This page documents production updates to Cloud Identity and Access Management. Check this page for announcements about new or updated features, bug fixes, known issues, and deprecated functionality.
To get the latest product updates delivered to you, add the URL of this page to your
reader, or add the feed URL directly:
December 17, 2019
December 13, 2019
On December 9, we announced that Cloud IAM policies would now identify deleted members. We have temporarily reverted this change. Cloud IAM policies no longer identify deleted members.
December 12, 2019
Cloud IAM Conditions are now available in public beta. You can use Cloud IAM Conditions to define and enforce conditional, attribute-based access control for Google Cloud resources.
December 09, 2019
Cloud IAM policies now identify deleted members that are bound to a role. Deleted members have the prefix
deleted: and the suffix
For example, if you delete the account for the user
firstname.lastname@example.org, and a policy binds that user to a role, the policy shows an identifier similar to
SetIamPolicy requests, you can use this new syntax starting today. For
SetIamPolicy responses, because we are still rolling out this change, you might see the new prefix and suffix in some, but not all, responses. We expect to complete the rollout by December 13, 2019.
If a binding in a policy refers to a deleted member (for example,
deleted:user:email@example.com?uid=123456789012345678901), you cannot add a binding for a newly created member with the same name (in this case,
user:firstname.lastname@example.org). If you try to add a binding for the newly created member, Cloud IAM will apply the binding to the deleted member instead.
August 20, 2019
March 28, 2019
June 29, 2018
You can now create short-lived service account credentials with the Service Account Credentials API, available in beta.
February 27, 2018
You can now learn how to configure Cloud IAM roles to facilitate audit logging.
January 31, 2018
For more information, see the following topics:
September 27, 2017
Custom roles are now available in beta. You can create a custom Cloud IAM role with one or more permissions, then grant that custom role to users in your organization.
September 14, 2017
You can now refer to the IAM permissions change log to determine what permissions have changed recently. Use this change log to help you maintain and troubleshoot your custom roles.
July 06, 2017
You can now learn how to configure IAM roles for networking-related job functions.
June 28, 2017
Custom roles are now available in a public alpha. You can create a custom Cloud IAM role with one or more permissions, then grant that custom role to users in your organization.
May 24, 2017
You can now learn how to configure IAM roles for billing-related job functions.
March 08, 2017
Custom roles are now available in a private alpha. You can create a custom Cloud IAM role with one or more permissions, then grant that custom role to users in your organization.
May 10, 2016
Cloud IAM is now generally available.
March 28, 2016
March 08, 2016
Cloud IAM is now available in beta.