GCP IAM Updates Detected

roles/aiplatform.serviceAgent

@@ -336,7 +336,6 @@
     "compute.networks.useExternalIp",
     "compute.snapshots.create",
     "compute.snapshots.delete",
-    "compute.snapshots.useReadOnly",
     "compute.subnetworks.get",
     "compute.subnetworks.list",
     "compute.subnetworks.use",

roles/apigee.securityAdmin

@@ -32,8 +32,6 @@
     "apigee.securityProfiles.get",
     "apigee.securityProfiles.list",
     "apigee.securityProfiles.update",
-    "apigee.securitySettings.get",
-    "apigee.securitySettings.update",
     "apigee.securityStats.queryTabularStats",
     "apigee.securityStats.queryTimeSeriesStats",
     "apigee.securityreports.create",

roles/apigee.securityViewer

@@ -22,7 +22,6 @@
     "apigee.securityProfileEnvironments.computeScore",
     "apigee.securityProfiles.get",
     "apigee.securityProfiles.list",
-    "apigee.securitySettings.get",
     "apigee.securityStats.queryTabularStats",
     "apigee.securityStats.queryTimeSeriesStats",
     "apigee.securityreports.get",

roles/bigquery.studioUser

@@ -24,5 +24,5 @@
   ],
   "name": "roles/bigquery.studioUser",
   "stage": "BETA",
-  "title": "Bigquery Studio User"
+  "title": "BigQuery Studio User"
 }

roles/binaryauthorization.serviceAgent

@@ -2,7 +2,6 @@
   "description": "Can read Notes and Occurrences from the Container Analysis Service to find and verify signatures.",
   "etag": "AA==",
   "includedPermissions": [
-    "artifactregistry.dockerimages.get",
     "artifactregistry.repositories.downloadArtifacts",
     "binaryauthorization.attestors.get",
     "binaryauthorization.attestors.list",

roles/blockchainnodeengine.viewer

@@ -12,6 +12,6 @@
     "resourcemanager.projects.list"
   ],
   "name": "roles/blockchainnodeengine.viewer",
-  "stage": "BETA",
+  "stage": "GA",
   "title": "Blockchain Node Engine Viewer"
 }

roles/capacityplanner.viewer

@@ -5,6 +5,7 @@
     "capacityplanner.forecasts.list",
     "capacityplanner.usageHistories.list",
     "capacityplanner.usageHistories.summarize",
+    "cloudquotas.quotas.get",
     "monitoring.timeSeries.list",
     "resourcemanager.projects.get",
     "resourcemanager.projects.list",

roles/connectors.customConnectorViewer

@@ -0,0 +1,17 @@
+{
+  "description": "Custom Connector  is a regional resource which creates custom connector with the given target project. This role grants Read-only access to Custom Connector & Custom Connector Version resources.",
+  "etag": "AA==",
+  "includedPermissions": [
+    "connectors.customConnectorVersions.get",
+    "connectors.customConnectorVersions.getIamPolicy",
+    "connectors.customConnectorVersions.list",
+    "connectors.customConnectors.get",
+    "connectors.customConnectors.getIamPolicy",
+    "connectors.customConnectors.list",
+    "connectors.locations.get",
+    "connectors.locations.list"
+  ],
+  "name": "roles/connectors.customConnectorViewer",
+  "stage": "GA",
+  "title": "Custom Connector Viewer"
+}

roles/connectors.viewer

@@ -10,6 +10,12 @@
     "connectors.connections.list",
     "connectors.connectors.get",
     "connectors.connectors.list",
+    "connectors.customConnectorVersions.get",
+    "connectors.customConnectorVersions.getIamPolicy",
+    "connectors.customConnectorVersions.list",
+    "connectors.customConnectors.get",
+    "connectors.customConnectors.getIamPolicy",
+    "connectors.customConnectors.list",
     "connectors.endpointAttachments.get",
     "connectors.endpointAttachments.getIamPolicy",
     "connectors.endpointAttachments.list",

roles/datamigration.serviceAgent

@@ -21,6 +21,7 @@
     "cloudsql.instances.delete",
     "cloudsql.instances.demoteMaster",
     "cloudsql.instances.get",
+    "cloudsql.instances.import",
     "cloudsql.instances.list",
     "cloudsql.instances.migrate",
     "cloudsql.instances.promoteReplica",
@@ -52,7 +53,8 @@
     "compute.subnetworks.get",
     "compute.subnetworks.list",
     "compute.subnetworks.use",
-    "storage.objects.get"
+    "storage.objects.get",
+    "storage.objects.list"
   ],
   "name": "roles/datamigration.serviceAgent",
   "stage": "GA",

roles/dataplex.serviceAgent

@@ -111,6 +111,7 @@
     "datacatalog.catalogs.searchAll",
     "datacatalog.categories.getIamPolicy",
     "datacatalog.categories.setIamPolicy",
+    "datacatalog.entries.get",
     "datacatalog.taxonomies.create",
     "datacatalog.taxonomies.delete",
     "datacatalog.taxonomies.get",

roles/fleetengine.deliveryAdmin

@@ -22,6 +22,6 @@
     "serviceusage.services.use"
   ],
   "name": "roles/fleetengine.deliveryAdmin",
-  "stage": "GA",
+  "stage": "ALPHA",
   "title": "Fleet Engine Delivery Admin"
 }

roles/fleetengine.ondemandAdmin

@@ -21,6 +21,6 @@
     "serviceusage.services.use"
   ],
   "name": "roles/fleetengine.ondemandAdmin",
-  "stage": "ALPHA",
+  "stage": "GA",
   "title": "Fleet Engine On-Demand Admin"
 }

roles/gkemulticloud.nodePoolMachineServiceAgent

@@ -4,7 +4,8 @@
   "includedPermissions": [
     "artifactregistry.dockerimages.get",
     "artifactregistry.repositories.downloadArtifacts",
-    "artifactregistry.repositories.get"
+    "artifactregistry.repositories.get",
+    "serviceusage.services.use"
   ],
   "name": "roles/gkemulticloud.nodePoolMachineServiceAgent",
   "stage": "GA",

roles/iam.securityAdmin

@@ -662,12 +662,6 @@
     "connectors.connections.list",
     "connectors.connections.setIamPolicy",
     "connectors.connectors.list",
-    "connectors.customConnectorVersions.getIamPolicy",
-    "connectors.customConnectorVersions.list",
-    "connectors.customConnectorVersions.setIamPolicy",
-    "connectors.customConnectors.getIamPolicy",
-    "connectors.customConnectors.list",
-    "connectors.customConnectors.setIamPolicy",
     "connectors.endpointAttachments.getIamPolicy",
     "connectors.endpointAttachments.list",
     "connectors.endpointAttachments.setIamPolicy",

roles/kubernetesmetadata.publisher

@@ -7,6 +7,6 @@
     "kubernetesmetadata.metadata.snapshot"
   ],
   "name": "roles/kubernetesmetadata.publisher",
-  "stage": "BETA",
+  "stage": "ALPHA",
   "title": "Metadata Publisher"
 }

roles/owner

@@ -659,6 +659,8 @@
     "apigee.securityProfiles.get",
     "apigee.securityProfiles.list",
     "apigee.securityProfiles.update",
+    "apigee.securitySettings.get",
+    "apigee.securitySettings.update",
     "apigee.securityStats.queryTabularStats",
     "apigee.securityStats.queryTimeSeriesStats",
     "apigee.securityreports.create",
@@ -3561,6 +3563,20 @@
     "connectors.connections.update",
     "connectors.connectors.get",
     "connectors.connectors.list",
+    "connectors.customConnectorVersions.create",
+    "connectors.customConnectorVersions.delete",
+    "connectors.customConnectorVersions.get",
+    "connectors.customConnectorVersions.getIamPolicy",
+    "connectors.customConnectorVersions.list",
+    "connectors.customConnectorVersions.setIamPolicy",
+    "connectors.customConnectorVersions.update",
+    "connectors.customConnectors.create",
+    "connectors.customConnectors.delete",
+    "connectors.customConnectors.get",
+    "connectors.customConnectors.getIamPolicy",
+    "connectors.customConnectors.list",
+    "connectors.customConnectors.setIamPolicy",
+    "connectors.customConnectors.update",
     "connectors.endpointAttachments.create",
     "connectors.endpointAttachments.delete",
     "connectors.endpointAttachments.get",

roles/visionai.serviceAgent

@@ -72,23 +72,32 @@
     "visionai.applications.list",
     "visionai.applications.undeploy",
     "visionai.applications.update",
+    "visionai.assets.analyze",
     "visionai.assets.clip",
     "visionai.assets.create",
     "visionai.assets.delete",
+    "visionai.assets.generateHlsUri",
     "visionai.assets.get",
+    "visionai.assets.index",
     "visionai.assets.ingest",
     "visionai.assets.list",
+    "visionai.assets.removeIndex",
     "visionai.assets.search",
     "visionai.assets.update",
+    "visionai.assets.upload",
     "visionai.clusters.create",
     "visionai.clusters.delete",
     "visionai.clusters.get",
     "visionai.clusters.list",
     "visionai.clusters.update",
     "visionai.clusters.watch",
+    "visionai.corpora.analyze",
+    "visionai.corpora.create",
     "visionai.corpora.delete",
     "visionai.corpora.get",
+    "visionai.corpora.import",
     "visionai.corpora.list",
+    "visionai.corpora.suggest",
     "visionai.corpora.update",
     "visionai.dataSchemas.create",
     "visionai.dataSchemas.delete",
@@ -106,6 +115,20 @@
     "visionai.events.get",
     "visionai.events.list",
     "visionai.events.update",
+    "visionai.indexEndpoints.create",
+    "visionai.indexEndpoints.delete",
+    "visionai.indexEndpoints.deploy",
+    "visionai.indexEndpoints.get",
+    "visionai.indexEndpoints.list",
+    "visionai.indexEndpoints.search",
+    "visionai.indexEndpoints.undeploy",
+    "visionai.indexEndpoints.update",
+    "visionai.indexes.create",
+    "visionai.indexes.delete",
+    "visionai.indexes.get",
+    "visionai.indexes.list",
+    "visionai.indexes.update",
+    "visionai.indexes.viewAssets",
     "visionai.instances.get",
     "visionai.instances.list",
     "visionai.operations.get",

roles/workloadmanager.deploymentAdmin

@@ -32,6 +32,6 @@
     "workloadmanager.operations.list"
   ],
   "name": "roles/workloadmanager.deploymentAdmin",
-  "stage": "BETA",
+  "stage": "ALPHA",
   "title": "Workload Manager Deployment Admin"
 }

roles/workloadmanager.deploymentViewer

@@ -10,6 +10,6 @@
     "workloadmanager.deployments.list"
   ],
   "name": "roles/workloadmanager.deploymentViewer",
-  "stage": "BETA",
+  "stage": "ALPHA",
   "title": "Workload Manager Deployment Viewer"
 }

roles/workloadmanager.evaluationAdmin

@@ -24,6 +24,6 @@
     "workloadmanager.rules.list"
   ],
   "name": "roles/workloadmanager.evaluationAdmin",
-  "stage": "BETA",
+  "stage": "ALPHA",
   "title": "Workload Manager Evaluation Admin"
 }

roles/workloadmanager.evaluationViewer

@@ -13,6 +13,6 @@
     "workloadmanager.rules.list"
   ],
   "name": "roles/workloadmanager.evaluationViewer",
-  "stage": "ALPHA",
+  "stage": "BETA",
   "title": "Workload Manager Evaluation Viewer"
 }