This page describes changes to the public IAM permissions for all Generally Available and Beta services on Google Cloud. This change log can help you maintain and troubleshoot your custom roles.
When a permission is retired or is no longer supported in custom roles, IAM automatically removes the permission from your custom roles. In contrast, when a permission is added, IAM does not automatically add the permission to your custom roles.
You can see the latest product updates for all of Google Cloud on the Google Cloud page, browse and filter all release notes in the Google Cloud console, or you can programmatically access release notes in BigQuery.
To get the latest product updates delivered to you, add the URL of this page to your
feed
reader, or add the feed URL directly: https://cloud.google.com/feeds/cloud-iam-permissions-change-log.xml
Upcoming Cloud IAM changes for the week of 2022-06-20
Service | Change | Description |
---|---|---|
Anthos Config Management | Role Updated |
The following permissions have been added to the role container.clusters.get |
Batch API | Now GA |
The role |
Firebase Test Lab | Role Updated |
The following permissions have been added to the role storage.objects.delete |
Apigee | Added |
apigee.securityProfileEnvironments.computeScore apigee.securityProfileEnvironments.create apigee.securityProfileEnvironments.delete apigee.securityProfiles.get apigee.securityProfiles.list apigee.securityStats.queryTabularStats apigee.securityStats.queryTimeSeriesStats |
Apigee | Now GA |
apigee.securityProfileEnvironments.computeScore apigee.securityProfileEnvironments.create apigee.securityProfileEnvironments.delete apigee.securityProfiles.get apigee.securityProfiles.list apigee.securityStats.queryTabularStats apigee.securityStats.queryTimeSeriesStats |
Cloud IAM changes as of 2022-06-17
Service | Change | Description |
---|---|---|
Care Studio | Now GA |
The role |
Translation | Role Updated |
The following permissions have been added to the role automl.datasets.export automl.datasets.get automl.datasets.list automl.models.get automl.models.list automl.operations.get |
Cloud Composer | Role Updated |
The following permissions have been added to the role resourcemanager.projects.getIamPolicy |
Google Kubernetes Engine | Role Updated |
The following permissions have been added to the role dns.managedZones.getIamPolicy dns.policies.getIamPolicy |
Dialogflow | Role Updated |
The following permissions have been added to the role pubsub.snapshots.seek pubsub.subscriptions.consume pubsub.topics.attachSubscription |
Cloud DNS | Role Updated |
The following permissions have been added to the role dns.managedZones.getIamPolicy dns.policies.getIamPolicy |
Document AI | Role Updated |
The following permissions have been added to the role documentai.humanReviewConfigs.review |
Basic Role | Role Updated |
The following permissions have been added to the role dns.managedZones.getIamPolicy dns.policies.getIamPolicy |
Cloud Integrations | Role Updated |
The following permissions have been added to the role pubsub.snapshots.create pubsub.snapshots.delete pubsub.snapshots.update pubsub.topics.create pubsub.topics.delete pubsub.topics.detachSubscription pubsub.topics.update pubsub.topics.updateTag |
Service Networking | Role Updated |
The following permissions have been added to the role dns.managedZones.getIamPolicy dns.policies.getIamPolicy |
Basic Role | Role Updated |
The following permissions have been added to the role dns.managedZones.getIamPolicy dns.policies.getIamPolicy |
Basic Role | Role Updated |
The following permissions have been removed from the role apigee.archivedeployments.upload |
Bare Metal Solution | Added |
baremetalsolution.instancequotas.list baremetalsolution.networkquotas.list baremetalsolution.volumequotas.list |
Bare Metal Solution | Supported In Custom Roles |
baremetalsolution.instancequotas.list baremetalsolution.networkquotas.list baremetalsolution.volumequotas.list |
Bare Metal Solution | Now GA |
baremetalsolution.instancequotas.list baremetalsolution.networkquotas.list baremetalsolution.volumequotas.list |
Batch API | Added |
batch.jobs.create batch.jobs.delete batch.jobs.get batch.jobs.list batch.locations.get batch.locations.list batch.operations.get batch.operations.list batch.states.report batch.tasks.get batch.tasks.list |
Batch API | Supported In Custom Roles |
batch.jobs.create batch.jobs.delete batch.jobs.get batch.jobs.list batch.locations.get batch.locations.list batch.operations.get batch.operations.list batch.states.report batch.tasks.get batch.tasks.list |
BigQuery | Supported In Custom Roles |
bigquery.dataPolicies.create bigquery.dataPolicies.delete bigquery.dataPolicies.get bigquery.dataPolicies.getIamPolicy bigquery.dataPolicies.list bigquery.dataPolicies.maskedGet bigquery.dataPolicies.setIamPolicy bigquery.dataPolicies.update |
Cloud Bigtable | Added |
bigtable.tables.undelete |
Cloud Bigtable | Now GA |
bigtable.tables.undelete |
Care Studio | Now GA |
carestudio.patients.get carestudio.patients.list |
Cloud Integrations | Added |
integrations.apigeeSuspensions.lift |
Cloud Integrations | Now GA |
integrations.apigeeSuspensions.lift |
Service Networking | Added |
servicenetworking.services.createPeeredDnsDomain servicenetworking.services.deletePeeredDnsDomain servicenetworking.services.listPeeredDnsDomains |
Service Networking | Supported In Custom Roles |
servicenetworking.services.createPeeredDnsDomain servicenetworking.services.deletePeeredDnsDomain servicenetworking.services.listPeeredDnsDomains |
Timeseries Insights | Added |
timeseriesinsights.datasets.create timeseriesinsights.datasets.delete timeseriesinsights.datasets.evaluate timeseriesinsights.datasets.list timeseriesinsights.datasets.query timeseriesinsights.datasets.update |
Cloud IAM changes as of 2022-06-10
Service | Change | Description |
---|---|---|
App Engine | Role Updated |
The following permissions have been added to the role appengine.memcache.addKey appengine.memcache.flush appengine.memcache.get appengine.memcache.update |
Cloud Composer | Role Updated |
The following permissions have been added to the role appengine.memcache.addKey appengine.memcache.flush appengine.memcache.get appengine.memcache.update |
Compute Engine | Role Updated |
The following permissions have been added to the role storage.objects.create storage.objects.get storage.objects.list storage.objects.update |
Dataplex | Role Updated |
The following permissions have been added to the role cloudasset.assets.analyzeIamPolicy cloudasset.assets.searchAllIamPolicies cloudasset.assets.searchAllResources |
Dataplex | Role Updated |
The following permissions have been added to the role cloudasset.assets.analyzeIamPolicy |
Dataplex | Role Updated |
The following permissions have been added to the role cloudasset.assets.analyzeIamPolicy |
Cloud Integrations | Now GA |
The role |
Dataproc Metastore | Now GA |
The role |
Resource Manager | Now GA |
The role |
Resource Manager | Now GA |
The role |
Resource Manager | Now GA |
The role |
Resource Manager | Now GA |
The role |
Access Approval | Added |
accessapproval.requests.invalidate |
Access Approval | Supported In Custom Roles |
accessapproval.requests.invalidate |
AlloyDB for PostgreSQL | Added |
alloydb.backups.create alloydb.backups.delete alloydb.backups.get alloydb.backups.list alloydb.backups.update alloydb.clusters.create alloydb.clusters.delete alloydb.clusters.generateClientCertificate alloydb.clusters.get alloydb.clusters.list alloydb.clusters.update alloydb.instances.connect alloydb.instances.create alloydb.instances.delete alloydb.instances.failover alloydb.instances.get alloydb.instances.list alloydb.instances.restart alloydb.instances.update alloydb.locations.get alloydb.locations.list alloydb.operations.cancel alloydb.operations.delete alloydb.operations.get alloydb.operations.list alloydb.supportedDatabaseFlags.get alloydb.supportedDatabaseFlags.list |
Artifact Registry | Added |
artifactregistry.mavenartifacts.get artifactregistry.mavenartifacts.list artifactregistry.npmpackages.get artifactregistry.npmpackages.list artifactregistry.pythonpackages.get artifactregistry.pythonpackages.list |
Artifact Registry | Now GA |
artifactregistry.mavenartifacts.get artifactregistry.mavenartifacts.list artifactregistry.npmpackages.get artifactregistry.npmpackages.list artifactregistry.pythonpackages.get artifactregistry.pythonpackages.list |
AutoML | Added |
automl.files.delete automl.files.list |
Bare Metal Solution | Added |
baremetalsolution.instances.attachVolume baremetalsolution.instances.detachVolume |
Bare Metal Solution | Supported In Custom Roles |
baremetalsolution.instances.attachVolume baremetalsolution.instances.detachVolume |
Bare Metal Solution | Now GA |
baremetalsolution.instances.attachVolume baremetalsolution.instances.detachVolume |
Cloud Billing | Added |
billing.accounts.getCarbonInformation |
Cloud Billing | Supported In Custom Roles |
billing.accounts.getCarbonInformation |
Cloud Billing | Now GA |
billing.accounts.getCarbonInformation |
Google Cloud Deploy | Added |
clouddeploy.releases.abandon |
Google Cloud Deploy | Supported In Custom Roles |
clouddeploy.releases.abandon |
Commerce Price Management | Added |
commerceprice.privateoffers.cancel |
Commerce Price Management | Supported In Custom Roles |
commerceprice.privateoffers.cancel |
Datastream | Added |
datastream.connectionProfiles.createTagBinding datastream.connectionProfiles.deleteTagBinding datastream.connectionProfiles.listEffectiveTags datastream.connectionProfiles.listTagBindings datastream.privateConnections.createTagBinding datastream.privateConnections.deleteTagBinding datastream.privateConnections.listEffectiveTags datastream.privateConnections.listTagBindings datastream.streams.createTagBinding datastream.streams.deleteTagBinding datastream.streams.listEffectiveTags datastream.streams.listTagBindings |
Cloud DNS | Added |
dns.managedZones.getIamPolicy dns.managedZones.setIamPolicy |
Cloud DNS | Supported In Custom Roles |
dns.managedZones.getIamPolicy dns.managedZones.setIamPolicy |
Identity and Access Management | Added |
iam.serviceAccountKeys.disable iam.serviceAccountKeys.enable |
Identity and Access Management | Supported In Custom Roles |
iam.serviceAccountKeys.disable iam.serviceAccountKeys.enable |
Identity and Access Management | Now GA |
iam.serviceAccountKeys.disable iam.serviceAccountKeys.enable |
Dataproc Metastore | Added |
metastore.federations.create metastore.federations.delete metastore.federations.get metastore.federations.getIamPolicy metastore.federations.list metastore.federations.setIamPolicy metastore.federations.update metastore.federations.use |
Dataproc Metastore | Supported In Custom Roles |
metastore.federations.create metastore.federations.delete metastore.federations.get metastore.federations.getIamPolicy metastore.federations.list metastore.federations.setIamPolicy metastore.federations.update metastore.federations.use |
Dataproc Metastore | Now GA |
metastore.federations.create metastore.federations.delete metastore.federations.get metastore.federations.getIamPolicy metastore.federations.list metastore.federations.setIamPolicy metastore.federations.update metastore.federations.use |
Resource Manager | Now GA |
resourcemanager.hierarchyNodes.createTagBinding resourcemanager.hierarchyNodes.deleteTagBinding resourcemanager.hierarchyNodes.listTagBindings resourcemanager.resourceTagBindings.create resourcemanager.resourceTagBindings.delete resourcemanager.resourceTagBindings.list resourcemanager.tagHolds.create resourcemanager.tagHolds.delete resourcemanager.tagHolds.list resourcemanager.tagKeys.create resourcemanager.tagKeys.delete resourcemanager.tagKeys.get resourcemanager.tagKeys.getIamPolicy resourcemanager.tagKeys.list resourcemanager.tagKeys.setIamPolicy resourcemanager.tagKeys.update resourcemanager.tagValueBindings.create resourcemanager.tagValueBindings.delete resourcemanager.tagValues.create resourcemanager.tagValues.delete resourcemanager.tagValues.get resourcemanager.tagValues.getIamPolicy resourcemanager.tagValues.list resourcemanager.tagValues.setIamPolicy resourcemanager.tagValues.update |
Cloud IAM changes as of 2022-05-27
Service | Change | Description |
---|---|---|
AlloyDB for PostgreSQL | Now GA |
The role |
Compute Engine | Role Updated |
The following permissions have been added to the role compute.addresses.use compute.addresses.useInternal compute.disks.create compute.disks.setLabels compute.disks.use compute.disks.useReadOnly compute.images.useReadOnly compute.instanceTemplates.useReadOnly compute.instances.create compute.instances.createTagBinding compute.instances.setDeletionProtection compute.instances.setLabels compute.instances.setMetadata compute.instances.setServiceAccount compute.instances.setTags compute.instances.updateDisplayDevice compute.machineImages.useReadOnly compute.networks.use compute.networks.useExternalIp compute.resourcePolicies.use compute.snapshots.useReadOnly compute.subnetworks.use compute.subnetworks.useExternalIp |
Dataflow | Role Updated |
The following permissions have been added to the role monitoring.timeSeries.create |
Live Stream | Role Updated |
The following permissions have been added to the role storage.objects.get storage.objects.list |
Cloud Run | Role Updated |
The following permissions have been added to the role compute.addresses.createInternal compute.addresses.deleteInternal compute.addresses.get compute.addresses.list compute.subnetworks.get compute.subnetworks.use |
Cloud Run | Role Updated |
The following permissions have been added to the role compute.addresses.createInternal compute.addresses.deleteInternal compute.addresses.get compute.addresses.list compute.subnetworks.get compute.subnetworks.use |
AI Platform | Added |
aiplatform.entityTypes.getIamPolicy aiplatform.entityTypes.setIamPolicy aiplatform.featurestores.getIamPolicy aiplatform.featurestores.setIamPolicy |
Container Security | Added |
containersecurity.locations.get containersecurity.locations.list |
Network Management API | Added |
networkmanagement.config.get networkmanagement.config.startFreeTrial networkmanagement.config.update |
Network Management API | Supported In Custom Roles |
networkmanagement.config.get networkmanagement.config.startFreeTrial networkmanagement.config.update |
Network Management API | Now GA |
networkmanagement.config.get networkmanagement.config.startFreeTrial networkmanagement.config.update |
Network Services | Added |
networkservices.tlsRoutes.create networkservices.tlsRoutes.delete networkservices.tlsRoutes.get networkservices.tlsRoutes.list networkservices.tlsRoutes.update networkservices.tlsRoutes.use |
Network Services | Supported In Custom Roles |
networkservices.tlsRoutes.create networkservices.tlsRoutes.delete networkservices.tlsRoutes.get networkservices.tlsRoutes.list networkservices.tlsRoutes.update networkservices.tlsRoutes.use |
reCAPTCHA Enterprise | Added |
recaptchaenterprise.keys.retrievelegacysecretkey |
Transfer Appliance | Added |
transferappliance.appliances.create transferappliance.appliances.delete transferappliance.appliances.get transferappliance.appliances.list transferappliance.appliances.update transferappliance.locations.get transferappliance.locations.list transferappliance.operations.cancel transferappliance.operations.delete transferappliance.operations.get transferappliance.operations.list transferappliance.orders.create transferappliance.orders.delete transferappliance.orders.get transferappliance.orders.list transferappliance.orders.update |
Transfer Appliance | Supported In Custom Roles |
transferappliance.appliances.create transferappliance.appliances.delete transferappliance.appliances.get transferappliance.appliances.list transferappliance.appliances.update transferappliance.locations.get transferappliance.locations.list transferappliance.operations.cancel transferappliance.operations.delete transferappliance.operations.get transferappliance.operations.list transferappliance.orders.create transferappliance.orders.delete transferappliance.orders.get transferappliance.orders.list transferappliance.orders.update |
Cloud IAM changes as of 2022-05-20
Service | Change | Description |
---|---|---|
Anthos Service Mesh | Role Updated |
The following permissions have been added to the role container.jobs.create container.jobs.delete container.jobs.get container.jobs.list container.jobs.update |
Backup for GKE | Role Updated |
The following permissions have been added to the role compute.disks.list compute.disks.setLabels |
AI Platform | Added |
aiplatform.humanInTheLoops.queryAnnotationStats |
Bare Metal Solution | Added |
baremetalsolution.luns.create baremetalsolution.luns.delete baremetalsolution.luns.update baremetalsolution.volumes.create baremetalsolution.volumes.delete |
Bare Metal Solution | Supported In Custom Roles |
baremetalsolution.luns.create baremetalsolution.luns.delete baremetalsolution.luns.update baremetalsolution.volumes.create baremetalsolution.volumes.delete |
Bare Metal Solution | Now GA |
baremetalsolution.luns.create baremetalsolution.luns.delete baremetalsolution.luns.update baremetalsolution.volumes.create baremetalsolution.volumes.delete |
BigQuery | Added |
bigquery.datasets.createTagBinding bigquery.datasets.deleteTagBinding bigquery.datasets.listTagBindings |
BigQuery | Supported In Custom Roles |
bigquery.datasets.createTagBinding bigquery.datasets.deleteTagBinding bigquery.datasets.listTagBindings |
Recommender | Added |
recommender.containerDiagnosisInsights.get recommender.containerDiagnosisInsights.list recommender.containerDiagnosisInsights.update recommender.containerDiagnosisRecommendations.get recommender.containerDiagnosisRecommendations.list recommender.containerDiagnosisRecommendations.update |
Recommender | Supported In Custom Roles |
recommender.containerDiagnosisInsights.get recommender.containerDiagnosisInsights.list recommender.containerDiagnosisInsights.update recommender.containerDiagnosisRecommendations.get recommender.containerDiagnosisRecommendations.list recommender.containerDiagnosisRecommendations.update |
Service Security Insights | Added |
servicesecurityinsights.securityInfo.list |
Service Security Insights | Supported In Custom Roles |
servicesecurityinsights.securityInfo.list |
Cloud IAM changes as of 2022-05-13
Service | Change | Description |
---|---|---|
Assured Workloads | Role Updated |
The following permissions have been added to the role logging.cmekSettings.update |
Maps Admin | Now GA |
The role |
Maps Admin | Now GA |
The role |
Security Command Center | Role Updated |
The following permissions have been added to the role orgpolicy.policies.list |
Security Command Center | Role Updated |
The following permissions have been added to the role orgpolicy.policies.list |
Service Security Insights | Role Added |
The role servicesecurityinsights.clusterSecurityInfo.get servicesecurityinsights.clusterSecurityInfo.list servicesecurityinsights.clusters.get servicesecurityinsights.clusters.list servicesecurityinsights.googleapis.com/clusterSecurityInfo.get servicesecurityinsights.googleapis.com/clusterSecurityInfo.list servicesecurityinsights.googleapis.com/clusters.get servicesecurityinsights.googleapis.com/clusters.list servicesecurityinsights.googleapis.com/locations.get servicesecurityinsights.googleapis.com/locations.list servicesecurityinsights.googleapis.com/namespaces.get servicesecurityinsights.googleapis.com/namespaces.list servicesecurityinsights.googleapis.com/policies.get servicesecurityinsights.googleapis.com/policyTypes.get servicesecurityinsights.googleapis.com/policyTypes.list servicesecurityinsights.googleapis.com/projectStates.get servicesecurityinsights.googleapis.com/securityInfo.list servicesecurityinsights.googleapis.com/securityViews.get servicesecurityinsights.googleapis.com/workloadPolicies.list servicesecurityinsights.googleapis.com/workloadSecurityInfo.get servicesecurityinsights.googleapis.com/workloadTypes.get servicesecurityinsights.googleapis.com/workloadTypes.list servicesecurityinsights.googleapis.com/workloads.get servicesecurityinsights.googleapis.com/workloads.list servicesecurityinsights.locations.get servicesecurityinsights.locations.list servicesecurityinsights.namespaces.get servicesecurityinsights.namespaces.list servicesecurityinsights.policies.get servicesecurityinsights.policyTypes.get servicesecurityinsights.policyTypes.list servicesecurityinsights.projectStates.get servicesecurityinsights.securityInfo.list servicesecurityinsights.securityViews.get servicesecurityinsights.workloadPolicies.list servicesecurityinsights.workloadSecurityInfo.get servicesecurityinsights.workloadTypes.get servicesecurityinsights.workloadTypes.list servicesecurityinsights.workloads.get servicesecurityinsights.workloads.list |
Apigee | Added |
apigee.keyvaluemapentries.create apigee.keyvaluemapentries.delete apigee.keyvaluemapentries.get |
Apigee | Supported In Custom Roles |
apigee.keyvaluemapentries.create apigee.keyvaluemapentries.delete apigee.keyvaluemapentries.get |
Apigee | Now GA |
apigee.keyvaluemapentries.create apigee.keyvaluemapentries.delete apigee.keyvaluemapentries.get |
Artifact Registry | Added |
artifactregistry.locations.get artifactregistry.locations.list |
Artifact Registry | Supported In Custom Roles |
artifactregistry.locations.get artifactregistry.locations.list |
Artifact Registry | Now GA |
artifactregistry.locations.get artifactregistry.locations.list |
Care Studio | Added |
carestudio.patients.get carestudio.patients.list |
Identity-Aware Proxy | Added |
iap.tunnelDestGroups.accessViaIAP iap.tunnelDestGroups.create iap.tunnelDestGroups.delete iap.tunnelDestGroups.get iap.tunnelDestGroups.getIamPolicy iap.tunnelDestGroups.list iap.tunnelDestGroups.setIamPolicy iap.tunnelDestGroups.update iap.tunnelLocations.getIamPolicy iap.tunnelLocations.setIamPolicy |
Identity-Aware Proxy | Supported In Custom Roles |
iap.tunnelDestGroups.accessViaIAP iap.tunnelDestGroups.create iap.tunnelDestGroups.delete iap.tunnelDestGroups.get iap.tunnelDestGroups.getIamPolicy iap.tunnelDestGroups.list iap.tunnelDestGroups.setIamPolicy iap.tunnelDestGroups.update iap.tunnelLocations.getIamPolicy iap.tunnelLocations.setIamPolicy |
Maps Admin | Added |
mapsadmin.clientMaps.create mapsadmin.clientMaps.delete mapsadmin.clientMaps.get mapsadmin.clientMaps.list mapsadmin.clientMaps.update mapsadmin.clientStyleActivationRules.update mapsadmin.clientStyleSheetSnapshots.list mapsadmin.clientStyleSheetSnapshots.update mapsadmin.clientStyles.create mapsadmin.clientStyles.delete mapsadmin.clientStyles.get mapsadmin.clientStyles.list mapsadmin.clientStyles.update mapsadmin.styleEditorConfigs.get |
Maps Admin | Supported In Custom Roles |
mapsadmin.clientMaps.create mapsadmin.clientMaps.delete mapsadmin.clientMaps.get mapsadmin.clientMaps.list mapsadmin.clientMaps.update mapsadmin.clientStyleActivationRules.update mapsadmin.clientStyleSheetSnapshots.list mapsadmin.clientStyleSheetSnapshots.update mapsadmin.clientStyles.create mapsadmin.clientStyles.delete mapsadmin.clientStyles.get mapsadmin.clientStyles.list mapsadmin.clientStyles.update mapsadmin.styleEditorConfigs.get |
Maps Admin | Now GA |
mapsadmin.clientMaps.create mapsadmin.clientMaps.delete mapsadmin.clientMaps.get mapsadmin.clientMaps.list mapsadmin.clientMaps.update mapsadmin.clientStyleActivationRules.update mapsadmin.clientStyleSheetSnapshots.list mapsadmin.clientStyleSheetSnapshots.update mapsadmin.clientStyles.create mapsadmin.clientStyles.delete mapsadmin.clientStyles.get mapsadmin.clientStyles.list mapsadmin.clientStyles.update mapsadmin.styleEditorConfigs.get |
Certificate Authority Service | Added |
privateca.caPools.use |
Certificate Authority Service | Now GA |
privateca.caPools.use |
Cloud IAM changes as of 2022-05-06
Service | Change | Description |
---|---|---|
Cloud Billing | Now GA |
The role |
Cloud Functions | Role Updated |
The following permissions have been added to the role run.operations.delete run.operations.get run.operations.list |
Cloud Functions | Role Updated |
The following permissions have been added to the role run.operations.delete run.operations.get run.operations.list |
Firebase App Check | Now GA |
The role |
Firebase App Check | Now GA |
The role |
Recommender | Now GA |
The role |
Recommender | Now GA |
The role |
Cloud Run | Role Updated |
The following permissions have been added to the role run.operations.delete run.operations.get run.operations.list |
Container Security | Added |
containersecurity.clusterSummaries.list containersecurity.workloadConfigAudits.list |
Container Security | Supported In Custom Roles |
containersecurity.clusterSummaries.list containersecurity.workloadConfigAudits.list |
Eventarc | Added |
eventarc.channelConnections.create eventarc.channelConnections.delete eventarc.channelConnections.get eventarc.channelConnections.getIamPolicy eventarc.channelConnections.list eventarc.channelConnections.publish eventarc.channelConnections.setIamPolicy |
Eventarc | Supported In Custom Roles |
eventarc.channelConnections.create eventarc.channelConnections.delete eventarc.channelConnections.get eventarc.channelConnections.getIamPolicy eventarc.channelConnections.list eventarc.channelConnections.publish eventarc.channelConnections.setIamPolicy |
Firebase App Check | Added |
firebaseappcheck.recaptchaV3Config.get firebaseappcheck.recaptchaV3Config.update |
Firebase App Check | Now GA |
firebaseappcheck.appAttestConfig.get firebaseappcheck.appAttestConfig.update firebaseappcheck.debugTokens.get firebaseappcheck.debugTokens.update firebaseappcheck.deviceCheckConfig.get firebaseappcheck.deviceCheckConfig.update firebaseappcheck.playIntegrityConfig.get firebaseappcheck.playIntegrityConfig.update firebaseappcheck.recaptchaEnterpriseConfig.get firebaseappcheck.recaptchaEnterpriseConfig.update firebaseappcheck.recaptchaV3Config.get firebaseappcheck.recaptchaV3Config.update firebaseappcheck.safetyNetConfig.get firebaseappcheck.safetyNetConfig.update firebaseappcheck.services.get firebaseappcheck.services.update |
Managed Service for Microsoft Active Directory | Added |
managedidentities.domains.extendSchema |
Managed Service for Microsoft Active Directory | Supported In Custom Roles |
managedidentities.domains.extendSchema |
Recommender | Added |
recommender.gmpProjectManagementInsights.get recommender.gmpProjectManagementInsights.list recommender.gmpProjectManagementInsights.update recommender.gmpProjectManagementRecommendations.get recommender.gmpProjectManagementRecommendations.list recommender.gmpProjectManagementRecommendations.update recommender.gmpProjectProductSuggestionsInsights.get recommender.gmpProjectProductSuggestionsInsights.list recommender.gmpProjectProductSuggestionsInsights.update recommender.gmpProjectProductSuggestionsRecommendations.get recommender.gmpProjectProductSuggestionsRecommendations.list recommender.gmpProjectProductSuggestionsRecommendations.update recommender.gmpProjectQuotaInsights.get recommender.gmpProjectQuotaInsights.list recommender.gmpProjectQuotaInsights.update recommender.gmpProjectQuotaRecommendations.get recommender.gmpProjectQuotaRecommendations.list recommender.gmpProjectQuotaRecommendations.update |
Recommender | Supported In Custom Roles |
recommender.gmpProjectManagementInsights.get recommender.gmpProjectManagementInsights.list recommender.gmpProjectManagementInsights.update recommender.gmpProjectManagementRecommendations.get recommender.gmpProjectManagementRecommendations.list recommender.gmpProjectManagementRecommendations.update recommender.gmpProjectProductSuggestionsInsights.get recommender.gmpProjectProductSuggestionsInsights.list recommender.gmpProjectProductSuggestionsInsights.update recommender.gmpProjectProductSuggestionsRecommendations.get recommender.gmpProjectProductSuggestionsRecommendations.list recommender.gmpProjectProductSuggestionsRecommendations.update recommender.gmpProjectQuotaInsights.get recommender.gmpProjectQuotaInsights.list recommender.gmpProjectQuotaInsights.update recommender.gmpProjectQuotaRecommendations.get recommender.gmpProjectQuotaRecommendations.list recommender.gmpProjectQuotaRecommendations.update |
Recommender | Now GA |
recommender.gmpProjectManagementInsights.get recommender.gmpProjectManagementInsights.list recommender.gmpProjectManagementInsights.update recommender.gmpProjectManagementRecommendations.get recommender.gmpProjectManagementRecommendations.list recommender.gmpProjectManagementRecommendations.update recommender.gmpProjectProductSuggestionsInsights.get recommender.gmpProjectProductSuggestionsInsights.list recommender.gmpProjectProductSuggestionsInsights.update recommender.gmpProjectProductSuggestionsRecommendations.get recommender.gmpProjectProductSuggestionsRecommendations.list recommender.gmpProjectProductSuggestionsRecommendations.update recommender.gmpProjectQuotaInsights.get recommender.gmpProjectQuotaInsights.list recommender.gmpProjectQuotaInsights.update recommender.gmpProjectQuotaRecommendations.get recommender.gmpProjectQuotaRecommendations.list recommender.gmpProjectQuotaRecommendations.update |
Cloud Run | Added |
run.executions.delete run.executions.get run.executions.list run.jobs.create run.jobs.delete run.jobs.get run.jobs.getIamPolicy run.jobs.list run.jobs.run run.jobs.setIamPolicy run.jobs.update run.tasks.get run.tasks.list |
Cloud Run | Supported In Custom Roles |
run.jobs.run run.jobs.update |
Cloud Run | Now GA |
run.executions.delete run.executions.get run.executions.list run.jobs.create run.jobs.delete run.jobs.get run.jobs.getIamPolicy run.jobs.list run.jobs.run run.jobs.setIamPolicy run.jobs.update run.tasks.get run.tasks.list |
Service Security Insights | Added |
servicesecurityinsights.clusterSecurityInfo.get servicesecurityinsights.clusterSecurityInfo.list servicesecurityinsights.policies.get servicesecurityinsights.projectStates.get servicesecurityinsights.securityViews.get servicesecurityinsights.workloadPolicies.list servicesecurityinsights.workloadSecurityInfo.get |
Cloud IAM changes as of 2022-04-29
Service | Change | Description |
---|---|---|
Apigee | Role Updated |
The following permissions have been added to the role apigee.keyvaluemaps.create apigee.keyvaluemaps.delete |
Content Warehouse | Role Updated |
The following permissions have been removed from the role contentwarehouse.documents.create contentwarehouse.documents.delete contentwarehouse.documents.setIamPolicy |
Dataflow | Role Updated |
The following permissions have been added to the role cloudbuild.builds.create cloudbuild.builds.get cloudbuild.builds.list cloudbuild.builds.update remotebuildexecution.blobs.get |
Dataflow | Role Updated |
The following permissions have been added to the role cloudbuild.builds.create cloudbuild.builds.get cloudbuild.builds.list cloudbuild.builds.update remotebuildexecution.blobs.get |
Dataflow | Role Updated |
The following permissions have been added to the role dataflow.jobs.cancel dataflow.jobs.create dataflow.jobs.get dataflow.jobs.list dataflow.jobs.snapshot dataflow.jobs.updateContents dataflow.messages.list dataflow.metrics.get dataflow.snapshots.delete dataflow.snapshots.get dataflow.snapshots.list recommender.dataflowDiagnosticsInsights.get recommender.dataflowDiagnosticsInsights.list recommender.dataflowDiagnosticsInsights.update serviceusage.services.use |
Data Pipelines | Role Updated |
The following permissions have been added to the role cloudbuild.builds.create cloudbuild.builds.get cloudbuild.builds.list cloudbuild.builds.update remotebuildexecution.blobs.get |
Dataprep by Trifacta | Role Updated |
The following permissions have been added to the role cloudbuild.builds.create cloudbuild.builds.get cloudbuild.builds.list cloudbuild.builds.update remotebuildexecution.blobs.get |
Firebase Mods | Role Updated |
The following permissions have been added to the role iam.serviceAccounts.actAs |
Speech-to-Text | Role Updated |
The following permissions have been added to the role speech.customClasses.get speech.customClasses.list speech.phraseSets.get speech.phraseSets.list |
Apigee | Added |
apigee.datalocation.get |
Apigee | Supported In Custom Roles |
apigee.datalocation.get |
Apigee | Now GA |
apigee.datalocation.get |
Compute Engine | Added |
compute.instances.createTagBinding compute.instances.deleteTagBinding compute.instances.listTagBindings |
Compute Engine | Now GA |
compute.instances.createTagBinding compute.instances.deleteTagBinding compute.instances.listTagBindings |
Eventarc | Added |
eventarc.channels.create eventarc.channels.delete eventarc.channels.get eventarc.channels.getIamPolicy eventarc.channels.list eventarc.channels.publish eventarc.channels.setIamPolicy eventarc.channels.undelete eventarc.channels.update |
Eventarc | Supported In Custom Roles |
eventarc.channels.create eventarc.channels.delete eventarc.channels.get eventarc.channels.getIamPolicy eventarc.channels.list eventarc.channels.publish eventarc.channels.setIamPolicy eventarc.channels.undelete eventarc.channels.update |
Firebase App Check | Added |
firebaseappcheck.playIntegrityConfig.get firebaseappcheck.playIntegrityConfig.update |
Firebase App Check | Supported In Custom Roles |
firebaseappcheck.playIntegrityConfig.get firebaseappcheck.playIntegrityConfig.update |
Recommender | Added |
recommender.costInsights.get recommender.costInsights.list recommender.costInsights.update recommender.runServiceIdentityInsights.get recommender.runServiceIdentityInsights.list recommender.runServiceIdentityInsights.update recommender.runServiceIdentityRecommendations.get recommender.runServiceIdentityRecommendations.list recommender.runServiceIdentityRecommendations.update |
Recommender | Supported In Custom Roles |
recommender.runServiceIdentityInsights.get recommender.runServiceIdentityInsights.list recommender.runServiceIdentityInsights.update recommender.runServiceIdentityRecommendations.get recommender.runServiceIdentityRecommendations.list recommender.runServiceIdentityRecommendations.update |
Recommender | Now GA |
recommender.runServiceIdentityInsights.get recommender.runServiceIdentityInsights.list recommender.runServiceIdentityInsights.update recommender.runServiceIdentityRecommendations.get recommender.runServiceIdentityRecommendations.list recommender.runServiceIdentityRecommendations.update |
Cloud IAM changes as of 2022-04-22
Service | Change | Description |
---|---|---|
BigQuery Migration API | Now GA |
The role |
BigQuery Migration API | Now GA |
The role |
BigQuery Migration API | Now GA |
The role |
BigQuery Migration API | Now GA |
The role |
BigQuery Migration API | Now GA |
The role |
Google Kubernetes Engine | Role Updated |
The following permissions have been added to the role serviceusage.services.use |
Storage Transfer Service | Role Updated |
The following permissions have been removed from the role pubsub.snapshots.seek |
BigQuery Migration API | Now GA |
bigquerymigration.locations.get bigquerymigration.locations.list bigquerymigration.subtaskTypes.executeTask bigquerymigration.subtasks.create bigquerymigration.subtasks.executeTask bigquerymigration.subtasks.get bigquerymigration.subtasks.list bigquerymigration.taskTypes.orchestrateTask bigquerymigration.translation.translate bigquerymigration.workflows.create bigquerymigration.workflows.delete bigquerymigration.workflows.get bigquerymigration.workflows.list bigquerymigration.workflows.orchestrateTask bigquerymigration.workflows.update bigquerymigration.workflows.writeLogs |
Cloud Key Management Service | Added |
cloudkms.keyRings.listEffectiveTags |
Cloud Key Management Service | Now GA |
cloudkms.keyRings.listEffectiveTags |
Cloud Optimization | Added |
cloudoptimization.operations.create cloudoptimization.operations.get |
Cloud Optimization | Supported In Custom Roles |
cloudoptimization.operations.create cloudoptimization.operations.get |
Cloud SQL | Added |
cloudsql.instances.listEffectiveTags cloudsql.users.get |
Cloud SQL | Supported In Custom Roles |
cloudsql.users.get |
Cloud SQL | Now GA |
cloudsql.instances.listEffectiveTags cloudsql.users.get |
Compute Engine | Added |
compute.disks.listEffectiveTags compute.images.listEffectiveTags compute.instances.listEffectiveTags compute.snapshots.listEffectiveTags |
Google Kubernetes Engine | Added |
container.clusters.createTagBinding container.clusters.deleteTagBinding container.clusters.listEffectiveTags container.clusters.listTagBindings |
Google Kubernetes Engine | Now GA |
container.clusters.createTagBinding container.clusters.deleteTagBinding container.clusters.listEffectiveTags container.clusters.listTagBindings |
Cloud Domains | Added |
domains.registrations.listEffectiveTags |
Cloud Domains | Now GA |
domains.registrations.listEffectiveTags |
Filestore | Added |
file.backups.listEffectiveTags file.instances.listEffectiveTags file.snapshots.listEffectiveTags |
GKE Hub | Supported In Custom Roles |
gkehub.features.create gkehub.features.delete gkehub.features.get gkehub.features.getIamPolicy gkehub.features.list gkehub.features.setIamPolicy gkehub.features.update |
Managed Service for Microsoft Active Directory | Added |
managedidentities.domains.listEffectiveTags |
Managed Service for Microsoft Active Directory | Now GA |
managedidentities.domains.listEffectiveTags |
Recommender | Added |
recommender.computeInstanceCpuUsageInsights.get recommender.computeInstanceCpuUsageInsights.list recommender.computeInstanceCpuUsageInsights.update recommender.computeInstanceCpuUsagePredictionInsights.get recommender.computeInstanceCpuUsagePredictionInsights.list recommender.computeInstanceCpuUsagePredictionInsights.update recommender.computeInstanceCpuUsageTrendInsights.get recommender.computeInstanceCpuUsageTrendInsights.list recommender.computeInstanceCpuUsageTrendInsights.update recommender.computeInstanceGroupManagerCpuUsageInsights.get recommender.computeInstanceGroupManagerCpuUsageInsights.list recommender.computeInstanceGroupManagerCpuUsageInsights.update recommender.computeInstanceGroupManagerCpuUsagePredictionInsights.get recommender.computeInstanceGroupManagerCpuUsagePredictionInsights.list recommender.computeInstanceGroupManagerCpuUsagePredictionInsights.update recommender.computeInstanceGroupManagerCpuUsageTrendInsights.get recommender.computeInstanceGroupManagerCpuUsageTrendInsights.list recommender.computeInstanceGroupManagerCpuUsageTrendInsights.update recommender.computeInstanceGroupManagerMemoryUsageInsights.get recommender.computeInstanceGroupManagerMemoryUsageInsights.list recommender.computeInstanceGroupManagerMemoryUsageInsights.update recommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.get recommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.list recommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.update recommender.computeInstanceMemoryUsageInsights.get recommender.computeInstanceMemoryUsageInsights.list recommender.computeInstanceMemoryUsageInsights.update recommender.computeInstanceMemoryUsagePredictionInsights.get recommender.computeInstanceMemoryUsagePredictionInsights.list recommender.computeInstanceMemoryUsagePredictionInsights.update recommender.computeInstanceNetworkThroughputInsights.get recommender.computeInstanceNetworkThroughputInsights.list recommender.computeInstanceNetworkThroughputInsights.update recommender.spendBasedCommitmentInsights.get recommender.spendBasedCommitmentInsights.list recommender.spendBasedCommitmentInsights.update recommender.spendBasedCommitmentRecommendations.get recommender.spendBasedCommitmentRecommendations.list recommender.spendBasedCommitmentRecommendations.update |
Recommender | Supported In Custom Roles |
recommender.computeInstanceCpuUsageInsights.get recommender.computeInstanceCpuUsageInsights.list recommender.computeInstanceCpuUsageInsights.update recommender.computeInstanceCpuUsagePredictionInsights.get recommender.computeInstanceCpuUsagePredictionInsights.list recommender.computeInstanceCpuUsagePredictionInsights.update recommender.computeInstanceCpuUsageTrendInsights.get recommender.computeInstanceCpuUsageTrendInsights.list recommender.computeInstanceCpuUsageTrendInsights.update recommender.computeInstanceGroupManagerCpuUsageInsights.get recommender.computeInstanceGroupManagerCpuUsageInsights.list recommender.computeInstanceGroupManagerCpuUsageInsights.update recommender.computeInstanceGroupManagerCpuUsagePredictionInsights.get recommender.computeInstanceGroupManagerCpuUsagePredictionInsights.list recommender.computeInstanceGroupManagerCpuUsagePredictionInsights.update recommender.computeInstanceGroupManagerCpuUsageTrendInsights.get recommender.computeInstanceGroupManagerCpuUsageTrendInsights.list recommender.computeInstanceGroupManagerCpuUsageTrendInsights.update recommender.computeInstanceGroupManagerMemoryUsageInsights.get recommender.computeInstanceGroupManagerMemoryUsageInsights.list recommender.computeInstanceGroupManagerMemoryUsageInsights.update recommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.get recommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.list recommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.update recommender.computeInstanceMemoryUsageInsights.get recommender.computeInstanceMemoryUsageInsights.list recommender.computeInstanceMemoryUsageInsights.update recommender.computeInstanceMemoryUsagePredictionInsights.get recommender.computeInstanceMemoryUsagePredictionInsights.list recommender.computeInstanceMemoryUsagePredictionInsights.update recommender.computeInstanceNetworkThroughputInsights.get recommender.computeInstanceNetworkThroughputInsights.list recommender.computeInstanceNetworkThroughputInsights.update recommender.spendBasedCommitmentInsights.get recommender.spendBasedCommitmentInsights.list recommender.spendBasedCommitmentInsights.update recommender.spendBasedCommitmentRecommendations.get recommender.spendBasedCommitmentRecommendations.list recommender.spendBasedCommitmentRecommendations.update |
Recommender | Now GA |
recommender.computeInstanceCpuUsageInsights.get recommender.computeInstanceCpuUsageInsights.list recommender.computeInstanceCpuUsageInsights.update recommender.computeInstanceCpuUsagePredictionInsights.get recommender.computeInstanceCpuUsagePredictionInsights.list recommender.computeInstanceCpuUsagePredictionInsights.update recommender.computeInstanceCpuUsageTrendInsights.get recommender.computeInstanceCpuUsageTrendInsights.list recommender.computeInstanceCpuUsageTrendInsights.update recommender.computeInstanceGroupManagerCpuUsageInsights.get recommender.computeInstanceGroupManagerCpuUsageInsights.list recommender.computeInstanceGroupManagerCpuUsageInsights.update recommender.computeInstanceGroupManagerCpuUsagePredictionInsights.get recommender.computeInstanceGroupManagerCpuUsagePredictionInsights.list recommender.computeInstanceGroupManagerCpuUsagePredictionInsights.update recommender.computeInstanceGroupManagerCpuUsageTrendInsights.get recommender.computeInstanceGroupManagerCpuUsageTrendInsights.list recommender.computeInstanceGroupManagerCpuUsageTrendInsights.update recommender.computeInstanceGroupManagerMemoryUsageInsights.get recommender.computeInstanceGroupManagerMemoryUsageInsights.list recommender.computeInstanceGroupManagerMemoryUsageInsights.update recommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.get recommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.list recommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.update recommender.computeInstanceMemoryUsageInsights.get recommender.computeInstanceMemoryUsageInsights.list recommender.computeInstanceMemoryUsageInsights.update recommender.computeInstanceMemoryUsagePredictionInsights.get recommender.computeInstanceMemoryUsagePredictionInsights.list recommender.computeInstanceMemoryUsagePredictionInsights.update recommender.computeInstanceNetworkThroughputInsights.get recommender.computeInstanceNetworkThroughputInsights.list recommender.computeInstanceNetworkThroughputInsights.update |
Resource Manager | Added |
resourcemanager.hierarchyNodes.listEffectiveTags |
Cloud Spanner | Added |
spanner.backups.copy |
Cloud Spanner | Supported In Custom Roles |
spanner.backups.copy |
Cloud Spanner | Now GA |
spanner.backups.copy |
Cloud Storage | Added |
storage.buckets.listEffectiveTags |
Cloud Storage | Now GA |
storage.buckets.listEffectiveTags |
Cloud IAM changes as of 2022-04-15
Service | Change | Description |
---|---|---|
AI Platform | Role Updated |
The following permissions have been added to the role aiplatform.entityTypes.exportFeatureValues |
AI Platform | Role Updated |
The following permissions have been added to the role aiplatform.entityTypes.exportFeatureValues |
Cloud Functions | Role Updated |
The following permissions have been added to the role cloudfunctions.functions.get cloudfunctions.functions.list cloudfunctions.operations.get cloudfunctions.operations.list |
Dataplex | Role Updated |
The following permissions have been added to the role dataplex.tasks.create dataplex.tasks.update |
Speech-to-Text | Now GA |
The role |
BigQuery | Added |
bigquery.dataPolicies.create bigquery.dataPolicies.delete bigquery.dataPolicies.get bigquery.dataPolicies.getIamPolicy bigquery.dataPolicies.list bigquery.dataPolicies.maskedGet bigquery.dataPolicies.setIamPolicy bigquery.dataPolicies.update |
BigQuery Migration API | Added |
bigquerymigration.locations.get bigquerymigration.locations.list bigquerymigration.subtaskTypes.executeTask bigquerymigration.subtasks.create bigquerymigration.subtasks.executeTask bigquerymigration.subtasks.get bigquerymigration.subtasks.list bigquerymigration.taskTypes.orchestrateTask bigquerymigration.translation.translate bigquerymigration.workflows.create bigquerymigration.workflows.delete bigquerymigration.workflows.get bigquerymigration.workflows.list bigquerymigration.workflows.orchestrateTask bigquerymigration.workflows.update bigquerymigration.workflows.writeLogs |
Compute Engine | Added |
compute.packetMirrorings.create compute.packetMirrorings.delete compute.packetMirrorings.get compute.packetMirrorings.list |
Compute Engine | Now GA |
compute.packetMirrorings.create compute.packetMirrorings.delete compute.packetMirrorings.get compute.packetMirrorings.list |
Cloud IAM changes as of 2022-04-08
Service | Change | Description |
---|---|---|
Assured Workloads | Role Updated |
The following permissions have been removed from the role cloudasset.assets.exportResource cloudasset.feeds.create cloudasset.feeds.delete cloudasset.feeds.get cloudasset.feeds.update |
Cloud Data Fusion | Role Updated |
The following permissions have been added to the role dns.managedZones.create dns.managedZones.delete dns.managedZones.get dns.managedZones.list dns.networks.bindPrivateDNSZone dns.networks.targetWithPeeringZone |
Dataproc | Role Updated |
The following permissions have been added to the role container.clusterRoleBindings.create container.clusterRoleBindings.delete container.clusterRoleBindings.get container.clusterRoleBindings.list container.clusterRoleBindings.update container.clusterRoles.bind container.clusterRoles.create container.clusterRoles.delete container.clusterRoles.escalate container.clusterRoles.get container.clusterRoles.list container.clusterRoles.update container.clusters.get container.clusters.update container.customResourceDefinitions.create container.customResourceDefinitions.delete container.customResourceDefinitions.get container.customResourceDefinitions.list container.customResourceDefinitions.update container.namespaces.create container.namespaces.delete container.namespaces.get container.namespaces.list container.namespaces.update container.operations.get container.roleBindings.create container.roleBindings.delete container.roleBindings.get container.roleBindings.list container.roleBindings.update container.roles.bind container.roles.escalate |
Recommender | Now GA |
The role |
Recommender | Now GA |
The role |
Apigee Registry | Added |
apigeeregistry.apis.create apigeeregistry.apis.delete apigeeregistry.apis.get apigeeregistry.apis.getIamPolicy apigeeregistry.apis.list apigeeregistry.apis.setIamPolicy apigeeregistry.apis.update apigeeregistry.artifacts.create apigeeregistry.artifacts.delete apigeeregistry.artifacts.get apigeeregistry.artifacts.getIamPolicy apigeeregistry.artifacts.list apigeeregistry.artifacts.setIamPolicy apigeeregistry.artifacts.update apigeeregistry.deployments.create apigeeregistry.deployments.delete apigeeregistry.deployments.get apigeeregistry.deployments.list apigeeregistry.deployments.update apigeeregistry.instances.get apigeeregistry.instances.update apigeeregistry.locations.get apigeeregistry.locations.list apigeeregistry.operations.cancel apigeeregistry.operations.delete apigeeregistry.operations.get apigeeregistry.operations.list apigeeregistry.specs.create apigeeregistry.specs.delete apigeeregistry.specs.get apigeeregistry.specs.getIamPolicy apigeeregistry.specs.list apigeeregistry.specs.setIamPolicy apigeeregistry.specs.update apigeeregistry.versions.create apigeeregistry.versions.delete apigeeregistry.versions.get apigeeregistry.versions.getIamPolicy apigeeregistry.versions.list apigeeregistry.versions.setIamPolicy apigeeregistry.versions.update |
Apigee Registry | Supported In Custom Roles |
apigeeregistry.apis.create apigeeregistry.apis.delete apigeeregistry.apis.get apigeeregistry.apis.getIamPolicy apigeeregistry.apis.list apigeeregistry.apis.setIamPolicy apigeeregistry.apis.update apigeeregistry.artifacts.create apigeeregistry.artifacts.delete apigeeregistry.artifacts.get apigeeregistry.artifacts.getIamPolicy apigeeregistry.artifacts.list apigeeregistry.artifacts.setIamPolicy apigeeregistry.artifacts.update apigeeregistry.deployments.create apigeeregistry.deployments.delete apigeeregistry.deployments.get apigeeregistry.deployments.list apigeeregistry.deployments.update apigeeregistry.instances.get apigeeregistry.instances.update apigeeregistry.locations.get apigeeregistry.locations.list apigeeregistry.operations.cancel apigeeregistry.operations.delete apigeeregistry.operations.get apigeeregistry.operations.list apigeeregistry.specs.create apigeeregistry.specs.delete apigeeregistry.specs.get apigeeregistry.specs.getIamPolicy apigeeregistry.specs.list apigeeregistry.specs.setIamPolicy apigeeregistry.specs.update apigeeregistry.versions.create apigeeregistry.versions.delete apigeeregistry.versions.get apigeeregistry.versions.getIamPolicy apigeeregistry.versions.list apigeeregistry.versions.setIamPolicy apigeeregistry.versions.update |
Anthos clusters on VMware (GKE on-prem) | Added |
gkeonprem.locations.get gkeonprem.locations.list gkeonprem.operations.cancel gkeonprem.operations.delete gkeonprem.operations.get gkeonprem.operations.list gkeonprem.vmwareClusters.create gkeonprem.vmwareClusters.delete gkeonprem.vmwareClusters.enroll gkeonprem.vmwareClusters.get gkeonprem.vmwareClusters.getIamPolicy gkeonprem.vmwareClusters.list gkeonprem.vmwareClusters.setIamPolicy gkeonprem.vmwareClusters.unenroll gkeonprem.vmwareClusters.update gkeonprem.vmwareNodePools.create gkeonprem.vmwareNodePools.delete gkeonprem.vmwareNodePools.get gkeonprem.vmwareNodePools.getIamPolicy gkeonprem.vmwareNodePools.list gkeonprem.vmwareNodePools.setIamPolicy gkeonprem.vmwareNodePools.update |
Anthos clusters on VMware (GKE on-prem) | Supported In Custom Roles |
gkeonprem.locations.get gkeonprem.locations.list gkeonprem.operations.cancel gkeonprem.operations.delete gkeonprem.operations.get gkeonprem.operations.list gkeonprem.vmwareClusters.create gkeonprem.vmwareClusters.delete gkeonprem.vmwareClusters.enroll gkeonprem.vmwareClusters.get gkeonprem.vmwareClusters.getIamPolicy gkeonprem.vmwareClusters.list gkeonprem.vmwareClusters.setIamPolicy gkeonprem.vmwareClusters.unenroll gkeonprem.vmwareClusters.update gkeonprem.vmwareNodePools.create gkeonprem.vmwareNodePools.delete gkeonprem.vmwareNodePools.get gkeonprem.vmwareNodePools.getIamPolicy gkeonprem.vmwareNodePools.list gkeonprem.vmwareNodePools.setIamPolicy gkeonprem.vmwareNodePools.update |
Memorystore for Memcached | Added |
memcache.instances.rescheduleMaintenance |
Memorystore for Memcached | Supported In Custom Roles |
memcache.instances.rescheduleMaintenance |
Memorystore for Memcached | Now GA |
memcache.instances.rescheduleMaintenance |
Recommender | Now GA |
recommender.errorReportingInsights.get recommender.errorReportingInsights.list recommender.errorReportingInsights.update recommender.errorReportingRecommendations.get recommender.errorReportingRecommendations.list recommender.errorReportingRecommendations.update |
Resource Manager | Added |
resourcemanager.tagHolds.create resourcemanager.tagHolds.delete resourcemanager.tagHolds.list |
Resource Manager | Supported In Custom Roles |
resourcemanager.tagHolds.create resourcemanager.tagHolds.delete resourcemanager.tagHolds.list |
Cloud IAM changes as of 2022-04-01
Service | Change | Description |
---|---|---|
Apigee | Role Updated |
The following permissions have been added to the role monitoring.timeSeries.list |
Apigee | Role Updated |
The following permissions have been added to the role monitoring.timeSeries.list |
Bare Metal Solution | Role Updated |
The following permissions have been added to the role baremetalsolution.luns.get baremetalsolution.luns.list |
Bare Metal Solution | Role Updated |
The following permissions have been added to the role baremetalsolution.luns.get baremetalsolution.luns.list |
Bare Metal Solution | Role Updated |
The following permissions have been added to the role baremetalsolution.luns.get baremetalsolution.luns.list |
Dataflow | Role Updated |
The following permissions have been added to the role recommender.dataflowDiagnosticsInsights.get recommender.dataflowDiagnosticsInsights.list recommender.dataflowDiagnosticsInsights.update |
Dataflow | Role Updated |
The following permissions have been added to the role recommender.dataflowDiagnosticsInsights.get recommender.dataflowDiagnosticsInsights.list recommender.dataflowDiagnosticsInsights.update |
Dataflow | Role Updated |
The following permissions have been added to the role recommender.dataflowDiagnosticsInsights.get recommender.dataflowDiagnosticsInsights.list |
Data Pipelines | Role Updated |
The following permissions have been added to the role recommender.dataflowDiagnosticsInsights.get recommender.dataflowDiagnosticsInsights.list recommender.dataflowDiagnosticsInsights.update |
Dataprep by Trifacta | Role Updated |
The following permissions have been added to the role recommender.dataflowDiagnosticsInsights.get recommender.dataflowDiagnosticsInsights.list recommender.dataflowDiagnosticsInsights.update |
Filestore | Added |
file.backups.createTagBinding file.backups.deleteTagBinding file.backups.listTagBindings file.instances.createTagBinding file.instances.deleteTagBinding file.instances.listTagBindings file.snapshots.createTagBinding file.snapshots.deleteTagBinding file.snapshots.listTagBindings |
GKE Hub | Available In Custom Roles |
gkehub.features.create gkehub.features.delete gkehub.features.get gkehub.features.getIamPolicy gkehub.features.list gkehub.features.setIamPolicy gkehub.features.update |
Notebooks | Added |
notebooks.runtimes.update |
Notebooks | Now GA |
notebooks.runtimes.update |
Cloud IAM changes as of 2022-03-25
Service | Change | Description |
---|---|---|
Recommendations AI | Role Updated |
The following permissions have been added to the role retail.retailProjects.get |
Recommendations AI | Role Updated |
The following permissions have been added to the role retail.retailProjects.get |
Recommendations AI | Role Updated |
The following permissions have been added to the role retail.retailProjects.get |
Recommendations AI | Role Updated |
The following permissions have been added to the role retail.retailProjects.get |
Firewall Insights | Role Updated |
The following permissions have been added to the role compute.networks.getEffectiveFirewalls |
Cloud Run | Role Updated |
The following permissions have been added to the role binaryauthorization.platformPolicies.evaluatePolicy |
Cloud Run | Role Updated |
The following permissions have been added to the role binaryauthorization.platformPolicies.evaluatePolicy |
Advisory Notifications | Added |
advisorynotifications.notifications.get advisorynotifications.notifications.list |
Analytics Hub | Added |
analyticshub.dataExchanges.create analyticshub.dataExchanges.delete analyticshub.dataExchanges.get analyticshub.dataExchanges.getIamPolicy analyticshub.dataExchanges.list analyticshub.dataExchanges.setIamPolicy analyticshub.dataExchanges.update analyticshub.listings.create analyticshub.listings.delete analyticshub.listings.get analyticshub.listings.getIamPolicy analyticshub.listings.list analyticshub.listings.setIamPolicy analyticshub.listings.subscribe analyticshub.listings.update |
Analytics Hub | Supported In Custom Roles |
analyticshub.dataExchanges.create analyticshub.dataExchanges.delete analyticshub.dataExchanges.get analyticshub.dataExchanges.getIamPolicy analyticshub.dataExchanges.list analyticshub.dataExchanges.setIamPolicy analyticshub.dataExchanges.update analyticshub.listings.create analyticshub.listings.delete analyticshub.listings.get analyticshub.listings.getIamPolicy analyticshub.listings.list analyticshub.listings.setIamPolicy analyticshub.listings.subscribe analyticshub.listings.update |
Apigee | Added |
apigee.keyvaluemapentries.list |
Apigee | Supported In Custom Roles |
apigee.keyvaluemapentries.list |
Apigee | Now GA |
apigee.keyvaluemapentries.list |
Artifact Registry | Added |
artifactregistry.repositories.createTagBinding artifactregistry.repositories.deleteTagBinding artifactregistry.repositories.listEffectiveTags artifactregistry.repositories.listTagBindings |
Artifact Registry | Supported In Custom Roles |
artifactregistry.repositories.createTagBinding artifactregistry.repositories.deleteTagBinding artifactregistry.repositories.listEffectiveTags artifactregistry.repositories.listTagBindings |
Artifact Registry | Now GA |
artifactregistry.repositories.createTagBinding artifactregistry.repositories.deleteTagBinding artifactregistry.repositories.listEffectiveTags artifactregistry.repositories.listTagBindings |
BigQuery | Added |
bigquery.tables.createIndex bigquery.tables.deleteIndex |
BigQuery | Supported In Custom Roles |
bigquery.tables.createIndex bigquery.tables.deleteIndex |
Compute Engine | Added |
compute.backendBuckets.setSecurityPolicy |
Compute Engine | Now GA |
compute.backendBuckets.setSecurityPolicy |
Datastore | Supported In Custom Roles |
datastore.databases.create datastore.databases.getMetadata datastore.databases.list datastore.databases.update |
Cloud Domains | Added |
domains.registrations.createTagBinding domains.registrations.deleteTagBinding domains.registrations.listTagBindings |
Cloud Domains | Now GA |
domains.registrations.createTagBinding domains.registrations.deleteTagBinding domains.registrations.listTagBindings |
Retail API | Added |
retail.retailProjects.get |
Cloud Run | Added |
run.services.createTagBinding run.services.deleteTagBinding run.services.listEffectiveTags run.services.listTagBindings |
Cloud Run | Supported In Custom Roles |
run.services.createTagBinding run.services.deleteTagBinding run.services.listEffectiveTags run.services.listTagBindings |
Cloud Run | Now GA |
run.services.createTagBinding run.services.deleteTagBinding run.services.listEffectiveTags run.services.listTagBindings |
Cloud IAM changes as of 2022-03-18
Service | Change | Description |
---|---|---|
Assured Workloads | Role Updated |
The following permissions have been added to the role assuredworkloads.violations.get assuredworkloads.violations.list |
Assured Workloads | Role Updated |
The following permissions have been added to the role assuredworkloads.violations.get assuredworkloads.violations.list |
Assured Workloads | Role Updated |
The following permissions have been added to the role assuredworkloads.violations.get assuredworkloads.violations.list |
Bare Metal Solution | Now GA |
The role |
Bare Metal Solution | Now GA |
The role |
Bare Metal Solution | Now GA |
The role |
Bare Metal Solution | Now GA |
The role |
Bare Metal Solution | Now GA |
The role |
Bare Metal Solution | Now GA |
The role |
Bare Metal Solution | Now GA |
The role |
Bare Metal Solution | Now GA |
The role |
Bare Metal Solution | Role Updated |
The following permissions have been added to the role baremetalsolution.instances.start |
Basic Role | Role Updated |
The following permissions have been added to the role assuredworkloads.violations.get assuredworkloads.violations.list |
Identity and Access Management | Role Updated |
The following permissions have been added to the role assuredworkloads.violations.list |
Identity and Access Management | Role Updated |
The following permissions have been added to the role assuredworkloads.violations.list |
Basic Role | Role Updated |
The following permissions have been added to the role assuredworkloads.violations.get assuredworkloads.violations.list |
Recommender | Now GA |
The role |
Recommender | Now GA |
The role |
Basic Role | Role Updated |
The following permissions have been added to the role assuredworkloads.violations.get assuredworkloads.violations.list |
Assured Workloads | Added |
assuredworkloads.violations.get assuredworkloads.violations.list |
Bare Metal Solution | Added |
baremetalsolution.instances.start baremetalsolution.instances.update baremetalsolution.networks.update baremetalsolution.nfsshares.get baremetalsolution.nfsshares.list baremetalsolution.nfsshares.update |
Bare Metal Solution | Supported In Custom Roles |
baremetalsolution.instances.start baremetalsolution.instances.update baremetalsolution.networks.update baremetalsolution.nfsshares.get baremetalsolution.nfsshares.list baremetalsolution.nfsshares.update |
Bare Metal Solution | Now GA |
baremetalsolution.instances.start baremetalsolution.instances.update baremetalsolution.networks.update baremetalsolution.nfsshares.get baremetalsolution.nfsshares.list baremetalsolution.nfsshares.update |
Recommender | Added |
recommender.dataflowDiagnosticsInsights.get recommender.dataflowDiagnosticsInsights.list recommender.dataflowDiagnosticsInsights.update recommender.errorReportingInsights.get recommender.errorReportingInsights.list recommender.errorReportingInsights.update recommender.errorReportingRecommendations.get recommender.errorReportingRecommendations.list recommender.errorReportingRecommendations.update |
Recommender | Supported In Custom Roles |
recommender.dataflowDiagnosticsInsights.get recommender.dataflowDiagnosticsInsights.list recommender.dataflowDiagnosticsInsights.update recommender.errorReportingInsights.get recommender.errorReportingInsights.list recommender.errorReportingInsights.update recommender.errorReportingRecommendations.get recommender.errorReportingRecommendations.list recommender.errorReportingRecommendations.update |
Recommender | Now GA |
recommender.dataflowDiagnosticsInsights.get recommender.dataflowDiagnosticsInsights.list recommender.dataflowDiagnosticsInsights.update |
Cloud IAM changes as of 2022-03-11
Service | Change | Description |
---|---|---|
App Engine flexible environment | Role Updated |
The following permissions have been added to the role compute.routes.list |
Edge Container | Now GA |
The role |
Edge Container | Now GA |
The role |
Edge Container | Now GA |
The role |
Basic Role | Role Updated |
The following permissions have been added to the role servicedirectory.networks.attach |
Backup for GKE | Now GA |
The role |
Basic Role | Role Updated |
The following permissions have been added to the role servicedirectory.networks.attach |
Retail API | Role Updated |
The following permissions have been added to the role retail.attributesConfigs.exportCatalogAttributes retail.controls.export |
Basic Role | Role Updated |
The following permissions have been added to the role retail.attributesConfigs.exportCatalogAttributes retail.controls.export |
Edge Container | Added |
edgecontainer.clusters.create edgecontainer.clusters.delete edgecontainer.clusters.generateAccessToken edgecontainer.clusters.get edgecontainer.clusters.getIamPolicy edgecontainer.clusters.list edgecontainer.clusters.setIamPolicy edgecontainer.clusters.update edgecontainer.locations.get edgecontainer.locations.list edgecontainer.machines.create edgecontainer.machines.delete edgecontainer.machines.get edgecontainer.machines.getIamPolicy edgecontainer.machines.list edgecontainer.machines.setIamPolicy edgecontainer.machines.update edgecontainer.machines.use edgecontainer.nodePools.create edgecontainer.nodePools.delete edgecontainer.nodePools.get edgecontainer.nodePools.getIamPolicy edgecontainer.nodePools.list edgecontainer.nodePools.setIamPolicy edgecontainer.nodePools.update edgecontainer.operations.cancel edgecontainer.operations.delete edgecontainer.operations.get edgecontainer.operations.list edgecontainer.vpnConnections.create edgecontainer.vpnConnections.delete edgecontainer.vpnConnections.get edgecontainer.vpnConnections.getIamPolicy edgecontainer.vpnConnections.list edgecontainer.vpnConnections.setIamPolicy edgecontainer.vpnConnections.update |
Edge Container | Supported In Custom Roles |
edgecontainer.clusters.create edgecontainer.clusters.delete edgecontainer.clusters.generateAccessToken edgecontainer.clusters.get edgecontainer.clusters.getIamPolicy edgecontainer.clusters.list edgecontainer.clusters.setIamPolicy edgecontainer.clusters.update edgecontainer.locations.get edgecontainer.locations.list edgecontainer.machines.create edgecontainer.machines.delete edgecontainer.machines.get edgecontainer.machines.getIamPolicy edgecontainer.machines.list edgecontainer.machines.setIamPolicy edgecontainer.machines.update edgecontainer.machines.use edgecontainer.nodePools.create edgecontainer.nodePools.delete edgecontainer.nodePools.get edgecontainer.nodePools.getIamPolicy edgecontainer.nodePools.list edgecontainer.nodePools.setIamPolicy edgecontainer.nodePools.update edgecontainer.operations.cancel edgecontainer.operations.delete edgecontainer.operations.get edgecontainer.operations.list edgecontainer.vpnConnections.create edgecontainer.vpnConnections.delete edgecontainer.vpnConnections.get edgecontainer.vpnConnections.getIamPolicy edgecontainer.vpnConnections.list edgecontainer.vpnConnections.setIamPolicy edgecontainer.vpnConnections.update |
Edge Container | Now GA |
edgecontainer.clusters.create edgecontainer.clusters.delete edgecontainer.clusters.generateAccessToken edgecontainer.clusters.get edgecontainer.clusters.getIamPolicy edgecontainer.clusters.list edgecontainer.clusters.setIamPolicy edgecontainer.clusters.update edgecontainer.locations.get edgecontainer.locations.list edgecontainer.machines.create edgecontainer.machines.delete edgecontainer.machines.get edgecontainer.machines.getIamPolicy edgecontainer.machines.list edgecontainer.machines.setIamPolicy edgecontainer.machines.update edgecontainer.machines.use edgecontainer.nodePools.create edgecontainer.nodePools.delete edgecontainer.nodePools.get edgecontainer.nodePools.getIamPolicy edgecontainer.nodePools.list edgecontainer.nodePools.setIamPolicy edgecontainer.nodePools.update edgecontainer.operations.cancel edgecontainer.operations.delete edgecontainer.operations.get edgecontainer.operations.list edgecontainer.vpnConnections.create edgecontainer.vpnConnections.delete edgecontainer.vpnConnections.get edgecontainer.vpnConnections.getIamPolicy edgecontainer.vpnConnections.list edgecontainer.vpnConnections.setIamPolicy edgecontainer.vpnConnections.update |
Retail API | Added |
retail.attributesConfigs.addCatalogAttribute retail.attributesConfigs.batchRemoveCatalogAttributes retail.attributesConfigs.exportCatalogAttributes retail.attributesConfigs.importCatalogAttributes retail.attributesConfigs.removeCatalogAttribute retail.attributesConfigs.replaceCatalogAttribute retail.controls.export retail.controls.import |
Storage Transfer Service | Added |
storagetransfer.agentpools.report storagetransfer.operations.assign storagetransfer.operations.report |
Storage Transfer Service | Now GA |
storagetransfer.agentpools.report storagetransfer.operations.assign storagetransfer.operations.report |
Cloud IAM changes as of 2022-03-04
Service | Change | Description |
---|---|---|
Apigee | Role Updated |
The following permissions have been added to the role apigee.envgroupattachments.get apigee.envgroupattachments.list apigee.envgroups.get apigee.envgroups.list apigee.environments.get apigee.environments.list apigee.organizations.get apigee.organizations.list resourcemanager.projects.get resourcemanager.projects.list |
Apigee | Role Updated |
The following permissions have been added to the role apigee.envgroupattachments.get apigee.envgroupattachments.list apigee.envgroups.get apigee.envgroups.list apigee.environments.get apigee.environments.list apigee.organizations.get apigee.organizations.list resourcemanager.projects.get resourcemanager.projects.list |
Dataplex | Role Updated |
The following permissions have been added to the role dataplex.operations.cancel dataplex.operations.delete dataplex.operations.get dataplex.operations.list |
Dataplex | Role Updated |
The following permissions have been added to the role dataplex.operations.get dataplex.operations.list |
Firebase | Role Updated |
The following permissions have been added to the role storage.buckets.list |
FleetEngine | Now GA |
The role |
FleetEngine | Now GA |
The role |
FleetEngine | Now GA |
The role |
FleetEngine | Now GA |
The role |
FleetEngine | Now GA |
The role |
Identity and Access Management | Now GA |
The role |
Managed Service for Microsoft Active Directory | Now GA |
The role |
Notebooks | Role Updated |
The following permissions have been added to the role iam.serviceAccounts.getAccessToken |
AI Platform | Added |
aiplatform.deploymentResourcePools.create aiplatform.deploymentResourcePools.delete aiplatform.deploymentResourcePools.get aiplatform.deploymentResourcePools.list aiplatform.deploymentResourcePools.queryDeployedModels aiplatform.deploymentResourcePools.update |
BigQuery | Added |
bigquery.connections.delegate bigquery.jobs.listExecutionMetadata |
BigQuery | Supported In Custom Roles |
bigquery.connections.delegate bigquery.jobs.listExecutionMetadata |
Cloud Key Management Service | Now GA |
cloudkms.ekmConnections.create cloudkms.ekmConnections.get cloudkms.ekmConnections.getIamPolicy cloudkms.ekmConnections.list cloudkms.ekmConnections.setIamPolicy cloudkms.ekmConnections.update cloudkms.ekmConnections.use |
FleetEngine | Added |
fleetengine.deliveryvehicles.create fleetengine.deliveryvehicles.get fleetengine.deliveryvehicles.list fleetengine.deliveryvehicles.update fleetengine.deliveryvehicles.updateLocation fleetengine.deliveryvehicles.updateVehicleStops fleetengine.tasks.create fleetengine.tasks.get fleetengine.tasks.list fleetengine.tasks.searchWithTrackingId fleetengine.tasks.update |
FleetEngine | Supported In Custom Roles |
fleetengine.deliveryvehicles.create fleetengine.deliveryvehicles.get fleetengine.deliveryvehicles.list fleetengine.deliveryvehicles.update fleetengine.deliveryvehicles.updateLocation fleetengine.deliveryvehicles.updateVehicleStops fleetengine.tasks.create fleetengine.tasks.get fleetengine.tasks.list fleetengine.tasks.searchWithTrackingId fleetengine.tasks.update |
FleetEngine | Now GA |
fleetengine.deliveryvehicles.create fleetengine.deliveryvehicles.get fleetengine.deliveryvehicles.list fleetengine.deliveryvehicles.update fleetengine.deliveryvehicles.updateLocation fleetengine.deliveryvehicles.updateVehicleStops fleetengine.tasks.create fleetengine.tasks.get fleetengine.tasks.list fleetengine.tasks.searchWithTrackingId fleetengine.tasks.update |
Cloud IAM changes as of 2022-02-25
Service | Change | Description |
---|---|---|
Dataform | Now GA |
The role |
Firestore | Role Updated |
The following permissions have been added to the role storage.objects.delete |
KRM API Hosting | Now GA |
The role |
KRM API Hosting | Now GA |
The role |
Managed Service for Microsoft Active Directory | Now GA |
The role |
Managed Service for Microsoft Active Directory | Now GA |
The role |
Dataform | Now GA |
The role |
Dialogflow | Added |
dialogflow.integrations.create dialogflow.integrations.delete dialogflow.integrations.get dialogflow.integrations.list dialogflow.integrations.update |
Dialogflow | Now GA |
dialogflow.integrations.create dialogflow.integrations.delete dialogflow.integrations.get dialogflow.integrations.list dialogflow.integrations.update |
Cloud Data Loss Prevention | Added |
dlp.locations.get dlp.locations.list |
Cloud Data Loss Prevention | Supported In Custom Roles |
dlp.locations.get dlp.locations.list |
Cloud Data Loss Prevention | Now GA |
dlp.locations.get dlp.locations.list |
Eventarc | Added |
eventarc.providers.get eventarc.providers.list |
Eventarc | Supported In Custom Roles |
eventarc.providers.get eventarc.providers.list |
Eventarc | Now GA |
eventarc.providers.get eventarc.providers.list |
KRM API Hosting | Now GA |
krmapihosting.krmApiHosts.create krmapihosting.krmApiHosts.delete krmapihosting.krmApiHosts.get krmapihosting.krmApiHosts.getIamPolicy krmapihosting.krmApiHosts.list krmapihosting.krmApiHosts.setIamPolicy krmapihosting.krmApiHosts.update krmapihosting.locations.get krmapihosting.locations.list krmapihosting.operations.cancel krmapihosting.operations.delete krmapihosting.operations.get krmapihosting.operations.list |
Managed Service for Microsoft Active Directory | Added |
managedidentities.backups.create managedidentities.backups.delete managedidentities.backups.get managedidentities.backups.getIamPolicy managedidentities.backups.list managedidentities.backups.setIamPolicy managedidentities.backups.update managedidentities.domains.createTagBinding managedidentities.domains.deleteTagBinding managedidentities.domains.listTagBindings managedidentities.domains.restore |
Managed Service for Microsoft Active Directory | Supported In Custom Roles |
managedidentities.backups.create managedidentities.backups.delete managedidentities.backups.get managedidentities.backups.getIamPolicy managedidentities.backups.list managedidentities.backups.setIamPolicy managedidentities.backups.update managedidentities.domains.restore |
Managed Service for Microsoft Active Directory | Now GA |
managedidentities.backups.create managedidentities.backups.delete managedidentities.backups.get managedidentities.backups.getIamPolicy managedidentities.backups.list managedidentities.backups.setIamPolicy managedidentities.backups.update managedidentities.domains.createTagBinding managedidentities.domains.deleteTagBinding managedidentities.domains.listTagBindings managedidentities.domains.restore |
Cloud IAM changes as of 2022-02-18
Service | Change | Description |
---|---|---|
Datastore | Role Updated |
The following permissions have been added to the role datastore.databases.getMetadata |
Datastore | Role Updated |
The following permissions have been added to the role datastore.databases.getMetadata |
Datastore | Role Updated |
The following permissions have been added to the role datastore.databases.getMetadata |
Firebase Mods | Role Updated |
The following permissions have been added to the role appengine.applications.get cloudtasks.locations.get cloudtasks.locations.list cloudtasks.queues.create cloudtasks.queues.delete cloudtasks.queues.get cloudtasks.queues.getIamPolicy cloudtasks.queues.list cloudtasks.queues.pause cloudtasks.queues.purge cloudtasks.queues.resume cloudtasks.queues.setIamPolicy cloudtasks.queues.update cloudtasks.tasks.create cloudtasks.tasks.fullView |
GKE Hub | Role Updated |
The following permissions have been added to the role gkehub.fleet.create gkehub.fleet.get |
Binary Authorization | Added |
binaryauthorization.platformPolicies.create binaryauthorization.platformPolicies.delete binaryauthorization.platformPolicies.evaluatePolicy binaryauthorization.platformPolicies.get binaryauthorization.platformPolicies.list binaryauthorization.platformPolicies.replace binaryauthorization.policy.evaluatePolicy |
Binary Authorization | Supported In Custom Roles |
binaryauthorization.platformPolicies.create binaryauthorization.platformPolicies.delete binaryauthorization.platformPolicies.evaluatePolicy binaryauthorization.platformPolicies.get binaryauthorization.platformPolicies.list binaryauthorization.platformPolicies.replace binaryauthorization.policy.evaluatePolicy |
Compute Engine | Added |
compute.networks.getRegionEffectiveFirewalls compute.networks.setFirewallPolicy compute.regionFirewallPolicies.cloneRules compute.regionFirewallPolicies.create compute.regionFirewallPolicies.delete compute.regionFirewallPolicies.get compute.regionFirewallPolicies.getIamPolicy compute.regionFirewallPolicies.list compute.regionFirewallPolicies.setIamPolicy compute.regionFirewallPolicies.update compute.regionFirewallPolicies.use |
Compute Engine | Now GA |
compute.networks.getRegionEffectiveFirewalls compute.networks.setFirewallPolicy compute.regionFirewallPolicies.cloneRules compute.regionFirewallPolicies.create compute.regionFirewallPolicies.delete compute.regionFirewallPolicies.get compute.regionFirewallPolicies.getIamPolicy compute.regionFirewallPolicies.list compute.regionFirewallPolicies.setIamPolicy compute.regionFirewallPolicies.update compute.regionFirewallPolicies.use |
KRM API Hosting | Added |
krmapihosting.krmApiHosts.create krmapihosting.krmApiHosts.delete krmapihosting.krmApiHosts.get krmapihosting.krmApiHosts.getIamPolicy krmapihosting.krmApiHosts.list krmapihosting.krmApiHosts.setIamPolicy krmapihosting.krmApiHosts.update krmapihosting.locations.get krmapihosting.locations.list krmapihosting.operations.cancel krmapihosting.operations.delete krmapihosting.operations.get krmapihosting.operations.list |
KRM API Hosting | Supported In Custom Roles |
krmapihosting.krmApiHosts.create krmapihosting.krmApiHosts.delete krmapihosting.krmApiHosts.get krmapihosting.krmApiHosts.getIamPolicy krmapihosting.krmApiHosts.list krmapihosting.krmApiHosts.setIamPolicy krmapihosting.krmApiHosts.update krmapihosting.locations.get krmapihosting.locations.list krmapihosting.operations.cancel krmapihosting.operations.delete krmapihosting.operations.get krmapihosting.operations.list |
Cloud OS Config | Added |
osconfig.patchDeployments.pause osconfig.patchDeployments.resume |
Cloud OS Config | Now GA |
osconfig.patchDeployments.pause osconfig.patchDeployments.resume |
Service Networking | Added |
servicenetworking.services.use |
Cloud IAM changes as of 2022-02-11
Service | Change | Description |
---|---|---|
AI Platform | Role Added |
The role aiplatform.googleapis.com/tensorboards.recordAccess aiplatform.tensorboards.recordAccess |
AI Platform | Role Updated |
The following permissions have been added to the role aiplatform.tensorboards.recordAccess |
App Engine flexible environment | Role Updated |
The following permissions have been added to the role compute.routes.get compute.subnetworks.get |
Binary Authorization | Role Updated |
The following permissions have been added to the role cloudasset.assets.exportResource |
Firebase | Role Updated |
The following permissions have been added to the role datastore.databases.getMetadata |
Firebase | Role Updated |
The following permissions have been added to the role serviceusage.services.use |
Firebase | Role Updated |
The following permissions have been added to the role datastore.databases.getMetadata |
Notebooks | Role Updated |
The following permissions have been added to the role dataproc.clusters.use |
Recommender | Role Updated |
The following permissions have been added to the role monitoring.timeSeries.list |
Recommender | Role Updated |
The following permissions have been added to the role monitoring.timeSeries.list |
Security Command Center | Now GA |
The role |
Security Command Center | Now GA |
The role |
Visual Inspection AI | Role Updated |
The following permissions have been added to the role aiplatform.tensorboards.recordAccess |
AI Platform | Added |
aiplatform.tensorboards.recordAccess |
Cloud Healthcare API | Added |
healthcare.nlpservice.analyzeEntities |
Cloud Healthcare API | Now GA |
healthcare.nlpservice.analyzeEntities |
Dataproc Metastore | Added |
metastore.services.use |
Dataproc Metastore | Supported In Custom Roles |
metastore.services.use |
Security Command Center | Added |
securitycenter.bigQueryExports.create securitycenter.bigQueryExports.delete securitycenter.bigQueryExports.get securitycenter.bigQueryExports.list securitycenter.bigQueryExports.update |
Security Command Center | Supported In Custom Roles |
securitycenter.bigQueryExports.create securitycenter.bigQueryExports.delete securitycenter.bigQueryExports.get securitycenter.bigQueryExports.list securitycenter.bigQueryExports.update |
Security Command Center | Now GA |
securitycenter.bigQueryExports.create securitycenter.bigQueryExports.delete securitycenter.bigQueryExports.get securitycenter.bigQueryExports.list securitycenter.bigQueryExports.update |
Cloud TPU | Added |
tpu.nodes.update |
Cloud TPU | Supported In Custom Roles |
tpu.nodes.update |
Cloud TPU | Now GA |
tpu.nodes.update |
Cloud IAM changes as of 2022-01-28
Service | Change | Description |
---|---|---|
Cloud Composer | Role Updated |
The following permissions have been added to the role storage.multipartUploads.abort storage.multipartUploads.create storage.multipartUploads.list storage.multipartUploads.listParts |
Cloud Composer | Role Updated |
The following permissions have been added to the role storage.multipartUploads.abort storage.multipartUploads.create storage.multipartUploads.list storage.multipartUploads.listParts |
Dataplex | Now GA |
The role |
Dataprep by Trifacta | Role Updated |
The following permissions have been added to the role storage.multipartUploads.abort storage.multipartUploads.create storage.multipartUploads.list storage.multipartUploads.listParts |
Basic Role | Role Updated |
The following permissions have been added to the role bigquery.config.update |
Firebase | Role Updated |
The following permissions have been added to the role storage.multipartUploads.abort storage.multipartUploads.create storage.multipartUploads.list storage.multipartUploads.listParts |
Notebooks | Role Updated |
The following permissions have been added to the role dataproc.clusters.get dataproc.jobs.cancel dataproc.jobs.create dataproc.jobs.delete dataproc.jobs.get dataproc.jobs.list dataproc.jobs.update |
Cloud Storage | Role Updated |
The following permissions have been added to the role storage.multipartUploads.abort storage.multipartUploads.create storage.multipartUploads.list storage.multipartUploads.listParts |
Data Pipelines | Added |
datapipelines.jobs.list |
Data Pipelines | Supported In Custom Roles |
datapipelines.jobs.list |
Data Pipelines | Now GA |
datapipelines.jobs.list |
Dataproc | Added |
dataproc.batches.cancel dataproc.batches.create dataproc.batches.delete dataproc.batches.get dataproc.batches.list |
Dataproc | Supported In Custom Roles |
dataproc.batches.cancel dataproc.batches.create dataproc.batches.delete dataproc.batches.get dataproc.batches.list |
Dataproc | Now GA |
dataproc.batches.cancel dataproc.batches.create dataproc.batches.delete dataproc.batches.get dataproc.batches.list |
Identity and Access Management | Supported In Custom Roles |
iam.denypolicies.get iam.denypolicies.list |
Dataproc Metastore | Added |
metastore.databases.create metastore.databases.delete metastore.databases.get metastore.databases.getIamPolicy metastore.databases.list metastore.databases.setIamPolicy metastore.databases.update metastore.tables.create metastore.tables.delete metastore.tables.get metastore.tables.getIamPolicy metastore.tables.list metastore.tables.setIamPolicy metastore.tables.update |
Dataproc Metastore | Supported In Custom Roles |
metastore.databases.create metastore.databases.delete metastore.databases.get metastore.databases.getIamPolicy metastore.databases.list metastore.databases.setIamPolicy metastore.databases.update metastore.tables.create metastore.tables.delete metastore.tables.get metastore.tables.getIamPolicy metastore.tables.list metastore.tables.setIamPolicy metastore.tables.update |
Workflows | Added |
workflows.callbacks.send |
Workflows | Supported In Custom Roles |
workflows.callbacks.send |
Workflows | Now GA |
workflows.callbacks.send |
Cloud IAM changes as of 2022-01-14
Service | Change | Description |
---|---|---|
Data Catalog | Now GA |
The role |
Data Catalog | Now GA |
The role |
Dataplex | Now GA |
The role |
Dataplex | Now GA |
The role |
Dataplex | Now GA |
The role |
Dataplex | Now GA |
The role |
Dataplex | Now GA |
The role |
Dataplex | Now GA |
The role |
Dataplex | Now GA |
The role |
Dataplex | Now GA |
The role |
Dataplex | Now GA |
The role |
Dataplex | Now GA |
The role |
Dataplex | Now GA |
The role |
Dataplex | Now GA |
The role |
Dialogflow | Role Updated |
The following permissions have been added to the role speech.customClasses.get speech.customClasses.list speech.phraseSets.get speech.phraseSets.list |
Firebase Mods | Role Updated |
The following permissions have been added to the role artifactregistry.packages.delete |
Cloud OS Config | Now GA |
The role |
Cloud OS Config | Now GA |
The role |
Cloud OS Config | Now GA |
The role |
Cloud OS Config | Now GA |
The role |
Recommender | Now GA |
The role |
Recommender | Now GA |
The role |
Security Command Center | Role Updated |
The following permissions have been added to the role compute.instances.get |
Cloud Functions | Added |
cloudfunctions.runtimes.list |
Cloud Functions | Now GA |
cloudfunctions.runtimes.list |
Cloud Key Management Service | Added |
cloudkms.ekmConnections.create cloudkms.ekmConnections.get cloudkms.ekmConnections.getIamPolicy cloudkms.ekmConnections.list cloudkms.ekmConnections.setIamPolicy cloudkms.ekmConnections.update cloudkms.ekmConnections.use |
Data Catalog | Supported In Custom Roles |
datacatalog.categories.fineGrainedGet datacatalog.categories.getIamPolicy datacatalog.categories.setIamPolicy datacatalog.taxonomies.create datacatalog.taxonomies.delete datacatalog.taxonomies.get datacatalog.taxonomies.getIamPolicy datacatalog.taxonomies.list datacatalog.taxonomies.setIamPolicy datacatalog.taxonomies.update |
Data Catalog | Now GA |
datacatalog.categories.fineGrainedGet datacatalog.categories.getIamPolicy datacatalog.categories.setIamPolicy datacatalog.taxonomies.create datacatalog.taxonomies.delete datacatalog.taxonomies.get datacatalog.taxonomies.getIamPolicy datacatalog.taxonomies.list datacatalog.taxonomies.setIamPolicy datacatalog.taxonomies.update |
Dataflow | Supported In Custom Roles |
dataflow.shuffle.read dataflow.shuffle.write dataflow.streamingWorkItems.commitWork dataflow.streamingWorkItems.getData dataflow.streamingWorkItems.getWork dataflow.workItems.lease dataflow.workItems.sendMessage dataflow.workItems.update |
Dataflow | Now GA |
dataflow.shuffle.read dataflow.shuffle.write dataflow.streamingWorkItems.commitWork dataflow.streamingWorkItems.getData dataflow.streamingWorkItems.getWork dataflow.workItems.lease dataflow.workItems.sendMessage dataflow.workItems.update |
Dataplex | Added |
dataplex.assetActions.list dataplex.assets.create dataplex.assets.delete dataplex.assets.get dataplex.assets.getIamPolicy dataplex.assets.list dataplex.assets.ownData dataplex.assets.readData dataplex.assets.setIamPolicy dataplex.assets.update dataplex.assets.writeData dataplex.content.create dataplex.content.delete dataplex.content.get dataplex.content.getIamPolicy dataplex.content.list dataplex.content.setIamPolicy dataplex.content.update dataplex.entities.create dataplex.entities.delete dataplex.entities.get dataplex.entities.list dataplex.entities.update dataplex.environments.create dataplex.environments.delete dataplex.environments.execute dataplex.environments.get dataplex.environments.getIamPolicy dataplex.environments.list dataplex.environments.setIamPolicy dataplex.environments.update dataplex.lakeActions.list dataplex.lakes.create dataplex.lakes.delete dataplex.lakes.get dataplex.lakes.getIamPolicy dataplex.lakes.list dataplex.lakes.setIamPolicy dataplex.lakes.update dataplex.locations.get dataplex.locations.list dataplex.operations.cancel dataplex.operations.delete dataplex.operations.get dataplex.operations.list dataplex.partitions.create dataplex.partitions.delete dataplex.partitions.get dataplex.partitions.list dataplex.partitions.update dataplex.tasks.cancel dataplex.tasks.create dataplex.tasks.delete dataplex.tasks.get dataplex.tasks.getIamPolicy dataplex.tasks.list dataplex.tasks.setIamPolicy dataplex.tasks.update dataplex.zoneActions.list dataplex.zones.create dataplex.zones.delete dataplex.zones.get dataplex.zones.getIamPolicy dataplex.zones.list dataplex.zones.setIamPolicy dataplex.zones.update |
Dataplex | Supported In Custom Roles |
dataplex.assetActions.list dataplex.assets.create dataplex.assets.delete dataplex.assets.get dataplex.assets.getIamPolicy dataplex.assets.list dataplex.assets.setIamPolicy dataplex.assets.update dataplex.content.create dataplex.content.delete dataplex.content.get dataplex.content.getIamPolicy dataplex.content.list dataplex.content.setIamPolicy dataplex.content.update dataplex.entities.create dataplex.entities.delete dataplex.entities.get dataplex.entities.list dataplex.entities.update dataplex.environments.create dataplex.environments.delete dataplex.environments.execute dataplex.environments.get dataplex.environments.getIamPolicy dataplex.environments.list dataplex.environments.setIamPolicy dataplex.environments.update dataplex.lakeActions.list dataplex.lakes.create dataplex.lakes.delete dataplex.lakes.get dataplex.lakes.getIamPolicy dataplex.lakes.list dataplex.lakes.setIamPolicy dataplex.lakes.update dataplex.locations.get dataplex.locations.list dataplex.operations.cancel dataplex.operations.delete dataplex.operations.get dataplex.operations.list dataplex.partitions.create dataplex.partitions.delete dataplex.partitions.get dataplex.partitions.list dataplex.partitions.update dataplex.tasks.cancel dataplex.tasks.create dataplex.tasks.delete dataplex.tasks.get dataplex.tasks.getIamPolicy dataplex.tasks.list dataplex.tasks.setIamPolicy dataplex.tasks.update dataplex.zoneActions.list dataplex.zones.create dataplex.zones.delete dataplex.zones.get dataplex.zones.getIamPolicy dataplex.zones.list dataplex.zones.setIamPolicy dataplex.zones.update |
Dataplex | Now GA |
dataplex.assetActions.list dataplex.assets.create dataplex.assets.delete dataplex.assets.get dataplex.assets.getIamPolicy dataplex.assets.list dataplex.assets.ownData dataplex.assets.readData dataplex.assets.setIamPolicy dataplex.assets.update dataplex.assets.writeData dataplex.content.create dataplex.content.delete dataplex.content.get dataplex.content.getIamPolicy dataplex.content.list dataplex.content.setIamPolicy dataplex.content.update dataplex.entities.create dataplex.entities.delete dataplex.entities.get dataplex.entities.list dataplex.entities.update dataplex.environments.create dataplex.environments.delete dataplex.environments.execute dataplex.environments.get dataplex.environments.getIamPolicy dataplex.environments.list dataplex.environments.setIamPolicy dataplex.environments.update dataplex.lakeActions.list dataplex.lakes.create dataplex.lakes.delete dataplex.lakes.get dataplex.lakes.getIamPolicy dataplex.lakes.list dataplex.lakes.setIamPolicy dataplex.lakes.update dataplex.locations.get dataplex.locations.list dataplex.operations.cancel dataplex.operations.delete dataplex.operations.get dataplex.operations.list dataplex.partitions.create dataplex.partitions.delete dataplex.partitions.get dataplex.partitions.list dataplex.partitions.update dataplex.tasks.cancel dataplex.tasks.create dataplex.tasks.delete dataplex.tasks.get dataplex.tasks.getIamPolicy dataplex.tasks.list dataplex.tasks.setIamPolicy dataplex.tasks.update dataplex.zoneActions.list dataplex.zones.create dataplex.zones.delete dataplex.zones.get dataplex.zones.getIamPolicy dataplex.zones.list dataplex.zones.setIamPolicy dataplex.zones.update |
Eventarc | Added |
eventarc.events.receiveEvent |
Eventarc | Now GA |
eventarc.events.receiveEvent |
Cloud OS Config | Now GA |
osconfig.osPolicyAssignmentReports.get osconfig.osPolicyAssignmentReports.list osconfig.osPolicyAssignments.create osconfig.osPolicyAssignments.delete osconfig.osPolicyAssignments.get osconfig.osPolicyAssignments.list osconfig.osPolicyAssignments.update |
Recommender | Now GA |
recommender.resourcemanagerProjectUtilizationInsights.get recommender.resourcemanagerProjectUtilizationInsights.list recommender.resourcemanagerProjectUtilizationInsights.update recommender.resourcemanagerProjectUtilizationRecommendations.get recommender.resourcemanagerProjectUtilizationRecommendations.list recommender.resourcemanagerProjectUtilizationRecommendations.update |
Security Command Center | Added |
securitycenter.virtualmachinethreatdetectionsettings.calculate securitycenter.virtualmachinethreatdetectionsettings.get securitycenter.virtualmachinethreatdetectionsettings.update |
Security Command Center | Supported In Custom Roles |
securitycenter.virtualmachinethreatdetectionsettings.calculate securitycenter.virtualmachinethreatdetectionsettings.get securitycenter.virtualmachinethreatdetectionsettings.update |
Security Command Center | Now GA |
securitycenter.virtualmachinethreatdetectionsettings.calculate securitycenter.virtualmachinethreatdetectionsettings.get securitycenter.virtualmachinethreatdetectionsettings.update |
Cloud IAM changes as of 2021-12-03
Service | Change | Description |
---|---|---|
Anthos Service Mesh | Role Updated |
The following permissions have been added to the role container.namespaces.create |
Apigee | Now GA |
The role |
Apigee | Now GA |
The role |
Cloud Build | Role Updated |
The following permissions have been added to the role logging.logEntries.list logging.privateLogEntries.list logging.views.access |
Cloud Build | Role Updated |
The following permissions have been added to the role logging.logEntries.list logging.privateLogEntries.list logging.views.access |
Cloud Composer | Role Updated |
The following permissions have been added to the role orgpolicy.policy.get |
Cloud Composer | Role Updated |
The following permissions have been added to the role logging.logEntries.list logging.privateLogEntries.list logging.views.access orgpolicy.policy.get |
Dataflow | Role Updated |
The following permissions have been added to the role orgpolicy.policy.get |
Cloud Data Fusion | Role Updated |
The following permissions have been added to the role orgpolicy.policy.get |
Data Pipelines | Role Updated |
The following permissions have been added to the role orgpolicy.policy.get |
Dataprep by Trifacta | Role Updated |
The following permissions have been added to the role orgpolicy.policy.get |
Dataproc | Role Updated |
The following permissions have been added to the role orgpolicy.policy.get |
Cloud Data Loss Prevention | Role Updated |
The following permissions have been added to the role orgpolicy.policy.get |
Firebase | Role Updated |
The following permissions have been added to the role orgpolicy.policy.get |
Firebase | Role Updated |
The following permissions have been added to the role orgpolicy.policy.get |
Firebase | Role Updated |
The following permissions have been added to the role orgpolicy.policy.get |
AI Platform | Role Updated |
The following permissions have been added to the role orgpolicy.policy.get |
Cloud Storage | Role Updated |
The following permissions have been added to the role orgpolicy.policy.get |
Cloud Storage | Role Updated |
The following permissions have been added to the role orgpolicy.policy.get |
Cloud Storage | Role Updated |
The following permissions have been added to the role orgpolicy.policy.get |
Cloud Storage | Role Updated |
The following permissions have been added to the role orgpolicy.policy.get |
Visual Inspection AI | Role Updated |
The following permissions have been added to the role orgpolicy.policy.get |
Certificate Manager | Added |
certificatemanager.certmapentries.create certificatemanager.certmapentries.delete certificatemanager.certmapentries.get certificatemanager.certmapentries.getIamPolicy certificatemanager.certmapentries.list certificatemanager.certmapentries.setIamPolicy certificatemanager.certmapentries.update certificatemanager.certmaps.create certificatemanager.certmaps.delete certificatemanager.certmaps.get certificatemanager.certmaps.getIamPolicy certificatemanager.certmaps.list certificatemanager.certmaps.setIamPolicy certificatemanager.certmaps.update certificatemanager.certmaps.use certificatemanager.certs.create certificatemanager.certs.delete certificatemanager.certs.get certificatemanager.certs.getIamPolicy certificatemanager.certs.list certificatemanager.certs.setIamPolicy certificatemanager.certs.update certificatemanager.certs.use certificatemanager.dnsauthorizations.create certificatemanager.dnsauthorizations.delete certificatemanager.dnsauthorizations.get certificatemanager.dnsauthorizations.getIamPolicy certificatemanager.dnsauthorizations.list certificatemanager.dnsauthorizations.setIamPolicy certificatemanager.dnsauthorizations.update certificatemanager.dnsauthorizations.use certificatemanager.locations.get certificatemanager.locations.list certificatemanager.operations.cancel certificatemanager.operations.delete certificatemanager.operations.get certificatemanager.operations.list |
Certificate Manager | Supported In Custom Roles |
certificatemanager.certmapentries.create certificatemanager.certmapentries.delete certificatemanager.certmapentries.get certificatemanager.certmapentries.getIamPolicy certificatemanager.certmapentries.list certificatemanager.certmapentries.setIamPolicy certificatemanager.certmapentries.update certificatemanager.certmaps.create certificatemanager.certmaps.delete certificatemanager.certmaps.get certificatemanager.certmaps.getIamPolicy certificatemanager.certmaps.list certificatemanager.certmaps.setIamPolicy certificatemanager.certmaps.update certificatemanager.certmaps.use certificatemanager.certs.create certificatemanager.certs.delete certificatemanager.certs.get certificatemanager.certs.getIamPolicy certificatemanager.certs.list certificatemanager.certs.setIamPolicy certificatemanager.certs.update certificatemanager.certs.use certificatemanager.dnsauthorizations.create certificatemanager.dnsauthorizations.delete certificatemanager.dnsauthorizations.get certificatemanager.dnsauthorizations.getIamPolicy certificatemanager.dnsauthorizations.list certificatemanager.dnsauthorizations.setIamPolicy certificatemanager.dnsauthorizations.update certificatemanager.dnsauthorizations.use certificatemanager.locations.get certificatemanager.locations.list certificatemanager.operations.cancel certificatemanager.operations.delete certificatemanager.operations.get certificatemanager.operations.list |
Compute Engine | Added |
compute.commitments.update |
Compute Engine | Supported In Custom Roles |
compute.commitments.update |
Compute Engine | Now GA |
compute.commitments.update |
Cloud Commerce Consumer Procurement | Added |
consumerprocurement.orderAttributions.get consumerprocurement.orderAttributions.list consumerprocurement.orderAttributions.update |
Cloud Commerce Consumer Procurement | Supported In Custom Roles |
consumerprocurement.orderAttributions.get consumerprocurement.orderAttributions.list consumerprocurement.orderAttributions.update |
Data Connectors | Added |
dataconnectors.connectors.create dataconnectors.connectors.delete dataconnectors.connectors.get dataconnectors.connectors.getIamPolicy dataconnectors.connectors.list dataconnectors.connectors.setIamPolicy dataconnectors.connectors.update dataconnectors.connectors.use dataconnectors.locations.get dataconnectors.locations.list dataconnectors.operations.cancel dataconnectors.operations.delete dataconnectors.operations.get dataconnectors.operations.list |
Data Connectors | Supported In Custom Roles |
dataconnectors.connectors.create dataconnectors.connectors.delete dataconnectors.connectors.get dataconnectors.connectors.getIamPolicy dataconnectors.connectors.list dataconnectors.connectors.setIamPolicy dataconnectors.connectors.update dataconnectors.connectors.use dataconnectors.locations.get dataconnectors.locations.list dataconnectors.operations.cancel dataconnectors.operations.delete dataconnectors.operations.get dataconnectors.operations.list |
Dataflow | Added |
dataflow.shuffle.read dataflow.shuffle.write dataflow.streamingWorkItems.commitWork dataflow.streamingWorkItems.getData dataflow.streamingWorkItems.getWork dataflow.workItems.lease dataflow.workItems.sendMessage dataflow.workItems.update |
Network Services | Added |
networkservices.serviceBindings.create networkservices.serviceBindings.delete networkservices.serviceBindings.get networkservices.serviceBindings.list networkservices.serviceBindings.update |
VM Migration | Added |
vmmigration.datacenterConnectors.update |
VM Migration | Supported In Custom Roles |
vmmigration.datacenterConnectors.update |
Cloud IAM changes as of 2021-11-12
Service | Change | Description |
---|---|---|
AI Platform | Role Updated |
The following permissions have been added to the role resourcemanager.projects.get resourcemanager.projects.list |
AI Platform | Role Updated |
The following permissions have been added to the role resourcemanager.projects.get resourcemanager.projects.list |
AI Platform | Role Updated |
The following permissions have been added to the role resourcemanager.projects.get resourcemanager.projects.list |
AI Platform | Role Updated |
The following permissions have been added to the role resourcemanager.projects.get resourcemanager.projects.list |
Anthos Service Mesh | Role Updated |
The following permissions have been added to the role container.clusterRoles.update |
Apigee | Now GA |
The role |
Apigee | Now GA |
The role |
Apigee | Role Updated |
The following permissions have been added to the role apigee.environments.update |
Binary Authorization | Role Updated |
The following permissions have been added to the role cloudasset.feeds.create cloudasset.feeds.delete cloudasset.feeds.get cloudasset.feeds.update |
Compute Engine | Role Updated |
The following permissions have been added to the role networksecurity.clientTlsPolicies.get networksecurity.clientTlsPolicies.list networksecurity.clientTlsPolicies.use networksecurity.serverTlsPolicies.get networksecurity.serverTlsPolicies.list networksecurity.serverTlsPolicies.use |
Datastore | Now GA |
The role |
Dialogflow | Role Updated |
The following permissions have been added to the role dlp.deidentifyTemplates.get dlp.deidentifyTemplates.list |
Cloud Data Loss Prevention | Role Updated |
The following permissions have been added to the role dlp.deidentifyTemplates.get dlp.deidentifyTemplates.list |
Google Earth Engine | Role Updated |
The following permissions have been added to the role serviceusage.services.get |
Enterprise Knowledge Graph | Role Updated |
The following permissions have been added to the role bigquery.readsessions.getData |
Firebase App Check | Now GA |
The role |
Anthos Multi-Cloud | Now GA |
The role |
Anthos Multi-Cloud | Now GA |
The role |
Anthos Multi-Cloud | Now GA |
The role |
Dataproc Metastore | Role Updated |
The following permissions have been added to the role servicedirectory.namespaces.create servicedirectory.namespaces.delete servicedirectory.services.create servicedirectory.services.delete |
Cloud Monitoring | Role Updated |
The following permissions have been added to the role servicedirectory.networks.access servicedirectory.services.resolve |
Multi Cluster Ingress | Role Updated |
The following permissions have been added to the role compute.subnetworks.use |
Network Connectivity Center | Role Updated |
The following permissions have been added to the role networkconnectivity.operations.get networkconnectivity.operations.list |
Security Command Center | Now GA |
The role |
Security Command Center | Now GA |
The role |
Security Command Center | Now GA |
The role |
Security Command Center | Now GA |
The role |
Security Command Center | Now GA |
The role |
Web Security Scanner | Role Updated |
The following permissions have been added to the role cloudasset.assets.listResource |
AI Platform | Added |
aiplatform.tensorboardRuns.batchCreate aiplatform.tensorboardTimeSeries.batchCreate aiplatform.tensorboardTimeSeries.batchRead |
Apigee | Added |
apigee.developerbalances.adjust |
Apigee | Supported In Custom Roles |
apigee.developerbalances.adjust |
Apigee | Now GA |
apigee.developerbalances.adjust |
Artifact Registry | Added |
artifactregistry.dockerimages.get artifactregistry.dockerimages.list |
Artifact Registry | Now GA |
artifactregistry.dockerimages.get artifactregistry.dockerimages.list |
Compute Engine | Added |
compute.disks.createTagBinding compute.disks.deleteTagBinding compute.disks.listTagBindings compute.images.createTagBinding compute.images.deleteTagBinding compute.images.listTagBindings compute.snapshots.createTagBinding compute.snapshots.deleteTagBinding compute.snapshots.listTagBindings |
Compute Engine | Now GA |
compute.disks.createTagBinding compute.disks.deleteTagBinding compute.disks.listTagBindings compute.images.createTagBinding compute.images.deleteTagBinding compute.images.listTagBindings compute.machineImages.create compute.machineImages.delete compute.machineImages.get compute.machineImages.getIamPolicy compute.machineImages.list compute.machineImages.setIamPolicy compute.machineImages.useReadOnly compute.snapshots.createTagBinding compute.snapshots.deleteTagBinding compute.snapshots.listTagBindings |
Datastore | Added |
datastore.keyVisualizerScans.get datastore.keyVisualizerScans.list |
Datastore | Now GA |
datastore.keyVisualizerScans.get datastore.keyVisualizerScans.list |
Datastream | Added |
datastream.objects.get datastream.objects.list datastream.objects.startBackfillJob datastream.objects.stopBackfillJob |
Document AI | Added |
documentai.datasetSchemas.get documentai.datasetSchemas.update documentai.datasets.get documentai.datasets.update documentai.processorTypes.get |
Firebase App Check | Added |
firebaseappcheck.recaptchaEnterpriseConfig.get firebaseappcheck.recaptchaEnterpriseConfig.update |
Firebase App Check | Supported In Custom Roles |
firebaseappcheck.recaptchaEnterpriseConfig.get firebaseappcheck.recaptchaEnterpriseConfig.update |
GKE Hub | Added |
gkehub.fleet.create gkehub.fleet.delete gkehub.fleet.get gkehub.fleet.update |
GKE Hub | Now GA |
gkehub.fleet.create gkehub.fleet.delete gkehub.fleet.get gkehub.fleet.update |
Anthos Multi-Cloud | Added |
gkemulticloud.awsClusters.generateAccessToken gkemulticloud.azureClusters.generateAccessToken |
Anthos Multi-Cloud | Now GA |
gkemulticloud.awsClusters.create gkemulticloud.awsClusters.delete gkemulticloud.awsClusters.generateAccessToken gkemulticloud.awsClusters.get gkemulticloud.awsClusters.getAdminKubeconfig gkemulticloud.awsClusters.list gkemulticloud.awsClusters.update gkemulticloud.awsNodePools.create gkemulticloud.awsNodePools.delete gkemulticloud.awsNodePools.get gkemulticloud.awsNodePools.list gkemulticloud.awsNodePools.update gkemulticloud.awsServerConfigs.get gkemulticloud.azureClients.create gkemulticloud.azureClients.delete gkemulticloud.azureClients.get gkemulticloud.azureClients.list gkemulticloud.azureClusters.create gkemulticloud.azureClusters.delete gkemulticloud.azureClusters.generateAccessToken gkemulticloud.azureClusters.get gkemulticloud.azureClusters.getAdminKubeconfig gkemulticloud.azureClusters.list gkemulticloud.azureClusters.update gkemulticloud.azureNodePools.create gkemulticloud.azureNodePools.delete gkemulticloud.azureNodePools.get gkemulticloud.azureNodePools.list gkemulticloud.azureNodePools.update gkemulticloud.azureServerConfigs.get gkemulticloud.operations.cancel gkemulticloud.operations.delete gkemulticloud.operations.get gkemulticloud.operations.list gkemulticloud.operations.wait |
Identity and Access Management | Added |
iam.denypolicies.create iam.denypolicies.delete iam.denypolicies.get iam.denypolicies.list iam.denypolicies.replace iam.denypolicies.update |
Identity and Access Management | Added |
iam.googleapis.com/denypolicies.create iam.googleapis.com/denypolicies.delete iam.googleapis.com/denypolicies.get iam.googleapis.com/denypolicies.list iam.googleapis.com/denypolicies.replace |
Cloud Run | Added |
run.operations.delete run.operations.get run.operations.list |
Cloud Run | Now GA |
run.operations.delete run.operations.get run.operations.list |
Security Command Center | Added |
securitycenter.findingexternalsystems.update securitycenter.findings.bulkMuteUpdate securitycenter.findings.setMute securitycenter.muteconfigs.create securitycenter.muteconfigs.delete securitycenter.muteconfigs.get securitycenter.muteconfigs.list securitycenter.muteconfigs.update |
Security Command Center | Supported In Custom Roles |
securitycenter.findingexternalsystems.update securitycenter.findings.bulkMuteUpdate securitycenter.findings.setMute securitycenter.muteconfigs.create securitycenter.muteconfigs.delete securitycenter.muteconfigs.get securitycenter.muteconfigs.list securitycenter.muteconfigs.update |
Security Command Center | Now GA |
securitycenter.findingexternalsystems.update securitycenter.findings.bulkMuteUpdate securitycenter.findings.setMute securitycenter.muteconfigs.create securitycenter.muteconfigs.delete securitycenter.muteconfigs.get securitycenter.muteconfigs.list securitycenter.muteconfigs.update |
Video Stitcher API | Added |
videostitcher.cdnKeys.create videostitcher.cdnKeys.delete videostitcher.cdnKeys.get videostitcher.cdnKeys.list videostitcher.cdnKeys.update videostitcher.liveAdTagDetails.get videostitcher.liveAdTagDetails.list videostitcher.liveSessions.create videostitcher.liveSessions.get videostitcher.slates.create videostitcher.slates.delete videostitcher.slates.get videostitcher.slates.list videostitcher.slates.update videostitcher.vodAdTagDetails.get videostitcher.vodAdTagDetails.list videostitcher.vodSessions.create videostitcher.vodSessions.get videostitcher.vodStitchDetails.get videostitcher.vodStitchDetails.list |
Cloud IAM changes as of 2021-10-22
Service | Change | Description |
---|---|---|
Anthos Support | Now GA |
The role |
Cloud Functions | Role Updated |
The following permissions have been added to the role source.repos.get source.repos.list |
Cloud Key Management Service | Now GA |
The role |
Cloud Key Management Service | Now GA |
The role |
Cloud Key Management Service | Now GA |
The role |
Cloud Key Management Service | Now GA |
The role |
Cloud Key Management Service | Now GA |
The role |
Cloud Data Fusion | Role Updated |
The following permissions have been added to the role dataproc.operations.cancel |
Data Pipelines | Now GA |
The role |
Data Pipelines | Now GA |
The role |
Data Pipelines | Now GA |
The role |
Dataproc | Role Updated |
The following permissions have been added to the role dataproc.operations.cancel |
Dataproc | Role Updated |
The following permissions have been added to the role dataproc.autoscalingPolicies.create dataproc.autoscalingPolicies.delete dataproc.autoscalingPolicies.getIamPolicy dataproc.autoscalingPolicies.update |
Customer Usage Data Processing | Now GA |
The role |
Dialogflow | Role Updated |
The following permissions have been added to the role storage.objects.create |
Cloud Domains | Now GA |
The role |
Cloud Domains | Now GA |
The role |
Game Servers | Role Updated |
The following permissions have been added to the role iam.serviceAccounts.actAs |
Managed Service for Microsoft Active Directory | Now GA |
The role |
Managed Service for Microsoft Active Directory | Now GA |
The role |
Multi Cluster Ingress | Role Updated |
The following permissions have been added to the role compute.addresses.createInternal compute.addresses.deleteInternal compute.addresses.useInternal |
Security Command Center | Now GA |
The role |
Cloud Key Management Service | Added |
cloudkms.cryptoKeyVersions.manageRawPKCS1Keys cloudkms.cryptoKeyVersions.useToDecryptViaDelegation cloudkms.cryptoKeyVersions.useToEncryptViaDelegation |
Cloud Key Management Service | Supported In Custom Roles |
cloudkms.cryptoKeyVersions.manageRawPKCS1Keys cloudkms.cryptoKeyVersions.useToDecryptViaDelegation cloudkms.cryptoKeyVersions.useToEncryptViaDelegation |
Cloud Key Management Service | Now GA |
cloudkms.cryptoKeyVersions.manageRawPKCS1Keys cloudkms.cryptoKeyVersions.useToDecryptViaDelegation cloudkms.cryptoKeyVersions.useToEncryptViaDelegation |
Compute Engine | Added |
compute.reservations.update |
Compute Engine | Supported In Custom Roles |
compute.reservations.update |
Data Pipelines | Now GA |
datapipelines.pipelines.create datapipelines.pipelines.delete datapipelines.pipelines.get datapipelines.pipelines.list datapipelines.pipelines.run datapipelines.pipelines.stop datapipelines.pipelines.update |
Cloud Domains | Supported In Custom Roles |
domains.locations.get domains.locations.list domains.operations.cancel domains.operations.get domains.operations.list |
Cloud Domains | Now GA |
domains.locations.get domains.locations.list domains.operations.cancel domains.operations.get domains.operations.list domains.registrations.configureContact domains.registrations.configureDns domains.registrations.configureManagement domains.registrations.create domains.registrations.delete domains.registrations.get domains.registrations.getIamPolicy domains.registrations.list domains.registrations.setIamPolicy domains.registrations.update |
Firebase Cloud Messaging | Added |
firebasecloudmessaging.messages.create |
Managed Service for Microsoft Active Directory | Now GA |
managedidentities.peerings.create managedidentities.peerings.delete managedidentities.peerings.get managedidentities.peerings.getIamPolicy managedidentities.peerings.list managedidentities.peerings.setIamPolicy managedidentities.peerings.update |
reCAPTCHA Enterprise | Added |
recaptchaenterprise.relatedaccountgroupmemberships.list recaptchaenterprise.relatedaccountgroups.list |
Cloud IAM changes as of 2021-10-01
Service | Change | Description |
---|---|---|
AI Platform | Role Updated |
The following permissions have been added to the role compute.machineTypes.get dataflow.jobs.cancel dataflow.jobs.create dataflow.jobs.get dataflow.jobs.list dataflow.jobs.snapshot dataflow.jobs.updateContents dataflow.messages.list dataflow.metrics.get dataflow.snapshots.delete dataflow.snapshots.get dataflow.snapshots.list |
Artifact Registry | Role Updated |
The following permissions have been added to the role artifactregistry.repositories.downloadArtifacts |
Cloud TPU | Role Updated |
The following permissions have been added to the role servicedirectory.namespaces.create servicedirectory.namespaces.delete servicedirectory.services.create servicedirectory.services.delete |
Cloud Composer | Role Updated |
The following permissions have been added to the role servicedirectory.namespaces.create servicedirectory.namespaces.delete servicedirectory.services.create servicedirectory.services.delete |
Compute Engine | Role Updated |
The following permissions have been added to the role servicedirectory.namespaces.create servicedirectory.namespaces.delete servicedirectory.services.create servicedirectory.services.delete |
Connectors | Now GA |
The role |
Connectors | Now GA |
The role |
Google Kubernetes Engine | Role Updated |
The following permissions have been added to the role servicedirectory.namespaces.create servicedirectory.namespaces.delete servicedirectory.services.create servicedirectory.services.delete |
Dataflow | Role Updated |
The following permissions have been added to the role |