[Google Cloud] IAM - Permissions Change Log

24 views
Skip to first unread message

Cloud IAM - Permissions Change Log

unread,
Jul 20, 2022, 10:23:47 AM7/20/22
to gcp-release-notes...@googlegroups.com

[Google Cloud] IAM - Permissions Change Log

Link to Cloud IAM - Permissions Change Log

Upcoming Cloud IAM changes for the week of 2022-07-18

Posted: 17 Jul 2022 05:00 PM PDT

Service Change Description
Cloud Billing Role Updated

The following permissions have been added to the role roles/billing.admin (Billing Account Administrator):

cloudsupport.properties.get
cloudsupport.techCases.create
cloudsupport.techCases.escalate
cloudsupport.techCases.get
cloudsupport.techCases.list
cloudsupport.techCases.update
resourcemanager.projects.get
resourcemanager.projects.list
Workload Certificate Role Updated

The following permissions have been added to the role roles/workloadcertificate.serviceAgent (Workload Certificate Service Agent):

container.customResourceDefinitions.create
container.customResourceDefinitions.get
container.customResourceDefinitions.list
Bare Metal Solution Added baremetalsolution.volumes.resize
Bare Metal Solution Supported In Custom Roles baremetalsolution.volumes.resize
Bare Metal Solution Now GA baremetalsolution.volumes.resize
Eventarc Added eventarc.channels.attach
eventarc.googleChannelConfigs.get
eventarc.googleChannelConfigs.update
Eventarc Supported In Custom Roles eventarc.channels.attach
eventarc.googleChannelConfigs.get
eventarc.googleChannelConfigs.update
Firebase Realtime Database Added firebasedatabase.instances.delete
firebasedatabase.instances.disable
firebasedatabase.instances.reenable
firebasedatabase.instances.undelete
Firebase Realtime Database Supported In Custom Roles firebasedatabase.instances.delete
firebasedatabase.instances.disable
firebasedatabase.instances.reenable
firebasedatabase.instances.undelete
Firebase Realtime Database Now GA firebasedatabase.instances.delete
firebasedatabase.instances.disable
firebasedatabase.instances.reenable
firebasedatabase.instances.undelete
Retail API Added retail.servingConfigs.predict
retail.servingConfigs.search

Cloud IAM changes as of 2022-07-15

Posted: 14 Jul 2022 05:00 PM PDT

Service Change Description
AI Platform Role Updated

The following permissions have been added to the role roles/aiplatform.admin (Vertex AI Administrator):

aiplatform.entityTypes.getIamPolicy
aiplatform.entityTypes.setIamPolicy
aiplatform.featurestores.getIamPolicy
aiplatform.featurestores.setIamPolicy
Google Kubernetes Engine Now GA

The role roles/container.nodeServiceAgent (Kubernetes Engine Node Service Agent) is now GA.
Eventarc Role Updated

The following permissions have been added to the role roles/eventarc.serviceAgent (Eventarc Service Agent):

cloudfunctions.functions.get
Identity-Aware Proxy Now GA

The role roles/iap.tunnelDestGroupEditor (IAP-secured Tunnel Destination Group Editor) is now GA.
Identity-Aware Proxy Now GA

The role roles/iap.tunnelDestGroupViewer (IAP-secured Tunnel Destination Group Viewer) is now GA.
Cloud Integrations Now GA

The role roles/integrations.certificateViewer (Certificate Viewer) is now GA.
Cloud Integrations Now GA

The role roles/integrations.integrationAdmin (Application Integration Admin) is now GA.
Cloud Integrations Now GA

The role roles/integrations.integrationDeployer (Application Integration Deployer) is now GA.
Cloud Integrations Now GA

The role roles/integrations.integrationEditor (Application Integration Editor) is now GA.
Cloud Integrations Now GA

The role roles/integrations.integrationInvoker (Application Integration Invoker) is now GA.
Cloud Integrations Now GA

The role roles/integrations.integrationViewer (Application Integration Viewer) is now GA.
Cloud Integrations Now GA

The role roles/integrations.sfdcInstanceAdmin (Application Integration SFDC Instance Admin) is now GA.
Cloud Integrations Now GA

The role roles/integrations.sfdcInstanceEditor (Application Integration SFDC Instance Editor) is now GA.
Cloud Integrations Now GA

The role roles/integrations.sfdcInstanceViewer (Application Integration SFDC Instance Viewer) is now GA.
Cloud Integrations Now GA

The role roles/integrations.suspensionResolver (Application Integration Suspension Resolver) is now GA.
Anthos Service Mesh control plane Role Updated

The following permissions have been added to the role roles/meshcontrolplane.serviceAgent (Mesh Managed Control Plane Service Agent):

container.clusters.update
Visual Inspection AI Role Updated

The following permissions have been added to the role roles/visualinspection.serviceAgent (Visual Inspection AI Service Agent):

aiplatform.entityTypes.getIamPolicy
aiplatform.entityTypes.setIamPolicy
aiplatform.featurestores.getIamPolicy
aiplatform.featurestores.setIamPolicy
AI Platform Added aiplatform.entityTypes.deleteFeatureValues
BeyondCorp Enterprise Added beyondcorp.appConnections.create
beyondcorp.appConnections.delete
beyondcorp.appConnections.get
beyondcorp.appConnections.getIamPolicy
beyondcorp.appConnections.list
beyondcorp.appConnections.setIamPolicy
beyondcorp.appConnections.update
beyondcorp.appConnectors.create
beyondcorp.appConnectors.delete
beyondcorp.appConnectors.get
beyondcorp.appConnectors.getIamPolicy
beyondcorp.appConnectors.list
beyondcorp.appConnectors.reportStatus
beyondcorp.appConnectors.setIamPolicy
beyondcorp.appConnectors.update
beyondcorp.appGateways.create
beyondcorp.appGateways.delete
beyondcorp.appGateways.get
beyondcorp.appGateways.getIamPolicy
beyondcorp.appGateways.list
beyondcorp.appGateways.setIamPolicy
beyondcorp.appGateways.update
beyondcorp.clientConnectorServices.access
beyondcorp.clientConnectorServices.create
beyondcorp.clientConnectorServices.delete
beyondcorp.clientConnectorServices.get
beyondcorp.clientConnectorServices.getIamPolicy
beyondcorp.clientConnectorServices.list
beyondcorp.clientConnectorServices.setIamPolicy
beyondcorp.clientConnectorServices.update
beyondcorp.clientGateways.create
beyondcorp.clientGateways.delete
beyondcorp.clientGateways.get
beyondcorp.clientGateways.getIamPolicy
beyondcorp.clientGateways.list
beyondcorp.clientGateways.setIamPolicy
beyondcorp.locations.get
beyondcorp.locations.list
beyondcorp.operations.cancel
beyondcorp.operations.delete
beyondcorp.operations.get
beyondcorp.operations.list
BeyondCorp Enterprise Supported In Custom Roles beyondcorp.appConnections.create
beyondcorp.appConnections.delete
beyondcorp.appConnections.get
beyondcorp.appConnections.getIamPolicy
beyondcorp.appConnections.list
beyondcorp.appConnections.setIamPolicy
beyondcorp.appConnections.update
beyondcorp.appConnectors.create
beyondcorp.appConnectors.delete
beyondcorp.appConnectors.get
beyondcorp.appConnectors.getIamPolicy
beyondcorp.appConnectors.list
beyondcorp.appConnectors.reportStatus
beyondcorp.appConnectors.setIamPolicy
beyondcorp.appConnectors.update
beyondcorp.appGateways.create
beyondcorp.appGateways.delete
beyondcorp.appGateways.get
beyondcorp.appGateways.getIamPolicy
beyondcorp.appGateways.list
beyondcorp.appGateways.setIamPolicy
beyondcorp.appGateways.update
beyondcorp.clientConnectorServices.access
beyondcorp.clientConnectorServices.create
beyondcorp.clientConnectorServices.delete
beyondcorp.clientConnectorServices.get
beyondcorp.clientConnectorServices.getIamPolicy
beyondcorp.clientConnectorServices.list
beyondcorp.clientConnectorServices.setIamPolicy
beyondcorp.clientConnectorServices.update
beyondcorp.clientGateways.create
beyondcorp.clientGateways.delete
beyondcorp.clientGateways.get
beyondcorp.clientGateways.getIamPolicy
beyondcorp.clientGateways.list
beyondcorp.clientGateways.setIamPolicy
beyondcorp.locations.get
beyondcorp.locations.list
beyondcorp.operations.cancel
beyondcorp.operations.delete
beyondcorp.operations.get
beyondcorp.operations.list
Identity-Aware Proxy Now GA iap.tunnelDestGroups.accessViaIAP
iap.tunnelDestGroups.create
iap.tunnelDestGroups.delete
iap.tunnelDestGroups.get
iap.tunnelDestGroups.getIamPolicy
iap.tunnelDestGroups.list
iap.tunnelDestGroups.setIamPolicy
iap.tunnelDestGroups.update
iap.tunnelLocations.getIamPolicy
iap.tunnelLocations.setIamPolicy
Cloud Integrations Added integrations.authConfigs.create
integrations.authConfigs.delete
integrations.authConfigs.get
integrations.authConfigs.list
integrations.authConfigs.update
integrations.certificates.create
integrations.certificates.delete
integrations.certificates.get
integrations.certificates.list
integrations.certificates.update
integrations.executions.list
integrations.integrationVersions.create
integrations.integrationVersions.delete
integrations.integrationVersions.deploy
integrations.integrationVersions.get
integrations.integrationVersions.invoke
integrations.integrationVersions.list
integrations.integrationVersions.update
integrations.integrations.create
integrations.integrations.delete
integrations.integrations.deploy
integrations.integrations.get
integrations.integrations.invoke
integrations.integrations.list
integrations.integrations.update
integrations.sfdcChannels.create
integrations.sfdcChannels.delete
integrations.sfdcChannels.get
integrations.sfdcChannels.list
integrations.sfdcChannels.update
integrations.sfdcInstances.create
integrations.sfdcInstances.delete
integrations.sfdcInstances.get
integrations.sfdcInstances.list
integrations.sfdcInstances.update
integrations.suspensions.lift
integrations.suspensions.list
integrations.suspensions.resolve
Cloud Integrations Now GA integrations.authConfigs.create
integrations.authConfigs.delete
integrations.authConfigs.get
integrations.authConfigs.list
integrations.authConfigs.update
integrations.certificates.create
integrations.certificates.delete
integrations.certificates.get
integrations.certificates.list
integrations.certificates.update
integrations.executions.list
integrations.integrationVersions.create
integrations.integrationVersions.delete
integrations.integrationVersions.deploy
integrations.integrationVersions.get
integrations.integrationVersions.invoke
integrations.integrationVersions.list
integrations.integrationVersions.update
integrations.integrations.create
integrations.integrations.delete
integrations.integrations.deploy
integrations.integrations.get
integrations.integrations.invoke
integrations.integrations.list
integrations.integrations.update
integrations.sfdcChannels.create
integrations.sfdcChannels.delete
integrations.sfdcChannels.get
integrations.sfdcChannels.list
integrations.sfdcChannels.update
integrations.sfdcInstances.create
integrations.sfdcInstances.delete
integrations.sfdcInstances.get
integrations.sfdcInstances.list
integrations.sfdcInstances.update
integrations.suspensions.lift
integrations.suspensions.list
integrations.suspensions.resolve
Secured Landing Zone Added securedlandingzone.operations.get
securedlandingzone.overwatches.activate
securedlandingzone.overwatches.create
securedlandingzone.overwatches.delete
securedlandingzone.overwatches.get
securedlandingzone.overwatches.list
securedlandingzone.overwatches.suspend
securedlandingzone.overwatches.update
Secured Landing Zone Supported In Custom Roles securedlandingzone.overwatches.activate
securedlandingzone.overwatches.suspend
You are subscribed to email updates from Cloud IAM - Permissions Change Log.
To stop receiving these emails, you may unsubscribe now.		Email delivery powered by Google
Inbox too full? (feed) Subscribe to the feed version of Cloud IAM - Permissions Change Log in a feed reader.
Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States
Reply all
Reply to author
Forward
0 new messages