This page describes changes to the public IAM permissions for all Generally Available and Beta services on Google Cloud. This change log can help you maintain and troubleshoot your custom roles.
When a permission is retired or is no longer supported in custom roles, IAM automatically removes the permission from your custom roles. In contrast, when a permission is added, IAM does not automatically add the permission to your custom roles.
You can see the latest product updates for all of Google Cloud on the Google Cloud page, browse and filter all release notes in the Google Cloud console, or you can programmatically access release notes in BigQuery.
To get the latest product updates delivered to you, add the URL of this page to your
feed
reader, or add the feed URL directly: https://cloud.google.com/feeds/cloud-iam-permissions-change-log.xml
Upcoming Cloud IAM changes for the week of 2022-06-20
| Service | Change | Description |
|---|---|---|
| Anthos Config Management | Role Updated |
The following permissions have been added to the role container.clusters.get |
| Batch API | Now GA |
The role |
| Firebase Test Lab | Role Updated |
The following permissions have been added to the role storage.objects.delete |
| Apigee | Added |
apigee.securityProfileEnvironments.computeScoreapigee.securityProfileEnvironments.createapigee.securityProfileEnvironments.deleteapigee.securityProfiles.getapigee.securityProfiles.listapigee.securityStats.queryTabularStatsapigee.securityStats.queryTimeSeriesStats |
| Apigee | Now GA |
apigee.securityProfileEnvironments.computeScoreapigee.securityProfileEnvironments.createapigee.securityProfileEnvironments.deleteapigee.securityProfiles.getapigee.securityProfiles.listapigee.securityStats.queryTabularStatsapigee.securityStats.queryTimeSeriesStats |
Cloud IAM changes as of 2022-06-17
| Service | Change | Description |
|---|---|---|
| Care Studio | Now GA |
The role |
| Translation | Role Updated |
The following permissions have been added to the role automl.datasets.exportautoml.datasets.getautoml.datasets.listautoml.models.getautoml.models.listautoml.operations.get |
| Cloud Composer | Role Updated |
The following permissions have been added to the role resourcemanager.projects.getIamPolicy |
| Google Kubernetes Engine | Role Updated |
The following permissions have been added to the role dns.managedZones.getIamPolicydns.policies.getIamPolicy |
| Dialogflow | Role Updated |
The following permissions have been added to the role pubsub.snapshots.seekpubsub.subscriptions.consumepubsub.topics.attachSubscription |
| Cloud DNS | Role Updated |
The following permissions have been added to the role dns.managedZones.getIamPolicydns.policies.getIamPolicy |
| Document AI | Role Updated |
The following permissions have been added to the role documentai.humanReviewConfigs.review |
| Basic Role | Role Updated |
The following permissions have been added to the role dns.managedZones.getIamPolicydns.policies.getIamPolicy |
| Cloud Integrations | Role Updated |
The following permissions have been added to the role pubsub.snapshots.createpubsub.snapshots.deletepubsub.snapshots.updatepubsub.topics.createpubsub.topics.deletepubsub.topics.detachSubscriptionpubsub.topics.updatepubsub.topics.updateTag |
| Service Networking | Role Updated |
The following permissions have been added to the role dns.managedZones.getIamPolicydns.policies.getIamPolicy |
| Basic Role | Role Updated |
The following permissions have been added to the role dns.managedZones.getIamPolicydns.policies.getIamPolicy |
| Basic Role | Role Updated |
The following permissions have been removed from the role apigee.archivedeployments.upload |
| Bare Metal Solution | Added |
baremetalsolution.instancequotas.listbaremetalsolution.networkquotas.listbaremetalsolution.volumequotas.list |
| Bare Metal Solution | Supported In Custom Roles |
baremetalsolution.instancequotas.listbaremetalsolution.networkquotas.listbaremetalsolution.volumequotas.list |
| Bare Metal Solution | Now GA |
baremetalsolution.instancequotas.listbaremetalsolution.networkquotas.listbaremetalsolution.volumequotas.list |
| Batch API | Added |
batch.jobs.createbatch.jobs.deletebatch.jobs.getbatch.jobs.listbatch.locations.getbatch.locations.listbatch.operations.getbatch.operations.listbatch.states.reportbatch.tasks.getbatch.tasks.list |
| Batch API | Supported In Custom Roles |
batch.jobs.createbatch.jobs.deletebatch.jobs.getbatch.jobs.listbatch.locations.getbatch.locations.listbatch.operations.getbatch.operations.listbatch.states.reportbatch.tasks.getbatch.tasks.list |
| BigQuery | Supported In Custom Roles |
bigquery.dataPolicies.createbigquery.dataPolicies.deletebigquery.dataPolicies.getbigquery.dataPolicies.getIamPolicybigquery.dataPolicies.listbigquery.dataPolicies.maskedGetbigquery.dataPolicies.setIamPolicybigquery.dataPolicies.update |
| Cloud Bigtable | Added |
bigtable.tables.undelete |
| Cloud Bigtable | Now GA |
bigtable.tables.undelete |
| Care Studio | Now GA |
carestudio.patients.getcarestudio.patients.list |
| Cloud Integrations | Added |
integrations.apigeeSuspensions.lift |
| Cloud Integrations | Now GA |
integrations.apigeeSuspensions.lift |
| Service Networking | Added |
servicenetworking.services.createPeeredDnsDomainservicenetworking.services.deletePeeredDnsDomainservicenetworking.services.listPeeredDnsDomains |
| Service Networking | Supported In Custom Roles |
servicenetworking.services.createPeeredDnsDomainservicenetworking.services.deletePeeredDnsDomainservicenetworking.services.listPeeredDnsDomains |
| Timeseries Insights | Added |
timeseriesinsights.datasets.createtimeseriesinsights.datasets.deletetimeseriesinsights.datasets.evaluatetimeseriesinsights.datasets.listtimeseriesinsights.datasets.querytimeseriesinsights.datasets.update |
Cloud IAM changes as of 2022-06-10
| Service | Change | Description |
|---|---|---|
| App Engine | Role Updated |
The following permissions have been added to the role appengine.memcache.addKeyappengine.memcache.flushappengine.memcache.getappengine.memcache.update |
| Cloud Composer | Role Updated |
The following permissions have been added to the role appengine.memcache.addKeyappengine.memcache.flushappengine.memcache.getappengine.memcache.update |
| Compute Engine | Role Updated |
The following permissions have been added to the role storage.objects.createstorage.objects.getstorage.objects.liststorage.objects.update |
| Dataplex | Role Updated |
The following permissions have been added to the role cloudasset.assets.analyzeIamPolicycloudasset.assets.searchAllIamPoliciescloudasset.assets.searchAllResources |
| Dataplex | Role Updated |
The following permissions have been added to the role cloudasset.assets.analyzeIamPolicy |
| Dataplex | Role Updated |
The following permissions have been added to the role cloudasset.assets.analyzeIamPolicy |
| Cloud Integrations | Now GA |
The role |
| Dataproc Metastore | Now GA |
The role |
| Resource Manager | Now GA |
The role |
| Resource Manager | Now GA |
The role |
| Resource Manager | Now GA |
The role |
| Resource Manager | Now GA |
The role |
| Access Approval | Added |
accessapproval.requests.invalidate |
| Access Approval | Supported In Custom Roles |
accessapproval.requests.invalidate |
| AlloyDB for PostgreSQL | Added |
alloydb.backups.createalloydb.backups.deletealloydb.backups.getalloydb.backups.listalloydb.backups.updatealloydb.clusters.createalloydb.clusters.deletealloydb.clusters.generateClientCertificatealloydb.clusters.getalloydb.clusters.listalloydb.clusters.updatealloydb.instances.connectalloydb.instances.createalloydb.instances.deletealloydb.instances.failoveralloydb.instances.getalloydb.instances.listalloydb.instances.restartalloydb.instances.updatealloydb.locations.getalloydb.locations.listalloydb.operations.cancelalloydb.operations.deletealloydb.operations.getalloydb.operations.listalloydb.supportedDatabaseFlags.getalloydb.supportedDatabaseFlags.list |
| Artifact Registry | Added |
artifactregistry.mavenartifacts.getartifactregistry.mavenartifacts.listartifactregistry.npmpackages.getartifactregistry.npmpackages.listartifactregistry.pythonpackages.getartifactregistry.pythonpackages.list |
| Artifact Registry | Now GA |
artifactregistry.mavenartifacts.getartifactregistry.mavenartifacts.listartifactregistry.npmpackages.getartifactregistry.npmpackages.listartifactregistry.pythonpackages.getartifactregistry.pythonpackages.list |
| AutoML | Added |
automl.files.deleteautoml.files.list |
| Bare Metal Solution | Added |
baremetalsolution.instances.attachVolumebaremetalsolution.instances.detachVolume |
| Bare Metal Solution | Supported In Custom Roles |
baremetalsolution.instances.attachVolumebaremetalsolution.instances.detachVolume |
| Bare Metal Solution | Now GA |
baremetalsolution.instances.attachVolumebaremetalsolution.instances.detachVolume |
| Cloud Billing | Added |
billing.accounts.getCarbonInformation |
| Cloud Billing | Supported In Custom Roles |
billing.accounts.getCarbonInformation |
| Cloud Billing | Now GA |
billing.accounts.getCarbonInformation |
| Google Cloud Deploy | Added |
clouddeploy.releases.abandon |
| Google Cloud Deploy | Supported In Custom Roles |
clouddeploy.releases.abandon |
| Commerce Price Management | Added |
commerceprice.privateoffers.cancel |
| Commerce Price Management | Supported In Custom Roles |
commerceprice.privateoffers.cancel |
| Datastream | Added |
datastream.connectionProfiles.createTagBindingdatastream.connectionProfiles.deleteTagBindingdatastream.connectionProfiles.listEffectiveTagsdatastream.connectionProfiles.listTagBindingsdatastream.privateConnections.createTagBindingdatastream.privateConnections.deleteTagBindingdatastream.privateConnections.listEffectiveTagsdatastream.privateConnections.listTagBindingsdatastream.streams.createTagBindingdatastream.streams.deleteTagBindingdatastream.streams.listEffectiveTagsdatastream.streams.listTagBindings |
| Cloud DNS | Added |
dns.managedZones.getIamPolicydns.managedZones.setIamPolicy |
| Cloud DNS | Supported In Custom Roles |
dns.managedZones.getIamPolicydns.managedZones.setIamPolicy |
| Identity and Access Management | Added |
iam.serviceAccountKeys.disableiam.serviceAccountKeys.enable |
| Identity and Access Management | Supported In Custom Roles |
iam.serviceAccountKeys.disableiam.serviceAccountKeys.enable |
| Identity and Access Management | Now GA |
iam.serviceAccountKeys.disableiam.serviceAccountKeys.enable |
| Dataproc Metastore | Added |
metastore.federations.createmetastore.federations.deletemetastore.federations.getmetastore.federations.getIamPolicymetastore.federations.listmetastore.federations.setIamPolicymetastore.federations.updatemetastore.federations.use |
| Dataproc Metastore | Supported In Custom Roles |
metastore.federations.createmetastore.federations.deletemetastore.federations.getmetastore.federations.getIamPolicymetastore.federations.listmetastore.federations.setIamPolicymetastore.federations.updatemetastore.federations.use |
| Dataproc Metastore | Now GA |
metastore.federations.createmetastore.federations.deletemetastore.federations.getmetastore.federations.getIamPolicymetastore.federations.listmetastore.federations.setIamPolicymetastore.federations.updatemetastore.federations.use |
| Resource Manager | Now GA |
resourcemanager.hierarchyNodes.createTagBindingresourcemanager.hierarchyNodes.deleteTagBindingresourcemanager.hierarchyNodes.listTagBindingsresourcemanager.resourceTagBindings.createresourcemanager.resourceTagBindings.deleteresourcemanager.resourceTagBindings.listresourcemanager.tagHolds.createresourcemanager.tagHolds.deleteresourcemanager.tagHolds.listresourcemanager.tagKeys.createresourcemanager.tagKeys.deleteresourcemanager.tagKeys.getresourcemanager.tagKeys.getIamPolicyresourcemanager.tagKeys.listresourcemanager.tagKeys.setIamPolicyresourcemanager.tagKeys.updateresourcemanager.tagValueBindings.createresourcemanager.tagValueBindings.deleteresourcemanager.tagValues.createresourcemanager.tagValues.deleteresourcemanager.tagValues.getresourcemanager.tagValues.getIamPolicyresourcemanager.tagValues.listresourcemanager.tagValues.setIamPolicyresourcemanager.tagValues.update |
Cloud IAM changes as of 2022-05-27
| Service | Change | Description |
|---|---|---|
| AlloyDB for PostgreSQL | Now GA |
The role |
| Compute Engine | Role Updated |
The following permissions have been added to the role compute.addresses.usecompute.addresses.useInternalcompute.disks.createcompute.disks.setLabelscompute.disks.usecompute.disks.useReadOnlycompute.images.useReadOnlycompute.instanceTemplates.useReadOnlycompute.instances.createcompute.instances.createTagBindingcompute.instances.setDeletionProtectioncompute.instances.setLabelscompute.instances.setMetadatacompute.instances.setServiceAccountcompute.instances.setTagscompute.instances.updateDisplayDevicecompute.machineImages.useReadOnlycompute.networks.usecompute.networks.useExternalIpcompute.resourcePolicies.usecompute.snapshots.useReadOnlycompute.subnetworks.usecompute.subnetworks.useExternalIp |
| Dataflow | Role Updated |
The following permissions have been added to the role monitoring.timeSeries.create |
| Live Stream | Role Updated |
The following permissions have been added to the role storage.objects.getstorage.objects.list |
| Cloud Run | Role Updated |
The following permissions have been added to the role compute.addresses.createInternalcompute.addresses.deleteInternalcompute.addresses.getcompute.addresses.listcompute.subnetworks.getcompute.subnetworks.use |
| Cloud Run | Role Updated |
The following permissions have been added to the role compute.addresses.createInternalcompute.addresses.deleteInternalcompute.addresses.getcompute.addresses.listcompute.subnetworks.getcompute.subnetworks.use |
| AI Platform | Added |
aiplatform.entityTypes.getIamPolicyaiplatform.entityTypes.setIamPolicyaiplatform.featurestores.getIamPolicyaiplatform.featurestores.setIamPolicy |
| Container Security | Added |
containersecurity.locations.getcontainersecurity.locations.list |
| Network Management API | Added |
networkmanagement.config.getnetworkmanagement.config.startFreeTrialnetworkmanagement.config.update |
| Network Management API | Supported In Custom Roles |
networkmanagement.config.getnetworkmanagement.config.startFreeTrialnetworkmanagement.config.update |
| Network Management API | Now GA |
networkmanagement.config.getnetworkmanagement.config.startFreeTrialnetworkmanagement.config.update |
| Network Services | Added |
networkservices.tlsRoutes.createnetworkservices.tlsRoutes.deletenetworkservices.tlsRoutes.getnetworkservices.tlsRoutes.listnetworkservices.tlsRoutes.updatenetworkservices.tlsRoutes.use |
| Network Services | Supported In Custom Roles |
networkservices.tlsRoutes.createnetworkservices.tlsRoutes.deletenetworkservices.tlsRoutes.getnetworkservices.tlsRoutes.listnetworkservices.tlsRoutes.updatenetworkservices.tlsRoutes.use |
| reCAPTCHA Enterprise | Added |
recaptchaenterprise.keys.retrievelegacysecretkey |
| Transfer Appliance | Added |
transferappliance.appliances.createtransferappliance.appliances.deletetransferappliance.appliances.gettransferappliance.appliances.listtransferappliance.appliances.updatetransferappliance.locations.gettransferappliance.locations.listtransferappliance.operations.canceltransferappliance.operations.deletetransferappliance.operations.gettransferappliance.operations.listtransferappliance.orders.createtransferappliance.orders.deletetransferappliance.orders.gettransferappliance.orders.listtransferappliance.orders.update |
| Transfer Appliance | Supported In Custom Roles |
transferappliance.appliances.createtransferappliance.appliances.deletetransferappliance.appliances.gettransferappliance.appliances.listtransferappliance.appliances.updatetransferappliance.locations.gettransferappliance.locations.listtransferappliance.operations.canceltransferappliance.operations.deletetransferappliance.operations.gettransferappliance.operations.listtransferappliance.orders.createtransferappliance.orders.deletetransferappliance.orders.gettransferappliance.orders.listtransferappliance.orders.update |
Cloud IAM changes as of 2022-05-20
| Service | Change | Description |
|---|---|---|
| Anthos Service Mesh | Role Updated |
The following permissions have been added to the role container.jobs.createcontainer.jobs.deletecontainer.jobs.getcontainer.jobs.listcontainer.jobs.update |
| Backup for GKE | Role Updated |
The following permissions have been added to the role compute.disks.listcompute.disks.setLabels |
| AI Platform | Added |
aiplatform.humanInTheLoops.queryAnnotationStats |
| Bare Metal Solution | Added |
baremetalsolution.luns.createbaremetalsolution.luns.deletebaremetalsolution.luns.updatebaremetalsolution.volumes.createbaremetalsolution.volumes.delete |
| Bare Metal Solution | Supported In Custom Roles |
baremetalsolution.luns.createbaremetalsolution.luns.deletebaremetalsolution.luns.updatebaremetalsolution.volumes.createbaremetalsolution.volumes.delete |
| Bare Metal Solution | Now GA |
baremetalsolution.luns.createbaremetalsolution.luns.deletebaremetalsolution.luns.updatebaremetalsolution.volumes.createbaremetalsolution.volumes.delete |
| BigQuery | Added |
bigquery.datasets.createTagBindingbigquery.datasets.deleteTagBindingbigquery.datasets.listTagBindings |
| BigQuery | Supported In Custom Roles |
bigquery.datasets.createTagBindingbigquery.datasets.deleteTagBindingbigquery.datasets.listTagBindings |
| Recommender | Added |
recommender.containerDiagnosisInsights.getrecommender.containerDiagnosisInsights.listrecommender.containerDiagnosisInsights.updaterecommender.containerDiagnosisRecommendations.getrecommender.containerDiagnosisRecommendations.listrecommender.containerDiagnosisRecommendations.update |
| Recommender | Supported In Custom Roles |
recommender.containerDiagnosisInsights.getrecommender.containerDiagnosisInsights.listrecommender.containerDiagnosisInsights.updaterecommender.containerDiagnosisRecommendations.getrecommender.containerDiagnosisRecommendations.listrecommender.containerDiagnosisRecommendations.update |
| Service Security Insights | Added |
servicesecurityinsights.securityInfo.list |
| Service Security Insights | Supported In Custom Roles |
servicesecurityinsights.securityInfo.list |
Cloud IAM changes as of 2022-05-13
| Service | Change | Description |
|---|---|---|
| Assured Workloads | Role Updated |
The following permissions have been added to the role logging.cmekSettings.update |
| Maps Admin | Now GA |
The role |
| Maps Admin | Now GA |
The role |
| Security Command Center | Role Updated |
The following permissions have been added to the role orgpolicy.policies.list |
| Security Command Center | Role Updated |
The following permissions have been added to the role orgpolicy.policies.list |
| Service Security Insights | Role Added |
The role servicesecurityinsights.clusterSecurityInfo.getservicesecurityinsights.clusterSecurityInfo.listservicesecurityinsights.clusters.getservicesecurityinsights.clusters.listservicesecurityinsights.googleapis.com/clusterSecurityInfo.getservicesecurityinsights.googleapis.com/clusterSecurityInfo.listservicesecurityinsights.googleapis.com/clusters.getservicesecurityinsights.googleapis.com/clusters.listservicesecurityinsights.googleapis.com/locations.getservicesecurityinsights.googleapis.com/locations.listservicesecurityinsights.googleapis.com/namespaces.getservicesecurityinsights.googleapis.com/namespaces.listservicesecurityinsights.googleapis.com/policies.getservicesecurityinsights.googleapis.com/policyTypes.getservicesecurityinsights.googleapis.com/policyTypes.listservicesecurityinsights.googleapis.com/projectStates.getservicesecurityinsights.googleapis.com/securityInfo.listservicesecurityinsights.googleapis.com/securityViews.getservicesecurityinsights.googleapis.com/workloadPolicies.listservicesecurityinsights.googleapis.com/workloadSecurityInfo.getservicesecurityinsights.googleapis.com/workloadTypes.getservicesecurityinsights.googleapis.com/workloadTypes.listservicesecurityinsights.googleapis.com/workloads.getservicesecurityinsights.googleapis.com/workloads.listservicesecurityinsights.locations.getservicesecurityinsights.locations.listservicesecurityinsights.namespaces.getservicesecurityinsights.namespaces.listservicesecurityinsights.policies.getservicesecurityinsights.policyTypes.getservicesecurityinsights.policyTypes.listservicesecurityinsights.projectStates.getservicesecurityinsights.securityInfo.listservicesecurityinsights.securityViews.getservicesecurityinsights.workloadPolicies.listservicesecurityinsights.workloadSecurityInfo.getservicesecurityinsights.workloadTypes.getservicesecurityinsights.workloadTypes.listservicesecurityinsights.workloads.getservicesecurityinsights.workloads.list |
| Apigee | Added |
apigee.keyvaluemapentries.createapigee.keyvaluemapentries.deleteapigee.keyvaluemapentries.get |
| Apigee | Supported In Custom Roles |
apigee.keyvaluemapentries.createapigee.keyvaluemapentries.deleteapigee.keyvaluemapentries.get |
| Apigee | Now GA |
apigee.keyvaluemapentries.createapigee.keyvaluemapentries.deleteapigee.keyvaluemapentries.get |
| Artifact Registry | Added |
artifactregistry.locations.getartifactregistry.locations.list |
| Artifact Registry | Supported In Custom Roles |
artifactregistry.locations.getartifactregistry.locations.list |
| Artifact Registry | Now GA |
artifactregistry.locations.getartifactregistry.locations.list |
| Care Studio | Added |
carestudio.patients.getcarestudio.patients.list |
| Identity-Aware Proxy | Added |
iap.tunnelDestGroups.accessViaIAPiap.tunnelDestGroups.createiap.tunnelDestGroups.deleteiap.tunnelDestGroups.getiap.tunnelDestGroups.getIamPolicyiap.tunnelDestGroups.listiap.tunnelDestGroups.setIamPolicyiap.tunnelDestGroups.updateiap.tunnelLocations.getIamPolicyiap.tunnelLocations.setIamPolicy |
| Identity-Aware Proxy | Supported In Custom Roles |
iap.tunnelDestGroups.accessViaIAPiap.tunnelDestGroups.createiap.tunnelDestGroups.deleteiap.tunnelDestGroups.getiap.tunnelDestGroups.getIamPolicyiap.tunnelDestGroups.listiap.tunnelDestGroups.setIamPolicyiap.tunnelDestGroups.updateiap.tunnelLocations.getIamPolicyiap.tunnelLocations.setIamPolicy |
| Maps Admin | Added |
mapsadmin.clientMaps.createmapsadmin.clientMaps.deletemapsadmin.clientMaps.getmapsadmin.clientMaps.listmapsadmin.clientMaps.updatemapsadmin.clientStyleActivationRules.updatemapsadmin.clientStyleSheetSnapshots.listmapsadmin.clientStyleSheetSnapshots.updatemapsadmin.clientStyles.createmapsadmin.clientStyles.deletemapsadmin.clientStyles.getmapsadmin.clientStyles.listmapsadmin.clientStyles.updatemapsadmin.styleEditorConfigs.get |
| Maps Admin | Supported In Custom Roles |
mapsadmin.clientMaps.createmapsadmin.clientMaps.deletemapsadmin.clientMaps.getmapsadmin.clientMaps.listmapsadmin.clientMaps.updatemapsadmin.clientStyleActivationRules.updatemapsadmin.clientStyleSheetSnapshots.listmapsadmin.clientStyleSheetSnapshots.updatemapsadmin.clientStyles.createmapsadmin.clientStyles.deletemapsadmin.clientStyles.getmapsadmin.clientStyles.listmapsadmin.clientStyles.updatemapsadmin.styleEditorConfigs.get |
| Maps Admin | Now GA |
mapsadmin.clientMaps.createmapsadmin.clientMaps.deletemapsadmin.clientMaps.getmapsadmin.clientMaps.listmapsadmin.clientMaps.updatemapsadmin.clientStyleActivationRules.updatemapsadmin.clientStyleSheetSnapshots.listmapsadmin.clientStyleSheetSnapshots.updatemapsadmin.clientStyles.createmapsadmin.clientStyles.deletemapsadmin.clientStyles.getmapsadmin.clientStyles.listmapsadmin.clientStyles.updatemapsadmin.styleEditorConfigs.get |
| Certificate Authority Service | Added |
privateca.caPools.use |
| Certificate Authority Service | Now GA |
privateca.caPools.use |
Cloud IAM changes as of 2022-05-06
| Service | Change | Description |
|---|---|---|
| Cloud Billing | Now GA |
The role |
| Cloud Functions | Role Updated |
The following permissions have been added to the role run.operations.deleterun.operations.getrun.operations.list |
| Cloud Functions | Role Updated |
The following permissions have been added to the role run.operations.deleterun.operations.getrun.operations.list |
| Firebase App Check | Now GA |
The role |
| Firebase App Check | Now GA |
The role |
| Recommender | Now GA |
The role |
| Recommender | Now GA |
The role |
| Cloud Run | Role Updated |
The following permissions have been added to the role run.operations.deleterun.operations.getrun.operations.list |
| Container Security | Added |
containersecurity.clusterSummaries.listcontainersecurity.workloadConfigAudits.list |
| Container Security | Supported In Custom Roles |
containersecurity.clusterSummaries.listcontainersecurity.workloadConfigAudits.list |
| Eventarc | Added |
eventarc.channelConnections.createeventarc.channelConnections.deleteeventarc.channelConnections.geteventarc.channelConnections.getIamPolicyeventarc.channelConnections.listeventarc.channelConnections.publisheventarc.channelConnections.setIamPolicy |
| Eventarc | Supported In Custom Roles |
eventarc.channelConnections.createeventarc.channelConnections.deleteeventarc.channelConnections.geteventarc.channelConnections.getIamPolicyeventarc.channelConnections.listeventarc.channelConnections.publisheventarc.channelConnections.setIamPolicy |
| Firebase App Check | Added |
firebaseappcheck.recaptchaV3Config.getfirebaseappcheck.recaptchaV3Config.update |
| Firebase App Check | Now GA |
firebaseappcheck.appAttestConfig.getfirebaseappcheck.appAttestConfig.updatefirebaseappcheck.debugTokens.getfirebaseappcheck.debugTokens.updatefirebaseappcheck.deviceCheckConfig.getfirebaseappcheck.deviceCheckConfig.updatefirebaseappcheck.playIntegrityConfig.getfirebaseappcheck.playIntegrityConfig.updatefirebaseappcheck.recaptchaEnterpriseConfig.getfirebaseappcheck.recaptchaEnterpriseConfig.updatefirebaseappcheck.recaptchaV3Config.getfirebaseappcheck.recaptchaV3Config.updatefirebaseappcheck.safetyNetConfig.getfirebaseappcheck.safetyNetConfig.updatefirebaseappcheck.services.getfirebaseappcheck.services.update |
| Managed Service for Microsoft Active Directory | Added |
managedidentities.domains.extendSchema |
| Managed Service for Microsoft Active Directory | Supported In Custom Roles |
managedidentities.domains.extendSchema |
| Recommender | Added |
recommender.gmpProjectManagementInsights.getrecommender.gmpProjectManagementInsights.listrecommender.gmpProjectManagementInsights.updaterecommender.gmpProjectManagementRecommendations.getrecommender.gmpProjectManagementRecommendations.listrecommender.gmpProjectManagementRecommendations.updaterecommender.gmpProjectProductSuggestionsInsights.getrecommender.gmpProjectProductSuggestionsInsights.listrecommender.gmpProjectProductSuggestionsInsights.updaterecommender.gmpProjectProductSuggestionsRecommendations.getrecommender.gmpProjectProductSuggestionsRecommendations.listrecommender.gmpProjectProductSuggestionsRecommendations.updaterecommender.gmpProjectQuotaInsights.getrecommender.gmpProjectQuotaInsights.listrecommender.gmpProjectQuotaInsights.updaterecommender.gmpProjectQuotaRecommendations.getrecommender.gmpProjectQuotaRecommendations.listrecommender.gmpProjectQuotaRecommendations.update |
| Recommender | Supported In Custom Roles |
recommender.gmpProjectManagementInsights.getrecommender.gmpProjectManagementInsights.listrecommender.gmpProjectManagementInsights.updaterecommender.gmpProjectManagementRecommendations.getrecommender.gmpProjectManagementRecommendations.listrecommender.gmpProjectManagementRecommendations.updaterecommender.gmpProjectProductSuggestionsInsights.getrecommender.gmpProjectProductSuggestionsInsights.listrecommender.gmpProjectProductSuggestionsInsights.updaterecommender.gmpProjectProductSuggestionsRecommendations.getrecommender.gmpProjectProductSuggestionsRecommendations.listrecommender.gmpProjectProductSuggestionsRecommendations.updaterecommender.gmpProjectQuotaInsights.getrecommender.gmpProjectQuotaInsights.listrecommender.gmpProjectQuotaInsights.updaterecommender.gmpProjectQuotaRecommendations.getrecommender.gmpProjectQuotaRecommendations.listrecommender.gmpProjectQuotaRecommendations.update |
| Recommender | Now GA |
recommender.gmpProjectManagementInsights.getrecommender.gmpProjectManagementInsights.listrecommender.gmpProjectManagementInsights.updaterecommender.gmpProjectManagementRecommendations.getrecommender.gmpProjectManagementRecommendations.listrecommender.gmpProjectManagementRecommendations.updaterecommender.gmpProjectProductSuggestionsInsights.getrecommender.gmpProjectProductSuggestionsInsights.listrecommender.gmpProjectProductSuggestionsInsights.updaterecommender.gmpProjectProductSuggestionsRecommendations.getrecommender.gmpProjectProductSuggestionsRecommendations.listrecommender.gmpProjectProductSuggestionsRecommendations.updaterecommender.gmpProjectQuotaInsights.getrecommender.gmpProjectQuotaInsights.listrecommender.gmpProjectQuotaInsights.updaterecommender.gmpProjectQuotaRecommendations.getrecommender.gmpProjectQuotaRecommendations.listrecommender.gmpProjectQuotaRecommendations.update |
| Cloud Run | Added |
run.executions.deleterun.executions.getrun.executions.listrun.jobs.createrun.jobs.deleterun.jobs.getrun.jobs.getIamPolicyrun.jobs.listrun.jobs.runrun.jobs.setIamPolicyrun.jobs.updaterun.tasks.getrun.tasks.list |
| Cloud Run | Supported In Custom Roles |
run.jobs.runrun.jobs.update |
| Cloud Run | Now GA |
run.executions.deleterun.executions.getrun.executions.listrun.jobs.createrun.jobs.deleterun.jobs.getrun.jobs.getIamPolicyrun.jobs.listrun.jobs.runrun.jobs.setIamPolicyrun.jobs.updaterun.tasks.getrun.tasks.list |
| Service Security Insights | Added |
servicesecurityinsights.clusterSecurityInfo.getservicesecurityinsights.clusterSecurityInfo.listservicesecurityinsights.policies.getservicesecurityinsights.projectStates.getservicesecurityinsights.securityViews.getservicesecurityinsights.workloadPolicies.listservicesecurityinsights.workloadSecurityInfo.get |
Cloud IAM changes as of 2022-04-29
| Service | Change | Description |
|---|---|---|
| Apigee | Role Updated |
The following permissions have been added to the role apigee.keyvaluemaps.createapigee.keyvaluemaps.delete |
| Content Warehouse | Role Updated |
The following permissions have been removed from the role contentwarehouse.documents.createcontentwarehouse.documents.deletecontentwarehouse.documents.setIamPolicy |
| Dataflow | Role Updated |
The following permissions have been added to the role cloudbuild.builds.createcloudbuild.builds.getcloudbuild.builds.listcloudbuild.builds.updateremotebuildexecution.blobs.get |
| Dataflow | Role Updated |
The following permissions have been added to the role cloudbuild.builds.createcloudbuild.builds.getcloudbuild.builds.listcloudbuild.builds.updateremotebuildexecution.blobs.get |
| Dataflow | Role Updated |
The following permissions have been added to the role dataflow.jobs.canceldataflow.jobs.createdataflow.jobs.getdataflow.jobs.listdataflow.jobs.snapshotdataflow.jobs.updateContentsdataflow.messages.listdataflow.metrics.getdataflow.snapshots.deletedataflow.snapshots.getdataflow.snapshots.listrecommender.dataflowDiagnosticsInsights.getrecommender.dataflowDiagnosticsInsights.listrecommender.dataflowDiagnosticsInsights.updateserviceusage.services.use |
| Data Pipelines | Role Updated |
The following permissions have been added to the role cloudbuild.builds.createcloudbuild.builds.getcloudbuild.builds.listcloudbuild.builds.updateremotebuildexecution.blobs.get |
| Dataprep by Trifacta | Role Updated |
The following permissions have been added to the role cloudbuild.builds.createcloudbuild.builds.getcloudbuild.builds.listcloudbuild.builds.updateremotebuildexecution.blobs.get |
| Firebase Mods | Role Updated |
The following permissions have been added to the role iam.serviceAccounts.actAs |
| Speech-to-Text | Role Updated |
The following permissions have been added to the role speech.customClasses.getspeech.customClasses.listspeech.phraseSets.getspeech.phraseSets.list |
| Apigee | Added |
apigee.datalocation.get |
| Apigee | Supported In Custom Roles |
apigee.datalocation.get |
| Apigee | Now GA |
apigee.datalocation.get |
| Compute Engine | Added |
compute.instances.createTagBindingcompute.instances.deleteTagBindingcompute.instances.listTagBindings |
| Compute Engine | Now GA |
compute.instances.createTagBindingcompute.instances.deleteTagBindingcompute.instances.listTagBindings |
| Eventarc | Added |
eventarc.channels.createeventarc.channels.deleteeventarc.channels.geteventarc.channels.getIamPolicyeventarc.channels.listeventarc.channels.publisheventarc.channels.setIamPolicyeventarc.channels.undeleteeventarc.channels.update |
| Eventarc | Supported In Custom Roles |
eventarc.channels.createeventarc.channels.deleteeventarc.channels.geteventarc.channels.getIamPolicyeventarc.channels.listeventarc.channels.publisheventarc.channels.setIamPolicyeventarc.channels.undeleteeventarc.channels.update |
| Firebase App Check | Added |
firebaseappcheck.playIntegrityConfig.getfirebaseappcheck.playIntegrityConfig.update |
| Firebase App Check | Supported In Custom Roles |
firebaseappcheck.playIntegrityConfig.getfirebaseappcheck.playIntegrityConfig.update |
| Recommender | Added |
recommender.costInsights.getrecommender.costInsights.listrecommender.costInsights.updaterecommender.runServiceIdentityInsights.getrecommender.runServiceIdentityInsights.listrecommender.runServiceIdentityInsights.updaterecommender.runServiceIdentityRecommendations.getrecommender.runServiceIdentityRecommendations.listrecommender.runServiceIdentityRecommendations.update |
| Recommender | Supported In Custom Roles |
recommender.runServiceIdentityInsights.getrecommender.runServiceIdentityInsights.listrecommender.runServiceIdentityInsights.updaterecommender.runServiceIdentityRecommendations.getrecommender.runServiceIdentityRecommendations.listrecommender.runServiceIdentityRecommendations.update |
| Recommender | Now GA |
recommender.runServiceIdentityInsights.getrecommender.runServiceIdentityInsights.listrecommender.runServiceIdentityInsights.updaterecommender.runServiceIdentityRecommendations.getrecommender.runServiceIdentityRecommendations.listrecommender.runServiceIdentityRecommendations.update |
Cloud IAM changes as of 2022-04-22
| Service | Change | Description |
|---|---|---|
| BigQuery Migration API | Now GA |
The role |
| BigQuery Migration API | Now GA |
The role |
| BigQuery Migration API | Now GA |
The role |
| BigQuery Migration API | Now GA |
The role |
| BigQuery Migration API | Now GA |
The role |
| Google Kubernetes Engine | Role Updated |
The following permissions have been added to the role serviceusage.services.use |
| Storage Transfer Service | Role Updated |
The following permissions have been removed from the role pubsub.snapshots.seek |
| BigQuery Migration API | Now GA |
bigquerymigration.locations.getbigquerymigration.locations.listbigquerymigration.subtaskTypes.executeTaskbigquerymigration.subtasks.createbigquerymigration.subtasks.executeTaskbigquerymigration.subtasks.getbigquerymigration.subtasks.listbigquerymigration.taskTypes.orchestrateTaskbigquerymigration.translation.translatebigquerymigration.workflows.createbigquerymigration.workflows.deletebigquerymigration.workflows.getbigquerymigration.workflows.listbigquerymigration.workflows.orchestrateTaskbigquerymigration.workflows.updatebigquerymigration.workflows.writeLogs |
| Cloud Key Management Service | Added |
cloudkms.keyRings.listEffectiveTags |
| Cloud Key Management Service | Now GA |
cloudkms.keyRings.listEffectiveTags |
| Cloud Optimization | Added |
cloudoptimization.operations.createcloudoptimization.operations.get |
| Cloud Optimization | Supported In Custom Roles |
cloudoptimization.operations.createcloudoptimization.operations.get |
| Cloud SQL | Added |
cloudsql.instances.listEffectiveTagscloudsql.users.get |
| Cloud SQL | Supported In Custom Roles |
cloudsql.users.get |
| Cloud SQL | Now GA |
cloudsql.instances.listEffectiveTagscloudsql.users.get |
| Compute Engine | Added |
compute.disks.listEffectiveTagscompute.images.listEffectiveTagscompute.instances.listEffectiveTagscompute.snapshots.listEffectiveTags |
| Google Kubernetes Engine | Added |
container.clusters.createTagBindingcontainer.clusters.deleteTagBindingcontainer.clusters.listEffectiveTagscontainer.clusters.listTagBindings |
| Google Kubernetes Engine | Now GA |
container.clusters.createTagBindingcontainer.clusters.deleteTagBindingcontainer.clusters.listEffectiveTagscontainer.clusters.listTagBindings |
| Cloud Domains | Added |
domains.registrations.listEffectiveTags |
| Cloud Domains | Now GA |
domains.registrations.listEffectiveTags |
| Filestore | Added |
file.backups.listEffectiveTagsfile.instances.listEffectiveTagsfile.snapshots.listEffectiveTags |
| GKE Hub | Supported In Custom Roles |
gkehub.features.creategkehub.features.deletegkehub.features.getgkehub.features.getIamPolicygkehub.features.listgkehub.features.setIamPolicygkehub.features.update |
| Managed Service for Microsoft Active Directory | Added |
managedidentities.domains.listEffectiveTags |
| Managed Service for Microsoft Active Directory | Now GA |
managedidentities.domains.listEffectiveTags |
| Recommender | Added |
recommender.computeInstanceCpuUsageInsights.getrecommender.computeInstanceCpuUsageInsights.listrecommender.computeInstanceCpuUsageInsights.updaterecommender.computeInstanceCpuUsagePredictionInsights.getrecommender.computeInstanceCpuUsagePredictionInsights.listrecommender.computeInstanceCpuUsagePredictionInsights.updaterecommender.computeInstanceCpuUsageTrendInsights.getrecommender.computeInstanceCpuUsageTrendInsights.listrecommender.computeInstanceCpuUsageTrendInsights.updaterecommender.computeInstanceGroupManagerCpuUsageInsights.getrecommender.computeInstanceGroupManagerCpuUsageInsights.listrecommender.computeInstanceGroupManagerCpuUsageInsights.updaterecommender.computeInstanceGroupManagerCpuUsagePredictionInsights.getrecommender.computeInstanceGroupManagerCpuUsagePredictionInsights.listrecommender.computeInstanceGroupManagerCpuUsagePredictionInsights.updaterecommender.computeInstanceGroupManagerCpuUsageTrendInsights.getrecommender.computeInstanceGroupManagerCpuUsageTrendInsights.listrecommender.computeInstanceGroupManagerCpuUsageTrendInsights.updaterecommender.computeInstanceGroupManagerMemoryUsageInsights.getrecommender.computeInstanceGroupManagerMemoryUsageInsights.listrecommender.computeInstanceGroupManagerMemoryUsageInsights.updaterecommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.getrecommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.listrecommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.updaterecommender.computeInstanceMemoryUsageInsights.getrecommender.computeInstanceMemoryUsageInsights.listrecommender.computeInstanceMemoryUsageInsights.updaterecommender.computeInstanceMemoryUsagePredictionInsights.getrecommender.computeInstanceMemoryUsagePredictionInsights.listrecommender.computeInstanceMemoryUsagePredictionInsights.updaterecommender.computeInstanceNetworkThroughputInsights.getrecommender.computeInstanceNetworkThroughputInsights.listrecommender.computeInstanceNetworkThroughputInsights.updaterecommender.spendBasedCommitmentInsights.getrecommender.spendBasedCommitmentInsights.listrecommender.spendBasedCommitmentInsights.updaterecommender.spendBasedCommitmentRecommendations.getrecommender.spendBasedCommitmentRecommendations.listrecommender.spendBasedCommitmentRecommendations.update |
| Recommender | Supported In Custom Roles |
recommender.computeInstanceCpuUsageInsights.getrecommender.computeInstanceCpuUsageInsights.listrecommender.computeInstanceCpuUsageInsights.updaterecommender.computeInstanceCpuUsagePredictionInsights.getrecommender.computeInstanceCpuUsagePredictionInsights.listrecommender.computeInstanceCpuUsagePredictionInsights.updaterecommender.computeInstanceCpuUsageTrendInsights.getrecommender.computeInstanceCpuUsageTrendInsights.listrecommender.computeInstanceCpuUsageTrendInsights.updaterecommender.computeInstanceGroupManagerCpuUsageInsights.getrecommender.computeInstanceGroupManagerCpuUsageInsights.listrecommender.computeInstanceGroupManagerCpuUsageInsights.updaterecommender.computeInstanceGroupManagerCpuUsagePredictionInsights.getrecommender.computeInstanceGroupManagerCpuUsagePredictionInsights.listrecommender.computeInstanceGroupManagerCpuUsagePredictionInsights.updaterecommender.computeInstanceGroupManagerCpuUsageTrendInsights.getrecommender.computeInstanceGroupManagerCpuUsageTrendInsights.listrecommender.computeInstanceGroupManagerCpuUsageTrendInsights.updaterecommender.computeInstanceGroupManagerMemoryUsageInsights.getrecommender.computeInstanceGroupManagerMemoryUsageInsights.listrecommender.computeInstanceGroupManagerMemoryUsageInsights.updaterecommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.getrecommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.listrecommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.updaterecommender.computeInstanceMemoryUsageInsights.getrecommender.computeInstanceMemoryUsageInsights.listrecommender.computeInstanceMemoryUsageInsights.updaterecommender.computeInstanceMemoryUsagePredictionInsights.getrecommender.computeInstanceMemoryUsagePredictionInsights.listrecommender.computeInstanceMemoryUsagePredictionInsights.updaterecommender.computeInstanceNetworkThroughputInsights.getrecommender.computeInstanceNetworkThroughputInsights.listrecommender.computeInstanceNetworkThroughputInsights.updaterecommender.spendBasedCommitmentInsights.getrecommender.spendBasedCommitmentInsights.listrecommender.spendBasedCommitmentInsights.updaterecommender.spendBasedCommitmentRecommendations.getrecommender.spendBasedCommitmentRecommendations.listrecommender.spendBasedCommitmentRecommendations.update |
| Recommender | Now GA |
recommender.computeInstanceCpuUsageInsights.getrecommender.computeInstanceCpuUsageInsights.listrecommender.computeInstanceCpuUsageInsights.updaterecommender.computeInstanceCpuUsagePredictionInsights.getrecommender.computeInstanceCpuUsagePredictionInsights.listrecommender.computeInstanceCpuUsagePredictionInsights.updaterecommender.computeInstanceCpuUsageTrendInsights.getrecommender.computeInstanceCpuUsageTrendInsights.listrecommender.computeInstanceCpuUsageTrendInsights.updaterecommender.computeInstanceGroupManagerCpuUsageInsights.getrecommender.computeInstanceGroupManagerCpuUsageInsights.listrecommender.computeInstanceGroupManagerCpuUsageInsights.updaterecommender.computeInstanceGroupManagerCpuUsagePredictionInsights.getrecommender.computeInstanceGroupManagerCpuUsagePredictionInsights.listrecommender.computeInstanceGroupManagerCpuUsagePredictionInsights.updaterecommender.computeInstanceGroupManagerCpuUsageTrendInsights.getrecommender.computeInstanceGroupManagerCpuUsageTrendInsights.listrecommender.computeInstanceGroupManagerCpuUsageTrendInsights.updaterecommender.computeInstanceGroupManagerMemoryUsageInsights.getrecommender.computeInstanceGroupManagerMemoryUsageInsights.listrecommender.computeInstanceGroupManagerMemoryUsageInsights.updaterecommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.getrecommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.listrecommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.updaterecommender.computeInstanceMemoryUsageInsights.getrecommender.computeInstanceMemoryUsageInsights.listrecommender.computeInstanceMemoryUsageInsights.updaterecommender.computeInstanceMemoryUsagePredictionInsights.getrecommender.computeInstanceMemoryUsagePredictionInsights.listrecommender.computeInstanceMemoryUsagePredictionInsights.updaterecommender.computeInstanceNetworkThroughputInsights.getrecommender.computeInstanceNetworkThroughputInsights.listrecommender.computeInstanceNetworkThroughputInsights.update |
| Resource Manager | Added |
resourcemanager.hierarchyNodes.listEffectiveTags |
| Cloud Spanner | Added |
spanner.backups.copy |
| Cloud Spanner | Supported In Custom Roles |
spanner.backups.copy |
| Cloud Spanner | Now GA |
spanner.backups.copy |
| Cloud Storage | Added |
storage.buckets.listEffectiveTags |
| Cloud Storage | Now GA |
storage.buckets.listEffectiveTags |
Cloud IAM changes as of 2022-04-15
| Service | Change | Description |
|---|---|---|
| AI Platform | Role Updated |
The following permissions have been added to the role aiplatform.entityTypes.exportFeatureValues |
| AI Platform | Role Updated |
The following permissions have been added to the role aiplatform.entityTypes.exportFeatureValues |
| Cloud Functions | Role Updated |
The following permissions have been added to the role cloudfunctions.functions.getcloudfunctions.functions.listcloudfunctions.operations.getcloudfunctions.operations.list |
| Dataplex | Role Updated |
The following permissions have been added to the role dataplex.tasks.createdataplex.tasks.update |
| Speech-to-Text | Now GA |
The role |
| BigQuery | Added |
bigquery.dataPolicies.createbigquery.dataPolicies.deletebigquery.dataPolicies.getbigquery.dataPolicies.getIamPolicybigquery.dataPolicies.listbigquery.dataPolicies.maskedGetbigquery.dataPolicies.setIamPolicybigquery.dataPolicies.update |
| BigQuery Migration API | Added |
bigquerymigration.locations.getbigquerymigration.locations.listbigquerymigration.subtaskTypes.executeTaskbigquerymigration.subtasks.createbigquerymigration.subtasks.executeTaskbigquerymigration.subtasks.getbigquerymigration.subtasks.listbigquerymigration.taskTypes.orchestrateTaskbigquerymigration.translation.translatebigquerymigration.workflows.createbigquerymigration.workflows.deletebigquerymigration.workflows.getbigquerymigration.workflows.listbigquerymigration.workflows.orchestrateTaskbigquerymigration.workflows.updatebigquerymigration.workflows.writeLogs |
| Compute Engine | Added |
compute.packetMirrorings.createcompute.packetMirrorings.deletecompute.packetMirrorings.getcompute.packetMirrorings.list |
| Compute Engine | Now GA |
compute.packetMirrorings.createcompute.packetMirrorings.deletecompute.packetMirrorings.getcompute.packetMirrorings.list |
Cloud IAM changes as of 2022-04-08
| Service | Change | Description |
|---|---|---|
| Assured Workloads | Role Updated |
The following permissions have been removed from the role cloudasset.assets.exportResourcecloudasset.feeds.createcloudasset.feeds.deletecloudasset.feeds.getcloudasset.feeds.update |
| Cloud Data Fusion | Role Updated |
The following permissions have been added to the role dns.managedZones.createdns.managedZones.deletedns.managedZones.getdns.managedZones.listdns.networks.bindPrivateDNSZonedns.networks.targetWithPeeringZone |
| Dataproc | Role Updated |
The following permissions have been added to the role container.clusterRoleBindings.createcontainer.clusterRoleBindings.deletecontainer.clusterRoleBindings.getcontainer.clusterRoleBindings.listcontainer.clusterRoleBindings.updatecontainer.clusterRoles.bindcontainer.clusterRoles.createcontainer.clusterRoles.deletecontainer.clusterRoles.escalatecontainer.clusterRoles.getcontainer.clusterRoles.listcontainer.clusterRoles.updatecontainer.clusters.getcontainer.clusters.updatecontainer.customResourceDefinitions.createcontainer.customResourceDefinitions.deletecontainer.customResourceDefinitions.getcontainer.customResourceDefinitions.listcontainer.customResourceDefinitions.updatecontainer.namespaces.createcontainer.namespaces.deletecontainer.namespaces.getcontainer.namespaces.listcontainer.namespaces.updatecontainer.operations.getcontainer.roleBindings.createcontainer.roleBindings.deletecontainer.roleBindings.getcontainer.roleBindings.listcontainer.roleBindings.updatecontainer.roles.bindcontainer.roles.escalate |
| Recommender | Now GA |
The role |
| Recommender | Now GA |
The role |
| Apigee Registry | Added |
apigeeregistry.apis.createapigeeregistry.apis.deleteapigeeregistry.apis.getapigeeregistry.apis.getIamPolicyapigeeregistry.apis.listapigeeregistry.apis.setIamPolicyapigeeregistry.apis.updateapigeeregistry.artifacts.createapigeeregistry.artifacts.deleteapigeeregistry.artifacts.getapigeeregistry.artifacts.getIamPolicyapigeeregistry.artifacts.listapigeeregistry.artifacts.setIamPolicyapigeeregistry.artifacts.updateapigeeregistry.deployments.createapigeeregistry.deployments.deleteapigeeregistry.deployments.getapigeeregistry.deployments.listapigeeregistry.deployments.updateapigeeregistry.instances.getapigeeregistry.instances.updateapigeeregistry.locations.getapigeeregistry.locations.listapigeeregistry.operations.cancelapigeeregistry.operations.deleteapigeeregistry.operations.getapigeeregistry.operations.listapigeeregistry.specs.createapigeeregistry.specs.deleteapigeeregistry.specs.getapigeeregistry.specs.getIamPolicyapigeeregistry.specs.listapigeeregistry.specs.setIamPolicyapigeeregistry.specs.updateapigeeregistry.versions.createapigeeregistry.versions.deleteapigeeregistry.versions.getapigeeregistry.versions.getIamPolicyapigeeregistry.versions.listapigeeregistry.versions.setIamPolicyapigeeregistry.versions.update |
| Apigee Registry | Supported In Custom Roles |
apigeeregistry.apis.createapigeeregistry.apis.deleteapigeeregistry.apis.getapigeeregistry.apis.getIamPolicyapigeeregistry.apis.listapigeeregistry.apis.setIamPolicyapigeeregistry.apis.updateapigeeregistry.artifacts.createapigeeregistry.artifacts.deleteapigeeregistry.artifacts.getapigeeregistry.artifacts.getIamPolicyapigeeregistry.artifacts.listapigeeregistry.artifacts.setIamPolicyapigeeregistry.artifacts.updateapigeeregistry.deployments.createapigeeregistry.deployments.deleteapigeeregistry.deployments.getapigeeregistry.deployments.listapigeeregistry.deployments.updateapigeeregistry.instances.getapigeeregistry.instances.updateapigeeregistry.locations.getapigeeregistry.locations.listapigeeregistry.operations.cancelapigeeregistry.operations.deleteapigeeregistry.operations.getapigeeregistry.operations.listapigeeregistry.specs.createapigeeregistry.specs.deleteapigeeregistry.specs.getapigeeregistry.specs.getIamPolicyapigeeregistry.specs.listapigeeregistry.specs.setIamPolicyapigeeregistry.specs.updateapigeeregistry.versions.createapigeeregistry.versions.deleteapigeeregistry.versions.getapigeeregistry.versions.getIamPolicyapigeeregistry.versions.listapigeeregistry.versions.setIamPolicyapigeeregistry.versions.update |
| Anthos clusters on VMware (GKE on-prem) | Added |
gkeonprem.locations.getgkeonprem.locations.listgkeonprem.operations.cancelgkeonprem.operations.deletegkeonprem.operations.getgkeonprem.operations.listgkeonprem.vmwareClusters.creategkeonprem.vmwareClusters.deletegkeonprem.vmwareClusters.enrollgkeonprem.vmwareClusters.getgkeonprem.vmwareClusters.getIamPolicygkeonprem.vmwareClusters.listgkeonprem.vmwareClusters.setIamPolicygkeonprem.vmwareClusters.unenrollgkeonprem.vmwareClusters.updategkeonprem.vmwareNodePools.creategkeonprem.vmwareNodePools.deletegkeonprem.vmwareNodePools.getgkeonprem.vmwareNodePools.getIamPolicygkeonprem.vmwareNodePools.listgkeonprem.vmwareNodePools.setIamPolicygkeonprem.vmwareNodePools.update |
| Anthos clusters on VMware (GKE on-prem) | Supported In Custom Roles |
gkeonprem.locations.getgkeonprem.locations.listgkeonprem.operations.cancelgkeonprem.operations.deletegkeonprem.operations.getgkeonprem.operations.listgkeonprem.vmwareClusters.creategkeonprem.vmwareClusters.deletegkeonprem.vmwareClusters.enrollgkeonprem.vmwareClusters.getgkeonprem.vmwareClusters.getIamPolicygkeonprem.vmwareClusters.listgkeonprem.vmwareClusters.setIamPolicygkeonprem.vmwareClusters.unenrollgkeonprem.vmwareClusters.updategkeonprem.vmwareNodePools.creategkeonprem.vmwareNodePools.deletegkeonprem.vmwareNodePools.getgkeonprem.vmwareNodePools.getIamPolicygkeonprem.vmwareNodePools.listgkeonprem.vmwareNodePools.setIamPolicygkeonprem.vmwareNodePools.update |
| Memorystore for Memcached | Added |
memcache.instances.rescheduleMaintenance |
| Memorystore for Memcached | Supported In Custom Roles |
memcache.instances.rescheduleMaintenance |
| Memorystore for Memcached | Now GA |
memcache.instances.rescheduleMaintenance |
| Recommender | Now GA |
recommender.errorReportingInsights.getrecommender.errorReportingInsights.listrecommender.errorReportingInsights.updaterecommender.errorReportingRecommendations.getrecommender.errorReportingRecommendations.listrecommender.errorReportingRecommendations.update |
| Resource Manager | Added |
resourcemanager.tagHolds.createresourcemanager.tagHolds.deleteresourcemanager.tagHolds.list |
| Resource Manager | Supported In Custom Roles |
resourcemanager.tagHolds.createresourcemanager.tagHolds.deleteresourcemanager.tagHolds.list |
Cloud IAM changes as of 2022-04-01
| Service | Change | Description |
|---|---|---|
| Apigee | Role Updated |
The following permissions have been added to the role monitoring.timeSeries.list |
| Apigee | Role Updated |
The following permissions have been added to the role monitoring.timeSeries.list |
| Bare Metal Solution | Role Updated |
The following permissions have been added to the role baremetalsolution.luns.getbaremetalsolution.luns.list |
| Bare Metal Solution | Role Updated |
The following permissions have been added to the role baremetalsolution.luns.getbaremetalsolution.luns.list |
| Bare Metal Solution | Role Updated |
The following permissions have been added to the role baremetalsolution.luns.getbaremetalsolution.luns.list |
| Dataflow | Role Updated |
The following permissions have been added to the role recommender.dataflowDiagnosticsInsights.getrecommender.dataflowDiagnosticsInsights.listrecommender.dataflowDiagnosticsInsights.update |
| Dataflow | Role Updated |
The following permissions have been added to the role recommender.dataflowDiagnosticsInsights.getrecommender.dataflowDiagnosticsInsights.listrecommender.dataflowDiagnosticsInsights.update |
| Dataflow | Role Updated |
The following permissions have been added to the role recommender.dataflowDiagnosticsInsights.getrecommender.dataflowDiagnosticsInsights.list |
| Data Pipelines | Role Updated |
The following permissions have been added to the role recommender.dataflowDiagnosticsInsights.getrecommender.dataflowDiagnosticsInsights.listrecommender.dataflowDiagnosticsInsights.update |
| Dataprep by Trifacta | Role Updated |
The following permissions have been added to the role recommender.dataflowDiagnosticsInsights.getrecommender.dataflowDiagnosticsInsights.listrecommender.dataflowDiagnosticsInsights.update |
| Filestore | Added |
file.backups.createTagBindingfile.backups.deleteTagBindingfile.backups.listTagBindingsfile.instances.createTagBindingfile.instances.deleteTagBindingfile.instances.listTagBindingsfile.snapshots.createTagBindingfile.snapshots.deleteTagBindingfile.snapshots.listTagBindings |
| GKE Hub | Available In Custom Roles |
gkehub.features.creategkehub.features.deletegkehub.features.getgkehub.features.getIamPolicygkehub.features.listgkehub.features.setIamPolicygkehub.features.update |
| Notebooks | Added |
notebooks.runtimes.update |
| Notebooks | Now GA |
notebooks.runtimes.update |
Cloud IAM changes as of 2022-03-25
| Service | Change | Description |
|---|---|---|
| Recommendations AI | Role Updated |
The following permissions have been added to the role retail.retailProjects.get |
| Recommendations AI | Role Updated |
The following permissions have been added to the role retail.retailProjects.get |
| Recommendations AI | Role Updated |
The following permissions have been added to the role retail.retailProjects.get |
| Recommendations AI | Role Updated |
The following permissions have been added to the role retail.retailProjects.get |
| Firewall Insights | Role Updated |
The following permissions have been added to the role compute.networks.getEffectiveFirewalls |
| Cloud Run | Role Updated |
The following permissions have been added to the role binaryauthorization.platformPolicies.evaluatePolicy |
| Cloud Run | Role Updated |
The following permissions have been added to the role binaryauthorization.platformPolicies.evaluatePolicy |
| Advisory Notifications | Added |
advisorynotifications.notifications.getadvisorynotifications.notifications.list |
| Analytics Hub | Added |
analyticshub.dataExchanges.createanalyticshub.dataExchanges.deleteanalyticshub.dataExchanges.getanalyticshub.dataExchanges.getIamPolicyanalyticshub.dataExchanges.listanalyticshub.dataExchanges.setIamPolicyanalyticshub.dataExchanges.updateanalyticshub.listings.createanalyticshub.listings.deleteanalyticshub.listings.getanalyticshub.listings.getIamPolicyanalyticshub.listings.listanalyticshub.listings.setIamPolicyanalyticshub.listings.subscribeanalyticshub.listings.update |
| Analytics Hub | Supported In Custom Roles |
analyticshub.dataExchanges.createanalyticshub.dataExchanges.deleteanalyticshub.dataExchanges.getanalyticshub.dataExchanges.getIamPolicyanalyticshub.dataExchanges.listanalyticshub.dataExchanges.setIamPolicyanalyticshub.dataExchanges.updateanalyticshub.listings.createanalyticshub.listings.deleteanalyticshub.listings.getanalyticshub.listings.getIamPolicyanalyticshub.listings.listanalyticshub.listings.setIamPolicyanalyticshub.listings.subscribeanalyticshub.listings.update |
| Apigee | Added |
apigee.keyvaluemapentries.list |
| Apigee | Supported In Custom Roles |
apigee.keyvaluemapentries.list |
| Apigee | Now GA |
apigee.keyvaluemapentries.list |
| Artifact Registry | Added |
artifactregistry.repositories.createTagBindingartifactregistry.repositories.deleteTagBindingartifactregistry.repositories.listEffectiveTagsartifactregistry.repositories.listTagBindings |
| Artifact Registry | Supported In Custom Roles |
artifactregistry.repositories.createTagBindingartifactregistry.repositories.deleteTagBindingartifactregistry.repositories.listEffectiveTagsartifactregistry.repositories.listTagBindings |
| Artifact Registry | Now GA |
artifactregistry.repositories.createTagBindingartifactregistry.repositories.deleteTagBindingartifactregistry.repositories.listEffectiveTagsartifactregistry.repositories.listTagBindings |
| BigQuery | Added |
bigquery.tables.createIndexbigquery.tables.deleteIndex |
| BigQuery | Supported In Custom Roles |
bigquery.tables.createIndexbigquery.tables.deleteIndex |
| Compute Engine | Added |
compute.backendBuckets.setSecurityPolicy |
| Compute Engine | Now GA |
compute.backendBuckets.setSecurityPolicy |
| Datastore | Supported In Custom Roles |
datastore.databases.createdatastore.databases.getMetadatadatastore.databases.listdatastore.databases.update |
| Cloud Domains | Added |
domains.registrations.createTagBindingdomains.registrations.deleteTagBindingdomains.registrations.listTagBindings |
| Cloud Domains | Now GA |
domains.registrations.createTagBindingdomains.registrations.deleteTagBindingdomains.registrations.listTagBindings |
| Retail API | Added |
retail.retailProjects.get |
| Cloud Run | Added |
run.services.createTagBindingrun.services.deleteTagBindingrun.services.listEffectiveTagsrun.services.listTagBindings |
| Cloud Run | Supported In Custom Roles |
run.services.createTagBindingrun.services.deleteTagBindingrun.services.listEffectiveTagsrun.services.listTagBindings |
| Cloud Run | Now GA |
run.services.createTagBindingrun.services.deleteTagBindingrun.services.listEffectiveTagsrun.services.listTagBindings |
Cloud IAM changes as of 2022-03-18
| Service | Change | Description |
|---|---|---|
| Assured Workloads | Role Updated |
The following permissions have been added to the role assuredworkloads.violations.getassuredworkloads.violations.list |
| Assured Workloads | Role Updated |
The following permissions have been added to the role assuredworkloads.violations.getassuredworkloads.violations.list |
| Assured Workloads | Role Updated |
The following permissions have been added to the role assuredworkloads.violations.getassuredworkloads.violations.list |
| Bare Metal Solution | Now GA |
The role |
| Bare Metal Solution | Now GA |
The role |
| Bare Metal Solution | Now GA |
The role |
| Bare Metal Solution | Now GA |
The role |
| Bare Metal Solution | Now GA |
The role |
| Bare Metal Solution | Now GA |
The role |
| Bare Metal Solution | Now GA |
The role |
| Bare Metal Solution | Now GA |
The role |
| Bare Metal Solution | Role Updated |
The following permissions have been added to the role baremetalsolution.instances.start |
| Basic Role | Role Updated |
The following permissions have been added to the role assuredworkloads.violations.getassuredworkloads.violations.list |
| Identity and Access Management | Role Updated |
The following permissions have been added to the role assuredworkloads.violations.list |
| Identity and Access Management | Role Updated |
The following permissions have been added to the role assuredworkloads.violations.list |
| Basic Role | Role Updated |
The following permissions have been added to the role assuredworkloads.violations.getassuredworkloads.violations.list |
| Recommender | Now GA |
The role |
| Recommender | Now GA |
The role |
| Basic Role | Role Updated |
The following permissions have been added to the role assuredworkloads.violations.getassuredworkloads.violations.list |
| Assured Workloads | Added |
assuredworkloads.violations.getassuredworkloads.violations.list |
| Bare Metal Solution | Added |
baremetalsolution.instances.startbaremetalsolution.instances.updatebaremetalsolution.networks.updatebaremetalsolution.nfsshares.getbaremetalsolution.nfsshares.listbaremetalsolution.nfsshares.update |
| Bare Metal Solution | Supported In Custom Roles |
baremetalsolution.instances.startbaremetalsolution.instances.updatebaremetalsolution.networks.updatebaremetalsolution.nfsshares.getbaremetalsolution.nfsshares.listbaremetalsolution.nfsshares.update |
| Bare Metal Solution | Now GA |
baremetalsolution.instances.startbaremetalsolution.instances.updatebaremetalsolution.networks.updatebaremetalsolution.nfsshares.getbaremetalsolution.nfsshares.listbaremetalsolution.nfsshares.update |
| Recommender | Added |
recommender.dataflowDiagnosticsInsights.getrecommender.dataflowDiagnosticsInsights.listrecommender.dataflowDiagnosticsInsights.updaterecommender.errorReportingInsights.getrecommender.errorReportingInsights.listrecommender.errorReportingInsights.updaterecommender.errorReportingRecommendations.getrecommender.errorReportingRecommendations.listrecommender.errorReportingRecommendations.update |
| Recommender | Supported In Custom Roles |
recommender.dataflowDiagnosticsInsights.getrecommender.dataflowDiagnosticsInsights.listrecommender.dataflowDiagnosticsInsights.updaterecommender.errorReportingInsights.getrecommender.errorReportingInsights.listrecommender.errorReportingInsights.updaterecommender.errorReportingRecommendations.getrecommender.errorReportingRecommendations.listrecommender.errorReportingRecommendations.update |
| Recommender | Now GA |
recommender.dataflowDiagnosticsInsights.getrecommender.dataflowDiagnosticsInsights.listrecommender.dataflowDiagnosticsInsights.update |
Cloud IAM changes as of 2022-03-11
| Service | Change | Description |
|---|---|---|
| App Engine flexible environment | Role Updated |
The following permissions have been added to the role compute.routes.list |
| Edge Container | Now GA |
The role |
| Edge Container | Now GA |
The role |
| Edge Container | Now GA |
The role |
| Basic Role | Role Updated |
The following permissions have been added to the role servicedirectory.networks.attach |
| Backup for GKE | Now GA |
The role |
| Basic Role | Role Updated |
The following permissions have been added to the role servicedirectory.networks.attach |
| Retail API | Role Updated |
The following permissions have been added to the role retail.attributesConfigs.exportCatalogAttributesretail.controls.export |
| Basic Role | Role Updated |
The following permissions have been added to the role retail.attributesConfigs.exportCatalogAttributesretail.controls.export |
| Edge Container | Added |
edgecontainer.clusters.createedgecontainer.clusters.deleteedgecontainer.clusters.generateAccessTokenedgecontainer.clusters.getedgecontainer.clusters.getIamPolicyedgecontainer.clusters.listedgecontainer.clusters.setIamPolicyedgecontainer.clusters.updateedgecontainer.locations.getedgecontainer.locations.listedgecontainer.machines.createedgecontainer.machines.deleteedgecontainer.machines.getedgecontainer.machines.getIamPolicyedgecontainer.machines.listedgecontainer.machines.setIamPolicyedgecontainer.machines.updateedgecontainer.machines.useedgecontainer.nodePools.createedgecontainer.nodePools.deleteedgecontainer.nodePools.getedgecontainer.nodePools.getIamPolicyedgecontainer.nodePools.listedgecontainer.nodePools.setIamPolicyedgecontainer.nodePools.updateedgecontainer.operations.canceledgecontainer.operations.deleteedgecontainer.operations.getedgecontainer.operations.listedgecontainer.vpnConnections.createedgecontainer.vpnConnections.deleteedgecontainer.vpnConnections.getedgecontainer.vpnConnections.getIamPolicyedgecontainer.vpnConnections.listedgecontainer.vpnConnections.setIamPolicyedgecontainer.vpnConnections.update |
| Edge Container | Supported In Custom Roles |
edgecontainer.clusters.createedgecontainer.clusters.deleteedgecontainer.clusters.generateAccessTokenedgecontainer.clusters.getedgecontainer.clusters.getIamPolicyedgecontainer.clusters.listedgecontainer.clusters.setIamPolicyedgecontainer.clusters.updateedgecontainer.locations.getedgecontainer.locations.listedgecontainer.machines.createedgecontainer.machines.deleteedgecontainer.machines.getedgecontainer.machines.getIamPolicyedgecontainer.machines.listedgecontainer.machines.setIamPolicyedgecontainer.machines.updateedgecontainer.machines.useedgecontainer.nodePools.createedgecontainer.nodePools.deleteedgecontainer.nodePools.getedgecontainer.nodePools.getIamPolicyedgecontainer.nodePools.listedgecontainer.nodePools.setIamPolicyedgecontainer.nodePools.updateedgecontainer.operations.canceledgecontainer.operations.deleteedgecontainer.operations.getedgecontainer.operations.listedgecontainer.vpnConnections.createedgecontainer.vpnConnections.deleteedgecontainer.vpnConnections.getedgecontainer.vpnConnections.getIamPolicyedgecontainer.vpnConnections.listedgecontainer.vpnConnections.setIamPolicyedgecontainer.vpnConnections.update |
| Edge Container | Now GA |
edgecontainer.clusters.createedgecontainer.clusters.deleteedgecontainer.clusters.generateAccessTokenedgecontainer.clusters.getedgecontainer.clusters.getIamPolicyedgecontainer.clusters.listedgecontainer.clusters.setIamPolicyedgecontainer.clusters.updateedgecontainer.locations.getedgecontainer.locations.listedgecontainer.machines.createedgecontainer.machines.deleteedgecontainer.machines.getedgecontainer.machines.getIamPolicyedgecontainer.machines.listedgecontainer.machines.setIamPolicyedgecontainer.machines.updateedgecontainer.machines.useedgecontainer.nodePools.createedgecontainer.nodePools.deleteedgecontainer.nodePools.getedgecontainer.nodePools.getIamPolicyedgecontainer.nodePools.listedgecontainer.nodePools.setIamPolicyedgecontainer.nodePools.updateedgecontainer.operations.canceledgecontainer.operations.deleteedgecontainer.operations.getedgecontainer.operations.listedgecontainer.vpnConnections.createedgecontainer.vpnConnections.deleteedgecontainer.vpnConnections.getedgecontainer.vpnConnections.getIamPolicyedgecontainer.vpnConnections.listedgecontainer.vpnConnections.setIamPolicyedgecontainer.vpnConnections.update |
| Retail API | Added |
retail.attributesConfigs.addCatalogAttributeretail.attributesConfigs.batchRemoveCatalogAttributesretail.attributesConfigs.exportCatalogAttributesretail.attributesConfigs.importCatalogAttributesretail.attributesConfigs.removeCatalogAttributeretail.attributesConfigs.replaceCatalogAttributeretail.controls.exportretail.controls.import |
| Storage Transfer Service | Added |
storagetransfer.agentpools.reportstoragetransfer.operations.assignstoragetransfer.operations.report |
| Storage Transfer Service | Now GA |
storagetransfer.agentpools.reportstoragetransfer.operations.assignstoragetransfer.operations.report |
Cloud IAM changes as of 2022-03-04
| Service | Change | Description |
|---|---|---|
| Apigee | Role Updated |
The following permissions have been added to the role apigee.envgroupattachments.getapigee.envgroupattachments.listapigee.envgroups.getapigee.envgroups.listapigee.environments.getapigee.environments.listapigee.organizations.getapigee.organizations.listresourcemanager.projects.getresourcemanager.projects.list |
| Apigee | Role Updated |
The following permissions have been added to the role apigee.envgroupattachments.getapigee.envgroupattachments.listapigee.envgroups.getapigee.envgroups.listapigee.environments.getapigee.environments.listapigee.organizations.getapigee.organizations.listresourcemanager.projects.getresourcemanager.projects.list |
| Dataplex | Role Updated |
The following permissions have been added to the role dataplex.operations.canceldataplex.operations.deletedataplex.operations.getdataplex.operations.list |
| Dataplex | Role Updated |
The following permissions have been added to the role dataplex.operations.getdataplex.operations.list |
| Firebase | Role Updated |
The following permissions have been added to the role storage.buckets.list |
| FleetEngine | Now GA |
The role |
| FleetEngine | Now GA |
The role |
| FleetEngine | Now GA |
The role |
| FleetEngine | Now GA |
The role |
| FleetEngine | Now GA |
The role |
| Identity and Access Management | Now GA |
The role |
| Managed Service for Microsoft Active Directory | Now GA |
The role |
| Notebooks | Role Updated |
The following permissions have been added to the role iam.serviceAccounts.getAccessToken |
| AI Platform | Added |
aiplatform.deploymentResourcePools.createaiplatform.deploymentResourcePools.deleteaiplatform.deploymentResourcePools.getaiplatform.deploymentResourcePools.listaiplatform.deploymentResourcePools.queryDeployedModelsaiplatform.deploymentResourcePools.update |
| BigQuery | Added |
bigquery.connections.delegatebigquery.jobs.listExecutionMetadata |
| BigQuery | Supported In Custom Roles |
bigquery.connections.delegatebigquery.jobs.listExecutionMetadata |
| Cloud Key Management Service | Now GA |
cloudkms.ekmConnections.createcloudkms.ekmConnections.getcloudkms.ekmConnections.getIamPolicycloudkms.ekmConnections.listcloudkms.ekmConnections.setIamPolicycloudkms.ekmConnections.updatecloudkms.ekmConnections.use |
| FleetEngine | Added |
fleetengine.deliveryvehicles.createfleetengine.deliveryvehicles.getfleetengine.deliveryvehicles.listfleetengine.deliveryvehicles.updatefleetengine.deliveryvehicles.updateLocationfleetengine.deliveryvehicles.updateVehicleStopsfleetengine.tasks.createfleetengine.tasks.getfleetengine.tasks.listfleetengine.tasks.searchWithTrackingIdfleetengine.tasks.update |
| FleetEngine | Supported In Custom Roles |
fleetengine.deliveryvehicles.createfleetengine.deliveryvehicles.getfleetengine.deliveryvehicles.listfleetengine.deliveryvehicles.updatefleetengine.deliveryvehicles.updateLocationfleetengine.deliveryvehicles.updateVehicleStopsfleetengine.tasks.createfleetengine.tasks.getfleetengine.tasks.listfleetengine.tasks.searchWithTrackingIdfleetengine.tasks.update |
| FleetEngine | Now GA |
fleetengine.deliveryvehicles.createfleetengine.deliveryvehicles.getfleetengine.deliveryvehicles.listfleetengine.deliveryvehicles.updatefleetengine.deliveryvehicles.updateLocationfleetengine.deliveryvehicles.updateVehicleStopsfleetengine.tasks.createfleetengine.tasks.getfleetengine.tasks.listfleetengine.tasks.searchWithTrackingIdfleetengine.tasks.update |
Cloud IAM changes as of 2022-02-25
| Service | Change | Description |
|---|---|---|
| Dataform | Now GA |
The role |
| Firestore | Role Updated |
The following permissions have been added to the role storage.objects.delete |
| KRM API Hosting | Now GA |
The role |
| KRM API Hosting | Now GA |
The role |
| Managed Service for Microsoft Active Directory | Now GA |
The role |
| Managed Service for Microsoft Active Directory | Now GA |
The role |
| Dataform | Now GA |
The role |
| Dialogflow | Added |
dialogflow.integrations.createdialogflow.integrations.deletedialogflow.integrations.getdialogflow.integrations.listdialogflow.integrations.update |
| Dialogflow | Now GA |
dialogflow.integrations.createdialogflow.integrations.deletedialogflow.integrations.getdialogflow.integrations.listdialogflow.integrations.update |
| Cloud Data Loss Prevention | Added |
dlp.locations.getdlp.locations.list |
| Cloud Data Loss Prevention | Supported In Custom Roles |
dlp.locations.getdlp.locations.list |
| Cloud Data Loss Prevention | Now GA |
dlp.locations.getdlp.locations.list |
| Eventarc | Added |
eventarc.providers.geteventarc.providers.list |
| Eventarc | Supported In Custom Roles |
eventarc.providers.geteventarc.providers.list |
| Eventarc | Now GA |
eventarc.providers.geteventarc.providers.list |
| KRM API Hosting | Now GA |
krmapihosting.krmApiHosts.createkrmapihosting.krmApiHosts.deletekrmapihosting.krmApiHosts.getkrmapihosting.krmApiHosts.getIamPolicykrmapihosting.krmApiHosts.listkrmapihosting.krmApiHosts.setIamPolicykrmapihosting.krmApiHosts.updatekrmapihosting.locations.getkrmapihosting.locations.listkrmapihosting.operations.cancelkrmapihosting.operations.deletekrmapihosting.operations.getkrmapihosting.operations.list |
| Managed Service for Microsoft Active Directory | Added |
managedidentities.backups.createmanagedidentities.backups.deletemanagedidentities.backups.getmanagedidentities.backups.getIamPolicymanagedidentities.backups.listmanagedidentities.backups.setIamPolicymanagedidentities.backups.updatemanagedidentities.domains.createTagBindingmanagedidentities.domains.deleteTagBindingmanagedidentities.domains.listTagBindingsmanagedidentities.domains.restore |
| Managed Service for Microsoft Active Directory | Supported In Custom Roles |
managedidentities.backups.createmanagedidentities.backups.deletemanagedidentities.backups.getmanagedidentities.backups.getIamPolicymanagedidentities.backups.listmanagedidentities.backups.setIamPolicymanagedidentities.backups.updatemanagedidentities.domains.restore |
| Managed Service for Microsoft Active Directory | Now GA |
managedidentities.backups.createmanagedidentities.backups.deletemanagedidentities.backups.getmanagedidentities.backups.getIamPolicymanagedidentities.backups.listmanagedidentities.backups.setIamPolicymanagedidentities.backups.updatemanagedidentities.domains.createTagBindingmanagedidentities.domains.deleteTagBindingmanagedidentities.domains.listTagBindingsmanagedidentities.domains.restore |
Cloud IAM changes as of 2022-02-18
| Service | Change | Description |
|---|---|---|
| Datastore | Role Updated |
The following permissions have been added to the role datastore.databases.getMetadata |
| Datastore | Role Updated |
The following permissions have been added to the role datastore.databases.getMetadata |
| Datastore | Role Updated |
The following permissions have been added to the role datastore.databases.getMetadata |
| Firebase Mods | Role Updated |
The following permissions have been added to the role appengine.applications.getcloudtasks.locations.getcloudtasks.locations.listcloudtasks.queues.createcloudtasks.queues.deletecloudtasks.queues.getcloudtasks.queues.getIamPolicycloudtasks.queues.listcloudtasks.queues.pausecloudtasks.queues.purgecloudtasks.queues.resumecloudtasks.queues.setIamPolicycloudtasks.queues.updatecloudtasks.tasks.createcloudtasks.tasks.fullView |
| GKE Hub | Role Updated |
The following permissions have been added to the role gkehub.fleet.creategkehub.fleet.get |
| Binary Authorization | Added |
binaryauthorization.platformPolicies.createbinaryauthorization.platformPolicies.deletebinaryauthorization.platformPolicies.evaluatePolicybinaryauthorization.platformPolicies.getbinaryauthorization.platformPolicies.listbinaryauthorization.platformPolicies.replacebinaryauthorization.policy.evaluatePolicy |
| Binary Authorization | Supported In Custom Roles |
binaryauthorization.platformPolicies.createbinaryauthorization.platformPolicies.deletebinaryauthorization.platformPolicies.evaluatePolicybinaryauthorization.platformPolicies.getbinaryauthorization.platformPolicies.listbinaryauthorization.platformPolicies.replacebinaryauthorization.policy.evaluatePolicy |
| Compute Engine | Added |
compute.networks.getRegionEffectiveFirewallscompute.networks.setFirewallPolicycompute.regionFirewallPolicies.cloneRulescompute.regionFirewallPolicies.createcompute.regionFirewallPolicies.deletecompute.regionFirewallPolicies.getcompute.regionFirewallPolicies.getIamPolicycompute.regionFirewallPolicies.listcompute.regionFirewallPolicies.setIamPolicycompute.regionFirewallPolicies.updatecompute.regionFirewallPolicies.use |
| Compute Engine | Now GA |
compute.networks.getRegionEffectiveFirewallscompute.networks.setFirewallPolicycompute.regionFirewallPolicies.cloneRulescompute.regionFirewallPolicies.createcompute.regionFirewallPolicies.deletecompute.regionFirewallPolicies.getcompute.regionFirewallPolicies.getIamPolicycompute.regionFirewallPolicies.listcompute.regionFirewallPolicies.setIamPolicycompute.regionFirewallPolicies.updatecompute.regionFirewallPolicies.use |
| KRM API Hosting | Added |
krmapihosting.krmApiHosts.createkrmapihosting.krmApiHosts.deletekrmapihosting.krmApiHosts.getkrmapihosting.krmApiHosts.getIamPolicykrmapihosting.krmApiHosts.listkrmapihosting.krmApiHosts.setIamPolicykrmapihosting.krmApiHosts.updatekrmapihosting.locations.getkrmapihosting.locations.listkrmapihosting.operations.cancelkrmapihosting.operations.deletekrmapihosting.operations.getkrmapihosting.operations.list |
| KRM API Hosting | Supported In Custom Roles |
krmapihosting.krmApiHosts.createkrmapihosting.krmApiHosts.deletekrmapihosting.krmApiHosts.getkrmapihosting.krmApiHosts.getIamPolicykrmapihosting.krmApiHosts.listkrmapihosting.krmApiHosts.setIamPolicykrmapihosting.krmApiHosts.updatekrmapihosting.locations.getkrmapihosting.locations.listkrmapihosting.operations.cancelkrmapihosting.operations.deletekrmapihosting.operations.getkrmapihosting.operations.list |
| Cloud OS Config | Added |
osconfig.patchDeployments.pauseosconfig.patchDeployments.resume |
| Cloud OS Config | Now GA |
osconfig.patchDeployments.pauseosconfig.patchDeployments.resume |
| Service Networking | Added |
servicenetworking.services.use |
Cloud IAM changes as of 2022-02-11
| Service | Change | Description |
|---|---|---|
| AI Platform | Role Added |
The role aiplatform.googleapis.com/tensorboards.recordAccessaiplatform.tensorboards.recordAccess |
| AI Platform | Role Updated |
The following permissions have been added to the role aiplatform.tensorboards.recordAccess |
| App Engine flexible environment | Role Updated |
The following permissions have been added to the role compute.routes.getcompute.subnetworks.get |
| Binary Authorization | Role Updated |
The following permissions have been added to the role cloudasset.assets.exportResource |
| Firebase | Role Updated |
The following permissions have been added to the role datastore.databases.getMetadata |
| Firebase | Role Updated |
The following permissions have been added to the role serviceusage.services.use |
| Firebase | Role Updated |
The following permissions have been added to the role datastore.databases.getMetadata |
| Notebooks | Role Updated |
The following permissions have been added to the role dataproc.clusters.use |
| Recommender | Role Updated |
The following permissions have been added to the role monitoring.timeSeries.list |
| Recommender | Role Updated |
The following permissions have been added to the role monitoring.timeSeries.list |
| Security Command Center | Now GA |
The role |
| Security Command Center | Now GA |
The role |
| Visual Inspection AI | Role Updated |
The following permissions have been added to the role aiplatform.tensorboards.recordAccess |
| AI Platform | Added |
aiplatform.tensorboards.recordAccess |
| Cloud Healthcare API | Added |
healthcare.nlpservice.analyzeEntities |
| Cloud Healthcare API | Now GA |
healthcare.nlpservice.analyzeEntities |
| Dataproc Metastore | Added |
metastore.services.use |
| Dataproc Metastore | Supported In Custom Roles |
metastore.services.use |
| Security Command Center | Added |
securitycenter.bigQueryExports.createsecuritycenter.bigQueryExports.deletesecuritycenter.bigQueryExports.getsecuritycenter.bigQueryExports.listsecuritycenter.bigQueryExports.update |
| Security Command Center | Supported In Custom Roles |
securitycenter.bigQueryExports.createsecuritycenter.bigQueryExports.deletesecuritycenter.bigQueryExports.getsecuritycenter.bigQueryExports.listsecuritycenter.bigQueryExports.update |
| Security Command Center | Now GA |
securitycenter.bigQueryExports.createsecuritycenter.bigQueryExports.deletesecuritycenter.bigQueryExports.getsecuritycenter.bigQueryExports.listsecuritycenter.bigQueryExports.update |
| Cloud TPU | Added |
tpu.nodes.update |
| Cloud TPU | Supported In Custom Roles |
tpu.nodes.update |
| Cloud TPU | Now GA |
tpu.nodes.update |
Cloud IAM changes as of 2022-01-28
| Service | Change | Description |
|---|---|---|
| Cloud Composer | Role Updated |
The following permissions have been added to the role storage.multipartUploads.abortstorage.multipartUploads.createstorage.multipartUploads.liststorage.multipartUploads.listParts |
| Cloud Composer | Role Updated |
The following permissions have been added to the role storage.multipartUploads.abortstorage.multipartUploads.createstorage.multipartUploads.liststorage.multipartUploads.listParts |
| Dataplex | Now GA |
The role |
| Dataprep by Trifacta | Role Updated |
The following permissions have been added to the role storage.multipartUploads.abortstorage.multipartUploads.createstorage.multipartUploads.liststorage.multipartUploads.listParts |
| Basic Role | Role Updated |
The following permissions have been added to the role bigquery.config.update |
| Firebase | Role Updated |
The following permissions have been added to the role storage.multipartUploads.abortstorage.multipartUploads.createstorage.multipartUploads.liststorage.multipartUploads.listParts |
| Notebooks | Role Updated |
The following permissions have been added to the role dataproc.clusters.getdataproc.jobs.canceldataproc.jobs.createdataproc.jobs.deletedataproc.jobs.getdataproc.jobs.listdataproc.jobs.update |
| Cloud Storage | Role Updated |
The following permissions have been added to the role storage.multipartUploads.abortstorage.multipartUploads.createstorage.multipartUploads.liststorage.multipartUploads.listParts |
| Data Pipelines | Added |
datapipelines.jobs.list |
| Data Pipelines | Supported In Custom Roles |
datapipelines.jobs.list |
| Data Pipelines | Now GA |
datapipelines.jobs.list |
| Dataproc | Added |
dataproc.batches.canceldataproc.batches.createdataproc.batches.deletedataproc.batches.getdataproc.batches.list |
| Dataproc | Supported In Custom Roles |
dataproc.batches.canceldataproc.batches.createdataproc.batches.deletedataproc.batches.getdataproc.batches.list |
| Dataproc | Now GA |
dataproc.batches.canceldataproc.batches.createdataproc.batches.deletedataproc.batches.getdataproc.batches.list |
| Identity and Access Management | Supported In Custom Roles |
iam.denypolicies.getiam.denypolicies.list |
| Dataproc Metastore | Added |
metastore.databases.createmetastore.databases.deletemetastore.databases.getmetastore.databases.getIamPolicymetastore.databases.listmetastore.databases.setIamPolicymetastore.databases.updatemetastore.tables.createmetastore.tables.deletemetastore.tables.getmetastore.tables.getIamPolicymetastore.tables.listmetastore.tables.setIamPolicymetastore.tables.update |
| Dataproc Metastore | Supported In Custom Roles |
metastore.databases.createmetastore.databases.deletemetastore.databases.getmetastore.databases.getIamPolicymetastore.databases.listmetastore.databases.setIamPolicymetastore.databases.updatemetastore.tables.createmetastore.tables.deletemetastore.tables.getmetastore.tables.getIamPolicymetastore.tables.listmetastore.tables.setIamPolicymetastore.tables.update |
| Workflows | Added |
workflows.callbacks.send |
| Workflows | Supported In Custom Roles |
workflows.callbacks.send |
| Workflows | Now GA |
workflows.callbacks.send |
Cloud IAM changes as of 2022-01-14
| Service | Change | Description |
|---|---|---|
| Data Catalog | Now GA |
The role |
| Data Catalog | Now GA |
The role |
| Dataplex | Now GA |
The role |
| Dataplex | Now GA |
The role |
| Dataplex | Now GA |
The role |
| Dataplex | Now GA |
The role |
| Dataplex | Now GA |
The role |
| Dataplex | Now GA |
The role |
| Dataplex | Now GA |
The role |
| Dataplex | Now GA |
The role |
| Dataplex | Now GA |
The role |
| Dataplex | Now GA |
The role |
| Dataplex | Now GA |
The role |
| Dataplex | Now GA |
The role |
| Dialogflow | Role Updated |
The following permissions have been added to the role speech.customClasses.getspeech.customClasses.listspeech.phraseSets.getspeech.phraseSets.list |
| Firebase Mods | Role Updated |
The following permissions have been added to the role artifactregistry.packages.delete |
| Cloud OS Config | Now GA |
The role |
| Cloud OS Config | Now GA |
The role |
| Cloud OS Config | Now GA |
The role |
| Cloud OS Config | Now GA |
The role |
| Recommender | Now GA |
The role |
| Recommender | Now GA |
The role |
| Security Command Center | Role Updated |
The following permissions have been added to the role compute.instances.get |
| Cloud Functions | Added |
cloudfunctions.runtimes.list |
| Cloud Functions | Now GA |
cloudfunctions.runtimes.list |
| Cloud Key Management Service | Added |
cloudkms.ekmConnections.createcloudkms.ekmConnections.getcloudkms.ekmConnections.getIamPolicycloudkms.ekmConnections.listcloudkms.ekmConnections.setIamPolicycloudkms.ekmConnections.updatecloudkms.ekmConnections.use |
| Data Catalog | Supported In Custom Roles |
datacatalog.categories.fineGrainedGetdatacatalog.categories.getIamPolicydatacatalog.categories.setIamPolicydatacatalog.taxonomies.createdatacatalog.taxonomies.deletedatacatalog.taxonomies.getdatacatalog.taxonomies.getIamPolicydatacatalog.taxonomies.listdatacatalog.taxonomies.setIamPolicydatacatalog.taxonomies.update |
| Data Catalog | Now GA |
datacatalog.categories.fineGrainedGetdatacatalog.categories.getIamPolicydatacatalog.categories.setIamPolicydatacatalog.taxonomies.createdatacatalog.taxonomies.deletedatacatalog.taxonomies.getdatacatalog.taxonomies.getIamPolicydatacatalog.taxonomies.listdatacatalog.taxonomies.setIamPolicydatacatalog.taxonomies.update |
| Dataflow | Supported In Custom Roles |
dataflow.shuffle.readdataflow.shuffle.writedataflow.streamingWorkItems.commitWorkdataflow.streamingWorkItems.getDatadataflow.streamingWorkItems.getWorkdataflow.workItems.leasedataflow.workItems.sendMessagedataflow.workItems.update |
| Dataflow | Now GA |
dataflow.shuffle.readdataflow.shuffle.writedataflow.streamingWorkItems.commitWorkdataflow.streamingWorkItems.getDatadataflow.streamingWorkItems.getWorkdataflow.workItems.leasedataflow.workItems.sendMessagedataflow.workItems.update |
| Dataplex | Added |
dataplex.assetActions.listdataplex.assets.createdataplex.assets.deletedataplex.assets.getdataplex.assets.getIamPolicydataplex.assets.listdataplex.assets.ownDatadataplex.assets.readDatadataplex.assets.setIamPolicydataplex.assets.updatedataplex.assets.writeDatadataplex.content.createdataplex.content.deletedataplex.content.getdataplex.content.getIamPolicydataplex.content.listdataplex.content.setIamPolicydataplex.content.updatedataplex.entities.createdataplex.entities.deletedataplex.entities.getdataplex.entities.listdataplex.entities.updatedataplex.environments.createdataplex.environments.deletedataplex.environments.executedataplex.environments.getdataplex.environments.getIamPolicydataplex.environments.listdataplex.environments.setIamPolicydataplex.environments.updatedataplex.lakeActions.listdataplex.lakes.createdataplex.lakes.deletedataplex.lakes.getdataplex.lakes.getIamPolicydataplex.lakes.listdataplex.lakes.setIamPolicydataplex.lakes.updatedataplex.locations.getdataplex.locations.listdataplex.operations.canceldataplex.operations.deletedataplex.operations.getdataplex.operations.listdataplex.partitions.createdataplex.partitions.deletedataplex.partitions.getdataplex.partitions.listdataplex.partitions.updatedataplex.tasks.canceldataplex.tasks.createdataplex.tasks.deletedataplex.tasks.getdataplex.tasks.getIamPolicydataplex.tasks.listdataplex.tasks.setIamPolicydataplex.tasks.updatedataplex.zoneActions.listdataplex.zones.createdataplex.zones.deletedataplex.zones.getdataplex.zones.getIamPolicydataplex.zones.listdataplex.zones.setIamPolicydataplex.zones.update |
| Dataplex | Supported In Custom Roles |
dataplex.assetActions.listdataplex.assets.createdataplex.assets.deletedataplex.assets.getdataplex.assets.getIamPolicydataplex.assets.listdataplex.assets.setIamPolicydataplex.assets.updatedataplex.content.createdataplex.content.deletedataplex.content.getdataplex.content.getIamPolicydataplex.content.listdataplex.content.setIamPolicydataplex.content.updatedataplex.entities.createdataplex.entities.deletedataplex.entities.getdataplex.entities.listdataplex.entities.updatedataplex.environments.createdataplex.environments.deletedataplex.environments.executedataplex.environments.getdataplex.environments.getIamPolicydataplex.environments.listdataplex.environments.setIamPolicydataplex.environments.updatedataplex.lakeActions.listdataplex.lakes.createdataplex.lakes.deletedataplex.lakes.getdataplex.lakes.getIamPolicydataplex.lakes.listdataplex.lakes.setIamPolicydataplex.lakes.updatedataplex.locations.getdataplex.locations.listdataplex.operations.canceldataplex.operations.deletedataplex.operations.getdataplex.operations.listdataplex.partitions.createdataplex.partitions.deletedataplex.partitions.getdataplex.partitions.listdataplex.partitions.updatedataplex.tasks.canceldataplex.tasks.createdataplex.tasks.deletedataplex.tasks.getdataplex.tasks.getIamPolicydataplex.tasks.listdataplex.tasks.setIamPolicydataplex.tasks.updatedataplex.zoneActions.listdataplex.zones.createdataplex.zones.deletedataplex.zones.getdataplex.zones.getIamPolicydataplex.zones.listdataplex.zones.setIamPolicydataplex.zones.update |
| Dataplex | Now GA |
dataplex.assetActions.listdataplex.assets.createdataplex.assets.deletedataplex.assets.getdataplex.assets.getIamPolicydataplex.assets.listdataplex.assets.ownDatadataplex.assets.readDatadataplex.assets.setIamPolicydataplex.assets.updatedataplex.assets.writeDatadataplex.content.createdataplex.content.deletedataplex.content.getdataplex.content.getIamPolicydataplex.content.listdataplex.content.setIamPolicydataplex.content.updatedataplex.entities.createdataplex.entities.deletedataplex.entities.getdataplex.entities.listdataplex.entities.updatedataplex.environments.createdataplex.environments.deletedataplex.environments.executedataplex.environments.getdataplex.environments.getIamPolicydataplex.environments.listdataplex.environments.setIamPolicydataplex.environments.updatedataplex.lakeActions.listdataplex.lakes.createdataplex.lakes.deletedataplex.lakes.getdataplex.lakes.getIamPolicydataplex.lakes.listdataplex.lakes.setIamPolicydataplex.lakes.updatedataplex.locations.getdataplex.locations.listdataplex.operations.canceldataplex.operations.deletedataplex.operations.getdataplex.operations.listdataplex.partitions.createdataplex.partitions.deletedataplex.partitions.getdataplex.partitions.listdataplex.partitions.updatedataplex.tasks.canceldataplex.tasks.createdataplex.tasks.deletedataplex.tasks.getdataplex.tasks.getIamPolicydataplex.tasks.listdataplex.tasks.setIamPolicydataplex.tasks.updatedataplex.zoneActions.listdataplex.zones.createdataplex.zones.deletedataplex.zones.getdataplex.zones.getIamPolicydataplex.zones.listdataplex.zones.setIamPolicydataplex.zones.update |
| Eventarc | Added |
eventarc.events.receiveEvent |
| Eventarc | Now GA |
eventarc.events.receiveEvent |
| Cloud OS Config | Now GA |
osconfig.osPolicyAssignmentReports.getosconfig.osPolicyAssignmentReports.listosconfig.osPolicyAssignments.createosconfig.osPolicyAssignments.deleteosconfig.osPolicyAssignments.getosconfig.osPolicyAssignments.listosconfig.osPolicyAssignments.update |
| Recommender | Now GA |
recommender.resourcemanagerProjectUtilizationInsights.getrecommender.resourcemanagerProjectUtilizationInsights.listrecommender.resourcemanagerProjectUtilizationInsights.updaterecommender.resourcemanagerProjectUtilizationRecommendations.getrecommender.resourcemanagerProjectUtilizationRecommendations.listrecommender.resourcemanagerProjectUtilizationRecommendations.update |
| Security Command Center | Added |
securitycenter.virtualmachinethreatdetectionsettings.calculatesecuritycenter.virtualmachinethreatdetectionsettings.getsecuritycenter.virtualmachinethreatdetectionsettings.update |
| Security Command Center | Supported In Custom Roles |
securitycenter.virtualmachinethreatdetectionsettings.calculatesecuritycenter.virtualmachinethreatdetectionsettings.getsecuritycenter.virtualmachinethreatdetectionsettings.update |
| Security Command Center | Now GA |
securitycenter.virtualmachinethreatdetectionsettings.calculatesecuritycenter.virtualmachinethreatdetectionsettings.getsecuritycenter.virtualmachinethreatdetectionsettings.update |
Cloud IAM changes as of 2021-12-03
| Service | Change | Description |
|---|---|---|
| Anthos Service Mesh | Role Updated |
The following permissions have been added to the role container.namespaces.create |
| Apigee | Now GA |
The role |
| Apigee | Now GA |
The role |
| Cloud Build | Role Updated |
The following permissions have been added to the role logging.logEntries.listlogging.privateLogEntries.listlogging.views.access |
| Cloud Build | Role Updated |
The following permissions have been added to the role logging.logEntries.listlogging.privateLogEntries.listlogging.views.access |
| Cloud Composer | Role Updated |
The following permissions have been added to the role orgpolicy.policy.get |
| Cloud Composer | Role Updated |
The following permissions have been added to the role logging.logEntries.listlogging.privateLogEntries.listlogging.views.accessorgpolicy.policy.get |
| Dataflow | Role Updated |
The following permissions have been added to the role orgpolicy.policy.get |
| Cloud Data Fusion | Role Updated |
The following permissions have been added to the role orgpolicy.policy.get |
| Data Pipelines | Role Updated |
The following permissions have been added to the role orgpolicy.policy.get |
| Dataprep by Trifacta | Role Updated |
The following permissions have been added to the role orgpolicy.policy.get |
| Dataproc | Role Updated |
The following permissions have been added to the role orgpolicy.policy.get |
| Cloud Data Loss Prevention | Role Updated |
The following permissions have been added to the role orgpolicy.policy.get |
| Firebase | Role Updated |
The following permissions have been added to the role orgpolicy.policy.get |
| Firebase | Role Updated |
The following permissions have been added to the role orgpolicy.policy.get |
| Firebase | Role Updated |
The following permissions have been added to the role orgpolicy.policy.get |
| AI Platform | Role Updated |
The following permissions have been added to the role orgpolicy.policy.get |
| Cloud Storage | Role Updated |
The following permissions have been added to the role orgpolicy.policy.get |
| Cloud Storage | Role Updated |
The following permissions have been added to the role orgpolicy.policy.get |
| Cloud Storage | Role Updated |
The following permissions have been added to the role orgpolicy.policy.get |
| Cloud Storage | Role Updated |
The following permissions have been added to the role orgpolicy.policy.get |
| Visual Inspection AI | Role Updated |
The following permissions have been added to the role orgpolicy.policy.get |
| Certificate Manager | Added |
certificatemanager.certmapentries.createcertificatemanager.certmapentries.deletecertificatemanager.certmapentries.getcertificatemanager.certmapentries.getIamPolicycertificatemanager.certmapentries.listcertificatemanager.certmapentries.setIamPolicycertificatemanager.certmapentries.updatecertificatemanager.certmaps.createcertificatemanager.certmaps.deletecertificatemanager.certmaps.getcertificatemanager.certmaps.getIamPolicycertificatemanager.certmaps.listcertificatemanager.certmaps.setIamPolicycertificatemanager.certmaps.updatecertificatemanager.certmaps.usecertificatemanager.certs.createcertificatemanager.certs.deletecertificatemanager.certs.getcertificatemanager.certs.getIamPolicycertificatemanager.certs.listcertificatemanager.certs.setIamPolicycertificatemanager.certs.updatecertificatemanager.certs.usecertificatemanager.dnsauthorizations.createcertificatemanager.dnsauthorizations.deletecertificatemanager.dnsauthorizations.getcertificatemanager.dnsauthorizations.getIamPolicycertificatemanager.dnsauthorizations.listcertificatemanager.dnsauthorizations.setIamPolicycertificatemanager.dnsauthorizations.updatecertificatemanager.dnsauthorizations.usecertificatemanager.locations.getcertificatemanager.locations.listcertificatemanager.operations.cancelcertificatemanager.operations.deletecertificatemanager.operations.getcertificatemanager.operations.list |
| Certificate Manager | Supported In Custom Roles |
certificatemanager.certmapentries.createcertificatemanager.certmapentries.deletecertificatemanager.certmapentries.getcertificatemanager.certmapentries.getIamPolicycertificatemanager.certmapentries.listcertificatemanager.certmapentries.setIamPolicycertificatemanager.certmapentries.updatecertificatemanager.certmaps.createcertificatemanager.certmaps.deletecertificatemanager.certmaps.getcertificatemanager.certmaps.getIamPolicycertificatemanager.certmaps.listcertificatemanager.certmaps.setIamPolicycertificatemanager.certmaps.updatecertificatemanager.certmaps.usecertificatemanager.certs.createcertificatemanager.certs.deletecertificatemanager.certs.getcertificatemanager.certs.getIamPolicycertificatemanager.certs.listcertificatemanager.certs.setIamPolicycertificatemanager.certs.updatecertificatemanager.certs.usecertificatemanager.dnsauthorizations.createcertificatemanager.dnsauthorizations.deletecertificatemanager.dnsauthorizations.getcertificatemanager.dnsauthorizations.getIamPolicycertificatemanager.dnsauthorizations.listcertificatemanager.dnsauthorizations.setIamPolicycertificatemanager.dnsauthorizations.updatecertificatemanager.dnsauthorizations.usecertificatemanager.locations.getcertificatemanager.locations.listcertificatemanager.operations.cancelcertificatemanager.operations.deletecertificatemanager.operations.getcertificatemanager.operations.list |
| Compute Engine | Added |
compute.commitments.update |
| Compute Engine | Supported In Custom Roles |
compute.commitments.update |
| Compute Engine | Now GA |
compute.commitments.update |
| Cloud Commerce Consumer Procurement | Added |
consumerprocurement.orderAttributions.getconsumerprocurement.orderAttributions.listconsumerprocurement.orderAttributions.update |
| Cloud Commerce Consumer Procurement | Supported In Custom Roles |
consumerprocurement.orderAttributions.getconsumerprocurement.orderAttributions.listconsumerprocurement.orderAttributions.update |
| Data Connectors | Added |
dataconnectors.connectors.createdataconnectors.connectors.deletedataconnectors.connectors.getdataconnectors.connectors.getIamPolicydataconnectors.connectors.listdataconnectors.connectors.setIamPolicydataconnectors.connectors.updatedataconnectors.connectors.usedataconnectors.locations.getdataconnectors.locations.listdataconnectors.operations.canceldataconnectors.operations.deletedataconnectors.operations.getdataconnectors.operations.list |
| Data Connectors | Supported In Custom Roles |
dataconnectors.connectors.createdataconnectors.connectors.deletedataconnectors.connectors.getdataconnectors.connectors.getIamPolicydataconnectors.connectors.listdataconnectors.connectors.setIamPolicydataconnectors.connectors.updatedataconnectors.connectors.usedataconnectors.locations.getdataconnectors.locations.listdataconnectors.operations.canceldataconnectors.operations.deletedataconnectors.operations.getdataconnectors.operations.list |
| Dataflow | Added |
dataflow.shuffle.readdataflow.shuffle.writedataflow.streamingWorkItems.commitWorkdataflow.streamingWorkItems.getDatadataflow.streamingWorkItems.getWorkdataflow.workItems.leasedataflow.workItems.sendMessagedataflow.workItems.update |
| Network Services | Added |
networkservices.serviceBindings.createnetworkservices.serviceBindings.deletenetworkservices.serviceBindings.getnetworkservices.serviceBindings.listnetworkservices.serviceBindings.update |
| VM Migration | Added |
vmmigration.datacenterConnectors.update |
| VM Migration | Supported In Custom Roles |
vmmigration.datacenterConnectors.update |
Cloud IAM changes as of 2021-11-12
| Service | Change | Description |
|---|---|---|
| AI Platform | Role Updated |
The following permissions have been added to the role resourcemanager.projects.getresourcemanager.projects.list |
| AI Platform | Role Updated |
The following permissions have been added to the role resourcemanager.projects.getresourcemanager.projects.list |
| AI Platform | Role Updated |
The following permissions have been added to the role resourcemanager.projects.getresourcemanager.projects.list |
| AI Platform | Role Updated |
The following permissions have been added to the role resourcemanager.projects.getresourcemanager.projects.list |
| Anthos Service Mesh | Role Updated |
The following permissions have been added to the role container.clusterRoles.update |
| Apigee | Now GA |
The role |
| Apigee | Now GA |
The role |
| Apigee | Role Updated |
The following permissions have been added to the role apigee.environments.update |
| Binary Authorization | Role Updated |
The following permissions have been added to the role cloudasset.feeds.createcloudasset.feeds.deletecloudasset.feeds.getcloudasset.feeds.update |
| Compute Engine | Role Updated |
The following permissions have been added to the role networksecurity.clientTlsPolicies.getnetworksecurity.clientTlsPolicies.listnetworksecurity.clientTlsPolicies.usenetworksecurity.serverTlsPolicies.getnetworksecurity.serverTlsPolicies.listnetworksecurity.serverTlsPolicies.use |
| Datastore | Now GA |
The role |
| Dialogflow | Role Updated |
The following permissions have been added to the role dlp.deidentifyTemplates.getdlp.deidentifyTemplates.list |
| Cloud Data Loss Prevention | Role Updated |
The following permissions have been added to the role dlp.deidentifyTemplates.getdlp.deidentifyTemplates.list |
| Google Earth Engine | Role Updated |
The following permissions have been added to the role serviceusage.services.get |
| Enterprise Knowledge Graph | Role Updated |
The following permissions have been added to the role bigquery.readsessions.getData |
| Firebase App Check | Now GA |
The role |
| Anthos Multi-Cloud | Now GA |
The role |
| Anthos Multi-Cloud | Now GA |
The role |
| Anthos Multi-Cloud | Now GA |
The role |
| Dataproc Metastore | Role Updated |
The following permissions have been added to the role servicedirectory.namespaces.createservicedirectory.namespaces.deleteservicedirectory.services.createservicedirectory.services.delete |
| Cloud Monitoring | Role Updated |
The following permissions have been added to the role servicedirectory.networks.accessservicedirectory.services.resolve |
| Multi Cluster Ingress | Role Updated |
The following permissions have been added to the role compute.subnetworks.use |
| Network Connectivity Center | Role Updated |
The following permissions have been added to the role networkconnectivity.operations.getnetworkconnectivity.operations.list |
| Security Command Center | Now GA |
The role |
| Security Command Center | Now GA |
The role |
| Security Command Center | Now GA |
The role |
| Security Command Center | Now GA |
The role |
| Security Command Center | Now GA |
The role |
| Web Security Scanner | Role Updated |
The following permissions have been added to the role cloudasset.assets.listResource |
| AI Platform | Added |
aiplatform.tensorboardRuns.batchCreateaiplatform.tensorboardTimeSeries.batchCreateaiplatform.tensorboardTimeSeries.batchRead |
| Apigee | Added |
apigee.developerbalances.adjust |
| Apigee | Supported In Custom Roles |
apigee.developerbalances.adjust |
| Apigee | Now GA |
apigee.developerbalances.adjust |
| Artifact Registry | Added |
artifactregistry.dockerimages.getartifactregistry.dockerimages.list |
| Artifact Registry | Now GA |
artifactregistry.dockerimages.getartifactregistry.dockerimages.list |
| Compute Engine | Added |
compute.disks.createTagBindingcompute.disks.deleteTagBindingcompute.disks.listTagBindingscompute.images.createTagBindingcompute.images.deleteTagBindingcompute.images.listTagBindingscompute.snapshots.createTagBindingcompute.snapshots.deleteTagBindingcompute.snapshots.listTagBindings |
| Compute Engine | Now GA |
compute.disks.createTagBindingcompute.disks.deleteTagBindingcompute.disks.listTagBindingscompute.images.createTagBindingcompute.images.deleteTagBindingcompute.images.listTagBindingscompute.machineImages.createcompute.machineImages.deletecompute.machineImages.getcompute.machineImages.getIamPolicycompute.machineImages.listcompute.machineImages.setIamPolicycompute.machineImages.useReadOnlycompute.snapshots.createTagBindingcompute.snapshots.deleteTagBindingcompute.snapshots.listTagBindings |
| Datastore | Added |
datastore.keyVisualizerScans.getdatastore.keyVisualizerScans.list |
| Datastore | Now GA |
datastore.keyVisualizerScans.getdatastore.keyVisualizerScans.list |
| Datastream | Added |
datastream.objects.getdatastream.objects.listdatastream.objects.startBackfillJobdatastream.objects.stopBackfillJob |
| Document AI | Added |
documentai.datasetSchemas.getdocumentai.datasetSchemas.updatedocumentai.datasets.getdocumentai.datasets.updatedocumentai.processorTypes.get |
| Firebase App Check | Added |
firebaseappcheck.recaptchaEnterpriseConfig.getfirebaseappcheck.recaptchaEnterpriseConfig.update |
| Firebase App Check | Supported In Custom Roles |
firebaseappcheck.recaptchaEnterpriseConfig.getfirebaseappcheck.recaptchaEnterpriseConfig.update |
| GKE Hub | Added |
gkehub.fleet.creategkehub.fleet.deletegkehub.fleet.getgkehub.fleet.update |
| GKE Hub | Now GA |
gkehub.fleet.creategkehub.fleet.deletegkehub.fleet.getgkehub.fleet.update |
| Anthos Multi-Cloud | Added |
gkemulticloud.awsClusters.generateAccessTokengkemulticloud.azureClusters.generateAccessToken |
| Anthos Multi-Cloud | Now GA |
gkemulticloud.awsClusters.creategkemulticloud.awsClusters.deletegkemulticloud.awsClusters.generateAccessTokengkemulticloud.awsClusters.getgkemulticloud.awsClusters.getAdminKubeconfiggkemulticloud.awsClusters.listgkemulticloud.awsClusters.updategkemulticloud.awsNodePools.creategkemulticloud.awsNodePools.deletegkemulticloud.awsNodePools.getgkemulticloud.awsNodePools.listgkemulticloud.awsNodePools.updategkemulticloud.awsServerConfigs.getgkemulticloud.azureClients.creategkemulticloud.azureClients.deletegkemulticloud.azureClients.getgkemulticloud.azureClients.listgkemulticloud.azureClusters.creategkemulticloud.azureClusters.deletegkemulticloud.azureClusters.generateAccessTokengkemulticloud.azureClusters.getgkemulticloud.azureClusters.getAdminKubeconfiggkemulticloud.azureClusters.listgkemulticloud.azureClusters.updategkemulticloud.azureNodePools.creategkemulticloud.azureNodePools.deletegkemulticloud.azureNodePools.getgkemulticloud.azureNodePools.listgkemulticloud.azureNodePools.updategkemulticloud.azureServerConfigs.getgkemulticloud.operations.cancelgkemulticloud.operations.deletegkemulticloud.operations.getgkemulticloud.operations.listgkemulticloud.operations.wait |
| Identity and Access Management | Added |
iam.denypolicies.createiam.denypolicies.deleteiam.denypolicies.getiam.denypolicies.listiam.denypolicies.replaceiam.denypolicies.update |
| Identity and Access Management | Added |
iam.googleapis.com/denypolicies.createiam.googleapis.com/denypolicies.deleteiam.googleapis.com/denypolicies.getiam.googleapis.com/denypolicies.listiam.googleapis.com/denypolicies.replace |
| Cloud Run | Added |
run.operations.deleterun.operations.getrun.operations.list |
| Cloud Run | Now GA |
run.operations.deleterun.operations.getrun.operations.list |
| Security Command Center | Added |
securitycenter.findingexternalsystems.updatesecuritycenter.findings.bulkMuteUpdatesecuritycenter.findings.setMutesecuritycenter.muteconfigs.createsecuritycenter.muteconfigs.deletesecuritycenter.muteconfigs.getsecuritycenter.muteconfigs.listsecuritycenter.muteconfigs.update |
| Security Command Center | Supported In Custom Roles |
securitycenter.findingexternalsystems.updatesecuritycenter.findings.bulkMuteUpdatesecuritycenter.findings.setMutesecuritycenter.muteconfigs.createsecuritycenter.muteconfigs.deletesecuritycenter.muteconfigs.getsecuritycenter.muteconfigs.listsecuritycenter.muteconfigs.update |
| Security Command Center | Now GA |
securitycenter.findingexternalsystems.updatesecuritycenter.findings.bulkMuteUpdatesecuritycenter.findings.setMutesecuritycenter.muteconfigs.createsecuritycenter.muteconfigs.deletesecuritycenter.muteconfigs.getsecuritycenter.muteconfigs.listsecuritycenter.muteconfigs.update |
| Video Stitcher API | Added |
videostitcher.cdnKeys.createvideostitcher.cdnKeys.deletevideostitcher.cdnKeys.getvideostitcher.cdnKeys.listvideostitcher.cdnKeys.updatevideostitcher.liveAdTagDetails.getvideostitcher.liveAdTagDetails.listvideostitcher.liveSessions.createvideostitcher.liveSessions.getvideostitcher.slates.createvideostitcher.slates.deletevideostitcher.slates.getvideostitcher.slates.listvideostitcher.slates.updatevideostitcher.vodAdTagDetails.getvideostitcher.vodAdTagDetails.listvideostitcher.vodSessions.createvideostitcher.vodSessions.getvideostitcher.vodStitchDetails.getvideostitcher.vodStitchDetails.list |
Cloud IAM changes as of 2021-10-22
| Service | Change | Description |
|---|---|---|
| Anthos Support | Now GA |
The role |
| Cloud Functions | Role Updated |
The following permissions have been added to the role source.repos.getsource.repos.list |
| Cloud Key Management Service | Now GA |
The role |
| Cloud Key Management Service | Now GA |
The role |
| Cloud Key Management Service | Now GA |
The role |
| Cloud Key Management Service | Now GA |
The role |
| Cloud Key Management Service | Now GA |
The role |
| Cloud Data Fusion | Role Updated |
The following permissions have been added to the role dataproc.operations.cancel |
| Data Pipelines | Now GA |
The role |
| Data Pipelines | Now GA |
The role |
| Data Pipelines | Now GA |
The role |
| Dataproc | Role Updated |
The following permissions have been added to the role dataproc.operations.cancel |
| Dataproc | Role Updated |
The following permissions have been added to the role dataproc.autoscalingPolicies.createdataproc.autoscalingPolicies.deletedataproc.autoscalingPolicies.getIamPolicydataproc.autoscalingPolicies.update |
| Customer Usage Data Processing | Now GA |
The role |
| Dialogflow | Role Updated |
The following permissions have been added to the role storage.objects.create |
| Cloud Domains | Now GA |
The role |
| Cloud Domains | Now GA |
The role |
| Game Servers | Role Updated |
The following permissions have been added to the role iam.serviceAccounts.actAs |
| Managed Service for Microsoft Active Directory | Now GA |
The role |
| Managed Service for Microsoft Active Directory | Now GA |
The role |
| Multi Cluster Ingress | Role Updated |
The following permissions have been added to the role compute.addresses.createInternalcompute.addresses.deleteInternalcompute.addresses.useInternal |
| Security Command Center | Now GA |
The role |
| Cloud Key Management Service | Added |
cloudkms.cryptoKeyVersions.manageRawPKCS1Keyscloudkms.cryptoKeyVersions.useToDecryptViaDelegationcloudkms.cryptoKeyVersions.useToEncryptViaDelegation |
| Cloud Key Management Service | Supported In Custom Roles |
cloudkms.cryptoKeyVersions.manageRawPKCS1Keyscloudkms.cryptoKeyVersions.useToDecryptViaDelegationcloudkms.cryptoKeyVersions.useToEncryptViaDelegation |
| Cloud Key Management Service | Now GA |
cloudkms.cryptoKeyVersions.manageRawPKCS1Keyscloudkms.cryptoKeyVersions.useToDecryptViaDelegationcloudkms.cryptoKeyVersions.useToEncryptViaDelegation |
| Compute Engine | Added |
compute.reservations.update |
| Compute Engine | Supported In Custom Roles |
compute.reservations.update |
| Data Pipelines | Now GA |
datapipelines.pipelines.createdatapipelines.pipelines.deletedatapipelines.pipelines.getdatapipelines.pipelines.listdatapipelines.pipelines.rundatapipelines.pipelines.stopdatapipelines.pipelines.update |
| Cloud Domains | Supported In Custom Roles |
domains.locations.getdomains.locations.listdomains.operations.canceldomains.operations.getdomains.operations.list |
| Cloud Domains | Now GA |
domains.locations.getdomains.locations.listdomains.operations.canceldomains.operations.getdomains.operations.listdomains.registrations.configureContactdomains.registrations.configureDnsdomains.registrations.configureManagementdomains.registrations.createdomains.registrations.deletedomains.registrations.getdomains.registrations.getIamPolicydomains.registrations.listdomains.registrations.setIamPolicydomains.registrations.update |
| Firebase Cloud Messaging | Added |
firebasecloudmessaging.messages.create |
| Managed Service for Microsoft Active Directory | Now GA |
managedidentities.peerings.createmanagedidentities.peerings.deletemanagedidentities.peerings.getmanagedidentities.peerings.getIamPolicymanagedidentities.peerings.listmanagedidentities.peerings.setIamPolicymanagedidentities.peerings.update |
| reCAPTCHA Enterprise | Added |
recaptchaenterprise.relatedaccountgroupmemberships.listrecaptchaenterprise.relatedaccountgroups.list |
Cloud IAM changes as of 2021-10-01
| Service | Change | Description |
|---|---|---|
| AI Platform | Role Updated |
The following permissions have been added to the role compute.machineTypes.getdataflow.jobs.canceldataflow.jobs.createdataflow.jobs.getdataflow.jobs.listdataflow.jobs.snapshotdataflow.jobs.updateContentsdataflow.messages.listdataflow.metrics.getdataflow.snapshots.deletedataflow.snapshots.getdataflow.snapshots.list |
| Artifact Registry | Role Updated |
The following permissions have been added to the role artifactregistry.repositories.downloadArtifacts |
| Cloud TPU | Role Updated |
The following permissions have been added to the role servicedirectory.namespaces.createservicedirectory.namespaces.deleteservicedirectory.services.createservicedirectory.services.delete |
| Cloud Composer | Role Updated |
The following permissions have been added to the role servicedirectory.namespaces.createservicedirectory.namespaces.deleteservicedirectory.services.createservicedirectory.services.delete |
| Compute Engine | Role Updated |
The following permissions have been added to the role servicedirectory.namespaces.createservicedirectory.namespaces.deleteservicedirectory.services.createservicedirectory.services.delete |
| Connectors | Now GA |
The role |
| Connectors | Now GA |
The role |
| Google Kubernetes Engine | Role Updated |
The following permissions have been added to the role servicedirectory.namespaces.createservicedirectory.namespaces.deleteservicedirectory.services.createservicedirectory.services.delete |
| Dataflow | Role Updated |
The following permissions have been added to the role |