IAM permissions change log

This page describes changes to the public IAM permissions for all Generally Available and Beta services on Google Cloud. This change log can help you maintain and troubleshoot your custom roles.

When a permission is retired or is no longer supported in custom roles, IAM automatically removes the permission from your custom roles. In contrast, when a permission is added, IAM does not automatically add the permission to your custom roles.

You can see the latest product updates for all of Google Cloud on the Google Cloud release notes page.

To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly: https://cloud.google.com/feeds/cloud-iam-permissions-change-log.xml

IAM permissions change log

Upcoming Cloud IAM changes for the week of 2020-09-28

Service Change Description
Cloud Asset Inventory Role Updated

The following permissions have been added to the role roles/cloudasset.serviceAgent (Cloud Asset Service Agent):

bigquery.tables.update
Talent Solution Role Updated

The following permissions have been added to the role roles/cloudjobdiscovery.jobsEditor (Job Editor):

cloudjobdiscovery.tenants.create
cloudjobdiscovery.tenants.delete
cloudjobdiscovery.tenants.get
cloudjobdiscovery.tenants.update
Talent Solution Role Updated

The following permissions have been added to the role roles/cloudjobdiscovery.jobsViewer (Job Viewer):

cloudjobdiscovery.tenants.get
Basic Role Role Updated

The following permissions have been added to the role roles/viewer (Viewer):

aiplatform.endpoints.explain
aiplatform.endpoints.predict
AI Platform Added aiplatform.annotationSpecs.create
aiplatform.annotationSpecs.delete
aiplatform.annotationSpecs.get
aiplatform.annotationSpecs.list
aiplatform.annotationSpecs.update
aiplatform.annotations.create
aiplatform.annotations.delete
aiplatform.annotations.get
aiplatform.annotations.list
aiplatform.annotations.update
aiplatform.batchPredictionJobs.cancel
aiplatform.batchPredictionJobs.create
aiplatform.batchPredictionJobs.delete
aiplatform.batchPredictionJobs.get
aiplatform.batchPredictionJobs.list
aiplatform.customJobs.cancel
aiplatform.customJobs.create
aiplatform.customJobs.delete
aiplatform.customJobs.get
aiplatform.customJobs.list
aiplatform.dataItems.create
aiplatform.dataItems.delete
aiplatform.dataItems.get
aiplatform.dataItems.list
aiplatform.dataItems.update
aiplatform.dataLabelingJobs.cancel
aiplatform.dataLabelingJobs.create
aiplatform.dataLabelingJobs.delete
aiplatform.dataLabelingJobs.get
aiplatform.dataLabelingJobs.list
aiplatform.datasets.create
aiplatform.datasets.delete
aiplatform.datasets.export
aiplatform.datasets.get
aiplatform.datasets.import
aiplatform.datasets.list
aiplatform.datasets.update
aiplatform.endpoints.create
aiplatform.endpoints.delete
aiplatform.endpoints.deploy
aiplatform.endpoints.explain
aiplatform.endpoints.get
aiplatform.endpoints.list
aiplatform.endpoints.predict
aiplatform.endpoints.undeploy
aiplatform.endpoints.update
aiplatform.hyperparameterTuningJobs.cancel
aiplatform.hyperparameterTuningJobs.create
aiplatform.hyperparameterTuningJobs.delete
aiplatform.hyperparameterTuningJobs.get
aiplatform.hyperparameterTuningJobs.list
aiplatform.locations.get
aiplatform.locations.list
aiplatform.migratableResources.migrate
aiplatform.migratableResources.search
aiplatform.modelEvaluationSlices.get
aiplatform.modelEvaluationSlices.list
aiplatform.modelEvaluations.exportEvaluatedDataItems
aiplatform.modelEvaluations.get
aiplatform.modelEvaluations.list
aiplatform.models.delete
aiplatform.models.export
aiplatform.models.get
aiplatform.models.list
aiplatform.models.upload
aiplatform.operations.list
aiplatform.specialistPools.create
aiplatform.specialistPools.delete
aiplatform.specialistPools.get
aiplatform.specialistPools.list
aiplatform.specialistPools.update
aiplatform.trainingPipelines.cancel
aiplatform.trainingPipelines.create
aiplatform.trainingPipelines.delete
aiplatform.trainingPipelines.get
aiplatform.trainingPipelines.list
AI Platform Supported In Custom Roles aiplatform.annotationSpecs.create
aiplatform.annotationSpecs.delete
aiplatform.annotationSpecs.get
aiplatform.annotationSpecs.list
aiplatform.annotationSpecs.update
aiplatform.annotations.create
aiplatform.annotations.delete
aiplatform.annotations.get
aiplatform.annotations.list
aiplatform.annotations.update
aiplatform.batchPredictionJobs.cancel
aiplatform.batchPredictionJobs.create
aiplatform.batchPredictionJobs.delete
aiplatform.batchPredictionJobs.get
aiplatform.batchPredictionJobs.list
aiplatform.customJobs.cancel
aiplatform.customJobs.create
aiplatform.customJobs.delete
aiplatform.customJobs.get
aiplatform.customJobs.list
aiplatform.dataItems.create
aiplatform.dataItems.delete
aiplatform.dataItems.get
aiplatform.dataItems.list
aiplatform.dataItems.update
aiplatform.dataLabelingJobs.cancel
aiplatform.dataLabelingJobs.create
aiplatform.dataLabelingJobs.delete
aiplatform.dataLabelingJobs.get
aiplatform.dataLabelingJobs.list
aiplatform.datasets.create
aiplatform.datasets.delete
aiplatform.datasets.export
aiplatform.datasets.get
aiplatform.datasets.import
aiplatform.datasets.list
aiplatform.datasets.update
aiplatform.endpoints.create
aiplatform.endpoints.delete
aiplatform.endpoints.deploy
aiplatform.endpoints.explain
aiplatform.endpoints.get
aiplatform.endpoints.list
aiplatform.endpoints.predict
aiplatform.endpoints.undeploy
aiplatform.endpoints.update
aiplatform.hyperparameterTuningJobs.cancel
aiplatform.hyperparameterTuningJobs.create
aiplatform.hyperparameterTuningJobs.delete
aiplatform.hyperparameterTuningJobs.get
aiplatform.hyperparameterTuningJobs.list
aiplatform.locations.get
aiplatform.locations.list
aiplatform.migratableResources.migrate
aiplatform.migratableResources.search
aiplatform.modelEvaluationSlices.get
aiplatform.modelEvaluationSlices.list
aiplatform.modelEvaluations.exportEvaluatedDataItems
aiplatform.modelEvaluations.get
aiplatform.modelEvaluations.list
aiplatform.models.delete
aiplatform.models.export
aiplatform.models.get
aiplatform.models.list
aiplatform.models.upload
aiplatform.operations.list
aiplatform.specialistPools.create
aiplatform.specialistPools.delete
aiplatform.specialistPools.get
aiplatform.specialistPools.list
aiplatform.specialistPools.update
aiplatform.trainingPipelines.cancel
aiplatform.trainingPipelines.create
aiplatform.trainingPipelines.delete
aiplatform.trainingPipelines.get
aiplatform.trainingPipelines.list
BigQuery Supported In Custom Roles bigquery.models.create
bigquery.models.delete
bigquery.models.getData
bigquery.models.getMetadata
bigquery.models.list
bigquery.models.updateData
bigquery.models.updateMetadata
BigQuery Now GA bigquery.models.create
bigquery.models.delete
bigquery.models.export
bigquery.models.getData
bigquery.models.getMetadata
bigquery.models.list
bigquery.models.updateData
bigquery.models.updateMetadata

Cloud IAM changes as of 2020-09-25

Service Change Description
Anthos Now GA

The role roles/anthos.serviceAgent (Anthos Service Agent) is now GA.

Anthos Config Management Now GA

The role roles/anthosconfigmanagement.serviceAgent (Anthos Config Management Service Agent) is now GA.

Apigee Now GA

The role roles/apigee.serviceAgent (Apigee Service Agent) is now GA.

App Engine flexible environment Now GA

The role roles/appengineflex.serviceAgent (App Engine flexible environment Service Agent) is now GA.

Artifact Registry Now GA

The role roles/artifactregistry.serviceAgent (Artifact Registry Service Agent) is now GA.

AutoML Now GA

The role roles/automl.serviceAgent (AutoML Service Agent) is now GA.

Recommendations AI Now GA

The role roles/automlrecommendations.serviceAgent (Recommendations AI Service Agent) is now GA.

BigQuery Connection API Now GA

The role roles/bigqueryconnection.serviceAgent (BigQuery Connection Service Agent) is now GA.

BigQuery Data Transfer Service Now GA

The role roles/bigquerydatatransfer.serviceAgent (BigQuery Data Transfer Service Agent) is now GA.

Binary Authorization Now GA

The role roles/binaryauthorization.serviceAgent (Binary Authorization Service Agent) is now GA.

Cloud Asset Inventory Now GA

The role roles/cloudasset.serviceAgent (Cloud Asset Service Agent) is now GA.

Cloud Build Now GA

The role roles/cloudbuild.serviceAgent (Cloud Build Service Agent) is now GA.

Cloud Functions Now GA

The role roles/cloudfunctions.serviceAgent (Cloud Functions Service Agent) is now GA.

Cloud IoT Now GA

The role roles/cloudiot.serviceAgent (Cloud IoT Core Service Agent) is now GA.

Cloud Key Management Service Now GA

The role roles/cloudkms.serviceAgent (Cloud KMS Service Agent) is now GA.

Cloud Scheduler Now GA

The role roles/cloudscheduler.serviceAgent (Cloud Scheduler Service Agent) is now GA.

Cloud SQL Now GA

The role roles/cloudsql.serviceAgent (Cloud SQL Service Agent) is now GA.

Cloud Tasks Now GA

The role roles/cloudtasks.serviceAgent (Cloud Tasks Service Agent) is now GA.

Cloud Tasks Role Updated

The following permissions have been added to the role roles/cloudtasks.admin (Cloud Tasks Admin):

monitoring.timeSeries.list
Cloud Tasks Role Updated

The following permissions have been added to the role roles/cloudtasks.viewer (Cloud Tasks Viewer):

monitoring.timeSeries.list
Cloud TPU Now GA

The role roles/cloudtpu.serviceAgent (Cloud TPU V2 API Service Agent) is now GA.

Cloud Composer Now GA

The role roles/composer.serviceAgent (Cloud Composer API Service Agent) is now GA.

Compute Engine Now GA

The role roles/compute.serviceAgent (Compute Engine Service Agent) is now GA.

Compute Scanning Now GA

The role roles/computescanning.serviceAgent (Compute Scanning Service Agent) is now GA.

Google Kubernetes Engine Now GA

The role roles/container.serviceAgent (Kubernetes Engine Service Agent) is now GA.

Container Analysis Now GA

The role roles/containeranalysis.ServiceAgent (Container Analysis Service Agent) is now GA.

Container Registry Now GA

The role roles/containerregistry.ServiceAgent (Container Registry Service Agent) is now GA.

Container Scanning Now GA

The role roles/containerscanning.ServiceAgent (Container Scanner Service Agent) is now GA.

Container Threat Detection Now GA

The role roles/containerthreatdetection.serviceAgent (Container Threat Detection Service Agent) is now GA.

Dataflow Now GA

The role roles/dataflow.serviceAgent (Cloud Dataflow Service Agent) is now GA.

Cloud Data Fusion Now GA

The role roles/datafusion.serviceAgent (Cloud Data Fusion API Service Agent) is now GA.

AI Platform Data Labeling Service Now GA

The role roles/datalabeling.serviceAgent (DataLabeling Service Agent) is now GA.

Dataprep by Trifacta Now GA

The role roles/dataprep.serviceAgent (Dataprep Service Agent) is now GA.

Dataproc Now GA

The role roles/dataproc.serviceAgent (Dataproc Service Agent) is now GA.

Google Data Studio Now GA

The role roles/datastudio.serviceAgent (Data Studio Service Agent) is now GA.

Dialogflow Now GA

The role roles/dialogflow.serviceAgent (Dialogflow Service Agent) is now GA.

Cloud Data Loss Prevention Now GA

The role roles/dlp.serviceAgent (DLP API Service Agent) is now GA.

Document AI Now GA

The role roles/documentaicore.serviceAgent (DocumentAI Core Service Agent) is now GA.

Cloud Endpoints Now GA

The role roles/endpoints.serviceAgent (Cloud Endpoints Service Agent) is now GA.

Cloud Endpoints Portal Now GA

The role roles/endpointsportal.serviceAgent (Endpoints Portal Service Agent) is now GA.

Filestore Now GA

The role roles/file.serviceAgent (Cloud Filestore Service Agent) is now GA.

Firebase Now GA

The role roles/firebase.appDistributionSdkServiceAgent (Firebase App Distribution Admin SDK Service Agent) is now GA.

Firebase Now GA

The role roles/firebase.managementServiceAgent (Firebase Service Management Service Agent) is now GA.

Firebase Now GA

The role roles/firebase.sdkAdminServiceAgent (Firebase Admin SDK Administrator Service Agent) is now GA.

Firebase Now GA

The role roles/firebase.sdkProvisioningServiceAgent (Firebase SDK Provisioning Service Agent) is now GA.

Firebase Mods Now GA

The role roles/firebasemods.serviceAgent (Firebase Extensions API Service Agent) is now GA.

Firebase Storage Now GA

The role roles/firebasestorage.serviceAgent (Cloud Storage for Firebase Service Agent) is now GA.

Firewall Insights Now GA

The role roles/firewallinsights.serviceAgent (Cloud Firewall Insights Service Agent) is now GA.

Google Cloud Game Servers Now GA

The role roles/gameservices.serviceAgent (Game Services Service Agent) is now GA.

Cloud Life Sciences Now GA

The role roles/genomics.serviceAgent (Genomics Service Agent) is now GA.

GKE Hub Now GA

The role roles/gkehub.serviceAgent (GKE Hub Service Agent) is now GA.

Cloud Healthcare API Now GA

The role roles/healthcare.serviceAgent (Healthcare Service Agent) is now GA.

Cloud Life Sciences Now GA

The role roles/lifesciences.serviceAgent (Cloud Life Sciences Service Agent) is now GA.

Managed Service for Microsoft Active Directory Now GA

The role roles/managedidentities.serviceAgent (Cloud Managed Identities Service Agent) is now GA.

Memorystore for Memcached Now GA

The role roles/memcache.serviceAgent (Cloud Memorystore Memcached Service Agent) is now GA.

Mesh Configuration Now GA

The role roles/meshconfig.serviceAgent (Mesh Config Service Agent) is now GA.

Mesh Data Plane Now GA

The role roles/meshdataplane.serviceAgent (Mesh Data Plane Service Agent) is now GA.

AI Platform Now GA

The role roles/ml.serviceAgent (Cloud ML Service Agent) is now GA.

Cloud Monitoring Now GA

The role roles/monitoring.notificationServiceAgent (Monitoring Notification Service Agent) is now GA.

Multi Cluster Ingress Now GA

The role roles/multiclusteringress.serviceAgent (Multi Cluster Ingress Service Agent) is now GA.

Multi Cluster Metering Now GA

The role roles/multiclustermetering.serviceAgent (Multi-cluster metering Service Agent) is now GA.

Network Management API Now GA

The role roles/networkmanagement.serviceAgent (GCP Network Management Service Agent) is now GA.

AI Platform Notebooks Now GA

The role roles/notebooks.serviceAgent (AI Platform Notebooks Service Agent) is now GA.

Cloud OS Config Now GA

The role roles/osconfig.serviceAgent (Cloud OS Config Service Agent) is now GA.

Pub/Sub Now GA

The role roles/pubsub.serviceAgent (Cloud Pub/Sub Service Agent) is now GA.

Memorystore for Redis Now GA

The role roles/redis.serviceAgent (Cloud Memorystore Redis Service Agent) is now GA.

Remote Build Execution Now GA

The role roles/remotebuildexecution.serviceAgent (Remote Build Execution Service Agent) is now GA.

Cloud Run Now GA

The role roles/run.serviceAgent (Cloud Run Service Agent) is now GA.

Security Command Center Now GA

The role roles/securitycenter.automationServiceAgent (Security Center Automation Service Agent) is now GA.

Security Command Center Now GA

The role roles/securitycenter.controlServiceAgent (Security Center Control Service Agent) is now GA.

Security Command Center Now GA

The role roles/securitycenter.notificationServiceAgent (Security Center Notification Service Agent) is now GA.

Security Command Center Now GA

The role roles/securitycenter.securityHealthAnalyticsServiceAgent (Security Health Analytics Service Agent) is now GA.

Security Command Center Now GA

The role roles/securitycenter.serviceAgent (Security Center Service Agent) is now GA.

Cloud Run Now GA

The role roles/serverless.serviceAgent (Cloud Run Service Agent) is now GA.

Service Networking Now GA

The role roles/servicenetworking.serviceAgent (Service Networking Service Agent) is now GA.

Cloud Source Repositories Now GA

The role roles/sourcerepo.serviceAgent (Cloud Source Repositories Service Agent) is now GA.

Cloud TPU Now GA

The role roles/tpu.serviceAgent (Cloud TPU API Service Agent) is now GA.

Serverless VPC Access Now GA

The role roles/vpcaccess.serviceAgent (Serverless VPC Access Service Agent) is now GA.

Web Security Scanner Now GA

The role roles/websecurityscanner.serviceAgent (Cloud Web Security Scanner Service Agent) is now GA.

Workflows Now GA

The role roles/workflows.serviceAgent (Cloud Workflows Service Agent) is now GA.

BigQuery Added bigquery.capacityCommitments.update
BigQuery Supported In Custom Roles bigquery.capacityCommitments.update
BigQuery Now GA bigquery.capacityCommitments.update
Cloud Domains Added domains.locations.get
domains.locations.list
domains.operations.cancel
domains.operations.get
domains.operations.list
domains.registrations.configureContact
domains.registrations.configureDns
domains.registrations.configureManagement
domains.registrations.create
domains.registrations.delete
domains.registrations.get
domains.registrations.getIamPolicy
domains.registrations.list
domains.registrations.setIamPolicy
domains.registrations.update
Transcoder API Added transcoder.jobTemplates.create
transcoder.jobTemplates.delete
transcoder.jobTemplates.get
transcoder.jobTemplates.list
transcoder.jobs.create
transcoder.jobs.delete
transcoder.jobs.get
transcoder.jobs.list
Transcoder API Supported In Custom Roles transcoder.jobTemplates.create
transcoder.jobTemplates.delete
transcoder.jobTemplates.get
transcoder.jobTemplates.list
transcoder.jobs.create
transcoder.jobs.delete
transcoder.jobs.get
transcoder.jobs.list

Cloud IAM changes as of 2020-09-18

Service Change Description
BigQuery Now GA

The role roles/bigquery.resourceAdmin (BigQuery Resource Admin) is now GA.

BigQuery Now GA

The role roles/bigquery.resourceEditor (BigQuery Resource Editor) is now GA.

BigQuery Now GA

The role roles/bigquery.resourceViewer (BigQuery Resource Viewer) is now GA.

Recommender Role Updated

The following permissions have been added to the role roles/recommender.firewallAdmin (Firewall Recommender Admin):

recommender.locations.get
recommender.locations.list
Recommender Role Updated

The following permissions have been added to the role roles/recommender.firewallViewer (Firewall Recommender Viewer):

recommender.locations.get
recommender.locations.list
Recommender Role Updated

The following permissions have been added to the role roles/recommender.projectCudAdmin (Project Usage Commitment Recommender Admin):

recommender.locations.get
recommender.locations.list
Recommender Role Updated

The following permissions have been added to the role roles/recommender.projectCudViewer (Project Usage Commitment Recommender Viewer):

recommender.locations.get
recommender.locations.list
API Gateway Supported In Custom Roles apigateway.apiconfigs.create
apigateway.apiconfigs.delete
apigateway.apiconfigs.get
apigateway.apiconfigs.getIamPolicy
apigateway.apiconfigs.list
apigateway.apiconfigs.setIamPolicy
apigateway.apiconfigs.update
apigateway.apis.create
apigateway.apis.delete
apigateway.apis.get
apigateway.apis.getIamPolicy
apigateway.apis.list
apigateway.apis.setIamPolicy
apigateway.apis.update
apigateway.gateways.create
apigateway.gateways.delete
apigateway.gateways.get
apigateway.gateways.getIamPolicy
apigateway.gateways.list
apigateway.gateways.setIamPolicy
apigateway.gateways.update
apigateway.locations.get
apigateway.locations.list
apigateway.operations.cancel
apigateway.operations.delete
apigateway.operations.get
apigateway.operations.list
BigQuery Now GA bigquery.bireservations.get
bigquery.bireservations.update
bigquery.capacityCommitments.create
bigquery.capacityCommitments.delete
bigquery.capacityCommitments.get
bigquery.capacityCommitments.list
bigquery.reservationAssignments.create
bigquery.reservationAssignments.delete
bigquery.reservationAssignments.list
bigquery.reservationAssignments.search
bigquery.reservations.create
bigquery.reservations.delete
bigquery.reservations.get
bigquery.reservations.list
bigquery.reservations.update
Identity and Access Management Added iam.workloadIdentityPoolProviders.create
iam.workloadIdentityPoolProviders.delete
iam.workloadIdentityPoolProviders.get
iam.workloadIdentityPoolProviders.list
iam.workloadIdentityPoolProviders.undelete
iam.workloadIdentityPoolProviders.update
iam.workloadIdentityPools.create
iam.workloadIdentityPools.delete
iam.workloadIdentityPools.get
iam.workloadIdentityPools.list
iam.workloadIdentityPools.undelete
iam.workloadIdentityPools.update
Identity and Access Management Supported In Custom Roles iam.workloadIdentityPoolProviders.create
iam.workloadIdentityPoolProviders.delete
iam.workloadIdentityPoolProviders.get
iam.workloadIdentityPoolProviders.list
iam.workloadIdentityPoolProviders.undelete
iam.workloadIdentityPoolProviders.update
iam.workloadIdentityPools.create
iam.workloadIdentityPools.delete
iam.workloadIdentityPools.get
iam.workloadIdentityPools.list
iam.workloadIdentityPools.undelete
iam.workloadIdentityPools.update

Cloud IAM changes as of 2020-09-11

Service Change Description
Cloud Logging Role Updated

The following permissions have been added to the role roles/logging.privateLogViewer (Private Logs Viewer):

logging.queries.create
logging.queries.delete
logging.queries.get
logging.queries.list
logging.queries.update
Security Command Center Added securitycenter.findings.setWorkflowState
Security Command Center Supported In Custom Roles securitycenter.findings.setWorkflowState

Cloud IAM changes as of 2020-09-04

Service Change Description
Apigee Now GA

The role roles/apigee.portalAdmin (Apigee Portal Admin) is now GA.

Cloud Profiler Now GA

The role roles/cloudprofiler.agent (Cloud Profiler Agent) is now GA.

Cloud Profiler Now GA

The role roles/cloudprofiler.user (Cloud Profiler User) is now GA.

Cloud SQL Now GA

The role roles/cloudsql.instanceUser (Cloud SQL Instance User) is now GA.

AI Platform Notebooks Now GA

The role roles/notebooks.admin (Notebooks Admin) is now GA.

AI Platform Notebooks Now GA

The role roles/notebooks.legacyAdmin (Notebooks Legacy Admin) is now GA.

AI Platform Notebooks Now GA

The role roles/notebooks.legacyViewer (Notebooks Legacy Viewer) is now GA.

AI Platform Notebooks Now GA

The role roles/notebooks.runner (Notebooks Runner) is now GA.

AI Platform Notebooks Now GA

The role roles/notebooks.viewer (Notebooks Viewer) is now GA.

Security Command Center Now GA

The role roles/securitycenter.settingsAdmin (Security Center Settings Admin) is now GA.

Security Command Center Now GA

The role roles/securitycenter.settingsEditor (Security Center Settings Editor) is now GA.

Security Command Center Now GA

The role roles/securitycenter.settingsViewer (Security Center Settings Viewer) is now GA.

BigQuery Added bigquery.models.export
BigQuery Supported In Custom Roles bigquery.models.export
Cloud Profiler Now GA cloudprofiler.profiles.create
cloudprofiler.profiles.list
cloudprofiler.profiles.update
Cloud SQL Added cloudsql.instances.login
Cloud SQL Supported In Custom Roles cloudsql.instances.login
Cloud SQL Now GA cloudsql.instances.login
NetApp Cloud Volumes Service Available In Custom Roles cloudvolumesgcp-api.netapp.com/activeDirectories.create
cloudvolumesgcp-api.netapp.com/activeDirectories.delete
cloudvolumesgcp-api.netapp.com/activeDirectories.get
cloudvolumesgcp-api.netapp.com/activeDirectories.list
cloudvolumesgcp-api.netapp.com/activeDirectories.update
cloudvolumesgcp-api.netapp.com/ipRanges.list
cloudvolumesgcp-api.netapp.com/jobs.get
cloudvolumesgcp-api.netapp.com/jobs.list
cloudvolumesgcp-api.netapp.com/regions.list
cloudvolumesgcp-api.netapp.com/serviceLevels.list
cloudvolumesgcp-api.netapp.com/snapshots.create
cloudvolumesgcp-api.netapp.com/snapshots.delete
cloudvolumesgcp-api.netapp.com/snapshots.get
cloudvolumesgcp-api.netapp.com/snapshots.list
cloudvolumesgcp-api.netapp.com/snapshots.update
cloudvolumesgcp-api.netapp.com/volumes.create
cloudvolumesgcp-api.netapp.com/volumes.delete
cloudvolumesgcp-api.netapp.com/volumes.get
cloudvolumesgcp-api.netapp.com/volumes.list
cloudvolumesgcp-api.netapp.com/volumes.update
AI Platform Notebooks Now GA notebooks.environments.create
notebooks.environments.delete
notebooks.environments.get
notebooks.environments.getIamPolicy
notebooks.environments.list
notebooks.environments.setIamPolicy
notebooks.instances.checkUpgradability
notebooks.instances.create
notebooks.instances.delete
notebooks.instances.get
notebooks.instances.getIamPolicy
notebooks.instances.list
notebooks.instances.reset
notebooks.instances.setAccelerator
notebooks.instances.setIamPolicy
notebooks.instances.setLabels
notebooks.instances.setMachineType
notebooks.instances.start
notebooks.instances.stop
notebooks.instances.update
notebooks.instances.upgrade
notebooks.locations.get
notebooks.locations.list
notebooks.operations.cancel
notebooks.operations.delete
notebooks.operations.get
notebooks.operations.list
Security Command Center Added securitycenter.containerthreatdetectionsettings.calculate
securitycenter.containerthreatdetectionsettings.get
securitycenter.containerthreatdetectionsettings.update
securitycenter.eventthreatdetectionsettings.calculate
securitycenter.eventthreatdetectionsettings.get
securitycenter.eventthreatdetectionsettings.update
securitycenter.securitycentersettings.get
securitycenter.securitycentersettings.update
securitycenter.securityhealthanalyticssettings.calculate
securitycenter.securityhealthanalyticssettings.get
securitycenter.securityhealthanalyticssettings.update
securitycenter.subscription.get
securitycenter.websecurityscannersettings.calculate
securitycenter.websecurityscannersettings.get
securitycenter.websecurityscannersettings.update
Security Command Center Supported In Custom Roles securitycenter.containerthreatdetectionsettings.calculate
securitycenter.containerthreatdetectionsettings.get
securitycenter.containerthreatdetectionsettings.update
securitycenter.eventthreatdetectionsettings.calculate
securitycenter.eventthreatdetectionsettings.get
securitycenter.eventthreatdetectionsettings.update
securitycenter.securitycentersettings.get
securitycenter.securitycentersettings.update
securitycenter.securityhealthanalyticssettings.calculate
securitycenter.securityhealthanalyticssettings.get
securitycenter.securityhealthanalyticssettings.update
securitycenter.subscription.get
securitycenter.websecurityscannersettings.calculate
securitycenter.websecurityscannersettings.get
securitycenter.websecurityscannersettings.update

Cloud IAM changes as of 2020-08-28

Service Change Description
App Engine Now GA

The role roles/appengine.appCreator (App Engine Creator) is now GA.

Cloud Functions Now GA

The role roles/cloudfunctions.admin (Cloud Functions Admin) is now GA.

Cloud Functions Now GA

The role roles/cloudfunctions.developer (Cloud Functions Developer) is now GA.

Cloud Functions Now GA

The role roles/cloudfunctions.invoker (Cloud Functions Invoker) is now GA.

Cloud Functions Now GA

The role roles/cloudfunctions.viewer (Cloud Functions Viewer) is now GA.

Assured Workloads for Government Added assuredworkloads.operations.get
assuredworkloads.operations.list
assuredworkloads.workload.create
assuredworkloads.workload.delete
assuredworkloads.workload.get
assuredworkloads.workload.list
assuredworkloads.workload.update
Assured Workloads for Government Supported In Custom Roles assuredworkloads.operations.get
assuredworkloads.operations.list
Recommendations AI Added automlrecommendations.catalogs.update
Recommendations AI Supported In Custom Roles automlrecommendations.catalogs.list
automlrecommendations.catalogs.update
automlrecommendations.recommendations.list
Cloud Asset Inventory Now GA cloudasset.assets.analyzeIamPolicy
Cloud Functions Supported In Custom Roles cloudfunctions.functions.call
cloudfunctions.functions.create
cloudfunctions.functions.delete
cloudfunctions.functions.get
cloudfunctions.functions.list
cloudfunctions.functions.sourceCodeGet
cloudfunctions.functions.sourceCodeSet
cloudfunctions.functions.update
cloudfunctions.locations.list
cloudfunctions.operations.get
cloudfunctions.operations.list
Cloud Functions Now GA cloudfunctions.functions.call
cloudfunctions.functions.create
cloudfunctions.functions.delete
cloudfunctions.functions.get
cloudfunctions.functions.getIamPolicy
cloudfunctions.functions.invoke
cloudfunctions.functions.list
cloudfunctions.functions.setIamPolicy
cloudfunctions.functions.sourceCodeGet
cloudfunctions.functions.sourceCodeSet
cloudfunctions.functions.update
cloudfunctions.locations.list
cloudfunctions.operations.get
cloudfunctions.operations.list
Cloud Healthcare API Supported In Custom Roles healthcare.hl7V2Stores.import
Cloud Logging Added logging.queries.create
logging.queries.delete
logging.queries.get
logging.queries.list
logging.queries.update
Cloud Logging Supported In Custom Roles logging.queries.create
logging.queries.delete
logging.queries.get
logging.queries.list
logging.queries.update
Cloud Logging Now GA logging.queries.create
logging.queries.delete
logging.queries.get
logging.queries.list
logging.queries.update
Workflows Added workflows.executions.cancel
workflows.executions.create
workflows.executions.get
workflows.executions.list
workflows.locations.get
workflows.locations.list
workflows.operations.cancel
workflows.operations.get
workflows.operations.list
workflows.workflows.create
workflows.workflows.delete
workflows.workflows.get
workflows.workflows.getIamPolicy
workflows.workflows.list
workflows.workflows.setIamPolicy
workflows.workflows.update
Workflows Supported In Custom Roles workflows.executions.cancel
workflows.executions.create
workflows.executions.get
workflows.executions.list
workflows.locations.get
workflows.locations.list
workflows.operations.cancel
workflows.operations.get
workflows.operations.list
workflows.workflows.create
workflows.workflows.delete
workflows.workflows.get
workflows.workflows.getIamPolicy
workflows.workflows.list
workflows.workflows.setIamPolicy
workflows.workflows.update

Cloud IAM changes as of 2020-08-21

Service Change Description
Dialogflow Role Updated

The following permissions have been added to the role roles/dialogflow.admin (Dialogflow API Admin):

dialogflow.environments.lookupHistory
dialogflow.versions.load
Dialogflow Role Updated

The following permissions have been added to the role roles/dialogflow.consoleAgentEditor (Dialogflow Console Agent Editor):

dialogflow.environments.lookupHistory
dialogflow.versions.load
Basic Role Role Updated

The following permissions have been added to the role roles/editor (Editor):

dialogflow.environments.lookupHistory
dialogflow.versions.load
Basic Role Role Updated

The following permissions have been added to the role roles/owner (Owner):

dialogflow.environments.lookupHistory
dialogflow.versions.load
Basic Role Role Updated

The following permissions have been added to the role roles/viewer (Viewer):

dialogflow.environments.lookupHistory
Apigee Added apigee.caches.delete
apigee.caches.list
apigee.canaryevaluations.create
apigee.canaryevaluations.get
apigee.datacollectors.create
apigee.datacollectors.delete
apigee.datacollectors.get
apigee.datacollectors.list
apigee.datacollectors.update
apigee.datastores.create
apigee.datastores.delete
apigee.datastores.get
apigee.datastores.list
apigee.datastores.update
apigee.envgroupattachments.create
apigee.envgroupattachments.delete
apigee.envgroupattachments.get
apigee.envgroupattachments.list
apigee.envgroups.create
apigee.envgroups.delete
apigee.envgroups.get
apigee.envgroups.list
apigee.envgroups.update
apigee.exports.create
apigee.exports.get
apigee.exports.list
apigee.hostqueries.create
apigee.hostqueries.get
apigee.hostqueries.list
apigee.hoststats.get
apigee.ingressconfigs.get
apigee.instanceattachments.create
apigee.instanceattachments.delete
apigee.instanceattachments.get
apigee.instanceattachments.list
apigee.instances.create
apigee.instances.delete
apigee.instances.get
apigee.instances.list
apigee.instances.reportStatus
apigee.operations.get
apigee.operations.list
apigee.projects.update
Apigee Supported In Custom Roles apigee.datastores.create
apigee.datastores.delete
apigee.datastores.get
apigee.datastores.list
apigee.datastores.update
apigee.exports.create
apigee.exports.get
apigee.exports.list
Apigee Now GA apigee.caches.delete
apigee.caches.list
apigee.canaryevaluations.create
apigee.canaryevaluations.get
apigee.datacollectors.create
apigee.datacollectors.delete
apigee.datacollectors.get
apigee.datacollectors.list
apigee.datacollectors.update
apigee.datastores.create
apigee.datastores.delete
apigee.datastores.get
apigee.datastores.list
apigee.datastores.update
apigee.envgroupattachments.create
apigee.envgroupattachments.delete
apigee.envgroupattachments.get
apigee.envgroupattachments.list
apigee.envgroups.create
apigee.envgroups.delete
apigee.envgroups.get
apigee.envgroups.list
apigee.envgroups.update
apigee.exports.create
apigee.exports.get
apigee.exports.list
apigee.hostqueries.create
apigee.hostqueries.get
apigee.hostqueries.list
apigee.hoststats.get
apigee.ingressconfigs.get
apigee.instanceattachments.create
apigee.instanceattachments.delete
apigee.instanceattachments.get
apigee.instanceattachments.list
apigee.instances.create
apigee.instances.delete
apigee.instances.get
apigee.instances.list
apigee.instances.reportStatus
apigee.operations.get
apigee.operations.list
apigee.projects.update
Compute Engine Now GA compute.images.update
Dialogflow Added dialogflow.agents.list
dialogflow.agents.validate
dialogflow.environments.create
dialogflow.environments.delete
dialogflow.environments.get
dialogflow.environments.getHistory
dialogflow.environments.list
dialogflow.environments.lookupHistory
dialogflow.environments.update
dialogflow.flows.create
dialogflow.flows.delete
dialogflow.flows.get
dialogflow.flows.list
dialogflow.flows.train
dialogflow.flows.update
dialogflow.flows.validate
dialogflow.pages.create
dialogflow.pages.delete
dialogflow.pages.get
dialogflow.pages.list
dialogflow.pages.update
dialogflow.transitionRouteGroups.create
dialogflow.transitionRouteGroups.delete
dialogflow.transitionRouteGroups.get
dialogflow.transitionRouteGroups.list
dialogflow.transitionRouteGroups.update
dialogflow.versions.create
dialogflow.versions.delete
dialogflow.versions.get
dialogflow.versions.list
dialogflow.versions.load
dialogflow.versions.update
dialogflow.webhooks.create
dialogflow.webhooks.delete
dialogflow.webhooks.get
dialogflow.webhooks.list
dialogflow.webhooks.update
Dialogflow Supported In Custom Roles dialogflow.environments.create
dialogflow.environments.delete
dialogflow.environments.get
dialogflow.environments.getHistory
dialogflow.environments.list
dialogflow.environments.update
dialogflow.versions.create
dialogflow.versions.delete
dialogflow.versions.get
dialogflow.versions.list
dialogflow.versions.update
Dialogflow Now GA dialogflow.agents.list
dialogflow.agents.validate
dialogflow.environments.create
dialogflow.environments.delete
dialogflow.environments.get
dialogflow.environments.getHistory
dialogflow.environments.list
dialogflow.environments.update
dialogflow.flows.create
dialogflow.flows.delete
dialogflow.flows.get
dialogflow.flows.list
dialogflow.flows.train
dialogflow.flows.update
dialogflow.flows.validate
dialogflow.pages.create
dialogflow.pages.delete
dialogflow.pages.get
dialogflow.pages.list
dialogflow.pages.update
dialogflow.transitionRouteGroups.create
dialogflow.transitionRouteGroups.delete
dialogflow.transitionRouteGroups.get
dialogflow.transitionRouteGroups.list
dialogflow.transitionRouteGroups.update
dialogflow.versions.create
dialogflow.versions.delete
dialogflow.versions.get
dialogflow.versions.list
dialogflow.versions.update
dialogflow.webhooks.create
dialogflow.webhooks.delete
dialogflow.webhooks.get
dialogflow.webhooks.list
dialogflow.webhooks.update
Cloud Healthcare API Added healthcare.annotationStores.create
healthcare.annotationStores.delete
healthcare.annotationStores.evaluate
healthcare.annotationStores.export
healthcare.annotationStores.get
healthcare.annotationStores.getIamPolicy
healthcare.annotationStores.import
healthcare.annotationStores.list
healthcare.annotationStores.setIamPolicy
healthcare.annotationStores.update
healthcare.annotations.create
healthcare.annotations.delete
healthcare.annotations.get
healthcare.annotations.list
healthcare.annotations.update
Cloud Healthcare API Supported In Custom Roles healthcare.annotationStores.create
healthcare.annotationStores.delete
healthcare.annotationStores.evaluate
healthcare.annotationStores.export
healthcare.annotationStores.get
healthcare.annotationStores.getIamPolicy
healthcare.annotationStores.import
healthcare.annotationStores.list
healthcare.annotationStores.setIamPolicy
healthcare.annotationStores.update
healthcare.annotations.create
healthcare.annotations.delete
healthcare.annotations.get
healthcare.annotations.list
healthcare.annotations.update

Cloud IAM changes as of 2020-08-14

Service Change Description
Private Catalog Role Updated

The following permissions have been added to the role roles/cloudprivatecatalog.consumer (Catalog Consumer):

resourcemanager.projects.get
resourcemanager.projects.list
Private Catalog Role Updated

The following permissions have been added to the role roles/cloudprivatecatalogproducer.admin (Catalog Admin):

cloudprivatecatalog.targets.get
cloudprivatecatalogproducer.targets.associate
cloudprivatecatalogproducer.targets.unassociate
resourcemanager.projects.get
resourcemanager.projects.list
Private Catalog Role Updated

The following permissions have been added to the role roles/cloudprivatecatalogproducer.manager (Catalog Manager):

resourcemanager.projects.get
resourcemanager.projects.list
Dialogflow Added dialogflow.fulfillments.get
dialogflow.fulfillments.update
Dialogflow Now GA dialogflow.fulfillments.get
dialogflow.fulfillments.update

Cloud IAM changes as of 2020-08-07

Service Change Description
Cloud Composer Role Updated

The following permissions have been added to the role roles/composer.worker (Composer Worker):

artifactregistry.packages.delete
artifactregistry.repositories.create
artifactregistry.repositories.delete
artifactregistry.repositories.deleteArtifacts
artifactregistry.repositories.getIamPolicy
artifactregistry.repositories.setIamPolicy
artifactregistry.repositories.update
artifactregistry.tags.delete
artifactregistry.versions.delete
GKE Hub Role Updated

The following permissions have been added to the role roles/gkehub.viewer (GKE Hub Viewer):

gkehub.features.getIamPolicy
gkehub.gateway.get
gkehub.gateway.getIamPolicy
Cloud Logging Now GA

The role roles/logging.bucketWriter (Logs Bucket Writer) is now GA.

Cloud Logging Now GA

The role roles/logging.viewAccessor (Logs View Accessor) is now GA.

Cloud Logging Role Updated

The following permissions have been added to the role roles/logging.privateLogViewer (Private Logs Viewer):

logging.views.access
Compute Engine Now GA compute.instances.getScreenshot
Identity and Access Management Supported In Custom Roles iam.serviceAccounts.disable
iam.serviceAccounts.enable
iam.serviceAccounts.undelete
Identity and Access Management Now GA iam.serviceAccounts.disable
iam.serviceAccounts.enable
iam.serviceAccounts.undelete
Cloud Logging Added logging.buckets.create
logging.buckets.delete
logging.buckets.undelete
logging.buckets.write
logging.views.access
Cloud Logging Supported In Custom Roles logging.buckets.create
logging.buckets.delete
logging.buckets.undelete
logging.buckets.write
logging.views.access
Cloud Logging Now GA logging.buckets.create
logging.buckets.delete
logging.buckets.undelete
logging.buckets.write
logging.views.access
OAuthConfig Added oauthconfig.clientpolicy.get
oauthconfig.testusers.get
oauthconfig.testusers.update
oauthconfig.verification.get
oauthconfig.verification.submit
oauthconfig.verification.update
OAuthConfig Supported In Custom Roles oauthconfig.clientpolicy.get
oauthconfig.testusers.get
oauthconfig.testusers.update
oauthconfig.verification.get
oauthconfig.verification.submit
oauthconfig.verification.update
OAuthPolicyMetadata Added oauthpolicymetadata.brandpolicy.createOrUpdate
oauthpolicymetadata.brandpolicy.get
oauthpolicymetadata.brandpolicy.submitVerification
oauthpolicymetadata.clientpolicy.get
OAuthPolicyMetadata Supported In Custom Roles oauthpolicymetadata.brandpolicy.createOrUpdate
oauthpolicymetadata.brandpolicy.get
oauthpolicymetadata.brandpolicy.submitVerification
oauthpolicymetadata.clientpolicy.get
OAuthTestApp Added oauthtestapp.userwhitelist.read
oauthtestapp.userwhitelist.write
OAuthTestApp Supported In Custom Roles oauthtestapp.userwhitelist.read
oauthtestapp.userwhitelist.write
Certificate Authority Service Added privateca.certificateAuthorities.create
privateca.certificateAuthorities.delete
privateca.certificateAuthorities.get
privateca.certificateAuthorities.getIamPolicy
privateca.certificateAuthorities.list
privateca.certificateAuthorities.setIamPolicy
privateca.certificateAuthorities.update
privateca.certificateRevocationLists.create
privateca.certificateRevocationLists.get
privateca.certificateRevocationLists.getIamPolicy
privateca.certificateRevocationLists.list
privateca.certificateRevocationLists.setIamPolicy
privateca.certificateRevocationLists.update
privateca.certificates.create
privateca.certificates.get
privateca.certificates.getIamPolicy
privateca.certificates.list
privateca.certificates.setIamPolicy
privateca.certificates.update
privateca.locations.get
privateca.locations.list
privateca.operations.cancel
privateca.operations.delete
privateca.operations.get
privateca.operations.list
privateca.reusableConfigs.create
privateca.reusableConfigs.delete
privateca.reusableConfigs.get
privateca.reusableConfigs.getIamPolicy
privateca.reusableConfigs.list
privateca.reusableConfigs.setIamPolicy
privateca.reusableConfigs.update
Certificate Authority Service Supported In Custom Roles privateca.certificateAuthorities.create
privateca.certificateAuthorities.delete
privateca.certificateAuthorities.get
privateca.certificateAuthorities.getIamPolicy
privateca.certificateAuthorities.list
privateca.certificateAuthorities.setIamPolicy
privateca.certificateAuthorities.update
privateca.certificateRevocationLists.create
privateca.certificateRevocationLists.get
privateca.certificateRevocationLists.getIamPolicy
privateca.certificateRevocationLists.list
privateca.certificateRevocationLists.setIamPolicy
privateca.certificateRevocationLists.update
privateca.certificates.create
privateca.certificates.get
privateca.certificates.getIamPolicy
privateca.certificates.list
privateca.certificates.setIamPolicy
privateca.certificates.update
privateca.locations.get
privateca.locations.list
privateca.operations.cancel
privateca.operations.delete
privateca.operations.get
privateca.operations.list
privateca.reusableConfigs.create
privateca.reusableConfigs.delete
privateca.reusableConfigs.get
privateca.reusableConfigs.getIamPolicy
privateca.reusableConfigs.list
privateca.reusableConfigs.setIamPolicy
privateca.reusableConfigs.update
Recommender Added recommender.commitmentUtilizationInsights.get
recommender.commitmentUtilizationInsights.list
recommender.commitmentUtilizationInsights.update
recommender.usageCommitmentRecommendations.get
recommender.usageCommitmentRecommendations.list
recommender.usageCommitmentRecommendations.update

Cloud IAM changes as of 2020-07-31

Service Change Description
Apigee Now GA

The role roles/apigee.admin (Apigee Organization Admin) is now GA.

Apigee Now GA

The role roles/apigee.analyticsAgent (Apigee Analytics Agent) is now GA.

Apigee Now GA

The role roles/apigee.analyticsEditor (Apigee Analytics Editor) is now GA.

Apigee Now GA

The role roles/apigee.analyticsViewer (Apigee Analytics Viewer) is now GA.

Apigee Now GA

The role roles/apigee.apiCreator (Apigee API Creator) is now GA.

Apigee Now GA

The role roles/apigee.deployer (Apigee Deployer) is now GA.

Apigee Now GA

The role roles/apigee.developerAdmin (Apigee Developer Admin) is now GA.

Apigee Now GA

The role roles/apigee.readOnlyAdmin (Apigee Read-only Admin) is now GA.

Apigee Now GA

The role roles/apigee.runtimeAgent (Apigee Runtime Agent) is now GA.

Apigee Now GA

The role roles/apigee.synchronizerManager (Apigee Synchronizer Manager) is now GA.

Apigee Connect Now GA

The role roles/apigeeconnect.Admin (Apigee Connect Admin) is now GA.

Apigee Connect Now GA

The role roles/apigeeconnect.Agent (Apigee Connect Agent) is now GA.

Google Cloud Game Servers Now GA

The role roles/gameservices.admin (Game Services API Admin) is now GA.

Google Cloud Game Servers Now GA

The role roles/gameservices.viewer (Game Services API Viewer) is now GA.

Identity and Access Management Role Updated

The following permissions have been removed from the role roles/iam.securityAdmin (Security Admin):

container.secrets.list
Identity and Access Management Role Updated

The following permissions have been removed from the role roles/iam.securityReviewer (Security Reviewer):

container.secrets.list
AI Platform Notebooks Role Updated

The following permissions have been added to the role roles/notebooks.admin (Notebooks Admin):

compute.acceleratorTypes.get
compute.addresses.get
compute.addresses.list
compute.autoscalers.get
compute.autoscalers.list
compute.backendBuckets.get
compute.backendBuckets.list
compute.backendServices.get
compute.backendServices.list
compute.commitments.get
compute.commitments.list
compute.diskTypes.get
compute.disks.get
compute.disks.getIamPolicy
compute.disks.list
compute.externalVpnGateways.get
compute.externalVpnGateways.list
compute.firewalls.get
compute.firewalls.list
compute.forwardingRules.get
compute.forwardingRules.list
compute.globalAddresses.get
compute.globalAddresses.list
compute.globalForwardingRules.get
compute.globalForwardingRules.list
compute.globalOperations.get
compute.globalOperations.getIamPolicy
compute.globalOperations.list
compute.globalPublicDelegatedPrefixes.get
compute.globalPublicDelegatedPrefixes.list
compute.healthChecks.get
compute.healthChecks.list
compute.httpHealthChecks.get
compute.httpHealthChecks.list
compute.httpsHealthChecks.get
compute.httpsHealthChecks.list
compute.images.get
compute.images.getFromFamily
compute.images.getIamPolicy
compute.images.list
compute.instanceGroupManagers.get
compute.instanceGroupManagers.list
compute.instanceGroups.get
compute.instanceGroups.list
compute.instanceTemplates.get
compute.instanceTemplates.getIamPolicy
compute.instanceTemplates.list
compute.instances.get
compute.instances.getEffectiveFirewalls
compute.instances.getGuestAttributes
compute.instances.getIamPolicy
compute.instances.getScreenshot
compute.instances.getSerialPortOutput
compute.instances.getShieldedInstanceIdentity
compute.instances.getShieldedVmIdentity
compute.instances.list
compute.instances.listReferrers
compute.interconnectAttachments.get
compute.interconnectAttachments.list
compute.interconnectLocations.get
compute.interconnectLocations.list
compute.interconnects.get
compute.interconnects.list
compute.licenseCodes.get
compute.licenseCodes.getIamPolicy
compute.licenseCodes.list
compute.licenses.get
compute.licenses.getIamPolicy
compute.licenses.list
compute.machineTypes.get
compute.maintenancePolicies.get
compute.maintenancePolicies.getIamPolicy
compute.maintenancePolicies.list
compute.networkEndpointGroups.get
compute.networkEndpointGroups.getIamPolicy
compute.networkEndpointGroups.list
compute.networks.get
compute.networks.getEffectiveFirewalls
compute.networks.list
compute.networks.listPeeringRoutes
compute.nodeGroups.get
compute.nodeGroups.getIamPolicy
compute.nodeGroups.list
compute.nodeTemplates.get
compute.nodeTemplates.getIamPolicy
compute.nodeTemplates.list
compute.nodeTypes.get
compute.nodeTypes.list
compute.organizations.listAssociations
compute.projects.get
compute.publicAdvertisedPrefixes.get
compute.publicAdvertisedPrefixes.list
compute.publicDelegatedPrefixes.get
compute.publicDelegatedPrefixes.list
compute.regionBackendServices.get
compute.regionBackendServices.list
compute.regionHealthCheckServices.get
compute.regionHealthCheckServices.list
compute.regionNotificationEndpoints.get
compute.regionNotificationEndpoints.list
compute.regionOperations.get
compute.regionOperations.getIamPolicy
compute.regionOperations.list
compute.regions.get
compute.regions.list
compute.reservations.get
compute.reservations.list
compute.resourcePolicies.get
compute.resourcePolicies.list
compute.routers.get
compute.routers.list
compute.routes.get
compute.routes.list
compute.securityPolicies.get
compute.securityPolicies.getIamPolicy
compute.securityPolicies.list
compute.snapshots.get
compute.snapshots.getIamPolicy
compute.snapshots.list
compute.sslCertificates.get
compute.sslCertificates.list
compute.sslPolicies.get
compute.sslPolicies.list
compute.sslPolicies.listAvailableFeatures
compute.subnetworks.get
compute.subnetworks.getIamPolicy
compute.targetHttpProxies.get
compute.targetHttpProxies.list
compute.targetHttpsProxies.get
compute.targetHttpsProxies.list
compute.targetInstances.get
compute.targetInstances.list
compute.targetPools.get
compute.targetPools.list
compute.targetSslProxies.get
compute.targetSslProxies.list
compute.targetTcpProxies.get
compute.targetTcpProxies.list
compute.targetVpnGateways.get
compute.targetVpnGateways.list
compute.urlMaps.get
compute.urlMaps.list
compute.urlMaps.validate
compute.vpnGateways.get
compute.vpnGateways.list
compute.vpnTunnels.get
compute.vpnTunnels.list
compute.zoneOperations.get
compute.zoneOperations.getIamPolicy
compute.zoneOperations.list
compute.zones.get
compute.zones.list
serviceusage.quotas.get
serviceusage.services.get
serviceusage.services.list
AI Platform Notebooks Role Updated

The following permissions have been added to the role roles/notebooks.runner (Notebooks Runner):

compute.acceleratorTypes.get
compute.addresses.get
compute.addresses.list
compute.autoscalers.get
compute.autoscalers.list
compute.backendBuckets.get
compute.backendBuckets.list
compute.backendServices.get
compute.backendServices.list
compute.commitments.get
compute.commitments.list
compute.diskTypes.get
compute.disks.get
compute.disks.getIamPolicy
compute.disks.list
compute.externalVpnGateways.get
compute.externalVpnGateways.list
compute.firewalls.get
compute.firewalls.list
compute.forwardingRules.get
compute.forwardingRules.list
compute.globalAddresses.get
compute.globalAddresses.list
compute.globalForwardingRules.get
compute.globalForwardingRules.list
compute.globalOperations.get
compute.globalOperations.getIamPolicy
compute.globalOperations.list
compute.globalPublicDelegatedPrefixes.get
compute.globalPublicDelegatedPrefixes.list
compute.healthChecks.get
compute.healthChecks.list
compute.httpHealthChecks.get
compute.httpHealthChecks.list
compute.httpsHealthChecks.get
compute.httpsHealthChecks.list
compute.images.get
compute.images.getFromFamily
compute.images.getIamPolicy
compute.images.list
compute.instanceGroupManagers.get
compute.instanceGroupManagers.list
compute.instanceGroups.get
compute.instanceGroups.list
compute.instanceTemplates.get
compute.instanceTemplates.getIamPolicy
compute.instanceTemplates.list
compute.instances.get
compute.instances.getEffectiveFirewalls
compute.instances.getGuestAttributes
compute.instances.getIamPolicy
compute.instances.getScreenshot
compute.instances.getSerialPortOutput
compute.instances.getShieldedInstanceIdentity
compute.instances.getShieldedVmIdentity
compute.instances.list
compute.instances.listReferrers
compute.interconnectAttachments.get
compute.interconnectAttachments.list
compute.interconnectLocations.get
compute.interconnectLocations.list
compute.interconnects.get
compute.interconnects.list
compute.licenseCodes.get
compute.licenseCodes.getIamPolicy
compute.licenseCodes.list
compute.licenses.get
compute.licenses.getIamPolicy
compute.licenses.list
compute.machineTypes.get
compute.maintenancePolicies.get
compute.maintenancePolicies.getIamPolicy
compute.maintenancePolicies.list
compute.networkEndpointGroups.get
compute.networkEndpointGroups.getIamPolicy
compute.networkEndpointGroups.list
compute.networks.get
compute.networks.getEffectiveFirewalls
compute.networks.list
compute.networks.listPeeringRoutes
compute.nodeGroups.get
compute.nodeGroups.getIamPolicy
compute.nodeGroups.list
compute.nodeTemplates.get
compute.nodeTemplates.getIamPolicy
compute.nodeTemplates.list
compute.nodeTypes.get
compute.nodeTypes.list
compute.organizations.listAssociations
compute.projects.get
compute.publicAdvertisedPrefixes.get
compute.publicAdvertisedPrefixes.list
compute.publicDelegatedPrefixes.get
compute.publicDelegatedPrefixes.list
compute.regionBackendServices.get
compute.regionBackendServices.list
compute.regionHealthCheckServices.get
compute.regionHealthCheckServices.list
compute.regionNotificationEndpoints.get
compute.regionNotificationEndpoints.list
compute.regionOperations.get
compute.regionOperations.getIamPolicy
compute.regionOperations.list
compute.regions.get
compute.regions.list
compute.reservations.get
compute.reservations.list
compute.resourcePolicies.get
compute.resourcePolicies.list
compute.routers.get
compute.routers.list
compute.routes.get
compute.routes.list
compute.securityPolicies.get
compute.securityPolicies.getIamPolicy
compute.securityPolicies.list
compute.snapshots.get
compute.snapshots.getIamPolicy
compute.snapshots.list
compute.sslCertificates.get
compute.sslCertificates.list
compute.sslPolicies.get
compute.sslPolicies.list
compute.sslPolicies.listAvailableFeatures
compute.subnetworks.get
compute.subnetworks.getIamPolicy
compute.targetHttpProxies.get
compute.targetHttpProxies.list
compute.targetHttpsProxies.get
compute.targetHttpsProxies.list
compute.targetInstances.get
compute.targetInstances.list
compute.targetPools.get
compute.targetPools.list
compute.targetSslProxies.get
compute.targetSslProxies.list
compute.targetTcpProxies.get
compute.targetTcpProxies.list
compute.targetVpnGateways.get
compute.targetVpnGateways.list
compute.urlMaps.get
compute.urlMaps.list
compute.urlMaps.validate
compute.vpnGateways.get
compute.vpnGateways.list
compute.vpnTunnels.get
compute.vpnTunnels.list
compute.zoneOperations.get
compute.zoneOperations.getIamPolicy
compute.zoneOperations.list
compute.zones.get
compute.zones.list
serviceusage.quotas.get
serviceusage.services.get
serviceusage.services.list
AI Platform Notebooks Role Updated

The following permissions have been added to the role roles/notebooks.viewer (Notebooks Viewer):

compute.acceleratorTypes.get
compute.addresses.get
compute.addresses.list
compute.autoscalers.get
compute.autoscalers.list
compute.backendBuckets.get
compute.backendBuckets.list
compute.backendServices.get
compute.backendServices.list
compute.commitments.get
compute.commitments.list
compute.diskTypes.get
compute.disks.get
compute.disks.getIamPolicy
compute.disks.list
compute.externalVpnGateways.get
compute.externalVpnGateways.list
compute.firewalls.get
compute.firewalls.list
compute.forwardingRules.get
compute.forwardingRules.list
compute.globalAddresses.get
compute.globalAddresses.list
compute.globalForwardingRules.get
compute.globalForwardingRules.list
compute.globalOperations.get
compute.globalOperations.getIamPolicy
compute.globalOperations.list
compute.globalPublicDelegatedPrefixes.get
compute.globalPublicDelegatedPrefixes.list
compute.healthChecks.get
compute.healthChecks.list
compute.httpHealthChecks.get
compute.httpHealthChecks.list
compute.httpsHealthChecks.get
compute.httpsHealthChecks.list
compute.images.get
compute.images.getFromFamily
compute.images.getIamPolicy
compute.images.list
compute.instanceGroupManagers.get
compute.instanceGroupManagers.list
compute.instanceGroups.get
compute.instanceGroups.list
compute.instanceTemplates.get
compute.instanceTemplates.getIamPolicy
compute.instanceTemplates.list
compute.instances.get
compute.instances.getEffectiveFirewalls
compute.instances.getGuestAttributes
compute.instances.getIamPolicy
compute.instances.getScreenshot
compute.instances.getSerialPortOutput
compute.instances.getShieldedInstanceIdentity
compute.instances.getShieldedVmIdentity
compute.instances.list
compute.instances.listReferrers
compute.interconnectAttachments.get
compute.interconnectAttachments.list
compute.interconnectLocations.get
compute.interconnectLocations.list
compute.interconnects.get
compute.interconnects.list
compute.licenseCodes.get
compute.licenseCodes.getIamPolicy
compute.licenseCodes.list
compute.licenses.get
compute.licenses.getIamPolicy
compute.licenses.list
compute.machineTypes.get
compute.maintenancePolicies.get
compute.maintenancePolicies.getIamPolicy
compute.maintenancePolicies.list
compute.networkEndpointGroups.get
compute.networkEndpointGroups.getIamPolicy
compute.networkEndpointGroups.list
compute.networks.get
compute.networks.getEffectiveFirewalls
compute.networks.list
compute.networks.listPeeringRoutes
compute.nodeGroups.get
compute.nodeGroups.getIamPolicy
compute.nodeGroups.list
compute.nodeTemplates.get
compute.nodeTemplates.getIamPolicy
compute.nodeTemplates.list
compute.nodeTypes.get
compute.nodeTypes.list
compute.organizations.listAssociations
compute.projects.get
compute.publicAdvertisedPrefixes.get
compute.publicAdvertisedPrefixes.list
compute.publicDelegatedPrefixes.get
compute.publicDelegatedPrefixes.list
compute.regionBackendServices.get
compute.regionBackendServices.list
compute.regionHealthCheckServices.get
compute.regionHealthCheckServices.list
compute.regionNotificationEndpoints.get
compute.regionNotificationEndpoints.list
compute.regionOperations.get
compute.regionOperations.getIamPolicy
compute.regionOperations.list
compute.regions.get
compute.regions.list
compute.reservations.get
compute.reservations.list
compute.resourcePolicies.get
compute.resourcePolicies.list
compute.routers.get
compute.routers.list
compute.routes.get
compute.routes.list
compute.securityPolicies.get
compute.securityPolicies.getIamPolicy
compute.securityPolicies.list
compute.snapshots.get
compute.snapshots.getIamPolicy
compute.snapshots.list
compute.sslCertificates.get
compute.sslCertificates.list
compute.sslPolicies.get
compute.sslPolicies.list
compute.sslPolicies.listAvailableFeatures
compute.subnetworks.get
compute.subnetworks.getIamPolicy
compute.targetHttpProxies.get
compute.targetHttpProxies.list
compute.targetHttpsProxies.get
compute.targetHttpsProxies.list
compute.targetInstances.get
compute.targetInstances.list
compute.targetPools.get
compute.targetPools.list
compute.targetSslProxies.get
compute.targetSslProxies.list
compute.targetTcpProxies.get
compute.targetTcpProxies.list
compute.targetVpnGateways.get
compute.targetVpnGateways.list
compute.urlMaps.get
compute.urlMaps.list
compute.urlMaps.validate
compute.vpnGateways.get
compute.vpnGateways.list
compute.vpnTunnels.get
compute.vpnTunnels.list
compute.zoneOperations.get
compute.zoneOperations.getIamPolicy
compute.zoneOperations.list
compute.zones.get
compute.zones.list
serviceusage.quotas.get
serviceusage.services.get
serviceusage.services.list
Apigee Now GA apigee.apiproductattributes.createOrUpdateAll
apigee.apiproductattributes.delete
apigee.apiproductattributes.get
apigee.apiproductattributes.list
apigee.apiproductattributes.update
apigee.apiproducts.create
apigee.apiproducts.delete
apigee.apiproducts.get
apigee.apiproducts.list
apigee.apiproducts.update
apigee.appkeys.create
apigee.appkeys.delete
apigee.appkeys.get
apigee.appkeys.manage
apigee.apps.get
apigee.apps.list
apigee.deployments.create
apigee.deployments.delete
apigee.deployments.get
apigee.deployments.list
apigee.deployments.update
apigee.developerappattributes.createOrUpdateAll
apigee.developerappattributes.delete
apigee.developerappattributes.get
apigee.developerappattributes.list
apigee.developerappattributes.update
apigee.developerapps.create
apigee.developerapps.delete
apigee.developerapps.get
apigee.developerapps.list
apigee.developerapps.manage
apigee.developerattributes.createOrUpdateAll
apigee.developerattributes.delete
apigee.developerattributes.get
apigee.developerattributes.list
apigee.developerattributes.update
apigee.developers.create
apigee.developers.delete
apigee.developers.get
apigee.developers.list
apigee.developers.update
apigee.environments.create
apigee.environments.delete
apigee.environments.get
apigee.environments.getDataLocation
apigee.environments.getIamPolicy
apigee.environments.getStats
apigee.environments.list
apigee.environments.manageRuntime
apigee.environments.setIamPolicy
apigee.environments.update
apigee.flowhooks.attachSharedFlow
apigee.flowhooks.detachSharedFlow
apigee.flowhooks.getSharedFlow
apigee.flowhooks.list
apigee.keystorealiases.create
apigee.keystorealiases.delete
apigee.keystorealiases.exportCertificate
apigee.keystorealiases.generateCSR
apigee.keystorealiases.get
apigee.keystorealiases.list
apigee.keystorealiases.update
apigee.keystores.create
apigee.keystores.delete
apigee.keystores.export
apigee.keystores.get
apigee.keystores.list
apigee.keyvaluemaps.create
apigee.keyvaluemaps.delete
apigee.keyvaluemaps.list
apigee.maskconfigs.get
apigee.maskconfigs.update
apigee.organizations.create
apigee.organizations.get
apigee.organizations.list
apigee.organizations.update
apigee.proxies.create
apigee.proxies.delete
apigee.proxies.get
apigee.proxies.list
apigee.proxyrevisions.delete
apigee.proxyrevisions.deploy
apigee.proxyrevisions.get
apigee.proxyrevisions.list
apigee.proxyrevisions.undeploy
apigee.proxyrevisions.update
apigee.queries.create
apigee.queries.get
apigee.queries.list
apigee.references.create
apigee.references.delete
apigee.references.get
apigee.references.list
apigee.references.update
apigee.reports.create
apigee.reports.delete
apigee.reports.get
apigee.reports.list
apigee.reports.update
apigee.resourcefiles.create
apigee.resourcefiles.delete
apigee.resourcefiles.get
apigee.resourcefiles.list
apigee.resourcefiles.update
apigee.sharedflowrevisions.delete
apigee.sharedflowrevisions.deploy
apigee.sharedflowrevisions.get
apigee.sharedflowrevisions.list
apigee.sharedflowrevisions.undeploy
apigee.sharedflowrevisions.update
apigee.sharedflows.create
apigee.sharedflows.delete
apigee.sharedflows.get
apigee.sharedflows.list
apigee.targetservers.create
apigee.targetservers.delete
apigee.targetservers.get
apigee.targetservers.list
apigee.targetservers.update
apigee.tracesessions.create
apigee.tracesessions.delete
apigee.tracesessions.get
apigee.tracesessions.list
Apigee Connect Now GA apigeeconnect.connections.list
apigeeconnect.endpoints.connect
Recommendations AI Added automlrecommendations.events.rejoin
automlrecommendations.placements.create
automlrecommendations.placements.delete
automlrecommendations.recommendations.create
automlrecommendations.recommendations.delete
automlrecommendations.recommendations.pause
automlrecommendations.recommendations.resume
automlrecommendations.recommendations.update
Recommendations AI Supported In Custom Roles automlrecommendations.events.rejoin
automlrecommendations.placements.create
automlrecommendations.placements.delete
automlrecommendations.placements.list
automlrecommendations.recommendations.create
automlrecommendations.recommendations.delete
automlrecommendations.recommendations.pause
automlrecommendations.recommendations.resume
automlrecommendations.recommendations.update
BigQuery Supported In Custom Roles bigquery.tables.setCategory
Google Cloud Game Servers Now GA gameservices.gameServerClusters.create
gameservices.gameServerClusters.delete
gameservices.gameServerClusters.get
gameservices.gameServerClusters.list
gameservices.gameServerClusters.update
gameservices.gameServerConfigs.create
gameservices.gameServerConfigs.delete
gameservices.gameServerConfigs.get
gameservices.gameServerConfigs.list
gameservices.gameServerDeployments.create
gameservices.gameServerDeployments.delete
gameservices.gameServerDeployments.get
gameservices.gameServerDeployments.list
gameservices.gameServerDeployments.rollout
gameservices.gameServerDeployments.update
gameservices.locations.get
gameservices.locations.list
gameservices.operations.cancel
gameservices.operations.delete
gameservices.operations.get
gameservices.operations.list
gameservices.realms.create
gameservices.realms.delete
gameservices.realms.get
gameservices.realms.list
gameservices.realms.update
Cloud Healthcare API Added healthcare.hl7V2Stores.import
healthcare.locations.get
healthcare.locations.list
Identity and Access Management Added iam.serviceAccounts.disable
iam.serviceAccounts.enable
iam.serviceAccounts.undelete
Identity and Access Management Available In Custom Roles iam.serviceAccounts.undelete
AI Platform Notebooks Added notebooks.instances.checkUpgradability
notebooks.instances.reset
notebooks.instances.setAccelerator
notebooks.instances.setLabels
notebooks.instances.setMachineType
notebooks.instances.start
notebooks.instances.stop
notebooks.instances.upgrade

Cloud IAM changes as of 2020-07-24

Service Change Description
Identity and Access Management Role Updated

The following permissions have been removed from the role roles/iam.securityAdmin (Security Admin):

container.secrets.list
Identity and Access Management Role Updated

The following permissions have been removed from the role roles/iam.securityReviewer (Security Reviewer):

container.secrets.list

Cloud IAM changes as of 2020-07-17

Service Change Description
GKE Hub Now GA

The role roles/gkehub.gatewayAdmin (Connect Gateway Admin) is now GA.

Secret Manager Now GA

The role roles/secretmanager.secretVersionAdder (Secret Manager Secret Version Adder) is now GA.

Secret Manager Now GA

The role roles/secretmanager.secretVersionManager (Secret Manager Secret Version Manager) is now GA.

Cloud Bigtable Added bigtable.backups.create
bigtable.backups.delete
bigtable.backups.get
bigtable.backups.getIamPolicy
bigtable.backups.list
bigtable.backups.restore
bigtable.backups.setIamPolicy
bigtable.backups.update
Cloud Bigtable Supported In Custom Roles bigtable.backups.create
bigtable.backups.delete
bigtable.backups.get
bigtable.backups.getIamPolicy
bigtable.backups.list
bigtable.backups.restore
bigtable.backups.setIamPolicy
bigtable.backups.update
Cloud Bigtable Now GA bigtable.backups.create
bigtable.backups.delete
bigtable.backups.get
bigtable.backups.getIamPolicy
bigtable.backups.list
bigtable.backups.restore
bigtable.backups.setIamPolicy
bigtable.backups.update
Cloud Commerce Consumer Procurement Added consumerprocurement.accounts.create
consumerprocurement.accounts.delete
consumerprocurement.accounts.get
consumerprocurement.accounts.list
consumerprocurement.entitlements.get
consumerprocurement.entitlements.list
consumerprocurement.freeTrials.create
consumerprocurement.freeTrials.get
consumerprocurement.freeTrials.list
consumerprocurement.orders.cancel
consumerprocurement.orders.get
consumerprocurement.orders.list
consumerprocurement.orders.modify
consumerprocurement.orders.place
Cloud Commerce Consumer Procurement Supported In Custom Roles consumerprocurement.accounts.create
consumerprocurement.accounts.delete
consumerprocurement.accounts.get
consumerprocurement.accounts.list
consumerprocurement.entitlements.get
consumerprocurement.entitlements.list
consumerprocurement.freeTrials.create
consumerprocurement.freeTrials.get
consumerprocurement.freeTrials.list
consumerprocurement.orders.cancel
consumerprocurement.orders.get
consumerprocurement.orders.list
consumerprocurement.orders.modify
consumerprocurement.orders.place
GKE Hub Added gkehub.gateway.delete
gkehub.gateway.get
gkehub.gateway.getIamPolicy
gkehub.gateway.patch
gkehub.gateway.post
gkehub.gateway.put
gkehub.gateway.setIamPolicy
GKE Hub Now GA gkehub.gateway.delete
gkehub.gateway.get
gkehub.gateway.getIamPolicy
gkehub.gateway.patch
gkehub.gateway.post
gkehub.gateway.put
gkehub.gateway.setIamPolicy

Cloud IAM changes as of 2020-07-10

Service Change Description
Cloud Monitoring Now GA

The role roles/monitoring.servicesEditor (Monitoring Services Editor) is now GA.

Cloud Monitoring Now GA

The role roles/monitoring.servicesViewer (Monitoring Services Viewer) is now GA.

NetApp Cloud Volumes Service Added cloudvolumesgcp-api.netapp.com/activeDirectories.create
cloudvolumesgcp-api.netapp.com/activeDirectories.delete
cloudvolumesgcp-api.netapp.com/activeDirectories.get
cloudvolumesgcp-api.netapp.com/activeDirectories.list
cloudvolumesgcp-api.netapp.com/activeDirectories.update
cloudvolumesgcp-api.netapp.com/ipRanges.list
cloudvolumesgcp-api.netapp.com/jobs.get
cloudvolumesgcp-api.netapp.com/jobs.list
cloudvolumesgcp-api.netapp.com/regions.list
cloudvolumesgcp-api.netapp.com/serviceLevels.list
cloudvolumesgcp-api.netapp.com/snapshots.create
cloudvolumesgcp-api.netapp.com/snapshots.delete
cloudvolumesgcp-api.netapp.com/snapshots.get
cloudvolumesgcp-api.netapp.com/snapshots.list
cloudvolumesgcp-api.netapp.com/snapshots.update
cloudvolumesgcp-api.netapp.com/volumes.create
cloudvolumesgcp-api.netapp.com/volumes.delete
cloudvolumesgcp-api.netapp.com/volumes.get
cloudvolumesgcp-api.netapp.com/volumes.list
cloudvolumesgcp-api.netapp.com/volumes.update
Cloud Monitoring Added monitoring.services.create
monitoring.services.delete
monitoring.services.get
monitoring.services.list
monitoring.services.update
monitoring.slos.create
monitoring.slos.delete
monitoring.slos.get
monitoring.slos.list
monitoring.slos.update
Cloud Monitoring Supported In Custom Roles monitoring.services.create
monitoring.services.delete
monitoring.services.get
monitoring.services.list
monitoring.services.update
monitoring.slos.create
monitoring.slos.delete
monitoring.slos.get
monitoring.slos.list
monitoring.slos.update
Cloud Monitoring Now GA monitoring.services.create
monitoring.services.delete
monitoring.services.get
monitoring.services.list
monitoring.services.update
monitoring.slos.create
monitoring.slos.delete
monitoring.slos.get
monitoring.slos.list
monitoring.slos.update
Network Security Added networksecurity.authorizationPolicies.create
networksecurity.authorizationPolicies.delete
networksecurity.authorizationPolicies.get
networksecurity.authorizationPolicies.getIamPolicy
networksecurity.authorizationPolicies.list
networksecurity.authorizationPolicies.setIamPolicy
networksecurity.authorizationPolicies.update
networksecurity.authorizationPolicies.use
networksecurity.clientTlsPolicies.create
networksecurity.clientTlsPolicies.delete
networksecurity.clientTlsPolicies.get
networksecurity.clientTlsPolicies.getIamPolicy
networksecurity.clientTlsPolicies.list
networksecurity.clientTlsPolicies.setIamPolicy
networksecurity.clientTlsPolicies.update
networksecurity.clientTlsPolicies.use
networksecurity.locations.get
networksecurity.locations.list
networksecurity.operations.cancel
networksecurity.operations.delete
networksecurity.operations.get
networksecurity.operations.list
networksecurity.serverTlsPolicies.create
networksecurity.serverTlsPolicies.delete
networksecurity.serverTlsPolicies.get
networksecurity.serverTlsPolicies.getIamPolicy
networksecurity.serverTlsPolicies.list
networksecurity.serverTlsPolicies.setIamPolicy
networksecurity.serverTlsPolicies.update
networksecurity.serverTlsPolicies.use
Network Security Supported In Custom Roles networksecurity.authorizationPolicies.create
networksecurity.authorizationPolicies.delete
networksecurity.authorizationPolicies.get
networksecurity.authorizationPolicies.getIamPolicy
networksecurity.authorizationPolicies.list
networksecurity.authorizationPolicies.setIamPolicy
networksecurity.authorizationPolicies.update
networksecurity.authorizationPolicies.use
networksecurity.clientTlsPolicies.create
networksecurity.clientTlsPolicies.delete
networksecurity.clientTlsPolicies.get
networksecurity.clientTlsPolicies.getIamPolicy
networksecurity.clientTlsPolicies.list
networksecurity.clientTlsPolicies.setIamPolicy
networksecurity.clientTlsPolicies.update
networksecurity.clientTlsPolicies.use
networksecurity.locations.get
networksecurity.locations.list
networksecurity.operations.cancel
networksecurity.operations.delete
networksecurity.operations.get
networksecurity.operations.list
networksecurity.serverTlsPolicies.create
networksecurity.serverTlsPolicies.delete
networksecurity.serverTlsPolicies.get
networksecurity.serverTlsPolicies.getIamPolicy
networksecurity.serverTlsPolicies.list
networksecurity.serverTlsPolicies.setIamPolicy
networksecurity.serverTlsPolicies.update
networksecurity.serverTlsPolicies.use
Network Services Added networkservices.endpointConfigSelectors.create
networkservices.endpointConfigSelectors.delete
networkservices.endpointConfigSelectors.get
networkservices.endpointConfigSelectors.getIamPolicy
networkservices.endpointConfigSelectors.list
networkservices.endpointConfigSelectors.setIamPolicy
networkservices.endpointConfigSelectors.update
networkservices.endpointConfigSelectors.use
networkservices.httpFilters.create
networkservices.httpFilters.delete
networkservices.httpFilters.get
networkservices.httpFilters.getIamPolicy
networkservices.httpFilters.list
networkservices.httpFilters.setIamPolicy
networkservices.httpFilters.update
networkservices.httpFilters.use
networkservices.locations.get
networkservices.locations.list
networkservices.operations.cancel
networkservices.operations.delete
networkservices.operations.get
networkservices.operations.list
Network Services Supported In Custom Roles networkservices.endpointConfigSelectors.create
networkservices.endpointConfigSelectors.delete
networkservices.endpointConfigSelectors.get
networkservices.endpointConfigSelectors.getIamPolicy
networkservices.endpointConfigSelectors.list
networkservices.endpointConfigSelectors.setIamPolicy
networkservices.endpointConfigSelectors.update
networkservices.endpointConfigSelectors.use
networkservices.httpFilters.create
networkservices.httpFilters.delete
networkservices.httpFilters.get
networkservices.httpFilters.getIamPolicy
networkservices.httpFilters.list
networkservices.httpFilters.setIamPolicy
networkservices.httpFilters.update
networkservices.httpFilters.use
networkservices.locations.get
networkservices.locations.list
networkservices.operations.cancel
networkservices.operations.delete
networkservices.operations.get
networkservices.operations.list
Pub/Sub Added pubsub.topics.detachSubscription
Pub/Sub Now GA pubsub.topics.detachSubscription
reCAPTCHA Enterprise Added recaptchaenterprise.metrics.get
reCAPTCHA Enterprise Supported In Custom Roles recaptchaenterprise.metrics.get
Recommender Added recommender.computeDiskIdleResourceInsights.get
recommender.computeDiskIdleResourceInsights.list
recommender.computeDiskIdleResourceInsights.update
Recommender Supported In Custom Roles recommender.computeDiskIdleResourceInsights.get
recommender.computeDiskIdleResourceInsights.list
recommender.computeDiskIdleResourceInsights.update
Recommender Now GA recommender.computeDiskIdleResourceInsights.get
recommender.computeDiskIdleResourceInsights.list
recommender.computeDiskIdleResourceInsights.update

Cloud IAM changes as of 2020-06-26

Service Change Description
Apigee Role Updated

The following permissions have been added to the role roles/apigee.analyticsViewer (Apigee Analytics Viewer):

apigee.queries.get
apigee.queries.list
apigee.reports.get
apigee.reports.list
Cloud Billing Role Updated

The following permissions have been added to the role roles/billing.admin (Billing Account Administrator):

dataprocessing.groupcontrols.list
Cloud Billing Role Updated

The following permissions have been added to the role roles/billing.viewer (Billing Account Viewer):

dataprocessing.groupcontrols.list
Cloud Composer Role Updated

The following permissions have been added to the role roles/composer.worker (Composer Worker):

monitoring.timeSeries.list
Dataproc Role Updated

The following permissions have been added to the role roles/dataproc.viewer (Dataproc Viewer):

compute.zones.list
Customer Usage Data Processing Role Updated

The following permissions have been added to the role roles/dataprocessing.admin (Data Processing Controls Resource Admin):

billing.accounts.get
billing.accounts.list
Basic Role Role Updated

The following permissions have been added to the role roles/editor (Editor):

containeranalysis.notes.getIamPolicy
containeranalysis.occurrences.getIamPolicy
Basic Role Role Updated

The following permissions have been added to the role roles/viewer (Viewer):

containeranalysis.notes.getIamPolicy
containeranalysis.occurrences.getIamPolicy
Serverless VPC Access Now GA

The role roles/vpcaccess.user (Serverless VPC Access User) is now GA.

Serverless VPC Access Now GA

The role roles/vpcaccess.viewer (Serverless VPC Access Viewer) is now GA.

Compute Engine Added compute.images.update
compute.instances.getEffectiveFirewalls
compute.networks.getEffectiveFirewalls
compute.organizations.listAssociations
compute.organizations.setSecurityPolicy
compute.securityPolicies.addAssociation
compute.securityPolicies.copyRules
compute.securityPolicies.move
compute.securityPolicies.removeAssociation
Compute Engine Supported In Custom Roles compute.instances.getEffectiveFirewalls
compute.networks.getEffectiveFirewalls
compute.organizations.listAssociations
compute.organizations.setSecurityPolicy
compute.securityPolicies.addAssociation
compute.securityPolicies.copyRules
compute.securityPolicies.move
compute.securityPolicies.removeAssociation
Container Analysis Added containeranalysis.notes.attachOccurrence
containeranalysis.notes.create
containeranalysis.notes.delete
containeranalysis.notes.get
containeranalysis.notes.getIamPolicy
containeranalysis.notes.list
containeranalysis.notes.listOccurrences
containeranalysis.notes.setIamPolicy
containeranalysis.notes.update
containeranalysis.occurrences.create
containeranalysis.occurrences.delete
containeranalysis.occurrences.get
containeranalysis.occurrences.getIamPolicy
containeranalysis.occurrences.list
containeranalysis.occurrences.setIamPolicy
containeranalysis.occurrences.update
Container Analysis Supported In Custom Roles containeranalysis.notes.attachOccurrence
containeranalysis.notes.create
containeranalysis.notes.delete
containeranalysis.notes.get
containeranalysis.notes.getIamPolicy
containeranalysis.notes.list
containeranalysis.notes.listOccurrences
containeranalysis.notes.setIamPolicy
containeranalysis.notes.update
containeranalysis.occurrences.create
containeranalysis.occurrences.delete
containeranalysis.occurrences.get
containeranalysis.occurrences.getIamPolicy
containeranalysis.occurrences.list
containeranalysis.occurrences.setIamPolicy
containeranalysis.occurrences.update
Recommender Added recommender.iamServiceAccountInsights.get
recommender.iamServiceAccountInsights.list
recommender.iamServiceAccountInsights.update
Recommender Supported In Custom Roles recommender.iamServiceAccountInsights.get
recommender.iamServiceAccountInsights.list
recommender.iamServiceAccountInsights.update
Recommender Now GA recommender.iamServiceAccountInsights.get
recommender.iamServiceAccountInsights.list
recommender.iamServiceAccountInsights.update
Cloud Spanner Added spanner.databases.beginPartitionedDmlTransaction
spanner.databases.partitionQuery
spanner.databases.partitionRead
Cloud Spanner Supported In Custom Roles spanner.databases.beginPartitionedDmlTransaction
spanner.databases.partitionQuery
spanner.databases.partitionRead
Cloud Spanner Now GA spanner.databases.beginPartitionedDmlTransaction
spanner.databases.partitionQuery
spanner.databases.partitionRead

Cloud IAM changes as of 2020-06-19

Service Change Description
Actions Role Updated

The following permissions have been added to the role roles/actions.Admin (Actions Admin):

serviceusage.services.use
Actions Role Updated

The following permissions have been added to the role roles/actions.Viewer (Actions Viewer):

serviceusage.services.use
Container Analysis Now GA

The role roles/containeranalysis.admin (Container Analysis Admin) is now GA.

Container Analysis Now GA

The role roles/containeranalysis.notes.attacher (Container Analysis Notes Attacher) is now GA.

Container Analysis Now GA

The role roles/containeranalysis.notes.editor (Container Analysis Notes Editor) is now GA.

Container Analysis Now GA

The role roles/containeranalysis.notes.viewer (Container Analysis Notes Viewer) is now GA.

Container Analysis Now GA

The role roles/containeranalysis.occurrences.editor (Container Analysis Occurrences Editor) is now GA.

Container Analysis Now GA

The role roles/containeranalysis.occurrences.viewer (Container Analysis Occurrences Viewer) is now GA.

Cloud OS Config Now GA

The role roles/osconfig.assignmentAdmin (Assignment Admin) is now GA.

Cloud OS Config Now GA

The role roles/osconfig.assignmentEditor (Assignment Editor) is now GA.

Cloud OS Config Now GA

The role roles/osconfig.assignmentViewer (Assignment Viewer) is now GA.

Cloud OS Config Now GA

The role roles/osconfig.osConfigAdmin (OsConfig Admin) is now GA.

Cloud OS Config Now GA

The role roles/osconfig.osConfigEditor (OsConfig Editor) is now GA.

Cloud OS Config Now GA

The role roles/osconfig.osConfigViewer (OsConfig Viewer) is now GA.

Cloud OS Config Now GA

The role roles/osconfig.patchDeploymentAdmin (PatchDeployment Admin) is now GA.

Cloud OS Config Now GA

The role roles/osconfig.patchDeploymentViewer (PatchDeployment Viewer) is now GA.

Cloud OS Config Now GA

The role roles/osconfig.patchJobExecutor (Patch Job Executor) is now GA.

Cloud OS Config Now GA

The role roles/osconfig.patchJobViewer (Patch Job Viewer) is now GA.

Basic Role Role Updated

The following permissions have been removed from the role roles/viewer (Viewer):

apigee.appkeys.create
BigQuery Supported In Custom Roles bigquery.connections.create
bigquery.connections.delete
bigquery.connections.get
bigquery.connections.getIamPolicy
bigquery.connections.list
bigquery.connections.setIamPolicy
bigquery.connections.update
bigquery.connections.use
Compute Engine Added compute.instances.update
Compute Engine Supported In Custom Roles compute.instances.update
Compute Engine Now GA compute.instances.update
Filestore Added file.backups.create
file.backups.delete
file.backups.get
file.backups.list
file.backups.update
GKE Hub Added gkehub.features.create
gkehub.features.delete
gkehub.features.get
gkehub.features.getIamPolicy
gkehub.features.list
gkehub.features.setIamPolicy
gkehub.features.update
GKE Hub Now GA gkehub.features.create
gkehub.features.delete
gkehub.features.get
gkehub.features.getIamPolicy
gkehub.features.list
gkehub.features.setIamPolicy
gkehub.features.update
Cloud OS Config Now GA osconfig.patchDeployments.create
osconfig.patchDeployments.delete
osconfig.patchDeployments.execute
osconfig.patchDeployments.get
osconfig.patchDeployments.list
osconfig.patchDeployments.update
osconfig.patchJobs.exec
osconfig.patchJobs.get
osconfig.patchJobs.list
Pub/Sub Lite Added pubsublite.subscriptions.create
pubsublite.subscriptions.delete
pubsublite.subscriptions.get
pubsublite.subscriptions.getCursor
pubsublite.subscriptions.list
pubsublite.subscriptions.setCursor
pubsublite.subscriptions.subscribe
pubsublite.subscriptions.update
pubsublite.topics.create
pubsublite.topics.delete
pubsublite.topics.get
pubsublite.topics.getPartitions
pubsublite.topics.list
pubsublite.topics.listSubscriptions
pubsublite.topics.publish
pubsublite.topics.subscribe
pubsublite.topics.update
Pub/Sub Lite Supported In Custom Roles pubsublite.subscriptions.create
pubsublite.subscriptions.delete
pubsublite.subscriptions.get
pubsublite.subscriptions.getCursor
pubsublite.subscriptions.list
pubsublite.subscriptions.setCursor
pubsublite.subscriptions.subscribe
pubsublite.subscriptions.update
pubsublite.topics.create
pubsublite.topics.delete
pubsublite.topics.get
pubsublite.topics.getPartitions
pubsublite.topics.list
pubsublite.topics.listSubscriptions
pubsublite.topics.publish
pubsublite.topics.subscribe
pubsublite.topics.update
Google Cloud VMware Engine Now GA

The role roles/vmwareengine.vmwareengineAdmin (VMWare Engine Service Admin) is now GA.

Google Cloud VMware Engine Now GA

The role roles/vmwareengine.vmwareengineViewer (VMWare Engine Service Viewer) is now GA.

Google Cloud VMware Engine Added vmwareengine.googleapis.com/services.use
vmwareengine.googleapis.com/services.view
vmwareengine.services.use
vmwareengine.services.view
Google Cloud VMware Engine Supported In Custom Roles vmwareengine.googleapis.com/services.use
vmwareengine.googleapis.com/services.view
vmwareengine.services.use
vmwareengine.services.view
Google Cloud VMware Engine Now GA vmwareengine.googleapis.com/services.use
vmwareengine.googleapis.com/services.view
vmwareengine.services.use
vmwareengine.services.view

Cloud IAM changes as of 2020-06-12

Service Change Description
Customer Usage Data Processing Now GA

The role roles/dataprocessing.admin (Data Processing Controls Resource Admin) is now GA.

Customer Usage Data Processing Now GA

The role roles/dataprocessing.iamAccessHistoryExporter (Data Processing IAM Access History Exporter) is now GA.

Cloud Data Loss Prevention Now GA

The role roles/dlp.inspectFindingsReader (DLP Inspect Findings Reader) is now GA.

GKE Hub Now GA

The role roles/gkehub.admin (GKE Hub Admin) is now GA.

GKE Hub Now GA

The role roles/gkehub.connect (GKE Hub Connection Agent) is now GA.

GKE Hub Now GA

The role roles/gkehub.viewer (GKE Hub Viewer) is now GA.

Cloud Life Sciences Role Updated

The following permissions have been added to the role roles/lifesciences.viewer (Cloud Life Sciences Viewer):

resourcemanager.projects.get
resourcemanager.projects.list
Cloud Monitoring Now GA

The role roles/monitoring.dashboardEditor (Monitoring Dashboard Configuration Editor) is now GA.

Cloud Monitoring Now GA

The role roles/monitoring.dashboardViewer (Monitoring Dashboard Configuration Viewer) is now GA.

Apigee Connect Added apigeeconnect.connections.list
apigeeconnect.endpoints.connect
Apigee Connect Supported In Custom Roles apigeeconnect.connections.list
apigeeconnect.endpoints.connect
Service Usage Added apikeys.keys.create
apikeys.keys.delete
apikeys.keys.get
apikeys.keys.list
apikeys.keys.lookup
apikeys.keys.update
Recommendations AI Supported In Custom Roles automlrecommendations.events.create
BigQuery Added bigquery.tables.getIamPolicy
bigquery.tables.setIamPolicy
BigQuery Supported In Custom Roles bigquery.tables.getIamPolicy
bigquery.tables.setIamPolicy
Cloud Asset Inventory Added cloudasset.assets.exportCloudkmsImportJobs
Cloud Asset Inventory Supported In Custom Roles cloudasset.assets.exportCloudkmsImportJobs
Cloud Asset Inventory Now GA cloudasset.assets.searchAllIamPolicies
cloudasset.assets.searchAllResources
Compute Engine Added compute.globalPublicDelegatedPrefixes.create
compute.globalPublicDelegatedPrefixes.delete
compute.globalPublicDelegatedPrefixes.get
compute.globalPublicDelegatedPrefixes.list
compute.globalPublicDelegatedPrefixes.update
compute.globalPublicDelegatedPrefixes.updatePolicy
compute.globalPublicDelegatedPrefixes.use
compute.publicAdvertisedPrefixes.create
compute.publicAdvertisedPrefixes.delete
compute.publicAdvertisedPrefixes.get
compute.publicAdvertisedPrefixes.list
compute.publicAdvertisedPrefixes.update
compute.publicAdvertisedPrefixes.updatePolicy
compute.publicAdvertisedPrefixes.use
compute.publicDelegatedPrefixes.create
compute.publicDelegatedPrefixes.delete
compute.publicDelegatedPrefixes.get
compute.publicDelegatedPrefixes.list
compute.publicDelegatedPrefixes.update
compute.publicDelegatedPrefixes.updatePolicy
compute.publicDelegatedPrefixes.use
Compute Engine Supported In Custom Roles compute.globalPublicDelegatedPrefixes.create
compute.globalPublicDelegatedPrefixes.delete
compute.globalPublicDelegatedPrefixes.get
compute.globalPublicDelegatedPrefixes.list
compute.globalPublicDelegatedPrefixes.update
compute.globalPublicDelegatedPrefixes.updatePolicy
compute.globalPublicDelegatedPrefixes.use
compute.publicAdvertisedPrefixes.create
compute.publicAdvertisedPrefixes.delete
compute.publicAdvertisedPrefixes.get
compute.publicAdvertisedPrefixes.list
compute.publicAdvertisedPrefixes.update
compute.publicAdvertisedPrefixes.updatePolicy
compute.publicAdvertisedPrefixes.use
compute.publicDelegatedPrefixes.create
compute.publicDelegatedPrefixes.delete
compute.publicDelegatedPrefixes.get
compute.publicDelegatedPrefixes.list
compute.publicDelegatedPrefixes.update
compute.publicDelegatedPrefixes.updatePolicy
compute.publicDelegatedPrefixes.use
Cloud Data Fusion Added datafusion.instances.runtime
Customer Usage Data Processing Now GA dataprocessing.featurecontrols.list
dataprocessing.featurecontrols.update
dataprocessing.groupcontrols.list
dataprocessing.groupcontrols.update
Cloud Data Loss Prevention Added dlp.inspectFindings.list
dlp.jobTriggers.hybridInspect
dlp.jobs.hybridInspect
Cloud Data Loss Prevention Now GA dlp.inspectFindings.list
dlp.jobTriggers.hybridInspect
dlp.jobs.hybridInspect
GKE Hub Now GA gkehub.endpoints.connect
gkehub.locations.get
gkehub.locations.list
gkehub.memberships.create
gkehub.memberships.delete
gkehub.memberships.generateConnectManifest
gkehub.memberships.get
gkehub.memberships.getIamPolicy
gkehub.memberships.list
gkehub.memberships.setIamPolicy
gkehub.memberships.update
gkehub.operations.cancel
gkehub.operations.get
gkehub.operations.list
Cloud Healthcare API Added healthcare.fhirResources.translateConceptMap
Cloud Healthcare API Supported In Custom Roles healthcare.fhirResources.translateConceptMap
Cloud Healthcare API Now GA healthcare.fhirResources.translateConceptMap
Recommender Added recommender.computeDiskIdleResourceRecommendations.get
recommender.computeDiskIdleResourceRecommendations.list
recommender.computeDiskIdleResourceRecommendations.update
Recommender Supported In Custom Roles recommender.computeDiskIdleResourceRecommendations.get
recommender.computeDiskIdleResourceRecommendations.list
recommender.computeDiskIdleResourceRecommendations.update
Recommender Now GA recommender.computeDiskIdleResourceRecommendations.get
recommender.computeDiskIdleResourceRecommendations.list
recommender.computeDiskIdleResourceRecommendations.update

Cloud IAM changes as of 2020-05-22

Service Change Description
Basic Role Role Updated

The following permissions have been added to the role roles/owner (Owner):

apigee.appkeys.create

Cloud IAM changes as of 2020-03-27

Service Change Description
AI Platform Notebooks Role Updated

The following permissions have been added to the role roles/notebooks.admin (Notebooks Admin):

compute.acceleratorTypes.list
compute.diskTypes.list
compute.machineTypes.list
compute.subnetworks.list
AI Platform Notebooks Role Updated

The following permissions have been added to the role roles/notebooks.runner (Notebooks Runner):

compute.acceleratorTypes.list
compute.diskTypes.list
compute.machineTypes.list
compute.subnetworks.list
notebooks.environments.get
notebooks.environments.getIamPolicy
notebooks.environments.list
notebooks.instances.get
notebooks.instances.getIamPolicy
notebooks.instances.list
notebooks.locations.get
notebooks.locations.list
notebooks.operations.get
notebooks.operations.list
AI Platform Notebooks Role Updated

The following permissions have been added to the role roles/notebooks.viewer (Notebooks Viewer):

compute.acceleratorTypes.list
compute.diskTypes.list
compute.machineTypes.list
compute.subnetworks.list

Cloud IAM changes as of 2020-03-20

Service Change Description
Data Catalog Now GA

The role roles/datacatalog.admin (Data Catalog Admin) is now GA.

Data Catalog Now GA

The role roles/datacatalog.entryGroupCreator (DataCatalog EntryGroup Creator) is now GA.

Data Catalog Now GA

The role roles/datacatalog.entryGroupOwner (DataCatalog entryGroup Owner) is now GA.

Data Catalog Now GA

The role roles/datacatalog.entryOwner (DataCatalog entry Owner) is now GA.

Data Catalog Now GA

The role roles/datacatalog.entryViewer (DataCatalog Entry Viewer) is now GA.

Data Catalog Now GA

The role roles/datacatalog.tagEditor (Data Catalog Tag Editor) is now GA.

Data Catalog Now GA

The role roles/datacatalog.tagTemplateCreator (Data Catalog TagTemplate Creator) is now GA.

Data Catalog Now GA

The role roles/datacatalog.tagTemplateOwner (Data Catalog TagTemplate Owner) is now GA.

Data Catalog Now GA

The role roles/datacatalog.tagTemplateUser (Data Catalog TagTemplate User) is now GA.

Data Catalog Now GA

The role roles/datacatalog.tagTemplateViewer (Data Catalog TagTemplate Viewer) is now GA.

Data Catalog Now GA

The role roles/datacatalog.viewer (Data Catalog Viewer) is now GA.

Cloud Bigtable Added bigtable.keyvisualizer.get
bigtable.keyvisualizer.list
Cloud Bigtable Supported In Custom Roles bigtable.keyvisualizer.get
bigtable.keyvisualizer.list
Cloud Bigtable Now GA bigtable.keyvisualizer.get
bigtable.keyvisualizer.list
Cloud Asset Inventory Added cloudasset.assets.analyzeIamPolicy
Cloud Asset Inventory Supported In Custom Roles cloudasset.assets.analyzeIamPolicy
Data Catalog Supported In Custom Roles datacatalog.entries.list
datacatalog.entries.updateTag
datacatalog.entryGroups.update
Data Catalog Now GA datacatalog.entries.create
datacatalog.entries.delete
datacatalog.entries.get
datacatalog.entries.getIamPolicy
datacatalog.entries.list
datacatalog.entries.setIamPolicy
datacatalog.entries.update
datacatalog.entries.updateTag
datacatalog.entryGroups.create
datacatalog.entryGroups.delete
datacatalog.entryGroups.get
datacatalog.entryGroups.getIamPolicy
datacatalog.entryGroups.list
datacatalog.entryGroups.setIamPolicy
datacatalog.entryGroups.update
datacatalog.tagTemplates.create
datacatalog.tagTemplates.delete
datacatalog.tagTemplates.get
datacatalog.tagTemplates.getIamPolicy
datacatalog.tagTemplates.getTag
datacatalog.tagTemplates.setIamPolicy
datacatalog.tagTemplates.update
datacatalog.tagTemplates.use
Customer Usage Data Processing Added dataprocessing.groupcontrols.list
dataprocessing.groupcontrols.update
Customer Usage Data Processing Supported In Custom Roles dataprocessing.featurecontrols.list
dataprocessing.featurecontrols.update
dataprocessing.groupcontrols.list
dataprocessing.groupcontrols.update
Memorystore for Memcached Added memcache.instances.applyParameters
memcache.instances.create
memcache.instances.delete
memcache.instances.get
memcache.instances.list
memcache.instances.update
memcache.instances.updateParameters
memcache.locations.get
memcache.locations.list
memcache.operations.cancel
memcache.operations.delete
memcache.operations.get
memcache.operations.list
Memorystore for Memcached Supported In Custom Roles memcache.instances.applyParameters
memcache.instances.create
memcache.instances.delete
memcache.instances.get
memcache.instances.list
memcache.instances.update
memcache.instances.updateParameters
memcache.locations.get
memcache.locations.list
memcache.operations.cancel
memcache.operations.delete
memcache.operations.get
memcache.operations.list
Cloud OS Config Added osconfig.guestPolicies.create
osconfig.guestPolicies.delete
osconfig.guestPolicies.get
osconfig.guestPolicies.list
osconfig.guestPolicies.update
osconfig.patchDeployments.create
osconfig.patchDeployments.delete
osconfig.patchDeployments.execute
osconfig.patchDeployments.get
osconfig.patchDeployments.list
osconfig.patchDeployments.update
osconfig.patchJobs.exec
osconfig.patchJobs.get
osconfig.patchJobs.list
Cloud OS Config Supported In Custom Roles osconfig.guestPolicies.create
osconfig.guestPolicies.delete
osconfig.guestPolicies.get
osconfig.guestPolicies.list
osconfig.guestPolicies.update
osconfig.patchDeployments.create
osconfig.patchDeployments.delete
osconfig.patchDeployments.execute
osconfig.patchDeployments.get
osconfig.patchDeployments.list
osconfig.patchDeployments.update
osconfig.patchJobs.exec
osconfig.patchJobs.get
osconfig.patchJobs.list

Cloud IAM changes as of 2020-03-13

Service Change Description
Access Context Manager Now GA

The role roles/accesscontextmanager.vpcScTroubleshooterViewer (VPC Service Controls Troubleshooter Viewer) is now GA.

Cloud Healthcare API Now GA

The role roles/healthcare.annotationEditor (Healthcare Annotation Editor) is now GA.

Cloud Healthcare API Now GA

The role roles/healthcare.annotationReader (Healthcare Annotation Reader) is now GA.

Cloud Healthcare API Now GA

The role roles/healthcare.annotationStoreAdmin (Healthcare Annotation Administrator) is now GA.

Cloud Healthcare API Now GA

The role roles/healthcare.annotationStoreViewer (Healthcare Annotation Store Viewer) is now GA.

Cloud Healthcare API Now GA

The role roles/healthcare.datasetAdmin (Healthcare Dataset Administrator) is now GA.

Cloud Healthcare API Now GA

The role roles/healthcare.datasetViewer (Healthcare Dataset Viewer) is now GA.

Cloud Healthcare API Now GA

The role roles/healthcare.dicomEditor (Healthcare DICOM Editor) is now GA.

Cloud Healthcare API Now GA

The role roles/healthcare.dicomStoreAdmin (Healthcare DICOM Store Administrator) is now GA.

Cloud Healthcare API Now GA

The role roles/healthcare.dicomStoreViewer (Healthcare DICOM Store Viewer) is now GA.

Cloud Healthcare API Now GA

The role roles/healthcare.dicomViewer (Healthcare DICOM Viewer) is now GA.

Cloud Healthcare API Now GA

The role roles/healthcare.fhirResourceEditor (Healthcare FHIR Resource Editor) is now GA.

Cloud Healthcare API Now GA

The role roles/healthcare.fhirResourceReader (Healthcare FHIR Resource Reader) is now GA.

Cloud Healthcare API Now GA

The role roles/healthcare.fhirStoreAdmin (Healthcare FHIR Store Administrator) is now GA.

Cloud Healthcare API Now GA

The role roles/healthcare.fhirStoreViewer (Healthcare FHIR Store Viewer) is now GA.

Cloud Healthcare API Now GA

The role roles/healthcare.hl7V2Consumer (Healthcare HL7v2 Message Consumer) is now GA.

Cloud Healthcare API Now GA

The role roles/healthcare.hl7V2Editor (Healthcare HL7v2 Message Editor) is now GA.

Cloud Healthcare API Now GA

The role roles/healthcare.hl7V2Ingest (Healthcare HL7v2 Message Ingest) is now GA.

Cloud Healthcare API Now GA

The role roles/healthcare.hl7V2StoreAdmin (Healthcare HL7v2 Store Administrator) is now GA.

Cloud Healthcare API Now GA

The role roles/healthcare.hl7V2StoreViewer (Healthcare HL7v2 Store Viewer) is now GA.

Identity Platform Role Updated

The following permissions have been added to the role roles/identityplatform.admin (Identity Platform Admin):

firebaseauth.configs.create
firebaseauth.configs.get
firebaseauth.configs.getHashConfig
firebaseauth.configs.update
firebaseauth.users.create
firebaseauth.users.createSession
firebaseauth.users.delete
firebaseauth.users.get
firebaseauth.users.sendEmail
firebaseauth.users.update
Identity Platform Role Updated

The following permissions have been added to the role roles/identityplatform.viewer (Identity Platform Viewer):

firebaseauth.configs.get
firebaseauth.users.get
AI Platform Role Updated

The following permissions have been added to the role roles/ml.developer (ML Engine Developer):

ml.studies.create
ml.studies.delete
ml.studies.get
ml.studies.getIamPolicy
ml.studies.list
ml.studies.setIamPolicy
ml.trials.create
ml.trials.delete
ml.trials.get
ml.trials.list
ml.trials.update
AI Platform Role Updated

The following permissions have been added to the role roles/ml.viewer (ML Engine Viewer):

ml.studies.get
ml.studies.getIamPolicy
ml.studies.list
ml.trials.get
ml.trials.list
AI Platform Notebooks Role Added

The role roles/notebooks.runner (Notebooks Runner) has been added with the following permissions:

notebooks.instances.create
resourcemanager.projects.get
resourcemanager.projects.list
Recommender Now GA

The role roles/recommender.firewallAdmin (Firewall Recommender Admin) is now GA.

Recommender Now GA

The role roles/recommender.firewallViewer (Firewall Recommender Viewer) is now GA.

Cloud Asset Inventory Added cloudasset.assets.searchAllIamPolicies
cloudasset.assets.searchAllResources
Cloud Asset Inventory Supported In Custom Roles cloudasset.assets.searchAllIamPolicies
cloudasset.assets.searchAllResources
Compute Engine Added compute.instances.getScreenshot
compute.networks.access
Compute Engine Supported In Custom Roles compute.instances.getScreenshot
compute.networks.access
Compute Engine Now GA compute.networks.access
Dataflow Added dataflow.jobs.snapshot
dataflow.snapshots.delete
dataflow.snapshots.get
dataflow.snapshots.list
Dataflow Supported In Custom Roles dataflow.jobs.snapshot
dataflow.snapshots.delete
dataflow.snapshots.get
dataflow.snapshots.list
Cloud Healthcare API Added healthcare.dicomStores.deidentify
healthcare.fhirStores.deidentify
Cloud Healthcare API Supported In Custom Roles healthcare.dicomStores.deidentify
healthcare.fhirStores.deidentify
healthcare.operations.cancel
Cloud Healthcare API Now GA healthcare.datasets.create
healthcare.datasets.deidentify
healthcare.datasets.delete
healthcare.datasets.get
healthcare.datasets.getIamPolicy
healthcare.datasets.list
healthcare.datasets.setIamPolicy
healthcare.datasets.update
healthcare.dicomStores.create
healthcare.dicomStores.deidentify
healthcare.dicomStores.delete
healthcare.dicomStores.dicomWebDelete
healthcare.dicomStores.dicomWebRead
healthcare.dicomStores.dicomWebWrite
healthcare.dicomStores.export
healthcare.dicomStores.get
healthcare.dicomStores.getIamPolicy
healthcare.dicomStores.import
healthcare.dicomStores.list
healthcare.dicomStores.setIamPolicy
healthcare.dicomStores.update
healthcare.fhirResources.create
healthcare.fhirResources.delete
healthcare.fhirResources.get
healthcare.fhirResources.patch
healthcare.fhirResources.purge
healthcare.fhirResources.update
healthcare.fhirStores.create
healthcare.fhirStores.deidentify
healthcare.fhirStores.delete
healthcare.fhirStores.executeBundle
healthcare.fhirStores.export
healthcare.fhirStores.get
healthcare.fhirStores.getIamPolicy
healthcare.fhirStores.import
healthcare.fhirStores.list
healthcare.fhirStores.searchResources
healthcare.fhirStores.setIamPolicy
healthcare.fhirStores.update
healthcare.hl7V2Messages.create
healthcare.hl7V2Messages.delete
healthcare.hl7V2Messages.get
healthcare.hl7V2Messages.ingest
healthcare.hl7V2Messages.list
healthcare.hl7V2Messages.update
healthcare.hl7V2Stores.create
healthcare.hl7V2Stores.delete
healthcare.hl7V2Stores.get
healthcare.hl7V2Stores.getIamPolicy
healthcare.hl7V2Stores.list
healthcare.hl7V2Stores.setIamPolicy
healthcare.hl7V2Stores.update
healthcare.operations.cancel
healthcare.operations.get
healthcare.operations.list
AI Platform Added ml.studies.create
ml.studies.delete
ml.studies.get
ml.studies.getIamPolicy
ml.studies.list
ml.studies.setIamPolicy
ml.trials.create
ml.trials.delete
ml.trials.get
ml.trials.list
ml.trials.update
AI Platform Now GA ml.studies.create
ml.studies.delete
ml.studies.get
ml.studies.getIamPolicy
ml.studies.list
ml.studies.setIamPolicy
ml.trials.create
ml.trials.delete
ml.trials.get
ml.trials.list
ml.trials.update
Recommender Added recommender.computeFirewallInsights.get
recommender.computeFirewallInsights.list
recommender.computeFirewallInsights.update
recommender.computeInstanceIdleResourceRecommendations.get
recommender.computeInstanceIdleResourceRecommendations.list
recommender.computeInstanceIdleResourceRecommendations.update
recommender.iamPolicyInsights.get
recommender.iamPolicyInsights.list
recommender.iamPolicyInsights.update
Recommender Supported In Custom Roles recommender.computeFirewallInsights.get
recommender.computeFirewallInsights.list
recommender.computeFirewallInsights.update
recommender.computeInstanceIdleResourceRecommendations.get
recommender.computeInstanceIdleResourceRecommendations.list
recommender.computeInstanceIdleResourceRecommendations.update
recommender.iamPolicyInsights.get
recommender.iamPolicyInsights.list
recommender.iamPolicyInsights.update
Recommender Now GA recommender.computeFirewallInsights.get
recommender.computeFirewallInsights.list
recommender.computeFirewallInsights.update
recommender.computeInstanceIdleResourceRecommendations.get
recommender.computeInstanceIdleResourceRecommendations.list
recommender.computeInstanceIdleResourceRecommendations.update
recommender.iamPolicyInsights.get
recommender.iamPolicyInsights.list
recommender.iamPolicyInsights.update

Cloud IAM changes as of 2020-03-06

Service Change Description
Compute Engine Role Updated

The following permissions have been added to the role roles/compute.networkAdmin (Compute Network Admin):

compute.acceleratorTypes.get
compute.acceleratorTypes.list
Compute Engine Role Updated

The following permissions have been added to the role roles/compute.networkViewer (Compute Network Viewer):

compute.acceleratorTypes.get
compute.acceleratorTypes.list
Basic Role Role Updated

The following permissions have been added to the role roles/editor (Editor):

bigquery.bireservations.update
bigquery.reservationAssignments.create
bigquery.reservationAssignments.delete
bigquery.reservations.create
bigquery.reservations.delete
bigquery.reservations.update
identityplatform.workloadPoolProviders.create
identityplatform.workloadPoolProviders.delete
identityplatform.workloadPoolProviders.get
identityplatform.workloadPoolProviders.list
identityplatform.workloadPoolProviders.undelete
identityplatform.workloadPoolProviders.update
identityplatform.workloadPools.create
identityplatform.workloadPools.delete
identityplatform.workloadPools.get
identityplatform.workloadPools.list
identityplatform.workloadPools.undelete
identityplatform.workloadPools.update
servicedirectory.locations.get
servicedirectory.locations.list
Identity and Access Management Role Updated

The following permissions have been added to the role roles/iam.securityAdmin (Security Admin):

identityplatform.workloadPoolProviders.list
identityplatform.workloadPools.list
servicedirectory.locations.list
Identity and Access Management Role Updated

The following permissions have been added to the role roles/iam.securityReviewer (Security Reviewer):

identityplatform.workloadPoolProviders.list
identityplatform.workloadPools.list
servicedirectory.locations.list
Identity Platform Role Added

The role roles/identityplatform.admin (Identity Platform Admin) has been added with the following permissions:

identityplatform.workloadPoolProviders.create
identityplatform.workloadPoolProviders.delete
identityplatform.workloadPoolProviders.get
identityplatform.workloadPoolProviders.list
identityplatform.workloadPoolProviders.undelete
identityplatform.workloadPoolProviders.update
identityplatform.workloadPools.create
identityplatform.workloadPools.delete
identityplatform.workloadPools.get
identityplatform.workloadPools.list
identityplatform.workloadPools.undelete
identityplatform.workloadPools.update
Identity Platform Role Added

The role roles/identityplatform.viewer (Identity Platform Viewer) has been added with the following permissions:

identityplatform.workloadPoolProviders.get
identityplatform.workloadPoolProviders.list
identityplatform.workloadPools.get
identityplatform.workloadPools.list
Network Management API Now GA

The role roles/networkmanagement.admin (Network Management Admin) is now GA.

Network Management API Now GA

The role roles/networkmanagement.viewer (Network Management Viewer) is now GA.

Basic Role Role Updated

The following permissions have been added to the role roles/owner (Owner):

identityplatform.workloadPoolProviders.create
identityplatform.workloadPoolProviders.delete
identityplatform.workloadPoolProviders.get
identityplatform.workloadPoolProviders.list
identityplatform.workloadPoolProviders.undelete
identityplatform.workloadPoolProviders.update
identityplatform.workloadPools.create
identityplatform.workloadPools.delete
identityplatform.workloadPools.get
identityplatform.workloadPools.list
identityplatform.workloadPools.undelete
identityplatform.workloadPools.update
servicedirectory.locations.get
servicedirectory.locations.list
Basic Role Role Updated

The following permissions have been added to the role roles/viewer (Viewer):

identityplatform.workloadPoolProviders.get
identityplatform.workloadPoolProviders.list
identityplatform.workloadPools.get
identityplatform.workloadPools.list
servicedirectory.locations.get
servicedirectory.locations.list
BigQuery Added bigquery.bireservations.get
bigquery.bireservations.update
bigquery.capacityCommitments.create
bigquery.capacityCommitments.delete
bigquery.capacityCommitments.get
bigquery.capacityCommitments.list
bigquery.reservationAssignments.create
bigquery.reservationAssignments.delete
bigquery.reservationAssignments.list
bigquery.reservationAssignments.search
bigquery.reservations.create
bigquery.reservations.delete
bigquery.reservations.get
bigquery.reservations.list
bigquery.reservations.update
BigQuery Supported In Custom Roles bigquery.bireservations.get
bigquery.bireservations.update
bigquery.capacityCommitments.create
bigquery.capacityCommitments.delete
bigquery.capacityCommitments.get
bigquery.capacityCommitments.list
bigquery.reservationAssignments.create
bigquery.reservationAssignments.delete
bigquery.reservationAssignments.list
bigquery.reservationAssignments.search
bigquery.reservations.create
bigquery.reservations.delete
bigquery.reservations.get
bigquery.reservations.list
bigquery.reservations.update
Identity Platform Added identityplatform.workloadPoolProviders.create
identityplatform.workloadPoolProviders.delete
identityplatform.workloadPoolProviders.get
identityplatform.workloadPoolProviders.list
identityplatform.workloadPoolProviders.undelete
identityplatform.workloadPoolProviders.update
identityplatform.workloadPools.create
identityplatform.workloadPools.delete
identityplatform.workloadPools.get
identityplatform.workloadPools.list
identityplatform.workloadPools.undelete
identityplatform.workloadPools.update
Network Management API Now GA networkmanagement.connectivitytests.create
networkmanagement.connectivitytests.delete
networkmanagement.connectivitytests.get
networkmanagement.connectivitytests.getIamPolicy
networkmanagement.connectivitytests.list
networkmanagement.connectivitytests.rerun
networkmanagement.connectivitytests.setIamPolicy
networkmanagement.connectivitytests.update
networkmanagement.locations.get
networkmanagement.locations.list
networkmanagement.operations.get
networkmanagement.operations.list
Memorystore for Redis Added redis.instances.failover
redis.instances.upgrade
Memorystore for Redis Supported In Custom Roles redis.instances.failover
redis.instances.upgrade
Service Directory Added servicedirectory.endpoints.create
servicedirectory.endpoints.delete
servicedirectory.endpoints.get
servicedirectory.endpoints.getIamPolicy
servicedirectory.endpoints.list
servicedirectory.endpoints.setIamPolicy
servicedirectory.endpoints.update
servicedirectory.locations.get
servicedirectory.locations.list
servicedirectory.namespaces.associatePrivateZone
servicedirectory.namespaces.create
servicedirectory.namespaces.delete
servicedirectory.namespaces.get
servicedirectory.namespaces.getIamPolicy
servicedirectory.namespaces.list
servicedirectory.namespaces.setIamPolicy
servicedirectory.namespaces.update
servicedirectory.services.create
servicedirectory.services.delete
servicedirectory.services.get
servicedirectory.services.getIamPolicy
servicedirectory.services.list
servicedirectory.services.resolve
servicedirectory.services.setIamPolicy
servicedirectory.services.update
Service Directory Supported In Custom Roles servicedirectory.endpoints.create
servicedirectory.endpoints.delete
servicedirectory.endpoints.get
servicedirectory.endpoints.getIamPolicy
servicedirectory.endpoints.list
servicedirectory.endpoints.setIamPolicy
servicedirectory.endpoints.update
servicedirectory.namespaces.associatePrivateZone
servicedirectory.namespaces.create
servicedirectory.namespaces.delete
servicedirectory.namespaces.get
servicedirectory.namespaces.getIamPolicy
servicedirectory.namespaces.list
servicedirectory.namespaces.setIamPolicy
servicedirectory.namespaces.update
servicedirectory.services.create
servicedirectory.services.delete
servicedirectory.services.get
servicedirectory.services.getIamPolicy
servicedirectory.services.list
servicedirectory.services.resolve
servicedirectory.services.setIamPolicy
servicedirectory.services.update

Cloud IAM changes as of 2020-02-27

Service Change Description
BigQuery Now GA

The role roles/bigquery.readSessionUser (BigQuery Read Session User) is now GA.

Data Catalog Role Updated

The following permissions have been added to the role roles/datacatalog.entryGroupCreator (DataCatalog EntryGroup Creator):

datacatalog.entryGroups.list
Basic Role Role Updated

The following permissions have been added to the role roles/editor (Editor):

dlp.jobs.create
dlp.jobs.get
dlp.jobs.list
Secret Manager Role Updated

The following permissions have been added to the role roles/secretmanager.secretAccessor (Secret Manager Secret Accessor):

resourcemanager.projects.get
resourcemanager.projects.list
Security Command Center Role Updated

The following permissions have been added to the role roles/securitycenter.adminEditor (Security Center Admin Editor):

securitycenter.organizationsettings.get
Security Command Center Role Updated

The following permissions have been added to the role roles/securitycenter.adminViewer (Security Center Admin Viewer):

securitycenter.organizationsettings.get
Cloud Spanner Now GA

The role roles/spanner.backupAdmin (Cloud Spanner Backup Admin) is now GA.

Cloud Spanner Now GA

The role roles/spanner.backupWriter (Cloud Spanner Backup Writer) is now GA.

Cloud Spanner Now GA

The role roles/spanner.restoreAdmin (Cloud Spanner Restore Admin) is now GA.

Basic Role Role Updated

The following permissions have been added to the role roles/viewer (Viewer):

dlp.jobs.get
dlp.jobs.list
BigQuery Added bigquery.readsessions.getData
bigquery.readsessions.update
BigQuery Supported In Custom Roles bigquery.readsessions.getData
bigquery.readsessions.update
BigQuery Now GA bigquery.readsessions.create
bigquery.readsessions.getData
bigquery.readsessions.update
Data Catalog Added datacatalog.entryGroups.list
Data Catalog Supported In Custom Roles datacatalog.entryGroups.list
Cloud Healthcare API Supported In Custom Roles healthcare.fhirStores.executeBundle
Identity and Access Management Supported In Custom Roles iam.serviceAccounts.getOpenIdToken
Cloud Spanner Added spanner.backupOperations.cancel
spanner.backupOperations.get
spanner.backupOperations.list
spanner.backups.create
spanner.backups.delete
spanner.backups.get
spanner.backups.getIamPolicy
spanner.backups.list
spanner.backups.restoreDatabase
spanner.backups.setIamPolicy
spanner.backups.update
spanner.databases.createBackup
Cloud Spanner Supported In Custom Roles spanner.backupOperations.cancel
spanner.backupOperations.get
spanner.backupOperations.list
spanner.backups.create
spanner.backups.delete
spanner.backups.get
spanner.backups.getIamPolicy
spanner.backups.list
spanner.backups.restoreDatabase
spanner.backups.setIamPolicy
spanner.backups.update
spanner.databases.createBackup
Cloud Spanner Now GA spanner.backupOperations.cancel
spanner.backupOperations.get
spanner.backupOperations.list
spanner.backups.create
spanner.backups.delete
spanner.backups.get
spanner.backups.getIamPolicy
spanner.backups.list
spanner.backups.restoreDatabase
spanner.backups.setIamPolicy
spanner.backups.update
spanner.databases.createBackup

Cloud IAM changes as of 2020-02-21

Service Change Description
Access Context Manager Added accesscontextmanager.accessLevels.replaceAll
accesscontextmanager.servicePerimeters.commit
accesscontextmanager.servicePerimeters.replaceAll
Access Context Manager Now GA accesscontextmanager.accessLevels.replaceAll
accesscontextmanager.servicePerimeters.commit
accesscontextmanager.servicePerimeters.replaceAll
Compute Engine Added compute.regionHealthCheckServices.create
compute.regionHealthCheckServices.delete
compute.regionHealthCheckServices.get
compute.regionHealthCheckServices.list
compute.regionHealthCheckServices.update
compute.regionHealthCheckServices.use
compute.regionNotificationEndpoints.create
compute.regionNotificationEndpoints.delete
compute.regionNotificationEndpoints.get
compute.regionNotificationEndpoints.list
compute.regionNotificationEndpoints.update
compute.regionNotificationEndpoints.use
Compute Engine Supported In Custom Roles compute.regionHealthCheckServices.create
compute.regionHealthCheckServices.delete
compute.regionHealthCheckServices.get
compute.regionHealthCheckServices.list
compute.regionHealthCheckServices.update
compute.regionHealthCheckServices.use
compute.regionNotificationEndpoints.create
compute.regionNotificationEndpoints.delete
compute.regionNotificationEndpoints.get
compute.regionNotificationEndpoints.list
compute.regionNotificationEndpoints.update
compute.regionNotificationEndpoints.use

Cloud IAM changes as of 2020-02-14

Service Change Description
Google Cloud Support Now GA

The role roles/cloudsupport.techSupportEditor (Tech Support Editor) is now GA.

Google Cloud Support Now GA

The role roles/cloudsupport.techSupportViewer (Tech Support Viewer) is now GA.

Basic Role Role Updated

The following permissions have been added to the role roles/editor (Editor):

healthcare.fhirStores.executeBundle
Cloud Healthcare API Role Updated

The following permissions have been added to the role roles/healthcare.fhirResourceEditor (Healthcare FHIR Resource Editor):

healthcare.fhirStores.executeBundle
Cloud Healthcare API Role Updated

The following permissions have been added to the role roles/healthcare.fhirResourceReader (Healthcare FHIR Resource Reader):

healthcare.fhirStores.executeBundle
Cloud Logging Role Updated

The following permissions have been added to the role roles/logging.privateLogViewer (Private Logs Viewer):

logging.buckets.get
logging.buckets.list
Cloud Logging Role Updated

The following permissions have been added to the role roles/logging.viewer (Logs Viewer):

logging.buckets.get
logging.buckets.list
Basic Role Role Updated

The following permissions have been added to the role roles/owner (Owner):

healthcare.fhirStores.executeBundle
Security Command Center Role Updated

The following permissions have been added to the role roles/securitycenter.admin (Security Center Admin):

appengine.applications.get
cloudsecurityscanner.crawledurls.list
cloudsecurityscanner.results.get
cloudsecurityscanner.results.list
cloudsecurityscanner.scanruns.get
cloudsecurityscanner.scanruns.getSummary
cloudsecurityscanner.scanruns.list
cloudsecurityscanner.scanruns.stop
cloudsecurityscanner.scans.create
cloudsecurityscanner.scans.delete
cloudsecurityscanner.scans.get
cloudsecurityscanner.scans.list
cloudsecurityscanner.scans.run
cloudsecurityscanner.scans.update
compute.addresses.list
resourcemanager.projects.get
resourcemanager.projects.list
serviceusage.quotas.get
serviceusage.services.get
serviceusage.services.list
Security Command Center Role Updated

The following permissions have been added to the role roles/securitycenter.adminEditor (Security Center Admin Editor):

appengine.applications.get
cloudsecurityscanner.crawledurls.list
cloudsecurityscanner.results.get
cloudsecurityscanner.results.list
cloudsecurityscanner.scanruns.get
cloudsecurityscanner.scanruns.getSummary
cloudsecurityscanner.scanruns.list
cloudsecurityscanner.scanruns.stop
cloudsecurityscanner.scans.create
cloudsecurityscanner.scans.delete
cloudsecurityscanner.scans.get
cloudsecurityscanner.scans.list
cloudsecurityscanner.scans.run
cloudsecurityscanner.scans.update
compute.addresses.list
resourcemanager.projects.get
resourcemanager.projects.list
serviceusage.quotas.get
serviceusage.services.get
serviceusage.services.list
Security Command Center Role Updated

The following permissions have been added to the role roles/securitycenter.adminViewer (Security Center Admin Viewer):

cloudsecurityscanner.crawledurls.list
cloudsecurityscanner.results.get
cloudsecurityscanner.results.list
cloudsecurityscanner.scanruns.get
cloudsecurityscanner.scanruns.getSummary
cloudsecurityscanner.scanruns.list
cloudsecurityscanner.scans.get
cloudsecurityscanner.scans.list
serviceusage.quotas.get
serviceusage.services.get
serviceusage.services.list
Basic Role Role Updated

The following permissions have been added to the role roles/viewer (Viewer):

healthcare.fhirStores.executeBundle
Google Cloud Support Added cloudsupport.properties.get
cloudsupport.techCases.create
cloudsupport.techCases.escalate
cloudsupport.techCases.get
cloudsupport.techCases.list
cloudsupport.techCases.update
Google Cloud Support Supported In Custom Roles cloudsupport.properties.get
cloudsupport.techCases.create
cloudsupport.techCases.escalate
cloudsupport.techCases.get
cloudsupport.techCases.list
cloudsupport.techCases.update
Google Cloud Support Now GA cloudsupport.techCases.create
cloudsupport.techCases.escalate
cloudsupport.techCases.get
cloudsupport.techCases.list
cloudsupport.techCases.update
Cloud Healthcare API Added healthcare.fhirStores.executeBundle
Cloud Logging Added logging.buckets.get
logging.buckets.list
logging.buckets.update
Cloud Logging Supported In Custom Roles logging.buckets.get
logging.buckets.list
logging.buckets.update
Cloud Logging Now GA logging.buckets.get
logging.buckets.list
logging.buckets.update

Cloud IAM changes as of 2020-02-07

Service Change Description
Secret Manager Now GA

The role roles/secretmanager.admin (Secret Manager Admin) is now GA.

Secret Manager Now GA

The role roles/secretmanager.secretAccessor (Secret Manager Secret Accessor) is now GA.

Secret Manager Now GA

The role roles/secretmanager.viewer (Secret Manager Viewer) is now GA.

Cloud Healthcare API Supported In Custom Roles healthcare.datasets.create
healthcare.datasets.deidentify
healthcare.datasets.delete
healthcare.datasets.get
healthcare.datasets.getIamPolicy
healthcare.datasets.list
healthcare.datasets.setIamPolicy
healthcare.datasets.update
healthcare.dicomStores.create
healthcare.dicomStores.delete
healthcare.dicomStores.dicomWebDelete
healthcare.dicomStores.dicomWebRead
healthcare.dicomStores.dicomWebWrite
healthcare.dicomStores.export
healthcare.dicomStores.get
healthcare.dicomStores.getIamPolicy
healthcare.dicomStores.import
healthcare.dicomStores.list
healthcare.dicomStores.setIamPolicy
healthcare.dicomStores.update
healthcare.fhirResources.create
healthcare.fhirResources.delete
healthcare.fhirResources.get
healthcare.fhirResources.patch
healthcare.fhirResources.purge
healthcare.fhirResources.update
healthcare.fhirStores.create
healthcare.fhirStores.delete
healthcare.fhirStores.export
healthcare.fhirStores.get
healthcare.fhirStores.getIamPolicy
healthcare.fhirStores.import
healthcare.fhirStores.list
healthcare.fhirStores.searchResources
healthcare.fhirStores.setIamPolicy
healthcare.fhirStores.update
healthcare.hl7V2Messages.create
healthcare.hl7V2Messages.delete
healthcare.hl7V2Messages.get
healthcare.hl7V2Messages.ingest
healthcare.hl7V2Messages.list
healthcare.hl7V2Messages.update
healthcare.hl7V2Stores.create
healthcare.hl7V2Stores.delete
healthcare.hl7V2Stores.get
healthcare.hl7V2Stores.getIamPolicy
healthcare.hl7V2Stores.list
healthcare.hl7V2Stores.setIamPolicy
healthcare.hl7V2Stores.update
healthcare.operations.get
healthcare.operations.list
reCAPTCHA Enterprise Added recaptchaenterprise.assessments.annotate
recaptchaenterprise.assessments.create
recaptchaenterprise.keys.create
recaptchaenterprise.keys.delete
recaptchaenterprise.keys.get
recaptchaenterprise.keys.list
recaptchaenterprise.keys.update
reCAPTCHA Enterprise Supported In Custom Roles recaptchaenterprise.assessments.annotate
recaptchaenterprise.assessments.create
recaptchaenterprise.keys.create
recaptchaenterprise.keys.delete
recaptchaenterprise.keys.get
recaptchaenterprise.keys.list
recaptchaenterprise.keys.update
Secret Manager Supported In Custom Roles secretmanager.locations.get
secretmanager.locations.list
secretmanager.secrets.create
secretmanager.secrets.delete
secretmanager.secrets.get
secretmanager.secrets.getIamPolicy
secretmanager.secrets.list
secretmanager.secrets.setIamPolicy
secretmanager.secrets.update
secretmanager.versions.access
secretmanager.versions.add
secretmanager.versions.destroy
secretmanager.versions.disable
secretmanager.versions.enable
secretmanager.versions.get
secretmanager.versions.list
Secret Manager Now GA secretmanager.locations.get
secretmanager.locations.list
secretmanager.secrets.create
secretmanager.secrets.delete
secretmanager.secrets.get
secretmanager.secrets.getIamPolicy
secretmanager.secrets.list
secretmanager.secrets.setIamPolicy
secretmanager.secrets.update
secretmanager.versions.access
secretmanager.versions.add
secretmanager.versions.destroy
secretmanager.versions.disable
secretmanager.versions.enable
secretmanager.versions.get
secretmanager.versions.list

Cloud IAM changes as of 2020-01-31

Service Change Description
Cloud Build Role Updated

The following permissions have been added to the role roles/cloudbuild.builds.builder (Cloud Build Service Account):

artifactregistry.files.get
artifactregistry.files.list
artifactregistry.packages.get
artifactregistry.packages.list
artifactregistry.repositories.downloadArtifacts
artifactregistry.repositories.get
artifactregistry.repositories.list
artifactregistry.repositories.uploadArtifacts
artifactregistry.tags.create
artifactregistry.tags.get
artifactregistry.tags.list
artifactregistry.tags.update
artifactregistry.versions.get
artifactregistry.versions.list
Cloud Composer Role Updated

The following permissions have been added to the role roles/composer.worker (Composer Worker):

artifactregistry.files.get
artifactregistry.files.list
artifactregistry.packages.get
artifactregistry.packages.list
artifactregistry.repositories.downloadArtifacts
artifactregistry.repositories.get
artifactregistry.repositories.list
artifactregistry.repositories.uploadArtifacts
artifactregistry.tags.create
artifactregistry.tags.get
artifactregistry.tags.list
artifactregistry.tags.update
artifactregistry.versions.get
artifactregistry.versions.list
Google Cloud Game Servers Added gameservices.gameServerClusters.create
gameservices.gameServerClusters.delete
gameservices.gameServerClusters.get
gameservices.gameServerClusters.list
gameservices.gameServerClusters.update
gameservices.gameServerConfigs.create
gameservices.gameServerConfigs.delete
gameservices.gameServerConfigs.get
gameservices.gameServerConfigs.list
gameservices.gameServerDeployments.create
gameservices.gameServerDeployments.delete
gameservices.gameServerDeployments.get
gameservices.gameServerDeployments.list
gameservices.gameServerDeployments.rollout
gameservices.gameServerDeployments.update
gameservices.locations.get
gameservices.locations.list
gameservices.operations.cancel
gameservices.operations.delete
gameservices.operations.get
gameservices.operations.list
gameservices.realms.create
gameservices.realms.delete
gameservices.realms.get
gameservices.realms.list
gameservices.realms.update
Google Cloud Game Servers Supported In Custom Roles gameservices.gameServerClusters.create
gameservices.gameServerClusters.delete
gameservices.gameServerClusters.get
gameservices.gameServerClusters.list
gameservices.gameServerClusters.update
gameservices.gameServerConfigs.create
gameservices.gameServerConfigs.delete
gameservices.gameServerConfigs.get
gameservices.gameServerConfigs.list
gameservices.gameServerDeployments.create
gameservices.gameServerDeployments.delete
gameservices.gameServerDeployments.get
gameservices.gameServerDeployments.list
gameservices.gameServerDeployments.rollout
gameservices.gameServerDeployments.update
gameservices.locations.get
gameservices.locations.list
gameservices.operations.cancel
gameservices.operations.delete
gameservices.operations.get
gameservices.operations.list
gameservices.realms.create
gameservices.realms.delete
gameservices.realms.get
gameservices.realms.list
gameservices.realms.update
Google Cloud operations suite Added opsconfigmonitoring.resourceMetadata.write

Cloud IAM changes as of 2020-01-24

Service Change Description
Cloud Scheduler Role Updated

The following permissions have been added to the role roles/cloudscheduler.admin (Cloud Scheduler Admin):

serviceusage.services.list
Cloud Scheduler Role Updated

The following permissions have been added to the role roles/cloudscheduler.jobRunner (Cloud Scheduler Job Runner):

serviceusage.services.list
Cloud Scheduler Role Updated

The following permissions have been added to the role roles/cloudscheduler.viewer (Cloud Scheduler Viewer):

serviceusage.services.list
Compute Engine Role Updated

The following permissions have been added to the role roles/compute.networkAdmin (Compute Network Admin):

compute.machineTypes.get
compute.machineTypes.list
Compute Engine Role Updated

The following permissions have been added to the role roles/compute.networkViewer (Compute Network Viewer):

compute.machineTypes.get
compute.machineTypes.list
Security Command Center Now GA

The role roles/securitycenter.notificationConfigEditor (Security Center Notification Configurations Editor) is now GA.

Security Command Center Now GA

The role roles/securitycenter.notificationConfigViewer (Security Center Notification Configurations Viewer) is now GA.

Artifact Registry Added artifactregistry.files.get
artifactregistry.files.list
artifactregistry.packages.delete
artifactregistry.packages.get
artifactregistry.packages.list
artifactregistry.repositories.create
artifactregistry.repositories.delete
artifactregistry.repositories.deleteArtifacts
artifactregistry.repositories.downloadArtifacts
artifactregistry.repositories.get
artifactregistry.repositories.getIamPolicy
artifactregistry.repositories.list
artifactregistry.repositories.setIamPolicy
artifactregistry.repositories.update
artifactregistry.repositories.uploadArtifacts
artifactregistry.tags.create
artifactregistry.tags.delete
artifactregistry.tags.get
artifactregistry.tags.list
artifactregistry.tags.update
artifactregistry.versions.delete
artifactregistry.versions.get
artifactregistry.versions.list
Artifact Registry Supported In Custom Roles artifactregistry.files.get
artifactregistry.files.list
artifactregistry.packages.delete
artifactregistry.packages.get
artifactregistry.packages.list
artifactregistry.repositories.create
artifactregistry.repositories.delete
artifactregistry.repositories.deleteArtifacts
artifactregistry.repositories.downloadArtifacts
artifactregistry.repositories.get
artifactregistry.repositories.getIamPolicy
artifactregistry.repositories.list
artifactregistry.repositories.setIamPolicy
artifactregistry.repositories.update
artifactregistry.repositories.uploadArtifacts
artifactregistry.tags.create
artifactregistry.tags.delete
artifactregistry.tags.get
artifactregistry.tags.list
artifactregistry.tags.update
artifactregistry.versions.delete
artifactregistry.versions.get
artifactregistry.versions.list
Identity and Access Management Added iam.serviceAccounts.getOpenIdToken
Security Command Center Added securitycenter.notificationconfig.create
securitycenter.notificationconfig.delete
securitycenter.notificationconfig.get
securitycenter.notificationconfig.list
securitycenter.notificationconfig.update
Security Command Center Supported In Custom Roles securitycenter.notificationconfig.create
securitycenter.notificationconfig.delete
securitycenter.notificationconfig.get
securitycenter.notificationconfig.list
securitycenter.notificationconfig.update
Security Command Center Now GA securitycenter.notificationconfig.create
securitycenter.notificationconfig.delete
securitycenter.notificationconfig.get
securitycenter.notificationconfig.list
securitycenter.notificationconfig.update

Cloud IAM changes as of 2020-01-10

Service Change Description
Cloud Asset Inventory Now GA

The role roles/cloudasset.owner (Cloud Asset Owner) is now GA.

Migrate for Compute Engine Role Updated

The following permissions have been added to the role roles/cloudmigration.inframanager (Velostrata Manager):

compute.globalOperations.get
Cloud Spanner Role Updated

The following permissions have been added to the role roles/spanner.databaseReader (Cloud Spanner Database Reader):

spanner.instances.get
Cloud Spanner Role Updated

The following permissions have been added to the role roles/spanner.databaseUser (Cloud Spanner Database User):

spanner.instances.get
Cloud Asset Inventory Now GA cloudasset.feeds.create
cloudasset.feeds.delete
cloudasset.feeds.get
cloudasset.feeds.list
cloudasset.feeds.update
Compute Engine Added compute.networks.listPeeringRoutes
Compute Engine Supported In Custom Roles compute.networks.listPeeringRoutes
Compute Engine Now GA compute.networks.listPeeringRoutes
Network Management API Added networkmanagement.connectivitytests.create
networkmanagement.connectivitytests.delete
networkmanagement.connectivitytests.get
networkmanagement.connectivitytests.getIamPolicy
networkmanagement.connectivitytests.list
networkmanagement.connectivitytests.rerun
networkmanagement.connectivitytests.setIamPolicy
networkmanagement.connectivitytests.update
networkmanagement.locations.get
networkmanagement.locations.list
networkmanagement.operations.get
networkmanagement.operations.list
Network Management API Supported In Custom Roles networkmanagement.connectivitytests.create
networkmanagement.connectivitytests.delete
networkmanagement.connectivitytests.get
networkmanagement.connectivitytests.getIamPolicy
networkmanagement.connectivitytests.list
networkmanagement.connectivitytests.rerun
networkmanagement.connectivitytests.setIamPolicy
networkmanagement.connectivitytests.update
networkmanagement.locations.get
networkmanagement.locations.list
networkmanagement.operations.get
networkmanagement.operations.list

Cloud IAM change as of 2019-12-20

Service Change Description
Migrate for Compute Engine Role Updated

The following permissions have been added to the role roles/cloudmigration.inframanager (Velostrata Manager):

compute.disks.createSnapshot
compute.snapshots.create
compute.snapshots.delete
compute.snapshots.get
compute.snapshots.setLabels
compute.snapshots.useReadOnly
Cloud Scheduler Role Updated

The following permissions have been added to the role roles/cloudscheduler.admin (Cloud Scheduler Admin):

appengine.applications.get
serviceusage.services.get
Cloud Scheduler Role Updated

The following permissions have been added to the role roles/cloudscheduler.jobRunner (Cloud Scheduler Job Runner):

appengine.applications.get
serviceusage.services.get
Cloud Scheduler Role Updated

The following permissions have been added to the role roles/cloudscheduler.viewer (Cloud Scheduler Viewer):

appengine.applications.get
serviceusage.services.get
Compute Engine Now GA

The role roles/compute.packetMirroringAdmin (Compute packet mirroring admin) is now GA.

Compute Engine Now GA

The role roles/compute.packetMirroringUser (Compute packet mirroring user) is now GA.

Cloud DNS Now GA

The role roles/dns.peer (DNS Peer) is now GA.

Basic Role Role Updated

The following permissions have been removed from the role roles/editor (Editor):

datacatalog.taxonomies.create
Recommender Now GA

The role roles/recommender.computeAdmin (Compute Recommender Admin) is now GA.

Recommender Now GA

The role roles/recommender.computeViewer (Compute Recommender Viewer) is now GA.

Recommender Now GA

The role roles/recommender.iamAdmin (IAM Recommender Admin) is now GA.

Recommender Now GA

The role roles/recommender.iamViewer (IAM Recommender Viewer) is now GA.

Remote Build Execution Role Added

The role roles/remotebuildexecution.reservationAdmin (Remote Build Execution Reservation Admin) has been added with the following permissions:

remotebuildexecution.actions.create
remotebuildexecution.actions.delete
remotebuildexecution.actions.get
Cloud Bigtable Added bigtable.tables.getIamPolicy
bigtable.tables.setIamPolicy
Cloud Bigtable Supported In Custom Roles bigtable.tables.getIamPolicy
bigtable.tables.setIamPolicy
Cloud Bigtable Now GA bigtable.tables.getIamPolicy
bigtable.tables.setIamPolicy
Compute Engine Added compute.nodeGroups.update
Compute Engine Supported In Custom Roles compute.nodeGroups.update
Compute Engine Now GA compute.networks.mirror
compute.packetMirrorings.update
compute.subnetworks.mirror
Data Catalog Added datacatalog.entries.list
datacatalog.entries.updateTag
datacatalog.entryGroups.update
Dataproc Added dataproc.autoscalingPolicies.create
dataproc.autoscalingPolicies.delete
dataproc.autoscalingPolicies.get
dataproc.autoscalingPolicies.getIamPolicy
dataproc.autoscalingPolicies.list
dataproc.autoscalingPolicies.setIamPolicy
dataproc.autoscalingPolicies.update
dataproc.autoscalingPolicies.use
Dataproc Now GA dataproc.autoscalingPolicies.create
dataproc.autoscalingPolicies.delete
dataproc.autoscalingPolicies.get
dataproc.autoscalingPolicies.getIamPolicy
dataproc.autoscalingPolicies.list
dataproc.autoscalingPolicies.setIamPolicy
dataproc.autoscalingPolicies.update
dataproc.autoscalingPolicies.use
Cloud DNS Now GA dns.networks.targetWithPeeringZone
Cloud Logging Added logging.cmekSettings.get
logging.cmekSettings.update
Cloud Logging Supported In Custom Roles logging.cmekSettings.get
logging.cmekSettings.update
Cloud Logging Now GA logging.cmekSettings.get
logging.cmekSettings.update
Recommender Now GA recommender.computeInstanceGroupManagerMachineTypeRecommendations.get
recommender.computeInstanceGroupManagerMachineTypeRecommendations.list
recommender.computeInstanceGroupManagerMachineTypeRecommendations.update
recommender.computeInstanceMachineTypeRecommendations.get
recommender.computeInstanceMachineTypeRecommendations.list
recommender.computeInstanceMachineTypeRecommendations.update
recommender.iamPolicyRecommendations.get
recommender.iamPolicyRecommendations.list
recommender.iamPolicyRecommendations.update
recommender.locations.get
recommender.locations.list

Cloud IAM changes as of 2019-11-22

Service Change Description
Data Catalog Role Updated

The following permissions have been removed from the role roles/datacatalog.admin (Data Catalog Admin):

datacatalog.categories.fineGrainedGet
Basic Role Role Updated

The following permissions have been added to the role roles/editor (Editor):

remotebuildexecution.actions.delete
Identity Toolkit Now GA

The role roles/identitytoolkit.admin (Identity Toolkit Admin) is now GA.

Identity Toolkit Now GA

The role roles/identitytoolkit.viewer (Identity Toolkit Viewer) is now GA.

Apigee Added apigee.apiproductattributes.createOrUpdateAll
apigee.apiproductattributes.delete
apigee.apiproductattributes.get
apigee.apiproductattributes.list
apigee.apiproductattributes.update
apigee.apiproducts.create
apigee.apiproducts.delete
apigee.apiproducts.get
apigee.apiproducts.list
apigee.apiproducts.update
apigee.appkeys.create
apigee.appkeys.delete
apigee.appkeys.get
apigee.appkeys.manage
apigee.apps.get
apigee.apps.list
apigee.deployments.create
apigee.deployments.delete
apigee.deployments.get
apigee.deployments.list
apigee.deployments.update
apigee.developerappattributes.createOrUpdateAll
apigee.developerappattributes.delete
apigee.developerappattributes.get
apigee.developerappattributes.list
apigee.developerappattributes.update
apigee.developerapps.create
apigee.developerapps.delete
apigee.developerapps.get
apigee.developerapps.list
apigee.developerapps.manage
apigee.developerattributes.createOrUpdateAll
apigee.developerattributes.delete
apigee.developerattributes.get
apigee.developerattributes.list
apigee.developerattributes.update
apigee.developers.create
apigee.developers.delete
apigee.developers.get
apigee.developers.list
apigee.developers.update
apigee.environments.create
apigee.environments.delete
apigee.environments.get
apigee.environments.getDataLocation
apigee.environments.getIamPolicy
apigee.environments.getStats
apigee.environments.list
apigee.environments.manageRuntime
apigee.environments.setIamPolicy
apigee.environments.update
apigee.flowhooks.attachSharedFlow
apigee.flowhooks.detachSharedFlow
apigee.flowhooks.getSharedFlow
apigee.flowhooks.list
apigee.keystorealiases.create
apigee.keystorealiases.delete
apigee.keystorealiases.exportCertificate
apigee.keystorealiases.generateCSR
apigee.keystorealiases.get
apigee.keystorealiases.list
apigee.keystorealiases.update
apigee.keystores.create
apigee.keystores.delete
apigee.keystores.export
apigee.keystores.get
apigee.keystores.list
apigee.keyvaluemaps.create
apigee.keyvaluemaps.delete
apigee.keyvaluemaps.list
apigee.maskconfigs.get
apigee.maskconfigs.update
apigee.organizations.create
apigee.organizations.get
apigee.organizations.list
apigee.organizations.update
apigee.proxies.create
apigee.proxies.delete
apigee.proxies.get
apigee.proxies.list
apigee.proxyrevisions.delete
apigee.proxyrevisions.deploy
apigee.proxyrevisions.get
apigee.proxyrevisions.list
apigee.proxyrevisions.undeploy
apigee.proxyrevisions.update
apigee.queries.create
apigee.queries.get
apigee.queries.list
apigee.references.create
apigee.references.delete
apigee.references.get
apigee.references.list
apigee.references.update
apigee.reports.create
apigee.reports.delete
apigee.reports.get
apigee.reports.list
apigee.reports.update
apigee.resourcefiles.create
apigee.resourcefiles.delete
apigee.resourcefiles.get
apigee.resourcefiles.list
apigee.resourcefiles.update
apigee.sharedflowrevisions.delete
apigee.sharedflowrevisions.deploy
apigee.sharedflowrevisions.get
apigee.sharedflowrevisions.list
apigee.sharedflowrevisions.undeploy
apigee.sharedflowrevisions.update
apigee.sharedflows.create
apigee.sharedflows.delete
apigee.sharedflows.get
apigee.sharedflows.list
apigee.targetservers.create
apigee.targetservers.delete
apigee.targetservers.get
apigee.targetservers.list
apigee.targetservers.update
apigee.tracesessions.create
apigee.tracesessions.delete
apigee.tracesessions.get
apigee.tracesessions.list
Apigee Supported In Custom Roles apigee.apiproductattributes.createOrUpdateAll
apigee.apiproductattributes.delete
apigee.apiproductattributes.get
apigee.apiproductattributes.list
apigee.apiproductattributes.update
apigee.apiproducts.create
apigee.apiproducts.delete
apigee.apiproducts.get
apigee.apiproducts.list
apigee.apiproducts.update
apigee.appkeys.create
apigee.appkeys.delete
apigee.appkeys.get
apigee.appkeys.manage
apigee.apps.get
apigee.apps.list
apigee.deployments.create
apigee.deployments.delete
apigee.deployments.get
apigee.deployments.list
apigee.deployments.update
apigee.developerappattributes.createOrUpdateAll
apigee.developerappattributes.delete
apigee.developerappattributes.get
apigee.developerappattributes.list
apigee.developerappattributes.update
apigee.developerapps.create
apigee.developerapps.delete
apigee.developerapps.get
apigee.developerapps.list
apigee.developerapps.manage
apigee.developerattributes.createOrUpdateAll
apigee.developerattributes.delete
apigee.developerattributes.get
apigee.developerattributes.list
apigee.developerattributes.update
apigee.developers.create
apigee.developers.delete
apigee.developers.get
apigee.developers.list
apigee.developers.update
apigee.environments.create
apigee.environments.delete
apigee.environments.get
apigee.environments.getDataLocation
apigee.environments.getIamPolicy
apigee.environments.getStats
apigee.environments.list
apigee.environments.manageRuntime
apigee.environments.setIamPolicy
apigee.environments.update
apigee.flowhooks.attachSharedFlow
apigee.flowhooks.detachSharedFlow
apigee.flowhooks.getSharedFlow
apigee.flowhooks.list
apigee.keystorealiases.create
apigee.keystorealiases.delete
apigee.keystorealiases.exportCertificate
apigee.keystorealiases.generateCSR
apigee.keystorealiases.get
apigee.keystorealiases.list
apigee.keystorealiases.update
apigee.keystores.create
apigee.keystores.delete
apigee.keystores.export
apigee.keystores.get
apigee.keystores.list
apigee.keyvaluemaps.create
apigee.keyvaluemaps.delete
apigee.keyvaluemaps.list
apigee.maskconfigs.get
apigee.maskconfigs.update
apigee.organizations.create
apigee.organizations.get
apigee.organizations.list
apigee.organizations.update
apigee.proxies.create
apigee.proxies.delete
apigee.proxies.get
apigee.proxies.list
apigee.proxyrevisions.delete
apigee.proxyrevisions.deploy
apigee.proxyrevisions.get
apigee.proxyrevisions.list
apigee.proxyrevisions.undeploy
apigee.proxyrevisions.update
apigee.queries.create
apigee.queries.get
apigee.queries.list
apigee.references.create
apigee.references.delete
apigee.references.get
apigee.references.list
apigee.references.update
apigee.reports.create
apigee.reports.delete
apigee.reports.get
apigee.reports.list
apigee.reports.update
apigee.resourcefiles.create
apigee.resourcefiles.delete
apigee.resourcefiles.get
apigee.resourcefiles.list
apigee.resourcefiles.update
apigee.sharedflowrevisions.delete
apigee.sharedflowrevisions.deploy
apigee.sharedflowrevisions.get
apigee.sharedflowrevisions.list
apigee.sharedflowrevisions.undeploy
apigee.sharedflowrevisions.update
apigee.sharedflows.create
apigee.sharedflows.delete
apigee.sharedflows.get
apigee.sharedflows.list
apigee.targetservers.create
apigee.targetservers.delete
apigee.targetservers.get
apigee.targetservers.list
apigee.targetservers.update
apigee.tracesessions.create
apigee.tracesessions.delete
apigee.tracesessions.get
apigee.tracesessions.list
BigQuery Added bigquery.tables.setCategory
Compute Engine Added compute.networks.mirror
compute.packetMirrorings.update
compute.subnetworks.mirror
Compute Engine Supported In Custom Roles compute.networks.mirror
compute.packetMirrorings.update
compute.subnetworks.mirror
Remote Build Execution Added remotebuildexecution.actions.delete
Remote Build Execution Supported In Custom Roles remotebuildexecution.actions.delete

Cloud IAM changes as of 2019-11-14

Service Change Description
Access Approval Added accessapproval.settings.delete
AI Platform Notebooks Added notebooks.environments.create
notebooks.environments.delete
notebooks.environments.get
notebooks.environments.getIamPolicy
notebooks.environments.list
notebooks.environments.setIamPolicy
notebooks.instances.create
notebooks.instances.delete
notebooks.instances.get
notebooks.instances.getIamPolicy
notebooks.instances.list
notebooks.instances.setIamPolicy
notebooks.instances.update
notebooks.locations.get
notebooks.locations.list
notebooks.operations.cancel
notebooks.operations.delete
notebooks.operations.get
notebooks.operations.list
AI Platform Notebooks Supported In Custom Roles notebooks.environments.create
notebooks.environments.delete
notebooks.environments.get
notebooks.environments.getIamPolicy
notebooks.environments.list
notebooks.environments.setIamPolicy
notebooks.instances.create
notebooks.instances.delete
notebooks.instances.get
notebooks.instances.getIamPolicy
notebooks.instances.list
notebooks.instances.setIamPolicy
notebooks.instances.update
notebooks.locations.get
notebooks.locations.list
notebooks.operations.cancel
notebooks.operations.delete
notebooks.operations.get
notebooks.operations.list

Cloud IAM changes as of 2019-11-01

Service Change Description
Hangouts Chat Now GA

The role roles/chat.owner (Chat Bots Owner) is now GA.

Hangouts Chat Now GA

The role roles/chat.reader (Chat Bots Viewer) is now GA.

Hangouts Chat Now GA chat.bots.get
chat.bots.update
Cloud Asset Inventory Added cloudasset.assets.exportAppengineApplications
cloudasset.assets.exportAppengineServices
cloudasset.assets.exportAppengineVersions
cloudasset.assets.exportBigqueryDatasets
cloudasset.assets.exportBigqueryTables
cloudasset.assets.exportBigtableCluster
cloudasset.assets.exportBigtableInstance
cloudasset.assets.exportBigtableTable
cloudasset.assets.exportCloudbillingBillingAccounts
cloudasset.assets.exportCloudkmsCryptoKeyVersions
cloudasset.assets.exportCloudkmsCryptoKeys
cloudasset.assets.exportCloudkmsKeyRings
cloudasset.assets.exportCloudresourcemanagerFolders
cloudasset.assets.exportCloudresourcemanagerOrganizations
cloudasset.assets.exportCloudresourcemanagerProjects
cloudasset.assets.exportComputeAddress
cloudasset.assets.exportComputeAutoscalers
cloudasset.assets.exportComputeBackendBuckets
cloudasset.assets.exportComputeBackendServices
cloudasset.assets.exportComputeDisks
cloudasset.assets.exportComputeFirewalls
cloudasset.assets.exportComputeForwardingRules
cloudasset.assets.exportComputeGlobalAddress
cloudasset.assets.exportComputeGlobalForwardingRules
cloudasset.assets.exportComputeHealthChecks
cloudasset.assets.exportComputeHttpHealthChecks
cloudasset.assets.exportComputeHttpsHealthChecks
cloudasset.assets.exportComputeImages
cloudasset.assets.exportComputeInstanceGroupManagers
cloudasset.assets.exportComputeInstanceGroups
cloudasset.assets.exportComputeInstanceTemplates
cloudasset.assets.exportComputeInstances
cloudasset.assets.exportComputeInterconnect
cloudasset.assets.exportComputeInterconnectAttachment
cloudasset.assets.exportComputeLicenses
cloudasset.assets.exportComputeNetworks
cloudasset.assets.exportComputeProjects
cloudasset.assets.exportComputeRegionAutoscaler
cloudasset.assets.exportComputeRegionBackendServices
cloudasset.assets.exportComputeRegionDisk
cloudasset.assets.exportComputeRegionInstanceGroup
cloudasset.assets.exportComputeRegionInstanceGroupManager
cloudasset.assets.exportComputeRouters
cloudasset.assets.exportComputeRoutes
cloudasset.assets.exportComputeSecurityPolicy
cloudasset.assets.exportComputeSnapshots
cloudasset.assets.exportComputeSslCertificates
cloudasset.assets.exportComputeSubnetworks
cloudasset.assets.exportComputeTargetHttpProxies
cloudasset.assets.exportComputeTargetHttpsProxies
cloudasset.assets.exportComputeTargetInstances
cloudasset.assets.exportComputeTargetPools
cloudasset.assets.exportComputeTargetSslProxies
cloudasset.assets.exportComputeTargetTcpProxies
cloudasset.assets.exportComputeTargetVpnGateways
cloudasset.assets.exportComputeUrlMaps
cloudasset.assets.exportComputeVpnTunnels
cloudasset.assets.exportContainerClusterrole
cloudasset.assets.exportContainerClusterrolebinding
cloudasset.assets.exportContainerClusters
cloudasset.assets.exportContainerNamespace
cloudasset.assets.exportContainerNode
cloudasset.assets.exportContainerNodepool
cloudasset.assets.exportContainerPod
cloudasset.assets.exportContainerRole
cloudasset.assets.exportContainerRolebinding
cloudasset.assets.exportContainerregistryImage
cloudasset.assets.exportDatafusionInstance
cloudasset.assets.exportDataprocClusters
cloudasset.assets.exportDataprocJobs
cloudasset.assets.exportDnsManagedZones
cloudasset.assets.exportDnsPolicies
cloudasset.assets.exportIamRoles
cloudasset.assets.exportIamServiceAccountKeys
cloudasset.assets.exportIamServiceAccounts
cloudasset.assets.exportManagedidentitiesDomain
cloudasset.assets.exportPubsubSubscriptions
cloudasset.assets.exportPubsubTopics
cloudasset.assets.exportServicemanagementServices
cloudasset.assets.exportSpannerDatabases
cloudasset.assets.exportSpannerInstances
cloudasset.assets.exportSqladminInstances
cloudasset.assets.exportStorageBuckets
Data Catalog Added datacatalog.categories.fineGrainedGet
datacatalog.categories.getIamPolicy
datacatalog.categories.setIamPolicy
datacatalog.taxonomies.create
datacatalog.taxonomies.delete
datacatalog.taxonomies.get
datacatalog.taxonomies.getIamPolicy
datacatalog.taxonomies.list
datacatalog.taxonomies.setIamPolicy
datacatalog.taxonomies.update
Identity-Aware Proxy Added iap.projects.getSettings
iap.projects.updateSettings
NetApp Cloud Volumes Service Added netappcloudvolumes.jobs.get
netappcloudvolumes.jobs.list
Redis Enterprise Cloud Added redisenterprisecloud.databases.create
redisenterprisecloud.databases.delete
redisenterprisecloud.databases.get
redisenterprisecloud.databases.list
redisenterprisecloud.databases.update
redisenterprisecloud.subscriptions.create
redisenterprisecloud.subscriptions.delete
redisenterprisecloud.subscriptions.get
redisenterprisecloud.subscriptions.list
redisenterprisecloud.subscriptions.update

Cloud IAM changes as of 2019-10-25

Service Change Description
Identity-Aware Proxy Now GA

The role roles/iap.tunnelResourceAccessor (IAP-secured Tunnel User) is now GA.

Managed Service for Microsoft Active Directory Now GA

The role roles/managedidentities.admin (Google Cloud Managed Identities Admin) is now GA.

Managed Service for Microsoft Active Directory Now GA

The role roles/managedidentities.domainAdmin (Google Cloud Managed Identities Domain Admin) is now GA.

Managed Service for Microsoft Active Directory Now GA

The role roles/managedidentities.viewer (Google Cloud Managed Identities Viewer) is now GA.

Actions Added actions.agentVersions.get
Actions Supported In Custom Roles actions.agentVersions.get
Actions Now GA actions.agentVersions.get
Dialogflow Added