hub |
The App Hub Editor role ( |
App Hub |
The App Hub Viewer role ( |
Audit Manager |
The following permissions have been added to the Audit Manager Auditing Service Agent role (
|
Backup and Disaster Recovery |
The following permissions have been added to the Backup and DR Compute Engine Operator role (
|
Cloud SQL |
The Cloud SQL Schema Viewer role ( |
Privileged Access Manager |
The following permissions have been added to the Privileged Access Manager Folder Service Agent role (
|
Privileged Access Manager |
The following permissions have been added to the Privileged Access Manager Organization Service Agent role (
|
Privileged Access Manager |
The following permissions have been added to the Privileged Access Manager Project Service Agent role (
|
Recommender |
The RecentChange RecommenderConfig Admin role ( |
Recommender |
The Recent Change Risk Recommender Admin role ( |
Recommender |
The Recent Change Risk Recommender Viewer role ( |
AlloyDB for PostgreSQL |
The following permissions have been added:
|
App Hub |
The following permissions have reached General Availability (GA):
|
Cloud SQL |
The following permissions have been added:
|
Cloud SQL |
The following permissions have reached General Availability (GA):
|
Compute Engine |
The following permissions have been added:
|
Compute Engine |
The following permissions are supported in custom roles:
|
Compute Engine |
The following permissions have reached General Availability (GA):
|
Recommender |
The following permissions have been added:
|
Recommender |
The following permissions are supported in custom roles:
|
Recommender |
The following permissions have reached General Availability (GA):
|
Cloud Storage |
The following permissions have been added:
|
Cloud Storage |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2024-02-16
Service | Description |
---|---|
Audit Manager |
The following permissions have been added to the Audit Manager Auditing Service Agent role (
|
BigQuery |
The following permissions have been added to the BigQuery Admin role (
|
BigQuery |
The following permissions have been added to the BigQuery Job User role (
|
BigQuery |
The following permissions have been added to the BigQuery User role (
|
BigQuery Data Transfer Service |
The following permissions have been added to the BigQuery Data Transfer Service Agent role (
|
Dataflow |
The following permissions have been added to the Cloud Dataflow Service Agent role (
|
Cloud Data Fusion |
The following permissions have been added to the Cloud Data Fusion API Service Agent role (
|
Dataplex |
The following permissions have been added to the Cloud Dataplex Service Agent role (
|
Dataprep by Trifacta |
The following permissions have been added to the Dataprep Service Agent role (
|
Sensitive Data Protection |
The following permissions have been added to the DLP Organization Data Profiles Driver role (
|
Sensitive Data Protection |
The following permissions have been added to the DLP Project Data Profiles Driver role (
|
Sensitive Data Protection |
The following permissions have been added to the DLP API Service Agent role (
|
Enterprise Knowledge Graph |
The following permissions have been added to the Enterprise Knowledge Graph Service Agent role (
|
FleetEngine |
The following permissions have been added to the FleetEngine Service Agent role (
|
Security Posture API |
The following permissions have been added to the Security Posture Shift-Left Validator role (
|
Google Security Operations |
The following permissions have been added:
|
Google Security Operations |
The following permissions are supported in custom roles:
|
Firebase Test Lab |
The following permissions have been added:
|
Firebase Test Lab |
The following permissions are supported in custom roles:
|
Conversational Insights |
The following permissions have reached General Availability (GA):
|
Discovery Engine |
The following permissions have been added:
|
Discovery Engine |
The following permissions are supported in custom roles:
|
IAM changes as of 2024-02-09
Service | Description |
---|---|
Advisory Notifications |
The Advisory Notifications Admin role ( |
Vertex AI |
The following permissions have been added to the Vertex AI Custom Code Service Agent role (
|
App Engine |
The following permissions have been added to the App Engine Code Viewer role (
|
Audit Manager |
The following permissions have been added to the Audit Manager Auditing Service Agent role (
|
Advisory Notifications |
The following permissions have reached General Availability (GA):
|
App Engine |
The following permissions have been added:
|
App Engine |
The following permissions have reached General Availability (GA):
|
Artifact Registry |
The following permissions have been added:
|
Artifact Registry |
The following permissions have reached General Availability (GA):
|
Cloud Deploy |
The following permissions have been added:
|
Cloud Composer |
The following permissions have been added:
|
Cloud Composer |
The following permissions are supported in custom roles:
|
Cloud Composer |
The following permissions have reached General Availability (GA):
|
Dialogflow |
The following permissions have been added:
|
Dialogflow |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2024-02-02
Service | Description |
---|---|
Google Security Operations |
The following permissions have been added to the Chronicle API Restricted Data Access Viewer role (
|
Google Security Operations |
The following permissions have been added to the Chronicle API Viewer role (
|
Cloud Key Management Service |
The Cloud KMS KACLS Service Agent role ( |
Firebase |
The following permissions have been added to the Firebase Service Management Service Agent role (
|
Workload Manager |
The following permissions have been added to the Workload Manager Admin role (
|
Workload Manager |
The following permissions have been added to the Workload Manager Deployment Admin role (
|
AlloyDB for PostgreSQL |
The following permissions have been added:
|
AlloyDB for PostgreSQL |
The following permissions are supported in custom roles:
|
Audit Manager |
The following permissions have been added:
|
Audit Manager |
The following permissions are supported in custom roles:
|
Google Security Operations |
The following permissions have been added:
|
Google Security Operations |
The following permissions are supported in custom roles:
|
IAM changes as of 2024-01-26
Service | Description |
---|---|
Vertex AI |
The following permissions have been added to the Vertex AI Feature Store Resource Viewer role (
|
Audit Manager |
The Audit Manager Auditing Service Agent role ( |
Gemini for Google Cloud API |
The following permissions have been added to the Cloud AI Companion User role (
|
Dialogflow |
The following permissions have been added to the Dialogflow Service Agent role (
|
Sensitive Data Protection |
The following permissions have been added to the DLP Administrator role (
|
Sensitive Data Protection |
The following permissions have been added to the DLP Organization Data Profiles Driver role (
|
Sensitive Data Protection |
The following permissions have been added to the DLP Project Data Profiles Driver role (
|
Distributed Cloud Edge Container |
The following permissions have been added to the Edge Container Cluster Service Agent role (
|
Basic Role |
The following permissions have been added to the Editor role (
|
Basic Role |
The following permissions have been added to the Owner role (
|
Policy Simulator |
The following permissions have been added to the OrgPolicy Simulator Admin role (
|
Basic Role |
The following permissions have been added to the Viewer role (
|
Google Cloud VMware Engine |
The following permissions have been added to the VMware Engine Service Agent role (
|
AlloyDB for PostgreSQL |
The following permissions have been added:
|
AlloyDB for PostgreSQL |
The following permissions are supported in custom roles:
|
Gemini for Google Cloud API |
The following permissions have been added:
|
Discovery Engine |
The following permissions have been added:
|
Discovery Engine |
The following permissions are supported in custom roles:
|
Retail API |
The following permissions have been added:
|
IAM changes as of 2024-01-19
Service | Description |
---|---|
Vertex AI |
The following permissions have been added to the Vertex AI Feature Store EntityType owner role (
|
Vertex AI |
The following permissions have been added to the Vertex AI Feature Store Admin role (
|
Vertex AI |
The following permissions have been added to the Vertex AI Feature Store Data Viewer role (
|
Vertex AI |
The following permissions have been added to the Vertex AI Feature Store Data Writer role (
|
Artifact Registry |
The following permissions have been added to the Artifact Registry Service Agent role (
|
Assured Open Source Software |
The Assured OSS User role (
|
Connectors |
The following permissions have been added to the Connector Admin role (
|
Discovery Engine |
The Discovery Engine Admin role ( |
Discovery Engine |
The Discovery Engine Editor role ( |
Discovery Engine |
The Discovery Engine Viewer role ( |
Basic Role |
The following permissions have been added to the Editor role (
|
GKE Hub |
The following permissions have been added to the Connect Gateway Admin role (
|
GKE Hub |
The following permissions have been added to the Connect Gateway Editor role (
|
GKE Hub |
The following permissions have been added to the Connect Gateway Reader role (
|
GKE Multi-Cloud |
The following permissions have been added to the Anthos Multi-Cloud Container Service Agent role (
|
Identity and Access Management |
The following permissions have been added to the Security Admin role (
|
Identity and Access Management |
The following permissions have been added to the Security Reviewer role (
|
Basic Role |
The following permissions have been added to the Owner role (
|
Serverless Integrations |
The following permissions have been added to the Serverless Integrations Service Agent role (
|
Security Command Center |
The following permissions have been added to the Security Center Control Service Agent role (
|
Security Command Center |
The following permissions have been added to the Security Center Service Agent role (
|
Basic Role |
The following permissions have been added to the Viewer role (
|
Cloud Workstations |
The following permissions have been added to the Workstations Service Agent role (
|
Assured Open Source Software |
The following permissions have been added:
|
Assured Open Source Software |
The following permissions are supported in custom roles:
|
Database Migration Service |
The following permissions have been added:
|
Database Migration Service |
The following permissions have reached General Availability (GA):
|
Discovery Engine |
The following permissions have been added:
|
Discovery Engine |
The following permissions are supported in custom roles:
|
Discovery Engine |
The following permissions have reached General Availability (GA):
|
Cloud Healthcare API |
The following permissions have been added:
|
Cloud Healthcare API |
The following permissions are supported in custom roles:
|
IAM changes as of 2024-01-05
Service | Description |
---|---|
API Gateway |
The following permissions have been added to the ApiGateway Admin role (
|
API Gateway |
The following permissions have been added to the ApiGateway Viewer role (
|
Assured Workloads |
The following permissions have been added to the Assured Workloads Service Agent role (
|
AutoML |
The following permissions have been added to the AutoML Admin role (
|
AutoML |
The following permissions have been added to the AutoML Editor role (
|
AutoML |
The following permissions have been added to the AutoML Viewer role (
|
Google Security Operations |
The following permissions have been added to the Chronicle API Admin role (
|
Cloud Run functions |
The following permissions have been added to the Cloud Functions Service Agent role (
|
Cloud Commerce Consumer Procurement |
The Consumer Procurement Entitlement Manager role ( |
Cloud Commerce Consumer Procurement |
The Consumer Procurement Entitlement Viewer role ( |
Cloud Commerce Consumer Procurement |
The Consumer Procurement Events Viewer role ( |
Cloud Commerce Consumer Procurement |
The Consumer Procurement Order Administrator role ( |
Cloud Commerce Consumer Procurement |
The Consumer Procurement Order Viewer role ( |
Cloud Commerce Consumer Procurement |
The Consumer Procurement Administrator role ( |
Cloud Commerce Consumer Procurement |
The Consumer Procurement Viewer role ( |
AI Platform Data Labeling Service |
The following permissions have been added to the Data Labeling Service Agent role (
|
Dialogflow |
The following permissions have been added to the Dialogflow Agent Assist Client role (
|
Dialogflow |
The following permissions have been added to the Dialogflow Service Agent role (
|
Basic Role |
The following permissions have been added to the Editor role (
|
Firebase |
The following permissions have been added to the Firebase SDK Provisioning Service Agent role (
|
Firewall Insights |
The following permissions have been added to the Cloud Firewall Insights Service Agent role (
|
Cloud Service Mesh |
The following permissions have been added to the Mesh Config Service Agent role (
|
Cloud Monitoring |
The following permissions have been added to the Monitoring Admin role (
|
Cloud Monitoring |
The following permissions have been added to the Monitoring Editor role (
|
Multi-Cluster Service Discovery |
The following permissions have been added to the Multi-Cluster Service Discovery Service Agent role (
|
Network Management API |
The following permissions have been added to the GCP Network Management Service Agent role (
|
Basic Role |
The following permissions have been added to the Owner role (
|
Security Command Center |
The following permissions have been added to the Security Center Automation Service Agent role (
|
Security Posture API |
The Security Posture Shift-Left Validator role (
|
Security Posture API |
The Security Posture Admin role ( |
Security Posture API |
The Security Posture Deployer role ( |
Security Posture API |
The Security Posture Deployments Viewer role ( |
Security Posture API |
The Security Posture Resource Editor role ( |
Security Posture API |
The Security Posture Resource Viewer role ( |
Security Posture API |
The Security Posture Viewer role ( |
Google Cloud Observability |
The following permissions have been added to the Stackdriver Accounts Editor role (
|
Apigee |
The following permissions have been added:
|
Apigee |
The following permissions have reached General Availability (GA):
|
BigQuery |
The following permissions have been added:
|
BigQuery |
The following permissions are supported in custom roles:
|
BigQuery Reservation API |
The following permissions have been added:
|
Google Security Operations |
The following permissions have been added:
|
Google Security Operations |
The following permissions are supported in custom roles:
|
Google Security Operations |
The following permissions have reached General Availability (GA):
|
Translation |
The following permissions have been added:
|
Compute Engine |
The following permissions have been added:
|
Compute Engine |
The following permissions are supported in custom roles:
|
Compute Engine |
The following permissions have reached General Availability (GA):
|
Cloud Config Manager API |
The following permissions have been added:
|
Cloud Config Manager API |
The following permissions are supported in custom roles:
|
Cloud Commerce Consumer Procurement |
The following permissions have reached General Availability (GA):
|
Enterprise Purchasing API |
The following permissions have been added:
|
Enterprise Purchasing API |
The following permissions are supported in custom roles:
|
Mandiant |
The following permissions have been added:
|
Mandiant |
The following permissions are supported in custom roles:
|
Marketplace Solutions API |
The following permissions have been added:
|
Marketplace Solutions API |
The following permissions are supported in custom roles:
|
Memorystore for Redis |
The following permissions have been added:
|
Memorystore for Redis |
The following permissions have reached General Availability (GA):
|
Security Command Center |
The following permissions have been added:
|
Security Posture API |
The following permissions have been added:
|
Security Posture API |
The following permissions are supported in custom roles:
|
Security Posture API |
The following permissions have reached General Availability (GA):
|
Personalized Service Health |
The following permissions have been added:
|
Personalized Service Health |
The following permissions are supported in custom roles:
|
IAM changes as of 2023-12-15
Service | Description |
---|---|
Cloud Service Mesh |
The following permissions have been added to the Anthos Service Mesh Service Agent role (
|
Apigee |
The following permissions have been added to the Apigee Security Admin role (
|
Apigee |
The following permissions have been added to the Apigee Security Viewer role (
|
Connectors |
The Connector Event Listener role (
|
Artifact Analysis |
The following permissions have been removed from the Container Analysis Service Agent role (
|
Container Scanning |
The following permissions have been removed from the Container Scanner Service Agent role (
|
Basic Role |
The following permissions have been added to the Editor role (
|
Cloud Integrations |
The following permissions have been added to the Application Integration Service Agent role (
|
Multi-Cluster Service Discovery |
The following permissions have been added to the Multi-Cluster Service Discovery Service Agent role (
|
Basic Role |
The following permissions have been added to the Owner role (
|
Security Command Center |
The following permissions have been added to the Security Center Control Service Agent role (
|
Security Command Center |
The following permissions have been added to the Security Center Service Agent role (
|
BigQuery |
The following permissions have reached General Availability (GA):
|
Cloud Billing |
The following permissions have been added:
|
Cloud Billing |
The following permissions have reached General Availability (GA):
|
Commerce Business Enablement |
The following permissions have been added:
|
Commerce Business Enablement |
The following permissions are supported in custom roles:
|
Connectors |
The following permissions have been added:
|
Firebase Storage |
The following permissions have been added:
|
Google Cloud NetApp Volumes |
The following permissions have been added:
|
Google Cloud NetApp Volumes |
The following permissions are supported in custom roles:
|
IAM changes as of 2023-12-08
Service | Description |
---|---|
Vertex AI |
The following permissions have been added to the Vertex AI Service Agent role (
|
Cloud Service Mesh |
The following permissions have been added to the Anthos Service Mesh Service Agent role (
|
Apigee |
The following permissions have been added to the Apigee Organization Admin role (
|
Apigee |
The following permissions have been added to the Apigee Read-only Admin role (
|
Apigee |
The following permissions have been added to the Apigee Security Admin role (
|
Apigee |
The following permissions have been added to the Apigee Security Viewer role (
|
Binary Authorization |
The following permissions have been added to the Binary Authorization Service Agent role (
|
Blockchain Node Engine |
The Blockchain Node Engine Admin role ( |
Blockchain Node Engine |
The Blockchain Node Engine Viewer role ( |
Capacity Planner |
The following permissions have been added to the Capacity Planner Usage Viewer role (
|
Connectors |
The Custom Connectors Admin role (
|
Connectors |
The Custom Connector Viewer role (
|
Connectors |
The following permissions have been added to the Connector Admin role (
|
Connectors |
The following permissions have been added to the Connectors Platform Service Agent role (
|
Connectors |
The following permissions have been added to the Connectors Viewer role (
|
Database Migration Service |
The following permissions have been added to the Database Migration Service Agent role (
|
Dataplex |
The following permissions have been added to the Cloud Dataplex Service Agent role (
|
Basic Role |
The following permissions have been added to the Editor role (
|
FleetEngine |
The Fleet Engine Delivery Admin role ( |
FleetEngine |
The Fleet Engine On-Demand Admin role ( |
GKE Multi-Cloud |
The following permissions have been added to the Anthos Multi-Cloud Control Plane Machine Service Agent role (
|
GKE Multi-Cloud |
The following permissions have been added to the Anthos Multi-Cloud Node Pool Machine Service Agent role (
|
Identity and Access Management |
The following permissions have been added to the Security Admin role (
|
Identity and Access Management |
The following permissions have been added to the Security Reviewer role (
|
Basic Role |
The following permissions have been added to the Owner role (
|
Security Center Management API |
The Security Center Management Custom Modules Editor role (
|
Security Center Management API |
The Security Center Management Custom Modules Viewer role (
|
Security Center Management API |
The Security Center Management Custom ETD Modules Editor role (
|
Security Center Management API |
The Security Center Management ETD Custom Modules Viewer role (
|
Security Center Management API |
The Security Center Management SHA Custom Modules Editor role (
|
Security Center Management API |
The Security Center Management SHA Custom Modules Viewer role (
|
Basic Role |
The following permissions have been added to the Viewer role (
|
Vision AI |
The following permissions have been added to the Cloud Vision AI Service Agent role (
|
Workflows |
The following permissions have been added to the Workflows Invoker role (
|
Workload Manager |
The following permissions have been added to the Workload Manager Worker role (
|
Apigee |
The following permissions have been added:
|
Blockchain Node Engine |
The following permissions have reached General Availability (GA):
|
Cloud Deploy |
The following permissions have been added:
|
Cloud Deploy |
The following permissions are supported in custom roles:
|
Connectors |
The following permissions have been added:
|
Firebase App Check |
The following permissions have been added:
|
Firebase App Check |
The following permissions are supported in custom roles:
|
Firebase App Check |
The following permissions have reached General Availability (GA):
|
FleetEngine |
The following permissions have been added:
|
FleetEngine |
The following permissions have reached General Availability (GA):
|
Kubernetes Metadata API |
The following permissions have been added:
|
Kubernetes Metadata API |
The following permissions are supported in custom roles:
|
Live Stream |
The following permissions have been added:
|
Live Stream |
The following permissions are supported in custom roles:
|
Live Stream |
The following permissions have reached General Availability (GA):
|
Maps Analytics |
The following permissions have been added:
|
Maps Analytics |
The following permissions are supported in custom roles:
|
Network Connectivity Center |
The following permissions have been added:
|
Network Connectivity Center |
The following permissions are supported in custom roles:
|
Recommender |
The following permissions have been added:
|
Recommender |
The following permissions are supported in custom roles:
|
Security Center Management API |
The following permissions have been added:
|
Security Center Management API |
The following permissions are supported in custom roles:
|
Security Center Management API |
The following permissions have reached General Availability (GA):
|
Cloud Storage |
The following permissions have been added:
|
Cloud Storage |
The following permissions are supported in custom roles:
|
Cloud Storage |
The following permissions have reached General Availability (GA):
|
Video Stitcher API |
The following permissions have been added:
|
Video Stitcher API |
The following permissions are supported in custom roles:
|
Video Stitcher API |
The following permissions have reached General Availability (GA):
|
Workflows |
The following permissions have been added:
|
Workflows |
The following permissions are supported in custom roles:
|
Workflows |
The following permissions have reached General Availability (GA):
|
Workload Manager |
The following permissions have been added:
|
Workload Manager |
The following permissions are supported in custom roles:
|
IAM changes as of 2023-11-17
Service | Description |
---|---|
Vertex AI |
The following permissions have been added to the Vertex AI Service Agent role (
|
Backup and Disaster Recovery |
The following permissions have been added to the Backup and DR Compute Engine Operator role (
|
Backup and Disaster Recovery |
The following permissions have been added to the Backup and DR Service Agent role (
|
Capacity Planner |
The following permissions have been added to the Capacity Planner Usage Viewer role (
|
Workload Manager |
The following permissions have been added to the Workload Manager Admin role (
|
Workload Manager |
The following permissions have been added to the Workload Manager Viewer role (
|
Workload Manager |
The following permissions have been added to the Workload Manager Worker role (
|
Dataform |
The following permissions have been added:
|
Dataform |
The following permissions have reached General Availability (GA):
|
Identity-Aware Proxy |
The following permissions have been added:
|
IAM changes as of 2023-11-10
Service | Description |
---|---|
Content Warehouse |
The following permissions have been added to the Content Warehouse Admin role (
|
Content Warehouse |
The following permissions have been added to the Content Warehouse Document Admin role (
|
Content Warehouse |
The following permissions have been added to the Content Warehouse document creator role (
|
Content Warehouse |
The following permissions have been added to the Content Warehouse Document Editor role (
|
Content Warehouse |
The following permissions have been added to the Content Warehouse document schema viewer role (
|
Content Warehouse |
The following permissions have been added to the Content Warehouse Viewer role (
|
GKE Multi-Cloud |
The Anthos Multi-Cloud Container Service Agent role ( |
GKE Multi-Cloud |
The Anthos Multi-Cloud Control Plane Machine Service Agent role ( |
GKE Multi-Cloud |
The Anthos Multi-Cloud Node Pool Machine Service Agent role ( |
Cloud Run |
The following permissions have been added to the Cloud Run Service Agent role (
|
Storage Insights |
The Storage Insights Analyst role ( |
App Hub |
The following permissions have been added:
|
App Hub |
The following permissions are supported in custom roles:
|
Commerce Org Governance |
The following permissions have been added:
|
Commerce Org Governance |
The following permissions are supported in custom roles:
|
Content Warehouse |
The following permissions have been added:
|
Content Warehouse |
The following permissions have reached General Availability (GA):
|
Looker Studio |
The following permissions are supported in custom roles:
|
Network Security |
The following permissions have been added:
|
Network Security |
The following permissions are supported in custom roles:
|
Storage Insights |
The following permissions have been added:
|
Storage Insights |
The following permissions are supported in custom roles:
|
Storage Insights |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2023-11-03
Service | Description |
---|---|
Google Security Operations |
The following permissions have been added to the Chronicle API Limited Viewer role (
|
Google Security Operations |
The following permissions have been added to the Chronicle API Restricted Data Access Viewer role (
|
Gemini for Google Cloud API |
The following permissions have been added to the Cloud AI Companion User role (
|
Dataproc |
The following permissions have been added to the Dataproc Service Agent role (
|
Distributed Cloud Edge Container |
The Edge Container Cluster Service Agent role ( |
Distributed Cloud Edge Container |
The Edge Container Cluster offline Credential User role ( |
Looker |
The Looker Service Agent role ( |
Subscription Linking |
The Subscription Linking Admin role ( |
Subscription Linking |
The Subscription Linking Entitlements Viewer role ( |
Subscription Linking |
The Subscription Linking Viewer role ( |
Apigee |
The following permissions have been added:
|
Apigee |
The following permissions are supported in custom roles:
|
Apigee |
The following permissions have reached General Availability (GA):
|
Google Security Operations |
The following permissions have been added:
|
Google Security Operations |
The following permissions are supported in custom roles:
|
Distributed Cloud Edge Container |
The following permissions have been added:
|
Distributed Cloud Edge Container |
The following permissions are supported in custom roles:
|
Distributed Cloud Edge Container |
The following permissions have reached General Availability (GA):
|
Subscription Linking |
The following permissions have been added:
|
Subscription Linking |
The following permissions have reached General Availability (GA):
|
Security Command Center |
The following permissions have been added:
|
Security Command Center |
The following permissions are supported in custom roles:
|
Security Command Center |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2023-10-27
Service | Description |
---|---|
BigQuery |
The following permissions have been added to the Bigquery Studio User role (
|
BigQuery Data Transfer Service |
The following permissions have been added to the BigQuery Data Transfer Service Agent role (
|
Cloud Asset Inventory |
The Other Cloud Config Service Agent role ( |
Cloud Composer |
The following permissions have been added to the Cloud Composer API Service Agent role (
|
Connectors |
The following permissions have been added to the Connectors Platform Service Agent role (
|
Datastream |
The Datastream Admin role ( |
Datastream |
The Datastream Viewer role ( |
Looker Studio |
The following permissions have been added to the Data Studio Workspace Content Manager role (
|
GKE Hub |
The GKE Hub Cross Project Service Agent role ( |
Basic Role |
The following permissions have been removed from the Viewer role (
|
VM Migration |
The following permissions have been added to the VM Migration Service Agent role (
|
Capacity Planner |
The following permissions have been added:
|
Cloud Key Management Service |
The following permissions have been added:
|
Cloud Key Management Service |
The following permissions have reached General Availability (GA):
|
Cloud Tasks |
The following permissions have been added:
|
Cloud Tasks |
The following permissions are supported in custom roles:
|
Datastream |
The following permissions have reached General Availability (GA):
|
Financial Services |
The following permissions have been added:
|
GKE Hub |
The following permissions have been added:
|
GKE Hub |
The following permissions are supported in custom roles:
|
GKE Hub |
The following permissions have reached General Availability (GA):
|
Cloud Healthcare API |
The following permissions are supported in custom roles:
|
IAM changes as of 2023-10-20
Service | Description |
---|---|
Vertex AI |
The following permissions have been added to the Colab Enterprise Admin role (
|
Vertex AI |
The following permissions have been added to the Colab Enterprise User role (
|
Vertex AI |
The following permissions have been added to the Notebook Runtime Admin role (
|
Vertex AI |
The following permissions have been added to the Notebook Runtime User role (
|
BigQuery |
The following permissions have been added to the Bigquery Studio Admin role (
|
BigQuery |
The following permissions have been added to the Bigquery Studio User role (
|
BigQuery |
The following permissions have been removed from the Bigquery Studio User role (
|
Dataproc |
The following permissions have been added to the Dataproc Service Agent role (
|
Dialogflow |
The Dialogflow Agent Assist Client role ( |
Sensitive Data Protection |
The DLP Data Profiles Admin role ( |
Sensitive Data Protection |
The DLP Table Data Profiles Admin role ( |
Storage Insights |
The following permissions have been added to the StorageInsights Service Agent role (
|
Commerce Business Enablement |
The following permissions have been added:
|
Commerce Business Enablement |
The following permissions are supported in custom roles:
|
Compute Engine |
The following permissions have reached General Availability (GA):
|
Sensitive Data Protection |
The following permissions have been added:
|
Sensitive Data Protection |
The following permissions have reached General Availability (GA):
|
Looker Studio |
The following permissions have been added:
|
Cloud Storage |
The following permissions have been added:
|
Cloud Storage |
The following permissions are supported in custom roles:
|
Telco Automation API |
The following permissions have been added:
|
Telco Automation API |
The following permissions are supported in custom roles:
|
IAM changes as of 2023-10-13
Service | Description |
---|---|
Vertex AI |
The following permissions have been added to the Colab Enterprise Admin role (
|
Vertex AI |
The following permissions have been added to the Colab Enterprise User role (
|
App Engine |
The following permissions have been added to the App Engine Standard Environment Service Agent role (
|
Cloud Deploy |
The following permissions have been added to the Cloud Deploy Approver role (
|
Cloud Deploy |
The following permissions have been added to the Cloud Deploy Developer role (
|
Cloud Deploy |
The following permissions have been added to the Cloud Deploy Runner role (
|
Cloud Deploy |
The following permissions have been added to the Cloud Deploy Operator role (
|
Cloud Deploy |
The following permissions have been added to the Cloud Deploy Releaser role (
|
Compute Engine |
The following permissions have been added to the Compute Engine Service Agent role (
|
Vision AI |
The following permissions have been added to the VisionAI Editor role (
|
Workload Manager |
The following permissions have been added to the Workload Manager Admin role (
|
Cloud Config Manager API |
The following permissions have been added:
|
Cloud Config Manager API |
The following permissions are supported in custom roles:
|
Distributed Cloud Edge Container |
The following permissions have been added:
|
Distributed Cloud Edge Container |
The following permissions are supported in custom roles:
|
Distributed Cloud Edge Container |
The following permissions have reached General Availability (GA):
|
Vision AI |
The following permissions have been added:
|
Vision AI |
The following permissions are supported in custom roles:
|
Google Cloud VMware Engine |
The following permissions have been added:
|
Google Cloud VMware Engine |
The following permissions are supported in custom roles:
|
Google Cloud VMware Engine |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2023-10-06
Service | Description |
---|---|
Advisory Notifications |
The following permissions have been added to the Advisory Notifications Admin role (
|
Advisory Notifications |
The following permissions have been added to the Advisory Notifications Viewer role (
|
Policy Controller |
The Anthos Policy Controller Service Agent role ( |
Cloud Service Mesh |
The following permissions have been added to the Anthos Service Mesh Service Agent role (
|
Spark connector for BigQuery |
The BigQuery Spark Service Agent role ( |
Database Migration Service |
The following permissions have been added to the Database Migration Service Agent role (
|
Recommender |
The Network Analyzer GKE Service Account Insights Recommender Admin role ( |
Recommender |
The Network Analyzer GKE Service Account Insights Recommender Viewer role ( |
VM Migration |
The following permissions have been added to the VM Migration Service Agent role (
|
Vertex AI |
The following permissions have been added:
|
Vertex AI |
The following permissions have reached General Availability (GA):
|
Cloud Billing |
The following permissions have been added:
|
Cloud Billing |
The following permissions are supported in custom roles:
|
Cloud Billing |
The following permissions have reached General Availability (GA):
|
Compute Engine |
The following permissions have been added:
|
Compute Engine |
The following permissions are supported in custom roles:
|
Compute Engine |
The following permissions have reached General Availability (GA):
|
Distributed Cloud Edge Container |
The following permissions have been added:
|
Distributed Cloud Edge Container |
The following permissions are supported in custom roles:
|
Distributed Cloud Edge Container |
The following permissions have reached General Availability (GA):
|
Recommender |
The following permissions have been added:
|
Recommender |
The following permissions are supported in custom roles:
|
Recommender |
The following permissions have reached General Availability (GA):
|
Retail API |
The following permissions have been added:
|
IAM changes as of 2023-09-29
Service | Description |
---|---|
Google Security Operations |
The following permissions have been added to the Chronicle API Restricted Data Access Viewer role (
|
Database Migration Service |
The following permissions have been added to the Database Migration Service Agent role (
|
Dataproc Metastore |
The Dataproc Metastore Metadata Editor role ( |
Dataproc Metastore |
The Dataproc Metastore Metadata Mutate Admin role ( |
Dataproc Metastore |
The Dataproc Metastore Data Owner role ( |
Dataproc Metastore |
The Dataproc Metastore Metadata Query Admin role ( |
Dataproc Metastore |
The Dataproc Metastore Metadata User role ( |
Dataproc Metastore |
The Dataproc Metastore Metadata Viewer role ( |
Network Connectivity Center |
The following permissions have been added to the Network Connectivity Service Agent role (
|
Privileged Access Manager |
The Privileged Access Manager Folder Service Agent role ( |
Privileged Access Manager |
The Privileged Access Manager Organization Service Agent role ( |
Privileged Access Manager |
The Privileged Access Manager Project Service Agent role ( |
Rapid Migration Assessment |
The following permissions have been added to the RMA Service Agent role (
|
Google Security Operations |
The following permissions have been added:
|
Google Security Operations |
The following permissions are supported in custom roles:
|
Memorystore for Memcached |
The following permissions have been added:
|
Memorystore for Memcached |
The following permissions have reached General Availability (GA):
|
Dataproc Metastore |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2023-09-22
Service | Description |
---|---|
Vertex AI |
The Colab Enterprise Admin role ( |
Vertex AI |
The Colab Enterprise User role ( |
Vertex AI |
The Notebook Runtime Admin role ( |
Vertex AI |
The Notebook Runtime User role ( |
Cloud Service Mesh |
The following permissions have been added to the Anthos Service Mesh Service Agent role (
|
Dataform |
The Dataform Admin role ( |
Dataform |
The Dataform Editor role ( |
Dataform |
The Dataform Viewer role ( |
Cloud Data Fusion |
The following permissions have been removed from the Cloud Data Fusion Developer role (
|
Cloud Data Fusion |
The following permissions have been removed from the Cloud Data Fusion Operator role (
|
Cloud Data Fusion |
The following permissions have been removed from the Cloud Data Fusion Viewer role (
|
Dataplex |
The Dataplex DataScan Creator role ( |
Basic Role |
The following permissions have been removed from the Viewer role (
|
VM Migration |
The following permissions have been added to the VM Migration Service Agent role (
|
Cloud Workstations |
The following permissions have been added to the Cloud Workstations Admin role (
|
Advisory Notifications |
The following permissions have been added:
|
Advisory Notifications |
The following permissions are supported in custom roles:
|
Vertex AI |
The following permissions have been added:
|
Vertex AI |
The following permissions have reached General Availability (GA):
|
Apigee |
The following permissions have been added:
|
Apigee |
The following permissions are supported in custom roles:
|
Apigee |
The following permissions have reached General Availability (GA):
|
Google Security Operations |
The following permissions have been added:
|
Google Security Operations |
The following permissions are supported in custom roles:
|
Compute Engine |
The following permissions have been added:
|
Compute Engine |
The following permissions are supported in custom roles:
|
Compute Engine |
The following permissions have reached General Availability (GA):
|
Dataform |
The following permissions are supported in custom roles:
|
Dataform |
The following permissions have reached General Availability (GA):
|
Dialogflow |
The following permissions have been added:
|
Dialogflow |
The following permissions have reached General Availability (GA):
|
Network Services |
The following permissions have been added:
|
Network Services |
The following permissions are supported in custom roles:
|
Cloud OS Config |
The following permissions have been added:
|
Cloud OS Config |
The following permissions are supported in custom roles:
|
Policy Remediator Manager |
The following permissions have been added:
|
Policy Remediator Manager |
The following permissions are supported in custom roles:
|
Workflows |
The following permissions have been added:
|
Workflows |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2023-09-17
Service | Description |
---|---|
Vertex AI |
The following permissions have been added to the Vertex AI Administrator role (
|
Vertex AI |
The following permissions have been added to the Vertex AI Custom Code Service Agent role (
|
Vertex AI |
The following permissions have been added to the Vertex AI Service Agent role (
|
Vertex AI |
The following permissions have been added to the Vertex AI User role (
|
Cloud Service Mesh |
The following permissions have been added to the Anthos Service Mesh Service Agent role (
|
Assured Workloads |
The Assured Workloads Monitoring Service Agent role ( |
Assured Workloads |
The following permissions have been added to the Assured Workloads Reader role (
|
Bare Metal Solution |
The following permissions have been added to the Bare Metal Solution Editor role (
|
Bare Metal Solution |
The following permissions have been added to the Bare Metal Solution Instances Admin role (
|
Google Security Operations |
The Chronicle API Restricted Data Access role (
|
Google Security Operations |
The Chronicle API Restricted Data Access Viewer role (
|
Cloud Controls Partner API |
The Cloud Controls Partner Access Approval Service Agent role ( |
Cloud Controls Partner API |
The following permissions have been added to the Cloud Controls Partner Admin role (
|
Cloud Deploy |
The following permissions have been added to the Cloud Deploy Service Agent role (
|
Commerce Price Management |
The following permissions have been added to the Commerce Price Management Private Offers Admin role (
|
Compute Engine |
The Compute Future Reservation Admin role (
|
Compute Engine |
The Compute Future Reservation User role (
|
Compute Engine |
The Compute Future Reservation Viewer role (
|
Connectors |
The following permissions have been added to the Connectors Endpoint Attachment Admin role (
|
Connectors |
The following permissions have been added to the Connectors Endpoint Attachment Viewer role (
|
Connectors |
The following permissions have been added to the Connectors Managed Zone Admin role (
|
Connectors |
The following permissions have been added to the Connectors Managed Zone Viewer role (
|
Data Catalog |
The following permissions have been added to the DataCatalog Data Steward role (
|
Data Catalog |
The following permissions have been added to the DataCatalog Entry Viewer role (
|
Dataplex |
The following permissions have been added to the Dataplex Metadata Reader role (
|
Dataplex |
The following permissions have been added to the Dataplex Metadata Writer role (
|
Datastore |
The Cloud Datastore Backups Admin role ( |
Datastore |
The Cloud Datastore Backup Schedules Admin role ( |
Datastore |
The Cloud Datastore Backup Schedules Viewer role ( |
Datastore |
The Cloud Datastore Backups Viewer role ( |
Datastore |
The Cloud Datastore Restore Admin role ( |
Discovery Engine |
The following permissions have been added to the Discovery Engine Service Agent role (
|
Sensitive Data Protection |
The DLP Connections Admin role ( |
Sensitive Data Protection |
The DLP Connections Viewer role ( |
Basic Role |
The following permissions have been added to the Editor role (
|
Firebase |
The following permissions have been added to the Firebase Service Management Service Agent role (
|
Multi-Cluster Ingress |
The following permissions have been added to the Multi Cluster Ingress Service Agent role (
|
Network Connectivity Center |
The following permissions have been added to the Network Connectivity Service Agent role (
|
Basic Role |
The following permissions have been added to the Owner role (
|
Visual Inspection AI |
The following permissions have been added to the Visual Inspection AI Service Agent role (
|
VM Migration |
The following permissions have been added to the VM Migration Service Agent role (
|
Cloud Workstations |
The following permissions have been added to the Workstations Service Agent role (
|
Vertex AI |
The following permissions have been added:
|
Chrome Enterprise Premium |
The following permissions have been added:
|
Chrome Enterprise Premium |
The following permissions are supported in custom roles:
|
Certificate Manager |
The following permissions have reached General Availability (GA):
|
Gemini for Google Cloud API |
The following permissions have been added:
|
Gemini for Google Cloud API |
The following permissions are supported in custom roles:
|
Cloud Deploy |
The following permissions have been added:
|
Cloud Deploy |
The following permissions are supported in custom roles:
|
Cloud Deploy |
The following permissions have reached General Availability (GA):
|
Cloud Quotas |
The following permissions have been added:
|
Cloud Quotas |
The following permissions are supported in custom roles:
|
Commerce Business Enablement |
The following permissions have been added:
|
Commerce Business Enablement |
The following permissions are supported in custom roles:
|
Commerce Price Management |
The following permissions have been added:
|
Compute Engine |
The following permissions have been added:
|
Compute Engine |
The following permissions are supported in custom roles:
|
Compute Engine |
The following permissions have reached General Availability (GA):
|
Google Cloud Contact Center as a Service |
The following permissions have reached General Availability (GA):
|
Conversational Insights |
The following permissions have been added:
|
Conversational Insights |
The following permissions are supported in custom roles:
|
Conversational Insights |
The following permissions have reached General Availability (GA):
|
Dataproc |
The following permissions have been added:
|
Dataproc |
The following permissions are supported in custom roles:
|
Dataproc |
The following permissions have reached General Availability (GA):
|
Datastore |
The following permissions have been added:
|
Datastore |
The following permissions are supported in custom roles:
|
Datastore |
The following permissions have reached General Availability (GA):
|
Sensitive Data Protection |
The following permissions have been added:
|
Sensitive Data Protection |
The following permissions have reached General Availability (GA):
|
GDC Hardware Management API |
The following permissions have been added:
|
GDC Hardware Management API |
The following permissions are supported in custom roles:
|
Cloud Healthcare API |
The following permissions have been added:
|
Cloud Healthcare API |
The following permissions are supported in custom roles:
|
Payment Gateway issuer switch |
The following permissions have been added:
|
Payment Gateway issuer switch |
The following permissions are supported in custom roles:
|
Network Services |
The following permissions have been added:
|
Network Services |
The following permissions are supported in custom roles:
|
Recommender |
The following permissions have been added:
|
Recommender |
The following permissions are supported in custom roles:
|
Cloud Run |
The following permissions have been added:
|
Cloud Run |
The following permissions are supported in custom roles:
|
Cloud Run |
The following permissions have reached General Availability (GA):
|
Secure Source Manager |
The following permissions have been added:
|
Secure Source Manager |
The following permissions are supported in custom roles:
|
Workload Manager |
The following permissions have been added:
|
IAM changes as of 2023-08-18
Service | Description |
---|---|
Cloud Deploy |
The following permissions have been added to the Cloud Deploy Service Agent role (
|
Conversational Insights |
The following permissions have been added to the Contact Center AI Insights Service Agent role (
|
Dataplex |
The following permissions have been added to the Dataplex DataScan Administrator role (
|
Dataplex |
The following permissions have been added to the Dataplex DataScan Editor role (
|
Eventarc |
The following permissions have been added to the Eventarc Service Agent role (
|
Cloud Storage |
The Storage Object User role ( |
Vertex AI |
The following permissions have been added:
|
Commerce Business Enablement |
The following permissions have been added:
|
Commerce Business Enablement |
The following permissions are supported in custom roles:
|
Google Cloud Contact Center as a Service |
The following permissions have been added:
|
Google Cloud Contact Center as a Service |
The following permissions are supported in custom roles:
|
GKE Hub |
The following permissions have been added:
|
GKE Hub |
The following permissions are supported in custom roles:
|
GKE Hub |
The following permissions have reached General Availability (GA):
|
Payment Gateway issuer switch |
The following permissions have been added:
|
Payment Gateway issuer switch |
The following permissions are supported in custom roles:
|
Recommender |
The following permissions have been added:
|
Recommender |
The following permissions are supported in custom roles:
|
IAM changes as of 2023-08-11
Service | Description |
---|---|
Vertex AI |
The following permissions have been added to the Vertex AI Service Agent role (
|
Firebase Remote Config |
The following permissions have been removed from the Cloud Config Service Agent role (
|
Database Migration Service |
The following permissions have been added to the Database Migration Service Agent role (
|
Google Cloud Migration Center |
The following permissions have been added to the Migration Center Admin role (
|
Google Cloud Migration Center |
The following permissions have been added to the Migration Center Viewer role (
|
Serverless Integrations |
The following permissions have been added to the Serverless Integrations Service Agent role (
|
Security Command Center |
The Security Center Attack Paths Reader role ( |
Security Command Center |
The Security Center Resource Value Configurations Editor role ( |
Security Command Center |
The Security Center Resource Value Configurations Viewer role ( |
Security Command Center |
The Security Center Simulations Reader role ( |
Security Command Center |
The Security Center Valued Resources Reader role ( |
BigQuery Reservation API |
The following permissions have been added:
|
Commerce Agreement Publishing |
The following permissions have been added:
|
Compute Engine |
The following permissions have been added:
|
Compute Engine |
The following permissions are supported in custom roles:
|
Compute Engine |
The following permissions have reached General Availability (GA):
|
Conversational Insights |
The following permissions have been added:
|
Conversational Insights |
The following permissions are supported in custom roles:
|
Conversational Insights |
The following permissions have reached General Availability (GA):
|
Datastore |
The following permissions have been added:
|
Datastore |
The following permissions have reached General Availability (GA):
|
Recommender |
The following permissions have been added:
|
Recommender |
The following permissions are supported in custom roles:
|
Security Command Center |
The following permissions have been added:
|
Security Command Center |
The following permissions are supported in custom roles:
|
Security Command Center |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2023-08-04
Service | Description |
---|---|
Cloud Billing |
The following permissions have been added to the Billing Account Administrator role (
|
Firebase Remote Config |
The following permissions have been added to the Cloud Config Service Agent role (
|
Google Cloud Support |
The following permissions have been added to the Tech Support Editor role (
|
Dialogflow |
The following permissions have been added to the Dialogflow Service Agent role (
|
Discovery Engine |
The following permissions have been added to the Discovery Engine Admin role (
|
Eventarc |
The following permissions have been added to the Eventarc Service Agent role (
|
GKE Dataplane Management |
The Warp Run Service Agent role ( |
Cloud Integrations |
The following permissions have been added to the Application Integration Service Agent role (
|
Recommender |
The Recommendations Exporter role ( |
Workload Manager |
The following permissions have been added to the Workload Manager Service Agent role (
|
Cloud Workstations |
The following permissions have been added to the Cloud Workstations User role (
|
Apigee |
The following permissions have been added:
|
Apigee |
The following permissions are supported in custom roles:
|
Apigee |
The following permissions have reached General Availability (GA):
|
Content Warehouse |
The following permissions have been added:
|
Content Warehouse |
The following permissions have reached General Availability (GA):
|
Discovery Engine |
The following permissions have been added:
|
Discovery Engine |
The following permissions are supported in custom roles:
|
Network Connectivity Center |
The following permissions are supported in custom roles:
|
Network Connectivity Center |
The following permissions have reached General Availability (GA):
|
Recommender |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2023-07-28
Service | Description |
---|---|
Discovery Engine |
The following permissions have been added to the Discovery Engine Service Agent role (
|
Apigee |
The following permissions have been added:
|
Apigee |
The following permissions are supported in custom roles:
|
Apigee |
The following permissions have reached General Availability (GA):
|
BigQuery |
The following permissions have been added:
|
BigQuery |
The following permissions are supported in custom roles:
|
Compute Engine |
The following permissions are supported in custom roles:
|
Compute Engine |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2023-07-21
Service | Description |
---|---|
Vertex AI |
The Vertex AI Notebook Service Agent role ( |
Analytics Hub |
The Analytics Hub Subscription Owner role ( |
Assured Workloads |
The following permissions have been added to the Assured Workloads Editor role (
|
Bare Metal Solution |
The OS Images Viewer role ( |
Cloud Billing |
The following permissions have been added to the Billing Account Administrator role (
|
Cloud Asset Inventory |
The Effective Policies Service Agent role ( |
Cloud Build |
The Cloud Build Connection Admin role ( |
Cloud Build |
The Cloud Build Connection Viewer role ( |
Cloud Build |
The Cloud Build Read Only Token Accessor role ( |
Cloud Build |
The Cloud Build Token Accessor role ( |
Commerce Business Enablement |
The following permissions have been added to the Commerce Business Enablement PaymentConfig Admin role (
|
Commerce Business Enablement |
The following permissions have been added to the Commerce Business Enablement PaymentConfig Viewer role (
|
Discovery Engine |
The following permissions have been added to the Discovery Engine Service Agent role (
|
Basic Role |
The following permissions have been added to the Editor role (
|
Basic Role |
The following permissions have been added to the Viewer role (
|
Analytics Hub |
The following permissions have been added:
|
Analytics Hub |
The following permissions are supported in custom roles:
|
Analytics Hub |
The following permissions have reached General Availability (GA):
|
Bare Metal Solution |
The following permissions have been added:
|
Bare Metal Solution |
The following permissions are supported in custom roles:
|
Bare Metal Solution |
The following permissions have reached General Availability (GA):
|
Cloud Billing |
The following permissions have been added:
|
Cloud Billing |
The following permissions are supported in custom roles:
|
Cloud Billing |
The following permissions have reached General Availability (GA):
|
Cloud Build |
The following permissions have been added:
|
Cloud Build |
The following permissions are supported in custom roles:
|
Cloud Build |
The following permissions have reached General Availability (GA):
|
Compute Engine |
The following permissions have been added:
|
Compute Engine |
The following permissions have reached General Availability (GA):
|
Data Catalog |
The following permissions have been added:
|
Data Catalog |
The following permissions are supported in custom roles:
|
Google Cloud NetApp Volumes |
The following permissions have been added:
|
Google Cloud NetApp Volumes |
The following permissions are supported in custom roles:
|
Policy Simulator |
The following permissions have been added:
|
Recommender |
The following permissions have been added:
|
Recommender |
The following permissions are supported in custom roles:
|
Recommender |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2023-07-14
Service | Description |
---|---|
Vertex AI |
The following permissions have been added to the Vertex AI Administrator role (
|
Vertex AI |
The following permissions have been added to the Vertex AI Custom Code Service Agent role (
|
Vertex AI |
The following permissions have been added to the Vertex AI Feature Store EntityType owner role (
|
Vertex AI |
The following permissions have been added to the Vertex AI Feature Store Admin role (
|
Vertex AI |
The following permissions have been added to the Vertex AI Feature Store Data Viewer role (
|
Vertex AI |
The following permissions have been added to the Vertex AI Feature Store Data Writer role (
|
Vertex AI |
The following permissions have been added to the Vertex AI Service Agent role (
|
Vertex AI |
The following permissions have been added to the Vertex AI User role (
|
Vertex AI |
The following permissions have been added to the Vertex AI Viewer role (
|
Backup and Disaster Recovery |
The following permissions have been added to the Backup and DR Mount User role (
|
Backup and Disaster Recovery |
The following permissions have been added to the Backup and DR Restore User role (
|
Backup and Disaster Recovery |
The following permissions have been added to the Backup and DR Service Agent role (
|
Compute Engine |
The following permissions have been removed from the Compute Engine Service Agent role (
|
Connectors |
The Connectors Event Subscriptions Admin role ( |
Connectors |
The Connectors Event Subscriptions Viewer role ( |
Basic Role |
The following permissions have been added to the Editor role (
|
Network Connectivity Center |
The following permissions have been added to the Network Connectivity Service Agent role (
|
Basic Role |
The following permissions have been added to the Owner role (
|
Basic Role |
The following permissions have been added to the Viewer role (
|
Visual Inspection AI |
The following permissions have been added to the Visual Inspection AI Service Agent role (
|
Vertex AI |
The following permissions have been added:
|
Commerce Offer Catalog |
The following permissions have been added:
|
Commerce Offer Catalog |
The following permissions are supported in custom roles:
|
Connectors |
The following permissions have been added:
|
Connectors |
The following permissions have reached General Availability (GA):
|
Data Catalog |
The following permissions have been added:
|
Discovery Engine |
The following permissions have been added:
|
Discovery Engine |
The following permissions are supported in custom roles:
|
Network Connectivity Center |
The following permissions have been added:
|
Network Connectivity Center |
The following permissions are supported in custom roles:
|
Network Connectivity Center |
The following permissions have reached General Availability (GA):
|
Personalized Service Health |
The following permissions have been added:
|
Personalized Service Health |
The following permissions are supported in custom roles:
|
IAM changes as of 2023-06-30
Service | Description |
---|---|
Cloud Key Management Service |
The Cloud KMS Expert Raw AES-CBC Key Manager role ( |
Cloud Key Management Service |
The Cloud KMS Expert Raw AES-CTR Key Manager role ( |
Eventarc |
The following permissions have been added to the Eventarc Service Agent role (
|
Network Connectivity Center |
The Group User role ( |
Workload Certificate |
The following permissions have been added to the Workload Certificate Service Agent role (
|
Workload Manager |
The following permissions have been added to the Workload Manager Admin role (
|
BigQuery |
The following permissions have been added:
|
BigQuery |
The following permissions are supported in custom roles:
|
Cloud Key Management Service |
The following permissions have been added:
|
Cloud Key Management Service |
The following permissions have reached General Availability (GA):
|
Translation |
The following permissions have been added:
|
Translation |
The following permissions are supported in custom roles:
|
Translation |
The following permissions have reached General Availability (GA):
|
Cloud Config Manager API |
The following permissions have been added:
|
Cloud Config Manager API |
The following permissions are supported in custom roles:
|
Network Connectivity Center |
The following permissions have been added:
|
Network Connectivity Center |
The following permissions are supported in custom roles:
|
Network Connectivity Center |
The following permissions have reached General Availability (GA):
|
Network Security |
The following permissions have been added:
|
Spanner |
The following permissions are supported in custom roles:
|
IAM changes as of 2023-06-23
Service | Description |
---|---|
Access Approval |
The Access Approval Approver role ( |
Access Approval |
The Access Approval Config Editor role ( |
Access Approval |
The Access Approval Invalidator role ( |
Access Approval |
The Access Approval Viewer role ( |
Compute Engine |
The following permissions have been added to the Compute Security Admin role (
|
Security Command Center |
The following permissions have been removed from the Security Center Control Service Agent role (
|
Security Command Center |
The following permissions have been removed from the Security Health Analytics Service Agent role (
|
Security Command Center |
The following permissions have been removed from the Security Center Service Agent role (
|
Access Approval |
The following permissions have reached General Availability (GA):
|
Cloud Billing |
The following permissions have been added:
|
Cloud Billing |
The following permissions are supported in custom roles:
|
Cloud Billing |
The following permissions have reached General Availability (GA):
|
Cloud Controls Partner API |
The following permissions have been added:
|
Cloud Controls Partner API |
The following permissions are supported in custom roles:
|
Conversational Insights |
The following permissions have been added:
|
Conversational Insights |
The following permissions are supported in custom roles:
|
Conversational Insights |
The following permissions have reached General Availability (GA):
|
Google Cloud Migration Center |
The following permissions have been added:
|
Google Cloud Migration Center |
The following permissions are supported in custom roles:
|
Spanner |
The following permissions are available in custom roles:
|
IAM changes as of 2023-06-16
Service | Description |
---|---|
Cloud Build |
The following permissions have been added to the Cloud Build Token Accessor role (
|
Cloud Controls Partner API |
The Cloud Controls Partner EKM Service Agent role ( |
Cloud Controls Partner API |
The Cloud Controls Partner Monitoring Service Agent role ( |
Conversational Insights |
The following permissions have been added to the Contact Center AI Insights Service Agent role (
|
Resource Manager |
The following permissions have been added to the Folder Admin role (
|
Resource Manager |
The following permissions have been added to the Folder Creator role (
|
Resource Manager |
The following permissions have been added to the Folder Editor role (
|
Resource Manager |
The following permissions have been added to the Folder Viewer role (
|
Resource Manager |
The following permissions have been added to the Organization Administrator role (
|
Rapid Migration Assessment |
The Rapid Migration Assessment Admin role ( |
Rapid Migration Assessment |
The Rapid Migration Assessment Runner role ( |
Rapid Migration Assessment |
The Rapid Migration Assessment Viewer role ( |
Security Command Center |
The following permissions have been added to the Security Center Control Service Agent role (
|
Security Command Center |
The following permissions have been added to the Security Center Service Agent role (
|
AlloyDB for PostgreSQL |
The following permissions have been added:
|
Firebase Extensions Publisher |
The following permissions have been added:
|
Firebase Extensions Publisher |
The following permissions are supported in custom roles:
|
Rapid Migration Assessment |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2023-06-09
Service | Change | Description |
---|---|---|
Firebase Remote Config | Role Updated |
The following permissions have been added to the role cloudbuild.workerpools.use |
Cloud SQL | Role Updated |
The following permissions have been removed from the role recommender.cloudsqlInstanceSecurityInsights.get recommender.cloudsqlInstanceSecurityInsights.list recommender.cloudsqlInstanceSecurityInsights.update recommender.cloudsqlInstanceSecurityRecommendations.get recommender.cloudsqlInstanceSecurityRecommendations.list recommender.cloudsqlInstanceSecurityRecommendations.update |
Cloud SQL | Role Updated |
The following permissions have been removed from the role recommender.cloudsqlInstanceSecurityInsights.get recommender.cloudsqlInstanceSecurityInsights.list recommender.cloudsqlInstanceSecurityRecommendations.get recommender.cloudsqlInstanceSecurityRecommendations.list |
Dataplex | Role Updated |
The following permissions have been added to the role dataplex.environments.list |
Discovery Engine | Role Updated |
The following permissions have been added to the role discoveryengine.dataStores.completeQuery |
Network Connectivity Center | Role Updated |
The following permissions have been added to the role networkconnectivity.operations.get |
Serverless Integrations | Role Updated |
The following permissions have been added to the role compute.targetHttpProxies.get compute.targetHttpProxies.list |
Speaker ID | Now GA |
The role |
Speaker ID | Now GA |
The role |
Speaker ID | Now GA |
The role |
Speaker ID | Now GA |
The role |
Workload Manager | Role Updated |
The following permissions have been added to the role config.deployments.create config.locations.get config.locations.list config.operations.cancel config.operations.delete config.operations.get config.operations.list |
Vertex AI | Added |
aiplatform.modelEvaluationSlices.import aiplatform.modelEvaluations.import aiplatform.schedules.create aiplatform.schedules.delete aiplatform.schedules.get aiplatform.schedules.list aiplatform.schedules.update |
Cloud Asset Inventory | Added |
cloudasset.assets.analyzeOrgPolicy |
Compute Engine | Added |
compute.regionNetworkEndpointGroups.attachNetworkEndpoints compute.regionNetworkEndpointGroups.detachNetworkEndpoints |
Datastore | Added |
datastore.databases.createTagBinding datastore.databases.deleteTagBinding datastore.databases.listEffectiveTags datastore.databases.listTagBindings |
Datastore | Now GA |
datastore.databases.createTagBinding datastore.databases.deleteTagBinding datastore.databases.listEffectiveTags datastore.databases.listTagBindings |
Discovery Engine | Added |
discoveryengine.dataStores.completeQuery |
Discovery Engine | Supported In Custom Roles |
discoveryengine.dataStores.completeQuery |
Google Cloud Migration Center | Added |
migrationcenter.errorFrames.get migrationcenter.errorFrames.list migrationcenter.importDataFiles.create migrationcenter.importDataFiles.delete migrationcenter.importDataFiles.get migrationcenter.importDataFiles.list |
Google Cloud Migration Center | Supported In Custom Roles |
migrationcenter.errorFrames.get migrationcenter.errorFrames.list migrationcenter.importDataFiles.create migrationcenter.importDataFiles.delete migrationcenter.importDataFiles.get migrationcenter.importDataFiles.list |
Recommender | Added |
recommender.cloudsqlInstanceReliabilityInsights.get recommender.cloudsqlInstanceReliabilityInsights.list recommender.cloudsqlInstanceReliabilityInsights.update recommender.cloudsqlInstanceReliabilityRecommendations.get recommender.cloudsqlInstanceReliabilityRecommendations.list recommender.cloudsqlInstanceReliabilityRecommendations.update |
Recommender | Supported In Custom Roles |
recommender.cloudsqlInstanceReliabilityInsights.get recommender.cloudsqlInstanceReliabilityInsights.list recommender.cloudsqlInstanceReliabilityInsights.update recommender.cloudsqlInstanceReliabilityRecommendations.get recommender.cloudsqlInstanceReliabilityRecommendations.list recommender.cloudsqlInstanceReliabilityRecommendations.update |
Speaker ID | Added |
speakerid.phrases.create speakerid.phrases.delete speakerid.phrases.get speakerid.phrases.list speakerid.settings.get speakerid.settings.update speakerid.speakers.create speakerid.speakers.delete speakerid.speakers.get speakerid.speakers.list speakerid.speakers.verify |
Speaker ID | Now GA |
speakerid.phrases.create speakerid.phrases.delete speakerid.phrases.get speakerid.phrases.list speakerid.settings.get speakerid.settings.update speakerid.speakers.create speakerid.speakers.delete speakerid.speakers.get speakerid.speakers.list speakerid.speakers.verify |
Cloud IAM changes as of 2023-06-02
Service | Change | Description |
---|---|---|
Vertex AI | Role Updated |
The following permissions have been added to the role compute.networks.use compute.networks.useExternalIp |
AlloyDB for PostgreSQL | Role Updated |
The following permissions have been added to the role alloydb.instances.injectFault |
App Engine flexible environment | Role Updated |
The following permissions have been added to the role compute.routes.create compute.routes.delete |
Backup and Disaster Recovery | Now GA |
The role |
Backup and Disaster Recovery | Now GA |
The role |
Backup and Disaster Recovery | Now GA |
The role |
Backup and Disaster Recovery | Now GA |
The role |
Bare Metal Solution | Now GA |
The role |
Bare Metal Solution | Now GA |
The role |
Bare Metal Solution | Now GA |
The role |
Binary Authorization | Role Updated |
The following permissions have been added to the role artifactregistry.repositories.downloadArtifacts binaryauthorization.platformPolicies.evaluatePolicy binaryauthorization.policy.evaluatePolicy storage.objects.list |
Cloud Build | Role Updated |
The following permissions have been added to the role artifactregistry.repositories.deleteArtifacts |
Cloud Build | Role Updated |
The following permissions have been added to the role artifactregistry.repositories.deleteArtifacts |
Artifact Analysis | Role Updated |
The following permissions have been added to the role storage.objects.update |
Container Scanning | Role Updated |
The following permissions have been added to the role storage.objects.update |
Basic Role | Role Updated |
The following permissions have been added to the role alloydb.instances.injectFault |
Cloud Integrations | Role Updated |
The following permissions have been added to the role integrations.executions.get |
Cloud Integrations | Role Updated |
The following permissions have been added to the role integrations.executions.get |
Cloud Integrations | Role Updated |
The following permissions have been added to the role integrations.executions.get |
Cloud Integrations | Role Updated |
The following permissions have been added to the role integrations.executions.get |
Cloud Monitoring | Now GA |
The role |
Cloud Monitoring | Now GA |
The role |
Basic Role | Role Updated |
The following permissions have been added to the role alloydb.instances.injectFault |
Basic Role | Role Updated |
The following permissions have been removed from the role integrations.certificates.create integrations.certificates.delete integrations.certificates.update |
Vision AI | Role Updated |
The following permissions have been added to the role visionai.annotations.get visionai.annotations.list visionai.assets.clip visionai.assets.generateHlsUri visionai.assets.get visionai.assets.list visionai.assets.search |
Cloud Workstations | Now GA |
The role |
Cloud Workstations | Now GA |
The role |
Cloud Workstations | Now GA |
The role |
Cloud Workstations | Now GA |
The role |
Cloud Workstations | Now GA |
The role |
Cloud Workstations | Now GA |
The role |
AlloyDB for PostgreSQL | Added |
alloydb.instances.injectFault |
Backup and Disaster Recovery | Supported In Custom Roles |
backupdr.managementServers.access backupdr.managementServers.accessSensitiveData backupdr.managementServers.assignBackupPlans backupdr.managementServers.manageApplications backupdr.managementServers.manageBackupPlans backupdr.managementServers.manageBackupServers backupdr.managementServers.manageBackups backupdr.managementServers.manageClones backupdr.managementServers.manageExpiration backupdr.managementServers.manageHosts backupdr.managementServers.manageJobs backupdr.managementServers.manageLiveClones backupdr.managementServers.manageMigrations backupdr.managementServers.manageMirroring backupdr.managementServers.manageMounts backupdr.managementServers.manageRestores backupdr.managementServers.manageSensitiveData backupdr.managementServers.manageStorage backupdr.managementServers.manageSystem backupdr.managementServers.manageWorkflows backupdr.managementServers.refreshWorkflows backupdr.managementServers.runWorkflows backupdr.managementServers.testFailOvers backupdr.managementServers.viewBackupPlans backupdr.managementServers.viewBackupServers backupdr.managementServers.viewReports backupdr.managementServers.viewStorage backupdr.managementServers.viewSystem backupdr.managementServers.viewWorkflows |
Backup and Disaster Recovery | Now GA |
backupdr.managementServers.access backupdr.managementServers.accessSensitiveData backupdr.managementServers.assignBackupPlans backupdr.managementServers.manageApplications backupdr.managementServers.manageBackupPlans backupdr.managementServers.manageBackupServers backupdr.managementServers.manageBackups backupdr.managementServers.manageClones backupdr.managementServers.manageExpiration backupdr.managementServers.manageHosts backupdr.managementServers.manageJobs backupdr.managementServers.manageLiveClones backupdr.managementServers.manageMigrations backupdr.managementServers.manageMirroring backupdr.managementServers.manageMounts backupdr.managementServers.manageRestores backupdr.managementServers.manageSensitiveData backupdr.managementServers.manageStorage backupdr.managementServers.manageSystem backupdr.managementServers.manageWorkflows backupdr.managementServers.refreshWorkflows backupdr.managementServers.runWorkflows backupdr.managementServers.testFailOvers backupdr.managementServers.viewBackupPlans backupdr.managementServers.viewBackupServers backupdr.managementServers.viewReports backupdr.managementServers.viewStorage backupdr.managementServers.viewSystem backupdr.managementServers.viewWorkflows |
Cloud Integrations | Added |
integrations.securityIntegrationVers.delete |
Cloud Monitoring | Now GA |
monitoring.snoozes.create monitoring.snoozes.get monitoring.snoozes.list monitoring.snoozes.update |
Recommender | Added |
recommender.cloudFunctionsPerformanceInsights.get recommender.cloudFunctionsPerformanceInsights.list recommender.cloudFunctionsPerformanceInsights.update recommender.cloudFunctionsPerformanceRecommendations.get recommender.cloudFunctionsPerformanceRecommendations.list recommender.cloudFunctionsPerformanceRecommendations.update |
Recommender | Supported In Custom Roles |
recommender.cloudFunctionsPerformanceInsights.get recommender.cloudFunctionsPerformanceInsights.list recommender.cloudFunctionsPerformanceInsights.update recommender.cloudFunctionsPerformanceRecommendations.get recommender.cloudFunctionsPerformanceRecommendations.list recommender.cloudFunctionsPerformanceRecommendations.update |
Recommender | Now GA |
recommender.cloudFunctionsPerformanceInsights.get recommender.cloudFunctionsPerformanceInsights.list recommender.cloudFunctionsPerformanceInsights.update recommender.cloudFunctionsPerformanceRecommendations.get recommender.cloudFunctionsPerformanceRecommendations.list recommender.cloudFunctionsPerformanceRecommendations.update |
Cloud Workstations | Now GA |
workstations.operations.get workstations.workstationClusters.create workstations.workstationClusters.delete workstations.workstationClusters.get workstations.workstationClusters.list workstations.workstationClusters.update workstations.workstationConfigs.create workstations.workstationConfigs.delete workstations.workstationConfigs.get workstations.workstationConfigs.getIamPolicy workstations.workstationConfigs.list workstations.workstationConfigs.setIamPolicy workstations.workstationConfigs.update workstations.workstations.create workstations.workstations.delete workstations.workstations.get workstations.workstations.getIamPolicy workstations.workstations.list workstations.workstations.setIamPolicy workstations.workstations.start workstations.workstations.stop workstations.workstations.update workstations.workstations.use |
Cloud IAM changes as of 2023-05-26
Service | Change | Description |
---|---|---|
Vertex AI | Role Updated |
The following permissions have been added to the role compute.zoneOperations.get |
Backup and Disaster Recovery | Role Updated |
The following permissions have been added to the role backupdr.managementServers.viewStorage |
Backup and Disaster Recovery | Role Updated |
The following permissions have been added to the role backupdr.managementServers.viewStorage |
Cloud Composer | Role Updated |
The following permissions have been added to the role dns.managedZones.get dns.managedZones.list dns.networks.targetWithPeeringZone |
Cloud Composer | Role Updated |
The following permissions have been added to the role dns.managedZones.get dns.managedZones.list dns.networks.targetWithPeeringZone |
Compute Engine | Now GA |
The role |
Compute Engine | Now GA |
The role |
Data Lineage API | Now GA |
The role |
Data Lineage API | Now GA |
The role |
Data Lineage API | Now GA |
The role |
Data Lineage API | Now GA |
The role |
Sensitive Data Protection | Now GA |
The role |
Sensitive Data Protection | Now GA |
The role |
Network Connectivity Center | Role Updated |
The following permissions have been added to the role compute.forwardingRules.get compute.regionOperations.get |
Security Command Center | Role Updated |
The following permissions have been added to the role cloudasset.assets.exportIamPolicy cloudasset.assets.exportOSInventories cloudasset.assets.exportResource cloudasset.assets.queryAccessPolicy cloudasset.assets.queryIamPolicy cloudasset.assets.queryOSInventories cloudasset.assets.queryResource cloudasset.assets.searchAllIamPolicies cloudasset.assets.searchAllResources |
Security Command Center | Role Updated |
The following permissions have been added to the role cloudasset.assets.exportIamPolicy cloudasset.assets.exportOSInventories cloudasset.assets.exportResource cloudasset.assets.queryAccessPolicy cloudasset.assets.queryIamPolicy cloudasset.assets.queryOSInventories cloudasset.assets.queryResource cloudasset.assets.searchAllIamPolicies cloudasset.assets.searchAllResources |
Security Command Center | Role Updated |
The following permissions have been added to the role cloudasset.assets.exportIamPolicy cloudasset.assets.exportOSInventories cloudasset.assets.exportResource cloudasset.assets.queryAccessPolicy cloudasset.assets.queryIamPolicy cloudasset.assets.queryOSInventories cloudasset.assets.queryResource cloudasset.assets.searchAllIamPolicies cloudasset.assets.searchAllResources |
Security Command Center | Role Updated |
The following permissions have been added to the role cloudasset.assets.exportIamPolicy cloudasset.assets.exportOSInventories cloudasset.assets.exportResource cloudasset.assets.queryAccessPolicy cloudasset.assets.queryIamPolicy cloudasset.assets.queryOSInventories cloudasset.assets.queryResource cloudasset.assets.searchAllIamPolicies cloudasset.assets.searchAllResources |
Vision AI | Role Updated |
The following permissions have been added to the role visionai.operators.create visionai.operators.delete visionai.operators.get visionai.operators.list visionai.operators.update |
Compute Engine | Now GA |
compute.disks.startAsyncReplication compute.disks.stopAsyncReplication compute.disks.stopGroupAsyncReplication compute.resourcePolicies.useReadOnly |
Data Lineage API | Now GA |
datalineage.events.create datalineage.events.delete datalineage.events.get datalineage.events.list datalineage.locations.searchLinks datalineage.operations.get datalineage.processes.create datalineage.processes.delete datalineage.processes.get datalineage.processes.list datalineage.processes.update datalineage.runs.create datalineage.runs.delete datalineage.runs.get datalineage.runs.list datalineage.runs.update |
Sensitive Data Protection | Added |
dlp.subscriptions.cancel dlp.subscriptions.create dlp.subscriptions.get dlp.subscriptions.list dlp.subscriptions.update |
Sensitive Data Protection | Supported In Custom Roles |
dlp.subscriptions.cancel dlp.subscriptions.create dlp.subscriptions.get dlp.subscriptions.list dlp.subscriptions.update |
Sensitive Data Protection | Now GA |
dlp.subscriptions.cancel dlp.subscriptions.create dlp.subscriptions.get dlp.subscriptions.list dlp.subscriptions.update |
Cloud IAM changes as of 2023-05-19
Service | Change | Description |
---|---|---|
Vertex AI | Role Updated |
The following permissions have been added to the role compute.networks.get compute.subnetworks.list |
Backup and Disaster Recovery | Now GA |
The role |
Cloud Build | Role Updated |
The following permissions have been removed from the role logging.privateLogEntries.list |
Cloud Build | Role Updated |
The following permissions have been removed from the role logging.privateLogEntries.list |
Cloud Composer | Role Updated |
The following permissions have been removed from the role logging.privateLogEntries.list |
Artifact Analysis | Role Updated |
The following permissions have been added to the role containeranalysis.notes.list |
Container Scanning | Role Updated |
The following permissions have been added to the role containeranalysis.notes.list |
AlloyDB for PostgreSQL | Added |
alloydb.users.create alloydb.users.delete alloydb.users.get alloydb.users.list alloydb.users.update |
Apigee | Added |
apigee.appgroupapps.create apigee.appgroupapps.delete apigee.appgroupapps.get apigee.appgroupapps.list apigee.appgroupapps.manage apigee.appgroups.create apigee.appgroups.delete apigee.appgroups.get apigee.appgroups.list apigee.appgroups.update |
Apigee | Supported In Custom Roles |
apigee.appgroupapps.create apigee.appgroupapps.delete apigee.appgroupapps.get apigee.appgroupapps.list apigee.appgroupapps.manage apigee.appgroups.create apigee.appgroups.delete apigee.appgroups.get apigee.appgroups.list apigee.appgroups.update |
Apigee | Now GA |
apigee.appgroupapps.create apigee.appgroupapps.delete apigee.appgroupapps.get apigee.appgroupapps.list apigee.appgroupapps.manage apigee.appgroups.create apigee.appgroups.delete apigee.appgroups.get apigee.appgroups.list apigee.appgroups.update |
Commerce Price Management | Added |
commerceprice.events.get commerceprice.events.list |
Compute Engine | Added |
compute.instances.setSecurityPolicy compute.targetInstances.setSecurityPolicy compute.targetPools.setSecurityPolicy |
Compute Engine | Supported In Custom Roles |
compute.instances.setSecurityPolicy compute.targetInstances.setSecurityPolicy compute.targetPools.setSecurityPolicy |
Cloud Commerce Consumer Procurement | Added |
consumerprocurement.events.get consumerprocurement.events.list |
Cloud Logging | Now GA |
logging.logEntries.route |
Google Cloud VMware Engine | Added |
vmwareengine.privateConnections.create vmwareengine.privateConnections.delete vmwareengine.privateConnections.get vmwareengine.privateConnections.list vmwareengine.privateConnections.listPeeringRoutes vmwareengine.privateConnections.update vmwareengine.subnets.get vmwareengine.subnets.update |
Google Cloud VMware Engine | Supported In Custom Roles |
vmwareengine.privateConnections.create vmwareengine.privateConnections.delete vmwareengine.privateConnections.get vmwareengine.privateConnections.list vmwareengine.privateConnections.listPeeringRoutes vmwareengine.privateConnections.update vmwareengine.subnets.get vmwareengine.subnets.update |
Google Cloud VMware Engine | Now GA |
vmwareengine.privateConnections.create vmwareengine.privateConnections.delete vmwareengine.privateConnections.get vmwareengine.privateConnections.list vmwareengine.privateConnections.listPeeringRoutes vmwareengine.privateConnections.update vmwareengine.subnets.get vmwareengine.subnets.update |
Cloud IAM changes as of 2023-05-12
Service | Change | Description |
---|---|---|
Vertex AI | Role Updated |
The following permissions have been added to the role compute.instances.attachDisk compute.instances.detachDisk compute.instances.start compute.instances.stop |
Network Connectivity Center | Role Updated |
The following permissions have been added to the role dns.managedZones.create dns.networks.bindPrivateDNSZone servicedirectory.namespaces.associatePrivateZone servicedirectory.namespaces.create servicedirectory.namespaces.delete servicedirectory.services.create servicedirectory.services.delete |
Cloud Composer | Added |
composer.environments.executeAirflowCommand |
Cloud Composer | Now GA |
composer.environments.executeAirflowCommand |
Compute Engine | Added |
compute.instantSnapshots.create compute.instantSnapshots.delete compute.instantSnapshots.export compute.instantSnapshots.get compute.instantSnapshots.getIamPolicy compute.instantSnapshots.list compute.instantSnapshots.setIamPolicy compute.instantSnapshots.setLabels compute.instantSnapshots.useReadOnly |
Compute Engine | Supported In Custom Roles |
compute.instantSnapshots.create compute.instantSnapshots.delete compute.instantSnapshots.get compute.instantSnapshots.getIamPolicy compute.instantSnapshots.list compute.instantSnapshots.setIamPolicy compute.instantSnapshots.setLabels compute.instantSnapshots.useReadOnly |
Security Command Center | Added |
securitycenter.securityhealthanalyticscustommodules.create securitycenter.securityhealthanalyticscustommodules.delete securitycenter.securityhealthanalyticscustommodules.get securitycenter.securityhealthanalyticscustommodules.list securitycenter.securityhealthanalyticscustommodules.test securitycenter.securityhealthanalyticscustommodules.update |
Security Command Center | Now GA |
securitycenter.securityhealthanalyticscustommodules.create securitycenter.securityhealthanalyticscustommodules.delete securitycenter.securityhealthanalyticscustommodules.get securitycenter.securityhealthanalyticscustommodules.list securitycenter.securityhealthanalyticscustommodules.test securitycenter.securityhealthanalyticscustommodules.update |
Cloud IAM changes as of 2023-05-05
Service | Change | Description |
---|---|---|
Apigee | Role Updated |
The following permissions have been added to the role apigee.entitlements.get apigee.projectorganizations.get |
Apigee | Role Updated |
The following permissions have been added to the role apigee.entitlements.get apigee.projectorganizations.get |
Apigee | Role Updated |
The following permissions have been added to the role apigee.entitlements.get apigee.projectorganizations.get |
Apigee | Role Updated |
The following permissions have been added to the role apigee.entitlements.get apigee.projectorganizations.get |
Apigee | Role Updated |
The following permissions have been added to the role apigee.entitlements.get apigee.projectorganizations.get |
Apigee | Role Updated |
The following permissions have been added to the role apigee.entitlements.get apigee.projectorganizations.get |
Apigee | Role Updated |
The following permissions have been added to the role apigee.entitlements.get apigee.projectorganizations.get |
Apigee | Role Updated |
The following permissions have been added to the role apigee.entitlements.get apigee.projectorganizations.get |
Apigee | Role Updated |
The following permissions have been added to the role apigee.entitlements.get apigee.projectorganizations.get |
Apigee | Role Updated |
The following permissions have been added to the role apigee.entitlements.get apigee.projectorganizations.get |
Apigee | Role Updated |
The following permissions have been added to the role apigee.entitlements.get apigee.projectorganizations.get |
Cloud Composer | Now GA |
The role |
Cloud Composer | Role Updated |
The following permissions have been added to the role compute.networkAttachments.create compute.networkAttachments.delete compute.networkAttachments.get |
Google Distributed Cloud | Role Updated |
The following permissions have been added to the role gkehub.memberships.delete |
Looker | Now GA |
The role |
Looker | Now GA |
The role |
Looker | Now GA |
The role |
Cloud Monitoring | Now GA |
The role |
Cloud Monitoring | Now GA |
The role |
Vision AI | Role Updated |
The following permissions have been added to the role visionai.events.create visionai.events.update |
Cloud Controls Partner API | Added |
cloudcontrolspartner.customers.get cloudcontrolspartner.customers.list cloudcontrolspartner.partners.get cloudcontrolspartner.violations.get cloudcontrolspartner.violations.list cloudcontrolspartner.workloads.get cloudcontrolspartner.workloads.list |
Cloud Controls Partner API | Supported In Custom Roles |
cloudcontrolspartner.customers.get cloudcontrolspartner.customers.list cloudcontrolspartner.partners.get cloudcontrolspartner.violations.get cloudcontrolspartner.violations.list cloudcontrolspartner.workloads.get cloudcontrolspartner.workloads.list |
Looker | Added |
looker.backups.create looker.backups.delete looker.backups.get looker.backups.list looker.backups.restore looker.instances.create looker.instances.delete looker.instances.export looker.instances.get looker.instances.import looker.instances.list looker.instances.login looker.instances.update looker.locations.get looker.locations.list looker.operations.cancel looker.operations.delete looker.operations.get looker.operations.list |
Looker | Supported In Custom Roles |
looker.backups.create looker.backups.delete looker.backups.get looker.backups.list looker.backups.restore looker.instances.create looker.instances.delete looker.instances.export looker.instances.get looker.instances.import looker.instances.list looker.instances.login looker.instances.update looker.locations.get looker.locations.list looker.operations.cancel looker.operations.delete looker.operations.get looker.operations.list |
Looker | Now GA |
looker.backups.create looker.backups.delete looker.backups.get looker.backups.list looker.backups.restore looker.instances.create looker.instances.delete looker.instances.export looker.instances.get looker.instances.import looker.instances.list looker.instances.login looker.instances.update looker.locations.get looker.locations.list looker.operations.cancel looker.operations.delete looker.operations.get looker.operations.list |
Cloud Monitoring | Supported In Custom Roles |
monitoring.alertPolicies.create monitoring.alertPolicies.delete monitoring.alertPolicies.get monitoring.alertPolicies.list monitoring.alertPolicies.update |
Cloud Monitoring | Now GA |
monitoring.alertPolicies.create monitoring.alertPolicies.delete monitoring.alertPolicies.get monitoring.alertPolicies.list monitoring.alertPolicies.update |
Security Command Center | Added |
securitycenter.integratedvulnerabilityscannersettings.calculate securitycenter.integratedvulnerabilityscannersettings.get securitycenter.integratedvulnerabilityscannersettings.update |
Security Command Center | Supported In Custom Roles |
securitycenter.integratedvulnerabilityscannersettings.calculate securitycenter.integratedvulnerabilityscannersettings.get securitycenter.integratedvulnerabilityscannersettings.update |
Security Command Center | Now GA |
securitycenter.integratedvulnerabilityscannersettings.calculate securitycenter.integratedvulnerabilityscannersettings.get securitycenter.integratedvulnerabilityscannersettings.update |
Cloud IAM changes as of 2023-04-28
Service | Change | Description |
---|---|---|
Vertex AI | Role Updated |
The following permissions have been added to the role compute.subnetworks.get |
Bare Metal Solution | Now GA |
The role |
Bare Metal Solution | Now GA |
The role |
Bare Metal Solution | Now GA |
The role |
Cloud Key Management Service | Now GA |
The role |
Commerce Business Enablement | Role Updated |
The following permissions have been added to the role resourcemanager.organizations.get |
Commerce Business Enablement | Role Updated |
The following permissions have been added to the role resourcemanager.organizations.get |
Commerce Business Enablement | Role Updated |
The following permissions have been added to the role resourcemanager.organizations.get |
Commerce Business Enablement | Role Updated |
The following permissions have been added to the role resourcemanager.organizations.get |
Cloud Commerce Consumer Procurement | Role Updated |
The following permissions have been added to the role consumerprocurement.consents.check consumerprocurement.consents.grant consumerprocurement.consents.list consumerprocurement.consents.revoke orgpolicy.policy.get |
Cloud Commerce Consumer Procurement | Role Updated |
The following permissions have been added to the role consumerprocurement.consents.check consumerprocurement.consents.list orgpolicy.policy.get |
Cloud Commerce Consumer Procurement | Role Updated |
The following permissions have been added to the role orgpolicy.policy.get |
Cloud Commerce Consumer Procurement | Role Updated |
The following permissions have been added to the role orgpolicy.policy.get |
Firebase App Check | Now GA |
The role |
Workflows | Role Updated |
The following permissions have been added to the role serviceusage.services.use |
Workload Certificate | Role Updated |
The following permissions have been added to the role workloadcertificate.workloadRegistrations.list |
Bare Metal Solution | Added |
baremetalsolution.procurements.create baremetalsolution.procurements.get baremetalsolution.procurements.list baremetalsolution.skus.list |
Bare Metal Solution | Supported In Custom Roles |
baremetalsolution.procurements.create baremetalsolution.procurements.get baremetalsolution.procurements.list baremetalsolution.skus.list |
Bare Metal Solution | Now GA |
baremetalsolution.procurements.create baremetalsolution.procurements.get baremetalsolution.procurements.list baremetalsolution.skus.list |
Certificate Manager | Now GA |
certificatemanager.certissuanceconfigs.create certificatemanager.certissuanceconfigs.delete certificatemanager.certissuanceconfigs.get certificatemanager.certissuanceconfigs.list certificatemanager.certissuanceconfigs.update certificatemanager.certissuanceconfigs.use |
Cloud Build | Added |
cloudbuild.repositories.fetchGitRefs |
Cloud Build | Supported In Custom Roles |
cloudbuild.repositories.fetchGitRefs |
Cloud Key Management Service | Now GA |
cloudkms.protectedResources.search |
Firebase App Check | Added |
firebaseappcheck.appCheckTokens.verify |
Firebase App Check | Supported In Custom Roles |
firebaseappcheck.appCheckTokens.verify |
Firebase App Check | Now GA |
firebaseappcheck.appCheckTokens.verify |
Cloud IAM changes as of 2023-04-21
Service | Change | Description |
---|---|---|
BigLake | Now GA |
The role |
BigLake | Now GA |
The role |
Google Security Operations | Role Updated |
The following permissions have been added to the role chronicle.operations.cancel |
Service Catalog | Role Updated |
The following permissions have been added to the role commerceorggovernance.organizationSettings.get commerceorggovernance.organizationSettings.update |
Connectors | Now GA |
The role |
Connectors | Now GA |
The role |
Connectors | Now GA |
The role |
Connectors | Now GA |
The role |
Identity and Access Management | Role Updated |
The following permissions have been added to the role advisorynotifications.notifications.get |
Identity and Access Management | Role Updated |
The following permissions have been added to the role advisorynotifications.notifications.get |
Network Connectivity Center | Role Updated |
The following permissions have been added to the role compute.addresses.createInternal compute.addresses.deleteInternal compute.addresses.get |
Pub/Sub Lite | Role Updated |
The following permissions have been added to the role pubsublite.topics.computeHeadCursor |
Serverless Integrations | Role Updated |
The following permissions have been added to the role firebasehosting.sites.get |
Cloud Storage | Now GA |
The role |
BigLake | Now GA |
biglake.catalogs.create biglake.catalogs.delete biglake.catalogs.get biglake.catalogs.list biglake.databases.create biglake.databases.delete biglake.databases.get biglake.databases.list biglake.databases.update biglake.locks.check biglake.locks.create biglake.locks.delete biglake.locks.list biglake.tables.create biglake.tables.delete biglake.tables.get biglake.tables.list biglake.tables.lock biglake.tables.update |
Google Security Operations | Added |
chronicle.dashboards.edit chronicle.dashboards.schedule |
Google Security Operations | Supported In Custom Roles |
chronicle.dashboards.edit chronicle.dashboards.schedule |
Commerce Business Enablement | Added |
commercebusinessenablement.resellerDiscountOffers.cancel commercebusinessenablement.resellerDiscountOffers.create commercebusinessenablement.resellerDiscountOffers.list |
Commerce Business Enablement | Supported In Custom Roles |
commercebusinessenablement.resellerDiscountOffers.cancel commercebusinessenablement.resellerDiscountOffers.create commercebusinessenablement.resellerDiscountOffers.list |
Connectors | Added |
connectors.endpointAttachments.create connectors.endpointAttachments.delete connectors.endpointAttachments.get connectors.endpointAttachments.getIamPolicy connectors.endpointAttachments.list connectors.endpointAttachments.setIamPolicy connectors.endpointAttachments.update connectors.managedZones.create connectors.managedZones.delete connectors.managedZones.get connectors.managedZones.getIamPolicy connectors.managedZones.list connectors.managedZones.setIamPolicy connectors.managedZones.update |
Connectors | Now GA |
connectors.endpointAttachments.create connectors.endpointAttachments.delete connectors.endpointAttachments.get connectors.endpointAttachments.getIamPolicy connectors.endpointAttachments.list connectors.endpointAttachments.setIamPolicy connectors.endpointAttachments.update connectors.managedZones.create connectors.managedZones.delete connectors.managedZones.get connectors.managedZones.getIamPolicy connectors.managedZones.list connectors.managedZones.setIamPolicy connectors.managedZones.update |
Dataform | Added |
dataform.releaseConfigs.create dataform.releaseConfigs.delete dataform.releaseConfigs.get dataform.releaseConfigs.list dataform.releaseConfigs.update dataform.workflowConfigs.create dataform.workflowConfigs.delete dataform.workflowConfigs.get dataform.workflowConfigs.list dataform.workflowConfigs.update |
Datastore | Supported In Custom Roles |
datastore.keyVisualizerScans.get datastore.keyVisualizerScans.list |
Transfer Appliance | Added |
transferappliance.credentials.get |
Cloud IAM changes as of 2023-04-14
Service | Change | Description |
---|---|---|
Backup and Disaster Recovery | Role Updated |
The following permissions have been added to the role backupdr.managementServers.viewBackupServers |
Backup and Disaster Recovery | Role Updated |
The following permissions have been added to the role backupdr.managementServers.viewBackupServers |
Backup and Disaster Recovery | Role Updated |
The following permissions have been removed from the role backupdr.managementServers.accessSensitiveData backupdr.managementServers.assignBackupPlans backupdr.managementServers.manageApplications backupdr.managementServers.manageBackupPlans backupdr.managementServers.manageBackups backupdr.managementServers.manageClones backupdr.managementServers.manageExpiration backupdr.managementServers.manageHosts backupdr.managementServers.manageJobs backupdr.managementServers.manageLiveClones backupdr.managementServers.manageMigrations backupdr.managementServers.manageMirroring backupdr.managementServers.manageMounts backupdr.managementServers.manageRestores backupdr.managementServers.manageWorkflows backupdr.managementServers.refreshWorkflows backupdr.managementServers.runWorkflows backupdr.managementServers.testFailOvers |
Backup and Disaster Recovery | Role Updated |
The following permissions have been added to the role backupdr.managementServers.viewBackupServers |
Backup and Disaster Recovery | Role Updated |
The following permissions have been added to the role backupdr.managementServers.viewBackupServers |
Google Security Operations | Now GA |
The role |
Google Security Operations | Role Updated |
The following permissions have been added to the role monitoring.alertPolicies.create monitoring.alertPolicies.delete monitoring.alertPolicies.get monitoring.alertPolicies.list monitoring.alertPolicies.update |
Cloud Run functions | Role Updated |
The following permissions have been added to the role cloudfunctions.functions.getIamPolicy |
Dataform | Role Updated |
The following permissions have been added to the role dataform.repositories.commit dataform.repositories.computeAccessTokenStatus dataform.repositories.fetchHistory dataform.repositories.queryDirectoryContents dataform.repositories.readFile |
Dataform | Role Updated |
The following permissions have been added to the role dataform.repositories.computeAccessTokenStatus dataform.repositories.fetchHistory dataform.repositories.queryDirectoryContents dataform.repositories.readFile |
Dataform | Role Updated |
The following permissions have been added to the role dataform.repositories.computeAccessTokenStatus dataform.repositories.fetchHistory dataform.repositories.queryDirectoryContents dataform.repositories.readFile |
Basic Role | Role Updated |
The following permissions have been added to the role backupdr.managementServers.viewBackupServers dataform.repositories.commit dataform.repositories.computeAccessTokenStatus dataform.repositories.fetchHistory dataform.repositories.queryDirectoryContents dataform.repositories.readFile |
Firebase | Role Updated |
The following permissions have been added to the role cloudfunctions.functions.getIamPolicy |
Firebase | Role Updated |
The following permissions have been added to the role cloudfunctions.functions.getIamPolicy |
Google Distributed Cloud | Role Updated |
The following permissions have been added to the role gkeonprem.operations.get gkeonprem.operations.list |
Basic Role | Role Updated |
The following permissions have been added to the role backupdr.managementServers.viewBackupServers dataform.repositories.commit dataform.repositories.computeAccessTokenStatus dataform.repositories.fetchHistory dataform.repositories.queryDirectoryContents dataform.repositories.readFile |
Storage Insights | Now GA |
The role |
Basic Role | Role Updated |
The following permissions have been added to the role backupdr.managementServers.viewBackupServers dataform.repositories.computeAccessTokenStatus dataform.repositories.fetchHistory dataform.repositories.queryDirectoryContents dataform.repositories.readFile |
Artifact Registry | Added |
artifactregistry.repositories.readViaVirtualRepository |
Artifact Registry | Supported In Custom Roles |
artifactregistry.repositories.readViaVirtualRepository |
Artifact Registry | Now GA |
artifactregistry.repositories.readViaVirtualRepository |
Backup and Disaster Recovery | Added |
backupdr.managementServers.viewBackupServers |
Cloud SQL | Added |
cloudsql.instances.reencrypt |
Cloud SQL | Supported In Custom Roles |
cloudsql.instances.reencrypt |
Cloud SQL | Now GA |
cloudsql.instances.reencrypt |
Dataform | Added |
dataform.repositories.commit dataform.repositories.computeAccessTokenStatus dataform.repositories.fetchHistory dataform.repositories.queryDirectoryContents dataform.repositories.readFile |
Cloud IAM changes as of 2023-04-07
Service | Change | Description |
---|---|---|
Firebase Remote Config | Role Updated |
The following permissions have been added to the role logging.logEntries.create logging.logEntries.route |
Google Distributed Cloud | Role Updated |
The following permissions have been added to the role gkeonprem.bareMetalAdminClusters.get gkeonprem.bareMetalClusters.get gkeonprem.bareMetalNodePools.get gkeonprem.vmwareAdminClusters.get gkeonprem.vmwareClusters.get gkeonprem.vmwareNodePools.get |
Cloud Integrations | Role Updated |
The following permissions have been added to the role iam.serviceAccounts.getAccessToken iam.serviceAccounts.getOpenIdToken |
Cloud Service Mesh control plane | Role Updated |
The following permissions have been added to the role trafficdirector.networks.getConfigs trafficdirector.networks.reportMetrics |
Security Command Center | Now GA |
The role |
Cloud TPU | Role Updated |
The following permissions have been added to the role compute.addresses.createInternal compute.addresses.deleteInternal compute.addresses.get compute.addresses.list compute.addresses.useInternal |
Compute Engine | Added |
compute.interconnectRemoteLocations.get compute.interconnectRemoteLocations.list |
Compute Engine | Supported In Custom Roles |
compute.interconnectRemoteLocations.get compute.interconnectRemoteLocations.list |
Compute Engine | Now GA |
compute.interconnectRemoteLocations.get compute.interconnectRemoteLocations.list |
Network Security | Added |
networksecurity.gatewaySecurityPolicies.create networksecurity.gatewaySecurityPolicies.delete networksecurity.gatewaySecurityPolicies.get networksecurity.gatewaySecurityPolicies.list networksecurity.gatewaySecurityPolicies.update networksecurity.gatewaySecurityPolicies.use networksecurity.gatewaySecurityPolicyRules.create networksecurity.gatewaySecurityPolicyRules.delete networksecurity.gatewaySecurityPolicyRules.get networksecurity.gatewaySecurityPolicyRules.list networksecurity.gatewaySecurityPolicyRules.update networksecurity.gatewaySecurityPolicyRules.use networksecurity.tlsInspectionPolicies.create networksecurity.tlsInspectionPolicies.delete networksecurity.tlsInspectionPolicies.get networksecurity.tlsInspectionPolicies.list networksecurity.tlsInspectionPolicies.update networksecurity.tlsInspectionPolicies.use networksecurity.urlLists.create networksecurity.urlLists.delete networksecurity.urlLists.get networksecurity.urlLists.list networksecurity.urlLists.update networksecurity.urlLists.use |
Network Security | Supported In Custom Roles |
networksecurity.gatewaySecurityPolicies.create networksecurity.gatewaySecurityPolicies.delete networksecurity.gatewaySecurityPolicies.get networksecurity.gatewaySecurityPolicies.list networksecurity.gatewaySecurityPolicies.update networksecurity.gatewaySecurityPolicies.use networksecurity.gatewaySecurityPolicyRules.create networksecurity.gatewaySecurityPolicyRules.delete networksecurity.gatewaySecurityPolicyRules.get networksecurity.gatewaySecurityPolicyRules.list networksecurity.gatewaySecurityPolicyRules.update networksecurity.gatewaySecurityPolicyRules.use networksecurity.tlsInspectionPolicies.create networksecurity.tlsInspectionPolicies.delete networksecurity.tlsInspectionPolicies.get networksecurity.tlsInspectionPolicies.list networksecurity.tlsInspectionPolicies.update networksecurity.tlsInspectionPolicies.use networksecurity.urlLists.create networksecurity.urlLists.delete networksecurity.urlLists.get networksecurity.urlLists.list networksecurity.urlLists.update networksecurity.urlLists.use |
Cloud Storage | Added |
storage.buckets.getObjectInsights |
Cloud Storage | Now GA |
storage.buckets.getObjectInsights |
Cloud IAM changes as of 2023-03-31
Service | Change | Description |
---|---|---|
Appliance Activation Service | Role Updated |
The following permissions have been added to the role applianceactivation.rttCommands.get |
Assured Workloads | Role Updated |
The following permissions have been added to the role bigquery.config.update |
Assured Workloads | Role Updated |
The following permissions have been added to the role bigquery.config.update |
Bigtable | Role Updated |
The following permissions have been added to the role monitoring.timeSeries.create |
Bigtable | Role Updated |
The following permissions have been added to the role monitoring.timeSeries.create |
Bigtable | Role Updated |
The following permissions have been added to the role monitoring.timeSeries.create |
Google Security Operations | Now GA |
The role |
Conversational Insights | Role Updated |
The following permissions have been added to the role dialogflow.conversationProfiles.get |
Cloud Data Fusion | Now GA |
The role |
Cloud Data Fusion | Now GA |
The role |
Cloud Data Fusion | Now GA |
The role |
Google Distributed Cloud | Role Updated |
The following permissions have been added to the role gkeonprem.bareMetalAdminClusters.enroll gkeonprem.bareMetalAdminClusters.unenroll gkeonprem.bareMetalClusters.enroll gkeonprem.bareMetalClusters.unenroll gkeonprem.bareMetalNodePools.enroll gkeonprem.bareMetalNodePools.unenroll gkeonprem.vmwareAdminClusters.enroll gkeonprem.vmwareAdminClusters.unenroll gkeonprem.vmwareClusters.enroll gkeonprem.vmwareClusters.unenroll gkeonprem.vmwareNodePools.enroll gkeonprem.vmwareNodePools.unenroll |
Backup and Disaster Recovery | Added |
backupdr.managementServers.access backupdr.managementServers.accessSensitiveData backupdr.managementServers.assignBackupPlans backupdr.managementServers.manageApplications backupdr.managementServers.manageBackupPlans backupdr.managementServers.manageBackupServers backupdr.managementServers.manageBackups backupdr.managementServers.manageClones backupdr.managementServers.manageExpiration backupdr.managementServers.manageHosts backupdr.managementServers.manageJobs backupdr.managementServers.manageLiveClones backupdr.managementServers.manageMigrations backupdr.managementServers.manageMirroring backupdr.managementServers.manageMounts backupdr.managementServers.manageRestores backupdr.managementServers.manageSensitiveData backupdr.managementServers.manageStorage backupdr.managementServers.manageSystem backupdr.managementServers.manageWorkflows backupdr.managementServers.refreshWorkflows backupdr.managementServers.runWorkflows backupdr.managementServers.testFailOvers backupdr.managementServers.viewBackupPlans backupdr.managementServers.viewReports backupdr.managementServers.viewStorage backupdr.managementServers.viewSystem backupdr.managementServers.viewWorkflows |
Google Security Operations | Added |
chronicle.collectors.create chronicle.collectors.delete chronicle.collectors.get chronicle.collectors.list chronicle.collectors.update chronicle.curatedRuleSetCategories.countAllCuratedRuleSetDetections chronicle.curatedRuleSetCategories.get chronicle.curatedRuleSetCategories.list chronicle.curatedRuleSetDeployments.batchUpdate chronicle.curatedRuleSetDeployments.get chronicle.curatedRuleSetDeployments.list chronicle.curatedRuleSetDeployments.update chronicle.curatedRuleSets.countCuratedRuleSetDetections chronicle.curatedRuleSets.get chronicle.curatedRuleSets.list chronicle.curatedRules.get chronicle.curatedRules.list chronicle.dashboards.copy chronicle.dashboards.create chronicle.dashboards.delete chronicle.dashboards.get chronicle.dashboards.list chronicle.extensionValidationReports.get chronicle.extensionValidationReports.list chronicle.feedSourceTypeSchemas.list chronicle.feeds.create chronicle.feeds.delete chronicle.feeds.disable chronicle.feeds.enable chronicle.feeds.get chronicle.feeds.list chronicle.feeds.update chronicle.forwarders.create chronicle.forwarders.delete chronicle.forwarders.generate chronicle.forwarders.get chronicle.forwarders.list chronicle.forwarders.update chronicle.instances.get chronicle.instances.report chronicle.legacies.legacyGetCuratedRulesTrends chronicle.legacies.legacyGetRuleCounts chronicle.legacies.legacyGetRulesTrends chronicle.legacies.legacyUpdateFinding chronicle.logTypeSchemas.list chronicle.multitenantDirectories.get chronicle.operations.cancel chronicle.operations.delete chronicle.operations.get chronicle.operations.list chronicle.operations.wait chronicle.parserExtensions.activate chronicle.parserExtensions.create chronicle.parserExtensions.delete chronicle.parserExtensions.generateKeyValueMappings chronicle.parserExtensions.get chronicle.parserExtensions.legacySubmitParserExtension chronicle.parserExtensions.list chronicle.parserExtensions.removeSyslog chronicle.parsers.activate chronicle.parsers.activateReleaseCandidate chronicle.parsers.copyPrebuiltParser chronicle.parsers.create chronicle.parsers.deactivate chronicle.parsers.delete chronicle.parsers.get chronicle.parsers.list chronicle.parsers.runParser chronicle.parsingErrors.list chronicle.referenceLists.create chronicle.referenceLists.get chronicle.referenceLists.list chronicle.referenceLists.update chronicle.referenceLists.verifyReferenceList chronicle.retrohunts.create chronicle.retrohunts.get chronicle.retrohunts.list chronicle.ruleDeployments.get chronicle.ruleDeployments.list chronicle.ruleDeployments.update chronicle.ruleExecutionErrors.list chronicle.rules.create chronicle.rules.get chronicle.rules.list chronicle.rules.listRevisions chronicle.rules.update chronicle.rules.verifyRuleText chronicle.validationErrors.list chronicle.validationReports.get |
Google Security Operations | Supported In Custom Roles |
chronicle.collectors.create chronicle.collectors.delete chronicle.collectors.get chronicle.collectors.list chronicle.collectors.update chronicle.dashboards.copy chronicle.dashboards.create chronicle.dashboards.delete chronicle.dashboards.get chronicle.dashboards.list chronicle.forwarders.create chronicle.forwarders.delete chronicle.forwarders.generate chronicle.forwarders.get chronicle.forwarders.list chronicle.forwarders.update chronicle.multitenantDirectories.get chronicle.parserExtensions.activate chronicle.parserExtensions.legacySubmitParserExtension chronicle.parsers.activateReleaseCandidate chronicle.parsers.create chronicle.parsers.deactivate chronicle.parsers.get chronicle.parsingErrors.list chronicle.validationReports.get |
Cloud Data Fusion | Now GA |
datafusion.instances.create datafusion.instances.delete datafusion.instances.get datafusion.instances.getIamPolicy datafusion.instances.list datafusion.instances.restart datafusion.instances.runtime datafusion.instances.setIamPolicy datafusion.instances.update datafusion.instances.upgrade datafusion.locations.get datafusion.locations.list datafusion.operations.cancel datafusion.operations.delete datafusion.operations.get datafusion.operations.list |
Cloud IAM changes as of 2023-03-24
Service | Change | Description |
---|---|---|
App Engine | Role Updated |
The following permissions have been added to the role artifactregistry.repositories.deleteArtifacts artifactregistry.repositories.downloadArtifacts artifactregistry.repositories.uploadArtifacts |
Bare Metal Solution | Role Updated |
The following permissions have been added to the role baremetalsolution.operations.get |
Bare Metal Solution | Role Updated |
The following permissions have been added to the role baremetalsolution.operations.get |
Bare Metal Solution | Role Updated |
The following permissions have been added to the role baremetalsolution.operations.get |
Bare Metal Solution | Role Updated |
The following permissions have been added to the role baremetalsolution.operations.get |
Bare Metal Solution | Role Updated |
The following permissions have been added to the role baremetalsolution.operations.get |
Bare Metal Solution | Role Updated |
The following permissions have been added to the role baremetalsolution.operations.get |
Bare Metal Solution | Role Updated |
The following permissions have been added to the role baremetalsolution.operations.get |
Bare Metal Solution | Role Updated |
The following permissions have been added to the role baremetalsolution.operations.get |
Bare Metal Solution | Role Updated |
The following permissions have been added to the role baremetalsolution.operations.get |
Bare Metal Solution | Role Updated |
The following permissions have been added to the role baremetalsolution.operations.get |
Bare Metal Solution | Role Updated |
The following permissions have been added to the role baremetalsolution.operations.get |
Bare Metal Solution | Role Updated |
The following permissions have been added to the role baremetalsolution.operations.get |
Bare Metal Solution | Role Updated |
The following permissions have been added to the role baremetalsolution.operations.get |
Bare Metal Solution | Role Updated |
The following permissions have been added to the role baremetalsolution.operations.get |
Bare Metal Solution | Role Updated |
The following permissions have been added to the role baremetalsolution.operations.get |
Artifact Analysis | Role Updated |
The following permissions have been added to the role storage.buckets.create storage.buckets.get storage.buckets.list storage.objects.create storage.objects.delete |
Container Scanning | Role Updated |
The following permissions have been added to the role storage.buckets.create storage.buckets.get storage.buckets.list storage.objects.create storage.objects.delete |
Dataproc | Role Updated |
The following permissions have been added to the role dataproc.operations.cancel |
Live Stream | Now GA |
The role |
Live Stream | Now GA |
The role |
Cloud Workstations | Role Updated |
The following permissions have been added to the role compute.instances.getGuestAttributes |
Appliance Activation Service | Added |
applianceactivation.rttCommands.approve applianceactivation.rttCommands.create applianceactivation.rttCommands.get applianceactivation.rttCommands.list applianceactivation.rttCommands.sendResult |
Appliance Activation Service | Supported In Custom Roles |
applianceactivation.rttCommands.approve applianceactivation.rttCommands.create applianceactivation.rttCommands.get applianceactivation.rttCommands.list applianceactivation.rttCommands.sendResult |
Bare Metal Solution | Added |
baremetalsolution.operations.get |
Bare Metal Solution | Supported In Custom Roles |
baremetalsolution.operations.get |
Bare Metal Solution | Now GA |
baremetalsolution.operations.get |
Cloud SQL | Added |
cloudsql.instances.getDiskShrinkConfig cloudsql.instances.performDiskShrink cloudsql.instances.resetReplicaSize |
Cloud SQL | Supported In Custom Roles |
cloudsql.instances.getDiskShrinkConfig cloudsql.instances.performDiskShrink cloudsql.instances.resetReplicaSize |
Cloud SQL | Now GA |
cloudsql.instances.getDiskShrinkConfig cloudsql.instances.performDiskShrink cloudsql.instances.resetReplicaSize |
Conversational Insights | Now GA |
contactcenterinsights.issues.create |
Database Migration Service | Added |
datamigration.migrationjobs.generateTcpProxyScript |
Database Migration Service | Supported In Custom Roles |
datamigration.migrationjobs.generateTcpProxyScript |
Database Migration Service | Now GA |
datamigration.migrationjobs.generateTcpProxyScript |
Google Distributed Cloud | Added |
gkeonprem.bareMetalNodePools.enroll gkeonprem.bareMetalNodePools.unenroll gkeonprem.vmwareNodePools.enroll gkeonprem.vmwareNodePools.unenroll |
Google Distributed Cloud | Now GA |
gkeonprem.bareMetalNodePools.enroll gkeonprem.bareMetalNodePools.unenroll gkeonprem.vmwareNodePools.enroll gkeonprem.vmwareNodePools.unenroll |
Live Stream | Now GA |
livestream.channels.create livestream.channels.delete livestream.channels.get livestream.channels.list livestream.channels.start livestream.channels.stop livestream.channels.update livestream.events.create livestream.events.delete livestream.events.get livestream.events.list livestream.inputs.create livestream.inputs.delete livestream.inputs.get livestream.inputs.list livestream.inputs.update livestream.locations.get livestream.locations.list livestream.operations.cancel livestream.operations.delete livestream.operations.get livestream.operations.list |
Maps Platform Datasets | Added |
mapsplatformdatasets.datasets.export |
Maps Platform Datasets | Supported In Custom Roles |
mapsplatformdatasets.datasets.export |
Google Cloud Migration Center | Added |
migrationcenter.preferenceSets.create migrationcenter.preferenceSets.delete migrationcenter.preferenceSets.get migrationcenter.preferenceSets.list migrationcenter.preferenceSets.update migrationcenter.settings.get migrationcenter.settings.update |
Google Cloud Migration Center | Supported In Custom Roles |
migrationcenter.preferenceSets.create migrationcenter.preferenceSets.delete migrationcenter.preferenceSets.get migrationcenter.preferenceSets.list migrationcenter.preferenceSets.update migrationcenter.settings.get migrationcenter.settings.update |
Spanner | Added |
spanner.databases.updateTag spanner.databases.useDataBoost spanner.instances.updateTag |
Spanner | Now GA |
spanner.databases.useDataBoost |
Cloud IAM changes as of 2023-03-17
Service | Change | Description |
---|---|---|
Vertex AI | Role Updated |
The following permissions have been added to the role aiplatform.indexEndpoints.queryVectors |
Vertex AI | Role Updated |
The following permissions have been added to the role aiplatform.indexEndpoints.queryVectors |
Vertex AI | Role Updated |
The following permissions have been added to the role aiplatform.indexEndpoints.queryVectors |
Vertex AI | Role Updated |
The following permissions have been added to the role aiplatform.indexEndpoints.queryVectors |
Vertex AI | Role Updated |
The following permissions have been added to the role aiplatform.indexEndpoints.queryVectors |
Apigee | Role Updated |
The following permissions have been added to the role apigee.environments.list |
Google Security Operations | Role Updated |
The following permissions have been removed from the role logging.logEntries.create storage.buckets.get storage.objects.create storage.objects.get |
Cloud Key Management Service | Now GA |
The role |
Conversational Insights | Role Updated |
The following permissions have been added to the role dlp.deidentifyTemplates.get dlp.deidentifyTemplates.list dlp.inspectTemplates.get dlp.inspectTemplates.list dlp.locations.list speech.recognizers.update |
Content Warehouse | Role Updated |
The following permissions have been added to the role documentai.datasets.createDocuments documentai.processors.get documentai.processors.processBatch storage.buckets.get storage.buckets.list storage.objects.create storage.objects.delete storage.objects.update |
Visual Inspection AI | Role Updated |
The following permissions have been added to the role aiplatform.indexEndpoints.queryVectors |
Vertex AI | Added |
aiplatform.indexEndpoints.queryVectors |
Cloud Key Management Service | Added |
cloudkms.ekmConfigs.get cloudkms.ekmConfigs.getIamPolicy cloudkms.ekmConfigs.setIamPolicy cloudkms.ekmConfigs.update |
Cloud Key Management Service | Now GA |
cloudkms.ekmConfigs.get cloudkms.ekmConfigs.getIamPolicy cloudkms.ekmConfigs.setIamPolicy cloudkms.ekmConfigs.update |
Commerce Business Enablement | Added |
commercebusinessenablement.partnerAccounts.get commercebusinessenablement.partnerAccounts.list commercebusinessenablement.resellerConfig.get |
Commerce Business Enablement | Supported In Custom Roles |
commercebusinessenablement.partnerAccounts.get commercebusinessenablement.partnerAccounts.list commercebusinessenablement.resellerConfig.get |
Connectors | Added |
connectors.settings.get connectors.settings.update |
Connectors | Supported In Custom Roles |
connectors.settings.get connectors.settings.update |
Connectors | Now GA |
connectors.settings.get connectors.settings.update |
Cloud DNS | Added |
dns.networks.useHealthSignals |
Cloud DNS | Supported In Custom Roles |
dns.networks.useHealthSignals |
Cloud DNS | Now GA |
dns.networks.useHealthSignals |
Identity and Access Management | Added |
iam.workforcePoolProviderKeys.create iam.workforcePoolProviderKeys.delete iam.workforcePoolProviderKeys.get iam.workforcePoolProviderKeys.list iam.workforcePoolProviderKeys.undelete iam.workloadIdentityPoolProviderKeys.create iam.workloadIdentityPoolProviderKeys.delete iam.workloadIdentityPoolProviderKeys.get iam.workloadIdentityPoolProviderKeys.list iam.workloadIdentityPoolProviderKeys.undelete |
Identity and Access Management | Supported In Custom Roles |
iam.workforcePoolProviderKeys.create iam.workforcePoolProviderKeys.delete iam.workforcePoolProviderKeys.get iam.workforcePoolProviderKeys.list iam.workforcePoolProviderKeys.undelete iam.workloadIdentityPoolProviderKeys.create iam.workloadIdentityPoolProviderKeys.delete iam.workloadIdentityPoolProviderKeys.get iam.workloadIdentityPoolProviderKeys.list iam.workloadIdentityPoolProviderKeys.undelete |
Identity and Access Management | Added |
iam.googleapis.com/workforcePoolProviderKeys.create iam.googleapis.com/workforcePoolProviderKeys.delete iam.googleapis.com/workforcePoolProviderKeys.get iam.googleapis.com/workforcePoolProviderKeys.list iam.googleapis.com/workforcePoolProviderKeys.undelete iam.googleapis.com/workloadIdentityPoolProviderKeys.create iam.googleapis.com/workloadIdentityPoolProviderKeys.delete iam.googleapis.com/workloadIdentityPoolProviderKeys.get iam.googleapis.com/workloadIdentityPoolProviderKeys.list iam.googleapis.com/workloadIdentityPoolProviderKeys.undelete |
Identity and Access Management | Supported In Custom Roles |
iam.googleapis.com/workforcePoolProviderKeys.create iam.googleapis.com/workforcePoolProviderKeys.delete iam.googleapis.com/workforcePoolProviderKeys.get iam.googleapis.com/workforcePoolProviderKeys.list iam.googleapis.com/workforcePoolProviderKeys.undelete iam.googleapis.com/workloadIdentityPoolProviderKeys.create iam.googleapis.com/workloadIdentityPoolProviderKeys.delete iam.googleapis.com/workloadIdentityPoolProviderKeys.get iam.googleapis.com/workloadIdentityPoolProviderKeys.list iam.googleapis.com/workloadIdentityPoolProviderKeys.undelete |
Cloud Run | Added |
run.jobs.runWithOverrides |
Cloud Run | Now GA |
run.jobs.runWithOverrides |
Cloud IAM changes as of 2023-03-10
Service | Change | Description |
---|---|---|
App Engine | Role Updated |
The following permissions have been added to the role serviceusage.services.enable serviceusage.services.get |
Commerce Business Enablement | Role Updated |
The following permissions have been added to the role commercebusinessenablement.partnerInfo.get |
Commerce Business Enablement | Role Updated |
The following permissions have been added to the role commercebusinessenablement.partnerInfo.get |
Confidential Computing | Now GA |
The role |
Conversational Insights | Role Updated |
The following permissions have been added to the role contactcenterinsights.issues.create |
Data Pipelines | Role Updated |
The following permissions have been added to the role bigquery.tables.get bigtable.tables.get pubsub.schemas.get pubsub.topics.get |
Basic Role | Role Updated |
The following permissions have been added to the role contactcenterinsights.issues.create |
FleetEngine | Role Updated |
The following permissions have been added to the role fleetengine.tasktrackinginfo.get |
Basic Role | Role Updated |
The following permissions have been added to the role contactcenterinsights.issues.create |
Speech-to-Text | Role Updated |
The following permissions have been added to the role storage.buckets.get storage.buckets.list |
Bare Metal Solution | Added |
baremetalsolution.luns.evict baremetalsolution.volumes.evict |
Bare Metal Solution | Supported In Custom Roles |
baremetalsolution.luns.evict baremetalsolution.volumes.evict |
Bare Metal Solution | Now GA |
baremetalsolution.luns.evict baremetalsolution.volumes.evict |
Cloud Deploy | Added |
clouddeploy.jobRuns.terminate clouddeploy.rollouts.advance clouddeploy.rollouts.cancel clouddeploy.rollouts.ignoreJob |
Cloud Deploy | Supported In Custom Roles |
clouddeploy.jobRuns.terminate clouddeploy.rollouts.advance clouddeploy.rollouts.cancel clouddeploy.rollouts.ignoreJob |
Commerce Business Enablement | Added |
commercebusinessenablement.partnerInfo.get |
Compute Engine | Added |
compute.disks.startAsyncReplication compute.disks.stopAsyncReplication compute.disks.stopGroupAsyncReplication compute.resourcePolicies.useReadOnly |
Compute Engine | Supported In Custom Roles |
compute.disks.startAsyncReplication compute.disks.stopAsyncReplication compute.disks.stopGroupAsyncReplication compute.resourcePolicies.useReadOnly |
Confidential Computing | Supported In Custom Roles |
confidentialcomputing.challenges.create confidentialcomputing.challenges.verify confidentialcomputing.locations.get confidentialcomputing.locations.list |
Confidential Computing | Now GA |
confidentialcomputing.challenges.create confidentialcomputing.challenges.verify confidentialcomputing.locations.get confidentialcomputing.locations.list |
Conversational Insights | Added |
contactcenterinsights.issues.create |
Retail API | Now GA |
retail.models.get |
Spanner | Added |
spanner.instances.createTagBinding spanner.instances.deleteTagBinding spanner.instances.listEffectiveTags spanner.instances.listTagBindings |
Spanner | Now GA |
spanner.instances.createTagBinding spanner.instances.deleteTagBinding spanner.instances.listEffectiveTags spanner.instances.listTagBindings |
Transfer Appliance | Added |
transferappliance.savedAddresses.create transferappliance.savedAddresses.delete transferappliance.savedAddresses.get transferappliance.savedAddresses.list transferappliance.savedAddresses.update |
Transfer Appliance | Supported In Custom Roles |
transferappliance.savedAddresses.create transferappliance.savedAddresses.delete transferappliance.savedAddresses.get transferappliance.savedAddresses.list transferappliance.savedAddresses.update |
Cloud IAM changes as of 2023-03-03
Service | Change | Description |
---|---|---|
Conversational Insights | Role Updated |
The following permissions have been added to the role dlp.kms.encrypt dlp.locations.get speech.operations.get speech.recognizers.create speech.recognizers.get speech.recognizers.recognize |
Google Kubernetes Engine | Role Updated |
The following permissions have been added to the role monitoring.timeSeries.list |
Google Kubernetes Engine | Role Updated |
The following permissions have been added to the role monitoring.timeSeries.list |
Basic Role | Role Updated |
The following permissions have been added to the role speech.locations.get speech.locations.list |
Identity and Access Management | Role Updated |
The following permissions have been added to the role speech.locations.list |
Identity and Access Management | Role Updated |
The following permissions have been added to the role speech.locations.list |
Network Connectivity Center | Role Updated |
The following permissions have been added to the role compute.forwardingRules.pscSetLabels compute.forwardingRules.pscSetTarget compute.forwardingRules.pscUpdate |
Basic Role | Role Updated |
The following permissions have been added to the role speech.locations.get speech.locations.list |
Speech-to-Text | Role Updated |
The following permissions have been added to the role speech.locations.get speech.locations.list |
Speech-to-Text | Role Updated |
The following permissions have been added to the role speech.locations.get speech.locations.list |
Speech-to-Text | Role Updated |
The following permissions have been added to the role speech.locations.get speech.locations.list |
Basic Role | Role Updated |
The following permissions have been added to the role speech.locations.get speech.locations.list |
Workload Certificate | Role Updated |
The following permissions have been added to the role container.operations.get |
Chrome Enterprise Premium | Added |
beyondcorp.subscriptions.create beyondcorp.subscriptions.get beyondcorp.subscriptions.list |
Chrome Enterprise Premium | Supported In Custom Roles |
beyondcorp.subscriptions.create beyondcorp.subscriptions.get beyondcorp.subscriptions.list |
Compute Engine | Now GA |
compute.nodeGroups.simulateMaintenanceEvent |
Conversational Insights | Now GA |
contactcenterinsights.issues.delete |
Google Kubernetes Engine | Added |
container.clusters.impersonate |
Dataform | Added |
dataform.repositories.getIamPolicy dataform.repositories.setIamPolicy dataform.workspaces.getIamPolicy dataform.workspaces.setIamPolicy |
Speech-to-Text | Added |
speech.locations.get speech.locations.list |
Cloud IAM changes as of 2023-02-24
Service | Change | Description |
---|---|---|
Vertex AI | Role Updated |
The following permissions have been added to the role monitoring.notificationChannels.get |
Apigee | Role Updated |
The following permissions have been added to the role apigee.keyvaluemapentries.create apigee.keyvaluemapentries.delete apigee.keyvaluemapentries.get apigee.keyvaluemapentries.list |
App Engine flexible environment | Role Updated |
The following permissions have been added to the role compute.disks.create compute.subnetworks.use compute.subnetworks.useExternalIp |
Cloud Build | Role Updated |
The following permissions have been added to the role artifactregistry.repositories.createOnPush |
Cloud Build | Role Updated |
The following permissions have been added to the role artifactregistry.repositories.createOnPush |
Firebase Remote Config | Role Updated |
The following permissions have been added to the role iam.serviceAccounts.getAccessToken |
Cloud Deploy | Role Updated |
The following permissions have been added to the role cloudbuild.builds.update |
Cloud Composer | Role Updated |
The following permissions have been added to the role artifactregistry.repositories.createOnPush |
GKE Hub | Role Updated |
The following permissions have been added to the role logging.buckets.create logging.buckets.get logging.buckets.list logging.buckets.update logging.exclusions.create logging.exclusions.delete logging.exclusions.get logging.exclusions.list logging.exclusions.update logging.sinks.create logging.sinks.delete logging.sinks.get logging.sinks.list logging.sinks.update logging.views.create logging.views.get logging.views.list logging.views.update |
Identity and Access Management | Now GA |
The role |
Identity and Access Management | Now GA |
The role |
Identity and Access Management | Now GA |
The role |
Cloud Logging | Now GA |
The role |
Network Connectivity Center | Role Updated |
The following permissions have been added to the role compute.addresses.create compute.addresses.delete compute.addresses.use compute.forwardingRules.create compute.forwardingRules.delete compute.forwardingRules.pscCreate compute.forwardingRules.pscDelete compute.subnetworks.use |
Certificate Authority Service | Now GA |
The role |
Pub/Sub Lite | Role Updated |
The following permissions have been added to the role pubsublite.subscriptions.getCursor |
Apigee | Added |
apigee.nataddresses.activate apigee.nataddresses.create apigee.nataddresses.delete apigee.nataddresses.get apigee.nataddresses.list apigee.securityIncidents.get apigee.securityIncidents.list |
Apigee | Supported In Custom Roles |
apigee.nataddresses.activate apigee.nataddresses.create apigee.nataddresses.delete apigee.nataddresses.get apigee.nataddresses.list apigee.securityIncidents.get apigee.securityIncidents.list |
Apigee | Now GA |
apigee.nataddresses.activate apigee.nataddresses.create apigee.nataddresses.delete apigee.nataddresses.get apigee.nataddresses.list apigee.securityIncidents.get apigee.securityIncidents.list |
Bare Metal Solution | Added |
baremetalsolution.maintenanceevents.addProposal baremetalsolution.maintenanceevents.approve baremetalsolution.maintenanceevents.get baremetalsolution.maintenanceevents.list |
Bare Metal Solution | Supported In Custom Roles |
baremetalsolution.maintenanceevents.addProposal baremetalsolution.maintenanceevents.approve baremetalsolution.maintenanceevents.get baremetalsolution.maintenanceevents.list |
Bare Metal Solution | Now GA |
baremetalsolution.maintenanceevents.addProposal baremetalsolution.maintenanceevents.approve baremetalsolution.maintenanceevents.get baremetalsolution.maintenanceevents.list |
Compute Engine | Now GA |
compute.instances.setName |
Confidential Computing | Added |
confidentialcomputing.challenges.create confidentialcomputing.challenges.verify confidentialcomputing.locations.get confidentialcomputing.locations.list |
Dialogflow | Added |
dialogflow.deployments.get dialogflow.deployments.list dialogflow.environments.runContinuousTest |
Cloud DNS | Added |
dns.gkeClusters.bindDNSResponsePolicy dns.gkeClusters.bindPrivateDNSZone |
Cloud DNS | Supported In Custom Roles |
dns.gkeClusters.bindDNSResponsePolicy dns.gkeClusters.bindPrivateDNSZone |
Cloud DNS | Now GA |
dns.gkeClusters.bindDNSResponsePolicy dns.gkeClusters.bindPrivateDNSZone dns.managedZones.getIamPolicy dns.managedZones.setIamPolicy dns.networks.bindDNSResponsePolicy dns.responsePolicies.create dns.responsePolicies.delete dns.responsePolicies.get dns.responsePolicies.list dns.responsePolicies.update dns.responsePolicyRules.create dns.responsePolicyRules.delete dns.responsePolicyRules.get dns.responsePolicyRules.list dns.responsePolicyRules.update |
Distributed Cloud Edge Network | Added |
edgenetwork.routes.create edgenetwork.routes.delete edgenetwork.routes.get edgenetwork.routes.list |
Distributed Cloud Edge Network | Now GA |
edgenetwork.routes.create edgenetwork.routes.delete edgenetwork.routes.get edgenetwork.routes.list |
FleetEngine | Added |
fleetengine.tasktrackinginfo.get |
FleetEngine | Supported In Custom Roles |
fleetengine.tasktrackinginfo.get |
Google Distributed Cloud | Added |
gkeonprem.bareMetalAdminClusters.connect gkeonprem.vmwareAdminClusters.connect |
Google Distributed Cloud | Supported In Custom Roles |
gkeonprem.bareMetalAdminClusters.connect gkeonprem.vmwareAdminClusters.connect |
Google Distributed Cloud | Now GA |
gkeonprem.bareMetalAdminClusters.connect gkeonprem.vmwareAdminClusters.connect |
Identity and Access Management | Now GA |
iam.workforcePoolProviders.create iam.workforcePoolProviders.delete iam.workforcePoolProviders.get iam.workforcePoolProviders.list iam.workforcePoolProviders.undelete iam.workforcePoolProviders.update iam.workforcePoolSubjects.delete iam.workforcePoolSubjects.undelete iam.workforcePools.create iam.workforcePools.delete iam.workforcePools.get iam.workforcePools.getIamPolicy iam.workforcePools.list iam.workforcePools.setIamPolicy iam.workforcePools.undelete iam.workforcePools.update |
Identity and Access Management | Now GA |
iam.googleapis.com/workforcePoolProviders.create iam.googleapis.com/workforcePoolProviders.delete iam.googleapis.com/workforcePoolProviders.get iam.googleapis.com/workforcePoolProviders.list iam.googleapis.com/workforcePoolProviders.undelete iam.googleapis.com/workforcePoolProviders.update iam.googleapis.com/workforcePoolSubjects.delete iam.googleapis.com/workforcePoolSubjects.undelete iam.googleapis.com/workforcePools.create iam.googleapis.com/workforcePools.delete iam.googleapis.com/workforcePools.get iam.googleapis.com/workforcePools.getIamPolicy iam.googleapis.com/workforcePools.list iam.googleapis.com/workforcePools.setIamPolicy iam.googleapis.com/workforcePools.undelete iam.googleapis.com/workforcePools.update |
Cloud Logging | Now GA |
logging.links.create logging.links.delete logging.links.get logging.links.list |
Recommender | Added |
recommender.resourcemanagerServiceLimitInsights.get recommender.resourcemanagerServiceLimitInsights.list recommender.resourcemanagerServiceLimitInsights.update recommender.resourcemanagerServiceLimitRecommendations.get recommender.resourcemanagerServiceLimitRecommendations.list recommender.resourcemanagerServiceLimitRecommendations.update |
Recommender | Supported In Custom Roles |
recommender.resourcemanagerServiceLimitInsights.get recommender.resourcemanagerServiceLimitInsights.list recommender.resourcemanagerServiceLimitInsights.update recommender.resourcemanagerServiceLimitRecommendations.get recommender.resourcemanagerServiceLimitRecommendations.list recommender.resourcemanagerServiceLimitRecommendations.update |
Risk Manager | Added |
riskmanager.controlScoreBreakdowns.get riskmanager.controlScoreBreakdowns.list |
Risk Manager | Supported In Custom Roles |
riskmanager.controlScoreBreakdowns.get riskmanager.controlScoreBreakdowns.list |
Security Command Center | Added |
securitycenter.effectivesecurityhealthanalyticscustommodules.get securitycenter.effectivesecurityhealthanalyticscustommodules.list |
Security Command Center | Supported In Custom Roles |
securitycenter.effectivesecurityhealthanalyticscustommodules.get securitycenter.effectivesecurityhealthanalyticscustommodules.list |
Security Command Center | Now GA |
securitycenter.effectivesecurityhealthanalyticscustommodules.get securitycenter.effectivesecurityhealthanalyticscustommodules.list |
Cloud IAM changes as of 2023-02-17
Service | Change | Description |
---|---|---|
Advisory Notifications | Now GA |
The role |
Vertex AI | Role Updated |
The following permissions have been added to the role compute.disks.createTagBinding compute.instances.createTagBinding notebooks.instances.create notebooks.instances.delete notebooks.instances.get |
Cloud Service Mesh | Role Updated |
The following permissions have been added to the role workloadcertificate.locations.get workloadcertificate.locations.list workloadcertificate.operations.get workloadcertificate.workloadCertificateFeature.get workloadcertificate.workloadRegistrations.create workloadcertificate.workloadRegistrations.get workloadcertificate.workloadRegistrations.list |
Artifact Registry | Now GA |
The role |
Artifact Registry | Now GA |
The role |
Certificate Manager | Now GA |
The role |
Google Security Operations | Now GA |
The role |
Cloud Build | Now GA |
The role |
Compute Engine | Role Updated |
The following permissions have been added to the role compute.disks.createTagBinding |
Dataform | Role Updated |
The following permissions have been added to the role dataform.compilationResults.create dataform.workflowInvocations.create |
Database Migration Service | Role Updated |
The following permissions have been added to the role cloudsql.instances.demoteMaster |
Firebase Realtime Database | Now GA |
The role |
Backup for GKE | Role Updated |
The following permissions have been added to the role container.clusters.update container.operations.get container.operations.list |
Google Distributed Cloud | Now GA |
The role |
Identity Toolkit | Now GA |
The role |
Cloud Workstations | Now GA |
The role |
Access Context Manager | Added |
accesscontextmanager.authorizedOrgsDescs.create accesscontextmanager.authorizedOrgsDescs.delete accesscontextmanager.authorizedOrgsDescs.get accesscontextmanager.authorizedOrgsDescs.list accesscontextmanager.authorizedOrgsDescs.update |
Access Context Manager | Supported In Custom Roles |
accesscontextmanager.authorizedOrgsDescs.create accesscontextmanager.authorizedOrgsDescs.delete accesscontextmanager.authorizedOrgsDescs.get accesscontextmanager.authorizedOrgsDescs.list accesscontextmanager.authorizedOrgsDescs.update |
Access Context Manager | Now GA |
accesscontextmanager.authorizedOrgsDescs.create accesscontextmanager.authorizedOrgsDescs.delete accesscontextmanager.authorizedOrgsDescs.get accesscontextmanager.authorizedOrgsDescs.list accesscontextmanager.authorizedOrgsDescs.update |
Advisory Notifications | Now GA |
advisorynotifications.notifications.get advisorynotifications.notifications.list |
Artifact Registry | Added |
artifactregistry.repositories.createOnPush |
Artifact Registry | Supported In Custom Roles |
artifactregistry.repositories.createOnPush |
Artifact Registry | Now GA |
artifactregistry.repositories.createOnPush |
Bare Metal Solution | Added |
baremetalsolution.storageaggregatepools.list |
Bare Metal Solution | Supported In Custom Roles |
baremetalsolution.storageaggregatepools.list |
Bare Metal Solution | Now GA |
baremetalsolution.storageaggregatepools.list |
BigQuery | Added |
bigquery.datasets.listEffectiveTags |
BigQuery | Now GA |
bigquery.datasets.listEffectiveTags |
Cloud Logging | Added |
logging.logEntries.route |
Cloud Logging | Supported In Custom Roles |
logging.logEntries.route |
Cloud IAM changes as of 2023-02-03
Service | Change | Description |
---|---|---|
Connectors | Now GA |
The role |
Google Kubernetes Engine | Role Updated |
The following permissions have been added to the role recommender.containerDiagnosisInsights.get recommender.containerDiagnosisInsights.list recommender.containerDiagnosisRecommendations.get recommender.containerDiagnosisRecommendations.list recommender.locations.get recommender.locations.list recommender.networkAnalyzerGkeConnectivityInsights.get recommender.networkAnalyzerGkeConnectivityInsights.list recommender.networkAnalyzerGkeIpAddressInsights.get recommender.networkAnalyzerGkeIpAddressInsights.list |
Container Threat Detection | Role Updated |
The following permissions have been added to the role recommender.containerDiagnosisInsights.get recommender.containerDiagnosisInsights.list recommender.containerDiagnosisRecommendations.get recommender.containerDiagnosisRecommendations.list recommender.locations.get recommender.locations.list recommender.networkAnalyzerGkeConnectivityInsights.get recommender.networkAnalyzerGkeConnectivityInsights.list recommender.networkAnalyzerGkeIpAddressInsights.get recommender.networkAnalyzerGkeIpAddressInsights.list |
Identity and Access Management | Now GA |
The role |
Identity and Access Management | Now GA |
The role |
Cloud Integrations | Role Updated |
The following permissions have been added to the role connectors.actions.execute connectors.actions.list connectors.connections.executeSqlQuery connectors.entities.create connectors.entities.delete connectors.entities.deleteEntitiesWithConditions connectors.entities.get connectors.entities.list connectors.entities.update connectors.entities.updateEntitiesWithConditions connectors.entityTypes.list |
Cloud Integrations | Role Updated |
The following permissions have been added to the role connectors.actions.execute connectors.actions.list connectors.connections.executeSqlQuery connectors.entities.create connectors.entities.delete connectors.entities.deleteEntitiesWithConditions connectors.entities.get connectors.entities.list connectors.entities.update connectors.entities.updateEntitiesWithConditions connectors.entityTypes.list |
Cloud Integrations | Role Updated |
The following permissions have been added to the role connectors.actions.execute connectors.actions.list connectors.connections.executeSqlQuery connectors.entities.create connectors.entities.delete connectors.entities.deleteEntitiesWithConditions connectors.entities.get connectors.entities.list connectors.entities.update connectors.entities.updateEntitiesWithConditions connectors.entityTypes.list |
Service Extensions | Now GA |
The role |
Pub/Sub Lite | Role Updated |
The following permissions have been added to the role pubsublite.subscriptions.get |
Recommender | Now GA |
The role |
Security Command Center | Role Updated |
The following permissions have been added to the role recommender.containerDiagnosisInsights.get recommender.containerDiagnosisInsights.list recommender.containerDiagnosisRecommendations.get recommender.containerDiagnosisRecommendations.list recommender.networkAnalyzerGkeConnectivityInsights.get recommender.networkAnalyzerGkeConnectivityInsights.list recommender.networkAnalyzerGkeIpAddressInsights.get recommender.networkAnalyzerGkeIpAddressInsights.list |
Security Command Center | Role Updated |
The following permissions have been added to the role recommender.containerDiagnosisInsights.get recommender.containerDiagnosisInsights.list recommender.containerDiagnosisRecommendations.get recommender.containerDiagnosisRecommendations.list recommender.networkAnalyzerGkeConnectivityInsights.get recommender.networkAnalyzerGkeConnectivityInsights.list recommender.networkAnalyzerGkeIpAddressInsights.get recommender.networkAnalyzerGkeIpAddressInsights.list |
Service Management | Role Updated |
The following permissions have been added to the role monitoring.alertPolicies.create monitoring.alertPolicies.delete monitoring.alertPolicies.get monitoring.alertPolicies.list monitoring.alertPolicies.update |
BigLake | Added |
biglake.catalogs.create biglake.catalogs.delete biglake.catalogs.get biglake.catalogs.list biglake.databases.create biglake.databases.delete biglake.databases.get biglake.databases.list biglake.databases.update biglake.locks.check biglake.locks.create biglake.locks.delete biglake.locks.list biglake.tables.create biglake.tables.delete biglake.tables.get biglake.tables.list biglake.tables.lock biglake.tables.update |
Blockchain Node Engine | Added |
blockchainnodeengine.blockchainNodes.create blockchainnodeengine.blockchainNodes.delete blockchainnodeengine.blockchainNodes.get blockchainnodeengine.blockchainNodes.list blockchainnodeengine.blockchainNodes.update blockchainnodeengine.locations.get blockchainnodeengine.locations.list blockchainnodeengine.operations.cancel blockchainnodeengine.operations.delete blockchainnodeengine.operations.get blockchainnodeengine.operations.list |
Identity and Access Management | Now GA |
iam.denypolicies.create iam.denypolicies.delete iam.denypolicies.get iam.denypolicies.list iam.denypolicies.replace iam.denypolicies.update |
Identity and Access Management | Now GA |
iam.googleapis.com/denypolicies.create iam.googleapis.com/denypolicies.delete iam.googleapis.com/denypolicies.get iam.googleapis.com/denypolicies.list iam.googleapis.com/denypolicies.replace |
Serverless VPC Access | Added |
vpcaccess.connectors.update |
Serverless VPC Access | Supported In Custom Roles |
vpcaccess.connectors.update |
Cloud IAM changes as of 2023-01-27
Service | Change | Description |
---|---|---|
Batch | Role Updated |
The following permissions have been added to the role compute.backendBuckets.get compute.backendBuckets.list compute.backendServices.get compute.backendServices.list compute.disks.addResourcePolicies compute.disks.createTagBinding compute.disks.deleteTagBinding compute.disks.getIamPolicy compute.disks.listEffectiveTags compute.disks.listTagBindings compute.disks.removeResourcePolicies compute.externalVpnGateways.get compute.externalVpnGateways.list compute.firewalls.get compute.firewalls.list compute.forwardingRules.get compute.forwardingRules.list compute.globalForwardingRules.get compute.globalForwardingRules.list compute.globalForwardingRules.pscGet compute.healthChecks.get compute.healthChecks.list compute.httpHealthChecks.get compute.httpHealthChecks.list compute.httpsHealthChecks.get compute.httpsHealthChecks.list compute.images.create compute.images.createTagBinding compute.images.delete compute.images.deleteTagBinding compute.images.deprecate compute.images.getIamPolicy compute.images.listEffectiveTags compute.images.listTagBindings compute.images.setLabels compute.images.update compute.interconnectAttachments.get compute.interconnectAttachments.list compute.interconnectLocations.get compute.interconnectLocations.list compute.interconnects.get compute.interconnects.list compute.licenseCodes.get compute.licenseCodes.getIamPolicy compute.licenseCodes.list compute.licenseCodes.update compute.licenseCodes.use compute.licenses.create compute.licenses.delete compute.licenses.getIamPolicy compute.networkAttachments.get compute.networkAttachments.list compute.projects.setCommonInstanceMetadata compute.regionBackendServices.get compute.regionBackendServices.list compute.regionHealthCheckServices.get compute.regionHealthCheckServices.list compute.regionHealthChecks.get compute.regionHealthChecks.list compute.regionNotificationEndpoints.get compute.regionNotificationEndpoints.list compute.regionSslCertificates.get compute.regionSslCertificates.list compute.regionSslPolicies.get compute.regionSslPolicies.list compute.regionSslPolicies.listAvailableFeatures compute.regionTargetHttpProxies.get compute.regionTargetHttpProxies.list compute.regionTargetHttpsProxies.get compute.regionTargetHttpsProxies.list compute.regionTargetTcpProxies.get compute.regionTargetTcpProxies.list compute.regionUrlMaps.get compute.regionUrlMaps.list compute.resourcePolicies.create compute.resourcePolicies.delete compute.resourcePolicies.get compute.resourcePolicies.getIamPolicy compute.resourcePolicies.list compute.resourcePolicies.update compute.resourcePolicies.use compute.routers.get compute.routers.list compute.routes.get compute.routes.list compute.serviceAttachments.get compute.serviceAttachments.list compute.snapshots.create compute.snapshots.createTagBinding compute.snapshots.delete compute.snapshots.deleteTagBinding compute.snapshots.get compute.snapshots.getIamPolicy compute.snapshots.list compute.snapshots.listEffectiveTags compute.snapshots.listTagBindings compute.snapshots.setLabels compute.snapshots.useReadOnly compute.sslCertificates.get compute.sslCertificates.list compute.sslPolicies.get compute.sslPolicies.list compute.sslPolicies.listAvailableFeatures compute.targetGrpcProxies.get compute.targetGrpcProxies.list compute.targetHttpProxies.get compute.targetHttpProxies.list compute.targetHttpsProxies.get compute.targetHttpsProxies.list compute.targetInstances.get compute.targetInstances.list compute.targetSslProxies.get compute.targetSslProxies.list compute.targetTcpProxies.get compute.targetTcpProxies.list compute.targetVpnGateways.get compute.targetVpnGateways.list compute.urlMaps.get compute.urlMaps.list compute.vpnGateways.get compute.vpnGateways.list compute.vpnTunnels.get compute.vpnTunnels.list |
Firebase Remote Config | Now GA |
The role |
Dataplex | Now GA |
The role |
Dataplex | Now GA |
The role |
Dataplex | Now GA |
The role |
Dataplex | Now GA |
The role |
Firebase | Role Updated |
The following permissions have been added to the role oauthconfig.verification.get oauthpolicymetadata.brandpolicy.get |
Firebase | Role Updated |
The following permissions have been added to the role oauthconfig.verification.get oauthpolicymetadata.brandpolicy.get |
Firebase | Role Updated |
The following permissions have been added to the role oauthconfig.verification.get oauthpolicymetadata.brandpolicy.get |
Firebase | Role Updated |
The following permissions have been added to the role oauthconfig.verification.get oauthpolicymetadata.brandpolicy.get |
BigQuery | Now GA |
bigquery.datasets.createTagBinding bigquery.datasets.deleteTagBinding bigquery.datasets.listTagBindings |
Cloud SQL | Added |
cloudsql.instances.migrate |
Cloud SQL | Supported In Custom Roles |
cloudsql.instances.migrate |
Cloud SQL | Now GA |
cloudsql.instances.migrate |
Dataplex | Added |
dataplex.dataAttributeBindings.create dataplex.dataAttributeBindings.delete dataplex.dataAttributeBindings.get dataplex.dataAttributeBindings.getIamPolicy dataplex.dataAttributeBindings.list dataplex.dataAttributeBindings.setIamPolicy dataplex.dataAttributeBindings.update dataplex.dataAttributes.bind dataplex.dataAttributes.create dataplex.dataAttributes.delete dataplex.dataAttributes.get dataplex.dataAttributes.getIamPolicy dataplex.dataAttributes.list dataplex.dataAttributes.setIamPolicy dataplex.dataAttributes.update dataplex.dataTaxonomies.configureDataAccess dataplex.dataTaxonomies.configureResourceAccess dataplex.dataTaxonomies.create dataplex.dataTaxonomies.delete dataplex.dataTaxonomies.get dataplex.dataTaxonomies.getIamPolicy dataplex.dataTaxonomies.list dataplex.dataTaxonomies.setIamPolicy dataplex.dataTaxonomies.update |
Dataplex | Now GA |
dataplex.dataAttributeBindings.create dataplex.dataAttributeBindings.delete dataplex.dataAttributeBindings.get dataplex.dataAttributeBindings.getIamPolicy dataplex.dataAttributeBindings.list dataplex.dataAttributeBindings.setIamPolicy dataplex.dataAttributeBindings.update dataplex.dataAttributes.bind dataplex.dataAttributes.create dataplex.dataAttributes.delete dataplex.dataAttributes.get dataplex.dataAttributes.getIamPolicy dataplex.dataAttributes.list dataplex.dataAttributes.setIamPolicy dataplex.dataAttributes.update dataplex.dataTaxonomies.configureDataAccess dataplex.dataTaxonomies.configureResourceAccess dataplex.dataTaxonomies.create dataplex.dataTaxonomies.delete dataplex.dataTaxonomies.get dataplex.dataTaxonomies.getIamPolicy dataplex.dataTaxonomies.list dataplex.dataTaxonomies.setIamPolicy dataplex.dataTaxonomies.update |
Dialogflow | Added |
dialogflow.experiments.create dialogflow.experiments.delete dialogflow.experiments.get dialogflow.experiments.list dialogflow.experiments.update dialogflow.testcases.calculateCoverage dialogflow.testcases.create dialogflow.testcases.delete dialogflow.testcases.export dialogflow.testcases.get dialogflow.testcases.import dialogflow.testcases.list dialogflow.testcases.run dialogflow.testcases.update |
Pub/Sub | Added |
pubsub.schemas.commit pubsub.schemas.listRevisions pubsub.schemas.rollback |
Pub/Sub | Now GA |
pubsub.schemas.commit pubsub.schemas.listRevisions pubsub.schemas.rollback |
Pub/Sub Lite | Added |
pubsublite.locations.openKafkaStream |
Pub/Sub Lite | Now GA |
pubsublite.locations.openKafkaStream |
Workload Certificate | Added |
workloadcertificate.locations.get workloadcertificate.locations.list workloadcertificate.operations.cancel workloadcertificate.operations.delete workloadcertificate.operations.get workloadcertificate.operations.list workloadcertificate.workloadCertificateFeature.get workloadcertificate.workloadCertificateFeature.update workloadcertificate.workloadRegistrations.create workloadcertificate.workloadRegistrations.delete workloadcertificate.workloadRegistrations.get workloadcertificate.workloadRegistrations.list workloadcertificate.workloadRegistrations.update |
Cloud IAM changes as of 2023-01-20
Service | Change | Description |
---|---|---|
Vertex AI | Role Updated |
The following permissions have been added to the role aiplatform.humanInTheLoops.cancel |
Vertex AI | Role Updated |
The following permissions have been added to the role aiplatform.humanInTheLoops.cancel |
Vertex AI | Role Updated |
The following permissions have been added to the role aiplatform.humanInTheLoops.cancel compute.addresses.get compute.addresses.list compute.addresses.use compute.addresses.useInternal compute.disks.create compute.disks.delete compute.disks.get compute.disks.setLabels compute.disks.use compute.disks.useReadOnly compute.instances.create compute.instances.delete compute.instances.get compute.instances.setLabels compute.instances.setMetadata compute.instances.setServiceAccount compute.instances.setTags compute.subnetworks.use compute.subnetworks.useExternalIp |
Vertex AI | Role Updated |
The following permissions have been added to the role aiplatform.humanInTheLoops.cancel |
Cloud Build | Role Updated |
The following permissions have been added to the role pubsub.topics.get |
Distributed Cloud Edge Network | Now GA |
The role |
Distributed Cloud Edge Network | Now GA |
The role |
Firebase Security Rules | Now GA |
The role |
Maps Platform Datasets | Role Updated |
The following permissions have been added to the role mapsadmin.clientStyles.create mapsadmin.clientStyles.delete mapsadmin.clientStyles.get mapsadmin.clientStyles.list mapsadmin.clientStyles.update |
Maps Platform Datasets | Role Updated |
The following permissions have been added to the role mapsadmin.clientStyles.get mapsadmin.clientStyles.list |
Cloud Monitoring | Role Updated |
The following permissions have been added to the role monitoring.timeSeries.list |
Stream | Now GA |
The role |
Vision AI | Now GA |
The role |
Visual Inspection AI | Role Updated |
The following permissions have been added to the role aiplatform.humanInTheLoops.cancel |
Vertex AI | Added |
aiplatform.humanInTheLoops.cancel |
Apigee | Added |
apigee.entitlements.get apigee.projectorganizations.get apigee.setupcontexts.get apigee.setupcontexts.update |
Apigee | Now GA |
apigee.entitlements.get apigee.projectorganizations.get apigee.setupcontexts.get apigee.setupcontexts.update |
Recommendations | Added |
automlrecommendations.eventStores.list automlrecommendations.events.get |
Recommendations | Supported In Custom Roles |
automlrecommendations.eventStores.list automlrecommendations.events.get |
Google Security Operations | Added |
chronicle.parserExtensions.create chronicle.parserExtensions.delete chronicle.parserExtensions.get chronicle.parserExtensions.list |
Google Security Operations | Now GA |
chronicle.parserExtensions.create chronicle.parserExtensions.delete chronicle.parserExtensions.get chronicle.parserExtensions.list |
Compute Engine | Added |
compute.resourcePolicies.update |
Compute Engine | Supported In Custom Roles |
compute.resourcePolicies.update |
Compute Engine | Now GA |
compute.resourcePolicies.update |
Data Catalog | Added |
datacatalog.entries.createGlossary datacatalog.entries.createGlossaryTerm datacatalog.entries.deleteGlossary datacatalog.entries.deleteGlossaryTerm datacatalog.entries.updateGlossary datacatalog.entries.updateGlossaryTerm datacatalog.relationships.create datacatalog.relationships.createIsDescribedBy datacatalog.relationships.createIsRelatedTo datacatalog.relationships.createIsSynonymousTo datacatalog.relationships.delete datacatalog.relationships.deleteIsDescribedBy datacatalog.relationships.deleteIsRelatedTo datacatalog.relationships.deleteIsSynonymousTo datacatalog.relationships.list |
Data Catalog | Supported In Custom Roles |
datacatalog.entries.createGlossary datacatalog.entries.createGlossaryTerm datacatalog.entries.deleteGlossary datacatalog.entries.deleteGlossaryTerm datacatalog.entries.updateGlossary datacatalog.entries.updateGlossaryTerm datacatalog.relationships.create datacatalog.relationships.createIsDescribedBy datacatalog.relationships.createIsRelatedTo datacatalog.relationships.createIsSynonymousTo datacatalog.relationships.delete datacatalog.relationships.deleteIsDescribedBy datacatalog.relationships.deleteIsRelatedTo datacatalog.relationships.deleteIsSynonymousTo datacatalog.relationships.list |
Database Migration Service | Added |
datamigration.locations.fetchStaticIps |
Database Migration Service | Supported In Custom Roles |
datamigration.locations.fetchStaticIps |
Database Migration Service | Now GA |
datamigration.locations.fetchStaticIps |
Distributed Cloud Edge Network | Added |
edgenetwork.interconnectAttachments.create edgenetwork.interconnectAttachments.delete edgenetwork.interconnectAttachments.get edgenetwork.interconnectAttachments.getIamPolicy edgenetwork.interconnectAttachments.list edgenetwork.interconnectAttachments.setIamPolicy edgenetwork.interconnectAttachments.update edgenetwork.interconnects.get edgenetwork.interconnects.getDiagnostics edgenetwork.interconnects.getIamPolicy edgenetwork.interconnects.list edgenetwork.interconnects.setIamPolicy edgenetwork.locations.get edgenetwork.locations.list edgenetwork.networks.create edgenetwork.networks.delete edgenetwork.networks.get edgenetwork.networks.getIamPolicy edgenetwork.networks.getStatus edgenetwork.networks.list edgenetwork.networks.setIamPolicy edgenetwork.networks.update edgenetwork.operations.cancel edgenetwork.operations.delete edgenetwork.operations.get edgenetwork.operations.list edgenetwork.routers.create edgenetwork.routers.delete edgenetwork.routers.get edgenetwork.routers.getIamPolicy edgenetwork.routers.getRouterStatus edgenetwork.routers.list edgenetwork.routers.patch edgenetwork.routers.setIamPolicy edgenetwork.routers.update edgenetwork.subnetworks.create edgenetwork.subnetworks.delete edgenetwork.subnetworks.get edgenetwork.subnetworks.getIamPolicy edgenetwork.subnetworks.getStatus edgenetwork.subnetworks.list edgenetwork.subnetworks.setIamPolicy edgenetwork.subnetworks.update edgenetwork.zones.get edgenetwork.zones.initialize edgenetwork.zones.list |
Distributed Cloud Edge Network | Supported In Custom Roles |
edgenetwork.interconnectAttachments.create edgenetwork.interconnectAttachments.delete edgenetwork.interconnectAttachments.get edgenetwork.interconnectAttachments.getIamPolicy edgenetwork.interconnectAttachments.list edgenetwork.interconnectAttachments.setIamPolicy edgenetwork.interconnectAttachments.update edgenetwork.interconnects.get edgenetwork.interconnects.getDiagnostics edgenetwork.interconnects.getIamPolicy edgenetwork.interconnects.list edgenetwork.interconnects.setIamPolicy edgenetwork.locations.get edgenetwork.locations.list edgenetwork.networks.create edgenetwork.networks.delete edgenetwork.networks.get edgenetwork.networks.getIamPolicy edgenetwork.networks.getStatus edgenetwork.networks.list edgenetwork.networks.setIamPolicy edgenetwork.networks.update edgenetwork.operations.cancel edgenetwork.operations.delete edgenetwork.operations.get edgenetwork.operations.list edgenetwork.routers.create edgenetwork.routers.delete edgenetwork.routers.get edgenetwork.routers.getIamPolicy edgenetwork.routers.getRouterStatus edgenetwork.routers.list edgenetwork.routers.patch edgenetwork.routers.setIamPolicy edgenetwork.routers.update edgenetwork.subnetworks.create edgenetwork.subnetworks.delete edgenetwork.subnetworks.get edgenetwork.subnetworks.getIamPolicy edgenetwork.subnetworks.getStatus edgenetwork.subnetworks.list edgenetwork.subnetworks.setIamPolicy edgenetwork.subnetworks.update edgenetwork.zones.get edgenetwork.zones.initialize edgenetwork.zones.list |
Distributed Cloud Edge Network | Now GA |
edgenetwork.interconnectAttachments.create edgenetwork.interconnectAttachments.delete edgenetwork.interconnectAttachments.get edgenetwork.interconnectAttachments.getIamPolicy edgenetwork.interconnectAttachments.list edgenetwork.interconnectAttachments.setIamPolicy edgenetwork.interconnectAttachments.update edgenetwork.interconnects.get edgenetwork.interconnects.getDiagnostics edgenetwork.interconnects.getIamPolicy edgenetwork.interconnects.list edgenetwork.interconnects.setIamPolicy edgenetwork.locations.get edgenetwork.locations.list edgenetwork.networks.create edgenetwork.networks.delete edgenetwork.networks.get edgenetwork.networks.getIamPolicy edgenetwork.networks.getStatus edgenetwork.networks.list edgenetwork.networks.setIamPolicy edgenetwork.networks.update edgenetwork.operations.cancel edgenetwork.operations.delete edgenetwork.operations.get edgenetwork.operations.list edgenetwork.routers.create edgenetwork.routers.delete edgenetwork.routers.get edgenetwork.routers.getIamPolicy edgenetwork.routers.getRouterStatus edgenetwork.routers.list edgenetwork.routers.patch edgenetwork.routers.setIamPolicy edgenetwork.routers.update edgenetwork.subnetworks.create edgenetwork.subnetworks.delete edgenetwork.subnetworks.get edgenetwork.subnetworks.getIamPolicy edgenetwork.subnetworks.getStatus edgenetwork.subnetworks.list edgenetwork.subnetworks.setIamPolicy edgenetwork.subnetworks.update edgenetwork.zones.get edgenetwork.zones.initialize edgenetwork.zones.list |
Firebase Authentication | Added |
firebaseauth.configs.getSecret |
Firebase Authentication | Supported In Custom Roles |
firebaseauth.configs.getSecret |
Firebase Authentication | Now GA |
firebaseauth.configs.getSecret |
Notebooks | Added |
notebooks.runtimes.upgrade |
Notebooks | Now GA |
notebooks.runtimes.upgrade |
Recommender | Added |
recommender.bigqueryPartitionClusterRecommendations.get recommender.bigqueryPartitionClusterRecommendations.list recommender.bigqueryPartitionClusterRecommendations.update recommender.bigqueryTableStatsInsights.get recommender.bigqueryTableStatsInsights.list recommender.bigqueryTableStatsInsights.update |
Recommender | Supported In Custom Roles |
recommender.bigqueryPartitionClusterRecommendations.get recommender.bigqueryPartitionClusterRecommendations.list recommender.bigqueryPartitionClusterRecommendations.update recommender.bigqueryTableStatsInsights.get recommender.bigqueryTableStatsInsights.list recommender.bigqueryTableStatsInsights.update |
Retail API | Added |
retail.models.get |
Retail API | Now GA |
retail.models.create retail.models.delete retail.models.list retail.models.pause retail.models.resume retail.models.tune retail.models.update |
Cloud IAM changes as of 2023-01-06
Service | Change | Description |
---|---|---|
Vertex AI | Now GA |
The role |
Vertex AI | Now GA |
The role |
Vertex AI | Now GA |
The role |
Vertex AI | Now GA |
The role |
Vertex AI | Now GA |
The role |
Backup and Disaster Recovery | Role Updated |
The following permissions have been added to the role compute.regionOperations.get |
Cloud Build | Role Updated |
The following permissions have been added to the role cloudbuild.repositories.get |
Cloud Build | Role Updated |
The following permissions have been added to the role cloudbuild.repositories.get |
Connectors | Role Updated |
The following permissions have been added to the role secretmanager.secrets.getIamPolicy |
Google Cloud Contact Center as a Service | Role Updated |
The following permissions have been added to the role contactcenteraiplatform.contactCenters.queryQuota |
Basic Role | Role Updated |
The following permissions have been added to the role contactcenteraiplatform.contactCenters.queryQuota |
GKE Hub | Role Updated |
The following permissions have been added to the role container.operations.get |
Cloud Monitoring | Role Updated |
The following permissions have been added to the role cloudfunctions.functions.get cloudtrace.traces.patch run.routes.invoke |
Basic Role | Role Updated |
The following permissions have been added to the role contactcenteraiplatform.contactCenters.queryQuota |
Recommender | Now GA |
The role |
Recommender | Now GA |
The role |
Recommender | Role Updated |
The following permissions have been added to the role recommender.computeInstanceIdleResourceRecommenderConfig.get recommender.computeInstanceIdleResourceRecommenderConfig.update |
Basic Role | Role Updated |
The following permissions have been added to the role contactcenteraiplatform.contactCenters.queryQuota |
Compute Engine | Now GA |
compute.backendServices.getIamPolicy compute.backendServices.setIamPolicy compute.regionBackendServices.getIamPolicy compute.regionBackendServices.setIamPolicy |
Google Cloud Contact Center as a Service | Added |
contactcenteraiplatform.contactCenters.queryQuota |
Cloud Data Fusion | Added |
datafusion.artifacts.create datafusion.artifacts.delete datafusion.artifacts.get datafusion.artifacts.list datafusion.artifacts.update datafusion.pipelineConnections.create datafusion.pipelineConnections.delete datafusion.pipelineConnections.get datafusion.pipelineConnections.list datafusion.pipelineConnections.update datafusion.pipelineConnections.use datafusion.pipelines.create datafusion.pipelines.delete datafusion.pipelines.execute datafusion.pipelines.get datafusion.pipelines.list datafusion.pipelines.preview datafusion.pipelines.update datafusion.profiles.create datafusion.profiles.delete datafusion.profiles.get datafusion.profiles.list datafusion.profiles.update datafusion.secureKeys.create datafusion.secureKeys.delete datafusion.secureKeys.getSecret datafusion.secureKeys.list datafusion.secureKeys.update |
Data Lineage API | Added |
datalineage.events.create datalineage.events.delete datalineage.events.get datalineage.events.list datalineage.locations.searchLinks datalineage.operations.get datalineage.processes.create datalineage.processes.delete datalineage.processes.get datalineage.processes.list datalineage.processes.update datalineage.runs.create datalineage.runs.delete datalineage.runs.get datalineage.runs.list datalineage.runs.update |
Data Lineage API | Supported In Custom Roles |
datalineage.operations.get |
Database Migration Service | Added |
datamigration.conversionworkspaces.commit datamigration.conversionworkspaces.convert datamigration.conversionworkspaces.create datamigration.conversionworkspaces.delete datamigration.conversionworkspaces.get datamigration.conversionworkspaces.getIamPolicy datamigration.conversionworkspaces.list datamigration.conversionworkspaces.rollback datamigration.conversionworkspaces.seed datamigration.conversionworkspaces.setIamPolicy datamigration.conversionworkspaces.update datamigration.mappingrules.getIamPolicy datamigration.mappingrules.import datamigration.mappingrules.setIamPolicy datamigration.privateconnections.create datamigration.privateconnections.delete datamigration.privateconnections.get datamigration.privateconnections.getIamPolicy datamigration.privateconnections.list datamigration.privateconnections.setIamPolicy |
Database Migration Service | Supported In Custom Roles |
datamigration.privateconnections.create datamigration.privateconnections.delete datamigration.privateconnections.get datamigration.privateconnections.getIamPolicy datamigration.privateconnections.list datamigration.privateconnections.setIamPolicy |
Database Migration Service | Now GA |
datamigration.conversionworkspaces.commit datamigration.conversionworkspaces.convert datamigration.conversionworkspaces.create datamigration.conversionworkspaces.delete datamigration.conversionworkspaces.get datamigration.conversionworkspaces.getIamPolicy datamigration.conversionworkspaces.list datamigration.conversionworkspaces.rollback datamigration.conversionworkspaces.seed datamigration.conversionworkspaces.setIamPolicy datamigration.conversionworkspaces.update datamigration.mappingrules.getIamPolicy datamigration.mappingrules.import datamigration.mappingrules.setIamPolicy datamigration.privateconnections.create datamigration.privateconnections.delete datamigration.privateconnections.get datamigration.privateconnections.getIamPolicy datamigration.privateconnections.list datamigration.privateconnections.setIamPolicy |
Dialogflow | Added |
dialogflow.knowledgeBases.update |
Dialogflow | Supported In Custom Roles |
dialogflow.knowledgeBases.update |
Dialogflow | Now GA |
dialogflow.knowledgeBases.update |
Google Earth Engine | Added |
earthengine.featureviews.create |
ML Kit for Firebase | Added |
firebaseml.models.update |
ML Kit for Firebase | Supported In Custom Roles |
firebaseml.models.update |
Network Management API | Added |
networkmanagement.topologygraphs.read |
Network Management API | Supported In Custom Roles |
networkmanagement.topologygraphs.read |
Network Management API | Now GA |
networkmanagement.topologygraphs.read |
Recommender | Added |
recommender.computeInstanceIdleResourceRecommenderConfig.get recommender.computeInstanceIdleResourceRecommenderConfig.update recommender.iamPolicyRecommenderConfig.get recommender.iamPolicyRecommenderConfig.update recommender.spendBasedCommitmentRecommenderConfig.get recommender.spendBasedCommitmentRecommenderConfig.update |
Recommender | Supported In Custom Roles |
recommender.computeInstanceIdleResourceRecommenderConfig.get recommender.computeInstanceIdleResourceRecommenderConfig.update recommender.iamPolicyRecommenderConfig.get recommender.iamPolicyRecommenderConfig.update recommender.spendBasedCommitmentRecommenderConfig.get recommender.spendBasedCommitmentRecommenderConfig.update |
Recommender | Now GA |
recommender.computeInstanceIdleResourceRecommenderConfig.get recommender.computeInstanceIdleResourceRecommenderConfig.update recommender.containerDiagnosisInsights.get recommender.containerDiagnosisInsights.list recommender.containerDiagnosisInsights.update recommender.containerDiagnosisRecommendations.get recommender.containerDiagnosisRecommendations.list recommender.containerDiagnosisRecommendations.update recommender.iamPolicyRecommenderConfig.get recommender.iamPolicyRecommenderConfig.update |
Cloud IAM changes as of 2022-12-16
Service | Change | Description |
---|---|---|
Cloud Composer | Role Updated |
The following permissions have been added to the role recommender.containerDiagnosisInsights.get recommender.containerDiagnosisInsights.list recommender.containerDiagnosisInsights.update recommender.containerDiagnosisRecommendations.get recommender.containerDiagnosisRecommendations.list recommender.containerDiagnosisRecommendations.update recommender.locations.get recommender.locations.list recommender.networkAnalyzerGkeConnectivityInsights.get recommender.networkAnalyzerGkeConnectivityInsights.list recommender.networkAnalyzerGkeConnectivityInsights.update recommender.networkAnalyzerGkeIpAddressInsights.get recommender.networkAnalyzerGkeIpAddressInsights.list recommender.networkAnalyzerGkeIpAddressInsights.update |
Cloud Composer | Role Updated |
The following permissions have been added to the role recommender.containerDiagnosisInsights.get recommender.containerDiagnosisInsights.list recommender.containerDiagnosisInsights.update recommender.containerDiagnosisRecommendations.get recommender.containerDiagnosisRecommendations.list recommender.containerDiagnosisRecommendations.update recommender.locations.get recommender.locations.list recommender.networkAnalyzerGkeConnectivityInsights.get recommender.networkAnalyzerGkeConnectivityInsights.list recommender.networkAnalyzerGkeConnectivityInsights.update recommender.networkAnalyzerGkeIpAddressInsights.get recommender.networkAnalyzerGkeIpAddressInsights.list recommender.networkAnalyzerGkeIpAddressInsights.update |
Google Kubernetes Engine | Role Updated |
The following permissions have been added to the role recommender.containerDiagnosisInsights.get recommender.containerDiagnosisInsights.list recommender.containerDiagnosisInsights.update recommender.containerDiagnosisRecommendations.get recommender.containerDiagnosisRecommendations.list recommender.containerDiagnosisRecommendations.update recommender.locations.get recommender.locations.list recommender.networkAnalyzerGkeConnectivityInsights.get recommender.networkAnalyzerGkeConnectivityInsights.list recommender.networkAnalyzerGkeConnectivityInsights.update recommender.networkAnalyzerGkeIpAddressInsights.get recommender.networkAnalyzerGkeIpAddressInsights.list recommender.networkAnalyzerGkeIpAddressInsights.update |
Google Kubernetes Engine | Role Updated |
The following permissions have been added to the role recommender.containerDiagnosisInsights.get recommender.containerDiagnosisInsights.list recommender.containerDiagnosisInsights.update recommender.containerDiagnosisRecommendations.get recommender.containerDiagnosisRecommendations.list recommender.containerDiagnosisRecommendations.update recommender.locations.get recommender.locations.list recommender.networkAnalyzerGkeConnectivityInsights.get recommender.networkAnalyzerGkeConnectivityInsights.list recommender.networkAnalyzerGkeConnectivityInsights.update recommender.networkAnalyzerGkeIpAddressInsights.get recommender.networkAnalyzerGkeIpAddressInsights.list recommender.networkAnalyzerGkeIpAddressInsights.update |
Google Kubernetes Engine | Role Updated |
The following permissions have been added to the role recommender.containerDiagnosisInsights.get recommender.containerDiagnosisInsights.list recommender.containerDiagnosisInsights.update recommender.containerDiagnosisRecommendations.get recommender.containerDiagnosisRecommendations.list recommender.containerDiagnosisRecommendations.update recommender.locations.get recommender.locations.list recommender.networkAnalyzerGkeConnectivityInsights.get recommender.networkAnalyzerGkeConnectivityInsights.list recommender.networkAnalyzerGkeConnectivityInsights.update recommender.networkAnalyzerGkeIpAddressInsights.get recommender.networkAnalyzerGkeIpAddressInsights.list recommender.networkAnalyzerGkeIpAddressInsights.update |
Dataproc | Role Updated |
The following permissions have been added to the role compute.networks.getEffectiveFirewalls iam.serviceAccounts.getAccessToken |
Datastore | Role Updated |
The following permissions have been added to the role datastore.databases.list |
Sensitive Data Protection | Role Updated |
The following permissions have been added to the role datastore.databases.list |
Game Servers | Role Updated |
The following permissions have been added to the role recommender.containerDiagnosisInsights.get recommender.containerDiagnosisInsights.list recommender.containerDiagnosisInsights.update recommender.containerDiagnosisRecommendations.get recommender.containerDiagnosisRecommendations.list recommender.containerDiagnosisRecommendations.update recommender.locations.get recommender.locations.list recommender.networkAnalyzerGkeConnectivityInsights.get recommender.networkAnalyzerGkeConnectivityInsights.list recommender.networkAnalyzerGkeConnectivityInsights.update recommender.networkAnalyzerGkeIpAddressInsights.get recommender.networkAnalyzerGkeIpAddressInsights.list recommender.networkAnalyzerGkeIpAddressInsights.update |
Backup for GKE | Role Updated |
The following permissions have been added to the role recommender.containerDiagnosisInsights.get recommender.containerDiagnosisInsights.list recommender.containerDiagnosisInsights.update recommender.containerDiagnosisRecommendations.get recommender.containerDiagnosisRecommendations.list recommender.containerDiagnosisRecommendations.update recommender.locations.get recommender.locations.list recommender.networkAnalyzerGkeConnectivityInsights.get recommender.networkAnalyzerGkeConnectivityInsights.list recommender.networkAnalyzerGkeConnectivityInsights.update recommender.networkAnalyzerGkeIpAddressInsights.get recommender.networkAnalyzerGkeIpAddressInsights.list recommender.networkAnalyzerGkeIpAddressInsights.update |
VM Migration | Role Updated |
The following permissions have been added to the role resourcemanager.projects.get resourcemanager.projects.list |
VM Migration | Role Updated |
The following permissions have been added to the role resourcemanager.projects.get resourcemanager.projects.list |
Google Cloud | Added |
cloud.locations.get cloud.locations.list |
Google Cloud | Supported In Custom Roles |
cloud.locations.get cloud.locations.list |
Cloud Asset Inventory | Added |
cloudasset.assets.exportBeyondCorpAppGateways cloudasset.assets.listBeyondCorpAppGateways |
Cloud Asset Inventory | Supported In Custom Roles |
cloudasset.assets.exportBeyondCorpAppGateways cloudasset.assets.listBeyondCorpAppGateways |
Cloud Key Management Service | Added |
cloudkms.protectedResources.search |
GKE Multi-Cloud | Added |
gkemulticloud.attachedClusters.create gkemulticloud.attachedClusters.delete gkemulticloud.attachedClusters.generateInstallManifest gkemulticloud.attachedClusters.get gkemulticloud.attachedClusters.import gkemulticloud.attachedClusters.list gkemulticloud.attachedClusters.update gkemulticloud.attachedServerConfigs.get |
GKE Multi-Cloud | Now GA |
gkemulticloud.attachedClusters.create gkemulticloud.attachedClusters.delete gkemulticloud.attachedClusters.generateInstallManifest gkemulticloud.attachedClusters.get gkemulticloud.attachedClusters.import gkemulticloud.attachedClusters.list gkemulticloud.attachedClusters.update gkemulticloud.attachedServerConfigs.get |
Cloud IAM changes as of 2022-12-09
Service | Change | Description |
---|---|---|
Cloud Service Mesh | Role Updated |
The following permissions have been added to the role container.validatingWebhookConfigurations.delete |
App Engine | Now GA |
The role |
App Engine | Role Updated |
The following permissions have been added to the role storage.buckets.create storage.buckets.get |
App Engine flexible environment | Role Updated |
The following permissions have been added to the role compute.instanceGroups.use |
Bare Metal Solution | Now GA |
The role |
Cloud Optimization | Now GA |
The role |
Cloud Optimization | Now GA |
The role |
Cloud Optimization | Now GA |
The role |
Compute Engine | Role Updated |
The following permissions have been added to the role iam.serviceAccounts.actAs |
Google Kubernetes Engine | Role Updated |
The following permissions have been added to the role serviceusage.services.use |
Google Kubernetes Engine | Role Updated |
The following permissions have been added to the role serviceusage.services.use |
Dataplex | Role Updated |
The following permissions have been added to the role datacatalog.categories.getIamPolicy datacatalog.categories.setIamPolicy datacatalog.taxonomies.create datacatalog.taxonomies.delete datacatalog.taxonomies.get datacatalog.taxonomies.list datacatalog.taxonomies.update |
Dataplex | Role Updated |
The following permissions have been removed from the role dataproc.autoscalingPolicies.create dataproc.jobs.delete dataproc.jobs.get dataproc.workflowTemplates.instantiateInline |
Distributed Cloud Edge Container | Now GA |
The role |
Firebase | Role Updated |
The following permissions have been added to the role bigquery.datasets.create bigquery.datasets.get bigquery.transfers.get bigquery.transfers.update |
Firebase Security Rules | Now GA |
The role |
FleetEngine | Role Updated |
The following permissions have been removed from the role fleetengine.deliveryvehicles.create fleetengine.deliveryvehicles.get fleetengine.deliveryvehicles.list fleetengine.deliveryvehicles.update fleetengine.deliveryvehicles.updateLocation fleetengine.deliveryvehicles.updateVehicleStops fleetengine.tasks.create fleetengine.tasks.get fleetengine.tasks.list fleetengine.tasks.searchWithTrackingId fleetengine.tasks.update |
Backup for GKE | Now GA |
The role |
Backup for GKE | Now GA |
The role |
Backup for GKE | Now GA |
The role |
Backup for GKE | Now GA |
The role |
Backup for GKE | Now GA |
The role |
Backup for GKE | Now GA |
The role |
Dataproc Metastore | Role Updated |
The following permissions have been added to the role dns.changes.create dns.changes.get dns.managedZones.create dns.managedZones.delete dns.managedZones.get dns.managedZones.list dns.networks.bindPrivateDNSZone dns.networks.targetWithPeeringZone dns.resourceRecordSets.create dns.resourceRecordSets.delete dns.resourceRecordSets.get dns.resourceRecordSets.list dns.resourceRecordSets.update |
Nest Console | Now GA |
The role |
Nest Console | Now GA |
The role |
Nest Console | Now GA |
The role |
Pub/Sub Lite | Now GA |
The role |
Storage Insights | Now GA |
The role |
Storage Insights | Now GA |
The role |
Workload Certificate | Role Updated |
The following permissions have been added to the role gkehub.fleet.create gkehub.fleet.get gkehub.operations.get |
Apigee | Added |
apigee.instances.update apigee.projects.migrate apigee.projects.previewMigration apigee.traceconfig.get apigee.traceconfig.update apigee.traceconfigoverrides.create apigee.traceconfigoverrides.delete apigee.traceconfigoverrides.get apigee.traceconfigoverrides.list apigee.traceconfigoverrides.update |
Apigee | Supported In Custom Roles |
apigee.instances.update apigee.projects.migrate apigee.projects.previewMigration |
Apigee | Now GA |
apigee.instances.update apigee.projects.migrate apigee.projects.previewMigration apigee.traceconfig.get apigee.traceconfig.update apigee.traceconfigoverrides.create apigee.traceconfigoverrides.delete apigee.traceconfigoverrides.get apigee.traceconfigoverrides.list apigee.traceconfigoverrides.update |
App Engine | Added |
appengine.instances.enableDebug |
App Engine | Supported In Custom Roles |
appengine.instances.enableDebug |
App Engine | Now GA |
appengine.instances.enableDebug |
Cloud Asset Inventory | Added |
cloudasset.assets.queryAccessPolicy cloudasset.assets.queryIamPolicy cloudasset.assets.queryOSInventories cloudasset.assets.queryResource |
Cloud Build | Added |
cloudbuild.connections.create cloudbuild.connections.delete cloudbuild.connections.fetchLinkableRepositories cloudbuild.connections.get cloudbuild.connections.getIamPolicy cloudbuild.connections.list cloudbuild.connections.setIamPolicy cloudbuild.connections.update cloudbuild.repositories.accessReadToken cloudbuild.repositories.accessReadWriteToken cloudbuild.repositories.create cloudbuild.repositories.delete cloudbuild.repositories.get cloudbuild.repositories.list |
Cloud Build | Supported In Custom Roles |
cloudbuild.connections.create cloudbuild.connections.delete cloudbuild.connections.fetchLinkableRepositories cloudbuild.connections.get cloudbuild.connections.getIamPolicy cloudbuild.connections.list cloudbuild.connections.setIamPolicy cloudbuild.connections.update cloudbuild.repositories.accessReadToken cloudbuild.repositories.accessReadWriteToken cloudbuild.repositories.create cloudbuild.repositories.delete cloudbuild.repositories.get cloudbuild.repositories.list |
Cloud Optimization | Now GA |
cloudoptimization.operations.create cloudoptimization.operations.get |
Compute Engine | Added |
compute.instances.simulateMaintenanceEvent compute.nodeGroups.simulateMaintenanceEvent |
Compute Engine | Supported In Custom Roles |
compute.instances.simulateMaintenanceEvent compute.nodeGroups.simulateMaintenanceEvent |
Compute Engine | Now GA |
compute.instances.simulateMaintenanceEvent |
Connectors | Added |
connectors.schemaMetadata.refresh |
Connectors | Now GA |
connectors.schemaMetadata.refresh |
Cloud Commerce Consumer Procurement | Added |
consumerprocurement.consents.allowProjectGrant |
Cloud Commerce Consumer Procurement | Supported In Custom Roles |
consumerprocurement.consents.allowProjectGrant |
Conversational Insights | Added |
contactcenterinsights.issues.delete |
Cloud Data Fusion | Added |
datafusion.operations.delete |
Dataplex | Added |
dataplex.tasks.run |
Dataplex | Supported In Custom Roles |
dataplex.tasks.run |
Dataplex | Now GA |
dataplex.tasks.run |
Dataproc | Added |
dataproc.nodeGroups.create dataproc.nodeGroups.get dataproc.nodeGroups.update |
Dataproc | Supported In Custom Roles |
dataproc.nodeGroups.create dataproc.nodeGroups.get dataproc.nodeGroups.update |
Dataproc | Now GA |
dataproc.nodeGroups.create dataproc.nodeGroups.get dataproc.nodeGroups.update |
Google Analytics | Added |
firebaseanalytics.resources.googleAnalyticsAdditionalAccess firebaseanalytics.resources.googleAnalyticsRestrictedAccess |
Google Analytics | Supported In Custom Roles |
firebaseanalytics.resources.googleAnalyticsAdditionalAccess firebaseanalytics.resources.googleAnalyticsRestrictedAccess |
Backup for GKE | Now GA |
gkebackup.backupPlans.create gkebackup.backupPlans.delete gkebackup.backupPlans.get gkebackup.backupPlans.getIamPolicy gkebackup.backupPlans.list gkebackup.backupPlans.setIamPolicy gkebackup.backupPlans.update gkebackup.backups.create gkebackup.backups.delete gkebackup.backups.get gkebackup.backups.list gkebackup.backups.update gkebackup.locations.get gkebackup.locations.list gkebackup.operations.cancel gkebackup.operations.delete gkebackup.operations.get gkebackup.operations.list gkebackup.restorePlans.create gkebackup.restorePlans.delete gkebackup.restorePlans.get gkebackup.restorePlans.getIamPolicy gkebackup.restorePlans.list gkebackup.restorePlans.setIamPolicy gkebackup.restorePlans.update gkebackup.restores.create gkebackup.restores.delete gkebackup.restores.get gkebackup.restores.list gkebackup.restores.update gkebackup.volumeBackups.get gkebackup.volumeBackups.list gkebackup.volumeRestores.get gkebackup.volumeRestores.list |
Cloud Logging | Added |
logging.settings.get logging.settings.update |
Cloud Logging | Added |
logging.googleapis.com/settings.get logging.googleapis.com/settings.update |
Managed Service for Microsoft Active Directory | Added |
managedidentities.domains.domainJoinMachine |
Maps Platform Datasets | Added |
mapsplatformdatasets.datasets.create mapsplatformdatasets.datasets.delete mapsplatformdatasets.datasets.get mapsplatformdatasets.datasets.import mapsplatformdatasets.datasets.list mapsplatformdatasets.datasets.update |
Cloud Monitoring | Added |
monitoring.snoozes.create monitoring.snoozes.get monitoring.snoozes.list monitoring.snoozes.update |
Cloud Monitoring | Supported In Custom Roles |
monitoring.snoozes.create monitoring.snoozes.get monitoring.snoozes.list monitoring.snoozes.update |
Nest Console | Added |
nestconsole.smarthomePreviews.update nestconsole.smarthomeProjects.create nestconsole.smarthomeProjects.delete nestconsole.smarthomeProjects.get nestconsole.smarthomeProjects.update nestconsole.smarthomeVersions.create nestconsole.smarthomeVersions.get nestconsole.smarthomeVersions.submit |
Nest Console | Now GA |
nestconsole.smarthomePreviews.update nestconsole.smarthomeProjects.create nestconsole.smarthomeProjects.delete nestconsole.smarthomeProjects.get nestconsole.smarthomeProjects.update nestconsole.smarthomeVersions.create nestconsole.smarthomeVersions.get nestconsole.smarthomeVersions.submit |
Network Connectivity Center | Added |
networkconnectivity.internalRanges.create networkconnectivity.internalRanges.delete networkconnectivity.internalRanges.get networkconnectivity.internalRanges.getIamPolicy networkconnectivity.internalRanges.list networkconnectivity.internalRanges.setIamPolicy networkconnectivity.internalRanges.update |
Network Connectivity Center | Supported In Custom Roles |
networkconnectivity.internalRanges.create networkconnectivity.internalRanges.delete networkconnectivity.internalRanges.get networkconnectivity.internalRanges.getIamPolicy networkconnectivity.internalRanges.list networkconnectivity.internalRanges.setIamPolicy networkconnectivity.internalRanges.update |
Network Connectivity Center | Now GA |
networkconnectivity.internalRanges.create networkconnectivity.internalRanges.delete networkconnectivity.internalRanges.get networkconnectivity.internalRanges.getIamPolicy networkconnectivity.internalRanges.list networkconnectivity.internalRanges.setIamPolicy networkconnectivity.internalRanges.update |
Recommender | Added |
recommender.cloudsqlInstanceOomProbabilityInsights.get recommender.cloudsqlInstanceOomProbabilityInsights.list recommender.cloudsqlInstanceOomProbabilityInsights.update recommender.cloudsqlInstanceUnderprovisionedCpuUsageInsights.get recommender.cloudsqlInstanceUnderprovisionedCpuUsageInsights.list recommender.cloudsqlInstanceUnderprovisionedCpuUsageInsights.update recommender.cloudsqlInstanceUnderprovisionedMemoryUsageInsights.get recommender.cloudsqlInstanceUnderprovisionedMemoryUsageInsights.list recommender.cloudsqlInstanceUnderprovisionedMemoryUsageInsights.update recommender.cloudsqlUnderProvisionedInstanceRecommendations.get recommender.cloudsqlUnderProvisionedInstanceRecommendations.list recommender.cloudsqlUnderProvisionedInstanceRecommendations.update |
Recommender | Supported In Custom Roles |
recommender.cloudsqlInstanceOomProbabilityInsights.get recommender.cloudsqlInstanceOomProbabilityInsights.list recommender.cloudsqlInstanceOomProbabilityInsights.update recommender.cloudsqlInstanceUnderprovisionedCpuUsageInsights.get recommender.cloudsqlInstanceUnderprovisionedCpuUsageInsights.list recommender.cloudsqlInstanceUnderprovisionedCpuUsageInsights.update recommender.cloudsqlInstanceUnderprovisionedMemoryUsageInsights.get recommender.cloudsqlInstanceUnderprovisionedMemoryUsageInsights.list recommender.cloudsqlInstanceUnderprovisionedMemoryUsageInsights.update recommender.cloudsqlUnderProvisionedInstanceRecommendations.get recommender.cloudsqlUnderProvisionedInstanceRecommendations.list recommender.cloudsqlUnderProvisionedInstanceRecommendations.update |
Recommender | Now GA |
recommender.resourcemanagerProjectUtilizationInsightTypeConfigs.get recommender.resourcemanagerProjectUtilizationInsightTypeConfigs.update recommender.resourcemanagerProjectUtilizationRecommenderConfigs.get recommender.resourcemanagerProjectUtilizationRecommenderConfigs.update |
Retail API | Added |
retail.models.pause retail.models.resume retail.models.tune retail.models.update |
Google Cloud Observability | Added |
stackdriver.resourceMetadata.list |
Google Cloud Observability | Supported In Custom Roles |
stackdriver.resourceMetadata.list |
Storage Insights | Added |
storageinsights.locations.get storageinsights.locations.list storageinsights.operations.cancel storageinsights.operations.delete storageinsights.operations.get storageinsights.operations.list storageinsights.reportConfigs.create storageinsights.reportConfigs.delete storageinsights.reportConfigs.get storageinsights.reportConfigs.list storageinsights.reportConfigs.update storageinsights.reportDetails.get storageinsights.reportDetails.list |
Storage Insights | Now GA |
storageinsights.locations.get storageinsights.locations.list storageinsights.operations.cancel storageinsights.operations.delete storageinsights.operations.get storageinsights.operations.list storageinsights.reportConfigs.create storageinsights.reportConfigs.delete storageinsights.reportConfigs.get storageinsights.reportConfigs.list storageinsights.reportConfigs.update storageinsights.reportDetails.get storageinsights.reportDetails.list |
VM Migration | Added |
vmmigration.replicationCycles.get vmmigration.replicationCycles.list |
Cloud IAM changes as of 2022-12-02
Service | Change | Description |
---|---|---|
Backup and Disaster Recovery | Role Updated |
The following permissions have been added to the role backupdr.managementServers.backupAccess |
Cloud Billing | Role Updated |
The following permissions have been added to the role compute.commitments.create compute.commitments.get compute.commitments.list compute.commitments.update compute.commitments.updateReservations |
Cloud Build | Role Updated |
The following permissions have been added to the role iam.serviceAccounts.getOpenIdToken |
Cloud Commerce Consumer Procurement | Role Updated |
The following permissions have been added to the role billing.accounts.get billing.accounts.getIamPolicy billing.accounts.list billing.accounts.redeemPromotion billing.credits.list billing.resourceAssociations.create |
Cloud Commerce Consumer Procurement | Role Updated |
The following permissions have been added to the role billing.accounts.get billing.accounts.getIamPolicy billing.accounts.list billing.credits.list |
Cloud Logging | Role Updated |
The following permissions have been added to the role bigquery.datasets.get |
RISC Configuration Service | Role Updated |
The following permissions have been added to the role clientauthconfig.clients.list |
RISC Configuration Service | Role Updated |
The following permissions have been added to the role clientauthconfig.clients.list |
Security Command Center | Role Updated |
The following permissions have been added to the role iam.denypolicies.get iam.denypolicies.list iam.googleapis.com/denypolicies.get iam.googleapis.com/denypolicies.list |
Security Command Center | Role Updated |
The following permissions have been added to the role iam.denypolicies.get iam.denypolicies.list iam.googleapis.com/denypolicies.get iam.googleapis.com/denypolicies.list |
Basic Role | Role Updated |
The following permissions have been added to the role backupdr.managementServers.backupAccess |
Commerce Business Enablement | Added |
commercebusinessenablement.leadgenConfig.get commercebusinessenablement.leadgenConfig.update commercebusinessenablement.paymentConfig.get commercebusinessenablement.paymentConfig.update |
Google Distributed Cloud | Added |
gkeonprem.bareMetalAdminClusters.create gkeonprem.bareMetalAdminClusters.enroll gkeonprem.bareMetalAdminClusters.get gkeonprem.bareMetalAdminClusters.getIamPolicy gkeonprem.bareMetalAdminClusters.list gkeonprem.bareMetalAdminClusters.queryVersionConfig gkeonprem.bareMetalAdminClusters.setIamPolicy gkeonprem.bareMetalAdminClusters.unenroll gkeonprem.bareMetalAdminClusters.update gkeonprem.vmwareAdminClusters.enroll gkeonprem.vmwareAdminClusters.get gkeonprem.vmwareAdminClusters.getIamPolicy gkeonprem.vmwareAdminClusters.list gkeonprem.vmwareAdminClusters.setIamPolicy gkeonprem.vmwareAdminClusters.unenroll gkeonprem.vmwareAdminClusters.update |
Google Distributed Cloud | Supported In Custom Roles |
gkeonprem.bareMetalAdminClusters.create gkeonprem.bareMetalAdminClusters.enroll gkeonprem.bareMetalAdminClusters.get gkeonprem.bareMetalAdminClusters.getIamPolicy gkeonprem.bareMetalAdminClusters.list gkeonprem.bareMetalAdminClusters.queryVersionConfig gkeonprem.bareMetalAdminClusters.setIamPolicy gkeonprem.bareMetalAdminClusters.unenroll gkeonprem.bareMetalAdminClusters.update gkeonprem.vmwareAdminClusters.enroll gkeonprem.vmwareAdminClusters.get gkeonprem.vmwareAdminClusters.getIamPolicy gkeonprem.vmwareAdminClusters.list gkeonprem.vmwareAdminClusters.setIamPolicy gkeonprem.vmwareAdminClusters.unenroll gkeonprem.vmwareAdminClusters.update |
Google Distributed Cloud | Now GA |
gkeonprem.bareMetalAdminClusters.create gkeonprem.bareMetalAdminClusters.enroll gkeonprem.bareMetalAdminClusters.get gkeonprem.bareMetalAdminClusters.getIamPolicy gkeonprem.bareMetalAdminClusters.list gkeonprem.bareMetalAdminClusters.queryVersionConfig gkeonprem.bareMetalAdminClusters.setIamPolicy gkeonprem.bareMetalAdminClusters.unenroll gkeonprem.bareMetalAdminClusters.update gkeonprem.vmwareAdminClusters.enroll gkeonprem.vmwareAdminClusters.get gkeonprem.vmwareAdminClusters.getIamPolicy gkeonprem.vmwareAdminClusters.list gkeonprem.vmwareAdminClusters.setIamPolicy gkeonprem.vmwareAdminClusters.unenroll gkeonprem.vmwareAdminClusters.update |
Network Connectivity Center | Added |
networkconnectivity.policyBasedRoutes.create networkconnectivity.policyBasedRoutes.delete networkconnectivity.policyBasedRoutes.get networkconnectivity.policyBasedRoutes.getIamPolicy networkconnectivity.policyBasedRoutes.list networkconnectivity.policyBasedRoutes.setIamPolicy |
Network Connectivity Center | Now GA |
networkconnectivity.policyBasedRoutes.create networkconnectivity.policyBasedRoutes.delete networkconnectivity.policyBasedRoutes.get networkconnectivity.policyBasedRoutes.getIamPolicy networkconnectivity.policyBasedRoutes.list networkconnectivity.policyBasedRoutes.setIamPolicy |
VM Migration | Supported In Custom Roles |
vmmigration.migratingVms.get |
Cloud IAM changes as of 2022-11-04
Service | Change | Description |
---|---|---|
Backup and Disaster Recovery | Role Updated |
The following permissions have been added to the role compute.snapshots.delete resourcemanager.projects.list |
Cloud Deploy | Now GA |
The role |
Cloud Deploy | Now GA |
The role |
Cloud Deploy | Now GA |
The role |
Cloud Deploy | Now GA |
The role |
Cloud Deploy | Now GA |
The role |
Cloud Deploy | Now GA |
The role |
Cloud Deploy | Now GA |
The role |
Cloud Deploy | Role Updated |
The following permissions have been added to the role clouddeploy.deliveryPipelines.delete |
Cloud Deploy | Role Updated |
The following permissions have been added to the role clouddeploy.deliveryPipelines.delete clouddeploy.targets.delete |
Firebase installations | Now GA |
The role |
Security Command Center | Role Updated |
The following permissions have been added to the role resourcemanager.tagValues.get |
Security Command Center | Role Updated |
The following permissions have been added to the role resourcemanager.tagValues.get |
Security Command Center | Role Updated |
The following permissions have been added to the role resourcemanager.tagValues.get |
Security Command Center | Role Updated |
The following permissions have been added to the role resourcemanager.tagValues.get |
Security Command Center | Role Updated |
The following permissions have been added to the role resourcemanager.tagValues.get |
Security Command Center | Role Updated |
The following permissions have been added to the role resourcemanager.tagValues.get |
Cloud Deploy | Now GA |
clouddeploy.config.get clouddeploy.deliveryPipelines.create clouddeploy.deliveryPipelines.delete clouddeploy.deliveryPipelines.get clouddeploy.deliveryPipelines.getIamPolicy clouddeploy.deliveryPipelines.list clouddeploy.deliveryPipelines.setIamPolicy clouddeploy.deliveryPipelines.update clouddeploy.locations.get clouddeploy.locations.list clouddeploy.operations.cancel clouddeploy.operations.delete clouddeploy.operations.get clouddeploy.operations.list clouddeploy.releases.abandon clouddeploy.releases.create clouddeploy.releases.delete clouddeploy.releases.get clouddeploy.releases.list clouddeploy.rollouts.approve clouddeploy.rollouts.create clouddeploy.rollouts.get clouddeploy.rollouts.list clouddeploy.targets.create clouddeploy.targets.delete clouddeploy.targets.get clouddeploy.targets.getIamPolicy clouddeploy.targets.list clouddeploy.targets.setIamPolicy clouddeploy.targets.update |
Cloud Composer | Added |
composer.dags.getSourceCode |
Cloud Composer | Now GA |
composer.dags.getSourceCode |
Compute Engine | Added |
compute.regionSslPolicies.create compute.regionSslPolicies.delete compute.regionSslPolicies.get compute.regionSslPolicies.list compute.regionSslPolicies.listAvailableFeatures compute.regionSslPolicies.update compute.regionSslPolicies.use |
Compute Engine | Now GA |
compute.regionSslPolicies.create compute.regionSslPolicies.delete compute.regionSslPolicies.get compute.regionSslPolicies.list compute.regionSslPolicies.listAvailableFeatures compute.regionSslPolicies.update compute.regionSslPolicies.use |
Firebase installations | Added |
firebaseinstallations.instances.delete |
Firebase installations | Now GA |
firebaseinstallations.instances.delete |
Remote Build Execution | Added |
remotebuildexecution.instances.update |
Remote Build Execution | Supported In Custom Roles |
remotebuildexecution.instances.update |
Cloud IAM changes as of 2022-10-28
Service | Change | Description |
---|---|---|
Cloud Build | Role Updated |
The following permissions have been added to the role logging.buckets.create logging.buckets.get logging.buckets.list |
Dataplex | Now GA |
The role |
Dataplex | Now GA |
The role |
Dataplex | Now GA |
The role |
Dataplex | Now GA |
The role |
Document AI | Role Updated |
The following permissions have been added to the role documentai.processedDocumentsSets.get documentai.processedDocumentsSets.getDocuments documentai.processedDocumentsSets.listDocuments |
Document AI | Role Updated |
The following permissions have been added to the role documentai.processedDocumentsSets.get documentai.processedDocumentsSets.getDocuments documentai.processedDocumentsSets.listDocuments |
Document AI | Role Updated |
The following permissions have been added to the role documentai.processedDocumentsSets.get documentai.processedDocumentsSets.getDocuments documentai.processedDocumentsSets.listDocuments |
Serverless Integrations | Role Updated |
The following permissions have been added to the role storage.objects.delete |
Google Cloud VMware Engine | Now GA |
The role |
Artifact Registry | Added |
artifactregistry.projectsettings.get artifactregistry.projectsettings.update |
Artifact Registry | Supported In Custom Roles |
artifactregistry.projectsettings.get artifactregistry.projectsettings.update |
Artifact Registry | Now GA |
artifactregistry.projectsettings.get artifactregistry.projectsettings.update |
Bigtable | Added |
bigtable.backups.read |
Bigtable | Supported In Custom Roles |
bigtable.backups.read |
Bigtable | Now GA |
bigtable.backups.read |
Commerce Org Governance | Added |
commerceorggovernance.collections.create commerceorggovernance.collections.delete commerceorggovernance.collections.get commerceorggovernance.collections.list commerceorggovernance.collections.update commerceorggovernance.consumerSharingPolicies.get commerceorggovernance.consumerSharingPolicies.update commerceorggovernance.organizationSettings.get commerceorggovernance.organizationSettings.update commerceorggovernance.services.list |
Compute Engine | Added |
compute.backendBuckets.addSignedUrlKey compute.backendBuckets.deleteSignedUrlKey compute.backendBuckets.getIamPolicy compute.backendBuckets.setIamPolicy compute.backendServices.addSignedUrlKey compute.backendServices.deleteSignedUrlKey compute.regionTargetHttpProxies.update compute.regionTargetTcpProxies.create compute.regionTargetTcpProxies.delete compute.regionTargetTcpProxies.get compute.regionTargetTcpProxies.list compute.regionTargetTcpProxies.use compute.resourcePolicies.getIamPolicy compute.resourcePolicies.setIamPolicy compute.targetHttpProxies.update compute.targetHttpsProxies.setCertificateMap compute.targetHttpsProxies.setQuicOverride compute.targetSslProxies.setCertificateMap compute.targetSslProxies.setSslPolicy compute.targetSslProxies.update |
Compute Engine | Supported In Custom Roles |
compute.resourcePolicies.getIamPolicy compute.resourcePolicies.setIamPolicy |
Compute Engine | Now GA |
compute.backendBuckets.addSignedUrlKey compute.backendBuckets.deleteSignedUrlKey compute.backendServices.addSignedUrlKey compute.backendServices.deleteSignedUrlKey compute.regionTargetHttpProxies.update compute.regionTargetTcpProxies.create compute.regionTargetTcpProxies.delete compute.regionTargetTcpProxies.get compute.regionTargetTcpProxies.list compute.regionTargetTcpProxies.use compute.resourcePolicies.getIamPolicy compute.resourcePolicies.setIamPolicy compute.targetHttpProxies.update compute.targetHttpsProxies.setCertificateMap compute.targetHttpsProxies.setQuicOverride compute.targetSslProxies.setCertificateMap compute.targetSslProxies.setSslPolicy compute.targetSslProxies.update |
Data Catalog | Added |
datacatalog.entryGroups.updateTag |
Data Catalog | Supported In Custom Roles |
datacatalog.entryGroups.updateTag |
Data Catalog | Now GA |
datacatalog.entryGroups.updateTag |
Dataplex | Added |
dataplex.datascans.create dataplex.datascans.delete dataplex.datascans.get dataplex.datascans.getData dataplex.datascans.getIamPolicy dataplex.datascans.list dataplex.datascans.run dataplex.datascans.setIamPolicy dataplex.datascans.update |
Dataplex | Now GA |
dataplex.datascans.create dataplex.datascans.delete dataplex.datascans.get dataplex.datascans.getData dataplex.datascans.getIamPolicy dataplex.datascans.list dataplex.datascans.run dataplex.datascans.setIamPolicy dataplex.datascans.update |
Discovery Engine | Added |
discoveryengine.documents.create discoveryengine.documents.delete discoveryengine.documents.get discoveryengine.documents.import discoveryengine.documents.list discoveryengine.documents.update discoveryengine.operations.get discoveryengine.operations.list discoveryengine.servingConfigs.recommend discoveryengine.userEvents.create discoveryengine.userEvents.import |
Document AI | Added |
documentai.processedDocumentsSets.get documentai.processedDocumentsSets.getDocuments documentai.processedDocumentsSets.listDocuments |
Enterprise Knowledge Graph | Added |
enterpriseknowledgegraph.cloudKnowledgeGraphEntities.lookup enterpriseknowledgegraph.cloudKnowledgeGraphEntities.search enterpriseknowledgegraph.publicKnowledgeGraphEntities.lookup enterpriseknowledgegraph.publicKnowledgeGraphEntities.search |
Identity Toolkit | Added |
identitytoolkit.tenants.create identitytoolkit.tenants.delete identitytoolkit.tenants.get identitytoolkit.tenants.getIamPolicy identitytoolkit.tenants.list identitytoolkit.tenants.setIamPolicy identitytoolkit.tenants.update |
Identity Toolkit | Supported In Custom Roles |
identitytoolkit.tenants.create identitytoolkit.tenants.delete identitytoolkit.tenants.get identitytoolkit.tenants.getIamPolicy identitytoolkit.tenants.list identitytoolkit.tenants.setIamPolicy identitytoolkit.tenants.update |
Identity Toolkit | Now GA |
identitytoolkit.tenants.create identitytoolkit.tenants.delete identitytoolkit.tenants.get identitytoolkit.tenants.getIamPolicy identitytoolkit.tenants.list identitytoolkit.tenants.setIamPolicy identitytoolkit.tenants.update |
Dataproc Metastore | Added |
metastore.services.mutateMetadata metastore.services.queryMetadata |
Dataproc Metastore | Supported In Custom Roles |
metastore.services.mutateMetadata metastore.services.queryMetadata |
Recommender | Supported In Custom Roles |
recommender.costInsights.get recommender.costInsights.list recommender.costInsights.update |
Retail API | Added |
retail.products.purge |
Retail API | Now GA |
retail.products.purge |
Cloud Run | Supported In Custom Roles |
run.routes.invoke |
Vision AI | Added |
visionai.corpora.suggest visionai.uistreams.create visionai.uistreams.delete visionai.uistreams.generateStreamThumbnails visionai.uistreams.get visionai.uistreams.list |
Google Cloud VMware Engine | Added |
vmwareengine.clusters.create vmwareengine.clusters.delete vmwareengine.clusters.get vmwareengine.clusters.getIamPolicy vmwareengine.clusters.list vmwareengine.clusters.setIamPolicy vmwareengine.clusters.update vmwareengine.hcxActivationKeys.create vmwareengine.hcxActivationKeys.get vmwareengine.hcxActivationKeys.getIamPolicy vmwareengine.hcxActivationKeys.list vmwareengine.hcxActivationKeys.setIamPolicy vmwareengine.locations.get vmwareengine.locations.list vmwareengine.networkPolicies.create vmwareengine.networkPolicies.delete vmwareengine.networkPolicies.get vmwareengine.networkPolicies.list vmwareengine.networkPolicies.update vmwareengine.nodeTypes.get vmwareengine.nodeTypes.list vmwareengine.operations.delete vmwareengine.operations.get vmwareengine.operations.list vmwareengine.privateClouds.create vmwareengine.privateClouds.delete vmwareengine.privateClouds.get vmwareengine.privateClouds.getIamPolicy vmwareengine.privateClouds.list vmwareengine.privateClouds.resetNsxCredentials vmwareengine.privateClouds.resetVcenterCredentials vmwareengine.privateClouds.setIamPolicy vmwareengine.privateClouds.showNsxCredentials vmwareengine.privateClouds.showVcenterCredentials vmwareengine.privateClouds.undelete vmwareengine.privateClouds.update vmwareengine.subnets.list vmwareengine.vmwareEngineNetworks.create vmwareengine.vmwareEngineNetworks.delete vmwareengine.vmwareEngineNetworks.get vmwareengine.vmwareEngineNetworks.list vmwareengine.vmwareEngineNetworks.update |
Google Cloud VMware Engine | Supported In Custom Roles |
vmwareengine.clusters.create vmwareengine.clusters.delete vmwareengine.clusters.get vmwareengine.clusters.getIamPolicy vmwareengine.clusters.list vmwareengine.clusters.setIamPolicy vmwareengine.clusters.update vmwareengine.hcxActivationKeys.create vmwareengine.hcxActivationKeys.get vmwareengine.hcxActivationKeys.getIamPolicy vmwareengine.hcxActivationKeys.list vmwareengine.hcxActivationKeys.setIamPolicy vmwareengine.locations.get vmwareengine.locations.list vmwareengine.networkPolicies.create vmwareengine.networkPolicies.delete vmwareengine.networkPolicies.get vmwareengine.networkPolicies.list vmwareengine.networkPolicies.update vmwareengine.nodeTypes.get vmwareengine.nodeTypes.list vmwareengine.operations.delete vmwareengine.operations.get vmwareengine.operations.list vmwareengine.privateClouds.create vmwareengine.privateClouds.delete vmwareengine.privateClouds.get vmwareengine.privateClouds.getIamPolicy vmwareengine.privateClouds.list vmwareengine.privateClouds.resetNsxCredentials vmwareengine.privateClouds.resetVcenterCredentials vmwareengine.privateClouds.setIamPolicy vmwareengine.privateClouds.showNsxCredentials vmwareengine.privateClouds.showVcenterCredentials vmwareengine.privateClouds.undelete vmwareengine.privateClouds.update vmwareengine.subnets.list vmwareengine.vmwareEngineNetworks.create vmwareengine.vmwareEngineNetworks.delete vmwareengine.vmwareEngineNetworks.get vmwareengine.vmwareEngineNetworks.list vmwareengine.vmwareEngineNetworks.update |
Google Cloud VMware Engine | Now GA |
vmwareengine.clusters.create vmwareengine.clusters.delete vmwareengine.clusters.get vmwareengine.clusters.getIamPolicy vmwareengine.clusters.list vmwareengine.clusters.setIamPolicy vmwareengine.clusters.update vmwareengine.hcxActivationKeys.create vmwareengine.hcxActivationKeys.get vmwareengine.hcxActivationKeys.getIamPolicy vmwareengine.hcxActivationKeys.list vmwareengine.hcxActivationKeys.setIamPolicy vmwareengine.locations.get vmwareengine.locations.list vmwareengine.networkPolicies.create vmwareengine.networkPolicies.delete vmwareengine.networkPolicies.get vmwareengine.networkPolicies.list vmwareengine.networkPolicies.update vmwareengine.nodeTypes.get vmwareengine.nodeTypes.list vmwareengine.operations.delete vmwareengine.operations.get vmwareengine.operations.list vmwareengine.privateClouds.create vmwareengine.privateClouds.delete vmwareengine.privateClouds.get vmwareengine.privateClouds.getIamPolicy vmwareengine.privateClouds.list vmwareengine.privateClouds.resetNsxCredentials vmwareengine.privateClouds.resetVcenterCredentials vmwareengine.privateClouds.setIamPolicy vmwareengine.privateClouds.showNsxCredentials vmwareengine.privateClouds.showVcenterCredentials vmwareengine.privateClouds.undelete vmwareengine.privateClouds.update vmwareengine.subnets.list vmwareengine.vmwareEngineNetworks.create vmwareengine.vmwareEngineNetworks.delete vmwareengine.vmwareEngineNetworks.get vmwareengine.vmwareEngineNetworks.list vmwareengine.vmwareEngineNetworks.update |
Cloud IAM changes as of 2022-10-21
Service | Change | Description |
---|---|---|
Backup and Disaster Recovery | Role Updated |
The following permissions have been added to the role compute.nodeGroups.get compute.nodeGroups.list compute.nodeTemplates.get compute.regions.get iam.serviceAccounts.actAs iam.serviceAccounts.get iam.serviceAccounts.list resourcemanager.projects.get |
BigQuery Data Policy | Now GA |
The role |
Cloud Composer | Role Updated |
The following permissions have been added to the role recommender.iamPolicyInsights.get recommender.iamPolicyInsights.list recommender.iamPolicyInsights.update recommender.iamPolicyRecommendations.get recommender.iamPolicyRecommendations.list recommender.iamPolicyRecommendations.update |
Compute Engine | Now GA |
The role |
Compute Engine | Role Updated |
The following permissions have been added to the role compute.zoneOperations.get |
Conversational Insights | Now GA |
The role |
Conversational Insights | Now GA |
The role |
Conversational Insights | Role Updated |
The following permissions have been added to the role serviceusage.services.use |
Dataflow | Role Updated |
The following permissions have been added to the role recommender.iamPolicyInsights.get recommender.iamPolicyInsights.list recommender.iamPolicyInsights.update recommender.iamPolicyRecommendations.get recommender.iamPolicyRecommendations.list recommender.iamPolicyRecommendations.update |
Cloud Data Fusion | Role Updated |
The following permissions have been added to the role recommender.iamPolicyInsights.get recommender.iamPolicyInsights.list recommender.iamPolicyInsights.update recommender.iamPolicyRecommendations.get recommender.iamPolicyRecommendations.list recommender.iamPolicyRecommendations.update |
Data Pipelines | Role Updated |
The following permissions have been added to the role recommender.iamPolicyInsights.get recommender.iamPolicyInsights.list recommender.iamPolicyInsights.update recommender.iamPolicyRecommendations.get recommender.iamPolicyRecommendations.list recommender.iamPolicyRecommendations.update |
Dataplex | Role Updated |
The following permissions have been added to the role recommender.iamPolicyInsights.get recommender.iamPolicyInsights.list recommender.iamPolicyInsights.update recommender.iamPolicyRecommendations.get recommender.iamPolicyRecommendations.list recommender.iamPolicyRecommendations.update |
Dataproc | Role Updated |
The following permissions have been added to the role recommender.iamPolicyInsights.get recommender.iamPolicyInsights.list recommender.iamPolicyInsights.update recommender.iamPolicyRecommendations.get recommender.iamPolicyRecommendations.list recommender.iamPolicyRecommendations.update |
Discovery Engine | Now GA |
The role |
Sensitive Data Protection | Role Updated |
The following permissions have been added to the role recommender.iamPolicyInsights.get recommender.iamPolicyInsights.list recommender.iamPolicyInsights.update recommender.iamPolicyRecommendations.get recommender.iamPolicyRecommendations.list recommender.iamPolicyRecommendations.update |
Firebase | Role Updated |
The following permissions have been added to the role recommender.iamPolicyInsights.get recommender.iamPolicyInsights.list recommender.iamPolicyInsights.update recommender.iamPolicyRecommendations.get recommender.iamPolicyRecommendations.list recommender.iamPolicyRecommendations.update |
Firebase | Role Updated |
The following permissions have been added to the role recommender.iamPolicyInsights.get recommender.iamPolicyInsights.list recommender.iamPolicyInsights.update recommender.iamPolicyRecommendations.get recommender.iamPolicyRecommendations.list recommender.iamPolicyRecommendations.update |
Cloud Integrations | Role Updated |
The following permissions have been added to the role integrations.executions.get |
Cloud Integrations | Role Updated |
The following permissions have been added to the role integrations.executions.get |
Cloud Integrations | Role Updated |
The following permissions have been added to the role integrations.executions.get |
Cloud Integrations | Role Updated |
The following permissions have been added to the role integrations.executions.get |
Dataproc Metastore | Role Updated |
The following permissions have been added to the role metastore.databases.get metastore.databases.update metastore.tables.get metastore.tables.update |
AI Platform | Role Updated |
The following permissions have been added to the role recommender.iamPolicyInsights.get recommender.iamPolicyInsights.list recommender.iamPolicyInsights.update recommender.iamPolicyRecommendations.get recommender.iamPolicyRecommendations.list recommender.iamPolicyRecommendations.update |
Recommender | Now GA |
The role |
Recommender | Now GA |
The role |
Recommender | Now GA |
The role |
Recommender | Now GA |
The role |
Recommender | Now GA |
The role |
Recommender | Now GA |
The role |
Recommender | Now GA |
The role |
Recommender | Now GA |
The role |
Recommender | Now GA |
The role |
Recommender | Now GA |
The role |
Recommender | Now GA |
The role |
Recommender | Now GA |
The role |
Recommender | Now GA |
The role |
Recommender | Now GA |
The role |
Recommender | Now GA |
The role |
Recommender | Now GA |
The role |
Cloud Storage | Role Updated |
The following permissions have been added to the role recommender.iamPolicyInsights.get recommender.iamPolicyInsights.list recommender.iamPolicyInsights.update recommender.iamPolicyRecommendations.get recommender.iamPolicyRecommendations.list recommender.iamPolicyRecommendations.update |
Visual Inspection AI | Role Updated |
The following permissions have been added to the role recommender.iamPolicyInsights.get recommender.iamPolicyInsights.list recommender.iamPolicyInsights.update recommender.iamPolicyRecommendations.get recommender.iamPolicyRecommendations.list recommender.iamPolicyRecommendations.update |
AutoML | Added |
automl.examples.update |
AutoML | Supported In Custom Roles |
automl.examples.update |
Bare Metal Solution | Added |
baremetalsolution.instances.disableInteractiveSerialConsole baremetalsolution.instances.enableInteractiveSerialConsole baremetalsolution.instances.stop baremetalsolution.sshKeys.create baremetalsolution.sshKeys.delete baremetalsolution.sshKeys.list |
Bare Metal Solution | Supported In Custom Roles |
baremetalsolution.instances.disableInteractiveSerialConsole baremetalsolution.instances.enableInteractiveSerialConsole baremetalsolution.instances.stop baremetalsolution.sshKeys.create baremetalsolution.sshKeys.delete baremetalsolution.sshKeys.list |
Bare Metal Solution | Now GA |
baremetalsolution.instances.disableInteractiveSerialConsole baremetalsolution.instances.enableInteractiveSerialConsole baremetalsolution.instances.stop baremetalsolution.sshKeys.create baremetalsolution.sshKeys.delete baremetalsolution.sshKeys.list |
BigQuery | Now GA |
bigquery.dataPolicies.create bigquery.dataPolicies.delete bigquery.dataPolicies.get bigquery.dataPolicies.getIamPolicy bigquery.dataPolicies.list bigquery.dataPolicies.maskedGet bigquery.dataPolicies.setIamPolicy bigquery.dataPolicies.update |
Bigtable | Added |
bigtable.hotTablets.list |
Bigtable | Supported In Custom Roles |
bigtable.hotTablets.list |
Bigtable | Now GA |
bigtable.hotTablets.list |
NetApp Cloud Volumes Service | Added |
cloudvolumesgcp-api.netapp.com/volumereplication.authorize cloudvolumesgcp-api.netapp.com/volumereplication.break cloudvolumesgcp-api.netapp.com/volumereplication.create cloudvolumesgcp-api.netapp.com/volumereplication.delete cloudvolumesgcp-api.netapp.com/volumereplication.get cloudvolumesgcp-api.netapp.com/volumereplication.list cloudvolumesgcp-api.netapp.com/volumereplication.release cloudvolumesgcp-api.netapp.com/volumereplication.resync cloudvolumesgcp-api.netapp.com/volumereplication.update |
Compute Engine | Added |
compute.instances.setName compute.networkAttachments.create compute.networkAttachments.delete compute.networkAttachments.get compute.networkAttachments.list |
Compute Engine | Supported In Custom Roles |
compute.instances.setName compute.networkAttachments.create compute.networkAttachments.delete compute.networkAttachments.get compute.networkAttachments.list |
Conversational Insights | Added |
contactcenterinsights.conversations.export contactcenterinsights.views.create contactcenterinsights.views.delete contactcenterinsights.views.get contactcenterinsights.views.list contactcenterinsights.views.update |
Conversational Insights | Now GA |
contactcenterinsights.analyses.create contactcenterinsights.analyses.delete contactcenterinsights.analyses.get contactcenterinsights.analyses.list contactcenterinsights.conversations.create contactcenterinsights.conversations.delete contactcenterinsights.conversations.export contactcenterinsights.conversations.get contactcenterinsights.conversations.list contactcenterinsights.conversations.update contactcenterinsights.issueModels.create contactcenterinsights.issueModels.delete contactcenterinsights.issueModels.deploy contactcenterinsights.issueModels.get contactcenterinsights.issueModels.list contactcenterinsights.issueModels.undeploy contactcenterinsights.issueModels.update contactcenterinsights.issues.get contactcenterinsights.issues.list contactcenterinsights.issues.update contactcenterinsights.operations.get contactcenterinsights.operations.list contactcenterinsights.phraseMatchers.create contactcenterinsights.phraseMatchers.delete contactcenterinsights.phraseMatchers.get contactcenterinsights.phraseMatchers.list contactcenterinsights.phraseMatchers.update contactcenterinsights.settings.get contactcenterinsights.settings.update contactcenterinsights.views.create contactcenterinsights.views.delete contactcenterinsights.views.get contactcenterinsights.views.list contactcenterinsights.views.update |
Dataflow | Added |
dataflow.streamingWorkItems.ImportState dataflow.streamingWorkItems.getWorkerMetadata |
Dataflow | Supported In Custom Roles |
dataflow.streamingWorkItems.ImportState dataflow.streamingWorkItems.getWorkerMetadata |
Dataflow | Now GA |
dataflow.streamingWorkItems.ImportState dataflow.streamingWorkItems.getWorkerMetadata |
Cloud Integrations | Added |
integrations.executions.get |
Cloud Integrations | Now GA |
integrations.executions.get |
Recommender | Added |
recommender.runServiceSecurityInsights.get recommender.runServiceSecurityInsights.list recommender.runServiceSecurityInsights.update recommender.runServiceSecurityRecommendations.get recommender.runServiceSecurityRecommendations.list recommender.runServiceSecurityRecommendations.update |
Recommender | Supported In Custom Roles |
recommender.runServiceSecurityInsights.get recommender.runServiceSecurityInsights.list recommender.runServiceSecurityInsights.update recommender.runServiceSecurityRecommendations.get recommender.runServiceSecurityRecommendations.list recommender.runServiceSecurityRecommendations.update |
Recommender | Now GA |
recommender.networkAnalyzerCloudSqlInsights.get recommender.networkAnalyzerCloudSqlInsights.list recommender.networkAnalyzerCloudSqlInsights.update recommender.networkAnalyzerDynamicRouteInsights.get recommender.networkAnalyzerDynamicRouteInsights.list recommender.networkAnalyzerDynamicRouteInsights.update recommender.networkAnalyzerGkeConnectivityInsights.get recommender.networkAnalyzerGkeConnectivityInsights.list recommender.networkAnalyzerGkeConnectivityInsights.update recommender.networkAnalyzerGkeIpAddressInsights.get recommender.networkAnalyzerGkeIpAddressInsights.list recommender.networkAnalyzerGkeIpAddressInsights.update recommender.networkAnalyzerIpAddressInsights.get recommender.networkAnalyzerIpAddressInsights.list recommender.networkAnalyzerIpAddressInsights.update recommender.networkAnalyzerLoadBalancerInsights.get recommender.networkAnalyzerLoadBalancerInsights.list recommender.networkAnalyzerLoadBalancerInsights.update recommender.networkAnalyzerVpcConnectivityInsights.get recommender.networkAnalyzerVpcConnectivityInsights.list recommender.networkAnalyzerVpcConnectivityInsights.update recommender.runServiceSecurityInsights.get recommender.runServiceSecurityInsights.list recommender.runServiceSecurityInsights.update recommender.runServiceSecurityRecommendations.get recommender.runServiceSecurityRecommendations.list recommender.runServiceSecurityRecommendations.update |
RISC Configuration Service | Added |
riscconfigurationservice.riscconfigs.createOrUpdate riscconfigurationservice.riscconfigs.delete riscconfigurationservice.riscconfigs.get |
RISC Configuration Service | Supported In Custom Roles |
riscconfigurationservice.riscconfigs.createOrUpdate riscconfigurationservice.riscconfigs.delete riscconfigurationservice.riscconfigs.get |
Service Usage | Supported In Custom Roles |
serviceusage.services.use |
Service Usage | Now GA |
serviceusage.services.use |
Cloud TPU | Added |
tpu.nodes.simulateMaintenanceEvent tpu.runtimeversions.get tpu.runtimeversions.list |
Cloud TPU | Supported In Custom Roles |
tpu.nodes.simulateMaintenanceEvent tpu.runtimeversions.get tpu.runtimeversions.list |
Cloud TPU | Now GA |
tpu.nodes.simulateMaintenanceEvent tpu.runtimeversions.get tpu.runtimeversions.list |
Cloud IAM changes as of 2022-09-30
Service | Change | Description |
---|---|---|
Vertex AI | Role Updated |
The following permissions have been added to the role aiplatform.nasTrialDetails.get aiplatform.nasTrialDetails.list |
Vertex AI | Role Updated |
The following permissions have been added to the role aiplatform.nasTrialDetails.get aiplatform.nasTrialDetails.list |
Vertex AI | Role Updated |
The following permissions have been added to the role aiplatform.nasTrialDetails.get aiplatform.nasTrialDetails.list |
Vertex AI | Role Updated |
The following permissions have been added to the role aiplatform.nasTrialDetails.get aiplatform.nasTrialDetails.list |
Vertex AI | Role Updated |
The following permissions have been added to the role aiplatform.nasTrialDetails.get aiplatform.nasTrialDetails.list |
Backup and Disaster Recovery | Now GA |
The role |
Backup and Disaster Recovery | Now GA |
The role |
Chrome Enterprise Premium | Role Updated |
The following permissions have been added to the role resourcemanager.organizations.get |
Google Security Operations | Now GA |
The role |
Google Security Operations | Now GA |
The role |
Basic Role | Role Updated |
The following permissions have been added to the role managedidentities.domains.checkMigrationPermission managedidentities.domains.disableMigration managedidentities.domains.enableMigration |
Managed Service for Microsoft Active Directory | Role Updated |
The following permissions have been added to the role managedidentities.domains.checkMigrationPermission managedidentities.domains.disableMigration managedidentities.domains.enableMigration |
Managed Service for Microsoft Active Directory | Role Updated |
The following permissions have been added to the role managedidentities.domains.checkMigrationPermission managedidentities.domains.disableMigration managedidentities.domains.enableMigration |
Google Cloud Migration Center | Role Updated |
The following permissions have been added to the role rma.annotations.get rma.collectors.get rma.collectors.list rma.locations.get rma.locations.list rma.operations.get rma.operations.list |
Basic Role | Role Updated |
The following permissions have been added to the role managedidentities.domains.checkMigrationPermission managedidentities.domains.disableMigration managedidentities.domains.enableMigration |
Serverless Integrations | Now GA |
The role |
Video Stitcher API | Now GA |
The role |
Video Stitcher API | Now GA |
The role |
Video Stitcher API | Now GA |
The role |
Basic Role | Role Updated |
The following permissions have been added to the role managedidentities.domains.checkMigrationPermission |
Visual Inspection AI | Role Updated |
The following permissions have been added to the role aiplatform.nasTrialDetails.get aiplatform.nasTrialDetails.list |
Vertex AI | Added |
aiplatform.nasTrialDetails.get aiplatform.nasTrialDetails.list |
API Keys | Added |
apikeys.keys.getKeyString apikeys.keys.undelete |
API Keys | Supported In Custom Roles |
apikeys.keys.getKeyString apikeys.keys.undelete |
API Keys | Now GA |
apikeys.keys.getKeyString apikeys.keys.undelete |
Artifact Registry | Added |
artifactregistry.kfpartifacts.create |
Artifact Registry | Now GA |
artifactregistry.kfpartifacts.create |
Bare Metal Solution | Added |
baremetalsolution.instances.attachNetwork baremetalsolution.instances.detachNetwork baremetalsolution.networks.create baremetalsolution.networks.delete |
Bare Metal Solution | Supported In Custom Roles |
baremetalsolution.instances.attachNetwork baremetalsolution.instances.detachNetwork baremetalsolution.networks.create baremetalsolution.networks.delete |
Bare Metal Solution | Now GA |
baremetalsolution.instances.attachNetwork baremetalsolution.instances.detachNetwork baremetalsolution.networks.create baremetalsolution.networks.delete |
Bigtable | Added |
bigtable.instances.ping |
Bigtable | Now GA |
bigtable.instances.ping |
Certificate Manager | Added |
certificatemanager.certissuanceconfigs.create certificatemanager.certissuanceconfigs.delete certificatemanager.certissuanceconfigs.get certificatemanager.certissuanceconfigs.list certificatemanager.certissuanceconfigs.update certificatemanager.certissuanceconfigs.use |
Certificate Manager | Supported In Custom Roles |
certificatemanager.certissuanceconfigs.create certificatemanager.certissuanceconfigs.delete certificatemanager.certissuanceconfigs.get certificatemanager.certissuanceconfigs.list certificatemanager.certissuanceconfigs.update certificatemanager.certissuanceconfigs.use |
Google Security Operations | Added |
chronicle.dashboards.copy chronicle.dashboards.create chronicle.dashboards.delete chronicle.dashboards.get chronicle.dashboards.list chronicle.multitenantDirectories.get |
Google Security Operations | Supported In Custom Roles |
chronicle.dashboards.copy chronicle.dashboards.create chronicle.dashboards.delete chronicle.dashboards.get chronicle.dashboards.list |
Google Security Operations | Now GA |
chronicle.dashboards.copy chronicle.dashboards.create chronicle.dashboards.delete chronicle.dashboards.get chronicle.dashboards.list chronicle.multitenantDirectories.get |
Cloud Asset Inventory | Added |
cloudasset.assets.exportAiplatformBatchPredictionJobs cloudasset.assets.exportAiplatformCustomJobs cloudasset.assets.exportAiplatformDataLabelingJobs cloudasset.assets.exportAiplatformDatasets cloudasset.assets.exportAiplatformEndpoints cloudasset.assets.exportAiplatformHyperparameterTuningJobs cloudasset.assets.exportAiplatformMetadataStores cloudasset.assets.exportAiplatformModelDeploymentMonitoringJobs cloudasset.assets.exportAiplatformModels cloudasset.assets.exportAiplatformPipelineJobs cloudasset.assets.exportAiplatformSpecialistPools cloudasset.assets.exportAiplatformTrainingPipelines cloudasset.assets.exportAnthosConnectedCluster cloudasset.assets.exportAnthosedgeCluster cloudasset.assets.exportApigatewayApi cloudasset.assets.exportApigatewayApiConfig cloudasset.assets.exportApigatewayGateway cloudasset.assets.exportApikeysKeys cloudasset.assets.exportArtifactregistryDockerImages cloudasset.assets.exportArtifactregistryRepositories cloudasset.assets.exportAssuredWorkloadsWorkloads cloudasset.assets.exportBeyondCorpApiGateways cloudasset.assets.exportBeyondCorpAppConnections cloudasset.assets.exportBeyondCorpAppConnectors cloudasset.assets.exportBeyondCorpClientConnectorServices cloudasset.assets.exportBeyondCorpClientGateways cloudasset.assets.exportBigqueryModels cloudasset.assets.exportBigtableAppProfile cloudasset.assets.exportBigtableBackup cloudasset.assets.exportCloudAssetFeeds cloudasset.assets.exportCloudDeployDeliveryPipelines cloudasset.assets.exportCloudDeployReleases cloudasset.assets.exportCloudDeployRollouts cloudasset.assets.exportCloudDeployTargets cloudasset.assets.exportCloudDocumentAIEvaluation cloudasset.assets.exportCloudDocumentAIHumanReviewConfig cloudasset.assets.exportCloudDocumentAILabelerPool cloudasset.assets.exportCloudDocumentAIProcessor cloudasset.assets.exportCloudDocumentAIProcessorVersion cloudasset.assets.exportCloudbillingProjectBillingInfos cloudasset.assets.exportCloudfunctionsFunctions cloudasset.assets.exportCloudfunctionsGen2Functions cloudasset.assets.exportCloudkmsEkmConnections cloudasset.assets.exportCloudmemcacheInstances cloudasset.assets.exportCloudresourcemanagerTagBindings cloudasset.assets.exportCloudresourcemanagerTagKeys cloudasset.assets.exportCloudresourcemanagerTagValues cloudasset.assets.exportComposerEnvironments cloudasset.assets.exportComputeCommitments cloudasset.assets.exportComputeExternalVpnGateways cloudasset.assets.exportComputeFirewallPolicies cloudasset.assets.exportComputeNetworkEndpointGroups cloudasset.assets.exportComputeNodeGroups cloudasset.assets.exportComputeNodeTemplates cloudasset.assets.exportComputePacketMirrorings cloudasset.assets.exportComputeReservations cloudasset.assets.exportComputeResourcePolicies cloudasset.assets.exportComputeServiceAttachments cloudasset.assets.exportComputeSslPolicies cloudasset.assets.exportComputeVpnGateways cloudasset.assets.exportConnectorsConnections cloudasset.assets.exportConnectorsConnectorVersions cloudasset.assets.exportConnectorsConnectors cloudasset.assets.exportConnectorsProviders cloudasset.assets.exportConnectorsRuntimeConfigs cloudasset.assets.exportContainerAppsDeployment cloudasset.assets.exportContainerAppsReplicaSets cloudasset.assets.exportContainerBatchJobs cloudasset.assets.exportContainerExtensionsIngresses cloudasset.assets.exportContainerJobs cloudasset.assets.exportContainerNetworkingIngresses cloudasset.assets.exportContainerNetworkingNetworkPolicies cloudasset.assets.exportContainerReplicaSets cloudasset.assets.exportContainerServices cloudasset.assets.exportDataMigrationConnectionProfiles cloudasset.assets.exportDataMigrationMigrationJobs cloudasset.assets.exportDataflowJobs cloudasset.assets.exportDataplexAssets cloudasset.assets.exportDataplexLakes cloudasset.assets.exportDataplexTasks cloudasset.assets.exportDataplexZones cloudasset.assets.exportDataprocAutoscalingPolicies cloudasset.assets.exportDataprocBatches cloudasset.assets.exportDataprocSessions cloudasset.assets.exportDataprocWorkflowTemplates cloudasset.assets.exportDatastreamConnectionProfile cloudasset.assets.exportDatastreamPrivateConnection cloudasset.assets.exportDatastreamStream cloudasset.assets.exportDialogflowAgents cloudasset.assets.exportDialogflowConversationProfiles cloudasset.assets.exportDialogflowKnowledgeBases cloudasset.assets.exportDialogflowLocationSettings cloudasset.assets.exportDlpDeidentifyTemplates cloudasset.assets.exportDlpDlpJobs cloudasset.assets.exportDlpInspectTemplates cloudasset.assets.exportDlpJobTriggers cloudasset.assets.exportDlpStoredInfoTypes cloudasset.assets.exportDomainsRegistrations cloudasset.assets.exportEventarcTriggers cloudasset.assets.exportFileBackups cloudasset.assets.exportFileInstances cloudasset.assets.exportFirebaseAppInfos cloudasset.assets.exportFirebaseProjects cloudasset.assets.exportFirestoreDatabases cloudasset.assets.exportGKEHubFeatures cloudasset.assets.exportGKEHubMemberships cloudasset.assets.exportGameservicesGameServerClusters cloudasset.assets.exportGameservicesGameServerConfigs cloudasset.assets.exportGameservicesGameServerDeployments cloudasset.assets.exportGameservicesRealms cloudasset.assets.exportGkeBackupBackupPlans cloudasset.assets.exportGkeBackupBackups cloudasset.assets.exportGkeBackupRestorePlans cloudasset.assets.exportGkeBackupRestores cloudasset.assets.exportGkeBackupVolumeBackups cloudasset.assets.exportGkeBackupVolumeRestores cloudasset.assets.exportHealthcareConsentStores cloudasset.assets.exportHealthcareDatasets cloudasset.assets.exportHealthcareDicomStores cloudasset.assets.exportHealthcareFhirStores cloudasset.assets.exportHealthcareHl7V2Stores cloudasset.assets.exportIapTunnel cloudasset.assets.exportIapTunnelInstances cloudasset.assets.exportIapTunnelZones cloudasset.assets.exportIapWeb cloudasset.assets.exportIapWebServiceVersion cloudasset.assets.exportIapWebServices cloudasset.assets.exportIapWebType cloudasset.assets.exportIdsEndpoints cloudasset.assets.exportIntegrationsAuthConfigs cloudasset.assets.exportIntegrationsCertificates cloudasset.assets.exportIntegrationsExecutions cloudasset.assets.exportIntegrationsIntegrationVersions cloudasset.assets.exportIntegrationsIntegrations cloudasset.assets.exportIntegrationsSfdcChannels cloudasset.assets.exportIntegrationsSfdcInstances cloudasset.assets.exportIntegrationsSuspensions cloudasset.assets.exportLoggingLogMetrics cloudasset.assets.exportLoggingLogSinks cloudasset.assets.exportMetastoreBackups cloudasset.assets.exportMetastoreMetadataImports cloudasset.assets.exportMetastoreServices cloudasset.assets.exportMonitoringAlertPolicies cloudasset.assets.exportNetworkConnectivityHubs cloudasset.assets.exportNetworkConnectivitySpokes cloudasset.assets.exportNetworkManagementConnectivityTests cloudasset.assets.exportNetworkServicesEndpointPolicies cloudasset.assets.exportNetworkServicesGateways cloudasset.assets.exportNetworkServicesGrpcRoutes cloudasset.assets.exportNetworkServicesHttpRoutes cloudasset.assets.exportNetworkServicesMeshes cloudasset.assets.exportNetworkServicesServiceBindings cloudasset.assets.exportNetworkServicesTcpRoutes cloudasset.assets.exportNetworkServicesTlsRoutes cloudasset.assets.exportOSConfigOSPolicyAssignmentReports cloudasset.assets.exportOSConfigOSPolicyAssignments cloudasset.assets.exportOSConfigVulnerabilityReports cloudasset.assets.exportPatchDeployments cloudasset.assets.exportPubsubSnapshots cloudasset.assets.exportRedisInstances cloudasset.assets.exportServiceDirectoryNamespaces cloudasset.assets.exportServiceconsumermanagementConsumerProperty cloudasset.assets.exportServiceconsumermanagementConsumerQuotaLimits cloudasset.assets.exportServiceconsumermanagementConsumers cloudasset.assets.exportServiceconsumermanagementProducerOverrides cloudasset.assets.exportServiceconsumermanagementTenancyUnits cloudasset.assets.exportServiceconsumermanagementVisibility cloudasset.assets.exportServiceusageAdminOverrides cloudasset.assets.exportServiceusageConsumerOverrides cloudasset.assets.exportServiceusageServices cloudasset.assets.exportSpannerBackups cloudasset.assets.exportSpeakerIdPhrases cloudasset.assets.exportSpeakerIdSettings cloudasset.assets.exportSpeakerIdSpeakers cloudasset.assets.exportSpeechCustomClasses cloudasset.assets.exportSpeechPhraseSets cloudasset.assets.exportSqladminBackupRuns cloudasset.assets.exportTpuNodes cloudasset.assets.exportVpcaccessConnector cloudasset.assets.listAccessLevel cloudasset.assets.listAiplatformBatchPredictionJobs cloudasset.assets.listAiplatformCustomJobs cloudasset.assets.listAiplatformDataLabelingJobs cloudasset.assets.listAiplatformDatasets cloudasset.assets.listAiplatformEndpoints cloudasset.assets.listAiplatformHyperparameterTuningJobs cloudasset.assets.listAiplatformMetadataStores cloudasset.assets.listAiplatformModelDeploymentMonitoringJobs cloudasset.assets.listAiplatformModels cloudasset.assets.listAiplatformPipelineJobs cloudasset.assets.listAiplatformSpecialistPools cloudasset.assets.listAiplatformTrainingPipelines cloudasset.assets.listAllAccessPolicy cloudasset.assets.listAnthosConnectedCluster cloudasset.assets.listAnthosedgeCluster cloudasset.assets.listApigatewayApi cloudasset.assets.listApigatewayApiConfig cloudasset.assets.listApigatewayGateway cloudasset.assets.listApikeysKeys cloudasset.assets.listAppengineApplications cloudasset.assets.listAppengineServices cloudasset.assets.listAppengineVersions cloudasset.assets.listArtifactregistryDockerImages cloudasset.assets.listArtifactregistryRepositories cloudasset.assets.listAssuredWorkloadsWorkloads cloudasset.assets.listBeyondCorpApiGateways cloudasset.assets.listBeyondCorpAppConnections cloudasset.assets.listBeyondCorpAppConnectors cloudasset.assets.listBeyondCorpClientConnectorServices cloudasset.assets.listBeyondCorpClientGateways cloudasset.assets.listBigqueryDatasets cloudasset.assets.listBigqueryModels cloudasset.assets.listBigqueryTables cloudasset.assets.listBigtableAppProfile cloudasset.assets.listBigtableBackup cloudasset.assets.listBigtableCluster cloudasset.assets.listBigtableInstance cloudasset.assets.listBigtableTable cloudasset.assets.listCloudAssetFeeds cloudasset.assets.listCloudDeployDeliveryPipelines cloudasset.assets.listCloudDeployReleases cloudasset.assets.listCloudDeployRollouts cloudasset.assets.listCloudDeployTargets cloudasset.assets.listCloudDocumentAIEvaluation cloudasset.assets.listCloudDocumentAIHumanReviewConfig cloudasset.assets.listCloudDocumentAILabelerPool cloudasset.assets.listCloudDocumentAIProcessor cloudasset.assets.listCloudDocumentAIProcessorVersion cloudasset.assets.listCloudbillingBillingAccounts cloudasset.assets.listCloudbillingProjectBillingInfos cloudasset.assets.listCloudfunctionsFunctions cloudasset.assets.listCloudfunctionsGen2Functions cloudasset.assets.listCloudkmsCryptoKeyVersions cloudasset.assets.listCloudkmsEkmConnections cloudasset.assets.listCloudkmsImportJobs cloudasset.assets.listCloudkmsKeyRings cloudasset.assets.listCloudmemcacheInstances cloudasset.assets.listCloudresourcemanagerFolders cloudasset.assets.listCloudresourcemanagerOrganizations cloudasset.assets.listCloudresourcemanagerProjects cloudasset.assets.listCloudresourcemanagerTagBindings cloudasset.assets.listCloudresourcemanagerTagKeys cloudasset.assets.listCloudresourcemanagerTagValues cloudasset.assets.listComposerEnvironments cloudasset.assets.listComputeAddress cloudasset.assets.listComputeAutoscalers cloudasset.assets.listComputeBackendBuckets cloudasset.assets.listComputeBackendServices cloudasset.assets.listComputeCommitments cloudasset.assets.listComputeDisks cloudasset.assets.listComputeExternalVpnGateways cloudasset.assets.listComputeFirewallPolicies cloudasset.assets.listComputeFirewalls cloudasset.assets.listComputeForwardingRules cloudasset.assets.listComputeGlobalAddress cloudasset.assets.listComputeGlobalForwardingRules cloudasset.assets.listComputeHealthChecks cloudasset.assets.listComputeHttpHealthChecks cloudasset.assets.listComputeHttpsHealthChecks cloudasset.assets.listComputeImages cloudasset.assets.listComputeInstanceGroupManagers cloudasset.assets.listComputeInstanceGroups cloudasset.assets.listComputeInstanceTemplates cloudasset.assets.listComputeInstances cloudasset.assets.listComputeInterconnect cloudasset.assets.listComputeInterconnectAttachment cloudasset.assets.listComputeLicenses cloudasset.assets.listComputeNetworkEndpointGroups cloudasset.assets.listComputeNetworks cloudasset.assets.listComputeNodeGroups cloudasset.assets.listComputeNodeTemplates cloudasset.assets.listComputePacketMirrorings cloudasset.assets.listComputeProjects cloudasset.assets.listComputeRegionAutoscaler cloudasset.assets.listComputeRegionBackendServices cloudasset.assets.listComputeRegionDisk cloudasset.assets.listComputeRegionInstanceGroup cloudasset.assets.listComputeRegionInstanceGroupManager cloudasset.assets.listComputeReservations cloudasset.assets.listComputeResourcePolicies cloudasset.assets.listComputeRouters cloudasset.assets.listComputeRoutes cloudasset.assets.listComputeSecurityPolicy cloudasset.assets.listComputeServiceAttachments cloudasset.assets.listComputeSnapshots cloudasset.assets.listComputeSslCertificates cloudasset.assets.listComputeSslPolicies cloudasset.assets.listComputeSubnetworks cloudasset.assets.listComputeTargetHttpProxies cloudasset.assets.listComputeTargetHttpsProxies cloudasset.assets.listComputeTargetInstances cloudasset.assets.listComputeTargetPools cloudasset.assets.listComputeTargetSslProxies cloudasset.assets.listComputeTargetTcpProxies cloudasset.assets.listComputeTargetVpnGateways cloudasset.assets.listComputeUrlMaps cloudasset.assets.listComputeVpnGateways cloudasset.assets.listComputeVpnTunnels cloudasset.assets.listConnectorsConnections cloudasset.assets.listConnectorsConnectorVersions cloudasset.assets.listConnectorsConnectors cloudasset.assets.listConnectorsProviders cloudasset.assets.listConnectorsRuntimeConfigs cloudasset.assets.listContainerAppsDeployment cloudasset.assets.listContainerAppsReplicaSets cloudasset.assets.listContainerBatchJobs cloudasset.assets.listContainerClusterrole cloudasset.assets.listContainerClusterrolebinding cloudasset.assets.listContainerClusters cloudasset.assets.listContainerExtensionsIngresses cloudasset.assets.listContainerJobs cloudasset.assets.listContainerNamespace cloudasset.assets.listContainerNetworkingIngresses cloudasset.assets.listContainerNetworkingNetworkPolicies cloudasset.assets.listContainerNode cloudasset.assets.listContainerNodepool cloudasset.assets.listContainerPod cloudasset.assets.listContainerReplicaSets cloudasset.assets.listContainerRole cloudasset.assets.listContainerRolebinding cloudasset.assets.listContainerServices cloudasset.assets.listContainerregistryImage cloudasset.assets.listDataMigrationConnectionProfiles cloudasset.assets.listDataMigrationMigrationJobs cloudasset.assets.listDataflowJobs cloudasset.assets.listDatafusionInstance cloudasset.assets.listDataplexAssets cloudasset.assets.listDataplexLakes cloudasset.assets.listDataplexTasks cloudasset.assets.listDataplexZones cloudasset.assets.listDataprocAutoscalingPolicies cloudasset.assets.listDataprocBatches cloudasset.assets.listDataprocClusters cloudasset.assets.listDataprocJobs cloudasset.assets.listDataprocSessions cloudasset.assets.listDataprocWorkflowTemplates cloudasset.assets.listDatastreamConnectionProfile cloudasset.assets.listDatastreamPrivateConnection cloudasset.assets.listDatastreamStream cloudasset.assets.listDialogflowAgents cloudasset.assets.listDialogflowConversationProfiles cloudasset.assets.listDialogflowKnowledgeBases cloudasset.assets.listDialogflowLocationSettings cloudasset.assets.listDlpDeidentifyTemplates cloudasset.assets.listDlpDlpJobs cloudasset.assets.listDlpInspectTemplates cloudasset.assets.listDlpJobTriggers cloudasset.assets.listDlpStoredInfoTypes cloudasset.assets.listDnsManagedZones cloudasset.assets.listDnsPolicies cloudasset.assets.listDomainsRegistrations cloudasset.assets.listEventarcTriggers cloudasset.assets.listFileBackups cloudasset.assets.listFileInstances cloudasset.assets.listFirebaseAppInfos cloudasset.assets.listFirebaseProjects cloudasset.assets.listFirestoreDatabases cloudasset.assets.listGKEHubFeatures cloudasset.assets.listGKEHubMemberships cloudasset.assets.listGameservicesGameServerClusters cloudasset.assets.listGameservicesGameServerConfigs cloudasset.assets.listGameservicesGameServerDeployments cloudasset.assets.listGameservicesRealms cloudasset.assets.listGkeBackupBackupPlans cloudasset.assets.listGkeBackupBackups cloudasset.assets.listGkeBackupRestorePlans cloudasset.assets.listGkeBackupRestores cloudasset.assets.listGkeBackupVolumeBackups cloudasset.assets.listGkeBackupVolumeRestores cloudasset.assets.listHealthcareConsentStores cloudasset.assets.listHealthcareDatasets cloudasset.assets.listHealthcareDicomStores cloudasset.assets.listHealthcareFhirStores cloudasset.assets.listHealthcareHl7V2Stores cloudasset.assets.listIamRoles cloudasset.assets.listIamServiceAccountKeys cloudasset.assets.listIamServiceAccounts cloudasset.assets.listIapTunnel cloudasset.assets.listIapTunnelInstances cloudasset.assets.listIapTunnelZones cloudasset.assets.listIapWeb cloudasset.assets.listIapWebServiceVersion cloudasset.assets.listIapWebServices cloudasset.assets.listIapWebType cloudasset.assets.listIdsEndpoints cloudasset.assets.listIntegrationsAuthConfigs cloudasset.assets.listIntegrationsCertificates cloudasset.assets.listIntegrationsExecutions cloudasset.assets.listIntegrationsIntegrationVersions cloudasset.assets.listIntegrationsIntegrations cloudasset.assets.listIntegrationsSfdcChannels cloudasset.assets.listIntegrationsSfdcInstances cloudasset.assets.listIntegrationsSuspensions cloudasset.assets.listLoggingLogMetrics cloudasset.assets.listLoggingLogSinks cloudasset.assets.listManagedidentitiesDomain cloudasset.assets.listMetastoreBackups cloudasset.assets.listMetastoreMetadataImports cloudasset.assets.listMetastoreServices cloudasset.assets.listMonitoringAlertPolicies cloudasset.assets.listNetworkConnectivityHubs cloudasset.assets.listNetworkConnectivitySpokes cloudasset.assets.listNetworkManagementConnectivityTests cloudasset.assets.listNetworkServicesEndpointPolicies cloudasset.assets.listNetworkServicesGateways cloudasset.assets.listNetworkServicesGrpcRoutes cloudasset.assets.listNetworkServicesHttpRoutes cloudasset.assets.listNetworkServicesMeshes cloudasset.assets.listNetworkServicesServiceBindings cloudasset.assets.listNetworkServicesTcpRoutes cloudasset.assets.listNetworkServicesTlsRoutes cloudasset.assets.listOSConfigOSPolicyAssignmentReports cloudasset.assets.listOSConfigOSPolicyAssignments cloudasset.assets.listOSConfigVulnerabilityReports cloudasset.assets.listPatchDeployments cloudasset.assets.listPubsubSnapshots cloudasset.assets.listPubsubSubscriptions cloudasset.assets.listPubsubTopics cloudasset.assets.listRedisInstances cloudasset.assets.listRunDomainMapping cloudasset.assets.listRunRevision cloudasset.assets.listRunService cloudasset.assets.listServiceDirectoryNamespaces cloudasset.assets.listServicePerimeter cloudasset.assets.listServiceconsumermanagementConsumerProperty cloudasset.assets.listServiceconsumermanagementConsumerQuotaLimits cloudasset.assets.listServiceconsumermanagementConsumers cloudasset.assets.listServiceconsumermanagementProducerOverrides cloudasset.assets.listServiceconsumermanagementTenancyUnits cloudasset.assets.listServiceconsumermanagementVisibility cloudasset.assets.listServicemanagementServices cloudasset.assets.listServiceusageAdminOverrides cloudasset.assets.listServiceusageConsumerOverrides cloudasset.assets.listServiceusageServices cloudasset.assets.listSpannerBackups cloudasset.assets.listSpannerDatabases cloudasset.assets.listSpannerInstances cloudasset.assets.listSpeakerIdPhrases cloudasset.assets.listSpeakerIdSettings cloudasset.assets.listSpeakerIdSpeakers cloudasset.assets.listSpeechCustomClasses cloudasset.assets.listSpeechPhraseSets cloudasset.assets.listSqladminBackupRuns cloudasset.assets.listSqladminInstances cloudasset.assets.listStorageBuckets cloudasset.assets.listTpuNodes cloudasset.assets.listVpcaccessConnector |
Cloud Asset Inventory | Supported In Custom Roles |
cloudasset.assets.exportAccessLevel cloudasset.assets.exportAiplatformBatchPredictionJobs cloudasset.assets.exportAiplatformCustomJobs cloudasset.assets.exportAiplatformDataLabelingJobs cloudasset.assets.exportAiplatformDatasets cloudasset.assets.exportAiplatformEndpoints cloudasset.assets.exportAiplatformHyperparameterTuningJobs cloudasset.assets.exportAiplatformMetadataStores cloudasset.assets.exportAiplatformModelDeploymentMonitoringJobs cloudasset.assets.exportAiplatformModels cloudasset.assets.exportAiplatformPipelineJobs cloudasset.assets.exportAiplatformSpecialistPools cloudasset.assets.exportAiplatformTrainingPipelines cloudasset.assets.exportAllAccessPolicy cloudasset.assets.exportAnthosConnectedCluster cloudasset.assets.exportAnthosedgeCluster cloudasset.assets.exportApigatewayApi cloudasset.assets.exportApigatewayApiConfig cloudasset.assets.exportApigatewayGateway cloudasset.assets.exportApikeysKeys cloudasset.assets.exportAppengineApplications cloudasset.assets.exportAppengineServices cloudasset.assets.exportAppengineVersions cloudasset.assets.exportArtifactregistryDockerImages cloudasset.assets.exportArtifactregistryRepositories cloudasset.assets.exportAssuredWorkloadsWorkloads cloudasset.assets.exportBeyondCorpApiGateways cloudasset.assets.exportBeyondCorpAppConnections cloudasset.assets.exportBeyondCorpAppConnectors cloudasset.assets.exportBeyondCorpClientConnectorServices cloudasset.assets.exportBeyondCorpClientGateways cloudasset.assets.exportBigqueryDatasets cloudasset.assets.exportBigqueryModels cloudasset.assets.exportBigqueryTables cloudasset.assets.exportBigtableAppProfile cloudasset.assets.exportBigtableBackup cloudasset.assets.exportBigtableCluster cloudasset.assets.exportBigtableInstance cloudasset.assets.exportBigtableTable cloudasset.assets.exportCloudAssetFeeds cloudasset.assets.exportCloudDeployDeliveryPipelines cloudasset.assets.exportCloudDeployReleases cloudasset.assets.exportCloudDeployRollouts cloudasset.assets.exportCloudDeployTargets cloudasset.assets.exportCloudDocumentAIEvaluation cloudasset.assets.exportCloudDocumentAIHumanReviewConfig cloudasset.assets.exportCloudDocumentAILabelerPool cloudasset.assets.exportCloudDocumentAIProcessor cloudasset.assets.exportCloudDocumentAIProcessorVersion cloudasset.assets.exportCloudbillingBillingAccounts cloudasset.assets.exportCloudbillingProjectBillingInfos cloudasset.assets.exportCloudfunctionsFunctions cloudasset.assets.exportCloudfunctionsGen2Functions cloudasset.assets.exportCloudkmsCryptoKeyVersions cloudasset.assets.exportCloudkmsCryptoKeys cloudasset.assets.exportCloudkmsEkmConnections cloudasset.assets.exportCloudkmsKeyRings cloudasset.assets.exportCloudmemcacheInstances cloudasset.assets.exportCloudresourcemanagerFolders cloudasset.assets.exportCloudresourcemanagerOrganizations cloudasset.assets.exportCloudresourcemanagerProjects cloudasset.assets.exportCloudresourcemanagerTagBindings cloudasset.assets.exportCloudresourcemanagerTagKeys cloudasset.assets.exportCloudresourcemanagerTagValues cloudasset.assets.exportComposerEnvironments cloudasset.assets.exportComputeAddress cloudasset.assets.exportComputeAutoscalers cloudasset.assets.exportComputeBackendBuckets cloudasset.assets.exportComputeBackendServices cloudasset.assets.exportComputeCommitments cloudasset.assets.exportComputeDisks cloudasset.assets.exportComputeExternalVpnGateways cloudasset.assets.exportComputeFirewallPolicies cloudasset.assets.exportComputeFirewalls cloudasset.assets.exportComputeForwardingRules cloudasset.assets.exportComputeGlobalAddress cloudasset.assets.exportComputeGlobalForwardingRules cloudasset.assets.exportComputeHealthChecks cloudasset.assets.exportComputeHttpHealthChecks cloudasset.assets.exportComputeHttpsHealthChecks cloudasset.assets.exportComputeImages cloudasset.assets.exportComputeInstanceGroupManagers cloudasset.assets.exportComputeInstanceGroups cloudasset.assets.exportComputeInstanceTemplates cloudasset.assets.exportComputeInstances cloudasset.assets.exportComputeInterconnect cloudasset.assets.exportComputeInterconnectAttachment cloudasset.assets.exportComputeLicenses cloudasset.assets.exportComputeNetworkEndpointGroups cloudasset.assets.exportComputeNetworks cloudasset.assets.exportComputeNodeGroups cloudasset.assets.exportComputeNodeTemplates cloudasset.assets.exportComputePacketMirrorings cloudasset.assets.exportComputeProjects cloudasset.assets.exportComputeRegionAutoscaler cloudasset.assets.exportComputeRegionBackendServices cloudasset.assets.exportComputeRegionDisk cloudasset.assets.exportComputeRegionInstanceGroup cloudasset.assets.exportComputeRegionInstanceGroupManager cloudasset.assets.exportComputeReservations cloudasset.assets.exportComputeResourcePolicies cloudasset.assets.exportComputeRouters cloudasset.assets.exportComputeRoutes cloudasset.assets.exportComputeSecurityPolicy cloudasset.assets.exportComputeServiceAttachments cloudasset.assets.exportComputeSnapshots cloudasset.assets.exportComputeSslCertificates cloudasset.assets.exportComputeSslPolicies cloudasset.assets.exportComputeSubnetworks cloudasset.assets.exportComputeTargetHttpProxies cloudasset.assets.exportComputeTargetHttpsProxies cloudasset.assets.exportComputeTargetInstances cloudasset.assets.exportComputeTargetPools cloudasset.assets.exportComputeTargetSslProxies cloudasset.assets.exportComputeTargetTcpProxies cloudasset.assets.exportComputeTargetVpnGateways cloudasset.assets.exportComputeUrlMaps cloudasset.assets.exportComputeVpnGateways cloudasset.assets.exportComputeVpnTunnels cloudasset.assets.exportConnectorsConnections cloudasset.assets.exportConnectorsConnectorVersions cloudasset.assets.exportConnectorsConnectors cloudasset.assets.exportConnectorsProviders cloudasset.assets.exportConnectorsRuntimeConfigs cloudasset.assets.exportContainerAppsDeployment cloudasset.assets.exportContainerAppsReplicaSets cloudasset.assets.exportContainerBatchJobs cloudasset.assets.exportContainerClusterrole cloudasset.assets.exportContainerClusterrolebinding cloudasset.assets.exportContainerClusters cloudasset.assets.exportContainerExtensionsIngresses cloudasset.assets.exportContainerJobs cloudasset.assets.exportContainerNamespace cloudasset.assets.exportContainerNetworkingIngresses cloudasset.assets.exportContainerNetworkingNetworkPolicies cloudasset.assets.exportContainerNode cloudasset.assets.exportContainerNodepool cloudasset.assets.exportContainerPod cloudasset.assets.exportContainerReplicaSets cloudasset.assets.exportContainerRole cloudasset.assets.exportContainerRolebinding cloudasset.assets.exportContainerServices cloudasset.assets.exportContainerregistryImage cloudasset.assets.exportDataMigrationConnectionProfiles cloudasset.assets.exportDataMigrationMigrationJobs cloudasset.assets.exportDataflowJobs cloudasset.assets.exportDatafusionInstance cloudasset.assets.exportDataplexAssets cloudasset.assets.exportDataplexLakes cloudasset.assets.exportDataplexTasks cloudasset.assets.exportDataplexZones cloudasset.assets.exportDataprocAutoscalingPolicies cloudasset.assets.exportDataprocBatches cloudasset.assets.exportDataprocClusters cloudasset.assets.exportDataprocJobs cloudasset.assets.exportDataprocSessions cloudasset.assets.exportDataprocWorkflowTemplates cloudasset.assets.exportDatastreamConnectionProfile cloudasset.assets.exportDatastreamPrivateConnection cloudasset.assets.exportDatastreamStream cloudasset.assets.exportDialogflowAgents cloudasset.assets.exportDialogflowConversationProfiles cloudasset.assets.exportDialogflowKnowledgeBases cloudasset.assets.exportDialogflowLocationSettings cloudasset.assets.exportDlpDeidentifyTemplates cloudasset.assets.exportDlpDlpJobs cloudasset.assets.exportDlpInspectTemplates cloudasset.assets.exportDlpJobTriggers cloudasset.assets.exportDlpStoredInfoTypes cloudasset.assets.exportDnsManagedZones cloudasset.assets.exportDnsPolicies cloudasset.assets.exportDomainsRegistrations cloudasset.assets.exportEventarcTriggers cloudasset.assets.exportFileBackups cloudasset.assets.exportFileInstances cloudasset.assets.exportFirebaseAppInfos cloudasset.assets.exportFirebaseProjects cloudasset.assets.exportFirestoreDatabases cloudasset.assets.exportGKEHubFeatures cloudasset.assets.exportGKEHubMemberships cloudasset.assets.exportGameservicesGameServerClusters cloudasset.assets.exportGameservicesGameServerConfigs cloudasset.assets.exportGameservicesGameServerDeployments cloudasset.assets.exportGameservicesRealms cloudasset.assets.exportGkeBackupBackupPlans cloudasset.assets.exportGkeBackupBackups cloudasset.assets.exportGkeBackupRestorePlans cloudasset.assets.exportGkeBackupRestores cloudasset.assets.exportGkeBackupVolumeBackups cloudasset.assets.exportGkeBackupVolumeRestores cloudasset.assets.exportHealthcareConsentStores cloudasset.assets.exportHealthcareDatasets cloudasset.assets.exportHealthcareDicomStores cloudasset.assets.exportHealthcareFhirStores cloudasset.assets.exportHealthcareHl7V2Stores cloudasset.assets.exportIamRoles cloudasset.assets.exportIamServiceAccountKeys cloudasset.assets.exportIamServiceAccounts cloudasset.assets.exportIdsEndpoints cloudasset.assets.exportIntegrationsAuthConfigs cloudasset.assets.exportIntegrationsCertificates cloudasset.assets.exportIntegrationsExecutions cloudasset.assets.exportIntegrationsIntegrationVersions cloudasset.assets.exportIntegrationsIntegrations cloudasset.assets.exportIntegrationsSfdcChannels cloudasset.assets.exportIntegrationsSfdcInstances cloudasset.assets.exportIntegrationsSuspensions cloudasset.assets.exportManagedidentitiesDomain cloudasset.assets.exportMetastoreBackups cloudasset.assets.exportMetastoreMetadataImports cloudasset.assets.exportMetastoreServices cloudasset.assets.exportMonitoringAlertPolicies cloudasset.assets.exportNetworkConnectivityHubs cloudasset.assets.exportNetworkConnectivitySpokes cloudasset.assets.exportNetworkManagementConnectivityTests cloudasset.assets.exportNetworkServicesEndpointPolicies cloudasset.assets.exportNetworkServicesGateways cloudasset.assets.exportNetworkServicesGrpcRoutes cloudasset.assets.exportNetworkServicesHttpRoutes cloudasset.assets.exportNetworkServicesMeshes cloudasset.assets.exportNetworkServicesServiceBindings cloudasset.assets.exportNetworkServicesTcpRoutes cloudasset.assets.exportNetworkServicesTlsRoutes cloudasset.assets.exportOSConfigOSPolicyAssignmentReports cloudasset.assets.exportOSConfigOSPolicyAssignments cloudasset.assets.exportOSConfigVulnerabilityReports cloudasset.assets.exportPatchDeployments cloudasset.assets.exportPubsubSnapshots cloudasset.assets.exportPubsubSubscriptions cloudasset.assets.exportPubsubTopics cloudasset.assets.exportRedisInstances cloudasset.assets.exportServiceDirectoryNamespaces cloudasset.assets.exportServicePerimeter cloudasset.assets.exportServiceconsumermanagementConsumerProperty cloudasset.assets.exportServiceconsumermanagementConsumerQuotaLimits cloudasset.assets.exportServiceconsumermanagementConsumers cloudasset.assets.exportServiceconsumermanagementProducerOverrides cloudasset.assets.exportServiceconsumermanagementTenancyUnits cloudasset.assets.exportServiceconsumermanagementVisibility cloudasset.assets.exportServicemanagementServices cloudasset.assets.exportServiceusageAdminOverrides cloudasset.assets.exportServiceusageConsumerOverrides cloudasset.assets.exportServiceusageServices cloudasset.assets.exportSpannerBackups cloudasset.assets.exportSpannerDatabases cloudasset.assets.exportSpannerInstances cloudasset.assets.exportSpeakerIdPhrases cloudasset.assets.exportSpeakerIdSettings cloudasset.assets.exportSpeakerIdSpeakers cloudasset.assets.exportSpeechCustomClasses cloudasset.assets.exportSpeechPhraseSets cloudasset.assets.exportSqladminBackupRuns cloudasset.assets.exportSqladminInstances cloudasset.assets.exportStorageBuckets cloudasset.assets.exportTpuNodes cloudasset.assets.exportVpcaccessConnector cloudasset.assets.listAccessLevel cloudasset.assets.listAiplatformBatchPredictionJobs cloudasset.assets.listAiplatformCustomJobs cloudasset.assets.listAiplatformDataLabelingJobs cloudasset.assets.listAiplatformDatasets cloudasset.assets.listAiplatformEndpoints cloudasset.assets.listAiplatformHyperparameterTuningJobs cloudasset.assets.listAiplatformMetadataStores cloudasset.assets.listAiplatformModelDeploymentMonitoringJobs cloudasset.assets.listAiplatformModels cloudasset.assets.listAiplatformPipelineJobs cloudasset.assets.listAiplatformSpecialistPools cloudasset.assets.listAiplatformTrainingPipelines cloudasset.assets.listAllAccessPolicy cloudasset.assets.listAnthosConnectedCluster cloudasset.assets.listAnthosedgeCluster cloudasset.assets.listApigatewayApi cloudasset.assets.listApigatewayApiConfig cloudasset.assets.listApigatewayGateway cloudasset.assets.listApikeysKeys cloudasset.assets.listAppengineApplications cloudasset.assets.listAppengineServices cloudasset.assets.listAppengineVersions cloudasset.assets.listArtifactregistryDockerImages cloudasset.assets.listArtifactregistryRepositories cloudasset.assets.listAssuredWorkloadsWorkloads cloudasset.assets.listBeyondCorpApiGateways cloudasset.assets.listBeyondCorpAppConnections cloudasset.assets.listBeyondCorpAppConnectors cloudasset.assets.listBeyondCorpClientConnectorServices cloudasset.assets.listBeyondCorpClientGateways cloudasset.assets.listBigqueryDatasets cloudasset.assets.listBigqueryModels cloudasset.assets.listBigqueryTables cloudasset.assets.listBigtableAppProfile cloudasset.assets.listBigtableBackup cloudasset.assets.listBigtableCluster cloudasset.assets.listBigtableInstance cloudasset.assets.listBigtableTable cloudasset.assets.listCloudAssetFeeds cloudasset.assets.listCloudDeployDeliveryPipelines cloudasset.assets.listCloudDeployReleases cloudasset.assets.listCloudDeployRollouts cloudasset.assets.listCloudDeployTargets cloudasset.assets.listCloudDocumentAIEvaluation cloudasset.assets.listCloudDocumentAIHumanReviewConfig cloudasset.assets.listCloudDocumentAILabelerPool cloudasset.assets.listCloudDocumentAIProcessor cloudasset.assets.listCloudDocumentAIProcessorVersion cloudasset.assets.listCloudbillingBillingAccounts cloudasset.assets.listCloudbillingProjectBillingInfos cloudasset.assets.listCloudfunctionsFunctions cloudasset.assets.listCloudfunctionsGen2Functions cloudasset.assets.listCloudkmsCryptoKeyVersions cloudasset.assets.listCloudkmsEkmConnections cloudasset.assets.listCloudkmsImportJobs cloudasset.assets.listCloudkmsKeyRings cloudasset.assets.listCloudmemcacheInstances cloudasset.assets.listCloudresourcemanagerFolders cloudasset.assets.listCloudresourcemanagerOrganizations cloudasset.assets.listCloudresourcemanagerProjects cloudasset.assets.listCloudresourcemanagerTagBindings cloudasset.assets.listCloudresourcemanagerTagKeys cloudasset.assets.listCloudresourcemanagerTagValues cloudasset.assets.listComposerEnvironments cloudasset.assets.listComputeAddress cloudasset.assets.listComputeAutoscalers cloudasset.assets.listComputeBackendBuckets cloudasset.assets.listComputeBackendServices cloudasset.assets.listComputeCommitments cloudasset.assets.listComputeDisks cloudasset.assets.listComputeExternalVpnGateways cloudasset.assets.listComputeFirewallPolicies cloudasset.assets.listComputeFirewalls cloudasset.assets.listComputeForwardingRules cloudasset.assets.listComputeGlobalAddress cloudasset.assets.listComputeGlobalForwardingRules cloudasset.assets.listComputeHealthChecks cloudasset.assets.listComputeHttpHealthChecks cloudasset.assets.listComputeHttpsHealthChecks cloudasset.assets.listComputeImages cloudasset.assets.listComputeInstanceGroupManagers cloudasset.assets.listComputeInstanceGroups cloudasset.assets.listComputeInstanceTemplates cloudasset.assets.listComputeInstances cloudasset.assets.listComputeInterconnect cloudasset.assets.listComputeInterconnectAttachment cloudasset.assets.listComputeLicenses cloudasset.assets.listComputeNetworkEndpointGroups cloudasset.assets.listComputeNetworks cloudasset.assets.listComputeNodeGroups cloudasset.assets.listComputeNodeTemplates cloudasset.assets.listComputePacketMirrorings cloudasset.assets.listComputeProjects cloudasset.assets.listComputeRegionAutoscaler cloudasset.assets.listComputeRegionBackendServices cloudasset.assets.listComputeRegionDisk cloudasset.assets.listComputeRegionInstanceGroup cloudasset.assets.listComputeRegionInstanceGroupManager cloudasset.assets.listComputeReservations cloudasset.assets.listComputeResourcePolicies cloudasset.assets.listComputeRouters cloudasset.assets.listComputeRoutes cloudasset.assets.listComputeSecurityPolicy cloudasset.assets.listComputeServiceAttachments cloudasset.assets.listComputeSnapshots cloudasset.assets.listComputeSslCertificates cloudasset.assets.listComputeSslPolicies cloudasset.assets.listComputeSubnetworks cloudasset.assets.listComputeTargetHttpProxies cloudasset.assets.listComputeTargetHttpsProxies cloudasset.assets.listComputeTargetInstances cloudasset.assets.listComputeTargetPools cloudasset.assets.listComputeTargetSslProxies cloudasset.assets.listComputeTargetTcpProxies cloudasset.assets.listComputeTargetVpnGateways cloudasset.assets.listComputeUrlMaps cloudasset.assets.listComputeVpnGateways cloudasset.assets.listComputeVpnTunnels cloudasset.assets.listConnectorsConnections cloudasset.assets.listConnectorsConnectorVersions cloudasset.assets.listConnectorsConnectors cloudasset.assets.listConnectorsProviders cloudasset.assets.listConnectorsRuntimeConfigs cloudasset.assets.listContainerAppsDeployment cloudasset.assets.listContainerAppsReplicaSets cloudasset.assets.listContainerBatchJobs cloudasset.assets.listContainerClusterrole cloudasset.assets.listContainerClusterrolebinding cloudasset.assets.listContainerClusters cloudasset.assets.listContainerExtensionsIngresses cloudasset.assets.listContainerJobs cloudasset.assets.listContainerNamespace cloudasset.assets.listContainerNetworkingIngresses cloudasset.assets.listContainerNetworkingNetworkPolicies cloudasset.assets.listContainerNode cloudasset.assets.listContainerNodepool cloudasset.assets.listContainerPod cloudasset.assets.listContainerReplicaSets cloudasset.assets.listContainerRole cloudasset.assets.listContainerRolebinding cloudasset.assets.listContainerServices cloudasset.assets.listContainerregistryImage cloudasset.assets.listDataMigrationConnectionProfiles cloudasset.assets.listDataMigrationMigrationJobs cloudasset.assets.listDataflowJobs cloudasset.assets.listDatafusionInstance cloudasset.assets.listDataplexAssets cloudasset.assets.listDataplexLakes cloudasset.assets.listDataplexTasks cloudasset.assets.listDataplexZones cloudasset.assets.listDataprocAutoscalingPolicies cloudasset.assets.listDataprocBatches cloudasset.assets.listDataprocClusters cloudasset.assets.listDataprocJobs cloudasset.assets.listDataprocSessions cloudasset.assets.listDataprocWorkflowTemplates cloudasset.assets.listDatastreamConnectionProfile cloudasset.assets.listDatastreamPrivateConnection cloudasset.assets.listDatastreamStream cloudasset.assets.listDialogflowAgents cloudasset.assets.listDialogflowConversationProfiles cloudasset.assets.listDialogflowKnowledgeBases cloudasset.assets.listDialogflowLocationSettings cloudasset.assets.listDlpDeidentifyTemplates cloudasset.assets.listDlpDlpJobs cloudasset.assets.listDlpInspectTemplates cloudasset.assets.listDlpJobTriggers cloudasset.assets.listDlpStoredInfoTypes cloudasset.assets.listDnsManagedZones cloudasset.assets.listDnsPolicies cloudasset.assets.listDomainsRegistrations cloudasset.assets.listEventarcTriggers cloudasset.assets.listFileBackups cloudasset.assets.listFileInstances cloudasset.assets.listFirebaseAppInfos cloudasset.assets.listFirebaseProjects cloudasset.assets.listFirestoreDatabases cloudasset.assets.listGKEHubFeatures cloudasset.assets.listGKEHubMemberships cloudasset.assets.listGameservicesGameServerClusters cloudasset.assets.listGameservicesGameServerConfigs cloudasset.assets.listGameservicesGameServerDeployments cloudasset.assets.listGameservicesRealms cloudasset.assets.listGkeBackupBackupPlans cloudasset.assets.listGkeBackupBackups cloudasset.assets.listGkeBackupRestorePlans cloudasset.assets.listGkeBackupRestores cloudasset.assets.listGkeBackupVolumeBackups cloudasset.assets.listGkeBackupVolumeRestores cloudasset.assets.listHealthcareConsentStores cloudasset.assets.listHealthcareDatasets cloudasset.assets.listHealthcareDicomStores cloudasset.assets.listHealthcareFhirStores cloudasset.assets.listHealthcareHl7V2Stores cloudasset.assets.listIamRoles cloudasset.assets.listIamServiceAccountKeys cloudasset.assets.listIamServiceAccounts cloudasset.assets.listIdsEndpoints cloudasset.assets.listIntegrationsAuthConfigs cloudasset.assets.listIntegrationsCertificates cloudasset.assets.listIntegrationsExecutions cloudasset.assets.listIntegrationsIntegrationVersions cloudasset.assets.listIntegrationsIntegrations cloudasset.assets.listIntegrationsSfdcChannels cloudasset.assets.listIntegrationsSfdcInstances cloudasset.assets.listIntegrationsSuspensions cloudasset.assets.listManagedidentitiesDomain cloudasset.assets.listMetastoreBackups cloudasset.assets.listMetastoreMetadataImports cloudasset.assets.listMetastoreServices cloudasset.assets.listMonitoringAlertPolicies cloudasset.assets.listNetworkConnectivityHubs cloudasset.assets.listNetworkConnectivitySpokes cloudasset.assets.listNetworkManagementConnectivityTests cloudasset.assets.listNetworkServicesEndpointPolicies cloudasset.assets.listNetworkServicesGateways cloudasset.assets.listNetworkServicesGrpcRoutes cloudasset.assets.listNetworkServicesHttpRoutes cloudasset.assets.listNetworkServicesMeshes cloudasset.assets.listNetworkServicesServiceBindings cloudasset.assets.listNetworkServicesTcpRoutes cloudasset.assets.listNetworkServicesTlsRoutes cloudasset.assets.listOSConfigOSPolicyAssignmentReports cloudasset.assets.listOSConfigOSPolicyAssignments cloudasset.assets.listOSConfigVulnerabilityReports cloudasset.assets.listPatchDeployments cloudasset.assets.listPubsubSnapshots cloudasset.assets.listPubsubSubscriptions cloudasset.assets.listPubsubTopics cloudasset.assets.listRedisInstances cloudasset.assets.listRunDomainMapping cloudasset.assets.listRunRevision cloudasset.assets.listRunService cloudasset.assets.listServiceDirectoryNamespaces cloudasset.assets.listServicePerimeter cloudasset.assets.listServiceconsumermanagementConsumerProperty cloudasset.assets.listServiceconsumermanagementConsumerQuotaLimits cloudasset.assets.listServiceconsumermanagementConsumers cloudasset.assets.listServiceconsumermanagementProducerOverrides cloudasset.assets.listServiceconsumermanagementTenancyUnits cloudasset.assets.listServiceconsumermanagementVisibility cloudasset.assets.listServicemanagementServices cloudasset.assets.listServiceusageAdminOverrides cloudasset.assets.listServiceusageConsumerOverrides cloudasset.assets.listServiceusageServices cloudasset.assets.listSpannerBackups cloudasset.assets.listSpannerDatabases cloudasset.assets.listSpannerInstances cloudasset.assets.listSpeakerIdPhrases cloudasset.assets.listSpeakerIdSettings cloudasset.assets.listSpeakerIdSpeakers cloudasset.assets.listSpeechCustomClasses cloudasset.assets.listSpeechPhraseSets cloudasset.assets.listSqladminBackupRuns cloudasset.assets.listSqladminInstances cloudasset.assets.listStorageBuckets cloudasset.assets.listTpuNodes cloudasset.assets.listVpcaccessConnector |
Compute Engine | Added |
compute.serviceAttachments.getIamPolicy compute.serviceAttachments.setIamPolicy compute.serviceAttachments.use |
Compute Engine | Supported In Custom Roles |
compute.serviceAttachments.getIamPolicy compute.serviceAttachments.setIamPolicy compute.serviceAttachments.use |
Looker Studio | Added |
datastudio.datasources.delete datastudio.datasources.get datastudio.datasources.getIamPolicy datastudio.datasources.move datastudio.datasources.restoreTrash datastudio.datasources.search datastudio.datasources.setIamPolicy datastudio.datasources.settingsShare datastudio.datasources.share datastudio.datasources.trash datastudio.datasources.update datastudio.reports.delete datastudio.reports.get datastudio.reports.getIamPolicy datastudio.reports.move datastudio.reports.restoreTrash datastudio.reports.search datastudio.reports.setIamPolicy datastudio.reports.settingsShare datastudio.reports.share datastudio.reports.trash datastudio.reports.update datastudio.workspaces.createUnder datastudio.workspaces.delete datastudio.workspaces.get datastudio.workspaces.getIamPolicy datastudio.workspaces.moveIn datastudio.workspaces.moveOut datastudio.workspaces.restoreTrash datastudio.workspaces.search datastudio.workspaces.setIamPolicy datastudio.workspaces.trash datastudio.workspaces.update |
Enterprise Knowledge Graph | Added |
enterpriseknowledgegraph.entityReconciliationJobs.cancel enterpriseknowledgegraph.entityReconciliationJobs.create enterpriseknowledgegraph.entityReconciliationJobs.delete enterpriseknowledgegraph.entityReconciliationJobs.get enterpriseknowledgegraph.entityReconciliationJobs.list |
Enterprise Knowledge Graph | Supported In Custom Roles |
enterpriseknowledgegraph.entityReconciliationJobs.delete |
Google Distributed Cloud | Added |
gkeonprem.bareMetalClusters.queryVersionConfig gkeonprem.vmwareClusters.queryVersionConfig |
Google Distributed Cloud | Supported In Custom Roles |
gkeonprem.bareMetalClusters.queryVersionConfig gkeonprem.vmwareClusters.queryVersionConfig |
Google Distributed Cloud | Now GA |
gkeonprem.bareMetalClusters.queryVersionConfig gkeonprem.vmwareClusters.queryVersionConfig |
Managed Service for Microsoft Active Directory | Added |
managedidentities.domains.checkMigrationPermission managedidentities.domains.disableMigration managedidentities.domains.enableMigration |
Dataproc Metastore | Added |
metastore.backups.getIamPolicy metastore.backups.setIamPolicy |
Dataproc Metastore | Supported In Custom Roles |
metastore.backups.getIamPolicy metastore.backups.setIamPolicy |
Dataproc Metastore | Now GA |
metastore.backups.getIamPolicy metastore.backups.setIamPolicy |
Public Certificate Authority | Added |
publicca.externalAccountKeys.create |
Recommender | Added |
recommender.computeFirewallInsightTypeConfigs.get recommender.computeFirewallInsightTypeConfigs.update recommender.gmpGuidedExperienceInsights.get recommender.gmpGuidedExperienceInsights.list recommender.gmpGuidedExperienceInsights.update recommender.gmpGuidedExperienceRecommendations.get recommender.gmpGuidedExperienceRecommendations.list recommender.gmpGuidedExperienceRecommendations.update |
Recommender | Supported In Custom Roles |
recommender.computeFirewallInsightTypeConfigs.get recommender.computeFirewallInsightTypeConfigs.update recommender.gmpGuidedExperienceInsights.get recommender.gmpGuidedExperienceInsights.list recommender.gmpGuidedExperienceInsights.update recommender.gmpGuidedExperienceRecommendations.get recommender.gmpGuidedExperienceRecommendations.list recommender.gmpGuidedExperienceRecommendations.update |
Recommender | Now GA |
recommender.computeFirewallInsightTypeConfigs.get recommender.computeFirewallInsightTypeConfigs.update recommender.gmpGuidedExperienceInsights.get recommender.gmpGuidedExperienceInsights.list recommender.gmpGuidedExperienceInsights.update recommender.gmpGuidedExperienceRecommendations.get recommender.gmpGuidedExperienceRecommendations.list recommender.gmpGuidedExperienceRecommendations.update |
Service Networking | Added |
servicenetworking.services.addDnsRecordSet servicenetworking.services.addDnsZone servicenetworking.services.deleteConnection servicenetworking.services.disableVpcServiceControls servicenetworking.services.enableVpcServiceControls servicenetworking.services.getConsumerConfig servicenetworking.services.removeDnsRecordSet servicenetworking.services.removeDnsZone servicenetworking.services.updateConsumerConfig servicenetworking.services.updateDnsRecordSet |
Service Networking | Supported In Custom Roles |
servicenetworking.services.addDnsRecordSet servicenetworking.services.addDnsZone servicenetworking.services.deleteConnection servicenetworking.services.disableVpcServiceControls servicenetworking.services.enableVpcServiceControls servicenetworking.services.getConsumerConfig servicenetworking.services.removeDnsRecordSet servicenetworking.services.removeDnsZone servicenetworking.services.updateConsumerConfig servicenetworking.services.updateDnsRecordSet |
Spanner | Added |
spanner.instanceConfigOperations.cancel spanner.instanceConfigOperations.delete spanner.instanceConfigOperations.get spanner.instanceConfigOperations.list spanner.instanceConfigs.create spanner.instanceConfigs.delete spanner.instanceConfigs.update |
Spanner | Supported In Custom Roles |
spanner.instanceConfigOperations.cancel spanner.instanceConfigOperations.delete spanner.instanceConfigOperations.get spanner.instanceConfigOperations.list spanner.instanceConfigs.create spanner.instanceConfigs.delete spanner.instanceConfigs.update |
Spanner | Now GA |
spanner.instanceConfigOperations.cancel spanner.instanceConfigOperations.delete spanner.instanceConfigOperations.get spanner.instanceConfigOperations.list spanner.instanceConfigs.create spanner.instanceConfigs.delete spanner.instanceConfigs.update |
Video Stitcher API | Now GA |
videostitcher.cdnKeys.create videostitcher.cdnKeys.delete videostitcher.cdnKeys.get videostitcher.cdnKeys.list videostitcher.cdnKeys.update videostitcher.liveAdTagDetails.get videostitcher.liveAdTagDetails.list videostitcher.liveSessions.create videostitcher.liveSessions.get videostitcher.slates.create videostitcher.slates.delete videostitcher.slates.get videostitcher.slates.list videostitcher.slates.update videostitcher.vodAdTagDetails.get videostitcher.vodAdTagDetails.list videostitcher.vodSessions.create videostitcher.vodSessions.get videostitcher.vodStitchDetails.get videostitcher.vodStitchDetails.list |
Vision AI | Added |
visionai.analyses.create visionai.analyses.delete visionai.analyses.get visionai.analyses.getIamPolicy visionai.analyses.list visionai.analyses.setIamPolicy visionai.analyses.update visionai.annotations.create visionai.annotations.delete visionai.annotations.get visionai.annotations.list visionai.annotations.update visionai.applications.create visionai.applications.delete visionai.applications.deploy visionai.applications.get visionai.applications.list visionai.applications.undeploy visionai.applications.update visionai.assets.clip visionai.assets.create visionai.assets.delete visionai.assets.generateHlsUri visionai.assets.get visionai.assets.ingest visionai.assets.list visionai.assets.search visionai.assets.update visionai.clusters.create visionai.clusters.delete visionai.clusters.get visionai.clusters.getIamPolicy visionai.clusters.list visionai.clusters.setIamPolicy visionai.clusters.update visionai.clusters.watch visionai.corpora.create visionai.corpora.delete visionai.corpora.get visionai.corpora.list visionai.corpora.update visionai.dataSchemas.create visionai.dataSchemas.delete visionai.dataSchemas.get visionai.dataSchemas.list visionai.dataSchemas.update visionai.dataSchemas.validate visionai.drafts.create visionai.drafts.delete visionai.drafts.get visionai.drafts.list visionai.drafts.update visionai.events.create visionai.events.delete visionai.events.get visionai.events.getIamPolicy visionai.events.list visionai.events.setIamPolicy visionai.events.update visionai.instances.get visionai.instances.list visionai.locations.get visionai.locations.list visionai.operations.cancel visionai.operations.delete visionai.operations.get visionai.operations.list visionai.operations.wait visionai.operators.create visionai.operators.delete visionai.operators.get visionai.operators.getIamPolicy visionai.operators.list visionai.operators.setIamPolicy visionai.operators.update visionai.processors.create visionai.processors.delete visionai.processors.get visionai.processors.list visionai.processors.listPrebuilt visionai.processors.update visionai.searchConfigs.create visionai.searchConfigs.delete visionai.searchConfigs.get visionai.searchConfigs.list visionai.searchConfigs.update visionai.series.acquireLease visionai.series.create visionai.series.delete visionai.series.get visionai.series.getIamPolicy visionai.series.list visionai.series.receive visionai.series.releaseLease visionai.series.renewLease visionai.series.send visionai.series.setIamPolicy visionai.series.update visionai.streams.create visionai.streams.delete visionai.streams.get visionai.streams.getIamPolicy visionai.streams.list visionai.streams.receive visionai.streams.send visionai.streams.setIamPolicy visionai.streams.update |
Vision AI | Supported In Custom Roles |
visionai.analyses.create visionai.analyses.delete visionai.analyses.get visionai.analyses.getIamPolicy visionai.analyses.list visionai.analyses.setIamPolicy visionai.analyses.update visionai.applications.create visionai.applications.delete visionai.applications.deploy visionai.applications.get visionai.applications.list visionai.applications.undeploy visionai.applications.update visionai.clusters.create visionai.clusters.delete visionai.clusters.get visionai.clusters.getIamPolicy visionai.clusters.list visionai.clusters.setIamPolicy visionai.clusters.update visionai.drafts.create visionai.drafts.delete visionai.drafts.get visionai.drafts.list visionai.drafts.update visionai.events.create visionai.events.delete visionai.events.get visionai.events.getIamPolicy visionai.events.list visionai.events.setIamPolicy visionai.events.update visionai.instances.get visionai.instances.list visionai.locations.get visionai.locations.list visionai.operators.create visionai.operators.delete visionai.operators.get visionai.operators.getIamPolicy visionai.operators.list visionai.operators.setIamPolicy visionai.operators.update visionai.processors.create visionai.processors.delete visionai.processors.get visionai.processors.list visionai.processors.listPrebuilt visionai.processors.update visionai.series.create visionai.series.delete visionai.series.get visionai.series.getIamPolicy visionai.series.list visionai.series.setIamPolicy visionai.series.update visionai.streams.create visionai.streams.delete visionai.streams.get visionai.streams.getIamPolicy visionai.streams.list visionai.streams.setIamPolicy visionai.streams.update |
Cloud IAM changes as of 2022-09-23
Service | Change | Description |
---|---|---|
Bare Metal Solution | Now GA |
The role |
Bare Metal Solution | Now GA |
The role |
Bare Metal Solution | Now GA |
The role |
Content Warehouse | Now GA |
The role |
Content Warehouse | Now GA |
The role |
Content Warehouse | Now GA |
The role |
Content Warehouse | Now GA |
The role |
Content Warehouse | Now GA |
The role |
Content Warehouse | Now GA |
The role |
Basic Role | Role Updated |
The following permissions have been removed from the role workstations.workstations.use |
Multi-Cluster Ingress | Role Updated |
The following permissions have been added to the role serviceusage.services.use |
Basic Role | Role Updated |
The following permissions have been removed from the role workstations.workstations.use |
Cloud Workstations | Role Updated |
The following permissions have been removed from the role workstations.workstations.use |
Bare Metal Solution | Added |
baremetalsolution.nfsshares.create baremetalsolution.nfsshares.delete |
Bare Metal Solution | Supported In Custom Roles |
baremetalsolution.nfsshares.create baremetalsolution.nfsshares.delete |
Bare Metal Solution | Now GA |
baremetalsolution.nfsshares.create baremetalsolution.nfsshares.delete |
Compute Engine | Added |
compute.networkEdgeSecurityServices.create compute.networkEdgeSecurityServices.delete compute.networkEdgeSecurityServices.get compute.networkEdgeSecurityServices.list compute.networkEdgeSecurityServices.update compute.regionSecurityPolicies.create compute.regionSecurityPolicies.delete compute.regionSecurityPolicies.get compute.regionSecurityPolicies.list compute.regionSecurityPolicies.update compute.regionSecurityPolicies.use compute.securityPolicies.setLabels |
Compute Engine | Supported In Custom Roles |
compute.securityPolicies.setLabels |
Compute Engine | Now GA |
compute.disks.listEffectiveTags compute.images.listEffectiveTags compute.instances.listEffectiveTags compute.securityPolicies.setLabels compute.snapshots.listEffectiveTags |
Container Security | Added |
containersecurity.findings.list |
Content Warehouse | Now GA |
contentwarehouse.documentSchemas.create contentwarehouse.documentSchemas.delete contentwarehouse.documentSchemas.get contentwarehouse.documentSchemas.list contentwarehouse.documentSchemas.update contentwarehouse.documents.create contentwarehouse.documents.delete contentwarehouse.documents.get contentwarehouse.documents.getIamPolicy contentwarehouse.documents.setIamPolicy contentwarehouse.documents.update contentwarehouse.locations.initialize contentwarehouse.operations.get contentwarehouse.rawDocuments.download contentwarehouse.rawDocuments.upload contentwarehouse.ruleSets.create contentwarehouse.ruleSets.delete contentwarehouse.ruleSets.get contentwarehouse.ruleSets.list contentwarehouse.ruleSets.update contentwarehouse.synonymSets.create contentwarehouse.synonymSets.delete contentwarehouse.synonymSets.get contentwarehouse.synonymSets.list contentwarehouse.synonymSets.update |
Document AI | Added |
documentai.evaluationDocuments.get |
Managed Service for Microsoft Active Directory | Now GA |
managedidentities.domains.extendSchema |
Organization Policy Service | Added |
orgpolicy.customConstraints.create orgpolicy.customConstraints.delete orgpolicy.customConstraints.get orgpolicy.customConstraints.list orgpolicy.customConstraints.update |
Organization Policy Service | Supported In Custom Roles |
orgpolicy.customConstraints.get orgpolicy.customConstraints.list |
Recommender | Added |
recommender.resourcemanagerProjectUtilizationInsightTypeConfigs.get recommender.resourcemanagerProjectUtilizationInsightTypeConfigs.update recommender.resourcemanagerProjectUtilizationRecommenderConfigs.get recommender.resourcemanagerProjectUtilizationRecommenderConfigs.update |
Recommender | Supported In Custom Roles |
recommender.resourcemanagerProjectUtilizationInsightTypeConfigs.get recommender.resourcemanagerProjectUtilizationInsightTypeConfigs.update recommender.resourcemanagerProjectUtilizationRecommenderConfigs.get recommender.resourcemanagerProjectUtilizationRecommenderConfigs.update |
Resource Manager | Now GA |
resourcemanager.hierarchyNodes.listEffectiveTags |
Cloud IAM changes as of 2022-09-10
Service | Change | Description |
---|---|---|
Apigee | Role Updated |
The following permissions have been added to the role apigee.developers.delete |
Dialogflow | Role Updated |
The following permissions have been added to the role bigquery.tables.get bigquery.tables.updateData |
GKE Hub | Role Updated |
The following permissions have been added to the role monitoring.metricsScopes.link resourcemanager.projects.get resourcemanager.projects.list |
Cloud Monitoring | Role Updated |
The following permissions have been added to the role monitoring.metricDescriptors.get monitoring.metricDescriptors.list monitoring.monitoredResourceDescriptors.get monitoring.monitoredResourceDescriptors.list |
Storage Transfer Service | Now GA |
The role |
Access Approval | Added |
accessapproval.serviceAccounts.get |
Document AI | Added |
documentai.dataLabelingJobs.cancel documentai.dataLabelingJobs.create documentai.dataLabelingJobs.delete documentai.dataLabelingJobs.list documentai.dataLabelingJobs.update documentai.datasets.createDocuments documentai.datasets.deleteDocuments documentai.datasets.getDocuments documentai.datasets.listDocuments documentai.datasets.updateDocuments |
Notebooks | Added |
notebooks.instances.diagnose notebooks.runtimes.diagnose |
Notebooks | Now GA |
notebooks.instances.diagnose notebooks.runtimes.diagnose |
Recommender | Added |
recommender.networkAnalyzerCloudSqlInsights.get recommender.networkAnalyzerCloudSqlInsights.list recommender.networkAnalyzerCloudSqlInsights.update recommender.networkAnalyzerDynamicRouteInsights.get recommender.networkAnalyzerDynamicRouteInsights.list recommender.networkAnalyzerDynamicRouteInsights.update recommender.networkAnalyzerGkeConnectivityInsights.get recommender.networkAnalyzerGkeConnectivityInsights.list recommender.networkAnalyzerGkeConnectivityInsights.update recommender.networkAnalyzerGkeIpAddressInsights.get recommender.networkAnalyzerGkeIpAddressInsights.list recommender.networkAnalyzerGkeIpAddressInsights.update recommender.networkAnalyzerIpAddressInsights.get recommender.networkAnalyzerIpAddressInsights.list recommender.networkAnalyzerIpAddressInsights.update recommender.networkAnalyzerLoadBalancerInsights.get recommender.networkAnalyzerLoadBalancerInsights.list recommender.networkAnalyzerLoadBalancerInsights.update recommender.networkAnalyzerVpcConnectivityInsights.get recommender.networkAnalyzerVpcConnectivityInsights.list recommender.networkAnalyzerVpcConnectivityInsights.update |
Recommender | Supported In Custom Roles |
recommender.networkAnalyzerCloudSqlInsights.get recommender.networkAnalyzerCloudSqlInsights.list recommender.networkAnalyzerCloudSqlInsights.update recommender.networkAnalyzerDynamicRouteInsights.get recommender.networkAnalyzerDynamicRouteInsights.list recommender.networkAnalyzerDynamicRouteInsights.update recommender.networkAnalyzerGkeConnectivityInsights.get recommender.networkAnalyzerGkeConnectivityInsights.list recommender.networkAnalyzerGkeConnectivityInsights.update recommender.networkAnalyzerGkeIpAddressInsights.get recommender.networkAnalyzerGkeIpAddressInsights.list recommender.networkAnalyzerGkeIpAddressInsights.update recommender.networkAnalyzerIpAddressInsights.get recommender.networkAnalyzerIpAddressInsights.list recommender.networkAnalyzerIpAddressInsights.update recommender.networkAnalyzerLoadBalancerInsights.get recommender.networkAnalyzerLoadBalancerInsights.list recommender.networkAnalyzerLoadBalancerInsights.update recommender.networkAnalyzerVpcConnectivityInsights.get recommender.networkAnalyzerVpcConnectivityInsights.list recommender.networkAnalyzerVpcConnectivityInsights.update |
Cloud IAM changes as of 2022-09-02
Service | Change | Description |
---|---|---|
Compute Engine | Role Updated |
The following permissions have been added to the role compute.backendBuckets.list compute.backendServices.list compute.instances.list compute.regionBackendServices.list compute.targetInstances.list compute.targetPools.list |
Dataplex | Role Updated |
The following permissions have been added to the role dataplex.environments.execute |
Basic Role | Role Updated |
The following permissions have been added to the role batch.jobs.create |
Firebase App Distribution | Now GA |
The role |
Firebase App Distribution | Now GA |
The role |
Google Distributed Cloud | Now GA |
The role |
Google Distributed Cloud | Now GA |
The role |
Rapid Migration Assessment | Now GA |
The role |
Spanner | Now GA |
The role |
Spanner | Now GA |
The role |
Stream | Now GA |
The role |
Stream | Now GA |
The role |
Stream | Now GA |
The role |
Stream | Now GA |
The role |
Stream | Now GA |
The role |
Data Catalog | Added |
datacatalog.entries.updateContacts datacatalog.entries.updateOverview |
Data Catalog | Supported In Custom Roles |
datacatalog.entries.updateContacts datacatalog.entries.updateOverview |
Firebase App Distribution | Now GA |
firebaseappdistro.groups.list firebaseappdistro.groups.update firebaseappdistro.releases.list firebaseappdistro.releases.update firebaseappdistro.testers.list firebaseappdistro.testers.update |
Google Distributed Cloud | Now GA |
gkeonprem.bareMetalClusters.create gkeonprem.bareMetalClusters.delete gkeonprem.bareMetalClusters.enroll gkeonprem.bareMetalClusters.get gkeonprem.bareMetalClusters.getIamPolicy gkeonprem.bareMetalClusters.list gkeonprem.bareMetalClusters.setIamPolicy gkeonprem.bareMetalClusters.unenroll gkeonprem.bareMetalClusters.update gkeonprem.bareMetalNodePools.create gkeonprem.bareMetalNodePools.delete gkeonprem.bareMetalNodePools.get gkeonprem.bareMetalNodePools.getIamPolicy gkeonprem.bareMetalNodePools.list gkeonprem.bareMetalNodePools.setIamPolicy gkeonprem.bareMetalNodePools.update gkeonprem.locations.get gkeonprem.locations.list gkeonprem.operations.cancel gkeonprem.operations.delete gkeonprem.operations.get gkeonprem.operations.list gkeonprem.vmwareClusters.create gkeonprem.vmwareClusters.delete gkeonprem.vmwareClusters.enroll gkeonprem.vmwareClusters.get gkeonprem.vmwareClusters.getIamPolicy gkeonprem.vmwareClusters.list gkeonprem.vmwareClusters.setIamPolicy gkeonprem.vmwareClusters.unenroll gkeonprem.vmwareClusters.update gkeonprem.vmwareNodePools.create gkeonprem.vmwareNodePools.delete gkeonprem.vmwareNodePools.get gkeonprem.vmwareNodePools.getIamPolicy gkeonprem.vmwareNodePools.list gkeonprem.vmwareNodePools.setIamPolicy gkeonprem.vmwareNodePools.update |
Payment Gateway issuer switch | Added |
issuerswitch.complaintTransactions.list issuerswitch.complaints.create issuerswitch.complaints.resolve issuerswitch.disputes.create issuerswitch.disputes.resolve issuerswitch.financialTransactions.list issuerswitch.mandateTransactions.list issuerswitch.metadataTransactions.list issuerswitch.operations.cancel issuerswitch.operations.delete issuerswitch.operations.get issuerswitch.operations.list issuerswitch.operations.wait issuerswitch.ruleMetadata.list issuerswitch.ruleMetadataValues.create issuerswitch.ruleMetadataValues.delete issuerswitch.ruleMetadataValues.list issuerswitch.rules.list |
Recommender | Added |
recommender.cloudsqlInstanceSecurityInsights.get recommender.cloudsqlInstanceSecurityInsights.list recommender.cloudsqlInstanceSecurityInsights.update recommender.cloudsqlInstanceSecurityRecommendations.get recommender.cloudsqlInstanceSecurityRecommendations.list recommender.cloudsqlInstanceSecurityRecommendations.update |
Recommender | Supported In Custom Roles |
recommender.cloudsqlInstanceSecurityInsights.get recommender.cloudsqlInstanceSecurityInsights.list recommender.cloudsqlInstanceSecurityInsights.update recommender.cloudsqlInstanceSecurityRecommendations.get recommender.cloudsqlInstanceSecurityRecommendations.list recommender.cloudsqlInstanceSecurityRecommendations.update |
Rapid Migration Assessment | Added |
rma.annotations.create rma.annotations.get rma.collectors.create rma.collectors.delete rma.collectors.get rma.collectors.list rma.collectors.update rma.locations.get rma.locations.list rma.operations.cancel rma.operations.delete rma.operations.get rma.operations.list |
Rapid Migration Assessment | Supported In Custom Roles |
rma.annotations.create rma.annotations.get rma.collectors.create rma.collectors.delete rma.collectors.get rma.collectors.list rma.collectors.update rma.locations.get rma.locations.list rma.operations.cancel rma.operations.delete rma.operations.get rma.operations.list |
Spanner | Added |
spanner.databaseRoles.list spanner.databaseRoles.use spanner.databases.useRoleBasedAccess |
Spanner | Now GA |
spanner.databaseRoles.list spanner.databaseRoles.use spanner.databases.useRoleBasedAccess |
Speech-to-Text | Added |
speech.config.get speech.config.update speech.customClasses.undelete speech.operations.cancel speech.operations.delete speech.operations.get speech.operations.list speech.operations.wait speech.phraseSets.undelete speech.recognizers.create speech.recognizers.delete speech.recognizers.get speech.recognizers.list speech.recognizers.recognize speech.recognizers.undelete speech.recognizers.update |
Speech-to-Text | Now GA |
speech.config.get speech.config.update speech.customClasses.undelete speech.operations.cancel speech.operations.delete speech.operations.get speech.operations.list speech.operations.wait speech.phraseSets.undelete speech.recognizers.create speech.recognizers.delete speech.recognizers.get speech.recognizers.list speech.recognizers.recognize speech.recognizers.undelete speech.recognizers.update |
Stream | Added |
stream.locations.get stream.locations.list stream.operations.cancel stream.operations.delete stream.operations.get stream.operations.list stream.streamContents.build stream.streamContents.create stream.streamContents.delete stream.streamContents.get stream.streamContents.list stream.streamContents.update stream.streamInstances.create stream.streamInstances.delete stream.streamInstances.get stream.streamInstances.list stream.streamInstances.rollout stream.streamInstances.update |
Stream | Supported In Custom Roles |
stream.locations.get stream.locations.list stream.operations.cancel stream.operations.delete stream.operations.get stream.operations.list stream.streamContents.build stream.streamContents.create stream.streamContents.delete stream.streamContents.get stream.streamContents.list stream.streamContents.update stream.streamInstances.create stream.streamInstances.delete stream.streamInstances.get stream.streamInstances.list stream.streamInstances.rollout stream.streamInstances.update |
Stream | Now GA |
stream.locations.get stream.locations.list stream.operations.cancel stream.operations.delete stream.operations.get stream.operations.list stream.streamContents.build stream.streamContents.create stream.streamContents.delete stream.streamContents.get stream.streamContents.list stream.streamContents.update stream.streamInstances.create stream.streamInstances.delete stream.streamInstances.get stream.streamInstances.list stream.streamInstances.rollout stream.streamInstances.update |
Cloud IAM changes as of 2022-08-26
Service | Change | Description |
---|---|---|
App Engine | Now GA |
The role |
Container Threat Detection | Role Updated |
The following permissions have been added to the role container.clusterRoles.escalate container.customResourceDefinitions.create container.customResourceDefinitions.delete container.customResourceDefinitions.update container.roles.bind container.roles.create container.roles.delete container.roles.escalate container.roles.update |
Identity and Access Management | Now GA |
The role |
Cloud Integrations | Role Updated |
The following permissions have been added to the role run.jobs.run run.routes.invoke |
Workload Manager | Now GA |
The role |
Firebase In-App Messaging Campaigns | Added |
firebasemessagingcampaigns.campaigns.create firebasemessagingcampaigns.campaigns.delete firebasemessagingcampaigns.campaigns.get firebasemessagingcampaigns.campaigns.list firebasemessagingcampaigns.campaigns.start firebasemessagingcampaigns.campaigns.stop firebasemessagingcampaigns.campaigns.update |
Firebase In-App Messaging Campaigns | Supported In Custom Roles |
firebasemessagingcampaigns.campaigns.create firebasemessagingcampaigns.campaigns.delete firebasemessagingcampaigns.campaigns.get firebasemessagingcampaigns.campaigns.list firebasemessagingcampaigns.campaigns.start firebasemessagingcampaigns.campaigns.stop firebasemessagingcampaigns.campaigns.update |
Cloud Logging | Added |
logging.links.create logging.links.delete logging.links.get logging.links.list |
Recommender | Added |
recommender.cloudsqlInstancePerformanceInsights.get recommender.cloudsqlInstancePerformanceInsights.list recommender.cloudsqlInstancePerformanceInsights.update recommender.cloudsqlInstancePerformanceRecommendations.get recommender.cloudsqlInstancePerformanceRecommendations.list recommender.cloudsqlInstancePerformanceRecommendations.update |
Recommender | Supported In Custom Roles |
recommender.cloudsqlInstancePerformanceInsights.get recommender.cloudsqlInstancePerformanceInsights.list recommender.cloudsqlInstancePerformanceInsights.update recommender.cloudsqlInstancePerformanceRecommendations.get recommender.cloudsqlInstancePerformanceRecommendations.list recommender.cloudsqlInstancePerformanceRecommendations.update |
Retail API | Now GA |
retail.controls.create retail.controls.delete retail.controls.get retail.controls.list retail.controls.update retail.servingConfigs.create retail.servingConfigs.delete retail.servingConfigs.get retail.servingConfigs.list retail.servingConfigs.update |
Cloud IAM changes as of 2022-08-19
Service | Change | Description |
---|---|---|
Analytics Hub | Now GA |
The role |
Analytics Hub | Now GA |
The role |
Analytics Hub | Now GA |
The role |
Analytics Hub | Now GA |
The role |
Analytics Hub | Now GA |
The role |
Cloud Service Mesh | Role Updated |
The following permissions have been added to the role container.clusters.update container.operations.get gkehub.gateway.delete gkehub.gateway.get gkehub.gateway.patch gkehub.gateway.post gkehub.gateway.put logging.logEntries.create monitoring.metricDescriptors.create monitoring.metricDescriptors.get monitoring.metricDescriptors.list monitoring.monitoredResourceDescriptors.get monitoring.monitoredResourceDescriptors.list monitoring.timeSeries.create serviceusage.services.get serviceusage.services.use |
Recommendations | Role Updated |
The following permissions have been added to the role bigquery.tables.update |
Google Cloud Contact Center as a Service | Now GA |
The role |
Google Cloud Contact Center as a Service | Now GA |
The role |
Google Kubernetes Engine | Now GA |
The role |
Retail API | Role Updated |
The following permissions have been added to the role bigquery.tables.update |
Storage Transfer Service | Role Updated |
The following permissions have been added to the role monitoring.timeSeries.create |
Analytics Hub | Now GA |
analyticshub.dataExchanges.create analyticshub.dataExchanges.delete analyticshub.dataExchanges.get analyticshub.dataExchanges.getIamPolicy analyticshub.dataExchanges.list analyticshub.dataExchanges.setIamPolicy analyticshub.dataExchanges.update analyticshub.listings.create analyticshub.listings.delete analyticshub.listings.get analyticshub.listings.getIamPolicy analyticshub.listings.list analyticshub.listings.setIamPolicy analyticshub.listings.subscribe analyticshub.listings.update |
Bare Metal Solution | Added |
baremetalsolution.instances.detachLun |
Bare Metal Solution | Supported In Custom Roles |
baremetalsolution.instances.detachLun |
Bare Metal Solution | Now GA |
baremetalsolution.instances.detachLun |
Cloud Deploy | Added |
clouddeploy.jobRuns.get clouddeploy.jobRuns.list clouddeploy.rollouts.retryJob |
Cloud Deploy | Supported In Custom Roles |
clouddeploy.jobRuns.get clouddeploy.jobRuns.list clouddeploy.rollouts.retryJob |
Google Cloud Contact Center as a Service | Added |
contactcenteraiplatform.contactCenters.create contactcenteraiplatform.contactCenters.delete contactcenteraiplatform.contactCenters.get contactcenteraiplatform.contactCenters.list contactcenteraiplatform.contactCenters.update contactcenteraiplatform.locations.get contactcenteraiplatform.locations.list contactcenteraiplatform.operations.cancel contactcenteraiplatform.operations.delete contactcenteraiplatform.operations.get contactcenteraiplatform.operations.list |
Google Cloud Contact Center as a Service | Now GA |
contactcenteraiplatform.contactCenters.create contactcenteraiplatform.contactCenters.delete contactcenteraiplatform.contactCenters.get contactcenteraiplatform.contactCenters.list contactcenteraiplatform.contactCenters.update contactcenteraiplatform.locations.get contactcenteraiplatform.locations.list contactcenteraiplatform.operations.cancel contactcenteraiplatform.operations.delete contactcenteraiplatform.operations.get contactcenteraiplatform.operations.list |
Content Warehouse | Added |
contentwarehouse.operations.get |
Firebase | Added |
firebase.clients.undelete |
Firebase | Now GA |
firebase.clients.undelete |
Identity and Access Management | Added |
iam.workforcePoolProviders.create iam.workforcePoolProviders.delete iam.workforcePoolProviders.get iam.workforcePoolProviders.list iam.workforcePoolProviders.undelete iam.workforcePoolProviders.update iam.workforcePoolSubjects.delete iam.workforcePoolSubjects.undelete iam.workforcePools.create iam.workforcePools.delete iam.workforcePools.get iam.workforcePools.getIamPolicy iam.workforcePools.list iam.workforcePools.setIamPolicy iam.workforcePools.undelete iam.workforcePools.update |
Identity and Access Management | Supported In Custom Roles |
iam.workforcePoolProviders.create iam.workforcePoolProviders.delete iam.workforcePoolProviders.get iam.workforcePoolProviders.list iam.workforcePoolProviders.undelete iam.workforcePoolProviders.update iam.workforcePoolSubjects.delete iam.workforcePoolSubjects.undelete iam.workforcePools.create iam.workforcePools.delete iam.workforcePools.get iam.workforcePools.getIamPolicy iam.workforcePools.list iam.workforcePools.setIamPolicy iam.workforcePools.undelete iam.workforcePools.update |
Identity and Access Management | Added |
iam.googleapis.com/workforcePoolProviders.create iam.googleapis.com/workforcePoolProviders.delete iam.googleapis.com/workforcePoolProviders.get iam.googleapis.com/workforcePoolProviders.list iam.googleapis.com/workforcePoolProviders.undelete iam.googleapis.com/workforcePoolProviders.update iam.googleapis.com/workforcePoolSubjects.delete iam.googleapis.com/workforcePoolSubjects.undelete iam.googleapis.com/workforcePools.create iam.googleapis.com/workforcePools.delete iam.googleapis.com/workforcePools.get iam.googleapis.com/workforcePools.getIamPolicy iam.googleapis.com/workforcePools.list iam.googleapis.com/workforcePools.setIamPolicy iam.googleapis.com/workforcePools.undelete iam.googleapis.com/workforcePools.update |
Identity and Access Management | Supported In Custom Roles |
iam.googleapis.com/workforcePoolProviders.create iam.googleapis.com/workforcePoolProviders.delete iam.googleapis.com/workforcePoolProviders.get iam.googleapis.com/workforcePoolProviders.list iam.googleapis.com/workforcePoolProviders.undelete iam.googleapis.com/workforcePoolProviders.update iam.googleapis.com/workforcePoolSubjects.delete iam.googleapis.com/workforcePoolSubjects.undelete iam.googleapis.com/workforcePools.create iam.googleapis.com/workforcePools.delete iam.googleapis.com/workforcePools.get iam.googleapis.com/workforcePools.getIamPolicy iam.googleapis.com/workforcePools.list iam.googleapis.com/workforcePools.setIamPolicy iam.googleapis.com/workforcePools.undelete iam.googleapis.com/workforcePools.update |
VM Migration | Supported In Custom Roles |
vmmigration.cloneJobs.create vmmigration.cloneJobs.get vmmigration.cloneJobs.list vmmigration.cloneJobs.update vmmigration.cutoverJobs.create vmmigration.cutoverJobs.get vmmigration.cutoverJobs.list vmmigration.cutoverJobs.update vmmigration.datacenterConnectors.create vmmigration.datacenterConnectors.delete vmmigration.datacenterConnectors.get vmmigration.datacenterConnectors.list vmmigration.groups.create vmmigration.groups.delete vmmigration.groups.get vmmigration.groups.list vmmigration.groups.update vmmigration.locations.get vmmigration.locations.list vmmigration.migratingVms.create vmmigration.migratingVms.delete vmmigration.migratingVms.list vmmigration.migratingVms.update vmmigration.operations.cancel vmmigration.operations.delete vmmigration.operations.get vmmigration.operations.list vmmigration.sources.create vmmigration.sources.delete vmmigration.sources.get vmmigration.sources.list vmmigration.sources.update vmmigration.targets.create vmmigration.targets.delete vmmigration.targets.get vmmigration.targets.list vmmigration.targets.update vmmigration.utilizationReports.create vmmigration.utilizationReports.delete vmmigration.utilizationReports.get vmmigration.utilizationReports.list |
Workload Manager | Added |
workloadmanager.evaluations.create workloadmanager.evaluations.delete workloadmanager.evaluations.get workloadmanager.evaluations.list workloadmanager.evaluations.run workloadmanager.evaluations.update workloadmanager.executions.delete workloadmanager.executions.get workloadmanager.executions.list workloadmanager.locations.get workloadmanager.locations.list workloadmanager.operations.cancel workloadmanager.operations.delete workloadmanager.operations.get workloadmanager.operations.list workloadmanager.results.list workloadmanager.rules.list |
Workload Manager | Supported In Custom Roles |
workloadmanager.evaluations.create workloadmanager.evaluations.delete workloadmanager.evaluations.get workloadmanager.evaluations.list workloadmanager.evaluations.run workloadmanager.evaluations.update workloadmanager.executions.delete workloadmanager.executions.get workloadmanager.executions.list workloadmanager.locations.get workloadmanager.locations.list workloadmanager.operations.cancel workloadmanager.operations.delete workloadmanager.operations.get workloadmanager.operations.list workloadmanager.results.list workloadmanager.rules.list |
Cloud IAM changes as of 2022-08-12
Service | Change | Description |
---|---|---|
Vertex AI | Role Updated |
The following permissions have been added to the role bigquery.models.create bigquery.models.getData bigquery.readsessions.getData |
Connectors | Now GA |
The role |
Firebase App Check | Role Updated |
The following permissions have been added to the role serviceusage.services.use |
Cloud Integrations | Role Updated |
The following permissions have been added to the role connectors.actions.execute connectors.actions.list connectors.connections.executeSqlQuery connectors.entities.create connectors.entities.delete connectors.entities.deleteEntitiesWithConditions connectors.entities.get connectors.entities.list connectors.entities.update connectors.entities.updateEntitiesWithConditions connectors.entityTypes.list integrations.apigeeSuspensions.lift integrations.authConfigs.create integrations.authConfigs.delete integrations.authConfigs.get integrations.authConfigs.list integrations.authConfigs.update integrations.certificates.create integrations.certificates.delete integrations.certificates.get integrations.certificates.list integrations.certificates.update integrations.executions.list integrations.integrationVersions.create integrations.integrationVersions.delete integrations.integrationVersions.deploy integrations.integrationVersions.get integrations.integrationVersions.list integrations.integrationVersions.update integrations.integrations.create integrations.integrations.delete integrations.integrations.deploy integrations.integrations.get integrations.integrations.list integrations.integrations.update integrations.sfdcChannels.create integrations.sfdcChannels.delete integrations.sfdcChannels.get integrations.sfdcChannels.list integrations.sfdcChannels.update integrations.sfdcInstances.create integrations.sfdcInstances.delete integrations.sfdcInstances.get integrations.sfdcInstances.list integrations.sfdcInstances.update integrations.suspensions.lift integrations.suspensions.list integrations.suspensions.resolve pubsub.schemas.attach pubsub.schemas.create pubsub.schemas.delete pubsub.schemas.get pubsub.schemas.list pubsub.schemas.validate pubsub.snapshots.get pubsub.snapshots.list pubsub.snapshots.seek pubsub.topics.attachSubscription pubsub.topics.get pubsub.topics.list pubsub.topics.publish resourcemanager.projects.get resourcemanager.projects.list serviceusage.quotas.get serviceusage.services.get serviceusage.services.list |
Google Cloud Migration Center | Now GA |
The role |
Bigtable | Added |
bigtable.instances.createTagBinding bigtable.instances.deleteTagBinding bigtable.instances.listEffectiveTags bigtable.instances.listTagBindings |
Bigtable | Now GA |
bigtable.instances.createTagBinding bigtable.instances.deleteTagBinding bigtable.instances.listEffectiveTags bigtable.instances.listTagBindings |
Connectors | Added |
connectors.actions.execute connectors.actions.list connectors.connections.executeSqlQuery connectors.entities.create connectors.entities.delete connectors.entities.deleteEntitiesWithConditions connectors.entities.get connectors.entities.list connectors.entities.update connectors.entities.updateEntitiesWithConditions connectors.entityTypes.list |
Connectors | Supported In Custom Roles |
connectors.actions.execute connectors.actions.list connectors.connections.executeSqlQuery connectors.entities.create connectors.entities.delete connectors.entities.deleteEntitiesWithConditions connectors.entities.get connectors.entities.list connectors.entities.update connectors.entities.updateEntitiesWithConditions connectors.entityTypes.list |
Connectors | Now GA |
connectors.actions.execute connectors.actions.list connectors.connections.executeSqlQuery connectors.entities.create connectors.entities.delete connectors.entities.deleteEntitiesWithConditions connectors.entities.get connectors.entities.list connectors.entities.update connectors.entities.updateEntitiesWithConditions connectors.entityTypes.list |
Google Cloud Migration Center | Added |
migrationcenter.assets.create migrationcenter.assets.delete migrationcenter.assets.get migrationcenter.assets.list migrationcenter.assets.reportFrames migrationcenter.assets.update migrationcenter.groups.create migrationcenter.groups.delete migrationcenter.groups.get migrationcenter.groups.list migrationcenter.groups.update migrationcenter.importJobs.create migrationcenter.importJobs.delete migrationcenter.importJobs.get migrationcenter.importJobs.list migrationcenter.importJobs.update migrationcenter.locations.get migrationcenter.locations.list migrationcenter.operations.cancel migrationcenter.operations.delete migrationcenter.operations.get migrationcenter.operations.list migrationcenter.sources.create migrationcenter.sources.delete migrationcenter.sources.get migrationcenter.sources.list migrationcenter.sources.update |
Google Cloud Migration Center | Supported In Custom Roles |
migrationcenter.assets.create migrationcenter.assets.delete migrationcenter.assets.get migrationcenter.assets.list migrationcenter.assets.reportFrames migrationcenter.assets.update migrationcenter.groups.create migrationcenter.groups.delete migrationcenter.groups.get migrationcenter.groups.list migrationcenter.groups.update migrationcenter.importJobs.create migrationcenter.importJobs.delete migrationcenter.importJobs.get migrationcenter.importJobs.list migrationcenter.importJobs.update migrationcenter.locations.get migrationcenter.locations.list migrationcenter.operations.cancel migrationcenter.operations.delete migrationcenter.operations.get migrationcenter.operations.list migrationcenter.sources.create migrationcenter.sources.delete migrationcenter.sources.get migrationcenter.sources.list migrationcenter.sources.update |
Retail API | Now GA |
retail.attributesConfigs.addCatalogAttribute retail.attributesConfigs.get retail.attributesConfigs.removeCatalogAttribute retail.attributesConfigs.replaceCatalogAttribute retail.attributesConfigs.update |
Cloud IAM changes as of 2022-08-05
Service | Change | Description |
---|---|---|
Artifact Registry | Role Updated |
The following permissions have been added to the role artifactregistry.versions.delete |
Backup and Disaster Recovery | Now GA |
The role |
Backup and Disaster Recovery | Now GA |
The role |
Backup and Disaster Recovery | Now GA |
The role |
Multi-Cluster Ingress | Role Updated |
The following permissions have been added to the role container.customResourceDefinitions.list |
Backup and Disaster Recovery | Added |
backupdr.locations.get backupdr.locations.list backupdr.managementServers.backupAccess backupdr.managementServers.create backupdr.managementServers.delete backupdr.managementServers.get backupdr.managementServers.getIamPolicy backupdr.managementServers.list backupdr.managementServers.manageInternalACL backupdr.managementServers.setIamPolicy backupdr.operations.cancel backupdr.operations.delete backupdr.operations.get backupdr.operations.list |
Backup and Disaster Recovery | Supported In Custom Roles |
backupdr.locations.get backupdr.locations.list backupdr.managementServers.backupAccess backupdr.managementServers.create backupdr.managementServers.delete backupdr.managementServers.get backupdr.managementServers.getIamPolicy backupdr.managementServers.list backupdr.managementServers.manageInternalACL backupdr.managementServers.setIamPolicy backupdr.operations.cancel backupdr.operations.delete backupdr.operations.get backupdr.operations.list |
Backup and Disaster Recovery | Now GA |
backupdr.locations.get backupdr.locations.list backupdr.managementServers.backupAccess backupdr.managementServers.create backupdr.managementServers.delete backupdr.managementServers.get backupdr.managementServers.getIamPolicy backupdr.managementServers.list backupdr.managementServers.manageInternalACL backupdr.managementServers.setIamPolicy backupdr.operations.cancel backupdr.operations.delete backupdr.operations.get backupdr.operations.list |
Commerce Offer Catalog | Added |
commerceoffercatalog.documents.get |
Cloud Commerce Consumer Procurement | Added |
consumerprocurement.consents.check consumerprocurement.consents.grant consumerprocurement.consents.list consumerprocurement.consents.revoke |
Maps Admin | Added |
mapsadmin.styleSnapshots.list mapsadmin.styleSnapshots.update |
Maps Admin | Now GA |
mapsadmin.styleSnapshots.list mapsadmin.styleSnapshots.update |
Cloud IAM changes as of 2022-07-29
Service | Change | Description |
---|---|---|
Network Management API | Role Updated |
The following permissions have been added to the role resourcemanager.organizations.get |
Network Management API | Role Updated |
The following permissions have been added to the role resourcemanager.organizations.get |
Cloud Run | Role Updated |
The following permissions have been added to the role compute.networks.get |
Cloud Run | Role Updated |
The following permissions have been added to the role compute.networks.get |
Assured Workloads | Added |
assuredworkloads.violations.update |
Assured Workloads | Supported In Custom Roles |
assuredworkloads.violations.update |
Assured Workloads | Now GA |
assuredworkloads.violations.update |
Cloud Asset Inventory | Added |
cloudasset.assets.exportOSInventories |
Cloud Asset Inventory | Supported In Custom Roles |
cloudasset.assets.exportOSInventories |
Cloud Asset Inventory | Now GA |
cloudasset.assets.exportOSInventories |
Translation | Added |
cloudtranslate.glossaries.update cloudtranslate.glossaryentries.create cloudtranslate.glossaryentries.delete cloudtranslate.glossaryentries.get cloudtranslate.glossaryentries.list cloudtranslate.glossaryentries.update |
Translation | Supported In Custom Roles |
cloudtranslate.glossaries.update |
Translation | Now GA |
cloudtranslate.glossaries.update cloudtranslate.glossaryentries.create cloudtranslate.glossaryentries.delete cloudtranslate.glossaryentries.get cloudtranslate.glossaryentries.list cloudtranslate.glossaryentries.update |
Compute Engine | Added |
compute.regionTargetHttpsProxies.update compute.targetHttpsProxies.update |
Compute Engine | Now GA |
compute.regionTargetHttpsProxies.update compute.targetHttpsProxies.update |
Timeseries Insights API | Added |
timeseriesinsights.locations.get timeseriesinsights.locations.list |
Timeseries Insights API | Supported In Custom Roles |
timeseriesinsights.locations.get timeseriesinsights.locations.list |
Cloud IAM changes as of 2022-07-22
Service | Change | Description |
---|---|---|
Cloud Billing | Role Updated |
The following permissions have been added to the role cloudsupport.properties.get cloudsupport.techCases.create cloudsupport.techCases.escalate cloudsupport.techCases.get cloudsupport.techCases.list cloudsupport.techCases.update resourcemanager.projects.get resourcemanager.projects.list |
Workload Certificate | Role Updated |
The following permissions have been added to the role container.customResourceDefinitions.create container.customResourceDefinitions.get container.customResourceDefinitions.list |
Bare Metal Solution | Added |
baremetalsolution.volumes.resize |
Bare Metal Solution | Supported In Custom Roles |
baremetalsolution.volumes.resize |
Bare Metal Solution | Now GA |
baremetalsolution.volumes.resize |
Eventarc | Added |
eventarc.channels.attach eventarc.googleChannelConfigs.get eventarc.googleChannelConfigs.update |
Eventarc | Supported In Custom Roles |
eventarc.channels.attach eventarc.googleChannelConfigs.get eventarc.googleChannelConfigs.update |
Firebase Realtime Database | Added |
firebasedatabase.instances.delete firebasedatabase.instances.disable firebasedatabase.instances.reenable firebasedatabase.instances.undelete |
Firebase Realtime Database | Supported In Custom Roles |
firebasedatabase.instances.delete firebasedatabase.instances.disable firebasedatabase.instances.reenable firebasedatabase.instances.undelete |
Firebase Realtime Database | Now GA |
firebasedatabase.instances.delete firebasedatabase.instances.disable firebasedatabase.instances.reenable firebasedatabase.instances.undelete |
Retail API | Added |
retail.servingConfigs.predict retail.servingConfigs.search |
Cloud IAM changes as of 2022-07-15
Service | Change | Description |
---|---|---|
Vertex AI | Role Updated |
The following permissions have been added to the role aiplatform.entityTypes.getIamPolicy aiplatform.entityTypes.setIamPolicy aiplatform.featurestores.getIamPolicy aiplatform.featurestores.setIamPolicy |
Google Kubernetes Engine | Now GA |
The role |
Eventarc | Role Updated |
The following permissions have been added to the role cloudfunctions.functions.get |
Identity-Aware Proxy | Now GA |
The role |
Identity-Aware Proxy | Now GA |
The role |
Cloud Integrations | Now GA |
The role |
Cloud Integrations | Now GA |
The role |
Cloud Integrations | Now GA |
The role |
Cloud Integrations | Now GA |
The role |
Cloud Integrations | Now GA |
The role |
Cloud Integrations | Now GA |
The role |
Cloud Integrations | Now GA |
The role |
Cloud Integrations | Now GA |
The role |
Cloud Integrations | Now GA |
The role |
Cloud Integrations | Now GA |
The role |
Cloud Service Mesh control plane | Role Updated |
The following permissions have been added to the role container.clusters.update |
Visual Inspection AI | Role Updated |
The following permissions have been added to the role aiplatform.entityTypes.getIamPolicy aiplatform.entityTypes.setIamPolicy aiplatform.featurestores.getIamPolicy aiplatform.featurestores.setIamPolicy |
Vertex AI | Added |
aiplatform.entityTypes.deleteFeatureValues |
Chrome Enterprise Premium | Added |
beyondcorp.appConnections.create beyondcorp.appConnections.delete beyondcorp.appConnections.get beyondcorp.appConnections.getIamPolicy beyondcorp.appConnections.list beyondcorp.appConnections.setIamPolicy beyondcorp.appConnections.update beyondcorp.appConnectors.create beyondcorp.appConnectors.delete beyondcorp.appConnectors.get beyondcorp.appConnectors.getIamPolicy beyondcorp.appConnectors.list beyondcorp.appConnectors.reportStatus beyondcorp.appConnectors.setIamPolicy beyondcorp.appConnectors.update beyondcorp.appGateways.create beyondcorp.appGateways.delete beyondcorp.appGateways.get beyondcorp.appGateways.getIamPolicy beyondcorp.appGateways.list beyondcorp.appGateways.setIamPolicy beyondcorp.appGateways.update beyondcorp.clientConnectorServices.access beyondcorp.clientConnectorServices.create beyondcorp.clientConnectorServices.delete beyondcorp.clientConnectorServices.get beyondcorp.clientConnectorServices.getIamPolicy beyondcorp.clientConnectorServices.list beyondcorp.clientConnectorServices.setIamPolicy beyondcorp.clientConnectorServices.update beyondcorp.clientGateways.create beyondcorp.clientGateways.delete beyondcorp.clientGateways.get beyondcorp.clientGateways.getIamPolicy beyondcorp.clientGateways.list beyondcorp.clientGateways.setIamPolicy beyondcorp.locations.get beyondcorp.locations.list beyondcorp.operations.cancel beyondcorp.operations.delete beyondcorp.operations.get beyondcorp.operations.list |
Chrome Enterprise Premium | Supported In Custom Roles |
beyondcorp.appConnections.create beyondcorp.appConnections.delete beyondcorp.appConnections.get beyondcorp.appConnections.getIamPolicy beyondcorp.appConnections.list beyondcorp.appConnections.setIamPolicy beyondcorp.appConnections.update beyondcorp.appConnectors.create beyondcorp.appConnectors.delete beyondcorp.appConnectors.get beyondcorp.appConnectors.getIamPolicy beyondcorp.appConnectors.list beyondcorp.appConnectors.reportStatus beyondcorp.appConnectors.setIamPolicy beyondcorp.appConnectors.update beyondcorp.appGateways.create beyondcorp.appGateways.delete beyondcorp.appGateways.get beyondcorp.appGateways.getIamPolicy beyondcorp.appGateways.list beyondcorp.appGateways.setIamPolicy beyondcorp.appGateways.update beyondcorp.clientConnectorServices.access beyondcorp.clientConnectorServices.create beyondcorp.clientConnectorServices.delete beyondcorp.clientConnectorServices.get beyondcorp.clientConnectorServices.getIamPolicy beyondcorp.clientConnectorServices.list beyondcorp.clientConnectorServices.setIamPolicy beyondcorp.clientConnectorServices.update beyondcorp.clientGateways.create beyondcorp.clientGateways.delete beyondcorp.clientGateways.get beyondcorp.clientGateways.getIamPolicy beyondcorp.clientGateways.list beyondcorp.clientGateways.setIamPolicy beyondcorp.locations.get beyondcorp.locations.list beyondcorp.operations.cancel beyondcorp.operations.delete beyondcorp.operations.get beyondcorp.operations.list |
Identity-Aware Proxy | Now GA |
iap.tunnelDestGroups.accessViaIAP iap.tunnelDestGroups.create iap.tunnelDestGroups.delete iap.tunnelDestGroups.get iap.tunnelDestGroups.getIamPolicy iap.tunnelDestGroups.list iap.tunnelDestGroups.setIamPolicy iap.tunnelDestGroups.update iap.tunnelLocations.getIamPolicy iap.tunnelLocations.setIamPolicy |
Cloud Integrations | Added |
integrations.authConfigs.create integrations.authConfigs.delete integrations.authConfigs.get integrations.authConfigs.list integrations.authConfigs.update integrations.certificates.create integrations.certificates.delete integrations.certificates.get integrations.certificates.list integrations.certificates.update integrations.executions.list integrations.integrationVersions.create integrations.integrationVersions.delete integrations.integrationVersions.deploy integrations.integrationVersions.get integrations.integrationVersions.invoke integrations.integrationVersions.list integrations.integrationVersions.update integrations.integrations.create integrations.integrations.delete integrations.integrations.deploy integrations.integrations.get integrations.integrations.invoke integrations.integrations.list integrations.integrations.update integrations.sfdcChannels.create integrations.sfdcChannels.delete integrations.sfdcChannels.get integrations.sfdcChannels.list integrations.sfdcChannels.update integrations.sfdcInstances.create integrations.sfdcInstances.delete integrations.sfdcInstances.get integrations.sfdcInstances.list integrations.sfdcInstances.update integrations.suspensions.lift integrations.suspensions.list integrations.suspensions.resolve |
Cloud Integrations | Now GA |
integrations.authConfigs.create integrations.authConfigs.delete integrations.authConfigs.get integrations.authConfigs.list integrations.authConfigs.update integrations.certificates.create integrations.certificates.delete integrations.certificates.get integrations.certificates.list integrations.certificates.update integrations.executions.list integrations.integrationVersions.create integrations.integrationVersions.delete integrations.integrationVersions.deploy integrations.integrationVersions.get integrations.integrationVersions.invoke integrations.integrationVersions.list integrations.integrationVersions.update integrations.integrations.create integrations.integrations.delete integrations.integrations.deploy integrations.integrations.get integrations.integrations.invoke integrations.integrations.list integrations.integrations.update integrations.sfdcChannels.create integrations.sfdcChannels.delete integrations.sfdcChannels.get integrations.sfdcChannels.list integrations.sfdcChannels.update integrations.sfdcInstances.create integrations.sfdcInstances.delete integrations.sfdcInstances.get integrations.sfdcInstances.list integrations.sfdcInstances.update integrations.suspensions.lift integrations.suspensions.list integrations.suspensions.resolve |
Secured Landing Zone | Added |
securedlandingzone.operations.get securedlandingzone.overwatches.activate securedlandingzone.overwatches.create securedlandingzone.overwatches.delete securedlandingzone.overwatches.get securedlandingzone.overwatches.list securedlandingzone.overwatches.suspend securedlandingzone.overwatches.update |
Secured Landing Zone | Supported In Custom Roles |
securedlandingzone.overwatches.activate securedlandingzone.overwatches.suspend |
Cloud IAM changes as of 2022-06-24
Service | Change | Description |
---|---|---|
Config Management | Role Updated |
The following permissions have been added to the role container.clusters.get |
Batch | Now GA |
The role |
Firebase Test Lab | Role Updated |
The following permissions have been added to the role storage.objects.delete |
Apigee | Added |
apigee.securityProfileEnvironments.computeScore apigee.securityProfileEnvironments.create apigee.securityProfileEnvironments.delete apigee.securityProfiles.get apigee.securityProfiles.list apigee.securityStats.queryTabularStats apigee.securityStats.queryTimeSeriesStats |
Apigee | Now GA |
apigee.securityProfileEnvironments.computeScore apigee.securityProfileEnvironments.create apigee.securityProfileEnvironments.delete apigee.securityProfiles.get apigee.securityProfiles.list apigee.securityStats.queryTabularStats apigee.securityStats.queryTimeSeriesStats |
Cloud IAM changes as of 2022-06-17
Service | Change | Description |
---|---|---|
Care Studio | Now GA |
The role |
Translation | Role Updated |
The following permissions have been added to the role automl.datasets.export automl.datasets.get automl.datasets.list automl.models.get automl.models.list automl.operations.get |
Cloud Composer | Role Updated |
The following permissions have been added to the role resourcemanager.projects.getIamPolicy |
Google Kubernetes Engine | Role Updated |
The following permissions have been added to the role dns.managedZones.getIamPolicy dns.policies.getIamPolicy |
Dialogflow | Role Updated |
The following permissions have been added to the role pubsub.snapshots.seek pubsub.subscriptions.consume pubsub.topics.attachSubscription |
Cloud DNS | Role Updated |
The following permissions have been added to the role dns.managedZones.getIamPolicy dns.policies.getIamPolicy |
Document AI | Role Updated |
The following permissions have been added to the role documentai.humanReviewConfigs.review |
Basic Role | Role Updated |
The following permissions have been added to the role dns.managedZones.getIamPolicy dns.policies.getIamPolicy |
Cloud Integrations | Role Updated |
The following permissions have been added to the role pubsub.snapshots.create pubsub.snapshots.delete pubsub.snapshots.update pubsub.topics.create pubsub.topics.delete pubsub.topics.detachSubscription pubsub.topics.update pubsub.topics.updateTag |
Service Networking | Role Updated |
The following permissions have been added to the role dns.managedZones.getIamPolicy dns.policies.getIamPolicy |
Basic Role | Role Updated |
The following permissions have been added to the role dns.managedZones.getIamPolicy dns.policies.getIamPolicy |
Basic Role | Role Updated |
The following permissions have been removed from the role apigee.archivedeployments.upload |
Bare Metal Solution | Added |
baremetalsolution.instancequotas.list baremetalsolution.networkquotas.list baremetalsolution.volumequotas.list |
Bare Metal Solution | Supported In Custom Roles |
baremetalsolution.instancequotas.list baremetalsolution.networkquotas.list baremetalsolution.volumequotas.list |
Bare Metal Solution | Now GA |
baremetalsolution.instancequotas.list baremetalsolution.networkquotas.list baremetalsolution.volumequotas.list |
Batch | Added |
batch.jobs.create batch.jobs.delete batch.jobs.get batch.jobs.list batch.locations.get batch.locations.list batch.operations.get batch.operations.list batch.states.report batch.tasks.get batch.tasks.list |
Batch | Supported In Custom Roles |
batch.jobs.create batch.jobs.delete batch.jobs.get batch.jobs.list batch.locations.get batch.locations.list batch.operations.get batch.operations.list batch.states.report batch.tasks.get batch.tasks.list |
BigQuery | Supported In Custom Roles |
bigquery.dataPolicies.create bigquery.dataPolicies.delete bigquery.dataPolicies.get bigquery.dataPolicies.getIamPolicy bigquery.dataPolicies.list bigquery.dataPolicies.maskedGet bigquery.dataPolicies.setIamPolicy bigquery.dataPolicies.update |
Bigtable | Added |
bigtable.tables.undelete |
Bigtable | Now GA |
bigtable.tables.undelete |
Care Studio | Now GA |
carestudio.patients.get carestudio.patients.list |
Cloud Integrations | Added |
integrations.apigeeSuspensions.lift |
Cloud Integrations | Now GA |
integrations.apigeeSuspensions.lift |
Service Networking | Added |
servicenetworking.services.createPeeredDnsDomain servicenetworking.services.deletePeeredDnsDomain servicenetworking.services.listPeeredDnsDomains |
Service Networking | Supported In Custom Roles |
servicenetworking.services.createPeeredDnsDomain servicenetworking.services.deletePeeredDnsDomain servicenetworking.services.listPeeredDnsDomains |
Timeseries Insights API | Added |
timeseriesinsights.datasets.create timeseriesinsights.datasets.delete timeseriesinsights.datasets.evaluate timeseriesinsights.datasets.list timeseriesinsights.datasets.query timeseriesinsights.datasets.update |
Cloud IAM changes as of 2022-06-10
Service | Change | Description |
---|---|---|
App Engine | Role Updated |
The following permissions have been added to the role appengine.memcache.addKey appengine.memcache.flush appengine.memcache.get appengine.memcache.update |
Cloud Composer | Role Updated |
The following permissions have been added to the role appengine.memcache.addKey appengine.memcache.flush appengine.memcache.get appengine.memcache.update |
Compute Engine | Role Updated |
The following permissions have been added to the role storage.objects.create storage.objects.get storage.objects.list storage.objects.update |
Dataplex | Role Updated |
The following permissions have been added to the role cloudasset.assets.analyzeIamPolicy cloudasset.assets.searchAllIamPolicies cloudasset.assets.searchAllResources |
Dataplex | Role Updated |
The following permissions have been added to the role cloudasset.assets.analyzeIamPolicy |
Dataplex | Role Updated |
The following permissions have been added to the role cloudasset.assets.analyzeIamPolicy |
Cloud Integrations | Now GA |
The role |
Dataproc Metastore | Now GA |
The role |
Resource Manager | Now GA |
The role |
Resource Manager | Now GA |
The role |
Resource Manager | Now GA |
The role |
Resource Manager | Now GA |
The role |
Access Approval | Added |
accessapproval.requests.invalidate |
Access Approval | Supported In Custom Roles |
accessapproval.requests.invalidate |
AlloyDB for PostgreSQL | Added |
alloydb.backups.create alloydb.backups.delete alloydb.backups.get alloydb.backups.list alloydb.backups.update alloydb.clusters.create alloydb.clusters.delete alloydb.clusters.generateClientCertificate alloydb.clusters.get alloydb.clusters.list alloydb.clusters.update alloydb.instances.connect alloydb.instances.create alloydb.instances.delete alloydb.instances.failover alloydb.instances.get alloydb.instances.list alloydb.instances.restart alloydb.instances.update alloydb.locations.get alloydb.locations.list alloydb.operations.cancel alloydb.operations.delete alloydb.operations.get alloydb.operations.list alloydb.supportedDatabaseFlags.get alloydb.supportedDatabaseFlags.list |
Artifact Registry | Added |
artifactregistry.mavenartifacts.get artifactregistry.mavenartifacts.list artifactregistry.npmpackages.get artifactregistry.npmpackages.list artifactregistry.pythonpackages.get artifactregistry.pythonpackages.list |
Artifact Registry | Now GA |
artifactregistry.mavenartifacts.get artifactregistry.mavenartifacts.list artifactregistry.npmpackages.get artifactregistry.npmpackages.list artifactregistry.pythonpackages.get artifactregistry.pythonpackages.list |
AutoML | Added |
automl.files.delete automl.files.list |
Bare Metal Solution | Added |
baremetalsolution.instances.attachVolume baremetalsolution.instances.detachVolume |
Bare Metal Solution | Supported In Custom Roles |
baremetalsolution.instances.attachVolume baremetalsolution.instances.detachVolume |
Bare Metal Solution | Now GA |
baremetalsolution.instances.attachVolume baremetalsolution.instances.detachVolume |
Cloud Billing | Added |
billing.accounts.getCarbonInformation |
Cloud Billing | Supported In Custom Roles |
billing.accounts.getCarbonInformation |
Cloud Billing | Now GA |
billing.accounts.getCarbonInformation |
Cloud Deploy | Added |
clouddeploy.releases.abandon |
Cloud Deploy | Supported In Custom Roles |
clouddeploy.releases.abandon |
Commerce Price Management | Added |
commerceprice.privateoffers.cancel |
Commerce Price Management | Supported In Custom Roles |
commerceprice.privateoffers.cancel |
Datastream | Added |
datastream.connectionProfiles.createTagBinding datastream.connectionProfiles.deleteTagBinding datastream.connectionProfiles.listEffectiveTags datastream.connectionProfiles.listTagBindings datastream.privateConnections.createTagBinding datastream.privateConnections.deleteTagBinding datastream.privateConnections.listEffectiveTags datastream.privateConnections.listTagBindings datastream.streams.createTagBinding datastream.streams.deleteTagBinding datastream.streams.listEffectiveTags datastream.streams.listTagBindings |
Cloud DNS | Added |
dns.managedZones.getIamPolicy dns.managedZones.setIamPolicy |
Cloud DNS | Supported In Custom Roles |
dns.managedZones.getIamPolicy dns.managedZones.setIamPolicy |
Identity and Access Management | Added |
iam.serviceAccountKeys.disable iam.serviceAccountKeys.enable |
Identity and Access Management | Supported In Custom Roles |
iam.serviceAccountKeys.disable iam.serviceAccountKeys.enable |
Identity and Access Management | Now GA |
iam.serviceAccountKeys.disable iam.serviceAccountKeys.enable |
Dataproc Metastore | Added |
metastore.federations.create metastore.federations.delete metastore.federations.get metastore.federations.getIamPolicy metastore.federations.list metastore.federations.setIamPolicy metastore.federations.update metastore.federations.use |
Dataproc Metastore | Supported In Custom Roles |
metastore.federations.create metastore.federations.delete metastore.federations.get metastore.federations.getIamPolicy metastore.federations.list metastore.federations.setIamPolicy metastore.federations.update metastore.federations.use |
Dataproc Metastore | Now GA |
metastore.federations.create metastore.federations.delete metastore.federations.get metastore.federations.getIamPolicy metastore.federations.list metastore.federations.setIamPolicy metastore.federations.update metastore.federations.use |
Resource Manager | Now GA |
resourcemanager.hierarchyNodes.createTagBinding resourcemanager.hierarchyNodes.deleteTagBinding resourcemanager.hierarchyNodes.listTagBindings resourcemanager.resourceTagBindings.create resourcemanager.resourceTagBindings.delete resourcemanager.resourceTagBindings.list resourcemanager.tagHolds.create resourcemanager.tagHolds.delete resourcemanager.tagHolds.list resourcemanager.tagKeys.create resourcemanager.tagKeys.delete resourcemanager.tagKeys.get resourcemanager.tagKeys.getIamPolicy resourcemanager.tagKeys.list resourcemanager.tagKeys.setIamPolicy resourcemanager.tagKeys.update resourcemanager.tagValueBindings.create resourcemanager.tagValueBindings.delete resourcemanager.tagValues.create resourcemanager.tagValues.delete resourcemanager.tagValues.get resourcemanager.tagValues.getIamPolicy resourcemanager.tagValues.list resourcemanager.tagValues.setIamPolicy resourcemanager.tagValues.update |
Cloud IAM changes as of 2022-05-27
Service | Change | Description |
---|---|---|
AlloyDB for PostgreSQL | Now GA |
The role |
Compute Engine | Role Updated |
The following permissions have been added to the role compute.addresses.use compute.addresses.useInternal compute.disks.create compute.disks.setLabels compute.disks.use compute.disks.useReadOnly compute.images.useReadOnly compute.instanceTemplates.useReadOnly compute.instances.create compute.instances.createTagBinding compute.instances.setDeletionProtection compute.instances.setLabels compute.instances.setMetadata compute.instances.setServiceAccount compute.instances.setTags compute.instances.updateDisplayDevice compute.machineImages.useReadOnly compute.networks.use compute.networks.useExternalIp compute.resourcePolicies.use compute.snapshots.useReadOnly compute.subnetworks.use compute.subnetworks.useExternalIp |
Dataflow | Role Updated |
The following permissions have been added to the role monitoring.timeSeries.create |
Live Stream | Role Updated |
The following permissions have been added to the role storage.objects.get storage.objects.list |
Cloud Run | Role Updated |
The following permissions have been added to the role compute.addresses.createInternal compute.addresses.deleteInternal compute.addresses.get compute.addresses.list compute.subnetworks.get compute.subnetworks.use |
Cloud Run | Role Updated |
The following permissions have been added to the role compute.addresses.createInternal compute.addresses.deleteInternal compute.addresses.get compute.addresses.list compute.subnetworks.get compute.subnetworks.use |
Vertex AI | Added |
aiplatform.entityTypes.getIamPolicy aiplatform.entityTypes.setIamPolicy aiplatform.featurestores.getIamPolicy aiplatform.featurestores.setIamPolicy |
Container Security | Added |
containersecurity.locations.get containersecurity.locations.list |
Network Management API | Added |
networkmanagement.config.get networkmanagement.config.startFreeTrial networkmanagement.config.update |
Network Management API | Supported In Custom Roles |
networkmanagement.config.get networkmanagement.config.startFreeTrial networkmanagement.config.update |
Network Management API | Now GA |
networkmanagement.config.get networkmanagement.config.startFreeTrial networkmanagement.config.update |
Network Services | Added |
networkservices.tlsRoutes.create networkservices.tlsRoutes.delete networkservices.tlsRoutes.get networkservices.tlsRoutes.list networkservices.tlsRoutes.update networkservices.tlsRoutes.use |
Network Services | Supported In Custom Roles |
networkservices.tlsRoutes.create networkservices.tlsRoutes.delete networkservices.tlsRoutes.get networkservices.tlsRoutes.list networkservices.tlsRoutes.update networkservices.tlsRoutes.use |
reCAPTCHA | Added |
recaptchaenterprise.keys.retrievelegacysecretkey |
Transfer Appliance | Added |
transferappliance.appliances.create transferappliance.appliances.delete transferappliance.appliances.get transferappliance.appliances.list transferappliance.appliances.update transferappliance.locations.get transferappliance.locations.list transferappliance.operations.cancel transferappliance.operations.delete transferappliance.operations.get transferappliance.operations.list transferappliance.orders.create transferappliance.orders.delete transferappliance.orders.get transferappliance.orders.list transferappliance.orders.update |
Transfer Appliance | Supported In Custom Roles |
transferappliance.appliances.create transferappliance.appliances.delete transferappliance.appliances.get transferappliance.appliances.list transferappliance.appliances.update transferappliance.locations.get transferappliance.locations.list transferappliance.operations.cancel transferappliance.operations.delete transferappliance.operations.get transferappliance.operations.list transferappliance.orders.create transferappliance.orders.delete transferappliance.orders.get transferappliance.orders.list transferappliance.orders.update |
Cloud IAM changes as of 2022-05-20
Service | Change | Description |
---|---|---|
Cloud Service Mesh | Role Updated |
The following permissions have been added to the role container.jobs.create container.jobs.delete container.jobs.get container.jobs.list container.jobs.update |
Backup for GKE | Role Updated |
The following permissions have been added to the role compute.disks.list compute.disks.setLabels |
Vertex AI | Added |
aiplatform.humanInTheLoops.queryAnnotationStats |
Bare Metal Solution | Added |
baremetalsolution.luns.create baremetalsolution.luns.delete baremetalsolution.luns.update baremetalsolution.volumes.create baremetalsolution.volumes.delete |
Bare Metal Solution | Supported In Custom Roles |
baremetalsolution.luns.create baremetalsolution.luns.delete baremetalsolution.luns.update baremetalsolution.volumes.create baremetalsolution.volumes.delete |
Bare Metal Solution | Now GA |
baremetalsolution.luns.create baremetalsolution.luns.delete baremetalsolution.luns.update baremetalsolution.volumes.create baremetalsolution.volumes.delete |
BigQuery | Added |
bigquery.datasets.createTagBinding bigquery.datasets.deleteTagBinding bigquery.datasets.listTagBindings |
BigQuery | Supported In Custom Roles |
bigquery.datasets.createTagBinding bigquery.datasets.deleteTagBinding bigquery.datasets.listTagBindings |
Recommender | Added |
recommender.containerDiagnosisInsights.get recommender.containerDiagnosisInsights.list recommender.containerDiagnosisInsights.update recommender.containerDiagnosisRecommendations.get recommender.containerDiagnosisRecommendations.list recommender.containerDiagnosisRecommendations.update |
Recommender | Supported In Custom Roles |
recommender.containerDiagnosisInsights.get recommender.containerDiagnosisInsights.list recommender.containerDiagnosisInsights.update recommender.containerDiagnosisRecommendations.get recommender.containerDiagnosisRecommendations.list recommender.containerDiagnosisRecommendations.update |
Service Security Insights | Added |
servicesecurityinsights.securityInfo.list |
Service Security Insights | Supported In Custom Roles |
servicesecurityinsights.securityInfo.list |
Cloud IAM changes as of 2022-05-13
Service | Change | Description |
---|---|---|
Assured Workloads | Role Updated |
The following permissions have been added to the role logging.cmekSettings.update |
Maps Admin | Now GA |
The role |
Maps Admin | Now GA |
The role |
Security Command Center | Role Updated |
The following permissions have been added to the role orgpolicy.policies.list |
Security Command Center | Role Updated |
The following permissions have been added to the role orgpolicy.policies.list |
Service Security Insights | Role Added |
The role servicesecurityinsights.clusterSecurityInfo.get servicesecurityinsights.clusterSecurityInfo.list servicesecurityinsights.clusters.get servicesecurityinsights.clusters.list servicesecurityinsights.googleapis.com/clusterSecurityInfo.get servicesecurityinsights.googleapis.com/clusterSecurityInfo.list servicesecurityinsights.googleapis.com/clusters.get servicesecurityinsights.googleapis.com/clusters.list servicesecurityinsights.googleapis.com/locations.get servicesecurityinsights.googleapis.com/locations.list servicesecurityinsights.googleapis.com/namespaces.get servicesecurityinsights.googleapis.com/namespaces.list servicesecurityinsights.googleapis.com/policies.get servicesecurityinsights.googleapis.com/policyTypes.get servicesecurityinsights.googleapis.com/policyTypes.list servicesecurityinsights.googleapis.com/projectStates.get servicesecurityinsights.googleapis.com/securityInfo.list servicesecurityinsights.googleapis.com/securityViews.get servicesecurityinsights.googleapis.com/workloadPolicies.list servicesecurityinsights.googleapis.com/workloadSecurityInfo.get servicesecurityinsights.googleapis.com/workloadTypes.get servicesecurityinsights.googleapis.com/workloadTypes.list servicesecurityinsights.googleapis.com/workloads.get servicesecurityinsights.googleapis.com/workloads.list servicesecurityinsights.locations.get servicesecurityinsights.locations.list servicesecurityinsights.namespaces.get servicesecurityinsights.namespaces.list servicesecurityinsights.policies.get servicesecurityinsights.policyTypes.get servicesecurityinsights.policyTypes.list servicesecurityinsights.projectStates.get servicesecurityinsights.securityInfo.list servicesecurityinsights.securityViews.get servicesecurityinsights.workloadPolicies.list servicesecurityinsights.workloadSecurityInfo.get servicesecurityinsights.workloadTypes.get servicesecurityinsights.workloadTypes.list servicesecurityinsights.workloads.get servicesecurityinsights.workloads.list |
Apigee | Added |
apigee.keyvaluemapentries.create apigee.keyvaluemapentries.delete apigee.keyvaluemapentries.get |
Apigee | Supported In Custom Roles |
apigee.keyvaluemapentries.create apigee.keyvaluemapentries.delete apigee.keyvaluemapentries.get |
Apigee | Now GA |
apigee.keyvaluemapentries.create apigee.keyvaluemapentries.delete apigee.keyvaluemapentries.get |
Artifact Registry | Added |
artifactregistry.locations.get artifactregistry.locations.list |
Artifact Registry | Supported In Custom Roles |
artifactregistry.locations.get artifactregistry.locations.list |
Artifact Registry | Now GA |
artifactregistry.locations.get artifactregistry.locations.list |
Care Studio | Added |
carestudio.patients.get carestudio.patients.list |
Identity-Aware Proxy | Added |
iap.tunnelDestGroups.accessViaIAP iap.tunnelDestGroups.create iap.tunnelDestGroups.delete iap.tunnelDestGroups.get iap.tunnelDestGroups.getIamPolicy iap.tunnelDestGroups.list iap.tunnelDestGroups.setIamPolicy iap.tunnelDestGroups.update iap.tunnelLocations.getIamPolicy iap.tunnelLocations.setIamPolicy |
Identity-Aware Proxy | Supported In Custom Roles |
iap.tunnelDestGroups.accessViaIAP iap.tunnelDestGroups.create iap.tunnelDestGroups.delete iap.tunnelDestGroups.get iap.tunnelDestGroups.getIamPolicy iap.tunnelDestGroups.list iap.tunnelDestGroups.setIamPolicy iap.tunnelDestGroups.update iap.tunnelLocations.getIamPolicy iap.tunnelLocations.setIamPolicy |
Maps Admin | Added |
mapsadmin.clientMaps.create mapsadmin.clientMaps.delete mapsadmin.clientMaps.get mapsadmin.clientMaps.list mapsadmin.clientMaps.update mapsadmin.clientStyleActivationRules.update mapsadmin.clientStyleSheetSnapshots.list mapsadmin.clientStyleSheetSnapshots.update mapsadmin.clientStyles.create mapsadmin.clientStyles.delete mapsadmin.clientStyles.get mapsadmin.clientStyles.list mapsadmin.clientStyles.update mapsadmin.styleEditorConfigs.get |
Maps Admin | Supported In Custom Roles |
mapsadmin.clientMaps.create mapsadmin.clientMaps.delete mapsadmin.clientMaps.get mapsadmin.clientMaps.list mapsadmin.clientMaps.update mapsadmin.clientStyleActivationRules.update mapsadmin.clientStyleSheetSnapshots.list mapsadmin.clientStyleSheetSnapshots.update mapsadmin.clientStyles.create mapsadmin.clientStyles.delete mapsadmin.clientStyles.get mapsadmin.clientStyles.list mapsadmin.clientStyles.update mapsadmin.styleEditorConfigs.get |
Maps Admin | Now GA |
mapsadmin.clientMaps.create mapsadmin.clientMaps.delete mapsadmin.clientMaps.get mapsadmin.clientMaps.list mapsadmin.clientMaps.update mapsadmin.clientStyleActivationRules.update mapsadmin.clientStyleSheetSnapshots.list mapsadmin.clientStyleSheetSnapshots.update mapsadmin.clientStyles.create mapsadmin.clientStyles.delete mapsadmin.clientStyles.get mapsadmin.clientStyles.list mapsadmin.clientStyles.update mapsadmin.styleEditorConfigs.get |
Certificate Authority Service | Added |
privateca.caPools.use |
Certificate Authority Service | Now GA |
privateca.caPools.use |
Cloud IAM changes as of 2022-05-06
Service | Change | Description |
---|---|---|
Cloud Billing | Now GA |
The role |
Cloud Run functions | Role Updated |
The following permissions have been added to the role run.operations.delete run.operations.get run.operations.list |
Cloud Run functions | Role Updated |
The following permissions have been added to the role run.operations.delete run.operations.get run.operations.list |
Firebase App Check | Now GA |
The role |
Firebase App Check | Now GA |
The role |
Recommender | Now GA |
The role |
Recommender | Now GA |
The role |
Cloud Run | Role Updated |
The following permissions have been added to the role run.operations.delete run.operations.get run.operations.list |
Container Security | Added |
containersecurity.clusterSummaries.list containersecurity.workloadConfigAudits.list |
Container Security | Supported In Custom Roles |
containersecurity.clusterSummaries.list containersecurity.workloadConfigAudits.list |
Eventarc | Added |
eventarc.channelConnections.create eventarc.channelConnections.delete eventarc.channelConnections.get eventarc.channelConnections.getIamPolicy eventarc.channelConnections.list eventarc.channelConnections.publish eventarc.channelConnections.setIamPolicy |
Eventarc | Supported In Custom Roles |
eventarc.channelConnections.create eventarc.channelConnections.delete eventarc.channelConnections.get eventarc.channelConnections.getIamPolicy eventarc.channelConnections.list eventarc.channelConnections.publish eventarc.channelConnections.setIamPolicy |
Firebase App Check | Added |
firebaseappcheck.recaptchaV3Config.get firebaseappcheck.recaptchaV3Config.update |
Firebase App Check | Now GA |
firebaseappcheck.appAttestConfig.get firebaseappcheck.appAttestConfig.update firebaseappcheck.debugTokens.get firebaseappcheck.debugTokens.update firebaseappcheck.deviceCheckConfig.get firebaseappcheck.deviceCheckConfig.update firebaseappcheck.playIntegrityConfig.get firebaseappcheck.playIntegrityConfig.update firebaseappcheck.recaptchaEnterpriseConfig.get firebaseappcheck.recaptchaEnterpriseConfig.update firebaseappcheck.recaptchaV3Config.get firebaseappcheck.recaptchaV3Config.update firebaseappcheck.safetyNetConfig.get firebaseappcheck.safetyNetConfig.update firebaseappcheck.services.get firebaseappcheck.services.update |
Managed Service for Microsoft Active Directory | Added |
managedidentities.domains.extendSchema |
Managed Service for Microsoft Active Directory | Supported In Custom Roles |
managedidentities.domains.extendSchema |
Recommender | Added |
recommender.gmpProjectManagementInsights.get recommender.gmpProjectManagementInsights.list recommender.gmpProjectManagementInsights.update recommender.gmpProjectManagementRecommendations.get recommender.gmpProjectManagementRecommendations.list recommender.gmpProjectManagementRecommendations.update recommender.gmpProjectProductSuggestionsInsights.get recommender.gmpProjectProductSuggestionsInsights.list recommender.gmpProjectProductSuggestionsInsights.update recommender.gmpProjectProductSuggestionsRecommendations.get recommender.gmpProjectProductSuggestionsRecommendations.list recommender.gmpProjectProductSuggestionsRecommendations.update recommender.gmpProjectQuotaInsights.get recommender.gmpProjectQuotaInsights.list recommender.gmpProjectQuotaInsights.update recommender.gmpProjectQuotaRecommendations.get recommender.gmpProjectQuotaRecommendations.list recommender.gmpProjectQuotaRecommendations.update |
Recommender | Supported In Custom Roles |
recommender.gmpProjectManagementInsights.get recommender.gmpProjectManagementInsights.list recommender.gmpProjectManagementInsights.update recommender.gmpProjectManagementRecommendations.get recommender.gmpProjectManagementRecommendations.list recommender.gmpProjectManagementRecommendations.update recommender.gmpProjectProductSuggestionsInsights.get recommender.gmpProjectProductSuggestionsInsights.list recommender.gmpProjectProductSuggestionsInsights.update recommender.gmpProjectProductSuggestionsRecommendations.get recommender.gmpProjectProductSuggestionsRecommendations.list recommender.gmpProjectProductSuggestionsRecommendations.update recommender.gmpProjectQuotaInsights.get recommender.gmpProjectQuotaInsights.list recommender.gmpProjectQuotaInsights.update recommender.gmpProjectQuotaRecommendations.get recommender.gmpProjectQuotaRecommendations.list recommender.gmpProjectQuotaRecommendations.update |
Recommender | Now GA |
recommender.gmpProjectManagementInsights.get recommender.gmpProjectManagementInsights.list recommender.gmpProjectManagementInsights.update recommender.gmpProjectManagementRecommendations.get recommender.gmpProjectManagementRecommendations.list recommender.gmpProjectManagementRecommendations.update recommender.gmpProjectProductSuggestionsInsights.get recommender.gmpProjectProductSuggestionsInsights.list recommender.gmpProjectProductSuggestionsInsights.update recommender.gmpProjectProductSuggestionsRecommendations.get recommender.gmpProjectProductSuggestionsRecommendations.list recommender.gmpProjectProductSuggestionsRecommendations.update recommender.gmpProjectQuotaInsights.get recommender.gmpProjectQuotaInsights.list recommender.gmpProjectQuotaInsights.update recommender.gmpProjectQuotaRecommendations.get recommender.gmpProjectQuotaRecommendations.list recommender.gmpProjectQuotaRecommendations.update |
Cloud Run | Added |
run.executions.delete run.executions.get run.executions.list run.jobs.create run.jobs.delete run.jobs.get run.jobs.getIamPolicy run.jobs.list run.jobs.run run.jobs.setIamPolicy run.jobs.update run.tasks.get run.tasks.list |
Cloud Run | Supported In Custom Roles |
run.jobs.run run.jobs.update |
Cloud Run | Now GA |
run.executions.delete run.executions.get run.executions.list run.jobs.create run.jobs.delete run.jobs.get run.jobs.getIamPolicy run.jobs.list run.jobs.run run.jobs.setIamPolicy run.jobs.update run.tasks.get run.tasks.list |
Service Security Insights | Added |
servicesecurityinsights.clusterSecurityInfo.get servicesecurityinsights.clusterSecurityInfo.list servicesecurityinsights.policies.get servicesecurityinsights.projectStates.get servicesecurityinsights.securityViews.get servicesecurityinsights.workloadPolicies.list servicesecurityinsights.workloadSecurityInfo.get |
Cloud IAM changes as of 2022-04-29
Service | Change | Description |
---|---|---|
Apigee | Role Updated |
The following permissions have been added to the role apigee.keyvaluemaps.create apigee.keyvaluemaps.delete |
Content Warehouse | Role Updated |
The following permissions have been removed from the role contentwarehouse.documents.create contentwarehouse.documents.delete contentwarehouse.documents.setIamPolicy |
Dataflow | Role Updated |
The following permissions have been added to the role cloudbuild.builds.create cloudbuild.builds.get cloudbuild.builds.list cloudbuild.builds.update remotebuildexecution.blobs.get |
Dataflow | Role Updated |
The following permissions have been added to the role cloudbuild.builds.create cloudbuild.builds.get cloudbuild.builds.list cloudbuild.builds.update remotebuildexecution.blobs.get |
Dataflow | Role Updated |
The following permissions have been added to the role dataflow.jobs.cancel dataflow.jobs.create dataflow.jobs.get dataflow.jobs.list dataflow.jobs.snapshot dataflow.jobs.updateContents dataflow.messages.list dataflow.metrics.get dataflow.snapshots.delete dataflow.snapshots.get dataflow.snapshots.list recommender.dataflowDiagnosticsInsights.get recommender.dataflowDiagnosticsInsights.list recommender.dataflowDiagnosticsInsights.update serviceusage.services.use |
Data Pipelines | Role Updated |
The following permissions have been added to the role cloudbuild.builds.create cloudbuild.builds.get cloudbuild.builds.list cloudbuild.builds.update remotebuildexecution.blobs.get |
Dataprep by Trifacta | Role Updated |
The following permissions have been added to the role cloudbuild.builds.create cloudbuild.builds.get cloudbuild.builds.list cloudbuild.builds.update remotebuildexecution.blobs.get |
Firebase Mods | Role Updated |
The following permissions have been added to the role iam.serviceAccounts.actAs |
Speech-to-Text | Role Updated |
The following permissions have been added to the role speech.customClasses.get speech.customClasses.list speech.phraseSets.get speech.phraseSets.list |
Apigee | Added |
apigee.datalocation.get |
Apigee | Supported In Custom Roles |
apigee.datalocation.get |
Apigee | Now GA |
apigee.datalocation.get |
Compute Engine | Added |
compute.instances.createTagBinding compute.instances.deleteTagBinding compute.instances.listTagBindings |
Compute Engine | Now GA |
compute.instances.createTagBinding compute.instances.deleteTagBinding compute.instances.listTagBindings |
Eventarc | Added |
eventarc.channels.create eventarc.channels.delete eventarc.channels.get eventarc.channels.getIamPolicy eventarc.channels.list eventarc.channels.publish eventarc.channels.setIamPolicy eventarc.channels.undelete eventarc.channels.update |
Eventarc | Supported In Custom Roles |
eventarc.channels.create eventarc.channels.delete eventarc.channels.get eventarc.channels.getIamPolicy eventarc.channels.list eventarc.channels.publish eventarc.channels.setIamPolicy eventarc.channels.undelete eventarc.channels.update |
Firebase App Check | Added |
firebaseappcheck.playIntegrityConfig.get firebaseappcheck.playIntegrityConfig.update |
Firebase App Check | Supported In Custom Roles |
firebaseappcheck.playIntegrityConfig.get firebaseappcheck.playIntegrityConfig.update |
Recommender | Added |
recommender.costInsights.get recommender.costInsights.list recommender.costInsights.update recommender.runServiceIdentityInsights.get recommender.runServiceIdentityInsights.list recommender.runServiceIdentityInsights.update recommender.runServiceIdentityRecommendations.get recommender.runServiceIdentityRecommendations.list recommender.runServiceIdentityRecommendations.update |
Recommender | Supported In Custom Roles |
recommender.runServiceIdentityInsights.get recommender.runServiceIdentityInsights.list recommender.runServiceIdentityInsights.update recommender.runServiceIdentityRecommendations.get recommender.runServiceIdentityRecommendations.list recommender.runServiceIdentityRecommendations.update |
Recommender | Now GA |
recommender.runServiceIdentityInsights.get recommender.runServiceIdentityInsights.list recommender.runServiceIdentityInsights.update recommender.runServiceIdentityRecommendations.get recommender.runServiceIdentityRecommendations.list recommender.runServiceIdentityRecommendations.update |
Cloud IAM changes as of 2022-04-22
Service | Change | Description |
---|---|---|
BigQuery Migration API | Now GA |
The role |
BigQuery Migration API | Now GA |
The role |
BigQuery Migration API | Now GA |
The role |
BigQuery Migration API | Now GA |
The role |
BigQuery Migration API | Now GA |
The role |
Google Kubernetes Engine | Role Updated |
The following permissions have been added to the role serviceusage.services.use |
Storage Transfer Service | Role Updated |
The following permissions have been removed from the role pubsub.snapshots.seek |
BigQuery Migration API | Now GA |
bigquerymigration.locations.get bigquerymigration.locations.list bigquerymigration.subtaskTypes.executeTask bigquerymigration.subtasks.create bigquerymigration.subtasks.executeTask bigquerymigration.subtasks.get bigquerymigration.subtasks.list bigquerymigration.taskTypes.orchestrateTask bigquerymigration.translation.translate bigquerymigration.workflows.create bigquerymigration.workflows.delete bigquerymigration.workflows.get bigquerymigration.workflows.list bigquerymigration.workflows.orchestrateTask bigquerymigration.workflows.update bigquerymigration.workflows.writeLogs |
Cloud Key Management Service | Added |
cloudkms.keyRings.listEffectiveTags |
Cloud Key Management Service | Now GA |
cloudkms.keyRings.listEffectiveTags |
Cloud Optimization | Added |
cloudoptimization.operations.create cloudoptimization.operations.get |
Cloud Optimization | Supported In Custom Roles |
cloudoptimization.operations.create cloudoptimization.operations.get |
Cloud SQL | Added |
cloudsql.instances.listEffectiveTags cloudsql.users.get |
Cloud SQL | Supported In Custom Roles |
cloudsql.users.get |
Cloud SQL | Now GA |
cloudsql.instances.listEffectiveTags cloudsql.users.get |
Compute Engine | Added |
compute.disks.listEffectiveTags compute.images.listEffectiveTags compute.instances.listEffectiveTags compute.snapshots.listEffectiveTags |
Google Kubernetes Engine | Added |
container.clusters.createTagBinding container.clusters.deleteTagBinding container.clusters.listEffectiveTags container.clusters.listTagBindings |
Google Kubernetes Engine | Now GA |
container.clusters.createTagBinding container.clusters.deleteTagBinding container.clusters.listEffectiveTags container.clusters.listTagBindings |
Cloud Domains | Added |
domains.registrations.listEffectiveTags |
Cloud Domains | Now GA |
domains.registrations.listEffectiveTags |
Filestore | Added |
file.backups.listEffectiveTags file.instances.listEffectiveTags file.snapshots.listEffectiveTags |
GKE Hub | Supported In Custom Roles |
gkehub.features.create gkehub.features.delete gkehub.features.get gkehub.features.getIamPolicy gkehub.features.list gkehub.features.setIamPolicy gkehub.features.update |
Managed Service for Microsoft Active Directory | Added |
managedidentities.domains.listEffectiveTags |
Managed Service for Microsoft Active Directory | Now GA |
managedidentities.domains.listEffectiveTags |
Recommender | Added |
recommender.computeInstanceCpuUsageInsights.get recommender.computeInstanceCpuUsageInsights.list recommender.computeInstanceCpuUsageInsights.update recommender.computeInstanceCpuUsagePredictionInsights.get recommender.computeInstanceCpuUsagePredictionInsights.list recommender.computeInstanceCpuUsagePredictionInsights.update recommender.computeInstanceCpuUsageTrendInsights.get recommender.computeInstanceCpuUsageTrendInsights.list recommender.computeInstanceCpuUsageTrendInsights.update recommender.computeInstanceGroupManagerCpuUsageInsights.get recommender.computeInstanceGroupManagerCpuUsageInsights.list recommender.computeInstanceGroupManagerCpuUsageInsights.update recommender.computeInstanceGroupManagerCpuUsagePredictionInsights.get recommender.computeInstanceGroupManagerCpuUsagePredictionInsights.list recommender.computeInstanceGroupManagerCpuUsagePredictionInsights.update recommender.computeInstanceGroupManagerCpuUsageTrendInsights.get recommender.computeInstanceGroupManagerCpuUsageTrendInsights.list recommender.computeInstanceGroupManagerCpuUsageTrendInsights.update recommender.computeInstanceGroupManagerMemoryUsageInsights.get recommender.computeInstanceGroupManagerMemoryUsageInsights.list recommender.computeInstanceGroupManagerMemoryUsageInsights.update recommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.get recommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.list recommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.update recommender.computeInstanceMemoryUsageInsights.get recommender.computeInstanceMemoryUsageInsights.list recommender.computeInstanceMemoryUsageInsights.update recommender.computeInstanceMemoryUsagePredictionInsights.get recommender.computeInstanceMemoryUsagePredictionInsights.list recommender.computeInstanceMemoryUsagePredictionInsights.update recommender.computeInstanceNetworkThroughputInsights.get recommender.computeInstanceNetworkThroughputInsights.list recommender.computeInstanceNetworkThroughputInsights.update recommender.spendBasedCommitmentInsights.get recommender.spendBasedCommitmentInsights.list recommender.spendBasedCommitmentInsights.update recommender.spendBasedCommitmentRecommendations.get recommender.spendBasedCommitmentRecommendations.list recommender.spendBasedCommitmentRecommendations.update |
Recommender | Supported In Custom Roles |
recommender.computeInstanceCpuUsageInsights.get recommender.computeInstanceCpuUsageInsights.list recommender.computeInstanceCpuUsageInsights.update recommender.computeInstanceCpuUsagePredictionInsights.get recommender.computeInstanceCpuUsagePredictionInsights.list recommender.computeInstanceCpuUsagePredictionInsights.update recommender.computeInstanceCpuUsageTrendInsights.get recommender.computeInstanceCpuUsageTrendInsights.list recommender.computeInstanceCpuUsageTrendInsights.update recommender.computeInstanceGroupManagerCpuUsageInsights.get recommender.computeInstanceGroupManagerCpuUsageInsights.list recommender.computeInstanceGroupManagerCpuUsageInsights.update recommender.computeInstanceGroupManagerCpuUsagePredictionInsights.get recommender.computeInstanceGroupManagerCpuUsagePredictionInsights.list recommender.computeInstanceGroupManagerCpuUsagePredictionInsights.update recommender.computeInstanceGroupManagerCpuUsageTrendInsights.get recommender.computeInstanceGroupManagerCpuUsageTrendInsights.list recommender.computeInstanceGroupManagerCpuUsageTrendInsights.update recommender.computeInstanceGroupManagerMemoryUsageInsights.get recommender.computeInstanceGroupManagerMemoryUsageInsights.list recommender.computeInstanceGroupManagerMemoryUsageInsights.update recommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.get recommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.list recommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.update recommender.computeInstanceMemoryUsageInsights.get recommender.computeInstanceMemoryUsageInsights.list recommender.computeInstanceMemoryUsageInsights.update recommender.computeInstanceMemoryUsagePredictionInsights.get recommender.computeInstanceMemoryUsagePredictionInsights.list recommender.computeInstanceMemoryUsagePredictionInsights.update recommender.computeInstanceNetworkThroughputInsights.get recommender.computeInstanceNetworkThroughputInsights.list recommender.computeInstanceNetworkThroughputInsights.update recommender.spendBasedCommitmentInsights.get recommender.spendBasedCommitmentInsights.list recommender.spendBasedCommitmentInsights.update recommender.spendBasedCommitmentRecommendations.get recommender.spendBasedCommitmentRecommendations.list recommender.spendBasedCommitmentRecommendations.update |
Recommender | Now GA |
recommender.computeInstanceCpuUsageInsights.get recommender.computeInstanceCpuUsageInsights.list recommender.computeInstanceCpuUsageInsights.update recommender.computeInstanceCpuUsagePredictionInsights.get recommender.computeInstanceCpuUsagePredictionInsights.list recommender.computeInstanceCpuUsagePredictionInsights.update recommender.computeInstanceCpuUsageTrendInsights.get recommender.computeInstanceCpuUsageTrendInsights.list recommender.computeInstanceCpuUsageTrendInsights.update recommender.computeInstanceGroupManagerCpuUsageInsights.get recommender.computeInstanceGroupManagerCpuUsageInsights.list recommender.computeInstanceGroupManagerCpuUsageInsights.update recommender.computeInstanceGroupManagerCpuUsagePredictionInsights.get recommender.computeInstanceGroupManagerCpuUsagePredictionInsights.list recommender.computeInstanceGroupManagerCpuUsagePredictionInsights.update recommender.computeInstanceGroupManagerCpuUsageTrendInsights.get recommender.computeInstanceGroupManagerCpuUsageTrendInsights.list recommender.computeInstanceGroupManagerCpuUsageTrendInsights.update recommender.computeInstanceGroupManagerMemoryUsageInsights.get recommender.computeInstanceGroupManagerMemoryUsageInsights.list recommender.computeInstanceGroupManagerMemoryUsageInsights.update recommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.get recommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.list recommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.update recommender.computeInstanceMemoryUsageInsights.get recommender.computeInstanceMemoryUsageInsights.list recommender.computeInstanceMemoryUsageInsights.update recommender.computeInstanceMemoryUsagePredictionInsights.get recommender.computeInstanceMemoryUsagePredictionInsights.list recommender.computeInstanceMemoryUsagePredictionInsights.update recommender.computeInstanceNetworkThroughputInsights.get recommender.computeInstanceNetworkThroughputInsights.list recommender.computeInstanceNetworkThroughputInsights.update |
Resource Manager | Added |
resourcemanager.hierarchyNodes.listEffectiveTags |
Spanner | Added |
spanner.backups.copy |
Spanner | Supported In Custom Roles |
spanner.backups.copy |
Spanner | Now GA |
spanner.backups.copy |
Cloud Storage | Added |
storage.buckets.listEffectiveTags |
Cloud Storage | Now GA |
storage.buckets.listEffectiveTags |
Cloud IAM changes as of 2022-04-15
Service | Change | Description |
---|---|---|
Vertex AI | Role Updated |
The following permissions have been added to the role aiplatform.entityTypes.exportFeatureValues |
Vertex AI | Role Updated |
The following permissions have been added to the role aiplatform.entityTypes.exportFeatureValues |
Cloud Run functions | Role Updated |
The following permissions have been added to the role cloudfunctions.functions.get cloudfunctions.functions.list cloudfunctions.operations.get cloudfunctions.operations.list |
Dataplex | Role Updated |
The following permissions have been added to the role dataplex.tasks.create dataplex.tasks.update |
Speech-to-Text | Now GA |
The role |
BigQuery | Added |
bigquery.dataPolicies.create bigquery.dataPolicies.delete bigquery.dataPolicies.get bigquery.dataPolicies.getIamPolicy bigquery.dataPolicies.list bigquery.dataPolicies.maskedGet bigquery.dataPolicies.setIamPolicy bigquery.dataPolicies.update |
BigQuery Migration API | Added |
bigquerymigration.locations.get bigquerymigration.locations.list bigquerymigration.subtaskTypes.executeTask bigquerymigration.subtasks.create bigquerymigration.subtasks.executeTask bigquerymigration.subtasks.get bigquerymigration.subtasks.list bigquerymigration.taskTypes.orchestrateTask bigquerymigration.translation.translate bigquerymigration.workflows.create bigquerymigration.workflows.delete bigquerymigration.workflows.get bigquerymigration.workflows.list bigquerymigration.workflows.orchestrateTask bigquerymigration.workflows.update bigquerymigration.workflows.writeLogs |
Compute Engine | Added |
compute.packetMirrorings.create compute.packetMirrorings.delete compute.packetMirrorings.get compute.packetMirrorings.list |
Compute Engine | Now GA |
compute.packetMirrorings.create compute.packetMirrorings.delete compute.packetMirrorings.get compute.packetMirrorings.list |
Cloud IAM changes as of 2022-04-08
Service | Change | Description |
---|---|---|
Assured Workloads | Role Updated |
The following permissions have been removed from the role cloudasset.assets.exportResource cloudasset.feeds.create cloudasset.feeds.delete cloudasset.feeds.get cloudasset.feeds.update |
Cloud Data Fusion | Role Updated |
The following permissions have been added to the role dns.managedZones.create dns.managedZones.delete dns.managedZones.get dns.managedZones.list dns.networks.bindPrivateDNSZone dns.networks.targetWithPeeringZone |
Dataproc | Role Updated |
The following permissions have been added to the role container.clusterRoleBindings.create container.clusterRoleBindings.delete container.clusterRoleBindings.get container.clusterRoleBindings.list container.clusterRoleBindings.update container.clusterRoles.bind container.clusterRoles.create container.clusterRoles.delete container.clusterRoles.escalate container.clusterRoles.get container.clusterRoles.list container.clusterRoles.update container.clusters.get container.clusters.update container.customResourceDefinitions.create container.customResourceDefinitions.delete container.customResourceDefinitions.get container.customResourceDefinitions.list container.customResourceDefinitions.update container.namespaces.create container.namespaces.delete container.namespaces.get container.namespaces.list container.namespaces.update container.operations.get container.roleBindings.create container.roleBindings.delete container.roleBindings.get container.roleBindings.list container.roleBindings.update container.roles.bind container.roles.escalate |
Recommender | Now GA |
The role |
Recommender | Now GA |
The role |
Apigee Registry | Added |
apigeeregistry.apis.create apigeeregistry.apis.delete apigeeregistry.apis.get apigeeregistry.apis.getIamPolicy apigeeregistry.apis.list apigeeregistry.apis.setIamPolicy apigeeregistry.apis.update apigeeregistry.artifacts.create apigeeregistry.artifacts.delete apigeeregistry.artifacts.get apigeeregistry.artifacts.getIamPolicy apigeeregistry.artifacts.list apigeeregistry.artifacts.setIamPolicy apigeeregistry.artifacts.update apigeeregistry.deployments.create apigeeregistry.deployments.delete apigeeregistry.deployments.get apigeeregistry.deployments.list apigeeregistry.deployments.update apigeeregistry.instances.get apigeeregistry.instances.update apigeeregistry.locations.get apigeeregistry.locations.list apigeeregistry.operations.cancel apigeeregistry.operations.delete apigeeregistry.operations.get apigeeregistry.operations.list apigeeregistry.specs.create apigeeregistry.specs.delete apigeeregistry.specs.get apigeeregistry.specs.getIamPolicy apigeeregistry.specs.list apigeeregistry.specs.setIamPolicy apigeeregistry.specs.update apigeeregistry.versions.create apigeeregistry.versions.delete apigeeregistry.versions.get apigeeregistry.versions.getIamPolicy apigeeregistry.versions.list apigeeregistry.versions.setIamPolicy apigeeregistry.versions.update |
Apigee Registry | Supported In Custom Roles |
apigeeregistry.apis.create apigeeregistry.apis.delete apigeeregistry.apis.get apigeeregistry.apis.getIamPolicy apigeeregistry.apis.list apigeeregistry.apis.setIamPolicy apigeeregistry.apis.update apigeeregistry.artifacts.create apigeeregistry.artifacts.delete apigeeregistry.artifacts.get apigeeregistry.artifacts.getIamPolicy apigeeregistry.artifacts.list apigeeregistry.artifacts.setIamPolicy apigeeregistry.artifacts.update apigeeregistry.deployments.create apigeeregistry.deployments.delete apigeeregistry.deployments.get apigeeregistry.deployments.list apigeeregistry.deployments.update apigeeregistry.instances.get apigeeregistry.instances.update apigeeregistry.locations.get apigeeregistry.locations.list apigeeregistry.operations.cancel apigeeregistry.operations.delete apigeeregistry.operations.get apigeeregistry.operations.list apigeeregistry.specs.create apigeeregistry.specs.delete apigeeregistry.specs.get apigeeregistry.specs.getIamPolicy apigeeregistry.specs.list apigeeregistry.specs.setIamPolicy apigeeregistry.specs.update apigeeregistry.versions.create apigeeregistry.versions.delete apigeeregistry.versions.get apigeeregistry.versions.getIamPolicy apigeeregistry.versions.list apigeeregistry.versions.setIamPolicy apigeeregistry.versions.update |
Google Distributed Cloud | Added |
gkeonprem.locations.get gkeonprem.locations.list gkeonprem.operations.cancel gkeonprem.operations.delete gkeonprem.operations.get gkeonprem.operations.list gkeonprem.vmwareClusters.create gkeonprem.vmwareClusters.delete gkeonprem.vmwareClusters.enroll gkeonprem.vmwareClusters.get gkeonprem.vmwareClusters.getIamPolicy gkeonprem.vmwareClusters.list gkeonprem.vmwareClusters.setIamPolicy gkeonprem.vmwareClusters.unenroll gkeonprem.vmwareClusters.update gkeonprem.vmwareNodePools.create gkeonprem.vmwareNodePools.delete gkeonprem.vmwareNodePools.get gkeonprem.vmwareNodePools.getIamPolicy gkeonprem.vmwareNodePools.list gkeonprem.vmwareNodePools.setIamPolicy gkeonprem.vmwareNodePools.update |
Google Distributed Cloud | Supported In Custom Roles |
gkeonprem.locations.get gkeonprem.locations.list gkeonprem.operations.cancel gkeonprem.operations.delete gkeonprem.operations.get gkeonprem.operations.list gkeonprem.vmwareClusters.create gkeonprem.vmwareClusters.delete gkeonprem.vmwareClusters.enroll gkeonprem.vmwareClusters.get gkeonprem.vmwareClusters.getIamPolicy gkeonprem.vmwareClusters.list gkeonprem.vmwareClusters.setIamPolicy gkeonprem.vmwareClusters.unenroll gkeonprem.vmwareClusters.update gkeonprem.vmwareNodePools.create gkeonprem.vmwareNodePools.delete gkeonprem.vmwareNodePools.get gkeonprem.vmwareNodePools.getIamPolicy gkeonprem.vmwareNodePools.list gkeonprem.vmwareNodePools.setIamPolicy gkeonprem.vmwareNodePools.update |
Memorystore for Memcached | Added |
memcache.instances.rescheduleMaintenance |
Memorystore for Memcached | Supported In Custom Roles |
memcache.instances.rescheduleMaintenance |
Memorystore for Memcached | Now GA |
memcache.instances.rescheduleMaintenance |
Recommender | Now GA |
recommender.errorReportingInsights.get recommender.errorReportingInsights.list recommender.errorReportingInsights.update recommender.errorReportingRecommendations.get recommender.errorReportingRecommendations.list recommender.errorReportingRecommendations.update |
Resource Manager | Added |
resourcemanager.tagHolds.create resourcemanager.tagHolds.delete resourcemanager.tagHolds.list |
Resource Manager | Supported In Custom Roles |
resourcemanager.tagHolds.create resourcemanager.tagHolds.delete resourcemanager.tagHolds.list |
Cloud IAM changes as of 2022-04-01
Service | Change | Description |
---|---|---|
Apigee | Role Updated |
The following permissions have been added to the role monitoring.timeSeries.list |
Apigee | Role Updated |
The following permissions have been added to the role monitoring.timeSeries.list |
Bare Metal Solution | Role Updated |
The following permissions have been added to the role baremetalsolution.luns.get baremetalsolution.luns.list |
Bare Metal Solution | Role Updated |
The following permissions have been added to the role baremetalsolution.luns.get baremetalsolution.luns.list |
Bare Metal Solution | Role Updated |
The following permissions have been added to the role baremetalsolution.luns.get baremetalsolution.luns.list |
Dataflow | Role Updated |
The following permissions have been added to the role recommender.dataflowDiagnosticsInsights.get recommender.dataflowDiagnosticsInsights.list recommender.dataflowDiagnosticsInsights.update |
Dataflow | Role Updated |
The following permissions have been added to the role recommender.dataflowDiagnosticsInsights.get recommender.dataflowDiagnosticsInsights.list recommender.dataflowDiagnosticsInsights.update |
Dataflow | Role Updated |
The following permissions have been added to the role recommender.dataflowDiagnosticsInsights.get recommender.dataflowDiagnosticsInsights.list |
Data Pipelines | Role Updated |
The following permissions have been added to the role recommender.dataflowDiagnosticsInsights.get recommender.dataflowDiagnosticsInsights.list recommender.dataflowDiagnosticsInsights.update |
Dataprep by Trifacta | Role Updated |
The following permissions have been added to the role recommender.dataflowDiagnosticsInsights.get recommender.dataflowDiagnosticsInsights.list recommender.dataflowDiagnosticsInsights.update |
Filestore | Added |
file.backups.createTagBinding file.backups.deleteTagBinding file.backups.listTagBindings file.instances.createTagBinding file.instances.deleteTagBinding file.instances.listTagBindings file.snapshots.createTagBinding file.snapshots.deleteTagBinding file.snapshots.listTagBindings |
GKE Hub | Available In Custom Roles |
gkehub.features.create gkehub.features.delete gkehub.features.get gkehub.features.getIamPolicy gkehub.features.list gkehub.features.setIamPolicy gkehub.features.update |
Notebooks | Added |
notebooks.runtimes.update |
Notebooks | Now GA |
notebooks.runtimes.update |
Cloud IAM changes as of 2022-03-25
Service | Change | Description |
---|---|---|
Recommendations | Role Updated |
The following permissions have been added to the role retail.retailProjects.get |
Recommendations | Role Updated |
The following permissions have been added to the role retail.retailProjects.get |
Recommendations | Role Updated |
The following permissions have been added to the role retail.retailProjects.get |
Recommendations | Role Updated |
The following permissions have been added to the role retail.retailProjects.get |
Firewall Insights | Role Updated |
The following permissions have been added to the role compute.networks.getEffectiveFirewalls |
Cloud Run | Role Updated |
The following permissions have been added to the role binaryauthorization.platformPolicies.evaluatePolicy |
Cloud Run | Role Updated |
The following permissions have been added to the role binaryauthorization.platformPolicies.evaluatePolicy |
Advisory Notifications | Added |
advisorynotifications.notifications.get advisorynotifications.notifications.list |
Analytics Hub | Added |
analyticshub.dataExchanges.create analyticshub.dataExchanges.delete analyticshub.dataExchanges.get analyticshub.dataExchanges.getIamPolicy analyticshub.dataExchanges.list analyticshub.dataExchanges.setIamPolicy analyticshub.dataExchanges.update analyticshub.listings.create analyticshub.listings.delete analyticshub.listings.get analyticshub.listings.getIamPolicy analyticshub.listings.list analyticshub.listings.setIamPolicy analyticshub.listings.subscribe analyticshub.listings.update |
Analytics Hub | Supported In Custom Roles |
analyticshub.dataExchanges.create analyticshub.dataExchanges.delete analyticshub.dataExchanges.get analyticshub.dataExchanges.getIamPolicy analyticshub.dataExchanges.list analyticshub.dataExchanges.setIamPolicy analyticshub.dataExchanges.update analyticshub.listings.create analyticshub.listings.delete analyticshub.listings.get analyticshub.listings.getIamPolicy analyticshub.listings.list analyticshub.listings.setIamPolicy analyticshub.listings.subscribe analyticshub.listings.update |
Apigee | Added |
apigee.keyvaluemapentries.list |
Apigee | Supported In Custom Roles |
apigee.keyvaluemapentries.list |
Apigee | Now GA |
apigee.keyvaluemapentries.list |
Artifact Registry | Added |
artifactregistry.repositories.createTagBinding artifactregistry.repositories.deleteTagBinding artifactregistry.repositories.listEffectiveTags artifactregistry.repositories.listTagBindings |
Artifact Registry | Supported In Custom Roles |
artifactregistry.repositories.createTagBinding artifactregistry.repositories.deleteTagBinding artifactregistry.repositories.listEffectiveTags artifactregistry.repositories.listTagBindings |
Artifact Registry | Now GA |
artifactregistry.repositories.createTagBinding artifactregistry.repositories.deleteTagBinding artifactregistry.repositories.listEffectiveTags artifactregistry.repositories.listTagBindings |
BigQuery | Added |
bigquery.tables.createIndex bigquery.tables.deleteIndex |
BigQuery | Supported In Custom Roles |
bigquery.tables.createIndex bigquery.tables.deleteIndex |
Compute Engine | Added |
compute.backendBuckets.setSecurityPolicy |
Compute Engine | Now GA |
compute.backendBuckets.setSecurityPolicy |
Datastore | Supported In Custom Roles |
datastore.databases.create datastore.databases.getMetadata datastore.databases.list datastore.databases.update |
Cloud Domains | Added |
domains.registrations.createTagBinding domains.registrations.deleteTagBinding domains.registrations.listTagBindings |
Cloud Domains | Now GA |
domains.registrations.createTagBinding domains.registrations.deleteTagBinding domains.registrations.listTagBindings |
Retail API | Added |
retail.retailProjects.get |
Cloud Run | Added |
run.services.createTagBinding run.services.deleteTagBinding run.services.listEffectiveTags run.services.listTagBindings |
Cloud Run | Supported In Custom Roles |
run.services.createTagBinding run.services.deleteTagBinding run.services.listEffectiveTags run.services.listTagBindings |
Cloud Run | Now GA |
run.services.createTagBinding run.services.deleteTagBinding run.services.listEffectiveTags run.services.listTagBindings |
Cloud IAM changes as of 2022-03-18
Service | Change | Description |
---|---|---|
Assured Workloads | Role Updated |
The following permissions have been added to the role assuredworkloads.violations.get assuredworkloads.violations.list |
Assured Workloads | Role Updated |
The following permissions have been added to the role assuredworkloads.violations.get assuredworkloads.violations.list |
Assured Workloads | Role Updated |
The following permissions have been added to the role assuredworkloads.violations.get assuredworkloads.violations.list |
Bare Metal Solution | Now GA |
The role |
Bare Metal Solution | Now GA |
The role |
Bare Metal Solution | Now GA |
The role |
Bare Metal Solution | Now GA |
The role |
Bare Metal Solution | Now GA |
The role |
Bare Metal Solution | Now GA |
The role |
Bare Metal Solution | Now GA |
The role |
Bare Metal Solution | Now GA |
The role |
Bare Metal Solution | Role Updated |
The following permissions have been added to the role baremetalsolution.instances.start |
Basic Role | Role Updated |
The following permissions have been added to the role assuredworkloads.violations.get assuredworkloads.violations.list |
Identity and Access Management | Role Updated |
The following permissions have been added to the role assuredworkloads.violations.list |
Identity and Access Management | Role Updated |
The following permissions have been added to the role assuredworkloads.violations.list |
Basic Role | Role Updated |
The following permissions have been added to the role assuredworkloads.violations.get assuredworkloads.violations.list |
Recommender | Now GA |
The role |
Recommender | Now GA |
The role |
Basic Role | Role Updated |
The following permissions have been added to the role assuredworkloads.violations.get assuredworkloads.violations.list |
Assured Workloads | Added |
assuredworkloads.violations.get assuredworkloads.violations.list |
Bare Metal Solution | Added |
baremetalsolution.instances.start baremetalsolution.instances.update baremetalsolution.networks.update baremetalsolution.nfsshares.get baremetalsolution.nfsshares.list baremetalsolution.nfsshares.update |
Bare Metal Solution | Supported In Custom Roles |
baremetalsolution.instances.start baremetalsolution.instances.update baremetalsolution.networks.update baremetalsolution.nfsshares.get baremetalsolution.nfsshares.list baremetalsolution.nfsshares.update |
Bare Metal Solution | Now GA |
baremetalsolution.instances.start baremetalsolution.instances.update baremetalsolution.networks.update baremetalsolution.nfsshares.get baremetalsolution.nfsshares.list baremetalsolution.nfsshares.update |
Recommender | Added |
recommender.dataflowDiagnosticsInsights.get recommender.dataflowDiagnosticsInsights.list recommender.dataflowDiagnosticsInsights.update recommender.errorReportingInsights.get recommender.errorReportingInsights.list recommender.errorReportingInsights.update recommender.errorReportingRecommendations.get recommender.errorReportingRecommendations.list recommender.errorReportingRecommendations.update |
Recommender | Supported In Custom Roles |
recommender.dataflowDiagnosticsInsights.get recommender.dataflowDiagnosticsInsights.list recommender.dataflowDiagnosticsInsights.update recommender.errorReportingInsights.get recommender.errorReportingInsights.list recommender.errorReportingInsights.update recommender.errorReportingRecommendations.get recommender.errorReportingRecommendations.list recommender.errorReportingRecommendations.update |
Recommender | Now GA |
recommender.dataflowDiagnosticsInsights.get recommender.dataflowDiagnosticsInsights.list recommender.dataflowDiagnosticsInsights.update |
Cloud IAM changes as of 2022-03-11
Service | Change | Description |
---|---|---|
App Engine flexible environment | Role Updated |
The following permissions have been added to the role compute.routes.list |
Distributed Cloud Edge Container | Now GA |
The role |
Distributed Cloud Edge Container | Now GA |
The role |
Distributed Cloud Edge Container | Now GA |
The role |
Basic Role | Role Updated |
The following permissions have been added to the role servicedirectory.networks.attach |
Backup for GKE | Now GA |
The role |
Basic Role | Role Updated |
The following permissions have been added to the role servicedirectory.networks.attach |
Retail API | Role Updated |
The following permissions have been added to the role retail.attributesConfigs.exportCatalogAttributes retail.controls.export |
Basic Role | Role Updated |
The following permissions have been added to the role retail.attributesConfigs.exportCatalogAttributes retail.controls.export |
Distributed Cloud Edge Container | Added |
edgecontainer.clusters.create edgecontainer.clusters.delete edgecontainer.clusters.generateAccessToken edgecontainer.clusters.get edgecontainer.clusters.getIamPolicy edgecontainer.clusters.list edgecontainer.clusters.setIamPolicy edgecontainer.clusters.update edgecontainer.locations.get edgecontainer.locations.list edgecontainer.machines.create edgecontainer.machines.delete edgecontainer.machines.get edgecontainer.machines.getIamPolicy edgecontainer.machines.list edgecontainer.machines.setIamPolicy edgecontainer.machines.update edgecontainer.machines.use edgecontainer.nodePools.create edgecontainer.nodePools.delete edgecontainer.nodePools.get edgecontainer.nodePools.getIamPolicy edgecontainer.nodePools.list edgecontainer.nodePools.setIamPolicy edgecontainer.nodePools.update edgecontainer.operations.cancel edgecontainer.operations.delete edgecontainer.operations.get edgecontainer.operations.list edgecontainer.vpnConnections.create edgecontainer.vpnConnections.delete edgecontainer.vpnConnections.get edgecontainer.vpnConnections.getIamPolicy edgecontainer.vpnConnections.list edgecontainer.vpnConnections.setIamPolicy edgecontainer.vpnConnections.update |
Distributed Cloud Edge Container | Supported In Custom Roles |
edgecontainer.clusters.create edgecontainer.clusters.delete edgecontainer.clusters.generateAccessToken edgecontainer.clusters.get edgecontainer.clusters.getIamPolicy edgecontainer.clusters.list edgecontainer.clusters.setIamPolicy edgecontainer.clusters.update edgecontainer.locations.get edgecontainer.locations.list edgecontainer.machines.create edgecontainer.machines.delete edgecontainer.machines.get edgecontainer.machines.getIamPolicy edgecontainer.machines.list edgecontainer.machines.setIamPolicy edgecontainer.machines.update edgecontainer.machines.use edgecontainer.nodePools.create edgecontainer.nodePools.delete edgecontainer.nodePools.get edgecontainer.nodePools.getIamPolicy edgecontainer.nodePools.list edgecontainer.nodePools.setIamPolicy edgecontainer.nodePools.update edgecontainer.operations.cancel edgecontainer.operations.delete edgecontainer.operations.get edgecontainer.operations.list edgecontainer.vpnConnections.create edgecontainer.vpnConnections.delete edgecontainer.vpnConnections.get edgecontainer.vpnConnections.getIamPolicy edgecontainer.vpnConnections.list edgecontainer.vpnConnections.setIamPolicy edgecontainer.vpnConnections.update |
Distributed Cloud Edge Container | Now GA |
edgecontainer.clusters.create edgecontainer.clusters.delete edgecontainer.clusters.generateAccessToken edgecontainer.clusters.get edgecontainer.clusters.getIamPolicy edgecontainer.clusters.list edgecontainer.clusters.setIamPolicy edgecontainer.clusters.update edgecontainer.locations.get edgecontainer.locations.list edgecontainer.machines.create edgecontainer.machines.delete edgecontainer.machines.get edgecontainer.machines.getIamPolicy edgecontainer.machines.list edgecontainer.machines.setIamPolicy edgecontainer.machines.update edgecontainer.machines.use edgecontainer.nodePools.create edgecontainer.nodePools.delete edgecontainer.nodePools.get edgecontainer.nodePools.getIamPolicy edgecontainer.nodePools.list edgecontainer.nodePools.setIamPolicy edgecontainer.nodePools.update edgecontainer.operations.cancel edgecontainer.operations.delete edgecontainer.operations.get edgecontainer.operations.list edgecontainer.vpnConnections.create edgecontainer.vpnConnections.delete edgecontainer.vpnConnections.get edgecontainer.vpnConnections.getIamPolicy edgecontainer.vpnConnections.list edgecontainer.vpnConnections.setIamPolicy edgecontainer.vpnConnections.update |
Retail API | Added |
retail.attributesConfigs.addCatalogAttribute retail.attributesConfigs.batchRemoveCatalogAttributes retail.attributesConfigs.exportCatalogAttributes retail.attributesConfigs.importCatalogAttributes retail.attributesConfigs.removeCatalogAttribute retail.attributesConfigs.replaceCatalogAttribute retail.controls.export retail.controls.import |
Storage Transfer Service | Added |
storagetransfer.agentpools.report storagetransfer.operations.assign storagetransfer.operations.report |
Storage Transfer Service | Now GA |
storagetransfer.agentpools.report storagetransfer.operations.assign storagetransfer.operations.report |
Cloud IAM changes as of 2022-03-04
Service | Change | Description |
---|---|---|
Apigee | Role Updated |
The following permissions have been added to the role apigee.envgroupattachments.get apigee.envgroupattachments.list apigee.envgroups.get apigee.envgroups.list apigee.environments.get apigee.environments.list apigee.organizations.get apigee.organizations.list resourcemanager.projects.get resourcemanager.projects.list |
Apigee | Role Updated |
The following permissions have been added to the role apigee.envgroupattachments.get apigee.envgroupattachments.list apigee.envgroups.get apigee.envgroups.list apigee.environments.get apigee.environments.list apigee.organizations.get apigee.organizations.list resourcemanager.projects.get resourcemanager.projects.list |
Dataplex | Role Updated |
The following permissions have been added to the role dataplex.operations.cancel dataplex.operations.delete dataplex.operations.get dataplex.operations.list |
Dataplex | Role Updated |
The following permissions have been added to the role dataplex.operations.get dataplex.operations.list |
Firebase | Role Updated |
The following permissions have been added to the role storage.buckets.list |
FleetEngine | Now GA |
The role |
FleetEngine | Now GA |
The role |
FleetEngine | Now GA |
The role |
FleetEngine | Now GA |
The role |
FleetEngine | Now GA |
The role |
Identity and Access Management | Now GA |
The role |
Managed Service for Microsoft Active Directory | Now GA |
The role |
Notebooks | Role Updated |
The following permissions have been added to the role iam.serviceAccounts.getAccessToken |
Vertex AI | Added |
aiplatform.deploymentResourcePools.create aiplatform.deploymentResourcePools.delete aiplatform.deploymentResourcePools.get aiplatform.deploymentResourcePools.list aiplatform.deploymentResourcePools.queryDeployedModels aiplatform.deploymentResourcePools.update |
BigQuery | Added |
bigquery.connections.delegate bigquery.jobs.listExecutionMetadata |
BigQuery | Supported In Custom Roles |
bigquery.connections.delegate bigquery.jobs.listExecutionMetadata |
Cloud Key Management Service | Now GA |
cloudkms.ekmConnections.create cloudkms.ekmConnections.get cloudkms.ekmConnections.getIamPolicy cloudkms.ekmConnections.list cloudkms.ekmConnections.setIamPolicy cloudkms.ekmConnections.update cloudkms.ekmConnections.use |
FleetEngine | Added |
fleetengine.deliveryvehicles.create fleetengine.deliveryvehicles.get fleetengine.deliveryvehicles.list fleetengine.deliveryvehicles.update fleetengine.deliveryvehicles.updateLocation fleetengine.deliveryvehicles.updateVehicleStops fleetengine.tasks.create fleetengine.tasks.get fleetengine.tasks.list fleetengine.tasks.searchWithTrackingId fleetengine.tasks.update |
FleetEngine | Supported In Custom Roles |
fleetengine.deliveryvehicles.create fleetengine.deliveryvehicles.get fleetengine.deliveryvehicles.list fleetengine.deliveryvehicles.update fleetengine.deliveryvehicles.updateLocation fleetengine.deliveryvehicles.updateVehicleStops fleetengine.tasks.create fleetengine.tasks.get fleetengine.tasks.list fleetengine.tasks.searchWithTrackingId fleetengine.tasks.update |
FleetEngine | Now GA |
fleetengine.deliveryvehicles.create fleetengine.deliveryvehicles.get fleetengine.deliveryvehicles.list fleetengine.deliveryvehicles.update fleetengine.deliveryvehicles.updateLocation fleetengine.deliveryvehicles.updateVehicleStops fleetengine.tasks.create fleetengine.tasks.get fleetengine.tasks.list fleetengine.tasks.searchWithTrackingId fleetengine.tasks.update |
Cloud IAM changes as of 2022-02-25
Service | Change | Description |
---|---|---|
Dataform | Now GA |
The role |
Firestore | Role Updated |
The following permissions have been added to the role storage.objects.delete |
KRM API Hosting | Now GA |
The role |
KRM API Hosting | Now GA |
The role |
Managed Service for Microsoft Active Directory | Now GA |
The role |
Managed Service for Microsoft Active Directory | Now GA |
The role |
Dataform | Now GA |
The role |
Dialogflow | Added |
dialogflow.integrations.create dialogflow.integrations.delete dialogflow.integrations.get dialogflow.integrations.list dialogflow.integrations.update |
Dialogflow | Now GA |
dialogflow.integrations.create dialogflow.integrations.delete dialogflow.integrations.get dialogflow.integrations.list dialogflow.integrations.update |
Sensitive Data Protection | Added |
dlp.locations.get dlp.locations.list |
Sensitive Data Protection | Supported In Custom Roles |
dlp.locations.get dlp.locations.list |
Sensitive Data Protection | Now GA |
dlp.locations.get dlp.locations.list |
Eventarc | Added |
eventarc.providers.get eventarc.providers.list |
Eventarc | Supported In Custom Roles |
eventarc.providers.get eventarc.providers.list |
Eventarc | Now GA |
eventarc.providers.get eventarc.providers.list |
KRM API Hosting | Now GA |
krmapihosting.krmApiHosts.create krmapihosting.krmApiHosts.delete krmapihosting.krmApiHosts.get krmapihosting.krmApiHosts.getIamPolicy krmapihosting.krmApiHosts.list krmapihosting.krmApiHosts.setIamPolicy krmapihosting.krmApiHosts.update krmapihosting.locations.get krmapihosting.locations.list krmapihosting.operations.cancel krmapihosting.operations.delete krmapihosting.operations.get krmapihosting.operations.list |
Managed Service for Microsoft Active Directory | Added |
managedidentities.backups.create managedidentities.backups.delete managedidentities.backups.get managedidentities.backups.getIamPolicy managedidentities.backups.list managedidentities.backups.setIamPolicy managedidentities.backups.update managedidentities.domains.createTagBinding managedidentities.domains.deleteTagBinding managedidentities.domains.listTagBindings managedidentities.domains.restore |
Managed Service for Microsoft Active Directory | Supported In Custom Roles |
managedidentities.backups.create managedidentities.backups.delete managedidentities.backups.get managedidentities.backups.getIamPolicy managedidentities.backups.list managedidentities.backups.setIamPolicy managedidentities.backups.update managedidentities.domains.restore |
Managed Service for Microsoft Active Directory | Now GA |
managedidentities.backups.create managedidentities.backups.delete managedidentities.backups.get managedidentities.backups.getIamPolicy managedidentities.backups.list managedidentities.backups.setIamPolicy managedidentities.backups.update managedidentities.domains.createTagBinding managedidentities.domains.deleteTagBinding managedidentities.domains.listTagBindings managedidentities.domains.restore |
Cloud IAM changes as of 2022-02-18
Service | Change | Description |
---|---|---|
Datastore | Role Updated |
The following permissions have been added to the role datastore.databases.getMetadata |
Datastore | Role Updated |
The following permissions have been added to the role datastore.databases.getMetadata |
Datastore | Role Updated |
The following permissions have been added to the role datastore.databases.getMetadata |
Firebase Mods | Role Updated |
The following permissions have been added to the role appengine.applications.get cloudtasks.locations.get cloudtasks.locations.list cloudtasks.queues.create cloudtasks.queues.delete cloudtasks.queues.get cloudtasks.queues.getIamPolicy cloudtasks.queues.list cloudtasks.queues.pause cloudtasks.queues.purge cloudtasks.queues.resume cloudtasks.queues.setIamPolicy cloudtasks.queues.update cloudtasks.tasks.create cloudtasks.tasks.fullView |
GKE Hub | Role Updated |
The following permissions have been added to the role gkehub.fleet.create gkehub.fleet.get |
Binary Authorization | Added |
binaryauthorization.platformPolicies.create binaryauthorization.platformPolicies.delete binaryauthorization.platformPolicies.evaluatePolicy binaryauthorization.platformPolicies.get binaryauthorization.platformPolicies.list binaryauthorization.platformPolicies.replace binaryauthorization.policy.evaluatePolicy |
Binary Authorization | Supported In Custom Roles |
binaryauthorization.platformPolicies.create binaryauthorization.platformPolicies.delete binaryauthorization.platformPolicies.evaluatePolicy binaryauthorization.platformPolicies.get binaryauthorization.platformPolicies.list binaryauthorization.platformPolicies.replace binaryauthorization.policy.evaluatePolicy |
Compute Engine | Added |
compute.networks.getRegionEffectiveFirewalls compute.networks.setFirewallPolicy compute.regionFirewallPolicies.cloneRules compute.regionFirewallPolicies.create compute.regionFirewallPolicies.delete compute.regionFirewallPolicies.get compute.regionFirewallPolicies.getIamPolicy compute.regionFirewallPolicies.list compute.regionFirewallPolicies.setIamPolicy compute.regionFirewallPolicies.update compute.regionFirewallPolicies.use |
Compute Engine | Now GA |
compute.networks.getRegionEffectiveFirewalls compute.networks.setFirewallPolicy compute.regionFirewallPolicies.cloneRules compute.regionFirewallPolicies.create compute.regionFirewallPolicies.delete compute.regionFirewallPolicies.get compute.regionFirewallPolicies.getIamPolicy compute.regionFirewallPolicies.list compute.regionFirewallPolicies.setIamPolicy compute.regionFirewallPolicies.update compute.regionFirewallPolicies.use |
KRM API Hosting | Added |
krmapihosting.krmApiHosts.create krmapihosting.krmApiHosts.delete krmapihosting.krmApiHosts.get krmapihosting.krmApiHosts.getIamPolicy krmapihosting.krmApiHosts.list krmapihosting.krmApiHosts.setIamPolicy krmapihosting.krmApiHosts.update krmapihosting.locations.get krmapihosting.locations.list krmapihosting.operations.cancel krmapihosting.operations.delete krmapihosting.operations.get krmapihosting.operations.list |
KRM API Hosting | Supported In Custom Roles |
krmapihosting.krmApiHosts.create krmapihosting.krmApiHosts.delete krmapihosting.krmApiHosts.get krmapihosting.krmApiHosts.getIamPolicy krmapihosting.krmApiHosts.list krmapihosting.krmApiHosts.setIamPolicy krmapihosting.krmApiHosts.update krmapihosting.locations.get krmapihosting.locations.list krmapihosting.operations.cancel krmapihosting.operations.delete krmapihosting.operations.get krmapihosting.operations.list |
Cloud OS Config | Added |
osconfig.patchDeployments.pause osconfig.patchDeployments.resume |
Cloud OS Config | Now GA |
osconfig.patchDeployments.pause osconfig.patchDeployments.resume |
Service Networking | Added |
servicenetworking.services.use |
Cloud IAM changes as of 2022-02-11
Service | Change | Description |
---|---|---|
Vertex AI | Role Added |
The role aiplatform.googleapis.com/tensorboards.recordAccess aiplatform.tensorboards.recordAccess |
Vertex AI | Role Updated |
The following permissions have been added to the role aiplatform.tensorboards.recordAccess |
App Engine flexible environment | Role Updated |
The following permissions have been added to the role compute.routes.get compute.subnetworks.get |
Binary Authorization | Role Updated |
The following permissions have been added to the role cloudasset.assets.exportResource |
Firebase | Role Updated |
The following permissions have been added to the role datastore.databases.getMetadata |
Firebase | Role Updated |
The following permissions have been added to the role serviceusage.services.use |
Firebase | Role Updated |
The following permissions have been added to the role datastore.databases.getMetadata |
Notebooks | Role Updated |
The following permissions have been added to the role dataproc.clusters.use |
Recommender | Role Updated |
The following permissions have been added to the role monitoring.timeSeries.list |
Recommender | Role Updated |
The following permissions have been added to the role monitoring.timeSeries.list |
Security Command Center | Now GA |
The role |
Security Command Center | Now GA |
The role |
Visual Inspection AI | Role Updated |
The following permissions have been added to the role aiplatform.tensorboards.recordAccess |
Vertex AI | Added |
aiplatform.tensorboards.recordAccess |
Cloud Healthcare API | Added |
healthcare.nlpservice.analyzeEntities |
Cloud Healthcare API | Now GA |
healthcare.nlpservice.analyzeEntities |
Dataproc Metastore | Added |
metastore.services.use |
Dataproc Metastore | Supported In Custom Roles |
metastore.services.use |
Security Command Center | Added |
securitycenter.bigQueryExports.create securitycenter.bigQueryExports.delete securitycenter.bigQueryExports.get securitycenter.bigQueryExports.list securitycenter.bigQueryExports.update |
Security Command Center | Supported In Custom Roles |
securitycenter.bigQueryExports.create securitycenter.bigQueryExports.delete securitycenter.bigQueryExports.get securitycenter.bigQueryExports.list securitycenter.bigQueryExports.update |
Security Command Center | Now GA |
securitycenter.bigQueryExports.create securitycenter.bigQueryExports.delete securitycenter.bigQueryExports.get securitycenter.bigQueryExports.list securitycenter.bigQueryExports.update |
Cloud TPU | Added |
tpu.nodes.update |
Cloud TPU | Supported In Custom Roles |
tpu.nodes.update |
Cloud TPU | Now GA |
tpu.nodes.update |
Cloud IAM changes as of 2022-01-28
Service | Change | Description |
---|---|---|
Cloud Composer | Role Updated |
The following permissions have been added to the role storage.multipartUploads.abort storage.multipartUploads.create storage.multipartUploads.list storage.multipartUploads.listParts |
Cloud Composer | Role Updated |
The following permissions have been added to the role storage.multipartUploads.abort storage.multipartUploads.create storage.multipartUploads.list storage.multipartUploads.listParts |
Dataplex | Now GA |
The role |
Dataprep by Trifacta | Role Updated |
The following permissions have been added to the role storage.multipartUploads.abort storage.multipartUploads.create storage.multipartUploads.list storage.multipartUploads.listParts |
Basic Role | Role Updated |
The following permissions have been added to the role bigquery.config.update |
Firebase | Role Updated |
The following permissions have been added to the role storage.multipartUploads.abort storage.multipartUploads.create storage.multipartUploads.list storage.multipartUploads.listParts |
Notebooks | Role Updated |
The following permissions have been added to the role dataproc.clusters.get dataproc.jobs.cancel dataproc.jobs.create dataproc.jobs.delete dataproc.jobs.get dataproc.jobs.list dataproc.jobs.update |
Cloud Storage | Role Updated |
The following permissions have been added to the role storage.multipartUploads.abort storage.multipartUploads.create storage.multipartUploads.list storage.multipartUploads.listParts |
Data Pipelines | Added |
datapipelines.jobs.list |
Data Pipelines | Supported In Custom Roles |
datapipelines.jobs.list |
Data Pipelines | Now GA |
datapipelines.jobs.list |
Dataproc | Added |
dataproc.batches.cancel dataproc.batches.create dataproc.batches.delete dataproc.batches.get dataproc.batches.list |
Dataproc | Supported In Custom Roles |
dataproc.batches.cancel dataproc.batches.create dataproc.batches.delete dataproc.batches.get dataproc.batches.list |
Dataproc | Now GA |
dataproc.batches.cancel dataproc.batches.create dataproc.batches.delete dataproc.batches.get dataproc.batches.list |
Identity and Access Management | Supported In Custom Roles |
iam.denypolicies.get iam.denypolicies.list |
Dataproc Metastore | Added |
metastore.databases.create metastore.databases.delete metastore.databases.get metastore.databases.getIamPolicy metastore.databases.list metastore.databases.setIamPolicy metastore.databases.update metastore.tables.create metastore.tables.delete metastore.tables.get metastore.tables.getIamPolicy metastore.tables.list metastore.tables.setIamPolicy metastore.tables.update |
Dataproc Metastore | Supported In Custom Roles |
metastore.databases.create metastore.databases.delete metastore.databases.get metastore.databases.getIamPolicy metastore.databases.list metastore.databases.setIamPolicy metastore.databases.update metastore.tables.create metastore.tables.delete metastore.tables.get metastore.tables.getIamPolicy metastore.tables.list metastore.tables.setIamPolicy metastore.tables.update |
Workflows | Added |
workflows.callbacks.send |
Workflows | Supported In Custom Roles |
workflows.callbacks.send |
Workflows | Now GA |
workflows.callbacks.send |
Cloud IAM changes as of 2022-01-14
Service | Change | Description |
---|---|---|
Data Catalog | Now GA |
The role |
Data Catalog | Now GA |
The role |
Dataplex | Now GA |
The role |
Dataplex | Now GA |
The role |
Dataplex | Now GA |
The role |
Dataplex | Now GA |
The role |
Dataplex | Now GA |
The role |
Dataplex | Now GA |
The role |
Dataplex | Now GA |
The role |
Dataplex | Now GA |
The role |
Dataplex | Now GA |
The role |
Dataplex | Now GA |
The role |
Dataplex | Now GA |
The role |
Dataplex | Now GA |
The role |
Dialogflow | Role Updated |
The following permissions have been added to the role speech.customClasses.get speech.customClasses.list speech.phraseSets.get speech.phraseSets.list |
Firebase Mods | Role Updated |
The following permissions have been added to the role artifactregistry.packages.delete |
Cloud OS Config | Now GA |
The role |
Cloud OS Config | Now GA |
The role |
Cloud OS Config | Now GA |
The role |
Cloud OS Config | Now GA |
The role |
Recommender | Now GA |
The role |
Recommender | Now GA |
The role |
Security Command Center | Role Updated |
The following permissions have been added to the role compute.instances.get |
Cloud Run functions | Added |
cloudfunctions.runtimes.list |
Cloud Run functions | Now GA |
cloudfunctions.runtimes.list |
Cloud Key Management Service | Added |
cloudkms.ekmConnections.create cloudkms.ekmConnections.get cloudkms.ekmConnections.getIamPolicy cloudkms.ekmConnections.list cloudkms.ekmConnections.setIamPolicy cloudkms.ekmConnections.update cloudkms.ekmConnections.use |
Data Catalog | Supported In Custom Roles |
datacatalog.categories.fineGrainedGet datacatalog.categories.getIamPolicy datacatalog.categories.setIamPolicy datacatalog.taxonomies.create datacatalog.taxonomies.delete datacatalog.taxonomies.get datacatalog.taxonomies.getIamPolicy datacatalog.taxonomies.list datacatalog.taxonomies.setIamPolicy datacatalog.taxonomies.update |
Data Catalog | Now GA |
datacatalog.categories.fineGrainedGet datacatalog.categories.getIamPolicy datacatalog.categories.setIamPolicy datacatalog.taxonomies.create datacatalog.taxonomies.delete datacatalog.taxonomies.get datacatalog.taxonomies.getIamPolicy datacatalog.taxonomies.list datacatalog.taxonomies.setIamPolicy datacatalog.taxonomies.update |
Dataflow | Supported In Custom Roles |
dataflow.shuffle.read dataflow.shuffle.write dataflow.streamingWorkItems.commitWork dataflow.streamingWorkItems.getData dataflow.streamingWorkItems.getWork dataflow.workItems.lease dataflow.workItems.sendMessage dataflow.workItems.update |
Dataflow | Now GA |
dataflow.shuffle.read dataflow.shuffle.write dataflow.streamingWorkItems.commitWork dataflow.streamingWorkItems.getData dataflow.streamingWorkItems.getWork dataflow.workItems.lease dataflow.workItems.sendMessage dataflow.workItems.update |
Dataplex | Added |
dataplex.assetActions.list dataplex.assets.create dataplex.assets.delete dataplex.assets.get dataplex.assets.getIamPolicy dataplex.assets.list dataplex.assets.ownData dataplex.assets.readData dataplex.assets.setIamPolicy dataplex.assets.update dataplex.assets.writeData dataplex.content.create dataplex.content.delete dataplex.content.get dataplex.content.getIamPolicy dataplex.content.list dataplex.content.setIamPolicy dataplex.content.update dataplex.entities.create dataplex.entities.delete dataplex.entities.get dataplex.entities.list dataplex.entities.update dataplex.environments.create dataplex.environments.delete dataplex.environments.execute dataplex.environments.get dataplex.environments.getIamPolicy dataplex.environments.list dataplex.environments.setIamPolicy dataplex.environments.update dataplex.lakeActions.list dataplex.lakes.create dataplex.lakes.delete dataplex.lakes.get dataplex.lakes.getIamPolicy dataplex.lakes.list dataplex.lakes.setIamPolicy dataplex.lakes.update dataplex.locations.get dataplex.locations.list dataplex.operations.cancel dataplex.operations.delete dataplex.operations.get dataplex.operations.list dataplex.partitions.create dataplex.partitions.delete dataplex.partitions.get dataplex.partitions.list dataplex.partitions.update dataplex.tasks.cancel dataplex.tasks.create dataplex.tasks.delete dataplex.tasks.get dataplex.tasks.getIamPolicy dataplex.tasks.list dataplex.tasks.setIamPolicy dataplex.tasks.update dataplex.zoneActions.list dataplex.zones.create dataplex.zones.delete dataplex.zones.get dataplex.zones.getIamPolicy dataplex.zones.list dataplex.zones.setIamPolicy dataplex.zones.update |
Dataplex | Supported In Custom Roles |
dataplex.assetActions.list dataplex.assets.create dataplex.assets.delete dataplex.assets.get dataplex.assets.getIamPolicy dataplex.assets.list dataplex.assets.setIamPolicy dataplex.assets.update dataplex.content.create dataplex.content.delete dataplex.content.get dataplex.content.getIamPolicy dataplex.content.list dataplex.content.setIamPolicy dataplex.content.update dataplex.entities.create dataplex.entities.delete dataplex.entities.get dataplex.entities.list dataplex.entities.update dataplex.environments.create dataplex.environments.delete dataplex.environments.execute dataplex.environments.get dataplex.environments.getIamPolicy dataplex.environments.list dataplex.environments.setIamPolicy dataplex.environments.update dataplex.lakeActions.list dataplex.lakes.create dataplex.lakes.delete dataplex.lakes.get dataplex.lakes.getIamPolicy dataplex.lakes.list dataplex.lakes.setIamPolicy dataplex.lakes.update dataplex.locations.get dataplex.locations.list dataplex.operations.cancel dataplex.operations.delete dataplex.operations.get dataplex.operations.list dataplex.partitions.create dataplex.partitions.delete dataplex.partitions.get dataplex.partitions.list dataplex.partitions.update dataplex.tasks.cancel dataplex.tasks.create dataplex.tasks.delete dataplex.tasks.get dataplex.tasks.getIamPolicy dataplex.tasks.list dataplex.tasks.setIamPolicy dataplex.tasks.update dataplex.zoneActions.list dataplex.zones.create dataplex.zones.delete dataplex.zones.get dataplex.zones.getIamPolicy dataplex.zones.list dataplex.zones.setIamPolicy dataplex.zones.update |
Dataplex | Now GA |
dataplex.assetActions.list dataplex.assets.create dataplex.assets.delete dataplex.assets.get dataplex.assets.getIamPolicy dataplex.assets.list dataplex.assets.ownData dataplex.assets.readData dataplex.assets.setIamPolicy dataplex.assets.update dataplex.assets.writeData dataplex.content.create dataplex.content.delete dataplex.content.get dataplex.content.getIamPolicy dataplex.content.list dataplex.content.setIamPolicy dataplex.content.update dataplex.entities.create dataplex.entities.delete dataplex.entities.get dataplex.entities.list dataplex.entities.update dataplex.environments.create dataplex.environments.delete dataplex.environments.execute dataplex.environments.get dataplex.environments.getIamPolicy dataplex.environments.list dataplex.environments.setIamPolicy dataplex.environments.update dataplex.lakeActions.list dataplex.lakes.create dataplex.lakes.delete dataplex.lakes.get dataplex.lakes.getIamPolicy dataplex.lakes.list dataplex.lakes.setIamPolicy dataplex.lakes.update dataplex.locations.get dataplex.locations.list dataplex.operations.cancel dataplex.operations.delete dataplex.operations.get dataplex.operations.list dataplex.partitions.create dataplex.partitions.delete dataplex.partitions.get dataplex.partitions.list dataplex.partitions.update dataplex.tasks.cancel dataplex.tasks.create dataplex.tasks.delete dataplex.tasks.get dataplex.tasks.getIamPolicy dataplex.tasks.list dataplex.tasks.setIamPolicy dataplex.tasks.update dataplex.zoneActions.list dataplex.zones.create dataplex.zones.delete dataplex.zones.get dataplex.zones.getIamPolicy dataplex.zones.list dataplex.zones.setIamPolicy dataplex.zones.update |
Eventarc | Added |
eventarc.events.receiveEvent |
Eventarc | Now GA |
eventarc.events.receiveEvent |
Cloud OS Config | Now GA |
osconfig.osPolicyAssignmentReports.get osconfig.osPolicyAssignmentReports.list osconfig.osPolicyAssignments.create osconfig.osPolicyAssignments.delete osconfig.osPolicyAssignments.get osconfig.osPolicyAssignments.list osconfig.osPolicyAssignments.update |
Recommender | Now GA |
recommender.resourcemanagerProjectUtilizationInsights.get recommender.resourcemanagerProjectUtilizationInsights.list recommender.resourcemanagerProjectUtilizationInsights.update recommender.resourcemanagerProjectUtilizationRecommendations.get recommender.resourcemanagerProjectUtilizationRecommendations.list recommender.resourcemanagerProjectUtilizationRecommendations.update |
Security Command Center | Added |
securitycenter.virtualmachinethreatdetectionsettings.calculate securitycenter.virtualmachinethreatdetectionsettings.get securitycenter.virtualmachinethreatdetectionsettings.update |
Security Command Center | Supported In Custom Roles |
securitycenter.virtualmachinethreatdetectionsettings.calculate securitycenter.virtualmachinethreatdetectionsettings.get securitycenter.virtualmachinethreatdetectionsettings.update |
Security Command Center | Now GA |
securitycenter.virtualmachinethreatdetectionsettings.calculate securitycenter.virtualmachinethreatdetectionsettings.get securitycenter.virtualmachinethreatdetectionsettings.update |