diff --git a/roles/alloydb.admin b/roles/alloydb.admin index d1ec8339..a952fd12 100644 --- a/roles/alloydb.admin +++ b/roles/alloydb.admin @@ -20,6 +20,7 @@ "alloydb.clusters.list", "alloydb.clusters.listEffectiveTags", "alloydb.clusters.listTagBindings", + "alloydb.clusters.promote", "alloydb.clusters.update", "alloydb.databases.list", "alloydb.instances.connect", diff --git a/roles/apigee.admin b/roles/apigee.admin index aa3a27dc..954c6036 100644 --- a/roles/apigee.admin +++ b/roles/apigee.admin @@ -219,6 +219,10 @@ "apigee.securityActions.update", "apigee.securityActionsConfig.get", "apigee.securityActionsConfig.update", + "apigee.securityFeedback.create", + "apigee.securityFeedback.delete", + "apigee.securityFeedback.get", + "apigee.securityFeedback.list", "apigee.securityIncidents.get", "apigee.securityIncidents.list", "apigee.securityIncidents.update", diff --git a/roles/apigee.readOnlyAdmin b/roles/apigee.readOnlyAdmin index 592c3678..95033b94 100644 --- a/roles/apigee.readOnlyAdmin +++ b/roles/apigee.readOnlyAdmin @@ -99,6 +99,8 @@ "apigee.securityActions.get", "apigee.securityActions.list", "apigee.securityActionsConfig.get", + "apigee.securityFeedback.get", + "apigee.securityFeedback.list", "apigee.securityIncidents.get", "apigee.securityIncidents.list", "apigee.securityProfileEnvironments.computeScore", diff --git a/roles/apigee.securityAdmin b/roles/apigee.securityAdmin index 3ea8b2be..cbb19c9d 100644 --- a/roles/apigee.securityAdmin +++ b/roles/apigee.securityAdmin @@ -22,6 +22,10 @@ "apigee.securityActions.update", "apigee.securityActionsConfig.get", "apigee.securityActionsConfig.update", + "apigee.securityFeedback.create", + "apigee.securityFeedback.delete", + "apigee.securityFeedback.get", + "apigee.securityFeedback.list", "apigee.securityIncidents.get", "apigee.securityIncidents.list", "apigee.securityIncidents.update", diff --git a/roles/apigee.securityViewer b/roles/apigee.securityViewer index a71f7383..734e282f 100644 --- a/roles/apigee.securityViewer +++ b/roles/apigee.securityViewer @@ -18,6 +18,8 @@ "apigee.securityActions.get", "apigee.securityActions.list", "apigee.securityActionsConfig.get", + "apigee.securityFeedback.get", + "apigee.securityFeedback.list", "apigee.securityIncidents.get", "apigee.securityIncidents.list", "apigee.securityProfileEnvironments.computeScore", diff --git a/roles/bigquerycontinuousquery.serviceAgent b/roles/bigquerycontinuousquery.serviceAgent new file mode 100644 index 00000000..3296947b --- /dev/null +++ b/roles/bigquerycontinuousquery.serviceAgent @@ -0,0 +1,10 @@ +{ + "description": "Gives BigQuery Continuous Query access to the service accounts in the user project.", + "etag": "AA==", + "includedPermissions": [ + "iam.serviceAccounts.getAccessToken" + ], + "name": "roles/bigquerycontinuousquery.serviceAgent", + "stage": "ALPHA", + "title": "BigQuery Continuous Query Service Agent" +} diff --git a/roles/clouddeploymentmanager.serviceAgent b/roles/clouddeploymentmanager.serviceAgent new file mode 100644 index 00000000..563f5fcf --- /dev/null +++ b/roles/clouddeploymentmanager.serviceAgent @@ -0,0 +1,679 @@ +{ + "description": "Allows Deployment Manager service to actuate resources across DM projects and folders", + "etag": "AA==", + "includedPermissions": [ + "accesscontextmanager.accessLevels.create", + "accesscontextmanager.accessLevels.delete", + "accesscontextmanager.accessLevels.get", + "accesscontextmanager.accessLevels.update", + "accesscontextmanager.policies.list", + "accesscontextmanager.servicePerimeters.create", + "accesscontextmanager.servicePerimeters.delete", + "accesscontextmanager.servicePerimeters.get", + "accesscontextmanager.servicePerimeters.update", + "appengine.applications.get", + "appengine.operations.get", + "appengine.services.update", + "appengine.versions.create", + "appengine.versions.delete", + "appengine.versions.get", + "appengine.versions.list", + "artifactregistry.repositories.create", + "artifactregistry.repositories.delete", + "artifactregistry.repositories.get", + "artifactregistry.repositories.update", + "bigquery.connections.get", + "bigquery.datasets.create", + "bigquery.datasets.delete", + "bigquery.datasets.get", + "bigquery.datasets.getIamPolicy", + "bigquery.datasets.update", + "bigquery.jobs.create", + "bigquery.routines.create", + "bigquery.routines.get", + "bigquery.routines.update", + "bigquery.tables.create", + "bigquery.tables.delete", + "bigquery.tables.get", + "bigquery.tables.getData", + "bigquery.tables.setCategory", + "bigquery.tables.update", + "bigquery.tables.updateData", + "bigtable.instances.create", + "bigtable.instances.delete", + "bigtable.instances.get", + "bigtable.instances.update", + "bigtable.tables.create", + "bigtable.tables.delete", + "bigtable.tables.get", + "bigtable.tables.update", + "billing.resourceAssociations.create", + "billing.resourcebudgets.write", + "cloudbuild.builds.create", + "cloudbuild.builds.get", + "cloudfunctions.functions.call", + "cloudfunctions.functions.create", + "cloudfunctions.functions.delete", + "cloudfunctions.functions.get", + "cloudfunctions.functions.getIamPolicy", + "cloudfunctions.functions.list", + "cloudfunctions.functions.update", + "cloudfunctions.operations.get", + "cloudprivatecatalog.targets.get", + "cloudscheduler.jobs.create", + "cloudscheduler.jobs.delete", + "cloudscheduler.jobs.get", + "cloudscheduler.jobs.update", + "cloudsql.backupRuns.create", + "cloudsql.databases.create", + "cloudsql.databases.delete", + "cloudsql.databases.get", + "cloudsql.databases.list", + "cloudsql.databases.update", + "cloudsql.instances.create", + "cloudsql.instances.delete", + "cloudsql.instances.get", + "cloudsql.instances.import", + "cloudsql.instances.restart", + "cloudsql.instances.update", + "cloudsql.sslCerts.create", + "cloudsql.sslCerts.delete", + "cloudsql.sslCerts.get", + "cloudsql.users.create", + "cloudsql.users.delete", + "cloudtasks.queues.create", + "cloudtasks.queues.delete", + "cloudtasks.queues.get", + "compute.addresses.create", + "compute.addresses.createInternal", + "compute.addresses.delete", + "compute.addresses.deleteInternal", + "compute.addresses.get", + "compute.addresses.list", + "compute.addresses.setLabels", + "compute.addresses.use", + "compute.addresses.useInternal", + "compute.autoscalers.create", + "compute.autoscalers.delete", + "compute.autoscalers.get", + "compute.autoscalers.update", + "compute.backendBuckets.create", + "compute.backendBuckets.delete", + "compute.backendBuckets.get", + "compute.backendBuckets.update", + "compute.backendBuckets.use", + "compute.backendServices.create", + "compute.backendServices.delete", + "compute.backendServices.get", + "compute.backendServices.setSecurityPolicy", + "compute.backendServices.update", + "compute.backendServices.use", + "compute.disks.addResourcePolicies", + "compute.disks.create", + "compute.disks.delete", + "compute.disks.get", + "compute.disks.removeResourcePolicies", + "compute.disks.resize", + "compute.disks.setLabels", + "compute.disks.update", + "compute.disks.use", + "compute.disks.useReadOnly", + "compute.externalVpnGateways.create", + "compute.externalVpnGateways.delete", + "compute.externalVpnGateways.get", + "compute.externalVpnGateways.setLabels", + "compute.externalVpnGateways.use", + "compute.firewallPolicies.create", + "compute.firewallPolicies.delete", + "compute.firewallPolicies.get", + "compute.firewalls.create", + "compute.firewalls.delete", + "compute.firewalls.get", + "compute.firewalls.list", + "compute.firewalls.update", + "compute.forwardingRules.create", + "compute.forwardingRules.delete", + "compute.forwardingRules.get", + "compute.forwardingRules.pscCreate", + "compute.forwardingRules.pscSetLabels", + "compute.forwardingRules.setLabels", + "compute.forwardingRules.setTarget", + "compute.forwardingRules.update", + "compute.forwardingRules.use", + "compute.globalAddresses.create", + "compute.globalAddresses.createInternal", + "compute.globalAddresses.delete", + "compute.globalAddresses.deleteInternal", + "compute.globalAddresses.get", + "compute.globalAddresses.setLabels", + "compute.globalAddresses.use", + "compute.globalForwardingRules.create", + "compute.globalForwardingRules.delete", + "compute.globalForwardingRules.get", + "compute.globalForwardingRules.pscCreate", + "compute.globalForwardingRules.pscDelete", + "compute.globalForwardingRules.pscSetLabels", + "compute.globalForwardingRules.setLabels", + "compute.globalNetworkEndpointGroups.attachNetworkEndpoints", + "compute.globalNetworkEndpointGroups.create", + "compute.globalNetworkEndpointGroups.delete", + "compute.globalNetworkEndpointGroups.get", + "compute.globalNetworkEndpointGroups.use", + "compute.globalOperations.get", + "compute.healthChecks.create", + "compute.healthChecks.delete", + "compute.healthChecks.get", + "compute.healthChecks.update", + "compute.healthChecks.use", + "compute.healthChecks.useReadOnly", + "compute.httpHealthChecks.create", + "compute.httpHealthChecks.delete", + "compute.httpHealthChecks.get", + "compute.httpHealthChecks.update", + "compute.httpHealthChecks.use", + "compute.httpHealthChecks.useReadOnly", + "compute.httpsHealthChecks.create", + "compute.httpsHealthChecks.delete", + "compute.httpsHealthChecks.get", + "compute.httpsHealthChecks.update", + "compute.httpsHealthChecks.use", + "compute.httpsHealthChecks.useReadOnly", + "compute.images.create", + "compute.images.delete", + "compute.images.deprecate", + "compute.images.get", + "compute.images.setLabels", + "compute.images.useReadOnly", + "compute.instanceGroupManagers.create", + "compute.instanceGroupManagers.delete", + "compute.instanceGroupManagers.get", + "compute.instanceGroupManagers.update", + "compute.instanceGroupManagers.use", + "compute.instanceGroups.create", + "compute.instanceGroups.delete", + "compute.instanceGroups.get", + "compute.instanceGroups.update", + "compute.instanceGroups.use", + "compute.instanceTemplates.create", + "compute.instanceTemplates.delete", + "compute.instanceTemplates.get", + "compute.instanceTemplates.useReadOnly", + "compute.instances.addAccessConfig", + "compute.instances.create", + "compute.instances.delete", + "compute.instances.deleteAccessConfig", + "compute.instances.get", + "compute.instances.listTagBindings", + "compute.instances.resume", + "compute.instances.setDeletionProtection", + "compute.instances.setDiskAutoDelete", + "compute.instances.setLabels", + "compute.instances.setMetadata", + "compute.instances.setServiceAccount", + "compute.instances.setTags", + "compute.instances.start", + "compute.instances.stop", + "compute.instances.suspend", + "compute.instances.update", + "compute.instances.updateDisplayDevice", + "compute.instances.use", + "compute.interconnectAttachments.create", + "compute.interconnectAttachments.delete", + "compute.interconnectAttachments.get", + "compute.interconnectAttachments.setLabels", + "compute.interconnectAttachments.update", + "compute.interconnects.create", + "compute.interconnects.delete", + "compute.interconnects.get", + "compute.interconnects.setLabels", + "compute.interconnects.use", + "compute.machineImages.useReadOnly", + "compute.machineTypes.get", + "compute.networkEndpointGroups.attachNetworkEndpoints", + "compute.networkEndpointGroups.create", + "compute.networkEndpointGroups.delete", + "compute.networkEndpointGroups.get", + "compute.networkEndpointGroups.use", + "compute.networks.addPeering", + "compute.networks.create", + "compute.networks.delete", + "compute.networks.get", + "compute.networks.listPeeringRoutes", + "compute.networks.removePeering", + "compute.networks.switchToCustomMode", + "compute.networks.update", + "compute.networks.updatePolicy", + "compute.networks.use", + "compute.networks.useExternalIp", + "compute.organizations.disableXpnResource", + "compute.organizations.enableXpnHost", + "compute.organizations.enableXpnResource", + "compute.packetMirrorings.create", + "compute.packetMirrorings.delete", + "compute.packetMirrorings.get", + "compute.projects.get", + "compute.projects.setUsageExportBucket", + "compute.regionBackendServices.create", + "compute.regionBackendServices.delete", + "compute.regionBackendServices.get", + "compute.regionBackendServices.update", + "compute.regionBackendServices.use", + "compute.regionHealthChecks.create", + "compute.regionHealthChecks.delete", + "compute.regionHealthChecks.get", + "compute.regionHealthChecks.update", + "compute.regionHealthChecks.use", + "compute.regionHealthChecks.useReadOnly", + "compute.regionNetworkEndpointGroups.create", + "compute.regionNetworkEndpointGroups.delete", + "compute.regionNetworkEndpointGroups.get", + "compute.regionNetworkEndpointGroups.use", + "compute.regionOperations.get", + "compute.regionSslCertificates.create", + "compute.regionSslCertificates.delete", + "compute.regionSslCertificates.get", + "compute.regionTargetHttpProxies.create", + "compute.regionTargetHttpProxies.delete", + "compute.regionTargetHttpProxies.get", + "compute.regionTargetHttpProxies.use", + "compute.regionTargetHttpsProxies.create", + "compute.regionTargetHttpsProxies.delete", + "compute.regionTargetHttpsProxies.get", + "compute.regionTargetHttpsProxies.use", + "compute.regionUrlMaps.create", + "compute.regionUrlMaps.delete", + "compute.regionUrlMaps.get", + "compute.regionUrlMaps.use", + "compute.regions.get", + "compute.reservations.list", + "compute.resourcePolicies.create", + "compute.resourcePolicies.delete", + "compute.resourcePolicies.get", + "compute.resourcePolicies.use", + "compute.routers.create", + "compute.routers.delete", + "compute.routers.get", + "compute.routers.update", + "compute.routers.use", + "compute.routes.create", + "compute.routes.delete", + "compute.routes.get", + "compute.securityPolicies.create", + "compute.securityPolicies.delete", + "compute.securityPolicies.get", + "compute.securityPolicies.setLabels", + "compute.securityPolicies.update", + "compute.securityPolicies.use", + "compute.serviceAttachments.create", + "compute.serviceAttachments.get", + "compute.snapshots.useReadOnly", + "compute.sslCertificates.create", + "compute.sslCertificates.delete", + "compute.sslCertificates.get", + "compute.sslPolicies.create", + "compute.sslPolicies.delete", + "compute.sslPolicies.get", + "compute.sslPolicies.use", + "compute.subnetworks.create", + "compute.subnetworks.delete", + "compute.subnetworks.expandIpCidrRange", + "compute.subnetworks.get", + "compute.subnetworks.list", + "compute.subnetworks.mirror", + "compute.subnetworks.update", + "compute.subnetworks.use", + "compute.subnetworks.useExternalIp", + "compute.targetHttpProxies.create", + "compute.targetHttpProxies.delete", + "compute.targetHttpProxies.get", + "compute.targetHttpProxies.use", + "compute.targetHttpsProxies.create", + "compute.targetHttpsProxies.delete", + "compute.targetHttpsProxies.get", + "compute.targetHttpsProxies.setSslCertificates", + "compute.targetHttpsProxies.setSslPolicy", + "compute.targetHttpsProxies.use", + "compute.targetInstances.create", + "compute.targetInstances.delete", + "compute.targetInstances.get", + "compute.targetInstances.use", + "compute.targetPools.addHealthCheck", + "compute.targetPools.addInstance", + "compute.targetPools.create", + "compute.targetPools.delete", + "compute.targetPools.get", + "compute.targetPools.removeHealthCheck", + "compute.targetPools.removeInstance", + "compute.targetPools.use", + "compute.targetSslProxies.create", + "compute.targetSslProxies.delete", + "compute.targetSslProxies.get", + "compute.targetSslProxies.setSslCertificates", + "compute.targetSslProxies.use", + "compute.targetTcpProxies.create", + "compute.targetTcpProxies.delete", + "compute.targetTcpProxies.get", + "compute.targetTcpProxies.use", + "compute.targetVpnGateways.create", + "compute.targetVpnGateways.delete", + "compute.targetVpnGateways.get", + "compute.targetVpnGateways.setLabels", + "compute.targetVpnGateways.use", + "compute.urlMaps.create", + "compute.urlMaps.delete", + "compute.urlMaps.get", + "compute.urlMaps.update", + "compute.urlMaps.use", + "compute.vpnGateways.create", + "compute.vpnGateways.delete", + "compute.vpnGateways.get", + "compute.vpnGateways.setLabels", + "compute.vpnGateways.use", + "compute.vpnTunnels.create", + "compute.vpnTunnels.delete", + "compute.vpnTunnels.get", + "compute.vpnTunnels.setLabels", + "compute.zoneOperations.get", + "compute.zoneOperations.list", + "compute.zones.get", + "container.backendConfigs.create", + "container.backendConfigs.delete", + "container.backendConfigs.get", + "container.clusterRoleBindings.create", + "container.clusterRoleBindings.delete", + "container.clusterRoleBindings.get", + "container.clusterRoles.bind", + "container.clusterRoles.create", + "container.clusterRoles.delete", + "container.clusterRoles.escalate", + "container.clusterRoles.get", + "container.clusters.create", + "container.clusters.delete", + "container.clusters.get", + "container.clusters.getCredentials", + "container.clusters.update", + "container.configMaps.create", + "container.configMaps.delete", + "container.configMaps.get", + "container.configMaps.update", + "container.cronJobs.create", + "container.cronJobs.delete", + "container.cronJobs.get", + "container.cronJobs.update", + "container.daemonSets.create", + "container.daemonSets.delete", + "container.daemonSets.get", + "container.daemonSets.update", + "container.deployments.create", + "container.deployments.delete", + "container.deployments.get", + "container.deployments.update", + "container.frontendConfigs.create", + "container.frontendConfigs.delete", + "container.frontendConfigs.get", + "container.horizontalPodAutoscalers.create", + "container.horizontalPodAutoscalers.delete", + "container.horizontalPodAutoscalers.get", + "container.ingresses.create", + "container.ingresses.delete", + "container.ingresses.get", + "container.jobs.create", + "container.jobs.delete", + "container.jobs.get", + "container.managedCertificates.create", + "container.managedCertificates.delete", + "container.managedCertificates.get", + "container.mutatingWebhookConfigurations.delete", + "container.mutatingWebhookConfigurations.get", + "container.namespaces.create", + "container.namespaces.delete", + "container.namespaces.get", + "container.networkPolicies.create", + "container.networkPolicies.delete", + "container.networkPolicies.get", + "container.operations.get", + "container.podDisruptionBudgets.create", + "container.podDisruptionBudgets.delete", + "container.podDisruptionBudgets.get", + "container.podSecurityPolicies.delete", + "container.podSecurityPolicies.get", + "container.priorityClasses.create", + "container.priorityClasses.delete", + "container.priorityClasses.get", + "container.replicationControllers.create", + "container.replicationControllers.delete", + "container.replicationControllers.get", + "container.roleBindings.create", + "container.roleBindings.delete", + "container.roleBindings.get", + "container.roles.bind", + "container.roles.create", + "container.roles.delete", + "container.roles.escalate", + "container.roles.get", + "container.roles.update", + "container.secrets.create", + "container.secrets.delete", + "container.secrets.get", + "container.secrets.update", + "container.serviceAccounts.create", + "container.serviceAccounts.delete", + "container.serviceAccounts.get", + "container.serviceAccounts.update", + "container.services.create", + "container.services.delete", + "container.services.get", + "container.statefulSets.create", + "container.statefulSets.delete", + "container.statefulSets.get", + "container.statefulSets.update", + "container.storageClasses.create", + "container.storageClasses.delete", + "container.storageClasses.get", + "container.thirdPartyObjects.create", + "container.thirdPartyObjects.delete", + "container.thirdPartyObjects.get", + "container.thirdPartyObjects.update", + "container.validatingWebhookConfigurations.delete", + "container.validatingWebhookConfigurations.get", + "datacatalog.taxonomies.get", + "dataproc.autoscalingPolicies.create", + "dataproc.autoscalingPolicies.delete", + "dataproc.autoscalingPolicies.get", + "dataproc.autoscalingPolicies.use", + "dataproc.clusters.create", + "dataproc.clusters.delete", + "dataproc.clusters.get", + "dataproc.nodeGroups.create", + "dataproc.operations.get", + "dataproc.workflowTemplates.create", + "dataproc.workflowTemplates.delete", + "dataproc.workflowTemplates.get", + "deploymentmanager.compositeTypes.get", + "deploymentmanager.deployments.create", + "deploymentmanager.deployments.delete", + "deploymentmanager.deployments.get", + "deploymentmanager.deployments.update", + "deploymentmanager.operations.get", + "deploymentmanager.typeProviders.create", + "deploymentmanager.typeProviders.delete", + "deploymentmanager.typeProviders.get", + "deploymentmanager.typeProviders.update", + "dns.changes.create", + "dns.changes.get", + "dns.changes.list", + "dns.managedZones.create", + "dns.managedZones.delete", + "dns.managedZones.get", + "dns.managedZones.list", + "dns.managedZones.update", + "dns.networks.bindPrivateDNSZone", + "dns.networks.targetWithPeeringZone", + "dns.policies.delete", + "dns.policies.get", + "dns.resourceRecordSets.create", + "dns.resourceRecordSets.delete", + "dns.resourceRecordSets.list", + "dns.resourceRecordSets.update", + "file.instances.create", + "file.instances.delete", + "file.instances.get", + "file.instances.update", + "file.operations.get", + "firebase.projects.get", + "firebase.projects.update", + "firebaseanalytics.resources.googleAnalyticsEdit", + "iam.roles.create", + "iam.roles.delete", + "iam.roles.get", + "iam.roles.list", + "iam.roles.update", + "iam.serviceAccountKeys.delete", + "iam.serviceAccountKeys.get", + "iam.serviceAccounts.actAs", + "iam.serviceAccounts.create", + "iam.serviceAccounts.delete", + "iam.serviceAccounts.get", + "iam.serviceAccounts.list", + "iam.serviceAccounts.update", + "logging.buckets.update", + "logging.exclusions.create", + "logging.exclusions.delete", + "logging.exclusions.get", + "logging.exclusions.update", + "logging.logEntries.create", + "logging.logMetrics.create", + "logging.logMetrics.delete", + "logging.logMetrics.get", + "logging.logMetrics.update", + "logging.notificationRules.create", + "logging.sinks.create", + "logging.sinks.delete", + "logging.sinks.get", + "logging.sinks.update", + "monitoring.alertPolicies.create", + "monitoring.alertPolicies.delete", + "monitoring.alertPolicies.get", + "monitoring.alertPolicies.list", + "monitoring.alertPolicies.update", + "monitoring.dashboards.create", + "monitoring.dashboards.delete", + "monitoring.dashboards.get", + "monitoring.dashboards.update", + "monitoring.groups.create", + "monitoring.groups.delete", + "monitoring.groups.get", + "monitoring.groups.update", + "monitoring.metricDescriptors.create", + "monitoring.metricDescriptors.delete", + "monitoring.metricDescriptors.get", + "monitoring.notificationChannels.create", + "monitoring.notificationChannels.delete", + "monitoring.notificationChannels.get", + "monitoring.notificationChannels.update", + "monitoring.uptimeCheckConfigs.create", + "monitoring.uptimeCheckConfigs.delete", + "monitoring.uptimeCheckConfigs.get", + "monitoring.uptimeCheckConfigs.update", + "networksecurity.serverTlsPolicies.use", + "pubsub.schemas.attach", + "pubsub.subscriptions.create", + "pubsub.subscriptions.delete", + "pubsub.subscriptions.get", + "pubsub.subscriptions.update", + "pubsub.topics.attachSubscription", + "pubsub.topics.create", + "pubsub.topics.delete", + "pubsub.topics.get", + "pubsub.topics.getIamPolicy", + "pubsub.topics.publish", + "pubsub.topics.update", + "redis.instances.create", + "redis.instances.delete", + "redis.instances.get", + "redis.instances.update", + "redis.instances.updateAuth", + "redis.operations.get", + "resourcemanager.folders.create", + "resourcemanager.folders.delete", + "resourcemanager.folders.get", + "resourcemanager.folders.getIamPolicy", + "resourcemanager.folders.list", + "resourcemanager.folders.update", + "resourcemanager.organizations.getIamPolicy", + "resourcemanager.projects.create", + "resourcemanager.projects.createBillingAssignment", + "resourcemanager.projects.delete", + "resourcemanager.projects.deleteBillingAssignment", + "resourcemanager.projects.get", + "resourcemanager.projects.getIamPolicy", + "resourcemanager.projects.list", + "resourcemanager.projects.move", + "resourcemanager.projects.update", + "resourcemanager.projects.updateLiens", + "resourcemanager.tagHolds.create", + "resourcemanager.tagHolds.delete", + "resourcemanager.tagValueBindings.create", + "resourcemanager.tagValueBindings.delete", + "resourcemanager.tagValues.get", + "runtimeconfig.configs.create", + "runtimeconfig.configs.delete", + "runtimeconfig.configs.get", + "runtimeconfig.configs.list", + "runtimeconfig.configs.update", + "runtimeconfig.variables.create", + "runtimeconfig.variables.delete", + "runtimeconfig.variables.get", + "runtimeconfig.variables.list", + "runtimeconfig.variables.update", + "runtimeconfig.waiters.create", + "runtimeconfig.waiters.delete", + "runtimeconfig.waiters.get", + "runtimeconfig.waiters.list", + "servicedirectory.namespaces.associatePrivateZone", + "servicedirectory.namespaces.create", + "servicedirectory.namespaces.delete", + "servicedirectory.services.create", + "servicemanagement.services.bind", + "servicenetworking.operations.get", + "servicenetworking.services.addPeering", + "servicenetworking.services.get", + "serviceusage.operations.get", + "serviceusage.services.disable", + "serviceusage.services.enable", + "serviceusage.services.get", + "serviceusage.services.use", + "source.repos.create", + "spanner.databaseOperations.get", + "spanner.databases.create", + "spanner.databases.drop", + "spanner.databases.get", + "spanner.databases.updateDdl", + "spanner.instanceOperations.get", + "spanner.instances.create", + "spanner.instances.delete", + "spanner.instances.get", + "spanner.instances.update", + "storage.buckets.create", + "storage.buckets.delete", + "storage.buckets.get", + "storage.buckets.getIamPolicy", + "storage.buckets.update", + "storage.hmacKeys.create", + "storage.objects.create", + "storage.objects.delete", + "storage.objects.get", + "storage.objects.getIamPolicy", + "storage.objects.list", + "vpcaccess.connectors.create", + "vpcaccess.connectors.delete", + "vpcaccess.operations.get", + "workflows.operations.get", + "workflows.workflows.create", + "workflows.workflows.delete", + "workflows.workflows.get" + ], + "name": "roles/clouddeploymentmanager.serviceAgent", + "stage": "ALPHA", + "title": "Cloud Deployment Manager Service Agent" +} diff --git a/roles/cloudfunctions.developer b/roles/cloudfunctions.developer index e00caffb..3e21b81d 100644 --- a/roles/cloudfunctions.developer +++ b/roles/cloudfunctions.developer @@ -72,12 +72,6 @@ "recommender.runServiceIdentityRecommendations.get", "recommender.runServiceIdentityRecommendations.list", "recommender.runServiceIdentityRecommendations.update", - "recommender.runServicePerformanceInsights.get", - "recommender.runServicePerformanceInsights.list", - "recommender.runServicePerformanceInsights.update", - "recommender.runServicePerformanceRecommendations.get", - "recommender.runServicePerformanceRecommendations.list", - "recommender.runServicePerformanceRecommendations.update", "recommender.runServiceSecurityInsights.get", "recommender.runServiceSecurityInsights.list", "recommender.runServiceSecurityInsights.update", diff --git a/roles/cloudfunctions.viewer b/roles/cloudfunctions.viewer index 55b5516b..a546f10f 100644 --- a/roles/cloudfunctions.viewer +++ b/roles/cloudfunctions.viewer @@ -44,10 +44,6 @@ "recommender.runServiceIdentityInsights.list", "recommender.runServiceIdentityRecommendations.get", "recommender.runServiceIdentityRecommendations.list", - "recommender.runServicePerformanceInsights.get", - "recommender.runServicePerformanceInsights.list", - "recommender.runServicePerformanceRecommendations.get", - "recommender.runServicePerformanceRecommendations.list", "recommender.runServiceSecurityInsights.get", "recommender.runServiceSecurityInsights.list", "recommender.runServiceSecurityRecommendations.get", diff --git a/roles/compute.loadBalancerAdmin b/roles/compute.loadBalancerAdmin index d3b7b2fa..c9261826 100644 --- a/roles/compute.loadBalancerAdmin +++ b/roles/compute.loadBalancerAdmin @@ -99,8 +99,6 @@ "compute.globalNetworkEndpointGroups.listEffectiveTags", "compute.globalNetworkEndpointGroups.listTagBindings", "compute.globalNetworkEndpointGroups.use", - "compute.globalOperations.get", - "compute.globalOperations.list", "compute.healthChecks.create", "compute.healthChecks.createTagBinding", "compute.healthChecks.delete", @@ -214,8 +212,6 @@ "compute.regionNotificationEndpoints.list", "compute.regionNotificationEndpoints.update", "compute.regionNotificationEndpoints.use", - "compute.regionOperations.get", - "compute.regionOperations.list", "compute.regionSecurityPolicies.get", "compute.regionSecurityPolicies.list", "compute.regionSecurityPolicies.listEffectiveTags", @@ -401,8 +397,6 @@ "compute.urlMaps.update", "compute.urlMaps.use", "compute.urlMaps.validate", - "compute.zoneOperations.get", - "compute.zoneOperations.list", "networksecurity.clientTlsPolicies.get", "networksecurity.clientTlsPolicies.list", "networksecurity.clientTlsPolicies.use", diff --git a/roles/config.viewer b/roles/config.viewer index df85b3fa..bfb3d55b 100644 --- a/roles/config.viewer +++ b/roles/config.viewer @@ -15,6 +15,8 @@ "config.resources.list", "config.revisions.get", "config.revisions.list", + "config.terraformversions.get", + "config.terraformversions.list", "resourcemanager.projects.get", "resourcemanager.projects.list" ], diff --git a/roles/databaseinsights.eventsViewer b/roles/databaseinsights.eventsViewer new file mode 100644 index 00000000..98024726 --- /dev/null +++ b/roles/databaseinsights.eventsViewer @@ -0,0 +1,12 @@ +{ + "description": "Viewer role for Events Service data", + "etag": "AA==", + "includedPermissions": [ + "databaseinsights.aggregatedEvents.query", + "databaseinsights.clusterEvents.query", + "databaseinsights.instanceEvents.query" + ], + "name": "roles/databaseinsights.eventsViewer", + "stage": "ALPHA", + "title": "Events Service viewer" +} diff --git a/roles/databaseinsights.monitoringViewer b/roles/databaseinsights.monitoringViewer new file mode 100644 index 00000000..982e501c --- /dev/null +++ b/roles/databaseinsights.monitoringViewer @@ -0,0 +1,11 @@ +{ + "description": "Viewer role for Database Insights monitoring data", + "etag": "AA==", + "includedPermissions": [ + "resourcemanager.projects.get", + "resourcemanager.projects.list" + ], + "name": "roles/databaseinsights.monitoringViewer", + "stage": "ALPHA", + "title": "Database Insights monitoring viewer" +} diff --git a/roles/databaseinsights.operationsAdmin b/roles/databaseinsights.operationsAdmin new file mode 100644 index 00000000..654ef218 --- /dev/null +++ b/roles/databaseinsights.operationsAdmin @@ -0,0 +1,10 @@ +{ + "description": "Admin role for performing Database Insights operations", + "etag": "AA==", + "includedPermissions": [ + "databaseinsights.activeQuery.terminate" + ], + "name": "roles/databaseinsights.operationsAdmin", + "stage": "ALPHA", + "title": "Database Insights performing operations" +} diff --git a/roles/databaseinsights.recommendationViewer b/roles/databaseinsights.recommendationViewer new file mode 100644 index 00000000..06a26539 --- /dev/null +++ b/roles/databaseinsights.recommendationViewer @@ -0,0 +1,16 @@ +{ + "description": "Viewer role for Database Insights recommendation data", + "etag": "AA==", + "includedPermissions": [ + "databaseinsights.locations.get", + "databaseinsights.locations.list", + "databaseinsights.recommendations.query", + "databaseinsights.resourceRecommendations.query", + "databaseinsights.workloadRecommendations.fetch", + "resourcemanager.projects.get", + "resourcemanager.projects.list" + ], + "name": "roles/databaseinsights.recommendationViewer", + "stage": "ALPHA", + "title": "Database Insights recommendation viewer" +} diff --git a/roles/databaseinsights.viewer b/roles/databaseinsights.viewer new file mode 100644 index 00000000..a3399d6c --- /dev/null +++ b/roles/databaseinsights.viewer @@ -0,0 +1,20 @@ +{ + "description": "Viewer role for Database Insights data", + "etag": "AA==", + "includedPermissions": [ + "databaseinsights.activeQueries.fetch", + "databaseinsights.activitySummary.fetch", + "databaseinsights.aggregatedStats.query", + "databaseinsights.locations.get", + "databaseinsights.locations.list", + "databaseinsights.recommendations.query", + "databaseinsights.resourceRecommendations.query", + "databaseinsights.timeSeries.query", + "databaseinsights.workloadRecommendations.fetch", + "resourcemanager.projects.get", + "resourcemanager.projects.list" + ], + "name": "roles/databaseinsights.viewer", + "stage": "ALPHA", + "title": "Database Insights viewer" +} diff --git a/roles/dataplex.admin b/roles/dataplex.admin index 77156df4..99330aa2 100644 --- a/roles/dataplex.admin +++ b/roles/dataplex.admin @@ -5,6 +5,14 @@ "cloudasset.assets.analyzeIamPolicy", "cloudasset.assets.searchAllIamPolicies", "cloudasset.assets.searchAllResources", + "dataplex.aspectTypes.create", + "dataplex.aspectTypes.delete", + "dataplex.aspectTypes.get", + "dataplex.aspectTypes.getIamPolicy", + "dataplex.aspectTypes.list", + "dataplex.aspectTypes.setIamPolicy", + "dataplex.aspectTypes.update", + "dataplex.aspectTypes.use", "dataplex.assetActions.list", "dataplex.assets.create", "dataplex.assets.delete", @@ -58,6 +66,31 @@ "dataplex.entities.get", "dataplex.entities.list", "dataplex.entities.update", + "dataplex.entries.create", + "dataplex.entries.delete", + "dataplex.entries.get", + "dataplex.entries.list", + "dataplex.entries.update", + "dataplex.entryGroups.create", + "dataplex.entryGroups.delete", + "dataplex.entryGroups.get", + "dataplex.entryGroups.getIamPolicy", + "dataplex.entryGroups.list", + "dataplex.entryGroups.setIamPolicy", + "dataplex.entryGroups.update", + "dataplex.entryGroups.useContactsAspect", + "dataplex.entryGroups.useGenericAspect", + "dataplex.entryGroups.useGenericEntry", + "dataplex.entryGroups.useOverviewAspect", + "dataplex.entryGroups.useSchemaAspect", + "dataplex.entryTypes.create", + "dataplex.entryTypes.delete", + "dataplex.entryTypes.get", + "dataplex.entryTypes.getIamPolicy", + "dataplex.entryTypes.list", + "dataplex.entryTypes.setIamPolicy", + "dataplex.entryTypes.update", + "dataplex.entryTypes.use", "dataplex.environments.create", "dataplex.environments.delete", "dataplex.environments.execute", diff --git a/roles/dataplex.aspectTypeOwner b/roles/dataplex.aspectTypeOwner index e9983657..dc2d8fde 100644 --- a/roles/dataplex.aspectTypeOwner +++ b/roles/dataplex.aspectTypeOwner @@ -14,6 +14,6 @@ "resourcemanager.projects.list" ], "name": "roles/dataplex.aspectTypeOwner", - "stage": "GA", + "stage": "ALPHA", "title": "Dataplex Aspect Type Owner" } diff --git a/roles/dataplex.aspectTypeUser b/roles/dataplex.aspectTypeUser index 33494933..53760a06 100644 --- a/roles/dataplex.aspectTypeUser +++ b/roles/dataplex.aspectTypeUser @@ -9,6 +9,6 @@ "resourcemanager.projects.list" ], "name": "roles/dataplex.aspectTypeUser", - "stage": "GA", + "stage": "ALPHA", "title": "Dataplex Aspect Type User" } diff --git a/roles/dataplex.catalogAdmin b/roles/dataplex.catalogAdmin new file mode 100644 index 00000000..ae498974 --- /dev/null +++ b/roles/dataplex.catalogAdmin @@ -0,0 +1,44 @@ +{ + "description": "Has full access to Catalog resources: Entry Groups, Entry Types, Aspect Types and Entries.", + "etag": "AA==", + "includedPermissions": [ + "dataplex.aspectTypes.create", + "dataplex.aspectTypes.delete", + "dataplex.aspectTypes.get", + "dataplex.aspectTypes.getIamPolicy", + "dataplex.aspectTypes.list", + "dataplex.aspectTypes.setIamPolicy", + "dataplex.aspectTypes.update", + "dataplex.aspectTypes.use", + "dataplex.entries.create", + "dataplex.entries.delete", + "dataplex.entries.get", + "dataplex.entries.list", + "dataplex.entries.update", + "dataplex.entryGroups.create", + "dataplex.entryGroups.delete", + "dataplex.entryGroups.get", + "dataplex.entryGroups.getIamPolicy", + "dataplex.entryGroups.list", + "dataplex.entryGroups.setIamPolicy", + "dataplex.entryGroups.update", + "dataplex.entryGroups.useContactsAspect", + "dataplex.entryGroups.useGenericAspect", + "dataplex.entryGroups.useGenericEntry", + "dataplex.entryGroups.useOverviewAspect", + "dataplex.entryGroups.useSchemaAspect", + "dataplex.entryTypes.create", + "dataplex.entryTypes.delete", + "dataplex.entryTypes.get", + "dataplex.entryTypes.getIamPolicy", + "dataplex.entryTypes.list", + "dataplex.entryTypes.setIamPolicy", + "dataplex.entryTypes.update", + "dataplex.entryTypes.use", + "resourcemanager.projects.get", + "resourcemanager.projects.list" + ], + "name": "roles/dataplex.catalogAdmin", + "stage": "ALPHA", + "title": "Dataplex Catalog Admin" +} diff --git a/roles/dataplex.catalogEditor b/roles/dataplex.catalogEditor new file mode 100644 index 00000000..c3da68af --- /dev/null +++ b/roles/dataplex.catalogEditor @@ -0,0 +1,41 @@ +{ + "description": "Has write access to Catalog resources: Entry Groups, Entry Types, Aspect Types and Entries. Cannot set IAM policies on resources", + "etag": "AA==", + "includedPermissions": [ + "dataplex.aspectTypes.create", + "dataplex.aspectTypes.delete", + "dataplex.aspectTypes.get", + "dataplex.aspectTypes.getIamPolicy", + "dataplex.aspectTypes.list", + "dataplex.aspectTypes.update", + "dataplex.aspectTypes.use", + "dataplex.entries.create", + "dataplex.entries.delete", + "dataplex.entries.get", + "dataplex.entries.list", + "dataplex.entries.update", + "dataplex.entryGroups.create", + "dataplex.entryGroups.delete", + "dataplex.entryGroups.get", + "dataplex.entryGroups.getIamPolicy", + "dataplex.entryGroups.list", + "dataplex.entryGroups.update", + "dataplex.entryGroups.useContactsAspect", + "dataplex.entryGroups.useGenericAspect", + "dataplex.entryGroups.useGenericEntry", + "dataplex.entryGroups.useOverviewAspect", + "dataplex.entryGroups.useSchemaAspect", + "dataplex.entryTypes.create", + "dataplex.entryTypes.delete", + "dataplex.entryTypes.get", + "dataplex.entryTypes.getIamPolicy", + "dataplex.entryTypes.list", + "dataplex.entryTypes.update", + "dataplex.entryTypes.use", + "resourcemanager.projects.get", + "resourcemanager.projects.list" + ], + "name": "roles/dataplex.catalogEditor", + "stage": "ALPHA", + "title": "Dataplex Catalog Editor" +} diff --git a/roles/dataplex.catalogViewer b/roles/dataplex.catalogViewer new file mode 100644 index 00000000..57342949 --- /dev/null +++ b/roles/dataplex.catalogViewer @@ -0,0 +1,22 @@ +{ + "description": "Has read access to Catalog resources: Entry Groups, Entry Types, Aspect Types and Entries. Can view IAM policies on Catalog resources.", + "etag": "AA==", + "includedPermissions": [ + "dataplex.aspectTypes.get", + "dataplex.aspectTypes.getIamPolicy", + "dataplex.aspectTypes.list", + "dataplex.entries.get", + "dataplex.entries.list", + "dataplex.entryGroups.get", + "dataplex.entryGroups.getIamPolicy", + "dataplex.entryGroups.list", + "dataplex.entryTypes.get", + "dataplex.entryTypes.getIamPolicy", + "dataplex.entryTypes.list", + "resourcemanager.projects.get", + "resourcemanager.projects.list" + ], + "name": "roles/dataplex.catalogViewer", + "stage": "ALPHA", + "title": "Dataplex Catalog Viewer" +} diff --git a/roles/dataplex.entryGroupOwner b/roles/dataplex.entryGroupOwner index 672d985e..ac88e57f 100644 --- a/roles/dataplex.entryGroupOwner +++ b/roles/dataplex.entryGroupOwner @@ -29,6 +29,6 @@ "resourcemanager.projects.list" ], "name": "roles/dataplex.entryGroupOwner", - "stage": "GA", + "stage": "ALPHA", "title": "Dataplex Entry Group Owner" } diff --git a/roles/dataplex.entryTypeOwner b/roles/dataplex.entryTypeOwner index f9a4440e..869d07e2 100644 --- a/roles/dataplex.entryTypeOwner +++ b/roles/dataplex.entryTypeOwner @@ -14,6 +14,6 @@ "resourcemanager.projects.list" ], "name": "roles/dataplex.entryTypeOwner", - "stage": "GA", + "stage": "ALPHA", "title": "Dataplex Entry Type Owner" } diff --git a/roles/dlp.dataProfilesReader b/roles/dlp.dataProfilesReader index dc650ece..c12a35f1 100644 --- a/roles/dlp.dataProfilesReader +++ b/roles/dlp.dataProfilesReader @@ -2,6 +2,7 @@ "description": "Read DLP profiles.", "etag": "AA==", "includedPermissions": [ + "dlp.charts.get", "dlp.columnDataProfiles.get", "dlp.columnDataProfiles.list", "dlp.projectDataProfiles.get", diff --git a/roles/dlp.projectdriver b/roles/dlp.projectdriver index 93bfa4f2..067218f1 100644 --- a/roles/dlp.projectdriver +++ b/roles/dlp.projectdriver @@ -636,6 +636,7 @@ "dlp.analyzeRiskTemplates.get", "dlp.analyzeRiskTemplates.list", "dlp.analyzeRiskTemplates.update", + "dlp.charts.get", "dlp.columnDataProfiles.get", "dlp.columnDataProfiles.list", "dlp.connections.create", diff --git a/roles/editor b/roles/editor index 4c414a80..a76bcfcd 100644 --- a/roles/editor +++ b/roles/editor @@ -338,6 +338,7 @@ "alloydb.clusters.list", "alloydb.clusters.listEffectiveTags", "alloydb.clusters.listTagBindings", + "alloydb.clusters.promote", "alloydb.clusters.update", "alloydb.databases.list", "alloydb.instances.connect", @@ -622,6 +623,10 @@ "apigee.securityActions.update", "apigee.securityActionsConfig.get", "apigee.securityActionsConfig.update", + "apigee.securityFeedback.create", + "apigee.securityFeedback.delete", + "apigee.securityFeedback.get", + "apigee.securityFeedback.list", "apigee.securityIncidents.get", "apigee.securityIncidents.list", "apigee.securityIncidents.update", @@ -2920,6 +2925,8 @@ "config.resources.list", "config.revisions.get", "config.revisions.list", + "config.terraformversions.get", + "config.terraformversions.list", "connectors.actions.execute", "connectors.actions.list", "connectors.connections.create", @@ -3516,6 +3523,19 @@ "contentwarehouse.synonymSets.get", "contentwarehouse.synonymSets.list", "contentwarehouse.synonymSets.update", + "databaseinsights.activeQueries.fetch", + "databaseinsights.activeQuery.terminate", + "databaseinsights.activitySummary.fetch", + "databaseinsights.aggregatedEvents.query", + "databaseinsights.aggregatedStats.query", + "databaseinsights.clusterEvents.query", + "databaseinsights.instanceEvents.query", + "databaseinsights.locations.get", + "databaseinsights.locations.list", + "databaseinsights.recommendations.query", + "databaseinsights.resourceRecommendations.query", + "databaseinsights.timeSeries.query", + "databaseinsights.workloadRecommendations.fetch", "datacatalog.catalogs.searchAll", "datacatalog.categories.getIamPolicy", "datacatalog.entries.create", @@ -4402,6 +4422,7 @@ "dlp.analyzeRiskTemplates.get", "dlp.analyzeRiskTemplates.list", "dlp.analyzeRiskTemplates.update", + "dlp.charts.get", "dlp.columnDataProfiles.get", "dlp.columnDataProfiles.list", "dlp.connections.create", diff --git a/roles/firebase.admin b/roles/firebase.admin index 10a45f35..c30c65c1 100644 --- a/roles/firebase.admin +++ b/roles/firebase.admin @@ -377,6 +377,12 @@ "recommender.runServiceIdentityRecommendations.get", "recommender.runServiceIdentityRecommendations.list", "recommender.runServiceIdentityRecommendations.update", + "recommender.runServicePerformanceInsights.get", + "recommender.runServicePerformanceInsights.list", + "recommender.runServicePerformanceInsights.update", + "recommender.runServicePerformanceRecommendations.get", + "recommender.runServicePerformanceRecommendations.list", + "recommender.runServicePerformanceRecommendations.update", "recommender.runServiceSecurityInsights.get", "recommender.runServiceSecurityInsights.list", "recommender.runServiceSecurityInsights.update", diff --git a/roles/firebase.developAdmin b/roles/firebase.developAdmin index 359a5fe5..52bae09a 100644 --- a/roles/firebase.developAdmin +++ b/roles/firebase.developAdmin @@ -281,6 +281,12 @@ "recommender.runServiceIdentityRecommendations.get", "recommender.runServiceIdentityRecommendations.list", "recommender.runServiceIdentityRecommendations.update", + "recommender.runServicePerformanceInsights.get", + "recommender.runServicePerformanceInsights.list", + "recommender.runServicePerformanceInsights.update", + "recommender.runServicePerformanceRecommendations.get", + "recommender.runServicePerformanceRecommendations.list", + "recommender.runServicePerformanceRecommendations.update", "recommender.runServiceSecurityInsights.get", "recommender.runServiceSecurityInsights.list", "recommender.runServiceSecurityInsights.update", diff --git a/roles/firebase.developViewer b/roles/firebase.developViewer index 95f435c1..418440d7 100644 --- a/roles/firebase.developViewer +++ b/roles/firebase.developViewer @@ -119,10 +119,6 @@ "recommender.runServiceIdentityInsights.list", "recommender.runServiceIdentityRecommendations.get", "recommender.runServiceIdentityRecommendations.list", - "recommender.runServicePerformanceInsights.get", - "recommender.runServicePerformanceInsights.list", - "recommender.runServicePerformanceRecommendations.get", - "recommender.runServicePerformanceRecommendations.list", "recommender.runServiceSecurityInsights.get", "recommender.runServiceSecurityInsights.list", "recommender.runServiceSecurityRecommendations.get", diff --git a/roles/iam.securityAdmin b/roles/iam.securityAdmin index 55759b1d..024b2327 100644 --- a/roles/iam.securityAdmin +++ b/roles/iam.securityAdmin @@ -139,6 +139,7 @@ "apigee.reports.list", "apigee.resourcefiles.list", "apigee.securityActions.list", + "apigee.securityFeedback.list", "apigee.securityIncidents.list", "apigee.securityProfiles.list", "apigee.securityreports.list", @@ -683,6 +684,7 @@ "config.previews.list", "config.resources.list", "config.revisions.list", + "config.terraformversions.list", "connectors.actions.list", "connectors.connections.getIamPolicy", "connectors.connections.list", @@ -811,6 +813,7 @@ "contentwarehouse.documents.setIamPolicy", "contentwarehouse.ruleSets.list", "contentwarehouse.synonymSets.list", + "databaseinsights.locations.list", "datacatalog.categories.getIamPolicy", "datacatalog.categories.setIamPolicy", "datacatalog.entries.getIamPolicy", diff --git a/roles/viewer b/roles/viewer index 0de8477f..e149a9fc 100644 --- a/roles/viewer +++ b/roles/viewer @@ -283,6 +283,8 @@ "apigee.securityActions.get", "apigee.securityActions.list", "apigee.securityActionsConfig.get", + "apigee.securityFeedback.get", + "apigee.securityFeedback.list", "apigee.securityIncidents.get", "apigee.securityIncidents.list", "apigee.securityProfileEnvironments.computeScore", @@ -1469,6 +1471,8 @@ "config.resources.list", "config.revisions.get", "config.revisions.list", + "config.terraformversions.get", + "config.terraformversions.list", "connectors.actions.list", "connectors.connections.get", "connectors.connections.getConnectionSchemaMetadata", @@ -1734,6 +1738,18 @@ "contentwarehouse.ruleSets.list", "contentwarehouse.synonymSets.get", "contentwarehouse.synonymSets.list", + "databaseinsights.activeQueries.fetch", + "databaseinsights.activitySummary.fetch", + "databaseinsights.aggregatedEvents.query", + "databaseinsights.aggregatedStats.query", + "databaseinsights.clusterEvents.query", + "databaseinsights.instanceEvents.query", + "databaseinsights.locations.get", + "databaseinsights.locations.list", + "databaseinsights.recommendations.query", + "databaseinsights.resourceRecommendations.query", + "databaseinsights.timeSeries.query", + "databaseinsights.workloadRecommendations.fetch", "datacatalog.catalogs.searchAll", "datacatalog.categories.getIamPolicy", "datacatalog.entries.get", @@ -2135,6 +2151,7 @@ "discoveryengine.widgetConfigs.get", "dlp.analyzeRiskTemplates.get", "dlp.analyzeRiskTemplates.list", + "dlp.charts.get", "dlp.columnDataProfiles.get", "dlp.columnDataProfiles.list", "dlp.connections.get",