diff --git a/roles/aiplatform.admin b/roles/aiplatform.admin index 5812d3c5..4c3da024 100644 --- a/roles/aiplatform.admin +++ b/roles/aiplatform.admin @@ -39,6 +39,11 @@ "aiplatform.batchPredictionJobs.list", "aiplatform.cacheConfigs.get", "aiplatform.cacheConfigs.update", + "aiplatform.cachedContents.create", + "aiplatform.cachedContents.delete", + "aiplatform.cachedContents.get", + "aiplatform.cachedContents.list", + "aiplatform.cachedContents.update", "aiplatform.consents.get", "aiplatform.consents.update", "aiplatform.contexts.addContextArtifactsAndExecutions", diff --git a/roles/aiplatform.customCodeServiceAgent b/roles/aiplatform.customCodeServiceAgent index 97bc74c7..7e475d47 100644 --- a/roles/aiplatform.customCodeServiceAgent +++ b/roles/aiplatform.customCodeServiceAgent @@ -38,6 +38,11 @@ "aiplatform.batchPredictionJobs.get", "aiplatform.batchPredictionJobs.list", "aiplatform.cacheConfigs.get", + "aiplatform.cachedContents.create", + "aiplatform.cachedContents.delete", + "aiplatform.cachedContents.get", + "aiplatform.cachedContents.list", + "aiplatform.cachedContents.update", "aiplatform.consents.get", "aiplatform.contexts.addContextArtifactsAndExecutions", "aiplatform.contexts.addContextChildren", diff --git a/roles/aiplatform.extensionCustomCodeServiceAgent b/roles/aiplatform.extensionCustomCodeServiceAgent index 786d1dfa..4f701424 100644 --- a/roles/aiplatform.extensionCustomCodeServiceAgent +++ b/roles/aiplatform.extensionCustomCodeServiceAgent @@ -7,6 +7,11 @@ "orgpolicy.policy.get", "resourcemanager.projects.get", "resourcemanager.projects.list", + "storage.folders.create", + "storage.folders.delete", + "storage.folders.get", + "storage.folders.list", + "storage.folders.rename", "storage.managedFolders.create", "storage.managedFolders.delete", "storage.managedFolders.get", diff --git a/roles/aiplatform.user b/roles/aiplatform.user index 0e4c488a..dd7508f5 100644 --- a/roles/aiplatform.user +++ b/roles/aiplatform.user @@ -38,6 +38,11 @@ "aiplatform.batchPredictionJobs.get", "aiplatform.batchPredictionJobs.list", "aiplatform.cacheConfigs.get", + "aiplatform.cachedContents.create", + "aiplatform.cachedContents.delete", + "aiplatform.cachedContents.get", + "aiplatform.cachedContents.list", + "aiplatform.cachedContents.update", "aiplatform.consents.get", "aiplatform.contexts.addContextArtifactsAndExecutions", "aiplatform.contexts.addContextChildren", diff --git a/roles/billing.admin b/roles/billing.admin index e0aed70d..138f0d47 100644 --- a/roles/billing.admin +++ b/roles/billing.admin @@ -72,6 +72,11 @@ "consumerprocurement.consents.revoke", "consumerprocurement.events.get", "consumerprocurement.events.list", + "consumerprocurement.licensePools.assign", + "consumerprocurement.licensePools.enumerateLicensedUsers", + "consumerprocurement.licensePools.get", + "consumerprocurement.licensePools.unassign", + "consumerprocurement.licensePools.update", "consumerprocurement.orderAttributions.get", "consumerprocurement.orderAttributions.list", "consumerprocurement.orderAttributions.update", diff --git a/roles/cloudbuild.serviceAgent b/roles/cloudbuild.serviceAgent index ec751229..a14f4645 100644 --- a/roles/cloudbuild.serviceAgent +++ b/roles/cloudbuild.serviceAgent @@ -80,6 +80,7 @@ "containeranalysis.occurrences.get", "containeranalysis.occurrences.list", "containeranalysis.occurrences.update", + "developerconnect.connections.get", "iam.serviceAccounts.get", "iam.serviceAccounts.getAccessToken", "iam.serviceAccounts.getOpenIdToken", diff --git a/roles/cloudjobdiscovery.jobsEditor b/roles/cloudjobdiscovery.jobsEditor index b457a412..548659fe 100644 --- a/roles/cloudjobdiscovery.jobsEditor +++ b/roles/cloudjobdiscovery.jobsEditor @@ -22,5 +22,5 @@ ], "name": "roles/cloudjobdiscovery.jobsEditor", "stage": "GA", - "title": "Job Editor" + "title": "Cloud Talent Solution Job Editor" } diff --git a/roles/cloudjobdiscovery.jobsViewer b/roles/cloudjobdiscovery.jobsViewer index eaa94c8c..f9bff46a 100644 --- a/roles/cloudjobdiscovery.jobsViewer +++ b/roles/cloudjobdiscovery.jobsViewer @@ -12,5 +12,5 @@ ], "name": "roles/cloudjobdiscovery.jobsViewer", "stage": "GA", - "title": "Job Viewer" + "title": "Cloud Talent Solution Job Viewer" } diff --git a/roles/cloudjobdiscovery.profilesEditor b/roles/cloudjobdiscovery.profilesEditor index c491ce62..1d577c4d 100644 --- a/roles/cloudjobdiscovery.profilesEditor +++ b/roles/cloudjobdiscovery.profilesEditor @@ -17,5 +17,5 @@ ], "name": "roles/cloudjobdiscovery.profilesEditor", "stage": "GA", - "title": "Profile Editor" + "title": "Cloud Talent Solution Profile Editor" } diff --git a/roles/cloudjobdiscovery.profilesViewer b/roles/cloudjobdiscovery.profilesViewer index 6b0b0c8f..0944de09 100644 --- a/roles/cloudjobdiscovery.profilesViewer +++ b/roles/cloudjobdiscovery.profilesViewer @@ -10,5 +10,5 @@ ], "name": "roles/cloudjobdiscovery.profilesViewer", "stage": "GA", - "title": "Profile Viewer" + "title": "Cloud Talent Solution Profile Viewer" } diff --git a/roles/cloudsql.admin b/roles/cloudsql.admin index 634e7923..34dec3fa 100644 --- a/roles/cloudsql.admin +++ b/roles/cloudsql.admin @@ -7,6 +7,11 @@ "cloudsql.backupRuns.delete", "cloudsql.backupRuns.get", "cloudsql.backupRuns.list", + "cloudsql.backups.create", + "cloudsql.backups.delete", + "cloudsql.backups.get", + "cloudsql.backups.list", + "cloudsql.backups.update", "cloudsql.databases.create", "cloudsql.databases.delete", "cloudsql.databases.get", @@ -47,6 +52,8 @@ "cloudsql.instances.stopReplica", "cloudsql.instances.truncateLog", "cloudsql.instances.update", + "cloudsql.operations.get", + "cloudsql.operations.list", "cloudsql.schemas.view", "cloudsql.sslCerts.create", "cloudsql.sslCerts.delete", diff --git a/roles/cloudsql.editor b/roles/cloudsql.editor index 864ce047..168dbcfc 100644 --- a/roles/cloudsql.editor +++ b/roles/cloudsql.editor @@ -6,6 +6,10 @@ "cloudsql.backupRuns.create", "cloudsql.backupRuns.get", "cloudsql.backupRuns.list", + "cloudsql.backups.create", + "cloudsql.backups.get", + "cloudsql.backups.list", + "cloudsql.backups.update", "cloudsql.databases.create", "cloudsql.databases.get", "cloudsql.databases.list", @@ -31,6 +35,8 @@ "cloudsql.instances.rotateServerCertificate", "cloudsql.instances.truncateLog", "cloudsql.instances.update", + "cloudsql.operations.get", + "cloudsql.operations.list", "cloudsql.schemas.view", "cloudsql.sslCerts.get", "cloudsql.sslCerts.list", diff --git a/roles/cloudsql.viewer b/roles/cloudsql.viewer index 44e61a3b..6930c640 100644 --- a/roles/cloudsql.viewer +++ b/roles/cloudsql.viewer @@ -5,6 +5,8 @@ "cloudaicompanion.entitlements.get", "cloudsql.backupRuns.get", "cloudsql.backupRuns.list", + "cloudsql.backups.get", + "cloudsql.backups.list", "cloudsql.databases.get", "cloudsql.databases.list", "cloudsql.instances.export", @@ -15,6 +17,8 @@ "cloudsql.instances.listServerCas", "cloudsql.instances.listServerCertificates", "cloudsql.instances.listTagBindings", + "cloudsql.operations.get", + "cloudsql.operations.list", "cloudsql.sslCerts.get", "cloudsql.sslCerts.list", "cloudsql.users.get", diff --git a/roles/cloudtpu.serviceAgent b/roles/cloudtpu.serviceAgent index 645a2417..7ecaa042 100644 --- a/roles/cloudtpu.serviceAgent +++ b/roles/cloudtpu.serviceAgent @@ -493,7 +493,6 @@ "compute.regionTargetHttpProxies.listEffectiveTags", "compute.regionTargetHttpProxies.listTagBindings", "compute.regionTargetHttpProxies.setUrlMap", - "compute.regionTargetHttpProxies.update", "compute.regionTargetHttpProxies.use", "compute.regionTargetHttpsProxies.create", "compute.regionTargetHttpsProxies.createTagBinding", diff --git a/roles/cloudtrace.admin b/roles/cloudtrace.admin index 67f4d243..c9b72864 100644 --- a/roles/cloudtrace.admin +++ b/roles/cloudtrace.admin @@ -9,6 +9,11 @@ "cloudtrace.tasks.delete", "cloudtrace.tasks.get", "cloudtrace.tasks.list", + "cloudtrace.traceScopes.create", + "cloudtrace.traceScopes.delete", + "cloudtrace.traceScopes.get", + "cloudtrace.traceScopes.list", + "cloudtrace.traceScopes.update", "cloudtrace.traces.get", "cloudtrace.traces.list", "cloudtrace.traces.patch", diff --git a/roles/cloudtrace.user b/roles/cloudtrace.user index 268b8783..51c81494 100644 --- a/roles/cloudtrace.user +++ b/roles/cloudtrace.user @@ -9,6 +9,11 @@ "cloudtrace.tasks.delete", "cloudtrace.tasks.get", "cloudtrace.tasks.list", + "cloudtrace.traceScopes.create", + "cloudtrace.traceScopes.delete", + "cloudtrace.traceScopes.get", + "cloudtrace.traceScopes.list", + "cloudtrace.traceScopes.update", "cloudtrace.traces.get", "cloudtrace.traces.list", "observability.scopes.get", diff --git a/roles/composer.environmentAndStorageObjectAdmin b/roles/composer.environmentAndStorageObjectAdmin index 8be03989..b05315a3 100644 --- a/roles/composer.environmentAndStorageObjectAdmin +++ b/roles/composer.environmentAndStorageObjectAdmin @@ -32,6 +32,11 @@ "serviceusage.quotas.get", "serviceusage.services.get", "serviceusage.services.list", + "storage.folders.create", + "storage.folders.delete", + "storage.folders.get", + "storage.folders.list", + "storage.folders.rename", "storage.managedFolders.create", "storage.managedFolders.delete", "storage.managedFolders.get", diff --git a/roles/composer.environmentAndStorageObjectUser b/roles/composer.environmentAndStorageObjectUser index a109d564..7dede8bf 100644 --- a/roles/composer.environmentAndStorageObjectUser +++ b/roles/composer.environmentAndStorageObjectUser @@ -20,6 +20,8 @@ "serviceusage.quotas.get", "serviceusage.services.get", "serviceusage.services.list", + "storage.folders.get", + "storage.folders.list", "storage.managedFolders.get", "storage.managedFolders.list", "storage.objects.get", diff --git a/roles/composer.environmentAndStorageObjectViewer b/roles/composer.environmentAndStorageObjectViewer index b553ea83..b595b440 100644 --- a/roles/composer.environmentAndStorageObjectViewer +++ b/roles/composer.environmentAndStorageObjectViewer @@ -20,6 +20,8 @@ "serviceusage.quotas.get", "serviceusage.services.get", "serviceusage.services.list", + "storage.folders.get", + "storage.folders.list", "storage.managedFolders.get", "storage.managedFolders.list", "storage.objects.get", diff --git a/roles/composer.serviceAgent b/roles/composer.serviceAgent index 701c5cf8..aed344a1 100644 --- a/roles/composer.serviceAgent +++ b/roles/composer.serviceAgent @@ -36,6 +36,11 @@ "cloudsql.backupRuns.delete", "cloudsql.backupRuns.get", "cloudsql.backupRuns.list", + "cloudsql.backups.create", + "cloudsql.backups.delete", + "cloudsql.backups.get", + "cloudsql.backups.list", + "cloudsql.backups.update", "cloudsql.databases.create", "cloudsql.databases.delete", "cloudsql.databases.get", @@ -76,6 +81,8 @@ "cloudsql.instances.stopReplica", "cloudsql.instances.truncateLog", "cloudsql.instances.update", + "cloudsql.operations.get", + "cloudsql.operations.list", "cloudsql.schemas.view", "cloudsql.sslCerts.create", "cloudsql.sslCerts.delete", @@ -576,7 +583,6 @@ "compute.regionTargetHttpProxies.listEffectiveTags", "compute.regionTargetHttpProxies.listTagBindings", "compute.regionTargetHttpProxies.setUrlMap", - "compute.regionTargetHttpProxies.update", "compute.regionTargetHttpProxies.use", "compute.regionTargetHttpsProxies.create", "compute.regionTargetHttpsProxies.createTagBinding", @@ -1293,9 +1299,13 @@ "iam.serviceAccounts.getAccessToken", "iam.serviceAccounts.list", "logging.buckets.create", + "logging.buckets.createTagBinding", "logging.buckets.delete", + "logging.buckets.deleteTagBinding", "logging.buckets.get", "logging.buckets.list", + "logging.buckets.listEffectiveTags", + "logging.buckets.listTagBindings", "logging.buckets.undelete", "logging.buckets.update", "logging.exclusions.create", @@ -1746,6 +1756,11 @@ "storage.buckets.restore", "storage.buckets.setIamPolicy", "storage.buckets.update", + "storage.folders.create", + "storage.folders.delete", + "storage.folders.get", + "storage.folders.list", + "storage.folders.rename", "storage.managedFolders.create", "storage.managedFolders.delete", "storage.managedFolders.get", diff --git a/roles/composer.worker b/roles/composer.worker index 7c9460ab..60808f45 100644 --- a/roles/composer.worker +++ b/roles/composer.worker @@ -561,6 +561,11 @@ "storage.buckets.create", "storage.buckets.get", "storage.buckets.list", + "storage.folders.create", + "storage.folders.delete", + "storage.folders.get", + "storage.folders.list", + "storage.folders.rename", "storage.managedFolders.create", "storage.managedFolders.delete", "storage.managedFolders.get", diff --git a/roles/compute.admin b/roles/compute.admin index a7cee125..b78db6c1 100644 --- a/roles/compute.admin +++ b/roles/compute.admin @@ -380,13 +380,6 @@ "compute.machineImages.useReadOnly", "compute.machineTypes.get", "compute.machineTypes.list", - "compute.maintenancePolicies.create", - "compute.maintenancePolicies.delete", - "compute.maintenancePolicies.get", - "compute.maintenancePolicies.getIamPolicy", - "compute.maintenancePolicies.list", - "compute.maintenancePolicies.setIamPolicy", - "compute.maintenancePolicies.use", "compute.networkAttachments.create", "compute.networkAttachments.createTagBinding", "compute.networkAttachments.delete", @@ -602,7 +595,6 @@ "compute.regionTargetHttpProxies.listEffectiveTags", "compute.regionTargetHttpProxies.listTagBindings", "compute.regionTargetHttpProxies.setUrlMap", - "compute.regionTargetHttpProxies.update", "compute.regionTargetHttpProxies.use", "compute.regionTargetHttpsProxies.create", "compute.regionTargetHttpsProxies.createTagBinding", diff --git a/roles/compute.loadBalancerAdmin b/roles/compute.loadBalancerAdmin index bc068764..568f74ee 100644 --- a/roles/compute.loadBalancerAdmin +++ b/roles/compute.loadBalancerAdmin @@ -261,7 +261,6 @@ "compute.regionTargetHttpProxies.listEffectiveTags", "compute.regionTargetHttpProxies.listTagBindings", "compute.regionTargetHttpProxies.setUrlMap", - "compute.regionTargetHttpProxies.update", "compute.regionTargetHttpProxies.use", "compute.regionTargetHttpsProxies.create", "compute.regionTargetHttpsProxies.createTagBinding", diff --git a/roles/compute.networkAdmin b/roles/compute.networkAdmin index 5042d05d..62aab824 100644 --- a/roles/compute.networkAdmin +++ b/roles/compute.networkAdmin @@ -342,7 +342,6 @@ "compute.regionTargetHttpProxies.listEffectiveTags", "compute.regionTargetHttpProxies.listTagBindings", "compute.regionTargetHttpProxies.setUrlMap", - "compute.regionTargetHttpProxies.update", "compute.regionTargetHttpProxies.use", "compute.regionTargetHttpsProxies.create", "compute.regionTargetHttpsProxies.createTagBinding", diff --git a/roles/compute.viewer b/roles/compute.viewer index 7ba3e8b7..60077908 100644 --- a/roles/compute.viewer +++ b/roles/compute.viewer @@ -135,9 +135,6 @@ "compute.machineImages.list", "compute.machineTypes.get", "compute.machineTypes.list", - "compute.maintenancePolicies.get", - "compute.maintenancePolicies.getIamPolicy", - "compute.maintenancePolicies.list", "compute.networkAttachments.get", "compute.networkAttachments.getIamPolicy", "compute.networkAttachments.list", diff --git a/roles/container.serviceAgent b/roles/container.serviceAgent index 390c8ffd..2afaa6cd 100644 --- a/roles/container.serviceAgent +++ b/roles/container.serviceAgent @@ -565,7 +565,6 @@ "compute.regionTargetHttpProxies.listEffectiveTags", "compute.regionTargetHttpProxies.listTagBindings", "compute.regionTargetHttpProxies.setUrlMap", - "compute.regionTargetHttpProxies.update", "compute.regionTargetHttpProxies.use", "compute.regionTargetHttpsProxies.create", "compute.regionTargetHttpsProxies.createTagBinding", diff --git a/roles/dataflow.serviceAgent b/roles/dataflow.serviceAgent index 91e0c337..28af7d5b 100644 --- a/roles/dataflow.serviceAgent +++ b/roles/dataflow.serviceAgent @@ -604,7 +604,6 @@ "compute.regionTargetHttpProxies.listEffectiveTags", "compute.regionTargetHttpProxies.listTagBindings", "compute.regionTargetHttpProxies.setUrlMap", - "compute.regionTargetHttpProxies.update", "compute.regionTargetHttpProxies.use", "compute.regionTargetHttpsProxies.create", "compute.regionTargetHttpsProxies.createTagBinding", @@ -955,9 +954,13 @@ "iam.serviceAccounts.signBlob", "iam.serviceAccounts.signJwt", "logging.buckets.create", + "logging.buckets.createTagBinding", "logging.buckets.delete", + "logging.buckets.deleteTagBinding", "logging.buckets.get", "logging.buckets.list", + "logging.buckets.listEffectiveTags", + "logging.buckets.listTagBindings", "logging.buckets.undelete", "logging.buckets.update", "logging.exclusions.create", @@ -1346,6 +1349,11 @@ "storage.buckets.restore", "storage.buckets.setIamPolicy", "storage.buckets.update", + "storage.folders.create", + "storage.folders.delete", + "storage.folders.get", + "storage.folders.list", + "storage.folders.rename", "storage.managedFolders.create", "storage.managedFolders.delete", "storage.managedFolders.get", diff --git a/roles/datafusion.serviceAgent b/roles/datafusion.serviceAgent index a37c1cf2..efd6ed80 100644 --- a/roles/datafusion.serviceAgent +++ b/roles/datafusion.serviceAgent @@ -585,6 +585,11 @@ "storage.buckets.restore", "storage.buckets.setIamPolicy", "storage.buckets.update", + "storage.folders.create", + "storage.folders.delete", + "storage.folders.get", + "storage.folders.list", + "storage.folders.rename", "storage.managedFolders.create", "storage.managedFolders.delete", "storage.managedFolders.get", diff --git a/roles/datamigration.serviceAgent b/roles/datamigration.serviceAgent index f730e310..10e4e7a2 100644 --- a/roles/datamigration.serviceAgent +++ b/roles/datamigration.serviceAgent @@ -33,6 +33,7 @@ "cloudsql.instances.startReplica", "cloudsql.instances.stopReplica", "cloudsql.instances.update", + "cloudsql.operations.get", "compute.forwardingRules.use", "compute.globalAddresses.create", "compute.globalAddresses.createInternal", diff --git a/roles/dataplex.serviceAgent b/roles/dataplex.serviceAgent index a4d2cb98..41ac230b 100644 --- a/roles/dataplex.serviceAgent +++ b/roles/dataplex.serviceAgent @@ -249,6 +249,11 @@ "storage.buckets.restore", "storage.buckets.setIamPolicy", "storage.buckets.update", + "storage.folders.create", + "storage.folders.delete", + "storage.folders.get", + "storage.folders.list", + "storage.folders.rename", "storage.managedFolders.create", "storage.managedFolders.delete", "storage.managedFolders.get", diff --git a/roles/dataprep.serviceAgent b/roles/dataprep.serviceAgent index 42be41f4..62c34005 100644 --- a/roles/dataprep.serviceAgent +++ b/roles/dataprep.serviceAgent @@ -192,9 +192,6 @@ "compute.machineImages.list", "compute.machineTypes.get", "compute.machineTypes.list", - "compute.maintenancePolicies.get", - "compute.maintenancePolicies.getIamPolicy", - "compute.maintenancePolicies.list", "compute.networkAttachments.get", "compute.networkAttachments.getIamPolicy", "compute.networkAttachments.list", @@ -421,6 +418,11 @@ "serviceusage.services.list", "storage.buckets.get", "storage.buckets.list", + "storage.folders.create", + "storage.folders.delete", + "storage.folders.get", + "storage.folders.list", + "storage.folders.rename", "storage.managedFolders.create", "storage.managedFolders.delete", "storage.managedFolders.get", diff --git a/roles/dataproc.worker b/roles/dataproc.worker index 9f73f4d8..7c8d5868 100644 --- a/roles/dataproc.worker +++ b/roles/dataproc.worker @@ -24,6 +24,11 @@ "monitoring.monitoredResourceDescriptors.list", "monitoring.timeSeries.create", "storage.buckets.get", + "storage.folders.create", + "storage.folders.delete", + "storage.folders.get", + "storage.folders.list", + "storage.folders.rename", "storage.managedFolders.create", "storage.managedFolders.delete", "storage.managedFolders.get", diff --git a/roles/dialogflow.serviceAgent b/roles/dialogflow.serviceAgent index 6e6bc369..4ec3a15d 100644 --- a/roles/dialogflow.serviceAgent +++ b/roles/dialogflow.serviceAgent @@ -25,6 +25,7 @@ "connectors.entities.update", "connectors.entities.updateEntitiesWithConditions", "connectors.entityTypes.list", + "connectors.operations.get", "connectors.versions.get", "dialogflow.agents.export", "dialogflow.agents.get", @@ -117,6 +118,7 @@ "dialogflow.webhooks.get", "dialogflow.webhooks.list", "discoveryengine.collections.list", + "discoveryengine.dataStores.create", "discoveryengine.dataStores.list", "discoveryengine.engines.create", "discoveryengine.engines.delete", @@ -154,6 +156,8 @@ "speech.phraseSets.list", "speech.recognizers.get", "speech.recognizers.list", + "storage.folders.get", + "storage.folders.list", "storage.managedFolders.get", "storage.managedFolders.list", "storage.objects.create", diff --git a/roles/dlp.orgdriver b/roles/dlp.orgdriver index d44b01e8..f4a16ed5 100644 --- a/roles/dlp.orgdriver +++ b/roles/dlp.orgdriver @@ -2,6 +2,141 @@ "description": "Permissions needed by the DLP service account to generate data profiles within an organization or folder.", "etag": "AA==", "includedPermissions": [ + "aiplatform.agentExamples.get", + "aiplatform.agentExamples.list", + "aiplatform.agents.get", + "aiplatform.agents.list", + "aiplatform.annotationSpecs.get", + "aiplatform.annotationSpecs.list", + "aiplatform.annotations.get", + "aiplatform.annotations.list", + "aiplatform.apps.get", + "aiplatform.apps.list", + "aiplatform.artifacts.get", + "aiplatform.artifacts.list", + "aiplatform.batchPredictionJobs.get", + "aiplatform.batchPredictionJobs.list", + "aiplatform.cacheConfigs.get", + "aiplatform.cachedContents.get", + "aiplatform.cachedContents.list", + "aiplatform.consents.get", + "aiplatform.contexts.get", + "aiplatform.contexts.list", + "aiplatform.contexts.queryContextLineageSubgraph", + "aiplatform.customJobs.get", + "aiplatform.customJobs.list", + "aiplatform.dataItems.get", + "aiplatform.dataItems.list", + "aiplatform.dataLabelingJobs.get", + "aiplatform.dataLabelingJobs.list", + "aiplatform.datasetVersions.get", + "aiplatform.datasetVersions.list", + "aiplatform.datasets.get", + "aiplatform.datasets.list", + "aiplatform.deploymentResourcePools.get", + "aiplatform.deploymentResourcePools.list", + "aiplatform.deploymentResourcePools.queryDeployedModels", + "aiplatform.edgeDeploymentJobs.get", + "aiplatform.edgeDeploymentJobs.list", + "aiplatform.edgeDeviceDebugInfo.get", + "aiplatform.edgeDevices.get", + "aiplatform.edgeDevices.list", + "aiplatform.endpoints.get", + "aiplatform.endpoints.list", + "aiplatform.entityTypes.get", + "aiplatform.entityTypes.list", + "aiplatform.executions.get", + "aiplatform.executions.list", + "aiplatform.executions.queryExecutionInputsAndOutputs", + "aiplatform.extensions.get", + "aiplatform.extensions.list", + "aiplatform.featureGroups.get", + "aiplatform.featureGroups.list", + "aiplatform.featureOnlineStores.get", + "aiplatform.featureOnlineStores.list", + "aiplatform.featureViewSyncs.get", + "aiplatform.featureViewSyncs.list", + "aiplatform.featureViews.fetchFeatureValues", + "aiplatform.featureViews.get", + "aiplatform.featureViews.list", + "aiplatform.featureViews.searchNearestEntities", + "aiplatform.features.get", + "aiplatform.features.list", + "aiplatform.featurestores.get", + "aiplatform.featurestores.list", + "aiplatform.humanInTheLoops.get", + "aiplatform.humanInTheLoops.list", + "aiplatform.hyperparameterTuningJobs.get", + "aiplatform.hyperparameterTuningJobs.list", + "aiplatform.indexEndpoints.get", + "aiplatform.indexEndpoints.list", + "aiplatform.indexEndpoints.queryVectors", + "aiplatform.indexes.get", + "aiplatform.indexes.list", + "aiplatform.locations.get", + "aiplatform.locations.list", + "aiplatform.metadataSchemas.get", + "aiplatform.metadataSchemas.list", + "aiplatform.metadataStores.get", + "aiplatform.metadataStores.list", + "aiplatform.modelDeploymentMonitoringJobs.get", + "aiplatform.modelDeploymentMonitoringJobs.list", + "aiplatform.modelDeploymentMonitoringJobs.searchStatsAnomalies", + "aiplatform.modelEvaluationSlices.get", + "aiplatform.modelEvaluationSlices.list", + "aiplatform.modelEvaluations.get", + "aiplatform.modelEvaluations.list", + "aiplatform.modelMonitoringJobs.get", + "aiplatform.modelMonitoringJobs.list", + "aiplatform.modelMonitors.get", + "aiplatform.modelMonitors.list", + "aiplatform.modelMonitors.searchModelMonitoringAlerts", + "aiplatform.modelMonitors.searchModelMonitoringStats", + "aiplatform.models.get", + "aiplatform.models.list", + "aiplatform.nasJobs.get", + "aiplatform.nasJobs.list", + "aiplatform.nasTrialDetails.get", + "aiplatform.nasTrialDetails.list", + "aiplatform.notebookExecutionJobs.get", + "aiplatform.notebookExecutionJobs.list", + "aiplatform.notebookRuntimeTemplates.get", + "aiplatform.notebookRuntimeTemplates.list", + "aiplatform.notebookRuntimes.get", + "aiplatform.notebookRuntimes.list", + "aiplatform.operations.list", + "aiplatform.persistentResources.get", + "aiplatform.persistentResources.list", + "aiplatform.pipelineJobs.get", + "aiplatform.pipelineJobs.list", + "aiplatform.reasoningEngines.get", + "aiplatform.reasoningEngines.list", + "aiplatform.reasoningEngines.query", + "aiplatform.schedules.get", + "aiplatform.schedules.list", + "aiplatform.sessions.get", + "aiplatform.sessions.list", + "aiplatform.specialistPools.get", + "aiplatform.specialistPools.list", + "aiplatform.specialistPools.update", + "aiplatform.studies.get", + "aiplatform.studies.list", + "aiplatform.tensorboardExperiments.get", + "aiplatform.tensorboardExperiments.list", + "aiplatform.tensorboardRuns.get", + "aiplatform.tensorboardRuns.list", + "aiplatform.tensorboardTimeSeries.batchRead", + "aiplatform.tensorboardTimeSeries.get", + "aiplatform.tensorboardTimeSeries.list", + "aiplatform.tensorboardTimeSeries.read", + "aiplatform.tensorboards.get", + "aiplatform.tensorboards.list", + "aiplatform.trainingPipelines.get", + "aiplatform.trainingPipelines.list", + "aiplatform.trials.get", + "aiplatform.trials.list", + "aiplatform.tuningJobs.get", + "aiplatform.tuningJobs.list", "alloydb.backups.createTagBinding", "alloydb.backups.deleteTagBinding", "alloydb.backups.listEffectiveTags", @@ -1003,6 +1138,10 @@ "iam.serviceAccounts.deleteTagBinding", "iam.serviceAccounts.listEffectiveTags", "iam.serviceAccounts.listTagBindings", + "logging.buckets.createTagBinding", + "logging.buckets.deleteTagBinding", + "logging.buckets.listEffectiveTags", + "logging.buckets.listTagBindings", "managedidentities.domains.createTagBinding", "managedidentities.domains.deleteTagBinding", "managedidentities.domains.listEffectiveTags", @@ -1050,6 +1189,8 @@ "storage.buckets.getIamPolicy", "storage.buckets.listEffectiveTags", "storage.buckets.listTagBindings", + "storage.folders.get", + "storage.folders.list", "storage.managedFolders.get", "storage.managedFolders.list", "storage.objects.get", diff --git a/roles/dlp.projectdriver b/roles/dlp.projectdriver index 440f2d6c..262fce50 100644 --- a/roles/dlp.projectdriver +++ b/roles/dlp.projectdriver @@ -2,6 +2,141 @@ "description": "Permissions needed by the DLP service account to generate data profiles within a project.", "etag": "AA==", "includedPermissions": [ + "aiplatform.agentExamples.get", + "aiplatform.agentExamples.list", + "aiplatform.agents.get", + "aiplatform.agents.list", + "aiplatform.annotationSpecs.get", + "aiplatform.annotationSpecs.list", + "aiplatform.annotations.get", + "aiplatform.annotations.list", + "aiplatform.apps.get", + "aiplatform.apps.list", + "aiplatform.artifacts.get", + "aiplatform.artifacts.list", + "aiplatform.batchPredictionJobs.get", + "aiplatform.batchPredictionJobs.list", + "aiplatform.cacheConfigs.get", + "aiplatform.cachedContents.get", + "aiplatform.cachedContents.list", + "aiplatform.consents.get", + "aiplatform.contexts.get", + "aiplatform.contexts.list", + "aiplatform.contexts.queryContextLineageSubgraph", + "aiplatform.customJobs.get", + "aiplatform.customJobs.list", + "aiplatform.dataItems.get", + "aiplatform.dataItems.list", + "aiplatform.dataLabelingJobs.get", + "aiplatform.dataLabelingJobs.list", + "aiplatform.datasetVersions.get", + "aiplatform.datasetVersions.list", + "aiplatform.datasets.get", + "aiplatform.datasets.list", + "aiplatform.deploymentResourcePools.get", + "aiplatform.deploymentResourcePools.list", + "aiplatform.deploymentResourcePools.queryDeployedModels", + "aiplatform.edgeDeploymentJobs.get", + "aiplatform.edgeDeploymentJobs.list", + "aiplatform.edgeDeviceDebugInfo.get", + "aiplatform.edgeDevices.get", + "aiplatform.edgeDevices.list", + "aiplatform.endpoints.get", + "aiplatform.endpoints.list", + "aiplatform.entityTypes.get", + "aiplatform.entityTypes.list", + "aiplatform.executions.get", + "aiplatform.executions.list", + "aiplatform.executions.queryExecutionInputsAndOutputs", + "aiplatform.extensions.get", + "aiplatform.extensions.list", + "aiplatform.featureGroups.get", + "aiplatform.featureGroups.list", + "aiplatform.featureOnlineStores.get", + "aiplatform.featureOnlineStores.list", + "aiplatform.featureViewSyncs.get", + "aiplatform.featureViewSyncs.list", + "aiplatform.featureViews.fetchFeatureValues", + "aiplatform.featureViews.get", + "aiplatform.featureViews.list", + "aiplatform.featureViews.searchNearestEntities", + "aiplatform.features.get", + "aiplatform.features.list", + "aiplatform.featurestores.get", + "aiplatform.featurestores.list", + "aiplatform.humanInTheLoops.get", + "aiplatform.humanInTheLoops.list", + "aiplatform.hyperparameterTuningJobs.get", + "aiplatform.hyperparameterTuningJobs.list", + "aiplatform.indexEndpoints.get", + "aiplatform.indexEndpoints.list", + "aiplatform.indexEndpoints.queryVectors", + "aiplatform.indexes.get", + "aiplatform.indexes.list", + "aiplatform.locations.get", + "aiplatform.locations.list", + "aiplatform.metadataSchemas.get", + "aiplatform.metadataSchemas.list", + "aiplatform.metadataStores.get", + "aiplatform.metadataStores.list", + "aiplatform.modelDeploymentMonitoringJobs.get", + "aiplatform.modelDeploymentMonitoringJobs.list", + "aiplatform.modelDeploymentMonitoringJobs.searchStatsAnomalies", + "aiplatform.modelEvaluationSlices.get", + "aiplatform.modelEvaluationSlices.list", + "aiplatform.modelEvaluations.get", + "aiplatform.modelEvaluations.list", + "aiplatform.modelMonitoringJobs.get", + "aiplatform.modelMonitoringJobs.list", + "aiplatform.modelMonitors.get", + "aiplatform.modelMonitors.list", + "aiplatform.modelMonitors.searchModelMonitoringAlerts", + "aiplatform.modelMonitors.searchModelMonitoringStats", + "aiplatform.models.get", + "aiplatform.models.list", + "aiplatform.nasJobs.get", + "aiplatform.nasJobs.list", + "aiplatform.nasTrialDetails.get", + "aiplatform.nasTrialDetails.list", + "aiplatform.notebookExecutionJobs.get", + "aiplatform.notebookExecutionJobs.list", + "aiplatform.notebookRuntimeTemplates.get", + "aiplatform.notebookRuntimeTemplates.list", + "aiplatform.notebookRuntimes.get", + "aiplatform.notebookRuntimes.list", + "aiplatform.operations.list", + "aiplatform.persistentResources.get", + "aiplatform.persistentResources.list", + "aiplatform.pipelineJobs.get", + "aiplatform.pipelineJobs.list", + "aiplatform.reasoningEngines.get", + "aiplatform.reasoningEngines.list", + "aiplatform.reasoningEngines.query", + "aiplatform.schedules.get", + "aiplatform.schedules.list", + "aiplatform.sessions.get", + "aiplatform.sessions.list", + "aiplatform.specialistPools.get", + "aiplatform.specialistPools.list", + "aiplatform.specialistPools.update", + "aiplatform.studies.get", + "aiplatform.studies.list", + "aiplatform.tensorboardExperiments.get", + "aiplatform.tensorboardExperiments.list", + "aiplatform.tensorboardRuns.get", + "aiplatform.tensorboardRuns.list", + "aiplatform.tensorboardTimeSeries.batchRead", + "aiplatform.tensorboardTimeSeries.get", + "aiplatform.tensorboardTimeSeries.list", + "aiplatform.tensorboardTimeSeries.read", + "aiplatform.tensorboards.get", + "aiplatform.tensorboards.list", + "aiplatform.trainingPipelines.get", + "aiplatform.trainingPipelines.list", + "aiplatform.trials.get", + "aiplatform.trials.list", + "aiplatform.tuningJobs.get", + "aiplatform.tuningJobs.list", "alloydb.backups.createTagBinding", "alloydb.backups.deleteTagBinding", "alloydb.backups.listEffectiveTags", @@ -1003,6 +1138,10 @@ "iam.serviceAccounts.deleteTagBinding", "iam.serviceAccounts.listEffectiveTags", "iam.serviceAccounts.listTagBindings", + "logging.buckets.createTagBinding", + "logging.buckets.deleteTagBinding", + "logging.buckets.listEffectiveTags", + "logging.buckets.listTagBindings", "managedidentities.domains.createTagBinding", "managedidentities.domains.deleteTagBinding", "managedidentities.domains.listEffectiveTags", @@ -1050,6 +1189,8 @@ "storage.buckets.getIamPolicy", "storage.buckets.listEffectiveTags", "storage.buckets.listTagBindings", + "storage.folders.get", + "storage.folders.list", "storage.managedFolders.get", "storage.managedFolders.list", "storage.objects.get", diff --git a/roles/dlp.serviceAgent b/roles/dlp.serviceAgent index 3112db5b..2e070eb8 100644 --- a/roles/dlp.serviceAgent +++ b/roles/dlp.serviceAgent @@ -203,6 +203,11 @@ "storage.buckets.restore", "storage.buckets.setIamPolicy", "storage.buckets.update", + "storage.folders.create", + "storage.folders.delete", + "storage.folders.get", + "storage.folders.list", + "storage.folders.rename", "storage.managedFolders.create", "storage.managedFolders.delete", "storage.managedFolders.get", diff --git a/roles/firebase.developAdmin b/roles/firebase.developAdmin index 8b6044e6..cd449126 100644 --- a/roles/firebase.developAdmin +++ b/roles/firebase.developAdmin @@ -419,6 +419,11 @@ "storage.buckets.restore", "storage.buckets.setIamPolicy", "storage.buckets.update", + "storage.folders.create", + "storage.folders.delete", + "storage.folders.get", + "storage.folders.list", + "storage.folders.rename", "storage.managedFolders.create", "storage.managedFolders.delete", "storage.managedFolders.get", diff --git a/roles/firebase.sdkAdminServiceAgent b/roles/firebase.sdkAdminServiceAgent index 87973300..9d03c4d2 100644 --- a/roles/firebase.sdkAdminServiceAgent +++ b/roles/firebase.sdkAdminServiceAgent @@ -137,6 +137,11 @@ "storage.buckets.get", "storage.buckets.list", "storage.buckets.update", + "storage.folders.create", + "storage.folders.delete", + "storage.folders.get", + "storage.folders.list", + "storage.folders.rename", "storage.managedFolders.create", "storage.managedFolders.delete", "storage.managedFolders.get", diff --git a/roles/iam.securityAdmin b/roles/iam.securityAdmin index be5c1692..91522a06 100644 --- a/roles/iam.securityAdmin +++ b/roles/iam.securityAdmin @@ -20,6 +20,7 @@ "aiplatform.apps.list", "aiplatform.artifacts.list", "aiplatform.batchPredictionJobs.list", + "aiplatform.cachedContents.list", "aiplatform.contexts.list", "aiplatform.customJobs.list", "aiplatform.dataItems.list", @@ -544,8 +545,10 @@ "cloudsecurityscanner.scanruns.list", "cloudsecurityscanner.scans.list", "cloudsql.backupRuns.list", + "cloudsql.backups.list", "cloudsql.databases.list", "cloudsql.instances.list", + "cloudsql.operations.list", "cloudsql.sslCerts.list", "cloudsql.users.list", "cloudsupport.accounts.getIamPolicy", @@ -563,6 +566,7 @@ "cloudtoolresults.steps.list", "cloudtrace.insights.list", "cloudtrace.tasks.list", + "cloudtrace.traceScopes.list", "cloudtrace.traces.list", "cloudtranslate.adaptiveMtDatasets.list", "cloudtranslate.adaptiveMtFiles.list", @@ -664,9 +668,6 @@ "compute.machineImages.list", "compute.machineImages.setIamPolicy", "compute.machineTypes.list", - "compute.maintenancePolicies.getIamPolicy", - "compute.maintenancePolicies.list", - "compute.maintenancePolicies.setIamPolicy", "compute.networkAttachments.getIamPolicy", "compute.networkAttachments.list", "compute.networkAttachments.setIamPolicy", @@ -1653,6 +1654,10 @@ "networksecurity.gatewaySecurityPolicies.list", "networksecurity.gatewaySecurityPolicyRules.list", "networksecurity.locations.list", + "networksecurity.mirroringDeploymentGroups.list", + "networksecurity.mirroringDeployments.list", + "networksecurity.mirroringEndpointGroupAssociations.list", + "networksecurity.mirroringEndpointGroups.list", "networksecurity.operations.list", "networksecurity.securityProfileGroups.list", "networksecurity.securityProfiles.list", @@ -2088,6 +2093,7 @@ "storage.buckets.getIamPolicy", "storage.buckets.list", "storage.buckets.setIamPolicy", + "storage.folders.list", "storage.hmacKeys.list", "storage.managedFolders.getIamPolicy", "storage.managedFolders.list", diff --git a/roles/iam.securityReviewer b/roles/iam.securityReviewer index 7551a719..45c68c18 100644 --- a/roles/iam.securityReviewer +++ b/roles/iam.securityReviewer @@ -19,6 +19,7 @@ "aiplatform.apps.list", "aiplatform.artifacts.list", "aiplatform.batchPredictionJobs.list", + "aiplatform.cachedContents.list", "aiplatform.contexts.list", "aiplatform.customJobs.list", "aiplatform.dataItems.list", @@ -482,8 +483,10 @@ "cloudsecurityscanner.scanruns.list", "cloudsecurityscanner.scans.list", "cloudsql.backupRuns.list", + "cloudsql.backups.list", "cloudsql.databases.list", "cloudsql.instances.list", + "cloudsql.operations.list", "cloudsql.sslCerts.list", "cloudsql.users.list", "cloudsupport.accounts.getIamPolicy", @@ -499,6 +502,7 @@ "cloudtoolresults.steps.list", "cloudtrace.insights.list", "cloudtrace.tasks.list", + "cloudtrace.traceScopes.list", "cloudtrace.traces.list", "cloudtranslate.adaptiveMtDatasets.list", "cloudtranslate.adaptiveMtFiles.list", @@ -587,8 +591,6 @@ "compute.machineImages.getIamPolicy", "compute.machineImages.list", "compute.machineTypes.list", - "compute.maintenancePolicies.getIamPolicy", - "compute.maintenancePolicies.list", "compute.networkAttachments.getIamPolicy", "compute.networkAttachments.list", "compute.networkEdgeSecurityServices.list", @@ -1440,6 +1442,10 @@ "networksecurity.gatewaySecurityPolicies.list", "networksecurity.gatewaySecurityPolicyRules.list", "networksecurity.locations.list", + "networksecurity.mirroringDeploymentGroups.list", + "networksecurity.mirroringDeployments.list", + "networksecurity.mirroringEndpointGroupAssociations.list", + "networksecurity.mirroringEndpointGroups.list", "networksecurity.operations.list", "networksecurity.securityProfileGroups.list", "networksecurity.securityProfiles.list", @@ -1825,6 +1831,7 @@ "storage.bucketOperations.list", "storage.buckets.getIamPolicy", "storage.buckets.list", + "storage.folders.list", "storage.hmacKeys.list", "storage.managedFolders.getIamPolicy", "storage.managedFolders.list", diff --git a/roles/logging.admin b/roles/logging.admin index ef6f410b..7a7f7532 100644 --- a/roles/logging.admin +++ b/roles/logging.admin @@ -4,9 +4,13 @@ "includedPermissions": [ "logging.buckets.copyLogEntries", "logging.buckets.create", + "logging.buckets.createTagBinding", "logging.buckets.delete", + "logging.buckets.deleteTagBinding", "logging.buckets.get", "logging.buckets.list", + "logging.buckets.listEffectiveTags", + "logging.buckets.listTagBindings", "logging.buckets.undelete", "logging.buckets.update", "logging.exclusions.create", diff --git a/roles/logging.configWriter b/roles/logging.configWriter index dfd40791..a0c8492d 100644 --- a/roles/logging.configWriter +++ b/roles/logging.configWriter @@ -3,9 +3,13 @@ "etag": "AA==", "includedPermissions": [ "logging.buckets.create", + "logging.buckets.createTagBinding", "logging.buckets.delete", + "logging.buckets.deleteTagBinding", "logging.buckets.get", "logging.buckets.list", + "logging.buckets.listEffectiveTags", + "logging.buckets.listTagBindings", "logging.buckets.undelete", "logging.buckets.update", "logging.exclusions.create", diff --git a/roles/logging.sqlAlertWriter b/roles/logging.sqlAlertWriter new file mode 100644 index 00000000..d35a9829 --- /dev/null +++ b/roles/logging.sqlAlertWriter @@ -0,0 +1,7 @@ +{ + "description": "Ability to write SQL Alerts.", + "etag": "AA==", + "name": "roles/logging.sqlAlertWriter", + "stage": "ALPHA", + "title": "SQL Alert Writer" +} diff --git a/roles/ml.serviceAgent b/roles/ml.serviceAgent index 1b0d87b3..e28aefd6 100644 --- a/roles/ml.serviceAgent +++ b/roles/ml.serviceAgent @@ -93,6 +93,11 @@ "storage.buckets.restore", "storage.buckets.setIamPolicy", "storage.buckets.update", + "storage.folders.create", + "storage.folders.delete", + "storage.folders.get", + "storage.folders.list", + "storage.folders.rename", "storage.managedFolders.create", "storage.managedFolders.delete", "storage.managedFolders.get", diff --git a/roles/networksecurity.mirroringDeploymentAdmin b/roles/networksecurity.mirroringDeploymentAdmin index afe31725..1d1deca3 100644 --- a/roles/networksecurity.mirroringDeploymentAdmin +++ b/roles/networksecurity.mirroringDeploymentAdmin @@ -2,10 +2,21 @@ "description": "Enables full access to mirroring resources on the Producer's side.", "etag": "AA==", "includedPermissions": [ + "networksecurity.mirroringDeploymentGroups.create", + "networksecurity.mirroringDeploymentGroups.delete", + "networksecurity.mirroringDeploymentGroups.get", + "networksecurity.mirroringDeploymentGroups.list", + "networksecurity.mirroringDeploymentGroups.update", + "networksecurity.mirroringDeploymentGroups.use", + "networksecurity.mirroringDeployments.create", + "networksecurity.mirroringDeployments.delete", + "networksecurity.mirroringDeployments.get", + "networksecurity.mirroringDeployments.list", + "networksecurity.mirroringDeployments.update", "resourcemanager.projects.get", "resourcemanager.projects.list" ], "name": "roles/networksecurity.mirroringDeploymentAdmin", - "stage": "ALPHA", + "stage": "BETA", "title": "Mirroring Deployment Admin" } diff --git a/roles/networksecurity.mirroringDeploymentUser b/roles/networksecurity.mirroringDeploymentUser index c55136c6..01b3fbb2 100644 --- a/roles/networksecurity.mirroringDeploymentUser +++ b/roles/networksecurity.mirroringDeploymentUser @@ -1,7 +1,12 @@ { "description": "Allows a consumer to connect their mirroringEndpointGroup to the Producer's mirroringDeploymentGroup.", "etag": "AA==", + "includedPermissions": [ + "networksecurity.mirroringDeploymentGroups.get", + "networksecurity.mirroringDeploymentGroups.list", + "networksecurity.mirroringDeploymentGroups.use" + ], "name": "roles/networksecurity.mirroringDeploymentUser", - "stage": "ALPHA", + "stage": "BETA", "title": "Mirroring Deployment User" } diff --git a/roles/networksecurity.mirroringDeploymentViewer b/roles/networksecurity.mirroringDeploymentViewer index ee11b8b1..b7bc4cc7 100644 --- a/roles/networksecurity.mirroringDeploymentViewer +++ b/roles/networksecurity.mirroringDeploymentViewer @@ -2,10 +2,14 @@ "description": "Enables read-only access to mirroring resources on the Producer's side.", "etag": "AA==", "includedPermissions": [ + "networksecurity.mirroringDeploymentGroups.get", + "networksecurity.mirroringDeploymentGroups.list", + "networksecurity.mirroringDeployments.get", + "networksecurity.mirroringDeployments.list", "resourcemanager.projects.get", "resourcemanager.projects.list" ], "name": "roles/networksecurity.mirroringDeploymentViewer", - "stage": "ALPHA", + "stage": "BETA", "title": "Mirroring Deployment Viewer" } diff --git a/roles/networksecurity.mirroringEndpointAdmin b/roles/networksecurity.mirroringEndpointAdmin index 994c80c6..0b73794f 100644 --- a/roles/networksecurity.mirroringEndpointAdmin +++ b/roles/networksecurity.mirroringEndpointAdmin @@ -2,10 +2,21 @@ "description": "Enables full access to mirroring resources on the consumer's side.", "etag": "AA==", "includedPermissions": [ + "networksecurity.mirroringEndpointGroupAssociations.create", + "networksecurity.mirroringEndpointGroupAssociations.delete", + "networksecurity.mirroringEndpointGroupAssociations.get", + "networksecurity.mirroringEndpointGroupAssociations.list", + "networksecurity.mirroringEndpointGroupAssociations.update", + "networksecurity.mirroringEndpointGroups.create", + "networksecurity.mirroringEndpointGroups.delete", + "networksecurity.mirroringEndpointGroups.get", + "networksecurity.mirroringEndpointGroups.list", + "networksecurity.mirroringEndpointGroups.update", + "networksecurity.mirroringEndpointGroups.use", "resourcemanager.projects.get", "resourcemanager.projects.list" ], "name": "roles/networksecurity.mirroringEndpointAdmin", - "stage": "ALPHA", + "stage": "BETA", "title": "Mirroring Endpoint Admin" } diff --git a/roles/networksecurity.mirroringEndpointUser b/roles/networksecurity.mirroringEndpointUser index d3bbdf55..893f9d58 100644 --- a/roles/networksecurity.mirroringEndpointUser +++ b/roles/networksecurity.mirroringEndpointUser @@ -1,7 +1,12 @@ { "description": "Allows a consumer to connect their networks to a mirroringEndpointGroup.", "etag": "AA==", + "includedPermissions": [ + "networksecurity.mirroringEndpointGroups.get", + "networksecurity.mirroringEndpointGroups.list", + "networksecurity.mirroringEndpointGroups.use" + ], "name": "roles/networksecurity.mirroringEndpointUser", - "stage": "ALPHA", + "stage": "BETA", "title": "Mirroring Endpoint User" } diff --git a/roles/notebooks.admin b/roles/notebooks.admin index 5022dcc9..1c7c70e8 100644 --- a/roles/notebooks.admin +++ b/roles/notebooks.admin @@ -146,9 +146,6 @@ "compute.machineImages.list", "compute.machineTypes.get", "compute.machineTypes.list", - "compute.maintenancePolicies.get", - "compute.maintenancePolicies.getIamPolicy", - "compute.maintenancePolicies.list", "compute.networkAttachments.get", "compute.networkAttachments.getIamPolicy", "compute.networkAttachments.list", diff --git a/roles/notebooks.legacyAdmin b/roles/notebooks.legacyAdmin index b2708800..6391ab03 100644 --- a/roles/notebooks.legacyAdmin +++ b/roles/notebooks.legacyAdmin @@ -380,13 +380,6 @@ "compute.machineImages.useReadOnly", "compute.machineTypes.get", "compute.machineTypes.list", - "compute.maintenancePolicies.create", - "compute.maintenancePolicies.delete", - "compute.maintenancePolicies.get", - "compute.maintenancePolicies.getIamPolicy", - "compute.maintenancePolicies.list", - "compute.maintenancePolicies.setIamPolicy", - "compute.maintenancePolicies.use", "compute.networkAttachments.create", "compute.networkAttachments.createTagBinding", "compute.networkAttachments.delete", @@ -602,7 +595,6 @@ "compute.regionTargetHttpProxies.listEffectiveTags", "compute.regionTargetHttpProxies.listTagBindings", "compute.regionTargetHttpProxies.setUrlMap", - "compute.regionTargetHttpProxies.update", "compute.regionTargetHttpProxies.use", "compute.regionTargetHttpsProxies.create", "compute.regionTargetHttpsProxies.createTagBinding", diff --git a/roles/notebooks.legacyViewer b/roles/notebooks.legacyViewer index 2b92e878..f6b560e6 100644 --- a/roles/notebooks.legacyViewer +++ b/roles/notebooks.legacyViewer @@ -135,9 +135,6 @@ "compute.machineImages.list", "compute.machineTypes.get", "compute.machineTypes.list", - "compute.maintenancePolicies.get", - "compute.maintenancePolicies.getIamPolicy", - "compute.maintenancePolicies.list", "compute.networkAttachments.get", "compute.networkAttachments.getIamPolicy", "compute.networkAttachments.list", diff --git a/roles/notebooks.runner b/roles/notebooks.runner index 1db0c646..2149607d 100644 --- a/roles/notebooks.runner +++ b/roles/notebooks.runner @@ -146,9 +146,6 @@ "compute.machineImages.list", "compute.machineTypes.get", "compute.machineTypes.list", - "compute.maintenancePolicies.get", - "compute.maintenancePolicies.getIamPolicy", - "compute.maintenancePolicies.list", "compute.networkAttachments.get", "compute.networkAttachments.getIamPolicy", "compute.networkAttachments.list", diff --git a/roles/notebooks.serviceAgent b/roles/notebooks.serviceAgent index da5e6581..f277b55c 100644 --- a/roles/notebooks.serviceAgent +++ b/roles/notebooks.serviceAgent @@ -268,9 +268,6 @@ "compute.machineImages.useReadOnly", "compute.machineTypes.get", "compute.machineTypes.list", - "compute.maintenancePolicies.get", - "compute.maintenancePolicies.getIamPolicy", - "compute.maintenancePolicies.list", "compute.networkAttachments.get", "compute.networkAttachments.getIamPolicy", "compute.networkAttachments.list", diff --git a/roles/notebooks.viewer b/roles/notebooks.viewer index 2034a59d..7d584352 100644 --- a/roles/notebooks.viewer +++ b/roles/notebooks.viewer @@ -139,9 +139,6 @@ "compute.machineImages.list", "compute.machineTypes.get", "compute.machineTypes.list", - "compute.maintenancePolicies.get", - "compute.maintenancePolicies.getIamPolicy", - "compute.maintenancePolicies.list", "compute.networkAttachments.get", "compute.networkAttachments.getIamPolicy", "compute.networkAttachments.list", diff --git a/roles/owner b/roles/owner index b2d28519..ec056bad 100644 --- a/roles/owner +++ b/roles/owner @@ -90,6 +90,11 @@ "aiplatform.batchPredictionJobs.list", "aiplatform.cacheConfigs.get", "aiplatform.cacheConfigs.update", + "aiplatform.cachedContents.create", + "aiplatform.cachedContents.delete", + "aiplatform.cachedContents.get", + "aiplatform.cachedContents.list", + "aiplatform.cachedContents.update", "aiplatform.consents.get", "aiplatform.consents.update", "aiplatform.contexts.addContextArtifactsAndExecutions", @@ -1514,6 +1519,7 @@ "bigquerymigration.subtasks.get", "bigquerymigration.subtasks.list", "bigquerymigration.taskTypes.orchestrateTask", + "bigquerymigration.taskTypes.writeLogs", "bigquerymigration.translation.translate", "bigquerymigration.workflows.create", "bigquerymigration.workflows.delete", @@ -2890,6 +2896,11 @@ "cloudsql.backupRuns.delete", "cloudsql.backupRuns.get", "cloudsql.backupRuns.list", + "cloudsql.backups.create", + "cloudsql.backups.delete", + "cloudsql.backups.get", + "cloudsql.backups.list", + "cloudsql.backups.update", "cloudsql.databases.create", "cloudsql.databases.delete", "cloudsql.databases.get", @@ -2930,6 +2941,8 @@ "cloudsql.instances.stopReplica", "cloudsql.instances.truncateLog", "cloudsql.instances.update", + "cloudsql.operations.get", + "cloudsql.operations.list", "cloudsql.schemas.view", "cloudsql.sslCerts.create", "cloudsql.sslCerts.delete", @@ -3008,6 +3021,11 @@ "cloudtrace.tasks.delete", "cloudtrace.tasks.get", "cloudtrace.tasks.list", + "cloudtrace.traceScopes.create", + "cloudtrace.traceScopes.delete", + "cloudtrace.traceScopes.get", + "cloudtrace.traceScopes.list", + "cloudtrace.traceScopes.update", "cloudtrace.traces.get", "cloudtrace.traces.list", "cloudtrace.traces.patch", @@ -3566,13 +3584,6 @@ "compute.machineImages.useReadOnly", "compute.machineTypes.get", "compute.machineTypes.list", - "compute.maintenancePolicies.create", - "compute.maintenancePolicies.delete", - "compute.maintenancePolicies.get", - "compute.maintenancePolicies.getIamPolicy", - "compute.maintenancePolicies.list", - "compute.maintenancePolicies.setIamPolicy", - "compute.maintenancePolicies.use", "compute.networkAttachments.create", "compute.networkAttachments.createTagBinding", "compute.networkAttachments.delete", @@ -3784,7 +3795,6 @@ "compute.regionTargetHttpProxies.listEffectiveTags", "compute.regionTargetHttpProxies.listTagBindings", "compute.regionTargetHttpProxies.setUrlMap", - "compute.regionTargetHttpProxies.update", "compute.regionTargetHttpProxies.use", "compute.regionTargetHttpsProxies.create", "compute.regionTargetHttpsProxies.createTagBinding", @@ -7230,9 +7240,13 @@ "livestream.pools.update", "logging.buckets.copyLogEntries", "logging.buckets.create", + "logging.buckets.createTagBinding", "logging.buckets.delete", + "logging.buckets.deleteTagBinding", "logging.buckets.get", "logging.buckets.list", + "logging.buckets.listEffectiveTags", + "logging.buckets.listTagBindings", "logging.buckets.undelete", "logging.buckets.update", "logging.exclusions.create", @@ -7915,6 +7929,28 @@ "networksecurity.gatewaySecurityPolicyRules.use", "networksecurity.locations.get", "networksecurity.locations.list", + "networksecurity.mirroringDeploymentGroups.create", + "networksecurity.mirroringDeploymentGroups.delete", + "networksecurity.mirroringDeploymentGroups.get", + "networksecurity.mirroringDeploymentGroups.list", + "networksecurity.mirroringDeploymentGroups.update", + "networksecurity.mirroringDeploymentGroups.use", + "networksecurity.mirroringDeployments.create", + "networksecurity.mirroringDeployments.delete", + "networksecurity.mirroringDeployments.get", + "networksecurity.mirroringDeployments.list", + "networksecurity.mirroringDeployments.update", + "networksecurity.mirroringEndpointGroupAssociations.create", + "networksecurity.mirroringEndpointGroupAssociations.delete", + "networksecurity.mirroringEndpointGroupAssociations.get", + "networksecurity.mirroringEndpointGroupAssociations.list", + "networksecurity.mirroringEndpointGroupAssociations.update", + "networksecurity.mirroringEndpointGroups.create", + "networksecurity.mirroringEndpointGroups.delete", + "networksecurity.mirroringEndpointGroups.get", + "networksecurity.mirroringEndpointGroups.list", + "networksecurity.mirroringEndpointGroups.update", + "networksecurity.mirroringEndpointGroups.use", "networksecurity.operations.cancel", "networksecurity.operations.delete", "networksecurity.operations.get", @@ -9512,6 +9548,11 @@ "storage.buckets.list", "storage.buckets.listEffectiveTags", "storage.buckets.listTagBindings", + "storage.folders.create", + "storage.folders.delete", + "storage.folders.get", + "storage.folders.list", + "storage.folders.rename", "storage.hmacKeys.create", "storage.hmacKeys.delete", "storage.hmacKeys.get", @@ -10022,6 +10063,7 @@ "vmwareengine.privateConnections.list", "vmwareengine.privateConnections.listPeeringRoutes", "vmwareengine.privateConnections.update", + "vmwareengine.projectState.get", "vmwareengine.services.use", "vmwareengine.services.view", "vmwareengine.subnets.get", diff --git a/roles/resourcemanager.tagUser b/roles/resourcemanager.tagUser index 156ba1ac..a9d59188 100644 --- a/roles/resourcemanager.tagUser +++ b/roles/resourcemanager.tagUser @@ -310,6 +310,10 @@ "iam.serviceAccounts.deleteTagBinding", "iam.serviceAccounts.listEffectiveTags", "iam.serviceAccounts.listTagBindings", + "logging.buckets.createTagBinding", + "logging.buckets.deleteTagBinding", + "logging.buckets.listEffectiveTags", + "logging.buckets.listTagBindings", "managedidentities.domains.createTagBinding", "managedidentities.domains.deleteTagBinding", "managedidentities.domains.listEffectiveTags", diff --git a/roles/resourcemanager.tagViewer b/roles/resourcemanager.tagViewer index 44f87400..2d87c915 100644 --- a/roles/resourcemanager.tagViewer +++ b/roles/resourcemanager.tagViewer @@ -156,6 +156,8 @@ "file.snapshots.listTagBindings", "iam.serviceAccounts.listEffectiveTags", "iam.serviceAccounts.listTagBindings", + "logging.buckets.listEffectiveTags", + "logging.buckets.listTagBindings", "managedidentities.domains.listEffectiveTags", "managedidentities.domains.listTagBindings", "redis.instances.listEffectiveTags", diff --git a/roles/run.builder b/roles/run.builder index bb2e612d..7d9be979 100644 --- a/roles/run.builder +++ b/roles/run.builder @@ -10,6 +10,6 @@ "storage.objects.get" ], "name": "roles/run.builder", - "stage": "ALPHA", + "stage": "BETA", "title": "Cloud Run Builder" } diff --git a/roles/run.serviceAgent b/roles/run.serviceAgent index 68e1b22d..1950e729 100644 --- a/roles/run.serviceAgent +++ b/roles/run.serviceAgent @@ -57,8 +57,6 @@ "resourcemanager.projects.list", "run.routes.invoke", "serviceusage.services.use", - "storage.folders.get", - "storage.folders.list", "storage.managedFolders.get", "storage.managedFolders.list", "storage.objects.get", diff --git a/roles/run.sourceViewer b/roles/run.sourceViewer index 51404a77..5f6e01d6 100644 --- a/roles/run.sourceViewer +++ b/roles/run.sourceViewer @@ -81,6 +81,8 @@ "serviceusage.quotas.get", "serviceusage.services.get", "serviceusage.services.list", + "storage.folders.get", + "storage.folders.list", "storage.managedFolders.get", "storage.managedFolders.list", "storage.objects.get", diff --git a/roles/serverless.serviceAgent b/roles/serverless.serviceAgent index 729f3f3e..7aab89e7 100644 --- a/roles/serverless.serviceAgent +++ b/roles/serverless.serviceAgent @@ -65,6 +65,8 @@ "resourcemanager.projects.list", "run.routes.invoke", "serviceusage.services.use", + "storage.folders.get", + "storage.folders.list", "storage.managedFolders.get", "storage.managedFolders.list", "storage.objects.get", diff --git a/roles/storage.admin b/roles/storage.admin index fc08de73..426428f3 100644 --- a/roles/storage.admin +++ b/roles/storage.admin @@ -43,6 +43,11 @@ "storage.buckets.restore", "storage.buckets.setIamPolicy", "storage.buckets.update", + "storage.folders.create", + "storage.folders.delete", + "storage.folders.get", + "storage.folders.list", + "storage.folders.rename", "storage.managedFolders.create", "storage.managedFolders.delete", "storage.managedFolders.get", diff --git a/roles/storage.folderAdmin b/roles/storage.folderAdmin index c64ca6c1..a4c6f2f2 100644 --- a/roles/storage.folderAdmin +++ b/roles/storage.folderAdmin @@ -5,6 +5,11 @@ "orgpolicy.policy.get", "resourcemanager.projects.get", "resourcemanager.projects.list", + "storage.folders.create", + "storage.folders.delete", + "storage.folders.get", + "storage.folders.list", + "storage.folders.rename", "storage.managedFolders.create", "storage.managedFolders.delete", "storage.managedFolders.get", diff --git a/roles/storage.legacyBucketOwner b/roles/storage.legacyBucketOwner index 9b884efd..b29d637c 100644 --- a/roles/storage.legacyBucketOwner +++ b/roles/storage.legacyBucketOwner @@ -15,6 +15,11 @@ "storage.buckets.restore", "storage.buckets.setIamPolicy", "storage.buckets.update", + "storage.folders.create", + "storage.folders.delete", + "storage.folders.get", + "storage.folders.list", + "storage.folders.rename", "storage.managedFolders.create", "storage.managedFolders.delete", "storage.managedFolders.get", diff --git a/roles/storage.legacyBucketReader b/roles/storage.legacyBucketReader index 88f80b9e..eef020dd 100644 --- a/roles/storage.legacyBucketReader +++ b/roles/storage.legacyBucketReader @@ -3,6 +3,8 @@ "etag": "AA==", "includedPermissions": [ "storage.buckets.get", + "storage.folders.get", + "storage.folders.list", "storage.managedFolders.get", "storage.managedFolders.list", "storage.multipartUploads.list", diff --git a/roles/storage.legacyBucketWriter b/roles/storage.legacyBucketWriter index 46443fbc..03e31550 100644 --- a/roles/storage.legacyBucketWriter +++ b/roles/storage.legacyBucketWriter @@ -3,6 +3,11 @@ "etag": "AA==", "includedPermissions": [ "storage.buckets.get", + "storage.folders.create", + "storage.folders.delete", + "storage.folders.get", + "storage.folders.list", + "storage.folders.rename", "storage.managedFolders.create", "storage.managedFolders.delete", "storage.managedFolders.get", diff --git a/roles/storage.objectCreator b/roles/storage.objectCreator index 53f57fab..963e8f65 100644 --- a/roles/storage.objectCreator +++ b/roles/storage.objectCreator @@ -5,6 +5,7 @@ "orgpolicy.policy.get", "resourcemanager.projects.get", "resourcemanager.projects.list", + "storage.folders.create", "storage.managedFolders.create", "storage.multipartUploads.abort", "storage.multipartUploads.create", diff --git a/roles/storage.objectViewer b/roles/storage.objectViewer index e91aa195..f1f693bb 100644 --- a/roles/storage.objectViewer +++ b/roles/storage.objectViewer @@ -4,6 +4,8 @@ "includedPermissions": [ "resourcemanager.projects.get", "resourcemanager.projects.list", + "storage.folders.get", + "storage.folders.list", "storage.managedFolders.get", "storage.managedFolders.list", "storage.objects.get", diff --git a/roles/viewer b/roles/viewer index 267e148b..43df6e83 100644 --- a/roles/viewer +++ b/roles/viewer @@ -38,6 +38,8 @@ "aiplatform.batchPredictionJobs.get", "aiplatform.batchPredictionJobs.list", "aiplatform.cacheConfigs.get", + "aiplatform.cachedContents.get", + "aiplatform.cachedContents.list", "aiplatform.consents.get", "aiplatform.contexts.get", "aiplatform.contexts.list", @@ -1182,6 +1184,8 @@ "cloudscheduler.locations.list", "cloudsql.backupRuns.get", "cloudsql.backupRuns.list", + "cloudsql.backups.get", + "cloudsql.backups.list", "cloudsql.databases.get", "cloudsql.databases.list", "cloudsql.instances.export", @@ -1192,6 +1196,8 @@ "cloudsql.instances.listServerCas", "cloudsql.instances.listServerCertificates", "cloudsql.instances.listTagBindings", + "cloudsql.operations.get", + "cloudsql.operations.list", "cloudsql.schemas.view", "cloudsql.sslCerts.get", "cloudsql.sslCerts.list", @@ -1230,6 +1236,8 @@ "cloudtrace.tasks.create", "cloudtrace.tasks.get", "cloudtrace.tasks.list", + "cloudtrace.traceScopes.get", + "cloudtrace.traceScopes.list", "cloudtrace.traces.get", "cloudtrace.traces.list", "cloudtranslate.adaptiveMtDatasets.get", @@ -1464,9 +1472,6 @@ "compute.machineImages.useReadOnly", "compute.machineTypes.get", "compute.machineTypes.list", - "compute.maintenancePolicies.get", - "compute.maintenancePolicies.getIamPolicy", - "compute.maintenancePolicies.list", "compute.networkAttachments.get", "compute.networkAttachments.getIamPolicy", "compute.networkAttachments.list", @@ -3049,6 +3054,8 @@ "logging.buckets.copyLogEntries", "logging.buckets.get", "logging.buckets.list", + "logging.buckets.listEffectiveTags", + "logging.buckets.listTagBindings", "logging.exclusions.get", "logging.exclusions.list", "logging.links.get", @@ -3353,6 +3360,14 @@ "networksecurity.gatewaySecurityPolicyRules.list", "networksecurity.locations.get", "networksecurity.locations.list", + "networksecurity.mirroringDeploymentGroups.get", + "networksecurity.mirroringDeploymentGroups.list", + "networksecurity.mirroringDeployments.get", + "networksecurity.mirroringDeployments.list", + "networksecurity.mirroringEndpointGroupAssociations.get", + "networksecurity.mirroringEndpointGroupAssociations.list", + "networksecurity.mirroringEndpointGroups.get", + "networksecurity.mirroringEndpointGroups.list", "networksecurity.operations.get", "networksecurity.operations.list", "networksecurity.securityProfileGroups.get", @@ -4183,6 +4198,8 @@ "storage.buckets.list", "storage.buckets.listEffectiveTags", "storage.buckets.listTagBindings", + "storage.folders.get", + "storage.folders.list", "storage.hmacKeys.get", "storage.hmacKeys.list", "storage.managementHubs.get", @@ -4428,6 +4445,7 @@ "vmwareengine.privateConnections.get", "vmwareengine.privateConnections.list", "vmwareengine.privateConnections.listPeeringRoutes", + "vmwareengine.projectState.get", "vmwareengine.services.view", "vmwareengine.subnets.get", "vmwareengine.subnets.list", diff --git a/roles/visualinspection.serviceAgent b/roles/visualinspection.serviceAgent index e8c915cd..6cbe5b47 100644 --- a/roles/visualinspection.serviceAgent +++ b/roles/visualinspection.serviceAgent @@ -39,6 +39,11 @@ "aiplatform.batchPredictionJobs.list", "aiplatform.cacheConfigs.get", "aiplatform.cacheConfigs.update", + "aiplatform.cachedContents.create", + "aiplatform.cachedContents.delete", + "aiplatform.cachedContents.get", + "aiplatform.cachedContents.list", + "aiplatform.cachedContents.update", "aiplatform.consents.get", "aiplatform.consents.update", "aiplatform.contexts.addContextArtifactsAndExecutions", @@ -442,6 +447,11 @@ "storage.buckets.restore", "storage.buckets.setIamPolicy", "storage.buckets.update", + "storage.folders.create", + "storage.folders.delete", + "storage.folders.get", + "storage.folders.list", + "storage.folders.rename", "storage.managedFolders.create", "storage.managedFolders.delete", "storage.managedFolders.get", diff --git a/roles/vmwareengine.vmwareengineAdmin b/roles/vmwareengine.vmwareengineAdmin index d56067d5..b2ccbb50 100644 --- a/roles/vmwareengine.vmwareengineAdmin +++ b/roles/vmwareengine.vmwareengineAdmin @@ -81,7 +81,6 @@ "vmwareengine.privateConnections.list", "vmwareengine.privateConnections.listPeeringRoutes", "vmwareengine.privateConnections.update", - "vmwareengine.projectState.get", "vmwareengine.services.use", "vmwareengine.services.view", "vmwareengine.subnets.get", diff --git a/roles/vmwareengine.vmwareengineViewer b/roles/vmwareengine.vmwareengineViewer index 1fe9675a..e11db52b 100644 --- a/roles/vmwareengine.vmwareengineViewer +++ b/roles/vmwareengine.vmwareengineViewer @@ -40,6 +40,7 @@ "vmwareengine.privateConnections.get", "vmwareengine.privateConnections.list", "vmwareengine.privateConnections.listPeeringRoutes", + "vmwareengine.projectState.get", "vmwareengine.services.view", "vmwareengine.subnets.get", "vmwareengine.subnets.list",