GCP IAM Updates Detected

roles/aiplatform.notebookExecutorUser

@@ -0,0 +1,16 @@
+{
+  "description": "Grants users full access to schedules and notebook execution jobs.",
+  "etag": "AA==",
+  "includedPermissions": [
+    "aiplatform.operations.list",
+    "aiplatform.pipelineJobs.create",
+    "aiplatform.schedules.create",
+    "aiplatform.schedules.delete",
+    "aiplatform.schedules.get",
+    "aiplatform.schedules.list",
+    "aiplatform.schedules.update"
+  ],
+  "name": "roles/aiplatform.notebookExecutorUser",
+  "stage": "BETA",
+  "title": "Notebook Executor User"
+}

roles/auditmanager.serviceAgent

@@ -576,9 +576,7 @@
     "compute.subnetworks.list",
     "compute.targetHttpProxies.list",
     "compute.targetSslProxies.list",
-    "compute.vpnGateways.list",
     "compute.zones.list",
-    "logging.buckets.list",
     "orgpolicy.policy.get",
     "recommender.cloudAssetInsights.get",
     "recommender.cloudAssetInsights.list",
@@ -592,8 +590,6 @@
     "resourcemanager.projects.get",
     "resourcemanager.projects.getIamPolicy",
     "resourcemanager.projects.list",
-    "serviceusage.services.get",
-    "storage.buckets.getIamPolicy",
     "storage.buckets.list"
   ],
   "name": "roles/auditmanager.serviceAgent",

roles/bigquery.admin

@@ -110,64 +110,6 @@
     "bigquery.transfers.get",
     "bigquery.transfers.update",
     "bigquerymigration.translation.translate",
-    "dataform.compilationResults.create",
-    "dataform.compilationResults.get",
-    "dataform.compilationResults.list",
-    "dataform.compilationResults.query",
-    "dataform.locations.get",
-    "dataform.locations.list",
-    "dataform.releaseConfigs.create",
-    "dataform.releaseConfigs.delete",
-    "dataform.releaseConfigs.get",
-    "dataform.releaseConfigs.list",
-    "dataform.releaseConfigs.update",
-    "dataform.repositories.commit",
-    "dataform.repositories.computeAccessTokenStatus",
-    "dataform.repositories.create",
-    "dataform.repositories.delete",
-    "dataform.repositories.fetchHistory",
-    "dataform.repositories.fetchRemoteBranches",
-    "dataform.repositories.get",
-    "dataform.repositories.getIamPolicy",
-    "dataform.repositories.list",
-    "dataform.repositories.queryDirectoryContents",
-    "dataform.repositories.readFile",
-    "dataform.repositories.setIamPolicy",
-    "dataform.repositories.update",
-    "dataform.workflowConfigs.create",
-    "dataform.workflowConfigs.delete",
-    "dataform.workflowConfigs.get",
-    "dataform.workflowConfigs.list",
-    "dataform.workflowConfigs.update",
-    "dataform.workflowInvocations.cancel",
-    "dataform.workflowInvocations.create",
-    "dataform.workflowInvocations.delete",
-    "dataform.workflowInvocations.get",
-    "dataform.workflowInvocations.list",
-    "dataform.workflowInvocations.query",
-    "dataform.workspaces.commit",
-    "dataform.workspaces.create",
-    "dataform.workspaces.delete",
-    "dataform.workspaces.fetchFileDiff",
-    "dataform.workspaces.fetchFileGitStatuses",
-    "dataform.workspaces.fetchGitAheadBehind",
-    "dataform.workspaces.get",
-    "dataform.workspaces.getIamPolicy",
-    "dataform.workspaces.installNpmPackages",
-    "dataform.workspaces.list",
-    "dataform.workspaces.makeDirectory",
-    "dataform.workspaces.moveDirectory",
-    "dataform.workspaces.moveFile",
-    "dataform.workspaces.pull",
-    "dataform.workspaces.push",
-    "dataform.workspaces.queryDirectoryContents",
-    "dataform.workspaces.readFile",
-    "dataform.workspaces.removeDirectory",
-    "dataform.workspaces.removeFile",
-    "dataform.workspaces.reset",
-    "dataform.workspaces.searchFiles",
-    "dataform.workspaces.setIamPolicy",
-    "dataform.workspaces.writeFile",
     "resourcemanager.projects.get",
     "resourcemanager.projects.list"
   ],

roles/bigquery.studioAdmin

@@ -125,8 +125,6 @@
     "bigquery.transfers.get",
     "bigquery.transfers.update",
     "bigquerymigration.translation.translate",
-    "compute.reservations.get",
-    "compute.reservations.list",
     "dataform.compilationResults.create",
     "dataform.compilationResults.get",
     "dataform.compilationResults.list",

roles/datafusion.serviceAgent

@@ -296,10 +296,6 @@
     "compute.vpnTunnels.list",
     "compute.zones.get",
     "compute.zones.list",
-    "dataform.locations.get",
-    "dataform.locations.list",
-    "dataform.repositories.create",
-    "dataform.repositories.list",
     "dataproc.autoscalingPolicies.create",
     "dataproc.autoscalingPolicies.delete",
     "dataproc.autoscalingPolicies.get",

roles/dataplex.serviceAgent

@@ -119,64 +119,6 @@
     "datacatalog.taxonomies.get",
     "datacatalog.taxonomies.list",
     "datacatalog.taxonomies.update",
-    "dataform.compilationResults.create",
-    "dataform.compilationResults.get",
-    "dataform.compilationResults.list",
-    "dataform.compilationResults.query",
-    "dataform.locations.get",
-    "dataform.locations.list",
-    "dataform.releaseConfigs.create",
-    "dataform.releaseConfigs.delete",
-    "dataform.releaseConfigs.get",
-    "dataform.releaseConfigs.list",
-    "dataform.releaseConfigs.update",
-    "dataform.repositories.commit",
-    "dataform.repositories.computeAccessTokenStatus",
-    "dataform.repositories.create",
-    "dataform.repositories.delete",
-    "dataform.repositories.fetchHistory",
-    "dataform.repositories.fetchRemoteBranches",
-    "dataform.repositories.get",
-    "dataform.repositories.getIamPolicy",
-    "dataform.repositories.list",
-    "dataform.repositories.queryDirectoryContents",
-    "dataform.repositories.readFile",
-    "dataform.repositories.setIamPolicy",
-    "dataform.repositories.update",
-    "dataform.workflowConfigs.create",
-    "dataform.workflowConfigs.delete",
-    "dataform.workflowConfigs.get",
-    "dataform.workflowConfigs.list",
-    "dataform.workflowConfigs.update",
-    "dataform.workflowInvocations.cancel",
-    "dataform.workflowInvocations.create",
-    "dataform.workflowInvocations.delete",
-    "dataform.workflowInvocations.get",
-    "dataform.workflowInvocations.list",
-    "dataform.workflowInvocations.query",
-    "dataform.workspaces.commit",
-    "dataform.workspaces.create",
-    "dataform.workspaces.delete",
-    "dataform.workspaces.fetchFileDiff",
-    "dataform.workspaces.fetchFileGitStatuses",
-    "dataform.workspaces.fetchGitAheadBehind",
-    "dataform.workspaces.get",
-    "dataform.workspaces.getIamPolicy",
-    "dataform.workspaces.installNpmPackages",
-    "dataform.workspaces.list",
-    "dataform.workspaces.makeDirectory",
-    "dataform.workspaces.moveDirectory",
-    "dataform.workspaces.moveFile",
-    "dataform.workspaces.pull",
-    "dataform.workspaces.push",
-    "dataform.workspaces.queryDirectoryContents",
-    "dataform.workspaces.readFile",
-    "dataform.workspaces.removeDirectory",
-    "dataform.workspaces.removeFile",
-    "dataform.workspaces.reset",
-    "dataform.workspaces.searchFiles",
-    "dataform.workspaces.setIamPolicy",
-    "dataform.workspaces.writeFile",
     "dataplex.assets.getIamPolicy",
     "dataplex.environments.execute",
     "dataplex.environments.get",

roles/dlp.serviceAgent

@@ -85,10 +85,6 @@
     "datacatalog.tagTemplates.setIamPolicy",
     "datacatalog.tagTemplates.update",
     "datacatalog.tagTemplates.use",
-    "dataform.locations.get",
-    "dataform.locations.list",
-    "dataform.repositories.create",
-    "dataform.repositories.list",
     "datastore.databases.get",
     "datastore.databases.getMetadata",
     "datastore.databases.list",

roles/securityposture.reportCreator

@@ -1,6 +1,9 @@
 {
   "description": "Create access for Reports, e.g. IaC Validation Report.",
   "etag": "AA==",
+  "includedPermissions": [
+    "securityposture.operations.get"
+  ],
   "name": "roles/securityposture.reportCreator",
   "stage": "GA",
   "title": "Security Posture Shift-Left Validator"