This page describes changes to the public IAM permissions for all Generally Available and Beta services on Google Cloud. This change log can help you maintain and troubleshoot your custom roles.
When a permission is retired or is no longer supported in custom roles, IAM automatically removes the permission from your custom roles. In contrast, when a permission is added, IAM does not automatically add the permission to your custom roles.
You can see the latest product updates for all of Google Cloud on the Google Cloud release notes page.
To get the latest product updates delivered to you, add the URL of this page to your
feed
reader, or add the feed URL directly: https://cloud.google.com/feeds/cloud-iam-permissions-change-log.xml
Upcoming Cloud IAM changes for the week of 2021-02-22
Service | Change | Description |
---|---|---|
Cloud Functions | Role Updated |
The following permissions have been added to the role iam.serviceAccounts.actAs |
Cloud TPU | Role Updated |
The following permissions have been added to the role trafficdirector.networks.getConfigs trafficdirector.networks.reportMetrics |
Cloud Composer | Role Updated |
The following permissions have been added to the role trafficdirector.networks.getConfigs trafficdirector.networks.reportMetrics |
Compute Engine | Role Updated |
The following permissions have been added to the role trafficdirector.networks.getConfigs trafficdirector.networks.reportMetrics |
Compute Engine | Role Updated |
The following permissions have been added to the role trafficdirector.networks.getConfigs trafficdirector.networks.reportMetrics |
Google Kubernetes Engine | Role Updated |
The following permissions have been added to the role trafficdirector.networks.getConfigs trafficdirector.networks.reportMetrics |
Dataflow | Role Updated |
The following permissions have been added to the role trafficdirector.networks.getConfigs trafficdirector.networks.reportMetrics |
Cloud Data Fusion | Role Updated |
The following permissions have been added to the role trafficdirector.networks.getConfigs trafficdirector.networks.reportMetrics |
Document AI | Role Updated |
The following permissions have been added to the role documentai.processorVersions.processBatch documentai.processorVersions.processOnline documentai.processorVersions.update |
Document AI | Role Updated |
The following permissions have been added to the role documentai.processorVersions.processBatch documentai.processorVersions.processOnline |
Document AI | Role Updated |
The following permissions have been added to the role documentai.processorVersions.processBatch documentai.processorVersions.processOnline documentai.processorVersions.update |
Document AI | Role Updated |
The following permissions have been added to the role documentai.processorVersions.processBatch documentai.processorVersions.processOnline |
Cloud Healthcare API | Now GA |
The role |
Cloud Healthcare API | Now GA |
The role |
Cloud Healthcare API | Now GA |
The role |
Cloud Healthcare API | Now GA |
The role |
Cloud Healthcare API | Now GA |
The role |
Cloud Healthcare API | Now GA |
The role |
Cloud Healthcare API | Now GA |
The role |
Cloud Healthcare API | Now GA |
The role |
Cloud Healthcare API | Now GA |
The role |
Cloud Healthcare API | Now GA |
The role |
Cloud Healthcare API | Now GA |
The role |
Service Networking | Role Updated |
The following permissions have been added to the role compute.networks.listPeeringRoutes |
Cloud Billing | Supported In Custom Roles |
billing.accounts.create billing.accounts.get billing.accounts.getIamPolicy billing.accounts.getPaymentInfo billing.accounts.list billing.accounts.move billing.accounts.removeFromOrganization billing.accounts.setIamPolicy billing.accounts.update billing.accounts.updatePaymentInfo billing.resourceAssociations.create billing.resourceAssociations.delete billing.resourceAssociations.list |
Compute Engine | Added |
compute.serviceAttachments.create compute.serviceAttachments.delete compute.serviceAttachments.get compute.serviceAttachments.list compute.serviceAttachments.update |
Compute Engine | Supported In Custom Roles |
compute.serviceAttachments.create compute.serviceAttachments.delete compute.serviceAttachments.get compute.serviceAttachments.list compute.serviceAttachments.update |
Document AI | Added |
documentai.evaluations.create documentai.evaluations.get documentai.evaluations.list documentai.processorVersions.processBatch documentai.processorVersions.processOnline documentai.processorVersions.update |
Cloud Healthcare API | Now GA |
healthcare.attributeDefinitions.create healthcare.attributeDefinitions.delete healthcare.attributeDefinitions.get healthcare.attributeDefinitions.list healthcare.attributeDefinitions.update healthcare.consentArtifacts.create healthcare.consentArtifacts.delete healthcare.consentArtifacts.get healthcare.consentArtifacts.list healthcare.consentStores.checkDataAccess healthcare.consentStores.create healthcare.consentStores.delete healthcare.consentStores.evaluateUserConsents healthcare.consentStores.get healthcare.consentStores.getIamPolicy healthcare.consentStores.list healthcare.consentStores.queryAccessibleData healthcare.consentStores.setIamPolicy healthcare.consentStores.update healthcare.consents.activate healthcare.consents.create healthcare.consents.delete healthcare.consents.get healthcare.consents.list healthcare.consents.reject healthcare.consents.revoke healthcare.consents.update healthcare.userDataMappings.archive healthcare.userDataMappings.create healthcare.userDataMappings.delete healthcare.userDataMappings.get healthcare.userDataMappings.list healthcare.userDataMappings.update |
Resource Manager | Supported In Custom Roles |
resourcemanager.projects.createBillingAssignment resourcemanager.projects.deleteBillingAssignment |
Cloud IAM changes as of 2021-02-19
Service | Change | Description |
---|---|---|
Access Context Manager | Role Updated |
The following permissions have been added to the role cloudasset.assets.searchAllResources |
Access Context Manager | Role Updated |
The following permissions have been added to the role cloudasset.assets.searchAllResources |
Cloud Asset Inventory | Role Updated |
The following permissions have been added to the role recommender.locations.get recommender.locations.list |
Cloud Asset Inventory | Role Updated |
The following permissions have been added to the role recommender.locations.get recommender.locations.list |
Google Kubernetes Engine | Role Updated |
The following permissions have been added to the role dns.networks.bindPrivateDNSPolicy dns.networks.bindPrivateDNSZone |
Google Kubernetes Engine | Role Updated |
The following permissions have been added to the role iam.serviceAccounts.get |
Error Reporting | Role Updated |
The following permissions have been added to the role resourcemanager.projects.get resourcemanager.projects.list |
Error Reporting | Role Updated |
The following permissions have been added to the role resourcemanager.projects.get resourcemanager.projects.list |
Error Reporting | Role Updated |
The following permissions have been added to the role resourcemanager.projects.get resourcemanager.projects.list |
Media Asset | Now GA |
The role |
Security Command Center | Role Updated |
The following permissions have been added to the role recommender.locations.get recommender.locations.list |
Security Command Center | Role Updated |
The following permissions have been added to the role recommender.locations.get recommender.locations.list |
Security Command Center | Role Updated |
The following permissions have been added to the role recommender.locations.get recommender.locations.list |
Service Networking | Role Updated |
The following permissions have been added to the role compute.globalAddresses.list |
Compute Engine | Now GA |
compute.globalForwardingRules.pscCreate compute.globalForwardingRules.pscDelete compute.globalForwardingRules.pscUpdate compute.nodeGroups.update |
Firebase | Added |
firebase.clients.list firebase.clients.update |
Firebase | Supported In Custom Roles |
firebase.clients.list firebase.clients.update |
Firebase | Now GA |
firebase.clients.list firebase.clients.update |
Policy Simulator | Added |
policysimulator.replayResults.list policysimulator.replays.create policysimulator.replays.get policysimulator.replays.list policysimulator.replays.run |
Policy Simulator | Supported In Custom Roles |
policysimulator.replayResults.list policysimulator.replays.create policysimulator.replays.get policysimulator.replays.list policysimulator.replays.run |
Pub/Sub | Added |
pubsub.schemas.attach pubsub.schemas.create pubsub.schemas.delete pubsub.schemas.get pubsub.schemas.getIamPolicy pubsub.schemas.list pubsub.schemas.setIamPolicy pubsub.schemas.validate |
Recommender | Added |
recommender.loggingProductSuggestionContainerInsights.get recommender.loggingProductSuggestionContainerInsights.list recommender.loggingProductSuggestionContainerInsights.update recommender.loggingProductSuggestionContainerRecommendations.get recommender.loggingProductSuggestionContainerRecommendations.list recommender.loggingProductSuggestionContainerRecommendations.update recommender.monitoringProductSuggestionComputeInsights.get recommender.monitoringProductSuggestionComputeInsights.list recommender.monitoringProductSuggestionComputeInsights.update recommender.monitoringProductSuggestionComputeRecommendations.get recommender.monitoringProductSuggestionComputeRecommendations.list recommender.monitoringProductSuggestionComputeRecommendations.update |
Recommender | Supported In Custom Roles |
recommender.loggingProductSuggestionContainerInsights.get recommender.loggingProductSuggestionContainerInsights.list recommender.loggingProductSuggestionContainerInsights.update recommender.loggingProductSuggestionContainerRecommendations.get recommender.loggingProductSuggestionContainerRecommendations.list recommender.loggingProductSuggestionContainerRecommendations.update recommender.monitoringProductSuggestionComputeInsights.get recommender.monitoringProductSuggestionComputeInsights.list recommender.monitoringProductSuggestionComputeInsights.update recommender.monitoringProductSuggestionComputeRecommendations.get recommender.monitoringProductSuggestionComputeRecommendations.list recommender.monitoringProductSuggestionComputeRecommendations.update |
Resource Manager | Added |
resourcemanager.resourceTagBindings.create resourcemanager.resourceTagBindings.delete resourcemanager.resourceTagBindings.list resourcemanager.tagKeys.create resourcemanager.tagKeys.delete resourcemanager.tagKeys.get resourcemanager.tagKeys.getIamPolicy resourcemanager.tagKeys.list resourcemanager.tagKeys.setIamPolicy resourcemanager.tagKeys.update resourcemanager.tagValueBindings.create resourcemanager.tagValueBindings.delete resourcemanager.tagValues.create resourcemanager.tagValues.delete resourcemanager.tagValues.get resourcemanager.tagValues.getIamPolicy resourcemanager.tagValues.list resourcemanager.tagValues.setIamPolicy resourcemanager.tagValues.update |
Resource Manager | Supported In Custom Roles |
resourcemanager.resourceTagBindings.create resourcemanager.resourceTagBindings.delete resourcemanager.resourceTagBindings.list resourcemanager.tagKeys.create resourcemanager.tagKeys.delete resourcemanager.tagKeys.get resourcemanager.tagKeys.getIamPolicy resourcemanager.tagKeys.list resourcemanager.tagKeys.setIamPolicy resourcemanager.tagKeys.update resourcemanager.tagValueBindings.create resourcemanager.tagValueBindings.delete resourcemanager.tagValues.create resourcemanager.tagValues.delete resourcemanager.tagValues.get resourcemanager.tagValues.getIamPolicy resourcemanager.tagValues.list resourcemanager.tagValues.setIamPolicy resourcemanager.tagValues.update |
Cloud IAM changes as of 2021-01-29
Service | Change | Description |
---|---|---|
Anthos Audit API | Now GA |
The role |
Apigee | Role Updated |
The following permissions have been added to the role apigee.apps.get apigee.apps.list |
Cloud Billing | Now GA |
The role |
Binary Authorization | Now GA |
The role |
Binary Authorization | Now GA |
The role |
Binary Authorization | Now GA |
The role |
Binary Authorization | Now GA |
The role |
Binary Authorization | Now GA |
The role |
Binary Authorization | Now GA |
The role |
Binary Authorization | Now GA |
The role |
Compute Engine | Role Updated |
The following permissions have been added to the role compute.externalVpnGateways.get compute.externalVpnGateways.list |
Cloud Data Fusion | Role Updated |
The following permissions have been added to the role compute.externalVpnGateways.get compute.externalVpnGateways.list |
GKE Hub | Role Updated |
The following permissions have been added to the role container.customResourceDefinitions.list |
Google Workspace | Now GA |
The role |
Google Workspace | Now GA |
The role |
Google Workspace | Now GA |
The role |
Cloud Run for Anthos on Google Cloud | Now GA |
The role |
Cloud Run for Anthos on Google Cloud | Now GA |
The role |
Memorystore for Memcached | Now GA |
The role |
Memorystore for Memcached | Now GA |
The role |
Memorystore for Memcached | Now GA |
The role |
AI Platform Notebooks | Role Updated |
The following permissions have been added to the role ml.jobs.create ml.jobs.get ml.jobs.list |
Retail API | Now GA |
The role |
Retail API | Now GA |
The role |
Retail API | Now GA |
The role |
Secured Landing Zone | Role Updated |
The following permissions have been added to the role cloudasset.assets.exportOrgPolicy serviceusage.services.use |
Binary Authorization | Now GA |
binaryauthorization.attestors.create binaryauthorization.attestors.delete binaryauthorization.attestors.get binaryauthorization.attestors.getIamPolicy binaryauthorization.attestors.list binaryauthorization.attestors.setIamPolicy binaryauthorization.attestors.update binaryauthorization.attestors.verifyImageAttested binaryauthorization.policy.get binaryauthorization.policy.getIamPolicy binaryauthorization.policy.setIamPolicy binaryauthorization.policy.update |
Compute Engine | Added |
compute.commitments.updateReservations |
Compute Engine | Supported In Custom Roles |
compute.commitments.updateReservations |
Compute Engine | Now GA |
compute.commitments.updateReservations |
Firebase Storage | Added |
firebasestorage.buckets.addFirebase firebasestorage.buckets.get firebasestorage.buckets.list firebasestorage.buckets.removeFirebase |
Firebase Storage | Supported In Custom Roles |
firebasestorage.buckets.addFirebase firebasestorage.buckets.get firebasestorage.buckets.list firebasestorage.buckets.removeFirebase |
Google Workspace | Added |
gsuiteaddons.authorizations.get gsuiteaddons.deployments.create gsuiteaddons.deployments.delete gsuiteaddons.deployments.execute gsuiteaddons.deployments.get gsuiteaddons.deployments.install gsuiteaddons.deployments.installStatus gsuiteaddons.deployments.list gsuiteaddons.deployments.uninstall gsuiteaddons.deployments.update |
Google Workspace | Supported In Custom Roles |
gsuiteaddons.authorizations.get gsuiteaddons.deployments.create gsuiteaddons.deployments.delete gsuiteaddons.deployments.execute gsuiteaddons.deployments.get gsuiteaddons.deployments.install gsuiteaddons.deployments.installStatus gsuiteaddons.deployments.list gsuiteaddons.deployments.uninstall gsuiteaddons.deployments.update |
Google Workspace | Now GA |
gsuiteaddons.authorizations.get gsuiteaddons.deployments.create gsuiteaddons.deployments.delete gsuiteaddons.deployments.execute gsuiteaddons.deployments.get gsuiteaddons.deployments.install gsuiteaddons.deployments.installStatus gsuiteaddons.deployments.list gsuiteaddons.deployments.uninstall gsuiteaddons.deployments.update |
Memorystore for Memcached | Added |
memcache.instances.applySoftwareUpdate |
Memorystore for Memcached | Supported In Custom Roles |
memcache.instances.applySoftwareUpdate |
Memorystore for Memcached | Now GA |
memcache.instances.applyParameters memcache.instances.create memcache.instances.delete memcache.instances.get memcache.instances.list memcache.instances.update memcache.instances.updateParameters memcache.locations.get memcache.locations.list memcache.operations.cancel memcache.operations.delete memcache.operations.get memcache.operations.list |
On-Demand Scanning | Added |
ondemandscanning.operations.cancel ondemandscanning.operations.delete ondemandscanning.operations.get ondemandscanning.operations.list ondemandscanning.operations.wait ondemandscanning.scans.analyzePackages ondemandscanning.scans.listVulnerabilities ondemandscanning.scans.scan |
On-Demand Scanning | Supported In Custom Roles |
ondemandscanning.operations.cancel ondemandscanning.operations.delete ondemandscanning.operations.get ondemandscanning.operations.list ondemandscanning.operations.wait ondemandscanning.scans.analyzePackages ondemandscanning.scans.listVulnerabilities ondemandscanning.scans.scan |
reCAPTCHA Enterprise | Added |
recaptchaenterprise.projectmetadata.get |
Retail API | Now GA |
retail.catalogs.list retail.catalogs.update retail.operations.get retail.operations.list retail.placements.predict retail.products.create retail.products.delete retail.products.export retail.products.get retail.products.import retail.products.list retail.products.update retail.userEvents.create retail.userEvents.import retail.userEvents.purge retail.userEvents.rejoin |
Storage Transfer Service | Added |
storagetransfer.jobs.run |
Storage Transfer Service | Supported In Custom Roles |
storagetransfer.jobs.run |
Storage Transfer Service | Now GA |
storagetransfer.jobs.run |
Cloud IAM changes as of 2021-01-08
Service | Change | Description |
---|---|---|
Apigee | Now GA |
The role |
Apigee | Now GA |
The role |
Apigee | Now GA |
The role |
Error Reporting | Role Updated |
The following permissions have been added to the role stackdriver.projects.get |
Error Reporting | Role Updated |
The following permissions have been added to the role stackdriver.projects.get |
Error Reporting | Role Updated |
The following permissions have been added to the role stackdriver.projects.get |
Pub/Sub | Role Updated |
The following permissions have been added to the role iam.serviceAccounts.get iam.serviceAccounts.getAccessToken iam.serviceAccounts.implicitDelegation iam.serviceAccounts.list iam.serviceAccounts.signBlob iam.serviceAccounts.signJwt resourcemanager.projects.get resourcemanager.projects.list |
Retail API | Role Updated |
The following permissions have been added to the role automlrecommendations.apiKeys.create automlrecommendations.apiKeys.delete automlrecommendations.catalogItems.create automlrecommendations.catalogItems.delete automlrecommendations.catalogItems.get automlrecommendations.catalogItems.list automlrecommendations.catalogItems.update automlrecommendations.catalogs.getStats automlrecommendations.catalogs.list automlrecommendations.catalogs.update automlrecommendations.eventStores.getStats automlrecommendations.events.create automlrecommendations.events.list automlrecommendations.events.purge automlrecommendations.events.rejoin automlrecommendations.placements.create automlrecommendations.placements.delete automlrecommendations.placements.getStats automlrecommendations.placements.list automlrecommendations.recommendations.create automlrecommendations.recommendations.delete automlrecommendations.recommendations.list automlrecommendations.recommendations.pause automlrecommendations.recommendations.resume automlrecommendations.recommendations.update |
Retail API | Role Updated |
The following permissions have been added to the role automlrecommendations.apiKeys.create automlrecommendations.apiKeys.delete automlrecommendations.catalogItems.create automlrecommendations.catalogItems.delete automlrecommendations.catalogItems.get automlrecommendations.catalogItems.list automlrecommendations.catalogItems.update automlrecommendations.catalogs.getStats automlrecommendations.catalogs.list automlrecommendations.catalogs.update automlrecommendations.eventStores.getStats automlrecommendations.events.create automlrecommendations.events.list automlrecommendations.placements.create automlrecommendations.placements.delete automlrecommendations.placements.getStats automlrecommendations.placements.list automlrecommendations.recommendations.create automlrecommendations.recommendations.delete automlrecommendations.recommendations.list automlrecommendations.recommendations.pause automlrecommendations.recommendations.resume automlrecommendations.recommendations.update |
Retail API | Role Updated |
The following permissions have been added to the role automlrecommendations.catalogItems.get automlrecommendations.catalogItems.list automlrecommendations.catalogs.getStats automlrecommendations.catalogs.list automlrecommendations.eventStores.getStats automlrecommendations.events.list automlrecommendations.placements.getStats automlrecommendations.placements.list automlrecommendations.recommendations.list |
Cloud Autoscaling | Added |
autoscaling.sites.getIamPolicy autoscaling.sites.readRecommendations autoscaling.sites.setIamPolicy autoscaling.sites.writeMetrics autoscaling.sites.writeState |
Cloud Autoscaling | Supported In Custom Roles |
autoscaling.sites.getIamPolicy autoscaling.sites.readRecommendations autoscaling.sites.setIamPolicy autoscaling.sites.writeMetrics autoscaling.sites.writeState |
Binary Authorization | Added |
binaryauthorization.continuousValidationConfig.get binaryauthorization.continuousValidationConfig.getIamPolicy binaryauthorization.continuousValidationConfig.setIamPolicy binaryauthorization.continuousValidationConfig.update |
Binary Authorization | Supported In Custom Roles |
binaryauthorization.continuousValidationConfig.get binaryauthorization.continuousValidationConfig.getIamPolicy binaryauthorization.continuousValidationConfig.setIamPolicy binaryauthorization.continuousValidationConfig.update |
Compute Engine | Added |
compute.globalForwardingRules.pscCreate compute.globalForwardingRules.pscDelete compute.globalForwardingRules.pscGet compute.globalForwardingRules.pscUpdate |
Customer Usage Data Processing | Added |
dataprocessing.datasources.get dataprocessing.datasources.list dataprocessing.datasources.update dataprocessing.groupcontrols.get |
Customer Usage Data Processing | Supported In Custom Roles |
dataprocessing.datasources.get dataprocessing.datasources.list dataprocessing.datasources.update dataprocessing.groupcontrols.get |
Customer Usage Data Processing | Now GA |
dataprocessing.datasources.get dataprocessing.datasources.list dataprocessing.datasources.update dataprocessing.groupcontrols.get |
Google Earth Engine | Added |
earthengine.assets.create earthengine.assets.delete earthengine.assets.get earthengine.assets.getIamPolicy earthengine.assets.list earthengine.assets.setIamPolicy earthengine.assets.update earthengine.computations.create earthengine.exports.create earthengine.filmstripthumbnails.create earthengine.filmstripthumbnails.get earthengine.imports.create earthengine.maps.create earthengine.maps.get earthengine.operations.delete earthengine.operations.get earthengine.operations.list earthengine.operations.update earthengine.tables.create earthengine.tables.get earthengine.thumbnails.create earthengine.thumbnails.get earthengine.videothumbnails.create earthengine.videothumbnails.get |
Cloud IAM changes as of 2020-12-18
Service | Change | Description |
---|---|---|
Anthos Identity Service | Now GA |
The role |
API Gateway | Now GA |
The role |
API Gateway | Now GA |
The role |
Apigee | Now GA |
The role |
AutoML | Role Updated |
The following permissions have been added to the role bigquery.tables.update |
Private Catalog | Role Updated |
The following permissions have been added to the role cloudprivatecatalog.targets.get cloudprivatecatalogproducer.associations.create cloudprivatecatalogproducer.associations.delete cloudprivatecatalogproducer.associations.get cloudprivatecatalogproducer.associations.list cloudprivatecatalogproducer.catalogAssociations.create cloudprivatecatalogproducer.catalogAssociations.delete cloudprivatecatalogproducer.catalogAssociations.get cloudprivatecatalogproducer.catalogAssociations.list cloudprivatecatalogproducer.catalogs.create cloudprivatecatalogproducer.catalogs.delete cloudprivatecatalogproducer.catalogs.get cloudprivatecatalogproducer.catalogs.getIamPolicy cloudprivatecatalogproducer.catalogs.list cloudprivatecatalogproducer.catalogs.setIamPolicy cloudprivatecatalogproducer.catalogs.undelete cloudprivatecatalogproducer.catalogs.update cloudprivatecatalogproducer.producerCatalogs.attachProduct cloudprivatecatalogproducer.producerCatalogs.create cloudprivatecatalogproducer.producerCatalogs.delete cloudprivatecatalogproducer.producerCatalogs.detachProduct cloudprivatecatalogproducer.producerCatalogs.get cloudprivatecatalogproducer.producerCatalogs.getIamPolicy cloudprivatecatalogproducer.producerCatalogs.list cloudprivatecatalogproducer.producerCatalogs.setIamPolicy cloudprivatecatalogproducer.producerCatalogs.update cloudprivatecatalogproducer.products.create cloudprivatecatalogproducer.products.delete cloudprivatecatalogproducer.products.get cloudprivatecatalogproducer.products.getIamPolicy cloudprivatecatalogproducer.products.list cloudprivatecatalogproducer.products.setIamPolicy cloudprivatecatalogproducer.products.update cloudprivatecatalogproducer.targets.associate cloudprivatecatalogproducer.targets.unassociate |
Compute Engine | Now GA |
The role |
Compute Engine | Now GA |
The role |
Google Kubernetes Engine | Role Updated |
The following permissions have been added to the role dns.dnsKeys.get dns.dnsKeys.list dns.managedZoneOperations.get dns.managedZoneOperations.list dns.managedZones.delete dns.networks.bindPrivateDNSPolicy dns.networks.targetWithPeeringZone dns.policies.create dns.policies.delete dns.policies.get dns.policies.list dns.policies.update dns.projects.get |
Error Reporting | Role Updated |
The following permissions have been added to the role logging.notificationRules.create logging.notificationRules.delete logging.notificationRules.get logging.notificationRules.list logging.notificationRules.update |
Error Reporting | Role Updated |
The following permissions have been added to the role logging.notificationRules.get logging.notificationRules.list logging.notificationRules.update |
Error Reporting | Role Updated |
The following permissions have been added to the role logging.notificationRules.get logging.notificationRules.list |
API Gateway | Now GA |
apigateway.apiconfigs.create apigateway.apiconfigs.delete apigateway.apiconfigs.get apigateway.apiconfigs.getIamPolicy apigateway.apiconfigs.list apigateway.apiconfigs.setIamPolicy apigateway.apiconfigs.update apigateway.apis.create apigateway.apis.delete apigateway.apis.get apigateway.apis.getIamPolicy apigateway.apis.list apigateway.apis.setIamPolicy apigateway.apis.update apigateway.gateways.create apigateway.gateways.delete apigateway.gateways.get apigateway.gateways.getIamPolicy apigateway.gateways.list apigateway.gateways.setIamPolicy apigateway.gateways.update apigateway.locations.get apigateway.locations.list apigateway.operations.cancel apigateway.operations.delete apigateway.operations.get apigateway.operations.list |
Apigee | Added |
apigee.portals.create apigee.portals.delete apigee.portals.get apigee.portals.list apigee.portals.update |
Apigee | Supported In Custom Roles |
apigee.portals.create apigee.portals.delete apigee.portals.get apigee.portals.list apigee.portals.update |
Apigee | Now GA |
apigee.portals.create apigee.portals.delete apigee.portals.get apigee.portals.list apigee.portals.update |
Filestore | Supported In Custom Roles |
file.operations.cancel |
Cloud Logging | Added |
logging.notificationRules.create logging.notificationRules.delete logging.notificationRules.get logging.notificationRules.list logging.notificationRules.update |
Cloud Logging | Supported In Custom Roles |
logging.notificationRules.create logging.notificationRules.delete logging.notificationRules.get logging.notificationRules.list logging.notificationRules.update |
Cloud Logging | Now GA |
logging.notificationRules.create logging.notificationRules.delete logging.notificationRules.get logging.notificationRules.list logging.notificationRules.update |
Recommender | Added |
recommender.computeAddressIdleResourceInsights.get recommender.computeAddressIdleResourceInsights.list recommender.computeAddressIdleResourceInsights.update recommender.computeAddressIdleResourceRecommendations.get recommender.computeAddressIdleResourceRecommendations.list recommender.computeAddressIdleResourceRecommendations.update recommender.computeImageIdleResourceInsights.get recommender.computeImageIdleResourceInsights.list recommender.computeImageIdleResourceInsights.update recommender.computeImageIdleResourceRecommendations.get recommender.computeImageIdleResourceRecommendations.list recommender.computeImageIdleResourceRecommendations.update |
Recommender | Supported In Custom Roles |
recommender.computeAddressIdleResourceInsights.get recommender.computeAddressIdleResourceInsights.list recommender.computeAddressIdleResourceInsights.update recommender.computeAddressIdleResourceRecommendations.get recommender.computeAddressIdleResourceRecommendations.list recommender.computeAddressIdleResourceRecommendations.update recommender.computeImageIdleResourceInsights.get recommender.computeImageIdleResourceInsights.list recommender.computeImageIdleResourceInsights.update recommender.computeImageIdleResourceRecommendations.get recommender.computeImageIdleResourceRecommendations.list recommender.computeImageIdleResourceRecommendations.update |
Recommender | Now GA |
recommender.computeAddressIdleResourceInsights.get recommender.computeAddressIdleResourceInsights.list recommender.computeAddressIdleResourceInsights.update recommender.computeAddressIdleResourceRecommendations.get recommender.computeAddressIdleResourceRecommendations.list recommender.computeAddressIdleResourceRecommendations.update recommender.computeImageIdleResourceInsights.get recommender.computeImageIdleResourceInsights.list recommender.computeImageIdleResourceInsights.update recommender.computeImageIdleResourceRecommendations.get recommender.computeImageIdleResourceRecommendations.list recommender.computeImageIdleResourceRecommendations.update |
Retail API | Added |
retail.catalogs.list retail.catalogs.update retail.operations.get retail.operations.list retail.placements.predict retail.products.create retail.products.delete retail.products.export retail.products.get retail.products.import retail.products.list retail.products.update retail.userEvents.create retail.userEvents.import retail.userEvents.purge retail.userEvents.rejoin |
Retail API | Supported In Custom Roles |
retail.catalogs.list retail.catalogs.update retail.operations.get retail.operations.list retail.placements.predict retail.products.create retail.products.delete retail.products.export retail.products.get retail.products.import retail.products.list retail.products.update retail.userEvents.create retail.userEvents.import retail.userEvents.purge retail.userEvents.rejoin |
Cloud IAM changes as of 2020-12-11
Service | Change | Description |
---|---|---|
Cloud TPU | Role Updated |
The following permissions have been added to the role compute.firewallPolicies.get compute.firewallPolicies.list compute.firewallPolicies.use |
Cloud Composer | Now GA |
The role |
Cloud Composer | Role Updated |
The following permissions have been added to the role compute.firewallPolicies.get compute.firewallPolicies.list compute.firewallPolicies.use container.endpointSlices.create container.endpointSlices.delete container.endpointSlices.get container.endpointSlices.list container.endpointSlices.update container.frontendConfigs.create container.frontendConfigs.delete container.frontendConfigs.get container.frontendConfigs.list container.frontendConfigs.update container.storageStates.create container.storageStates.delete container.storageStates.get container.storageStates.getStatus container.storageStates.list container.storageStates.update container.storageStates.updateStatus container.storageVersionMigrations.create container.storageVersionMigrations.delete container.storageVersionMigrations.get container.storageVersionMigrations.getStatus container.storageVersionMigrations.list container.storageVersionMigrations.update container.storageVersionMigrations.updateStatus container.updateInfos.create container.updateInfos.delete container.updateInfos.get container.updateInfos.list container.updateInfos.update container.volumeSnapshotClasses.create container.volumeSnapshotClasses.delete container.volumeSnapshotClasses.get container.volumeSnapshotClasses.list container.volumeSnapshotClasses.update container.volumeSnapshotContents.create container.volumeSnapshotContents.delete container.volumeSnapshotContents.get container.volumeSnapshotContents.getStatus container.volumeSnapshotContents.list container.volumeSnapshotContents.update container.volumeSnapshotContents.updateStatus container.volumeSnapshots.create container.volumeSnapshots.delete container.volumeSnapshots.get container.volumeSnapshots.getStatus container.volumeSnapshots.list container.volumeSnapshots.update container.volumeSnapshots.updateStatus |
Cloud Composer | Role Updated |
The following permissions have been added to the role container.endpointSlices.create container.endpointSlices.delete container.endpointSlices.get container.endpointSlices.list container.endpointSlices.update container.frontendConfigs.create container.frontendConfigs.delete container.frontendConfigs.get container.frontendConfigs.list container.frontendConfigs.update container.storageStates.create container.storageStates.delete container.storageStates.get container.storageStates.getStatus container.storageStates.list container.storageStates.update container.storageStates.updateStatus container.storageVersionMigrations.create container.storageVersionMigrations.delete container.storageVersionMigrations.get container.storageVersionMigrations.getStatus container.storageVersionMigrations.list container.storageVersionMigrations.update container.storageVersionMigrations.updateStatus container.updateInfos.create container.updateInfos.delete container.updateInfos.get container.updateInfos.list container.updateInfos.update container.volumeSnapshotClasses.create container.volumeSnapshotClasses.delete container.volumeSnapshotClasses.get container.volumeSnapshotClasses.list container.volumeSnapshotClasses.update container.volumeSnapshotContents.create container.volumeSnapshotContents.delete container.volumeSnapshotContents.get container.volumeSnapshotContents.getStatus container.volumeSnapshotContents.list container.volumeSnapshotContents.update container.volumeSnapshotContents.updateStatus container.volumeSnapshots.create container.volumeSnapshots.delete container.volumeSnapshots.get container.volumeSnapshots.getStatus container.volumeSnapshots.list container.volumeSnapshots.update container.volumeSnapshots.updateStatus |
Compute Engine | Now GA |
The role |
Compute Engine | Now GA |
The role |
Compute Engine | Now GA |
The role |
Compute Engine | Role Updated |
The following permissions have been added to the role compute.firewallPolicies.cloneRules |
Compute Engine | Role Updated |
The following permissions have been added to the role compute.firewallPolicies.get compute.firewallPolicies.list compute.firewallPolicies.use |
Compute Engine | Role Updated |
The following permissions have been added to the role compute.firewallPolicies.cloneRules |
Compute Engine | Role Updated |
The following permissions have been added to the role compute.firewallPolicies.addAssociation compute.firewallPolicies.cloneRules compute.firewallPolicies.copyRules compute.firewallPolicies.create compute.firewallPolicies.delete compute.firewallPolicies.get compute.firewallPolicies.getIamPolicy compute.firewallPolicies.list compute.firewallPolicies.move compute.firewallPolicies.removeAssociation compute.firewallPolicies.setIamPolicy compute.firewallPolicies.update compute.firewallPolicies.use |
Compute Engine | Role Updated |
The following permissions have been added to the role cloudnotifications.activities.list compute.instanceGroupManagers.get monitoring.alertPolicies.get monitoring.alertPolicies.list monitoring.dashboards.get monitoring.dashboards.list monitoring.groups.get monitoring.groups.list monitoring.metricDescriptors.get monitoring.metricDescriptors.list monitoring.monitoredResourceDescriptors.get monitoring.monitoredResourceDescriptors.list monitoring.notificationChannelDescriptors.get monitoring.notificationChannelDescriptors.list monitoring.notificationChannels.get monitoring.notificationChannels.list monitoring.publicWidgets.get monitoring.publicWidgets.list monitoring.services.get monitoring.services.list monitoring.slos.get monitoring.slos.list monitoring.timeSeries.list monitoring.uptimeCheckConfigs.get monitoring.uptimeCheckConfigs.list resourcemanager.projects.get resourcemanager.projects.list stackdriver.projects.get |
Google Kubernetes Engine | Role Updated |
The following permissions have been added to the role container.endpointSlices.create container.endpointSlices.delete container.endpointSlices.get container.endpointSlices.list container.endpointSlices.update container.frontendConfigs.create container.frontendConfigs.delete container.frontendConfigs.get container.frontendConfigs.list container.frontendConfigs.update container.storageStates.create container.storageStates.delete container.storageStates.get container.storageStates.getStatus container.storageStates.list container.storageStates.update container.storageStates.updateStatus container.storageVersionMigrations.create container.storageVersionMigrations.delete container.storageVersionMigrations.get container.storageVersionMigrations.getStatus container.storageVersionMigrations.list container.storageVersionMigrations.update container.storageVersionMigrations.updateStatus container.updateInfos.create container.updateInfos.delete container.updateInfos.get container.updateInfos.list container.updateInfos.update container.volumeSnapshotClasses.create container.volumeSnapshotClasses.delete container.volumeSnapshotClasses.get container.volumeSnapshotClasses.list container.volumeSnapshotClasses.update container.volumeSnapshotContents.create container.volumeSnapshotContents.delete container.volumeSnapshotContents.get container.volumeSnapshotContents.getStatus container.volumeSnapshotContents.list container.volumeSnapshotContents.update container.volumeSnapshotContents.updateStatus container.volumeSnapshots.create container.volumeSnapshots.delete container.volumeSnapshots.get container.volumeSnapshots.getStatus container.volumeSnapshots.list container.volumeSnapshots.update container.volumeSnapshots.updateStatus |
Google Kubernetes Engine | Role Updated |
The following permissions have been added to the role container.endpointSlices.create container.endpointSlices.delete container.endpointSlices.get container.endpointSlices.list container.endpointSlices.update container.frontendConfigs.create container.frontendConfigs.delete container.frontendConfigs.get container.frontendConfigs.list container.frontendConfigs.update container.storageStates.create container.storageStates.delete container.storageStates.get container.storageStates.getStatus container.storageStates.list container.storageStates.update container.storageStates.updateStatus container.storageVersionMigrations.create container.storageVersionMigrations.delete container.storageVersionMigrations.get container.storageVersionMigrations.getStatus container.storageVersionMigrations.list container.storageVersionMigrations.update container.storageVersionMigrations.updateStatus container.updateInfos.create container.updateInfos.delete container.updateInfos.get container.updateInfos.list container.updateInfos.update container.volumeSnapshotClasses.create container.volumeSnapshotClasses.delete container.volumeSnapshotClasses.get container.volumeSnapshotClasses.list container.volumeSnapshotClasses.update container.volumeSnapshotContents.create container.volumeSnapshotContents.delete container.volumeSnapshotContents.get container.volumeSnapshotContents.getStatus container.volumeSnapshotContents.list container.volumeSnapshotContents.update container.volumeSnapshotContents.updateStatus container.volumeSnapshots.create container.volumeSnapshots.delete container.volumeSnapshots.get container.volumeSnapshots.getStatus container.volumeSnapshots.list container.volumeSnapshots.update container.volumeSnapshots.updateStatus |
Google Kubernetes Engine | Role Updated |
The following permissions have been added to the role compute.firewallPolicies.addAssociation compute.firewallPolicies.cloneRules compute.firewallPolicies.copyRules compute.firewallPolicies.create compute.firewallPolicies.delete compute.firewallPolicies.get compute.firewallPolicies.getIamPolicy compute.firewallPolicies.list compute.firewallPolicies.move compute.firewallPolicies.removeAssociation compute.firewallPolicies.setIamPolicy compute.firewallPolicies.update compute.firewallPolicies.use container.endpointSlices.create container.endpointSlices.delete container.endpointSlices.get container.endpointSlices.list container.endpointSlices.update container.frontendConfigs.create container.frontendConfigs.delete container.frontendConfigs.get container.frontendConfigs.list container.frontendConfigs.update container.storageStates.create container.storageStates.delete container.storageStates.get container.storageStates.getStatus container.storageStates.list container.storageStates.update container.storageStates.updateStatus container.storageVersionMigrations.create container.storageVersionMigrations.delete container.storageVersionMigrations.get container.storageVersionMigrations.getStatus container.storageVersionMigrations.list container.storageVersionMigrations.update container.storageVersionMigrations.updateStatus container.updateInfos.create container.updateInfos.delete container.updateInfos.get container.updateInfos.list container.updateInfos.update container.volumeSnapshotClasses.create container.volumeSnapshotClasses.delete container.volumeSnapshotClasses.get container.volumeSnapshotClasses.list container.volumeSnapshotClasses.update container.volumeSnapshotContents.create container.volumeSnapshotContents.delete container.volumeSnapshotContents.get container.volumeSnapshotContents.getStatus container.volumeSnapshotContents.list container.volumeSnapshotContents.update container.volumeSnapshotContents.updateStatus container.volumeSnapshots.create container.volumeSnapshots.delete container.volumeSnapshots.get container.volumeSnapshots.getStatus container.volumeSnapshots.list container.volumeSnapshots.update container.volumeSnapshots.updateStatus |
Google Kubernetes Engine | Role Updated |
The following permissions have been added to the role container.endpointSlices.get container.endpointSlices.list container.frontendConfigs.get container.frontendConfigs.list container.mutatingWebhookConfigurations.get container.mutatingWebhookConfigurations.list container.storageStates.get container.storageStates.list container.storageVersionMigrations.get container.storageVersionMigrations.list container.updateInfos.get container.updateInfos.list container.validatingWebhookConfigurations.get container.validatingWebhookConfigurations.list container.volumeSnapshotClasses.get container.volumeSnapshotClasses.list container.volumeSnapshotContents.get container.volumeSnapshotContents.list container.volumeSnapshots.get container.volumeSnapshots.list |
Container Threat Detection | Role Updated |
The following permissions have been added to the role container.endpointSlices.get container.endpointSlices.list container.frontendConfigs.get container.frontendConfigs.list container.mutatingWebhookConfigurations.get container.mutatingWebhookConfigurations.list container.roleBindings.create container.roleBindings.delete container.roleBindings.update container.storageStates.get container.storageStates.list container.storageVersionMigrations.get container.storageVersionMigrations.list container.updateInfos.get container.updateInfos.list container.validatingWebhookConfigurations.get container.validatingWebhookConfigurations.list container.volumeSnapshotClasses.get container.volumeSnapshotClasses.list container.volumeSnapshotContents.get container.volumeSnapshotContents.list container.volumeSnapshots.get container.volumeSnapshots.list |
Dataflow | Role Updated |
The following permissions have been added to the role compute.firewallPolicies.get compute.firewallPolicies.list compute.firewallPolicies.use |
Dataproc | Now GA |
The role |
Early Access Center | Role Updated |
The following permissions have been added to the role earlyaccesscenter.customerAllowlists.get earlyaccesscenter.customerAllowlists.list |
Early Access Center | Role Updated |
The following permissions have been added to the role earlyaccesscenter.customerAllowlists.get earlyaccesscenter.customerAllowlists.list |
Basic Role | Role Updated |
The following permissions have been added to the role compute.firewallPolicies.cloneRules container.endpointSlices.create container.endpointSlices.delete container.endpointSlices.get container.endpointSlices.list container.endpointSlices.update container.frontendConfigs.create container.frontendConfigs.delete container.frontendConfigs.get container.frontendConfigs.list container.frontendConfigs.update container.storageStates.create container.storageStates.delete container.storageStates.get container.storageStates.getStatus container.storageStates.list container.storageStates.update container.storageStates.updateStatus container.storageVersionMigrations.create container.storageVersionMigrations.delete container.storageVersionMigrations.get container.storageVersionMigrations.getStatus container.storageVersionMigrations.list container.storageVersionMigrations.update container.storageVersionMigrations.updateStatus container.updateInfos.create container.updateInfos.delete container.updateInfos.get container.updateInfos.list container.updateInfos.update container.volumeSnapshotClasses.create container.volumeSnapshotClasses.delete container.volumeSnapshotClasses.get container.volumeSnapshotClasses.list container.volumeSnapshotClasses.update container.volumeSnapshotContents.create container.volumeSnapshotContents.delete container.volumeSnapshotContents.get container.volumeSnapshotContents.getStatus container.volumeSnapshotContents.list container.volumeSnapshotContents.update container.volumeSnapshotContents.updateStatus container.volumeSnapshots.create container.volumeSnapshots.delete container.volumeSnapshots.get container.volumeSnapshots.getStatus container.volumeSnapshots.list container.volumeSnapshots.update container.volumeSnapshots.updateStatus earlyaccesscenter.customerAllowlists.get earlyaccesscenter.customerAllowlists.list metastore.services.export |
Game Servers | Role Updated |
The following permissions have been added to the role container.endpointSlices.create container.endpointSlices.delete container.endpointSlices.get container.endpointSlices.list container.endpointSlices.update container.frontendConfigs.create container.frontendConfigs.delete container.frontendConfigs.get container.frontendConfigs.list container.frontendConfigs.update container.storageStates.create container.storageStates.delete container.storageStates.get container.storageStates.getStatus container.storageStates.list container.storageStates.update container.storageStates.updateStatus container.storageVersionMigrations.create container.storageVersionMigrations.delete container.storageVersionMigrations.get container.storageVersionMigrations.getStatus container.storageVersionMigrations.list container.storageVersionMigrations.update container.storageVersionMigrations.updateStatus container.updateInfos.create container.updateInfos.delete container.updateInfos.get container.updateInfos.list container.updateInfos.update container.volumeSnapshotClasses.create container.volumeSnapshotClasses.delete container.volumeSnapshotClasses.get container.volumeSnapshotClasses.list container.volumeSnapshotClasses.update container.volumeSnapshotContents.create container.volumeSnapshotContents.delete container.volumeSnapshotContents.get container.volumeSnapshotContents.getStatus container.volumeSnapshotContents.list container.volumeSnapshotContents.update container.volumeSnapshotContents.updateStatus container.volumeSnapshots.create container.volumeSnapshots.delete container.volumeSnapshots.get container.volumeSnapshots.getStatus container.volumeSnapshots.list container.volumeSnapshots.update container.volumeSnapshots.updateStatus |
Identity and Access Management | Role Updated |
The following permissions have been added to the role container.endpointSlices.list container.frontendConfigs.list container.storageStates.list container.storageVersionMigrations.list container.updateInfos.list container.volumeSnapshotClasses.list container.volumeSnapshotContents.list container.volumeSnapshots.list earlyaccesscenter.customerAllowlists.list |
Identity and Access Management | Role Updated |
The following permissions have been added to the role container.endpointSlices.list container.frontendConfigs.list container.storageStates.list container.storageVersionMigrations.list container.updateInfos.list container.volumeSnapshotClasses.list container.volumeSnapshotContents.list container.volumeSnapshots.list earlyaccesscenter.customerAllowlists.list |
Cloud Logging | Role Updated |
The following permissions have been added to the role logging.views.get logging.views.list |
Dataproc Metastore | Role Added |
The role metastore.imports.create metastore.imports.delete metastore.imports.get metastore.imports.list metastore.imports.update metastore.locations.get metastore.locations.list metastore.operations.get metastore.operations.list metastore.services.export metastore.services.get metastore.services.getIamPolicy metastore.services.list resourcemanager.projects.get resourcemanager.projects.list |
AI Platform Notebooks | Role Updated |
The following permissions have been added to the role compute.firewallPolicies.cloneRules |
Basic Role | Role Updated |
The following permissions have been added to the role compute.firewallPolicies.cloneRules container.endpointSlices.create container.endpointSlices.delete container.endpointSlices.get container.endpointSlices.list container.endpointSlices.update container.frontendConfigs.create container.frontendConfigs.delete container.frontendConfigs.get container.frontendConfigs.list container.frontendConfigs.update container.storageStates.create container.storageStates.delete container.storageStates.get container.storageStates.getStatus container.storageStates.list container.storageStates.update container.storageStates.updateStatus container.storageVersionMigrations.create container.storageVersionMigrations.delete container.storageVersionMigrations.get container.storageVersionMigrations.getStatus container.storageVersionMigrations.list container.storageVersionMigrations.update container.storageVersionMigrations.updateStatus container.updateInfos.create container.updateInfos.delete container.updateInfos.get container.updateInfos.list container.updateInfos.update container.volumeSnapshotClasses.create container.volumeSnapshotClasses.delete container.volumeSnapshotClasses.get container.volumeSnapshotClasses.list container.volumeSnapshotClasses.update container.volumeSnapshotContents.create container.volumeSnapshotContents.delete container.volumeSnapshotContents.get container.volumeSnapshotContents.getStatus container.volumeSnapshotContents.list container.volumeSnapshotContents.update container.volumeSnapshotContents.updateStatus container.volumeSnapshots.create container.volumeSnapshots.delete container.volumeSnapshots.get container.volumeSnapshots.getStatus container.volumeSnapshots.list container.volumeSnapshots.update container.volumeSnapshots.updateStatus earlyaccesscenter.customerAllowlists.get earlyaccesscenter.customerAllowlists.list metastore.services.export |
Security Command Center | Role Updated |
The following permissions have been added to the role container.endpointSlices.get container.endpointSlices.list container.frontendConfigs.get container.frontendConfigs.list container.mutatingWebhookConfigurations.get container.mutatingWebhookConfigurations.list container.storageStates.get container.storageStates.list container.storageVersionMigrations.get container.storageVersionMigrations.list container.updateInfos.get container.updateInfos.list container.validatingWebhookConfigurations.get container.validatingWebhookConfigurations.list container.volumeSnapshotClasses.get container.volumeSnapshotClasses.list container.volumeSnapshotContents.get container.volumeSnapshotContents.list container.volumeSnapshots.get container.volumeSnapshots.list logging.views.get logging.views.list |
Security Command Center | Role Updated |
The following permissions have been added to the role logging.views.get logging.views.list |
Security Command Center | Role Updated |
The following permissions have been added to the role container.endpointSlices.get container.endpointSlices.list container.frontendConfigs.get container.frontendConfigs.list container.mutatingWebhookConfigurations.get container.mutatingWebhookConfigurations.list container.storageStates.get container.storageStates.list container.storageVersionMigrations.get container.storageVersionMigrations.list container.updateInfos.get container.updateInfos.list container.validatingWebhookConfigurations.get container.validatingWebhookConfigurations.list container.volumeSnapshotClasses.get container.volumeSnapshotClasses.list container.volumeSnapshotContents.get container.volumeSnapshotContents.list container.volumeSnapshots.get container.volumeSnapshots.list logging.views.get logging.views.list |
Basic Role | Role Updated |
The following permissions have been added to the role container.endpointSlices.get container.endpointSlices.list container.frontendConfigs.get container.frontendConfigs.list container.storageStates.get container.storageStates.getStatus container.storageStates.list container.storageVersionMigrations.get container.storageVersionMigrations.getStatus container.storageVersionMigrations.list container.updateInfos.get container.updateInfos.list container.volumeSnapshotClasses.get container.volumeSnapshotClasses.list container.volumeSnapshotContents.get container.volumeSnapshotContents.getStatus container.volumeSnapshotContents.list container.volumeSnapshots.get container.volumeSnapshots.getStatus container.volumeSnapshots.list earlyaccesscenter.customerAllowlists.get earlyaccesscenter.customerAllowlists.list metastore.services.export |
Apigee | Added |
apigee.organizations.delete |
Apigee | Supported In Custom Roles |
apigee.organizations.delete |
Apigee | Now GA |
apigee.organizations.delete |
Compute Engine | Added |
compute.firewallPolicies.addAssociation compute.firewallPolicies.cloneRules compute.firewallPolicies.copyRules compute.firewallPolicies.create compute.firewallPolicies.delete compute.firewallPolicies.get compute.firewallPolicies.getIamPolicy compute.firewallPolicies.list compute.firewallPolicies.move compute.firewallPolicies.removeAssociation compute.firewallPolicies.setIamPolicy compute.firewallPolicies.update compute.firewallPolicies.use |
Compute Engine | Supported In Custom Roles |
compute.firewallPolicies.addAssociation compute.firewallPolicies.copyRules compute.firewallPolicies.create compute.firewallPolicies.delete compute.firewallPolicies.get compute.firewallPolicies.getIamPolicy compute.firewallPolicies.list compute.firewallPolicies.move compute.firewallPolicies.removeAssociation compute.firewallPolicies.setIamPolicy compute.firewallPolicies.update compute.firewallPolicies.use |
Compute Engine | Now GA |
compute.firewallPolicies.addAssociation compute.firewallPolicies.copyRules compute.firewallPolicies.create compute.firewallPolicies.delete compute.firewallPolicies.get compute.firewallPolicies.getIamPolicy compute.firewallPolicies.list compute.firewallPolicies.move compute.firewallPolicies.removeAssociation compute.firewallPolicies.setIamPolicy compute.firewallPolicies.update compute.firewallPolicies.use |
Google Kubernetes Engine | Added |
container.apiServices.getStatus container.auditSinks.create container.auditSinks.delete container.auditSinks.get container.auditSinks.list container.auditSinks.update container.certificateSigningRequests.getStatus container.clusterRoles.escalate container.csiNodeInfos.create container.csiNodeInfos.delete container.csiNodeInfos.get container.csiNodeInfos.list container.csiNodeInfos.update container.customResourceDefinitions.getStatus container.endpointSlices.create container.endpointSlices.delete container.endpointSlices.get container.endpointSlices.list container.endpointSlices.update container.frontendConfigs.create container.frontendConfigs.delete container.frontendConfigs.get container.frontendConfigs.list container.frontendConfigs.update container.leases.create container.leases.delete container.leases.get container.leases.list container.leases.update container.managedCertificates.create container.managedCertificates.delete container.managedCertificates.get container.managedCertificates.list container.managedCertificates.update container.mutatingWebhookConfigurations.create container.mutatingWebhookConfigurations.delete container.mutatingWebhookConfigurations.get container.mutatingWebhookConfigurations.list container.mutatingWebhookConfigurations.update container.namespaces.finalize container.priorityClasses.create container.priorityClasses.delete container.priorityClasses.get container.priorityClasses.list container.priorityClasses.update container.roles.escalate container.selfSubjectRulesReviews.create container.serviceAccounts.createToken container.storageStates.create container.storageStates.delete container.storageStates.get container.storageStates.getStatus container.storageStates.list container.storageStates.update container.storageStates.updateStatus container.storageVersionMigrations.create container.storageVersionMigrations.delete container.storageVersionMigrations.get container.storageVersionMigrations.getStatus container.storageVersionMigrations.list container.storageVersionMigrations.update container.storageVersionMigrations.updateStatus container.updateInfos.create container.updateInfos.delete container.updateInfos.get container.updateInfos.list container.updateInfos.update container.validatingWebhookConfigurations.create container.validatingWebhookConfigurations.delete container.validatingWebhookConfigurations.get container.validatingWebhookConfigurations.list container.validatingWebhookConfigurations.update container.volumeAttachments.create container.volumeAttachments.delete container.volumeAttachments.get container.volumeAttachments.getStatus container.volumeAttachments.list container.volumeAttachments.update container.volumeAttachments.updateStatus container.volumeSnapshotClasses.create container.volumeSnapshotClasses.delete container.volumeSnapshotClasses.get container.volumeSnapshotClasses.list container.volumeSnapshotClasses.update container.volumeSnapshotContents.create container.volumeSnapshotContents.delete container.volumeSnapshotContents.get container.volumeSnapshotContents.getStatus container.volumeSnapshotContents.list container.volumeSnapshotContents.update container.volumeSnapshotContents.updateStatus container.volumeSnapshots.create container.volumeSnapshots.delete container.volumeSnapshots.get container.volumeSnapshots.getStatus container.volumeSnapshots.list container.volumeSnapshots.update container.volumeSnapshots.updateStatus |
Dataproc | Added |
dataproc.clusters.start dataproc.clusters.stop |
Dataproc | Now GA |
dataproc.clusters.start dataproc.clusters.stop |
Early Access Center | Added |
earlyaccesscenter.customerAllowlists.get earlyaccesscenter.customerAllowlists.list |
Cloud Logging | Added |
logging.views.create logging.views.delete logging.views.get logging.views.list logging.views.listLogs logging.views.listResourceKeys logging.views.listResourceValues logging.views.update |
Cloud Logging | Supported In Custom Roles |
logging.views.create logging.views.delete logging.views.get logging.views.list logging.views.listLogs logging.views.listResourceKeys logging.views.listResourceValues logging.views.update |
Cloud Logging | Now GA |
logging.views.create logging.views.delete logging.views.get logging.views.list logging.views.listLogs logging.views.listResourceKeys logging.views.listResourceValues logging.views.update |
Dataproc Metastore | Added |
metastore.imports.create metastore.imports.get metastore.imports.list metastore.imports.update metastore.locations.get metastore.locations.list metastore.operations.cancel metastore.operations.delete metastore.operations.get metastore.operations.list metastore.services.create metastore.services.delete metastore.services.export metastore.services.get metastore.services.getIamPolicy metastore.services.list metastore.services.setIamPolicy metastore.services.update |
Dataproc Metastore | Supported In Custom Roles |
metastore.imports.create metastore.imports.get metastore.imports.list metastore.imports.update metastore.locations.get metastore.locations.list metastore.operations.cancel metastore.operations.delete metastore.operations.get metastore.operations.list metastore.services.create metastore.services.delete metastore.services.get metastore.services.getIamPolicy metastore.services.list metastore.services.setIamPolicy metastore.services.update |
Cloud IAM changes as of 2020-11-20
Service | Change | Description |
---|---|---|
Apigee | Role Updated |
The following permissions have been added to the role apigee.envgroupattachments.get apigee.envgroupattachments.list apigee.envgroups.get apigee.envgroups.list apigee.environments.list |
Apigee | Role Updated |
The following permissions have been added to the role apigee.envgroupattachments.get apigee.envgroupattachments.list apigee.envgroups.get apigee.envgroups.list apigee.environments.get apigee.environments.list |
Apigee | Role Updated |
The following permissions have been added to the role apigee.proxyrevisions.deploy apigee.proxyrevisions.undeploy |
Cloud Logging | Role Updated |
The following permissions have been removed from the role logging.views.access |
Dell EMC Cloud OneFS | Added |
cloudonefs.isiloncloud.com/clusters.create cloudonefs.isiloncloud.com/clusters.delete cloudonefs.isiloncloud.com/clusters.get cloudonefs.isiloncloud.com/clusters.list cloudonefs.isiloncloud.com/clusters.update cloudonefs.isiloncloud.com/clusters.updateAdvancedSettings cloudonefs.isiloncloud.com/fileshares.create cloudonefs.isiloncloud.com/fileshares.delete cloudonefs.isiloncloud.com/fileshares.get cloudonefs.isiloncloud.com/fileshares.list cloudonefs.isiloncloud.com/fileshares.update |
Private Catalog | Added |
cloudprivatecatalogproducer.catalogAssociations.create cloudprivatecatalogproducer.catalogAssociations.delete cloudprivatecatalogproducer.catalogAssociations.get cloudprivatecatalogproducer.catalogAssociations.list cloudprivatecatalogproducer.producerCatalogs.attachProduct cloudprivatecatalogproducer.producerCatalogs.create cloudprivatecatalogproducer.producerCatalogs.delete cloudprivatecatalogproducer.producerCatalogs.detachProduct cloudprivatecatalogproducer.producerCatalogs.get cloudprivatecatalogproducer.producerCatalogs.getIamPolicy cloudprivatecatalogproducer.producerCatalogs.list cloudprivatecatalogproducer.producerCatalogs.setIamPolicy cloudprivatecatalogproducer.producerCatalogs.update cloudprivatecatalogproducer.products.create cloudprivatecatalogproducer.products.delete cloudprivatecatalogproducer.products.get cloudprivatecatalogproducer.products.getIamPolicy cloudprivatecatalogproducer.products.list cloudprivatecatalogproducer.products.setIamPolicy cloudprivatecatalogproducer.products.update cloudprivatecatalogproducer.settings.get cloudprivatecatalogproducer.settings.update |
Cloud IAM changes as of 2020-11-06
Service | Change | Description |
---|---|---|
Dialogflow | Now GA |
The role |
Dialogflow | Now GA |
The role |
Service Management | Now GA |
The role |
Compute Engine | Added |
compute.globalForwardingRules.update compute.globalNetworkEndpointGroups.attachNetworkEndpoints compute.globalNetworkEndpointGroups.create compute.globalNetworkEndpointGroups.delete compute.globalNetworkEndpointGroups.detachNetworkEndpoints compute.globalNetworkEndpointGroups.get compute.globalNetworkEndpointGroups.list compute.globalNetworkEndpointGroups.use compute.regionHealthChecks.create compute.regionHealthChecks.delete compute.regionHealthChecks.get compute.regionHealthChecks.list compute.regionHealthChecks.update compute.regionHealthChecks.use compute.regionHealthChecks.useReadOnly compute.regionNetworkEndpointGroups.create compute.regionNetworkEndpointGroups.delete compute.regionNetworkEndpointGroups.get compute.regionNetworkEndpointGroups.list compute.regionNetworkEndpointGroups.use compute.regionSslCertificates.create compute.regionSslCertificates.delete compute.regionSslCertificates.get compute.regionSslCertificates.list compute.regionTargetHttpProxies.create compute.regionTargetHttpProxies.delete compute.regionTargetHttpProxies.get compute.regionTargetHttpProxies.list compute.regionTargetHttpProxies.setUrlMap compute.regionTargetHttpProxies.use compute.regionTargetHttpsProxies.create compute.regionTargetHttpsProxies.delete compute.regionTargetHttpsProxies.get compute.regionTargetHttpsProxies.list compute.regionTargetHttpsProxies.setSslCertificates compute.regionTargetHttpsProxies.setUrlMap compute.regionTargetHttpsProxies.use compute.regionUrlMaps.create compute.regionUrlMaps.delete compute.regionUrlMaps.get compute.regionUrlMaps.invalidateCache compute.regionUrlMaps.list compute.regionUrlMaps.update compute.regionUrlMaps.use compute.regionUrlMaps.validate compute.targetGrpcProxies.create compute.targetGrpcProxies.delete compute.targetGrpcProxies.get compute.targetGrpcProxies.list compute.targetGrpcProxies.update compute.targetGrpcProxies.use |
Compute Engine | Supported In Custom Roles |
compute.globalForwardingRules.update compute.globalNetworkEndpointGroups.attachNetworkEndpoints compute.globalNetworkEndpointGroups.create compute.globalNetworkEndpointGroups.delete compute.globalNetworkEndpointGroups.detachNetworkEndpoints compute.globalNetworkEndpointGroups.get compute.globalNetworkEndpointGroups.list compute.globalNetworkEndpointGroups.use compute.regionHealthChecks.create compute.regionHealthChecks.delete compute.regionHealthChecks.get compute.regionHealthChecks.list compute.regionHealthChecks.update compute.regionHealthChecks.use compute.regionHealthChecks.useReadOnly compute.regionNetworkEndpointGroups.create compute.regionNetworkEndpointGroups.delete compute.regionNetworkEndpointGroups.get compute.regionNetworkEndpointGroups.list compute.regionNetworkEndpointGroups.use compute.regionSslCertificates.create compute.regionSslCertificates.delete compute.regionSslCertificates.get compute.regionSslCertificates.list compute.regionTargetHttpProxies.create compute.regionTargetHttpProxies.delete compute.regionTargetHttpProxies.get compute.regionTargetHttpProxies.list compute.regionTargetHttpProxies.setUrlMap compute.regionTargetHttpProxies.use compute.regionTargetHttpsProxies.create compute.regionTargetHttpsProxies.delete compute.regionTargetHttpsProxies.get compute.regionTargetHttpsProxies.list compute.regionTargetHttpsProxies.setSslCertificates compute.regionTargetHttpsProxies.setUrlMap compute.regionTargetHttpsProxies.use compute.regionUrlMaps.create compute.regionUrlMaps.delete compute.regionUrlMaps.get compute.regionUrlMaps.invalidateCache compute.regionUrlMaps.list compute.regionUrlMaps.update compute.regionUrlMaps.use compute.regionUrlMaps.validate compute.targetGrpcProxies.create compute.targetGrpcProxies.delete compute.targetGrpcProxies.get compute.targetGrpcProxies.list compute.targetGrpcProxies.update compute.targetGrpcProxies.use |
Compute Engine | Now GA |
compute.globalForwardingRules.update compute.globalNetworkEndpointGroups.attachNetworkEndpoints compute.globalNetworkEndpointGroups.create compute.globalNetworkEndpointGroups.delete compute.globalNetworkEndpointGroups.detachNetworkEndpoints compute.globalNetworkEndpointGroups.get compute.globalNetworkEndpointGroups.list compute.globalNetworkEndpointGroups.use compute.regionHealthChecks.create compute.regionHealthChecks.delete compute.regionHealthChecks.get compute.regionHealthChecks.list compute.regionHealthChecks.update compute.regionHealthChecks.use compute.regionHealthChecks.useReadOnly compute.regionNetworkEndpointGroups.create compute.regionNetworkEndpointGroups.delete compute.regionNetworkEndpointGroups.get compute.regionNetworkEndpointGroups.list compute.regionNetworkEndpointGroups.use compute.regionSslCertificates.create compute.regionSslCertificates.delete compute.regionSslCertificates.get compute.regionSslCertificates.list compute.regionTargetHttpProxies.create compute.regionTargetHttpProxies.delete compute.regionTargetHttpProxies.get compute.regionTargetHttpProxies.list compute.regionTargetHttpProxies.setUrlMap compute.regionTargetHttpProxies.use compute.regionTargetHttpsProxies.create compute.regionTargetHttpsProxies.delete compute.regionTargetHttpsProxies.get compute.regionTargetHttpsProxies.list compute.regionTargetHttpsProxies.setSslCertificates compute.regionTargetHttpsProxies.setUrlMap compute.regionTargetHttpsProxies.use compute.regionUrlMaps.create compute.regionUrlMaps.delete compute.regionUrlMaps.get compute.regionUrlMaps.invalidateCache compute.regionUrlMaps.list compute.regionUrlMaps.update compute.regionUrlMaps.use compute.regionUrlMaps.validate compute.targetGrpcProxies.create compute.targetGrpcProxies.delete compute.targetGrpcProxies.get compute.targetGrpcProxies.list compute.targetGrpcProxies.update compute.targetGrpcProxies.use |
Document AI | Added |
documentai.humanReviewConfigs.get documentai.humanReviewConfigs.review documentai.humanReviewConfigs.update documentai.labelerPools.create documentai.labelerPools.delete documentai.labelerPools.get documentai.labelerPools.list documentai.labelerPools.update documentai.locations.get documentai.locations.list documentai.operations.getLegacy documentai.processorTypes.list documentai.processorVersions.create documentai.processorVersions.delete documentai.processorVersions.get documentai.processorVersions.list documentai.processors.create documentai.processors.delete documentai.processors.fetchHumanReviewDetails documentai.processors.get documentai.processors.list documentai.processors.processBatch documentai.processors.processOnline documentai.processors.update |
Cloud Logging | Added |
logging.logEntries.download |
Cloud Logging | Now GA |
logging.logEntries.download |
Cloud IAM changes as of 2020-10-30
Service | Change | Description |
---|---|---|
Compute Engine | Added |
compute.forwardingRules.update |
Compute Engine | Supported In Custom Roles |
compute.forwardingRules.update |
Compute Engine | Now GA |
compute.forwardingRules.update |
Early Access Center | Added |
earlyaccesscenter.campaigns.enroll earlyaccesscenter.campaigns.get earlyaccesscenter.campaigns.list earlyaccesscenter.customerWhitelists.get earlyaccesscenter.customerWhitelists.list |
Early Access Center | Supported In Custom Roles |
earlyaccesscenter.campaigns.enroll earlyaccesscenter.campaigns.get earlyaccesscenter.campaigns.list earlyaccesscenter.customerWhitelists.get earlyaccesscenter.customerWhitelists.list |
GKE Hub | Added |
gkehub.operations.delete |
GKE Hub | Now GA |
gkehub.operations.delete |
Cloud Logging | Added |
logging.locations.get logging.locations.list |
Cloud Logging | Supported In Custom Roles |
logging.locations.get logging.locations.list |
Cloud Logging | Now GA |
logging.locations.get logging.locations.list |
AI Platform Notebooks | Added |
notebooks.instances.use |
AI Platform Notebooks | Now GA |
notebooks.instances.use |
Cloud IAM changes as of 2020-10-23
Service | Change | Description |
---|---|---|
Dialogflow | Role Updated |
The following permissions have been added to the role cloudfunctions.functions.invoke |
GKE Hub | Role Updated |
The following permissions have been added to the role container.clusterRoles.bind |
Pub/Sub Lite | Now GA |
The role |
Pub/Sub Lite | Now GA |
The role |
Pub/Sub Lite | Now GA |
The role |
Pub/Sub Lite | Now GA |
The role |
Pub/Sub Lite | Now GA |
The role |
Service Networking | Role Updated |
The following permissions have been added to the role compute.networks.updatePeering |
Compute Engine | Added |
compute.instances.useReadOnly compute.machineImages.create compute.machineImages.delete compute.machineImages.get compute.machineImages.getIamPolicy compute.machineImages.list compute.machineImages.setIamPolicy compute.machineImages.useReadOnly |
Compute Engine | Supported In Custom Roles |
compute.instances.useReadOnly compute.machineImages.create compute.machineImages.delete compute.machineImages.get compute.machineImages.getIamPolicy compute.machineImages.list compute.machineImages.setIamPolicy compute.machineImages.useReadOnly |
Compute Engine | Now GA |
compute.instances.useReadOnly |
Database Migration Service | Added |
datamigration.connectionprofiles.create datamigration.connectionprofiles.delete datamigration.connectionprofiles.get datamigration.connectionprofiles.getIamPolicy datamigration.connectionprofiles.list datamigration.connectionprofiles.setIamPolicy datamigration.connectionprofiles.update datamigration.locations.get datamigration.locations.list datamigration.migrationjobs.create datamigration.migrationjobs.delete datamigration.migrationjobs.generateSshScript datamigration.migrationjobs.get datamigration.migrationjobs.getIamPolicy datamigration.migrationjobs.list datamigration.migrationjobs.promote datamigration.migrationjobs.restart datamigration.migrationjobs.resume datamigration.migrationjobs.setIamPolicy datamigration.migrationjobs.start datamigration.migrationjobs.stop datamigration.migrationjobs.update datamigration.migrationjobs.verify datamigration.operations.cancel datamigration.operations.delete datamigration.operations.get datamigration.operations.list |
Cloud Healthcare API | Added |
healthcare.nlpservice.analyzeEntities |
Cloud Healthcare API | Supported In Custom Roles |
healthcare.locations.get healthcare.locations.list healthcare.nlpservice.analyzeEntities |
Pub/Sub Lite | Now GA |
pubsublite.subscriptions.create pubsublite.subscriptions.delete pubsublite.subscriptions.get pubsublite.subscriptions.getCursor pubsublite.subscriptions.list pubsublite.subscriptions.setCursor pubsublite.subscriptions.subscribe pubsublite.subscriptions.update pubsublite.topics.computeMessageStats pubsublite.topics.create pubsublite.topics.delete pubsublite.topics.get pubsublite.topics.getPartitions pubsublite.topics.list pubsublite.topics.listSubscriptions pubsublite.topics.publish pubsublite.topics.subscribe pubsublite.topics.update |
Traffic Director | Added |
trafficdirector.networks.getConfigs trafficdirector.networks.reportMetrics |
Traffic Director | Supported In Custom Roles |
trafficdirector.networks.getConfigs trafficdirector.networks.reportMetrics |
Cloud IAM changes as of 2020-10-09
Service | Change | Description |
---|---|---|
Access Context Manager | Now GA |
The role |
Access Context Manager | Now GA |
The role |
Assured Workloads for Government | Now GA |
The role |
Assured Workloads for Government | Now GA |
The role |
Assured Workloads for Government | Now GA |
The role |
BigQuery | Now GA |
The role |
BigQuery | Now GA |
The role |
Cloud Scheduler | Now GA |
The role |
Cloud Scheduler | Now GA |
The role |
Cloud Scheduler | Now GA |
The role |
Google Cloud Support | Role Updated |
The following permissions have been added to the role resourcemanager.organizations.get |
Basic Role | Role Updated |
The following permissions have been added to the role notebooks.instances.updateConfig |
Game Servers | Role Updated |
The following permissions have been removed from the role gkehub.gateway.get gkehub.gateway.getIamPolicy |
GKE Hub | Role Updated |
The following permissions have been removed from the role gkehub.gateway.get gkehub.gateway.getIamPolicy |
AI Platform Notebooks | Role Updated |
The following permissions have been added to the role notebooks.instances.updateConfig |
AI Platform Notebooks | Role Updated |
The following permissions have been added to the role notebooks.instances.updateConfig |
AI Platform Notebooks | Role Updated |
The following permissions have been added to the role notebooks.instances.updateConfig |
Basic Role | Role Updated |
The following permissions have been added to the role notebooks.instances.updateConfig |
Service Directory | Now GA |
The role |
Service Directory | Now GA |
The role |
Service Directory | Now GA |
The role |
Basic Role | Role Updated |
The following permissions have been added to the role pubsublite.subscriptions.subscribe |
Access Context Manager | Added |
accesscontextmanager.gcpUserAccessBindings.create accesscontextmanager.gcpUserAccessBindings.delete accesscontextmanager.gcpUserAccessBindings.get accesscontextmanager.gcpUserAccessBindings.list accesscontextmanager.gcpUserAccessBindings.update |
Access Context Manager | Supported In Custom Roles |
accesscontextmanager.gcpUserAccessBindings.create accesscontextmanager.gcpUserAccessBindings.delete accesscontextmanager.gcpUserAccessBindings.get accesscontextmanager.gcpUserAccessBindings.list accesscontextmanager.gcpUserAccessBindings.update |
Access Context Manager | Now GA |
accesscontextmanager.gcpUserAccessBindings.create accesscontextmanager.gcpUserAccessBindings.delete accesscontextmanager.gcpUserAccessBindings.get accesscontextmanager.gcpUserAccessBindings.list accesscontextmanager.gcpUserAccessBindings.update |
Assured Workloads for Government | Supported In Custom Roles |
assuredworkloads.workload.create assuredworkloads.workload.delete assuredworkloads.workload.get assuredworkloads.workload.list |
Assured Workloads for Government | Now GA |
assuredworkloads.operations.get assuredworkloads.operations.list assuredworkloads.workload.create assuredworkloads.workload.delete assuredworkloads.workload.get assuredworkloads.workload.list assuredworkloads.workload.update |
BigQuery | Now GA |
bigquery.connections.create bigquery.connections.delete bigquery.connections.get bigquery.connections.getIamPolicy bigquery.connections.list bigquery.connections.setIamPolicy bigquery.connections.update bigquery.connections.use |
Cloud Scheduler | Supported In Custom Roles |
cloudscheduler.jobs.create cloudscheduler.jobs.delete cloudscheduler.jobs.enable cloudscheduler.jobs.fullView cloudscheduler.jobs.get cloudscheduler.jobs.list cloudscheduler.jobs.pause cloudscheduler.jobs.run cloudscheduler.jobs.update cloudscheduler.locations.get cloudscheduler.locations.list |
Cloud Scheduler | Now GA |
cloudscheduler.jobs.create cloudscheduler.jobs.delete cloudscheduler.jobs.enable cloudscheduler.jobs.fullView cloudscheduler.jobs.get cloudscheduler.jobs.list cloudscheduler.jobs.pause cloudscheduler.jobs.run cloudscheduler.jobs.update |
Essential Contacts | Added |
essentialcontacts.contacts.create essentialcontacts.contacts.delete essentialcontacts.contacts.get essentialcontacts.contacts.list essentialcontacts.contacts.update |
Essential Contacts | Supported In Custom Roles |
essentialcontacts.contacts.create essentialcontacts.contacts.delete essentialcontacts.contacts.get essentialcontacts.contacts.list essentialcontacts.contacts.update |
Eventarc | Added |
eventarc.events.receiveAuditLogWritten eventarc.locations.get eventarc.locations.list eventarc.operations.cancel eventarc.operations.delete eventarc.operations.get eventarc.operations.list eventarc.triggers.create eventarc.triggers.delete eventarc.triggers.get eventarc.triggers.getIamPolicy eventarc.triggers.list eventarc.triggers.setIamPolicy eventarc.triggers.undelete eventarc.triggers.update |
Eventarc | Supported In Custom Roles |
eventarc.events.receiveAuditLogWritten eventarc.locations.get eventarc.locations.list eventarc.operations.cancel eventarc.operations.delete eventarc.operations.get eventarc.operations.list eventarc.triggers.create eventarc.triggers.delete eventarc.triggers.get eventarc.triggers.getIamPolicy eventarc.triggers.list eventarc.triggers.setIamPolicy eventarc.triggers.undelete eventarc.triggers.update |
Cloud Healthcare API | Added |
healthcare.attributeDefinitions.create healthcare.attributeDefinitions.delete healthcare.attributeDefinitions.get healthcare.attributeDefinitions.list healthcare.attributeDefinitions.update healthcare.consentArtifacts.create healthcare.consentArtifacts.delete healthcare.consentArtifacts.get healthcare.consentArtifacts.list healthcare.consentStores.checkDataAccess healthcare.consentStores.create healthcare.consentStores.delete healthcare.consentStores.evaluateUserConsents healthcare.consentStores.get healthcare.consentStores.getIamPolicy healthcare.consentStores.list healthcare.consentStores.queryAccessibleData healthcare.consentStores.setIamPolicy healthcare.consentStores.update healthcare.consents.activate healthcare.consents.create healthcare.consents.delete healthcare.consents.get healthcare.consents.list healthcare.consents.reject healthcare.consents.revoke healthcare.consents.update healthcare.userDataMappings.archive healthcare.userDataMappings.create healthcare.userDataMappings.delete healthcare.userDataMappings.get healthcare.userDataMappings.list healthcare.userDataMappings.update |
Cloud Healthcare API | Supported In Custom Roles |
healthcare.attributeDefinitions.create healthcare.attributeDefinitions.delete healthcare.attributeDefinitions.get healthcare.attributeDefinitions.list healthcare.attributeDefinitions.update healthcare.consentArtifacts.create healthcare.consentArtifacts.delete healthcare.consentArtifacts.get healthcare.consentArtifacts.list healthcare.consentStores.checkDataAccess healthcare.consentStores.create healthcare.consentStores.delete healthcare.consentStores.evaluateUserConsents healthcare.consentStores.get healthcare.consentStores.getIamPolicy healthcare.consentStores.list healthcare.consentStores.queryAccessibleData healthcare.consentStores.setIamPolicy healthcare.consentStores.update healthcare.consents.activate healthcare.consents.create healthcare.consents.delete healthcare.consents.get healthcare.consents.list healthcare.consents.reject healthcare.consents.revoke healthcare.consents.update healthcare.userDataMappings.archive healthcare.userDataMappings.create healthcare.userDataMappings.delete healthcare.userDataMappings.get healthcare.userDataMappings.list healthcare.userDataMappings.update |
AI Platform Notebooks | Added |
notebooks.instances.updateConfig |
Pub/Sub Lite | Added |
pubsublite.topics.computeMessageStats |
Pub/Sub Lite | Supported In Custom Roles |
pubsublite.topics.computeMessageStats |
Memorystore for Redis | Added |
redis.instances.getAuthString redis.instances.updateAuth |
Memorystore for Redis | Supported In Custom Roles |
redis.instances.getAuthString redis.instances.updateAuth |
Service Directory | Now GA |
servicedirectory.endpoints.create servicedirectory.endpoints.delete servicedirectory.endpoints.get servicedirectory.endpoints.getIamPolicy servicedirectory.endpoints.list servicedirectory.endpoints.setIamPolicy servicedirectory.endpoints.update servicedirectory.locations.get servicedirectory.locations.list servicedirectory.namespaces.associatePrivateZone servicedirectory.namespaces.create servicedirectory.namespaces.delete servicedirectory.namespaces.get servicedirectory.namespaces.getIamPolicy servicedirectory.namespaces.list servicedirectory.namespaces.setIamPolicy servicedirectory.namespaces.update servicedirectory.services.create servicedirectory.services.delete servicedirectory.services.get servicedirectory.services.getIamPolicy servicedirectory.services.list servicedirectory.services.resolve servicedirectory.services.setIamPolicy servicedirectory.services.update |
Cloud IAM changes as of 2020-10-02
Service | Change | Description |
---|---|---|
Cloud Asset Inventory | Role Updated |
The following permissions have been added to the role bigquery.tables.update |
Talent Solution | Role Updated |
The following permissions have been added to the role cloudjobdiscovery.tenants.create cloudjobdiscovery.tenants.delete cloudjobdiscovery.tenants.get cloudjobdiscovery.tenants.update |
Talent Solution | Role Updated |
The following permissions have been added to the role cloudjobdiscovery.tenants.get |
Basic Role | Role Updated |
The following permissions have been added to the role aiplatform.endpoints.explain aiplatform.endpoints.predict |
AI Platform | Added |
aiplatform.annotationSpecs.create aiplatform.annotationSpecs.delete aiplatform.annotationSpecs.get aiplatform.annotationSpecs.list aiplatform.annotationSpecs.update aiplatform.annotations.create aiplatform.annotations.delete aiplatform.annotations.get aiplatform.annotations.list aiplatform.annotations.update aiplatform.batchPredictionJobs.cancel aiplatform.batchPredictionJobs.create aiplatform.batchPredictionJobs.delete aiplatform.batchPredictionJobs.get aiplatform.batchPredictionJobs.list aiplatform.customJobs.cancel aiplatform.customJobs.create aiplatform.customJobs.delete aiplatform.customJobs.get aiplatform.customJobs.list aiplatform.dataItems.create aiplatform.dataItems.delete aiplatform.dataItems.get aiplatform.dataItems.list aiplatform.dataItems.update aiplatform.dataLabelingJobs.cancel aiplatform.dataLabelingJobs.create aiplatform.dataLabelingJobs.delete aiplatform.dataLabelingJobs.get aiplatform.dataLabelingJobs.list aiplatform.datasets.create aiplatform.datasets.delete aiplatform.datasets.export aiplatform.datasets.get aiplatform.datasets.import aiplatform.datasets.list aiplatform.datasets.update aiplatform.endpoints.create aiplatform.endpoints.delete aiplatform.endpoints.deploy aiplatform.endpoints.explain aiplatform.endpoints.get aiplatform.endpoints.list aiplatform.endpoints.predict aiplatform.endpoints.undeploy aiplatform.endpoints.update aiplatform.hyperparameterTuningJobs.cancel aiplatform.hyperparameterTuningJobs.create aiplatform.hyperparameterTuningJobs.delete aiplatform.hyperparameterTuningJobs.get aiplatform.hyperparameterTuningJobs.list aiplatform.locations.get aiplatform.locations.list aiplatform.migratableResources.migrate aiplatform.migratableResources.search aiplatform.modelEvaluationSlices.get aiplatform.modelEvaluationSlices.list aiplatform.modelEvaluations.exportEvaluatedDataItems aiplatform.modelEvaluations.get aiplatform.modelEvaluations.list aiplatform.models.delete aiplatform.models.export aiplatform.models.get aiplatform.models.list aiplatform.models.upload aiplatform.operations.list aiplatform.specialistPools.create aiplatform.specialistPools.delete aiplatform.specialistPools.get aiplatform.specialistPools.list aiplatform.specialistPools.update aiplatform.trainingPipelines.cancel aiplatform.trainingPipelines.create aiplatform.trainingPipelines.delete aiplatform.trainingPipelines.get aiplatform.trainingPipelines.list |
AI Platform | Supported In Custom Roles |
aiplatform.annotationSpecs.create aiplatform.annotationSpecs.delete aiplatform.annotationSpecs.get aiplatform.annotationSpecs.list aiplatform.annotationSpecs.update aiplatform.annotations.create aiplatform.annotations.delete aiplatform.annotations.get aiplatform.annotations.list aiplatform.annotations.update aiplatform.batchPredictionJobs.cancel aiplatform.batchPredictionJobs.create aiplatform.batchPredictionJobs.delete aiplatform.batchPredictionJobs.get aiplatform.batchPredictionJobs.list aiplatform.customJobs.cancel aiplatform.customJobs.create aiplatform.customJobs.delete aiplatform.customJobs.get aiplatform.customJobs.list aiplatform.dataItems.create aiplatform.dataItems.delete aiplatform.dataItems.get aiplatform.dataItems.list aiplatform.dataItems.update aiplatform.dataLabelingJobs.cancel aiplatform.dataLabelingJobs.create aiplatform.dataLabelingJobs.delete aiplatform.dataLabelingJobs.get aiplatform.dataLabelingJobs.list aiplatform.datasets.create aiplatform.datasets.delete aiplatform.datasets.export aiplatform.datasets.get aiplatform.datasets.import aiplatform.datasets.list aiplatform.datasets.update aiplatform.endpoints.create aiplatform.endpoints.delete aiplatform.endpoints.deploy aiplatform.endpoints.explain aiplatform.endpoints.get aiplatform.endpoints.list aiplatform.endpoints.predict aiplatform.endpoints.undeploy aiplatform.endpoints.update aiplatform.hyperparameterTuningJobs.cancel aiplatform.hyperparameterTuningJobs.create aiplatform.hyperparameterTuningJobs.delete aiplatform.hyperparameterTuningJobs.get aiplatform.hyperparameterTuningJobs.list aiplatform.locations.get aiplatform.locations.list aiplatform.migratableResources.migrate aiplatform.migratableResources.search aiplatform.modelEvaluationSlices.get aiplatform.modelEvaluationSlices.list aiplatform.modelEvaluations.exportEvaluatedDataItems aiplatform.modelEvaluations.get aiplatform.modelEvaluations.list aiplatform.models.delete aiplatform.models.export aiplatform.models.get aiplatform.models.list aiplatform.models.upload aiplatform.operations.list aiplatform.specialistPools.create aiplatform.specialistPools.delete aiplatform.specialistPools.get aiplatform.specialistPools.list aiplatform.specialistPools.update aiplatform.trainingPipelines.cancel aiplatform.trainingPipelines.create aiplatform.trainingPipelines.delete aiplatform.trainingPipelines.get aiplatform.trainingPipelines.list |
BigQuery | Supported In Custom Roles |
bigquery.models.create bigquery.models.delete bigquery.models.getData bigquery.models.getMetadata bigquery.models.list bigquery.models.updateData bigquery.models.updateMetadata |
BigQuery | Now GA |
bigquery.models.create bigquery.models.delete bigquery.models.export bigquery.models.getData bigquery.models.getMetadata bigquery.models.list bigquery.models.updateData bigquery.models.updateMetadata |
Cloud IAM changes as of 2020-09-25
Service | Change | Description |
---|---|---|
Anthos | Now GA |
The role |
Anthos Config Management | Now GA |
The role |
Apigee | Now GA |
The role |
App Engine flexible environment | Now GA |
The role |
Artifact Registry | Now GA |
The role |
AutoML | Now GA |
The role |
Recommendations AI | Now GA |
The role |
BigQuery Connection API | Now GA |
The role |
BigQuery Data Transfer Service | Now GA |
The role |
Binary Authorization | Now GA |
The role |
Cloud Asset Inventory | Now GA |
The role |
Cloud Build | Now GA |
The role |
Cloud Functions | Now GA |
The role |
Cloud IoT | Now GA |
The role |
Cloud Key Management Service | Now GA |
The role |
Cloud Scheduler | Now GA |
The role |
Cloud SQL | Now GA |
The role |
Cloud Tasks | Now GA |
The role |
Cloud Tasks | Role Updated |
The following permissions have been added to the role monitoring.timeSeries.list |
Cloud Tasks | Role Updated |
The following permissions have been added to the role monitoring.timeSeries.list |
Cloud TPU | Now GA |
The role |
Cloud Composer | Now GA |
The role |
Compute Engine | Now GA |
The role |
Compute Scanning | Now GA |
The role |
Google Kubernetes Engine | Now GA |
The role |
Container Analysis | Now GA |
The role |
Container Registry | Now GA |
The role |
Container Scanning | Now GA |
The role |
Container Threat Detection | Now GA |
The role |
Dataflow | Now GA |
The role |
Cloud Data Fusion | Now GA |
The role |
AI Platform Data Labeling Service | Now GA |
The role |
Dataprep by Trifacta | Now GA |
The role |
Dataproc | Now GA |
The role |
Google Data Studio | Now GA |
The role |
Dialogflow | Now GA |
The role |
Cloud Data Loss Prevention | Now GA |
The role |
Document AI | Now GA |
The role |
Cloud Endpoints | Now GA |
The role |
Cloud Endpoints Portal | Now GA |
The role |
Filestore | Now GA |
The role |
Firebase | Now GA |
The role |
Firebase | Now GA |
The role |
Firebase | Now GA |
The role |
Firebase | Now GA |
The role |
Firebase Mods | Now GA |
The role |
Firebase Storage | Now GA |
The role |
Firewall Insights | Now GA |
The role |
Game Servers | Now GA |
The role |
Cloud Life Sciences | Now GA |
The role |
GKE Hub | Now GA |
The role |
Cloud Healthcare API | Now GA |
The role |
Cloud Life Sciences | Now GA |
The role |
Managed Service for Microsoft Active Directory | Now GA |
The role |
Memorystore for Memcached | Now GA |
The role |
Mesh Configuration | Now GA |
The role |
Mesh Data Plane | Now GA |
The role |
AI Platform | Now GA |
The role |
Cloud Monitoring | Now GA |
The role |
Multi Cluster Ingress | Now GA |
The role |
Multi Cluster Metering | Now GA |
The role |
Network Management API | Now GA |
The role |
AI Platform Notebooks | Now GA |
The role |
Cloud OS Config | Now GA |
The role |
Pub/Sub | Now GA |
The role |
Memorystore for Redis | Now GA |
The role |
Remote Build Execution | Now GA |
The role |
Cloud Run | Now GA |
The role |
Security Command Center | Now GA |
The role |
Security Command Center | Now GA |
The role |
Security Command Center | Now GA |
The role |
Security Command Center | Now GA |
The role |
Security Command Center | Now GA |
The role |
Cloud Run | Now GA |
The role |
Service Networking | Now GA |
The role |
Cloud Source Repositories | Now GA |
The role |
Cloud TPU | Now GA |
The role |
Serverless VPC Access | Now GA |
The role |
Web Security Scanner | Now GA |
The role |
Workflows | Now GA |
The role |
BigQuery | Added |
bigquery.capacityCommitments.update |
BigQuery | Supported In Custom Roles |
bigquery.capacityCommitments.update |
BigQuery | Now GA |
bigquery.capacityCommitments.update |
Cloud Domains | Added |
domains.locations.get domains.locations.list domains.operations.cancel domains.operations.get domains.operations.list domains.registrations.configureContact domains.registrations.configureDns domains.registrations.configureManagement domains.registrations.create domains.registrations.delete domains.registrations.get domains.registrations.getIamPolicy domains.registrations.list domains.registrations.setIamPolicy domains.registrations.update |
Transcoder API | Added |
transcoder.jobTemplates.create transcoder.jobTemplates.delete transcoder.jobTemplates.get transcoder.jobTemplates.list transcoder.jobs.create transcoder.jobs.delete transcoder.jobs.get transcoder.jobs.list |
Transcoder API | Supported In Custom Roles |
transcoder.jobTemplates.create transcoder.jobTemplates.delete transcoder.jobTemplates.get transcoder.jobTemplates.list transcoder.jobs.create transcoder.jobs.delete transcoder.jobs.get transcoder.jobs.list |
Cloud IAM changes as of 2020-09-18
Service | Change | Description |
---|---|---|
BigQuery | Now GA |
The role |
BigQuery | Now GA |
The role |
BigQuery | Now GA |
The role |
Recommender | Role Updated |
The following permissions have been added to the role recommender.locations.get recommender.locations.list |
Recommender | Role Updated |
The following permissions have been added to the role recommender.locations.get recommender.locations.list |
Recommender | Role Updated |
The following permissions have been added to the role recommender.locations.get recommender.locations.list |
Recommender | Role Updated |
The following permissions have been added to the role recommender.locations.get recommender.locations.list |
API Gateway | Supported In Custom Roles |
apigateway.apiconfigs.create apigateway.apiconfigs.delete apigateway.apiconfigs.get apigateway.apiconfigs.getIamPolicy apigateway.apiconfigs.list apigateway.apiconfigs.setIamPolicy apigateway.apiconfigs.update apigateway.apis.create apigateway.apis.delete apigateway.apis.get apigateway.apis.getIamPolicy apigateway.apis.list apigateway.apis.setIamPolicy apigateway.apis.update apigateway.gateways.create apigateway.gateways.delete apigateway.gateways.get apigateway.gateways.getIamPolicy apigateway.gateways.list apigateway.gateways.setIamPolicy apigateway.gateways.update apigateway.locations.get apigateway.locations.list apigateway.operations.cancel apigateway.operations.delete apigateway.operations.get apigateway.operations.list |
BigQuery | Now GA |
bigquery.bireservations.get bigquery.bireservations.update bigquery.capacityCommitments.create bigquery.capacityCommitments.delete bigquery.capacityCommitments.get bigquery.capacityCommitments.list bigquery.reservationAssignments.create bigquery.reservationAssignments.delete bigquery.reservationAssignments.list bigquery.reservationAssignments.search bigquery.reservations.create bigquery.reservations.delete bigquery.reservations.get bigquery.reservations.list bigquery.reservations.update |
Identity and Access Management | Added |
iam.workloadIdentityPoolProviders.create iam.workloadIdentityPoolProviders.delete iam.workloadIdentityPoolProviders.get iam.workloadIdentityPoolProviders.list iam.workloadIdentityPoolProviders.undelete iam.workloadIdentityPoolProviders.update iam.workloadIdentityPools.create iam.workloadIdentityPools.delete iam.workloadIdentityPools.get iam.workloadIdentityPools.list iam.workloadIdentityPools.undelete iam.workloadIdentityPools.update |
Identity and Access Management | Supported In Custom Roles |
iam.workloadIdentityPoolProviders.create iam.workloadIdentityPoolProviders.delete iam.workloadIdentityPoolProviders.get iam.workloadIdentityPoolProviders.list iam.workloadIdentityPoolProviders.undelete iam.workloadIdentityPoolProviders.update iam.workloadIdentityPools.create iam.workloadIdentityPools.delete iam.workloadIdentityPools.get iam.workloadIdentityPools.list iam.workloadIdentityPools.undelete iam.workloadIdentityPools.update |
Cloud IAM changes as of 2020-09-11
Service | Change | Description |
---|---|---|
Cloud Logging | Role Updated |
The following permissions have been added to the role logging.queries.create logging.queries.delete logging.queries.get logging.queries.list logging.queries.update |
Security Command Center | Added |
securitycenter.findings.setWorkflowState |
Security Command Center | Supported In Custom Roles |
securitycenter.findings.setWorkflowState |
Cloud IAM changes as of 2020-09-04
Service | Change | Description |
---|---|---|
Apigee | Now GA |
The role |
Cloud Profiler | Now GA |
The role |
Cloud Profiler | Now GA |
The role |
Cloud SQL | Now GA |
The role |
AI Platform Notebooks | Now GA |
The role |
AI Platform Notebooks | Now GA |
The role |
AI Platform Notebooks | Now GA |
The role |
AI Platform Notebooks | Now GA |
The role |
AI Platform Notebooks | Now GA |
The role |
Security Command Center | Now GA |
The role |
Security Command Center | Now GA |
The role |
Security Command Center | Now GA |
The role |
BigQuery | Added |
bigquery.models.export |
BigQuery | Supported In Custom Roles |
bigquery.models.export |
Cloud Profiler | Now GA |
cloudprofiler.profiles.create cloudprofiler.profiles.list cloudprofiler.profiles.update |
Cloud SQL | Added |
cloudsql.instances.login |
Cloud SQL | Supported In Custom Roles |
cloudsql.instances.login |
Cloud SQL | Now GA |
cloudsql.instances.login |
NetApp Cloud Volumes Service | Available In Custom Roles |
cloudvolumesgcp-api.netapp.com/activeDirectories.create cloudvolumesgcp-api.netapp.com/activeDirectories.delete cloudvolumesgcp-api.netapp.com/activeDirectories.get cloudvolumesgcp-api.netapp.com/activeDirectories.list cloudvolumesgcp-api.netapp.com/activeDirectories.update cloudvolumesgcp-api.netapp.com/ipRanges.list cloudvolumesgcp-api.netapp.com/jobs.get cloudvolumesgcp-api.netapp.com/jobs.list cloudvolumesgcp-api.netapp.com/regions.list cloudvolumesgcp-api.netapp.com/serviceLevels.list cloudvolumesgcp-api.netapp.com/snapshots.create cloudvolumesgcp-api.netapp.com/snapshots.delete cloudvolumesgcp-api.netapp.com/snapshots.get cloudvolumesgcp-api.netapp.com/snapshots.list cloudvolumesgcp-api.netapp.com/snapshots.update cloudvolumesgcp-api.netapp.com/volumes.create cloudvolumesgcp-api.netapp.com/volumes.delete cloudvolumesgcp-api.netapp.com/volumes.get cloudvolumesgcp-api.netapp.com/volumes.list cloudvolumesgcp-api.netapp.com/volumes.update |
AI Platform Notebooks | Now GA |
notebooks.environments.create notebooks.environments.delete notebooks.environments.get notebooks.environments.getIamPolicy notebooks.environments.list notebooks.environments.setIamPolicy notebooks.instances.checkUpgradability notebooks.instances.create notebooks.instances.delete notebooks.instances.get notebooks.instances.getIamPolicy notebooks.instances.list notebooks.instances.reset notebooks.instances.setAccelerator notebooks.instances.setIamPolicy notebooks.instances.setLabels notebooks.instances.setMachineType notebooks.instances.start notebooks.instances.stop notebooks.instances.update notebooks.instances.upgrade notebooks.locations.get notebooks.locations.list notebooks.operations.cancel notebooks.operations.delete notebooks.operations.get notebooks.operations.list |
Security Command Center | Added |
securitycenter.containerthreatdetectionsettings.calculate securitycenter.containerthreatdetectionsettings.get securitycenter.containerthreatdetectionsettings.update securitycenter.eventthreatdetectionsettings.calculate securitycenter.eventthreatdetectionsettings.get securitycenter.eventthreatdetectionsettings.update securitycenter.securitycentersettings.get securitycenter.securitycentersettings.update securitycenter.securityhealthanalyticssettings.calculate securitycenter.securityhealthanalyticssettings.get securitycenter.securityhealthanalyticssettings.update securitycenter.subscription.get securitycenter.websecurityscannersettings.calculate securitycenter.websecurityscannersettings.get securitycenter.websecurityscannersettings.update |
Security Command Center | Supported In Custom Roles |
securitycenter.containerthreatdetectionsettings.calculate securitycenter.containerthreatdetectionsettings.get securitycenter.containerthreatdetectionsettings.update securitycenter.eventthreatdetectionsettings.calculate securitycenter.eventthreatdetectionsettings.get securitycenter.eventthreatdetectionsettings.update securitycenter.securitycentersettings.get securitycenter.securitycentersettings.update securitycenter.securityhealthanalyticssettings.calculate securitycenter.securityhealthanalyticssettings.get securitycenter.securityhealthanalyticssettings.update securitycenter.subscription.get securitycenter.websecurityscannersettings.calculate securitycenter.websecurityscannersettings.get securitycenter.websecurityscannersettings.update |
Cloud IAM changes as of 2020-08-28
Service | Change | Description |
---|---|---|
App Engine | Now GA |
The role |
Cloud Functions | Now GA |
The role |
Cloud Functions | Now GA |
The role |
Cloud Functions | Now GA |
The role |
Cloud Functions | Now GA |
The role |
Assured Workloads for Government | Added |
assuredworkloads.operations.get assuredworkloads.operations.list assuredworkloads.workload.create assuredworkloads.workload.delete assuredworkloads.workload.get assuredworkloads.workload.list assuredworkloads.workload.update |
Assured Workloads for Government | Supported In Custom Roles |
assuredworkloads.operations.get assuredworkloads.operations.list |
Recommendations AI | Added |
automlrecommendations.catalogs.update |
Recommendations AI | Supported In Custom Roles |
automlrecommendations.catalogs.list automlrecommendations.catalogs.update automlrecommendations.recommendations.list |
Cloud Asset Inventory | Now GA |
cloudasset.assets.analyzeIamPolicy |
Cloud Functions | Supported In Custom Roles |
cloudfunctions.functions.call cloudfunctions.functions.create cloudfunctions.functions.delete cloudfunctions.functions.get cloudfunctions.functions.list cloudfunctions.functions.sourceCodeGet cloudfunctions.functions.sourceCodeSet cloudfunctions.functions.update cloudfunctions.locations.list cloudfunctions.operations.get cloudfunctions.operations.list |
Cloud Functions | Now GA |
cloudfunctions.functions.call cloudfunctions.functions.create cloudfunctions.functions.delete cloudfunctions.functions.get cloudfunctions.functions.getIamPolicy cloudfunctions.functions.invoke cloudfunctions.functions.list cloudfunctions.functions.setIamPolicy cloudfunctions.functions.sourceCodeGet cloudfunctions.functions.sourceCodeSet cloudfunctions.functions.update cloudfunctions.locations.list cloudfunctions.operations.get cloudfunctions.operations.list |
Cloud Healthcare API | Supported In Custom Roles |
healthcare.hl7V2Stores.import |
Cloud Logging | Added |
logging.queries.create logging.queries.delete logging.queries.get logging.queries.list logging.queries.update |
Cloud Logging | Supported In Custom Roles |
logging.queries.create logging.queries.delete logging.queries.get logging.queries.list logging.queries.update |
Cloud Logging | Now GA |
logging.queries.create logging.queries.delete logging.queries.get logging.queries.list logging.queries.update |
Workflows | Added |
workflows.executions.cancel workflows.executions.create workflows.executions.get workflows.executions.list workflows.locations.get workflows.locations.list workflows.operations.cancel workflows.operations.get workflows.operations.list workflows.workflows.create workflows.workflows.delete workflows.workflows.get workflows.workflows.getIamPolicy workflows.workflows.list workflows.workflows.setIamPolicy workflows.workflows.update |
Workflows | Supported In Custom Roles |
workflows.executions.cancel workflows.executions.create workflows.executions.get workflows.executions.list workflows.locations.get workflows.locations.list workflows.operations.cancel workflows.operations.get workflows.operations.list workflows.workflows.create workflows.workflows.delete workflows.workflows.get workflows.workflows.getIamPolicy workflows.workflows.list workflows.workflows.setIamPolicy workflows.workflows.update |
Cloud IAM changes as of 2020-08-21
Service | Change | Description |
---|---|---|
Dialogflow | Role Updated |
The following permissions have been added to the role dialogflow.environments.lookupHistory dialogflow.versions.load |
Dialogflow | Role Updated |
The following permissions have been added to the role dialogflow.environments.lookupHistory dialogflow.versions.load |
Basic Role | Role Updated |
The following permissions have been added to the role dialogflow.environments.lookupHistory dialogflow.versions.load |
Basic Role | Role Updated |
The following permissions have been added to the role dialogflow.environments.lookupHistory dialogflow.versions.load |
Basic Role | Role Updated |
The following permissions have been added to the role dialogflow.environments.lookupHistory |
Apigee | Added |
apigee.caches.delete apigee.caches.list apigee.canaryevaluations.create apigee.canaryevaluations.get apigee.datacollectors.create apigee.datacollectors.delete apigee.datacollectors.get apigee.datacollectors.list apigee.datacollectors.update apigee.datastores.create apigee.datastores.delete apigee.datastores.get apigee.datastores.list apigee.datastores.update apigee.envgroupattachments.create apigee.envgroupattachments.delete apigee.envgroupattachments.get apigee.envgroupattachments.list apigee.envgroups.create apigee.envgroups.delete apigee.envgroups.get apigee.envgroups.list apigee.envgroups.update apigee.exports.create apigee.exports.get apigee.exports.list apigee.hostqueries.create apigee.hostqueries.get apigee.hostqueries.list apigee.hoststats.get apigee.ingressconfigs.get apigee.instanceattachments.create apigee.instanceattachments.delete apigee.instanceattachments.get apigee.instanceattachments.list apigee.instances.create apigee.instances.delete apigee.instances.get apigee.instances.list apigee.instances.reportStatus apigee.operations.get apigee.operations.list apigee.projects.update |
Apigee | Supported In Custom Roles |
apigee.datastores.create apigee.datastores.delete apigee.datastores.get apigee.datastores.list apigee.datastores.update apigee.exports.create apigee.exports.get apigee.exports.list |
Apigee | Now GA |
apigee.caches.delete apigee.caches.list apigee.canaryevaluations.create apigee.canaryevaluations.get apigee.datacollectors.create apigee.datacollectors.delete apigee.datacollectors.get apigee.datacollectors.list apigee.datacollectors.update apigee.datastores.create apigee.datastores.delete apigee.datastores.get apigee.datastores.list apigee.datastores.update apigee.envgroupattachments.create apigee.envgroupattachments.delete apigee.envgroupattachments.get apigee.envgroupattachments.list apigee.envgroups.create apigee.envgroups.delete apigee.envgroups.get apigee.envgroups.list apigee.envgroups.update apigee.exports.create apigee.exports.get apigee.exports.list apigee.hostqueries.create apigee.hostqueries.get apigee.hostqueries.list apigee.hoststats.get apigee.ingressconfigs.get apigee.instanceattachments.create apigee.instanceattachments.delete apigee.instanceattachments.get apigee.instanceattachments.list apigee.instances.create apigee.instances.delete apigee.instances.get apigee.instances.list apigee.instances.reportStatus apigee.operations.get apigee.operations.list apigee.projects.update |
Compute Engine | Now GA |
compute.images.update |
Dialogflow | Added |
dialogflow.agents.list dialogflow.agents.validate dialogflow.environments.create dialogflow.environments.delete dialogflow.environments.get dialogflow.environments.getHistory dialogflow.environments.list dialogflow.environments.lookupHistory dialogflow.environments.update dialogflow.flows.create dialogflow.flows.delete dialogflow.flows.get dialogflow.flows.list dialogflow.flows.train dialogflow.flows.update dialogflow.flows.validate dialogflow.pages.create dialogflow.pages.delete dialogflow.pages.get dialogflow.pages.list dialogflow.pages.update dialogflow.transitionRouteGroups.create dialogflow.transitionRouteGroups.delete dialogflow.transitionRouteGroups.get dialogflow.transitionRouteGroups.list dialogflow.transitionRouteGroups.update dialogflow.versions.create dialogflow.versions.delete dialogflow.versions.get dialogflow.versions.list dialogflow.versions.load dialogflow.versions.update dialogflow.webhooks.create dialogflow.webhooks.delete dialogflow.webhooks.get dialogflow.webhooks.list dialogflow.webhooks.update |
Dialogflow | Supported In Custom Roles |
dialogflow.environments.create dialogflow.environments.delete dialogflow.environments.get dialogflow.environments.getHistory dialogflow.environments.list dialogflow.environments.update dialogflow.versions.create dialogflow.versions.delete dialogflow.versions.get dialogflow.versions.list dialogflow.versions.update |
Dialogflow | Now GA |
dialogflow.agents.list dialogflow.agents.validate dialogflow.environments.create dialogflow.environments.delete dialogflow.environments.get dialogflow.environments.getHistory dialogflow.environments.list dialogflow.environments.update dialogflow.flows.create dialogflow.flows.delete dialogflow.flows.get dialogflow.flows.list dialogflow.flows.train dialogflow.flows.update dialogflow.flows.validate dialogflow.pages.create dialogflow.pages.delete dialogflow.pages.get dialogflow.pages.list dialogflow.pages.update dialogflow.transitionRouteGroups.create dialogflow.transitionRouteGroups.delete dialogflow.transitionRouteGroups.get dialogflow.transitionRouteGroups.list dialogflow.transitionRouteGroups.update dialogflow.versions.create dialogflow.versions.delete dialogflow.versions.get dialogflow.versions.list dialogflow.versions.update dialogflow.webhooks.create dialogflow.webhooks.delete dialogflow.webhooks.get dialogflow.webhooks.list dialogflow.webhooks.update |
Cloud Healthcare API | Added |
healthcare.annotationStores.create healthcare.annotationStores.delete healthcare.annotationStores.evaluate healthcare.annotationStores.export healthcare.annotationStores.get healthcare.annotationStores.getIamPolicy healthcare.annotationStores.import healthcare.annotationStores.list healthcare.annotationStores.setIamPolicy healthcare.annotationStores.update healthcare.annotations.create healthcare.annotations.delete healthcare.annotations.get healthcare.annotations.list healthcare.annotations.update |
Cloud Healthcare API | Supported In Custom Roles |
healthcare.annotationStores.create healthcare.annotationStores.delete healthcare.annotationStores.evaluate healthcare.annotationStores.export healthcare.annotationStores.get healthcare.annotationStores.getIamPolicy healthcare.annotationStores.import healthcare.annotationStores.list healthcare.annotationStores.setIamPolicy healthcare.annotationStores.update healthcare.annotations.create healthcare.annotations.delete healthcare.annotations.get healthcare.annotations.list healthcare.annotations.update |
Cloud IAM changes as of 2020-08-14
Service | Change | Description |
---|---|---|
Private Catalog | Role Updated |
The following permissions have been added to the role resourcemanager.projects.get resourcemanager.projects.list |
Private Catalog | Role Updated |
The following permissions have been added to the role cloudprivatecatalog.targets.get cloudprivatecatalogproducer.targets.associate cloudprivatecatalogproducer.targets.unassociate resourcemanager.projects.get resourcemanager.projects.list |
Private Catalog | Role Updated |
The following permissions have been added to the role resourcemanager.projects.get resourcemanager.projects.list |
Dialogflow | Added |
dialogflow.fulfillments.get dialogflow.fulfillments.update |
Dialogflow | Now GA |
dialogflow.fulfillments.get dialogflow.fulfillments.update |
Cloud IAM changes as of 2020-08-07
Service | Change | Description |
---|---|---|
Cloud Composer | Role Updated |
The following permissions have been added to the role artifactregistry.packages.delete artifactregistry.repositories.create artifactregistry.repositories.delete artifactregistry.repositories.deleteArtifacts artifactregistry.repositories.getIamPolicy artifactregistry.repositories.setIamPolicy artifactregistry.repositories.update artifactregistry.tags.delete artifactregistry.versions.delete |
GKE Hub | Role Updated |
The following permissions have been added to the role gkehub.features.getIamPolicy gkehub.gateway.get gkehub.gateway.getIamPolicy |
Cloud Logging | Now GA |
The role |
Cloud Logging | Now GA |
The role |
Cloud Logging | Role Updated |
The following permissions have been added to the role logging.views.access |
Compute Engine | Now GA |
compute.instances.getScreenshot |
Identity and Access Management | Supported In Custom Roles |
iam.serviceAccounts.disable iam.serviceAccounts.enable iam.serviceAccounts.undelete |
Identity and Access Management | Now GA |
iam.serviceAccounts.disable iam.serviceAccounts.enable iam.serviceAccounts.undelete |
Cloud Logging | Added |
logging.buckets.create logging.buckets.delete logging.buckets.undelete logging.buckets.write logging.views.access |
Cloud Logging | Supported In Custom Roles |
logging.buckets.create logging.buckets.delete logging.buckets.undelete logging.buckets.write logging.views.access |
Cloud Logging | Now GA |
logging.buckets.create logging.buckets.delete logging.buckets.undelete logging.buckets.write logging.views.access |
OAuthConfig | Added |
oauthconfig.clientpolicy.get oauthconfig.testusers.get oauthconfig.testusers.update oauthconfig.verification.get oauthconfig.verification.submit oauthconfig.verification.update |
OAuthConfig | Supported In Custom Roles |
oauthconfig.clientpolicy.get oauthconfig.testusers.get oauthconfig.testusers.update oauthconfig.verification.get oauthconfig.verification.submit oauthconfig.verification.update |
OAuthPolicyMetadata | Added |
oauthpolicymetadata.brandpolicy.createOrUpdate oauthpolicymetadata.brandpolicy.get oauthpolicymetadata.brandpolicy.submitVerification oauthpolicymetadata.clientpolicy.get |
OAuthPolicyMetadata | Supported In Custom Roles |
oauthpolicymetadata.brandpolicy.createOrUpdate oauthpolicymetadata.brandpolicy.get oauthpolicymetadata.brandpolicy.submitVerification oauthpolicymetadata.clientpolicy.get |
OAuthTestApp | Added |
oauthtestapp.userwhitelist.read oauthtestapp.userwhitelist.write |
OAuthTestApp | Supported In Custom Roles |
oauthtestapp.userwhitelist.read oauthtestapp.userwhitelist.write |
Certificate Authority Service | Added |
privateca.certificateAuthorities.create privateca.certificateAuthorities.delete privateca.certificateAuthorities.get privateca.certificateAuthorities.getIamPolicy privateca.certificateAuthorities.list privateca.certificateAuthorities.setIamPolicy privateca.certificateAuthorities.update privateca.certificateRevocationLists.create privateca.certificateRevocationLists.get privateca.certificateRevocationLists.getIamPolicy privateca.certificateRevocationLists.list privateca.certificateRevocationLists.setIamPolicy privateca.certificateRevocationLists.update privateca.certificates.create privateca.certificates.get privateca.certificates.getIamPolicy privateca.certificates.list privateca.certificates.setIamPolicy privateca.certificates.update privateca.locations.get privateca.locations.list privateca.operations.cancel privateca.operations.delete privateca.operations.get privateca.operations.list privateca.reusableConfigs.create privateca.reusableConfigs.delete privateca.reusableConfigs.get privateca.reusableConfigs.getIamPolicy privateca.reusableConfigs.list privateca.reusableConfigs.setIamPolicy privateca.reusableConfigs.update |
Certificate Authority Service | Supported In Custom Roles |
privateca.certificateAuthorities.create privateca.certificateAuthorities.delete privateca.certificateAuthorities.get privateca.certificateAuthorities.getIamPolicy privateca.certificateAuthorities.list privateca.certificateAuthorities.setIamPolicy privateca.certificateAuthorities.update privateca.certificateRevocationLists.create privateca.certificateRevocationLists.get privateca.certificateRevocationLists.getIamPolicy privateca.certificateRevocationLists.list privateca.certificateRevocationLists.setIamPolicy privateca.certificateRevocationLists.update privateca.certificates.create privateca.certificates.get privateca.certificates.getIamPolicy privateca.certificates.list privateca.certificates.setIamPolicy privateca.certificates.update privateca.locations.get privateca.locations.list privateca.operations.cancel privateca.operations.delete privateca.operations.get privateca.operations.list privateca.reusableConfigs.create privateca.reusableConfigs.delete privateca.reusableConfigs.get privateca.reusableConfigs.getIamPolicy privateca.reusableConfigs.list privateca.reusableConfigs.setIamPolicy privateca.reusableConfigs.update |
Recommender | Added |
recommender.commitmentUtilizationInsights.get recommender.commitmentUtilizationInsights.list recommender.commitmentUtilizationInsights.update recommender.usageCommitmentRecommendations.get recommender.usageCommitmentRecommendations.list recommender.usageCommitmentRecommendations.update |
Cloud IAM changes as of 2020-07-31
Service | Change | Description |
---|---|---|
Apigee | Now GA |
The role |
Apigee | Now GA |
The role |
Apigee | Now GA |
The role |
Apigee | Now GA |
The role |
Apigee | Now GA |
The role |
Apigee | Now GA |
The role |
Apigee | Now GA |
The role |
Apigee | Now GA |
The role |
Apigee | Now GA |
The role |
Apigee | Now GA |
The role |
Apigee Connect | Now GA |
The role |
Apigee Connect | Now GA |
The role |
Game Servers | Now GA |
The role |
Game Servers | Now GA |
The role |
Identity and Access Management | Role Updated |
The following permissions have been removed from the role container.secrets.list |
Identity and Access Management | Role Updated |
The following permissions have been removed from the role container.secrets.list |
AI Platform Notebooks | Role Updated |
The following permissions have been added to the role compute.acceleratorTypes.get compute.addresses.get compute.addresses.list compute.autoscalers.get compute.autoscalers.list compute.backendBuckets.get compute.backendBuckets.list compute.backendServices.get compute.backendServices.list compute.commitments.get compute.commitments.list compute.diskTypes.get compute.disks.get compute.disks.getIamPolicy compute.disks.list compute.externalVpnGateways.get compute.externalVpnGateways.list compute.firewalls.get compute.firewalls.list compute.forwardingRules.get compute.forwardingRules.list compute.globalAddresses.get compute.globalAddresses.list compute.globalForwardingRules.get compute.globalForwardingRules.list compute.globalOperations.get compute.globalOperations.getIamPolicy compute.globalOperations.list compute.globalPublicDelegatedPrefixes.get compute.globalPublicDelegatedPrefixes.list compute.healthChecks.get compute.healthChecks.list compute.httpHealthChecks.get compute.httpHealthChecks.list compute.httpsHealthChecks.get compute.httpsHealthChecks.list compute.images.get compute.images.getFromFamily compute.images.getIamPolicy compute.images.list compute.instanceGroupManagers.get compute.instanceGroupManagers.list compute.instanceGroups.get compute.instanceGroups.list compute.instanceTemplates.get compute.instanceTemplates.getIamPolicy compute.instanceTemplates.list compute.instances.get compute.instances.getEffectiveFirewalls compute.instances.getGuestAttributes compute.instances.getIamPolicy compute.instances.getScreenshot compute.instances.getSerialPortOutput compute.instances.getShieldedInstanceIdentity compute.instances.getShieldedVmIdentity compute.instances.list compute.instances.listReferrers compute.interconnectAttachments.get compute.interconnectAttachments.list compute.interconnectLocations.get compute.interconnectLocations.list compute.interconnects.get compute.interconnects.list compute.licenseCodes.get compute.licenseCodes.getIamPolicy compute.licenseCodes.list compute.licenses.get compute.licenses.getIamPolicy compute.licenses.list compute.machineTypes.get compute.maintenancePolicies.get compute.maintenancePolicies.getIamPolicy compute.maintenancePolicies.list compute.networkEndpointGroups.get compute.networkEndpointGroups.getIamPolicy compute.networkEndpointGroups.list compute.networks.get compute.networks.getEffectiveFirewalls compute.networks.list compute.networks.listPeeringRoutes compute.nodeGroups.get compute.nodeGroups.getIamPolicy compute.nodeGroups.list compute.nodeTemplates.get compute.nodeTemplates.getIamPolicy compute.nodeTemplates.list compute.nodeTypes.get compute.nodeTypes.list compute.organizations.listAssociations compute.projects.get compute.publicAdvertisedPrefixes.get compute.publicAdvertisedPrefixes.list compute.publicDelegatedPrefixes.get compute.publicDelegatedPrefixes.list compute.regionBackendServices.get compute.regionBackendServices.list compute.regionHealthCheckServices.get compute.regionHealthCheckServices.list compute.regionNotificationEndpoints.get compute.regionNotificationEndpoints.list compute.regionOperations.get compute.regionOperations.getIamPolicy compute.regionOperations.list compute.regions.get compute.regions.list compute.reservations.get compute.reservations.list compute.resourcePolicies.get compute.resourcePolicies.list compute.routers.get compute.routers.list compute.routes.get compute.routes.list compute.securityPolicies.get compute.securityPolicies.getIamPolicy compute.securityPolicies.list compute.snapshots.get compute.snapshots.getIamPolicy compute.snapshots.list compute.sslCertificates.get compute.sslCertificates.list compute.sslPolicies.get compute.sslPolicies.list compute.sslPolicies.listAvailableFeatures compute.subnetworks.get compute.subnetworks.getIamPolicy compute.targetHttpProxies.get compute.targetHttpProxies.list compute.targetHttpsProxies.get compute.targetHttpsProxies.list compute.targetInstances.get compute.targetInstances.list compute.targetPools.get compute.targetPools.list compute.targetSslProxies.get compute.targetSslProxies.list compute.targetTcpProxies.get compute.targetTcpProxies.list compute.targetVpnGateways.get compute.targetVpnGateways.list compute.urlMaps.get compute.urlMaps.list compute.urlMaps.validate compute.vpnGateways.get compute.vpnGateways.list compute.vpnTunnels.get compute.vpnTunnels.list compute.zoneOperations.get compute.zoneOperations.getIamPolicy compute.zoneOperations.list compute.zones.get compute.zones.list serviceusage.quotas.get serviceusage.services.get serviceusage.services.list |
AI Platform Notebooks | Role Updated |
The following permissions have been added to the role compute.acceleratorTypes.get compute.addresses.get compute.addresses.list compute.autoscalers.get compute.autoscalers.list compute.backendBuckets.get compute.backendBuckets.list compute.backendServices.get compute.backendServices.list compute.commitments.get compute.commitments.list compute.diskTypes.get compute.disks.get compute.disks.getIamPolicy compute.disks.list compute.externalVpnGateways.get compute.externalVpnGateways.list compute.firewalls.get compute.firewalls.list compute.forwardingRules.get compute.forwardingRules.list compute.globalAddresses.get compute.globalAddresses.list compute.globalForwardingRules.get compute.globalForwardingRules.list compute.globalOperations.get compute.globalOperations.getIamPolicy compute.globalOperations.list compute.globalPublicDelegatedPrefixes.get compute.globalPublicDelegatedPrefixes.list compute.healthChecks.get compute.healthChecks.list compute.httpHealthChecks.get compute.httpHealthChecks.list compute.httpsHealthChecks.get compute.httpsHealthChecks.list compute.images.get compute.images.getFromFamily compute.images.getIamPolicy compute.images.list compute.instanceGroupManagers.get compute.instanceGroupManagers.list compute.instanceGroups.get compute.instanceGroups.list compute.instanceTemplates.get compute.instanceTemplates.getIamPolicy compute.instanceTemplates.list compute.instances.get compute.instances.getEffectiveFirewalls compute.instances.getGuestAttributes compute.instances.getIamPolicy compute.instances.getScreenshot compute.instances.getSerialPortOutput compute.instances.getShieldedInstanceIdentity compute.instances.getShieldedVmIdentity compute.instances.list compute.instances.listReferrers compute.interconnectAttachments.get compute.interconnectAttachments.list compute.interconnectLocations.get compute.interconnectLocations.list compute.interconnects.get compute.interconnects.list compute.licenseCodes.get compute.licenseCodes.getIamPolicy compute.licenseCodes.list compute.licenses.get compute.licenses.getIamPolicy compute.licenses.list compute.machineTypes.get compute.maintenancePolicies.get compute.maintenancePolicies.getIamPolicy compute.maintenancePolicies.list compute.networkEndpointGroups.get compute.networkEndpointGroups.getIamPolicy compute.networkEndpointGroups.list compute.networks.get compute.networks.getEffectiveFirewalls compute.networks.list compute.networks.listPeeringRoutes compute.nodeGroups.get compute.nodeGroups.getIamPolicy compute.nodeGroups.list compute.nodeTemplates.get compute.nodeTemplates.getIamPolicy compute.nodeTemplates.list compute.nodeTypes.get compute.nodeTypes.list compute.organizations.listAssociations compute.projects.get compute.publicAdvertisedPrefixes.get compute.publicAdvertisedPrefixes.list compute.publicDelegatedPrefixes.get compute.publicDelegatedPrefixes.list compute.regionBackendServices.get compute.regionBackendServices.list compute.regionHealthCheckServices.get compute.regionHealthCheckServices.list compute.regionNotificationEndpoints.get compute.regionNotificationEndpoints.list compute.regionOperations.get compute.regionOperations.getIamPolicy compute.regionOperations.list compute.regions.get compute.regions.list compute.reservations.get compute.reservations.list compute.resourcePolicies.get compute.resourcePolicies.list compute.routers.get compute.routers.list compute.routes.get compute.routes.list compute.securityPolicies.get compute.securityPolicies.getIamPolicy compute.securityPolicies.list compute.snapshots.get compute.snapshots.getIamPolicy compute.snapshots.list compute.sslCertificates.get compute.sslCertificates.list compute.sslPolicies.get compute.sslPolicies.list compute.sslPolicies.listAvailableFeatures compute.subnetworks.get compute.subnetworks.getIamPolicy compute.targetHttpProxies.get compute.targetHttpProxies.list compute.targetHttpsProxies.get compute.targetHttpsProxies.list compute.targetInstances.get compute.targetInstances.list compute.targetPools.get compute.targetPools.list compute.targetSslProxies.get compute.targetSslProxies.list compute.targetTcpProxies.get compute.targetTcpProxies.list compute.targetVpnGateways.get compute.targetVpnGateways.list compute.urlMaps.get compute.urlMaps.list compute.urlMaps.validate compute.vpnGateways.get compute.vpnGateways.list compute.vpnTunnels.get compute.vpnTunnels.list compute.zoneOperations.get compute.zoneOperations.getIamPolicy compute.zoneOperations.list compute.zones.get compute.zones.list serviceusage.quotas.get serviceusage.services.get serviceusage.services.list |
AI Platform Notebooks | Role Updated |
The following permissions have been added to the role compute.acceleratorTypes.get compute.addresses.get compute.addresses.list compute.autoscalers.get compute.autoscalers.list compute.backendBuckets.get compute.backendBuckets.list compute.backendServices.get compute.backendServices.list compute.commitments.get compute.commitments.list compute.diskTypes.get compute.disks.get compute.disks.getIamPolicy compute.disks.list compute.externalVpnGateways.get compute.externalVpnGateways.list compute.firewalls.get compute.firewalls.list compute.forwardingRules.get compute.forwardingRules.list compute.globalAddresses.get compute.globalAddresses.list compute.globalForwardingRules.get compute.globalForwardingRules.list compute.globalOperations.get compute.globalOperations.getIamPolicy compute.globalOperations.list compute.globalPublicDelegatedPrefixes.get compute.globalPublicDelegatedPrefixes.list compute.healthChecks.get compute.healthChecks.list compute.httpHealthChecks.get compute.httpHealthChecks.list compute.httpsHealthChecks.get compute.httpsHealthChecks.list compute.images.get compute.images.getFromFamily compute.images.getIamPolicy compute.images.list compute.instanceGroupManagers.get compute.instanceGroupManagers.list compute.instanceGroups.get compute.instanceGroups.list compute.instanceTemplates.get compute.instanceTemplates.getIamPolicy compute.instanceTemplates.list compute.instances.get compute.instances.getEffectiveFirewalls compute.instances.getGuestAttributes compute.instances.getIamPolicy compute.instances.getScreenshot compute.instances.getSerialPortOutput compute.instances.getShieldedInstanceIdentity compute.instances.getShieldedVmIdentity compute.instances.list compute.instances.listReferrers compute.interconnectAttachments.get compute.interconnectAttachments.list compute.interconnectLocations.get compute.interconnectLocations.list compute.interconnects.get compute.interconnects.list compute.licenseCodes.get compute.licenseCodes.getIamPolicy compute.licenseCodes.list compute.licenses.get compute.licenses.getIamPolicy compute.licenses.list compute.machineTypes.get compute.maintenancePolicies.get compute.maintenancePolicies.getIamPolicy compute.maintenancePolicies.list compute.networkEndpointGroups.get compute.networkEndpointGroups.getIamPolicy compute.networkEndpointGroups.list compute.networks.get compute.networks.getEffectiveFirewalls compute.networks.list compute.networks.listPeeringRoutes compute.nodeGroups.get compute.nodeGroups.getIamPolicy compute.nodeGroups.list compute.nodeTemplates.get compute.nodeTemplates.getIamPolicy compute.nodeTemplates.list compute.nodeTypes.get compute.nodeTypes.list compute.organizati |