This page documents production updates to Policy Intelligence. Check this page for announcements about new or updated features, bug fixes, known issues, and deprecated functionality.
You can see the latest product updates for all of Google Cloud on the Google Cloud page, browse and filter all release notes in the Google Cloud console, or programmatically access release notes in BigQuery.
August 15, 2024
The IAM recommender generates policy insights and role recommendations for the following identities:
- All identities in a workload identity pool
- Single identity in a workload identity pool
- All identities in a workforce identity pool
- Single identity in a workforce identity pool
- All Google Kubernetes Engine Pods that use a specific Kubernetes service account
To learn more, see Availability. This feature is generally available.
July 03, 2024
You can use Policy Troubleshooter to troubleshoot principal access boundary policies. This feature is available in Preview.
May 31, 2024
Activity Analyzer checks service activation and quota for the project that you're using to analyze access (the client project) instead of the projects whose resources you're analyzing (the resource projects). As a result, you only need to enable the Policy Analyzer API in your client project, not in your resource projects.
May 17, 2024
The IAM recommender generates policy insights and role recommendations for identities in Workload Identity Federation pools. To learn more, see Availability. This feature is available in Preview.
During Preview, the actual observation period might be shorter than the observation period listed in recommendations for these principals.
May 03, 2024
Some Policy Intelligence features are only available for customers with organization-level activations of Security Command Center. For more information, see Billing questions.
April 01, 2024
Policy Troubleshooter for IAM currently doesn't fetch tags for regional resources, such as Google Kubernetes Engine (GKE) clusters. As a result, if you have IAM policies with tag-based conditions and you try to use Policy Troubleshooter to troubleshoot access to regional resources, you might get inaccurate results. Our engineering team is working to resolve this issue.
February 26, 2024
The IAM recommender offers role recommendations for BigQuery datasets. Role recommendations help you reduce excess permissions by suggesting role changes based on actual permission usage. This feature is available in Preview.
January 12, 2024
The requirement that customers have organization-level activations of Security Command Center to use certain Policy Intelligence features has been delayed until April 29, 2024. For more information about which features are affected by this change, see Billing questions.
November 07, 2023
You can use the Google Cloud console to analyze organization policies. This feature is available in Preview.
September 28, 2023
After January 15, 2024, some Policy Intelligence features will only be available for customers with organization-level activations of Security Command Center. For more information, see Billing questions.
Using Policy Troubleshooter to troubleshoot deny policies is generally available.
July 05, 2023
You can use Policy Troubleshooter to troubleshoot deny policies. This feature is in Preview.
January 24, 2023
Configurable IAM recommendations are now generally available. With configurable IAM recommendations, you can set the minimum observation period for the IAM recommender to 30 or 60 days instead of the default period of 90 days.
December 12, 2022
You can now use the Google Cloud console to write IAM policy analysis results to BigQuery. This feature is generally available.
December 05, 2022
You can now set the minimum observation period for the IAM recommender to 30 or 60 days instead of the default period of 90 days. For more information, see Configure role recommendation generation. This feature is available in Preview.
November 18, 2022
Policy Analyzer now offers organization policy analysis. Policy Analyzer helps you get more information about the resources affected by an organization policy constraint. This feature is available in Preview.
November 10, 2022
Role recommendations and policy insights for Cloud Storage buckets are now generally available. Additionally, you can now use the Google Cloud console to review bucket-level role recommendations and policy insights.
August 30, 2022
The user interface for Policy Troubleshooter in the Cloud console has been updated to improve usability. To view the new user interface, visit the Policy Troubleshooter page in the Cloud console.
July 08, 2022
Recommender now offers role recommendations for Cloud Storage buckets. Role recommendations help you reduce excess permissions by suggesting role changes based on actual permission usage. This feature is available in Preview.
July 01, 2022
Lateral movement insights, which identify roles that allow a service account in one project to impersonate a service account in another project, are now generally available.
June 27, 2022
In the Cloud console, Policy Troubleshooter for IAM allow policies now reports if there are deny policies that could affect a principal's access.