[Google Cloud] IAM - Permissions Change Log

131 views

Skip to first unread message

Cloud IAM - Permissions Change Log

unread,

Nov 10, 2021, 3:09:29 AM11/10/21

to gcp-release-notes...@googlegroups.com

[Google Cloud] IAM - Permissions Change Log

Upcoming Cloud IAM changes for the week of 2021-11-08

Posted: 07 Nov 2021 04:00 PM PST

Service	Change	Description
AI Platform	Role Updated	The following permissions have been added to the role `roles/aiplatform.featurestoreDataViewer` (Vertex AI Feature Store Data Viewer): `resourcemanager.projects.get` `resourcemanager.projects.list`
AI Platform	Role Updated	The following permissions have been added to the role `roles/aiplatform.featurestoreDataWriter` (Vertex AI Feature Store Data Writer): `resourcemanager.projects.get` `resourcemanager.projects.list`
AI Platform	Role Updated	The following permissions have been added to the role `roles/aiplatform.featurestoreResourceEditor` (Vertex AI Feature Store Resource Editor): `resourcemanager.projects.get` `resourcemanager.projects.list`
AI Platform	Role Updated	The following permissions have been added to the role `roles/aiplatform.featurestoreResourceViewer` (Vertex AI Feature Store Resource Viewer): `resourcemanager.projects.get` `resourcemanager.projects.list`
Anthos Service Mesh	Role Updated	The following permissions have been added to the role `roles/anthosservicemesh.serviceAgent` (Anthos Service Mesh Service Agent): `container.clusterRoles.update`
Apigee	Now GA	The role `roles/apigee.securityAdmin` (Apigee Security Admin) is now GA.
Apigee	Now GA	The role `roles/apigee.securityViewer` (Apigee Security Viewer) is now GA.
Apigee	Role Updated	The following permissions have been added to the role `roles/apigee.environmentAdmin` (Apigee Environment Admin): `apigee.environments.update`
Binary Authorization	Role Updated	The following permissions have been added to the role `roles/binaryauthorization.serviceAgent` (Binary Authorization Service Agent): `cloudasset.feeds.create` `cloudasset.feeds.delete` `cloudasset.feeds.get` `cloudasset.feeds.update`
Compute Engine	Role Updated	The following permissions have been added to the role `roles/compute.loadBalancerAdmin` (Compute Load Balancer Admin): `networksecurity.clientTlsPolicies.get` `networksecurity.clientTlsPolicies.list` `networksecurity.clientTlsPolicies.use` `networksecurity.serverTlsPolicies.get` `networksecurity.serverTlsPolicies.list` `networksecurity.serverTlsPolicies.use`
Datastore	Now GA	The role `roles/datastore.keyVisualizerViewer` (Cloud Datastore Key Visualizer Viewer) is now GA.
Dialogflow	Role Updated	The following permissions have been added to the role `roles/dialogflow.serviceAgent` (Dialogflow Service Agent): `dlp.deidentifyTemplates.get` `dlp.deidentifyTemplates.list`
Cloud Data Loss Prevention	Role Updated	The following permissions have been added to the role `roles/dlp.serviceAgent` (DLP API Service Agent): `dlp.deidentifyTemplates.get` `dlp.deidentifyTemplates.list`
Google Earth Engine	Role Updated	The following permissions have been added to the role `roles/earthengine.appsPublisher` (Earth Engine Apps Publisher): `serviceusage.services.get`
Enterprise Knowledge Graph	Role Updated	The following permissions have been added to the role `roles/enterpriseknowledgegraph.serviceAgent` (Enterprise Knowledge Graph Service Agent): `bigquery.readsessions.getData`
Firebase App Check	Now GA	The role `roles/firebaseappcheck.serviceAgent` (Firebase App Check Service Agent) is now GA.
Anthos Multi-Cloud	Now GA	The role `roles/gkemulticloud.admin` (Anthos Multi-cloud Admin) is now GA.
Anthos Multi-Cloud	Now GA	The role `roles/gkemulticloud.telemetryWriter` (Anthos Multi-cloud Telemetry Writer) is now GA.
Anthos Multi-Cloud	Now GA	The role `roles/gkemulticloud.viewer` (Anthos Multi-cloud Viewer) is now GA.
Dataproc Metastore	Role Updated	The following permissions have been added to the role `roles/metastore.serviceAgent` (Dataproc Metastore Service Agent): `servicedirectory.namespaces.create` `servicedirectory.namespaces.delete` `servicedirectory.services.create` `servicedirectory.services.delete`
Cloud Monitoring	Role Updated	The following permissions have been added to the role `roles/monitoring.notificationServiceAgent` (Monitoring Service Agent): `servicedirectory.networks.access` `servicedirectory.services.resolve`
Multi Cluster Ingress	Role Updated	The following permissions have been added to the role `roles/multiclusteringress.serviceAgent` (Multi Cluster Ingress Service Agent): `compute.subnetworks.use`
Network Connectivity Center	Role Updated	The following permissions have been added to the role `roles/networkconnectivity.spokeAdmin` (Spoke Admin): `networkconnectivity.operations.get` `networkconnectivity.operations.list`
Security Command Center	Now GA	The role `roles/securitycenter.externalSystemsEditor` (Security Center External Systems Editor) is now GA.
Security Command Center	Now GA	The role `roles/securitycenter.findingsBulkMuteEditor` (Security Center Findings Bulk Mute Editor) is now GA.
Security Command Center	Now GA	The role `roles/securitycenter.findingsMuteSetter` (Security Center Findings Mute Setter) is now GA.
Security Command Center	Now GA	The role `roles/securitycenter.muteConfigsEditor` (Security Center Mute Configurations Editor) is now GA.
Security Command Center	Now GA	The role `roles/securitycenter.muteConfigsViewer` (Security Center Mute Configurations Viewer) is now GA.
Web Security Scanner	Role Updated	The following permissions have been added to the role `roles/websecurityscanner.serviceAgent` (Cloud Web Security Scanner Service Agent): `cloudasset.assets.listResource`
AI Platform	Added	`aiplatform.tensorboardRuns.batchCreate` `aiplatform.tensorboardTimeSeries.batchCreate` `aiplatform.tensorboardTimeSeries.batchRead`
Apigee	Added	`apigee.developerbalances.adjust`
Apigee	Supported In Custom Roles	`apigee.developerbalances.adjust`
Apigee	Now GA	`apigee.developerbalances.adjust`
Artifact Registry	Added	`artifactregistry.dockerimages.get` `artifactregistry.dockerimages.list`
Artifact Registry	Now GA	`artifactregistry.dockerimages.get` `artifactregistry.dockerimages.list`
Compute Engine	Added	`compute.disks.createTagBinding` `compute.disks.deleteTagBinding` `compute.disks.listTagBindings` `compute.images.createTagBinding` `compute.images.deleteTagBinding` `compute.images.listTagBindings` `compute.snapshots.createTagBinding` `compute.snapshots.deleteTagBinding` `compute.snapshots.listTagBindings`
Compute Engine	Now GA	`compute.disks.createTagBinding` `compute.disks.deleteTagBinding` `compute.disks.listTagBindings` `compute.images.createTagBinding` `compute.images.deleteTagBinding` `compute.images.listTagBindings` `compute.machineImages.create` `compute.machineImages.delete` `compute.machineImages.get` `compute.machineImages.getIamPolicy` `compute.machineImages.list` `compute.machineImages.setIamPolicy` `compute.machineImages.useReadOnly` `compute.snapshots.createTagBinding` `compute.snapshots.deleteTagBinding` `compute.snapshots.listTagBindings`
Datastore	Added	`datastore.keyVisualizerScans.get` `datastore.keyVisualizerScans.list`
Datastore	Now GA	`datastore.keyVisualizerScans.get` `datastore.keyVisualizerScans.list`
Datastream	Added	`datastream.objects.get` `datastream.objects.list` `datastream.objects.startBackfillJob` `datastream.objects.stopBackfillJob`
Document AI	Added	`documentai.datasetSchemas.get` `documentai.datasetSchemas.update` `documentai.datasets.get` `documentai.datasets.update` `documentai.processorTypes.get`
Firebase App Check	Added	`firebaseappcheck.recaptchaEnterpriseConfig.get` `firebaseappcheck.recaptchaEnterpriseConfig.update`
Firebase App Check	Supported In Custom Roles	`firebaseappcheck.recaptchaEnterpriseConfig.get` `firebaseappcheck.recaptchaEnterpriseConfig.update`
GKE Hub	Added	`gkehub.fleet.create` `gkehub.fleet.delete` `gkehub.fleet.get` `gkehub.fleet.update`
GKE Hub	Now GA	`gkehub.fleet.create` `gkehub.fleet.delete` `gkehub.fleet.get` `gkehub.fleet.update`
Anthos Multi-Cloud	Added	`gkemulticloud.awsClusters.generateAccessToken` `gkemulticloud.azureClusters.generateAccessToken`
Anthos Multi-Cloud	Now GA	`gkemulticloud.awsClusters.create` `gkemulticloud.awsClusters.delete` `gkemulticloud.awsClusters.generateAccessToken` `gkemulticloud.awsClusters.get` `gkemulticloud.awsClusters.getAdminKubeconfig` `gkemulticloud.awsClusters.list` `gkemulticloud.awsClusters.update` `gkemulticloud.awsNodePools.create` `gkemulticloud.awsNodePools.delete` `gkemulticloud.awsNodePools.get` `gkemulticloud.awsNodePools.list` `gkemulticloud.awsNodePools.update` `gkemulticloud.awsServerConfigs.get` `gkemulticloud.azureClients.create` `gkemulticloud.azureClients.delete` `gkemulticloud.azureClients.get` `gkemulticloud.azureClients.list` `gkemulticloud.azureClusters.create` `gkemulticloud.azureClusters.delete` `gkemulticloud.azureClusters.generateAccessToken` `gkemulticloud.azureClusters.get` `gkemulticloud.azureClusters.getAdminKubeconfig` `gkemulticloud.azureClusters.list` `gkemulticloud.azureClusters.update` `gkemulticloud.azureNodePools.create` `gkemulticloud.azureNodePools.delete` `gkemulticloud.azureNodePools.get` `gkemulticloud.azureNodePools.list` `gkemulticloud.azureNodePools.update` `gkemulticloud.azureServerConfigs.get` `gkemulticloud.operations.cancel` `gkemulticloud.operations.delete` `gkemulticloud.operations.get` `gkemulticloud.operations.list` `gkemulticloud.operations.wait`
Identity and Access Management	Added	`iam.denypolicies.create` `iam.denypolicies.delete` `iam.denypolicies.get` `iam.denypolicies.list` `iam.denypolicies.replace` `iam.denypolicies.update`
Identity and Access Management	Added	`iam.googleapis.com/denypolicies.create` `iam.googleapis.com/denypolicies.delete` `iam.googleapis.com/denypolicies.get` `iam.googleapis.com/denypolicies.list` `iam.googleapis.com/denypolicies.replace`
Cloud Run	Added	`run.operations.delete` `run.operations.get` `run.operations.list`
Cloud Run	Now GA	`run.operations.delete` `run.operations.get` `run.operations.list`
Security Command Center	Added	`securitycenter.findingexternalsystems.update` `securitycenter.findings.bulkMuteUpdate` `securitycenter.findings.setMute` `securitycenter.muteconfigs.create` `securitycenter.muteconfigs.delete` `securitycenter.muteconfigs.get` `securitycenter.muteconfigs.list` `securitycenter.muteconfigs.update`
Security Command Center	Supported In Custom Roles	`securitycenter.findingexternalsystems.update` `securitycenter.findings.bulkMuteUpdate` `securitycenter.findings.setMute` `securitycenter.muteconfigs.create` `securitycenter.muteconfigs.delete` `securitycenter.muteconfigs.get` `securitycenter.muteconfigs.list` `securitycenter.muteconfigs.update`
Security Command Center	Now GA	`securitycenter.findingexternalsystems.update` `securitycenter.findings.bulkMuteUpdate` `securitycenter.findings.setMute` `securitycenter.muteconfigs.create` `securitycenter.muteconfigs.delete` `securitycenter.muteconfigs.get` `securitycenter.muteconfigs.list` `securitycenter.muteconfigs.update`
Video Stitcher API	Added	`videostitcher.cdnKeys.create` `videostitcher.cdnKeys.delete` `videostitcher.cdnKeys.get` `videostitcher.cdnKeys.list` `videostitcher.cdnKeys.update` `videostitcher.liveAdTagDetails.get` `videostitcher.liveAdTagDetails.list` `videostitcher.liveSessions.create` `videostitcher.liveSessions.get` `videostitcher.slates.create` `videostitcher.slates.delete` `videostitcher.slates.get` `videostitcher.slates.list` `videostitcher.slates.update` `videostitcher.vodAdTagDetails.get` `videostitcher.vodAdTagDetails.list` `videostitcher.vodSessions.create` `videostitcher.vodSessions.get` `videostitcher.vodStitchDetails.get` `videostitcher.vodStitchDetails.list`

You are subscribed to email updates from Cloud IAM - Permissions Change Log. To stop receiving these emails, you may unsubscribe now.	Email delivery powered by Google
Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States

Reply all

Reply to author

Forward

0 new messages