The following permissions have been added to the Google Batch Service Agent role (roles/batch.serviceAgent):

compute.multiMigMembers.get
compute.multiMigMembers.list

The following permissions have been added to the Chronicle Service Agent role (roles/chronicle.serviceAgent):

mcp.tools.call

The following permissions have been added to the Cloud Hub Operator role (roles/cloudhub.operator):

cloudasset.assets.searchEnrichmentResourceOwners
cloudsecuritycompliance.auditReports.get
cloudsecuritycompliance.auditReports.list
cloudsecuritycompliance.billingSettings.get
cloudsecuritycompliance.cloudControlDeployments.get
cloudsecuritycompliance.cloudControlDeployments.list
cloudsecuritycompliance.cloudControlPredictions.get
cloudsecuritycompliance.cloudControlPredictions.list
cloudsecuritycompliance.cloudControls.get
cloudsecuritycompliance.cloudControls.list
cloudsecuritycompliance.cmEnrollments.get
cloudsecuritycompliance.controlComplianceSummaries.list
cloudsecuritycompliance.controlReports.get
cloudsecuritycompliance.controls.get
cloudsecuritycompliance.controls.list
cloudsecuritycompliance.findingSummaries.list
cloudsecuritycompliance.findings.list
cloudsecuritycompliance.frameworkAudits.get
cloudsecuritycompliance.frameworkAudits.list
cloudsecuritycompliance.frameworkComplianceReports.aggregate
cloudsecuritycompliance.frameworkComplianceReports.get
cloudsecuritycompliance.frameworkComplianceSummaries.list
cloudsecuritycompliance.frameworkDeployments.get
cloudsecuritycompliance.frameworkDeployments.list
cloudsecuritycompliance.frameworks.get
cloudsecuritycompliance.frameworks.list
cloudsecuritycompliance.locations.get
cloudsecuritycompliance.locations.list
cloudsecuritycompliance.operations.get
cloudsecuritycompliance.operations.list
cloudsecuritycompliance.resourceEnrollmentStatuses.get
cloudsecuritycompliance.resourceEnrollmentStatuses.list
securitycenter.assets.group
securitycenter.assets.list
securitycenter.assets.listAssetPropertyNames
securitycenter.attackpaths.list
securitycenter.complianceReports.aggregate
securitycenter.compliancesnapshots.list
securitycenter.exposurepathexplan.get
securitycenter.findingexplanations.get
securitycenter.findings.group
securitycenter.findings.list
securitycenter.findings.listFindingPropertyNames
securitycenter.graphs.get
securitycenter.graphs.query
securitycenter.issues.get
securitycenter.issues.group
securitycenter.issues.list
securitycenter.issues.listFilterValues
securitycenter.sources.get
securitycenter.sources.list
securitycenter.userinterfacemetadata.get
securitycenter.vulnerabilitysnapshots.list

The following permissions have been added to the Cloud TPU V2 API Service Agent role (roles/cloudtpu.serviceAgent):

compute.multiMigMembers.get
compute.multiMigMembers.list

The following permissions have been added to the Cloud Composer API Service Agent role (roles/composer.serviceAgent):

compute.multiMigMembers.get
compute.multiMigMembers.list

The following permissions have been added to the Compute Instance Admin (beta) role (roles/compute.instanceAdmin):

compute.multiMigMembers.get
compute.multiMigMembers.list

The following permissions have been added to the Kubernetes Engine Service Agent role (roles/container.serviceAgent):

compute.multiMigMembers.get
compute.multiMigMembers.list

The following permissions have been added to the Cloud Dataflow Service Agent role (roles/dataflow.serviceAgent):

compute.multiMigMembers.get
compute.multiMigMembers.list

The following permissions have been added to the Dataproc Service Agent role (roles/dataproc.serviceAgent):

compute.multiMigMembers.get
compute.multiMigMembers.list

The following permissions have been added to the Cloud Memorystore Service Agent role (roles/memorystore.serviceAgent):

compute.networkAttachments.get
compute.networkAttachments.update
compute.subnetworks.use

The following permissions have been added to the VMware Engine Service Agent role (roles/vmwareengine.serviceAgent):

file.instances.get
file.instances.list
netapp.volumes.get
netapp.volumes.list

The following permissions have been added:

chronicle.investigationComments.create
chronicle.investigationComments.delete
chronicle.investigationComments.get
chronicle.investigationComments.list
chronicle.investigationComments.update

The following permissions are supported in custom roles:

chronicle.investigationComments.create
chronicle.investigationComments.delete
chronicle.investigationComments.get
chronicle.investigationComments.list
chronicle.investigationComments.update

The following permissions have reached General Availability (GA):

chronicle.coverageDetails.list
chronicle.iocAssociations.batchGet
chronicle.iocAssociations.fetchRelated
chronicle.iocAssociations.get
chronicle.iocs.batchGet
chronicle.iocs.fetchRelated
chronicle.iocs.findIocs
chronicle.iocs.get
chronicle.threatCollectionFilterSet.get
chronicle.threatCollections.fetchEntityMetadata
chronicle.threatCollections.fetchIocMatchMetadata
chronicle.threatCollections.fetchRelated
chronicle.threatCollections.get
chronicle.threatCollections.list

The following permissions have been added:

file.backups.useReadOnly
file.instances.createCrossProjectBackup

The following permissions have been added:

oracledatabase.goldenGateDeploymentEnvironments.list

The following permissions are supported in custom roles:

oracledatabase.goldenGateDeploymentEnvironments.list

The following permissions have reached General Availability (GA):

oracledatabase.goldenGateDeploymentEnvironments.list

The following permissions have been added to the Vertex AI Platform Express User role (roles/aiplatform.expressUser):

aiplatform.datasetVersions.create
aiplatform.datasetVersions.delete
aiplatform.datasetVersions.get
aiplatform.datasetVersions.list
aiplatform.datasetVersions.restore
aiplatform.datasets.create
aiplatform.datasets.delete
aiplatform.datasets.get
aiplatform.datasets.list
aiplatform.datasets.update

The Cloud API hub Addons Admin role (roles/apihub.addonsAdmin) has reached General Availability (GA).

The Cloud API Hub Admin role (roles/apihub.admin) has reached General Availability (GA).

The Cloud API hub Insights Viewer role (roles/apihub.apiInsightsViewer) has reached General Availability (GA).

The Cloud API hub Attributes Admin role (roles/apihub.attributeAdmin) has reached General Availability (GA).

The Cloud API Hub Editor role (roles/apihub.editor) has reached General Availability (GA).

The Cloud API hub Plugins Admin role (roles/apihub.pluginAdmin) has reached General Availability (GA).

The Cloud API hub Provisioning Admin role (roles/apihub.provisioningAdmin) has reached General Availability (GA).

The Cloud API hub Runtime Project Attachment Editor role (roles/apihub.runTimeProjectAttachmentsEditor) has reached General Availability (GA).

The Cloud API hub Viewer role (roles/apihub.viewer) has reached General Availability (GA).

The following permissions have been added to the Dataproc Service Agent role (roles/dataproc.serviceAgent):

compute.regionFirewallPolicies.delete
compute.regionFirewallPolicies.deleteTagBinding

The following permissions have been added to the Discovery Engine Service Agent role (roles/discoveryengine.serviceAgent):

consumerprocurement.entitlements.list

The following permissions have been added to the Edge Container Zonal Project Admin role (roles/edgecontainer.zonalProjectAdmin):

edgecontainer.zonalProjects.disable

The following permissions have been added to the Edge Container Zonal Service Admin role (roles/edgecontainer.zonalServiceAdmin):

edgecontainer.zonalservices.disable

The following permissions have been added to the Cloud Spanner API Service Agent role (roles/spanner.serviceAgent):

spanner.databases.beginOrRollbackReadWriteTransaction
spanner.databases.write

The following permissions have been added to the Serverless VPC Access Service Agent role (roles/vpcaccess.serviceAgent):

compute.addresses.createInternal
compute.addresses.deleteInternal
compute.addresses.get
compute.addresses.list

The following permissions have reached General Availability (GA):

apihub.addons.get
apihub.addons.list
apihub.addons.manage
apihub.apiHubInstances.create
apihub.apiHubInstances.delete
apihub.apiHubInstances.get
apihub.apiHubInstances.list
apihub.apiHubInstances.update
apihub.apiOperations.create
apihub.apiOperations.delete
apihub.apiOperations.get
apihub.apiOperations.list
apihub.apiOperations.listAll
apihub.apiOperations.update
apihub.apis.create
apihub.apis.createTagBinding
apihub.apis.delete
apihub.apis.deleteTagBinding
apihub.apis.get
apihub.apis.list
apihub.apis.listEffectiveTags
apihub.apis.listTagBindings
apihub.apis.update
apihub.attributes.create
apihub.attributes.delete
apihub.attributes.get
apihub.attributes.list
apihub.attributes.update
apihub.curations.create
apihub.curations.delete
apihub.curations.get
apihub.curations.list
apihub.curations.update
apihub.definitions.get
apihub.definitions.list
apihub.definitions.update
apihub.dependencies.create
apihub.dependencies.delete
apihub.dependencies.get
apihub.dependencies.list
apihub.dependencies.update
apihub.deployments.create
apihub.deployments.createTagBinding
apihub.deployments.delete
apihub.deployments.deleteTagBinding
apihub.deployments.get
apihub.deployments.list
apihub.deployments.listEffectiveTags
apihub.deployments.listTagBindings
apihub.deployments.update
apihub.discoveredApiObservations.get
apihub.discoveredApiObservations.list
apihub.discoveredApiOperations.get
apihub.discoveredApiOperations.list
apihub.externalApis.create
apihub.externalApis.delete
apihub.externalApis.get
apihub.externalApis.list
apihub.externalApis.update
apihub.hostProjectRegistrations.create
apihub.hostProjectRegistrations.delete
apihub.hostProjectRegistrations.get
apihub.hostProjectRegistrations.list
apihub.hostProjectRegistrations.register
apihub.llmEnablements.deregister
apihub.llmEnablements.get
apihub.llmEnablements.list
apihub.llmEnablements.register
apihub.locations.collectApiData
apihub.locations.getApiInsights
apihub.locations.searchResources
apihub.locations2.searchResources
apihub.operations.cancel
apihub.operations.delete
apihub.operations.get
apihub.operations.list
apihub.plugininstances.applyConfig
apihub.plugininstances.create
apihub.plugininstances.delete
apihub.plugininstances.disable
apihub.plugininstances.enable
apihub.plugininstances.execute
apihub.plugininstances.get
apihub.plugininstances.list
apihub.plugininstances.managePluginInstanceSourceData
apihub.plugininstances.update
apihub.plugins.create
apihub.plugins.delete
apihub.plugins.disable
apihub.plugins.enable
apihub.plugins.get
apihub.plugins.list
apihub.runTimeProjectAttachments.attach
apihub.runTimeProjectAttachments.create
apihub.runTimeProjectAttachments.delete
apihub.runTimeProjectAttachments.get
apihub.runTimeProjectAttachments.list
apihub.runTimeProjectAttachments.lookup
apihub.specs.create
apihub.specs.delete
apihub.specs.get
apihub.specs.lint
apihub.specs.list
apihub.specs.listAll
apihub.specs.update
apihub.styleGuides.get
apihub.styleGuides.update
apihub.versions.create
apihub.versions.delete
apihub.versions.get
apihub.versions.list
apihub.versions.listAll
apihub.versions.update

The following permissions have been added:

auditmanager.auditSchedules.create
auditmanager.auditSchedules.get
auditmanager.auditSchedules.list
auditmanager.auditSchedules.update

The following permissions are supported in custom roles:

auditmanager.auditSchedules.create
auditmanager.auditSchedules.get
auditmanager.auditSchedules.list
auditmanager.auditSchedules.update

The following permissions have been added:

cloudkms.cryptoKeyVersions.delete
cloudkms.cryptoKeys.delete
cloudkms.retiredResources.get
cloudkms.retiredResources.list

The following permissions are supported in custom roles:

cloudkms.cryptoKeyVersions.delete
cloudkms.cryptoKeys.delete
cloudkms.retiredResources.get
cloudkms.retiredResources.list

The following permissions have reached General Availability (GA):

cloudkms.cryptoKeyVersions.delete
cloudkms.cryptoKeys.delete
cloudkms.retiredResources.get
cloudkms.retiredResources.list

The following permissions have been added:

compute.regionTargetTcpProxies.attach
compute.targetTcpProxies.attach

The following permissions are supported in custom roles:

compute.regionTargetTcpProxies.attach
compute.targetTcpProxies.attach

The following permissions have reached General Availability (GA):

compute.regionBackendBuckets.create
compute.regionBackendBuckets.createTagBinding
compute.regionBackendBuckets.delete
compute.regionBackendBuckets.deleteTagBinding
compute.regionBackendBuckets.get
compute.regionBackendBuckets.getIamPolicy
compute.regionBackendBuckets.list
compute.regionBackendBuckets.listEffectiveTags
compute.regionBackendBuckets.listTagBindings
compute.regionBackendBuckets.setIamPolicy
compute.regionBackendBuckets.update
compute.regionBackendBuckets.use
compute.regionTargetTcpProxies.attach
compute.targetTcpProxies.attach

The following permissions have been added:

dataform.folders.deleteTree
dataform.teamFolders.deleteTree

The following permissions are supported in custom roles:

dataform.folders.deleteTree
dataform.teamFolders.deleteTree

The following permissions have been added to the Vertex AI Custom Code Service Agent role (roles/aiplatform.customCodeServiceAgent):

logging.views.access
observability.views.access

The following permissions have been added to the App Management Viewer role (roles/apphub.appManagementViewer):

container.clusters.list

The following permissions have been added to the Capacity Planner role (roles/capacityplanner.planner):

capacityplanner.capacityPlans.create
capacityplanner.capacityPlans.delete
capacityplanner.capacityPlans.update
capacityplanner.forecasts.list
capacityplanner.usageAlertInsights.list
capacityplanner.usageHistories.list
capacityplanner.usageHistories.summarize
cloudquotas.quotas.get
compute.futureReservations.get
compute.futureReservations.list
compute.reservations.get
compute.reservations.list
monitoring.timeSeries.list
resourcemanager.folders.get
resourcemanager.organizations.get
resourcemanager.projects.get
resourcemanager.projects.list
serviceusage.consumerpolicy.get
serviceusage.effectivepolicy.get
serviceusage.groups.list
serviceusage.groups.listMembers
serviceusage.quotas.get
serviceusage.services.get
serviceusage.values.check
serviceusage.values.test

The following permissions have been added to the Capacity Planner Viewer role (roles/capacityplanner.viewer):

capacityplanner.capacityPlans.get
capacityplanner.capacityPlans.list
capacityplanner.planAlertInsights.list

The following permissions have been added to the Cloud Hub Operator role (roles/cloudhub.operator):

capacityplanner.capacityPlans.get
capacityplanner.capacityPlans.list
capacityplanner.planAlertInsights.list
container.clusters.list

The ConfigDelivery Admin role (roles/configdelivery.configDeliveryAdmin) has reached General Availability (GA).

The ConfigDelivery Viewer role (roles/configdelivery.configDeliveryViewer) has reached General Availability (GA).

The Config Delivery Resource Bundle Publisher role (roles/configdelivery.resourceBundlePublisher) has reached General Availability (GA).

The following permissions have been added to the Cloud Dataplex Service Agent role (roles/dataplex.serviceAgent):

biglake.tables.get
biglake.tables.getData

The Application Design Center Admin role (roles/designcenter.admin) has reached General Availability (GA).

The Application Admin role (roles/designcenter.applicationAdmin) has reached General Availability (GA).

The Application Editor role (roles/designcenter.applicationEditor) has reached General Availability (GA).

The Application Viewer role (roles/designcenter.applicationViewer) has reached General Availability (GA).

The Application Design Center User role (roles/designcenter.user) has reached General Availability (GA).

The Application Design Center Viewer role (roles/designcenter.viewer) has reached General Availability (GA).

The following permissions have been added to the Application Design Center Admin role (roles/designcenter.admin):

apphub.boundaries.attach
apphub.boundaries.update
container.clusters.list
developerconnect.connections.constructGitHubAppManifest
developerconnect.connections.create
developerconnect.connections.delete
developerconnect.connections.fetchGitHubInstallations
developerconnect.connections.fetchLinkableGitRepositories
developerconnect.connections.generateGitHubStateToken
developerconnect.connections.get
developerconnect.connections.list
developerconnect.connections.processGitHubAppCreationCallback
developerconnect.connections.processGitHubOAuthCallback
developerconnect.connections.update
developerconnect.gitRepositoryLinks.create
developerconnect.gitRepositoryLinks.delete
developerconnect.gitRepositoryLinks.fetchGitRefs
developerconnect.gitRepositoryLinks.get
developerconnect.gitRepositoryLinks.gitProxyRead
developerconnect.gitRepositoryLinks.gitProxyWrite
developerconnect.gitRepositoryLinks.list
developerconnect.locations.get
developerconnect.locations.list
developerconnect.operations.cancel
developerconnect.operations.delete
developerconnect.operations.get
developerconnect.operations.list

The following permissions have been added to the Application Admin role (roles/designcenter.applicationAdmin):

container.clusters.list
developerconnect.connections.constructGitHubAppManifest
developerconnect.connections.create
developerconnect.connections.delete
developerconnect.connections.fetchGitHubInstallations
developerconnect.connections.fetchLinkableGitRepositories
developerconnect.connections.generateGitHubStateToken
developerconnect.connections.get
developerconnect.connections.list
developerconnect.connections.processGitHubAppCreationCallback
developerconnect.connections.processGitHubOAuthCallback
developerconnect.connections.update
developerconnect.gitRepositoryLinks.create
developerconnect.gitRepositoryLinks.delete
developerconnect.gitRepositoryLinks.fetchGitRefs
developerconnect.gitRepositoryLinks.get
developerconnect.gitRepositoryLinks.gitProxyRead
developerconnect.gitRepositoryLinks.gitProxyWrite
developerconnect.gitRepositoryLinks.list
developerconnect.locations.get
developerconnect.locations.list
developerconnect.operations.cancel
developerconnect.operations.delete
developerconnect.operations.get
developerconnect.operations.list

The following permissions have been added to the Application Editor role (roles/designcenter.applicationEditor):

container.clusters.list

The following permissions have been added to the Application Viewer role (roles/designcenter.applicationViewer):

container.clusters.list

The following permissions have been added to the Application Design Center User role (roles/designcenter.user):

container.clusters.list

The following permissions have been added to the Application Design Center Viewer role (roles/designcenter.viewer):

container.clusters.list

The following permissions have been added to the Gemini Cloud Assist Investigation Admin role (roles/geminicloudassist.investigationAdmin):

serviceusage.services.use

The following permissions have been added to the Gemini Cloud Assist Investigation Creator role (roles/geminicloudassist.investigationCreator):

serviceusage.services.use

The following permissions have been added to the Gemini Cloud Assist Investigation Editor role (roles/geminicloudassist.investigationEditor):

serviceusage.services.use

The following permissions have been added to the Gemini Cloud Assist Investigation Owner role (roles/geminicloudassist.investigationOwner):

serviceusage.services.use

The following permissions have been added to the Gemini Cloud Assist Investigation User role (roles/geminicloudassist.investigationUser):

serviceusage.services.use

The following permissions have been added to the Gemini Cloud Assist Investigation Viewer role (roles/geminicloudassist.investigationViewer):

serviceusage.services.use

The following permissions have been added to the Gemini Cloud Assist User role (roles/geminicloudassist.user):

serviceusage.services.use

The following permissions have been added to the Gemini Code Assist Management Service Agent role (roles/geminicodeassistmanagement.serviceAgent):

developerconnect.operations.get

The Maintenance API Viewer role (roles/maintenance.viewer) has reached General Availability (GA).

The Secure Source Manager Developer Connect Linker role (roles/securesourcemanager.developerConnectLinker) has reached General Availability (GA).

The following permissions have been added:

capacityplanner.capacityPlans.create
capacityplanner.capacityPlans.delete
capacityplanner.capacityPlans.update

The following permissions are supported in custom roles:

capacityplanner.capacityPlans.create
capacityplanner.capacityPlans.delete
capacityplanner.capacityPlans.update

The following permissions have been added:

chronicle.entities.findEntityAlerts

The following permissions are supported in custom roles:

chronicle.entities.findEntityAlerts

The following permissions have reached General Availability (GA):

compute.vmExtensionPolicies.create
compute.vmExtensionPolicies.delete
compute.vmExtensionPolicies.get
compute.vmExtensionPolicies.list
compute.vmExtensionPolicies.update

The following permissions have been added:

configdelivery.variants.create
configdelivery.variants.delete
configdelivery.variants.get
configdelivery.variants.list
configdelivery.variants.update

The following permissions are supported in custom roles:

configdelivery.variants.create
configdelivery.variants.delete
configdelivery.variants.get
configdelivery.variants.list
configdelivery.variants.update

The following permissions have reached General Availability (GA):

configdelivery.fleetPackages.create
configdelivery.fleetPackages.delete
configdelivery.fleetPackages.get
configdelivery.fleetPackages.list
configdelivery.fleetPackages.update
configdelivery.locations.get
configdelivery.locations.list
configdelivery.operations.cancel
configdelivery.operations.delete
configdelivery.operations.get
configdelivery.operations.list
configdelivery.releases.create
configdelivery.releases.delete
configdelivery.releases.get
configdelivery.releases.list
configdelivery.releases.update
configdelivery.resourceBundles.create
configdelivery.resourceBundles.delete
configdelivery.resourceBundles.get
configdelivery.resourceBundles.list
configdelivery.resourceBundles.update
configdelivery.rollouts.abort
configdelivery.rollouts.get
configdelivery.rollouts.list
configdelivery.rollouts.resume
configdelivery.rollouts.suspend
configdelivery.variants.create
configdelivery.variants.delete
configdelivery.variants.get
configdelivery.variants.list
configdelivery.variants.update

The following permissions have been added:

databasecenter.reportConfigs.get

The following permissions are supported in custom roles:

databasecenter.reportConfigs.get

The following permissions have reached General Availability (GA):

databasecenter.reportConfigs.get

The following permissions have been added:

datamigration.connectionProfiles.createTagBinding
datamigration.connectionProfiles.deleteTagBinding
datamigration.connectionProfiles.listEffectiveTags
datamigration.connectionProfiles.listTagBindings
datamigration.migrationJobs.createTagBinding
datamigration.migrationJobs.deleteTagBinding
datamigration.migrationJobs.listEffectiveTags
datamigration.migrationJobs.listTagBindings
datamigration.privateConnections.createTagBinding
datamigration.privateConnections.deleteTagBinding
datamigration.privateConnections.listEffectiveTags
datamigration.privateConnections.listTagBindings

The following permissions have been added:

dataplex.entryLinks.update

The following permissions are supported in custom roles:

dataplex.entryLinks.update

The following permissions have reached General Availability (GA):

designcenter.applicationTemplateRevisions.delete
designcenter.applicationTemplateRevisions.get
designcenter.applicationTemplateRevisions.list
designcenter.applicationTemplates.create
designcenter.applicationTemplates.delete
designcenter.applicationTemplates.get
designcenter.applicationTemplates.list
designcenter.applicationTemplates.update
designcenter.applications.create
designcenter.applications.delete
designcenter.applications.get
designcenter.applications.list
designcenter.applications.update
designcenter.catalogTemplateRevisions.create
designcenter.catalogTemplateRevisions.delete
designcenter.catalogTemplateRevisions.get
designcenter.catalogTemplateRevisions.list
designcenter.catalogTemplates.create
designcenter.catalogTemplates.delete
designcenter.catalogTemplates.get
designcenter.catalogTemplates.list
designcenter.catalogTemplates.update
designcenter.catalogs.create
designcenter.catalogs.delete
designcenter.catalogs.get
designcenter.catalogs.list
designcenter.catalogs.update
designcenter.components.create
designcenter.components.delete
designcenter.components.get
designcenter.components.list
designcenter.components.update
designcenter.connections.create
designcenter.connections.delete
designcenter.connections.get
designcenter.connections.list
designcenter.connections.update
designcenter.locations.get
designcenter.locations.list
designcenter.operations.cancel
designcenter.operations.delete
designcenter.operations.get
designcenter.operations.list
designcenter.sharedTemplateRevisions.get
designcenter.sharedTemplateRevisions.list
designcenter.sharedTemplates.get
designcenter.sharedTemplates.list
designcenter.shares.create
designcenter.shares.delete
designcenter.shares.get
designcenter.shares.list
designcenter.spaces.create
designcenter.spaces.delete
designcenter.spaces.get
designcenter.spaces.getIamPolicy
designcenter.spaces.list
designcenter.spaces.setIamPolicy
designcenter.spaces.update

The following permissions have reached General Availability (GA):

maintenance.locations.get
maintenance.locations.list
maintenance.resourceMaintenances.get
maintenance.resourceMaintenances.list

The following permissions have been added to the Vertex AI Custom Code Service Agent role (roles/aiplatform.customCodeServiceAgent):

cloudtrace.traces.list
logging.views.get

The following permissions have been added to the Apigee Service Agent role (roles/apigee.serviceAgent):

apihub.deployments.get

The following permissions have been added to the Backup and DR Service Agent role (roles/backupdr.serviceAgent):

compute.disks.createTagBinding
compute.instances.createTagBinding
compute.instances.listEffectiveTags
compute.instances.pscInterfaceCreate
compute.instances.setDeletionProtection
compute.instances.updateDisplayDevice
compute.resourcePolicies.use
compute.storagePools.use

The following permissions have been added to the Billing Account Administrator role (roles/billing.admin):

chroniclesm.contracts.get

The following permissions have been added to the Project Billing Costs Manager role (roles/billing.projectCostsManager):

billing.accounts.get

The Gemini Enterprise for Customer Experience Admin role (roles/ces.admin) has reached General Availability (GA).

The Gemini Enterprise for Customer Experience Agent Editor role (roles/ces.agentEditor) has reached General Availability (GA).

The Gemini Enterprise for Customer Experience App Editor role (roles/ces.appEditor) has reached General Availability (GA).

The Gemini Enterprise for Customer Experience Client role (roles/ces.client) has reached General Availability (GA).

The Gemini Enterprise for Customer Experience Deployment Editor role (roles/ces.deploymentEditor) has reached General Availability (GA).

The Gemini Enterprise for Customer Experience Evals Editor role (roles/ces.evalsEditor) has reached General Availability (GA).

The Gemini Enterprise for Customer Experience Guardrails Editor role (roles/ces.guardrailsEditor) has reached General Availability (GA).

The Gemini Enterprise for Customer Experience Security Settings Editor role (roles/ces.securitySettingsEditor) has reached General Availability (GA).

The Gemini Enterprise for Customer Experience Tools Editor role (roles/ces.toolsEditor) has reached General Availability (GA).

The Gemini Enterprise for Customer Experience Viewer role (roles/ces.viewer) has reached General Availability (GA).

The following permissions have been added to the Customer Engagement Suite Service Agent role (roles/ces.serviceAgent):

discoveryengine.rankingConfigs.rank

The following permissions have been added to the Chronicle API Editor role (roles/chronicle.editor):

chronicle.legacySoarSettings.get
chronicle.socRoles.get

The following permissions have been added to the Chronicle API Viewer role (roles/chronicle.viewer):

chronicle.integrations.get
chronicle.legacySoarSettings.get
chronicle.socRoles.get

The following permissions have been added to the Chronicle Service Admin role (roles/chroniclesm.admin):

chroniclesm.contracts.get
chroniclesm.contracts.update

The following permissions have been added to the Chronicle Service Viewer role (roles/chroniclesm.viewer):

chroniclesm.contracts.get

The following permissions have been added to the Gemini for Google Cloud Settings Admin role (roles/cloudaicompanion.settingsAdmin):

cloudaicompanion.instances.queryEffectiveSetting
cloudaicompanion.instances.queryEffectiveSettingBindings

The Compliance Manager Admin role (roles/cloudsecuritycompliance.admin) has reached General Availability (GA).

The Compliance Manager Viewer role (roles/cloudsecuritycompliance.viewer) has reached General Availability (GA).

The following permissions have been added to the Compute Engine Service Agent role (roles/compute.serviceAgent):

compute.snapshots.listEffectiveTags

The following permissions have been added to the DesignCenter Service Agent role (roles/designcenter.serviceAgent):

config.previews.export

The following permissions have been added to the Developer Connect Service Agent role (roles/developerconnect.serviceAgent):

developerconnect.operations.get

The following permissions have been added to the Discovery Engine Admin role (roles/discoveryengine.admin):

cloudaicompanion.aiDevToolsSettings.create
cloudaicompanion.aiDevToolsSettings.delete
cloudaicompanion.aiDevToolsSettings.get
cloudaicompanion.aiDevToolsSettings.list
cloudaicompanion.aiDevToolsSettings.update
cloudaicompanion.codeRepositoryIndexes.create
cloudaicompanion.codeRepositoryIndexes.delete
cloudaicompanion.codeRepositoryIndexes.get
cloudaicompanion.codeRepositoryIndexes.list
cloudaicompanion.codeRepositoryIndexes.update
cloudaicompanion.codeToolsSettings.create
cloudaicompanion.codeToolsSettings.delete
cloudaicompanion.codeToolsSettings.get
cloudaicompanion.codeToolsSettings.list
cloudaicompanion.codeToolsSettings.update
cloudaicompanion.dataSharingWithGoogleSettings.create
cloudaicompanion.dataSharingWithGoogleSettings.delete
cloudaicompanion.dataSharingWithGoogleSettings.get
cloudaicompanion.dataSharingWithGoogleSettings.list
cloudaicompanion.dataSharingWithGoogleSettings.update
cloudaicompanion.geminiGcpEnablementSettings.create
cloudaicompanion.geminiGcpEnablementSettings.delete
cloudaicompanion.geminiGcpEnablementSettings.get
cloudaicompanion.geminiGcpEnablementSettings.list
cloudaicompanion.geminiGcpEnablementSettings.update
cloudaicompanion.instances.queryEffectiveSetting
cloudaicompanion.instances.queryEffectiveSettingBindings
cloudaicompanion.loggingSettings.create
cloudaicompanion.loggingSettings.delete
cloudaicompanion.loggingSettings.get
cloudaicompanion.loggingSettings.list
cloudaicompanion.loggingSettings.update
cloudaicompanion.operations.cancel
cloudaicompanion.operations.delete
cloudaicompanion.operations.get
cloudaicompanion.operations.list
cloudaicompanion.releaseChannelSettings.create
cloudaicompanion.releaseChannelSettings.delete
cloudaicompanion.releaseChannelSettings.get
cloudaicompanion.releaseChannelSettings.list
cloudaicompanion.releaseChannelSettings.update
cloudaicompanion.repositoryGroups.create
cloudaicompanion.repositoryGroups.delete
cloudaicompanion.repositoryGroups.get
cloudaicompanion.repositoryGroups.getIamPolicy
cloudaicompanion.repositoryGroups.list
cloudaicompanion.repositoryGroups.setIamPolicy
cloudaicompanion.repositoryGroups.update
cloudaicompanion.settingBindings.aiDevToolsSettingsCreate
cloudaicompanion.settingBindings.aiDevToolsSettingsDelete
cloudaicompanion.settingBindings.aiDevToolsSettingsGet
cloudaicompanion.settingBindings.aiDevToolsSettingsList
cloudaicompanion.settingBindings.aiDevToolsSettingsUpdate
cloudaicompanion.settingBindings.aiDevToolsSettingsUse
cloudaicompanion.settingBindings.codeToolsSettingsCreate
cloudaicompanion.settingBindings.codeToolsSettingsDelete
cloudaicompanion.settingBindings.codeToolsSettingsGet
cloudaicompanion.settingBindings.codeToolsSettingsList
cloudaicompanion.settingBindings.codeToolsSettingsUpdate
cloudaicompanion.settingBindings.codeToolsSettingsUse
cloudaicompanion.settingBindings.dataSharingWithGoogleSettingsCreate
cloudaicompanion.settingBindings.dataSharingWithGoogleSettingsDelete
cloudaicompanion.settingBindings.dataSharingWithGoogleSettingsGet
cloudaicompanion.settingBindings.dataSharingWithGoogleSettingsList
cloudaicompanion.settingBindings.dataSharingWithGoogleSettingsUpdate
cloudaicompanion.settingBindings.dataSharingWithGoogleSettingsUse
cloudaicompanion.settingBindings.geminiGcpEnablementSettingsCreate
cloudaicompanion.settingBindings.geminiGcpEnablementSettingsDelete
cloudaicompanion.settingBindings.geminiGcpEnablementSettingsGet
cloudaicompanion.settingBindings.geminiGcpEnablementSettingsList
cloudaicompanion.settingBindings.geminiGcpEnablementSettingsUpdate
cloudaicompanion.settingBindings.geminiGcpEnablementSettingsUse
cloudaicompanion.settingBindings.loggingSettingsCreate
cloudaicompanion.settingBindings.loggingSettingsDelete
cloudaicompanion.settingBindings.loggingSettingsGet
cloudaicompanion.settingBindings.loggingSettingsList
cloudaicompanion.settingBindings.loggingSettingsUpdate
cloudaicompanion.settingBindings.loggingSettingsUse
cloudaicompanion.settingBindings.releaseChannelSettingsCreate
cloudaicompanion.settingBindings.releaseChannelSettingsDelete
cloudaicompanion.settingBindings.releaseChannelSettingsGet
cloudaicompanion.settingBindings.releaseChannelSettingsList
cloudaicompanion.settingBindings.releaseChannelSettingsUpdate
cloudaicompanion.settingBindings.releaseChannelSettingsUse
cloudnotifications.activities.list
monitoring.alertPolicies.get
monitoring.alertPolicies.list
monitoring.alertPolicies.listEffectiveTags
monitoring.alertPolicies.listTagBindings
monitoring.alerts.get
monitoring.alerts.list
monitoring.dashboards.get
monitoring.dashboards.list
monitoring.dashboards.listEffectiveTags
monitoring.dashboards.listTagBindings
monitoring.groups.get
monitoring.groups.list
monitoring.metricDescriptors.get
monitoring.metricDescriptors.list
monitoring.monitoredResourceDescriptors.get
monitoring.monitoredResourceDescriptors.list
monitoring.notificationChannelDescriptors.get
monitoring.notificationChannelDescriptors.list
monitoring.notificationChannels.get
monitoring.notificationChannels.list
monitoring.services.get
monitoring.services.list
monitoring.slos.get
monitoring.slos.list
monitoring.snoozes.get
monitoring.snoozes.list
monitoring.timeSeries.list
monitoring.uptimeCheckConfigs.get
monitoring.uptimeCheckConfigs.list
opsconfigmonitoring.resourceMetadata.list
stackdriver.projects.get
stackdriver.resourceMetadata.list

The following permissions have been added to the Gemini Enterprise Admin role (roles/discoveryengine.agentspaceAdmin):

cloudaicompanion.aiDevToolsSettings.create
cloudaicompanion.aiDevToolsSettings.delete
cloudaicompanion.aiDevToolsSettings.get
cloudaicompanion.aiDevToolsSettings.list
cloudaicompanion.aiDevToolsSettings.update
cloudaicompanion.codeRepositoryIndexes.create
cloudaicompanion.codeRepositoryIndexes.delete
cloudaicompanion.codeRepositoryIndexes.get
cloudaicompanion.codeRepositoryIndexes.list
cloudaicompanion.codeRepositoryIndexes.update
cloudaicompanion.codeToolsSettings.create
cloudaicompanion.codeToolsSettings.delete
cloudaicompanion.codeToolsSettings.get
cloudaicompanion.codeToolsSettings.list
cloudaicompanion.codeToolsSettings.update
cloudaicompanion.dataSharingWithGoogleSettings.create
cloudaicompanion.dataSharingWithGoogleSettings.delete
cloudaicompanion.dataSharingWithGoogleSettings.get
cloudaicompanion.dataSharingWithGoogleSettings.list
cloudaicompanion.dataSharingWithGoogleSettings.update
cloudaicompanion.geminiGcpEnablementSettings.create
cloudaicompanion.geminiGcpEnablementSettings.delete
cloudaicompanion.geminiGcpEnablementSettings.get
cloudaicompanion.geminiGcpEnablementSettings.list
cloudaicompanion.geminiGcpEnablementSettings.update
cloudaicompanion.instances.queryEffectiveSetting
cloudaicompanion.instances.queryEffectiveSettingBindings
cloudaicompanion.loggingSettings.create
cloudaicompanion.loggingSettings.delete
cloudaicompanion.loggingSettings.get
cloudaicompanion.loggingSettings.list
cloudaicompanion.loggingSettings.update
cloudaicompanion.operations.cancel
cloudaicompanion.operations.delete
cloudaicompanion.operations.get
cloudaicompanion.operations.list
cloudaicompanion.releaseChannelSettings.create
cloudaicompanion.releaseChannelSettings.delete
cloudaicompanion.releaseChannelSettings.get
cloudaicompanion.releaseChannelSettings.list
cloudaicompanion.releaseChannelSettings.update
cloudaicompanion.repositoryGroups.create
cloudaicompanion.repositoryGroups.delete
cloudaicompanion.repositoryGroups.get
cloudaicompanion.repositoryGroups.getIamPolicy
cloudaicompanion.repositoryGroups.list
cloudaicompanion.repositoryGroups.setIamPolicy
cloudaicompanion.repositoryGroups.update
cloudaicompanion.settingBindings.aiDevToolsSettingsCreate
cloudaicompanion.settingBindings.aiDevToolsSettingsDelete
cloudaicompanion.settingBindings.aiDevToolsSettingsGet
cloudaicompanion.settingBindings.aiDevToolsSettingsList
cloudaicompanion.settingBindings.aiDevToolsSettingsUpdate
cloudaicompanion.settingBindings.aiDevToolsSettingsUse
cloudaicompanion.settingBindings.codeToolsSettingsCreate
cloudaicompanion.settingBindings.codeToolsSettingsDelete
cloudaicompanion.settingBindings.codeToolsSettingsGet
cloudaicompanion.settingBindings.codeToolsSettingsList
cloudaicompanion.settingBindings.codeToolsSettingsUpdate
cloudaicompanion.settingBindings.codeToolsSettingsUse
cloudaicompanion.settingBindings.dataSharingWithGoogleSettingsCreate
cloudaicompanion.settingBindings.dataSharingWithGoogleSettingsDelete
cloudaicompanion.settingBindings.dataSharingWithGoogleSettingsGet
cloudaicompanion.settingBindings.dataSharingWithGoogleSettingsList
cloudaicompanion.settingBindings.dataSharingWithGoogleSettingsUpdate
cloudaicompanion.settingBindings.dataSharingWithGoogleSettingsUse
cloudaicompanion.settingBindings.geminiGcpEnablementSettingsCreate
cloudaicompanion.settingBindings.geminiGcpEnablementSettingsDelete
cloudaicompanion.settingBindings.geminiGcpEnablementSettingsGet
cloudaicompanion.settingBindings.geminiGcpEnablementSettingsList
cloudaicompanion.settingBindings.geminiGcpEnablementSettingsUpdate
cloudaicompanion.settingBindings.geminiGcpEnablementSettingsUse
cloudaicompanion.settingBindings.loggingSettingsCreate
cloudaicompanion.settingBindings.loggingSettingsDelete
cloudaicompanion.settingBindings.loggingSettingsGet
cloudaicompanion.settingBindings.loggingSettingsList
cloudaicompanion.settingBindings.loggingSettingsUpdate
cloudaicompanion.settingBindings.loggingSettingsUse
cloudaicompanion.settingBindings.releaseChannelSettingsCreate
cloudaicompanion.settingBindings.releaseChannelSettingsDelete
cloudaicompanion.settingBindings.releaseChannelSettingsGet
cloudaicompanion.settingBindings.releaseChannelSettingsList
cloudaicompanion.settingBindings.releaseChannelSettingsUpdate
cloudaicompanion.settingBindings.releaseChannelSettingsUse
cloudnotifications.activities.list
monitoring.alertPolicies.get
monitoring.alertPolicies.list
monitoring.alertPolicies.listEffectiveTags
monitoring.alertPolicies.listTagBindings
monitoring.alerts.get
monitoring.alerts.list
monitoring.dashboards.get
monitoring.dashboards.list
monitoring.dashboards.listEffectiveTags
monitoring.dashboards.listTagBindings
monitoring.groups.get
monitoring.groups.list
monitoring.metricDescriptors.get
monitoring.metricDescriptors.list
monitoring.monitoredResourceDescriptors.get
monitoring.monitoredResourceDescriptors.list
monitoring.notificationChannelDescriptors.get
monitoring.notificationChannelDescriptors.list
monitoring.notificationChannels.get
monitoring.notificationChannels.list
monitoring.services.get
monitoring.services.list
monitoring.slos.get
monitoring.slos.list
monitoring.snoozes.get
monitoring.snoozes.list
monitoring.timeSeries.list
monitoring.uptimeCheckConfigs.get
monitoring.uptimeCheckConfigs.list
opsconfigmonitoring.resourceMetadata.list
stackdriver.projects.get
stackdriver.resourceMetadata.list

The following permissions have been added to the Discovery Engine Service Agent role (roles/discoveryengine.serviceAgent):

agentregistry.agents.get
agentregistry.agents.list
agentregistry.mcpServers.get
agentregistry.mcpServers.list

The following permissions have been added to the Firebase Service Management Service Agent role (roles/firebase.managementServiceAgent):

bigquery.datasets.getIamPolicy

The Cluster Director Service Agent role (roles/hypercomputecluster.serviceAgent) has reached General Availability (GA).

The following permissions have been added to the Looker Admin role (roles/looker.admin):

monitoring.timeSeries.list
serviceusage.quotas.get

The following permissions have been added to the AI Platform Notebooks Service Agent role (roles/notebooks.serviceAgent):

aiplatform.notebookRuntimes.get

The Oracle Database@Google Cloud GoldenGate Connection Admin role (roles/oracledatabase.goldenGateConnectionAdmin) has reached General Availability (GA).

The Oracle Database@Google Cloud GoldenGate Connection Assignment Admin role (roles/oracledatabase.goldenGateConnectionAssignmentAdmin) has reached General Availability (GA).

The Oracle Database@Google Cloud GoldenGate Connection Assignment Viewer role (roles/oracledatabase.goldenGateConnectionAssignmentViewer) has reached General Availability (GA).

The Oracle Database@Google GoldenGate Connections User role (roles/oracledatabase.goldenGateConnectionsUser) has reached General Availability (GA).

The Oracle Database@Google Cloud GoldenGate Connection Viewer role (roles/oracledatabase.goldenGateConnectionViewer) has reached General Availability (GA).

The Oracle Database@Google Cloud GoldenGate Deployment Admin role (roles/oracledatabase.goldenGateDeploymentAdmin) has reached General Availability (GA).

The Oracle Database@Google GoldenGate Deployments User role (roles/oracledatabase.goldenGateDeploymentsUser) has reached General Availability (GA).

The Oracle Database@Google Cloud GoldenGate Deployment Viewer role (roles/oracledatabase.goldenGateDeploymentViewer) has reached General Availability (GA).

The following permissions have been added to the Workload Manager Workload Viewer role (roles/workloadmanager.workloadViewer):

serviceusage.consumerpolicy.analyze
serviceusage.consumerpolicy.get
serviceusage.effectivepolicy.get
serviceusage.groups.list
serviceusage.groups.listExpandedMembers
serviceusage.groups.listMembers
serviceusage.services.get
serviceusage.services.list
serviceusage.values.check
serviceusage.values.test

The following permissions have been added:

agentregistry.agents.get
agentregistry.agents.list
agentregistry.endpoints.get
agentregistry.endpoints.list
agentregistry.locations.get
agentregistry.locations.list
agentregistry.mcpServers.get
agentregistry.mcpServers.list
agentregistry.operations.cancel
agentregistry.operations.delete
agentregistry.operations.get
agentregistry.operations.list
agentregistry.services.create
agentregistry.services.delete
agentregistry.services.get
agentregistry.services.list
agentregistry.services.update

The following permissions are supported in custom roles:

agentregistry.agents.get
agentregistry.agents.list
agentregistry.endpoints.get
agentregistry.endpoints.list
agentregistry.locations.get
agentregistry.locations.list
agentregistry.mcpServers.get
agentregistry.mcpServers.list
agentregistry.operations.cancel
agentregistry.operations.delete
agentregistry.operations.get
agentregistry.operations.list
agentregistry.services.create
agentregistry.services.delete
agentregistry.services.get
agentregistry.services.list
agentregistry.services.update

The following permissions have been added:

appengine.versions.exportAppImage

The following permissions have reached General Availability (GA):

appengine.versions.exportAppImage

The following permissions have reached General Availability (GA):

ces.agents.create
ces.agents.delete
ces.agents.get
ces.agents.list
ces.agents.update
ces.appVersions.create
ces.appVersions.delete
ces.appVersions.get
ces.appVersions.list
ces.appVersions.restore
ces.apps.create
ces.apps.delete
ces.apps.export
ces.apps.get
ces.apps.import
ces.apps.list
ces.apps.update
ces.changelogs.get
ces.changelogs.list
ces.conversations.delete
ces.conversations.get
ces.conversations.list
ces.deployments.create
ces.deployments.delete
ces.deployments.get
ces.deployments.list
ces.deployments.update
ces.evaluationDatasets.create
ces.evaluationDatasets.delete
ces.evaluationDatasets.get
ces.evaluationDatasets.list
ces.evaluationDatasets.update
ces.evaluationResults.delete
ces.evaluationResults.get
ces.evaluationResults.list
ces.evaluationRuns.delete
ces.evaluationRuns.get
ces.evaluationRuns.list
ces.evaluations.create
ces.evaluations.delete
ces.evaluations.get
ces.evaluations.list
ces.evaluations.update
ces.examples.create
ces.examples.delete
ces.examples.get
ces.examples.list
ces.examples.update
ces.guardrails.create
ces.guardrails.delete
ces.guardrails.get
ces.guardrails.list
ces.guardrails.update
ces.locations.get
ces.locations.list
ces.operations.cancel
ces.operations.delete
ces.operations.get
ces.operations.list
ces.sessions.bidiRunSession
ces.sessions.runSession
ces.tools.create
ces.tools.delete
ces.tools.execute
ces.tools.get
ces.tools.list
ces.tools.update
ces.toolsets.create
ces.toolsets.delete
ces.toolsets.get
ces.toolsets.list
ces.toolsets.update

The following permissions have been added:

chronicle.dataTableRows.asyncBulkDelete
chronicle.dataTableRows.bulkDelete
chronicle.managedDomainSettings.get
chronicle.managedDomainSettings.update
chronicle.rules.modifyRules

The following permissions are supported in custom roles:

chronicle.dataTableRows.asyncBulkDelete
chronicle.dataTableRows.bulkDelete
chronicle.managedDomainSettings.get
chronicle.managedDomainSettings.update
chronicle.rules.modifyRules

The following permissions have been added:

chroniclesm.contracts.get
chroniclesm.contracts.update

The following permissions are supported in custom roles:

chroniclesm.contracts.get
chroniclesm.contracts.update

The following permissions have reached General Availability (GA):

chroniclesm.contracts.get
chroniclesm.contracts.update

The following permissions have been added:

cloudaicompanion.aiDevToolsSettings.create
cloudaicompanion.aiDevToolsSettings.delete
cloudaicompanion.aiDevToolsSettings.get
cloudaicompanion.aiDevToolsSettings.list
cloudaicompanion.aiDevToolsSettings.update
cloudaicompanion.settingBindings.aiDevToolsSettingsCreate
cloudaicompanion.settingBindings.aiDevToolsSettingsDelete
cloudaicompanion.settingBindings.aiDevToolsSettingsGet
cloudaicompanion.settingBindings.aiDevToolsSettingsList
cloudaicompanion.settingBindings.aiDevToolsSettingsUpdate
cloudaicompanion.settingBindings.aiDevToolsSettingsUse

The following permissions are supported in custom roles:

cloudaicompanion.aiDevToolsSettings.create
cloudaicompanion.aiDevToolsSettings.delete
cloudaicompanion.aiDevToolsSettings.get
cloudaicompanion.aiDevToolsSettings.list
cloudaicompanion.aiDevToolsSettings.update
cloudaicompanion.settingBindings.aiDevToolsSettingsCreate
cloudaicompanion.settingBindings.aiDevToolsSettingsDelete
cloudaicompanion.settingBindings.aiDevToolsSettingsGet
cloudaicompanion.settingBindings.aiDevToolsSettingsList
cloudaicompanion.settingBindings.aiDevToolsSettingsUpdate
cloudaicompanion.settingBindings.aiDevToolsSettingsUse

The following permissions have reached General Availability (GA):

cloudsecuritycompliance.auditReports.generate
cloudsecuritycompliance.auditReports.get
cloudsecuritycompliance.auditReports.list
cloudsecuritycompliance.auditScopeReports.generate
cloudsecuritycompliance.billingSettings.get
cloudsecuritycompliance.cloudControlDeployments.create
cloudsecuritycompliance.cloudControlDeployments.delete
cloudsecuritycompliance.cloudControlDeployments.get
cloudsecuritycompliance.cloudControlDeployments.list
cloudsecuritycompliance.cloudControlDeployments.update
cloudsecuritycompliance.cloudControlPredictions.create
cloudsecuritycompliance.cloudControlPredictions.get
cloudsecuritycompliance.cloudControlPredictions.list
cloudsecuritycompliance.cloudControls.create
cloudsecuritycompliance.cloudControls.delete
cloudsecuritycompliance.cloudControls.get
cloudsecuritycompliance.cloudControls.list
cloudsecuritycompliance.cloudControls.update
cloudsecuritycompliance.controlComplianceSummaries.list
cloudsecuritycompliance.controlReports.get
cloudsecuritycompliance.controls.get
cloudsecuritycompliance.controls.list
cloudsecuritycompliance.findingSummaries.list
cloudsecuritycompliance.findings.list
cloudsecuritycompliance.frameworkComplianceReports.aggregate
cloudsecuritycompliance.frameworkComplianceReports.get
cloudsecuritycompliance.frameworkComplianceSummaries.list
cloudsecuritycompliance.frameworkDeployments.create
cloudsecuritycompliance.frameworkDeployments.delete
cloudsecuritycompliance.frameworkDeployments.get
cloudsecuritycompliance.frameworkDeployments.list
cloudsecuritycompliance.frameworkDeployments.update
cloudsecuritycompliance.frameworks.create
cloudsecuritycompliance.frameworks.delete
cloudsecuritycompliance.frameworks.get
cloudsecuritycompliance.frameworks.list
cloudsecuritycompliance.frameworks.update
cloudsecuritycompliance.locations.enrollResource
cloudsecuritycompliance.locations.get
cloudsecuritycompliance.locations.list
cloudsecuritycompliance.operations.cancel
cloudsecuritycompliance.operations.delete
cloudsecuritycompliance.operations.get
cloudsecuritycompliance.operations.list
cloudsecuritycompliance.resourceEnrollmentStatuses.get
cloudsecuritycompliance.resourceEnrollmentStatuses.list

The following permissions have been added:

compute.commitments.createTagBinding
compute.commitments.deleteTagBinding
compute.commitments.listEffectiveTags
compute.commitments.listTagBindings
compute.futureReservations.createTagBinding
compute.futureReservations.deleteTagBinding
compute.futureReservations.listEffectiveTags
compute.futureReservations.listTagBindings
compute.snapshotGroups.create
compute.snapshotGroups.delete
compute.snapshotGroups.get
compute.snapshotGroups.getIamPolicy
compute.snapshotGroups.list
compute.snapshotGroups.setIamPolicy
compute.snapshotGroups.useReadOnly

The following permissions have reached General Availability (GA):

compute.commitments.createTagBinding
compute.commitments.deleteTagBinding
compute.commitments.listEffectiveTags
compute.commitments.listTagBindings
compute.futureReservations.createTagBinding
compute.futureReservations.deleteTagBinding
compute.futureReservations.listEffectiveTags
compute.futureReservations.listTagBindings

The following permissions have been added:

databasecenter.queryStats.list
databasecenter.reportConfigs.create
databasecenter.reportConfigs.delete
databasecenter.reportConfigs.list
databasecenter.reportConfigs.update

The following permissions are supported in custom roles:

databasecenter.queryStats.list
databasecenter.reportConfigs.create
databasecenter.reportConfigs.delete
databasecenter.reportConfigs.list
databasecenter.reportConfigs.update

The following permissions have reached General Availability (GA):

databasecenter.queryStats.list
databasecenter.reportConfigs.create
databasecenter.reportConfigs.delete
databasecenter.reportConfigs.list
databasecenter.reportConfigs.update

The following permissions have been added:

datastore.schemas.create
datastore.schemas.delete
datastore.schemas.get
datastore.schemas.list
datastore.schemas.update

The following permissions have been added:

datastore.googleapis.com/schemas.create
datastore.googleapis.com/schemas.delete
datastore.googleapis.com/schemas.get
datastore.googleapis.com/schemas.list
datastore.googleapis.com/schemas.update

The following permissions have been added:

discoveryengine.agentFiles.delete
discoveryengine.agentFiles.download
discoveryengine.agentFiles.import
discoveryengine.agentFiles.list
discoveryengine.agentFiles.upload
discoveryengine.agentIamProposals.create
discoveryengine.agentIamProposals.delete
discoveryengine.agentIamProposals.get
discoveryengine.agentIamProposals.list
discoveryengine.authorizations.storeUserAuthorization
discoveryengine.cannedQueries.create
discoveryengine.cannedQueries.delete
discoveryengine.cannedQueries.get
discoveryengine.cannedQueries.list
discoveryengine.cannedQueries.listActiveCannedQueryUserViews
discoveryengine.cannedQueries.update
discoveryengine.completionConfigs.removeSuggestion
discoveryengine.engines.generateMemories
discoveryengine.engines.generatePersonalContext
discoveryengine.engines.getEngineUserData
discoveryengine.engines.getPersonalContext
discoveryengine.engines.updateEngineUserData
discoveryengine.homepageDataConfigs.fetchDocuments
discoveryengine.ideaForgeIdeas.create
discoveryengine.ideaForgeIdeas.get
discoveryengine.ideaForgeInstances.get
discoveryengine.ideaForgeInstances.start
discoveryengine.locations.fetchAgentCards
discoveryengine.memories.delete
discoveryengine.memories.list
discoveryengine.memories.retrieve
discoveryengine.memories.update
discoveryengine.notificationMessages.ackAll
discoveryengine.notificationMessages.list
discoveryengine.notificationMessages.update
discoveryengine.sessions.generateSummary
discoveryengine.sharedContents.create
discoveryengine.sharedContents.delete
discoveryengine.sharedContents.get
discoveryengine.sharedContents.list

The following permissions are supported in custom roles:

discoveryengine.agentFiles.delete
discoveryengine.agentFiles.download
discoveryengine.agentFiles.import
discoveryengine.agentFiles.list
discoveryengine.agentFiles.upload
discoveryengine.agentIamProposals.create
discoveryengine.agentIamProposals.delete
discoveryengine.agentIamProposals.get
discoveryengine.agentIamProposals.list
discoveryengine.authorizations.storeUserAuthorization
discoveryengine.cannedQueries.create
discoveryengine.cannedQueries.delete
discoveryengine.cannedQueries.get
discoveryengine.cannedQueries.list
discoveryengine.cannedQueries.listActiveCannedQueryUserViews
discoveryengine.cannedQueries.update
discoveryengine.completionConfigs.removeSuggestion
discoveryengine.engines.generateMemories
discoveryengine.engines.generatePersonalContext
discoveryengine.engines.getEngineUserData
discoveryengine.engines.getPersonalContext
discoveryengine.engines.updateEngineUserData
discoveryengine.homepageDataConfigs.fetchDocuments
discoveryengine.ideaForgeIdeas.create
discoveryengine.ideaForgeIdeas.get
discoveryengine.ideaForgeInstances.get
discoveryengine.ideaForgeInstances.start
discoveryengine.locations.fetchAgentCards
discoveryengine.memories.delete
discoveryengine.memories.list
discoveryengine.memories.retrieve
discoveryengine.memories.update
discoveryengine.notificationMessages.ackAll
discoveryengine.notificationMessages.list
discoveryengine.notificationMessages.update
discoveryengine.sessions.generateSummary
discoveryengine.sharedContents.create
discoveryengine.sharedContents.delete
discoveryengine.sharedContents.get
discoveryengine.sharedContents.list

The following permissions have been added:

iam.workforcePoolProviders.computeUserAttributes

The following permissions are supported in custom roles:

iam.workforcePoolProviders.computeUserAttributes

The following permissions have reached General Availability (GA):

iam.workforcePoolProviders.computeUserAttributes

The following permissions have been added:

iam.googleapis.com/workforcePoolProviders.computeUserAttributes

The following permissions are supported in custom roles:

iam.googleapis.com/workforcePoolProviders.computeUserAttributes

The following permissions have reached General Availability (GA):

iam.googleapis.com/workforcePoolProviders.computeUserAttributes

The following permissions have been added:

oracledatabase.goldenGateConnectionAssignments.create
oracledatabase.goldenGateConnectionAssignments.delete
oracledatabase.goldenGateConnectionAssignments.get
oracledatabase.goldenGateConnectionAssignments.list
oracledatabase.goldenGateConnectionAssignments.test
oracledatabase.goldenGateConnectionTypes.list
oracledatabase.goldenGateConnections.create
oracledatabase.goldenGateConnections.delete
oracledatabase.goldenGateConnections.get
oracledatabase.goldenGateConnections.list
oracledatabase.goldenGateConnections.use
oracledatabase.goldenGateDeploymentTypes.list
oracledatabase.goldenGateDeploymentVersions.list
oracledatabase.goldenGateDeployments.create
oracledatabase.goldenGateDeployments.delete
oracledatabase.goldenGateDeployments.get
oracledatabase.goldenGateDeployments.list
oracledatabase.goldenGateDeployments.start
oracledatabase.goldenGateDeployments.stop
oracledatabase.goldenGateDeployments.use

The following permissions are supported in custom roles:

oracledatabase.goldenGateConnectionAssignments.create
oracledatabase.goldenGateConnectionAssignments.delete
oracledatabase.goldenGateConnectionAssignments.get
oracledatabase.goldenGateConnectionAssignments.list
oracledatabase.goldenGateConnectionAssignments.test
oracledatabase.goldenGateConnectionTypes.list
oracledatabase.goldenGateConnections.create
oracledatabase.goldenGateConnections.delete
oracledatabase.goldenGateConnections.get
oracledatabase.goldenGateConnections.list
oracledatabase.goldenGateConnections.use
oracledatabase.goldenGateDeploymentTypes.list
oracledatabase.goldenGateDeploymentVersions.list
oracledatabase.goldenGateDeployments.create
oracledatabase.goldenGateDeployments.delete
oracledatabase.goldenGateDeployments.get
oracledatabase.goldenGateDeployments.list
oracledatabase.goldenGateDeployments.start
oracledatabase.goldenGateDeployments.stop
oracledatabase.goldenGateDeployments.use

The following permissions have reached General Availability (GA):

oracledatabase.goldenGateConnectionAssignments.create
oracledatabase.goldenGateConnectionAssignments.delete
oracledatabase.goldenGateConnectionAssignments.get
oracledatabase.goldenGateConnectionAssignments.list
oracledatabase.goldenGateConnectionAssignments.test
oracledatabase.goldenGateConnectionTypes.list
oracledatabase.goldenGateConnections.create
oracledatabase.goldenGateConnections.delete
oracledatabase.goldenGateConnections.get
oracledatabase.goldenGateConnections.list
oracledatabase.goldenGateConnections.use
oracledatabase.goldenGateDeploymentTypes.list
oracledatabase.goldenGateDeploymentVersions.list
oracledatabase.goldenGateDeployments.create
oracledatabase.goldenGateDeployments.delete
oracledatabase.goldenGateDeployments.get
oracledatabase.goldenGateDeployments.list
oracledatabase.goldenGateDeployments.start
oracledatabase.goldenGateDeployments.stop
oracledatabase.goldenGateDeployments.use

The following permissions have been added to the Audit Manager Auditing Service Agent role (roles/auditmanager.serviceAgent):

binaryauthorization.policy.get
compute.networks.list

The following permissions have been added to the Cloud Security Compliance Service Agent role (roles/cloudsecuritycompliance.serviceAgent):

binaryauthorization.policy.get
compute.networks.list

The following permissions have been added to the Kubernetes Engine Default Node Service Agent role (roles/container.defaultNodeServiceAgent):

trafficdirector.networks.getConfigs
trafficdirector.networks.reportMetrics

The following permissions have been added to the Dataproc Serverless Node. role (roles/dataproc.serverlessNode):

dataprocrm.operations.get

The following permissions have been added to the Dataproc Worker role (roles/dataproc.worker):

dataprocrm.operations.get

The External Exposure Service Agent role (roles/externalexposure.serviceAgent) has reached General Availability (GA).

The following permissions have been added to the Firebase Data Connect Service Agent role (roles/firebasedataconnect.serviceAgent):

run.routes.invoke

The following permissions have been added to the Multi Cluster Ingress Service Agent role (roles/multiclusteringress.serviceAgent):

networkservices.lbEdgeExtensions.create
networkservices.lbEdgeExtensions.delete
networkservices.lbEdgeExtensions.get
networkservices.lbEdgeExtensions.list
networkservices.lbEdgeExtensions.update

The following permissions have been added:

aiplatform.provisionedThroughputs.split

The following permissions have been added:

businessaicode.locations.generateContent
businessaicode.locations.queryConfiguration
businessaicode.locations.sendTelemetry

The following permissions are supported in custom roles:

businessaicode.locations.generateContent
businessaicode.locations.queryConfiguration
businessaicode.locations.sendTelemetry

The following permissions have reached General Availability (GA):

storage.buckets.viewIntelligenceDetails

The following permissions have been added:

threatintelligence.alertdocuments.get
threatintelligence.alerts.get
threatintelligence.alerts.list
threatintelligence.alerts.update
threatintelligence.configurations.get
threatintelligence.configurations.list
threatintelligence.configurations.listRevisions
threatintelligence.configurations.update
threatintelligence.findings.get
threatintelligence.findings.list

The following permissions are supported in custom roles:

threatintelligence.alertdocuments.get
threatintelligence.alerts.get
threatintelligence.alerts.list
threatintelligence.alerts.update
threatintelligence.configurations.get
threatintelligence.configurations.list
threatintelligence.configurations.listRevisions
threatintelligence.configurations.update
threatintelligence.findings.get
threatintelligence.findings.list

The following permissions have been added to the Customer Engagement Suite Service Agent role (roles/ces.serviceAgent):

ces.apps.get
contactcenterinsights.discoveries.generate
contactcenterinsights.discoveries.get
contactcenterinsights.discoveries.list
contactcenterinsights.discoveryWorkspaces.get
contactcenterinsights.discoveryWorkspaces.list
contactcenterinsights.faqModels.get
contactcenterinsights.faqModels.list

The following permissions have been added to the Cloud Build Service Account role (roles/cloudbuild.builds.builder):

compute.images.create

The following permissions have been added to the Cloud Build Service Agent role (roles/cloudbuild.serviceAgent):

compute.images.create

The following permissions have been added to the Cloud Hub Operator role (roles/cloudhub.operator):

billing.resourceCosts.get

The following permissions have been added to the Composer Worker role (roles/composer.worker):

compute.images.create

The Dataplex Metadata Feed Owner role (roles/dataplex.metadataFeedOwner) has reached General Availability (GA).

The Dataplex Metadata Feed Viewer role (roles/dataplex.metadataFeedViewer) has reached General Availability (GA).

The Gemini Enterprise Admin role (roles/discoveryengine.agentspaceAdmin) has reached General Availability (GA).

The Gemini Enterprise User role (roles/discoveryengine.agentspaceUser) has reached General Availability (GA).

The following permissions have been added to the Discovery Engine Admin role (roles/discoveryengine.admin):

discoveryengine.locations.completeExternalIdentities

The following permissions have been added to the Gemini Enterprise Admin role (roles/discoveryengine.agentspaceAdmin):

discoveryengine.locations.completeExternalIdentities

The following permissions have been added to the Gemini Enterprise Editor role (roles/discoveryengine.agentspaceEditor):

discoveryengine.locations.completeExternalIdentities

The following permissions have been added to the Gemini Enterprise User role (roles/discoveryengine.agentspaceUser):

cloudaicompanion.companions.generateChat
cloudaicompanion.companions.generateCode
cloudaicompanion.entitlements.get
cloudaicompanion.instances.completeCode
cloudaicompanion.instances.completeTask
cloudaicompanion.instances.exportMetrics
cloudaicompanion.instances.generateCode
cloudaicompanion.instances.generateText
cloudaicompanion.instances.queryEffectiveSetting
cloudaicompanion.instances.queryEffectiveSettingBindings
cloudaicompanion.licenses.selfAssign
cloudaicompanion.operations.get
cloudaicompanion.topics.create

The following permissions have been added to the Gemini Enterprise Viewer role (roles/discoveryengine.agentspaceViewer):

discoveryengine.locations.completeExternalIdentities

The following permissions have been added to the Discovery Engine Editor role (roles/discoveryengine.editor):

discoveryengine.locations.completeExternalIdentities

The following permissions have been added to the Podcast API User role (roles/discoveryengine.podcastApiUser):

cloudaicompanion.companions.generateChat
cloudaicompanion.companions.generateCode
cloudaicompanion.entitlements.get
cloudaicompanion.instances.completeCode
cloudaicompanion.instances.completeTask
cloudaicompanion.instances.exportMetrics
cloudaicompanion.instances.generateCode
cloudaicompanion.instances.generateText
cloudaicompanion.instances.queryEffectiveSetting
cloudaicompanion.instances.queryEffectiveSettingBindings
cloudaicompanion.licenses.selfAssign
cloudaicompanion.operations.get
cloudaicompanion.topics.create

The following permissions have been added to the Discovery Engine User role (roles/discoveryengine.user):

cloudaicompanion.companions.generateChat
cloudaicompanion.companions.generateCode
cloudaicompanion.entitlements.get
cloudaicompanion.instances.completeCode
cloudaicompanion.instances.completeTask
cloudaicompanion.instances.exportMetrics
cloudaicompanion.instances.generateCode
cloudaicompanion.instances.generateText
cloudaicompanion.instances.queryEffectiveSetting
cloudaicompanion.instances.queryEffectiveSettingBindings
cloudaicompanion.licenses.selfAssign
cloudaicompanion.operations.get
cloudaicompanion.topics.create

The following permissions have been added to the Discovery Engine Viewer role (roles/discoveryengine.viewer):

discoveryengine.locations.completeExternalIdentities

The following permissions have been added to the Edge Container Service Agent role (roles/edgecontainer.serviceAgent):

gkehub.features.create
gkehub.features.update

The following permissions have been added to the Network Connectivity Service Agent role (roles/networkconnectivity.serviceAgent):

dns.changes.create

The following permissions have been added to the Cloud Run Service Agent role (roles/run.serviceAgent):

storage.buckets.create
storage.buckets.get
storage.buckets.update
storage.objects.create
storage.objects.delete
storage.objects.update

The following permissions have been added:

bigquery.reservations.getIamPolicy
bigquery.reservations.setIamPolicy

The following permissions have reached General Availability (GA):

bigquery.reservations.getIamPolicy
bigquery.reservations.setIamPolicy

The following permissions have been added:

bigqueryreservation.googleapis.com/reservations.getIamPolicy
bigqueryreservation.googleapis.com/reservations.setIamPolicy

The following permissions have reached General Availability (GA):

bigqueryreservation.googleapis.com/reservations.getIamPolicy
bigqueryreservation.googleapis.com/reservations.setIamPolicy

The following permissions have been added:

chroniclesm.soarRoleScripts.list

The following permissions are supported in custom roles:

chroniclesm.soarRoleScripts.list

The following permissions have been added:

compute.reservationSlots.get
compute.reservationSlots.list
compute.reservationSlots.update

The following permissions are supported in custom roles:

compute.reservationSlots.get
compute.reservationSlots.list
compute.reservationSlots.update

The following permissions have been added:

config.automigrationconfig.get
config.automigrationconfig.update

The following permissions are supported in custom roles:

config.automigrationconfig.get
config.automigrationconfig.update

The following permissions have reached General Availability (GA):

config.automigrationconfig.get
config.automigrationconfig.update

The following permissions have been added:

databasecenter.fleetInsights.list

The following permissions are supported in custom roles:

databasecenter.fleetInsights.list

The following permissions have reached General Availability (GA):

databasecenter.fleetInsights.list

The following permissions have been added:

dataplex.metadataFeeds.create
dataplex.metadataFeeds.delete
dataplex.metadataFeeds.get
dataplex.metadataFeeds.list
dataplex.metadataFeeds.update

The following permissions are supported in custom roles:

dataplex.metadataFeeds.create
dataplex.metadataFeeds.delete
dataplex.metadataFeeds.get
dataplex.metadataFeeds.list
dataplex.metadataFeeds.update

The following permissions have reached General Availability (GA):

dataplex.metadataFeeds.create
dataplex.metadataFeeds.delete
dataplex.metadataFeeds.get
dataplex.metadataFeeds.list
dataplex.metadataFeeds.update

The following permissions have been added:

observability.locations.get
observability.locations.list
observability.settings.get
observability.settings.update

The following permissions are supported in custom roles:

observability.locations.get
observability.locations.list
observability.settings.get
observability.settings.update

The following permissions have been added:

workloadmanager.insights.delete

The following permissions have been added to the Customer Engagement Suite Service Agent role (roles/ces.serviceAgent):

contactcenterinsights.analyses.create
contactcenterinsights.analyses.delete
contactcenterinsights.analyses.get
contactcenterinsights.analyses.list
contactcenterinsights.analysisRules.create
contactcenterinsights.analysisRules.delete
contactcenterinsights.analysisRules.get
contactcenterinsights.analysisRules.list
contactcenterinsights.analysisRules.update
contactcenterinsights.datasetAnalyses.create
contactcenterinsights.datasetAnalyses.get
contactcenterinsights.datasetAnalyses.list
contactcenterinsights.operations.list
contactcenterinsights.qaQuestions.create
contactcenterinsights.qaQuestions.delete
contactcenterinsights.qaQuestions.get
contactcenterinsights.qaQuestions.list
contactcenterinsights.qaQuestions.update
contactcenterinsights.qaScorecardRevisions.create
contactcenterinsights.qaScorecardRevisions.delete
contactcenterinsights.qaScorecardRevisions.deploy
contactcenterinsights.qaScorecardRevisions.get
contactcenterinsights.qaScorecardRevisions.list
contactcenterinsights.qaScorecardRevisions.tune
contactcenterinsights.qaScorecardRevisions.undeploy
contactcenterinsights.qaScorecards.create
contactcenterinsights.qaScorecards.delete
contactcenterinsights.qaScorecards.get
contactcenterinsights.qaScorecards.list
contactcenterinsights.qaScorecards.update

The following permissions have been added to the Cloud Security Compliance Service Agent role (roles/cloudsecuritycompliance.serviceAgent):

dlp.fileStoreProfiles.list
dlp.jobs.list
dlp.tableDataProfiles.get

The following permissions have been added to the Kubernetes Engine Service Agent role (roles/container.serviceAgent):

resourcemanager.tagHolds.create
resourcemanager.tagHolds.delete
resourcemanager.tagHolds.list

The following permissions have been added to the Database Migration Service Agent role (roles/datamigration.serviceAgent):

logging.logEntries.list
logging.logServiceIndexes.list
logging.logServices.list
logging.logs.list

The following permissions have been added to the Gemini Enterprise User role (roles/discoveryengine.agentspaceUser):

discoveryengine.locations.completeExternalIdentities

The following permissions have been added to the Cloud NotebookLM Notebook Editor role (roles/discoveryengine.notebookEditor):

discoveryengine.notebooks.getAnalytics

The following permissions have been added to the Cloud NotebookLM Admin role (roles/discoveryengine.notebookLmOwner):

discoveryengine.locations.completeExternalIdentities

The following permissions have been added to the Cloud NotebookLM User role (roles/discoveryengine.notebookLmUser):

discoveryengine.locations.completeExternalIdentities

The following permissions have been added to the Podcast API User role (roles/discoveryengine.podcastApiUser):

discoveryengine.locations.completeExternalIdentities

The following permissions have been added to the Discovery Engine User role (roles/discoveryengine.user):

discoveryengine.locations.completeExternalIdentities

The following permissions have been added to the DSPM Service Agent role (roles/dspm.serviceAgent):

cloudasset.feeds.get

The Edge Container API Key Admin role (roles/edgecontainer.apiKeyAdmin) has been added with the following permissions:

edgecontainer.apikeys.create
edgecontainer.apikeys.delete
edgecontainer.apikeys.get
edgecontainer.apikeys.list
edgecontainer.googleapis.com/apikeys.create
edgecontainer.googleapis.com/apikeys.delete
edgecontainer.googleapis.com/apikeys.get
edgecontainer.googleapis.com/apikeys.list
edgecontainer.googleapis.com/locations.get
edgecontainer.googleapis.com/locations.list
edgecontainer.googleapis.com/operations.cancel
edgecontainer.googleapis.com/operations.delete
edgecontainer.googleapis.com/operations.get
edgecontainer.googleapis.com/operations.list
edgecontainer.locations.get
edgecontainer.locations.list
edgecontainer.operations.cancel
edgecontainer.operations.delete
edgecontainer.operations.get
edgecontainer.operations.list

The Edge Container API Key Viewer role (roles/edgecontainer.apiKeyViewer) has been added with the following permissions:

edgecontainer.apikeys.get
edgecontainer.apikeys.list
edgecontainer.googleapis.com/apikeys.get
edgecontainer.googleapis.com/apikeys.list
edgecontainer.googleapis.com/locations.get
edgecontainer.googleapis.com/locations.list
edgecontainer.googleapis.com/operations.get
edgecontainer.googleapis.com/operations.list
edgecontainer.locations.get
edgecontainer.locations.list
edgecontainer.operations.get
edgecontainer.operations.list

The Edge Container Service Account Key Viewer role (roles/edgecontainer.serviceAccountKeyViewer) has been added with the following permissions:

edgecontainer.googleapis.com/serviceaccounts.describekey
edgecontainer.googleapis.com/serviceaccounts.get
edgecontainer.googleapis.com/serviceaccounts.list
edgecontainer.googleapis.com/serviceaccounts.listkeys
edgecontainer.serviceaccounts.describekey
edgecontainer.serviceaccounts.get
edgecontainer.serviceaccounts.list
edgecontainer.serviceaccounts.listkeys

The Edge Container Roles Viewer role (roles/edgecontainer.zoneRolesViewer) has reached General Availability (GA).

The following permissions have been added to the Edge Container Admin role (roles/edgecontainer.admin):

edgecontainer.apikeys.create
edgecontainer.apikeys.delete
edgecontainer.apikeys.get
edgecontainer.apikeys.list
edgecontainer.serviceaccounts.describekey
edgecontainer.serviceaccounts.disablekey
edgecontainer.serviceaccounts.listkeys

The following permissions have been added to the Edge Container Service Account Key Admin role (roles/edgecontainer.serviceAccountKeyAdmin):

edgecontainer.serviceaccounts.describekey
edgecontainer.serviceaccounts.disablekey
edgecontainer.serviceaccounts.listkeys

The following permissions have been added to the Edge Container Viewer role (roles/edgecontainer.viewer):

edgecontainer.apikeys.get
edgecontainer.apikeys.list
edgecontainer.serviceaccounts.describekey
edgecontainer.serviceaccounts.listkeys

The following permissions have been added to the Editor role (roles/editor):

edgecontainer.apikeys.create
edgecontainer.apikeys.delete
edgecontainer.apikeys.get
edgecontainer.apikeys.list
edgecontainer.serviceaccounts.describekey
edgecontainer.serviceaccounts.disablekey
edgecontainer.serviceaccounts.listkeys

The following permissions have been added to the Security Admin role (roles/iam.securityAdmin):

edgecontainer.apikeys.list

The following permissions have been added to the Security Auditor role (roles/iam.securityAuditor):

edgecontainer.apikeys.list

The following permissions have been added to the Security Reviewer role (roles/iam.securityReviewer):

edgecontainer.apikeys.list

The following permissions have been added to the Support User role (roles/iam.supportUser):

edgecontainer.apikeys.get
edgecontainer.apikeys.list
edgecontainer.serviceaccounts.describekey
edgecontainer.serviceaccounts.listkeys

The following permissions have been added to the Monitoring Service Agent role (roles/monitoring.notificationServiceAgent):

observability.links.list

The following permissions have been added to the Owner role (roles/owner):

edgecontainer.apikeys.create
edgecontainer.apikeys.delete
edgecontainer.apikeys.get
edgecontainer.apikeys.list
edgecontainer.serviceaccounts.describekey
edgecontainer.serviceaccounts.disablekey
edgecontainer.serviceaccounts.listkeys

The following permissions have been added to the Service Usage Admin role (roles/serviceusage.serviceUsageAdmin):

cloudquotas.quotas.get
cloudquotas.quotas.update

The following permissions have been added to the Telco Automation Admin role (roles/telcoautomation.admin):

cloudquotas.quotas.get
cloudquotas.quotas.update

The following permissions have been added to the Viewer role (roles/viewer):

edgecontainer.apikeys.get
edgecontainer.apikeys.list
edgecontainer.serviceaccounts.describekey
edgecontainer.serviceaccounts.listkeys

The following permissions have been added:

discoveryengine.agents.getAgentView
discoveryengine.agents.getIamPolicy
discoveryengine.agents.listAvailableAgentViews
discoveryengine.agents.manage
discoveryengine.agents.requestReview
discoveryengine.agents.setIamPolicy
discoveryengine.completionSuggestions.import
discoveryengine.completionSuggestions.purge
discoveryengine.locations.completeExternalIdentities

The following permissions are supported in custom roles:

discoveryengine.agents.getAgentView
discoveryengine.agents.getIamPolicy
discoveryengine.agents.listAvailableAgentViews
discoveryengine.agents.manage
discoveryengine.agents.requestReview
discoveryengine.agents.setIamPolicy
discoveryengine.completionSuggestions.import
discoveryengine.completionSuggestions.purge
discoveryengine.locations.completeExternalIdentities

The following permissions have reached General Availability (GA):

discoveryengine.completionSuggestions.import
discoveryengine.completionSuggestions.purge
discoveryengine.locations.completeExternalIdentities
discoveryengine.servingConfigs.create
discoveryengine.servingConfigs.delete

The following permissions have been added:

edgecontainer.apikeys.create
edgecontainer.apikeys.delete
edgecontainer.apikeys.get
edgecontainer.apikeys.list
edgecontainer.serviceaccounts.describekey
edgecontainer.serviceaccounts.disablekey
edgecontainer.serviceaccounts.listkeys
edgecontainer.zones.listRoles

The following permissions are supported in custom roles:

edgecontainer.zones.listRoles

The following permissions have reached General Availability (GA):

edgecontainer.zones.listRoles

The following permissions have been added:

servicehealth.artifacts.list

The following permissions are supported in custom roles:

servicehealth.artifacts.list

The following permissions have been added:

storagebatchoperations.bucketOperations.get
storagebatchoperations.bucketOperations.list

The following permissions are supported in custom roles:

storagebatchoperations.bucketOperations.get
storagebatchoperations.bucketOperations.list

The following permissions have reached General Availability (GA):

storagebatchoperations.bucketOperations.get
storagebatchoperations.bucketOperations.list

The following permissions have been added to the Vertex AI Service Agent role (roles/aiplatform.serviceAgent):

binaryauthorization.policy.evaluatePolicy

The following permissions have been added to the Apigee Service Agent role (roles/apigee.serviceAgent):

apihub.deployments.list

The Backup and DR AlloyDB Operator role (roles/backupdr.alloydbOperator) has reached General Availability (GA).

The Backup and DR Cloud SQL Operator role (roles/backupdr.cloudSqlOperator) has reached General Availability (GA).

The Backup and DR Disk Operator role (roles/backupdr.diskOperator) has reached General Availability (GA).

The following permissions have been added to the Billing Account Viewer role (roles/billing.viewer):

discoveryengine.billingAccountLicenseConfigs.get
discoveryengine.billingAccountLicenseConfigs.list

The following permissions have been added to the Customer Engagement Suite Service Agent role (roles/ces.serviceAgent):

ces.appVersions.create
ces.appVersions.get
ces.evaluationResults.get
ces.evaluationRuns.get

The following permissions have been added to the Network Connectivity Service Agent role (roles/networkconnectivity.serviceAgent):

dns.managedZoneOperations.get
dns.managedZoneOperations.list
dns.managedZones.delete
dns.managedZones.get
dns.managedZones.list
dns.managedZones.update
dns.resourceRecordSets.create
dns.resourceRecordSets.delete
dns.resourceRecordSets.get
dns.resourceRecordSets.list
dns.resourceRecordSets.update

The following permissions have reached General Availability (GA):

apphub.boundaries.attach
apphub.boundaries.get
apphub.boundaries.update

The following permissions have been added:

financialservices.v1models.copyFrom
financialservices.v1models.copyTo

The following permissions are supported in custom roles:

financialservices.v1models.copyFrom
financialservices.v1models.copyTo

The following permissions have reached General Availability (GA):

financialservices.v1models.copyFrom
financialservices.v1models.copyTo

The following permissions have been added:

securesourcemanager.instances.linkDeveloperConnect

The following permissions are supported in custom roles:

securesourcemanager.instances.linkDeveloperConnect

The following permissions have reached General Availability (GA):

securesourcemanager.instances.linkDeveloperConnect

The Vertex AI Agent Engine Memory Editor Role role (roles/aiplatform.memoryEditor) has reached General Availability (GA).

The Vertex AI Agent Engine Memory User Role role (roles/aiplatform.memoryUser) has reached General Availability (GA).

The Vertex AI Agent Engine Memory Viewer Role role (roles/aiplatform.memoryViewer) has reached General Availability (GA).

The Vertex AI Agent Engine Session Editor Role role (roles/aiplatform.sessionEditor) has reached General Availability (GA).

The Vertex AI Agent Engine Session User Role role (roles/aiplatform.sessionUser) has reached General Availability (GA).

The Vertex AI Agent Engine Session Viewer Role role (roles/aiplatform.sessionViewer) has reached General Availability (GA).

The following permissions have been added to the Vertex AI Platform Express User role (roles/aiplatform.expressUser):

aiplatform.locations.evaluateInstances

The Apigee APIM Service Extension Service Agent role (roles/apigee.apimServiceExtensionServiceAgent) has reached General Availability (GA).

The following permissions have been added to the Apigee Security Admin role (roles/apigee.securityAdmin):

apihub.apis.get
apihub.deployments.list

The following permissions have been added to the Apigee Security Viewer role (roles/apigee.securityViewer):

apihub.apis.get
apihub.deployments.list

The following permissions have been added to the App Engine Admin role (roles/appengine.appAdmin):

recommender.locations.get
recommender.locations.list

The following permissions have been added to the App Engine Viewer role (roles/appengine.appViewer):

recommender.locations.get
recommender.locations.list

The following permissions have been added to the App Engine Deployer role (roles/appengine.deployer):

recommender.locations.get
recommender.locations.list

The following permissions have been added to the App Engine Service Admin role (roles/appengine.serviceAdmin):

recommender.locations.get
recommender.locations.list

The following permissions have been added to the Customer Engagement Suite Service Agent role (roles/ces.serviceAgent):

ces.operations.get

The following permissions have been added to the Chronicle API Admin role (roles/chronicle.admin):

chronicle.integrationLogicalOperatorRevisions.get
chronicle.integrationLogicalOperatorRevisions.update

The following permissions have been added to the Chronicle API Editor role (roles/chronicle.editor):

chronicle.integrationLogicalOperatorRevisions.get
chronicle.integrationLogicalOperatorRevisions.update
chronicle.moduleSettings.get

The following permissions have been added to the Chronicle API Viewer role (roles/chronicle.viewer):

chronicle.moduleSettings.get

The following permissions have been added to the Gemini for Google Cloud Service Agent role (roles/cloudaicompanion.serviceAgent):

cloudaicompanion.instances.exportMetrics
cloudaicompanion.instances.queryEffectiveSetting
cloudaicompanion.instances.queryEffectiveSettingBindings
cloudaicompanion.licenses.selfAssign

The following permissions have been added to the Instance Group Manager Service Agent role (roles/compute.instanceGroupManagerServiceAgent):

networkconnectivity.serviceClasses.use
resourcemanager.tagValueBindings.create
resourcemanager.tagValueBindings.delete
resourcemanager.tagValues.get

The following permissions have been added to the DataCatalog Entry Owner role (roles/datacatalog.entryOwner):

dataplex.entryGroups.useStorageAspect

The following permissions have been removed from the Dataplex Administrator role (roles/dataplex.admin):

dataplex.entryGroups.useStorageAspect

The following permissions have been added to the Dataplex Catalog Editor role (roles/dataplex.catalogEditor):

dataplex.entryGroups.useStorageAspect

The following permissions have been added to the Dataplex Entry and EntryLink Owner role (roles/dataplex.entryOwner):

dataplex.entryGroups.useStorageAspect

The following permissions have been added to the Support User role (roles/iam.supportUser):

cloudaicompanion.topics.create
geminicloudassist.investigations.create

The following permissions have been added to the Viewer role (roles/viewer):

cloudaicompanion.topics.create
geminicloudassist.investigations.create

The following permissions have been added:

aiplatform.memoryRevisions.get
aiplatform.memoryRevisions.list
aiplatform.memoryRevisions.rollback

The following permissions have been added:

compute.instantSnapshotGroups.create
compute.instantSnapshotGroups.delete
compute.instantSnapshotGroups.get
compute.instantSnapshotGroups.getIamPolicy
compute.instantSnapshotGroups.list
compute.instantSnapshotGroups.setIamPolicy
compute.instantSnapshotGroups.useReadOnly
compute.reservations.createTagBinding
compute.reservations.deleteTagBinding
compute.reservations.listEffectiveTags
compute.reservations.listTagBindings

The following permissions have been added:

dataplex.entryGroups.useStorageAspect

The following permissions are supported in custom roles:

dataplex.entryGroups.useStorageAspect

The following permissions have reached General Availability (GA):

dataplex.entryGroups.useStorageAspect

The following permissions have been added:

developerconnect.deploymentEvents.get
developerconnect.deploymentEvents.list

The following permissions are supported in custom roles:

developerconnect.deploymentEvents.get
developerconnect.deploymentEvents.list

The following permissions have been added:

iam.roles.createTagBinding
iam.roles.deleteTagBinding
iam.roles.listEffectiveTags
iam.roles.listTagBindings

The following permissions are supported in custom roles:

iam.roles.createTagBinding
iam.roles.deleteTagBinding
iam.roles.listEffectiveTags
iam.roles.listTagBindings

The following permissions have been added:

storage.buckets.viewIntelligenceDetails

The following permissions are supported in custom roles:

storage.buckets.viewIntelligenceDetails

The following permissions have been added to the Vertex AI RAG Data Service Agent role (roles/aiplatform.ragServiceAgent):

vectorsearch.collections.create
vectorsearch.collections.delete
vectorsearch.collections.get
vectorsearch.collections.list
vectorsearch.collections.update
vectorsearch.dataObjects.create
vectorsearch.dataObjects.delete
vectorsearch.dataObjects.get
vectorsearch.dataObjects.import
vectorsearch.dataObjects.query
vectorsearch.dataObjects.search
vectorsearch.dataObjects.update
vectorsearch.indexes.create
vectorsearch.indexes.delete
vectorsearch.indexes.get
vectorsearch.indexes.list
vectorsearch.operations.get
vectorsearch.operations.list

The following permissions have been added to the API-Hub Runtime Project Service Agent role (roles/apihub.runtimeProjectServiceAgent):

apihub.addons.get
apihub.addons.list

The following permissions have been added to the Customer Engagement Suite Service Agent role (roles/ces.serviceAgent):

contactcenterinsights.faqModels.create
contactcenterinsights.operations.get

The following permissions have been added to the Chronicle API Admin role (roles/chronicle.admin):

chronicle.alertGroupingRules.delete
chronicle.alertGroupingRules.get
chronicle.alertGroupingRules.update
chronicle.announcements.delete
chronicle.announcements.get
chronicle.announcements.update
chronicle.attachments.delete
chronicle.attachments.get
chronicle.attachments.update
chronicle.calculatedFieldDefinitions.delete
chronicle.calculatedFieldDefinitions.get
chronicle.calculatedFieldDefinitions.update
chronicle.caseAlerts.get
chronicle.caseAlerts.metadataUpdate
chronicle.caseAlerts.move
chronicle.caseAlerts.updateSla
chronicle.caseCloseDefinitions.delete
chronicle.caseCloseDefinitions.get
chronicle.caseCloseDefinitions.update
chronicle.caseComments.delete
chronicle.caseComments.get
chronicle.caseComments.update
chronicle.caseQueueFilters.delete
chronicle.caseQueueFilters.get
chronicle.caseQueueFilters.update
chronicle.caseStageDefinitions.delete
chronicle.caseStageDefinitions.get
chronicle.caseStageDefinitions.update
chronicle.caseTagDefinitions.delete
chronicle.caseTagDefinitions.get
chronicle.caseTagDefinitions.update
chronicle.caseWallRecords.get
chronicle.caseWallRecords.update
chronicle.cases.close
chronicle.cases.generateReport
chronicle.cases.get
chronicle.cases.removeTag
chronicle.cases.reopen
chronicle.cases.update
chronicle.cases.updateTag
chronicle.chatMessages.create
chronicle.chatMessages.get
chronicle.chatMessages.pin
chronicle.connectorInstanceLogs.get
chronicle.connectorInstances.delete
chronicle.connectorInstances.get
chronicle.connectorInstances.update
chronicle.connectorRevisions.delete
chronicle.connectorRevisions.get
chronicle.connectorRevisions.update
chronicle.connectors.delete
chronicle.connectors.get
chronicle.connectors.update
chronicle.contentPacks.create
chronicle.contentPacks.delete
chronicle.contentPacks.export
chronicle.contentPacks.get
chronicle.contentPacks.install
chronicle.contextProperties.delete
chronicle.contextProperties.get
chronicle.contextProperties.update
chronicle.customFieldValues.get
chronicle.customFieldValues.update
chronicle.customFields.delete
chronicle.customFields.get
chronicle.customFields.update
chronicle.customLists.delete
chronicle.customLists.get
chronicle.customLists.update
chronicle.emailTemplates.delete
chronicle.emailTemplates.get
chronicle.emailTemplates.update
chronicle.entitiesBlocklists.delete
chronicle.entitiesBlocklists.get
chronicle.entitiesBlocklists.update
chronicle.environmentGroups.delete
chronicle.environmentGroups.get
chronicle.environmentGroups.update
chronicle.environments.delete
chronicle.environments.get
chronicle.environments.update
chronicle.formDynamicParameters.update
chronicle.instances.soarAdmin
chronicle.integrationActionRevisions.delete
chronicle.integrationActionRevisions.get
chronicle.integrationActionRevisions.update
chronicle.integrationActions.delete
chronicle.integrationActions.get
chronicle.integrationActions.run
chronicle.integrationActions.update
chronicle.integrationInstances.delete
chronicle.integrationInstances.get
chronicle.integrationInstances.update
chronicle.integrationLogicalOperatorRevisions.delete
chronicle.integrationLogicalOperators.delete
chronicle.integrationLogicalOperators.execute
chronicle.integrationLogicalOperators.get
chronicle.integrationLogicalOperators.update
chronicle.integrations.delete
chronicle.integrations.get
chronicle.integrations.update
chronicle.involvedEntities.get
chronicle.involvedEntities.update
chronicle.jobInstanceLogs.get
chronicle.jobInstances.delete
chronicle.jobInstances.get
chronicle.jobInstances.run
chronicle.jobInstances.update
chronicle.jobRevisions.delete
chronicle.jobRevisions.get
chronicle.jobRevisions.update
chronicle.jobs.delete
chronicle.jobs.get
chronicle.jobs.update
chronicle.legacyCaseFederationPlatforms.delete
chronicle.legacyCaseFederationPlatforms.get
chronicle.legacyCaseFederationPlatforms.update
chronicle.legacyCases.createManual
chronicle.legacyCases.createSimulated
chronicle.legacyCases.deleteSimulated
chronicle.legacyCases.exportJson
chronicle.legacyCases.get
chronicle.legacyCases.getSimulated
chronicle.legacyCases.importJson
chronicle.legacyCases.ingest
chronicle.legacyCases.ingestAlertTestCase
chronicle.legacyCases.runManualAction
chronicle.legacyCases.simulate
chronicle.legacyConfiguration.getMaximumAlertsGroupingConfiguration
chronicle.legacyFederatedCases.batchPatchFederatedCases
chronicle.legacyFederatedCases.fetchCasesToSync
chronicle.legacyFederatedCases.get
chronicle.legacyPlaybooks.delete
chronicle.legacyPlaybooks.export
chronicle.legacyPlaybooks.get
chronicle.legacyPlaybooks.import
chronicle.legacyPlaybooks.update
chronicle.legacyPublisher.get
chronicle.legacyPublisher.update
chronicle.legacySdk.get
chronicle.legacySdk.update
chronicle.legacySearches.searchCases
chronicle.legacySearches.searchEntities
chronicle.legacySoarAdvancedReports.delete
chronicle.legacySoarAdvancedReports.get
chronicle.legacySoarAdvancedReports.share
chronicle.legacySoarAdvancedReports.update
chronicle.legacySoarAudits.legacySoarAudit
chronicle.legacySoarDashboards.delete
chronicle.legacySoarDashboards.get
chronicle.legacySoarDashboards.update
chronicle.legacySoarIdpMappingGroups.delete
chronicle.legacySoarIdpMappingGroups.get
chronicle.legacySoarIdpMappingGroups.update
chronicle.legacySoarPermissionGroups.get
chronicle.legacySoarReports.delete
chronicle.legacySoarReports.get
chronicle.legacySoarReports.update
chronicle.legacySoarSettings.get
chronicle.legacySoarSettings.update
chronicle.legacySoarUsers.delete
chronicle.legacySoarUsers.get
chronicle.legacySystem.getLicenseStatus
chronicle.legacySystem.getMaximumDataRetentionValue
chronicle.legacySystem.getSystemVersion
chronicle.legacySystemMetadata.get
chronicle.legacySystemMetadata.placeholders
chronicle.managerRevisions.delete
chronicle.managerRevisions.get
chronicle.managerRevisions.update
chronicle.managers.delete
chronicle.managers.get
chronicle.managers.update
chronicle.mappingRules.delete
chronicle.mappingRules.get
chronicle.mappingRules.update
chronicle.marketplaceIntegrations.get
chronicle.marketplaceIntegrations.install
chronicle.marketplaceIntegrations.uninstall
chronicle.moduleSettings.rebranding
chronicle.notificationSettings.get
chronicle.notificationSettings.update
chronicle.ontologyRecords.get
chronicle.ontologyRecords.update
chronicle.propertySchemaDefinitions.delete
chronicle.propertySchemaDefinitions.get
chronicle.propertySchemaDefinitions.update
chronicle.remoteAgents.delete
chronicle.remoteAgents.get
chronicle.remoteAgents.update
chronicle.requestTemplates.delete
chronicle.requestTemplates.get
chronicle.requestTemplates.update
chronicle.slaDefinitions.delete
chronicle.slaDefinitions.get
chronicle.slaDefinitions.update
chronicle.soarDomains.delete
chronicle.soarDomains.get
chronicle.soarDomains.update
chronicle.soarNetworks.delete
chronicle.soarNetworks.get
chronicle.soarNetworks.update
chronicle.socRoles.delete
chronicle.socRoles.get
chronicle.socRoles.update
chronicle.systemNotifications.get
chronicle.systemNotifications.update
chronicle.tasks.delete
chronicle.tasks.get
chronicle.tasks.update
chronicle.transformerDefinitions.create
chronicle.transformerDefinitions.delete
chronicle.transformerDefinitions.execute
chronicle.transformerDefinitions.get
chronicle.transformerDefinitions.list
chronicle.transformerDefinitions.update
chronicle.transformerRevisions.delete
chronicle.transformerRevisions.get
chronicle.transformerRevisions.update
chronicle.uniqueEntities.get
chronicle.uniqueEntities.update
chronicle.userLocalizations.get
chronicle.userLocalizations.update
chronicle.userNotifications.get
chronicle.userNotifications.update
chronicle.views.get
chronicle.views.update
chronicle.visualFamilies.delete
chronicle.visualFamilies.get
chronicle.visualFamilies.update
chronicle.webhooks.delete
chronicle.webhooks.get
chronicle.webhooks.ingestAlert
chronicle.webhooks.update
chronicle.workdeskContacts.delete
chronicle.workdeskContacts.get
chronicle.workdeskContacts.update
chronicle.workdeskLinks.delete
chronicle.workdeskLinks.get
chronicle.workdeskLinks.update
chronicle.workdeskNotes.delete
chronicle.workdeskNotes.get
chronicle.workdeskNotes.update
cloudasset.assets.exportResource
cloudasset.assets.queryAccessPolicy
cloudasset.assets.queryIamPolicy
cloudasset.assets.queryOSInventories
cloudasset.assets.queryResource
cloudasset.assets.searchAllIamPolicies
cloudasset.assets.searchAllResources
cloudasset.assets.searchEnrichmentResourceOwners
resourcemanager.organizations.get
securitycenter.attackpaths.list
securitycenter.exposurepathexplan.get
securitycenter.findings.bulkMuteUpdate
securitycenter.findings.group
securitycenter.findings.list
securitycenter.findings.listFindingPropertyNames
securitycenter.findings.setMute
securitycenter.findings.setState
securitycenter.findings.update
securitycenter.findingsecuritymarks.update
securitycenter.simulations.get
securitycenter.userinterfacemetadata.get
securitycenter.valuedresources.list

The following permissions have been added to the Chronicle API Editor role (roles/chronicle.editor):

chronicle.announcements.get
chronicle.attachments.delete
chronicle.attachments.get
chronicle.attachments.update
chronicle.calculatedFieldDefinitions.get
chronicle.caseAlerts.get
chronicle.caseAlerts.metadataUpdate
chronicle.caseAlerts.move
chronicle.caseAlerts.updateSla
chronicle.caseCloseDefinitions.delete
chronicle.caseCloseDefinitions.get
chronicle.caseCloseDefinitions.update
chronicle.caseComments.delete
chronicle.caseComments.get
chronicle.caseComments.update
chronicle.caseQueueFilters.delete
chronicle.caseQueueFilters.get
chronicle.caseQueueFilters.update
chronicle.caseStageDefinitions.get
chronicle.caseTagDefinitions.delete
chronicle.caseTagDefinitions.get
chronicle.caseTagDefinitions.update
chronicle.caseWallRecords.get
chronicle.caseWallRecords.update
chronicle.cases.close
chronicle.cases.generateReport
chronicle.cases.get
chronicle.cases.removeTag
chronicle.cases.reopen
chronicle.cases.update
chronicle.cases.updateTag
chronicle.chatMessages.create
chronicle.chatMessages.get
chronicle.chatMessages.pin
chronicle.connectorInstanceLogs.get
chronicle.connectorInstances.delete
chronicle.connectorInstances.get
chronicle.connectorInstances.update
chronicle.connectorRevisions.delete
chronicle.connectorRevisions.get
chronicle.connectorRevisions.update
chronicle.contentPacks.create
chronicle.contentPacks.delete
chronicle.contentPacks.export
chronicle.contentPacks.get
chronicle.contentPacks.install
chronicle.contextProperties.delete
chronicle.contextProperties.get
chronicle.contextProperties.update
chronicle.customFieldValues.get
chronicle.customFieldValues.update
chronicle.customFields.get
chronicle.customLists.get
chronicle.emailTemplates.get
chronicle.entitiesBlocklists.get
chronicle.environmentGroups.get
chronicle.environments.get
chronicle.integrationActionRevisions.delete
chronicle.integrationActionRevisions.get
chronicle.integrationActionRevisions.update
chronicle.integrationActions.get
chronicle.integrationActions.run
chronicle.integrationActions.update
chronicle.integrationInstances.delete
chronicle.integrationInstances.get
chronicle.integrationInstances.update
chronicle.integrationLogicalOperatorRevisions.delete
chronicle.integrationLogicalOperators.delete
chronicle.integrationLogicalOperators.execute
chronicle.integrationLogicalOperators.get
chronicle.integrationLogicalOperators.update
chronicle.integrations.get
chronicle.integrations.update
chronicle.involvedEntities.get
chronicle.involvedEntities.update
chronicle.jobInstanceLogs.get
chronicle.jobInstances.delete
chronicle.jobInstances.get
chronicle.jobInstances.run
chronicle.jobInstances.update
chronicle.jobRevisions.delete
chronicle.jobRevisions.get
chronicle.jobRevisions.update
chronicle.jobs.get
chronicle.jobs.update
chronicle.legacyCases.createManual
chronicle.legacyCases.createSimulated
chronicle.legacyCases.deleteSimulated
chronicle.legacyCases.exportJson
chronicle.legacyCases.get
chronicle.legacyCases.getSimulated
chronicle.legacyCases.importJson
chronicle.legacyCases.ingest
chronicle.legacyCases.ingestAlertTestCase
chronicle.legacyCases.runManualAction
chronicle.legacyCases.simulate
chronicle.legacyPlaybooks.delete
chronicle.legacyPlaybooks.export
chronicle.legacyPlaybooks.get
chronicle.legacyPlaybooks.import
chronicle.legacyPlaybooks.update
chronicle.legacySearches.searchCases
chronicle.legacySearches.searchEntities
chronicle.legacySoarAdvancedReports.delete
chronicle.legacySoarAdvancedReports.get
chronicle.legacySoarAdvancedReports.share
chronicle.legacySoarAdvancedReports.update
chronicle.legacySoarDashboards.delete
chronicle.legacySoarDashboards.get
chronicle.legacySoarDashboards.update
chronicle.legacySoarReports.delete
chronicle.legacySoarReports.get
chronicle.legacySoarReports.update
chronicle.legacySoarUsers.get
chronicle.legacySystemMetadata.get
chronicle.managerRevisions.delete
chronicle.managerRevisions.get
chronicle.managerRevisions.update
chronicle.managers.delete
chronicle.managers.get
chronicle.managers.update
chronicle.marketplaceIntegrations.get
chronicle.marketplaceIntegrations.install
chronicle.marketplaceIntegrations.uninstall
chronicle.moduleSettings.rebranding
chronicle.notificationSettings.get
chronicle.notificationSettings.update
chronicle.ontologyRecords.get
chronicle.remoteAgents.delete
chronicle.remoteAgents.get
chronicle.remoteAgents.update
chronicle.requestTemplates.get
chronicle.soarDomains.get
chronicle.soarNetworks.get
chronicle.tasks.delete
chronicle.tasks.get
chronicle.tasks.update
chronicle.transformerDefinitions.create
chronicle.transformerDefinitions.delete
chronicle.transformerDefinitions.execute
chronicle.transformerDefinitions.get
chronicle.transformerDefinitions.list
chronicle.transformerDefinitions.update
chronicle.transformerRevisions.delete
chronicle.transformerRevisions.get
chronicle.transformerRevisions.update
chronicle.uniqueEntities.get
chronicle.uniqueEntities.update
chronicle.userLocalizations.get
chronicle.userLocalizations.update
chronicle.userNotifications.get
chronicle.userNotifications.update
chronicle.visualFamilies.get
chronicle.webhooks.delete
chronicle.webhooks.get
chronicle.webhooks.ingestAlert
chronicle.webhooks.update
chronicle.workdeskContacts.delete
chronicle.workdeskContacts.get
chronicle.workdeskContacts.update
chronicle.workdeskLinks.delete
chronicle.workdeskLinks.get
chronicle.workdeskLinks.update
chronicle.workdeskNotes.delete
chronicle.workdeskNotes.get
chronicle.workdeskNotes.update

The following permissions have been added to the Chronicle Service Agent role (roles/chronicle.serviceAgent):

chronicle.globalDataAccessScopes.permit
chronicle.investigations.get
chronicle.investigations.list
chronicle.investigations.trigger
logging.logEntries.create
logging.logEntries.route

The following permissions have been added to the Chronicle SOAR Admin role (roles/chronicle.soarAdmin):

chronicle.dataAccessScopes.list
chronicle.formDynamicParameters.get
chronicle.instances.generateSoarAuthJwt
chronicle.instances.get
chronicle.integrationLogicalOperatorRevisions.get
chronicle.integrationLogicalOperatorRevisions.update
chronicle.preferenceSets.get

The following permissions have been added to the Chronicle API Viewer role (roles/chronicle.viewer):

chronicle.announcements.get
chronicle.attachments.get
chronicle.calculatedFieldDefinitions.get
chronicle.caseAlerts.get
chronicle.caseCloseDefinitions.get
chronicle.caseComments.get
chronicle.caseQueueFilters.get
chronicle.caseTagDefinitions.get
chronicle.cases.generateReport
chronicle.cases.get
chronicle.chatMessages.get
chronicle.contentPacks.get
chronicle.contextProperties.get
chronicle.customFieldValues.get
chronicle.customFields.get
chronicle.environmentGroups.get
chronicle.environments.get
chronicle.integrationActions.get
chronicle.involvedEntities.get
chronicle.legacyCases.get
chronicle.legacySearches.searchCases
chronicle.legacySearches.searchEntities
chronicle.legacySoarAdvancedReports.get
chronicle.legacySoarDashboards.get
chronicle.legacySoarReports.get
chronicle.legacySoarUsers.get
chronicle.legacySystemMetadata.get
chronicle.marketplaceIntegrations.get
chronicle.moduleSettings.rebranding
chronicle.requestTemplates.get

The Advisory Support Editor role (roles/cloudsupport.advisorySupportEditor) has reached General Availability (GA).

The Advisory Support Viewer role (roles/cloudsupport.advisorySupportViewer) has reached General Availability (GA).

The Metadata Publisher role (roles/kubernetesmetadata.publisher) has reached General Availability (GA).

The following permissions have been added:

apphub.extendedMetadataSchemas.get
apphub.extendedMetadataSchemas.list

The following permissions are supported in custom roles:

apphub.extendedMetadataSchemas.get
apphub.extendedMetadataSchemas.list

The following permissions have been added:

chronicle.announcements.delete
chronicle.announcements.get
chronicle.announcements.update
chronicle.calculatedFieldDefinitions.delete
chronicle.calculatedFieldDefinitions.get
chronicle.calculatedFieldDefinitions.update
chronicle.integrationLogicalOperatorRevisions.delete
chronicle.integrationLogicalOperatorRevisions.get
chronicle.integrationLogicalOperatorRevisions.update
chronicle.integrationLogicalOperators.delete
chronicle.integrationLogicalOperators.execute
chronicle.integrationLogicalOperators.get
chronicle.integrationLogicalOperators.update
chronicle.labsExperimentExecutions.get
chronicle.labsExperimentExecutions.list
chronicle.labsExperimentExecutions.update
chronicle.labsExperiments.execute
chronicle.labsExperiments.get
chronicle.labsExperiments.list
chronicle.labsExperiments.update
chronicle.legacyCases.createManual
chronicle.legacySoarPermissionGroups.get
chronicle.logProcessingPipelines.associateStreams
chronicle.logProcessingPipelines.create
chronicle.logProcessingPipelines.delete
chronicle.logProcessingPipelines.dissociateStreams
chronicle.logProcessingPipelines.fetchAssociatedPipeline
chronicle.logProcessingPipelines.fetchSampleLogsByStreams
chronicle.logProcessingPipelines.get
chronicle.logProcessingPipelines.list
chronicle.logProcessingPipelines.testPipeline
chronicle.logProcessingPipelines.update
chronicle.summaryTables.create
chronicle.summaryTables.delete
chronicle.summaryTables.get
chronicle.summaryTables.list
chronicle.summaryTables.update
chronicle.transformerDefinitions.create
chronicle.transformerDefinitions.delete
chronicle.transformerDefinitions.execute
chronicle.transformerDefinitions.get
chronicle.transformerDefinitions.list
chronicle.transformerDefinitions.update
chronicle.transformerRevisions.delete
chronicle.transformerRevisions.get
chronicle.transformerRevisions.update
chronicle.workdeskLinks.delete
chronicle.workdeskLinks.get
chronicle.workdeskLinks.update

The following permissions are supported in custom roles:

chronicle.announcements.delete
chronicle.announcements.get
chronicle.announcements.update
chronicle.calculatedFieldDefinitions.delete
chronicle.calculatedFieldDefinitions.get
chronicle.calculatedFieldDefinitions.update
chronicle.integrationLogicalOperatorRevisions.delete
chronicle.integrationLogicalOperatorRevisions.get
chronicle.integrationLogicalOperatorRevisions.update
chronicle.integrationLogicalOperators.delete
chronicle.integrationLogicalOperators.execute
chronicle.integrationLogicalOperators.get
chronicle.integrationLogicalOperators.update
chronicle.labsExperimentExecutions.get
chronicle.labsExperimentExecutions.list
chronicle.labsExperimentExecutions.update
chronicle.labsExperiments.execute
chronicle.labsExperiments.get
chronicle.labsExperiments.list
chronicle.labsExperiments.update
chronicle.legacyCases.createManual
chronicle.legacySoarPermissionGroups.get
chronicle.logProcessingPipelines.associateStreams
chronicle.logProcessingPipelines.create
chronicle.logProcessingPipelines.delete
chronicle.logProcessingPipelines.dissociateStreams
chronicle.logProcessingPipelines.fetchAssociatedPipeline
chronicle.logProcessingPipelines.fetchSampleLogsByStreams
chronicle.logProcessingPipelines.get
chronicle.logProcessingPipelines.list
chronicle.logProcessingPipelines.testPipeline
chronicle.logProcessingPipelines.update
chronicle.summaryTables.create
chronicle.summaryTables.delete
chronicle.summaryTables.get
chronicle.summaryTables.list
chronicle.summaryTables.update
chronicle.transformerDefinitions.create
chronicle.transformerDefinitions.delete
chronicle.transformerDefinitions.execute
chronicle.transformerDefinitions.get
chronicle.transformerDefinitions.list
chronicle.transformerDefinitions.update
chronicle.transformerRevisions.delete
chronicle.transformerRevisions.get
chronicle.transformerRevisions.update
chronicle.workdeskLinks.delete
chronicle.workdeskLinks.get
chronicle.workdeskLinks.update

The following permissions have been added:

discoveryengine.engines.getIamPolicy
discoveryengine.engines.setIamPolicy

The following permissions are supported in custom roles:

discoveryengine.engines.getIamPolicy
discoveryengine.engines.setIamPolicy

The following permissions have reached General Availability (GA):

kubernetesmetadata.metadata.config
kubernetesmetadata.metadata.publish
kubernetesmetadata.metadata.snapshot

The following permissions have been added to the Vertex AI Platform Express Admin role (roles/aiplatform.expressAdmin):

aiplatform.sandboxEnvironments.create
aiplatform.sandboxEnvironments.delete
aiplatform.sandboxEnvironments.execute
aiplatform.sandboxEnvironments.get
aiplatform.sandboxEnvironments.list

The following permissions have been added to the Vertex AI Platform Express User role (roles/aiplatform.expressUser):

aiplatform.sandboxEnvironments.create
aiplatform.sandboxEnvironments.delete
aiplatform.sandboxEnvironments.execute
aiplatform.sandboxEnvironments.get
aiplatform.sandboxEnvironments.list

The following permissions have been added to the Notebook Runtime Admin role (roles/aiplatform.notebookRuntimeAdmin):

aiplatform.locations.get

The following permissions have been added to the Notebook Runtime User role (roles/aiplatform.notebookRuntimeUser):

aiplatform.locations.get

The following permissions have been added to the ApiGateway Admin role (roles/apigateway.admin):

apihub.runTimeProjectAttachments.list

The following permissions have been added to the ApiGateway Viewer role (roles/apigateway.viewer):

apihub.runTimeProjectAttachments.list

The following permissions have been added to the Apigee Organization Admin role (roles/apigee.admin):

apihub.apiOperations.listAll
apihub.specs.listAll
apihub.versions.listAll

The following permissions have been added to the Apigee API Admin role (roles/apigee.apiAdminV2):

apihub.apiOperations.listAll
apihub.specs.listAll
apihub.versions.listAll

The following permissions have been added to the Apigee API Reader role (roles/apigee.apiReaderV2):

apihub.apiOperations.listAll
apihub.specs.listAll
apihub.versions.listAll

The following permissions have been added to the Apigee Service Agent role (roles/apigee.serviceAgent):

logging.logEntries.create

The following permissions have been added to the Cloud API Hub Admin role (roles/apihub.admin):

apihub.apiOperations.listAll
apihub.specs.listAll
apihub.versions.listAll

The following permissions have been added to the Cloud API Hub Editor role (roles/apihub.editor):

apihub.apiOperations.listAll
apihub.specs.listAll
apihub.versions.listAll

The following permissions have been added to the Cloud API hub Viewer role (roles/apihub.viewer):

apihub.apiOperations.listAll
apihub.specs.listAll
apihub.versions.listAll

The following permissions have been added to the BigQuery Studio Admin role (roles/bigquery.studioAdmin):

aiplatform.locations.get

The following permissions have been added to the BigQuery Studio User role (roles/bigquery.studioUser):

aiplatform.locations.get

The following permissions have been added to the Capacity Planner Usage Planner role (roles/capacityplanner.planner):

capacityplanner.planAlertInsights.list

The following permissions have been added to the Capacity Planner Usage Viewer role (roles/capacityplanner.viewer):

capacityplanner.usageAlertInsights.list

The following permissions have been added to the Chronicle Service Agent role (roles/chronicle.serviceAgent):

resourcemanager.projects.get

The following permissions have been added to the Cloud Hub Operator role (roles/cloudhub.operator):

capacityplanner.usageAlertInsights.list

The following permissions have been added to the Cloud SQL Admin role (roles/cloudsql.admin):

monitoring.timeSeries.list

The following permissions have been added to the Cloud SQL Editor role (roles/cloudsql.editor):

monitoring.timeSeries.list

The following permissions have been added to the Cloud SQL Viewer role (roles/cloudsql.viewer):

monitoring.timeSeries.list

The following permissions have been added to the Kubernetes Engine Service Agent role (roles/container.serviceAgent):

backupdr.backupPlanAssociations.createForFilestoreInstance
backupdr.backupPlanAssociations.deleteForFilestoreInstance
backupdr.backupPlanAssociations.fetchForFilestoreInstance
backupdr.backupPlanAssociations.getForFilestoreInstance
backupdr.backupPlanAssociations.triggerBackupForFilestoreInstance
backupdr.backupPlanAssociations.updateForFilestoreInstance
backupdr.backupPlans.useForFilestoreInstance
backupdr.bvbackups.useReadOnlyForFilestoreInstance
backupdr.dataSourceReferences.fetchForFilestoreInstance
backupdr.dataSourceReferences.getForFilestoreInstance

The following permissions have been added to the Datastream Service Agent role (roles/datastream.serviceAgent):

bigquery.routines.get
bigquery.routines.list

The following permissions have been added to the Discovery Engine Admin role (roles/discoveryengine.admin):

discoveryengine.billingAccountLicenseConfigs.distribute
discoveryengine.billingAccountLicenseConfigs.get
discoveryengine.billingAccountLicenseConfigs.list
discoveryengine.billingAccountLicenseConfigs.retract

The following permissions have been added to the Gemini Enterprise Admin role (roles/discoveryengine.agentspaceAdmin):

discoveryengine.billingAccountLicenseConfigs.distribute
discoveryengine.billingAccountLicenseConfigs.get
discoveryengine.billingAccountLicenseConfigs.list
discoveryengine.billingAccountLicenseConfigs.retract

The following permissions have been added to the Editor role (roles/editor):

apihub.apiOperations.listAll
apihub.specs.listAll
apihub.versions.listAll

The following permissions have been added to the Cloud Filestore Editor role (roles/file.editor):

backupdr.backupPlanAssociations.createForFilestoreInstance
backupdr.backupPlanAssociations.deleteForFilestoreInstance
backupdr.backupPlanAssociations.fetchForFilestoreInstance
backupdr.backupPlanAssociations.getForFilestoreInstance
backupdr.backupPlanAssociations.triggerBackupForFilestoreInstance
backupdr.backupPlanAssociations.updateForFilestoreInstance
backupdr.backupPlans.get
backupdr.backupPlans.list
backupdr.backupPlans.useForFilestoreInstance
backupdr.backupVaults.get
backupdr.backupVaults.list
backupdr.bvbackups.useReadOnlyForFilestoreInstance
backupdr.dataSourceReferences.fetchForFilestoreInstance
backupdr.dataSourceReferences.getForFilestoreInstance
backupdr.locations.list
backupdr.operations.get
backupdr.serviceConfig.initialize

The following permissions have been added to the Cloud Filestore Viewer role (roles/file.viewer):

backupdr.backupPlanAssociations.fetchForFilestoreInstance
backupdr.backupPlanAssociations.getForFilestoreInstance
backupdr.dataSourceReferences.fetchForFilestoreInstance
backupdr.dataSourceReferences.getForFilestoreInstance

The following permissions have been added to the Support User role (roles/iam.supportUser):

apihub.apiOperations.listAll
apihub.specs.listAll
apihub.versions.listAll

The Transport Admin role (roles/networkconnectivity.transportAdmin) has reached General Availability (GA).

The Transport Viewer role (roles/networkconnectivity.transportViewer) has reached General Availability (GA).

The following permissions have been added to the Owner role (roles/owner):

apihub.apiOperations.listAll
apihub.specs.listAll
apihub.versions.listAll

The following permissions have been added to the Viewer role (roles/viewer):

apihub.apiOperations.listAll
apihub.specs.listAll
apihub.versions.listAll

The following permissions have been added:

apihub.apiOperations.listAll
apihub.specs.listAll
apihub.versions.listAll

The following permissions have been added:

backupdr.backupPlanAssociations.createForFilestoreInstance
backupdr.backupPlanAssociations.deleteForFilestoreInstance
backupdr.backupPlanAssociations.fetchForFilestoreInstance
backupdr.backupPlanAssociations.getForFilestoreInstance
backupdr.backupPlanAssociations.triggerBackupForFilestoreInstance
backupdr.backupPlanAssociations.updateForFilestoreInstance
backupdr.backupPlans.useForFilestoreInstance
backupdr.bvbackups.useReadOnlyForFilestoreInstance
backupdr.dataSourceReferences.fetchForFilestoreInstance
backupdr.dataSourceReferences.getForFilestoreInstance

The following permissions are supported in custom roles:

backupdr.backupPlanAssociations.createForFilestoreInstance
backupdr.backupPlanAssociations.deleteForFilestoreInstance
backupdr.backupPlanAssociations.fetchForFilestoreInstance
backupdr.backupPlanAssociations.getForFilestoreInstance
backupdr.backupPlanAssociations.triggerBackupForFilestoreInstance
backupdr.backupPlanAssociations.updateForFilestoreInstance
backupdr.backupPlans.useForFilestoreInstance
backupdr.dataSourceReferences.getForFilestoreInstance

The following permissions have been added:

capacityplanner.planAlertInsights.list
capacityplanner.usageAlertInsights.list

The following permissions are supported in custom roles:

capacityplanner.planAlertInsights.list
capacityplanner.usageAlertInsights.list

The following permissions have been added:

dataplex.entryGroups.useRefreshCadenceAspect

The following permissions are supported in custom roles:

dataplex.entryGroups.useRefreshCadenceAspect

The following permissions have been added:

developerconnect.connections.httpProxyRead
developerconnect.connections.httpProxyWrite
developerconnect.insightsConfigs.create
developerconnect.insightsConfigs.delete
developerconnect.insightsConfigs.get
developerconnect.insightsConfigs.list
developerconnect.insightsConfigs.update

The following permissions are supported in custom roles:

developerconnect.connections.httpProxyRead
developerconnect.connections.httpProxyWrite
developerconnect.insightsConfigs.create
developerconnect.insightsConfigs.delete
developerconnect.insightsConfigs.get
developerconnect.insightsConfigs.list
developerconnect.insightsConfigs.update

The following permissions have been added:

discoveryengine.billingAccountLicenseConfigs.distribute
discoveryengine.billingAccountLicenseConfigs.get
discoveryengine.billingAccountLicenseConfigs.list
discoveryengine.billingAccountLicenseConfigs.retract

The following permissions are supported in custom roles:

discoveryengine.billingAccountLicenseConfigs.distribute
discoveryengine.billingAccountLicenseConfigs.get
discoveryengine.billingAccountLicenseConfigs.list
discoveryengine.billingAccountLicenseConfigs.retract

The following permissions have been added:

dspm.locations.fetchDataGovernanceAnalytics

The following permissions are supported in custom roles:

dspm.locations.fetchDataGovernanceAnalytics

The following permissions have been added:

firebasevertexai.promptTemplates.create
firebasevertexai.promptTemplates.delete
firebasevertexai.promptTemplates.get
firebasevertexai.promptTemplates.list
firebasevertexai.promptTemplates.update

The following permissions are supported in custom roles:

firebasevertexai.promptTemplates.create
firebasevertexai.promptTemplates.delete
firebasevertexai.promptTemplates.get
firebasevertexai.promptTemplates.list
firebasevertexai.promptTemplates.update

The following permissions have been added:

mcp.tools.call

The following permissions have been added:

networkconnectivity.remoteTransportProfiles.get
networkconnectivity.remoteTransportProfiles.list
networkconnectivity.transports.create
networkconnectivity.transports.delete
networkconnectivity.transports.get
networkconnectivity.transports.list
networkconnectivity.transports.update

The following permissions are supported in custom roles:

networkconnectivity.remoteTransportProfiles.get
networkconnectivity.remoteTransportProfiles.list
networkconnectivity.transports.create
networkconnectivity.transports.delete
networkconnectivity.transports.get
networkconnectivity.transports.list
networkconnectivity.transports.update

The following permissions have reached General Availability (GA):

networkconnectivity.remoteTransportProfiles.get
networkconnectivity.remoteTransportProfiles.list
networkconnectivity.transports.create
networkconnectivity.transports.delete
networkconnectivity.transports.get
networkconnectivity.transports.list
networkconnectivity.transports.update

The following permissions have been added:

networkservices.swpSecurityExtensions.create
networkservices.swpSecurityExtensions.delete
networkservices.swpSecurityExtensions.get
networkservices.swpSecurityExtensions.list
networkservices.swpSecurityExtensions.update

The following permissions are supported in custom roles:

networkservices.swpSecurityExtensions.create
networkservices.swpSecurityExtensions.delete
networkservices.swpSecurityExtensions.get
networkservices.swpSecurityExtensions.list
networkservices.swpSecurityExtensions.update

The following permissions have been added:

telemetry.consumers.getIamPolicy
telemetry.consumers.setIamPolicy
telemetry.logs.write

The following permissions are supported in custom roles:

telemetry.consumers.getIamPolicy
telemetry.consumers.setIamPolicy
telemetry.logs.write

The following permissions have been added:

vmwareengine.privateClouds.privateCloudDeletionNow

The following permissions have reached General Availability (GA):

vmwareengine.privateClouds.privateCloudDeletionNow

The following permissions have been added to the Colab Enterprise Admin role (roles/aiplatform.colabEnterpriseAdmin):

aiplatform.locations.get

The following permissions have been added to the Colab Enterprise User role (roles/aiplatform.colabEnterpriseUser):

aiplatform.locations.get

The following permissions have been added to the Vertex AI Platform Express Admin role (roles/aiplatform.expressAdmin):

aiplatform.operations.list

The following permissions have been added to the Vertex AI Platform Express User role (roles/aiplatform.expressUser):

aiplatform.operations.list

The following permissions have been added to the Vertex AI Reasoning Engine Service Agent role (roles/aiplatform.reasoningEngineServiceAgent):

resourcemanager.projects.get

The following permissions have been added to the Apigee Organization Admin role (roles/apigee.admin):

apihub.addons.get
apihub.addons.list
apihub.addons.manage

The following permissions have been added to the Apigee API Admin role (roles/apigee.apiAdminV2):

apihub.addons.get
apihub.addons.list

The following permissions have been added to the Apigee API Reader role (roles/apigee.apiReaderV2):

apihub.addons.get
apihub.addons.list

The following permissions have been added to the Apigee Service Agent role (roles/apigee.serviceAgent):

apihub.apis.get
apihub.apis.list
apihub.specs.get
apihub.specs.list
apihub.versions.get

The Cloud API hub Addons Admin role (roles/apihub.addonsAdmin) has been added with the following permissions:

apihub.addons.get
apihub.addons.list
apihub.addons.manage
apihub.googleapis.com/addons.get
apihub.googleapis.com/addons.list
apihub.googleapis.com/addons.manage
cloudresourcemanager.googleapis.com/projects.get
cloudresourcemanager.googleapis.com/projects.list
resourcemanager.projects.get
resourcemanager.projects.list

The following permissions have been added to the Cloud API Hub Admin role (roles/apihub.admin):

apihub.addons.get
apihub.addons.list
apihub.addons.manage

The following permissions have been added to the Cloud API Hub Editor role (roles/apihub.editor):

apihub.addons.get
apihub.addons.list

The following permissions have been added to the Cloud API hub Viewer role (roles/apihub.viewer):

apihub.addons.get
apihub.addons.list

The Account Hierarchy Manager role (roles/billing.linkAdmin) has reached General Availability (GA).

The following permissions have been added to the Customer Engagement Suite Service Agent role (roles/ces.serviceAgent):

dialogflow.sessions.detectIntent
dialogflow.sessions.streamingDetectIntent

The following permissions have been added to the Cloud KMS Organization Service Agent role (roles/cloudkms.orgServiceAgent):

cloudasset.assets.listResource
cloudasset.assets.searchAllIamPolicies

The following permissions have been added to the Cloud KMS Service Agent role (roles/cloudkms.serviceAgent):

cloudasset.assets.listResource
cloudasset.assets.searchAllIamPolicies
cloudasset.assets.searchAllResources
cloudkms.cryptoKeys.create
cloudkms.cryptoKeys.getIamPolicy
cloudkms.cryptoKeys.setIamPolicy
cloudkms.keyRings.create
cloudkms.keyRings.get

The following permissions have been added to the Compliance Manager Admin role (roles/cloudsecuritycompliance.admin):

cloudsecuritycompliance.cmEnrollments.get
cloudsecuritycompliance.cmEnrollments.update
cloudsecuritycompliance.frameworkAudits.create
cloudsecuritycompliance.frameworkAudits.get
cloudsecuritycompliance.frameworkAudits.list

The following permissions have been added to the Compliance Manager Viewer role (roles/cloudsecuritycompliance.viewer):

cloudsecuritycompliance.cmEnrollments.get
cloudsecuritycompliance.frameworkAudits.get
cloudsecuritycompliance.frameworkAudits.list

The Cloud Infrastructure Manager Admin role (roles/config.admin) has reached General Availability (GA).

The Cloud Infrastructure Manager Agent role (roles/config.agent) has reached General Availability (GA).

The Cloud Infrastructure Manager Viewer role (roles/config.viewer) has reached General Availability (GA).

The following permissions have been added to the Kubernetes Engine Service Agent role (roles/container.serviceAgent):

certificatemanager.trustconfigs.create
certificatemanager.trustconfigs.delete
certificatemanager.trustconfigs.get
certificatemanager.trustconfigs.list
certificatemanager.trustconfigs.listEffectiveTags
certificatemanager.trustconfigs.listTagBindings
certificatemanager.trustconfigs.update
certificatemanager.trustconfigs.use

The following permissions have been added to the Gemini Enterprise User role (roles/discoveryengine.agentspaceUser):

discoveryengine.users.get
discoveryengine.users.update

The following permissions have been added to the Podcast API User role (roles/discoveryengine.podcastApiUser):

discoveryengine.users.get
discoveryengine.users.update

The following permissions have been added to the Discovery Engine Service Agent role (roles/discoveryengine.serviceAgent):

discoveryengine.agents.create

The following permissions have been added to the Discovery Engine User role (roles/discoveryengine.user):

discoveryengine.users.get
discoveryengine.users.update

The following permissions have been added to the Editor role (roles/editor):

apihub.addons.get
apihub.addons.list
apihub.addons.manage
cloudsecuritycompliance.cmEnrollments.get
cloudsecuritycompliance.cmEnrollments.update

The Eventarc Message Bus Admin role (roles/eventarc.messageBusAdmin) has reached General Availability (GA).

The Eventarc Message Bus User role (roles/eventarc.messageBusUser) has reached General Availability (GA).

The following permissions have been added to the Firebase Service Management Service Agent role (roles/firebase.managementServiceAgent):

apikeys.keys.getKeyString

The SCIM Data Syncer role (roles/iam.scimSyncer) has reached General Availability (GA).

The following permissions have been added to the Security Admin role (roles/iam.securityAdmin):

apihub.addons.list

The following permissions have been added to the Security Auditor role (roles/iam.securityAuditor):

apihub.addons.list
cloudsecuritycompliance.cmEnrollments.get
cloudsecuritycompliance.frameworkAudits.get

The following permissions have been added to the Security Reviewer role (roles/iam.securityReviewer):

apihub.addons.list

The following permissions have been added to the Support User role (roles/iam.supportUser):

apihub.addons.get
apihub.addons.list
cloudsecuritycompliance.cmEnrollments.get

The Looker Service Agent role (roles/looker.restrictedServiceAgent) has reached General Availability (GA).

The following permissions have been added to the Owner role (roles/owner):

apihub.addons.get
apihub.addons.list
apihub.addons.manage
cloudsecuritycompliance.cmEnrollments.get
cloudsecuritycompliance.cmEnrollments.update

The following permissions have been added to the IAM Recommender Admin role (roles/recommender.iamAdmin):

securitycenter.findings.group
securitycenter.userinterfacemetadata.get

The following permissions have been added to the IAM Recommender Viewer role (roles/recommender.iamViewer):

securitycenter.findings.group
securitycenter.userinterfacemetadata.get

The following permissions have been added to the Security Center Admin role (roles/securitycenter.admin):

cloudsecuritycompliance.cmEnrollments.get
cloudsecuritycompliance.cmEnrollments.update
cloudsecuritycompliance.frameworkAudits.create
cloudsecuritycompliance.frameworkAudits.get
cloudsecuritycompliance.frameworkAudits.list

The following permissions have been added to the Security Center Admin Editor role (roles/securitycenter.adminEditor):

cloudsecuritycompliance.cmEnrollments.get
cloudsecuritycompliance.frameworkAudits.get
cloudsecuritycompliance.frameworkAudits.list

The following permissions have been added to the Security Center Admin Viewer role (roles/securitycenter.adminViewer):

cloudsecuritycompliance.cmEnrollments.get
cloudsecuritycompliance.frameworkAudits.get
cloudsecuritycompliance.frameworkAudits.list

The following permissions have been added to the Cloud Spanner API Service Agent role (roles/spanner.serviceAgent):

run.jobs.run
run.routes.invoke

The Vector Search Service Agent role (roles/vectorsearch.serviceAgent) has reached General Availability (GA).

The following permissions have been added to the Viewer role (roles/viewer):

apihub.addons.get
apihub.addons.list
cloudsecuritycompliance.cmEnrollments.get

The following permissions have been added to the VMware Engine Service Privileged User role (roles/vmwareengine.vmwareenginePrivilegedUser):

vmwareengine.clusters.delete

The following permissions have been added:

aiplatform.sandboxEnvironments.create
aiplatform.sandboxEnvironments.delete
aiplatform.sandboxEnvironments.execute
aiplatform.sandboxEnvironments.get
aiplatform.sandboxEnvironments.list

The following permissions have been added:

apihub.addons.get
apihub.addons.list
apihub.addons.manage

The following permissions have been added:

apphub.boundaries.attach
apphub.boundaries.get
apphub.boundaries.update

The following permissions are supported in custom roles:

apphub.boundaries.attach
apphub.boundaries.get
apphub.boundaries.update

The following permissions have been added:

apptopology.applicationTopologies.generate
apptopology.locations.get
apptopology.locations.list
apptopology.operations.get
apptopology.operations.list

The following permissions are supported in custom roles:

apptopology.applicationTopologies.generate
apptopology.locations.get
apptopology.locations.list
apptopology.operations.get
apptopology.operations.list

The following permissions have been added:

artifactregistry.repositories.exportArtifacts

The following permissions have reached General Availability (GA):

artifactregistry.repositories.exportArtifacts

The following permissions have been added:

backupdr.bvbackups.fetchForCloudSqlInstance
backupdr.bvbackups.fetchForComputeDisk
backupdr.bvbackups.fetchForComputeInstance
backupdr.dataSourceReferences.list

The following permissions are supported in custom roles:

backupdr.bvbackups.fetchForCloudSqlInstance
backupdr.bvbackups.fetchForComputeDisk
backupdr.bvbackups.fetchForComputeInstance
backupdr.dataSourceReferences.list

The following permissions have been added:

bigquery.dataPolicies.attach
bigquery.jobs.createGlobalQuery

The following permissions are supported in custom roles:

bigquery.dataPolicies.attach
bigquery.jobs.createGlobalQuery

The following permissions have reached General Availability (GA):

bigquery.dataPolicies.attach

The following permissions have been added:

chronicle.dataExports.fetchServiceAccountForDataExport
chronicle.dataExports.list
chronicle.dataExports.update
chronicle.forwarders.importStatsEvents
chronicle.investigations.fetchAssociated

The following permissions are supported in custom roles:

chronicle.dataExports.fetchServiceAccountForDataExport
chronicle.dataExports.list
chronicle.dataExports.update
chronicle.forwarders.importStatsEvents
chronicle.investigations.fetchAssociated

The following permissions have been added:

cloudsecuritycompliance.cmEnrollments.get
cloudsecuritycompliance.cmEnrollments.update
cloudsecuritycompliance.frameworkAudits.create
cloudsecuritycompliance.frameworkAudits.get
cloudsecuritycompliance.frameworkAudits.list

The following permissions are supported in custom roles:

cloudsecuritycompliance.frameworkAudits.create
cloudsecuritycompliance.frameworkAudits.get
cloudsecuritycompliance.frameworkAudits.list

The following permissions have been added:

compute.networks.setNetworkPolicy
compute.regionNetworkPolicies.create
compute.regionNetworkPolicies.delete
compute.regionNetworkPolicies.get
compute.regionNetworkPolicies.list
compute.regionNetworkPolicies.update
compute.regionNetworkPolicies.use

The following permissions have reached General Availability (GA):

config.artifacts.import
config.deployments.create
config.deployments.delete
config.deployments.deleteState
config.deployments.get
config.deployments.getIamPolicy
config.deployments.getLock
config.deployments.getState
config.deployments.list
config.deployments.lock
config.deployments.setIamPolicy
config.deployments.unlock
config.deployments.update
config.deployments.updateState
config.locations.get
config.locations.list
config.operations.cancel
config.operations.delete
config.operations.get
config.operations.list
config.previews.create
config.previews.delete
config.previews.export
config.previews.get
config.previews.list
config.previews.upload
config.resourcechanges.get
config.resourcechanges.list
config.resourcedrifts.get
config.resourcedrifts.list
config.resources.get
config.resources.list
config.revisions.get
config.revisions.getState
config.revisions.list
config.terraformversions.get
config.terraformversions.list

The following permissions have been added:

dataplex.entryGroups.useDataProfileAspect

The following permissions are supported in custom roles:

dataplex.entryGroups.useDataProfileAspect

The following permissions have reached General Availability (GA):

dataplex.entryGroups.useDataProfileAspect

The following permissions have been added:

dns.policies.createTagBinding
dns.policies.deleteTagBinding
dns.policies.listEffectiveTags
dns.policies.listTagBindings

The following permissions have reached General Availability (GA):

dns.policies.createTagBinding
dns.policies.deleteTagBinding
dns.policies.listEffectiveTags
dns.policies.listTagBindings

The following permissions have reached General Availability (GA):

eventarc.enrollments.create
eventarc.enrollments.delete
eventarc.enrollments.get
eventarc.enrollments.getIamPolicy
eventarc.enrollments.list
eventarc.enrollments.setIamPolicy
eventarc.enrollments.update
eventarc.googleApiSources.create
eventarc.googleApiSources.delete
eventarc.googleApiSources.get
eventarc.googleApiSources.getIamPolicy
eventarc.googleApiSources.list
eventarc.googleApiSources.setIamPolicy
eventarc.googleApiSources.update
eventarc.googleChannelConfigs.get
eventarc.googleChannelConfigs.update
eventarc.messageBuses.create
eventarc.messageBuses.delete
eventarc.messageBuses.get
eventarc.messageBuses.getIamPolicy
eventarc.messageBuses.list
eventarc.messageBuses.publish
eventarc.messageBuses.setIamPolicy
eventarc.messageBuses.update
eventarc.messageBuses.use
eventarc.pipelines.create
eventarc.pipelines.delete
eventarc.pipelines.get
eventarc.pipelines.getIamPolicy
eventarc.pipelines.list
eventarc.pipelines.setIamPolicy
eventarc.pipelines.update

The following permissions have been added:

gdchardwaremanagement.sites.delete

The following permissions are supported in custom roles:

gdchardwaremanagement.sites.delete