This page describes changes to the public Identity and Access Management (IAM) permissions for all Generally Available (GA) and Preview services on Google Cloud. This change log can help you maintain and troubleshoot your custom roles.
When a permission is retired or is no longer supported in custom roles, IAM automatically removes the permission from your custom roles. In contrast, when a permission is added, IAM does not automatically add the permission to your custom roles.
For changes that occurred before 2022, see Archived permissions change log.
You can see the latest product updates for all of Google Cloud on the Google Cloud page, browse and filter all release notes in the Google Cloud console, or you can programmatically access release notes in BigQuery.
To get the latest product updates delivered to you, add the URL of this page to your
feed
reader, or add the feed URL directly: https://cloud.google.com/feeds/cloud-iam-permissions-change-log.xml
Upcoming Cloud IAM changes for the week of 2022-08-08
| Service | Change | Description |
|---|---|---|
| AI Platform | Role Updated |
The following permissions have been added to the role bigquery.models.createbigquery.models.getDatabigquery.readsessions.getData |
| Connectors | Now GA |
The role |
| Firebase App Check | Role Updated |
The following permissions have been added to the role serviceusage.services.use |
| Cloud Integrations | Role Updated |
The following permissions have been added to the role connectors.actions.executeconnectors.actions.listconnectors.connections.executeSqlQueryconnectors.entities.createconnectors.entities.deleteconnectors.entities.deleteEntitiesWithConditionsconnectors.entities.getconnectors.entities.listconnectors.entities.updateconnectors.entities.updateEntitiesWithConditionsconnectors.entityTypes.listintegrations.apigeeSuspensions.liftintegrations.authConfigs.createintegrations.authConfigs.deleteintegrations.authConfigs.getintegrations.authConfigs.listintegrations.authConfigs.updateintegrations.certificates.createintegrations.certificates.deleteintegrations.certificates.getintegrations.certificates.listintegrations.certificates.updateintegrations.executions.listintegrations.integrationVersions.createintegrations.integrationVersions.deleteintegrations.integrationVersions.deployintegrations.integrationVersions.getintegrations.integrationVersions.listintegrations.integrationVersions.updateintegrations.integrations.createintegrations.integrations.deleteintegrations.integrations.deployintegrations.integrations.getintegrations.integrations.listintegrations.integrations.updateintegrations.sfdcChannels.createintegrations.sfdcChannels.deleteintegrations.sfdcChannels.getintegrations.sfdcChannels.listintegrations.sfdcChannels.updateintegrations.sfdcInstances.createintegrations.sfdcInstances.deleteintegrations.sfdcInstances.getintegrations.sfdcInstances.listintegrations.sfdcInstances.updateintegrations.suspensions.liftintegrations.suspensions.listintegrations.suspensions.resolvepubsub.schemas.attachpubsub.schemas.createpubsub.schemas.deletepubsub.schemas.getpubsub.schemas.listpubsub.schemas.validatepubsub.snapshots.getpubsub.snapshots.listpubsub.snapshots.seekpubsub.topics.attachSubscriptionpubsub.topics.getpubsub.topics.listpubsub.topics.publishresourcemanager.projects.getresourcemanager.projects.listserviceusage.quotas.getserviceusage.services.getserviceusage.services.list |
| Google Cloud Migration Center | Now GA |
The role |
| Cloud Bigtable | Added |
bigtable.instances.createTagBindingbigtable.instances.deleteTagBindingbigtable.instances.listEffectiveTagsbigtable.instances.listTagBindings |
| Cloud Bigtable | Now GA |
bigtable.instances.createTagBindingbigtable.instances.deleteTagBindingbigtable.instances.listEffectiveTagsbigtable.instances.listTagBindings |
| Connectors | Added |
connectors.actions.executeconnectors.actions.listconnectors.connections.executeSqlQueryconnectors.entities.createconnectors.entities.deleteconnectors.entities.deleteEntitiesWithConditionsconnectors.entities.getconnectors.entities.listconnectors.entities.updateconnectors.entities.updateEntitiesWithConditionsconnectors.entityTypes.list |
| Connectors | Supported In Custom Roles |
connectors.actions.executeconnectors.actions.listconnectors.connections.executeSqlQueryconnectors.entities.createconnectors.entities.deleteconnectors.entities.deleteEntitiesWithConditionsconnectors.entities.getconnectors.entities.listconnectors.entities.updateconnectors.entities.updateEntitiesWithConditionsconnectors.entityTypes.list |
| Connectors | Now GA |
connectors.actions.executeconnectors.actions.listconnectors.connections.executeSqlQueryconnectors.entities.createconnectors.entities.deleteconnectors.entities.deleteEntitiesWithConditionsconnectors.entities.getconnectors.entities.listconnectors.entities.updateconnectors.entities.updateEntitiesWithConditionsconnectors.entityTypes.list |
| Google Cloud Migration Center | Added |
migrationcenter.assets.createmigrationcenter.assets.deletemigrationcenter.assets.getmigrationcenter.assets.listmigrationcenter.assets.reportFramesmigrationcenter.assets.updatemigrationcenter.groups.createmigrationcenter.groups.deletemigrationcenter.groups.getmigrationcenter.groups.listmigrationcenter.groups.updatemigrationcenter.importJobs.createmigrationcenter.importJobs.deletemigrationcenter.importJobs.getmigrationcenter.importJobs.listmigrationcenter.importJobs.updatemigrationcenter.locations.getmigrationcenter.locations.listmigrationcenter.operations.cancelmigrationcenter.operations.deletemigrationcenter.operations.getmigrationcenter.operations.listmigrationcenter.sources.createmigrationcenter.sources.deletemigrationcenter.sources.getmigrationcenter.sources.listmigrationcenter.sources.update |
| Google Cloud Migration Center | Supported In Custom Roles |
migrationcenter.assets.createmigrationcenter.assets.deletemigrationcenter.assets.getmigrationcenter.assets.listmigrationcenter.assets.reportFramesmigrationcenter.assets.updatemigrationcenter.groups.createmigrationcenter.groups.deletemigrationcenter.groups.getmigrationcenter.groups.listmigrationcenter.groups.updatemigrationcenter.importJobs.createmigrationcenter.importJobs.deletemigrationcenter.importJobs.getmigrationcenter.importJobs.listmigrationcenter.importJobs.updatemigrationcenter.locations.getmigrationcenter.locations.listmigrationcenter.operations.cancelmigrationcenter.operations.deletemigrationcenter.operations.getmigrationcenter.operations.listmigrationcenter.sources.createmigrationcenter.sources.deletemigrationcenter.sources.getmigrationcenter.sources.listmigrationcenter.sources.update |
| Retail API | Now GA |
retail.attributesConfigs.addCatalogAttributeretail.attributesConfigs.getretail.attributesConfigs.removeCatalogAttributeretail.attributesConfigs.replaceCatalogAttributeretail.attributesConfigs.update |
Cloud IAM changes as of 2022-08-05
| Service | Change | Description |
|---|---|---|
| Artifact Registry | Role Updated |
The following permissions have been added to the role artifactregistry.versions.delete |
| Backup and Disaster Recovery | Now GA |
The role |
| Backup and Disaster Recovery | Now GA |
The role |
| Backup and Disaster Recovery | Now GA |
The role |
| Multi Cluster Ingress | Role Updated |
The following permissions have been added to the role container.customResourceDefinitions.list |
| Backup and Disaster Recovery | Added |
backupdr.locations.getbackupdr.locations.listbackupdr.managementServers.backupAccessbackupdr.managementServers.createbackupdr.managementServers.deletebackupdr.managementServers.getbackupdr.managementServers.getIamPolicybackupdr.managementServers.listbackupdr.managementServers.manageInternalACLbackupdr.managementServers.setIamPolicybackupdr.operations.cancelbackupdr.operations.deletebackupdr.operations.getbackupdr.operations.list |
| Backup and Disaster Recovery | Supported In Custom Roles |
backupdr.locations.getbackupdr.locations.listbackupdr.managementServers.backupAccessbackupdr.managementServers.createbackupdr.managementServers.deletebackupdr.managementServers.getbackupdr.managementServers.getIamPolicybackupdr.managementServers.listbackupdr.managementServers.manageInternalACLbackupdr.managementServers.setIamPolicybackupdr.operations.cancelbackupdr.operations.deletebackupdr.operations.getbackupdr.operations.list |
| Backup and Disaster Recovery | Now GA |
backupdr.locations.getbackupdr.locations.listbackupdr.managementServers.backupAccessbackupdr.managementServers.createbackupdr.managementServers.deletebackupdr.managementServers.getbackupdr.managementServers.getIamPolicybackupdr.managementServers.listbackupdr.managementServers.manageInternalACLbackupdr.managementServers.setIamPolicybackupdr.operations.cancelbackupdr.operations.deletebackupdr.operations.getbackupdr.operations.list |
| Commerce Offer Catalog | Added |
commerceoffercatalog.documents.get |
| Cloud Commerce Consumer Procurement | Added |
consumerprocurement.consents.checkconsumerprocurement.consents.grantconsumerprocurement.consents.listconsumerprocurement.consents.revoke |
| Maps Admin | Added |
mapsadmin.styleSnapshots.listmapsadmin.styleSnapshots.update |
| Maps Admin | Now GA |
mapsadmin.styleSnapshots.listmapsadmin.styleSnapshots.update |
Cloud IAM changes as of 2022-07-29
| Service | Change | Description |
|---|---|---|
| Network Management API | Role Updated |
The following permissions have been added to the role resourcemanager.organizations.get |
| Network Management API | Role Updated |
The following permissions have been added to the role resourcemanager.organizations.get |
| Cloud Run | Role Updated |
The following permissions have been added to the role compute.networks.get |
| Cloud Run | Role Updated |
The following permissions have been added to the role compute.networks.get |
| Assured Workloads | Added |
assuredworkloads.violations.update |
| Assured Workloads | Supported In Custom Roles |
assuredworkloads.violations.update |
| Assured Workloads | Now GA |
assuredworkloads.violations.update |
| Cloud Asset Inventory | Added |
cloudasset.assets.exportOSInventories |
| Cloud Asset Inventory | Supported In Custom Roles |
cloudasset.assets.exportOSInventories |
| Cloud Asset Inventory | Now GA |
cloudasset.assets.exportOSInventories |
| Translation | Added |
cloudtranslate.glossaries.updatecloudtranslate.glossaryentries.createcloudtranslate.glossaryentries.deletecloudtranslate.glossaryentries.getcloudtranslate.glossaryentries.listcloudtranslate.glossaryentries.update |
| Translation | Supported In Custom Roles |
cloudtranslate.glossaries.update |
| Translation | Now GA |
cloudtranslate.glossaries.updatecloudtranslate.glossaryentries.createcloudtranslate.glossaryentries.deletecloudtranslate.glossaryentries.getcloudtranslate.glossaryentries.listcloudtranslate.glossaryentries.update |
| Compute Engine | Added |
compute.regionTargetHttpsProxies.updatecompute.targetHttpsProxies.update |
| Compute Engine | Now GA |
compute.regionTargetHttpsProxies.updatecompute.targetHttpsProxies.update |
| Timeseries Insights | Added |
timeseriesinsights.locations.gettimeseriesinsights.locations.list |
| Timeseries Insights | Supported In Custom Roles |
timeseriesinsights.locations.gettimeseriesinsights.locations.list |
Cloud IAM changes as of 2022-07-22
| Service | Change | Description |
|---|---|---|
| Cloud Billing | Role Updated |
The following permissions have been added to the role cloudsupport.properties.getcloudsupport.techCases.createcloudsupport.techCases.escalatecloudsupport.techCases.getcloudsupport.techCases.listcloudsupport.techCases.updateresourcemanager.projects.getresourcemanager.projects.list |
| Workload Certificate | Role Updated |
The following permissions have been added to the role container.customResourceDefinitions.createcontainer.customResourceDefinitions.getcontainer.customResourceDefinitions.list |
| Bare Metal Solution | Added |
baremetalsolution.volumes.resize |
| Bare Metal Solution | Supported In Custom Roles |
baremetalsolution.volumes.resize |
| Bare Metal Solution | Now GA |
baremetalsolution.volumes.resize |
| Eventarc | Added |
eventarc.channels.attacheventarc.googleChannelConfigs.geteventarc.googleChannelConfigs.update |
| Eventarc | Supported In Custom Roles |
eventarc.channels.attacheventarc.googleChannelConfigs.geteventarc.googleChannelConfigs.update |
| Firebase Realtime Database | Added |
firebasedatabase.instances.deletefirebasedatabase.instances.disablefirebasedatabase.instances.reenablefirebasedatabase.instances.undelete |
| Firebase Realtime Database | Supported In Custom Roles |
firebasedatabase.instances.deletefirebasedatabase.instances.disablefirebasedatabase.instances.reenablefirebasedatabase.instances.undelete |
| Firebase Realtime Database | Now GA |
firebasedatabase.instances.deletefirebasedatabase.instances.disablefirebasedatabase.instances.reenablefirebasedatabase.instances.undelete |
| Retail API | Added |
retail.servingConfigs.predictretail.servingConfigs.search |
Cloud IAM changes as of 2022-07-15
| Service | Change | Description |
|---|---|---|
| AI Platform | Role Updated |
The following permissions have been added to the role aiplatform.entityTypes.getIamPolicyaiplatform.entityTypes.setIamPolicyaiplatform.featurestores.getIamPolicyaiplatform.featurestores.setIamPolicy |
| Google Kubernetes Engine | Now GA |
The role |
| Eventarc | Role Updated |
The following permissions have been added to the role cloudfunctions.functions.get |
| Identity-Aware Proxy | Now GA |
The role |
| Identity-Aware Proxy | Now GA |
The role |
| Cloud Integrations | Now GA |
The role |
| Cloud Integrations | Now GA |
The role |
| Cloud Integrations | Now GA |
The role |
| Cloud Integrations | Now GA |
The role |
| Cloud Integrations | Now GA |
The role |
| Cloud Integrations | Now GA |
The role |
| Cloud Integrations | Now GA |
The role |
| Cloud Integrations | Now GA |
The role |
| Cloud Integrations | Now GA |
The role |
| Cloud Integrations | Now GA |
The role |
| Anthos Service Mesh control plane | Role Updated |
The following permissions have been added to the role container.clusters.update |
| Visual Inspection AI | Role Updated |
The following permissions have been added to the role aiplatform.entityTypes.getIamPolicyaiplatform.entityTypes.setIamPolicyaiplatform.featurestores.getIamPolicyaiplatform.featurestores.setIamPolicy |
| AI Platform | Added |
aiplatform.entityTypes.deleteFeatureValues |
| BeyondCorp Enterprise | Added |
beyondcorp.appConnections.createbeyondcorp.appConnections.deletebeyondcorp.appConnections.getbeyondcorp.appConnections.getIamPolicybeyondcorp.appConnections.listbeyondcorp.appConnections.setIamPolicybeyondcorp.appConnections.updatebeyondcorp.appConnectors.createbeyondcorp.appConnectors.deletebeyondcorp.appConnectors.getbeyondcorp.appConnectors.getIamPolicybeyondcorp.appConnectors.listbeyondcorp.appConnectors.reportStatusbeyondcorp.appConnectors.setIamPolicybeyondcorp.appConnectors.updatebeyondcorp.appGateways.createbeyondcorp.appGateways.deletebeyondcorp.appGateways.getbeyondcorp.appGateways.getIamPolicybeyondcorp.appGateways.listbeyondcorp.appGateways.setIamPolicybeyondcorp.appGateways.updatebeyondcorp.clientConnectorServices.accessbeyondcorp.clientConnectorServices.createbeyondcorp.clientConnectorServices.deletebeyondcorp.clientConnectorServices.getbeyondcorp.clientConnectorServices.getIamPolicybeyondcorp.clientConnectorServices.listbeyondcorp.clientConnectorServices.setIamPolicybeyondcorp.clientConnectorServices.updatebeyondcorp.clientGateways.createbeyondcorp.clientGateways.deletebeyondcorp.clientGateways.getbeyondcorp.clientGateways.getIamPolicybeyondcorp.clientGateways.listbeyondcorp.clientGateways.setIamPolicybeyondcorp.locations.getbeyondcorp.locations.listbeyondcorp.operations.cancelbeyondcorp.operations.deletebeyondcorp.operations.getbeyondcorp.operations.list |
| BeyondCorp Enterprise | Supported In Custom Roles |
beyondcorp.appConnections.createbeyondcorp.appConnections.deletebeyondcorp.appConnections.getbeyondcorp.appConnections.getIamPolicybeyondcorp.appConnections.listbeyondcorp.appConnections.setIamPolicybeyondcorp.appConnections.updatebeyondcorp.appConnectors.createbeyondcorp.appConnectors.deletebeyondcorp.appConnectors.getbeyondcorp.appConnectors.getIamPolicybeyondcorp.appConnectors.listbeyondcorp.appConnectors.reportStatusbeyondcorp.appConnectors.setIamPolicybeyondcorp.appConnectors.updatebeyondcorp.appGateways.createbeyondcorp.appGateways.deletebeyondcorp.appGateways.getbeyondcorp.appGateways.getIamPolicybeyondcorp.appGateways.listbeyondcorp.appGateways.setIamPolicybeyondcorp.appGateways.updatebeyondcorp.clientConnectorServices.accessbeyondcorp.clientConnectorServices.createbeyondcorp.clientConnectorServices.deletebeyondcorp.clientConnectorServices.getbeyondcorp.clientConnectorServices.getIamPolicybeyondcorp.clientConnectorServices.listbeyondcorp.clientConnectorServices.setIamPolicybeyondcorp.clientConnectorServices.updatebeyondcorp.clientGateways.createbeyondcorp.clientGateways.deletebeyondcorp.clientGateways.getbeyondcorp.clientGateways.getIamPolicybeyondcorp.clientGateways.listbeyondcorp.clientGateways.setIamPolicybeyondcorp.locations.getbeyondcorp.locations.listbeyondcorp.operations.cancelbeyondcorp.operations.deletebeyondcorp.operations.getbeyondcorp.operations.list |
| Identity-Aware Proxy | Now GA |
iap.tunnelDestGroups.accessViaIAPiap.tunnelDestGroups.createiap.tunnelDestGroups.deleteiap.tunnelDestGroups.getiap.tunnelDestGroups.getIamPolicyiap.tunnelDestGroups.listiap.tunnelDestGroups.setIamPolicyiap.tunnelDestGroups.updateiap.tunnelLocations.getIamPolicyiap.tunnelLocations.setIamPolicy |
| Cloud Integrations | Added |
integrations.authConfigs.createintegrations.authConfigs.deleteintegrations.authConfigs.getintegrations.authConfigs.listintegrations.authConfigs.updateintegrations.certificates.createintegrations.certificates.deleteintegrations.certificates.getintegrations.certificates.listintegrations.certificates.updateintegrations.executions.listintegrations.integrationVersions.createintegrations.integrationVersions.deleteintegrations.integrationVersions.deployintegrations.integrationVersions.getintegrations.integrationVersions.invokeintegrations.integrationVersions.listintegrations.integrationVersions.updateintegrations.integrations.createintegrations.integrations.deleteintegrations.integrations.deployintegrations.integrations.getintegrations.integrations.invokeintegrations.integrations.listintegrations.integrations.updateintegrations.sfdcChannels.createintegrations.sfdcChannels.deleteintegrations.sfdcChannels.getintegrations.sfdcChannels.listintegrations.sfdcChannels.updateintegrations.sfdcInstances.createintegrations.sfdcInstances.deleteintegrations.sfdcInstances.getintegrations.sfdcInstances.listintegrations.sfdcInstances.updateintegrations.suspensions.liftintegrations.suspensions.listintegrations.suspensions.resolve |
| Cloud Integrations | Now GA |
integrations.authConfigs.createintegrations.authConfigs.deleteintegrations.authConfigs.getintegrations.authConfigs.listintegrations.authConfigs.updateintegrations.certificates.createintegrations.certificates.deleteintegrations.certificates.getintegrations.certificates.listintegrations.certificates.updateintegrations.executions.listintegrations.integrationVersions.createintegrations.integrationVersions.deleteintegrations.integrationVersions.deployintegrations.integrationVersions.getintegrations.integrationVersions.invokeintegrations.integrationVersions.listintegrations.integrationVersions.updateintegrations.integrations.createintegrations.integrations.deleteintegrations.integrations.deployintegrations.integrations.getintegrations.integrations.invokeintegrations.integrations.listintegrations.integrations.updateintegrations.sfdcChannels.createintegrations.sfdcChannels.deleteintegrations.sfdcChannels.getintegrations.sfdcChannels.listintegrations.sfdcChannels.updateintegrations.sfdcInstances.createintegrations.sfdcInstances.deleteintegrations.sfdcInstances.getintegrations.sfdcInstances.listintegrations.sfdcInstances.updateintegrations.suspensions.liftintegrations.suspensions.listintegrations.suspensions.resolve |
| Secured Landing Zone | Added |
securedlandingzone.operations.getsecuredlandingzone.overwatches.activatesecuredlandingzone.overwatches.createsecuredlandingzone.overwatches.deletesecuredlandingzone.overwatches.getsecuredlandingzone.overwatches.listsecuredlandingzone.overwatches.suspendsecuredlandingzone.overwatches.update |
| Secured Landing Zone | Supported In Custom Roles |
securedlandingzone.overwatches.activatesecuredlandingzone.overwatches.suspend |
Cloud IAM changes as of 2022-06-24
| Service | Change | Description |
|---|---|---|
| Anthos Config Management | Role Updated |
The following permissions have been added to the role container.clusters.get |
| Batch API | Now GA |
The role |
| Firebase Test Lab | Role Updated |
The following permissions have been added to the role storage.objects.delete |
| Apigee | Added |
apigee.securityProfileEnvironments.computeScoreapigee.securityProfileEnvironments.createapigee.securityProfileEnvironments.deleteapigee.securityProfiles.getapigee.securityProfiles.listapigee.securityStats.queryTabularStatsapigee.securityStats.queryTimeSeriesStats |
| Apigee | Now GA |
apigee.securityProfileEnvironments.computeScoreapigee.securityProfileEnvironments.createapigee.securityProfileEnvironments.deleteapigee.securityProfiles.getapigee.securityProfiles.listapigee.securityStats.queryTabularStatsapigee.securityStats.queryTimeSeriesStats |
Cloud IAM changes as of 2022-06-17
| Service | Change | Description |
|---|---|---|
| Care Studio | Now GA |
The role |
| Translation | Role Updated |
The following permissions have been added to the role automl.datasets.exportautoml.datasets.getautoml.datasets.listautoml.models.getautoml.models.listautoml.operations.get |
| Cloud Composer | Role Updated |
The following permissions have been added to the role resourcemanager.projects.getIamPolicy |
| Google Kubernetes Engine | Role Updated |
The following permissions have been added to the role dns.managedZones.getIamPolicydns.policies.getIamPolicy |
| Dialogflow | Role Updated |
The following permissions have been added to the role pubsub.snapshots.seekpubsub.subscriptions.consumepubsub.topics.attachSubscription |
| Cloud DNS | Role Updated |
The following permissions have been added to the role dns.managedZones.getIamPolicydns.policies.getIamPolicy |
| Document AI | Role Updated |
The following permissions have been added to the role documentai.humanReviewConfigs.review |
| Basic Role | Role Updated |
The following permissions have been added to the role dns.managedZones.getIamPolicydns.policies.getIamPolicy |
| Cloud Integrations | Role Updated |
The following permissions have been added to the role pubsub.snapshots.createpubsub.snapshots.deletepubsub.snapshots.updatepubsub.topics.createpubsub.topics.deletepubsub.topics.detachSubscriptionpubsub.topics.updatepubsub.topics.updateTag |
| Service Networking | Role Updated |
The following permissions have been added to the role dns.managedZones.getIamPolicydns.policies.getIamPolicy |
| Basic Role | Role Updated |
The following permissions have been added to the role dns.managedZones.getIamPolicydns.policies.getIamPolicy |
| Basic Role | Role Updated |
The following permissions have been removed from the role apigee.archivedeployments.upload |
| Bare Metal Solution | Added |
baremetalsolution.instancequotas.listbaremetalsolution.networkquotas.listbaremetalsolution.volumequotas.list |
| Bare Metal Solution | Supported In Custom Roles |
baremetalsolution.instancequotas.listbaremetalsolution.networkquotas.listbaremetalsolution.volumequotas.list |
| Bare Metal Solution | Now GA |
baremetalsolution.instancequotas.listbaremetalsolution.networkquotas.listbaremetalsolution.volumequotas.list |
| Batch API | Added |
batch.jobs.createbatch.jobs.deletebatch.jobs.getbatch.jobs.listbatch.locations.getbatch.locations.listbatch.operations.getbatch.operations.listbatch.states.reportbatch.tasks.getbatch.tasks.list |
| Batch API | Supported In Custom Roles |
batch.jobs.createbatch.jobs.deletebatch.jobs.getbatch.jobs.listbatch.locations.getbatch.locations.listbatch.operations.getbatch.operations.listbatch.states.reportbatch.tasks.getbatch.tasks.list |
| BigQuery | Supported In Custom Roles |
bigquery.dataPolicies.createbigquery.dataPolicies.deletebigquery.dataPolicies.getbigquery.dataPolicies.getIamPolicybigquery.dataPolicies.listbigquery.dataPolicies.maskedGetbigquery.dataPolicies.setIamPolicybigquery.dataPolicies.update |
| Cloud Bigtable | Added |
bigtable.tables.undelete |
| Cloud Bigtable | Now GA |
bigtable.tables.undelete |
| Care Studio | Now GA |
carestudio.patients.getcarestudio.patients.list |
| Cloud Integrations | Added |
integrations.apigeeSuspensions.lift |
| Cloud Integrations | Now GA |
integrations.apigeeSuspensions.lift |
| Service Networking | Added |
servicenetworking.services.createPeeredDnsDomainservicenetworking.services.deletePeeredDnsDomainservicenetworking.services.listPeeredDnsDomains |
| Service Networking | Supported In Custom Roles |
servicenetworking.services.createPeeredDnsDomainservicenetworking.services.deletePeeredDnsDomainservicenetworking.services.listPeeredDnsDomains |
| Timeseries Insights | Added |
timeseriesinsights.datasets.createtimeseriesinsights.datasets.deletetimeseriesinsights.datasets.evaluatetimeseriesinsights.datasets.listtimeseriesinsights.datasets.querytimeseriesinsights.datasets.update |
Cloud IAM changes as of 2022-06-10
| Service | Change | Description |
|---|---|---|
| App Engine | Role Updated |
The following permissions have been added to the role appengine.memcache.addKeyappengine.memcache.flushappengine.memcache.getappengine.memcache.update |
| Cloud Composer | Role Updated |
The following permissions have been added to the role appengine.memcache.addKeyappengine.memcache.flushappengine.memcache.getappengine.memcache.update |
| Compute Engine | Role Updated |
The following permissions have been added to the role storage.objects.createstorage.objects.getstorage.objects.liststorage.objects.update |
| Dataplex | Role Updated |
The following permissions have been added to the role cloudasset.assets.analyzeIamPolicycloudasset.assets.searchAllIamPoliciescloudasset.assets.searchAllResources |
| Dataplex | Role Updated |
The following permissions have been added to the role cloudasset.assets.analyzeIamPolicy |
| Dataplex | Role Updated |
The following permissions have been added to the role cloudasset.assets.analyzeIamPolicy |
| Cloud Integrations | Now GA |
The role |
| Dataproc Metastore | Now GA |
The role |
| Resource Manager | Now GA |
The role |
| Resource Manager | Now GA |
The role |
| Resource Manager | Now GA |
The role |
| Resource Manager | Now GA |
The role |
| Access Approval | Added |
accessapproval.requests.invalidate |
| Access Approval | Supported In Custom Roles |
accessapproval.requests.invalidate |
| AlloyDB for PostgreSQL | Added |
alloydb.backups.createalloydb.backups.deletealloydb.backups.getalloydb.backups.listalloydb.backups.updatealloydb.clusters.createalloydb.clusters.deletealloydb.clusters.generateClientCertificatealloydb.clusters.getalloydb.clusters.listalloydb.clusters.updatealloydb.instances.connectalloydb.instances.createalloydb.instances.deletealloydb.instances.failoveralloydb.instances.getalloydb.instances.listalloydb.instances.restartalloydb.instances.updatealloydb.locations.getalloydb.locations.listalloydb.operations.cancelalloydb.operations.deletealloydb.operations.getalloydb.operations.listalloydb.supportedDatabaseFlags.getalloydb.supportedDatabaseFlags.list |
| Artifact Registry | Added |
artifactregistry.mavenartifacts.getartifactregistry.mavenartifacts.listartifactregistry.npmpackages.getartifactregistry.npmpackages.listartifactregistry.pythonpackages.getartifactregistry.pythonpackages.list |
| Artifact Registry | Now GA |
artifactregistry.mavenartifacts.getartifactregistry.mavenartifacts.listartifactregistry.npmpackages.getartifactregistry.npmpackages.listartifactregistry.pythonpackages.getartifactregistry.pythonpackages.list |
| AutoML | Added |
automl.files.deleteautoml.files.list |
| Bare Metal Solution | Added |
baremetalsolution.instances.attachVolumebaremetalsolution.instances.detachVolume |
| Bare Metal Solution | Supported In Custom Roles |
baremetalsolution.instances.attachVolumebaremetalsolution.instances.detachVolume |
| Bare Metal Solution | Now GA |
baremetalsolution.instances.attachVolumebaremetalsolution.instances.detachVolume |
| Cloud Billing | Added |
billing.accounts.getCarbonInformation |
| Cloud Billing | Supported In Custom Roles |
billing.accounts.getCarbonInformation |
| Cloud Billing | Now GA |
billing.accounts.getCarbonInformation |
| Google Cloud Deploy | Added |
clouddeploy.releases.abandon |
| Google Cloud Deploy | Supported In Custom Roles |
clouddeploy.releases.abandon |
| Commerce Price Management | Added |
commerceprice.privateoffers.cancel |
| Commerce Price Management | Supported In Custom Roles |
commerceprice.privateoffers.cancel |
| Datastream | Added |
datastream.connectionProfiles.createTagBindingdatastream.connectionProfiles.deleteTagBindingdatastream.connectionProfiles.listEffectiveTagsdatastream.connectionProfiles.listTagBindingsdatastream.privateConnections.createTagBindingdatastream.privateConnections.deleteTagBindingdatastream.privateConnections.listEffectiveTagsdatastream.privateConnections.listTagBindingsdatastream.streams.createTagBindingdatastream.streams.deleteTagBindingdatastream.streams.listEffectiveTagsdatastream.streams.listTagBindings |
| Cloud DNS | Added |
dns.managedZones.getIamPolicydns.managedZones.setIamPolicy |
| Cloud DNS | Supported In Custom Roles |
dns.managedZones.getIamPolicydns.managedZones.setIamPolicy |
| Identity and Access Management | Added |
iam.serviceAccountKeys.disableiam.serviceAccountKeys.enable |
| Identity and Access Management | Supported In Custom Roles |
iam.serviceAccountKeys.disableiam.serviceAccountKeys.enable |
| Identity and Access Management | Now GA |
iam.serviceAccountKeys.disableiam.serviceAccountKeys.enable |
| Dataproc Metastore | Added |
metastore.federations.createmetastore.federations.deletemetastore.federations.getmetastore.federations.getIamPolicymetastore.federations.listmetastore.federations.setIamPolicymetastore.federations.updatemetastore.federations.use |
| Dataproc Metastore | Supported In Custom Roles |
metastore.federations.createmetastore.federations.deletemetastore.federations.getmetastore.federations.getIamPolicymetastore.federations.listmetastore.federations.setIamPolicymetastore.federations.updatemetastore.federations.use |
| Dataproc Metastore | Now GA |
metastore.federations.createmetastore.federations.deletemetastore.federations.getmetastore.federations.getIamPolicymetastore.federations.listmetastore.federations.setIamPolicymetastore.federations.updatemetastore.federations.use |
| Resource Manager | Now GA |
resourcemanager.hierarchyNodes.createTagBindingresourcemanager.hierarchyNodes.deleteTagBindingresourcemanager.hierarchyNodes.listTagBindingsresourcemanager.resourceTagBindings.createresourcemanager.resourceTagBindings.deleteresourcemanager.resourceTagBindings.listresourcemanager.tagHolds.createresourcemanager.tagHolds.deleteresourcemanager.tagHolds.listresourcemanager.tagKeys.createresourcemanager.tagKeys.deleteresourcemanager.tagKeys.getresourcemanager.tagKeys.getIamPolicyresourcemanager.tagKeys.listresourcemanager.tagKeys.setIamPolicyresourcemanager.tagKeys.updateresourcemanager.tagValueBindings.createresourcemanager.tagValueBindings.deleteresourcemanager.tagValues.createresourcemanager.tagValues.deleteresourcemanager.tagValues.getresourcemanager.tagValues.getIamPolicyresourcemanager.tagValues.listresourcemanager.tagValues.setIamPolicyresourcemanager.tagValues.update |
Cloud IAM changes as of 2022-05-27
| Service | Change | Description |
|---|---|---|
| AlloyDB for PostgreSQL | Now GA |
The role |
| Compute Engine | Role Updated |
The following permissions have been added to the role compute.addresses.usecompute.addresses.useInternalcompute.disks.createcompute.disks.setLabelscompute.disks.usecompute.disks.useReadOnlycompute.images.useReadOnlycompute.instanceTemplates.useReadOnlycompute.instances.createcompute.instances.createTagBindingcompute.instances.setDeletionProtectioncompute.instances.setLabelscompute.instances.setMetadatacompute.instances.setServiceAccountcompute.instances.setTagscompute.instances.updateDisplayDevicecompute.machineImages.useReadOnlycompute.networks.usecompute.networks.useExternalIpcompute.resourcePolicies.usecompute.snapshots.useReadOnlycompute.subnetworks.usecompute.subnetworks.useExternalIp |
| Dataflow | Role Updated |
The following permissions have been added to the role monitoring.timeSeries.create |
| Live Stream | Role Updated |
The following permissions have been added to the role storage.objects.getstorage.objects.list |
| Cloud Run | Role Updated |
The following permissions have been added to the role compute.addresses.createInternalcompute.addresses.deleteInternalcompute.addresses.getcompute.addresses.listcompute.subnetworks.getcompute.subnetworks.use |
| Cloud Run | Role Updated |
The following permissions have been added to the role compute.addresses.createInternalcompute.addresses.deleteInternalcompute.addresses.getcompute.addresses.listcompute.subnetworks.getcompute.subnetworks.use |
| AI Platform | Added |
aiplatform.entityTypes.getIamPolicyaiplatform.entityTypes.setIamPolicyaiplatform.featurestores.getIamPolicyaiplatform.featurestores.setIamPolicy |
| Container Security | Added |
containersecurity.locations.getcontainersecurity.locations.list |
| Network Management API | Added |
networkmanagement.config.getnetworkmanagement.config.startFreeTrialnetworkmanagement.config.update |
| Network Management API | Supported In Custom Roles |
networkmanagement.config.getnetworkmanagement.config.startFreeTrialnetworkmanagement.config.update |
| Network Management API | Now GA |
networkmanagement.config.getnetworkmanagement.config.startFreeTrialnetworkmanagement.config.update |
| Network Services | Added |
networkservices.tlsRoutes.createnetworkservices.tlsRoutes.deletenetworkservices.tlsRoutes.getnetworkservices.tlsRoutes.listnetworkservices.tlsRoutes.updatenetworkservices.tlsRoutes.use |
| Network Services | Supported In Custom Roles |
networkservices.tlsRoutes.createnetworkservices.tlsRoutes.deletenetworkservices.tlsRoutes.getnetworkservices.tlsRoutes.listnetworkservices.tlsRoutes.updatenetworkservices.tlsRoutes.use |
| reCAPTCHA Enterprise | Added |
recaptchaenterprise.keys.retrievelegacysecretkey |
| Transfer Appliance | Added |
transferappliance.appliances.createtransferappliance.appliances.deletetransferappliance.appliances.gettransferappliance.appliances.listtransferappliance.appliances.updatetransferappliance.locations.gettransferappliance.locations.listtransferappliance.operations.canceltransferappliance.operations.deletetransferappliance.operations.gettransferappliance.operations.listtransferappliance.orders.createtransferappliance.orders.deletetransferappliance.orders.gettransferappliance.orders.listtransferappliance.orders.update |
| Transfer Appliance | Supported In Custom Roles |
transferappliance.appliances.createtransferappliance.appliances.deletetransferappliance.appliances.gettransferappliance.appliances.listtransferappliance.appliances.updatetransferappliance.locations.gettransferappliance.locations.listtransferappliance.operations.canceltransferappliance.operations.deletetransferappliance.operations.gettransferappliance.operations.listtransferappliance.orders.createtransferappliance.orders.deletetransferappliance.orders.gettransferappliance.orders.listtransferappliance.orders.update |
Cloud IAM changes as of 2022-05-20
| Service | Change | Description |
|---|---|---|
| Anthos Service Mesh | Role Updated |
The following permissions have been added to the role container.jobs.createcontainer.jobs.deletecontainer.jobs.getcontainer.jobs.listcontainer.jobs.update |
| Backup for GKE | Role Updated |
The following permissions have been added to the role compute.disks.listcompute.disks.setLabels |
| AI Platform | Added |
aiplatform.humanInTheLoops.queryAnnotationStats |
| Bare Metal Solution | Added |
baremetalsolution.luns.createbaremetalsolution.luns.deletebaremetalsolution.luns.updatebaremetalsolution.volumes.createbaremetalsolution.volumes.delete |
| Bare Metal Solution | Supported In Custom Roles |
baremetalsolution.luns.createbaremetalsolution.luns.deletebaremetalsolution.luns.updatebaremetalsolution.volumes.createbaremetalsolution.volumes.delete |
| Bare Metal Solution | Now GA |
baremetalsolution.luns.createbaremetalsolution.luns.deletebaremetalsolution.luns.updatebaremetalsolution.volumes.createbaremetalsolution.volumes.delete |
| BigQuery | Added |
bigquery.datasets.createTagBindingbigquery.datasets.deleteTagBindingbigquery.datasets.listTagBindings |
| BigQuery | Supported In Custom Roles |
bigquery.datasets.createTagBindingbigquery.datasets.deleteTagBindingbigquery.datasets.listTagBindings |
| Recommender | Added |
recommender.containerDiagnosisInsights.getrecommender.containerDiagnosisInsights.listrecommender.containerDiagnosisInsights.updaterecommender.containerDiagnosisRecommendations.getrecommender.containerDiagnosisRecommendations.listrecommender.containerDiagnosisRecommendations.update |
| Recommender | Supported In Custom Roles |
recommender.containerDiagnosisInsights.getrecommender.containerDiagnosisInsights.listrecommender.containerDiagnosisInsights.updaterecommender.containerDiagnosisRecommendations.getrecommender.containerDiagnosisRecommendations.listrecommender.containerDiagnosisRecommendations.update |
| Service Security Insights | Added |
servicesecurityinsights.securityInfo.list |
| Service Security Insights | Supported In Custom Roles |
servicesecurityinsights.securityInfo.list |
Cloud IAM changes as of 2022-05-13
| Service | Change | Description |
|---|---|---|
| Assured Workloads | Role Updated |
The following permissions have been added to the role logging.cmekSettings.update |
| Maps Admin | Now GA |
The role |
| Maps Admin | Now GA |
The role |
| Security Command Center | Role Updated |
The following permissions have been added to the role orgpolicy.policies.list |
| Security Command Center | Role Updated |
The following permissions have been added to the role orgpolicy.policies.list |
| Service Security Insights | Role Added |
The role servicesecurityinsights.clusterSecurityInfo.getservicesecurityinsights.clusterSecurityInfo.listservicesecurityinsights.clusters.getservicesecurityinsights.clusters.listservicesecurityinsights.googleapis.com/clusterSecurityInfo.getservicesecurityinsights.googleapis.com/clusterSecurityInfo.listservicesecurityinsights.googleapis.com/clusters.getservicesecurityinsights.googleapis.com/clusters.listservicesecurityinsights.googleapis.com/locations.getservicesecurityinsights.googleapis.com/locations.listservicesecurityinsights.googleapis.com/namespaces.getservicesecurityinsights.googleapis.com/namespaces.listservicesecurityinsights.googleapis.com/policies.getservicesecurityinsights.googleapis.com/policyTypes.getservicesecurityinsights.googleapis.com/policyTypes.listservicesecurityinsights.googleapis.com/projectStates.getservicesecurityinsights.googleapis.com/securityInfo.listservicesecurityinsights.googleapis.com/securityViews.getservicesecurityinsights.googleapis.com/workloadPolicies.listservicesecurityinsights.googleapis.com/workloadSecurityInfo.getservicesecurityinsights.googleapis.com/workloadTypes.getservicesecurityinsights.googleapis.com/workloadTypes.listservicesecurityinsights.googleapis.com/workloads.getservicesecurityinsights.googleapis.com/workloads.listservicesecurityinsights.locations.getservicesecurityinsights.locations.listservicesecurityinsights.namespaces.getservicesecurityinsights.namespaces.listservicesecurityinsights.policies.getservicesecurityinsights.policyTypes.getservicesecurityinsights.policyTypes.listservicesecurityinsights.projectStates.getservicesecurityinsights.securityInfo.listservicesecurityinsights.securityViews.getservicesecurityinsights.workloadPolicies.listservicesecurityinsights.workloadSecurityInfo.getservicesecurityinsights.workloadTypes.getservicesecurityinsights.workloadTypes.listservicesecurityinsights.workloads.getservicesecurityinsights.workloads.list |
| Apigee | Added |
apigee.keyvaluemapentries.createapigee.keyvaluemapentries.deleteapigee.keyvaluemapentries.get |
| Apigee | Supported In Custom Roles |
apigee.keyvaluemapentries.createapigee.keyvaluemapentries.deleteapigee.keyvaluemapentries.get |
| Apigee | Now GA |
apigee.keyvaluemapentries.createapigee.keyvaluemapentries.deleteapigee.keyvaluemapentries.get |
| Artifact Registry | Added |
artifactregistry.locations.getartifactregistry.locations.list |
| Artifact Registry | Supported In Custom Roles |
artifactregistry.locations.getartifactregistry.locations.list |
| Artifact Registry | Now GA |
artifactregistry.locations.getartifactregistry.locations.list |
| Care Studio | Added |
carestudio.patients.getcarestudio.patients.list |
| Identity-Aware Proxy | Added |
iap.tunnelDestGroups.accessViaIAPiap.tunnelDestGroups.createiap.tunnelDestGroups.deleteiap.tunnelDestGroups.getiap.tunnelDestGroups.getIamPolicyiap.tunnelDestGroups.listiap.tunnelDestGroups.setIamPolicyiap.tunnelDestGroups.updateiap.tunnelLocations.getIamPolicyiap.tunnelLocations.setIamPolicy |
| Identity-Aware Proxy | Supported In Custom Roles |
iap.tunnelDestGroups.accessViaIAPiap.tunnelDestGroups.createiap.tunnelDestGroups.deleteiap.tunnelDestGroups.getiap.tunnelDestGroups.getIamPolicyiap.tunnelDestGroups.listiap.tunnelDestGroups.setIamPolicyiap.tunnelDestGroups.updateiap.tunnelLocations.getIamPolicyiap.tunnelLocations.setIamPolicy |
| Maps Admin | Added |
mapsadmin.clientMaps.createmapsadmin.clientMaps.deletemapsadmin.clientMaps.getmapsadmin.clientMaps.listmapsadmin.clientMaps.updatemapsadmin.clientStyleActivationRules.updatemapsadmin.clientStyleSheetSnapshots.listmapsadmin.clientStyleSheetSnapshots.updatemapsadmin.clientStyles.createmapsadmin.clientStyles.deletemapsadmin.clientStyles.getmapsadmin.clientStyles.listmapsadmin.clientStyles.updatemapsadmin.styleEditorConfigs.get |
| Maps Admin | Supported In Custom Roles |
mapsadmin.clientMaps.createmapsadmin.clientMaps.deletemapsadmin.clientMaps.getmapsadmin.clientMaps.listmapsadmin.clientMaps.updatemapsadmin.clientStyleActivationRules.updatemapsadmin.clientStyleSheetSnapshots.listmapsadmin.clientStyleSheetSnapshots.updatemapsadmin.clientStyles.createmapsadmin.clientStyles.deletemapsadmin.clientStyles.getmapsadmin.clientStyles.listmapsadmin.clientStyles.updatemapsadmin.styleEditorConfigs.get |
| Maps Admin | Now GA |
mapsadmin.clientMaps.createmapsadmin.clientMaps.deletemapsadmin.clientMaps.getmapsadmin.clientMaps.listmapsadmin.clientMaps.updatemapsadmin.clientStyleActivationRules.updatemapsadmin.clientStyleSheetSnapshots.listmapsadmin.clientStyleSheetSnapshots.updatemapsadmin.clientStyles.createmapsadmin.clientStyles.deletemapsadmin.clientStyles.getmapsadmin.clientStyles.listmapsadmin.clientStyles.updatemapsadmin.styleEditorConfigs.get |
| Certificate Authority Service | Added |
privateca.caPools.use |
| Certificate Authority Service | Now GA |
privateca.caPools.use |
Cloud IAM changes as of 2022-05-06
| Service | Change | Description |
|---|---|---|
| Cloud Billing | Now GA |
The role |
| Cloud Functions | Role Updated |
The following permissions have been added to the role run.operations.deleterun.operations.getrun.operations.list |
| Cloud Functions | Role Updated |
The following permissions have been added to the role run.operations.deleterun.operations.getrun.operations.list |
| Firebase App Check | Now GA |
The role |
| Firebase App Check | Now GA |
The role |
| Recommender | Now GA |
The role |
| Recommender | Now GA |
The role |
| Cloud Run | Role Updated |
The following permissions have been added to the role run.operations.deleterun.operations.getrun.operations.list |
| Container Security | Added |
containersecurity.clusterSummaries.listcontainersecurity.workloadConfigAudits.list |
| Container Security | Supported In Custom Roles |
containersecurity.clusterSummaries.listcontainersecurity.workloadConfigAudits.list |
| Eventarc | Added |
eventarc.channelConnections.createeventarc.channelConnections.deleteeventarc.channelConnections.geteventarc.channelConnections.getIamPolicyeventarc.channelConnections.listeventarc.channelConnections.publisheventarc.channelConnections.setIamPolicy |
| Eventarc | Supported In Custom Roles |
eventarc.channelConnections.createeventarc.channelConnections.deleteeventarc.channelConnections.geteventarc.channelConnections.getIamPolicyeventarc.channelConnections.listeventarc.channelConnections.publisheventarc.channelConnections.setIamPolicy |
| Firebase App Check | Added |
firebaseappcheck.recaptchaV3Config.getfirebaseappcheck.recaptchaV3Config.update |
| Firebase App Check | Now GA |
firebaseappcheck.appAttestConfig.getfirebaseappcheck.appAttestConfig.updatefirebaseappcheck.debugTokens.getfirebaseappcheck.debugTokens.updatefirebaseappcheck.deviceCheckConfig.getfirebaseappcheck.deviceCheckConfig.updatefirebaseappcheck.playIntegrityConfig.getfirebaseappcheck.playIntegrityConfig.updatefirebaseappcheck.recaptchaEnterpriseConfig.getfirebaseappcheck.recaptchaEnterpriseConfig.updatefirebaseappcheck.recaptchaV3Config.getfirebaseappcheck.recaptchaV3Config.updatefirebaseappcheck.safetyNetConfig.getfirebaseappcheck.safetyNetConfig.updatefirebaseappcheck.services.getfirebaseappcheck.services.update |
| Managed Service for Microsoft Active Directory | Added |
managedidentities.domains.extendSchema |
| Managed Service for Microsoft Active Directory | Supported In Custom Roles |
managedidentities.domains.extendSchema |
| Recommender | Added |
recommender.gmpProjectManagementInsights.getrecommender.gmpProjectManagementInsights.listrecommender.gmpProjectManagementInsights.updaterecommender.gmpProjectManagementRecommendations.getrecommender.gmpProjectManagementRecommendations.listrecommender.gmpProjectManagementRecommendations.updaterecommender.gmpProjectProductSuggestionsInsights.getrecommender.gmpProjectProductSuggestionsInsights.listrecommender.gmpProjectProductSuggestionsInsights.updaterecommender.gmpProjectProductSuggestionsRecommendations.getrecommender.gmpProjectProductSuggestionsRecommendations.listrecommender.gmpProjectProductSuggestionsRecommendations.updaterecommender.gmpProjectQuotaInsights.getrecommender.gmpProjectQuotaInsights.listrecommender.gmpProjectQuotaInsights.updaterecommender.gmpProjectQuotaRecommendations.getrecommender.gmpProjectQuotaRecommendations.listrecommender.gmpProjectQuotaRecommendations.update |
| Recommender | Supported In Custom Roles |
recommender.gmpProjectManagementInsights.getrecommender.gmpProjectManagementInsights.listrecommender.gmpProjectManagementInsights.updaterecommender.gmpProjectManagementRecommendations.getrecommender.gmpProjectManagementRecommendations.listrecommender.gmpProjectManagementRecommendations.updaterecommender.gmpProjectProductSuggestionsInsights.getrecommender.gmpProjectProductSuggestionsInsights.listrecommender.gmpProjectProductSuggestionsInsights.updaterecommender.gmpProjectProductSuggestionsRecommendations.getrecommender.gmpProjectProductSuggestionsRecommendations.listrecommender.gmpProjectProductSuggestionsRecommendations.updaterecommender.gmpProjectQuotaInsights.getrecommender.gmpProjectQuotaInsights.listrecommender.gmpProjectQuotaInsights.updaterecommender.gmpProjectQuotaRecommendations.getrecommender.gmpProjectQuotaRecommendations.listrecommender.gmpProjectQuotaRecommendations.update |
| Recommender | Now GA |
recommender.gmpProjectManagementInsights.getrecommender.gmpProjectManagementInsights.listrecommender.gmpProjectManagementInsights.updaterecommender.gmpProjectManagementRecommendations.getrecommender.gmpProjectManagementRecommendations.listrecommender.gmpProjectManagementRecommendations.updaterecommender.gmpProjectProductSuggestionsInsights.getrecommender.gmpProjectProductSuggestionsInsights.listrecommender.gmpProjectProductSuggestionsInsights.updaterecommender.gmpProjectProductSuggestionsRecommendations.getrecommender.gmpProjectProductSuggestionsRecommendations.listrecommender.gmpProjectProductSuggestionsRecommendations.updaterecommender.gmpProjectQuotaInsights.getrecommender.gmpProjectQuotaInsights.listrecommender.gmpProjectQuotaInsights.updaterecommender.gmpProjectQuotaRecommendations.getrecommender.gmpProjectQuotaRecommendations.listrecommender.gmpProjectQuotaRecommendations.update |
| Cloud Run | Added |
run.executions.deleterun.executions.getrun.executions.listrun.jobs.createrun.jobs.deleterun.jobs.getrun.jobs.getIamPolicyrun.jobs.listrun.jobs.runrun.jobs.setIamPolicyrun.jobs.updaterun.tasks.getrun.tasks.list |
| Cloud Run | Supported In Custom Roles |
run.jobs.runrun.jobs.update |
| Cloud Run | Now GA |
run.executions.deleterun.executions.getrun.executions.listrun.jobs.createrun.jobs.deleterun.jobs.getrun.jobs.getIamPolicyrun.jobs.listrun.jobs.runrun.jobs.setIamPolicyrun.jobs.updaterun.tasks.getrun.tasks.list |
| Service Security Insights | Added |
servicesecurityinsights.clusterSecurityInfo.getservicesecurityinsights.clusterSecurityInfo.listservicesecurityinsights.policies.getservicesecurityinsights.projectStates.getservicesecurityinsights.securityViews.getservicesecurityinsights.workloadPolicies.listservicesecurityinsights.workloadSecurityInfo.get |
Cloud IAM changes as of 2022-04-29
| Service | Change | Description |
|---|---|---|
| Apigee | Role Updated |
The following permissions have been added to the role apigee.keyvaluemaps.createapigee.keyvaluemaps.delete |
| Content Warehouse | Role Updated |
The following permissions have been removed from the role contentwarehouse.documents.createcontentwarehouse.documents.deletecontentwarehouse.documents.setIamPolicy |
| Dataflow | Role Updated |
The following permissions have been added to the role cloudbuild.builds.createcloudbuild.builds.getcloudbuild.builds.listcloudbuild.builds.updateremotebuildexecution.blobs.get |
| Dataflow | Role Updated |
The following permissions have been added to the role cloudbuild.builds.createcloudbuild.builds.getcloudbuild.builds.listcloudbuild.builds.updateremotebuildexecution.blobs.get |
| Dataflow | Role Updated |
The following permissions have been added to the role dataflow.jobs.canceldataflow.jobs.createdataflow.jobs.getdataflow.jobs.listdataflow.jobs.snapshotdataflow.jobs.updateContentsdataflow.messages.listdataflow.metrics.getdataflow.snapshots.deletedataflow.snapshots.getdataflow.snapshots.listrecommender.dataflowDiagnosticsInsights.getrecommender.dataflowDiagnosticsInsights.listrecommender.dataflowDiagnosticsInsights.updateserviceusage.services.use |
| Data Pipelines | Role Updated |
The following permissions have been added to the role cloudbuild.builds.createcloudbuild.builds.getcloudbuild.builds.listcloudbuild.builds.updateremotebuildexecution.blobs.get |
| Dataprep by Trifacta | Role Updated |
The following permissions have been added to the role cloudbuild.builds.createcloudbuild.builds.getcloudbuild.builds.listcloudbuild.builds.updateremotebuildexecution.blobs.get |
| Firebase Mods | Role Updated |
The following permissions have been added to the role iam.serviceAccounts.actAs |
| Speech-to-Text | Role Updated |
The following permissions have been added to the role speech.customClasses.getspeech.customClasses.listspeech.phraseSets.getspeech.phraseSets.list |
| Apigee | Added |
apigee.datalocation.get |
| Apigee | Supported In Custom Roles |
apigee.datalocation.get |
| Apigee | Now GA |
apigee.datalocation.get |
| Compute Engine | Added |
compute.instances.createTagBindingcompute.instances.deleteTagBindingcompute.instances.listTagBindings |
| Compute Engine | Now GA |
compute.instances.createTagBindingcompute.instances.deleteTagBindingcompute.instances.listTagBindings |
| Eventarc | Added |
eventarc.channels.createeventarc.channels.deleteeventarc.channels.geteventarc.channels.getIamPolicyeventarc.channels.listeventarc.channels.publisheventarc.channels.setIamPolicyeventarc.channels.undeleteeventarc.channels.update |
| Eventarc | Supported In Custom Roles |
eventarc.channels.createeventarc.channels.deleteeventarc.channels.geteventarc.channels.getIamPolicyeventarc.channels.listeventarc.channels.publisheventarc.channels.setIamPolicyeventarc.channels.undeleteeventarc.channels.update |
| Firebase App Check | Added |
firebaseappcheck.playIntegrityConfig.getfirebaseappcheck.playIntegrityConfig.update |
| Firebase App Check | Supported In Custom Roles |
firebaseappcheck.playIntegrityConfig.getfirebaseappcheck.playIntegrityConfig.update |
| Recommender | Added |
recommender.costInsights.getrecommender.costInsights.listrecommender.costInsights.updaterecommender.runServiceIdentityInsights.getrecommender.runServiceIdentityInsights.listrecommender.runServiceIdentityInsights.updaterecommender.runServiceIdentityRecommendations.getrecommender.runServiceIdentityRecommendations.listrecommender.runServiceIdentityRecommendations.update |
| Recommender | Supported In Custom Roles |
recommender.runServiceIdentityInsights.getrecommender.runServiceIdentityInsights.listrecommender.runServiceIdentityInsights.updaterecommender.runServiceIdentityRecommendations.getrecommender.runServiceIdentityRecommendations.listrecommender.runServiceIdentityRecommendations.update |
| Recommender | Now GA |
recommender.runServiceIdentityInsights.getrecommender.runServiceIdentityInsights.listrecommender.runServiceIdentityInsights.updaterecommender.runServiceIdentityRecommendations.getrecommender.runServiceIdentityRecommendations.listrecommender.runServiceIdentityRecommendations.update |
Cloud IAM changes as of 2022-04-22
| Service | Change | Description |
|---|---|---|
| BigQuery Migration API | Now GA |
The role |
| BigQuery Migration API | Now GA |
The role |
| BigQuery Migration API | Now GA |
The role |
| BigQuery Migration API | Now GA |
The role |
| BigQuery Migration API | Now GA |
The role |
| Google Kubernetes Engine | Role Updated |
The following permissions have been added to the role serviceusage.services.use |
| Storage Transfer Service | Role Updated |
The following permissions have been removed from the role pubsub.snapshots.seek |
| BigQuery Migration API | Now GA |
bigquerymigration.locations.getbigquerymigration.locations.listbigquerymigration.subtaskTypes.executeTaskbigquerymigration.subtasks.createbigquerymigration.subtasks.executeTaskbigquerymigration.subtasks.getbigquerymigration.subtasks.listbigquerymigration.taskTypes.orchestrateTaskbigquerymigration.translation.translatebigquerymigration.workflows.createbigquerymigration.workflows.deletebigquerymigration.workflows.getbigquerymigration.workflows.listbigquerymigration.workflows.orchestrateTaskbigquerymigration.workflows.updatebigquerymigration.workflows.writeLogs |
| Cloud Key Management Service | Added |
cloudkms.keyRings.listEffectiveTags |
| Cloud Key Management Service | Now GA |
cloudkms.keyRings.listEffectiveTags |
| Cloud Optimization | Added |
cloudoptimization.operations.createcloudoptimization.operations.get |
| Cloud Optimization | Supported In Custom Roles |
cloudoptimization.operations.createcloudoptimization.operations.get |
| Cloud SQL | Added |
cloudsql.instances.listEffectiveTagscloudsql.users.get |
| Cloud SQL | Supported In Custom Roles |
cloudsql.users.get |
| Cloud SQL | Now GA |
cloudsql.instances.listEffectiveTagscloudsql.users.get |
| Compute Engine | Added |
compute.disks.listEffectiveTagscompute.images.listEffectiveTagscompute.instances.listEffectiveTagscompute.snapshots.listEffectiveTags |
| Google Kubernetes Engine | Added |
container.clusters.createTagBindingcontainer.clusters.deleteTagBindingcontainer.clusters.listEffectiveTagscontainer.clusters.listTagBindings |
| Google Kubernetes Engine | Now GA |
container.clusters.createTagBindingcontainer.clusters.deleteTagBindingcontainer.clusters.listEffectiveTagscontainer.clusters.listTagBindings |
| Cloud Domains | Added |
domains.registrations.listEffectiveTags |
| Cloud Domains | Now GA |
domains.registrations.listEffectiveTags |
| Filestore | Added |
file.backups.listEffectiveTagsfile.instances.listEffectiveTagsfile.snapshots.listEffectiveTags |
| GKE Hub | Supported In Custom Roles |
gkehub.features.creategkehub.features.deletegkehub.features.getgkehub.features.getIamPolicygkehub.features.listgkehub.features.setIamPolicygkehub.features.update |
| Managed Service for Microsoft Active Directory | Added |
managedidentities.domains.listEffectiveTags |
| Managed Service for Microsoft Active Directory | Now GA |
managedidentities.domains.listEffectiveTags |
| Recommender | Added |
recommender.computeInstanceCpuUsageInsights.getrecommender.computeInstanceCpuUsageInsights.listrecommender.computeInstanceCpuUsageInsights.updaterecommender.computeInstanceCpuUsagePredictionInsights.getrecommender.computeInstanceCpuUsagePredictionInsights.listrecommender.computeInstanceCpuUsagePredictionInsights.updaterecommender.computeInstanceCpuUsageTrendInsights.getrecommender.computeInstanceCpuUsageTrendInsights.listrecommender.computeInstanceCpuUsageTrendInsights.updaterecommender.computeInstanceGroupManagerCpuUsageInsights.getrecommender.computeInstanceGroupManagerCpuUsageInsights.listrecommender.computeInstanceGroupManagerCpuUsageInsights.updaterecommender.computeInstanceGroupManagerCpuUsagePredictionInsights.getrecommender.computeInstanceGroupManagerCpuUsagePredictionInsights.listrecommender.computeInstanceGroupManagerCpuUsagePredictionInsights.updaterecommender.computeInstanceGroupManagerCpuUsageTrendInsights.getrecommender.computeInstanceGroupManagerCpuUsageTrendInsights.listrecommender.computeInstanceGroupManagerCpuUsageTrendInsights.updaterecommender.computeInstanceGroupManagerMemoryUsageInsights.getrecommender.computeInstanceGroupManagerMemoryUsageInsights.listrecommender.computeInstanceGroupManagerMemoryUsageInsights.updaterecommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.getrecommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.listrecommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.updaterecommender.computeInstanceMemoryUsageInsights.getrecommender.computeInstanceMemoryUsageInsights.listrecommender.computeInstanceMemoryUsageInsights.updaterecommender.computeInstanceMemoryUsagePredictionInsights.getrecommender.computeInstanceMemoryUsagePredictionInsights.listrecommender.computeInstanceMemoryUsagePredictionInsights.updaterecommender.computeInstanceNetworkThroughputInsights.getrecommender.computeInstanceNetworkThroughputInsights.listrecommender.computeInstanceNetworkThroughputInsights.updaterecommender.spendBasedCommitmentInsights.getrecommender.spendBasedCommitmentInsights.listrecommender.spendBasedCommitmentInsights.updaterecommender.spendBasedCommitmentRecommendations.getrecommender.spendBasedCommitmentRecommendations.listrecommender.spendBasedCommitmentRecommendations.update |
| Recommender | Supported In Custom Roles |
recommender.computeInstanceCpuUsageInsights.getrecommender.computeInstanceCpuUsageInsights.listrecommender.computeInstanceCpuUsageInsights.updaterecommender.computeInstanceCpuUsagePredictionInsights.getrecommender.computeInstanceCpuUsagePredictionInsights.listrecommender.computeInstanceCpuUsagePredictionInsights.updaterecommender.computeInstanceCpuUsageTrendInsights.getrecommender.computeInstanceCpuUsageTrendInsights.listrecommender.computeInstanceCpuUsageTrendInsights.updaterecommender.computeInstanceGroupManagerCpuUsageInsights.getrecommender.computeInstanceGroupManagerCpuUsageInsights.listrecommender.computeInstanceGroupManagerCpuUsageInsights.updaterecommender.computeInstanceGroupManagerCpuUsagePredictionInsights.getrecommender.computeInstanceGroupManagerCpuUsagePredictionInsights.listrecommender.computeInstanceGroupManagerCpuUsagePredictionInsights.updaterecommender.computeInstanceGroupManagerCpuUsageTrendInsights.getrecommender.computeInstanceGroupManagerCpuUsageTrendInsights.listrecommender.computeInstanceGroupManagerCpuUsageTrendInsights.updaterecommender.computeInstanceGroupManagerMemoryUsageInsights.getrecommender.computeInstanceGroupManagerMemoryUsageInsights.listrecommender.computeInstanceGroupManagerMemoryUsageInsights.updaterecommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.getrecommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.listrecommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.updaterecommender.computeInstanceMemoryUsageInsights.getrecommender.computeInstanceMemoryUsageInsights.listrecommender.computeInstanceMemoryUsageInsights.updaterecommender.computeInstanceMemoryUsagePredictionInsights.getrecommender.computeInstanceMemoryUsagePredictionInsights.listrecommender.computeInstanceMemoryUsagePredictionInsights.updaterecommender.computeInstanceNetworkThroughputInsights.getrecommender.computeInstanceNetworkThroughputInsights.listrecommender.computeInstanceNetworkThroughputInsights.updaterecommender.spendBasedCommitmentInsights.getrecommender.spendBasedCommitmentInsights.listrecommender.spendBasedCommitmentInsights.updaterecommender.spendBasedCommitmentRecommendations.getrecommender.spendBasedCommitmentRecommendations.listrecommender.spendBasedCommitmentRecommendations.update |
| Recommender | Now GA |
recommender.computeInstanceCpuUsageInsights.getrecommender.computeInstanceCpuUsageInsights.listrecommender.computeInstanceCpuUsageInsights.updaterecommender.computeInstanceCpuUsagePredictionInsights.getrecommender.computeInstanceCpuUsagePredictionInsights.listrecommender.computeInstanceCpuUsagePredictionInsights.updaterecommender.computeInstanceCpuUsageTrendInsights.getrecommender.computeInstanceCpuUsageTrendInsights.listrecommender.computeInstanceCpuUsageTrendInsights.updaterecommender.computeInstanceGroupManagerCpuUsageInsights.getrecommender.computeInstanceGroupManagerCpuUsageInsights.listrecommender.computeInstanceGroupManagerCpuUsageInsights.updaterecommender.computeInstanceGroupManagerCpuUsagePredictionInsights.getrecommender.computeInstanceGroupManagerCpuUsagePredictionInsights.listrecommender.computeInstanceGroupManagerCpuUsagePredictionInsights.updaterecommender.computeInstanceGroupManagerCpuUsageTrendInsights.getrecommender.computeInstanceGroupManagerCpuUsageTrendInsights.listrecommender.computeInstanceGroupManagerCpuUsageTrendInsights.updaterecommender.computeInstanceGroupManagerMemoryUsageInsights.getrecommender.computeInstanceGroupManagerMemoryUsageInsights.listrecommender.computeInstanceGroupManagerMemoryUsageInsights.updaterecommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.getrecommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.listrecommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.updaterecommender.computeInstanceMemoryUsageInsights.getrecommender.computeInstanceMemoryUsageInsights.listrecommender.computeInstanceMemoryUsageInsights.updaterecommender.computeInstanceMemoryUsagePredictionInsights.getrecommender.computeInstanceMemoryUsagePredictionInsights.listrecommender.computeInstanceMemoryUsagePredictionInsights.updaterecommender.computeInstanceNetworkThroughputInsights.getrecommender.computeInstanceNetworkThroughputInsights.listrecommender.computeInstanceNetworkThroughputInsights.update |
| Resource Manager | Added |
resourcemanager.hierarchyNodes.listEffectiveTags |
| Cloud Spanner | Added |
spanner.backups.copy |
| Cloud Spanner | Supported In Custom Roles |
spanner.backups.copy |
| Cloud Spanner | Now GA |
spanner.backups.copy |
| Cloud Storage | Added |
storage.buckets.listEffectiveTags |
| Cloud Storage | Now GA |
storage.buckets.listEffectiveTags |
Cloud IAM changes as of 2022-04-15
| Service | Change | Description |
|---|---|---|
| AI Platform | Role Updated |
The following permissions have been added to the role aiplatform.entityTypes.exportFeatureValues |
| AI Platform | Role Updated |
The following permissions have been added to the role aiplatform.entityTypes.exportFeatureValues |
| Cloud Functions | Role Updated |
The following permissions have been added to the role cloudfunctions.functions.getcloudfunctions.functions.listcloudfunctions.operations.getcloudfunctions.operations.list |
| Dataplex | Role Updated |
The following permissions have been added to the role dataplex.tasks.createdataplex.tasks.update |
| Speech-to-Text | Now GA |
The role |
| BigQuery | Added |
bigquery.dataPolicies.createbigquery.dataPolicies.deletebigquery.dataPolicies.getbigquery.dataPolicies.getIamPolicybigquery.dataPolicies.listbigquery.dataPolicies.maskedGetbigquery.dataPolicies.setIamPolicybigquery.dataPolicies.update |
| BigQuery Migration API | Added |
bigquerymigration.locations.getbigquerymigration.locations.listbigquerymigration.subtaskTypes.executeTaskbigquerymigration.subtasks.createbigquerymigration.subtasks.executeTaskbigquerymigration.subtasks.getbigquerymigration.subtasks.listbigquerymigration.taskTypes.orchestrateTaskbigquerymigration.translation.translatebigquerymigration.workflows.createbigquerymigration.workflows.deletebigquerymigration.workflows.getbigquerymigration.workflows.listbigquerymigration.workflows.orchestrateTaskbigquerymigration.workflows.updatebigquerymigration.workflows.writeLogs |
| Compute Engine | Added |
compute.packetMirrorings.createcompute.packetMirrorings.deletecompute.packetMirrorings.getcompute.packetMirrorings.list |
| Compute Engine | Now GA |
compute.packetMirrorings.createcompute.packetMirrorings.deletecompute.packetMirrorings.getcompute.packetMirrorings.list |
Cloud IAM changes as of 2022-04-08
| Service | Change | Description |
|---|---|---|
| Assured Workloads | Role Updated |
The following permissions have been removed from the role cloudasset.assets.exportResourcecloudasset.feeds.createcloudasset.feeds.deletecloudasset.feeds.getcloudasset.feeds.update |
| Cloud Data Fusion | Role Updated |
The following permissions have been added to the role dns.managedZones.createdns.managedZones.deletedns.managedZones.getdns.managedZones.listdns.networks.bindPrivateDNSZonedns.networks.targetWithPeeringZone |
| Dataproc | Role Updated |
The following permissions have been added to the role container.clusterRoleBindings.createcontainer.clusterRoleBindings.deletecontainer.clusterRoleBindings.getcontainer.clusterRoleBindings.listcontainer.clusterRoleBindings.updatecontainer.clusterRoles.bindcontainer.clusterRoles.createcontainer.clusterRoles.deletecontainer.clusterRoles.escalatecontainer.clusterRoles.getcontainer.clusterRoles.listcontainer.clusterRoles.updatecontainer.clusters.getcontainer.clusters.updatecontainer.customResourceDefinitions.createcontainer.customResourceDefinitions.deletecontainer.customResourceDefinitions.getcontainer.customResourceDefinitions.listcontainer.customResourceDefinitions.updatecontainer.namespaces.createcontainer.namespaces.deletecontainer.namespaces.getcontainer.namespaces.listcontainer.namespaces.updatecontainer.operations.getcontainer.roleBindings.createcontainer.roleBindings.deletecontainer.roleBindings.getcontainer.roleBindings.listcontainer.roleBindings.updatecontainer.roles.bindcontainer.roles.escalate |
| Recommender | Now GA |
The role |
| Recommender | Now GA |
The role |
| Apigee Registry | Added |
apigeeregistry.apis.createapigeeregistry.apis.deleteapigeeregistry.apis.getapigeeregistry.apis.getIamPolicyapigeeregistry.apis.listapigeeregistry.apis.setIamPolicyapigeeregistry.apis.updateapigeeregistry.artifacts.createapigeeregistry.artifacts.deleteapigeeregistry.artifacts.getapigeeregistry.artifacts.getIamPolicyapigeeregistry.artifacts.listapigeeregistry.artifacts.setIamPolicyapigeeregistry.artifacts.updateapigeeregistry.deployments.createapigeeregistry.deployments.deleteapigeeregistry.deployments.getapigeeregistry.deployments.listapigeeregistry.deployments.updateapigeeregistry.instances.getapigeeregistry.instances.updateapigeeregistry.locations.getapigeeregistry.locations.listapigeeregistry.operations.cancelapigeeregistry.operations.deleteapigeeregistry.operations.getapigeeregistry.operations.listapigeeregistry.specs.createapigeeregistry.specs.deleteapigeeregistry.specs.getapigeeregistry.specs.getIamPolicyapigeeregistry.specs.listapigeeregistry.specs.setIamPolicyapigeeregistry.specs.updateapigeeregistry.versions.createapigeeregistry.versions.deleteapigeeregistry.versions.getapigeeregistry.versions.getIamPolicyapigeeregistry.versions.listapigeeregistry.versions.setIamPolicyapigeeregistry.versions.update |
| Apigee Registry | Supported In Custom Roles |
apigeeregistry.apis.createapigeeregistry.apis.deleteapigeeregistry.apis.getapigeeregistry.apis.getIamPolicyapigeeregistry.apis.listapigeeregistry.apis.setIamPolicyapigeeregistry.apis.updateapigeeregistry.artifacts.createapigeeregistry.artifacts.deleteapigeeregistry.artifacts.getapigeeregistry.artifacts.getIamPolicyapigeeregistry.artifacts.listapigeeregistry.artifacts.setIamPolicyapigeeregistry.artifacts.updateapigeeregistry.deployments.createapigeeregistry.deployments.deleteapigeeregistry.deployments.getapigeeregistry.deployments.listapigeeregistry.deployments.updateapigeeregistry.instances.getapigeeregistry.instances.updateapigeeregistry.locations.getapigeeregistry.locations.listapigeeregistry.operations.cancelapigeeregistry.operations.deleteapigeeregistry.operations.getapigeeregistry.operations.listapigeeregistry.specs.createapigeeregistry.specs.deleteapigeeregistry.specs.getapigeeregistry.specs.getIamPolicyapigeeregistry.specs.listapigeeregistry.specs.setIamPolicyapigeeregistry.specs.updateapigeeregistry.versions.createapigeeregistry.versions.deleteapigeeregistry.versions.getapigeeregistry.versions.getIamPolicyapigeeregistry.versions.listapigeeregistry.versions.setIamPolicyapigeeregistry.versions.update |
| Anthos clusters on VMware (GKE on-prem) | Added |
gkeonprem.locations.getgkeonprem.locations.listgkeonprem.operations.cancelgkeonprem.operations.deletegkeonprem.operations.getgkeonprem.operations.listgkeonprem.vmwareClusters.creategkeonprem.vmwareClusters.deletegkeonprem.vmwareClusters.enrollgkeonprem.vmwareClusters.getgkeonprem.vmwareClusters.getIamPolicygkeonprem.vmwareClusters.listgkeonprem.vmwareClusters.setIamPolicygkeonprem.vmwareClusters.unenrollgkeonprem.vmwareClusters.updategkeonprem.vmwareNodePools.creategkeonprem.vmwareNodePools.deletegkeonprem.vmwareNodePools.getgkeonprem.vmwareNodePools.getIamPolicygkeonprem.vmwareNodePools.listgkeonprem.vmwareNodePools.setIamPolicygkeonprem.vmwareNodePools.update |
| Anthos clusters on VMware (GKE on-prem) | Supported In Custom Roles |
gkeonprem.locations.getgkeonprem.locations.listgkeonprem.operations.cancelgkeonprem.operations.deletegkeonprem.operations.getgkeonprem.operations.listgkeonprem.vmwareClusters.creategkeonprem.vmwareClusters.deletegkeonprem.vmwareClusters.enrollgkeonprem.vmwareClusters.getgkeonprem.vmwareClusters.getIamPolicygkeonprem.vmwareClusters.listgkeonprem.vmwareClusters.setIamPolicygkeonprem.vmwareClusters.unenrollgkeonprem.vmwareClusters.updategkeonprem.vmwareNodePools.creategkeonprem.vmwareNodePools.deletegkeonprem.vmwareNodePools.getgkeonprem.vmwareNodePools.getIamPolicygkeonprem.vmwareNodePools.listgkeonprem.vmwareNodePools.setIamPolicygkeonprem.vmwareNodePools.update |
| Memorystore for Memcached | Added |
memcache.instances.rescheduleMaintenance |
| Memorystore for Memcached | Supported In Custom Roles |
memcache.instances.rescheduleMaintenance |
| Memorystore for Memcached | Now GA |
memcache.instances.rescheduleMaintenance |
| Recommender | Now GA |
recommender.errorReportingInsights.getrecommender.errorReportingInsights.listrecommender.errorReportingInsights.updaterecommender.errorReportingRecommendations.getrecommender.errorReportingRecommendations.listrecommender.errorReportingRecommendations.update |
| Resource Manager | Added |
resourcemanager.tagHolds.createresourcemanager.tagHolds.deleteresourcemanager.tagHolds.list |
| Resource Manager | Supported In Custom Roles |
resourcemanager.tagHolds.createresourcemanager.tagHolds.deleteresourcemanager.tagHolds.list |
Cloud IAM changes as of 2022-04-01
| Service | Change | Description |
|---|---|---|
| Apigee | Role Updated |
The following permissions have been added to the role monitoring.timeSeries.list |
| Apigee | Role Updated |
The following permissions have been added to the role monitoring.timeSeries.list |
| Bare Metal Solution | Role Updated |
The following permissions have been added to the role baremetalsolution.luns.getbaremetalsolution.luns.list |
| Bare Metal Solution | Role Updated |
The following permissions have been added to the role baremetalsolution.luns.getbaremetalsolution.luns.list |
| Bare Metal Solution | Role Updated |
The following permissions have been added to the role baremetalsolution.luns.getbaremetalsolution.luns.list |
| Dataflow | Role Updated |
The following permissions have been added to the role recommender.dataflowDiagnosticsInsights.getrecommender.dataflowDiagnosticsInsights.listrecommender.dataflowDiagnosticsInsights.update |
| Dataflow | Role Updated |
The following permissions have been added to the role recommender.dataflowDiagnosticsInsights.getrecommender.dataflowDiagnosticsInsights.listrecommender.dataflowDiagnosticsInsights.update |
| Dataflow | Role Updated |
The following permissions have been added to the role recommender.dataflowDiagnosticsInsights.getrecommender.dataflowDiagnosticsInsights.list |
| Data Pipelines | Role Updated |
The following permissions have been added to the role recommender.dataflowDiagnosticsInsights.getrecommender.dataflowDiagnosticsInsights.listrecommender.dataflowDiagnosticsInsights.update |
| Dataprep by Trifacta | Role Updated |
The following permissions have been added to the role recommender.dataflowDiagnosticsInsights.getrecommender.dataflowDiagnosticsInsights.listrecommender.dataflowDiagnosticsInsights.update |
| Filestore | Added |
file.backups.createTagBindingfile.backups.deleteTagBindingfile.backups.listTagBindingsfile.instances.createTagBindingfile.instances.deleteTagBindingfile.instances.listTagBindingsfile.snapshots.createTagBindingfile.snapshots.deleteTagBindingfile.snapshots.listTagBindings |
| GKE Hub | Available In Custom Roles |
gkehub.features.creategkehub.features.deletegkehub.features.getgkehub.features.getIamPolicygkehub.features.listgkehub.features.setIamPolicygkehub.features.update |
| Notebooks | Added |
notebooks.runtimes.update |
| Notebooks | Now GA |
notebooks.runtimes.update |
Cloud IAM changes as of 2022-03-25
| Service | Change | Description |
|---|---|---|
| Recommendations AI | Role Updated |
The following permissions have been added to the role retail.retailProjects.get |
| Recommendations AI | Role Updated |
The following permissions have been added to the role retail.retailProjects.get |
| Recommendations AI | Role Updated |
The following permissions have been added to the role retail.retailProjects.get |
| Recommendations AI | Role Updated |
The following permissions have been added to the role retail.retailProjects.get |
| Firewall Insights | Role Updated |
The following permissions have been added to the role compute.networks.getEffectiveFirewalls |
| Cloud Run | Role Updated |
The following permissions have been added to the role binaryauthorization.platformPolicies.evaluatePolicy |
| Cloud Run | Role Updated |
The following permissions have been added to the role binaryauthorization.platformPolicies.evaluatePolicy |
| Advisory Notifications | Added |
advisorynotifications.notifications.getadvisorynotifications.notifications.list |
| Analytics Hub | Added |
analyticshub.dataExchanges.createanalyticshub.dataExchanges.deleteanalyticshub.dataExchanges.getanalyticshub.dataExchanges.getIamPolicyanalyticshub.dataExchanges.listanalyticshub.dataExchanges.setIamPolicyanalyticshub.dataExchanges.updateanalyticshub.listings.createanalyticshub.listings.deleteanalyticshub.listings.getanalyticshub.listings.getIamPolicyanalyticshub.listings.listanalyticshub.listings.setIamPolicyanalyticshub.listings.subscribeanalyticshub.listings.update |
| Analytics Hub | Supported In Custom Roles |
analyticshub.dataExchanges.createanalyticshub.dataExchanges.deleteanalyticshub.dataExchanges.getanalyticshub.dataExchanges.getIamPolicyanalyticshub.dataExchanges.listanalyticshub.dataExchanges.setIamPolicyanalyticshub.dataExchanges.updateanalyticshub.listings.createanalyticshub.listings.deleteanalyticshub.listings.getanalyticshub.listings.getIamPolicyanalyticshub.listings.listanalyticshub.listings.setIamPolicyanalyticshub.listings.subscribeanalyticshub.listings.update |
| Apigee | Added |
apigee.keyvaluemapentries.list |
| Apigee | Supported In Custom Roles |
apigee.keyvaluemapentries.list |
| Apigee | Now GA |
apigee.keyvaluemapentries.list |
| Artifact Registry | Added |
artifactregistry.repositories.createTagBindingartifactregistry.repositories.deleteTagBindingartifactregistry.repositories.listEffectiveTagsartifactregistry.repositories.listTagBindings |
| Artifact Registry | Supported In Custom Roles |
artifactregistry.repositories.createTagBindingartifactregistry.repositories.deleteTagBindingartifactregistry.repositories.listEffectiveTagsartifactregistry.repositories.listTagBindings |
| Artifact Registry | Now GA |
artifactregistry.repositories.createTagBindingartifactregistry.repositories.deleteTagBindingartifactregistry.repositories.listEffectiveTagsartifactregistry.repositories.listTagBindings |
| BigQuery | Added |
bigquery.tables.createIndexbigquery.tables.deleteIndex |
| BigQuery | Supported In Custom Roles |
bigquery.tables.createIndexbigquery.tables.deleteIndex |
| Compute Engine | Added |
compute.backendBuckets.setSecurityPolicy |
| Compute Engine | Now GA |
compute.backendBuckets.setSecurityPolicy |
| Datastore | Supported In Custom Roles |
datastore.databases.createdatastore.databases.getMetadatadatastore.databases.listdatastore.databases.update |
| Cloud Domains | Added |
domains.registrations.createTagBindingdomains.registrations.deleteTagBindingdomains.registrations.listTagBindings |
| Cloud Domains | Now GA |
domains.registrations.createTagBindingdomains.registrations.deleteTagBindingdomains.registrations.listTagBindings |
| Retail API | Added |
retail.retailProjects.get |
| Cloud Run | Added |
run.services.createTagBindingrun.services.deleteTagBindingrun.services.listEffectiveTagsrun.services.listTagBindings |
| Cloud Run | Supported In Custom Roles |
run.services.createTagBindingrun.services.deleteTagBindingrun.services.listEffectiveTagsrun.services.listTagBindings |
| Cloud Run | Now GA |
run.services.createTagBindingrun.services.deleteTagBindingrun.services.listEffectiveTagsrun.services.listTagBindings |
Cloud IAM changes as of 2022-03-18
| Service | Change | Description |
|---|---|---|
| Assured Workloads | Role Updated |
The following permissions have been added to the role assuredworkloads.violations.getassuredworkloads.violations.list |
| Assured Workloads | Role Updated |
The following permissions have been added to the role assuredworkloads.violations.getassuredworkloads.violations.list |
| Assured Workloads | Role Updated |
The following permissions have been added to the role assuredworkloads.violations.getassuredworkloads.violations.list |
| Bare Metal Solution | Now GA |
The role |
| Bare Metal Solution | Now GA |
The role |
| Bare Metal Solution | Now GA |
The role |
| Bare Metal Solution | Now GA |
The role |
| Bare Metal Solution | Now GA |
The role |
| Bare Metal Solution | Now GA |
The role |
| Bare Metal Solution | Now GA |
The role |
| Bare Metal Solution | Now GA |
The role |
| Bare Metal Solution | Role Updated |
The following permissions have been added to the role baremetalsolution.instances.start |
| Basic Role | Role Updated |
The following permissions have been added to the role assuredworkloads.violations.getassuredworkloads.violations.list |
| Identity and Access Management | Role Updated |
The following permissions have been added to the role assuredworkloads.violations.list |
| Identity and Access Management | Role Updated |
The following permissions have been added to the role assuredworkloads.violations.list |
| Basic Role | Role Updated |
The following permissions have been added to the role assuredworkloads.violations.getassuredworkloads.violations.list |
| Recommender | Now GA |
The role |
| Recommender | Now GA |
The role |
| Basic Role | Role Updated |
The following permissions have been added to the role assuredworkloads.violations.getassuredworkloads.violations.list |
| Assured Workloads | Added |
assuredworkloads.violations.getassuredworkloads.violations.list |
| Bare Metal Solution | Added |
baremetalsolution.instances.startbaremetalsolution.instances.updatebaremetalsolution.networks.updatebaremetalsolution.nfsshares.getbaremetalsolution.nfsshares.listbaremetalsolution.nfsshares.update |
| Bare Metal Solution | Supported In Custom Roles |
baremetalsolution.instances.startbaremetalsolution.instances.updatebaremetalsolution.networks.updatebaremetalsolution.nfsshares.getbaremetalsolution.nfsshares.listbaremetalsolution.nfsshares.update |
| Bare Metal Solution | Now GA |
baremetalsolution.instances.startbaremetalsolution.instances.updatebaremetalsolution.networks.updatebaremetalsolution.nfsshares.getbaremetalsolution.nfsshares.listbaremetalsolution.nfsshares.update |
| Recommender | Added |
recommender.dataflowDiagnosticsInsights.getrecommender.dataflowDiagnosticsInsights.listrecommender.dataflowDiagnosticsInsights.updaterecommender.errorReportingInsights.getrecommender.errorReportingInsights.listrecommender.errorReportingInsights.updaterecommender.errorReportingRecommendations.getrecommender.errorReportingRecommendations.listrecommender.errorReportingRecommendations.update |
| Recommender | Supported In Custom Roles |
recommender.dataflowDiagnosticsInsights.getrecommender.dataflowDiagnosticsInsights.listrecommender.dataflowDiagnosticsInsights.updaterecommender.errorReportingInsights.getrecommender.errorReportingInsights.listrecommender.errorReportingInsights.updaterecommender.errorReportingRecommendations.getrecommender.errorReportingRecommendations.listrecommender.errorReportingRecommendations.update |
| Recommender | Now GA |
recommender.dataflowDiagnosticsInsights.getrecommender.dataflowDiagnosticsInsights.listrecommender.dataflowDiagnosticsInsights.update |
Cloud IAM changes as of 2022-03-11
| Service | Change | Description |
|---|---|---|
| App Engine flexible environment | Role Updated |
The following permissions have been added to the role compute.routes.list |
| Edge Container | Now GA |
The role |
| Edge Container | Now GA |
The role |
| Edge Container | Now GA |
The role |
| Basic Role | Role Updated |
The following permissions have been added to the role servicedirectory.networks.attach |
| Backup for GKE | Now GA |
The role |
| Basic Role | Role Updated |
The following permissions have been added to the role servicedirectory.networks.attach |
| Retail API | Role Updated |
The following permissions have been added to the role retail.attributesConfigs.exportCatalogAttributesretail.controls.export |
| Basic Role | Role Updated |
The following permissions have been added to the role retail.attributesConfigs.exportCatalogAttributesretail.controls.export |
| Edge Container | Added |
edgecontainer.clusters.createedgecontainer.clusters.deleteedgecontainer.clusters.generateAccessTokenedgecontainer.clusters.getedgecontainer.clusters.getIamPolicyedgecontainer.clusters.listedgecontainer.clusters.setIamPolicyedgecontainer.clusters.updateedgecontainer.locations.getedgecontainer.locations.listedgecontainer.machines.createedgecontainer.machines.deleteedgecontainer.machines.getedgecontainer.machines.getIamPolicyedgecontainer.machines.listedgecontainer.machines.setIamPolicyedgecontainer.machines.updateedgecontainer.machines.useedgecontainer.nodePools.createedgecontainer.nodePools.deleteedgecontainer.nodePools.getedgecontainer.nodePools.getIamPolicyedgecontainer.nodePools.listedgecontainer.nodePools.setIamPolicyedgecontainer.nodePools.updateedgecontainer.operations.canceledgecontainer.operations.deleteedgecontainer.operations.getedgecontainer.operations.listedgecontainer.vpnConnections.createedgecontainer.vpnConnections.deleteedgecontainer.vpnConnections.getedgecontainer.vpnConnections.getIamPolicyedgecontainer.vpnConnections.listedgecontainer.vpnConnections.setIamPolicyedgecontainer.vpnConnections.update |
| Edge Container | Supported In Custom Roles |
edgecontainer.clusters.createedgecontainer.clusters.deleteedgecontainer.clusters.generateAccessTokenedgecontainer.clusters.getedgecontainer.clusters.getIamPolicyedgecontainer.clusters.listedgecontainer.clusters.setIamPolicyedgecontainer.clusters.updateedgecontainer.locations.getedgecontainer.locations.listedgecontainer.machines.createedgecontainer.machines.deleteedgecontainer.machines.getedgecontainer.machines.getIamPolicyedgecontainer.machines.listedgecontainer.machines.setIamPolicyedgecontainer.machines.updateedgecontainer.machines.useedgecontainer.nodePools.createedgecontainer.nodePools.deleteedgecontainer.nodePools.getedgecontainer.nodePools.getIamPolicyedgecontainer.nodePools.listedgecontainer.nodePools.setIamPolicyedgecontainer.nodePools.updateedgecontainer.operations.canceledgecontainer.operations.deleteedgecontainer.operations.getedgecontainer.operations.listedgecontainer.vpnConnections.createedgecontainer.vpnConnections.deleteedgecontainer.vpnConnections.getedgecontainer.vpnConnections.getIamPolicyedgecontainer.vpnConnections.listedgecontainer.vpnConnections.setIamPolicyedgecontainer.vpnConnections.update |
| Edge Container | Now GA |
edgecontainer.clusters.createedgecontainer.clusters.deleteedgecontainer.clusters.generateAccessTokenedgecontainer.clusters.getedgecontainer.clusters.getIamPolicyedgecontainer.clusters.listedgecontainer.clusters.setIamPolicyedgecontainer.clusters.updateedgecontainer.locations.getedgecontainer.locations.listedgecontainer.machines.createedgecontainer.machines.deleteedgecontainer.machines.getedgecontainer.machines.getIamPolicyedgecontainer.machines.listedgecontainer.machines.setIamPolicyedgecontainer.machines.updateedgecontainer.machines.useedgecontainer.nodePools.createedgecontainer.nodePools.deleteedgecontainer.nodePools.getedgecontainer.nodePools.getIamPolicyedgecontainer.nodePools.listedgecontainer.nodePools.setIamPolicyedgecontainer.nodePools.updateedgecontainer.operations.canceledgecontainer.operations.deleteedgecontainer.operations.getedgecontainer.operations.listedgecontainer.vpnConnections.createedgecontainer.vpnConnections.deleteedgecontainer.vpnConnections.getedgecontainer.vpnConnections.getIamPolicyedgecontainer.vpnConnections.listedgecontainer.vpnConnections.setIamPolicyedgecontainer.vpnConnections.update |
| Retail API | Added |
retail.attributesConfigs.addCatalogAttributeretail.attributesConfigs.batchRemoveCatalogAttributesretail.attributesConfigs.exportCatalogAttributesretail.attributesConfigs.importCatalogAttributesretail.attributesConfigs.removeCatalogAttributeretail.attributesConfigs.replaceCatalogAttributeretail.controls.exportretail.controls.import |
| Storage Transfer Service | Added |
storagetransfer.agentpools.reportstoragetransfer.operations.assignstoragetransfer.operations.report |
| Storage Transfer Service | Now GA |
storagetransfer.agentpools.reportstoragetransfer.operations.assignstoragetransfer.operations.report |
Cloud IAM changes as of 2022-03-04
| Service | Change | Description |
|---|---|---|
| Apigee | Role Updated |
The following permissions have been added to the role apigee.envgroupattachments.getapigee.envgroupattachments.listapigee.envgroups.getapigee.envgroups.listapigee.environments.getapigee.environments.listapigee.organizations.getapigee.organizations.listresourcemanager.projects.getresourcemanager.projects.list |
| Apigee | Role Updated |
The following permissions have been added to the role apigee.envgroupattachments.getapigee.envgroupattachments.listapigee.envgroups.getapigee.envgroups.listapigee.environments.getapigee.environments.listapigee.organizations.getapigee.organizations.listresourcemanager.projects.getresourcemanager.projects.list |
| Dataplex | Role Updated |
The following permissions have been added to the role dataplex.operations.canceldataplex.operations.deletedataplex.operations.getdataplex.operations.list |
| Dataplex | Role Updated |
The following permissions have been added to the role dataplex.operations.getdataplex.operations.list |
| Firebase | Role Updated |
The following permissions have been added to the role storage.buckets.list |
| FleetEngine | Now GA |
The role |
| FleetEngine | Now GA |
The role |
| FleetEngine | Now GA |
The role |
| FleetEngine | Now GA |
The role |
| FleetEngine | Now GA |
The role |
| Identity and Access Management | Now GA |
The role |
| Managed Service for Microsoft Active Directory | Now GA |
The role |
| Notebooks | Role Updated |
The following permissions have been added to the role iam.serviceAccounts.getAccessToken |
| AI Platform | Added |
aiplatform.deploymentResourcePools.createaiplatform.deploymentResourcePools.deleteaiplatform.deploymentResourcePools.getaiplatform.deploymentResourcePools.listaiplatform.deploymentResourcePools.queryDeployedModelsaiplatform.deploymentResourcePools.update |
| BigQuery | Added |
bigquery.connections.delegatebigquery.jobs.listExecutionMetadata |
| BigQuery | Supported In Custom Roles |
bigquery.connections.delegatebigquery.jobs.listExecutionMetadata |
| Cloud Key Management Service | Now GA |
cloudkms.ekmConnections.createcloudkms.ekmConnections.getcloudkms.ekmConnections.getIamPolicycloudkms.ekmConnections.listcloudkms.ekmConnections.setIamPolicycloudkms.ekmConnections.updatecloudkms.ekmConnections.use |
| FleetEngine | Added |
fleetengine.deliveryvehicles.createfleetengine.deliveryvehicles.getfleetengine.deliveryvehicles.listfleetengine.deliveryvehicles.updatefleetengine.deliveryvehicles.updateLocationfleetengine.deliveryvehicles.updateVehicleStopsfleetengine.tasks.createfleetengine.tasks.getfleetengine.tasks.listfleetengine.tasks.searchWithTrackingIdfleetengine.tasks.update |
| FleetEngine | Supported In Custom Roles |
fleetengine.deliveryvehicles.createfleetengine.deliveryvehicles.getfleetengine.deliveryvehicles.listfleetengine.deliveryvehicles.updatefleetengine.deliveryvehicles.updateLocationfleetengine.deliveryvehicles.updateVehicleStopsfleetengine.tasks.createfleetengine.tasks.getfleetengine.tasks.listfleetengine.tasks.searchWithTrackingIdfleetengine.tasks.update |
| FleetEngine | Now GA |
fleetengine.deliveryvehicles.createfleetengine.deliveryvehicles.getfleetengine.deliveryvehicles.listfleetengine.deliveryvehicles.updatefleetengine.deliveryvehicles.updateLocationfleetengine.deliveryvehicles.updateVehicleStopsfleetengine.tasks.createfleetengine.tasks.getfleetengine.tasks.listfleetengine.tasks.searchWithTrackingIdfleetengine.tasks.update |
Cloud IAM changes as of 2022-02-25
| Service | Change | Description |
|---|---|---|
| Dataform | Now GA |
The role |
| Firestore | Role Updated |
The following permissions have been added to the role storage.objects.delete |
| KRM API Hosting | Now GA |
The role |
| KRM API Hosting | Now GA |
The role |
| Managed Service for Microsoft Active Directory | Now GA |
The role |
| Managed Service for Microsoft Active Directory | Now GA |
The role |
| Dataform | Now GA |
The role |
| Dialogflow | Added |
dialogflow.integrations.createdialogflow.integrations.deletedialogflow.integrations.getdialogflow.integrations.listdialogflow.integrations.update |
| Dialogflow | Now GA |
dialogflow.integrations.createdialogflow.integrations.deletedialogflow.integrations.getdialogflow.integrations.listdialogflow.integrations.update |
| Cloud Data Loss Prevention | Added |
dlp.locations.getdlp.locations.list |
| Cloud Data Loss Prevention | Supported In Custom Roles |
dlp.locations.getdlp.locations.list |
| Cloud Data Loss Prevention | Now GA |
dlp.locations.getdlp.locations.list |
| Eventarc | Added |
eventarc.providers.geteventarc.providers.list |
| Eventarc | Supported In Custom Roles |
eventarc.providers.geteventarc.providers.list |
| Eventarc | Now GA |
eventarc.providers.geteventarc.providers.list |
| KRM API Hosting | Now GA |
krmapihosting.krmApiHosts.createkrmapihosting.krmApiHosts.deletekrmapihosting.krmApiHosts.getkrmapihosting.krmApiHosts.getIamPolicykrmapihosting.krmApiHosts.listkrmapihosting.krmApiHosts.setIamPolicykrmapihosting.krmApiHosts.updatekrmapihosting.locations.getkrmapihosting.locations.listkrmapihosting.operations.cancelkrmapihosting.operations.deletekrmapihosting.operations.getkrmapihosting.operations.list |
| Managed Service for Microsoft Active Directory | Added |
managedidentities.backups.createmanagedidentities.backups.deletemanagedidentities.backups.getmanagedidentities.backups.getIamPolicymanagedidentities.backups.listmanagedidentities.backups.setIamPolicymanagedidentities.backups.updatemanagedidentities.domains.createTagBindingmanagedidentities.domains.deleteTagBindingmanagedidentities.domains.listTagBindingsmanagedidentities.domains.restore |
| Managed Service for Microsoft Active Directory | Supported In Custom Roles |
managedidentities.backups.createmanagedidentities.backups.deletemanagedidentities.backups.getmanagedidentities.backups.getIamPolicymanagedidentities.backups.listmanagedidentities.backups.setIamPolicymanagedidentities.backups.updatemanagedidentities.domains.restore |
| Managed Service for Microsoft Active Directory | Now GA |
managedidentities.backups.createmanagedidentities.backups.deletemanagedidentities.backups.getmanagedidentities.backups.getIamPolicymanagedidentities.backups.listmanagedidentities.backups.setIamPolicymanagedidentities.backups.updatemanagedidentities.domains.createTagBindingmanagedidentities.domains.deleteTagBindingmanagedidentities.domains.listTagBindingsmanagedidentities.domains.restore |
Cloud IAM changes as of 2022-02-18
| Service | Change | Description |
|---|---|---|
| Datastore | Role Updated |
The following permissions have been added to the role datastore.databases.getMetadata |
| Datastore | Role Updated |
The following permissions have been added to the role datastore.databases.getMetadata |
| Datastore | Role Updated |
The following permissions have been added to the role datastore.databases.getMetadata |
| Firebase Mods | Role Updated |
The following permissions have been added to the role appengine.applications.getcloudtasks.locations.getcloudtasks.locations.listcloudtasks.queues.createcloudtasks.queues.deletecloudtasks.queues.getcloudtasks.queues.getIamPolicycloudtasks.queues.listcloudtasks.queues.pausecloudtasks.queues.purgecloudtasks.queues.resumecloudtasks.queues.setIamPolicycloudtasks.queues.updatecloudtasks.tasks.createcloudtasks.tasks.fullView |
| GKE Hub | Role Updated |
The following permissions have been added to the role gkehub.fleet.creategkehub.fleet.get |
| Binary Authorization | Added |
binaryauthorization.platformPolicies.createbinaryauthorization.platformPolicies.deletebinaryauthorization.platformPolicies.evaluatePolicybinaryauthorization.platformPolicies.getbinaryauthorization.platformPolicies.listbinaryauthorization.platformPolicies.replacebinaryauthorization.policy.evaluatePolicy |
| Binary Authorization | Supported In Custom Roles |
binaryauthorization.platformPolicies.createbinaryauthorization.platformPolicies.deletebinaryauthorization.platformPolicies.evaluatePolicybinaryauthorization.platformPolicies.getbinaryauthorization.platformPolicies.listbinaryauthorization.platformPolicies.replacebinaryauthorization.policy.evaluatePolicy |
| Compute Engine | Added |
compute.networks.getRegionEffectiveFirewallscompute.networks.setFirewallPolicycompute.regionFirewallPolicies.cloneRulescompute.regionFirewallPolicies.createcompute.regionFirewallPolicies.deletecompute.regionFirewallPolicies.getcompute.regionFirewallPolicies.getIamPolicycompute.regionFirewallPolicies.listcompute.regionFirewallPolicies.setIamPolicycompute.regionFirewallPolicies.updatecompute.regionFirewallPolicies.use |
| Compute Engine | Now GA |
compute.networks.getRegionEffectiveFirewallscompute.networks.setFirewallPolicycompute.regionFirewallPolicies.cloneRulescompute.regionFirewallPolicies.createcompute.regionFirewallPolicies.deletecompute.regionFirewallPolicies.getcompute.regionFirewallPolicies.getIamPolicycompute.regionFirewallPolicies.listcompute.regionFirewallPolicies.setIamPolicycompute.regionFirewallPolicies.updatecompute.regionFirewallPolicies.use |
| KRM API Hosting | Added |
krmapihosting.krmApiHosts.createkrmapihosting.krmApiHosts.deletekrmapihosting.krmApiHosts.getkrmapihosting.krmApiHosts.getIamPolicykrmapihosting.krmApiHosts.listkrmapihosting.krmApiHosts.setIamPolicykrmapihosting.krmApiHosts.updatekrmapihosting.locations.getkrmapihosting.locations.listkrmapihosting.operations.cancelkrmapihosting.operations.deletekrmapihosting.operations.getkrmapihosting.operations.list |
| KRM API Hosting | Supported In Custom Roles |
krmapihosting.krmApiHosts.createkrmapihosting.krmApiHosts.deletekrmapihosting.krmApiHosts.getkrmapihosting.krmApiHosts.getIamPolicykrmapihosting.krmApiHosts.listkrmapihosting.krmApiHosts.setIamPolicykrmapihosting.krmApiHosts.updatekrmapihosting.locations.getkrmapihosting.locations.listkrmapihosting.operations.cancelkrmapihosting.operations.deletekrmapihosting.operations.getkrmapihosting.operations.list |
| Cloud OS Config | Added |
osconfig.patchDeployments.pauseosconfig.patchDeployments.resume |
| Cloud OS Config | Now GA |
osconfig.patchDeployments.pauseosconfig.patchDeployments.resume |
| Service Networking | Added |
servicenetworking.services.use |
Cloud IAM changes as of 2022-02-11
| Service | Change | Description |
|---|---|---|
| AI Platform | Role Added |
The role aiplatform.googleapis.com/tensorboards.recordAccessaiplatform.tensorboards.recordAccess |
| AI Platform | Role Updated |
The following permissions have been added to the role aiplatform.tensorboards.recordAccess |
| App Engine flexible environment | Role Updated |
The following permissions have been added to the role compute.routes.getcompute.subnetworks.get |
| Binary Authorization | Role Updated |
The following permissions have been added to the role cloudasset.assets.exportResource |
| Firebase | Role Updated |
The following permissions have been added to the role datastore.databases.getMetadata |
| Firebase | Role Updated |
The following permissions have been added to the role serviceusage.services.use |
| Firebase | Role Updated |
The following permissions have been added to the role datastore.databases.getMetadata |
| Notebooks | Role Updated |
The following permissions have been added to the role dataproc.clusters.use |
| Recommender | Role Updated |
The following permissions have been added to the role monitoring.timeSeries.list |
| Recommender | Role Updated |
The following permissions have been added to the role monitoring.timeSeries.list |
| Security Command Center | Now GA |
The role |
| Security Command Center | Now GA |
The role |
| Visual Inspection AI | Role Updated |
The following permissions have been added to the role aiplatform.tensorboards.recordAccess |
| AI Platform | Added |
aiplatform.tensorboards.recordAccess |
| Cloud Healthcare API | Added |
healthcare.nlpservice.analyzeEntities |
| Cloud Healthcare API | Now GA |
healthcare.nlpservice.analyzeEntities |
| Dataproc Metastore | Added |
metastore.services.use |
| Dataproc Metastore | Supported In Custom Roles |
metastore.services.use |
| Security Command Center | Added |
securitycenter.bigQueryExports.createsecuritycenter.bigQueryExports.deletesecuritycenter.bigQueryExports.getsecuritycenter.bigQueryExports.listsecuritycenter.bigQueryExports.update |
| Security Command Center | Supported In Custom Roles |
securitycenter.bigQueryExports.createsecuritycenter.bigQueryExports.deletesecuritycenter.bigQueryExports.getsecuritycenter.bigQueryExports.listsecuritycenter.bigQueryExports.update |
| Security Command Center | Now GA |
securitycenter.bigQueryExports.createsecuritycenter.bigQueryExports.deletesecuritycenter.bigQueryExports.getsecuritycenter.bigQueryExports.listsecuritycenter.bigQueryExports.update |
| Cloud TPU | Added |
tpu.nodes.update |
| Cloud TPU | Supported In Custom Roles |
tpu.nodes.update |
| Cloud TPU | Now GA |
tpu.nodes.update |
Cloud IAM changes as of 2022-01-28
| Service | Change | Description |
|---|---|---|
| Cloud Composer | Role Updated |
The following permissions have been added to the role storage.multipartUploads.abortstorage.multipartUploads.createstorage.multipartUploads.liststorage.multipartUploads.listParts |
| Cloud Composer | Role Updated |
The following permissions have been added to the role storage.multipartUploads.abortstorage.multipartUploads.createstorage.multipartUploads.liststorage.multipartUploads.listParts |
| Dataplex | Now GA |
The role |
| Dataprep by Trifacta | Role Updated |
The following permissions have been added to the role storage.multipartUploads.abortstorage.multipartUploads.createstorage.multipartUploads.liststorage.multipartUploads.listParts |
| Basic Role | Role Updated |
The following permissions have been added to the role bigquery.config.update |
| Firebase | Role Updated |
The following permissions have been added to the role storage.multipartUploads.abortstorage.multipartUploads.createstorage.multipartUploads.liststorage.multipartUploads.listParts |
| Notebooks | Role Updated |
The following permissions have been added to the role dataproc.clusters.getdataproc.jobs.canceldataproc.jobs.createdataproc.jobs.deletedataproc.jobs.getdataproc.jobs.listdataproc.jobs.update |
| Cloud Storage | Role Updated |
The following permissions have been added to the role storage.multipartUploads.abortstorage.multipartUploads.createstorage.multipartUploads.liststorage.multipartUploads.listParts |
| Data Pipelines | Added |
datapipelines.jobs.list |
| Data Pipelines | Supported In Custom Roles |
datapipelines.jobs.list |
| Data Pipelines | Now GA |
datapipelines.jobs.list |
| Dataproc | Added |
dataproc.batches.canceldataproc.batches.createdataproc.batches.deletedataproc.batches.getdataproc.batches.list |
| Dataproc | Supported In Custom Roles |
dataproc.batches.canceldataproc.batches.createdataproc.batches.deletedataproc.batches.getdataproc.batches.list |
| Dataproc | Now GA |
dataproc.batches.canceldataproc.batches.createdataproc.batches.deletedataproc.batches.getdataproc.batches.list |
| Identity and Access Management | Supported In Custom Roles |
iam.denypolicies.getiam.denypolicies.list |
| Dataproc Metastore | Added |
metastore.databases.createmetastore.databases.deletemetastore.databases.getmetastore.databases.getIamPolicymetastore.databases.listmetastore.databases.setIamPolicymetastore.databases.updatemetastore.tables.createmetastore.tables.deletemetastore.tables.getmetastore.tables.getIamPolicymetastore.tables.listmetastore.tables.setIamPolicymetastore.tables.update |
| Dataproc Metastore | Supported In Custom Roles |
metastore.databases.createmetastore.databases.deletemetastore.databases.getmetastore.databases.getIamPolicymetastore.databases.listmetastore.databases.setIamPolicymetastore.databases.updatemetastore.tables.createmetastore.tables.deletemetastore.tables.getmetastore.tables.getIamPolicymetastore.tables.listmetastore.tables.setIamPolicymetastore.tables.update |
| Workflows | Added |
workflows.callbacks.send |
| Workflows | Supported In Custom Roles |
workflows.callbacks.send |
| Workflows | Now GA |
workflows.callbacks.send |
Cloud IAM changes as of 2022-01-14
| Service | Change | Description |
|---|---|---|
| Data Catalog | Now GA |
The role |
| Data Catalog | Now GA |
The role |
| Dataplex | Now GA |
The role |
| Dataplex | Now GA |
The role |
| Dataplex | Now GA |
The role |
| Dataplex | Now GA |
The role |
| Dataplex | Now GA |
The role |
| Dataplex | Now GA |
The role |
| Dataplex | Now GA |
The role |
| Dataplex | Now GA |
The role |
| Dataplex | Now GA |
The role |
| Dataplex | Now GA |
The role |
| Dataplex | Now GA |
The role |
| Dataplex | Now GA |
The role |
| Dialogflow | Role Updated |
The following permissions have been added to the role speech.customClasses.getspeech.customClasses.listspeech.phraseSets.getspeech.phraseSets.list |
| Firebase Mods | Role Updated |
The following permissions have been added to the role artifactregistry.packages.delete |
| Cloud OS Config | Now GA |
The role |
| Cloud OS Config | Now GA |
The role |
| Cloud OS Config | Now GA |
The role |
| Cloud OS Config | Now GA |
The role |
| Recommender | Now GA |
The role |
| Recommender | Now GA |
The role |
| Security Command Center | Role Updated |
The following permissions have been added to the role compute.instances.get |
| Cloud Functions | Added |
cloudfunctions.runtimes.list |
| Cloud Functions | Now GA |
cloudfunctions.runtimes.list |
| Cloud Key Management Service | Added |
cloudkms.ekmConnections.createcloudkms.ekmConnections.getcloudkms.ekmConnections.getIamPolicycloudkms.ekmConnections.listcloudkms.ekmConnections.setIamPolicycloudkms.ekmConnections.updatecloudkms.ekmConnections.use |
| Data Catalog | Supported In Custom Roles |
datacatalog.categories.fineGrainedGetdatacatalog.categories.getIamPolicydatacatalog.categories.setIamPolicydatacatalog.taxonomies.createdatacatalog.taxonomies.deletedatacatalog.taxonomies.getdatacatalog.taxonomies.getIamPolicydatacatalog.taxonomies.listdatacatalog.taxonomies.setIamPolicydatacatalog.taxonomies.update |
| Data Catalog | Now GA |
datacatalog.categories.fineGrainedGetdatacatalog.categories.getIamPolicydatacatalog.categories.setIamPolicydatacatalog.taxonomies.createdatacatalog.taxonomies.deletedatacatalog.taxonomies.getdatacatalog.taxonomies.getIamPolicydatacatalog.taxonomies.listdatacatalog.taxonomies.setIamPolicydatacatalog.taxonomies.update |
| Dataflow | Supported In Custom Roles |
dataflow.shuffle.readdataflow.shuffle.writedataflow.streamingWorkItems.commitWorkdataflow.streamingWorkItems.getDatadataflow.streamingWorkItems.getWorkdataflow.workItems.leasedataflow.workItems.sendMessagedataflow.workItems.update |
| Dataflow | Now GA |
dataflow.shuffle.readdataflow.shuffle.writedataflow.streamingWorkItems.commitWorkdataflow.streamingWorkItems.getDatadataflow.streamingWorkItems.getWorkdataflow.workItems.leasedataflow.workItems.sendMessagedataflow.workItems.update |
| Dataplex | Added |
dataplex.assetActions.listdataplex.assets.createdataplex.assets.deletedataplex.assets.getdataplex.assets.getIamPolicydataplex.assets.listdataplex.assets.ownDatadataplex.assets.readDatadataplex.assets.setIamPolicydataplex.assets.updatedataplex.assets.writeDatadataplex.content.createdataplex.content.deletedataplex.content.getdataplex.content.getIamPolicydataplex.content.listdataplex.content.setIamPolicydataplex.content.updatedataplex.entities.createdataplex.entities.deletedataplex.entities.getdataplex.entities.listdataplex.entities.updatedataplex.environments.createdataplex.environments.deletedataplex.environments.executedataplex.environments.getdataplex.environments.getIamPolicydataplex.environments.listdataplex.environments.setIamPolicydataplex.environments.updatedataplex.lakeActions.listdataplex.lakes.createdataplex.lakes.deletedataplex.lakes.getdataplex.lakes.getIamPolicydataplex.lakes.listdataplex.lakes.setIamPolicydataplex.lakes.updatedataplex.locations.getdataplex.locations.listdataplex.operations.canceldataplex.operations.deletedataplex.operations.getdataplex.operations.listdataplex.partitions.createdataplex.partitions.deletedataplex.partitions.getdataplex.partitions.listdataplex.partitions.updatedataplex.tasks.canceldataplex.tasks.createdataplex.tasks.deletedataplex.tasks.getdataplex.tasks.getIamPolicydataplex.tasks.listdataplex.tasks.setIamPolicydataplex.tasks.updatedataplex.zoneActions.listdataplex.zones.createdataplex.zones.deletedataplex.zones.getdataplex.zones.getIamPolicydataplex.zones.listdataplex.zones.setIamPolicydataplex.zones.update |
| Dataplex | Supported In Custom Roles |
dataplex.assetActions.listdataplex.assets.createdataplex.assets.deletedataplex.assets.getdataplex.assets.getIamPolicydataplex.assets.listdataplex.assets.setIamPolicydataplex.assets.updatedataplex.content.createdataplex.content.deletedataplex.content.getdataplex.content.getIamPolicydataplex.content.listdataplex.content.setIamPolicydataplex.content.updatedataplex.entities.createdataplex.entities.deletedataplex.entities.getdataplex.entities.listdataplex.entities.updatedataplex.environments.createdataplex.environments.deletedataplex.environments.executedataplex.environments.getdataplex.environments.getIamPolicydataplex.environments.listdataplex.environments.setIamPolicydataplex.environments.updatedataplex.lakeActions.listdataplex.lakes.createdataplex.lakes.deletedataplex.lakes.getdataplex.lakes.getIamPolicydataplex.lakes.listdataplex.lakes.setIamPolicydataplex.lakes.updatedataplex.locations.getdataplex.locations.listdataplex.operations.canceldataplex.operations.deletedataplex.operations.getdataplex.operations.listdataplex.partitions.createdataplex.partitions.deletedataplex.partitions.getdataplex.partitions.listdataplex.partitions.updatedataplex.tasks.canceldataplex.tasks.createdataplex.tasks.deletedataplex.tasks.getdataplex.tasks.getIamPolicydataplex.tasks.listdataplex.tasks.setIamPolicydataplex.tasks.updatedataplex.zoneActions.listdataplex.zones.createdataplex.zones.deletedataplex.zones.getdataplex.zones.getIamPolicydataplex.zones.listdataplex.zones.setIamPolicydataplex.zones.update |
| Dataplex | Now GA |
dataplex.assetActions.listdataplex.assets.createdataplex.assets.deletedataplex.assets.getdataplex.assets.getIamPolicydataplex.assets.listdataplex.assets.ownDatadataplex.assets.readDatadataplex.assets.setIamPolicydataplex.assets.updatedataplex.assets.writeDatadataplex.content.createdataplex.content.deletedataplex.content.getdataplex.content.getIamPolicydataplex.content.listdataplex.content.setIamPolicydataplex.content.updatedataplex.entities.createdataplex.entities.deletedataplex.entities.getdataplex.entities.listdataplex.entities.updatedataplex.environments.createdataplex.environments.deletedataplex.environments.executedataplex.environments.getdataplex.environments.getIamPolicydataplex.environments.listdataplex.environments.setIamPolicydataplex.environments.updatedataplex.lakeActions.listdataplex.lakes.createdataplex.lakes.deletedataplex.lakes.getdataplex.lakes.getIamPolicydataplex.lakes.listdataplex.lakes.setIamPolicydataplex.lakes.updatedataplex.locations.getdataplex.locations.listdataplex.operations.canceldataplex.operations.deletedataplex.operations.getdataplex.operations.listdataplex.partitions.createdataplex.partitions.deletedataplex.partitions.getdataplex.partitions.listdataplex.partitions.updatedataplex.tasks.canceldataplex.tasks.createdataplex.tasks.deletedataplex.tasks.getdataplex.tasks.getIamPolicydataplex.tasks.listdataplex.tasks.setIamPolicydataplex.tasks.updatedataplex.zoneActions.listdataplex.zones.createdataplex.zones.deletedataplex.zones.getdataplex.zones.getIamPolicydataplex.zones.listdataplex.zones.setIamPolicydataplex.zones.update |
| Eventarc | Added |
eventarc.events.receiveEvent |
| Eventarc | Now GA |
eventarc.events.receiveEvent |
| Cloud OS Config | Now GA |
osconfig.osPolicyAssignmentReports.getosconfig.osPolicyAssignmentReports.listosconfig.osPolicyAssignments.createosconfig.osPolicyAssignments.deleteosconfig.osPolicyAssignments.getosconfig.osPolicyAssignments.listosconfig.osPolicyAssignments.update |
| Recommender | Now GA |
recommender.resourcemanagerProjectUtilizationInsights.getrecommender.resourcemanagerProjectUtilizationInsights.listrecommender.resourcemanagerProjectUtilizationInsights.updaterecommender.resourcemanagerProjectUtilizationRecommendations.getrecommender.resourcemanagerProjectUtilizationRecommendations.listrecommender.resourcemanagerProjectUtilizationRecommendations.update |
| Security Command Center | Added |
securitycenter.virtualmachinethreatdetectionsettings.calculatesecuritycenter.virtualmachinethreatdetectionsettings.getsecuritycenter.virtualmachinethreatdetectionsettings.update |
| Security Command Center | Supported In Custom Roles |
securitycenter.virtualmachinethreatdetectionsettings.calculatesecuritycenter.virtualmachinethreatdetectionsettings.getsecuritycenter.virtualmachinethreatdetectionsettings.update |
| Security Command Center | Now GA |
securitycenter.virtualmachinethreatdetectionsettings.calculatesecuritycenter.virtualmachinethreatdetectionsettings.getsecuritycenter.virtualmachinethreatdetectionsettings.update |