GCP IAM Updates Detected

roles/apigateway.viewer

@@ -21,6 +21,7 @@
     "resourcemanager.projects.get",
     "resourcemanager.projects.list",
     "servicemanagement.services.get",
+    "serviceusage.services.get",
     "serviceusage.services.list"
   ],
   "name": "roles/apigateway.viewer",

roles/assuredworkloads.serviceAgent

@@ -5,6 +5,7 @@
     "cloudkms.cryptoKeys.create",
     "cloudkms.keyRings.create",
     "serviceusage.services.enable",
+    "serviceusage.services.get",
     "serviceusage.services.use"
   ],
   "name": "roles/assuredworkloads.serviceAgent",

roles/automl.admin

@@ -60,6 +60,7 @@
     "automl.tableSpecs.update",
     "resourcemanager.projects.get",
     "resourcemanager.projects.list",
+    "serviceusage.services.get",
     "serviceusage.services.list"
   ],
   "name": "roles/automl.admin",

roles/automl.viewer

@@ -26,6 +26,7 @@
     "automl.tableSpecs.list",
     "resourcemanager.projects.get",
     "resourcemanager.projects.list",
+    "serviceusage.services.get",
     "serviceusage.services.list"
   ],
   "name": "roles/automl.viewer",

roles/consumerprocurement.entitlementViewer

@@ -15,6 +15,6 @@
     "serviceusage.services.list"
   ],
   "name": "roles/consumerprocurement.entitlementViewer",
-  "stage": "BETA",
+  "stage": "GA",
   "title": "Consumer Procurement Entitlement Viewer"
 }

roles/consumerprocurement.orderViewer

@@ -21,6 +21,6 @@
     "consumerprocurement.orders.list"
   ],
   "name": "roles/consumerprocurement.orderViewer",
-  "stage": "BETA",
+  "stage": "GA",
   "title": "Consumer Procurement Order Viewer"
 }

roles/consumerprocurement.procurementViewer

@@ -30,6 +30,6 @@
     "serviceusage.services.list"
   ],
   "name": "roles/consumerprocurement.procurementViewer",
-  "stage": "BETA",
+  "stage": "GA",
   "title": "Consumer Procurement Viewer"
 }

roles/enterprisepurchasing.admin

@@ -2,10 +2,20 @@
   "description": "Full access to Enterprise Purchasing resources.",
   "etag": "AA==",
   "includedPermissions": [
+    "enterprisepurchasing.gcveCuds.create",
+    "enterprisepurchasing.gcveCuds.get",
+    "enterprisepurchasing.gcveCuds.list",
+    "enterprisepurchasing.gcveNodePricingInfo.list",
+    "enterprisepurchasing.locations.get",
+    "enterprisepurchasing.locations.list",
+    "enterprisepurchasing.operations.cancel",
+    "enterprisepurchasing.operations.delete",
+    "enterprisepurchasing.operations.get",
+    "enterprisepurchasing.operations.list",
     "resourcemanager.projects.get",
     "resourcemanager.projects.list"
   ],
   "name": "roles/enterprisepurchasing.admin",
-  "stage": "ALPHA",
+  "stage": "BETA",
   "title": "Enterprise Purchasing Admin"
 }

roles/enterprisepurchasing.viewer

@@ -13,6 +13,6 @@
     "resourcemanager.projects.list"
   ],
   "name": "roles/enterprisepurchasing.viewer",
-  "stage": "ALPHA",
+  "stage": "BETA",
   "title": "Enterprise Purchasing Viewer"
 }

roles/mandiant.expertiseOnDemandViewer

@@ -8,6 +8,6 @@
     "resourcemanager.projects.list"
   ],
   "name": "roles/mandiant.expertiseOnDemandViewer",
-  "stage": "ALPHA",
+  "stage": "BETA",
   "title": "Mandiant Expertise On Demand Viewer"
 }

roles/mandiant.threatIntelEditor

@@ -12,6 +12,6 @@
     "resourcemanager.projects.list"
   ],
   "name": "roles/mandiant.threatIntelEditor",
-  "stage": "ALPHA",
+  "stage": "BETA",
   "title": "Mandiant Threat Intel Editor"
 }

roles/marketplacesolutions.admin

@@ -0,0 +1,32 @@
+{
+  "description": "Full access to Marketplace Solutions resources.",
+  "etag": "AA==",
+  "includedPermissions": [
+    "marketplacesolutions.locations.get",
+    "marketplacesolutions.locations.list",
+    "marketplacesolutions.operations.cancel",
+    "marketplacesolutions.operations.delete",
+    "marketplacesolutions.operations.get",
+    "marketplacesolutions.operations.list",
+    "marketplacesolutions.powerImages.get",
+    "marketplacesolutions.powerImages.list",
+    "marketplacesolutions.powerInstances.applyPowerAction",
+    "marketplacesolutions.powerInstances.create",
+    "marketplacesolutions.powerInstances.delete",
+    "marketplacesolutions.powerInstances.get",
+    "marketplacesolutions.powerInstances.list",
+    "marketplacesolutions.powerInstances.reset",
+    "marketplacesolutions.powerInstances.update",
+    "marketplacesolutions.powerNetworks.get",
+    "marketplacesolutions.powerNetworks.list",
+    "marketplacesolutions.powerSshKeys.get",
+    "marketplacesolutions.powerSshKeys.list",
+    "marketplacesolutions.powerVolumes.get",
+    "marketplacesolutions.powerVolumes.list",
+    "resourcemanager.projects.get",
+    "resourcemanager.projects.list"
+  ],
+  "name": "roles/marketplacesolutions.admin",
+  "stage": "BETA",
+  "title": "Marketplace Solutions Admin"
+}

roles/marketplacesolutions.editor

@@ -0,0 +1,26 @@
+{
+  "description": "Edit access to Marketplace Solutions resources.",
+  "etag": "AA==",
+  "includedPermissions": [
+    "marketplacesolutions.locations.get",
+    "marketplacesolutions.locations.list",
+    "marketplacesolutions.operations.get",
+    "marketplacesolutions.operations.list",
+    "marketplacesolutions.powerImages.get",
+    "marketplacesolutions.powerImages.list",
+    "marketplacesolutions.powerInstances.get",
+    "marketplacesolutions.powerInstances.list",
+    "marketplacesolutions.powerInstances.update",
+    "marketplacesolutions.powerNetworks.get",
+    "marketplacesolutions.powerNetworks.list",
+    "marketplacesolutions.powerSshKeys.get",
+    "marketplacesolutions.powerSshKeys.list",
+    "marketplacesolutions.powerVolumes.get",
+    "marketplacesolutions.powerVolumes.list",
+    "resourcemanager.projects.get",
+    "resourcemanager.projects.list"
+  ],
+  "name": "roles/marketplacesolutions.editor",
+  "stage": "ALPHA",
+  "title": "Marketplace Solutions Editor"
+}

roles/marketplacesolutions.viewer

@@ -0,0 +1,25 @@
+{
+  "description": "Readonly access to Marketplace Solutions resources.",
+  "etag": "AA==",
+  "includedPermissions": [
+    "marketplacesolutions.locations.get",
+    "marketplacesolutions.locations.list",
+    "marketplacesolutions.operations.get",
+    "marketplacesolutions.operations.list",
+    "marketplacesolutions.powerImages.get",
+    "marketplacesolutions.powerImages.list",
+    "marketplacesolutions.powerInstances.get",
+    "marketplacesolutions.powerInstances.list",
+    "marketplacesolutions.powerNetworks.get",
+    "marketplacesolutions.powerNetworks.list",
+    "marketplacesolutions.powerSshKeys.get",
+    "marketplacesolutions.powerSshKeys.list",
+    "marketplacesolutions.powerVolumes.get",
+    "marketplacesolutions.powerVolumes.list",
+    "resourcemanager.projects.get",
+    "resourcemanager.projects.list"
+  ],
+  "name": "roles/marketplacesolutions.viewer",
+  "stage": "BETA",
+  "title": "Marketplace Solutions Viewer"
+}

roles/monitoring.editor

@@ -64,6 +64,7 @@
     "resourcemanager.projects.get",
     "resourcemanager.projects.list",
     "serviceusage.services.enable",
+    "serviceusage.services.get",
     "stackdriver.projects.edit",
     "stackdriver.projects.get",
     "stackdriver.resourceMetadata.list",

roles/securitycenter.automationServiceAgent

@@ -13,7 +13,8 @@
     "resourcemanager.projects.get",
     "resourcemanager.projects.getIamPolicy",
     "resourcemanager.projects.list",
-    "serviceusage.services.enable"
+    "serviceusage.services.enable",
+    "serviceusage.services.get"
   ],
   "name": "roles/securitycenter.automationServiceAgent",
   "stage": "GA",

roles/securitycenter.complianceSnapshotsViewer

@@ -5,6 +5,6 @@
     "securitycenter.compliancesnapshots.list"
   ],
   "name": "roles/securitycenter.complianceSnapshotsViewer",
-  "stage": "ALPHA",
+  "stage": "BETA",
   "title": "Security Center Compliance Snapshots Viewer"
 }

roles/securitycenter.findingsViewer

@@ -5,6 +5,7 @@
     "resourcemanager.folders.get",
     "resourcemanager.organizations.get",
     "resourcemanager.projects.get",
+    "securitycenter.compliancesnapshots.list",
     "securitycenter.findingexplanations.get",
     "securitycenter.findings.group",
     "securitycenter.findings.list",

roles/securityposture.postureDeploymentsViewer

@@ -8,6 +8,6 @@
     "securityposture.postureDeployments.list"
   ],
   "name": "roles/securityposture.postureDeploymentsViewer",
-  "stage": "EAP",
+  "stage": "GA",
   "title": "Security Posture Deployments Viewer"
 }

roles/securityposture.postureEditor

@@ -10,6 +10,6 @@
     "securityposture.postures.update"
   ],
   "name": "roles/securityposture.postureEditor",
-  "stage": "EAP",
+  "stage": "GA",
   "title": "Security Posture Resource Editor"
 }

roles/securityposture.postureViewer

@@ -8,6 +8,6 @@
     "securityposture.postures.list"
   ],
   "name": "roles/securityposture.postureViewer",
-  "stage": "EAP",
+  "stage": "GA",
   "title": "Security Posture Resource Viewer"
 }

roles/stackdriver.accounts.editor

@@ -5,6 +5,7 @@
     "resourcemanager.projects.get",
     "resourcemanager.projects.list",
     "serviceusage.services.enable",
+    "serviceusage.services.get",
     "stackdriver.projects.edit",
     "stackdriver.projects.get"
   ],

roles/viewer

@@ -2181,6 +2181,13 @@
     "enterpriseknowledgegraph.entityReconciliationJobs.list",
     "enterpriseknowledgegraph.publicKnowledgeGraphEntities.lookup",
     "enterpriseknowledgegraph.publicKnowledgeGraphEntities.search",
+    "enterprisepurchasing.gcveCuds.get",
+    "enterprisepurchasing.gcveCuds.list",
+    "enterprisepurchasing.gcveNodePricingInfo.list",
+    "enterprisepurchasing.locations.get",
+    "enterprisepurchasing.locations.list",
+    "enterprisepurchasing.operations.get",
+    "enterprisepurchasing.operations.list",
     "errorreporting.applications.list",
     "errorreporting.errorEvents.list",
     "errorreporting.groupMetadata.get",
@@ -2676,6 +2683,20 @@
     "mapsplatformdatasets.datasets.export",
     "mapsplatformdatasets.datasets.get",
     "mapsplatformdatasets.datasets.list",
+    "marketplacesolutions.locations.get",
+    "marketplacesolutions.locations.list",
+    "marketplacesolutions.operations.get",
+    "marketplacesolutions.operations.list",
+    "marketplacesolutions.powerImages.get",
+    "marketplacesolutions.powerImages.list",
+    "marketplacesolutions.powerInstances.get",
+    "marketplacesolutions.powerInstances.list",
+    "marketplacesolutions.powerNetworks.get",
+    "marketplacesolutions.powerNetworks.list",
+    "marketplacesolutions.powerSshKeys.get",
+    "marketplacesolutions.powerSshKeys.list",
+    "marketplacesolutions.powerVolumes.get",
+    "marketplacesolutions.powerVolumes.list",
     "memcache.instances.get",
     "memcache.instances.list",
     "memcache.locations.get",
@@ -3422,6 +3443,7 @@
     "securitycenter.attackpaths.list",
     "securitycenter.bigQueryExports.get",
     "securitycenter.bigQueryExports.list",
+    "securitycenter.compliancesnapshots.list",
     "securitycenter.containerthreatdetectionsettings.calculate",
     "securitycenter.containerthreatdetectionsettings.get",
     "securitycenter.effectivesecurityhealthanalyticscustommodules.get",

roles/workflows.editor

@@ -1,5 +1,5 @@
 {
-  "description": "Read and write access to workflows and related resources.",
+  "description": "Read and write access to workflows and related resources, including development and debugging of workflows.",
   "etag": "AA==",
   "includedPermissions": [
     "resourcemanager.projects.get",