This page describes changes to the public Identity and Access Management (IAM) permissions for all Generally Available (GA) and Preview services on Google Cloud. This change log can help you maintain and troubleshoot your custom roles.
When a permission is retired or is no longer supported in custom roles, IAM automatically removes the permission from your custom roles. In contrast, when a permission is added, IAM does not automatically add the permission to your custom roles.
For changes that occurred before 2022, see Archived permissions change log.
You can see the latest product updates for all of Google Cloud on the Google Cloud page, browse and filter all release notes in the Google Cloud console, or you can programmatically access release notes in BigQuery.
To get the latest product updates delivered to you, add the URL of this page to your
feed
reader, or add the feed URL directly: https://cloud.google.com/feeds/cloud-iam-permissions-change-log.xml
Upcoming Cloud IAM changes for the week of 2022-08-08
Service | Change | Description |
---|---|---|
AI Platform | Role Updated |
The following permissions have been added to the role bigquery.models.create bigquery.models.getData bigquery.readsessions.getData |
Connectors | Now GA |
The role |
Firebase App Check | Role Updated |
The following permissions have been added to the role serviceusage.services.use |
Cloud Integrations | Role Updated |
The following permissions have been added to the role connectors.actions.execute connectors.actions.list connectors.connections.executeSqlQuery connectors.entities.create connectors.entities.delete connectors.entities.deleteEntitiesWithConditions connectors.entities.get connectors.entities.list connectors.entities.update connectors.entities.updateEntitiesWithConditions connectors.entityTypes.list integrations.apigeeSuspensions.lift integrations.authConfigs.create integrations.authConfigs.delete integrations.authConfigs.get integrations.authConfigs.list integrations.authConfigs.update integrations.certificates.create integrations.certificates.delete integrations.certificates.get integrations.certificates.list integrations.certificates.update integrations.executions.list integrations.integrationVersions.create integrations.integrationVersions.delete integrations.integrationVersions.deploy integrations.integrationVersions.get integrations.integrationVersions.list integrations.integrationVersions.update integrations.integrations.create integrations.integrations.delete integrations.integrations.deploy integrations.integrations.get integrations.integrations.list integrations.integrations.update integrations.sfdcChannels.create integrations.sfdcChannels.delete integrations.sfdcChannels.get integrations.sfdcChannels.list integrations.sfdcChannels.update integrations.sfdcInstances.create integrations.sfdcInstances.delete integrations.sfdcInstances.get integrations.sfdcInstances.list integrations.sfdcInstances.update integrations.suspensions.lift integrations.suspensions.list integrations.suspensions.resolve pubsub.schemas.attach pubsub.schemas.create pubsub.schemas.delete pubsub.schemas.get pubsub.schemas.list pubsub.schemas.validate pubsub.snapshots.get pubsub.snapshots.list pubsub.snapshots.seek pubsub.topics.attachSubscription pubsub.topics.get pubsub.topics.list pubsub.topics.publish resourcemanager.projects.get resourcemanager.projects.list serviceusage.quotas.get serviceusage.services.get serviceusage.services.list |
Google Cloud Migration Center | Now GA |
The role |
Cloud Bigtable | Added |
bigtable.instances.createTagBinding bigtable.instances.deleteTagBinding bigtable.instances.listEffectiveTags bigtable.instances.listTagBindings |
Cloud Bigtable | Now GA |
bigtable.instances.createTagBinding bigtable.instances.deleteTagBinding bigtable.instances.listEffectiveTags bigtable.instances.listTagBindings |
Connectors | Added |
connectors.actions.execute connectors.actions.list connectors.connections.executeSqlQuery connectors.entities.create connectors.entities.delete connectors.entities.deleteEntitiesWithConditions connectors.entities.get connectors.entities.list connectors.entities.update connectors.entities.updateEntitiesWithConditions connectors.entityTypes.list |
Connectors | Supported In Custom Roles |
connectors.actions.execute connectors.actions.list connectors.connections.executeSqlQuery connectors.entities.create connectors.entities.delete connectors.entities.deleteEntitiesWithConditions connectors.entities.get connectors.entities.list connectors.entities.update connectors.entities.updateEntitiesWithConditions connectors.entityTypes.list |
Connectors | Now GA |
connectors.actions.execute connectors.actions.list connectors.connections.executeSqlQuery connectors.entities.create connectors.entities.delete connectors.entities.deleteEntitiesWithConditions connectors.entities.get connectors.entities.list connectors.entities.update connectors.entities.updateEntitiesWithConditions connectors.entityTypes.list |
Google Cloud Migration Center | Added |
migrationcenter.assets.create migrationcenter.assets.delete migrationcenter.assets.get migrationcenter.assets.list migrationcenter.assets.reportFrames migrationcenter.assets.update migrationcenter.groups.create migrationcenter.groups.delete migrationcenter.groups.get migrationcenter.groups.list migrationcenter.groups.update migrationcenter.importJobs.create migrationcenter.importJobs.delete migrationcenter.importJobs.get migrationcenter.importJobs.list migrationcenter.importJobs.update migrationcenter.locations.get migrationcenter.locations.list migrationcenter.operations.cancel migrationcenter.operations.delete migrationcenter.operations.get migrationcenter.operations.list migrationcenter.sources.create migrationcenter.sources.delete migrationcenter.sources.get migrationcenter.sources.list migrationcenter.sources.update |
Google Cloud Migration Center | Supported In Custom Roles |
migrationcenter.assets.create migrationcenter.assets.delete migrationcenter.assets.get migrationcenter.assets.list migrationcenter.assets.reportFrames migrationcenter.assets.update migrationcenter.groups.create migrationcenter.groups.delete migrationcenter.groups.get migrationcenter.groups.list migrationcenter.groups.update migrationcenter.importJobs.create migrationcenter.importJobs.delete migrationcenter.importJobs.get migrationcenter.importJobs.list migrationcenter.importJobs.update migrationcenter.locations.get migrationcenter.locations.list migrationcenter.operations.cancel migrationcenter.operations.delete migrationcenter.operations.get migrationcenter.operations.list migrationcenter.sources.create migrationcenter.sources.delete migrationcenter.sources.get migrationcenter.sources.list migrationcenter.sources.update |
Retail API | Now GA |
retail.attributesConfigs.addCatalogAttribute retail.attributesConfigs.get retail.attributesConfigs.removeCatalogAttribute retail.attributesConfigs.replaceCatalogAttribute retail.attributesConfigs.update |
Cloud IAM changes as of 2022-08-05
Service | Change | Description |
---|---|---|
Artifact Registry | Role Updated |
The following permissions have been added to the role artifactregistry.versions.delete |
Backup and Disaster Recovery | Now GA |
The role |
Backup and Disaster Recovery | Now GA |
The role |
Backup and Disaster Recovery | Now GA |
The role |
Multi Cluster Ingress | Role Updated |
The following permissions have been added to the role container.customResourceDefinitions.list |
Backup and Disaster Recovery | Added |
backupdr.locations.get backupdr.locations.list backupdr.managementServers.backupAccess backupdr.managementServers.create backupdr.managementServers.delete backupdr.managementServers.get backupdr.managementServers.getIamPolicy backupdr.managementServers.list backupdr.managementServers.manageInternalACL backupdr.managementServers.setIamPolicy backupdr.operations.cancel backupdr.operations.delete backupdr.operations.get backupdr.operations.list |
Backup and Disaster Recovery | Supported In Custom Roles |
backupdr.locations.get backupdr.locations.list backupdr.managementServers.backupAccess backupdr.managementServers.create backupdr.managementServers.delete backupdr.managementServers.get backupdr.managementServers.getIamPolicy backupdr.managementServers.list backupdr.managementServers.manageInternalACL backupdr.managementServers.setIamPolicy backupdr.operations.cancel backupdr.operations.delete backupdr.operations.get backupdr.operations.list |
Backup and Disaster Recovery | Now GA |
backupdr.locations.get backupdr.locations.list backupdr.managementServers.backupAccess backupdr.managementServers.create backupdr.managementServers.delete backupdr.managementServers.get backupdr.managementServers.getIamPolicy backupdr.managementServers.list backupdr.managementServers.manageInternalACL backupdr.managementServers.setIamPolicy backupdr.operations.cancel backupdr.operations.delete backupdr.operations.get backupdr.operations.list |
Commerce Offer Catalog | Added |
commerceoffercatalog.documents.get |
Cloud Commerce Consumer Procurement | Added |
consumerprocurement.consents.check consumerprocurement.consents.grant consumerprocurement.consents.list consumerprocurement.consents.revoke |
Maps Admin | Added |
mapsadmin.styleSnapshots.list mapsadmin.styleSnapshots.update |
Maps Admin | Now GA |
mapsadmin.styleSnapshots.list mapsadmin.styleSnapshots.update |
Cloud IAM changes as of 2022-07-29
Service | Change | Description |
---|---|---|
Network Management API | Role Updated |
The following permissions have been added to the role resourcemanager.organizations.get |
Network Management API | Role Updated |
The following permissions have been added to the role resourcemanager.organizations.get |
Cloud Run | Role Updated |
The following permissions have been added to the role compute.networks.get |
Cloud Run | Role Updated |
The following permissions have been added to the role compute.networks.get |
Assured Workloads | Added |
assuredworkloads.violations.update |
Assured Workloads | Supported In Custom Roles |
assuredworkloads.violations.update |
Assured Workloads | Now GA |
assuredworkloads.violations.update |
Cloud Asset Inventory | Added |
cloudasset.assets.exportOSInventories |
Cloud Asset Inventory | Supported In Custom Roles |
cloudasset.assets.exportOSInventories |
Cloud Asset Inventory | Now GA |
cloudasset.assets.exportOSInventories |
Translation | Added |
cloudtranslate.glossaries.update cloudtranslate.glossaryentries.create cloudtranslate.glossaryentries.delete cloudtranslate.glossaryentries.get cloudtranslate.glossaryentries.list cloudtranslate.glossaryentries.update |
Translation | Supported In Custom Roles |
cloudtranslate.glossaries.update |
Translation | Now GA |
cloudtranslate.glossaries.update cloudtranslate.glossaryentries.create cloudtranslate.glossaryentries.delete cloudtranslate.glossaryentries.get cloudtranslate.glossaryentries.list cloudtranslate.glossaryentries.update |
Compute Engine | Added |
compute.regionTargetHttpsProxies.update compute.targetHttpsProxies.update |
Compute Engine | Now GA |
compute.regionTargetHttpsProxies.update compute.targetHttpsProxies.update |
Timeseries Insights | Added |
timeseriesinsights.locations.get timeseriesinsights.locations.list |
Timeseries Insights | Supported In Custom Roles |
timeseriesinsights.locations.get timeseriesinsights.locations.list |
Cloud IAM changes as of 2022-07-22
Service | Change | Description |
---|---|---|
Cloud Billing | Role Updated |
The following permissions have been added to the role cloudsupport.properties.get cloudsupport.techCases.create cloudsupport.techCases.escalate cloudsupport.techCases.get cloudsupport.techCases.list cloudsupport.techCases.update resourcemanager.projects.get resourcemanager.projects.list |
Workload Certificate | Role Updated |
The following permissions have been added to the role container.customResourceDefinitions.create container.customResourceDefinitions.get container.customResourceDefinitions.list |
Bare Metal Solution | Added |
baremetalsolution.volumes.resize |
Bare Metal Solution | Supported In Custom Roles |
baremetalsolution.volumes.resize |
Bare Metal Solution | Now GA |
baremetalsolution.volumes.resize |
Eventarc | Added |
eventarc.channels.attach eventarc.googleChannelConfigs.get eventarc.googleChannelConfigs.update |
Eventarc | Supported In Custom Roles |
eventarc.channels.attach eventarc.googleChannelConfigs.get eventarc.googleChannelConfigs.update |
Firebase Realtime Database | Added |
firebasedatabase.instances.delete firebasedatabase.instances.disable firebasedatabase.instances.reenable firebasedatabase.instances.undelete |
Firebase Realtime Database | Supported In Custom Roles |
firebasedatabase.instances.delete firebasedatabase.instances.disable firebasedatabase.instances.reenable firebasedatabase.instances.undelete |
Firebase Realtime Database | Now GA |
firebasedatabase.instances.delete firebasedatabase.instances.disable firebasedatabase.instances.reenable firebasedatabase.instances.undelete |
Retail API | Added |
retail.servingConfigs.predict retail.servingConfigs.search |
Cloud IAM changes as of 2022-07-15
Service | Change | Description |
---|---|---|
AI Platform | Role Updated |
The following permissions have been added to the role aiplatform.entityTypes.getIamPolicy aiplatform.entityTypes.setIamPolicy aiplatform.featurestores.getIamPolicy aiplatform.featurestores.setIamPolicy |
Google Kubernetes Engine | Now GA |
The role |
Eventarc | Role Updated |
The following permissions have been added to the role cloudfunctions.functions.get |
Identity-Aware Proxy | Now GA |
The role |
Identity-Aware Proxy | Now GA |
The role |
Cloud Integrations | Now GA |
The role |
Cloud Integrations | Now GA |
The role |
Cloud Integrations | Now GA |
The role |
Cloud Integrations | Now GA |
The role |
Cloud Integrations | Now GA |
The role |
Cloud Integrations | Now GA |
The role |
Cloud Integrations | Now GA |
The role |
Cloud Integrations | Now GA |
The role |
Cloud Integrations | Now GA |
The role |
Cloud Integrations | Now GA |
The role |
Anthos Service Mesh control plane | Role Updated |
The following permissions have been added to the role container.clusters.update |
Visual Inspection AI | Role Updated |
The following permissions have been added to the role aiplatform.entityTypes.getIamPolicy aiplatform.entityTypes.setIamPolicy aiplatform.featurestores.getIamPolicy aiplatform.featurestores.setIamPolicy |
AI Platform | Added |
aiplatform.entityTypes.deleteFeatureValues |
BeyondCorp Enterprise | Added |
beyondcorp.appConnections.create beyondcorp.appConnections.delete beyondcorp.appConnections.get beyondcorp.appConnections.getIamPolicy beyondcorp.appConnections.list beyondcorp.appConnections.setIamPolicy beyondcorp.appConnections.update beyondcorp.appConnectors.create beyondcorp.appConnectors.delete beyondcorp.appConnectors.get beyondcorp.appConnectors.getIamPolicy beyondcorp.appConnectors.list beyondcorp.appConnectors.reportStatus beyondcorp.appConnectors.setIamPolicy beyondcorp.appConnectors.update beyondcorp.appGateways.create beyondcorp.appGateways.delete beyondcorp.appGateways.get beyondcorp.appGateways.getIamPolicy beyondcorp.appGateways.list beyondcorp.appGateways.setIamPolicy beyondcorp.appGateways.update beyondcorp.clientConnectorServices.access beyondcorp.clientConnectorServices.create beyondcorp.clientConnectorServices.delete beyondcorp.clientConnectorServices.get beyondcorp.clientConnectorServices.getIamPolicy beyondcorp.clientConnectorServices.list beyondcorp.clientConnectorServices.setIamPolicy beyondcorp.clientConnectorServices.update beyondcorp.clientGateways.create beyondcorp.clientGateways.delete beyondcorp.clientGateways.get beyondcorp.clientGateways.getIamPolicy beyondcorp.clientGateways.list beyondcorp.clientGateways.setIamPolicy beyondcorp.locations.get beyondcorp.locations.list beyondcorp.operations.cancel beyondcorp.operations.delete beyondcorp.operations.get beyondcorp.operations.list |
BeyondCorp Enterprise | Supported In Custom Roles |
beyondcorp.appConnections.create beyondcorp.appConnections.delete beyondcorp.appConnections.get beyondcorp.appConnections.getIamPolicy beyondcorp.appConnections.list beyondcorp.appConnections.setIamPolicy beyondcorp.appConnections.update beyondcorp.appConnectors.create beyondcorp.appConnectors.delete beyondcorp.appConnectors.get beyondcorp.appConnectors.getIamPolicy beyondcorp.appConnectors.list beyondcorp.appConnectors.reportStatus beyondcorp.appConnectors.setIamPolicy beyondcorp.appConnectors.update beyondcorp.appGateways.create beyondcorp.appGateways.delete beyondcorp.appGateways.get beyondcorp.appGateways.getIamPolicy beyondcorp.appGateways.list beyondcorp.appGateways.setIamPolicy beyondcorp.appGateways.update beyondcorp.clientConnectorServices.access beyondcorp.clientConnectorServices.create beyondcorp.clientConnectorServices.delete beyondcorp.clientConnectorServices.get beyondcorp.clientConnectorServices.getIamPolicy beyondcorp.clientConnectorServices.list beyondcorp.clientConnectorServices.setIamPolicy beyondcorp.clientConnectorServices.update beyondcorp.clientGateways.create beyondcorp.clientGateways.delete beyondcorp.clientGateways.get beyondcorp.clientGateways.getIamPolicy beyondcorp.clientGateways.list beyondcorp.clientGateways.setIamPolicy beyondcorp.locations.get beyondcorp.locations.list beyondcorp.operations.cancel beyondcorp.operations.delete beyondcorp.operations.get beyondcorp.operations.list |
Identity-Aware Proxy | Now GA |
iap.tunnelDestGroups.accessViaIAP iap.tunnelDestGroups.create iap.tunnelDestGroups.delete iap.tunnelDestGroups.get iap.tunnelDestGroups.getIamPolicy iap.tunnelDestGroups.list iap.tunnelDestGroups.setIamPolicy iap.tunnelDestGroups.update iap.tunnelLocations.getIamPolicy iap.tunnelLocations.setIamPolicy |
Cloud Integrations | Added |
integrations.authConfigs.create integrations.authConfigs.delete integrations.authConfigs.get integrations.authConfigs.list integrations.authConfigs.update integrations.certificates.create integrations.certificates.delete integrations.certificates.get integrations.certificates.list integrations.certificates.update integrations.executions.list integrations.integrationVersions.create integrations.integrationVersions.delete integrations.integrationVersions.deploy integrations.integrationVersions.get integrations.integrationVersions.invoke integrations.integrationVersions.list integrations.integrationVersions.update integrations.integrations.create integrations.integrations.delete integrations.integrations.deploy integrations.integrations.get integrations.integrations.invoke integrations.integrations.list integrations.integrations.update integrations.sfdcChannels.create integrations.sfdcChannels.delete integrations.sfdcChannels.get integrations.sfdcChannels.list integrations.sfdcChannels.update integrations.sfdcInstances.create integrations.sfdcInstances.delete integrations.sfdcInstances.get integrations.sfdcInstances.list integrations.sfdcInstances.update integrations.suspensions.lift integrations.suspensions.list integrations.suspensions.resolve |
Cloud Integrations | Now GA |
integrations.authConfigs.create integrations.authConfigs.delete integrations.authConfigs.get integrations.authConfigs.list integrations.authConfigs.update integrations.certificates.create integrations.certificates.delete integrations.certificates.get integrations.certificates.list integrations.certificates.update integrations.executions.list integrations.integrationVersions.create integrations.integrationVersions.delete integrations.integrationVersions.deploy integrations.integrationVersions.get integrations.integrationVersions.invoke integrations.integrationVersions.list integrations.integrationVersions.update integrations.integrations.create integrations.integrations.delete integrations.integrations.deploy integrations.integrations.get integrations.integrations.invoke integrations.integrations.list integrations.integrations.update integrations.sfdcChannels.create integrations.sfdcChannels.delete integrations.sfdcChannels.get integrations.sfdcChannels.list integrations.sfdcChannels.update integrations.sfdcInstances.create integrations.sfdcInstances.delete integrations.sfdcInstances.get integrations.sfdcInstances.list integrations.sfdcInstances.update integrations.suspensions.lift integrations.suspensions.list integrations.suspensions.resolve |
Secured Landing Zone | Added |
securedlandingzone.operations.get securedlandingzone.overwatches.activate securedlandingzone.overwatches.create securedlandingzone.overwatches.delete securedlandingzone.overwatches.get securedlandingzone.overwatches.list securedlandingzone.overwatches.suspend securedlandingzone.overwatches.update |
Secured Landing Zone | Supported In Custom Roles |
securedlandingzone.overwatches.activate securedlandingzone.overwatches.suspend |
Cloud IAM changes as of 2022-06-24
Service | Change | Description |
---|---|---|
Anthos Config Management | Role Updated |
The following permissions have been added to the role container.clusters.get |
Batch API | Now GA |
The role |
Firebase Test Lab | Role Updated |
The following permissions have been added to the role storage.objects.delete |
Apigee | Added |
apigee.securityProfileEnvironments.computeScore apigee.securityProfileEnvironments.create apigee.securityProfileEnvironments.delete apigee.securityProfiles.get apigee.securityProfiles.list apigee.securityStats.queryTabularStats apigee.securityStats.queryTimeSeriesStats |
Apigee | Now GA |
apigee.securityProfileEnvironments.computeScore apigee.securityProfileEnvironments.create apigee.securityProfileEnvironments.delete apigee.securityProfiles.get apigee.securityProfiles.list apigee.securityStats.queryTabularStats apigee.securityStats.queryTimeSeriesStats |
Cloud IAM changes as of 2022-06-17
Service | Change | Description |
---|---|---|
Care Studio | Now GA |
The role |
Translation | Role Updated |
The following permissions have been added to the role automl.datasets.export automl.datasets.get automl.datasets.list automl.models.get automl.models.list automl.operations.get |
Cloud Composer | Role Updated |
The following permissions have been added to the role resourcemanager.projects.getIamPolicy |
Google Kubernetes Engine | Role Updated |
The following permissions have been added to the role dns.managedZones.getIamPolicy dns.policies.getIamPolicy |
Dialogflow | Role Updated |
The following permissions have been added to the role pubsub.snapshots.seek pubsub.subscriptions.consume pubsub.topics.attachSubscription |
Cloud DNS | Role Updated |
The following permissions have been added to the role dns.managedZones.getIamPolicy dns.policies.getIamPolicy |
Document AI | Role Updated |
The following permissions have been added to the role documentai.humanReviewConfigs.review |
Basic Role | Role Updated |
The following permissions have been added to the role dns.managedZones.getIamPolicy dns.policies.getIamPolicy |
Cloud Integrations | Role Updated |
The following permissions have been added to the role pubsub.snapshots.create pubsub.snapshots.delete pubsub.snapshots.update pubsub.topics.create pubsub.topics.delete pubsub.topics.detachSubscription pubsub.topics.update pubsub.topics.updateTag |
Service Networking | Role Updated |
The following permissions have been added to the role dns.managedZones.getIamPolicy dns.policies.getIamPolicy |
Basic Role | Role Updated |
The following permissions have been added to the role dns.managedZones.getIamPolicy dns.policies.getIamPolicy |
Basic Role | Role Updated |
The following permissions have been removed from the role apigee.archivedeployments.upload |
Bare Metal Solution | Added |
baremetalsolution.instancequotas.list baremetalsolution.networkquotas.list baremetalsolution.volumequotas.list |
Bare Metal Solution | Supported In Custom Roles |
baremetalsolution.instancequotas.list baremetalsolution.networkquotas.list baremetalsolution.volumequotas.list |
Bare Metal Solution | Now GA |
baremetalsolution.instancequotas.list baremetalsolution.networkquotas.list baremetalsolution.volumequotas.list |
Batch API | Added |
batch.jobs.create batch.jobs.delete batch.jobs.get batch.jobs.list batch.locations.get batch.locations.list batch.operations.get batch.operations.list batch.states.report batch.tasks.get batch.tasks.list |
Batch API | Supported In Custom Roles |
batch.jobs.create batch.jobs.delete batch.jobs.get batch.jobs.list batch.locations.get batch.locations.list batch.operations.get batch.operations.list batch.states.report batch.tasks.get batch.tasks.list |
BigQuery | Supported In Custom Roles |
bigquery.dataPolicies.create bigquery.dataPolicies.delete bigquery.dataPolicies.get bigquery.dataPolicies.getIamPolicy bigquery.dataPolicies.list bigquery.dataPolicies.maskedGet bigquery.dataPolicies.setIamPolicy bigquery.dataPolicies.update |
Cloud Bigtable | Added |
bigtable.tables.undelete |
Cloud Bigtable | Now GA |
bigtable.tables.undelete |
Care Studio | Now GA |
carestudio.patients.get carestudio.patients.list |
Cloud Integrations | Added |
integrations.apigeeSuspensions.lift |
Cloud Integrations | Now GA |
integrations.apigeeSuspensions.lift |
Service Networking | Added |
servicenetworking.services.createPeeredDnsDomain servicenetworking.services.deletePeeredDnsDomain servicenetworking.services.listPeeredDnsDomains |
Service Networking | Supported In Custom Roles |
servicenetworking.services.createPeeredDnsDomain servicenetworking.services.deletePeeredDnsDomain servicenetworking.services.listPeeredDnsDomains |
Timeseries Insights | Added |
timeseriesinsights.datasets.create timeseriesinsights.datasets.delete timeseriesinsights.datasets.evaluate timeseriesinsights.datasets.list timeseriesinsights.datasets.query timeseriesinsights.datasets.update |
Cloud IAM changes as of 2022-06-10
Service | Change | Description |
---|---|---|
App Engine | Role Updated |
The following permissions have been added to the role appengine.memcache.addKey appengine.memcache.flush appengine.memcache.get appengine.memcache.update |
Cloud Composer | Role Updated |
The following permissions have been added to the role appengine.memcache.addKey appengine.memcache.flush appengine.memcache.get appengine.memcache.update |
Compute Engine | Role Updated |
The following permissions have been added to the role storage.objects.create storage.objects.get storage.objects.list storage.objects.update |
Dataplex | Role Updated |
The following permissions have been added to the role cloudasset.assets.analyzeIamPolicy cloudasset.assets.searchAllIamPolicies cloudasset.assets.searchAllResources |
Dataplex | Role Updated |
The following permissions have been added to the role cloudasset.assets.analyzeIamPolicy |
Dataplex | Role Updated |
The following permissions have been added to the role cloudasset.assets.analyzeIamPolicy |
Cloud Integrations | Now GA |
The role |
Dataproc Metastore | Now GA |
The role |
Resource Manager | Now GA |
The role |
Resource Manager | Now GA |
The role |
Resource Manager | Now GA |
The role |
Resource Manager | Now GA |
The role |
Access Approval | Added |
accessapproval.requests.invalidate |
Access Approval | Supported In Custom Roles |
accessapproval.requests.invalidate |
AlloyDB for PostgreSQL | Added |
alloydb.backups.create alloydb.backups.delete alloydb.backups.get alloydb.backups.list alloydb.backups.update alloydb.clusters.create alloydb.clusters.delete alloydb.clusters.generateClientCertificate alloydb.clusters.get alloydb.clusters.list alloydb.clusters.update alloydb.instances.connect alloydb.instances.create alloydb.instances.delete alloydb.instances.failover alloydb.instances.get alloydb.instances.list alloydb.instances.restart alloydb.instances.update alloydb.locations.get alloydb.locations.list alloydb.operations.cancel alloydb.operations.delete alloydb.operations.get alloydb.operations.list alloydb.supportedDatabaseFlags.get alloydb.supportedDatabaseFlags.list |
Artifact Registry | Added |
artifactregistry.mavenartifacts.get artifactregistry.mavenartifacts.list artifactregistry.npmpackages.get artifactregistry.npmpackages.list artifactregistry.pythonpackages.get artifactregistry.pythonpackages.list |
Artifact Registry | Now GA |
artifactregistry.mavenartifacts.get artifactregistry.mavenartifacts.list artifactregistry.npmpackages.get artifactregistry.npmpackages.list artifactregistry.pythonpackages.get artifactregistry.pythonpackages.list |
AutoML | Added |
automl.files.delete automl.files.list |
Bare Metal Solution | Added |
baremetalsolution.instances.attachVolume baremetalsolution.instances.detachVolume |
Bare Metal Solution | Supported In Custom Roles |
baremetalsolution.instances.attachVolume baremetalsolution.instances.detachVolume |
Bare Metal Solution | Now GA |
baremetalsolution.instances.attachVolume baremetalsolution.instances.detachVolume |
Cloud Billing | Added |
billing.accounts.getCarbonInformation |
Cloud Billing | Supported In Custom Roles |
billing.accounts.getCarbonInformation |
Cloud Billing | Now GA |
billing.accounts.getCarbonInformation |
Google Cloud Deploy | Added |
clouddeploy.releases.abandon |
Google Cloud Deploy | Supported In Custom Roles |
clouddeploy.releases.abandon |
Commerce Price Management | Added |
commerceprice.privateoffers.cancel |
Commerce Price Management | Supported In Custom Roles |
commerceprice.privateoffers.cancel |
Datastream | Added |
datastream.connectionProfiles.createTagBinding datastream.connectionProfiles.deleteTagBinding datastream.connectionProfiles.listEffectiveTags datastream.connectionProfiles.listTagBindings datastream.privateConnections.createTagBinding datastream.privateConnections.deleteTagBinding datastream.privateConnections.listEffectiveTags datastream.privateConnections.listTagBindings datastream.streams.createTagBinding datastream.streams.deleteTagBinding datastream.streams.listEffectiveTags datastream.streams.listTagBindings |
Cloud DNS | Added |
dns.managedZones.getIamPolicy dns.managedZones.setIamPolicy |
Cloud DNS | Supported In Custom Roles |
dns.managedZones.getIamPolicy dns.managedZones.setIamPolicy |
Identity and Access Management | Added |
iam.serviceAccountKeys.disable iam.serviceAccountKeys.enable |
Identity and Access Management | Supported In Custom Roles |
iam.serviceAccountKeys.disable iam.serviceAccountKeys.enable |
Identity and Access Management | Now GA |
iam.serviceAccountKeys.disable iam.serviceAccountKeys.enable |
Dataproc Metastore | Added |
metastore.federations.create metastore.federations.delete metastore.federations.get metastore.federations.getIamPolicy metastore.federations.list metastore.federations.setIamPolicy metastore.federations.update metastore.federations.use |
Dataproc Metastore | Supported In Custom Roles |
metastore.federations.create metastore.federations.delete metastore.federations.get metastore.federations.getIamPolicy metastore.federations.list metastore.federations.setIamPolicy metastore.federations.update metastore.federations.use |
Dataproc Metastore | Now GA |
metastore.federations.create metastore.federations.delete metastore.federations.get metastore.federations.getIamPolicy metastore.federations.list metastore.federations.setIamPolicy metastore.federations.update metastore.federations.use |
Resource Manager | Now GA |
resourcemanager.hierarchyNodes.createTagBinding resourcemanager.hierarchyNodes.deleteTagBinding resourcemanager.hierarchyNodes.listTagBindings resourcemanager.resourceTagBindings.create resourcemanager.resourceTagBindings.delete resourcemanager.resourceTagBindings.list resourcemanager.tagHolds.create resourcemanager.tagHolds.delete resourcemanager.tagHolds.list resourcemanager.tagKeys.create resourcemanager.tagKeys.delete resourcemanager.tagKeys.get resourcemanager.tagKeys.getIamPolicy resourcemanager.tagKeys.list resourcemanager.tagKeys.setIamPolicy resourcemanager.tagKeys.update resourcemanager.tagValueBindings.create resourcemanager.tagValueBindings.delete resourcemanager.tagValues.create resourcemanager.tagValues.delete resourcemanager.tagValues.get resourcemanager.tagValues.getIamPolicy resourcemanager.tagValues.list resourcemanager.tagValues.setIamPolicy resourcemanager.tagValues.update |
Cloud IAM changes as of 2022-05-27
Service | Change | Description |
---|---|---|
AlloyDB for PostgreSQL | Now GA |
The role |
Compute Engine | Role Updated |
The following permissions have been added to the role compute.addresses.use compute.addresses.useInternal compute.disks.create compute.disks.setLabels compute.disks.use compute.disks.useReadOnly compute.images.useReadOnly compute.instanceTemplates.useReadOnly compute.instances.create compute.instances.createTagBinding compute.instances.setDeletionProtection compute.instances.setLabels compute.instances.setMetadata compute.instances.setServiceAccount compute.instances.setTags compute.instances.updateDisplayDevice compute.machineImages.useReadOnly compute.networks.use compute.networks.useExternalIp compute.resourcePolicies.use compute.snapshots.useReadOnly compute.subnetworks.use compute.subnetworks.useExternalIp |
Dataflow | Role Updated |
The following permissions have been added to the role monitoring.timeSeries.create |
Live Stream | Role Updated |
The following permissions have been added to the role storage.objects.get storage.objects.list |
Cloud Run | Role Updated |
The following permissions have been added to the role compute.addresses.createInternal compute.addresses.deleteInternal compute.addresses.get compute.addresses.list compute.subnetworks.get compute.subnetworks.use |
Cloud Run | Role Updated |
The following permissions have been added to the role compute.addresses.createInternal compute.addresses.deleteInternal compute.addresses.get compute.addresses.list compute.subnetworks.get compute.subnetworks.use |
AI Platform | Added |
aiplatform.entityTypes.getIamPolicy aiplatform.entityTypes.setIamPolicy aiplatform.featurestores.getIamPolicy aiplatform.featurestores.setIamPolicy |
Container Security | Added |
containersecurity.locations.get containersecurity.locations.list |
Network Management API | Added |
networkmanagement.config.get networkmanagement.config.startFreeTrial networkmanagement.config.update |
Network Management API | Supported In Custom Roles |
networkmanagement.config.get networkmanagement.config.startFreeTrial networkmanagement.config.update |
Network Management API | Now GA |
networkmanagement.config.get networkmanagement.config.startFreeTrial networkmanagement.config.update |
Network Services | Added |
networkservices.tlsRoutes.create networkservices.tlsRoutes.delete networkservices.tlsRoutes.get networkservices.tlsRoutes.list networkservices.tlsRoutes.update networkservices.tlsRoutes.use |
Network Services | Supported In Custom Roles |
networkservices.tlsRoutes.create networkservices.tlsRoutes.delete networkservices.tlsRoutes.get networkservices.tlsRoutes.list networkservices.tlsRoutes.update networkservices.tlsRoutes.use |
reCAPTCHA Enterprise | Added |
recaptchaenterprise.keys.retrievelegacysecretkey |
Transfer Appliance | Added |
transferappliance.appliances.create transferappliance.appliances.delete transferappliance.appliances.get transferappliance.appliances.list transferappliance.appliances.update transferappliance.locations.get transferappliance.locations.list transferappliance.operations.cancel transferappliance.operations.delete transferappliance.operations.get transferappliance.operations.list transferappliance.orders.create transferappliance.orders.delete transferappliance.orders.get transferappliance.orders.list transferappliance.orders.update |
Transfer Appliance | Supported In Custom Roles |
transferappliance.appliances.create transferappliance.appliances.delete transferappliance.appliances.get transferappliance.appliances.list transferappliance.appliances.update transferappliance.locations.get transferappliance.locations.list transferappliance.operations.cancel transferappliance.operations.delete transferappliance.operations.get transferappliance.operations.list transferappliance.orders.create transferappliance.orders.delete transferappliance.orders.get transferappliance.orders.list transferappliance.orders.update |
Cloud IAM changes as of 2022-05-20
Service | Change | Description |
---|---|---|
Anthos Service Mesh | Role Updated |
The following permissions have been added to the role container.jobs.create container.jobs.delete container.jobs.get container.jobs.list container.jobs.update |
Backup for GKE | Role Updated |
The following permissions have been added to the role compute.disks.list compute.disks.setLabels |
AI Platform | Added |
aiplatform.humanInTheLoops.queryAnnotationStats |
Bare Metal Solution | Added |
baremetalsolution.luns.create baremetalsolution.luns.delete baremetalsolution.luns.update baremetalsolution.volumes.create baremetalsolution.volumes.delete |
Bare Metal Solution | Supported In Custom Roles |
baremetalsolution.luns.create baremetalsolution.luns.delete baremetalsolution.luns.update baremetalsolution.volumes.create baremetalsolution.volumes.delete |
Bare Metal Solution | Now GA |
baremetalsolution.luns.create baremetalsolution.luns.delete baremetalsolution.luns.update baremetalsolution.volumes.create baremetalsolution.volumes.delete |
BigQuery | Added |
bigquery.datasets.createTagBinding bigquery.datasets.deleteTagBinding bigquery.datasets.listTagBindings |
BigQuery | Supported In Custom Roles |
bigquery.datasets.createTagBinding bigquery.datasets.deleteTagBinding bigquery.datasets.listTagBindings |
Recommender | Added |
recommender.containerDiagnosisInsights.get recommender.containerDiagnosisInsights.list recommender.containerDiagnosisInsights.update recommender.containerDiagnosisRecommendations.get recommender.containerDiagnosisRecommendations.list recommender.containerDiagnosisRecommendations.update |
Recommender | Supported In Custom Roles |
recommender.containerDiagnosisInsights.get recommender.containerDiagnosisInsights.list recommender.containerDiagnosisInsights.update recommender.containerDiagnosisRecommendations.get recommender.containerDiagnosisRecommendations.list recommender.containerDiagnosisRecommendations.update |
Service Security Insights | Added |
servicesecurityinsights.securityInfo.list |
Service Security Insights | Supported In Custom Roles |
servicesecurityinsights.securityInfo.list |
Cloud IAM changes as of 2022-05-13
Service | Change | Description |
---|---|---|
Assured Workloads | Role Updated |
The following permissions have been added to the role logging.cmekSettings.update |
Maps Admin | Now GA |
The role |
Maps Admin | Now GA |
The role |
Security Command Center | Role Updated |
The following permissions have been added to the role orgpolicy.policies.list |
Security Command Center | Role Updated |
The following permissions have been added to the role orgpolicy.policies.list |
Service Security Insights | Role Added |
The role servicesecurityinsights.clusterSecurityInfo.get servicesecurityinsights.clusterSecurityInfo.list servicesecurityinsights.clusters.get servicesecurityinsights.clusters.list servicesecurityinsights.googleapis.com/clusterSecurityInfo.get servicesecurityinsights.googleapis.com/clusterSecurityInfo.list servicesecurityinsights.googleapis.com/clusters.get servicesecurityinsights.googleapis.com/clusters.list servicesecurityinsights.googleapis.com/locations.get servicesecurityinsights.googleapis.com/locations.list servicesecurityinsights.googleapis.com/namespaces.get servicesecurityinsights.googleapis.com/namespaces.list servicesecurityinsights.googleapis.com/policies.get servicesecurityinsights.googleapis.com/policyTypes.get servicesecurityinsights.googleapis.com/policyTypes.list servicesecurityinsights.googleapis.com/projectStates.get servicesecurityinsights.googleapis.com/securityInfo.list servicesecurityinsights.googleapis.com/securityViews.get servicesecurityinsights.googleapis.com/workloadPolicies.list servicesecurityinsights.googleapis.com/workloadSecurityInfo.get servicesecurityinsights.googleapis.com/workloadTypes.get servicesecurityinsights.googleapis.com/workloadTypes.list servicesecurityinsights.googleapis.com/workloads.get servicesecurityinsights.googleapis.com/workloads.list servicesecurityinsights.locations.get servicesecurityinsights.locations.list servicesecurityinsights.namespaces.get servicesecurityinsights.namespaces.list servicesecurityinsights.policies.get servicesecurityinsights.policyTypes.get servicesecurityinsights.policyTypes.list servicesecurityinsights.projectStates.get servicesecurityinsights.securityInfo.list servicesecurityinsights.securityViews.get servicesecurityinsights.workloadPolicies.list servicesecurityinsights.workloadSecurityInfo.get servicesecurityinsights.workloadTypes.get servicesecurityinsights.workloadTypes.list servicesecurityinsights.workloads.get servicesecurityinsights.workloads.list |
Apigee | Added |
apigee.keyvaluemapentries.create apigee.keyvaluemapentries.delete apigee.keyvaluemapentries.get |
Apigee | Supported In Custom Roles |
apigee.keyvaluemapentries.create apigee.keyvaluemapentries.delete apigee.keyvaluemapentries.get |
Apigee | Now GA |
apigee.keyvaluemapentries.create apigee.keyvaluemapentries.delete apigee.keyvaluemapentries.get |
Artifact Registry | Added |
artifactregistry.locations.get artifactregistry.locations.list |
Artifact Registry | Supported In Custom Roles |
artifactregistry.locations.get artifactregistry.locations.list |
Artifact Registry | Now GA |
artifactregistry.locations.get artifactregistry.locations.list |
Care Studio | Added |
carestudio.patients.get carestudio.patients.list |
Identity-Aware Proxy | Added |
iap.tunnelDestGroups.accessViaIAP iap.tunnelDestGroups.create iap.tunnelDestGroups.delete iap.tunnelDestGroups.get iap.tunnelDestGroups.getIamPolicy iap.tunnelDestGroups.list iap.tunnelDestGroups.setIamPolicy iap.tunnelDestGroups.update iap.tunnelLocations.getIamPolicy iap.tunnelLocations.setIamPolicy |
Identity-Aware Proxy | Supported In Custom Roles |
iap.tunnelDestGroups.accessViaIAP iap.tunnelDestGroups.create iap.tunnelDestGroups.delete iap.tunnelDestGroups.get iap.tunnelDestGroups.getIamPolicy iap.tunnelDestGroups.list iap.tunnelDestGroups.setIamPolicy iap.tunnelDestGroups.update iap.tunnelLocations.getIamPolicy iap.tunnelLocations.setIamPolicy |
Maps Admin | Added |
mapsadmin.clientMaps.create mapsadmin.clientMaps.delete mapsadmin.clientMaps.get mapsadmin.clientMaps.list mapsadmin.clientMaps.update mapsadmin.clientStyleActivationRules.update mapsadmin.clientStyleSheetSnapshots.list mapsadmin.clientStyleSheetSnapshots.update mapsadmin.clientStyles.create mapsadmin.clientStyles.delete mapsadmin.clientStyles.get mapsadmin.clientStyles.list mapsadmin.clientStyles.update mapsadmin.styleEditorConfigs.get |
Maps Admin | Supported In Custom Roles |
mapsadmin.clientMaps.create mapsadmin.clientMaps.delete mapsadmin.clientMaps.get mapsadmin.clientMaps.list mapsadmin.clientMaps.update mapsadmin.clientStyleActivationRules.update mapsadmin.clientStyleSheetSnapshots.list mapsadmin.clientStyleSheetSnapshots.update mapsadmin.clientStyles.create mapsadmin.clientStyles.delete mapsadmin.clientStyles.get mapsadmin.clientStyles.list mapsadmin.clientStyles.update mapsadmin.styleEditorConfigs.get |
Maps Admin | Now GA |
mapsadmin.clientMaps.create mapsadmin.clientMaps.delete mapsadmin.clientMaps.get mapsadmin.clientMaps.list mapsadmin.clientMaps.update mapsadmin.clientStyleActivationRules.update mapsadmin.clientStyleSheetSnapshots.list mapsadmin.clientStyleSheetSnapshots.update mapsadmin.clientStyles.create mapsadmin.clientStyles.delete mapsadmin.clientStyles.get mapsadmin.clientStyles.list mapsadmin.clientStyles.update mapsadmin.styleEditorConfigs.get |
Certificate Authority Service | Added |
privateca.caPools.use |
Certificate Authority Service | Now GA |
privateca.caPools.use |
Cloud IAM changes as of 2022-05-06
Service | Change | Description |
---|---|---|
Cloud Billing | Now GA |
The role |
Cloud Functions | Role Updated |
The following permissions have been added to the role run.operations.delete run.operations.get run.operations.list |
Cloud Functions | Role Updated |
The following permissions have been added to the role run.operations.delete run.operations.get run.operations.list |
Firebase App Check | Now GA |
The role |
Firebase App Check | Now GA |
The role |
Recommender | Now GA |
The role |
Recommender | Now GA |
The role |
Cloud Run | Role Updated |
The following permissions have been added to the role run.operations.delete run.operations.get run.operations.list |
Container Security | Added |
containersecurity.clusterSummaries.list containersecurity.workloadConfigAudits.list |
Container Security | Supported In Custom Roles |
containersecurity.clusterSummaries.list containersecurity.workloadConfigAudits.list |
Eventarc | Added |
eventarc.channelConnections.create eventarc.channelConnections.delete eventarc.channelConnections.get eventarc.channelConnections.getIamPolicy eventarc.channelConnections.list eventarc.channelConnections.publish eventarc.channelConnections.setIamPolicy |
Eventarc | Supported In Custom Roles |
eventarc.channelConnections.create eventarc.channelConnections.delete eventarc.channelConnections.get eventarc.channelConnections.getIamPolicy eventarc.channelConnections.list eventarc.channelConnections.publish eventarc.channelConnections.setIamPolicy |
Firebase App Check | Added |
firebaseappcheck.recaptchaV3Config.get firebaseappcheck.recaptchaV3Config.update |
Firebase App Check | Now GA |
firebaseappcheck.appAttestConfig.get firebaseappcheck.appAttestConfig.update firebaseappcheck.debugTokens.get firebaseappcheck.debugTokens.update firebaseappcheck.deviceCheckConfig.get firebaseappcheck.deviceCheckConfig.update firebaseappcheck.playIntegrityConfig.get firebaseappcheck.playIntegrityConfig.update firebaseappcheck.recaptchaEnterpriseConfig.get firebaseappcheck.recaptchaEnterpriseConfig.update firebaseappcheck.recaptchaV3Config.get firebaseappcheck.recaptchaV3Config.update firebaseappcheck.safetyNetConfig.get firebaseappcheck.safetyNetConfig.update firebaseappcheck.services.get firebaseappcheck.services.update |
Managed Service for Microsoft Active Directory | Added |
managedidentities.domains.extendSchema |
Managed Service for Microsoft Active Directory | Supported In Custom Roles |
managedidentities.domains.extendSchema |
Recommender | Added |
recommender.gmpProjectManagementInsights.get recommender.gmpProjectManagementInsights.list recommender.gmpProjectManagementInsights.update recommender.gmpProjectManagementRecommendations.get recommender.gmpProjectManagementRecommendations.list recommender.gmpProjectManagementRecommendations.update recommender.gmpProjectProductSuggestionsInsights.get recommender.gmpProjectProductSuggestionsInsights.list recommender.gmpProjectProductSuggestionsInsights.update recommender.gmpProjectProductSuggestionsRecommendations.get recommender.gmpProjectProductSuggestionsRecommendations.list recommender.gmpProjectProductSuggestionsRecommendations.update recommender.gmpProjectQuotaInsights.get recommender.gmpProjectQuotaInsights.list recommender.gmpProjectQuotaInsights.update recommender.gmpProjectQuotaRecommendations.get recommender.gmpProjectQuotaRecommendations.list recommender.gmpProjectQuotaRecommendations.update |
Recommender | Supported In Custom Roles |
recommender.gmpProjectManagementInsights.get recommender.gmpProjectManagementInsights.list recommender.gmpProjectManagementInsights.update recommender.gmpProjectManagementRecommendations.get recommender.gmpProjectManagementRecommendations.list recommender.gmpProjectManagementRecommendations.update recommender.gmpProjectProductSuggestionsInsights.get recommender.gmpProjectProductSuggestionsInsights.list recommender.gmpProjectProductSuggestionsInsights.update recommender.gmpProjectProductSuggestionsRecommendations.get recommender.gmpProjectProductSuggestionsRecommendations.list recommender.gmpProjectProductSuggestionsRecommendations.update recommender.gmpProjectQuotaInsights.get recommender.gmpProjectQuotaInsights.list recommender.gmpProjectQuotaInsights.update recommender.gmpProjectQuotaRecommendations.get recommender.gmpProjectQuotaRecommendations.list recommender.gmpProjectQuotaRecommendations.update |
Recommender | Now GA |
recommender.gmpProjectManagementInsights.get recommender.gmpProjectManagementInsights.list recommender.gmpProjectManagementInsights.update recommender.gmpProjectManagementRecommendations.get recommender.gmpProjectManagementRecommendations.list recommender.gmpProjectManagementRecommendations.update recommender.gmpProjectProductSuggestionsInsights.get recommender.gmpProjectProductSuggestionsInsights.list recommender.gmpProjectProductSuggestionsInsights.update recommender.gmpProjectProductSuggestionsRecommendations.get recommender.gmpProjectProductSuggestionsRecommendations.list recommender.gmpProjectProductSuggestionsRecommendations.update recommender.gmpProjectQuotaInsights.get recommender.gmpProjectQuotaInsights.list recommender.gmpProjectQuotaInsights.update recommender.gmpProjectQuotaRecommendations.get recommender.gmpProjectQuotaRecommendations.list recommender.gmpProjectQuotaRecommendations.update |
Cloud Run | Added |
run.executions.delete run.executions.get run.executions.list run.jobs.create run.jobs.delete run.jobs.get run.jobs.getIamPolicy run.jobs.list run.jobs.run run.jobs.setIamPolicy run.jobs.update run.tasks.get run.tasks.list |
Cloud Run | Supported In Custom Roles |
run.jobs.run run.jobs.update |
Cloud Run | Now GA |
run.executions.delete run.executions.get run.executions.list run.jobs.create run.jobs.delete run.jobs.get run.jobs.getIamPolicy run.jobs.list run.jobs.run run.jobs.setIamPolicy run.jobs.update run.tasks.get run.tasks.list |
Service Security Insights | Added |
servicesecurityinsights.clusterSecurityInfo.get servicesecurityinsights.clusterSecurityInfo.list servicesecurityinsights.policies.get servicesecurityinsights.projectStates.get servicesecurityinsights.securityViews.get servicesecurityinsights.workloadPolicies.list servicesecurityinsights.workloadSecurityInfo.get |
Cloud IAM changes as of 2022-04-29
Service | Change | Description |
---|---|---|
Apigee | Role Updated |
The following permissions have been added to the role apigee.keyvaluemaps.create apigee.keyvaluemaps.delete |
Content Warehouse | Role Updated |
The following permissions have been removed from the role contentwarehouse.documents.create contentwarehouse.documents.delete contentwarehouse.documents.setIamPolicy |
Dataflow | Role Updated |
The following permissions have been added to the role cloudbuild.builds.create cloudbuild.builds.get cloudbuild.builds.list cloudbuild.builds.update remotebuildexecution.blobs.get |
Dataflow | Role Updated |
The following permissions have been added to the role cloudbuild.builds.create cloudbuild.builds.get cloudbuild.builds.list cloudbuild.builds.update remotebuildexecution.blobs.get |
Dataflow | Role Updated |
The following permissions have been added to the role dataflow.jobs.cancel dataflow.jobs.create dataflow.jobs.get dataflow.jobs.list dataflow.jobs.snapshot dataflow.jobs.updateContents dataflow.messages.list dataflow.metrics.get dataflow.snapshots.delete dataflow.snapshots.get dataflow.snapshots.list recommender.dataflowDiagnosticsInsights.get recommender.dataflowDiagnosticsInsights.list recommender.dataflowDiagnosticsInsights.update serviceusage.services.use |
Data Pipelines | Role Updated |
The following permissions have been added to the role cloudbuild.builds.create cloudbuild.builds.get cloudbuild.builds.list cloudbuild.builds.update remotebuildexecution.blobs.get |
Dataprep by Trifacta | Role Updated |
The following permissions have been added to the role cloudbuild.builds.create cloudbuild.builds.get cloudbuild.builds.list cloudbuild.builds.update remotebuildexecution.blobs.get |
Firebase Mods | Role Updated |
The following permissions have been added to the role iam.serviceAccounts.actAs |
Speech-to-Text | Role Updated |
The following permissions have been added to the role speech.customClasses.get speech.customClasses.list speech.phraseSets.get speech.phraseSets.list |
Apigee | Added |
apigee.datalocation.get |
Apigee | Supported In Custom Roles |
apigee.datalocation.get |
Apigee | Now GA |
apigee.datalocation.get |
Compute Engine | Added |
compute.instances.createTagBinding compute.instances.deleteTagBinding compute.instances.listTagBindings |
Compute Engine | Now GA |
compute.instances.createTagBinding compute.instances.deleteTagBinding compute.instances.listTagBindings |
Eventarc | Added |
eventarc.channels.create eventarc.channels.delete eventarc.channels.get eventarc.channels.getIamPolicy eventarc.channels.list eventarc.channels.publish eventarc.channels.setIamPolicy eventarc.channels.undelete eventarc.channels.update |
Eventarc | Supported In Custom Roles |
eventarc.channels.create eventarc.channels.delete eventarc.channels.get eventarc.channels.getIamPolicy eventarc.channels.list eventarc.channels.publish eventarc.channels.setIamPolicy eventarc.channels.undelete eventarc.channels.update |
Firebase App Check | Added |
firebaseappcheck.playIntegrityConfig.get firebaseappcheck.playIntegrityConfig.update |
Firebase App Check | Supported In Custom Roles |
firebaseappcheck.playIntegrityConfig.get firebaseappcheck.playIntegrityConfig.update |
Recommender | Added |
recommender.costInsights.get recommender.costInsights.list recommender.costInsights.update recommender.runServiceIdentityInsights.get recommender.runServiceIdentityInsights.list recommender.runServiceIdentityInsights.update recommender.runServiceIdentityRecommendations.get recommender.runServiceIdentityRecommendations.list recommender.runServiceIdentityRecommendations.update |
Recommender | Supported In Custom Roles |
recommender.runServiceIdentityInsights.get recommender.runServiceIdentityInsights.list recommender.runServiceIdentityInsights.update recommender.runServiceIdentityRecommendations.get recommender.runServiceIdentityRecommendations.list recommender.runServiceIdentityRecommendations.update |
Recommender | Now GA |
recommender.runServiceIdentityInsights.get recommender.runServiceIdentityInsights.list recommender.runServiceIdentityInsights.update recommender.runServiceIdentityRecommendations.get recommender.runServiceIdentityRecommendations.list recommender.runServiceIdentityRecommendations.update |
Cloud IAM changes as of 2022-04-22
Service | Change | Description |
---|---|---|
BigQuery Migration API | Now GA |
The role |
BigQuery Migration API | Now GA |
The role |
BigQuery Migration API | Now GA |
The role |
BigQuery Migration API | Now GA |
The role |
BigQuery Migration API | Now GA |
The role |
Google Kubernetes Engine | Role Updated |
The following permissions have been added to the role serviceusage.services.use |
Storage Transfer Service | Role Updated |
The following permissions have been removed from the role pubsub.snapshots.seek |
BigQuery Migration API | Now GA |
bigquerymigration.locations.get bigquerymigration.locations.list bigquerymigration.subtaskTypes.executeTask bigquerymigration.subtasks.create bigquerymigration.subtasks.executeTask bigquerymigration.subtasks.get bigquerymigration.subtasks.list bigquerymigration.taskTypes.orchestrateTask bigquerymigration.translation.translate bigquerymigration.workflows.create bigquerymigration.workflows.delete bigquerymigration.workflows.get bigquerymigration.workflows.list bigquerymigration.workflows.orchestrateTask bigquerymigration.workflows.update bigquerymigration.workflows.writeLogs |
Cloud Key Management Service | Added |
cloudkms.keyRings.listEffectiveTags |
Cloud Key Management Service | Now GA |
cloudkms.keyRings.listEffectiveTags |
Cloud Optimization | Added |
cloudoptimization.operations.create cloudoptimization.operations.get |
Cloud Optimization | Supported In Custom Roles |
cloudoptimization.operations.create cloudoptimization.operations.get |
Cloud SQL | Added |
cloudsql.instances.listEffectiveTags cloudsql.users.get |
Cloud SQL | Supported In Custom Roles |
cloudsql.users.get |
Cloud SQL | Now GA |
cloudsql.instances.listEffectiveTags cloudsql.users.get |
Compute Engine | Added |
compute.disks.listEffectiveTags compute.images.listEffectiveTags compute.instances.listEffectiveTags compute.snapshots.listEffectiveTags |
Google Kubernetes Engine | Added |
container.clusters.createTagBinding container.clusters.deleteTagBinding container.clusters.listEffectiveTags container.clusters.listTagBindings |
Google Kubernetes Engine | Now GA |
container.clusters.createTagBinding container.clusters.deleteTagBinding container.clusters.listEffectiveTags container.clusters.listTagBindings |
Cloud Domains | Added |
domains.registrations.listEffectiveTags |
Cloud Domains | Now GA |
domains.registrations.listEffectiveTags |
Filestore | Added |
file.backups.listEffectiveTags file.instances.listEffectiveTags file.snapshots.listEffectiveTags |
GKE Hub | Supported In Custom Roles |
gkehub.features.create gkehub.features.delete gkehub.features.get gkehub.features.getIamPolicy gkehub.features.list gkehub.features.setIamPolicy gkehub.features.update |
Managed Service for Microsoft Active Directory | Added |
managedidentities.domains.listEffectiveTags |
Managed Service for Microsoft Active Directory | Now GA |
managedidentities.domains.listEffectiveTags |
Recommender | Added |
recommender.computeInstanceCpuUsageInsights.get recommender.computeInstanceCpuUsageInsights.list recommender.computeInstanceCpuUsageInsights.update recommender.computeInstanceCpuUsagePredictionInsights.get recommender.computeInstanceCpuUsagePredictionInsights.list recommender.computeInstanceCpuUsagePredictionInsights.update recommender.computeInstanceCpuUsageTrendInsights.get recommender.computeInstanceCpuUsageTrendInsights.list recommender.computeInstanceCpuUsageTrendInsights.update recommender.computeInstanceGroupManagerCpuUsageInsights.get recommender.computeInstanceGroupManagerCpuUsageInsights.list recommender.computeInstanceGroupManagerCpuUsageInsights.update recommender.computeInstanceGroupManagerCpuUsagePredictionInsights.get recommender.computeInstanceGroupManagerCpuUsagePredictionInsights.list recommender.computeInstanceGroupManagerCpuUsagePredictionInsights.update recommender.computeInstanceGroupManagerCpuUsageTrendInsights.get recommender.computeInstanceGroupManagerCpuUsageTrendInsights.list recommender.computeInstanceGroupManagerCpuUsageTrendInsights.update recommender.computeInstanceGroupManagerMemoryUsageInsights.get recommender.computeInstanceGroupManagerMemoryUsageInsights.list recommender.computeInstanceGroupManagerMemoryUsageInsights.update recommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.get recommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.list recommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.update recommender.computeInstanceMemoryUsageInsights.get recommender.computeInstanceMemoryUsageInsights.list recommender.computeInstanceMemoryUsageInsights.update recommender.computeInstanceMemoryUsagePredictionInsights.get recommender.computeInstanceMemoryUsagePredictionInsights.list recommender.computeInstanceMemoryUsagePredictionInsights.update recommender.computeInstanceNetworkThroughputInsights.get recommender.computeInstanceNetworkThroughputInsights.list recommender.computeInstanceNetworkThroughputInsights.update recommender.spendBasedCommitmentInsights.get recommender.spendBasedCommitmentInsights.list recommender.spendBasedCommitmentInsights.update recommender.spendBasedCommitmentRecommendations.get recommender.spendBasedCommitmentRecommendations.list recommender.spendBasedCommitmentRecommendations.update |
Recommender | Supported In Custom Roles |
recommender.computeInstanceCpuUsageInsights.get recommender.computeInstanceCpuUsageInsights.list recommender.computeInstanceCpuUsageInsights.update recommender.computeInstanceCpuUsagePredictionInsights.get recommender.computeInstanceCpuUsagePredictionInsights.list recommender.computeInstanceCpuUsagePredictionInsights.update recommender.computeInstanceCpuUsageTrendInsights.get recommender.computeInstanceCpuUsageTrendInsights.list recommender.computeInstanceCpuUsageTrendInsights.update recommender.computeInstanceGroupManagerCpuUsageInsights.get recommender.computeInstanceGroupManagerCpuUsageInsights.list recommender.computeInstanceGroupManagerCpuUsageInsights.update recommender.computeInstanceGroupManagerCpuUsagePredictionInsights.get recommender.computeInstanceGroupManagerCpuUsagePredictionInsights.list recommender.computeInstanceGroupManagerCpuUsagePredictionInsights.update recommender.computeInstanceGroupManagerCpuUsageTrendInsights.get recommender.computeInstanceGroupManagerCpuUsageTrendInsights.list recommender.computeInstanceGroupManagerCpuUsageTrendInsights.update recommender.computeInstanceGroupManagerMemoryUsageInsights.get recommender.computeInstanceGroupManagerMemoryUsageInsights.list recommender.computeInstanceGroupManagerMemoryUsageInsights.update recommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.get recommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.list recommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.update recommender.computeInstanceMemoryUsageInsights.get recommender.computeInstanceMemoryUsageInsights.list recommender.computeInstanceMemoryUsageInsights.update recommender.computeInstanceMemoryUsagePredictionInsights.get recommender.computeInstanceMemoryUsagePredictionInsights.list recommender.computeInstanceMemoryUsagePredictionInsights.update recommender.computeInstanceNetworkThroughputInsights.get recommender.computeInstanceNetworkThroughputInsights.list recommender.computeInstanceNetworkThroughputInsights.update recommender.spendBasedCommitmentInsights.get recommender.spendBasedCommitmentInsights.list recommender.spendBasedCommitmentInsights.update recommender.spendBasedCommitmentRecommendations.get recommender.spendBasedCommitmentRecommendations.list recommender.spendBasedCommitmentRecommendations.update |
Recommender | Now GA |
recommender.computeInstanceCpuUsageInsights.get recommender.computeInstanceCpuUsageInsights.list recommender.computeInstanceCpuUsageInsights.update recommender.computeInstanceCpuUsagePredictionInsights.get recommender.computeInstanceCpuUsagePredictionInsights.list recommender.computeInstanceCpuUsagePredictionInsights.update recommender.computeInstanceCpuUsageTrendInsights.get recommender.computeInstanceCpuUsageTrendInsights.list recommender.computeInstanceCpuUsageTrendInsights.update recommender.computeInstanceGroupManagerCpuUsageInsights.get recommender.computeInstanceGroupManagerCpuUsageInsights.list recommender.computeInstanceGroupManagerCpuUsageInsights.update recommender.computeInstanceGroupManagerCpuUsagePredictionInsights.get recommender.computeInstanceGroupManagerCpuUsagePredictionInsights.list recommender.computeInstanceGroupManagerCpuUsagePredictionInsights.update recommender.computeInstanceGroupManagerCpuUsageTrendInsights.get recommender.computeInstanceGroupManagerCpuUsageTrendInsights.list recommender.computeInstanceGroupManagerCpuUsageTrendInsights.update recommender.computeInstanceGroupManagerMemoryUsageInsights.get recommender.computeInstanceGroupManagerMemoryUsageInsights.list recommender.computeInstanceGroupManagerMemoryUsageInsights.update recommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.get recommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.list recommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.update recommender.computeInstanceMemoryUsageInsights.get recommender.computeInstanceMemoryUsageInsights.list recommender.computeInstanceMemoryUsageInsights.update recommender.computeInstanceMemoryUsagePredictionInsights.get recommender.computeInstanceMemoryUsagePredictionInsights.list recommender.computeInstanceMemoryUsagePredictionInsights.update recommender.computeInstanceNetworkThroughputInsights.get recommender.computeInstanceNetworkThroughputInsights.list recommender.computeInstanceNetworkThroughputInsights.update |
Resource Manager | Added |
resourcemanager.hierarchyNodes.listEffectiveTags |
Cloud Spanner | Added |
spanner.backups.copy |
Cloud Spanner | Supported In Custom Roles |
spanner.backups.copy |
Cloud Spanner | Now GA |
spanner.backups.copy |
Cloud Storage | Added |
storage.buckets.listEffectiveTags |
Cloud Storage | Now GA |
storage.buckets.listEffectiveTags |
Cloud IAM changes as of 2022-04-15
Service | Change | Description |
---|---|---|
AI Platform | Role Updated |
The following permissions have been added to the role aiplatform.entityTypes.exportFeatureValues |
AI Platform | Role Updated |
The following permissions have been added to the role aiplatform.entityTypes.exportFeatureValues |
Cloud Functions | Role Updated |
The following permissions have been added to the role cloudfunctions.functions.get cloudfunctions.functions.list cloudfunctions.operations.get cloudfunctions.operations.list |
Dataplex | Role Updated |
The following permissions have been added to the role dataplex.tasks.create dataplex.tasks.update |
Speech-to-Text | Now GA |
The role |
BigQuery | Added |
bigquery.dataPolicies.create bigquery.dataPolicies.delete bigquery.dataPolicies.get bigquery.dataPolicies.getIamPolicy bigquery.dataPolicies.list bigquery.dataPolicies.maskedGet bigquery.dataPolicies.setIamPolicy bigquery.dataPolicies.update |
BigQuery Migration API | Added |
bigquerymigration.locations.get bigquerymigration.locations.list bigquerymigration.subtaskTypes.executeTask bigquerymigration.subtasks.create bigquerymigration.subtasks.executeTask bigquerymigration.subtasks.get bigquerymigration.subtasks.list bigquerymigration.taskTypes.orchestrateTask bigquerymigration.translation.translate bigquerymigration.workflows.create bigquerymigration.workflows.delete bigquerymigration.workflows.get bigquerymigration.workflows.list bigquerymigration.workflows.orchestrateTask bigquerymigration.workflows.update bigquerymigration.workflows.writeLogs |
Compute Engine | Added |
compute.packetMirrorings.create compute.packetMirrorings.delete compute.packetMirrorings.get compute.packetMirrorings.list |
Compute Engine | Now GA |
compute.packetMirrorings.create compute.packetMirrorings.delete compute.packetMirrorings.get compute.packetMirrorings.list |
Cloud IAM changes as of 2022-04-08
Service | Change | Description |
---|---|---|
Assured Workloads | Role Updated |
The following permissions have been removed from the role cloudasset.assets.exportResource cloudasset.feeds.create cloudasset.feeds.delete cloudasset.feeds.get cloudasset.feeds.update |
Cloud Data Fusion | Role Updated |
The following permissions have been added to the role dns.managedZones.create dns.managedZones.delete dns.managedZones.get dns.managedZones.list dns.networks.bindPrivateDNSZone dns.networks.targetWithPeeringZone |
Dataproc | Role Updated |
The following permissions have been added to the role container.clusterRoleBindings.create container.clusterRoleBindings.delete container.clusterRoleBindings.get container.clusterRoleBindings.list container.clusterRoleBindings.update container.clusterRoles.bind container.clusterRoles.create container.clusterRoles.delete container.clusterRoles.escalate container.clusterRoles.get container.clusterRoles.list container.clusterRoles.update container.clusters.get container.clusters.update container.customResourceDefinitions.create container.customResourceDefinitions.delete container.customResourceDefinitions.get container.customResourceDefinitions.list container.customResourceDefinitions.update container.namespaces.create container.namespaces.delete container.namespaces.get container.namespaces.list container.namespaces.update container.operations.get container.roleBindings.create container.roleBindings.delete container.roleBindings.get container.roleBindings.list container.roleBindings.update container.roles.bind container.roles.escalate |
Recommender | Now GA |
The role |
Recommender | Now GA |
The role |
Apigee Registry | Added |
apigeeregistry.apis.create apigeeregistry.apis.delete apigeeregistry.apis.get apigeeregistry.apis.getIamPolicy apigeeregistry.apis.list apigeeregistry.apis.setIamPolicy apigeeregistry.apis.update apigeeregistry.artifacts.create apigeeregistry.artifacts.delete apigeeregistry.artifacts.get apigeeregistry.artifacts.getIamPolicy apigeeregistry.artifacts.list apigeeregistry.artifacts.setIamPolicy apigeeregistry.artifacts.update apigeeregistry.deployments.create apigeeregistry.deployments.delete apigeeregistry.deployments.get apigeeregistry.deployments.list apigeeregistry.deployments.update apigeeregistry.instances.get apigeeregistry.instances.update apigeeregistry.locations.get apigeeregistry.locations.list apigeeregistry.operations.cancel apigeeregistry.operations.delete apigeeregistry.operations.get apigeeregistry.operations.list apigeeregistry.specs.create apigeeregistry.specs.delete apigeeregistry.specs.get apigeeregistry.specs.getIamPolicy apigeeregistry.specs.list apigeeregistry.specs.setIamPolicy apigeeregistry.specs.update apigeeregistry.versions.create apigeeregistry.versions.delete apigeeregistry.versions.get apigeeregistry.versions.getIamPolicy apigeeregistry.versions.list apigeeregistry.versions.setIamPolicy apigeeregistry.versions.update |
Apigee Registry | Supported In Custom Roles |
apigeeregistry.apis.create apigeeregistry.apis.delete apigeeregistry.apis.get apigeeregistry.apis.getIamPolicy apigeeregistry.apis.list apigeeregistry.apis.setIamPolicy apigeeregistry.apis.update apigeeregistry.artifacts.create apigeeregistry.artifacts.delete apigeeregistry.artifacts.get apigeeregistry.artifacts.getIamPolicy apigeeregistry.artifacts.list apigeeregistry.artifacts.setIamPolicy apigeeregistry.artifacts.update apigeeregistry.deployments.create apigeeregistry.deployments.delete apigeeregistry.deployments.get apigeeregistry.deployments.list apigeeregistry.deployments.update apigeeregistry.instances.get apigeeregistry.instances.update apigeeregistry.locations.get apigeeregistry.locations.list apigeeregistry.operations.cancel apigeeregistry.operations.delete apigeeregistry.operations.get apigeeregistry.operations.list apigeeregistry.specs.create apigeeregistry.specs.delete apigeeregistry.specs.get apigeeregistry.specs.getIamPolicy apigeeregistry.specs.list apigeeregistry.specs.setIamPolicy apigeeregistry.specs.update apigeeregistry.versions.create apigeeregistry.versions.delete apigeeregistry.versions.get apigeeregistry.versions.getIamPolicy apigeeregistry.versions.list apigeeregistry.versions.setIamPolicy apigeeregistry.versions.update |
Anthos clusters on VMware (GKE on-prem) | Added |
gkeonprem.locations.get gkeonprem.locations.list gkeonprem.operations.cancel gkeonprem.operations.delete gkeonprem.operations.get gkeonprem.operations.list gkeonprem.vmwareClusters.create gkeonprem.vmwareClusters.delete gkeonprem.vmwareClusters.enroll gkeonprem.vmwareClusters.get gkeonprem.vmwareClusters.getIamPolicy gkeonprem.vmwareClusters.list gkeonprem.vmwareClusters.setIamPolicy gkeonprem.vmwareClusters.unenroll gkeonprem.vmwareClusters.update gkeonprem.vmwareNodePools.create gkeonprem.vmwareNodePools.delete gkeonprem.vmwareNodePools.get gkeonprem.vmwareNodePools.getIamPolicy gkeonprem.vmwareNodePools.list gkeonprem.vmwareNodePools.setIamPolicy gkeonprem.vmwareNodePools.update |
Anthos clusters on VMware (GKE on-prem) | Supported In Custom Roles |
gkeonprem.locations.get gkeonprem.locations.list gkeonprem.operations.cancel gkeonprem.operations.delete gkeonprem.operations.get gkeonprem.operations.list gkeonprem.vmwareClusters.create gkeonprem.vmwareClusters.delete gkeonprem.vmwareClusters.enroll gkeonprem.vmwareClusters.get gkeonprem.vmwareClusters.getIamPolicy gkeonprem.vmwareClusters.list gkeonprem.vmwareClusters.setIamPolicy gkeonprem.vmwareClusters.unenroll gkeonprem.vmwareClusters.update gkeonprem.vmwareNodePools.create gkeonprem.vmwareNodePools.delete gkeonprem.vmwareNodePools.get gkeonprem.vmwareNodePools.getIamPolicy gkeonprem.vmwareNodePools.list gkeonprem.vmwareNodePools.setIamPolicy gkeonprem.vmwareNodePools.update |
Memorystore for Memcached | Added |
memcache.instances.rescheduleMaintenance |
Memorystore for Memcached | Supported In Custom Roles |
memcache.instances.rescheduleMaintenance |
Memorystore for Memcached | Now GA |
memcache.instances.rescheduleMaintenance |
Recommender | Now GA |
recommender.errorReportingInsights.get recommender.errorReportingInsights.list recommender.errorReportingInsights.update recommender.errorReportingRecommendations.get recommender.errorReportingRecommendations.list recommender.errorReportingRecommendations.update |
Resource Manager | Added |
resourcemanager.tagHolds.create resourcemanager.tagHolds.delete resourcemanager.tagHolds.list |
Resource Manager | Supported In Custom Roles |
resourcemanager.tagHolds.create resourcemanager.tagHolds.delete resourcemanager.tagHolds.list |
Cloud IAM changes as of 2022-04-01
Service | Change | Description |
---|---|---|
Apigee | Role Updated |
The following permissions have been added to the role monitoring.timeSeries.list |
Apigee | Role Updated |
The following permissions have been added to the role monitoring.timeSeries.list |
Bare Metal Solution | Role Updated |
The following permissions have been added to the role baremetalsolution.luns.get baremetalsolution.luns.list |
Bare Metal Solution | Role Updated |
The following permissions have been added to the role baremetalsolution.luns.get baremetalsolution.luns.list |
Bare Metal Solution | Role Updated |
The following permissions have been added to the role baremetalsolution.luns.get baremetalsolution.luns.list |
Dataflow | Role Updated |
The following permissions have been added to the role recommender.dataflowDiagnosticsInsights.get recommender.dataflowDiagnosticsInsights.list recommender.dataflowDiagnosticsInsights.update |
Dataflow | Role Updated |
The following permissions have been added to the role recommender.dataflowDiagnosticsInsights.get recommender.dataflowDiagnosticsInsights.list recommender.dataflowDiagnosticsInsights.update |
Dataflow | Role Updated |
The following permissions have been added to the role recommender.dataflowDiagnosticsInsights.get recommender.dataflowDiagnosticsInsights.list |
Data Pipelines | Role Updated |
The following permissions have been added to the role recommender.dataflowDiagnosticsInsights.get recommender.dataflowDiagnosticsInsights.list recommender.dataflowDiagnosticsInsights.update |
Dataprep by Trifacta | Role Updated |
The following permissions have been added to the role recommender.dataflowDiagnosticsInsights.get recommender.dataflowDiagnosticsInsights.list recommender.dataflowDiagnosticsInsights.update |
Filestore | Added |
file.backups.createTagBinding file.backups.deleteTagBinding file.backups.listTagBindings file.instances.createTagBinding file.instances.deleteTagBinding file.instances.listTagBindings file.snapshots.createTagBinding file.snapshots.deleteTagBinding file.snapshots.listTagBindings |
GKE Hub | Available In Custom Roles |
gkehub.features.create gkehub.features.delete gkehub.features.get gkehub.features.getIamPolicy gkehub.features.list gkehub.features.setIamPolicy gkehub.features.update |
Notebooks | Added |
notebooks.runtimes.update |
Notebooks | Now GA |
notebooks.runtimes.update |
Cloud IAM changes as of 2022-03-25
Service | Change | Description |
---|---|---|
Recommendations AI | Role Updated |
The following permissions have been added to the role retail.retailProjects.get |
Recommendations AI | Role Updated |
The following permissions have been added to the role retail.retailProjects.get |
Recommendations AI | Role Updated |
The following permissions have been added to the role retail.retailProjects.get |
Recommendations AI | Role Updated |
The following permissions have been added to the role retail.retailProjects.get |
Firewall Insights | Role Updated |
The following permissions have been added to the role compute.networks.getEffectiveFirewalls |
Cloud Run | Role Updated |
The following permissions have been added to the role binaryauthorization.platformPolicies.evaluatePolicy |
Cloud Run | Role Updated |
The following permissions have been added to the role binaryauthorization.platformPolicies.evaluatePolicy |
Advisory Notifications | Added |
advisorynotifications.notifications.get advisorynotifications.notifications.list |
Analytics Hub | Added |
analyticshub.dataExchanges.create analyticshub.dataExchanges.delete analyticshub.dataExchanges.get analyticshub.dataExchanges.getIamPolicy analyticshub.dataExchanges.list analyticshub.dataExchanges.setIamPolicy analyticshub.dataExchanges.update analyticshub.listings.create analyticshub.listings.delete analyticshub.listings.get analyticshub.listings.getIamPolicy analyticshub.listings.list analyticshub.listings.setIamPolicy analyticshub.listings.subscribe analyticshub.listings.update |
Analytics Hub | Supported In Custom Roles |
analyticshub.dataExchanges.create analyticshub.dataExchanges.delete analyticshub.dataExchanges.get analyticshub.dataExchanges.getIamPolicy analyticshub.dataExchanges.list analyticshub.dataExchanges.setIamPolicy analyticshub.dataExchanges.update analyticshub.listings.create analyticshub.listings.delete analyticshub.listings.get analyticshub.listings.getIamPolicy analyticshub.listings.list analyticshub.listings.setIamPolicy analyticshub.listings.subscribe analyticshub.listings.update |
Apigee | Added |
apigee.keyvaluemapentries.list |
Apigee | Supported In Custom Roles |
apigee.keyvaluemapentries.list |
Apigee | Now GA |
apigee.keyvaluemapentries.list |
Artifact Registry | Added |
artifactregistry.repositories.createTagBinding artifactregistry.repositories.deleteTagBinding artifactregistry.repositories.listEffectiveTags artifactregistry.repositories.listTagBindings |
Artifact Registry | Supported In Custom Roles |
artifactregistry.repositories.createTagBinding artifactregistry.repositories.deleteTagBinding artifactregistry.repositories.listEffectiveTags artifactregistry.repositories.listTagBindings |
Artifact Registry | Now GA |
artifactregistry.repositories.createTagBinding artifactregistry.repositories.deleteTagBinding artifactregistry.repositories.listEffectiveTags artifactregistry.repositories.listTagBindings |
BigQuery | Added |
bigquery.tables.createIndex bigquery.tables.deleteIndex |
BigQuery | Supported In Custom Roles |
bigquery.tables.createIndex bigquery.tables.deleteIndex |
Compute Engine | Added |
compute.backendBuckets.setSecurityPolicy |
Compute Engine | Now GA |
compute.backendBuckets.setSecurityPolicy |
Datastore | Supported In Custom Roles |
datastore.databases.create datastore.databases.getMetadata datastore.databases.list datastore.databases.update |
Cloud Domains | Added |
domains.registrations.createTagBinding domains.registrations.deleteTagBinding domains.registrations.listTagBindings |
Cloud Domains | Now GA |
domains.registrations.createTagBinding domains.registrations.deleteTagBinding domains.registrations.listTagBindings |
Retail API | Added |
retail.retailProjects.get |
Cloud Run | Added |
run.services.createTagBinding run.services.deleteTagBinding run.services.listEffectiveTags run.services.listTagBindings |
Cloud Run | Supported In Custom Roles |
run.services.createTagBinding run.services.deleteTagBinding run.services.listEffectiveTags run.services.listTagBindings |
Cloud Run | Now GA |
run.services.createTagBinding run.services.deleteTagBinding run.services.listEffectiveTags run.services.listTagBindings |
Cloud IAM changes as of 2022-03-18
Service | Change | Description |
---|---|---|
Assured Workloads | Role Updated |
The following permissions have been added to the role assuredworkloads.violations.get assuredworkloads.violations.list |
Assured Workloads | Role Updated |
The following permissions have been added to the role assuredworkloads.violations.get assuredworkloads.violations.list |
Assured Workloads | Role Updated |
The following permissions have been added to the role assuredworkloads.violations.get assuredworkloads.violations.list |
Bare Metal Solution | Now GA |
The role |
Bare Metal Solution | Now GA |
The role |
Bare Metal Solution | Now GA |
The role |
Bare Metal Solution | Now GA |
The role |
Bare Metal Solution | Now GA |
The role |
Bare Metal Solution | Now GA |
The role |
Bare Metal Solution | Now GA |
The role |
Bare Metal Solution | Now GA |
The role |
Bare Metal Solution | Role Updated |
The following permissions have been added to the role baremetalsolution.instances.start |
Basic Role | Role Updated |
The following permissions have been added to the role assuredworkloads.violations.get assuredworkloads.violations.list |
Identity and Access Management | Role Updated |
The following permissions have been added to the role assuredworkloads.violations.list |
Identity and Access Management | Role Updated |
The following permissions have been added to the role assuredworkloads.violations.list |
Basic Role | Role Updated |
The following permissions have been added to the role assuredworkloads.violations.get assuredworkloads.violations.list |
Recommender | Now GA |
The role |
Recommender | Now GA |
The role |
Basic Role | Role Updated |
The following permissions have been added to the role assuredworkloads.violations.get assuredworkloads.violations.list |
Assured Workloads | Added |
assuredworkloads.violations.get assuredworkloads.violations.list |
Bare Metal Solution | Added |
baremetalsolution.instances.start baremetalsolution.instances.update baremetalsolution.networks.update baremetalsolution.nfsshares.get baremetalsolution.nfsshares.list baremetalsolution.nfsshares.update |
Bare Metal Solution | Supported In Custom Roles |
baremetalsolution.instances.start baremetalsolution.instances.update baremetalsolution.networks.update baremetalsolution.nfsshares.get baremetalsolution.nfsshares.list baremetalsolution.nfsshares.update |
Bare Metal Solution | Now GA |
baremetalsolution.instances.start baremetalsolution.instances.update baremetalsolution.networks.update baremetalsolution.nfsshares.get baremetalsolution.nfsshares.list baremetalsolution.nfsshares.update |
Recommender | Added |
recommender.dataflowDiagnosticsInsights.get recommender.dataflowDiagnosticsInsights.list recommender.dataflowDiagnosticsInsights.update recommender.errorReportingInsights.get recommender.errorReportingInsights.list recommender.errorReportingInsights.update recommender.errorReportingRecommendations.get recommender.errorReportingRecommendations.list recommender.errorReportingRecommendations.update |
Recommender | Supported In Custom Roles |
recommender.dataflowDiagnosticsInsights.get recommender.dataflowDiagnosticsInsights.list recommender.dataflowDiagnosticsInsights.update recommender.errorReportingInsights.get recommender.errorReportingInsights.list recommender.errorReportingInsights.update recommender.errorReportingRecommendations.get recommender.errorReportingRecommendations.list recommender.errorReportingRecommendations.update |
Recommender | Now GA |
recommender.dataflowDiagnosticsInsights.get recommender.dataflowDiagnosticsInsights.list recommender.dataflowDiagnosticsInsights.update |
Cloud IAM changes as of 2022-03-11
Service | Change | Description |
---|---|---|
App Engine flexible environment | Role Updated |
The following permissions have been added to the role compute.routes.list |
Edge Container | Now GA |
The role |
Edge Container | Now GA |
The role |
Edge Container | Now GA |
The role |
Basic Role | Role Updated |
The following permissions have been added to the role servicedirectory.networks.attach |
Backup for GKE | Now GA |
The role |
Basic Role | Role Updated |
The following permissions have been added to the role servicedirectory.networks.attach |
Retail API | Role Updated |
The following permissions have been added to the role retail.attributesConfigs.exportCatalogAttributes retail.controls.export |
Basic Role | Role Updated |
The following permissions have been added to the role retail.attributesConfigs.exportCatalogAttributes retail.controls.export |
Edge Container | Added |
edgecontainer.clusters.create edgecontainer.clusters.delete edgecontainer.clusters.generateAccessToken edgecontainer.clusters.get edgecontainer.clusters.getIamPolicy edgecontainer.clusters.list edgecontainer.clusters.setIamPolicy edgecontainer.clusters.update edgecontainer.locations.get edgecontainer.locations.list edgecontainer.machines.create edgecontainer.machines.delete edgecontainer.machines.get edgecontainer.machines.getIamPolicy edgecontainer.machines.list edgecontainer.machines.setIamPolicy edgecontainer.machines.update edgecontainer.machines.use edgecontainer.nodePools.create edgecontainer.nodePools.delete edgecontainer.nodePools.get edgecontainer.nodePools.getIamPolicy edgecontainer.nodePools.list edgecontainer.nodePools.setIamPolicy edgecontainer.nodePools.update edgecontainer.operations.cancel edgecontainer.operations.delete edgecontainer.operations.get edgecontainer.operations.list edgecontainer.vpnConnections.create edgecontainer.vpnConnections.delete edgecontainer.vpnConnections.get edgecontainer.vpnConnections.getIamPolicy edgecontainer.vpnConnections.list edgecontainer.vpnConnections.setIamPolicy edgecontainer.vpnConnections.update |
Edge Container | Supported In Custom Roles |
edgecontainer.clusters.create edgecontainer.clusters.delete edgecontainer.clusters.generateAccessToken edgecontainer.clusters.get edgecontainer.clusters.getIamPolicy edgecontainer.clusters.list edgecontainer.clusters.setIamPolicy edgecontainer.clusters.update edgecontainer.locations.get edgecontainer.locations.list edgecontainer.machines.create edgecontainer.machines.delete edgecontainer.machines.get edgecontainer.machines.getIamPolicy edgecontainer.machines.list edgecontainer.machines.setIamPolicy edgecontainer.machines.update edgecontainer.machines.use edgecontainer.nodePools.create edgecontainer.nodePools.delete edgecontainer.nodePools.get edgecontainer.nodePools.getIamPolicy edgecontainer.nodePools.list edgecontainer.nodePools.setIamPolicy edgecontainer.nodePools.update edgecontainer.operations.cancel edgecontainer.operations.delete edgecontainer.operations.get edgecontainer.operations.list edgecontainer.vpnConnections.create edgecontainer.vpnConnections.delete edgecontainer.vpnConnections.get edgecontainer.vpnConnections.getIamPolicy edgecontainer.vpnConnections.list edgecontainer.vpnConnections.setIamPolicy edgecontainer.vpnConnections.update |
Edge Container | Now GA |
edgecontainer.clusters.create edgecontainer.clusters.delete edgecontainer.clusters.generateAccessToken edgecontainer.clusters.get edgecontainer.clusters.getIamPolicy edgecontainer.clusters.list edgecontainer.clusters.setIamPolicy edgecontainer.clusters.update edgecontainer.locations.get edgecontainer.locations.list edgecontainer.machines.create edgecontainer.machines.delete edgecontainer.machines.get edgecontainer.machines.getIamPolicy edgecontainer.machines.list edgecontainer.machines.setIamPolicy edgecontainer.machines.update edgecontainer.machines.use edgecontainer.nodePools.create edgecontainer.nodePools.delete edgecontainer.nodePools.get edgecontainer.nodePools.getIamPolicy edgecontainer.nodePools.list edgecontainer.nodePools.setIamPolicy edgecontainer.nodePools.update edgecontainer.operations.cancel edgecontainer.operations.delete edgecontainer.operations.get edgecontainer.operations.list edgecontainer.vpnConnections.create edgecontainer.vpnConnections.delete edgecontainer.vpnConnections.get edgecontainer.vpnConnections.getIamPolicy edgecontainer.vpnConnections.list edgecontainer.vpnConnections.setIamPolicy edgecontainer.vpnConnections.update |
Retail API | Added |
retail.attributesConfigs.addCatalogAttribute retail.attributesConfigs.batchRemoveCatalogAttributes retail.attributesConfigs.exportCatalogAttributes retail.attributesConfigs.importCatalogAttributes retail.attributesConfigs.removeCatalogAttribute retail.attributesConfigs.replaceCatalogAttribute retail.controls.export retail.controls.import |
Storage Transfer Service | Added |
storagetransfer.agentpools.report storagetransfer.operations.assign storagetransfer.operations.report |
Storage Transfer Service | Now GA |
storagetransfer.agentpools.report storagetransfer.operations.assign storagetransfer.operations.report |
Cloud IAM changes as of 2022-03-04
Service | Change | Description |
---|---|---|
Apigee | Role Updated |
The following permissions have been added to the role apigee.envgroupattachments.get apigee.envgroupattachments.list apigee.envgroups.get apigee.envgroups.list apigee.environments.get apigee.environments.list apigee.organizations.get apigee.organizations.list resourcemanager.projects.get resourcemanager.projects.list |
Apigee | Role Updated |
The following permissions have been added to the role apigee.envgroupattachments.get apigee.envgroupattachments.list apigee.envgroups.get apigee.envgroups.list apigee.environments.get apigee.environments.list apigee.organizations.get apigee.organizations.list resourcemanager.projects.get resourcemanager.projects.list |
Dataplex | Role Updated |
The following permissions have been added to the role dataplex.operations.cancel dataplex.operations.delete dataplex.operations.get dataplex.operations.list |
Dataplex | Role Updated |
The following permissions have been added to the role dataplex.operations.get dataplex.operations.list |
Firebase | Role Updated |
The following permissions have been added to the role storage.buckets.list |
FleetEngine | Now GA |
The role |
FleetEngine | Now GA |
The role |
FleetEngine | Now GA |
The role |
FleetEngine | Now GA |
The role |
FleetEngine | Now GA |
The role |
Identity and Access Management | Now GA |
The role |
Managed Service for Microsoft Active Directory | Now GA |
The role |
Notebooks | Role Updated |
The following permissions have been added to the role iam.serviceAccounts.getAccessToken |
AI Platform | Added |
aiplatform.deploymentResourcePools.create aiplatform.deploymentResourcePools.delete aiplatform.deploymentResourcePools.get aiplatform.deploymentResourcePools.list aiplatform.deploymentResourcePools.queryDeployedModels aiplatform.deploymentResourcePools.update |
BigQuery | Added |
bigquery.connections.delegate bigquery.jobs.listExecutionMetadata |
BigQuery | Supported In Custom Roles |
bigquery.connections.delegate bigquery.jobs.listExecutionMetadata |
Cloud Key Management Service | Now GA |
cloudkms.ekmConnections.create cloudkms.ekmConnections.get cloudkms.ekmConnections.getIamPolicy cloudkms.ekmConnections.list cloudkms.ekmConnections.setIamPolicy cloudkms.ekmConnections.update cloudkms.ekmConnections.use |
FleetEngine | Added |
fleetengine.deliveryvehicles.create fleetengine.deliveryvehicles.get fleetengine.deliveryvehicles.list fleetengine.deliveryvehicles.update fleetengine.deliveryvehicles.updateLocation fleetengine.deliveryvehicles.updateVehicleStops fleetengine.tasks.create fleetengine.tasks.get fleetengine.tasks.list fleetengine.tasks.searchWithTrackingId fleetengine.tasks.update |
FleetEngine | Supported In Custom Roles |
fleetengine.deliveryvehicles.create fleetengine.deliveryvehicles.get fleetengine.deliveryvehicles.list fleetengine.deliveryvehicles.update fleetengine.deliveryvehicles.updateLocation fleetengine.deliveryvehicles.updateVehicleStops fleetengine.tasks.create fleetengine.tasks.get fleetengine.tasks.list fleetengine.tasks.searchWithTrackingId fleetengine.tasks.update |
FleetEngine | Now GA |
fleetengine.deliveryvehicles.create fleetengine.deliveryvehicles.get fleetengine.deliveryvehicles.list fleetengine.deliveryvehicles.update fleetengine.deliveryvehicles.updateLocation fleetengine.deliveryvehicles.updateVehicleStops fleetengine.tasks.create fleetengine.tasks.get fleetengine.tasks.list fleetengine.tasks.searchWithTrackingId fleetengine.tasks.update |
Cloud IAM changes as of 2022-02-25
Service | Change | Description |
---|---|---|
Dataform | Now GA |
The role |
Firestore | Role Updated |
The following permissions have been added to the role storage.objects.delete |
KRM API Hosting | Now GA |
The role |
KRM API Hosting | Now GA |
The role |
Managed Service for Microsoft Active Directory | Now GA |
The role |
Managed Service for Microsoft Active Directory | Now GA |
The role |
Dataform | Now GA |
The role |
Dialogflow | Added |
dialogflow.integrations.create dialogflow.integrations.delete dialogflow.integrations.get dialogflow.integrations.list dialogflow.integrations.update |
Dialogflow | Now GA |
dialogflow.integrations.create dialogflow.integrations.delete dialogflow.integrations.get dialogflow.integrations.list dialogflow.integrations.update |
Cloud Data Loss Prevention | Added |
dlp.locations.get dlp.locations.list |
Cloud Data Loss Prevention | Supported In Custom Roles |
dlp.locations.get dlp.locations.list |
Cloud Data Loss Prevention | Now GA |
dlp.locations.get dlp.locations.list |
Eventarc | Added |
eventarc.providers.get eventarc.providers.list |
Eventarc | Supported In Custom Roles |
eventarc.providers.get eventarc.providers.list |
Eventarc | Now GA |
eventarc.providers.get eventarc.providers.list |
KRM API Hosting | Now GA |
krmapihosting.krmApiHosts.create krmapihosting.krmApiHosts.delete krmapihosting.krmApiHosts.get krmapihosting.krmApiHosts.getIamPolicy krmapihosting.krmApiHosts.list krmapihosting.krmApiHosts.setIamPolicy krmapihosting.krmApiHosts.update krmapihosting.locations.get krmapihosting.locations.list krmapihosting.operations.cancel krmapihosting.operations.delete krmapihosting.operations.get krmapihosting.operations.list |
Managed Service for Microsoft Active Directory | Added |
managedidentities.backups.create managedidentities.backups.delete managedidentities.backups.get managedidentities.backups.getIamPolicy managedidentities.backups.list managedidentities.backups.setIamPolicy managedidentities.backups.update managedidentities.domains.createTagBinding managedidentities.domains.deleteTagBinding managedidentities.domains.listTagBindings managedidentities.domains.restore |
Managed Service for Microsoft Active Directory | Supported In Custom Roles |
managedidentities.backups.create managedidentities.backups.delete managedidentities.backups.get managedidentities.backups.getIamPolicy managedidentities.backups.list managedidentities.backups.setIamPolicy managedidentities.backups.update managedidentities.domains.restore |
Managed Service for Microsoft Active Directory | Now GA |
managedidentities.backups.create managedidentities.backups.delete managedidentities.backups.get managedidentities.backups.getIamPolicy managedidentities.backups.list managedidentities.backups.setIamPolicy managedidentities.backups.update managedidentities.domains.createTagBinding managedidentities.domains.deleteTagBinding managedidentities.domains.listTagBindings managedidentities.domains.restore |
Cloud IAM changes as of 2022-02-18
Service | Change | Description |
---|---|---|
Datastore | Role Updated |
The following permissions have been added to the role datastore.databases.getMetadata |
Datastore | Role Updated |
The following permissions have been added to the role datastore.databases.getMetadata |
Datastore | Role Updated |
The following permissions have been added to the role datastore.databases.getMetadata |
Firebase Mods | Role Updated |
The following permissions have been added to the role appengine.applications.get cloudtasks.locations.get cloudtasks.locations.list cloudtasks.queues.create cloudtasks.queues.delete cloudtasks.queues.get cloudtasks.queues.getIamPolicy cloudtasks.queues.list cloudtasks.queues.pause cloudtasks.queues.purge cloudtasks.queues.resume cloudtasks.queues.setIamPolicy cloudtasks.queues.update cloudtasks.tasks.create cloudtasks.tasks.fullView |
GKE Hub | Role Updated |
The following permissions have been added to the role gkehub.fleet.create gkehub.fleet.get |
Binary Authorization | Added |
binaryauthorization.platformPolicies.create binaryauthorization.platformPolicies.delete binaryauthorization.platformPolicies.evaluatePolicy binaryauthorization.platformPolicies.get binaryauthorization.platformPolicies.list binaryauthorization.platformPolicies.replace binaryauthorization.policy.evaluatePolicy |
Binary Authorization | Supported In Custom Roles |
binaryauthorization.platformPolicies.create binaryauthorization.platformPolicies.delete binaryauthorization.platformPolicies.evaluatePolicy binaryauthorization.platformPolicies.get binaryauthorization.platformPolicies.list binaryauthorization.platformPolicies.replace binaryauthorization.policy.evaluatePolicy |
Compute Engine | Added |
compute.networks.getRegionEffectiveFirewalls compute.networks.setFirewallPolicy compute.regionFirewallPolicies.cloneRules compute.regionFirewallPolicies.create compute.regionFirewallPolicies.delete compute.regionFirewallPolicies.get compute.regionFirewallPolicies.getIamPolicy compute.regionFirewallPolicies.list compute.regionFirewallPolicies.setIamPolicy compute.regionFirewallPolicies.update compute.regionFirewallPolicies.use |
Compute Engine | Now GA |
compute.networks.getRegionEffectiveFirewalls compute.networks.setFirewallPolicy compute.regionFirewallPolicies.cloneRules compute.regionFirewallPolicies.create compute.regionFirewallPolicies.delete compute.regionFirewallPolicies.get compute.regionFirewallPolicies.getIamPolicy compute.regionFirewallPolicies.list compute.regionFirewallPolicies.setIamPolicy compute.regionFirewallPolicies.update compute.regionFirewallPolicies.use |
KRM API Hosting | Added |
krmapihosting.krmApiHosts.create krmapihosting.krmApiHosts.delete krmapihosting.krmApiHosts.get krmapihosting.krmApiHosts.getIamPolicy krmapihosting.krmApiHosts.list krmapihosting.krmApiHosts.setIamPolicy krmapihosting.krmApiHosts.update krmapihosting.locations.get krmapihosting.locations.list krmapihosting.operations.cancel krmapihosting.operations.delete krmapihosting.operations.get krmapihosting.operations.list |
KRM API Hosting | Supported In Custom Roles |
krmapihosting.krmApiHosts.create krmapihosting.krmApiHosts.delete krmapihosting.krmApiHosts.get krmapihosting.krmApiHosts.getIamPolicy krmapihosting.krmApiHosts.list krmapihosting.krmApiHosts.setIamPolicy krmapihosting.krmApiHosts.update krmapihosting.locations.get krmapihosting.locations.list krmapihosting.operations.cancel krmapihosting.operations.delete krmapihosting.operations.get krmapihosting.operations.list |
Cloud OS Config | Added |
osconfig.patchDeployments.pause osconfig.patchDeployments.resume |
Cloud OS Config | Now GA |
osconfig.patchDeployments.pause osconfig.patchDeployments.resume |
Service Networking | Added |
servicenetworking.services.use |
Cloud IAM changes as of 2022-02-11
Service | Change | Description |
---|---|---|
AI Platform | Role Added |
The role aiplatform.googleapis.com/tensorboards.recordAccess aiplatform.tensorboards.recordAccess |
AI Platform | Role Updated |
The following permissions have been added to the role aiplatform.tensorboards.recordAccess |
App Engine flexible environment | Role Updated |
The following permissions have been added to the role compute.routes.get compute.subnetworks.get |
Binary Authorization | Role Updated |
The following permissions have been added to the role cloudasset.assets.exportResource |
Firebase | Role Updated |
The following permissions have been added to the role datastore.databases.getMetadata |
Firebase | Role Updated |
The following permissions have been added to the role serviceusage.services.use |
Firebase | Role Updated |
The following permissions have been added to the role datastore.databases.getMetadata |
Notebooks | Role Updated |
The following permissions have been added to the role dataproc.clusters.use |
Recommender | Role Updated |
The following permissions have been added to the role monitoring.timeSeries.list |
Recommender | Role Updated |
The following permissions have been added to the role monitoring.timeSeries.list |
Security Command Center | Now GA |
The role |
Security Command Center | Now GA |
The role |
Visual Inspection AI | Role Updated |
The following permissions have been added to the role aiplatform.tensorboards.recordAccess |
AI Platform | Added |
aiplatform.tensorboards.recordAccess |
Cloud Healthcare API | Added |
healthcare.nlpservice.analyzeEntities |
Cloud Healthcare API | Now GA |
healthcare.nlpservice.analyzeEntities |
Dataproc Metastore | Added |
metastore.services.use |
Dataproc Metastore | Supported In Custom Roles |
metastore.services.use |
Security Command Center | Added |
securitycenter.bigQueryExports.create securitycenter.bigQueryExports.delete securitycenter.bigQueryExports.get securitycenter.bigQueryExports.list securitycenter.bigQueryExports.update |
Security Command Center | Supported In Custom Roles |
securitycenter.bigQueryExports.create securitycenter.bigQueryExports.delete securitycenter.bigQueryExports.get securitycenter.bigQueryExports.list securitycenter.bigQueryExports.update |
Security Command Center | Now GA |
securitycenter.bigQueryExports.create securitycenter.bigQueryExports.delete securitycenter.bigQueryExports.get securitycenter.bigQueryExports.list securitycenter.bigQueryExports.update |
Cloud TPU | Added |
tpu.nodes.update |
Cloud TPU | Supported In Custom Roles |
tpu.nodes.update |
Cloud TPU | Now GA |
tpu.nodes.update |
Cloud IAM changes as of 2022-01-28
Service | Change | Description |
---|---|---|
Cloud Composer | Role Updated |
The following permissions have been added to the role storage.multipartUploads.abort storage.multipartUploads.create storage.multipartUploads.list storage.multipartUploads.listParts |
Cloud Composer | Role Updated |
The following permissions have been added to the role storage.multipartUploads.abort storage.multipartUploads.create storage.multipartUploads.list storage.multipartUploads.listParts |
Dataplex | Now GA |
The role |
Dataprep by Trifacta | Role Updated |
The following permissions have been added to the role storage.multipartUploads.abort storage.multipartUploads.create storage.multipartUploads.list storage.multipartUploads.listParts |
Basic Role | Role Updated |
The following permissions have been added to the role bigquery.config.update |
Firebase | Role Updated |
The following permissions have been added to the role storage.multipartUploads.abort storage.multipartUploads.create storage.multipartUploads.list storage.multipartUploads.listParts |
Notebooks | Role Updated |
The following permissions have been added to the role dataproc.clusters.get dataproc.jobs.cancel dataproc.jobs.create dataproc.jobs.delete dataproc.jobs.get dataproc.jobs.list dataproc.jobs.update |
Cloud Storage | Role Updated |
The following permissions have been added to the role storage.multipartUploads.abort storage.multipartUploads.create storage.multipartUploads.list storage.multipartUploads.listParts |
Data Pipelines | Added |
datapipelines.jobs.list |
Data Pipelines | Supported In Custom Roles |
datapipelines.jobs.list |
Data Pipelines | Now GA |
datapipelines.jobs.list |
Dataproc | Added |
dataproc.batches.cancel dataproc.batches.create dataproc.batches.delete dataproc.batches.get dataproc.batches.list |
Dataproc | Supported In Custom Roles |
dataproc.batches.cancel dataproc.batches.create dataproc.batches.delete dataproc.batches.get dataproc.batches.list |
Dataproc | Now GA |
dataproc.batches.cancel dataproc.batches.create dataproc.batches.delete dataproc.batches.get dataproc.batches.list |
Identity and Access Management | Supported In Custom Roles |
iam.denypolicies.get iam.denypolicies.list |
Dataproc Metastore | Added |
metastore.databases.create metastore.databases.delete metastore.databases.get metastore.databases.getIamPolicy metastore.databases.list metastore.databases.setIamPolicy metastore.databases.update metastore.tables.create metastore.tables.delete metastore.tables.get metastore.tables.getIamPolicy metastore.tables.list metastore.tables.setIamPolicy metastore.tables.update |
Dataproc Metastore | Supported In Custom Roles |
metastore.databases.create metastore.databases.delete metastore.databases.get metastore.databases.getIamPolicy metastore.databases.list metastore.databases.setIamPolicy metastore.databases.update metastore.tables.create metastore.tables.delete metastore.tables.get metastore.tables.getIamPolicy metastore.tables.list metastore.tables.setIamPolicy metastore.tables.update |
Workflows | Added |
workflows.callbacks.send |
Workflows | Supported In Custom Roles |
workflows.callbacks.send |
Workflows | Now GA |
workflows.callbacks.send |
Cloud IAM changes as of 2022-01-14
Service | Change | Description |
---|---|---|
Data Catalog | Now GA |
The role |
Data Catalog | Now GA |
The role |
Dataplex | Now GA |
The role |
Dataplex | Now GA |
The role |
Dataplex | Now GA |
The role |
Dataplex | Now GA |
The role |
Dataplex | Now GA |
The role |
Dataplex | Now GA |
The role |
Dataplex | Now GA |
The role |
Dataplex | Now GA |
The role |
Dataplex | Now GA |
The role |
Dataplex | Now GA |
The role |
Dataplex | Now GA |
The role |
Dataplex | Now GA |
The role |
Dialogflow | Role Updated |
The following permissions have been added to the role speech.customClasses.get speech.customClasses.list speech.phraseSets.get speech.phraseSets.list |
Firebase Mods | Role Updated |
The following permissions have been added to the role artifactregistry.packages.delete |
Cloud OS Config | Now GA |
The role |
Cloud OS Config | Now GA |
The role |
Cloud OS Config | Now GA |
The role |
Cloud OS Config | Now GA |
The role |
Recommender | Now GA |
The role |
Recommender | Now GA |
The role |
Security Command Center | Role Updated |
The following permissions have been added to the role compute.instances.get |
Cloud Functions | Added |
cloudfunctions.runtimes.list |
Cloud Functions | Now GA |
cloudfunctions.runtimes.list |
Cloud Key Management Service | Added |
cloudkms.ekmConnections.create cloudkms.ekmConnections.get cloudkms.ekmConnections.getIamPolicy cloudkms.ekmConnections.list cloudkms.ekmConnections.setIamPolicy cloudkms.ekmConnections.update cloudkms.ekmConnections.use |
Data Catalog | Supported In Custom Roles |
datacatalog.categories.fineGrainedGet datacatalog.categories.getIamPolicy datacatalog.categories.setIamPolicy datacatalog.taxonomies.create datacatalog.taxonomies.delete datacatalog.taxonomies.get datacatalog.taxonomies.getIamPolicy datacatalog.taxonomies.list datacatalog.taxonomies.setIamPolicy datacatalog.taxonomies.update |
Data Catalog | Now GA |
datacatalog.categories.fineGrainedGet datacatalog.categories.getIamPolicy datacatalog.categories.setIamPolicy datacatalog.taxonomies.create datacatalog.taxonomies.delete datacatalog.taxonomies.get datacatalog.taxonomies.getIamPolicy datacatalog.taxonomies.list datacatalog.taxonomies.setIamPolicy datacatalog.taxonomies.update |
Dataflow | Supported In Custom Roles |
dataflow.shuffle.read dataflow.shuffle.write dataflow.streamingWorkItems.commitWork dataflow.streamingWorkItems.getData dataflow.streamingWorkItems.getWork dataflow.workItems.lease dataflow.workItems.sendMessage dataflow.workItems.update |
Dataflow | Now GA |
dataflow.shuffle.read dataflow.shuffle.write dataflow.streamingWorkItems.commitWork dataflow.streamingWorkItems.getData dataflow.streamingWorkItems.getWork dataflow.workItems.lease dataflow.workItems.sendMessage dataflow.workItems.update |
Dataplex | Added |
dataplex.assetActions.list dataplex.assets.create dataplex.assets.delete dataplex.assets.get dataplex.assets.getIamPolicy dataplex.assets.list dataplex.assets.ownData dataplex.assets.readData dataplex.assets.setIamPolicy dataplex.assets.update dataplex.assets.writeData dataplex.content.create dataplex.content.delete dataplex.content.get dataplex.content.getIamPolicy dataplex.content.list dataplex.content.setIamPolicy dataplex.content.update dataplex.entities.create dataplex.entities.delete dataplex.entities.get dataplex.entities.list dataplex.entities.update dataplex.environments.create dataplex.environments.delete dataplex.environments.execute dataplex.environments.get dataplex.environments.getIamPolicy dataplex.environments.list dataplex.environments.setIamPolicy dataplex.environments.update dataplex.lakeActions.list dataplex.lakes.create dataplex.lakes.delete dataplex.lakes.get dataplex.lakes.getIamPolicy dataplex.lakes.list dataplex.lakes.setIamPolicy dataplex.lakes.update dataplex.locations.get dataplex.locations.list dataplex.operations.cancel dataplex.operations.delete dataplex.operations.get dataplex.operations.list dataplex.partitions.create dataplex.partitions.delete dataplex.partitions.get dataplex.partitions.list dataplex.partitions.update dataplex.tasks.cancel dataplex.tasks.create dataplex.tasks.delete dataplex.tasks.get dataplex.tasks.getIamPolicy dataplex.tasks.list dataplex.tasks.setIamPolicy dataplex.tasks.update dataplex.zoneActions.list dataplex.zones.create dataplex.zones.delete dataplex.zones.get dataplex.zones.getIamPolicy dataplex.zones.list dataplex.zones.setIamPolicy dataplex.zones.update |
Dataplex | Supported In Custom Roles |
dataplex.assetActions.list dataplex.assets.create dataplex.assets.delete dataplex.assets.get dataplex.assets.getIamPolicy dataplex.assets.list dataplex.assets.setIamPolicy dataplex.assets.update dataplex.content.create dataplex.content.delete dataplex.content.get dataplex.content.getIamPolicy dataplex.content.list dataplex.content.setIamPolicy dataplex.content.update dataplex.entities.create dataplex.entities.delete dataplex.entities.get dataplex.entities.list dataplex.entities.update dataplex.environments.create dataplex.environments.delete dataplex.environments.execute dataplex.environments.get dataplex.environments.getIamPolicy dataplex.environments.list dataplex.environments.setIamPolicy dataplex.environments.update dataplex.lakeActions.list dataplex.lakes.create dataplex.lakes.delete dataplex.lakes.get dataplex.lakes.getIamPolicy dataplex.lakes.list dataplex.lakes.setIamPolicy dataplex.lakes.update dataplex.locations.get dataplex.locations.list dataplex.operations.cancel dataplex.operations.delete dataplex.operations.get dataplex.operations.list dataplex.partitions.create dataplex.partitions.delete dataplex.partitions.get dataplex.partitions.list dataplex.partitions.update dataplex.tasks.cancel dataplex.tasks.create dataplex.tasks.delete dataplex.tasks.get dataplex.tasks.getIamPolicy dataplex.tasks.list dataplex.tasks.setIamPolicy dataplex.tasks.update dataplex.zoneActions.list dataplex.zones.create dataplex.zones.delete dataplex.zones.get dataplex.zones.getIamPolicy dataplex.zones.list dataplex.zones.setIamPolicy dataplex.zones.update |
Dataplex | Now GA |
dataplex.assetActions.list dataplex.assets.create dataplex.assets.delete dataplex.assets.get dataplex.assets.getIamPolicy dataplex.assets.list dataplex.assets.ownData dataplex.assets.readData dataplex.assets.setIamPolicy dataplex.assets.update dataplex.assets.writeData dataplex.content.create dataplex.content.delete dataplex.content.get dataplex.content.getIamPolicy dataplex.content.list dataplex.content.setIamPolicy dataplex.content.update dataplex.entities.create dataplex.entities.delete dataplex.entities.get dataplex.entities.list dataplex.entities.update dataplex.environments.create dataplex.environments.delete dataplex.environments.execute dataplex.environments.get dataplex.environments.getIamPolicy dataplex.environments.list dataplex.environments.setIamPolicy dataplex.environments.update dataplex.lakeActions.list dataplex.lakes.create dataplex.lakes.delete dataplex.lakes.get dataplex.lakes.getIamPolicy dataplex.lakes.list dataplex.lakes.setIamPolicy dataplex.lakes.update dataplex.locations.get dataplex.locations.list dataplex.operations.cancel dataplex.operations.delete dataplex.operations.get dataplex.operations.list dataplex.partitions.create dataplex.partitions.delete dataplex.partitions.get dataplex.partitions.list dataplex.partitions.update dataplex.tasks.cancel dataplex.tasks.create dataplex.tasks.delete dataplex.tasks.get dataplex.tasks.getIamPolicy dataplex.tasks.list dataplex.tasks.setIamPolicy dataplex.tasks.update dataplex.zoneActions.list dataplex.zones.create dataplex.zones.delete dataplex.zones.get dataplex.zones.getIamPolicy dataplex.zones.list dataplex.zones.setIamPolicy dataplex.zones.update |
Eventarc | Added |
eventarc.events.receiveEvent |
Eventarc | Now GA |
eventarc.events.receiveEvent |
Cloud OS Config | Now GA |
osconfig.osPolicyAssignmentReports.get osconfig.osPolicyAssignmentReports.list osconfig.osPolicyAssignments.create osconfig.osPolicyAssignments.delete osconfig.osPolicyAssignments.get osconfig.osPolicyAssignments.list osconfig.osPolicyAssignments.update |
Recommender | Now GA |
recommender.resourcemanagerProjectUtilizationInsights.get recommender.resourcemanagerProjectUtilizationInsights.list recommender.resourcemanagerProjectUtilizationInsights.update recommender.resourcemanagerProjectUtilizationRecommendations.get recommender.resourcemanagerProjectUtilizationRecommendations.list recommender.resourcemanagerProjectUtilizationRecommendations.update |
Security Command Center | Added |
securitycenter.virtualmachinethreatdetectionsettings.calculate securitycenter.virtualmachinethreatdetectionsettings.get securitycenter.virtualmachinethreatdetectionsettings.update |
Security Command Center | Supported In Custom Roles |
securitycenter.virtualmachinethreatdetectionsettings.calculate securitycenter.virtualmachinethreatdetectionsettings.get securitycenter.virtualmachinethreatdetectionsettings.update |
Security Command Center | Now GA |
securitycenter.virtualmachinethreatdetectionsettings.calculate securitycenter.virtualmachinethreatdetectionsettings.get securitycenter.virtualmachinethreatdetectionsettings.update |