IAM permissions change log

This page describes changes to the public Cloud IAM permissions for all Generally Available and Beta services on Google Cloud Platform. This change log can help you maintain and troubleshoot your custom roles.

When a permission is retired or is no longer supported in custom roles, Cloud IAM automatically removes the permission from your custom roles. In contrast, when a permission is added, Cloud IAM does not automatically add the permission to your custom roles.

To get the latest product updates delivered to you, add the URL of this page to your feed reader.

IAM Permissions Change Log

Upcoming Cloud IAM changes for the week of 2019-09-09

Service Change Description
Firebase Remote Config Now GA

The role roles/cloudconfig.admin (Firebase Remote Config Admin) is now GA.

Firebase Remote Config Now GA

The role roles/cloudconfig.viewer (Firebase Remote Config Viewer) is now GA.

Firebase Now GA

The role roles/firebase.admin (Firebase Admin) is now GA.

Firebase Now GA

The role roles/firebase.analyticsAdmin (Firebase Analytics Admin) is now GA.

Firebase Now GA

The role roles/firebase.analyticsViewer (Firebase Analytics Viewer) is now GA.

Firebase Now GA

The role roles/firebase.developAdmin (Firebase Develop Admin) is now GA.

Firebase Now GA

The role roles/firebase.developViewer (Firebase Develop Viewer) is now GA.

Firebase Now GA

The role roles/firebase.growthAdmin (Firebase Grow Admin) is now GA.

Firebase Now GA

The role roles/firebase.growthViewer (Firebase Grow Viewer) is now GA.

Firebase Now GA

The role roles/firebase.qualityAdmin (Firebase Quality Admin) is now GA.

Firebase Now GA

The role roles/firebase.qualityViewer (Firebase Quality Viewer) is now GA.

Firebase Now GA

The role roles/firebase.viewer (Firebase Viewer) is now GA.

Firebase Authentication Now GA

The role roles/firebaseauth.admin (Firebase Authentication Admin) is now GA.

Firebase Authentication Now GA

The role roles/firebaseauth.viewer (Firebase Authentication Viewer) is now GA.

Firebase Crashlytics Now GA

The role roles/firebasecrashlytics.admin (Firebase Crashlytics Admin) is now GA.

Firebase Crashlytics Now GA

The role roles/firebasecrashlytics.viewer (Firebase Crashlytics Viewer) is now GA.

Firebase Realtime Database Now GA

The role roles/firebasedatabase.admin (Firebase Realtime Database Admin) is now GA.

Firebase Realtime Database Now GA

The role roles/firebasedatabase.viewer (Firebase Realtime Database Viewer) is now GA.

Firebase Dynamic Links Now GA

The role roles/firebasedynamiclinks.admin (Firebase Dynamic Links Admin) is now GA.

Firebase Dynamic Links Now GA

The role roles/firebasedynamiclinks.viewer (Firebase Dynamic Links Viewer) is now GA.

Firebase Hosting Now GA

The role roles/firebasehosting.admin (Firebase Hosting Admin) is now GA.

Firebase Hosting Now GA

The role roles/firebasehosting.viewer (Firebase Hosting Viewer) is now GA.

Firebase Cloud Messaging Now GA

The role roles/firebasenotifications.admin (Firebase Cloud Messaging Admin) is now GA.

Firebase Cloud Messaging Now GA

The role roles/firebasenotifications.viewer (Firebase Cloud Messaging Viewer) is now GA.

Firebase Performance Monitoring Now GA

The role roles/firebaseperformance.admin (Firebase Performance Reporting Admin) is now GA.

Firebase Performance Monitoring Now GA

The role roles/firebaseperformance.viewer (Firebase Performance Reporting Viewer) is now GA.

Firebase Predictions Now GA

The role roles/firebasepredictions.admin (Firebase Predictions Admin) is now GA.

Firebase Predictions Now GA

The role roles/firebasepredictions.viewer (Firebase Predictions Viewer) is now GA.

Firebase Remote Config Now GA cloudconfig.configs.get
cloudconfig.configs.update
Cloud DNS Now GA dns.networks.bindPrivateDNSPolicy
dns.policies.create
dns.policies.delete
dns.policies.get
dns.policies.getIamPolicy
dns.policies.list
dns.policies.setIamPolicy
dns.policies.update
Firebase Now GA firebase.billingPlans.get
firebase.billingPlans.update
firebase.clients.create
firebase.clients.delete
firebase.clients.get
firebase.links.create
firebase.links.delete
firebase.links.list
firebase.links.update
firebase.projects.delete
firebase.projects.get
firebase.projects.update
Firebase Authentication Now GA firebaseauth.configs.create
firebaseauth.configs.get
firebaseauth.configs.getHashConfig
firebaseauth.configs.update
firebaseauth.users.create
firebaseauth.users.createSession
firebaseauth.users.delete
firebaseauth.users.get
firebaseauth.users.sendEmail
firebaseauth.users.update
Firebase Crashlytics Now GA firebasecrashlytics.config.get
firebasecrashlytics.config.update
firebasecrashlytics.data.get
firebasecrashlytics.issues.get
firebasecrashlytics.issues.list
firebasecrashlytics.issues.update
firebasecrashlytics.sessions.get
Firebase Realtime Database Now GA firebasedatabase.instances.create
firebasedatabase.instances.get
firebasedatabase.instances.list
firebasedatabase.instances.update
Firebase Dynamic Links Now GA firebasedynamiclinks.destinations.list
firebasedynamiclinks.destinations.update
firebasedynamiclinks.domains.create
firebasedynamiclinks.domains.delete
firebasedynamiclinks.domains.get
firebasedynamiclinks.domains.list
firebasedynamiclinks.domains.update
firebasedynamiclinks.links.create
firebasedynamiclinks.links.get
firebasedynamiclinks.links.list
firebasedynamiclinks.links.update
firebasedynamiclinks.stats.get
Firebase Hosting Now GA firebasehosting.sites.create
firebasehosting.sites.delete
firebasehosting.sites.get
firebasehosting.sites.list
firebasehosting.sites.update
Firebase Cloud Messaging Now GA firebasenotifications.messages.create
firebasenotifications.messages.delete
firebasenotifications.messages.get
firebasenotifications.messages.list
firebasenotifications.messages.update
Firebase Performance Monitoring Now GA firebaseperformance.config.create
firebaseperformance.config.delete
firebaseperformance.config.update
firebaseperformance.data.get
Firebase Predictions Now GA firebasepredictions.predictions.create
firebasepredictions.predictions.delete
firebasepredictions.predictions.list
firebasepredictions.predictions.update
NetApp Cloud Volumes Service Added netappcloudvolumes.activeDirectories.create
netappcloudvolumes.activeDirectories.delete
netappcloudvolumes.activeDirectories.get
netappcloudvolumes.activeDirectories.list
netappcloudvolumes.activeDirectories.update
netappcloudvolumes.ipRanges.list
netappcloudvolumes.regions.list
netappcloudvolumes.serviceLevels.list
netappcloudvolumes.snapshots.create
netappcloudvolumes.snapshots.delete
netappcloudvolumes.snapshots.get
netappcloudvolumes.snapshots.list
netappcloudvolumes.snapshots.update
netappcloudvolumes.volumes.create
netappcloudvolumes.volumes.delete
netappcloudvolumes.volumes.get
netappcloudvolumes.volumes.list
netappcloudvolumes.volumes.update
Event Threat Detection Supported In Custom Roles threatdetection.detectorSettings.clear
threatdetection.detectorSettings.get
threatdetection.detectorSettings.update
threatdetection.sinkSettings.get
threatdetection.sinkSettings.update
threatdetection.sourceSettings.get
threatdetection.sourceSettings.update

Cloud IAM changes as of 2019-09-06

Service Change Description
Primitive Role Role Updated

The following permissions have been added to the role roles/owner (Owner):

dataprocessing.iamaccesshistory.exportData
Serverless VPC Access Now GA

The role roles/vpaccess.user (Serverless VPC Access User) is now GA.

Serverless VPC Access Now GA

The role roles/vpaccess.viewer (Serverless VPC Access Viewer) is now GA.

Serverless VPC Access Now GA

The role roles/vpcaccess.admin (Serverless VPC Access Admin) is now GA.

Compute Engine Added compute.externalVpnGateways.create
compute.externalVpnGateways.delete
compute.externalVpnGateways.get
compute.externalVpnGateways.list
compute.externalVpnGateways.setLabels
compute.externalVpnGateways.use
Compute Engine Supported In Custom Roles compute.externalVpnGateways.create
compute.externalVpnGateways.delete
compute.externalVpnGateways.get
compute.externalVpnGateways.list
compute.externalVpnGateways.setLabels
compute.externalVpnGateways.use
Compute Engine Now GA compute.externalVpnGateways.create
compute.externalVpnGateways.delete
compute.externalVpnGateways.get
compute.externalVpnGateways.list
compute.externalVpnGateways.setLabels
compute.externalVpnGateways.use
Serverless VPC Access Now GA vpcaccess.connectors.create
vpcaccess.connectors.delete
vpcaccess.connectors.get
vpcaccess.connectors.list
vpcaccess.connectors.use
vpcaccess.locations.list
vpcaccess.operations.get
vpcaccess.operations.list

Cloud IAM changes as of 2019-08-30

Service Change Description
Firebase Test Lab Role Updated

The following permissions have been added to the role roles/cloudtestservice.testAdmin (Firebase Test Lab Admin):

firebase.clients.get
firebase.projects.get
Firebase Test Lab Role Updated

The following permissions have been added to the role roles/cloudtestservice.testViewer (Firebase Test Lab Viewer):

firebase.clients.get
firebase.projects.get
Compute Engine Role Updated

The following permissions have been added to the role roles/compute.orgSecurityPolicyAdmin (Compute Organization Security Policy Admin):

compute.globalOperations.get
compute.globalOperations.getIamPolicy
compute.globalOperations.list
compute.globalOperations.setIamPolicy
Compute Engine Role Updated

The following permissions have been added to the role roles/compute.orgSecurityPolicyUser (Compute Organization Security Policy User):

compute.globalOperations.get
compute.globalOperations.getIamPolicy
compute.globalOperations.list
compute.globalOperations.setIamPolicy
Compute Engine Role Updated

The following permissions have been added to the role roles/compute.orgSecurityResourceAdmin (Compute Organization Resource Admin):

compute.globalOperations.get
compute.globalOperations.getIamPolicy
compute.globalOperations.list
compute.globalOperations.setIamPolicy

Cloud IAM changes as of 2019-08-23

Service Change Description
Cloud Translation Now GA

The role roles/cloudtranslate.admin (Cloud Translation API Admin) is now GA.

Cloud Translation Now GA

The role roles/cloudtranslate.editor (Cloud Translation API Editor) is now GA.

Cloud Translation Now GA

The role roles/cloudtranslate.user (Cloud Translation API User) is now GA.

Cloud Translation Now GA

The role roles/cloudtranslate.viewer (Cloud Translation API Viewer) is now GA.

Cloud Healthcare API Role Updated

The following permissions have been added to the role roles/healthcare.dicomEditor (Healthcare DICOM Editor):

healthcare.dicomStores.dicomWebDelete
Cloud Translation Now GA cloudtranslate.generalModels.batchPredict
cloudtranslate.generalModels.get
cloudtranslate.generalModels.predict
cloudtranslate.glossaries.batchPredict
cloudtranslate.glossaries.create
cloudtranslate.glossaries.delete
cloudtranslate.glossaries.get
cloudtranslate.glossaries.list
cloudtranslate.glossaries.predict
cloudtranslate.languageDetectionModels.predict
cloudtranslate.locations.get
cloudtranslate.locations.list
cloudtranslate.operations.cancel
cloudtranslate.operations.delete
cloudtranslate.operations.get
cloudtranslate.operations.list
cloudtranslate.operations.wait

Cloud IAM changes as of 2019-08-16

Service Change Description
Cloud Translation Supported In Custom Roles cloudtranslate.locations.get
cloudtranslate.locations.list
Compute Engine Now GA compute.networks.updatePeering
Data Catalog Added datacatalog.entries.create
datacatalog.entries.delete
datacatalog.entries.get
datacatalog.entries.getIamPolicy
datacatalog.entries.setIamPolicy
datacatalog.entries.update
datacatalog.entryGroups.create
datacatalog.entryGroups.delete
datacatalog.entryGroups.get
datacatalog.entryGroups.getIamPolicy
datacatalog.entryGroups.setIamPolicy
Data Catalog Supported In Custom Roles datacatalog.entries.create
datacatalog.entries.delete
datacatalog.entries.get
datacatalog.entries.getIamPolicy
datacatalog.entries.setIamPolicy
datacatalog.entries.update
datacatalog.entryGroups.create
datacatalog.entryGroups.delete
datacatalog.entryGroups.get
datacatalog.entryGroups.getIamPolicy
datacatalog.entryGroups.setIamPolicy

Cloud IAM changes as of 2019-08-09

Service Change Description
Compute Engine Role Updated

The following permissions have been added to the role roles/compute.orgSecurityPolicyAdmin (Compute Organization Security Policy Admin):

compute.projects.get
resourcemanager.projects.get
resourcemanager.projects.list
serviceusage.quotas.get
serviceusage.services.get
serviceusage.services.list
Compute Engine Role Updated

The following permissions have been added to the role roles/compute.orgSecurityPolicyUser (Compute Organization Security Policy User):

compute.projects.get
resourcemanager.projects.get
resourcemanager.projects.list
serviceusage.quotas.get
serviceusage.services.get
serviceusage.services.list
Compute Engine Role Updated

The following permissions have been added to the role roles/compute.orgSecurityResourceAdmin (Compute organization resource Admin):

compute.projects.get
resourcemanager.projects.get
resourcemanager.projects.list
serviceusage.quotas.get
serviceusage.services.get
serviceusage.services.list
Cloud Storage Now GA

The role roles/storage.hmacKeyAdmin (Storage HMAC Key Admin) is now GA.

Cloud Storage Added storage.hmacKeys.create
storage.hmacKeys.delete
storage.hmacKeys.get
storage.hmacKeys.list
storage.hmacKeys.update
Cloud Storage Supported In Custom Roles storage.hmacKeys.create
storage.hmacKeys.delete
storage.hmacKeys.get
storage.hmacKeys.list
storage.hmacKeys.update
Cloud Storage Now GA storage.hmacKeys.create
storage.hmacKeys.delete
storage.hmacKeys.get
storage.hmacKeys.list
storage.hmacKeys.update

Cloud IAM changes as of 2019-06-28

Service Change Description
Primitive Role Role Updated

The following permissions have been added to the role roles/viewer (Viewer):

pubsub.snapshots.seek
Firebase Crashlytics Added firebasecrashlytics.config.get
firebasecrashlytics.config.update
firebasecrashlytics.data.get
firebasecrashlytics.issues.get
firebasecrashlytics.issues.list
firebasecrashlytics.issues.update
firebasecrashlytics.sessions.get
Firebase Crashlytics Supported In Custom Roles firebasecrashlytics.config.get
firebasecrashlytics.config.update
firebasecrashlytics.data.get
firebasecrashlytics.issues.get
firebasecrashlytics.issues.list
firebasecrashlytics.issues.update
firebasecrashlytics.sessions.get
Cloud Memorystore for Redis Added redis.instances.export
redis.instances.import
Cloud Memorystore for Redis Supported In Custom Roles redis.instances.export
redis.instances.import

Cloud IAM changes as of 2019-06-21

Service Change Description
Migrate for Compute Engine Role Updated

The following permissions have been added to the role roles/cloudmigration.inframanager (Velostrata Manager):

compute.instances.updateShieldedInstanceConfig
Cloud Translation Role Updated

The following permissions have been added to the role roles/cloudtranslate.viewer (Cloud Translation API Viewer):

cloudtranslate.operations.wait
Compute Engine Role Updated

The following permissions have been added to the role roles/compute.networkUser (Compute Network User):

compute.vpnGateways.use
Firebase Role Updated

The following permissions have been added to the role roles/firebase.admin (Firebase Admin):

cloudmessaging.messages.create
Firebase Role Updated

The following permissions have been added to the role roles/firebase.growthAdmin (Firebase Grow Admin):

cloudmessaging.messages.create
Resource Manager Role Updated

The following permissions have been added to the role roles/resourcemanager.projectMover (Project Mover):

resourcemanager.projects.move
Cloud Security Command Center Role Updated

The following permissions have been added to the role roles/securitycenter.adminEditor (Security Center Admin Editor):

securitycenter.assets.group
securitycenter.assets.list
securitycenter.assets.listAssetPropertyNames
BigQuery Added bigquery.connections.create
bigquery.connections.delete
bigquery.connections.get
bigquery.connections.getIamPolicy
bigquery.connections.list
bigquery.connections.setIamPolicy
bigquery.connections.update
bigquery.connections.use
bigquery.routines.create
bigquery.routines.delete
bigquery.routines.get
bigquery.routines.list
bigquery.routines.update
BigQuery Supported In Custom Roles bigquery.routines.create
bigquery.routines.delete
bigquery.routines.get
bigquery.routines.list
bigquery.routines.update
Cloud Translation Supported In Custom Roles cloudtranslate.generalModels.batchPredict
cloudtranslate.generalModels.get
cloudtranslate.generalModels.predict
cloudtranslate.glossaries.batchPredict
cloudtranslate.glossaries.create
cloudtranslate.glossaries.delete
cloudtranslate.glossaries.get
cloudtranslate.glossaries.list
cloudtranslate.glossaries.predict
cloudtranslate.languageDetectionModels.predict
cloudtranslate.operations.cancel
cloudtranslate.operations.delete
cloudtranslate.operations.get
cloudtranslate.operations.list
cloudtranslate.operations.wait
Cloud Composer Added composer.imageversions.list
Cloud Composer Supported In Custom Roles composer.imageversions.list
Cloud Composer Now GA composer.imageversions.list
Compute Engine Added compute.vpnGateways.create
compute.vpnGateways.delete
compute.vpnGateways.get
compute.vpnGateways.list
compute.vpnGateways.setLabels
compute.vpnGateways.use
Compute Engine Supported In Custom Roles compute.vpnGateways.create
compute.vpnGateways.delete
compute.vpnGateways.get
compute.vpnGateways.list
compute.vpnGateways.setLabels
compute.vpnGateways.use
Compute Engine Now GA compute.vpnGateways.create
compute.vpnGateways.delete
compute.vpnGateways.get
compute.vpnGateways.list
compute.vpnGateways.setLabels
compute.vpnGateways.use

Cloud IAM changes as of 2019-06-14

Service Change Description
Cloud Identity and Access Management Now GA

The role roles/iam.workloadIdentityUser (Workload Identity User) is now GA.

Cloud Functions Added cloudfunctions.functions.getIamPolicy
cloudfunctions.functions.invoke
cloudfunctions.functions.setIamPolicy
Cloud Functions Supported In Custom Roles cloudfunctions.functions.getIamPolicy
cloudfunctions.functions.invoke
cloudfunctions.functions.setIamPolicy
Compute Engine Now GA compute.disks.addResourcePolicies
compute.disks.removeResourcePolicies
compute.resourcePolicies.create
compute.resourcePolicies.delete
compute.resourcePolicies.get
compute.resourcePolicies.list
compute.resourcePolicies.use

Cloud IAM changes as of 2019-05-31

Service Change Description
Data Catalog Role Updated

The following permissions have been added to the role roles/datacatalog.admin (Data Catalog Admin):

bigquery.datasets.updateTag
bigquery.models.updateTag
bigquery.tables.updateTag
pubsub.topics.updateTag
Migrate for Compute Engine Added cloudmigration.velostrataendpoints.connect
Cloud Identity and Access Management Available In Custom Roles iam.serviceAccounts.actAs
iam.serviceAccounts.getAccessToken
iam.serviceAccounts.implicitDelegation
iam.serviceAccounts.signBlob
iam.serviceAccounts.signJwt

Cloud IAM changes as of 2019-05-24

Service Change Description
Primitive Role Role Updated

The following permissions have been added to the role roles/viewer (Viewer):

managedidentities.domains.validateTrust
Recommendations AI Supported In Custom Roles automlrecommendations.apiKeys.create
automlrecommendations.apiKeys.delete
automlrecommendations.apiKeys.list
automlrecommendations.catalogItems.create
automlrecommendations.catalogItems.delete
automlrecommendations.catalogItems.get
automlrecommendations.catalogItems.list
automlrecommendations.catalogItems.update
automlrecommendations.events.list
automlrecommendations.events.purge
BigQuery Added bigquery.datasets.updateTag
bigquery.models.updateTag
bigquery.tables.updateTag
BigQuery Supported In Custom Roles bigquery.datasets.updateTag
bigquery.models.updateTag
bigquery.tables.updateTag
Data Catalog Added datacatalog.tagTemplates.create
datacatalog.tagTemplates.delete
datacatalog.tagTemplates.get
datacatalog.tagTemplates.getIamPolicy
datacatalog.tagTemplates.getTag
datacatalog.tagTemplates.setIamPolicy
datacatalog.tagTemplates.update
datacatalog.tagTemplates.use
Data Catalog Supported In Custom Roles datacatalog.tagTemplates.create
datacatalog.tagTemplates.delete
datacatalog.tagTemplates.get
datacatalog.tagTemplates.getIamPolicy
datacatalog.tagTemplates.getTag
datacatalog.tagTemplates.setIamPolicy
datacatalog.tagTemplates.update
datacatalog.tagTemplates.use
Cloud Filestore Added file.snapshots.update
Cloud Filestore Supported In Custom Roles file.snapshots.update
Cloud Pub/Sub Added pubsub.topics.updateTag
Cloud Pub/Sub Supported In Custom Roles pubsub.topics.updateTag

IAM changes as of 2019-05-17

Service Change Description
Dialogflow Added dialogflow.agents.create
dialogflow.agents.delete
Dialogflow Supported In Custom Roles dialogflow.agents.create
dialogflow.agents.delete
Dialogflow Now GA dialogflow.agents.create
dialogflow.agents.delete

Cloud IAM changes as of 2019-05-10

Service Change Description
Cloud Identity and Access Management Now GA

The role roles/iam.securityAdmin (Security Admin) is now GA.

Cloud IoT Added cloudiot.devices.bindGateway
cloudiot.devices.sendCommand
cloudiot.devices.unbindGateway
Cloud IoT Supported In Custom Roles cloudiot.devices.bindGateway
cloudiot.devices.sendCommand
cloudiot.devices.unbindGateway
Cloud IoT Now GA cloudiot.devices.bindGateway
cloudiot.devices.sendCommand
cloudiot.devices.unbindGateway
Compute Engine Supported In Custom Roles compute.healthChecks.create
compute.healthChecks.delete
compute.healthChecks.get
compute.healthChecks.list
compute.healthChecks.update
compute.healthChecks.use
compute.healthChecks.useReadOnly
compute.instanceGroups.use
Cloud Healthcare API Added healthcare.fhirResources.purge
Managed Service for Microsoft Active Directory Added managedidentities.domains.attachTrust
managedidentities.domains.create
managedidentities.domains.delete
managedidentities.domains.detachTrust
managedidentities.domains.get
managedidentities.domains.getIamPolicy
managedidentities.domains.list
managedidentities.domains.reconfigureTrust
managedidentities.domains.resetpassword
managedidentities.domains.setIamPolicy
managedidentities.domains.update
managedidentities.domains.validateTrust
managedidentities.locations.get
managedidentities.locations.list
managedidentities.operations.cancel
managedidentities.operations.delete
managedidentities.operations.get
managedidentities.operations.list
Managed Service for Microsoft Active Directory Supported In Custom Roles managedidentities.domains.attachTrust
managedidentities.domains.create
managedidentities.domains.delete
managedidentities.domains.detachTrust
managedidentities.domains.get
managedidentities.domains.getIamPolicy
managedidentities.domains.list
managedidentities.domains.reconfigureTrust
managedidentities.domains.resetpassword
managedidentities.domains.setIamPolicy
managedidentities.domains.update
managedidentities.domains.validateTrust
managedidentities.locations.get
managedidentities.locations.list
managedidentities.operations.cancel
managedidentities.operations.delete
managedidentities.operations.get
managedidentities.operations.list

Cloud IAM changes as of 2019-05-03

Service Change Description
Cloud Security Command Center Now GA

The role roles/securitycenter.admin (Security Center Admin) is now GA.

Cloud Security Command Center Now GA

The role roles/securitycenter.adminEditor (Security Center Admin Editor) is now GA.

Cloud Security Command Center Now GA

The role roles/securitycenter.adminViewer (Security Center Admin Viewer) is now GA.

Cloud Security Command Center Now GA

The role roles/securitycenter.assetsDiscoveryRunner (Security Center Assets Discovery Runner) is now GA.

Cloud Security Command Center Now GA

The role roles/securitycenter.assetSecurityMarksWriter (Security Center Asset Security Marks Writer) is now GA.

Cloud Security Command Center Now GA

The role roles/securitycenter.assetsViewer (Security Center Assets Viewer) is now GA.

Cloud Security Command Center Now GA

The role roles/securitycenter.findingSecurityMarksWriter (Security Center Finding Security Marks Writer) is now GA.

Cloud Security Command Center Now GA

The role roles/securitycenter.findingsEditor (Security Center Findings Editor) is now GA.

Cloud Security Command Center Now GA

The role roles/securitycenter.findingsStateSetter (Security Center Findings State Setter) is now GA.

Cloud Security Command Center Now GA

The role roles/securitycenter.findingsViewer (Security Center Findings Viewer) is now GA.

Cloud Security Command Center Now GA

The role roles/securitycenter.sourcesAdmin (Security Center Sources Admin) is now GA.

Cloud Security Command Center Now GA

The role roles/securitycenter.sourcesEditor (Security Center Sources Editor) is now GA.

Cloud Security Command Center Now GA

The role roles/securitycenter.sourcesViewer (Security Center Sources Viewer) is now GA.

Recommendations AI Added automlrecommendations.apiKeys.create
automlrecommendations.apiKeys.delete
automlrecommendations.apiKeys.get
automlrecommendations.apiKeys.list
automlrecommendations.catalogItems.create
automlrecommendations.catalogItems.delete
automlrecommendations.catalogItems.get
automlrecommendations.catalogItems.list
automlrecommendations.catalogItems.update
automlrecommendations.catalogs.get
automlrecommendations.catalogs.getStats
automlrecommendations.catalogs.list
automlrecommendations.eventStores.get
automlrecommendations.eventStores.getStats
automlrecommendations.eventStores.list
automlrecommendations.events.create
automlrecommendations.events.delete
automlrecommendations.events.get
automlrecommendations.events.list
automlrecommendations.events.purge
automlrecommendations.events.update
automlrecommendations.placements.get
automlrecommendations.placements.getStats
automlrecommendations.placements.list
automlrecommendations.recommendations.get
automlrecommendations.recommendations.list
BigQuery Added bigquery.models.create
bigquery.models.delete
bigquery.models.getData
bigquery.models.getMetadata
bigquery.models.list
bigquery.models.updateData
bigquery.models.updateMetadata
Firebase Cloud Messaging Added cloudmessaging.messages.create
Firebase Cloud Messaging Supported In Custom Roles cloudmessaging.messages.create
Firebase Cloud Messaging Now GA cloudmessaging.messages.create
Cloud Security Command Center Now GA securitycenter.assets.group
securitycenter.assets.list
securitycenter.assets.listAssetPropertyNames
securitycenter.assets.runDiscovery
securitycenter.assetsecuritymarks.update
securitycenter.findings.group
securitycenter.findings.list
securitycenter.findings.listFindingPropertyNames
securitycenter.findings.setState
securitycenter.findings.update
securitycenter.findingsecuritymarks.update
securitycenter.organizationsettings.get
securitycenter.organizationsettings.update
securitycenter.sources.get
securitycenter.sources.getIamPolicy
securitycenter.sources.list
securitycenter.sources.setIamPolicy
securitycenter.sources.update

Cloud IAM changes as of 2019-04-19

Service Change Description
Primitive Role Role Updated

The following permissions have been removed from the role roles/editor (Editor):

firebasedynamiclinks.domains.delete
Cloud Security Command Center Role Updated

The following permissions have been added to the role roles/securitycenter.admin (Security Center Admin):

securitycenter.findings.setState
Cloud Security Command Center Role Updated

The following permissions have been added to the role roles/securitycenter.adminEditor (Security Center Admin Editor):

securitycenter.findings.setState
Cloud Security Command Center Role Updated

The following permissions have been added to the role roles/securitycenter.findingsEditor (Security Center Findings Editor):

securitycenter.findings.setState
Access Approval Added accessapproval.requests.approve
accessapproval.requests.dismiss
accessapproval.requests.get
accessapproval.requests.list
accessapproval.settings.get
accessapproval.settings.update
Access Approval Supported In Custom Roles accessapproval.requests.approve
accessapproval.requests.dismiss
accessapproval.requests.get
accessapproval.requests.list
accessapproval.settings.get
accessapproval.settings.update
Cloud Bigtable Added bigtable.locations.list
Cloud Bigtable Supported In Custom Roles bigtable.locations.list
Cloud Bigtable Now GA bigtable.locations.list
Cloud Scheduler Added cloudscheduler.locations.get
cloudscheduler.locations.list
Compute Engine Added compute.networkEndpointGroups.attachNetworkEndpoints
compute.networkEndpointGroups.create
compute.networkEndpointGroups.delete
compute.networkEndpointGroups.detachNetworkEndpoints
compute.networkEndpointGroups.get
compute.networkEndpointGroups.getIamPolicy
compute.networkEndpointGroups.list
compute.networkEndpointGroups.setIamPolicy
compute.networkEndpointGroups.use
compute.reservations.create
compute.reservations.delete
compute.reservations.get
compute.reservations.list
compute.reservations.resize
Compute Engine Supported In Custom Roles compute.networkEndpointGroups.attachNetworkEndpoints
compute.networkEndpointGroups.create
compute.networkEndpointGroups.delete
compute.networkEndpointGroups.detachNetworkEndpoints
compute.networkEndpointGroups.get
compute.networkEndpointGroups.getIamPolicy
compute.networkEndpointGroups.list
compute.networkEndpointGroups.setIamPolicy
compute.networkEndpointGroups.use
compute.reservations.create
compute.reservations.delete
compute.reservations.get
compute.reservations.list
compute.reservations.resize
Compute Engine Now GA compute.networkEndpointGroups.attachNetworkEndpoints
compute.networkEndpointGroups.create
compute.networkEndpointGroups.delete
compute.networkEndpointGroups.detachNetworkEndpoints
compute.networkEndpointGroups.get
compute.networkEndpointGroups.getIamPolicy
compute.networkEndpointGroups.list
compute.networkEndpointGroups.setIamPolicy
compute.networkEndpointGroups.use
Remote Build Execution Added remotebuildexecution.actions.create
remotebuildexecution.actions.get
remotebuildexecution.actions.set
remotebuildexecution.actions.update
remotebuildexecution.blobs.create
remotebuildexecution.blobs.get
remotebuildexecution.botsessions.create
remotebuildexecution.botsessions.update
remotebuildexecution.instances.create
remotebuildexecution.instances.delete
remotebuildexecution.instances.get
remotebuildexecution.instances.list
remotebuildexecution.logstreams.create
remotebuildexecution.logstreams.get
remotebuildexecution.logstreams.update
remotebuildexecution.workerpools.create
remotebuildexecution.workerpools.delete
remotebuildexecution.workerpools.get
remotebuildexecution.workerpools.list
remotebuildexecution.workerpools.update
Remote Build Execution Supported In Custom Roles remotebuildexecution.actions.create
remotebuildexecution.actions.get
remotebuildexecution.actions.set
remotebuildexecution.actions.update
remotebuildexecution.blobs.create
remotebuildexecution.blobs.get
remotebuildexecution.botsessions.create
remotebuildexecution.botsessions.update
remotebuildexecution.instances.create
remotebuildexecution.instances.delete
remotebuildexecution.instances.get
remotebuildexecution.instances.list
remotebuildexecution.logstreams.create
remotebuildexecution.logstreams.get
remotebuildexecution.logstreams.update
remotebuildexecution.workerpools.create
remotebuildexecution.workerpools.delete
remotebuildexecution.workerpools.get
remotebuildexecution.workerpools.list
remotebuildexecution.workerpools.update
Serverless VPC Access Added vpcaccess.connectors.create
vpcaccess.connectors.delete
vpcaccess.connectors.get
vpcaccess.connectors.list
vpcaccess.connectors.use
vpcaccess.locations.list
vpcaccess.operations.get
vpcaccess.operations.list

Cloud IAM changes as of 2019-03-29

Service Change Description
Compute Engine Role Updated

The following permissions have been added to the role roles/compute.networkUser (Compute Network User):

servicenetworking.services.get
Stackdriver Monitoring Role Updated

The following permissions have been added to the role roles/monitoring.admin (Monitoring Admin):

serviceusage.services.enable
Stackdriver Monitoring Role Updated

The following permissions have been added to the role roles/monitoring.editor (Monitoring Editor):

serviceusage.services.enable
Stackdriver Role Updated

The following permissions have been added to the role roles/stackdriver.accounts.editor (Stackdriver Accounts Editor):

serviceusage.services.enable
Cloud SQL Added cloudsql.instances.addServerCa
cloudsql.instances.listServerCas
cloudsql.instances.rotateServerCa
Cloud SQL Supported In Custom Roles cloudsql.instances.addServerCa
cloudsql.instances.listServerCas
cloudsql.instances.rotateServerCa
Cloud SQL Now GA cloudsql.instances.addServerCa
cloudsql.instances.listServerCas
cloudsql.instances.rotateServerCa
Cloud Translation Added cloudtranslate.generalModels.batchPredict
cloudtranslate.generalModels.get
cloudtranslate.generalModels.getIamPolicy
cloudtranslate.generalModels.predict
cloudtranslate.generalModels.setIamPolicy
cloudtranslate.glossaries.batchPredict
cloudtranslate.glossaries.create
cloudtranslate.glossaries.delete
cloudtranslate.glossaries.get
cloudtranslate.glossaries.getIamPolicy
cloudtranslate.glossaries.list
cloudtranslate.glossaries.predict
cloudtranslate.glossaries.setIamPolicy
cloudtranslate.languageDetectionModels.getIamPolicy
cloudtranslate.languageDetectionModels.predict
cloudtranslate.languageDetectionModels.setIamPolicy
cloudtranslate.locations.get
cloudtranslate.locations.getIamPolicy
cloudtranslate.locations.list
cloudtranslate.locations.setIamPolicy
cloudtranslate.operations.cancel
cloudtranslate.operations.delete
cloudtranslate.operations.get
cloudtranslate.operations.getIamPolicy
cloudtranslate.operations.list
cloudtranslate.operations.setIamPolicy
cloudtranslate.operations.wait
Cloud DNS Added dns.networks.targetWithPeeringZone
Cloud DNS Supported In Custom Roles dns.networks.targetWithPeeringZone
Event Threat Detection Added threatdetection.detectorSettings.clear
threatdetection.detectorSettings.get
threatdetection.detectorSettings.update
threatdetection.sinkSettings.get
threatdetection.sinkSettings.update
threatdetection.sourceSettings.get
threatdetection.sourceSettings.update

Cloud IAM changes as of 2019-03-22

Service Change Description
Cloud Talent Solution Now GA

The role roles/cloudjobdiscovery.admin (Admin) is now GA.

Cloud Talent Solution Now GA

The role roles/cloudjobdiscovery.jobsEditor (Job Editor) is now GA.

Cloud Talent Solution Now GA

The role roles/cloudjobdiscovery.jobsViewer (Job Viewer) is now GA.

Cloud Talent Solution Now GA

The role roles/cloudjobdiscovery.profilesEditor (Profile Editor) is now GA.

Cloud Talent Solution Now GA

The role roles/cloudjobdiscovery.profilesViewer (Profile Viewer) is now GA.

Primitive Role Role Updated

The following permissions have been added to the role roles/editor (Editor):

file.instances.restore
healthcare.datasets.deidentify
Cloud Filestore Role Updated

The following permissions have been added to the role roles/file.editor (Cloud Filestore Editor):

file.instances.restore
Primitive Role Role Updated

The following permissions have been added to the role roles/owner (Owner):

file.instances.restore
healthcare.datasets.deidentify
Cloud Talent Solution Now GA cloudjobdiscovery.companies.create
cloudjobdiscovery.companies.delete
cloudjobdiscovery.companies.get
cloudjobdiscovery.companies.list
cloudjobdiscovery.companies.update
cloudjobdiscovery.events.create
cloudjobdiscovery.jobs.create
cloudjobdiscovery.jobs.delete
cloudjobdiscovery.jobs.get
cloudjobdiscovery.jobs.search
cloudjobdiscovery.jobs.update
cloudjobdiscovery.profiles.create
cloudjobdiscovery.profiles.delete
cloudjobdiscovery.profiles.get
cloudjobdiscovery.profiles.search
cloudjobdiscovery.profiles.update
cloudjobdiscovery.tenants.create
cloudjobdiscovery.tenants.delete
cloudjobdiscovery.tenants.get
cloudjobdiscovery.tenants.update
cloudjobdiscovery.tools.access
Compute Engine Added compute.instances.getShieldedInstanceIdentity
compute.instances.getShieldedVmIdentity
compute.instances.setShieldedInstanceIntegrityPolicy
compute.instances.updateShieldedInstanceConfig
Compute Engine Supported In Custom Roles compute.instances.getShieldedInstanceIdentity
compute.instances.getShieldedVmIdentity
compute.instances.setShieldedInstanceIntegrityPolicy
compute.instances.updateShieldedInstanceConfig
Compute Engine Now GA compute.instances.getShieldedInstanceIdentity
compute.instances.getShieldedVmIdentity
compute.instances.setShieldedInstanceIntegrityPolicy
compute.instances.updateShieldedInstanceConfig
Cloud Filestore Added file.instances.restore
Firebase Authentication Added firebaseauth.configs.getHashConfig
Firebase Authentication Supported In Custom Roles firebaseauth.configs.getHashConfig
Cloud Healthcare API Added healthcare.datasets.create
healthcare.datasets.deidentify
healthcare.datasets.delete
healthcare.datasets.get
healthcare.datasets.getIamPolicy
healthcare.datasets.list
healthcare.datasets.setIamPolicy
healthcare.datasets.update
healthcare.dicomStores.create
healthcare.dicomStores.delete
healthcare.dicomStores.dicomWebDelete
healthcare.dicomStores.dicomWebRead
healthcare.dicomStores.dicomWebWrite
healthcare.dicomStores.export
healthcare.dicomStores.get
healthcare.dicomStores.getIamPolicy
healthcare.dicomStores.import
healthcare.dicomStores.list
healthcare.dicomStores.setIamPolicy
healthcare.dicomStores.update
healthcare.fhirResources.create
healthcare.fhirResources.delete
healthcare.fhirResources.get
healthcare.fhirResources.patch
healthcare.fhirResources.update
healthcare.fhirSecurityLabels.getIamPolicy
healthcare.fhirSecurityLabels.setIamPolicy
healthcare.fhirStores.create
healthcare.fhirStores.delete
healthcare.fhirStores.export
healthcare.fhirStores.get
healthcare.fhirStores.getIamPolicy
healthcare.fhirStores.import
healthcare.fhirStores.list
healthcare.fhirStores.searchResources
healthcare.fhirStores.setIamPolicy
healthcare.fhirStores.update
healthcare.hl7V2Messages.create
healthcare.hl7V2Messages.delete
healthcare.hl7V2Messages.get
healthcare.hl7V2Messages.ingest
healthcare.hl7V2Messages.list
healthcare.hl7V2Messages.update
healthcare.hl7V2Stores.create
healthcare.hl7V2Stores.delete
healthcare.hl7V2Stores.get
healthcare.hl7V2Stores.getIamPolicy
healthcare.hl7V2Stores.list
healthcare.hl7V2Stores.setIamPolicy
healthcare.hl7V2Stores.update
healthcare.operations.cancel
healthcare.operations.get
healthcare.operations.list

Cloud IAM changes as of 2019-03-15

Service Change Description
Cloud Talent Solution Role Updated

The following permissions have been added to the role roles/cloudjobdiscovery.profilesEditor (Profile Editor):

cloudjobdiscovery.tenants.create
cloudjobdiscovery.tenants.delete
cloudjobdiscovery.tenants.get
cloudjobdiscovery.tenants.update
Cloud Talent Solution Role Updated

The following permissions have been removed from the role roles/cloudjobdiscovery.profilesEditor (Profile Editor):

cloudjobdiscovery.companies.create
cloudjobdiscovery.companies.delete
cloudjobdiscovery.companies.get
cloudjobdiscovery.companies.list
cloudjobdiscovery.companies.update
Cloud Talent Solution Role Updated

The following permissions have been added to the role roles/cloudjobdiscovery.profilesViewer (Profile Viewer):

cloudjobdiscovery.tenants.get
Cloud Talent Solution Role Updated

The following permissions have been removed from the role roles/cloudjobdiscovery.profilesViewer (Profile Viewer):

cloudjobdiscovery.companies.get
cloudjobdiscovery.companies.list
Primitive Role Role Updated

The following permissions have been added to the role roles/editor (Editor):

cloudjobdiscovery.tenants.create
cloudjobdiscovery.tenants.delete
cloudjobdiscovery.tenants.get
cloudjobdiscovery.tenants.update
Primitive Role Role Updated

The following permissions have been added to the role roles/owner (Owner):

cloudjobdiscovery.tenants.create
cloudjobdiscovery.tenants.delete
cloudjobdiscovery.tenants.get
cloudjobdiscovery.tenants.update
Storage Transfer Service Now GA

The role roles/storagetransfer.admin (Storage Transfer Admin) is now GA.

Storage Transfer Service Now GA

The role roles/storagetransfer.user (Storage Transfer User) is now GA.

Storage Transfer Service Now GA

The role roles/storagetransfer.viewer (Storage Transfer Viewer) is now GA.

Primitive Role Role Updated

The following permissions have been added to the role roles/viewer (Viewer):

cloudjobdiscovery.tenants.get
Cloud Talent Solution Added cloudjobdiscovery.tenants.create
cloudjobdiscovery.tenants.delete
cloudjobdiscovery.tenants.get
cloudjobdiscovery.tenants.update
Cloud DNS Now GA dns.networks.bindPrivateDNSZone
Cloud Run Added run.configurations.get
run.configurations.list
run.locations.list
run.revisions.delete
run.revisions.get
run.revisions.list
run.routes.get
run.routes.invoke
run.routes.list
run.services.create
run.services.delete
run.services.get
run.services.getIamPolicy
run.services.list
run.services.setIamPolicy
run.services.update
Cloud Run Not Supported In Custom Roles run.routes.invoke
Cloud Run Supported In Custom Roles run.configurations.get
run.configurations.list
run.locations.list
run.revisions.delete
run.revisions.get
run.revisions.list
run.routes.get
run.routes.list
run.services.create
run.services.delete
run.services.get
run.services.getIamPolicy
run.services.list
run.services.setIamPolicy
run.services.update
Storage Transfer Service Added storagetransfer.jobs.create
storagetransfer.jobs.delete
storagetransfer.jobs.get
storagetransfer.jobs.list
storagetransfer.jobs.update
storagetransfer.operations.cancel
storagetransfer.operations.get
storagetransfer.operations.list
storagetransfer.operations.pause
storagetransfer.operations.resume
storagetransfer.projects.getServiceAccount
Storage Transfer Service Supported In Custom Roles storagetransfer.jobs.create
storagetransfer.jobs.delete
storagetransfer.jobs.get
storagetransfer.jobs.list
storagetransfer.jobs.update
storagetransfer.operations.cancel
storagetransfer.operations.get
storagetransfer.operations.list
storagetransfer.operations.pause
storagetransfer.operations.resume
storagetransfer.projects.getServiceAccount
Storage Transfer Service Now GA storagetransfer.jobs.create
storagetransfer.jobs.delete
storagetransfer.jobs.get
storagetransfer.jobs.list
storagetransfer.jobs.update
storagetransfer.operations.cancel
storagetransfer.operations.get
storagetransfer.operations.list
storagetransfer.operations.pause
storagetransfer.operations.resume
storagetransfer.projects.getServiceAccount

Cloud IAM changes as of 2019-03-07

Service Change Description
BigQuery Role Added

The role roles/bigquery.connectionAdmin (BigQuery Connection Admin) has been added with the following permissions:

bigquery.connections.create
bigquery.connections.delete
bigquery.connections.get
bigquery.connections.getIamPolicy
bigquery.connections.list
bigquery.connections.setIamPolicy
bigquery.connections.update
bigquery.connections.use
BigQuery Role Added

The role roles/bigquery.connectionUser (BigQuery Connection User) has been added with the following permissions:

bigquery.connections.get
bigquery.connections.getIamPolicy
bigquery.connections.list
bigquery.connections.use
Dialogflow Role Updated

The following permissions have been added to the role roles/dialogflow.admin (Dialogflow API Admin):

dialogflow.agents.update
Dialogflow Role Updated

The following permissions have been added to the role roles/dialogflow.consoleAgentEditor (Dialogflow Console Agent Editor):

dialogflow.agents.update
Primitive Role Role Updated

The following permissions have been added to the role roles/editor (Editor):

dialogflow.agents.update
file.snapshots.create
file.snapshots.delete
file.snapshots.get
file.snapshots.list
Cloud Filestore Role Updated

The following permissions have been added to the role roles/file.editor (Cloud Filestore Editor):

file.snapshots.create
file.snapshots.delete
file.snapshots.get
file.snapshots.list
Cloud Filestore Role Updated

The following permissions have been added to the role roles/file.viewer (Cloud Filestore Viewer):

file.snapshots.get
file.snapshots.list
Cloud Identity and Access Management Now GA

The role roles/iam.serviceAccountCreator (Create Service Accounts) is now GA.

Cloud Identity and Access Management Role Updated

The following permissions have been added to the role roles/iam.securityReviewer (Security Reviewer):

file.snapshots.list
Primitive Role Role Updated

The following permissions have been added to the role roles/owner (Owner):

dialogflow.agents.update
file.snapshots.create
file.snapshots.delete
file.snapshots.get
file.snapshots.list
Service Usage Role Updated

The following permissions have been added to the role roles/serviceusage.apiKeysAdmin (API Keys Admin):

serviceusage.operations.get
Primitive Role Role Updated

The following permissions have been added to the role roles/viewer (Viewer):

file.snapshots.get
file.snapshots.list
AI Platform Data Labeling Service Added datalabeling.annotateddatasets.delete
datalabeling.annotateddatasets.get
datalabeling.annotateddatasets.label
datalabeling.annotateddatasets.list
datalabeling.annotationspecsets.create
datalabeling.annotationspecsets.delete
datalabeling.annotationspecsets.get
datalabeling.annotationspecsets.list
datalabeling.dataitems.get
datalabeling.dataitems.list
datalabeling.datasets.create
datalabeling.datasets.delete
datalabeling.datasets.export
datalabeling.datasets.get
datalabeling.datasets.import
datalabeling.datasets.list
datalabeling.examples.get
datalabeling.examples.list
datalabeling.instructions.create
datalabeling.instructions.delete
datalabeling.instructions.get
datalabeling.instructions.list
datalabeling.operations.cancel
datalabeling.operations.get
datalabeling.operations.list
AI Platform Data Labeling Service Supported In Custom Roles datalabeling.annotateddatasets.delete
datalabeling.annotateddatasets.get
datalabeling.annotateddatasets.label
datalabeling.annotateddatasets.list
datalabeling.annotationspecsets.create
datalabeling.annotationspecsets.delete
datalabeling.annotationspecsets.get
datalabeling.annotationspecsets.list
datalabeling.dataitems.get
datalabeling.dataitems.list
datalabeling.datasets.create
datalabeling.datasets.delete
datalabeling.datasets.export
datalabeling.datasets.get
datalabeling.datasets.import
datalabeling.datasets.list
datalabeling.examples.get
datalabeling.examples.list
datalabeling.instructions.create
datalabeling.instructions.delete
datalabeling.instructions.get
datalabeling.instructions.list
datalabeling.operations.cancel
datalabeling.operations.get
datalabeling.operations.list
Dialogflow Added dialogflow.agents.update
Cloud Filestore Added file.snapshots.create
file.snapshots.delete
file.snapshots.get
file.snapshots.list

Cloud IAM changes as of 2019-03-01

Service Change Description
Compute Engine Role Updated

The following permissions have been added to the role roles/compute.instanceAdmin.v1 (Compute Instance Admin (v1)):

compute.resourcePolicies.create
compute.resourcePolicies.delete
compute.resourcePolicies.get
compute.resourcePolicies.list
compute.resourcePolicies.use
Cloud Dataproc Role Added

The role roles/dataproc.admin (Dataproc Administrator) has been added with the following permissions:

compute.machineTypes.get
compute.machineTypes.list
compute.networks.get
compute.networks.list
compute.projects.get
compute.regions.get
compute.regions.list
compute.zones.get
compute.zones.list
dataproc.autoscalingPolicies.create
dataproc.autoscalingPolicies.delete
dataproc.autoscalingPolicies.get
dataproc.autoscalingPolicies.getIamPolicy
dataproc.autoscalingPolicies.list
dataproc.autoscalingPolicies.setIamPolicy
dataproc.autoscalingPolicies.update
dataproc.autoscalingPolicies.use
dataproc.clusters.create
dataproc.clusters.delete
dataproc.clusters.get
dataproc.clusters.getIamPolicy
dataproc.clusters.list
dataproc.clusters.setIamPolicy
dataproc.clusters.update
dataproc.clusters.use
dataproc.jobs.cancel
dataproc.jobs.create
dataproc.jobs.delete
dataproc.jobs.get
dataproc.jobs.getIamPolicy
dataproc.jobs.list
dataproc.jobs.setIamPolicy
dataproc.jobs.update
dataproc.operations.cancel
dataproc.operations.delete
dataproc.operations.get
dataproc.operations.getIamPolicy
dataproc.operations.list
dataproc.operations.setIamPolicy
dataproc.workflowTemplates.create
dataproc.workflowTemplates.delete
dataproc.workflowTemplates.get
dataproc.workflowTemplates.getIamPolicy
dataproc.workflowTemplates.instantiate
dataproc.workflowTemplates.instantiateInline
dataproc.workflowTemplates.list
dataproc.workflowTemplates.setIamPolicy
dataproc.workflowTemplates.update
resourcemanager.projects.get
resourcemanager.projects.list
Primitive Role Role Updated

The following permissions have been added to the role roles/editor (Editor):

dataproc.clusters.getIamPolicy
dataproc.jobs.getIamPolicy
dataproc.operations.getIamPolicy
Cloud Identity and Access Management Role Updated

The following permissions have been added to the role roles/iam.serviceAccountDeleter (Delete Service Accounts):

iam.serviceAccounts.get
iam.serviceAccounts.list
Primitive Role Role Updated

The following permissions have been added to the role roles/viewer (Viewer):

dataproc.clusters.getIamPolicy
dataproc.jobs.getIamPolicy
dataproc.operations.getIamPolicy
Cloud AutoML Added automl.columnSpecs.get
automl.columnSpecs.list
automl.columnSpecs.update
automl.datasets.update
automl.models.export
automl.tableSpecs.get
automl.tableSpecs.list
automl.tableSpecs.update
Cloud AutoML Supported In Custom Roles automl.columnSpecs.list
automl.columnSpecs.update
automl.datasets.update
automl.models.deploy
automl.models.export
automl.models.undeploy
automl.tableSpecs.get
automl.tableSpecs.list
automl.tableSpecs.update
Compute Engine Added compute.disks.addResourcePolicies
compute.disks.removeResourcePolicies
compute.resourcePolicies.create
compute.resourcePolicies.delete
compute.resourcePolicies.get
compute.resourcePolicies.list
compute.resourcePolicies.use
Compute Engine Supported In Custom Roles compute.disks.addResourcePolicies
compute.disks.removeResourcePolicies
compute.resourcePolicies.create
compute.resourcePolicies.delete
compute.resourcePolicies.get
compute.resourcePolicies.list
compute.resourcePolicies.use

Cloud IAM changes as of 2019-02-15

Service Change Description
Access Context Manager Now GA

The role roles/accesscontextmanager.policyAdmin (Access Context Manager Admin) is now GA.

Access Context Manager Now GA

The role roles/accesscontextmanager.policyEditor (Access Context Manager Editor) is now GA.

Access Context Manager Now GA

The role roles/accesscontextmanager.policyReader (Access Context Manager Reader) is now GA.

Cloud Talent Solution Role Added

The role roles/cloudjobdiscovery.profilesEditor (Profile Editor) has been added with the following permissions:

cloudjobdiscovery.companies.create
cloudjobdiscovery.companies.delete
cloudjobdiscovery.companies.get
cloudjobdiscovery.companies.list
cloudjobdiscovery.companies.update
cloudjobdiscovery.events.create
cloudjobdiscovery.events.delete
cloudjobdiscovery.events.get
cloudjobdiscovery.events.list
cloudjobdiscovery.events.update
cloudjobdiscovery.profiles.create
cloudjobdiscovery.profiles.delete
cloudjobdiscovery.profiles.get
cloudjobdiscovery.profiles.search
cloudjobdiscovery.profiles.update
resourcemanager.projects.get
resourcemanager.projects.list
Cloud Talent Solution Role Added

The role roles/cloudjobdiscovery.profilesViewer (Profile Viewer) has been added with the following permissions:

cloudjobdiscovery.companies.get
cloudjobdiscovery.companies.list
cloudjobdiscovery.events.get
cloudjobdiscovery.events.list
cloudjobdiscovery.profiles.get
cloudjobdiscovery.profiles.search
resourcemanager.projects.get
resourcemanager.projects.list
Primitive Role Role Updated

The following permissions have been added to the role roles/editor (Editor):

cloudjobdiscovery.profiles.create
cloudjobdiscovery.profiles.delete
cloudjobdiscovery.profiles.get
cloudjobdiscovery.profiles.search
cloudjobdiscovery.profiles.update
Primitive Role Role Updated

The following permissions have been added to the role roles/owner (Owner):

cloudjobdiscovery.profiles.create
cloudjobdiscovery.profiles.delete
cloudjobdiscovery.profiles.get
cloudjobdiscovery.profiles.search
cloudjobdiscovery.profiles.update
Primitive Role Role Updated

The following permissions have been added to the role roles/viewer (Viewer):

cloudjobdiscovery.profiles.get
cloudjobdiscovery.profiles.search
Stackdriver Role Updated

The following permissions have been added to the role roles/stackdriver.accounts.editor (Stackdriver Account Editor):

resourcemanager.projects.get
resourcemanager.projects.list
Stackdriver Role Updated

The following permissions have been added to the role roles/stackdriver.accounts.viewer (Stackdriver Account Viewer):

resourcemanager.projects.get
resourcemanager.projects.list
Access Context Manager Supported In Custom Roles accesscontextmanager.accessLevels.create
accesscontextmanager.accessLevels.delete
accesscontextmanager.accessLevels.get
accesscontextmanager.accessLevels.list
accesscontextmanager.accessLevels.update
accesscontextmanager.accessPolicies.create
accesscontextmanager.accessPolicies.delete
accesscontextmanager.accessPolicies.get
accesscontextmanager.accessPolicies.getIamPolicy
accesscontextmanager.accessPolicies.list
accesscontextmanager.accessPolicies.setIamPolicy
accesscontextmanager.accessPolicies.update
accesscontextmanager.accessZones.create
accesscontextmanager.accessZones.delete
accesscontextmanager.accessZones.get
accesscontextmanager.accessZones.list
accesscontextmanager.accessZones.update
accesscontextmanager.policies.create
accesscontextmanager.policies.delete
accesscontextmanager.policies.get
accesscontextmanager.policies.getIamPolicy
accesscontextmanager.policies.list
accesscontextmanager.policies.setIamPolicy
accesscontextmanager.policies.update
accesscontextmanager.servicePerimeters.create
accesscontextmanager.servicePerimeters.delete
accesscontextmanager.servicePerimeters.get
accesscontextmanager.servicePerimeters.list
accesscontextmanager.servicePerimeters.update
Access Context Manager Now GA accesscontextmanager.accessLevels.create
accesscontextmanager.accessLevels.delete
accesscontextmanager.accessLevels.get
accesscontextmanager.accessLevels.list
accesscontextmanager.accessLevels.update
accesscontextmanager.accessPolicies.create
accesscontextmanager.accessPolicies.delete
accesscontextmanager.accessPolicies.get
accesscontextmanager.accessPolicies.getIamPolicy
accesscontextmanager.accessPolicies.list
accesscontextmanager.accessPolicies.setIamPolicy
accesscontextmanager.accessPolicies.update
accesscontextmanager.accessZones.create
accesscontextmanager.accessZones.delete
accesscontextmanager.accessZones.get
accesscontextmanager.accessZones.list
accesscontextmanager.accessZones.update
accesscontextmanager.policies.create
accesscontextmanager.policies.delete
accesscontextmanager.policies.get
accesscontextmanager.policies.getIamPolicy
accesscontextmanager.policies.list
accesscontextmanager.policies.setIamPolicy
accesscontextmanager.policies.update
accesscontextmanager.servicePerimeters.create
accesscontextmanager.servicePerimeters.delete
accesscontextmanager.servicePerimeters.get
accesscontextmanager.servicePerimeters.list
accesscontextmanager.servicePerimeters.update
Cloud Talent Solution Added cloudjobdiscovery.profiles.create
cloudjobdiscovery.profiles.delete
cloudjobdiscovery.profiles.get
cloudjobdiscovery.profiles.search
cloudjobdiscovery.profiles.update

Cloud IAM changes as of 2019-02-08

Service Change Description
Cloud Security Command Center Supported In Custom Roles securitycenter.assets.group
securitycenter.assets.list
securitycenter.assets.listAssetPropertyNames
securitycenter.assets.runDiscovery
securitycenter.assetsecuritymarks.update
securitycenter.findings.group
securitycenter.findings.list
securitycenter.findings.listFindingPropertyNames
securitycenter.findings.setState
securitycenter.findings.update
securitycenter.findingsecuritymarks.update
securitycenter.organizationsettings.get
securitycenter.organizationsettings.update
securitycenter.sources.get
securitycenter.sources.getIamPolicy
securitycenter.sources.list
securitycenter.sources.setIamPolicy
securitycenter.sources.update

Cloud IAM changes as of 2019-02-01

Service Change Description
Dialogflow Now GA

The role roles/dialogflow.admin (Dialogflow API Admin) is now GA.

Dialogflow Now GA

The role roles/dialogflow.client (Dialogflow API Client) is now GA.

Dialogflow Now GA

The role roles/dialogflow.consoleAgentEditor (Dialogflow Console Agent Editor) is now GA.

Dialogflow Now GA

The role roles/dialogflow.reader (Dialogflow API Reader) is now GA.

Cloud Asset Inventory Added cloudasset.assets.exportIamPolicy
cloudasset.assets.exportResource
Cloud Asset Inventory Supported In Custom Roles cloudasset.assets.exportIamPolicy
cloudasset.assets.exportResource
Cloud Asset Inventory Now GA cloudasset.assets.exportIamPolicy
cloudasset.assets.exportResource
Dialogflow Supported In Custom Roles dialogflow.agents.search
dialogflow.agents.train
Dialogflow Now GA dialogflow.agents.export
dialogflow.agents.get
dialogflow.agents.import
dialogflow.agents.restore
dialogflow.agents.search
dialogflow.agents.train
dialogflow.contexts.create
dialogflow.contexts.delete
dialogflow.contexts.get
dialogflow.contexts.list
dialogflow.contexts.update
dialogflow.entityTypes.create
dialogflow.entityTypes.createEntity
dialogflow.entityTypes.delete
dialogflow.entityTypes.deleteEntity
dialogflow.entityTypes.get
dialogflow.entityTypes.list
dialogflow.entityTypes.update
dialogflow.entityTypes.updateEntity
dialogflow.intents.create
dialogflow.intents.delete
dialogflow.intents.get
dialogflow.intents.list
dialogflow.intents.update
dialogflow.operations.get
dialogflow.sessionEntityTypes.create
dialogflow.sessionEntityTypes.delete
dialogflow.sessionEntityTypes.get
dialogflow.sessionEntityTypes.list
dialogflow.sessionEntityTypes.update
dialogflow.sessions.detectIntent
dialogflow.sessions.streamingDetectIntent

Cloud IAM changes as of 2019-01-25

Service Change Description
Compute Engine Added compute.instances.updateDisplayDevice

Cloud IAM changes as of 2019-01-11

Service Change Description
Cloud Identity-Aware Proxy Now GA

The role roles/iap.admin (IAP Policy Admin) is now GA.

Cloud Identity-Aware Proxy Supported In Custom Roles iap.web.getIamPolicy
iap.web.setIamPolicy
iap.webServiceVersions.accessViaIAP
iap.webServiceVersions.getIamPolicy
iap.webServiceVersions.setIamPolicy
iap.webServices.getIamPolicy
iap.webServices.setIamPolicy
iap.webTypes.getIamPolicy
iap.webTypes.setIamPolicy

Cloud IAM changes as of 2018-12-21

Service Change Description
Cloud DNS Added dns.networks.bindPrivateDNSZone
Cloud DNS Supported In Custom Roles dns.networks.bindPrivateDNSZone

Cloud IAM changes as of 2018-12-14

Service Change Description
Firebase Authentication Added firebaseauth.configs.create
Firebase Authentication Supported In Custom Roles firebaseauth.configs.create

Cloud IAM changes as of 2018-12-07

Service Change Description
BigQuery Added bigquery.readsessions.create
BigQuery Supported In Custom Roles bigquery.readsessions.create
Google Kubernetes Engine Supported In Custom Roles container.backendConfigs.create
container.backendConfigs.delete
container.backendConfigs.get
container.backendConfigs.list
container.backendConfigs.update
container.tokenReviews.create
Google Kubernetes Engine Now GA container.backendConfigs.create
container.backendConfigs.delete
container.backendConfigs.get
container.backendConfigs.list
container.backendConfigs.update
container.tokenReviews.create

Cloud IAM changes as of 2018-11-30

Service Change Description
Cloud Asset Inventory Now GA

The role roles/cloudasset.viewer (Cloud Asset Viewer) is now GA.

Cloud Asset Inventory Now GA cloudasset.assets.exportAll
Compute Engine Added compute.licenseCodes.getIamPolicy
compute.licenseCodes.setIamPolicy
compute.nodeGroups.getIamPolicy
compute.nodeGroups.setIamPolicy
compute.nodeTemplates.getIamPolicy
compute.nodeTemplates.setIamPolicy
Compute Engine Supported In Custom Roles compute.disks.getIamPolicy
compute.disks.setIamPolicy
compute.images.getIamPolicy
compute.instances.getIamPolicy
compute.instances.setIamPolicy
compute.licenseCodes.getIamPolicy
compute.licenseCodes.setIamPolicy
compute.licenses.getIamPolicy
compute.licenses.setIamPolicy
compute.nodeGroups.getIamPolicy
compute.nodeGroups.setIamPolicy
compute.nodeTemplates.getIamPolicy
compute.nodeTemplates.setIamPolicy
compute.snapshots.getIamPolicy
compute.snapshots.setIamPolicy
compute.subnetworks.getIamPolicy
compute.subnetworks.setIamPolicy
Compute Engine Now GA compute.licenseCodes.getIamPolicy
compute.licenseCodes.setIamPolicy
compute.nodeGroups.getIamPolicy
compute.nodeGroups.setIamPolicy
compute.nodeTemplates.getIamPolicy
compute.nodeTemplates.setIamPolicy
compute.subnetworks.getIamPolicy
compute.subnetworks.setIamPolicy

Cloud IAM changes as of 2018-11-16

Service Change Description
Cloud AutoML Added automl.locations.getIamPolicy
automl.locations.setIamPolicy
Cloud AutoML Supported In Custom Roles automl.locations.getIamPolicy
automl.locations.setIamPolicy
Cloud Talent Solution Added cloudjobdiscovery.events.create
cloudjobdiscovery.events.delete
cloudjobdiscovery.events.get
cloudjobdiscovery.events.list
cloudjobdiscovery.events.update
Compute Engine Added compute.instanceTemplates.getIamPolicy
compute.instanceTemplates.setIamPolicy
Compute Engine Supported In Custom Roles compute.instanceTemplates.getIamPolicy
compute.instanceTemplates.setIamPolicy
Compute Engine Now GA compute.instanceTemplates.getIamPolicy
compute.instanceTemplates.setIamPolicy
Google Kubernetes Engine Added container.backendConfigs.create
container.backendConfigs.delete
container.backendConfigs.get
container.backendConfigs.list
container.backendConfigs.update
container.tokenReviews.create

Cloud IAM changes as of 2018-11-09

Service Change Description
Google Analytics Added firebaseanalytics.resources.googleAnalyticsEdit
firebaseanalytics.resources.googleAnalyticsReadAndAnalyze
Google Analytics Supported In Custom Roles firebaseanalytics.resources.googleAnalyticsEdit
firebaseanalytics.resources.googleAnalyticsReadAndAnalyze

Cloud IAM changes as of 2018-11-02

Service Change Description
Compute Engine Now GA compute.globalAddresses.createInternal
compute.globalAddresses.deleteInternal
Cloud Filestore Supported In Custom Roles file.instances.create
file.instances.delete
file.instances.get
file.instances.list
file.instances.update
file.locations.get
file.locations.list
file.operations.get
file.operations.list
Stackdriver Added stackdriver.resourceMetadata.write
Stackdriver Supported In Custom Roles stackdriver.resourceMetadata.write

Cloud IAM changes as of 2018-10-26

Service Change Description
BigQuery Now GA

The role roles/bigquery.metadataViewer (BigQuery Metadata Viewer) is now GA.

Cloud Identity and Access Management Now GA

The role roles/iam.serviceAccountDeleter (Delete Service Accounts) is now GA.

Firebase Realtime Database Added firebasedatabase.instances.create
firebasedatabase.instances.list
Firebase Realtime Database Supported In Custom Roles firebasedatabase.instances.create
firebasedatabase.instances.list
Firebase Integrations with External Services Added firebaseextensions.configs.create
firebaseextensions.configs.delete
firebaseextensions.configs.list
firebaseextensions.configs.update
Firebase Integrations with External Services Supported In Custom Roles firebaseextensions.configs.create
firebaseextensions.configs.delete
firebaseextensions.configs.list
firebaseextensions.configs.update

Cloud IAM changes as of 2018-10-19

Service Change Description
GCP Support Now GA

The role roles/cloudsupport.admin (Support Account Administrator) is now GA.

GCP Support Now GA

The role roles/cloudsupport.viewer (Support Account Viewer) is now GA.

Firebase Remote Config Added cloudconfig.configs.get
cloudconfig.configs.update
Firebase Remote Config Supported In Custom Roles cloudconfig.configs.get
cloudconfig.configs.update
GCP Support Supported In Custom Roles cloudsupport.accounts.create
cloudsupport.accounts.delete
cloudsupport.accounts.get
cloudsupport.accounts.getIamPolicy
cloudsupport.accounts.getUserRoles
cloudsupport.accounts.list
cloudsupport.accounts.setIamPolicy
cloudsupport.accounts.update
cloudsupport.accounts.updateUserRoles
cloudsupport.operations.get
GCP Support Now GA cloudsupport.accounts.create
cloudsupport.accounts.delete
cloudsupport.accounts.get
cloudsupport.accounts.getIamPolicy
cloudsupport.accounts.getUserRoles
cloudsupport.accounts.list
cloudsupport.accounts.setIamPolicy
cloudsupport.accounts.update
cloudsupport.accounts.updateUserRoles
cloudsupport.operations.get
Compute Engine Added compute.networks.updatePeering
Compute Engine Supported In Custom Roles compute.networks.updatePeering
Firebase Crashlytics Added firebasecrash.issues.update
firebasecrash.reports.get
Firebase Crashlytics Supported In Custom Roles firebasecrash.issues.update
firebasecrash.reports.get
Firebase Dynamic Links Added firebasedynamiclinks.destinations.list
firebasedynamiclinks.destinations.update
firebasedynamiclinks.domains.create
firebasedynamiclinks.domains.delete
firebasedynamiclinks.domains.get
firebasedynamiclinks.domains.list
firebasedynamiclinks.domains.update
firebasedynamiclinks.links.create
firebasedynamiclinks.links.get
firebasedynamiclinks.links.list
firebasedynamiclinks.links.update
firebasedynamiclinks.stats.get
Firebase Dynamic Links Supported In Custom Roles firebasedynamiclinks.destinations.list
firebasedynamiclinks.destinations.update
firebasedynamiclinks.domains.create
firebasedynamiclinks.domains.delete
firebasedynamiclinks.domains.get
firebasedynamiclinks.domains.list
firebasedynamiclinks.domains.update
firebasedynamiclinks.links.create
firebasedynamiclinks.links.get
firebasedynamiclinks.links.list
firebasedynamiclinks.links.update
firebasedynamiclinks.stats.get
Firebase In-App Messaging Added firebaseinappmessaging.campaigns.create
firebaseinappmessaging.campaigns.delete
firebaseinappmessaging.campaigns.get
firebaseinappmessaging.campaigns.list
firebaseinappmessaging.campaigns.update
Firebase In-App Messaging Supported In Custom Roles firebaseinappmessaging.campaigns.create
firebaseinappmessaging.campaigns.delete
firebaseinappmessaging.campaigns.get
firebaseinappmessaging.campaigns.list
firebaseinappmessaging.campaigns.update
Firebase Cloud Messaging Added firebasenotifications.messages.create
firebasenotifications.messages.delete
firebasenotifications.messages.get
firebasenotifications.messages.list
firebasenotifications.messages.update
Firebase Cloud Messaging Supported In Custom Roles firebasenotifications.messages.create
firebasenotifications.messages.delete
firebasenotifications.messages.get
firebasenotifications.messages.list
firebasenotifications.messages.update
Firebase Performance Monitoring Added firebaseperformance.config.create
firebaseperformance.config.delete
firebaseperformance.config.update
firebaseperformance.data.get
Firebase Performance Monitoring Supported In Custom Roles firebaseperformance.config.create
firebaseperformance.config.delete
firebaseperformance.config.update
firebaseperformance.data.get
Firebase Predictions Added firebasepredictions.predictions.create
firebasepredictions.predictions.delete
firebasepredictions.predictions.list
firebasepredictions.predictions.update
Firebase Predictions Supported In Custom Roles firebasepredictions.predictions.create
firebasepredictions.predictions.delete
firebasepredictions.predictions.list
firebasepredictions.predictions.update
Cloud Security Command Center Added securitycenter.assets.get
securitycenter.assets.getFieldNames
securitycenter.assets.group
securitycenter.assets.list
securitycenter.assets.listAssetPropertyNames
securitycenter.assets.runDiscovery
securitycenter.assets.triggerDiscovery
securitycenter.assets.update
securitycenter.assetsecuritymarks.update
securitycenter.configs.get
securitycenter.configs.getIamPolicy
securitycenter.configs.setIamPolicy
securitycenter.configs.update
securitycenter.findings.group
securitycenter.findings.list
securitycenter.findings.listFindingPropertyNames
securitycenter.findings.setState
securitycenter.findings.update
securitycenter.findingsecuritymarks.update
securitycenter.organizationsettings.get
securitycenter.organizationsettings.update
securitycenter.scans.get
securitycenter.scans.list
securitycenter.sources.get
securitycenter.sources.getIamPolicy
securitycenter.sources.list
securitycenter.sources.setIamPolicy
securitycenter.sources.update
Service Consumer Management Added serviceconsumermanagement.tenancyu.addResource
serviceconsumermanagement.tenancyu.create
serviceconsumermanagement.tenancyu.delete
serviceconsumermanagement.tenancyu.list
serviceconsumermanagement.tenancyu.removeResource
Service Consumer Management Supported In Custom Roles serviceconsumermanagement.tenancyu.addResource
serviceconsumermanagement.tenancyu.create
serviceconsumermanagement.tenancyu.delete
serviceconsumermanagement.tenancyu.list
serviceconsumermanagement.tenancyu.removeResource

Cloud IAM changes as of 2018-10-12

Service Change Description
Cloud Data Loss Prevention Now GA

The role roles/dlp.admin (DLP Administrator) is now GA.

Cloud Data Loss Prevention Now GA

The role roles/dlp.analyzeRiskTemplatesEditor (DLP Analyze Risk Templates Editor) is now GA.

Cloud Data Loss Prevention Now GA

The role roles/dlp.analyzeRiskTemplatesReader (DLP Analyze Risk Templates Reader) is now GA.

Cloud Data Loss Prevention Now GA

The role roles/dlp.deidentifyTemplatesEditor (DLP De-identify Templates Editor) is now GA.

Cloud Data Loss Prevention Now GA

The role roles/dlp.deidentifyTemplatesReader (DLP De-identify Templates Reader) is now GA.

Cloud Data Loss Prevention Now GA

The role roles/dlp.inspectTemplatesEditor (DLP Inspect Templates Editor) is now GA.

Cloud Data Loss Prevention Now GA

The role roles/dlp.inspectTemplatesReader (DLP Inspect Templates Reader) is now GA.

Cloud Data Loss Prevention Now GA

The role roles/dlp.jobsEditor (DLP Jobs Editor) is now GA.

Cloud Data Loss Prevention Now GA

The role roles/dlp.jobsReader (DLP Jobs Reader) is now GA.

Cloud Data Loss Prevention Now GA

The role roles/dlp.jobTriggersEditor (DLP Job Triggers Editor) is now GA.

Cloud Data Loss Prevention Now GA

The role roles/dlp.jobTriggersReader (DLP Job Triggers Reader) is now GA.

Cloud Data Loss Prevention Now GA

The role roles/dlp.reader (DLP Reader) is now GA.

Cloud Data Loss Prevention Now GA

The role roles/dlp.storedInfoTypesEditor (DLP Stored InfoTypes Editor) is now GA.

Cloud Data Loss Prevention Now GA

The role roles/dlp.storedInfoTypesReader (DLP Stored InfoTypes Reader) is now GA.

Cloud Data Loss Prevention Now GA

The role roles/dlp.user (DLP User) is now GA.

Google Kubernetes Engine Supported In Custom Roles container.certificateSigningRequests.approve
container.clusterRoles.bind
container.deployments.rollback
container.nodes.proxy
container.pods.attach
container.pods.evict
container.pods.exec
container.pods.getLogs
container.pods.portForward
container.pods.proxy
container.roles.bind
container.services.proxy
container.thirdPartyObjects.create
container.thirdPartyObjects.delete
container.thirdPartyObjects.get
container.thirdPartyObjects.list
container.thirdPartyObjects.update
Cloud Data Loss Prevention Supported In Custom Roles dlp.analyzeRiskTemplates.create
dlp.analyzeRiskTemplates.delete
dlp.analyzeRiskTemplates.get
dlp.analyzeRiskTemplates.list
dlp.analyzeRiskTemplates.update
dlp.deidentifyTemplates.create
dlp.deidentifyTemplates.delete
dlp.deidentifyTemplates.get
dlp.deidentifyTemplates.list
dlp.deidentifyTemplates.update
dlp.inspectTemplates.create
dlp.inspectTemplates.delete
dlp.inspectTemplates.get
dlp.inspectTemplates.list
dlp.inspectTemplates.update
dlp.jobTriggers.create
dlp.jobTriggers.delete
dlp.jobTriggers.get
dlp.jobTriggers.list
dlp.jobTriggers.update
dlp.jobs.cancel
dlp.jobs.create
dlp.jobs.delete
dlp.jobs.get
dlp.jobs.list
dlp.kms.encrypt
Cloud Data Loss Prevention Now GA dlp.analyzeRiskTemplates.create
dlp.analyzeRiskTemplates.delete
dlp.analyzeRiskTemplates.get
dlp.analyzeRiskTemplates.list
dlp.analyzeRiskTemplates.update
dlp.deidentifyTemplates.create
dlp.deidentifyTemplates.delete
dlp.deidentifyTemplates.get
dlp.deidentifyTemplates.list
dlp.deidentifyTemplates.update
dlp.inspectTemplates.create
dlp.inspectTemplates.delete
dlp.inspectTemplates.get
dlp.inspectTemplates.list
dlp.inspectTemplates.update
dlp.jobTriggers.create
dlp.jobTriggers.delete
dlp.jobTriggers.get
dlp.jobTriggers.list
dlp.jobTriggers.update
dlp.jobs.cancel
dlp.jobs.create
dlp.jobs.delete
dlp.jobs.get
dlp.jobs.list
dlp.kms.encrypt
dlp.storedInfoTypes.create
dlp.storedInfoTypes.delete
dlp.storedInfoTypes.get
dlp.storedInfoTypes.list
dlp.storedInfoTypes.update
Cloud DNS Supported In Custom Roles dns.dnsKeys.get
dns.dnsKeys.list
dns.managedZoneOperations.get
dns.managedZoneOperations.list
dns.managedZones.update
Firebase Added firebase.billingPlans.get
firebase.billingPlans.update
firebase.clients.create
firebase.clients.delete
firebase.clients.get
firebase.links.create
firebase.links.delete
firebase.links.list
firebase.links.update
firebase.projects.delete
firebase.projects.get
firebase.projects.update
Firebase Supported In Custom Roles firebase.billingPlans.get
firebase.billingPlans.update
firebase.clients.create
firebase.clients.delete
firebase.clients.get
firebase.links.create
firebase.links.delete
firebase.links.list
firebase.links.update
firebase.projects.delete
firebase.projects.get
firebase.projects.update
Firebase A/B Testing Added firebaseabt.experimentresults.get
firebaseabt.experiments.create
firebaseabt.experiments.delete
firebaseabt.experiments.get
firebaseabt.experiments.list
firebaseabt.experiments.update
firebaseabt.projectmetadata.get
Firebase A/B Testing Supported In Custom Roles firebaseabt.experimentresults.get
firebaseabt.experiments.create
firebaseabt.experiments.delete
firebaseabt.experiments.get
firebaseabt.experiments.list
firebaseabt.experiments.update
firebaseabt.projectmetadata.get
Firebase Authentication Added firebaseauth.configs.get
firebaseauth.configs.update
firebaseauth.users.create
firebaseauth.users.createSession
firebaseauth.users.delete
firebaseauth.users.get
firebaseauth.users.sendEmail
firebaseauth.users.update
Firebase Authentication Supported In Custom Roles firebaseauth.configs.get
firebaseauth.configs.update
firebaseauth.users.create
firebaseauth.users.createSession
firebaseauth.users.delete
firebaseauth.users.get
firebaseauth.users.sendEmail
firebaseauth.users.update
Firebase Realtime Database Added firebasedatabase.instances.get
firebasedatabase.instances.update
Firebase Realtime Database Supported In Custom Roles firebasedatabase.instances.get
firebasedatabase.instances.update
Firebase Hosting Added firebasehosting.sites.create
firebasehosting.sites.delete
firebasehosting.sites.get
firebasehosting.sites.list
firebasehosting.sites.update
Firebase Hosting Supported In Custom Roles firebasehosting.sites.create
firebasehosting.sites.delete
firebasehosting.sites.get
firebasehosting.sites.list
firebasehosting.sites.update
ML Kit for Firebase Added firebaseml.compressionjobs.create
firebaseml.compressionjobs.delete
firebaseml.compressionjobs.get
firebaseml.compressionjobs.list
firebaseml.compressionjobs.start
firebaseml.compressionjobs.update
firebaseml.models.create
firebaseml.models.delete
firebaseml.models.get
firebaseml.models.list
firebaseml.modelversions.create
firebaseml.modelversions.get
firebaseml.modelversions.list
firebaseml.modelversions.update
ML Kit for Firebase Supported In Custom Roles firebaseml.compressionjobs.create
firebaseml.compressionjobs.delete
firebaseml.compressionjobs.get
firebaseml.compressionjobs.list
firebaseml.compressionjobs.start
firebaseml.compressionjobs.update
firebaseml.models.create
firebaseml.models.delete
firebaseml.models.get
firebaseml.models.list
firebaseml.modelversions.create
firebaseml.modelversions.get
firebaseml.modelversions.list
firebaseml.modelversions.update
Firebase Security Rules Added firebaserules.releases.create
firebaserules.releases.delete
firebaserules.releases.get
firebaserules.releases.getExecutable
firebaserules.releases.list
firebaserules.releases.update
firebaserules.rulesets.create
firebaserules.rulesets.delete
firebaserules.rulesets.get
firebaserules.rulesets.list
firebaserules.rulesets.test
Firebase Security Rules Supported In Custom Roles firebaserules.releases.create
firebaserules.releases.delete
firebaserules.releases.get
firebaserules.releases.getExecutable
firebaserules.releases.list
firebaserules.releases.update
firebaserules.rulesets.create
firebaserules.rulesets.delete
firebaserules.rulesets.get
firebaserules.rulesets.list
firebaserules.rulesets.test

Cloud IAM changes as of 2018-10-05

Service Change Description
Compute Engine Added compute.instances.resume
compute.instances.suspend
Compute Engine Supported In Custom Roles compute.instances.resume
compute.instances.suspend
Compute Engine Now GA compute.instances.resume
compute.instances.suspend
Google Kubernetes Engine Supported In Custom Roles container.apiServices.updateStatus
container.certificateSigningRequests.updateStatus
container.cronJobs.getStatus
container.cronJobs.updateStatus
container.customResourceDefinitions.updateStatus
container.daemonSets.getStatus
container.daemonSets.updateStatus
container.deployments.getScale
container.deployments.getStatus
container.deployments.updateScale
container.deployments.updateStatus
container.horizontalPodAutoscalers.getStatus
container.horizontalPodAutoscalers.updateStatus
container.ingresses.getStatus
container.ingresses.updateStatus
container.jobs.getStatus
container.jobs.updateStatus
container.namespaces.getStatus
container.namespaces.updateStatus
container.nodes.getStatus
container.nodes.updateStatus
container.persistentVolumeClaims.getStatus
container.persistentVolumeClaims.updateStatus
container.persistentVolumes.getStatus
container.persistentVolumes.updateStatus
container.podDisruptionBudgets.getStatus
container.podDisruptionBudgets.updateStatus
container.pods.getStatus
container.pods.updateStatus
container.replicaSets.getScale
container.replicaSets.getStatus
container.replicaSets.updateScale
container.replicaSets.updateStatus
container.replicationControllers.getScale
container.replicationControllers.getStatus
container.replicationControllers.updateScale
container.replicationControllers.updateStatus
container.resourceQuotas.getStatus
container.resourceQuotas.updateStatus
container.services.getStatus
container.services.updateStatus
container.statefulSets.getScale
container.statefulSets.getStatus
container.statefulSets.updateScale
container.statefulSets.updateStatus
Google Kubernetes Engine Now GA container.cronJobs.getStatus
container.daemonSets.getStatus
container.deployments.getStatus
container.horizontalPodAutoscalers.getStatus
container.ingresses.getStatus
container.jobs.getStatus
container.namespaces.getStatus
container.nodes.getStatus
container.persistentVolumeClaims.getStatus
container.persistentVolumes.getStatus
container.podDisruptionBudgets.getStatus
container.pods.getStatus
container.replicaSets.getScale
container.replicaSets.getStatus
container.replicaSets.updateScale
container.replicationControllers.getScale
container.replicationControllers.getStatus
container.replicationControllers.updateScale
container.resourceQuotas.getStatus
container.services.getStatus
container.statefulSets.getStatus

Cloud IAM changes as of 2018-09-21

Service Change Description
Cloud AutoML Added automl.datasets.getIamPolicy
automl.datasets.setIamPolicy
automl.models.getIamPolicy
automl.models.setIamPolicy
Cloud AutoML Supported In Custom Roles automl.datasets.getIamPolicy
automl.datasets.setIamPolicy
automl.models.getIamPolicy
automl.models.setIamPolicy
Cloud Asset Inventory Added cloudasset.assets.exportAll
Cloud Asset Inventory Supported In Custom Roles cloudasset.assets.exportAll
Compute Engine Added compute.licenses.delete
Google Kubernetes Engine Supported In Custom Roles container.apiServices.create
container.apiServices.delete
container.apiServices.get
container.apiServices.list
container.apiServices.update
container.bindings.create
container.certificateSigningRequests.create
container.certificateSigningRequests.delete
container.certificateSigningRequests.get
container.certificateSigningRequests.list
container.certificateSigningRequests.update
container.clusterRoleBindings.create
container.clusterRoleBindings.delete
container.clusterRoleBindings.get
container.clusterRoleBindings.list
container.clusterRoleBindings.update
container.clusterRoles.create
container.clusterRoles.delete
container.clusterRoles.get
container.clusterRoles.list
container.clusterRoles.update
container.componentStatuses.get
container.componentStatuses.list
container.configMaps.create
container.configMaps.delete
container.configMaps.get
container.configMaps.list
container.configMaps.update
container.controllerRevisions.create
container.controllerRevisions.delete
container.controllerRevisions.get
container.controllerRevisions.list
container.controllerRevisions.update
container.cronJobs.create
container.cronJobs.delete
container.cronJobs.get
container.cronJobs.list
container.cronJobs.update
container.customResourceDefinitions.create
container.customResourceDefinitions.delete
container.customResourceDefinitions.get
container.customResourceDefinitions.list
container.customResourceDefinitions.update
container.daemonSets.create
container.daemonSets.delete
container.daemonSets.get
container.daemonSets.list
container.daemonSets.update
container.deployments.create
container.deployments.delete
container.deployments.get
container.deployments.list
container.deployments.update
container.endpoints.create
container.endpoints.delete
container.endpoints.get
container.endpoints.list
container.endpoints.update
container.events.create
container.events.delete
container.events.get
container.events.list
container.events.update
container.horizontalPodAutoscalers.create
container.horizontalPodAutoscalers.delete
container.horizontalPodAutoscalers.get
container.horizontalPodAutoscalers.list
container.horizontalPodAutoscalers.update
container.ingresses.create
container.ingresses.delete
container.ingresses.get
container.ingresses.list
container.ingresses.update
container.jobs.create
container.jobs.delete
container.jobs.get
container.jobs.list
container.jobs.update
container.limitRanges.create
container.limitRanges.delete
container.limitRanges.get
container.limitRanges.list
container.limitRanges.update
container.localSubjectAccessReviews.create
container.namespaces.create
container.namespaces.delete
container.namespaces.get
container.namespaces.list
container.namespaces.update
container.networkPolicies.create
container.networkPolicies.delete
container.networkPolicies.get
container.networkPolicies.list
container.networkPolicies.update
container.nodes.create
container.nodes.delete
container.nodes.get
container.nodes.list
container.nodes.update
container.persistentVolumeClaims.create
container.persistentVolumeClaims.delete
container.persistentVolumeClaims.get
container.persistentVolumeClaims.list
container.persistentVolumeClaims.update
container.persistentVolumes.create
container.persistentVolumes.delete
container.persistentVolumes.get
container.persistentVolumes.list
container.persistentVolumes.update
container.podDisruptionBudgets.create
container.podDisruptionBudgets.delete
container.podDisruptionBudgets.get
container.podDisruptionBudgets.list
container.podDisruptionBudgets.update
container.podSecurityPolicies.create
container.podSecurityPolicies.delete
container.podSecurityPolicies.get
container.podSecurityPolicies.list
container.podSecurityPolicies.update
container.podTemplates.create
container.podTemplates.delete
container.podTemplates.get
container.podTemplates.list
container.podTemplates.update
container.pods.create
container.pods.delete
container.pods.get
container.pods.list
container.pods.update
container.replicaSets.create
container.replicaSets.delete
container.replicaSets.get
container.replicaSets.list
container.replicaSets.update
container.replicationControllers.create
container.replicationControllers.delete
container.replicationControllers.get
container.replicationControllers.list
container.replicationControllers.update
container.resourceQuotas.create
container.resourceQuotas.delete
container.resourceQuotas.get
container.resourceQuotas.list
container.resourceQuotas.update
container.roleBindings.create
container.roleBindings.delete
container.roleBindings.get
container.roleBindings.list
container.roleBindings.update
container.roles.create
container.roles.delete
container.roles.get
container.roles.list
container.roles.update
container.secrets.create
container.secrets.delete
container.secrets.get
container.secrets.list
container.secrets.update
container.selfSubjectAccessReviews.create
container.serviceAccounts.create
container.serviceAccounts.delete
container.serviceAccounts.get
container.serviceAccounts.list
container.serviceAccounts.update
container.services.create
container.services.delete
container.services.get
container.services.list
container.services.update
container.statefulSets.create
container.statefulSets.delete
container.statefulSets.get
container.statefulSets.list
container.statefulSets.update
container.storageClasses.create
container.storageClasses.delete
container.storageClasses.get
container.storageClasses.list
container.storageClasses.update
container.subjectAccessReviews.create

Cloud IAM changes as of 2018-09-07

Service Change Description
Cloud Memorystore for Redis Supported In Custom Roles redis.operations.cancel
redis.operations.delete

Cloud IAM changes as of 2018-08-31

Service Change Description
Google Kubernetes Engine Added container.cronJobs.getStatus
container.daemonSets.getStatus
container.deployments.getStatus
container.horizontalPodAutoscalers.getStatus
container.ingresses.getStatus
container.jobs.getStatus
container.namespaces.getStatus
container.nodes.getStatus
container.persistentVolumeClaims.getStatus
container.persistentVolumes.getStatus
container.podDisruptionBudgets.getStatus
container.pods.getStatus
container.replicaSets.getScale
container.replicaSets.getStatus
container.replicaSets.updateScale
container.replicationControllers.getScale
container.replicationControllers.getStatus
container.replicationControllers.updateScale
container.resourceQuotas.getStatus
container.services.getStatus
container.statefulSets.getStatus
Cloud Data Loss Prevention Added dlp.storedInfoTypes.create
dlp.storedInfoTypes.delete
dlp.storedInfoTypes.get
dlp.storedInfoTypes.list
dlp.storedInfoTypes.update
Cloud Data Loss Prevention Supported In Custom Roles dlp.storedInfoTypes.create
dlp.storedInfoTypes.delete
dlp.storedInfoTypes.get
dlp.storedInfoTypes.list
dlp.storedInfoTypes.update
Cloud Source Repositories Added source.repos.getProjectConfig
source.repos.updateProjectConfig
source.repos.updateRepoConfig
Cloud Source Repositories Supported In Custom Roles source.repos.getProjectConfig
source.repos.updateProjectConfig
source.repos.updateRepoConfig
Cloud Source Repositories Now GA source.repos.getProjectConfig
source.repos.updateProjectConfig
source.repos.updateRepoConfig

Cloud IAM changes as of 2018-08-10

Service Change Description
Binary Authorization Added binaryauthorization.attestors.verifyImageAttested
Binary Authorization Supported In Custom Roles binaryauthorization.attestors.verifyImageAttested
Compute Engine Added compute.globalAddresses.createInternal
compute.globalAddresses.deleteInternal
Compute Engine Supported In Custom Roles compute.globalAddresses.createInternal
compute.globalAddresses.deleteInternal
Cloud Filestore Added file.instances.create
file.instances.delete
file.instances.get
file.instances.list
file.instances.update
file.locations.get
file.locations.list
file.operations.cancel
file.operations.delete
file.operations.get
file.operations.list

Cloud IAM changes as of 2018-08-03

Service Change Description
Android Management API Supported In Custom Roles androidmanagement.enterprises.manage
Android Management API Now GA androidmanagement.enterprises.manage
Cloud Billing Supported In Custom Roles billing.resourceCosts.get
Binary Authorization Added binaryauthorization.policy.get
binaryauthorization.policy.getIamPolicy
binaryauthorization.policy.setIamPolicy
binaryauthorization.policy.update
Cloud Composer Now GA composer.environments.create
composer.environments.delete
composer.environments.get
composer.environments.list
composer.environments.update
composer.operations.delete
composer.operations.get
composer.operations.list
Compute Engine Now GA compute.nodeGroups.addNodes
compute.nodeGroups.create
compute.nodeGroups.delete
compute.nodeGroups.deleteNodes
compute.nodeGroups.get
compute.nodeGroups.list
compute.nodeGroups.setNodeTemplate
compute.nodeTemplates.create
compute.nodeTemplates.delete
compute.nodeTemplates.get
compute.nodeTemplates.list
compute.nodeTypes.get
compute.nodeTypes.list
Google Kubernetes Engine Now GA container.hostServiceAgent.use
Cloud Memorystore for Redis Added redis.operations.cancel
Cloud Memorystore for Redis Supported In Custom Roles redis.instances.create
redis.instances.delete
redis.instances.get
redis.instances.list
redis.instances.update
redis.locations.get
redis.locations.list
redis.operations.get
redis.operations.list
Subscribe with Google Added subscribewithgoogledeveloper.tools.get
Subscribe with Google Supported In Custom Roles subscribewithgoogledeveloper.tools.get

Cloud IAM changes as of 2018-07-20

Service Change Description
Access Context Manager Added accesscontextmanager.accessLevels.create
accesscontextmanager.accessLevels.delete
accesscontextmanager.accessLevels.get
accesscontextmanager.accessLevels.list
accesscontextmanager.accessLevels.update
accesscontextmanager.accessPolicies.create
accesscontextmanager.accessPolicies.delete
accesscontextmanager.accessPolicies.get
accesscontextmanager.accessPolicies.getIamPolicy
accesscontextmanager.accessPolicies.list
accesscontextmanager.accessPolicies.setIamPolicy
accesscontextmanager.accessPolicies.update
accesscontextmanager.accessZones.create
accesscontextmanager.accessZones.delete
accesscontextmanager.accessZones.get
accesscontextmanager.accessZones.list
accesscontextmanager.accessZones.update
accesscontextmanager.policies.create
accesscontextmanager.policies.delete
accesscontextmanager.policies.get
accesscontextmanager.policies.getIamPolicy
accesscontextmanager.policies.list
accesscontextmanager.policies.setIamPolicy
accesscontextmanager.policies.update
accesscontextmanager.servicePerimeters.create
accesscontextmanager.servicePerimeters.delete
accesscontextmanager.servicePerimeters.get
accesscontextmanager.servicePerimeters.list
accesscontextmanager.servicePerimeters.update
Cloud AutoML Added automl.annotationSpecs.create
automl.annotationSpecs.delete
automl.annotationSpecs.get
automl.annotationSpecs.list
automl.annotationSpecs.update
automl.annotations.approve
automl.annotations.create
automl.annotations.list
automl.annotations.manipulate
automl.annotations.reject
automl.datasets.create
automl.datasets.delete
automl.datasets.export
automl.datasets.get
automl.datasets.import
automl.datasets.list
automl.examples.delete
automl.examples.get
automl.examples.list
automl.humanAnnotationTasks.create
automl.humanAnnotationTasks.delete
automl.humanAnnotationTasks.get
automl.humanAnnotationTasks.list
automl.locations.get
automl.locations.list
automl.modelEvaluations.create
automl.modelEvaluations.get
automl.modelEvaluations.list
automl.models.create
automl.models.delete
automl.models.deploy
automl.models.get
automl.models.list
automl.models.predict
automl.models.undeploy
automl.operations.cancel
automl.operations.delete
automl.operations.get
automl.operations.list
Cloud AutoML Supported In Custom Roles automl.annotationSpecs.create
automl.annotationSpecs.delete
automl.annotationSpecs.get
automl.annotationSpecs.list
automl.annotationSpecs.update
automl.annotations.approve
automl.annotations.create
automl.annotations.list
automl.annotations.manipulate
automl.annotations.reject
automl.datasets.create
automl.datasets.delete
automl.datasets.export
automl.datasets.get
automl.datasets.import
automl.datasets.list
automl.examples.delete
automl.examples.get
automl.examples.list
automl.humanAnnotationTasks.create
automl.humanAnnotationTasks.get
automl.humanAnnotationTasks.list
automl.locations.get
automl.locations.list
automl.modelEvaluations.get
automl.modelEvaluations.list
automl.models.create
automl.models.delete
automl.models.get
automl.models.list
automl.models.predict
automl.operations.cancel
automl.operations.delete
automl.operations.get
automl.operations.list
Binary Authorization Added binaryauthorization.attestors.create
binaryauthorization.attestors.delete
binaryauthorization.attestors.get
binaryauthorization.attestors.getIamPolicy
binaryauthorization.attestors.list
binaryauthorization.attestors.setIamPolicy
binaryauthorization.attestors.update
Binary Authorization Supported In Custom Roles binaryauthorization.attestors.create
binaryauthorization.attestors.delete
binaryauthorization.attestors.get
binaryauthorization.attestors.getIamPolicy
binaryauthorization.attestors.list
binaryauthorization.attestors.setIamPolicy
binaryauthorization.attestors.update
Cloud DNS Supported In Custom Roles dns.changes.create
dns.changes.get
dns.changes.list
dns.managedZones.create
dns.managedZones.delete
dns.managedZones.get
dns.managedZones.list
dns.projects.get
dns.resourceRecordSets.create
dns.resourceRecordSets.delete
dns.resourceRecordSets.list
dns.resourceRecordSets.update

Cloud IAM changes as of 2018-07-13

Service Change Description
BigQuery Added bigquery.datasets.getIamPolicy
bigquery.datasets.setIamPolicy
Cloud Datastore Added datastore.locations.get
datastore.locations.list

Cloud IAM changes as of 2018-07-06

Service Change Description
Cloud Composer Supported In Custom Roles composer.environments.create
composer.environments.delete
composer.environments.get
composer.environments.list
composer.environments.update
composer.operations.delete
composer.operations.get
composer.operations.list
Cloud Endpoints Added endpoints.portals.attachCustomDomain
endpoints.portals.detachCustomDomain
endpoints.portals.listCustomDomains
endpoints.portals.update
Cloud Endpoints Supported In Custom Roles endpoints.portals.attachCustomDomain
endpoints.portals.detachCustomDomain
endpoints.portals.listCustomDomains
endpoints.portals.update
Cloud TPU Added tpu.acceleratortypes.get
tpu.acceleratortypes.list
tpu.locations.get
tpu.locations.list
tpu.nodes.create
tpu.nodes.delete
tpu.nodes.get
tpu.nodes.list
tpu.nodes.reimage
tpu.nodes.reset
tpu.nodes.start
tpu.nodes.stop
tpu.operations.get
tpu.operations.list
tpu.tensorflowversions.get
tpu.tensorflowversions.list
Cloud TPU Supported In Custom Roles tpu.acceleratortypes.get
tpu.acceleratortypes.list
tpu.locations.get
tpu.locations.list
tpu.nodes.create
tpu.nodes.delete
tpu.nodes.get
tpu.nodes.list
tpu.nodes.reimage
tpu.nodes.reset
tpu.nodes.start
tpu.nodes.stop
tpu.operations.get
tpu.operations.list
tpu.tensorflowversions.get
tpu.tensorflowversions.list

Cloud IAM changes as of 2018-06-29

Service Change Description
Cloud Identity and Access Management Now GA iam.serviceAccounts.implicitDelegation

Cloud IAM changes as of 2018-06-15

Service Change Description
Compute Engine Supported In Custom Roles compute.backendServices.create
compute.backendServices.delete
compute.backendServices.get
compute.backendServices.list
compute.backendServices.setSecurityPolicy
compute.backendServices.update
compute.backendServices.use
compute.regionBackendServices.create
compute.regionBackendServices.delete
compute.regionBackendServices.get
compute.regionBackendServices.list
compute.regionBackendServices.setSecurityPolicy
compute.regionBackendServices.update
compute.regionBackendServices.use
compute.targetHttpProxies.create
compute.targetHttpProxies.setUrlMap
compute.targetHttpsProxies.create
compute.targetHttpsProxies.setUrlMap
compute.targetSslProxies.create
compute.targetSslProxies.setBackendService
compute.targetTcpProxies.create
compute.targetTcpProxies.update
Compute Engine Now GA compute.regionBackendServices.create
compute.regionBackendServices.delete
compute.regionBackendServices.get
compute.regionBackendServices.list
compute.regionBackendServices.setSecurityPolicy
compute.regionBackendServices.update
compute.regionBackendServices.use

Cloud IAM changes as of 2018-06-08

Service Change Description
Compute Engine Added compute.nodeGroups.addNodes
compute.nodeGroups.create
compute.nodeGroups.delete
compute.nodeGroups.deleteNodes
compute.nodeGroups.get
compute.nodeGroups.list
compute.nodeGroups.setNodeTemplate
compute.nodeTemplates.create
compute.nodeTemplates.delete
compute.nodeTemplates.get
compute.nodeTemplates.list
compute.nodeTypes.get
compute.nodeTypes.list
Compute Engine Supported In Custom Roles compute.nodeGroups.addNodes
compute.nodeGroups.create
compute.nodeGroups.delete
compute.nodeGroups.deleteNodes
compute.nodeGroups.get
compute.nodeGroups.list
compute.nodeGroups.setNodeTemplate
compute.nodeTemplates.create
compute.nodeTemplates.delete
compute.nodeTemplates.get
compute.nodeTemplates.list
compute.nodeTypes.get
compute.nodeTypes.list

Cloud IAM changes as of 2018-05-11

Service Change Description
BigQuery Supported In Custom Roles bigquery.jobs.listAll
Cloud Bigtable Supported In Custom Roles bigtable.appProfiles.create
bigtable.appProfiles.delete
bigtable.appProfiles.get
bigtable.appProfiles.list
bigtable.appProfiles.update
bigtable.clusters.create
bigtable.clusters.delete
bigtable.tables.checkConsistency
bigtable.tables.generateConsistencyToken
Cloud Bigtable Now GA bigtable.appProfiles.create
bigtable.appProfiles.delete
bigtable.appProfiles.get
bigtable.appProfiles.list
bigtable.appProfiles.update
bigtable.tables.checkConsistency
bigtable.tables.generateConsistencyToken
Cloud Composer Now Beta composer.environments.create
composer.environments.delete
composer.environments.get
composer.environments.list
composer.environments.update
composer.operations.delete
composer.operations.get
composer.operations.list
Cloud Genomics Supported In Custom Roles genomics.operations.cancel
genomics.operations.create
genomics.operations.get
genomics.operations.list
Stackdriver Monitoring Supported In Custom Roles monitoring.dashboards.create
monitoring.dashboards.delete
monitoring.dashboards.get
monitoring.dashboards.list
monitoring.dashboards.update
monitoring.publicWidgets.create
monitoring.publicWidgets.delete
monitoring.publicWidgets.get
monitoring.publicWidgets.list
monitoring.publicWidgets.update
monitoring.uptimeCheckConfigs.create
monitoring.uptimeCheckConfigs.delete
monitoring.uptimeCheckConfigs.get
monitoring.uptimeCheckConfigs.list
monitoring.uptimeCheckConfigs.update
Stackdriver Monitoring Now GA monitoring.dashboards.create
monitoring.dashboards.delete
monitoring.dashboards.get
monitoring.dashboards.list
monitoring.dashboards.update
monitoring.publicWidgets.create
monitoring.publicWidgets.delete
monitoring.publicWidgets.get
monitoring.publicWidgets.list
monitoring.publicWidgets.update

Cloud IAM changes as of 2018-05-04

Service Change Description
BigQuery Available In Custom Roles bigquery.jobs.listAll
Cloud Bigtable Added bigtable.instances.getIamPolicy
bigtable.instances.setIamPolicy
Cloud Bigtable Supported In Custom Roles bigtable.instances.getIamPolicy
bigtable.instances.setIamPolicy
Cloud Bigtable Now GA bigtable.instances.getIamPolicy
bigtable.instances.setIamPolicy
Compute Engine Supported In Custom Roles compute.instances.osAdminLogin
compute.instances.osLogin
compute.oslogin.updateExternalUser
Compute Engine Now GA compute.oslogin.updateExternalUser
Service Management Supported In Custom Roles servicemanagement.services.bind

Cloud IAM changes as of 2018-04-06

Service Change Description
Compute Engine Supported In Custom Roles compute.instances.setShieldedVmIntegrityPolicy
compute.instances.updateShieldedVmConfig
Compute Engine Now GA compute.instances.setShieldedVmIntegrityPolicy
Google Kubernetes Engine Supported In Custom Roles container.hostServiceAgent.use
Cloud Dataproc Supported In Custom Roles dataproc.jobs.getIamPolicy
dataproc.jobs.setIamPolicy
dataproc.operations.getIamPolicy
dataproc.operations.setIamPolicy
dataproc.workflowTemplates.getIamPolicy
dataproc.workflowTemplates.setIamPolicy
Cloud Dataproc Now GA dataproc.jobs.getIamPolicy
dataproc.jobs.setIamPolicy
dataproc.operations.getIamPolicy
dataproc.operations.setIamPolicy
dataproc.workflowTemplates.getIamPolicy
dataproc.workflowTemplates.setIamPolicy

Cloud IAM changes as of 2018-03-30

Service Change Description
Cloud IoT Now GA cloudiot.devices.create
cloudiot.devices.delete
cloudiot.devices.get
cloudiot.devices.list
cloudiot.devices.update
cloudiot.devices.updateConfig
cloudiot.registries.create
cloudiot.registries.delete
cloudiot.registries.get
cloudiot.registries.getIamPolicy
cloudiot.registries.list
cloudiot.registries.setIamPolicy
cloudiot.registries.update

Cloud IAM changes as of 2018-03-23

Service Change Description
Cloud Genomics Supported In Custom Roles genomics.datasets.create
genomics.datasets.delete
genomics.datasets.get
genomics.datasets.getIamPolicy
genomics.datasets.list
genomics.datasets.setIamPolicy
genomics.datasets.update
Cloud Pub/Sub Supported In Custom Roles pubsub.snapshots.create
pubsub.snapshots.delete
pubsub.snapshots.list

Cloud IAM changes as of 2018-03-09

Service Change Description
Cloud Talent Solution Added cloudjobdiscovery.companies.create
cloudjobdiscovery.companies.delete
cloudjobdiscovery.companies.get
cloudjobdiscovery.companies.list
cloudjobdiscovery.companies.update
cloudjobdiscovery.jobs.create
cloudjobdiscovery.jobs.delete
cloudjobdiscovery.jobs.deleteByFilter
cloudjobdiscovery.jobs.get
cloudjobdiscovery.jobs.search
cloudjobdiscovery.jobs.update
cloudjobdiscovery.tools.access
Cloud Talent Solution Supported In Custom Roles cloudjobdiscovery.companies.create
cloudjobdiscovery.companies.delete
cloudjobdiscovery.companies.get
cloudjobdiscovery.companies.list
cloudjobdiscovery.companies.update
cloudjobdiscovery.jobs.create
cloudjobdiscovery.jobs.delete
cloudjobdiscovery.jobs.deleteByFilter
cloudjobdiscovery.jobs.get
cloudjobdiscovery.jobs.search
cloudjobdiscovery.jobs.update
cloudjobdiscovery.tools.access
Stackdriver Profiler Added cloudprofiler.profiles.create
cloudprofiler.profiles.list
cloudprofiler.profiles.update
Stackdriver Profiler Supported In Custom Roles cloudprofiler.profiles.create
cloudprofiler.profiles.list
cloudprofiler.profiles.update

Cloud IAM changes as of 2018-03-02

Service Change Description
Open Service Broker for Google Cloud Platform Added servicebroker.bindingoperations.get
servicebroker.bindingoperations.list
servicebroker.bindings.create
servicebroker.bindings.delete
servicebroker.bindings.get
servicebroker.bindings.getIamPolicy
servicebroker.bindings.list
servicebroker.bindings.setIamPolicy
servicebroker.catalogs.create
servicebroker.catalogs.delete
servicebroker.catalogs.get
servicebroker.catalogs.getIamPolicy
servicebroker.catalogs.list
servicebroker.catalogs.setIamPolicy
servicebroker.catalogs.validate
servicebroker.instanceoperations.get
servicebroker.instanceoperations.list
servicebroker.instances.create
servicebroker.instances.delete
servicebroker.instances.get
servicebroker.instances.getIamPolicy
servicebroker.instances.list
servicebroker.instances.setIamPolicy
servicebroker.instances.update
Open Service Broker for Google Cloud Platform Supported In Custom Roles servicebroker.bindingoperations.get
servicebroker.bindingoperations.list
servicebroker.bindings.create
servicebroker.bindings.delete
servicebroker.bindings.get
servicebroker.bindings.getIamPolicy
servicebroker.bindings.list
servicebroker.bindings.setIamPolicy
servicebroker.catalogs.create
servicebroker.catalogs.delete
servicebroker.catalogs.get
servicebroker.catalogs.getIamPolicy
servicebroker.catalogs.list
servicebroker.catalogs.setIamPolicy
servicebroker.catalogs.validate
servicebroker.instanceoperations.get
servicebroker.instanceoperations.list
servicebroker.instances.create
servicebroker.instances.delete
servicebroker.instances.get
servicebroker.instances.getIamPolicy
servicebroker.instances.list
servicebroker.instances.setIamPolicy
servicebroker.instances.update

Cloud IAM changes as of 2018-02-23

Service Change Description
Resource Manager Supported In Custom Roles resourcemanager.projects.list
resourcemanager.projects.move
Service Management Added servicemanagement.services.quota
Service Management Supported In Custom Roles servicemanagement.services.quota
Cloud Source Repositories Supported In Custom Roles source.repos.create

Cloud IAM changes as of 2018-02-16

Service Change Description
BigQuery Supported In Custom Roles bigquery.tables.update
bigquery.tables.updateData
Cloud IoT Supported In Custom Roles cloudiot.devices.create
cloudiot.devices.delete
cloudiot.devices.get
cloudiot.devices.list
cloudiot.devices.update
cloudiot.devices.updateConfig
cloudiot.registries.create
cloudiot.registries.delete
cloudiot.registries.get
cloudiot.registries.getIamPolicy
cloudiot.registries.list
cloudiot.registries.setIamPolicy
cloudiot.registries.update
Cloud SQL Supported In Custom Roles cloudsql.instances.demoteMaster
GCP Support Added cloudsupport.accounts.create
cloudsupport.accounts.delete
cloudsupport.accounts.get
cloudsupport.accounts.getIamPolicy
cloudsupport.accounts.getUserRoles
cloudsupport.accounts.list
cloudsupport.accounts.setIamPolicy
cloudsupport.accounts.update
cloudsupport.accounts.updateUserRoles
cloudsupport.operations.get
Compute Engine Added compute.oslogin.updateExternalUser
Compute Engine Supported In Custom Roles compute.addresses.create
compute.disks.create
compute.disks.setLabels
compute.forwardingRules.create
compute.globalAddresses.create
compute.globalForwardingRules.create
compute.images.create
compute.images.setLabels
compute.snapshots.create
compute.snapshots.setLabels
compute.targetVpnGateways.create
compute.vpnTunnels.create
Cloud Dataproc Supported In Custom Roles dataproc.agents.create
dataproc.agents.delete
dataproc.agents.get
dataproc.agents.list
dataproc.agents.update
dataproc.tasks.lease
dataproc.tasks.listInvalidatedLeases
dataproc.tasks.reportStatus
dataproc.workflowTemplates.instantiateInline
Cloud DNS Added dns.changes.create
dns.changes.get
dns.changes.list
dns.dnsKeys.create
dns.dnsKeys.delete
dns.dnsKeys.get
dns.dnsKeys.list
dns.dnsKeys.update
dns.managedZoneOperations.get
dns.managedZoneOperations.list
dns.managedZones.create
dns.managedZones.delete
dns.managedZones.get
dns.managedZones.list
dns.managedZones.update
dns.projects.get
dns.resourceRecordSets.create
dns.resourceRecordSets.delete
dns.resourceRecordSets.get
dns.resourceRecordSets.list
dns.resourceRecordSets.update

Cloud IAM changes as of 2018-02-02

Service Change Description
Compute Engine Available In Custom Roles compute.interconnectAttachments.create
compute.interconnectAttachments.delete
compute.interconnectAttachments.get
compute.interconnectAttachments.list
compute.interconnectAttachments.setLabels
compute.interconnectAttachments.update
compute.interconnectAttachments.use
compute.interconnectLocations.get
compute.interconnectLocations.list
compute.interconnects.create
compute.interconnects.delete
compute.interconnects.get
compute.interconnects.list
compute.interconnects.setLabels
compute.interconnects.update
compute.interconnects.use
Cloud Data Loss Prevention Added dlp.jobTriggers.create
dlp.jobTriggers.delete
dlp.jobTriggers.get
dlp.jobTriggers.list
dlp.jobTriggers.update

Cloud IAM changes as of 2018-01-26

Service Change Description
BigQuery Added bigquery.jobs.listAll
Google Kubernetes Engine Added container.podSecurityPolicies.create
container.podSecurityPolicies.delete
container.podSecurityPolicies.get
container.podSecurityPolicies.list
container.podSecurityPolicies.update
container.podSecurityPolicies.use

Cloud IAM changes as of 2018-01-19

Service Change Description
Compute Engine Added compute.addresses.createInternal
compute.addresses.deleteInternal
compute.addresses.useInternal

Cloud IAM changes as of 2018-01-12

Service Change Description
App Engine Not Supported In Custom Roles appengine.runtimes.actAsAdmin
Compute Engine Added compute.backendServices.setSecurityPolicy
compute.securityPolicies.create
compute.securityPolicies.delete
compute.securityPolicies.get
compute.securityPolicies.getIamPolicy
compute.securityPolicies.list
compute.securityPolicies.setIamPolicy
compute.securityPolicies.update
compute.securityPolicies.use
Compute Engine Not Supported In Custom Roles compute.organizations.administerXpn
compute.targetHttpProxies.create
compute.targetHttpProxies.setUrlMap
compute.targetHttpsProxies.create
compute.targetHttpsProxies.setUrlMap
compute.targetSslProxies.create
compute.targetSslProxies.setBackendService
compute.targetTcpProxies.create
compute.targetTcpProxies.update
Compute Engine Now GA compute.instances.osAdminLogin
compute.instances.osLogin

Cloud IAM changes as of 2017-12-22

Service Change Description
App Engine Supported In Custom Roles appengine.applications.create
appengine.applications.get
appengine.applications.update
appengine.instances.delete
appengine.instances.get
appengine.instances.list
appengine.operations.get
appengine.operations.list
appengine.services.delete
appengine.services.get
appengine.services.list
appengine.services.update
appengine.versions.create
appengine.versions.delete
appengine.versions.get
appengine.versions.list
appengine.versions.update
App Engine Not Supported In Custom Roles appengine.applications.list
appengine.operations.cancel
appengine.operations.delete
appengine.services.create
Cloud Billing Supported In Custom Roles billing.accounts.close
billing.accounts.reopen
billing.budgets.delete
billing.budgets.update
Stackdriver Debugger Supported In Custom Roles clouddebugger.breakpoints.create
clouddebugger.breakpoints.delete
clouddebugger.breakpoints.get
clouddebugger.breakpoints.list
clouddebugger.breakpoints.listActive
clouddebugger.breakpoints.update
clouddebugger.debuggees.create
clouddebugger.debuggees.list
Cloud Key Management Service Supported In Custom Roles cloudkms.cryptoKeyVersions.create
cloudkms.cryptoKeyVersions.destroy
cloudkms.cryptoKeyVersions.get
cloudkms.cryptoKeyVersions.list
cloudkms.cryptoKeyVersions.restore
cloudkms.cryptoKeyVersions.update
cloudkms.cryptoKeyVersions.useToDecrypt
cloudkms.cryptoKeyVersions.useToEncrypt
cloudkms.cryptoKeys.create
cloudkms.cryptoKeys.get
cloudkms.cryptoKeys.getIamPolicy
cloudkms.cryptoKeys.list
cloudkms.cryptoKeys.setIamPolicy
cloudkms.cryptoKeys.update
cloudkms.keyRings.create
cloudkms.keyRings.get
cloudkms.keyRings.getIamPolicy
cloudkms.keyRings.list
cloudkms.keyRings.setIamPolicy
Cloud SQL Supported In Custom Roles cloudsql.backupRuns.create
cloudsql.backupRuns.delete
cloudsql.backupRuns.get
cloudsql.backupRuns.list
cloudsql.databases.create
cloudsql.databases.delete
cloudsql.databases.get
cloudsql.databases.list
cloudsql.databases.update
cloudsql.instances.clone
cloudsql.instances.connect
cloudsql.instances.create
cloudsql.instances.delete
cloudsql.instances.export
cloudsql.instances.failover
cloudsql.instances.get
cloudsql.instances.import
cloudsql.instances.list
cloudsql.instances.promoteReplica
cloudsql.instances.resetSslConfig
cloudsql.instances.restart
cloudsql.instances.restoreBackup
cloudsql.instances.startReplica
cloudsql.instances.stopReplica
cloudsql.instances.truncateLog
cloudsql.instances.update
cloudsql.sslCerts.create
cloudsql.sslCerts.delete
cloudsql.sslCerts.get
cloudsql.sslCerts.list
cloudsql.users.create
cloudsql.users.delete
cloudsql.users.list
cloudsql.users.update
Cloud SQL Not Supported In Custom Roles cloudsql.databases.getIamPolicy
cloudsql.databases.setIamPolicy
cloudsql.instances.demoteMaster
cloudsql.instances.getIamPolicy
cloudsql.instances.migrate
cloudsql.instances.setIamPolicy
cloudsql.sslCerts.createEphemeral
Stackdriver Trace Supported In Custom Roles cloudtrace.insights.get
cloudtrace.insights.list
cloudtrace.stats.get
cloudtrace.tasks.create
cloudtrace.tasks.delete
cloudtrace.tasks.get
cloudtrace.tasks.list
cloudtrace.traces.get
cloudtrace.traces.list
cloudtrace.traces.patch
Compute Engine Added compute.instances.setMachineResources
compute.instances.setMinCpuPlatform
compute.instances.setServiceAccount
compute.instances.updateAccessConfig
compute.instances.updateNetworkInterface
compute.licenseCodes.get
compute.licenseCodes.list
compute.licenseCodes.update
compute.licenseCodes.use
Compute Engine Supported In Custom Roles compute.acceleratorTypes.get
compute.acceleratorTypes.list
compute.addresses.delete
compute.addresses.get
compute.addresses.list
compute.addresses.use
compute.autoscalers.create
compute.autoscalers.delete
compute.autoscalers.get
compute.autoscalers.list
compute.autoscalers.update
compute.backendBuckets.create
compute.backendBuckets.delete
compute.backendBuckets.get
compute.backendBuckets.list
compute.backendBuckets.update
compute.commitments.list
compute.diskTypes.get
compute.diskTypes.list
compute.disks.createSnapshot
compute.disks.delete
compute.disks.get
compute.disks.list
compute.disks.resize
compute.disks.update
compute.disks.use
compute.disks.useReadOnly
compute.firewalls.create
compute.firewalls.delete
compute.firewalls.get
compute.firewalls.list
compute.firewalls.update
compute.forwardingRules.delete
compute.forwardingRules.get
compute.forwardingRules.list
compute.forwardingRules.setTarget
compute.globalAddresses.delete
compute.globalAddresses.get
compute.globalAddresses.list
compute.globalAddresses.use
compute.globalForwardingRules.delete
compute.globalForwardingRules.get
compute.globalForwardingRules.list
compute.globalOperations.delete
compute.globalOperations.get
compute.globalOperations.list
compute.httpHealthChecks.create
compute.httpHealthChecks.delete
compute.httpHealthChecks.get
compute.httpHealthChecks.list
compute.httpHealthChecks.update
compute.httpHealthChecks.useReadOnly
compute.httpsHealthChecks.create
compute.httpsHealthChecks.delete
compute.httpsHealthChecks.get
compute.httpsHealthChecks.list
compute.httpsHealthChecks.update
compute.httpsHealthChecks.useReadOnly
compute.images.delete
compute.images.deprecate
compute.images.get
compute.images.getFromFamily
compute.images.list
compute.instanceGroupManagers.create
compute.instanceGroupManagers.delete
compute.instanceGroupManagers.get
compute.instanceGroupManagers.list
compute.instanceGroupManagers.update
compute.instanceGroupManagers.use
compute.instanceGroups.create
compute.instanceGroups.delete
compute.instanceGroups.get
compute.instanceGroups.list
compute.instanceGroups.update
compute.instanceTemplates.create
compute.instanceTemplates.delete
compute.instanceTemplates.get
compute.instanceTemplates.list
compute.instanceTemplates.useReadOnly
compute.instances.addAccessConfig
compute.instances.attachDisk
compute.instances.create
compute.instances.delete
compute.instances.deleteAccessConfig
compute.instances.detachDisk
compute.instances.get
compute.instances.getSerialPortOutput
compute.instances.list
compute.instances.listReferrers
compute.instances.reset
compute.instances.setDiskAutoDelete
compute.instances.setLabels
compute.instances.setMachineType
compute.instances.setMetadata
compute.instances.setScheduling
compute.instances.setTags
compute.instances.start
compute.instances.stop
compute.instances.use
compute.machineTypes.get
compute.machineTypes.list
compute.networks.create
compute.networks.delete
compute.networks.get
compute.networks.list
compute.networks.updatePolicy
compute.organizations.disableXpnHost
compute.organizations.disableXpnResource
compute.organizations.enableXpnHost
compute.organizations.enableXpnResource
compute.projects.get
compute.projects.setCommonInstanceMetadata
compute.projects.setUsageExportBucket
compute.regionOperations.delete
compute.regionOperations.get
compute.regionOperations.list
compute.regions.get
compute.regions.list
compute.routers.create
compute.routers.delete
compute.routers.get
compute.routers.list
compute.routers.update
compute.routers.use
compute.routes.create
compute.routes.delete
compute.routes.get
compute.routes.list
compute.snapshots.delete
compute.snapshots.get
compute.snapshots.list
compute.snapshots.useReadOnly
compute.sslCertificates.create
compute.sslCertificates.delete
compute.sslCertificates.get
compute.sslCertificates.list
compute.subnetworks.use
compute.subnetworks.useExternalIp
compute.targetHttpProxies.create
compute.targetHttpProxies.delete
compute.targetHttpProxies.get
compute.targetHttpProxies.list
compute.targetHttpProxies.setUrlMap
compute.targetHttpProxies.use
compute.targetHttpsProxies.create
compute.targetHttpsProxies.delete
compute.targetHttpsProxies.get
compute.targetHttpsProxies.list
compute.targetHttpsProxies.setSslCertificates
compute.targetHttpsProxies.setUrlMap
compute.targetHttpsProxies.use
compute.targetInstances.create
compute.targetInstances.delete
compute.targetInstances.get
compute.targetInstances.list
compute.targetInstances.use
compute.targetPools.addHealthCheck
compute.targetPools.addInstance
compute.targetPools.create
compute.targetPools.delete
compute.targetPools.get
compute.targetPools.list
compute.targetPools.removeHealthCheck
compute.targetPools.removeInstance
compute.targetPools.update
compute.targetPools.use
compute.targetSslProxies.create
compute.targetSslProxies.delete
compute.targetSslProxies.get
compute.targetSslProxies.list
compute.targetSslProxies.setBackendService
compute.targetSslProxies.setProxyHeader
compute.targetSslProxies.setSslCertificates
compute.targetSslProxies.use
compute.targetTcpProxies.create
compute.targetTcpProxies.delete
compute.targetTcpProxies.get
compute.targetTcpProxies.list
compute.targetTcpProxies.update
compute.targetTcpProxies.use
compute.targetVpnGateways.delete
compute.targetVpnGateways.get
compute.targetVpnGateways.list
compute.targetVpnGateways.use
compute.vpnTunnels.delete
compute.vpnTunnels.get
compute.vpnTunnels.list
compute.zoneOperations.delete
compute.zoneOperations.get
compute.zoneOperations.list
compute.zones.get
compute.zones.list
Compute Engine Not Supported In Custom Roles compute.backendServices.create
compute.backendServices.delete
compute.backendServices.get
compute.backendServices.list
compute.backendServices.update
compute.backendServices.use
compute.healthChecks.create
compute.healthChecks.delete
compute.healthChecks.get
compute.healthChecks.list
compute.healthChecks.update
compute.healthChecks.use
compute.healthChecks.useReadOnly
compute.interconnectAttachments.create
compute.interconnectAttachments.delete
compute.interconnectAttachments.get
compute.interconnectAttachments.list
compute.interconnectAttachments.setLabels
compute.interconnectAttachments.update
compute.interconnectAttachments.use
compute.interconnectLocations.get
compute.interconnectLocations.list
compute.interconnects.create
compute.interconnects.delete
compute.interconnects.get
compute.interconnects.list
compute.interconnects.setLabels
compute.interconnects.update
compute.interconnects.use
compute.urlMaps.create
compute.urlMaps.delete
compute.urlMaps.get
compute.urlMaps.invalidateCache
compute.urlMaps.list
compute.urlMaps.update
compute.urlMaps.use
compute.urlMaps.validate
Google Kubernetes Engine Added container.services.updateStatus
Google Kubernetes Engine Supported In Custom Roles container.clusters.create
container.clusters.delete
container.clusters.get
container.clusters.getCredentials
container.clusters.list
container.clusters.update
container.operations.get
container.operations.list
Cloud Dataproc Supported In Custom Roles dataproc.clusters.create
dataproc.clusters.delete
dataproc.clusters.get
dataproc.clusters.getIamPolicy
dataproc.clusters.list
dataproc.clusters.setIamPolicy
dataproc.clusters.update
dataproc.clusters.use
dataproc.jobs.cancel
dataproc.jobs.create
dataproc.jobs.delete
dataproc.jobs.get
dataproc.jobs.list
dataproc.jobs.update
dataproc.operations.cancel
dataproc.operations.delete
dataproc.operations.get
dataproc.operations.list
dataproc.workflowTemplates.create
dataproc.workflowTemplates.delete
dataproc.workflowTemplates.get
dataproc.workflowTemplates.instantiate
dataproc.workflowTemplates.list
dataproc.workflowTemplates.update
Cloud Datastore Not Supported In Custom Roles datastore.databases.create
datastore.databases.delete
datastore.databases.export
datastore.databases.get
datastore.databases.getIamPolicy
datastore.databases.import
datastore.databases.list
datastore.databases.setIamPolicy
datastore.databases.update
datastore.entities.allocateIds
datastore.entities.create
datastore.entities.delete
datastore.entities.get
datastore.entities.list
datastore.entities.update
datastore.indexes.create
datastore.indexes.delete
datastore.indexes.get
datastore.indexes.list
datastore.indexes.update
datastore.namespaces.get
datastore.namespaces.getIamPolicy
datastore.namespaces.list
datastore.namespaces.setIamPolicy
datastore.operations.cancel
datastore.operations.delete
datastore.operations.get
datastore.operations.list
datastore.statistics.get
datastore.statistics.list
Cloud Deployment Manager Supported In Custom Roles deploymentmanager.compositeTypes.create
deploymentmanager.compositeTypes.delete
deploymentmanager.compositeTypes.get
deploymentmanager.compositeTypes.list
deploymentmanager.compositeTypes.update
deploymentmanager.deployments.cancelPreview
deploymentmanager.deployments.create
deploymentmanager.deployments.delete
deploymentmanager.deployments.get
deploymentmanager.deployments.getIamPolicy
deploymentmanager.deployments.list
deploymentmanager.deployments.setIamPolicy
deploymentmanager.deployments.stop
deploymentmanager.deployments.update
deploymentmanager.manifests.get
deploymentmanager.manifests.list
deploymentmanager.operations.get
deploymentmanager.operations.list
deploymentmanager.resources.get
deploymentmanager.resources.list
deploymentmanager.typeProviders.create
deploymentmanager.typeProviders.delete
deploymentmanager.typeProviders.get
deploymentmanager.typeProviders.list
deploymentmanager.typeProviders.update
deploymentmanager.types.list
Dialogflow Supported In Custom Roles dialogflow.agents.export
dialogflow.agents.get
dialogflow.agents.import
dialogflow.agents.restore
dialogflow.contexts.create
dialogflow.contexts.delete
dialogflow.contexts.get
dialogflow.contexts.list
dialogflow.contexts.update
dialogflow.entityTypes.create
dialogflow.entityTypes.createEntity
dialogflow.entityTypes.delete
dialogflow.entityTypes.deleteEntity
dialogflow.entityTypes.get
dialogflow.entityTypes.list
dialogflow.entityTypes.update
dialogflow.entityTypes.updateEntity
dialogflow.intents.create
dialogflow.intents.delete
dialogflow.intents.get
dialogflow.intents.list
dialogflow.intents.update
dialogflow.operations.get
dialogflow.sessionEntityTypes.create
dialogflow.sessionEntityTypes.delete
dialogflow.sessionEntityTypes.get
dialogflow.sessionEntityTypes.list
dialogflow.sessionEntityTypes.update
dialogflow.sessions.detectIntent
dialogflow.sessions.streamingDetectIntent
Stackdriver Error Reporting Supported In Custom Roles errorreporting.applications.list
errorreporting.errorEvents.create
errorreporting.errorEvents.delete
errorreporting.errorEvents.list
errorreporting.groupMetadata.get
errorreporting.groupMetadata.update
errorreporting.groups.list
Cloud Identity and Access Management Not Supported In Custom Roles iam.serviceAccounts.actAs
iam.serviceAccounts.getAccessToken
iam.serviceAccounts.signBlob
iam.serviceAccounts.signJwt
Stackdriver Logging Supported In Custom Roles logging.exclusions.create
logging.exclusions.delete
logging.exclusions.get
logging.exclusions.list
logging.exclusions.update
logging.logEntries.create
logging.logEntries.list
logging.logMetrics.create
logging.logMetrics.delete
logging.logMetrics.get
logging.logMetrics.list
logging.logMetrics.update
logging.logServiceIndexes.list
logging.logServices.list
logging.logs.delete
logging.logs.list
logging.privateLogEntries.list
logging.sinks.create
logging.sinks.delete
logging.sinks.get
logging.sinks.list
logging.sinks.update
logging.usage.get
AI Platform Supported In Custom Roles ml.jobs.cancel
ml.jobs.create
ml.jobs.get
ml.jobs.getIamPolicy
ml.jobs.list
ml.jobs.setIamPolicy
ml.jobs.update
ml.locations.get
ml.locations.list
ml.models.create
ml.models.delete
ml.models.get
ml.models.getIamPolicy
ml.models.list
ml.models.predict
ml.models.setIamPolicy
ml.models.update
ml.operations.cancel
ml.operations.get
ml.operations.list
ml.projects.getConfig
ml.versions.create
ml.versions.delete
ml.versions.get
ml.versions.list
ml.versions.predict
ml.versions.update
Stackdriver Monitoring Supported In Custom Roles monitoring.groups.create
monitoring.groups.delete
monitoring.groups.get
monitoring.groups.list
monitoring.groups.update
monitoring.metricDescriptors.create
monitoring.metricDescriptors.delete
monitoring.metricDescriptors.get
monitoring.metricDescriptors.list
monitoring.monitoredResourceDescriptors.get
monitoring.monitoredResourceDescriptors.list
monitoring.timeSeries.create
monitoring.timeSeries.list
Cloud Pub/Sub Supported In Custom Roles pubsub.topics.setIamPolicy
Service Management Supported In Custom Roles servicemanagement.services.check
servicemanagement.services.report
Service Management Not Supported In Custom Roles servicemanagement.consumerSettings.get
servicemanagement.consumerSettings.getIamPolicy
servicemanagement.consumerSettings.list
servicemanagement.consumerSettings.setIamPolicy
servicemanagement.consumerSettings.update
Cloud Source Repositories Supported In Custom Roles source.repos.delete
source.repos.get
source.repos.getIamPolicy
source.repos.list
source.repos.setIamPolicy
Cloud Source Repositories Not Supported In Custom Roles source.repos.update
Cloud Spanner Supported In Custom Roles spanner.databaseOperations.cancel
spanner.databaseOperations.get
spanner.databaseOperations.list
spanner.databases.beginOrRollbackReadWriteTransaction
spanner.databases.beginReadOnlyTransaction
spanner.databases.create
spanner.databases.drop
spanner.databases.get
spanner.databases.getDdl
spanner.databases.getIamPolicy
spanner.databases.list
spanner.databases.read
spanner.databases.select
spanner.databases.setIamPolicy
spanner.databases.updateDdl
spanner.databases.write
spanner.instanceConfigs.get
spanner.instanceConfigs.list
spanner.instanceOperations.cancel
spanner.instanceOperations.delete
spanner.instanceOperations.get
spanner.instanceOperations.list
spanner.instances.create
spanner.instances.delete
spanner.instances.get
spanner.instances.getIamPolicy
spanner.instances.list
spanner.instances.setIamPolicy
spanner.instances.update
spanner.sessions.create
spanner.sessions.delete
spanner.sessions.get
spanner.sessions.list
Cloud Spanner Not Supported In Custom Roles spanner.databaseOperations.delete
spanner.databases.update
Cloud Storage Supported In Custom Roles storage.buckets.create
storage.buckets.delete
storage.buckets.get
storage.buckets.getIamPolicy
storage.buckets.list
storage.buckets.setIamPolicy
storage.buckets.update
storage.objects.create
storage.objects.delete
storage.objects.get
storage.objects.getIamPolicy
storage.objects.list
storage.objects.setIamPolicy
storage.objects.update

Cloud IAM changes as of 2017-12-08

Service Change Description
BigQuery Supported In Custom Roles bigquery.datasets.create
bigquery.datasets.delete
bigquery.datasets.get
bigquery.datasets.update
bigquery.jobs.create
bigquery.jobs.get
bigquery.jobs.list
bigquery.jobs.update
bigquery.savedqueries.create
bigquery.savedqueries.delete
bigquery.savedqueries.get
bigquery.savedqueries.list
bigquery.savedqueries.update
bigquery.tables.create
bigquery.tables.delete
bigquery.tables.export
bigquery.tables.get
bigquery.tables.getData
bigquery.tables.list
BigQuery Not Supported In Custom Roles bigquery.config.get
bigquery.config.update
bigquery.service.actAsSuperuser
bigquery.tables.update
bigquery.tables.updateData
bigquery.transfers.get
bigquery.transfers.update
Cloud Bigtable Supported In Custom Roles bigtable.clusters.get
bigtable.clusters.list
bigtable.clusters.update
bigtable.instances.create
bigtable.instances.delete
bigtable.instances.get
bigtable.instances.list
bigtable.instances.update
bigtable.tables.create
bigtable.tables.delete
bigtable.tables.get
bigtable.tables.list
bigtable.tables.mutateRows
bigtable.tables.readRows
bigtable.tables.sampleRowKeys
bigtable.tables.update
Compute Engine Added compute.disks.getIamPolicy
compute.disks.setIamPolicy
compute.globalOperations.getIamPolicy
compute.globalOperations.setIamPolicy
compute.images.getIamPolicy
compute.images.setIamPolicy
compute.instances.getIamPolicy
compute.instances.setIamPolicy
compute.licenses.getIamPolicy
compute.licenses.setIamPolicy
compute.organizations.administerXpn
compute.organizations.disableXpnHost
compute.organizations.disableXpnResource
compute.organizations.enableXpnHost
compute.organizations.enableXpnResource
compute.regionOperations.getIamPolicy
compute.regionOperations.setIamPolicy
compute.snapshots.getIamPolicy
compute.snapshots.setIamPolicy
compute.vpnGateways.create
compute.vpnGateways.delete
compute.vpnGateways.get
compute.vpnGateways.list
compute.vpnGateways.setLabels
compute.vpnGateways.use
compute.zoneOperations.getIamPolicy
compute.zoneOperations.setIamPolicy
Cloud Dataflow Supported In Custom Roles dataflow.jobs.cancel
dataflow.jobs.create
dataflow.jobs.get
dataflow.jobs.list
dataflow.jobs.updateContents
dataflow.messages.list
dataflow.metrics.get
Cloud Dataproc Added dataproc.workflowTemplates.instantiateInline
Cloud Data Loss Prevention Added dlp.analyzeRiskTemplates.create
dlp.analyzeRiskTemplates.delete
dlp.analyzeRiskTemplates.get
dlp.analyzeRiskTemplates.list
dlp.analyzeRiskTemplates.update
dlp.deidentifyTemplates.create
dlp.deidentifyTemplates.delete
dlp.deidentifyTemplates.get
dlp.deidentifyTemplates.list
dlp.deidentifyTemplates.update
dlp.inspectTemplates.create
dlp.inspectTemplates.delete
dlp.inspectTemplates.get
dlp.inspectTemplates.list
dlp.inspectTemplates.update
dlp.jobs.cancel
dlp.jobs.create
dlp.jobs.delete
dlp.jobs.get
dlp.jobs.list
Cloud Pub/Sub Added pubsub.snapshots.create
pubsub.snapshots.delete
pubsub.snapshots.get
pubsub.snapshots.getIamPolicy
pubsub.snapshots.list
pubsub.snapshots.seek
pubsub.snapshots.setIamPolicy
pubsub.snapshots.update
Cloud Pub/Sub Supported In Custom Roles pubsub.subscriptions.consume
pubsub.subscriptions.create
pubsub.subscriptions.delete
pubsub.subscriptions.get
pubsub.subscriptions.getIamPolicy
pubsub.subscriptions.list
pubsub.subscriptions.setIamPolicy
pubsub.subscriptions.update
pubsub.topics.attachSubscription
pubsub.topics.create
pubsub.topics.delete
pubsub.topics.get
pubsub.topics.getIamPolicy
pubsub.topics.list
pubsub.topics.publish

Cloud IAM changes as of 2017-12-01

Service Change Description
Cloud Build Supported In Custom Roles cloudbuild.builds.create
cloudbuild.builds.get
cloudbuild.builds.list
cloudbuild.builds.update
Cloud Tool Results Now GA cloudtoolresults.executions.create
cloudtoolresults.executions.get
cloudtoolresults.executions.list
cloudtoolresults.executions.update
cloudtoolresults.histories.create
cloudtoolresults.histories.get
cloudtoolresults.histories.list
cloudtoolresults.settings.create
cloudtoolresults.settings.get
cloudtoolresults.settings.update
cloudtoolresults.steps.create
cloudtoolresults.steps.get
cloudtoolresults.steps.list
cloudtoolresults.steps.update
Compute Engine Now GA compute.instances.addMaintenancePolicies
compute.instances.removeMaintenancePolicies
compute.maintenancePolicies.create
compute.maintenancePolicies.delete
compute.maintenancePolicies.get
compute.maintenancePolicies.getIamPolicy
compute.maintenancePolicies.list
compute.maintenancePolicies.setIamPolicy
compute.maintenancePolicies.use
compute.targetTcpProxies.create
compute.targetTcpProxies.delete
compute.targetTcpProxies.get
compute.targetTcpProxies.getIamPolicy
compute.targetTcpProxies.list
compute.targetTcpProxies.setIamPolicy
compute.targetTcpProxies.update
compute.targetTcpProxies.use
Google Kubernetes Engine Added container.initializerConfigurations.create
container.initializerConfigurations.delete
container.initializerConfigurations.get
container.initializerConfigurations.list
container.initializerConfigurations.update
container.pods.initialize
Google Kubernetes Engine Now GA container.deployments.getScale
container.deployments.updateScale
Cloud Dataprep by Trifacta Supported In Custom Roles dataprep.projects.use
Cloud Identity and Access Management Supported In Custom Roles iam.roles.create
iam.roles.delete
iam.roles.get
iam.roles.list
iam.roles.undelete
iam.roles.update

Cloud IAM changes as of 2017-11-10

Service Change Description
Google Kubernetes Engine Added container.clusters.getIamPolicy
container.clusters.setIamPolicy
AI Platform Added ml.locations.get
ml.locations.list
Stackdriver Monitoring Added monitoring.metricDescriptors.update

Cloud IAM changes as of 2017-10-27

Service Change Description
Compute Engine Added compute.instances.updateShieldedVmConfig
Cloud Identity-Aware Proxy Added iap.web.getIamPolicy
iap.web.setIamPolicy
iap.webServiceVersions.accessViaIAP
iap.webServiceVersions.getIamPolicy
iap.webServiceVersions.setIamPolicy
iap.webServiceVersions.updateIAP
iap.webServices.getIamPolicy
iap.webServices.setIamPolicy
iap.webServices.updateIAP
iap.webTypes.getIamPolicy
iap.webTypes.setIamPolicy
iap.webTypes.updateIAP
Service Management Supported In Custom Roles servicemanagement.services.create
servicemanagement.services.delete
servicemanagement.services.get
servicemanagement.services.getIamPolicy
servicemanagement.services.list
servicemanagement.services.setIamPolicy
servicemanagement.services.update

Cloud IAM changes as of 2017-10-06

Service Change Description
Cloud Dataproc Now GA dataproc.workflowTemplates.create
dataproc.workflowTemplates.delete
dataproc.workflowTemplates.get
dataproc.workflowTemplates.getIamPolicy
dataproc.workflowTemplates.instantiate
dataproc.workflowTemplates.list
dataproc.workflowTemplates.setIamPolicy
dataproc.workflowTemplates.update

Cloud IAM changes as of 2017-09-22

Service Change Description
App Engine Added appengine.memcache.addKey
appengine.memcache.flush
appengine.memcache.get
appengine.memcache.getKey
appengine.memcache.list
appengine.memcache.update
Cloud SQL Added cloudsql.instances.demoteMaster
Cloud SQL Now GA cloudsql.instances.demoteMaster

Cloud IAM changes as of 2017-09-08

Service Change Description
Cloud Functions Added cloudfunctions.functions.call
cloudfunctions.functions.create
cloudfunctions.functions.delete
cloudfunctions.functions.get
cloudfunctions.functions.list
cloudfunctions.functions.sourceCodeGet
cloudfunctions.functions.sourceCodeSet
cloudfunctions.functions.update
cloudfunctions.locations.list
cloudfunctions.operations.get
cloudfunctions.operations.list
Compute Engine Added compute.instances.setDeletionProtection
compute.targetHttpsProxies.setUrlMap
Google Kubernetes Engine Added container.statefulSets.getScale
container.statefulSets.updateScale
Google Kubernetes Engine Now GA container.statefulSets.getScale
container.statefulSets.updateScale
Cloud Functions Added dlp.kms.encrypt
dlp.riskAnalysisOperations.cancel
dlp.riskAnalysisOperations.create
dlp.riskAnalysisOperations.get
dlp.riskAnalysisOperations.list
Bu sayfayı yararlı buldunuz mu? Lütfen görüşünüzü bildirin:

Şunun hakkında geri bildirim gönderin...

Cloud IAM Documentation