GCP IAM Updates Detected

jdyke · May 23, 2024 · 1ace903 · 1ace903
1 parent b5437e2
commit 1ace903
Show file tree

Hide file tree

Showing 8 changed files with 58 additions and 0 deletions.
diff --git a/roles/bigquery.dataOwner b/roles/bigquery.dataOwner
@@ -57,6 +57,8 @@
     "bigquery.tables.getData",
     "bigquery.tables.getIamPolicy",
     "bigquery.tables.list",
+    "bigquery.tables.listEffectiveTags",
+    "bigquery.tables.listTagBindings",
     "bigquery.tables.replicateData",
     "bigquery.tables.restoreSnapshot",
     "bigquery.tables.setCategory",

diff --git a/roles/bigquery.studioAdmin b/roles/bigquery.studioAdmin
@@ -116,6 +116,8 @@
     "bigquery.tables.getData",
     "bigquery.tables.getIamPolicy",
     "bigquery.tables.list",
+    "bigquery.tables.listEffectiveTags",
+    "bigquery.tables.listTagBindings",
     "bigquery.tables.replicateData",
     "bigquery.tables.restoreSnapshot",
     "bigquery.tables.setCategory",

diff --git a/roles/configdelivery.serviceAgent b/roles/configdelivery.serviceAgent
@@ -0,0 +1,43 @@
+{
+  "description": "Gives the Config Delivery service account permission to manage resources ",
+  "etag": "AA==",
+  "includedPermissions": [
+    "artifactregistry.dockerimages.get",
+    "artifactregistry.dockerimages.list",
+    "artifactregistry.projectsettings.get",
+    "artifactregistry.repositories.create",
+    "artifactregistry.repositories.downloadArtifacts",
+    "artifactregistry.repositories.get",
+    "artifactregistry.repositories.getIamPolicy",
+    "artifactregistry.repositories.list",
+    "artifactregistry.repositories.listEffectiveTags",
+    "artifactregistry.repositories.listTagBindings",
+    "artifactregistry.repositories.setIamPolicy",
+    "artifactregistry.repositories.uploadArtifacts",
+    "artifactregistry.tags.create",
+    "artifactregistry.tags.delete",
+    "artifactregistry.tags.get",
+    "artifactregistry.tags.list",
+    "artifactregistry.tags.update",
+    "artifactregistry.versions.delete",
+    "artifactregistry.versions.get",
+    "artifactregistry.versions.list",
+    "cloudbuild.builds.create",
+    "cloudbuild.builds.get",
+    "cloudbuild.builds.list",
+    "cloudbuild.builds.update",
+    "container.customResourceDefinitions.get",
+    "container.customResourceDefinitions.list",
+    "container.serviceAccounts.get",
+    "container.serviceAccounts.list",
+    "container.thirdPartyObjects.create",
+    "container.thirdPartyObjects.delete",
+    "container.thirdPartyObjects.get",
+    "container.thirdPartyObjects.list",
+    "container.thirdPartyObjects.update",
+    "iam.serviceAccounts.actAs"
+  ],
+  "name": "roles/configdelivery.serviceAgent",
+  "stage": "ALPHA",
+  "title": "Config Delivery Service Agent"
+}
diff --git a/roles/dataflow.serviceAgent b/roles/dataflow.serviceAgent
@@ -100,6 +100,8 @@
     "bigquery.tables.getData",
     "bigquery.tables.getIamPolicy",
     "bigquery.tables.list",
+    "bigquery.tables.listEffectiveTags",
+    "bigquery.tables.listTagBindings",
     "bigquery.tables.replicateData",
     "bigquery.tables.restoreSnapshot",
     "bigquery.tables.setCategory",

diff --git a/roles/dataplex.serviceAgent b/roles/dataplex.serviceAgent
@@ -100,6 +100,8 @@
     "bigquery.tables.getData",
     "bigquery.tables.getIamPolicy",
     "bigquery.tables.list",
+    "bigquery.tables.listEffectiveTags",
+    "bigquery.tables.listTagBindings",
     "bigquery.tables.replicateData",
     "bigquery.tables.restoreSnapshot",
     "bigquery.tables.setCategory",

diff --git a/roles/editor b/roles/editor
@@ -1336,6 +1336,8 @@
     "bigquery.tables.createSnapshot",
     "bigquery.tables.deleteIndex",
     "bigquery.tables.getIamPolicy",
+    "bigquery.tables.listEffectiveTags",
+    "bigquery.tables.listTagBindings",
     "bigquery.tables.replicateData",
     "bigquery.tables.restoreSnapshot",
     "bigquery.transfers.get",
@@ -5874,6 +5876,7 @@
     "logging.queries.list",
     "logging.queries.listShared",
     "logging.queries.update",
+    "logging.queries.usePrivate",
     "logging.settings.get",
     "logging.settings.update",
     "logging.sinks.get",

diff --git a/roles/logging.privateLogViewer b/roles/logging.privateLogViewer
@@ -24,6 +24,7 @@
     "logging.queries.list",
     "logging.queries.listShared",
     "logging.queries.update",
+    "logging.queries.usePrivate",
     "logging.sinks.get",
     "logging.sinks.list",
     "logging.usage.get",

diff --git a/roles/viewer b/roles/viewer
@@ -639,6 +639,8 @@
     "bigquery.savedqueries.list",
     "bigquery.tables.createSnapshot",
     "bigquery.tables.getIamPolicy",
+    "bigquery.tables.listEffectiveTags",
+    "bigquery.tables.listTagBindings",
     "bigquery.tables.replicateData",
     "bigquery.transfers.get",
     "bigquerymigration.locations.get",
@@ -2891,6 +2893,7 @@
     "logging.queries.list",
     "logging.queries.listShared",
     "logging.queries.update",
+    "logging.queries.usePrivate",
     "logging.settings.get",
     "logging.sinks.get",
     "logging.sinks.list",