This page describes changes to the public Identity and Access Management (IAM) permissions for all Generally Available (GA) and Preview services on Google Cloud. This change log can help you maintain and troubleshoot your custom roles.
When a permission is added, IAM does not automatically add the permission to your custom roles.
For changes that occurred before 2022, see Archived permissions change log.You can see the latest product updates for all of Google Cloud on the Google Cloud page, browse and filter all release notes in the Google Cloud console, or programmatically access release notes in BigQuery.
To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly.
Upcoming IAM changes for the week of 2025-10-20
| Service | Description |
|---|---|
| Vertex AI |
The following permissions have been added to the Vertex AI Reasoning Engine Service Agent role (
|
| AlloyDB for PostgreSQL |
The AlloyDB Admin role ( |
| AlloyDB for PostgreSQL |
The AlloyDB Client role ( |
| AlloyDB for PostgreSQL |
The AlloyDB Database User role ( |
| AlloyDB for PostgreSQL |
The AlloyDB Viewer role ( |
| App Engine |
The following permissions have been added to the App Engine Standard Environment Service Agent role (
|
| Backup and Disaster Recovery |
The following permissions have been added to the Backup and DR Service Agent role (
|
| Customer Engagement Suite with Google AI |
The following permissions have been added to the Customer Engagement Suite Admin role (
|
| Customer Engagement Suite with Google AI |
The following permissions have been added to the Customer Engagement Suite Viewer role (
|
| Conversational Insights |
The Contact Center AI Insights Admin role ( |
| Application Design Center |
The following permissions have been added to the DesignCenter Service Agent role (
|
| Developer Connect |
The following permissions have been added to the Developer Connect Service Agent role (
|
| Firebase |
The following permissions have been added to the Firebase Service Management Service Agent role (
|
| Network Security |
The Network Security Authz Service Agent role ( |
| Secure Source Manager |
The Secure Source Manager Admin role ( |
| Secure Source Manager |
The Secure Source Manager Instance Accessor role ( |
| Secure Source Manager |
The Secure Source Manager Instance Manager role ( |
| Secure Source Manager |
The Secure Source Manager Instance Owner role ( |
| Secure Source Manager |
The Secure Source Manager Instance Repository Creator role ( |
| Secure Source Manager |
The Secure Source Manager Repository Admin role ( |
| Secure Source Manager |
The Secure Source Manager Repository Creator role ( |
| Secure Source Manager |
The Secure Source Manager Repository Pull Request Approver role ( |
| Secure Source Manager |
The Secure Source Manager Repository Reader role ( |
| Secure Source Manager |
The Secure Source Manager Repository Writer role ( |
| Secure Source Manager |
The Secure Source Manager SSH Key User role ( |
| Security Command Center |
The Security Center Risk Reports Viewer role ( |
| AlloyDB for PostgreSQL |
The following permissions have reached General Availability (GA):
|
| BigQuery |
The following permissions are supported in custom roles:
|
| Google Security Operations |
The following permissions have been added:
|
| Google Security Operations |
The following permissions are supported in custom roles:
|
| Compute Engine |
The following permissions have been added:
|
| Compute Engine |
The following permissions have reached General Availability (GA):
|
| Conversational Insights |
The following permissions have been added:
|
| Conversational Insights |
The following permissions are supported in custom roles:
|
| Conversational Insights |
The following permissions have reached General Availability (GA):
|
| Dataplex Universal Catalog |
The following permissions have been added:
|
| Dataplex Universal Catalog |
The following permissions are supported in custom roles:
|
| Dataplex Universal Catalog |
The following permissions have reached General Availability (GA):
|
| Secure Source Manager |
The following permissions have reached General Availability (GA):
|
| Security Command Center |
The following permissions have been added:
|
| Security Command Center |
The following permissions have reached General Availability (GA):
|
| Service Usage |
The following permissions have been added:
|
IAM changes as of 2025-10-17
| Service | Description |
|---|---|
| Vertex AI |
The following permissions have been added to the Vertex AI Reasoning Engine Service Agent role (
|
| AlloyDB for PostgreSQL |
The AlloyDB Admin role ( |
| AlloyDB for PostgreSQL |
The AlloyDB Client role ( |
| AlloyDB for PostgreSQL |
The AlloyDB Database User role ( |
| AlloyDB for PostgreSQL |
The AlloyDB Viewer role ( |
| Apigee |
The following permissions have been added to the Apigee Organization Admin role (
|
| Apigee |
The following permissions have been added to the Apigee API Admin role (
|
| Apigee |
The following permissions have been added to the Apigee Environment Admin role (
|
| Apigee |
The following permissions have been added to the Apigee Read-only Admin role (
|
| Apigee |
The following permissions have been added to the Apigee Space Content Editor role (
|
| App Engine |
The following permissions have been added to the App Engine Standard Environment Service Agent role (
|
| Backup and Disaster Recovery |
The following permissions have been added to the Backup and DR Service Agent role (
|
| BigQuery Data Transfer Service |
The following permissions have been added to the BigQuery Data Transfer Service Agent role (
|
| Customer Engagement Suite with Google AI |
The Customer Engagement Suite Service Agent role ( |
| Customer Engagement Suite with Google AI |
The following permissions have been added to the Customer Engagement Suite Admin role (
|
| Customer Engagement Suite with Google AI |
The following permissions have been added to the Customer Engagement Suite Viewer role (
|
| Google Security Operations |
The following permissions have been added to the Chronicle API Admin role (
|
| Google Security Operations |
The following permissions have been added to the Chronicle API Editor role (
|
| Google Security Operations |
The following permissions have been added to the Chronicle API Limited Viewer role (
|
| Google Security Operations |
The following permissions have been added to the Chronicle SOAR Admin role (
|
| Google Security Operations |
The following permissions have been added to the Chronicle API Viewer role (
|
| Compute Engine |
The following permissions have been added to the Compute Engine Service Agent role (
|
| Conversational Insights |
The Contact Center AI Insights Admin role ( |
| Conversational Insights |
The following permissions have been added to the Contact Center AI Insights Admin role (
|
| Conversational Insights |
The following permissions have been added to the Contact Center AI Insights editor role (
|
| Database Migration Service |
The following permissions have been added to the Database Migration Service Agent role (
|
| Firestore |
The following permissions have been added to the Cloud Datastore Owner role (
|
| Firestore |
The following permissions have been added to the Cloud Datastore User role (
|
| Firestore |
The following permissions have been added to the Cloud Datastore Viewer role (
|
| Application Design Center |
The following permissions have been added to the DesignCenter Service Agent role (
|
| Developer Connect |
The following permissions have been added to the Developer Connect Service Agent role (
|
| Discovery Engine |
The following permissions have been added to the Agent Admin role (
|
| Sensitive Data Protection |
The following permissions have been added to the DLP API Service Agent role (
|
| Data Security Posture Management |
The Data Security Posture Management Admin role ( |
| Data Security Posture Management |
The Data Security Posture Management Viewer role ( |
| Distributed Cloud Edge Container |
The following permissions have been added to the Edge Container Service Agent role (
|
| Basic Role |
The following permissions have been added to the Editor role (
|
| Firebase |
The following permissions have been added to the Firebase Admin role (
|
| Firebase |
The following permissions have been added to the Firebase Develop Admin role (
|
| Firebase |
The following permissions have been added to the Firebase Service Management Service Agent role (
|
| Firebase |
The following permissions have been added to the Firebase Admin SDK Administrator Service Agent role (
|
| Identity and Access Management |
The following permissions have been added to the Support User role (
|
| Network Security |
The Network Security Authz Service Agent role ( |
| Basic Role |
The following permissions have been added to the Owner role (
|
| Secure Source Manager |
The Secure Source Manager Admin role ( |
| Secure Source Manager |
The Secure Source Manager Instance Accessor role ( |
| Secure Source Manager |
The Secure Source Manager Instance Manager role ( |
| Secure Source Manager |
The Secure Source Manager Instance Owner role ( |
| Secure Source Manager |
The Secure Source Manager Instance Repository Creator role ( |
| Secure Source Manager |
The Secure Source Manager Repository Admin role ( |
| Secure Source Manager |
The Secure Source Manager Repository Creator role ( |
| Secure Source Manager |
The Secure Source Manager Repository Pull Request Approver role ( |
| Secure Source Manager |
The Secure Source Manager Repository Reader role ( |
| Secure Source Manager |
The Secure Source Manager Repository Writer role ( |
| Secure Source Manager |
The Secure Source Manager SSH Key User role ( |
| Security Command Center |
The Security Center Risk Reports Viewer role ( |
| Basic Role |
The following permissions have been added to the Viewer role (
|
| Cloud Workstations |
The following permissions have been added to the Workstations Service Agent role (
|
| AlloyDB for PostgreSQL |
The following permissions have reached General Availability (GA):
|
| Apigee |
The following permissions have been added:
|
| BigQuery |
The following permissions are supported in custom roles:
|
| Google Security Operations |
The following permissions have been added:
|
| Google Security Operations |
The following permissions are supported in custom roles:
|
| Cloud SQL |
The following permissions have been added:
|
| Cloud SQL |
The following permissions have reached General Availability (GA):
|
| Compute Engine |
The following permissions have been added:
|
| Compute Engine |
The following permissions have reached General Availability (GA):
|
| Conversational Insights |
The following permissions have been added:
|
| Conversational Insights |
The following permissions are supported in custom roles:
|
| Conversational Insights |
The following permissions have reached General Availability (GA):
|
| Dataplex Universal Catalog |
The following permissions have been added:
|
| Dataplex Universal Catalog |
The following permissions are supported in custom roles:
|
| Dataplex Universal Catalog |
The following permissions have reached General Availability (GA):
|
| Dialogflow |
The following permissions have been added:
|
| Dialogflow |
The following permissions have reached General Availability (GA):
|
| Data Security Posture Management |
The following permissions have reached General Availability (GA):
|
| Google Earth |
The following permissions have been added:
|
| Google Earth |
The following permissions are supported in custom roles:
|
| GKE Multi-Cloud |
The following permissions have been added:
|
| GKE Multi-Cloud |
The following permissions have reached General Availability (GA):
|
| Cloud Healthcare API |
The following permissions have been added:
|
| Cloud Healthcare API |
The following permissions are supported in custom roles:
|
| Cloud Healthcare API |
The following permissions have reached General Availability (GA):
|
| Network Management API |
The following permissions have been added:
|
| Network Management API |
The following permissions have reached General Availability (GA):
|
| Oracle Database@Google Cloud |
The following permissions have been added:
|
| Oracle Database@Google Cloud |
The following permissions are supported in custom roles:
|
| Oracle Database@Google Cloud |
The following permissions have reached General Availability (GA):
|
| Pub/Sub |
The following permissions have been added:
|
| Pub/Sub |
The following permissions have reached General Availability (GA):
|
| Secure Source Manager |
The following permissions have reached General Availability (GA):
|
| Security Command Center |
The following permissions have been added:
|
| Security Command Center |
The following permissions have reached General Availability (GA):
|
| Service Usage |
The following permissions have been added:
|
IAM changes as of 2025-10-10
| Service | Description |
|---|---|
| Apigee |
The following permissions have been added to the Apigee Organization Admin role (
|
| Apigee |
The following permissions have been added to the Apigee API Admin role (
|
| Apigee |
The following permissions have been added to the Apigee Environment Admin role (
|
| Apigee |
The following permissions have been added to the Apigee Read-only Admin role (
|
| Apigee |
The following permissions have been added to the Apigee Space Content Editor role (
|
| BigQuery Data Transfer Service |
The following permissions have been added to the BigQuery Data Transfer Service Agent role (
|
| Customer Engagement Suite with Google AI |
The Customer Engagement Suite Service Agent role ( |
| Google Security Operations |
The following permissions have been added to the Chronicle SOAR Admin role (
|
| Compute Engine |
The following permissions have been added to the Compute Engine Service Agent role (
|
| Database Migration Service |
The following permissions have been added to the Database Migration Service Agent role (
|
| Firestore |
The following permissions have been added to the Cloud Datastore Owner role (
|
| Firestore |
The following permissions have been added to the Cloud Datastore User role (
|
| Firestore |
The following permissions have been added to the Cloud Datastore Viewer role (
|
| Application Design Center |
The following permissions have been added to the DesignCenter Service Agent role (
|
| Discovery Engine |
The following permissions have been added to the Agent Admin role (
|
| Sensitive Data Protection |
The following permissions have been added to the DLP API Service Agent role (
|
| Data Security Posture Management |
The Data Security Posture Management Admin role ( |
| Data Security Posture Management |
The Data Security Posture Management Viewer role ( |
| Distributed Cloud Edge Container |
The following permissions have been added to the Edge Container Service Agent role (
|
| Basic Role |
The following permissions have been added to the Editor role (
|
| Firebase |
The following permissions have been added to the Firebase Admin role (
|
| Firebase |
The following permissions have been added to the Firebase Develop Admin role (
|
| Firebase |
The following permissions have been added to the Firebase Admin SDK Administrator Service Agent role (
|
| Identity and Access Management |
The following permissions have been added to the Support User role (
|
| Basic Role |
The following permissions have been added to the Owner role (
|
| Basic Role |
The following permissions have been added to the Viewer role (
|
| Cloud Workstations |
The following permissions have been added to the Workstations Service Agent role (
|
| Apigee |
The following permissions have been added:
|
| Google Security Operations |
The following permissions have been added:
|
| Google Security Operations |
The following permissions are supported in custom roles:
|
| Cloud SQL |
The following permissions have been added:
|
| Cloud SQL |
The following permissions have reached General Availability (GA):
|
| Compute Engine |
The following permissions have reached General Availability (GA):
|
| Conversational Insights |
The following permissions have been added:
|
| Conversational Insights |
The following permissions are supported in custom roles:
|
| Dataplex Universal Catalog |
The following permissions have been added:
|
| Dataplex Universal Catalog |
The following permissions are supported in custom roles:
|
| Dialogflow |
The following permissions have been added:
|
| Dialogflow |
The following permissions have reached General Availability (GA):
|
| Data Security Posture Management |
The following permissions have reached General Availability (GA):
|
| Google Earth |
The following permissions have been added:
|
| Google Earth |
The following permissions are supported in custom roles:
|
| GKE Multi-Cloud |
The following permissions have been added:
|
| GKE Multi-Cloud |
The following permissions have reached General Availability (GA):
|
| Cloud Healthcare API |
The following permissions have been added:
|
| Cloud Healthcare API |
The following permissions are supported in custom roles:
|
| Cloud Healthcare API |
The following permissions have reached General Availability (GA):
|
| Network Management API |
The following permissions have been added:
|
| Network Management API |
The following permissions have reached General Availability (GA):
|
| Oracle Database@Google Cloud |
The following permissions have been added:
|
| Oracle Database@Google Cloud |
The following permissions are supported in custom roles:
|
| Oracle Database@Google Cloud |
The following permissions have reached General Availability (GA):
|
| Pub/Sub |
The following permissions have been added:
|
| Pub/Sub |
The following permissions have reached General Availability (GA):
|
IAM Changes as of 2025-09-22
| Service | Description |
|---|---|
| AlloyDB for PostgreSQL |
The following permissions have been added to the Cloud AlloyDB Admin role (
|
| Apigee |
The following permissions have been added to the Apigee Service Agent role (
|
| Recommendations |
The following permissions have been added to the Recommendations AI Service Agent role (
|
| BigQuery Connection API |
The following permissions have been added to the BigQuery Connection Service Agent role (
|
| Gemini for Google Cloud API |
The Gemini for Google Cloud individual User role ( |
| Cloud Hub |
The following permissions have been added to the Cloud Hub Operator role (
|
| Cloud TPU |
The following permissions have been added to the Cloud TPU V2 API Service Agent role (
|
| Cloud Composer |
The following permissions have been added to the Cloud Composer API Service Agent role (
|
| Cloud Composer |
The following permissions have been added to the Composer Worker role (
|
| Dataflow |
The following permissions have been added to the Cloud Dataflow Service Agent role (
|
| Cloud Data Fusion |
The following permissions have been added to the Cloud Data Fusion API Service Agent role (
|
| Dataplex Universal Catalog |
The following permissions have been added to the Cloud Dataplex Service Agent role (
|
| Dataproc |
The following permissions have been added to the Dataproc Worker role (
|
| Dialogflow |
The following permissions have been added to the Dialogflow Service Agent role (
|
| Sensitive Data Protection |
The following permissions have been added to the DLP API Service Agent role (
|
| Data Security Posture Management |
The following permissions have been added to the DSPM Service Agent role (
|
| Filestore |
The following permissions have been added to the Cloud Filestore Service Agent role (
|
| Firebase App Hosting |
The following permissions have been added to the Firebase App Hosting Compute Runner role (
|
| GKE Multi-Cloud |
The following permissions have been added to the Anthos Multi-Cloud Container Service Agent role (
|
| GKE Multi-Cloud |
The following permissions have been added to the Anthos Multi-cloud Telemetry Writer role (
|
| Cloud Healthcare API |
The following permissions have been added to the Healthcare Service Agent role (
|
| Identity and Access Management |
The following permissions have been added to the Databases Admin role (
|
| Identity and Access Management |
The following permissions have been added to the Data Scientist role (
|
| Identity and Access Management |
The following permissions have been added to the Dev Ops role (
|
| Identity and Access Management |
The following permissions have been added to the Infrastructure Administrator role (
|
| Identity and Access Management |
The following permissions have been added to the Network Administrator role (
|
| Identity and Access Management |
The following permissions have been added to the Site Reliability Engineer role (
|
| Managed Service for Microsoft Active Directory |
The following permissions have been added to the Cloud Managed Identities Service Agent role (
|
| Memorystore for Memcached |
The following permissions have been added to the Cloud Memorystore Memcached Service Agent role (
|
| Memorystore |
The following permissions have been added to the Cloud Memorystore Service Agent role (
|
| Cloud Service Mesh control plane |
The following permissions have been added to the Mesh Managed Control Plane Service Agent role (
|
| Cloud Service Mesh |
The following permissions have been added to the Mesh Data Plane Service Agent role (
|
| Cloud Monitoring |
The following permissions have been added to the Monitoring Admin role (
|
| Cloud Monitoring |
The following permissions have been added to the Monitoring Editor role (
|
| Cloud Monitoring |
The following permissions have been added to the Monitoring Metric Writer role (
|
| Memorystore for Redis |
The following permissions have been added to the Cloud Memorystore Redis Service Agent role (
|
| Retail API |
The following permissions have been added to the Retail Service Agent role (
|
| Cloud TPU |
The following permissions have been added to the Cloud TPU API Service Agent role (
|
| Vector Search |
The Vector Search Admin role ( |
| Vector Search |
The Vector Search Collection Writer role ( |
| Vector Search |
The Vector Search DataObject Writer role ( |
| Vector Search |
The Vector Search Index Writer role ( |
| Vector Search |
The Vector Search Viewer role ( |
| Customer Engagement Suite with Google AI |
The following permissions have been added:
|
| Customer Engagement Suite with Google AI |
The following permissions are supported in custom roles:
|
| Gemini for Google Cloud API |
The following permissions are supported in custom roles:
|
| Compute Engine |
The following permissions have been added:
|
| Compute Engine |
The following permissions are supported in custom roles:
|
| Compute Engine |
The following permissions have reached General Availability (GA):
|
| Data Lineage API |
The following permissions have reached General Availability (GA):
|
| Dataplex Universal Catalog |
The following permissions have been added:
|
| Dataplex Universal Catalog |
The following permissions are supported in custom roles:
|
| Discovery Engine |
The following permissions have been added:
|
| Discovery Engine |
The following permissions are supported in custom roles:
|
| Discovery Engine |
The following permissions have reached General Availability (GA):
|
| Gemini Cloud Assist |
The following permissions have been added:
|
| Gemini Cloud Assist |
The following permissions are supported in custom roles:
|
| Network Services |
The following permissions have been added:
|
| Network Services |
The following permissions are supported in custom roles:
|
| Vector Search |
The following permissions have been added:
|
| Vector Search |
The following permissions are supported in custom roles:
|
| Vector Search |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2025-09-19
| Service | Description |
|---|---|
| Artifact Registry |
The following permissions have been added to the Artifact Registry Create-on-Push Writer role (
|
| Artifact Registry |
The following permissions have been added to the Artifact Registry Writer role (
|
| Cloud SQL |
The following permissions have been added to the Cloud SQL Instance User role (
|
| Discovery Engine |
The following permissions have been added to the Discovery Engine Service Agent role (
|
| Sensitive Data Protection |
The following permissions have been added to the DLP Organization Data Profiles Driver role (
|
| Sensitive Data Protection |
The following permissions have been added to the DLP Project Data Profiles Driver role (
|
| Firebase |
The following permissions have been added to the Firebase Admin SDK Administrator Service Agent role (
|
| Firebase App Hosting |
The following permissions have been added to the Firebase App Hosting Compute Runner role (
|
| Firebase Cloud Messaging |
The Firebase Cloud Messaging API Admin role ( |
| Identity and Access Management |
The following permissions have been added to the Dev Ops role (
|
| Security Command Center |
The following permissions have been added to the Security Center Control Service Agent role (
|
| Security Command Center |
The following permissions have been added to the Security Center Service Agent role (
|
| API Hub |
The following permissions have been added:
|
| Compute Engine |
The following permissions have been added:
|
| Compute Engine |
The following permissions are supported in custom roles:
|
| Compute Engine |
The following permissions have reached General Availability (GA):
|
| Firebase Data Connect |
The following permissions have been added:
|
| Firebase Data Connect |
The following permissions are supported in custom roles:
|
IAM changes as of 2025-09-12
| Service | Description |
|---|---|
| Vertex AI |
The following permissions have been added to the Vertex AI Service Agent role (
|
| Apigee |
The following permissions have been added to the Apigee Organization Admin role (
|
| API Hub |
The following permissions have been added to the Cloud API Hub Admin role (
|
| App Engine |
The following permissions have been added to the App Engine Standard Environment Service Agent role (
|
| BigQuery |
The Connected Sheets Service Agent role ( |
| Gemini Code Assist Management |
The Gemini Code Assist Management Service Agent role ( |
| Identity and Access Management |
The Databases Admin role ( |
| Identity and Access Management |
The Data Scientist role ( |
| Identity and Access Management |
The Dev Ops role ( |
| Identity and Access Management |
The Infrastructure Administrator role ( |
| Identity and Access Management |
The ML Engineer role ( |
| Identity and Access Management |
The Network Administrator role ( |
| Identity and Access Management |
The Security Auditor role ( |
| Identity and Access Management |
The Site Reliability Engineer role ( |
| Identity and Access Management |
The Support User role ( |
| Google Cloud Managed Service for Apache Kafka |
The Managed Kafka ACL Editor role ( |
| Google Cloud Managed Service for Apache Kafka |
The Managed Kafka ACL Viewer role ( |
| Network Connectivity Center |
The following permissions have been added to the Network Connectivity Service Agent role (
|
| Oracle Database@Google Cloud |
The Oracle Database@Google Cloud Container Database Viewer role ( |
| Oracle Database@Google Cloud |
The Oracle Database@Google Cloud DB System Admin role ( |
| Oracle Database@Google Cloud |
The Oracle Database@Google Cloud DB System Viewer role ( |
| Oracle Database@Google Cloud |
The Oracle Database@Google Cloud Pluggable Database Viewer role ( |
| API Hub |
The following permissions have been added:
|
| API Hub |
The following permissions are supported in custom roles:
|
| Backup and Disaster Recovery |
The following permissions have been added:
|
| Backup and Disaster Recovery |
The following permissions are supported in custom roles:
|
| Compute Engine |
The following permissions have reached General Availability (GA):
|
| Data Lineage API |
The following permissions have been added:
|
| Data Lineage API |
The following permissions are supported in custom roles:
|
| Firebase App Hosting |
The following permissions have been added:
|
| Firebase App Hosting |
The following permissions are supported in custom roles:
|
| Google Cloud Managed Service for Apache Kafka |
The following permissions have been added:
|
| Google Cloud Managed Service for Apache Kafka |
The following permissions are supported in custom roles:
|
| Google Cloud Managed Service for Apache Kafka |
The following permissions have reached General Availability (GA):
|
| Cloud Monitoring |
The following permissions have been added:
|
| Cloud Monitoring |
The following permissions are supported in custom roles:
|
| Oracle Database@Google Cloud |
The following permissions have been added:
|
| Oracle Database@Google Cloud |
The following permissions are supported in custom roles:
|
| Oracle Database@Google Cloud |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2025-09-05
| Service | Description |
|---|---|
| Artifact Registry |
The Artifact Registry Attachment Reader role ( |
| Artifact Registry |
The Artifact Registry Attachment Writer role ( |
| Cloud Build |
The following permissions have been added to the Cloud Build Service Account role (
|
| Cloud Build |
The following permissions have been added to the Cloud Build Service Agent role (
|
| Application Design Center |
The following permissions have been added to the DesignCenter Service Agent role (
|
| AlloyDB for PostgreSQL |
The following permissions have been added:
|
| AlloyDB for PostgreSQL |
The following permissions are supported in custom roles:
|
| Cloud Key Management Service |
The following permissions have been added:
|
| Network Connectivity Center |
The following permissions have been added:
|
| Network Connectivity Center |
The following permissions are supported in custom roles:
|
| Network Connectivity Center |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2025-08-29
| Service | Description |
|---|---|
| Vertex AI |
The Vertex AI Telemetry Service Agent role ( |
| Apigee |
The following permissions have been added to the Apigee Organization Admin role (
|
| Apigee |
The following permissions have been added to the Apigee Security Admin role (
|
| API Hub |
The following permissions have been added to the Cloud API Hub Admin role (
|
| API Hub |
The following permissions have been added to the Cloud API hub Provisioning Admin role (
|
| API Hub |
The following permissions have been added to the API-Hub Runtime Project Service Agent role (
|
| App Engine flexible environment |
The following permissions have been added to the App Engine flexible environment Service Agent role (
|
| Google Kubernetes Engine |
The following permissions have been added to the Kubernetes Engine Default Node Service Agent role (
|
| Firestore |
The following permissions have been added to the Cloud Datastore Index Admin role (
|
| Datastream |
The following permissions have been added to the Datastream Service Agent role (
|
| Dialogflow |
The following permissions have been added to the Dialogflow Service Agent role (
|
| Basic Role |
The following permissions have been added to the Editor role (
|
| Identity and Access Management |
The IAM Operation Viewer role ( |
| Identity and Access Management |
The Principal Access Boundary Policy Admin role ( |
| Identity and Access Management |
The Principal Access Boundary Policy User role ( |
| Identity and Access Management |
The Principal Access Boundary Policy Viewer role ( |
| Identity and Access Management |
The Workspace Pool IAM Admin role ( |
| Identity and Access Management |
The following permissions have been added to the Security Admin role (
|
| Identity and Access Management |
The following permissions have been added to the Security Auditor role (
|
| Identity and Access Management |
The following permissions have been added to the Security Reviewer role (
|
| Identity and Access Management |
The following permissions have been added to the Support User role (
|
| Multi-Cluster Ingress |
The following permissions have been added to the Multi Cluster Ingress Service Agent role (
|
| Google Cloud NetApp Volumes |
The Google Cloud NetApp Volumes Data Exporter role (
|
| Google Cloud NetApp Volumes |
The following permissions have been added to the Google Cloud NetApp Volumes Admin role (
|
| Google Cloud NetApp Volumes |
The following permissions have been added to the Google Cloud NetApp Volumes Viewer role (
|
| Network Connectivity Center |
The Multicloud Data Transfer Config Admin role ( |
| Network Connectivity Center |
The Multicloud Data Transfer Config Viewer role ( |
| Network Connectivity Center |
The Destination User role ( |
| Network Connectivity Center |
The Destination Viewer role ( |
| Oracle Database@Google Cloud |
The Oracle Database@Google Cloud Exadata Database Service on Exascale Infrastracture VM Cluster Admin role ( |
| Oracle Database@Google Cloud |
The Oracle Database@Google Cloud Exadata Database Service on Exascale Infrastracture VM Cluster Viewer role ( |
| Oracle Database@Google Cloud |
The Oracle Database@Google Cloud Exadata Database Service on Exascale Infrastracture Storage Vault Admin role ( |
| Oracle Database@Google Cloud |
The Oracle Database@Google Cloud Exadata Database Service on Exascale Infrastracture Storage Vault Viewer role ( |
| Basic Role |
The following permissions have been added to the Owner role (
|
| Retail API |
The following permissions have been added to the Retail Admin role (
|
| Retail API |
The following permissions have been added to the Retail Editor role (
|
| Retail API |
The following permissions have been added to the Retail Merchant Approver role (
|
| Retail API |
The following permissions have been added to the Retail Merchant Creator role (
|
| Retail API |
The following permissions have been added to the Retail Viewer role (
|
| SaaS Service Management |
The following permissions have been added to the SaaS Service Management Service Agent role (
|
| Spanner |
The following permissions have been added to the Cloud Spanner API Service Agent role (
|
| Basic Role |
The following permissions have been added to the Viewer role (
|
| Apigee |
The following permissions have been added:
|
| API Hub |
The following permissions have been added:
|
| Backup and Disaster Recovery |
The following permissions have been added:
|
| Backup and Disaster Recovery |
The following permissions are supported in custom roles:
|
| Bigtable |
The following permissions have reached General Availability (GA):
|
| Capacity Planner |
The following permissions have been added:
|
| Capacity Planner |
The following permissions are supported in custom roles:
|
| Google Security Operations |
The following permissions have been added:
|
| Google Security Operations |
The following permissions are supported in custom roles:
|
| Compute Engine |
The following permissions have reached General Availability (GA):
|
| Eventarc |
The following permissions have been added:
|
| Eventarc |
The following permissions are supported in custom roles:
|
| Cluster Director |
The following permissions have been added:
|
| Cluster Director |
The following permissions are supported in custom roles:
|
| Identity and Access Management |
The following permissions are supported in custom roles:
|
| Identity and Access Management |
The following permissions have reached General Availability (GA):
|
| Identity and Access Management |
The following permissions are supported in custom roles:
|
| Identity and Access Management |
The following permissions have reached General Availability (GA):
|
| Google Cloud NetApp Volumes |
The following permissions have been added:
|
| Google Cloud NetApp Volumes |
The following permissions are supported in custom roles:
|
| Network Connectivity Center |
The following permissions have been added:
|
| Network Connectivity Center |
The following permissions are supported in custom roles:
|
| Network Connectivity Center |
The following permissions have reached General Availability (GA):
|
| Google Cloud Observability |
The following permissions have been added:
|
| Google Cloud Observability |
The following permissions are supported in custom roles:
|
| Oracle Database@Google Cloud |
The following permissions have been added:
|
| Oracle Database@Google Cloud |
The following permissions are supported in custom roles:
|
| Oracle Database@Google Cloud |
The following permissions have reached General Availability (GA):
|
| Privileged Access Manager |
The following permissions have been added:
|
| Privileged Access Manager |
The following permissions are supported in custom roles:
|
| Resource Manager |
The following permissions are supported in custom roles:
|
| Resource Manager |
The following permissions have reached General Availability (GA):
|
| Security Command Center |
The following permissions have been added:
|
| Security Command Center |
The following permissions are supported in custom roles:
|
| VM Migration |
The following permissions have been added:
|
| VM Migration |
The following permissions are supported in custom roles:
|
Cloud IAM changes as of 2025-08-08
| Service | Description |
|---|---|
| Backup and Disaster Recovery |
The following permissions have been added to the Backup and DR Admin role (
|
| Backup and Disaster Recovery |
The following permissions have been added to the Backup and DR User role (
|
| Backup and Disaster Recovery |
The following permissions have been added to the Backup and DR User V2 role (
|
| Backup and Disaster Recovery |
The following permissions have been added to the Backup and DR Viewer role (
|
| Cloud Security Compliance |
The following permissions have been added to the Compliance Manager Admin role (
|
| Cloud Security Compliance |
The following permissions have been added to the Compliance Manager Viewer role (
|
| Compute Engine |
The following permissions have been added to the Compute Future Reservation User role (
|
| Discovery Engine |
The following permissions have been added to the Discovery Engine Service Agent role (
|
| Basic Role |
The following permissions have been added to the Editor role (
|
| Gemini Cloud Assist |
The following permissions have been added to the Gemini Cloud Assist Investigation Admin role (
|
| Gemini Cloud Assist |
The following permissions have been added to the Gemini Cloud Assist Investigation Creator role (
|
| Gemini Cloud Assist |
The following permissions have been added to the Gemini Cloud Assist Investigation Editor role (
|
| Gemini Cloud Assist |
The following permissions have been added to the Gemini Cloud Assist Investigation Owner role (
|
| Gemini Cloud Assist |
The following permissions have been added to the Gemini Cloud Assist Investigation User role (
|
| Gemini Cloud Assist |
The following permissions have been added to the Gemini Cloud Assist Investigation Viewer role (
|
| Network Services |
The following permissions have been added to the Service Extensions Admin role (
|
| Basic Role |
The following permissions have been added to the Owner role (
|
| Security Command Center |
The following permissions have been added to the Security Center Admin role (
|
| Security Command Center |
The following permissions have been added to the Security Center Admin Editor role (
|
| Security Command Center |
The following permissions have been added to the Security Center Admin Viewer role (
|
| Spanner |
The following permissions have been added to the Cloud Spanner API Service Agent role (
|
| Basic Role |
The following permissions have been added to the Viewer role (
|
| VM Migration |
The following permissions have been added to the VM Migration Service Agent role (
|
| Backup and Disaster Recovery |
The following permissions have been added:
|
| Cloud Security Compliance |
The following permissions have been added:
|
| Cloud Security Compliance |
The following permissions are supported in custom roles:
|
| Data Lineage API |
The following permissions have been added:
|
| Data Lineage API |
The following permissions are supported in custom roles:
|
| Data Lineage API |
The following permissions have reached General Availability (GA):
|
| Data Security Posture Management |
The following permissions have been added:
|
| Data Security Posture Management |
The following permissions are supported in custom roles:
|
| Google Cloud Observability |
The following permissions have been added:
|
| Google Cloud Observability |
The following permissions are supported in custom roles:
|
| Telemetry API |
The following permissions have been added:
|
| Telemetry API |
The following permissions are supported in custom roles:
|
IAM changes as of 2025-08-01
| Service | Description |
|---|---|
| AlloyDB for PostgreSQL |
The following permissions have been added to the Cloud AlloyDB Admin role (
|
| AlloyDB for PostgreSQL |
The following permissions have been added to the Cloud AlloyDB Database User role (
|
| Google Security Operations |
The following permissions have been added to the Chronicle API Editor role (
|
| Google Security Operations |
The following permissions have been added to the Chronicle API Limited Viewer role (
|
| Google Security Operations |
The following permissions have been added to the Chronicle API Restricted Data Access Viewer role (
|
| Cloud SQL |
The following permissions have been added to the Cloud SQL Admin role (
|
| Cloud SQL |
The following permissions have been added to the Cloud SQL Studio User role (
|
| Cloud Composer |
The following permissions have been added to the Cloud Composer API Service Agent role (
|
| Compute Engine |
The following permissions have been added to the Compute Engine Service Agent role (
|
| Sensitive Data Protection |
The following permissions have been added to the DLP Organization Data Profiles Driver role (
|
| Sensitive Data Protection |
The following permissions have been added to the DLP Project Data Profiles Driver role (
|
| Basic Role |
The following permissions have been added to the Editor role (
|
| Gemini Data Analytics |
The following permissions have been added to the Gemini Data Analytics Data Agent Creator role (
|
| Gemini Data Analytics |
The following permissions have been added to the Gemini Data Analytics Data Agent Editor role (
|
| Google Cloud Observability |
The Observability Service Agent role ( |
| VM Migration |
The following permissions have been added to the VM Migration Service Agent role (
|
| Cloud Workstations |
The following permissions have been added to the Workstations Service Agent role (
|
| Google Security Operations |
The following permissions have been added:
|
| Google Security Operations |
The following permissions are supported in custom roles:
|
| Firebase App Check |
The following permissions have been added:
|
| Firebase App Check |
The following permissions are supported in custom roles:
|
| Firebase App Check |
The following permissions have reached General Availability (GA):
|
| Cloud Integrations |
The following permissions have been added:
|
| Cloud Integrations |
The following permissions have reached General Availability (GA):
|
| Network Security |
The following permissions have been added:
|
IAM changes as of 2025-07-25
| Service | Description |
|---|---|
| Vertex AI |
The following permissions have been added to the Vertex AI Extension Custom Code Service Agent role (
|
| Vertex AI |
The following permissions have been added to the Vertex AI Service Agent role (
|
| Cloud Service Mesh |
The following permissions have been added to the Anthos Service Mesh Service Agent role (
|
| Apigee |
The following permissions have been added to the Apigee Service Agent role (
|
| Audit Manager |
The following permissions have been added to the Audit Manager Auditing Service Agent role (
|
| Batch |
The following permissions have been added to the Google Batch Service Agent role (
|
| Commerce Business Enablement |
The following permissions have been added to the Commerce Business Enablement Configuration Admin role (
|
| Cloud Composer |
The following permissions have been added to the Environment and Storage Object Administrator role (
|
| Data Catalog |
The following permissions have been added to the Data Catalog Admin role (
|
| Data Catalog |
The following permissions have been added to the DataCatalog Data Steward role (
|
| Data Catalog |
The following permissions have been added to the DataCatalog EntryGroup Creator role (
|
| Data Catalog |
The following permissions have been added to the DataCatalog EntryGroup Owner role (
|
| Data Catalog |
The following permissions have been added to the DataCatalog Entry Owner role (
|
| Data Catalog |
The following permissions have been added to the DataCatalog Entry Viewer role (
|
| Data Catalog |
The following permissions have been added to the Data Catalog Tag Editor role (
|
| Data Catalog |
The following permissions have been added to the Data Catalog TagTemplate Creator role (
|
| Data Catalog |
The following permissions have been added to the Data Catalog TagTemplate Owner role (
|
| Data Catalog |
The following permissions have been added to the Data Catalog TagTemplate User role (
|
| Data Catalog |
The following permissions have been added to the Data Catalog TagTemplate Viewer role (
|
| Data Catalog |
The following permissions have been added to the Data Catalog Viewer role (
|
| Data Pipelines |
The following permissions have been added to the Datapipelines Service Agent role (
|
| Dataprep by Trifacta |
The following permissions have been added to the Dataprep Service Agent role (
|
| Dataproc |
The following permissions have been added to the Dataproc Service Agent role (
|
| Application Design Center |
The following permissions have been added to the Application Design Center Admin role (
|
| Application Design Center |
The following permissions have been added to the DesignCenter Service Agent role (
|
| Application Design Center |
The following permissions have been added to the Application Design Center User role (
|
| Sensitive Data Protection |
The following permissions have been added to the DLP Organization Data Profiles Driver role (
|
| Sensitive Data Protection |
The following permissions have been added to the DLP Project Data Profiles Driver role (
|
| Sensitive Data Protection |
The following permissions have been added to the DLP API Service Agent role (
|
| Distributed Cloud Edge Container |
The Edge Container Service Account Admin role (
|
| Distributed Cloud Edge Container |
The Edge Container Service Account Key Admin role (
|
| Distributed Cloud Edge Container |
The Edge Container Service Account Viewer role (
|
| Distributed Cloud Edge Container |
The Edge Container Zone Iam Policy Admin role (
|
| Distributed Cloud Edge Container |
The Edge Container Zone Iam Policy Viewer role (
|
| Distributed Cloud Edge Container |
The Edge Container Zone Viewer role (
|
| Firebase |
The following permissions have been added to the Firebase Admin role (
|
| Firebase |
The following permissions have been added to the Firebase Develop Admin role (
|
| Firebase |
The following permissions have been added to the Firebase Admin SDK Administrator Service Agent role (
|
| Gemini Cloud Assist |
The following permissions have been added to the Gemini Cloud Assist User role (
|
| AI Platform |
The following permissions have been added to the AI Platform Service Agent role (
|
| Network Services |
The following permissions have been added to the Service Extensions Admin role (
|
| Network Services |
The following permissions have been added to the Service Extensions Viewer role (
|
| Google Cloud Observability |
The following permissions have been added to the Observability Admin role (
|
| Google Cloud Observability |
The following permissions have been added to the Observability Editor role (
|
| Oracle Database@Google Cloud |
The Oracle Database@Google Network Admin role (
|
| Oracle Database@Google Cloud |
The Oracle Database@Google ODB Network Admin role ( |
| Oracle Database@Google Cloud |
The Oracle Database@Google ODB Network Viewer role ( |
| Oracle Database@Google Cloud |
The Oracle Database@Google ODB Subnet Admin role ( |
| Oracle Database@Google Cloud |
The Oracle Database@Google ODB Subnet User role ( |
| Oracle Database@Google Cloud |
The Oracle Database@Google ODB Subnet Viewer role ( |
| Oracle Database@Google Cloud |
The following permissions have been added to the Oracle Database@Google Cloud Autonomous Database Admin role (
|
| Oracle Database@Google Cloud |
The following permissions have been added to the Oracle Database@Google Cloud VM Cluster Admin role (
|
| Privileged Access Manager |
The following permissions have been added to the Privileged Access Manager Organization Service Agent role (
|
| Privileged Access Manager |
The following permissions have been added to the Privileged Access Manager Project Service Agent role (
|
| Privileged Access Manager |
The following permissions have been added to the Privileged Access Manager Service Agent role (
|
| Pub/Sub |
The following permissions have been added to the Cloud Pub/Sub Service Agent role (
|
| Cloud Storage |
The following permissions have been added to the Storage Admin role (
|
| Cloud Storage |
The following permissions have been added to the Storage Object Admin role (
|
| Cloud Storage |
The following permissions have been added to the Storage Object User role (
|
| Visual Inspection AI |
The following permissions have been added to the Visual Inspection AI Service Agent role (
|
| Google Cloud VMware Engine |
The VMware Engine Service Privileged User role ( |
| API Management |
The following permissions have been added:
|
| API Management |
The following permissions are supported in custom roles:
|
| Backup and Disaster Recovery |
The following permissions have been added:
|
| Backup and Disaster Recovery |
The following permissions have been added:
|
| BigQuery |
The following permissions have been added:
|
| BigQuery |
The following permissions are supported in custom roles:
|
| BigQuery Reservation API |
The following permissions have been added:
|
| BigQuery Reservation API |
The following permissions are supported in custom roles:
|
| Google Security Operations |
The following permissions have been added:
|
| Google Security Operations |
The following permissions are supported in custom roles:
|
| Cloud Security Compliance |
The following permissions have been added:
|
| Cloud Security Compliance |
The following permissions are supported in custom roles:
|
| Compute Engine |
The following permissions have been added:
|
| Compute Engine |
The following permissions are supported in custom roles:
|
| Data Security Posture Management |
The following permissions have been added:
|
| Data Security Posture Management |
The following permissions are supported in custom roles:
|
| Google Cloud Observability |
The following permissions have been added:
|
| Google Cloud Observability |
The following permissions are supported in custom roles:
|
| Oracle Database@Google Cloud |
The following permissions have been added:
|
| Oracle Database@Google Cloud |
The following permissions are supported in custom roles:
|
| Oracle Database@Google Cloud |
The following permissions have reached General Availability (GA):
|
| Cloud Run |
The following permissions have been added:
|
| Cloud Run |
The following permissions are supported in custom roles:
|
| Security Command Center |
The following permissions have been added:
|
| Security Command Center |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2025-07-18
| Service | Description |
|---|---|
| Cloud Security Compliance |
The following permissions have been added to the Cloud Security Compliance Service Agent role (
|
| Compute Engine |
The following permissions have been added to the Compute Future Reservation Admin role (
|
| Dataproc |
The following permissions have been added to the Dataproc Service Agent role (
|
| Firestore |
The Cloud Datastore Clone Admin role ( |
| Backup for GKE |
The following permissions have been added to the Backup for GKE Service Agent role (
|
| Oracle Database@Google Cloud service agent |
The following permissions have been added to the Oracle Database@Google Cloud Service Agent role (
|
| Vertex AI |
The following permissions have been added:
|
| Backup and Disaster Recovery |
The following permissions have been added:
|
| Bigtable |
The following permissions have been added:
|
| Cloud SQL |
The following permissions have been added:
|
| Cloud SQL |
The following permissions are supported in custom roles:
|
| Cloud SQL |
The following permissions have reached General Availability (GA):
|
| Firestore |
The following permissions have been added:
|
| Firestore |
The following permissions have reached General Availability (GA):
|
| Discovery Engine |
The following permissions have been added:
|
| Discovery Engine |
The following permissions are supported in custom roles:
|
IAM changes as of 2025-07-11
| Service | Description |
|---|---|
| Vertex AI |
The following permissions have been added to the Vertex AI Colab Service Agent role (
|
| Vertex AI |
The following permissions have been added to the Vertex AI Platform Express Admin role (
|
| Vertex AI |
The following permissions have been added to the Vertex AI Platform Express User role (
|
| Vertex AI |
The following permissions have been added to the Vertex AI Tuning Service Agent role (
|
| Cloud Service Mesh |
The following permissions have been added to the Anthos Service Mesh Service Agent role (
|
| BigQuery |
The following permissions have been added to the BigQuery Admin role (
|
| BigQuery |
The following permissions have been added to the BigQuery Data Editor role (
|
| BigQuery |
The following permissions have been added to the BigQuery Data Owner role (
|
| BigQuery |
The following permissions have been added to the BigQuery Data Viewer role (
|
| BigQuery |
The following permissions have been added to the BigQuery Studio Admin role (
|
| Database Center |
The Database Center Admin role ( |
| Database Center |
The Database Center Viewer role ( |
| Dataflow |
The following permissions have been added to the Cloud Dataflow Service Agent role (
|
| Cloud Data Fusion |
The following permissions have been added to the Cloud Data Fusion API Service Agent role (
|
| Dataplex Universal Catalog |
The following permissions have been added to the Cloud Dataplex Service Agent role (
|
| Dataprep by Trifacta |
The following permissions have been added to the Dataprep Service Agent role (
|
| Discovery Engine |
The following permissions have been added to the Discovery Engine Service Agent role (
|
| Sensitive Data Protection |
The following permissions have been added to the DLP Organization Data Profiles Driver role (
|
| Sensitive Data Protection |
The following permissions have been added to the DLP Project Data Profiles Driver role (
|
| Sensitive Data Protection |
The following permissions have been added to the DLP API Service Agent role (
|
| Data Security Posture Management |
The following permissions have been added to the DSPM Service Agent role (
|
| Distributed Cloud Edge Container |
The Zonal Project Admin role ( |
| Distributed Cloud Edge Container |
The Identity Provider Viewer role ( |
| Distributed Cloud Edge Container |
The Zonal Project Admin role ( |
| Distributed Cloud Edge Container |
The Zonal Project Viewer role ( |
| Distributed Cloud Edge Container |
The Zonal Service Admin role ( |
| Distributed Cloud Edge Container |
The Zonal Service Viewer role ( |
| Distributed Cloud Edge Container |
The following permissions have been added to the Edge Container Admin role (
|
| Distributed Cloud Edge Container |
The following permissions have been added to the Edge Container Viewer role (
|
| Basic Role |
The following permissions have been added to the Editor role (
|
| Firebase |
The following permissions have been added to the Firebase Service Management Service Agent role (
|
| GKE Multi-Cloud |
The following permissions have been added to the Anthos Multi-cloud Telemetry Writer role (
|
| Identity and Access Management |
The following permissions have been added to the Security Admin role (
|
| Identity and Access Management |
The following permissions have been added to the Security Reviewer role (
|
| Service Extensions |
The following permissions have been added to the Network Actions Service Agent role (
|
| Basic Role |
The following permissions have been added to the Owner role (
|
| Cloud Run |
The Cloud Run Builder role ( |
| Cloud Run |
The Cloud Run Source Developer role ( |
| Cloud Run |
The Cloud Run Source Viewer role ( |
| Cloud Run |
The following permissions have been added to the Cloud Run Service Agent role (
|
| Security Command Center |
The Security Center Issues Editor role ( |
| Security Command Center |
The Security Center Issues Viewer role ( |
| Security Command Center |
The following permissions have been added to the Security Center Admin role (
|
| Security Command Center |
The following permissions have been added to the Security Center Admin Editor role (
|
| Security Command Center |
The following permissions have been added to the Security Center Admin Viewer role (
|
| Cloud Run |
The following permissions have been added to the Cloud Run Service Agent role (
|
| Storage Transfer Service |
The following permissions have been added to the Storage Transfer Agent role (
|
| Basic Role |
The following permissions have been added to the Viewer role (
|
| Cloud Workstations |
The following permissions have been added to the Workstations Service Agent role (
|
| Vertex AI |
The following permissions have been added:
|
| Compute Engine |
The following permissions have been added:
|
| Compute Engine |
The following permissions are supported in custom roles:
|
| Conversational Insights |
The following permissions have been added:
|
| Conversational Insights |
The following permissions are supported in custom roles:
|
| Database Center |
The following permissions have reached General Availability (GA):
|
| Distributed Cloud Edge Container |
The following permissions have been added:
|
| Distributed Cloud Edge Container |
The following permissions are supported in custom roles:
|
| Distributed Cloud Edge Container |
The following permissions have reached General Availability (GA):
|
| Dataproc Metastore |
The following permissions have been added:
|
| Dataproc Metastore |
The following permissions have reached General Availability (GA):
|
| reCAPTCHA |
The following permissions have been added:
|
| reCAPTCHA |
The following permissions have reached General Availability (GA):
|
| Secure Source Manager |
The following permissions have been added:
|
| Security Command Center |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2025-06-27
| Service | Description |
|---|---|
| AlloyDB for PostgreSQL |
The following permissions have been added to the Cloud AlloyDB Client role (
|
| API Hub |
The following permissions have been added to the API-Hub Runtime Project Service Agent role (
|
| Cloud Security Compliance |
The following permissions have been added to the Cloud Security Compliance Service Agent role (
|
| Cloud TPU |
The following permissions have been added to the Cloud TPU V2 API Service Agent role (
|
| Cloud Composer |
The following permissions have been added to the Cloud Composer API Service Agent role (
|
| Compute Engine |
The following permissions have been added to the Compute Network Admin role (
|
| Google Kubernetes Engine |
The following permissions have been added to the Kubernetes Engine Service Agent role (
|
| Dataflow |
The following permissions have been added to the Cloud Dataflow Service Agent role (
|
| Sensitive Data Protection |
The following permissions have been added to the DLP Organization Data Profiles Driver role (
|
| Sensitive Data Protection |
The following permissions have been added to the DLP Project Data Profiles Driver role (
|
| Basic Role |
The following permissions have been added to the Viewer role (
|
| API Hub |
The following permissions have been added:
|
| BigLake |
The following permissions have been added:
|
| BigLake |
The following permissions are supported in custom roles:
|
| Google Security Operations |
The following permissions have been added:
|
| Google Security Operations |
The following permissions are supported in custom roles:
|
| Data Lineage API |
The following permissions have been added:
|
| Data Lineage API |
The following permissions are supported in custom roles:
|
| Data Lineage API |
The following permissions have reached General Availability (GA):
|
| Gemini Data Analytics |
The following permissions have been added:
|
| Gemini Data Analytics |
The following permissions are supported in custom roles:
|
IAM changes as of 2025-06-20
| Service | Description |
|---|---|
| AlloyDB for PostgreSQL |
The following permissions have been added to the Cloud AlloyDB Client role (
|
| API Hub |
The following permissions have been added to the API-Hub Runtime Project Service Agent role (
|
| Cloud Security Compliance |
The following permissions have been added to the Cloud Security Compliance Service Agent role (
|
| Cloud TPU |
The following permissions have been added to the Cloud TPU V2 API Service Agent role (
|
| Cloud Composer |
The following permissions have been added to the Cloud Composer API Service Agent role (
|
| Compute Engine |
The following permissions have been added to the Compute Network Admin role (
|
| Google Kubernetes Engine |
The following permissions have been added to the Kubernetes Engine Service Agent role (
|
| Dataflow |
The following permissions have been added to the Cloud Dataflow Service Agent role (
|
| Sensitive Data Protection |
The following permissions have been added to the DLP Organization Data Profiles Driver role (
|
| Sensitive Data Protection |
The following permissions have been added to the DLP Project Data Profiles Driver role (
|
| Basic Role |
The following permissions have been added to the Viewer role (
|
| API Hub |
The following permissions have been added:
|
| BigLake |
The following permissions have been added:
|
| BigLake |
The following permissions are supported in custom roles:
|
| Google Security Operations |
The following permissions have been added:
|
| Google Security Operations |
The following permissions are supported in custom roles:
|
| Data Lineage API |
The following permissions have been added:
|
| Data Lineage API |
The following permissions are supported in custom roles:
|
| Data Lineage API |
The following permissions have reached General Availability (GA):
|
| Gemini Data Analytics |
The following permissions have been added:
|
| Gemini Data Analytics |
The following permissions are supported in custom roles:
|
IAM changes as of 2025-06-13
| Service | Description |
|---|---|
| Backup and Disaster Recovery |
The following permissions have been added to the Backup and DR Backup User role (
|
| Backup and Disaster Recovery |
The following permissions have been added to the Backup and DR Service Agent role (
|
| Google Security Operations |
The following permissions have been added to the Chronicle SOAR Service Agent role (
|
| Compliance Scanning |
The following permissions have been added to the Compliance Scanning Service Agent role (
|
| Compute Engine |
The following permissions have been added to the Compute Engine Service Agent role (
|
| Datastream |
The Datastream Bigquery Writer role ( |
| Discovery Engine |
The following permissions have been added to the Discovery Engine User role (
|
| Multi-Cluster Ingress |
The following permissions have been added to the Multi Cluster Ingress Service Agent role (
|
| Google Cloud Observability |
The following permissions have been added to the Observability Analytics User role (
|
| Security Command Center |
The following permissions have been added to the Security Center Control Service Agent role (
|
| Security Command Center |
The following permissions have been added to the Google Cloud Security Response Service Agent role (
|
| Security Command Center |
The following permissions have been added to the Security Center Service Agent role (
|
| Google Security Operations |
The following permissions have been added:
|
| Google Security Operations |
The following permissions are supported in custom roles:
|
| Cloud Run functions |
The following permissions have reached General Availability (GA):
|
| Identity and Access Management |
The following permissions have been added:
|
| Identity and Access Management |
The following permissions are supported in custom roles:
|
| Identity and Access Management |
The following permissions have reached General Availability (GA):
|
| Google Cloud Observability |
The following permissions are supported in custom roles:
|
IAM changes as of 2025-06-06
| Service | Description |
|---|---|
| Vertex AI |
The following permissions have been added to the Vertex AI Service Agent role (
|
| Google Workspace Marketplace |
The following permissions have been added to the Workspace Marketplace App Configuration Admin role (
|
| Cloud Quotas |
The Cloud Quotas Admin role ( |
| Cloud Quotas |
The Cloud Quotas Viewer role ( |
| Compute Engine |
The Interconnect Attachment Group Analyzer role ( |
| Compute Engine |
The Interconnect Group Analyzer role ( |
| Dataform |
The following permissions have been added to the Code Commenter role (
|
| Discovery Engine |
The following permissions have been added to the Discovery Engine User role (
|
| Basic Role |
The following permissions have been added to the Editor role (
|
| Google Cloud Managed Service for Apache Kafka |
The following permissions have been added to the Managed Kafka Admin role (
|
| Google Cloud Managed Service for Apache Kafka |
The following permissions have been added to the Schema Registry Admin role (
|
| Basic Role |
The following permissions have been added to the Owner role (
|
| Cloud Location Finder |
The following permissions have been added:
|
| Cloud Location Finder |
The following permissions are supported in custom roles:
|
| Cloud Quotas |
The following permissions have reached General Availability (GA):
|
| Discovery Engine |
The following permissions have been added:
|
| Discovery Engine |
The following permissions are supported in custom roles:
|
| Discovery Engine |
The following permissions have reached General Availability (GA):
|
| Google Distributed Cloud |
The following permissions have been added:
|
| Google Distributed Cloud |
The following permissions have reached General Availability (GA):
|
| Google Cloud Managed Service for Apache Kafka |
The following permissions have been added:
|
| Network Services |
The following permissions have been added:
|
| Network Services |
The following permissions are supported in custom roles:
|
| Recommender |
The following permissions have been added:
|
| Recommender |
The following permissions are supported in custom roles:
|
IAM changes as of 2025-05-30
| Service | Description |
|---|---|
| BigQuery |
The following permissions have been added to the BigQuery Studio Admin role (
|
| BigQuery |
The following permissions have been added to the BigQuery Studio User role (
|
| Application Design Center |
The following permissions have been added to the Application Admin role (
|
| Application Design Center |
The following permissions have been added to the Application Editor role (
|
| Developer Connect |
The Developer Connect Service Agent role ( |
| Retail API |
The following permissions have been added to the Retail Admin role (
|
| Retail API |
The following permissions have been added to the Retail Editor role (
|
| Retail API |
The following permissions have been added to the Retail Merchant Approver role (
|
| Retail API |
The following permissions have been added to the Retail Merchant Creator role (
|
| Retail API |
The following permissions have been added to the Retail Viewer role (
|
| Bigtable |
The following permissions are supported in custom roles:
|
| Cloud Key Management Service |
The following permissions have been added:
|
| Cloud Key Management Service |
The following permissions are supported in custom roles:
|
| Discovery Engine |
The following permissions have been added:
|
| Discovery Engine |
The following permissions are supported in custom roles:
|
| Cloud Monitoring |
The following permissions have been added:
|
| Cloud Monitoring |
The following permissions have reached General Availability (GA):
|
| Retail API |
The following permissions have been added:
|
IAM changes as of 2025-05-23
| Service | Description |
|---|---|
| BigQuery |
The following permissions have been added to the BigQuery Studio Admin role (
|
| BigQuery |
The following permissions have been added to the BigQuery Studio User role (
|
| Application Design Center |
The following permissions have been added to the Application Admin role (
|
| Application Design Center |
The following permissions have been added to the Application Editor role (
|
| Developer Connect |
The Developer Connect Service Agent role ( |
| Retail API |
The following permissions have been added to the Retail Admin role (
|
| Retail API |
The following permissions have been added to the Retail Editor role (
|
| Retail API |
The following permissions have been added to the Retail Merchant Approver role (
|
| Retail API |
The following permissions have been added to the Retail Merchant Creator role (
|
| Retail API |
The following permissions have been added to the Retail Viewer role (
|
| Bigtable |
The following permissions are supported in custom roles:
|
| Cloud Key Management Service |
The following permissions have been added:
|
| Cloud Key Management Service |
The following permissions are supported in custom roles:
|
| Discovery Engine |
The following permissions have been added:
|
| Discovery Engine |
The following permissions are supported in custom roles:
|
| Cloud Monitoring |
The following permissions have been added:
|
| Cloud Monitoring |
The following permissions have reached General Availability (GA):
|
| Retail API |
The following permissions have been added:
|
IAM changes as of 2025-05-16
| Service | Description |
|---|---|
| Vertex AI |
The following permissions have been added to the Vertex AI Colab Service Agent role (
|
| Apigee |
The following permissions have been added to the Apigee Service Agent role (
|
| Google Security Operations |
The following permissions have been added to the Chronicle API Admin role (
|
| Conversational Insights |
The following permissions have been added to the Contact Center AI Insights editor role (
|
| Google Kubernetes Engine |
The following permissions have been added to the Kubernetes Engine Host Service Agent User role (
|
| Distributed Cloud Edge Container |
The following permissions have been added to the Edge Container Cluster Service Agent role (
|
| ML Kit for Firebase |
The following permissions have been added to the Firebase Machine Learning Service Agent role (
|
| Google Security Operations |
The following permissions have been added:
|
| Google Security Operations |
The following permissions are supported in custom roles:
|
| Compute Engine |
The following permissions have been added:
|
| Compute Engine |
The following permissions are supported in custom roles:
|
| Compute Engine |
The following permissions have reached General Availability (GA):
|
| Cloud Config Manager API |
The following permissions have been added:
|
| Cloud Config Manager API |
The following permissions are supported in custom roles:
|
| Conversational Insights |
The following permissions have reached General Availability (GA):
|
| Dataplex Universal Catalog |
The following permissions have been added:
|
| Dataplex Universal Catalog |
The following permissions are supported in custom roles:
|
| Dataplex Universal Catalog |
The following permissions have reached General Availability (GA):
|
| Vertex AI in Firebase |
The following permissions have been added:
|
| Vertex AI in Firebase |
The following permissions are supported in custom roles:
|
| Gemini Cloud Assist |
The following permissions have been added:
|
| Gemini Cloud Assist |
The following permissions are supported in custom roles:
|
| Live Stream |
The following permissions have been added:
|
| Live Stream |
The following permissions are supported in custom roles:
|
| Live Stream |
The following permissions have reached General Availability (GA):
|
| Network Connectivity Center |
The following permissions have been added:
|
| Network Connectivity Center |
The following permissions are supported in custom roles:
|
| Network Connectivity Center |
The following permissions have reached General Availability (GA):
|
| Recommender |
The following permissions have been added:
|
| Recommender |
The following permissions are supported in custom roles:
|
| Google Cloud VMware Engine |
The following permissions have been added:
|
| Google Cloud VMware Engine |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2025-05-09
| Service | Description |
|---|---|
| Vertex AI |
The following permissions have been added to the Vertex AI Colab Service Agent role (
|
| Gemini for Google Cloud API |
The Code Repository Indexes Admin role ( |
| Gemini for Google Cloud API |
The Code Repository Indexes Viewer role ( |
| Gemini for Google Cloud API |
The Repository Groups User role ( |
| Gemini for Google Cloud API |
The Gemini for Google Cloud Settings Admin role ( |
| Gemini for Google Cloud API |
The Gemini for Google Cloud Settings User role ( |
| Gemini for Google Cloud API |
The Gemini for Google Cloud User role ( |
| Gemini for Google Cloud API |
The following permissions have been added to the Gemini Code Assist Tools User role (
|
| Cloud Deploy |
The Cloud Deploy Policy Admin role ( |
| Cloud Deploy |
The Cloud Deploy Policy Overrider role ( |
| Cloud Security Compliance |
The Cloud Security Compliance Service Agent role ( |
| Cloud SQL |
The following permissions have been added to the Cloud SQL Admin role (
|
| Distributed Cloud Edge Container |
The following permissions have been removed from the Edge Container Cluster Service Agent role (
|
| Backup and Disaster Recovery |
The following permissions have been added:
|
| Backup and Disaster Recovery |
The following permissions are supported in custom roles:
|
| Gemini for Google Cloud API |
The following permissions have reached General Availability (GA):
|
| Cloud Deploy |
The following permissions have reached General Availability (GA):
|
| Conversational Insights |
The following permissions have reached General Availability (GA):
|
| Dataplex Universal Catalog |
The following permissions have been added:
|
| Dataplex Universal Catalog |
The following permissions are supported in custom roles:
|
| Dataplex Universal Catalog |
The following permissions have reached General Availability (GA):
|
| Network Security |
The following permissions have been added:
|
| Network Security |
The following permissions are supported in custom roles:
|
| Pub/Sub |
The following permissions have been added:
|
| Pub/Sub |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2025-05-02
| Service | Description |
|---|---|
| API Hub |
The following permissions have been added to the API-Hub Runtime Project Service Agent role (
|
| Firebase Test Lab |
The following permissions have been added to the Firebase Test Lab Direct Access Viewer role (
|
| Conversational Insights |
The following permissions have been added to the Contact Center AI Insights Admin role (
|
| Conversational Insights |
The following permissions have been added to the Contact Center AI Insights editor role (
|
| Conversational Insights |
The following permissions have been added to the Contact Center AI Insights viewer role (
|
| Database Migration Service |
The following permissions have been added to the Database Migration Service Agent role (
|
| Device Streaming API |
The Device Streaming Admin role ( |
| Device Streaming API |
The Device Streaming Viewer role ( |
| Dialogflow |
The following permissions have been added to the Dialogflow Service Agent role (
|
| Discovery Engine |
The Discovery Engine User role ( |
| Data Security Posture Management |
The following permissions have been added to the DSPM Service Agent role (
|
| Basic Role |
The following permissions have been added to the Editor role (
|
| Identity and Access Management |
The Service Account API Key Binding Admin role ( |
| Identity and Access Management |
The following permissions have been added to the Security Admin role (
|
| Identity and Access Management |
The following permissions have been added to the Security Reviewer role (
|
| Basic Role |
The following permissions have been added to the Owner role (
|
| Service Management |
The Service Checker role ( |
| Basic Role |
The following permissions have been added to the Viewer role (
|
| Compute Engine |
The following permissions have been added:
|
| Compute Engine |
The following permissions are supported in custom roles:
|
| Compute Engine |
The following permissions have reached General Availability (GA):
|
| Conversational Insights |
The following permissions have been added:
|
| Conversational Insights |
The following permissions are supported in custom roles:
|
| Device Streaming API |
The following permissions have been added:
|
| Device Streaming API |
The following permissions are supported in custom roles:
|
| Device Streaming API |
The following permissions have reached General Availability (GA):
|
| Network Security |
The following permissions have been added:
|
| Network Security |
The following permissions are supported in custom roles:
|
IAM changes as of 2025-04-04
| Service | Description |
|---|---|
| Vertex AI |
The following permissions have been added to the Vertex AI Reasoning Engine Service Agent role (
|
| Vertex AI |
The following permissions have been added to the Vertex AI Service Agent role (
|
| Cloud Service Mesh |
The following permissions have been added to the Anthos Service Mesh Service Agent role (
|
| Apigee |
The following permissions have been added to the Apigee Organization Admin role (
|
| Apigee |
The following permissions have been added to the Apigee API Admin role (
|
| Apigee |
The following permissions have been added to the Apigee API Reader role (
|
| API Hub |
The following permissions have been added to the API-Hub Runtime Project Service Agent role (
|
| App Hub |
The following permissions have been removed from the App Management Viewer role (
|
| Backup and Disaster Recovery |
The following permissions have been added to the Backup and DR Service Agent role (
|
| Cloud Billing |
The Project Billing Costs Manager role ( |
| Cloud Build |
The following permissions have been added to the Cloud Build Service Agent role (
|
| Cloud Run functions |
The following permissions have been added to the Cloud Functions Admin role (
|
| Cloud Run functions |
The following permissions have been added to the Cloud Functions Developer role (
|
| Cloud Run functions |
The following permissions have been added to the Cloud Functions Viewer role (
|
| Cloud Hub |
The following permissions have been removed from the Cloud Hub Operator role (
|
| Google Kubernetes Engine |
The following permissions have been added to the Kubernetes Engine Cluster Admin role (
|
| Google Kubernetes Engine |
The following permissions have been added to the Kubernetes Engine Cluster Viewer role (
|
| Data Catalog |
The DataCatalog Migration Config Admin role ( |
| Dataform |
The following permissions have been added to the Code Editor role (
|
| Dataform |
The following permissions have been added to the Code Owner role (
|
| Dataform |
The following permissions have been added to the Code Viewer role (
|
| Dataplex Universal Catalog |
The Dataplex Entry Group Exporter role ( |
| Dataproc |
The following permissions have been added to the Dataproc Serverless Node. role (
|
| Dataproc |
The following permissions have been added to the Dataproc Worker role (
|
| Firestore |
The Cloud Datastore User Creds Admin role ( |
| Firestore |
The Cloud Datastore User Creds Viewer role ( |
| Data Security Posture Management |
The following permissions have been added to the DSPM Service Agent role (
|
| Firebase |
The following permissions have been added to the Firebase Admin role (
|
| Firebase |
The following permissions have been added to the Firebase Develop Admin role (
|
| Firebase |
The following permissions have been added to the Firebase Develop Viewer role (
|
| Firebase |
The following permissions have been added to the Firebase Viewer role (
|
| Parameter Manager |
The Parameter Manager Admin role ( |
| Parameter Manager |
The Parameter Manager Parameter Accessor role ( |
| Parameter Manager |
The Parameter Manager Parameter Version Adder role ( |
| Parameter Manager |
The Parameter Manager Parameter Version Manager role ( |
| Parameter Manager |
The Parameter Manager Parameter Viewer role ( |
| Remoting Cloud |
The following permissions have been added to the Remoting Cloud Service Agent role (
|
| Vertex AI |
The following permissions have been added:
|
| BigQuery |
The following permissions have been added:
|
| BigQuery |
The following permissions are supported in custom roles:
|
| Bigtable |
The following permissions have been added:
|
| Cloud Billing |
The following permissions have been added:
|
| Cloud Billing |
The following permissions are supported in custom roles:
|
| Cloud Billing |
The following permissions have reached General Availability (GA):
|
| Google Security Operations |
The following permissions have been added:
|
| Google Security Operations |
The following permissions are supported in custom roles:
|
| Google Security Operations |
The following permissions have reached General Availability (GA):
|
| Cloud Run functions |
The following permissions have been added:
|
| Compute Engine |
The following permissions have been added:
|
| Compute Engine |
The following permissions are supported in custom roles:
|
| Data Catalog |
The following permissions have reached General Availability (GA):
|
| Dataplex Universal Catalog |
The following permissions have reached General Availability (GA):
|
| Firestore |
The following permissions have been added:
|
| Firestore |
The following permissions are supported in custom roles:
|
| Firestore |
The following permissions have reached General Availability (GA):
|
| Model Armor |
The following permissions have been added:
|
| Parameter Manager |
The following permissions have reached General Availability (GA):
|
| Recommender |
The following permissions have been added:
|
| Recommender |
The following permissions are supported in custom roles:
|
| Resource Manager |
The following permissions have been added:
|
| Resource Manager |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2025-03-28
| Service | Description |
|---|---|
| Apigee |
The following permissions have been added to the Apigee Space Console User role (
|
| App Hub |
The following permissions have been added to the App Management Viewer role (
|
| Artifact Registry |
The following permissions have been added to the Container Registry -> Artifact Registry Migration Admin role (
|
| BigQuery |
The BigQuery ObjectRef Admin role ( |
| BigQuery |
The BigQuery ObjectRef Reader role ( |
| BigQuery |
The following permissions have been added to the BigQuery Studio Admin role (
|
| BigQuery |
The following permissions have been added to the BigQuery Studio User role (
|
| Cloud Data Fusion |
The following permissions have been added to the Cloud Data Fusion API Service Agent role (
|
| Dataproc |
The following permissions have been added to the Dataproc Administrator role (
|
| Dataproc |
The following permissions have been added to the Dataproc Editor role (
|
| Dataproc |
The following permissions have been added to the Dataproc serverless session user permissions role (
|
| Dataproc |
The following permissions have been added to the Dataproc Serverless Node. role (
|
| Dataproc |
The following permissions have been added to the Dataproc Worker role (
|
| Cyber Insurance Hub |
The following permissions have been added to the Risk Manager Service Agent role (
|
| Cloud Run |
The following permissions have been added to the Cloud Run Source Developer role (
|
| SaaS Service Management |
The SaaS Service Management Service Agent role ( |
| Security Command Center |
The following permissions have been added to the Security Center Admin role (
|
| Security Command Center |
The following permissions have been added to the Security Center Admin Editor role (
|
| Security Command Center |
The following permissions have been added to the Security Center Admin Viewer role (
|
| Security Command Center |
The following permissions have been added to the Security Center Assets Viewer role (
|
| Security Command Center |
The following permissions have been added to the Security Center Settings Viewer role (
|
| Security Center Management API |
The following permissions have been added to the Security Center Management Settings Viewer role (
|
| Security Center Management API |
The following permissions have been added to the Security Center Management Viewer role (
|
| BigQuery |
The following permissions have been added:
|
| BigQuery |
The following permissions are supported in custom roles:
|
| BigQuery |
The following permissions have reached General Availability (GA):
|
| Bigtable |
The following permissions have been added:
|
| Bigtable |
The following permissions have reached General Availability (GA):
|
| Google Security Operations |
The following permissions have been added:
|
| Google Security Operations |
The following permissions are supported in custom roles:
|
| Gemini for Google Cloud API |
The following permissions have been added:
|
| Gemini for Google Cloud API |
The following permissions are supported in custom roles:
|
| Cloud Build |
The following permissions have been added:
|
| Cloud Build |
The following permissions have reached General Availability (GA):
|
| Database Insights |
The following permissions have been added:
|
| Database Insights |
The following permissions are supported in custom roles:
|
| SaaS Service Management |
The following permissions have been added:
|
| SaaS Service Management |
The following permissions are supported in custom roles:
|
| Security Command Center |
The following permissions have been added:
|
| Security Command Center |
The following permissions are supported in custom roles:
|
| Spanner |
The following permissions have been added:
|
| Spanner |
The following permissions are supported in custom roles:
|
| Spanner |
The following permissions have reached General Availability (GA):
|
| Transcoder API |
The following permissions have been added:
|
| Transcoder API |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2025-03-21
| Service | Description |
|---|---|
| API Hub |
The following permissions have been added to the Cloud API Hub Admin role (
|
| API Hub |
The following permissions have been added to the Cloud API Hub Editor role (
|
| API Hub |
The following permissions have been added to the Cloud API hub Plugins Admin role (
|
| API Hub |
The following permissions have been added to the Cloud API hub Viewer role (
|
| Google Workspace Marketplace |
The Workspace Marketplace App Configuration Admin role ( |
| BigQuery |
The following permissions have been added to the BigQuery Admin role (
|
| BigQuery |
The following permissions have been added to the BigQuery Data Editor role (
|
| BigQuery |
The following permissions have been added to the BigQuery Data Owner role (
|
| BigQuery |
The following permissions have been added to the BigQuery Studio Admin role (
|
| BigQuery |
The following permissions have been added to the BigQuery User role (
|
| Google Security Operations |
The following permissions have been added to the Chronicle API Restricted Data Access Viewer role (
|
| Google Security Operations |
The following permissions have been added to the Chronicle Service Agent role (
|
| Google Security Operations |
The following permissions have been added to the Chronicle SOAR Admin role (
|
| Gemini for Google Cloud API |
The following permissions have been added to the Gemini for Google Cloud User role (
|
| Sensitive Data Protection |
The following permissions have been added to the DLP Organization Data Profiles Driver role (
|
| Sensitive Data Protection |
The following permissions have been added to the DLP Project Data Profiles Driver role (
|
| Basic Role |
The following permissions have been added to the Editor role (
|
| Firebase |
The following permissions have been added to the Firebase Service Management Service Agent role (
|
| Firebase Data Connect |
The following permissions have been added to the Firebase Data Connect Service Agent role (
|
| Identity and Access Management |
The following permissions have been added to the Security Admin role (
|
| Identity and Access Management |
The following permissions have been added to the Security Reviewer role (
|
| Google Cloud Managed Service for Apache Kafka |
The Managed Kafka Admin role ( |
| Google Cloud Managed Service for Apache Kafka |
The Managed Kafka Client role ( |
| Google Cloud Managed Service for Apache Kafka |
The Managed Kafka Cluster Editor role ( |
| Google Cloud Managed Service for Apache Kafka |
The Managed Kafka Consumer Group Editor role ( |
| Google Cloud Managed Service for Apache Kafka |
The Managed Kafka Topic Editor role ( |
| Google Cloud Managed Service for Apache Kafka |
The Managed Kafka Viewer role ( |
| Google Cloud Managed Service for Apache Kafka |
The following permissions have been added to the Managed Kafka Admin role (
|
| Multi-Cluster Service Discovery |
The following permissions have been added to the Multi-Cluster Service Discovery Service Agent role (
|
| Basic Role |
The following permissions have been added to the Owner role (
|
| Security Command Center |
The following permissions have been added to the Security Center Control Service Agent role (
|
| Security Command Center |
The following permissions have been added to the Security Center Service Agent role (
|
| Basic Role |
The following permissions have been added to the Viewer role (
|
| Apigee |
The following permissions have been added:
|
| Apigee |
The following permissions are supported in custom roles:
|
| Apigee |
The following permissions have reached General Availability (GA):
|
| API Hub |
The following permissions have been added:
|
| Gemini for Google Cloud API |
The following permissions have been added:
|
| Gemini for Google Cloud API |
The following permissions are supported in custom roles:
|
| Cloud Asset Inventory |
The following permissions have been added:
|
| Cloud Asset Inventory |
The following permissions are supported in custom roles:
|
| Cloud SQL |
The following permissions have been added:
|
| Cloud SQL |
The following permissions have reached General Availability (GA):
|
| Discovery Engine |
The following permissions have been added:
|
| Discovery Engine |
The following permissions are supported in custom roles:
|
| Discovery Engine |
The following permissions have reached General Availability (GA):
|
| Maintenance API |
The following permissions have been added:
|
| Maintenance API |
The following permissions are supported in custom roles:
|
| Google Cloud Managed Service for Apache Kafka |
The following permissions have been added:
|
| Google Cloud Managed Service for Apache Kafka |
The following permissions are supported in custom roles:
|
| Google Cloud Managed Service for Apache Kafka |
The following permissions have reached General Availability (GA):
|
| Memorystore |
The following permissions have been added:
|
| Memorystore |
The following permissions are supported in custom roles:
|
| Memorystore |
The following permissions have reached General Availability (GA):
|
| Google Cloud Migration Center |
The following permissions have been added:
|
| Google Cloud Migration Center |
The following permissions are supported in custom roles:
|
| Cloud Storage |
The following permissions have been added:
|
| Cloud Storage |
The following permissions have reached General Availability (GA):
|
| Google Workspace Marketplace |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2025-03-15
| Service | Description |
|---|---|
| Audit Manager |
The following permissions have been added to the Audit Manager Auditing Service Agent role (
|
| Cloud Composer |
The following permissions have been added to the Composer Administrator role (
|
| Cloud Composer |
The following permissions have been added to the Environment and Storage Object Administrator role (
|
| Compute Engine |
The following permissions have been added to the Compute Admin role (
|
| Compute Engine |
The following permissions have been added to the Compute Instance Admin (beta) role (
|
| Compute Engine |
The following permissions have been added to the Compute Instance Admin (v1) role (
|
| Compute Engine |
The following permissions have been added to the Compute Storage Admin role (
|
| Application Design Center |
The following permissions have been added to the DesignCenter Service Agent role (
|
| Firebase |
The following permissions have been added to the Firebase Admin role (
|
| Firebase |
The following permissions have been added to the Firebase Develop Admin role (
|
| Cloud Logging |
The following permissions have been added to the Private Logs Viewer role (
|
| Notebooks |
The following permissions have been added to the Notebooks Legacy Admin role (
|
| Cloud OS Config |
The OS Config Admin role ( |
| Cloud OS Config |
The OS Config Viewer role ( |
| Memorystore for Redis |
The following permissions have been added to the Cloud Memorystore Redis Admin role (
|
| Cloud Run |
The following permissions have been added to the Cloud Run Service Agent role (
|
| Secret Manager |
The following permissions have been added to the Secret Manager Admin role (
|
| Cloud Run |
The following permissions have been added to the Cloud Run Service Agent role (
|
| Spanner |
The following permissions have been added to the Cloud Spanner Admin role (
|
| Spanner |
The following permissions have been added to the Cloud Spanner Database Admin role (
|
| Cloud Storage |
The following permissions have been added to the Storage Admin role (
|
| Compute Engine |
The following permissions have been added:
|
| Compute Engine |
The following permissions are supported in custom roles:
|
| Database Center |
The following permissions have been added:
|
| Eventarc |
The following permissions have been added:
|
| Network Connectivity Center |
The following permissions have been added:
|
| Network Connectivity Center |
The following permissions are supported in custom roles:
|
| Network Connectivity Center |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2025-03-07
| Service | Description |
|---|---|
| AlloyDB for PostgreSQL |
The following permissions have been added to the Cloud AlloyDB Admin role (
|
| Apigee |
The Apigee Space Console User role ( |
| Apigee |
The Apigee Space Content Editor role ( |
| Apigee |
The Apigee Space Content Viewer role ( |
| Artifact Registry |
The following permissions have been added to the Artifact Registry Administrator role (
|
| Backup and Disaster Recovery |
The following permissions have been added to the Backup and DR Service Agent role (
|
| Bigtable |
The following permissions have been added to the Bigtable Administrator role (
|
| Cloud SQL |
The following permissions have been added to the Cloud SQL Admin role (
|
| Cloud Composer |
The following permissions have been added to the Composer Worker role (
|
| Conversational Insights |
The following permissions have been added to the Contact Center AI Insights editor role (
|
| Conversational Insights |
The following permissions have been added to the Contact Center AI Insights viewer role (
|
| Dialogflow |
The following permissions have been added to the Dialogflow Service Agent role (
|
| Basic Role |
The following permissions have been added to the Editor role (
|
| Identity and Access Management |
The following permissions have been added to the Security Admin role (
|
| Identity and Access Management |
The following permissions have been added to the Security Reviewer role (
|
| Identity Toolkit |
The following permissions have been added to the Identity Platform Service Agent role (
|
| Basic Role |
The following permissions have been added to the Owner role (
|
| Retail API |
The following permissions have been added to the Retail Merchant Approver role (
|
| Retail API |
The following permissions have been added to the Retail Merchant Creator role (
|
| Basic Role |
The following permissions have been added to the Viewer role (
|
| Apigee |
The following permissions have been added:
|
| Apigee |
The following permissions are supported in custom roles:
|
| Apigee |
The following permissions have reached General Availability (GA):
|
| API Hub |
The following permissions have been added:
|
| Conversational Insights |
The following permissions have been added:
|
| Conversational Insights |
The following permissions are supported in custom roles:
|
| Conversational Insights |
The following permissions have reached General Availability (GA):
|
| Database Center |
The following permissions have been added:
|
| Database Center |
The following permissions are supported in custom roles:
|
| Studio Query |
The following permissions have been added:
|
| Studio Query |
The following permissions are supported in custom roles:
|
| Maps Admin |
The following permissions have been added:
|
| Maps Admin |
The following permissions are supported in custom roles:
|
| Maps Admin |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2025-02-28
| Service | Description |
|---|---|
| Apigee |
The following permissions have been added to the Apigee Analytics Editor role (
|
| Apigee |
The following permissions have been added to the Apigee Analytics Viewer role (
|
| Backup and Disaster Recovery |
The following permissions have been added to the Backup and DR Compute Engine Operator role (
|
| Backup and Disaster Recovery |
The following permissions have been added to the Backup and DR Service Agent role (
|
| Dataproc Resource Manager |
The following permissions have been added to the Dataproc Resource Manager Node Service Agent role (
|
| Sensitive Data Protection |
The following permissions have been added to the DLP Organization Data Profiles Driver role (
|
| Sensitive Data Protection |
The following permissions have been added to the DLP Project Data Profiles Driver role (
|
| Certificate Authority Service |
The following permissions have been added to the CA Service Operation Manager role (
|
| Certificate Authority Service |
The following permissions have been removed from the CA Service Certificate Manager role (
|
| Certificate Authority Service |
The following permissions have been removed from the CA Service Certificate Requester role (
|
| Cloud Run |
The following permissions have been added to the Cloud Run Service Agent role (
|
| Telemetry API |
The Cloud Telemetry Metrics Writer role ( |
| Telemetry API |
The Cloud Telemetry Traces Writer role ( |
| Telemetry API |
The Cloud Telemetry Writer role ( |
| API Gateway |
The following permissions have been added:
|
| API Gateway |
The following permissions have reached General Availability (GA):
|
| Certificate Manager |
The following permissions have been added:
|
| Certificate Manager |
The following permissions have reached General Availability (GA):
|
| Gemini for Google Cloud API |
The following permissions have been added:
|
| Gemini for Google Cloud API |
The following permissions are available in custom roles:
|
| Cloud SQL |
The following permissions have been added:
|
| Cloud SQL |
The following permissions are supported in custom roles:
|
| Cloud SQL |
The following permissions have reached General Availability (GA):
|
| Cloud Healthcare API |
The following permissions have been added:
|
| Cloud Healthcare API |
The following permissions are supported in custom roles:
|
| Cloud Healthcare API |
The following permissions have reached General Availability (GA):
|
| Certificate Authority Service |
The following permissions have been added:
|
| Certificate Authority Service |
The following permissions have reached General Availability (GA):
|
| Spanner |
The following permissions have been added:
|
| Spanner |
The following permissions are supported in custom roles:
|
| Spanner |
The following permissions have reached General Availability (GA):
|
| Telemetry API |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2025-02-21
| Service | Description |
|---|---|
| Apigee |
The following permissions have been added to the Apigee Analytics Editor role (
|
| Apigee |
The following permissions have been added to the Apigee Analytics Viewer role (
|
| Backup and Disaster Recovery |
The following permissions have been added to the Backup and DR Compute Engine Operator role (
|
| Backup and Disaster Recovery |
The following permissions have been added to the Backup and DR Service Agent role (
|
| Dataproc Resource Manager |
The following permissions have been added to the Dataproc Resource Manager Node Service Agent role (
|
| Sensitive Data Protection |
The following permissions have been added to the DLP Organization Data Profiles Driver role (
|
| Sensitive Data Protection |
The following permissions have been added to the DLP Project Data Profiles Driver role (
|
| Certificate Authority Service |
The following permissions have been added to the CA Service Operation Manager role (
|
| Certificate Authority Service |
The following permissions have been removed from the CA Service Certificate Manager role (
|
| Certificate Authority Service |
The following permissions have been removed from the CA Service Certificate Requester role (
|
| Cloud Run |
The following permissions have been added to the Cloud Run Service Agent role (
|
| Telemetry API |
The Cloud Telemetry Metrics Writer role ( |
| Telemetry API |
The Cloud Telemetry Traces Writer role ( |
| Telemetry API |
The Cloud Telemetry Writer role ( |
| API Gateway |
The following permissions have been added:
|
| API Gateway |
The following permissions have reached General Availability (GA):
|
| Certificate Manager |
The following permissions have been added:
|
| Certificate Manager |
The following permissions have reached General Availability (GA):
|
| Gemini for Google Cloud API |
The following permissions have been added:
|
| Gemini for Google Cloud API |
The following permissions are available in custom roles:
|
| Cloud SQL |
The following permissions have been added:
|
| Cloud SQL |
The following permissions are supported in custom roles:
|
| Cloud SQL |
The following permissions have reached General Availability (GA):
|
| Cloud Healthcare API |
The following permissions have been added:
|
| Cloud Healthcare API |
The following permissions are supported in custom roles:
|
| Cloud Healthcare API |
The following permissions have reached General Availability (GA):
|
| Certificate Authority Service |
The following permissions have been added:
|
| Certificate Authority Service |
The following permissions have reached General Availability (GA):
|
| Spanner |
The following permissions have been added:
|
| Spanner |
The following permissions are supported in custom roles:
|
| Spanner |
The following permissions have reached General Availability (GA):
|
| Telemetry API |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2025-02-16
| Service | Description |
|---|---|
| Apigee |
The following permissions have been added to the Apigee Analytics Editor role (
|
| Apigee |
The following permissions have been added to the Apigee Analytics Viewer role (
|
| Backup and Disaster Recovery |
The following permissions have been added to the Backup and DR Compute Engine Operator role (
|
| Backup and Disaster Recovery |
The following permissions have been added to the Backup and DR Service Agent role (
|
| Dataproc Resource Manager |
The following permissions have been added to the Dataproc Resource Manager Node Service Agent role (
|
| Sensitive Data Protection |
The following permissions have been added to the DLP Organization Data Profiles Driver role (
|
| Sensitive Data Protection |
The following permissions have been added to the DLP Project Data Profiles Driver role (
|
| Certificate Authority Service |
The following permissions have been added to the CA Service Operation Manager role (
|
| Certificate Authority Service |
The following permissions have been removed from the CA Service Certificate Manager role (
|
| Certificate Authority Service |
The following permissions have been removed from the CA Service Certificate Requester role (
|
| Cloud Run |
The following permissions have been added to the Cloud Run Service Agent role (
|
| Telemetry API |
The Cloud Telemetry Metrics Writer role ( |
| Telemetry API |
The Cloud Telemetry Traces Writer role ( |
| Telemetry API |
The Cloud Telemetry Writer role ( |
| API Gateway |
The following permissions have been added:
|
| API Gateway |
The following permissions have reached General Availability (GA):
|
| Certificate Manager |
The following permissions have been added:
|
| Certificate Manager |
The following permissions have reached General Availability (GA):
|
| Gemini for Google Cloud API |
The following permissions have been added:
|
| Gemini for Google Cloud API |
The following permissions are available in custom roles:
|
| Cloud SQL |
The following permissions have been added:
|
| Cloud SQL |
The following permissions are supported in custom roles:
|
| Cloud SQL |
The following permissions have reached General Availability (GA):
|
| Cloud Healthcare API |
The following permissions have been added:
|
| Cloud Healthcare API |
The following permissions are supported in custom roles:
|
| Cloud Healthcare API |
The following permissions have reached General Availability (GA):
|
| Certificate Authority Service |
The following permissions have been added:
|
| Certificate Authority Service |
The following permissions have reached General Availability (GA):
|
| Spanner |
The following permissions have been added:
|
| Spanner |
The following permissions are supported in custom roles:
|
| Spanner |
The following permissions have reached General Availability (GA):
|
| Telemetry API |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2025-02-10
| Service | Description |
|---|---|
| Vertex AI |
The following permissions have been added to the Vertex AI Administrator role (
|
| Vertex AI |
The following permissions have been added to the Vertex AI Custom Code Service Agent role (
|
| Vertex AI |
The following permissions have been added to the Vertex AI Feature Store Admin role (
|
| Vertex AI |
The following permissions have been added to the Vertex AI Service Agent role (
|
| Vertex AI |
The following permissions have been added to the Vertex AI User role (
|
| Cloud Service Mesh |
The following permissions have been added to the Anthos Service Mesh Service Agent role (
|
| Apigee |
The following permissions have been added to the Apigee Runtime Agent role (
|
| App Engine |
The following permissions have been added to the App Engine Admin role (
|
| App Engine |
The following permissions have been added to the App Engine Viewer role (
|
| App Engine |
The following permissions have been added to the App Engine Code Viewer role (
|
| App Engine |
The following permissions have been added to the App Engine Deployer role (
|
| App Engine |
The following permissions have been added to the App Engine Service Admin role (
|
| App Engine |
The following permissions have been added to the App Engine Standard Environment Service Agent role (
|
| App Engine flexible environment |
The following permissions have been added to the App Engine flexible environment Service Agent role (
|
| Audit Manager |
The following permissions have been added to the Audit Manager Auditing Service Agent role (
|
| Backup and Disaster Recovery |
The Backup and DR Backup Config Viewer role (
|
| Backup and Disaster Recovery |
The Backup and DR Management Server Accessor role ( |
| Batch |
The following permissions have been added to the Google Batch Service Agent role (
|
| BigQuery |
The following permissions have been added to the BigQuery Studio Admin role (
|
| BigQuery |
The following permissions have been added to the BigQuery Studio User role (
|
| Gemini for Google Cloud API |
The Settings Admin role (
|
| Gemini for Google Cloud API |
The Settings User role (
|
| Gemini for Google Cloud API |
The following permissions have been added to the Gemini for Google Cloud Service Agent role (
|
| Gemini for Google Cloud API |
The following permissions have been added to the Gemini for Google Cloud User role (
|
| Cloud Deploy |
The following permissions have been added to the Cloud Deploy Admin role (
|
| Cloud Deploy |
The following permissions have been added to the Cloud Deploy Operator role (
|
| Cloud Deploy |
The following permissions have been added to the Cloud Deploy Policy Admin role (
|
| Cloud Deploy |
The following permissions have been added to the Cloud Deploy Viewer role (
|
| Cloud SQL |
The following permissions have been added to the Cloud SQL Admin role (
|
| Cloud SQL |
The following permissions have been added to the Cloud SQL Studio User role (
|
| Cloud TPU |
The following permissions have been added to the Cloud TPU V2 API Service Agent role (
|
| Commerce Org Governance |
The following permissions have been added to the Commerce Organization Governance Admin role (
|
| Commerce Org Governance |
The following permissions have been added to the Governed Marketplace User role (
|
| Commerce Org Governance |
The following permissions have been added to the Commerce Organization Governance Viewer role (
|
| Cloud Composer |
The following permissions have been added to the Cloud Composer API Service Agent role (
|
| Compute Engine |
The Compute Peer Subnet Migration Admin role (
|
| Compute Engine |
The following permissions have been added to the Compute Admin role (
|
| Compute Engine |
The following permissions have been added to the Compute Future Reservation Admin role (
|
| Compute Engine |
The following permissions have been added to the Compute Instance Admin (beta) role (
|
| Compute Engine |
The following permissions have been added to the Compute Instance Admin (v1) role (
|
| Connectors |
The following permissions have been added to the Connectors Platform Service Agent role (
|
| Conversational Insights |
The following permissions have been added to the Contact Center AI Insights editor role (
|
| Conversational Insights |
The following permissions have been added to the Contact Center AI Insights Service Agent role (
|
| Conversational Insights |
The following permissions have been added to the Contact Center AI Insights viewer role (
|
| Google Kubernetes Engine |
The Kubernetes Engine Default Node Service Agent role (
|
| Google Kubernetes Engine |
The following permissions have been added to the Kubernetes Engine KMS Crypto Key User role (
|
| Google Kubernetes Engine |
The following permissions have been added to the Kubernetes Engine Service Agent role (
|
| Dataflow |
The following permissions have been added to the Cloud Dataflow Service Agent role (
|
| Cloud Data Fusion |
The following permissions have been added to the Cloud Data Fusion API Service Agent role (
|
| Database Migration Service |
The following permissions have been added to the Database Migration Admin role (
|
| Dataplex Universal Catalog |
The Dataplex Encryption Admin role ( |
| Dataplex Universal Catalog |
The Dataplex Entry Group Importer role ( |
| Dataplex Universal Catalog |
The Dataplex Metadata Job Owner role ( |
| Dataplex Universal Catalog |
The Dataplex Metadata Job Viewer role ( |
| Dataplex Universal Catalog |
The following permissions have been added to the Dataplex Aspect Type Owner role (
|
| Dataplex Universal Catalog |
The following permissions have been added to the Dataplex Catalog Admin role (
|
| Dataplex Universal Catalog |
The following permissions have been added to the Dataplex Catalog Editor role (
|
| Dataplex Universal Catalog |
The following permissions have been added to the Dataplex Encryption Admin role (
|
| Dataplex Universal Catalog |
The following permissions have been added to the Dataplex Entry Group Owner role (
|
| Dataplex Universal Catalog |
The following permissions have been added to the Dataplex Entry Type Owner role (
|
| Dataproc |
The Dataproc Serverless Node. role (
|
| Dataproc |
The Dataproc serverless session user permissions role ( |
| Dataproc |
The Dataproc serverless session view permissions role ( |
| Dataproc |
The following permissions have been added to the Dataproc Hub Agent role (
|
| Dataproc |
The following permissions have been added to the Dataproc Service Agent role (
|
| Dataproc |
The following permissions have been removed from the Dataproc Service Agent role (
|
| Datastream |
The following permissions have been added to the Datastream Service Agent role (
|
| Application Design Center |
The following permissions have been added to the DesignCenter Service Agent role (
|
| Developer Connect |
The Developer Connect OAuth Admin role (
|
| Developer Connect |
The Developer Connect OAuth User role (
|
| Dialogflow |
The following permissions have been added to the Dialogflow Service Agent role (
|
| Discovery Engine |
The Cloud NotebookLM Notebook Editor role (
|
| Discovery Engine |
The Cloud NotebookLM Admin role (
|
| Discovery Engine |
The Cloud NotebookLM User role (
|
| Discovery Engine |
The Cloud NotebookLM Notebook Owner role (
|
| Discovery Engine |
The Cloud NotebookLM Notebook Viewer role (
|
| Discovery Engine |
The following permissions have been added to the Discovery Engine User role (
|
| Sensitive Data Protection |
The following permissions have been added to the DLP Organization Data Profiles Driver role (
|
| Sensitive Data Protection |
The following permissions have been added to the DLP Project Data Profiles Driver role (
|
| Sensitive Data Protection |
The following permissions have been added to the DLP API Service Agent role (
|
| Basic Role |
The following permissions have been added to the Editor role (
|
| Firebase |
The following permissions have been added to the Firebase Develop Viewer role (
|
| Firebase |
The following permissions have been added to the Firebase Service Management Service Agent role (
|
| Firebase |
The following permissions have been added to the Firebase Viewer role (
|
| Firebase App Hosting |
The following permissions have been added to the Firebase App Hosting Service Agent role (
|
| Firebase Crashlytics |
The Firebase Crashlytics Service Agent role ( |
| Cloud Life Sciences |
The following permissions have been added to the Genomics Service Agent role (
|
| Identity and Access Management |
The IAM OAuth Client Admin role ( |
| Identity and Access Management |
The IAM OAuth Client Viewer role ( |
| Identity and Access Management |
The following permissions have been added to the Security Admin role (
|
| Identity and Access Management |
The following permissions have been added to the Security Reviewer role (
|
| Cloud Life Sciences |
The following permissions have been added to the Cloud Life Sciences Service Agent role (
|
| Cloud Logging |
The following permissions have been added to the Logs Viewer role (
|
| Google Cloud Managed Service for Apache Kafka |
The following permissions have been added to the Managed Kafka Admin role (
|
| Google Cloud Managed Service for Apache Kafka |
The following permissions have been added to the Managed Kafka Client role (
|
| Google Cloud Managed Service for Apache Kafka |
The following permissions have been added to the Managed Kafka Cluster Editor role (
|
| Google Cloud Managed Service for Apache Kafka |
The following permissions have been added to the Managed Kafka Consumer Group Editor role (
|
| Google Cloud Managed Service for Apache Kafka |
The following permissions have been added to the Managed Kafka Service Agent role (
|
| Google Cloud Managed Service for Apache Kafka |
The following permissions have been added to the Managed Kafka Topic Editor role (
|
| Google Cloud Managed Service for Apache Kafka |
The following permissions have been added to the Managed Kafka Viewer role (
|
| Memorystore |
The Memorystore Admin role ( |
| Memorystore |
The Memorystore DB Connector User role ( |
| Memorystore |
The Memorystore Viewer role ( |
| Memorystore |
The following permissions have been added to the Memorystore Admin role (
|
| Model Armor |
The Model Armor Callout User role (
|
| Model Armor |
The Model Armor Floor Setting Admin role (
|
| Model Armor |
The Model Armor Floor Setting Viewer role (
|
| Model Armor |
The Model Armor Service Agent role (
|
| Model Armor |
The Model Armor Admin role ( |
| Model Armor |
The Model Armor User role ( |
| Model Armor |
The Model Armor Viewer role ( |
| Multi-Cluster Ingress |
The following permissions have been added to the Multi Cluster Ingress Service Agent role (
|
| Google Cloud NetApp Volumes |
The following permissions have been added to the Google Cloud NetApp Volumes Admin role (
|
| Google Cloud NetApp Volumes |
The following permissions have been added to the Google Cloud NetApp Volumes Viewer role (
|
| Network Connectivity Center |
The following permissions have been added to the Network Connectivity Service Agent role (
|
| Network Security |
The Security Profile Admin role (
|
| Notebooks |
The following permissions have been added to the Notebooks Legacy Admin role (
|
| Notebooks |
The following permissions have been added to the AI Platform Notebooks Service Agent role (
|
| OAuthConfig |
The following permissions have been added to the OAuth Config Editor role (
|
| OAuthConfig |
The following permissions have been added to the OAuth Config Viewer role (
|
| Oracle Database@Google Cloud |
The following permissions have been removed from the Oracle Database@Google Cloud Autonomous Database Viewer role (
|
| Oracle Database@Google Cloud |
The following permissions have been removed from the Oracle Database@Google Cloud viewer role (
|
| Organization Policy Service |
The following permissions have been added to the Organization Policy Administrator role (
|
| Cloud OS Config |
The Cloud OS Config Rollout Service Agent role ( |
| Basic Role |
The following permissions have been added to the Owner role (
|
| Recommender |
The Firestore Database Reliability Recommender Admin role ( |
| Recommender |
The Firestore Database Reliability Recommender Viewer role ( |
| Retail API |
The Retail Merchant Approver role (
|
| Retail API |
The Retail Merchant Creator role (
|
| Cloud Run |
The following permissions have been added to the Cloud Run Source Developer role (
|
| Security Command Center |
The following permissions have been added to the Security Center Attack Paths Reader role (
|
| Security Command Center |
The following permissions have been added to the Security Center Control Service Agent role (
|
| Security Command Center |
The following permissions have been added to the Security Center Service Agent role (
|
| Personalized Service Health |
The following permissions have been added to the Personalized Service Health Viewer role (
|
| Telco Automation API |
The following permissions have been added to the Telco Automation Admin role (
|
| Telco Automation API |
The following permissions have been added to the Telco Automation Tier 1 Operations Admin role (
|
| Telco Automation API |
The following permissions have been added to the Telco Automation Tier 4 Operations Admin role (
|
| Basic Role |
The following permissions have been added to the Viewer role (
|
| Basic Role |
The following permissions have been removed from the Viewer role (
|
| Visual Inspection AI |
The following permissions have been added to the Visual Inspection AI Service Agent role (
|
| Workflows |
The following permissions have been added to the Cloud Workflows Service Agent role (
|
| Cloud Workstations |
The Cloud Workstations Policy Admin role ( |
| Cloud Workstations |
The Cloud Workstations Limit Exempted Creator role ( |
| Vertex AI |
The following permissions have been added:
|
| Vertex AI |
The following permissions have reached General Availability (GA):
|
| API Keys |
The following permissions are supported in custom roles:
|
| Audit Manager |
The following permissions have been added:
|
| Audit Manager |
The following permissions are supported in custom roles:
|
| Backup and Disaster Recovery |
The following permissions have been added:
|
| Backup and Disaster Recovery |
The following permissions are supported in custom roles:
|
| BigQuery |
The following permissions have been added:
|
| BigQuery |
The following permissions are supported in custom roles:
|
| BigQuery Migration API |
The following permissions have been added:
|
| BigQuery Reservation API |
The following permissions have been added:
|
| BigQuery Reservation API |
The following permissions are supported in custom roles:
|
| Cloud Billing |
The following permissions have been added:
|
| Cloud Billing |
The following permissions are supported in custom roles:
|
| Cloud Billing |
The following permissions have reached General Availability (GA):
|
| Google Security Operations |
The following permissions have been added:
|
| Google Security Operations |
The following permissions are supported in custom roles:
|
| Gemini for Google Cloud API |
The following permissions have been added:
|
| Cloud Deploy |
The following permissions have been added:
|
| Cloud SQL |
The following permissions have been added:
|
| Cloud SQL |
The following permissions have reached General Availability (GA):
|
| Compute Engine |
The following permissions have been added:
|
| Compute Engine |
The following permissions are supported in custom roles:
|
| Compute Engine |
The following permissions have reached General Availability (GA):
|
| Conversational Insights |
The following permissions have been added:
|
| Dataform |
The following permissions have been added:
|
| Dataform |
The following permissions are supported in custom roles:
|
| Cloud Data Fusion |
The following permissions have been added:
|
| Cloud Data Fusion |
The following permissions are supported in custom roles:
|
| Database Migration Service |
The following permissions have been added:
|
| Dataplex Universal Catalog |
The following permissions have reached General Availability (GA):
|
| Application Design Center |
The following permissions have been added:
|
| Application Design Center |
The following permissions are supported in custom roles:
|
| Developer Connect |
The following permissions have been added:
|
| Developer Connect |
The following permissions are supported in custom roles:
|
| Discovery Engine |
The following permissions have reached General Availability (GA):
|
| FleetEngine |
The following permissions have been added:
|
| FleetEngine |
The following permissions have reached General Availability (GA):
|
| GKE Hub |
The following permissions have been added:
|
| GKE Hub |
The following permissions are supported in custom roles:
|
| GKE Hub |
The following permissions have reached General Availability (GA):
|
| Cloud Healthcare API |
The following permissions have been added:
|
| Cloud Healthcare API |
The following permissions are supported in custom roles:
|
| Cloud Healthcare API |
The following permissions have reached General Availability (GA):
|
| Identity and Access Management |
The following permissions are available in custom roles:
|
| Identity and Access Management |
The following permissions have reached General Availability (GA):
|
| Identity and Access Management |
The following permissions have reached General Availability (GA):
|
| Cloud Logging |
The following permissions have been added:
|
| Cloud Logging |
The following permissions are supported in custom roles:
|
| Cloud Logging |
The following permissions have reached General Availability (GA):
|
| Memorystore |
The following permissions are supported in custom roles:
|
| Memorystore |
The following permissions have reached General Availability (GA):
|
| Model Armor |
The following permissions have been added:
|
| Model Armor |
The following permissions are supported in custom roles:
|
| Model Armor |
The following permissions have reached General Availability (GA):
|
| Cloud Monitoring |
The following permissions have been added:
|
| Cloud Monitoring |
The following permissions have reached General Availability (GA):
|
| Google Cloud NetApp Volumes |
The following permissions have been added:
|
| Google Cloud NetApp Volumes |
The following permissions are supported in custom roles:
|
| Network Security |
The following permissions have been added:
|
| Network Security |
The following permissions are supported in custom roles:
|
| Google Cloud Observability |
The following permissions have been added:
|
| Parameter Manager |
The following permissions have been added:
|
| Parameter Manager |
The following permissions are supported in custom roles:
|
| Recommender |
The following permissions have been added:
|
| Recommender |
The following permissions are supported in custom roles:
|
| Recommender |
The following permissions have reached General Availability (GA):
|
| Retail API |
The following permissions have been added:
|
| Retail API |
The following permissions have reached General Availability (GA):
|
| Security Center Management API |
The following permissions have been added:
|
| Security Center Management API |
The following permissions are supported in custom roles:
|
| Security Center Management API |
The following permissions have reached General Availability (GA):
|
| Personalized Service Health |
The following permissions have been added:
|
| Service Usage |
The following permissions are supported in custom roles:
|
| Cloud Storage |
The following permissions have been added:
|
| Cloud Storage |
The following permissions are supported in custom roles:
|
| Telemetry API |
The following permissions have been added:
|
| Telemetry API |
The following permissions are supported in custom roles:
|
| Cloud TPU |
The following permissions have been added:
|
| Cloud TPU |
The following permissions have reached General Availability (GA):
|
| Workflows |
The following permissions have been added:
|
| Workflows |
The following permissions have reached General Availability (GA):
|
| Google Workspace Marketplace |
The following permissions have been added:
|
| Google Workspace Marketplace |
The following permissions are supported in custom roles:
|
| Cloud Workstations |
The following permissions have been added:
|
| Cloud Workstations |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2024-11-12
| Service | Description |
|---|---|
| Vertex AI |
The Vertex AI Online Prediction Service Agent role ( |
| Vertex AI |
The following permissions have been added to the Vertex AI RAG Data Service Agent role (
|
| Google Security Operations |
The following permissions have been added to the Chronicle API Restricted Data Access Viewer role (
|
| Google Security Operations Service Management |
The following permissions have been added to the Chronicle Service Admin role (
|
| Google Security Operations Service Management |
The following permissions have been added to the Chronicle Service Viewer role (
|
| Dialogflow |
The following permissions have been added to the Dialogflow Service Agent role (
|
| Sensitive Data Protection |
The following permissions have been added to the DLP Organization Data Profiles Driver role (
|
| Sensitive Data Protection |
The following permissions have been added to the DLP Project Data Profiles Driver role (
|
| Basic Role |
The following permissions have been added to the Editor role (
|
| Identity and Access Management |
The following permissions have been added to the Deny Admin role (
|
| Identity and Access Management |
The following permissions have been added to the Principal Access Boundary Policy Admin role (
|
| Identity and Access Management |
The following permissions have been added to the Security Admin role (
|
| Identity and Access Management |
The following permissions have been added to the Security Reviewer role (
|
| Cloud License Manager |
The Cloud License Manager Admin role ( |
| Cloud License Manager |
The Cloud License Manager Viewer role ( |
| Google Cloud NetApp Volumes |
The following permissions have been added to the Google Cloud NetApp Volumes Admin role (
|
| Basic Role |
The following permissions have been added to the Owner role (
|
| Policy Analyzer |
The following permissions have been added to the Activity Analysis Viewer role (
|
| Policy Simulator |
The following permissions have been added to the Simulator Admin role (
|
| Cyber Insurance Hub |
The following permissions have been added to the Risk Manager Service Agent role (
|
| Cloud Run |
The Cloud Run Jobs Executor role ( |
| Cloud Run |
The Cloud Run Jobs Executor With Overrides role ( |
| Cloud Run |
The Cloud Run Service Invoker role ( |
| Security Command Center |
The following permissions have been added to the Security Center Admin Editor role (
|
| Security Command Center |
The following permissions have been added to the Security Center Admin Viewer role (
|
| Security Command Center |
The following permissions have been added to the Security Center Settings Viewer role (
|
| Security Center Management API |
The following permissions have been added to the Security Center Management Settings Viewer role (
|
| Security Center Management API |
The following permissions have been added to the Security Center Management Viewer role (
|
| Spanner |
The Cloud Spanner Database Reader with DataBoost role ( |
| Spanner |
The following permissions have been added to the Cloud Spanner Admin role (
|
| Spanner |
The following permissions have been added to the Cloud Spanner Database Admin role (
|
| Spanner |
The following permissions have been added to the Cloud Spanner Database Reader role (
|
| Spanner |
The following permissions have been added to the Cloud Spanner Database User role (
|
| Cloud Storage |
The following permissions have been added to the Storage Legacy Bucket Owner role (
|
| Basic Role |
The following permissions have been added to the Viewer role (
|
| Google Security Operations |
The following permissions have been added:
|
| Google Security Operations |
The following permissions are supported in custom roles:
|
| Google Security Operations Service Management |
The following permissions have been added:
|
| Gemini for Google Cloud API |
The following permissions have been added:
|
| Gemini for Google Cloud API |
The following permissions are supported in custom roles:
|
| Compute Engine |
The following permissions have been added:
|
| Compute Engine |
The following permissions are supported in custom roles:
|
| Compute Engine |
The following permissions have reached General Availability (GA):
|
| Dataplex Universal Catalog |
The following permissions have been added:
|
| Dataplex Universal Catalog |
The following permissions are supported in custom roles:
|
| Discovery Engine |
The following permissions have been added:
|
| Discovery Engine |
The following permissions are supported in custom roles:
|
| Cloud License Manager |
The following permissions have been added:
|
| Cloud License Manager |
The following permissions are supported in custom roles:
|
| Cloud License Manager |
The following permissions have reached General Availability (GA):
|
| Google Cloud NetApp Volumes |
The following permissions have been added:
|
| Google Cloud NetApp Volumes |
The following permissions are supported in custom roles:
|
| Payments Reseller Subscription |
The following permissions have been added:
|
| Payments Reseller Subscription |
The following permissions are supported in custom roles:
|
| Policy Analyzer |
The following permissions have been added:
|
| Policy Simulator |
The following permissions have been added:
|
| Memorystore for Redis |
The following permissions have been added:
|
| Memorystore for Redis |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2024-11-01
| Service | Description |
|---|---|
| Artifact Registry |
The Container Registry -> Artifact Registry Migration Admin role ( |
| Audit Manager |
The following permissions have been added to the Audit Manager Auditing Service Agent role (
|
| Dataplex Universal Catalog |
The Dataplex Discovery BigLake Publishing Service Agent role ( |
| Dataplex Universal Catalog |
The Dataplex Discovery Publishing Service Agent role ( |
| Dataplex Universal Catalog |
The Dataplex Discovery Service Agent role ( |
| Application Design Center |
The DesignCenter Service Agent role ( |
| Parallelstore |
The Parallelstore Admin role ( |
| Parallelstore |
The Parallelstore Viewer role ( |
| Compute Engine |
The following permissions have been added:
|
| Compute Engine |
The following permissions are supported in custom roles:
|
| Network Services |
The following permissions have been added:
|
| Network Services |
The following permissions are supported in custom roles:
|
| Cloud OS Config |
The following permissions have been added:
|
| Cloud OS Config |
The following permissions are supported in custom roles:
|
| Parallelstore |
The following permissions have been added:
|
| Parallelstore |
The following permissions are supported in custom roles:
|
| Parallelstore |
The following permissions have reached General Availability (GA):
|
| Secure Source Manager |
The following permissions have been added:
|
| Secure Source Manager |
The following permissions are supported in custom roles:
|
IAM changes as of 2024-10-25
| Service | Description |
|---|---|
| Anthos Support |
The following permissions have been added to the Anthos Support Service Agent role (
|
| Batch |
The following permissions have been added to the Google Batch Service Agent role (
|
| Cloud TPU |
The following permissions have been added to the Cloud TPU V2 API Service Agent role (
|
| Cloud Composer |
The following permissions have been added to the Cloud Composer API Service Agent role (
|
| Compute Engine |
The following permissions have been added to the Compute Admin role (
|
| Compute Engine |
The following permissions have been added to the Compute Instance Admin (beta) role (
|
| Compute Engine |
The following permissions have been added to the Compute Instance Admin (v1) role (
|
| Google Kubernetes Engine |
The following permissions have been added to the Kubernetes Engine Service Agent role (
|
| Dataflow |
The following permissions have been added to the Cloud Dataflow Service Agent role (
|
| Database Migration Service |
The following permissions have been added to the Database Migration Service Agent role (
|
| Dataproc |
The following permissions have been added to the Dataproc Service Agent role (
|
| Data Security Posture Management |
The following permissions have been added to the DSPM Service Agent role (
|
| Cloud Life Sciences |
The following permissions have been added to the Genomics Service Agent role (
|
| Cloud Life Sciences |
The following permissions have been added to the Cloud Life Sciences Service Agent role (
|
| Notebooks |
The following permissions have been added to the Notebooks Legacy Admin role (
|
| Notebooks |
The following permissions have been added to the AI Platform Notebooks Service Agent role (
|
| Conversational Insights |
The following permissions have been added:
|
| Conversational Insights |
The following permissions are supported in custom roles:
|
| Conversational Insights |
The following permissions have reached General Availability (GA):
|
| Network Connectivity Center |
The following permissions have been added:
|
| Network Connectivity Center |
The following permissions are supported in custom roles:
|
| Network Connectivity Center |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2024-10-18
| Service | Description |
|---|---|
| Backup and Disaster Recovery |
The following permissions have been added to the Backup and DR Compute Engine Operator role (
|
| BigQuery Data Policy |
The BigQuery Data Policy Admin role ( |
| BigQuery Data Policy |
The BigQuery Data Policy Viewer role ( |
| Database Migration Service |
The following permissions have been added to the Database Migration Service Agent role (
|
| Dataplex Universal Catalog |
The following permissions have been added to the Dataplex Aspect Type Owner role (
|
| Dataplex Universal Catalog |
The following permissions have been added to the Dataplex Aspect Type User role (
|
| Dataplex Universal Catalog |
The following permissions have been added to the Dataplex Catalog Admin role (
|
| Dataplex Universal Catalog |
The following permissions have been added to the Dataplex Catalog Editor role (
|
| Dataplex Universal Catalog |
The following permissions have been added to the Dataplex Catalog Viewer role (
|
| Dataplex Universal Catalog |
The following permissions have been added to the Dataplex Entry Group Owner role (
|
| Dataplex Universal Catalog |
The following permissions have been added to the Dataplex Entry Owner role (
|
| Dataplex Universal Catalog |
The following permissions have been added to the Dataplex Entry Type Owner role (
|
| Dataplex Universal Catalog |
The following permissions have been added to the Dataplex Entry Type User role (
|
| FleetEngine |
The following permissions have been added to the FleetEngine Service Agent role (
|
| Service Usage |
The following permissions have been added to the API Keys Admin role (
|
| Audit Manager |
The following permissions have been added:
|
| Audit Manager |
The following permissions are supported in custom roles:
|
| Blockchain Validator Manager |
The following permissions have been added:
|
| Blockchain Validator Manager |
The following permissions are supported in custom roles:
|
| Compute Engine |
The following permissions have been added:
|
| Database Migration Service |
The following permissions have been added:
|
| Database Migration Service |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2024-10-11
| Service | Description |
|---|---|
| Backup and Disaster Recovery |
The Backup and DR Backup Vault Accessor role ( |
| Backup and Disaster Recovery |
The Backup and DR Backup Vault Admin role ( |
| Backup and Disaster Recovery |
The Backup and DR Backup Vault Lister role ( |
| Backup and Disaster Recovery |
The Backup and DR Backup Vault Viewer role ( |
| Google Security Operations |
The following permissions have been added to the Chronicle SOAR Service Agent role (
|
| Cloud Controls Partner API |
The Cloud Controls Partner Support Case Service Agent role ( |
| Cloud Composer |
The following permissions have been added to the Cloud Composer API Service Agent role (
|
| Google Kubernetes Engine |
The Kubernetes Engine KMS Crypto Key User role ( |
| Dataflow |
The following permissions have been added to the Cloud Dataflow Service Agent role (
|
| Dataproc Resource Manager |
The Dataproc Resource Manager Node Service Agent role ( |
| Eventarc |
The following permissions have been added to the Eventarc Service Agent role (
|
| Oracle Database@Google Cloud service agent |
The Oracle Database@Google Cloud Service Agent role ( |
| Oracle Database@Google Cloud |
The following permissions have been added to the Oracle Database@Google Cloud VM Cluster Admin role (
|
| Backup and Disaster Recovery |
The following permissions have reached General Availability (GA):
|
| Cloud Controls Partner API |
The following permissions have been added:
|
| Cloud Controls Partner API |
The following permissions are supported in custom roles:
|
| Eventarc |
The following permissions have been added:
|
| Cloud Integrations |
The following permissions have been added:
|
| Cloud Integrations |
The following permissions have reached General Availability (GA):
|
| Cloud Logging |
The following permissions have been added:
|
| Cloud Logging |
The following permissions are supported in custom roles:
|
| Recommender |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2024-10-04
| Service | Description |
|---|---|
| Cloud Billing |
The following permissions have been added to the Billing Account Administrator role (
|
| Cloud Build |
The following permissions have been added to the Cloud Build Service Agent role (
|
| Dialogflow |
The following permissions have been added to the Dialogflow Service Agent role (
|
| Sensitive Data Protection |
The following permissions have been added to the DLP Organization Data Profiles Driver role (
|
| Sensitive Data Protection |
The following permissions have been added to the DLP Project Data Profiles Driver role (
|
| Spanner |
The following permissions have been added to the Cloud Spanner Backup Admin role (
|
| Spanner |
The following permissions have been added to the Cloud Spanner Backup Writer role (
|
| Vertex AI |
The following permissions have been added:
|
| BigQuery Migration API |
The following permissions have been added:
|
| BigQuery Migration API |
The following permissions have reached General Availability (GA):
|
| Cloud SQL |
The following permissions have been added:
|
| Cloud SQL |
The following permissions are supported in custom roles:
|
| Cloud SQL |
The following permissions have reached General Availability (GA):
|
| Cloud Trace |
The following permissions have been added:
|
| Cloud Trace |
The following permissions are supported in custom roles:
|
| Cloud Logging |
The following permissions have been added:
|
| Cloud Logging |
The following permissions are supported in custom roles:
|
| Cloud Logging |
The following permissions have reached General Availability (GA):
|
| Network Security |
The following permissions have been added:
|
| Network Security |
The following permissions are supported in custom roles:
|
| Cloud Storage |
The following permissions have been added:
|
| Cloud Storage |
The following permissions have reached General Availability (GA):
|
| Google Cloud VMware Engine |
The following permissions have been added:
|
| Google Cloud VMware Engine |
The following permissions are supported in custom roles:
|
| Google Cloud VMware Engine |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2024-09-27
| Service | Description |
|---|---|
| Vertex AI |
The following permissions have been added to the Vertex AI RAG Data Service Agent role (
|
| Vertex AI |
The following permissions have been added to the Vertex AI Service Agent role (
|
| Cloud Key Management Service |
The Cloud KMS Autokey Admin role ( |
| Cloud Key Management Service |
The Cloud KMS Autokey User role ( |
| Cloud Commerce Consumer Procurement |
The Consumer Procurement License Pool Editor role (
|
| Cloud Commerce Consumer Procurement |
The Consumer Procurement License Pool Viewer role (
|
| Cloud Commerce Consumer Procurement |
The following permissions have been added to the Consumer Procurement Order Viewer role (
|
| Cloud Commerce Consumer Procurement |
The following permissions have been added to the Consumer Procurement Viewer role (
|
| Conversational Insights |
The following permissions have been added to the Contact Center AI Insights editor role (
|
| Database Migration Service |
The following permissions have been added to the Database Migration Service Agent role (
|
| Dialogflow |
The following permissions have been added to the Dialogflow Service Agent role (
|
| Oracle Database@Google Cloud |
The Oracle Database@Google Cloud admin role ( |
| Oracle Database@Google Cloud |
The Oracle Database@Google Cloud Autonomous Database Admin role ( |
| Oracle Database@Google Cloud |
The Oracle Database@Google Cloud Autonomous Database Viewer role ( |
| Oracle Database@Google Cloud |
The Oracle Database@Google Cloud Exadata Infrastructure Admin role ( |
| Oracle Database@Google Cloud |
The Oracle Database@Google Cloud Exadata Infrastructure Viewer role ( |
| Oracle Database@Google Cloud |
The Oracle Database@Google Cloud VM Cluster Admin role ( |
| Oracle Database@Google Cloud |
The Oracle Database@Google Cloud VM Cluster Viewer role ( |
| Oracle Database@Google Cloud |
The Oracle Database@Google Cloud viewer role ( |
| Apigee |
The following permissions have been added:
|
| Apigee |
The following permissions are supported in custom roles:
|
| Apigee |
The following permissions have reached General Availability (GA):
|
| Artifact Registry |
The following permissions have been added:
|
| Artifact Registry |
The following permissions have reached General Availability (GA):
|
| Backup and Disaster Recovery |
The following permissions have been added:
|
| Cloud Key Management Service |
The following permissions have reached General Availability (GA):
|
| Compute Engine |
The following permissions have been added:
|
| Compute Engine |
The following permissions have reached General Availability (GA):
|
| Connectors |
The following permissions have been added:
|
| Connectors |
The following permissions are supported in custom roles:
|
| Connectors |
The following permissions have reached General Availability (GA):
|
| Cloud Commerce Consumer Procurement |
The following permissions have been added:
|
| Cloud Commerce Consumer Procurement |
The following permissions are supported in custom roles:
|
| Cloud Commerce Consumer Procurement |
The following permissions have reached General Availability (GA):
|
| Conversational Insights |
The following permissions have been added:
|
| Dataplex Universal Catalog |
The following permissions have been added:
|
| Dataplex Universal Catalog |
The following permissions are supported in custom roles:
|
| Dataproc |
The following permissions have been added:
|
| Dataproc |
The following permissions are supported in custom roles:
|
| Dataproc |
The following permissions have reached General Availability (GA):
|
| Google Cloud NetApp Volumes |
The following permissions have been added:
|
| Google Cloud NetApp Volumes |
The following permissions are supported in custom roles:
|
| Google Cloud Observability |
The following permissions are supported in custom roles:
|
| Oracle Database@Google Cloud |
The following permissions have been added:
|
| Oracle Database@Google Cloud |
The following permissions are supported in custom roles:
|
| Oracle Database@Google Cloud |
The following permissions have reached General Availability (GA):
|
| Recommender |
The following permissions have been added:
|
| Recommender |
The following permissions are supported in custom roles:
|
| Cloud Storage |
The following permissions have been added:
|
| Cloud Storage |
The following permissions are supported in custom roles:
|
IAM changes as of 2024-09-20
| Service | Description |
|---|---|
| Vertex AI |
The Vertex AI Batch Prediction Service Agent role ( |
| Google Security Operations |
The following permissions have been added to the Chronicle API Admin role (
|
| Google Security Operations |
The following permissions have been added to the Chronicle API Editor role (
|
| Google Security Operations |
The following permissions have been added to the Chronicle API Viewer role (
|
| Cloud SQL |
The Cloud SQL Studio User role ( |
| Cloud Trace |
The following permissions have been added to the Cloud Trace Admin role (
|
| Cloud Trace |
The following permissions have been added to the Cloud Trace User role (
|
| Firebase |
The following permissions have been added to the Firebase Develop Viewer role (
|
| Firebase |
The following permissions have been added to the Firebase Grow Admin role (
|
| Firebase |
The following permissions have been added to the Firebase Grow Viewer role (
|
| Firebase |
The following permissions have been added to the Firebase Quality Admin role (
|
| Firebase |
The following permissions have been added to the Firebase Quality Viewer role (
|
| Firebase |
The following permissions have been added to the Firebase Viewer role (
|
| Dataproc Metastore |
The following permissions have been added to the Dataproc Metastore Service Agent role (
|
| Artifact Registry |
The following permissions have been added:
|
| Artifact Registry |
The following permissions have reached General Availability (GA):
|
| Assured Workloads |
The following permissions have been added:
|
| Assured Workloads |
The following permissions have reached General Availability (GA):
|
| BigQuery |
The following permissions are supported in custom roles:
|
| Google Security Operations |
The following permissions have been added:
|
| Google Security Operations |
The following permissions are supported in custom roles:
|
| Google Security Operations Service Management |
The following permissions have been added:
|
| Google Security Operations Service Management |
The following permissions have reached General Availability (GA):
|
| Cloud SQL |
The following permissions have been added:
|
| Cloud SQL |
The following permissions are supported in custom roles:
|
| Cloud SQL |
The following permissions have reached General Availability (GA):
|
| Conversational Insights |
The following permissions have been added:
|
| Conversational Insights |
The following permissions are supported in custom roles:
|
| Security Command Center |
The following permissions have been added:
|
| Security Command Center |
The following permissions are supported in custom roles:
|
| Security Command Center |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2024-09-13
| Service | Description |
|---|---|
| Apigee |
The Apigee Deployment Invoker role ( |
| Cloud Key Management Service |
The following permissions have been added to the Cloud KMS Autokey User role (
|
| Data Catalog |
The following permissions have been added to the DataCatalog Glossary Owner role (
|
| Data Catalog |
The following permissions have been added to the DataCatalog Glossary User role (
|
| Dialogflow |
The following permissions have been added to the Dialogflow Service Agent role (
|
| Google Cloud Managed Service for Apache Kafka |
The following permissions have been added to the Managed Kafka Service Agent role (
|
| Cloud Run |
The following permissions have been removed from the Cloud Run Service Agent role (
|
| SecLM |
The following permissions have been added to the SecLM Service Agent role (
|
| SecLM |
The following permissions have been removed from the SecLM Service Agent role (
|
| Cloud Run |
The following permissions have been removed from the Cloud Run Service Agent role (
|
| Apigee |
The following permissions have been added:
|
| Apigee |
The following permissions are supported in custom roles:
|
| Apigee |
The following permissions have reached General Availability (GA):
|
| Compute Engine |
The following permissions have been added:
|
| Compute Engine |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2024-09-06
| Service | Description |
|---|---|
| Vertex AI |
The following permissions have been added to the Vertex AI Tuning Service Agent role (
|
| Compute Engine |
The following permissions have been added to the Compute Load Balancer Services User role (
|
| Discovery Engine |
The following permissions have been added to the Discovery Engine Admin role (
|
| Discovery Engine |
The following permissions have been added to the Discovery Engine Editor role (
|
| Discovery Engine |
The following permissions have been added to the Discovery Engine Viewer role (
|
| Distributed Cloud Edge Container |
The following permissions have been added to the Edge Container Cluster Service Agent role (
|
| Cloud Run |
The following permissions have been added to the Cloud Run Service Agent role (
|
| SecLM |
The following permissions have been added to the SecLM Service Agent role (
|
| Cloud Run |
The following permissions have been added to the Cloud Run Service Agent role (
|
| Basic Role |
The following permissions have been added to the Viewer role (
|
| Compute Engine |
The following permissions are supported in custom roles:
|
| Discovery Engine |
The following permissions have been added:
|
| Discovery Engine |
The following permissions are supported in custom roles:
|
| Google Cloud NetApp Volumes |
The following permissions have been added:
|
| Google Cloud NetApp Volumes |
The following permissions are supported in custom roles:
|
| Spanner |
The following permissions have been added:
|
| Spanner |
The following permissions are supported in custom roles:
|
| Spanner |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2024-08-30
| Service | Description |
|---|---|
| Firestore |
The Cloud Datastore Bulk Admin role ( |
| Distributed Cloud Edge Container |
The following permissions have been added to the Edge Container Cluster Service Agent role (
|
| Distributed Cloud Edge Container |
The following permissions have been added to the Edge Container Service Agent role (
|
| Identity and Access Management |
The following permissions have been added to the Principal Access Boundary Policy Admin role (
|
| BigQuery Engine for Apache Flink |
The Managed Flink Service Agent role ( |
| Remoting Cloud |
The Remoting Cloud Service Agent role ( |
| BigQuery |
The following permissions have been added:
|
| BigQuery |
The following permissions are supported in custom roles:
|
| Gemini for Google Cloud API |
The following permissions have been added:
|
| Gemini for Google Cloud API |
The following permissions are supported in custom roles:
|
| Firestore |
The following permissions have been added:
|
| Firestore |
The following permissions have reached General Availability (GA):
|
| BigQuery Engine for Apache Flink |
The following permissions have been added:
|
| BigQuery Engine for Apache Flink |
The following permissions are supported in custom roles:
|
| Network Services |
The following permissions have been added:
|
| Network Services |
The following permissions are supported in custom roles:
|
| Secure Source Manager |
The following permissions have been added:
|
| Secure Source Manager |
The following permissions are supported in custom roles:
|
IAM changes as of 2024-08-23
| Service | Description |
|---|---|
| Compute Engine |
The following permissions have been added to the Compute Organization Firewall Policy Admin role (
|
| Cloud Integrations |
The following permissions have been added to the Application Integration Editor role (
|
| Service Networking |
The following permissions have been added to the Service Networking Service Agent role (
|
| VM Migration |
The following permissions have been added to the VM Migration Service Agent role (
|
| Cloud Integrations |
The following permissions have been added:
|
| Cloud Integrations |
The following permissions have reached General Availability (GA):
|
| Google Cloud Migration Center |
The following permissions have been added:
|
| Network Security |
The following permissions have been added:
|
| Network Security |
The following permissions are supported in custom roles:
|
| Recommender |
The following permissions have been added:
|
| Recommender |
The following permissions are supported in custom roles:
|
| Security Command Center |
The following permissions have been added:
|
| Security Command Center |
The following permissions are supported in custom roles:
|
IAM changes as of 2024-08-16
| Service | Description |
|---|---|
| Vertex AI |
The following permissions have been added to the Vertex AI RAG Data Service Agent role (
|
| Vertex AI |
The following permissions have been added to the Vertex AI Tuning Service Agent role (
|
| Backup and Disaster Recovery |
The following permissions have been added to the Backup and DR Compute Engine Operator role (
|
| Backup and Disaster Recovery |
The following permissions have been added to the Backup and DR Service Agent role (
|
| AlloyDB for PostgreSQL |
The following permissions have been added:
|
| AlloyDB for PostgreSQL |
The following permissions are supported in custom roles:
|
| Artifact Registry |
The following permissions have been added:
|
| Artifact Registry |
The following permissions have reached General Availability (GA):
|
| Database Migration Service |
The following permissions have been added:
|
| Database Migration Service |
The following permissions are supported in custom roles:
|
| Database Migration Service |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2024-08-09
| Service | Description |
|---|---|
| Vertex AI |
The following permissions have been added to the Vertex AI Reasoning Engine Service Agent role (
|
| Backup and Disaster Recovery |
The following permissions have been added to the Backup and DR Backup Vault Admin role (
|
| Backup and Disaster Recovery |
The following permissions have been added to the Backup and DR Restore User role (
|
| Backup and Disaster Recovery |
The following permissions have been added to the Backup and DR User V2 role (
|
| Capacity Planner |
The following permissions have been added to the Capacity Planner Usage Viewer role (
|
| Google Kubernetes Engine |
The Kubernetes Engine Default Node Service Account role ( |
| Google Kubernetes Engine |
The following permissions have been added to the Kubernetes Engine Service Agent role (
|
| Discovery Engine |
The following permissions have been added to the Discovery Engine Service Agent role (
|
| Dataproc Metastore |
The following permissions have been added to the Dataproc Metastore Managed Migration Admin role (
|
| Cloud Monitoring |
The following permissions have been added to the Monitoring Service Agent role (
|
| Service Networking |
The following permissions have been removed from the Service Networking Service Agent role (
|
| Cloud Key Management Service |
The following permissions have been added:
|
| Compute Engine |
The following permissions have reached General Availability (GA):
|
| Conversational Insights |
The following permissions have been added:
|
| Conversational Insights |
The following permissions are supported in custom roles:
|
| BigQuery Engine for Apache Flink |
The following permissions have been added:
|
| BigQuery Engine for Apache Flink |
The following permissions are supported in custom roles:
|
| Network Management API |
The following permissions have been added:
|
| Network Management API |
The following permissions are supported in custom roles:
|
| Network Management API |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2024-08-02
| Service | Description |
|---|---|
| Google Security Operations |
The following permissions have been added to the Chronicle SOAR Service Agent role (
|
| Cloud Controls Partner API |
The following permissions have been added to the Cloud Controls Partner Admin role (
|
| Connectors |
The following permissions have been added to the Connectors Platform Service Agent role (
|
| Dataproc |
The following permissions have been added to the Dataproc Worker role (
|
| Data Security Posture Management |
The DSPM Service Agent role ( |
| Backup and Disaster Recovery |
The following permissions have been added:
|
| Backup and Disaster Recovery |
The following permissions are supported in custom roles:
|
| Chrome Enterprise Premium |
The following permissions have been added:
|
| Data Catalog |
The following permissions have been added:
|
| Data Catalog |
The following permissions are supported in custom roles:
|
| Dataform |
The following permissions have been added:
|
| Dataform |
The following permissions are supported in custom roles:
|
| Dataform |
The following permissions have reached General Availability (GA):
|
| Discovery Engine |
The following permissions have been added:
|
| Discovery Engine |
The following permissions are supported in custom roles:
|
| Discovery Engine |
The following permissions have reached General Availability (GA):
|
| Memorystore |
The following permissions have been added:
|
| Memorystore |
The following permissions are supported in custom roles:
|
IAM changes as of 2024-07-26
| Service | Description |
|---|---|
| Vertex AI |
The following permissions have been added to the Vertex AI Extension Service Agent role (
|
| Cloud Service Mesh |
The following permissions have been added to the Anthos Service Mesh Service Agent role (
|
| BigQuery |
The following permissions have been added to the BigQuery Admin role (
|
| BigQuery |
The following permissions have been added to the BigQuery Metadata Viewer role (
|
| BigQuery |
The following permissions have been added to the BigQuery Studio Admin role (
|
| BigQuery |
The following permissions have been added to the BigQuery Studio User role (
|
| BigQuery |
The following permissions have been added to the BigQuery User role (
|
| Google Security Operations |
The following permissions have been added to the Chronicle API Limited Viewer role (
|
| Google Security Operations |
The following permissions have been added to the Chronicle API Restricted Data Access Viewer role (
|
| Cloud Composer |
The following permissions have been added to the Cloud Composer API Service Agent role (
|
| Data Catalog |
The following permissions have been added to the Data Catalog Admin role (
|
| Data Catalog |
The following permissions have been added to the DataCatalog Data Steward role (
|
| Data Catalog |
The following permissions have been added to the DataCatalog EntryGroup Creator role (
|
| Data Catalog |
The following permissions have been added to the DataCatalog EntryGroup Owner role (
|
| Data Catalog |
The following permissions have been added to the DataCatalog Entry Owner role (
|
| Data Catalog |
The following permissions have been added to the DataCatalog Entry Viewer role (
|
| Data Catalog |
The following permissions have been added to the DataCatalog Search Admin role (
|
| Data Catalog |
The following permissions have been added to the Data Catalog TagTemplate Creator role (
|
| Data Catalog |
The following permissions have been added to the Data Catalog TagTemplate Owner role (
|
| Data Catalog |
The following permissions have been added to the Data Catalog TagTemplate User role (
|
| Data Catalog |
The following permissions have been added to the Data Catalog TagTemplate Viewer role (
|
| Data Catalog |
The following permissions have been added to the Data Catalog Viewer role (
|
| Dataflow |
The following permissions have been added to the Cloud Dataflow Service Agent role (
|
| Dataplex Universal Catalog |
The following permissions have been added to the Cloud Dataplex Service Agent role (
|
| Dataprep by Trifacta |
The following permissions have been added to the Dataprep Service Agent role (
|
| Dataproc |
The following permissions have been added to the Dataproc Hub Agent role (
|
| Sensitive Data Protection |
The following permissions have been added to the DLP Organization Data Profiles Driver role (
|
| Sensitive Data Protection |
The following permissions have been added to the DLP Project Data Profiles Driver role (
|
| Sensitive Data Protection |
The following permissions have been added to the DLP API Service Agent role (
|
| Firebase App Hosting |
The Firebase App Hosting Service Agent role ( |
| Cloud Logging |
The following permissions have been added to the Logging Admin role (
|
| Cloud Logging |
The following permissions have been added to the Logs Configuration Writer role (
|
| Cloud Logging |
The following permissions have been added to the Private Logs Viewer role (
|
| Cloud Logging |
The following permissions have been added to the Logs Viewer role (
|
| Memorystore |
The Cloud Memorystore Service Agent role ( |
| Telco Automation API |
The following permissions have been added to the Telco Automation Admin role (
|
| Telco Automation API |
The following permissions have been added to the Telco Automation Tier 1 Operations Admin role (
|
| Telco Automation API |
The following permissions have been added to the Telco Automation Tier 4 Operations Admin role (
|
| Apigee |
The following permissions have been added:
|
| Apigee |
The following permissions are supported in custom roles:
|
| Apigee |
The following permissions have reached General Availability (GA):
|
| Google Security Operations |
The following permissions have been added:
|
| Google Security Operations |
The following permissions are supported in custom roles:
|
| Compute Engine |
The following permissions have been added:
|
| Compute Engine |
The following permissions are supported in custom roles:
|
| Compute Engine |
The following permissions have reached General Availability (GA):
|
| Conversational Insights |
The following permissions have been added:
|
| Conversational Insights |
The following permissions are supported in custom roles:
|
| Dataplex Universal Catalog |
The following permissions have been added:
|
| Dataplex Universal Catalog |
The following permissions are supported in custom roles:
|
| Dataplex Universal Catalog |
The following permissions have reached General Availability (GA):
|
| GDC Hardware Management API |
The following permissions have been added:
|
| GDC Hardware Management API |
The following permissions are supported in custom roles:
|
| Identity and Access Management |
The following permissions have been added:
|
| Identity and Access Management |
The following permissions are supported in custom roles:
|
| Retail API |
The following permissions have been added:
|
| Retail API |
The following permissions have reached General Availability (GA):
|
| Secret Manager |
The following permissions have been added:
|
| Secret Manager |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2024-07-19
| Service | Description |
|---|---|
| Vertex AI |
The following permissions have been added to the Vertex AI RAG Data Service Agent role (
|
| Vertex AI |
The following permissions have been added to the Vertex AI Service Agent role (
|
| Vertex AI |
The following permissions have been added to the Vertex AI Tuning Service Agent role (
|
| Cloud Service Mesh |
The following permissions have been added to the Anthos Service Mesh Service Agent role (
|
| Batch |
The Batch Administrator role ( |
| Batch |
The Batch Agent Reporter role ( |
| Batch |
The Batch Job Editor role ( |
| Batch |
The Batch Job Viewer role ( |
| Batch |
The Batch ResourceAllowance Editor role ( |
| Batch |
The Batch ResourceAllowance Viewer role ( |
| Recommender |
The BigQuery Materialized View Recommender Admin role ( |
| Recommender |
The BigQuery Materialized View Recommender Viewer role ( |
| Spectrum Access System (SAS) |
The following permissions have been added to the Spectrum SAS Service Agent role (
|
| Workload Manager |
The following permissions have been added to the Workload Manager Workload Viewer role (
|
| Vertex AI |
The following permissions have reached General Availability (GA):
|
| Batch |
The following permissions have been added:
|
| Batch |
The following permissions have reached General Availability (GA):
|
| Cloud Deploy |
The following permissions have been added:
|
| Cloud Deploy |
The following permissions are supported in custom roles:
|
| Discovery Engine |
The following permissions have been added:
|
| Discovery Engine |
The following permissions are supported in custom roles:
|
| Google Cloud Managed Service for Apache Kafka |
The following permissions have been added:
|
| Google Cloud Managed Service for Apache Kafka |
The following permissions are supported in custom roles:
|
| Recommender |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2024-07-12
| Service | Description |
|---|---|
| Gemini for Google Cloud API |
The following permissions have been added to the Cloud AI Companion Service Agent role (
|
| Cloud Commerce Consumer Procurement |
The following permissions have been added to the Consumer Procurement Entitlement Manager role (
|
| Cloud Commerce Consumer Procurement |
The following permissions have been added to the Consumer Procurement Entitlement Viewer role (
|
| Cloud Run |
The following permissions have been added to the Cloud Run Service Agent role (
|
| AlloyDB for PostgreSQL |
The following permissions have been added:
|
| AlloyDB for PostgreSQL |
The following permissions are supported in custom roles:
|
| API Management |
The following permissions have been added:
|
| API Management |
The following permissions are supported in custom roles:
|
| Spanner |
The following permissions have been added:
|
| Spanner |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2024-07-05
| Service | Description |
|---|---|
| Cloud TPU |
The following permissions have been added to the Cloud TPU V2 API Service Agent role (
|
| Cloud Composer |
The following permissions have been added to the Cloud Composer API Service Agent role (
|
| Compute Engine |
The following permissions have been added to the Compute Network Admin role (
|
| Compute Engine |
The following permissions have been added to the Compute Network User role (
|
| Compute Engine |
The following permissions have been added to the Compute Network Viewer role (
|
| Google Kubernetes Engine |
The following permissions have been added to the Kubernetes Engine Service Agent role (
|
| Dataflow |
The following permissions have been added to the Cloud Dataflow Service Agent role (
|
| Cloud Data Fusion |
The following permissions have been added to the Cloud Data Fusion API Service Agent role (
|
| Data Pipelines |
The following permissions have been added to the Datapipelines Service Agent role (
|
| Dataplex Universal Catalog |
The following permissions have been added to the Cloud Dataplex Service Agent role (
|
| Dataproc |
The following permissions have been added to the Dataproc Service Agent role (
|
| Sensitive Data Protection |
The following permissions have been added to the DLP Organization Data Profiles Driver role (
|
| Sensitive Data Protection |
The following permissions have been added to the DLP Project Data Profiles Driver role (
|
| Sensitive Data Protection |
The following permissions have been added to the DLP API Service Agent role (
|
| Firebase |
The following permissions have been added to the Firebase Admin role (
|
| Firebase |
The following permissions have been added to the Firebase Develop Admin role (
|
| Identity and Access Management |
The following permissions have been added to the Security Admin role (
|
| Identity and Access Management |
The following permissions have been added to the Security Reviewer role (
|
| Dataproc Metastore |
The Dataproc Metastore Managed Migration Admin role ( |
| Dataproc Metastore |
The following permissions have been added to the Dataproc Metastore Managed Migration Admin role (
|
| AI Platform |
The following permissions have been added to the AI Platform Service Agent role (
|
| Cloud Monitoring |
The following permissions have been added to the Monitoring Service Agent role (
|
| Cloud Storage |
The following permissions have been added to the Storage Admin role (
|
| Vision AI |
The following permissions have been added to the Cloud Vision AI Service Agent role (
|
| Visual Inspection AI |
The following permissions have been added to the Visual Inspection AI Service Agent role (
|
| Vertex AI |
The following permissions have been added:
|
| Bare Metal Solution |
The following permissions have been added:
|
| Bare Metal Solution |
The following permissions are supported in custom roles:
|
| Bare Metal Solution |
The following permissions have reached General Availability (GA):
|
| Bigtable |
The following permissions have been added:
|
| Discovery Engine |
The following permissions have been added:
|
| Discovery Engine |
The following permissions are supported in custom roles:
|
| Discovery Engine |
The following permissions have reached General Availability (GA):
|
| Firebase Data Connect |
The following permissions have been added:
|
| Firebase Data Connect |
The following permissions are supported in custom roles:
|
| Identity and Access Management |
The following permissions have been added:
|
| Identity and Access Management |
The following permissions have been added:
|
| Dataproc Metastore |
The following permissions have reached General Availability (GA):
|
| Google Cloud Observability |
The following permissions have been added:
|
| Resource Manager |
The following permissions have been added:
|
IAM changes as of 2024-06-14
| Service | Description |
|---|---|
| Config Management |
The following permissions have been added to the Anthos Config Management Service Agent role (
|
| GKE Identity Service |
The following permissions have been added to the Anthos Identity Service Agent role (
|
| Policy Controller |
The following permissions have been added to the Anthos Policy Controller Service Agent role (
|
| Cloud Service Mesh |
The following permissions have been added to the Anthos Service Mesh Service Agent role (
|
| App Development Experience |
The following permissions have been added to the App Development Experience Service Agent role (
|
| Backup and Disaster Recovery |
The Backup and DR Management Server Accessor role (
|
| Google Security Operations |
The following permissions have been removed from the Chronicle API Restricted Data Access Viewer role (
|
| Google Security Operations |
The following permissions have been added to the Chronicle Service Agent role (
|
| Google Security Operations |
The following permissions have been added to the Chronicle SOAR Admin role (
|
| Google Security Operations |
The following permissions have been added to the Chronicle SOAR Service Agent role (
|
| Google Security Operations |
The following permissions have been added to the Chronicle SOAR Threat Manager role (
|
| Google Security Operations |
The following permissions have been added to the Chronicle SOAR Vulnerability Manager role (
|
| Config Delivery |
The following permissions have been added to the Config Delivery Service Agent role (
|
| GKE Hub |
The following permissions have been added to the GKE Hub Service Agent role (
|
| Multi-Cluster Ingress |
The following permissions have been added to the Multi Cluster Ingress Service Agent role (
|
| Multi-Cluster Metering |
The following permissions have been added to the Multi-cluster metering Service Agent role (
|
| Multi-Cluster Service Discovery |
The following permissions have been added to the Multi-Cluster Service Discovery Service Agent role (
|
| Network Connectivity Center |
The Regional Endpoint Admin role ( |
| Network Connectivity Center |
The Regional Endpoint Viewer role ( |
| Privileged Access Manager |
The Privileged Access Manager Admin role ( |
| Privileged Access Manager |
The Privileged Access Manager Viewer role ( |
| Secure Source Manager |
The Secure Source Manager Service Agent role ( |
| Service Directory |
The following permissions have been added to the Service Directory Service Agent role (
|
| Personalized Service Health |
The Personalized Service Health Viewer role ( |
| Spectrum Access System (SAS) |
The Spectrum SAS Service Agent role ( |
| Google Security Operations |
The following permissions have been added:
|
| Google Security Operations |
The following permissions are supported in custom roles:
|
| Config Delivery |
The following permissions have been added:
|
| Config Delivery |
The following permissions are supported in custom roles:
|
| Dataproc Resource Manager |
The following permissions have been added:
|
| Dataproc Resource Manager |
The following permissions are supported in custom roles:
|
| GKE Hub |
The following permissions have been added:
|
| GKE Hub |
The following permissions are supported in custom roles:
|
| GKE Hub |
The following permissions have reached General Availability (GA):
|
| Maps Analytics |
The following permissions have been added:
|
| Maps Analytics |
The following permissions are supported in custom roles:
|
| Network Connectivity Center |
The following permissions have reached General Availability (GA):
|
| Privileged Access Manager |
The following permissions have reached General Availability (GA):
|
| Personalized Service Health |
The following permissions have reached General Availability (GA):
|
| Spanner |
The following permissions have been added:
|
| Spanner |
The following permissions are supported in custom roles:
|
| Workload Manager |
The following permissions have been added:
|
IAM changes as of 2024-05-31
| Service | Description |
|---|---|
| Assured Workloads |
The following permissions have been added to the Assured Workloads Administrator role (
|
| Assured Workloads |
The following permissions have been added to the Assured Workloads Editor role (
|
| Assured Workloads |
The following permissions have been added to the Assured Workloads Reader role (
|
| Google Cloud Support |
The following permissions have been added to the Tech Support Editor role (
|
| Config Delivery |
The Config Delivery Service Agent role ( |
| Workload Manager |
The following permissions have been added to the Workload Manager Service Agent role (
|
| Cloud Workstations |
The following permissions have been added to the Workstations Service Agent role (
|
| BigQuery |
The following permissions have been added:
|
| BigQuery |
The following permissions are supported in custom roles:
|
| BigQuery |
The following permissions have reached General Availability (GA):
|
| Cloud Logging |
The following permissions have been added:
|
| Cloud Logging |
The following permissions are supported in custom roles:
|
| Cloud Logging |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2024-05-24
| Service | Description |
|---|---|
| Audit Manager |
The following permissions have been added to the Audit Manager Auditing Service Agent role (
|
| Gemini for Google Cloud API |
The Cloud AI Companion Service Agent role (
|
| Dataproc |
The following permissions have been added to the Dataproc Service Agent role (
|
| Basic Role |
The following permissions have been added to the Editor role (
|
| Eventarc |
The following permissions have been added to the Eventarc Service Agent role (
|
| GKE Hub |
The following permissions have been added to the Fleet Project-level Scope Viewer role (
|
| GKE Hub |
The following permissions have been added to the GKE Hub Service Agent role (
|
| Multi-Cluster Metering |
The following permissions have been added to the Multi-cluster metering Service Agent role (
|
| Basic Role |
The following permissions have been added to the Owner role (
|
| Route Optimization |
The Route Optimization Editor role ( |
| Route Optimization |
The Route Optimization Viewer role ( |
| Security Command Center |
The following permissions have been added to the Security Center Admin role (
|
| Security Command Center |
The following permissions have been added to the Security Center Settings Admin role (
|
| Security Command Center |
The following permissions have been added to the Security Center Settings Editor role (
|
| Security Center Management API |
The Security Center Management Services Editor role ( |
| Security Center Management API |
The Security Center Management Services Viewer role ( |
| Security Center Management API |
The following permissions have been added to the Security Center Management Admin role (
|
| Security Center Management API |
The following permissions have been added to the Security Center Management Settings Editor role (
|
| Basic Role |
The following permissions have been added to the Viewer role (
|
| Basic Role |
The following permissions have been removed from the Viewer role (
|
| Vertex AI |
The following permissions have been added:
|
| Google Security Operations |
The following permissions have been added:
|
| Google Security Operations |
The following permissions are supported in custom roles:
|
| Cloud Data Fusion |
The following permissions have been added:
|
| Cloud Data Fusion |
The following permissions have reached General Availability (GA):
|
| Live Stream |
The following permissions have been added:
|
| Live Stream |
The following permissions are supported in custom roles:
|
| Live Stream |
The following permissions have reached General Availability (GA):
|
| Cloud Logging |
The following permissions have been added:
|
| Cloud Logging |
The following permissions are supported in custom roles:
|
| Cloud Logging |
The following permissions have reached General Availability (GA):
|
| Network Services |
The following permissions have been added:
|
| reCAPTCHA |
The following permissions have been added:
|
| reCAPTCHA |
The following permissions are supported in custom roles:
|
| Route Optimization |
The following permissions have been added:
|
| Route Optimization |
The following permissions are supported in custom roles:
|
| Route Optimization |
The following permissions have reached General Availability (GA):
|
| Security Center Management API |
The following permissions have been added:
|
| Security Center Management API |
The following permissions are supported in custom roles:
|
| Security Center Management API |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2024-05-10
| Service | Description |
|---|---|
| Vertex AI |
The following permissions have been added to the Vertex AI Administrator role (
|
| Vertex AI |
The following permissions have been added to the Colab Enterprise Admin role (
|
| Vertex AI |
The following permissions have been added to the Vertex AI Colab Service Agent role (
|
| Vertex AI |
The following permissions have been added to the Vertex AI Custom Code Service Agent role (
|
| Vertex AI |
The following permissions have been added to the Notebook Runtime Admin role (
|
| Vertex AI |
The following permissions have been added to the Vertex AI RAG Data Service Agent role (
|
| Vertex AI |
The following permissions have been added to the Vertex AI Service Agent role (
|
| Vertex AI |
The following permissions have been added to the Vertex AI User role (
|
| Vertex AI |
The following permissions have been added to the Vertex AI Viewer role (
|
| API Hub |
The following permissions have been added to the Cloud API Hub Editor role (
|
| API Hub |
The following permissions have been removed from the Cloud API Hub Editor role (
|
| API Hub |
The following permissions have been added to the Cloud API hub Provisioning Admin role (
|
| API Hub |
The following permissions have been added to the Cloud API hub Viewer role (
|
| Audit Manager |
The following permissions have been added to the Audit Manager Auditing Service Agent role (
|
| BigQuery |
The following permissions have been added to the BigQuery Studio Admin role (
|
| Blockchain Node Engine |
The Blockchain Node Engine Service Agent role ( |
| Google Security Operations |
The following permissions have been added to the Chronicle API Admin role (
|
| Google Security Operations |
The following permissions have been added to the Chronicle API Editor role (
|
| Google Security Operations |
The following permissions have been removed from the Chronicle API Editor role (
|
| Google Security Operations |
The following permissions have been added to the Chronicle API Restricted Data Access Viewer role (
|
| Google Security Operations |
The following permissions have been removed from the Chronicle API Restricted Data Access Viewer role (
|
| Google Security Operations |
The following permissions have been added to the Chronicle Service Agent role (
|
| Google Security Operations |
The following permissions have been added to the Chronicle API Viewer role (
|
| Google Security Operations |
The following permissions have been removed from the Chronicle API Viewer role (
|
| Cloud Build |
The following permissions have been added to the Cloud Build Service Agent role (
|
| Conversational Insights |
The following permissions have been added to the Contact Center AI Insights editor role (
|
| Conversational Insights |
The following permissions have been added to the Contact Center AI Insights viewer role (
|
| Dataform |
The Code Creator role ( |
| Dataform |
The Code Editor role ( |
| Dataform |
The Code Owner role ( |
| Dataform |
The Code Viewer role ( |
| Discovery Engine |
The following permissions have been added to the Discovery Engine Admin role (
|
| Discovery Engine |
The following permissions have been added to the Discovery Engine Editor role (
|
| Discovery Engine |
The following permissions have been added to the Discovery Engine Viewer role (
|
| Sensitive Data Protection |
The DLP File Store Data Profiles Admin role ( |
| Sensitive Data Protection |
The DLP File Store Data Profiles Reader role ( |
| Sensitive Data Protection |
The following permissions have been added to the DLP Administrator role (
|
| Sensitive Data Protection |
The following permissions have been added to the DLP Organization Data Profiles Driver role (
|
| Sensitive Data Protection |
The following permissions have been added to the DLP Project Data Profiles Driver role (
|
| Cloud DNS |
The Cloud DNS Service Agent role ( |
| Basic Role |
The following permissions have been added to the Editor role (
|
| GKE Hub |
The Fleet Scope Admin role ( |
| GKE Hub |
The Fleet Scope Editor role ( |
| GKE Hub |
The Fleet Project-level Scope Editor role ( |
| GKE Hub |
The Fleet Project-level Scope Viewer role ( |
| Google Cloud Managed Service for Apache Kafka |
The Managed Kafka Service Agent role ( |
| Progressive Rollout |
The Progressive Rollout Service Agent role ( |
| Basic Role |
The following permissions have been added to the Viewer role (
|
| Basic Role |
The following permissions have been removed from the Viewer role (
|
| Visual Inspection AI |
The following permissions have been added to the Visual Inspection AI Service Agent role (
|
| Cloud Workstations |
The following permissions have been added to the Workstations Service Agent role (
|
| Vertex AI |
The following permissions have been added:
|
| Vertex AI |
The following permissions have reached General Availability (GA):
|
| AlloyDB for PostgreSQL |
The following permissions have been added:
|
| AlloyDB for PostgreSQL |
The following permissions are supported in custom roles:
|
| Google Security Operations |
The following permissions have been added:
|
| Google Security Operations |
The following permissions are supported in custom roles:
|
| Cloud Key Management Service |
The following permissions have been added:
|
| Conversational Insights |
The following permissions have been added:
|
| Conversational Insights |
The following permissions are supported in custom roles:
|
| Developer Connect |
The following permissions have been added:
|
| Developer Connect |
The following permissions are supported in custom roles:
|
| Sensitive Data Protection |
The following permissions have been added:
|
| Sensitive Data Protection |
The following permissions have reached General Availability (GA):
|
| GKE Hub |
The following permissions have been added:
|
| reCAPTCHA |
The following permissions have been added:
|
| Security Command Center |
The following permissions have been added:
|
IAM changes as of 2024-04-26
| Service | Description |
|---|---|
| API Hub |
The API-Hub Runtime Project Service Agent role ( |
| Capacity Planner |
The following permissions have been added to the Capacity Planner Usage Viewer role (
|
| Cloud Infrastructure Entitlement Management (CIEM) |
The CIEM Service Agent role ( |
| Cloud Deploy |
The Cloud Deploy Custom Target Type Admin role ( |
| Compute Engine |
The following permissions have been added to the Compute Instance Admin (beta) role (
|
| Dataproc |
The following permissions have been added to the Dataproc Service Agent role (
|
| Firebase Data Connect |
The Firebase Data Connect Service Agent role ( |
| Cloud OS Config |
The following permissions have been added to the Cloud OS Config Service Agent role (
|
| Security Command Center |
The following permissions have been added to the Security Center Admin role (
|
| Security Command Center |
The following permissions have been added to the Security Center Settings Admin role (
|
| Security Command Center |
The following permissions have been added to the Security Center Settings Editor role (
|
| Security Center Management API |
The following permissions have been added to the Security Center Management Admin role (
|
| Security Center Management API |
The following permissions have been added to the Security Center Management Settings Editor role (
|
| API Management |
The following permissions have been added:
|
| API Management |
The following permissions are supported in custom roles:
|
| Cloud Deploy |
The following permissions have reached General Availability (GA):
|
| Security Center Management API |
The following permissions have been added:
|
| Security Center Management API |
The following permissions are supported in custom roles:
|
| Security Center Management API |
The following permissions have reached General Availability (GA):
|
| Video Stitcher API |
The following permissions have been added:
|
| Video Stitcher API |
The following permissions are supported in custom roles:
|
| Video Stitcher API |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2024-04-19
| Service | Description |
|---|---|
| Vertex AI |
The Vertex AI Model Monitoring Service Agent role ( |
| AlloyDB for PostgreSQL |
The following permissions have been added to the Cloud AlloyDB Admin role (
|
| AlloyDB for PostgreSQL |
The following permissions have been added to the Cloud AlloyDB Viewer role (
|
| API Management |
The APIM API Discovery Service Agent role (
|
| Assured Open Source Software |
The following permissions have been added to the Assured OSS Admin role (
|
| Assured Open Source Software |
The following permissions have been added to the Assured OSS Project Admin role (
|
| Assured Open Source Software |
The following permissions have been added to the Assured OSS Reader role (
|
| Assured Workloads |
The following permissions have been added to the Assured Workloads Service Agent role (
|
| Audit Manager |
The following permissions have been added to the Audit Manager Admin role (
|
| Audit Manager |
The following permissions have been added to the Audit Manager Auditor role (
|
| Compliance Scanning |
The Compliance Scanning Service Agent role ( |
| Cloud Config Manager API |
The following permissions have been added to the Cloud Infrastructure Manager Agent role (
|
| Conversational Insights |
The following permissions have been added to the Contact Center AI Insights editor role (
|
| Conversational Insights |
The following permissions have been added to the Contact Center AI Insights viewer role (
|
| Database Migration Service |
The following permissions have been added to the Database Migration Service Agent role (
|
| Dataplex Universal Catalog |
The Dataplex Catalog Admin role ( |
| Dataplex Universal Catalog |
The Dataplex Catalog Editor role ( |
| Dataplex Universal Catalog |
The Dataplex Catalog Viewer role ( |
| Dialogflow |
The following permissions have been added to the Dialogflow Service Agent role (
|
| Discovery Engine |
The following permissions have been added to the Discovery Engine Service Agent role (
|
| Distributed Cloud Edge Container |
The following permissions have been added to the Edge Container Service Agent role (
|
| Basic Role |
The following permissions have been added to the Editor role (
|
| Firebase |
The following permissions have been added to the Firebase Service Management Service Agent role (
|
| ML Kit for Firebase |
The Firebase Machine Learning Service Agent role ( |
| GKE Hub |
The Fleet Scope Viewer role ( |
| Identity and Access Management |
The following permissions have been added to the Security Admin role (
|
| Identity and Access Management |
The following permissions have been added to the Security Reviewer role (
|
| Cloud OS Config |
The Project Feature Settings Editor role ( |
| Cloud OS Config |
The Project Feature Settings Viewer role ( |
| Basic Role |
The following permissions have been added to the Owner role (
|
| Security Command Center |
The following permissions have been added to the Security Center Admin role (
|
| Security Command Center |
The following permissions have been added to the Security Center Admin Editor role (
|
| Security Command Center |
The following permissions have been added to the Security Center Admin Viewer role (
|
| Security Center Management API |
The Security Center Management Admin role ( |
| Security Center Management API |
The Security Center Management Settings Editor role ( |
| Security Center Management API |
The Security Center Management Settings Viewer role ( |
| Security Center Management API |
The Security Center Management Viewer role ( |
| Service Networking |
The following permissions have been added to the Service Networking Service Agent role (
|
| Basic Role |
The following permissions have been added to the Viewer role (
|
| Gemini for Google Cloud API |
The following permissions have been added:
|
| Gemini for Google Cloud API |
The following permissions are supported in custom roles:
|
| Compute Engine |
The following permissions have reached General Availability (GA):
|
| Conversational Insights |
The following permissions have been added:
|
| Google Kubernetes Engine |
The following permissions have been added:
|
| Google Kubernetes Engine |
The following permissions have reached General Availability (GA):
|
| Database Center |
The following permissions have been added:
|
| Database Center |
The following permissions are supported in custom roles:
|
| Dataproc |
The following permissions have been added:
|
| Dataproc |
The following permissions are supported in custom roles:
|
| Dataproc |
The following permissions have reached General Availability (GA):
|
| Discovery Engine |
The following permissions have reached General Availability (GA):
|
| Identity and Access Management |
The following permissions have been added:
|
| Identity and Access Management |
The following permissions are supported in custom roles:
|
| Identity and Access Management |
The following permissions have been added:
|
| Identity and Access Management |
The following permissions are supported in custom roles:
|
| Cloud Logging |
The following permissions have been added:
|
| Cloud Logging |
The following permissions have reached General Availability (GA):
|
| Cloud OS Config |
The following permissions have been added:
|
| Cloud OS Config |
The following permissions are supported in custom roles:
|
| Cloud OS Config |
The following permissions have reached General Availability (GA):
|
| Recommender |
The following permissions have been added:
|
| Recommender |
The following permissions are supported in custom roles:
|
| Security Center Management API |
The following permissions have been added:
|
| Security Center Management API |
The following permissions are supported in custom roles:
|
| Security Center Management API |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2024-03-29
| Service | Description |
|---|---|
| Vertex AI |
The Vertex AI Extension Custom Code Service Agent role ( |
| Vertex AI |
The Vertex AI Rapid Eval Service Agent role ( |
| Vertex AI |
The following permissions have been added to the Vertex AI Colab Service Agent role (
|
| Vertex AI |
The following permissions have been added to the Vertex AI Extension Service Agent role (
|
| Vertex AI |
The following permissions have been added to the Vertex AI Tuning Service Agent role (
|
| API Hub |
The API hub attribute admin role (
|
| API Hub |
The API hub plugin admin role (
|
| API Hub |
The API hub all permissions related to provisioning role (
|
| Assured Open Source Software |
The Assured OSS Admin role ( |
| Assured Open Source Software |
The Assured OSS Reader role ( |
| Assured Open Source Software |
The Assured OSS User role ( |
| Google Security Operations |
The following permissions have been removed from the Chronicle API Restricted Data Access Viewer role (
|
| Database Migration Service |
The following permissions have been added to the Database Migration Service Agent role (
|
| Discovery Engine |
The following permissions have been added to the Discovery Engine Service Agent role (
|
| Distributed Cloud Edge Container |
The following permissions have been added to the Edge Container Cluster Service Agent role (
|
| Basic Role |
The following permissions have been added to the Editor role (
|
| Identity and Access Management |
The following permissions have been added to the Security Admin role (
|
| Identity and Access Management |
The following permissions have been added to the Security Reviewer role (
|
| Basic Role |
The following permissions have been added to the Owner role (
|
| Privileged Access Manager |
The Privileged Access Manager Service Agent role ( |
| Cloud Run |
The following permissions have been removed from the Cloud Run Invoker role (
|
| Basic Role |
The following permissions have been added to the Viewer role (
|
| API Hub |
The following permissions have been added:
|
| API Hub |
The following permissions are supported in custom roles:
|
| Artifact Registry |
The following permissions have been added:
|
| Artifact Registry |
The following permissions have reached General Availability (GA):
|
| Assured Open Source Software |
The following permissions have reached General Availability (GA):
|
| Google Security Operations |
The following permissions have been added:
|
| Google Security Operations |
The following permissions are supported in custom roles:
|
| Commerce Org Governance |
The following permissions have been added:
|
| Commerce Org Governance |
The following permissions are supported in custom roles:
|
| GDC Hardware Management API |
The following permissions have been added:
|
| GDC Hardware Management API |
The following permissions are supported in custom roles:
|
| Privileged Access Manager |
The following permissions have been added:
|
| Privileged Access Manager |
The following permissions are supported in custom roles:
|
| Security Posture API |
The following permissions have been added:
|
| Security Posture API |
The following permissions are supported in custom roles:
|
| Security Posture API |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2024-03-22
| Service | Description |
|---|---|
| Vertex AI |
The Vertex AI Extension Service Agent role ( |
| Vertex AI |
The Vertex AI Reasoning Engine Service Agent role ( |
| Vertex AI |
The Vertex AI Tuning Service Agent role ( |
| BigQuery |
The BigQuery Studio Admin role ( |
| BigQuery |
The BigQuery Studio User role ( |
| Google Security Operations |
The Chronicle SOAR Service Agent role ( |
| Discovery Engine |
The following permissions have been added to the Discovery Engine Service Agent role (
|
| Multi-Cluster Ingress |
The following permissions have been added to the Multi Cluster Ingress Service Agent role (
|
| Basic Role |
The following permissions have been removed from the Viewer role (
|
| VM Migration |
The following permissions have been added to the VM Migration Service Agent role (
|
| Vertex AI |
The following permissions have been added:
|
| Assured Open Source Software |
The following permissions have been added:
|
| Assured Open Source Software |
The following permissions are supported in custom roles:
|
| Bigtable |
The following permissions have been added:
|
| Bigtable |
The following permissions have reached General Availability (GA):
|
| Cloud SQL |
The following permissions have been added:
|
| Cloud SQL |
The following permissions have reached General Availability (GA):
|
| Compute Engine |
The following permissions have been added:
|
| Dataproc Metastore |
The following permissions have been added:
|
| Dataproc Metastore |
The following permissions are supported in custom roles:
|
| Recommender |
The following permissions have been added:
|
| Recommender |
The following permissions are supported in custom roles:
|
IAM changes as of 2024-03-15
| Service | Description |
|---|---|
| Vertex AI |
The Vertex AI Colab Service Agent role ( |
| Vertex AI |
The Vertex AI RAG Data Service Agent role ( |
| AlloyDB for PostgreSQL |
The following permissions have been added to the Cloud AlloyDB Admin role (
|
| AlloyDB for PostgreSQL |
The following permissions have been added to the Cloud AlloyDB Viewer role (
|
| Assured Open Source Software |
The following permissions have been added to the Assured OSS Admin role (
|
| Backup and Disaster Recovery |
The following permissions have been added to the Backup and DR Backup User role (
|
| Backup and Disaster Recovery |
The following permissions have been added to the Backup and DR Mount User role (
|
| Backup and Disaster Recovery |
The following permissions have been added to the Backup and DR Restore User role (
|
| Backup and Disaster Recovery |
The following permissions have been added to the Backup and DR User V2 role (
|
| Google Security Operations |
The following permissions have been added to the Chronicle API Limited Viewer role (
|
| Google Security Operations |
The following permissions have been added to the Chronicle API Restricted Data Access Viewer role (
|
| Cloud Config Manager API |
The following permissions have been added to the Cloud Infrastructure Manager Agent role (
|
| Container Security |
The following permissions have been added to the GKE Security Posture Viewer role (
|
| Database Migration Service |
The following permissions have been added to the Database Migration Admin role (
|
| Dialogflow |
The following permissions have been added to the Dialogflow Agent Assist Client role (
|
| Discovery Engine |
The following permissions have been added to the Discovery Engine Service Agent role (
|
| Distributed Cloud Edge Container |
The following permissions have been removed from the Edge Container Cluster Service Agent role (
|
| Security Command Center |
The following permissions have been added to the Security Center Admin role (
|
| Security Command Center |
The following permissions have been added to the Security Center Admin Editor role (
|
| Security Command Center |
The following permissions have been added to the Security Center Admin Viewer role (
|
| Cloud Storage |
The Storage Folder Admin role ( |
| Backup and Disaster Recovery |
The following permissions have been added:
|
| Backup and Disaster Recovery |
The following permissions are supported in custom roles:
|
| Backup and Disaster Recovery |
The following permissions have reached General Availability (GA):
|
| BigQuery Reservation API |
The following permissions have been added:
|
| Google Security Operations |
The following permissions have been added:
|
| Google Security Operations |
The following permissions are supported in custom roles:
|
| Compute Engine |
The following permissions have been added:
|
| Compute Engine |
The following permissions are supported in custom roles:
|
| Compute Engine |
The following permissions have reached General Availability (GA):
|
| Discovery Engine |
The following permissions have been added:
|
| Discovery Engine |
The following permissions are supported in custom roles:
|
| GKE Hub |
The following permissions have been added:
|
| GKE Hub |
The following permissions are supported in custom roles:
|
| GKE Hub |
The following permissions have reached General Availability (GA):
|
| Google Cloud Migration Center |
The following permissions have been added:
|
| Privileged Access Manager |
The following permissions have been added:
|
| Privileged Access Manager |
The following permissions are supported in custom roles:
|
| Cloud Storage |
The following permissions have been added:
|
| Cloud Storage |
The following permissions are supported in custom roles:
|
| Cloud Storage |
The following permissions have reached General Availability (GA):
|
| Workload Manager |
The following permissions have been added:
|
IAM changes as of 2024-03-08
| Service | Description |
|---|---|
| Cloud Service Mesh |
The following permissions have been added to the Anthos Service Mesh Service Agent role (
|
| Assured Open Source Software |
The Assured OSS Project Admin role (
|
| BigQuery Continuous Query |
The BigQuery Continuous Query Service Agent role ( |
| Cloud Controls Partner API |
The Cloud Controls Partner Admin role ( |
| Cloud Controls Partner API |
The Cloud Controls Partner Editor role ( |
| Cloud Controls Partner API |
The Cloud Controls Partner Inspectability Reader role ( |
| Cloud Controls Partner API |
The Cloud Controls Partner Monitoring Reader role ( |
| Cloud Controls Partner API |
The Cloud Controls Partner Reader role ( |
| Cloud Deployment Manager |
The Cloud Deployment Manager Service Agent role ( |
| Cloud SQL |
The following permissions have been added to the Cloud SQL Admin role (
|
| Cloud SQL |
The following permissions have been added to the Cloud SQL Editor role (
|
| Cloud SQL |
The following permissions have been added to the Cloud SQL Viewer role (
|
| Cloud Composer |
The following permissions have been added to the Cloud Composer API Service Agent role (
|
| Route Optimization |
The Route Optimization Service Agent role ( |
| AlloyDB for PostgreSQL |
The following permissions have been added:
|
| Apigee |
The following permissions have been added:
|
| Apigee |
The following permissions are supported in custom roles:
|
| Apigee |
The following permissions have reached General Availability (GA):
|
| Cloud Controls Partner API |
The following permissions have reached General Availability (GA):
|
| Compute Engine |
The following permissions have been added:
|
| Compute Engine |
The following permissions are supported in custom roles:
|
| Compute Engine |
The following permissions have reached General Availability (GA):
|
| Cloud Config Manager API |
The following permissions have been added:
|
| Cloud Config Manager API |
The following permissions are supported in custom roles:
|
| Database Insights |
The following permissions have been added:
|
| Database Insights |
The following permissions are supported in custom roles:
|
| Sensitive Data Protection |
The following permissions have been added:
|
| Sensitive Data Protection |
The following permissions have reached General Availability (GA):
|
| Backup for GKE |
The following permissions have been added:
|
| Backup for GKE |
The following permissions have reached General Availability (GA):
|
| Cloud Run |
The following permissions have been added:
|
| Cloud Run |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2024-03-01
| Service | Description |
|---|---|
| Vertex AI |
The following permissions have been added to the Vertex AI Service Agent role (
|
| Capacity Planner |
The following permissions have been added to the Capacity Planner Usage Viewer role (
|
| Cloud Run functions |
The following permissions have been added to the Cloud Functions Admin role (
|
| Cloud Run functions |
The following permissions have been added to the Cloud Functions Developer role (
|
| Cloud Run functions |
The following permissions have been added to the Cloud Functions Service Agent role (
|
| Cloud Run functions |
The following permissions have been added to the Cloud Functions Viewer role (
|
| Compute Engine |
The following permissions have been added to the Compute Load Balancer Admin role (
|
| Dataplex Universal Catalog |
The Dataplex Aspect Type Owner role ( |
| Dataplex Universal Catalog |
The Dataplex Aspect Type User role ( |
| Dataplex Universal Catalog |
The Dataplex Entry Group Owner role ( |
| Dataplex Universal Catalog |
The Dataplex Entry Owner role ( |
| Dataplex Universal Catalog |
The Dataplex Entry Type Owner role ( |
| Dataplex Universal Catalog |
The Dataplex Entry Type User role ( |
| Dataplex Universal Catalog |
The following permissions have been removed from the Dataplex Administrator role (
|
| Dataplex Universal Catalog |
The following permissions have been removed from the Dataplex Editor role (
|
| Dataplex Universal Catalog |
The following permissions have been removed from the Dataplex Metadata Reader role (
|
| Dataplex Universal Catalog |
The following permissions have been removed from the Dataplex Metadata Writer role (
|
| Dataplex Universal Catalog |
The following permissions have been removed from the Dataplex Viewer role (
|
| Discovery Engine |
The following permissions have been added to the Discovery Engine Service Agent role (
|
| Firebase |
The following permissions have been added to the Firebase Admin role (
|
| Firebase |
The following permissions have been added to the Firebase Develop Admin role (
|
| Firebase |
The following permissions have been added to the Firebase Develop Viewer role (
|
| Firebase |
The following permissions have been added to the Firebase Viewer role (
|
| Cloud Run |
The following permissions have been added to the Cloud Run Admin role (
|
| Cloud Run |
The following permissions have been added to the Cloud Run Developer role (
|
| Cloud Run |
The following permissions have been added to the Cloud Run Viewer role (
|
| Security Command Center |
The Attack Surface Management Scanner Service Agent role ( |
| BigQuery |
The following permissions have been added:
|
| Bigtable |
The following permissions have been added:
|
| Bigtable |
The following permissions are supported in custom roles:
|
| Cloud Controls Partner API |
The following permissions have been added:
|
| Cloud Controls Partner API |
The following permissions are supported in custom roles:
|
| Dataplex Universal Catalog |
The following permissions have been added:
|
| Dataplex Universal Catalog |
The following permissions are supported in custom roles:
|
| Dataplex Universal Catalog |
The following permissions have reached General Availability (GA):
|
| Recommender |
The following permissions have been added:
|
| Recommender |
The following permissions are supported in custom roles:
|
| Recommender |
The following permissions have reached General Availability (GA):
|
| Security Posture API |
The following permissions have been added:
|
| Security Posture API |
The following permissions are supported in custom roles:
|
| Security Posture API |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2024-02-23
| Service | Description |
|---|---|
| App Hub |
The App Hub Admin role ( |
| App Hub |
The App Hub Editor role ( |
| App Hub |
The App Hub Viewer role ( |
| Audit Manager |
The following permissions have been added to the Audit Manager Auditing Service Agent role (
|
| Backup and Disaster Recovery |
The following permissions have been added to the Backup and DR Compute Engine Operator role (
|
| Cloud SQL |
The Cloud SQL Schema Viewer role ( |
| Privileged Access Manager |
The following permissions have been added to the Privileged Access Manager Folder Service Agent role (
|
| Privileged Access Manager |
The following permissions have been added to the Privileged Access Manager Organization Service Agent role (
|
| Privileged Access Manager |
The following permissions have been added to the Privileged Access Manager Project Service Agent role (
|
| Recommender |
The RecentChange RecommenderConfig Admin role ( |
| Recommender |
The Recent Change Risk Recommender Admin role ( |
| Recommender |
The Recent Change Risk Recommender Viewer role ( |
| AlloyDB for PostgreSQL |
The following permissions have been added:
|
| App Hub |
The following permissions have reached General Availability (GA):
|
| Cloud SQL |
The following permissions have been added:
|
| Cloud SQL |
The following permissions have reached General Availability (GA):
|
| Compute Engine |
The following permissions have been added:
|
| Compute Engine |
The following permissions are supported in custom roles:
|
| Compute Engine |
The following permissions have reached General Availability (GA):
|
| Recommender |
The following permissions have been added:
|
| Recommender |
The following permissions are supported in custom roles:
|
| Recommender |
The following permissions have reached General Availability (GA):
|
| Cloud Storage |
The following permissions have been added:
|
| Cloud Storage |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2024-02-16
| Service | Description |
|---|---|
| Audit Manager |
The following permissions have been added to the Audit Manager Auditing Service Agent role (
|
| BigQuery |
The following permissions have been added to the BigQuery Admin role (
|
| BigQuery |
The following permissions have been added to the BigQuery Job User role (
|
| BigQuery |
The following permissions have been added to the BigQuery User role (
|
| BigQuery Data Transfer Service |
The following permissions have been added to the BigQuery Data Transfer Service Agent role (
|
| Dataflow |
The following permissions have been added to the Cloud Dataflow Service Agent role (
|
| Cloud Data Fusion |
The following permissions have been added to the Cloud Data Fusion API Service Agent role (
|
| Dataplex Universal Catalog |
The following permissions have been added to the Cloud Dataplex Service Agent role (
|
| Dataprep by Trifacta |
The following permissions have been added to the Dataprep Service Agent role (
|
| Sensitive Data Protection |
The following permissions have been added to the DLP Organization Data Profiles Driver role (
|
| Sensitive Data Protection |
The following permissions have been added to the DLP Project Data Profiles Driver role (
|
| Sensitive Data Protection |
The following permissions have been added to the DLP API Service Agent role (
|
| Enterprise Knowledge Graph |
The following permissions have been added to the Enterprise Knowledge Graph Service Agent role (
|
| FleetEngine |
The following permissions have been added to the FleetEngine Service Agent role (
|
| Security Posture API |
The following permissions have been added to the Security Posture Shift-Left Validator role (
|
| Google Security Operations |
The following permissions have been added:
|
| Google Security Operations |
The following permissions are supported in custom roles:
|
| Firebase Test Lab |
The following permissions have been added:
|
| Firebase Test Lab |
The following permissions are supported in custom roles:
|
| Conversational Insights |
The following permissions have reached General Availability (GA):
|
| Discovery Engine |
The following permissions have been added:
|
| Discovery Engine |
The following permissions are supported in custom roles:
|
IAM changes as of 2024-02-09
| Service | Description |
|---|---|
| Advisory Notifications |
The Advisory Notifications Admin role ( |
| Vertex AI |
The following permissions have been added to the Vertex AI Custom Code Service Agent role (
|
| App Engine |
The following permissions have been added to the App Engine Code Viewer role (
|
| Audit Manager |
The following permissions have been added to the Audit Manager Auditing Service Agent role (
|
| Advisory Notifications |
The following permissions have reached General Availability (GA):
|
| App Engine |
The following permissions have been added:
|
| App Engine |
The following permissions have reached General Availability (GA):
|
| Artifact Registry |
The following permissions have been added:
|
| Artifact Registry |
The following permissions have reached General Availability (GA):
|
| Cloud Deploy |
The following permissions have been added:
|
| Cloud Composer |
The following permissions have been added:
|
| Cloud Composer |
The following permissions are supported in custom roles:
|
| Cloud Composer |
The following permissions have reached General Availability (GA):
|
| Dialogflow |
The following permissions have been added:
|
| Dialogflow |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2024-02-02
| Service | Description |
|---|---|
| Google Security Operations |
The following permissions have been added to the Chronicle API Restricted Data Access Viewer role (
|
| Google Security Operations |
The following permissions have been added to the Chronicle API Viewer role (
|
| Cloud Key Management Service |
The Cloud KMS KACLS Service Agent role ( |
| Firebase |
The following permissions have been added to the Firebase Service Management Service Agent role (
|
| Workload Manager |
The following permissions have been added to the Workload Manager Admin role (
|
| Workload Manager |
The following permissions have been added to the Workload Manager Deployment Admin role (
|
| AlloyDB for PostgreSQL |
The following permissions have been added:
|
| AlloyDB for PostgreSQL |
The following permissions are supported in custom roles:
|
| Audit Manager |
The following permissions have been added:
|
| Audit Manager |
The following permissions are supported in custom roles:
|
| Google Security Operations |
The following permissions have been added:
|
| Google Security Operations |
The following permissions are supported in custom roles:
|
IAM changes as of 2024-01-26
| Service | Description |
|---|---|
| Vertex AI |
The following permissions have been added to the Vertex AI Feature Store Resource Viewer role (
|
| Audit Manager |
The Audit Manager Auditing Service Agent role ( |
| Gemini for Google Cloud API |
The following permissions have been added to the Cloud AI Companion User role (
|
| Dialogflow |
The following permissions have been added to the Dialogflow Service Agent role (
|
| Sensitive Data Protection |
The following permissions have been added to the DLP Administrator role (
|
| Sensitive Data Protection |
The following permissions have been added to the DLP Organization Data Profiles Driver role (
|
| Sensitive Data Protection |
The following permissions have been added to the DLP Project Data Profiles Driver role (
|
| Distributed Cloud Edge Container |
The following permissions have been added to the Edge Container Cluster Service Agent role (
|
| Basic Role |
The following permissions have been added to the Editor role (
|
| Basic Role |
The following permissions have been added to the Owner role (
|
| Policy Simulator |
The following permissions have been added to the OrgPolicy Simulator Admin role (
|
| Basic Role |
The following permissions have been added to the Viewer role (
|
| Google Cloud VMware Engine |
The following permissions have been added to the VMware Engine Service Agent role (
|
| AlloyDB for PostgreSQL |
The following permissions have been added:
|
| AlloyDB for PostgreSQL |
The following permissions are supported in custom roles:
|
| Gemini for Google Cloud API |
The following permissions have been added:
|
| Discovery Engine |
The following permissions have been added:
|
| Discovery Engine |
The following permissions are supported in custom roles:
|
| Retail API |
The following permissions have been added:
|
IAM changes as of 2024-01-19
| Service | Description |
|---|---|
| Vertex AI |
The following permissions have been added to the Vertex AI Feature Store EntityType owner role (
|
| Vertex AI |
The following permissions have been added to the Vertex AI Feature Store Admin role (
|
| Vertex AI |
The following permissions have been added to the Vertex AI Feature Store Data Viewer role (
|
| Vertex AI |
The following permissions have been added to the Vertex AI Feature Store Data Writer role (
|
| Artifact Registry |
The following permissions have been added to the Artifact Registry Service Agent role (
|
| Assured Open Source Software |
The Assured OSS User role (
|
| Connectors |
The following permissions have been added to the Connector Admin role (
|
| Discovery Engine |
The Discovery Engine Admin role ( |
| Discovery Engine |
The Discovery Engine Editor role ( |
| Discovery Engine |
The Discovery Engine Viewer role ( |
| Basic Role |
The following permissions have been added to the Editor role (
|
| GKE Hub |
The following permissions have been added to the Connect Gateway Admin role (
|
| GKE Hub |
The following permissions have been added to the Connect Gateway Editor role (
|
| GKE Hub |
The following permissions have been added to the Connect Gateway Reader role (
|
| GKE Multi-Cloud |
The following permissions have been added to the Anthos Multi-Cloud Container Service Agent role (
|
| Identity and Access Management |
The following permissions have been added to the Security Admin role (
|
| Identity and Access Management |
The following permissions have been added to the Security Reviewer role (
|
| Basic Role |
The following permissions have been added to the Owner role (
|
| Serverless Integrations |
The following permissions have been added to the Serverless Integrations Service Agent role (
|
| Security Command Center |
The following permissions have been added to the Security Center Control Service Agent role (
|
| Security Command Center |
The following permissions have been added to the Security Center Service Agent role (
|
| Basic Role |
The following permissions have been added to the Viewer role (
|
| Cloud Workstations |
The following permissions have been added to the Workstations Service Agent role (
|
| Assured Open Source Software |
The following permissions have been added:
|
| Assured Open Source Software |
The following permissions are supported in custom roles:
|
| Database Migration Service |
The following permissions have been added:
|
| Database Migration Service |
The following permissions have reached General Availability (GA):
|
| Discovery Engine |
The following permissions have been added:
|
| Discovery Engine |
The following permissions are supported in custom roles:
|
| Discovery Engine |
The following permissions have reached General Availability (GA):
|
| Cloud Healthcare API |
The following permissions have been added:
|
| Cloud Healthcare API |
The following permissions are supported in custom roles:
|
IAM changes as of 2024-01-05
| Service | Description |
|---|---|
| API Gateway |
The following permissions have been added to the ApiGateway Admin role (
|
| API Gateway |
The following permissions have been added to the ApiGateway Viewer role (
|
| Assured Workloads |
The following permissions have been added to the Assured Workloads Service Agent role (
|
| AutoML |
The following permissions have been added to the AutoML Admin role (
|
| AutoML |
The following permissions have been added to the AutoML Editor role (
|
| AutoML |
The following permissions have been added to the AutoML Viewer role (
|
| Google Security Operations |
The following permissions have been added to the Chronicle API Admin role (
|
| Cloud Run functions |
The following permissions have been added to the Cloud Functions Service Agent role (
|
| Cloud Commerce Consumer Procurement |
The Consumer Procurement Entitlement Manager role ( |
| Cloud Commerce Consumer Procurement |
The Consumer Procurement Entitlement Viewer role ( |
| Cloud Commerce Consumer Procurement |
The Consumer Procurement Events Viewer role ( |
| Cloud Commerce Consumer Procurement |
The Consumer Procurement Order Administrator role ( |
| Cloud Commerce Consumer Procurement |
The Consumer Procurement Order Viewer role ( |
| Cloud Commerce Consumer Procurement |
The Consumer Procurement Administrator role ( |
| Cloud Commerce Consumer Procurement |
The Consumer Procurement Viewer role ( |
| AI Platform Data Labeling Service |
The following permissions have been added to the Data Labeling Service Agent role (
|
| Dialogflow |
The following permissions have been added to the Dialogflow Agent Assist Client role (
|
| Dialogflow |
The following permissions have been added to the Dialogflow Service Agent role (
|
| Basic Role |
The following permissions have been added to the Editor role (
|
| Firebase |
The following permissions have been added to the Firebase SDK Provisioning Service Agent role (
|
| Firewall Insights |
The following permissions have been added to the Cloud Firewall Insights Service Agent role (
|
| Cloud Service Mesh |
The following permissions have been added to the Mesh Config Service Agent role (
|
| Cloud Monitoring |
The following permissions have been added to the Monitoring Admin role (
|
| Cloud Monitoring |
The following permissions have been added to the Monitoring Editor role (
|
| Multi-Cluster Service Discovery |
The following permissions have been added to the Multi-Cluster Service Discovery Service Agent role (
|
| Network Management API |
The following permissions have been added to the GCP Network Management Service Agent role (
|
| Basic Role |
The following permissions have been added to the Owner role (
|
| Security Command Center |
The following permissions have been added to the Security Center Automation Service Agent role (
|
| Security Posture API |
The Security Posture Shift-Left Validator role (
|
| Security Posture API |
The Security Posture Admin role ( |
| Security Posture API |
The Security Posture Deployer role ( |
| Security Posture API |
The Security Posture Deployments Viewer role ( |
| Security Posture API |
The Security Posture Resource Editor role ( |
| Security Posture API |
The Security Posture Resource Viewer role ( |
| Security Posture API |
The Security Posture Viewer role ( |
| Cloud Monitoring |
The following permissions have been added to the Stackdriver Accounts Editor role (
|
| Apigee |
The following permissions have been added:
|
| Apigee |
The following permissions have reached General Availability (GA):
|
| BigQuery |
The following permissions have been added:
|
| BigQuery |
The following permissions are supported in custom roles:
|
| BigQuery Reservation API |
The following permissions have been added:
|
| Google Security Operations |
The following permissions have been added:
|
| Google Security Operations |
The following permissions are supported in custom roles:
|
| Google Security Operations |
The following permissions have reached General Availability (GA):
|
| Translation |
The following permissions have been added:
|
| Compute Engine |
The following permissions have been added:
|
| Compute Engine |
The following permissions are supported in custom roles:
|
| Compute Engine |
The following permissions have reached General Availability (GA):
|
| Cloud Config Manager API |
The following permissions have been added:
|
| Cloud Config Manager API |
The following permissions are supported in custom roles:
|
| Cloud Commerce Consumer Procurement |
The following permissions have reached General Availability (GA):
|
| Enterprise Purchasing API |
The following permissions have been added:
|
| Enterprise Purchasing API |
The following permissions are supported in custom roles:
|
| Mandiant |
The following permissions have been added:
|
| Mandiant |
The following permissions are supported in custom roles:
|
| Marketplace Solutions API |
The following permissions have been added:
|
| Marketplace Solutions API |
The following permissions are supported in custom roles:
|
| Memorystore for Redis |
The following permissions have been added:
|
| Memorystore for Redis |
The following permissions have reached General Availability (GA):
|
| Security Command Center |
The following permissions have been added:
|
| Security Posture API |
The following permissions have been added:
|
| Security Posture API |
The following permissions are supported in custom roles:
|
| Security Posture API |
The following permissions have reached General Availability (GA):
|
| Personalized Service Health |
The following permissions have been added:
|
| Personalized Service Health |
The following permissions are supported in custom roles:
|
IAM changes as of 2023-12-15
| Service | Description |
|---|---|
| Cloud Service Mesh |
The following permissions have been added to the Anthos Service Mesh Service Agent role (
|
| Apigee |
The following permissions have been added to the Apigee Security Admin role (
|
| Apigee |
The following permissions have been added to the Apigee Security Viewer role (
|
| Connectors |
The Connector Event Listener role (
|
| Artifact Analysis |
The following permissions have been removed from the Container Analysis Service Agent role (
|
| Container Scanning |
The following permissions have been removed from the Container Scanner Service Agent role (
|
| Basic Role |
The following permissions have been added to the Editor role (
|
| Cloud Integrations |
The following permissions have been added to the Application Integration Service Agent role (
|
| Multi-Cluster Service Discovery |
The following permissions have been added to the Multi-Cluster Service Discovery Service Agent role (
|
| Basic Role |
The following permissions have been added to the Owner role (
|
| Security Command Center |
The following permissions have been added to the Security Center Control Service Agent role (
|
| Security Command Center |
The following permissions have been added to the Security Center Service Agent role (
|
| BigQuery |
The following permissions have reached General Availability (GA):
|
| Cloud Billing |
The following permissions have been added:
|
| Cloud Billing |
The following permissions have reached General Availability (GA):
|
| Commerce Business Enablement |
The following permissions have been added:
|
| Commerce Business Enablement |
The following permissions are supported in custom roles:
|
| Connectors |
The following permissions have been added:
|
| Firebase Storage |
The following permissions have been added:
|
| Google Cloud NetApp Volumes |
The following permissions have been added:
|
| Google Cloud NetApp Volumes |
The following permissions are supported in custom roles:
|
IAM changes as of 2023-12-08
| Service | Description |
|---|---|
| Vertex AI |
The following permissions have been added to the Vertex AI Service Agent role (
|
| Cloud Service Mesh |
The following permissions have been added to the Anthos Service Mesh Service Agent role (
|
| Apigee |
The following permissions have been added to the Apigee Organization Admin role (
|
| Apigee |
The following permissions have been added to the Apigee Read-only Admin role (
|
| Apigee |
The following permissions have been added to the Apigee Security Admin role (
|
| Apigee |
The following permissions have been added to the Apigee Security Viewer role (
|
| Binary Authorization |
The following permissions have been added to the Binary Authorization Service Agent role (
|
| Blockchain Node Engine |
The Blockchain Node Engine Admin role ( |
| Blockchain Node Engine |
The Blockchain Node Engine Viewer role ( |
| Capacity Planner |
The following permissions have been added to the Capacity Planner Usage Viewer role (
|
| Connectors |
The Custom Connectors Admin role (
|
| Connectors |
The Custom Connector Viewer role (
|
| Connectors |
The following permissions have been added to the Connector Admin role (
|
| Connectors |
The following permissions have been added to the Connectors Platform Service Agent role (
|
| Connectors |
The following permissions have been added to the Connectors Viewer role (
|
| Database Migration Service |
The following permissions have been added to the Database Migration Service Agent role (
|
| Dataplex Universal Catalog |
The following permissions have been added to the Cloud Dataplex Service Agent role (
|
| Basic Role |
The following permissions have been added to the Editor role (
|
| FleetEngine |
The Fleet Engine Delivery Admin role ( |
| FleetEngine |
The Fleet Engine On-Demand Admin role ( |
| GKE Multi-Cloud |
The following permissions have been added to the Anthos Multi-Cloud Control Plane Machine Service Agent role (
|
| GKE Multi-Cloud |
The following permissions have been added to the Anthos Multi-Cloud Node Pool Machine Service Agent role (
|
| Identity and Access Management |
The following permissions have been added to the Security Admin role (
|
| Identity and Access Management |
The following permissions have been added to the Security Reviewer role (
|
| Basic Role |
The following permissions have been added to the Owner role (
|
| Security Center Management API |
The Security Center Management Custom Modules Editor role (
|
| Security Center Management API |
The Security Center Management Custom Modules Viewer role (
|
| Security Center Management API |
The Security Center Management Custom ETD Modules Editor role (
|
| Security Center Management API |
The Security Center Management ETD Custom Modules Viewer role (
|
| Security Center Management API |
The Security Center Management SHA Custom Modules Editor role (
|
| Security Center Management API |
The Security Center Management SHA Custom Modules Viewer role (
|
| Basic Role |
The following permissions have been added to the Viewer role (
|
| Vision AI |
The following permissions have been added to the Cloud Vision AI Service Agent role (
|
| Workflows |
The following permissions have been added to the Workflows Invoker role (
|
| Workload Manager |
The following permissions have been added to the Workload Manager Worker role (
|
| Apigee |
The following permissions have been added:
|
| Blockchain Node Engine |
The following permissions have reached General Availability (GA):
|
| Cloud Deploy |
The following permissions have been added:
|
| Cloud Deploy |
The following permissions are supported in custom roles:
|
| Connectors |
The following permissions have been added:
|
| Firebase App Check |
The following permissions have been added:
|
| Firebase App Check |
The following permissions are supported in custom roles:
|
| Firebase App Check |
The following permissions have reached General Availability (GA):
|
| FleetEngine |
The following permissions have been added:
|
| FleetEngine |
The following permissions have reached General Availability (GA):
|
| Kubernetes Metadata API |
The following permissions have been added:
|
| Kubernetes Metadata API |
The following permissions are supported in custom roles:
|
| Live Stream |
The following permissions have been added:
|
| Live Stream |
The following permissions are supported in custom roles:
|
| Live Stream |
The following permissions have reached General Availability (GA):
|
| Maps Analytics |
The following permissions have been added:
|
| Maps Analytics |
The following permissions are supported in custom roles:
|
| Network Connectivity Center |
The following permissions have been added:
|
| Network Connectivity Center |
The following permissions are supported in custom roles:
|
| Recommender |
The following permissions have been added:
|
| Recommender |
The following permissions are supported in custom roles:
|
| Security Center Management API |
The following permissions have been added:
|
| Security Center Management API |
The following permissions are supported in custom roles:
|
| Security Center Management API |
The following permissions have reached General Availability (GA):
|
| Cloud Storage |
The following permissions have been added:
|
| Cloud Storage |
The following permissions are supported in custom roles:
|
| Cloud Storage |
The following permissions have reached General Availability (GA):
|
| Video Stitcher API |
The following permissions have been added:
|
| Video Stitcher API |
The following permissions are supported in custom roles:
|
| Video Stitcher API |
The following permissions have reached General Availability (GA):
|
| Workflows |
The following permissions have been added:
|
| Workflows |
The following permissions are supported in custom roles:
|
| Workflows |
The following permissions have reached General Availability (GA):
|
| Workload Manager |
The following permissions have been added:
|
| Workload Manager |
The following permissions are supported in custom roles:
|
IAM changes as of 2023-11-17
| Service | Description |
|---|---|
| Vertex AI |
The following permissions have been added to the Vertex AI Service Agent role (
|
| Backup and Disaster Recovery |
The following permissions have been added to the Backup and DR Compute Engine Operator role (
|
| Backup and Disaster Recovery |
The following permissions have been added to the Backup and DR Service Agent role (
|
| Capacity Planner |
The following permissions have been added to the Capacity Planner Usage Viewer role (
|
| Workload Manager |
The following permissions have been added to the Workload Manager Admin role (
|
| Workload Manager |
The following permissions have been added to the Workload Manager Viewer role (
|
| Workload Manager |
The following permissions have been added to the Workload Manager Worker role (
|
| Dataform |
The following permissions have been added:
|
| Dataform |
The following permissions have reached General Availability (GA):
|
| Identity-Aware Proxy |
The following permissions have been added:
|
IAM changes as of 2023-11-10
| Service | Description |
|---|---|
| Content Warehouse |
The following permissions have been added to the Content Warehouse Admin role (
|
| Content Warehouse |
The following permissions have been added to the Content Warehouse Document Admin role (
|
| Content Warehouse |
The following permissions have been added to the Content Warehouse document creator role (
|
| Content Warehouse |
The following permissions have been added to the Content Warehouse Document Editor role (
|
| Content Warehouse |
The following permissions have been added to the Content Warehouse document schema viewer role (
|
| Content Warehouse |
The following permissions have been added to the Content Warehouse Viewer role (
|
| GKE Multi-Cloud |
The Anthos Multi-Cloud Container Service Agent role ( |
| GKE Multi-Cloud |
The Anthos Multi-Cloud Control Plane Machine Service Agent role ( |
| GKE Multi-Cloud |
The Anthos Multi-Cloud Node Pool Machine Service Agent role ( |
| Cloud Run |
The following permissions have been added to the Cloud Run Service Agent role (
|
| Storage Insights |
The Storage Insights Analyst role ( |
| App Hub |
The following permissions have been added:
|
| App Hub |
The following permissions are supported in custom roles:
|
| Commerce Org Governance |
The following permissions have been added:
|
| Commerce Org Governance |
The following permissions are supported in custom roles:
|
| Content Warehouse |
The following permissions have been added:
|
| Content Warehouse |
The following permissions have reached General Availability (GA):
|
| Looker Studio |
The following permissions are supported in custom roles:
|
| Network Security |
The following permissions have been added:
|
| Network Security |
The following permissions are supported in custom roles:
|
| Storage Insights |
The following permissions have been added:
|
| Storage Insights |
The following permissions are supported in custom roles:
|
| Storage Insights |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2023-11-03
| Service | Description |
|---|---|
| Google Security Operations |
The following permissions have been added to the Chronicle API Limited Viewer role (
|
| Google Security Operations |
The following permissions have been added to the Chronicle API Restricted Data Access Viewer role (
|
| Gemini for Google Cloud API |
The following permissions have been added to the Cloud AI Companion User role (
|
| Dataproc |
The following permissions have been added to the Dataproc Service Agent role (
|
| Distributed Cloud Edge Container |
The Edge Container Cluster Service Agent role ( |
| Distributed Cloud Edge Container |
The Edge Container Cluster offline Credential User role ( |
| Looker |
The Looker Service Agent role ( |
| Subscription Linking |
The Subscription Linking Admin role ( |
| Subscription Linking |
The Subscription Linking Entitlements Viewer role ( |
| Subscription Linking |
The Subscription Linking Viewer role ( |
| Apigee |
The following permissions have been added:
|
| Apigee |
The following permissions are supported in custom roles:
|
| Apigee |
The following permissions have reached General Availability (GA):
|
| Google Security Operations |
The following permissions have been added:
|
| Google Security Operations |
The following permissions are supported in custom roles:
|
| Distributed Cloud Edge Container |
The following permissions have been added:
|
| Distributed Cloud Edge Container |
The following permissions are supported in custom roles:
|
| Distributed Cloud Edge Container |
The following permissions have reached General Availability (GA):
|
| Subscription Linking |
The following permissions have been added:
|
| Subscription Linking |
The following permissions have reached General Availability (GA):
|
| Security Command Center |
The following permissions have been added:
|
| Security Command Center |
The following permissions are supported in custom roles:
|
| Security Command Center |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2023-10-27
| Service | Description |
|---|---|
| BigQuery |
The following permissions have been added to the Bigquery Studio User role (
|
| BigQuery Data Transfer Service |
The following permissions have been added to the BigQuery Data Transfer Service Agent role (
|
| Cloud Asset Inventory |
The Other Cloud Config Service Agent role ( |
| Cloud Composer |
The following permissions have been added to the Cloud Composer API Service Agent role (
|
| Connectors |
The following permissions have been added to the Connectors Platform Service Agent role (
|
| Datastream |
The Datastream Admin role ( |
| Datastream |
The Datastream Viewer role ( |
| Looker Studio |
The following permissions have been added to the Data Studio Workspace Content Manager role (
|
| GKE Hub |
The GKE Hub Cross Project Service Agent role ( |
| Basic Role |
The following permissions have been removed from the Viewer role (
|
| VM Migration |
The following permissions have been added to the VM Migration Service Agent role (
|
| Capacity Planner |
The following permissions have been added:
|
| Cloud Key Management Service |
The following permissions have been added:
|
| Cloud Key Management Service |
The following permissions have reached General Availability (GA):
|
| Cloud Tasks |
The following permissions have been added:
|
| Cloud Tasks |
The following permissions are supported in custom roles:
|
| Datastream |
The following permissions have reached General Availability (GA):
|
| Financial Services |
The following permissions have been added:
|
| GKE Hub |
The following permissions have been added:
|
| GKE Hub |
The following permissions are supported in custom roles:
|
| GKE Hub |
The following permissions have reached General Availability (GA):
|
| Cloud Healthcare API |
The following permissions are supported in custom roles:
|
IAM changes as of 2023-10-20
| Service | Description |
|---|---|
| Vertex AI |
The following permissions have been added to the Colab Enterprise Admin role (
|
| Vertex AI |
The following permissions have been added to the Colab Enterprise User role (
|
| Vertex AI |
The following permissions have been added to the Notebook Runtime Admin role (
|
| Vertex AI |
The following permissions have been added to the Notebook Runtime User role (
|
| BigQuery |
The following permissions have been added to the Bigquery Studio Admin role (
|
| BigQuery |
The following permissions have been added to the Bigquery Studio User role (
|
| BigQuery |
The following permissions have been removed from the Bigquery Studio User role (
|
| Dataproc |
The following permissions have been added to the Dataproc Service Agent role (
|
| Dialogflow |
The Dialogflow Agent Assist Client role ( |
| Sensitive Data Protection |
The DLP Data Profiles Admin role ( |
| Sensitive Data Protection |
The DLP Table Data Profiles Admin role ( |
| Storage Insights |
The following permissions have been added to the StorageInsights Service Agent role (
|
| Commerce Business Enablement |
The following permissions have been added:
|
| Commerce Business Enablement |
The following permissions are supported in custom roles:
|
| Compute Engine |
The following permissions have reached General Availability (GA):
|
| Sensitive Data Protection |
The following permissions have been added:
|
| Sensitive Data Protection |
The following permissions have reached General Availability (GA):
|
| Looker Studio |
The following permissions have been added:
|
| Cloud Storage |
The following permissions have been added:
|
| Cloud Storage |
The following permissions are supported in custom roles:
|
| Telco Automation API |
The following permissions have been added:
|
| Telco Automation API |
The following permissions are supported in custom roles:
|
IAM changes as of 2023-10-13
| Service | Description |
|---|---|
| Vertex AI |
The following permissions have been added to the Colab Enterprise Admin role (
|
| Vertex AI |
The following permissions have been added to the Colab Enterprise User role (
|
| App Engine |
The following permissions have been added to the App Engine Standard Environment Service Agent role (
|
| Cloud Deploy |
The following permissions have been added to the Cloud Deploy Approver role (
|
| Cloud Deploy |
The following permissions have been added to the Cloud Deploy Developer role (
|
| Cloud Deploy |
The following permissions have been added to the Cloud Deploy Runner role (
|
| Cloud Deploy |
The following permissions have been added to the Cloud Deploy Operator role (
|
| Cloud Deploy |
The following permissions have been added to the Cloud Deploy Releaser role (
|
| Compute Engine |
The following permissions have been added to the Compute Engine Service Agent role (
|
| Vision AI |
The following permissions have been added to the VisionAI Editor role (
|
| Workload Manager |
The following permissions have been added to the Workload Manager Admin role (
|
| Cloud Config Manager API |
The following permissions have been added:
|
| Cloud Config Manager API |
The following permissions are supported in custom roles:
|
| Distributed Cloud Edge Container |
The following permissions have been added:
|
| Distributed Cloud Edge Container |
The following permissions are supported in custom roles:
|
| Distributed Cloud Edge Container |
The following permissions have reached General Availability (GA):
|
| Vision AI |
The following permissions have been added:
|
| Vision AI |
The following permissions are supported in custom roles:
|
| Google Cloud VMware Engine |
The following permissions have been added:
|
| Google Cloud VMware Engine |
The following permissions are supported in custom roles:
|
| Google Cloud VMware Engine |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2023-10-06
| Service | Description |
|---|---|
| Advisory Notifications |
The following permissions have been added to the Advisory Notifications Admin role (
|
| Advisory Notifications |
The following permissions have been added to the Advisory Notifications Viewer role (
|
| Policy Controller |
The Anthos Policy Controller Service Agent role ( |
| Cloud Service Mesh |
The following permissions have been added to the Anthos Service Mesh Service Agent role (
|
| Spark connector for BigQuery |
The BigQuery Spark Service Agent role ( |
| Database Migration Service |
The following permissions have been added to the Database Migration Service Agent role (
|
| Recommender |
The Network Analyzer GKE Service Account Insights Recommender Admin role ( |
| Recommender |
The Network Analyzer GKE Service Account Insights Recommender Viewer role ( |
| VM Migration |
The following permissions have been added to the VM Migration Service Agent role (
|
| Vertex AI |
The following permissions have been added:
|
| Vertex AI |
The following permissions have reached General Availability (GA):
|
| Cloud Billing |
The following permissions have been added:
|
| Cloud Billing |
The following permissions are supported in custom roles:
|
| Cloud Billing |
The following permissions have reached General Availability (GA):
|
| Compute Engine |
The following permissions have been added:
|
| Compute Engine |
The following permissions are supported in custom roles:
|
| Compute Engine |
The following permissions have reached General Availability (GA):
|
| Distributed Cloud Edge Container |
The following permissions have been added:
|
| Distributed Cloud Edge Container |
The following permissions are supported in custom roles:
|
| Distributed Cloud Edge Container |
The following permissions have reached General Availability (GA):
|
| Recommender |
The following permissions have been added:
|
| Recommender |
The following permissions are supported in custom roles:
|
| Recommender |
The following permissions have reached General Availability (GA):
|
| Retail API |
The following permissions have been added:
|
IAM changes as of 2023-09-29
| Service | Description |
|---|---|
| Google Security Operations |
The following permissions have been added to the Chronicle API Restricted Data Access Viewer role (
|
| Database Migration Service |
The following permissions have been added to the Database Migration Service Agent role (
|
| Dataproc Metastore |
The Dataproc Metastore Metadata Editor role ( |
| Dataproc Metastore |
The Dataproc Metastore Metadata Mutate Admin role ( |
| Dataproc Metastore |
The Dataproc Metastore Data Owner role ( |
| Dataproc Metastore |
The Dataproc Metastore Metadata Query Admin role ( |
| Dataproc Metastore |
The Dataproc Metastore Metadata User role ( |
| Dataproc Metastore |
The Dataproc Metastore Metadata Viewer role ( |
| Network Connectivity Center |
The following permissions have been added to the Network Connectivity Service Agent role (
|
| Privileged Access Manager |
The Privileged Access Manager Folder Service Agent role ( |
| Privileged Access Manager |
The Privileged Access Manager Organization Service Agent role ( |
| Privileged Access Manager |
The Privileged Access Manager Project Service Agent role ( |
| Rapid Migration Assessment |
The following permissions have been added to the RMA Service Agent role (
|
| Google Security Operations |
The following permissions have been added:
|
| Google Security Operations |
The following permissions are supported in custom roles:
|
| Memorystore for Memcached |
The following permissions have been added:
|
| Memorystore for Memcached |
The following permissions have reached General Availability (GA):
|
| Dataproc Metastore |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2023-09-22
| Service | Description |
|---|---|
| Vertex AI |
The Colab Enterprise Admin role ( |
| Vertex AI |
The Colab Enterprise User role ( |
| Vertex AI |
The Notebook Runtime Admin role ( |
| Vertex AI |
The Notebook Runtime User role ( |
| Cloud Service Mesh |
The following permissions have been added to the Anthos Service Mesh Service Agent role (
|
| Dataform |
The Dataform Admin role ( |
| Dataform |
The Dataform Editor role ( |
| Dataform |
The Dataform Viewer role ( |
| Cloud Data Fusion |
The following permissions have been removed from the Cloud Data Fusion Developer role (
|
| Cloud Data Fusion |
The following permissions have been removed from the Cloud Data Fusion Operator role (
|
| Cloud Data Fusion |
The following permissions have been removed from the Cloud Data Fusion Viewer role (
|
| Dataplex Universal Catalog |
The Dataplex DataScan Creator role ( |
| Basic Role |
The following permissions have been removed from the Viewer role (
|
| VM Migration |
The following permissions have been added to the VM Migration Service Agent role (
|
| Cloud Workstations |
The following permissions have been added to the Cloud Workstations Admin role (
|
| Advisory Notifications |
The following permissions have been added:
|
| Advisory Notifications |
The following permissions are supported in custom roles:
|
| Vertex AI |
The following permissions have been added:
|
| Vertex AI |
The following permissions have reached General Availability (GA):
|
| Apigee |
The following permissions have been added:
|
| Apigee |
The following permissions are supported in custom roles:
|
| Apigee |
The following permissions have reached General Availability (GA):
|
| Google Security Operations |
The following permissions have been added:
|
| Google Security Operations |
The following permissions are supported in custom roles:
|
| Compute Engine |
The following permissions have been added:
|
| Compute Engine |
The following permissions are supported in custom roles:
|
| Compute Engine |
The following permissions have reached General Availability (GA):
|
| Dataform |
The following permissions are supported in custom roles:
|
| Dataform |
The following permissions have reached General Availability (GA):
|
| Dialogflow |
The following permissions have been added:
|
| Dialogflow |
The following permissions have reached General Availability (GA):
|
| Network Services |
The following permissions have been added:
|
| Network Services |
The following permissions are supported in custom roles:
|
| Cloud OS Config |
The following permissions have been added:
|
| Cloud OS Config |
The following permissions are supported in custom roles:
|
| Policy Remediator Manager |
The following permissions have been added:
|
| Policy Remediator Manager |
The following permissions are supported in custom roles:
|
| Workflows |
The following permissions have been added:
|
| Workflows |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2023-09-17
| Service | Description |
|---|---|
| Vertex AI |
The following permissions have been added to the Vertex AI Administrator role (
|
| Vertex AI |
The following permissions have been added to the Vertex AI Custom Code Service Agent role (
|
| Vertex AI |
The following permissions have been added to the Vertex AI Service Agent role (
|
| Vertex AI |
The following permissions have been added to the Vertex AI User role (
|
| Cloud Service Mesh |
The following permissions have been added to the Anthos Service Mesh Service Agent role (
|
| Assured Workloads |
The Assured Workloads Monitoring Service Agent role ( |
| Assured Workloads |
The following permissions have been added to the Assured Workloads Reader role (
|
| Bare Metal Solution |
The following permissions have been added to the Bare Metal Solution Editor role (
|
| Bare Metal Solution |
The following permissions have been added to the Bare Metal Solution Instances Admin role (
|
| Google Security Operations |
The Chronicle API Restricted Data Access role (
|
| Google Security Operations |
The Chronicle API Restricted Data Access Viewer role (
|
| Cloud Controls Partner API |
The Cloud Controls Partner Access Approval Service Agent role ( |
| Cloud Controls Partner API |
The following permissions have been added to the Cloud Controls Partner Admin role (
|
| Cloud Deploy |
The following permissions have been added to the Cloud Deploy Service Agent role (
|
| Commerce Price Management |
The following permissions have been added to the Commerce Price Management Private Offers Admin role (
|
| Compute Engine |
The Compute Future Reservation Admin role (
|
| Compute Engine |
The Compute Future Reservation User role (
|
| Compute Engine |
The Compute Future Reservation Viewer role (
|
| Connectors |
The following permissions have been added to the Connectors Endpoint Attachment Admin role (
|
| Connectors |
The following permissions have been added to the Connectors Endpoint Attachment Viewer role (
|
| Connectors |
The following permissions have been added to the Connectors Managed Zone Admin role (
|
| Connectors |
The following permissions have been added to the Connectors Managed Zone Viewer role (
|
| Data Catalog |
The following permissions have been added to the DataCatalog Data Steward role (
|
| Data Catalog |
The following permissions have been added to the DataCatalog Entry Viewer role (
|
| Dataplex Universal Catalog |
The following permissions have been added to the Dataplex Metadata Reader role (
|
| Dataplex Universal Catalog |
The following permissions have been added to the Dataplex Metadata Writer role (
|
| Firestore |
The Cloud Datastore Backups Admin role ( |
| Firestore |
The Cloud Datastore Backup Schedules Admin role ( |
| Firestore |
The Cloud Datastore Backup Schedules Viewer role ( |
| Firestore |
The Cloud Datastore Backups Viewer role ( |
| Firestore |
The Cloud Datastore Restore Admin role ( |
| Discovery Engine |
The following permissions have been added to the Discovery Engine Service Agent role (
|
| Sensitive Data Protection |
The DLP Connections Admin role ( |
| Sensitive Data Protection |
The DLP Connections Viewer role ( |
| Basic Role |
The following permissions have been added to the Editor role (
|
| Firebase |
The following permissions have been added to the Firebase Service Management Service Agent role (
|
| Multi-Cluster Ingress |
The following permissions have been added to the Multi Cluster Ingress Service Agent role (
|
| Network Connectivity Center |
The following permissions have been added to the Network Connectivity Service Agent role (
|
| Basic Role |
The following permissions have been added to the Owner role (
|
| Visual Inspection AI |
The following permissions have been added to the Visual Inspection AI Service Agent role (
|
| VM Migration |
The following permissions have been added to the VM Migration Service Agent role (
|
| Cloud Workstations |
The following permissions have been added to the Workstations Service Agent role (
|
| Vertex AI |
The following permissions have been added:
|
| Chrome Enterprise Premium |
The following permissions have been added:
|
| Chrome Enterprise Premium |
The following permissions are supported in custom roles:
|
| Certificate Manager |
The following permissions have reached General Availability (GA):
|
| Gemini for Google Cloud API |
The following permissions have been added:
|
| Gemini for Google Cloud API |
The following permissions are supported in custom roles:
|
| Cloud Deploy |
The following permissions have been added:
|
| Cloud Deploy |
The following permissions are supported in custom roles:
|
| Cloud Deploy |
The following permissions have reached General Availability (GA):
|
| Cloud Quotas |
The following permissions have been added:
|
| Cloud Quotas |
The following permissions are supported in custom roles:
|
| Commerce Business Enablement |
The following permissions have been added:
|
| Commerce Business Enablement |
The following permissions are supported in custom roles:
|
| Commerce Price Management |
The following permissions have been added:
|
| Compute Engine |
The following permissions have been added:
|
| Compute Engine |
The following permissions are supported in custom roles:
|
| Compute Engine |
The following permissions have reached General Availability (GA):
|
| Google Cloud Contact Center as a Service |
The following permissions have reached General Availability (GA):
|
| Conversational Insights |
The following permissions have been added:
|
| Conversational Insights |
The following permissions are supported in custom roles:
|
| Conversational Insights |
The following permissions have reached General Availability (GA):
|
| Dataproc |
The following permissions have been added:
|
| Dataproc |
The following permissions are supported in custom roles:
|
| Dataproc |
The following permissions have reached General Availability (GA):
|
| Firestore |
The following permissions have been added:
|
| Firestore |
The following permissions are supported in custom roles:
|
| Firestore |
The following permissions have reached General Availability (GA):
|
| Sensitive Data Protection |
The following permissions have been added:
|
| Sensitive Data Protection |
The following permissions have reached General Availability (GA):
|
| GDC Hardware Management API |
The following permissions have been added:
|
| GDC Hardware Management API |
The following permissions are supported in custom roles:
|
| Cloud Healthcare API |
The following permissions have been added:
|
| Cloud Healthcare API |
The following permissions are supported in custom roles:
|
| Payment Gateway issuer switch |
The following permissions have been added:
|
| Payment Gateway issuer switch |
The following permissions are supported in custom roles:
|
| Network Services |
The following permissions have been added:
|
| Network Services |
The following permissions are supported in custom roles:
|
| Recommender |
The following permissions have been added:
|
| Recommender |
The following permissions are supported in custom roles:
|
| Cloud Run |
The following permissions have been added:
|
| Cloud Run |
The following permissions are supported in custom roles:
|
| Cloud Run |
The following permissions have reached General Availability (GA):
|
| Secure Source Manager |
The following permissions have been added:
|
| Secure Source Manager |
The following permissions are supported in custom roles:
|
| Workload Manager |
The following permissions have been added:
|
IAM changes as of 2023-08-18
| Service | Description |
|---|---|
| Cloud Deploy |
The following permissions have been added to the Cloud Deploy Service Agent role (
|
| Conversational Insights |
The following permissions have been added to the Contact Center AI Insights Service Agent role (
|
| Dataplex Universal Catalog |
The following permissions have been added to the Dataplex DataScan Administrator role (
|
| Dataplex Universal Catalog |
The following permissions have been added to the Dataplex DataScan Editor role (
|
| Eventarc |
The following permissions have been added to the Eventarc Service Agent role (
|
| Cloud Storage |
The Storage Object User role ( |
| Vertex AI |
The following permissions have been added:
|
| Commerce Business Enablement |
The following permissions have been added:
|
| Commerce Business Enablement |
The following permissions are supported in custom roles:
|
| Google Cloud Contact Center as a Service |
The following permissions have been added:
|
| Google Cloud Contact Center as a Service |
The following permissions are supported in custom roles:
|
| GKE Hub |
The following permissions have been added:
|
| GKE Hub |
The following permissions are supported in custom roles:
|
| GKE Hub |
The following permissions have reached General Availability (GA):
|
| Payment Gateway issuer switch |
The following permissions have been added:
|
| Payment Gateway issuer switch |
The following permissions are supported in custom roles:
|
| Recommender |
The following permissions have been added:
|
| Recommender |
The following permissions are supported in custom roles:
|
IAM changes as of 2023-08-11
| Service | Description |
|---|---|
| Vertex AI |
The following permissions have been added to the Vertex AI Service Agent role (
|
| Firebase Remote Config |
The following permissions have been removed from the Cloud Config Service Agent role (
|
| Database Migration Service |
The following permissions have been added to the Database Migration Service Agent role (
|
| Google Cloud Migration Center |
The following permissions have been added to the Migration Center Admin role (
|
| Google Cloud Migration Center |
The following permissions have been added to the Migration Center Viewer role (
|
| Serverless Integrations |
The following permissions have been added to the Serverless Integrations Service Agent role (
|
| Security Command Center |
The Security Center Attack Paths Reader role ( |
| Security Command Center |
The Security Center Resource Value Configurations Editor role ( |
| Security Command Center |
The Security Center Resource Value Configurations Viewer role ( |
| Security Command Center |
The Security Center Simulations Reader role ( |
| Security Command Center |
The Security Center Valued Resources Reader role ( |
| BigQuery Reservation API |
The following permissions have been added:
|
| Commerce Agreement Publishing |
The following permissions have been added:
|
| Compute Engine |
The following permissions have been added:
|
| Compute Engine |
The following permissions are supported in custom roles:
|
| Compute Engine |
The following permissions have reached General Availability (GA):
|
| Conversational Insights |
The following permissions have been added:
|
| Conversational Insights |
The following permissions are supported in custom roles:
|
| Conversational Insights |
The following permissions have reached General Availability (GA):
|
| Firestore |
The following permissions have been added:
|
| Firestore |
The following permissions have reached General Availability (GA):
|
| Recommender |
The following permissions have been added:
|
| Recommender |
The following permissions are supported in custom roles:
|
| Security Command Center |
The following permissions have been added:
|
| Security Command Center |
The following permissions are supported in custom roles:
|
| Security Command Center |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2023-08-04
| Service | Description |
|---|---|
| Cloud Billing |
The following permissions have been added to the Billing Account Administrator role (
|
| Firebase Remote Config |
The following permissions have been added to the Cloud Config Service Agent role (
|
| Google Cloud Support |
The following permissions have been added to the Tech Support Editor role (
|
| Dialogflow |
The following permissions have been added to the Dialogflow Service Agent role (
|
| Discovery Engine |
The following permissions have been added to the Discovery Engine Admin role (
|
| Eventarc |
The following permissions have been added to the Eventarc Service Agent role (
|
| GKE Dataplane Management |
The Warp Run Service Agent role ( |
| Cloud Integrations |
The following permissions have been added to the Application Integration Service Agent role (
|
| Recommender |
The Recommendations Exporter role ( |
| Workload Manager |
The following permissions have been added to the Workload Manager Service Agent role (
|
| Cloud Workstations |
The following permissions have been added to the Cloud Workstations User role (
|
| Apigee |
The following permissions have been added:
|
| Apigee |
The following permissions are supported in custom roles:
|
| Apigee |
The following permissions have reached General Availability (GA):
|
| Content Warehouse |
The following permissions have been added:
|
| Content Warehouse |
The following permissions have reached General Availability (GA):
|
| Discovery Engine |
The following permissions have been added:
|
| Discovery Engine |
The following permissions are supported in custom roles:
|
| Network Connectivity Center |
The following permissions are supported in custom roles:
|
| Network Connectivity Center |
The following permissions have reached General Availability (GA):
|
| Recommender |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2023-07-28
| Service | Description |
|---|---|
| Discovery Engine |
The following permissions have been added to the Discovery Engine Service Agent role (
|
| Apigee |
The following permissions have been added:
|
| Apigee |
The following permissions are supported in custom roles:
|
| Apigee |
The following permissions have reached General Availability (GA):
|
| BigQuery |
The following permissions have been added:
|
| BigQuery |
The following permissions are supported in custom roles:
|
| Compute Engine |
The following permissions are supported in custom roles:
|
| Compute Engine |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2023-07-21
| Service | Description |
|---|---|
| Vertex AI |
The Vertex AI Notebook Service Agent role ( |
| BigQuery sharing |
The Analytics Hub Subscription Owner role ( |
| Assured Workloads |
The following permissions have been added to the Assured Workloads Editor role (
|
| Bare Metal Solution |
The OS Images Viewer role ( |
| Cloud Billing |
The following permissions have been added to the Billing Account Administrator role (
|
| Cloud Asset Inventory |
The Effective Policies Service Agent role ( |
| Cloud Build |
The Cloud Build Connection Admin role ( |
| Cloud Build |
The Cloud Build Connection Viewer role ( |
| Cloud Build |
The Cloud Build Read Only Token Accessor role ( |
| Cloud Build |
The Cloud Build Token Accessor role ( |
| Commerce Business Enablement |
The following permissions have been added to the Commerce Business Enablement PaymentConfig Admin role (
|
| Commerce Business Enablement |
The following permissions have been added to the Commerce Business Enablement PaymentConfig Viewer role (
|
| Discovery Engine |
The following permissions have been added to the Discovery Engine Service Agent role (
|
| Basic Role |
The following permissions have been added to the Editor role (
|
| Basic Role |
The following permissions have been added to the Viewer role (
|
| BigQuery sharing |
The following permissions have been added:
|
| BigQuery sharing |
The following permissions are supported in custom roles:
|
| BigQuery sharing |
The following permissions have reached General Availability (GA):
|
| Bare Metal Solution |
The following permissions have been added:
|
| Bare Metal Solution |
The following permissions are supported in custom roles:
|
| Bare Metal Solution |
The following permissions have reached General Availability (GA):
|
| Cloud Billing |
The following permissions have been added:
|
| Cloud Billing |
The following permissions are supported in custom roles:
|
| Cloud Billing |
The following permissions have reached General Availability (GA):
|
| Cloud Build |
The following permissions have been added:
|
| Cloud Build |
The following permissions are supported in custom roles:
|
| Cloud Build |
The following permissions have reached General Availability (GA):
|
| Compute Engine |
The following permissions have been added:
|
| Compute Engine |
The following permissions have reached General Availability (GA):
|
| Data Catalog |
The following permissions have been added:
|
| Data Catalog |
The following permissions are supported in custom roles:
|
| Google Cloud NetApp Volumes |
The following permissions have been added:
|
| Google Cloud NetApp Volumes |
The following permissions are supported in custom roles:
|
| Policy Simulator |
The following permissions have been added:
|
| Recommender |
The following permissions have been added:
|
| Recommender |
The following permissions are supported in custom roles:
|
| Recommender |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2023-07-14
| Service | Description |
|---|---|
| Vertex AI |
The following permissions have been added to the Vertex AI Administrator role (
|
| Vertex AI |
The following permissions have been added to the Vertex AI Custom Code Service Agent role (
|
| Vertex AI |
The following permissions have been added to the Vertex AI Feature Store EntityType owner role (
|
| Vertex AI |
The following permissions have been added to the Vertex AI Feature Store Admin role (
|
| Vertex AI |
The following permissions have been added to the Vertex AI Feature Store Data Viewer role (
|
| Vertex AI |
The following permissions have been added to the Vertex AI Feature Store Data Writer role (
|
| Vertex AI |
The following permissions have been added to the Vertex AI Service Agent role (
|
| Vertex AI |
The following permissions have been added to the Vertex AI User role (
|
| Vertex AI |
The following permissions have been added to the Vertex AI Viewer role (
|
| Backup and Disaster Recovery |
The following permissions have been added to the Backup and DR Mount User role (
|
| Backup and Disaster Recovery |
The following permissions have been added to the Backup and DR Restore User role (
|
| Backup and Disaster Recovery |
The following permissions have been added to the Backup and DR Service Agent role (
|
| Compute Engine |
The following permissions have been removed from the Compute Engine Service Agent role (
|
| Connectors |
The Connectors Event Subscriptions Admin role ( |
| Connectors |
The Connectors Event Subscriptions Viewer role ( |
| Basic Role |
The following permissions have been added to the Editor role (
|
| Network Connectivity Center |
The following permissions have been added to the Network Connectivity Service Agent role (
|
| Basic Role |
The following permissions have been added to the Owner role (
|
| Basic Role |
The following permissions have been added to the Viewer role (
|
| Visual Inspection AI |
The following permissions have been added to the Visual Inspection AI Service Agent role (
|
| Vertex AI |
The following permissions have been added:
|
| Commerce Offer Catalog |
The following permissions have been added:
|
| Commerce Offer Catalog |
The following permissions are supported in custom roles:
|
| Connectors |
The following permissions have been added:
|
| Connectors |
The following permissions have reached General Availability (GA):
|
| Data Catalog |
The following permissions have been added:
|
| Discovery Engine |
The following permissions have been added:
|
| Discovery Engine |
The following permissions are supported in custom roles:
|
| Network Connectivity Center |
The following permissions have been added:
|
| Network Connectivity Center |
The following permissions are supported in custom roles:
|
| Network Connectivity Center |
The following permissions have reached General Availability (GA):
|
| Personalized Service Health |
The following permissions have been added:
|
| Personalized Service Health |
The following permissions are supported in custom roles:
|
IAM changes as of 2023-06-30
| Service | Description |
|---|---|
| Cloud Key Management Service |
The Cloud KMS Expert Raw AES-CBC Key Manager role ( |
| Cloud Key Management Service |
The Cloud KMS Expert Raw AES-CTR Key Manager role ( |
| Eventarc |
The following permissions have been added to the Eventarc Service Agent role (
|
| Network Connectivity Center |
The Group User role ( |
| Workload Certificate |
The following permissions have been added to the Workload Certificate Service Agent role (
|
| Workload Manager |
The following permissions have been added to the Workload Manager Admin role (
|
| BigQuery |
The following permissions have been added:
|
| BigQuery |
The following permissions are supported in custom roles:
|
| Cloud Key Management Service |
The following permissions have been added:
|
| Cloud Key Management Service |
The following permissions have reached General Availability (GA):
|
| Translation |
The following permissions have been added:
|
| Translation |
The following permissions are supported in custom roles:
|
| Translation |
The following permissions have reached General Availability (GA):
|
| Cloud Config Manager API |
The following permissions have been added:
|
| Cloud Config Manager API |
The following permissions are supported in custom roles:
|
| Network Connectivity Center |
The following permissions have been added:
|
| Network Connectivity Center |
The following permissions are supported in custom roles:
|
| Network Connectivity Center |
The following permissions have reached General Availability (GA):
|
| Network Security |
The following permissions have been added:
|
| Spanner |
The following permissions are supported in custom roles:
|
IAM changes as of 2023-06-23
| Service | Description |
|---|---|
| Access Approval |
The Access Approval Approver role ( |
| Access Approval |
The Access Approval Config Editor role ( |
| Access Approval |
The Access Approval Invalidator role ( |
| Access Approval |
The Access Approval Viewer role ( |
| Compute Engine |
The following permissions have been added to the Compute Security Admin role (
|
| Security Command Center |
The following permissions have been removed from the Security Center Control Service Agent role (
|
| Security Command Center |
The following permissions have been removed from the Security Health Analytics Service Agent role (
|
| Security Command Center |
The following permissions have been removed from the Security Center Service Agent role (
|
| Access Approval |
The following permissions have reached General Availability (GA):
|
| Cloud Billing |
The following permissions have been added:
|
| Cloud Billing |
The following permissions are supported in custom roles:
|
| Cloud Billing |
The following permissions have reached General Availability (GA):
|
| Cloud Controls Partner API |
The following permissions have been added:
|
| Cloud Controls Partner API |
The following permissions are supported in custom roles:
|
| Conversational Insights |
The following permissions have been added:
|
| Conversational Insights |
The following permissions are supported in custom roles:
|
| Conversational Insights |
The following permissions have reached General Availability (GA):
|
| Google Cloud Migration Center |
The following permissions have been added:
|
| Google Cloud Migration Center |
The following permissions are supported in custom roles:
|
| Spanner |
The following permissions are available in custom roles:
|
IAM changes as of 2023-06-16
| Service | Description |
|---|---|
| Cloud Build |
The following permissions have been added to the Cloud Build Token Accessor role (
|
| Cloud Controls Partner API |
The Cloud Controls Partner EKM Service Agent role ( |
| Cloud Controls Partner API |
The Cloud Controls Partner Monitoring Service Agent role ( |
| Conversational Insights |
The following permissions have been added to the Contact Center AI Insights Service Agent role (
|
| Resource Manager |
The following permissions have been added to the Folder Admin role (
|
| Resource Manager |
The following permissions have been added to the Folder Creator role (
|
| Resource Manager |
The following permissions have been added to the Folder Editor role (
|
| Resource Manager |
The following permissions have been added to the Folder Viewer role (
|
| Resource Manager |
The following permissions have been added to the Organization Administrator role (
|
| Rapid Migration Assessment |
The Rapid Migration Assessment Admin role ( |
| Rapid Migration Assessment |
The Rapid Migration Assessment Runner role ( |
| Rapid Migration Assessment |
The Rapid Migration Assessment Viewer role ( |
| Security Command Center |
The following permissions have been added to the Security Center Control Service Agent role (
|
| Security Command Center |
The following permissions have been added to the Security Center Service Agent role (
|
| AlloyDB for PostgreSQL |
The following permissions have been added:
|
| Firebase Extensions Publisher |
The following permissions have been added:
|
| Firebase Extensions Publisher |
The following permissions are supported in custom roles:
|
| Rapid Migration Assessment |
The following permissions have reached General Availability (GA):
|
IAM changes as of 2023-06-09
| Service | Change | Description |
|---|---|---|
| Firebase Remote Config | Role Updated |
The following permissions have been added to the role cloudbuild.workerpools.use |
| Cloud SQL | Role Updated |
The following permissions have been removed from the role recommender.cloudsqlInstanceSecurityInsights.getrecommender.cloudsqlInstanceSecurityInsights.listrecommender.cloudsqlInstanceSecurityInsights.updaterecommender.cloudsqlInstanceSecurityRecommendations.getrecommender.cloudsqlInstanceSecurityRecommendations.listrecommender.cloudsqlInstanceSecurityRecommendations.update |
| Cloud SQL | Role Updated |
The following permissions have been removed from the role recommender.cloudsqlInstanceSecurityInsights.getrecommender.cloudsqlInstanceSecurityInsights.listrecommender.cloudsqlInstanceSecurityRecommendations.getrecommender.cloudsqlInstanceSecurityRecommendations.list |
| Dataplex Universal Catalog | Role Updated |
The following permissions have been added to the role dataplex.environments.list |
| Discovery Engine | Role Updated |
The following permissions have been added to the role discoveryengine.dataStores.completeQuery |
| Network Connectivity Center | Role Updated |
The following permissions have been added to the role networkconnectivity.operations.get |
| Serverless Integrations | Role Updated |
The following permissions have been added to the role compute.targetHttpProxies.getcompute.targetHttpProxies.list |
| Speaker ID | Now GA |
The role |
| Speaker ID | Now GA |
The role |
| Speaker ID | Now GA |
The role |
| Speaker ID | Now GA |
The role |
| Workload Manager | Role Updated |
The following permissions have been added to the role config.deployments.createconfig.locations.getconfig.locations.listconfig.operations.cancelconfig.operations.deleteconfig.operations.getconfig.operations.list |
| Vertex AI | Added |
aiplatform.modelEvaluationSlices.importaiplatform.modelEvaluations.importaiplatform.schedules.createaiplatform.schedules.deleteaiplatform.schedules.getaiplatform.schedules.listaiplatform.schedules.update |
| Cloud Asset Inventory | Added |
cloudasset.assets.analyzeOrgPolicy |
| Compute Engine | Added |
compute.regionNetworkEndpointGroups.attachNetworkEndpointscompute.regionNetworkEndpointGroups.detachNetworkEndpoints |
| Firestore | Added |
datastore.databases.createTagBindingdatastore.databases.deleteTagBindingdatastore.databases.listEffectiveTagsdatastore.databases.listTagBindings |
| Firestore | Now GA |
datastore.databases.createTagBindingdatastore.databases.deleteTagBindingdatastore.databases.listEffectiveTagsdatastore.databases.listTagBindings |
| Discovery Engine | Added |
discoveryengine.dataStores.completeQuery |
| Discovery Engine | Supported In Custom Roles |
discoveryengine.dataStores.completeQuery |
| Google Cloud Migration Center | Added |
migrationcenter.errorFrames.getmigrationcenter.errorFrames.listmigrationcenter.importDataFiles.createmigrationcenter.importDataFiles.deletemigrationcenter.importDataFiles.getmigrationcenter.importDataFiles.list |
| Google Cloud Migration Center | Supported In Custom Roles |
migrationcenter.errorFrames.getmigrationcenter.errorFrames.listmigrationcenter.importDataFiles.createmigrationcenter.importDataFiles.deletemigrationcenter.importDataFiles.getmigrationcenter.importDataFiles.list |
| Recommender | Added |
recommender.cloudsqlInstanceReliabilityInsights.getrecommender.cloudsqlInstanceReliabilityInsights.listrecommender.cloudsqlInstanceReliabilityInsights.updaterecommender.cloudsqlInstanceReliabilityRecommendations.getrecommender.cloudsqlInstanceReliabilityRecommendations.listrecommender.cloudsqlInstanceReliabilityRecommendations.update |
| Recommender | Supported In Custom Roles |
recommender.cloudsqlInstanceReliabilityInsights.getrecommender.cloudsqlInstanceReliabilityInsights.listrecommender.cloudsqlInstanceReliabilityInsights.updaterecommender.cloudsqlInstanceReliabilityRecommendations.getrecommender.cloudsqlInstanceReliabilityRecommendations.listrecommender.cloudsqlInstanceReliabilityRecommendations.update |
| Speaker ID | Added |
speakerid.phrases.createspeakerid.phrases.deletespeakerid.phrases.getspeakerid.phrases.listspeakerid.settings.getspeakerid.settings.updatespeakerid.speakers.createspeakerid.speakers.deletespeakerid.speakers.getspeakerid.speakers.listspeakerid.speakers.verify |
| Speaker ID | Now GA |
speakerid.phrases.createspeakerid.phrases.deletespeakerid.phrases.getspeakerid.phrases.listspeakerid.settings.getspeakerid.settings.updatespeakerid.speakers.createspeakerid.speakers.deletespeakerid.speakers.getspeakerid.speakers.listspeakerid.speakers.verify |
Cloud IAM changes as of 2023-06-02
| Service | Change | Description |
|---|---|---|
| Vertex AI | Role Updated |
The following permissions have been added to the role compute.networks.usecompute.networks.useExternalIp |
| AlloyDB for PostgreSQL | Role Updated |
The following permissions have been added to the role alloydb.instances.injectFault |
| App Engine flexible environment | Role Updated |
The following permissions have been added to the role compute.routes.createcompute.routes.delete |
| Backup and Disaster Recovery | Now GA |
The role |
| Backup and Disaster Recovery | Now GA |
The role |
| Backup and Disaster Recovery | Now GA |
The role |
| Backup and Disaster Recovery | Now GA |
The role |
| Bare Metal Solution | Now GA |
The role |
| Bare Metal Solution | Now GA |
The role |
| Bare Metal Solution | Now GA |
The role |
| Binary Authorization | Role Updated |
The following permissions have been added to the role artifactregistry.repositories.downloadArtifactsbinaryauthorization.platformPolicies.evaluatePolicybinaryauthorization.policy.evaluatePolicystorage.objects.list |
| Cloud Build | Role Updated |
The following permissions have been added to the role artifactregistry.repositories.deleteArtifacts |
| Cloud Build | Role Updated |
The following permissions have been added to the role artifactregistry.repositories.deleteArtifacts |
| Artifact Analysis | Role Updated |
The following permissions have been added to the role storage.objects.update |
| Container Scanning | Role Updated |
The following permissions have been added to the role storage.objects.update |
| Basic Role | Role Updated |
The following permissions have been added to the role alloydb.instances.injectFault |
| Cloud Integrations | Role Updated |
The following permissions have been added to the role integrations.executions.get |
| Cloud Integrations | Role Updated |
The following permissions have been added to the role integrations.executions.get |
| Cloud Integrations | Role Updated |
The following permissions have been added to the role integrations.executions.get |
| Cloud Integrations | Role Updated |
The following permissions have been added to the role integrations.executions.get |
| Cloud Monitoring | Now GA |
The role |
| Cloud Monitoring | Now GA |
The role |
| Basic Role | Role Updated |
The following permissions have been added to the role alloydb.instances.injectFault |
| Basic Role | Role Updated |
The following permissions have been removed from the role integrations.certificates.createintegrations.certificates.deleteintegrations.certificates.update |
| Vision AI | Role Updated |
The following permissions have been added to the role visionai.annotations.getvisionai.annotations.listvisionai.assets.clipvisionai.assets.generateHlsUrivisionai.assets.getvisionai.assets.listvisionai.assets.search |
| Cloud Workstations | Now GA |
The role |
| Cloud Workstations | Now GA |
The role |
| Cloud Workstations | Now GA |
The role |
| Cloud Workstations | Now GA |
The role |
| Cloud Workstations | Now GA |
The role |
| Cloud Workstations | Now GA |
The role |
| AlloyDB for PostgreSQL | Added |
alloydb.instances.injectFault |
| Backup and Disaster Recovery | Supported In Custom Roles |
backupdr.managementServers.accessbackupdr.managementServers.accessSensitiveDatabackupdr.managementServers.assignBackupPlansbackupdr.managementServers.manageApplicationsbackupdr.managementServers.manageBackupPlansbackupdr.managementServers.manageBackupServersbackupdr.managementServers.manageBackupsbackupdr.managementServers.manageClonesbackupdr.managementServers.manageExpirationbackupdr.managementServers.manageHostsbackupdr.managementServers.manageJobsbackupdr.managementServers.manageLiveClonesbackupdr.managementServers.manageMigrationsbackupdr.managementServers.manageMirroringbackupdr.managementServers.manageMountsbackupdr.managementServers.manageRestoresbackupdr.managementServers.manageSensitiveDatabackupdr.managementServers.manageStoragebackupdr.managementServers.manageSystembackupdr.managementServers.manageWorkflowsbackupdr.managementServers.refreshWorkflowsbackupdr.managementServers.runWorkflowsbackupdr.managementServers.testFailOversbackupdr.managementServers.viewBackupPlansbackupdr.managementServers.viewBackupServersbackupdr.managementServers.viewReportsbackupdr.managementServers.viewStoragebackupdr.managementServers.viewSystembackupdr.managementServers.viewWorkflows |
| Backup and Disaster Recovery | Now GA |
backupdr.managementServers.accessbackupdr.managementServers.accessSensitiveDatabackupdr.managementServers.assignBackupPlansbackupdr.managementServers.manageApplicationsbackupdr.managementServers.manageBackupPlansbackupdr.managementServers.manageBackupServersbackupdr.managementServers.manageBackupsbackupdr.managementServers.manageClonesbackupdr.managementServers.manageExpirationbackupdr.managementServers.manageHostsbackupdr.managementServers.manageJobsbackupdr.managementServers.manageLiveClonesbackupdr.managementServers.manageMigrationsbackupdr.managementServers.manageMirroringbackupdr.managementServers.manageMountsbackupdr.managementServers.manageRestoresbackupdr.managementServers.manageSensitiveDatabackupdr.managementServers.manageStoragebackupdr.managementServers.manageSystembackupdr.managementServers.manageWorkflowsbackupdr.managementServers.refreshWorkflowsbackupdr.managementServers.runWorkflowsbackupdr.managementServers.testFailOversbackupdr.managementServers.viewBackupPlansbackupdr.managementServers.viewBackupServersbackupdr.managementServers.viewReportsbackupdr.managementServers.viewStoragebackupdr.managementServers.viewSystembackupdr.managementServers.viewWorkflows |
| Cloud Integrations | Added |
integrations.securityIntegrationVers.delete |
| Cloud Monitoring | Now GA |
monitoring.snoozes.createmonitoring.snoozes.getmonitoring.snoozes.listmonitoring.snoozes.update |
| Recommender | Added |
recommender.cloudFunctionsPerformanceInsights.getrecommender.cloudFunctionsPerformanceInsights.listrecommender.cloudFunctionsPerformanceInsights.updaterecommender.cloudFunctionsPerformanceRecommendations.getrecommender.cloudFunctionsPerformanceRecommendations.listrecommender.cloudFunctionsPerformanceRecommendations.update |
| Recommender | Supported In Custom Roles |
recommender.cloudFunctionsPerformanceInsights.getrecommender.cloudFunctionsPerformanceInsights.listrecommender.cloudFunctionsPerformanceInsights.updaterecommender.cloudFunctionsPerformanceRecommendations.getrecommender.cloudFunctionsPerformanceRecommendations.listrecommender.cloudFunctionsPerformanceRecommendations.update |
| Recommender | Now GA |
recommender.cloudFunctionsPerformanceInsights.getrecommender.cloudFunctionsPerformanceInsights.listrecommender.cloudFunctionsPerformanceInsights.updaterecommender.cloudFunctionsPerformanceRecommendations.getrecommender.cloudFunctionsPerformanceRecommendations.listrecommender.cloudFunctionsPerformanceRecommendations.update |
| Cloud Workstations | Now GA |
workstations.operations.getworkstations.workstationClusters.createworkstations.workstationClusters.deleteworkstations.workstationClusters.getworkstations.workstationClusters.listworkstations.workstationClusters.updateworkstations.workstationConfigs.createworkstations.workstationConfigs.deleteworkstations.workstationConfigs.getworkstations.workstationConfigs.getIamPolicyworkstations.workstationConfigs.listworkstations.workstationConfigs.setIamPolicyworkstations.workstationConfigs.updateworkstations.workstations.createworkstations.workstations.deleteworkstations.workstations.getworkstations.workstations.getIamPolicyworkstations.workstations.listworkstations.workstations.setIamPolicyworkstations.workstations.startworkstations.workstations.stopworkstations.workstations.updateworkstations.workstations.use |
Cloud IAM changes as of 2023-05-26
| Service | Change | Description |
|---|---|---|
| Vertex AI | Role Updated |
The following permissions have been added to the role compute.zoneOperations.get |
| Backup and Disaster Recovery | Role Updated |
The following permissions have been added to the role backupdr.managementServers.viewStorage |
| Backup and Disaster Recovery | Role Updated |
The following permissions have been added to the role backupdr.managementServers.viewStorage |
| Cloud Composer | Role Updated |
The following permissions have been added to the role dns.managedZones.getdns.managedZones.listdns.networks.targetWithPeeringZone |
| Cloud Composer | Role Updated |
The following permissions have been added to the role dns.managedZones.getdns.managedZones.listdns.networks.targetWithPeeringZone |
| Compute Engine | Now GA |
The role |
| Compute Engine | Now GA |
The role |
| Data Lineage API | Now GA |
The role |
| Data Lineage API | Now GA |
The role |
| Data Lineage API | Now GA |
The role |
| Data Lineage API | Now GA |
The role |
| Sensitive Data Protection | Now GA |
The role |
| Sensitive Data Protection | Now GA |
The role |
| Network Connectivity Center | Role Updated |
The following permissions have been added to the role compute.forwardingRules.getcompute.regionOperations.get |
| Security Command Center | Role Updated |
The following permissions have been added to the role cloudasset.assets.exportIamPolicycloudasset.assets.exportOSInventoriescloudasset.assets.exportResourcecloudasset.assets.queryAccessPolicycloudasset.assets.queryIamPolicycloudasset.assets.queryOSInventoriescloudasset.assets.queryResourcecloudasset.assets.searchAllIamPoliciescloudasset.assets.searchAllResources |
| Security Command Center | Role Updated |
The following permissions have been added to the role cloudasset.assets.exportIamPolicycloudasset.assets.exportOSInventoriescloudasset.assets.exportResourcecloudasset.assets.queryAccessPolicycloudasset.assets.queryIamPolicycloudasset.assets.queryOSInventoriescloudasset.assets.queryResourcecloudasset.assets.searchAllIamPoliciescloudasset.assets.searchAllResources |
| Security Command Center | Role Updated |
The following permissions have been added to the role cloudasset.assets.exportIamPolicycloudasset.assets.exportOSInventoriescloudasset.assets.exportResourcecloudasset.assets.queryAccessPolicycloudasset.assets.queryIamPolicycloudasset.assets.queryOSInventoriescloudasset.assets.queryResourcecloudasset.assets.searchAllIamPoliciescloudasset.assets.searchAllResources |
| Security Command Center | Role Updated |
The following permissions have been added to the role cloudasset.assets.exportIamPolicycloudasset.assets.exportOSInventoriescloudasset.assets.exportResourcecloudasset.assets.queryAccessPolicycloudasset.assets.queryIamPolicycloudasset.assets.queryOSInventoriescloudasset.assets.queryResourcecloudasset.assets.searchAllIamPoliciescloudasset.assets.searchAllResources |
| Vision AI | Role Updated |
The following permissions have been added to the role visionai.operators.createvisionai.operators.deletevisionai.operators.getvisionai.operators.listvisionai.operators.update |
| Compute Engine | Now GA |
compute.disks.startAsyncReplicationcompute.disks.stopAsyncReplicationcompute.disks.stopGroupAsyncReplicationcompute.resourcePolicies.useReadOnly |
| Data Lineage API | Now GA |
datalineage.events.createdatalineage.events.deletedatalineage.events.getdatalineage.events.listdatalineage.locations.searchLinksdatalineage.operations.getdatalineage.processes.createdatalineage.processes.deletedatalineage.processes.getdatalineage.processes.listdatalineage.processes.updatedatalineage.runs.createdatalineage.runs.deletedatalineage.runs.getdatalineage.runs.listdatalineage.runs.update |
| Sensitive Data Protection | Added |
dlp.subscriptions.canceldlp.subscriptions.createdlp.subscriptions.getdlp.subscriptions.listdlp.subscriptions.update |
| Sensitive Data Protection | Supported In Custom Roles |
dlp.subscriptions.canceldlp.subscriptions.createdlp.subscriptions.getdlp.subscriptions.listdlp.subscriptions.update |
| Sensitive Data Protection | Now GA |
dlp.subscriptions.canceldlp.subscriptions.createdlp.subscriptions.getdlp.subscriptions.listdlp.subscriptions.update |
Cloud IAM changes as of 2023-05-19
| Service | Change | Description |
|---|---|---|
| Vertex AI | Role Updated |
The following permissions have been added to the role compute.networks.getcompute.subnetworks.list |
| Backup and Disaster Recovery | Now GA |
The role |
| Cloud Build | Role Updated |
The following permissions have been removed from the role logging.privateLogEntries.list |
| Cloud Build | Role Updated |
The following permissions have been removed from the role logging.privateLogEntries.list |
| Cloud Composer | Role Updated |
The following permissions have been removed from the role logging.privateLogEntries.list |
| Artifact Analysis | Role Updated |
The following permissions have been added to the role containeranalysis.notes.list |
| Container Scanning | Role Updated |
The following permissions have been added to the role containeranalysis.notes.list |
| AlloyDB for PostgreSQL | Added |
alloydb.users.createalloydb.users.deletealloydb.users.getalloydb.users.listalloydb.users.update |
| Apigee | Added |
apigee.appgroupapps.createapigee.appgroupapps.deleteapigee.appgroupapps.getapigee.appgroupapps.listapigee.appgroupapps.manageapigee.appgroups.createapigee.appgroups.deleteapigee.appgroups.getapigee.appgroups.listapigee.appgroups.update |
| Apigee | Supported In Custom Roles |
apigee.appgroupapps.createapigee.appgroupapps.deleteapigee.appgroupapps.getapigee.appgroupapps.listapigee.appgroupapps.manageapigee.appgroups.createapigee.appgroups.deleteapigee.appgroups.getapigee.appgroups.listapigee.appgroups.update |
| Apigee | Now GA |
apigee.appgroupapps.createapigee.appgroupapps.deleteapigee.appgroupapps.getapigee.appgroupapps.listapigee.appgroupapps.manageapigee.appgroups.createapigee.appgroups.deleteapigee.appgroups.getapigee.appgroups.listapigee.appgroups.update |
| Commerce Price Management | Added |
commerceprice.events.getcommerceprice.events.list |
| Compute Engine | Added |
compute.instances.setSecurityPolicycompute.targetInstances.setSecurityPolicycompute.targetPools.setSecurityPolicy |
| Compute Engine | Supported In Custom Roles |
compute.instances.setSecurityPolicycompute.targetInstances.setSecurityPolicycompute.targetPools.setSecurityPolicy |
| Cloud Commerce Consumer Procurement | Added |
consumerprocurement.events.getconsumerprocurement.events.list |
| Cloud Logging | Now GA |
logging.logEntries.route |
| Google Cloud VMware Engine | Added |
vmwareengine.privateConnections.createvmwareengine.privateConnections.deletevmwareengine.privateConnections.getvmwareengine.privateConnections.listvmwareengine.privateConnections.listPeeringRoutesvmwareengine.privateConnections.updatevmwareengine.subnets.getvmwareengine.subnets.update |
| Google Cloud VMware Engine | Supported In Custom Roles |
vmwareengine.privateConnections.createvmwareengine.privateConnections.deletevmwareengine.privateConnections.getvmwareengine.privateConnections.listvmwareengine.privateConnections.listPeeringRoutesvmwareengine.privateConnections.updatevmwareengine.subnets.getvmwareengine.subnets.update |
| Google Cloud VMware Engine | Now GA |
vmwareengine.privateConnections.createvmwareengine.privateConnections.deletevmwareengine.privateConnections.getvmwareengine.privateConnections.listvmwareengine.privateConnections.listPeeringRoutesvmwareengine.privateConnections.updatevmwareengine.subnets.getvmwareengine.subnets.update |
Cloud IAM changes as of 2023-05-12
| Service | Change | Description |
|---|---|---|
| Vertex AI | Role Updated |
The following permissions have been added to the role compute.instances.attachDiskcompute.instances.detachDiskcompute.instances.startcompute.instances.stop |
| Network Connectivity Center | Role Updated |
The following permissions have been added to the role dns.managedZones.createdns.networks.bindPrivateDNSZoneservicedirectory.namespaces.associatePrivateZoneservicedirectory.namespaces.createservicedirectory.namespaces.deleteservicedirectory.services.createservicedirectory.services.delete |
| Cloud Composer | Added |
composer.environments.executeAirflowCommand |
| Cloud Composer | Now GA |
composer.environments.executeAirflowCommand |
| Compute Engine | Added |
compute.instantSnapshots.createcompute.instantSnapshots.deletecompute.instantSnapshots.exportcompute.instantSnapshots.getcompute.instantSnapshots.getIamPolicycompute.instantSnapshots.listcompute.instantSnapshots.setIamPolicycompute.instantSnapshots.setLabelscompute.instantSnapshots.useReadOnly |
| Compute Engine | Supported In Custom Roles |
compute.instantSnapshots.createcompute.instantSnapshots.deletecompute.instantSnapshots.getcompute.instantSnapshots.getIamPolicycompute.instantSnapshots.listcompute.instantSnapshots.setIamPolicycompute.instantSnapshots.setLabelscompute.instantSnapshots.useReadOnly |
| Security Command Center | Added |
securitycenter.securityhealthanalyticscustommodules.createsecuritycenter.securityhealthanalyticscustommodules.deletesecuritycenter.securityhealthanalyticscustommodules.getsecuritycenter.securityhealthanalyticscustommodules.listsecuritycenter.securityhealthanalyticscustommodules.testsecuritycenter.securityhealthanalyticscustommodules.update |
| Security Command Center | Now GA |
securitycenter.securityhealthanalyticscustommodules.createsecuritycenter.securityhealthanalyticscustommodules.deletesecuritycenter.securityhealthanalyticscustommodules.getsecuritycenter.securityhealthanalyticscustommodules.listsecuritycenter.securityhealthanalyticscustommodules.testsecuritycenter.securityhealthanalyticscustommodules.update |
Cloud IAM changes as of 2023-05-05
| Service | Change | Description |
|---|---|---|
| Apigee | Role Updated |
The following permissions have been added to the role apigee.entitlements.getapigee.projectorganizations.get |
| Apigee | Role Updated |
The following permissions have been added to the role apigee.entitlements.getapigee.projectorganizations.get |
| Apigee | Role Updated |
The following permissions have been added to the role apigee.entitlements.getapigee.projectorganizations.get |
| Apigee | Role Updated |
The following permissions have been added to the role apigee.entitlements.getapigee.projectorganizations.get |
| Apigee | Role Updated |
The following permissions have been added to the role apigee.entitlements.getapigee.projectorganizations.get |
| Apigee | Role Updated |
The following permissions have been added to the role apigee.entitlements.getapigee.projectorganizations.get |
| Apigee | Role Updated |
The following permissions have been added to the role apigee.entitlements.getapigee.projectorganizations.get |
| Apigee | Role Updated |
The following permissions have been added to the role apigee.entitlements.getapigee.projectorganizations.get |
| Apigee | Role Updated |
The following permissions have been added to the role apigee.entitlements.getapigee.projectorganizations.get |
| Apigee | Role Updated |
The following permissions have been added to the role apigee.entitlements.getapigee.projectorganizations.get |
| Apigee | Role Updated |
The following permissions have been added to the role apigee.entitlements.getapigee.projectorganizations.get |
| Cloud Composer | Now GA |
The role |
| Cloud Composer | Role Updated |
The following permissions have been added to the role compute.networkAttachments.createcompute.networkAttachments.deletecompute.networkAttachments.get |
| Google Distributed Cloud | Role Updated |
The following permissions have been added to the role gkehub.memberships.delete |
| Looker | Now GA |
The role |
| Looker | Now GA |
The role |
| Looker | Now GA |
The role |
| Cloud Monitoring | Now GA |
The role |
| Cloud Monitoring | Now GA |
The role |
| Vision AI | Role Updated |
The following permissions have been added to the role visionai.events.createvisionai.events.update |
| Cloud Controls Partner API | Added |
cloudcontrolspartner.customers.getcloudcontrolspartner.customers.listcloudcontrolspartner.partners.getcloudcontrolspartner.violations.getcloudcontrolspartner.violations.listcloudcontrolspartner.workloads.getcloudcontrolspartner.workloads.list |
| Cloud Controls Partner API | Supported In Custom Roles |
cloudcontrolspartner.customers.getcloudcontrolspartner.customers.listcloudcontrolspartner.partners.getcloudcontrolspartner.violations.getcloudcontrolspartner.violations.listcloudcontrolspartner.workloads.getcloudcontrolspartner.workloads.list |
| Looker | Added |
looker.backups.createlooker.backups.deletelooker.backups.getlooker.backups.listlooker.backups.restorelooker.instances.createlooker.instances.deletelooker.instances.exportlooker.instances.getlooker.instances.importlooker.instances.listlooker.instances.loginlooker.instances.updatelooker.locations.getlooker.locations.listlooker.operations.cancellooker.operations.deletelooker.operations.getlooker.operations.list |
| Looker | Supported In Custom Roles |
looker.backups.createlooker.backups.deletelooker.backups.getlooker.backups.listlooker.backups.restorelooker.instances.createlooker.instances.deletelooker.instances.exportlooker.instances.getlooker.instances.importlooker.instances.listlooker.instances.loginlooker.instances.updatelooker.locations.getlooker.locations.listlooker.operations.cancellooker.operations.deletelooker.operations.getlooker.operations.list |
| Looker | Now GA |
looker.backups.createlooker.backups.deletelooker.backups.getlooker.backups.listlooker.backups.restorelooker.instances.createlooker.instances.deletelooker.instances.exportlooker.instances.getlooker.instances.importlooker.instances.listlooker.instances.loginlooker.instances.updatelooker.locations.getlooker.locations.listlooker.operations.cancellooker.operations.deletelooker.operations.getlooker.operations.list |
| Cloud Monitoring | Supported In Custom Roles |
monitoring.alertPolicies.createmonitoring.alertPolicies.deletemonitoring.alertPolicies.getmonitoring.alertPolicies.listmonitoring.alertPolicies.update |
| Cloud Monitoring | Now GA |
monitoring.alertPolicies.createmonitoring.alertPolicies.deletemonitoring.alertPolicies.getmonitoring.alertPolicies.listmonitoring.alertPolicies.update |
| Security Command Center | Added |
securitycenter.integratedvulnerabilityscannersettings.calculatesecuritycenter.integratedvulnerabilityscannersettings.getsecuritycenter.integratedvulnerabilityscannersettings.update |
| Security Command Center | Supported In Custom Roles |
securitycenter.integratedvulnerabilityscannersettings.calculatesecuritycenter.integratedvulnerabilityscannersettings.getsecuritycenter.integratedvulnerabilityscannersettings.update |
| Security Command Center | Now GA |
securitycenter.integratedvulnerabilityscannersettings.calculatesecuritycenter.integratedvulnerabilityscannersettings.getsecuritycenter.integratedvulnerabilityscannersettings.update |
Cloud IAM changes as of 2023-04-28
| Service | Change | Description |
|---|---|---|
| Vertex AI | Role Updated |
The following permissions have been added to the role compute.subnetworks.get |
| Bare Metal Solution | Now GA |
The role |
| Bare Metal Solution | Now GA |
The role |
| Bare Metal Solution | Now GA |
The role |
| Cloud Key Management Service | Now GA |
The role |
| Commerce Business Enablement | Role Updated |
The following permissions have been added to the role resourcemanager.organizations.get |
| Commerce Business Enablement | Role Updated |
The following permissions have been added to the role resourcemanager.organizations.get |
| Commerce Business Enablement | Role Updated |
The following permissions have been added to the role resourcemanager.organizations.get |
| Commerce Business Enablement | Role Updated |
The following permissions have been added to the role resourcemanager.organizations.get |
| Cloud Commerce Consumer Procurement | Role Updated |
The following permissions have been added to the role consumerprocurement.consents.checkconsumerprocurement.consents.grantconsumerprocurement.consents.listconsumerprocurement.consents.revokeorgpolicy.policy.get |
| Cloud Commerce Consumer Procurement | Role Updated |
The following permissions have been added to the role consumerprocurement.consents.checkconsumerprocurement.consents.listorgpolicy.policy.get |
| Cloud Commerce Consumer Procurement | Role Updated |
The following permissions have been added to the role orgpolicy.policy.get |
| Cloud Commerce Consumer Procurement | Role Updated |
The following permissions have been added to the role orgpolicy.policy.get |
| Firebase App Check | Now GA |
The role |
| Workflows | Role Updated |
The following permissions have been added to the role serviceusage.services.use |
| Workload Certificate | Role Updated |
The following permissions have been added to the role workloadcertificate.workloadRegistrations.list |
| Bare Metal Solution | Added |
baremetalsolution.procurements.createbaremetalsolution.procurements.getbaremetalsolution.procurements.listbaremetalsolution.skus.list |
| Bare Metal Solution | Supported In Custom Roles |
baremetalsolution.procurements.createbaremetalsolution.procurements.getbaremetalsolution.procurements.listbaremetalsolution.skus.list |
| Bare Metal Solution | Now GA |
baremetalsolution.procurements.createbaremetalsolution.procurements.getbaremetalsolution.procurements.listbaremetalsolution.skus.list |
| Certificate Manager | Now GA |
certificatemanager.certissuanceconfigs.createcertificatemanager.certissuanceconfigs.deletecertificatemanager.certissuanceconfigs.getcertificatemanager.certissuanceconfigs.listcertificatemanager.certissuanceconfigs.updatecertificatemanager.certissuanceconfigs.use |
| Cloud Build | Added |
cloudbuild.repositories.fetchGitRefs |
| Cloud Build | Supported In Custom Roles |
cloudbuild.repositories.fetchGitRefs |
| Cloud Key Management Service | Now GA |
cloudkms.protectedResources.search |
| Firebase App Check | Added |
firebaseappcheck.appCheckTokens.verify |
| Firebase App Check | Supported In Custom Roles |
firebaseappcheck.appCheckTokens.verify |
| Firebase App Check | Now GA |
firebaseappcheck.appCheckTokens.verify |
Cloud IAM changes as of 2023-04-21
| Service | Change | Description |
|---|---|---|
| BigLake | Now GA |
The role |
| BigLake | Now GA |
The role |
| Google Security Operations | Role Updated |
The following permissions have been added to the role chronicle.operations.cancel |
| Service Catalog | Role Updated |
The following permissions have been added to the role commerceorggovernance.organizationSettings.getcommerceorggovernance.organizationSettings.update |
| Connectors | Now GA |
The role |
| Connectors | Now GA |
The role |
| Connectors | Now GA |
The role |
| Connectors | Now GA |
The role |
| Identity and Access Management | Role Updated |
The following permissions have been added to the role advisorynotifications.notifications.get |
| Identity and Access Management | Role Updated |
The following permissions have been added to the role advisorynotifications.notifications.get |
| Network Connectivity Center | Role Updated |
The following permissions have been added to the role compute.addresses.createInternalcompute.addresses.deleteInternalcompute.addresses.get |
| Pub/Sub Lite | Role Updated |
The following permissions have been added to the role pubsublite.topics.computeHeadCursor |
| Serverless Integrations | Role Updated |
The following permissions have been added to the role firebasehosting.sites.get |
| Cloud Storage | Now GA |
The role |
| BigLake | Now GA |
biglake.catalogs.createbiglake.catalogs.deletebiglake.catalogs.getbiglake.catalogs.listbiglake.databases.createbiglake.databases.deletebiglake.databases.getbiglake.databases.listbiglake.databases.updatebiglake.locks.checkbiglake.locks.createbiglake.locks.deletebiglake.locks.listbiglake.tables.createbiglake.tables.deletebiglake.tables.getbiglake.tables.listbiglake.tables.lockbiglake.tables.update |
| Google Security Operations | Added |
chronicle.dashboards.editchronicle.dashboards.schedule |
| Google Security Operations | Supported In Custom Roles |
chronicle.dashboards.editchronicle.dashboards.schedule |
| Commerce Business Enablement | Added |
commercebusinessenablement.resellerDiscountOffers.cancelcommercebusinessenablement.resellerDiscountOffers.createcommercebusinessenablement.resellerDiscountOffers.list |
| Commerce Business Enablement | Supported In Custom Roles |
commercebusinessenablement.resellerDiscountOffers.cancelcommercebusinessenablement.resellerDiscountOffers.createcommercebusinessenablement.resellerDiscountOffers.list |
| Connectors | Added |
connectors.endpointAttachments.createconnectors.endpointAttachments.deleteconnectors.endpointAttachments.getconnectors.endpointAttachments.getIamPolicyconnectors.endpointAttachments.listconnectors.endpointAttachments.setIamPolicyconnectors.endpointAttachments.updateconnectors.managedZones.createconnectors.managedZones.deleteconnectors.managedZones.getconnectors.managedZones.getIamPolicyconnectors.managedZones.listconnectors.managedZones.setIamPolicyconnectors.managedZones.update |
| Connectors | Now GA |
connectors.endpointAttachments.createconnectors.endpointAttachments.deleteconnectors.endpointAttachments.getconnectors.endpointAttachments.getIamPolicyconnectors.endpointAttachments.listconnectors.endpointAttachments.setIamPolicyconnectors.endpointAttachments.updateconnectors.managedZones.createconnectors.managedZones.deleteconnectors.managedZones.getconnectors.managedZones.getIamPolicyconnectors.managedZones.listconnectors.managedZones.setIamPolicyconnectors.managedZones.update |
| Dataform | Added |
dataform.releaseConfigs.createdataform.releaseConfigs.deletedataform.releaseConfigs.getdataform.releaseConfigs.listdataform.releaseConfigs.updatedataform.workflowConfigs.createdataform.workflowConfigs.deletedataform.workflowConfigs.getdataform.workflowConfigs.listdataform.workflowConfigs.update |
| Firestore | Supported In Custom Roles |
datastore.keyVisualizerScans.getdatastore.keyVisualizerScans.list |
| Transfer Appliance | Added |
transferappliance.credentials.get |
Cloud IAM changes as of 2023-04-14
| Service | Change | Description |
|---|---|---|
| Backup and Disaster Recovery | Role Updated |
The following permissions have been added to the role backupdr.managementServers.viewBackupServers |
| Backup and Disaster Recovery | Role Updated |
The following permissions have been added to the role backupdr.managementServers.viewBackupServers |
| Backup and Disaster Recovery | Role Updated |
The following permissions have been removed from the role backupdr.managementServers.accessSensitiveDatabackupdr.managementServers.assignBackupPlansbackupdr.managementServers.manageApplicationsbackupdr.managementServers.manageBackupPlansbackupdr.managementServers.manageBackupsbackupdr.managementServers.manageClonesbackupdr.managementServers.manageExpirationbackupdr.managementServers.manageHostsbackupdr.managementServers.manageJobsbackupdr.managementServers.manageLiveClonesbackupdr.managementServers.manageMigrationsbackupdr.managementServers.manageMirroringbackupdr.managementServers.manageMountsbackupdr.managementServers.manageRestoresbackupdr.managementServers.manageWorkflowsbackupdr.managementServers.refreshWorkflowsbackupdr.managementServers.runWorkflowsbackupdr.managementServers.testFailOvers |
| Backup and Disaster Recovery | Role Updated |
The following permissions have been added to the role backupdr.managementServers.viewBackupServers |
| Backup and Disaster Recovery | Role Updated |
The following permissions have been added to the role backupdr.managementServers.viewBackupServers |
| Google Security Operations | Now GA |
The role |
| Google Security Operations | Role Updated |
The following permissions have been added to the role monitoring.alertPolicies.createmonitoring.alertPolicies.deletemonitoring.alertPolicies.getmonitoring.alertPolicies.listmonitoring.alertPolicies.update |
| Cloud Run functions | Role Updated |
The following permissions have been added to the role cloudfunctions.functions.getIamPolicy |
| Dataform | Role Updated |
The following permissions have been added to the role dataform.repositories.commitdataform.repositories.computeAccessTokenStatusdataform.repositories.fetchHistorydataform.repositories.queryDirectoryContentsdataform.repositories.readFile |
| Dataform | Role Updated |
The following permissions have been added to the role dataform.repositories.computeAccessTokenStatusdataform.repositories.fetchHistorydataform.repositories.queryDirectoryContentsdataform.repositories.readFile |
| Dataform | Role Updated |
The following permissions have been added to the role dataform.repositories.computeAccessTokenStatusdataform.repositories.fetchHistorydataform.repositories.queryDirectoryContentsdataform.repositories.readFile |
| Basic Role | Role Updated |
The following permissions have been added to the role backupdr.managementServers.viewBackupServersdataform.repositories.commitdataform.repositories.computeAccessTokenStatusdataform.repositories.fetchHistorydataform.repositories.queryDirectoryContentsdataform.repositories.readFile |
| Firebase | Role Updated |
The following permissions have been added to the role cloudfunctions.functions.getIamPolicy |
| Firebase | Role Updated |
The following permissions have been added to the role cloudfunctions.functions.getIamPolicy |
| Google Distributed Cloud | Role Updated |
The following permissions have been added to the role gkeonprem.operations.getgkeonprem.operations.list |
| Basic Role | Role Updated |
The following permissions have been added to the role backupdr.managementServers.viewBackupServersdataform.repositories.commitdataform.repositories.computeAccessTokenStatusdataform.repositories.fetchHistorydataform.repositories.queryDirectoryContentsdataform.repositories.readFile |
| Storage Insights | Now GA |
The role |
| Basic Role | Role Updated |
The following permissions have been added to the role backupdr.managementServers.viewBackupServersdataform.repositories.computeAccessTokenStatusdataform.repositories.fetchHistorydataform.repositories.queryDirectoryContentsdataform.repositories.readFile |
| Artifact Registry | Added |
artifactregistry.repositories.readViaVirtualRepository |
| Artifact Registry | Supported In Custom Roles |
artifactregistry.repositories.readViaVirtualRepository |
| Artifact Registry | Now GA |
artifactregistry.repositories.readViaVirtualRepository |
| Backup and Disaster Recovery | Added |
backupdr.managementServers.viewBackupServers |
| Cloud SQL | Added |
cloudsql.instances.reencrypt |
| Cloud SQL | Supported In Custom Roles |
cloudsql.instances.reencrypt |
| Cloud SQL | Now GA |
cloudsql.instances.reencrypt |
| Dataform | Added |
dataform.repositories.commitdataform.repositories.computeAccessTokenStatusdataform.repositories.fetchHistorydataform.repositories.queryDirectoryContentsdataform.repositories.readFile |
Cloud IAM changes as of 2023-04-07
| Service | Change | Description |
|---|---|---|
| Firebase Remote Config | Role Updated |
The following permissions have been added to the role logging.logEntries.createlogging.logEntries.route |
| Google Distributed Cloud | Role Updated |
The following permissions have been added to the role gkeonprem.bareMetalAdminClusters.getgkeonprem.bareMetalClusters.getgkeonprem.bareMetalNodePools.getgkeonprem.vmwareAdminClusters.getgkeonprem.vmwareClusters.getgkeonprem.vmwareNodePools.get |
| Cloud Integrations | Role Updated |
The following permissions have been added to the role iam.serviceAccounts.getAccessTokeniam.serviceAccounts.getOpenIdToken |
| Cloud Service Mesh control plane | Role Updated |
The following permissions have been added to the role trafficdirector.networks.getConfigstrafficdirector.networks.reportMetrics |
| Security Command Center | Now GA |
The role |
| Cloud TPU | Role Updated |
The following permissions have been added to the role compute.addresses.createInternalcompute.addresses.deleteInternalcompute.addresses.getcompute.addresses.listcompute.addresses.useInternal |
| Compute Engine | Added |
compute.interconnectRemoteLocations.getcompute.interconnectRemoteLocations.list |
| Compute Engine | Supported In Custom Roles |
compute.interconnectRemoteLocations.getcompute.interconnectRemoteLocations.list |
| Compute Engine | Now GA |
compute.interconnectRemoteLocations.getcompute.interconnectRemoteLocations.list |
| Network Security | Added |
networksecurity.gatewaySecurityPolicies.createnetworksecurity.gatewaySecurityPolicies.deletenetworksecurity.gatewaySecurityPolicies.getnetworksecurity.gatewaySecurityPolicies.listnetworksecurity.gatewaySecurityPolicies.updatenetworksecurity.gatewaySecurityPolicies.usenetworksecurity.gatewaySecurityPolicyRules.createnetworksecurity.gatewaySecurityPolicyRules.deletenetworksecurity.gatewaySecurityPolicyRules.getnetworksecurity.gatewaySecurityPolicyRules.listnetworksecurity.gatewaySecurityPolicyRules.updatenetworksecurity.gatewaySecurityPolicyRules.usenetworksecurity.tlsInspectionPolicies.createnetworksecurity.tlsInspectionPolicies.deletenetworksecurity.tlsInspectionPolicies.getnetworksecurity.tlsInspectionPolicies.listnetworksecurity.tlsInspectionPolicies.updatenetworksecurity.tlsInspectionPolicies.usenetworksecurity.urlLists.createnetworksecurity.urlLists.deletenetworksecurity.urlLists.getnetworksecurity.urlLists.listnetworksecurity.urlLists.updatenetworksecurity.urlLists.use |
| Network Security | Supported In Custom Roles |
networksecurity.gatewaySecurityPolicies.createnetworksecurity.gatewaySecurityPolicies.deletenetworksecurity.gatewaySecurityPolicies.getnetworksecurity.gatewaySecurityPolicies.listnetworksecurity.gatewaySecurityPolicies.updatenetworksecurity.gatewaySecurityPolicies.usenetworksecurity.gatewaySecurityPolicyRules.createnetworksecurity.gatewaySecurityPolicyRules.deletenetworksecurity.gatewaySecurityPolicyRules.getnetworksecurity.gatewaySecurityPolicyRules.listnetworksecurity.gatewaySecurityPolicyRules.updatenetworksecurity.gatewaySecurityPolicyRules.usenetworksecurity.tlsInspectionPolicies.createnetworksecurity.tlsInspectionPolicies.deletenetworksecurity.tlsInspectionPolicies.getnetworksecurity.tlsInspectionPolicies.listnetworksecurity.tlsInspectionPolicies.updatenetworksecurity.tlsInspectionPolicies.usenetworksecurity.urlLists.createnetworksecurity.urlLists.deletenetworksecurity.urlLists.getnetworksecurity.urlLists.listnetworksecurity.urlLists.updatenetworksecurity.urlLists.use |
| Cloud Storage | Added |
storage.buckets.getObjectInsights |
| Cloud Storage | Now GA |
storage.buckets.getObjectInsights |
Cloud IAM changes as of 2023-03-31
| Service | Change | Description |
|---|---|---|
| Appliance Activation Service | Role Updated |
The following permissions have been added to the role applianceactivation.rttCommands.get |
| Assured Workloads | Role Updated |
The following permissions have been added to the role bigquery.config.update |
| Assured Workloads | Role Updated |
The following permissions have been added to the role bigquery.config.update |
| Bigtable | Role Updated |
The following permissions have been added to the role monitoring.timeSeries.create |
| Bigtable | Role Updated |
The following permissions have been added to the role monitoring.timeSeries.create |
| Bigtable | Role Updated |
The following permissions have been added to the role monitoring.timeSeries.create |
| Google Security Operations | Now GA |
The role |
| Conversational Insights | Role Updated |
The following permissions have been added to the role dialogflow.conversationProfiles.get |
| Cloud Data Fusion | Now GA |
The role |
| Cloud Data Fusion | Now GA |
The role |
| Cloud Data Fusion | Now GA |
The role |
| Google Distributed Cloud | Role Updated |
The following permissions have been added to the role gkeonprem.bareMetalAdminClusters.enrollgkeonprem.bareMetalAdminClusters.unenrollgkeonprem.bareMetalClusters.enrollgkeonprem.bareMetalClusters.unenrollgkeonprem.bareMetalNodePools.enrollgkeonprem.bareMetalNodePools.unenrollgkeonprem.vmwareAdminClusters.enrollgkeonprem.vmwareAdminClusters.unenrollgkeonprem.vmwareClusters.enrollgkeonprem.vmwareClusters.unenrollgkeonprem.vmwareNodePools.enrollgkeonprem.vmwareNodePools.unenroll |
| Backup and Disaster Recovery | Added |
backupdr.managementServers.accessbackupdr.managementServers.accessSensitiveDatabackupdr.managementServers.assignBackupPlansbackupdr.managementServers.manageApplicationsbackupdr.managementServers.manageBackupPlansbackupdr.managementServers.manageBackupServersbackupdr.managementServers.manageBackupsbackupdr.managementServers.manageClonesbackupdr.managementServers.manageExpirationbackupdr.managementServers.manageHostsbackupdr.managementServers.manageJobsbackupdr.managementServers.manageLiveClonesbackupdr.managementServers.manageMigrationsbackupdr.managementServers.manageMirroringbackupdr.managementServers.manageMountsbackupdr.managementServers.manageRestoresbackupdr.managementServers.manageSensitiveDatabackupdr.managementServers.manageStoragebackupdr.managementServers.manageSystembackupdr.managementServers.manageWorkflowsbackupdr.managementServers.refreshWorkflowsbackupdr.managementServers.runWorkflowsbackupdr.managementServers.testFailOversbackupdr.managementServers.viewBackupPlansbackupdr.managementServers.viewReportsbackupdr.managementServers.viewStoragebackupdr.managementServers.viewSystembackupdr.managementServers.viewWorkflows |
| Google Security Operations | Added |
chronicle.collectors.createchronicle.collectors.deletechronicle.collectors.getchronicle.collectors.listchronicle.collectors.updatechronicle.curatedRuleSetCategories.countAllCuratedRuleSetDetectionschronicle.curatedRuleSetCategories.getchronicle.curatedRuleSetCategories.listchronicle.curatedRuleSetDeployments.batchUpdatechronicle.curatedRuleSetDeployments.getchronicle.curatedRuleSetDeployments.listchronicle.curatedRuleSetDeployments.updatechronicle.curatedRuleSets.countCuratedRuleSetDetectionschronicle.curatedRuleSets.getchronicle.curatedRuleSets.listchronicle.curatedRules.getchronicle.curatedRules.listchronicle.dashboards.copychronicle.dashboards.createchronicle.dashboards.deletechronicle.dashboards.getchronicle.dashboards.listchronicle.extensionValidationReports.getchronicle.extensionValidationReports.listchronicle.feedSourceTypeSchemas.listchronicle.feeds.createchronicle.feeds.deletechronicle.feeds.disablechronicle.feeds.enablechronicle.feeds.getchronicle.feeds.listchronicle.feeds.updatechronicle.forwarders.createchronicle.forwarders.deletechronicle.forwarders.generatechronicle.forwarders.getchronicle.forwarders.listchronicle.forwarders.updatechronicle.instances.getchronicle.instances.reportchronicle.legacies.legacyGetCuratedRulesTrendschronicle.legacies.legacyGetRuleCountschronicle.legacies.legacyGetRulesTrendschronicle.legacies.legacyUpdateFindingchronicle.logTypeSchemas.listchronicle.multitenantDirectories.getchronicle.operations.cancelchronicle.operations.deletechronicle.operations.getchronicle.operations.listchronicle.operations.waitchronicle.parserExtensions.activatechronicle.parserExtensions.createchronicle.parserExtensions.deletechronicle.parserExtensions.generateKeyValueMappingschronicle.parserExtensions.getchronicle.parserExtensions.legacySubmitParserExtensionchronicle.parserExtensions.listchronicle.parserExtensions.removeSyslogchronicle.parsers.activatechronicle.parsers.activateReleaseCandidatechronicle.parsers.copyPrebuiltParserchronicle.parsers.createchronicle.parsers.deactivatechronicle.parsers.deletechronicle.parsers.getchronicle.parsers.listchronicle.parsers.runParserchronicle.parsingErrors.listchronicle.referenceLists.createchronicle.referenceLists.getchronicle.referenceLists.listchronicle.referenceLists.updatechronicle.referenceLists.verifyReferenceListchronicle.retrohunts.createchronicle.retrohunts.getchronicle.retrohunts.listchronicle.ruleDeployments.getchronicle.ruleDeployments.listchronicle.ruleDeployments.updatechronicle.ruleExecutionErrors.listchronicle.rules.createchronicle.rules.getchronicle.rules.listchronicle.rules.listRevisionschronicle.rules.updatechronicle.rules.verifyRuleTextchronicle.validationErrors.listchronicle.validationReports.get |
| Google Security Operations | Supported In Custom Roles |
chronicle.collectors.createchronicle.collectors.deletechronicle.collectors.getchronicle.collectors.listchronicle.collectors.updatechronicle.dashboards.copychronicle.dashboards.createchronicle.dashboards.deletechronicle.dashboards.getchronicle.dashboards.listchronicle.forwarders.createchronicle.forwarders.deletechronicle.forwarders.generatechronicle.forwarders.getchronicle.forwarders.listchronicle.forwarders.updatechronicle.multitenantDirectories.getchronicle.parserExtensions.activatechronicle.parserExtensions.legacySubmitParserExtensionchronicle.parsers.activateReleaseCandidatechronicle.parsers.createchronicle.parsers.deactivatechronicle.parsers.getchronicle.parsingErrors.listchronicle.validationReports.get |
| Cloud Data Fusion | Now GA |
datafusion.instances.createdatafusion.instances.deletedatafusion.instances.getdatafusion.instances.getIamPolicydatafusion.instances.listdatafusion.instances.restartdatafusion.instances.runtimedatafusion.instances.setIamPolicydatafusion.instances.updatedatafusion.instances.upgradedatafusion.locations.getdatafusion.locations.listdatafusion.operations.canceldatafusion.operations.deletedatafusion.operations.getdatafusion.operations.list |
Cloud IAM changes as of 2023-03-24
| Service | Change | Description |
|---|---|---|
| App Engine | Role Updated |
The following permissions have been added to the role artifactregistry.repositories.deleteArtifactsartifactregistry.repositories.downloadArtifactsartifactregistry.repositories.uploadArtifacts |
| Bare Metal Solution | Role Updated |
The following permissions have been added to the role baremetalsolution.operations.get |
| Bare Metal Solution | Role Updated |
The following permissions have been added to the role baremetalsolution.operations.get |
| Bare Metal Solution | Role Updated |
The following permissions have been added to the role baremetalsolution.operations.get |
| Bare Metal Solution | Role Updated |
The following permissions have been added to the role baremetalsolution.operations.get |
| Bare Metal Solution | Role Updated |
The following permissions have been added to the role baremetalsolution.operations.get |
| Bare Metal Solution | Role Updated |
The following permissions have been added to the role baremetalsolution.operations.get |
| Bare Metal Solution | Role Updated |
The following permissions have been added to the role baremetalsolution.operations.get |
| Bare Metal Solution | Role Updated |
The following permissions have been added to the role baremetalsolution.operations.get |
| Bare Metal Solution | Role Updated |
The following permissions have been added to the role baremetalsolution.operations.get |
| Bare Metal Solution | Role Updated |
The following permissions have been added to the role baremetalsolution.operations.get |
| Bare Metal Solution | Role Updated |
The following permissions have been added to the role baremetalsolution.operations.get |
| Bare Metal Solution | Role Updated |
The following permissions have been added to the role baremetalsolution.operations.get |
| Bare Metal Solution | Role Updated |
The following permissions have been added to the role baremetalsolution.operations.get |
| Bare Metal Solution | Role Updated |
The following permissions have been added to the role baremetalsolution.operations.get |
| Bare Metal Solution | Role Updated |
The following permissions have been added to the role baremetalsolution.operations.get |
| Artifact Analysis | Role Updated |
The following permissions have been added to the role storage.buckets.createstorage.buckets.getstorage.buckets.liststorage.objects.createstorage.objects.delete |
| Container Scanning | Role Updated |
The following permissions have been added to the role storage.buckets.createstorage.buckets.getstorage.buckets.liststorage.objects.createstorage.objects.delete |
| Dataproc | Role Updated |
The following permissions have been added to the role dataproc.operations.cancel |
| Live Stream | Now GA |
The role |
| Live Stream | Now GA |
The role |
| Cloud Workstations | Role Updated |
The following permissions have been added to the role compute.instances.getGuestAttributes |
| Appliance Activation Service | Added |
applianceactivation.rttCommands.approveapplianceactivation.rttCommands.createapplianceactivation.rttCommands.getapplianceactivation.rttCommands.listapplianceactivation.rttCommands.sendResult |
| Appliance Activation Service | Supported In Custom Roles |
applianceactivation.rttCommands.approveapplianceactivation.rttCommands.createapplianceactivation.rttCommands.getapplianceactivation.rttCommands.listapplianceactivation.rttCommands.sendResult |
| Bare Metal Solution | Added |
baremetalsolution.operations.get |
| Bare Metal Solution | Supported In Custom Roles |
baremetalsolution.operations.get |
| Bare Metal Solution | Now GA |
baremetalsolution.operations.get |
| Cloud SQL | Added |
cloudsql.instances.getDiskShrinkConfigcloudsql.instances.performDiskShrinkcloudsql.instances.resetReplicaSize |
| Cloud SQL | Supported In Custom Roles |
cloudsql.instances.getDiskShrinkConfigcloudsql.instances.performDiskShrinkcloudsql.instances.resetReplicaSize |
| Cloud SQL | Now GA |
cloudsql.instances.getDiskShrinkConfigcloudsql.instances.performDiskShrinkcloudsql.instances.resetReplicaSize |
| Conversational Insights | Now GA |
contactcenterinsights.issues.create |
| Database Migration Service | Added |
datamigration.migrationjobs.generateTcpProxyScript |
| Database Migration Service | Supported In Custom Roles |
datamigration.migrationjobs.generateTcpProxyScript |
| Database Migration Service | Now GA |
datamigration.migrationjobs.generateTcpProxyScript |
| Google Distributed Cloud | Added |
gkeonprem.bareMetalNodePools.enrollgkeonprem.bareMetalNodePools.unenrollgkeonprem.vmwareNodePools.enrollgkeonprem.vmwareNodePools.unenroll |
| Google Distributed Cloud | Now GA |
gkeonprem.bareMetalNodePools.enrollgkeonprem.bareMetalNodePools.unenrollgkeonprem.vmwareNodePools.enrollgkeonprem.vmwareNodePools.unenroll |
| Live Stream | Now GA |
livestream.channels.createlivestream.channels.deletelivestream.channels.getlivestream.channels.listlivestream.channels.startlivestream.channels.stoplivestream.channels.updatelivestream.events.createlivestream.events.deletelivestream.events.getlivestream.events.listlivestream.inputs.createlivestream.inputs.deletelivestream.inputs.getlivestream.inputs.listlivestream.inputs.updatelivestream.locations.getlivestream.locations.listlivestream.operations.cancellivestream.operations.deletelivestream.operations.getlivestream.operations.list |
| Maps Platform Datasets | Added |
mapsplatformdatasets.datasets.export |
| Maps Platform Datasets | Supported In Custom Roles |
mapsplatformdatasets.datasets.export |
| Google Cloud Migration Center | Added |
migrationcenter.preferenceSets.createmigrationcenter.preferenceSets.deletemigrationcenter.preferenceSets.getmigrationcenter.preferenceSets.listmigrationcenter.preferenceSets.updatemigrationcenter.settings.getmigrationcenter.settings.update |
| Google Cloud Migration Center | Supported In Custom Roles |
migrationcenter.preferenceSets.createmigrationcenter.preferenceSets.deletemigrationcenter.preferenceSets.getmigrationcenter.preferenceSets.listmigrationcenter.preferenceSets.updatemigrationcenter.settings.getmigrationcenter.settings.update |
| Spanner | Added |
spanner.databases.updateTagspanner.databases.useDataBoostspanner.instances.updateTag |
| Spanner | Now GA |
spanner.databases.useDataBoost |
Cloud IAM changes as of 2023-03-17
| Service | Change | Description |
|---|---|---|
| Vertex AI | Role Updated |
The following permissions have been added to the role aiplatform.indexEndpoints.queryVectors |
| Vertex AI | Role Updated |
The following permissions have been added to the role aiplatform.indexEndpoints.queryVectors |
| Vertex AI | Role Updated |
The following permissions have been added to the role aiplatform.indexEndpoints.queryVectors |
| Vertex AI | Role Updated |
The following permissions have been added to the role aiplatform.indexEndpoints.queryVectors |
| Vertex AI | Role Updated |
The following permissions have been added to the role aiplatform.indexEndpoints.queryVectors |
| Apigee | Role Updated |
The following permissions have been added to the role apigee.environments.list |
| Google Security Operations | Role Updated |
The following permissions have been removed from the role logging.logEntries.createstorage.buckets.getstorage.objects.createstorage.objects.get |
| Cloud Key Management Service | Now GA |
The role |
| Conversational Insights | Role Updated |
The following permissions have been added to the role dlp.deidentifyTemplates.getdlp.deidentifyTemplates.listdlp.inspectTemplates.getdlp.inspectTemplates.listdlp.locations.listspeech.recognizers.update |
| Content Warehouse | Role Updated |
The following permissions have been added to the role documentai.datasets.createDocumentsdocumentai.processors.getdocumentai.processors.processBatchstorage.buckets.getstorage.buckets.liststorage.objects.createstorage.objects.deletestorage.objects.update |
| Visual Inspection AI | Role Updated |
The following permissions have been added to the role aiplatform.indexEndpoints.queryVectors |
| Vertex AI | Added |
aiplatform.indexEndpoints.queryVectors |
| Cloud Key Management Service | Added |
cloudkms.ekmConfigs.getcloudkms.ekmConfigs.getIamPolicycloudkms.ekmConfigs.setIamPolicycloudkms.ekmConfigs.update |
| Cloud Key Management Service | Now GA |
cloudkms.ekmConfigs.getcloudkms.ekmConfigs.getIamPolicycloudkms.ekmConfigs.setIamPolicycloudkms.ekmConfigs.update |
| Commerce Business Enablement | Added |
commercebusinessenablement.partnerAccounts.getcommercebusinessenablement.partnerAccounts.listcommercebusinessenablement.resellerConfig.get |
| Commerce Business Enablement | Supported In Custom Roles |
commercebusinessenablement.partnerAccounts.getcommercebusinessenablement.partnerAccounts.listcommercebusinessenablement.resellerConfig.get |
| Connectors | Added |
connectors.settings.getconnectors.settings.update |
| Connectors | Supported In Custom Roles |
connectors.settings.getconnectors.settings.update |
| Connectors | Now GA |
connectors.settings.getconnectors.settings.update |
| Cloud DNS | Added |
dns.networks.useHealthSignals |
| Cloud DNS | Supported In Custom Roles |
dns.networks.useHealthSignals |
| Cloud DNS | Now GA |
dns.networks.useHealthSignals |
| Identity and Access Management | Added |
iam.workforcePoolProviderKeys.createiam.workforcePoolProviderKeys.deleteiam.workforcePoolProviderKeys.getiam.workforcePoolProviderKeys.listiam.workforcePoolProviderKeys.undeleteiam.workloadIdentityPoolProviderKeys.createiam.workloadIdentityPoolProviderKeys.deleteiam.workloadIdentityPoolProviderKeys.getiam.workloadIdentityPoolProviderKeys.listiam.workloadIdentityPoolProviderKeys.undelete |
| Identity and Access Management | Supported In Custom Roles |
iam.workforcePoolProviderKeys.createiam.workforcePoolProviderKeys.deleteiam.workforcePoolProviderKeys.getiam.workforcePoolProviderKeys.listiam.workforcePoolProviderKeys.undeleteiam.workloadIdentityPoolProviderKeys.createiam.workloadIdentityPoolProviderKeys.deleteiam.workloadIdentityPoolProviderKeys.getiam.workloadIdentityPoolProviderKeys.listiam.workloadIdentityPoolProviderKeys.undelete |
| Identity and Access Management | Added |
iam.googleapis.com/workforcePoolProviderKeys.createiam.googleapis.com/workforcePoolProviderKeys.deleteiam.googleapis.com/workforcePoolProviderKeys.getiam.googleapis.com/workforcePoolProviderKeys.listiam.googleapis.com/workforcePoolProviderKeys.undeleteiam.googleapis.com/workloadIdentityPoolProviderKeys.createiam.googleapis.com/workloadIdentityPoolProviderKeys.deleteiam.googleapis.com/workloadIdentityPoolProviderKeys.getiam.googleapis.com/workloadIdentityPoolProviderKeys.listiam.googleapis.com/workloadIdentityPoolProviderKeys.undelete |
| Identity and Access Management | Supported In Custom Roles |
iam.googleapis.com/workforcePoolProviderKeys.createiam.googleapis.com/workforcePoolProviderKeys.deleteiam.googleapis.com/workforcePoolProviderKeys.getiam.googleapis.com/workforcePoolProviderKeys.listiam.googleapis.com/workforcePoolProviderKeys.undeleteiam.googleapis.com/workloadIdentityPoolProviderKeys.createiam.googleapis.com/workloadIdentityPoolProviderKeys.deleteiam.googleapis.com/workloadIdentityPoolProviderKeys.getiam.googleapis.com/workloadIdentityPoolProviderKeys.listiam.googleapis.com/workloadIdentityPoolProviderKeys.undelete |
| Cloud Run | Added |
run.jobs.runWithOverrides |
| Cloud Run | Now GA |
run.jobs.runWithOverrides |
Cloud IAM changes as of 2023-03-10
| Service | Change | Description |
|---|---|---|
| App Engine | Role Updated |
The following permissions have been added to the role serviceusage.services.enableserviceusage.services.get |
| Commerce Business Enablement | Role Updated |
The following permissions have been added to the role commercebusinessenablement.partnerInfo.get |
| Commerce Business Enablement | Role Updated |
The following permissions have been added to the role commercebusinessenablement.partnerInfo.get |
| Confidential Computing | Now GA |
The role |
| Conversational Insights | Role Updated |
The following permissions have been added to the role contactcenterinsights.issues.create |
| Data Pipelines | Role Updated |
The following permissions have been added to the role bigquery.tables.getbigtable.tables.getpubsub.schemas.getpubsub.topics.get |
| Basic Role | Role Updated |
The following permissions have been added to the role contactcenterinsights.issues.create |
| FleetEngine | Role Updated |
The following permissions have been added to the role fleetengine.tasktrackinginfo.get |
| Basic Role | Role Updated |
The following permissions have been added to the role contactcenterinsights.issues.create |
| Speech-to-Text | Role Updated |
The following permissions have been added to the role storage.buckets.getstorage.buckets.list |
| Bare Metal Solution | Added |
baremetalsolution.luns.evictbaremetalsolution.volumes.evict |
| Bare Metal Solution | Supported In Custom Roles |
baremetalsolution.luns.evictbaremetalsolution.volumes.evict |
| Bare Metal Solution | Now GA |
baremetalsolution.luns.evictbaremetalsolution.volumes.evict |
| Cloud Deploy | Added |
clouddeploy.jobRuns.terminateclouddeploy.rollouts.advanceclouddeploy.rollouts.cancelclouddeploy.rollouts.ignoreJob |
| Cloud Deploy | Supported In Custom Roles |
clouddeploy.jobRuns.terminateclouddeploy.rollouts.advanceclouddeploy.rollouts.cancelclouddeploy.rollouts.ignoreJob |
| Commerce Business Enablement | Added |
commercebusinessenablement.partnerInfo.get |
| Compute Engine | Added |
compute.disks.startAsyncReplicationcompute.disks.stopAsyncReplicationcompute.disks.stopGroupAsyncReplicationcompute.resourcePolicies.useReadOnly |
| Compute Engine | Supported In Custom Roles |
compute.disks.startAsyncReplicationcompute.disks.stopAsyncReplicationcompute.disks.stopGroupAsyncReplicationcompute.resourcePolicies.useReadOnly |
| Confidential Computing | Supported In Custom Roles |
confidentialcomputing.challenges.createconfidentialcomputing.challenges.verifyconfidentialcomputing.locations.getconfidentialcomputing.locations.list |
| Confidential Computing | Now GA |
confidentialcomputing.challenges.createconfidentialcomputing.challenges.verifyconfidentialcomputing.locations.getconfidentialcomputing.locations.list |
| Conversational Insights | Added |
contactcenterinsights.issues.create |
| Retail API | Now GA |
retail.models.get |
| Spanner | Added |
spanner.instances.createTagBindingspanner.instances.deleteTagBindingspanner.instances.listEffectiveTagsspanner.instances.listTagBindings |
| Spanner | Now GA |
spanner.instances.createTagBindingspanner.instances.deleteTagBindingspanner.instances.listEffectiveTagsspanner.instances.listTagBindings |
| Transfer Appliance | Added |
transferappliance.savedAddresses.createtransferappliance.savedAddresses.deletetransferappliance.savedAddresses.gettransferappliance.savedAddresses.listtransferappliance.savedAddresses.update |
| Transfer Appliance | Supported In Custom Roles |
transferappliance.savedAddresses.createtransferappliance.savedAddresses.deletetransferappliance.savedAddresses.gettransferappliance.savedAddresses.listtransferappliance.savedAddresses.update |
Cloud IAM changes as of 2023-03-03
| Service | Change | Description |
|---|---|---|
| Conversational Insights | Role Updated |
The following permissions have been added to the role dlp.kms.encryptdlp.locations.getspeech.operations.getspeech.recognizers.createspeech.recognizers.getspeech.recognizers.recognize |
| Google Kubernetes Engine | Role Updated |
The following permissions have been added to the role monitoring.timeSeries.list |
| Google Kubernetes Engine | Role Updated |
The following permissions have been added to the role monitoring.timeSeries.list |
| Basic Role | Role Updated |
The following permissions have been added to the role speech.locations.getspeech.locations.list |
| Identity and Access Management | Role Updated |
The following permissions have been added to the role speech.locations.list |
| Identity and Access Management | Role Updated |
The following permissions have been added to the role speech.locations.list |
| Network Connectivity Center | Role Updated |
The following permissions have been added to the role compute.forwardingRules.pscSetLabelscompute.forwardingRules.pscSetTargetcompute.forwardingRules.pscUpdate |
| Basic Role | Role Updated |
The following permissions have been added to the role speech.locations.getspeech.locations.list |
| Speech-to-Text | Role Updated |
The following permissions have been added to the role speech.locations.getspeech.locations.list |
| Speech-to-Text | Role Updated |
The following permissions have been added to the role speech.locations.getspeech.locations.list |
| Speech-to-Text | Role Updated |
The following permissions have been added to the role speech.locations.getspeech.locations.list |
| Basic Role | Role Updated |
The following permissions have been added to the role speech.locations.getspeech.locations.list |
| Workload Certificate | Role Updated |
The following permissions have been added to the role container.operations.get |
| Chrome Enterprise Premium | Added |
beyondcorp.subscriptions.createbeyondcorp.subscriptions.getbeyondcorp.subscriptions.list |
| Chrome Enterprise Premium | Supported In Custom Roles |
beyondcorp.subscriptions.createbeyondcorp.subscriptions.getbeyondcorp.subscriptions.list |
| Compute Engine | Now GA |
compute.nodeGroups.simulateMaintenanceEvent |
| Conversational Insights | Now GA |
contactcenterinsights.issues.delete |
| Google Kubernetes Engine | Added |
container.clusters.impersonate |
| Dataform | Added |
dataform.repositories.getIamPolicydataform.repositories.setIamPolicydataform.workspaces.getIamPolicydataform.workspaces.setIamPolicy |
| Speech-to-Text | Added |
speech.locations.getspeech.locations.list |
Cloud IAM changes as of 2023-02-24
| Service | Change | Description |
|---|---|---|
| Vertex AI | Role Updated |
The following permissions have been added to the role monitoring.notificationChannels.get |
| Apigee | Role Updated |
The following permissions have been added to the role apigee.keyvaluemapentries.createapigee.keyvaluemapentries.deleteapigee.keyvaluemapentries.getapigee.keyvaluemapentries.list |
| App Engine flexible environment | Role Updated |
The following permissions have been added to the role compute.disks.createcompute.subnetworks.usecompute.subnetworks.useExternalIp |
| Cloud Build | Role Updated |
The following permissions have been added to the role artifactregistry.repositories.createOnPush |
| Cloud Build | Role Updated |
The following permissions have been added to the role artifactregistry.repositories.createOnPush |
| Firebase Remote Config | Role Updated |
The following permissions have been added to the role iam.serviceAccounts.getAccessToken |
| Cloud Deploy | Role Updated |
The following permissions have been added to the role cloudbuild.builds.update |
| Cloud Composer | Role Updated |
The following permissions have been added to the role artifactregistry.repositories.createOnPush |
| GKE Hub | Role Updated |
The following permissions have been added to the role logging.buckets.createlogging.buckets.getlogging.buckets.listlogging.buckets.updatelogging.exclusions.createlogging.exclusions.deletelogging.exclusions.getlogging.exclusions.listlogging.exclusions.updatelogging.sinks.createlogging.sinks.deletelogging.sinks.getlogging.sinks.listlogging.sinks.updatelogging.views.createlogging.views.getlogging.views.listlogging.views.update |
| Identity and Access Management | Now GA |
The role |
| Identity and Access Management | Now GA |
The role |
| Identity and Access Management | Now GA |
The role |
| Cloud Logging | Now GA |
The role |
| Network Connectivity Center | Role Updated |
The following permissions have been added to the role compute.addresses.createcompute.addresses.deletecompute.addresses.usecompute.forwardingRules.createcompute.forwardingRules.deletecompute.forwardingRules.pscCreatecompute.forwardingRules.pscDeletecompute.subnetworks.use |
| Certificate Authority Service | Now GA |
The role |
| Pub/Sub Lite | Role Updated |
The following permissions have been added to the role pubsublite.subscriptions.getCursor |
| Apigee | Added |
apigee.nataddresses.activateapigee.nataddresses.createapigee.nataddresses.deleteapigee.nataddresses.getapigee.nataddresses.listapigee.securityIncidents.getapigee.securityIncidents.list |
| Apigee | Supported In Custom Roles |
apigee.nataddresses.activateapigee.nataddresses.createapigee.nataddresses.deleteapigee.nataddresses.getapigee.nataddresses.listapigee.securityIncidents.getapigee.securityIncidents.list |
| Apigee | Now GA |
apigee.nataddresses.activateapigee.nataddresses.createapigee.nataddresses.deleteapigee.nataddresses.getapigee.nataddresses.listapigee.securityIncidents.getapigee.securityIncidents.list |
| Bare Metal Solution | Added |
baremetalsolution.maintenanceevents.addProposalbaremetalsolution.maintenanceevents.approvebaremetalsolution.maintenanceevents.getbaremetalsolution.maintenanceevents.list |
| Bare Metal Solution | Supported In Custom Roles |
baremetalsolution.maintenanceevents.addProposalbaremetalsolution.maintenanceevents.approvebaremetalsolution.maintenanceevents.getbaremetalsolution.maintenanceevents.list |
| Bare Metal Solution | Now GA |
baremetalsolution.maintenanceevents.addProposalbaremetalsolution.maintenanceevents.approvebaremetalsolution.maintenanceevents.getbaremetalsolution.maintenanceevents.list |
| Compute Engine | Now GA |
compute.instances.setName |
| Confidential Computing | Added |
confidentialcomputing.challenges.createconfidentialcomputing.challenges.verifyconfidentialcomputing.locations.getconfidentialcomputing.locations.list |
| Dialogflow | Added |
dialogflow.deployments.getdialogflow.deployments.listdialogflow.environments.runContinuousTest |
| Cloud DNS | Added |
dns.gkeClusters.bindDNSResponsePolicydns.gkeClusters.bindPrivateDNSZone |
| Cloud DNS | Supported In Custom Roles |
dns.gkeClusters.bindDNSResponsePolicydns.gkeClusters.bindPrivateDNSZone |
| Cloud DNS | Now GA |
dns.gkeClusters.bindDNSResponsePolicydns.gkeClusters.bindPrivateDNSZonedns.managedZones.getIamPolicydns.managedZones.setIamPolicydns.networks.bindDNSResponsePolicydns.responsePolicies.createdns.responsePolicies.deletedns.responsePolicies.getdns.responsePolicies.listdns.responsePolicies.updatedns.responsePolicyRules.createdns.responsePolicyRules.deletedns.responsePolicyRules.getdns.responsePolicyRules.listdns.responsePolicyRules.update |
| Distributed Cloud Edge Network | Added |
edgenetwork.routes.createedgenetwork.routes.deleteedgenetwork.routes.getedgenetwork.routes.list |
| Distributed Cloud Edge Network | Now GA |
edgenetwork.routes.createedgenetwork.routes.deleteedgenetwork.routes.getedgenetwork.routes.list |
| FleetEngine | Added |
fleetengine.tasktrackinginfo.get |
| FleetEngine | Supported In Custom Roles |
fleetengine.tasktrackinginfo.get |
| Google Distributed Cloud | Added |
gkeonprem.bareMetalAdminClusters.connectgkeonprem.vmwareAdminClusters.connect |
| Google Distributed Cloud | Supported In Custom Roles |
gkeonprem.bareMetalAdminClusters.connectgkeonprem.vmwareAdminClusters.connect |
| Google Distributed Cloud | Now GA |
gkeonprem.bareMetalAdminClusters.connectgkeonprem.vmwareAdminClusters.connect |
| Identity and Access Management | Now GA |
iam.workforcePoolProviders.createiam.workforcePoolProviders.deleteiam.workforcePoolProviders.getiam.workforcePoolProviders.listiam.workforcePoolProviders.undeleteiam.workforcePoolProviders.updateiam.workforcePoolSubjects.deleteiam.workforcePoolSubjects.undeleteiam.workforcePools.createiam.workforcePools.deleteiam.workforcePools.getiam.workforcePools.getIamPolicyiam.workforcePools.listiam.workforcePools.setIamPolicyiam.workforcePools.undeleteiam.workforcePools.update |
| Identity and Access Management | Now GA |
iam.googleapis.com/workforcePoolProviders.createiam.googleapis.com/workforcePoolProviders.deleteiam.googleapis.com/workforcePoolProviders.getiam.googleapis.com/workforcePoolProviders.listiam.googleapis.com/workforcePoolProviders.undeleteiam.googleapis.com/workforcePoolProviders.updateiam.googleapis.com/workforcePoolSubjects.deleteiam.googleapis.com/workforcePoolSubjects.undeleteiam.googleapis.com/workforcePools.createiam.googleapis.com/workforcePools.deleteiam.googleapis.com/workforcePools.getiam.googleapis.com/workforcePools.getIamPolicyiam.googleapis.com/workforcePools.listiam.googleapis.com/workforcePools.setIamPolicyiam.googleapis.com/workforcePools.undeleteiam.googleapis.com/workforcePools.update |
| Cloud Logging | Now GA |
logging.links.createlogging.links.deletelogging.links.getlogging.links.list |
| Recommender | Added |
recommender.resourcemanagerServiceLimitInsights.getrecommender.resourcemanagerServiceLimitInsights.listrecommender.resourcemanagerServiceLimitInsights.updaterecommender.resourcemanagerServiceLimitRecommendations.getrecommender.resourcemanagerServiceLimitRecommendations.listrecommender.resourcemanagerServiceLimitRecommendations.update |
| Recommender | Supported In Custom Roles |
recommender.resourcemanagerServiceLimitInsights.getrecommender.resourcemanagerServiceLimitInsights.listrecommender.resourcemanagerServiceLimitInsights.updaterecommender.resourcemanagerServiceLimitRecommendations.getrecommender.resourcemanagerServiceLimitRecommendations.listrecommender.resourcemanagerServiceLimitRecommendations.update |
| Cyber Insurance Hub | Added |
riskmanager.controlScoreBreakdowns.getriskmanager.controlScoreBreakdowns.list |
| Cyber Insurance Hub | Supported In Custom Roles |
riskmanager.controlScoreBreakdowns.getriskmanager.controlScoreBreakdowns.list |
| Security Command Center | Added |
securitycenter.effectivesecurityhealthanalyticscustommodules.getsecuritycenter.effectivesecurityhealthanalyticscustommodules.list |
| Security Command Center | Supported In Custom Roles |
securitycenter.effectivesecurityhealthanalyticscustommodules.getsecuritycenter.effectivesecurityhealthanalyticscustommodules.list |
| Security Command Center | Now GA |
securitycenter.effectivesecurityhealthanalyticscustommodules.getsecuritycenter.effectivesecurityhealthanalyticscustommodules.list |
Cloud IAM changes as of 2023-02-17
| Service | Change | Description |
|---|---|---|
| Advisory Notifications | Now GA |
The role |
| Vertex AI | Role Updated |
The following permissions have been added to the role compute.disks.createTagBindingcompute.instances.createTagBindingnotebooks.instances.createnotebooks.instances.deletenotebooks.instances.get |
| Cloud Service Mesh | Role Updated |
The following permissions have been added to the role workloadcertificate.locations.getworkloadcertificate.locations.listworkloadcertificate.operations.getworkloadcertificate.workloadCertificateFeature.getworkloadcertificate.workloadRegistrations.createworkloadcertificate.workloadRegistrations.getworkloadcertificate.workloadRegistrations.list |
| Artifact Registry | Now GA |
The role |
| Artifact Registry | Now GA |
The role |
| Certificate Manager | Now GA |
The role |
| Google Security Operations | Now GA |
The role |
| Cloud Build | Now GA |
The role |
| Compute Engine | Role Updated |
The following permissions have been added to the role compute.disks.createTagBinding |
| Dataform | Role Updated |
The following permissions have been added to the role dataform.compilationResults.createdataform.workflowInvocations.create |
| Database Migration Service | Role Updated |
The following permissions have been added to the role cloudsql.instances.demoteMaster |
| Firebase Realtime Database | Now GA |
The role |
| Backup for GKE | Role Updated |
The following permissions have been added to the role container.clusters.updatecontainer.operations.getcontainer.operations.list |
| Google Distributed Cloud | Now GA |
The role |
| Identity Toolkit | Now GA |
The role |
| Cloud Workstations | Now GA |
The role |
| Access Context Manager | Added |
accesscontextmanager.authorizedOrgsDescs.createaccesscontextmanager.authorizedOrgsDescs.deleteaccesscontextmanager.authorizedOrgsDescs.getaccesscontextmanager.authorizedOrgsDescs.listaccesscontextmanager.authorizedOrgsDescs.update |
| Access Context Manager | Supported In Custom Roles |
accesscontextmanager.authorizedOrgsDescs.createaccesscontextmanager.authorizedOrgsDescs.deleteaccesscontextmanager.authorizedOrgsDescs.getaccesscontextmanager.authorizedOrgsDescs.listaccesscontextmanager.authorizedOrgsDescs.update |
| Access Context Manager | Now GA |
accesscontextmanager.authorizedOrgsDescs.createaccesscontextmanager.authorizedOrgsDescs.deleteaccesscontextmanager.authorizedOrgsDescs.getaccesscontextmanager.authorizedOrgsDescs.listaccesscontextmanager.authorizedOrgsDescs.update |
| Advisory Notifications | Now GA |
advisorynotifications.notifications.getadvisorynotifications.notifications.list |
| Artifact Registry | Added |
artifactregistry.repositories.createOnPush |
| Artifact Registry | Supported In Custom Roles |
artifactregistry.repositories.createOnPush |
| Artifact Registry | Now GA |
artifactregistry.repositories.createOnPush |
| Bare Metal Solution | Added |
baremetalsolution.storageaggregatepools.list |
| Bare Metal Solution | Supported In Custom Roles |
baremetalsolution.storageaggregatepools.list |
| Bare Metal Solution | Now GA |
baremetalsolution.storageaggregatepools.list |
| BigQuery | Added |
bigquery.datasets.listEffectiveTags |
| BigQuery | Now GA |
bigquery.datasets.listEffectiveTags |
| Cloud Logging | Added |
logging.logEntries.route |
| Cloud Logging | Supported In Custom Roles |
logging.logEntries.route |
Cloud IAM changes as of 2023-02-03
| Service | Change | Description |
|---|---|---|
| Connectors | Now GA |
The role |
| Google Kubernetes Engine | Role Updated |
The following permissions have been added to the role recommender.containerDiagnosisInsights.getrecommender.containerDiagnosisInsights.listrecommender.containerDiagnosisRecommendations.getrecommender.containerDiagnosisRecommendations.listrecommender.locations.getrecommender.locations.listrecommender.networkAnalyzerGkeConnectivityInsights.getrecommender.networkAnalyzerGkeConnectivityInsights.listrecommender.networkAnalyzerGkeIpAddressInsights.getrecommender.networkAnalyzerGkeIpAddressInsights.list |
| Container Threat Detection | Role Updated |
The following permissions have been added to the role recommender.containerDiagnosisInsights.getrecommender.containerDiagnosisInsights.listrecommender.containerDiagnosisRecommendations.getrecommender.containerDiagnosisRecommendations.listrecommender.locations.getrecommender.locations.listrecommender.networkAnalyzerGkeConnectivityInsights.getrecommender.networkAnalyzerGkeConnectivityInsights.listrecommender.networkAnalyzerGkeIpAddressInsights.getrecommender.networkAnalyzerGkeIpAddressInsights.list |
| Identity and Access Management | Now GA |
The role |
| Identity and Access Management | Now GA |
The role |
| Cloud Integrations | Role Updated |
The following permissions have been added to the role connectors.actions.executeconnectors.actions.listconnectors.connections.executeSqlQueryconnectors.entities.createconnectors.entities.deleteconnectors.entities.deleteEntitiesWithConditionsconnectors.entities.getconnectors.entities.listconnectors.entities.updateconnectors.entities.updateEntitiesWithConditionsconnectors.entityTypes.list |
| Cloud Integrations | Role Updated |
The following permissions have been added to the role connectors.actions.executeconnectors.actions.listconnectors.connections.executeSqlQueryconnectors.entities.createconnectors.entities.deleteconnectors.entities.deleteEntitiesWithConditionsconnectors.entities.getconnectors.entities.listconnectors.entities.updateconnectors.entities.updateEntitiesWithConditionsconnectors.entityTypes.list |
| Cloud Integrations | Role Updated |
The following permissions have been added to the role connectors.actions.executeconnectors.actions.listconnectors.connections.executeSqlQueryconnectors.entities.createconnectors.entities.deleteconnectors.entities.deleteEntitiesWithConditionsconnectors.entities.getconnectors.entities.listconnectors.entities.updateconnectors.entities.updateEntitiesWithConditionsconnectors.entityTypes.list |
| Service Extensions | Now GA |
The role |
| Pub/Sub Lite | Role Updated |
The following permissions have been added to the role pubsublite.subscriptions.get |
| Recommender | Now GA |
The role |
| Security Command Center | Role Updated |
The following permissions have been added to the role recommender.containerDiagnosisInsights.getrecommender.containerDiagnosisInsights.listrecommender.containerDiagnosisRecommendations.getrecommender.containerDiagnosisRecommendations.listrecommender.networkAnalyzerGkeConnectivityInsights.getrecommender.networkAnalyzerGkeConnectivityInsights.listrecommender.networkAnalyzerGkeIpAddressInsights.getrecommender.networkAnalyzerGkeIpAddressInsights.list |
| Security Command Center | Role Updated |
The following permissions have been added to the role recommender.containerDiagnosisInsights.getrecommender.containerDiagnosisInsights.listrecommender.containerDiagnosisRecommendations.getrecommender.containerDiagnosisRecommendations.listrecommender.networkAnalyzerGkeConnectivityInsights.getrecommender.networkAnalyzerGkeConnectivityInsights.listrecommender.networkAnalyzerGkeIpAddressInsights.getrecommender.networkAnalyzerGkeIpAddressInsights.list |
| Service Management | Role Updated |
The following permissions have been added to the role monitoring.alertPolicies.createmonitoring.alertPolicies.deletemonitoring.alertPolicies.getmonitoring.alertPolicies.listmonitoring.alertPolicies.update |
| BigLake | Added |
biglake.catalogs.createbiglake.catalogs.deletebiglake.catalogs.getbiglake.catalogs.listbiglake.databases.createbiglake.databases.deletebiglake.databases.getbiglake.databases.listbiglake.databases.updatebiglake.locks.checkbiglake.locks.createbiglake.locks.deletebiglake.locks.listbiglake.tables.createbiglake.tables.deletebiglake.tables.getbiglake.tables.listbiglake.tables.lockbiglake.tables.update |
| Blockchain Node Engine | Added |
blockchainnodeengine.blockchainNodes.createblockchainnodeengine.blockchainNodes.deleteblockchainnodeengine.blockchainNodes.getblockchainnodeengine.blockchainNodes.listblockchainnodeengine.blockchainNodes.updateblockchainnodeengine.locations.getblockchainnodeengine.locations.listblockchainnodeengine.operations.cancelblockchainnodeengine.operations.deleteblockchainnodeengine.operations.getblockchainnodeengine.operations.list |
| Identity and Access Management | Now GA |
iam.denypolicies.createiam.denypolicies.deleteiam.denypolicies.getiam.denypolicies.listiam.denypolicies.replaceiam.denypolicies.update |
| Identity and Access Management | Now GA |
iam.googleapis.com/denypolicies.createiam.googleapis.com/denypolicies.deleteiam.googleapis.com/denypolicies.getiam.googleapis.com/denypolicies.listiam.googleapis.com/denypolicies.replace |
| Serverless VPC Access | Added |
vpcaccess.connectors.update |
| Serverless VPC Access | Supported In Custom Roles |
vpcaccess.connectors.update |
Cloud IAM changes as of 2023-01-27
| Service | Change | Description |
|---|---|---|
| Batch | Role Updated |
The following permissions have been added to the role compute.backendBuckets.getcompute.backendBuckets.listcompute.backendServices.getcompute.backendServices.listcompute.disks.addResourcePoliciescompute.disks.createTagBindingcompute.disks.deleteTagBindingcompute.disks.getIamPolicycompute.disks.listEffectiveTagscompute.disks.listTagBindingscompute.disks.removeResourcePoliciescompute.externalVpnGateways.getcompute.externalVpnGateways.listcompute.firewalls.getcompute.firewalls.listcompute.forwardingRules.getcompute.forwardingRules.listcompute.globalForwardingRules.getcompute.globalForwardingRules.listcompute.globalForwardingRules.pscGetcompute.healthChecks.getcompute.healthChecks.listcompute.httpHealthChecks.getcompute.httpHealthChecks.listcompute.httpsHealthChecks.getcompute.httpsHealthChecks.listcompute.images.createcompute.images.createTagBindingcompute.images.deletecompute.images.deleteTagBindingcompute.images.deprecatecompute.images.getIamPolicycompute.images.listEffectiveTagscompute.images.listTagBindingscompute.images.setLabelscompute.images.updatecompute.interconnectAttachments.getcompute.interconnectAttachments.listcompute.interconnectLocations.getcompute.interconnectLocations.listcompute.interconnects.getcompute.interconnects.listcompute.licenseCodes.getcompute.licenseCodes.getIamPolicycompute.licenseCodes.listcompute.licenseCodes.updatecompute.licenseCodes.usecompute.licenses.createcompute.licenses.deletecompute.licenses.getIamPolicycompute.networkAttachments.getcompute.networkAttachments.listcompute.projects.setCommonInstanceMetadatacompute.regionBackendServices.getcompute.regionBackendServices.listcompute.regionHealthCheckServices.getcompute.regionHealthCheckServices.listcompute.regionHealthChecks.getcompute.regionHealthChecks.listcompute.regionNotificationEndpoints.getcompute.regionNotificationEndpoints.listcompute.regionSslCertificates.getcompute.regionSslCertificates.listcompute.regionSslPolicies.getcompute.regionSslPolicies.listcompute.regionSslPolicies.listAvailableFeaturescompute.regionTargetHttpProxies.getcompute.regionTargetHttpProxies.listcompute.regionTargetHttpsProxies.getcompute.regionTargetHttpsProxies.listcompute.regionTargetTcpProxies.getcompute.regionTargetTcpProxies.listcompute.regionUrlMaps.getcompute.regionUrlMaps.listcompute.resourcePolicies.createcompute.resourcePolicies.deletecompute.resourcePolicies.getcompute.resourcePolicies.getIamPolicycompute.resourcePolicies.listcompute.resourcePolicies.updatecompute.resourcePolicies.usecompute.routers.getcompute.routers.listcompute.routes.getcompute.routes.listcompute.serviceAttachments.getcompute.serviceAttachments.listcompute.snapshots.createcompute.snapshots.createTagBindingcompute.snapshots.deletecompute.snapshots.deleteTagBindingcompute.snapshots.getcompute.snapshots.getIamPolicycompute.snapshots.listcompute.snapshots.listEffectiveTagscompute.snapshots.listTagBindingscompute.snapshots.setLabelscompute.snapshots.useReadOnlycompute.sslCertificates.getcompute.sslCertificates.listcompute.sslPolicies.getcompute.sslPolicies.listcompute.sslPolicies.listAvailableFeaturescompute.targetGrpcProxies.getcompute.targetGrpcProxies.listcompute.targetHttpProxies.getcompute.targetHttpProxies.listcompute.targetHttpsProxies.getcompute.targetHttpsProxies.listcompute.targetInstances.getcompute.targetInstances.listcompute.targetSslProxies.getcompute.targetSslProxies.listcompute.targetTcpProxies.getcompute.targetTcpProxies.listcompute.targetVpnGateways.getcompute.targetVpnGateways.listcompute.urlMaps.getcompute.urlMaps.listcompute.vpnGateways.getcompute.vpnGateways.listcompute.vpnTunnels.getcompute.vpnTunnels.list |
| Firebase Remote Config | Now GA |
The role |
| Dataplex Universal Catalog | Now GA |
The role |
| Dataplex Universal Catalog | Now GA |
The role |
| Dataplex Universal Catalog | Now GA |
The role |
| Dataplex Universal Catalog | Now GA |
The role |
| Firebase | Role Updated |
The following permissions have been added to the role oauthconfig.verification.getoauthpolicymetadata.brandpolicy.get |
| Firebase | Role Updated |
The following permissions have been added to the role oauthconfig.verification.getoauthpolicymetadata.brandpolicy.get |
| Firebase | Role Updated |
The following permissions have been added to the role oauthconfig.verification.getoauthpolicymetadata.brandpolicy.get |
| Firebase | Role Updated |
The following permissions have been added to the role oauthconfig.verification.getoauthpolicymetadata.brandpolicy.get |
| BigQuery | Now GA |
bigquery.datasets.createTagBindingbigquery.datasets.deleteTagBindingbigquery.datasets.listTagBindings |
| Cloud SQL | Added |
cloudsql.instances.migrate |
| Cloud SQL | Supported In Custom Roles |
cloudsql.instances.migrate |
| Cloud SQL | Now GA |
cloudsql.instances.migrate |
| Dataplex Universal Catalog | Added |
dataplex.dataAttributeBindings.createdataplex.dataAttributeBindings.deletedataplex.dataAttributeBindings.getdataplex.dataAttributeBindings.getIamPolicydataplex.dataAttributeBindings.listdataplex.dataAttributeBindings.setIamPolicydataplex.dataAttributeBindings.updatedataplex.dataAttributes.binddataplex.dataAttributes.createdataplex.dataAttributes.deletedataplex.dataAttributes.getdataplex.dataAttributes.getIamPolicydataplex.dataAttributes.listdataplex.dataAttributes.setIamPolicydataplex.dataAttributes.updatedataplex.dataTaxonomies.configureDataAccessdataplex.dataTaxonomies.configureResourceAccessdataplex.dataTaxonomies.createdataplex.dataTaxonomies.deletedataplex.dataTaxonomies.getdataplex.dataTaxonomies.getIamPolicydataplex.dataTaxonomies.listdataplex.dataTaxonomies.setIamPolicydataplex.dataTaxonomies.update |
| Dataplex Universal Catalog | Now GA |
dataplex.dataAttributeBindings.createdataplex.dataAttributeBindings.deletedataplex.dataAttributeBindings.getdataplex.dataAttributeBindings.getIamPolicydataplex.dataAttributeBindings.listdataplex.dataAttributeBindings.setIamPolicydataplex.dataAttributeBindings.updatedataplex.dataAttributes.binddataplex.dataAttributes.createdataplex.dataAttributes.deletedataplex.dataAttributes.getdataplex.dataAttributes.getIamPolicydataplex.dataAttributes.listdataplex.dataAttributes.setIamPolicydataplex.dataAttributes.updatedataplex.dataTaxonomies.configureDataAccessdataplex.dataTaxonomies.configureResourceAccessdataplex.dataTaxonomies.createdataplex.dataTaxonomies.deletedataplex.dataTaxonomies.getdataplex.dataTaxonomies.getIamPolicydataplex.dataTaxonomies.listdataplex.dataTaxonomies.setIamPolicydataplex.dataTaxonomies.update |
| Dialogflow | Added |
dialogflow.experiments.createdialogflow.experiments.deletedialogflow.experiments.getdialogflow.experiments.listdialogflow.experiments.updatedialogflow.testcases.calculateCoveragedialogflow.testcases.createdialogflow.testcases.deletedialogflow.testcases.exportdialogflow.testcases.getdialogflow.testcases.importdialogflow.testcases.listdialogflow.testcases.rundialogflow.testcases.update |
| Pub/Sub | Added |
pubsub.schemas.commitpubsub.schemas.listRevisionspubsub.schemas.rollback |
| Pub/Sub | Now GA |
pubsub.schemas.commitpubsub.schemas.listRevisionspubsub.schemas.rollback |
| Pub/Sub Lite | Added |
pubsublite.locations.openKafkaStream |
| Pub/Sub Lite | Now GA |
pubsublite.locations.openKafkaStream |
| Workload Certificate | Added |
workloadcertificate.locations.getworkloadcertificate.locations.listworkloadcertificate.operations.cancelworkloadcertificate.operations.deleteworkloadcertificate.operations.getworkloadcertificate.operations.listworkloadcertificate.workloadCertificateFeature.getworkloadcertificate.workloadCertificateFeature.updateworkloadcertificate.workloadRegistrations.createworkloadcertificate.workloadRegistrations.deleteworkloadcertificate.workloadRegistrations.getworkloadcertificate.workloadRegistrations.listworkloadcertificate.workloadRegistrations.update |
Cloud IAM changes as of 2023-01-20
| Service | Change | Description |
|---|---|---|
| Vertex AI | Role Updated |
The following permissions have been added to the role aiplatform.humanInTheLoops.cancel |
| Vertex AI | Role Updated |
The following permissions have been added to the role aiplatform.humanInTheLoops.cancel |
| Vertex AI | Role Updated |
The following permissions have been added to the role aiplatform.humanInTheLoops.cancelcompute.addresses.getcompute.addresses.listcompute.addresses.usecompute.addresses.useInternalcompute.disks.createcompute.disks.deletecompute.disks.getcompute.disks.setLabelscompute.disks.usecompute.disks.useReadOnlycompute.instances.createcompute.instances.deletecompute.instances.getcompute.instances.setLabelscompute.instances.setMetadatacompute.instances.setServiceAccountcompute.instances.setTagscompute.subnetworks.usecompute.subnetworks.useExternalIp |
| Vertex AI | Role Updated |
The following permissions have been added to the role aiplatform.humanInTheLoops.cancel |
| Cloud Build | Role Updated |
The following permissions have been added to the role pubsub.topics.get |
| Distributed Cloud Edge Network | Now GA |
The role |
| Distributed Cloud Edge Network | Now GA |
The role |
| Firebase Security Rules | Now GA |
The role |
| Maps Platform Datasets | Role Updated |
The following permissions have been added to the role mapsadmin.clientStyles.createmapsadmin.clientStyles.deletemapsadmin.clientStyles.getmapsadmin.clientStyles.listmapsadmin.clientStyles.update |
| Maps Platform Datasets | Role Updated |
The following permissions have been added to the role mapsadmin.clientStyles.getmapsadmin.clientStyles.list |
| Cloud Monitoring | Role Updated |
The following permissions have been added to the role monitoring.timeSeries.list |
| Stream | Now GA |
The role |
| Vision AI | Now GA |
The role |
| Visual Inspection AI | Role Updated |
The following permissions have been added to the role aiplatform.humanInTheLoops.cancel |
| Vertex AI | Added |
aiplatform.humanInTheLoops.cancel |
| Apigee | Added |
apigee.entitlements.getapigee.projectorganizations.getapigee.setupcontexts.getapigee.setupcontexts.update |
| Apigee | Now GA |
apigee.entitlements.getapigee.projectorganizations.getapigee.setupcontexts.getapigee.setupcontexts.update |
| Recommendations | Added |
automlrecommendations.eventStores.listautomlrecommendations.events.get |
| Recommendations | Supported In Custom Roles |
automlrecommendations.eventStores.listautomlrecommendations.events.get |
| Google Security Operations | Added |
chronicle.parserExtensions.createchronicle.parserExtensions.deletechronicle.parserExtensions.getchronicle.parserExtensions.list |
| Google Security Operations | Now GA |
chronicle.parserExtensions.createchronicle.parserExtensions.deletechronicle.parserExtensions.getchronicle.parserExtensions.list |
| Compute Engine | Added |
compute.resourcePolicies.update |
| Compute Engine | Supported In Custom Roles |
compute.resourcePolicies.update |
| Compute Engine | Now GA |
compute.resourcePolicies.update |
| Data Catalog | Added |
datacatalog.entries.createGlossarydatacatalog.entries.createGlossaryTermdatacatalog.entries.deleteGlossarydatacatalog.entries.deleteGlossaryTermdatacatalog.entries.updateGlossarydatacatalog.entries.updateGlossaryTermdatacatalog.relationships.createdatacatalog.relationships.createIsDescribedBydatacatalog.relationships.createIsRelatedTodatacatalog.relationships.createIsSynonymousTodatacatalog.relationships.deletedatacatalog.relationships.deleteIsDescribedBydatacatalog.relationships.deleteIsRelatedTodatacatalog.relationships.deleteIsSynonymousTodatacatalog.relationships.list |
| Data Catalog | Supported In Custom Roles |
datacatalog.entries.createGlossarydatacatalog.entries.createGlossaryTermdatacatalog.entries.deleteGlossarydatacatalog.entries.deleteGlossaryTermdatacatalog.entries.updateGlossarydatacatalog.entries.updateGlossaryTermdatacatalog.relationships.createdatacatalog.relationships.createIsDescribedBydatacatalog.relationships.createIsRelatedTodatacatalog.relationships.createIsSynonymousTodatacatalog.relationships.deletedatacatalog.relationships.deleteIsDescribedBydatacatalog.relationships.deleteIsRelatedTodatacatalog.relationships.deleteIsSynonymousTodatacatalog.relationships.list |
| Database Migration Service | Added |
datamigration.locations.fetchStaticIps |
| Database Migration Service | Supported In Custom Roles |
datamigration.locations.fetchStaticIps |
| Database Migration Service | Now GA |
datamigration.locations.fetchStaticIps |
| Distributed Cloud Edge Network | Added |
edgenetwork.interconnectAttachments.createedgenetwork.interconnectAttachments.deleteedgenetwork.interconnectAttachments.getedgenetwork.interconnectAttachments.getIamPolicyedgenetwork.interconnectAttachments.listedgenetwork.interconnectAttachments.setIamPolicyedgenetwork.interconnectAttachments.updateedgenetwork.interconnects.getedgenetwork.interconnects.getDiagnosticsedgenetwork.interconnects.getIamPolicyedgenetwork.interconnects.listedgenetwork.interconnects.setIamPolicyedgenetwork.locations.getedgenetwork.locations.listedgenetwork.networks.createedgenetwork.networks.deleteedgenetwork.networks.getedgenetwork.networks.getIamPolicyedgenetwork.networks.getStatusedgenetwork.networks.listedgenetwork.networks.setIamPolicyedgenetwork.networks.updateedgenetwork.operations.canceledgenetwork.operations.deleteedgenetwork.operations.getedgenetwork.operations.listedgenetwork.routers.createedgenetwork.routers.deleteedgenetwork.routers.getedgenetwork.routers.getIamPolicyedgenetwork.routers.getRouterStatusedgenetwork.routers.listedgenetwork.routers.patchedgenetwork.routers.setIamPolicyedgenetwork.routers.updateedgenetwork.subnetworks.createedgenetwork.subnetworks.deleteedgenetwork.subnetworks.getedgenetwork.subnetworks.getIamPolicyedgenetwork.subnetworks.getStatusedgenetwork.subnetworks.listedgenetwork.subnetworks.setIamPolicyedgenetwork.subnetworks.updateedgenetwork.zones.getedgenetwork.zones.initializeedgenetwork.zones.list |
| Distributed Cloud Edge Network | Supported In Custom Roles |
edgenetwork.interconnectAttachments.createedgenetwork.interconnectAttachments.deleteedgenetwork.interconnectAttachments.getedgenetwork.interconnectAttachments.getIamPolicyedgenetwork.interconnectAttachments.listedgenetwork.interconnectAttachments.setIamPolicyedgenetwork.interconnectAttachments.updateedgenetwork.interconnects.getedgenetwork.interconnects.getDiagnosticsedgenetwork.interconnects.getIamPolicyedgenetwork.interconnects.listedgenetwork.interconnects.setIamPolicyedgenetwork.locations.getedgenetwork.locations.listedgenetwork.networks.createedgenetwork.networks.deleteedgenetwork.networks.getedgenetwork.networks.getIamPolicyedgenetwork.networks.getStatusedgenetwork.networks.listedgenetwork.networks.setIamPolicyedgenetwork.networks.updateedgenetwork.operations.canceledgenetwork.operations.deleteedgenetwork.operations.getedgenetwork.operations.listedgenetwork.routers.createedgenetwork.routers.deleteedgenetwork.routers.getedgenetwork.routers.getIamPolicyedgenetwork.routers.getRouterStatusedgenetwork.routers.listedgenetwork.routers.patchedgenetwork.routers.setIamPolicyedgenetwork.routers.updateedgenetwork.subnetworks.createedgenetwork.subnetworks.deleteedgenetwork.subnetworks.getedgenetwork.subnetworks.getIamPolicyedgenetwork.subnetworks.getStatusedgenetwork.subnetworks.listedgenetwork.subnetworks.setIamPolicyedgenetwork.subnetworks.updateedgenetwork.zones.getedgenetwork.zones.initializeedgenetwork.zones.list |
| Distributed Cloud Edge Network | Now GA |
edgenetwork.interconnectAttachments.createedgenetwork.interconnectAttachments.deleteedgenetwork.interconnectAttachments.getedgenetwork.interconnectAttachments.getIamPolicyedgenetwork.interconnectAttachments.listedgenetwork.interconnectAttachments.setIamPolicyedgenetwork.interconnectAttachments.updateedgenetwork.interconnects.getedgenetwork.interconnects.getDiagnosticsedgenetwork.interconnects.getIamPolicyedgenetwork.interconnects.listedgenetwork.interconnects.setIamPolicyedgenetwork.locations.getedgenetwork.locations.listedgenetwork.networks.createedgenetwork.networks.deleteedgenetwork.networks.getedgenetwork.networks.getIamPolicyedgenetwork.networks.getStatusedgenetwork.networks.listedgenetwork.networks.setIamPolicyedgenetwork.networks.updateedgenetwork.operations.canceledgenetwork.operations.deleteedgenetwork.operations.getedgenetwork.operations.listedgenetwork.routers.createedgenetwork.routers.deleteedgenetwork.routers.getedgenetwork.routers.getIamPolicyedgenetwork.routers.getRouterStatusedgenetwork.routers.listedgenetwork.routers.patchedgenetwork.routers.setIamPolicyedgenetwork.routers.updateedgenetwork.subnetworks.createedgenetwork.subnetworks.deleteedgenetwork.subnetworks.getedgenetwork.subnetworks.getIamPolicyedgenetwork.subnetworks.getStatusedgenetwork.subnetworks.listedgenetwork.subnetworks.setIamPolicyedgenetwork.subnetworks.updateedgenetwork.zones.getedgenetwork.zones.initializeedgenetwork.zones.list |
| Firebase Authentication | Added |
firebaseauth.configs.getSecret |
| Firebase Authentication | Supported In Custom Roles |
firebaseauth.configs.getSecret |
| Firebase Authentication | Now GA |
firebaseauth.configs.getSecret |
| Notebooks | Added |
notebooks.runtimes.upgrade |
| Notebooks | Now GA |
notebooks.runtimes.upgrade |
| Recommender | Added |
recommender.bigqueryPartitionClusterRecommendations.getrecommender.bigqueryPartitionClusterRecommendations.listrecommender.bigqueryPartitionClusterRecommendations.updaterecommender.bigqueryTableStatsInsights.getrecommender.bigqueryTableStatsInsights.listrecommender.bigqueryTableStatsInsights.update |
| Recommender | Supported In Custom Roles |
recommender.bigqueryPartitionClusterRecommendations.getrecommender.bigqueryPartitionClusterRecommendations.listrecommender.bigqueryPartitionClusterRecommendations.updaterecommender.bigqueryTableStatsInsights.getrecommender.bigqueryTableStatsInsights.listrecommender.bigqueryTableStatsInsights.update |
| Retail API | Added |
retail.models.get |
| Retail API | Now GA |
retail.models.createretail.models.deleteretail.models.listretail.models.pauseretail.models.resumeretail.models.tuneretail.models.update |
Cloud IAM changes as of 2023-01-06
| Service | Change | Description |
|---|---|---|
| Vertex AI | Now GA |
The role |
| Vertex AI | Now GA |
The role |
| Vertex AI | Now GA |
The role |
| Vertex AI | Now GA |
The role |
| Vertex AI | Now GA |
The role |
| Backup and Disaster Recovery | Role Updated |
The following permissions have been added to the role compute.regionOperations.get |
| Cloud Build | Role Updated |
The following permissions have been added to the role cloudbuild.repositories.get |
| Cloud Build | Role Updated |
The following permissions have been added to the role cloudbuild.repositories.get |
| Connectors | Role Updated |
The following permissions have been added to the role secretmanager.secrets.getIamPolicy |
| Google Cloud Contact Center as a Service | Role Updated |
The following permissions have been added to the role contactcenteraiplatform.contactCenters.queryQuota |
| Basic Role | Role Updated |
The following permissions have been added to the role contactcenteraiplatform.contactCenters.queryQuota |
| GKE Hub | Role Updated |
The following permissions have been added to the role container.operations.get |
| Cloud Monitoring | Role Updated |
The following permissions have been added to the role cloudfunctions.functions.getcloudtrace.traces.patchrun.routes.invoke |
| Basic Role | Role Updated |
The following permissions have been added to the role contactcenteraiplatform.contactCenters.queryQuota |
| Recommender | Now GA |
The role |
| Recommender | Now GA |
The role |
| Recommender | Role Updated |
The following permissions have been added to the role recommender.computeInstanceIdleResourceRecommenderConfig.getrecommender.computeInstanceIdleResourceRecommenderConfig.update |
| Basic Role | Role Updated |
The following permissions have been added to the role contactcenteraiplatform.contactCenters.queryQuota |
| Compute Engine | Now GA |
compute.backendServices.getIamPolicycompute.backendServices.setIamPolicycompute.regionBackendServices.getIamPolicycompute.regionBackendServices.setIamPolicy |
| Google Cloud Contact Center as a Service | Added |
contactcenteraiplatform.contactCenters.queryQuota |
| Cloud Data Fusion | Added |
datafusion.artifacts.createdatafusion.artifacts.deletedatafusion.artifacts.getdatafusion.artifacts.listdatafusion.artifacts.updatedatafusion.pipelineConnections.createdatafusion.pipelineConnections.deletedatafusion.pipelineConnections.getdatafusion.pipelineConnections.listdatafusion.pipelineConnections.updatedatafusion.pipelineConnections.usedatafusion.pipelines.createdatafusion.pipelines.deletedatafusion.pipelines.executedatafusion.pipelines.getdatafusion.pipelines.listdatafusion.pipelines.previewdatafusion.pipelines.updatedatafusion.profiles.createdatafusion.profiles.deletedatafusion.profiles.getdatafusion.profiles.listdatafusion.profiles.updatedatafusion.secureKeys.createdatafusion.secureKeys.deletedatafusion.secureKeys.getSecretdatafusion.secureKeys.listdatafusion.secureKeys.update |
| Data Lineage API | Added |
datalineage.events.createdatalineage.events.deletedatalineage.events.getdatalineage.events.listdatalineage.locations.searchLinksdatalineage.operations.getdatalineage.processes.createdatalineage.processes.deletedatalineage.processes.getdatalineage.processes.listdatalineage.processes.updatedatalineage.runs.createdatalineage.runs.deletedatalineage.runs.getdatalineage.runs.listdatalineage.runs.update |
| Data Lineage API | Supported In Custom Roles |
datalineage.operations.get |
| Database Migration Service | Added |
datamigration.conversionworkspaces.commitdatamigration.conversionworkspaces.convertdatamigration.conversionworkspaces.createdatamigration.conversionworkspaces.deletedatamigration.conversionworkspaces.getdatamigration.conversionworkspaces.getIamPolicydatamigration.conversionworkspaces.listdatamigration.conversionworkspaces.rollbackdatamigration.conversionworkspaces.seeddatamigration.conversionworkspaces.setIamPolicydatamigration.conversionworkspaces.updatedatamigration.mappingrules.getIamPolicydatamigration.mappingrules.importdatamigration.mappingrules.setIamPolicydatamigration.privateconnections.createdatamigration.privateconnections.deletedatamigration.privateconnections.getdatamigration.privateconnections.getIamPolicydatamigration.privateconnections.listdatamigration.privateconnections.setIamPolicy |
| Database Migration Service | Supported In Custom Roles |
datamigration.privateconnections.createdatamigration.privateconnections.deletedatamigration.privateconnections.getdatamigration.privateconnections.getIamPolicydatamigration.privateconnections.listdatamigration.privateconnections.setIamPolicy |
| Database Migration Service | Now GA |
datamigration.conversionworkspaces.commitdatamigration.conversionworkspaces.convertdatamigration.conversionworkspaces.createdatamigration.conversionworkspaces.deletedatamigration.conversionworkspaces.getdatamigration.conversionworkspaces.getIamPolicydatamigration.conversionworkspaces.listdatamigration.conversionworkspaces.rollbackdatamigration.conversionworkspaces.seeddatamigration.conversionworkspaces.setIamPolicydatamigration.conversionworkspaces.updatedatamigration.mappingrules.getIamPolicydatamigration.mappingrules.importdatamigration.mappingrules.setIamPolicydatamigration.privateconnections.createdatamigration.privateconnections.deletedatamigration.privateconnections.getdatamigration.privateconnections.getIamPolicydatamigration.privateconnections.listdatamigration.privateconnections.setIamPolicy |
| Dialogflow | Added |
dialogflow.knowledgeBases.update |
| Dialogflow | Supported In Custom Roles |
dialogflow.knowledgeBases.update |
| Dialogflow | Now GA |
dialogflow.knowledgeBases.update |
| Google Earth Engine | Added |
earthengine.featureviews.create |
| ML Kit for Firebase | Added |
firebaseml.models.update |
| ML Kit for Firebase | Supported In Custom Roles |
firebaseml.models.update |
| Network Management API | Added |
networkmanagement.topologygraphs.read |
| Network Management API | Supported In Custom Roles |
networkmanagement.topologygraphs.read |
| Network Management API | Now GA |
networkmanagement.topologygraphs.read |
| Recommender | Added |
recommender.computeInstanceIdleResourceRecommenderConfig.getrecommender.computeInstanceIdleResourceRecommenderConfig.updaterecommender.iamPolicyRecommenderConfig.getrecommender.iamPolicyRecommenderConfig.updaterecommender.spendBasedCommitmentRecommenderConfig.getrecommender.spendBasedCommitmentRecommenderConfig.update |
| Recommender | Supported In Custom Roles |
recommender.computeInstanceIdleResourceRecommenderConfig.getrecommender.computeInstanceIdleResourceRecommenderConfig.updaterecommender.iamPolicyRecommenderConfig.getrecommender.iamPolicyRecommenderConfig.updaterecommender.spendBasedCommitmentRecommenderConfig.getrecommender.spendBasedCommitmentRecommenderConfig.update |
| Recommender | Now GA |
recommender.computeInstanceIdleResourceRecommenderConfig.getrecommender.computeInstanceIdleResourceRecommenderConfig.updaterecommender.containerDiagnosisInsights.getrecommender.containerDiagnosisInsights.listrecommender.containerDiagnosisInsights.updaterecommender.containerDiagnosisRecommendations.getrecommender.containerDiagnosisRecommendations.listrecommender.containerDiagnosisRecommendations.updaterecommender.iamPolicyRecommenderConfig.getrecommender.iamPolicyRecommenderConfig.update |
Cloud IAM changes as of 2022-12-16
| Service | Change | Description |
|---|---|---|
| Cloud Composer | Role Updated |
The following permissions have been added to the role recommender.containerDiagnosisInsights.getrecommender.containerDiagnosisInsights.listrecommender.containerDiagnosisInsights.updaterecommender.containerDiagnosisRecommendations.getrecommender.containerDiagnosisRecommendations.listrecommender.containerDiagnosisRecommendations.updaterecommender.locations.getrecommender.locations.listrecommender.networkAnalyzerGkeConnectivityInsights.getrecommender.networkAnalyzerGkeConnectivityInsights.listrecommender.networkAnalyzerGkeConnectivityInsights.updaterecommender.networkAnalyzerGkeIpAddressInsights.getrecommender.networkAnalyzerGkeIpAddressInsights.listrecommender.networkAnalyzerGkeIpAddressInsights.update |
| Cloud Composer | Role Updated |
The following permissions have been added to the role recommender.containerDiagnosisInsights.getrecommender.containerDiagnosisInsights.listrecommender.containerDiagnosisInsights.updaterecommender.containerDiagnosisRecommendations.getrecommender.containerDiagnosisRecommendations.listrecommender.containerDiagnosisRecommendations.updaterecommender.locations.getrecommender.locations.listrecommender.networkAnalyzerGkeConnectivityInsights.getrecommender.networkAnalyzerGkeConnectivityInsights.listrecommender.networkAnalyzerGkeConnectivityInsights.updaterecommender.networkAnalyzerGkeIpAddressInsights.getrecommender.networkAnalyzerGkeIpAddressInsights.listrecommender.networkAnalyzerGkeIpAddressInsights.update |
| Google Kubernetes Engine | Role Updated |
The following permissions have been added to the role recommender.containerDiagnosisInsights.getrecommender.containerDiagnosisInsights.listrecommender.containerDiagnosisInsights.updaterecommender.containerDiagnosisRecommendations.getrecommender.containerDiagnosisRecommendations.listrecommender.containerDiagnosisRecommendations.updaterecommender.locations.getrecommender.locations.listrecommender.networkAnalyzerGkeConnectivityInsights.getrecommender.networkAnalyzerGkeConnectivityInsights.listrecommender.networkAnalyzerGkeConnectivityInsights.updaterecommender.networkAnalyzerGkeIpAddressInsights.getrecommender.networkAnalyzerGkeIpAddressInsights.listrecommender.networkAnalyzerGkeIpAddressInsights.update |
| Google Kubernetes Engine | Role Updated |
The following permissions have been added to the role recommender.containerDiagnosisInsights.getrecommender.containerDiagnosisInsights.listrecommender.containerDiagnosisInsights.updaterecommender.containerDiagnosisRecommendations.getrecommender.containerDiagnosisRecommendations.listrecommender.containerDiagnosisRecommendations.updaterecommender.locations.getrecommender.locations.listrecommender.networkAnalyzerGkeConnectivityInsights.getrecommender.networkAnalyzerGkeConnectivityInsights.listrecommender.networkAnalyzerGkeConnectivityInsights.updaterecommender.networkAnalyzerGkeIpAddressInsights.getrecommender.networkAnalyzerGkeIpAddressInsights.listrecommender.networkAnalyzerGkeIpAddressInsights.update |
| Google Kubernetes Engine | Role Updated |
The following permissions have been added to the role recommender.containerDiagnosisInsights.getrecommender.containerDiagnosisInsights.listrecommender.containerDiagnosisInsights.updaterecommender.containerDiagnosisRecommendations.getrecommender.containerDiagnosisRecommendations.listrecommender.containerDiagnosisRecommendations.updaterecommender.locations.getrecommender.locations.listrecommender.networkAnalyzerGkeConnectivityInsights.getrecommender.networkAnalyzerGkeConnectivityInsights.listrecommender.networkAnalyzerGkeConnectivityInsights.updaterecommender.networkAnalyzerGkeIpAddressInsights.getrecommender.networkAnalyzerGkeIpAddressInsights.listrecommender.networkAnalyzerGkeIpAddressInsights.update |
| Dataproc | Role Updated |
The following permissions have been added to the role compute.networks.getEffectiveFirewallsiam.serviceAccounts.getAccessToken |
| Firestore | Role Updated |
The following permissions have been added to the role datastore.databases.list |
| Sensitive Data Protection | Role Updated |
The following permissions have been added to the role datastore.databases.list |
| Game Servers | Role Updated |
The following permissions have been added to the role recommender.containerDiagnosisInsights.getrecommender.containerDiagnosisInsights.listrecommender.containerDiagnosisInsights.updaterecommender.containerDiagnosisRecommendations.getrecommender.containerDiagnosisRecommendations.listrecommender.containerDiagnosisRecommendations.updaterecommender.locations.getrecommender.locations.listrecommender.networkAnalyzerGkeConnectivityInsights.getrecommender.networkAnalyzerGkeConnectivityInsights.listrecommender.networkAnalyzerGkeConnectivityInsights.updaterecommender.networkAnalyzerGkeIpAddressInsights.getrecommender.networkAnalyzerGkeIpAddressInsights.listrecommender.networkAnalyzerGkeIpAddressInsights.update |
| Backup for GKE | Role Updated |
The following permissions have been added to the role recommender.containerDiagnosisInsights.getrecommender.containerDiagnosisInsights.listrecommender.containerDiagnosisInsights.updaterecommender.containerDiagnosisRecommendations.getrecommender.containerDiagnosisRecommendations.listrecommender.containerDiagnosisRecommendations.updaterecommender.locations.getrecommender.locations.listrecommender.networkAnalyzerGkeConnectivityInsights.getrecommender.networkAnalyzerGkeConnectivityInsights.listrecommender.networkAnalyzerGkeConnectivityInsights.updaterecommender.networkAnalyzerGkeIpAddressInsights.getrecommender.networkAnalyzerGkeIpAddressInsights.listrecommender.networkAnalyzerGkeIpAddressInsights.update |
| VM Migration | Role Updated |
The following permissions have been added to the role resourcemanager.projects.getresourcemanager.projects.list |
| VM Migration | Role Updated |
The following permissions have been added to the role resourcemanager.projects.getresourcemanager.projects.list |
| Google Cloud | Added |
cloud.locations.getcloud.locations.list |
| Google Cloud | Supported In Custom Roles |
cloud.locations.getcloud.locations.list |
| Cloud Asset Inventory | Added |
cloudasset.assets.exportBeyondCorpAppGatewayscloudasset.assets.listBeyondCorpAppGateways |
| Cloud Asset Inventory | Supported In Custom Roles |
cloudasset.assets.exportBeyondCorpAppGatewayscloudasset.assets.listBeyondCorpAppGateways |
| Cloud Key Management Service | Added |
cloudkms.protectedResources.search |
| GKE Multi-Cloud | Added |
gkemulticloud.attachedClusters.creategkemulticloud.attachedClusters.deletegkemulticloud.attachedClusters.generateInstallManifestgkemulticloud.attachedClusters.getgkemulticloud.attachedClusters.importgkemulticloud.attachedClusters.listgkemulticloud.attachedClusters.updategkemulticloud.attachedServerConfigs.get |
| GKE Multi-Cloud | Now GA |
gkemulticloud.attachedClusters.creategkemulticloud.attachedClusters.deletegkemulticloud.attachedClusters.generateInstallManifestgkemulticloud.attachedClusters.getgkemulticloud.attachedClusters.importgkemulticloud.attachedClusters.listgkemulticloud.attachedClusters.updategkemulticloud.attachedServerConfigs.get |
Cloud IAM changes as of 2022-12-09
| Service | Change | Description |
|---|---|---|
| Cloud Service Mesh | Role Updated |
The following permissions have been added to the role container.validatingWebhookConfigurations.delete |
| App Engine | Now GA |
The role |
| App Engine | Role Updated |
The following permissions have been added to the role storage.buckets.createstorage.buckets.get |
| App Engine flexible environment | Role Updated |
The following permissions have been added to the role compute.instanceGroups.use |
| Bare Metal Solution | Now GA |
The role |
| Cloud Optimization | Now GA |
The role |
| Cloud Optimization | Now GA |
The role |
| Cloud Optimization | Now GA |
The role |
| Compute Engine | Role Updated |
The following permissions have been added to the role iam.serviceAccounts.actAs |
| Google Kubernetes Engine | Role Updated |
The following permissions have been added to the role serviceusage.services.use |
| Google Kubernetes Engine | Role Updated |
The following permissions have been added to the role serviceusage.services.use |
| Dataplex Universal Catalog | Role Updated |
The following permissions have been added to the role datacatalog.categories.getIamPolicydatacatalog.categories.setIamPolicydatacatalog.taxonomies.createdatacatalog.taxonomies.deletedatacatalog.taxonomies.getdatacatalog.taxonomies.listdatacatalog.taxonomies.update |
| Dataplex Universal Catalog | Role Updated |
The following permissions have been removed from the role dataproc.autoscalingPolicies.createdataproc.jobs.deletedataproc.jobs.getdataproc.workflowTemplates.instantiateInline |
| Distributed Cloud Edge Container | Now GA |
The role |
| Firebase | Role Updated |
The following permissions have been added to the role bigquery.datasets.createbigquery.datasets.getbigquery.transfers.getbigquery.transfers.update |
| Firebase Security Rules | Now GA |
The role |
| FleetEngine | Role Updated |
The following permissions have been removed from the role fleetengine.deliveryvehicles.createfleetengine.deliveryvehicles.getfleetengine.deliveryvehicles.listfleetengine.deliveryvehicles.updatefleetengine.deliveryvehicles.updateLocationfleetengine.deliveryvehicles.updateVehicleStopsfleetengine.tasks.createfleetengine.tasks.getfleetengine.tasks.listfleetengine.tasks.searchWithTrackingIdfleetengine.tasks.update |
| Backup for GKE | Now GA |
The role |
| Backup for GKE | Now GA |
The role |
| Backup for GKE | Now GA |
The role |
| Backup for GKE | Now GA |
The role |
| Backup for GKE | Now GA |
The role |
| Backup for GKE | Now GA |
The role |
| Dataproc Metastore | Role Updated |
The following permissions have been added to the role dns.changes.createdns.changes.getdns.managedZones.createdns.managedZones.deletedns.managedZones.getdns.managedZones.listdns.networks.bindPrivateDNSZonedns.networks.targetWithPeeringZonedns.resourceRecordSets.createdns.resourceRecordSets.deletedns.resourceRecordSets.getdns.resourceRecordSets.listdns.resourceRecordSets.update |
| Nest Console | Now GA |
The role |
| Nest Console | Now GA |
The role |
| Nest Console | Now GA |
The role |
| Pub/Sub Lite | Now GA |
The role |
| Storage Insights | Now GA |
The role |
| Storage Insights | Now GA |
The role |
| Workload Certificate | Role Updated |
The following permissions have been added to the role gkehub.fleet.creategkehub.fleet.getgkehub.operations.get |
| Apigee | Added |
apigee.instances.updateapigee.projects.migrateapigee.projects.previewMigrationapigee.traceconfig.getapigee.traceconfig.updateapigee.traceconfigoverrides.createapigee.traceconfigoverrides.deleteapigee.traceconfigoverrides.getapigee.traceconfigoverrides.listapigee.traceconfigoverrides.update |
| Apigee | Supported In Custom Roles |
apigee.instances.updateapigee.projects.migrateapigee.projects.previewMigration |
| Apigee | Now GA |
apigee.instances.updateapigee.projects.migrateapigee.projects.previewMigrationapigee.traceconfig.getapigee.traceconfig.updateapigee.traceconfigoverrides.createapigee.traceconfigoverrides.deleteapigee.traceconfigoverrides.getapigee.traceconfigoverrides.listapigee.traceconfigoverrides.update |
| App Engine | Added |
appengine.instances.enableDebug |
| App Engine | Supported In Custom Roles |
appengine.instances.enableDebug |
| App Engine | Now GA |
appengine.instances.enableDebug |
| Cloud Asset Inventory | Added |
cloudasset.assets.queryAccessPolicycloudasset.assets.queryIamPolicycloudasset.assets.queryOSInventoriescloudasset.assets.queryResource |
| Cloud Build | Added |
cloudbuild.connections.createcloudbuild.connections.deletecloudbuild.connections.fetchLinkableRepositoriescloudbuild.connections.getcloudbuild.connections.getIamPolicycloudbuild.connections.listcloudbuild.connections.setIamPolicycloudbuild.connections.updatecloudbuild.repositories.accessReadTokencloudbuild.repositories.accessReadWriteTokencloudbuild.repositories.createcloudbuild.repositories.deletecloudbuild.repositories.getcloudbuild.repositories.list |
| Cloud Build | Supported In Custom Roles |
cloudbuild.connections.createcloudbuild.connections.deletecloudbuild.connections.fetchLinkableRepositoriescloudbuild.connections.getcloudbuild.connections.getIamPolicycloudbuild.connections.listcloudbuild.connections.setIamPolicycloudbuild.connections.updatecloudbuild.repositories.accessReadTokencloudbuild.repositories.accessReadWriteTokencloudbuild.repositories.createcloudbuild.repositories.deletecloudbuild.repositories.getcloudbuild.repositories.list |
| Cloud Optimization | Now GA |
cloudoptimization.operations.createcloudoptimization.operations.get |
| Compute Engine | Added |
compute.instances.simulateMaintenanceEventcompute.nodeGroups.simulateMaintenanceEvent |
| Compute Engine | Supported In Custom Roles |
compute.instances.simulateMaintenanceEventcompute.nodeGroups.simulateMaintenanceEvent |
| Compute Engine | Now GA |
compute.instances.simulateMaintenanceEvent |
| Connectors | Added |
connectors.schemaMetadata.refresh |
| Connectors | Now GA |
connectors.schemaMetadata.refresh |
| Cloud Commerce Consumer Procurement | Added |
consumerprocurement.consents.allowProjectGrant |
| Cloud Commerce Consumer Procurement | Supported In Custom Roles |
consumerprocurement.consents.allowProjectGrant |
| Conversational Insights | Added |
contactcenterinsights.issues.delete |
| Cloud Data Fusion | Added |
datafusion.operations.delete |
| Dataplex Universal Catalog | Added |
dataplex.tasks.run |
| Dataplex Universal Catalog | Supported In Custom Roles |
dataplex.tasks.run |
| Dataplex Universal Catalog | Now GA |
dataplex.tasks.run |
| Dataproc | Added |
dataproc.nodeGroups.createdataproc.nodeGroups.getdataproc.nodeGroups.update |
| Dataproc | Supported In Custom Roles |
dataproc.nodeGroups.createdataproc.nodeGroups.getdataproc.nodeGroups.update |
| Dataproc | Now GA |
dataproc.nodeGroups.createdataproc.nodeGroups.getdataproc.nodeGroups.update |
| Google Analytics | Added |
firebaseanalytics.resources.googleAnalyticsAdditionalAccessfirebaseanalytics.resources.googleAnalyticsRestrictedAccess |
| Google Analytics | Supported In Custom Roles |
firebaseanalytics.resources.googleAnalyticsAdditionalAccessfirebaseanalytics.resources.googleAnalyticsRestrictedAccess |
| Backup for GKE | Now GA |
gkebackup.backupPlans.creategkebackup.backupPlans.deletegkebackup.backupPlans.getgkebackup.backupPlans.getIamPolicygkebackup.backupPlans.listgkebackup.backupPlans.setIamPolicygkebackup.backupPlans.updategkebackup.backups.creategkebackup.backups.deletegkebackup.backups.getgkebackup.backups.listgkebackup.backups.updategkebackup.locations.getgkebackup.locations.listgkebackup.operations.cancelgkebackup.operations.deletegkebackup.operations.getgkebackup.operations.listgkebackup.restorePlans.creategkebackup.restorePlans.deletegkebackup.restorePlans.getgkebackup.restorePlans.getIamPolicygkebackup.restorePlans.listgkebackup.restorePlans.setIamPolicygkebackup.restorePlans.updategkebackup.restores.creategkebackup.restores.deletegkebackup.restores.getgkebackup.restores.listgkebackup.restores.updategkebackup.volumeBackups.getgkebackup.volumeBackups.listgkebackup.volumeRestores.getgkebackup.volumeRestores.list |
| Cloud Logging | Added |
logging.settings.getlogging.settings.update |
| Cloud Logging | Added |
logging.googleapis.com/settings.getlogging.googleapis.com/settings.update |
| Managed Service for Microsoft Active Directory | Added |
managedidentities.domains.domainJoinMachine |
| Maps Platform Datasets | Added |
mapsplatformdatasets.datasets.createmapsplatformdatasets.datasets.deletemapsplatformdatasets.datasets.getmapsplatformdatasets.datasets.importmapsplatformdatasets.datasets.listmapsplatformdatasets.datasets.update |
| Cloud Monitoring | Added |
monitoring.snoozes.createmonitoring.snoozes.getmonitoring.snoozes.listmonitoring.snoozes.update |
| Cloud Monitoring | Supported In Custom Roles |
monitoring.snoozes.createmonitoring.snoozes.getmonitoring.snoozes.listmonitoring.snoozes.update |
| Nest Console | Added |
nestconsole.smarthomePreviews.updatenestconsole.smarthomeProjects.createnestconsole.smarthomeProjects.deletenestconsole.smarthomeProjects.getnestconsole.smarthomeProjects.updatenestconsole.smarthomeVersions.createnestconsole.smarthomeVersions.getnestconsole.smarthomeVersions.submit |
| Nest Console | Now GA |
nestconsole.smarthomePreviews.updatenestconsole.smarthomeProjects.createnestconsole.smarthomeProjects.deletenestconsole.smarthomeProjects.getnestconsole.smarthomeProjects.updatenestconsole.smarthomeVersions.createnestconsole.smarthomeVersions.getnestconsole.smarthomeVersions.submit |
| Network Connectivity Center | Added |
networkconnectivity.internalRanges.createnetworkconnectivity.internalRanges.deletenetworkconnectivity.internalRanges.getnetworkconnectivity.internalRanges.getIamPolicynetworkconnectivity.internalRanges.listnetworkconnectivity.internalRanges.setIamPolicynetworkconnectivity.internalRanges.update |
| Network Connectivity Center | Supported In Custom Roles |
networkconnectivity.internalRanges.createnetworkconnectivity.internalRanges.deletenetworkconnectivity.internalRanges.getnetworkconnectivity.internalRanges.getIamPolicynetworkconnectivity.internalRanges.listnetworkconnectivity.internalRanges.setIamPolicynetworkconnectivity.internalRanges.update |
| Network Connectivity Center | Now GA |
networkconnectivity.internalRanges.createnetworkconnectivity.internalRanges.deletenetworkconnectivity.internalRanges.getnetworkconnectivity.internalRanges.getIamPolicynetworkconnectivity.internalRanges.listnetworkconnectivity.internalRanges.setIamPolicynetworkconnectivity.internalRanges.update |
| Recommender | Added |
recommender.cloudsqlInstanceOomProbabilityInsights.getrecommender.cloudsqlInstanceOomProbabilityInsights.listrecommender.cloudsqlInstanceOomProbabilityInsights.updaterecommender.cloudsqlInstanceUnderprovisionedCpuUsageInsights.getrecommender.cloudsqlInstanceUnderprovisionedCpuUsageInsights.listrecommender.cloudsqlInstanceUnderprovisionedCpuUsageInsights.updaterecommender.cloudsqlInstanceUnderprovisionedMemoryUsageInsights.getrecommender.cloudsqlInstanceUnderprovisionedMemoryUsageInsights.listrecommender.cloudsqlInstanceUnderprovisionedMemoryUsageInsights.updaterecommender.cloudsqlUnderProvisionedInstanceRecommendations.getrecommender.cloudsqlUnderProvisionedInstanceRecommendations.listrecommender.cloudsqlUnderProvisionedInstanceRecommendations.update |
| Recommender | Supported In Custom Roles |
recommender.cloudsqlInstanceOomProbabilityInsights.getrecommender.cloudsqlInstanceOomProbabilityInsights.listrecommender.cloudsqlInstanceOomProbabilityInsights.updaterecommender.cloudsqlInstanceUnderprovisionedCpuUsageInsights.getrecommender.cloudsqlInstanceUnderprovisionedCpuUsageInsights.listrecommender.cloudsqlInstanceUnderprovisionedCpuUsageInsights.updaterecommender.cloudsqlInstanceUnderprovisionedMemoryUsageInsights.getrecommender.cloudsqlInstanceUnderprovisionedMemoryUsageInsights.listrecommender.cloudsqlInstanceUnderprovisionedMemoryUsageInsights.updaterecommender.cloudsqlUnderProvisionedInstanceRecommendations.getrecommender.cloudsqlUnderProvisionedInstanceRecommendations.listrecommender.cloudsqlUnderProvisionedInstanceRecommendations.update |
| Recommender | Now GA |
recommender.resourcemanagerProjectUtilizationInsightTypeConfigs.getrecommender.resourcemanagerProjectUtilizationInsightTypeConfigs.updaterecommender.resourcemanagerProjectUtilizationRecommenderConfigs.getrecommender.resourcemanagerProjectUtilizationRecommenderConfigs.update |
| Retail API | Added |
retail.models.pauseretail.models.resumeretail.models.tuneretail.models.update |
| Cloud Monitoring | Added |
stackdriver.resourceMetadata.list |
| Cloud Monitoring | Supported In Custom Roles |
stackdriver.resourceMetadata.list |
| Storage Insights | Added |
storageinsights.locations.getstorageinsights.locations.liststorageinsights.operations.cancelstorageinsights.operations.deletestorageinsights.operations.getstorageinsights.operations.liststorageinsights.reportConfigs.createstorageinsights.reportConfigs.deletestorageinsights.reportConfigs.getstorageinsights.reportConfigs.liststorageinsights.reportConfigs.updatestorageinsights.reportDetails.getstorageinsights.reportDetails.list |
| Storage Insights | Now GA |
storageinsights.locations.getstorageinsights.locations.liststorageinsights.operations.cancelstorageinsights.operations.deletestorageinsights.operations.getstorageinsights.operations.liststorageinsights.reportConfigs.createstorageinsights.reportConfigs.deletestorageinsights.reportConfigs.getstorageinsights.reportConfigs.liststorageinsights.reportConfigs.updatestorageinsights.reportDetails.getstorageinsights.reportDetails.list |
| VM Migration | Added |
vmmigration.replicationCycles.getvmmigration.replicationCycles.list |
Cloud IAM changes as of 2022-12-02
| Service | Change | Description |
|---|---|---|
| Backup and Disaster Recovery | Role Updated |
The following permissions have been added to the role backupdr.managementServers.backupAccess |
| Cloud Billing | Role Updated |
The following permissions have been added to the role compute.commitments.createcompute.commitments.getcompute.commitments.listcompute.commitments.updatecompute.commitments.updateReservations |
| Cloud Build | Role Updated |
The following permissions have been added to the role iam.serviceAccounts.getOpenIdToken |
| Cloud Commerce Consumer Procurement | Role Updated |
The following permissions have been added to the role billing.accounts.getbilling.accounts.getIamPolicybilling.accounts.listbilling.accounts.redeemPromotionbilling.credits.listbilling.resourceAssociations.create |
| Cloud Commerce Consumer Procurement | Role Updated |
The following permissions have been added to the role billing.accounts.getbilling.accounts.getIamPolicybilling.accounts.listbilling.credits.list |
| Cloud Logging | Role Updated |
The following permissions have been added to the role bigquery.datasets.get |
| RISC Configuration Service | Role Updated |
The following permissions have been added to the role clientauthconfig.clients.list |
| RISC Configuration Service | Role Updated |
The following permissions have been added to the role clientauthconfig.clients.list |
| Security Command Center | Role Updated |
The following permissions have been added to the role iam.denypolicies.getiam.denypolicies.listiam.googleapis.com/denypolicies.getiam.googleapis.com/denypolicies.list |
| Security Command Center | Role Updated |
The following permissions have been added to the role iam.denypolicies.getiam.denypolicies.listiam.googleapis.com/denypolicies.getiam.googleapis.com/denypolicies.list |
| Basic Role | Role Updated |
The following permissions have been added to the role backupdr.managementServers.backupAccess |
| Commerce Business Enablement | Added |
commercebusinessenablement.leadgenConfig.getcommercebusinessenablement.leadgenConfig.updatecommercebusinessenablement.paymentConfig.getcommercebusinessenablement.paymentConfig.update |
| Google Distributed Cloud | Added |
gkeonprem.bareMetalAdminClusters.creategkeonprem.bareMetalAdminClusters.enrollgkeonprem.bareMetalAdminClusters.getgkeonprem.bareMetalAdminClusters.getIamPolicygkeonprem.bareMetalAdminClusters.listgkeonprem.bareMetalAdminClusters.queryVersionConfiggkeonprem.bareMetalAdminClusters.setIamPolicygkeonprem.bareMetalAdminClusters.unenrollgkeonprem.bareMetalAdminClusters.updategkeonprem.vmwareAdminClusters.enrollgkeonprem.vmwareAdminClusters.getgkeonprem.vmwareAdminClusters.getIamPolicygkeonprem.vmwareAdminClusters.listgkeonprem.vmwareAdminClusters.setIamPolicygkeonprem.vmwareAdminClusters.unenrollgkeonprem.vmwareAdminClusters.update |
| Google Distributed Cloud | Supported In Custom Roles |
gkeonprem.bareMetalAdminClusters.creategkeonprem.bareMetalAdminClusters.enrollgkeonprem.bareMetalAdminClusters.getgkeonprem.bareMetalAdminClusters.getIamPolicygkeonprem.bareMetalAdminClusters.listgkeonprem.bareMetalAdminClusters.queryVersionConfiggkeonprem.bareMetalAdminClusters.setIamPolicygkeonprem.bareMetalAdminClusters.unenrollgkeonprem.bareMetalAdminClusters.updategkeonprem.vmwareAdminClusters.enrollgkeonprem.vmwareAdminClusters.getgkeonprem.vmwareAdminClusters.getIamPolicygkeonprem.vmwareAdminClusters.listgkeonprem.vmwareAdminClusters.setIamPolicygkeonprem.vmwareAdminClusters.unenrollgkeonprem.vmwareAdminClusters.update |
| Google Distributed Cloud | Now GA |
gkeonprem.bareMetalAdminClusters.creategkeonprem.bareMetalAdminClusters.enrollgkeonprem.bareMetalAdminClusters.getgkeonprem.bareMetalAdminClusters.getIamPolicygkeonprem.bareMetalAdminClusters.listgkeonprem.bareMetalAdminClusters.queryVersionConfiggkeonprem.bareMetalAdminClusters.setIamPolicygkeonprem.bareMetalAdminClusters.unenrollgkeonprem.bareMetalAdminClusters.updategkeonprem.vmwareAdminClusters.enrollgkeonprem.vmwareAdminClusters.getgkeonprem.vmwareAdminClusters.getIamPolicygkeonprem.vmwareAdminClusters.listgkeonprem.vmwareAdminClusters.setIamPolicygkeonprem.vmwareAdminClusters.unenrollgkeonprem.vmwareAdminClusters.update |
| Network Connectivity Center | Added |
networkconnectivity.policyBasedRoutes.createnetworkconnectivity.policyBasedRoutes.deletenetworkconnectivity.policyBasedRoutes.getnetworkconnectivity.policyBasedRoutes.getIamPolicynetworkconnectivity.policyBasedRoutes.listnetworkconnectivity.policyBasedRoutes.setIamPolicy |
| Network Connectivity Center | Now GA |
networkconnectivity.policyBasedRoutes.createnetworkconnectivity.policyBasedRoutes.deletenetworkconnectivity.policyBasedRoutes.getnetworkconnectivity.policyBasedRoutes.getIamPolicynetworkconnectivity.policyBasedRoutes.listnetworkconnectivity.policyBasedRoutes.setIamPolicy |
| VM Migration | Supported In Custom Roles |
vmmigration.migratingVms.get |
Cloud IAM changes as of 2022-11-04
| Service | Change | Description |
|---|---|---|
| Backup and Disaster Recovery | Role Updated |
The following permissions have been added to the role compute.snapshots.deleteresourcemanager.projects.list |
| Cloud Deploy | Now GA |
The role |
| Cloud Deploy | Now GA |
The role |
| Cloud Deploy | Now GA |
The role |
| Cloud Deploy | Now GA |
The role |
| Cloud Deploy | Now GA |
The role |
| Cloud Deploy | Now GA |
The role |
| Cloud Deploy | Now GA |
The role |
| Cloud Deploy | Role Updated |
The following permissions have been added to the role clouddeploy.deliveryPipelines.delete |
| Cloud Deploy | Role Updated |
The following permissions have been added to the role clouddeploy.deliveryPipelines.deleteclouddeploy.targets.delete |
| Firebase installations | Now GA |
The role |
| Security Command Center | Role Updated |
The following permissions have been added to the role resourcemanager.tagValues.get |
| Security Command Center | Role Updated |
The following permissions have been added to the role resourcemanager.tagValues.get |
| Security Command Center | Role Updated |
The following permissions have been added to the role resourcemanager.tagValues.get |
| Security Command Center | Role Updated |
The following permissions have been added to the role resourcemanager.tagValues.get |
| Security Command Center | Role Updated |
The following permissions have been added to the role resourcemanager.tagValues.get |
| Security Command Center | Role Updated |
The following permissions have been added to the role resourcemanager.tagValues.get |
| Cloud Deploy | Now GA |
clouddeploy.config.getclouddeploy.deliveryPipelines.createclouddeploy.deliveryPipelines.deleteclouddeploy.deliveryPipelines.getclouddeploy.deliveryPipelines.getIamPolicyclouddeploy.deliveryPipelines.listclouddeploy.deliveryPipelines.setIamPolicyclouddeploy.deliveryPipelines.updateclouddeploy.locations.getclouddeploy.locations.listclouddeploy.operations.cancelclouddeploy.operations.deleteclouddeploy.operations.getclouddeploy.operations.listclouddeploy.releases.abandonclouddeploy.releases.createclouddeploy.releases.deleteclouddeploy.releases.getclouddeploy.releases.listclouddeploy.rollouts.approveclouddeploy.rollouts.createclouddeploy.rollouts.getclouddeploy.rollouts.listclouddeploy.targets.createclouddeploy.targets.deleteclouddeploy.targets.getclouddeploy.targets.getIamPolicyclouddeploy.targets.listclouddeploy.targets.setIamPolicyclouddeploy.targets.update |
| Cloud Composer | Added |
composer.dags.getSourceCode |
| Cloud Composer | Now GA |
composer.dags.getSourceCode |
| Compute Engine | Added |
compute.regionSslPolicies.createcompute.regionSslPolicies.deletecompute.regionSslPolicies.getcompute.regionSslPolicies.listcompute.regionSslPolicies.listAvailableFeaturescompute.regionSslPolicies.updatecompute.regionSslPolicies.use |
| Compute Engine | Now GA |
compute.regionSslPolicies.createcompute.regionSslPolicies.deletecompute.regionSslPolicies.getcompute.regionSslPolicies.listcompute.regionSslPolicies.listAvailableFeaturescompute.regionSslPolicies.updatecompute.regionSslPolicies.use |
| Firebase installations | Added |
firebaseinstallations.instances.delete |
| Firebase installations | Now GA |
firebaseinstallations.instances.delete |
| Remote Build Execution | Added |
remotebuildexecution.instances.update |
| Remote Build Execution | Supported In Custom Roles |
remotebuildexecution.instances.update |
Cloud IAM changes as of 2022-10-28
| Service | Change | Description |
|---|---|---|
| Cloud Build | Role Updated |
The following permissions have been added to the role logging.buckets.createlogging.buckets.getlogging.buckets.list |
| Dataplex Universal Catalog | Now GA |
The role |
| Dataplex Universal Catalog | Now GA |
The role |
| Dataplex Universal Catalog | Now GA |
The role |
| Dataplex Universal Catalog | Now GA |
The role |
| Document AI | Role Updated |
The following permissions have been added to the role documentai.processedDocumentsSets.getdocumentai.processedDocumentsSets.getDocumentsdocumentai.processedDocumentsSets.listDocuments |
| Document AI | Role Updated |
The following permissions have been added to the role documentai.processedDocumentsSets.getdocumentai.processedDocumentsSets.getDocumentsdocumentai.processedDocumentsSets.listDocuments |
| Document AI | Role Updated |
The following permissions have been added to the role documentai.processedDocumentsSets.getdocumentai.processedDocumentsSets.getDocumentsdocumentai.processedDocumentsSets.listDocuments |
| Serverless Integrations | Role Updated |
The following permissions have been added to the role storage.objects.delete |
| Google Cloud VMware Engine | Now GA |
The role |
| Artifact Registry | Added |
artifactregistry.projectsettings.getartifactregistry.projectsettings.update |
| Artifact Registry | Supported In Custom Roles |
artifactregistry.projectsettings.getartifactregistry.projectsettings.update |
| Artifact Registry | Now GA |
artifactregistry.projectsettings.getartifactregistry.projectsettings.update |
| Bigtable | Added |
bigtable.backups.read |
| Bigtable | Supported In Custom Roles |
bigtable.backups.read |
| Bigtable | Now GA |
bigtable.backups.read |
| Commerce Org Governance | Added |
commerceorggovernance.collections.createcommerceorggovernance.collections.deletecommerceorggovernance.collections.getcommerceorggovernance.collections.listcommerceorggovernance.collections.updatecommerceorggovernance.consumerSharingPolicies.getcommerceorggovernance.consumerSharingPolicies.updatecommerceorggovernance.organizationSettings.getcommerceorggovernance.organizationSettings.updatecommerceorggovernance.services.list |
| Compute Engine | Added |
compute.backendBuckets.addSignedUrlKeycompute.backendBuckets.deleteSignedUrlKeycompute.backendBuckets.getIamPolicycompute.backendBuckets.setIamPolicycompute.backendServices.addSignedUrlKeycompute.backendServices.deleteSignedUrlKeycompute.regionTargetHttpProxies.updatecompute.regionTargetTcpProxies.createcompute.regionTargetTcpProxies.deletecompute.regionTargetTcpProxies.getcompute.regionTargetTcpProxies.listcompute.regionTargetTcpProxies.usecompute.resourcePolicies.getIamPolicycompute.resourcePolicies.setIamPolicycompute.targetHttpProxies.updatecompute.targetHttpsProxies.setCertificateMapcompute.targetHttpsProxies.setQuicOverridecompute.targetSslProxies.setCertificateMapcompute.targetSslProxies.setSslPolicycompute.targetSslProxies.update |
| Compute Engine | Supported In Custom Roles |
compute.resourcePolicies.getIamPolicycompute.resourcePolicies.setIamPolicy |
| Compute Engine | Now GA |
compute.backendBuckets.addSignedUrlKeycompute.backendBuckets.deleteSignedUrlKeycompute.backendServices.addSignedUrlKeycompute.backendServices.deleteSignedUrlKeycompute.regionTargetHttpProxies.updatecompute.regionTargetTcpProxies.createcompute.regionTargetTcpProxies.deletecompute.regionTargetTcpProxies.getcompute.regionTargetTcpProxies.listcompute.regionTargetTcpProxies.usecompute.resourcePolicies.getIamPolicycompute.resourcePolicies.setIamPolicycompute.targetHttpProxies.updatecompute.targetHttpsProxies.setCertificateMapcompute.targetHttpsProxies.setQuicOverridecompute.targetSslProxies.setCertificateMapcompute.targetSslProxies.setSslPolicycompute.targetSslProxies.update |
| Data Catalog | Added |
datacatalog.entryGroups.updateTag |
| Data Catalog | Supported In Custom Roles |
datacatalog.entryGroups.updateTag |
| Data Catalog | Now GA |
datacatalog.entryGroups.updateTag |
| Dataplex Universal Catalog | Added |
dataplex.datascans.createdataplex.datascans.deletedataplex.datascans.getdataplex.datascans.getDatadataplex.datascans.getIamPolicydataplex.datascans.listdataplex.datascans.rundataplex.datascans.setIamPolicydataplex.datascans.update |
| Dataplex Universal Catalog | Now GA |
dataplex.datascans.createdataplex.datascans.deletedataplex.datascans.getdataplex.datascans.getDatadataplex.datascans.getIamPolicydataplex.datascans.listdataplex.datascans.rundataplex.datascans.setIamPolicydataplex.datascans.update |
| Discovery Engine | Added |
discoveryengine.documents.creatediscoveryengine.documents.deletediscoveryengine.documents.getdiscoveryengine.documents.importdiscoveryengine.documents.listdiscoveryengine.documents.updatediscoveryengine.operations.getdiscoveryengine.operations.listdiscoveryengine.servingConfigs.recommenddiscoveryengine.userEvents.creatediscoveryengine.userEvents.import |
| Document AI | Added |
documentai.processedDocumentsSets.getdocumentai.processedDocumentsSets.getDocumentsdocumentai.processedDocumentsSets.listDocuments |
| Enterprise Knowledge Graph | Added |
enterpriseknowledgegraph.cloudKnowledgeGraphEntities.lookupenterpriseknowledgegraph.cloudKnowledgeGraphEntities.searchenterpriseknowledgegraph.publicKnowledgeGraphEntities.lookupenterpriseknowledgegraph.publicKnowledgeGraphEntities.search |
| Identity Toolkit | Added |
identitytoolkit.tenants.createidentitytoolkit.tenants.deleteidentitytoolkit.tenants.getidentitytoolkit.tenants.getIamPolicyidentitytoolkit.tenants.listidentitytoolkit.tenants.setIamPolicyidentitytoolkit.tenants.update |
| Identity Toolkit | Supported In Custom Roles |
identitytoolkit.tenants.createidentitytoolkit.tenants.deleteidentitytoolkit.tenants.getidentitytoolkit.tenants.getIamPolicyidentitytoolkit.tenants.listidentitytoolkit.tenants.setIamPolicyidentitytoolkit.tenants.update |
| Identity Toolkit | Now GA |
identitytoolkit.tenants.createidentitytoolkit.tenants.deleteidentitytoolkit.tenants.getidentitytoolkit.tenants.getIamPolicyidentitytoolkit.tenants.listidentitytoolkit.tenants.setIamPolicyidentitytoolkit.tenants.update |
| Dataproc Metastore | Added |
metastore.services.mutateMetadatametastore.services.queryMetadata |
| Dataproc Metastore | Supported In Custom Roles |
metastore.services.mutateMetadatametastore.services.queryMetadata |
| Recommender | Supported In Custom Roles |
recommender.costInsights.getrecommender.costInsights.listrecommender.costInsights.update |
| Retail API | Added |
retail.products.purge |
| Retail API | Now GA |
retail.products.purge |
| Cloud Run | Supported In Custom Roles |
run.routes.invoke |
| Vision AI | Added |
visionai.corpora.suggestvisionai.uistreams.createvisionai.uistreams.deletevisionai.uistreams.generateStreamThumbnailsvisionai.uistreams.getvisionai.uistreams.list |
| Google Cloud VMware Engine | Added |
vmwareengine.clusters.createvmwareengine.clusters.deletevmwareengine.clusters.getvmwareengine.clusters.getIamPolicyvmwareengine.clusters.listvmwareengine.clusters.setIamPolicyvmwareengine.clusters.updatevmwareengine.hcxActivationKeys.createvmwareengine.hcxActivationKeys.getvmwareengine.hcxActivationKeys.getIamPolicyvmwareengine.hcxActivationKeys.listvmwareengine.hcxActivationKeys.setIamPolicyvmwareengine.locations.getvmwareengine.locations.listvmwareengine.networkPolicies.createvmwareengine.networkPolicies.deletevmwareengine.networkPolicies.getvmwareengine.networkPolicies.listvmwareengine.networkPolicies.updatevmwareengine.nodeTypes.getvmwareengine.nodeTypes.listvmwareengine.operations.deletevmwareengine.operations.getvmwareengine.operations.listvmwareengine.privateClouds.createvmwareengine.privateClouds.deletevmwareengine.privateClouds.getvmwareengine.privateClouds.getIamPolicyvmwareengine.privateClouds.listvmwareengine.privateClouds.resetNsxCredentialsvmwareengine.privateClouds.resetVcenterCredentialsvmwareengine.privateClouds.setIamPolicyvmwareengine.privateClouds.showNsxCredentialsvmwareengine.privateClouds.showVcenterCredentialsvmwareengine.privateClouds.undeletevmwareengine.privateClouds.updatevmwareengine.subnets.listvmwareengine.vmwareEngineNetworks.createvmwareengine.vmwareEngineNetworks.deletevmwareengine.vmwareEngineNetworks.getvmwareengine.vmwareEngineNetworks.listvmwareengine.vmwareEngineNetworks.update |
| Google Cloud VMware Engine | Supported In Custom Roles |
vmwareengine.clusters.createvmwareengine.clusters.deletevmwareengine.clusters.getvmwareengine.clusters.getIamPolicyvmwareengine.clusters.listvmwareengine.clusters.setIamPolicyvmwareengine.clusters.updatevmwareengine.hcxActivationKeys.createvmwareengine.hcxActivationKeys.getvmwareengine.hcxActivationKeys.getIamPolicyvmwareengine.hcxActivationKeys.listvmwareengine.hcxActivationKeys.setIamPolicyvmwareengine.locations.getvmwareengine.locations.listvmwareengine.networkPolicies.createvmwareengine.networkPolicies.deletevmwareengine.networkPolicies.getvmwareengine.networkPolicies.listvmwareengine.networkPolicies.updatevmwareengine.nodeTypes.getvmwareengine.nodeTypes.listvmwareengine.operations.deletevmwareengine.operations.getvmwareengine.operations.listvmwareengine.privateClouds.createvmwareengine.privateClouds.deletevmwareengine.privateClouds.getvmwareengine.privateClouds.getIamPolicyvmwareengine.privateClouds.listvmwareengine.privateClouds.resetNsxCredentialsvmwareengine.privateClouds.resetVcenterCredentialsvmwareengine.privateClouds.setIamPolicyvmwareengine.privateClouds.showNsxCredentialsvmwareengine.privateClouds.showVcenterCredentialsvmwareengine.privateClouds.undeletevmwareengine.privateClouds.updatevmwareengine.subnets.listvmwareengine.vmwareEngineNetworks.createvmwareengine.vmwareEngineNetworks.deletevmwareengine.vmwareEngineNetworks.getvmwareengine.vmwareEngineNetworks.listvmwareengine.vmwareEngineNetworks.update |
| Google Cloud VMware Engine | Now GA |
vmwareengine.clusters.createvmwareengine.clusters.deletevmwareengine.clusters.getvmwareengine.clusters.getIamPolicyvmwareengine.clusters.listvmwareengine.clusters.setIamPolicyvmwareengine.clusters.updatevmwareengine.hcxActivationKeys.createvmwareengine.hcxActivationKeys.getvmwareengine.hcxActivationKeys.getIamPolicyvmwareengine.hcxActivationKeys.listvmwareengine.hcxActivationKeys.setIamPolicyvmwareengine.locations.getvmwareengine.locations.listvmwareengine.networkPolicies.createvmwareengine.networkPolicies.deletevmwareengine.networkPolicies.getvmwareengine.networkPolicies.listvmwareengine.networkPolicies.updatevmwareengine.nodeTypes.getvmwareengine.nodeTypes.listvmwareengine.operations.deletevmwareengine.operations.getvmwareengine.operations.listvmwareengine.privateClouds.createvmwareengine.privateClouds.deletevmwareengine.privateClouds.getvmwareengine.privateClouds.getIamPolicyvmwareengine.privateClouds.listvmwareengine.privateClouds.resetNsxCredentialsvmwareengine.privateClouds.resetVcenterCredentialsvmwareengine.privateClouds.setIamPolicyvmwareengine.privateClouds.showNsxCredentialsvmwareengine.privateClouds.showVcenterCredentialsvmwareengine.privateClouds.undeletevmwareengine.privateClouds.updatevmwareengine.subnets.listvmwareengine.vmwareEngineNetworks.createvmwareengine.vmwareEngineNetworks.deletevmwareengine.vmwareEngineNetworks.getvmwareengine.vmwareEngineNetworks.listvmwareengine.vmwareEngineNetworks.update |
Cloud IAM changes as of 2022-10-21
| Service | Change | Description |
|---|---|---|
| Backup and Disaster Recovery | Role Updated |
The following permissions have been added to the role compute.nodeGroups.getcompute.nodeGroups.listcompute.nodeTemplates.getcompute.regions.getiam.serviceAccounts.actAsiam.serviceAccounts.getiam.serviceAccounts.listresourcemanager.projects.get |
| BigQuery Data Policy | Now GA |
The role |
| Cloud Composer | Role Updated |
The following permissions have been added to the role recommender.iamPolicyInsights.getrecommender.iamPolicyInsights.listrecommender.iamPolicyInsights.updaterecommender.iamPolicyRecommendations.getrecommender.iamPolicyRecommendations.listrecommender.iamPolicyRecommendations.update |
| Compute Engine | Now GA |
The role |
| Compute Engine | Role Updated |
The following permissions have been added to the role compute.zoneOperations.get |
| Conversational Insights | Now GA |
The role |
| Conversational Insights | Now GA |
The role |
| Conversational Insights | Role Updated |
The following permissions have been added to the role serviceusage.services.use |
| Dataflow | Role Updated |
The following permissions have been added to the role recommender.iamPolicyInsights.getrecommender.iamPolicyInsights.listrecommender.iamPolicyInsights.updaterecommender.iamPolicyRecommendations.getrecommender.iamPolicyRecommendations.listrecommender.iamPolicyRecommendations.update |
| Cloud Data Fusion | Role Updated |
The following permissions have been added to the role recommender.iamPolicyInsights.getrecommender.iamPolicyInsights.listrecommender.iamPolicyInsights.updaterecommender.iamPolicyRecommendations.getrecommender.iamPolicyRecommendations.listrecommender.iamPolicyRecommendations.update |
| Data Pipelines | Role Updated |
The following permissions have been added to the role recommender.iamPolicyInsights.getrecommender.iamPolicyInsights.listrecommender.iamPolicyInsights.updaterecommender.iamPolicyRecommendations.getrecommender.iamPolicyRecommendations.listrecommender.iamPolicyRecommendations.update |
| Dataplex Universal Catalog | Role Updated |
The following permissions have been added to the role recommender.iamPolicyInsights.getrecommender.iamPolicyInsights.listrecommender.iamPolicyInsights.updaterecommender.iamPolicyRecommendations.getrecommender.iamPolicyRecommendations.listrecommender.iamPolicyRecommendations.update |
| Dataproc | Role Updated |
The following permissions have been added to the role recommender.iamPolicyInsights.getrecommender.iamPolicyInsights.listrecommender.iamPolicyInsights.updaterecommender.iamPolicyRecommendations.getrecommender.iamPolicyRecommendations.listrecommender.iamPolicyRecommendations.update |
| Discovery Engine | Now GA |
The role |
| Sensitive Data Protection | Role Updated |
The following permissions have been added to the role recommender.iamPolicyInsights.getrecommender.iamPolicyInsights.listrecommender.iamPolicyInsights.updaterecommender.iamPolicyRecommendations.getrecommender.iamPolicyRecommendations.listrecommender.iamPolicyRecommendations.update |
| Firebase | Role Updated |
The following permissions have been added to the role recommender.iamPolicyInsights.getrecommender.iamPolicyInsights.listrecommender.iamPolicyInsights.updaterecommender.iamPolicyRecommendations.getrecommender.iamPolicyRecommendations.listrecommender.iamPolicyRecommendations.update |
| Firebase | Role Updated |
The following permissions have been added to the role recommender.iamPolicyInsights.getrecommender.iamPolicyInsights.listrecommender.iamPolicyInsights.updaterecommender.iamPolicyRecommendations.getrecommender.iamPolicyRecommendations.listrecommender.iamPolicyRecommendations.update |
| Cloud Integrations | Role Updated |
The following permissions have been added to the role integrations.executions.get |
| Cloud Integrations | Role Updated |
The following permissions have been added to the role integrations.executions.get |
| Cloud Integrations | Role Updated |
The following permissions have been added to the role integrations.executions.get |
| Cloud Integrations | Role Updated |
The following permissions have been added to the role integrations.executions.get |
| Dataproc Metastore | Role Updated |
The following permissions have been added to the role metastore.databases.getmetastore.databases.updatemetastore.tables.getmetastore.tables.update |
| AI Platform | Role Updated |
The following permissions have been added to the role recommender.iamPolicyInsights.getrecommender.iamPolicyInsights.listrecommender.iamPolicyInsights.updaterecommender.iamPolicyRecommendations.getrecommender.iamPolicyRecommendations.listrecommender.iamPolicyRecommendations.update |
| Recommender | Now GA |
The role |
| Recommender | Now GA |
The role |
| Recommender | Now GA |
The role |
| Recommender | Now GA |
The role |
| Recommender | Now GA |
The role |
| Recommender | Now GA |
The role |
| Recommender | Now GA |
The role |
| Recommender | Now GA |
The role |
| Recommender | Now GA |
The role |
| Recommender | Now GA |
The role |
| Recommender | Now GA |
The role |
| Recommender | Now GA |
The role |
| Recommender | Now GA |
The role |
| Recommender | Now GA |
The role |
| Recommender | Now GA |
The role |
| Recommender | Now GA |
The role |
| Cloud Storage | Role Updated |
The following permissions have been added to the role recommender.iamPolicyInsights.getrecommender.iamPolicyInsights.listrecommender.iamPolicyInsights.updaterecommender.iamPolicyRecommendations.getrecommender.iamPolicyRecommendations.listrecommender.iamPolicyRecommendations.update |
| Visual Inspection AI | Role Updated |
The following permissions have been added to the role recommender.iamPolicyInsights.getrecommender.iamPolicyInsights.listrecommender.iamPolicyInsights.updaterecommender.iamPolicyRecommendations.getrecommender.iamPolicyRecommendations.listrecommender.iamPolicyRecommendations.update |
| AutoML | Added |
automl.examples.update |
| AutoML | Supported In Custom Roles |
automl.examples.update |
| Bare Metal Solution | Added |
baremetalsolution.instances.disableInteractiveSerialConsolebaremetalsolution.instances.enableInteractiveSerialConsolebaremetalsolution.instances.stopbaremetalsolution.sshKeys.createbaremetalsolution.sshKeys.deletebaremetalsolution.sshKeys.list |
| Bare Metal Solution | Supported In Custom Roles |
baremetalsolution.instances.disableInteractiveSerialConsolebaremetalsolution.instances.enableInteractiveSerialConsolebaremetalsolution.instances.stopbaremetalsolution.sshKeys.createbaremetalsolution.sshKeys.deletebaremetalsolution.sshKeys.list |
| Bare Metal Solution | Now GA |
baremetalsolution.instances.disableInteractiveSerialConsolebaremetalsolution.instances.enableInteractiveSerialConsolebaremetalsolution.instances.stopbaremetalsolution.sshKeys.createbaremetalsolution.sshKeys.deletebaremetalsolution.sshKeys.list |
| BigQuery | Now GA |
bigquery.dataPolicies.createbigquery.dataPolicies.deletebigquery.dataPolicies.getbigquery.dataPolicies.getIamPolicybigquery.dataPolicies.listbigquery.dataPolicies.maskedGetbigquery.dataPolicies.setIamPolicybigquery.dataPolicies.update |
| Bigtable | Added |
bigtable.hotTablets.list |
| Bigtable | Supported In Custom Roles |
bigtable.hotTablets.list |
| Bigtable | Now GA |
bigtable.hotTablets.list |
| NetApp Cloud Volumes Service | Added |
cloudvolumesgcp-api.netapp.com/volumereplication.authorizecloudvolumesgcp-api.netapp.com/volumereplication.breakcloudvolumesgcp-api.netapp.com/volumereplication.createcloudvolumesgcp-api.netapp.com/volumereplication.deletecloudvolumesgcp-api.netapp.com/volumereplication.getcloudvolumesgcp-api.netapp.com/volumereplication.listcloudvolumesgcp-api.netapp.com/volumereplication.releasecloudvolumesgcp-api.netapp.com/volumereplication.resynccloudvolumesgcp-api.netapp.com/volumereplication.update |
| Compute Engine | Added |
compute.instances.setNamecompute.networkAttachments.createcompute.networkAttachments.deletecompute.networkAttachments.getcompute.networkAttachments.list |
| Compute Engine | Supported In Custom Roles |
compute.instances.setNamecompute.networkAttachments.createcompute.networkAttachments.deletecompute.networkAttachments.getcompute.networkAttachments.list |
| Conversational Insights | Added |
contactcenterinsights.conversations.exportcontactcenterinsights.views.createcontactcenterinsights.views.deletecontactcenterinsights.views.getcontactcenterinsights.views.listcontactcenterinsights.views.update |
| Conversational Insights | Now GA |
contactcenterinsights.analyses.createcontactcenterinsights.analyses.deletecontactcenterinsights.analyses.getcontactcenterinsights.analyses.listcontactcenterinsights.conversations.createcontactcenterinsights.conversations.deletecontactcenterinsights.conversations.exportcontactcenterinsights.conversations.getcontactcenterinsights.conversations.listcontactcenterinsights.conversations.updatecontactcenterinsights.issueModels.createcontactcenterinsights.issueModels.deletecontactcenterinsights.issueModels.deploycontactcenterinsights.issueModels.getcontactcenterinsights.issueModels.listcontactcenterinsights.issueModels.undeploycontactcenterinsights.issueModels.updatecontactcenterinsights.issues.getcontactcenterinsights.issues.listcontactcenterinsights.issues.updatecontactcenterinsights.operations.getcontactcenterinsights.operations.listcontactcenterinsights.phraseMatchers.createcontactcenterinsights.phraseMatchers.deletecontactcenterinsights.phraseMatchers.getcontactcenterinsights.phraseMatchers.listcontactcenterinsights.phraseMatchers.updatecontactcenterinsights.settings.getcontactcenterinsights.settings.updatecontactcenterinsights.views.createcontactcenterinsights.views.deletecontactcenterinsights.views.getcontactcenterinsights.views.listcontactcenterinsights.views.update |
| Dataflow | Added |
dataflow.streamingWorkItems.ImportStatedataflow.streamingWorkItems.getWorkerMetadata |
| Dataflow | Supported In Custom Roles |
dataflow.streamingWorkItems.ImportStatedataflow.streamingWorkItems.getWorkerMetadata |
| Dataflow | Now GA |
dataflow.streamingWorkItems.ImportStatedataflow.streamingWorkItems.getWorkerMetadata |
| Cloud Integrations | Added |
integrations.executions.get |
| Cloud Integrations | Now GA |
integrations.executions.get |
| Recommender | Added |
recommender.runServiceSecurityInsights.getrecommender.runServiceSecurityInsights.listrecommender.runServiceSecurityInsights.updaterecommender.runServiceSecurityRecommendations.getrecommender.runServiceSecurityRecommendations.listrecommender.runServiceSecurityRecommendations.update |
| Recommender | Supported In Custom Roles |
recommender.runServiceSecurityInsights.getrecommender.runServiceSecurityInsights.listrecommender.runServiceSecurityInsights.updaterecommender.runServiceSecurityRecommendations.getrecommender.runServiceSecurityRecommendations.listrecommender.runServiceSecurityRecommendations.update |
| Recommender | Now GA |
recommender.networkAnalyzerCloudSqlInsights.getrecommender.networkAnalyzerCloudSqlInsights.listrecommender.networkAnalyzerCloudSqlInsights.updaterecommender.networkAnalyzerDynamicRouteInsights.getrecommender.networkAnalyzerDynamicRouteInsights.listrecommender.networkAnalyzerDynamicRouteInsights.updaterecommender.networkAnalyzerGkeConnectivityInsights.getrecommender.networkAnalyzerGkeConnectivityInsights.listrecommender.networkAnalyzerGkeConnectivityInsights.updaterecommender.networkAnalyzerGkeIpAddressInsights.getrecommender.networkAnalyzerGkeIpAddressInsights.listrecommender.networkAnalyzerGkeIpAddressInsights.updaterecommender.networkAnalyzerIpAddressInsights.getrecommender.networkAnalyzerIpAddressInsights.listrecommender.networkAnalyzerIpAddressInsights.updaterecommender.networkAnalyzerLoadBalancerInsights.getrecommender.networkAnalyzerLoadBalancerInsights.listrecommender.networkAnalyzerLoadBalancerInsights.updaterecommender.networkAnalyzerVpcConnectivityInsights.getrecommender.networkAnalyzerVpcConnectivityInsights.listrecommender.networkAnalyzerVpcConnectivityInsights.updaterecommender.runServiceSecurityInsights.getrecommender.runServiceSecurityInsights.listrecommender.runServiceSecurityInsights.updaterecommender.runServiceSecurityRecommendations.getrecommender.runServiceSecurityRecommendations.listrecommender.runServiceSecurityRecommendations.update |
| RISC Configuration Service | Added |
riscconfigurationservice.riscconfigs.createOrUpdateriscconfigurationservice.riscconfigs.deleteriscconfigurationservice.riscconfigs.get |
| RISC Configuration Service | Supported In Custom Roles |
riscconfigurationservice.riscconfigs.createOrUpdateriscconfigurationservice.riscconfigs.deleteriscconfigurationservice.riscconfigs.get |
| Service Usage | Supported In Custom Roles |
serviceusage.services.use |
| Service Usage | Now GA |
serviceusage.services.use |
| Cloud TPU | Added |
tpu.nodes.simulateMaintenanceEventtpu.runtimeversions.gettpu.runtimeversions.list |
| Cloud TPU | Supported In Custom Roles |
tpu.nodes.simulateMaintenanceEventtpu.runtimeversions.gettpu.runtimeversions.list |
| Cloud TPU | Now GA |
tpu.nodes.simulateMaintenanceEventtpu.runtimeversions.gettpu.runtimeversions.list |
Cloud IAM changes as of 2022-09-30
| Service | Change | Description |
|---|---|---|
| Vertex AI | Role Updated |
The following permissions have been added to the role aiplatform.nasTrialDetails.getaiplatform.nasTrialDetails.list |
| Vertex AI | Role Updated |
The following permissions have been added to the role aiplatform.nasTrialDetails.getaiplatform.nasTrialDetails.list |
| Vertex AI | Role Updated |
The following permissions have been added to the role aiplatform.nasTrialDetails.getaiplatform.nasTrialDetails.list |
| Vertex AI | Role Updated |
The following permissions have been added to the role aiplatform.nasTrialDetails.getaiplatform.nasTrialDetails.list |
| Vertex AI | Role Updated |
The following permissions have been added to the role aiplatform.nasTrialDetails.getaiplatform.nasTrialDetails.list |
| Backup and Disaster Recovery | Now GA |
The role |
| Backup and Disaster Recovery | Now GA |
The role |
| Chrome Enterprise Premium | Role Updated |
The following permissions have been added to the role resourcemanager.organizations.get |
| Google Security Operations | Now GA |
The role |
| Google Security Operations | Now GA |
The role |
| Basic Role | Role Updated |
The following permissions have been added to the role managedidentities.domains.checkMigrationPermissionmanagedidentities.domains.disableMigrationmanagedidentities.domains.enableMigration |
| Managed Service for Microsoft Active Directory | Role Updated |
The following permissions have been added to the role managedidentities.domains.checkMigrationPermissionmanagedidentities.domains.disableMigrationmanagedidentities.domains.enableMigration |
| Managed Service for Microsoft Active Directory | Role Updated |
The following permissions have been added to the role managedidentities.domains.checkMigrationPermissionmanagedidentities.domains.disableMigrationmanagedidentities.domains.enableMigration |
| Google Cloud Migration Center | Role Updated |
The following permissions have been added to the role rma.annotations.getrma.collectors.getrma.collectors.listrma.locations.getrma.locations.listrma.operations.getrma.operations.list |
| Basic Role | Role Updated |
The following permissions have been added to the role managedidentities.domains.checkMigrationPermissionmanagedidentities.domains.disableMigrationmanagedidentities.domains.enableMigration |
| Serverless Integrations | Now GA |
The role |
| Video Stitcher API | Now GA |
The role |
| Video Stitcher API | Now GA |
The role |
| Video Stitcher API | Now GA |
The role |
| Basic Role | Role Updated |
The following permissions have been added to the role managedidentities.domains.checkMigrationPermission |
| Visual Inspection AI | Role Updated |
The following permissions have been added to the role aiplatform.nasTrialDetails.getaiplatform.nasTrialDetails.list |
| Vertex AI | Added |
aiplatform.nasTrialDetails.getaiplatform.nasTrialDetails.list |
| API Keys | Added |
apikeys.keys.getKeyStringapikeys.keys.undelete |
| API Keys | Supported In Custom Roles |
apikeys.keys.getKeyStringapikeys.keys.undelete |
| API Keys | Now GA |
apikeys.keys.getKeyStringapikeys.keys.undelete |
| Artifact Registry | Added |
artifactregistry.kfpartifacts.create |
| Artifact Registry | Now GA |
artifactregistry.kfpartifacts.create |
| Bare Metal Solution | Added |
baremetalsolution.instances.attachNetworkbaremetalsolution.instances.detachNetworkbaremetalsolution.networks.createbaremetalsolution.networks.delete |
| Bare Metal Solution | Supported In Custom Roles |
baremetalsolution.instances.attachNetworkbaremetalsolution.instances.detachNetworkbaremetalsolution.networks.createbaremetalsolution.networks.delete |
| Bare Metal Solution | Now GA |
baremetalsolution.instances.attachNetworkbaremetalsolution.instances.detachNetworkbaremetalsolution.networks.createbaremetalsolution.networks.delete |
| Bigtable | Added |
bigtable.instances.ping |
| Bigtable | Now GA |
bigtable.instances.ping |
| Certificate Manager | Added |
certificatemanager.certissuanceconfigs.createcertificatemanager.certissuanceconfigs.deletecertificatemanager.certissuanceconfigs.getcertificatemanager.certissuanceconfigs.listcertificatemanager.certissuanceconfigs.updatecertificatemanager.certissuanceconfigs.use |
| Certificate Manager | Supported In Custom Roles |
certificatemanager.certissuanceconfigs.createcertificatemanager.certissuanceconfigs.deletecertificatemanager.certissuanceconfigs.getcertificatemanager.certissuanceconfigs.listcertificatemanager.certissuanceconfigs.updatecertificatemanager.certissuanceconfigs.use |
| Google Security Operations | Added |
chronicle.dashboards.copychronicle.dashboards.createchronicle.dashboards.deletechronicle.dashboards.getchronicle.dashboards.listchronicle.multitenantDirectories.get |
| Google Security Operations | Supported In Custom Roles |
chronicle.dashboards.copychronicle.dashboards.createchronicle.dashboards.deletechronicle.dashboards.getchronicle.dashboards.list |
| Google Security Operations | Now GA |
chronicle.dashboards.copychronicle.dashboards.createchronicle.dashboards.deletechronicle.dashboards.getchronicle.dashboards.listchronicle.multitenantDirectories.get |
| Cloud Asset Inventory | Added |
cloudasset.assets.exportAiplatformBatchPredictionJobscloudasset.assets.exportAiplatformCustomJobscloudasset.assets.exportAiplatformDataLabelingJobscloudasset.assets.exportAiplatformDatasetscloudasset.assets.exportAiplatformEndpointscloudasset.assets.exportAiplatformHyperparameterTuningJobscloudasset.assets.exportAiplatformMetadataStorescloudasset.assets.exportAiplatformModelDeploymentMonitoringJobscloudasset.assets.exportAiplatformModelscloudasset.assets.exportAiplatformPipelineJobscloudasset.assets.exportAiplatformSpecialistPoolscloudasset.assets.exportAiplatformTrainingPipelinescloudasset.assets.exportAnthosConnectedClustercloudasset.assets.exportAnthosedgeClustercloudasset.assets.exportApigatewayApicloudasset.assets.exportApigatewayApiConfigcloudasset.assets.exportApigatewayGatewaycloudasset.assets.exportApikeysKeyscloudasset.assets.exportArtifactregistryDockerImagescloudasset.assets.exportArtifactregistryRepositoriescloudasset.assets.exportAssuredWorkloadsWorkloadscloudasset.assets.exportBeyondCorpApiGatewayscloudasset.assets.exportBeyondCorpAppConnectionscloudasset.assets.exportBeyondCorpAppConnectorscloudasset.assets.exportBeyondCorpClientConnectorServicescloudasset.assets.exportBeyondCorpClientGatewayscloudasset.assets.exportBigqueryModelscloudasset.assets.exportBigtableAppProfilecloudasset.assets.exportBigtableBackupcloudasset.assets.exportCloudAssetFeedscloudasset.assets.exportCloudDeployDeliveryPipelinescloudasset.assets.exportCloudDeployReleasescloudasset.assets.exportCloudDeployRolloutscloudasset.assets.exportCloudDeployTargetscloudasset.assets.exportCloudDocumentAIEvaluationcloudasset.assets.exportCloudDocumentAIHumanReviewConfigcloudasset.assets.exportCloudDocumentAILabelerPoolcloudasset.assets.exportCloudDocumentAIProcessorcloudasset.assets.exportCloudDocumentAIProcessorVersioncloudasset.assets.exportCloudbillingProjectBillingInfoscloudasset.assets.exportCloudfunctionsFunctionscloudasset.assets.exportCloudfunctionsGen2Functionscloudasset.assets.exportCloudkmsEkmConnectionscloudasset.assets.exportCloudmemcacheInstancescloudasset.assets.exportCloudresourcemanagerTagBindingscloudasset.assets.exportCloudresourcemanagerTagKeyscloudasset.assets.exportCloudresourcemanagerTagValuescloudasset.assets.exportComposerEnvironmentscloudasset.assets.exportComputeCommitmentscloudasset.assets.exportComputeExternalVpnGatewayscloudasset.assets.exportComputeFirewallPoliciescloudasset.assets.exportComputeNetworkEndpointGroupscloudasset.assets.exportComputeNodeGroupscloudasset.assets.exportComputeNodeTemplatescloudasset.assets.exportComputePacketMirroringscloudasset.assets.exportComputeReservationscloudasset.assets.exportComputeResourcePoliciescloudasset.assets.exportComputeServiceAttachmentscloudasset.assets.exportComputeSslPoliciescloudasset.assets.exportComputeVpnGatewayscloudasset.assets.exportConnectorsConnectionscloudasset.assets.exportConnectorsConnectorVersionscloudasset.assets.exportConnectorsConnectorscloudasset.assets.exportConnectorsProviderscloudasset.assets.exportConnectorsRuntimeConfigscloudasset.assets.exportContainerAppsDeploymentcloudasset.assets.exportContainerAppsReplicaSetscloudasset.assets.exportContainerBatchJobscloudasset.assets.exportContainerExtensionsIngressescloudasset.assets.exportContainerJobscloudasset.assets.exportContainerNetworkingIngressescloudasset.assets.exportContainerNetworkingNetworkPoliciescloudasset.assets.exportContainerReplicaSetscloudasset.assets.exportContainerServicescloudasset.assets.exportDataMigrationConnectionProfilescloudasset.assets.exportDataMigrationMigrationJobscloudasset.assets.exportDataflowJobscloudasset.assets.exportDataplexAssetscloudasset.assets.exportDataplexLakescloudasset.assets.exportDataplexTaskscloudasset.assets.exportDataplexZonescloudasset.assets.exportDataprocAutoscalingPoliciescloudasset.assets.exportDataprocBatchescloudasset.assets.exportDataprocSessionscloudasset.assets.exportDataprocWorkflowTemplatescloudasset.assets.exportDatastreamConnectionProfilecloudasset.assets.exportDatastreamPrivateConnectioncloudasset.assets.exportDatastreamStreamcloudasset.assets.exportDialogflowAgentscloudasset.assets.exportDialogflowConversationProfilescloudasset.assets.exportDialogflowKnowledgeBasescloudasset.assets.exportDialogflowLocationSettingscloudasset.assets.exportDlpDeidentifyTemplatescloudasset.assets.exportDlpDlpJobscloudasset.assets.exportDlpInspectTemplatescloudasset.assets.exportDlpJobTriggerscloudasset.assets.exportDlpStoredInfoTypescloudasset.assets.exportDomainsRegistrationscloudasset.assets.exportEventarcTriggerscloudasset.assets.exportFileBackupscloudasset.assets.exportFileInstancescloudasset.assets.exportFirebaseAppInfoscloudasset.assets.exportFirebaseProjectscloudasset.assets.exportFirestoreDatabasescloudasset.assets.exportGKEHubFeaturescloudasset.assets.exportGKEHubMembershipscloudasset.assets.exportGameservicesGameServerClusterscloudasset.assets.exportGameservicesGameServerConfigscloudasset.assets.exportGameservicesGameServerDeploymentscloudasset.assets.exportGameservicesRealmscloudasset.assets.exportGkeBackupBackupPlanscloudasset.assets.exportGkeBackupBackupscloudasset.assets.exportGkeBackupRestorePlanscloudasset.assets.exportGkeBackupRestorescloudasset.assets.exportGkeBackupVolumeBackupscloudasset.assets.exportGkeBackupVolumeRestorescloudasset.assets.exportHealthcareConsentStorescloudasset.assets.exportHealthcareDatasetscloudasset.assets.exportHealthcareDicomStorescloudasset.assets.exportHealthcareFhirStorescloudasset.assets.exportHealthcareHl7V2Storescloudasset.assets.exportIapTunnelcloudasset.assets.exportIapTunnelInstancescloudasset.assets.exportIapTunnelZonescloudasset.assets.exportIapWebcloudasset.assets.exportIapWebServiceVersioncloudasset.assets.exportIapWebServicescloudasset.assets.exportIapWebTypecloudasset.assets.exportIdsEndpointscloudasset.assets.exportIntegrationsAuthConfigscloudasset.assets.exportIntegrationsCertificatescloudasset.assets.exportIntegrationsExecutionscloudasset.assets.exportIntegrationsIntegrationVersionscloudasset.assets.exportIntegrationsIntegrationscloudasset.assets.exportIntegrationsSfdcChannelscloudasset.assets.exportIntegrationsSfdcInstancescloudasset.assets.exportIntegrationsSuspensionscloudasset.assets.exportLoggingLogMetricscloudasset.assets.exportLoggingLogSinkscloudasset.assets.exportMetastoreBackupscloudasset.assets.exportMetastoreMetadataImportscloudasset.assets.exportMetastoreServicescloudasset.assets.exportMonitoringAlertPoliciescloudasset.assets.exportNetworkConnectivityHubscloudasset.assets.exportNetworkConnectivitySpokescloudasset.assets.exportNetworkManagementConnectivityTestscloudasset.assets.exportNetworkServicesEndpointPoliciescloudasset.assets.exportNetworkServicesGatewayscloudasset.assets.exportNetworkServicesGrpcRoutescloudasset.assets.exportNetworkServicesHttpRoutescloudasset.assets.exportNetworkServicesMeshescloudasset.assets.exportNetworkServicesServiceBindingscloudasset.assets.exportNetworkServicesTcpRoutescloudasset.assets.exportNetworkServicesTlsRoutescloudasset.assets.exportOSConfigOSPolicyAssignmentReportscloudasset.assets.exportOSConfigOSPolicyAssignmentscloudasset.assets.exportOSConfigVulnerabilityReportscloudasset.assets.exportPatchDeploymentscloudasset.assets.exportPubsubSnapshotscloudasset.assets.exportRedisInstancescloudasset.assets.exportServiceDirectoryNamespacescloudasset.assets.exportServiceconsumermanagementConsumerPropertycloudasset.assets.exportServiceconsumermanagementConsumerQuotaLimitscloudasset.assets.exportServiceconsumermanagementConsumerscloudasset.assets.exportServiceconsumermanagementProducerOverridescloudasset.assets.exportServiceconsumermanagementTenancyUnitscloudasset.assets.exportServiceconsumermanagementVisibilitycloudasset.assets.exportServiceusageAdminOverridescloudasset.assets.exportServiceusageConsumerOverridescloudasset.assets.exportServiceusageServicescloudasset.assets.exportSpannerBackupscloudasset.assets.exportSpeakerIdPhrasescloudasset.assets.exportSpeakerIdSettingscloudasset.assets.exportSpeakerIdSpeakerscloudasset.assets.exportSpeechCustomClassescloudasset.assets.exportSpeechPhraseSetscloudasset.assets.exportSqladminBackupRunscloudasset.assets.exportTpuNodescloudasset.assets.exportVpcaccessConnectorcloudasset.assets.listAccessLevelcloudasset.assets.listAiplatformBatchPredictionJobscloudasset.assets.listAiplatformCustomJobscloudasset.assets.listAiplatformDataLabelingJobscloudasset.assets.listAiplatformDatasetscloudasset.assets.listAiplatformEndpointscloudasset.assets.listAiplatformHyperparameterTuningJobscloudasset.assets.listAiplatformMetadataStorescloudasset.assets.listAiplatformModelDeploymentMonitoringJobscloudasset.assets.listAiplatformModelscloudasset.assets.listAiplatformPipelineJobscloudasset.assets.listAiplatformSpecialistPoolscloudasset.assets.listAiplatformTrainingPipelinescloudasset.assets.listAllAccessPolicycloudasset.assets.listAnthosConnectedClustercloudasset.assets.listAnthosedgeClustercloudasset.assets.listApigatewayApicloudasset.assets.listApigatewayApiConfigcloudasset.assets.listApigatewayGatewaycloudasset.assets.listApikeysKeyscloudasset.assets.listAppengineApplicationscloudasset.assets.listAppengineServicescloudasset.assets.listAppengineVersionscloudasset.assets.listArtifactregistryDockerImagescloudasset.assets.listArtifactregistryRepositoriescloudasset.assets.listAssuredWorkloadsWorkloadscloudasset.assets.listBeyondCorpApiGatewayscloudasset.assets.listBeyondCorpAppConnectionscloudasset.assets.listBeyondCorpAppConnectorscloudasset.assets.listBeyondCorpClientConnectorServicescloudasset.assets.listBeyondCorpClientGatewayscloudasset.assets.listBigqueryDatasetscloudasset.assets.listBigqueryModelscloudasset.assets.listBigqueryTablescloudasset.assets.listBigtableAppProfilecloudasset.assets.listBigtableBackupcloudasset.assets.listBigtableClustercloudasset.assets.listBigtableInstancecloudasset.assets.listBigtableTablecloudasset.assets.listCloudAssetFeedscloudasset.assets.listCloudDeployDeliveryPipelinescloudasset.assets.listCloudDeployReleasescloudasset.assets.listCloudDeployRolloutscloudasset.assets.listCloudDeployTargetscloudasset.assets.listCloudDocumentAIEvaluationcloudasset.assets.listCloudDocumentAIHumanReviewConfigcloudasset.assets.listCloudDocumentAILabelerPoolcloudasset.assets.listCloudDocumentAIProcessorcloudasset.assets.listCloudDocumentAIProcessorVersioncloudasset.assets.listCloudbillingBillingAccountscloudasset.assets.listCloudbillingProjectBillingInfoscloudasset.assets.listCloudfunctionsFunctionscloudasset.assets.listCloudfunctionsGen2Functionscloudasset.assets.listCloudkmsCryptoKeyVersionscloudasset.assets.listCloudkmsEkmConnectionscloudasset.assets.listCloudkmsImportJobscloudasset.assets.listCloudkmsKeyRingscloudasset.assets.listCloudmemcacheInstancescloudasset.assets.listCloudresourcemanagerFolderscloudasset.assets.listCloudresourcemanagerOrganizationscloudasset.assets.listCloudresourcemanagerProjectscloudasset.assets.listCloudresourcemanagerTagBindingscloudasset.assets.listCloudresourcemanagerTagKeyscloudasset.assets.listCloudresourcemanagerTagValuescloudasset.assets.listComposerEnvironmentscloudasset.assets.listComputeAddresscloudasset.assets.listComputeAutoscalerscloudasset.assets.listComputeBackendBucketscloudasset.assets.listComputeBackendServicescloudasset.assets.listComputeCommitmentscloudasset.assets.listComputeDiskscloudasset.assets.listComputeExternalVpnGatewayscloudasset.assets.listComputeFirewallPoliciescloudasset.assets.listComputeFirewallscloudasset.assets.listComputeForwardingRulescloudasset.assets.listComputeGlobalAddresscloudasset.assets.listComputeGlobalForwardingRulescloudasset.assets.listComputeHealthCheckscloudasset.assets.listComputeHttpHealthCheckscloudasset.assets.listComputeHttpsHealthCheckscloudasset.assets.listComputeImagescloudasset.assets.listComputeInstanceGroupManagerscloudasset.assets.listComputeInstanceGroupscloudasset.assets.listComputeInstanceTemplatescloudasset.assets.listComputeInstancescloudasset.assets.listComputeInterconnectcloudasset.assets.listComputeInterconnectAttachmentcloudasset.assets.listComputeLicensescloudasset.assets.listComputeNetworkEndpointGroupscloudasset.assets.listComputeNetworkscloudasset.assets.listComputeNodeGroupscloudasset.assets.listComputeNodeTemplatescloudasset.assets.listComputePacketMirroringscloudasset.assets.listComputeProjectscloudasset.assets.listComputeRegionAutoscalercloudasset.assets.listComputeRegionBackendServicescloudasset.assets.listComputeRegionDiskcloudasset.assets.listComputeRegionInstanceGroupcloudasset.assets.listComputeRegionInstanceGroupManagercloudasset.assets.listComputeReservationscloudasset.assets.listComputeResourcePoliciescloudasset.assets.listComputeRouterscloudasset.assets.listComputeRoutescloudasset.assets.listComputeSecurityPolicycloudasset.assets.listComputeServiceAttachmentscloudasset.assets.listComputeSnapshotscloudasset.assets.listComputeSslCertificatescloudasset.assets.listComputeSslPoliciescloudasset.assets.listComputeSubnetworkscloudasset.assets.listComputeTargetHttpProxiescloudasset.assets.listComputeTargetHttpsProxiescloudasset.assets.listComputeTargetInstancescloudasset.assets.listComputeTargetPoolscloudasset.assets.listComputeTargetSslProxiescloudasset.assets.listComputeTargetTcpProxiescloudasset.assets.listComputeTargetVpnGatewayscloudasset.assets.listComputeUrlMapscloudasset.assets.listComputeVpnGatewayscloudasset.assets.listComputeVpnTunnelscloudasset.assets.listConnectorsConnectionscloudasset.assets.listConnectorsConnectorVersionscloudasset.assets.listConnectorsConnectorscloudasset.assets.listConnectorsProviderscloudasset.assets.listConnectorsRuntimeConfigscloudasset.assets.listContainerAppsDeploymentcloudasset.assets.listContainerAppsReplicaSetscloudasset.assets.listContainerBatchJobscloudasset.assets.listContainerClusterrolecloudasset.assets.listContainerClusterrolebindingcloudasset.assets.listContainerClusterscloudasset.assets.listContainerExtensionsIngressescloudasset.assets.listContainerJobscloudasset.assets.listContainerNamespacecloudasset.assets.listContainerNetworkingIngressescloudasset.assets.listContainerNetworkingNetworkPoliciescloudasset.assets.listContainerNodecloudasset.assets.listContainerNodepoolcloudasset.assets.listContainerPodcloudasset.assets.listContainerReplicaSetscloudasset.assets.listContainerRolecloudasset.assets.listContainerRolebindingcloudasset.assets.listContainerServicescloudasset.assets.listContainerregistryImagecloudasset.assets.listDataMigrationConnectionProfilescloudasset.assets.listDataMigrationMigrationJobscloudasset.assets.listDataflowJobscloudasset.assets.listDatafusionInstancecloudasset.assets.listDataplexAssetscloudasset.assets.listDataplexLakescloudasset.assets.listDataplexTaskscloudasset.assets.listDataplexZonescloudasset.assets.listDataprocAutoscalingPoliciescloudasset.assets.listDataprocBatchescloudasset.assets.listDataprocClusterscloudasset.assets.listDataprocJobscloudasset.assets.listDataprocSessionscloudasset.assets.listDataprocWorkflowTemplatescloudasset.assets.listDatastreamConnectionProfilecloudasset.assets.listDatastreamPrivateConnectioncloudasset.assets.listDatastreamStreamcloudasset.assets.listDialogflowAgentscloudasset.assets.listDialogflowConversationProfilescloudasset.assets.listDialogflowKnowledgeBasescloudasset.assets.listDialogflowLocationSettingscloudasset.assets.listDlpDeidentifyTemplatescloudasset.assets.listDlpDlpJobscloudasset.assets.listDlpInspectTemplatescloudasset.assets.listDlpJobTriggerscloudasset.assets.listDlpStoredInfoTypescloudasset.assets.listDnsManagedZonescloudasset.assets.listDnsPoliciescloudasset.assets.listDomainsRegistrationscloudasset.assets.listEventarcTriggerscloudasset.assets.listFileBackupscloudasset.assets.listFileInstancescloudasset.assets.listFirebaseAppInfoscloudasset.assets.listFirebaseProjectscloudasset.assets.listFirestoreDatabasescloudasset.assets.listGKEHubFeaturescloudasset.assets.listGKEHubMembershipscloudasset.assets.listGameservicesGameServerClusterscloudasset.assets.listGameservicesGameServerConfigscloudasset.assets.listGameservicesGameServerDeploymentscloudasset.assets.listGameservicesRealmscloudasset.assets.listGkeBackupBackupPlanscloudasset.assets.listGkeBackupBackupscloudasset.assets.listGkeBackupRestorePlanscloudasset.assets.listGkeBackupRestorescloudasset.assets.listGkeBackupVolumeBackupscloudasset.assets.listGkeBackupVolumeRestorescloudasset.assets.listHealthcareConsentStorescloudasset.assets.listHealthcareDatasetscloudasset.assets.listHealthcareDicomStorescloudasset.assets.listHealthcareFhirStorescloudasset.assets.listHealthcareHl7V2Storescloudasset.assets.listIamRolescloudasset.assets.listIamServiceAccountKeyscloudasset.assets.listIamServiceAccountscloudasset.assets.listIapTunnelcloudasset.assets.listIapTunnelInstancescloudasset.assets.listIapTunnelZonescloudasset.assets.listIapWebcloudasset.assets.listIapWebServiceVersioncloudasset.assets.listIapWebServicescloudasset.assets.listIapWebTypecloudasset.assets.listIdsEndpointscloudasset.assets.listIntegrationsAuthConfigscloudasset.assets.listIntegrationsCertificatescloudasset.assets.listIntegrationsExecutionscloudasset.assets.listIntegrationsIntegrationVersionscloudasset.assets.listIntegrationsIntegrationscloudasset.assets.listIntegrationsSfdcChannelscloudasset.assets.listIntegrationsSfdcInstancescloudasset.assets.listIntegrationsSuspensionscloudasset.assets.listLoggingLogMetricscloudasset.assets.listLoggingLogSinkscloudasset.assets.listManagedidentitiesDomaincloudasset.assets.listMetastoreBackupscloudasset.assets.listMetastoreMetadataImportscloudasset.assets.listMetastoreServicescloudasset.assets.listMonitoringAlertPoliciescloudasset.assets.listNetworkConnectivityHubscloudasset.assets.listNetworkConnectivitySpokescloudasset.assets.listNetworkManagementConnectivityTestscloudasset.assets.listNetworkServicesEndpointPoliciescloudasset.assets.listNetworkServicesGatewayscloudasset.assets.listNetworkServicesGrpcRoutescloudasset.assets.listNetworkServicesHttpRoutescloudasset.assets.listNetworkServicesMeshescloudasset.assets.listNetworkServicesServiceBindingscloudasset.assets.listNetworkServicesTcpRoutescloudasset.assets.listNetworkServicesTlsRoutescloudasset.assets.listOSConfigOSPolicyAssignmentReportscloudasset.assets.listOSConfigOSPolicyAssignmentscloudasset.assets.listOSConfigVulnerabilityReportscloudasset.assets.listPatchDeploymentscloudasset.assets.listPubsubSnapshotscloudasset.assets.listPubsubSubscriptionscloudasset.assets.listPubsubTopicscloudasset.assets.listRedisInstancescloudasset.assets.listRunDomainMappingcloudasset.assets.listRunRevisioncloudasset.assets.listRunServicecloudasset.assets.listServiceDirectoryNamespacescloudasset.assets.listServicePerimetercloudasset.assets.listServiceconsumermanagementConsumerPropertycloudasset.assets.listServiceconsumermanagementConsumerQuotaLimitscloudasset.assets.listServiceconsumermanagementConsumerscloudasset.assets.listServiceconsumermanagementProducerOverridescloudasset.assets.listServiceconsumermanagementTenancyUnitscloudasset.assets.listServiceconsumermanagementVisibilitycloudasset.assets.listServicemanagementServicescloudasset.assets.listServiceusageAdminOverridescloudasset.assets.listServiceusageConsumerOverridescloudasset.assets.listServiceusageServicescloudasset.assets.listSpannerBackupscloudasset.assets.listSpannerDatabasescloudasset.assets.listSpannerInstancescloudasset.assets.listSpeakerIdPhrasescloudasset.assets.listSpeakerIdSettingscloudasset.assets.listSpeakerIdSpeakerscloudasset.assets.listSpeechCustomClassescloudasset.assets.listSpeechPhraseSetscloudasset.assets.listSqladminBackupRunscloudasset.assets.listSqladminInstancescloudasset.assets.listStorageBucketscloudasset.assets.listTpuNodescloudasset.assets.listVpcaccessConnector |
| Cloud Asset Inventory | Supported In Custom Roles |
cloudasset.assets.exportAccessLevelcloudasset.assets.exportAiplatformBatchPredictionJobscloudasset.assets.exportAiplatformCustomJobscloudasset.assets.exportAiplatformDataLabelingJobscloudasset.assets.exportAiplatformDatasetscloudasset.assets.exportAiplatformEndpointscloudasset.assets.exportAiplatformHyperparameterTuningJobscloudasset.assets.exportAiplatformMetadataStorescloudasset.assets.exportAiplatformModelDeploymentMonitoringJobscloudasset.assets.exportAiplatformModelscloudasset.assets.exportAiplatformPipelineJobscloudasset.assets.exportAiplatformSpecialistPoolscloudasset.assets.exportAiplatformTrainingPipelinescloudasset.assets.exportAllAccessPolicycloudasset.assets.exportAnthosConnectedClustercloudasset.assets.exportAnthosedgeClustercloudasset.assets.exportApigatewayApicloudasset.assets.exportApigatewayApiConfigcloudasset.assets.exportApigatewayGatewaycloudasset.assets.exportApikeysKeyscloudasset.assets.exportAppengineApplicationscloudasset.assets.exportAppengineServicescloudasset.assets.exportAppengineVersionscloudasset.assets.exportArtifactregistryDockerImagescloudasset.assets.exportArtifactregistryRepositoriescloudasset.assets.exportAssuredWorkloadsWorkloadscloudasset.assets.exportBeyondCorpApiGatewayscloudasset.assets.exportBeyondCorpAppConnectionscloudasset.assets.exportBeyondCorpAppConnectorscloudasset.assets.exportBeyondCorpClientConnectorServicescloudasset.assets.exportBeyondCorpClientGatewayscloudasset.assets.exportBigqueryDatasetscloudasset.assets.exportBigqueryModelscloudasset.assets.exportBigqueryTablescloudasset.assets.exportBigtableAppProfilecloudasset.assets.exportBigtableBackupcloudasset.assets.exportBigtableClustercloudasset.assets.exportBigtableInstancecloudasset.assets.exportBigtableTablecloudasset.assets.exportCloudAssetFeedscloudasset.assets.exportCloudDeployDeliveryPipelinescloudasset.assets.exportCloudDeployReleasescloudasset.assets.exportCloudDeployRolloutscloudasset.assets.exportCloudDeployTargetscloudasset.assets.exportCloudDocumentAIEvaluationcloudasset.assets.exportCloudDocumentAIHumanReviewConfigcloudasset.assets.exportCloudDocumentAILabelerPoolcloudasset.assets.exportCloudDocumentAIProcessorcloudasset.assets.exportCloudDocumentAIProcessorVersioncloudasset.assets.exportCloudbillingBillingAccountscloudasset.assets.exportCloudbillingProjectBillingInfoscloudasset.assets.exportCloudfunctionsFunctionscloudasset.assets.exportCloudfunctionsGen2Functionscloudasset.assets.exportCloudkmsCryptoKeyVersionscloudasset.assets.exportCloudkmsCryptoKeyscloudasset.assets.exportCloudkmsEkmConnectionscloudasset.assets.exportCloudkmsKeyRingscloudasset.assets.exportCloudmemcacheInstancescloudasset.assets.exportCloudresourcemanagerFolderscloudasset.assets.exportCloudresourcemanagerOrganizationscloudasset.assets.exportCloudresourcemanagerProjectscloudasset.assets.exportCloudresourcemanagerTagBindingscloudasset.assets.exportCloudresourcemanagerTagKeyscloudasset.assets.exportCloudresourcemanagerTagValuescloudasset.assets.exportComposerEnvironmentscloudasset.assets.exportComputeAddresscloudasset.assets.exportComputeAutoscalerscloudasset.assets.exportComputeBackendBucketscloudasset.assets.exportComputeBackendServicescloudasset.assets.exportComputeCommitmentscloudasset.assets.exportComputeDiskscloudasset.assets.exportComputeExternalVpnGatewayscloudasset.assets.exportComputeFirewallPoliciescloudasset.assets.exportComputeFirewallscloudasset.assets.exportComputeForwardingRulescloudasset.assets.exportComputeGlobalAddresscloudasset.assets.exportComputeGlobalForwardingRulescloudasset.assets.exportComputeHealthCheckscloudasset.assets.exportComputeHttpHealthCheckscloudasset.assets.exportComputeHttpsHealthCheckscloudasset.assets.exportComputeImagescloudasset.assets.exportComputeInstanceGroupManagerscloudasset.assets.exportComputeInstanceGroupscloudasset.assets.exportComputeInstanceTemplatescloudasset.assets.exportComputeInstancescloudasset.assets.exportComputeInterconnectcloudasset.assets.exportComputeInterconnectAttachmentcloudasset.assets.exportComputeLicensescloudasset.assets.exportComputeNetworkEndpointGroupscloudasset.assets.exportComputeNetworkscloudasset.assets.exportComputeNodeGroupscloudasset.assets.exportComputeNodeTemplatescloudasset.assets.exportComputePacketMirroringscloudasset.assets.exportComputeProjectscloudasset.assets.exportComputeRegionAutoscalercloudasset.assets.exportComputeRegionBackendServicescloudasset.assets.exportComputeRegionDiskcloudasset.assets.exportComputeRegionInstanceGroupcloudasset.assets.exportComputeRegionInstanceGroupManagercloudasset.assets.exportComputeReservationscloudasset.assets.exportComputeResourcePoliciescloudasset.assets.exportComputeRouterscloudasset.assets.exportComputeRoutescloudasset.assets.exportComputeSecurityPolicycloudasset.assets.exportComputeServiceAttachmentscloudasset.assets.exportComputeSnapshotscloudasset.assets.exportComputeSslCertificatescloudasset.assets.exportComputeSslPoliciescloudasset.assets.exportComputeSubnetworkscloudasset.assets.exportComputeTargetHttpProxiescloudasset.assets.exportComputeTargetHttpsProxiescloudasset.assets.exportComputeTargetInstancescloudasset.assets.exportComputeTargetPoolscloudasset.assets.exportComputeTargetSslProxiescloudasset.assets.exportComputeTargetTcpProxiescloudasset.assets.exportComputeTargetVpnGatewayscloudasset.assets.exportComputeUrlMapscloudasset.assets.exportComputeVpnGatewayscloudasset.assets.exportComputeVpnTunnelscloudasset.assets.exportConnectorsConnectionscloudasset.assets.exportConnectorsConnectorVersionscloudasset.assets.exportConnectorsConnectorscloudasset.assets.exportConnectorsProviderscloudasset.assets.exportConnectorsRuntimeConfigscloudasset.assets.exportContainerAppsDeploymentcloudasset.assets.exportContainerAppsReplicaSetscloudasset.assets.exportContainerBatchJobscloudasset.assets.exportContainerClusterrolecloudasset.assets.exportContainerClusterrolebindingcloudasset.assets.exportContainerClusterscloudasset.assets.exportContainerExtensionsIngressescloudasset.assets.exportContainerJobscloudasset.assets.exportContainerNamespacecloudasset.assets.exportContainerNetworkingIngressescloudasset.assets.exportContainerNetworkingNetworkPoliciescloudasset.assets.exportContainerNodecloudasset.assets.exportContainerNodepoolcloudasset.assets.exportContainerPodcloudasset.assets.exportContainerReplicaSetscloudasset.assets.exportContainerRolecloudasset.assets.exportContainerRolebindingcloudasset.assets.exportContainerServicescloudasset.assets.exportContainerregistryImagecloudasset.assets.exportDataMigrationConnectionProfilescloudasset.assets.exportDataMigrationMigrationJobscloudasset.assets.exportDataflowJobscloudasset.assets.exportDatafusionInstancecloudasset.assets.exportDataplexAssetscloudasset.assets.exportDataplexLakescloudasset.assets.exportDataplexTaskscloudasset.assets.exportDataplexZonescloudasset.assets.exportDataprocAutoscalingPoliciescloudasset.assets.exportDataprocBatchescloudasset.assets.exportDataprocClusterscloudasset.assets.exportDataprocJobscloudasset.assets.exportDataprocSessionscloudasset.assets.exportDataprocWorkflowTemplatescloudasset.assets.exportDatastreamConnectionProfilecloudasset.assets.exportDatastreamPrivateConnectioncloudasset.assets.exportDatastreamStreamcloudasset.assets.exportDialogflowAgentscloudasset.assets.exportDialogflowConversationProfilescloudasset.assets.exportDialogflowKnowledgeBasescloudasset.assets.exportDialogflowLocationSettingscloudasset.assets.exportDlpDeidentifyTemplatescloudasset.assets.exportDlpDlpJobscloudasset.assets.exportDlpInspectTemplatescloudasset.assets.exportDlpJobTriggerscloudasset.assets.exportDlpStoredInfoTypescloudasset.assets.exportDnsManagedZonescloudasset.assets.exportDnsPoliciescloudasset.assets.exportDomainsRegistrationscloudasset.assets.exportEventarcTriggerscloudasset.assets.exportFileBackupscloudasset.assets.exportFileInstancescloudasset.assets.exportFirebaseAppInfoscloudasset.assets.exportFirebaseProjectscloudasset.assets.exportFirestoreDatabasescloudasset.assets.exportGKEHubFeaturescloudasset.assets.exportGKEHubMembershipscloudasset.assets.exportGameservicesGameServerClusterscloudasset.assets.exportGameservicesGameServerConfigscloudasset.assets.exportGameservicesGameServerDeploymentscloudasset.assets.exportGameservicesRealmscloudasset.assets.exportGkeBackupBackupPlanscloudasset.assets.exportGkeBackupBackupscloudasset.assets.exportGkeBackupRestorePlanscloudasset.assets.exportGkeBackupRestorescloudasset.assets.exportGkeBackupVolumeBackupscloudasset.assets.exportGkeBackupVolumeRestorescloudasset.assets.exportHealthcareConsentStorescloudasset.assets.exportHealthcareDatasetscloudasset.assets.exportHealthcareDicomStorescloudasset.assets.exportHealthcareFhirStorescloudasset.assets.exportHealthcareHl7V2Storescloudasset.assets.exportIamRolescloudasset.assets.exportIamServiceAccountKeyscloudasset.assets.exportIamServiceAccountscloudasset.assets.exportIdsEndpointscloudasset.assets.exportIntegrationsAuthConfigscloudasset.assets.exportIntegrationsCertificatescloudasset.assets.exportIntegrationsExecutionscloudasset.assets.exportIntegrationsIntegrationVersionscloudasset.assets.exportIntegrationsIntegrationscloudasset.assets.exportIntegrationsSfdcChannelscloudasset.assets.exportIntegrationsSfdcInstancescloudasset.assets.exportIntegrationsSuspensionscloudasset.assets.exportManagedidentitiesDomaincloudasset.assets.exportMetastoreBackupscloudasset.assets.exportMetastoreMetadataImportscloudasset.assets.exportMetastoreServicescloudasset.assets.exportMonitoringAlertPoliciescloudasset.assets.exportNetworkConnectivityHubscloudasset.assets.exportNetworkConnectivitySpokescloudasset.assets.exportNetworkManagementConnectivityTestscloudasset.assets.exportNetworkServicesEndpointPoliciescloudasset.assets.exportNetworkServicesGatewayscloudasset.assets.exportNetworkServicesGrpcRoutescloudasset.assets.exportNetworkServicesHttpRoutescloudasset.assets.exportNetworkServicesMeshescloudasset.assets.exportNetworkServicesServiceBindingscloudasset.assets.exportNetworkServicesTcpRoutescloudasset.assets.exportNetworkServicesTlsRoutescloudasset.assets.exportOSConfigOSPolicyAssignmentReportscloudasset.assets.exportOSConfigOSPolicyAssignmentscloudasset.assets.exportOSConfigVulnerabilityReportscloudasset.assets.exportPatchDeploymentscloudasset.assets.exportPubsubSnapshotscloudasset.assets.exportPubsubSubscriptionscloudasset.assets.exportPubsubTopicscloudasset.assets.exportRedisInstancescloudasset.assets.exportServiceDirectoryNamespacescloudasset.assets.exportServicePerimetercloudasset.assets.exportServiceconsumermanagementConsumerPropertycloudasset.assets.exportServiceconsumermanagementConsumerQuotaLimitscloudasset.assets.exportServiceconsumermanagementConsumerscloudasset.assets.exportServiceconsumermanagementProducerOverridescloudasset.assets.exportServiceconsumermanagementTenancyUnitscloudasset.assets.exportServiceconsumermanagementVisibilitycloudasset.assets.exportServicemanagementServicescloudasset.assets.exportServiceusageAdminOverridescloudasset.assets.exportServiceusageConsumerOverridescloudasset.assets.exportServiceusageServicescloudasset.assets.exportSpannerBackupscloudasset.assets.exportSpannerDatabasescloudasset.assets.exportSpannerInstancescloudasset.assets.exportSpeakerIdPhrasescloudasset.assets.exportSpeakerIdSettingscloudasset.assets.exportSpeakerIdSpeakerscloudasset.assets.exportSpeechCustomClassescloudasset.assets.exportSpeechPhraseSetscloudasset.assets.exportSqladminBackupRunscloudasset.assets.exportSqladminInstancescloudasset.assets.exportStorageBucketscloudasset.assets.exportTpuNodescloudasset.assets.exportVpcaccessConnectorcloudasset.assets.listAccessLevelcloudasset.assets.listAiplatformBatchPredictionJobscloudasset.assets.listAiplatformCustomJobscloudasset.assets.listAiplatformDataLabelingJobscloudasset.assets.listAiplatformDatasetscloudasset.assets.listAiplatformEndpointscloudasset.assets.listAiplatformHyperparameterTuningJobscloudasset.assets.listAiplatformMetadataStorescloudasset.assets.listAiplatformModelDeploymentMonitoringJobscloudasset.assets.listAiplatformModelscloudasset.assets.listAiplatformPipelineJobscloudasset.assets.listAiplatformSpecialistPoolscloudasset.assets.listAiplatformTrainingPipelinescloudasset.assets.listAllAccessPolicycloudasset.assets.listAnthosConnectedClustercloudasset.assets.listAnthosedgeClustercloudasset.assets.listApigatewayApicloudasset.assets.listApigatewayApiConfigcloudasset.assets.listApigatewayGatewaycloudasset.assets.listApikeysKeyscloudasset.assets.listAppengineApplicationscloudasset.assets.listAppengineServicescloudasset.assets.listAppengineVersionscloudasset.assets.listArtifactregistryDockerImagescloudasset.assets.listArtifactregistryRepositoriescloudasset.assets.listAssuredWorkloadsWorkloadscloudasset.assets.listBeyondCorpApiGatewayscloudasset.assets.listBeyondCorpAppConnectionscloudasset.assets.listBeyondCorpAppConnectorscloudasset.assets.listBeyondCorpClientConnectorServicescloudasset.assets.listBeyondCorpClientGatewayscloudasset.assets.listBigqueryDatasetscloudasset.assets.listBigqueryModelscloudasset.assets.listBigqueryTablescloudasset.assets.listBigtableAppProfilecloudasset.assets.listBigtableBackupcloudasset.assets.listBigtableClustercloudasset.assets.listBigtableInstancecloudasset.assets.listBigtableTablecloudasset.assets.listCloudAssetFeedscloudasset.assets.listCloudDeployDeliveryPipelinescloudasset.assets.listCloudDeployReleasescloudasset.assets.listCloudDeployRolloutscloudasset.assets.listCloudDeployTargetscloudasset.assets.listCloudDocumentAIEvaluationcloudasset.assets.listCloudDocumentAIHumanReviewConfigcloudasset.assets.listCloudDocumentAILabelerPoolcloudasset.assets.listCloudDocumentAIProcessorcloudasset.assets.listCloudDocumentAIProcessorVersioncloudasset.assets.listCloudbillingBillingAccountscloudasset.assets.listCloudbillingProjectBillingInfoscloudasset.assets.listCloudfunctionsFunctionscloudasset.assets.listCloudfunctionsGen2Functionscloudasset.assets.listCloudkmsCryptoKeyVersionscloudasset.assets.listCloudkmsEkmConnectionscloudasset.assets.listCloudkmsImportJobscloudasset.assets.listCloudkmsKeyRingscloudasset.assets.listCloudmemcacheInstancescloudasset.assets.listCloudresourcemanagerFolderscloudasset.assets.listCloudresourcemanagerOrganizationscloudasset.assets.listCloudresourcemanagerProjectscloudasset.assets.listCloudresourcemanagerTagBindingscloudasset.assets.listCloudresourcemanagerTagKeyscloudasset.assets.listCloudresourcemanagerTagValuescloudasset.assets.listComposerEnvironmentscloudasset.assets.listComputeAddresscloudasset.assets.listComputeAutoscalerscloudasset.assets.listComputeBackendBucketscloudasset.assets.listComputeBackendServicescloudasset.assets.listComputeCommitmentscloudasset.assets.listComputeDiskscloudasset.assets.listComputeExternalVpnGatewayscloudasset.assets.listComputeFirewallPoliciescloudasset.assets.listComputeFirewallscloudasset.assets.listComputeForwardingRulescloudasset.assets.listComputeGlobalAddresscloudasset.assets.listComputeGlobalForwardingRulescloudasset.assets.listComputeHealthCheckscloudasset.assets.listComputeHttpHealthCheckscloudasset.assets.listComputeHttpsHealthCheckscloudasset.assets.listComputeImagescloudasset.assets.listComputeInstanceGroupManagerscloudasset.assets.listComputeInstanceGroupscloudasset.assets.listComputeInstanceTemplatescloudasset.assets.listComputeInstancescloudasset.assets.listComputeInterconnectcloudasset.assets.listComputeInterconnectAttachmentcloudasset.assets.listComputeLicensescloudasset.assets.listComputeNetworkEndpointGroupscloudasset.assets.listComputeNetworkscloudasset.assets.listComputeNodeGroupscloudasset.assets.listComputeNodeTemplatescloudasset.assets.listComputePacketMirroringscloudasset.assets.listComputeProjectscloudasset.assets.listComputeRegionAutoscalercloudasset.assets.listComputeRegionBackendServicescloudasset.assets.listComputeRegionDiskcloudasset.assets.listComputeRegionInstanceGroupcloudasset.assets.listComputeRegionInstanceGroupManagercloudasset.assets.listComputeReservationscloudasset.assets.listComputeResourcePoliciescloudasset.assets.listComputeRouterscloudasset.assets.listComputeRoutescloudasset.assets.listComputeSecurityPolicycloudasset.assets.listComputeServiceAttachmentscloudasset.assets.listComputeSnapshotscloudasset.assets.listComputeSslCertificatescloudasset.assets.listComputeSslPoliciescloudasset.assets.listComputeSubnetworkscloudasset.assets.listComputeTargetHttpProxiescloudasset.assets.listComputeTargetHttpsProxiescloudasset.assets.listComputeTargetInstancescloudasset.assets.listComputeTargetPoolscloudasset.assets.listComputeTargetSslProxiescloudasset.assets.listComputeTargetTcpProxiescloudasset.assets.listComputeTargetVpnGatewayscloudasset.assets.listComputeUrlMapscloudasset.assets.listComputeVpnGatewayscloudasset.assets.listComputeVpnTunnelscloudasset.assets.listConnectorsConnectionscloudasset.assets.listConnectorsConnectorVersionscloudasset.assets.listConnectorsConnectorscloudasset.assets.listConnectorsProviderscloudasset.assets.listConnectorsRuntimeConfigscloudasset.assets.listContainerAppsDeploymentcloudasset.assets.listContainerAppsReplicaSetscloudasset.assets.listContainerBatchJobscloudasset.assets.listContainerClusterrolecloudasset.assets.listContainerClusterrolebindingcloudasset.assets.listContainerClusterscloudasset.assets.listContainerExtensionsIngressescloudasset.assets.listContainerJobscloudasset.assets.listContainerNamespacecloudasset.assets.listContainerNetworkingIngressescloudasset.assets.listContainerNetworkingNetworkPoliciescloudasset.assets.listContainerNodecloudasset.assets.listContainerNodepoolcloudasset.assets.listContainerPodcloudasset.assets.listContainerReplicaSetscloudasset.assets.listContainerRolecloudasset.assets.listContainerRolebindingcloudasset.assets.listContainerServicescloudasset.assets.listContainerregistryImagecloudasset.assets.listDataMigrationConnectionProfilescloudasset.assets.listDataMigrationMigrationJobscloudasset.assets.listDataflowJobscloudasset.assets.listDatafusionInstancecloudasset.assets.listDataplexAssetscloudasset.assets.listDataplexLakescloudasset.assets.listDataplexTaskscloudasset.assets.listDataplexZonescloudasset.assets.listDataprocAutoscalingPoliciescloudasset.assets.listDataprocBatchescloudasset.assets.listDataprocClusterscloudasset.assets.listDataprocJobscloudasset.assets.listDataprocSessionscloudasset.assets.listDataprocWorkflowTemplatescloudasset.assets.listDatastreamConnectionProfilecloudasset.assets.listDatastreamPrivateConnectioncloudasset.assets.listDatastreamStreamcloudasset.assets.listDialogflowAgentscloudasset.assets.listDialogflowConversationProfilescloudasset.assets.listDialogflowKnowledgeBasescloudasset.assets.listDialogflowLocationSettingscloudasset.assets.listDlpDeidentifyTemplatescloudasset.assets.listDlpDlpJobscloudasset.assets.listDlpInspectTemplatescloudasset.assets.listDlpJobTriggerscloudasset.assets.listDlpStoredInfoTypescloudasset.assets.listDnsManagedZonescloudasset.assets.listDnsPoliciescloudasset.assets.listDomainsRegistrationscloudasset.assets.listEventarcTriggerscloudasset.assets.listFileBackupscloudasset.assets.listFileInstancescloudasset.assets.listFirebaseAppInfoscloudasset.assets.listFirebaseProjectscloudasset.assets.listFirestoreDatabasescloudasset.assets.listGKEHubFeaturescloudasset.assets.listGKEHubMembershipscloudasset.assets.listGameservicesGameServerClusterscloudasset.assets.listGameservicesGameServerConfigscloudasset.assets.listGameservicesGameServerDeploymentscloudasset.assets.listGameservicesRealmscloudasset.assets.listGkeBackupBackupPlanscloudasset.assets.listGkeBackupBackupscloudasset.assets.listGkeBackupRestorePlanscloudasset.assets.listGkeBackupRestorescloudasset.assets.listGkeBackupVolumeBackupscloudasset.assets.listGkeBackupVolumeRestorescloudasset.assets.listHealthcareConsentStorescloudasset.assets.listHealthcareDatasetscloudasset.assets.listHealthcareDicomStorescloudasset.assets.listHealthcareFhirStorescloudasset.assets.listHealthcareHl7V2Storescloudasset.assets.listIamRolescloudasset.assets.listIamServiceAccountKeyscloudasset.assets.listIamServiceAccountscloudasset.assets.listIdsEndpointscloudasset.assets.listIntegrationsAuthConfigscloudasset.assets.listIntegrationsCertificatescloudasset.assets.listIntegrationsExecutionscloudasset.assets.listIntegrationsIntegrationVersionscloudasset.assets.listIntegrationsIntegrationscloudasset.assets.listIntegrationsSfdcChannelscloudasset.assets.listIntegrationsSfdcInstancescloudasset.assets.listIntegrationsSuspensionscloudasset.assets.listManagedidentitiesDomaincloudasset.assets.listMetastoreBackupscloudasset.assets.listMetastoreMetadataImportscloudasset.assets.listMetastoreServicescloudasset.assets.listMonitoringAlertPoliciescloudasset.assets.listNetworkConnectivityHubscloudasset.assets.listNetworkConnectivitySpokescloudasset.assets.listNetworkManagementConnectivityTestscloudasset.assets.listNetworkServicesEndpointPoliciescloudasset.assets.listNetworkServicesGatewayscloudasset.assets.listNetworkServicesGrpcRoutescloudasset.assets.listNetworkServicesHttpRoutescloudasset.assets.listNetworkServicesMeshescloudasset.assets.listNetworkServicesServiceBindingscloudasset.assets.listNetworkServicesTcpRoutescloudasset.assets.listNetworkServicesTlsRoutescloudasset.assets.listOSConfigOSPolicyAssignmentReportscloudasset.assets.listOSConfigOSPolicyAssignmentscloudasset.assets.listOSConfigVulnerabilityReportscloudasset.assets.listPatchDeploymentscloudasset.assets.listPubsubSnapshotscloudasset.assets.listPubsubSubscriptionscloudasset.assets.listPubsubTopicscloudasset.assets.listRedisInstancescloudasset.assets.listRunDomainMappingcloudasset.assets.listRunRevisioncloudasset.assets.listRunServicecloudasset.assets.listServiceDirectoryNamespacescloudasset.assets.listServicePerimetercloudasset.assets.listServiceconsumermanagementConsumerPropertycloudasset.assets.listServiceconsumermanagementConsumerQuotaLimitscloudasset.assets.listServiceconsumermanagementConsumerscloudasset.assets.listServiceconsumermanagementProducerOverridescloudasset.assets.listServiceconsumermanagementTenancyUnitscloudasset.assets.listServiceconsumermanagementVisibilitycloudasset.assets.listServicemanagementServicescloudasset.assets.listServiceusageAdminOverridescloudasset.assets.listServiceusageConsumerOverridescloudasset.assets.listServiceusageServicescloudasset.assets.listSpannerBackupscloudasset.assets.listSpannerDatabasescloudasset.assets.listSpannerInstancescloudasset.assets.listSpeakerIdPhrasescloudasset.assets.listSpeakerIdSettingscloudasset.assets.listSpeakerIdSpeakerscloudasset.assets.listSpeechCustomClassescloudasset.assets.listSpeechPhraseSetscloudasset.assets.listSqladminBackupRunscloudasset.assets.listSqladminInstancescloudasset.assets.listStorageBucketscloudasset.assets.listTpuNodescloudasset.assets.listVpcaccessConnector |
| Compute Engine | Added |
compute.serviceAttachments.getIamPolicycompute.serviceAttachments.setIamPolicycompute.serviceAttachments.use |
| Compute Engine | Supported In Custom Roles |
compute.serviceAttachments.getIamPolicycompute.serviceAttachments.setIamPolicycompute.serviceAttachments.use |
| Looker Studio | Added |
datastudio.datasources.deletedatastudio.datasources.getdatastudio.datasources.getIamPolicydatastudio.datasources.movedatastudio.datasources.restoreTrashdatastudio.datasources.searchdatastudio.datasources.setIamPolicydatastudio.datasources.settingsSharedatastudio.datasources.sharedatastudio.datasources.trashdatastudio.datasources.updatedatastudio.reports.deletedatastudio.reports.getdatastudio.reports.getIamPolicydatastudio.reports.movedatastudio.reports.restoreTrashdatastudio.reports.searchdatastudio.reports.setIamPolicydatastudio.reports.settingsSharedatastudio.reports.sharedatastudio.reports.trashdatastudio.reports.updatedatastudio.workspaces.createUnderdatastudio.workspaces.deletedatastudio.workspaces.getdatastudio.workspaces.getIamPolicydatastudio.workspaces.moveIndatastudio.workspaces.moveOutdatastudio.workspaces.restoreTrashdatastudio.workspaces.searchdatastudio.workspaces.setIamPolicydatastudio.workspaces.trashdatastudio.workspaces.update |
| Enterprise Knowledge Graph | Added |
enterpriseknowledgegraph.entityReconciliationJobs.cancelenterpriseknowledgegraph.entityReconciliationJobs.createenterpriseknowledgegraph.entityReconciliationJobs.deleteenterpriseknowledgegraph.entityReconciliationJobs.getenterpriseknowledgegraph.entityReconciliationJobs.list |
| Enterprise Knowledge Graph | Supported In Custom Roles |
enterpriseknowledgegraph.entityReconciliationJobs.delete |
| Google Distributed Cloud | Added |
gkeonprem.bareMetalClusters.queryVersionConfiggkeonprem.vmwareClusters.queryVersionConfig |
| Google Distributed Cloud | Supported In Custom Roles |
gkeonprem.bareMetalClusters.queryVersionConfiggkeonprem.vmwareClusters.queryVersionConfig |
| Google Distributed Cloud | Now GA |
gkeonprem.bareMetalClusters.queryVersionConfiggkeonprem.vmwareClusters.queryVersionConfig |
| Managed Service for Microsoft Active Directory | Added |
managedidentities.domains.checkMigrationPermissionmanagedidentities.domains.disableMigrationmanagedidentities.domains.enableMigration |
| Dataproc Metastore | Added |
metastore.backups.getIamPolicymetastore.backups.setIamPolicy |
| Dataproc Metastore | Supported In Custom Roles |
metastore.backups.getIamPolicymetastore.backups.setIamPolicy |
| Dataproc Metastore | Now GA |
metastore.backups.getIamPolicymetastore.backups.setIamPolicy |
| Public Certificate Authority | Added |
publicca.externalAccountKeys.create |
| Recommender | Added |
recommender.computeFirewallInsightTypeConfigs.getrecommender.computeFirewallInsightTypeConfigs.updaterecommender.gmpGuidedExperienceInsights.getrecommender.gmpGuidedExperienceInsights.listrecommender.gmpGuidedExperienceInsights.updaterecommender.gmpGuidedExperienceRecommendations.getrecommender.gmpGuidedExperienceRecommendations.listrecommender.gmpGuidedExperienceRecommendations.update |
| Recommender | Supported In Custom Roles |
recommender.computeFirewallInsightTypeConfigs.getrecommender.computeFirewallInsightTypeConfigs.updaterecommender.gmpGuidedExperienceInsights.getrecommender.gmpGuidedExperienceInsights.listrecommender.gmpGuidedExperienceInsights.updaterecommender.gmpGuidedExperienceRecommendations.getrecommender.gmpGuidedExperienceRecommendations.listrecommender.gmpGuidedExperienceRecommendations.update |
| Recommender | Now GA |
recommender.computeFirewallInsightTypeConfigs.getrecommender.computeFirewallInsightTypeConfigs.updaterecommender.gmpGuidedExperienceInsights.getrecommender.gmpGuidedExperienceInsights.listrecommender.gmpGuidedExperienceInsights.updaterecommender.gmpGuidedExperienceRecommendations.getrecommender.gmpGuidedExperienceRecommendations.listrecommender.gmpGuidedExperienceRecommendations.update |
| Service Networking | Added |
servicenetworking.services.addDnsRecordSetservicenetworking.services.addDnsZoneservicenetworking.services.deleteConnectionservicenetworking.services.disableVpcServiceControlsservicenetworking.services.enableVpcServiceControlsservicenetworking.services.getConsumerConfigservicenetworking.services.removeDnsRecordSetservicenetworking.services.removeDnsZoneservicenetworking.services.updateConsumerConfigservicenetworking.services.updateDnsRecordSet |
| Service Networking | Supported In Custom Roles |
servicenetworking.services.addDnsRecordSetservicenetworking.services.addDnsZoneservicenetworking.services.deleteConnectionservicenetworking.services.disableVpcServiceControlsservicenetworking.services.enableVpcServiceControlsservicenetworking.services.getConsumerConfigservicenetworking.services.removeDnsRecordSetservicenetworking.services.removeDnsZoneservicenetworking.services.updateConsumerConfigservicenetworking.services.updateDnsRecordSet |
| Spanner | Added |
spanner.instanceConfigOperations.cancelspanner.instanceConfigOperations.deletespanner.instanceConfigOperations.getspanner.instanceConfigOperations.listspanner.instanceConfigs.createspanner.instanceConfigs.deletespanner.instanceConfigs.update |
| Spanner | Supported In Custom Roles |
spanner.instanceConfigOperations.cancelspanner.instanceConfigOperations.deletespanner.instanceConfigOperations.getspanner.instanceConfigOperations.listspanner.instanceConfigs.createspanner.instanceConfigs.deletespanner.instanceConfigs.update |
| Spanner | Now GA |
spanner.instanceConfigOperations.cancelspanner.instanceConfigOperations.deletespanner.instanceConfigOperations.getspanner.instanceConfigOperations.listspanner.instanceConfigs.createspanner.instanceConfigs.deletespanner.instanceConfigs.update |
| Video Stitcher API | Now GA |
videostitcher.cdnKeys.createvideostitcher.cdnKeys.deletevideostitcher.cdnKeys.getvideostitcher.cdnKeys.listvideostitcher.cdnKeys.updatevideostitcher.liveAdTagDetails.getvideostitcher.liveAdTagDetails.listvideostitcher.liveSessions.createvideostitcher.liveSessions.getvideostitcher.slates.createvideostitcher.slates.deletevideostitcher.slates.getvideostitcher.slates.listvideostitcher.slates.updatevideostitcher.vodAdTagDetails.getvideostitcher.vodAdTagDetails.listvideostitcher.vodSessions.createvideostitcher.vodSessions.getvideostitcher.vodStitchDetails.getvideostitcher.vodStitchDetails.list |
| Vision AI | Added |
visionai.analyses.createvisionai.analyses.deletevisionai.analyses.getvisionai.analyses.getIamPolicyvisionai.analyses.listvisionai.analyses.setIamPolicyvisionai.analyses.updatevisionai.annotations.createvisionai.annotations.deletevisionai.annotations.getvisionai.annotations.listvisionai.annotations.updatevisionai.applications.createvisionai.applications.deletevisionai.applications.deployvisionai.applications.getvisionai.applications.listvisionai.applications.undeployvisionai.applications.updatevisionai.assets.clipvisionai.assets.createvisionai.assets.deletevisionai.assets.generateHlsUrivisionai.assets.getvisionai.assets.ingestvisionai.assets.listvisionai.assets.searchvisionai.assets.updatevisionai.clusters.createvisionai.clusters.deletevisionai.clusters.getvisionai.clusters.getIamPolicyvisionai.clusters.listvisionai.clusters.setIamPolicyvisionai.clusters.updatevisionai.clusters.watchvisionai.corpora.createvisionai.corpora.deletevisionai.corpora.getvisionai.corpora.listvisionai.corpora.updatevisionai.dataSchemas.createvisionai.dataSchemas.deletevisionai.dataSchemas.getvisionai.dataSchemas.listvisionai.dataSchemas.updatevisionai.dataSchemas.validatevisionai.drafts.createvisionai.drafts.deletevisionai.drafts.getvisionai.drafts.listvisionai.drafts.updatevisionai.events.createvisionai.events.deletevisionai.events.getvisionai.events.getIamPolicyvisionai.events.listvisionai.events.setIamPolicyvisionai.events.updatevisionai.instances.getvisionai.instances.listvisionai.locations.getvisionai.locations.listvisionai.operations.cancelvisionai.operations.deletevisionai.operations.getvisionai.operations.listvisionai.operations.waitvisionai.operators.createvisionai.operators.deletevisionai.operators.getvisionai.operators.getIamPolicyvisionai.operators.listvisionai.operators.setIamPolicyvisionai.operators.updatevisionai.processors.createvisionai.processors.deletevisionai.processors.getvisionai.processors.listvisionai.processors.listPrebuiltvisionai.processors.updatevisionai.searchConfigs.createvisionai.searchConfigs.deletevisionai.searchConfigs.getvisionai.searchConfigs.listvisionai.searchConfigs.updatevisionai.series.acquireLeasevisionai.series.createvisionai.series.deletevisionai.series.getvisionai.series.getIamPolicyvisionai.series.listvisionai.series.receivevisionai.series.releaseLeasevisionai.series.renewLeasevisionai.series.sendvisionai.series.setIamPolicyvisionai.series.updatevisionai.streams.createvisionai.streams.deletevisionai.streams.getvisionai.streams.getIamPolicyvisionai.streams.listvisionai.streams.receivevisionai.streams.sendvisionai.streams.setIamPolicyvisionai.streams.update |
| Vision AI | Supported In Custom Roles |
visionai.analyses.createvisionai.analyses.deletevisionai.analyses.getvisionai.analyses.getIamPolicyvisionai.analyses.listvisionai.analyses.setIamPolicyvisionai.analyses.updatevisionai.applications.createvisionai.applications.deletevisionai.applications.deployvisionai.applications.getvisionai.applications.listvisionai.applications.undeployvisionai.applications.updatevisionai.clusters.createvisionai.clusters.deletevisionai.clusters.getvisionai.clusters.getIamPolicyvisionai.clusters.listvisionai.clusters.setIamPolicyvisionai.clusters.updatevisionai.drafts.createvisionai.drafts.deletevisionai.drafts.getvisionai.drafts.listvisionai.drafts.updatevisionai.events.createvisionai.events.deletevisionai.events.getvisionai.events.getIamPolicyvisionai.events.listvisionai.events.setIamPolicyvisionai.events.updatevisionai.instances.getvisionai.instances.listvisionai.locations.getvisionai.locations.listvisionai.operators.createvisionai.operators.deletevisionai.operators.getvisionai.operators.getIamPolicyvisionai.operators.listvisionai.operators.setIamPolicyvisionai.operators.updatevisionai.processors.createvisionai.processors.deletevisionai.processors.getvisionai.processors.listvisionai.processors.listPrebuiltvisionai.processors.updatevisionai.series.createvisionai.series.deletevisionai.series.getvisionai.series.getIamPolicyvisionai.series.listvisionai.series.setIamPolicyvisionai.series.updatevisionai.streams.createvisionai.streams.deletevisionai.streams.getvisionai.streams.getIamPolicyvisionai.streams.listvisionai.streams.setIamPolicyvisionai.streams.update |
Cloud IAM changes as of 2022-09-23
| Service | Change | Description |
|---|---|---|
| Bare Metal Solution | Now GA |
The role |
| Bare Metal Solution | Now GA |
The role |
| Bare Metal Solution | Now GA |
The role |
| Content Warehouse | Now GA |
The role |
| Content Warehouse | Now GA |
The role |
| Content Warehouse | Now GA |
The role |
| Content Warehouse | Now GA |
The role |
| Content Warehouse | Now GA |
The role |
| Content Warehouse | Now GA |
The role |
| Basic Role | Role Updated |
The following permissions have been removed from the role workstations.workstations.use |
| Multi-Cluster Ingress | Role Updated |
The following permissions have been added to the role serviceusage.services.use |
| Basic Role | Role Updated |
The following permissions have been removed from the role workstations.workstations.use |
| Cloud Workstations | Role Updated |
The following permissions have been removed from the role workstations.workstations.use |
| Bare Metal Solution | Added |
baremetalsolution.nfsshares.createbaremetalsolution.nfsshares.delete |
| Bare Metal Solution | Supported In Custom Roles |
baremetalsolution.nfsshares.createbaremetalsolution.nfsshares.delete |
| Bare Metal Solution | Now GA |
baremetalsolution.nfsshares.createbaremetalsolution.nfsshares.delete |
| Compute Engine | Added |
compute.networkEdgeSecurityServices.createcompute.networkEdgeSecurityServices.deletecompute.networkEdgeSecurityServices.getcompute.networkEdgeSecurityServices.listcompute.networkEdgeSecurityServices.updatecompute.regionSecurityPolicies.createcompute.regionSecurityPolicies.deletecompute.regionSecurityPolicies.getcompute.regionSecurityPolicies.listcompute.regionSecurityPolicies.updatecompute.regionSecurityPolicies.usecompute.securityPolicies.setLabels |
| Compute Engine | Supported In Custom Roles |
compute.securityPolicies.setLabels |
| Compute Engine | Now GA |
compute.disks.listEffectiveTagscompute.images.listEffectiveTagscompute.instances.listEffectiveTagscompute.securityPolicies.setLabelscompute.snapshots.listEffectiveTags |
| Container Security | Added |
containersecurity.findings.list |
| Content Warehouse | Now GA |
contentwarehouse.documentSchemas.createcontentwarehouse.documentSchemas.deletecontentwarehouse.documentSchemas.getcontentwarehouse.documentSchemas.listcontentwarehouse.documentSchemas.updatecontentwarehouse.documents.createcontentwarehouse.documents.deletecontentwarehouse.documents.getcontentwarehouse.documents.getIamPolicycontentwarehouse.documents.setIamPolicycontentwarehouse.documents.updatecontentwarehouse.locations.initializecontentwarehouse.operations.getcontentwarehouse.rawDocuments.downloadcontentwarehouse.rawDocuments.uploadcontentwarehouse.ruleSets.createcontentwarehouse.ruleSets.deletecontentwarehouse.ruleSets.getcontentwarehouse.ruleSets.listcontentwarehouse.ruleSets.updatecontentwarehouse.synonymSets.createcontentwarehouse.synonymSets.deletecontentwarehouse.synonymSets.getcontentwarehouse.synonymSets.listcontentwarehouse.synonymSets.update |
| Document AI | Added |
documentai.evaluationDocuments.get |
| Managed Service for Microsoft Active Directory | Now GA |
managedidentities.domains.extendSchema |
| Organization Policy Service | Added |
orgpolicy.customConstraints.createorgpolicy.customConstraints.deleteorgpolicy.customConstraints.getorgpolicy.customConstraints.listorgpolicy.customConstraints.update |
| Organization Policy Service | Supported In Custom Roles |
orgpolicy.customConstraints.getorgpolicy.customConstraints.list |
| Recommender | Added |
recommender.resourcemanagerProjectUtilizationInsightTypeConfigs.getrecommender.resourcemanagerProjectUtilizationInsightTypeConfigs.updaterecommender.resourcemanagerProjectUtilizationRecommenderConfigs.getrecommender.resourcemanagerProjectUtilizationRecommenderConfigs.update |
| Recommender | Supported In Custom Roles |
recommender.resourcemanagerProjectUtilizationInsightTypeConfigs.getrecommender.resourcemanagerProjectUtilizationInsightTypeConfigs.updaterecommender.resourcemanagerProjectUtilizationRecommenderConfigs.getrecommender.resourcemanagerProjectUtilizationRecommenderConfigs.update |
| Resource Manager | Now GA |
resourcemanager.hierarchyNodes.listEffectiveTags |
Cloud IAM changes as of 2022-09-10
| Service | Change | Description |
|---|---|---|
| Apigee | Role Updated |
The following permissions have been added to the role apigee.developers.delete |
| Dialogflow | Role Updated |
The following permissions have been added to the role bigquery.tables.getbigquery.tables.updateData |
| GKE Hub | Role Updated |
The following permissions have been added to the role monitoring.metricsScopes.linkresourcemanager.projects.getresourcemanager.projects.list |
| Cloud Monitoring | Role Updated |
The following permissions have been added to the role monitoring.metricDescriptors.getmonitoring.metricDescriptors.listmonitoring.monitoredResourceDescriptors.getmonitoring.monitoredResourceDescriptors.list |
| Storage Transfer Service | Now GA |
The role |
| Access Approval | Added |
accessapproval.serviceAccounts.get |
| Document AI | Added |
documentai.dataLabelingJobs.canceldocumentai.dataLabelingJobs.createdocumentai.dataLabelingJobs.deletedocumentai.dataLabelingJobs.listdocumentai.dataLabelingJobs.updatedocumentai.datasets.createDocumentsdocumentai.datasets.deleteDocumentsdocumentai.datasets.getDocumentsdocumentai.datasets.listDocumentsdocumentai.datasets.updateDocuments |
| Notebooks | Added |
notebooks.instances.diagnosenotebooks.runtimes.diagnose |
| Notebooks | Now GA |
notebooks.instances.diagnosenotebooks.runtimes.diagnose |
| Recommender | Added |
recommender.networkAnalyzerCloudSqlInsights.getrecommender.networkAnalyzerCloudSqlInsights.listrecommender.networkAnalyzerCloudSqlInsights.updaterecommender.networkAnalyzerDynamicRouteInsights.getrecommender.networkAnalyzerDynamicRouteInsights.listrecommender.networkAnalyzerDynamicRouteInsights.updaterecommender.networkAnalyzerGkeConnectivityInsights.getrecommender.networkAnalyzerGkeConnectivityInsights.listrecommender.networkAnalyzerGkeConnectivityInsights.updaterecommender.networkAnalyzerGkeIpAddressInsights.getrecommender.networkAnalyzerGkeIpAddressInsights.listrecommender.networkAnalyzerGkeIpAddressInsights.updaterecommender.networkAnalyzerIpAddressInsights.getrecommender.networkAnalyzerIpAddressInsights.listrecommender.networkAnalyzerIpAddressInsights.updaterecommender.networkAnalyzerLoadBalancerInsights.getrecommender.networkAnalyzerLoadBalancerInsights.listrecommender.networkAnalyzerLoadBalancerInsights.updaterecommender.networkAnalyzerVpcConnectivityInsights.getrecommender.networkAnalyzerVpcConnectivityInsights.listrecommender.networkAnalyzerVpcConnectivityInsights.update |
| Recommender | Supported In Custom Roles |
recommender.networkAnalyzerCloudSqlInsights.getrecommender.networkAnalyzerCloudSqlInsights.listrecommender.networkAnalyzerCloudSqlInsights.updaterecommender.networkAnalyzerDynamicRouteInsights.getrecommender.networkAnalyzerDynamicRouteInsights.listrecommender.networkAnalyzerDynamicRouteInsights.updaterecommender.networkAnalyzerGkeConnectivityInsights.getrecommender.networkAnalyzerGkeConnectivityInsights.listrecommender.networkAnalyzerGkeConnectivityInsights.updaterecommender.networkAnalyzerGkeIpAddressInsights.getrecommender.networkAnalyzerGkeIpAddressInsights.listrecommender.networkAnalyzerGkeIpAddressInsights.updaterecommender.networkAnalyzerIpAddressInsights.getrecommender.networkAnalyzerIpAddressInsights.listrecommender.networkAnalyzerIpAddressInsights.updaterecommender.networkAnalyzerLoadBalancerInsights.getrecommender.networkAnalyzerLoadBalancerInsights.listrecommender.networkAnalyzerLoadBalancerInsights.updaterecommender.networkAnalyzerVpcConnectivityInsights.getrecommender.networkAnalyzerVpcConnectivityInsights.listrecommender.networkAnalyzerVpcConnectivityInsights.update |
Cloud IAM changes as of 2022-09-02
| Service | Change | Description |
|---|---|---|
| Compute Engine | Role Updated |
The following permissions have been added to the role compute.backendBuckets.listcompute.backendServices.listcompute.instances.listcompute.regionBackendServices.listcompute.targetInstances.listcompute.targetPools.list |
| Dataplex Universal Catalog | Role Updated |
The following permissions have been added to the role dataplex.environments.execute |
| Basic Role | Role Updated |
The following permissions have been added to the role batch.jobs.create |
| Firebase App Distribution | Now GA |
The role |
| Firebase App Distribution | Now GA |
The role |
| Google Distributed Cloud | Now GA |
The role |
| Google Distributed Cloud | Now GA |
The role |
| Rapid Migration Assessment | Now GA |
The role |
| Spanner | Now GA |
The role |
| Spanner | Now GA |
The role |
| Stream | Now GA |
The role |
| Stream | Now GA |
The role |
| Stream | Now GA |
The role |
| Stream | Now GA |
The role |
| Stream | Now GA |
The role |
| Data Catalog | Added |
datacatalog.entries.updateContactsdatacatalog.entries.updateOverview |
| Data Catalog | Supported In Custom Roles |
datacatalog.entries.updateContactsdatacatalog.entries.updateOverview |
| Firebase App Distribution | Now GA |
firebaseappdistro.groups.listfirebaseappdistro.groups.updatefirebaseappdistro.releases.listfirebaseappdistro.releases.updatefirebaseappdistro.testers.listfirebaseappdistro.testers.update |
| Google Distributed Cloud | Now GA |
gkeonprem.bareMetalClusters.creategkeonprem.bareMetalClusters.deletegkeonprem.bareMetalClusters.enrollgkeonprem.bareMetalClusters.getgkeonprem.bareMetalClusters.getIamPolicygkeonprem.bareMetalClusters.listgkeonprem.bareMetalClusters.setIamPolicygkeonprem.bareMetalClusters.unenrollgkeonprem.bareMetalClusters.updategkeonprem.bareMetalNodePools.creategkeonprem.bareMetalNodePools.deletegkeonprem.bareMetalNodePools.getgkeonprem.bareMetalNodePools.getIamPolicygkeonprem.bareMetalNodePools.listgkeonprem.bareMetalNodePools.setIamPolicygkeonprem.bareMetalNodePools.updategkeonprem.locations.getgkeonprem.locations.listgkeonprem.operations.cancelgkeonprem.operations.deletegkeonprem.operations.getgkeonprem.operations.listgkeonprem.vmwareClusters.creategkeonprem.vmwareClusters.deletegkeonprem.vmwareClusters.enrollgkeonprem.vmwareClusters.getgkeonprem.vmwareClusters.getIamPolicygkeonprem.vmwareClusters.listgkeonprem.vmwareClusters.setIamPolicygkeonprem.vmwareClusters.unenrollgkeonprem.vmwareClusters.updategkeonprem.vmwareNodePools.creategkeonprem.vmwareNodePools.deletegkeonprem.vmwareNodePools.getgkeonprem.vmwareNodePools.getIamPolicygkeonprem.vmwareNodePools.listgkeonprem.vmwareNodePools.setIamPolicygkeonprem.vmwareNodePools.update |
| Payment Gateway issuer switch | Added |
issuerswitch.complaintTransactions.listissuerswitch.complaints.createissuerswitch.complaints.resolveissuerswitch.disputes.createissuerswitch.disputes.resolveissuerswitch.financialTransactions.listissuerswitch.mandateTransactions.listissuerswitch.metadataTransactions.listissuerswitch.operations.cancelissuerswitch.operations.deleteissuerswitch.operations.getissuerswitch.operations.listissuerswitch.operations.waitissuerswitch.ruleMetadata.listissuerswitch.ruleMetadataValues.createissuerswitch.ruleMetadataValues.deleteissuerswitch.ruleMetadataValues.listissuerswitch.rules.list |
| Recommender | Added |
recommender.cloudsqlInstanceSecurityInsights.getrecommender.cloudsqlInstanceSecurityInsights.listrecommender.cloudsqlInstanceSecurityInsights.updaterecommender.cloudsqlInstanceSecurityRecommendations.getrecommender.cloudsqlInstanceSecurityRecommendations.listrecommender.cloudsqlInstanceSecurityRecommendations.update |
| Recommender | Supported In Custom Roles |
recommender.cloudsqlInstanceSecurityInsights.getrecommender.cloudsqlInstanceSecurityInsights.listrecommender.cloudsqlInstanceSecurityInsights.updaterecommender.cloudsqlInstanceSecurityRecommendations.getrecommender.cloudsqlInstanceSecurityRecommendations.listrecommender.cloudsqlInstanceSecurityRecommendations.update |
| Rapid Migration Assessment | Added |
rma.annotations.createrma.annotations.getrma.collectors.createrma.collectors.deleterma.collectors.getrma.collectors.listrma.collectors.updaterma.locations.getrma.locations.listrma.operations.cancelrma.operations.deleterma.operations.getrma.operations.list |
| Rapid Migration Assessment | Supported In Custom Roles |
rma.annotations.createrma.annotations.getrma.collectors.createrma.collectors.deleterma.collectors.getrma.collectors.listrma.collectors.updaterma.locations.getrma.locations.listrma.operations.cancelrma.operations.deleterma.operations.getrma.operations.list |
| Spanner | Added |
spanner.databaseRoles.listspanner.databaseRoles.usespanner.databases.useRoleBasedAccess |
| Spanner | Now GA |
spanner.databaseRoles.listspanner.databaseRoles.usespanner.databases.useRoleBasedAccess |
| Speech-to-Text | Added |
speech.config.getspeech.config.updatespeech.customClasses.undeletespeech.operations.cancelspeech.operations.deletespeech.operations.getspeech.operations.listspeech.operations.waitspeech.phraseSets.undeletespeech.recognizers.createspeech.recognizers.deletespeech.recognizers.getspeech.recognizers.listspeech.recognizers.recognizespeech.recognizers.undeletespeech.recognizers.update |
| Speech-to-Text | Now GA |
speech.config.getspeech.config.updatespeech.customClasses.undeletespeech.operations.cancelspeech.operations.deletespeech.operations.getspeech.operations.listspeech.operations.waitspeech.phraseSets.undeletespeech.recognizers.createspeech.recognizers.deletespeech.recognizers.getspeech.recognizers.listspeech.recognizers.recognizespeech.recognizers.undeletespeech.recognizers.update |
| Stream | Added |
stream.locations.getstream.locations.liststream.operations.cancelstream.operations.deletestream.operations.getstream.operations.liststream.streamContents.buildstream.streamContents.createstream.streamContents.deletestream.streamContents.getstream.streamContents.liststream.streamContents.updatestream.streamInstances.createstream.streamInstances.deletestream.streamInstances.getstream.streamInstances.liststream.streamInstances.rolloutstream.streamInstances.update |
| Stream | Supported In Custom Roles |
stream.locations.getstream.locations.liststream.operations.cancelstream.operations.deletestream.operations.getstream.operations.liststream.streamContents.buildstream.streamContents.createstream.streamContents.deletestream.streamContents.getstream.streamContents.liststream.streamContents.updatestream.streamInstances.createstream.streamInstances.deletestream.streamInstances.getstream.streamInstances.liststream.streamInstances.rolloutstream.streamInstances.update |
| Stream | Now GA |
stream.locations.getstream.locations.liststream.operations.cancelstream.operations.deletestream.operations.getstream.operations.liststream.streamContents.buildstream.streamContents.createstream.streamContents.deletestream.streamContents.getstream.streamContents.liststream.streamContents.updatestream.streamInstances.createstream.streamInstances.deletestream.streamInstances.getstream.streamInstances.liststream.streamInstances.rolloutstream.streamInstances.update |
Cloud IAM changes as of 2022-08-26
| Service | Change | Description |
|---|---|---|
| App Engine | Now GA |
The role |
| Container Threat Detection | Role Updated |
The following permissions have been added to the role container.clusterRoles.escalatecontainer.customResourceDefinitions.createcontainer.customResourceDefinitions.deletecontainer.customResourceDefinitions.updatecontainer.roles.bindcontainer.roles.createcontainer.roles.deletecontainer.roles.escalatecontainer.roles.update |
| Identity and Access Management | Now GA |
The role |
| Cloud Integrations | Role Updated |
The following permissions have been added to the role run.jobs.runrun.routes.invoke |
| Workload Manager | Now GA |
The role |
| Firebase In-App Messaging Campaigns | Added |
firebasemessagingcampaigns.campaigns.createfirebasemessagingcampaigns.campaigns.deletefirebasemessagingcampaigns.campaigns.getfirebasemessagingcampaigns.campaigns.listfirebasemessagingcampaigns.campaigns.startfirebasemessagingcampaigns.campaigns.stopfirebasemessagingcampaigns.campaigns.update |
| Firebase In-App Messaging Campaigns | Supported In Custom Roles |
firebasemessagingcampaigns.campaigns.createfirebasemessagingcampaigns.campaigns.deletefirebasemessagingcampaigns.campaigns.getfirebasemessagingcampaigns.campaigns.listfirebasemessagingcampaigns.campaigns.startfirebasemessagingcampaigns.campaigns.stopfirebasemessagingcampaigns.campaigns.update |
| Cloud Logging | Added |
logging.links.createlogging.links.deletelogging.links.getlogging.links.list |
| Recommender | Added |
recommender.cloudsqlInstancePerformanceInsights.getrecommender.cloudsqlInstancePerformanceInsights.listrecommender.cloudsqlInstancePerformanceInsights.updaterecommender.cloudsqlInstancePerformanceRecommendations.getrecommender.cloudsqlInstancePerformanceRecommendations.listrecommender.cloudsqlInstancePerformanceRecommendations.update |
| Recommender | Supported In Custom Roles |
recommender.cloudsqlInstancePerformanceInsights.getrecommender.cloudsqlInstancePerformanceInsights.listrecommender.cloudsqlInstancePerformanceInsights.updaterecommender.cloudsqlInstancePerformanceRecommendations.getrecommender.cloudsqlInstancePerformanceRecommendations.listrecommender.cloudsqlInstancePerformanceRecommendations.update |
| Retail API | Now GA |
retail.controls.createretail.controls.deleteretail.controls.getretail.controls.listretail.controls.updateretail.servingConfigs.createretail.servingConfigs.deleteretail.servingConfigs.getretail.servingConfigs.listretail.servingConfigs.update |
Cloud IAM changes as of 2022-08-19
| Service | Change | Description |
|---|---|---|
| BigQuery sharing | Now GA |
The role |
| BigQuery sharing | Now GA |
The role |
| BigQuery sharing | Now GA |
The role |
| BigQuery sharing | Now GA |
The role |
| BigQuery sharing | Now GA |
The role |
| Cloud Service Mesh | Role Updated |
The following permissions have been added to the role container.clusters.updatecontainer.operations.getgkehub.gateway.deletegkehub.gateway.getgkehub.gateway.patchgkehub.gateway.postgkehub.gateway.putlogging.logEntries.createmonitoring.metricDescriptors.createmonitoring.metricDescriptors.getmonitoring.metricDescriptors.listmonitoring.monitoredResourceDescriptors.getmonitoring.monitoredResourceDescriptors.listmonitoring.timeSeries.createserviceusage.services.getserviceusage.services.use |
| Recommendations | Role Updated |
The following permissions have been added to the role bigquery.tables.update |
| Google Cloud Contact Center as a Service | Now GA |
The role |
| Google Cloud Contact Center as a Service | Now GA |
The role |
| Google Kubernetes Engine | Now GA |
The role |
| Retail API | Role Updated |
The following permissions have been added to the role bigquery.tables.update |
| Storage Transfer Service | Role Updated |
The following permissions have been added to the role monitoring.timeSeries.create |
| BigQuery sharing | Now GA |
analyticshub.dataExchanges.createanalyticshub.dataExchanges.deleteanalyticshub.dataExchanges.getanalyticshub.dataExchanges.getIamPolicyanalyticshub.dataExchanges.listanalyticshub.dataExchanges.setIamPolicyanalyticshub.dataExchanges.updateanalyticshub.listings.createanalyticshub.listings.deleteanalyticshub.listings.getanalyticshub.listings.getIamPolicyanalyticshub.listings.listanalyticshub.listings.setIamPolicyanalyticshub.listings.subscribeanalyticshub.listings.update |
| Bare Metal Solution | Added |
baremetalsolution.instances.detachLun |
| Bare Metal Solution | Supported In Custom Roles |
baremetalsolution.instances.detachLun |
| Bare Metal Solution | Now GA |
baremetalsolution.instances.detachLun |
| Cloud Deploy | Added |
clouddeploy.jobRuns.getclouddeploy.jobRuns.listclouddeploy.rollouts.retryJob |
| Cloud Deploy | Supported In Custom Roles |
clouddeploy.jobRuns.getclouddeploy.jobRuns.listclouddeploy.rollouts.retryJob |
| Google Cloud Contact Center as a Service | Added |
contactcenteraiplatform.contactCenters.createcontactcenteraiplatform.contactCenters.deletecontactcenteraiplatform.contactCenters.getcontactcenteraiplatform.contactCenters.listcontactcenteraiplatform.contactCenters.updatecontactcenteraiplatform.locations.getcontactcenteraiplatform.locations.listcontactcenteraiplatform.operations.cancelcontactcenteraiplatform.operations.deletecontactcenteraiplatform.operations.getcontactcenteraiplatform.operations.list |
| Google Cloud Contact Center as a Service | Now GA |
contactcenteraiplatform.contactCenters.createcontactcenteraiplatform.contactCenters.deletecontactcenteraiplatform.contactCenters.getcontactcenteraiplatform.contactCenters.listcontactcenteraiplatform.contactCenters.updatecontactcenteraiplatform.locations.getcontactcenteraiplatform.locations.listcontactcenteraiplatform.operations.cancelcontactcenteraiplatform.operations.deletecontactcenteraiplatform.operations.getcontactcenteraiplatform.operations.list |
| Content Warehouse | Added |
contentwarehouse.operations.get |
| Firebase | Added |
firebase.clients.undelete |
| Firebase | Now GA |
firebase.clients.undelete |
| Identity and Access Management | Added |
iam.workforcePoolProviders.createiam.workforcePoolProviders.deleteiam.workforcePoolProviders.getiam.workforcePoolProviders.listiam.workforcePoolProviders.undeleteiam.workforcePoolProviders.updateiam.workforcePoolSubjects.deleteiam.workforcePoolSubjects.undeleteiam.workforcePools.createiam.workforcePools.deleteiam.workforcePools.getiam.workforcePools.getIamPolicyiam.workforcePools.listiam.workforcePools.setIamPolicyiam.workforcePools.undeleteiam.workforcePools.update |
| Identity and Access Management | Supported In Custom Roles |
iam.workforcePoolProviders.createiam.workforcePoolProviders.deleteiam.workforcePoolProviders.getiam.workforcePoolProviders.listiam.workforcePoolProviders.undeleteiam.workforcePoolProviders.updateiam.workforcePoolSubjects.deleteiam.workforcePoolSubjects.undeleteiam.workforcePools.createiam.workforcePools.deleteiam.workforcePools.getiam.workforcePools.getIamPolicyiam.workforcePools.listiam.workforcePools.setIamPolicyiam.workforcePools.undeleteiam.workforcePools.update |
| Identity and Access Management | Added |
iam.googleapis.com/workforcePoolProviders.createiam.googleapis.com/workforcePoolProviders.deleteiam.googleapis.com/workforcePoolProviders.getiam.googleapis.com/workforcePoolProviders.listiam.googleapis.com/workforcePoolProviders.undeleteiam.googleapis.com/workforcePoolProviders.updateiam.googleapis.com/workforcePoolSubjects.deleteiam.googleapis.com/workforcePoolSubjects.undeleteiam.googleapis.com/workforcePools.createiam.googleapis.com/workforcePools.deleteiam.googleapis.com/workforcePools.getiam.googleapis.com/workforcePools.getIamPolicyiam.googleapis.com/workforcePools.listiam.googleapis.com/workforcePools.setIamPolicyiam.googleapis.com/workforcePools.undeleteiam.googleapis.com/workforcePools.update |
| Identity and Access Management | Supported In Custom Roles |
iam.googleapis.com/workforcePoolProviders.createiam.googleapis.com/workforcePoolProviders.deleteiam.googleapis.com/workforcePoolProviders.getiam.googleapis.com/workforcePoolProviders.listiam.googleapis.com/workforcePoolProviders.undeleteiam.googleapis.com/workforcePoolProviders.updateiam.googleapis.com/workforcePoolSubjects.deleteiam.googleapis.com/workforcePoolSubjects.undeleteiam.googleapis.com/workforcePools.createiam.googleapis.com/workforcePools.deleteiam.googleapis.com/workforcePools.getiam.googleapis.com/workforcePools.getIamPolicyiam.googleapis.com/workforcePools.listiam.googleapis.com/workforcePools.setIamPolicyiam.googleapis.com/workforcePools.undeleteiam.googleapis.com/workforcePools.update |
| VM Migration | Supported In Custom Roles |
vmmigration.cloneJobs.createvmmigration.cloneJobs.getvmmigration.cloneJobs.listvmmigration.cloneJobs.updatevmmigration.cutoverJobs.createvmmigration.cutoverJobs.getvmmigration.cutoverJobs.listvmmigration.cutoverJobs.updatevmmigration.datacenterConnectors.createvmmigration.datacenterConnectors.deletevmmigration.datacenterConnectors.getvmmigration.datacenterConnectors.listvmmigration.groups.createvmmigration.groups.deletevmmigration.groups.getvmmigration.groups.listvmmigration.groups.updatevmmigration.locations.getvmmigration.locations.listvmmigration.migratingVms.createvmmigration.migratingVms.deletevmmigration.migratingVms.listvmmigration.migratingVms.updatevmmigration.operations.cancelvmmigration.operations.deletevmmigration.operations.getvmmigration.operations.listvmmigration.sources.createvmmigration.sources.deletevmmigration.sources.getvmmigration.sources.listvmmigration.sources.updatevmmigration.targets.createvmmigration.targets.deletevmmigration.targets.getvmmigration.targets.listvmmigration.targets.updatevmmigration.utilizationReports.createvmmigration.utilizationReports.deletevmmigration.utilizationReports.getvmmigration.utilizationReports.list |
| Workload Manager | Added |
workloadmanager.evaluations.createworkloadmanager.evaluations.deleteworkloadmanager.evaluations.getworkloadmanager.evaluations.listworkloadmanager.evaluations.runworkloadmanager.evaluations.updateworkloadmanager.executions.deleteworkloadmanager.executions.getworkloadmanager.executions.listworkloadmanager.locations.getworkloadmanager.locations.listworkloadmanager.operations.cancelworkloadmanager.operations.deleteworkloadmanager.operations.getworkloadmanager.operations.listworkloadmanager.results.listworkloadmanager.rules.list |
| Workload Manager | Supported In Custom Roles |
workloadmanager.evaluations.createworkloadmanager.evaluations.deleteworkloadmanager.evaluations.getworkloadmanager.evaluations.listworkloadmanager.evaluations.runworkloadmanager.evaluations.updateworkloadmanager.executions.deleteworkloadmanager.executions.getworkloadmanager.executions.listworkloadmanager.locations.getworkloadmanager.locations.listworkloadmanager.operations.cancelworkloadmanager.operations.deleteworkloadmanager.operations.getworkloadmanager.operations.listworkloadmanager.results.listworkloadmanager.rules.list |
Cloud IAM changes as of 2022-08-12
| Service | Change | Description |
|---|---|---|
| Vertex AI | Role Updated |
The following permissions have been added to the role bigquery.models.createbigquery.models.getDatabigquery.readsessions.getData |
| Connectors | Now GA |
The role |
| Firebase App Check | Role Updated |
The following permissions have been added to the role serviceusage.services.use |
| Cloud Integrations | Role Updated |
The following permissions have been added to the role connectors.actions.executeconnectors.actions.listconnectors.connections.executeSqlQueryconnectors.entities.createconnectors.entities.deleteconnectors.entities.deleteEntitiesWithConditionsconnectors.entities.getconnectors.entities.listconnectors.entities.updateconnectors.entities.updateEntitiesWithConditionsconnectors.entityTypes.listintegrations.apigeeSuspensions.liftintegrations.authConfigs.createintegrations.authConfigs.deleteintegrations.authConfigs.getintegrations.authConfigs.listintegrations.authConfigs.updateintegrations.certificates.createintegrations.certificates.deleteintegrations.certificates.getintegrations.certificates.listintegrations.certificates.updateintegrations.executions.listintegrations.integrationVersions.createintegrations.integrationVersions.deleteintegrations.integrationVersions.deployintegrations.integrationVersions.getintegrations.integrationVersions.listintegrations.integrationVersions.updateintegrations.integrations.createintegrations.integrations.deleteintegrations.integrations.deployintegrations.integrations.getintegrations.integrations.listintegrations.integrations.updateintegrations.sfdcChannels.createintegrations.sfdcChannels.deleteintegrations.sfdcChannels.getintegrations.sfdcChannels.listintegrations.sfdcChannels.updateintegrations.sfdcInstances.createintegrations.sfdcInstances.deleteintegrations.sfdcInstances.getintegrations.sfdcInstances.listintegrations.sfdcInstances.updateintegrations.suspensions.liftintegrations.suspensions.listintegrations.suspensions.resolvepubsub.schemas.attachpubsub.schemas.createpubsub.schemas.deletepubsub.schemas.getpubsub.schemas.listpubsub.schemas.validatepubsub.snapshots.getpubsub.snapshots.listpubsub.snapshots.seekpubsub.topics.attachSubscriptionpubsub.topics.getpubsub.topics.listpubsub.topics.publishresourcemanager.projects.getresourcemanager.projects.listserviceusage.quotas.getserviceusage.services.getserviceusage.services.list |
| Google Cloud Migration Center | Now GA |
The role |
| Bigtable | Added |
bigtable.instances.createTagBindingbigtable.instances.deleteTagBindingbigtable.instances.listEffectiveTagsbigtable.instances.listTagBindings |
| Bigtable | Now GA |
bigtable.instances.createTagBindingbigtable.instances.deleteTagBindingbigtable.instances.listEffectiveTagsbigtable.instances.listTagBindings |
| Connectors | Added |
connectors.actions.executeconnectors.actions.listconnectors.connections.executeSqlQueryconnectors.entities.createconnectors.entities.deleteconnectors.entities.deleteEntitiesWithConditionsconnectors.entities.getconnectors.entities.listconnectors.entities.updateconnectors.entities.updateEntitiesWithConditionsconnectors.entityTypes.list |
| Connectors | Supported In Custom Roles |
connectors.actions.executeconnectors.actions.listconnectors.connections.executeSqlQueryconnectors.entities.createconnectors.entities.deleteconnectors.entities.deleteEntitiesWithConditionsconnectors.entities.getconnectors.entities.listconnectors.entities.updateconnectors.entities.updateEntitiesWithConditionsconnectors.entityTypes.list |
| Connectors | Now GA |
connectors.actions.executeconnectors.actions.listconnectors.connections.executeSqlQueryconnectors.entities.createconnectors.entities.deleteconnectors.entities.deleteEntitiesWithConditionsconnectors.entities.getconnectors.entities.listconnectors.entities.updateconnectors.entities.updateEntitiesWithConditionsconnectors.entityTypes.list |
| Google Cloud Migration Center | Added |
migrationcenter.assets.createmigrationcenter.assets.deletemigrationcenter.assets.getmigrationcenter.assets.listmigrationcenter.assets.reportFramesmigrationcenter.assets.updatemigrationcenter.groups.createmigrationcenter.groups.deletemigrationcenter.groups.getmigrationcenter.groups.listmigrationcenter.groups.updatemigrationcenter.importJobs.createmigrationcenter.importJobs.deletemigrationcenter.importJobs.getmigrationcenter.importJobs.listmigrationcenter.importJobs.updatemigrationcenter.locations.getmigrationcenter.locations.listmigrationcenter.operations.cancelmigrationcenter.operations.deletemigrationcenter.operations.getmigrationcenter.operations.listmigrationcenter.sources.createmigrationcenter.sources.deletemigrationcenter.sources.getmigrationcenter.sources.listmigrationcenter.sources.update |
| Google Cloud Migration Center | Supported In Custom Roles |
migrationcenter.assets.createmigrationcenter.assets.deletemigrationcenter.assets.getmigrationcenter.assets.listmigrationcenter.assets.reportFramesmigrationcenter.assets.updatemigrationcenter.groups.createmigrationcenter.groups.deletemigrationcenter.groups.getmigrationcenter.groups.listmigrationcenter.groups.updatemigrationcenter.importJobs.createmigrationcenter.importJobs.deletemigrationcenter.importJobs.getmigrationcenter.importJobs.listmigrationcenter.importJobs.updatemigrationcenter.locations.getmigrationcenter.locations.listmigrationcenter.operations.cancelmigrationcenter.operations.deletemigrationcenter.operations.getmigrationcenter.operations.listmigrationcenter.sources.createmigrationcenter.sources.deletemigrationcenter.sources.getmigrationcenter.sources.listmigrationcenter.sources.update |
| Retail API | Now GA |
retail.attributesConfigs.addCatalogAttributeretail.attributesConfigs.getretail.attributesConfigs.removeCatalogAttributeretail.attributesConfigs.replaceCatalogAttributeretail.attributesConfigs.update |
Cloud IAM changes as of 2022-08-05
| Service | Change | Description |
|---|---|---|
| Artifact Registry | Role Updated |
The following permissions have been added to the role artifactregistry.versions.delete |
| Backup and Disaster Recovery | Now GA |
The role |
| Backup and Disaster Recovery | Now GA |
The role |
| Backup and Disaster Recovery | Now GA |
The role |
| Multi-Cluster Ingress | Role Updated |
The following permissions have been added to the role container.customResourceDefinitions.list |
| Backup and Disaster Recovery | Added |
backupdr.locations.getbackupdr.locations.listbackupdr.managementServers.backupAccessbackupdr.managementServers.createbackupdr.managementServers.deletebackupdr.managementServers.getbackupdr.managementServers.getIamPolicybackupdr.managementServers.listbackupdr.managementServers.manageInternalACLbackupdr.managementServers.setIamPolicybackupdr.operations.cancelbackupdr.operations.deletebackupdr.operations.getbackupdr.operations.list |
| Backup and Disaster Recovery | Supported In Custom Roles |
backupdr.locations.getbackupdr.locations.listbackupdr.managementServers.backupAccessbackupdr.managementServers.createbackupdr.managementServers.deletebackupdr.managementServers.getbackupdr.managementServers.getIamPolicybackupdr.managementServers.listbackupdr.managementServers.manageInternalACLbackupdr.managementServers.setIamPolicybackupdr.operations.cancelbackupdr.operations.deletebackupdr.operations.getbackupdr.operations.list |
| Backup and Disaster Recovery | Now GA |
backupdr.locations.getbackupdr.locations.listbackupdr.managementServers.backupAccessbackupdr.managementServers.createbackupdr.managementServers.deletebackupdr.managementServers.getbackupdr.managementServers.getIamPolicybackupdr.managementServers.listbackupdr.managementServers.manageInternalACLbackupdr.managementServers.setIamPolicybackupdr.operations.cancelbackupdr.operations.deletebackupdr.operations.getbackupdr.operations.list |
| Commerce Offer Catalog | Added |
commerceoffercatalog.documents.get |
| Cloud Commerce Consumer Procurement | Added |
consumerprocurement.consents.checkconsumerprocurement.consents.grantconsumerprocurement.consents.listconsumerprocurement.consents.revoke |
| Maps Admin | Added |
mapsadmin.styleSnapshots.listmapsadmin.styleSnapshots.update |
| Maps Admin | Now GA |
mapsadmin.styleSnapshots.listmapsadmin.styleSnapshots.update |
Cloud IAM changes as of 2022-07-29
| Service | Change | Description |
|---|---|---|
| Network Management API | Role Updated |
The following permissions have been added to the role resourcemanager.organizations.get |
| Network Management API | Role Updated |
The following permissions have been added to the role resourcemanager.organizations.get |
| Cloud Run | Role Updated |
The following permissions have been added to the role compute.networks.get |
| Cloud Run | Role Updated |
The following permissions have been added to the role compute.networks.get |
| Assured Workloads | Added |
assuredworkloads.violations.update |
| Assured Workloads | Supported In Custom Roles |
assuredworkloads.violations.update |
| Assured Workloads | Now GA |
assuredworkloads.violations.update |
| Cloud Asset Inventory | Added |
cloudasset.assets.exportOSInventories |
| Cloud Asset Inventory | Supported In Custom Roles |
cloudasset.assets.exportOSInventories |
| Cloud Asset Inventory | Now GA |
cloudasset.assets.exportOSInventories |
| Translation | Added |
cloudtranslate.glossaries.updatecloudtranslate.glossaryentries.createcloudtranslate.glossaryentries.deletecloudtranslate.glossaryentries.getcloudtranslate.glossaryentries.listcloudtranslate.glossaryentries.update |
| Translation | Supported In Custom Roles |
cloudtranslate.glossaries.update |
| Translation | Now GA |
cloudtranslate.glossaries.updatecloudtranslate.glossaryentries.createcloudtranslate.glossaryentries.deletecloudtranslate.glossaryentries.getcloudtranslate.glossaryentries.listcloudtranslate.glossaryentries.update |
| Compute Engine | Added |
compute.regionTargetHttpsProxies.updatecompute.targetHttpsProxies.update |
| Compute Engine | Now GA |
compute.regionTargetHttpsProxies.updatecompute.targetHttpsProxies.update |
| Timeseries Insights API | Added |
timeseriesinsights.locations.gettimeseriesinsights.locations.list |
| Timeseries Insights API | Supported In Custom Roles |
timeseriesinsights.locations.gettimeseriesinsights.locations.list |
Cloud IAM changes as of 2022-07-22
| Service | Change | Description |
|---|---|---|
| Cloud Billing | Role Updated |
The following permissions have been added to the role cloudsupport.properties.getcloudsupport.techCases.createcloudsupport.techCases.escalatecloudsupport.techCases.getcloudsupport.techCases.listcloudsupport.techCases.updateresourcemanager.projects.getresourcemanager.projects.list |
| Workload Certificate | Role Updated |
The following permissions have been added to the role container.customResourceDefinitions.createcontainer.customResourceDefinitions.getcontainer.customResourceDefinitions.list |
| Bare Metal Solution | Added |
baremetalsolution.volumes.resize |
| Bare Metal Solution | Supported In Custom Roles |
baremetalsolution.volumes.resize |
| Bare Metal Solution | Now GA |
baremetalsolution.volumes.resize |
| Eventarc | Added |
eventarc.channels.attacheventarc.googleChannelConfigs.geteventarc.googleChannelConfigs.update |
| Eventarc | Supported In Custom Roles |
eventarc.channels.attacheventarc.googleChannelConfigs.geteventarc.googleChannelConfigs.update |
| Firebase Realtime Database | Added |
firebasedatabase.instances.deletefirebasedatabase.instances.disablefirebasedatabase.instances.reenablefirebasedatabase.instances.undelete |
| Firebase Realtime Database | Supported In Custom Roles |
firebasedatabase.instances.deletefirebasedatabase.instances.disablefirebasedatabase.instances.reenablefirebasedatabase.instances.undelete |
| Firebase Realtime Database | Now GA |
firebasedatabase.instances.deletefirebasedatabase.instances.disablefirebasedatabase.instances.reenablefirebasedatabase.instances.undelete |
| Retail API | Added |
retail.servingConfigs.predictretail.servingConfigs.search |
Cloud IAM changes as of 2022-07-15
| Service | Change | Description |
|---|---|---|
| Vertex AI | Role Updated |
The following permissions have been added to the role aiplatform.entityTypes.getIamPolicyaiplatform.entityTypes.setIamPolicyaiplatform.featurestores.getIamPolicyaiplatform.featurestores.setIamPolicy |
| Google Kubernetes Engine | Now GA |
The role |
| Eventarc | Role Updated |
The following permissions have been added to the role cloudfunctions.functions.get |
| Identity-Aware Proxy | Now GA |
The role |
| Identity-Aware Proxy | Now GA |
The role |
| Cloud Integrations | Now GA |
The role |
| Cloud Integrations | Now GA |
The role |
| Cloud Integrations | Now GA |
The role |
| Cloud Integrations | Now GA |
The role |
| Cloud Integrations | Now GA |
The role |
| Cloud Integrations | Now GA |
The role |
| Cloud Integrations | Now GA |
The role |
| Cloud Integrations | Now GA |
The role |
| Cloud Integrations | Now GA |
The role |
| Cloud Integrations | Now GA |
The role |
| Cloud Service Mesh control plane | Role Updated |
The following permissions have been added to the role container.clusters.update |
| Visual Inspection AI | Role Updated |
The following permissions have been added to the role aiplatform.entityTypes.getIamPolicyaiplatform.entityTypes.setIamPolicyaiplatform.featurestores.getIamPolicyaiplatform.featurestores.setIamPolicy |
| Vertex AI | Added |
aiplatform.entityTypes.deleteFeatureValues |
| Chrome Enterprise Premium | Added |
beyondcorp.appConnections.createbeyondcorp.appConnections.deletebeyondcorp.appConnections.getbeyondcorp.appConnections.getIamPolicybeyondcorp.appConnections.listbeyondcorp.appConnections.setIamPolicybeyondcorp.appConnections.updatebeyondcorp.appConnectors.createbeyondcorp.appConnectors.deletebeyondcorp.appConnectors.getbeyondcorp.appConnectors.getIamPolicybeyondcorp.appConnectors.listbeyondcorp.appConnectors.reportStatusbeyondcorp.appConnectors.setIamPolicybeyondcorp.appConnectors.updatebeyondcorp.appGateways.createbeyondcorp.appGateways.deletebeyondcorp.appGateways.getbeyondcorp.appGateways.getIamPolicybeyondcorp.appGateways.listbeyondcorp.appGateways.setIamPolicybeyondcorp.appGateways.updatebeyondcorp.clientConnectorServices.accessbeyondcorp.clientConnectorServices.createbeyondcorp.clientConnectorServices.deletebeyondcorp.clientConnectorServices.getbeyondcorp.clientConnectorServices.getIamPolicybeyondcorp.clientConnectorServices.listbeyondcorp.clientConnectorServices.setIamPolicybeyondcorp.clientConnectorServices.updatebeyondcorp.clientGateways.createbeyondcorp.clientGateways.deletebeyondcorp.clientGateways.getbeyondcorp.clientGateways.getIamPolicybeyondcorp.clientGateways.listbeyondcorp.clientGateways.setIamPolicybeyondcorp.locations.getbeyondcorp.locations.listbeyondcorp.operations.cancelbeyondcorp.operations.deletebeyondcorp.operations.getbeyondcorp.operations.list |
| Chrome Enterprise Premium | Supported In Custom Roles |
beyondcorp.appConnections.createbeyondcorp.appConnections.deletebeyondcorp.appConnections.getbeyondcorp.appConnections.getIamPolicybeyondcorp.appConnections.listbeyondcorp.appConnections.setIamPolicybeyondcorp.appConnections.updatebeyondcorp.appConnectors.createbeyondcorp.appConnectors.deletebeyondcorp.appConnectors.getbeyondcorp.appConnectors.getIamPolicybeyondcorp.appConnectors.listbeyondcorp.appConnectors.reportStatusbeyondcorp.appConnectors.setIamPolicybeyondcorp.appConnectors.updatebeyondcorp.appGateways.createbeyondcorp.appGateways.deletebeyondcorp.appGateways.getbeyondcorp.appGateways.getIamPolicybeyondcorp.appGateways.listbeyondcorp.appGateways.setIamPolicybeyondcorp.appGateways.updatebeyondcorp.clientConnectorServices.accessbeyondcorp.clientConnectorServices.createbeyondcorp.clientConnectorServices.deletebeyondcorp.clientConnectorServices.getbeyondcorp.clientConnectorServices.getIamPolicybeyondcorp.clientConnectorServices.listbeyondcorp.clientConnectorServices.setIamPolicybeyondcorp.clientConnectorServices.updatebeyondcorp.clientGateways.createbeyondcorp.clientGateways.deletebeyondcorp.clientGateways.getbeyondcorp.clientGateways.getIamPolicybeyondcorp.clientGateways.listbeyondcorp.clientGateways.setIamPolicybeyondcorp.locations.getbeyondcorp.locations.listbeyondcorp.operations.cancelbeyondcorp.operations.deletebeyondcorp.operations.getbeyondcorp.operations.list |
| Identity-Aware Proxy | Now GA |
iap.tunnelDestGroups.accessViaIAPiap.tunnelDestGroups.createiap.tunnelDestGroups.deleteiap.tunnelDestGroups.getiap.tunnelDestGroups.getIamPolicyiap.tunnelDestGroups.listiap.tunnelDestGroups.setIamPolicyiap.tunnelDestGroups.updateiap.tunnelLocations.getIamPolicyiap.tunnelLocations.setIamPolicy |
| Cloud Integrations | Added |
integrations.authConfigs.createintegrations.authConfigs.deleteintegrations.authConfigs.getintegrations.authConfigs.listintegrations.authConfigs.updateintegrations.certificates.createintegrations.certificates.deleteintegrations.certificates.getintegrations.certificates.listintegrations.certificates.updateintegrations.executions.listintegrations.integrationVersions.createintegrations.integrationVersions.deleteintegrations.integrationVersions.deployintegrations.integrationVersions.getintegrations.integrationVersions.invokeintegrations.integrationVersions.listintegrations.integrationVersions.updateintegrations.integrations.createintegrations.integrations.deleteintegrations.integrations.deployintegrations.integrations.getintegrations.integrations.invokeintegrations.integrations.listintegrations.integrations.updateintegrations.sfdcChannels.createintegrations.sfdcChannels.deleteintegrations.sfdcChannels.getintegrations.sfdcChannels.listintegrations.sfdcChannels.updateintegrations.sfdcInstances.createintegrations.sfdcInstances.deleteintegrations.sfdcInstances.getintegrations.sfdcInstances.listintegrations.sfdcInstances.updateintegrations.suspensions.liftintegrations.suspensions.listintegrations.suspensions.resolve |
| Cloud Integrations | Now GA |
integrations.authConfigs.createintegrations.authConfigs.deleteintegrations.authConfigs.getintegrations.authConfigs.listintegrations.authConfigs.updateintegrations.certificates.createintegrations.certificates.deleteintegrations.certificates.getintegrations.certificates.listintegrations.certificates.updateintegrations.executions.listintegrations.integrationVersions.createintegrations.integrationVersions.deleteintegrations.integrationVersions.deployintegrations.integrationVersions.getintegrations.integrationVersions.invokeintegrations.integrationVersions.listintegrations.integrationVersions.updateintegrations.integrations.createintegrations.integrations.deleteintegrations.integrations.deployintegrations.integrations.getintegrations.integrations.invokeintegrations.integrations.listintegrations.integrations.updateintegrations.sfdcChannels.createintegrations.sfdcChannels.deleteintegrations.sfdcChannels.getintegrations.sfdcChannels.listintegrations.sfdcChannels.updateintegrations.sfdcInstances.createintegrations.sfdcInstances.deleteintegrations.sfdcInstances.getintegrations.sfdcInstances.listintegrations.sfdcInstances.updateintegrations.suspensions.liftintegrations.suspensions.listintegrations.suspensions.resolve |
| Secured Landing Zone | Added |
securedlandingzone.operations.getsecuredlandingzone.overwatches.activatesecuredlandingzone.overwatches.createsecuredlandingzone.overwatches.deletesecuredlandingzone.overwatches.getsecuredlandingzone.overwatches.listsecuredlandingzone.overwatches.suspendsecuredlandingzone.overwatches.update |
| Secured Landing Zone | Supported In Custom Roles |
securedlandingzone.overwatches.activatesecuredlandingzone.overwatches.suspend |
Cloud IAM changes as of 2022-06-24
| Service | Change | Description |
|---|---|---|
| Config Management | Role Updated |
The following permissions have been added to the role container.clusters.get |
| Batch | Now GA |
The role |
| Firebase Test Lab | Role Updated |
The following permissions have been added to the role storage.objects.delete |
| Apigee | Added |
apigee.securityProfileEnvironments.computeScoreapigee.securityProfileEnvironments.createapigee.securityProfileEnvironments.deleteapigee.securityProfiles.getapigee.securityProfiles.listapigee.securityStats.queryTabularStatsapigee.securityStats.queryTimeSeriesStats |
| Apigee | Now GA |
apigee.securityProfileEnvironments.computeScoreapigee.securityProfileEnvironments.createapigee.securityProfileEnvironments.deleteapigee.securityProfiles.getapigee.securityProfiles.listapigee.securityStats.queryTabularStatsapigee.securityStats.queryTimeSeriesStats |
Cloud IAM changes as of 2022-06-17
| Service | Change | Description |
|---|---|---|
| Care Studio | Now GA |
The role |
| Translation | Role Updated |
The following permissions have been added to the role automl.datasets.exportautoml.datasets.getautoml.datasets.listautoml.models.getautoml.models.listautoml.operations.get |
| Cloud Composer | Role Updated |
The following permissions have been added to the role resourcemanager.projects.getIamPolicy |
| Google Kubernetes Engine | Role Updated |
The following permissions have been added to the role dns.managedZones.getIamPolicydns.policies.getIamPolicy |
| Dialogflow | Role Updated |
The following permissions have been added to the role pubsub.snapshots.seekpubsub.subscriptions.consumepubsub.topics.attachSubscription |
| Cloud DNS | Role Updated |
The following permissions have been added to the role dns.managedZones.getIamPolicydns.policies.getIamPolicy |
| Document AI | Role Updated |
The following permissions have been added to the role documentai.humanReviewConfigs.review |
| Basic Role | Role Updated |
The following permissions have been added to the role dns.managedZones.getIamPolicydns.policies.getIamPolicy |
| Cloud Integrations | Role Updated |
The following permissions have been added to the role pubsub.snapshots.createpubsub.snapshots.deletepubsub.snapshots.updatepubsub.topics.createpubsub.topics.deletepubsub.topics.detachSubscriptionpubsub.topics.updatepubsub.topics.updateTag |
| Service Networking | Role Updated |
The following permissions have been added to the role dns.managedZones.getIamPolicydns.policies.getIamPolicy |
| Basic Role | Role Updated |
The following permissions have been added to the role dns.managedZones.getIamPolicydns.policies.getIamPolicy |
| Basic Role | Role Updated |
The following permissions have been removed from the role apigee.archivedeployments.upload |
| Bare Metal Solution | Added |
baremetalsolution.instancequotas.listbaremetalsolution.networkquotas.listbaremetalsolution.volumequotas.list |
| Bare Metal Solution | Supported In Custom Roles |
baremetalsolution.instancequotas.listbaremetalsolution.networkquotas.listbaremetalsolution.volumequotas.list |
| Bare Metal Solution | Now GA |
baremetalsolution.instancequotas.listbaremetalsolution.networkquotas.listbaremetalsolution.volumequotas.list |
| Batch | Added |
batch.jobs.createbatch.jobs.deletebatch.jobs.getbatch.jobs.listbatch.locations.getbatch.locations.listbatch.operations.getbatch.operations.listbatch.states.reportbatch.tasks.getbatch.tasks.list |
| Batch | Supported In Custom Roles |
batch.jobs.createbatch.jobs.deletebatch.jobs.getbatch.jobs.listbatch.locations.getbatch.locations.listbatch.operations.getbatch.operations.listbatch.states.reportbatch.tasks.getbatch.tasks.list |
| BigQuery | Supported In Custom Roles |
bigquery.dataPolicies.createbigquery.dataPolicies.deletebigquery.dataPolicies.getbigquery.dataPolicies.getIamPolicybigquery.dataPolicies.listbigquery.dataPolicies.maskedGetbigquery.dataPolicies.setIamPolicybigquery.dataPolicies.update |
| Bigtable | Added |
bigtable.tables.undelete |
| Bigtable | Now GA |
bigtable.tables.undelete |
| Care Studio | Now GA |
carestudio.patients.getcarestudio.patients.list |
| Cloud Integrations | Added |
integrations.apigeeSuspensions.lift |
| Cloud Integrations | Now GA |
integrations.apigeeSuspensions.lift |
| Service Networking | Added |
servicenetworking.services.createPeeredDnsDomainservicenetworking.services.deletePeeredDnsDomainservicenetworking.services.listPeeredDnsDomains |
| Service Networking | Supported In Custom Roles |
servicenetworking.services.createPeeredDnsDomainservicenetworking.services.deletePeeredDnsDomainservicenetworking.services.listPeeredDnsDomains |
| Timeseries Insights API | Added |
timeseriesinsights.datasets.createtimeseriesinsights.datasets.deletetimeseriesinsights.datasets.evaluatetimeseriesinsights.datasets.listtimeseriesinsights.datasets.querytimeseriesinsights.datasets.update |
Cloud IAM changes as of 2022-06-10
| Service | Change | Description |
|---|---|---|
| App Engine | Role Updated |
The following permissions have been added to the role appengine.memcache.addKeyappengine.memcache.flushappengine.memcache.getappengine.memcache.update |
| Cloud Composer | Role Updated |
The following permissions have been added to the role appengine.memcache.addKeyappengine.memcache.flushappengine.memcache.getappengine.memcache.update |
| Compute Engine | Role Updated |
The following permissions have been added to the role storage.objects.createstorage.objects.getstorage.objects.liststorage.objects.update |
| Dataplex Universal Catalog | Role Updated |
The following permissions have been added to the role cloudasset.assets.analyzeIamPolicycloudasset.assets.searchAllIamPoliciescloudasset.assets.searchAllResources |
| Dataplex Universal Catalog | Role Updated |
The following permissions have been added to the role cloudasset.assets.analyzeIamPolicy |
| Dataplex Universal Catalog | Role Updated |
The following permissions have been added to the role cloudasset.assets.analyzeIamPolicy |
| Cloud Integrations | Now GA |
The role |
| Dataproc Metastore | Now GA |
The role |
| Resource Manager | Now GA |
The role |
| Resource Manager | Now GA |
The role |
| Resource Manager | Now GA |
The role |
| Resource Manager | Now GA |
The role |
| Access Approval | Added |
accessapproval.requests.invalidate |
| Access Approval | Supported In Custom Roles |
accessapproval.requests.invalidate |
| AlloyDB for PostgreSQL | Added |
alloydb.backups.createalloydb.backups.deletealloydb.backups.getalloydb.backups.listalloydb.backups.updatealloydb.clusters.createalloydb.clusters.deletealloydb.clusters.generateClientCertificatealloydb.clusters.getalloydb.clusters.listalloydb.clusters.updatealloydb.instances.connectalloydb.instances.createalloydb.instances.deletealloydb.instances.failoveralloydb.instances.getalloydb.instances.listalloydb.instances.restartalloydb.instances.updatealloydb.locations.getalloydb.locations.listalloydb.operations.cancelalloydb.operations.deletealloydb.operations.getalloydb.operations.listalloydb.supportedDatabaseFlags.getalloydb.supportedDatabaseFlags.list |
| Artifact Registry | Added |
artifactregistry.mavenartifacts.getartifactregistry.mavenartifacts.listartifactregistry.npmpackages.getartifactregistry.npmpackages.listartifactregistry.pythonpackages.getartifactregistry.pythonpackages.list |
| Artifact Registry | Now GA |
artifactregistry.mavenartifacts.getartifactregistry.mavenartifacts.listartifactregistry.npmpackages.getartifactregistry.npmpackages.listartifactregistry.pythonpackages.getartifactregistry.pythonpackages.list |
| AutoML | Added |
automl.files.deleteautoml.files.list |
| Bare Metal Solution | Added |
baremetalsolution.instances.attachVolumebaremetalsolution.instances.detachVolume |
| Bare Metal Solution | Supported In Custom Roles |
baremetalsolution.instances.attachVolumebaremetalsolution.instances.detachVolume |
| Bare Metal Solution | Now GA |
baremetalsolution.instances.attachVolumebaremetalsolution.instances.detachVolume |
| Cloud Billing | Added |
billing.accounts.getCarbonInformation |
| Cloud Billing | Supported In Custom Roles |
billing.accounts.getCarbonInformation |
| Cloud Billing | Now GA |
billing.accounts.getCarbonInformation |
| Cloud Deploy | Added |
clouddeploy.releases.abandon |
| Cloud Deploy | Supported In Custom Roles |
clouddeploy.releases.abandon |
| Commerce Price Management | Added |
commerceprice.privateoffers.cancel |
| Commerce Price Management | Supported In Custom Roles |
commerceprice.privateoffers.cancel |
| Datastream | Added |
datastream.connectionProfiles.createTagBindingdatastream.connectionProfiles.deleteTagBindingdatastream.connectionProfiles.listEffectiveTagsdatastream.connectionProfiles.listTagBindingsdatastream.privateConnections.createTagBindingdatastream.privateConnections.deleteTagBindingdatastream.privateConnections.listEffectiveTagsdatastream.privateConnections.listTagBindingsdatastream.streams.createTagBindingdatastream.streams.deleteTagBindingdatastream.streams.listEffectiveTagsdatastream.streams.listTagBindings |
| Cloud DNS | Added |
dns.managedZones.getIamPolicydns.managedZones.setIamPolicy |
| Cloud DNS | Supported In Custom Roles |
dns.managedZones.getIamPolicydns.managedZones.setIamPolicy |
| Identity and Access Management | Added |
iam.serviceAccountKeys.disableiam.serviceAccountKeys.enable |
| Identity and Access Management | Supported In Custom Roles |
iam.serviceAccountKeys.disableiam.serviceAccountKeys.enable |
| Identity and Access Management | Now GA |
iam.serviceAccountKeys.disableiam.serviceAccountKeys.enable |
| Dataproc Metastore | Added |
metastore.federations.createmetastore.federations.deletemetastore.federations.getmetastore.federations.getIamPolicymetastore.federations.listmetastore.federations.setIamPolicymetastore.federations.updatemetastore.federations.use |
| Dataproc Metastore | Supported In Custom Roles |
metastore.federations.createmetastore.federations.deletemetastore.federations.getmetastore.federations.getIamPolicymetastore.federations.listmetastore.federations.setIamPolicymetastore.federations.updatemetastore.federations.use |
| Dataproc Metastore | Now GA |
metastore.federations.createmetastore.federations.deletemetastore.federations.getmetastore.federations.getIamPolicymetastore.federations.listmetastore.federations.setIamPolicymetastore.federations.updatemetastore.federations.use |
| Resource Manager | Now GA |
resourcemanager.hierarchyNodes.createTagBindingresourcemanager.hierarchyNodes.deleteTagBindingresourcemanager.hierarchyNodes.listTagBindingsresourcemanager.resourceTagBindings.createresourcemanager.resourceTagBindings.deleteresourcemanager.resourceTagBindings.listresourcemanager.tagHolds.createresourcemanager.tagHolds.deleteresourcemanager.tagHolds.listresourcemanager.tagKeys.createresourcemanager.tagKeys.deleteresourcemanager.tagKeys.getresourcemanager.tagKeys.getIamPolicyresourcemanager.tagKeys.listresourcemanager.tagKeys.setIamPolicyresourcemanager.tagKeys.updateresourcemanager.tagValueBindings.createresourcemanager.tagValueBindings.deleteresourcemanager.tagValues.createresourcemanager.tagValues.deleteresourcemanager.tagValues.getresourcemanager.tagValues.getIamPolicyresourcemanager.tagValues.listresourcemanager.tagValues.setIamPolicyresourcemanager.tagValues.update |
Cloud IAM changes as of 2022-05-27
| Service | Change | Description |
|---|---|---|
| AlloyDB for PostgreSQL | Now GA |
The role |
| Compute Engine | Role Updated |
The following permissions have been added to the role compute.addresses.usecompute.addresses.useInternalcompute.disks.createcompute.disks.setLabelscompute.disks.usecompute.disks.useReadOnlycompute.images.useReadOnlycompute.instanceTemplates.useReadOnlycompute.instances.createcompute.instances.createTagBindingcompute.instances.setDeletionProtectioncompute.instances.setLabelscompute.instances.setMetadatacompute.instances.setServiceAccountcompute.instances.setTagscompute.instances.updateDisplayDevicecompute.machineImages.useReadOnlycompute.networks.usecompute.networks.useExternalIpcompute.resourcePolicies.usecompute.snapshots.useReadOnlycompute.subnetworks.usecompute.subnetworks.useExternalIp |
| Dataflow | Role Updated |
The following permissions have been added to the role monitoring.timeSeries.create |
| Live Stream | Role Updated |
The following permissions have been added to the role storage.objects.getstorage.objects.list |
| Cloud Run | Role Updated |
The following permissions have been added to the role compute.addresses.createInternalcompute.addresses.deleteInternalcompute.addresses.getcompute.addresses.listcompute.subnetworks.getcompute.subnetworks.use |
| Cloud Run | Role Updated |
The following permissions have been added to the role compute.addresses.createInternalcompute.addresses.deleteInternalcompute.addresses.getcompute.addresses.listcompute.subnetworks.getcompute.subnetworks.use |
| Vertex AI | Added |
aiplatform.entityTypes.getIamPolicyaiplatform.entityTypes.setIamPolicyaiplatform.featurestores.getIamPolicyaiplatform.featurestores.setIamPolicy |
| Container Security | Added |
containersecurity.locations.getcontainersecurity.locations.list |
| Network Management API | Added |
networkmanagement.config.getnetworkmanagement.config.startFreeTrialnetworkmanagement.config.update |
| Network Management API | Supported In Custom Roles |
networkmanagement.config.getnetworkmanagement.config.startFreeTrialnetworkmanagement.config.update |
| Network Management API | Now GA |
networkmanagement.config.getnetworkmanagement.config.startFreeTrialnetworkmanagement.config.update |
| Network Services | Added |
networkservices.tlsRoutes.createnetworkservices.tlsRoutes.deletenetworkservices.tlsRoutes.getnetworkservices.tlsRoutes.listnetworkservices.tlsRoutes.updatenetworkservices.tlsRoutes.use |
| Network Services | Supported In Custom Roles |
networkservices.tlsRoutes.createnetworkservices.tlsRoutes.deletenetworkservices.tlsRoutes.getnetworkservices.tlsRoutes.listnetworkservices.tlsRoutes.updatenetworkservices.tlsRoutes.use |
| reCAPTCHA | Added |
recaptchaenterprise.keys.retrievelegacysecretkey |
| Transfer Appliance | Added |
transferappliance.appliances.createtransferappliance.appliances.deletetransferappliance.appliances.gettransferappliance.appliances.listtransferappliance.appliances.updatetransferappliance.locations.gettransferappliance.locations.listtransferappliance.operations.canceltransferappliance.operations.deletetransferappliance.operations.gettransferappliance.operations.listtransferappliance.orders.createtransferappliance.orders.deletetransferappliance.orders.gettransferappliance.orders.listtransferappliance.orders.update |
| Transfer Appliance | Supported In Custom Roles |
transferappliance.appliances.createtransferappliance.appliances.deletetransferappliance.appliances.gettransferappliance.appliances.listtransferappliance.appliances.updatetransferappliance.locations.gettransferappliance.locations.listtransferappliance.operations.canceltransferappliance.operations.deletetransferappliance.operations.gettransferappliance.operations.listtransferappliance.orders.createtransferappliance.orders.deletetransferappliance.orders.gettransferappliance.orders.listtransferappliance.orders.update |
Cloud IAM changes as of 2022-05-20
| Service | Change | Description |
|---|---|---|
| Cloud Service Mesh | Role Updated |
The following permissions have been added to the role container.jobs.createcontainer.jobs.deletecontainer.jobs.getcontainer.jobs.listcontainer.jobs.update |
| Backup for GKE | Role Updated |
The following permissions have been added to the role compute.disks.listcompute.disks.setLabels |
| Vertex AI | Added |
aiplatform.humanInTheLoops.queryAnnotationStats |
| Bare Metal Solution | Added |
baremetalsolution.luns.createbaremetalsolution.luns.deletebaremetalsolution.luns.updatebaremetalsolution.volumes.createbaremetalsolution.volumes.delete |
| Bare Metal Solution | Supported In Custom Roles |
baremetalsolution.luns.createbaremetalsolution.luns.deletebaremetalsolution.luns.updatebaremetalsolution.volumes.createbaremetalsolution.volumes.delete |
| Bare Metal Solution | Now GA |
baremetalsolution.luns.createbaremetalsolution.luns.deletebaremetalsolution.luns.updatebaremetalsolution.volumes.createbaremetalsolution.volumes.delete |
| BigQuery | Added |
bigquery.datasets.createTagBindingbigquery.datasets.deleteTagBindingbigquery.datasets.listTagBindings |
| BigQuery | Supported In Custom Roles |
bigquery.datasets.createTagBindingbigquery.datasets.deleteTagBindingbigquery.datasets.listTagBindings |
| Recommender | Added |
recommender.containerDiagnosisInsights.getrecommender.containerDiagnosisInsights.listrecommender.containerDiagnosisInsights.updaterecommender.containerDiagnosisRecommendations.getrecommender.containerDiagnosisRecommendations.listrecommender.containerDiagnosisRecommendations.update |
| Recommender | Supported In Custom Roles |
recommender.containerDiagnosisInsights.getrecommender.containerDiagnosisInsights.listrecommender.containerDiagnosisInsights.updaterecommender.containerDiagnosisRecommendations.getrecommender.containerDiagnosisRecommendations.listrecommender.containerDiagnosisRecommendations.update |
| Service Security Insights | Added |
servicesecurityinsights.securityInfo.list |
| Service Security Insights | Supported In Custom Roles |
servicesecurityinsights.securityInfo.list |
Cloud IAM changes as of 2022-05-13
| Service | Change | Description |
|---|---|---|
| Assured Workloads | Role Updated |
The following permissions have been added to the role logging.cmekSettings.update |
| Maps Admin | Now GA |
The role |
| Maps Admin | Now GA |
The role |
| Security Command Center | Role Updated |
The following permissions have been added to the role orgpolicy.policies.list |
| Security Command Center | Role Updated |
The following permissions have been added to the role orgpolicy.policies.list |
| Service Security Insights | Role Added |
The role servicesecurityinsights.clusterSecurityInfo.getservicesecurityinsights.clusterSecurityInfo.listservicesecurityinsights.clusters.getservicesecurityinsights.clusters.listservicesecurityinsights.googleapis.com/clusterSecurityInfo.getservicesecurityinsights.googleapis.com/clusterSecurityInfo.listservicesecurityinsights.googleapis.com/clusters.getservicesecurityinsights.googleapis.com/clusters.listservicesecurityinsights.googleapis.com/locations.getservicesecurityinsights.googleapis.com/locations.listservicesecurityinsights.googleapis.com/namespaces.getservicesecurityinsights.googleapis.com/namespaces.listservicesecurityinsights.googleapis.com/policies.getservicesecurityinsights.googleapis.com/policyTypes.getservicesecurityinsights.googleapis.com/policyTypes.listservicesecurityinsights.googleapis.com/projectStates.getservicesecurityinsights.googleapis.com/securityInfo.listservicesecurityinsights.googleapis.com/securityViews.getservicesecurityinsights.googleapis.com/workloadPolicies.listservicesecurityinsights.googleapis.com/workloadSecurityInfo.getservicesecurityinsights.googleapis.com/workloadTypes.getservicesecurityinsights.googleapis.com/workloadTypes.listservicesecurityinsights.googleapis.com/workloads.getservicesecurityinsights.googleapis.com/workloads.listservicesecurityinsights.locations.getservicesecurityinsights.locations.listservicesecurityinsights.namespaces.getservicesecurityinsights.namespaces.listservicesecurityinsights.policies.getservicesecurityinsights.policyTypes.getservicesecurityinsights.policyTypes.listservicesecurityinsights.projectStates.getservicesecurityinsights.securityInfo.listservicesecurityinsights.securityViews.getservicesecurityinsights.workloadPolicies.listservicesecurityinsights.workloadSecurityInfo.getservicesecurityinsights.workloadTypes.getservicesecurityinsights.workloadTypes.listservicesecurityinsights.workloads.getservicesecurityinsights.workloads.list |
| Apigee | Added |
apigee.keyvaluemapentries.createapigee.keyvaluemapentries.deleteapigee.keyvaluemapentries.get |
| Apigee | Supported In Custom Roles |
apigee.keyvaluemapentries.createapigee.keyvaluemapentries.deleteapigee.keyvaluemapentries.get |
| Apigee | Now GA |
apigee.keyvaluemapentries.createapigee.keyvaluemapentries.deleteapigee.keyvaluemapentries.get |
| Artifact Registry | Added |
artifactregistry.locations.getartifactregistry.locations.list |
| Artifact Registry | Supported In Custom Roles |
artifactregistry.locations.getartifactregistry.locations.list |
| Artifact Registry | Now GA |
artifactregistry.locations.getartifactregistry.locations.list |
| Care Studio | Added |
carestudio.patients.getcarestudio.patients.list |
| Identity-Aware Proxy | Added |
iap.tunnelDestGroups.accessViaIAPiap.tunnelDestGroups.createiap.tunnelDestGroups.deleteiap.tunnelDestGroups.getiap.tunnelDestGroups.getIamPolicyiap.tunnelDestGroups.listiap.tunnelDestGroups.setIamPolicyiap.tunnelDestGroups.updateiap.tunnelLocations.getIamPolicyiap.tunnelLocations.setIamPolicy |
| Identity-Aware Proxy | Supported In Custom Roles |
iap.tunnelDestGroups.accessViaIAPiap.tunnelDestGroups.createiap.tunnelDestGroups.deleteiap.tunnelDestGroups.getiap.tunnelDestGroups.getIamPolicyiap.tunnelDestGroups.listiap.tunnelDestGroups.setIamPolicyiap.tunnelDestGroups.updateiap.tunnelLocations.getIamPolicyiap.tunnelLocations.setIamPolicy |
| Maps Admin | Added |
mapsadmin.clientMaps.createmapsadmin.clientMaps.deletemapsadmin.clientMaps.getmapsadmin.clientMaps.listmapsadmin.clientMaps.updatemapsadmin.clientStyleActivationRules.updatemapsadmin.clientStyleSheetSnapshots.listmapsadmin.clientStyleSheetSnapshots.updatemapsadmin.clientStyles.createmapsadmin.clientStyles.deletemapsadmin.clientStyles.getmapsadmin.clientStyles.listmapsadmin.clientStyles.updatemapsadmin.styleEditorConfigs.get |
| Maps Admin | Supported In Custom Roles |
mapsadmin.clientMaps.createmapsadmin.clientMaps.deletemapsadmin.clientMaps.getmapsadmin.clientMaps.listmapsadmin.clientMaps.updatemapsadmin.clientStyleActivationRules.updatemapsadmin.clientStyleSheetSnapshots.listmapsadmin.clientStyleSheetSnapshots.updatemapsadmin.clientStyles.createmapsadmin.clientStyles.deletemapsadmin.clientStyles.getmapsadmin.clientStyles.listmapsadmin.clientStyles.updatemapsadmin.styleEditorConfigs.get |
| Maps Admin | Now GA |
mapsadmin.clientMaps.createmapsadmin.clientMaps.deletemapsadmin.clientMaps.getmapsadmin.clientMaps.listmapsadmin.clientMaps.updatemapsadmin.clientStyleActivationRules.updatemapsadmin.clientStyleSheetSnapshots.listmapsadmin.clientStyleSheetSnapshots.updatemapsadmin.clientStyles.createmapsadmin.clientStyles.deletemapsadmin.clientStyles.getmapsadmin.clientStyles.listmapsadmin.clientStyles.updatemapsadmin.styleEditorConfigs.get |
| Certificate Authority Service | Added |
privateca.caPools.use |
| Certificate Authority Service | Now GA |
privateca.caPools.use |
Cloud IAM changes as of 2022-05-06
| Service | Change | Description |
|---|---|---|
| Cloud Billing | Now GA |
The role |
| Cloud Run functions | Role Updated |
The following permissions have been added to the role run.operations.deleterun.operations.getrun.operations.list |
| Cloud Run functions | Role Updated |
The following permissions have been added to the role run.operations.deleterun.operations.getrun.operations.list |
| Firebase App Check | Now GA |
The role |
| Firebase App Check | Now GA |
The role |
| Recommender | Now GA |
The role |
| Recommender | Now GA |
The role |
| Cloud Run | Role Updated |
The following permissions have been added to the role run.operations.deleterun.operations.getrun.operations.list |
| Container Security | Added |
containersecurity.clusterSummaries.listcontainersecurity.workloadConfigAudits.list |
| Container Security | Supported In Custom Roles |
containersecurity.clusterSummaries.listcontainersecurity.workloadConfigAudits.list |
| Eventarc | Added |
eventarc.channelConnections.createeventarc.channelConnections.deleteeventarc.channelConnections.geteventarc.channelConnections.getIamPolicyeventarc.channelConnections.listeventarc.channelConnections.publisheventarc.channelConnections.setIamPolicy |
| Eventarc | Supported In Custom Roles |
eventarc.channelConnections.createeventarc.channelConnections.deleteeventarc.channelConnections.geteventarc.channelConnections.getIamPolicyeventarc.channelConnections.listeventarc.channelConnections.publisheventarc.channelConnections.setIamPolicy |
| Firebase App Check | Added |
firebaseappcheck.recaptchaV3Config.getfirebaseappcheck.recaptchaV3Config.update |
| Firebase App Check | Now GA |
firebaseappcheck.appAttestConfig.getfirebaseappcheck.appAttestConfig.updatefirebaseappcheck.debugTokens.getfirebaseappcheck.debugTokens.updatefirebaseappcheck.deviceCheckConfig.getfirebaseappcheck.deviceCheckConfig.updatefirebaseappcheck.playIntegrityConfig.getfirebaseappcheck.playIntegrityConfig.updatefirebaseappcheck.recaptchaEnterpriseConfig.getfirebaseappcheck.recaptchaEnterpriseConfig.updatefirebaseappcheck.recaptchaV3Config.getfirebaseappcheck.recaptchaV3Config.updatefirebaseappcheck.safetyNetConfig.getfirebaseappcheck.safetyNetConfig.updatefirebaseappcheck.services.getfirebaseappcheck.services.update |
| Managed Service for Microsoft Active Directory | Added |
managedidentities.domains.extendSchema |
| Managed Service for Microsoft Active Directory | Supported In Custom Roles |
managedidentities.domains.extendSchema |
| Recommender | Added |
recommender.gmpProjectManagementInsights.getrecommender.gmpProjectManagementInsights.listrecommender.gmpProjectManagementInsights.updaterecommender.gmpProjectManagementRecommendations.getrecommender.gmpProjectManagementRecommendations.listrecommender.gmpProjectManagementRecommendations.updaterecommender.gmpProjectProductSuggestionsInsights.getrecommender.gmpProjectProductSuggestionsInsights.listrecommender.gmpProjectProductSuggestionsInsights.updaterecommender.gmpProjectProductSuggestionsRecommendations.getrecommender.gmpProjectProductSuggestionsRecommendations.listrecommender.gmpProjectProductSuggestionsRecommendations.updaterecommender.gmpProjectQuotaInsights.getrecommender.gmpProjectQuotaInsights.listrecommender.gmpProjectQuotaInsights.updaterecommender.gmpProjectQuotaRecommendations.getrecommender.gmpProjectQuotaRecommendations.listrecommender.gmpProjectQuotaRecommendations.update |
| Recommender | Supported In Custom Roles |
recommender.gmpProjectManagementInsights.getrecommender.gmpProjectManagementInsights.listrecommender.gmpProjectManagementInsights.updaterecommender.gmpProjectManagementRecommendations.getrecommender.gmpProjectManagementRecommendations.listrecommender.gmpProjectManagementRecommendations.updaterecommender.gmpProjectProductSuggestionsInsights.getrecommender.gmpProjectProductSuggestionsInsights.listrecommender.gmpProjectProductSuggestionsInsights.updaterecommender.gmpProjectProductSuggestionsRecommendations.getrecommender.gmpProjectProductSuggestionsRecommendations.listrecommender.gmpProjectProductSuggestionsRecommendations.updaterecommender.gmpProjectQuotaInsights.getrecommender.gmpProjectQuotaInsights.listrecommender.gmpProjectQuotaInsights.updaterecommender.gmpProjectQuotaRecommendations.getrecommender.gmpProjectQuotaRecommendations.listrecommender.gmpProjectQuotaRecommendations.update |
| Recommender | Now GA |
recommender.gmpProjectManagementInsights.getrecommender.gmpProjectManagementInsights.listrecommender.gmpProjectManagementInsights.updaterecommender.gmpProjectManagementRecommendations.getrecommender.gmpProjectManagementRecommendations.listrecommender.gmpProjectManagementRecommendations.updaterecommender.gmpProjectProductSuggestionsInsights.getrecommender.gmpProjectProductSuggestionsInsights.listrecommender.gmpProjectProductSuggestionsInsights.updaterecommender.gmpProjectProductSuggestionsRecommendations.getrecommender.gmpProjectProductSuggestionsRecommendations.listrecommender.gmpProjectProductSuggestionsRecommendations.updaterecommender.gmpProjectQuotaInsights.getrecommender.gmpProjectQuotaInsights.listrecommender.gmpProjectQuotaInsights.updaterecommender.gmpProjectQuotaRecommendations.getrecommender.gmpProjectQuotaRecommendations.listrecommender.gmpProjectQuotaRecommendations.update |
| Cloud Run | Added |
run.executions.deleterun.executions.getrun.executions.listrun.jobs.createrun.jobs.deleterun.jobs.getrun.jobs.getIamPolicyrun.jobs.listrun.jobs.runrun.jobs.setIamPolicyrun.jobs.updaterun.tasks.getrun.tasks.list |
| Cloud Run | Supported In Custom Roles |
run.jobs.runrun.jobs.update |
| Cloud Run | Now GA |
run.executions.deleterun.executions.getrun.executions.listrun.jobs.createrun.jobs.deleterun.jobs.getrun.jobs.getIamPolicyrun.jobs.listrun.jobs.runrun.jobs.setIamPolicyrun.jobs.updaterun.tasks.getrun.tasks.list |
| Service Security Insights | Added |
servicesecurityinsights.clusterSecurityInfo.getservicesecurityinsights.clusterSecurityInfo.listservicesecurityinsights.policies.getservicesecurityinsights.projectStates.getservicesecurityinsights.securityViews.getservicesecurityinsights.workloadPolicies.listservicesecurityinsights.workloadSecurityInfo.get |
Cloud IAM changes as of 2022-04-29
| Service | Change | Description |
|---|---|---|
| Apigee | Role Updated |
The following permissions have been added to the role apigee.keyvaluemaps.createapigee.keyvaluemaps.delete |
| Content Warehouse | Role Updated |
The following permissions have been removed from the role contentwarehouse.documents.createcontentwarehouse.documents.deletecontentwarehouse.documents.setIamPolicy |
| Dataflow | Role Updated |
The following permissions have been added to the role cloudbuild.builds.createcloudbuild.builds.getcloudbuild.builds.listcloudbuild.builds.updateremotebuildexecution.blobs.get |
| Dataflow | Role Updated |
The following permissions have been added to the role cloudbuild.builds.createcloudbuild.builds.getcloudbuild.builds.listcloudbuild.builds.updateremotebuildexecution.blobs.get |
| Dataflow | Role Updated |
The following permissions have been added to the role dataflow.jobs.canceldataflow.jobs.createdataflow.jobs.getdataflow.jobs.listdataflow.jobs.snapshotdataflow.jobs.updateContentsdataflow.messages.listdataflow.metrics.getdataflow.snapshots.deletedataflow.snapshots.getdataflow.snapshots.listrecommender.dataflowDiagnosticsInsights.getrecommender.dataflowDiagnosticsInsights.listrecommender.dataflowDiagnosticsInsights.updateserviceusage.services.use |
| Data Pipelines | Role Updated |
The following permissions have been added to the role cloudbuild.builds.createcloudbuild.builds.getcloudbuild.builds.listcloudbuild.builds.updateremotebuildexecution.blobs.get |
| Dataprep by Trifacta | Role Updated |
The following permissions have been added to the role cloudbuild.builds.createcloudbuild.builds.getcloudbuild.builds.listcloudbuild.builds.updateremotebuildexecution.blobs.get |
| Firebase Mods | Role Updated |
The following permissions have been added to the role iam.serviceAccounts.actAs |
| Speech-to-Text | Role Updated |
The following permissions have been added to the role speech.customClasses.getspeech.customClasses.listspeech.phraseSets.getspeech.phraseSets.list |
| Apigee | Added |
apigee.datalocation.get |
| Apigee | Supported In Custom Roles |
apigee.datalocation.get |
| Apigee | Now GA |
apigee.datalocation.get |
| Compute Engine | Added |
compute.instances.createTagBindingcompute.instances.deleteTagBindingcompute.instances.listTagBindings |
| Compute Engine | Now GA |
compute.instances.createTagBindingcompute.instances.deleteTagBindingcompute.instances.listTagBindings |
| Eventarc | Added |
eventarc.channels.createeventarc.channels.deleteeventarc.channels.geteventarc.channels.getIamPolicyeventarc.channels.listeventarc.channels.publisheventarc.channels.setIamPolicyeventarc.channels.undeleteeventarc.channels.update |
| Eventarc | Supported In Custom Roles |
eventarc.channels.createeventarc.channels.deleteeventarc.channels.geteventarc.channels.getIamPolicyeventarc.channels.listeventarc.channels.publisheventarc.channels.setIamPolicyeventarc.channels.undeleteeventarc.channels.update |
| Firebase App Check | Added |
firebaseappcheck.playIntegrityConfig.getfirebaseappcheck.playIntegrityConfig.update |
| Firebase App Check | Supported In Custom Roles |
firebaseappcheck.playIntegrityConfig.getfirebaseappcheck.playIntegrityConfig.update |
| Recommender | Added |
recommender.costInsights.getrecommender.costInsights.listrecommender.costInsights.updaterecommender.runServiceIdentityInsights.getrecommender.runServiceIdentityInsights.listrecommender.runServiceIdentityInsights.updaterecommender.runServiceIdentityRecommendations.getrecommender.runServiceIdentityRecommendations.listrecommender.runServiceIdentityRecommendations.update |
| Recommender | Supported In Custom Roles |
recommender.runServiceIdentityInsights.getrecommender.runServiceIdentityInsights.listrecommender.runServiceIdentityInsights.updaterecommender.runServiceIdentityRecommendations.getrecommender.runServiceIdentityRecommendations.listrecommender.runServiceIdentityRecommendations.update |
| Recommender | Now GA |
recommender.runServiceIdentityInsights.getrecommender.runServiceIdentityInsights.listrecommender.runServiceIdentityInsights.updaterecommender.runServiceIdentityRecommendations.getrecommender.runServiceIdentityRecommendations.listrecommender.runServiceIdentityRecommendations.update |
Cloud IAM changes as of 2022-04-22
| Service | Change | Description |
|---|---|---|
| BigQuery Migration API | Now GA |
The role |
| BigQuery Migration API | Now GA |
The role |
| BigQuery Migration API | Now GA |
The role |
| BigQuery Migration API | Now GA |
The role |
| BigQuery Migration API | Now GA |
The role |
| Google Kubernetes Engine | Role Updated |
The following permissions have been added to the role serviceusage.services.use |
| Storage Transfer Service | Role Updated |
The following permissions have been removed from the role pubsub.snapshots.seek |
| BigQuery Migration API | Now GA |
bigquerymigration.locations.getbigquerymigration.locations.listbigquerymigration.subtaskTypes.executeTaskbigquerymigration.subtasks.createbigquerymigration.subtasks.executeTaskbigquerymigration.subtasks.getbigquerymigration.subtasks.listbigquerymigration.taskTypes.orchestrateTaskbigquerymigration.translation.translatebigquerymigration.workflows.createbigquerymigration.workflows.deletebigquerymigration.workflows.getbigquerymigration.workflows.listbigquerymigration.workflows.orchestrateTaskbigquerymigration.workflows.updatebigquerymigration.workflows.writeLogs |
| Cloud Key Management Service | Added |
cloudkms.keyRings.listEffectiveTags |
| Cloud Key Management Service | Now GA |
cloudkms.keyRings.listEffectiveTags |
| Cloud Optimization | Added |
cloudoptimization.operations.createcloudoptimization.operations.get |
| Cloud Optimization | Supported In Custom Roles |
cloudoptimization.operations.createcloudoptimization.operations.get |
| Cloud SQL | Added |
cloudsql.instances.listEffectiveTagscloudsql.users.get |
| Cloud SQL | Supported In Custom Roles |
cloudsql.users.get |
| Cloud SQL | Now GA |
cloudsql.instances.listEffectiveTagscloudsql.users.get |
| Compute Engine | Added |
compute.disks.listEffectiveTagscompute.images.listEffectiveTagscompute.instances.listEffectiveTagscompute.snapshots.listEffectiveTags |
| Google Kubernetes Engine | Added |
container.clusters.createTagBindingcontainer.clusters.deleteTagBindingcontainer.clusters.listEffectiveTagscontainer.clusters.listTagBindings |
| Google Kubernetes Engine | Now GA |
container.clusters.createTagBindingcontainer.clusters.deleteTagBindingcontainer.clusters.listEffectiveTagscontainer.clusters.listTagBindings |
| Cloud Domains | Added |
domains.registrations.listEffectiveTags |
| Cloud Domains | Now GA |
domains.registrations.listEffectiveTags |
| Filestore | Added |
file.backups.listEffectiveTagsfile.instances.listEffectiveTagsfile.snapshots.listEffectiveTags |
| GKE Hub | Supported In Custom Roles |
gkehub.features.creategkehub.features.deletegkehub.features.getgkehub.features.getIamPolicygkehub.features.listgkehub.features.setIamPolicygkehub.features.update |
| Managed Service for Microsoft Active Directory | Added |
managedidentities.domains.listEffectiveTags |
| Managed Service for Microsoft Active Directory | Now GA |
managedidentities.domains.listEffectiveTags |
| Recommender | Added |
recommender.computeInstanceCpuUsageInsights.getrecommender.computeInstanceCpuUsageInsights.listrecommender.computeInstanceCpuUsageInsights.updaterecommender.computeInstanceCpuUsagePredictionInsights.getrecommender.computeInstanceCpuUsagePredictionInsights.listrecommender.computeInstanceCpuUsagePredictionInsights.updaterecommender.computeInstanceCpuUsageTrendInsights.getrecommender.computeInstanceCpuUsageTrendInsights.listrecommender.computeInstanceCpuUsageTrendInsights.updaterecommender.computeInstanceGroupManagerCpuUsageInsights.getrecommender.computeInstanceGroupManagerCpuUsageInsights.listrecommender.computeInstanceGroupManagerCpuUsageInsights.updaterecommender.computeInstanceGroupManagerCpuUsagePredictionInsights.getrecommender.computeInstanceGroupManagerCpuUsagePredictionInsights.listrecommender.computeInstanceGroupManagerCpuUsagePredictionInsights.updaterecommender.computeInstanceGroupManagerCpuUsageTrendInsights.getrecommender.computeInstanceGroupManagerCpuUsageTrendInsights.listrecommender.computeInstanceGroupManagerCpuUsageTrendInsights.updaterecommender.computeInstanceGroupManagerMemoryUsageInsights.getrecommender.computeInstanceGroupManagerMemoryUsageInsights.listrecommender.computeInstanceGroupManagerMemoryUsageInsights.updaterecommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.getrecommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.listrecommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.updaterecommender.computeInstanceMemoryUsageInsights.getrecommender.computeInstanceMemoryUsageInsights.listrecommender.computeInstanceMemoryUsageInsights.updaterecommender.computeInstanceMemoryUsagePredictionInsights.getrecommender.computeInstanceMemoryUsagePredictionInsights.listrecommender.computeInstanceMemoryUsagePredictionInsights.updaterecommender.computeInstanceNetworkThroughputInsights.getrecommender.computeInstanceNetworkThroughputInsights.listrecommender.computeInstanceNetworkThroughputInsights.updaterecommender.spendBasedCommitmentInsights.getrecommender.spendBasedCommitmentInsights.listrecommender.spendBasedCommitmentInsights.updaterecommender.spendBasedCommitmentRecommendations.getrecommender.spendBasedCommitmentRecommendations.listrecommender.spendBasedCommitmentRecommendations.update |
| Recommender | Supported In Custom Roles |
recommender.computeInstanceCpuUsageInsights.getrecommender.computeInstanceCpuUsageInsights.listrecommender.computeInstanceCpuUsageInsights.updaterecommender.computeInstanceCpuUsagePredictionInsights.getrecommender.computeInstanceCpuUsagePredictionInsights.listrecommender.computeInstanceCpuUsagePredictionInsights.updaterecommender.computeInstanceCpuUsageTrendInsights.getrecommender.computeInstanceCpuUsageTrendInsights.listrecommender.computeInstanceCpuUsageTrendInsights.updaterecommender.computeInstanceGroupManagerCpuUsageInsights.getrecommender.computeInstanceGroupManagerCpuUsageInsights.listrecommender.computeInstanceGroupManagerCpuUsageInsights.updaterecommender.computeInstanceGroupManagerCpuUsagePredictionInsights.getrecommender.computeInstanceGroupManagerCpuUsagePredictionInsights.listrecommender.computeInstanceGroupManagerCpuUsagePredictionInsights.updaterecommender.computeInstanceGroupManagerCpuUsageTrendInsights.getrecommender.computeInstanceGroupManagerCpuUsageTrendInsights.listrecommender.computeInstanceGroupManagerCpuUsageTrendInsights.updaterecommender.computeInstanceGroupManagerMemoryUsageInsights.getrecommender.computeInstanceGroupManagerMemoryUsageInsights.listrecommender.computeInstanceGroupManagerMemoryUsageInsights.updaterecommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.getrecommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.listrecommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.updaterecommender.computeInstanceMemoryUsageInsights.getrecommender.computeInstanceMemoryUsageInsights.listrecommender.computeInstanceMemoryUsageInsights.updaterecommender.computeInstanceMemoryUsagePredictionInsights.getrecommender.computeInstanceMemoryUsagePredictionInsights.listrecommender.computeInstanceMemoryUsagePredictionInsights.updaterecommender.computeInstanceNetworkThroughputInsights.getrecommender.computeInstanceNetworkThroughputInsights.listrecommender.computeInstanceNetworkThroughputInsights.updaterecommender.spendBasedCommitmentInsights.getrecommender.spendBasedCommitmentInsights.listrecommender.spendBasedCommitmentInsights.updaterecommender.spendBasedCommitmentRecommendations.getrecommender.spendBasedCommitmentRecommendations.listrecommender.spendBasedCommitmentRecommendations.update |
| Recommender | Now GA |
recommender.computeInstanceCpuUsageInsights.getrecommender.computeInstanceCpuUsageInsights.listrecommender.computeInstanceCpuUsageInsights.updaterecommender.computeInstanceCpuUsagePredictionInsights.getrecommender.computeInstanceCpuUsagePredictionInsights.listrecommender.computeInstanceCpuUsagePredictionInsights.updaterecommender.computeInstanceCpuUsageTrendInsights.getrecommender.computeInstanceCpuUsageTrendInsights.listrecommender.computeInstanceCpuUsageTrendInsights.updaterecommender.computeInstanceGroupManagerCpuUsageInsights.getrecommender.computeInstanceGroupManagerCpuUsageInsights.listrecommender.computeInstanceGroupManagerCpuUsageInsights.updaterecommender.computeInstanceGroupManagerCpuUsagePredictionInsights.getrecommender.computeInstanceGroupManagerCpuUsagePredictionInsights.listrecommender.computeInstanceGroupManagerCpuUsagePredictionInsights.updaterecommender.computeInstanceGroupManagerCpuUsageTrendInsights.getrecommender.computeInstanceGroupManagerCpuUsageTrendInsights.listrecommender.computeInstanceGroupManagerCpuUsageTrendInsights.updaterecommender.computeInstanceGroupManagerMemoryUsageInsights.getrecommender.computeInstanceGroupManagerMemoryUsageInsights.listrecommender.computeInstanceGroupManagerMemoryUsageInsights.updaterecommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.getrecommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.listrecommender.computeInstanceGroupManagerMemoryUsagePredictionInsights.updaterecommender.computeInstanceMemoryUsageInsights.getrecommender.computeInstanceMemoryUsageInsights.listrecommender.computeInstanceMemoryUsageInsights.updaterecommender.computeInstanceMemoryUsagePredictionInsights.getrecommender.computeInstanceMemoryUsagePredictionInsights.listrecommender.computeInstanceMemoryUsagePredictionInsights.updaterecommender.computeInstanceNetworkThroughputInsights.getrecommender.computeInstanceNetworkThroughputInsights.listrecommender.computeInstanceNetworkThroughputInsights.update |
| Resource Manager | Added |
resourcemanager.hierarchyNodes.listEffectiveTags |
| Spanner | Added |
spanner.backups.copy |
| Spanner | Supported In Custom Roles |
spanner.backups.copy |
| Spanner | Now GA |
spanner.backups.copy |
| Cloud Storage | Added |
storage.buckets.listEffectiveTags |
| Cloud Storage | Now GA |
storage.buckets.listEffectiveTags |
Cloud IAM changes as of 2022-04-15
| Service | Change | Description |
|---|---|---|
| Vertex AI | Role Updated |
The following permissions have been added to the role aiplatform.entityTypes.exportFeatureValues |
| Vertex AI | Role Updated |
The following permissions have been added to the role aiplatform.entityTypes.exportFeatureValues |
| Cloud Run functions | Role Updated |
The following permissions have been added to the role cloudfunctions.functions.getcloudfunctions.functions.listcloudfunctions.operations.getcloudfunctions.operations.list |
| Dataplex Universal Catalog | Role Updated |
The following permissions have been added to the role dataplex.tasks.createdataplex.tasks.update |
| Speech-to-Text | Now GA |
The role |
| BigQuery | Added |
bigquery.dataPolicies.createbigquery.dataPolicies.deletebigquery.dataPolicies.getbigquery.dataPolicies.getIamPolicybigquery.dataPolicies.listbigquery.dataPolicies.maskedGetbigquery.dataPolicies.setIamPolicybigquery.dataPolicies.update |
| BigQuery Migration API | Added |
bigquerymigration.locations.getbigquerymigration.locations.listbigquerymigration.subtaskTypes.executeTaskbigquerymigration.subtasks.createbigquerymigration.subtasks.executeTaskbigquerymigration.subtasks.getbigquerymigration.subtasks.listbigquerymigration.taskTypes.orchestrateTaskbigquerymigration.translation.translatebigquerymigration.workflows.createbigquerymigration.workflows.deletebigquerymigration.workflows.getbigquerymigration.workflows.listbigquerymigration.workflows.orchestrateTaskbigquerymigration.workflows.updatebigquerymigration.workflows.writeLogs |
| Compute Engine | Added |
compute.packetMirrorings.createcompute.packetMirrorings.deletecompute.packetMirrorings.getcompute.packetMirrorings.list |
| Compute Engine | Now GA |
compute.packetMirrorings.createcompute.packetMirrorings.deletecompute.packetMirrorings.getcompute.packetMirrorings.list |
Cloud IAM changes as of 2022-04-08
| Service | Change | Description |
|---|---|---|
| Assured Workloads | Role Updated |
The following permissions have been removed from the role cloudasset.assets.exportResourcecloudasset.feeds.createcloudasset.feeds.deletecloudasset.feeds.getcloudasset.feeds.update |
| Cloud Data Fusion | Role Updated |
The following permissions have been added to the role dns.managedZones.createdns.managedZones.deletedns.managedZones.getdns.managedZones.listdns.networks.bindPrivateDNSZonedns.networks.targetWithPeeringZone |
| Dataproc | Role Updated |
The following permissions have been added to the role container.clusterRoleBindings.createcontainer.clusterRoleBindings.deletecontainer.clusterRoleBindings.getcontainer.clusterRoleBindings.listcontainer.clusterRoleBindings.updatecontainer.clusterRoles.bindcontainer.clusterRoles.createcontainer.clusterRoles.deletecontainer.clusterRoles.escalatecontainer.clusterRoles.getcontainer.clusterRoles.listcontainer.clusterRoles.updatecontainer.clusters.getcontainer.clusters.updatecontainer.customResourceDefinitions.createcontainer.customResourceDefinitions.deletecontainer.customResourceDefinitions.getcontainer.customResourceDefinitions.listcontainer.customResourceDefinitions.updatecontainer.namespaces.createcontainer.namespaces.deletecontainer.namespaces.getcontainer.namespaces.listcontainer.namespaces.updatecontainer.operations.getcontainer.roleBindings.createcontainer.roleBindings.deletecontainer.roleBindings.getcontainer.roleBindings.listcontainer.roleBindings.updatecontainer.roles.bindcontainer.roles.escalate |
| Recommender | Now GA |
The role |
| Recommender | Now GA |
The role |
| Apigee Registry | Added |
apigeeregistry.apis.createapigeeregistry.apis.deleteapigeeregistry.apis.getapigeeregistry.apis.getIamPolicyapigeeregistry.apis.listapigeeregistry.apis.setIamPolicyapigeeregistry.apis.updateapigeeregistry.artifacts.createapigeeregistry.artifacts.deleteapigeeregistry.artifacts.getapigeeregistry.artifacts.getIamPolicyapigeeregistry.artifacts.listapigeeregistry.artifacts.setIamPolicyapigeeregistry.artifacts.updateapigeeregistry.deployments.createapigeeregistry.deployments.deleteapigeeregistry.deployments.getapigeeregistry.deployments.listapigeeregistry.deployments.updateapigeeregistry.instances.getapigeeregistry.instances.updateapigeeregistry.locations.getapigeeregistry.locations.listapigeeregistry.operations.cancelapigeeregistry.operations.deleteapigeeregistry.operations.getapigeeregistry.operations.listapigeeregistry.specs.createapigeeregistry.specs.deleteapigeeregistry.specs.getapigeeregistry.specs.getIamPolicyapigeeregistry.specs.listapigeeregistry.specs.setIamPolicyapigeeregistry.specs.updateapigeeregistry.versions.createapigeeregistry.versions.deleteapigeeregistry.versions.getapigeeregistry.versions.getIamPolicyapigeeregistry.versions.listapigeeregistry.versions.setIamPolicyapigeeregistry.versions.update |
| Apigee Registry | Supported In Custom Roles |
apigeeregistry.apis.createapigeeregistry.apis.deleteapigeeregistry.apis.getapigeeregistry.apis.getIamPolicyapigeeregistry.apis.listapigeeregistry.apis.setIamPolicyapigeeregistry.apis.updateapigeeregistry.artifacts.createapigeeregistry.artifacts.deleteapigeeregistry.artifacts.getapigeeregistry.artifacts.getIamPolicyapigeeregistry.artifacts.listapigeeregistry.artifacts.setIamPolicyapigeeregistry.artifacts.updateapigeeregistry.deployments.createapigeeregistry.deployments.deleteapigeeregistry.deployments.getapigeeregistry.deployments.listapigeeregistry.deployments.updateapigeeregistry.instances.getapigeeregistry.instances.updateapigeeregistry.locations.getapigeeregistry.locations.listapigeeregistry.operations.cancelapigeeregistry.operations.deleteapigeeregistry.operations.getapigeeregistry.operations.listapigeeregistry.specs.createapigeeregistry.specs.deleteapigeeregistry.specs.getapigeeregistry.specs.getIamPolicyapigeeregistry.specs.listapigeeregistry.specs.setIamPolicyapigeeregistry.specs.updateapigeeregistry.versions.createapigeeregistry.versions.deleteapigeeregistry.versions.getapigeeregistry.versions.getIamPolicyapigeeregistry.versions.listapigeeregistry.versions.setIamPolicyapigeeregistry.versions.update |
| Google Distributed Cloud | Added |
gkeonprem.locations.getgkeonprem.locations.listgkeonprem.operations.cancelgkeonprem.operations.deletegkeonprem.operations.getgkeonprem.operations.listgkeonprem.vmwareClusters.creategkeonprem.vmwareClusters.deletegkeonprem.vmwareClusters.enrollgkeonprem.vmwareClusters.getgkeonprem.vmwareClusters.getIamPolicygkeonprem.vmwareClusters.listgkeonprem.vmwareClusters.setIamPolicygkeonprem.vmwareClusters.unenrollgkeonprem.vmwareClusters.updategkeonprem.vmwareNodePools.creategkeonprem.vmwareNodePools.deletegkeonprem.vmwareNodePools.getgkeonprem.vmwareNodePools.getIamPolicygkeonprem.vmwareNodePools.listgkeonprem.vmwareNodePools.setIamPolicygkeonprem.vmwareNodePools.update |
| Google Distributed Cloud | Supported In Custom Roles |
gkeonprem.locations.getgkeonprem.locations.listgkeonprem.operations.cancelgkeonprem.operations.deletegkeonprem.operations.getgkeonprem.operations.listgkeonprem.vmwareClusters.creategkeonprem.vmwareClusters.deletegkeonprem.vmwareClusters.enrollgkeonprem.vmwareClusters.getgkeonprem.vmwareClusters.getIamPolicygkeonprem.vmwareClusters.listgkeonprem.vmwareClusters.setIamPolicygkeonprem.vmwareClusters.unenrollgkeonprem.vmwareClusters.updategkeonprem.vmwareNodePools.creategkeonprem.vmwareNodePools.deletegkeonprem.vmwareNodePools.getgkeonprem.vmwareNodePools.getIamPolicygkeonprem.vmwareNodePools.listgkeonprem.vmwareNodePools.setIamPolicygkeonprem.vmwareNodePools.update |
| Memorystore for Memcached | Added |
memcache.instances.rescheduleMaintenance |
| Memorystore for Memcached | Supported In Custom Roles |
memcache.instances.rescheduleMaintenance |
| Memorystore for Memcached | Now GA |
memcache.instances.rescheduleMaintenance |
| Recommender | Now GA |
recommender.errorReportingInsights.getrecommender.errorReportingInsights.listrecommender.errorReportingInsights.updaterecommender.errorReportingRecommendations.getrecommender.errorReportingRecommendations.listrecommender.errorReportingRecommendations.update |
| Resource Manager | Added |
resourcemanager.tagHolds.createresourcemanager.tagHolds.deleteresourcemanager.tagHolds.list |
| Resource Manager | Supported In Custom Roles |
resourcemanager.tagHolds.createresourcemanager.tagHolds.deleteresourcemanager.tagHolds.list |
Cloud IAM changes as of 2022-04-01
| Service | Change | Description |
|---|---|---|
| Apigee | Role Updated |
The following permissions have been added to the role monitoring.timeSeries.list |
| Apigee | Role Updated |
The following permissions have been added to the role monitoring.timeSeries.list |
| Bare Metal Solution | Role Updated |
The following permissions have been added to the role baremetalsolution.luns.getbaremetalsolution.luns.list |
| Bare Metal Solution | Role Updated |
The following permissions have been added to the role baremetalsolution.luns.getbaremetalsolution.luns.list |
| Bare Metal Solution | Role Updated |
The following permissions have been added to the role baremetalsolution.luns.getbaremetalsolution.luns.list |
| Dataflow | Role Updated |
The following permissions have been added to the role recommender.dataflowDiagnosticsInsights.getrecommender.dataflowDiagnosticsInsights.listrecommender.dataflowDiagnosticsInsights.update |
| Dataflow | Role Updated |
The following permissions have been added to the role recommender.dataflowDiagnosticsInsights.getrecommender.dataflowDiagnosticsInsights.listrecommender.dataflowDiagnosticsInsights.update |
| Dataflow | Role Updated |
The following permissions have been added to the role recommender.dataflowDiagnosticsInsights.getrecommender.dataflowDiagnosticsInsights.list |
| Data Pipelines | Role Updated |
The following permissions have been added to the role recommender.dataflowDiagnosticsInsights.getrecommender.dataflowDiagnosticsInsights.listrecommender.dataflowDiagnosticsInsights.update |
| Dataprep by Trifacta | Role Updated |
The following permissions have been added to the role recommender.dataflowDiagnosticsInsights.getrecommender.dataflowDiagnosticsInsights.listrecommender.dataflowDiagnosticsInsights.update |
| Filestore | Added |
file.backups.createTagBindingfile.backups.deleteTagBindingfile.backups.listTagBindingsfile.instances.createTagBindingfile.instances.deleteTagBindingfile.instances.listTagBindingsfile.snapshots.createTagBindingfile.snapshots.deleteTagBindingfile.snapshots.listTagBindings |
| GKE Hub | Available In Custom Roles |
gkehub.features.creategkehub.features.deletegkehub.features.getgkehub.features.getIamPolicygkehub.features.listgkehub.features.setIamPolicygkehub.features.update |
| Notebooks | Added |
notebooks.runtimes.update |
| Notebooks | Now GA |
notebooks.runtimes.update |
Cloud IAM changes as of 2022-03-25
| Service | Change | Description |
|---|---|---|
| Recommendations | Role Updated |
The following permissions have been added to the role retail.retailProjects.get |
| Recommendations | Role Updated |
The following permissions have been added to the role retail.retailProjects.get |
| Recommendations | Role Updated |
The following permissions have been added to the role retail.retailProjects.get |
| Recommendations | Role Updated |
The following permissions have been added to the role retail.retailProjects.get |
| Firewall Insights | Role Updated |
The following permissions have been added to the role compute.networks.getEffectiveFirewalls |
| Cloud Run | Role Updated |
The following permissions have been added to the role binaryauthorization.platformPolicies.evaluatePolicy |
| Cloud Run | Role Updated |
The following permissions have been added to the role binaryauthorization.platformPolicies.evaluatePolicy |
| Advisory Notifications | Added |
advisorynotifications.notifications.getadvisorynotifications.notifications.list |
| BigQuery sharing | Added |
analyticshub.dataExchanges.createanalyticshub.dataExchanges.deleteanalyticshub.dataExchanges.getanalyticshub.dataExchanges.getIamPolicyanalyticshub.dataExchanges.listanalyticshub.dataExchanges.setIamPolicyanalyticshub.dataExchanges.updateanalyticshub.listings.createanalyticshub.listings.deleteanalyticshub.listings.getanalyticshub.listings.getIamPolicyanalyticshub.listings.listanalyticshub.listings.setIamPolicyanalyticshub.listings.subscribeanalyticshub.listings.update |
| BigQuery sharing | Supported In Custom Roles |
analyticshub.dataExchanges.createanalyticshub.dataExchanges.deleteanalyticshub.dataExchanges.getanalyticshub.dataExchanges.getIamPolicyanalyticshub.dataExchanges.listanalyticshub.dataExchanges.setIamPolicyanalyticshub.dataExchanges.updateanalyticshub.listings.createanalyticshub.listings.deleteanalyticshub.listings.getanalyticshub.listings.getIamPolicyanalyticshub.listings.listanalyticshub.listings.setIamPolicyanalyticshub.listings.subscribeanalyticshub.listings.update |
| Apigee | Added |
apigee.keyvaluemapentries.list |
| Apigee | Supported In Custom Roles |
apigee.keyvaluemapentries.list |
| Apigee | Now GA |
apigee.keyvaluemapentries.list |
| Artifact Registry | Added |
artifactregistry.repositories.createTagBindingartifactregistry.repositories.deleteTagBindingartifactregistry.repositories.listEffectiveTagsartifactregistry.repositories.listTagBindings |
| Artifact Registry | Supported In Custom Roles |
artifactregistry.repositories.createTagBindingartifactregistry.repositories.deleteTagBindingartifactregistry.repositories.listEffectiveTagsartifactregistry.repositories.listTagBindings |
| Artifact Registry | Now GA |
artifactregistry.repositories.createTagBindingartifactregistry.repositories.deleteTagBindingartifactregistry.repositories.listEffectiveTagsartifactregistry.repositories.listTagBindings |
| BigQuery | Added |
bigquery.tables.createIndexbigquery.tables.deleteIndex |
| BigQuery | Supported In Custom Roles |
bigquery.tables.createIndexbigquery.tables.deleteIndex |
| Compute Engine | Added |
compute.backendBuckets.setSecurityPolicy |
| Compute Engine | Now GA |
compute.backendBuckets.setSecurityPolicy |
| Firestore | Supported In Custom Roles |
datastore.databases.createdatastore.databases.getMetadatadatastore.databases.listdatastore.databases.update |
| Cloud Domains | Added |
domains.registrations.createTagBindingdomains.registrations.deleteTagBindingdomains.registrations.listTagBindings |
| Cloud Domains | Now GA |
domains.registrations.createTagBindingdomains.registrations.deleteTagBindingdomains.registrations.listTagBindings |
| Retail API | Added |
retail.retailProjects.get |
| Cloud Run | Added |
run.services.createTagBindingrun.services.deleteTagBindingrun.services.listEffectiveTagsrun.services.listTagBindings |
| Cloud Run | Supported In Custom Roles |
run.services.createTagBindingrun.services.deleteTagBindingrun.services.listEffectiveTagsrun.services.listTagBindings |
| Cloud Run | Now GA |
run.services.createTagBindingrun.services.deleteTagBindingrun.services.listEffectiveTagsrun.services.listTagBindings |
Cloud IAM changes as of 2022-03-18
| Service | Change | Description |
|---|---|---|
| Assured Workloads | Role Updated |
The following permissions have been added to the role assuredworkloads.violations.getassuredworkloads.violations.list |
| Assured Workloads | Role Updated |
The following permissions have been added to the role assuredworkloads.violations.getassuredworkloads.violations.list |
| Assured Workloads | Role Updated |
The following permissions have been added to the role assuredworkloads.violations.getassuredworkloads.violations.list |
| Bare Metal Solution | Now GA |
The role |
| Bare Metal Solution | Now GA |
The role |
| Bare Metal Solution | Now GA |
The role |
| Bare Metal Solution | Now GA |
The role |
| Bare Metal Solution | Now GA |
The role |
| Bare Metal Solution | Now GA |
The role |
| Bare Metal Solution | Now GA |
The role |
| Bare Metal Solution | Now GA |
The role |
| Bare Metal Solution | Role Updated |
The following permissions have been added to the role baremetalsolution.instances.start |
| Basic Role | Role Updated |
The following permissions have been added to the role assuredworkloads.violations.getassuredworkloads.violations.list |
| Identity and Access Management | Role Updated |
The following permissions have been added to the role assuredworkloads.violations.list |
| Identity and Access Management | Role Updated |
The following permissions have been added to the role assuredworkloads.violations.list |
| Basic Role | Role Updated |
The following permissions have been added to the role assuredworkloads.violations.getassuredworkloads.violations.list |
| Recommender | Now GA |
The role |
| Recommender | Now GA |
The role |
| Basic Role | Role Updated |
The following permissions have been added to the role assuredworkloads.violations.getassuredworkloads.violations.list |
| Assured Workloads | Added |
assuredworkloads.violations.getassuredworkloads.violations.list |
| Bare Metal Solution | Added |
baremetalsolution.instances.startbaremetalsolution.instances.updatebaremetalsolution.networks.updatebaremetalsolution.nfsshares.getbaremetalsolution.nfsshares.listbaremetalsolution.nfsshares.update |
| Bare Metal Solution | Supported In Custom Roles |
baremetalsolution.instances.startbaremetalsolution.instances.updatebaremetalsolution.networks.updatebaremetalsolution.nfsshares.getbaremetalsolution.nfsshares.listbaremetalsolution.nfsshares.update |
| Bare Metal Solution | Now GA |
baremetalsolution.instances.startbaremetalsolution.instances.updatebaremetalsolution.networks.updatebaremetalsolution.nfsshares.getbaremetalsolution.nfsshares.listbaremetalsolution.nfsshares.update |
| Recommender | Added |
recommender.dataflowDiagnosticsInsights.getrecommender.dataflowDiagnosticsInsights.listrecommender.dataflowDiagnosticsInsights.updaterecommender.errorReportingInsights.getrecommender.errorReportingInsights.listrecommender.errorReportingInsights.updaterecommender.errorReportingRecommendations.getrecommender.errorReportingRecommendations.listrecommender.errorReportingRecommendations.update |
| Recommender | Supported In Custom Roles |
recommender.dataflowDiagnosticsInsights.getrecommender.dataflowDiagnosticsInsights.listrecommender.dataflowDiagnosticsInsights.updaterecommender.errorReportingInsights.getrecommender.errorReportingInsights.listrecommender.errorReportingInsights.updaterecommender.errorReportingRecommendations.getrecommender.errorReportingRecommendations.listrecommender.errorReportingRecommendations.update |
| Recommender | Now GA |
recommender.dataflowDiagnosticsInsights.getrecommender.dataflowDiagnosticsInsights.listrecommender.dataflowDiagnosticsInsights.update |
Cloud IAM changes as of 2022-03-11
| Service | Change | Description |
|---|---|---|
| App Engine flexible environment | Role Updated |
The following permissions have been added to the role compute.routes.list |
| Distributed Cloud Edge Container | Now GA |
The role |
| Distributed Cloud Edge Container | Now GA |
The role |
| Distributed Cloud Edge Container | Now GA |
The role |
| Basic Role | Role Updated |
The following permissions have been added to the role servicedirectory.networks.attach |
| Backup for GKE | Now GA |
The role |
| Basic Role | Role Updated |
The following permissions have been added to the role servicedirectory.networks.attach |
| Retail API | Role Updated |
The following permissions have been added to the role retail.attributesConfigs.exportCatalogAttributesretail.controls.export |
| Basic Role | Role Updated |
The following permissions have been added to the role retail.attributesConfigs.exportCatalogAttributesretail.controls.export |
| Distributed Cloud Edge Container | Added |
edgecontainer.clusters.createedgecontainer.clusters.deleteedgecontainer.clusters.generateAccessTokenedgecontainer.clusters.getedgecontainer.clusters.getIamPolicyedgecontainer.clusters.listedgecontainer.clusters.setIamPolicyedgecontainer.clusters.updateedgecontainer.locations.getedgecontainer.locations.listedgecontainer.machines.createedgecontainer.machines.deleteedgecontainer.machines.getedgecontainer.machines.getIamPolicyedgecontainer.machines.listedgecontainer.machines.setIamPolicyedgecontainer.machines.updateedgecontainer.machines.useedgecontainer.nodePools.createedgecontainer.nodePools.deleteedgecontainer.nodePools.getedgecontainer.nodePools.getIamPolicyedgecontainer.nodePools.listedgecontainer.nodePools.setIamPolicyedgecontainer.nodePools.updateedgecontainer.operations.canceledgecontainer.operations.deleteedgecontainer.operations.getedgecontainer.operations.listedgecontainer.vpnConnections.createedgecontainer.vpnConnections.deleteedgecontainer.vpnConnections.getedgecontainer.vpnConnections.getIamPolicyedgecontainer.vpnConnections.listedgecontainer.vpnConnections.setIamPolicyedgecontainer.vpnConnections.update |
| Distributed Cloud Edge Container | Supported In Custom Roles |
edgecontainer.clusters.createedgecontainer.clusters.deleteedgecontainer.clusters.generateAccessTokenedgecontainer.clusters.getedgecontainer.clusters.getIamPolicyedgecontainer.clusters.listedgecontainer.clusters.setIamPolicyedgecontainer.clusters.updateedgecontainer.locations.getedgecontainer.locations.listedgecontainer.machines.createedgecontainer.machines.deleteedgecontainer.machines.getedgecontainer.machines.getIamPolicyedgecontainer.machines.listedgecontainer.machines.setIamPolicyedgecontainer.machines.updateedgecontainer.machines.useedgecontainer.nodePools.createedgecontainer.nodePools.deleteedgecontainer.nodePools.getedgecontainer.nodePools.getIamPolicyedgecontainer.nodePools.listedgecontainer.nodePools.setIamPolicyedgecontainer.nodePools.updateedgecontainer.operations.canceledgecontainer.operations.deleteedgecontainer.operations.getedgecontainer.operations.listedgecontainer.vpnConnections.createedgecontainer.vpnConnections.deleteedgecontainer.vpnConnections.getedgecontainer.vpnConnections.getIamPolicyedgecontainer.vpnConnections.listedgecontainer.vpnConnections.setIamPolicyedgecontainer.vpnConnections.update |
| Distributed Cloud Edge Container | Now GA |
edgecontainer.clusters.createedgecontainer.clusters.deleteedgecontainer.clusters.generateAccessTokenedgecontainer.clusters.getedgecontainer.clusters.getIamPolicyedgecontainer.clusters.listedgecontainer.clusters.setIamPolicyedgecontainer.clusters.updateedgecontainer.locations.getedgecontainer.locations.listedgecontainer.machines.createedgecontainer.machines.deleteedgecontainer.machines.getedgecontainer.machines.getIamPolicyedgecontainer.machines.listedgecontainer.machines.setIamPolicyedgecontainer.machines.updateedgecontainer.machines.useedgecontainer.nodePools.createedgecontainer.nodePools.deleteedgecontainer.nodePools.getedgecontainer.nodePools.getIamPolicyedgecontainer.nodePools.listedgecontainer.nodePools.setIamPolicyedgecontainer.nodePools.updateedgecontainer.operations.canceledgecontainer.operations.deleteedgecontainer.operations.getedgecontainer.operations.listedgecontainer.vpnConnections.createedgecontainer.vpnConnections.deleteedgecontainer.vpnConnections.getedgecontainer.vpnConnections.getIamPolicyedgecontainer.vpnConnections.listedgecontainer.vpnConnections.setIamPolicyedgecontainer.vpnConnections.update |
| Retail API | Added |
retail.attributesConfigs.addCatalogAttributeretail.attributesConfigs.batchRemoveCatalogAttributesretail.attributesConfigs.exportCatalogAttributesretail.attributesConfigs.importCatalogAttributesretail.attributesConfigs.removeCatalogAttributeretail.attributesConfigs.replaceCatalogAttributeretail.controls.exportretail.controls.import |
| Storage Transfer Service | Added |
storagetransfer.agentpools.reportstoragetransfer.operations.assignstoragetransfer.operations.report |
| Storage Transfer Service | Now GA |
storagetransfer.agentpools.reportstoragetransfer.operations.assignstoragetransfer.operations.report |
Cloud IAM changes as of 2022-03-04
| Service | Change | Description |
|---|---|---|
| Apigee | Role Updated |
The following permissions have been added to the role apigee.envgroupattachments.getapigee.envgroupattachments.listapigee.envgroups.getapigee.envgroups.listapigee.environments.getapigee.environments.listapigee.organizations.getapigee.organizations.listresourcemanager.projects.getresourcemanager.projects.list |
| Apigee | Role Updated |
The following permissions have been added to the role apigee.envgroupattachments.getapigee.envgroupattachments.listapigee.envgroups.getapigee.envgroups.listapigee.environments.getapigee.environments.listapigee.organizations.getapigee.organizations.listresourcemanager.projects.getresourcemanager.projects.list |
| Dataplex Universal Catalog | Role Updated |
The following permissions have been added to the role dataplex.operations.canceldataplex.operations.deletedataplex.operations.getdataplex.operations.list |
| Dataplex Universal Catalog | Role Updated |
The following permissions have been added to the role dataplex.operations.getdataplex.operations.list |
| Firebase | Role Updated |
The following permissions have been added to the role storage.buckets.list |
| FleetEngine | Now GA |
The role |
| FleetEngine | Now GA |
The role |
| FleetEngine | Now GA |
The role |
| FleetEngine | Now GA |
The role |
| FleetEngine | Now GA |
The role |
| Identity and Access Management | Now GA |
The role |
| Managed Service for Microsoft Active Directory | Now GA |
The role |
| Notebooks | Role Updated |
The following permissions have been added to the role iam.serviceAccounts.getAccessToken |
| Vertex AI | Added |
aiplatform.deploymentResourcePools.createaiplatform.deploymentResourcePools.deleteaiplatform.deploymentResourcePools.getaiplatform.deploymentResourcePools.listaiplatform.deploymentResourcePools.queryDeployedModelsaiplatform.deploymentResourcePools.update |
| BigQuery | Added |
bigquery.connections.delegatebigquery.jobs.listExecutionMetadata |
| BigQuery | Supported In Custom Roles |
bigquery.connections.delegatebigquery.jobs.listExecutionMetadata |
| Cloud Key Management Service | Now GA |
cloudkms.ekmConnections.createcloudkms.ekmConnections.getcloudkms.ekmConnections.getIamPolicycloudkms.ekmConnections.listcloudkms.ekmConnections.setIamPolicycloudkms.ekmConnections.updatecloudkms.ekmConnections.use |
| FleetEngine | Added |
fleetengine.deliveryvehicles.createfleetengine.deliveryvehicles.getfleetengine.deliveryvehicles.listfleetengine.deliveryvehicles.updatefleetengine.deliveryvehicles.updateLocationfleetengine.deliveryvehicles.updateVehicleStopsfleetengine.tasks.createfleetengine.tasks.getfleetengine.tasks.listfleetengine.tasks.searchWithTrackingIdfleetengine.tasks.update |
| FleetEngine | Supported In Custom Roles |
fleetengine.deliveryvehicles.createfleetengine.deliveryvehicles.getfleetengine.deliveryvehicles.listfleetengine.deliveryvehicles.updatefleetengine.deliveryvehicles.updateLocationfleetengine.deliveryvehicles.updateVehicleStopsfleetengine.tasks.createfleetengine.tasks.getfleetengine.tasks.listfleetengine.tasks.searchWithTrackingIdfleetengine.tasks.update |
| FleetEngine | Now GA |
fleetengine.deliveryvehicles.createfleetengine.deliveryvehicles.getfleetengine.deliveryvehicles.listfleetengine.deliveryvehicles.updatefleetengine.deliveryvehicles.updateLocationfleetengine.deliveryvehicles.updateVehicleStopsfleetengine.tasks.createfleetengine.tasks.getfleetengine.tasks.listfleetengine.tasks.searchWithTrackingIdfleetengine.tasks.update |
Cloud IAM changes as of 2022-02-25
| Service | Change | Description |
|---|---|---|
| Dataform | Now GA |
The role |
| Firestore | Role Updated |
The following permissions have been added to the role storage.objects.delete |
| KRM API Hosting | Now GA |
The role |
| KRM API Hosting | Now GA |
The role |
| Managed Service for Microsoft Active Directory | Now GA |
The role |
| Managed Service for Microsoft Active Directory | Now GA |
The role |
| Dataform | Now GA |
The role |
| Dialogflow | Added |
dialogflow.integrations.createdialogflow.integrations.deletedialogflow.integrations.getdialogflow.integrations.listdialogflow.integrations.update |
| Dialogflow | Now GA |
dialogflow.integrations.createdialogflow.integrations.deletedialogflow.integrations.getdialogflow.integrations.listdialogflow.integrations.update |
| Sensitive Data Protection | Added |
dlp.locations.getdlp.locations.list |
| Sensitive Data Protection | Supported In Custom Roles |
dlp.locations.getdlp.locations.list |
| Sensitive Data Protection | Now GA |
dlp.locations.getdlp.locations.list |
| Eventarc | Added |
eventarc.providers.geteventarc.providers.list |
| Eventarc | Supported In Custom Roles |
eventarc.providers.geteventarc.providers.list |
| Eventarc | Now GA |
eventarc.providers.geteventarc.providers.list |
| KRM API Hosting | Now GA |
krmapihosting.krmApiHosts.createkrmapihosting.krmApiHosts.deletekrmapihosting.krmApiHosts.getkrmapihosting.krmApiHosts.getIamPolicykrmapihosting.krmApiHosts.listkrmapihosting.krmApiHosts.setIamPolicykrmapihosting.krmApiHosts.updatekrmapihosting.locations.getkrmapihosting.locations.listkrmapihosting.operations.cancelkrmapihosting.operations.deletekrmapihosting.operations.getkrmapihosting.operations.list |
| Managed Service for Microsoft Active Directory | Added |
managedidentities.backups.createmanagedidentities.backups.deletemanagedidentities.backups.getmanagedidentities.backups.getIamPolicymanagedidentities.backups.listmanagedidentities.backups.setIamPolicymanagedidentities.backups.updatemanagedidentities.domains.createTagBindingmanagedidentities.domains.deleteTagBindingmanagedidentities.domains.listTagBindingsmanagedidentities.domains.restore |
| Managed Service for Microsoft Active Directory | Supported In Custom Roles |
managedidentities.backups.createmanagedidentities.backups.deletemanagedidentities.backups.getmanagedidentities.backups.getIamPolicymanagedidentities.backups.listmanagedidentities.backups.setIamPolicymanagedidentities.backups.updatemanagedidentities.domains.restore |
| Managed Service for Microsoft Active Directory | Now GA |
managedidentities.backups.createmanagedidentities.backups.deletemanagedidentities.backups.getmanagedidentities.backups.getIamPolicymanagedidentities.backups.listmanagedidentities.backups.setIamPolicymanagedidentities.backups.updatemanagedidentities.domains.createTagBindingmanagedidentities.domains.deleteTagBindingmanagedidentities.domains.listTagBindingsmanagedidentities.domains.restore |
Cloud IAM changes as of 2022-02-18
| Service | Change | Description |
|---|---|---|
| Firestore | Role Updated |
The following permissions have been added to the role datastore.databases.getMetadata |
| Firestore | Role Updated |
The following permissions have been added to the role datastore.databases.getMetadata |
| Firestore | Role Updated |
The following permissions have been added to the role datastore.databases.getMetadata |
| Firebase Mods | Role Updated |
The following permissions have been added to the role appengine.applications.getcloudtasks.locations.getcloudtasks.locations.listcloudtasks.queues.createcloudtasks.queues.deletecloudtasks.queues.getcloudtasks.queues.getIamPolicycloudtasks.queues.listcloudtasks.queues.pausecloudtasks.queues.purgecloudtasks.queues.resumecloudtasks.queues.setIamPolicycloudtasks.queues.updatecloudtasks.tasks.createcloudtasks.tasks.fullView |
| GKE Hub | Role Updated |
The following permissions have been added to the role gkehub.fleet.creategkehub.fleet.get |
| Binary Authorization | Added |
binaryauthorization.platformPolicies.createbinaryauthorization.platformPolicies.deletebinaryauthorization.platformPolicies.evaluatePolicybinaryauthorization.platformPolicies.getbinaryauthorization.platformPolicies.listbinaryauthorization.platformPolicies.replacebinaryauthorization.policy.evaluatePolicy |
| Binary Authorization | Supported In Custom Roles |
binaryauthorization.platformPolicies.createbinaryauthorization.platformPolicies.deletebinaryauthorization.platformPolicies.evaluatePolicybinaryauthorization.platformPolicies.getbinaryauthorization.platformPolicies.listbinaryauthorization.platformPolicies.replacebinaryauthorization.policy.evaluatePolicy |
| Compute Engine | Added |
compute.networks.getRegionEffectiveFirewallscompute.networks.setFirewallPolicycompute.regionFirewallPolicies.cloneRulescompute.regionFirewallPolicies.createcompute.regionFirewallPolicies.deletecompute.regionFirewallPolicies.getcompute.regionFirewallPolicies.getIamPolicycompute.regionFirewallPolicies.listcompute.regionFirewallPolicies.setIamPolicycompute.regionFirewallPolicies.updatecompute.regionFirewallPolicies.use |
| Compute Engine | Now GA |
compute.networks.getRegionEffectiveFirewallscompute.networks.setFirewallPolicycompute.regionFirewallPolicies.cloneRulescompute.regionFirewallPolicies.createcompute.regionFirewallPolicies.deletecompute.regionFirewallPolicies.getcompute.regionFirewallPolicies.getIamPolicycompute.regionFirewallPolicies.listcompute.regionFirewallPolicies.setIamPolicycompute.regionFirewallPolicies.updatecompute.regionFirewallPolicies.use |
| KRM API Hosting | Added |
krmapihosting.krmApiHosts.createkrmapihosting.krmApiHosts.deletekrmapihosting.krmApiHosts.getkrmapihosting.krmApiHosts.getIamPolicykrmapihosting.krmApiHosts.listkrmapihosting.krmApiHosts.setIamPolicykrmapihosting.krmApiHosts.updatekrmapihosting.locations.getkrmapihosting.locations.listkrmapihosting.operations.cancelkrmapihosting.operations.deletekrmapihosting.operations.getkrmapihosting.operations.list |
| KRM API Hosting | Supported In Custom Roles |
krmapihosting.krmApiHosts.createkrmapihosting.krmApiHosts.deletekrmapihosting.krmApiHosts.getkrmapihosting.krmApiHosts.getIamPolicykrmapihosting.krmApiHosts.listkrmapihosting.krmApiHosts.setIamPolicykrmapihosting.krmApiHosts.updatekrmapihosting.locations.getkrmapihosting.locations.listkrmapihosting.operations.cancelkrmapihosting.operations.deletekrmapihosting.operations.getkrmapihosting.operations.list |
| Cloud OS Config | Added |
osconfig.patchDeployments.pauseosconfig.patchDeployments.resume |
| Cloud OS Config | Now GA |
osconfig.patchDeployments.pauseosconfig.patchDeployments.resume |
| Service Networking | Added |
servicenetworking.services.use |
Cloud IAM changes as of 2022-02-11
| Service | Change | Description |
|---|---|---|
| Vertex AI | Role Added |
The role aiplatform.googleapis.com/tensorboards.recordAccessaiplatform.tensorboards.recordAccess |
| Vertex AI | Role Updated |
The following permissions have been added to the role aiplatform.tensorboards.recordAccess |
| App Engine flexible environment | Role Updated |
The following permissions have been added to the role compute.routes.getcompute.subnetworks.get |
| Binary Authorization | Role Updated |
The following permissions have been added to the role cloudasset.assets.exportResource |
| Firebase | Role Updated |
The following permissions have been added to the role datastore.databases.getMetadata |
| Firebase | Role Updated |
The following permissions have been added to the role serviceusage.services.use |
| Firebase | Role Updated |
The following permissions have been added to the role datastore.databases.getMetadata |
| Notebooks | Role Updated |
The following permissions have been added to the role dataproc.clusters.use |
| Recommender | Role Updated |
The following permissions have been added to the role monitoring.timeSeries.list |
| Recommender | Role Updated |
The following permissions have been added to the role monitoring.timeSeries.list |
| Security Command Center | Now GA |
The role |
| Security Command Center | Now GA |
The role |
| Visual Inspection AI | Role Updated |
The following permissions have been added to the role aiplatform.tensorboards.recordAccess |
| Vertex AI | Added |
aiplatform.tensorboards.recordAccess |
| Cloud Healthcare API | Added |
healthcare.nlpservice.analyzeEntities |
| Cloud Healthcare API | Now GA |
healthcare.nlpservice.analyzeEntities |
| Dataproc Metastore | Added |
metastore.services.use |
| Dataproc Metastore | Supported In Custom Roles |
metastore.services.use |
| Security Command Center | Added |
securitycenter.bigQueryExports.createsecuritycenter.bigQueryExports.deletesecuritycenter.bigQueryExports.getsecuritycenter.bigQueryExports.listsecuritycenter.bigQueryExports.update |
| Security Command Center | Supported In Custom Roles |
securitycenter.bigQueryExports.createsecuritycenter.bigQueryExports.deletesecuritycenter.bigQueryExports.getsecuritycenter.bigQueryExports.listsecuritycenter.bigQueryExports.update |
| Security Command Center | Now GA |
securitycenter.bigQueryExports.createsecuritycenter.bigQueryExports.deletesecuritycenter.bigQueryExports.getsecuritycenter.bigQueryExports.listsecuritycenter.bigQueryExports.update |
| Cloud TPU | Added |
tpu.nodes.update |
| Cloud TPU | Supported In Custom Roles |
tpu.nodes.update |
| Cloud TPU | Now GA |
tpu.nodes.update |
Cloud IAM changes as of 2022-01-28
| Service | Change | Description |
|---|---|---|
| Cloud Composer | Role Updated |
The following permissions have been added to the role storage.multipartUploads.abortstorage.multipartUploads.createstorage.multipartUploads.liststorage.multipartUploads.listParts |
| Cloud Composer | Role Updated |
The following permissions have been added to the role storage.multipartUploads.abortstorage.multipartUploads.createstorage.multipartUploads.liststorage.multipartUploads.listParts |
| Dataplex Universal Catalog | Now GA |
The role |
| Dataprep by Trifacta | Role Updated |
The following permissions have been added to the role storage.multipartUploads.abortstorage.multipartUploads.createstorage.multipartUploads.liststorage.multipartUploads.listParts |
| Basic Role | Role Updated |
The following permissions have been added to the role bigquery.config.update |
| Firebase | Role Updated |
The following permissions have been added to the role storage.multipartUploads.abortstorage.multipartUploads.createstorage.multipartUploads.liststorage.multipartUploads.listParts |
| Notebooks | Role Updated |
The following permissions have been added to the role dataproc.clusters.getdataproc.jobs.canceldataproc.jobs.createdataproc.jobs.deletedataproc.jobs.getdataproc.jobs.listdataproc.jobs.update |
| Cloud Storage | Role Updated |
The following permissions have been added to the role storage.multipartUploads.abortstorage.multipartUploads.createstorage.multipartUploads.liststorage.multipartUploads.listParts |
| Data Pipelines | Added |
datapipelines.jobs.list |
| Data Pipelines | Supported In Custom Roles |
datapipelines.jobs.list |
| Data Pipelines | Now GA |
datapipelines.jobs.list |
| Dataproc | Added |
dataproc.batches.canceldataproc.batches.createdataproc.batches.deletedataproc.batches.getdataproc.batches.list |
| Dataproc | Supported In Custom Roles |
dataproc.batches.canceldataproc.batches.createdataproc.batches.deletedataproc.batches.getdataproc.batches.list |
| Dataproc | Now GA |
dataproc.batches.canceldataproc.batches.createdataproc.batches.deletedataproc.batches.getdataproc.batches.list |
| Identity and Access Management | Supported In Custom Roles |
iam.denypolicies.getiam.denypolicies.list |
| Dataproc Metastore | Added |
metastore.databases.createmetastore.databases.deletemetastore.databases.getmetastore.databases.getIamPolicymetastore.databases.listmetastore.databases.setIamPolicymetastore.databases.updatemetastore.tables.createmetastore.tables.deletemetastore.tables.getmetastore.tables.getIamPolicymetastore.tables.listmetastore.tables.setIamPolicymetastore.tables.update |
| Dataproc Metastore | Supported In Custom Roles |
metastore.databases.createmetastore.databases.deletemetastore.databases.getmetastore.databases.getIamPolicymetastore.databases.listmetastore.databases.setIamPolicymetastore.databases.updatemetastore.tables.createmetastore.tables.deletemetastore.tables.getmetastore.tables.getIamPolicymetastore.tables.listmetastore.tables.setIamPolicymetastore.tables.update |
| Workflows | Added |
workflows.callbacks.send |
| Workflows | Supported In Custom Roles |
workflows.callbacks.send |
| Workflows | Now GA |
workflows.callbacks.send |
Cloud IAM changes as of 2022-01-14
| Service | Change | Description |
|---|---|---|
| Data Catalog | Now GA |
The role |
| Data Catalog | Now GA |
The role |
| Dataplex Universal Catalog | Now GA |
The role |
| Dataplex Universal Catalog | Now GA |
The role |
| Dataplex Universal Catalog | Now GA |
The role |
| Dataplex Universal Catalog | Now GA |
The role |
| Dataplex Universal Catalog | Now GA |
The role |
| Dataplex Universal Catalog | Now GA |
The role |
| Dataplex Universal Catalog | Now GA |
The role |
| Dataplex Universal Catalog | Now GA |
The role |
| Dataplex Universal Catalog | Now GA |
The role |
| Dataplex Universal Catalog | Now GA |
The role |
| Dataplex Universal Catalog | Now GA |
The role |
| Dataplex Universal Catalog | Now GA |
The role |
| Dialogflow | Role Updated |
The following permissions have been added to the role speech.customClasses.getspeech.customClasses.listspeech.phraseSets.getspeech.phraseSets.list |
| Firebase Mods | Role Updated |
The following permissions have been added to the role artifactregistry.packages.delete |
| Cloud OS Config | Now GA |
The role |
| Cloud OS Config | Now GA |
The role |
| Cloud OS Config | Now GA |
The role |
| Cloud OS Config | Now GA |
The role |
| Recommender | Now GA |
The role |
| Recommender | Now GA |
The role |
| Security Command Center | Role Updated |
The following permissions have been added to the role compute.instances.get |
| Cloud Run functions | Added |
cloudfunctions.runtimes.list |
| Cloud Run functions | Now GA |
cloudfunctions.runtimes.list |
| Cloud Key Management Service | Added |
cloudkms.ekmConnections.createcloudkms.ekmConnections.getcloudkms.ekmConnections.getIamPolicycloudkms.ekmConnections.listcloudkms.ekmConnections.setIamPolicycloudkms.ekmConnections.updatecloudkms.ekmConnections.use |
| Data Catalog | Supported In Custom Roles |
datacatalog.categories.fineGrainedGetdatacatalog.categories.getIamPolicydatacatalog.categories.setIamPolicydatacatalog.taxonomies.createdatacatalog.taxonomies.deletedatacatalog.taxonomies.getdatacatalog.taxonomies.getIamPolicydatacatalog.taxonomies.listdatacatalog.taxonomies.setIamPolicydatacatalog.taxonomies.update |
| Data Catalog | Now GA |
datacatalog.categories.fineGrainedGetdatacatalog.categories.getIamPolicydatacatalog.categories.setIamPolicydatacatalog.taxonomies.createdatacatalog.taxonomies.deletedatacatalog.taxonomies.getdatacatalog.taxonomies.getIamPolicydatacatalog.taxonomies.listdatacatalog.taxonomies.setIamPolicydatacatalog.taxonomies.update |
| Dataflow | Supported In Custom Roles |
dataflow.shuffle.readdataflow.shuffle.writedataflow.streamingWorkItems.commitWorkdataflow.streamingWorkItems.getDatadataflow.streamingWorkItems.getWorkdataflow.workItems.leasedataflow.workItems.sendMessagedataflow.workItems.update |
| Dataflow | Now GA |
dataflow.shuffle.readdataflow.shuffle.writedataflow.streamingWorkItems.commitWorkdataflow.streamingWorkItems.getDatadataflow.streamingWorkItems.getWorkdataflow.workItems.leasedataflow.workItems.sendMessagedataflow.workItems.update |
| Dataplex Universal Catalog | Added |
dataplex.assetActions.listdataplex.assets.createdataplex.assets.deletedataplex.assets.getdataplex.assets.getIamPolicydataplex.assets.listdataplex.assets.ownDatadataplex.assets.readDatadataplex.assets.setIamPolicydataplex.assets.updatedataplex.assets.writeDatadataplex.content.createdataplex.content.deletedataplex.content.getdataplex.content.getIamPolicydataplex.content.listdataplex.content.setIamPolicydataplex.content.updatedataplex.entities.createdataplex.entities.deletedataplex.entities.getdataplex.entities.listdataplex.entities.updatedataplex.environments.createdataplex.environments.deletedataplex.environments.executedataplex.environments.getdataplex.environments.getIamPolicydataplex.environments.listdataplex.environments.setIamPolicydataplex.environments.updatedataplex.lakeActions.listdataplex.lakes.createdataplex.lakes.deletedataplex.lakes.getdataplex.lakes.getIamPolicydataplex.lakes.listdataplex.lakes.setIamPolicydataplex.lakes.updatedataplex.locations.getdataplex.locations.listdataplex.operations.canceldataplex.operations.deletedataplex.operations.getdataplex.operations.listdataplex.partitions.createdataplex.partitions.deletedataplex.partitions.getdataplex.partitions.listdataplex.partitions.updatedataplex.tasks.canceldataplex.tasks.createdataplex.tasks.deletedataplex.tasks.getdataplex.tasks.getIamPolicydataplex.tasks.listdataplex.tasks.setIamPolicydataplex.tasks.updatedataplex.zoneActions.listdataplex.zones.createdataplex.zones.deletedataplex.zones.getdataplex.zones.getIamPolicydataplex.zones.listdataplex.zones.setIamPolicydataplex.zones.update |
| Dataplex Universal Catalog | Supported In Custom Roles |
dataplex.assetActions.listdataplex.assets.createdataplex.assets.deletedataplex.assets.getdataplex.assets.getIamPolicydataplex.assets.listdataplex.assets.setIamPolicydataplex.assets.updatedataplex.content.createdataplex.content.deletedataplex.content.getdataplex.content.getIamPolicydataplex.content.listdataplex.content.setIamPolicydataplex.content.updatedataplex.entities.createdataplex.entities.deletedataplex.entities.getdataplex.entities.listdataplex.entities.updatedataplex.environments.createdataplex.environments.deletedataplex.environments.executedataplex.environments.getdataplex.environments.getIamPolicydataplex.environments.listdataplex.environments.setIamPolicydataplex.environments.updatedataplex.lakeActions.listdataplex.lakes.createdataplex.lakes.deletedataplex.lakes.getdataplex.lakes.getIamPolicydataplex.lakes.listdataplex.lakes.setIamPolicydataplex.lakes.updatedataplex.locations.getdataplex.locations.listdataplex.operations.canceldataplex.operations.deletedataplex.operations.getdataplex.operations.listdataplex.partitions.createdataplex.partitions.deletedataplex.partitions.getdataplex.partitions.listdataplex.partitions.updatedataplex.tasks.canceldataplex.tasks.createdataplex.tasks.deletedataplex.tasks.getdataplex.tasks.getIamPolicydataplex.tasks.listdataplex.tasks.setIamPolicydataplex.tasks.updatedataplex.zoneActions.listdataplex.zones.createdataplex.zones.deletedataplex.zones.getdataplex.zones.getIamPolicydataplex.zones.listdataplex.zones.setIamPolicydataplex.zones.update |
| Dataplex Universal Catalog | Now GA |
dataplex.assetActions.listdataplex.assets.createdataplex.assets.deletedataplex.assets.getdataplex.assets.getIamPolicydataplex.assets.listdataplex.assets.ownDatadataplex.assets.readDatadataplex.assets.setIamPolicydataplex.assets.updatedataplex.assets.writeDatadataplex.content.createdataplex.content.deletedataplex.content.getdataplex.content.getIamPolicydataplex.content.listdataplex.content.setIamPolicydataplex.content.updatedataplex.entities.createdataplex.entities.deletedataplex.entities.getdataplex.entities.listdataplex.entities.updatedataplex.environments.createdataplex.environments.deletedataplex.environments.executedataplex.environments.getdataplex.environments.getIamPolicydataplex.environments.listdataplex.environments.setIamPolicydataplex.environments.updatedataplex.lakeActions.listdataplex.lakes.createdataplex.lakes.deletedataplex.lakes.getdataplex.lakes.getIamPolicydataplex.lakes.listdataplex.lakes.setIamPolicydataplex.lakes.updatedataplex.locations.getdataplex.locations.listdataplex.operations.canceldataplex.operations.deletedataplex.operations.getdataplex.operations.listdataplex.partitions.createdataplex.partitions.deletedataplex.partitions.getdataplex.partitions.listdataplex.partitions.updatedataplex.tasks.canceldataplex.tasks.createdataplex.tasks.deletedataplex.tasks.getdataplex.tasks.getIamPolicydataplex.tasks.listdataplex.tasks.setIamPolicydataplex.tasks.updatedataplex.zoneActions.listdataplex.zones.createdataplex.zones.deletedataplex.zones.getdataplex.zones.getIamPolicydataplex.zones.listdataplex.zones.setIamPolicydataplex.zones.update |
| Eventarc | Added |
eventarc.events.receiveEvent |
| Eventarc | Now GA |
eventarc.events.receiveEvent |
| Cloud OS Config | Now GA |
osconfig.osPolicyAssignmentReports.getosconfig.osPolicyAssignmentReports.listosconfig.osPolicyAssignments.createosconfig.osPolicyAssignments.deleteosconfig.osPolicyAssignments.getosconfig.osPolicyAssignments.listosconfig.osPolicyAssignments.update |
| Recommender | Now GA |
recommender.resourcemanagerProjectUtilizationInsights.getrecommender.resourcemanagerProjectUtilizationInsights.listrecommender.resourcemanagerProjectUtilizationInsights.updaterecommender.resourcemanagerProjectUtilizationRecommendations.getrecommender.resourcemanagerProjectUtilizationRecommendations.listrecommender.resourcemanagerProjectUtilizationRecommendations.update |
| Security Command Center | Added |
securitycenter.virtualmachinethreatdetectionsettings.calculatesecuritycenter.virtualmachinethreatdetectionsettings.getsecuritycenter.virtualmachinethreatdetectionsettings.update |
| Security Command Center | Supported In Custom Roles |
securitycenter.virtualmachinethreatdetectionsettings.calculatesecuritycenter.virtualmachinethreatdetectionsettings.getsecuritycenter.virtualmachinethreatdetectionsettings.update |
| Security Command Center | Now GA |
securitycenter.virtualmachinethreatdetectionsettings.calculatesecuritycenter.virtualmachinethreatdetectionsettings.getsecuritycenter.virtualmachinethreatdetectionsettings.update |