diff --git a/deployment-templates/compute-engine/explain-instance.py b/deployment-templates/compute-engine/explain-instance.py deleted file mode 100644 index 0fe0dbfc95..0000000000 --- a/deployment-templates/compute-engine/explain-instance.py +++ /dev/null @@ -1,185 +0,0 @@ -# Copyright 2017 The Forseti Security Authors. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -"""Creates a GCE instance template for Forseti Security.""" - -def GenerateConfig(context): - """Generate configuration.""" - - if context.properties.get('branch-name'): - DOWNLOAD_FORSETI = """ - git clone {}.git --branch {} --single-branch forseti-security - cd forseti-security - """.format( - context.properties['src-path'], - context.properties['branch-name']) - else: - DOWNLOAD_FORSETI = """ - wget -qO- {}/archive/v{}.tar.gz | tar xvz - cd forseti-security-{} - """.format( - context.properties['src-path'], - context.properties['release-version'], - context.properties['release-version']) - - SQL_INSTANCE = context.properties['sql-instance'] - EXPLAIN_DATABASE_NAME = context.properties['database-name-forseti'] - FORSETI_DATABASE_NAME = context.properties['database-name-explain'] - - resources = [] - - resources.append({ - 'name': '{}-explain-vm'.format(context.env['deployment']), - 'type': 'compute.v1.instance', - 'properties': { - 'zone': context.properties['zone'], - 'machineType': ( - 'https://www.googleapis.com/compute/v1/projects/{}' - '/zones/{}/machineTypes/{}'.format( - context.env['project'], context.properties['zone'], - context.properties['instance-type'])), - 'disks': [{ - 'deviceName': 'boot', - 'type': 'PERSISTENT', - 'boot': True, - 'autoDelete': True, - 'initializeParams': { - 'sourceImage': ( - 'https://www.googleapis.com/compute/v1' - '/projects/{}/global/images/family/{}'.format( - 'ubuntu-os-cloud', - 'ubuntu-1604-lts', - ) - ) - } - }], - 'networkInterfaces': [{ - 'network': ( - 'https://www.googleapis.com/compute/v1/' - 'projects/{}/global/networks/{}'.format( - context.properties['network-host-project-id'], - context.properties['vpc-name'])), - 'accessConfigs': [{ - 'name': 'External NAT', - 'type': 'ONE_TO_ONE_NAT' - }], - 'subnetwork': ( - 'https://www.googleapis.com/compute/v1/' - 'projects/{}/regions/{}/subnetworks/{}'.format( - context.properties['network-host-project-id'], - context.properties['region'], - context.properties['subnetwork-name'])) - }], - 'serviceAccounts': [{ - 'email': context.properties['service-account'], - 'scopes': ['https://www.googleapis.com/auth/cloud-platform'], - }], - 'metadata': { - 'dependsOn': ['db-instances'], - 'items': [{ - 'key': 'startup-script', - 'value': """#!/bin/bash - -exec > /tmp/deployment.log -exec 2>&1 - -# Ubuntu update -sudo apt-get update -y -sudo apt-get upgrade -y - -# Forseti setup -sudo apt-get install -y git unzip -# Forseti dependencies -sudo apt-get install -y libffi-dev libssl-dev libmysqlclient-dev python-pip python-dev - -USER_HOME=/home/ubuntu - -# Install fluentd if necessary -FLUENTD=$(ls /usr/sbin/google-fluentd) -if [ -z "$FLUENTD" ]; then - cd $USER_HOME - curl -sSO https://dl.google.com/cloudagents/install-logging-agent.sh - bash install-logging-agent.sh -fi - -# Check whether Cloud SQL proxy is installed -CLOUD_SQL_PROXY=$(ls $USER_HOME/cloud_sql_proxy) -if [ -z "$CLOUD_SQL_PROXY" ]; then - cd $USER_HOME - wget https://dl.google.com/cloudsql/cloud_sql_proxy.linux.amd64 - mv cloud_sql_proxy.linux.amd64 cloud_sql_proxy - chmod +x cloud_sql_proxy -fi - -# Install Forseti Security -cd $USER_HOME -rm -rf forseti-* -pip install --upgrade pip -pip install --upgrade setuptools -pip install google-apputils grpcio grpcio-tools protobuf - -cd $USER_HOME - -# Download Forseti src; see DOWNLOAD_FORSETI -{} -python setup.py install - - -# Create upstart script for API server -read -d '' API_SERVER << EOF -[Unit] -Description=Explain API Server -[Service] -Restart=always -RestartSec=3 -ExecStart=/usr/local/bin/forseti_api '[::]:50051' 'mysql://root@127.0.0.1:3306/{}' 'mysql://root@127.0.0.1:3306/{}' playground explain -[Install] -WantedBy=multi-user.target -Wants=cloudsqlproxy.service -EOF -echo "$API_SERVER" > /lib/systemd/system/forseti.service - -read -d '' SQL_PROXY << EOF -[Unit] -Description=Explain Cloud SQL Proxy -[Service] -Restart=always -RestartSec=3 -ExecStart=/home/ubuntu/cloud_sql_proxy -instances={}=tcp:3306 -[Install] -WantedBy=forseti.service -EOF -echo "$SQL_PROXY" > /lib/systemd/system/cloudsqlproxy.service - -systemctl start cloudsqlproxy -sleep 1 -systemctl start forseti - - -""".format( - - # install forseti - DOWNLOAD_FORSETI, - EXPLAIN_DATABASE_NAME.split(':')[-1], - FORSETI_DATABASE_NAME.split(':')[-1], - - # cloud_sql_proxy - SQL_INSTANCE, -) - }] - } - } - }) - - return {'resources': resources} diff --git a/deployment-templates/deploy-explain.yaml.sample b/deployment-templates/deploy-explain.yaml.sample deleted file mode 100644 index c5e5e52950..0000000000 --- a/deployment-templates/deploy-explain.yaml.sample +++ /dev/null @@ -1,41 +0,0 @@ -# Copyright 2017 The Forseti Security Authors. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# The toplevel deployment script for Forseti Security. -# Be sure to edit this file and its templates to suit your environment. - -imports: -- path: compute-engine/explain-instance.py - name: explain-instance.py - -resources: - -# Explain -- name: explain-instance - type: explain-instance.py - properties: - # Must be in the form instance-name:region:database-name - # Full name can be found in the cloud console - instance-type: n1-standard-2 - zone: us-central1-c - sql-instance: CLOUDSQL_DATABASE_INSTANCE - database-name-explain: EXPLAIN_DATABASE_NAME - database-name-forseti: FORSETI_DATABASE_NAME - service-account: YOUR_SERVICE_ACCOUNT - # Use the "branch-name" property to deploy a specify a branch of Forseti - # on GCP. - # Use either branch-name or release-version. - branch-name: "explain-pre-release" - #release-version: "1.0.2" - src-path: https://github.com/GoogleCloudPlatform/forseti-security diff --git a/google/cloud/security/iam/__init__.py b/google/cloud/security/iam/__init__.py deleted file mode 100644 index a376a3652c..0000000000 --- a/google/cloud/security/iam/__init__.py +++ /dev/null @@ -1,17 +0,0 @@ -# Copyright 2017 The Forseti Security Authors. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -"""gRPC services for IAM Explain.""" - -__import__('pkg_resources').declare_namespace(__name__) diff --git a/google/cloud/security/iam/cli.py b/google/cloud/security/iam/cli.py deleted file mode 100644 index 42e4826199..0000000000 --- a/google/cloud/security/iam/cli.py +++ /dev/null @@ -1,628 +0,0 @@ -# Copyright 2017 The Forseti Security Authors. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -""" IAM Explain CLI. """ - -# pylint: disable=too-many-locals - -from argparse import ArgumentParser -import json -import os -import sys -from google.protobuf.json_format import MessageToJson - -from google.cloud.security.iam import client as iam_client - - -def define_playground_parser(parent): - """Define the playground service parser. - - Args: - parent (argparser): Parent parser to hook into. - """ - service_parser = parent.add_parser("playground", help="playground service") - action_subparser = service_parser.add_subparsers( - title="action", - dest="action") - - add_role_parser = action_subparser.add_parser( - 'define_role', - help='Defines a new role') - add_role_parser.add_argument( - 'role', - help='Role name to define') - add_role_parser.add_argument( - 'permissions', - nargs='+', - help='Permissions contained in the role') - - del_role_parser = action_subparser.add_parser( - 'delete_role', - help='Delete a role') - del_role_parser.add_argument( - 'role', - help='Role name to delete') - - list_roles_parser = action_subparser.add_parser( - 'list_roles', - help='List roles by prefix') - list_roles_parser.add_argument( - '--prefix', - default='', - help='Role prefix to filter for') - - add_resource_parser = action_subparser.add_parser( - 'define_resource', - help='Defines a new resource') - add_resource_parser.add_argument( - 'resource_type_name', - help='Resource type/name to define') - add_resource_parser.add_argument( - 'parent_type_name', - default=None, - nargs='?', - help='Parent type/name') - add_resource_parser.add_argument( - '--no-parent', - default=False, - type=bool, - help='Set this flag if the resource is a root') - - del_resource_parser = action_subparser.add_parser( - 'delete_resource', - help='Delete a resource') - del_resource_parser.add_argument( - 'resource_type_name', - help='Resource type/name to delete') - - list_resource_parser = action_subparser.add_parser( - 'list_resources', - help='List resources by prefix') - list_resource_parser.add_argument( - '--prefix', - default='', - help='Resource prefix to filter for') - - add_member_parser = action_subparser.add_parser( - 'define_member', - help='Defines a new member') - add_member_parser.add_argument( - 'member', - help='Member type/name to define') - add_member_parser.add_argument( - 'parents', - nargs='*', - default=None, - help='Parent type/names') - - del_member_parser = action_subparser.add_parser( - 'delete_member', - help='Delete a member or relationship') - del_member_parser.add_argument( - 'parent', - help='Parent type/name in case of deleting a relationship') - del_member_parser.add_argument( - '--delete_relation_only', - type=bool, - default=False, - help='Delete only the relationship, not the member itself') - - list_members_parser = action_subparser.add_parser( - 'list_members', - help='List members by prefix') - list_members_parser.add_argument( - '--prefix', - default='', - help='Member prefix to filter for') - - check_policy = action_subparser.add_parser( - 'check_policy', - help='Check if a member has access to a resource') - check_policy.add_argument( - 'resource', - help='Resource to check on') - check_policy.add_argument( - 'permission', - help='Permissions to check on') - check_policy.add_argument( - 'member', - help='Member to check access for') - - set_policy = action_subparser.add_parser( - 'set_policy', - help='Set a new policy on a resource') - set_policy.add_argument( - 'resource', - help='Resource to set policy on') - set_policy.add_argument( - 'policy', - help='Policy in json format') - - get_policy = action_subparser.add_parser( - 'get_policy', - help='Get a resource\'s direct policy') - get_policy.add_argument( - 'resource', - help='Resource to get policy for') - - -def define_explainer_parser(parent): - """Define the explainer service parser. - - Args: - parent (argparser): Parent parser to hook into. - """ - service_parser = parent.add_parser('explainer', help='explain service') - action_subparser = service_parser.add_subparsers( - title='action', - dest='action') - - _ = action_subparser.add_parser( - 'list_models', - help='List all available models') - - delete_model_parser = action_subparser.add_parser( - 'delete_model', - help='Deletes an entire model') - delete_model_parser.add_argument( - 'model', - help='Model to delete') - - create_model_parser = action_subparser.add_parser( - 'create_model', - help='Create a model') - create_model_parser.add_argument( - 'source', - choices=['forseti', 'empty'], - help='Source to import from') - create_model_parser.add_argument( - 'name', - help='Human readable name for this model') - - _ = action_subparser.add_parser( - 'denormalize', - help='Denormalize a model') - - explain_granted_parser = action_subparser.add_parser( - 'why_granted', - help="""Explain why a role or permission - is granted for a member on a resource""") - explain_granted_parser.add_argument( - 'member', - help='Member to query') - explain_granted_parser.add_argument( - 'resource', - help='Resource to query') - explain_granted_parser.add_argument( - '--role', - default=None, - help='Query for a role') - explain_granted_parser.add_argument( - '--permission', - default=None, - help='Query for a permission') - - explain_denied_parser = action_subparser.add_parser( - 'why_denied', - help="""Explain why a set of roles or permissions - is denied for a member on a resource""") - explain_denied_parser.add_argument( - 'member', - help='Member to query') - explain_denied_parser.add_argument( - 'resources', - nargs='+', - help='Resource to query') - explain_denied_parser.add_argument( - '--roles', - nargs='*', - default=[], - help='Query for roles') - explain_denied_parser.add_argument( - '--permissions', - nargs='*', - default=[], - help='Query for permissions') - - perms_by_roles_parser = action_subparser.add_parser( - 'list_permissions', - help='List permissions by role(s)') - perms_by_roles_parser.add_argument( - '--roles', - nargs='*', - default=[], - help='Role names') - perms_by_roles_parser.add_argument( - '--role_prefixes', - nargs='*', - default=[], - help='Role prefixes') - - query_access_by_member = action_subparser.add_parser( - 'access_by_member', - help='List access by member and permissions') - query_access_by_member.add_argument( - 'member', - help='Member to query') - query_access_by_member.add_argument( - 'permissions', - default=[], - nargs='*', - help='Permissions to query for') - query_access_by_member.add_argument( - '--expand_resources', - type=bool, - default=False, - help='Expand the resource hierarchy') - - query_access_by_authz = action_subparser.add_parser( - 'access_by_authz', - help='List access by role or permission') - query_access_by_authz.add_argument( - '--permission', - default=None, - nargs='?', - help='Permission to query') - query_access_by_authz.add_argument( - '--role', - default=None, - nargs='?', - help='Role to query') - query_access_by_authz.add_argument( - '--expand_groups', - type=bool, - default=False, - help='Expand groups to their members') - query_access_by_authz.add_argument( - '--expand_resources', - type=bool, - default=False, - help='Expand resources to their children') - - query_access_by_resource = action_subparser.add_parser( - 'access_by_resource', - help='List access by member and permissions') - query_access_by_resource.add_argument( - 'resource', - help='Resource to query') - query_access_by_resource.add_argument( - 'permissions', - default=[], - nargs='*', - help='Permissions to query for') - query_access_by_resource.add_argument( - '--expand_groups', - type=bool, - default=False, - help='Expand groups to their members') - - -def read_env(var_key, default): - """Read an environment variable with a default value. - - Args: - var_key (str): Environment key get. - default (str): Default value if variable is not set. - - Returns: - string: return environment value or default - """ - return os.environ[var_key] if var_key in os.environ else default - - -def define_parent_parser(parser_cls): - """Define the parent parser. - Args: - parser_cls (type): Class to instantiate parser from. - - Returns: - argparser: The parent parser which has been defined. - """ - - parent_parser = parser_cls() - parent_parser.add_argument( - '--endpoint', - default='localhost:50051', - help='Server endpoint') - parent_parser.add_argument( - '--use_model', - default=read_env('IAM_MODEL', ''), - help='Model to operate on') - parent_parser.add_argument( - '--out-format', - default='text', - choices=['text', 'json']) - return parent_parser - - -def create_parser(parser_cls): - """Create argument parser hierarchy. - Args: - parser_cls (cls): Class to instantiate parser from. - - Returns: - argparser: The argument parser hierarchy which is created. - """ - main_parser = define_parent_parser(parser_cls) - service_subparsers = main_parser.add_subparsers( - title="service", - dest="service") - define_explainer_parser(service_subparsers) - define_playground_parser(service_subparsers) - return main_parser - - -class Output(object): - """Output base interface.""" - - def write(self, obj): - """Writes an object to the output channel. - Args: - obj (object): Object to write - Raises: - NotImplementedError: Always - """ - raise NotImplementedError() - - -class TextOutput(Output): - """Text output for result objects.""" - - def write(self, obj): - """Writes text representation. - Args: - obj (object): Object to write as string - """ - print obj - - -class JsonOutput(Output): - """Raw output for result objects.""" - - def write(self, obj): - """Writes json representation. - Args: - obj (object): Object to write as json - """ - print MessageToJson(obj) - - -def run_explainer(client, config, output): - """Run explain commands. - Args: - client (iam_client.ClientComposition): client to use for requests. - config (object): argparser namespace to use. - output (Output): output writer to use. - """ - - client = client.explain - - def do_list_models(): - """List models.""" - result = client.list_models() - output.write(result) - - def do_delete_model(): - """Delete a model.""" - result = client.delete_model(config.model) - output.write(result) - - def do_create_model(): - """Create a model.""" - result = client.new_model(config.source, config.name) - output.write(result) - - def do_denormalize(): - """Denormalize a model.""" - for access in client.denormalize(): - output.write(access) - - def do_why_granted(): - """Explain why a permission or role is granted.""" - result = client.explain_granted(config.member, - config.resource, - config.role, - config.permission) - output.write(result) - - def do_why_not_granted(): - """Explain why a permission or a role is NOT granted.""" - result = client.explain_denied(config.member, - config.resources, - config.roles, - config.permissions) - output.write(result) - - def do_list_permissions(): - """List permissions by roles or role prefixes.""" - result = client.query_permissions_by_roles(config.roles, - config.role_prefixes) - output.write(result) - - def do_query_access_by_member(): - """Query access by member and permissions""" - result = client.query_access_by_members(config.member, - config.permissions, - config.expand_resources) - output.write(result) - - def do_query_access_by_resource(): - """Query access by resource and permissions""" - result = client.query_access_by_resources(config.resource, - config.permissions, - config.expand_groups) - output.write(result) - - def do_query_access_by_authz(): - """Query access by role or permission""" - for access in ( - client.query_access_by_permissions(config.role, - config.permission, - config.expand_groups, - config.expand_resources)): - - output.write(access) - - actions = { - 'list_models': do_list_models, - 'delete_model': do_delete_model, - 'create_model': do_create_model, - 'denormalize': do_denormalize, - 'why_granted': do_why_granted, - 'why_denied': do_why_not_granted, - 'list_permissions': do_list_permissions, - 'access_by_member': do_query_access_by_member, - 'access_by_resource': do_query_access_by_resource, - 'access_by_authz': do_query_access_by_authz} - - actions[config.action]() - - -def run_playground(client, config, output): - """Run playground commands. - Args: - client (iam_client.ClientComposition): client to use for requests. - config (object): argparser namespace to use. - output (Output): output writer to use. - """ - - client = client.playground - - def do_define_role(): - """Define a new role""" - result = client.add_role(config.role, - config.permissions) - output.write(result) - - def do_delete_role(): - """Delete a role""" - result = client.del_role(config.role) - output.write(result) - - def do_list_roles(): - """List roles by prefix""" - result = client.list_roles(config.prefix) - output.write(result) - - def do_define_resource(): - """Define a new resource""" - result = client.add_resource(config.resource_type_name, - config.parent_type_name, - config.no_parent) - output.write(result) - - def do_delete_resource(): - """Delete a resource""" - result = client.del_resource(config.resource_type_name) - output.write(result) - - def do_list_resources(): - """List resources by prefix""" - result = client.list_resources(config.prefix) - output.write(result) - - def do_define_member(): - """Define a new member""" - result = client.add_member(config.member, - config.parents) - output.write(result) - - def do_delete_member(): - """Delete a resource""" - result = client.del_member(config.member, - config.parent, - config.delete_relation_only) - output.write(result) - - def do_list_members(): - """List resources by prefix""" - result = client.list_members(config.prefix) - output.write(result) - - def do_check_policy(): - """Check access""" - result = client.check_iam_policy(config.resource, - config.permission, - config.member) - output.write(result) - - def do_get_policy(): - """Get access""" - result = client.get_iam_policy(config.resource) - output.write(result) - - def do_set_policy(): - """Set access""" - result = client.set_iam_policy(config.resource, - json.loads(config.policy)) - output.write(result) - - actions = { - 'define_role': do_define_role, - 'delete_role': do_delete_role, - 'list_roles': do_list_roles, - 'define_resource': do_define_resource, - 'delete_resource': do_delete_resource, - 'list_resources': do_list_resources, - 'define_member': do_define_member, - 'delete_member': do_delete_member, - 'list_members': do_list_members, - 'check_policy': do_check_policy, - 'get_policy': do_get_policy, - 'set_policy': do_set_policy} - - actions[config.action]() - - -OUTPUTS = { - 'text': TextOutput, - 'json': JsonOutput, - } - -SERVICES = { - 'explainer': run_explainer, - 'playground': run_playground, - } - - -def main(args, - client=None, - outputs=None, - parser_cls=ArgumentParser, - services=None): - """Main function. - Args: - args (list): Command line arguments without argv[0]. - client (obj): API client to use. - outputs (list): Supported output formats. - parser_cls (type): Argument parser type to instantiate. - services (list): Supported IAM Explain services. - """ - - parser = create_parser(parser_cls) - config = parser.parse_args(args) - if not client: - client = iam_client.ClientComposition(config.endpoint) - client.switch_model(config.use_model) - - if not outputs: - outputs = OUTPUTS - if not services: - services = SERVICES - output = outputs[config.out_format]() - services[config.service](client, config, output) - - -if __name__ == '__main__': - main(sys.argv[1:]) diff --git a/google/cloud/security/iam/client.py b/google/cloud/security/iam/client.py deleted file mode 100644 index bc98dedd98..0000000000 --- a/google/cloud/security/iam/client.py +++ /dev/null @@ -1,399 +0,0 @@ -# Copyright 2017 The Forseti Security Authors. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -""" IAM Explain gRPC client. """ - -import binascii -import os -import grpc - -from google.cloud.security.iam.explain import explain_pb2_grpc, explain_pb2 -from google.cloud.security.iam.playground import playground_pb2_grpc -from google.cloud.security.iam.playground import playground_pb2 -from google.cloud.security.iam.utils import oneof - - -# TODO: The next editor must remove this disable and correct issues. -# pylint: disable=missing-type-doc,missing-return-type-doc,missing-return-doc -# pylint: disable=missing-param-doc,missing-raises-doc - - -def require_model(f): - """Decorator to perform check that the model handle exists in the service. - """ - - def wrapper(*args, **kwargs): - """Function wrapper to perform model handle existence check.""" - if args[0].config.handle(): - return f(*args, **kwargs) - raise Exception("API requires model to be set") - return wrapper - - -class ClientConfig(dict): - """Provide access to client configuration data.""" - - def handle(self): - """Return currently active handle.""" - return self['handle'] - - -class IAMClient(object): - """Client base class.""" - - def __init__(self, config): - self.config = config - - def metadata(self): - """Create default metadata for gRPC call.""" - return [('handle', self.config.handle())] - - -class ExplainClient(IAMClient): - """Explain service allows the client to reason about a model. - - Explain provides the following functionality: - - List access by resource/member - - Provide information on why a member has access - - Provide recommendations on how to provide access - """ - - def __init__(self, config): - super(ExplainClient, self).__init__(config) - self.stub = explain_pb2_grpc.ExplainStub(config['channel']) - - def is_available(self): - """Checks if the 'Explain' service is available by performing a ping.""" - - data = binascii.hexlify(os.urandom(16)) - return self.stub.Ping(explain_pb2.PingRequest(data=data)).data == data - - def new_model(self, source, name): - """Creates a new model, reply contains the handle.""" - - return self.stub.CreateModel( - explain_pb2.CreateModelRequest( - type=source, - name=name)) - - def list_models(self): - """List existing models in the service.""" - - return self.stub.ListModel(explain_pb2.ListModelRequest()) - - def delete_model(self, model_name): - """Delete a model, deletes all corresponding data.""" - - return self.stub.DeleteModel( - explain_pb2.DeleteModelRequest( - handle=model_name), - metadata=self.metadata()) - - def explain_denied(self, member_name, resource_names, roles=None, - permission_names=None): - """List possibilities to grant access which is currently denied.""" - - roles = [] if roles is None else roles - permission_names = [] if permission_names is None else permission_names - if not oneof(roles != [], permission_names != []): - raise Exception('Either roles or permission names must be set') - request = explain_pb2.ExplainDeniedRequest( - member=member_name, - resources=resource_names, - roles=roles, - permissions=permission_names) - return self.stub.ExplainDenied(request, metadata=self.metadata()) - - def explain_granted(self, member_name, resource_name, role=None, - permission=None): - """Provide data on all possibilities on - how a member has access to a resources.""" - - if not oneof(role is not None, permission is not None): - raise Exception('Either role or permission name must be set') - request = explain_pb2.ExplainGrantedRequest() - if role is not None: - request.role = role - else: - request.permission = permission - request.resource = resource_name - request.member = member_name - return self.stub.ExplainGranted(request, metadata=self.metadata()) - - @require_model - def query_access_by_resources(self, resource_name, permission_names, - expand_groups=False): - """List members who have access to a given resource.""" - - request = explain_pb2.GetAccessByResourcesRequest( - resource_name=resource_name, - permission_names=permission_names, - expand_groups=expand_groups) - return self.stub.GetAccessByResources( - request, metadata=self.metadata()) - - @require_model - def query_access_by_members(self, member_name, permission_names, - expand_resources=False): - """List resources to which a set of members has access to.""" - - request = explain_pb2.GetAccessByMembersRequest( - member_name=member_name, - permission_names=permission_names, - expand_resources=expand_resources) - return self.stub.GetAccessByMembers(request, metadata=self.metadata()) - - @require_model - def query_access_by_permissions(self, - role_name, - permission_name, - expand_groups=False, - expand_resources=False): - """List (resource, member) tuples satisfying the authorization - - Args: - role_name (str): Role name to query for. - permission_name (str): Permission name to query for. - expand_groups (bool): Whether or not to expand groups. - epxand_resources (bool) Whether or not to expand resources. - - Returns: - object: Generator yielding access tuples. - """ - - request = explain_pb2.GetAccessByPermissionsRequest( - role_name=role_name, - permission_name=permission_name, - expand_groups=expand_groups, - expand_resources=expand_resources) - return self.stub.GetAccessByPermissions( - request, - metadata=self.metadata()) - - @require_model - def query_permissions_by_roles(self, role_names=None, role_prefixes=None): - """List all the permissions per given roles.""" - - role_names = [] if role_names is None else role_names - role_prefixes = [] if role_prefixes is None else role_prefixes - request = explain_pb2.GetPermissionsByRolesRequest( - role_names=role_names, role_prefixes=role_prefixes) - return self.stub.GetPermissionsByRoles( - request, metadata=self.metadata()) - - @require_model - def denormalize(self): - """Denormalize the entire model into access triples.""" - - return self.stub.Denormalize( - explain_pb2.DenormalizeRequest(), - metadata=self.metadata()) - - -class PlaygroundClient(IAMClient): - """Provides an interface to add entities into the IAM model. - - It allows the modification of: - - Roles & Permissions - - Membership relations - - Resource hierarchy - - Get/Set policies - - Perform access checks - This allows a client to perform simulations based on imported - or empty models. - """ - - def __init__(self, config): - super(PlaygroundClient, self).__init__(config) - self.stub = playground_pb2_grpc.PlaygroundStub(config['channel']) - - def is_available(self): - """Check if the Playground service is available.""" - - data = binascii.hexlify(os.urandom(16)) - return self.stub.Ping( - playground_pb2.PingRequest( - data=data)).data == data - - @require_model - def add_role(self, role_name, permissions): - """Add a role associated with a list of permissions to the model.""" - - return self.stub.AddRole( - playground_pb2.AddRoleRequest( - role_name=role_name, - permissions=permissions), - metadata=self.metadata()) - - @require_model - def del_role(self, role_name): - """Delete a role from the model.""" - - return self.stub.DelRole( - playground_pb2.DelRoleRequest( - role_name=role_name), - metadata=self.metadata()) - - @require_model - def list_roles(self, role_name_prefix): - """List roles by prefix, can be empty.""" - - return self.stub.ListRoles( - playground_pb2.ListRolesRequest( - prefix=role_name_prefix), - metadata=self.metadata()) - - @require_model - def add_resource(self, - resource_type_name, - parent_type_name, - no_parent=False): - """Add a resource to the hierarchy.""" - - return self.stub.AddResource( - playground_pb2.AddResourceRequest( - resource_type_name=resource_type_name, - parent_type_name=parent_type_name, - no_require_parent=no_parent), - metadata=self.metadata()) - - @require_model - def del_resource(self, resource_type_name): - """Delete a resource from the hierarchy and the subtree.""" - - return self.stub.DelResource( - playground_pb2.DelResourceRequest( - resource_type_name=resource_type_name), - metadata=self.metadata()) - - @require_model - def list_resources(self, resource_name_prefix): - """List resources by name prefix.""" - - return self.stub.ListResources( - playground_pb2.ListResourcesRequest( - prefix=resource_name_prefix), - metadata=self.metadata()) - - @require_model - def add_member(self, member_type_name, parent_type_names=None): - """Add a member to the member relationship.""" - - if parent_type_names is None: - parent_type_names = [] - return self.stub.AddGroupMember( - playground_pb2.AddGroupMemberRequest( - member_type_name=member_type_name, - parent_type_names=parent_type_names), - metadata=self.metadata()) - - @require_model - def del_member(self, member_name, parent_name=None, - only_delete_relationship=False): - """Delete a member from the member relationship.""" - - return self.stub.DelGroupMember( - playground_pb2.DelGroupMemberRequest( - member_name=member_name, - parent_name=parent_name, - only_delete_relationship=only_delete_relationship), - metadata=self.metadata()) - - @require_model - def list_members(self, member_name_prefix): - """List members by prefix.""" - - return self.stub.ListGroupMembers( - playground_pb2.ListGroupMembersRequest( - prefix=member_name_prefix), - metadata=self.metadata()) - - @require_model - def set_iam_policy(self, full_resource_name, policy): - """Set the IAM policy on the resource.""" - - bindingspb = [ - playground_pb2.Binding( - role=role, - members=members) for role, - members in policy['bindings'].iteritems()] - policypb = playground_pb2.Policy( - bindings=bindingspb, etag=policy['etag']) - return self.stub.SetIamPolicy( - playground_pb2.SetIamPolicyRequest( - resource=full_resource_name, - policy=policypb), - metadata=self.metadata()) - - @require_model - def get_iam_policy(self, full_resource_name): - """Get the IAM policy from the resource.""" - - return self.stub.GetIamPolicy( - playground_pb2.GetIamPolicyRequest( - resource=full_resource_name), - metadata=self.metadata()) - - @require_model - def check_iam_policy(self, full_resource_name, permission_name, - member_name): - """Check access via IAM policy.""" - - return self.stub.CheckIamPolicy( - playground_pb2.CheckIamPolicyRequest( - resource=full_resource_name, - permission=permission_name, - identity=member_name), - metadata=self.metadata()) - - -class ClientComposition(object): - """Client composition class. - - Most convenient to use since it comprises the common use cases among - the different services. - """ - - DEFAULT_ENDPOINT = 'localhost:50058' - - def __init__(self, endpoint=DEFAULT_ENDPOINT): - self.channel = grpc.insecure_channel(endpoint) - self.config = ClientConfig({'channel': self.channel, 'handle': ''}) - - self.explain = ExplainClient(self.config) - self.playground = PlaygroundClient(self.config) - - self.clients = [self.explain, self.playground] - if not all([c.is_available() for c in self.clients]): - raise Exception('gRPC connected but services not registered') - - def new_model(self, source, name): - """Create a new model from the specified source.""" - - return self.explain.new_model(source, name) - - def list_models(self): - """List existing models.""" - - return self.explain.list_models() - - def switch_model(self, model_name): - """Switch the client into using a model.""" - - self.config['handle'] = model_name - - def delete_model(self, model_name): - """Delete a model. Deletes all associated data.""" - - return self.explain.delete_model(model_name) diff --git a/google/cloud/security/iam/dao.py b/google/cloud/security/iam/dao.py deleted file mode 100755 index a58d8d03e2..0000000000 --- a/google/cloud/security/iam/dao.py +++ /dev/null @@ -1,1612 +0,0 @@ -# Copyright 2017 The Forseti Security Authors. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -""" Database abstraction objects for IAM Explain. """ - -# pylint: disable=too-many-lines,singleton-comparison - -import datetime -import os -import binascii -import collections -import struct -import hmac -from threading import Lock - - -from sqlalchemy import Column -from sqlalchemy import Integer -from sqlalchemy import String -from sqlalchemy import Sequence -from sqlalchemy import ForeignKey -from sqlalchemy import Text -from sqlalchemy import create_engine -from sqlalchemy import Table -from sqlalchemy import DateTime -from sqlalchemy import or_ -from sqlalchemy import and_ -from sqlalchemy import not_ -from sqlalchemy.orm import relationship -from sqlalchemy.orm import aliased -from sqlalchemy.orm import sessionmaker -from sqlalchemy.sql import select -from sqlalchemy.sql import union -from sqlalchemy.ext.declarative import declarative_base - -from google.cloud.security.iam.utils import mutual_exclusive - -# TODO: The next editor must remove this disable and correct issues. -# pylint: disable=missing-type-doc,missing-return-type-doc,missing-return-doc -# pylint: disable=missing-param-doc,missing-raises-doc,missing-yield-doc -# pylint: disable=missing-yield-type-doc,too-many-branches - -POOL_RECYCLE_SECONDS = 300 -PER_YIELD = 1024 - - -def generate_model_handle(): - """Generate random model handle.""" - - return binascii.hexlify(os.urandom(16)) - - -def generate_model_seed(): - """Generate random model seed.""" - - return binascii.hexlify(os.urandom(16)) - - -MODEL_BASE = declarative_base() - - -class Model(MODEL_BASE): - """IAM Explain model object in database.""" - - __tablename__ = 'model' - name = Column(String(32), primary_key=True) - handle = Column(String(32)) - state = Column(String(32)) - watchdog_timer = Column(DateTime) - created_at = Column(DateTime) - etag_seed = Column(String(32), nullable=False) - message = Column(Text()) - warnings = Column(Text()) - - def kick_watchdog(self, session): - """Used during import to notify the import is still progressing.""" - - self.watchdog_timer = datetime.datetime.utcnow() - session.add(self) - session.commit() - - def add_warning(self, session, warning): - """Add a warning to the model. - - Args: - warning (str): Warning message - """ - - warning_message = '{}\n'.format(warning) - if not self.warnings: - self.warnings = warning_message - else: - self.warnings += warning_message - session.add(self) - session.commit() - - def set_inprogress(self, session): - """Set state to 'in progress'.""" - - session.add(self) - self.state = "INPROGRESS" - session.commit() - - def set_done(self, session, message=''): - """Indicate a finished import. - Args: - session (object): Database session - message (str): Success message or '' - """ - - session.add(self) - if self.warnings: - self.state = "PARTIAL_SUCCESS" - else: - self.state = "SUCCESS" - self.message = message - session.commit() - - def set_error(self, session, message): - """Indicate a broken import.""" - - self.state = "BROKEN" - self.message = message - session.add(self) - session.commit() - - def __repr__(self): - """String representation.""" - - return "".format( - self.name, self.handle, self.state) - - -# pylint: disable=too-many-locals,no-member -def define_model(model_name, dbengine, model_seed): - """Defines table classes which point to the corresponding model. - - This means, for each model being accessed this function needs to - be called in order to generate a full set of table definitions. - - Models are name spaced via a random model seed such that multiple - models can exist within the same database. In order to implement - the name spacing in an abstract way. - """ - - base = declarative_base() - - denormed_group_in_group = '{}_group_in_group'.format(model_name) - bindings_tablename = '{}_bindings'.format(model_name) - roles_tablename = '{}_roles'.format(model_name) - permissions_tablename = '{}_permissions'.format(model_name) - members_tablename = '{}_members'.format(model_name) - resources_tablename = '{}_resources'.format(model_name) - - role_permissions = Table('{}_role_permissions'.format(model_name), - base.metadata, - Column( - 'roles_name', ForeignKey( - '{}.name'.format(roles_tablename)), - primary_key=True), - Column( - 'permissions_name', ForeignKey( - '{}.name'.format(permissions_tablename)), - primary_key=True), ) - - binding_members = Table('{}_binding_members'.format(model_name), - base.metadata, - Column( - 'bindings_id', ForeignKey( - '{}.id'.format(bindings_tablename)), - primary_key=True), - Column( - 'members_name', ForeignKey( - '{}.name'.format(members_tablename)), - primary_key=True), ) - - group_members = Table('{}_group_members'.format(model_name), - base.metadata, - Column('group_name', ForeignKey( - '{}.name'.format(members_tablename)), - primary_key=True), - Column('members_name', ForeignKey( - '{}.name'.format(members_tablename)), - primary_key=True), ) - - class Resource(base): - """Row entry for a GCP resource.""" - __tablename__ = resources_tablename - - full_name = Column(String(1024)) - type_name = Column(String(256), primary_key=True) - name = Column(String(128)) - type = Column(String(64)) - policy_update_counter = Column(Integer, default=0) - display_name = Column(String(256)) - - parent_type_name = Column( - String(128), - ForeignKey('{}.type_name'.format(resources_tablename))) - parent = relationship("Resource", remote_side=[type_name]) - bindings = relationship('Binding', back_populates="resource") - - def increment_update_counter(self): - """Increments counter for this object's db updates.""" - self.policy_update_counter += 1 - - def get_etag(self): - """Return the etag for this resource.""" - serialized_ctr = struct.pack('>I', self.policy_update_counter) - msg = binascii.hexlify(serialized_ctr) - msg += self.full_name - return hmac.new(model_seed.encode('utf-8'), msg).hexdigest() - - def __repr__(self): - """String representation.""" - return "".format( - self.full_name, self.name, self.type) - - Resource.children = relationship( - "Resource", order_by=Resource.full_name, back_populates="parent") - - class Member(base): - """Row entry for a policy member.""" - - __tablename__ = members_tablename - name = Column(String(256), primary_key=True) - type = Column(String(64)) - member_name = Column(String(128)) - - parents = relationship( - 'Member', - secondary=group_members, - primaryjoin=name == group_members.c.members_name, - secondaryjoin=name == group_members.c.group_name) - - children = relationship( - 'Member', - secondary=group_members, - primaryjoin=name == group_members.c.group_name, - secondaryjoin=name == group_members.c.members_name) - - bindings = relationship('Binding', - secondary=binding_members, - back_populates='members') - - def __repr__(self): - """String representation.""" - return "".format( - self.name, self.type) - - class GroupInGroup(base): - """Row for a group-in-group membership.""" - - __tablename__ = denormed_group_in_group - parent = Column(String(256), primary_key=True) - member = Column(String(256), primary_key=True) - - def __repr__(self): - """String representation.""" - return "".format( - self.parent, - self.member) - - class Binding(base): - """Row for a binding between resource, roles and members.""" - - __tablename__ = bindings_tablename - id = Column(Integer, Sequence('{}_id_seq'.format(bindings_tablename)), - primary_key=True) - - resource_type_name = Column(String(128), ForeignKey( - '{}.type_name'.format(resources_tablename))) - role_name = Column(String(128), ForeignKey( - '{}.name'.format(roles_tablename))) - - resource = relationship('Resource', remote_side=[resource_type_name]) - role = relationship('Role', remote_side=[role_name]) - - members = relationship('Member', - secondary=binding_members, - back_populates='bindings') - - def __repr__(self): - fmt_s = "" - return fmt_s.format( - self.id, - self.role_name, - self.resource_type_name, - self.members) - - class Role(base): - """Row entry for an IAM role.""" - - __tablename__ = roles_tablename - name = Column(String(128), primary_key=True) - permissions = relationship('Permission', - secondary=role_permissions, - back_populates='roles') - - def __repr__(self): - return "" % (self.name) - - class Permission(base): - """Row entry for an IAM permission.""" - - __tablename__ = permissions_tablename - name = Column(String(128), primary_key=True) - roles = relationship('Role', - secondary=role_permissions, - back_populates='permissions') - - def __repr__(self): - return "" % (self.name) - - # pylint: disable=too-many-public-methods - class ModelAccess(object): - """Data model facade, implement main API against database.""" - - TBL_GROUP_IN_GROUP = GroupInGroup - TBL_BINDING = Binding - TBL_MEMBER = Member - TBL_PERMISSION = Permission - TBL_ROLE = Role - TBL_RESOURCE = Resource - TBL_MEMBERSHIP = group_members - - @classmethod - def delete_all(cls, engine): - """Delete all data from the model.""" - role_permissions.drop(engine) - binding_members.drop(engine) - group_members.drop(engine) - - Binding.__table__.drop(engine) - Permission.__table__.drop(engine) - - Role.__table__.drop(engine) - Member.__table__.drop(engine) - Resource.__table__.drop(engine) - - @classmethod - def denorm_group_in_group(cls, session): - """Denormalize group-in-group relation. - - Args: - session (object): Database session to use. - Returns: - int: Number of iterations. - """ - - tbl1 = aliased(GroupInGroup.__table__, name='alias1') - tbl2 = aliased(GroupInGroup.__table__, name='alias2') - tbl3 = aliased(GroupInGroup.__table__, name='alias3') - - def get_dialect(session): - """Return the active SqlAlchemy dialect.""" - return session.bind.dialect.name - - if get_dialect(session) != 'sqlite': - # Lock tables for denormalization - # including aliases 1-3 - locked_tables = [ - '`{}`'.format(GroupInGroup.__tablename__), - '`{}` as {}'.format( - GroupInGroup.__tablename__, - tbl1.name), - '`{}` as {}'.format( - GroupInGroup.__tablename__, - tbl2.name), - '`{}` as {}'.format( - GroupInGroup.__tablename__, - tbl3.name), - group_members.name] - lock_stmts = ['{} WRITE'.format(tbl) for tbl in locked_tables] - query = 'LOCK TABLES {}'.format(', '.join(lock_stmts)) - session.execute(query) - try: - # Remove all existing rows in the denormalization - session.execute(GroupInGroup.__table__.delete()) - - # Select member relation into GroupInGroup - qry = ( - GroupInGroup.__table__.insert() - .from_select( - ['parent', 'member'], - group_members.select() - .where( - group_members.c.group_name.startswith('group/') - ) - .where( - group_members.c.members_name.startswith('group/') - ) - ) - ) - - session.execute(qry) - - iterations = 0 - rows_affected = True - while rows_affected: - - # Join membership on its own to find transitive - expansion = tbl1.join(tbl2, tbl1.c.member == tbl2.c.parent) - - # Left outjoin to find the entries that - # are already in the table to prevent - # inserting already existing entries - expansion = expansion.outerjoin( - tbl3, - and_(tbl1.c.parent == tbl3.c.parent, - tbl2.c.member == tbl3.c.member)) - - # Select only such elements that are not - # already in the table, indicated as NULL - # values through the outer-left-join - stmt = ( - select([tbl1.c.parent, tbl2.c.member]) - .select_from(expansion) - .where(tbl3.c.parent == None) - .distinct()) - - # Execute the query and insert into the table - qry = ( - GroupInGroup.__table__.insert() - .from_select( - ['parent', 'member'], - stmt)) - - rows_affected = bool(session.execute(qry).rowcount) - iterations += 1 - except Exception: - session.rollback() - raise - finally: - if get_dialect(session) != 'sqlite': - session.execute('UNLOCK TABLES') - session.commit() - return iterations - - @classmethod - def explain_granted(cls, session, member_name, resource_type_name, - role, permission): - """Provide info about how the member has access to the resource.""" - members, member_graph = cls.reverse_expand_members( - session, [member_name], request_graph=True) - member_names = [m.name for m in members] - resource_type_names = [r.type_name for r in - cls.find_resource_path(session, - resource_type_name)] - - if role: - roles = set([role]) - qry = session.query(Binding, Member).join( - binding_members).join(Member) - else: - roles = [r.name for r in - cls.get_roles_by_permission_names( - session, - [permission])] - qry = session.query(Binding, Member) - qry = qry.join(binding_members).join(Member) - qry = qry.join(Role).join(role_permissions).join(Permission) - - qry = qry.filter(Binding.role_name.in_(roles)) - qry = qry.filter(Member.name.in_(member_names)) - qry = qry.filter( - Binding.resource_type_name.in_(resource_type_names)) - result = qry.all() - if not result: - raise Exception( - 'Grant not found: ({},{},{})'.format( - member_name, - resource_type_name, - role if role is not None else permission)) - else: - bindings = [(b.resource_type_name, b.role_name, m.name) - for b, m in result] - return bindings, member_graph, resource_type_names - - @classmethod - def explain_denied(cls, session, member_name, resource_type_names, - permission_names, role_names): - """Provide information how to grant access to a member.""" - - if not role_names: - role_names = [r.name for r in - cls.get_roles_by_permission_names( - session, - permission_names)] - if not role_names: - raise Exception( - 'No roles covering requested permission set') - - resource_hierarchy = ( - cls.resource_ancestors(session, - resource_type_names)) - - def find_binding_candidates(resource_hierarchy): - """Find the root node in the ancestors. - - From there, walk down the resource tree and add - every node until a node has more than one child. - This is the set of nodes which grants access to - at least all of the resources requested. - There is always a chain with a single node root. - """ - - root = None - for parent in resource_hierarchy.iterkeys(): - is_root = True - for children in resource_hierarchy.itervalues(): - if parent in children: - is_root = False - break - if is_root: - root = parent - chain = [root] - cur = root - while len(resource_hierarchy[cur]) == 1: - cur = iter(resource_hierarchy[cur]).next() - chain.append(cur) - return chain - - bind_res_candidates = find_binding_candidates( - resource_hierarchy) - - bindings = ( - session.query(Binding, Member) - .join(binding_members).join(Member).join(Role) - .filter(Binding.resource_type_name.in_(bind_res_candidates)) - .filter(Role.name.in_(role_names)) - .filter(or_(Member.type == 'group', - Member.name == member_name)) - .filter(and_(binding_members.c.bindings_id == Binding.id, - binding_members.c.members_name == Member.name)) - .filter(Role.name == Binding.role_name) - .all()) - - strategies = [] - for resource in bind_res_candidates: - for role_name in role_names: - overgranting = (len(bind_res_candidates) - - bind_res_candidates.index(resource) - - 1) - strategies.append( - (overgranting, [ - (role, member_name, resource) - for role in [role_name]])) - if bindings: - for binding, member in bindings: - overgranting = (len(bind_res_candidates) - 1 - - bind_res_candidates.index( - binding.resource_type_name)) - strategies.append( - (overgranting, [ - (binding.role_name, - member.name, - binding.resource_type_name)])) - - return strategies - - @classmethod - def query_access_by_member(cls, session, member_name, permission_names, - expand_resources=False, - reverse_expand_members=True): - """Return the set of resources the member has access to.""" - - if reverse_expand_members: - member_names = [m.name for m in - cls.reverse_expand_members( - session, - [member_name], False)] - else: - member_names = [member_name] - - roles = cls.get_roles_by_permission_names( - session, permission_names) - - qry = ( - session.query(Binding) - .join(binding_members) - .join(Member) - .filter(Binding.role_name.in_([r.name for r in roles])) - .filter(Member.name.in_(member_names))) - - bindings = qry.yield_per(1024) - if not expand_resources: - return [(binding.role_name, - [binding.resource_type_name]) for binding in bindings] - - r_type_names = [binding.resource_type_name for binding in bindings] - expansion = cls.expand_resources_by_type_names( - session, - r_type_names) - - res_exp = {k.type_name: - [v.type_name for v in values] - for k, values in expansion.iteritems()} - - return [(binding.role_name, - res_exp[binding.resource_type_name]) - for binding in bindings] - - @classmethod - def query_access_by_permission(cls, - session, - role_name=None, - permission_name=None, - expand_groups=False, - expand_resources=False): - """Return all the (Principal, Resource) combinations allowing - satisfying access via the specified permission. - - Args: - session (object): Database session. - permission_name (str): Permission name to query for. - expand_groups (bool): Whether or not to expand groups. - expand_resources (bool): Whether or not to expand resources. - - Yields: - A generator of access tuples. - - Raises: - ValueError: If neither role nor permission is set. - """ - - if role_name: - role_names = [role_name] - elif permission_name: - role_names = [p.name for p in - cls.get_roles_by_permission_names( - session, - [permission_name])] - else: - raise ValueError('Either role or permission must be set') - - if expand_resources: - expanded_resources = aliased(Resource) - qry = ( - session.query(expanded_resources, Binding, Member) - .filter(binding_members.c.bindings_id == Binding.id) - .filter(binding_members.c.members_name == Member.name) - .filter(expanded_resources.full_name.startswith( - Resource.full_name)) - .filter(Resource.type_name == Binding.resource_type_name) - .filter(Binding.role_name.in_(role_names))) - else: - qry = ( - session.query(Resource, Binding, Member) - .filter(binding_members.c.bindings_id == Binding.id) - .filter(binding_members.c.members_name == Member.name) - .filter(Resource.type_name == Binding.resource_type_name) - .filter(Binding.role_name.in_(role_names))) - - qry = qry.order_by(Resource.name.asc(), Binding.role_name.asc()) - - if expand_groups: - to_expand = set([m.name for _, _, m in - qry.yield_per(PER_YIELD)]) - expansion = cls.expand_members_map(session, - to_expand, - show_group_members=False, - member_contain_self=True) - - qry = qry.distinct() - - cur_resource = None - cur_role = None - cur_members = set() - for resource, binding, member in qry.yield_per(PER_YIELD): - if cur_resource != resource.type_name: - if cur_resource is not None: - yield cur_role, cur_resource, cur_members - cur_resource = resource.type_name - cur_role = binding.role_name - cur_members = set() - if expand_groups: - for member_name in expansion[member.name]: - cur_members.add(member_name) - else: - cur_members.add(member.name) - if cur_resource is not None: - yield cur_role, cur_resource, cur_members - - @classmethod - def query_access_by_resource(cls, session, resource_type_name, - permission_names, expand_groups=False): - """Return members who have access to the given resource.""" - - roles = cls.get_roles_by_permission_names( - session, permission_names) - resources = cls.find_resource_path(session, resource_type_name) - - res = (session.query(Binding, Member) - .filter( - Binding.role_name.in_([r.name for r in roles]), - Binding.resource_type_name.in_( - [r.type_name for r in resources])) - .join(binding_members).join(Member)) - - role_member_mapping = collections.defaultdict(set) - for binding, member in res: - role_member_mapping[binding.role_name].add(member.name) - - if expand_groups: - for role in role_member_mapping: - role_member_mapping[role] = ( - [m.name for m in cls.expand_members( - session, - role_member_mapping[role])]) - - return role_member_mapping - - @classmethod - def query_permissions_by_roles(cls, session, role_names, role_prefixes, - _=1024): - """Resolve permissions for the role.""" - - if not role_names and not role_prefixes: - raise Exception('No roles or role prefixes specified') - qry = session.query(Role, Permission).join( - role_permissions).join(Permission) - if role_names: - qry = qry.filter(Role.name.in_(role_names)) - if role_prefixes: - qry = qry.filter( - or_(*[Role.name.startswith(prefix) - for prefix in role_prefixes])) - return qry.all() - - @classmethod - def denormalize(cls, session): - """Denormalize the model into access triples.""" - - qry = (session.query(Binding) - .join(binding_members) - .join(Member)) - - members = set() - for binding in qry.yield_per(PER_YIELD): - for member in binding.members: - members.add(member.name) - - expanded_members = cls.expand_members_map(session, members) - role_permissions_map = collections.defaultdict(set) - - qry = (session.query(Role, Permission) - .join(role_permissions) - .filter( - Role.name == role_permissions.c.roles_name) - .filter( - Permission.name == role_permissions.c.permissions_name)) - - for role, permission in qry.yield_per(PER_YIELD): - role_permissions_map[role.name].add(permission.name) - - for binding, member in ( - session.query(Binding, Member) - .join(binding_members) - .filter(binding_members.c.bindings_id == Binding.id) - .filter(binding_members.c.members_name == Member.name) - .yield_per(PER_YIELD)): - - resource_type_name = binding.resource_type_name - resource_mapping = cls.expand_resources_by_type_names( - session, - [resource_type_name]) - - resource_mapping = {k.type_name: set([m.type_name for m in v]) - for k, v in resource_mapping.iteritems()} - - for expanded_member in expanded_members[member.name]: - for permission in role_permissions_map[binding.role_name]: - for res in resource_mapping[resource_type_name]: - triple = (permission, res, expanded_member) - yield triple - - @classmethod - def set_iam_policy(cls, session, resource_type_name, policy): - """Sets an IAM policy for the resource.""" - - old_policy = cls.get_iam_policy(session, resource_type_name) - if policy['etag'] != old_policy['etag']: - raise Exception( - 'Etags distinct, stored={}, provided={}'.format( - old_policy['etag'], policy['etag'])) - - old_policy = old_policy['bindings'] - policy = policy['bindings'] - - def filter_etag(policy): - """Filter etag key/value out of policy map.""" - - return {k: v for k, v in policy.iteritems() if k != 'etag'} - - def calculate_diff(policy, old_policy): - """Calculate the grant/revoke difference between policies.""" - - diff = collections.defaultdict(list) - for role, members in filter_etag(policy).iteritems(): - if role in old_policy: - for member in members: - if member not in old_policy[role]: - diff[role].append(member) - else: - diff[role] = members - return diff - - grants = calculate_diff(policy, old_policy) - revocations = calculate_diff(old_policy, policy) - - for role, members in revocations.iteritems(): - bindings = ( - session.query(Binding) - .filter(Binding.resource_type_name == resource_type_name) - .filter(Binding.role_name == role) - .join(binding_members).join(Member) - .filter(Member.name.in_(members)).all()) - - for binding in bindings: - session.delete(binding) - for role, members in grants.iteritems(): - inserted = False - existing_bindings = ( - session.query(Binding) - .filter(Binding.resource_type_name == resource_type_name) - .filter(Binding.role_name == role).all()) - - for binding in existing_bindings: - if binding.role_name == role: - inserted = True - for member in members: - binding.members.append( - session.query(Member).filter( - Member.name == member).one()) - if not inserted: - binding = Binding( - resource_type_name=resource_type_name, - role=session.query(Role).filter( - Role.name == role).one()) - binding.members = session.query(Member).filter( - Member.name.in_(members)).all() - session.add(binding) - resource = session.query(Resource).filter( - Resource.type_name == resource_type_name).one() - resource.increment_update_counter() - session.commit() - - @classmethod - def get_iam_policy(cls, session, resource_type_name): - """Return the IAM policy for a resource.""" - - resource = session.query(Resource).filter( - Resource.type_name == resource_type_name).one() - policy = { - 'etag': resource.get_etag(), - 'bindings': {}, - 'resource': resource.type_name} - for binding in (session.query(Binding) - .filter(Binding.resource_type_name == - resource_type_name) - .all()): - role = binding.role_name - members = [m.name for m in binding.members] - policy['bindings'][role] = members - return policy - - @classmethod - def check_iam_policy(cls, session, resource_type_name, permission_name, - member_name): - """Check access according to the resource IAM policy.""" - - member_names = [m.name for m in - cls.reverse_expand_members( - session, - [member_name])] - resource_type_names = [r.type_name for r in cls.find_resource_path( - session, - resource_type_name)] - - if not member_names: - raise Exception('Member not found: {}'. - format(member_name)) - if not resource_type_names: - raise Exception('Resource not found: {}'. - format(resource_type_name)) - - return ( - session.query(Permission) - .filter(Permission.name == permission_name) - .join(role_permissions).join(Role).join(Binding) - .filter(Binding.resource_type_name.in_(resource_type_names)) - .join(binding_members).join(Member) - .filter(Member.name.in_(member_names)).first() is not None) - - @classmethod - def list_roles_by_prefix(cls, session, role_prefix): - """Provides a list of roles matched via name prefix.""" - - return [r.name for r in session.query(Role) - .filter(Role.name.startswith(role_prefix)).all()] - - @classmethod - def add_role_by_name(cls, session, role_name, permission_names): - """Creates a new role.""" - - permission_names = set(permission_names) - existing_permissions = session.query(Permission).filter( - Permission.name.in_(permission_names)).all() - for existing_permission in existing_permissions: - try: - permission_names.remove(existing_permission.name) - except KeyError: - pass - - new_permissions = [Permission(name=n) for n in permission_names] - for perm in new_permissions: - session.add(perm) - cls.add_role(session, role_name, - existing_permissions + new_permissions) - session.commit() - - @classmethod - def del_role_by_name(cls, session, role_name): - """Deletes a role by name.""" - - session.query(Role).filter(Role.name == role_name).delete() - role_permission_delete = role_permissions.delete( - role_permissions.c.roles_name == role_name) - session.execute(role_permission_delete) - session.commit() - - @classmethod - def add_group_member(cls, - session, - member_type_name, - parent_type_names, - denorm=False): - """Add member, optionally with parent relationship.""" - - cls.add_member(session, - member_type_name, - parent_type_names, - denorm) - session.commit() - - @classmethod - def del_group_member(cls, session, member_type_name, parent_type_name, - only_delete_relationship, denorm=False): - """Delete member.""" - - if only_delete_relationship: - group_members_delete = group_members.delete( - and_(group_members.c.members_name == member_type_name, - group_members.c.group_name == parent_type_name)) - session.execute(group_members_delete) - else: - (session.query(Member) - .filter(Member.name == member_type_name) - .delete()) - group_members_delete = group_members.delete( - group_members.c.members_name == member_type_name) - session.execute(group_members_delete) - session.commit() - if denorm: - cls.denorm_group_in_group(session) - - @classmethod - def list_group_members(cls, session, member_name_prefix): - """Returns members filtered by prefix.""" - - return [m.name for m in session.query(Member).filter( - Member.member_name.startswith(member_name_prefix)).all()] - - @classmethod - def iter_resources_by_prefix(cls, - session, - full_resource_name_prefix=None, - type_name_prefix=None, - type_prefix=None, - name_prefix=None): - """Returns iterator to resources filtered by prefix.""" - - if not any([arg is not None for arg in [full_resource_name_prefix, - type_name_prefix, - type_prefix, - name_prefix]]): - raise Exception('At least one prefix must be set') - - qry = session.query(Resource) - if full_resource_name_prefix: - qry = qry.filter(Resource.full_name.startswith( - full_resource_name_prefix)) - if type_name_prefix: - qry = qry.filter(Resource.type_name.startswith( - type_name_prefix)) - if type_prefix: - qry = qry.filter(Resource.type.startswith( - type_prefix)) - if name_prefix: - qry = qry.filter(Resource.name.startswith( - name_prefix)) - - for resource in qry.yield_per(1024): - yield resource - - @classmethod - def list_resources_by_prefix(cls, - session, - full_resource_name_prefix=None, - type_name_prefix=None, - type_prefix=None, - name_prefix=None): - """Returns resources filtered by prefix.""" - - return list( - cls.iter_resources_by_prefix(session, - full_resource_name_prefix, - type_name_prefix, - type_prefix, - name_prefix)) - - @classmethod - def del_resource_by_name(cls, session, resource_type_name): - """Deletes a resource specified via full name.""" - - resource = ( - session.query(Resource) - .filter(Resource.type_name == resource_type_name).one()) - - # Find all children - res_qry = (session.query(Resource) - .filter(Resource.full_name.startswith( - resource.full_name))) - - res_type_names = [r.type_name for r in res_qry.yield_per(1024)] - binding_qry = ( - session.query(Binding) - .filter(Binding.resource_type_name.in_(res_type_names))) - binding_qry.delete(synchronize_session='fetch') - - res_qry.delete(synchronize_session='fetch') - session.commit() - - @classmethod - def add_resource_by_name(cls, - session, - resource_type_name, - parent_type_name, - no_require_parent): - """Adds resource specified via full name.""" - - if not no_require_parent: - parent = session.query(Resource).filter( - Resource.type_name == parent_type_name).one() - else: - parent = None - return cls.add_resource(session, resource_type_name, parent) - - @classmethod - def add_resource(cls, session, resource_type_name, parent=None): - """Adds resource by name.""" - - res_type, res_name = resource_type_name.split('/') - if parent: - full_resource_name = '{}/{}'.format( - parent.full_name, - resource_type_name) - else: - full_resource_name = resource_type_name - - resource = Resource(full_name=full_resource_name, - type_name=resource_type_name, - name=res_name, - type=res_type, - parent=parent) - session.add(resource) - return resource - - @classmethod - def add_role(cls, session, name, permissions=None): - """Add role by name.""" - - permissions = [] if permissions is None else permissions - role = Role(name=name, permissions=permissions) - session.add(role) - return role - - @classmethod - def add_permission(cls, session, name, roles=None): - """Add permission by name.""" - - roles = [] if roles is None else roles - permission = Permission(name=name, roles=roles) - session.add(permission) - return permission - - @classmethod - def add_binding(cls, session, resource, role, members): - """Add a binding to the model.""" - - binding = Binding(resource=resource, role=role, members=members) - session.add(binding) - return binding - - @classmethod - def add_member(cls, - session, - type_name, - parent_type_names=None, - denorm=False): - """Add a member to the model.""" - - if not parent_type_names: - parent_type_names = [] - res_type, name = type_name.split('/', 1) - parents = session.query(Member).filter( - Member.name.in_(parent_type_names)).all() - if len(parents) != len(parent_type_names): - msg = 'parents: {}, expected: {}'.format( - parents, parent_type_names) - raise Exception('Parent not found, {}'.format(msg)) - - member = Member(name=type_name, - member_name=name, - type=res_type, - parents=parents) - session.add(member) - session.commit() - if denorm and res_type == 'group' and parents: - cls.denorm_group_in_group(session) - return member - - @classmethod - def expand_resources_by_type_names(cls, session, res_type_names): - """Expand resources by type/name format. - - Returns: {res_type_name: Expansion(res_type_name), ... } - """ - - res_key = aliased(Resource, name='res_key') - res_values = aliased(Resource, name='res_values') - - expressions = [] - for res_type_name in res_type_names: - expressions.append(and_( - res_key.type_name == res_type_name)) - - res = ( - session.query(res_key, res_values) - .filter(res_key.type_name.in_(res_type_names)) - .filter(res_values.full_name.startswith( - res_key.full_name)).yield_per(1024)) - - mapping = collections.defaultdict(set) - for k, value in res: - mapping[k].add(value) - return mapping - - @classmethod - def expand_resources_by_names(cls, session, res_type_names): - """Expand resources by type/name format.""" - - qry = ( - session.query(Resource) - .filter(Resource.type_name.in_(res_type_names)) - ) - - full_resource_names = [r.full_name for r in qry.all()] - return cls.expand_resources(session, full_resource_names) - - @classmethod - def expand_resources(cls, session, full_resource_names): - """Expand resources towards the bottom.""" - - if (not isinstance(full_resource_names, list) and - not isinstance(full_resource_names, set)): - raise TypeError('full_resource_names must be list or set') - - resources = session.query(Resource).filter( - Resource.full_name.in_(full_resource_names)).all() - - new_resource_set = set(resources) - resource_set = set(resources) - - def add_to_sets(resources): - """Adds resources to the sets.""" - - for resource in resources: - if resource not in resource_set: - new_resource_set.add(resource) - resource_set.add(resource) - - while new_resource_set: - resources_to_walk = new_resource_set - new_resource_set = set() - for resource in resources_to_walk: - add_to_sets(resource.children) - - return [r.full_name for r in resource_set] - - @classmethod - def reverse_expand_members(cls, session, member_names, - request_graph=False): - """Expand members to their groups.""" - - members = session.query(Member).filter( - Member.name.in_(member_names)).all() - membership_graph = collections.defaultdict(set) - member_set = set() - new_member_set = set() - - def add_to_sets(members, child): - """Adds the members & children to the sets.""" - - for member in members: - if request_graph and child: - membership_graph[child.name].add(member.name) - if request_graph and not child: - if member.name not in membership_graph: - membership_graph[member.name] = set() - if member not in member_set: - new_member_set.add(member) - member_set.add(member) - - add_to_sets(members, None) - while new_member_set: - members_to_walk = new_member_set - new_member_set = set() - for member in members_to_walk: - add_to_sets(member.parents, member) - - if request_graph: - return member_set, membership_graph - return member_set - - @classmethod - def expand_members_map(cls, - session, - member_names, - show_group_members=True, - member_contain_self=True): - """Expand group membership keyed by member. - - Args: - member_names (set): Member names to expand - show_group_members (bool): Whether to include subgroups - member_contain_self (bool): Whether to include a parent - as its own member - Returns: - dict: 10.0: - self.model.kick_watchdog(self.session) - last_watchdog_kick = time() - - self.dao.denorm_group_in_group(self.session) - - except Exception: # pylint: disable=broad-except - buf = StringIO() - traceback.print_exc(file=buf) - buf.seek(0) - message = buf.read() - self.model.set_error(self.session, message) - else: - self.model.set_done(self.session, item_counter) - self.session.commit() - - -def by_source(source): - """Helper to resolve client provided import sources. - - Args: - source (str): Source to import from. - - Returns: - Importer: Chosen by source. - """ - - return { - 'TEST': TestImporter, - 'FORSETI': ForsetiImporter, - 'EMPTY': EmptyImporter, - }[source.upper()] diff --git a/google/cloud/security/iam/explain/importer/roles.py b/google/cloud/security/iam/explain/importer/roles.py deleted file mode 100644 index c3dc5bafa6..0000000000 --- a/google/cloud/security/iam/explain/importer/roles.py +++ /dev/null @@ -1,3906 +0,0 @@ -# Copyright 2017 The Forseti Security Authors. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -""" Curated role definitions. """ - -# pylint: disable=line-too-long,too-many-lines - -CURATED_ROLES_CSV = """Role,Permission,Role-Visible,Permission-Visible,Role-Service,Permission-Service -appengine.appAdmin,appengine.operations.delete,True,True,appengine.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -appengine.appAdmin,resourcemanager.projects.list,True,True,appengine.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -appengine.appAdmin,appengine.runtimes.actAsAdmin,True,True,appengine.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -appengine.appAdmin,resourcemanager.projects.get,True,True,appengine.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -appengine.appAdmin,appengine.operations.cancel,True,True,appengine.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -appengine.appAdmin,appengine.services.delete,True,True,appengine.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -appengine.appAdmin,appengine.versions.get,True,True,appengine.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -appengine.appAdmin,appengine.services.get,True,True,appengine.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -appengine.appAdmin,appengine.instances.update,True,True,appengine.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -appengine.appAdmin,appengine.operations.get,True,True,appengine.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -appengine.appAdmin,appengine.services.update,True,True,appengine.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -appengine.appAdmin,appengine.versions.create,True,True,appengine.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -appengine.appAdmin,appengine.instances.get,True,True,appengine.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -appengine.appAdmin,appengine.instances.list,True,True,appengine.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -appengine.appAdmin,appengine.versions.delete,True,True,appengine.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -appengine.appAdmin,appengine.versions.update,True,True,appengine.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -appengine.appAdmin,appengine.applications.update,True,True,appengine.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -appengine.appAdmin,appengine.applications.get,True,True,appengine.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -appengine.appAdmin,appengine.applications.disable,True,True,appengine.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -appengine.appAdmin,appengine.operations.list,True,True,appengine.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -appengine.appAdmin,appengine.services.list,True,True,appengine.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -appengine.appAdmin,appengine.versions.list,True,True,appengine.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -appengine.appAdmin,appengine.instances.delete,True,True,appengine.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -appengine.appViewer,resourcemanager.projects.list,True,True,appengine.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -appengine.appViewer,resourcemanager.projects.get,True,True,appengine.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -appengine.appViewer,appengine.versions.get,True,True,appengine.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -appengine.appViewer,appengine.services.get,True,True,appengine.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -appengine.appViewer,appengine.operations.get,True,True,appengine.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -appengine.appViewer,appengine.instances.get,True,True,appengine.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -appengine.appViewer,appengine.instances.list,True,True,appengine.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -appengine.appViewer,appengine.applications.get,True,True,appengine.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -appengine.appViewer,appengine.operations.list,True,True,appengine.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -appengine.appViewer,appengine.services.list,True,True,appengine.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -appengine.appViewer,appengine.versions.list,True,True,appengine.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -appengine.codeViewer,resourcemanager.projects.list,True,True,appengine.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -appengine.codeViewer,appengine.versions.getFileContents,True,True,appengine.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -appengine.codeViewer,resourcemanager.projects.get,True,True,appengine.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -appengine.codeViewer,appengine.versions.get,True,True,appengine.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -appengine.codeViewer,appengine.services.get,True,True,appengine.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -appengine.codeViewer,appengine.operations.get,True,True,appengine.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -appengine.codeViewer,appengine.instances.get,True,True,appengine.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -appengine.codeViewer,appengine.instances.list,True,True,appengine.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -appengine.codeViewer,appengine.applications.get,True,True,appengine.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -appengine.codeViewer,appengine.operations.list,True,True,appengine.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -appengine.codeViewer,appengine.services.list,True,True,appengine.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -appengine.codeViewer,appengine.versions.list,True,True,appengine.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -appengine.deployer,resourcemanager.projects.list,True,True,appengine.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -appengine.deployer,resourcemanager.projects.get,True,True,appengine.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -appengine.deployer,appengine.versions.get,True,True,appengine.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -appengine.deployer,appengine.services.get,True,True,appengine.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -appengine.deployer,appengine.operations.get,True,True,appengine.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -appengine.deployer,appengine.versions.create,True,True,appengine.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -appengine.deployer,appengine.instances.get,True,True,appengine.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -appengine.deployer,appengine.instances.list,True,True,appengine.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -appengine.deployer,appengine.versions.delete,True,True,appengine.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -appengine.deployer,appengine.services.create,True,True,appengine.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -appengine.deployer,appengine.applications.get,True,True,appengine.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -appengine.deployer,appengine.operations.list,True,True,appengine.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -appengine.deployer,appengine.services.list,True,True,appengine.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -appengine.deployer,appengine.versions.list,True,True,appengine.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -appengine.serviceAdmin,resourcemanager.projects.list,True,True,appengine.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -appengine.serviceAdmin,resourcemanager.projects.get,True,True,appengine.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -appengine.serviceAdmin,appengine.services.delete,True,True,appengine.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -appengine.serviceAdmin,appengine.versions.get,True,True,appengine.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -appengine.serviceAdmin,appengine.services.get,True,True,appengine.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -appengine.serviceAdmin,appengine.operations.get,True,True,appengine.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -appengine.serviceAdmin,appengine.services.update,True,True,appengine.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -appengine.serviceAdmin,appengine.instances.get,True,True,appengine.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -appengine.serviceAdmin,appengine.instances.list,True,True,appengine.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -appengine.serviceAdmin,appengine.versions.delete,True,True,appengine.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -appengine.serviceAdmin,appengine.versions.update,True,True,appengine.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -appengine.serviceAdmin,appengine.applications.get,True,True,appengine.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -appengine.serviceAdmin,appengine.operations.list,True,True,appengine.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -appengine.serviceAdmin,appengine.services.list,True,True,appengine.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -appengine.serviceAdmin,appengine.versions.list,True,True,appengine.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -appengine.serviceAdmin,appengine.instances.delete,True,True,appengine.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -bigquery.admin,bigquery.datasets.create,True,True,bigquery.googleapis.com (GA - PUBLIC),bigquery.googleapis.com (GA - PUBLIC) -bigquery.admin,bigquery.savedqueries.delete,True,True,bigquery.googleapis.com (GA - PUBLIC),bigquery.googleapis.com (GA - PUBLIC) -bigquery.admin,resourcemanager.projects.list,True,True,bigquery.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -bigquery.admin,bigquery.tables.list,True,True,bigquery.googleapis.com (GA - PUBLIC),bigquery.googleapis.com (GA - PUBLIC) -bigquery.admin,resourcemanager.projects.get,True,True,bigquery.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -bigquery.admin,bigquery.tables.delete,True,True,bigquery.googleapis.com (GA - PUBLIC),bigquery.googleapis.com (GA - PUBLIC) -bigquery.admin,bigquery.tables.get,True,True,bigquery.googleapis.com (GA - PUBLIC),bigquery.googleapis.com (GA - PUBLIC) -bigquery.admin,bigquery.tables.getData,True,True,bigquery.googleapis.com (GA - PUBLIC),bigquery.googleapis.com (GA - PUBLIC) -bigquery.admin,bigquery.tables.create,True,True,bigquery.googleapis.com (GA - PUBLIC),bigquery.googleapis.com (GA - PUBLIC) -bigquery.admin,bigquery.tables.update,True,True,bigquery.googleapis.com (GA - PUBLIC),bigquery.googleapis.com (GA - PUBLIC) -bigquery.admin,bigquery.savedqueries.update,True,True,bigquery.googleapis.com (GA - PUBLIC),bigquery.googleapis.com (GA - PUBLIC) -bigquery.admin,bigquery.transfers.update,True,True,bigquery.googleapis.com (GA - PUBLIC),bigquery.googleapis.com (GA - PUBLIC) -bigquery.admin,bigquery.jobs.get,True,True,bigquery.googleapis.com (GA - PUBLIC),bigquery.googleapis.com (GA - PUBLIC) -bigquery.admin,bigquery.datasets.update,True,True,bigquery.googleapis.com (GA - PUBLIC),bigquery.googleapis.com (GA - PUBLIC) -bigquery.admin,bigquery.datasets.delete,True,True,bigquery.googleapis.com (GA - PUBLIC),bigquery.googleapis.com (GA - PUBLIC) -bigquery.admin,bigquery.datasets.list,True,True,bigquery.googleapis.com (GA - PUBLIC),bigquery.googleapis.com (GA - PUBLIC) -bigquery.admin,bigquery.datasets.get,True,True,bigquery.googleapis.com (GA - PUBLIC),bigquery.googleapis.com (GA - PUBLIC) -bigquery.admin,bigquery.jobs.create,True,True,bigquery.googleapis.com (GA - PUBLIC),bigquery.googleapis.com (GA - PUBLIC) -bigquery.admin,bigquery.tables.export,True,True,bigquery.googleapis.com (GA - PUBLIC),bigquery.googleapis.com (GA - PUBLIC) -bigquery.admin,bigquery.config.get,True,True,bigquery.googleapis.com (GA - PUBLIC),bigquery.googleapis.com (GA - PUBLIC) -bigquery.admin,bigquery.tables.updateData,True,True,bigquery.googleapis.com (GA - PUBLIC),bigquery.googleapis.com (GA - PUBLIC) -bigquery.admin,bigquery.savedqueries.list,True,True,bigquery.googleapis.com (GA - PUBLIC),bigquery.googleapis.com (GA - PUBLIC) -bigquery.admin,bigquery.jobs.update,True,True,bigquery.googleapis.com (GA - PUBLIC),bigquery.googleapis.com (GA - PUBLIC) -bigquery.admin,bigquery.savedqueries.create,True,True,bigquery.googleapis.com (GA - PUBLIC),bigquery.googleapis.com (GA - PUBLIC) -bigquery.admin,bigquery.savedqueries.get,True,True,bigquery.googleapis.com (GA - PUBLIC),bigquery.googleapis.com (GA - PUBLIC) -bigquery.admin,bigquery.jobs.list,True,True,bigquery.googleapis.com (GA - PUBLIC),bigquery.googleapis.com (GA - PUBLIC) -bigquery.admin,bigquery.transfers.get,True,True,bigquery.googleapis.com (GA - PUBLIC),bigquery.googleapis.com (GA - PUBLIC) -bigquery.admin,bigquery.config.update,True,True,bigquery.googleapis.com (GA - PUBLIC),bigquery.googleapis.com (GA - PUBLIC) -bigquery.dataEditor,bigquery.datasets.create,True,True,bigquery.googleapis.com (GA - PUBLIC),bigquery.googleapis.com (GA - PUBLIC) -bigquery.dataEditor,resourcemanager.projects.list,True,True,bigquery.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -bigquery.dataEditor,bigquery.tables.list,True,True,bigquery.googleapis.com (GA - PUBLIC),bigquery.googleapis.com (GA - PUBLIC) -bigquery.dataEditor,resourcemanager.projects.get,True,True,bigquery.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -bigquery.dataEditor,bigquery.tables.delete,True,True,bigquery.googleapis.com (GA - PUBLIC),bigquery.googleapis.com (GA - PUBLIC) -bigquery.dataEditor,bigquery.tables.get,True,True,bigquery.googleapis.com (GA - PUBLIC),bigquery.googleapis.com (GA - PUBLIC) -bigquery.dataEditor,bigquery.tables.getData,True,True,bigquery.googleapis.com (GA - PUBLIC),bigquery.googleapis.com (GA - PUBLIC) -bigquery.dataEditor,bigquery.tables.create,True,True,bigquery.googleapis.com (GA - PUBLIC),bigquery.googleapis.com (GA - PUBLIC) -bigquery.dataEditor,bigquery.tables.update,True,True,bigquery.googleapis.com (GA - PUBLIC),bigquery.googleapis.com (GA - PUBLIC) -bigquery.dataEditor,bigquery.datasets.list,True,True,bigquery.googleapis.com (GA - PUBLIC),bigquery.googleapis.com (GA - PUBLIC) -bigquery.dataEditor,bigquery.datasets.get,True,True,bigquery.googleapis.com (GA - PUBLIC),bigquery.googleapis.com (GA - PUBLIC) -bigquery.dataEditor,bigquery.tables.export,True,True,bigquery.googleapis.com (GA - PUBLIC),bigquery.googleapis.com (GA - PUBLIC) -bigquery.dataEditor,bigquery.tables.updateData,True,True,bigquery.googleapis.com (GA - PUBLIC),bigquery.googleapis.com (GA - PUBLIC) -bigquery.dataOwner,bigquery.datasets.create,True,True,bigquery.googleapis.com (GA - PUBLIC),bigquery.googleapis.com (GA - PUBLIC) -bigquery.dataOwner,resourcemanager.projects.list,True,True,bigquery.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -bigquery.dataOwner,bigquery.tables.list,True,True,bigquery.googleapis.com (GA - PUBLIC),bigquery.googleapis.com (GA - PUBLIC) -bigquery.dataOwner,resourcemanager.projects.get,True,True,bigquery.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -bigquery.dataOwner,bigquery.tables.delete,True,True,bigquery.googleapis.com (GA - PUBLIC),bigquery.googleapis.com (GA - PUBLIC) -bigquery.dataOwner,bigquery.tables.get,True,True,bigquery.googleapis.com (GA - PUBLIC),bigquery.googleapis.com (GA - PUBLIC) -bigquery.dataOwner,bigquery.tables.getData,True,True,bigquery.googleapis.com (GA - PUBLIC),bigquery.googleapis.com (GA - PUBLIC) -bigquery.dataOwner,bigquery.tables.create,True,True,bigquery.googleapis.com (GA - PUBLIC),bigquery.googleapis.com (GA - PUBLIC) -bigquery.dataOwner,bigquery.tables.update,True,True,bigquery.googleapis.com (GA - PUBLIC),bigquery.googleapis.com (GA - PUBLIC) -bigquery.dataOwner,bigquery.datasets.update,True,True,bigquery.googleapis.com (GA - PUBLIC),bigquery.googleapis.com (GA - PUBLIC) -bigquery.dataOwner,bigquery.datasets.delete,True,True,bigquery.googleapis.com (GA - PUBLIC),bigquery.googleapis.com (GA - PUBLIC) -bigquery.dataOwner,bigquery.datasets.list,True,True,bigquery.googleapis.com (GA - PUBLIC),bigquery.googleapis.com (GA - PUBLIC) -bigquery.dataOwner,bigquery.datasets.get,True,True,bigquery.googleapis.com (GA - PUBLIC),bigquery.googleapis.com (GA - PUBLIC) -bigquery.dataOwner,bigquery.tables.export,True,True,bigquery.googleapis.com (GA - PUBLIC),bigquery.googleapis.com (GA - PUBLIC) -bigquery.dataOwner,bigquery.tables.updateData,True,True,bigquery.googleapis.com (GA - PUBLIC),bigquery.googleapis.com (GA - PUBLIC) -bigquery.dataViewer,resourcemanager.projects.list,True,True,bigquery.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -bigquery.dataViewer,bigquery.tables.list,True,True,bigquery.googleapis.com (GA - PUBLIC),bigquery.googleapis.com (GA - PUBLIC) -bigquery.dataViewer,resourcemanager.projects.get,True,True,bigquery.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -bigquery.dataViewer,bigquery.tables.get,True,True,bigquery.googleapis.com (GA - PUBLIC),bigquery.googleapis.com (GA - PUBLIC) -bigquery.dataViewer,bigquery.tables.getData,True,True,bigquery.googleapis.com (GA - PUBLIC),bigquery.googleapis.com (GA - PUBLIC) -bigquery.dataViewer,bigquery.datasets.list,True,True,bigquery.googleapis.com (GA - PUBLIC),bigquery.googleapis.com (GA - PUBLIC) -bigquery.dataViewer,bigquery.datasets.get,True,True,bigquery.googleapis.com (GA - PUBLIC),bigquery.googleapis.com (GA - PUBLIC) -bigquery.dataViewer,bigquery.tables.export,True,True,bigquery.googleapis.com (GA - PUBLIC),bigquery.googleapis.com (GA - PUBLIC) -bigquery.jobUser,resourcemanager.projects.list,True,True,bigquery.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -bigquery.jobUser,resourcemanager.projects.get,True,True,bigquery.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -bigquery.jobUser,bigquery.jobs.create,True,True,bigquery.googleapis.com (GA - PUBLIC),bigquery.googleapis.com (GA - PUBLIC) -bigquery.superuser,bigquery.tables.list,True,True,service_roles (Unspecified - INTERNAL),bigquery.googleapis.com (GA - PUBLIC) -bigquery.superuser,bigquery.tables.get,True,True,service_roles (Unspecified - INTERNAL),bigquery.googleapis.com (GA - PUBLIC) -bigquery.superuser,bigquery.tables.getData,True,True,service_roles (Unspecified - INTERNAL),bigquery.googleapis.com (GA - PUBLIC) -bigquery.superuser,bigquery.tables.create,True,True,service_roles (Unspecified - INTERNAL),bigquery.googleapis.com (GA - PUBLIC) -bigquery.superuser,bigquery.tables.update,True,True,service_roles (Unspecified - INTERNAL),bigquery.googleapis.com (GA - PUBLIC) -bigquery.superuser,bigquery.jobs.get,True,True,service_roles (Unspecified - INTERNAL),bigquery.googleapis.com (GA - PUBLIC) -bigquery.superuser,bigquery.datasets.list,True,True,service_roles (Unspecified - INTERNAL),bigquery.googleapis.com (GA - PUBLIC) -bigquery.superuser,bigquery.datasets.get,True,True,service_roles (Unspecified - INTERNAL),bigquery.googleapis.com (GA - PUBLIC) -bigquery.superuser,bigquery.tables.export,True,True,service_roles (Unspecified - INTERNAL),bigquery.googleapis.com (GA - PUBLIC) -bigquery.superuser,bigquery.config.get,True,True,service_roles (Unspecified - INTERNAL),bigquery.googleapis.com (GA - PUBLIC) -bigquery.superuser,bigquery.service.actAsSuperuser,True,True,service_roles (Unspecified - INTERNAL),bigquery.googleapis.com (GA - PUBLIC) -bigquery.superuser,bigquery.jobs.update,True,True,service_roles (Unspecified - INTERNAL),bigquery.googleapis.com (GA - PUBLIC) -bigquery.superuser,bigquery.jobs.list,True,True,service_roles (Unspecified - INTERNAL),bigquery.googleapis.com (GA - PUBLIC) -bigquery.superuser,bigquery.config.update,True,True,service_roles (Unspecified - INTERNAL),bigquery.googleapis.com (GA - PUBLIC) -bigquery.user,bigquery.datasets.create,True,True,bigquery.googleapis.com (GA - PUBLIC),bigquery.googleapis.com (GA - PUBLIC) -bigquery.user,resourcemanager.projects.list,True,True,bigquery.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -bigquery.user,bigquery.tables.list,True,True,bigquery.googleapis.com (GA - PUBLIC),bigquery.googleapis.com (GA - PUBLIC) -bigquery.user,resourcemanager.projects.get,True,True,bigquery.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -bigquery.user,bigquery.datasets.list,True,True,bigquery.googleapis.com (GA - PUBLIC),bigquery.googleapis.com (GA - PUBLIC) -bigquery.user,bigquery.datasets.get,True,True,bigquery.googleapis.com (GA - PUBLIC),bigquery.googleapis.com (GA - PUBLIC) -bigquery.user,bigquery.jobs.create,True,True,bigquery.googleapis.com (GA - PUBLIC),bigquery.googleapis.com (GA - PUBLIC) -bigquery.user,bigquery.config.get,True,True,bigquery.googleapis.com (GA - PUBLIC),bigquery.googleapis.com (GA - PUBLIC) -bigquery.user,bigquery.savedqueries.list,True,True,bigquery.googleapis.com (GA - PUBLIC),bigquery.googleapis.com (GA - PUBLIC) -bigquery.user,bigquery.savedqueries.get,True,True,bigquery.googleapis.com (GA - PUBLIC),bigquery.googleapis.com (GA - PUBLIC) -bigquery.user,bigquery.jobs.list,True,True,bigquery.googleapis.com (GA - PUBLIC),bigquery.googleapis.com (GA - PUBLIC) -bigquery.user,bigquery.transfers.get,True,True,bigquery.googleapis.com (GA - PUBLIC),bigquery.googleapis.com (GA - PUBLIC) -billing.accountReader,billing.accounts.get,True,True,service_roles (Unspecified - INTERNAL),cloudbilling.googleapis.com (GA - PUBLIC) -billing.admin,billing.accounts.getBillingDetails,True,True,cloudbilling.googleapis.com (GA - PUBLIC),cloudbilling.googleapis.com (GA - PUBLIC) -billing.admin,billing.accounts.removeFromOrganization,True,True,cloudbilling.googleapis.com (GA - PUBLIC),cloudbilling.googleapis.com (GA - PUBLIC) -billing.admin,billing.accounts.getSpendingInformation,True,True,cloudbilling.googleapis.com (GA - PUBLIC),cloudbilling.googleapis.com (GA - PUBLIC) -billing.admin,billing.accounts.updatePaymentInfo,True,True,cloudbilling.googleapis.com (GA - PUBLIC),cloudbilling.googleapis.com (GA - PUBLIC) -billing.admin,billing.subscriptions.create,True,True,cloudbilling.googleapis.com (GA - PUBLIC),cloudbilling.googleapis.com (GA - PUBLIC) -billing.admin,billing.accounts.update,True,True,cloudbilling.googleapis.com (GA - PUBLIC),cloudbilling.googleapis.com (GA - PUBLIC) -billing.admin,billing.subscriptions.list,True,True,cloudbilling.googleapis.com (GA - PUBLIC),cloudbilling.googleapis.com (GA - PUBLIC) -billing.admin,billing.accounts.getUsageExportSpec,True,True,cloudbilling.googleapis.com (GA - PUBLIC),cloudbilling.googleapis.com (GA - PUBLIC) -billing.admin,billing.accounts.close,True,True,cloudbilling.googleapis.com (GA - PUBLIC),cloudbilling.googleapis.com (GA - PUBLIC) -billing.admin,billing.subscriptions.update,True,True,cloudbilling.googleapis.com (GA - PUBLIC),cloudbilling.googleapis.com (GA - PUBLIC) -billing.admin,billing.accounts.getPaymentInfo,True,True,cloudbilling.googleapis.com (GA - PUBLIC),cloudbilling.googleapis.com (GA - PUBLIC) -billing.admin,logging.privateLogEntries.list,True,True,cloudbilling.googleapis.com (GA - PUBLIC),logging.googleapis.com (GA - PUBLIC) -billing.admin,billing.subscriptions.get,True,True,cloudbilling.googleapis.com (GA - PUBLIC),cloudbilling.googleapis.com (GA - PUBLIC) -billing.admin,billing.accounts.redeemPromotion,True,True,cloudbilling.googleapis.com (GA - PUBLIC),cloudbilling.googleapis.com (GA - PUBLIC) -billing.admin,billing.accounts.get,True,True,cloudbilling.googleapis.com (GA - PUBLIC),cloudbilling.googleapis.com (GA - PUBLIC) -billing.admin,resourcemanager.projects.createBillingAssignment,True,True,cloudbilling.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -billing.admin,billing.budgets.list,True,True,cloudbilling.googleapis.com (GA - PUBLIC),cloudbilling.googleapis.com (GA - PUBLIC) -billing.admin,logging.logEntries.list,True,True,cloudbilling.googleapis.com (GA - PUBLIC),logging.googleapis.com (GA - PUBLIC) -billing.admin,logging.logServiceIndexes.list,True,True,cloudbilling.googleapis.com (GA - PUBLIC),logging.googleapis.com (GA - PUBLIC) -billing.admin,billing.budgets.delete,True,True,cloudbilling.googleapis.com (GA - PUBLIC),cloudbilling.googleapis.com (GA - PUBLIC) -billing.admin,billing.accounts.setIamPolicy,True,True,cloudbilling.googleapis.com (GA - PUBLIC),cloudbilling.googleapis.com (GA - PUBLIC) -billing.admin,billing.budgets.get,True,True,cloudbilling.googleapis.com (GA - PUBLIC),cloudbilling.googleapis.com (GA - PUBLIC) -billing.admin,billing.accounts.manageApproverInvitations,True,True,cloudbilling.googleapis.com (GA - PUBLIC),cloudbilling.googleapis.com (GA - PUBLIC) -billing.admin,billing.accounts.reopen,True,True,cloudbilling.googleapis.com (GA - PUBLIC),cloudbilling.googleapis.com (GA - PUBLIC) -billing.admin,billing.accounts.updateUsageExportSpec,True,True,cloudbilling.googleapis.com (GA - PUBLIC),cloudbilling.googleapis.com (GA - PUBLIC) -billing.admin,billing.resourceAssociations.create,True,True,cloudbilling.googleapis.com (GA - PUBLIC),cloudbilling.googleapis.com (GA - PUBLIC) -billing.admin,billing.accounts.getIamPolicy,True,True,cloudbilling.googleapis.com (GA - PUBLIC),cloudbilling.googleapis.com (GA - PUBLIC) -billing.admin,logging.logs.list,True,True,cloudbilling.googleapis.com (GA - PUBLIC),logging.googleapis.com (GA - PUBLIC) -billing.admin,cloudnotifications.activities.list,True,True,cloudbilling.googleapis.com (GA - PUBLIC),cloudnotifications.googleapis.com (BETA - INTERNAL) -billing.admin,billing.accounts.move,True,True,cloudbilling.googleapis.com (GA - PUBLIC),cloudbilling.googleapis.com (GA - PUBLIC) -billing.admin,billing.credits.list,True,True,cloudbilling.googleapis.com (GA - PUBLIC),cloudbilling.googleapis.com (GA - PUBLIC) -billing.admin,resourcemanager.projects.deleteBillingAssignment,True,True,cloudbilling.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -billing.admin,logging.logServices.list,True,True,cloudbilling.googleapis.com (GA - PUBLIC),logging.googleapis.com (GA - PUBLIC) -billing.admin,billing.budgets.update,True,True,cloudbilling.googleapis.com (GA - PUBLIC),cloudbilling.googleapis.com (GA - PUBLIC) -billing.admin,billing.resourceAssociations.delete,True,True,cloudbilling.googleapis.com (GA - PUBLIC),cloudbilling.googleapis.com (GA - PUBLIC) -billing.admin,billing.accounts.manageInvitations,True,True,cloudbilling.googleapis.com (GA - PUBLIC),cloudbilling.googleapis.com (GA - PUBLIC) -billing.admin,billing.resourceAssociations.list,True,True,cloudbilling.googleapis.com (GA - PUBLIC),cloudbilling.googleapis.com (GA - PUBLIC) -billing.admin,billing.budgets.create,True,True,cloudbilling.googleapis.com (GA - PUBLIC),cloudbilling.googleapis.com (GA - PUBLIC) -billing.admin,billing.accounts.list,True,True,cloudbilling.googleapis.com (GA - PUBLIC),cloudbilling.googleapis.com (GA - PUBLIC) -billing.creator,resourcemanager.organizations.get,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -billing.creator,billing.accounts.create,True,True,service_roles (Unspecified - INTERNAL),cloudbilling.googleapis.com (GA - PUBLIC) -billing.creditGrantor,billing.accounts.get,True,True,service_roles (Unspecified - INTERNAL),cloudbilling.googleapis.com (GA - PUBLIC) -billing.creditGrantor,billing.credits.list,True,True,service_roles (Unspecified - INTERNAL),cloudbilling.googleapis.com (GA - PUBLIC) -billing.googleAdminBillingReader,billing.accounts.getSpendingInformation,True,True,service_roles (Unspecified - INTERNAL),cloudbilling.googleapis.com (GA - PUBLIC) -billing.googleAdminBillingReader,billing.accounts.getUsageExportSpec,True,True,service_roles (Unspecified - INTERNAL),cloudbilling.googleapis.com (GA - PUBLIC) -billing.googleAdminBillingReader,billing.accounts.getPaymentInfo,True,True,service_roles (Unspecified - INTERNAL),cloudbilling.googleapis.com (GA - PUBLIC) -billing.googleAdminBillingReader,billing.accounts.get,True,True,service_roles (Unspecified - INTERNAL),cloudbilling.googleapis.com (GA - PUBLIC) -billing.googleAdminBillingReader,billing.accounts.getIamPolicy,True,True,service_roles (Unspecified - INTERNAL),cloudbilling.googleapis.com (GA - PUBLIC) -billing.googleAdminBillingReader,billing.accounts.list,True,True,service_roles (Unspecified - INTERNAL),cloudbilling.googleapis.com (GA - PUBLIC) -billing.projectAccountManager,resourcemanager.projects.createBillingAssignment,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -billing.projectAccountManager,resourcemanager.projects.deleteBillingAssignment,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -billing.projectBillingInfoReader,resourcemanager.projects.get,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -billing.projectManager,resourcemanager.projects.createBillingAssignment,True,True,cloudbilling.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -billing.projectManager,resourcemanager.projects.deleteBillingAssignment,True,True,cloudbilling.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -billing.readOnlySubscriptionsSuperuser,billing.subscriptions.list,True,True,service_roles (Unspecified - INTERNAL),cloudbilling.googleapis.com (GA - PUBLIC) -billing.readOnlySubscriptionsSuperuser,billing.subscriptions.get,True,True,service_roles (Unspecified - INTERNAL),cloudbilling.googleapis.com (GA - PUBLIC) -billing.readOnlySuperuser,billing.accounts.getBillingDetails,True,True,service_roles (Unspecified - INTERNAL),cloudbilling.googleapis.com (GA - PUBLIC) -billing.readOnlySuperuser,billing.accounts.getSpendingInformation,True,True,service_roles (Unspecified - INTERNAL),cloudbilling.googleapis.com (GA - PUBLIC) -billing.readOnlySuperuser,billing.accounts.getUsageExportSpec,True,True,service_roles (Unspecified - INTERNAL),cloudbilling.googleapis.com (GA - PUBLIC) -billing.readOnlySuperuser,billing.accounts.getPaymentInfo,True,True,service_roles (Unspecified - INTERNAL),cloudbilling.googleapis.com (GA - PUBLIC) -billing.readOnlySuperuser,billing.accounts.get,True,True,service_roles (Unspecified - INTERNAL),cloudbilling.googleapis.com (GA - PUBLIC) -billing.readOnlySuperuser,billing.accounts.getIamPolicy,True,True,service_roles (Unspecified - INTERNAL),cloudbilling.googleapis.com (GA - PUBLIC) -billing.readOnlySuperuser,billing.resourceAssociations.list,True,True,service_roles (Unspecified - INTERNAL),cloudbilling.googleapis.com (GA - PUBLIC) -billing.readOnlySuperuser,billing.accounts.list,True,True,service_roles (Unspecified - INTERNAL),cloudbilling.googleapis.com (GA - PUBLIC) -billing.readWriteBudgetsSuperuser,billing.budgets.list,True,True,service_roles (Unspecified - INTERNAL),cloudbilling.googleapis.com (GA - PUBLIC) -billing.readWriteBudgetsSuperuser,billing.budgets.delete,True,True,service_roles (Unspecified - INTERNAL),cloudbilling.googleapis.com (GA - PUBLIC) -billing.readWriteBudgetsSuperuser,billing.budgets.get,True,True,service_roles (Unspecified - INTERNAL),cloudbilling.googleapis.com (GA - PUBLIC) -billing.readWriteBudgetsSuperuser,billing.budgets.update,True,True,service_roles (Unspecified - INTERNAL),cloudbilling.googleapis.com (GA - PUBLIC) -billing.readWriteBudgetsSuperuser,billing.budgets.create,True,True,service_roles (Unspecified - INTERNAL),cloudbilling.googleapis.com (GA - PUBLIC) -billing.readWriteSubscriptionsSuperuser,billing.subscriptions.create,True,True,service_roles (Unspecified - INTERNAL),cloudbilling.googleapis.com (GA - PUBLIC) -billing.readWriteSubscriptionsSuperuser,billing.subscriptions.list,True,True,service_roles (Unspecified - INTERNAL),cloudbilling.googleapis.com (GA - PUBLIC) -billing.readWriteSubscriptionsSuperuser,billing.subscriptions.update,True,True,service_roles (Unspecified - INTERNAL),cloudbilling.googleapis.com (GA - PUBLIC) -billing.readWriteSubscriptionsSuperuser,billing.subscriptions.get,True,True,service_roles (Unspecified - INTERNAL),cloudbilling.googleapis.com (GA - PUBLIC) -billing.readWriteSuperuser,billing.accounts.getBillingDetails,True,True,service_roles (Unspecified - INTERNAL),cloudbilling.googleapis.com (GA - PUBLIC) -billing.readWriteSuperuser,billing.accounts.removeFromOrganization,True,True,service_roles (Unspecified - INTERNAL),cloudbilling.googleapis.com (GA - PUBLIC) -billing.readWriteSuperuser,billing.accounts.getSpendingInformation,True,True,service_roles (Unspecified - INTERNAL),cloudbilling.googleapis.com (GA - PUBLIC) -billing.readWriteSuperuser,billing.accounts.updatePaymentInfo,True,True,service_roles (Unspecified - INTERNAL),cloudbilling.googleapis.com (GA - PUBLIC) -billing.readWriteSuperuser,billing.accounts.update,True,True,service_roles (Unspecified - INTERNAL),cloudbilling.googleapis.com (GA - PUBLIC) -billing.readWriteSuperuser,billing.accounts.getUsageExportSpec,True,True,service_roles (Unspecified - INTERNAL),cloudbilling.googleapis.com (GA - PUBLIC) -billing.readWriteSuperuser,billing.accounts.close,True,True,service_roles (Unspecified - INTERNAL),cloudbilling.googleapis.com (GA - PUBLIC) -billing.readWriteSuperuser,billing.accounts.getPaymentInfo,True,True,service_roles (Unspecified - INTERNAL),cloudbilling.googleapis.com (GA - PUBLIC) -billing.readWriteSuperuser,billing.accounts.redeemPromotion,True,True,service_roles (Unspecified - INTERNAL),cloudbilling.googleapis.com (GA - PUBLIC) -billing.readWriteSuperuser,billing.accounts.get,True,True,service_roles (Unspecified - INTERNAL),cloudbilling.googleapis.com (GA - PUBLIC) -billing.readWriteSuperuser,resourcemanager.projects.createBillingAssignment,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -billing.readWriteSuperuser,billing.accounts.create,True,True,service_roles (Unspecified - INTERNAL),cloudbilling.googleapis.com (GA - PUBLIC) -billing.readWriteSuperuser,billing.accounts.setIamPolicy,True,True,service_roles (Unspecified - INTERNAL),cloudbilling.googleapis.com (GA - PUBLIC) -billing.readWriteSuperuser,billing.accounts.manageApproverInvitations,True,True,service_roles (Unspecified - INTERNAL),cloudbilling.googleapis.com (GA - PUBLIC) -billing.readWriteSuperuser,billing.accounts.reopen,True,True,service_roles (Unspecified - INTERNAL),cloudbilling.googleapis.com (GA - PUBLIC) -billing.readWriteSuperuser,billing.accounts.updateUsageExportSpec,True,True,service_roles (Unspecified - INTERNAL),cloudbilling.googleapis.com (GA - PUBLIC) -billing.readWriteSuperuser,billing.accounts.getIamPolicy,True,True,service_roles (Unspecified - INTERNAL),cloudbilling.googleapis.com (GA - PUBLIC) -billing.readWriteSuperuser,billing.accounts.move,True,True,service_roles (Unspecified - INTERNAL),cloudbilling.googleapis.com (GA - PUBLIC) -billing.readWriteSuperuser,resourcemanager.projects.deleteBillingAssignment,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -billing.readWriteSuperuser,billing.accounts.manageInvitations,True,True,service_roles (Unspecified - INTERNAL),cloudbilling.googleapis.com (GA - PUBLIC) -billing.readWriteSuperuser,billing.accounts.list,True,True,service_roles (Unspecified - INTERNAL),cloudbilling.googleapis.com (GA - PUBLIC) -billing.user,billing.accounts.redeemPromotion,True,True,cloudbilling.googleapis.com (GA - PUBLIC),cloudbilling.googleapis.com (GA - PUBLIC) -billing.user,billing.accounts.get,True,True,cloudbilling.googleapis.com (GA - PUBLIC),cloudbilling.googleapis.com (GA - PUBLIC) -billing.user,billing.accounts.manageApproverInvitations,True,True,cloudbilling.googleapis.com (GA - PUBLIC),cloudbilling.googleapis.com (GA - PUBLIC) -billing.user,billing.resourceAssociations.create,True,True,cloudbilling.googleapis.com (GA - PUBLIC),cloudbilling.googleapis.com (GA - PUBLIC) -billing.user,billing.accounts.getIamPolicy,True,True,cloudbilling.googleapis.com (GA - PUBLIC),cloudbilling.googleapis.com (GA - PUBLIC) -billing.user,billing.credits.list,True,True,cloudbilling.googleapis.com (GA - PUBLIC),cloudbilling.googleapis.com (GA - PUBLIC) -billing.user,billing.accounts.list,True,True,cloudbilling.googleapis.com (GA - PUBLIC),cloudbilling.googleapis.com (GA - PUBLIC) -billing.viewer,billing.accounts.getSpendingInformation,True,True,cloudbilling.googleapis.com (GA - PUBLIC),cloudbilling.googleapis.com (GA - PUBLIC) -billing.viewer,billing.subscriptions.list,True,True,cloudbilling.googleapis.com (GA - PUBLIC),cloudbilling.googleapis.com (GA - PUBLIC) -billing.viewer,billing.accounts.getUsageExportSpec,True,True,cloudbilling.googleapis.com (GA - PUBLIC),cloudbilling.googleapis.com (GA - PUBLIC) -billing.viewer,billing.accounts.getPaymentInfo,True,True,cloudbilling.googleapis.com (GA - PUBLIC),cloudbilling.googleapis.com (GA - PUBLIC) -billing.viewer,billing.subscriptions.get,True,True,cloudbilling.googleapis.com (GA - PUBLIC),cloudbilling.googleapis.com (GA - PUBLIC) -billing.viewer,billing.accounts.get,True,True,cloudbilling.googleapis.com (GA - PUBLIC),cloudbilling.googleapis.com (GA - PUBLIC) -billing.viewer,billing.budgets.list,True,True,cloudbilling.googleapis.com (GA - PUBLIC),cloudbilling.googleapis.com (GA - PUBLIC) -billing.viewer,billing.budgets.get,True,True,cloudbilling.googleapis.com (GA - PUBLIC),cloudbilling.googleapis.com (GA - PUBLIC) -billing.viewer,billing.accounts.getIamPolicy,True,True,cloudbilling.googleapis.com (GA - PUBLIC),cloudbilling.googleapis.com (GA - PUBLIC) -billing.viewer,billing.credits.list,True,True,cloudbilling.googleapis.com (GA - PUBLIC),cloudbilling.googleapis.com (GA - PUBLIC) -billing.viewer,billing.resourceAssociations.list,True,True,cloudbilling.googleapis.com (GA - PUBLIC),cloudbilling.googleapis.com (GA - PUBLIC) -billing.viewer,billing.accounts.list,True,True,cloudbilling.googleapis.com (GA - PUBLIC),cloudbilling.googleapis.com (GA - PUBLIC) -browser,resourcemanager.projects.list,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -browser,resourcemanager.projects.get,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -browser,resourcemanager.organizations.get,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -browser,resourcemanager.folders.list,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -browser,resourcemanager.projectInvites.get,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -browser,resourcemanager.projects.getIamPolicy,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -browser,resourcemanager.folders.get,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -clientauthconfig.brandsReader,clientauthconfig.brands.get,True,True,service_roles (Unspecified - INTERNAL),clientauthconfig.googleapis.com (BETA - INTERNAL) -clientauthconfig.brandsReader,clientauthconfig.brands.list,True,True,service_roles (Unspecified - INTERNAL),clientauthconfig.googleapis.com (BETA - INTERNAL) -clientauthconfig.clientReviewer,clientauthconfig.brands.get,True,True,service_roles (Unspecified - INTERNAL),clientauthconfig.googleapis.com (BETA - INTERNAL) -clientauthconfig.clientReviewer,clientauthconfig.clients.update,True,True,service_roles (Unspecified - INTERNAL),clientauthconfig.googleapis.com (BETA - INTERNAL) -clientauthconfig.clientReviewer,clientauthconfig.clients.list,True,True,service_roles (Unspecified - INTERNAL),clientauthconfig.googleapis.com (BETA - INTERNAL) -clientauthconfig.clientReviewer,clientauthconfig.brands.list,True,True,service_roles (Unspecified - INTERNAL),clientauthconfig.googleapis.com (BETA - INTERNAL) -clientauthconfig.clientReviewer,clientauthconfig.clients.get,True,True,service_roles (Unspecified - INTERNAL),clientauthconfig.googleapis.com (BETA - INTERNAL) -clientauthconfig.superuserReaderWithSecrets,clientauthconfig.clients.listWithSecrets,True,True,clientauthconfig.googleapis.com (BETA - INTERNAL),clientauthconfig.googleapis.com (BETA - INTERNAL) -clientauthconfig.superuserReaderWithSecrets,clientauthconfig.brands.get,True,True,clientauthconfig.googleapis.com (BETA - INTERNAL),clientauthconfig.googleapis.com (BETA - INTERNAL) -clientauthconfig.superuserReaderWithSecrets,clientauthconfig.clients.list,True,True,clientauthconfig.googleapis.com (BETA - INTERNAL),clientauthconfig.googleapis.com (BETA - INTERNAL) -clientauthconfig.superuserReaderWithSecrets,clientauthconfig.brands.list,True,True,clientauthconfig.googleapis.com (BETA - INTERNAL),clientauthconfig.googleapis.com (BETA - INTERNAL) -clientauthconfig.superuserReaderWithSecrets,clientauthconfig.clients.getWithSecret,True,True,clientauthconfig.googleapis.com (BETA - INTERNAL),clientauthconfig.googleapis.com (BETA - INTERNAL) -clientauthconfig.superuserReaderWithSecrets,clientauthconfig.clients.get,True,True,clientauthconfig.googleapis.com (BETA - INTERNAL),clientauthconfig.googleapis.com (BETA - INTERNAL) -clientauthconfig.superuserReaderWithoutSecrets,clientauthconfig.brands.get,True,True,service_roles (Unspecified - INTERNAL),clientauthconfig.googleapis.com (BETA - INTERNAL) -clientauthconfig.superuserReaderWithoutSecrets,clientauthconfig.clients.list,True,True,service_roles (Unspecified - INTERNAL),clientauthconfig.googleapis.com (BETA - INTERNAL) -clientauthconfig.superuserReaderWithoutSecrets,clientauthconfig.brands.list,True,True,service_roles (Unspecified - INTERNAL),clientauthconfig.googleapis.com (BETA - INTERNAL) -clientauthconfig.superuserReaderWithoutSecrets,clientauthconfig.clients.get,True,True,service_roles (Unspecified - INTERNAL),clientauthconfig.googleapis.com (BETA - INTERNAL) -clientauthconfig.superuserWriter,clientauthconfig.clients.listWithSecrets,True,True,service_roles (Unspecified - INTERNAL),clientauthconfig.googleapis.com (BETA - INTERNAL) -clientauthconfig.superuserWriter,clientauthconfig.brands.get,True,True,service_roles (Unspecified - INTERNAL),clientauthconfig.googleapis.com (BETA - INTERNAL) -clientauthconfig.superuserWriter,clientauthconfig.clients.undelete,True,True,service_roles (Unspecified - INTERNAL),clientauthconfig.googleapis.com (BETA - INTERNAL) -clientauthconfig.superuserWriter,clientauthconfig.clients.update,True,True,service_roles (Unspecified - INTERNAL),clientauthconfig.googleapis.com (BETA - INTERNAL) -clientauthconfig.superuserWriter,clientauthconfig.brands.delete,True,True,service_roles (Unspecified - INTERNAL),clientauthconfig.googleapis.com (BETA - INTERNAL) -clientauthconfig.superuserWriter,clientauthconfig.brands.update,True,True,service_roles (Unspecified - INTERNAL),clientauthconfig.googleapis.com (BETA - INTERNAL) -clientauthconfig.superuserWriter,clientauthconfig.clients.delete,True,True,service_roles (Unspecified - INTERNAL),clientauthconfig.googleapis.com (BETA - INTERNAL) -clientauthconfig.superuserWriter,clientauthconfig.clients.list,True,True,service_roles (Unspecified - INTERNAL),clientauthconfig.googleapis.com (BETA - INTERNAL) -clientauthconfig.superuserWriter,clientauthconfig.brands.create,True,True,service_roles (Unspecified - INTERNAL),clientauthconfig.googleapis.com (BETA - INTERNAL) -clientauthconfig.superuserWriter,clientauthconfig.clients.create,True,True,service_roles (Unspecified - INTERNAL),clientauthconfig.googleapis.com (BETA - INTERNAL) -clientauthconfig.superuserWriter,clientauthconfig.brands.list,True,True,service_roles (Unspecified - INTERNAL),clientauthconfig.googleapis.com (BETA - INTERNAL) -clientauthconfig.superuserWriter,clientauthconfig.clients.getWithSecret,True,True,service_roles (Unspecified - INTERNAL),clientauthconfig.googleapis.com (BETA - INTERNAL) -clientauthconfig.superuserWriter,clientauthconfig.clients.get,True,True,service_roles (Unspecified - INTERNAL),clientauthconfig.googleapis.com (BETA - INTERNAL) -clientauthconfig.superuserWriter,clientauthconfig.clients.createSecret,True,True,service_roles (Unspecified - INTERNAL),clientauthconfig.googleapis.com (BETA - INTERNAL) -cloudbuild.builds.builder,resourcemanager.projects.list,True,True,cloudbuild.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -cloudbuild.builds.builder,resourcemanager.projects.get,True,True,cloudbuild.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -cloudbuild.builds.builder,cloudbuild.builds.list,True,True,cloudbuild.googleapis.com (GA - PUBLIC),cloudbuild.googleapis.com (GA - PUBLIC) -cloudbuild.builds.builder,storage.objects.get,True,True,cloudbuild.googleapis.com (GA - PUBLIC),storage.googleapis.com (GA - PUBLIC) -cloudbuild.builds.builder,storage.objects.update,True,True,cloudbuild.googleapis.com (GA - PUBLIC),storage.googleapis.com (GA - PUBLIC) -cloudbuild.builds.builder,pubsub.topics.publish,True,True,cloudbuild.googleapis.com (GA - PUBLIC),pubsub.googleapis.com (GA - PUBLIC) -cloudbuild.builds.builder,logging.logEntries.create,True,True,cloudbuild.googleapis.com (GA - PUBLIC),logging.googleapis.com (GA - PUBLIC) -cloudbuild.builds.builder,storage.buckets.list,True,True,cloudbuild.googleapis.com (GA - PUBLIC),storage.googleapis.com (GA - PUBLIC) -cloudbuild.builds.builder,cloudbuild.builds.update,True,True,cloudbuild.googleapis.com (GA - PUBLIC),cloudbuild.googleapis.com (GA - PUBLIC) -cloudbuild.builds.builder,source.repos.get,True,True,cloudbuild.googleapis.com (GA - PUBLIC),sourcerepo.googleapis.com (GA - PUBLIC) -cloudbuild.builds.builder,cloudbuild.builds.get,True,True,cloudbuild.googleapis.com (GA - PUBLIC),cloudbuild.googleapis.com (GA - PUBLIC) -cloudbuild.builds.builder,storage.objects.delete,True,True,cloudbuild.googleapis.com (GA - PUBLIC),storage.googleapis.com (GA - PUBLIC) -cloudbuild.builds.builder,storage.buckets.get,True,True,cloudbuild.googleapis.com (GA - PUBLIC),storage.googleapis.com (GA - PUBLIC) -cloudbuild.builds.builder,pubsub.topics.create,True,True,cloudbuild.googleapis.com (GA - PUBLIC),pubsub.googleapis.com (GA - PUBLIC) -cloudbuild.builds.builder,storage.buckets.create,True,True,cloudbuild.googleapis.com (GA - PUBLIC),storage.googleapis.com (GA - PUBLIC) -cloudbuild.builds.builder,cloudbuild.builds.create,True,True,cloudbuild.googleapis.com (GA - PUBLIC),cloudbuild.googleapis.com (GA - PUBLIC) -cloudbuild.builds.builder,source.repos.list,True,True,cloudbuild.googleapis.com (GA - PUBLIC),sourcerepo.googleapis.com (GA - PUBLIC) -cloudbuild.builds.builder,storage.objects.create,True,True,cloudbuild.googleapis.com (GA - PUBLIC),storage.googleapis.com (GA - PUBLIC) -cloudbuild.builds.builder,storage.objects.list,True,True,cloudbuild.googleapis.com (GA - PUBLIC),storage.googleapis.com (GA - PUBLIC) -cloudbuild.builds.editor,resourcemanager.projects.list,True,True,cloudbuild.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -cloudbuild.builds.editor,resourcemanager.projects.get,True,True,cloudbuild.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -cloudbuild.builds.editor,cloudbuild.builds.list,True,True,cloudbuild.googleapis.com (GA - PUBLIC),cloudbuild.googleapis.com (GA - PUBLIC) -cloudbuild.builds.editor,cloudbuild.builds.update,True,True,cloudbuild.googleapis.com (GA - PUBLIC),cloudbuild.googleapis.com (GA - PUBLIC) -cloudbuild.builds.editor,cloudbuild.builds.get,True,True,cloudbuild.googleapis.com (GA - PUBLIC),cloudbuild.googleapis.com (GA - PUBLIC) -cloudbuild.builds.editor,cloudbuild.builds.create,True,True,cloudbuild.googleapis.com (GA - PUBLIC),cloudbuild.googleapis.com (GA - PUBLIC) -cloudbuild.builds.viewer,resourcemanager.projects.list,True,True,cloudbuild.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -cloudbuild.builds.viewer,resourcemanager.projects.get,True,True,cloudbuild.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -cloudbuild.builds.viewer,cloudbuild.builds.list,True,True,cloudbuild.googleapis.com (GA - PUBLIC),cloudbuild.googleapis.com (GA - PUBLIC) -cloudbuild.builds.viewer,cloudbuild.builds.get,True,True,cloudbuild.googleapis.com (GA - PUBLIC),cloudbuild.googleapis.com (GA - PUBLIC) -clouddebugger.agent,clouddebugger.debuggees.create,True,True,clouddebugger.googleapis.com (BETA - PUBLIC),clouddebugger.googleapis.com (BETA - PUBLIC) -clouddebugger.agent,clouddebugger.breakpoints.listActive,True,True,clouddebugger.googleapis.com (BETA - PUBLIC),clouddebugger.googleapis.com (BETA - PUBLIC) -clouddebugger.agent,clouddebugger.breakpoints.update,True,True,clouddebugger.googleapis.com (BETA - PUBLIC),clouddebugger.googleapis.com (BETA - PUBLIC) -clouddebugger.agent,clouddebugger.breakpoints.list,True,True,clouddebugger.googleapis.com (BETA - PUBLIC),clouddebugger.googleapis.com (BETA - PUBLIC) -clouddebugger.user,clouddebugger.debuggees.list,True,True,clouddebugger.googleapis.com (BETA - PUBLIC),clouddebugger.googleapis.com (BETA - PUBLIC) -clouddebugger.user,clouddebugger.breakpoints.delete,True,True,clouddebugger.googleapis.com (BETA - PUBLIC),clouddebugger.googleapis.com (BETA - PUBLIC) -clouddebugger.user,clouddebugger.breakpoints.create,True,True,clouddebugger.googleapis.com (BETA - PUBLIC),clouddebugger.googleapis.com (BETA - PUBLIC) -clouddebugger.user,clouddebugger.breakpoints.get,True,True,clouddebugger.googleapis.com (BETA - PUBLIC),clouddebugger.googleapis.com (BETA - PUBLIC) -clouddebugger.user,clouddebugger.breakpoints.list,True,True,clouddebugger.googleapis.com (BETA - PUBLIC),clouddebugger.googleapis.com (BETA - PUBLIC) -cloudiot.admin,cloudiot.registries.delete,True,True,cloudiot.googleapis.com (BETA - INTERNAL),cloudiot.googleapis.com (BETA - INTERNAL) -cloudiot.admin,cloudiot.registries.getIamPolicy,True,True,cloudiot.googleapis.com (BETA - INTERNAL),cloudiot.googleapis.com (BETA - INTERNAL) -cloudiot.admin,cloudiot.registries.create,True,True,cloudiot.googleapis.com (BETA - INTERNAL),cloudiot.googleapis.com (BETA - INTERNAL) -cloudiot.admin,cloudiot.devices.create,True,True,cloudiot.googleapis.com (BETA - INTERNAL),cloudiot.googleapis.com (BETA - INTERNAL) -cloudiot.admin,cloudiot.devices.updateConfig,True,True,cloudiot.googleapis.com (BETA - INTERNAL),cloudiot.googleapis.com (BETA - INTERNAL) -cloudiot.admin,cloudiot.devices.list,True,True,cloudiot.googleapis.com (BETA - INTERNAL),cloudiot.googleapis.com (BETA - INTERNAL) -cloudiot.admin,cloudiot.devices.get,True,True,cloudiot.googleapis.com (BETA - INTERNAL),cloudiot.googleapis.com (BETA - INTERNAL) -cloudiot.admin,cloudiot.registries.list,True,True,cloudiot.googleapis.com (BETA - INTERNAL),cloudiot.googleapis.com (BETA - INTERNAL) -cloudiot.admin,cloudiot.devices.delete,True,True,cloudiot.googleapis.com (BETA - INTERNAL),cloudiot.googleapis.com (BETA - INTERNAL) -cloudiot.admin,cloudiot.registries.get,True,True,cloudiot.googleapis.com (BETA - INTERNAL),cloudiot.googleapis.com (BETA - INTERNAL) -cloudiot.admin,cloudiot.devices.update,True,True,cloudiot.googleapis.com (BETA - INTERNAL),cloudiot.googleapis.com (BETA - INTERNAL) -cloudiot.admin,cloudiot.registries.setIamPolicy,True,True,cloudiot.googleapis.com (BETA - INTERNAL),cloudiot.googleapis.com (BETA - INTERNAL) -cloudiot.admin,cloudiot.registries.update,True,True,cloudiot.googleapis.com (BETA - INTERNAL),cloudiot.googleapis.com (BETA - INTERNAL) -cloudiot.deviceController,cloudiot.devices.updateConfig,True,True,cloudiot.googleapis.com (BETA - INTERNAL),cloudiot.googleapis.com (BETA - INTERNAL) -cloudiot.deviceController,cloudiot.devices.list,True,True,cloudiot.googleapis.com (BETA - INTERNAL),cloudiot.googleapis.com (BETA - INTERNAL) -cloudiot.deviceController,cloudiot.devices.get,True,True,cloudiot.googleapis.com (BETA - INTERNAL),cloudiot.googleapis.com (BETA - INTERNAL) -cloudiot.deviceController,cloudiot.registries.list,True,True,cloudiot.googleapis.com (BETA - INTERNAL),cloudiot.googleapis.com (BETA - INTERNAL) -cloudiot.deviceController,cloudiot.registries.get,True,True,cloudiot.googleapis.com (BETA - INTERNAL),cloudiot.googleapis.com (BETA - INTERNAL) -cloudiot.editor,cloudiot.registries.delete,True,True,cloudiot.googleapis.com (BETA - INTERNAL),cloudiot.googleapis.com (BETA - INTERNAL) -cloudiot.editor,cloudiot.registries.create,True,True,cloudiot.googleapis.com (BETA - INTERNAL),cloudiot.googleapis.com (BETA - INTERNAL) -cloudiot.editor,cloudiot.devices.create,True,True,cloudiot.googleapis.com (BETA - INTERNAL),cloudiot.googleapis.com (BETA - INTERNAL) -cloudiot.editor,cloudiot.devices.updateConfig,True,True,cloudiot.googleapis.com (BETA - INTERNAL),cloudiot.googleapis.com (BETA - INTERNAL) -cloudiot.editor,cloudiot.devices.list,True,True,cloudiot.googleapis.com (BETA - INTERNAL),cloudiot.googleapis.com (BETA - INTERNAL) -cloudiot.editor,cloudiot.devices.get,True,True,cloudiot.googleapis.com (BETA - INTERNAL),cloudiot.googleapis.com (BETA - INTERNAL) -cloudiot.editor,cloudiot.registries.list,True,True,cloudiot.googleapis.com (BETA - INTERNAL),cloudiot.googleapis.com (BETA - INTERNAL) -cloudiot.editor,cloudiot.devices.delete,True,True,cloudiot.googleapis.com (BETA - INTERNAL),cloudiot.googleapis.com (BETA - INTERNAL) -cloudiot.editor,cloudiot.registries.get,True,True,cloudiot.googleapis.com (BETA - INTERNAL),cloudiot.googleapis.com (BETA - INTERNAL) -cloudiot.editor,cloudiot.devices.update,True,True,cloudiot.googleapis.com (BETA - INTERNAL),cloudiot.googleapis.com (BETA - INTERNAL) -cloudiot.editor,cloudiot.registries.update,True,True,cloudiot.googleapis.com (BETA - INTERNAL),cloudiot.googleapis.com (BETA - INTERNAL) -cloudiot.provisioner,cloudiot.devices.create,True,True,cloudiot.googleapis.com (BETA - INTERNAL),cloudiot.googleapis.com (BETA - INTERNAL) -cloudiot.provisioner,cloudiot.devices.updateConfig,True,True,cloudiot.googleapis.com (BETA - INTERNAL),cloudiot.googleapis.com (BETA - INTERNAL) -cloudiot.provisioner,cloudiot.devices.list,True,True,cloudiot.googleapis.com (BETA - INTERNAL),cloudiot.googleapis.com (BETA - INTERNAL) -cloudiot.provisioner,cloudiot.devices.get,True,True,cloudiot.googleapis.com (BETA - INTERNAL),cloudiot.googleapis.com (BETA - INTERNAL) -cloudiot.provisioner,cloudiot.registries.list,True,True,cloudiot.googleapis.com (BETA - INTERNAL),cloudiot.googleapis.com (BETA - INTERNAL) -cloudiot.provisioner,cloudiot.devices.delete,True,True,cloudiot.googleapis.com (BETA - INTERNAL),cloudiot.googleapis.com (BETA - INTERNAL) -cloudiot.provisioner,cloudiot.registries.get,True,True,cloudiot.googleapis.com (BETA - INTERNAL),cloudiot.googleapis.com (BETA - INTERNAL) -cloudiot.provisioner,cloudiot.devices.update,True,True,cloudiot.googleapis.com (BETA - INTERNAL),cloudiot.googleapis.com (BETA - INTERNAL) -cloudiot.viewer,cloudiot.devices.list,True,True,cloudiot.googleapis.com (BETA - INTERNAL),cloudiot.googleapis.com (BETA - INTERNAL) -cloudiot.viewer,cloudiot.devices.get,True,True,cloudiot.googleapis.com (BETA - INTERNAL),cloudiot.googleapis.com (BETA - INTERNAL) -cloudiot.viewer,cloudiot.registries.list,True,True,cloudiot.googleapis.com (BETA - INTERNAL),cloudiot.googleapis.com (BETA - INTERNAL) -cloudiot.viewer,cloudiot.registries.get,True,True,cloudiot.googleapis.com (BETA - INTERNAL),cloudiot.googleapis.com (BETA - INTERNAL) -cloudkms.admin,cloudkms.cryptoKeys.setIamPolicy,True,True,cloudkms.googleapis.com (GA - PUBLIC),cloudkms.googleapis.com (GA - PUBLIC) -cloudkms.admin,cloudkms.keyRings.getIamPolicy,True,True,cloudkms.googleapis.com (GA - PUBLIC),cloudkms.googleapis.com (GA - PUBLIC) -cloudkms.admin,resourcemanager.projects.get,True,True,cloudkms.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -cloudkms.admin,cloudkms.keyRings.create,True,True,cloudkms.googleapis.com (GA - PUBLIC),cloudkms.googleapis.com (GA - PUBLIC) -cloudkms.admin,cloudkms.cryptoKeyVersions.getIamPolicy,True,True,cloudkms.googleapis.com (GA - PUBLIC),cloudkms.googleapis.com (GA - PUBLIC) -cloudkms.admin,cloudkms.keyRings.get,True,True,cloudkms.googleapis.com (GA - PUBLIC),cloudkms.googleapis.com (GA - PUBLIC) -cloudkms.admin,cloudkms.cryptoKeys.update,True,True,cloudkms.googleapis.com (GA - PUBLIC),cloudkms.googleapis.com (GA - PUBLIC) -cloudkms.admin,cloudkms.keyRings.list,True,True,cloudkms.googleapis.com (GA - PUBLIC),cloudkms.googleapis.com (GA - PUBLIC) -cloudkms.admin,cloudkms.cryptoKeyVersions.update,True,True,cloudkms.googleapis.com (GA - PUBLIC),cloudkms.googleapis.com (GA - PUBLIC) -cloudkms.admin,cloudkms.cryptoKeys.create,True,True,cloudkms.googleapis.com (GA - PUBLIC),cloudkms.googleapis.com (GA - PUBLIC) -cloudkms.admin,cloudkms.cryptoKeyVersions.setIamPolicy,True,True,cloudkms.googleapis.com (GA - PUBLIC),cloudkms.googleapis.com (GA - PUBLIC) -cloudkms.admin,cloudkms.cryptoKeys.getIamPolicy,True,True,cloudkms.googleapis.com (GA - PUBLIC),cloudkms.googleapis.com (GA - PUBLIC) -cloudkms.admin,cloudkms.cryptoKeyVersions.create,True,True,cloudkms.googleapis.com (GA - PUBLIC),cloudkms.googleapis.com (GA - PUBLIC) -cloudkms.admin,cloudkms.keyRings.update,True,True,cloudkms.googleapis.com (GA - PUBLIC),cloudkms.googleapis.com (GA - PUBLIC) -cloudkms.admin,cloudkms.cryptoKeys.list,True,True,cloudkms.googleapis.com (GA - PUBLIC),cloudkms.googleapis.com (GA - PUBLIC) -cloudkms.admin,cloudkms.cryptoKeyVersions.get,True,True,cloudkms.googleapis.com (GA - PUBLIC),cloudkms.googleapis.com (GA - PUBLIC) -cloudkms.admin,cloudkms.cryptoKeyVersions.list,True,True,cloudkms.googleapis.com (GA - PUBLIC),cloudkms.googleapis.com (GA - PUBLIC) -cloudkms.admin,cloudkms.keyRings.setIamPolicy,True,True,cloudkms.googleapis.com (GA - PUBLIC),cloudkms.googleapis.com (GA - PUBLIC) -cloudkms.admin,cloudkms.cryptoKeyVersions.destroy,True,True,cloudkms.googleapis.com (GA - PUBLIC),cloudkms.googleapis.com (GA - PUBLIC) -cloudkms.admin,cloudkms.cryptoKeyVersions.restore,True,True,cloudkms.googleapis.com (GA - PUBLIC),cloudkms.googleapis.com (GA - PUBLIC) -cloudkms.admin,cloudkms.cryptoKeys.get,True,True,cloudkms.googleapis.com (GA - PUBLIC),cloudkms.googleapis.com (GA - PUBLIC) -cloudkms.cryptoKeyDecrypter,cloudkms.cryptoKeyVersions.useToDecrypt,True,True,cloudkms.googleapis.com (GA - PUBLIC),cloudkms.googleapis.com (GA - PUBLIC) -cloudkms.cryptoKeyDecrypter,resourcemanager.projects.get,True,True,cloudkms.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -cloudkms.cryptoKeyEncrypter,resourcemanager.projects.get,True,True,cloudkms.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -cloudkms.cryptoKeyEncrypter,cloudkms.cryptoKeyVersions.useToEncrypt,True,True,cloudkms.googleapis.com (GA - PUBLIC),cloudkms.googleapis.com (GA - PUBLIC) -cloudkms.cryptoKeyEncrypterDecrypter,cloudkms.cryptoKeyVersions.useToDecrypt,True,True,cloudkms.googleapis.com (GA - PUBLIC),cloudkms.googleapis.com (GA - PUBLIC) -cloudkms.cryptoKeyEncrypterDecrypter,resourcemanager.projects.get,True,True,cloudkms.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -cloudkms.cryptoKeyEncrypterDecrypter,cloudkms.cryptoKeyVersions.useToEncrypt,True,True,cloudkms.googleapis.com (GA - PUBLIC),cloudkms.googleapis.com (GA - PUBLIC) -cloudsql.admin,cloudsql.instances.update,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -cloudsql.admin,cloudsql.databases.delete,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -cloudsql.admin,cloudsql.databases.getIamPolicy,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -cloudsql.admin,resourcemanager.projects.list,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -cloudsql.admin,cloudsql.sslCerts.get,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -cloudsql.admin,cloudsql.instances.resetSslConfig,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -cloudsql.admin,resourcemanager.projects.get,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -cloudsql.admin,cloudsql.backupRuns.get,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -cloudsql.admin,cloudsql.instances.startReplica,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -cloudsql.admin,cloudsql.users.list,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -cloudsql.admin,cloudsql.instances.list,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -cloudsql.admin,cloudsql.sslCerts.createEphemeral,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -cloudsql.admin,cloudsql.backupRuns.delete,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -cloudsql.admin,cloudsql.backupRuns.list,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -cloudsql.admin,cloudsql.users.create,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -cloudsql.admin,cloudsql.users.delete,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -cloudsql.admin,cloudsql.instances.getIamPolicy,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -cloudsql.admin,cloudsql.databases.setIamPolicy,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -cloudsql.admin,cloudsql.instances.restoreBackup,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -cloudsql.admin,cloudsql.databases.get,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -cloudsql.admin,cloudsql.databases.update,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -cloudsql.admin,cloudsql.instances.clone,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -cloudsql.admin,serviceusage.services.get,True,True,cloudsql.googleapis.com (GA - PUBLIC),serviceusage.googleapis.com (BETA - INTERNAL) -cloudsql.admin,cloudsql.instances.create,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -cloudsql.admin,cloudsql.instances.restart,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -cloudsql.admin,cloudsql.sslCerts.list,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -cloudsql.admin,cloudsql.databases.create,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -cloudsql.admin,cloudsql.instances.import,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -cloudsql.admin,serviceusage.quotas.get,True,True,cloudsql.googleapis.com (GA - PUBLIC),serviceusage.googleapis.com (BETA - INTERNAL) -cloudsql.admin,cloudsql.instances.delete,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -cloudsql.admin,cloudsql.instances.failover,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -cloudsql.admin,cloudsql.instances.setIamPolicy,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -cloudsql.admin,cloudsql.databases.list,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -cloudsql.admin,cloudsql.instances.truncateLog,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -cloudsql.admin,cloudsql.sslCerts.delete,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -cloudsql.admin,cloudsql.backupRuns.create,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -cloudsql.admin,cloudsql.instances.migrate,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -cloudsql.admin,cloudsql.instances.promoteReplica,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -cloudsql.admin,cloudsql.instances.get,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -cloudsql.admin,cloudsql.sslCerts.create,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -cloudsql.admin,cloudsql.instances.export,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -cloudsql.admin,cloudsql.instances.stopReplica,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -cloudsql.admin,cloudsql.users.update,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -cloudsql.client,cloudsql.instances.connect,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -cloudsql.client,cloudsql.instances.get,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -cloudsql.editor,cloudsql.instances.update,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -cloudsql.editor,resourcemanager.projects.list,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -cloudsql.editor,cloudsql.sslCerts.get,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -cloudsql.editor,resourcemanager.projects.get,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -cloudsql.editor,cloudsql.backupRuns.get,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -cloudsql.editor,cloudsql.users.list,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -cloudsql.editor,cloudsql.instances.list,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -cloudsql.editor,cloudsql.backupRuns.list,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -cloudsql.editor,cloudsql.databases.get,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -cloudsql.editor,cloudsql.databases.update,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -cloudsql.editor,serviceusage.services.get,True,True,cloudsql.googleapis.com (GA - PUBLIC),serviceusage.googleapis.com (BETA - INTERNAL) -cloudsql.editor,cloudsql.instances.restart,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -cloudsql.editor,cloudsql.sslCerts.list,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -cloudsql.editor,cloudsql.databases.create,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -cloudsql.editor,serviceusage.quotas.get,True,True,cloudsql.googleapis.com (GA - PUBLIC),serviceusage.googleapis.com (BETA - INTERNAL) -cloudsql.editor,cloudsql.instances.failover,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -cloudsql.editor,cloudsql.databases.list,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -cloudsql.editor,cloudsql.instances.truncateLog,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -cloudsql.editor,cloudsql.backupRuns.create,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -cloudsql.editor,cloudsql.instances.migrate,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -cloudsql.editor,cloudsql.instances.get,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -cloudsql.editor,cloudsql.instances.export,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -cloudsql.viewer,resourcemanager.projects.list,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -cloudsql.viewer,cloudsql.sslCerts.get,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -cloudsql.viewer,resourcemanager.projects.get,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -cloudsql.viewer,cloudsql.backupRuns.get,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -cloudsql.viewer,cloudsql.users.list,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -cloudsql.viewer,cloudsql.instances.list,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -cloudsql.viewer,cloudsql.backupRuns.list,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -cloudsql.viewer,cloudsql.databases.get,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -cloudsql.viewer,serviceusage.services.get,True,True,cloudsql.googleapis.com (GA - PUBLIC),serviceusage.googleapis.com (BETA - INTERNAL) -cloudsql.viewer,cloudsql.sslCerts.list,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -cloudsql.viewer,serviceusage.quotas.get,True,True,cloudsql.googleapis.com (GA - PUBLIC),serviceusage.googleapis.com (BETA - INTERNAL) -cloudsql.viewer,cloudsql.databases.list,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -cloudsql.viewer,cloudsql.instances.get,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -cloudsql.viewer,cloudsql.instances.export,True,True,cloudsql.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -cloudtrace.admin,resourcemanager.projects.list,True,True,cloudtrace.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -cloudtrace.admin,resourcemanager.projects.get,True,True,cloudtrace.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -cloudtrace.admin,cloudtrace.traces.patch,True,True,cloudtrace.googleapis.com (GA - PUBLIC),cloudtrace.googleapis.com (GA - PUBLIC) -cloudtrace.admin,cloudtrace.tasks.get,True,True,cloudtrace.googleapis.com (GA - PUBLIC),cloudtrace.googleapis.com (GA - PUBLIC) -cloudtrace.admin,cloudtrace.insights.get,True,True,cloudtrace.googleapis.com (GA - PUBLIC),cloudtrace.googleapis.com (GA - PUBLIC) -cloudtrace.admin,cloudtrace.tasks.list,True,True,cloudtrace.googleapis.com (GA - PUBLIC),cloudtrace.googleapis.com (GA - PUBLIC) -cloudtrace.admin,cloudtrace.stats.get,True,True,cloudtrace.googleapis.com (GA - PUBLIC),cloudtrace.googleapis.com (GA - PUBLIC) -cloudtrace.admin,cloudtrace.tasks.create,True,True,cloudtrace.googleapis.com (GA - PUBLIC),cloudtrace.googleapis.com (GA - PUBLIC) -cloudtrace.admin,cloudtrace.traces.get,True,True,cloudtrace.googleapis.com (GA - PUBLIC),cloudtrace.googleapis.com (GA - PUBLIC) -cloudtrace.admin,cloudtrace.insights.list,True,True,cloudtrace.googleapis.com (GA - PUBLIC),cloudtrace.googleapis.com (GA - PUBLIC) -cloudtrace.admin,cloudtrace.traces.list,True,True,cloudtrace.googleapis.com (GA - PUBLIC),cloudtrace.googleapis.com (GA - PUBLIC) -cloudtrace.admin,cloudtrace.tasks.delete,True,True,cloudtrace.googleapis.com (GA - PUBLIC),cloudtrace.googleapis.com (GA - PUBLIC) -cloudtrace.agent,cloudtrace.traces.patch,True,True,cloudtrace.googleapis.com (GA - PUBLIC),cloudtrace.googleapis.com (GA - PUBLIC) -cloudtrace.user,resourcemanager.projects.list,True,True,cloudtrace.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -cloudtrace.user,resourcemanager.projects.get,True,True,cloudtrace.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -cloudtrace.user,cloudtrace.tasks.get,True,True,cloudtrace.googleapis.com (GA - PUBLIC),cloudtrace.googleapis.com (GA - PUBLIC) -cloudtrace.user,cloudtrace.insights.get,True,True,cloudtrace.googleapis.com (GA - PUBLIC),cloudtrace.googleapis.com (GA - PUBLIC) -cloudtrace.user,cloudtrace.tasks.list,True,True,cloudtrace.googleapis.com (GA - PUBLIC),cloudtrace.googleapis.com (GA - PUBLIC) -cloudtrace.user,cloudtrace.stats.get,True,True,cloudtrace.googleapis.com (GA - PUBLIC),cloudtrace.googleapis.com (GA - PUBLIC) -cloudtrace.user,cloudtrace.tasks.create,True,True,cloudtrace.googleapis.com (GA - PUBLIC),cloudtrace.googleapis.com (GA - PUBLIC) -cloudtrace.user,cloudtrace.traces.get,True,True,cloudtrace.googleapis.com (GA - PUBLIC),cloudtrace.googleapis.com (GA - PUBLIC) -cloudtrace.user,cloudtrace.insights.list,True,True,cloudtrace.googleapis.com (GA - PUBLIC),cloudtrace.googleapis.com (GA - PUBLIC) -cloudtrace.user,cloudtrace.traces.list,True,True,cloudtrace.googleapis.com (GA - PUBLIC),cloudtrace.googleapis.com (GA - PUBLIC) -cloudtrace.user,cloudtrace.tasks.delete,True,True,cloudtrace.googleapis.com (GA - PUBLIC),cloudtrace.googleapis.com (GA - PUBLIC) -compute.imageUser,resourcemanager.projects.list,True,True,compute.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -compute.imageUser,resourcemanager.projects.get,True,True,compute.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -compute.imageUser,compute.images.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.imageUser,compute.images.useReadOnly,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.imageUser,serviceusage.services.get,True,True,compute.googleapis.com (GA - PUBLIC),serviceusage.googleapis.com (BETA - INTERNAL) -compute.imageUser,compute.images.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.imageUser,serviceusage.quotas.get,True,True,compute.googleapis.com (GA - PUBLIC),serviceusage.googleapis.com (BETA - INTERNAL) -compute.imageUser,compute.images.getFromFamily,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin,compute.subnetworks.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin,compute.addresses.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin,compute.diskTypes.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin,resourcemanager.projects.list,True,True,compute.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -compute.instanceAdmin,resourcemanager.projects.get,True,True,compute.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -compute.instanceAdmin,compute.globalOperations.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin,compute.machineTypes.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin,compute.disks.createSnapshot,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin,compute.licenses.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin,compute.licenses.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin,compute.networks.useExternalIp,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin,compute.networks.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin,compute.images.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin,compute.images.useReadOnly,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin,compute.addresses.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin,compute.acceleratorTypes.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin,compute.subnetworks.useExternalIp,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin,compute.disks.delete,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin,compute.targetPools.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin,compute.zoneOperations.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin,compute.regions.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin,compute.disks.setLabels,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin,compute.images.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin,compute.projects.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin,compute.regionOperations.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin,compute.disks.update,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin,compute.machineTypes.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin,compute.acceleratorTypes.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin,compute.subnetworks.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin,compute.disks.resize,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin,compute.disks.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin,compute.disks.useReadOnly,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin,compute.zones.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin,compute.images.getFromFamily,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin,compute.zoneOperations.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin,compute.globalAddresses.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin,compute.disks.use,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin,compute.addresses.use,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin,compute.networks.use,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin,compute.globalAddresses.use,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin,compute.regions.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin,compute.disks.create,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin,compute.globalOperations.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin,compute.disks.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin,compute.diskTypes.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin,compute.globalAddresses.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin,compute.regionOperations.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin,compute.networks.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin,compute.targetPools.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin,compute.zones.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin,compute.subnetworks.use,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.subnetworks.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.addresses.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.targetSslProxies.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.diskTypes.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.healthChecks.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.targetInstances.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,resourcemanager.projects.list,True,True,compute.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.backendBuckets.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.firewalls.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.routes.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.httpsHealthChecks.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,resourcemanager.projects.get,True,True,compute.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.globalOperations.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.machineTypes.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.routes.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.routers.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.interconnectAttachments.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.networks.useExternalIp,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.forwardingRules.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.networks.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.targetVpnGateways.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.addresses.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.interconnectLocations.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.acceleratorTypes.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.subnetworks.useExternalIp,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.interconnectLocations.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.targetPools.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.targetSslProxies.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,serviceusage.services.get,True,True,compute.googleapis.com (GA - PUBLIC),serviceusage.googleapis.com (BETA - INTERNAL) -compute.instanceAdmin.v1,compute.zoneOperations.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.globalForwardingRules.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.regions.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.projects.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.targetHttpProxies.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.regionOperations.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.httpHealthChecks.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.targetInstances.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.healthChecks.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.machineTypes.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.urlMaps.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.targetHttpsProxies.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.httpsHealthChecks.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.acceleratorTypes.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.subnetworks.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,serviceusage.quotas.get,True,True,compute.googleapis.com (GA - PUBLIC),serviceusage.googleapis.com (BETA - INTERNAL) -compute.instanceAdmin.v1,compute.firewalls.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.backendServices.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.globalForwardingRules.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.sslCertificates.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.zones.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.targetHttpProxies.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.targetHttpsProxies.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.zoneOperations.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.routers.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.globalAddresses.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.addresses.use,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.networks.use,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.globalAddresses.use,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.regions.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.interconnectAttachments.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.vpnTunnels.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.backendBuckets.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.globalOperations.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.sslPolicies.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.sslCertificates.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.forwardingRules.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.diskTypes.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.interconnects.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.globalAddresses.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.vpnTunnels.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.regionOperations.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.urlMaps.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.sslPolicies.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.networks.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.backendServices.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.targetVpnGateways.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.targetPools.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.interconnects.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.zones.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.projects.setCommonInstanceMetadata,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.subnetworks.use,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.instanceAdmin.v1,compute.httpHealthChecks.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.instanceTemplates.delete,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.forwardingRules.delete,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.subnetworks.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.addresses.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.targetSslProxies.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.diskTypes.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.instanceGroups.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.healthChecks.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.targetInstances.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.backendBuckets.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.snapshots.delete,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.autoscalers.delete,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.firewalls.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.targetPools.delete,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.routes.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.httpsHealthChecks.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.healthChecks.delete,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.routers.delete,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.globalOperations.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.targetVpnGateways.delete,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.machineTypes.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.routes.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.globalForwardingRules.delete,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.sslPolicies.delete,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.instanceGroupManagers.delete,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.routers.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.licenses.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.interconnectAttachments.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.licenses.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.forwardingRules.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.subnetworks.delete,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.networks.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.instanceGroups.delete,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.interconnectAttachments.delete,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.targetVpnGateways.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.images.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.urlMaps.delete,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.addresses.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.interconnectLocations.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.acceleratorTypes.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.interconnectLocations.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.disks.delete,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.targetPools.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.targetInstances.delete,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.images.delete,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.snapshots.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.targetSslProxies.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.instances.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.zoneOperations.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.vpnTunnels.delete,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.globalForwardingRules.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.regions.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.backendServices.delete,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.snapshots.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.images.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.projects.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.targetHttpProxies.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.regionOperations.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.httpHealthChecks.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.targetInstances.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.healthChecks.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.targetHttpProxies.delete,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.machineTypes.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.urlMaps.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.httpsHealthChecks.delete,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.routes.delete,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.targetHttpsProxies.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.httpsHealthChecks.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.acceleratorTypes.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.subnetworks.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.firewalls.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.backendServices.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.globalForwardingRules.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.addresses.delete,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.disks.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.sslCertificates.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.zones.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.targetHttpProxies.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.targetHttpsProxies.delete,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.instances.delete,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.targetHttpsProxies.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.zoneOperations.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.instanceGroupManagers.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.instanceTemplates.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.autoscalers.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.httpHealthChecks.delete,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.routers.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.instances.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.globalAddresses.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.regions.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.interconnects.delete,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.instanceGroupManagers.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.commitments.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.interconnectAttachments.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.vpnTunnels.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.backendBuckets.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.globalOperations.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.instanceGroups.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.sslPolicies.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.sslCertificates.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.disks.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.forwardingRules.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.diskTypes.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.regionOperations.delete,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.interconnects.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.globalAddresses.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.vpnTunnels.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.globalOperations.delete,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.regionOperations.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.urlMaps.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.autoscalers.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.sslPolicies.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.zoneOperations.delete,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.networks.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.backendServices.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.backendBuckets.delete,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.targetVpnGateways.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.commitments.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.networks.delete,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.instanceTemplates.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.targetPools.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.interconnects.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.zones.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.globalAddresses.delete,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.targetSslProxies.delete,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.firewalls.delete,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.httpHealthChecks.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalDeprovisioner,compute.sslCertificates.delete,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.internalInstanceViewer,compute.instances.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -compute.networkAdmin,compute.instanceGroups.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkAdmin,resourcemanager.projects.list,True,True,compute.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -compute.networkAdmin,compute.firewalls.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkAdmin,resourcemanager.projects.get,True,True,compute.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -compute.networkAdmin,compute.globalOperations.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkAdmin,compute.instanceGroupManagers.update,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkAdmin,compute.instances.listReferrers,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkAdmin,serviceusage.services.get,True,True,compute.googleapis.com (GA - PUBLIC),serviceusage.googleapis.com (BETA - INTERNAL) -compute.networkAdmin,compute.instances.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkAdmin,compute.instanceGroupManagers.use,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkAdmin,compute.zoneOperations.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkAdmin,compute.regions.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkAdmin,compute.projects.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkAdmin,compute.regionOperations.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkAdmin,compute.instances.getSerialPortOutput,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkAdmin,serviceusage.quotas.get,True,True,compute.googleapis.com (GA - PUBLIC),serviceusage.googleapis.com (BETA - INTERNAL) -compute.networkAdmin,compute.instanceGroups.update,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkAdmin,compute.firewalls.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkAdmin,compute.sslCertificates.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkAdmin,compute.zones.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkAdmin,compute.instances.getGuestAttributes,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkAdmin,compute.zoneOperations.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkAdmin,compute.instanceGroupManagers.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkAdmin,compute.instances.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkAdmin,compute.regions.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkAdmin,compute.instanceGroupManagers.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkAdmin,compute.instances.use,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkAdmin,compute.globalOperations.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkAdmin,compute.instanceGroups.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkAdmin,compute.sslCertificates.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkAdmin,compute.regionOperations.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkAdmin,compute.zones.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkAdmin,compute.instanceGroups.use,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkUser,compute.subnetworks.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkUser,compute.addresses.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkUser,compute.interconnects.use,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkUser,compute.networks.listIpOwners,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkUser,resourcemanager.projects.list,True,True,compute.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -compute.networkUser,compute.firewalls.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkUser,compute.routes.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkUser,resourcemanager.projects.get,True,True,compute.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -compute.networkUser,compute.routes.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkUser,compute.routers.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkUser,compute.interconnectAttachments.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkUser,compute.networks.useExternalIp,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkUser,compute.subnetworks.listIpOwners,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkUser,compute.networks.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkUser,compute.targetVpnGateways.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkUser,compute.addresses.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkUser,compute.interconnectLocations.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkUser,compute.subnetworks.useExternalIp,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkUser,compute.interconnectLocations.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkUser,compute.networks.listUsableSubnets,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkUser,serviceusage.services.get,True,True,compute.googleapis.com (GA - PUBLIC),serviceusage.googleapis.com (BETA - INTERNAL) -compute.networkUser,compute.regions.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkUser,compute.projects.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkUser,compute.subnetworks.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkUser,serviceusage.quotas.get,True,True,compute.googleapis.com (GA - PUBLIC),serviceusage.googleapis.com (BETA - INTERNAL) -compute.networkUser,compute.firewalls.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkUser,compute.zones.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkUser,compute.routers.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkUser,compute.networks.use,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkUser,compute.regions.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkUser,compute.interconnectAttachments.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkUser,compute.vpnTunnels.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkUser,compute.interconnects.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkUser,compute.vpnTunnels.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkUser,compute.networks.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkUser,compute.targetVpnGateways.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkUser,compute.interconnects.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkUser,compute.zones.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkUser,compute.subnetworks.use,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkViewer,compute.subnetworks.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkViewer,compute.addresses.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkViewer,compute.targetSslProxies.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkViewer,compute.instanceGroups.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkViewer,compute.healthChecks.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkViewer,compute.networks.listIpOwners,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkViewer,compute.targetInstances.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkViewer,resourcemanager.projects.list,True,True,compute.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -compute.networkViewer,compute.backendBuckets.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkViewer,compute.firewalls.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkViewer,compute.routes.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkViewer,compute.httpsHealthChecks.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkViewer,resourcemanager.projects.get,True,True,compute.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -compute.networkViewer,compute.instances.listReferrers,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkViewer,compute.routes.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkViewer,compute.routers.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkViewer,compute.interconnectAttachments.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkViewer,compute.forwardingRules.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkViewer,compute.subnetworks.listIpOwners,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkViewer,compute.networks.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkViewer,compute.targetVpnGateways.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkViewer,compute.addresses.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkViewer,compute.interconnectLocations.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkViewer,compute.interconnectLocations.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkViewer,compute.networks.listUsableSubnets,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkViewer,compute.targetPools.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkViewer,compute.targetSslProxies.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkViewer,serviceusage.services.get,True,True,compute.googleapis.com (GA - PUBLIC),serviceusage.googleapis.com (BETA - INTERNAL) -compute.networkViewer,compute.instances.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkViewer,compute.globalForwardingRules.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkViewer,compute.regions.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkViewer,compute.projects.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkViewer,compute.targetHttpProxies.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkViewer,compute.instances.getSerialPortOutput,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkViewer,compute.httpHealthChecks.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkViewer,compute.targetInstances.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkViewer,compute.healthChecks.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkViewer,compute.urlMaps.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkViewer,compute.targetHttpsProxies.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkViewer,compute.httpsHealthChecks.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkViewer,compute.subnetworks.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkViewer,serviceusage.quotas.get,True,True,compute.googleapis.com (GA - PUBLIC),serviceusage.googleapis.com (BETA - INTERNAL) -compute.networkViewer,compute.firewalls.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkViewer,compute.backendServices.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkViewer,compute.globalForwardingRules.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkViewer,compute.sslCertificates.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkViewer,compute.zones.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkViewer,compute.targetHttpProxies.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkViewer,compute.instances.getGuestAttributes,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkViewer,compute.targetHttpsProxies.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkViewer,compute.routers.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkViewer,compute.instances.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkViewer,compute.globalAddresses.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkViewer,compute.regions.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkViewer,compute.interconnectAttachments.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkViewer,compute.vpnTunnels.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkViewer,compute.backendBuckets.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkViewer,compute.instanceGroups.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkViewer,compute.sslPolicies.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkViewer,compute.sslCertificates.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkViewer,compute.forwardingRules.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkViewer,compute.interconnects.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkViewer,compute.globalAddresses.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkViewer,compute.vpnTunnels.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkViewer,compute.urlMaps.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkViewer,compute.sslPolicies.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkViewer,compute.networks.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkViewer,compute.backendServices.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkViewer,compute.targetVpnGateways.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkViewer,compute.targetPools.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkViewer,compute.interconnects.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkViewer,compute.zones.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.networkViewer,compute.httpHealthChecks.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.securityAdmin,compute.subnetworks.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.securityAdmin,resourcemanager.projects.list,True,True,compute.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -compute.securityAdmin,compute.routes.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.securityAdmin,resourcemanager.projects.get,True,True,compute.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -compute.securityAdmin,compute.globalOperations.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.securityAdmin,compute.routes.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.securityAdmin,compute.networks.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.securityAdmin,serviceusage.services.get,True,True,compute.googleapis.com (GA - PUBLIC),serviceusage.googleapis.com (BETA - INTERNAL) -compute.securityAdmin,compute.zoneOperations.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.securityAdmin,compute.regions.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.securityAdmin,compute.projects.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.securityAdmin,compute.regionOperations.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.securityAdmin,compute.subnetworks.updatePolicy,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.securityAdmin,compute.networks.updatePolicy,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.securityAdmin,compute.subnetworks.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.securityAdmin,serviceusage.quotas.get,True,True,compute.googleapis.com (GA - PUBLIC),serviceusage.googleapis.com (BETA - INTERNAL) -compute.securityAdmin,compute.zones.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.securityAdmin,compute.zoneOperations.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.securityAdmin,compute.regions.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.securityAdmin,compute.globalOperations.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.securityAdmin,compute.regionOperations.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.securityAdmin,compute.networks.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.securityAdmin,compute.zones.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.storageAdmin,compute.diskTypes.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.storageAdmin,resourcemanager.projects.list,True,True,compute.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -compute.storageAdmin,resourcemanager.projects.get,True,True,compute.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -compute.storageAdmin,compute.globalOperations.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.storageAdmin,serviceusage.services.get,True,True,compute.googleapis.com (GA - PUBLIC),serviceusage.googleapis.com (BETA - INTERNAL) -compute.storageAdmin,compute.zoneOperations.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.storageAdmin,compute.regions.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.storageAdmin,compute.projects.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.storageAdmin,compute.regionOperations.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.storageAdmin,serviceusage.quotas.get,True,True,compute.googleapis.com (GA - PUBLIC),serviceusage.googleapis.com (BETA - INTERNAL) -compute.storageAdmin,compute.zones.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.storageAdmin,compute.zoneOperations.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.storageAdmin,compute.regions.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.storageAdmin,compute.globalOperations.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.storageAdmin,compute.diskTypes.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.storageAdmin,compute.regionOperations.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.storageAdmin,compute.zones.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.xpnAdmin,resourcemanager.projects.list,True,True,compute.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -compute.xpnAdmin,resourcemanager.projects.get,True,True,compute.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -compute.xpnAdmin,compute.globalOperations.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.xpnAdmin,resourcemanager.organizations.get,True,True,compute.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -compute.xpnAdmin,compute.projects.get,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.xpnAdmin,compute.subnetworks.getIamPolicy,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.xpnAdmin,compute.globalOperations.list,True,True,compute.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -compute.xpnAdmin,resourcemanager.projects.getIamPolicy,True,True,compute.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -container.admin,resourcemanager.projects.list,True,True,container.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -container.admin,resourcemanager.projects.get,True,True,container.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -container.clusterAdmin,resourcemanager.projects.list,True,True,container.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -container.clusterAdmin,resourcemanager.projects.get,True,True,container.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -container.developer,resourcemanager.projects.list,True,True,container.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -container.developer,resourcemanager.projects.get,True,True,container.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -container.viewer,container.thirdPartyObjects.get,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,container.resourceQuotas.get,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,container.daemonSets.list,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,container.services.list,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,container.deployments.get,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,container.componentStatuses.get,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,container.scheduledJobs.get,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,container.ingresses.get,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,container.namespaces.list,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,container.networkPolicies.list,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,container.roleBindings.get,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,resourcemanager.projects.list,True,True,container.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -container.viewer,container.podDisruptionBudgets.list,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,container.configMaps.list,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,container.petSets.get,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,container.thirdPartyObjects.list,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,resourcemanager.projects.get,True,True,container.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -container.viewer,container.replicationControllers.get,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,container.namespaces.get,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,container.events.get,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,container.statefulSets.list,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,container.persistentVolumeClaims.list,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,container.podDisruptionBudgets.get,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,container.configMaps.get,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,container.bindings.get,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,container.limitRanges.get,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,container.roleBindings.list,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,container.statefulSets.get,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,container.clusterRoleBindings.list,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,container.events.list,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,container.storageClasses.list,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,container.clusterRoles.list,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,container.horizontalPodAutoscalers.get,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,container.persistentVolumes.list,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,container.nodes.list,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,container.roles.list,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,container.deployments.list,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,container.pods.get,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,container.pods.list,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,container.services.get,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,container.cronJobs.get,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,container.nodes.get,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,container.horizontalPodAutoscalers.list,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,container.daemonSets.get,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,container.clusters.list,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,container.limitRanges.list,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,container.podPresets.list,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,container.networkPolicies.get,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,container.endpoints.list,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,container.jobs.get,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,container.certificateSigningRequests.get,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,container.thirdPartyResources.get,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,container.podTemplates.list,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,container.replicaSets.list,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,container.replicationControllers.list,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,container.resourceQuotas.list,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,container.persistentVolumes.get,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,container.bindings.list,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,container.jobs.list,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,container.clusterRoleBindings.get,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,container.clusterRoles.get,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,container.petSets.list,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,container.serviceAccounts.list,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,container.podTemplates.get,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,container.clusters.get,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,container.roles.get,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,container.endpoints.get,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,container.ingresses.list,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,container.storageClasses.get,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,container.replicaSets.get,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,container.podPresets.get,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,container.thirdPartyResources.list,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,container.serviceAccounts.get,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,container.persistentVolumeClaims.get,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,container.componentStatuses.list,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,container.certificateSigningRequests.list,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,container.cronJobs.list,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -container.viewer,container.scheduledJobs.list,True,True,container.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -containeranalysis.admin,resourcemanager.projects.list,True,True,containeranalysis.googleapis.com (INTERNAL - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -containeranalysis.admin,resourcemanager.projects.get,True,True,containeranalysis.googleapis.com (INTERNAL - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -containeranalysis.notes.editor,resourcemanager.projects.list,True,True,containeranalysis.googleapis.com (INTERNAL - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -containeranalysis.notes.editor,resourcemanager.projects.get,True,True,containeranalysis.googleapis.com (INTERNAL - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -containeranalysis.notes.viewer,resourcemanager.projects.list,True,True,containeranalysis.googleapis.com (INTERNAL - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -containeranalysis.notes.viewer,resourcemanager.projects.get,True,True,containeranalysis.googleapis.com (INTERNAL - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -containeranalysis.occurrences.editor,resourcemanager.projects.list,True,True,containeranalysis.googleapis.com (INTERNAL - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -containeranalysis.occurrences.editor,resourcemanager.projects.get,True,True,containeranalysis.googleapis.com (INTERNAL - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -containeranalysis.occurrences.viewer,resourcemanager.projects.list,True,True,containeranalysis.googleapis.com (INTERNAL - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -containeranalysis.occurrences.viewer,resourcemanager.projects.get,True,True,containeranalysis.googleapis.com (INTERNAL - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -dataflow.developer,resourcemanager.projects.list,True,True,dataflow.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -dataflow.developer,resourcemanager.projects.get,True,True,dataflow.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -dataflow.viewer,resourcemanager.projects.list,True,True,dataflow.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -dataflow.viewer,resourcemanager.projects.get,True,True,dataflow.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -dataflow.viewer,dataflow.metrics.get,True,True,dataflow.googleapis.com (GA - PUBLIC),dataflow.googleapis.com (GA - PUBLIC) -dataflow.viewer,dataflow.jobs.list,True,True,dataflow.googleapis.com (GA - PUBLIC),dataflow.googleapis.com (GA - PUBLIC) -dataflow.viewer,dataflow.messages.list,True,True,dataflow.googleapis.com (GA - PUBLIC),dataflow.googleapis.com (GA - PUBLIC) -dataflow.viewer,dataflow.jobs.get,True,True,dataflow.googleapis.com (GA - PUBLIC),dataflow.googleapis.com (GA - PUBLIC) -dataflow.worker,dataflow.jobs.get,True,True,dataflow.googleapis.com (GA - PUBLIC),dataflow.googleapis.com (GA - PUBLIC) -dataprep.projects.user,resourcemanager.projects.get,True,True,dataprep.googleapis.com (BETA - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -dataprep.projects.user,dataprep.projects.use,True,True,dataprep.googleapis.com (BETA - INTERNAL),dataprep.googleapis.com (BETA - INTERNAL) -dataproc.editor,dataproc.jobs.cancel,True,True,dataproc.googleapis.com (GA - PUBLIC),dataproc.googleapis.com (GA - PUBLIC) -dataproc.editor,resourcemanager.projects.list,True,True,dataproc.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -dataproc.editor,resourcemanager.projects.get,True,True,dataproc.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -dataproc.editor,dataproc.clusters.delete,True,True,dataproc.googleapis.com (GA - PUBLIC),dataproc.googleapis.com (GA - PUBLIC) -dataproc.editor,compute.machineTypes.get,True,True,dataproc.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -dataproc.editor,dataproc.clusters.create,True,True,dataproc.googleapis.com (GA - PUBLIC),dataproc.googleapis.com (GA - PUBLIC) -dataproc.editor,compute.networks.list,True,True,dataproc.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -dataproc.editor,compute.regions.get,True,True,dataproc.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -dataproc.editor,compute.projects.get,True,True,dataproc.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -dataproc.editor,dataproc.operations.get,True,True,dataproc.googleapis.com (GA - PUBLIC),dataproc.googleapis.com (GA - PUBLIC) -dataproc.editor,dataproc.clusters.use,True,True,dataproc.googleapis.com (GA - PUBLIC),dataproc.googleapis.com (GA - PUBLIC) -dataproc.editor,compute.machineTypes.list,True,True,dataproc.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -dataproc.editor,dataproc.clusters.get,True,True,dataproc.googleapis.com (GA - PUBLIC),dataproc.googleapis.com (GA - PUBLIC) -dataproc.editor,compute.zones.list,True,True,dataproc.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -dataproc.editor,dataproc.jobs.list,True,True,dataproc.googleapis.com (GA - PUBLIC),dataproc.googleapis.com (GA - PUBLIC) -dataproc.editor,dataproc.clusters.list,True,True,dataproc.googleapis.com (GA - PUBLIC),dataproc.googleapis.com (GA - PUBLIC) -dataproc.editor,dataproc.jobs.get,True,True,dataproc.googleapis.com (GA - PUBLIC),dataproc.googleapis.com (GA - PUBLIC) -dataproc.editor,dataproc.operations.delete,True,True,dataproc.googleapis.com (GA - PUBLIC),dataproc.googleapis.com (GA - PUBLIC) -dataproc.editor,compute.regions.list,True,True,dataproc.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -dataproc.editor,dataproc.jobs.update,True,True,dataproc.googleapis.com (GA - PUBLIC),dataproc.googleapis.com (GA - PUBLIC) -dataproc.editor,dataproc.clusters.update,True,True,dataproc.googleapis.com (GA - PUBLIC),dataproc.googleapis.com (GA - PUBLIC) -dataproc.editor,compute.networks.get,True,True,dataproc.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -dataproc.editor,dataproc.operations.list,True,True,dataproc.googleapis.com (GA - PUBLIC),dataproc.googleapis.com (GA - PUBLIC) -dataproc.editor,dataproc.jobs.delete,True,True,dataproc.googleapis.com (GA - PUBLIC),dataproc.googleapis.com (GA - PUBLIC) -dataproc.editor,dataproc.jobs.create,True,True,dataproc.googleapis.com (GA - PUBLIC),dataproc.googleapis.com (GA - PUBLIC) -dataproc.editor,compute.zones.get,True,True,dataproc.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -dataproc.viewer,resourcemanager.projects.list,True,True,dataproc.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -dataproc.viewer,resourcemanager.projects.get,True,True,dataproc.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -dataproc.viewer,compute.machineTypes.get,True,True,dataproc.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -dataproc.viewer,compute.regions.get,True,True,dataproc.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -dataproc.viewer,dataproc.operations.get,True,True,dataproc.googleapis.com (GA - PUBLIC),dataproc.googleapis.com (GA - PUBLIC) -dataproc.viewer,dataproc.clusters.get,True,True,dataproc.googleapis.com (GA - PUBLIC),dataproc.googleapis.com (GA - PUBLIC) -dataproc.viewer,dataproc.jobs.list,True,True,dataproc.googleapis.com (GA - PUBLIC),dataproc.googleapis.com (GA - PUBLIC) -dataproc.viewer,dataproc.clusters.list,True,True,dataproc.googleapis.com (GA - PUBLIC),dataproc.googleapis.com (GA - PUBLIC) -dataproc.viewer,dataproc.jobs.get,True,True,dataproc.googleapis.com (GA - PUBLIC),dataproc.googleapis.com (GA - PUBLIC) -dataproc.viewer,compute.regions.list,True,True,dataproc.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -dataproc.viewer,dataproc.operations.list,True,True,dataproc.googleapis.com (GA - PUBLIC),dataproc.googleapis.com (GA - PUBLIC) -dataproc.viewer,compute.zones.get,True,True,dataproc.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -dataproc.worker,monitoring.monitoredResourceDescriptors.list,True,True,dataproc.googleapis.com (GA - PUBLIC),monitoring.googleapis.com (GA - PUBLIC) -dataproc.worker,storage.objects.getIamPolicy,True,True,dataproc.googleapis.com (GA - PUBLIC),storage.googleapis.com (GA - PUBLIC) -dataproc.worker,dataproc.agents.create,True,True,dataproc.googleapis.com (GA - PUBLIC),dataproc.googleapis.com (GA - PUBLIC) -dataproc.worker,storage.objects.setIamPolicy,True,True,dataproc.googleapis.com (GA - PUBLIC),storage.googleapis.com (GA - PUBLIC) -dataproc.worker,storage.objects.get,True,True,dataproc.googleapis.com (GA - PUBLIC),storage.googleapis.com (GA - PUBLIC) -dataproc.worker,dataproc.tasks.reportStatus,True,True,dataproc.googleapis.com (GA - PUBLIC),dataproc.googleapis.com (GA - PUBLIC) -dataproc.worker,dataproc.agents.get,True,True,dataproc.googleapis.com (GA - PUBLIC),dataproc.googleapis.com (GA - PUBLIC) -dataproc.worker,dataproc.agents.delete,True,True,dataproc.googleapis.com (GA - PUBLIC),dataproc.googleapis.com (GA - PUBLIC) -dataproc.worker,storage.objects.update,True,True,dataproc.googleapis.com (GA - PUBLIC),storage.googleapis.com (GA - PUBLIC) -dataproc.worker,dataproc.tasks.lease,True,True,dataproc.googleapis.com (GA - PUBLIC),dataproc.googleapis.com (GA - PUBLIC) -dataproc.worker,monitoring.metricDescriptors.create,True,True,dataproc.googleapis.com (GA - PUBLIC),monitoring.googleapis.com (GA - PUBLIC) -dataproc.worker,monitoring.metricDescriptors.list,True,True,dataproc.googleapis.com (GA - PUBLIC),monitoring.googleapis.com (GA - PUBLIC) -dataproc.worker,logging.logEntries.create,True,True,dataproc.googleapis.com (GA - PUBLIC),logging.googleapis.com (GA - PUBLIC) -dataproc.worker,dataproc.tasks.listInvalidatedLeases,True,True,dataproc.googleapis.com (GA - PUBLIC),dataproc.googleapis.com (GA - PUBLIC) -dataproc.worker,storage.objects.delete,True,True,dataproc.googleapis.com (GA - PUBLIC),storage.googleapis.com (GA - PUBLIC) -dataproc.worker,storage.buckets.get,True,True,dataproc.googleapis.com (GA - PUBLIC),storage.googleapis.com (GA - PUBLIC) -dataproc.worker,dataproc.agents.update,True,True,dataproc.googleapis.com (GA - PUBLIC),dataproc.googleapis.com (GA - PUBLIC) -dataproc.worker,dataproc.agents.list,True,True,dataproc.googleapis.com (GA - PUBLIC),dataproc.googleapis.com (GA - PUBLIC) -dataproc.worker,monitoring.monitoredResourceDescriptors.get,True,True,dataproc.googleapis.com (GA - PUBLIC),monitoring.googleapis.com (GA - PUBLIC) -dataproc.worker,monitoring.timeSeries.create,True,True,dataproc.googleapis.com (GA - PUBLIC),monitoring.googleapis.com (GA - PUBLIC) -dataproc.worker,monitoring.metricDescriptors.get,True,True,dataproc.googleapis.com (GA - PUBLIC),monitoring.googleapis.com (GA - PUBLIC) -dataproc.worker,storage.objects.create,True,True,dataproc.googleapis.com (GA - PUBLIC),storage.googleapis.com (GA - PUBLIC) -dataproc.worker,storage.objects.list,True,True,dataproc.googleapis.com (GA - PUBLIC),storage.googleapis.com (GA - PUBLIC) -datastore.googleAdminReader,datastore.namespaces.list,True,True,service_roles (Unspecified - INTERNAL),datastore.googleapis.com (GA - PUBLIC) -datastore.googleAdminReader,resourcemanager.projects.list,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -datastore.googleAdminReader,resourcemanager.projects.get,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -datastore.googleAdminReader,datastore.statistics.get,True,True,service_roles (Unspecified - INTERNAL),datastore.googleapis.com (GA - PUBLIC) -datastore.googleAdminReader,servicemanagement.services.get,True,True,service_roles (Unspecified - INTERNAL),servicemanagement.googleapis.com (GA - PUBLIC) -datastore.googleAdminReader,datastore.databases.list,True,True,service_roles (Unspecified - INTERNAL),datastore.googleapis.com (GA - PUBLIC) -datastore.googleAdminReader,logging.sinks.list,True,True,service_roles (Unspecified - INTERNAL),logging.googleapis.com (GA - PUBLIC) -datastore.googleAdminReader,datastore.entities.list,True,True,service_roles (Unspecified - INTERNAL),datastore.googleapis.com (GA - PUBLIC) -datastore.googleAdminReader,appengine.versions.get,True,True,service_roles (Unspecified - INTERNAL),appengine.googleapis.com (GA - PUBLIC) -datastore.googleAdminReader,datastore.namespaces.get,True,True,service_roles (Unspecified - INTERNAL),datastore.googleapis.com (GA - PUBLIC) -datastore.googleAdminReader,appengine.services.get,True,True,service_roles (Unspecified - INTERNAL),appengine.googleapis.com (GA - PUBLIC) -datastore.googleAdminReader,appengine.operations.get,True,True,service_roles (Unspecified - INTERNAL),appengine.googleapis.com (GA - PUBLIC) -datastore.googleAdminReader,serviceusage.services.get,True,True,service_roles (Unspecified - INTERNAL),serviceusage.googleapis.com (BETA - INTERNAL) -datastore.googleAdminReader,appengine.applications.list,True,True,service_roles (Unspecified - INTERNAL),appengine.googleapis.com (GA - PUBLIC) -datastore.googleAdminReader,datastore.indexes.get,True,True,service_roles (Unspecified - INTERNAL),datastore.googleapis.com (GA - PUBLIC) -datastore.googleAdminReader,appengine.instances.get,True,True,service_roles (Unspecified - INTERNAL),appengine.googleapis.com (GA - PUBLIC) -datastore.googleAdminReader,logging.logEntries.list,True,True,service_roles (Unspecified - INTERNAL),logging.googleapis.com (GA - PUBLIC) -datastore.googleAdminReader,logging.logServiceIndexes.list,True,True,service_roles (Unspecified - INTERNAL),logging.googleapis.com (GA - PUBLIC) -datastore.googleAdminReader,appengine.instances.list,True,True,service_roles (Unspecified - INTERNAL),appengine.googleapis.com (GA - PUBLIC) -datastore.googleAdminReader,servicemanagement.services.list,True,True,service_roles (Unspecified - INTERNAL),servicemanagement.googleapis.com (GA - PUBLIC) -datastore.googleAdminReader,serviceusage.quotas.get,True,True,service_roles (Unspecified - INTERNAL),serviceusage.googleapis.com (BETA - INTERNAL) -datastore.googleAdminReader,datastore.statistics.list,True,True,service_roles (Unspecified - INTERNAL),datastore.googleapis.com (GA - PUBLIC) -datastore.googleAdminReader,logging.sinks.get,True,True,service_roles (Unspecified - INTERNAL),logging.googleapis.com (GA - PUBLIC) -datastore.googleAdminReader,logging.logs.list,True,True,service_roles (Unspecified - INTERNAL),logging.googleapis.com (GA - PUBLIC) -datastore.googleAdminReader,appengine.applications.get,True,True,service_roles (Unspecified - INTERNAL),appengine.googleapis.com (GA - PUBLIC) -datastore.googleAdminReader,serviceusage.services.list,True,True,service_roles (Unspecified - INTERNAL),serviceusage.googleapis.com (BETA - INTERNAL) -datastore.googleAdminReader,datastore.databases.get,True,True,service_roles (Unspecified - INTERNAL),datastore.googleapis.com (GA - PUBLIC) -datastore.googleAdminReader,appengine.operations.list,True,True,service_roles (Unspecified - INTERNAL),appengine.googleapis.com (GA - PUBLIC) -datastore.googleAdminReader,appengine.services.list,True,True,service_roles (Unspecified - INTERNAL),appengine.googleapis.com (GA - PUBLIC) -datastore.googleAdminReader,appengine.versions.list,True,True,service_roles (Unspecified - INTERNAL),appengine.googleapis.com (GA - PUBLIC) -datastore.googleAdminReader,logging.logServices.list,True,True,service_roles (Unspecified - INTERNAL),logging.googleapis.com (GA - PUBLIC) -datastore.googleAdminReader,logging.logMetrics.get,True,True,service_roles (Unspecified - INTERNAL),logging.googleapis.com (GA - PUBLIC) -datastore.googleAdminReader,datastore.entities.get,True,True,service_roles (Unspecified - INTERNAL),datastore.googleapis.com (GA - PUBLIC) -datastore.googleAdminReader,datastore.indexes.list,True,True,service_roles (Unspecified - INTERNAL),datastore.googleapis.com (GA - PUBLIC) -datastore.googleAdminReader,logging.logMetrics.list,True,True,service_roles (Unspecified - INTERNAL),logging.googleapis.com (GA - PUBLIC) -datastore.importExportAdmin,resourcemanager.projects.list,True,True,datastore.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -datastore.importExportAdmin,datastore.operations.list,True,True,datastore.googleapis.com (GA - PUBLIC),datastore.googleapis.com (GA - PUBLIC) -datastore.importExportAdmin,resourcemanager.projects.get,True,True,datastore.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -datastore.importExportAdmin,datastore.databases.import,True,True,datastore.googleapis.com (GA - PUBLIC),datastore.googleapis.com (GA - PUBLIC) -datastore.importExportAdmin,datastore.operations.get,True,True,datastore.googleapis.com (GA - PUBLIC),datastore.googleapis.com (GA - PUBLIC) -datastore.importExportAdmin,appengine.applications.get,True,True,datastore.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -datastore.importExportAdmin,datastore.operations.cancel,True,True,datastore.googleapis.com (GA - PUBLIC),datastore.googleapis.com (GA - PUBLIC) -datastore.importExportAdmin,datastore.databases.export,True,True,datastore.googleapis.com (GA - PUBLIC),datastore.googleapis.com (GA - PUBLIC) -datastore.indexAdmin,datastore.indexes.delete,True,True,datastore.googleapis.com (GA - PUBLIC),datastore.googleapis.com (GA - PUBLIC) -datastore.indexAdmin,resourcemanager.projects.list,True,True,datastore.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -datastore.indexAdmin,resourcemanager.projects.get,True,True,datastore.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -datastore.indexAdmin,datastore.indexes.update,True,True,datastore.googleapis.com (GA - PUBLIC),datastore.googleapis.com (GA - PUBLIC) -datastore.indexAdmin,datastore.indexes.get,True,True,datastore.googleapis.com (GA - PUBLIC),datastore.googleapis.com (GA - PUBLIC) -datastore.indexAdmin,datastore.indexes.create,True,True,datastore.googleapis.com (GA - PUBLIC),datastore.googleapis.com (GA - PUBLIC) -datastore.indexAdmin,appengine.applications.get,True,True,datastore.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -datastore.indexAdmin,datastore.indexes.list,True,True,datastore.googleapis.com (GA - PUBLIC),datastore.googleapis.com (GA - PUBLIC) -datastore.owner,datastore.indexes.delete,True,True,datastore.googleapis.com (GA - PUBLIC),datastore.googleapis.com (GA - PUBLIC) -datastore.owner,datastore.operations.delete,True,True,datastore.googleapis.com (GA - PUBLIC),datastore.googleapis.com (GA - PUBLIC) -datastore.owner,datastore.namespaces.list,True,True,datastore.googleapis.com (GA - PUBLIC),datastore.googleapis.com (GA - PUBLIC) -datastore.owner,resourcemanager.projects.list,True,True,datastore.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -datastore.owner,datastore.databases.delete,True,True,datastore.googleapis.com (GA - PUBLIC),datastore.googleapis.com (GA - PUBLIC) -datastore.owner,datastore.operations.list,True,True,datastore.googleapis.com (GA - PUBLIC),datastore.googleapis.com (GA - PUBLIC) -datastore.owner,resourcemanager.projects.get,True,True,datastore.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -datastore.owner,datastore.statistics.get,True,True,datastore.googleapis.com (GA - PUBLIC),datastore.googleapis.com (GA - PUBLIC) -datastore.owner,datastore.entities.update,True,True,datastore.googleapis.com (GA - PUBLIC),datastore.googleapis.com (GA - PUBLIC) -datastore.owner,datastore.databases.import,True,True,datastore.googleapis.com (GA - PUBLIC),datastore.googleapis.com (GA - PUBLIC) -datastore.owner,datastore.databases.update,True,True,datastore.googleapis.com (GA - PUBLIC),datastore.googleapis.com (GA - PUBLIC) -datastore.owner,datastore.databases.list,True,True,datastore.googleapis.com (GA - PUBLIC),datastore.googleapis.com (GA - PUBLIC) -datastore.owner,datastore.namespaces.setIamPolicy,True,True,datastore.googleapis.com (GA - PUBLIC),datastore.googleapis.com (GA - PUBLIC) -datastore.owner,datastore.databases.create,True,True,datastore.googleapis.com (GA - PUBLIC),datastore.googleapis.com (GA - PUBLIC) -datastore.owner,datastore.entities.list,True,True,datastore.googleapis.com (GA - PUBLIC),datastore.googleapis.com (GA - PUBLIC) -datastore.owner,datastore.entities.delete,True,True,datastore.googleapis.com (GA - PUBLIC),datastore.googleapis.com (GA - PUBLIC) -datastore.owner,datastore.entities.allocateIds,True,True,datastore.googleapis.com (GA - PUBLIC),datastore.googleapis.com (GA - PUBLIC) -datastore.owner,datastore.namespaces.get,True,True,datastore.googleapis.com (GA - PUBLIC),datastore.googleapis.com (GA - PUBLIC) -datastore.owner,datastore.databases.setIamPolicy,True,True,datastore.googleapis.com (GA - PUBLIC),datastore.googleapis.com (GA - PUBLIC) -datastore.owner,datastore.indexes.update,True,True,datastore.googleapis.com (GA - PUBLIC),datastore.googleapis.com (GA - PUBLIC) -datastore.owner,datastore.indexes.get,True,True,datastore.googleapis.com (GA - PUBLIC),datastore.googleapis.com (GA - PUBLIC) -datastore.owner,datastore.entities.create,True,True,datastore.googleapis.com (GA - PUBLIC),datastore.googleapis.com (GA - PUBLIC) -datastore.owner,datastore.indexes.create,True,True,datastore.googleapis.com (GA - PUBLIC),datastore.googleapis.com (GA - PUBLIC) -datastore.owner,datastore.databases.getIamPolicy,True,True,datastore.googleapis.com (GA - PUBLIC),datastore.googleapis.com (GA - PUBLIC) -datastore.owner,datastore.statistics.list,True,True,datastore.googleapis.com (GA - PUBLIC),datastore.googleapis.com (GA - PUBLIC) -datastore.owner,datastore.operations.get,True,True,datastore.googleapis.com (GA - PUBLIC),datastore.googleapis.com (GA - PUBLIC) -datastore.owner,appengine.applications.get,True,True,datastore.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -datastore.owner,datastore.databases.get,True,True,datastore.googleapis.com (GA - PUBLIC),datastore.googleapis.com (GA - PUBLIC) -datastore.owner,datastore.operations.cancel,True,True,datastore.googleapis.com (GA - PUBLIC),datastore.googleapis.com (GA - PUBLIC) -datastore.owner,datastore.namespaces.getIamPolicy,True,True,datastore.googleapis.com (GA - PUBLIC),datastore.googleapis.com (GA - PUBLIC) -datastore.owner,datastore.entities.get,True,True,datastore.googleapis.com (GA - PUBLIC),datastore.googleapis.com (GA - PUBLIC) -datastore.owner,datastore.indexes.list,True,True,datastore.googleapis.com (GA - PUBLIC),datastore.googleapis.com (GA - PUBLIC) -datastore.owner,datastore.databases.export,True,True,datastore.googleapis.com (GA - PUBLIC),datastore.googleapis.com (GA - PUBLIC) -datastore.superuserReader,datastore.namespaces.list,True,True,service_roles (Unspecified - INTERNAL),datastore.googleapis.com (GA - PUBLIC) -datastore.superuserReader,datastore.statistics.get,True,True,service_roles (Unspecified - INTERNAL),datastore.googleapis.com (GA - PUBLIC) -datastore.superuserReader,datastore.databases.list,True,True,service_roles (Unspecified - INTERNAL),datastore.googleapis.com (GA - PUBLIC) -datastore.superuserReader,datastore.entities.list,True,True,service_roles (Unspecified - INTERNAL),datastore.googleapis.com (GA - PUBLIC) -datastore.superuserReader,datastore.namespaces.get,True,True,service_roles (Unspecified - INTERNAL),datastore.googleapis.com (GA - PUBLIC) -datastore.superuserReader,datastore.indexes.get,True,True,service_roles (Unspecified - INTERNAL),datastore.googleapis.com (GA - PUBLIC) -datastore.superuserReader,datastore.statistics.list,True,True,service_roles (Unspecified - INTERNAL),datastore.googleapis.com (GA - PUBLIC) -datastore.superuserReader,datastore.databases.get,True,True,service_roles (Unspecified - INTERNAL),datastore.googleapis.com (GA - PUBLIC) -datastore.superuserReader,datastore.entities.get,True,True,service_roles (Unspecified - INTERNAL),datastore.googleapis.com (GA - PUBLIC) -datastore.superuserReader,datastore.indexes.list,True,True,service_roles (Unspecified - INTERNAL),datastore.googleapis.com (GA - PUBLIC) -datastore.superuserWriter,datastore.indexes.delete,True,True,service_roles (Unspecified - INTERNAL),datastore.googleapis.com (GA - PUBLIC) -datastore.superuserWriter,datastore.operations.delete,True,True,service_roles (Unspecified - INTERNAL),datastore.googleapis.com (GA - PUBLIC) -datastore.superuserWriter,datastore.namespaces.list,True,True,service_roles (Unspecified - INTERNAL),datastore.googleapis.com (GA - PUBLIC) -datastore.superuserWriter,datastore.databases.delete,True,True,service_roles (Unspecified - INTERNAL),datastore.googleapis.com (GA - PUBLIC) -datastore.superuserWriter,datastore.operations.list,True,True,service_roles (Unspecified - INTERNAL),datastore.googleapis.com (GA - PUBLIC) -datastore.superuserWriter,datastore.statistics.get,True,True,service_roles (Unspecified - INTERNAL),datastore.googleapis.com (GA - PUBLIC) -datastore.superuserWriter,datastore.entities.update,True,True,service_roles (Unspecified - INTERNAL),datastore.googleapis.com (GA - PUBLIC) -datastore.superuserWriter,datastore.databases.import,True,True,service_roles (Unspecified - INTERNAL),datastore.googleapis.com (GA - PUBLIC) -datastore.superuserWriter,datastore.databases.update,True,True,service_roles (Unspecified - INTERNAL),datastore.googleapis.com (GA - PUBLIC) -datastore.superuserWriter,datastore.databases.list,True,True,service_roles (Unspecified - INTERNAL),datastore.googleapis.com (GA - PUBLIC) -datastore.superuserWriter,datastore.namespaces.setIamPolicy,True,True,service_roles (Unspecified - INTERNAL),datastore.googleapis.com (GA - PUBLIC) -datastore.superuserWriter,datastore.databases.create,True,True,service_roles (Unspecified - INTERNAL),datastore.googleapis.com (GA - PUBLIC) -datastore.superuserWriter,datastore.entities.list,True,True,service_roles (Unspecified - INTERNAL),datastore.googleapis.com (GA - PUBLIC) -datastore.superuserWriter,datastore.entities.delete,True,True,service_roles (Unspecified - INTERNAL),datastore.googleapis.com (GA - PUBLIC) -datastore.superuserWriter,datastore.entities.allocateIds,True,True,service_roles (Unspecified - INTERNAL),datastore.googleapis.com (GA - PUBLIC) -datastore.superuserWriter,datastore.namespaces.get,True,True,service_roles (Unspecified - INTERNAL),datastore.googleapis.com (GA - PUBLIC) -datastore.superuserWriter,datastore.databases.setIamPolicy,True,True,service_roles (Unspecified - INTERNAL),datastore.googleapis.com (GA - PUBLIC) -datastore.superuserWriter,datastore.indexes.update,True,True,service_roles (Unspecified - INTERNAL),datastore.googleapis.com (GA - PUBLIC) -datastore.superuserWriter,datastore.indexes.get,True,True,service_roles (Unspecified - INTERNAL),datastore.googleapis.com (GA - PUBLIC) -datastore.superuserWriter,datastore.entities.create,True,True,service_roles (Unspecified - INTERNAL),datastore.googleapis.com (GA - PUBLIC) -datastore.superuserWriter,datastore.indexes.create,True,True,service_roles (Unspecified - INTERNAL),datastore.googleapis.com (GA - PUBLIC) -datastore.superuserWriter,datastore.databases.getIamPolicy,True,True,service_roles (Unspecified - INTERNAL),datastore.googleapis.com (GA - PUBLIC) -datastore.superuserWriter,datastore.statistics.list,True,True,service_roles (Unspecified - INTERNAL),datastore.googleapis.com (GA - PUBLIC) -datastore.superuserWriter,datastore.operations.get,True,True,service_roles (Unspecified - INTERNAL),datastore.googleapis.com (GA - PUBLIC) -datastore.superuserWriter,datastore.databases.get,True,True,service_roles (Unspecified - INTERNAL),datastore.googleapis.com (GA - PUBLIC) -datastore.superuserWriter,datastore.operations.cancel,True,True,service_roles (Unspecified - INTERNAL),datastore.googleapis.com (GA - PUBLIC) -datastore.superuserWriter,datastore.namespaces.getIamPolicy,True,True,service_roles (Unspecified - INTERNAL),datastore.googleapis.com (GA - PUBLIC) -datastore.superuserWriter,datastore.entities.get,True,True,service_roles (Unspecified - INTERNAL),datastore.googleapis.com (GA - PUBLIC) -datastore.superuserWriter,datastore.indexes.list,True,True,service_roles (Unspecified - INTERNAL),datastore.googleapis.com (GA - PUBLIC) -datastore.superuserWriter,datastore.databases.export,True,True,service_roles (Unspecified - INTERNAL),datastore.googleapis.com (GA - PUBLIC) -datastore.user,datastore.namespaces.list,True,True,datastore.googleapis.com (GA - PUBLIC),datastore.googleapis.com (GA - PUBLIC) -datastore.user,resourcemanager.projects.list,True,True,datastore.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -datastore.user,resourcemanager.projects.get,True,True,datastore.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -datastore.user,datastore.entities.update,True,True,datastore.googleapis.com (GA - PUBLIC),datastore.googleapis.com (GA - PUBLIC) -datastore.user,datastore.entities.list,True,True,datastore.googleapis.com (GA - PUBLIC),datastore.googleapis.com (GA - PUBLIC) -datastore.user,datastore.entities.delete,True,True,datastore.googleapis.com (GA - PUBLIC),datastore.googleapis.com (GA - PUBLIC) -datastore.user,datastore.entities.allocateIds,True,True,datastore.googleapis.com (GA - PUBLIC),datastore.googleapis.com (GA - PUBLIC) -datastore.user,datastore.namespaces.get,True,True,datastore.googleapis.com (GA - PUBLIC),datastore.googleapis.com (GA - PUBLIC) -datastore.user,datastore.entities.create,True,True,datastore.googleapis.com (GA - PUBLIC),datastore.googleapis.com (GA - PUBLIC) -datastore.user,appengine.applications.get,True,True,datastore.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -datastore.user,datastore.databases.get,True,True,datastore.googleapis.com (GA - PUBLIC),datastore.googleapis.com (GA - PUBLIC) -datastore.user,datastore.entities.get,True,True,datastore.googleapis.com (GA - PUBLIC),datastore.googleapis.com (GA - PUBLIC) -datastore.user,datastore.indexes.list,True,True,datastore.googleapis.com (GA - PUBLIC),datastore.googleapis.com (GA - PUBLIC) -datastore.viewer,datastore.namespaces.list,True,True,datastore.googleapis.com (GA - PUBLIC),datastore.googleapis.com (GA - PUBLIC) -datastore.viewer,resourcemanager.projects.list,True,True,datastore.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -datastore.viewer,resourcemanager.projects.get,True,True,datastore.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -datastore.viewer,datastore.statistics.get,True,True,datastore.googleapis.com (GA - PUBLIC),datastore.googleapis.com (GA - PUBLIC) -datastore.viewer,datastore.databases.list,True,True,datastore.googleapis.com (GA - PUBLIC),datastore.googleapis.com (GA - PUBLIC) -datastore.viewer,datastore.entities.list,True,True,datastore.googleapis.com (GA - PUBLIC),datastore.googleapis.com (GA - PUBLIC) -datastore.viewer,datastore.namespaces.get,True,True,datastore.googleapis.com (GA - PUBLIC),datastore.googleapis.com (GA - PUBLIC) -datastore.viewer,datastore.indexes.get,True,True,datastore.googleapis.com (GA - PUBLIC),datastore.googleapis.com (GA - PUBLIC) -datastore.viewer,datastore.statistics.list,True,True,datastore.googleapis.com (GA - PUBLIC),datastore.googleapis.com (GA - PUBLIC) -datastore.viewer,appengine.applications.get,True,True,datastore.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -datastore.viewer,datastore.databases.get,True,True,datastore.googleapis.com (GA - PUBLIC),datastore.googleapis.com (GA - PUBLIC) -datastore.viewer,datastore.entities.get,True,True,datastore.googleapis.com (GA - PUBLIC),datastore.googleapis.com (GA - PUBLIC) -datastore.viewer,datastore.indexes.list,True,True,datastore.googleapis.com (GA - PUBLIC),datastore.googleapis.com (GA - PUBLIC) -deploymentmanager.editor,deploymentmanager.deployments.create,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -deploymentmanager.editor,deploymentmanager.manifests.get,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -deploymentmanager.editor,resourcemanager.projects.list,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -deploymentmanager.editor,deploymentmanager.typeProviders.get,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -deploymentmanager.editor,resourcemanager.projects.get,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -deploymentmanager.editor,deploymentmanager.resources.list,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -deploymentmanager.editor,deploymentmanager.types.update,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -deploymentmanager.editor,deploymentmanager.deployments.cancelPreview,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -deploymentmanager.editor,deploymentmanager.types.create,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -deploymentmanager.editor,deploymentmanager.manifests.list,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -deploymentmanager.editor,deploymentmanager.compositeTypes.delete,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -deploymentmanager.editor,deploymentmanager.deployments.delete,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -deploymentmanager.editor,deploymentmanager.compositeTypes.create,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -deploymentmanager.editor,deploymentmanager.typeProviders.getType,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -deploymentmanager.editor,deploymentmanager.deployments.stop,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -deploymentmanager.editor,deploymentmanager.operations.get,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -deploymentmanager.editor,deploymentmanager.resources.get,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -deploymentmanager.editor,deploymentmanager.typeProviders.listTypes,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -deploymentmanager.editor,deploymentmanager.deployments.list,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -deploymentmanager.editor,deploymentmanager.deployments.update,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -deploymentmanager.editor,deploymentmanager.compositeTypes.list,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -deploymentmanager.editor,deploymentmanager.typeProviders.delete,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -deploymentmanager.editor,deploymentmanager.operations.list,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -deploymentmanager.editor,deploymentmanager.typeProviders.update,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -deploymentmanager.editor,deploymentmanager.compositeTypes.update,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -deploymentmanager.editor,deploymentmanager.types.list,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -deploymentmanager.editor,deploymentmanager.typeProviders.create,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -deploymentmanager.editor,deploymentmanager.compositeTypes.get,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -deploymentmanager.editor,deploymentmanager.deployments.get,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -deploymentmanager.editor,deploymentmanager.types.get,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -deploymentmanager.editor,deploymentmanager.typeProviders.list,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -deploymentmanager.editor,deploymentmanager.types.delete,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -deploymentmanager.typeEditor,deploymentmanager.typeProviders.get,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -deploymentmanager.typeEditor,deploymentmanager.types.update,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -deploymentmanager.typeEditor,deploymentmanager.types.create,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -deploymentmanager.typeEditor,deploymentmanager.compositeTypes.delete,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -deploymentmanager.typeEditor,deploymentmanager.compositeTypes.create,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -deploymentmanager.typeEditor,deploymentmanager.typeProviders.getType,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -deploymentmanager.typeEditor,deploymentmanager.typeProviders.listTypes,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -deploymentmanager.typeEditor,deploymentmanager.compositeTypes.list,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -deploymentmanager.typeEditor,deploymentmanager.typeProviders.delete,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -deploymentmanager.typeEditor,deploymentmanager.typeProviders.update,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -deploymentmanager.typeEditor,deploymentmanager.compositeTypes.update,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -deploymentmanager.typeEditor,deploymentmanager.types.list,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -deploymentmanager.typeEditor,deploymentmanager.typeProviders.create,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -deploymentmanager.typeEditor,deploymentmanager.compositeTypes.get,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -deploymentmanager.typeEditor,deploymentmanager.types.get,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -deploymentmanager.typeEditor,deploymentmanager.typeProviders.list,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -deploymentmanager.typeEditor,deploymentmanager.types.delete,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -deploymentmanager.typeViewer,deploymentmanager.typeProviders.get,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -deploymentmanager.typeViewer,deploymentmanager.typeProviders.getType,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -deploymentmanager.typeViewer,deploymentmanager.typeProviders.listTypes,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -deploymentmanager.typeViewer,deploymentmanager.compositeTypes.list,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -deploymentmanager.typeViewer,deploymentmanager.types.list,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -deploymentmanager.typeViewer,deploymentmanager.compositeTypes.get,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -deploymentmanager.typeViewer,deploymentmanager.types.get,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -deploymentmanager.typeViewer,deploymentmanager.typeProviders.list,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -deploymentmanager.viewer,deploymentmanager.manifests.get,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -deploymentmanager.viewer,resourcemanager.projects.list,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -deploymentmanager.viewer,deploymentmanager.typeProviders.get,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -deploymentmanager.viewer,resourcemanager.projects.get,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -deploymentmanager.viewer,deploymentmanager.resources.list,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -deploymentmanager.viewer,deploymentmanager.manifests.list,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -deploymentmanager.viewer,deploymentmanager.typeProviders.getType,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -deploymentmanager.viewer,deploymentmanager.operations.get,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -deploymentmanager.viewer,deploymentmanager.resources.get,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -deploymentmanager.viewer,deploymentmanager.typeProviders.listTypes,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -deploymentmanager.viewer,deploymentmanager.deployments.list,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -deploymentmanager.viewer,deploymentmanager.compositeTypes.list,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -deploymentmanager.viewer,deploymentmanager.operations.list,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -deploymentmanager.viewer,deploymentmanager.types.list,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -deploymentmanager.viewer,deploymentmanager.compositeTypes.get,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -deploymentmanager.viewer,deploymentmanager.deployments.get,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -deploymentmanager.viewer,deploymentmanager.types.get,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -deploymentmanager.viewer,deploymentmanager.typeProviders.list,True,True,deploymentmanager.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -dns.admin,resourcemanager.projects.list,True,True,dns.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -dns.admin,resourcemanager.projects.get,True,True,dns.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -dns.admin,compute.networks.list,True,True,dns.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -dns.admin,compute.networks.get,True,True,dns.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -dns.reader,resourcemanager.projects.list,True,True,dns.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -dns.reader,resourcemanager.projects.get,True,True,dns.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -dns.reader,compute.networks.get,True,True,dns.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -errorreporting.admin,errorreporting.groupMetadata.update,True,True,clouderrorreporting.googleapis.com (BETA - PUBLIC),clouderrorreporting.googleapis.com (BETA - PUBLIC) -errorreporting.admin,errorreporting.groups.list,True,True,clouderrorreporting.googleapis.com (BETA - PUBLIC),clouderrorreporting.googleapis.com (BETA - PUBLIC) -errorreporting.admin,errorreporting.errorEvents.create,True,True,clouderrorreporting.googleapis.com (BETA - PUBLIC),clouderrorreporting.googleapis.com (BETA - PUBLIC) -errorreporting.admin,errorreporting.groupMetadata.get,True,True,clouderrorreporting.googleapis.com (BETA - PUBLIC),clouderrorreporting.googleapis.com (BETA - PUBLIC) -errorreporting.admin,errorreporting.applications.list,True,True,clouderrorreporting.googleapis.com (BETA - PUBLIC),clouderrorreporting.googleapis.com (BETA - PUBLIC) -errorreporting.admin,errorreporting.errorEvents.list,True,True,clouderrorreporting.googleapis.com (BETA - PUBLIC),clouderrorreporting.googleapis.com (BETA - PUBLIC) -errorreporting.admin,errorreporting.errorEvents.delete,True,True,clouderrorreporting.googleapis.com (BETA - PUBLIC),clouderrorreporting.googleapis.com (BETA - PUBLIC) -errorreporting.user,errorreporting.groupMetadata.update,True,True,clouderrorreporting.googleapis.com (BETA - PUBLIC),clouderrorreporting.googleapis.com (BETA - PUBLIC) -errorreporting.user,errorreporting.groups.list,True,True,clouderrorreporting.googleapis.com (BETA - PUBLIC),clouderrorreporting.googleapis.com (BETA - PUBLIC) -errorreporting.user,errorreporting.groupMetadata.get,True,True,clouderrorreporting.googleapis.com (BETA - PUBLIC),clouderrorreporting.googleapis.com (BETA - PUBLIC) -errorreporting.user,errorreporting.applications.list,True,True,clouderrorreporting.googleapis.com (BETA - PUBLIC),clouderrorreporting.googleapis.com (BETA - PUBLIC) -errorreporting.user,errorreporting.errorEvents.list,True,True,clouderrorreporting.googleapis.com (BETA - PUBLIC),clouderrorreporting.googleapis.com (BETA - PUBLIC) -errorreporting.user,errorreporting.errorEvents.delete,True,True,clouderrorreporting.googleapis.com (BETA - PUBLIC),clouderrorreporting.googleapis.com (BETA - PUBLIC) -errorreporting.viewer,errorreporting.groups.list,True,True,clouderrorreporting.googleapis.com (BETA - PUBLIC),clouderrorreporting.googleapis.com (BETA - PUBLIC) -errorreporting.viewer,errorreporting.groupMetadata.get,True,True,clouderrorreporting.googleapis.com (BETA - PUBLIC),clouderrorreporting.googleapis.com (BETA - PUBLIC) -errorreporting.viewer,errorreporting.applications.list,True,True,clouderrorreporting.googleapis.com (BETA - PUBLIC),clouderrorreporting.googleapis.com (BETA - PUBLIC) -errorreporting.viewer,errorreporting.errorEvents.list,True,True,clouderrorreporting.googleapis.com (BETA - PUBLIC),clouderrorreporting.googleapis.com (BETA - PUBLIC) -errorreporting.writer,errorreporting.errorEvents.create,True,True,clouderrorreporting.googleapis.com (BETA - PUBLIC),clouderrorreporting.googleapis.com (BETA - PUBLIC) -firebase.billingAccountViewer,billing.accounts.getBillingDetails,True,True,service_roles (Unspecified - INTERNAL),cloudbilling.googleapis.com (GA - PUBLIC) -firebase.billingAccountViewer,billing.accounts.get,True,True,service_roles (Unspecified - INTERNAL),cloudbilling.googleapis.com (GA - PUBLIC) -firebase.billingAccountViewer,billing.resourceAssociations.list,True,True,service_roles (Unspecified - INTERNAL),cloudbilling.googleapis.com (GA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,monitoring.monitoredResourceDescriptors.list,True,True,service_roles (Unspecified - INTERNAL),monitoring.googleapis.com (GA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,monitoring.groups.list,True,True,service_roles (Unspecified - INTERNAL),monitoring.googleapis.com (GA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,spanner.databases.list,True,True,service_roles (Unspecified - INTERNAL),spanner.googleapis.com (BETA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,spanner.databaseOperations.list,True,True,service_roles (Unspecified - INTERNAL),spanner.googleapis.com (BETA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,deploymentmanager.manifests.get,True,True,service_roles (Unspecified - INTERNAL),deploymentmanager.googleapis.com (GA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,resourcemanager.projects.list,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,clientauthconfig.brands.get,True,True,service_roles (Unspecified - INTERNAL),clientauthconfig.googleapis.com (BETA - INTERNAL) -firebase.googleAdminFirebaseProjectReader,deploymentmanager.typeProviders.get,True,True,service_roles (Unspecified - INTERNAL),deploymentmanager.googleapis.com (GA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,spanner.databases.get,True,True,service_roles (Unspecified - INTERNAL),spanner.googleapis.com (BETA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,resourcemanager.projects.get,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,errorreporting.groups.list,True,True,service_roles (Unspecified - INTERNAL),clouderrorreporting.googleapis.com (BETA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,servicemanagement.services.get,True,True,service_roles (Unspecified - INTERNAL),servicemanagement.googleapis.com (GA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,pubsub.topics.get,True,True,service_roles (Unspecified - INTERNAL),pubsub.googleapis.com (GA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,spanner.instances.get,True,True,service_roles (Unspecified - INTERNAL),spanner.googleapis.com (BETA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,deploymentmanager.resources.list,True,True,service_roles (Unspecified - INTERNAL),deploymentmanager.googleapis.com (GA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,spanner.instanceOperations.get,True,True,service_roles (Unspecified - INTERNAL),spanner.googleapis.com (BETA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,iam.serviceAccountKeys.list,True,True,service_roles (Unspecified - INTERNAL),iam.googleapis.com (GA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,logging.sinks.list,True,True,service_roles (Unspecified - INTERNAL),logging.googleapis.com (GA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,resourcemanager.organizations.get,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,appengine.versions.get,True,True,service_roles (Unspecified - INTERNAL),appengine.googleapis.com (GA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,deploymentmanager.manifests.list,True,True,service_roles (Unspecified - INTERNAL),deploymentmanager.googleapis.com (GA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,pubsub.topics.list,True,True,service_roles (Unspecified - INTERNAL),pubsub.googleapis.com (GA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,spanner.databaseOperations.get,True,True,service_roles (Unspecified - INTERNAL),spanner.googleapis.com (BETA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,monitoring.groups.get,True,True,service_roles (Unspecified - INTERNAL),monitoring.googleapis.com (GA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,appengine.services.get,True,True,service_roles (Unspecified - INTERNAL),appengine.googleapis.com (GA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,appengine.operations.get,True,True,service_roles (Unspecified - INTERNAL),appengine.googleapis.com (GA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,serviceusage.apiKeys.list,True,True,service_roles (Unspecified - INTERNAL),serviceusage.googleapis.com (BETA - INTERNAL) -firebase.googleAdminFirebaseProjectReader,serviceusage.services.get,True,True,service_roles (Unspecified - INTERNAL),serviceusage.googleapis.com (BETA - INTERNAL) -firebase.googleAdminFirebaseProjectReader,errorreporting.groupMetadata.get,True,True,service_roles (Unspecified - INTERNAL),clouderrorreporting.googleapis.com (BETA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,monitoring.metricDescriptors.list,True,True,service_roles (Unspecified - INTERNAL),monitoring.googleapis.com (GA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,serviceusage.apiKeys.getProjectForKey,True,True,service_roles (Unspecified - INTERNAL),serviceusage.googleapis.com (BETA - INTERNAL) -firebase.googleAdminFirebaseProjectReader,appengine.applications.list,True,True,service_roles (Unspecified - INTERNAL),appengine.googleapis.com (GA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,clientauthconfig.clients.list,True,True,service_roles (Unspecified - INTERNAL),clientauthconfig.googleapis.com (BETA - INTERNAL) -firebase.googleAdminFirebaseProjectReader,spanner.instances.list,True,True,service_roles (Unspecified - INTERNAL),spanner.googleapis.com (BETA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,appengine.instances.get,True,True,service_roles (Unspecified - INTERNAL),appengine.googleapis.com (GA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,errorreporting.applications.list,True,True,service_roles (Unspecified - INTERNAL),clouderrorreporting.googleapis.com (BETA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,serviceusage.apiKeys.get,True,True,service_roles (Unspecified - INTERNAL),serviceusage.googleapis.com (BETA - INTERNAL) -firebase.googleAdminFirebaseProjectReader,spanner.sessions.list,True,True,service_roles (Unspecified - INTERNAL),spanner.googleapis.com (BETA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,logging.logEntries.list,True,True,service_roles (Unspecified - INTERNAL),logging.googleapis.com (GA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,logging.logServiceIndexes.list,True,True,service_roles (Unspecified - INTERNAL),logging.googleapis.com (GA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,storage.buckets.list,True,True,service_roles (Unspecified - INTERNAL),storage.googleapis.com (GA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,monitoring.timeSeries.list,True,True,service_roles (Unspecified - INTERNAL),monitoring.googleapis.com (GA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,pubsub.subscriptions.get,True,True,service_roles (Unspecified - INTERNAL),pubsub.googleapis.com (GA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,appengine.instances.list,True,True,service_roles (Unspecified - INTERNAL),appengine.googleapis.com (GA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,deploymentmanager.operations.get,True,True,service_roles (Unspecified - INTERNAL),deploymentmanager.googleapis.com (GA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,errorreporting.errorEvents.list,True,True,service_roles (Unspecified - INTERNAL),clouderrorreporting.googleapis.com (BETA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,deploymentmanager.resources.get,True,True,service_roles (Unspecified - INTERNAL),deploymentmanager.googleapis.com (GA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,servicemanagement.services.list,True,True,service_roles (Unspecified - INTERNAL),servicemanagement.googleapis.com (GA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,deploymentmanager.deployments.list,True,True,service_roles (Unspecified - INTERNAL),deploymentmanager.googleapis.com (GA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,serviceusage.quotas.get,True,True,service_roles (Unspecified - INTERNAL),serviceusage.googleapis.com (BETA - INTERNAL) -firebase.googleAdminFirebaseProjectReader,iam.serviceAccounts.get,True,True,service_roles (Unspecified - INTERNAL),iam.googleapis.com (GA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,deploymentmanager.compositeTypes.list,True,True,service_roles (Unspecified - INTERNAL),deploymentmanager.googleapis.com (GA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,clientauthconfig.brands.list,True,True,service_roles (Unspecified - INTERNAL),clientauthconfig.googleapis.com (BETA - INTERNAL) -firebase.googleAdminFirebaseProjectReader,resourcemanager.organizations.getIamPolicy,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,deploymentmanager.operations.list,True,True,service_roles (Unspecified - INTERNAL),deploymentmanager.googleapis.com (GA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,logging.sinks.get,True,True,service_roles (Unspecified - INTERNAL),logging.googleapis.com (GA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,logging.logs.list,True,True,service_roles (Unspecified - INTERNAL),logging.googleapis.com (GA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,appengine.applications.get,True,True,service_roles (Unspecified - INTERNAL),appengine.googleapis.com (GA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,storage.buckets.get,True,True,service_roles (Unspecified - INTERNAL),storage.googleapis.com (GA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,spanner.instanceOperations.list,True,True,service_roles (Unspecified - INTERNAL),spanner.googleapis.com (BETA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,cloudnotifications.activities.list,True,True,service_roles (Unspecified - INTERNAL),cloudnotifications.googleapis.com (BETA - INTERNAL) -firebase.googleAdminFirebaseProjectReader,serviceusage.services.list,True,True,service_roles (Unspecified - INTERNAL),serviceusage.googleapis.com (BETA - INTERNAL) -firebase.googleAdminFirebaseProjectReader,deploymentmanager.types.list,True,True,service_roles (Unspecified - INTERNAL),deploymentmanager.googleapis.com (GA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,pubsub.subscriptions.list,True,True,service_roles (Unspecified - INTERNAL),pubsub.googleapis.com (GA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,clientauthconfig.clients.get,True,True,service_roles (Unspecified - INTERNAL),clientauthconfig.googleapis.com (BETA - INTERNAL) -firebase.googleAdminFirebaseProjectReader,appengine.operations.list,True,True,service_roles (Unspecified - INTERNAL),appengine.googleapis.com (GA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,spanner.instanceConfigs.list,True,True,service_roles (Unspecified - INTERNAL),spanner.googleapis.com (BETA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,resourcemanager.projects.getIamPolicy,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,deploymentmanager.compositeTypes.get,True,True,service_roles (Unspecified - INTERNAL),deploymentmanager.googleapis.com (GA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,appengine.services.list,True,True,service_roles (Unspecified - INTERNAL),appengine.googleapis.com (GA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,deploymentmanager.deployments.get,True,True,service_roles (Unspecified - INTERNAL),deploymentmanager.googleapis.com (GA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,appengine.versions.list,True,True,service_roles (Unspecified - INTERNAL),appengine.googleapis.com (GA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,monitoring.monitoredResourceDescriptors.get,True,True,service_roles (Unspecified - INTERNAL),monitoring.googleapis.com (GA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,logging.logServices.list,True,True,service_roles (Unspecified - INTERNAL),logging.googleapis.com (GA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,logging.logMetrics.get,True,True,service_roles (Unspecified - INTERNAL),logging.googleapis.com (GA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,iam.serviceAccounts.list,True,True,service_roles (Unspecified - INTERNAL),iam.googleapis.com (GA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,spanner.sessions.get,True,True,service_roles (Unspecified - INTERNAL),spanner.googleapis.com (BETA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,monitoring.metricDescriptors.get,True,True,service_roles (Unspecified - INTERNAL),monitoring.googleapis.com (GA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,spanner.instanceConfigs.get,True,True,service_roles (Unspecified - INTERNAL),spanner.googleapis.com (BETA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,deploymentmanager.types.get,True,True,service_roles (Unspecified - INTERNAL),deploymentmanager.googleapis.com (GA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,storage.objects.list,True,True,service_roles (Unspecified - INTERNAL),storage.googleapis.com (GA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,logging.exclusions.get,True,True,service_roles (Unspecified - INTERNAL),logging.googleapis.com (GA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,deploymentmanager.typeProviders.list,True,True,service_roles (Unspecified - INTERNAL),deploymentmanager.googleapis.com (GA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,logging.logMetrics.list,True,True,service_roles (Unspecified - INTERNAL),logging.googleapis.com (GA - PUBLIC) -firebase.googleAdminFirebaseProjectReader,logging.exclusions.list,True,True,service_roles (Unspecified - INTERNAL),logging.googleapis.com (GA - PUBLIC) -iam.securityReviewer,container.daemonSets.list,True,True,iam.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -iam.securityReviewer,container.services.list,True,True,iam.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -iam.securityReviewer,monitoring.monitoredResourceDescriptors.list,True,True,iam.googleapis.com (GA - PUBLIC),monitoring.googleapis.com (GA - PUBLIC) -iam.securityReviewer,monitoring.groups.list,True,True,iam.googleapis.com (GA - PUBLIC),monitoring.googleapis.com (GA - PUBLIC) -iam.securityReviewer,cloudiot.registries.getIamPolicy,True,True,iam.googleapis.com (GA - PUBLIC),cloudiot.googleapis.com (BETA - INTERNAL) -iam.securityReviewer,dlp.inspectFindings.list,True,True,iam.googleapis.com (GA - PUBLIC),dlp.googleapis.com (BETA - PUBLIC) -iam.securityReviewer,pubsub.topics.getIamPolicy,True,True,iam.googleapis.com (GA - PUBLIC),pubsub.googleapis.com (GA - PUBLIC) -iam.securityReviewer,container.namespaces.list,True,True,iam.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -iam.securityReviewer,spanner.databases.list,True,True,iam.googleapis.com (GA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -iam.securityReviewer,cloudkms.keyRings.getIamPolicy,True,True,iam.googleapis.com (GA - PUBLIC),cloudkms.googleapis.com (GA - PUBLIC) -iam.securityReviewer,container.networkPolicies.list,True,True,iam.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -iam.securityReviewer,workflow.processInstances.getIamPolicy,True,True,iam.googleapis.com (GA - PUBLIC),workflow.googleapis.com (GA - INTERNAL) -iam.securityReviewer,compute.instanceGroups.list,True,True,iam.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -iam.securityReviewer,runtimeconfig.operations.list,True,True,iam.googleapis.com (GA - PUBLIC),runtimeconfig.googleapis.com (GA - PUBLIC) -iam.securityReviewer,cloudsql.databases.getIamPolicy,True,True,iam.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -iam.securityReviewer,datastore.namespaces.list,True,True,iam.googleapis.com (GA - PUBLIC),datastore.googleapis.com (GA - PUBLIC) -iam.securityReviewer,compute.targetInstances.list,True,True,iam.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -iam.securityReviewer,spanner.databaseOperations.list,True,True,iam.googleapis.com (GA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -iam.securityReviewer,resourcemanager.projects.list,True,True,iam.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -iam.securityReviewer,compute.backendBuckets.list,True,True,iam.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -iam.securityReviewer,workflow.taskInstanceMetadata.getIamPolicy,True,True,iam.googleapis.com (GA - PUBLIC),workflow.googleapis.com (GA - INTERNAL) -iam.securityReviewer,container.podDisruptionBudgets.list,True,True,iam.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -iam.securityReviewer,container.configMaps.list,True,True,iam.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -iam.securityReviewer,bigquery.tables.list,True,True,iam.googleapis.com (GA - PUBLIC),bigquery.googleapis.com (GA - PUBLIC) -iam.securityReviewer,storage.objects.getIamPolicy,True,True,iam.googleapis.com (GA - PUBLIC),storage.googleapis.com (GA - PUBLIC) -iam.securityReviewer,datastore.operations.list,True,True,iam.googleapis.com (GA - PUBLIC),datastore.googleapis.com (GA - PUBLIC) -iam.securityReviewer,serviceusage.operations.list,True,True,iam.googleapis.com (GA - PUBLIC),serviceusage.googleapis.com (BETA - INTERNAL) -iam.securityReviewer,compute.routes.list,True,True,iam.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -iam.securityReviewer,ml.jobs.list,True,True,iam.googleapis.com (GA - PUBLIC),ml.googleapis.com (BETA - PUBLIC) -iam.securityReviewer,servicemanagement.consumerSettings.getIamPolicy,True,True,iam.googleapis.com (GA - PUBLIC),servicemanagement.googleapis.com (GA - PUBLIC) -iam.securityReviewer,container.thirdPartyObjects.list,True,True,iam.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -iam.securityReviewer,ml.versions.list,True,True,iam.googleapis.com (GA - PUBLIC),ml.googleapis.com (BETA - PUBLIC) -iam.securityReviewer,pubsub.subscriptions.getIamPolicy,True,True,iam.googleapis.com (GA - PUBLIC),pubsub.googleapis.com (GA - PUBLIC) -iam.securityReviewer,errorreporting.groups.list,True,True,iam.googleapis.com (GA - PUBLIC),clouderrorreporting.googleapis.com (BETA - PUBLIC) -iam.securityReviewer,container.operations.list,True,True,iam.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -iam.securityReviewer,compute.routers.list,True,True,iam.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -iam.securityReviewer,cloudsql.users.list,True,True,iam.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -iam.securityReviewer,workflow.projects.getIamPolicy,True,True,iam.googleapis.com (GA - PUBLIC),workflow.googleapis.com (GA - INTERNAL) -iam.securityReviewer,compute.licenses.list,True,True,iam.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -iam.securityReviewer,datastore.databases.list,True,True,iam.googleapis.com (GA - PUBLIC),datastore.googleapis.com (GA - PUBLIC) -iam.securityReviewer,compute.interconnects.getIamPolicy,True,True,iam.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -iam.securityReviewer,proximitybeacon.attachments.list,True,True,iam.googleapis.com (GA - PUBLIC),proximitybeacon.googleapis.com (GA - PUBLIC) -iam.securityReviewer,deploymentmanager.resources.list,True,True,iam.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -iam.securityReviewer,cloudsql.instances.list,True,True,iam.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -iam.securityReviewer,proximitybeacon.namespaces.list,True,True,iam.googleapis.com (GA - PUBLIC),proximitybeacon.googleapis.com (GA - PUBLIC) -iam.securityReviewer,compute.forwardingRules.list,True,True,iam.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -iam.securityReviewer,cloudbuild.builds.list,True,True,iam.googleapis.com (GA - PUBLIC),cloudbuild.googleapis.com (GA - PUBLIC) -iam.securityReviewer,ml.models.getIamPolicy,True,True,iam.googleapis.com (GA - PUBLIC),ml.googleapis.com (BETA - PUBLIC) -iam.securityReviewer,cloudsql.backupRuns.list,True,True,iam.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -iam.securityReviewer,container.statefulSets.list,True,True,iam.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -iam.securityReviewer,iam.serviceAccountKeys.list,True,True,iam.googleapis.com (GA - PUBLIC),iam.googleapis.com (GA - PUBLIC) -iam.securityReviewer,logging.sinks.list,True,True,iam.googleapis.com (GA - PUBLIC),logging.googleapis.com (GA - PUBLIC) -iam.securityReviewer,compute.networks.list,True,True,iam.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -iam.securityReviewer,container.persistentVolumeClaims.list,True,True,iam.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -iam.securityReviewer,datastore.entities.list,True,True,iam.googleapis.com (GA - PUBLIC),datastore.googleapis.com (GA - PUBLIC) -iam.securityReviewer,compute.images.list,True,True,iam.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -iam.securityReviewer,billing.subscriptions.list,True,True,iam.googleapis.com (GA - PUBLIC),cloudbilling.googleapis.com (GA - PUBLIC) -iam.securityReviewer,runtimeconfig.configs.getIamPolicy,True,True,iam.googleapis.com (GA - PUBLIC),runtimeconfig.googleapis.com (GA - PUBLIC) -iam.securityReviewer,genomics.operations.list,True,True,iam.googleapis.com (GA - PUBLIC),genomics.googleapis.com (GA - PUBLIC) -iam.securityReviewer,cloudiot.devices.list,True,True,iam.googleapis.com (GA - PUBLIC),cloudiot.googleapis.com (BETA - INTERNAL) -iam.securityReviewer,compute.addresses.list,True,True,iam.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -iam.securityReviewer,dataflow.jobs.list,True,True,iam.googleapis.com (GA - PUBLIC),dataflow.googleapis.com (GA - PUBLIC) -iam.securityReviewer,compute.acceleratorTypes.list,True,True,iam.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -iam.securityReviewer,proximitybeacon.beacons.list,True,True,iam.googleapis.com (GA - PUBLIC),proximitybeacon.googleapis.com (GA - PUBLIC) -iam.securityReviewer,iam.serviceAccounts.getIamPolicy,True,True,iam.googleapis.com (GA - PUBLIC),iam.googleapis.com (GA - PUBLIC) -iam.securityReviewer,cloudsql.instances.getIamPolicy,True,True,iam.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -iam.securityReviewer,deploymentmanager.manifests.list,True,True,iam.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -iam.securityReviewer,runtimeconfig.variables.getIamPolicy,True,True,iam.googleapis.com (GA - PUBLIC),runtimeconfig.googleapis.com (GA - PUBLIC) -iam.securityReviewer,pubsub.topics.list,True,True,iam.googleapis.com (GA - PUBLIC),pubsub.googleapis.com (GA - PUBLIC) -iam.securityReviewer,compute.interconnectLocations.list,True,True,iam.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -iam.securityReviewer,logging.privateLogEntries.list,True,True,iam.googleapis.com (GA - PUBLIC),logging.googleapis.com (GA - PUBLIC) -iam.securityReviewer,compute.interconnectLocations.getIamPolicy,True,True,iam.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -iam.securityReviewer,compute.targetPools.list,True,True,iam.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -iam.securityReviewer,ml.pipelines.list,True,True,iam.googleapis.com (GA - PUBLIC),ml.googleapis.com (BETA - PUBLIC) -iam.securityReviewer,serviceusage.apiKeys.list,True,True,iam.googleapis.com (GA - PUBLIC),serviceusage.googleapis.com (BETA - INTERNAL) -iam.securityReviewer,container.roleBindings.list,True,True,iam.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -iam.securityReviewer,compute.targetSslProxies.list,True,True,iam.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -iam.securityReviewer,clouddebugger.debuggees.list,True,True,iam.googleapis.com (GA - PUBLIC),clouddebugger.googleapis.com (BETA - PUBLIC) -iam.securityReviewer,runtimeconfig.waiters.getIamPolicy,True,True,iam.googleapis.com (GA - PUBLIC),runtimeconfig.googleapis.com (GA - PUBLIC) -iam.securityReviewer,container.clusterRoleBindings.list,True,True,iam.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -iam.securityReviewer,monitoring.metricDescriptors.list,True,True,iam.googleapis.com (GA - PUBLIC),monitoring.googleapis.com (GA - PUBLIC) -iam.securityReviewer,ml.operations.list,True,True,iam.googleapis.com (GA - PUBLIC),ml.googleapis.com (BETA - PUBLIC) -iam.securityReviewer,container.events.list,True,True,iam.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -iam.securityReviewer,container.storageClasses.list,True,True,iam.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -iam.securityReviewer,container.clusterRoles.list,True,True,iam.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -iam.securityReviewer,compute.snapshots.list,True,True,iam.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -iam.securityReviewer,appengine.applications.list,True,True,iam.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -iam.securityReviewer,container.persistentVolumes.list,True,True,iam.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -iam.securityReviewer,clientauthconfig.clients.list,True,True,iam.googleapis.com (GA - PUBLIC),clientauthconfig.googleapis.com (BETA - INTERNAL) -iam.securityReviewer,cloudkms.cryptoKeyVersions.getIamPolicy,True,True,iam.googleapis.com (GA - PUBLIC),cloudkms.googleapis.com (GA - PUBLIC) -iam.securityReviewer,compute.regionOperations.list,True,True,iam.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -iam.securityReviewer,deploymentmanager.deployments.getIamPolicy,True,True,iam.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -iam.securityReviewer,ml.operations.getIamPolicy,True,True,iam.googleapis.com (GA - PUBLIC),ml.googleapis.com (BETA - PUBLIC) -iam.securityReviewer,container.nodes.list,True,True,iam.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -iam.securityReviewer,spanner.instances.list,True,True,iam.googleapis.com (GA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -iam.securityReviewer,container.roles.list,True,True,iam.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -iam.securityReviewer,container.deployments.list,True,True,iam.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -iam.securityReviewer,dlp.inspectOperations.list,True,True,iam.googleapis.com (GA - PUBLIC),dlp.googleapis.com (BETA - PUBLIC) -iam.securityReviewer,dataproc.clusters.getIamPolicy,True,True,iam.googleapis.com (GA - PUBLIC),dataproc.googleapis.com (GA - PUBLIC) -iam.securityReviewer,container.pods.list,True,True,iam.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -iam.securityReviewer,errorreporting.applications.list,True,True,iam.googleapis.com (GA - PUBLIC),clouderrorreporting.googleapis.com (BETA - PUBLIC) -iam.securityReviewer,compute.httpHealthChecks.list,True,True,iam.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -iam.securityReviewer,servicemanagement.consumerSettings.list,True,True,iam.googleapis.com (GA - PUBLIC),servicemanagement.googleapis.com (GA - PUBLIC) -iam.securityReviewer,cloudsql.sslCerts.list,True,True,iam.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -iam.securityReviewer,ml.models.list,True,True,iam.googleapis.com (GA - PUBLIC),ml.googleapis.com (BETA - PUBLIC) -iam.securityReviewer,cloudtrace.tasks.list,True,True,iam.googleapis.com (GA - PUBLIC),cloudtrace.googleapis.com (GA - PUBLIC) -iam.securityReviewer,compute.healthChecks.list,True,True,iam.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -iam.securityReviewer,billing.budgets.list,True,True,iam.googleapis.com (GA - PUBLIC),cloudbilling.googleapis.com (GA - PUBLIC) -iam.securityReviewer,spanner.sessions.list,True,True,iam.googleapis.com (GA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -iam.securityReviewer,logging.logEntries.list,True,True,iam.googleapis.com (GA - PUBLIC),logging.googleapis.com (GA - PUBLIC) -iam.securityReviewer,logging.logServiceIndexes.list,True,True,iam.googleapis.com (GA - PUBLIC),logging.googleapis.com (GA - PUBLIC) -iam.securityReviewer,compute.machineTypes.list,True,True,iam.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -iam.securityReviewer,dataproc.jobs.getIamPolicy,True,True,iam.googleapis.com (GA - PUBLIC),dataproc.googleapis.com (GA - PUBLIC) -iam.securityReviewer,workflow.projectMetadata.getIamPolicy,True,True,iam.googleapis.com (GA - PUBLIC),workflow.googleapis.com (GA - INTERNAL) -iam.securityReviewer,storage.buckets.list,True,True,iam.googleapis.com (GA - PUBLIC),storage.googleapis.com (GA - PUBLIC) -iam.securityReviewer,monitoring.timeSeries.list,True,True,iam.googleapis.com (GA - PUBLIC),monitoring.googleapis.com (GA - PUBLIC) -iam.securityReviewer,resourcemanager.flexResourceAdmin.getIamPolicy,True,True,iam.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -iam.securityReviewer,container.horizontalPodAutoscalers.list,True,True,iam.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -iam.securityReviewer,appengine.instances.list,True,True,iam.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -iam.securityReviewer,resourcemanager.folders.list,True,True,iam.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -iam.securityReviewer,errorreporting.errorEvents.list,True,True,iam.googleapis.com (GA - PUBLIC),clouderrorreporting.googleapis.com (BETA - PUBLIC) -iam.securityReviewer,compute.httpsHealthChecks.list,True,True,iam.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -iam.securityReviewer,servicemanagement.services.list,True,True,iam.googleapis.com (GA - PUBLIC),servicemanagement.googleapis.com (GA - PUBLIC) -iam.securityReviewer,compute.subnetworks.list,True,True,iam.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -iam.securityReviewer,workflow.processMetadata.getIamPolicy,True,True,iam.googleapis.com (GA - PUBLIC),workflow.googleapis.com (GA - INTERNAL) -iam.securityReviewer,deploymentmanager.deployments.list,True,True,iam.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -iam.securityReviewer,container.clusters.list,True,True,iam.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -iam.securityReviewer,container.limitRanges.list,True,True,iam.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -iam.securityReviewer,compute.subnetworks.getIamPolicy,True,True,iam.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -iam.securityReviewer,ml.runs.list,True,True,iam.googleapis.com (GA - PUBLIC),ml.googleapis.com (BETA - PUBLIC) -iam.securityReviewer,cloudiot.registries.list,True,True,iam.googleapis.com (GA - PUBLIC),cloudiot.googleapis.com (BETA - INTERNAL) -iam.securityReviewer,compute.firewalls.list,True,True,iam.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -iam.securityReviewer,compute.backendServices.list,True,True,iam.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -iam.securityReviewer,container.podPresets.list,True,True,iam.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -iam.securityReviewer,compute.globalForwardingRules.list,True,True,iam.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -iam.securityReviewer,iam.serviceAccounts.get,True,True,iam.googleapis.com (GA - PUBLIC),iam.googleapis.com (GA - PUBLIC) -iam.securityReviewer,deploymentmanager.compositeTypes.list,True,True,iam.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -iam.securityReviewer,container.endpoints.list,True,True,iam.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -iam.securityReviewer,cloudkms.keyRings.list,True,True,iam.googleapis.com (GA - PUBLIC),cloudkms.googleapis.com (GA - PUBLIC) -iam.securityReviewer,clientauthconfig.brands.list,True,True,iam.googleapis.com (GA - PUBLIC),clientauthconfig.googleapis.com (BETA - INTERNAL) -iam.securityReviewer,datastore.databases.getIamPolicy,True,True,iam.googleapis.com (GA - PUBLIC),datastore.googleapis.com (GA - PUBLIC) -iam.securityReviewer,container.localSubjectAccessReviews.list,True,True,iam.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -iam.securityReviewer,compute.zones.list,True,True,iam.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -iam.securityReviewer,dataproc.jobs.list,True,True,iam.googleapis.com (GA - PUBLIC),dataproc.googleapis.com (GA - PUBLIC) -iam.securityReviewer,container.podTemplates.list,True,True,iam.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -iam.securityReviewer,compute.targetHttpProxies.list,True,True,iam.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -iam.securityReviewer,proximitybeacon.beacons.getIamPolicy,True,True,iam.googleapis.com (GA - PUBLIC),proximitybeacon.googleapis.com (GA - PUBLIC) -iam.securityReviewer,container.replicaSets.list,True,True,iam.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -iam.securityReviewer,datastore.statistics.list,True,True,iam.googleapis.com (GA - PUBLIC),datastore.googleapis.com (GA - PUBLIC) -iam.securityReviewer,spanner.instances.getIamPolicy,True,True,iam.googleapis.com (GA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -iam.securityReviewer,runtimeconfig.configs.list,True,True,iam.googleapis.com (GA - PUBLIC),runtimeconfig.googleapis.com (GA - PUBLIC) -iam.securityReviewer,servicemanagement.services.getIamPolicy,True,True,iam.googleapis.com (GA - PUBLIC),servicemanagement.googleapis.com (GA - PUBLIC) -iam.securityReviewer,dataproc.clusters.list,True,True,iam.googleapis.com (GA - PUBLIC),dataproc.googleapis.com (GA - PUBLIC) -iam.securityReviewer,compute.targetHttpsProxies.list,True,True,iam.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -iam.securityReviewer,runtimeconfig.variables.list,True,True,iam.googleapis.com (GA - PUBLIC),runtimeconfig.googleapis.com (GA - PUBLIC) -iam.securityReviewer,container.replicationControllers.list,True,True,iam.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -iam.securityReviewer,resourcemanager.organizations.getIamPolicy,True,True,iam.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -iam.securityReviewer,workflow.processInstanceMetadata.getIamPolicy,True,True,iam.googleapis.com (GA - PUBLIC),workflow.googleapis.com (GA - INTERNAL) -iam.securityReviewer,deploymentmanager.operations.list,True,True,iam.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -iam.securityReviewer,compute.zoneOperations.list,True,True,iam.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -iam.securityReviewer,compute.instanceGroupManagers.list,True,True,iam.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -iam.securityReviewer,bigquery.datasets.list,True,True,iam.googleapis.com (GA - PUBLIC),bigquery.googleapis.com (GA - PUBLIC) -iam.securityReviewer,cloudsql.databases.list,True,True,iam.googleapis.com (GA - PUBLIC),cloudsql.googleapis.com (GA - PUBLIC) -iam.securityReviewer,cloudkms.cryptoKeys.getIamPolicy,True,True,iam.googleapis.com (GA - PUBLIC),cloudkms.googleapis.com (GA - PUBLIC) -iam.securityReviewer,compute.autoscalers.list,True,True,iam.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -iam.securityReviewer,compute.instances.list,True,True,iam.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -iam.securityReviewer,source.repos.getIamPolicy,True,True,iam.googleapis.com (GA - PUBLIC),sourcerepo.googleapis.com (GA - PUBLIC) -iam.securityReviewer,ml.jobs.getIamPolicy,True,True,iam.googleapis.com (GA - PUBLIC),ml.googleapis.com (BETA - PUBLIC) -iam.securityReviewer,stackdriver.awsElbLoadBalancer.list,True,True,iam.googleapis.com (GA - PUBLIC),stackdriver.googleapis.com (GA - INTERNAL) -iam.securityReviewer,container.resourceQuotas.list,True,True,iam.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -iam.securityReviewer,container.bindings.list,True,True,iam.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -iam.securityReviewer,dataproc.regions.list,True,True,iam.googleapis.com (GA - PUBLIC),dataproc.googleapis.com (GA - PUBLIC) -iam.securityReviewer,compute.globalAddresses.list,True,True,iam.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -iam.securityReviewer,container.jobs.list,True,True,iam.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -iam.securityReviewer,runtimeconfig.waiters.list,True,True,iam.googleapis.com (GA - PUBLIC),runtimeconfig.googleapis.com (GA - PUBLIC) -iam.securityReviewer,compute.regions.list,True,True,iam.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -iam.securityReviewer,billing.accounts.getIamPolicy,True,True,iam.googleapis.com (GA - PUBLIC),cloudbilling.googleapis.com (GA - PUBLIC) -iam.securityReviewer,logging.logs.list,True,True,iam.googleapis.com (GA - PUBLIC),logging.googleapis.com (GA - PUBLIC) -iam.securityReviewer,compute.commitments.list,True,True,iam.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -iam.securityReviewer,compute.interconnectAttachments.list,True,True,iam.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -iam.securityReviewer,compute.vpnTunnels.list,True,True,iam.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -iam.securityReviewer,spanner.instanceOperations.list,True,True,iam.googleapis.com (GA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -iam.securityReviewer,cloudnotifications.activities.list,True,True,iam.googleapis.com (GA - PUBLIC),cloudnotifications.googleapis.com (BETA - INTERNAL) -iam.securityReviewer,serviceusage.services.list,True,True,iam.googleapis.com (GA - PUBLIC),serviceusage.googleapis.com (BETA - INTERNAL) -iam.securityReviewer,deploymentmanager.types.list,True,True,iam.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -iam.securityReviewer,pubsub.subscriptions.list,True,True,iam.googleapis.com (GA - PUBLIC),pubsub.googleapis.com (GA - PUBLIC) -iam.securityReviewer,cloudtrace.insights.list,True,True,iam.googleapis.com (GA - PUBLIC),cloudtrace.googleapis.com (GA - PUBLIC) -iam.securityReviewer,genomics.datasets.getIamPolicy,True,True,iam.googleapis.com (GA - PUBLIC),genomics.googleapis.com (GA - PUBLIC) -iam.securityReviewer,compute.globalOperations.list,True,True,iam.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -iam.securityReviewer,appengine.operations.list,True,True,iam.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -iam.securityReviewer,billing.credits.list,True,True,iam.googleapis.com (GA - PUBLIC),cloudbilling.googleapis.com (GA - PUBLIC) -iam.securityReviewer,workflow.processDefinitions.getIamPolicy,True,True,iam.googleapis.com (GA - PUBLIC),workflow.googleapis.com (GA - INTERNAL) -iam.securityReviewer,spanner.instanceConfigs.list,True,True,iam.googleapis.com (GA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -iam.securityReviewer,compute.sslCertificates.list,True,True,iam.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -iam.securityReviewer,container.secrets.list,True,True,iam.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -iam.securityReviewer,compute.disks.list,True,True,iam.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -iam.securityReviewer,dataproc.operations.getIamPolicy,True,True,iam.googleapis.com (GA - PUBLIC),dataproc.googleapis.com (GA - PUBLIC) -iam.securityReviewer,resourcemanager.projects.getIamPolicy,True,True,iam.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -iam.securityReviewer,cloudkms.cryptoKeys.list,True,True,iam.googleapis.com (GA - PUBLIC),cloudkms.googleapis.com (GA - PUBLIC) -iam.securityReviewer,container.petSets.list,True,True,iam.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -iam.securityReviewer,compute.diskTypes.list,True,True,iam.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -iam.securityReviewer,resourcemanager.folders.getIamPolicy,True,True,iam.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -iam.securityReviewer,appengine.services.list,True,True,iam.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -iam.securityReviewer,stackdriver.awsEc2Instance.list,True,True,iam.googleapis.com (GA - PUBLIC),stackdriver.googleapis.com (GA - INTERNAL) -iam.securityReviewer,container.serviceAccounts.list,True,True,iam.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -iam.securityReviewer,compute.interconnects.list,True,True,iam.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -iam.securityReviewer,proximitybeacon.namespaces.getIamPolicy,True,True,iam.googleapis.com (GA - PUBLIC),proximitybeacon.googleapis.com (GA - PUBLIC) -iam.securityReviewer,appengine.versions.list,True,True,iam.googleapis.com (GA - PUBLIC),appengine.googleapis.com (GA - PUBLIC) -iam.securityReviewer,container.subjectAccessReviews.list,True,True,iam.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -iam.securityReviewer,bigquery.savedqueries.list,True,True,iam.googleapis.com (GA - PUBLIC),bigquery.googleapis.com (GA - PUBLIC) -iam.securityReviewer,dataproc.agents.list,True,True,iam.googleapis.com (GA - PUBLIC),dataproc.googleapis.com (GA - PUBLIC) -iam.securityReviewer,logging.logServices.list,True,True,iam.googleapis.com (GA - PUBLIC),logging.googleapis.com (GA - PUBLIC) -iam.securityReviewer,workflow.taskInstances.getIamPolicy,True,True,iam.googleapis.com (GA - PUBLIC),workflow.googleapis.com (GA - INTERNAL) -iam.securityReviewer,compute.urlMaps.list,True,True,iam.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -iam.securityReviewer,container.ingresses.list,True,True,iam.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -iam.securityReviewer,compute.sslPolicies.list,True,True,iam.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -iam.securityReviewer,cloudtestservice.matrices.list,True,True,iam.googleapis.com (GA - PUBLIC),testing.googleapis.com (GA - PUBLIC) -iam.securityReviewer,compute.targetVpnGateways.list,True,True,iam.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -iam.securityReviewer,source.repos.list,True,True,iam.googleapis.com (GA - PUBLIC),sourcerepo.googleapis.com (GA - PUBLIC) -iam.securityReviewer,cloudkms.cryptoKeyVersions.list,True,True,iam.googleapis.com (GA - PUBLIC),cloudkms.googleapis.com (GA - PUBLIC) -iam.securityReviewer,genomics.datasets.list,True,True,iam.googleapis.com (GA - PUBLIC),genomics.googleapis.com (GA - PUBLIC) -iam.securityReviewer,storage.buckets.getIamPolicy,True,True,iam.googleapis.com (GA - PUBLIC),storage.googleapis.com (GA - PUBLIC) -iam.securityReviewer,compute.instanceTemplates.list,True,True,iam.googleapis.com (GA - PUBLIC),compute.googleapis.com (GA - PUBLIC) -iam.securityReviewer,container.thirdPartyResources.list,True,True,iam.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -iam.securityReviewer,iam.serviceAccounts.list,True,True,iam.googleapis.com (GA - PUBLIC),iam.googleapis.com (GA - PUBLIC) -iam.securityReviewer,container.selfSubjectAccessReviews.list,True,True,iam.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -iam.securityReviewer,workflow.processes.getIamPolicy,True,True,iam.googleapis.com (GA - PUBLIC),workflow.googleapis.com (GA - INTERNAL) -iam.securityReviewer,datastore.namespaces.getIamPolicy,True,True,iam.googleapis.com (GA - PUBLIC),datastore.googleapis.com (GA - PUBLIC) -iam.securityReviewer,dataproc.operations.list,True,True,iam.googleapis.com (GA - PUBLIC),dataproc.googleapis.com (GA - PUBLIC) -iam.securityReviewer,bigquery.jobs.list,True,True,iam.googleapis.com (GA - PUBLIC),bigquery.googleapis.com (GA - PUBLIC) -iam.securityReviewer,cloudtrace.traces.list,True,True,iam.googleapis.com (GA - PUBLIC),cloudtrace.googleapis.com (GA - PUBLIC) -iam.securityReviewer,spanner.databases.getIamPolicy,True,True,iam.googleapis.com (GA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -iam.securityReviewer,datastore.indexes.list,True,True,iam.googleapis.com (GA - PUBLIC),datastore.googleapis.com (GA - PUBLIC) -iam.securityReviewer,dataflow.messages.list,True,True,iam.googleapis.com (GA - PUBLIC),dataflow.googleapis.com (GA - PUBLIC) -iam.securityReviewer,container.componentStatuses.list,True,True,iam.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -iam.securityReviewer,workflow.processDefinitionMetadata.getIamPolicy,True,True,iam.googleapis.com (GA - PUBLIC),workflow.googleapis.com (GA - INTERNAL) -iam.securityReviewer,container.certificateSigningRequests.list,True,True,iam.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -iam.securityReviewer,storage.objects.list,True,True,iam.googleapis.com (GA - PUBLIC),storage.googleapis.com (GA - PUBLIC) -iam.securityReviewer,clouddebugger.breakpoints.list,True,True,iam.googleapis.com (GA - PUBLIC),clouddebugger.googleapis.com (BETA - PUBLIC) -iam.securityReviewer,billing.resourceAssociations.list,True,True,iam.googleapis.com (GA - PUBLIC),cloudbilling.googleapis.com (GA - PUBLIC) -iam.securityReviewer,deploymentmanager.typeProviders.list,True,True,iam.googleapis.com (GA - PUBLIC),deploymentmanager.googleapis.com (GA - PUBLIC) -iam.securityReviewer,container.cronJobs.list,True,True,iam.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -iam.securityReviewer,logging.logMetrics.list,True,True,iam.googleapis.com (GA - PUBLIC),logging.googleapis.com (GA - PUBLIC) -iam.securityReviewer,billing.accounts.list,True,True,iam.googleapis.com (GA - PUBLIC),cloudbilling.googleapis.com (GA - PUBLIC) -iam.securityReviewer,logging.exclusions.list,True,True,iam.googleapis.com (GA - PUBLIC),logging.googleapis.com (GA - PUBLIC) -iam.securityReviewer,container.scheduledJobs.list,True,True,iam.googleapis.com (GA - PUBLIC),container.googleapis.com (GA - PUBLIC) -iam.serviceAccountActor,resourcemanager.projects.get,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -iam.serviceAccountActor,iam.serviceAccounts.signBlob,True,True,service_roles (Unspecified - INTERNAL),iam.googleapis.com (GA - PUBLIC) -iam.serviceAccountActor,iam.serviceAccounts.actAs,True,True,service_roles (Unspecified - INTERNAL),iam.googleapis.com (GA - PUBLIC) -iam.serviceAccountActor,iam.serviceAccounts.get,True,True,service_roles (Unspecified - INTERNAL),iam.googleapis.com (GA - PUBLIC) -iam.serviceAccountActor,iam.serviceAccounts.list,True,True,service_roles (Unspecified - INTERNAL),iam.googleapis.com (GA - PUBLIC) -iam.serviceAccountActor,iam.serviceAccounts.signJwt,True,True,service_roles (Unspecified - INTERNAL),iam.googleapis.com (GA - PUBLIC) -iam.serviceAccountActor,iam.serviceAccounts.getAccessToken,True,True,service_roles (Unspecified - INTERNAL),iam.googleapis.com (GA - PUBLIC) -iam.serviceAccountAdmin,resourcemanager.projects.list,True,True,iam.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -iam.serviceAccountAdmin,resourcemanager.projects.get,True,True,iam.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -iam.serviceAccountAdmin,iam.serviceAccounts.getIamPolicy,True,True,iam.googleapis.com (GA - PUBLIC),iam.googleapis.com (GA - PUBLIC) -iam.serviceAccountAdmin,iam.serviceAccounts.update,True,True,iam.googleapis.com (GA - PUBLIC),iam.googleapis.com (GA - PUBLIC) -iam.serviceAccountAdmin,iam.serviceAccounts.create,True,True,iam.googleapis.com (GA - PUBLIC),iam.googleapis.com (GA - PUBLIC) -iam.serviceAccountAdmin,iam.serviceAccounts.setIamPolicy,True,True,iam.googleapis.com (GA - PUBLIC),iam.googleapis.com (GA - PUBLIC) -iam.serviceAccountAdmin,iam.serviceAccounts.delete,True,True,iam.googleapis.com (GA - PUBLIC),iam.googleapis.com (GA - PUBLIC) -iam.serviceAccountAdmin,iam.serviceAccounts.get,True,True,iam.googleapis.com (GA - PUBLIC),iam.googleapis.com (GA - PUBLIC) -iam.serviceAccountAdmin,iam.serviceAccounts.list,True,True,iam.googleapis.com (GA - PUBLIC),iam.googleapis.com (GA - PUBLIC) -iam.serviceAccountCreator,iam.serviceAccounts.create,True,True,service_roles (Unspecified - INTERNAL),iam.googleapis.com (GA - PUBLIC) -iam.serviceAccountCreator,iam.serviceAccounts.get,True,True,service_roles (Unspecified - INTERNAL),iam.googleapis.com (GA - PUBLIC) -iam.serviceAccountKeyAdmin,resourcemanager.projects.list,True,True,iam.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -iam.serviceAccountKeyAdmin,resourcemanager.projects.get,True,True,iam.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -iam.serviceAccountKeyAdmin,iam.serviceAccountKeys.list,True,True,iam.googleapis.com (GA - PUBLIC),iam.googleapis.com (GA - PUBLIC) -iam.serviceAccountKeyAdmin,iam.serviceAccounts.get,True,True,iam.googleapis.com (GA - PUBLIC),iam.googleapis.com (GA - PUBLIC) -iam.serviceAccountKeyAdmin,iam.serviceAccountKeys.create,True,True,iam.googleapis.com (GA - PUBLIC),iam.googleapis.com (GA - PUBLIC) -iam.serviceAccountKeyAdmin,iam.serviceAccountKeys.get,True,True,iam.googleapis.com (GA - PUBLIC),iam.googleapis.com (GA - PUBLIC) -iam.serviceAccountKeyAdmin,iam.serviceAccounts.list,True,True,iam.googleapis.com (GA - PUBLIC),iam.googleapis.com (GA - PUBLIC) -iam.serviceAccountKeyAdmin,iam.serviceAccountKeys.delete,True,True,iam.googleapis.com (GA - PUBLIC),iam.googleapis.com (GA - PUBLIC) -iam.serviceAccountTokenCreator,resourcemanager.projects.list,True,True,iam.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -iam.serviceAccountTokenCreator,resourcemanager.projects.get,True,True,iam.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -iam.serviceAccountTokenCreator,iam.serviceAccounts.signBlob,True,True,iam.googleapis.com (GA - PUBLIC),iam.googleapis.com (GA - PUBLIC) -iam.serviceAccountTokenCreator,iam.serviceAccounts.get,True,True,iam.googleapis.com (GA - PUBLIC),iam.googleapis.com (GA - PUBLIC) -iam.serviceAccountTokenCreator,iam.serviceAccounts.list,True,True,iam.googleapis.com (GA - PUBLIC),iam.googleapis.com (GA - PUBLIC) -iam.serviceAccountTokenCreator,iam.serviceAccounts.signJwt,True,True,iam.googleapis.com (GA - PUBLIC),iam.googleapis.com (GA - PUBLIC) -iam.serviceAccountTokenCreator,iam.serviceAccounts.getAccessToken,True,True,iam.googleapis.com (GA - PUBLIC),iam.googleapis.com (GA - PUBLIC) -iam.serviceAccountUser,resourcemanager.projects.list,True,True,iam.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -iam.serviceAccountUser,resourcemanager.projects.get,True,True,iam.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -iam.serviceAccountUser,iam.serviceAccounts.actAs,True,True,iam.googleapis.com (GA - PUBLIC),iam.googleapis.com (GA - PUBLIC) -iam.serviceAccountUser,iam.serviceAccounts.get,True,True,iam.googleapis.com (GA - PUBLIC),iam.googleapis.com (GA - PUBLIC) -iam.serviceAccountUser,iam.serviceAccounts.list,True,True,iam.googleapis.com (GA - PUBLIC),iam.googleapis.com (GA - PUBLIC) -iap.httpsResourceAccessor,appengine.applications.accessViaIAP,True,True,iap.googleapis.com (Unspecified - INTERNAL),appengine.googleapis.com (GA - PUBLIC) -iap.httpsResourceAccessor,compute.backendServices.accessViaIAAP,True,True,iap.googleapis.com (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -logging.admin,logging.exclusions.update,True,True,logging.googleapis.com (GA - PUBLIC),logging.googleapis.com (GA - PUBLIC) -logging.admin,logging.sinks.create,True,True,logging.googleapis.com (GA - PUBLIC),logging.googleapis.com (GA - PUBLIC) -logging.admin,resourcemanager.projects.list,True,True,logging.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -logging.admin,resourcemanager.projects.get,True,True,logging.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -logging.admin,logging.sinks.list,True,True,logging.googleapis.com (GA - PUBLIC),logging.googleapis.com (GA - PUBLIC) -logging.admin,logging.sinks.delete,True,True,logging.googleapis.com (GA - PUBLIC),logging.googleapis.com (GA - PUBLIC) -logging.admin,logging.privateLogEntries.list,True,True,logging.googleapis.com (GA - PUBLIC),logging.googleapis.com (GA - PUBLIC) -logging.admin,logging.logEntries.create,True,True,logging.googleapis.com (GA - PUBLIC),logging.googleapis.com (GA - PUBLIC) -logging.admin,logging.logMetrics.update,True,True,logging.googleapis.com (GA - PUBLIC),logging.googleapis.com (GA - PUBLIC) -logging.admin,logging.logEntries.list,True,True,logging.googleapis.com (GA - PUBLIC),logging.googleapis.com (GA - PUBLIC) -logging.admin,logging.logServiceIndexes.list,True,True,logging.googleapis.com (GA - PUBLIC),logging.googleapis.com (GA - PUBLIC) -logging.admin,logging.usage.get,True,True,logging.googleapis.com (GA - PUBLIC),logging.googleapis.com (GA - PUBLIC) -logging.admin,logging.sinks.get,True,True,logging.googleapis.com (GA - PUBLIC),logging.googleapis.com (GA - PUBLIC) -logging.admin,logging.logMetrics.create,True,True,logging.googleapis.com (GA - PUBLIC),logging.googleapis.com (GA - PUBLIC) -logging.admin,logging.logMetrics.delete,True,True,logging.googleapis.com (GA - PUBLIC),logging.googleapis.com (GA - PUBLIC) -logging.admin,logging.logs.list,True,True,logging.googleapis.com (GA - PUBLIC),logging.googleapis.com (GA - PUBLIC) -logging.admin,logging.sinks.update,True,True,logging.googleapis.com (GA - PUBLIC),logging.googleapis.com (GA - PUBLIC) -logging.admin,logging.logs.delete,True,True,logging.googleapis.com (GA - PUBLIC),logging.googleapis.com (GA - PUBLIC) -logging.admin,logging.exclusions.create,True,True,logging.googleapis.com (GA - PUBLIC),logging.googleapis.com (GA - PUBLIC) -logging.admin,logging.logServices.list,True,True,logging.googleapis.com (GA - PUBLIC),logging.googleapis.com (GA - PUBLIC) -logging.admin,logging.logMetrics.get,True,True,logging.googleapis.com (GA - PUBLIC),logging.googleapis.com (GA - PUBLIC) -logging.admin,logging.exclusions.delete,True,True,logging.googleapis.com (GA - PUBLIC),logging.googleapis.com (GA - PUBLIC) -logging.admin,logging.exclusions.get,True,True,logging.googleapis.com (GA - PUBLIC),logging.googleapis.com (GA - PUBLIC) -logging.admin,logging.logMetrics.list,True,True,logging.googleapis.com (GA - PUBLIC),logging.googleapis.com (GA - PUBLIC) -logging.admin,logging.exclusions.list,True,True,logging.googleapis.com (GA - PUBLIC),logging.googleapis.com (GA - PUBLIC) -logging.configWriter,logging.exclusions.update,True,True,logging.googleapis.com (GA - PUBLIC),logging.googleapis.com (GA - PUBLIC) -logging.configWriter,logging.sinks.create,True,True,logging.googleapis.com (GA - PUBLIC),logging.googleapis.com (GA - PUBLIC) -logging.configWriter,resourcemanager.projects.list,True,True,logging.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -logging.configWriter,resourcemanager.projects.get,True,True,logging.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -logging.configWriter,logging.sinks.list,True,True,logging.googleapis.com (GA - PUBLIC),logging.googleapis.com (GA - PUBLIC) -logging.configWriter,logging.sinks.delete,True,True,logging.googleapis.com (GA - PUBLIC),logging.googleapis.com (GA - PUBLIC) -logging.configWriter,logging.logMetrics.update,True,True,logging.googleapis.com (GA - PUBLIC),logging.googleapis.com (GA - PUBLIC) -logging.configWriter,logging.logServiceIndexes.list,True,True,logging.googleapis.com (GA - PUBLIC),logging.googleapis.com (GA - PUBLIC) -logging.configWriter,logging.sinks.get,True,True,logging.googleapis.com (GA - PUBLIC),logging.googleapis.com (GA - PUBLIC) -logging.configWriter,logging.logMetrics.create,True,True,logging.googleapis.com (GA - PUBLIC),logging.googleapis.com (GA - PUBLIC) -logging.configWriter,logging.logMetrics.delete,True,True,logging.googleapis.com (GA - PUBLIC),logging.googleapis.com (GA - PUBLIC) -logging.configWriter,logging.logs.list,True,True,logging.googleapis.com (GA - PUBLIC),logging.googleapis.com (GA - PUBLIC) -logging.configWriter,logging.sinks.update,True,True,logging.googleapis.com (GA - PUBLIC),logging.googleapis.com (GA - PUBLIC) -logging.configWriter,logging.exclusions.create,True,True,logging.googleapis.com (GA - PUBLIC),logging.googleapis.com (GA - PUBLIC) -logging.configWriter,logging.logServices.list,True,True,logging.googleapis.com (GA - PUBLIC),logging.googleapis.com (GA - PUBLIC) -logging.configWriter,logging.logMetrics.get,True,True,logging.googleapis.com (GA - PUBLIC),logging.googleapis.com (GA - PUBLIC) -logging.configWriter,logging.exclusions.delete,True,True,logging.googleapis.com (GA - PUBLIC),logging.googleapis.com (GA - PUBLIC) -logging.configWriter,logging.exclusions.get,True,True,logging.googleapis.com (GA - PUBLIC),logging.googleapis.com (GA - PUBLIC) -logging.configWriter,logging.logMetrics.list,True,True,logging.googleapis.com (GA - PUBLIC),logging.googleapis.com (GA - PUBLIC) -logging.configWriter,logging.exclusions.list,True,True,logging.googleapis.com (GA - PUBLIC),logging.googleapis.com (GA - PUBLIC) -logging.logWriter,logging.logEntries.create,True,True,logging.googleapis.com (GA - PUBLIC),logging.googleapis.com (GA - PUBLIC) -logging.privateLogViewer,resourcemanager.projects.get,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -logging.privateLogViewer,logging.sinks.list,True,True,service_roles (Unspecified - INTERNAL),logging.googleapis.com (GA - PUBLIC) -logging.privateLogViewer,logging.privateLogEntries.list,True,True,service_roles (Unspecified - INTERNAL),logging.googleapis.com (GA - PUBLIC) -logging.privateLogViewer,logging.logEntries.list,True,True,service_roles (Unspecified - INTERNAL),logging.googleapis.com (GA - PUBLIC) -logging.privateLogViewer,logging.logServiceIndexes.list,True,True,service_roles (Unspecified - INTERNAL),logging.googleapis.com (GA - PUBLIC) -logging.privateLogViewer,logging.usage.get,True,True,service_roles (Unspecified - INTERNAL),logging.googleapis.com (GA - PUBLIC) -logging.privateLogViewer,logging.sinks.get,True,True,service_roles (Unspecified - INTERNAL),logging.googleapis.com (GA - PUBLIC) -logging.privateLogViewer,logging.logs.list,True,True,service_roles (Unspecified - INTERNAL),logging.googleapis.com (GA - PUBLIC) -logging.privateLogViewer,logging.logServices.list,True,True,service_roles (Unspecified - INTERNAL),logging.googleapis.com (GA - PUBLIC) -logging.privateLogViewer,logging.logMetrics.get,True,True,service_roles (Unspecified - INTERNAL),logging.googleapis.com (GA - PUBLIC) -logging.privateLogViewer,logging.exclusions.get,True,True,service_roles (Unspecified - INTERNAL),logging.googleapis.com (GA - PUBLIC) -logging.privateLogViewer,logging.logMetrics.list,True,True,service_roles (Unspecified - INTERNAL),logging.googleapis.com (GA - PUBLIC) -logging.privateLogViewer,logging.exclusions.list,True,True,service_roles (Unspecified - INTERNAL),logging.googleapis.com (GA - PUBLIC) -logging.viewer,resourcemanager.projects.get,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -logging.viewer,logging.sinks.list,True,True,service_roles (Unspecified - INTERNAL),logging.googleapis.com (GA - PUBLIC) -logging.viewer,logging.logEntries.list,True,True,service_roles (Unspecified - INTERNAL),logging.googleapis.com (GA - PUBLIC) -logging.viewer,logging.logServiceIndexes.list,True,True,service_roles (Unspecified - INTERNAL),logging.googleapis.com (GA - PUBLIC) -logging.viewer,logging.usage.get,True,True,service_roles (Unspecified - INTERNAL),logging.googleapis.com (GA - PUBLIC) -logging.viewer,logging.sinks.get,True,True,service_roles (Unspecified - INTERNAL),logging.googleapis.com (GA - PUBLIC) -logging.viewer,logging.logs.list,True,True,service_roles (Unspecified - INTERNAL),logging.googleapis.com (GA - PUBLIC) -logging.viewer,logging.logServices.list,True,True,service_roles (Unspecified - INTERNAL),logging.googleapis.com (GA - PUBLIC) -logging.viewer,logging.logMetrics.get,True,True,service_roles (Unspecified - INTERNAL),logging.googleapis.com (GA - PUBLIC) -logging.viewer,logging.exclusions.get,True,True,service_roles (Unspecified - INTERNAL),logging.googleapis.com (GA - PUBLIC) -logging.viewer,logging.logMetrics.list,True,True,service_roles (Unspecified - INTERNAL),logging.googleapis.com (GA - PUBLIC) -logging.viewer,logging.exclusions.list,True,True,service_roles (Unspecified - INTERNAL),logging.googleapis.com (GA - PUBLIC) -ml.admin,resourcemanager.projects.get,True,True,ml.googleapis.com (BETA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -ml.developer,ml.pipelines.get,True,True,ml.googleapis.com (BETA - PUBLIC),ml.googleapis.com (BETA - PUBLIC) -ml.developer,ml.jobs.list,True,True,ml.googleapis.com (BETA - PUBLIC),ml.googleapis.com (BETA - PUBLIC) -ml.developer,resourcemanager.projects.get,True,True,ml.googleapis.com (BETA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -ml.developer,ml.versions.list,True,True,ml.googleapis.com (BETA - PUBLIC),ml.googleapis.com (BETA - PUBLIC) -ml.developer,ml.models.getIamPolicy,True,True,ml.googleapis.com (BETA - PUBLIC),ml.googleapis.com (BETA - PUBLIC) -ml.developer,ml.models.get,True,True,ml.googleapis.com (BETA - PUBLIC),ml.googleapis.com (BETA - PUBLIC) -ml.developer,ml.models.create,True,True,ml.googleapis.com (BETA - PUBLIC),ml.googleapis.com (BETA - PUBLIC) -ml.developer,ml.pipelines.list,True,True,ml.googleapis.com (BETA - PUBLIC),ml.googleapis.com (BETA - PUBLIC) -ml.developer,ml.operations.list,True,True,ml.googleapis.com (BETA - PUBLIC),ml.googleapis.com (BETA - PUBLIC) -ml.developer,ml.versions.predict,True,True,ml.googleapis.com (BETA - PUBLIC),ml.googleapis.com (BETA - PUBLIC) -ml.developer,ml.operations.getIamPolicy,True,True,ml.googleapis.com (BETA - PUBLIC),ml.googleapis.com (BETA - PUBLIC) -ml.developer,ml.models.list,True,True,ml.googleapis.com (BETA - PUBLIC),ml.googleapis.com (BETA - PUBLIC) -ml.developer,ml.runs.list,True,True,ml.googleapis.com (BETA - PUBLIC),ml.googleapis.com (BETA - PUBLIC) -ml.developer,ml.jobs.getIamPolicy,True,True,ml.googleapis.com (BETA - PUBLIC),ml.googleapis.com (BETA - PUBLIC) -ml.developer,ml.operations.get,True,True,ml.googleapis.com (BETA - PUBLIC),ml.googleapis.com (BETA - PUBLIC) -ml.developer,ml.models.predict,True,True,ml.googleapis.com (BETA - PUBLIC),ml.googleapis.com (BETA - PUBLIC) -ml.developer,ml.runs.get,True,True,ml.googleapis.com (BETA - PUBLIC),ml.googleapis.com (BETA - PUBLIC) -ml.developer,ml.jobs.get,True,True,ml.googleapis.com (BETA - PUBLIC),ml.googleapis.com (BETA - PUBLIC) -ml.developer,ml.jobs.create,True,True,ml.googleapis.com (BETA - PUBLIC),ml.googleapis.com (BETA - PUBLIC) -ml.developer,ml.projects.getConfig,True,True,ml.googleapis.com (BETA - PUBLIC),ml.googleapis.com (BETA - PUBLIC) -ml.developer,ml.versions.get,True,True,ml.googleapis.com (BETA - PUBLIC),ml.googleapis.com (BETA - PUBLIC) -ml.modelUser,ml.versions.list,True,True,ml.googleapis.com (BETA - PUBLIC),ml.googleapis.com (BETA - PUBLIC) -ml.modelUser,ml.models.get,True,True,ml.googleapis.com (BETA - PUBLIC),ml.googleapis.com (BETA - PUBLIC) -ml.modelUser,ml.versions.predict,True,True,ml.googleapis.com (BETA - PUBLIC),ml.googleapis.com (BETA - PUBLIC) -ml.modelUser,ml.models.predict,True,True,ml.googleapis.com (BETA - PUBLIC),ml.googleapis.com (BETA - PUBLIC) -ml.modelUser,ml.versions.get,True,True,ml.googleapis.com (BETA - PUBLIC),ml.googleapis.com (BETA - PUBLIC) -ml.viewer,ml.pipelines.get,True,True,ml.googleapis.com (BETA - PUBLIC),ml.googleapis.com (BETA - PUBLIC) -ml.viewer,ml.jobs.list,True,True,ml.googleapis.com (BETA - PUBLIC),ml.googleapis.com (BETA - PUBLIC) -ml.viewer,resourcemanager.projects.get,True,True,ml.googleapis.com (BETA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -ml.viewer,ml.versions.list,True,True,ml.googleapis.com (BETA - PUBLIC),ml.googleapis.com (BETA - PUBLIC) -ml.viewer,ml.models.get,True,True,ml.googleapis.com (BETA - PUBLIC),ml.googleapis.com (BETA - PUBLIC) -ml.viewer,ml.pipelines.list,True,True,ml.googleapis.com (BETA - PUBLIC),ml.googleapis.com (BETA - PUBLIC) -ml.viewer,ml.operations.list,True,True,ml.googleapis.com (BETA - PUBLIC),ml.googleapis.com (BETA - PUBLIC) -ml.viewer,ml.models.list,True,True,ml.googleapis.com (BETA - PUBLIC),ml.googleapis.com (BETA - PUBLIC) -ml.viewer,ml.runs.list,True,True,ml.googleapis.com (BETA - PUBLIC),ml.googleapis.com (BETA - PUBLIC) -ml.viewer,ml.operations.get,True,True,ml.googleapis.com (BETA - PUBLIC),ml.googleapis.com (BETA - PUBLIC) -ml.viewer,ml.runs.get,True,True,ml.googleapis.com (BETA - PUBLIC),ml.googleapis.com (BETA - PUBLIC) -ml.viewer,ml.jobs.get,True,True,ml.googleapis.com (BETA - PUBLIC),ml.googleapis.com (BETA - PUBLIC) -ml.viewer,ml.projects.getConfig,True,True,ml.googleapis.com (BETA - PUBLIC),ml.googleapis.com (BETA - PUBLIC) -ml.viewer,ml.versions.get,True,True,ml.googleapis.com (BETA - PUBLIC),ml.googleapis.com (BETA - PUBLIC) -mobilecrashreporting.symbolMappingsAdmin,resourcemanager.projects.get,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -monitoring.admin,monitoring.monitoredResourceDescriptors.list,True,True,monitoring.googleapis.com (GA - PUBLIC),monitoring.googleapis.com (GA - PUBLIC) -monitoring.admin,monitoring.groups.list,True,True,monitoring.googleapis.com (GA - PUBLIC),monitoring.googleapis.com (GA - PUBLIC) -monitoring.admin,resourcemanager.projects.list,True,True,monitoring.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -monitoring.admin,resourcemanager.projects.get,True,True,monitoring.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -monitoring.admin,monitoring.groups.get,True,True,monitoring.googleapis.com (GA - PUBLIC),monitoring.googleapis.com (GA - PUBLIC) -monitoring.admin,monitoring.metricDescriptors.create,True,True,monitoring.googleapis.com (GA - PUBLIC),monitoring.googleapis.com (GA - PUBLIC) -monitoring.admin,monitoring.metricDescriptors.delete,True,True,monitoring.googleapis.com (GA - PUBLIC),monitoring.googleapis.com (GA - PUBLIC) -monitoring.admin,monitoring.metricDescriptors.list,True,True,monitoring.googleapis.com (GA - PUBLIC),monitoring.googleapis.com (GA - PUBLIC) -monitoring.admin,monitoring.groups.update,True,True,monitoring.googleapis.com (GA - PUBLIC),monitoring.googleapis.com (GA - PUBLIC) -monitoring.admin,monitoring.timeSeries.list,True,True,monitoring.googleapis.com (GA - PUBLIC),monitoring.googleapis.com (GA - PUBLIC) -monitoring.admin,monitoring.monitoredResourceDescriptors.get,True,True,monitoring.googleapis.com (GA - PUBLIC),monitoring.googleapis.com (GA - PUBLIC) -monitoring.admin,monitoring.groups.create,True,True,monitoring.googleapis.com (GA - PUBLIC),monitoring.googleapis.com (GA - PUBLIC) -monitoring.admin,monitoring.timeSeries.create,True,True,monitoring.googleapis.com (GA - PUBLIC),monitoring.googleapis.com (GA - PUBLIC) -monitoring.admin,monitoring.metricDescriptors.get,True,True,monitoring.googleapis.com (GA - PUBLIC),monitoring.googleapis.com (GA - PUBLIC) -monitoring.admin,monitoring.groups.delete,True,True,monitoring.googleapis.com (GA - PUBLIC),monitoring.googleapis.com (GA - PUBLIC) -monitoring.editor,monitoring.monitoredResourceDescriptors.list,True,True,monitoring.googleapis.com (GA - PUBLIC),monitoring.googleapis.com (GA - PUBLIC) -monitoring.editor,monitoring.groups.list,True,True,monitoring.googleapis.com (GA - PUBLIC),monitoring.googleapis.com (GA - PUBLIC) -monitoring.editor,resourcemanager.projects.list,True,True,monitoring.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -monitoring.editor,resourcemanager.projects.get,True,True,monitoring.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -monitoring.editor,monitoring.groups.get,True,True,monitoring.googleapis.com (GA - PUBLIC),monitoring.googleapis.com (GA - PUBLIC) -monitoring.editor,monitoring.metricDescriptors.create,True,True,monitoring.googleapis.com (GA - PUBLIC),monitoring.googleapis.com (GA - PUBLIC) -monitoring.editor,monitoring.metricDescriptors.delete,True,True,monitoring.googleapis.com (GA - PUBLIC),monitoring.googleapis.com (GA - PUBLIC) -monitoring.editor,monitoring.metricDescriptors.list,True,True,monitoring.googleapis.com (GA - PUBLIC),monitoring.googleapis.com (GA - PUBLIC) -monitoring.editor,monitoring.groups.update,True,True,monitoring.googleapis.com (GA - PUBLIC),monitoring.googleapis.com (GA - PUBLIC) -monitoring.editor,monitoring.timeSeries.list,True,True,monitoring.googleapis.com (GA - PUBLIC),monitoring.googleapis.com (GA - PUBLIC) -monitoring.editor,monitoring.monitoredResourceDescriptors.get,True,True,monitoring.googleapis.com (GA - PUBLIC),monitoring.googleapis.com (GA - PUBLIC) -monitoring.editor,monitoring.groups.create,True,True,monitoring.googleapis.com (GA - PUBLIC),monitoring.googleapis.com (GA - PUBLIC) -monitoring.editor,monitoring.timeSeries.create,True,True,monitoring.googleapis.com (GA - PUBLIC),monitoring.googleapis.com (GA - PUBLIC) -monitoring.editor,monitoring.metricDescriptors.get,True,True,monitoring.googleapis.com (GA - PUBLIC),monitoring.googleapis.com (GA - PUBLIC) -monitoring.editor,monitoring.groups.delete,True,True,monitoring.googleapis.com (GA - PUBLIC),monitoring.googleapis.com (GA - PUBLIC) -monitoring.metricWriter,monitoring.monitoredResourceDescriptors.list,True,True,monitoring.googleapis.com (GA - PUBLIC),monitoring.googleapis.com (GA - PUBLIC) -monitoring.metricWriter,monitoring.metricDescriptors.create,True,True,monitoring.googleapis.com (GA - PUBLIC),monitoring.googleapis.com (GA - PUBLIC) -monitoring.metricWriter,monitoring.metricDescriptors.list,True,True,monitoring.googleapis.com (GA - PUBLIC),monitoring.googleapis.com (GA - PUBLIC) -monitoring.metricWriter,monitoring.monitoredResourceDescriptors.get,True,True,monitoring.googleapis.com (GA - PUBLIC),monitoring.googleapis.com (GA - PUBLIC) -monitoring.metricWriter,monitoring.timeSeries.create,True,True,monitoring.googleapis.com (GA - PUBLIC),monitoring.googleapis.com (GA - PUBLIC) -monitoring.metricWriter,monitoring.metricDescriptors.get,True,True,monitoring.googleapis.com (GA - PUBLIC),monitoring.googleapis.com (GA - PUBLIC) -monitoring.viewer,monitoring.monitoredResourceDescriptors.list,True,True,monitoring.googleapis.com (GA - PUBLIC),monitoring.googleapis.com (GA - PUBLIC) -monitoring.viewer,monitoring.groups.list,True,True,monitoring.googleapis.com (GA - PUBLIC),monitoring.googleapis.com (GA - PUBLIC) -monitoring.viewer,resourcemanager.projects.list,True,True,monitoring.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -monitoring.viewer,resourcemanager.projects.get,True,True,monitoring.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -monitoring.viewer,monitoring.groups.get,True,True,monitoring.googleapis.com (GA - PUBLIC),monitoring.googleapis.com (GA - PUBLIC) -monitoring.viewer,monitoring.metricDescriptors.list,True,True,monitoring.googleapis.com (GA - PUBLIC),monitoring.googleapis.com (GA - PUBLIC) -monitoring.viewer,monitoring.timeSeries.list,True,True,monitoring.googleapis.com (GA - PUBLIC),monitoring.googleapis.com (GA - PUBLIC) -monitoring.viewer,monitoring.monitoredResourceDescriptors.get,True,True,monitoring.googleapis.com (GA - PUBLIC),monitoring.googleapis.com (GA - PUBLIC) -monitoring.viewer,monitoring.metricDescriptors.get,True,True,monitoring.googleapis.com (GA - PUBLIC),monitoring.googleapis.com (GA - PUBLIC) -orgpolicy.policyAdmin,orgpolicy.policy.set,True,True,cloudresourcemanager.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -orgpolicy.policyViewer,orgpolicy.policy.get,True,True,cloudresourcemanager.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -proximitybeacon.attachmentEditor,resourcemanager.projects.list,True,True,proximitybeacon.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -proximitybeacon.attachmentEditor,resourcemanager.projects.get,True,True,proximitybeacon.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -proximitybeacon.attachmentEditor,proximitybeacon.attachments.list,True,True,proximitybeacon.googleapis.com (GA - PUBLIC),proximitybeacon.googleapis.com (GA - PUBLIC) -proximitybeacon.attachmentEditor,proximitybeacon.namespaces.list,True,True,proximitybeacon.googleapis.com (GA - PUBLIC),proximitybeacon.googleapis.com (GA - PUBLIC) -proximitybeacon.attachmentEditor,proximitybeacon.attachments.get,True,True,proximitybeacon.googleapis.com (GA - PUBLIC),proximitybeacon.googleapis.com (GA - PUBLIC) -proximitybeacon.attachmentEditor,proximitybeacon.attachments.delete,True,True,proximitybeacon.googleapis.com (GA - PUBLIC),proximitybeacon.googleapis.com (GA - PUBLIC) -proximitybeacon.attachmentEditor,proximitybeacon.attachments.create,True,True,proximitybeacon.googleapis.com (GA - PUBLIC),proximitybeacon.googleapis.com (GA - PUBLIC) -proximitybeacon.attachmentPublisher,resourcemanager.projects.list,True,True,proximitybeacon.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -proximitybeacon.attachmentPublisher,resourcemanager.projects.get,True,True,proximitybeacon.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -proximitybeacon.attachmentPublisher,proximitybeacon.beacons.list,True,True,proximitybeacon.googleapis.com (GA - PUBLIC),proximitybeacon.googleapis.com (GA - PUBLIC) -proximitybeacon.attachmentPublisher,proximitybeacon.beacons.attach,True,True,proximitybeacon.googleapis.com (GA - PUBLIC),proximitybeacon.googleapis.com (GA - PUBLIC) -proximitybeacon.attachmentPublisher,proximitybeacon.beacons.get,True,True,proximitybeacon.googleapis.com (GA - PUBLIC),proximitybeacon.googleapis.com (GA - PUBLIC) -proximitybeacon.attachmentViewer,resourcemanager.projects.list,True,True,proximitybeacon.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -proximitybeacon.attachmentViewer,resourcemanager.projects.get,True,True,proximitybeacon.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -proximitybeacon.attachmentViewer,proximitybeacon.attachments.list,True,True,proximitybeacon.googleapis.com (GA - PUBLIC),proximitybeacon.googleapis.com (GA - PUBLIC) -proximitybeacon.attachmentViewer,proximitybeacon.attachments.get,True,True,proximitybeacon.googleapis.com (GA - PUBLIC),proximitybeacon.googleapis.com (GA - PUBLIC) -proximitybeacon.beaconEditor,resourcemanager.projects.list,True,True,proximitybeacon.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -proximitybeacon.beaconEditor,resourcemanager.projects.get,True,True,proximitybeacon.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -proximitybeacon.beaconEditor,proximitybeacon.beacons.list,True,True,proximitybeacon.googleapis.com (GA - PUBLIC),proximitybeacon.googleapis.com (GA - PUBLIC) -proximitybeacon.beaconEditor,proximitybeacon.beacons.update,True,True,proximitybeacon.googleapis.com (GA - PUBLIC),proximitybeacon.googleapis.com (GA - PUBLIC) -proximitybeacon.beaconEditor,proximitybeacon.beacons.create,True,True,proximitybeacon.googleapis.com (GA - PUBLIC),proximitybeacon.googleapis.com (GA - PUBLIC) -proximitybeacon.beaconEditor,proximitybeacon.beacons.get,True,True,proximitybeacon.googleapis.com (GA - PUBLIC),proximitybeacon.googleapis.com (GA - PUBLIC) -pubsub.admin,pubsub.topics.getIamPolicy,True,True,pubsub.googleapis.com (GA - PUBLIC),pubsub.googleapis.com (GA - PUBLIC) -pubsub.admin,pubsub.subscriptions.delete,True,True,pubsub.googleapis.com (GA - PUBLIC),pubsub.googleapis.com (GA - PUBLIC) -pubsub.admin,resourcemanager.projects.get,True,True,pubsub.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -pubsub.admin,pubsub.subscriptions.getIamPolicy,True,True,pubsub.googleapis.com (GA - PUBLIC),pubsub.googleapis.com (GA - PUBLIC) -pubsub.admin,pubsub.topics.get,True,True,pubsub.googleapis.com (GA - PUBLIC),pubsub.googleapis.com (GA - PUBLIC) -pubsub.admin,pubsub.topics.list,True,True,pubsub.googleapis.com (GA - PUBLIC),pubsub.googleapis.com (GA - PUBLIC) -pubsub.admin,pubsub.subscriptions.setIamPolicy,True,True,pubsub.googleapis.com (GA - PUBLIC),pubsub.googleapis.com (GA - PUBLIC) -pubsub.admin,pubsub.topics.delete,True,True,pubsub.googleapis.com (GA - PUBLIC),pubsub.googleapis.com (GA - PUBLIC) -pubsub.admin,pubsub.topics.publish,True,True,pubsub.googleapis.com (GA - PUBLIC),pubsub.googleapis.com (GA - PUBLIC) -pubsub.admin,pubsub.topics.attachSubscription,True,True,pubsub.googleapis.com (GA - PUBLIC),pubsub.googleapis.com (GA - PUBLIC) -pubsub.admin,pubsub.topics.update,True,True,pubsub.googleapis.com (GA - PUBLIC),pubsub.googleapis.com (GA - PUBLIC) -pubsub.admin,pubsub.subscriptions.update,True,True,pubsub.googleapis.com (GA - PUBLIC),pubsub.googleapis.com (GA - PUBLIC) -pubsub.admin,pubsub.subscriptions.get,True,True,pubsub.googleapis.com (GA - PUBLIC),pubsub.googleapis.com (GA - PUBLIC) -pubsub.admin,pubsub.subscriptions.consume,True,True,pubsub.googleapis.com (GA - PUBLIC),pubsub.googleapis.com (GA - PUBLIC) -pubsub.admin,pubsub.topics.create,True,True,pubsub.googleapis.com (GA - PUBLIC),pubsub.googleapis.com (GA - PUBLIC) -pubsub.admin,pubsub.subscriptions.list,True,True,pubsub.googleapis.com (GA - PUBLIC),pubsub.googleapis.com (GA - PUBLIC) -pubsub.admin,pubsub.subscriptions.create,True,True,pubsub.googleapis.com (GA - PUBLIC),pubsub.googleapis.com (GA - PUBLIC) -pubsub.admin,pubsub.topics.setIamPolicy,True,True,pubsub.googleapis.com (GA - PUBLIC),pubsub.googleapis.com (GA - PUBLIC) -pubsub.editor,pubsub.subscriptions.delete,True,True,pubsub.googleapis.com (GA - PUBLIC),pubsub.googleapis.com (GA - PUBLIC) -pubsub.editor,resourcemanager.projects.get,True,True,pubsub.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -pubsub.editor,pubsub.topics.get,True,True,pubsub.googleapis.com (GA - PUBLIC),pubsub.googleapis.com (GA - PUBLIC) -pubsub.editor,pubsub.topics.list,True,True,pubsub.googleapis.com (GA - PUBLIC),pubsub.googleapis.com (GA - PUBLIC) -pubsub.editor,pubsub.topics.delete,True,True,pubsub.googleapis.com (GA - PUBLIC),pubsub.googleapis.com (GA - PUBLIC) -pubsub.editor,pubsub.topics.publish,True,True,pubsub.googleapis.com (GA - PUBLIC),pubsub.googleapis.com (GA - PUBLIC) -pubsub.editor,pubsub.topics.attachSubscription,True,True,pubsub.googleapis.com (GA - PUBLIC),pubsub.googleapis.com (GA - PUBLIC) -pubsub.editor,pubsub.topics.update,True,True,pubsub.googleapis.com (GA - PUBLIC),pubsub.googleapis.com (GA - PUBLIC) -pubsub.editor,pubsub.subscriptions.update,True,True,pubsub.googleapis.com (GA - PUBLIC),pubsub.googleapis.com (GA - PUBLIC) -pubsub.editor,pubsub.subscriptions.get,True,True,pubsub.googleapis.com (GA - PUBLIC),pubsub.googleapis.com (GA - PUBLIC) -pubsub.editor,pubsub.subscriptions.consume,True,True,pubsub.googleapis.com (GA - PUBLIC),pubsub.googleapis.com (GA - PUBLIC) -pubsub.editor,pubsub.topics.create,True,True,pubsub.googleapis.com (GA - PUBLIC),pubsub.googleapis.com (GA - PUBLIC) -pubsub.editor,pubsub.subscriptions.list,True,True,pubsub.googleapis.com (GA - PUBLIC),pubsub.googleapis.com (GA - PUBLIC) -pubsub.editor,pubsub.subscriptions.create,True,True,pubsub.googleapis.com (GA - PUBLIC),pubsub.googleapis.com (GA - PUBLIC) -pubsub.publisher,pubsub.topics.publish,True,True,pubsub.googleapis.com (GA - PUBLIC),pubsub.googleapis.com (GA - PUBLIC) -pubsub.subscriber,pubsub.topics.attachSubscription,True,True,pubsub.googleapis.com (GA - PUBLIC),pubsub.googleapis.com (GA - PUBLIC) -pubsub.subscriber,pubsub.subscriptions.consume,True,True,pubsub.googleapis.com (GA - PUBLIC),pubsub.googleapis.com (GA - PUBLIC) -pubsub.viewer,resourcemanager.projects.get,True,True,pubsub.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -pubsub.viewer,pubsub.topics.get,True,True,pubsub.googleapis.com (GA - PUBLIC),pubsub.googleapis.com (GA - PUBLIC) -pubsub.viewer,pubsub.topics.list,True,True,pubsub.googleapis.com (GA - PUBLIC),pubsub.googleapis.com (GA - PUBLIC) -pubsub.viewer,pubsub.subscriptions.get,True,True,pubsub.googleapis.com (GA - PUBLIC),pubsub.googleapis.com (GA - PUBLIC) -pubsub.viewer,pubsub.subscriptions.list,True,True,pubsub.googleapis.com (GA - PUBLIC),pubsub.googleapis.com (GA - PUBLIC) -reservepartner.portalAdmin,reservepartner.portal.write,True,True,reservepartner.googleapis.com (GA - INTERNAL),reservepartner.googleapis.com (GA - INTERNAL) -reservepartner.portalAdmin,reservepartner.portal.read,True,True,reservepartner.googleapis.com (GA - INTERNAL),reservepartner.googleapis.com (GA - INTERNAL) -reservepartner.portalReader,reservepartner.portal.read,True,True,reservepartner.googleapis.com (GA - INTERNAL),reservepartner.googleapis.com (GA - INTERNAL) -resourcemanager.flexResourceDeleter,resourcemanager.flexResourceAdmin.deleteInstance,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.folderAdmin,resourcemanager.folders.delete,True,True,cloudresourcemanager.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.folderAdmin,resourcemanager.projects.list,True,True,cloudresourcemanager.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.folderAdmin,resourcemanager.projects.move,True,True,cloudresourcemanager.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.folderAdmin,resourcemanager.projects.get,True,True,cloudresourcemanager.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.folderAdmin,resourcemanager.folders.setIamPolicy,True,True,cloudresourcemanager.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.folderAdmin,resourcemanager.folders.update,True,True,cloudresourcemanager.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.folderAdmin,orgpolicy.policy.get,True,True,cloudresourcemanager.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.folderAdmin,resourcemanager.folders.undelete,True,True,cloudresourcemanager.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.folderAdmin,resourcemanager.folders.list,True,True,cloudresourcemanager.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.folderAdmin,resourcemanager.folders.create,True,True,cloudresourcemanager.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.folderAdmin,resourcemanager.folders.getIamPolicy,True,True,cloudresourcemanager.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.folderAdmin,resourcemanager.folders.get,True,True,cloudresourcemanager.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.folderAdmin,resourcemanager.folders.move,True,True,cloudresourcemanager.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.folderCreator,resourcemanager.projects.list,True,True,cloudresourcemanager.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.folderCreator,resourcemanager.projects.get,True,True,cloudresourcemanager.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.folderCreator,orgpolicy.policy.get,True,True,cloudresourcemanager.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.folderCreator,resourcemanager.folders.list,True,True,cloudresourcemanager.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.folderCreator,resourcemanager.folders.create,True,True,cloudresourcemanager.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.folderCreator,resourcemanager.folders.get,True,True,cloudresourcemanager.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.folderDeleter,resourcemanager.folders.delete,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.folderEditor,resourcemanager.folders.delete,True,True,cloudresourcemanager.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.folderEditor,resourcemanager.projects.list,True,True,cloudresourcemanager.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.folderEditor,resourcemanager.projects.get,True,True,cloudresourcemanager.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.folderEditor,resourcemanager.folders.update,True,True,cloudresourcemanager.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.folderEditor,orgpolicy.policy.get,True,True,cloudresourcemanager.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.folderEditor,resourcemanager.folders.undelete,True,True,cloudresourcemanager.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.folderEditor,resourcemanager.folders.list,True,True,cloudresourcemanager.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.folderEditor,resourcemanager.folders.getIamPolicy,True,True,cloudresourcemanager.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.folderEditor,resourcemanager.folders.get,True,True,cloudresourcemanager.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.folderIamAdmin,resourcemanager.folders.setIamPolicy,True,True,cloudresourcemanager.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.folderIamAdmin,resourcemanager.folders.getIamPolicy,True,True,cloudresourcemanager.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.folderMover,resourcemanager.projects.move,True,True,cloudresourcemanager.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.folderMover,resourcemanager.folders.move,True,True,cloudresourcemanager.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.folderViewer,resourcemanager.projects.list,True,True,cloudresourcemanager.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.folderViewer,resourcemanager.projects.get,True,True,cloudresourcemanager.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.folderViewer,orgpolicy.policy.get,True,True,cloudresourcemanager.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.folderViewer,resourcemanager.folders.list,True,True,cloudresourcemanager.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.folderViewer,resourcemanager.folders.get,True,True,cloudresourcemanager.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminOrganizationReader,resourcemanager.projects.list,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminOrganizationReader,resourcemanager.projects.get,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminOrganizationReader,resourcemanager.organizations.get,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminOrganizationReader,orgpolicy.policy.get,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminOrganizationReader,resourcemanager.folders.list,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminOrganizationReader,resourcemanager.organizations.getIamPolicy,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminOrganizationReader,resourcemanager.projects.getIamPolicy,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminOrganizationReader,resourcemanager.folders.getIamPolicy,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminOrganizationReader,resourcemanager.folders.get,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.thirdPartyObjects.get,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.resourceQuotas.get,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.daemonSets.list,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.services.list,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,monitoring.monitoredResourceDescriptors.list,True,True,service_roles (Unspecified - INTERNAL),monitoring.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.deployments.get,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.componentStatuses.get,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.scheduledJobs.get,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,monitoring.groups.list,True,True,service_roles (Unspecified - INTERNAL),monitoring.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.ingresses.get,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.subnetworks.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.addresses.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.namespaces.list,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.targetSslProxies.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.diskTypes.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,spanner.databases.list,True,True,service_roles (Unspecified - INTERNAL),spanner.googleapis.com (BETA - PUBLIC) -resourcemanager.googleAdminProjectReader,cloudkms.keyRings.getIamPolicy,True,True,service_roles (Unspecified - INTERNAL),cloudkms.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.networkPolicies.list,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.instanceGroups.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.roleBindings.get,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.healthChecks.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,datastore.namespaces.list,True,True,service_roles (Unspecified - INTERNAL),datastore.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.targetInstances.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,spanner.databaseOperations.list,True,True,service_roles (Unspecified - INTERNAL),spanner.googleapis.com (BETA - PUBLIC) -resourcemanager.googleAdminProjectReader,deploymentmanager.manifests.get,True,True,service_roles (Unspecified - INTERNAL),deploymentmanager.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,resourcemanager.projects.list,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.backendBuckets.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,cloudsql.sslCerts.get,True,True,service_roles (Unspecified - INTERNAL),cloudsql.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.podDisruptionBudgets.list,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.configMaps.list,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.firewalls.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,clientauthconfig.brands.get,True,True,service_roles (Unspecified - INTERNAL),clientauthconfig.googleapis.com (BETA - INTERNAL) -resourcemanager.googleAdminProjectReader,deploymentmanager.typeProviders.get,True,True,service_roles (Unspecified - INTERNAL),deploymentmanager.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,ml.pipelines.get,True,True,service_roles (Unspecified - INTERNAL),ml.googleapis.com (BETA - PUBLIC) -resourcemanager.googleAdminProjectReader,spanner.databases.get,True,True,service_roles (Unspecified - INTERNAL),spanner.googleapis.com (BETA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.routes.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.httpsHealthChecks.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.petSets.get,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,ml.jobs.list,True,True,service_roles (Unspecified - INTERNAL),ml.googleapis.com (BETA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.thirdPartyObjects.list,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,resourcemanager.projects.get,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,datastore.statistics.get,True,True,service_roles (Unspecified - INTERNAL),datastore.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.globalOperations.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,ml.versions.list,True,True,service_roles (Unspecified - INTERNAL),ml.googleapis.com (BETA - PUBLIC) -resourcemanager.googleAdminProjectReader,errorreporting.groups.list,True,True,service_roles (Unspecified - INTERNAL),clouderrorreporting.googleapis.com (BETA - PUBLIC) -resourcemanager.googleAdminProjectReader,dataflow.metrics.get,True,True,service_roles (Unspecified - INTERNAL),dataflow.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,servicemanagement.services.get,True,True,service_roles (Unspecified - INTERNAL),servicemanagement.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.instances.listReferrers,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.machineTypes.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.operations.list,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,cloudsql.backupRuns.get,True,True,service_roles (Unspecified - INTERNAL),cloudsql.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.routes.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,pubsub.topics.get,True,True,service_roles (Unspecified - INTERNAL),pubsub.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.replicationControllers.get,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,spanner.instances.get,True,True,service_roles (Unspecified - INTERNAL),spanner.googleapis.com (BETA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.routers.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,cloudsql.users.list,True,True,service_roles (Unspecified - INTERNAL),cloudsql.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.namespaces.get,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.licenses.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.interconnectAttachments.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.licenses.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,datastore.databases.list,True,True,service_roles (Unspecified - INTERNAL),datastore.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,deploymentmanager.resources.list,True,True,service_roles (Unspecified - INTERNAL),deploymentmanager.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,cloudsql.instances.list,True,True,service_roles (Unspecified - INTERNAL),cloudsql.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.forwardingRules.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.events.get,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,cloudsql.backupRuns.list,True,True,service_roles (Unspecified - INTERNAL),cloudsql.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.statefulSets.list,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,spanner.instanceOperations.get,True,True,service_roles (Unspecified - INTERNAL),spanner.googleapis.com (BETA - PUBLIC) -resourcemanager.googleAdminProjectReader,iam.serviceAccountKeys.list,True,True,service_roles (Unspecified - INTERNAL),iam.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,logging.sinks.list,True,True,service_roles (Unspecified - INTERNAL),logging.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.networks.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.persistentVolumeClaims.list,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.targetVpnGateways.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.images.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,ml.models.get,True,True,service_roles (Unspecified - INTERNAL),ml.googleapis.com (BETA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.podDisruptionBudgets.get,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,genomics.operations.list,True,True,service_roles (Unspecified - INTERNAL),genomics.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.configMaps.get,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.addresses.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,dataproc.agents.get,True,True,service_roles (Unspecified - INTERNAL),dataproc.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.interconnectLocations.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,dataflow.jobs.list,True,True,service_roles (Unspecified - INTERNAL),dataflow.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,resourcemanager.organizations.get,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.acceleratorTypes.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,appengine.versions.get,True,True,service_roles (Unspecified - INTERNAL),appengine.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,deploymentmanager.manifests.list,True,True,service_roles (Unspecified - INTERNAL),deploymentmanager.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,pubsub.topics.list,True,True,service_roles (Unspecified - INTERNAL),pubsub.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.operations.get,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,datastore.namespaces.get,True,True,service_roles (Unspecified - INTERNAL),datastore.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.interconnectLocations.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,spanner.databaseOperations.get,True,True,service_roles (Unspecified - INTERNAL),spanner.googleapis.com (BETA - PUBLIC) -resourcemanager.googleAdminProjectReader,monitoring.groups.get,True,True,service_roles (Unspecified - INTERNAL),monitoring.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,cloudtrace.tasks.get,True,True,service_roles (Unspecified - INTERNAL),cloudtrace.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,cloudsql.databases.get,True,True,service_roles (Unspecified - INTERNAL),cloudsql.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,appengine.services.get,True,True,service_roles (Unspecified - INTERNAL),appengine.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.bindings.get,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,appengine.operations.get,True,True,service_roles (Unspecified - INTERNAL),appengine.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.limitRanges.get,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.targetPools.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,ml.pipelines.list,True,True,service_roles (Unspecified - INTERNAL),ml.googleapis.com (BETA - PUBLIC) -resourcemanager.googleAdminProjectReader,serviceusage.apiKeys.list,True,True,service_roles (Unspecified - INTERNAL),serviceusage.googleapis.com (BETA - INTERNAL) -resourcemanager.googleAdminProjectReader,compute.snapshots.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.roleBindings.list,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.targetSslProxies.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,serviceusage.services.get,True,True,service_roles (Unspecified - INTERNAL),serviceusage.googleapis.com (BETA - INTERNAL) -resourcemanager.googleAdminProjectReader,errorreporting.groupMetadata.get,True,True,service_roles (Unspecified - INTERNAL),clouderrorreporting.googleapis.com (BETA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.statefulSets.get,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.instances.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.zoneOperations.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.clusterRoleBindings.list,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,monitoring.metricDescriptors.list,True,True,service_roles (Unspecified - INTERNAL),monitoring.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.globalForwardingRules.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,ml.operations.list,True,True,service_roles (Unspecified - INTERNAL),ml.googleapis.com (BETA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.events.list,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.regions.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,serviceusage.apiKeys.getProjectForKey,True,True,service_roles (Unspecified - INTERNAL),serviceusage.googleapis.com (BETA - INTERNAL) -resourcemanager.googleAdminProjectReader,container.storageClasses.list,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.clusterRoles.list,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.snapshots.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.horizontalPodAutoscalers.get,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,appengine.applications.list,True,True,service_roles (Unspecified - INTERNAL),appengine.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,datastore.indexes.get,True,True,service_roles (Unspecified - INTERNAL),datastore.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.images.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.persistentVolumes.list,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.projects.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,clientauthconfig.clients.list,True,True,service_roles (Unspecified - INTERNAL),clientauthconfig.googleapis.com (BETA - INTERNAL) -resourcemanager.googleAdminProjectReader,compute.targetHttpProxies.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,cloudkms.cryptoKeyVersions.getIamPolicy,True,True,service_roles (Unspecified - INTERNAL),cloudkms.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.regionOperations.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.nodes.list,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,spanner.instances.list,True,True,service_roles (Unspecified - INTERNAL),spanner.googleapis.com (BETA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.roles.list,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.deployments.list,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,cloudkms.keyRings.get,True,True,service_roles (Unspecified - INTERNAL),cloudkms.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.instances.getSerialPortOutput,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.pods.get,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,appengine.instances.get,True,True,service_roles (Unspecified - INTERNAL),appengine.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.pods.list,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,errorreporting.applications.list,True,True,service_roles (Unspecified - INTERNAL),clouderrorreporting.googleapis.com (BETA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.httpHealthChecks.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,cloudtrace.insights.get,True,True,service_roles (Unspecified - INTERNAL),cloudtrace.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,dataproc.operations.get,True,True,service_roles (Unspecified - INTERNAL),dataproc.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.targetInstances.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.services.get,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,serviceusage.apiKeys.get,True,True,service_roles (Unspecified - INTERNAL),serviceusage.googleapis.com (BETA - INTERNAL) -resourcemanager.googleAdminProjectReader,cloudsql.sslCerts.list,True,True,service_roles (Unspecified - INTERNAL),cloudsql.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.cronJobs.get,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,ml.models.list,True,True,service_roles (Unspecified - INTERNAL),ml.googleapis.com (BETA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.nodes.get,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,cloudtrace.tasks.list,True,True,service_roles (Unspecified - INTERNAL),cloudtrace.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.healthChecks.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.secrets.get,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,spanner.sessions.list,True,True,service_roles (Unspecified - INTERNAL),spanner.googleapis.com (BETA - PUBLIC) -resourcemanager.googleAdminProjectReader,logging.logEntries.list,True,True,service_roles (Unspecified - INTERNAL),logging.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,logging.logServiceIndexes.list,True,True,service_roles (Unspecified - INTERNAL),logging.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,cloudtrace.stats.get,True,True,service_roles (Unspecified - INTERNAL),cloudtrace.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.machineTypes.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.urlMaps.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,storage.buckets.list,True,True,service_roles (Unspecified - INTERNAL),storage.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,monitoring.timeSeries.list,True,True,service_roles (Unspecified - INTERNAL),monitoring.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.horizontalPodAutoscalers.list,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,pubsub.subscriptions.get,True,True,service_roles (Unspecified - INTERNAL),pubsub.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.targetHttpsProxies.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,appengine.instances.list,True,True,service_roles (Unspecified - INTERNAL),appengine.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,deploymentmanager.operations.get,True,True,service_roles (Unspecified - INTERNAL),deploymentmanager.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,resourcemanager.folders.list,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,errorreporting.errorEvents.list,True,True,service_roles (Unspecified - INTERNAL),clouderrorreporting.googleapis.com (BETA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.httpsHealthChecks.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.daemonSets.get,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,deploymentmanager.resources.get,True,True,service_roles (Unspecified - INTERNAL),deploymentmanager.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.acceleratorTypes.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,servicemanagement.services.list,True,True,service_roles (Unspecified - INTERNAL),servicemanagement.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.subnetworks.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,deploymentmanager.deployments.list,True,True,service_roles (Unspecified - INTERNAL),deploymentmanager.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.clusters.list,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,serviceusage.quotas.get,True,True,service_roles (Unspecified - INTERNAL),serviceusage.googleapis.com (BETA - INTERNAL) -resourcemanager.googleAdminProjectReader,container.limitRanges.list,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,ml.runs.list,True,True,service_roles (Unspecified - INTERNAL),ml.googleapis.com (BETA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.firewalls.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.backendServices.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.podPresets.list,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.globalForwardingRules.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,iam.serviceAccounts.get,True,True,service_roles (Unspecified - INTERNAL),iam.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.disks.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,deploymentmanager.compositeTypes.list,True,True,service_roles (Unspecified - INTERNAL),deploymentmanager.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,dataproc.clusters.get,True,True,service_roles (Unspecified - INTERNAL),dataproc.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.networkPolicies.get,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.endpoints.list,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,cloudkms.keyRings.list,True,True,service_roles (Unspecified - INTERNAL),cloudkms.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,clientauthconfig.brands.list,True,True,service_roles (Unspecified - INTERNAL),clientauthconfig.googleapis.com (BETA - INTERNAL) -resourcemanager.googleAdminProjectReader,cloudtrace.traces.get,True,True,service_roles (Unspecified - INTERNAL),cloudtrace.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.sslCertificates.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.localSubjectAccessReviews.list,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.jobs.get,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.certificateSigningRequests.get,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.zones.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.thirdPartyResources.get,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,dataproc.jobs.list,True,True,service_roles (Unspecified - INTERNAL),dataproc.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.podTemplates.list,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.targetHttpProxies.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.replicaSets.list,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.instances.getGuestAttributes,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,datastore.statistics.list,True,True,service_roles (Unspecified - INTERNAL),datastore.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,dataproc.clusters.list,True,True,service_roles (Unspecified - INTERNAL),dataproc.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.targetHttpsProxies.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,dataproc.jobs.get,True,True,service_roles (Unspecified - INTERNAL),dataproc.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.replicationControllers.list,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,resourcemanager.organizations.getIamPolicy,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,deploymentmanager.operations.list,True,True,service_roles (Unspecified - INTERNAL),deploymentmanager.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.zoneOperations.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.instanceGroupManagers.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.instanceTemplates.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,cloudsql.databases.list,True,True,service_roles (Unspecified - INTERNAL),cloudsql.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,cloudkms.cryptoKeys.getIamPolicy,True,True,service_roles (Unspecified - INTERNAL),cloudkms.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.autoscalers.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.routers.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,logging.sinks.get,True,True,service_roles (Unspecified - INTERNAL),logging.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.instances.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,ml.operations.get,True,True,service_roles (Unspecified - INTERNAL),ml.googleapis.com (BETA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.resourceQuotas.list,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.persistentVolumes.get,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.bindings.list,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,dataproc.regions.list,True,True,service_roles (Unspecified - INTERNAL),dataproc.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.globalAddresses.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.jobs.list,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.clusterRoleBindings.get,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.regions.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,iam.serviceAccountKeys.get,True,True,service_roles (Unspecified - INTERNAL),iam.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.instanceGroupManagers.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,logging.logs.list,True,True,service_roles (Unspecified - INTERNAL),logging.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,appengine.applications.get,True,True,service_roles (Unspecified - INTERNAL),appengine.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,genomics.operations.get,True,True,service_roles (Unspecified - INTERNAL),genomics.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.commitments.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,storage.buckets.get,True,True,service_roles (Unspecified - INTERNAL),storage.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.interconnectAttachments.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.vpnTunnels.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,spanner.instanceOperations.list,True,True,service_roles (Unspecified - INTERNAL),spanner.googleapis.com (BETA - PUBLIC) -resourcemanager.googleAdminProjectReader,cloudnotifications.activities.list,True,True,service_roles (Unspecified - INTERNAL),cloudnotifications.googleapis.com (BETA - INTERNAL) -resourcemanager.googleAdminProjectReader,serviceusage.services.list,True,True,service_roles (Unspecified - INTERNAL),serviceusage.googleapis.com (BETA - INTERNAL) -resourcemanager.googleAdminProjectReader,datastore.databases.get,True,True,service_roles (Unspecified - INTERNAL),datastore.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,deploymentmanager.types.list,True,True,service_roles (Unspecified - INTERNAL),deploymentmanager.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,pubsub.subscriptions.list,True,True,service_roles (Unspecified - INTERNAL),pubsub.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,clientauthconfig.clients.get,True,True,service_roles (Unspecified - INTERNAL),clientauthconfig.googleapis.com (BETA - INTERNAL) -resourcemanager.googleAdminProjectReader,compute.backendBuckets.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,cloudtrace.insights.list,True,True,service_roles (Unspecified - INTERNAL),cloudtrace.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.globalOperations.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,appengine.operations.list,True,True,service_roles (Unspecified - INTERNAL),appengine.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.instanceGroups.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,spanner.instanceConfigs.list,True,True,service_roles (Unspecified - INTERNAL),spanner.googleapis.com (BETA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.sslPolicies.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.sslCertificates.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.clusterRoles.get,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.secrets.list,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.disks.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,resourcemanager.projects.getIamPolicy,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.forwardingRules.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,deploymentmanager.compositeTypes.get,True,True,service_roles (Unspecified - INTERNAL),deploymentmanager.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,cloudkms.cryptoKeys.list,True,True,service_roles (Unspecified - INTERNAL),cloudkms.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.petSets.list,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.diskTypes.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,resourcemanager.folders.getIamPolicy,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,appengine.services.list,True,True,service_roles (Unspecified - INTERNAL),appengine.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,deploymentmanager.deployments.get,True,True,service_roles (Unspecified - INTERNAL),deploymentmanager.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.serviceAccounts.list,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.interconnects.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.globalAddresses.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,resourcemanager.folders.get,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.vpnTunnels.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,appengine.versions.list,True,True,service_roles (Unspecified - INTERNAL),appengine.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.subjectAccessReviews.list,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,ml.runs.get,True,True,service_roles (Unspecified - INTERNAL),ml.googleapis.com (BETA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.podTemplates.get,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,dataproc.agents.list,True,True,service_roles (Unspecified - INTERNAL),dataproc.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.clusters.get,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,monitoring.monitoredResourceDescriptors.get,True,True,service_roles (Unspecified - INTERNAL),monitoring.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.roles.get,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,ml.jobs.get,True,True,service_roles (Unspecified - INTERNAL),ml.googleapis.com (BETA - PUBLIC) -resourcemanager.googleAdminProjectReader,logging.logServices.list,True,True,service_roles (Unspecified - INTERNAL),logging.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.endpoints.get,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.regionOperations.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.urlMaps.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,cloudkms.cryptoKeyVersions.get,True,True,service_roles (Unspecified - INTERNAL),cloudkms.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.ingresses.list,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.storageClasses.get,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,ml.projects.getConfig,True,True,service_roles (Unspecified - INTERNAL),ml.googleapis.com (BETA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.replicaSets.get,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,logging.logMetrics.get,True,True,service_roles (Unspecified - INTERNAL),logging.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.autoscalers.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.sslPolicies.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,cloudsql.instances.get,True,True,service_roles (Unspecified - INTERNAL),cloudsql.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.networks.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.backendServices.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,ml.versions.get,True,True,service_roles (Unspecified - INTERNAL),ml.googleapis.com (BETA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.targetVpnGateways.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.podPresets.get,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.commitments.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,cloudkms.cryptoKeyVersions.list,True,True,service_roles (Unspecified - INTERNAL),cloudkms.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.instanceTemplates.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.thirdPartyResources.list,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.targetPools.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,iam.serviceAccounts.list,True,True,service_roles (Unspecified - INTERNAL),iam.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.interconnects.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,spanner.sessions.get,True,True,service_roles (Unspecified - INTERNAL),spanner.googleapis.com (BETA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.selfSubjectAccessReviews.list,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,dataproc.operations.list,True,True,service_roles (Unspecified - INTERNAL),dataproc.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.serviceAccounts.get,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,monitoring.metricDescriptors.get,True,True,service_roles (Unspecified - INTERNAL),monitoring.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,cloudtrace.traces.list,True,True,service_roles (Unspecified - INTERNAL),cloudtrace.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,datastore.indexes.list,True,True,service_roles (Unspecified - INTERNAL),datastore.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.persistentVolumeClaims.get,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,spanner.instanceConfigs.get,True,True,service_roles (Unspecified - INTERNAL),spanner.googleapis.com (BETA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.zones.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,dataflow.messages.list,True,True,service_roles (Unspecified - INTERNAL),dataflow.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,dataflow.jobs.get,True,True,service_roles (Unspecified - INTERNAL),dataflow.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.componentStatuses.list,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,deploymentmanager.types.get,True,True,service_roles (Unspecified - INTERNAL),deploymentmanager.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.certificateSigningRequests.list,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,logging.exclusions.get,True,True,service_roles (Unspecified - INTERNAL),logging.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,deploymentmanager.typeProviders.list,True,True,service_roles (Unspecified - INTERNAL),deploymentmanager.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.cronJobs.list,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,compute.httpHealthChecks.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,logging.logMetrics.list,True,True,service_roles (Unspecified - INTERNAL),logging.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,logging.exclusions.list,True,True,service_roles (Unspecified - INTERNAL),logging.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,cloudkms.cryptoKeys.get,True,True,service_roles (Unspecified - INTERNAL),cloudkms.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectReader,container.scheduledJobs.list,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectWriter,resourcemanager.projects.get,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectWriter,resourcemanager.projects.undelete,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectWriter,resourcemanager.projects.setIamPolicy,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.googleAdminProjectWriter,resourcemanager.projects.getIamPolicy,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.inceptionProjectPolicyUpdater,resourcemanager.projects.setIamPolicy,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.inceptionProjectPolicyUpdater,resourcemanager.projects.getIamPolicy,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.internalOrganizationLifecycleManager,resourcemanager.organizations.undelete,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.internalOrganizationLifecycleManager,resourcemanager.organizations.delete,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.lienModifier,resourcemanager.projects.updateLiens,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.organizationAdmin,resourcemanager.projects.list,True,True,cloudresourcemanager.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.organizationAdmin,resourcemanager.projects.get,True,True,cloudresourcemanager.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.organizationAdmin,resourcemanager.organizations.setIamPolicy,True,True,cloudresourcemanager.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.organizationAdmin,resourcemanager.folders.setIamPolicy,True,True,cloudresourcemanager.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.organizationAdmin,resourcemanager.organizations.get,True,True,cloudresourcemanager.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.organizationAdmin,orgpolicy.policy.get,True,True,cloudresourcemanager.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.organizationAdmin,resourcemanager.projects.setIamPolicy,True,True,cloudresourcemanager.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.organizationAdmin,resourcemanager.folders.list,True,True,cloudresourcemanager.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.organizationAdmin,resourcemanager.organizations.getIamPolicy,True,True,cloudresourcemanager.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.organizationAdmin,resourcemanager.projectInvites.get,True,True,cloudresourcemanager.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.organizationAdmin,resourcemanager.projects.getIamPolicy,True,True,cloudresourcemanager.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.organizationAdmin,resourcemanager.folders.getIamPolicy,True,True,cloudresourcemanager.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.organizationAdmin,resourcemanager.folders.get,True,True,cloudresourcemanager.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.organizationAdmin,resourcemanager.organizations.update,True,True,cloudresourcemanager.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.organizationReader,resourcemanager.organizations.get,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.organizationViewer,resourcemanager.organizations.get,True,True,cloudresourcemanager.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.projectCreator,resourcemanager.organizations.get,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.projectCreator,resourcemanager.projects.create,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.projectDeleter,resourcemanager.projects.delete,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.projectDetailsReader,resourcemanager.projects.get,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.superUser,resourcemanager.folders.delete,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.superUser,resourcemanager.projects.list,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.superUser,resourcemanager.flexResourceAdmin.moveInstance,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.superUser,resourcemanager.projects.move,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.superUser,resourcemanager.projects.update,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.superUser,resourcemanager.projects.get,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.superUser,resourcemanager.organizations.undelete,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.superUser,resourcemanager.organizations.setIamPolicy,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.superUser,resourcemanager.folders.setIamPolicy,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.superUser,resourcemanager.folders.update,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.superUser,resourcemanager.organizations.get,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.superUser,resourcemanager.projects.updateLiens,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.superUser,resourcemanager.projects.create,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.superUser,resourcemanager.folders.undelete,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.superUser,resourcemanager.projects.undelete,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.superUser,resourcemanager.projects.createBillingAssignment,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.superUser,resourcemanager.projects.setIamPolicy,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.superUser,resourcemanager.flexResourceAdmin.getIamPolicy,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.superUser,resourcemanager.folders.list,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.superUser,resourcemanager.flexResourceAdmin.undeleteInstance,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.superUser,resourcemanager.flexResourceAdmin.setIamPolicy,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.superUser,resourcemanager.organizations.getIamPolicy,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.superUser,resourcemanager.organizations.delete,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.superUser,resourcemanager.projectInvites.get,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.superUser,resourcemanager.flexResourceAdmin.deleteInstance,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.superUser,resourcemanager.projectInvites.acceptProjectOwnership,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.superUser,resourcemanager.projects.getIamPolicy,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.superUser,resourcemanager.folders.create,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.superUser,resourcemanager.folders.getIamPolicy,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.superUser,resourcemanager.flexResourceAdmin.getInstance,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.superUser,resourcemanager.folders.get,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.superUser,resourcemanager.projects.deleteBillingAssignment,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.superUser,resourcemanager.organizations.update,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.superUser,resourcemanager.folders.move,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.superUser,resourcemanager.flexResourceAdmin.updateInstance,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.superUser,resourcemanager.flexResourceAdmin.createInstance,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -resourcemanager.superUser,resourcemanager.projects.delete,True,True,service_roles (Unspecified - INTERNAL),cloudresourcemanager.googleapis.com (GA - PUBLIC) -servicemanagement.apiKeysReader,serviceusage.apiKeys.list,True,True,service_roles (Unspecified - INTERNAL),serviceusage.googleapis.com (BETA - INTERNAL) -servicemanagement.apiKeysReader,serviceusage.apiKeys.getProjectForKey,True,True,service_roles (Unspecified - INTERNAL),serviceusage.googleapis.com (BETA - INTERNAL) -servicemanagement.apiKeysReader,serviceusage.apiKeys.get,True,True,service_roles (Unspecified - INTERNAL),serviceusage.googleapis.com (BETA - INTERNAL) -servicemanagement.projectSettingsReader,serviceusage.services.get,True,True,service_roles (Unspecified - INTERNAL),serviceusage.googleapis.com (BETA - INTERNAL) -servicemanagement.projectSettingsReader,serviceusage.quotas.get,True,True,service_roles (Unspecified - INTERNAL),serviceusage.googleapis.com (BETA - INTERNAL) -servicemanagement.projectSettingsReader,serviceusage.services.list,True,True,service_roles (Unspecified - INTERNAL),serviceusage.googleapis.com (BETA - INTERNAL) -servicemanagement.quotaAdmin,resourcemanager.projects.list,True,True,servicemanagement.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -servicemanagement.quotaAdmin,servicemanagement.consumerSettings.getIamPolicy,True,True,servicemanagement.googleapis.com (GA - PUBLIC),servicemanagement.googleapis.com (GA - PUBLIC) -servicemanagement.quotaAdmin,resourcemanager.projects.get,True,True,servicemanagement.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -servicemanagement.quotaAdmin,servicemanagement.consumerSettings.update,True,True,servicemanagement.googleapis.com (GA - PUBLIC),servicemanagement.googleapis.com (GA - PUBLIC) -servicemanagement.quotaAdmin,resourcemanager.organizations.get,True,True,servicemanagement.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -servicemanagement.quotaAdmin,serviceusage.services.get,True,True,servicemanagement.googleapis.com (GA - PUBLIC),serviceusage.googleapis.com (BETA - INTERNAL) -servicemanagement.quotaAdmin,servicemanagement.consumerSettings.list,True,True,servicemanagement.googleapis.com (GA - PUBLIC),servicemanagement.googleapis.com (GA - PUBLIC) -servicemanagement.quotaAdmin,serviceusage.services.disable,True,True,servicemanagement.googleapis.com (GA - PUBLIC),serviceusage.googleapis.com (BETA - INTERNAL) -servicemanagement.quotaAdmin,serviceusage.quotas.get,True,True,servicemanagement.googleapis.com (GA - PUBLIC),serviceusage.googleapis.com (BETA - INTERNAL) -servicemanagement.quotaAdmin,servicemanagement.consumerSettings.setIamPolicy,True,True,servicemanagement.googleapis.com (GA - PUBLIC),servicemanagement.googleapis.com (GA - PUBLIC) -servicemanagement.quotaAdmin,serviceusage.services.enable,True,True,servicemanagement.googleapis.com (GA - PUBLIC),serviceusage.googleapis.com (BETA - INTERNAL) -servicemanagement.quotaAdmin,serviceusage.services.list,True,True,servicemanagement.googleapis.com (GA - PUBLIC),serviceusage.googleapis.com (BETA - INTERNAL) -servicemanagement.quotaAdmin,servicemanagement.consumerSettings.get,True,True,servicemanagement.googleapis.com (GA - PUBLIC),servicemanagement.googleapis.com (GA - PUBLIC) -servicemanagement.quotaAdmin,serviceusage.quotas.update,True,True,servicemanagement.googleapis.com (GA - PUBLIC),serviceusage.googleapis.com (BETA - INTERNAL) -servicemanagement.quotaViewer,servicemanagement.consumerSettings.getIamPolicy,True,True,servicemanagement.googleapis.com (GA - PUBLIC),servicemanagement.googleapis.com (GA - PUBLIC) -servicemanagement.quotaViewer,serviceusage.services.get,True,True,servicemanagement.googleapis.com (GA - PUBLIC),serviceusage.googleapis.com (BETA - INTERNAL) -servicemanagement.quotaViewer,servicemanagement.consumerSettings.list,True,True,servicemanagement.googleapis.com (GA - PUBLIC),servicemanagement.googleapis.com (GA - PUBLIC) -servicemanagement.quotaViewer,serviceusage.quotas.get,True,True,servicemanagement.googleapis.com (GA - PUBLIC),serviceusage.googleapis.com (BETA - INTERNAL) -servicemanagement.quotaViewer,serviceusage.services.list,True,True,servicemanagement.googleapis.com (GA - PUBLIC),serviceusage.googleapis.com (BETA - INTERNAL) -servicemanagement.quotaViewer,servicemanagement.consumerSettings.get,True,True,servicemanagement.googleapis.com (GA - PUBLIC),servicemanagement.googleapis.com (GA - PUBLIC) -servicemanagement.rootServiceReader,servicemanagement.services.get,True,True,service_roles (Unspecified - INTERNAL),servicemanagement.googleapis.com (GA - PUBLIC) -servicemanagement.rootServiceReader,servicemanagement.services.list,True,True,service_roles (Unspecified - INTERNAL),servicemanagement.googleapis.com (GA - PUBLIC) -servicemanagement.serviceConsumer,servicemanagement.services.bind,True,True,servicemanagement.googleapis.com (GA - PUBLIC),servicemanagement.googleapis.com (GA - PUBLIC) -servicemanagement.serviceController,servicemanagement.services.get,True,True,service_roles (Unspecified - INTERNAL),servicemanagement.googleapis.com (GA - PUBLIC) -servicemanagement.serviceController,servicemanagement.services.report,True,True,service_roles (Unspecified - INTERNAL),servicemanagement.googleapis.com (GA - PUBLIC) -servicemanagement.serviceController,servicemanagement.services.check,True,True,service_roles (Unspecified - INTERNAL),servicemanagement.googleapis.com (GA - PUBLIC) -serviceusage.apiKeysReader,serviceusage.apiKeys.list,True,True,service_roles (Unspecified - INTERNAL),serviceusage.googleapis.com (BETA - INTERNAL) -serviceusage.apiKeysReader,serviceusage.apiKeys.getProjectForKey,True,True,service_roles (Unspecified - INTERNAL),serviceusage.googleapis.com (BETA - INTERNAL) -serviceusage.apiKeysReader,serviceusage.apiKeys.get,True,True,service_roles (Unspecified - INTERNAL),serviceusage.googleapis.com (BETA - INTERNAL) -serviceusage.enablementReader,serviceusage.services.get,True,True,service_roles (Unspecified - INTERNAL),serviceusage.googleapis.com (BETA - INTERNAL) -serviceusage.enablementReader,serviceusage.services.list,True,True,service_roles (Unspecified - INTERNAL),serviceusage.googleapis.com (BETA - INTERNAL) -serviceusage.quotaReader,serviceusage.quotas.get,True,True,service_roles (Unspecified - INTERNAL),serviceusage.googleapis.com (BETA - INTERNAL) -source.admin,source.repos.delete,True,True,sourcerepo.googleapis.com (GA - PUBLIC),sourcerepo.googleapis.com (GA - PUBLIC) -source.admin,source.repos.create,True,True,sourcerepo.googleapis.com (GA - PUBLIC),sourcerepo.googleapis.com (GA - PUBLIC) -source.admin,source.repos.setIamPolicy,True,True,sourcerepo.googleapis.com (GA - PUBLIC),sourcerepo.googleapis.com (GA - PUBLIC) -source.admin,source.repos.get,True,True,sourcerepo.googleapis.com (GA - PUBLIC),sourcerepo.googleapis.com (GA - PUBLIC) -source.admin,source.repos.getIamPolicy,True,True,sourcerepo.googleapis.com (GA - PUBLIC),sourcerepo.googleapis.com (GA - PUBLIC) -source.admin,source.repos.list,True,True,sourcerepo.googleapis.com (GA - PUBLIC),sourcerepo.googleapis.com (GA - PUBLIC) -source.admin,source.repos.update,True,True,sourcerepo.googleapis.com (GA - PUBLIC),sourcerepo.googleapis.com (GA - PUBLIC) -source.reader,source.repos.get,True,True,sourcerepo.googleapis.com (GA - PUBLIC),sourcerepo.googleapis.com (GA - PUBLIC) -source.reader,source.repos.list,True,True,sourcerepo.googleapis.com (GA - PUBLIC),sourcerepo.googleapis.com (GA - PUBLIC) -source.writer,source.repos.get,True,True,sourcerepo.googleapis.com (GA - PUBLIC),sourcerepo.googleapis.com (GA - PUBLIC) -source.writer,source.repos.list,True,True,sourcerepo.googleapis.com (GA - PUBLIC),sourcerepo.googleapis.com (GA - PUBLIC) -source.writer,source.repos.update,True,True,sourcerepo.googleapis.com (GA - PUBLIC),sourcerepo.googleapis.com (GA - PUBLIC) -spanner.admin,spanner.databases.updateDdl,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.admin,spanner.databases.read,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.admin,spanner.databases.create,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.admin,spanner.databases.list,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.admin,spanner.databaseOperations.list,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.admin,resourcemanager.projects.list,True,True,spanner.googleapis.com (BETA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -spanner.admin,spanner.instanceOperations.delete,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.admin,spanner.databases.get,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.admin,resourcemanager.projects.get,True,True,spanner.googleapis.com (BETA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -spanner.admin,spanner.instances.get,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.admin,spanner.instances.delete,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.admin,spanner.instanceOperations.get,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.admin,spanner.databaseOperations.get,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.admin,spanner.databases.select,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.admin,spanner.databases.setIamPolicy,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.admin,spanner.databases.write,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.admin,spanner.databases.beginReadOnlyTransaction,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.admin,spanner.sessions.delete,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.admin,spanner.instances.list,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.admin,spanner.databases.update,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.admin,spanner.sessions.list,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.admin,spanner.instanceOperations.cancel,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.admin,monitoring.timeSeries.list,True,True,spanner.googleapis.com (BETA - PUBLIC),monitoring.googleapis.com (GA - PUBLIC) -spanner.admin,spanner.instances.getIamPolicy,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.admin,spanner.instances.create,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.admin,spanner.databaseOperations.cancel,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.admin,spanner.databases.getDdl,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.admin,spanner.instances.setIamPolicy,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.admin,spanner.instanceOperations.list,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.admin,spanner.sessions.create,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.admin,spanner.instanceConfigs.list,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.admin,spanner.databaseOperations.delete,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.admin,spanner.databases.drop,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.admin,spanner.databases.beginOrRollbackReadWriteTransaction,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.admin,spanner.sessions.get,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.admin,spanner.databases.getIamPolicy,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.admin,spanner.instanceConfigs.get,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.admin,spanner.instances.update,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.databaseAdmin,spanner.databases.updateDdl,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.databaseAdmin,spanner.databases.read,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.databaseAdmin,spanner.databases.create,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.databaseAdmin,spanner.databases.list,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.databaseAdmin,spanner.databaseOperations.list,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.databaseAdmin,resourcemanager.projects.list,True,True,spanner.googleapis.com (BETA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -spanner.databaseAdmin,spanner.databases.get,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.databaseAdmin,resourcemanager.projects.get,True,True,spanner.googleapis.com (BETA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -spanner.databaseAdmin,spanner.instances.get,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.databaseAdmin,spanner.databaseOperations.get,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.databaseAdmin,spanner.databases.select,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.databaseAdmin,spanner.databases.setIamPolicy,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.databaseAdmin,spanner.databases.write,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.databaseAdmin,spanner.databases.beginReadOnlyTransaction,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.databaseAdmin,spanner.sessions.delete,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.databaseAdmin,spanner.instances.list,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.databaseAdmin,spanner.databases.update,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.databaseAdmin,spanner.sessions.list,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.databaseAdmin,monitoring.timeSeries.list,True,True,spanner.googleapis.com (BETA - PUBLIC),monitoring.googleapis.com (GA - PUBLIC) -spanner.databaseAdmin,spanner.instances.getIamPolicy,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.databaseAdmin,spanner.databaseOperations.cancel,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.databaseAdmin,spanner.databases.getDdl,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.databaseAdmin,spanner.sessions.create,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.databaseAdmin,spanner.databaseOperations.delete,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.databaseAdmin,spanner.databases.drop,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.databaseAdmin,spanner.databases.beginOrRollbackReadWriteTransaction,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.databaseAdmin,spanner.sessions.get,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.databaseAdmin,spanner.databases.getIamPolicy,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.databaseReader,spanner.databases.read,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.databaseReader,spanner.databases.select,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.databaseReader,spanner.databases.beginReadOnlyTransaction,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.databaseReader,spanner.sessions.delete,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.databaseReader,spanner.sessions.list,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.databaseReader,spanner.databases.getDdl,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.databaseReader,spanner.sessions.create,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.databaseReader,spanner.sessions.get,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.databaseUser,spanner.databases.updateDdl,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.databaseUser,spanner.databases.read,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.databaseUser,spanner.databaseOperations.list,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.databaseUser,spanner.databaseOperations.get,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.databaseUser,spanner.databases.select,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.databaseUser,spanner.databases.write,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.databaseUser,spanner.databases.beginReadOnlyTransaction,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.databaseUser,spanner.sessions.delete,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.databaseUser,spanner.sessions.list,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.databaseUser,spanner.databaseOperations.cancel,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.databaseUser,spanner.databases.getDdl,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.databaseUser,spanner.sessions.create,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.databaseUser,spanner.databaseOperations.delete,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.databaseUser,spanner.databases.beginOrRollbackReadWriteTransaction,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.databaseUser,spanner.sessions.get,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.viewer,spanner.databases.list,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.viewer,resourcemanager.projects.list,True,True,spanner.googleapis.com (BETA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -spanner.viewer,resourcemanager.projects.get,True,True,spanner.googleapis.com (BETA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -spanner.viewer,spanner.instances.get,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.viewer,spanner.instances.list,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.viewer,monitoring.timeSeries.list,True,True,spanner.googleapis.com (BETA - PUBLIC),monitoring.googleapis.com (GA - PUBLIC) -spanner.viewer,spanner.instanceConfigs.list,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -spanner.viewer,spanner.instanceConfigs.get,True,True,spanner.googleapis.com (BETA - PUBLIC),spanner.googleapis.com (BETA - PUBLIC) -stackdriver.monitoringDataAccess,container.services.list,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,monitoring.monitoredResourceDescriptors.list,True,True,service_roles (Unspecified - INTERNAL),monitoring.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,compute.subnetworks.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,compute.addresses.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,container.namespaces.list,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,compute.targetSslProxies.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,compute.diskTypes.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,spanner.databases.list,True,True,service_roles (Unspecified - INTERNAL),spanner.googleapis.com (BETA - PUBLIC) -stackdriver.monitoringDataAccess,compute.instanceGroups.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,compute.healthChecks.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,compute.targetInstances.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,compute.backendBuckets.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,bigquery.tables.list,True,True,service_roles (Unspecified - INTERNAL),bigquery.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,compute.firewalls.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,spanner.databases.get,True,True,service_roles (Unspecified - INTERNAL),spanner.googleapis.com (BETA - PUBLIC) -stackdriver.monitoringDataAccess,compute.routes.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,compute.httpsHealthChecks.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,compute.globalOperations.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,compute.machineTypes.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,compute.routes.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,pubsub.topics.get,True,True,service_roles (Unspecified - INTERNAL),pubsub.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,spanner.instances.get,True,True,service_roles (Unspecified - INTERNAL),spanner.googleapis.com (BETA - PUBLIC) -stackdriver.monitoringDataAccess,compute.routers.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,container.namespaces.get,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,compute.licenses.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,compute.licenses.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,cloudsql.instances.list,True,True,service_roles (Unspecified - INTERNAL),cloudsql.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,compute.forwardingRules.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,container.events.get,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,compute.networks.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,compute.targetVpnGateways.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,bigquery.tables.get,True,True,service_roles (Unspecified - INTERNAL),bigquery.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,compute.images.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,compute.addresses.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,dataflow.jobs.list,True,True,service_roles (Unspecified - INTERNAL),dataflow.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,appengine.versions.get,True,True,service_roles (Unspecified - INTERNAL),appengine.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,pubsub.topics.list,True,True,service_roles (Unspecified - INTERNAL),pubsub.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,cloudsql.databases.get,True,True,service_roles (Unspecified - INTERNAL),cloudsql.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,appengine.services.get,True,True,service_roles (Unspecified - INTERNAL),appengine.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,appengine.operations.get,True,True,service_roles (Unspecified - INTERNAL),appengine.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,compute.targetPools.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,compute.snapshots.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,compute.targetSslProxies.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,compute.instances.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,compute.zoneOperations.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,monitoring.metricDescriptors.list,True,True,service_roles (Unspecified - INTERNAL),monitoring.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,compute.globalForwardingRules.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,container.events.list,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,compute.regions.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,compute.snapshots.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,appengine.applications.list,True,True,service_roles (Unspecified - INTERNAL),appengine.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,compute.images.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,compute.projects.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,compute.targetHttpProxies.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,compute.regionOperations.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,container.nodes.list,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,spanner.instances.list,True,True,service_roles (Unspecified - INTERNAL),spanner.googleapis.com (BETA - PUBLIC) -stackdriver.monitoringDataAccess,container.pods.get,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,appengine.instances.get,True,True,service_roles (Unspecified - INTERNAL),appengine.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,container.pods.list,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,compute.httpHealthChecks.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,compute.targetInstances.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,container.services.get,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,container.nodes.get,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,compute.healthChecks.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,compute.machineTypes.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,compute.urlMaps.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,storage.buckets.list,True,True,service_roles (Unspecified - INTERNAL),storage.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,monitoring.timeSeries.list,True,True,service_roles (Unspecified - INTERNAL),monitoring.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,pubsub.subscriptions.get,True,True,service_roles (Unspecified - INTERNAL),pubsub.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,compute.targetHttpsProxies.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,appengine.instances.list,True,True,service_roles (Unspecified - INTERNAL),appengine.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,compute.httpsHealthChecks.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,compute.subnetworks.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,container.clusters.list,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,stackdriver.awsElbLoadBalancer.get,True,True,service_roles (Unspecified - INTERNAL),stackdriver.googleapis.com (GA - INTERNAL) -stackdriver.monitoringDataAccess,compute.firewalls.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,compute.backendServices.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,bigquery.jobs.get,True,True,service_roles (Unspecified - INTERNAL),bigquery.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,compute.globalForwardingRules.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,compute.disks.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,compute.sslCertificates.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,compute.zones.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,compute.targetHttpProxies.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,compute.targetHttpsProxies.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,compute.zoneOperations.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,compute.instanceTemplates.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,bigquery.datasets.list,True,True,service_roles (Unspecified - INTERNAL),bigquery.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,cloudsql.databases.list,True,True,service_roles (Unspecified - INTERNAL),cloudsql.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,compute.autoscalers.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,compute.routers.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,compute.instances.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,stackdriver.projects.get,True,True,service_roles (Unspecified - INTERNAL),stackdriver.googleapis.com (GA - INTERNAL) -stackdriver.monitoringDataAccess,stackdriver.awsElbLoadBalancer.list,True,True,service_roles (Unspecified - INTERNAL),stackdriver.googleapis.com (GA - INTERNAL) -stackdriver.monitoringDataAccess,bigquery.datasets.get,True,True,service_roles (Unspecified - INTERNAL),bigquery.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,compute.globalAddresses.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,compute.regions.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,compute.instanceGroupManagers.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,appengine.applications.get,True,True,service_roles (Unspecified - INTERNAL),appengine.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,compute.vpnTunnels.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,cloudnotifications.activities.list,True,True,service_roles (Unspecified - INTERNAL),cloudnotifications.googleapis.com (BETA - INTERNAL) -stackdriver.monitoringDataAccess,pubsub.subscriptions.list,True,True,service_roles (Unspecified - INTERNAL),pubsub.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,compute.backendBuckets.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,compute.globalOperations.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,appengine.operations.list,True,True,service_roles (Unspecified - INTERNAL),appengine.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,compute.instanceGroups.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,spanner.instanceConfigs.list,True,True,service_roles (Unspecified - INTERNAL),spanner.googleapis.com (BETA - PUBLIC) -stackdriver.monitoringDataAccess,compute.sslCertificates.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,compute.disks.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,compute.forwardingRules.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,compute.diskTypes.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,appengine.services.list,True,True,service_roles (Unspecified - INTERNAL),appengine.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,stackdriver.awsEc2Instance.list,True,True,service_roles (Unspecified - INTERNAL),stackdriver.googleapis.com (GA - INTERNAL) -stackdriver.monitoringDataAccess,compute.globalAddresses.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,compute.vpnTunnels.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,appengine.versions.list,True,True,service_roles (Unspecified - INTERNAL),appengine.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,container.clusters.get,True,True,service_roles (Unspecified - INTERNAL),container.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,monitoring.monitoredResourceDescriptors.get,True,True,service_roles (Unspecified - INTERNAL),monitoring.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,compute.regionOperations.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,compute.urlMaps.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,compute.autoscalers.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,cloudsql.instances.get,True,True,service_roles (Unspecified - INTERNAL),cloudsql.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,compute.networks.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,compute.backendServices.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,compute.targetVpnGateways.list,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,stackdriver.awsEc2Instance.get,True,True,service_roles (Unspecified - INTERNAL),stackdriver.googleapis.com (GA - INTERNAL) -stackdriver.monitoringDataAccess,compute.targetPools.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,bigquery.jobs.list,True,True,service_roles (Unspecified - INTERNAL),bigquery.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,monitoring.metricDescriptors.get,True,True,service_roles (Unspecified - INTERNAL),monitoring.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,spanner.instanceConfigs.get,True,True,service_roles (Unspecified - INTERNAL),spanner.googleapis.com (BETA - PUBLIC) -stackdriver.monitoringDataAccess,compute.zones.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,dataflow.jobs.get,True,True,service_roles (Unspecified - INTERNAL),dataflow.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,storage.objects.list,True,True,service_roles (Unspecified - INTERNAL),storage.googleapis.com (GA - PUBLIC) -stackdriver.monitoringDataAccess,compute.httpHealthChecks.get,True,True,service_roles (Unspecified - INTERNAL),compute.googleapis.com (GA - PUBLIC) -storage.admin,resourcemanager.projects.list,True,True,storage.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -storage.admin,storage.objects.getIamPolicy,True,True,storage.googleapis.com (GA - PUBLIC),storage.googleapis.com (GA - PUBLIC) -storage.admin,resourcemanager.projects.get,True,True,storage.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -storage.admin,storage.objects.setIamPolicy,True,True,storage.googleapis.com (GA - PUBLIC),storage.googleapis.com (GA - PUBLIC) -storage.admin,storage.objects.get,True,True,storage.googleapis.com (GA - PUBLIC),storage.googleapis.com (GA - PUBLIC) -storage.admin,storage.buckets.setIamPolicy,True,True,storage.googleapis.com (GA - PUBLIC),storage.googleapis.com (GA - PUBLIC) -storage.admin,storage.objects.update,True,True,storage.googleapis.com (GA - PUBLIC),storage.googleapis.com (GA - PUBLIC) -storage.admin,storage.buckets.list,True,True,storage.googleapis.com (GA - PUBLIC),storage.googleapis.com (GA - PUBLIC) -storage.admin,storage.objects.delete,True,True,storage.googleapis.com (GA - PUBLIC),storage.googleapis.com (GA - PUBLIC) -storage.admin,storage.buckets.get,True,True,storage.googleapis.com (GA - PUBLIC),storage.googleapis.com (GA - PUBLIC) -storage.admin,storage.buckets.create,True,True,storage.googleapis.com (GA - PUBLIC),storage.googleapis.com (GA - PUBLIC) -storage.admin,storage.buckets.getIamPolicy,True,True,storage.googleapis.com (GA - PUBLIC),storage.googleapis.com (GA - PUBLIC) -storage.admin,storage.buckets.update,True,True,storage.googleapis.com (GA - PUBLIC),storage.googleapis.com (GA - PUBLIC) -storage.admin,storage.objects.create,True,True,storage.googleapis.com (GA - PUBLIC),storage.googleapis.com (GA - PUBLIC) -storage.admin,storage.objects.list,True,True,storage.googleapis.com (GA - PUBLIC),storage.googleapis.com (GA - PUBLIC) -storage.admin,storage.buckets.delete,True,True,storage.googleapis.com (GA - PUBLIC),storage.googleapis.com (GA - PUBLIC) -storage.bucketMetadataReader,storage.buckets.get,True,True,service_roles (Unspecified - INTERNAL),storage.googleapis.com (GA - PUBLIC) -storage.legacyBucketOwner,storage.buckets.setIamPolicy,True,True,storage.googleapis.com (GA - PUBLIC),storage.googleapis.com (GA - PUBLIC) -storage.legacyBucketOwner,storage.objects.delete,True,True,storage.googleapis.com (GA - PUBLIC),storage.googleapis.com (GA - PUBLIC) -storage.legacyBucketOwner,storage.buckets.get,True,True,storage.googleapis.com (GA - PUBLIC),storage.googleapis.com (GA - PUBLIC) -storage.legacyBucketOwner,storage.buckets.getIamPolicy,True,True,storage.googleapis.com (GA - PUBLIC),storage.googleapis.com (GA - PUBLIC) -storage.legacyBucketOwner,storage.buckets.update,True,True,storage.googleapis.com (GA - PUBLIC),storage.googleapis.com (GA - PUBLIC) -storage.legacyBucketOwner,storage.objects.create,True,True,storage.googleapis.com (GA - PUBLIC),storage.googleapis.com (GA - PUBLIC) -storage.legacyBucketOwner,storage.objects.list,True,True,storage.googleapis.com (GA - PUBLIC),storage.googleapis.com (GA - PUBLIC) -storage.legacyBucketReader,storage.buckets.get,True,True,storage.googleapis.com (GA - PUBLIC),storage.googleapis.com (GA - PUBLIC) -storage.legacyBucketReader,storage.objects.list,True,True,storage.googleapis.com (GA - PUBLIC),storage.googleapis.com (GA - PUBLIC) -storage.legacyBucketWriter,storage.objects.delete,True,True,storage.googleapis.com (GA - PUBLIC),storage.googleapis.com (GA - PUBLIC) -storage.legacyBucketWriter,storage.buckets.get,True,True,storage.googleapis.com (GA - PUBLIC),storage.googleapis.com (GA - PUBLIC) -storage.legacyBucketWriter,storage.objects.create,True,True,storage.googleapis.com (GA - PUBLIC),storage.googleapis.com (GA - PUBLIC) -storage.legacyBucketWriter,storage.objects.list,True,True,storage.googleapis.com (GA - PUBLIC),storage.googleapis.com (GA - PUBLIC) -storage.legacyObjectOwner,storage.objects.getIamPolicy,True,True,storage.googleapis.com (GA - PUBLIC),storage.googleapis.com (GA - PUBLIC) -storage.legacyObjectOwner,storage.objects.setIamPolicy,True,True,storage.googleapis.com (GA - PUBLIC),storage.googleapis.com (GA - PUBLIC) -storage.legacyObjectOwner,storage.objects.get,True,True,storage.googleapis.com (GA - PUBLIC),storage.googleapis.com (GA - PUBLIC) -storage.legacyObjectOwner,storage.objects.update,True,True,storage.googleapis.com (GA - PUBLIC),storage.googleapis.com (GA - PUBLIC) -storage.legacyObjectReader,storage.objects.get,True,True,storage.googleapis.com (GA - PUBLIC),storage.googleapis.com (GA - PUBLIC) -storage.objectAdmin,resourcemanager.projects.list,True,True,storage.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -storage.objectAdmin,resourcemanager.projects.get,True,True,storage.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -storage.objectCreator,resourcemanager.projects.list,True,True,storage.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -storage.objectCreator,resourcemanager.projects.get,True,True,storage.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -storage.objectCreator,storage.objects.create,True,True,storage.googleapis.com (GA - PUBLIC),storage.googleapis.com (GA - PUBLIC) -storage.objectViewer,resourcemanager.projects.list,True,True,storage.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -storage.objectViewer,resourcemanager.projects.get,True,True,storage.googleapis.com (GA - PUBLIC),cloudresourcemanager.googleapis.com (GA - PUBLIC) -storage.objectViewer,storage.objects.get,True,True,storage.googleapis.com (GA - PUBLIC),storage.googleapis.com (GA - PUBLIC) -storage.objectViewer,storage.objects.list,True,True,storage.googleapis.com (GA - PUBLIC),storage.googleapis.com (GA - PUBLIC) -workflow.performer,workflow.taskInstances.complete,True,True,workflow.googleapis.com (GA - INTERNAL),workflow.googleapis.com (GA - INTERNAL) -workflow.performer,workflow.taskInstances.get,True,True,workflow.googleapis.com (GA - INTERNAL),workflow.googleapis.com (GA - INTERNAL) -workflow.performer,workflow.taskInstances.update,True,True,workflow.googleapis.com (GA - INTERNAL),workflow.googleapis.com (GA - INTERNAL) -editor,appengine.applications.update,True,True,N/A,appengine.googleapis.com (GA - PUBLIC) -editor,appengine.instances.delete,True,True,N/A,appengine.googleapis.com (GA - PUBLIC) -editor,appengine.instances.update,True,True,N/A,appengine.googleapis.com (GA - PUBLIC) -editor,appengine.services.delete,True,True,N/A,appengine.googleapis.com (GA - PUBLIC) -editor,appengine.services.create,True,True,N/A,appengine.googleapis.com (GA - PUBLIC) -editor,appengine.services.update,True,True,N/A,appengine.googleapis.com (GA - PUBLIC) -editor,appengine.operations.cancel,True,True,N/A,appengine.googleapis.com (GA - PUBLIC) -editor,appengine.operations.delete,True,True,N/A,appengine.googleapis.com (GA - PUBLIC) -editor,appengine.versions.delete,True,True,N/A,appengine.googleapis.com (GA - PUBLIC) -editor,appengine.versions.create,True,True,N/A,appengine.googleapis.com (GA - PUBLIC) -editor,appengine.versions.update,True,True,N/A,appengine.googleapis.com (GA - PUBLIC) -editor,bigquery.datasets.create,True,True,N/A,bigquery.googleapis.com (GA - PUBLIC) -editor,bigquery.savedqueries.create,True,True,N/A,bigquery.googleapis.com (GA - PUBLIC) -editor,bigquery.savedqueries.delete,True,True,N/A,bigquery.googleapis.com (GA - PUBLIC) -editor,bigquery.savedqueries.update,True,True,N/A,bigquery.googleapis.com (GA - PUBLIC) -editor,bigquery.transfers.update,True,True,N/A,bigquery.googleapis.com (GA - PUBLIC) -editor,clientauthconfig.brands.create,True,True,N/A,clientauthconfig.googleapis.com (BETA - INTERNAL) -editor,clientauthconfig.brands.delete,True,True,N/A,clientauthconfig.googleapis.com (BETA - INTERNAL) -editor,clientauthconfig.brands.update,True,True,N/A,clientauthconfig.googleapis.com (BETA - INTERNAL) -editor,clientauthconfig.clients.create,True,True,N/A,clientauthconfig.googleapis.com (BETA - INTERNAL) -editor,clientauthconfig.clients.createSecret,True,True,N/A,clientauthconfig.googleapis.com (BETA - INTERNAL) -editor,clientauthconfig.clients.delete,True,True,N/A,clientauthconfig.googleapis.com (BETA - INTERNAL) -editor,clientauthconfig.clients.getWithSecret,True,True,N/A,clientauthconfig.googleapis.com (BETA - INTERNAL) -editor,clientauthconfig.clients.listWithSecrets,True,True,N/A,clientauthconfig.googleapis.com (BETA - INTERNAL) -editor,clientauthconfig.clients.undelete,True,True,N/A,clientauthconfig.googleapis.com (BETA - INTERNAL) -editor,clientauthconfig.clients.update,True,True,N/A,clientauthconfig.googleapis.com (BETA - INTERNAL) -editor,cloudbuild.builds.create,True,True,N/A,cloudbuild.googleapis.com (GA - PUBLIC) -editor,cloudbuild.builds.update,True,True,N/A,cloudbuild.googleapis.com (GA - PUBLIC) -editor,clouddebugger.debuggees.create,True,True,N/A,clouddebugger.googleapis.com (BETA - PUBLIC) -editor,clouddebugger.debuggees.list,True,True,N/A,clouddebugger.googleapis.com (BETA - PUBLIC) -editor,clouddebugger.breakpoints.create,True,True,N/A,clouddebugger.googleapis.com (BETA - PUBLIC) -editor,clouddebugger.breakpoints.delete,True,True,N/A,clouddebugger.googleapis.com (BETA - PUBLIC) -editor,clouddebugger.breakpoints.get,True,True,N/A,clouddebugger.googleapis.com (BETA - PUBLIC) -editor,clouddebugger.breakpoints.list,True,True,N/A,clouddebugger.googleapis.com (BETA - PUBLIC) -editor,clouddebugger.breakpoints.listActive,True,True,N/A,clouddebugger.googleapis.com (BETA - PUBLIC) -editor,clouddebugger.breakpoints.update,True,True,N/A,clouddebugger.googleapis.com (BETA - PUBLIC) -editor,cloudiot.registries.delete,True,True,N/A,cloudiot.googleapis.com (BETA - INTERNAL) -editor,cloudiot.registries.create,True,True,N/A,cloudiot.googleapis.com (BETA - INTERNAL) -editor,cloudiot.registries.update,True,True,N/A,cloudiot.googleapis.com (BETA - INTERNAL) -editor,cloudiot.devices.delete,True,True,N/A,cloudiot.googleapis.com (BETA - INTERNAL) -editor,cloudiot.devices.create,True,True,N/A,cloudiot.googleapis.com (BETA - INTERNAL) -editor,cloudiot.devices.update,True,True,N/A,cloudiot.googleapis.com (BETA - INTERNAL) -editor,cloudiot.devices.updateConfig,True,True,N/A,cloudiot.googleapis.com (BETA - INTERNAL) -editor,cloudkms.keyRings.create,True,True,N/A,cloudkms.googleapis.com (GA - PUBLIC) -editor,cloudkms.keyRings.update,True,True,N/A,cloudkms.googleapis.com (GA - PUBLIC) -editor,cloudkms.cryptoKeys.create,True,True,N/A,cloudkms.googleapis.com (GA - PUBLIC) -editor,cloudkms.cryptoKeys.update,True,True,N/A,cloudkms.googleapis.com (GA - PUBLIC) -editor,cloudkms.cryptoKeyVersions.create,True,True,N/A,cloudkms.googleapis.com (GA - PUBLIC) -editor,cloudkms.cryptoKeyVersions.update,True,True,N/A,cloudkms.googleapis.com (GA - PUBLIC) -editor,cloudsql.backupRuns.create,True,True,N/A,cloudsql.googleapis.com (GA - PUBLIC) -editor,cloudsql.backupRuns.delete,True,True,N/A,cloudsql.googleapis.com (GA - PUBLIC) -editor,cloudsql.databases.create,True,True,N/A,cloudsql.googleapis.com (GA - PUBLIC) -editor,cloudsql.databases.delete,True,True,N/A,cloudsql.googleapis.com (GA - PUBLIC) -editor,cloudsql.databases.update,True,True,N/A,cloudsql.googleapis.com (GA - PUBLIC) -editor,cloudsql.instances.clone,True,True,N/A,cloudsql.googleapis.com (GA - PUBLIC) -editor,cloudsql.instances.connect,True,True,N/A,cloudsql.googleapis.com (GA - PUBLIC) -editor,cloudsql.instances.create,True,True,N/A,cloudsql.googleapis.com (GA - PUBLIC) -editor,cloudsql.instances.delete,True,True,N/A,cloudsql.googleapis.com (GA - PUBLIC) -editor,cloudsql.instances.failover,True,True,N/A,cloudsql.googleapis.com (GA - PUBLIC) -editor,cloudsql.instances.import,True,True,N/A,cloudsql.googleapis.com (GA - PUBLIC) -editor,cloudsql.instances.migrate,True,True,N/A,cloudsql.googleapis.com (GA - PUBLIC) -editor,cloudsql.instances.promoteReplica,True,True,N/A,cloudsql.googleapis.com (GA - PUBLIC) -editor,cloudsql.instances.resetSslConfig,True,True,N/A,cloudsql.googleapis.com (GA - PUBLIC) -editor,cloudsql.instances.restart,True,True,N/A,cloudsql.googleapis.com (GA - PUBLIC) -editor,cloudsql.instances.restoreBackup,True,True,N/A,cloudsql.googleapis.com (GA - PUBLIC) -editor,cloudsql.instances.startReplica,True,True,N/A,cloudsql.googleapis.com (GA - PUBLIC) -editor,cloudsql.instances.stopReplica,True,True,N/A,cloudsql.googleapis.com (GA - PUBLIC) -editor,cloudsql.instances.truncateLog,True,True,N/A,cloudsql.googleapis.com (GA - PUBLIC) -editor,cloudsql.instances.update,True,True,N/A,cloudsql.googleapis.com (GA - PUBLIC) -editor,cloudsql.sslCerts.create,True,True,N/A,cloudsql.googleapis.com (GA - PUBLIC) -editor,cloudsql.sslCerts.delete,True,True,N/A,cloudsql.googleapis.com (GA - PUBLIC) -editor,cloudsql.sslCerts.createEphemeral,True,True,N/A,cloudsql.googleapis.com (GA - PUBLIC) -editor,cloudsql.users.create,True,True,N/A,cloudsql.googleapis.com (GA - PUBLIC) -editor,cloudsql.users.delete,True,True,N/A,cloudsql.googleapis.com (GA - PUBLIC) -editor,cloudsql.users.update,True,True,N/A,cloudsql.googleapis.com (GA - PUBLIC) -editor,cloudtestservice.matrices.create,True,True,N/A,testing.googleapis.com (GA - PUBLIC) -editor,cloudtestservice.matrices.delete,True,True,N/A,testing.googleapis.com (GA - PUBLIC) -editor,cloudtestservice.matrices.update,True,True,N/A,testing.googleapis.com (GA - PUBLIC) -editor,cloudtrace.traces.patch,True,True,N/A,cloudtrace.googleapis.com (GA - PUBLIC) -editor,cloudtrace.tasks.delete,True,True,N/A,cloudtrace.googleapis.com (GA - PUBLIC) -editor,compute.addresses.create,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.addresses.delete,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.addresses.setLabels,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.addresses.use,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.addresses.update,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.globalAddresses.create,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.globalAddresses.delete,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.globalAddresses.setLabels,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.globalAddresses.use,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.globalAddresses.update,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.autoscalers.create,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.autoscalers.delete,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.autoscalers.update,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.backendBuckets.create,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.backendBuckets.delete,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.backendBuckets.update,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.backendBuckets.use,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.backendServices.create,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.backendServices.delete,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.backendServices.update,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.backendServices.use,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.commitments.create,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.disks.create,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.disks.delete,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.disks.resize,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.disks.setLabels,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.disks.update,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.disks.use,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.firewalls.create,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.firewalls.delete,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.firewalls.update,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.forwardingRules.create,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.forwardingRules.delete,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.forwardingRules.setLabels,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.forwardingRules.update,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.globalForwardingRules.create,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.globalForwardingRules.delete,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.globalForwardingRules.setLabels,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.globalForwardingRules.update,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.healthChecks.create,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.healthChecks.delete,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.healthChecks.update,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.healthChecks.use,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.httpHealthChecks.create,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.httpHealthChecks.delete,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.httpHealthChecks.update,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.httpHealthChecks.use,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.httpsHealthChecks.create,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.httpsHealthChecks.delete,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.httpsHealthChecks.update,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.httpsHealthChecks.use,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.images.create,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.images.delete,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.images.deprecate,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.images.setLabels,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.instances.addAccessConfig,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.instances.attachDisk,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.instances.create,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.instances.delete,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.instances.deleteAccessConfig,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.instances.detachDisk,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.instances.reset,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.instances.setDiskAutoDelete,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.instances.setLabels,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.instances.setMachineType,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.instances.setMetadata,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.instances.setScheduling,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.instances.setTags,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.instances.start,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.instances.startWithEncryptionKey,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.instances.stop,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.instances.use,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.instanceGroups.create,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.instanceGroups.delete,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.instanceGroups.update,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.instanceGroups.use,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.instanceGroupManagers.create,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.instanceGroupManagers.delete,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.instanceGroupManagers.update,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.instanceGroupManagers.use,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.instanceTemplates.create,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.instanceTemplates.delete,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.interconnectAttachments.create,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.interconnectAttachments.delete,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.interconnectAttachments.use,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.interconnectAttachments.update,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.interconnects.create,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.interconnects.delete,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.interconnects.update,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.interconnects.use,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.licenses.create,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.networks.addPeering,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.networks.create,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.networks.delete,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.networks.removePeering,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.networks.setCrossVmEncryption,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.networks.setLoadBalancerVmEncryption,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.networks.switchToCustomMode,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.networks.update,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.networks.updatePolicy,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.networks.use,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.networks.useExternalIp,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.globalOperations.delete,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.regionOperations.delete,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.zoneOperations.delete,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.projects.setCommonInstanceMetadata,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.projects.setUsageExportBucket,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.projects.setDefaultServiceAccount,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.routes.create,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.routes.delete,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.snapshots.create,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.snapshots.delete,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.snapshots.setLabels,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.sslCertificates.create,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.sslCertificates.delete,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.sslPolicies.create,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.sslPolicies.delete,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.sslPolicies.use,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.sslPolicies.update,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.subnetworks.create,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.subnetworks.delete,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.subnetworks.update,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.subnetworks.updatePolicy,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.subnetworks.use,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.subnetworks.useExternalIp,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.targetHttpProxies.create,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.targetHttpProxies.delete,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.targetHttpProxies.update,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.targetHttpProxies.use,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.targetHttpsProxies.create,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.targetHttpsProxies.delete,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.targetHttpsProxies.update,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.targetHttpsProxies.use,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.targetInstances.create,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.targetInstances.delete,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.targetInstances.use,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.targetPools.create,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.targetPools.delete,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.targetPools.update,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.targetPools.use,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.targetSslProxies.create,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.targetSslProxies.delete,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.targetSslProxies.update,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.targetSslProxies.use,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.targetVpnGateways.create,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.targetVpnGateways.delete,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.targetVpnGateways.use,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.urlMaps.create,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.urlMaps.delete,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.urlMaps.update,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.urlMaps.use,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.vpnTunnels.create,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.vpnTunnels.delete,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.vpnTunnels.setLabels,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.vpnTunnels.update,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.routers.create,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.routers.delete,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.routers.update,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,compute.routers.use,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -editor,container.clusters.create,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.clusters.delete,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.clusters.update,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.clusters.getCredentials,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.namespaces.create,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.namespaces.delete,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.namespaces.update,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.namespaces.updateStatus,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.bindings.create,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.bindings.update,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.bindings.delete,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.certificateSigningRequests.create,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.certificateSigningRequests.delete,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.certificateSigningRequests.update,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.certificateSigningRequests.updateStatus,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.configMaps.create,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.configMaps.delete,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.configMaps.update,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.cronJobs.create,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.cronJobs.delete,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.cronJobs.update,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.cronJobs.updateStatus,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.daemonSets.create,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.daemonSets.delete,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.daemonSets.update,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.daemonSets.updateStatus,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.deployments.create,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.deployments.delete,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.deployments.update,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.deployments.rollback,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.deployments.updateStatus,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.endpoints.create,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.endpoints.delete,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.endpoints.update,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.events.create,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.events.delete,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.events.update,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.horizontalPodAutoscalers.create,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.horizontalPodAutoscalers.delete,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.horizontalPodAutoscalers.update,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.horizontalPodAutoscalers.updateStatus,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.ingresses.create,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.ingresses.delete,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.ingresses.update,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.ingresses.updateStatus,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.jobs.create,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.jobs.delete,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.jobs.update,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.jobs.updateStatus,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.limitRanges.create,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.limitRanges.delete,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.limitRanges.update,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.networkPolicies.create,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.networkPolicies.delete,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.networkPolicies.update,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.nodes.create,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.nodes.delete,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.nodes.update,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.nodes.updateStatus,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.nodes.proxy,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.persistentVolumeClaims.create,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.persistentVolumeClaims.delete,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.persistentVolumeClaims.update,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.persistentVolumeClaims.updateStatus,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.persistentVolumes.create,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.persistentVolumes.delete,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.persistentVolumes.update,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.persistentVolumes.updateStatus,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.petSets.create,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.petSets.delete,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.petSets.update,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.petSets.updateStatus,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.podDisruptionBudgets.create,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.podDisruptionBudgets.delete,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.podDisruptionBudgets.update,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.podDisruptionBudgets.updateStatus,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.pods.create,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.pods.delete,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.pods.update,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.pods.updateStatus,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.pods.attach,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.pods.exec,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.pods.portForward,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.pods.proxy,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.pods.evict,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.podPresets.create,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.podPresets.delete,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.podPresets.update,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.podTemplates.create,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.podTemplates.delete,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.podTemplates.update,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.replicaSets.create,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.replicaSets.delete,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.replicaSets.update,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.replicaSets.updateStatus,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.replicationControllers.create,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.replicationControllers.delete,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.replicationControllers.update,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.replicationControllers.updateStatus,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.resourceQuotas.create,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.resourceQuotas.delete,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.resourceQuotas.update,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.resourceQuotas.updateStatus,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.scheduledJobs.create,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.scheduledJobs.delete,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.scheduledJobs.update,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.scheduledJobs.updateStatus,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.secrets.create,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.secrets.delete,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.secrets.get,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.secrets.list,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.secrets.update,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.serviceAccounts.create,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.serviceAccounts.delete,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.serviceAccounts.update,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.services.create,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.services.delete,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.services.update,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.services.proxy,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.statefulSets.create,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.statefulSets.delete,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.statefulSets.update,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.statefulSets.updateStatus,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.storageClasses.create,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.storageClasses.delete,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.storageClasses.update,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.thirdPartyResources.create,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.thirdPartyResources.delete,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.thirdPartyResources.update,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.thirdPartyObjects.create,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.thirdPartyObjects.delete,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,container.thirdPartyObjects.update,True,True,N/A,container.googleapis.com (GA - PUBLIC) -editor,dataflow.jobs.create,True,True,N/A,dataflow.googleapis.com (GA - PUBLIC) -editor,dataflow.jobs.cancel,True,True,N/A,dataflow.googleapis.com (GA - PUBLIC) -editor,dataflow.jobs.pause,True,True,N/A,dataflow.googleapis.com (GA - PUBLIC) -editor,dataflow.jobs.resume,True,True,N/A,dataflow.googleapis.com (GA - PUBLIC) -editor,dataflow.jobs.updateContents,True,True,N/A,dataflow.googleapis.com (GA - PUBLIC) -editor,dataprep.projects.use,True,True,N/A,dataprep.googleapis.com (BETA - INTERNAL) -editor,dataproc.clusters.create,True,True,N/A,dataproc.googleapis.com (GA - PUBLIC) -editor,dataproc.clusters.delete,True,True,N/A,dataproc.googleapis.com (GA - PUBLIC) -editor,dataproc.clusters.update,True,True,N/A,dataproc.googleapis.com (GA - PUBLIC) -editor,dataproc.clusters.use,True,True,N/A,dataproc.googleapis.com (GA - PUBLIC) -editor,dataproc.agents.create,True,True,N/A,dataproc.googleapis.com (GA - PUBLIC) -editor,dataproc.agents.update,True,True,N/A,dataproc.googleapis.com (GA - PUBLIC) -editor,dataproc.agents.delete,True,True,N/A,dataproc.googleapis.com (GA - PUBLIC) -editor,dataproc.tasks.lease,True,True,N/A,dataproc.googleapis.com (GA - PUBLIC) -editor,dataproc.tasks.reportStatus,True,True,N/A,dataproc.googleapis.com (GA - PUBLIC) -editor,dataproc.jobs.create,True,True,N/A,dataproc.googleapis.com (GA - PUBLIC) -editor,dataproc.jobs.delete,True,True,N/A,dataproc.googleapis.com (GA - PUBLIC) -editor,dataproc.jobs.update,True,True,N/A,dataproc.googleapis.com (GA - PUBLIC) -editor,dataproc.jobs.cancel,True,True,N/A,dataproc.googleapis.com (GA - PUBLIC) -editor,dataproc.operations.delete,True,True,N/A,dataproc.googleapis.com (GA - PUBLIC) -editor,dataproc.operations.cancel,True,True,N/A,dataproc.googleapis.com (GA - PUBLIC) -editor,datastore.databases.update,True,True,N/A,datastore.googleapis.com (GA - PUBLIC) -editor,datastore.entities.delete,True,True,N/A,datastore.googleapis.com (GA - PUBLIC) -editor,datastore.entities.create,True,True,N/A,datastore.googleapis.com (GA - PUBLIC) -editor,datastore.entities.allocateIds,True,True,N/A,datastore.googleapis.com (GA - PUBLIC) -editor,datastore.entities.update,True,True,N/A,datastore.googleapis.com (GA - PUBLIC) -editor,datastore.indexes.delete,True,True,N/A,datastore.googleapis.com (GA - PUBLIC) -editor,datastore.indexes.create,True,True,N/A,datastore.googleapis.com (GA - PUBLIC) -editor,datastore.indexes.update,True,True,N/A,datastore.googleapis.com (GA - PUBLIC) -editor,deploymentmanager.deployments.cancelPreview,True,True,N/A,deploymentmanager.googleapis.com (GA - PUBLIC) -editor,deploymentmanager.deployments.create,True,True,N/A,deploymentmanager.googleapis.com (GA - PUBLIC) -editor,deploymentmanager.deployments.delete,True,True,N/A,deploymentmanager.googleapis.com (GA - PUBLIC) -editor,deploymentmanager.deployments.stop,True,True,N/A,deploymentmanager.googleapis.com (GA - PUBLIC) -editor,deploymentmanager.deployments.update,True,True,N/A,deploymentmanager.googleapis.com (GA - PUBLIC) -editor,deploymentmanager.types.create,True,True,N/A,deploymentmanager.googleapis.com (GA - PUBLIC) -editor,deploymentmanager.types.delete,True,True,N/A,deploymentmanager.googleapis.com (GA - PUBLIC) -editor,deploymentmanager.types.update,True,True,N/A,deploymentmanager.googleapis.com (GA - PUBLIC) -editor,deploymentmanager.typeProviders.create,True,True,N/A,deploymentmanager.googleapis.com (GA - PUBLIC) -editor,deploymentmanager.typeProviders.delete,True,True,N/A,deploymentmanager.googleapis.com (GA - PUBLIC) -editor,deploymentmanager.typeProviders.update,True,True,N/A,deploymentmanager.googleapis.com (GA - PUBLIC) -editor,deploymentmanager.compositeTypes.create,True,True,N/A,deploymentmanager.googleapis.com (GA - PUBLIC) -editor,deploymentmanager.compositeTypes.delete,True,True,N/A,deploymentmanager.googleapis.com (GA - PUBLIC) -editor,deploymentmanager.compositeTypes.update,True,True,N/A,deploymentmanager.googleapis.com (GA - PUBLIC) -editor,dlp.inspectOperations.cancel,True,True,N/A,dlp.googleapis.com (BETA - PUBLIC) -editor,dlp.inspectOperations.create,True,True,N/A,dlp.googleapis.com (BETA - PUBLIC) -editor,errorreporting.errorEvents.create,True,True,N/A,clouderrorreporting.googleapis.com (BETA - PUBLIC) -editor,errorreporting.errorEvents.delete,True,True,N/A,clouderrorreporting.googleapis.com (BETA - PUBLIC) -editor,errorreporting.groupMetadata.update,True,True,N/A,clouderrorreporting.googleapis.com (BETA - PUBLIC) -editor,genomics.datasets.create,True,True,N/A,genomics.googleapis.com (GA - PUBLIC) -editor,genomics.datasets.delete,True,True,N/A,genomics.googleapis.com (GA - PUBLIC) -editor,genomics.datasets.update,True,True,N/A,genomics.googleapis.com (GA - PUBLIC) -editor,genomics.operations.cancel,True,True,N/A,genomics.googleapis.com (GA - PUBLIC) -editor,genomics.operations.create,True,True,N/A,genomics.googleapis.com (GA - PUBLIC) -editor,genomics.operations.delete,True,True,N/A,genomics.googleapis.com (GA - PUBLIC) -editor,iam.serviceAccountKeys.delete,True,True,N/A,iam.googleapis.com (GA - PUBLIC) -editor,iam.serviceAccountKeys.create,True,True,N/A,iam.googleapis.com (GA - PUBLIC) -editor,iam.serviceAccounts.actAs,True,True,N/A,iam.googleapis.com (GA - PUBLIC) -editor,iam.serviceAccounts.delete,True,True,N/A,iam.googleapis.com (GA - PUBLIC) -editor,iam.serviceAccounts.create,True,True,N/A,iam.googleapis.com (GA - PUBLIC) -editor,iam.serviceAccounts.update,True,True,N/A,iam.googleapis.com (GA - PUBLIC) -editor,logging.logEntries.create,True,True,N/A,logging.googleapis.com (GA - PUBLIC) -editor,logging.logMetrics.create,True,True,N/A,logging.googleapis.com (GA - PUBLIC) -editor,logging.logMetrics.update,True,True,N/A,logging.googleapis.com (GA - PUBLIC) -editor,logging.logMetrics.delete,True,True,N/A,logging.googleapis.com (GA - PUBLIC) -editor,logging.logs.delete,True,True,N/A,logging.googleapis.com (GA - PUBLIC) -editor,ml.jobs.create,True,True,N/A,ml.googleapis.com (BETA - PUBLIC) -editor,ml.jobs.cancel,True,True,N/A,ml.googleapis.com (BETA - PUBLIC) -editor,ml.operations.cancel,True,True,N/A,ml.googleapis.com (BETA - PUBLIC) -editor,ml.models.create,True,True,N/A,ml.googleapis.com (BETA - PUBLIC) -editor,ml.models.delete,True,True,N/A,ml.googleapis.com (BETA - PUBLIC) -editor,ml.models.update,True,True,N/A,ml.googleapis.com (BETA - PUBLIC) -editor,ml.versions.create,True,True,N/A,ml.googleapis.com (BETA - PUBLIC) -editor,ml.versions.delete,True,True,N/A,ml.googleapis.com (BETA - PUBLIC) -editor,ml.versions.update,True,True,N/A,ml.googleapis.com (BETA - PUBLIC) -editor,ml.pipelines.create,True,True,N/A,ml.googleapis.com (BETA - PUBLIC) -editor,ml.pipelines.cancel,True,True,N/A,ml.googleapis.com (BETA - PUBLIC) -editor,ml.pipelines.update,True,True,N/A,ml.googleapis.com (BETA - PUBLIC) -editor,ml.pipelines.pause,True,True,N/A,ml.googleapis.com (BETA - PUBLIC) -editor,ml.pipelines.resume,True,True,N/A,ml.googleapis.com (BETA - PUBLIC) -editor,monitoring.metricDescriptors.create,True,True,N/A,monitoring.googleapis.com (GA - PUBLIC) -editor,monitoring.metricDescriptors.delete,True,True,N/A,monitoring.googleapis.com (GA - PUBLIC) -editor,monitoring.timeSeries.create,True,True,N/A,monitoring.googleapis.com (GA - PUBLIC) -editor,monitoring.groups.create,True,True,N/A,monitoring.googleapis.com (GA - PUBLIC) -editor,monitoring.groups.delete,True,True,N/A,monitoring.googleapis.com (GA - PUBLIC) -editor,monitoring.groups.update,True,True,N/A,monitoring.googleapis.com (GA - PUBLIC) -editor,proximitybeacon.attachments.create,True,True,N/A,proximitybeacon.googleapis.com (GA - PUBLIC) -editor,proximitybeacon.attachments.delete,True,True,N/A,proximitybeacon.googleapis.com (GA - PUBLIC) -editor,proximitybeacon.beacons.create,True,True,N/A,proximitybeacon.googleapis.com (GA - PUBLIC) -editor,proximitybeacon.beacons.update,True,True,N/A,proximitybeacon.googleapis.com (GA - PUBLIC) -editor,proximitybeacon.beacons.attach,True,True,N/A,proximitybeacon.googleapis.com (GA - PUBLIC) -editor,proximitybeacon.namespaces.create,True,True,N/A,proximitybeacon.googleapis.com (GA - PUBLIC) -editor,proximitybeacon.namespaces.delete,True,True,N/A,proximitybeacon.googleapis.com (GA - PUBLIC) -editor,proximitybeacon.namespaces.update,True,True,N/A,proximitybeacon.googleapis.com (GA - PUBLIC) -editor,pubsub.subscriptions.create,True,True,N/A,pubsub.googleapis.com (GA - PUBLIC) -editor,pubsub.subscriptions.delete,True,True,N/A,pubsub.googleapis.com (GA - PUBLIC) -editor,pubsub.subscriptions.consume,True,True,N/A,pubsub.googleapis.com (GA - PUBLIC) -editor,pubsub.subscriptions.update,True,True,N/A,pubsub.googleapis.com (GA - PUBLIC) -editor,pubsub.topics.create,True,True,N/A,pubsub.googleapis.com (GA - PUBLIC) -editor,pubsub.topics.delete,True,True,N/A,pubsub.googleapis.com (GA - PUBLIC) -editor,pubsub.topics.attachSubscription,True,True,N/A,pubsub.googleapis.com (GA - PUBLIC) -editor,pubsub.topics.publish,True,True,N/A,pubsub.googleapis.com (GA - PUBLIC) -editor,pubsub.topics.update,True,True,N/A,pubsub.googleapis.com (GA - PUBLIC) -editor,resourcemanager.projects.update,True,True,N/A,cloudresourcemanager.googleapis.com (GA - PUBLIC) -editor,resourcemanager.projects.move,True,True,N/A,cloudresourcemanager.googleapis.com (GA - PUBLIC) -editor,resourcemanager.flexResourceAdmin.deleteInstance,True,True,N/A,cloudresourcemanager.googleapis.com (GA - PUBLIC) -editor,resourcemanager.flexResourceAdmin.undeleteInstance,True,True,N/A,cloudresourcemanager.googleapis.com (GA - PUBLIC) -editor,resourcemanager.flexResourceAdmin.createInstance,True,True,N/A,cloudresourcemanager.googleapis.com (GA - PUBLIC) -editor,resourcemanager.flexResourceAdmin.updateInstance,True,True,N/A,cloudresourcemanager.googleapis.com (GA - PUBLIC) -editor,resourcemanager.flexResourceAdmin.moveInstance,True,True,N/A,cloudresourcemanager.googleapis.com (GA - PUBLIC) -editor,runtimeconfig.configs.create,True,True,N/A,runtimeconfig.googleapis.com (GA - PUBLIC) -editor,runtimeconfig.configs.update,True,True,N/A,runtimeconfig.googleapis.com (GA - PUBLIC) -editor,runtimeconfig.configs.delete,True,True,N/A,runtimeconfig.googleapis.com (GA - PUBLIC) -editor,runtimeconfig.variables.create,True,True,N/A,runtimeconfig.googleapis.com (GA - PUBLIC) -editor,runtimeconfig.variables.update,True,True,N/A,runtimeconfig.googleapis.com (GA - PUBLIC) -editor,runtimeconfig.variables.delete,True,True,N/A,runtimeconfig.googleapis.com (GA - PUBLIC) -editor,runtimeconfig.waiters.create,True,True,N/A,runtimeconfig.googleapis.com (GA - PUBLIC) -editor,runtimeconfig.waiters.update,True,True,N/A,runtimeconfig.googleapis.com (GA - PUBLIC) -editor,runtimeconfig.waiters.delete,True,True,N/A,runtimeconfig.googleapis.com (GA - PUBLIC) -editor,servicemanagement.consumerSettings.update,True,True,N/A,servicemanagement.googleapis.com (GA - PUBLIC) -editor,servicemanagement.services.delete,True,True,N/A,servicemanagement.googleapis.com (GA - PUBLIC) -editor,servicemanagement.services.create,True,True,N/A,servicemanagement.googleapis.com (GA - PUBLIC) -editor,servicemanagement.services.update,True,True,N/A,servicemanagement.googleapis.com (GA - PUBLIC) -editor,servicemanagement.services.use,True,True,N/A,servicemanagement.googleapis.com (GA - PUBLIC) -editor,servicemanagement.services.bind,True,True,N/A,servicemanagement.googleapis.com (GA - PUBLIC) -editor,servicemanagement.services.check,True,True,N/A,servicemanagement.googleapis.com (GA - PUBLIC) -editor,servicemanagement.services.report,True,True,N/A,servicemanagement.googleapis.com (GA - PUBLIC) -editor,serviceusage.services.enable,True,True,N/A,serviceusage.googleapis.com (BETA - INTERNAL) -editor,serviceusage.services.disable,True,True,N/A,serviceusage.googleapis.com (BETA - INTERNAL) -editor,serviceusage.services.use,True,True,N/A,serviceusage.googleapis.com (BETA - INTERNAL) -editor,serviceusage.quotas.update,True,True,N/A,serviceusage.googleapis.com (BETA - INTERNAL) -editor,serviceusage.operations.delete,True,True,N/A,serviceusage.googleapis.com (BETA - INTERNAL) -editor,serviceusage.apiKeys.create,True,True,N/A,serviceusage.googleapis.com (BETA - INTERNAL) -editor,serviceusage.apiKeys.update,True,True,N/A,serviceusage.googleapis.com (BETA - INTERNAL) -editor,serviceusage.apiKeys.delete,True,True,N/A,serviceusage.googleapis.com (BETA - INTERNAL) -editor,serviceusage.apiKeys.regenerate,True,True,N/A,serviceusage.googleapis.com (BETA - INTERNAL) -editor,serviceusage.apiKeys.revert,True,True,N/A,serviceusage.googleapis.com (BETA - INTERNAL) -editor,source.repos.update,True,True,N/A,sourcerepo.googleapis.com (GA - PUBLIC) -editor,spanner.instances.create,True,True,N/A,spanner.googleapis.com (BETA - PUBLIC) -editor,spanner.instances.update,True,True,N/A,spanner.googleapis.com (BETA - PUBLIC) -editor,spanner.instances.delete,True,True,N/A,spanner.googleapis.com (BETA - PUBLIC) -editor,spanner.instanceOperations.cancel,True,True,N/A,spanner.googleapis.com (BETA - PUBLIC) -editor,spanner.instanceOperations.delete,True,True,N/A,spanner.googleapis.com (BETA - PUBLIC) -editor,spanner.databases.create,True,True,N/A,spanner.googleapis.com (BETA - PUBLIC) -editor,spanner.databases.update,True,True,N/A,spanner.googleapis.com (BETA - PUBLIC) -editor,spanner.databases.updateDdl,True,True,N/A,spanner.googleapis.com (BETA - PUBLIC) -editor,spanner.databases.beginOrRollbackReadWriteTransaction,True,True,N/A,spanner.googleapis.com (BETA - PUBLIC) -editor,spanner.databases.write,True,True,N/A,spanner.googleapis.com (BETA - PUBLIC) -editor,spanner.databases.drop,True,True,N/A,spanner.googleapis.com (BETA - PUBLIC) -editor,spanner.databaseOperations.cancel,True,True,N/A,spanner.googleapis.com (BETA - PUBLIC) -editor,spanner.databaseOperations.delete,True,True,N/A,spanner.googleapis.com (BETA - PUBLIC) -editor,stackdriver.awsEc2Instance.create,True,True,N/A,stackdriver.googleapis.com (GA - INTERNAL) -editor,stackdriver.awsEc2Instance.delete,True,True,N/A,stackdriver.googleapis.com (GA - INTERNAL) -editor,stackdriver.awsEc2Instance.update,True,True,N/A,stackdriver.googleapis.com (GA - INTERNAL) -editor,stackdriver.awsElbLoadBalancer.create,True,True,N/A,stackdriver.googleapis.com (GA - INTERNAL) -editor,stackdriver.awsElbLoadBalancer.delete,True,True,N/A,stackdriver.googleapis.com (GA - INTERNAL) -editor,stackdriver.awsElbLoadBalancer.update,True,True,N/A,stackdriver.googleapis.com (GA - INTERNAL) -editor,storage.buckets.delete,True,True,N/A,storage.googleapis.com (GA - PUBLIC) -editor,storage.buckets.create,True,True,N/A,storage.googleapis.com (GA - PUBLIC) -editor,workflow.projects.update,True,True,N/A,workflow.googleapis.com (GA - INTERNAL) -editor,workflow.projectMetadata.create,True,True,N/A,workflow.googleapis.com (GA - INTERNAL) -editor,workflow.projectMetadata.update,True,True,N/A,workflow.googleapis.com (GA - INTERNAL) -editor,workflow.projectMetadata.delete,True,True,N/A,workflow.googleapis.com (GA - INTERNAL) -editor,workflow.processes.create,True,True,N/A,workflow.googleapis.com (GA - INTERNAL) -editor,workflow.processes.update,True,True,N/A,workflow.googleapis.com (GA - INTERNAL) -editor,workflow.processMetadata.create,True,True,N/A,workflow.googleapis.com (GA - INTERNAL) -editor,workflow.processMetadata.update,True,True,N/A,workflow.googleapis.com (GA - INTERNAL) -editor,workflow.processMetadata.delete,True,True,N/A,workflow.googleapis.com (GA - INTERNAL) -editor,workflow.processDefinitions.create,True,True,N/A,workflow.googleapis.com (GA - INTERNAL) -editor,workflow.processDefinitions.update,True,True,N/A,workflow.googleapis.com (GA - INTERNAL) -editor,workflow.processDefinitionMetadata.create,True,True,N/A,workflow.googleapis.com (GA - INTERNAL) -editor,workflow.processDefinitionMetadata.update,True,True,N/A,workflow.googleapis.com (GA - INTERNAL) -editor,workflow.processDefinitionMetadata.delete,True,True,N/A,workflow.googleapis.com (GA - INTERNAL) -editor,workflow.processInstances.create,True,True,N/A,workflow.googleapis.com (GA - INTERNAL) -editor,workflow.processInstances.message,True,True,N/A,workflow.googleapis.com (GA - INTERNAL) -editor,workflow.processInstances.update,True,True,N/A,workflow.googleapis.com (GA - INTERNAL) -editor,workflow.processInstanceMetadata.create,True,True,N/A,workflow.googleapis.com (GA - INTERNAL) -editor,workflow.processInstanceMetadata.update,True,True,N/A,workflow.googleapis.com (GA - INTERNAL) -editor,workflow.processInstanceMetadata.delete,True,True,N/A,workflow.googleapis.com (GA - INTERNAL) -editor,workflow.taskInstances.complete,True,True,N/A,workflow.googleapis.com (GA - INTERNAL) -editor,workflow.taskInstances.fail,True,True,N/A,workflow.googleapis.com (GA - INTERNAL) -editor,workflow.taskInstances.update,True,True,N/A,workflow.googleapis.com (GA - INTERNAL) -editor,workflow.taskInstanceMetadata.create,True,True,N/A,workflow.googleapis.com (GA - INTERNAL) -editor,workflow.taskInstanceMetadata.update,True,True,N/A,workflow.googleapis.com (GA - INTERNAL) -editor,workflow.taskInstanceMetadata.delete,True,True,N/A,workflow.googleapis.com (GA - INTERNAL) -owner,appengine.applications.disable,True,True,N/A,appengine.googleapis.com (GA - PUBLIC) -owner,appengine.applications.create,True,True,N/A,appengine.googleapis.com (GA - PUBLIC) -owner,appengine.versions.getFileContents,True,True,N/A,appengine.googleapis.com (GA - PUBLIC) -owner,bigquery.jobs.update,True,True,N/A,bigquery.googleapis.com (GA - PUBLIC) -owner,bigquery.datasets.delete,True,True,N/A,bigquery.googleapis.com (GA - PUBLIC) -owner,bigquery.datasets.update,True,True,N/A,bigquery.googleapis.com (GA - PUBLIC) -owner,bigquery.config.update,True,True,N/A,bigquery.googleapis.com (GA - PUBLIC) -owner,cloudiot.registries.setIamPolicy,True,True,N/A,cloudiot.googleapis.com (BETA - INTERNAL) -owner,cloudkms.keyRings.setIamPolicy,True,True,N/A,cloudkms.googleapis.com (GA - PUBLIC) -owner,cloudkms.cryptoKeys.setIamPolicy,True,True,N/A,cloudkms.googleapis.com (GA - PUBLIC) -owner,cloudkms.cryptoKeyVersions.setIamPolicy,True,True,N/A,cloudkms.googleapis.com (GA - PUBLIC) -owner,cloudkms.cryptoKeyVersions.useToEncrypt,True,True,N/A,cloudkms.googleapis.com (GA - PUBLIC) -owner,cloudkms.cryptoKeyVersions.useToDecrypt,True,True,N/A,cloudkms.googleapis.com (GA - PUBLIC) -owner,cloudkms.cryptoKeyVersions.destroy,True,True,N/A,cloudkms.googleapis.com (GA - PUBLIC) -owner,cloudkms.cryptoKeyVersions.restore,True,True,N/A,cloudkms.googleapis.com (GA - PUBLIC) -owner,cloudsql.databases.getIamPolicy,True,True,N/A,cloudsql.googleapis.com (GA - PUBLIC) -owner,cloudsql.databases.setIamPolicy,True,True,N/A,cloudsql.googleapis.com (GA - PUBLIC) -owner,cloudsql.instances.getIamPolicy,True,True,N/A,cloudsql.googleapis.com (GA - PUBLIC) -owner,cloudsql.instances.setIamPolicy,True,True,N/A,cloudsql.googleapis.com (GA - PUBLIC) -owner,compute.interconnectLocations.setIamPolicy,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -owner,compute.interconnects.getIamPolicy,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -owner,compute.interconnects.setIamPolicy,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -owner,compute.subnetworks.getIamPolicy,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -owner,compute.subnetworks.setIamPolicy,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -owner,container.certificateSigningRequests.approve,True,True,N/A,container.googleapis.com (GA - PUBLIC) -owner,container.clusterRoleBindings.create,True,True,N/A,container.googleapis.com (GA - PUBLIC) -owner,container.clusterRoleBindings.delete,True,True,N/A,container.googleapis.com (GA - PUBLIC) -owner,container.clusterRoleBindings.update,True,True,N/A,container.googleapis.com (GA - PUBLIC) -owner,container.clusterRoles.create,True,True,N/A,container.googleapis.com (GA - PUBLIC) -owner,container.clusterRoles.delete,True,True,N/A,container.googleapis.com (GA - PUBLIC) -owner,container.clusterRoles.update,True,True,N/A,container.googleapis.com (GA - PUBLIC) -owner,container.clusterRoles.bind,True,True,N/A,container.googleapis.com (GA - PUBLIC) -owner,container.localSubjectAccessReviews.create,True,True,N/A,container.googleapis.com (GA - PUBLIC) -owner,container.roleBindings.create,True,True,N/A,container.googleapis.com (GA - PUBLIC) -owner,container.roleBindings.delete,True,True,N/A,container.googleapis.com (GA - PUBLIC) -owner,container.roleBindings.update,True,True,N/A,container.googleapis.com (GA - PUBLIC) -owner,container.roles.create,True,True,N/A,container.googleapis.com (GA - PUBLIC) -owner,container.roles.delete,True,True,N/A,container.googleapis.com (GA - PUBLIC) -owner,container.roles.update,True,True,N/A,container.googleapis.com (GA - PUBLIC) -owner,container.roles.bind,True,True,N/A,container.googleapis.com (GA - PUBLIC) -owner,container.subjectAccessReviews.create,True,True,N/A,container.googleapis.com (GA - PUBLIC) -owner,dataproc.clusters.setIamPolicy,True,True,N/A,dataproc.googleapis.com (GA - PUBLIC) -owner,dataproc.clusters.getIamPolicy,True,True,N/A,dataproc.googleapis.com (GA - PUBLIC) -owner,dataproc.jobs.setIamPolicy,True,True,N/A,dataproc.googleapis.com (GA - PUBLIC) -owner,dataproc.jobs.getIamPolicy,True,True,N/A,dataproc.googleapis.com (GA - PUBLIC) -owner,dataproc.operations.setIamPolicy,True,True,N/A,dataproc.googleapis.com (GA - PUBLIC) -owner,dataproc.operations.getIamPolicy,True,True,N/A,dataproc.googleapis.com (GA - PUBLIC) -owner,datastore.databases.delete,True,True,N/A,datastore.googleapis.com (GA - PUBLIC) -owner,datastore.databases.getIamPolicy,True,True,N/A,datastore.googleapis.com (GA - PUBLIC) -owner,datastore.databases.create,True,True,N/A,datastore.googleapis.com (GA - PUBLIC) -owner,datastore.databases.setIamPolicy,True,True,N/A,datastore.googleapis.com (GA - PUBLIC) -owner,datastore.databases.export,True,True,N/A,datastore.googleapis.com (GA - PUBLIC) -owner,datastore.databases.import,True,True,N/A,datastore.googleapis.com (GA - PUBLIC) -owner,datastore.operations.get,True,True,N/A,datastore.googleapis.com (GA - PUBLIC) -owner,datastore.operations.list,True,True,N/A,datastore.googleapis.com (GA - PUBLIC) -owner,datastore.operations.cancel,True,True,N/A,datastore.googleapis.com (GA - PUBLIC) -owner,datastore.operations.delete,True,True,N/A,datastore.googleapis.com (GA - PUBLIC) -owner,datastore.operations.get,True,True,N/A,datastore.googleapis.com (GA - PUBLIC) -owner,datastore.operations.list,True,True,N/A,datastore.googleapis.com (GA - PUBLIC) -owner,datastore.operations.cancel,True,True,N/A,datastore.googleapis.com (GA - PUBLIC) -owner,datastore.operations.delete,True,True,N/A,datastore.googleapis.com (GA - PUBLIC) -owner,datastore.namespaces.getIamPolicy,True,True,N/A,datastore.googleapis.com (GA - PUBLIC) -owner,datastore.namespaces.setIamPolicy,True,True,N/A,datastore.googleapis.com (GA - PUBLIC) -owner,deploymentmanager.deployments.getIamPolicy,True,True,N/A,deploymentmanager.googleapis.com (GA - PUBLIC) -owner,deploymentmanager.deployments.setIamPolicy,True,True,N/A,deploymentmanager.googleapis.com (GA - PUBLIC) -owner,dlp.inspectFindings.list,True,True,N/A,dlp.googleapis.com (BETA - PUBLIC) -owner,genomics.datasets.getIamPolicy,True,True,N/A,genomics.googleapis.com (GA - PUBLIC) -owner,genomics.datasets.setIamPolicy,True,True,N/A,genomics.googleapis.com (GA - PUBLIC) -owner,iam.serviceAccounts.setIamPolicy,True,True,N/A,iam.googleapis.com (GA - PUBLIC) -owner,logging.privateLogEntries.list,True,True,N/A,logging.googleapis.com (GA - PUBLIC) -owner,logging.sinks.create,True,True,N/A,logging.googleapis.com (GA - PUBLIC) -owner,logging.sinks.update,True,True,N/A,logging.googleapis.com (GA - PUBLIC) -owner,logging.sinks.delete,True,True,N/A,logging.googleapis.com (GA - PUBLIC) -owner,logging.exclusions.create,True,True,N/A,logging.googleapis.com (GA - PUBLIC) -owner,logging.exclusions.update,True,True,N/A,logging.googleapis.com (GA - PUBLIC) -owner,logging.exclusions.delete,True,True,N/A,logging.googleapis.com (GA - PUBLIC) -owner,ml.jobs.setIamPolicy,True,True,N/A,ml.googleapis.com (BETA - PUBLIC) -owner,ml.operations.setIamPolicy,True,True,N/A,ml.googleapis.com (BETA - PUBLIC) -owner,ml.models.setIamPolicy,True,True,N/A,ml.googleapis.com (BETA - PUBLIC) -owner,proximitybeacon.beacons.setIamPolicy,True,True,N/A,proximitybeacon.googleapis.com (GA - PUBLIC) -owner,proximitybeacon.beacons.getIamPolicy,True,True,N/A,proximitybeacon.googleapis.com (GA - PUBLIC) -owner,proximitybeacon.namespaces.setIamPolicy,True,True,N/A,proximitybeacon.googleapis.com (GA - PUBLIC) -owner,proximitybeacon.namespaces.getIamPolicy,True,True,N/A,proximitybeacon.googleapis.com (GA - PUBLIC) -owner,pubsub.subscriptions.getIamPolicy,True,True,N/A,pubsub.googleapis.com (GA - PUBLIC) -owner,pubsub.subscriptions.setIamPolicy,True,True,N/A,pubsub.googleapis.com (GA - PUBLIC) -owner,pubsub.topics.getIamPolicy,True,True,N/A,pubsub.googleapis.com (GA - PUBLIC) -owner,pubsub.topics.setIamPolicy,True,True,N/A,pubsub.googleapis.com (GA - PUBLIC) -owner,reservepartner.portal.write,True,True,N/A,reservepartner.googleapis.com (GA - INTERNAL) -owner,resourcemanager.projects.delete,True,True,N/A,cloudresourcemanager.googleapis.com (GA - PUBLIC) -owner,resourcemanager.projects.setIamPolicy,True,True,N/A,cloudresourcemanager.googleapis.com (GA - PUBLIC) -owner,resourcemanager.projects.undelete,True,True,N/A,cloudresourcemanager.googleapis.com (GA - PUBLIC) -owner,resourcemanager.projects.createBillingAssignment,True,True,N/A,cloudresourcemanager.googleapis.com (GA - PUBLIC) -owner,resourcemanager.projects.deleteBillingAssignment,True,True,N/A,cloudresourcemanager.googleapis.com (GA - PUBLIC) -owner,resourcemanager.projects.updateLiens,True,True,N/A,cloudresourcemanager.googleapis.com (GA - PUBLIC) -owner,resourcemanager.flexResourceAdmin.setIamPolicy,True,True,N/A,cloudresourcemanager.googleapis.com (GA - PUBLIC) -owner,runtimeconfig.configs.setIamPolicy,True,True,N/A,runtimeconfig.googleapis.com (GA - PUBLIC) -owner,runtimeconfig.configs.getIamPolicy,True,True,N/A,runtimeconfig.googleapis.com (GA - PUBLIC) -owner,runtimeconfig.variables.setIamPolicy,True,True,N/A,runtimeconfig.googleapis.com (GA - PUBLIC) -owner,runtimeconfig.variables.getIamPolicy,True,True,N/A,runtimeconfig.googleapis.com (GA - PUBLIC) -owner,runtimeconfig.waiters.setIamPolicy,True,True,N/A,runtimeconfig.googleapis.com (GA - PUBLIC) -owner,runtimeconfig.waiters.getIamPolicy,True,True,N/A,runtimeconfig.googleapis.com (GA - PUBLIC) -owner,servicemanagement.consumerSettings.setIamPolicy,True,True,N/A,servicemanagement.googleapis.com (GA - PUBLIC) -owner,servicemanagement.consumerSettings.getIamPolicy,True,True,N/A,servicemanagement.googleapis.com (GA - PUBLIC) -owner,servicemanagement.services.setIamPolicy,True,True,N/A,servicemanagement.googleapis.com (GA - PUBLIC) -owner,servicemanagement.services.getIamPolicy,True,True,N/A,servicemanagement.googleapis.com (GA - PUBLIC) -owner,source.repos.create,True,True,N/A,sourcerepo.googleapis.com (GA - PUBLIC) -owner,source.repos.delete,True,True,N/A,sourcerepo.googleapis.com (GA - PUBLIC) -owner,source.repos.setIamPolicy,True,True,N/A,sourcerepo.googleapis.com (GA - PUBLIC) -owner,source.repos.getIamPolicy,True,True,N/A,sourcerepo.googleapis.com (GA - PUBLIC) -owner,spanner.instances.setIamPolicy,True,True,N/A,spanner.googleapis.com (BETA - PUBLIC) -owner,spanner.databases.setIamPolicy,True,True,N/A,spanner.googleapis.com (BETA - PUBLIC) -owner,stackdriver.projects.edit,True,True,N/A,stackdriver.googleapis.com (GA - INTERNAL) -owner,workflow.projects.setIamPolicy,True,True,N/A,workflow.googleapis.com (GA - INTERNAL) -owner,workflow.projectMetadata.setIamPolicy,True,True,N/A,workflow.googleapis.com (GA - INTERNAL) -owner,workflow.processes.setIamPolicy,True,True,N/A,workflow.googleapis.com (GA - INTERNAL) -owner,workflow.processMetadata.setIamPolicy,True,True,N/A,workflow.googleapis.com (GA - INTERNAL) -owner,workflow.processDefinitions.setIamPolicy,True,True,N/A,workflow.googleapis.com (GA - INTERNAL) -owner,workflow.processDefinitionMetadata.setIamPolicy,True,True,N/A,workflow.googleapis.com (GA - INTERNAL) -owner,workflow.processInstances.setIamPolicy,True,True,N/A,workflow.googleapis.com (GA - INTERNAL) -owner,workflow.processInstanceMetadata.setIamPolicy,True,True,N/A,workflow.googleapis.com (GA - INTERNAL) -owner,workflow.taskInstances.setIamPolicy,True,True,N/A,workflow.googleapis.com (GA - INTERNAL) -owner,workflow.taskInstanceMetadata.setIamPolicy,True,True,N/A,workflow.googleapis.com (GA - INTERNAL) -viewer,appengine.applications.get,True,True,N/A,appengine.googleapis.com (GA - PUBLIC) -viewer,appengine.applications.list,True,True,N/A,appengine.googleapis.com (GA - PUBLIC) -viewer,appengine.instances.get,True,True,N/A,appengine.googleapis.com (GA - PUBLIC) -viewer,appengine.instances.list,True,True,N/A,appengine.googleapis.com (GA - PUBLIC) -viewer,appengine.services.get,True,True,N/A,appengine.googleapis.com (GA - PUBLIC) -viewer,appengine.services.list,True,True,N/A,appengine.googleapis.com (GA - PUBLIC) -viewer,appengine.operations.get,True,True,N/A,appengine.googleapis.com (GA - PUBLIC) -viewer,appengine.operations.list,True,True,N/A,appengine.googleapis.com (GA - PUBLIC) -viewer,appengine.runtimes.actAsAdmin,True,True,N/A,appengine.googleapis.com (GA - PUBLIC) -viewer,appengine.versions.get,True,True,N/A,appengine.googleapis.com (GA - PUBLIC) -viewer,appengine.versions.list,True,True,N/A,appengine.googleapis.com (GA - PUBLIC) -viewer,bigquery.jobs.create,True,True,N/A,bigquery.googleapis.com (GA - PUBLIC) -viewer,bigquery.jobs.list,True,True,N/A,bigquery.googleapis.com (GA - PUBLIC) -viewer,bigquery.jobs.get,True,True,N/A,bigquery.googleapis.com (GA - PUBLIC) -viewer,bigquery.datasets.list,True,True,N/A,bigquery.googleapis.com (GA - PUBLIC) -viewer,bigquery.datasets.get,True,True,N/A,bigquery.googleapis.com (GA - PUBLIC) -viewer,bigquery.config.get,True,True,N/A,bigquery.googleapis.com (GA - PUBLIC) -viewer,bigquery.savedqueries.list,True,True,N/A,bigquery.googleapis.com (GA - PUBLIC) -viewer,bigquery.savedqueries.get,True,True,N/A,bigquery.googleapis.com (GA - PUBLIC) -viewer,bigquery.transfers.get,True,True,N/A,bigquery.googleapis.com (GA - PUBLIC) -viewer,clientauthconfig.brands.get,True,True,N/A,clientauthconfig.googleapis.com (BETA - INTERNAL) -viewer,clientauthconfig.brands.list,True,True,N/A,clientauthconfig.googleapis.com (BETA - INTERNAL) -viewer,clientauthconfig.clients.get,True,True,N/A,clientauthconfig.googleapis.com (BETA - INTERNAL) -viewer,clientauthconfig.clients.list,True,True,N/A,clientauthconfig.googleapis.com (BETA - INTERNAL) -viewer,cloudbuild.builds.get,True,True,N/A,cloudbuild.googleapis.com (GA - PUBLIC) -viewer,cloudbuild.builds.list,True,True,N/A,cloudbuild.googleapis.com (GA - PUBLIC) -viewer,cloudiot.registries.get,True,True,N/A,cloudiot.googleapis.com (BETA - INTERNAL) -viewer,cloudiot.registries.list,True,True,N/A,cloudiot.googleapis.com (BETA - INTERNAL) -viewer,cloudiot.registries.getIamPolicy,True,True,N/A,cloudiot.googleapis.com (BETA - INTERNAL) -viewer,cloudiot.devices.get,True,True,N/A,cloudiot.googleapis.com (BETA - INTERNAL) -viewer,cloudiot.devices.list,True,True,N/A,cloudiot.googleapis.com (BETA - INTERNAL) -viewer,cloudkms.keyRings.list,True,True,N/A,cloudkms.googleapis.com (GA - PUBLIC) -viewer,cloudkms.keyRings.get,True,True,N/A,cloudkms.googleapis.com (GA - PUBLIC) -viewer,cloudkms.keyRings.getIamPolicy,True,True,N/A,cloudkms.googleapis.com (GA - PUBLIC) -viewer,cloudkms.cryptoKeys.list,True,True,N/A,cloudkms.googleapis.com (GA - PUBLIC) -viewer,cloudkms.cryptoKeys.get,True,True,N/A,cloudkms.googleapis.com (GA - PUBLIC) -viewer,cloudkms.cryptoKeys.getIamPolicy,True,True,N/A,cloudkms.googleapis.com (GA - PUBLIC) -viewer,cloudkms.cryptoKeyVersions.list,True,True,N/A,cloudkms.googleapis.com (GA - PUBLIC) -viewer,cloudkms.cryptoKeyVersions.get,True,True,N/A,cloudkms.googleapis.com (GA - PUBLIC) -viewer,cloudkms.cryptoKeyVersions.getIamPolicy,True,True,N/A,cloudkms.googleapis.com (GA - PUBLIC) -viewer,cloudnotifications.activities.list,True,True,N/A,cloudnotifications.googleapis.com (BETA - INTERNAL) -viewer,cloudsql.backupRuns.get,True,True,N/A,cloudsql.googleapis.com (GA - PUBLIC) -viewer,cloudsql.backupRuns.list,True,True,N/A,cloudsql.googleapis.com (GA - PUBLIC) -viewer,cloudsql.databases.get,True,True,N/A,cloudsql.googleapis.com (GA - PUBLIC) -viewer,cloudsql.databases.list,True,True,N/A,cloudsql.googleapis.com (GA - PUBLIC) -viewer,cloudsql.instances.export,True,True,N/A,cloudsql.googleapis.com (GA - PUBLIC) -viewer,cloudsql.instances.get,True,True,N/A,cloudsql.googleapis.com (GA - PUBLIC) -viewer,cloudsql.instances.list,True,True,N/A,cloudsql.googleapis.com (GA - PUBLIC) -viewer,cloudsql.sslCerts.get,True,True,N/A,cloudsql.googleapis.com (GA - PUBLIC) -viewer,cloudsql.sslCerts.list,True,True,N/A,cloudsql.googleapis.com (GA - PUBLIC) -viewer,cloudsql.users.list,True,True,N/A,cloudsql.googleapis.com (GA - PUBLIC) -viewer,cloudtestservice.matrices.list,True,True,N/A,testing.googleapis.com (GA - PUBLIC) -viewer,cloudtestservice.matrices.get,True,True,N/A,testing.googleapis.com (GA - PUBLIC) -viewer,cloudtestservice.environmentcatalog.get,True,True,N/A,testing.googleapis.com (GA - PUBLIC) -viewer,cloudtrace.traces.get,True,True,N/A,cloudtrace.googleapis.com (GA - PUBLIC) -viewer,cloudtrace.traces.list,True,True,N/A,cloudtrace.googleapis.com (GA - PUBLIC) -viewer,cloudtrace.tasks.get,True,True,N/A,cloudtrace.googleapis.com (GA - PUBLIC) -viewer,cloudtrace.tasks.list,True,True,N/A,cloudtrace.googleapis.com (GA - PUBLIC) -viewer,cloudtrace.tasks.create,True,True,N/A,cloudtrace.googleapis.com (GA - PUBLIC) -viewer,cloudtrace.insights.get,True,True,N/A,cloudtrace.googleapis.com (GA - PUBLIC) -viewer,cloudtrace.insights.list,True,True,N/A,cloudtrace.googleapis.com (GA - PUBLIC) -viewer,cloudtrace.stats.get,True,True,N/A,cloudtrace.googleapis.com (GA - PUBLIC) -viewer,compute.acceleratorTypes.get,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.acceleratorTypes.list,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.addresses.get,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.addresses.list,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.globalAddresses.get,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.globalAddresses.list,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.autoscalers.get,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.autoscalers.list,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.backendBuckets.get,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.backendBuckets.list,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.backendServices.get,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.backendServices.list,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.commitments.get,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.commitments.list,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.disks.createSnapshot,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.disks.get,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.disks.list,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.disks.useReadOnly,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.diskTypes.get,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.diskTypes.list,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.firewalls.get,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.firewalls.list,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.forwardingRules.get,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.forwardingRules.list,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.globalForwardingRules.get,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.globalForwardingRules.list,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.healthChecks.get,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.healthChecks.list,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.healthChecks.useReadOnly,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.httpHealthChecks.get,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.httpHealthChecks.list,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.httpHealthChecks.useReadOnly,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.httpsHealthChecks.get,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.httpsHealthChecks.list,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.httpsHealthChecks.useReadOnly,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.images.get,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.images.getFromFamily,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.images.list,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.images.useReadOnly,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.instances.get,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.instances.getGuestAttributes,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.instances.getSerialPortOutput,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.instances.list,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.instances.listReferrers,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.instanceGroups.get,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.instanceGroups.list,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.instanceGroupManagers.get,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.instanceGroupManagers.list,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.instanceTemplates.get,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.instanceTemplates.list,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.instanceTemplates.useReadOnly,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.interconnectAttachments.get,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.interconnectAttachments.list,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.interconnectLocations.get,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.interconnectLocations.list,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.interconnectLocations.getIamPolicy,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.interconnects.get,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.interconnects.list,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.licenses.get,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.licenses.list,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.machineTypes.get,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.machineTypes.list,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.networks.get,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.networks.list,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.networks.listIpOwners,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.networks.listUsableSubnets,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.globalOperations.get,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.globalOperations.list,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.regionOperations.get,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.regionOperations.list,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.zoneOperations.get,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.zoneOperations.list,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.projects.get,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.regions.get,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.regions.list,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.routes.get,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.routes.list,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.snapshots.get,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.snapshots.list,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.snapshots.useReadOnly,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.sslCertificates.get,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.sslCertificates.list,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.sslPolicies.get,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.sslPolicies.list,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.subnetworks.get,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.subnetworks.list,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.subnetworks.listIpOwners,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.targetHttpProxies.get,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.targetHttpProxies.list,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.targetHttpsProxies.get,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.targetHttpsProxies.list,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.targetInstances.get,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.targetInstances.list,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.targetPools.get,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.targetPools.list,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.targetSslProxies.get,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.targetSslProxies.list,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.targetVpnGateways.get,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.targetVpnGateways.list,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.urlMaps.get,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.urlMaps.list,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.vpnTunnels.get,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.vpnTunnels.list,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.routers.get,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.routers.list,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.zones.get,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,compute.zones.list,True,True,N/A,compute.googleapis.com (GA - PUBLIC) -viewer,container.clusters.get,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.clusters.list,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.operations.get,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.operations.list,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.namespaces.get,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.namespaces.list,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.bindings.get,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.bindings.list,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.certificateSigningRequests.get,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.certificateSigningRequests.list,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.clusterRoleBindings.get,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.clusterRoleBindings.list,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.clusterRoles.get,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.clusterRoles.list,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.componentStatuses.get,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.componentStatuses.list,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.configMaps.get,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.configMaps.list,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.cronJobs.get,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.cronJobs.list,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.daemonSets.get,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.daemonSets.list,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.deployments.get,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.deployments.list,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.endpoints.get,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.endpoints.list,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.events.get,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.events.list,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.horizontalPodAutoscalers.get,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.horizontalPodAutoscalers.list,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.ingresses.get,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.ingresses.list,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.jobs.get,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.jobs.list,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.limitRanges.get,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.limitRanges.list,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.localSubjectAccessReviews.list,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.networkPolicies.get,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.networkPolicies.list,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.nodes.get,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.nodes.list,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.persistentVolumeClaims.get,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.persistentVolumeClaims.list,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.persistentVolumes.get,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.persistentVolumes.list,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.petSets.get,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.petSets.list,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.podDisruptionBudgets.get,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.podDisruptionBudgets.list,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.pods.get,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.pods.list,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.pods.getLogs,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.podPresets.get,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.podPresets.list,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.podTemplates.get,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.podTemplates.list,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.replicaSets.get,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.replicaSets.list,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.replicationControllers.get,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.replicationControllers.list,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.resourceQuotas.get,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.resourceQuotas.list,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.roleBindings.get,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.roleBindings.list,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.roles.get,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.roles.list,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.scheduledJobs.get,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.scheduledJobs.list,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.selfSubjectAccessReviews.create,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.selfSubjectAccessReviews.list,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.serviceAccounts.get,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.serviceAccounts.list,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.services.get,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.services.list,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.statefulSets.get,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.statefulSets.list,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.storageClasses.get,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.storageClasses.list,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.subjectAccessReviews.list,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.thirdPartyResources.get,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.thirdPartyResources.list,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.thirdPartyObjects.get,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,container.thirdPartyObjects.list,True,True,N/A,container.googleapis.com (GA - PUBLIC) -viewer,dataflow.jobs.list,True,True,N/A,dataflow.googleapis.com (GA - PUBLIC) -viewer,dataflow.jobs.get,True,True,N/A,dataflow.googleapis.com (GA - PUBLIC) -viewer,dataflow.messages.list,True,True,N/A,dataflow.googleapis.com (GA - PUBLIC) -viewer,dataflow.metrics.get,True,True,N/A,dataflow.googleapis.com (GA - PUBLIC) -viewer,dataproc.regions.list,True,True,N/A,dataproc.googleapis.com (GA - PUBLIC) -viewer,dataproc.clusters.get,True,True,N/A,dataproc.googleapis.com (GA - PUBLIC) -viewer,dataproc.clusters.list,True,True,N/A,dataproc.googleapis.com (GA - PUBLIC) -viewer,dataproc.agents.get,True,True,N/A,dataproc.googleapis.com (GA - PUBLIC) -viewer,dataproc.agents.list,True,True,N/A,dataproc.googleapis.com (GA - PUBLIC) -viewer,dataproc.tasks.listInvalidatedLeases,True,True,N/A,dataproc.googleapis.com (GA - PUBLIC) -viewer,dataproc.jobs.get,True,True,N/A,dataproc.googleapis.com (GA - PUBLIC) -viewer,dataproc.jobs.list,True,True,N/A,dataproc.googleapis.com (GA - PUBLIC) -viewer,dataproc.operations.get,True,True,N/A,dataproc.googleapis.com (GA - PUBLIC) -viewer,dataproc.operations.list,True,True,N/A,dataproc.googleapis.com (GA - PUBLIC) -viewer,datastore.databases.get,True,True,N/A,datastore.googleapis.com (GA - PUBLIC) -viewer,datastore.databases.list,True,True,N/A,datastore.googleapis.com (GA - PUBLIC) -viewer,datastore.entities.get,True,True,N/A,datastore.googleapis.com (GA - PUBLIC) -viewer,datastore.entities.list,True,True,N/A,datastore.googleapis.com (GA - PUBLIC) -viewer,datastore.indexes.get,True,True,N/A,datastore.googleapis.com (GA - PUBLIC) -viewer,datastore.indexes.list,True,True,N/A,datastore.googleapis.com (GA - PUBLIC) -viewer,datastore.namespaces.get,True,True,N/A,datastore.googleapis.com (GA - PUBLIC) -viewer,datastore.namespaces.list,True,True,N/A,datastore.googleapis.com (GA - PUBLIC) -viewer,datastore.statistics.get,True,True,N/A,datastore.googleapis.com (GA - PUBLIC) -viewer,datastore.statistics.list,True,True,N/A,datastore.googleapis.com (GA - PUBLIC) -viewer,deploymentmanager.deployments.get,True,True,N/A,deploymentmanager.googleapis.com (GA - PUBLIC) -viewer,deploymentmanager.deployments.list,True,True,N/A,deploymentmanager.googleapis.com (GA - PUBLIC) -viewer,deploymentmanager.manifests.get,True,True,N/A,deploymentmanager.googleapis.com (GA - PUBLIC) -viewer,deploymentmanager.manifests.list,True,True,N/A,deploymentmanager.googleapis.com (GA - PUBLIC) -viewer,deploymentmanager.operations.get,True,True,N/A,deploymentmanager.googleapis.com (GA - PUBLIC) -viewer,deploymentmanager.operations.list,True,True,N/A,deploymentmanager.googleapis.com (GA - PUBLIC) -viewer,deploymentmanager.resources.get,True,True,N/A,deploymentmanager.googleapis.com (GA - PUBLIC) -viewer,deploymentmanager.resources.list,True,True,N/A,deploymentmanager.googleapis.com (GA - PUBLIC) -viewer,deploymentmanager.types.get,True,True,N/A,deploymentmanager.googleapis.com (GA - PUBLIC) -viewer,deploymentmanager.types.list,True,True,N/A,deploymentmanager.googleapis.com (GA - PUBLIC) -viewer,deploymentmanager.typeProviders.get,True,True,N/A,deploymentmanager.googleapis.com (GA - PUBLIC) -viewer,deploymentmanager.typeProviders.list,True,True,N/A,deploymentmanager.googleapis.com (GA - PUBLIC) -viewer,deploymentmanager.typeProviders.getType,True,True,N/A,deploymentmanager.googleapis.com (GA - PUBLIC) -viewer,deploymentmanager.typeProviders.listTypes,True,True,N/A,deploymentmanager.googleapis.com (GA - PUBLIC) -viewer,deploymentmanager.compositeTypes.get,True,True,N/A,deploymentmanager.googleapis.com (GA - PUBLIC) -viewer,deploymentmanager.compositeTypes.list,True,True,N/A,deploymentmanager.googleapis.com (GA - PUBLIC) -viewer,dlp.inspectOperations.get,True,True,N/A,dlp.googleapis.com (BETA - PUBLIC) -viewer,dlp.inspectOperations.list,True,True,N/A,dlp.googleapis.com (BETA - PUBLIC) -viewer,errorreporting.applications.list,True,True,N/A,clouderrorreporting.googleapis.com (BETA - PUBLIC) -viewer,errorreporting.groups.list,True,True,N/A,clouderrorreporting.googleapis.com (BETA - PUBLIC) -viewer,errorreporting.errorEvents.list,True,True,N/A,clouderrorreporting.googleapis.com (BETA - PUBLIC) -viewer,errorreporting.groupMetadata.get,True,True,N/A,clouderrorreporting.googleapis.com (BETA - PUBLIC) -viewer,genomics.datasets.get,True,True,N/A,genomics.googleapis.com (GA - PUBLIC) -viewer,genomics.datasets.list,True,True,N/A,genomics.googleapis.com (GA - PUBLIC) -viewer,genomics.operations.get,True,True,N/A,genomics.googleapis.com (GA - PUBLIC) -viewer,genomics.operations.list,True,True,N/A,genomics.googleapis.com (GA - PUBLIC) -viewer,iam.serviceAccountKeys.list,True,True,N/A,iam.googleapis.com (GA - PUBLIC) -viewer,iam.serviceAccountKeys.get,True,True,N/A,iam.googleapis.com (GA - PUBLIC) -viewer,iam.serviceAccounts.get,True,True,N/A,iam.googleapis.com (GA - PUBLIC) -viewer,iam.serviceAccounts.getIamPolicy,True,True,N/A,iam.googleapis.com (GA - PUBLIC) -viewer,iam.serviceAccounts.list,True,True,N/A,iam.googleapis.com (GA - PUBLIC) -viewer,iam.projectSettings.get,True,True,N/A,iam.googleapis.com (GA - PUBLIC) -viewer,logging.logEntries.list,True,True,N/A,logging.googleapis.com (GA - PUBLIC) -viewer,logging.logMetrics.list,True,True,N/A,logging.googleapis.com (GA - PUBLIC) -viewer,logging.logMetrics.get,True,True,N/A,logging.googleapis.com (GA - PUBLIC) -viewer,logging.logs.list,True,True,N/A,logging.googleapis.com (GA - PUBLIC) -viewer,logging.logServiceIndexes.list,True,True,N/A,logging.googleapis.com (GA - PUBLIC) -viewer,logging.logServices.list,True,True,N/A,logging.googleapis.com (GA - PUBLIC) -viewer,logging.sinks.list,True,True,N/A,logging.googleapis.com (GA - PUBLIC) -viewer,logging.sinks.get,True,True,N/A,logging.googleapis.com (GA - PUBLIC) -viewer,logging.exclusions.list,True,True,N/A,logging.googleapis.com (GA - PUBLIC) -viewer,logging.exclusions.get,True,True,N/A,logging.googleapis.com (GA - PUBLIC) -viewer,logging.usage.get,True,True,N/A,logging.googleapis.com (GA - PUBLIC) -viewer,ml.projects.getConfig,True,True,N/A,ml.googleapis.com (BETA - PUBLIC) -viewer,ml.jobs.list,True,True,N/A,ml.googleapis.com (BETA - PUBLIC) -viewer,ml.jobs.get,True,True,N/A,ml.googleapis.com (BETA - PUBLIC) -viewer,ml.jobs.getIamPolicy,True,True,N/A,ml.googleapis.com (BETA - PUBLIC) -viewer,ml.operations.list,True,True,N/A,ml.googleapis.com (BETA - PUBLIC) -viewer,ml.operations.get,True,True,N/A,ml.googleapis.com (BETA - PUBLIC) -viewer,ml.operations.getIamPolicy,True,True,N/A,ml.googleapis.com (BETA - PUBLIC) -viewer,ml.models.list,True,True,N/A,ml.googleapis.com (BETA - PUBLIC) -viewer,ml.models.get,True,True,N/A,ml.googleapis.com (BETA - PUBLIC) -viewer,ml.models.predict,True,True,N/A,ml.googleapis.com (BETA - PUBLIC) -viewer,ml.models.getIamPolicy,True,True,N/A,ml.googleapis.com (BETA - PUBLIC) -viewer,ml.versions.list,True,True,N/A,ml.googleapis.com (BETA - PUBLIC) -viewer,ml.versions.get,True,True,N/A,ml.googleapis.com (BETA - PUBLIC) -viewer,ml.versions.predict,True,True,N/A,ml.googleapis.com (BETA - PUBLIC) -viewer,ml.pipelines.list,True,True,N/A,ml.googleapis.com (BETA - PUBLIC) -viewer,ml.pipelines.get,True,True,N/A,ml.googleapis.com (BETA - PUBLIC) -viewer,ml.runs.list,True,True,N/A,ml.googleapis.com (BETA - PUBLIC) -viewer,ml.runs.get,True,True,N/A,ml.googleapis.com (BETA - PUBLIC) -viewer,monitoring.metricDescriptors.list,True,True,N/A,monitoring.googleapis.com (GA - PUBLIC) -viewer,monitoring.metricDescriptors.get,True,True,N/A,monitoring.googleapis.com (GA - PUBLIC) -viewer,monitoring.monitoredResourceDescriptors.list,True,True,N/A,monitoring.googleapis.com (GA - PUBLIC) -viewer,monitoring.monitoredResourceDescriptors.get,True,True,N/A,monitoring.googleapis.com (GA - PUBLIC) -viewer,monitoring.timeSeries.list,True,True,N/A,monitoring.googleapis.com (GA - PUBLIC) -viewer,monitoring.groups.list,True,True,N/A,monitoring.googleapis.com (GA - PUBLIC) -viewer,monitoring.groups.get,True,True,N/A,monitoring.googleapis.com (GA - PUBLIC) -viewer,proximitybeacon.attachments.get,True,True,N/A,proximitybeacon.googleapis.com (GA - PUBLIC) -viewer,proximitybeacon.attachments.list,True,True,N/A,proximitybeacon.googleapis.com (GA - PUBLIC) -viewer,proximitybeacon.beacons.get,True,True,N/A,proximitybeacon.googleapis.com (GA - PUBLIC) -viewer,proximitybeacon.beacons.list,True,True,N/A,proximitybeacon.googleapis.com (GA - PUBLIC) -viewer,proximitybeacon.namespaces.list,True,True,N/A,proximitybeacon.googleapis.com (GA - PUBLIC) -viewer,proximitybeacon.namespaces.get,True,True,N/A,proximitybeacon.googleapis.com (GA - PUBLIC) -viewer,pubsub.subscriptions.list,True,True,N/A,pubsub.googleapis.com (GA - PUBLIC) -viewer,pubsub.subscriptions.get,True,True,N/A,pubsub.googleapis.com (GA - PUBLIC) -viewer,pubsub.topics.list,True,True,N/A,pubsub.googleapis.com (GA - PUBLIC) -viewer,pubsub.topics.get,True,True,N/A,pubsub.googleapis.com (GA - PUBLIC) -viewer,reservepartner.portal.read,True,True,N/A,reservepartner.googleapis.com (GA - INTERNAL) -viewer,resourcemanager.projects.get,True,True,N/A,cloudresourcemanager.googleapis.com (GA - PUBLIC) -viewer,resourcemanager.projects.getIamPolicy,True,True,N/A,cloudresourcemanager.googleapis.com (GA - PUBLIC) -viewer,resourcemanager.projects.list,True,True,N/A,cloudresourcemanager.googleapis.com (GA - PUBLIC) -viewer,orgpolicy.policy.get,True,True,N/A,cloudresourcemanager.googleapis.com (GA - PUBLIC) -viewer,resourcemanager.flexResourceAdmin.getInstance,True,True,N/A,cloudresourcemanager.googleapis.com (GA - PUBLIC) -viewer,resourcemanager.flexResourceAdmin.getIamPolicy,True,True,N/A,cloudresourcemanager.googleapis.com (GA - PUBLIC) -viewer,resourcemanager.projectInvites.get,True,True,N/A,cloudresourcemanager.googleapis.com (GA - PUBLIC) -viewer,runtimeconfig.configs.list,True,True,N/A,runtimeconfig.googleapis.com (GA - PUBLIC) -viewer,runtimeconfig.configs.get,True,True,N/A,runtimeconfig.googleapis.com (GA - PUBLIC) -viewer,runtimeconfig.variables.list,True,True,N/A,runtimeconfig.googleapis.com (GA - PUBLIC) -viewer,runtimeconfig.variables.watch,True,True,N/A,runtimeconfig.googleapis.com (GA - PUBLIC) -viewer,runtimeconfig.variables.get,True,True,N/A,runtimeconfig.googleapis.com (GA - PUBLIC) -viewer,runtimeconfig.waiters.list,True,True,N/A,runtimeconfig.googleapis.com (GA - PUBLIC) -viewer,runtimeconfig.waiters.get,True,True,N/A,runtimeconfig.googleapis.com (GA - PUBLIC) -viewer,runtimeconfig.operations.get,True,True,N/A,runtimeconfig.googleapis.com (GA - PUBLIC) -viewer,runtimeconfig.operations.list,True,True,N/A,runtimeconfig.googleapis.com (GA - PUBLIC) -viewer,servicemanagement.consumerSettings.get,True,True,N/A,servicemanagement.googleapis.com (GA - PUBLIC) -viewer,servicemanagement.consumerSettings.list,True,True,N/A,servicemanagement.googleapis.com (GA - PUBLIC) -viewer,servicemanagement.services.get,True,True,N/A,servicemanagement.googleapis.com (GA - PUBLIC) -viewer,servicemanagement.services.list,True,True,N/A,servicemanagement.googleapis.com (GA - PUBLIC) -viewer,serviceusage.services.get,True,True,N/A,serviceusage.googleapis.com (BETA - INTERNAL) -viewer,serviceusage.services.list,True,True,N/A,serviceusage.googleapis.com (BETA - INTERNAL) -viewer,serviceusage.quotas.get,True,True,N/A,serviceusage.googleapis.com (BETA - INTERNAL) -viewer,serviceusage.operations.get,True,True,N/A,serviceusage.googleapis.com (BETA - INTERNAL) -viewer,serviceusage.operations.list,True,True,N/A,serviceusage.googleapis.com (BETA - INTERNAL) -viewer,serviceusage.apiKeys.get,True,True,N/A,serviceusage.googleapis.com (BETA - INTERNAL) -viewer,serviceusage.apiKeys.getProjectForKey,True,True,N/A,serviceusage.googleapis.com (BETA - INTERNAL) -viewer,serviceusage.apiKeys.list,True,True,N/A,serviceusage.googleapis.com (BETA - INTERNAL) -viewer,source.repos.get,True,True,N/A,sourcerepo.googleapis.com (GA - PUBLIC) -viewer,source.repos.list,True,True,N/A,sourcerepo.googleapis.com (GA - PUBLIC) -viewer,spanner.instanceConfigs.list,True,True,N/A,spanner.googleapis.com (BETA - PUBLIC) -viewer,spanner.instanceConfigs.get,True,True,N/A,spanner.googleapis.com (BETA - PUBLIC) -viewer,spanner.instances.list,True,True,N/A,spanner.googleapis.com (BETA - PUBLIC) -viewer,spanner.instances.get,True,True,N/A,spanner.googleapis.com (BETA - PUBLIC) -viewer,spanner.instances.getIamPolicy,True,True,N/A,spanner.googleapis.com (BETA - PUBLIC) -viewer,spanner.instanceOperations.list,True,True,N/A,spanner.googleapis.com (BETA - PUBLIC) -viewer,spanner.instanceOperations.get,True,True,N/A,spanner.googleapis.com (BETA - PUBLIC) -viewer,spanner.databases.list,True,True,N/A,spanner.googleapis.com (BETA - PUBLIC) -viewer,spanner.databases.get,True,True,N/A,spanner.googleapis.com (BETA - PUBLIC) -viewer,spanner.databases.getDdl,True,True,N/A,spanner.googleapis.com (BETA - PUBLIC) -viewer,spanner.databases.getIamPolicy,True,True,N/A,spanner.googleapis.com (BETA - PUBLIC) -viewer,spanner.databases.beginReadOnlyTransaction,True,True,N/A,spanner.googleapis.com (BETA - PUBLIC) -viewer,spanner.databases.read,True,True,N/A,spanner.googleapis.com (BETA - PUBLIC) -viewer,spanner.databases.select,True,True,N/A,spanner.googleapis.com (BETA - PUBLIC) -viewer,spanner.databaseOperations.list,True,True,N/A,spanner.googleapis.com (BETA - PUBLIC) -viewer,spanner.databaseOperations.get,True,True,N/A,spanner.googleapis.com (BETA - PUBLIC) -viewer,spanner.sessions.create,True,True,N/A,spanner.googleapis.com (BETA - PUBLIC) -viewer,spanner.sessions.list,True,True,N/A,spanner.googleapis.com (BETA - PUBLIC) -viewer,spanner.sessions.get,True,True,N/A,spanner.googleapis.com (BETA - PUBLIC) -viewer,spanner.sessions.delete,True,True,N/A,spanner.googleapis.com (BETA - PUBLIC) -viewer,stackdriver.projects.get,True,True,N/A,stackdriver.googleapis.com (GA - INTERNAL) -viewer,stackdriver.awsEc2Instance.get,True,True,N/A,stackdriver.googleapis.com (GA - INTERNAL) -viewer,stackdriver.awsEc2Instance.list,True,True,N/A,stackdriver.googleapis.com (GA - INTERNAL) -viewer,stackdriver.awsElbLoadBalancer.get,True,True,N/A,stackdriver.googleapis.com (GA - INTERNAL) -viewer,stackdriver.awsElbLoadBalancer.list,True,True,N/A,stackdriver.googleapis.com (GA - INTERNAL) -viewer,storage.buckets.list,True,True,N/A,storage.googleapis.com (GA - PUBLIC) -viewer,workflow.projects.get,True,True,N/A,workflow.googleapis.com (GA - INTERNAL) -viewer,workflow.projects.getIamPolicy,True,True,N/A,workflow.googleapis.com (GA - INTERNAL) -viewer,workflow.projectMetadata.get,True,True,N/A,workflow.googleapis.com (GA - INTERNAL) -viewer,workflow.projectMetadata.getIamPolicy,True,True,N/A,workflow.googleapis.com (GA - INTERNAL) -viewer,workflow.processes.get,True,True,N/A,workflow.googleapis.com (GA - INTERNAL) -viewer,workflow.processes.getIamPolicy,True,True,N/A,workflow.googleapis.com (GA - INTERNAL) -viewer,workflow.processMetadata.get,True,True,N/A,workflow.googleapis.com (GA - INTERNAL) -viewer,workflow.processMetadata.getIamPolicy,True,True,N/A,workflow.googleapis.com (GA - INTERNAL) -viewer,workflow.processDefinitions.get,True,True,N/A,workflow.googleapis.com (GA - INTERNAL) -viewer,workflow.processDefinitions.getIamPolicy,True,True,N/A,workflow.googleapis.com (GA - INTERNAL) -viewer,workflow.processDefinitionMetadata.get,True,True,N/A,workflow.googleapis.com (GA - INTERNAL) -viewer,workflow.processDefinitionMetadata.getIamPolicy,True,True,N/A,workflow.googleapis.com (GA - INTERNAL) -viewer,workflow.processInstances.get,True,True,N/A,workflow.googleapis.com (GA - INTERNAL) -viewer,workflow.processInstances.getIamPolicy,True,True,N/A,workflow.googleapis.com (GA - INTERNAL) -viewer,workflow.processInstanceMetadata.get,True,True,N/A,workflow.googleapis.com (GA - INTERNAL) -viewer,workflow.processInstanceMetadata.getIamPolicy,True,True,N/A,workflow.googleapis.com (GA - INTERNAL) -viewer,workflow.taskInstances.get,True,True,N/A,workflow.googleapis.com (GA - INTERNAL) -viewer,workflow.taskInstances.getIamPolicy,True,True,N/A,workflow.googleapis.com (GA - INTERNAL) -viewer,workflow.taskInstanceMetadata.get,True,True,N/A,workflow.googleapis.com (GA - INTERNAL) -viewer,workflow.taskInstanceMetadata.getIamPolicy,True,True,N/A,workflow.googleapis.com (GA - INTERNAL)""" diff --git a/google/cloud/security/iam/explain/service.py b/google/cloud/security/iam/explain/service.py deleted file mode 100755 index 8364882b2c..0000000000 --- a/google/cloud/security/iam/explain/service.py +++ /dev/null @@ -1,291 +0,0 @@ -# Copyright 2017 The Forseti Security Authors. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -""" Explain gRPC service. """ - -import time -from collections import defaultdict -from concurrent import futures -import grpc - -from google.cloud.security.iam.explain import explain_pb2 -from google.cloud.security.iam.explain import explain_pb2_grpc -from google.cloud.security.iam.explain import explainer -from google.cloud.security.iam.dao import session_creator - - -# TODO: The next editor must remove this disable and correct issues. -# pylint: disable=missing-type-doc,missing-return-type-doc,missing-return-doc -# pylint: disable=missing-param-doc,missing-yield-doc -# pylint: disable=missing-yield-type-doc - - -# pylint: disable=protected-access -def autoclose_stream(f): - """Decorator to close gRPC stream.""" - - def wrapper(*args): - """Wrapper function, checks context state to close stream.""" - - def closed(context): - """Returns true iff the connection is closed.""" - - return context._state.client == 'closed' - context = args[-1] - for result in f(*args): - if closed(context): - return - yield result - return wrapper - - -# pylint: disable=no-self-use -class GrpcExplainer(explain_pb2_grpc.ExplainServicer): - """IAM Explain gRPC implementation.""" - - HANDLE_KEY = "handle" - - def _get_handle(self, context): - """Return the handle associated with the gRPC call.""" - - metadata = context.invocation_metadata() - metadata_dict = {} - for key, value in metadata: - metadata_dict[key] = value - return metadata_dict[self.HANDLE_KEY] - - def __init__(self, explainer_api): - super(GrpcExplainer, self).__init__() - self.explainer = explainer_api - - def Ping(self, request, _): - """Provides the capability to check for service availability.""" - - return explain_pb2.PingReply(data=request.data) - - def ExplainDenied(self, request, context): - """Provides information on how to grant access.""" - - model_name = self._get_handle(context) - binding_strategies = self.explainer.ExplainDenied(model_name, - request.member, - request.resources, - request.permissions, - request.roles) - reply = explain_pb2.ExplainDeniedReply() - strategies = [] - for overgranting, bindings in binding_strategies: - strategy = explain_pb2.BindingStrategy(overgranting=overgranting) - strategy.bindings.extend([explain_pb2.Binding( - member=b[1], resource=b[2], role=b[0]) for b in bindings]) - strategies.append(strategy) - reply.strategies.extend(strategies) - return reply - - def ExplainGranted(self, request, context): - """Provides information on why a member has access to a resource.""" - - model_name = self._get_handle(context) - result = self.explainer.ExplainGranted(model_name, - request.member, - request.resource, - request.role, - request.permission) - reply = explain_pb2.ExplainGrantedReply() - bindings, member_graph, resource_names = result - memberships = [] - for child, parents in member_graph.iteritems(): - memberships.append( - explain_pb2.Membership( - member=child, - parents=parents)) - reply.memberships.extend(memberships) - reply.resource_ancestors.extend(resource_names) - reply.bindings.extend( - [explain_pb2.Binding(member=member, resource=resource, role=role) - for resource, role, member in bindings]) - return reply - - def GetAccessByPermissions(self, request, context): - """Returns stream of access based on permission/role. - - Args: - request (object): grpg request. - context (object): grpg context. - - Yields: - Generator for access tuples. - """ - - model_name = self._get_handle(context) - - for role, resource, members in ( - self.explainer.GetAccessByPermissions( - model_name, - request.role_name, - request.permission_name, - request.expand_groups, - request.expand_resources)): - yield explain_pb2.Access(members=members, - role=role, - resource=resource) - - def GetAccessByResources(self, request, context): - """Returns members having access to the specified resource.""" - - model_name = self._get_handle(context) - mapping = self.explainer.GetAccessByResources(model_name, - request.resource_name, - request.permission_names, - request.expand_groups) - accesses = [] - for role, members in mapping.iteritems(): - access = explain_pb2.GetAccessByResourcesReply.Access( - role=role, resource=request.resource_name, members=members) - accesses.append(access) - - reply = explain_pb2.GetAccessByResourcesReply() - reply.accesses.extend(accesses) - return reply - - def GetAccessByMembers(self, request, context): - """Returns resources which can be accessed by the specified members.""" - - model_name = self._get_handle(context) - accesses = [] - for role, resources in\ - self.explainer.GetAccessByMembers(model_name, - request.member_name, - request.permission_names, - request.expand_resources): - - access = explain_pb2.GetAccessByMembersReply.Access( - role=role, resources=resources, member=request.member_name) - accesses.append(access) - reply = explain_pb2.GetAccessByMembersReply() - reply.accesses.extend(accesses) - return reply - - def GetPermissionsByRoles(self, request, context): - """Returns permissions for the specified roles.""" - - model_name = self._get_handle(context) - result = self.explainer.GetPermissionsByRoles(model_name, - request.role_names, - request.role_prefixes) - - permissions_by_roles_map = defaultdict(list) - for role, permission in result: - permissions_by_roles_map[role.name].append(permission.name) - - permissions_by_roles_list = [] - for role, permissions in permissions_by_roles_map.iteritems(): - permissions_by_roles_list.append( - explain_pb2.GetPermissionsByRolesReply.PermissionsByRole( - role=role, permissions=permissions)) - - reply = explain_pb2.GetPermissionsByRolesReply() - reply.permissionsbyroles.extend(permissions_by_roles_list) - return reply - - def CreateModel(self, request, context): - """Creates a new model from an import source.""" - - model = self.explainer.CreateModel(request.type, request.name) - reply = explain_pb2.CreateModelReply(model=explain_pb2.Model( - name=model.name, - handle=model.handle, - status=model.state, - message=model.message)) - return reply - - def DeleteModel(self, request, _): - """Deletes a model and all associated data.""" - - model_name = request.handle - self.explainer.DeleteModel(model_name) - return explain_pb2.DeleteModelReply() - - def ListModel(self, request, _): - """List all models.""" - - models = self.explainer.ListModel() - models_pb = [] - for model in models: - models_pb.append(explain_pb2.Model(name=model.name, - handle=model.handle, - status=model.state, - message=model.message, - warnings=model.warnings)) - reply = explain_pb2.ListModelReply() - reply.models.extend(models_pb) - return reply - - def Denormalize(self, _, context): - """Denormalize the entire model into access triples.""" - - model_name = self._get_handle(context) - - for permission, resource, member in self.explainer.Denormalize( - model_name): - yield explain_pb2.AuthorizationTuple(member=member, - permission=permission, - resource=resource) - - -class GrpcExplainerFactory(object): - """Factory class for Explain service gRPC interface""" - - def __init__(self, config): - self.config = config - - def create_and_register_service(self, server): - """Create and register the IAM Explain service.""" - - service = GrpcExplainer(explainer_api=explainer.Explainer(self.config)) - explain_pb2_grpc.add_ExplainServicer_to_server(service, server) - return service - - -def serve(endpoint, config, max_workers=10, wait_shutdown_secs=3): - """Serve IAM Explain with the provided parameters.""" - - server = grpc.server(futures.ThreadPoolExecutor(max_workers)) - GrpcExplainerFactory(config).create_and_register_service(server) - server.add_insecure_port(endpoint) - server.start() - while True: - try: - time.sleep(1) - print "Looping\n" - except KeyboardInterrupt: - server.stop(wait_shutdown_secs).wait() - return - - -if __name__ == "__main__": - class DummyConfig(object): - """Dummy configuration.""" - - def __init__(self): - self.session_creator = session_creator('/tmp/explain.db') - - def run_in_background(self, function): - """Run function in background.""" - - function() - - import sys - serve(endpoint=sys.argv[1] if len(sys.argv) > - 1 else '[::]:50051', config=DummyConfig()) diff --git a/google/cloud/security/iam/explain/utils.py b/google/cloud/security/iam/explain/utils.py deleted file mode 100644 index 6455e6181a..0000000000 --- a/google/cloud/security/iam/explain/utils.py +++ /dev/null @@ -1,15 +0,0 @@ -# Copyright 2017 The Forseti Security Authors. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -""" Explain utilities """ diff --git a/google/cloud/security/iam/playground/.grpc_service b/google/cloud/security/iam/playground/.grpc_service deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/google/cloud/security/iam/playground/__init__.py b/google/cloud/security/iam/playground/__init__.py deleted file mode 100644 index fcd8ebc393..0000000000 --- a/google/cloud/security/iam/playground/__init__.py +++ /dev/null @@ -1,17 +0,0 @@ -# Copyright 2017 The Forseti Security Authors. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -"""Playground service.""" - -__import__('pkg_resources').declare_namespace(__name__) diff --git a/google/cloud/security/iam/playground/playground.proto b/google/cloud/security/iam/playground/playground.proto deleted file mode 100644 index 0415d52fbc..0000000000 --- a/google/cloud/security/iam/playground/playground.proto +++ /dev/null @@ -1,155 +0,0 @@ -// Copyright 2017 The Forseti Security Authors. All rights reserved. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -syntax = "proto3"; - -package playground; - -service Playground { - rpc Ping(PingRequest) returns (PingReply) {} - rpc SetIamPolicy(SetIamPolicyRequest) returns (SetIamPolicyReply) {} - rpc GetIamPolicy(GetIamPolicyRequest) returns (GetIamPolicyReply) {} - rpc CheckIamPolicy(CheckIamPolicyRequest) returns (CheckIamPolicyReply) {} - - rpc AddGroupMember(AddGroupMemberRequest) returns (AddGroupMemberReply) {} - rpc DelGroupMember(DelGroupMemberRequest) returns (DelGroupMemberReply) {} - rpc ListGroupMembers(ListGroupMembersRequest) returns (ListGroupMembersReply) {} - - rpc AddResource(AddResourceRequest) returns (AddResourceReply) {} - rpc DelResource(DelResourceRequest) returns (DelResourceReply) {} - rpc ListResources(ListResourcesRequest) returns (ListResourcesReply) {} - - rpc AddRole(AddRoleRequest) returns (AddRoleReply) {} - rpc DelRole(DelRoleRequest) returns (DelRoleReply) {} - rpc ListRoles(ListRolesRequest) returns (ListRolesReply) {} -} - -message AddRoleRequest { - string role_name = 1; - repeated string permissions = 2; -} - -message AddRoleReply { -} - -message DelRoleRequest { - string role_name = 1; -} - -message DelRoleReply { -} - -message ListRolesRequest { - string prefix = 1; -} - -message ListRolesReply { - repeated string role_names = 1; -} - -message ListGroupMembersRequest { - string prefix = 1; -} - -message ListGroupMembersReply { - repeated string member_names = 1; -} - -message ListResourcesRequest { - string prefix = 1; -} - -message ListResourcesReply { - repeated string full_resource_names = 1; -} - -message AddGroupMemberRequest { - string member_type_name = 1; - repeated string parent_type_names = 2; -} - -message AddGroupMemberReply { -} - -message DelGroupMemberRequest { - string member_name = 1; - string parent_name = 2; - bool only_delete_relationship = 3; -} - -message DelGroupMemberReply { -} - -message AddResourceRequest { - string resource_type_name = 1; - string parent_type_name = 2; - bool no_require_parent = 3; -} - -message AddResourceReply { -} - -message DelResourceRequest { - string resource_type_name = 1; -} - -message DelResourceReply { - -} - -message PingRequest { - string data = 1; -} - -message PingReply { - string data = 1; -} - -message Binding { - string role = 1; - repeated string members = 2; -} - -message Policy { - repeated Binding bindings = 1; - string etag = 2; -} - -message CheckIamPolicyRequest { - string resource = 1; - string permission = 2; - string identity = 3; -} - -message CheckIamPolicyReply { - bool result = 1; -} - -message SetIamPolicyRequest { - string resource = 1; - Policy policy = 2; -} - -message SetIamPolicyReply { - bool accepted = 1; -} - -message GetIamPolicyRequest { - string resource = 1; -} - -message GetIamPolicyReply { - string resource = 1; - Policy policy = 2; -} diff --git a/google/cloud/security/iam/playground/playgrounder.py b/google/cloud/security/iam/playground/playgrounder.py deleted file mode 100644 index 0aa76a5584..0000000000 --- a/google/cloud/security/iam/playground/playgrounder.py +++ /dev/null @@ -1,155 +0,0 @@ -# Copyright 2017 The Forseti Security Authors. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -""" Playground API. """ - -# TODO: The next editor must remove this disable and correct issues. -# pylint: disable=missing-type-doc,missing-return-type-doc,missing-return-doc -# pylint: disable=missing-param-doc - - -# pylint: disable=invalid-name,no-self-use -class Playgrounder(object): - """Playground API implementation.""" - - def __init__(self, config): - self.config = config - - def SetIamPolicy(self, model_name, resource, policy): - """Sets the IAM policy for the resource.""" - - model_manager = self.config.model_manager - scoped_session, data_access = model_manager.get(model_name) - with scoped_session as session: - data_access.set_iam_policy(session, resource, policy) - - def GetIamPolicy(self, model_name, resource): - """Gets the IAM policy for the resource.""" - - model_manager = self.config.model_manager - scoped_session, data_access = model_manager.get(model_name) - with scoped_session as session: - return data_access.get_iam_policy(session, resource) - - def CheckIamPolicy(self, model_name, resource, permission, identity): - """Checks access according to IAM policy for the resource.""" - - model_manager = self.config.model_manager - scoped_session, data_access = model_manager.get(model_name) - with scoped_session as session: - return data_access.check_iam_policy( - session, resource, permission, identity) - - def AddGroupMember(self, model_name, member_type_name, parent_type_names): - """Adds a member to the model.""" - - model_manager = self.config.model_manager - scoped_session, data_access = model_manager.get(model_name) - with scoped_session as session: - return data_access.add_group_member( - session, member_type_name, parent_type_names, denorm=True) - - def DelGroupMember(self, model_name, member_name, parent_name, - only_delete_relationship): - """Deletes a member from the model.""" - - model_manager = self.config.model_manager - scoped_session, data_access = model_manager.get(model_name) - with scoped_session as session: - return data_access.del_group_member( - session, - member_name, - parent_name, - only_delete_relationship, - denorm=True) - - def ListGroupMembers(self, model_name, member_name_prefix): - """Lists a member from the model.""" - - model_manager = self.config.model_manager - scoped_session, data_access = model_manager.get(model_name) - with scoped_session as session: - return data_access.list_group_members(session, member_name_prefix) - - def DelResource(self, model_name, resource_type_name): - """Deletes a member from the model.""" - - model_manager = self.config.model_manager - scoped_session, data_access = model_manager.get(model_name) - with scoped_session as session: - data_access.del_resource_by_name(session, resource_type_name) - session.commit() - - def AddResource(self, model_name, - resource_type_name, - parent_type_name, - no_require_parent): - """Adds a resource to the model.""" - - model_manager = self.config.model_manager - scoped_session, data_access = model_manager.get(model_name) - with scoped_session as session: - data_access.add_resource_by_name( - session, - resource_type_name, - parent_type_name, - no_require_parent) - session.commit() - - def ListResources(self, model_name, full_resource_name_prefix): - """Lists resources by resource name prefix.""" - - model_manager = self.config.model_manager - scoped_session, data_access = model_manager.get(model_name) - with scoped_session as session: - return data_access.list_resources_by_prefix( - session, full_resource_name_prefix) - - def DelRole(self, model_name, role_name): - """Deletes role from the model.""" - - model_manager = self.config.model_manager - scoped_session, data_access = model_manager.get(model_name) - with scoped_session as session: - data_access.del_role_by_name(session, role_name) - session.commit() - - def AddRole(self, model_name, role_name, permission_names): - """Adds a role to the model.""" - - model_manager = self.config.model_manager - scoped_session, data_access = model_manager.get(model_name) - with scoped_session as session: - data_access.add_role_by_name(session, role_name, permission_names) - session.commit() - - def ListRoles(self, model_name, role_name_prefix): - """Lists the role in the model matching the prefix.""" - - model_manager = self.config.model_manager - scoped_session, data_access = model_manager.get(model_name) - with scoped_session as session: - return data_access.list_roles_by_prefix(session, role_name_prefix) - - -if __name__ == "__main__": - class DummyConfig(object): - """Dummy configuration for testing.""" - - def run_in_background(self, function): - """Dummy implementation.""" - - function() - - e = Playgrounder(config=DummyConfig()) diff --git a/google/cloud/security/iam/playground/service.py b/google/cloud/security/iam/playground/service.py deleted file mode 100755 index a9c5b6e5e6..0000000000 --- a/google/cloud/security/iam/playground/service.py +++ /dev/null @@ -1,230 +0,0 @@ -# Copyright 2017 The Forseti Security Authors. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -""" Playground gRPC service. """ - -import time -from concurrent import futures -import grpc - -from google.cloud.security.iam.playground import playground_pb2 -from google.cloud.security.iam.playground import playground_pb2_grpc -from google.cloud.security.iam.playground import playgrounder - - -# TODO: The next editor must remove this disable and correct issues. -# pylint: disable=missing-type-doc,missing-return-type-doc,missing-return-doc -# pylint: disable=missing-param-doc - - -# pylint: disable=no-self-use -class GrpcPlaygrounder(playground_pb2_grpc.PlaygroundServicer): - """Playground gRPC handler.""" - - HANDLE_KEY = "handle" - def _get_handle(self, context): - """Extract the model handle from the gRPC context.""" - - metadata = context.invocation_metadata() - metadata_dict = {} - for key, value in metadata: - metadata_dict[key] = value - return metadata_dict[self.HANDLE_KEY] - - def __init__(self, playgrounder_api): - super(GrpcPlaygrounder, self).__init__() - self.playgrounder = playgrounder_api - - def Ping(self, request, _): - """Ping implemented to check service availability.""" - - return playground_pb2.PingReply(data=request.data) - - def SetIamPolicy(self, request, context): - """Sets the policy for a resource.""" - - handle = self._get_handle(context) - policy = {'etag': request.policy.etag, 'bindings': {}} - for binding in request.policy.bindings: - policy['bindings'][binding.role] = binding.members - - self.playgrounder.SetIamPolicy(handle, - request.resource, - policy) - - return playground_pb2.SetIamPolicyReply() - - def GetIamPolicy(self, request, context): - """Gets the policy for a resource.""" - - handle = self._get_handle(context) - policy = self.playgrounder.GetIamPolicy(handle, - request.resource) - - reply = playground_pb2.GetIamPolicyReply() - - etag = policy['etag'] - bindings = [] - for key, value in policy['bindings'].iteritems(): - binding = playground_pb2.Binding() - binding.role = key - binding.members.extend(value) - bindings.append(binding) - - reply.resource = request.resource - reply.policy.bindings.extend(bindings) - reply.policy.etag = etag - return reply - - def CheckIamPolicy(self, request, context): - """Checks access according to policy to a specified resource.""" - - handle = self._get_handle(context) - authorized = self.playgrounder.CheckIamPolicy(handle, - request.resource, - request.permission, - request.identity) - reply = playground_pb2.CheckIamPolicyReply() - reply.result = authorized - return reply - - def AddGroupMember(self, request, context): - """Adds a member to the model.""" - - handle = self._get_handle(context) - self.playgrounder.AddGroupMember(handle, - request.member_type_name, - request.parent_type_names) - return playground_pb2.AddGroupMemberReply() - - def DelGroupMember(self, request, context): - """Deletes a member from the model.""" - - handle = self._get_handle(context) - self.playgrounder.DelGroupMember(handle, - request.member_name, - request.parent_name, - request.only_delete_relationship) - return playground_pb2.DelGroupMemberReply() - - def ListGroupMembers(self, request, context): - """Lists members in the model.""" - - handle = self._get_handle(context) - member_names = self.playgrounder.ListGroupMembers(handle, - request.prefix) - reply = playground_pb2.ListGroupMembersReply() - reply.member_names.extend(member_names) - return reply - - def DelResource(self, request, context): - """Deletes a resource from the model.""" - - handle = self._get_handle(context) - self.playgrounder.DelResource(handle, - request.resource_type_name) - return playground_pb2.DelResourceReply() - - def AddResource(self, request, context): - """Adds a resource to the model.""" - - handle = self._get_handle(context) - self.playgrounder.AddResource(handle, - request.resource_type_name, - request.parent_type_name, - request.no_require_parent) - return playground_pb2.AddResourceReply() - - def ListResources(self, request, context): - """Lists resources in the model.""" - - handle = self._get_handle(context) - resources = self.playgrounder.ListResources(handle, - request.prefix) - reply = playground_pb2.ListResourcesReply() - reply.full_resource_names.extend([r.type_name for r in resources]) - return reply - - def DelRole(self, request, context): - """Deletes a role within the model.""" - - handle = self._get_handle(context) - self.playgrounder.DelRole(handle, - request.role_name) - return playground_pb2.DelRoleReply() - - def AddRole(self, request, context): - """Adds a role to the model.""" - - handle = self._get_handle(context) - self.playgrounder.AddRole(handle, - request.role_name, - request.permissions) - return playground_pb2.AddRoleReply() - - def ListRoles(self, request, context): - """List roles from the model.""" - - handle = self._get_handle(context) - role_names = self.playgrounder.ListRoles(handle, - request.prefix) - reply = playground_pb2.ListRolesReply() - reply.role_names.extend(role_names) - return reply - - -class GrpcPlaygrounderFactory(object): - """Factory class for Playground service gRPC interface""" - - def __init__(self, config): - self.config = config - - def create_and_register_service(self, server): - """Creates a playground service and registers it in the server""" - - service = GrpcPlaygrounder( - playgrounder_api=playgrounder.Playgrounder( - self.config)) - playground_pb2_grpc.add_PlaygroundServicer_to_server(service, server) - return service - - -def serve(endpoint, config, max_workers=10, wait_shutdown_secs=3): - """Test function to serve playground service as standalone.""" - - server = grpc.server(futures.ThreadPoolExecutor(max_workers)) - GrpcPlaygrounderFactory(config).create_and_register_service(server) - server.add_insecure_port(endpoint) - server.start() - while True: - try: - time.sleep(1) - print "Looping\n" - except KeyboardInterrupt: - server.stop(wait_shutdown_secs).wait() - return - - -if __name__ == "__main__": - class DummyConfig(object): - """Dummy configuration for testing.""" - - def run_in_background(self, function): - """Dummy method, does not run in background.""" - - function() - - import sys - serve(endpoint=sys.argv[1] if len(sys.argv) > - 1 else '[::]:50051', config=DummyConfig()) diff --git a/google/cloud/security/iam/server.py b/google/cloud/security/iam/server.py deleted file mode 100644 index 5b30ad1204..0000000000 --- a/google/cloud/security/iam/server.py +++ /dev/null @@ -1,84 +0,0 @@ -# Copyright 2017 The Forseti Security Authors. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -""" IAM Explain server program. """ - -from multiprocessing.pool import ThreadPool -import time -from concurrent import futures -import grpc - -from google.cloud.security.iam.dao import ModelManager, create_engine -from google.cloud.security.iam.explain.service import GrpcExplainerFactory -from google.cloud.security.iam.playground.service import GrpcPlaygrounderFactory - -STATIC_SERVICE_MAPPING = { - 'explain': GrpcExplainerFactory, - 'playground': GrpcPlaygrounderFactory, -} - - -# TODO: The next editor must remove this disable and correct issues. -# pylint: disable=missing-param-doc,missing-type-doc,missing-raises-doc - - -class ServiceConfig(object): - """Helper class to implement dependency injection to IAM Explain services. - """ - - def __init__(self, explain_connect_string, forseti_connect_string): - self.thread_pool = ThreadPool() - - engine = create_engine(explain_connect_string, pool_recycle=3600) - self.model_manager = ModelManager(engine) - self.forseti_connect_string = forseti_connect_string - - def run_in_background(self, function): - """Runs a function in a thread pool in the background.""" - self.thread_pool.apply_async(function) - - -def serve(endpoint, services, explain_connect_string, forseti_connect_string, - max_workers=1, wait_shutdown_secs=3): - """Instantiate the services and serves them via gRPC.""" - - factories = [] - for service in services: - factories.append(STATIC_SERVICE_MAPPING[service]) - - if not factories: - raise Exception("No services to start") - - config = ServiceConfig(explain_connect_string, forseti_connect_string) - server = grpc.server(futures.ThreadPoolExecutor(max_workers)) - for factory in factories: - factory(config).create_and_register_service(server) - - server.add_insecure_port(endpoint) - server.start() - while True: - try: - time.sleep(1) - except KeyboardInterrupt: - server.stop(wait_shutdown_secs).wait() - return - - -if __name__ == "__main__": - import sys - EP = sys.argv[1] if len(sys.argv) > 1 else '[::]:50051' - FORSETI_DB = sys.argv[2] if len(sys.argv) > 2 else '' - EXPLAIN_DB = sys.argv[3] if len(sys.argv) > 3 else '' - SVCS = sys.argv[4:] if len(sys.argv) > 4 else [] - serve(EP, SVCS, EXPLAIN_DB, FORSETI_DB) diff --git a/google/cloud/security/iam/utils.py b/google/cloud/security/iam/utils.py deleted file mode 100644 index def18ee129..0000000000 --- a/google/cloud/security/iam/utils.py +++ /dev/null @@ -1,68 +0,0 @@ -# Copyright 2017 The Forseti Security Authors. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -""" IAM Explain utilities. """ - -import logging - - -# TODO: The next editor must remove this disable and correct issues. -# pylint: disable=missing-type-doc,missing-return-type-doc,missing-return-doc -# pylint: disable=missing-param-doc - - -def logcall(f, level=logging.CRITICAL): - """Call logging decorator.""" - - def wrapper(*args, **kwargs): - """Implements the log wrapper including parameters and result.""" - logging.log(level, 'enter %s(%s)', f.__name__, args) - result = f(*args, **kwargs) - logging.log(level, 'exit %s(%s) -> %s', f.__name__, args, result) - return result - return wrapper - - -def mutual_exclusive(lock): - """ Mutex decorator. """ - - def wrap(f): - """Decorator generator.""" - def function(*args, **kw): - """Decorated functionality, mutexing wrapped function.""" - lock.acquire() - try: - return f(*args, **kw) - finally: - lock.release() - return function - return wrap - - -def oneof(*args): - """Returns true iff one of the parameters is true.""" - - return len([x for x in args if x]) == 1 - - -def full_to_type_name(full_resource_name): - """Creates a type/name format from full resource name.""" - - return '/'.join(full_resource_name.split('/')[-2:]) - - -def resource_to_type_name(resource): - """Creates a type/name format from a resource dbo.""" - - return resource.type_name diff --git a/google/cloud/security/stubs.py b/google/cloud/security/stubs.py index f7407eed7f..73c359d18e 100644 --- a/google/cloud/security/stubs.py +++ b/google/cloud/security/stubs.py @@ -44,13 +44,3 @@ def RunForsetiNotifier(): """Run Forseti Notifier module.""" import google.cloud.security.notifier.notifier as forseti_notifier run_script_module.RunScriptModule(forseti_notifier) - -def RunForsetiApi(): - """Run Forseti API server.""" - import google.cloud.security.iam.server as forseti_api - run_script_module.RunScriptModule(forseti_api) - -def RunExplainCli(): - """Run Explain CLI.""" - import google.cloud.security.iam.cli as iam_cli - run_script_module.RunScriptModule(iam_cli) diff --git a/scripts/gcp_setup/environment/gcloud_env.py b/scripts/gcp_setup/environment/gcloud_env.py index d592fe0517..86ae3b37c2 100644 --- a/scripts/gcp_setup/environment/gcloud_env.py +++ b/scripts/gcp_setup/environment/gcloud_env.py @@ -750,9 +750,7 @@ def _get_user_input(self): if not self.gsuite_superadmin_email: # Ask for G Suite super admin email - print('\nTo read G Suite Groups data, for example, if you want to ' - 'use IAM Explain, please provide a G Suite super admin ' - 'email address. ' + print('\nTo read G Suite Groups data.' 'This step is optional and can be configured later.') self.gsuite_superadmin_email = raw_input( 'What is your organization\'s G Suite super admin email? ' diff --git a/setup.py b/setup.py index 9df8baffab..f8d09384a4 100755 --- a/setup.py +++ b/setup.py @@ -116,8 +116,6 @@ def run(self): 'forseti_scanner = google.cloud.security.stubs:RunForsetiScanner', 'forseti_enforcer = google.cloud.security.stubs:RunForsetiEnforcer', 'forseti_notifier = google.cloud.security.stubs:RunForsetiNotifier', - 'forseti_api = google.cloud.security.stubs:RunForsetiApi', - 'forseti_iam = google.cloud.security.stubs:RunExplainCli', ] }, zip_safe=False, # Set to False: apputils doesn't like zip_safe eggs diff --git a/tests/iam/__init__.py b/tests/iam/__init__.py deleted file mode 100755 index f23e6a99a0..0000000000 --- a/tests/iam/__init__.py +++ /dev/null @@ -1,16 +0,0 @@ -# -# Copyright 2017 The Forseti Security Authors. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -"""Tests for IAM services.""" diff --git a/tests/iam/api_tests/__init__.py b/tests/iam/api_tests/__init__.py deleted file mode 100644 index e5ce309e00..0000000000 --- a/tests/iam/api_tests/__init__.py +++ /dev/null @@ -1,15 +0,0 @@ -# Copyright 2017 The Forseti Security Authors. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -"""API Tests for IAM package.""" diff --git a/tests/iam/api_tests/api_tester.py b/tests/iam/api_tests/api_tester.py deleted file mode 100644 index f5dc62645b..0000000000 --- a/tests/iam/api_tests/api_tester.py +++ /dev/null @@ -1,171 +0,0 @@ -# Copyright 2017 The Forseti Security Authors. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -import grpc -import uuid -from concurrent import futures -import logging -from collections import defaultdict - -from google.cloud.security.iam.client import ClientComposition -from google.cloud.security.iam.dao import create_engine - - -def cleanup(test_callback): - """Decorator based model deletion.""" - def wrapper(client): - """Decorator implementation.""" - for model in client.list_models().models: - client.delete_model(model.handle) - test_callback(client) - return wrapper - - -def create_test_engine(): - """Create a test db in /tmp/.""" - tmpfile = '/tmp/{}.db'.format(uuid.uuid4()) - logging.info('Creating database at %s', tmpfile) - return create_engine('sqlite:///{}'.format(tmpfile)) - - -class ApiTestRunner(object): - """Test runner for end-to-end API testing.""" - def __init__(self, service_config, service_factories, port=50058): - super(ApiTestRunner, self).__init__() - self.service_config = service_config - self.service_factories = service_factories - self.service_port = port - - def run(self, test_callback): - """Test runner.""" - server = grpc.server(futures.ThreadPoolExecutor(1)) - server.add_insecure_port('[::]:{}'.format(self.service_port)) - for factory in self.service_factories: - factory(self.service_config).create_and_register_service(server) - server.start() - try: - client = ClientComposition( - endpoint='localhost:{}'.format(self.service_port)) - test_callback(client) - finally: - server.stop(0) - - -class ModelTestRunner(ApiTestRunner): - """Test runner for testing on declarative models.""" - def __init__(self, model, *args, **kwargs): - super(ModelTestRunner, self).__init__(*args, **kwargs) - self.model = model - - def _install_model(self, model, client): - """Installs the declarative model in the database.""" - self._install_resources(model['resources'], client.playground) - self._install_memberships(model['memberships'], client.playground) - self._install_roles(model['roles'], client.playground) - self._install_bindings(model['bindings'], client.playground) - - def _recursive_install_resources(self, node, model, client, parent): - """Install resources.""" - - client.add_resource(node, parent, parent == '') - for root, tree in model.iteritems(): - self._recursive_install_resources(root, tree, client, node) - - def _install_resources(self, model_view, client): - """Install resources.""" - for root, tree in model_view.iteritems(): - self._recursive_install_resources(root, tree, client, '') - - def _recursive_invert_membership(self, node, model, parentship): - """Invert declarative membership model mapping.""" - if node not in parentship: - parentship[node] = set() - for child in model.iterkeys(): - parentship[child].add(node) - for root, tree in model.iteritems(): - self._recursive_invert_membership(root, tree, parentship) - return parentship - - def _cyclic(self, graph): - """Returns true if the graph is cyclic.""" - path = set() - visited = set() - - def visit(vertex): - """Visit each node.""" - if vertex in visited: - return False - visited.add(vertex) - path.add(vertex) - for neighbour in graph.get(vertex, ()): - if neighbour in path or visit(neighbour): - return True - path.remove(vertex) - return False - - return any(visit(v) for v in graph) - - def _install_memberships(self, model_view, client): - """Install membership relation.""" - parent_relationship = defaultdict(set) - for root, tree in model_view.iteritems(): - self._recursive_invert_membership(root, tree, parent_relationship) - - if self._cyclic(parent_relationship): - raise Exception("Cyclic membership relation not supported!") - - installed_members = set() - while parent_relationship: - for child, parents in parent_relationship.iteritems(): - if parents.issubset(installed_members): - installed_members.add(child) - client.add_member(child, list(parents)) - parent_relationship.pop(child) - break - - def _install_roles(self, model_view, client): - """Install roles.""" - for role, permissions in model_view.iteritems(): - client.add_role(role, permissions) - - def _install_bindings(self, model_view, client): - """Install bindings.""" - for resource_name, bindings in model_view.iteritems(): - reply = client.get_iam_policy(resource_name) - if reply.policy.bindings: - raise Exception('policy should have been empty') - client.set_iam_policy( - resource_name, - {'bindings': bindings, 'etag': reply.policy.etag}) - - def _get_model_name_deterministic(self): - """Create deterministic sequence of names for models.""" - try: - self.counter += 1 - except AttributeError: - self.counter = 0 - finally: - return str(self.counter) - - def run(self, test_callback): - def callback_wrapper(client): - """Wrapping the client callback interface.""" - - reply = client.new_model( - source='EMPTY', - name=self._get_model_name_deterministic()) - client.switch_model(reply.model.handle) - self._install_model(self.model, client) - test_callback(client) - super(ModelTestRunner, self).run(callback_wrapper) diff --git a/tests/iam/api_tests/model_test.py b/tests/iam/api_tests/model_test.py deleted file mode 100644 index d67cdae254..0000000000 --- a/tests/iam/api_tests/model_test.py +++ /dev/null @@ -1,225 +0,0 @@ -# Copyright 2017 The Forseti Security Authors. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -"""Tests the IAM Explain model.""" - -import unittest - -from google.cloud.security.iam.explain.service import GrpcExplainerFactory -from google.cloud.security.iam.playground.service import GrpcPlaygrounderFactory -from google.cloud.security.iam.dao import ModelManager - -from tests.iam.api_tests.api_tester import ModelTestRunner, create_test_engine -from tests.unittest_utils import ForsetiTestCase - - -class TestServiceConfig(object): - """ServiceConfig stub.""" - def __init__(self): - engine = create_test_engine() - self.model_manager = ModelManager(engine) - - def run_in_background(self, function): - """Stub.""" - function() - return self - - -MODEL = { - 'resources': { - 'organization/org1': { - 'project/project1': { - 'bucket/bucket1': {}, - }, - 'project/project2': { - 'bucket/bucket2': {}, - 'vm/instance-1': {}, - }, - }, - }, - 'memberships': { - 'group/a': { - 'user/a': {}, - 'user/b': {}, - 'user/c': {}, - 'group/b': { - 'user/a': {}, - 'user/d': {}, - }, - }, - 'user/e': {}, - }, - 'roles': { - 'a': ['a', 'b', 'c', 'd', 'e'], - 'b': ['a', 'b', 'c'], - 'c': ['f', 'g', 'h'], - 'd': ['f', 'g', 'i'] - }, - 'bindings': { - 'organization/org1': { - 'b': ['group/a'], - }, - 'project/project2': { - 'a': ['group/b'], - }, - 'vm/instance-1': { - 'a': ['user/a'], - }, - }, - } - - -def create_tester(): - """Creates a model based test runner.""" - return ModelTestRunner(MODEL, - TestServiceConfig(), - [GrpcExplainerFactory, - GrpcPlaygrounderFactory]) - - -class ModelTest(ForsetiTestCase): - """Test based on declarative model.""" - - def setUp(self): - self.setup = create_tester() - - def test_check_policy(self): - """Test check policy.""" - - def test(client): - """Test implementation with API client.""" - self.assertTrue(client.playground.check_iam_policy( - 'vm/instance-1', - 'c', - 'user/d').result) - self.assertTrue(client.playground.check_iam_policy( - 'vm/instance-1', - 'e', - 'user/d').result) - self.assertTrue(client.playground.check_iam_policy( - 'vm/instance-1', - 'e', - 'user/a').result) - self.assertFalse(client.playground.check_iam_policy( - 'organization/org1', - 'e', - 'user/a').result) - self.assertFalse(client.playground.check_iam_policy( - 'project/project2', - 'e', - 'user/c').result) - self.assertFalse(client.playground.check_iam_policy( - 'vm/instance-1', - 'e', - 'user/c').result) - - self.setup.run(test) - - def test_query_role_permissions(self): - """Test query_role_permissions.""" - def test(client): - """Test implementation with API client.""" - response = client.explain.query_permissions_by_roles( - role_names=['a', 'b']) - self.assertTrue(len(response.permissionsbyroles) == 2) - for mapping in response.permissionsbyroles: - if mapping.role == 'a': - self.assertEquals( - set(mapping.permissions), - set(['a', 'b', 'c', 'd', 'e'])) - elif mapping.role == 'b': - self.assertEquals( - set(mapping.permissions), - set(['a', 'b', 'c'])) - self.setup.run(test) - - def test_query_access_by_resources(self): - """Test query_access_by_resources.""" - def test(client): - """Test implementation with API client.""" - response = client.explain.query_access_by_resources( - resource_name='project/project2', - permission_names=['a', 'c'], - expand_groups=True) - self.assertTrue(len(response.accesses) == 2) - for access in response.accesses: - if access.role == 'a': - self.assertEqual( - set(access.members), - set(['group/b', 'user/a', 'user/d'])) - elif access.role == 'b': - self.assertEqual( - set(access.members), - set(['group/a', - 'user/a', - 'user/b', - 'user/c', - 'user/d', - 'group/b'])) - self.setup.run(test) - - def test_query_access_by_members(self): - """Test query_access_by_members.""" - def test(client): - """Test implementation with API client.""" - response = client.explain.query_access_by_members( - 'group/a', - 'a', - expand_resources=True) - for access in response.accesses: - if access.role == 'b': - self.assertEqual(set(access.resources), - set([ - 'bucket/bucket1', - 'project/project1', - 'vm/instance-1', - 'bucket/bucket2', - 'project/project2', - 'organization/org1', - ])) - self.setup.run(test) - - def test_explain_granted(self): - """Test explain_granted.""" - def test(client): - """Test implementation with API client.""" - response = client.explain.explain_granted( - member_name='user/d', - resource_name='bucket/bucket2', - role='b') - self.assertTrue(response, 'Expected to get a grant explanation') - self.setup.run(test) - - def test_explain_denied(self): - """Test explain_denied.""" - def test(client): - """Test implementation with API client.""" - response = client.explain.explain_denied( - member_name='user/d', - resource_names=[ - 'bucket/bucket2'], - permission_names=['f', 'i']) - self.assertTrue(response, 'Expected to get a deny explanation') - - response = client.explain.explain_denied( - member_name='user/e', - resource_names=[ - 'bucket/bucket2'], - permission_names=['a']) - self.assertTrue(response, 'Expected to get a deny explanation') - self.setup.run(test) - - -if __name__ == '__main__': - unittest.main() diff --git a/tests/iam/api_tests/playground_test.py b/tests/iam/api_tests/playground_test.py deleted file mode 100644 index 296e4e90ac..0000000000 --- a/tests/iam/api_tests/playground_test.py +++ /dev/null @@ -1,146 +0,0 @@ -# Copyright 2017 The Forseti Security Authors. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -"""Tests the IAM Explain playground.""" - -import unittest - -from google.cloud.security.iam.explain.service import GrpcExplainerFactory -from google.cloud.security.iam.playground.service import GrpcPlaygrounderFactory -from google.cloud.security.iam.dao import ModelManager - -from tests.iam.api_tests.api_tester import ApiTestRunner, create_test_engine, cleanup -from tests.unittest_utils import ForsetiTestCase - - -class TestServiceConfig(object): - """ServiceConfig Stub.""" - def __init__(self): - engine = create_test_engine() - self.model_manager = ModelManager(engine) - - def run_in_background(self, function): - """Stub.""" - function() - return self - - -def create_tester(): - """Create API test runner.""" - return ApiTestRunner( - TestServiceConfig(), - [GrpcExplainerFactory, - GrpcPlaygrounderFactory]) - - -class ApiTest(ForsetiTestCase): - """Api Test.""" - - def setUp(self): - self.setup = create_tester() - - def has_no_models(self, client): - """Returns true iff the server has no model.""" - return self.has_n_models(client, 0) - - def has_n_models(self, client, number): - """Returns true iff the server has n models.""" - return len(client.list_models().models) == number - - def test_create_empty_model_and_delete(self): - """Test: Create empty model, then delete again.""" - def test(client): - """API test callback.""" - self.assertEquals( - len(client.list_models().models), - 0, - 'Expect no previous models') - model1 = client.new_model("EMPTY", name='model1').model.handle - model2 = client.new_model("EMPTY", name='model2').model.handle - - self.assertTrue(self.has_n_models(client, 2)) - client.delete_model(model1) - self.assertTrue(self.has_n_models(client, 1)) - client.delete_model(model2) - self.assertTrue(self.has_no_models(client)) - - self.setup.run(test) - - def test_create_empty_model(self): - """Test: create and empty model.""" - @cleanup - def test(client): - """API test callback.""" - self.assertEqual( - [m.handle for m in client.list_models().models], - [], - 'Expect no previous models') - client.new_model('EMPTY', 'test_model') - self.assertTrue( - self.has_n_models(client, 1), - 'One model must be created') - - self.setup.run(test) - - def test_create_and_list_members(self): - """Test: create and list members.""" - @cleanup - def test(client): - """API test callback.""" - reply = client.new_model('EMPTY', name='test1') - client.switch_model(reply.model.handle) - self.assertEqual( - len(client.playground.list_members("").member_names), - 0, - 'Expect no members in the empty model') - client.playground.add_member('user/user1') - self.assertEqual( - len(client.playground.list_members("").member_names), - 1, - 'Expect one members in the empty model') - client.playground.add_member('group/group1') - self.assertEqual( - len(client.playground.list_members("").member_names), - 2, - 'Expect two members in the empty model') - client.playground.add_member('user/user2', ['group/group1']) - self.assertEqual( - len(client.playground.list_members("").member_names), - 3, - 'Expect three members in the empty model') - self.assertEqual( - len(client.playground.list_members("user").member_names), - 2) - self.assertEqual( - len(client.playground.list_members("group").member_names), - 1) - client.playground.del_member('user/user1') - self.assertEqual( - len(client.playground.list_members("user").member_names), - 1) - self.assertEqual( - len(client.playground.list_members("group").member_names), - 1) - client.playground.del_member('group/group1') - client.playground.del_member('user/user2') - self.assertEqual( - len(client.playground.list_members("").member_names), - 0, - 'Expect no members in the empty model') - - self.setup.run(test) - - -if __name__ == '__main__': - unittest.main() diff --git a/tests/iam/cli_tests/__init__.py b/tests/iam/cli_tests/__init__.py deleted file mode 100644 index d613520105..0000000000 --- a/tests/iam/cli_tests/__init__.py +++ /dev/null @@ -1,15 +0,0 @@ -# Copyright 2017 The Forseti Security Authors. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -"""CLI Tests for IAM package.""" diff --git a/tests/iam/cli_tests/cli_test.py b/tests/iam/cli_tests/cli_test.py deleted file mode 100644 index 2c422e8986..0000000000 --- a/tests/iam/cli_tests/cli_test.py +++ /dev/null @@ -1,89 +0,0 @@ -# Copyright 2017 The Forseti Security Authors. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -""" Unit Tests: IAM Explain CLI. """ - -import shlex -import mock -import os -import unittest -from copy import copy -from argparse import ArgumentParser - -from tests.unittest_utils import ForsetiTestCase -from google.cloud.security.iam import cli - -CLIENT = mock.Mock() -CLIENT.playground = CLIENT -CLIENT.explainer = CLIENT - - -class ArgumentParserError(Exception): - pass - - -class MockArgumentParser(ArgumentParser): - def error(self, message): - raise ArgumentParserError(message) - - -def test_cmds(args): - def decorator(f): - def wrapper(*original_args): - original_args = list(original_args) - original_args.append(args) - return f(*original_args) - return wrapper - return decorator - - -class ImporterTest(ForsetiTestCase): - def setUp(self): - """Foo.""" - ForsetiTestCase.setUp(self) - self.orig_env = copy(os.environ) - os.environ['IAM_MODEL'] = 'da39a3ee5e6b4b0d3255bfef95601890afd80709' - - def tearDown(self): - """Bar.""" - os.environ = self.orig_env - ForsetiTestCase.tearDown(self) - - @test_cmds([ - ('explainer list_models', - CLIENT.explain.list_models, - [], - {}), - - ('playground list_members', - CLIENT.playground.list_members, - [''], - {}), - ]) - def test_cli(self, test_cases): - """Foo.""" - for commandline, client_func, func_args, func_kwargs in test_cases: - try: - args = shlex.split(commandline) - cli.main(args, CLIENT, parser_cls=MockArgumentParser) - client_func.assert_called_with(*func_args, **func_kwargs) - except ArgumentParserError as e: - self.fail('Argument parser failed on {}, {}'.format( - commandline, - e.message)) - - -if __name__ == '__main__': - unittest.main() - diff --git a/tests/iam/import_tests/__init__.py b/tests/iam/import_tests/__init__.py deleted file mode 100644 index 85ef1da3bc..0000000000 --- a/tests/iam/import_tests/__init__.py +++ /dev/null @@ -1,15 +0,0 @@ -# Copyright 2017 The Forseti Security Authors. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -"""Importer Tests for IAM package.""" diff --git a/tests/iam/import_tests/import_tester.py b/tests/iam/import_tests/import_tester.py deleted file mode 100644 index 03cc457a20..0000000000 --- a/tests/iam/import_tests/import_tester.py +++ /dev/null @@ -1,15 +0,0 @@ -# Copyright 2017 The Forseti Security Authors. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -""" Loading Forseti database examples for test setup. """ diff --git a/tests/iam/import_tests/importer_test.py b/tests/iam/import_tests/importer_test.py deleted file mode 100644 index c1ece06e6a..0000000000 --- a/tests/iam/import_tests/importer_test.py +++ /dev/null @@ -1,140 +0,0 @@ -# Copyright 2017 The Forseti Security Authors. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -""" Unit Tests: Importer for IAM Explain. """ - -import os -import unittest - -from tests.unittest_utils import ForsetiTestCase -from google.cloud.security.iam.dao import create_engine -from google.cloud.security.iam.dao import ModelManager -from google.cloud.security.iam.explain.importer import importer - - -class ServiceConfig(object): - """ - ServiceConfig is a helper class to implement dependency injection - to IAM Explain services. - """ - - def __init__(self, explain_connect_string, forseti_connect_string): - engine = create_engine(explain_connect_string, echo=False) - self.model_manager = ModelManager(engine) - self.forseti_connect_string = forseti_connect_string - - def run_in_background(self, function): - """Runs a function in a thread pool in the background.""" - return function() - - -def get_db_file_path(db_name): - module_dir = os.path.dirname(os.path.abspath(__file__)) - return os.path.join(module_dir, 'test_data', db_name) - - -class ImporterTest(ForsetiTestCase): - """Test importer based on database dump.""" - - def test_status_done_folder(self): - """Test if the status of the import is 'done'.""" - - EXPLAIN_CONNECT = 'sqlite:///:memory:' - FORSETI_CONNECT = 'sqlite:///{}'.format( - get_db_file_path('forseti_2_folder_policies.db')) - - self.service_config = ServiceConfig(EXPLAIN_CONNECT, - FORSETI_CONNECT) - self.source = 'FORSETI' - self.model_manager = self.service_config.model_manager - self.model_name = self.model_manager.create(name=self.source) - - scoped_session, data_access = self.model_manager.get(self.model_name) - with scoped_session as session: - - importer_cls = importer.by_source(self.source) - import_runner = importer_cls( - session, - self.model_manager.model(self.model_name, expunge=False), - data_access, - self.service_config) - import_runner.run() - - model = self.model_manager.model(self.model_name) - self.assertEqual(model.state, - 'PARTIAL_SUCCESS', - 'Model state should be set to PARTIAL_SUCCESS') - - def test_status_done_basic(self): - """Test if the status of the import is 'done'.""" - - EXPLAIN_CONNECT = 'sqlite:///:memory:' - FORSETI_CONNECT = 'sqlite:///{}'.format( - get_db_file_path('forseti_1_basic.db')) - - self.service_config = ServiceConfig(EXPLAIN_CONNECT, - FORSETI_CONNECT) - self.source = 'FORSETI' - self.model_manager = self.service_config.model_manager - self.model_name = self.model_manager.create(name=self.source) - - scoped_session, data_access = self.model_manager.get(self.model_name) - with scoped_session as session: - - importer_cls = importer.by_source(self.source) - import_runner = importer_cls( - session, - self.model_manager.model(self.model_name, expunge=False), - data_access, - self.service_config) - import_runner.run() - - model = self.model_manager.model(self.model_name) - self.assertEqual(model.state, - 'PARTIAL_SUCCESS', - 'Model state should be set to PARTIAL_SUCCESS') - - def test_missing_group_collection(self): - """Test if a missing group membership table is handled""" - EXPLAIN_CONNECT = 'sqlite:///:memory:' - FORSETI_CONNECT = 'sqlite:///{}'.format( - get_db_file_path('forseti_1_missing_groups.db')) - - self.service_config = ServiceConfig(EXPLAIN_CONNECT, - FORSETI_CONNECT) - self.source = 'FORSETI' - self.model_manager = self.service_config.model_manager - self.model_name = self.model_manager.create(name=self.source) - - scoped_session, data_access = self.model_manager.get(self.model_name) - with scoped_session as session: - - importer_cls = importer.by_source(self.source) - import_runner = importer_cls( - session, - self.model_manager.model(self.model_name, expunge=False), - data_access, - self.service_config) - import_runner.run() - - model = self.model_manager.model(self.model_name) - self.assertEqual(model.state, 'BROKEN', 'Model state should be BROKEN') - - error_msg = 'Did you enable Forseti group collection?' - self.assertTrue(error_msg in model.message) - - -if __name__ == '__main__': - unittest.main() - diff --git a/tests/iam/import_tests/test_data/forseti_1_basic.db b/tests/iam/import_tests/test_data/forseti_1_basic.db deleted file mode 100644 index 557af660d3..0000000000 Binary files a/tests/iam/import_tests/test_data/forseti_1_basic.db and /dev/null differ diff --git a/tests/iam/import_tests/test_data/forseti_1_missing_groups.db b/tests/iam/import_tests/test_data/forseti_1_missing_groups.db deleted file mode 100644 index 17e1be5e01..0000000000 Binary files a/tests/iam/import_tests/test_data/forseti_1_missing_groups.db and /dev/null differ diff --git a/tests/iam/import_tests/test_data/forseti_2_folder_policies.db b/tests/iam/import_tests/test_data/forseti_2_folder_policies.db deleted file mode 100644 index 2700061dc3..0000000000 Binary files a/tests/iam/import_tests/test_data/forseti_2_folder_policies.db and /dev/null differ diff --git a/tests/iam/unit_tests/__init__.py b/tests/iam/unit_tests/__init__.py deleted file mode 100755 index d7e1af62dc..0000000000 --- a/tests/iam/unit_tests/__init__.py +++ /dev/null @@ -1,15 +0,0 @@ -# Copyright 2017 The Forseti Security Authors. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -"""Unit Tests for IAM package.""" diff --git a/tests/iam/unit_tests/iam_dao_test.py b/tests/iam/unit_tests/iam_dao_test.py deleted file mode 100644 index 38a2032ab5..0000000000 --- a/tests/iam/unit_tests/iam_dao_test.py +++ /dev/null @@ -1,1129 +0,0 @@ -# Copyright 2017 The Forseti Security Authors. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -""" Unit Tests: Database abstraction objects for IAM Explain. """ - -from tests.unittest_utils import ForsetiTestCase -import uuid -import os -from collections import defaultdict -from sqlalchemy.orm.exc import NoResultFound -import unittest - -from google.cloud.security.iam.utils import full_to_type_name -from google.cloud.security.iam.dao import ModelManager, session_creator, create_engine -from google.cloud.security.common.util.threadpool import ThreadPool -from tests.iam.unit_tests.test_models import RESOURCE_EXPANSION_1, RESOURCE_EXPANSION_2,\ - MEMBER_TESTING_1, RESOURCE_PATH_TESTING_1, ROLES_PERMISSIONS_TESTING_1,\ - DENORMALIZATION_TESTING_1, ROLES_PREFIX_TESTING_1, MEMBER_TESTING_2,\ - MEMBER_TESTING_3, EXPLAIN_GRANTED_1, GROUP_IN_GROUP_TESTING_1,\ - ACCESS_BY_PERMISSIONS_1 -from tests.iam.unit_tests.model_tester import ModelCreator, ModelCreatorClient - - -def create_test_engine(): - tmpfile = '/tmp/{}.db'.format(uuid.uuid4()) - return create_engine('sqlite:///{}'.format(tmpfile)), tmpfile - - -class DaoTest(ForsetiTestCase): - """General data abstraction layer use case tests.""" - - def setUp(self): - """Setup.""" - pass - - def test_repr_dao_objects(self): - """Test __repr__ methods of dao objects.""" - _, data_access = session_creator('test') - data_access.TBL_BINDING(role_name='role').__repr__() - data_access.TBL_MEMBER(name='test', type='group').__repr__() - data_access.TBL_PERMISSION(name='permission').__repr__() - data_access.TBL_ROLE(name='role').__repr__() - data_access.TBL_RESOURCE(full_name='full_name', type='test').__repr__() - - def test_list_roles_by_prefix(self): - """Test list_roles_by_prefix.""" - session_maker, data_access = session_creator('test') - session = session_maker() - client = ModelCreatorClient(session, data_access) - _ = ModelCreator(ROLES_PREFIX_TESTING_1, client) - - expectations = { - '' : { - 'cloud.admin', - 'cloud.reader', - 'cloud.writer', - 'db.viewer', - 'db.writer' - }, - 'cloud' : { - 'cloud.admin', - 'cloud.reader', - 'cloud.writer', - }, - 'db' : { - 'db.viewer', - 'db.writer', - }, - 'admin' : set(), - } - - for prefix, expected_roles in expectations.iteritems(): - role_names = data_access.list_roles_by_prefix(session, prefix) - self.assertEqual(expected_roles, set(role_names)) - - def test_add_role_by_name(self): - """Test add_role_by_name.""" - session_maker, data_access = session_creator('test') - session = session_maker() - client = ModelCreatorClient(session, data_access) - _ = ModelCreator(ROLES_PREFIX_TESTING_1, client) - - # Check that initially nothing is found - res = data_access.list_roles_by_prefix(session, 'test') - self.assertEqual(set(), set(res)) - - # Add a new role - data_access.add_role_by_name(session, u'test_role', ['perm1']) - res = data_access.list_roles_by_prefix(session, 'test') - self.assertEqual(set([u'test_role']), set(res)) - - # Get role by permission to check it's queryable - res = data_access.get_roles_by_permission_names(session, ['perm1']) - res = [r.name for r in res] - self.assertEqual(set([u'test_role']), set(res)) - - def test_del_role_by_name(self): - """Test del_role_by_name.""" - session_maker, data_access = session_creator('test') - session = session_maker() - client = ModelCreatorClient(session, data_access) - _ = ModelCreator(ROLES_PREFIX_TESTING_1, client) - - # Check that initially nothing is found - res = data_access.list_roles_by_prefix(session, 'test') - self.assertEqual(set(), set(res)) - - # Add a new role - data_access.add_role_by_name(session, u'test_role', ['perm1']) - res = data_access.list_roles_by_prefix(session, 'test') - self.assertEqual(set([u'test_role']), set(res)) - - # Get role by permission to check it's queryable - res = data_access.get_roles_by_permission_names(session, ['perm1']) - res = [r.name for r in res] - self.assertEqual(set([u'test_role']), set(res)) - - # Delete the new role - data_access.del_role_by_name(session, u'test_role') - - # Get role by permission to check it's queryable - res = data_access.get_roles_by_permission_names(session, ['perm1']) - self.assertEqual(set(), set(res)) - - def test_add_group_member(self): - """Test add_group_member.""" - session_maker, data_access = session_creator('test') - session = session_maker() - client = ModelCreatorClient(session, data_access) - _ = ModelCreator(MEMBER_TESTING_2, client) - - memberships = { - 'user/t1' : ['group/g1'], - 'user/t2' : ['group/g2', 'group/g3'], - 'user/t3' : ['group/g3g2g1', 'group/g3'], - 'group/t4' : ['group/g3g2g1', 'group/g3'], - 'group/t5' : ['group/t4'], - 'user/t6' : ['group/t5','group/t4'], - } - - checks = { - 'user/t1' : ['group/g1'], - 'user/t2' : ['group/g2', 'group/g3'], - 'user/t3' : ['group/g3g2'], - 'group/t5': ['group/g3g2'], - } - - for member, parents in memberships.iteritems(): - data_access.add_group_member(session, member, parents) - - for member, groups in checks.iteritems(): - res = data_access.reverse_expand_members(session, [member]) - res = [m.name for m in res] - for group in groups: - self.assertTrue(group in res) - - def test_del_group_member(self): - """Test del_group_member.""" - session_maker, data_access = session_creator('test') - session = session_maker() - client = ModelCreatorClient(session, data_access) - _ = ModelCreator(MEMBER_TESTING_2, client) - - # Check that the ancestor relationship is existing - ancestors = data_access.reverse_expand_members(session, ['group/g3g2g1']) - ancestors = [m.name for m in ancestors] - for group in ['group/g3', 'group/g3g2', 'group/g2']: - self.assertTrue(group in ancestors) - - # Delete membership with group/g3g2 - data_access.del_group_member(session, 'group/g3g2g1', 'group/g3g2', True) - - # Check that the ancestor relationship is existing - ancestors = data_access.reverse_expand_members(session, ['group/g3g2g1']) - ancestors = [m.name for m in ancestors] - for group in ['group/g2']: - self.assertTrue(group in ancestors) - for group in ['group/g3', 'group/g3g2']: - self.assertTrue(group not in ancestors) - - # Delete membership with group/g3g2 - data_access.del_group_member(session, 'group/g3g2g1', 'group/g2', True) - self.assertTrue(1 == len(data_access.reverse_expand_members(session, ['group/g3g2g1']))) - - # Delete the group - data_access.del_group_member(session, 'group/g3g2g1', '', False) - self.assertTrue(0 == len(data_access.reverse_expand_members(session, ['group/g3g2g1']))) - - # Create a new model for immediate group deletion - session_maker, data_access = session_creator('test') - session = session_maker() - client = ModelCreatorClient(session, data_access) - _ = ModelCreator(MEMBER_TESTING_2, client) - # Delete the group - data_access.del_group_member(session, 'group/g3g2g1', '', False) - self.assertTrue(0 == len(data_access.reverse_expand_members(session, ['group/g3g2g1']))) - - def test_list_group_members(self): - """Test listing of group members.""" - session_maker, data_access = session_creator('test') - session = session_maker() - client = ModelCreatorClient(session, data_access) - _ = ModelCreator(MEMBER_TESTING_2, client) - - all_member_names = data_access.list_group_members(session, '') - checks = {u'group/g1', - u'group/g2', - u'group/g3', - u'user/u1', - u'user/u2', - u'group/g3g2', - u'group/g3g2g1' - } - - for check in checks: - self.assertTrue(check in all_member_names) - - def test_list_resources_by_prefix(self): - """Test listing of resources.""" - session_maker, data_access = session_creator('test') - session = session_maker() - client = ModelCreatorClient(session, data_access) - _ = ModelCreator(RESOURCE_EXPANSION_1, client) - - check_resources = {u'r/res{}'.format(i) for i in range(1, 9)} - resources = data_access.list_resources_by_prefix(session, name_prefix='') - resource_type_names = [r.type_name for r in resources] - self.assertEqual(check_resources, set(resource_type_names)) - - resources = data_access.list_resources_by_prefix(session, name_prefix='res8') - resource_type_names = [r.type_name for r in resources] - self.assertEqual(set([u'r/res8']), set(resource_type_names)) - - resources = data_access.list_resources_by_prefix(session, name_prefix='res89') - resource_type_names = [r.type_name for r in resources] - self.assertEqual(set(), set(resource_type_names)) - - def test_del_resource_by_name(self): - """Test del_resource_by_name.""" - session_maker, data_access = session_creator('test') - session = session_maker() - client = ModelCreatorClient(session, data_access) - _ = ModelCreator(RESOURCE_EXPANSION_1, client) - - self.assertTrue(8 == len(data_access.list_resources_by_prefix(session, ''))) - data_access.del_resource_by_name(session, 'r/res8') - self.assertTrue(7 == len(data_access.list_resources_by_prefix(session, ''))) - data_access.del_resource_by_name(session, 'r/res6') - self.assertTrue(5 == len(data_access.list_resources_by_prefix(session, ''))) - data_access.del_resource_by_name(session, 'r/res2') - self.assertTrue(4 == len(data_access.list_resources_by_prefix(session, ''))) - data_access.del_resource_by_name(session, 'r/res1') - self.assertTrue(0 == len(data_access.list_resources_by_prefix(session, ''))) - - def test_add_resource_by_name(self): - """Test add_resource_by_name.""" - session_maker, data_access = session_creator('test') - session = session_maker() - client = ModelCreatorClient(session, data_access) - _ = ModelCreator(RESOURCE_EXPANSION_1, client) - - data_access.add_resource_by_name(session, 'r/res9', 'r/res1', False) - data_access.add_resource_by_name(session, 'r/res10', 'r/res9', False) - data_access.add_resource_by_name(session, 'r/res11', 'r/res3', False) - - self.assertRaises(NoResultFound, - lambda : data_access.add_resource_by_name( - session, 'r/res14', 'r/res13', False)) - self.assertTrue(11 == len(data_access.list_resources_by_prefix( - session, ''))) - - def test_reverse_expand_members(self): - session_maker, data_access = session_creator('test') - session = session_maker() - client = ModelCreatorClient(session, data_access) - _ = ModelCreator(MEMBER_TESTING_2, client) - - members = data_access.reverse_expand_members(session, - ['group/g2','group/g3']) - - members = set([m.name for m in members]) - self.assertEqual(set([u'group/g2', u'group/g3']), members) - - members = data_access.reverse_expand_members(session, - ['group/g3g2g1']) - members = set([m.name for m in members]) - self.assertEqual(set([ - u'group/g3', - u'group/g3g2', - u'group/g3g2g1', - u'group/g2']), members) - - members = data_access.reverse_expand_members(session, - ['group/g3g2g1', 'group/g1']) - members = set([m.name for m in members]) - self.assertEqual(set([ - u'group/g3', - u'group/g3g2', - u'group/g3g2g1', - u'group/g2', - u'group/g1']), members) - - members = data_access.reverse_expand_members(session, - ['group/g1']) - members = set([m.name for m in members]) - self.assertEqual(set([ - u'group/g1']), members) - - def test_expand_members(self): - """Test expand_members.""" - session_maker, data_access = session_creator('test') - session = session_maker() - client = ModelCreatorClient(session, data_access) - _ = ModelCreator(MEMBER_TESTING_2, client) - - members = data_access.expand_members(session, ['group/g1', 'group/g3']) - members = set([m.name for m in members]) - - self.assertEqual(set([ - u'group/g1', - u'group/g3', - u'group/g3g2', - u'group/g3g2g1' - ]), members) - - members = data_access.expand_members(session, ['group/g1', 'group/g2']) - members = set([m.name for m in members]) - - self.assertEqual(set([ - u'group/g1', - u'group/g2', - u'group/g3g2g1' - ]), members) - - def test_expand_members_map(self): - """Test expand_members_map.""" - session_maker, data_access = session_creator('test') - session = session_maker() - client = ModelCreatorClient(session, data_access) - _ = ModelCreator(MEMBER_TESTING_3, client) - - members_map = data_access.expand_members_map(session, ['group/g1']) - self.assertEqual(set([ - u'group/g1', - u'group/g1g1', - u'user/g1g1u1', - u'user/g1g1u2', - u'user/g1g1u3', - ]), members_map[u'group/g1']) - - def test_explain_granted(self): - """Test explain_granted.""" - session_maker, data_access = session_creator('test') - session = session_maker() - client = ModelCreatorClient(session, data_access) - _ = ModelCreator(EXPLAIN_GRANTED_1, client) - - callable = lambda: data_access.explain_granted(session, 'user/u3', 'r/res1', 'admin', None) - self.assertRaises(Exception, callable) - callable = lambda: data_access.explain_granted(session, 'user/u3', 'r/res1', None, 'delete') - self.assertRaises(Exception, callable) - - check_1 = { - 'parameters' : ('user/u3', 'r/res4', None, 'read'), - 'bindings' : [ - ('r/res1', 'viewer', 'group/g1'), - ('r/res3', 'viewer', 'group/g1'), - ('r/res3', 'writer', 'group/g3'), - ], - - 'member_graph' : { - 'user/u3' : set(['group/g3g1','group/g2','group/g1']), - 'group/g3g1' : set(['group/g3']), - }, - - 'ancestors' : [ - 'r/res4', - 'r/res3', - 'r/res1' - ] - } - - check_2 = { - 'parameters' : ('user/u4', 'r/res4', None, 'write'), - 'bindings' : [ - ('r/res3', 'writer', 'group/g3'), - ], - 'member_graph' : { - 'user/u4' : set(['group/g3g1']), - 'group/g3g1' : set(['group/g3']), - }, - 'ancestors' : [ - 'r/res4', - 'r/res3', - 'r/res1' - ] - } - - check_3 = { - 'parameters': ('user/u1', 'r/res1', 'admin', None), - 'bindings': [ - ('r/res1', 'admin', 'user/u1'), - ], - 'member_graph': { - 'user/u1': set([]), - }, - 'ancestors': [ - 'r/res1', - ] - } - - def test_scenario(checks): - """Test a declarative explanation scenario.""" - user, resource, role, permission = checks['parameters'] - explanation = data_access.explain_granted(session, - user, - resource, - role, - permission) - bindings, graph, ancestors = explanation - bindings = checks['bindings'] - member_graph = checks['member_graph'] - check_ancestors = checks['ancestors'] - for check in bindings: - self.assertTrue(check in bindings) - self.assertEqual(set(member_graph.keys()), set(graph.keys())) - for key, value in member_graph.iteritems(): - self.assertEqual(value, graph[key]) - self.assertEqual(check_ancestors, ancestors) - - test_scenario(check_1) - test_scenario(check_2) - test_scenario(check_3) - - def test_explain_denied(self): - """Test explain_denied.""" - session_maker, data_access = session_creator('test') - session = session_maker() - client = ModelCreatorClient(session, data_access) - _ = ModelCreator(EXPLAIN_GRANTED_1, client) - - def explain_denied(member_name, resource_names, - permission_names, role_names): - """data_access.explain_denied wrapper.""" - return data_access.explain_denied(session, - member_name, - resource_names, - permission_names, - role_names) - - explanation = explain_denied('user/u4', - ['r/res2', - 'r/res3'], - ['delete'], - None) - expectation = [ - (0, [(u'admin', u'user/u4', u'r/res1')]), - ] - self.assertEqual(expectation, explanation) - - explanation = explain_denied('user/u2', - ['r/res4'], - ['read'], - None) - expectation = [ - (2, [(u'admin', u'user/u2', u'r/res1')]), - (2, [(u'viewer', u'user/u2', u'r/res1')]), - (2, [(u'writer', u'user/u2', u'r/res1')]), - (1, [(u'admin', u'user/u2', u'r/res3')]), - (1, [(u'viewer', u'user/u2', u'r/res3')]), - (1, [(u'writer', u'user/u2', u'r/res3')]), - (0, [(u'admin', u'user/u2', u'r/res4')]), - (0, [(u'viewer', u'user/u2', u'r/res4')]), - (0, [(u'writer', u'user/u2', u'r/res4')]), - (0, [(u'admin', u'group/g2', u'r/res4')]), - (2, [(u'viewer', u'group/g1', u'r/res1')]), - (1, [(u'viewer', u'group/g1', u'r/res3')]), - (1, [(u'writer', u'group/g3', u'r/res3')]) - ] - - self.assertEqual(len(expectation), len(explanation)) - for item in expectation: - self.assertIn(item, explanation) - - def test_denorm_group_in_group(self): - """Test group_in_group denormalization.""" - session_maker, data_access = session_creator('test') - session = session_maker() - client = ModelCreatorClient(session, data_access) - _ = ModelCreator(GROUP_IN_GROUP_TESTING_1, client) - - iterations = data_access.denorm_group_in_group(session) - self.assertEqual(iterations, - 4, - 'Denormalization should have taken 4 iterations.') - - expected = [ - (u'group/g2', u'group/g2g1'), - (u'group/g3', u'group/g1'), - (u'group/g3', u'group/g2'), - (u'group/g4', u'group/g1'), - (u'group/g4', u'group/g3'), - (u'group/g5', u'group/g4'), - (u'group/g6', u'group/g5'), - (u'group/g7', u'group/g6'), - ] - - def transitive_closure(expected): - relation = set() - for item in expected: - relation.add(item) - size = 0 - while size < len(relation): - size = len(relation) - to_add = set() - for p1, g1 in relation: - for p2, g2 in relation: - if p2 == g1: - to_add.add((p1, g2)) - for item in to_add: - relation = relation.union(to_add) - return relation - expected = transitive_closure(expected) - - entries = session.query(data_access.TBL_GROUP_IN_GROUP).all() - denormed_set = set([(i.parent, i.member) for i in entries]) - self.assertEqual( - expected, - denormed_set, - 'Denormalized should be equivalent to transitive closure') - - def test_query_access_by_permission(self): - """Test query_access_by_permission.""" - session_maker, data_access = session_creator('test') - session = session_maker() - client = ModelCreatorClient(session, data_access) - _ = ModelCreator(ACCESS_BY_PERMISSIONS_1, client) - - # Query by role - expected_by_role = { - 'viewer': [ - (u'r/res1', set([u'group/g1'])), - (u'r/res2', set([u'group/g1'])), - (u'r/res3', set([u'group/g1', u'group/g3'])), - ], - 'admin': [ - (u'r/res1', set([u'user/u1'])), - (u'r/res4', set([u'group/g2'])), - ], - 'writer': [ - (u'r/res3', set([u'group/g3'])), - ], - } - - for role, access in expected_by_role.iteritems(): - result = [r for r in ( - data_access.query_access_by_permission(session, role))] - for item in result: - _, acc_res, acc_members = item - if not (acc_res, acc_members) in access: - print '{}, {}'.format((acc_res, acc_members), access) - self.assertIn((acc_res, acc_members), access, - 'Should find access in expected') - - # Query by permission - expected_by_permission = { - 'readonly': [ - (u'r/res1', set([u'group/g1'])), - (u'r/res2', set([u'group/g1'])), - (u'r/res3', set([u'group/g1', u'group/g3'])), - ], - 'delete': [ - (u'r/res1', set([u'user/u1'])), - (u'r/res4', set([u'group/g2'])), - ], - 'writeonly': [ - (u'r/res3', set([u'group/g3'])), - ], - } - - for perm, access in expected_by_permission.iteritems(): - result = [r for r in ( - data_access.query_access_by_permission(session, - permission_name=perm))] - for item in result: - _, acc_res, acc_members = item - if not (acc_res, acc_members) in access: - print '{}, {}'.format((acc_res, acc_members), access) - self.assertIn((acc_res, acc_members), access, - 'Should find access in expected') - - # Test the source expansion - expected_by_permission = { - 'delete': [ - (u'r/res1', set([u'user/u1'])), - (u'r/res2', set([u'user/u1'])), - (u'r/res3', set([u'user/u1'])), - (u'r/res4', set([u'user/u1'])), - (u'r/res4', set([u'group/g2'])), - ], - } - - for perm, access in expected_by_permission.iteritems(): - result = [r for r in ( - data_access.query_access_by_permission(session, - permission_name=perm, - expand_resources=True))] - for item in result: - _, acc_res, acc_members = item - if not (acc_res, acc_members) in access: - print '{}, {}'.format((acc_res, acc_members), access) - self.assertIn((acc_res, acc_members), access, - 'Should find access in expected') - - - # Test the group expansion - expected_by_permission = { - 'delete': [ - (u'r/res1', set([u'user/u1'])), - (u'r/res4', set([u'user/u3', - u'user/u4', - u'group/g2'])), - ], - } - - for perm, access in expected_by_permission.iteritems(): - result = [r for r in ( - data_access.query_access_by_permission( - session, - permission_name=perm, - expand_groups=True, - expand_resources=False))] - - for item in result: - _, acc_res, acc_members = item - self.assertIn((acc_res, acc_members), access, - 'Should find access in expected') - - def test_query_access_by_member(self): - """Test query_access_by_member.""" - session_maker, data_access = session_creator('test') - session = session_maker() - client = ModelCreatorClient(session, data_access) - _ = ModelCreator(DENORMALIZATION_TESTING_1, client) - - checks = [ - ('user/u1', [u'a'], False, {u'r/res3', u'r/res1'}), - ('user/u2', [u'a'], False, {u'r/res2'}), - ('user/g2g1u1', [u'a'], False, {u'r/res3'}), - ('user/g2u1', [u'a'], False, {u'r/res3'}), - ('user/u1', [u'a'], True, {u'r/res1', u'r/res2', u'r/res3'}), - ('user/u1', [u'b'], True, {u'r/res2', u'r/res3'}), - ] - - for user, permissions, expansion, expected_result in checks: - result = data_access.query_access_by_member(session, - user, - permissions, - expansion) - mapping = defaultdict(set) - for role, resources in result: - for resource in resources: - mapping[role].add(resource) - self.assertEqual(expected_result, mapping[permissions[0]]) - - def test_query_access_by_resource(self): - """Test query_access_by_resource.""" - session_maker, data_access = session_creator('test') - session = session_maker() - client = ModelCreatorClient(session, data_access) - _ = ModelCreator(DENORMALIZATION_TESTING_1, client) - - checks = [ - ('r/res1', ['a'], False, [u'group/g1', - u'user/u1']), - - ('r/res2', ['a'], False, [u'group/g1', - u'user/u1', - u'user/u2']), - - ('r/res3', ['a'], False, [u'group/g1', - u'user/u1', - u'user/u2', - u'group/g2']), - - ('r/res3', ['a'], True, [u'group/g1', - u'user/u1', - u'user/u2', - u'group/g2', - u'user/g2u1', - u'group/g2g1', - u'user/g2g1u1']) - ] - - for resource, permissions, expansion, members in checks: - res = data_access.query_access_by_resource( - session, - resource, - permission_names=permissions, - expand_groups=expansion) - self.assertEqual(set(members), set(res[permissions[0]])) - - def test_query_permissions_by_roles(self): - """Test query_permissions_by_roles.""" - session_maker, data_access = session_creator('test') - session = session_maker() - client = ModelCreatorClient(session, data_access) - _ = ModelCreator(ROLES_PERMISSIONS_TESTING_1, client) - - prefix_checks = [ - ([''], ['a','b','c','d','e','f']), - (['f'], ['a']), - ] - name_checks = [ - (['h','g'], ['a','c','e','b','d','f']), - (['f'], ['a']), - (['e'], ['a','b']), - (['d','e'], ['a','b','c']), - ] - - for prefixes, expectations in prefix_checks: - res = data_access.query_permissions_by_roles( - session, - role_names=[], - role_prefixes=prefixes) - mapping = defaultdict(set) - all_set = set() - for role, permission in res: - mapping[role.name].add(permission.name) - all_set.add(permission.name) - self.assertEqual(set(expectations), all_set) - - for names, expectations in name_checks: - res = data_access.query_permissions_by_roles( - session, - role_names=names, - role_prefixes=[]) - mapping = defaultdict(set) - all_set = set() - for role, permission in res: - mapping[role.name].add(permission.name) - all_set.add(permission.name) - self.assertEqual(set(expectations), all_set) - - def test_set_iam_policy(self): - """Test check_iam_policy.""" - session_maker, data_access = session_creator('test',None,None,False) - session = session_maker() - client = ModelCreatorClient(session, data_access) - _ = ModelCreator(EXPLAIN_GRANTED_1, client) - - set_policy = data_access.set_iam_policy - get_policy = data_access.get_iam_policy - - callable = lambda: set_policy(session, 'r/res1', { - 'bindings' :{}, 'etag':'somehash', - }) - self.assertRaises(Exception, callable) - - policy = get_policy(session, 'r/res1') - self.assertNotEqual(set([u'user/u1',u'group/g2']), - set(policy['bindings']['viewer'])) - - policy = get_policy(session, 'r/res1') - policy['bindings']['viewer'] = ['user/u1','group/g2'] - set_policy(session, 'r/res1', policy) - - policy = get_policy(session, 'r/res1') - self.assertEqual(set([u'user/u1',u'group/g2']), - set(policy['bindings']['viewer'])) - - resource = 'r/res4' - policy = get_policy(session, resource) - self.assertEqual(set([u'group/g2']), - set(policy['bindings']['admin'])) - policy['bindings']['writer'] = ['user/u3','user/u4'] - set_policy(session, resource, policy) - policy = get_policy(session, resource) - self.assertEqual(set([u'user/u3',u'user/u4']), - set(policy['bindings']['writer'])) - - - def test_get_iam_policy(self): - """Test check_iam_policy.""" - session_maker, data_access = session_creator('test',None,None,False) - session = session_maker() - client = ModelCreatorClient(session, data_access) - _ = ModelCreator(EXPLAIN_GRANTED_1, client) - - checks = ( - ('r/res1', { - u'viewer' : [u'group/g1'], - u'admin' : [u'user/u1'], - }), - ('r/res2', { - u'viewer' : [u'group/g1'], - }), - ('r/res3', { - u'viewer' : [u'group/g1'], - u'writer' : [u'group/g3'], - }), - ('r/res4', { - u'admin' : [u'group/g2'], - }) - ) - - f = data_access.get_iam_policy - for resource, policy_expected in checks: - res = f(session, resource) - self.assertEqual(policy_expected, res['bindings']) - self.assertIn('etag', res, 'Etag must be in policy') - self.assertEqual(resource, res['resource']) - - def test_check_iam_policy(self): - """Test check_iam_policy.""" - session_maker, data_access = session_creator('test',None,None,False) - session = session_maker() - client = ModelCreatorClient(session, data_access) - _ = ModelCreator(EXPLAIN_GRANTED_1, client) - - checks = [ - ('r/res1', 'read', 'user/u1', True), - ('r/res1', 'list', 'user/u1', True), - ('r/res1', 'write', 'user/u1', True), - ('r/res1', 'delete', 'user/u1', True), - - ('r/res1', 'read', 'user/u3', True), - ('r/res1', 'list', 'user/u3', True), - ('r/res1', 'write', 'user/u3', False), - ('r/res1', 'delete', 'user/u3', False), - - ('r/res4', 'read', 'user/u3', True), - ('r/res4', 'list', 'user/u3', True), - ('r/res4', 'write', 'user/u3', True), - ('r/res4', 'delete', 'user/u3', True), - - ('r/res3', 'read', 'user/u4', True), - ('r/res3', 'list', 'user/u4', True), - ('r/res3', 'write', 'user/u4', True), - ('r/res3', 'delete', 'user/u4', False), - - ('r/res2', 'read', 'user/u4', False), - ('r/res2', 'list', 'user/u4', False), - ('r/res2', 'write', 'user/u4', False), - ('r/res2', 'delete', 'user/u4', False), - ] - - f = data_access.check_iam_policy - for frn, perm, member, expectation in checks: - if expectation: - self.assertTrue(f(session, frn, perm, member)) - else: - self.assertFalse(f(session, frn, perm, member)) - - def test_denormalize(self): - """Test denormalization.""" - session_maker, data_access = session_creator('test', None, None, False) - session = session_maker() - client = ModelCreatorClient(session, data_access) - _ = ModelCreator(DENORMALIZATION_TESTING_1, client) - - denormalization_expected_1 = set([ - ('a', 'r/res3', 'user/u1'), - ('a', 'r/res3', 'group/g2'), - ('a', 'r/res3', 'user/g2u1'), - ('a', 'r/res3', 'group/g2g1'), - ('a', 'r/res3', 'user/g2g1u1'), - - ('a', 'r/res2', 'user/u2'), - ('a', 'r/res3', 'user/u2'), - - ('a', 'r/res1', 'group/g1'), - ('a', 'r/res2', 'group/g1'), - ('a', 'r/res3', 'group/g1'), - ('a', 'r/res1', 'user/u1'), - ('a', 'r/res2', 'user/u1'), - ('a', 'r/res3', 'user/u1'), - - ('b', 'r/res2', 'user/u1'), - ('b', 'r/res2', 'user/u2'), - ('b', 'r/res3', 'user/u1'), - ('b', 'r/res3', 'user/u2'), - ]) - - triples = set() - for perm, res, member in data_access.denormalize(session): - triples.add((perm, res, member)) - self.assertEqual(denormalization_expected_1, triples) - - def test_get_roles_by_permission_names(self): - session_maker, data_access = session_creator('test') - session = session_maker() - client = ModelCreatorClient(session, data_access) - _ = ModelCreator(ROLES_PERMISSIONS_TESTING_1, client) - - tests = [ - ({'a'}, {'a','b','c','d','e','f','g'}), - ({'a','b'}, {'a','b','c','d','e'}), - ({'a','b','c'}, {'a','b','c','d'}), - ({'a','c','e'}, {'a','b','g'}), - ({'b','d','f'}, {'a','h'}), - ({'a','c','d'}, {'a','b','c'}), - (set(), {'a','b','c','d','e','f','g','h'}), - ] - - for permissions, expected_roles in tests: - roles = data_access.get_roles_by_permission_names(session, permissions) - role_names = [str(r.name) for r in roles] - self.assertEqual(expected_roles, set(role_names)) - - def test_add_member(self): - session_maker, data_access = session_creator('test') - session = session_maker() - data_access.add_member(session, 'user/u1') - data_access.add_member(session, 'user/u2') - data_access.add_member(session, 'user/u3') - data_access.add_member(session, 'user/u4') - data_access.add_member(session, 'group/g1') - data_access.add_member(session, 'group/g2') - data_access.add_member(session, 'group/g3') - data_access.add_member(session, 'group/g4') - data_access.add_member(session, 'user/u5', ['group/g1', 'group/g2']) - data_access.add_member(session, 'user/u6', ['group/g1', 'group/g2', 'group/g3']) - - data_access.get_member(session, 'user/u1') - data_access.get_member(session, 'user/u2') - data_access.get_member(session, 'user/u3') - data_access.get_member(session, 'user/u4') - data_access.get_member(session, 'user/u5') - data_access.get_member(session, 'user/u6') - - # Find existing users - self.assertTrue(1 == len(data_access.get_member(session, 'user/u1'))) - self.assertTrue(1 == len(data_access.get_member(session, 'user/u2'))) - self.assertTrue(1 == len(data_access.get_member(session, 'user/u3'))) - self.assertTrue(1 == len(data_access.get_member(session, 'user/u4'))) - self.assertTrue(1 == len(data_access.get_member(session, 'user/u5'))) - self.assertTrue(1 == len(data_access.get_member(session, 'user/u6'))) - - # Find existing groups - self.assertTrue(1 == len(data_access.get_member(session, 'group/g1'))) - self.assertTrue(1 == len(data_access.get_member(session, 'group/g2'))) - self.assertTrue(1 == len(data_access.get_member(session, 'group/g3'))) - - # Check names as well - self.assertEquals('group/g1', data_access.get_member(session, 'group/g1')[0].name) - self.assertEquals('user/u1', data_access.get_member(session, 'user/u1')[0].name) - self.assertEquals('user/u6', data_access.get_member(session, 'user/u6')[0].name) - - # Non-existing users should not be found - self.assertTrue(0 == len(data_access.get_member(session, 'group/g5'))) - self.assertTrue(0 == len(data_access.get_member(session, 'user/u7'))) - - def test_resource_ancestors(self): - session_maker, data_access = session_creator('test') - session = session_maker() - client = ModelCreatorClient(session, data_access) - _ = ModelCreator(RESOURCE_PATH_TESTING_1, client) - - tests = [ - [u'r/r1', - u'r/r1r3', - u'r/r1r3r1', - u'r/r1r3r1r1'], - - [u'r/r1'], - - [u'r/r1', - u'r/r1r3', - u'r/r1r3r1'], - - [u'r/r1', - u'r/r1r5', - u'r/r1r6r1', - u'r/r1r6r1r1', - u'r/r1r6r1r1r1'], - ] - - # parent, set(child) relation - test_resources = [chain[-1] for chain in tests] - graph = data_access.resource_ancestors(session, test_resources) - for chain in tests: - for i in range(0, len(chain)-1): - parent = chain[i] - child = chain[i+1] - self.assertTrue(child in graph[parent]) - - def test_find_resource_path(self): - session_maker, data_access = session_creator('test') - session = session_maker() - client = ModelCreatorClient(session, data_access) - created_model = ModelCreator(RESOURCE_PATH_TESTING_1, client) - - tests = { - u'r/r1r3r1r1' : - {u'r/r1',u'r/r1r3',u'r/r1r3r1',u'r/r1r3r1r1'}, - u'r/r1' : - {u'r/r1'}, - u'r/r1r3r1' : - {u'r/r1',u'r/r1r3',u'r/r1r3r1'}, - u'r/r1r6r1r1r1' : - {u'r/r1r6r1r1r1', u'r/r1r6r1r1', u'r/r1r6r1', - u'r/r1r5',u'r/r1'}, - } - - for test_val, comparison in tests.iteritems(): - result = [r.type_name for r in data_access.find_resource_path(session, test_val)] - self.assertEqual(comparison, set(result)) - - def test_get_member(self): - session_maker, data_access = session_creator('test') - session = session_maker() - client = ModelCreatorClient(session, data_access) - created_model = ModelCreator(MEMBER_TESTING_1, client) - - # Find existing users - self.assertTrue(1 == len(data_access.get_member(session, 'user/g1g1u1'))) - self.assertTrue(1 == len(data_access.get_member(session, 'user/g2u1'))) - self.assertTrue(1 == len(data_access.get_member(session, 'user/g2u2'))) - self.assertTrue(1 == len(data_access.get_member(session, 'user/g2u3'))) - self.assertTrue(1 == len(data_access.get_member(session, 'user/g3u1'))) - self.assertTrue(1 == len(data_access.get_member(session, 'user/g3u2'))) - self.assertTrue(1 == len(data_access.get_member(session, 'user/g3u3'))) - self.assertTrue(1 == len(data_access.get_member(session, 'user/g3g1u1'))) - self.assertTrue(1 == len(data_access.get_member(session, 'user/g3g1u2'))) - self.assertTrue(1 == len(data_access.get_member(session, 'user/g3g1u3'))) - - # Find existing groups - self.assertTrue(1 == len(data_access.get_member(session, 'group/g1'))) - self.assertTrue(1 == len(data_access.get_member(session, 'group/g2'))) - self.assertTrue(1 == len(data_access.get_member(session, 'group/g3'))) - self.assertTrue(1 == len(data_access.get_member(session, 'group/g1g1'))) - self.assertTrue(1 == len(data_access.get_member(session, 'group/g3g1'))) - - # Check names as well - self.assertEquals('group/g1', data_access.get_member(session, 'group/g1')[0].name) - self.assertEquals('user/g3g1u2', data_access.get_member(session, 'user/g3g1u2')[0].name) - self.assertEquals('user/g2u3', data_access.get_member(session, 'user/g2u3')[0].name) - - # Non-existing users should not be found - self.assertTrue(0 == len(data_access.get_member(session, 'group/g4'))) - self.assertTrue(0 == len(data_access.get_member(session, 'user/u5'))) - - def test_expand_resources_1(self): - session_maker, data_access = session_creator('test') - session = session_maker() - client = ModelCreatorClient(session, data_access) - created_model = ModelCreator(RESOURCE_EXPANSION_1, client) - - self.assertEqual(set(['res{}'.format(i) for i in range(1,9)]), - set([r.name for r in session.query(data_access.TBL_RESOURCE).all()]), - 'Expecting all resources to be added to the database') - - - def expand(resource): - return ['/'.join(i.split('/')[-2:]) for i in data_access.expand_resources_by_names(session, [resource])] - - self.assertEqual(set(expand('r/res1')), - set([u'r/res{}'.format(i) for i in range(1,9)]), - 'Expecting expansion of res1 to comprise all resources') - self.assertEqual(set(expand('r/res2')), - set([u'r/res2']), - 'Expecting expansion of res2 to comprise res2') - self.assertEqual(set(expand('r/res3')), - set([u'r/res3']), - 'Expecting expansion of res3 to comprise res3') - self.assertEqual(set(expand('r/res4')), - set([u'r/res4']), - 'Expecting expansion of res4 to comprise res4') - self.assertEqual(set(expand('r/res5')), - set([u'r/res5',u'r/res6',u'r/res7',u'r/res8']), - 'Expecting expansion of res5 to comprise res{5,6,7,8}') - self.assertEqual(set(expand('r/res5')), - set([u'r/res5',u'r/res6',u'r/res7',u'r/res8']), - 'Expecting expansion of res5 to comprise res{5,6,7,8}') - self.assertEqual(set(expand('r/res6')), - set([u'r/res6',u'r/res7',u'r/res8']), - 'Expecting expansion of res6 to comprise res{6,7,8}') - self.assertEqual(set(expand('r/res7')), - set([u'r/res7']), - 'Expecting expansion of res7 to comprise res7') - self.assertEqual(set(expand('r/res8')), - set([u'r/res8']), - 'Expecting expansion of res8 to comprise res8') - - def test_expand_resources_2(self): - """Expand resource tree.""" - session_maker, data_access = session_creator('test') - session = session_maker() - client = ModelCreatorClient(session, data_access) - created_model = ModelCreator(RESOURCE_EXPANSION_2, client) - - self.assertEqual(set(['r/res{}'.format(i) for i in range(1,9)]), - set(['r/{}'.format(r.name) for r in session.query(data_access.TBL_RESOURCE).all()]), - 'Expecting all resources to be added to the database') - - def expand(resource): - return ['/'.join(i.split('/')[-2:]) for i in data_access.expand_resources_by_names(session, [resource])] - - self.assertEqual(set(expand('r/res1')), - set([u'r/res{}'.format(i) for i in range(1,9)]), - 'Expecting expansion of res1 to comprise all resources') - - self.assertEqual(set(expand('r/res2')), - set([u'r/res{}'.format(i) for i in range(2,9)]), - 'Expecting expansion of res2 to comprise all resources but res1') - - self.assertEqual(set(expand('r/res3')), - set([u'r/res3',u'r/res4',u'r/res5']), - 'Expecting expansion of res3 to comprise res3,res4 and res5') - - self.assertEqual(set(expand('r/res8')), - set([u'r/res8']), - 'Expecting expansion of res8 to comprise only res8') - - -if __name__ == '__main__': - unittest.main() diff --git a/tests/iam/unit_tests/model_manager_test.py b/tests/iam/unit_tests/model_manager_test.py deleted file mode 100644 index 4a7eafd2c1..0000000000 --- a/tests/iam/unit_tests/model_manager_test.py +++ /dev/null @@ -1,98 +0,0 @@ -# Copyright 2017 The Forseti Security Authors. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -""" Unit Tests: Database abstraction objects for IAM Explain. """ - -from tests.unittest_utils import ForsetiTestCase -import uuid -import os -import unittest - -from google.cloud.security.iam.dao import ModelManager, session_creator, create_engine -from google.cloud.security.common.util.threadpool import ThreadPool - - -def create_test_engine(): - tmpfile = '/tmp/{}.db'.format(uuid.uuid4()) - return create_engine('sqlite:///{}'.format(tmpfile)), tmpfile - - -class ModelManagerTest(ForsetiTestCase): - """Test for dao.ModelManager create/delete/list.""" - - def setUp(self): - self.engine, self.dbfile = create_test_engine() - self.model_manager = ModelManager(self.engine) - - def tearDown(self): - os.unlink(self.dbfile) - - def test_create_get_delete_one_model(self): - """Start with no models, create one, delete it again.""" - self.assertEquals(0, len(self.model_manager.models()), - 'Expecting no models to exist') - handle = self.model_manager.create(name='test_model') - self.assertEqual([handle], - [m.handle for m in self.model_manager.models()], - 'Expecting the created model to be listed') - self.model_manager.delete(handle) - self.assertEqual(0, len(self.model_manager.models()), - 'Expecting no models to exist after deletion') - - def test_create_get_delete_multiple_models(self): - """Start with no models, create multiple, delete them again.""" - self.assertEqual(0, len(self.model_manager.models()), - 'Expecting no models to exist') - handles = [] - num_models = 32 - for i in range(num_models): - handles.append(self.model_manager.create(name=str(i))) - - self.assertEqual(set(handles), - set([m.handle for m in self.model_manager.models()]), - 'Expecting the created models to be listed') - - self.assertEqual(len(handles), num_models) - - for i in range(num_models): - self.model_manager.delete(handles[i]) - self.assertEqual(0, len(self.model_manager.models()), - 'Expecting no models to exist after deletion') - - def test_concurrent_access(self): - """ - Start with no models, create multiple, delete them again, concurrent. - """ - return - num_threads = 16 - thread_pool = ThreadPool(num_threads) - - def test_func(): - """Create, get, delete models.""" - for _ in range(32): - model = self.model_manager.create() - self.assertTrue(model in self.model_manager.models()) - self.model_manager.delete(model) - self.assertTrue(model not in self.model_manager.models()) - return True - for _ in range(num_threads): - thread_pool.add_func(test_func) - thread_pool.join() - self.assertTrue(len(self.model_manager.models()) == 0, - 'Expecting no models to stick around') - - - -if __name__ == '__main__': - unittest.main() diff --git a/tests/iam/unit_tests/model_tester.py b/tests/iam/unit_tests/model_tester.py deleted file mode 100644 index cf4f2590f8..0000000000 --- a/tests/iam/unit_tests/model_tester.py +++ /dev/null @@ -1,138 +0,0 @@ -# Copyright 2017 The Forseti Security Authors. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -"""Installing test models against a session.""" - -from collections import defaultdict - -from google.cloud.security.iam.utils import full_to_type_name - -class ModelCreatorClient: - def __init__(self, session, data_access): - self.session = session - self.data_access = data_access - self.playground = self - self.explain = self - - def add_resource(self, resource_type_name, parent_type_name, no_parent): - return self.data_access.add_resource_by_name(self.session, - resource_type_name, - parent_type_name, - no_parent) - - def add_member(self, child, parents): - return self.data_access.add_member(self.session, child, parents) - - def add_role(self, role_name, permissions): - return self.data_access.add_role_by_name(self.session, role_name, permissions) - - def get_iam_policy(self, full_resource_name): - policy_dict = self.data_access.get_iam_policy(self.session, - full_to_type_name(full_resource_name)) - class PolicyAccessor(dict): - def __init__(self, *args, **kwargs): - super(PolicyAccessor, self).__init__(*args, **kwargs) - self.policy = self - self.bindings = self['bindings'] if 'bindings' in self else [] - self.etag = self['etag'] if 'etag' in self else None - return PolicyAccessor(policy_dict) - - def set_iam_policy(self, full_resource_name, policy): - return self.data_access.set_iam_policy(self.session, - full_to_type_name(full_resource_name), - policy) - - def commit(self): - self.session.commit() - self.data_access.denorm_group_in_group(self.session) - self.session.commit() - -class ModelCreator: - def __init__(self, model, client): - self._install_model(model, client) - client.commit() - - def _install_model(self, model, client): - self._install_resources(model['resources'], client.playground) - self._install_memberships(model['memberships'], client.playground) - self._install_roles(model['roles'], client.playground) - self._install_bindings(model['bindings'], client.playground) - - def _recursive_install_resources(self, node, model, client, parent): - """Install resources.""" - - client.add_resource(node, parent, parent == '') - for root, tree in model.iteritems(): - self._recursive_install_resources(root, tree, client, node) - - def _install_resources(self, model_view, client): - """Install resources.""" - for root, tree in model_view.iteritems(): - self._recursive_install_resources(root, tree, client, '') - - def _recursive_invert_membership(self, node, model, parentship): - if node not in parentship: - parentship[node] = set() - for child in model.iterkeys(): - parentship[child].add(node) - for root, tree in model.iteritems(): - self._recursive_invert_membership(root, tree, parentship) - return parentship - - def _cyclic(self, g): - path = set() - visited = set() - - def visit(vertex): - if vertex in visited: - return False - visited.add(vertex) - path.add(vertex) - for neighbour in g.get(vertex, ()): - if neighbour in path or visit(neighbour): - return True - path.remove(vertex) - return False - - return any(visit(v) for v in g) - - def _install_memberships(self, model_view, client): - parent_relationship = defaultdict(set) - for root, tree in model_view.iteritems(): - self._recursive_invert_membership(root, tree, parent_relationship) - - if self._cyclic(parent_relationship): - raise Exception("Cyclic membership relation not supported!") - - installed_members = set() - while len(parent_relationship) > 0: - for child, parents in parent_relationship.iteritems(): - if parents.issubset(installed_members): - break - - installed_members.add(child) - client.add_member(child, list(parents)) - parent_relationship.pop(child) - - def _install_roles(self, model_view, client): - for role, permissions in model_view.iteritems(): - client.add_role(role, permissions) - - def _install_bindings(self, model_view, client): - for resource_name, bindings in model_view.iteritems(): - reply = client.get_iam_policy(resource_name) - if len(reply.policy.bindings) > 0: - raise Exception('policy should have been empty') - client.set_iam_policy(resource_name, - {'bindings':bindings, - 'etag':reply.policy.etag}) diff --git a/tests/iam/unit_tests/test_models.py b/tests/iam/unit_tests/test_models.py deleted file mode 100644 index ea4dccdfb6..0000000000 --- a/tests/iam/unit_tests/test_models.py +++ /dev/null @@ -1,348 +0,0 @@ -# Copyright 2017 The Forseti Security Authors. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -"""Compilation of serialized models for testing purposes.""" - -RESOURCE_EXPANSION_1 = { - 'resources': { - 'r/res1': { - 'r/res2': {}, - 'r/res3': {}, - 'r/res4': {}, - 'r/res5': { - 'r/res6': { - 'r/res7': {}, - 'r/res8': {}, - }, - }, - }, - }, - 'memberships': {}, - 'roles': {}, - 'bindings': {}, - } - -RESOURCE_EXPANSION_2 = { - 'resources': { - 'r/res1': { - 'r/res2': { - 'r/res3': { - 'r/res4': { - 'r/res5': {}, - }, - }, - 'r/res6': { - 'r/res7': { - 'r/res8': {}, - }, - }, - }, - }, - }, - 'memberships': {}, - 'roles': {}, - 'bindings': {}, - } - -MEMBER_TESTING_1 = { - 'resources': {}, - 'memberships': { - 'group/g1': { - 'group/g1g1': { - 'user/g1g1u1': {} - }, - }, - 'group/g2': { - 'user/g2u1': {}, - 'user/g2u2': {}, - 'user/g2u3': {}, - }, - 'group/g3': { - 'user/g3u1': {}, - 'user/g3u2': {}, - 'user/g3u3': {}, - 'group/g3g1': { - 'user/g3g1u1': {}, - 'user/g3g1u2': {}, - 'user/g3g1u3': {}, - }, - }, - }, - 'roles': {}, - 'bindings': {}, - } - -RESOURCE_PATH_TESTING_1 = { - 'resources': { - 'r/r1': { - 'r/r1r1': {}, - 'r/r1r2': {}, - 'r/r1r3': { - 'r/r1r3r1': { - 'r/r1r3r1r1': {}, - } - }, - 'r/r1r4': {}, - 'r/r1r5': { - 'r/r1r6r1': { - 'r/r1r6r1r1': { - 'r/r1r6r1r1r1': {}, - }, - }, - }, - }, - 'r/r2': {}, - 'r/r3': {}, - 'r/r4': {}, - 'r/r5': {}, - }, - 'memberships': {}, - 'roles': {}, - 'bindings': {}, - } - -ROLES_PERMISSIONS_TESTING_1 = { - 'resources': {}, - 'memberships': {}, - 'roles': { - 'a': ['a', 'b', 'c', 'd', 'e', 'f'], - 'b': ['a', 'b', 'c', 'd', 'e'], - 'c': ['a', 'b', 'c', 'd'], - 'd': ['a', 'b', 'c'], - 'e': ['a', 'b'], - 'f': ['a'], - 'g': ['a', 'c', 'e'], - 'h': ['b', 'd', 'f'], - }, - 'bindings': {}, - } - -DENORMALIZATION_TESTING_1 = { - 'resources': { - 'r/res1': { - 'r/res2': { - 'r/res3': {}, - }, - }, - }, - 'memberships': { - 'user/u1': {}, - 'user/u2': {}, - 'group/g1': {}, - 'group/g2': { - 'user/g2u1': {}, - 'group/g2g1': { - 'user/g2g1u1': {}, - }, - }, - }, - 'roles': { - 'a': ['a'], - 'b': ['b'], - }, - 'bindings': { - 'r/res3': { - 'a': ['user/u1', 'group/g2'], - }, - 'r/res2': { - 'a': ['user/u2'], - 'b': ['user/u2', 'user/u1'], - }, - 'r/res1': { - 'a': ['group/g1', 'user/u1'], - }, - }, - } - -ROLES_PREFIX_TESTING_1 = { - 'resources': {}, - 'memberships': {}, - 'roles': { - 'cloud.admin': ['cloud.admin'], - 'cloud.reader': ['cloud.reader'], - 'cloud.writer': ['cloud.writer'], - 'db.viewer': ['db.viewer'], - 'db.writer': ['db.writer'], - }, - 'bindings': {}, - } - -MEMBER_TESTING_2 = { - 'resources': {}, - 'memberships': { - 'group/g1': { - }, - 'group/g2': { - 'group/g3g2g1': {}, - }, - 'group/g3': { - 'group/g3g2': { - 'group/g3g2g1': { - }, - }, - }, - 'user/u1': { - }, - 'user/u2': { - }, - }, - 'roles': {}, - 'bindings': {}, - } - -MEMBER_TESTING_3 = { - 'resources': {}, - 'memberships': { - 'group/g1': { - 'group/g1g1': { - 'user/g1g1u1': {}, - 'user/g1g1u2': {}, - 'user/g1g1u3': {}, - }, - }, - }, - 'roles': {}, - 'bindings': {}, - } - -EXPLAIN_GRANTED_1 = { - 'resources': { - 'r/res1': { - 'r/res2': { - }, - 'r/res3': { - 'r/res4': {}, - }, - }, - }, - 'memberships': { - 'user/u1': {}, - 'user/u2': {}, - 'group/g1': { - 'user/u3': {}, - }, - 'group/g2': { - 'user/u3': {}, - }, - 'group/g3': { - 'group/g3g1': { - 'user/u3': {}, - 'user/u4': {}, - }, - }, - }, - 'roles': { - 'viewer': ['read', 'list'], - 'writer': ['read', 'list', 'write'], - 'admin': ['read', 'list', 'write', 'delete'], - }, - 'bindings': { - 'r/res1': { - 'viewer': ['group/g1'], - 'admin': ['user/u1'], - }, - 'r/res2': { - 'viewer': ['group/g1'], - }, - 'r/res3': { - 'viewer': ['group/g1'], - 'writer': ['group/g3'], - }, - 'r/res4': { - 'admin': ['group/g2'], - }, - }, - } - -GROUP_IN_GROUP_TESTING_1 = { - 'resources': { - }, - 'memberships': { - 'group/g1': {}, - 'group/g2': { - 'group/g2g1': {}, - }, - 'group/g3': { - 'group/g1': {}, - 'group/g2': {}, - }, - 'group/g4': { - 'group/g1': {}, - 'group/g3': {}, - }, - 'group/g5': { - 'group/g4': {}, - }, - 'group/g6': { - 'group/g5': {}, - }, - 'group/g7': { - 'group/g6': {}, - 'group/g5': {}, - }, - }, - 'roles': { - }, - 'bindings': { - }, - } - -ACCESS_BY_PERMISSIONS_1 = { - 'resources': { - 'r/res1': { - 'r/res2': { - }, - 'r/res3': { - 'r/res4': {}, - }, - }, - }, - 'memberships': { - 'user/u1': {}, - 'user/u2': {}, - 'group/g1': { - 'user/u3': {}, - }, - 'group/g2': { - 'user/u3': {}, - 'group/g3': {}, - }, - 'group/g3': { - 'group/g3g1': { - 'user/u3': {}, - 'user/u4': {}, - }, - }, - }, - 'roles': { - 'viewer': ['read', 'list', 'readonly'], - 'writer': ['read', 'list', 'write', 'writeonly'], - 'admin': ['read', 'list', 'write', 'delete'], - }, - 'bindings': { - 'r/res1': { - 'viewer': ['group/g1'], - 'admin': ['user/u1'], - }, - 'r/res2': { - 'viewer': ['group/g1'], - }, - 'r/res3': { - 'viewer': ['group/g1','group/g3'], - 'writer': ['group/g3'], - }, - 'r/res4': { - 'admin': ['group/g2'], - }, - }, - }