IAM permissions change log

Stay organized with collections Save and categorize content based on your preferences.

This page describes changes to the public Identity and Access Management (IAM) permissions for all Generally Available (GA) and Preview services on Google Cloud. This change log can help you maintain and troubleshoot your custom roles.

When a permission is retired or is no longer supported in custom roles, IAM automatically removes the permission from your custom roles. In contrast, when a permission is added, IAM does not automatically add the permission to your custom roles.

For changes that occurred before 2022, see Archived permissions change log.

You can see the latest product updates for all of Google Cloud on the Google Cloud page, browse and filter all release notes in the Google Cloud console, or you can programmatically access release notes in BigQuery.

To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly: https://cloud.google.com/feeds/cloud-iam-permissions-change-log.xml

IAM permissions change log

Upcoming Cloud IAM changes for the week of 2022-09-26

Service Change Description
AI Platform Role Updated

The following permissions have been added to the role roles/aiplatform.admin (Vertex AI Administrator):

aiplatform.nasTrialDetails.get
aiplatform.nasTrialDetails.list
AI Platform Role Updated

The following permissions have been added to the role roles/aiplatform.customCodeServiceAgent (Vertex AI Custom Code Service Agent):

aiplatform.nasTrialDetails.get
aiplatform.nasTrialDetails.list
AI Platform Role Updated

The following permissions have been added to the role roles/aiplatform.serviceAgent (Vertex AI Service Agent):

aiplatform.nasTrialDetails.get
aiplatform.nasTrialDetails.list
AI Platform Role Updated

The following permissions have been added to the role roles/aiplatform.user (Vertex AI User):

aiplatform.nasTrialDetails.get
aiplatform.nasTrialDetails.list
AI Platform Role Updated

The following permissions have been added to the role roles/aiplatform.viewer (Vertex AI Viewer):

aiplatform.nasTrialDetails.get
aiplatform.nasTrialDetails.list
Backup and Disaster Recovery Now GA

The role roles/backupdr.cloudStorageOperator (Backup and DR Cloud Storage Operator) is now GA.

Backup and Disaster Recovery Now GA

The role roles/backupdr.computeEngineOperator (Backup and DR Compute Engine Operator) is now GA.

BeyondCorp Enterprise Role Updated

The following permissions have been added to the role roles/beyondcorp.viewer (Cloud BeyondCorp Viewer):

resourcemanager.organizations.get
Chronicle Now GA

The role roles/chronicle.admin (Chronicle Data Plane API Admin) is now GA.

Chronicle Now GA

The role roles/chronicle.viewer (Chronicle Data Plane API Viewer) is now GA.

Basic Role Role Updated

The following permissions have been added to the role roles/editor (Editor):

managedidentities.domains.checkMigrationPermission
managedidentities.domains.disableMigration
managedidentities.domains.enableMigration
Managed Service for Microsoft Active Directory Role Updated

The following permissions have been added to the role roles/managedidentities.admin (Google Cloud Managed Identities Admin):

managedidentities.domains.checkMigrationPermission
managedidentities.domains.disableMigration
managedidentities.domains.enableMigration
Managed Service for Microsoft Active Directory Role Updated

The following permissions have been added to the role roles/managedidentities.domainAdmin (Google Cloud Managed Identities Domain Admin):

managedidentities.domains.checkMigrationPermission
managedidentities.domains.disableMigration
managedidentities.domains.enableMigration
Google Cloud Migration Center Role Updated

The following permissions have been added to the role roles/migrationcenter.viewer (Migration Center Viewer):

rma.annotations.get
rma.collectors.get
rma.collectors.list
rma.locations.get
rma.locations.list
rma.operations.get
rma.operations.list
Basic Role Role Updated

The following permissions have been added to the role roles/owner (Owner):

managedidentities.domains.checkMigrationPermission
managedidentities.domains.disableMigration
managedidentities.domains.enableMigration
Serverless Integrations Now GA

The role roles/runapps.serviceAgent (Serverless Integrations Service Agent) is now GA.

Video Stitcher API Now GA

The role roles/videostitcher.admin (Video Stitcher Admin) is now GA.

Video Stitcher API Now GA

The role roles/videostitcher.user (Video Stitcher User) is now GA.

Video Stitcher API Now GA

The role roles/videostitcher.viewer (Video Stitcher Viewer) is now GA.

Basic Role Role Updated

The following permissions have been added to the role roles/viewer (Viewer):

managedidentities.domains.checkMigrationPermission
Visual Inspection AI Role Updated

The following permissions have been added to the role roles/visualinspection.serviceAgent (Visual Inspection AI Service Agent):

aiplatform.nasTrialDetails.get
aiplatform.nasTrialDetails.list
AI Platform Added aiplatform.nasTrialDetails.get
aiplatform.nasTrialDetails.list
API Keys Added apikeys.keys.getKeyString
apikeys.keys.undelete
API Keys Supported In Custom Roles apikeys.keys.getKeyString
apikeys.keys.undelete
API Keys Now GA apikeys.keys.getKeyString
apikeys.keys.undelete
Artifact Registry Added artifactregistry.kfpartifacts.create
Artifact Registry Now GA artifactregistry.kfpartifacts.create
Bare Metal Solution Added baremetalsolution.instances.attachNetwork
baremetalsolution.instances.detachNetwork
baremetalsolution.networks.create
baremetalsolution.networks.delete
Bare Metal Solution Supported In Custom Roles baremetalsolution.instances.attachNetwork
baremetalsolution.instances.detachNetwork
baremetalsolution.networks.create
baremetalsolution.networks.delete
Bare Metal Solution Now GA baremetalsolution.instances.attachNetwork
baremetalsolution.instances.detachNetwork
baremetalsolution.networks.create
baremetalsolution.networks.delete
Cloud Bigtable Added bigtable.instances.ping
Cloud Bigtable Now GA bigtable.instances.ping
Certificate Manager Added certificatemanager.certissuanceconfigs.create
certificatemanager.certissuanceconfigs.delete
certificatemanager.certissuanceconfigs.get
certificatemanager.certissuanceconfigs.list
certificatemanager.certissuanceconfigs.update
certificatemanager.certissuanceconfigs.use
Certificate Manager Supported In Custom Roles certificatemanager.certissuanceconfigs.create
certificatemanager.certissuanceconfigs.delete
certificatemanager.certissuanceconfigs.get
certificatemanager.certissuanceconfigs.list
certificatemanager.certissuanceconfigs.update
certificatemanager.certissuanceconfigs.use
Chronicle Added chronicle.dashboards.copy
chronicle.dashboards.create
chronicle.dashboards.delete
chronicle.dashboards.get
chronicle.dashboards.list
chronicle.multitenantDirectories.get
Chronicle Supported In Custom Roles chronicle.dashboards.copy
chronicle.dashboards.create
chronicle.dashboards.delete
chronicle.dashboards.get
chronicle.dashboards.list
Chronicle Now GA chronicle.dashboards.copy
chronicle.dashboards.create
chronicle.dashboards.delete
chronicle.dashboards.get
chronicle.dashboards.list
chronicle.multitenantDirectories.get
Cloud Asset Inventory Added cloudasset.assets.exportAiplatformBatchPredictionJobs
cloudasset.assets.exportAiplatformCustomJobs
cloudasset.assets.exportAiplatformDataLabelingJobs
cloudasset.assets.exportAiplatformDatasets
cloudasset.assets.exportAiplatformEndpoints
cloudasset.assets.exportAiplatformHyperparameterTuningJobs
cloudasset.assets.exportAiplatformMetadataStores
cloudasset.assets.exportAiplatformModelDeploymentMonitoringJobs
cloudasset.assets.exportAiplatformModels
cloudasset.assets.exportAiplatformPipelineJobs
cloudasset.assets.exportAiplatformSpecialistPools
cloudasset.assets.exportAiplatformTrainingPipelines
cloudasset.assets.exportAnthosConnectedCluster
cloudasset.assets.exportAnthosedgeCluster
cloudasset.assets.exportApigatewayApi
cloudasset.assets.exportApigatewayApiConfig
cloudasset.assets.exportApigatewayGateway
cloudasset.assets.exportApikeysKeys
cloudasset.assets.exportArtifactregistryDockerImages
cloudasset.assets.exportArtifactregistryRepositories
cloudasset.assets.exportAssuredWorkloadsWorkloads
cloudasset.assets.exportBeyondCorpApiGateways
cloudasset.assets.exportBeyondCorpAppConnections
cloudasset.assets.exportBeyondCorpAppConnectors
cloudasset.assets.exportBeyondCorpClientConnectorServices
cloudasset.assets.exportBeyondCorpClientGateways
cloudasset.assets.exportBigqueryModels
cloudasset.assets.exportBigtableAppProfile
cloudasset.assets.exportBigtableBackup
cloudasset.assets.exportCloudAssetFeeds
cloudasset.assets.exportCloudDeployDeliveryPipelines
cloudasset.assets.exportCloudDeployReleases
cloudasset.assets.exportCloudDeployRollouts
cloudasset.assets.exportCloudDeployTargets
cloudasset.assets.exportCloudDocumentAIEvaluation
cloudasset.assets.exportCloudDocumentAIHumanReviewConfig
cloudasset.assets.exportCloudDocumentAILabelerPool
cloudasset.assets.exportCloudDocumentAIProcessor
cloudasset.assets.exportCloudDocumentAIProcessorVersion
cloudasset.assets.exportCloudbillingProjectBillingInfos
cloudasset.assets.exportCloudfunctionsFunctions
cloudasset.assets.exportCloudfunctionsGen2Functions
cloudasset.assets.exportCloudkmsEkmConnections
cloudasset.assets.exportCloudmemcacheInstances
cloudasset.assets.exportCloudresourcemanagerTagBindings
cloudasset.assets.exportCloudresourcemanagerTagKeys
cloudasset.assets.exportCloudresourcemanagerTagValues
cloudasset.assets.exportComposerEnvironments
cloudasset.assets.exportComputeCommitments
cloudasset.assets.exportComputeExternalVpnGateways
cloudasset.assets.exportComputeFirewallPolicies
cloudasset.assets.exportComputeNetworkEndpointGroups
cloudasset.assets.exportComputeNodeGroups
cloudasset.assets.exportComputeNodeTemplates
cloudasset.assets.exportComputePacketMirrorings
cloudasset.assets.exportComputeReservations
cloudasset.assets.exportComputeResourcePolicies
cloudasset.assets.exportComputeServiceAttachments
cloudasset.assets.exportComputeSslPolicies
cloudasset.assets.exportComputeVpnGateways
cloudasset.assets.exportConnectorsConnections
cloudasset.assets.exportConnectorsConnectorVersions
cloudasset.assets.exportConnectorsConnectors
cloudasset.assets.exportConnectorsProviders
cloudasset.assets.exportConnectorsRuntimeConfigs
cloudasset.assets.exportContainerAppsDeployment
cloudasset.assets.exportContainerAppsReplicaSets
cloudasset.assets.exportContainerBatchJobs
cloudasset.assets.exportContainerExtensionsIngresses
cloudasset.assets.exportContainerJobs
cloudasset.assets.exportContainerNetworkingIngresses
cloudasset.assets.exportContainerNetworkingNetworkPolicies
cloudasset.assets.exportContainerReplicaSets
cloudasset.assets.exportContainerServices
cloudasset.assets.exportDataMigrationConnectionProfiles
cloudasset.assets.exportDataMigrationMigrationJobs
cloudasset.assets.exportDataflowJobs
cloudasset.assets.exportDataplexAssets
cloudasset.assets.exportDataplexLakes
cloudasset.assets.exportDataplexTasks
cloudasset.assets.exportDataplexZones
cloudasset.assets.exportDataprocAutoscalingPolicies
cloudasset.assets.exportDataprocBatches
cloudasset.assets.exportDataprocSessions
cloudasset.assets.exportDataprocWorkflowTemplates
cloudasset.assets.exportDatastreamConnectionProfile
cloudasset.assets.exportDatastreamPrivateConnection
cloudasset.assets.exportDatastreamStream
cloudasset.assets.exportDialogflowAgents
cloudasset.assets.exportDialogflowConversationProfiles
cloudasset.assets.exportDialogflowKnowledgeBases
cloudasset.assets.exportDialogflowLocationSettings
cloudasset.assets.exportDlpDeidentifyTemplates
cloudasset.assets.exportDlpDlpJobs
cloudasset.assets.exportDlpInspectTemplates
cloudasset.assets.exportDlpJobTriggers
cloudasset.assets.exportDlpStoredInfoTypes
cloudasset.assets.exportDomainsRegistrations
cloudasset.assets.exportEventarcTriggers
cloudasset.assets.exportFileBackups
cloudasset.assets.exportFileInstances
cloudasset.assets.exportFirebaseAppInfos
cloudasset.assets.exportFirebaseProjects
cloudasset.assets.exportFirestoreDatabases
cloudasset.assets.exportGKEHubFeatures
cloudasset.assets.exportGKEHubMemberships
cloudasset.assets.exportGameservicesGameServerClusters
cloudasset.assets.exportGameservicesGameServerConfigs
cloudasset.assets.exportGameservicesGameServerDeployments
cloudasset.assets.exportGameservicesRealms
cloudasset.assets.exportGkeBackupBackupPlans
cloudasset.assets.exportGkeBackupBackups
cloudasset.assets.exportGkeBackupRestorePlans
cloudasset.assets.exportGkeBackupRestores
cloudasset.assets.exportGkeBackupVolumeBackups
cloudasset.assets.exportGkeBackupVolumeRestores
cloudasset.assets.exportHealthcareConsentStores
cloudasset.assets.exportHealthcareDatasets
cloudasset.assets.exportHealthcareDicomStores
cloudasset.assets.exportHealthcareFhirStores
cloudasset.assets.exportHealthcareHl7V2Stores
cloudasset.assets.exportIapTunnel
cloudasset.assets.exportIapTunnelInstances
cloudasset.assets.exportIapTunnelZones
cloudasset.assets.exportIapWeb
cloudasset.assets.exportIapWebServiceVersion
cloudasset.assets.exportIapWebServices
cloudasset.assets.exportIapWebType
cloudasset.assets.exportIdsEndpoints
cloudasset.assets.exportIntegrationsAuthConfigs
cloudasset.assets.exportIntegrationsCertificates
cloudasset.assets.exportIntegrationsExecutions
cloudasset.assets.exportIntegrationsIntegrationVersions
cloudasset.assets.exportIntegrationsIntegrations
cloudasset.assets.exportIntegrationsSfdcChannels
cloudasset.assets.exportIntegrationsSfdcInstances
cloudasset.assets.exportIntegrationsSuspensions
cloudasset.assets.exportLoggingLogMetrics
cloudasset.assets.exportLoggingLogSinks
cloudasset.assets.exportMetastoreBackups
cloudasset.assets.exportMetastoreMetadataImports
cloudasset.assets.exportMetastoreServices
cloudasset.assets.exportMonitoringAlertPolicies
cloudasset.assets.exportNetworkConnectivityHubs
cloudasset.assets.exportNetworkConnectivitySpokes
cloudasset.assets.exportNetworkManagementConnectivityTests
cloudasset.assets.exportNetworkServicesEndpointPolicies
cloudasset.assets.exportNetworkServicesGateways
cloudasset.assets.exportNetworkServicesGrpcRoutes
cloudasset.assets.exportNetworkServicesHttpRoutes
cloudasset.assets.exportNetworkServicesMeshes
cloudasset.assets.exportNetworkServicesServiceBindings
cloudasset.assets.exportNetworkServicesTcpRoutes
cloudasset.assets.exportNetworkServicesTlsRoutes
cloudasset.assets.exportOSConfigOSPolicyAssignmentReports
cloudasset.assets.exportOSConfigOSPolicyAssignments
cloudasset.assets.exportOSConfigVulnerabilityReports
cloudasset.assets.exportPatchDeployments
cloudasset.assets.exportPubsubSnapshots
cloudasset.assets.exportRedisInstances
cloudasset.assets.exportServiceDirectoryNamespaces
cloudasset.assets.exportServiceconsumermanagementConsumerProperty
cloudasset.assets.exportServiceconsumermanagementConsumerQuotaLimits
cloudasset.assets.exportServiceconsumermanagementConsumers
cloudasset.assets.exportServiceconsumermanagementProducerOverrides
cloudasset.assets.exportServiceconsumermanagementTenancyUnits
cloudasset.assets.exportServiceconsumermanagementVisibility
cloudasset.assets.exportServiceusageAdminOverrides
cloudasset.assets.exportServiceusageConsumerOverrides
cloudasset.assets.exportServiceusageServices
cloudasset.assets.exportSpannerBackups
cloudasset.assets.exportSpeakerIdPhrases
cloudasset.assets.exportSpeakerIdSettings
cloudasset.assets.exportSpeakerIdSpeakers
cloudasset.assets.exportSpeechCustomClasses
cloudasset.assets.exportSpeechPhraseSets
cloudasset.assets.exportSqladminBackupRuns
cloudasset.assets.exportTpuNodes
cloudasset.assets.exportVpcaccessConnector
cloudasset.assets.listAccessLevel
cloudasset.assets.listAiplatformBatchPredictionJobs
cloudasset.assets.listAiplatformCustomJobs
cloudasset.assets.listAiplatformDataLabelingJobs
cloudasset.assets.listAiplatformDatasets
cloudasset.assets.listAiplatformEndpoints
cloudasset.assets.listAiplatformHyperparameterTuningJobs
cloudasset.assets.listAiplatformMetadataStores
cloudasset.assets.listAiplatformModelDeploymentMonitoringJobs
cloudasset.assets.listAiplatformModels
cloudasset.assets.listAiplatformPipelineJobs
cloudasset.assets.listAiplatformSpecialistPools
cloudasset.assets.listAiplatformTrainingPipelines
cloudasset.assets.listAllAccessPolicy
cloudasset.assets.listAnthosConnectedCluster
cloudasset.assets.listAnthosedgeCluster
cloudasset.assets.listApigatewayApi
cloudasset.assets.listApigatewayApiConfig
cloudasset.assets.listApigatewayGateway
cloudasset.assets.listApikeysKeys
cloudasset.assets.listAppengineApplications
cloudasset.assets.listAppengineServices
cloudasset.assets.listAppengineVersions
cloudasset.assets.listArtifactregistryDockerImages
cloudasset.assets.listArtifactregistryRepositories
cloudasset.assets.listAssuredWorkloadsWorkloads
cloudasset.assets.listBeyondCorpApiGateways
cloudasset.assets.listBeyondCorpAppConnections
cloudasset.assets.listBeyondCorpAppConnectors
cloudasset.assets.listBeyondCorpClientConnectorServices
cloudasset.assets.listBeyondCorpClientGateways
cloudasset.assets.listBigqueryDatasets
cloudasset.assets.listBigqueryModels
cloudasset.assets.listBigqueryTables
cloudasset.assets.listBigtableAppProfile
cloudasset.assets.listBigtableBackup
cloudasset.assets.listBigtableCluster
cloudasset.assets.listBigtableInstance
cloudasset.assets.listBigtableTable
cloudasset.assets.listCloudAssetFeeds
cloudasset.assets.listCloudDeployDeliveryPipelines
cloudasset.assets.listCloudDeployReleases
cloudasset.assets.listCloudDeployRollouts
cloudasset.assets.listCloudDeployTargets
cloudasset.assets.listCloudDocumentAIEvaluation
cloudasset.assets.listCloudDocumentAIHumanReviewConfig
cloudasset.assets.listCloudDocumentAILabelerPool
cloudasset.assets.listCloudDocumentAIProcessor
cloudasset.assets.listCloudDocumentAIProcessorVersion
cloudasset.assets.listCloudbillingBillingAccounts
cloudasset.assets.listCloudbillingProjectBillingInfos
cloudasset.assets.listCloudfunctionsFunctions
cloudasset.assets.listCloudfunctionsGen2Functions
cloudasset.assets.listCloudkmsCryptoKeyVersions
cloudasset.assets.listCloudkmsEkmConnections
cloudasset.assets.listCloudkmsImportJobs
cloudasset.assets.listCloudkmsKeyRings
cloudasset.assets.listCloudmemcacheInstances
cloudasset.assets.listCloudresourcemanagerFolders
cloudasset.assets.listCloudresourcemanagerOrganizations
cloudasset.assets.listCloudresourcemanagerProjects
cloudasset.assets.listCloudresourcemanagerTagBindings
cloudasset.assets.listCloudresourcemanagerTagKeys
cloudasset.assets.listCloudresourcemanagerTagValues
cloudasset.assets.listComposerEnvironments
cloudasset.assets.listComputeAddress
cloudasset.assets.listComputeAutoscalers
cloudasset.assets.listComputeBackendBuckets
cloudasset.assets.listComputeBackendServices
cloudasset.assets.listComputeCommitments
cloudasset.assets.listComputeDisks
cloudasset.assets.listComputeExternalVpnGateways
cloudasset.assets.listComputeFirewallPolicies
cloudasset.assets.listComputeFirewalls
cloudasset.assets.listComputeForwardingRules
cloudasset.assets.listComputeGlobalAddress
cloudasset.assets.listComputeGlobalForwardingRules
cloudasset.assets.listComputeHealthChecks
cloudasset.assets.listComputeHttpHealthChecks
cloudasset.assets.listComputeHttpsHealthChecks
cloudasset.assets.listComputeImages
cloudasset.assets.listComputeInstanceGroupManagers
cloudasset.assets.listComputeInstanceGroups
cloudasset.assets.listComputeInstanceTemplates
cloudasset.assets.listComputeInstances
cloudasset.assets.listComputeInterconnect
cloudasset.assets.listComputeInterconnectAttachment
cloudasset.assets.listComputeLicenses
cloudasset.assets.listComputeNetworkEndpointGroups
cloudasset.assets.listComputeNetworks
cloudasset.assets.listComputeNodeGroups
cloudasset.assets.listComputeNodeTemplates
cloudasset.assets.listComputePacketMirrorings
cloudasset.assets.listComputeProjects
cloudasset.assets.listComputeRegionAutoscaler
cloudasset.assets.listComputeRegionBackendServices
cloudasset.assets.listComputeRegionDisk
cloudasset.assets.listComputeRegionInstanceGroup
cloudasset.assets.listComputeRegionInstanceGroupManager
cloudasset.assets.listComputeReservations
cloudasset.assets.listComputeResourcePolicies
cloudasset.assets.listComputeRouters
cloudasset.assets.listComputeRoutes
cloudasset.assets.listComputeSecurityPolicy
cloudasset.assets.listComputeServiceAttachments
cloudasset.assets.listComputeSnapshots
cloudasset.assets.listComputeSslCertificates
cloudasset.assets.listComputeSslPolicies
cloudasset.assets.listComputeSubnetworks
cloudasset.assets.listComputeTargetHttpProxies
cloudasset.assets.listComputeTargetHttpsProxies
cloudasset.assets.listComputeTargetInstances
cloudasset.assets.listComputeTargetPools
cloudasset.assets.listComputeTargetSslProxies
cloudasset.assets.listComputeTargetTcpProxies
cloudasset.assets.listComputeTargetVpnGateways
cloudasset.assets.listComputeUrlMaps
cloudasset.assets.listComputeVpnGateways
cloudasset.assets.listComputeVpnTunnels
cloudasset.assets.listConnectorsConnections
cloudasset.assets.listConnectorsConnectorVersions
cloudasset.assets.listConnectorsConnectors
cloudasset.assets.listConnectorsProviders
cloudasset.assets.listConnectorsRuntimeConfigs
cloudasset.assets.listContainerAppsDeployment
cloudasset.assets.listContainerAppsReplicaSets
cloudasset.assets.listContainerBatchJobs
cloudasset.assets.listContainerClusterrole
cloudasset.assets.listContainerClusterrolebinding
cloudasset.assets.listContainerClusters
cloudasset.assets.listContainerExtensionsIngresses
cloudasset.assets.listContainerJobs
cloudasset.assets.listContainerNamespace
cloudasset.assets.listContainerNetworkingIngresses
cloudasset.assets.listContainerNetworkingNetworkPolicies
cloudasset.assets.listContainerNode
cloudasset.assets.listContainerNodepool
cloudasset.assets.listContainerPod
cloudasset.assets.listContainerReplicaSets
cloudasset.assets.listContainerRole
cloudasset.assets.listContainerRolebinding
cloudasset.assets.listContainerServices
cloudasset.assets.listContainerregistryImage
cloudasset.assets.listDataMigrationConnectionProfiles
cloudasset.assets.listDataMigrationMigrationJobs
cloudasset.assets.listDataflowJobs
cloudasset.assets.listDatafusionInstance
cloudasset.assets.listDataplexAssets
cloudasset.assets.listDataplexLakes
cloudasset.assets.listDataplexTasks
cloudasset.assets.listDataplexZones
cloudasset.assets.listDataprocAutoscalingPolicies
cloudasset.assets.listDataprocBatches
cloudasset.assets.listDataprocClusters
cloudasset.assets.listDataprocJobs
cloudasset.assets.listDataprocSessions
cloudasset.assets.listDataprocWorkflowTemplates
cloudasset.assets.listDatastreamConnectionProfile
cloudasset.assets.listDatastreamPrivateConnection
cloudasset.assets.listDatastreamStream
cloudasset.assets.listDialogflowAgents
cloudasset.assets.listDialogflowConversationProfiles
cloudasset.assets.listDialogflowKnowledgeBases
cloudasset.assets.listDialogflowLocationSettings
cloudasset.assets.listDlpDeidentifyTemplates
cloudasset.assets.listDlpDlpJobs
cloudasset.assets.listDlpInspectTemplates
cloudasset.assets.listDlpJobTriggers
cloudasset.assets.listDlpStoredInfoTypes
cloudasset.assets.listDnsManagedZones
cloudasset.assets.listDnsPolicies
cloudasset.assets.listDomainsRegistrations
cloudasset.assets.listEventarcTriggers
cloudasset.assets.listFileBackups
cloudasset.assets.listFileInstances
cloudasset.assets.listFirebaseAppInfos
cloudasset.assets.listFirebaseProjects
cloudasset.assets.listFirestoreDatabases
cloudasset.assets.listGKEHubFeatures
cloudasset.assets.listGKEHubMemberships
cloudasset.assets.listGameservicesGameServerClusters
cloudasset.assets.listGameservicesGameServerConfigs
cloudasset.assets.listGameservicesGameServerDeployments
cloudasset.assets.listGameservicesRealms
cloudasset.assets.listGkeBackupBackupPlans
cloudasset.assets.listGkeBackupBackups
cloudasset.assets.listGkeBackupRestorePlans
cloudasset.assets.listGkeBackupRestores
cloudasset.assets.listGkeBackupVolumeBackups
cloudasset.assets.listGkeBackupVolumeRestores
cloudasset.assets.listHealthcareConsentStores
cloudasset.assets.listHealthcareDatasets
cloudasset.assets.listHealthcareDicomStores
cloudasset.assets.listHealthcareFhirStores
cloudasset.assets.listHealthcareHl7V2Stores
cloudasset.assets.listIamRoles
cloudasset.assets.listIamServiceAccountKeys
cloudasset.assets.listIamServiceAccounts
cloudasset.assets.listIapTunnel
cloudasset.assets.listIapTunnelInstances
cloudasset.assets.listIapTunnelZones
cloudasset.assets.listIapWeb
cloudasset.assets.listIapWebServiceVersion
cloudasset.assets.listIapWebServices
cloudasset.assets.listIapWebType
cloudasset.assets.listIdsEndpoints
cloudasset.assets.listIntegrationsAuthConfigs
cloudasset.assets.listIntegrationsCertificates
cloudasset.assets.listIntegrationsExecutions
cloudasset.assets.listIntegrationsIntegrationVersions
cloudasset.assets.listIntegrationsIntegrations
cloudasset.assets.listIntegrationsSfdcChannels
cloudasset.assets.listIntegrationsSfdcInstances
cloudasset.assets.listIntegrationsSuspensions
cloudasset.assets.listLoggingLogMetrics
cloudasset.assets.listLoggingLogSinks
cloudasset.assets.listManagedidentitiesDomain
cloudasset.assets.listMetastoreBackups
cloudasset.assets.listMetastoreMetadataImports
cloudasset.assets.listMetastoreServices
cloudasset.assets.listMonitoringAlertPolicies
cloudasset.assets.listNetworkConnectivityHubs
cloudasset.assets.listNetworkConnectivitySpokes
cloudasset.assets.listNetworkManagementConnectivityTests
cloudasset.assets.listNetworkServicesEndpointPolicies
cloudasset.assets.listNetworkServicesGateways
cloudasset.assets.listNetworkServicesGrpcRoutes
cloudasset.assets.listNetworkServicesHttpRoutes
cloudasset.assets.listNetworkServicesMeshes
cloudasset.assets.listNetworkServicesServiceBindings
cloudasset.assets.listNetworkServicesTcpRoutes
cloudasset.assets.listNetworkServicesTlsRoutes
cloudasset.assets.listOSConfigOSPolicyAssignmentReports
cloudasset.assets.listOSConfigOSPolicyAssignments
cloudasset.assets.listOSConfigVulnerabilityReports
cloudasset.assets.listPatchDeployments
cloudasset.assets.listPubsubSnapshots
cloudasset.assets.listPubsubSubscriptions
cloudasset.assets.listPubsubTopics
cloudasset.assets.listRedisInstances
cloudasset.assets.listRunDomainMapping
cloudasset.assets.listRunRevision
cloudasset.assets.listRunService
cloudasset.assets.listServiceDirectoryNamespaces
cloudasset.assets.listServicePerimeter
cloudasset.assets.listServiceconsumermanagementConsumerProperty
cloudasset.assets.listServiceconsumermanagementConsumerQuotaLimits
cloudasset.assets.listServiceconsumermanagementConsumers
cloudasset.assets.listServiceconsumermanagementProducerOverrides
cloudasset.assets.listServiceconsumermanagementTenancyUnits
cloudasset.assets.listServiceconsumermanagementVisibility
cloudasset.assets.listServicemanagementServices
cloudasset.assets.listServiceusageAdminOverrides
cloudasset.assets.listServiceusageConsumerOverrides
cloudasset.assets.listServiceusageServices
cloudasset.assets.listSpannerBackups
cloudasset.assets.listSpannerDatabases
cloudasset.assets.listSpannerInstances
cloudasset.assets.listSpeakerIdPhrases
cloudasset.assets.listSpeakerIdSettings
cloudasset.assets.listSpeakerIdSpeakers
cloudasset.assets.listSpeechCustomClasses
cloudasset.assets.listSpeechPhraseSets
cloudasset.assets.listSqladminBackupRuns
cloudasset.assets.listSqladminInstances
cloudasset.assets.listStorageBuckets
cloudasset.assets.listTpuNodes
cloudasset.assets.listVpcaccessConnector
Cloud Asset Inventory Supported In Custom Roles cloudasset.assets.exportAccessLevel
cloudasset.assets.exportAiplatformBatchPredictionJobs
cloudasset.assets.exportAiplatformCustomJobs
cloudasset.assets.exportAiplatformDataLabelingJobs
cloudasset.assets.exportAiplatformDatasets
cloudasset.assets.exportAiplatformEndpoints
cloudasset.assets.exportAiplatformHyperparameterTuningJobs
cloudasset.assets.exportAiplatformMetadataStores
cloudasset.assets.exportAiplatformModelDeploymentMonitoringJobs
cloudasset.assets.exportAiplatformModels
cloudasset.assets.exportAiplatformPipelineJobs
cloudasset.assets.exportAiplatformSpecialistPools
cloudasset.assets.exportAiplatformTrainingPipelines
cloudasset.assets.exportAllAccessPolicy
cloudasset.assets.exportAnthosConnectedCluster
cloudasset.assets.exportAnthosedgeCluster
cloudasset.assets.exportApigatewayApi
cloudasset.assets.exportApigatewayApiConfig
cloudasset.assets.exportApigatewayGateway
cloudasset.assets.exportApikeysKeys
cloudasset.assets.exportAppengineApplications
cloudasset.assets.exportAppengineServices
cloudasset.assets.exportAppengineVersions
cloudasset.assets.exportArtifactregistryDockerImages
cloudasset.assets.exportArtifactregistryRepositories
cloudasset.assets.exportAssuredWorkloadsWorkloads
cloudasset.assets.exportBeyondCorpApiGateways
cloudasset.assets.exportBeyondCorpAppConnections
cloudasset.assets.exportBeyondCorpAppConnectors
cloudasset.assets.exportBeyondCorpClientConnectorServices
cloudasset.assets.exportBeyondCorpClientGateways
cloudasset.assets.exportBigqueryDatasets
cloudasset.assets.exportBigqueryModels
cloudasset.assets.exportBigqueryTables
cloudasset.assets.exportBigtableAppProfile
cloudasset.assets.exportBigtableBackup
cloudasset.assets.exportBigtableCluster
cloudasset.assets.exportBigtableInstance
cloudasset.assets.exportBigtableTable
cloudasset.assets.exportCloudAssetFeeds
cloudasset.assets.exportCloudDeployDeliveryPipelines
cloudasset.assets.exportCloudDeployReleases
cloudasset.assets.exportCloudDeployRollouts
cloudasset.assets.exportCloudDeployTargets
cloudasset.assets.exportCloudDocumentAIEvaluation
cloudasset.assets.exportCloudDocumentAIHumanReviewConfig
cloudasset.assets.exportCloudDocumentAILabelerPool
cloudasset.assets.exportCloudDocumentAIProcessor
cloudasset.assets.exportCloudDocumentAIProcessorVersion
cloudasset.assets.exportCloudbillingBillingAccounts
cloudasset.assets.exportCloudbillingProjectBillingInfos
cloudasset.assets.exportCloudfunctionsFunctions
cloudasset.assets.exportCloudfunctionsGen2Functions
cloudasset.assets.exportCloudkmsCryptoKeyVersions
cloudasset.assets.exportCloudkmsCryptoKeys
cloudasset.assets.exportCloudkmsEkmConnections
cloudasset.assets.exportCloudkmsKeyRings
cloudasset.assets.exportCloudmemcacheInstances
cloudasset.assets.exportCloudresourcemanagerFolders
cloudasset.assets.exportCloudresourcemanagerOrganizations
cloudasset.assets.exportCloudresourcemanagerProjects
cloudasset.assets.exportCloudresourcemanagerTagBindings
cloudasset.assets.exportCloudresourcemanagerTagKeys
cloudasset.assets.exportCloudresourcemanagerTagValues
cloudasset.assets.exportComposerEnvironments
cloudasset.assets.exportComputeAddress
cloudasset.assets.exportComputeAutoscalers
cloudasset.assets.exportComputeBackendBuckets
cloudasset.assets.exportComputeBackendServices
cloudasset.assets.exportComputeCommitments
cloudasset.assets.exportComputeDisks
cloudasset.assets.exportComputeExternalVpnGateways
cloudasset.assets.exportComputeFirewallPolicies
cloudasset.assets.exportComputeFirewalls
cloudasset.assets.exportComputeForwardingRules
cloudasset.assets.exportComputeGlobalAddress
cloudasset.assets.exportComputeGlobalForwardingRules
cloudasset.assets.exportComputeHealthChecks
cloudasset.assets.exportComputeHttpHealthChecks
cloudasset.assets.exportComputeHttpsHealthChecks
cloudasset.assets.exportComputeImages
cloudasset.assets.exportComputeInstanceGroupManagers
cloudasset.assets.exportComputeInstanceGroups
cloudasset.assets.exportComputeInstanceTemplates
cloudasset.assets.exportComputeInstances
cloudasset.assets.exportComputeInterconnect
cloudasset.assets.exportComputeInterconnectAttachment
cloudasset.assets.exportComputeLicenses
cloudasset.assets.exportComputeNetworkEndpointGroups
cloudasset.assets.exportComputeNetworks
cloudasset.assets.exportComputeNodeGroups
cloudasset.assets.exportComputeNodeTemplates
cloudasset.assets.exportComputePacketMirrorings
cloudasset.assets.exportComputeProjects
cloudasset.assets.exportComputeRegionAutoscaler
cloudasset.assets.exportComputeRegionBackendServices
cloudasset.assets.exportComputeRegionDisk
cloudasset.assets.exportComputeRegionInstanceGroup
cloudasset.assets.exportComputeRegionInstanceGroupManager
cloudasset.assets.exportComputeReservations
cloudasset.assets.exportComputeResourcePolicies
cloudasset.assets.exportComputeRouters
cloudasset.assets.exportComputeRoutes
cloudasset.assets.exportComputeSecurityPolicy
cloudasset.assets.exportComputeServiceAttachments
cloudasset.assets.exportComputeSnapshots
cloudasset.assets.exportComputeSslCertificates
cloudasset.assets.exportComputeSslPolicies
cloudasset.assets.exportComputeSubnetworks
cloudasset.assets.exportComputeTargetHttpProxies
cloudasset.assets.exportComputeTargetHttpsProxies
cloudasset.assets.exportComputeTargetInstances
cloudasset.assets.exportComputeTargetPools
cloudasset.assets.exportComputeTargetSslProxies
cloudasset.assets.exportComputeTargetTcpProxies
cloudasset.assets.exportComputeTargetVpnGateways
cloudasset.assets.exportComputeUrlMaps
cloudasset.assets.exportComputeVpnGateways
cloudasset.assets.exportComputeVpnTunnels
cloudasset.assets.exportConnectorsConnections
cloudasset.assets.exportConnectorsConnectorVersions
cloudasset.assets.exportConnectorsConnectors
cloudasset.assets.exportConnectorsProviders
cloudasset.assets.exportConnectorsRuntimeConfigs
cloudasset.assets.exportContainerAppsDeployment
cloudasset.assets.exportContainerAppsReplicaSets
cloudasset.assets.exportContainerBatchJobs
cloudasset.assets.exportContainerClusterrole
cloudasset.assets.exportContainerClusterrolebinding
cloudasset.assets.exportContainerClusters
cloudasset.assets.exportContainerExtensionsIngresses
cloudasset.assets.exportContainerJobs
cloudasset.assets.exportContainerNamespace
cloudasset.assets.exportContainerNetworkingIngresses
cloudasset.assets.exportContainerNetworkingNetworkPolicies
cloudasset.assets.exportContainerNode
cloudasset.assets.exportContainerNodepool
cloudasset.assets.exportContainerPod
cloudasset.assets.exportContainerReplicaSets
cloudasset.assets.exportContainerRole
cloudasset.assets.exportContainerRolebinding
cloudasset.assets.exportContainerServices
cloudasset.assets.exportContainerregistryImage
cloudasset.assets.exportDataMigrationConnectionProfiles
cloudasset.assets.exportDataMigrationMigrationJobs
cloudasset.assets.exportDataflowJobs
cloudasset.assets.exportDatafusionInstance
cloudasset.assets.exportDataplexAssets
cloudasset.assets.exportDataplexLakes
cloudasset.assets.exportDataplexTasks
cloudasset.assets.exportDataplexZones
cloudasset.assets.exportDataprocAutoscalingPolicies
cloudasset.assets.exportDataprocBatches
cloudasset.assets.exportDataprocClusters
cloudasset.assets.exportDataprocJobs
cloudasset.assets.exportDataprocSessions
cloudasset.assets.exportDataprocWorkflowTemplates
cloudasset.assets.exportDatastreamConnectionProfile
cloudasset.assets.exportDatastreamPrivateConnection
cloudasset.assets.exportDatastreamStream
cloudasset.assets.exportDialogflowAgents
cloudasset.assets.exportDialogflowConversationProfiles
cloudasset.assets.exportDialogflowKnowledgeBases
cloudasset.assets.exportDialogflowLocationSettings
cloudasset.assets.exportDlpDeidentifyTemplates
cloudasset.assets.exportDlpDlpJobs
cloudasset.assets.exportDlpInspectTemplates
cloudasset.assets.exportDlpJobTriggers
cloudasset.assets.exportDlpStoredInfoTypes
cloudasset.assets.exportDnsManagedZones
cloudasset.assets.exportDnsPolicies
cloudasset.assets.exportDomainsRegistrations
cloudasset.assets.exportEventarcTriggers
cloudasset.assets.exportFileBackups
cloudasset.assets.exportFileInstances
cloudasset.assets.exportFirebaseAppInfos
cloudasset.assets.exportFirebaseProjects
cloudasset.assets.exportFirestoreDatabases
cloudasset.assets.exportGKEHubFeatures
cloudasset.assets.exportGKEHubMemberships
cloudasset.assets.exportGameservicesGameServerClusters
cloudasset.assets.exportGameservicesGameServerConfigs
cloudasset.assets.exportGameservicesGameServerDeployments
cloudasset.assets.exportGameservicesRealms
cloudasset.assets.exportGkeBackupBackupPlans
cloudasset.assets.exportGkeBackupBackups
cloudasset.assets.exportGkeBackupRestorePlans
cloudasset.assets.exportGkeBackupRestores
cloudasset.assets.exportGkeBackupVolumeBackups
cloudasset.assets.exportGkeBackupVolumeRestores
cloudasset.assets.exportHealthcareConsentStores
cloudasset.assets.exportHealthcareDatasets
cloudasset.assets.exportHealthcareDicomStores
cloudasset.assets.exportHealthcareFhirStores
cloudasset.assets.exportHealthcareHl7V2Stores
cloudasset.assets.exportIamRoles
cloudasset.assets.exportIamServiceAccountKeys
cloudasset.assets.exportIamServiceAccounts
cloudasset.assets.exportIdsEndpoints
cloudasset.assets.exportIntegrationsAuthConfigs
cloudasset.assets.exportIntegrationsCertificates
cloudasset.assets.exportIntegrationsExecutions
cloudasset.assets.exportIntegrationsIntegrationVersions
cloudasset.assets.exportIntegrationsIntegrations
cloudasset.assets.exportIntegrationsSfdcChannels
cloudasset.assets.exportIntegrationsSfdcInstances
cloudasset.assets.exportIntegrationsSuspensions
cloudasset.assets.exportManagedidentitiesDomain
cloudasset.assets.exportMetastoreBackups
cloudasset.assets.exportMetastoreMetadataImports
cloudasset.assets.exportMetastoreServices
cloudasset.assets.exportMonitoringAlertPolicies
cloudasset.assets.exportNetworkConnectivityHubs
cloudasset.assets.exportNetworkConnectivitySpokes
cloudasset.assets.exportNetworkManagementConnectivityTests
cloudasset.assets.exportNetworkServicesEndpointPolicies
cloudasset.assets.exportNetworkServicesGateways
cloudasset.assets.exportNetworkServicesGrpcRoutes
cloudasset.assets.exportNetworkServicesHttpRoutes
cloudasset.assets.exportNetworkServicesMeshes
cloudasset.assets.exportNetworkServicesServiceBindings
cloudasset.assets.exportNetworkServicesTcpRoutes
cloudasset.assets.exportNetworkServicesTlsRoutes
cloudasset.assets.exportOSConfigOSPolicyAssignmentReports
cloudasset.assets.exportOSConfigOSPolicyAssignments
cloudasset.assets.exportOSConfigVulnerabilityReports
cloudasset.assets.exportPatchDeployments
cloudasset.assets.exportPubsubSnapshots
cloudasset.assets.exportPubsubSubscriptions
cloudasset.assets.exportPubsubTopics
cloudasset.assets.exportRedisInstances
cloudasset.assets.exportServiceDirectoryNamespaces
cloudasset.assets.exportServicePerimeter
cloudasset.assets.exportServiceconsumermanagementConsumerProperty
cloudasset.assets.exportServiceconsumermanagementConsumerQuotaLimits
cloudasset.assets.exportServiceconsumermanagementConsumers
cloudasset.assets.exportServiceconsumermanagementProducerOverrides
cloudasset.assets.exportServiceconsumermanagementTenancyUnits
cloudasset.assets.exportServiceconsumermanagementVisibility
cloudasset.assets.exportServicemanagementServices
cloudasset.assets.exportServiceusageAdminOverrides
cloudasset.assets.exportServiceusageConsumerOverrides
cloudasset.assets.exportServiceusageServices
cloudasset.assets.exportSpannerBackups
cloudasset.assets.exportSpannerDatabases
cloudasset.assets.exportSpannerInstances
cloudasset.assets.exportSpeakerIdPhrases
cloudasset.assets.exportSpeakerIdSettings
cloudasset.assets.exportSpeakerIdSpeakers
cloudasset.assets.exportSpeechCustomClasses
cloudasset.assets.exportSpeechPhraseSets
cloudasset.assets.exportSqladminBackupRuns
cloudasset.assets.exportSqladminInstances
cloudasset.assets.exportStorageBuckets
cloudasset.assets.exportTpuNodes
cloudasset.assets.exportVpcaccessConnector
cloudasset.assets.listAccessLevel
cloudasset.assets.listAiplatformBatchPredictionJobs
cloudasset.assets.listAiplatformCustomJobs
cloudasset.assets.listAiplatformDataLabelingJobs
cloudasset.assets.listAiplatformDatasets
cloudasset.assets.listAiplatformEndpoints
cloudasset.assets.listAiplatformHyperparameterTuningJobs
cloudasset.assets.listAiplatformMetadataStores
cloudasset.assets.listAiplatformModelDeploymentMonitoringJobs
cloudasset.assets.listAiplatformModels
cloudasset.assets.listAiplatformPipelineJobs
cloudasset.assets.listAiplatformSpecialistPools
cloudasset.assets.listAiplatformTrainingPipelines
cloudasset.assets.listAllAccessPolicy
cloudasset.assets.listAnthosConnectedCluster
cloudasset.assets.listAnthosedgeCluster
cloudasset.assets.listApigatewayApi
cloudasset.assets.listApigatewayApiConfig
cloudasset.assets.listApigatewayGateway
cloudasset.assets.listApikeysKeys
cloudasset.assets.listAppengineApplications
cloudasset.assets.listAppengineServices
cloudasset.assets.listAppengineVersions
cloudasset.assets.listArtifactregistryDockerImages
cloudasset.assets.listArtifactregistryRepositories
cloudasset.assets.listAssuredWorkloadsWorkloads
cloudasset.assets.listBeyondCorpApiGateways
cloudasset.assets.listBeyondCorpAppConnections
cloudasset.assets.listBeyondCorpAppConnectors
cloudasset.assets.listBeyondCorpClientConnectorServices
cloudasset.assets.listBeyondCorpClientGateways
cloudasset.assets.listBigqueryDatasets
cloudasset.assets.listBigqueryModels
cloudasset.assets.listBigqueryTables
cloudasset.assets.listBigtableAppProfile
cloudasset.assets.listBigtableBackup
cloudasset.assets.listBigtableCluster
cloudasset.assets.listBigtableInstance
cloudasset.assets.listBigtableTable
cloudasset.assets.listCloudAssetFeeds
cloudasset.assets.listCloudDeployDeliveryPipelines
cloudasset.assets.listCloudDeployReleases
cloudasset.assets.listCloudDeployRollouts
cloudasset.assets.listCloudDeployTargets
cloudasset.assets.listCloudDocumentAIEvaluation
cloudasset.assets.listCloudDocumentAIHumanReviewConfig
cloudasset.assets.listCloudDocumentAILabelerPool
cloudasset.assets.listCloudDocumentAIProcessor
cloudasset.assets.listCloudDocumentAIProcessorVersion
cloudasset.assets.listCloudbillingBillingAccounts
cloudasset.assets.listCloudbillingProjectBillingInfos
cloudasset.assets.listCloudfunctionsFunctions
cloudasset.assets.listCloudfunctionsGen2Functions
cloudasset.assets.listCloudkmsCryptoKeyVersions
cloudasset.assets.listCloudkmsEkmConnections
cloudasset.assets.listCloudkmsImportJobs
cloudasset.assets.listCloudkmsKeyRings
cloudasset.assets.listCloudmemcacheInstances
cloudasset.assets.listCloudresourcemanagerFolders
cloudasset.assets.listCloudresourcemanagerOrganizations
cloudasset.assets.listCloudresourcemanagerProjects
cloudasset.assets.listCloudresourcemanagerTagBindings
cloudasset.assets.listCloudresourcemanagerTagKeys
cloudasset.assets.listCloudresourcemanagerTagValues
cloudasset.assets.listComposerEnvironments
cloudasset.assets.listComputeAddress
cloudasset.assets.listComputeAutoscalers
cloudasset.assets.listComputeBackendBuckets
cloudasset.assets.listComputeBackendServices
cloudasset.assets.listComputeCommitments
cloudasset.assets.listComputeDisks
cloudasset.assets.listComputeExternalVpnGateways
cloudasset.assets.listComputeFirewallPolicies
cloudasset.assets.listComputeFirewalls
cloudasset.assets.listComputeForwardingRules
cloudasset.assets.listComputeGlobalAddress
cloudasset.assets.listComputeGlobalForwardingRules
cloudasset.assets.listComputeHealthChecks
cloudasset.assets.listComputeHttpHealthChecks
cloudasset.assets.listComputeHttpsHealthChecks
cloudasset.assets.listComputeImages
cloudasset.assets.listComputeInstanceGroupManagers
cloudasset.assets.listComputeInstanceGroups
cloudasset.assets.listComputeInstanceTemplates
cloudasset.assets.listComputeInstances
cloudasset.assets.listComputeInterconnect
cloudasset.assets.listComputeInterconnectAttachment
cloudasset.assets.listComputeLicenses
cloudasset.assets.listComputeNetworkEndpointGroups
cloudasset.assets.listComputeNetworks
cloudasset.assets.listComputeNodeGroups
cloudasset.assets.listComputeNodeTemplates
cloudasset.assets.listComputePacketMirrorings
cloudasset.assets.listComputeProjects
cloudasset.assets.listComputeRegionAutoscaler
cloudasset.assets.listComputeRegionBackendServices
cloudasset.assets.listComputeRegionDisk
cloudasset.assets.listComputeRegionInstanceGroup
cloudasset.assets.listComputeRegionInstanceGroupManager
cloudasset.assets.listComputeReservations
cloudasset.assets.listComputeResourcePolicies
cloudasset.assets.listComputeRouters
cloudasset.assets.listComputeRoutes
cloudasset.assets.listComputeSecurityPolicy
cloudasset.assets.listComputeServiceAttachments
cloudasset.assets.listComputeSnapshots
cloudasset.assets.listComputeSslCertificates
cloudasset.assets.listComputeSslPolicies
cloudasset.assets.listComputeSubnetworks
cloudasset.assets.listComputeTargetHttpProxies
cloudasset.assets.listComputeTargetHttpsProxies
cloudasset.assets.listComputeTargetInstances
cloudasset.assets.listComputeTargetPools
cloudasset.assets.listComputeTargetSslProxies
cloudasset.assets.listComputeTargetTcpProxies
cloudasset.assets.listComputeTargetVpnGateways
cloudasset.assets.listComputeUrlMaps
cloudasset.assets.listComputeVpnGateways
cloudasset.assets.listComputeVpnTunnels
cloudasset.assets.listConnectorsConnections
cloudasset.assets.listConnectorsConnectorVersions
cloudasset.assets.listConnectorsConnectors
cloudasset.assets.listConnectorsProviders
cloudasset.assets.listConnectorsRuntimeConfigs
cloudasset.assets.listContainerAppsDeployment
cloudasset.assets.listContainerAppsReplicaSets
cloudasset.assets.listContainerBatchJobs
cloudasset.assets.listContainerClusterrole
cloudasset.assets.listContainerClusterrolebinding
cloudasset.assets.listContainerClusters
cloudasset.assets.listContainerExtensionsIngresses
cloudasset.assets.listContainerJobs
cloudasset.assets.listContainerNamespace
cloudasset.assets.listContainerNetworkingIngresses
cloudasset.assets.listContainerNetworkingNetworkPolicies
cloudasset.assets.listContainerNode
cloudasset.assets.listContainerNodepool
cloudasset.assets.listContainerPod
cloudasset.assets.listContainerReplicaSets
cloudasset.assets.listContainerRole
cloudasset.assets.listContainerRolebinding
cloudasset.assets.listContainerServices
cloudasset.assets.listContainerregistryImage
cloudasset.assets.listDataMigrationConnectionProfiles
cloudasset.assets.listDataMigrationMigrationJobs
cloudasset.assets.listDataflowJobs
cloudasset.assets.listDatafusionInstance
cloudasset.assets.listDataplexAssets
cloudasset.assets.listDataplexLakes
cloudasset.assets.listDataplexTasks
cloudasset.assets.listDataplexZones
cloudasset.assets.listDataprocAutoscalingPolicies
cloudasset.assets.listDataprocBatches
cloudasset.assets.listDataprocClusters
cloudasset.assets.listDataprocJobs
cloudasset.assets.listDataprocSessions
cloudasset.assets.listDataprocWorkflowTemplates
cloudasset.assets.listDatastreamConnectionProfile
cloudasset.assets.listDatastreamPrivateConnection
cloudasset.assets.listDatastreamStream
cloudasset.assets.listDialogflowAgents
cloudasset.assets.listDialogflowConversationProfiles
cloudasset.assets.listDialogflowKnowledgeBases
cloudasset.assets.listDialogflowLocationSettings
cloudasset.assets.listDlpDeidentifyTemplates
cloudasset.assets.listDlpDlpJobs
cloudasset.assets.listDlpInspectTemplates
cloudasset.assets.listDlpJobTriggers
cloudasset.assets.listDlpStoredInfoTypes
cloudasset.assets.listDnsManagedZones
cloudasset.assets.listDnsPolicies
cloudasset.assets.listDomainsRegistrations
cloudasset.assets.listEventarcTriggers
cloudasset.assets.listFileBackups
cloudasset.assets.listFileInstances
cloudasset.assets.listFirebaseAppInfos
cloudasset.assets.listFirebaseProjects
cloudasset.assets.listFirestoreDatabases
cloudasset.assets.listGKEHubFeatures
cloudasset.assets.listGKEHubMemberships
cloudasset.assets.listGameservicesGameServerClusters
cloudasset.assets.listGameservicesGameServerConfigs
cloudasset.assets.listGameservicesGameServerDeployments
cloudasset.assets.listGameservicesRealms
cloudasset.assets.listGkeBackupBackupPlans
cloudasset.assets.listGkeBackupBackups
cloudasset.assets.listGkeBackupRestorePlans
cloudasset.assets.listGkeBackupRestores
cloudasset.assets.listGkeBackupVolumeBackups
cloudasset.assets.listGkeBackupVolumeRestores
cloudasset.assets.listHealthcareConsentStores
cloudasset.assets.listHealthcareDatasets
cloudasset.assets.listHealthcareDicomStores
cloudasset.assets.listHealthcareFhirStores
cloudasset.assets.listHealthcareHl7V2Stores
cloudasset.assets.listIamRoles
cloudasset.assets.listIamServiceAccountKeys
cloudasset.assets.listIamServiceAccounts
cloudasset.assets.listIdsEndpoints
cloudasset.assets.listIntegrationsAuthConfigs
cloudasset.assets.listIntegrationsCertificates
cloudasset.assets.listIntegrationsExecutions
cloudasset.assets.listIntegrationsIntegrationVersions
cloudasset.assets.listIntegrationsIntegrations
cloudasset.assets.listIntegrationsSfdcChannels
cloudasset.assets.listIntegrationsSfdcInstances
cloudasset.assets.listIntegrationsSuspensions
cloudasset.assets.listManagedidentitiesDomain
cloudasset.assets.listMetastoreBackups
cloudasset.assets.listMetastoreMetadataImports
cloudasset.assets.listMetastoreServices
cloudasset.assets.listMonitoringAlertPolicies
cloudasset.assets.listNetworkConnectivityHubs
cloudasset.assets.listNetworkConnectivitySpokes
cloudasset.assets.listNetworkManagementConnectivityTests
cloudasset.assets.listNetworkServicesEndpointPolicies
cloudasset.assets.listNetworkServicesGateways
cloudasset.assets.listNetworkServicesGrpcRoutes
cloudasset.assets.listNetworkServicesHttpRoutes
cloudasset.assets.listNetworkServicesMeshes
cloudasset.assets.listNetworkServicesServiceBindings
cloudasset.assets.listNetworkServicesTcpRoutes
cloudasset.assets.listNetworkServicesTlsRoutes
cloudasset.assets.listOSConfigOSPolicyAssignmentReports
cloudasset.assets.listOSConfigOSPolicyAssignments
cloudasset.assets.listOSConfigVulnerabilityReports
cloudasset.assets.listPatchDeployments
cloudasset.assets.listPubsubSnapshots
cloudasset.assets.listPubsubSubscriptions
cloudasset.assets.listPubsubTopics
cloudasset.assets.listRedisInstances
cloudasset.assets.listRunDomainMapping
cloudasset.assets.listRunRevision
cloudasset.assets.listRunService
cloudasset.assets.listServiceDirectoryNamespaces
cloudasset.assets.listServicePerimeter
cloudasset.assets.listServiceconsumermanagementConsumerProperty
cloudasset.assets.listServiceconsumermanagementConsumerQuotaLimits
cloudasset.assets.listServiceconsumermanagementConsumers
cloudasset.assets.listServiceconsumermanagementProducerOverrides
cloudasset.assets.listServiceconsumermanagementTenancyUnits
cloudasset.assets.listServiceconsumermanagementVisibility
cloudasset.assets.listServicemanagementServices
cloudasset.assets.listServiceusageAdminOverrides
cloudasset.assets.listServiceusageConsumerOverrides
cloudasset.assets.listServiceusageServices
cloudasset.assets.listSpannerBackups
cloudasset.assets.listSpannerDatabases
cloudasset.assets.listSpannerInstances
cloudasset.assets.listSpeakerIdPhrases
cloudasset.assets.listSpeakerIdSettings
cloudasset.assets.listSpeakerIdSpeakers
cloudasset.assets.listSpeechCustomClasses
cloudasset.assets.listSpeechPhraseSets
cloudasset.assets.listSqladminBackupRuns
cloudasset.assets.listSqladminInstances
cloudasset.assets.listStorageBuckets
cloudasset.assets.listTpuNodes
cloudasset.assets.listVpcaccessConnector
Compute Engine Added compute.serviceAttachments.getIamPolicy
compute.serviceAttachments.setIamPolicy
compute.serviceAttachments.use
Compute Engine Supported In Custom Roles compute.serviceAttachments.getIamPolicy
compute.serviceAttachments.setIamPolicy
compute.serviceAttachments.use
Google Data Studio Added datastudio.datasources.delete
datastudio.datasources.get
datastudio.datasources.getIamPolicy
datastudio.datasources.move
datastudio.datasources.restoreTrash
datastudio.datasources.search
datastudio.datasources.setIamPolicy
datastudio.datasources.settingsShare
datastudio.datasources.share
datastudio.datasources.trash
datastudio.datasources.update
datastudio.reports.delete
datastudio.reports.get
datastudio.reports.getIamPolicy
datastudio.reports.move
datastudio.reports.restoreTrash
datastudio.reports.search
datastudio.reports.setIamPolicy
datastudio.reports.settingsShare
datastudio.reports.share
datastudio.reports.trash
datastudio.reports.update
datastudio.workspaces.createUnder
datastudio.workspaces.delete
datastudio.workspaces.get
datastudio.workspaces.getIamPolicy
datastudio.workspaces.moveIn
datastudio.workspaces.moveOut
datastudio.workspaces.restoreTrash
datastudio.workspaces.search
datastudio.workspaces.setIamPolicy
datastudio.workspaces.trash
datastudio.workspaces.update
Enterprise Knowledge Graph Added enterpriseknowledgegraph.entityReconciliationJobs.cancel
enterpriseknowledgegraph.entityReconciliationJobs.create
enterpriseknowledgegraph.entityReconciliationJobs.delete
enterpriseknowledgegraph.entityReconciliationJobs.get
enterpriseknowledgegraph.entityReconciliationJobs.list
Enterprise Knowledge Graph Supported In Custom Roles enterpriseknowledgegraph.entityReconciliationJobs.delete
Anthos clusters on VMware (GKE on-prem) Added gkeonprem.bareMetalClusters.queryVersionConfig
gkeonprem.vmwareClusters.queryVersionConfig
Anthos clusters on VMware (GKE on-prem) Supported In Custom Roles gkeonprem.bareMetalClusters.queryVersionConfig
gkeonprem.vmwareClusters.queryVersionConfig
Anthos clusters on VMware (GKE on-prem) Now GA gkeonprem.bareMetalClusters.queryVersionConfig
gkeonprem.vmwareClusters.queryVersionConfig
Managed Service for Microsoft Active Directory Added managedidentities.domains.checkMigrationPermission
managedidentities.domains.disableMigration
managedidentities.domains.enableMigration
Dataproc Metastore Added metastore.backups.getIamPolicy
metastore.backups.setIamPolicy
Dataproc Metastore Supported In Custom Roles metastore.backups.getIamPolicy
metastore.backups.setIamPolicy
Dataproc Metastore Now GA metastore.backups.getIamPolicy
metastore.backups.setIamPolicy
Public Certificate Authority Added publicca.externalAccountKeys.create
Recommender Added recommender.computeFirewallInsightTypeConfigs.get
recommender.computeFirewallInsightTypeConfigs.update
recommender.gmpGuidedExperienceInsights.get
recommender.gmpGuidedExperienceInsights.list
recommender.gmpGuidedExperienceInsights.update
recommender.gmpGuidedExperienceRecommendations.get
recommender.gmpGuidedExperienceRecommendations.list
recommender.gmpGuidedExperienceRecommendations.update
Recommender Supported In Custom Roles recommender.computeFirewallInsightTypeConfigs.get
recommender.computeFirewallInsightTypeConfigs.update
recommender.gmpGuidedExperienceInsights.get
recommender.gmpGuidedExperienceInsights.list
recommender.gmpGuidedExperienceInsights.update
recommender.gmpGuidedExperienceRecommendations.get
recommender.gmpGuidedExperienceRecommendations.list
recommender.gmpGuidedExperienceRecommendations.update
Recommender Now GA recommender.computeFirewallInsightTypeConfigs.get
recommender.computeFirewallInsightTypeConfigs.update
recommender.gmpGuidedExperienceInsights.get
recommender.gmpGuidedExperienceInsights.list
recommender.gmpGuidedExperienceInsights.update
recommender.gmpGuidedExperienceRecommendations.get
recommender.gmpGuidedExperienceRecommendations.list
recommender.gmpGuidedExperienceRecommendations.update
Service Networking Added servicenetworking.services.addDnsRecordSet
servicenetworking.services.addDnsZone
servicenetworking.services.deleteConnection
servicenetworking.services.disableVpcServiceControls
servicenetworking.services.enableVpcServiceControls
servicenetworking.services.getConsumerConfig
servicenetworking.services.removeDnsRecordSet
servicenetworking.services.removeDnsZone
servicenetworking.services.updateConsumerConfig
servicenetworking.services.updateDnsRecordSet
Service Networking Supported In Custom Roles servicenetworking.services.addDnsRecordSet
servicenetworking.services.addDnsZone
servicenetworking.services.deleteConnection
servicenetworking.services.disableVpcServiceControls
servicenetworking.services.enableVpcServiceControls
servicenetworking.services.getConsumerConfig
servicenetworking.services.removeDnsRecordSet
servicenetworking.services.removeDnsZone
servicenetworking.services.updateConsumerConfig
servicenetworking.services.updateDnsRecordSet
Cloud Spanner Added spanner.instanceConfigOperations.cancel
spanner.instanceConfigOperations.delete
spanner.instanceConfigOperations.get
spanner.instanceConfigOperations.list
spanner.instanceConfigs.create
spanner.instanceConfigs.delete
spanner.instanceConfigs.update
Cloud Spanner Supported In Custom Roles spanner.instanceConfigOperations.cancel
spanner.instanceConfigOperations.delete
spanner.instanceConfigOperations.get
spanner.instanceConfigOperations.list
spanner.instanceConfigs.create
spanner.instanceConfigs.delete
spanner.instanceConfigs.update
Cloud Spanner Now GA spanner.instanceConfigOperations.cancel
spanner.instanceConfigOperations.delete
spanner.instanceConfigOperations.get
spanner.instanceConfigOperations.list
spanner.instanceConfigs.create
spanner.instanceConfigs.delete
spanner.instanceConfigs.update
Video Stitcher API Now GA videostitcher.cdnKeys.create
videostitcher.cdnKeys.delete
videostitcher.cdnKeys.get
videostitcher.cdnKeys.list
videostitcher.cdnKeys.update
videostitcher.liveAdTagDetails.get
videostitcher.liveAdTagDetails.list
videostitcher.liveSessions.create
videostitcher.liveSessions.get
videostitcher.slates.create
videostitcher.slates.delete
videostitcher.slates.get
videostitcher.slates.list
videostitcher.slates.update
videostitcher.vodAdTagDetails.get
videostitcher.vodAdTagDetails.list
videostitcher.vodSessions.create
videostitcher.vodSessions.get
videostitcher.vodStitchDetails.get
videostitcher.vodStitchDetails.list
Vision AI Added visionai.analyses.create
visionai.analyses.delete
visionai.analyses.get
visionai.analyses.getIamPolicy
visionai.analyses.list
visionai.analyses.setIamPolicy
visionai.analyses.update
visionai.annotations.create
visionai.annotations.delete
visionai.annotations.get
visionai.annotations.list
visionai.annotations.update
visionai.applications.create
visionai.applications.delete
visionai.applications.deploy
visionai.applications.get
visionai.applications.list
visionai.applications.undeploy
visionai.applications.update
visionai.assets.clip
visionai.assets.create
visionai.assets.delete
visionai.assets.generateHlsUri
visionai.assets.get
visionai.assets.ingest
visionai.assets.list
visionai.assets.search
visionai.assets.update
visionai.clusters.create
visionai.clusters.delete
visionai.clusters.get
visionai.clusters.getIamPolicy
visionai.clusters.list
visionai.clusters.setIamPolicy
visionai.clusters.update
visionai.clusters.watch
visionai.corpora.create
visionai.corpora.delete
visionai.corpora.get
visionai.corpora.list
visionai.corpora.update
visionai.dataSchemas.create
visionai.dataSchemas.delete
visionai.dataSchemas.get
visionai.dataSchemas.list
visionai.dataSchemas.update
visionai.dataSchemas.validate
visionai.drafts.create
visionai.drafts.delete
visionai.drafts.get
visionai.drafts.list
visionai.drafts.update
visionai.events.create
visionai.events.delete
visionai.events.get
visionai.events.getIamPolicy
visionai.events.list
visionai.events.setIamPolicy
visionai.events.update
visionai.instances.get
visionai.instances.list
visionai.locations.get
visionai.locations.list
visionai.operations.cancel
visionai.operations.delete
visionai.operations.get
visionai.operations.list
visionai.operations.wait
visionai.operators.create
visionai.operators.delete
visionai.operators.get
visionai.operators.getIamPolicy
visionai.operators.list
visionai.operators.setIamPolicy
visionai.operators.update
visionai.processors.create
visionai.processors.delete
visionai.processors.get
visionai.processors.list
visionai.processors.listPrebuilt
visionai.processors.update
visionai.searchConfigs.create
visionai.searchConfigs.delete
visionai.searchConfigs.get
visionai.searchConfigs.list
visionai.searchConfigs.update
visionai.series.acquireLease
visionai.series.create
visionai.series.delete
visionai.series.get
visionai.series.getIamPolicy
visionai.series.list
visionai.series.receive
visionai.series.releaseLease
visionai.series.renewLease
visionai.series.send
visionai.series.setIamPolicy
visionai.series.update
visionai.streams.create
visionai.streams.delete
visionai.streams.get
visionai.streams.getIamPolicy
visionai.streams.list
visionai.streams.receive
visionai.streams.send
visionai.streams.setIamPolicy
visionai.streams.update
Vision AI Supported In Custom Roles visionai.analyses.create
visionai.analyses.delete
visionai.analyses.get
visionai.analyses.getIamPolicy
visionai.analyses.list
visionai.analyses.setIamPolicy
visionai.analyses.update
visionai.applications.create
visionai.applications.delete
visionai.applications.deploy
visionai.applications.get
visionai.applications.list
visionai.applications.undeploy
visionai.applications.update
visionai.clusters.create
visionai.clusters.delete
visionai.clusters.get
visionai.clusters.getIamPolicy
visionai.clusters.list
visionai.clusters.setIamPolicy
visionai.clusters.update
visionai.drafts.create
visionai.drafts.delete
visionai.drafts.get
visionai.drafts.list
visionai.drafts.update
visionai.events.create
visionai.events.delete
visionai.events.get
visionai.events.getIamPolicy
visionai.events.list
visionai.events.setIamPolicy
visionai.events.update
visionai.instances.get
visionai.instances.list
visionai.locations.get
visionai.locations.list
visionai.operators.create
visionai.operators.delete
visionai.operators.get
visionai.operators.getIamPolicy
visionai.operators.list
visionai.operators.setIamPolicy
visionai.operators.update
visionai.processors.create
visionai.processors.delete
visionai.processors.get
visionai.processors.list
visionai.processors.listPrebuilt
visionai.processors.update
visionai.series.create
visionai.series.delete
visionai.series.get
visionai.series.getIamPolicy
visionai.series.list
visionai.series.setIamPolicy
visionai.series.update
visionai.streams.create
visionai.streams.delete
visionai.streams.get
visionai.streams.getIamPolicy
visionai.streams.list
visionai.streams.setIamPolicy
visionai.streams.update

Cloud IAM changes as of 2022-09-23

Service Change Description
Bare Metal Solution Now GA

The role roles/baremetalsolution.volumesnapshotsadmin (Snapshots Admin) is now GA.

Bare Metal Solution Now GA

The role roles/baremetalsolution.volumesnapshotseditor (Snapshots Editor) is now GA.

Bare Metal Solution Now GA

The role roles/baremetalsolution.volumesnapshotsviewer (Snapshots Viewer) is now GA.

Content Warehouse Now GA

The role roles/contentwarehouse.admin (Content Warehouse Admin) is now GA.

Content Warehouse Now GA

The role roles/contentwarehouse.documentAdmin (Content Warehouse Document Admin) is now GA.

Content Warehouse Now GA

The role roles/contentwarehouse.documentCreator (Content Warehouse document creator) is now GA.

Content Warehouse Now GA

The role roles/contentwarehouse.documentEditor (Content Warehouse Document Editor) is now GA.

Content Warehouse Now GA

The role roles/contentwarehouse.documentSchemaViewer (Content Warehouse document schema viewer) is now GA.

Content Warehouse Now GA

The role roles/contentwarehouse.documentViewer (Content Warehouse Viewer) is now GA.

Basic Role Role Updated

The following permissions have been removed from the role roles/editor (Editor):

workstations.workstations.use
Multi Cluster Ingress Role Updated

The following permissions have been added to the role roles/multiclusteringress.serviceAgent (Multi Cluster Ingress Service Agent):

serviceusage.services.use
Basic Role Role Updated

The following permissions have been removed from the role roles/owner (Owner):

workstations.workstations.use
Cloud Workstations Role Updated

The following permissions have been removed from the role roles/workstations.admin (Cloud Workstations Admin):

workstations.workstations.use
Bare Metal Solution Added baremetalsolution.nfsshares.create
baremetalsolution.nfsshares.delete
Bare Metal Solution Supported In Custom Roles baremetalsolution.nfsshares.create
baremetalsolution.nfsshares.delete
Bare Metal Solution Now GA baremetalsolution.nfsshares.create
baremetalsolution.nfsshares.delete
Compute Engine Added compute.networkEdgeSecurityServices.create
compute.networkEdgeSecurityServices.delete
compute.networkEdgeSecurityServices.get
compute.networkEdgeSecurityServices.list
compute.networkEdgeSecurityServices.update
compute.regionSecurityPolicies.create
compute.regionSecurityPolicies.delete
compute.regionSecurityPolicies.get
compute.regionSecurityPolicies.list
compute.regionSecurityPolicies.update
compute.regionSecurityPolicies.use
compute.securityPolicies.setLabels
Compute Engine Supported In Custom Roles compute.securityPolicies.setLabels
Compute Engine Now GA compute.disks.listEffectiveTags
compute.images.listEffectiveTags
compute.instances.listEffectiveTags
compute.securityPolicies.setLabels
compute.snapshots.listEffectiveTags
Container Security Added containersecurity.findings.list
Content Warehouse Now GA contentwarehouse.documentSchemas.create
contentwarehouse.documentSchemas.delete
contentwarehouse.documentSchemas.get
contentwarehouse.documentSchemas.list
contentwarehouse.documentSchemas.update
contentwarehouse.documents.create
contentwarehouse.documents.delete
contentwarehouse.documents.get
contentwarehouse.documents.getIamPolicy
contentwarehouse.documents.setIamPolicy
contentwarehouse.documents.update
contentwarehouse.locations.initialize
contentwarehouse.operations.get
contentwarehouse.rawDocuments.download
contentwarehouse.rawDocuments.upload
contentwarehouse.ruleSets.create
contentwarehouse.ruleSets.delete
contentwarehouse.ruleSets.get
contentwarehouse.ruleSets.list
contentwarehouse.ruleSets.update
contentwarehouse.synonymSets.create
contentwarehouse.synonymSets.delete
contentwarehouse.synonymSets.get
contentwarehouse.synonymSets.list
contentwarehouse.synonymSets.update
Document AI Added documentai.evaluationDocuments.get
Managed Service for Microsoft Active Directory Now GA managedidentities.domains.extendSchema
Organization Policy Service Added orgpolicy.customConstraints.create
orgpolicy.customConstraints.delete
orgpolicy.customConstraints.get
orgpolicy.customConstraints.list
orgpolicy.customConstraints.update
Organization Policy Service Supported In Custom Roles orgpolicy.customConstraints.get
orgpolicy.customConstraints.list
Recommender Added recommender.resourcemanagerProjectUtilizationInsightTypeConfigs.get
recommender.resourcemanagerProjectUtilizationInsightTypeConfigs.update
recommender.resourcemanagerProjectUtilizationRecommenderConfigs.get
recommender.resourcemanagerProjectUtilizationRecommenderConfigs.update
Recommender Supported In Custom Roles recommender.resourcemanagerProjectUtilizationInsightTypeConfigs.get
recommender.resourcemanagerProjectUtilizationInsightTypeConfigs.update
recommender.resourcemanagerProjectUtilizationRecommenderConfigs.get
recommender.resourcemanagerProjectUtilizationRecommenderConfigs.update
Resource Manager Now GA resourcemanager.hierarchyNodes.listEffectiveTags

Cloud IAM changes as of 2022-09-10

Service Change Description
Apigee Role Updated

The following permissions have been added to the role roles/apigee.serviceAgent (Apigee Service Agent):

apigee.developers.delete
Dialogflow Role Updated

The following permissions have been added to the role roles/dialogflow.serviceAgent (Dialogflow Service Agent):

bigquery.tables.get
bigquery.tables.updateData
GKE Hub Role Updated

The following permissions have been added to the role roles/gkehub.serviceAgent (GKE Hub Service Agent):

monitoring.metricsScopes.link
resourcemanager.projects.get
resourcemanager.projects.list
Cloud Monitoring Role Updated

The following permissions have been added to the role roles/monitoring.notificationServiceAgent (Monitoring Service Agent):

monitoring.metricDescriptors.get
monitoring.metricDescriptors.list
monitoring.monitoredResourceDescriptors.get
monitoring.monitoredResourceDescriptors.list
Storage Transfer Service Now GA

The role roles/storagetransfer.serviceAgent (Storage Transfer Service Agent) is now GA.

Access Approval Added accessapproval.serviceAccounts.get
Document AI Added documentai.dataLabelingJobs.cancel
documentai.dataLabelingJobs.create
documentai.dataLabelingJobs.delete
documentai.dataLabelingJobs.list
documentai.dataLabelingJobs.update
documentai.datasets.createDocuments
documentai.datasets.deleteDocuments
documentai.datasets.getDocuments
documentai.datasets.listDocuments
documentai.datasets.updateDocuments
Notebooks Added notebooks.instances.diagnose
notebooks.runtimes.diagnose
Notebooks Now GA notebooks.instances.diagnose
notebooks.runtimes.diagnose
Recommender Added recommender.networkAnalyzerCloudSqlInsights.get
recommender.networkAnalyzerCloudSqlInsights.list
recommender.networkAnalyzerCloudSqlInsights.update
recommender.networkAnalyzerDynamicRouteInsights.get
recommender.networkAnalyzerDynamicRouteInsights.list
recommender.networkAnalyzerDynamicRouteInsights.update
recommender.networkAnalyzerGkeConnectivityInsights.get
recommender.networkAnalyzerGkeConnectivityInsights.list
recommender.networkAnalyzerGkeConnectivityInsights.update
recommender.networkAnalyzerGkeIpAddressInsights.get
recommender.networkAnalyzerGkeIpAddressInsights.list
recommender.networkAnalyzerGkeIpAddressInsights.update
recommender.networkAnalyzerIpAddressInsights.get
recommender.networkAnalyzerIpAddressInsights.list
recommender.networkAnalyzerIpAddressInsights.update
recommender.networkAnalyzerLoadBalancerInsights.get
recommender.networkAnalyzerLoadBalancerInsights.list
recommender.networkAnalyzerLoadBalancerInsights.update
recommender.networkAnalyzerVpcConnectivityInsights.get
recommender.networkAnalyzerVpcConnectivityInsights.list
recommender.networkAnalyzerVpcConnectivityInsights.update
Recommender Supported In Custom Roles recommender.networkAnalyzerCloudSqlInsights.get
recommender.networkAnalyzerCloudSqlInsights.list
recommender.networkAnalyzerCloudSqlInsights.update
recommender.networkAnalyzerDynamicRouteInsights.get
recommender.networkAnalyzerDynamicRouteInsights.list
recommender.networkAnalyzerDynamicRouteInsights.update
recommender.networkAnalyzerGkeConnectivityInsights.get
recommender.networkAnalyzerGkeConnectivityInsights.list
recommender.networkAnalyzerGkeConnectivityInsights.update
recommender.networkAnalyzerGkeIpAddressInsights.get
recommender.networkAnalyzerGkeIpAddressInsights.list
recommender.networkAnalyzerGkeIpAddressInsights.update
recommender.networkAnalyzerIpAddressInsights.get
recommender.networkAnalyzerIpAddressInsights.list
recommender.networkAnalyzerIpAddressInsights.update
recommender.networkAnalyzerLoadBalancerInsights.get
recommender.networkAnalyzerLoadBalancerInsights.list
recommender.networkAnalyzerLoadBalancerInsights.update
recommender.networkAnalyzerVpcConnectivityInsights.get
recommender.networkAnalyzerVpcConnectivityInsights.list
recommender.networkAnalyzerVpcConnectivityInsights.update

Cloud IAM changes as of 2022-09-02

Service Change Description
Compute Engine Role Updated

The following permissions have been added to the role roles/compute.securityAdmin (Compute Security Admin):

compute.backendBuckets.list
compute.backendServices.list
compute.instances.list
compute.regionBackendServices.list
compute.targetInstances.list
compute.targetPools.list
Dataplex Role Updated

The following permissions have been added to the role roles/dataplex.serviceAgent (Cloud Dataplex Service Agent):

dataplex.environments.execute
Basic Role Role Updated

The following permissions have been added to the role roles/editor (Editor):

batch.jobs.create
Firebase App Distribution Now GA

The role roles/firebaseappdistro.admin (Firebase App Distribution Admin) is now GA.

Firebase App Distribution Now GA

The role roles/firebaseappdistro.viewer (Firebase App Distribution Viewer) is now GA.

Anthos clusters on VMware (GKE on-prem) Now GA

The role roles/gkeonprem.admin (GKE on-prem Admin) is now GA.

Anthos clusters on VMware (GKE on-prem) Now GA

The role roles/gkeonprem.viewer (GKE on-prem Viewer) is now GA.

Rapid Migration Assessment Now GA

The role roles/rapidmigrationassessment.serviceAgent (RMA Service Agent) is now GA.

Cloud Spanner Now GA

The role roles/spanner.databaseRoleUser (Cloud Spanner Database Role User) is now GA.

Cloud Spanner Now GA

The role roles/spanner.fineGrainedAccessUser (Cloud Spanner Fine-grained Access User) is now GA.

Stream Now GA

The role roles/stream.admin (Stream Admin) is now GA.

Stream Now GA

The role roles/stream.contentAdmin (Stream Content Admin) is now GA.

Stream Now GA

The role roles/stream.contentBuilder (Stream Content Builder) is now GA.

Stream Now GA

The role roles/stream.instanceAdmin (Stream Instance Admin) is now GA.

Stream Now GA

The role roles/stream.viewer (Stream Viewer) is now GA.

Data Catalog Added datacatalog.entries.updateContacts
datacatalog.entries.updateOverview
Data Catalog Supported In Custom Roles datacatalog.entries.updateContacts
datacatalog.entries.updateOverview
Firebase App Distribution Now GA firebaseappdistro.groups.list
firebaseappdistro.groups.update
firebaseappdistro.releases.list
firebaseappdistro.releases.update
firebaseappdistro.testers.list
firebaseappdistro.testers.update
Anthos clusters on VMware (GKE on-prem) Now GA gkeonprem.bareMetalClusters.create
gkeonprem.bareMetalClusters.delete
gkeonprem.bareMetalClusters.enroll
gkeonprem.bareMetalClusters.get
gkeonprem.bareMetalClusters.getIamPolicy
gkeonprem.bareMetalClusters.list
gkeonprem.bareMetalClusters.setIamPolicy
gkeonprem.bareMetalClusters.unenroll
gkeonprem.bareMetalClusters.update
gkeonprem.bareMetalNodePools.create
gkeonprem.bareMetalNodePools.delete
gkeonprem.bareMetalNodePools.get
gkeonprem.bareMetalNodePools.getIamPolicy
gkeonprem.bareMetalNodePools.list
gkeonprem.bareMetalNodePools.setIamPolicy
gkeonprem.bareMetalNodePools.update
gkeonprem.locations.get
gkeonprem.locations.list
gkeonprem.operations.cancel
gkeonprem.operations.delete
gkeonprem.operations.get
gkeonprem.operations.list
gkeonprem.vmwareClusters.create
gkeonprem.vmwareClusters.delete
gkeonprem.vmwareClusters.enroll
gkeonprem.vmwareClusters.get
gkeonprem.vmwareClusters.getIamPolicy
gkeonprem.vmwareClusters.list
gkeonprem.vmwareClusters.setIamPolicy
gkeonprem.vmwareClusters.unenroll
gkeonprem.vmwareClusters.update
gkeonprem.vmwareNodePools.create
gkeonprem.vmwareNodePools.delete
gkeonprem.vmwareNodePools.get
gkeonprem.vmwareNodePools.getIamPolicy
gkeonprem.vmwareNodePools.list
gkeonprem.vmwareNodePools.setIamPolicy
gkeonprem.vmwareNodePools.update
Payment Gateway issuer switch Added issuerswitch.complaintTransactions.list
issuerswitch.complaints.create
issuerswitch.complaints.resolve
issuerswitch.disputes.create
issuerswitch.disputes.resolve
issuerswitch.financialTransactions.list
issuerswitch.mandateTransactions.list
issuerswitch.metadataTransactions.list
issuerswitch.operations.cancel
issuerswitch.operations.delete
issuerswitch.operations.get
issuerswitch.operations.list
issuerswitch.operations.wait
issuerswitch.ruleMetadata.list
issuerswitch.ruleMetadataValues.create
issuerswitch.ruleMetadataValues.delete
issuerswitch.ruleMetadataValues.list
issuerswitch.rules.list
Recommender Added recommender.cloudsqlInstanceSecurityInsights.get
recommender.cloudsqlInstanceSecurityInsights.list
recommender.cloudsqlInstanceSecurityInsights.update
recommender.cloudsqlInstanceSecurityRecommendations.get
recommender.cloudsqlInstanceSecurityRecommendations.list
recommender.cloudsqlInstanceSecurityRecommendations.update
Recommender Supported In Custom Roles recommender.cloudsqlInstanceSecurityInsights.get
recommender.cloudsqlInstanceSecurityInsights.list
recommender.cloudsqlInstanceSecurityInsights.update
recommender.cloudsqlInstanceSecurityRecommendations.get
recommender.cloudsqlInstanceSecurityRecommendations.list
recommender.cloudsqlInstanceSecurityRecommendations.update
Rapid Migration Assessment Added rma.annotations.create
rma.annotations.get
rma.collectors.create
rma.collectors.delete
rma.collectors.get
rma.collectors.list
rma.collectors.update
rma.locations.get
rma.locations.list
rma.operations.cancel
rma.operations.delete
rma.operations.get
rma.operations.list
Rapid Migration Assessment Supported In Custom Roles rma.annotations.create
rma.annotations.get
rma.collectors.create
rma.collectors.delete
rma.collectors.get
rma.collectors.list
rma.collectors.update
rma.locations.get
rma.locations.list
rma.operations.cancel
rma.operations.delete
rma.operations.get
rma.operations.list
Cloud Spanner Added spanner.databaseRoles.list
spanner.databaseRoles.use
spanner.databases.useRoleBasedAccess
Cloud Spanner Now GA spanner.databaseRoles.list
spanner.databaseRoles.use
spanner.databases.useRoleBasedAccess
Speech-to-Text Added speech.config.get
speech.config.update
speech.customClasses.undelete
speech.operations.cancel
speech.operations.delete
speech.operations.get
speech.operations.list
speech.operations.wait
speech.phraseSets.undelete
speech.recognizers.create
speech.recognizers.delete
speech.recognizers.get
speech.recognizers.list
speech.recognizers.recognize
speech.recognizers.undelete
speech.recognizers.update
Speech-to-Text Now GA speech.config.get
speech.config.update
speech.customClasses.undelete
speech.operations.cancel
speech.operations.delete
speech.operations.get
speech.operations.list
speech.operations.wait
speech.phraseSets.undelete
speech.recognizers.create
speech.recognizers.delete
speech.recognizers.get
speech.recognizers.list
speech.recognizers.recognize
speech.recognizers.undelete
speech.recognizers.update
Stream Added stream.locations.get
stream.locations.list
stream.operations.cancel
stream.operations.delete
stream.operations.get
stream.operations.list
stream.streamContents.build
stream.streamContents.create
stream.streamContents.delete
stream.streamContents.get
stream.streamContents.list
stream.streamContents.update
stream.streamInstances.create
stream.streamInstances.delete
stream.streamInstances.get
stream.streamInstances.list
stream.streamInstances.rollout
stream.streamInstances.update
Stream Supported In Custom Roles stream.locations.get
stream.locations.list
stream.operations.cancel
stream.operations.delete
stream.operations.get
stream.operations.list
stream.streamContents.build
stream.streamContents.create
stream.streamContents.delete
stream.streamContents.get
stream.streamContents.list
stream.streamContents.update
stream.streamInstances.create
stream.streamInstances.delete
stream.streamInstances.get
stream.streamInstances.list
stream.streamInstances.rollout
stream.streamInstances.update
Stream Now GA stream.locations.get
stream.locations.list
stream.operations.cancel
stream.operations.delete
stream.operations.get
stream.operations.list
stream.streamContents.build
stream.streamContents.create
stream.streamContents.delete
stream.streamContents.get
stream.streamContents.list
stream.streamContents.update
stream.streamInstances.create
stream.streamInstances.delete
stream.streamInstances.get
stream.streamInstances.list
stream.streamInstances.rollout
stream.streamInstances.update

Cloud IAM changes as of 2022-08-26

Service Change Description
App Engine Now GA

The role roles/appengine.memcacheDataAdmin (App Engine Memcache Data Admin) is now GA.

Container Threat Detection Role Updated

The following permissions have been added to the role roles/containerthreatdetection.serviceAgent (Container Threat Detection Service Agent):

container.clusterRoles.escalate
container.customResourceDefinitions.create
container.customResourceDefinitions.delete
container.customResourceDefinitions.update
container.roles.bind
container.roles.create
container.roles.delete
container.roles.escalate
container.roles.update
Identity and Access Management Now GA

The role roles/iam.serviceAccountOpenIdTokenCreator (Service Account OpenID Connect Identity Token Creator) is now GA.

Cloud Integrations Role Updated

The following permissions have been added to the role roles/integrations.serviceAgent (Integrations Service Agent):

run.jobs.run
run.routes.invoke
Workload Manager Now GA

The role roles/workloadmanager.serviceAgent (Workload Manager Service Agent) is now GA.

Firebase In-App Messaging Campaigns Added firebasemessagingcampaigns.campaigns.create
firebasemessagingcampaigns.campaigns.delete
firebasemessagingcampaigns.campaigns.get
firebasemessagingcampaigns.campaigns.list
firebasemessagingcampaigns.campaigns.start
firebasemessagingcampaigns.campaigns.stop
firebasemessagingcampaigns.campaigns.update
Firebase In-App Messaging Campaigns Supported In Custom Roles firebasemessagingcampaigns.campaigns.create
firebasemessagingcampaigns.campaigns.delete
firebasemessagingcampaigns.campaigns.get
firebasemessagingcampaigns.campaigns.list
firebasemessagingcampaigns.campaigns.start
firebasemessagingcampaigns.campaigns.stop
firebasemessagingcampaigns.campaigns.update
Cloud Logging Added logging.links.create
logging.links.delete
logging.links.get
logging.links.list
Recommender Added recommender.cloudsqlInstancePerformanceInsights.get
recommender.cloudsqlInstancePerformanceInsights.list
recommender.cloudsqlInstancePerformanceInsights.update
recommender.cloudsqlInstancePerformanceRecommendations.get
recommender.cloudsqlInstancePerformanceRecommendations.list
recommender.cloudsqlInstancePerformanceRecommendations.update
Recommender Supported In Custom Roles recommender.cloudsqlInstancePerformanceInsights.get
recommender.cloudsqlInstancePerformanceInsights.list
recommender.cloudsqlInstancePerformanceInsights.update
recommender.cloudsqlInstancePerformanceRecommendations.get
recommender.cloudsqlInstancePerformanceRecommendations.list
recommender.cloudsqlInstancePerformanceRecommendations.update
Retail API Now GA retail.controls.create
retail.controls.delete
retail.controls.get
retail.controls.list
retail.controls.update
retail.servingConfigs.create
retail.servingConfigs.delete
retail.servingConfigs.get
retail.servingConfigs.list
retail.servingConfigs.update

Cloud IAM changes as of 2022-08-19

Service Change Description
Analytics Hub Now GA

The role roles/analyticshub.admin (Analytics Hub Admin) is now GA.

Analytics Hub Now GA

The role roles/analyticshub.listingAdmin (Analytics Hub Listing Admin) is now GA.

Analytics Hub Now GA

The role roles/analyticshub.publisher (Analytics Hub Publisher) is now GA.

Analytics Hub Now GA

The role roles/analyticshub.subscriber (Analytics Hub Subscriber) is now GA.

Analytics Hub Now GA

The role roles/analyticshub.viewer (Analytics Hub Viewer) is now GA.

Anthos Service Mesh Role Updated

The following permissions have been added to the role roles/anthosservicemesh.serviceAgent (Anthos Service Mesh Service Agent):

container.clusters.update
container.operations.get
gkehub.gateway.delete
gkehub.gateway.get
gkehub.gateway.patch
gkehub.gateway.post
gkehub.gateway.put
logging.logEntries.create
monitoring.metricDescriptors.create
monitoring.metricDescriptors.get
monitoring.metricDescriptors.list
monitoring.monitoredResourceDescriptors.get
monitoring.monitoredResourceDescriptors.list
monitoring.timeSeries.create
serviceusage.services.get
serviceusage.services.use
Recommendations AI Role Updated

The following permissions have been added to the role roles/automlrecommendations.serviceAgent (Recommendations AI Service Agent):

bigquery.tables.update
Contact Center AI Platform Now GA

The role roles/contactcenteraiplatform.admin (Contact Center AI Platform Admin) is now GA.

Contact Center AI Platform Now GA

The role roles/contactcenteraiplatform.viewer (Contact Center AI Platform Viewer) is now GA.

Google Kubernetes Engine Now GA

The role roles/container.nodeServiceAccount (Kubernetes Engine Node Service Account) is now GA.

Retail API Role Updated

The following permissions have been added to the role roles/retail.serviceAgent (Retail Service Agent):

bigquery.tables.update
Storage Transfer Service Role Updated

The following permissions have been added to the role roles/storagetransfer.transferAgent (Storage Transfer Agent):

monitoring.timeSeries.create
Analytics Hub Now GA analyticshub.dataExchanges.create
analyticshub.dataExchanges.delete
analyticshub.dataExchanges.get
analyticshub.dataExchanges.getIamPolicy
analyticshub.dataExchanges.list
analyticshub.dataExchanges.setIamPolicy
analyticshub.dataExchanges.update
analyticshub.listings.create
analyticshub.listings.delete
analyticshub.listings.get
analyticshub.listings.getIamPolicy
analyticshub.listings.list
analyticshub.listings.setIamPolicy
analyticshub.listings.subscribe
analyticshub.listings.update
Bare Metal Solution Added baremetalsolution.instances.detachLun
Bare Metal Solution Supported In Custom Roles baremetalsolution.instances.detachLun
Bare Metal Solution Now GA baremetalsolution.instances.detachLun
Google Cloud Deploy Added clouddeploy.jobRuns.get
clouddeploy.jobRuns.list
clouddeploy.rollouts.retryJob
Google Cloud Deploy Supported In Custom Roles clouddeploy.jobRuns.get
clouddeploy.jobRuns.list
clouddeploy.rollouts.retryJob
Contact Center AI Platform Added contactcenteraiplatform.contactCenters.create
contactcenteraiplatform.contactCenters.delete
contactcenteraiplatform.contactCenters.get
contactcenteraiplatform.contactCenters.list
contactcenteraiplatform.contactCenters.update
contactcenteraiplatform.locations.get
contactcenteraiplatform.locations.list
contactcenteraiplatform.operations.cancel
contactcenteraiplatform.operations.delete
contactcenteraiplatform.operations.get
contactcenteraiplatform.operations.list
Contact Center AI Platform Now GA contactcenteraiplatform.contactCenters.create
contactcenteraiplatform.contactCenters.delete
contactcenteraiplatform.contactCenters.get
contactcenteraiplatform.contactCenters.list
contactcenteraiplatform.contactCenters.update
contactcenteraiplatform.locations.get
contactcenteraiplatform.locations.list
contactcenteraiplatform.operations.cancel
contactcenteraiplatform.operations.delete
contactcenteraiplatform.operations.get
contactcenteraiplatform.operations.list
Content Warehouse Added contentwarehouse.operations.get
Firebase Added firebase.clients.undelete
Firebase Now GA firebase.clients.undelete
Identity and Access Management Added iam.workforcePoolProviders.create
iam.workforcePoolProviders.delete
iam.workforcePoolProviders.get
iam.workforcePoolProviders.list
iam.workforcePoolProviders.undelete
iam.workforcePoolProviders.update
iam.workforcePoolSubjects.delete
iam.workforcePoolSubjects.undelete
iam.workforcePools.create
iam.workforcePools.delete
iam.workforcePools.get
iam.workforcePools.getIamPolicy
iam.workforcePools.list
iam.workforcePools.setIamPolicy
iam.workforcePools.undelete
iam.workforcePools.update
Identity and Access Management Supported In Custom Roles iam.workforcePoolProviders.create
iam.workforcePoolProviders.delete
iam.workforcePoolProviders.get
iam.workforcePoolProviders.list
iam.workforcePoolProviders.undelete
iam.workforcePoolProviders.update
iam.workforcePoolSubjects.delete
iam.workforcePoolSubjects.undelete
iam.workforcePools.create
iam.workforcePools.delete
iam.workforcePools.get
iam.workforcePools.getIamPolicy
iam.workforcePools.list
iam.workforcePools.setIamPolicy
iam.workforcePools.undelete
iam.workforcePools.update
Identity and Access Management Added iam.googleapis.com/workforcePoolProviders.create
iam.googleapis.com/workforcePoolProviders.delete
iam.googleapis.com/workforcePoolProviders.get
iam.googleapis.com/workforcePoolProviders.list
iam.googleapis.com/workforcePoolProviders.undelete
iam.googleapis.com/workforcePoolProviders.update
iam.googleapis.com/workforcePoolSubjects.delete
iam.googleapis.com/workforcePoolSubjects.undelete
iam.googleapis.com/workforcePools.create
iam.googleapis.com/workforcePools.delete
iam.googleapis.com/workforcePools.get
iam.googleapis.com/workforcePools.getIamPolicy
iam.googleapis.com/workforcePools.list
iam.googleapis.com/workforcePools.setIamPolicy
iam.googleapis.com/workforcePools.undelete
iam.googleapis.com/workforcePools.update
Identity and Access Management Supported In Custom Roles iam.googleapis.com/workforcePoolProviders.create
iam.googleapis.com/workforcePoolProviders.delete
iam.googleapis.com/workforcePoolProviders.get
iam.googleapis.com/workforcePoolProviders.list
iam.googleapis.com/workforcePoolProviders.undelete
iam.googleapis.com/workforcePoolProviders.update
iam.googleapis.com/workforcePoolSubjects.delete
iam.googleapis.com/workforcePoolSubjects.undelete
iam.googleapis.com/workforcePools.create
iam.googleapis.com/workforcePools.delete
iam.googleapis.com/workforcePools.get
iam.googleapis.com/workforcePools.getIamPolicy
iam.googleapis.com/workforcePools.list
iam.googleapis.com/workforcePools.setIamPolicy
iam.googleapis.com/workforcePools.undelete
iam.googleapis.com/workforcePools.update
VM Migration Supported In Custom Roles vmmigration.cloneJobs.create
vmmigration.cloneJobs.get
vmmigration.cloneJobs.list
vmmigration.cloneJobs.update
vmmigration.cutoverJobs.create
vmmigration.cutoverJobs.get
vmmigration.cutoverJobs.list
vmmigration.cutoverJobs.update
vmmigration.datacenterConnectors.create
vmmigration.datacenterConnectors.delete
vmmigration.datacenterConnectors.get
vmmigration.datacenterConnectors.list
vmmigration.groups.create
vmmigration.groups.delete
vmmigration.groups.get
vmmigration.groups.list
vmmigration.groups.update
vmmigration.locations.get
vmmigration.locations.list
vmmigration.migratingVms.create
vmmigration.migratingVms.delete
vmmigration.migratingVms.list
vmmigration.migratingVms.update
vmmigration.operations.cancel
vmmigration.operations.delete
vmmigration.operations.get
vmmigration.operations.list
vmmigration.sources.create
vmmigration.sources.delete
vmmigration.sources.get
vmmigration.sources.list
vmmigration.sources.update
vmmigration.targets.create
vmmigration.targets.delete
vmmigration.targets.get
vmmigration.targets.list
vmmigration.targets.update
vmmigration.utilizationReports.create
vmmigration.utilizationReports.delete
vmmigration.utilizationReports.get
vmmigration.utilizationReports.list
Workload Manager Added workloadmanager.evaluations.create
workloadmanager.evaluations.delete
workloadmanager.evaluations.get
workloadmanager.evaluations.list
workloadmanager.evaluations.run
workloadmanager.evaluations.update
workloadmanager.executions.delete
workloadmanager.executions.get
workloadmanager.executions.list
workloadmanager.locations.get
workloadmanager.locations.list
workloadmanager.operations.cancel
workloadmanager.operations.delete
workloadmanager.operations.get
workloadmanager.operations.list
workloadmanager.results.list
workloadmanager.rules.list
Workload Manager Supported In Custom Roles workloadmanager.evaluations.create
workloadmanager.evaluations.delete
workloadmanager.evaluations.get
workloadmanager.evaluations.list
workloadmanager.evaluations.run
workloadmanager.evaluations.update
workloadmanager.executions.delete
workloadmanager.executions.get
workloadmanager.executions.list
workloadmanager.locations.get
workloadmanager.locations.list
workloadmanager.operations.cancel
workloadmanager.operations.delete
workloadmanager.operations.get
workloadmanager.operations.list
workloadmanager.results.list
workloadmanager.rules.list

Cloud IAM changes as of 2022-08-12

Service Change Description
AI Platform Role Updated

The following permissions have been added to the role roles/aiplatform.serviceAgent (Vertex AI Service Agent):

bigquery.models.create
bigquery.models.getData
bigquery.readsessions.getData
Connectors Now GA

The role roles/connectors.invoker (Connector Invoker) is now GA.

Firebase App Check Role Updated

The following permissions have been added to the role roles/firebaseappcheck.serviceAgent (Firebase App Check Service Agent):

serviceusage.services.use
Cloud Integrations Role Updated

The following permissions have been added to the role roles/integrations.serviceAgent (Integrations Service Agent):

connectors.actions.execute
connectors.actions.list
connectors.connections.executeSqlQuery
connectors.entities.create
connectors.entities.delete
connectors.entities.deleteEntitiesWithConditions
connectors.entities.get
connectors.entities.list
connectors.entities.update
connectors.entities.updateEntitiesWithConditions
connectors.entityTypes.list
integrations.apigeeSuspensions.lift
integrations.authConfigs.create
integrations.authConfigs.delete
integrations.authConfigs.get
integrations.authConfigs.list
integrations.authConfigs.update
integrations.certificates.create
integrations.certificates.delete
integrations.certificates.get
integrations.certificates.list
integrations.certificates.update
integrations.executions.list
integrations.integrationVersions.create
integrations.integrationVersions.delete
integrations.integrationVersions.deploy
integrations.integrationVersions.get
integrations.integrationVersions.list
integrations.integrationVersions.update
integrations.integrations.create
integrations.integrations.delete
integrations.integrations.deploy
integrations.integrations.get
integrations.integrations.list
integrations.integrations.update
integrations.sfdcChannels.create
integrations.sfdcChannels.delete
integrations.sfdcChannels.get
integrations.sfdcChannels.list
integrations.sfdcChannels.update
integrations.sfdcInstances.create
integrations.sfdcInstances.delete
integrations.sfdcInstances.get
integrations.sfdcInstances.list
integrations.sfdcInstances.update
integrations.suspensions.lift
integrations.suspensions.list
integrations.suspensions.resolve
pubsub.schemas.attach
pubsub.schemas.create
pubsub.schemas.delete
pubsub.schemas.get
pubsub.schemas.list
pubsub.schemas.validate
pubsub.snapshots.get
pubsub.snapshots.list
pubsub.snapshots.seek
pubsub.topics.attachSubscription
pubsub.topics.get
pubsub.topics.list
pubsub.topics.publish
resourcemanager.projects.get
resourcemanager.projects.list
serviceusage.quotas.get
serviceusage.services.get
serviceusage.services.list
Google Cloud Migration Center Now GA

The role roles/migrationcenter.serviceAgent (Migration Center Service Agent) is now GA.

Cloud Bigtable Added bigtable.instances.createTagBinding
bigtable.instances.deleteTagBinding
bigtable.instances.listEffectiveTags
bigtable.instances.listTagBindings
Cloud Bigtable Now GA bigtable.instances.createTagBinding
bigtable.instances.deleteTagBinding
bigtable.instances.listEffectiveTags
bigtable.instances.listTagBindings
Connectors Added connectors.actions.execute
connectors.actions.list
connectors.connections.executeSqlQuery
connectors.entities.create
connectors.entities.delete
connectors.entities.deleteEntitiesWithConditions
connectors.entities.get
connectors.entities.list
connectors.entities.update
connectors.entities.updateEntitiesWithConditions
connectors.entityTypes.list
Connectors Supported In Custom Roles connectors.actions.execute
connectors.actions.list
connectors.connections.executeSqlQuery
connectors.entities.create
connectors.entities.delete
connectors.entities.deleteEntitiesWithConditions
connectors.entities.get
connectors.entities.list
connectors.entities.update
connectors.entities.updateEntitiesWithConditions
connectors.entityTypes.list
Connectors Now GA connectors.actions.execute
connectors.actions.list
connectors.connections.executeSqlQuery
connectors.entities.create
connectors.entities.delete
connectors.entities.deleteEntitiesWithConditions
connectors.entities.get
connectors.entities.list
connectors.entities.update
connectors.entities.updateEntitiesWithConditions
connectors.entityTypes.list
Google Cloud Migration Center Added migrationcenter.assets.create
migrationcenter.assets.delete
migrationcenter.assets.get
migrationcenter.assets.list
migrationcenter.assets.reportFrames
migrationcenter.assets.update
migrationcenter.groups.create
migrationcenter.groups.delete
migrationcenter.groups.get
migrationcenter.groups.list
migrationcenter.groups.update
migrationcenter.importJobs.create
migrationcenter.importJobs.delete
migrationcenter.importJobs.get
migrationcenter.importJobs.list
migrationcenter.importJobs.update
migrationcenter.locations.get
migrationcenter.locations.list
migrationcenter.operations.cancel
migrationcenter.operations.delete
migrationcenter.operations.get
migrationcenter.operations.list
migrationcenter.sources.create
migrationcenter.sources.delete
migrationcenter.sources.get
migrationcenter.sources.list
migrationcenter.sources.update
Google Cloud Migration Center Supported In Custom Roles migrationcenter.assets.create
migrationcenter.assets.delete
migrationcenter.assets.get
migrationcenter.assets.list
migrationcenter.assets.reportFrames
migrationcenter.assets.update
migrationcenter.groups.create
migrationcenter.groups.delete
migrationcenter.groups.get
migrationcenter.groups.list
migrationcenter.groups.update
migrationcenter.importJobs.create
migrationcenter.importJobs.delete
migrationcenter.importJobs.get
migrationcenter.importJobs.list
migrationcenter.importJobs.update
migrationcenter.locations.get
migrationcenter.locations.list
migrationcenter.operations.cancel
migrationcenter.operations.delete
migrationcenter.operations.get
migrationcenter.operations.list
migrationcenter.sources.create
migrationcenter.sources.delete
migrationcenter.sources.get
migrationcenter.sources.list
migrationcenter.sources.update
Retail API Now GA retail.attributesConfigs.addCatalogAttribute
retail.attributesConfigs.get
retail.attributesConfigs.removeCatalogAttribute
retail.attributesConfigs.replaceCatalogAttribute
retail.attributesConfigs.update

Cloud IAM changes as of 2022-08-05

Service Change Description
Artifact Registry Role Updated

The following permissions have been added to the role roles/artifactregistry.serviceAgent (Artifact Registry Service Agent):

artifactregistry.versions.delete
Backup and Disaster Recovery Now GA

The role roles/backupdr.admin (Backup and DR Admin) is now GA.

Backup and Disaster Recovery Now GA

The role roles/backupdr.user (Backup and DR User) is now GA.

Backup and Disaster Recovery Now GA

The role roles/backupdr.viewer (Backup and DR Viewer) is now GA.

Multi Cluster Ingress Role Updated

The following permissions have been added to the role roles/multiclusteringress.serviceAgent (Multi Cluster Ingress Service Agent):

container.customResourceDefinitions.list
Backup and Disaster Recovery Added backupdr.locations.get
backupdr.locations.list
backupdr.managementServers.backupAccess
backupdr.managementServers.create
backupdr.managementServers.delete
backupdr.managementServers.get
backupdr.managementServers.getIamPolicy
backupdr.managementServers.list
backupdr.managementServers.manageInternalACL
backupdr.managementServers.setIamPolicy
backupdr.operations.cancel
backupdr.operations.delete
backupdr.operations.get
backupdr.operations.list
Backup and Disaster Recovery Supported In Custom Roles backupdr.locations.get
backupdr.locations.list
backupdr.managementServers.backupAccess
backupdr.managementServers.create
backupdr.managementServers.delete
backupdr.managementServers.get
backupdr.managementServers.getIamPolicy
backupdr.managementServers.list
backupdr.managementServers.manageInternalACL
backupdr.managementServers.setIamPolicy
backupdr.operations.cancel
backupdr.operations.delete
backupdr.operations.get
backupdr.operations.list
Backup and Disaster Recovery Now GA backupdr.locations.get
backupdr.locations.list
backupdr.managementServers.backupAccess
backupdr.managementServers.create
backupdr.managementServers.delete
backupdr.managementServers.get
backupdr.managementServers.getIamPolicy
backupdr.managementServers.list
backupdr.managementServers.manageInternalACL
backupdr.managementServers.setIamPolicy
backupdr.operations.cancel
backupdr.operations.delete
backupdr.operations.get
backupdr.operations.list
Commerce Offer Catalog Added commerceoffercatalog.documents.get
Cloud Commerce Consumer Procurement Added consumerprocurement.consents.check
consumerprocurement.consents.grant
consumerprocurement.consents.list
consumerprocurement.consents.revoke
Maps Admin Added mapsadmin.styleSnapshots.list
mapsadmin.styleSnapshots.update
Maps Admin Now GA mapsadmin.styleSnapshots.list
mapsadmin.styleSnapshots.update

Cloud IAM changes as of 2022-07-29

Service Change Description
Network Management API Role Updated

The following permissions have been added to the role roles/networkmanagement.admin (Network Management Admin):

resourcemanager.organizations.get
Network Management API Role Updated

The following permissions have been added to the role roles/networkmanagement.viewer (Network Management Viewer):

resourcemanager.organizations.get
Cloud Run Role Updated

The following permissions have been added to the role roles/run.serviceAgent (Cloud Run Service Agent):

compute.networks.get
Cloud Run Role Updated

The following permissions have been added to the role roles/serverless.serviceAgent (Cloud Run Service Agent):

compute.networks.get
Assured Workloads Added assuredworkloads.violations.update
Assured Workloads Supported In Custom Roles assuredworkloads.violations.update
Assured Workloads Now GA assuredworkloads.violations.update
Cloud Asset Inventory Added cloudasset.assets.exportOSInventories
Cloud Asset Inventory Supported In Custom Roles cloudasset.assets.exportOSInventories
Cloud Asset Inventory Now GA cloudasset.assets.exportOSInventories
Translation Added cloudtranslate.glossaries.update
cloudtranslate.glossaryentries.create
cloudtranslate.glossaryentries.delete
cloudtranslate.glossaryentries.get
cloudtranslate.glossaryentries.list
cloudtranslate.glossaryentries.update
Translation Supported In Custom Roles cloudtranslate.glossaries.update
Translation Now GA cloudtranslate.glossaries.update
cloudtranslate.glossaryentries.create
cloudtranslate.glossaryentries.delete
cloudtranslate.glossaryentries.get
cloudtranslate.glossaryentries.list
cloudtranslate.glossaryentries.update
Compute Engine Added compute.regionTargetHttpsProxies.update
compute.targetHttpsProxies.update
Compute Engine Now GA compute.regionTargetHttpsProxies.update
compute.targetHttpsProxies.update
Timeseries Insights Added timeseriesinsights.locations.get
timeseriesinsights.locations.list
Timeseries Insights Supported In Custom Roles timeseriesinsights.locations.get
timeseriesinsights.locations.list

Cloud IAM changes as of 2022-07-22

Service Change Description
Cloud Billing Role Updated

The following permissions have been added to the role roles/billing.admin (Billing Account Administrator):

cloudsupport.properties.get
cloudsupport.techCases.create
cloudsupport.techCases.escalate
cloudsupport.techCases.get
cloudsupport.techCases.list
cloudsupport.techCases.update
resourcemanager.projects.get
resourcemanager.projects.list
Workload Certificate Role Updated

The following permissions have been added to the role roles/workloadcertificate.serviceAgent (Workload Certificate Service Agent):

container.customResourceDefinitions.create
container.customResourceDefinitions.get
container.customResourceDefinitions.list
Bare Metal Solution Added baremetalsolution.volumes.resize
Bare Metal Solution Supported In Custom Roles baremetalsolution.volumes.resize
Bare Metal Solution Now GA baremetalsolution.volumes.resize
Eventarc Added eventarc.channels.attach
eventarc.googleChannelConfigs.get
eventarc.googleChannelConfigs.update
Eventarc Supported In Custom Roles eventarc.channels.attach
eventarc.googleChannelConfigs.get
eventarc.googleChannelConfigs.update
Firebase Realtime Database Added firebasedatabase.instances.delete
firebasedatabase.instances.disable
firebasedatabase.instances.reenable
firebasedatabase.instances.undelete
Firebase Realtime Database Supported In Custom Roles firebasedatabase.instances.delete
firebasedatabase.instances.disable
firebasedatabase.instances.reenable
firebasedatabase.instances.undelete
Firebase Realtime Database Now GA firebasedatabase.instances.delete
firebasedatabase.instances.disable
firebasedatabase.instances.reenable
firebasedatabase.instances.undelete
Retail API Added retail.servingConfigs.predict
retail.servingConfigs.search

Cloud IAM changes as of 2022-07-15

Service Change Description
AI Platform Role Updated

The following permissions have been added to the role roles/aiplatform.admin (Vertex AI Administrator):

aiplatform.entityTypes.getIamPolicy
aiplatform.entityTypes.setIamPolicy
aiplatform.featurestores.getIamPolicy
aiplatform.featurestores.setIamPolicy
Google Kubernetes Engine Now GA

The role roles/container.nodeServiceAgent (Kubernetes Engine Node Service Agent) is now GA.

Eventarc Role Updated

The following permissions have been added to the role roles/eventarc.serviceAgent (Eventarc Service Agent):

cloudfunctions.functions.get
Identity-Aware Proxy Now GA

The role roles/iap.tunnelDestGroupEditor (IAP-secured Tunnel Destination Group Editor) is now GA.

Identity-Aware Proxy Now GA

The role roles/iap.tunnelDestGroupViewer (IAP-secured Tunnel Destination Group Viewer) is now GA.

Cloud Integrations Now GA

The role roles/integrations.certificateViewer (Certificate Viewer) is now GA.

Cloud Integrations Now GA

The role roles/integrations.integrationAdmin (Application Integration Admin) is now GA.

Cloud Integrations Now GA

The role roles/integrations.integrationDeployer (Application Integration Deployer) is now GA.

Cloud Integrations Now GA

The role roles/integrations.integrationEditor (Application Integration Editor) is now GA.

Cloud Integrations Now GA

The role roles/integrations.integrationInvoker (Application Integration Invoker) is now GA.

Cloud Integrations Now GA

The role roles/integrations.integrationViewer (Application Integration Viewer) is now GA.

Cloud Integrations Now GA

The role roles/integrations.sfdcInstanceAdmin (Application Integration SFDC Instance Admin) is now GA.

Cloud Integrations Now GA

The role roles/integrations.sfdcInstanceEditor (Application Integration SFDC Instance Editor) is now GA.

Cloud Integrations Now GA

The role roles/integrations.sfdcInstanceViewer (Application Integration SFDC Instance Viewer) is now GA.

Cloud Integrations Now GA

The role roles/integrations.suspensionResolver (Application Integration Suspension Resolver) is now GA.

Anthos Service Mesh control plane Role Updated

The following permissions have been added to the role roles/meshcontrolplane.serviceAgent (Mesh Managed Control Plane Service Agent):

container.clusters.update
Visual Inspection AI Role Updated

The following permissions have been added to the role roles/visualinspection.serviceAgent (Visual Inspection AI Service Agent):

aiplatform.entityTypes.getIamPolicy
aiplatform.entityTypes.setIamPolicy
aiplatform.featurestores.getIamPolicy
aiplatform.featurestores.setIamPolicy
AI Platform Added aiplatform.entityTypes.deleteFeatureValues
BeyondCorp Enterprise Added beyondcorp.appConnections.create
beyondcorp.appConnections.delete
beyondcorp.appConnections.get
beyondcorp.appConnections.getIamPolicy
beyondcorp.appConnections.list
beyondcorp.appConnections.setIamPolicy
beyondcorp.appConnections.update
beyondcorp.appConnectors.create
beyondcorp.appConnectors.delete
beyondcorp.appConnectors.get
beyondcorp.appConnectors.getIamPolicy
beyondcorp.appConnectors.list
beyondcorp.appConnectors.reportStatus
beyondcorp.appConnectors.setIamPolicy
beyondcorp.appConnectors.update
beyondcorp.appGateways.create
beyondcorp.appGateways.delete
beyondcorp.appGateways.get
beyondcorp.appGateways.getIamPolicy
beyondcorp.appGateways.list
beyondcorp.appGateways.setIamPolicy
beyondcorp.appGateways.update
beyondcorp.clientConnectorServices.access
beyondcorp.clientConnectorServices.create
beyondcorp.clientConnectorServices.delete
beyondcorp.clientConnectorServices.get
beyondcorp.clientConnectorServices.getIamPolicy
beyondcorp.clientConnectorServices.list
beyondcorp.clientConnectorServices.setIamPolicy
beyondcorp.clientConnectorServices.update
beyondcorp.clientGateways.create
beyondcorp.clientGateways.delete
beyondcorp.clientGateways.get
beyondcorp.clientGateways.getIamPolicy
beyondcorp.clientGateways.list
beyondcorp.clientGateways.setIamPolicy
beyondcorp.locations.get
beyondcorp.locations.list
beyondcorp.operations.cancel
beyondcorp.operations.delete
beyondcorp.operations.get
beyondcorp.operations.list
BeyondCorp Enterprise Supported In Custom Roles beyondcorp.appConnections.create
beyondcorp.appConnections.delete
beyondcorp.appConnections.get
beyondcorp.appConnections.getIamPolicy
beyondcorp.appConnections.list
beyondcorp.appConnections.setIamPolicy
beyondcorp.appConnections.update
beyondcorp.appConnectors.create
beyondcorp.appConnectors.delete
beyondcorp.appConnectors.get
beyondcorp.appConnectors.getIamPolicy
beyondcorp.appConnectors.list
beyondcorp.appConnectors.reportStatus
beyondcorp.appConnectors.setIamPolicy
beyondcorp.appConnectors.update
beyondcorp.appGateways.create
beyondcorp.appGateways.delete
beyondcorp.appGateways.get
beyondcorp.appGateways.getIamPolicy
beyondcorp.appGateways.list
beyondcorp.appGateways.setIamPolicy
beyondcorp.appGateways.update
beyondcorp.clientConnectorServices.access
beyondcorp.clientConnectorServices.create
beyondcorp.clientConnectorServices.delete
beyondcorp.clientConnectorServices.get
beyondcorp.clientConnectorServices.getIamPolicy
beyondcorp.clientConnectorServices.list
beyondcorp.clientConnectorServices.setIamPolicy
beyondcorp.clientConnectorServices.update
beyondcorp.clientGateways.create
beyondcorp.clientGateways.delete
beyondcorp.clientGateways.get
beyondcorp.clientGateways.getIamPolicy
beyondcorp.clientGateways.list
beyondcorp.clientGateways.setIamPolicy
beyondcorp.locations.get
beyondcorp.locations.list
beyondcorp.operations.cancel
beyondcorp.operations.delete
beyondcorp.operations.get
beyondcorp.operations.list
Identity-Aware Proxy Now GA iap.tunnelDestGroups.accessViaIAP
iap.tunnelDestGroups.create
iap.tunnelDestGroups.delete
iap.tunnelDestGroups.get
iap.tunnelDestGroups.getIamPolicy
iap.tunnelDestGroups.list
iap.tunnelDestGroups.setIamPolicy
iap.tunnelDestGroups.update
iap.tunnelLocations.getIamPolicy
iap.tunnelLocations.setIamPolicy
Cloud Integrations Added integrations.authConfigs.create
integrations.authConfigs.delete
integrations.authConfigs.get
integrations.authConfigs.list
integrations.authConfigs.update
integrations.certificates.create
integrations.certificates.delete
integrations.certificates.get
integrations.certificates.list
integrations.certificates.update
integrations.executions.list
integrations.integrationVersions.create
integrations.integrationVersions.delete
integrations.integrationVersions.deploy
integrations.integrationVersions.get
integrations.integrationVersions.invoke
integrations.integrationVersions.list
integrations.integrationVersions.update
integrations.integrations.create
integrations.integrations.delete
integrations.integrations.deploy
integrations.integrations.get
integrations.integrations.invoke
integrations.integrations.list
integrations.integrations.update
integrations.sfdcChannels.create
integrations.sfdcChannels.delete
integrations.sfdcChannels.get
integrations.sfdcChannels.list
integrations.sfdcChannels.update
integrations.sfdcInstances.create
integrations.sfdcInstances.delete
integrations.sfdcInstances.get
integrations.sfdcInstances.list
integrations.sfdcInstances.update
integrations.suspensions.lift
integrations.suspensions.list
integrations.suspensions.resolve
Cloud Integrations Now GA integrations.authConfigs.create
integrations.authConfigs.delete
integrations.authConfigs.get
integrations.authConfigs.list
integrations.authConfigs.update
integrations.certificates.create
integrations.certificates.delete
integrations.certificates.get
integrations.certificates.list
integrations.certificates.update
integrations.executions.list
integrations.integrationVersions.create
integrations.integrationVersions.delete
integrations.integrationVersions.deploy
integrations.integrationVersions.get
integrations.integrationVersions.invoke
integrations.integrationVersions.list
integrations.integrationVersions.update
integrations.integrations.create
integrations.integrations.delete
integrations.integrations.deploy
integrations.integrations.get
integrations.integrations.invoke
integrations.integrations.list
integrations.integrations.update
integrations.sfdcChannels.create
integrations.sfdcChannels.delete
integrations.sfdcChannels.get
integrations.sfdcChannels.list
integrations.sfdcChannels.update
integrations.sfdcInstances.create
integrations.sfdcInstances.delete
integrations.sfdcInstances.get
integrations.sfdcInstances.list
integrations.sfdcInstances.update
integrations.suspensions.lift
integrations.suspensions.list
integrations.suspensions.resolve
Secured Landing Zone Added securedlandingzone.operations.get
securedlandingzone.overwatches.activate
securedlandingzone.overwatches.create
securedlandingzone.overwatches.delete
securedlandingzone.overwatches.get
securedlandingzone.overwatches.list
securedlandingzone.overwatches.suspend
securedlandingzone.overwatches.update
Secured Landing Zone Supported In Custom Roles securedlandingzone.overwatches.activate
securedlandingzone.overwatches.suspend

Cloud IAM changes as of 2022-06-24

Service Change Description
Anthos Config Management Role Updated

The following permissions have been added to the role roles/anthosconfigmanagement.serviceAgent (Anthos Config Management Service Agent):

container.clusters.get
Batch API Now GA

The role roles/batch.serviceAgent (Google Batch Service Agent) is now GA.

Firebase Test Lab Role Updated

The following permissions have been added to the role roles/cloudtestservice.testAdmin (Firebase Test Lab Admin):

storage.objects.delete
Apigee Added apigee.securityProfileEnvironments.computeScore
apigee.securityProfileEnvironments.create
apigee.securityProfileEnvironments.delete
apigee.securityProfiles.get
apigee.securityProfiles.list
apigee.securityStats.queryTabularStats
apigee.securityStats.queryTimeSeriesStats
Apigee Now GA apigee.securityProfileEnvironments.computeScore
apigee.securityProfileEnvironments.create
apigee.securityProfileEnvironments.delete
apigee.securityProfiles.get
apigee.securityProfiles.list
apigee.securityStats.queryTabularStats
apigee.securityStats.queryTimeSeriesStats

Cloud IAM changes as of 2022-06-17

Service Change Description
Care Studio Now GA

The role roles/carestudio.viewer (Care Studio Patients Viewer) is now GA.

Translation Role Updated

The following permissions have been added to the role roles/cloudtranslate.serviceAgent (Cloud Translation API Service Agent):

automl.datasets.export
automl.datasets.get
automl.datasets.list
automl.models.get
automl.models.list
automl.operations.get
Cloud Composer Role Updated

The following permissions have been added to the role roles/composer.serviceAgent (Cloud Composer API Service Agent):

resourcemanager.projects.getIamPolicy
Google Kubernetes Engine Role Updated

The following permissions have been added to the role roles/container.serviceAgent (Kubernetes Engine Service Agent):

dns.managedZones.getIamPolicy
dns.policies.getIamPolicy
Dialogflow Role Updated

The following permissions have been added to the role roles/dialogflow.serviceAgent (Dialogflow Service Agent):

pubsub.snapshots.seek
pubsub.subscriptions.consume
pubsub.topics.attachSubscription
Cloud DNS Role Updated

The following permissions have been added to the role roles/dns.admin (DNS Administrator):

dns.managedZones.getIamPolicy
dns.policies.getIamPolicy
Document AI Role Updated

The following permissions have been added to the role roles/documentaicore.serviceAgent (DocumentAI Core Service Agent):

documentai.humanReviewConfigs.review
Basic Role Role Updated

The following permissions have been added to the role roles/editor (Editor):

dns.managedZones.getIamPolicy
dns.policies.getIamPolicy
Cloud Integrations Role Updated

The following permissions have been added to the role roles/integrations.serviceAgent (Integrations Service Agent):

pubsub.snapshots.create
pubsub.snapshots.delete
pubsub.snapshots.update
pubsub.topics.create
pubsub.topics.delete
pubsub.topics.detachSubscription
pubsub.topics.update
pubsub.topics.updateTag
Service Networking Role Updated

The following permissions have been added to the role roles/servicenetworking.serviceAgent (Service Networking Service Agent):

dns.managedZones.getIamPolicy
dns.policies.getIamPolicy
Basic Role Role Updated

The following permissions have been added to the role roles/viewer (Viewer):

dns.managedZones.getIamPolicy
dns.policies.getIamPolicy
Basic Role Role Updated

The following permissions have been removed from the role roles/viewer (Viewer):

apigee.archivedeployments.upload
Bare Metal Solution Added baremetalsolution.instancequotas.list
baremetalsolution.networkquotas.list
baremetalsolution.volumequotas.list
Bare Metal Solution Supported In Custom Roles baremetalsolution.instancequotas.list
baremetalsolution.networkquotas.list
baremetalsolution.volumequotas.list
Bare Metal Solution Now GA baremetalsolution.instancequotas.list
baremetalsolution.networkquotas.list
baremetalsolution.volumequotas.list
Batch API Added batch.jobs.create
batch.jobs.delete
batch.jobs.get
batch.jobs.list
batch.locations.get
batch.locations.list
batch.operations.get
batch.operations.list
batch.states.report
batch.tasks.get
batch.tasks.list
Batch API Supported In Custom Roles batch.jobs.create
batch.jobs.delete
batch.jobs.get
batch.jobs.list
batch.locations.get
batch.locations.list
batch.operations.get
batch.operations.list
batch.states.report
batch.tasks.get
batch.tasks.list
BigQuery Supported In Custom Roles bigquery.dataPolicies.create
bigquery.dataPolicies.delete
bigquery.dataPolicies.get
bigquery.dataPolicies.getIamPolicy
bigquery.dataPolicies.list
bigquery.dataPolicies.maskedGet
bigquery.dataPolicies.setIamPolicy
bigquery.dataPolicies.update
Cloud Bigtable Added bigtable.tables.undelete
Cloud Bigtable Now GA bigtable.tables.undelete
Care Studio Now GA carestudio.patients.get
carestudio.patients.list
Cloud Integrations Added integrations.apigeeSuspensions.lift
Cloud Integrations Now GA integrations.apigeeSuspensions.lift
Service Networking Added servicenetworking.services.createPeeredDnsDomain
servicenetworking.services.deletePeeredDnsDomain
servicenetworking.services.listPeeredDnsDomains
Service Networking Supported In Custom Roles servicenetworking.services.createPeeredDnsDomain
servicenetworking.services.deletePeeredDnsDomain
servicenetworking.services.listPeeredDnsDomains
Timeseries Insights Added timeseriesinsights.datasets.create
timeseriesinsights.datasets.delete
timeseriesinsights.datasets.evaluate
timeseriesinsights.datasets.list
timeseriesinsights.datasets.query
timeseriesinsights.datasets.update

Cloud IAM changes as of 2022-06-10

Service Change Description
App Engine Role Updated

The following permissions have been added to the role roles/appengine.appAdmin (App Engine Admin):

appengine.memcache.addKey
appengine.memcache.flush
appengine.memcache.get
appengine.memcache.update
Cloud Composer Role Updated

The following permissions have been added to the role roles/composer.serviceAgent (Cloud Composer API Service Agent):

appengine.memcache.addKey
appengine.memcache.flush
appengine.memcache.get
appengine.memcache.update
Compute Engine Role Updated

The following permissions have been added to the role roles/compute.serviceAgent (Compute Engine Service Agent):

storage.objects.create
storage.objects.get
storage.objects.list
storage.objects.update
Dataplex Role Updated

The following permissions have been added to the role roles/dataplex.admin (Dataplex Administrator):

cloudasset.assets.analyzeIamPolicy
cloudasset.assets.searchAllIamPolicies
cloudasset.assets.searchAllResources
Dataplex Role Updated

The following permissions have been added to the role roles/dataplex.editor (Dataplex Editor):

cloudasset.assets.analyzeIamPolicy
Dataplex Role Updated

The following permissions have been added to the role roles/dataplex.viewer (Dataplex Viewer):

cloudasset.assets.analyzeIamPolicy
Cloud Integrations Now GA

The role roles/integrations.serviceAgent (Integrations Service Agent) is now GA.

Dataproc Metastore Now GA

The role roles/metastore.federationAccessor (Metastore Federation Accessor) is now GA.

Resource Manager Now GA

The role roles/resourcemanager.tagAdmin (Tag Administrator) is now GA.

Resource Manager Now GA

The role roles/resourcemanager.tagHoldAdmin (Tag Hold Administrator) is now GA.

Resource Manager Now GA

The role roles/resourcemanager.tagUser (Tag User) is now GA.

Resource Manager Now GA

The role roles/resourcemanager.tagViewer (Tag Viewer) is now GA.

Access Approval Added accessapproval.requests.invalidate
Access Approval Supported In Custom Roles accessapproval.requests.invalidate
AlloyDB for PostgreSQL Added alloydb.backups.create
alloydb.backups.delete
alloydb.backups.get
alloydb.backups.list
alloydb.backups.update
alloydb.clusters.create
alloydb.clusters.delete
alloydb.clusters.generateClientCertificate
alloydb.clusters.get
alloydb.clusters.list
alloydb.clusters.update
alloydb.instances.connect
alloydb.instances.create
alloydb.instances.delete
alloydb.instances.failover
alloydb.instances.get
alloydb.instances.list
alloydb.instances.restart
alloydb.instances.update
alloydb.locations.get
alloydb.locations.list
alloydb.operations.cancel
alloydb.operations.delete
alloydb.operations.get
alloydb.operations.list
alloydb.supportedDatabaseFlags.get
alloydb.supportedDatabaseFlags.list
Artifact Registry Added artifactregistry.mavenartifacts.get
artifactregistry.mavenartifacts.list
artifactregistry.npmpackages.get
artifactregistry.npmpackages.list
artifactregistry.pythonpackages.get
artifactregistry.pythonpackages.list
Artifact Registry Now GA artifactregistry.mavenartifacts.get
artifactregistry.mavenartifacts.list
artifactregistry.npmpackages.get
artifactregistry.npmpackages.list
artifactregistry.pythonpackages.get
artifactregistry.pythonpackages.list
AutoML Added automl.files.delete
automl.files.list
Bare Metal Solution Added baremetalsolution.instances.attachVolume
baremetalsolution.instances.detachVolume
Bare Metal Solution Supported In Custom Roles baremetalsolution.instances.attachVolume
baremetalsolution.instances.detachVolume
Bare Metal Solution Now GA baremetalsolution.instances.attachVolume
baremetalsolution.instances.detachVolume
Cloud Billing Added billing.accounts.getCarbonInformation
Cloud Billing Supported In Custom Roles billing.accounts.getCarbonInformation
Cloud Billing Now GA billing.accounts.getCarbonInformation
Google Cloud Deploy Added clouddeploy.releases.abandon
Google Cloud Deploy Supported In Custom Roles clouddeploy.releases.abandon
Commerce Price Management Added commerceprice.privateoffers.cancel
Commerce Price Management Supported In Custom Roles commerceprice.privateoffers.cancel
Datastream Added datastream.connectionProfiles.createTagBinding
datastream.connectionProfiles.deleteTagBinding
datastream.connectionProfiles.listEffectiveTags
datastream.connectionProfiles.listTagBindings
datastream.privateConnections.createTagBinding
datastream.privateConnections.deleteTagBinding
datastream.privateConnections.listEffectiveTags
datastream.privateConnections.listTagBindings
datastream.streams.createTagBinding
datastream.streams.deleteTagBinding
datastream.streams.listEffectiveTags
datastream.streams.listTagBindings
Cloud DNS Added dns.managedZones.getIamPolicy
dns.managedZones.setIamPolicy
Cloud DNS Supported In Custom Roles dns.managedZones.getIamPolicy
dns.managedZones.setIamPolicy
Identity and Access Management Added iam.serviceAccountKeys.disable
iam.serviceAccountKeys.enable
Identity and Access Management Supported In Custom Roles iam.serviceAccountKeys.disable
iam.serviceAccountKeys.enable
Identity and Access Management Now GA iam.serviceAccountKeys.disable
iam.serviceAccountKeys.enable
Dataproc Metastore Added metastore.federations.create
metastore.federations.delete
metastore.federations.get
metastore.federations.getIamPolicy
metastore.federations.list
metastore.federations.setIamPolicy
metastore.federations.update
metastore.federations.use
Dataproc Metastore Supported In Custom Roles metastore.federations.create
metastore.federations.delete
metastore.federations.get
metastore.federations.getIamPolicy
metastore.federations.list
metastore.federations.setIamPolicy
metastore.federations.update
metastore.federations.use
Dataproc Metastore Now GA metastore.federations.create
metastore.federations.delete
metastore.federations.get
metastore.federations.getIamPolicy
metastore.federations.list
metastore.federations.setIamPolicy
metastore.federations.update
metastore.federations.use
Resource Manager Now GA resourcemanager.hierarchyNodes.createTagBinding
resourcemanager.hierarchyNodes.deleteTagBinding
resourcemanager.hierarchyNodes.listTagBindings
resourcemanager.resourceTagBindings.create
resourcemanager.resourceTagBindings.delete
resourcemanager.resourceTagBindings.list
resourcemanager.tagHolds.create
resourcemanager.tagHolds.delete
resourcemanager.tagHolds.list
resourcemanager.tagKeys.create
resourcemanager.tagKeys.delete
resourcemanager.tagKeys.get
resourcemanager.tagKeys.getIamPolicy
resourcemanager.tagKeys.list
resourcemanager.tagKeys.setIamPolicy
resourcemanager.tagKeys.update
resourcemanager.tagValueBindings.create
resourcemanager.tagValueBindings.delete
resourcemanager.tagValues.create
resourcemanager.tagValues.delete
resourcemanager.tagValues.get
resourcemanager.tagValues.getIamPolicy
resourcemanager.tagValues.list
resourcemanager.tagValues.setIamPolicy
resourcemanager.tagValues.update

Cloud IAM changes as of 2022-05-27

Service Change Description
AlloyDB for PostgreSQL Now GA

The role roles/alloydb.serviceAgent (AlloyDB Service Agent) is now GA.

Compute Engine Role Updated

The following permissions have been added to the role roles/compute.serviceAgent (Compute Engine Service Agent):

compute.addresses.use
compute.addresses.useInternal
compute.disks.create
compute.disks.setLabels
compute.disks.use
compute.disks.useReadOnly
compute.images.useReadOnly
compute.instanceTemplates.useReadOnly
compute.instances.create
compute.instances.createTagBinding
compute.instances.setDeletionProtection
compute.instances.setLabels
compute.instances.setMetadata
compute.instances.setServiceAccount
compute.instances.setTags
compute.instances.updateDisplayDevice
compute.machineImages.useReadOnly
compute.networks.use
compute.networks.useExternalIp
compute.resourcePolicies.use
compute.snapshots.useReadOnly
compute.subnetworks.use
compute.subnetworks.useExternalIp
Dataflow Role Updated

The following permissions have been added to the role roles/dataflow.worker (Dataflow Worker):

monitoring.timeSeries.create
Live Stream Role Updated

The following permissions have been added to the role roles/livestream.serviceAgent (Live Stream Service Agent):

storage.objects.get
storage.objects.list
Cloud Run Role Updated

The following permissions have been added to the role roles/run.serviceAgent (Cloud Run Service Agent):

compute.addresses.createInternal
compute.addresses.deleteInternal
compute.addresses.get
compute.addresses.list
compute.subnetworks.get
compute.subnetworks.use
Cloud Run Role Updated

The following permissions have been added to the role roles/serverless.serviceAgent (Cloud Run Service Agent):

compute.addresses.createInternal
compute.addresses.deleteInternal
compute.addresses.get
compute.addresses.list
compute.subnetworks.get
compute.subnetworks.use
AI Platform Added aiplatform.entityTypes.getIamPolicy
aiplatform.entityTypes.setIamPolicy
aiplatform.featurestores.getIamPolicy
aiplatform.featurestores.setIamPolicy
Container Security Added containersecurity.locations.get
containersecurity.locations.list
Network Management API Added networkmanagement.config.get
networkmanagement.config.startFreeTrial
networkmanagement.config.update
Network Management API Supported In Custom Roles networkmanagement.config.get
networkmanagement.config.startFreeTrial
networkmanagement.config.update
Network Management API Now GA networkmanagement.config.get
networkmanagement.config.startFreeTrial
networkmanagement.config.update
Network Services Added networkservices.tlsRoutes.create
networkservices.tlsRoutes.delete
networkservices.tlsRoutes.get
networkservices.tlsRoutes.list
networkservices.tlsRoutes.update
networkservices.tlsRoutes.use
Network Services Supported In Custom Roles networkservices.tlsRoutes.create
networkservices.tlsRoutes.delete
networkservices.tlsRoutes.get
networkservices.tlsRoutes.list
networkservices.tlsRoutes.update
networkservices.tlsRoutes.use
reCAPTCHA Enterprise Added recaptchaenterprise.keys.retrievelegacysecretkey
Transfer Appliance Added transferappliance.appliances.create
transferappliance.appliances.delete
transferappliance.appliances.get
transferappliance.appliances.list
transferappliance.appliances.update
transferappliance.locations.get
transferappliance.locations.list
transferappliance.operations.cancel
transferappliance.operations.delete
transferappliance.operations.get
transferappliance.operations.list
transferappliance.orders.create
transferappliance.orders.delete
transferappliance.orders.get
transferappliance.orders.list
transferappliance.orders.update
Transfer Appliance Supported In Custom Roles transferappliance.appliances.create
transferappliance.appliances.delete
transferappliance.appliances.get
transferappliance.appliances.list
transferappliance.appliances.update
transferappliance.locations.get
transferappliance.locations.list
transferappliance.operations.cancel
transferappliance.operations.delete
transferappliance.operations.get
transferappliance.operations.list
transferappliance.orders.create
transferappliance.orders.delete
transferappliance.orders.get
transferappliance.orders.list
transferappliance.orders.update

Cloud IAM changes as of 2022-05-20

Service Change Description
Anthos Service Mesh Role Updated

The following permissions have been added to the role roles/anthosservicemesh.serviceAgent (Anthos Service Mesh Service Agent):

container.jobs.create
container.jobs.delete
container.jobs.get
container.jobs.list
container.jobs.update
Backup for GKE Role Updated

The following permissions have been added to the role roles/gkebackup.serviceAgent (Backup for GKE Service Agent):

compute.disks.list
compute.disks.setLabels
AI Platform Added aiplatform.humanInTheLoops.queryAnnotationStats
Bare Metal Solution Added baremetalsolution.luns.create
baremetalsolution.luns.delete
baremetalsolution.luns.update
baremetalsolution.volumes.create
baremetalsolution.volumes.delete
Bare Metal Solution Supported In Custom Roles baremetalsolution.luns.create
baremetalsolution.luns.delete
baremetalsolution.luns.update
baremetalsolution.volumes.create
baremetalsolution.volumes.delete
Bare Metal Solution Now GA baremetalsolution.luns.create
baremetalsolution.luns.delete
baremetalsolution.luns.update
baremetalsolution.volumes.create
baremetalsolution.volumes.delete
BigQuery Added bigquery.datasets.createTagBinding
bigquery.datasets.deleteTagBinding
bigquery.datasets.listTagBindings
BigQuery Supported In Custom Roles bigquery.datasets.createTagBinding
bigquery.datasets.deleteTagBinding
bigquery.datasets.listTagBindings
Recommender Added recommender.containerDiagnosisInsights.get
recommender.containerDiagnosisInsights.list
recommender.containerDiagnosisInsights.update
recommender.containerDiagnosisRecommendations.get
recommender.containerDiagnosisRecommendations.list
recommender.containerDiagnosisRecommendations.update
Recommender Supported In Custom Roles recommender.containerDiagnosisInsights.get
recommender.containerDiagnosisInsights.list
recommender.containerDiagnosisInsights.update
recommender.containerDiagnosisRecommendations.get
recommender.containerDiagnosisRecommendations.list
recommender.containerDiagnosisRecommendations.update
Service Security Insights Added servicesecurityinsights.securityInfo.list
Service Security Insights Supported In Custom Roles servicesecurityinsights.securityInfo.list

Cloud IAM changes as of 2022-05-13

Service Change Description
Assured Workloads Role Updated

The following permissions have been added to the role roles/assuredworkloads.admin (Assured Workloads Administrator):

logging.cmekSettings.update
Maps Admin Now GA

The role roles/mapsadmin.admin (Maps API Admin) is now GA.

Maps Admin Now GA

The role roles/mapsadmin.viewer (Maps API Viewer) is now GA.

Security Command Center Role Updated

The following permissions have been added to the role roles/securitycenter.controlServiceAgent (Security Center Control Service Agent):

orgpolicy.policies.list
Security Command Center Role Updated

The following permissions have been added to the role roles/securitycenter.serviceAgent (Security Center Service Agent):

orgpolicy.policies.list
Service Security Insights Role Added

The role roles/servicesecurityinsights.securityInsightsViewer (Security Insights Viewer) has been added with the following permissions:

servicesecurityinsights.clusterSecurityInfo.get
servicesecurityinsights.clusterSecurityInfo.list
servicesecurityinsights.clusters.get
servicesecurityinsights.clusters.list
servicesecurityinsights.googleapis.com/clusterSecurityInfo.get
servicesecurityinsights.googleapis.com/clusterSecurityInfo.list
servicesecurityinsights.googleapis.com/clusters.get
servicesecurityinsights.googleapis.com/clusters.list
servicesecurityinsights.googleapis.com/locations.get
servicesecurityinsights.googleapis.com/locations.list
servicesecurityinsights.googleapis.com/namespaces.get
servicesecurityinsights.googleapis.com/namespaces.list
servicesecurityinsights.googleapis.com/policies.get
servicesecurityinsights.googleapis.com/policyTypes.get
servicesecurityinsights.googleapis.com/policyTypes.list
servicesecurityinsights.googleapis.com/projectStates.get
servicesecurityinsights.googleapis.com/securityInfo.list
servicesecurityinsights.googleapis.com/securityViews.get
servicesecurityinsights.googleapis.com/workloadPolicies.list<