diff --git a/roles/anthossupport.serviceAgent b/roles/anthossupport.serviceAgent index a16dcdfc..6bfe9cfe 100644 --- a/roles/anthossupport.serviceAgent +++ b/roles/anthossupport.serviceAgent @@ -13,6 +13,8 @@ "gkehub.locations.list", "gkehub.membershipbindings.get", "gkehub.membershipbindings.list", + "gkehub.membershipfeatures.get", + "gkehub.membershipfeatures.list", "gkehub.memberships.generateConnectManifest", "gkehub.memberships.get", "gkehub.memberships.getIamPolicy", diff --git a/roles/appengine.appAdmin b/roles/appengine.appAdmin index 77c68c71..f2220410 100644 --- a/roles/appengine.appAdmin +++ b/roles/appengine.appAdmin @@ -25,6 +25,7 @@ "appengine.versions.get", "appengine.versions.list", "appengine.versions.update", + "artifactregistry.projectsettings.get", "resourcemanager.projects.get", "resourcemanager.projects.list" ], diff --git a/roles/appengine.appViewer b/roles/appengine.appViewer index 57532e81..08bdbb01 100644 --- a/roles/appengine.appViewer +++ b/roles/appengine.appViewer @@ -12,6 +12,7 @@ "appengine.services.list", "appengine.versions.get", "appengine.versions.list", + "artifactregistry.projectsettings.get", "resourcemanager.projects.get", "resourcemanager.projects.list" ], diff --git a/roles/appengine.codeViewer b/roles/appengine.codeViewer index 070538ac..4cd5cc06 100644 --- a/roles/appengine.codeViewer +++ b/roles/appengine.codeViewer @@ -13,6 +13,7 @@ "appengine.versions.get", "appengine.versions.getFileContents", "appengine.versions.list", + "artifactregistry.projectsettings.get", "resourcemanager.projects.get", "resourcemanager.projects.list" ], diff --git a/roles/appengine.deployer b/roles/appengine.deployer index 2d2e64c2..baabe1aa 100644 --- a/roles/appengine.deployer +++ b/roles/appengine.deployer @@ -14,6 +14,7 @@ "appengine.versions.delete", "appengine.versions.get", "appengine.versions.list", + "artifactregistry.projectsettings.get", "artifactregistry.repositories.deleteArtifacts", "artifactregistry.repositories.downloadArtifacts", "artifactregistry.repositories.uploadArtifacts", diff --git a/roles/auditmanager.serviceAgent b/roles/auditmanager.serviceAgent index 57525214..e7b5441a 100644 --- a/roles/auditmanager.serviceAgent +++ b/roles/auditmanager.serviceAgent @@ -607,11 +607,18 @@ "resourcemanager.folders.get", "resourcemanager.folders.getIamPolicy", "resourcemanager.folders.list", + "resourcemanager.hierarchyNodes.listEffectiveTags", + "resourcemanager.hierarchyNodes.listTagBindings", "resourcemanager.organizations.get", "resourcemanager.organizations.getIamPolicy", "resourcemanager.projects.get", "resourcemanager.projects.getIamPolicy", "resourcemanager.projects.list", + "resourcemanager.tagHolds.list", + "resourcemanager.tagKeys.get", + "resourcemanager.tagKeys.list", + "resourcemanager.tagValues.get", + "resourcemanager.tagValues.list", "secretmanager.secrets.list", "serviceusage.quotas.get", "serviceusage.services.get", diff --git a/roles/backupdr.admin b/roles/backupdr.admin index d82f0ad7..d38039e6 100644 --- a/roles/backupdr.admin +++ b/roles/backupdr.admin @@ -81,6 +81,7 @@ "backupdr.operations.delete", "backupdr.operations.get", "backupdr.operations.list", + "backupdr.serviceConfig.initialize", "resourcemanager.projects.get", "resourcemanager.projects.list" ], diff --git a/roles/batch.serviceAgent b/roles/batch.serviceAgent index 75d259d6..f03705af 100644 --- a/roles/batch.serviceAgent +++ b/roles/batch.serviceAgent @@ -6,7 +6,15 @@ "backupdr.backupPlanAssociations.deleteForComputeInstance", "backupdr.backupPlanAssociations.list", "backupdr.backupPlanAssociations.triggerBackupForComputeInstance", + "backupdr.backupPlans.get", + "backupdr.backupPlans.list", "backupdr.backupPlans.useForComputeInstance", + "backupdr.backupVaults.get", + "backupdr.backupVaults.list", + "backupdr.locations.list", + "backupdr.operations.get", + "backupdr.operations.list", + "backupdr.serviceConfig.initialize", "compute.acceleratorTypes.get", "compute.acceleratorTypes.list", "compute.addresses.createInternal", @@ -315,6 +323,8 @@ "compute.regionUrlMaps.listTagBindings", "compute.regions.get", "compute.regions.list", + "compute.reservationBlocks.get", + "compute.reservationBlocks.list", "compute.reservations.get", "compute.reservations.list", "compute.resourcePolicies.create", diff --git a/roles/bigquery.admin b/roles/bigquery.admin index 26d7e7a0..4e8e8332 100644 --- a/roles/bigquery.admin +++ b/roles/bigquery.admin @@ -68,6 +68,7 @@ "bigquery.reservations.delete", "bigquery.reservations.get", "bigquery.reservations.list", + "bigquery.reservations.listFailoverDatasets", "bigquery.reservations.update", "bigquery.routines.create", "bigquery.routines.delete", diff --git a/roles/bigquery.resourceAdmin b/roles/bigquery.resourceAdmin index 617661c3..49019280 100644 --- a/roles/bigquery.resourceAdmin +++ b/roles/bigquery.resourceAdmin @@ -21,6 +21,7 @@ "bigquery.reservations.delete", "bigquery.reservations.get", "bigquery.reservations.list", + "bigquery.reservations.listFailoverDatasets", "bigquery.reservations.update", "recommender.bigqueryCapacityCommitmentsInsights.get", "recommender.bigqueryCapacityCommitmentsInsights.list", diff --git a/roles/bigquery.resourceEditor b/roles/bigquery.resourceEditor index 943ecc84..26e810c5 100644 --- a/roles/bigquery.resourceEditor +++ b/roles/bigquery.resourceEditor @@ -17,6 +17,7 @@ "bigquery.reservations.delete", "bigquery.reservations.get", "bigquery.reservations.list", + "bigquery.reservations.listFailoverDatasets", "bigquery.reservations.update", "resourcemanager.projects.get", "resourcemanager.projects.list" diff --git a/roles/bigquery.resourceViewer b/roles/bigquery.resourceViewer index 88d4c0df..a5ba1752 100644 --- a/roles/bigquery.resourceViewer +++ b/roles/bigquery.resourceViewer @@ -13,6 +13,7 @@ "bigquery.reservationAssignments.search", "bigquery.reservations.get", "bigquery.reservations.list", + "bigquery.reservations.listFailoverDatasets", "resourcemanager.projects.get", "resourcemanager.projects.list" ], diff --git a/roles/bigquery.studioAdmin b/roles/bigquery.studioAdmin index b763cf00..d5e52ccd 100644 --- a/roles/bigquery.studioAdmin +++ b/roles/bigquery.studioAdmin @@ -1,5 +1,5 @@ { - "description": "Combination role of BigQuery Admin, Dataform Admin, and Notebook Runtime Admin.", + "description": "Combination role of BigQuery Admin, Dataform Admin, Notebook Runtime Admin and Dataproc Serverless Editor.", "etag": "AA==", "includedPermissions": [ "aiplatform.notebookRuntimeTemplates.apply", @@ -84,6 +84,7 @@ "bigquery.reservations.delete", "bigquery.reservations.get", "bigquery.reservations.list", + "bigquery.reservations.listFailoverDatasets", "bigquery.reservations.update", "bigquery.routines.create", "bigquery.routines.delete", @@ -129,8 +130,13 @@ "bigquery.transfers.get", "bigquery.transfers.update", "bigquerymigration.translation.translate", + "compute.projects.get", + "compute.regions.get", + "compute.regions.list", "compute.reservations.get", "compute.reservations.list", + "compute.zones.get", + "compute.zones.list", "dataform.compilationResults.create", "dataform.compilationResults.get", "dataform.compilationResults.list", @@ -192,6 +198,45 @@ "dataform.workspaces.setIamPolicy", "dataform.workspaces.writeFile", "dataplex.projects.search", + "dataproc.batches.analyze", + "dataproc.batches.cancel", + "dataproc.batches.create", + "dataproc.batches.delete", + "dataproc.batches.get", + "dataproc.batches.list", + "dataproc.operations.cancel", + "dataproc.operations.delete", + "dataproc.operations.get", + "dataproc.operations.list", + "dataproc.sessionTemplates.create", + "dataproc.sessionTemplates.delete", + "dataproc.sessionTemplates.get", + "dataproc.sessionTemplates.list", + "dataproc.sessionTemplates.update", + "dataproc.sessions.create", + "dataproc.sessions.delete", + "dataproc.sessions.get", + "dataproc.sessions.list", + "dataproc.sessions.sparkApplicationRead", + "dataproc.sessions.sparkApplicationWrite", + "dataproc.sessions.terminate", + "dataprocrm.nodePools.create", + "dataprocrm.nodePools.delete", + "dataprocrm.nodePools.deleteNodes", + "dataprocrm.nodePools.get", + "dataprocrm.nodePools.list", + "dataprocrm.nodePools.resize", + "dataprocrm.nodes.get", + "dataprocrm.nodes.heartbeat", + "dataprocrm.nodes.list", + "dataprocrm.nodes.update", + "dataprocrm.operations.get", + "dataprocrm.operations.list", + "dataprocrm.workloads.cancel", + "dataprocrm.workloads.create", + "dataprocrm.workloads.delete", + "dataprocrm.workloads.get", + "dataprocrm.workloads.list", "resourcemanager.projects.get", "resourcemanager.projects.list" ], diff --git a/roles/bigquery.studioUser b/roles/bigquery.studioUser index 27afaa91..fd0a276e 100644 --- a/roles/bigquery.studioUser +++ b/roles/bigquery.studioUser @@ -1,5 +1,5 @@ { - "description": "Combination role of BigQuery Job User, BigQuery Read Session User, Dataform Code Creator, and Notebook Runtime User.", + "description": "Combination role of BigQuery Job User, BigQuery Read Session User, Dataform Code Creator, Notebook Runtime User and Dataproc Serverless Editor.", "etag": "AA==", "includedPermissions": [ "aiplatform.notebookRuntimeTemplates.apply", @@ -15,11 +15,55 @@ "bigquery.readsessions.create", "bigquery.readsessions.getData", "bigquery.readsessions.update", + "compute.projects.get", + "compute.regions.get", + "compute.regions.list", + "compute.zones.get", + "compute.zones.list", "dataform.locations.get", "dataform.locations.list", "dataform.repositories.create", "dataform.repositories.list", "dataplex.projects.search", + "dataproc.batches.analyze", + "dataproc.batches.cancel", + "dataproc.batches.create", + "dataproc.batches.delete", + "dataproc.batches.get", + "dataproc.batches.list", + "dataproc.operations.cancel", + "dataproc.operations.delete", + "dataproc.operations.get", + "dataproc.operations.list", + "dataproc.sessionTemplates.create", + "dataproc.sessionTemplates.delete", + "dataproc.sessionTemplates.get", + "dataproc.sessionTemplates.list", + "dataproc.sessionTemplates.update", + "dataproc.sessions.create", + "dataproc.sessions.delete", + "dataproc.sessions.get", + "dataproc.sessions.list", + "dataproc.sessions.sparkApplicationRead", + "dataproc.sessions.sparkApplicationWrite", + "dataproc.sessions.terminate", + "dataprocrm.nodePools.create", + "dataprocrm.nodePools.delete", + "dataprocrm.nodePools.deleteNodes", + "dataprocrm.nodePools.get", + "dataprocrm.nodePools.list", + "dataprocrm.nodePools.resize", + "dataprocrm.nodes.get", + "dataprocrm.nodes.heartbeat", + "dataprocrm.nodes.list", + "dataprocrm.nodes.update", + "dataprocrm.operations.get", + "dataprocrm.operations.list", + "dataprocrm.workloads.cancel", + "dataprocrm.workloads.create", + "dataprocrm.workloads.delete", + "dataprocrm.workloads.get", + "dataprocrm.workloads.list", "resourcemanager.projects.get", "resourcemanager.projects.list" ], diff --git a/roles/bigquery.user b/roles/bigquery.user index 7291a27d..8b3a0c47 100644 --- a/roles/bigquery.user +++ b/roles/bigquery.user @@ -19,6 +19,7 @@ "bigquery.reservationAssignments.search", "bigquery.reservations.get", "bigquery.reservations.list", + "bigquery.reservations.listFailoverDatasets", "bigquery.routines.list", "bigquery.savedqueries.get", "bigquery.savedqueries.list", diff --git a/roles/bigquerymigration.editor b/roles/bigquerymigration.editor index 50fbfb49..ef2b412c 100644 --- a/roles/bigquerymigration.editor +++ b/roles/bigquerymigration.editor @@ -2,12 +2,13 @@ "description": "Editor of EDW migration workflows.", "etag": "AA==", "includedPermissions": [ - "bigquerymigration.locations.get", - "bigquerymigration.locations.list", "bigquerymigration.subtasks.get", "bigquerymigration.subtasks.list", "bigquerymigration.workflows.create", "bigquerymigration.workflows.delete", + "bigquerymigration.workflows.enableAiOutputTypes", + "bigquerymigration.workflows.enableLineageOutputTypes", + "bigquerymigration.workflows.enableOutputTypePermissions", "bigquerymigration.workflows.get", "bigquerymigration.workflows.list", "bigquerymigration.workflows.update" diff --git a/roles/bigquerymigration.viewer b/roles/bigquerymigration.viewer index 50fb4df5..96f77b3c 100644 --- a/roles/bigquerymigration.viewer +++ b/roles/bigquerymigration.viewer @@ -2,8 +2,6 @@ "description": "Viewer of EDW migration MigrationWorkflow.", "etag": "AA==", "includedPermissions": [ - "bigquerymigration.locations.get", - "bigquerymigration.locations.list", "bigquerymigration.subtasks.get", "bigquerymigration.subtasks.list", "bigquerymigration.workflows.get", diff --git a/roles/bigquerymigration.worker b/roles/bigquerymigration.worker index eb171cd9..aec8c024 100644 --- a/roles/bigquerymigration.worker +++ b/roles/bigquerymigration.worker @@ -2,8 +2,6 @@ "description": "Worker that executes EDW migration subtasks.", "etag": "AA==", "includedPermissions": [ - "bigquerymigration.subtaskTypes.executeTask", - "bigquerymigration.subtasks.executeTask", "storage.objects.create", "storage.objects.get", "storage.objects.list" diff --git a/roles/billing.admin b/roles/billing.admin index 138f0d47..9b4758e2 100644 --- a/roles/billing.admin +++ b/roles/billing.admin @@ -19,6 +19,11 @@ "billing.accounts.update", "billing.accounts.updatePaymentInfo", "billing.accounts.updateUsageExportSpec", + "billing.anomalies.get", + "billing.anomalies.list", + "billing.anomalies.submitFeedback", + "billing.anomaliesConfigs.get", + "billing.anomaliesConfigs.update", "billing.billingAccountPrice.get", "billing.billingAccountPrices.list", "billing.billingAccountServices.get", diff --git a/roles/billing.viewer b/roles/billing.viewer index aa612ffc..be474b26 100644 --- a/roles/billing.viewer +++ b/roles/billing.viewer @@ -10,6 +10,9 @@ "billing.accounts.getSpendingInformation", "billing.accounts.getUsageExportSpec", "billing.accounts.list", + "billing.anomalies.get", + "billing.anomalies.list", + "billing.anomaliesConfigs.get", "billing.billingAccountPrice.get", "billing.billingAccountPrices.list", "billing.billingAccountServices.get", diff --git a/roles/cloudsql.admin b/roles/cloudsql.admin index 634e7923..78e70438 100644 --- a/roles/cloudsql.admin +++ b/roles/cloudsql.admin @@ -2,7 +2,11 @@ "description": "Full control of Cloud SQL resources.", "etag": "AA==", "includedPermissions": [ + "cloudaicompanion.companions.generateChat", + "cloudaicompanion.companions.generateCode", "cloudaicompanion.entitlements.get", + "cloudaicompanion.instances.completeCode", + "cloudaicompanion.instances.generateCode", "cloudsql.backupRuns.create", "cloudsql.backupRuns.delete", "cloudsql.backupRuns.get", diff --git a/roles/cloudsql.studioUser b/roles/cloudsql.studioUser index e0d09e80..76fc719d 100644 --- a/roles/cloudsql.studioUser +++ b/roles/cloudsql.studioUser @@ -2,6 +2,10 @@ "description": "Role allowing access to Cloud SQL Studio", "etag": "AA==", "includedPermissions": [ + "cloudaicompanion.companions.generateChat", + "cloudaicompanion.companions.generateCode", + "cloudaicompanion.instances.completeCode", + "cloudaicompanion.instances.generateCode", "cloudsql.databases.list", "cloudsql.instances.executeSql", "cloudsql.instances.get", diff --git a/roles/commerceorggovernance.admin b/roles/commerceorggovernance.admin index ba017ba0..aadb166a 100644 --- a/roles/commerceorggovernance.admin +++ b/roles/commerceorggovernance.admin @@ -20,6 +20,8 @@ "commerceorggovernance.services.get", "commerceorggovernance.services.list", "commerceorggovernance.services.request", + "consumerprocurement.entitlements.get", + "consumerprocurement.entitlements.list", "resourcemanager.projects.get", "resourcemanager.projects.list" ], diff --git a/roles/commerceorggovernance.user b/roles/commerceorggovernance.user index c549d5ce..6841c03f 100644 --- a/roles/commerceorggovernance.user +++ b/roles/commerceorggovernance.user @@ -5,6 +5,8 @@ "commerceorggovernance.services.get", "commerceorggovernance.services.list", "commerceorggovernance.services.request", + "consumerprocurement.entitlements.get", + "consumerprocurement.entitlements.list", "resourcemanager.projects.get", "resourcemanager.projects.list" ], diff --git a/roles/compute.instanceAdmin b/roles/compute.instanceAdmin index 9042cc4e..5b40b059 100644 --- a/roles/compute.instanceAdmin +++ b/roles/compute.instanceAdmin @@ -6,7 +6,15 @@ "backupdr.backupPlanAssociations.deleteForComputeInstance", "backupdr.backupPlanAssociations.list", "backupdr.backupPlanAssociations.triggerBackupForComputeInstance", + "backupdr.backupPlans.get", + "backupdr.backupPlans.list", "backupdr.backupPlans.useForComputeInstance", + "backupdr.backupVaults.get", + "backupdr.backupVaults.list", + "backupdr.locations.list", + "backupdr.operations.get", + "backupdr.operations.list", + "backupdr.serviceConfig.initialize", "compute.acceleratorTypes.get", "compute.acceleratorTypes.list", "compute.addresses.createInternal", @@ -192,6 +200,8 @@ "compute.regionOperations.list", "compute.regions.get", "compute.regions.list", + "compute.reservationBlocks.get", + "compute.reservationBlocks.list", "compute.reservations.get", "compute.reservations.list", "compute.resourcePolicies.list", diff --git a/roles/compute.instanceAdmin.v1 b/roles/compute.instanceAdmin.v1 index 7378b338..37fe4077 100644 --- a/roles/compute.instanceAdmin.v1 +++ b/roles/compute.instanceAdmin.v1 @@ -6,7 +6,15 @@ "backupdr.backupPlanAssociations.deleteForComputeInstance", "backupdr.backupPlanAssociations.list", "backupdr.backupPlanAssociations.triggerBackupForComputeInstance", + "backupdr.backupPlans.get", + "backupdr.backupPlans.list", "backupdr.backupPlans.useForComputeInstance", + "backupdr.backupVaults.get", + "backupdr.backupVaults.list", + "backupdr.locations.list", + "backupdr.operations.get", + "backupdr.operations.list", + "backupdr.serviceConfig.initialize", "compute.acceleratorTypes.get", "compute.acceleratorTypes.list", "compute.addresses.createInternal", @@ -323,6 +331,8 @@ "compute.regionUrlMaps.listTagBindings", "compute.regions.get", "compute.regions.list", + "compute.reservationBlocks.get", + "compute.reservationBlocks.list", "compute.reservations.get", "compute.reservations.list", "compute.resourcePolicies.create", diff --git a/roles/compute.viewer b/roles/compute.viewer index 179018b1..af4ffc4e 100644 --- a/roles/compute.viewer +++ b/roles/compute.viewer @@ -236,6 +236,8 @@ "compute.regionUrlMaps.validate", "compute.regions.get", "compute.regions.list", + "compute.reservationBlocks.get", + "compute.reservationBlocks.list", "compute.reservations.get", "compute.reservations.list", "compute.resourcePolicies.get", diff --git a/roles/contactcenterinsights.viewer b/roles/contactcenterinsights.viewer index 450ee3c0..fe6bf4ec 100644 --- a/roles/contactcenterinsights.viewer +++ b/roles/contactcenterinsights.viewer @@ -12,6 +12,7 @@ "contactcenterinsights.faqEntries.list", "contactcenterinsights.faqModels.get", "contactcenterinsights.faqModels.list", + "contactcenterinsights.feedbackLabels.download", "contactcenterinsights.feedbackLabels.get", "contactcenterinsights.feedbackLabels.list", "contactcenterinsights.issueModels.get", diff --git a/roles/container.serviceAgent b/roles/container.serviceAgent index 90d86b38..8a9f68db 100644 --- a/roles/container.serviceAgent +++ b/roles/container.serviceAgent @@ -9,7 +9,15 @@ "backupdr.backupPlanAssociations.deleteForComputeInstance", "backupdr.backupPlanAssociations.list", "backupdr.backupPlanAssociations.triggerBackupForComputeInstance", + "backupdr.backupPlans.get", + "backupdr.backupPlans.list", "backupdr.backupPlans.useForComputeInstance", + "backupdr.backupVaults.get", + "backupdr.backupVaults.list", + "backupdr.locations.list", + "backupdr.operations.get", + "backupdr.operations.list", + "backupdr.serviceConfig.initialize", "bigquery.datasets.create", "bigquery.datasets.get", "bigquery.tables.create", @@ -605,6 +613,8 @@ "compute.regionUrlMaps.validate", "compute.regions.get", "compute.regions.list", + "compute.reservationBlocks.get", + "compute.reservationBlocks.list", "compute.reservations.get", "compute.reservations.list", "compute.resourcePolicies.create", diff --git a/roles/dataflow.serviceAgent b/roles/dataflow.serviceAgent index dd141a12..d18b17d0 100644 --- a/roles/dataflow.serviceAgent +++ b/roles/dataflow.serviceAgent @@ -6,7 +6,15 @@ "backupdr.backupPlanAssociations.deleteForComputeInstance", "backupdr.backupPlanAssociations.list", "backupdr.backupPlanAssociations.triggerBackupForComputeInstance", + "backupdr.backupPlans.get", + "backupdr.backupPlans.list", "backupdr.backupPlans.useForComputeInstance", + "backupdr.backupVaults.get", + "backupdr.backupVaults.list", + "backupdr.locations.list", + "backupdr.operations.get", + "backupdr.operations.list", + "backupdr.serviceConfig.initialize", "bigquery.bireservations.get", "bigquery.bireservations.update", "bigquery.capacityCommitments.create", @@ -73,6 +81,7 @@ "bigquery.reservations.delete", "bigquery.reservations.get", "bigquery.reservations.list", + "bigquery.reservations.listFailoverDatasets", "bigquery.reservations.update", "bigquery.routines.create", "bigquery.routines.delete", @@ -648,6 +657,8 @@ "compute.regionUrlMaps.validate", "compute.regions.get", "compute.regions.list", + "compute.reservationBlocks.get", + "compute.reservationBlocks.list", "compute.reservations.get", "compute.reservations.list", "compute.resourcePolicies.create", @@ -991,6 +1002,11 @@ "logging.logMetrics.get", "logging.logMetrics.list", "logging.logMetrics.update", + "logging.logScopes.create", + "logging.logScopes.delete", + "logging.logScopes.get", + "logging.logScopes.list", + "logging.logScopes.update", "logging.logServiceIndexes.list", "logging.logServices.list", "logging.logs.list", @@ -1360,12 +1376,14 @@ "storage.buckets.enableObjectRetention", "storage.buckets.get", "storage.buckets.getIamPolicy", + "storage.buckets.getIpFilter", "storage.buckets.getObjectInsights", "storage.buckets.list", "storage.buckets.listEffectiveTags", "storage.buckets.listTagBindings", "storage.buckets.restore", "storage.buckets.setIamPolicy", + "storage.buckets.setIpFilter", "storage.buckets.update", "storage.folders.create", "storage.folders.delete", diff --git a/roles/datafusion.serviceAgent b/roles/datafusion.serviceAgent index b98631aa..a365a947 100644 --- a/roles/datafusion.serviceAgent +++ b/roles/datafusion.serviceAgent @@ -581,12 +581,14 @@ "storage.buckets.enableObjectRetention", "storage.buckets.get", "storage.buckets.getIamPolicy", + "storage.buckets.getIpFilter", "storage.buckets.getObjectInsights", "storage.buckets.list", "storage.buckets.listEffectiveTags", "storage.buckets.listTagBindings", "storage.buckets.restore", "storage.buckets.setIamPolicy", + "storage.buckets.setIpFilter", "storage.buckets.update", "storage.folders.create", "storage.folders.delete", diff --git a/roles/dataplex.serviceAgent b/roles/dataplex.serviceAgent index 41ac230b..324a3b1f 100644 --- a/roles/dataplex.serviceAgent +++ b/roles/dataplex.serviceAgent @@ -68,6 +68,7 @@ "bigquery.reservations.delete", "bigquery.reservations.get", "bigquery.reservations.list", + "bigquery.reservations.listFailoverDatasets", "bigquery.reservations.update", "bigquery.routines.create", "bigquery.routines.delete", @@ -242,12 +243,14 @@ "storage.buckets.enableObjectRetention", "storage.buckets.get", "storage.buckets.getIamPolicy", + "storage.buckets.getIpFilter", "storage.buckets.getObjectInsights", "storage.buckets.list", "storage.buckets.listEffectiveTags", "storage.buckets.listTagBindings", "storage.buckets.restore", "storage.buckets.setIamPolicy", + "storage.buckets.setIpFilter", "storage.buckets.update", "storage.folders.create", "storage.folders.delete", diff --git a/roles/dataproc.hubAgent b/roles/dataproc.hubAgent index 5d5e0069..d23997dc 100644 --- a/roles/dataproc.hubAgent +++ b/roles/dataproc.hubAgent @@ -35,6 +35,8 @@ "logging.logEntries.route", "logging.logMetrics.get", "logging.logMetrics.list", + "logging.logScopes.get", + "logging.logScopes.list", "logging.logServiceIndexes.list", "logging.logServices.list", "logging.logs.list", diff --git a/roles/dataproc.serverlessEditor b/roles/dataproc.serverlessEditor new file mode 100644 index 00000000..e0d4436d --- /dev/null +++ b/roles/dataproc.serverlessEditor @@ -0,0 +1,55 @@ +{ + "description": "Permissions needed to run serverless sessions as a user", + "etag": "AA==", + "includedPermissions": [ + "compute.projects.get", + "compute.regions.get", + "compute.regions.list", + "compute.zones.get", + "compute.zones.list", + "dataproc.batches.analyze", + "dataproc.batches.cancel", + "dataproc.batches.create", + "dataproc.batches.delete", + "dataproc.batches.get", + "dataproc.batches.list", + "dataproc.operations.cancel", + "dataproc.operations.delete", + "dataproc.operations.get", + "dataproc.operations.list", + "dataproc.sessionTemplates.create", + "dataproc.sessionTemplates.delete", + "dataproc.sessionTemplates.get", + "dataproc.sessionTemplates.list", + "dataproc.sessionTemplates.update", + "dataproc.sessions.create", + "dataproc.sessions.delete", + "dataproc.sessions.get", + "dataproc.sessions.list", + "dataproc.sessions.sparkApplicationRead", + "dataproc.sessions.sparkApplicationWrite", + "dataproc.sessions.terminate", + "dataprocrm.nodePools.create", + "dataprocrm.nodePools.delete", + "dataprocrm.nodePools.deleteNodes", + "dataprocrm.nodePools.get", + "dataprocrm.nodePools.list", + "dataprocrm.nodePools.resize", + "dataprocrm.nodes.get", + "dataprocrm.nodes.heartbeat", + "dataprocrm.nodes.list", + "dataprocrm.nodes.update", + "dataprocrm.operations.get", + "dataprocrm.operations.list", + "dataprocrm.workloads.cancel", + "dataprocrm.workloads.create", + "dataprocrm.workloads.delete", + "dataprocrm.workloads.get", + "dataprocrm.workloads.list", + "resourcemanager.projects.get", + "resourcemanager.projects.list" + ], + "name": "roles/dataproc.serverlessEditor", + "stage": "ALPHA", + "title": "Dataproc serverless session user permissions" +} diff --git a/roles/dataproc.serverlessNode b/roles/dataproc.serverlessNode new file mode 100644 index 00000000..e69de29b diff --git a/roles/dataproc.serverlessViewer b/roles/dataproc.serverlessViewer new file mode 100644 index 00000000..bd6a3a1f --- /dev/null +++ b/roles/dataproc.serverlessViewer @@ -0,0 +1,22 @@ +{ + "description": "Permissions needed to view serverless sessions", + "etag": "AA==", + "includedPermissions": [ + "compute.projects.get", + "compute.regions.get", + "compute.regions.list", + "compute.zones.get", + "compute.zones.list", + "dataproc.batches.get", + "dataproc.batches.list", + "dataproc.sessionTemplates.get", + "dataproc.sessionTemplates.list", + "dataproc.sessions.get", + "dataproc.sessions.list", + "resourcemanager.projects.get", + "resourcemanager.projects.list" + ], + "name": "roles/dataproc.serverlessViewer", + "stage": "GA", + "title": "Dataproc serverless session view permissions" +} diff --git a/roles/datastream.serviceAgent b/roles/datastream.serviceAgent index 1732893f..ff6dae25 100644 --- a/roles/datastream.serviceAgent +++ b/roles/datastream.serviceAgent @@ -2,6 +2,7 @@ "description": "Grants Cloud Datastream permissions to write data in the user project.", "etag": "AA==", "includedPermissions": [ + "bigquery.connections.delegate", "bigquery.datasets.create", "bigquery.datasets.get", "bigquery.jobs.create", diff --git a/roles/dlp.orgdriver b/roles/dlp.orgdriver index 8611a667..aba2654c 100644 --- a/roles/dlp.orgdriver +++ b/roles/dlp.orgdriver @@ -203,6 +203,7 @@ "bigquery.reservationAssignments.search", "bigquery.reservations.get", "bigquery.reservations.list", + "bigquery.reservations.listFailoverDatasets", "bigquery.routines.create", "bigquery.routines.delete", "bigquery.routines.get", @@ -1228,7 +1229,11 @@ "storage.managedFolders.list", "storage.objects.get", "storage.objects.getIamPolicy", - "storage.objects.list" + "storage.objects.list", + "workflows.workflows.createTagBinding", + "workflows.workflows.deleteTagBinding", + "workflows.workflows.listEffectiveTags", + "workflows.workflows.listTagBindings" ], "name": "roles/dlp.orgdriver", "stage": "GA", diff --git a/roles/dlp.projectdriver b/roles/dlp.projectdriver index f572fca1..99c8de5f 100644 --- a/roles/dlp.projectdriver +++ b/roles/dlp.projectdriver @@ -203,6 +203,7 @@ "bigquery.reservationAssignments.search", "bigquery.reservations.get", "bigquery.reservations.list", + "bigquery.reservations.listFailoverDatasets", "bigquery.routines.create", "bigquery.routines.delete", "bigquery.routines.get", @@ -1228,7 +1229,11 @@ "storage.managedFolders.list", "storage.objects.get", "storage.objects.getIamPolicy", - "storage.objects.list" + "storage.objects.list", + "workflows.workflows.createTagBinding", + "workflows.workflows.deleteTagBinding", + "workflows.workflows.listEffectiveTags", + "workflows.workflows.listTagBindings" ], "name": "roles/dlp.projectdriver", "stage": "GA", diff --git a/roles/dlp.serviceAgent b/roles/dlp.serviceAgent index 2e070eb8..bee95244 100644 --- a/roles/dlp.serviceAgent +++ b/roles/dlp.serviceAgent @@ -76,6 +76,7 @@ "bigquery.tables.updateTag", "cloudasset.assets.analyzeIamPolicy", "cloudasset.assets.exportResource", + "cloudasset.assets.searchAllIamPolicies", "cloudkms.cryptoKeyVersions.useToDecrypt", "cloudkms.locations.get", "cloudkms.locations.list", @@ -196,12 +197,14 @@ "storage.buckets.enableObjectRetention", "storage.buckets.get", "storage.buckets.getIamPolicy", + "storage.buckets.getIpFilter", "storage.buckets.getObjectInsights", "storage.buckets.list", "storage.buckets.listEffectiveTags", "storage.buckets.listTagBindings", "storage.buckets.restore", "storage.buckets.setIamPolicy", + "storage.buckets.setIpFilter", "storage.buckets.update", "storage.folders.create", "storage.folders.delete", diff --git a/roles/editor b/roles/editor index c3f5fcfd..747dd05f 100644 --- a/roles/editor +++ b/roles/editor @@ -1033,6 +1033,11 @@ "auditmanager.controlReports.get", "auditmanager.controlReports.list", "auditmanager.controls.list", + "auditmanager.customComplianceFrameworks.create", + "auditmanager.customComplianceFrameworks.delete", + "auditmanager.customComplianceFrameworks.get", + "auditmanager.customComplianceFrameworks.list", + "auditmanager.customComplianceFrameworks.update", "auditmanager.findings.get", "auditmanager.findings.list", "auditmanager.locations.enrollResource", @@ -1201,6 +1206,9 @@ "backupdr.operations.delete", "backupdr.operations.get", "backupdr.operations.list", + "backupdr.resourceBackupConfigs.get", + "backupdr.resourceBackupConfigs.list", + "backupdr.serviceConfig.initialize", "baremetalsolution.instancequotas.list", "baremetalsolution.instances.attachNetwork", "baremetalsolution.instances.attachVolume", @@ -1408,6 +1416,7 @@ "bigquery.reservations.delete", "bigquery.reservations.get", "bigquery.reservations.list", + "bigquery.reservations.listFailoverDatasets", "bigquery.reservations.update", "bigquery.routines.create", "bigquery.routines.delete", @@ -1435,14 +1444,14 @@ "bigquery.tables.restoreSnapshot", "bigquery.transfers.get", "bigquery.transfers.update", - "bigquerymigration.locations.get", - "bigquerymigration.locations.list", - "bigquerymigration.subtasks.create", "bigquerymigration.subtasks.get", "bigquerymigration.subtasks.list", "bigquerymigration.translation.translate", "bigquerymigration.workflows.create", "bigquerymigration.workflows.delete", + "bigquerymigration.workflows.enableAiOutputTypes", + "bigquerymigration.workflows.enableLineageOutputTypes", + "bigquerymigration.workflows.enableOutputTypePermissions", "bigquerymigration.workflows.get", "bigquerymigration.workflows.list", "bigquerymigration.workflows.update", @@ -1501,6 +1510,8 @@ "bigtable.tables.sampleRowKeys", "bigtable.tables.undelete", "bigtable.tables.update", + "billing.anomalies.get", + "billing.anomalies.list", "billing.billingAccountPrice.get", "billing.billingAccountPrices.list", "billing.billingAccountServices.get", @@ -3078,6 +3089,8 @@ "compute.regionUrlMaps.validate", "compute.regions.get", "compute.regions.list", + "compute.reservationBlocks.get", + "compute.reservationBlocks.list", "compute.reservations.create", "compute.reservations.delete", "compute.reservations.get", @@ -5738,6 +5751,11 @@ "gkehub.membershipbindings.get", "gkehub.membershipbindings.list", "gkehub.membershipbindings.update", + "gkehub.membershipfeatures.create", + "gkehub.membershipfeatures.delete", + "gkehub.membershipfeatures.get", + "gkehub.membershipfeatures.list", + "gkehub.membershipfeatures.update", "gkehub.memberships.create", "gkehub.memberships.delete", "gkehub.memberships.generateConnectManifest", @@ -5944,10 +5962,12 @@ "healthcare.fhirStores.create", "healthcare.fhirStores.deidentify", "healthcare.fhirStores.delete", + "healthcare.fhirStores.deleteFhirOperation", "healthcare.fhirStores.executeBundle", "healthcare.fhirStores.explainDataAccess", "healthcare.fhirStores.export", "healthcare.fhirStores.get", + "healthcare.fhirStores.getFhirOperation", "healthcare.fhirStores.getIamPolicy", "healthcare.fhirStores.import", "healthcare.fhirStores.list", @@ -6272,6 +6292,11 @@ "logging.logMetrics.get", "logging.logMetrics.list", "logging.logMetrics.update", + "logging.logScopes.create", + "logging.logScopes.delete", + "logging.logScopes.get", + "logging.logScopes.list", + "logging.logScopes.update", "logging.logServiceIndexes.list", "logging.logServices.list", "logging.logs.delete", @@ -6889,6 +6914,28 @@ "networksecurity.gatewaySecurityPolicyRules.list", "networksecurity.gatewaySecurityPolicyRules.update", "networksecurity.gatewaySecurityPolicyRules.use", + "networksecurity.interceptDeploymentGroups.create", + "networksecurity.interceptDeploymentGroups.delete", + "networksecurity.interceptDeploymentGroups.get", + "networksecurity.interceptDeploymentGroups.list", + "networksecurity.interceptDeploymentGroups.update", + "networksecurity.interceptDeploymentGroups.use", + "networksecurity.interceptDeployments.create", + "networksecurity.interceptDeployments.delete", + "networksecurity.interceptDeployments.get", + "networksecurity.interceptDeployments.list", + "networksecurity.interceptDeployments.update", + "networksecurity.interceptEndpointGroupAssociations.create", + "networksecurity.interceptEndpointGroupAssociations.delete", + "networksecurity.interceptEndpointGroupAssociations.get", + "networksecurity.interceptEndpointGroupAssociations.list", + "networksecurity.interceptEndpointGroupAssociations.update", + "networksecurity.interceptEndpointGroups.create", + "networksecurity.interceptEndpointGroups.delete", + "networksecurity.interceptEndpointGroups.get", + "networksecurity.interceptEndpointGroups.list", + "networksecurity.interceptEndpointGroups.update", + "networksecurity.interceptEndpointGroups.use", "networksecurity.locations.get", "networksecurity.locations.list", "networksecurity.mirroringDeploymentGroups.create", @@ -7095,6 +7142,11 @@ "oauthconfig.verification.get", "oauthconfig.verification.submit", "oauthconfig.verification.update", + "observability.analyticsViews.create", + "observability.analyticsViews.delete", + "observability.analyticsViews.get", + "observability.analyticsViews.list", + "observability.analyticsViews.update", "observability.scopes.get", "observability.scopes.update", "ondemandscanning.operations.cancel", @@ -7207,6 +7259,18 @@ "parallelstore.operations.delete", "parallelstore.operations.get", "parallelstore.operations.list", + "parametermanager.locations.get", + "parametermanager.locations.list", + "parametermanager.parameterVersions.create", + "parametermanager.parameterVersions.delete", + "parametermanager.parameterVersions.get", + "parametermanager.parameterVersions.list", + "parametermanager.parameterVersions.update", + "parametermanager.parameters.create", + "parametermanager.parameters.delete", + "parametermanager.parameters.get", + "parametermanager.parameters.list", + "parametermanager.parameters.update", "paymentsresellersubscription.products.list", "paymentsresellersubscription.promotions.list", "paymentsresellersubscription.subscriptions.cancel", @@ -7705,6 +7769,12 @@ "recommender.networkAnalyzerVpcConnectivityInsights.get", "recommender.networkAnalyzerVpcConnectivityInsights.list", "recommender.networkAnalyzerVpcConnectivityInsights.update", + "recommender.orgPolicyInsights.get", + "recommender.orgPolicyInsights.list", + "recommender.orgPolicyInsights.update", + "recommender.orgPolicyRecommendations.get", + "recommender.orgPolicyRecommendations.list", + "recommender.orgPolicyRecommendations.update", "recommender.resourcemanagerProjectChangeRiskInsights.get", "recommender.resourcemanagerProjectChangeRiskInsights.list", "recommender.resourcemanagerProjectChangeRiskInsights.update", @@ -7751,6 +7821,12 @@ "recommender.runServiceSecurityRecommendations.get", "recommender.runServiceSecurityRecommendations.list", "recommender.runServiceSecurityRecommendations.update", + "recommender.spannerProjectReliabilityInsights.get", + "recommender.spannerProjectReliabilityInsights.list", + "recommender.spannerProjectReliabilityInsights.update", + "recommender.spannerProjectReliabilityRecommendations.get", + "recommender.spannerProjectReliabilityRecommendations.list", + "recommender.spannerProjectReliabilityRecommendations.update", "recommender.spendBasedCommitmentInsights.get", "recommender.spendBasedCommitmentInsights.list", "recommender.spendBasedCommitmentInsights.update", @@ -8569,6 +8645,7 @@ "tpu.nodes.delete", "tpu.nodes.get", "tpu.nodes.list", + "tpu.nodes.performMaintenance", "tpu.nodes.reimage", "tpu.nodes.reset", "tpu.nodes.simulateMaintenanceEvent", @@ -8990,7 +9067,9 @@ "workflows.workflows.delete", "workflows.workflows.get", "workflows.workflows.list", + "workflows.workflows.listEffectiveTags", "workflows.workflows.listRevision", + "workflows.workflows.listTagBindings", "workflows.workflows.update", "workloadcertificate.locations.get", "workloadcertificate.locations.list", diff --git a/roles/firebase.admin b/roles/firebase.admin index d117a0b6..ba1ab761 100644 --- a/roles/firebase.admin +++ b/roles/firebase.admin @@ -538,12 +538,14 @@ "storage.buckets.enableObjectRetention", "storage.buckets.get", "storage.buckets.getIamPolicy", + "storage.buckets.getIpFilter", "storage.buckets.getObjectInsights", "storage.buckets.list", "storage.buckets.listEffectiveTags", "storage.buckets.listTagBindings", "storage.buckets.restore", "storage.buckets.setIamPolicy", + "storage.buckets.setIpFilter", "storage.buckets.update", "storage.folders.create", "storage.folders.delete", diff --git a/roles/firebaseapphosting.serviceAgent b/roles/firebaseapphosting.serviceAgent index 631cb6b5..f2e5233c 100644 --- a/roles/firebaseapphosting.serviceAgent +++ b/roles/firebaseapphosting.serviceAgent @@ -7,6 +7,7 @@ "artifactregistry.repositories.create", "artifactregistry.repositories.delete", "artifactregistry.repositories.deleteArtifacts", + "artifactregistry.repositories.downloadArtifacts", "artifactregistry.repositories.get", "artifactregistry.repositories.update", "cloudbuild.builds.create", diff --git a/roles/gameservices.serviceAgent b/roles/gameservices.serviceAgent index 6fd977d7..63c1d01f 100644 --- a/roles/gameservices.serviceAgent +++ b/roles/gameservices.serviceAgent @@ -402,6 +402,8 @@ "gkehub.locations.list", "gkehub.membershipbindings.get", "gkehub.membershipbindings.list", + "gkehub.membershipfeatures.get", + "gkehub.membershipfeatures.list", "gkehub.memberships.generateConnectManifest", "gkehub.memberships.get", "gkehub.memberships.getIamPolicy", diff --git a/roles/genomics.serviceAgent b/roles/genomics.serviceAgent index eeece7c2..6a2cdad2 100644 --- a/roles/genomics.serviceAgent +++ b/roles/genomics.serviceAgent @@ -6,7 +6,15 @@ "backupdr.backupPlanAssociations.deleteForComputeInstance", "backupdr.backupPlanAssociations.list", "backupdr.backupPlanAssociations.triggerBackupForComputeInstance", + "backupdr.backupPlans.get", + "backupdr.backupPlans.list", "backupdr.backupPlans.useForComputeInstance", + "backupdr.backupVaults.get", + "backupdr.backupVaults.list", + "backupdr.locations.list", + "backupdr.operations.get", + "backupdr.operations.list", + "backupdr.serviceConfig.initialize", "compute.acceleratorTypes.get", "compute.acceleratorTypes.list", "compute.addresses.createInternal", @@ -323,6 +331,8 @@ "compute.regionUrlMaps.listTagBindings", "compute.regions.get", "compute.regions.list", + "compute.reservationBlocks.get", + "compute.reservationBlocks.list", "compute.reservations.get", "compute.reservations.list", "compute.resourcePolicies.create", diff --git a/roles/gkehub.editor b/roles/gkehub.editor index 333184c8..b6bc308f 100644 --- a/roles/gkehub.editor +++ b/roles/gkehub.editor @@ -22,6 +22,11 @@ "gkehub.membershipbindings.get", "gkehub.membershipbindings.list", "gkehub.membershipbindings.update", + "gkehub.membershipfeatures.create", + "gkehub.membershipfeatures.delete", + "gkehub.membershipfeatures.get", + "gkehub.membershipfeatures.list", + "gkehub.membershipfeatures.update", "gkehub.memberships.create", "gkehub.memberships.delete", "gkehub.memberships.generateConnectManifest", diff --git a/roles/gkehub.viewer b/roles/gkehub.viewer index fd05306d..f5119a17 100644 --- a/roles/gkehub.viewer +++ b/roles/gkehub.viewer @@ -11,6 +11,8 @@ "gkehub.locations.list", "gkehub.membershipbindings.get", "gkehub.membershipbindings.list", + "gkehub.membershipfeatures.get", + "gkehub.membershipfeatures.list", "gkehub.memberships.generateConnectManifest", "gkehub.memberships.get", "gkehub.memberships.getIamPolicy", diff --git a/roles/iam.securityAdmin b/roles/iam.securityAdmin index 833c399d..db414292 100644 --- a/roles/iam.securityAdmin +++ b/roles/iam.securityAdmin @@ -244,6 +244,7 @@ "auditmanager.auditReports.list", "auditmanager.controlReports.list", "auditmanager.controls.list", + "auditmanager.customComplianceFrameworks.list", "auditmanager.findings.list", "auditmanager.locations.list", "auditmanager.operations.list", @@ -285,6 +286,7 @@ "backupdr.managementServers.list", "backupdr.managementServers.setIamPolicy", "backupdr.operations.list", + "backupdr.resourceBackupConfigs.list", "baremetalsolution.instancequotas.list", "baremetalsolution.instances.list", "baremetalsolution.luns.list", @@ -352,7 +354,6 @@ "bigquery.tables.getIamPolicy", "bigquery.tables.list", "bigquery.tables.setIamPolicy", - "bigquerymigration.locations.list", "bigquerymigration.subtasks.list", "bigquerymigration.workflows.list", "bigtable.appProfiles.list", @@ -375,6 +376,7 @@ "billing.accounts.getIamPolicy", "billing.accounts.list", "billing.accounts.setIamPolicy", + "billing.anomalies.list", "billing.billingAccountPrices.list", "billing.billingAccountServices.list", "billing.billingAccountSkuGroupSkus.list", @@ -702,6 +704,7 @@ "compute.regionTargetTcpProxies.list", "compute.regionUrlMaps.list", "compute.regions.list", + "compute.reservationBlocks.list", "compute.reservations.list", "compute.resourcePolicies.getIamPolicy", "compute.resourcePolicies.list", @@ -1328,6 +1331,7 @@ "gkehub.features.setIamPolicy", "gkehub.locations.list", "gkehub.membershipbindings.list", + "gkehub.membershipfeatures.list", "gkehub.memberships.getIamPolicy", "gkehub.memberships.list", "gkehub.memberships.setIamPolicy", @@ -1493,6 +1497,7 @@ "logging.locations.list", "logging.logEntries.list", "logging.logMetrics.list", + "logging.logScopes.list", "logging.logServiceIndexes.list", "logging.logServices.list", "logging.logs.list", @@ -1666,6 +1671,10 @@ "networksecurity.firewallEndpoints.list", "networksecurity.gatewaySecurityPolicies.list", "networksecurity.gatewaySecurityPolicyRules.list", + "networksecurity.interceptDeploymentGroups.list", + "networksecurity.interceptDeployments.list", + "networksecurity.interceptEndpointGroupAssociations.list", + "networksecurity.interceptEndpointGroups.list", "networksecurity.locations.list", "networksecurity.mirroringDeploymentGroups.list", "networksecurity.mirroringDeployments.list", @@ -1716,6 +1725,7 @@ "notebooks.schedules.getIamPolicy", "notebooks.schedules.list", "notebooks.schedules.setIamPolicy", + "observability.analyticsViews.list", "ondemandscanning.operations.list", "opsconfigmonitoring.resourceMetadata.list", "oracledatabase.autonomousDatabaseBackups.list", @@ -1749,6 +1759,9 @@ "parallelstore.instances.list", "parallelstore.locations.list", "parallelstore.operations.list", + "parametermanager.locations.list", + "parametermanager.parameterVersions.list", + "parametermanager.parameters.list", "paymentsresellersubscription.products.list", "paymentsresellersubscription.promotions.list", "policyremediatormanager.locations.list", @@ -1917,6 +1930,8 @@ "recommender.networkAnalyzerIpAddressInsights.list", "recommender.networkAnalyzerLoadBalancerInsights.list", "recommender.networkAnalyzerVpcConnectivityInsights.list", + "recommender.orgPolicyInsights.list", + "recommender.orgPolicyRecommendations.list", "recommender.resourcemanagerProjectChangeRiskInsights.list", "recommender.resourcemanagerProjectChangeRiskRecommendations.list", "recommender.resourcemanagerProjectUtilizationInsights.list", @@ -1931,6 +1946,8 @@ "recommender.runServicePerformanceRecommendations.list", "recommender.runServiceSecurityInsights.list", "recommender.runServiceSecurityRecommendations.list", + "recommender.spannerProjectReliabilityInsights.list", + "recommender.spannerProjectReliabilityRecommendations.list", "recommender.spendBasedCommitmentInsights.list", "recommender.spendBasedCommitmentRecommendations.list", "recommender.storageBucketSoftDeleteInsights.list", diff --git a/roles/iam.securityReviewer b/roles/iam.securityReviewer index 44c153a8..ab09e3a8 100644 --- a/roles/iam.securityReviewer +++ b/roles/iam.securityReviewer @@ -224,6 +224,7 @@ "auditmanager.auditReports.list", "auditmanager.controlReports.list", "auditmanager.controls.list", + "auditmanager.customComplianceFrameworks.list", "auditmanager.findings.list", "auditmanager.locations.list", "auditmanager.operations.list", @@ -260,6 +261,7 @@ "backupdr.managementServers.getIamPolicy", "backupdr.managementServers.list", "backupdr.operations.list", + "backupdr.resourceBackupConfigs.list", "baremetalsolution.instancequotas.list", "baremetalsolution.instances.list", "baremetalsolution.luns.list", @@ -317,7 +319,6 @@ "bigquery.savedqueries.list", "bigquery.tables.getIamPolicy", "bigquery.tables.list", - "bigquerymigration.locations.list", "bigquerymigration.subtasks.list", "bigquerymigration.workflows.list", "bigtable.appProfiles.list", @@ -335,6 +336,7 @@ "bigtable.tables.list", "billing.accounts.getIamPolicy", "billing.accounts.list", + "billing.anomalies.list", "billing.billingAccountPrices.list", "billing.billingAccountServices.list", "billing.billingAccountSkuGroupSkus.list", @@ -623,6 +625,7 @@ "compute.regionTargetTcpProxies.list", "compute.regionUrlMaps.list", "compute.regions.list", + "compute.reservationBlocks.list", "compute.reservations.list", "compute.resourcePolicies.getIamPolicy", "compute.resourcePolicies.list", @@ -1170,6 +1173,7 @@ "gkehub.features.list", "gkehub.locations.list", "gkehub.membershipbindings.list", + "gkehub.membershipfeatures.list", "gkehub.memberships.getIamPolicy", "gkehub.memberships.list", "gkehub.namespaces.list", @@ -1307,6 +1311,7 @@ "logging.locations.list", "logging.logEntries.list", "logging.logMetrics.list", + "logging.logScopes.list", "logging.logServiceIndexes.list", "logging.logServices.list", "logging.logs.list", @@ -1456,6 +1461,10 @@ "networksecurity.firewallEndpoints.list", "networksecurity.gatewaySecurityPolicies.list", "networksecurity.gatewaySecurityPolicyRules.list", + "networksecurity.interceptDeploymentGroups.list", + "networksecurity.interceptDeployments.list", + "networksecurity.interceptEndpointGroupAssociations.list", + "networksecurity.interceptEndpointGroups.list", "networksecurity.locations.list", "networksecurity.mirroringDeploymentGroups.list", "networksecurity.mirroringDeployments.list", @@ -1499,6 +1508,7 @@ "notebooks.runtimes.list", "notebooks.schedules.getIamPolicy", "notebooks.schedules.list", + "observability.analyticsViews.list", "ondemandscanning.operations.list", "opsconfigmonitoring.resourceMetadata.list", "oracledatabase.autonomousDatabaseBackups.list", @@ -1532,6 +1542,9 @@ "parallelstore.instances.list", "parallelstore.locations.list", "parallelstore.operations.list", + "parametermanager.locations.list", + "parametermanager.parameterVersions.list", + "parametermanager.parameters.list", "paymentsresellersubscription.products.list", "paymentsresellersubscription.promotions.list", "policyremediatormanager.locations.list", @@ -1684,6 +1697,8 @@ "recommender.networkAnalyzerIpAddressInsights.list", "recommender.networkAnalyzerLoadBalancerInsights.list", "recommender.networkAnalyzerVpcConnectivityInsights.list", + "recommender.orgPolicyInsights.list", + "recommender.orgPolicyRecommendations.list", "recommender.resourcemanagerProjectChangeRiskInsights.list", "recommender.resourcemanagerProjectChangeRiskRecommendations.list", "recommender.resourcemanagerProjectUtilizationInsights.list", @@ -1698,6 +1713,8 @@ "recommender.runServicePerformanceRecommendations.list", "recommender.runServiceSecurityInsights.list", "recommender.runServiceSecurityRecommendations.list", + "recommender.spannerProjectReliabilityInsights.list", + "recommender.spannerProjectReliabilityRecommendations.list", "recommender.spendBasedCommitmentInsights.list", "recommender.spendBasedCommitmentRecommendations.list", "recommender.storageBucketSoftDeleteInsights.list", diff --git a/roles/krmapihosting.anthosApiEndpointServiceAgent b/roles/krmapihosting.anthosApiEndpointServiceAgent index 4c889abe..f0213b83 100644 --- a/roles/krmapihosting.anthosApiEndpointServiceAgent +++ b/roles/krmapihosting.anthosApiEndpointServiceAgent @@ -444,6 +444,11 @@ "gkehub.membershipbindings.get", "gkehub.membershipbindings.list", "gkehub.membershipbindings.update", + "gkehub.membershipfeatures.create", + "gkehub.membershipfeatures.delete", + "gkehub.membershipfeatures.get", + "gkehub.membershipfeatures.list", + "gkehub.membershipfeatures.update", "gkehub.memberships.create", "gkehub.memberships.delete", "gkehub.memberships.generateConnectManifest", diff --git a/roles/lifesciences.serviceAgent b/roles/lifesciences.serviceAgent index 5db1ce46..38bcb8e6 100644 --- a/roles/lifesciences.serviceAgent +++ b/roles/lifesciences.serviceAgent @@ -6,7 +6,15 @@ "backupdr.backupPlanAssociations.deleteForComputeInstance", "backupdr.backupPlanAssociations.list", "backupdr.backupPlanAssociations.triggerBackupForComputeInstance", + "backupdr.backupPlans.get", + "backupdr.backupPlans.list", "backupdr.backupPlans.useForComputeInstance", + "backupdr.backupVaults.get", + "backupdr.backupVaults.list", + "backupdr.locations.list", + "backupdr.operations.get", + "backupdr.operations.list", + "backupdr.serviceConfig.initialize", "compute.acceleratorTypes.get", "compute.acceleratorTypes.list", "compute.addresses.createInternal", @@ -323,6 +331,8 @@ "compute.regionUrlMaps.listTagBindings", "compute.regions.get", "compute.regions.list", + "compute.reservationBlocks.get", + "compute.reservationBlocks.list", "compute.reservations.get", "compute.reservations.list", "compute.resourcePolicies.create", diff --git a/roles/logging.admin b/roles/logging.admin index 48399bec..01852f5a 100644 --- a/roles/logging.admin +++ b/roles/logging.admin @@ -34,6 +34,11 @@ "logging.logMetrics.get", "logging.logMetrics.list", "logging.logMetrics.update", + "logging.logScopes.create", + "logging.logScopes.delete", + "logging.logScopes.get", + "logging.logScopes.list", + "logging.logScopes.update", "logging.logServiceIndexes.list", "logging.logServices.list", "logging.logs.delete", diff --git a/roles/logging.configWriter b/roles/logging.configWriter index 026fa6f5..6676c7ee 100644 --- a/roles/logging.configWriter +++ b/roles/logging.configWriter @@ -28,6 +28,11 @@ "logging.logMetrics.get", "logging.logMetrics.list", "logging.logMetrics.update", + "logging.logScopes.create", + "logging.logScopes.delete", + "logging.logScopes.get", + "logging.logScopes.list", + "logging.logScopes.update", "logging.logServiceIndexes.list", "logging.logServices.list", "logging.logs.list", diff --git a/roles/logging.viewer b/roles/logging.viewer index 406c4dc1..cf7f6ed8 100644 --- a/roles/logging.viewer +++ b/roles/logging.viewer @@ -13,6 +13,8 @@ "logging.logEntries.list", "logging.logMetrics.get", "logging.logMetrics.list", + "logging.logScopes.get", + "logging.logScopes.list", "logging.logServiceIndexes.list", "logging.logServices.list", "logging.logs.list", diff --git a/roles/meshcontrolplane.serviceAgent b/roles/meshcontrolplane.serviceAgent index 9b22f0f0..20e66b1e 100644 --- a/roles/meshcontrolplane.serviceAgent +++ b/roles/meshcontrolplane.serviceAgent @@ -423,6 +423,8 @@ "gkehub.locations.list", "gkehub.membershipbindings.get", "gkehub.membershipbindings.list", + "gkehub.membershipfeatures.get", + "gkehub.membershipfeatures.list", "gkehub.memberships.generateConnectManifest", "gkehub.memberships.get", "gkehub.memberships.getIamPolicy", diff --git a/roles/networksecurity.interceptDeploymentAdmin b/roles/networksecurity.interceptDeploymentAdmin new file mode 100644 index 00000000..1b0542fd --- /dev/null +++ b/roles/networksecurity.interceptDeploymentAdmin @@ -0,0 +1,22 @@ +{ + "description": "Enables full access to intercept resources on the Producer's side.", + "etag": "AA==", + "includedPermissions": [ + "networksecurity.interceptDeploymentGroups.create", + "networksecurity.interceptDeploymentGroups.delete", + "networksecurity.interceptDeploymentGroups.get", + "networksecurity.interceptDeploymentGroups.list", + "networksecurity.interceptDeploymentGroups.update", + "networksecurity.interceptDeploymentGroups.use", + "networksecurity.interceptDeployments.create", + "networksecurity.interceptDeployments.delete", + "networksecurity.interceptDeployments.get", + "networksecurity.interceptDeployments.list", + "networksecurity.interceptDeployments.update", + "resourcemanager.projects.get", + "resourcemanager.projects.list" + ], + "name": "roles/networksecurity.interceptDeploymentAdmin", + "stage": "BETA", + "title": "Intercept Deployment Admin" +} diff --git a/roles/networksecurity.interceptDeploymentUser b/roles/networksecurity.interceptDeploymentUser new file mode 100644 index 00000000..fd1990a0 --- /dev/null +++ b/roles/networksecurity.interceptDeploymentUser @@ -0,0 +1,12 @@ +{ + "description": "Allows a consumer to connect their interceptEndpointGroup to the Producer's interceptDeploymentGroup.", + "etag": "AA==", + "includedPermissions": [ + "networksecurity.interceptDeploymentGroups.get", + "networksecurity.interceptDeploymentGroups.list", + "networksecurity.interceptDeploymentGroups.use" + ], + "name": "roles/networksecurity.interceptDeploymentUser", + "stage": "BETA", + "title": "Intercept Deployment User" +} diff --git a/roles/networksecurity.interceptDeploymentViewer b/roles/networksecurity.interceptDeploymentViewer new file mode 100644 index 00000000..7ea3d79a --- /dev/null +++ b/roles/networksecurity.interceptDeploymentViewer @@ -0,0 +1,15 @@ +{ + "description": "Enables read-only access to intercept resources on the Producer's side.", + "etag": "AA==", + "includedPermissions": [ + "networksecurity.interceptDeploymentGroups.get", + "networksecurity.interceptDeploymentGroups.list", + "networksecurity.interceptDeployments.get", + "networksecurity.interceptDeployments.list", + "resourcemanager.projects.get", + "resourcemanager.projects.list" + ], + "name": "roles/networksecurity.interceptDeploymentViewer", + "stage": "BETA", + "title": "Intercept Deployment Viewer" +} diff --git a/roles/networksecurity.interceptEndpointAdmin b/roles/networksecurity.interceptEndpointAdmin new file mode 100644 index 00000000..9180d3ef --- /dev/null +++ b/roles/networksecurity.interceptEndpointAdmin @@ -0,0 +1,22 @@ +{ + "description": "Enables full access to intercept resources on the consumer's side.", + "etag": "AA==", + "includedPermissions": [ + "networksecurity.interceptEndpointGroupAssociations.create", + "networksecurity.interceptEndpointGroupAssociations.delete", + "networksecurity.interceptEndpointGroupAssociations.get", + "networksecurity.interceptEndpointGroupAssociations.list", + "networksecurity.interceptEndpointGroupAssociations.update", + "networksecurity.interceptEndpointGroups.create", + "networksecurity.interceptEndpointGroups.delete", + "networksecurity.interceptEndpointGroups.get", + "networksecurity.interceptEndpointGroups.list", + "networksecurity.interceptEndpointGroups.update", + "networksecurity.interceptEndpointGroups.use", + "resourcemanager.projects.get", + "resourcemanager.projects.list" + ], + "name": "roles/networksecurity.interceptEndpointAdmin", + "stage": "BETA", + "title": "Intercept Endpoint Admin" +} diff --git a/roles/networksecurity.interceptEndpointUser b/roles/networksecurity.interceptEndpointUser new file mode 100644 index 00000000..c602113f --- /dev/null +++ b/roles/networksecurity.interceptEndpointUser @@ -0,0 +1,12 @@ +{ + "description": "Allows a consumer to connect their networks to a interceptEndpointGroup.", + "etag": "AA==", + "includedPermissions": [ + "networksecurity.interceptEndpointGroups.get", + "networksecurity.interceptEndpointGroups.list", + "networksecurity.interceptEndpointGroups.use" + ], + "name": "roles/networksecurity.interceptEndpointUser", + "stage": "BETA", + "title": "Intercept Endpoint User" +} diff --git a/roles/networksecurity.interceptEndpointViewer b/roles/networksecurity.interceptEndpointViewer new file mode 100644 index 00000000..86072e77 --- /dev/null +++ b/roles/networksecurity.interceptEndpointViewer @@ -0,0 +1,15 @@ +{ + "description": "Enables read-only access to intercept resources on the Consumer's side.", + "etag": "AA==", + "includedPermissions": [ + "networksecurity.interceptEndpointGroupAssociations.get", + "networksecurity.interceptEndpointGroupAssociations.list", + "networksecurity.interceptEndpointGroups.get", + "networksecurity.interceptEndpointGroups.list", + "resourcemanager.projects.get", + "resourcemanager.projects.list" + ], + "name": "roles/networksecurity.interceptEndpointViewer", + "stage": "BETA", + "title": "Intercept Endpoint Viewer" +} diff --git a/roles/notebooks.admin b/roles/notebooks.admin index 25f068f5..4f001ec1 100644 --- a/roles/notebooks.admin +++ b/roles/notebooks.admin @@ -247,6 +247,8 @@ "compute.regionUrlMaps.validate", "compute.regions.get", "compute.regions.list", + "compute.reservationBlocks.get", + "compute.reservationBlocks.list", "compute.reservations.get", "compute.reservations.list", "compute.resourcePolicies.get", diff --git a/roles/notebooks.legacyAdmin b/roles/notebooks.legacyAdmin index e9912e5a..a742e3b8 100644 --- a/roles/notebooks.legacyAdmin +++ b/roles/notebooks.legacyAdmin @@ -6,7 +6,15 @@ "backupdr.backupPlanAssociations.deleteForComputeInstance", "backupdr.backupPlanAssociations.list", "backupdr.backupPlanAssociations.triggerBackupForComputeInstance", + "backupdr.backupPlans.get", + "backupdr.backupPlans.list", "backupdr.backupPlans.useForComputeInstance", + "backupdr.backupVaults.get", + "backupdr.backupVaults.list", + "backupdr.locations.list", + "backupdr.operations.get", + "backupdr.operations.list", + "backupdr.serviceConfig.initialize", "compute.acceleratorTypes.get", "compute.acceleratorTypes.list", "compute.addresses.create", @@ -643,6 +651,8 @@ "compute.regionUrlMaps.validate", "compute.regions.get", "compute.regions.list", + "compute.reservationBlocks.get", + "compute.reservationBlocks.list", "compute.reservations.create", "compute.reservations.delete", "compute.reservations.get", diff --git a/roles/notebooks.legacyViewer b/roles/notebooks.legacyViewer index 61e480d5..1913d7bf 100644 --- a/roles/notebooks.legacyViewer +++ b/roles/notebooks.legacyViewer @@ -236,6 +236,8 @@ "compute.regionUrlMaps.validate", "compute.regions.get", "compute.regions.list", + "compute.reservationBlocks.get", + "compute.reservationBlocks.list", "compute.reservations.get", "compute.reservations.list", "compute.resourcePolicies.get", diff --git a/roles/notebooks.runner b/roles/notebooks.runner index a51a0d0f..6155d239 100644 --- a/roles/notebooks.runner +++ b/roles/notebooks.runner @@ -247,6 +247,8 @@ "compute.regionUrlMaps.validate", "compute.regions.get", "compute.regions.list", + "compute.reservationBlocks.get", + "compute.reservationBlocks.list", "compute.reservations.get", "compute.reservations.list", "compute.resourcePolicies.get", diff --git a/roles/notebooks.viewer b/roles/notebooks.viewer index feb4175e..264e14ef 100644 --- a/roles/notebooks.viewer +++ b/roles/notebooks.viewer @@ -240,6 +240,8 @@ "compute.regionUrlMaps.validate", "compute.regions.get", "compute.regions.list", + "compute.reservationBlocks.get", + "compute.reservationBlocks.list", "compute.reservations.get", "compute.reservations.list", "compute.resourcePolicies.get", diff --git a/roles/observability.admin b/roles/observability.admin index 3bc29d37..ae51720e 100644 --- a/roles/observability.admin +++ b/roles/observability.admin @@ -2,6 +2,11 @@ "description": "Full access to Observability resources.", "etag": "AA==", "includedPermissions": [ + "observability.analyticsViews.create", + "observability.analyticsViews.delete", + "observability.analyticsViews.get", + "observability.analyticsViews.list", + "observability.analyticsViews.update", "observability.scopes.get", "observability.scopes.update" ], diff --git a/roles/observability.analyticsUser b/roles/observability.analyticsUser new file mode 100644 index 00000000..a98a1ece --- /dev/null +++ b/roles/observability.analyticsUser @@ -0,0 +1,15 @@ +{ + "description": "Grants permissions to use Cloud Observability Analytics.", + "etag": "AA==", + "includedPermissions": [ + "observability.analyticsViews.create", + "observability.analyticsViews.delete", + "observability.analyticsViews.get", + "observability.analyticsViews.list", + "observability.analyticsViews.update", + "observability.scopes.get" + ], + "name": "roles/observability.analyticsUser", + "stage": "BETA", + "title": "Observability Analytics User" +} diff --git a/roles/observability.viewer b/roles/observability.viewer index 97ef87c0..61264fc8 100644 --- a/roles/observability.viewer +++ b/roles/observability.viewer @@ -2,6 +2,8 @@ "description": "Read only access to Observability resources.", "etag": "AA==", "includedPermissions": [ + "observability.analyticsViews.get", + "observability.analyticsViews.list", "observability.scopes.get" ], "name": "roles/observability.viewer", diff --git a/roles/owner b/roles/owner index 8dfbcd3b..a281b49d 100644 --- a/roles/owner +++ b/roles/owner @@ -1077,6 +1077,11 @@ "auditmanager.controlReports.get", "auditmanager.controlReports.list", "auditmanager.controls.list", + "auditmanager.customComplianceFrameworks.create", + "auditmanager.customComplianceFrameworks.delete", + "auditmanager.customComplianceFrameworks.get", + "auditmanager.customComplianceFrameworks.list", + "auditmanager.customComplianceFrameworks.update", "auditmanager.findings.get", "auditmanager.findings.list", "auditmanager.locations.enrollResource", @@ -1254,6 +1259,9 @@ "backupdr.operations.delete", "backupdr.operations.get", "backupdr.operations.list", + "backupdr.resourceBackupConfigs.get", + "backupdr.resourceBackupConfigs.list", + "backupdr.serviceConfig.initialize", "baremetalsolution.instancequotas.list", "baremetalsolution.instances.attachNetwork", "baremetalsolution.instances.attachVolume", @@ -1480,6 +1488,7 @@ "bigquery.reservations.delete", "bigquery.reservations.get", "bigquery.reservations.list", + "bigquery.reservations.listFailoverDatasets", "bigquery.reservations.update", "bigquery.routines.create", "bigquery.routines.delete", @@ -1512,18 +1521,14 @@ "bigquery.tables.setIamPolicy", "bigquery.transfers.get", "bigquery.transfers.update", - "bigquerymigration.locations.get", - "bigquerymigration.locations.list", - "bigquerymigration.subtaskTypes.executeTask", - "bigquerymigration.subtasks.create", - "bigquerymigration.subtasks.executeTask", "bigquerymigration.subtasks.get", "bigquerymigration.subtasks.list", - "bigquerymigration.taskTypes.orchestrateTask", - "bigquerymigration.taskTypes.writeLogs", "bigquerymigration.translation.translate", "bigquerymigration.workflows.create", "bigquerymigration.workflows.delete", + "bigquerymigration.workflows.enableAiOutputTypes", + "bigquerymigration.workflows.enableLineageOutputTypes", + "bigquerymigration.workflows.enableOutputTypePermissions", "bigquerymigration.workflows.get", "bigquerymigration.workflows.list", "bigquerymigration.workflows.orchestrateTask", @@ -1591,6 +1596,9 @@ "bigtable.tables.setIamPolicy", "bigtable.tables.undelete", "bigtable.tables.update", + "billing.anomalies.get", + "billing.anomalies.list", + "billing.anomalies.submitFeedback", "billing.billingAccountPrice.get", "billing.billingAccountPrices.list", "billing.billingAccountServices.get", @@ -3842,6 +3850,8 @@ "compute.regionUrlMaps.validate", "compute.regions.get", "compute.regions.list", + "compute.reservationBlocks.get", + "compute.reservationBlocks.list", "compute.reservations.create", "compute.reservations.delete", "compute.reservations.get", @@ -6711,6 +6721,11 @@ "gkehub.membershipbindings.get", "gkehub.membershipbindings.list", "gkehub.membershipbindings.update", + "gkehub.membershipfeatures.create", + "gkehub.membershipfeatures.delete", + "gkehub.membershipfeatures.get", + "gkehub.membershipfeatures.list", + "gkehub.membershipfeatures.update", "gkehub.memberships.create", "gkehub.memberships.delete", "gkehub.memberships.generateConnectManifest", @@ -6931,10 +6946,12 @@ "healthcare.fhirStores.create", "healthcare.fhirStores.deidentify", "healthcare.fhirStores.delete", + "healthcare.fhirStores.deleteFhirOperation", "healthcare.fhirStores.executeBundle", "healthcare.fhirStores.explainDataAccess", "healthcare.fhirStores.export", "healthcare.fhirStores.get", + "healthcare.fhirStores.getFhirOperation", "healthcare.fhirStores.getIamPolicy", "healthcare.fhirStores.import", "healthcare.fhirStores.list", @@ -7347,6 +7364,11 @@ "logging.logMetrics.get", "logging.logMetrics.list", "logging.logMetrics.update", + "logging.logScopes.create", + "logging.logScopes.delete", + "logging.logScopes.get", + "logging.logScopes.list", + "logging.logScopes.update", "logging.logServiceIndexes.list", "logging.logServices.list", "logging.logs.delete", @@ -8008,6 +8030,28 @@ "networksecurity.gatewaySecurityPolicyRules.list", "networksecurity.gatewaySecurityPolicyRules.update", "networksecurity.gatewaySecurityPolicyRules.use", + "networksecurity.interceptDeploymentGroups.create", + "networksecurity.interceptDeploymentGroups.delete", + "networksecurity.interceptDeploymentGroups.get", + "networksecurity.interceptDeploymentGroups.list", + "networksecurity.interceptDeploymentGroups.update", + "networksecurity.interceptDeploymentGroups.use", + "networksecurity.interceptDeployments.create", + "networksecurity.interceptDeployments.delete", + "networksecurity.interceptDeployments.get", + "networksecurity.interceptDeployments.list", + "networksecurity.interceptDeployments.update", + "networksecurity.interceptEndpointGroupAssociations.create", + "networksecurity.interceptEndpointGroupAssociations.delete", + "networksecurity.interceptEndpointGroupAssociations.get", + "networksecurity.interceptEndpointGroupAssociations.list", + "networksecurity.interceptEndpointGroupAssociations.update", + "networksecurity.interceptEndpointGroups.create", + "networksecurity.interceptEndpointGroups.delete", + "networksecurity.interceptEndpointGroups.get", + "networksecurity.interceptEndpointGroups.list", + "networksecurity.interceptEndpointGroups.update", + "networksecurity.interceptEndpointGroups.use", "networksecurity.locations.get", "networksecurity.locations.list", "networksecurity.mirroringDeploymentGroups.create", @@ -8221,6 +8265,11 @@ "oauthconfig.verification.get", "oauthconfig.verification.submit", "oauthconfig.verification.update", + "observability.analyticsViews.create", + "observability.analyticsViews.delete", + "observability.analyticsViews.get", + "observability.analyticsViews.list", + "observability.analyticsViews.update", "observability.scopes.get", "observability.scopes.update", "ondemandscanning.operations.cancel", @@ -8333,6 +8382,19 @@ "parallelstore.operations.delete", "parallelstore.operations.get", "parallelstore.operations.list", + "parametermanager.locations.get", + "parametermanager.locations.list", + "parametermanager.parameterVersions.create", + "parametermanager.parameterVersions.delete", + "parametermanager.parameterVersions.get", + "parametermanager.parameterVersions.list", + "parametermanager.parameterVersions.render", + "parametermanager.parameterVersions.update", + "parametermanager.parameters.create", + "parametermanager.parameters.delete", + "parametermanager.parameters.get", + "parametermanager.parameters.list", + "parametermanager.parameters.update", "paymentsresellersubscription.products.list", "paymentsresellersubscription.promotions.list", "paymentsresellersubscription.subscriptions.cancel", @@ -8858,6 +8920,12 @@ "recommender.networkAnalyzerVpcConnectivityInsights.get", "recommender.networkAnalyzerVpcConnectivityInsights.list", "recommender.networkAnalyzerVpcConnectivityInsights.update", + "recommender.orgPolicyInsights.get", + "recommender.orgPolicyInsights.list", + "recommender.orgPolicyInsights.update", + "recommender.orgPolicyRecommendations.get", + "recommender.orgPolicyRecommendations.list", + "recommender.orgPolicyRecommendations.update", "recommender.resourcemanagerProjectChangeRiskInsights.get", "recommender.resourcemanagerProjectChangeRiskInsights.list", "recommender.resourcemanagerProjectChangeRiskInsights.update", @@ -8905,6 +8973,12 @@ "recommender.runServiceSecurityRecommendations.get", "recommender.runServiceSecurityRecommendations.list", "recommender.runServiceSecurityRecommendations.update", + "recommender.spannerProjectReliabilityInsights.get", + "recommender.spannerProjectReliabilityInsights.list", + "recommender.spannerProjectReliabilityInsights.update", + "recommender.spannerProjectReliabilityRecommendations.get", + "recommender.spannerProjectReliabilityRecommendations.list", + "recommender.spannerProjectReliabilityRecommendations.update", "recommender.spendBasedCommitmentInsights.get", "recommender.spendBasedCommitmentInsights.list", "recommender.spendBasedCommitmentInsights.update", @@ -9798,6 +9872,7 @@ "tpu.nodes.delete", "tpu.nodes.get", "tpu.nodes.list", + "tpu.nodes.performMaintenance", "tpu.nodes.reimage", "tpu.nodes.reset", "tpu.nodes.simulateMaintenanceEvent", @@ -10225,10 +10300,14 @@ "workflows.stepEntries.get", "workflows.stepEntries.list", "workflows.workflows.create", + "workflows.workflows.createTagBinding", "workflows.workflows.delete", + "workflows.workflows.deleteTagBinding", "workflows.workflows.get", "workflows.workflows.list", + "workflows.workflows.listEffectiveTags", "workflows.workflows.listRevision", + "workflows.workflows.listTagBindings", "workflows.workflows.update", "workloadcertificate.locations.get", "workloadcertificate.locations.list", diff --git a/roles/parametermanager.admin b/roles/parametermanager.admin new file mode 100644 index 00000000..2b5b55f2 --- /dev/null +++ b/roles/parametermanager.admin @@ -0,0 +1,11 @@ +{ + "description": "Grants full access to all Parameter Manager resources. Intended for project admins & owners who need to perform all administrative tasks.", + "etag": "AA==", + "includedPermissions": [ + "resourcemanager.projects.get", + "resourcemanager.projects.list" + ], + "name": "roles/parametermanager.admin", + "stage": "ALPHA", + "title": "Parameter Manager Admin" +} diff --git a/roles/parametermanager.parameterAccessor b/roles/parametermanager.parameterAccessor new file mode 100644 index 00000000..580afa03 --- /dev/null +++ b/roles/parametermanager.parameterAccessor @@ -0,0 +1,14 @@ +{ + "description": "Grants read access to ParameterManager ParameterVersion resources. Intended for users & applications that need to perform read operations on ParameterVersion only.", + "etag": "AA==", + "includedPermissions": [ + "parametermanager.locations.get", + "parametermanager.locations.list", + "parametermanager.parameterVersions.render", + "resourcemanager.projects.get", + "resourcemanager.projects.list" + ], + "name": "roles/parametermanager.parameterAccessor", + "stage": "BETA", + "title": "Parameter Manager Parameter Accessor" +} diff --git a/roles/parametermanager.parameterVersionAdder b/roles/parametermanager.parameterVersionAdder new file mode 100644 index 00000000..7a941ea2 --- /dev/null +++ b/roles/parametermanager.parameterVersionAdder @@ -0,0 +1,11 @@ +{ + "description": "Grants create access to Parameter Manager ParameterVersion resources. Intended for users & applications that need to perform create operations on ParameterVersions only.", + "etag": "AA==", + "includedPermissions": [ + "resourcemanager.projects.get", + "resourcemanager.projects.list" + ], + "name": "roles/parametermanager.parameterVersionAdder", + "stage": "ALPHA", + "title": "Parameter Manager Parameter Version Adder" +} diff --git a/roles/parametermanager.parameterVersionManager b/roles/parametermanager.parameterVersionManager new file mode 100644 index 00000000..3a7ad639 --- /dev/null +++ b/roles/parametermanager.parameterVersionManager @@ -0,0 +1,20 @@ +{ + "description": "Grants read & write access to all Parameter Manager ParameterVersion resources. Intended for users & applications that need to view Parameters & perform create/read/update/delete/list operations on ParameterVersions only.", + "etag": "AA==", + "includedPermissions": [ + "parametermanager.locations.get", + "parametermanager.locations.list", + "parametermanager.parameterVersions.create", + "parametermanager.parameterVersions.delete", + "parametermanager.parameterVersions.get", + "parametermanager.parameterVersions.list", + "parametermanager.parameterVersions.update", + "parametermanager.parameters.get", + "parametermanager.parameters.list", + "resourcemanager.projects.get", + "resourcemanager.projects.list" + ], + "name": "roles/parametermanager.parameterVersionManager", + "stage": "BETA", + "title": "Parameter Manager Parameter Version Manager" +} diff --git a/roles/parametermanager.parameterViewer b/roles/parametermanager.parameterViewer new file mode 100644 index 00000000..56d05872 --- /dev/null +++ b/roles/parametermanager.parameterViewer @@ -0,0 +1,17 @@ +{ + "description": "Grants read access to Parameter Manager Parameter & ParameterVersion resources. Intended for users & applications that need to perform read/list operations on Parameters & ParameterVersions only.", + "etag": "AA==", + "includedPermissions": [ + "parametermanager.locations.get", + "parametermanager.locations.list", + "parametermanager.parameterVersions.get", + "parametermanager.parameterVersions.list", + "parametermanager.parameters.get", + "parametermanager.parameters.list", + "resourcemanager.projects.get", + "resourcemanager.projects.list" + ], + "name": "roles/parametermanager.parameterViewer", + "stage": "BETA", + "title": "Parameter Manager Parameter Viewer" +} diff --git a/roles/recommender.spannerAdmin b/roles/recommender.spannerAdmin new file mode 100644 index 00000000..e6c16ed8 --- /dev/null +++ b/roles/recommender.spannerAdmin @@ -0,0 +1,19 @@ +{ + "description": "Admin of Spanner Project Reliability Insights and Recommendations.", + "etag": "AA==", + "includedPermissions": [ + "recommender.locations.get", + "recommender.locations.list", + "recommender.spannerProjectReliabilityInsights.get", + "recommender.spannerProjectReliabilityInsights.list", + "recommender.spannerProjectReliabilityInsights.update", + "recommender.spannerProjectReliabilityRecommendations.get", + "recommender.spannerProjectReliabilityRecommendations.list", + "recommender.spannerProjectReliabilityRecommendations.update", + "resourcemanager.projects.get", + "resourcemanager.projects.list" + ], + "name": "roles/recommender.spannerAdmin", + "stage": "BETA", + "title": "Spanner Project Reliability Recommender Admin" +} diff --git a/roles/recommender.spannerViewer b/roles/recommender.spannerViewer new file mode 100644 index 00000000..6e806573 --- /dev/null +++ b/roles/recommender.spannerViewer @@ -0,0 +1,13 @@ +{ + "description": "Viewer of Spanner Project Reliability Insights and Recommendations.", + "etag": "AA==", + "includedPermissions": [ + "recommender.locations.get", + "recommender.locations.list", + "resourcemanager.projects.get", + "resourcemanager.projects.list" + ], + "name": "roles/recommender.spannerViewer", + "stage": "ALPHA", + "title": "Spanner Project Reliability Recommender Viewer" +} diff --git a/roles/recommender.viewer b/roles/recommender.viewer index 358bd014..1239ba1c 100644 --- a/roles/recommender.viewer +++ b/roles/recommender.viewer @@ -212,6 +212,10 @@ "recommender.networkAnalyzerLoadBalancerInsights.list", "recommender.networkAnalyzerVpcConnectivityInsights.get", "recommender.networkAnalyzerVpcConnectivityInsights.list", + "recommender.orgPolicyInsights.get", + "recommender.orgPolicyInsights.list", + "recommender.orgPolicyRecommendations.get", + "recommender.orgPolicyRecommendations.list", "recommender.resourcemanagerProjectChangeRiskInsights.get", "recommender.resourcemanagerProjectChangeRiskInsights.list", "recommender.resourcemanagerProjectChangeRiskRecommendations.get", @@ -242,6 +246,10 @@ "recommender.runServiceSecurityInsights.list", "recommender.runServiceSecurityRecommendations.get", "recommender.runServiceSecurityRecommendations.list", + "recommender.spannerProjectReliabilityInsights.get", + "recommender.spannerProjectReliabilityInsights.list", + "recommender.spannerProjectReliabilityRecommendations.get", + "recommender.spannerProjectReliabilityRecommendations.list", "recommender.spendBasedCommitmentInsights.get", "recommender.spendBasedCommitmentInsights.list", "recommender.spendBasedCommitmentRecommendations.get", diff --git a/roles/run.jobsExecutor b/roles/run.jobsExecutor index 5e73e394..9326961e 100644 --- a/roles/run.jobsExecutor +++ b/roles/run.jobsExecutor @@ -1,5 +1,5 @@ { - "description": "Can excute and cancel Cloud Run jobs.", + "description": "Can execute and cancel Cloud Run jobs.", "etag": "AA==", "includedPermissions": [ "run.executions.cancel", diff --git a/roles/storage.admin b/roles/storage.admin index 426428f3..859f36dd 100644 --- a/roles/storage.admin +++ b/roles/storage.admin @@ -36,12 +36,14 @@ "storage.buckets.enableObjectRetention", "storage.buckets.get", "storage.buckets.getIamPolicy", + "storage.buckets.getIpFilter", "storage.buckets.getObjectInsights", "storage.buckets.list", "storage.buckets.listEffectiveTags", "storage.buckets.listTagBindings", "storage.buckets.restore", "storage.buckets.setIamPolicy", + "storage.buckets.setIpFilter", "storage.buckets.update", "storage.folders.create", "storage.folders.delete", diff --git a/roles/storage.legacyBucketOwner b/roles/storage.legacyBucketOwner index b5d2d78c..f888beaf 100644 --- a/roles/storage.legacyBucketOwner +++ b/roles/storage.legacyBucketOwner @@ -17,10 +17,12 @@ "storage.buckets.enableObjectRetention", "storage.buckets.get", "storage.buckets.getIamPolicy", + "storage.buckets.getIpFilter", "storage.buckets.listEffectiveTags", "storage.buckets.listTagBindings", "storage.buckets.restore", "storage.buckets.setIamPolicy", + "storage.buckets.setIpFilter", "storage.buckets.update", "storage.folders.create", "storage.folders.delete", diff --git a/roles/telcoautomation.opsAdminTier1 b/roles/telcoautomation.opsAdminTier1 index 141ac26b..cb2f388b 100644 --- a/roles/telcoautomation.opsAdminTier1 +++ b/roles/telcoautomation.opsAdminTier1 @@ -13,6 +13,8 @@ "logging.logEntries.list", "logging.logMetrics.get", "logging.logMetrics.list", + "logging.logScopes.get", + "logging.logScopes.list", "logging.logServiceIndexes.list", "logging.logServices.list", "logging.logs.list", diff --git a/roles/visualinspection.serviceAgent b/roles/visualinspection.serviceAgent index 6cbe5b47..f7d2d639 100644 --- a/roles/visualinspection.serviceAgent +++ b/roles/visualinspection.serviceAgent @@ -440,12 +440,14 @@ "storage.buckets.enableObjectRetention", "storage.buckets.get", "storage.buckets.getIamPolicy", + "storage.buckets.getIpFilter", "storage.buckets.getObjectInsights", "storage.buckets.list", "storage.buckets.listEffectiveTags", "storage.buckets.listTagBindings", "storage.buckets.restore", "storage.buckets.setIamPolicy", + "storage.buckets.setIpFilter", "storage.buckets.update", "storage.folders.create", "storage.folders.delete", diff --git a/roles/workflows.admin b/roles/workflows.admin index d2d23e16..b727c331 100644 --- a/roles/workflows.admin +++ b/roles/workflows.admin @@ -18,10 +18,14 @@ "workflows.stepEntries.get", "workflows.stepEntries.list", "workflows.workflows.create", + "workflows.workflows.createTagBinding", "workflows.workflows.delete", + "workflows.workflows.deleteTagBinding", "workflows.workflows.get", "workflows.workflows.list", + "workflows.workflows.listEffectiveTags", "workflows.workflows.listRevision", + "workflows.workflows.listTagBindings", "workflows.workflows.update" ], "name": "roles/workflows.admin", diff --git a/roles/workflows.editor b/roles/workflows.editor index 6c36ddd9..8316a8a2 100644 --- a/roles/workflows.editor +++ b/roles/workflows.editor @@ -18,10 +18,14 @@ "workflows.stepEntries.get", "workflows.stepEntries.list", "workflows.workflows.create", + "workflows.workflows.createTagBinding", "workflows.workflows.delete", + "workflows.workflows.deleteTagBinding", "workflows.workflows.get", "workflows.workflows.list", + "workflows.workflows.listEffectiveTags", "workflows.workflows.listRevision", + "workflows.workflows.listTagBindings", "workflows.workflows.update" ], "name": "roles/workflows.editor", diff --git a/roles/workflows.viewer b/roles/workflows.viewer index cab517d7..9dd137ba 100644 --- a/roles/workflows.viewer +++ b/roles/workflows.viewer @@ -15,7 +15,9 @@ "workflows.stepEntries.list", "workflows.workflows.get", "workflows.workflows.list", - "workflows.workflows.listRevision" + "workflows.workflows.listEffectiveTags", + "workflows.workflows.listRevision", + "workflows.workflows.listTagBindings" ], "name": "roles/workflows.viewer", "stage": "GA",