GCP IAM Updates Detected

roles/alloydb.admin

@@ -3,15 +3,23 @@
   "etag": "AA==",
   "includedPermissions": [
     "alloydb.backups.create",
+    "alloydb.backups.createTagBinding",
     "alloydb.backups.delete",
+    "alloydb.backups.deleteTagBinding",
     "alloydb.backups.get",
     "alloydb.backups.list",
+    "alloydb.backups.listEffectiveTags",
+    "alloydb.backups.listTagBindings",
     "alloydb.backups.update",
     "alloydb.clusters.create",
+    "alloydb.clusters.createTagBinding",
     "alloydb.clusters.delete",
+    "alloydb.clusters.deleteTagBinding",
     "alloydb.clusters.generateClientCertificate",
     "alloydb.clusters.get",
     "alloydb.clusters.list",
+    "alloydb.clusters.listEffectiveTags",
+    "alloydb.clusters.listTagBindings",
     "alloydb.clusters.update",
     "alloydb.databases.list",
     "alloydb.instances.connect",

roles/alloydb.viewer

@@ -4,8 +4,12 @@
   "includedPermissions": [
     "alloydb.backups.get",
     "alloydb.backups.list",
+    "alloydb.backups.listEffectiveTags",
+    "alloydb.backups.listTagBindings",
     "alloydb.clusters.get",
     "alloydb.clusters.list",
+    "alloydb.clusters.listEffectiveTags",
+    "alloydb.clusters.listTagBindings",
     "alloydb.databases.list",
     "alloydb.instances.get",
     "alloydb.instances.list",

roles/batch.serviceAgent

@@ -322,6 +322,8 @@
     "compute.sslPolicies.listAvailableFeatures",
     "compute.sslPolicies.listEffectiveTags",
     "compute.sslPolicies.listTagBindings",
+    "compute.storagePools.get",
+    "compute.storagePools.list",
     "compute.subnetworks.get",
     "compute.subnetworks.list",
     "compute.subnetworks.listEffectiveTags",

roles/cloudsql.schemaViewer

@@ -0,0 +1,10 @@
+{
+  "description": "Role allowing access to the Cloud SQL instance schema on Dataplex",
+  "etag": "AA==",
+  "includedPermissions": [
+    "cloudsql.schemas.view"
+  ],
+  "name": "roles/cloudsql.schemaViewer",
+  "stage": "ALPHA",
+  "title": "Cloud SQL Schema Viewer"
+}

roles/composer.worker

@@ -560,6 +560,7 @@
     "storage.objects.getIamPolicy",
     "storage.objects.list",
     "storage.objects.overrideUnlockedRetention",
+    "storage.objects.restore",
     "storage.objects.setIamPolicy",
     "storage.objects.setRetention",
     "storage.objects.update"

roles/compute.instanceAdmin.v1

@@ -333,6 +333,8 @@
     "compute.sslPolicies.listAvailableFeatures",
     "compute.sslPolicies.listEffectiveTags",
     "compute.sslPolicies.listTagBindings",
+    "compute.storagePools.get",
+    "compute.storagePools.list",
     "compute.subnetworks.get",
     "compute.subnetworks.list",
     "compute.subnetworks.listEffectiveTags",

roles/compute.viewer

@@ -244,6 +244,9 @@
     "compute.sslPolicies.listAvailableFeatures",
     "compute.sslPolicies.listEffectiveTags",
     "compute.sslPolicies.listTagBindings",
+    "compute.storagePools.get",
+    "compute.storagePools.getIamPolicy",
+    "compute.storagePools.list",
     "compute.subnetworks.get",
     "compute.subnetworks.getIamPolicy",
     "compute.subnetworks.list",

roles/dataflow.serviceAgent

@@ -662,6 +662,12 @@
     "compute.sslPolicies.listTagBindings",
     "compute.sslPolicies.update",
     "compute.sslPolicies.use",
+    "compute.storagePools.create",
+    "compute.storagePools.delete",
+    "compute.storagePools.get",
+    "compute.storagePools.getIamPolicy",
+    "compute.storagePools.list",
+    "compute.storagePools.update",
     "compute.subnetworks.create",
     "compute.subnetworks.createTagBinding",
     "compute.subnetworks.delete",
@@ -1240,6 +1246,9 @@
     "serviceusage.services.use",
     "stackdriver.projects.get",
     "stackdriver.resourceMetadata.list",
+    "storage.bucketOperations.cancel",
+    "storage.bucketOperations.get",
+    "storage.bucketOperations.list",
     "storage.buckets.create",
     "storage.buckets.createTagBinding",
     "storage.buckets.delete",
@@ -1251,6 +1260,7 @@
     "storage.buckets.list",
     "storage.buckets.listEffectiveTags",
     "storage.buckets.listTagBindings",
+    "storage.buckets.restore",
     "storage.buckets.setIamPolicy",
     "storage.buckets.update",
     "storage.managedFolders.create",
@@ -1269,6 +1279,7 @@
     "storage.objects.getIamPolicy",
     "storage.objects.list",
     "storage.objects.overrideUnlockedRetention",
+    "storage.objects.restore",
     "storage.objects.setIamPolicy",
     "storage.objects.setRetention",
     "storage.objects.update",

roles/datafusion.serviceAgent

@@ -470,6 +470,9 @@
     "spanner.sessions.delete",
     "spanner.sessions.get",
     "spanner.sessions.list",
+    "storage.bucketOperations.cancel",
+    "storage.bucketOperations.get",
+    "storage.bucketOperations.list",
     "storage.buckets.create",
     "storage.buckets.createTagBinding",
     "storage.buckets.delete",
@@ -481,6 +484,7 @@
     "storage.buckets.list",
     "storage.buckets.listEffectiveTags",
     "storage.buckets.listTagBindings",
+    "storage.buckets.restore",
     "storage.buckets.setIamPolicy",
     "storage.buckets.update",
     "storage.managedFolders.create",
@@ -499,6 +503,7 @@
     "storage.objects.getIamPolicy",
     "storage.objects.list",
     "storage.objects.overrideUnlockedRetention",
+    "storage.objects.restore",
     "storage.objects.setIamPolicy",
     "storage.objects.setRetention",
     "storage.objects.update",

roles/datapipelines.serviceAgent

@@ -58,6 +58,9 @@
     "resourcemanager.projects.list",
     "serviceusage.services.get",
     "serviceusage.services.list",
+    "storage.bucketOperations.cancel",
+    "storage.bucketOperations.get",
+    "storage.bucketOperations.list",
     "storage.buckets.create",
     "storage.buckets.createTagBinding",
     "storage.buckets.delete",
@@ -69,6 +72,7 @@
     "storage.buckets.list",
     "storage.buckets.listEffectiveTags",
     "storage.buckets.listTagBindings",
+    "storage.buckets.restore",
     "storage.buckets.setIamPolicy",
     "storage.buckets.update",
     "storage.managedFolders.create",
@@ -87,6 +91,7 @@
     "storage.objects.getIamPolicy",
     "storage.objects.list",
     "storage.objects.overrideUnlockedRetention",
+    "storage.objects.restore",
     "storage.objects.setIamPolicy",
     "storage.objects.setRetention",
     "storage.objects.update"

roles/dataprep.serviceAgent

@@ -301,6 +301,9 @@
     "compute.sslPolicies.listAvailableFeatures",
     "compute.sslPolicies.listEffectiveTags",
     "compute.sslPolicies.listTagBindings",
+    "compute.storagePools.get",
+    "compute.storagePools.getIamPolicy",
+    "compute.storagePools.list",
     "compute.subnetworks.get",
     "compute.subnetworks.getIamPolicy",
     "compute.subnetworks.list",
@@ -392,6 +395,7 @@
     "storage.objects.getIamPolicy",
     "storage.objects.list",
     "storage.objects.overrideUnlockedRetention",
+    "storage.objects.restore",
     "storage.objects.setIamPolicy",
     "storage.objects.setRetention",
     "storage.objects.update"

roles/dataproc.worker

@@ -33,6 +33,7 @@
     "storage.objects.getIamPolicy",
     "storage.objects.list",
     "storage.objects.overrideUnlockedRetention",
+    "storage.objects.restore",
     "storage.objects.setIamPolicy",
     "storage.objects.setRetention",
     "storage.objects.update"

roles/dlp.serviceAgent

@@ -168,6 +168,9 @@
     "serviceusage.services.get",
     "serviceusage.services.list",
     "serviceusage.services.use",
+    "storage.bucketOperations.cancel",
+    "storage.bucketOperations.get",
+    "storage.bucketOperations.list",
     "storage.buckets.create",
     "storage.buckets.createTagBinding",
     "storage.buckets.delete",
@@ -179,6 +182,7 @@
     "storage.buckets.list",
     "storage.buckets.listEffectiveTags",
     "storage.buckets.listTagBindings",
+    "storage.buckets.restore",
     "storage.buckets.setIamPolicy",
     "storage.buckets.update",
     "storage.managedFolders.create",
@@ -197,6 +201,7 @@
     "storage.objects.getIamPolicy",
     "storage.objects.list",
     "storage.objects.overrideUnlockedRetention",
+    "storage.objects.restore",
     "storage.objects.setIamPolicy",
     "storage.objects.setRetention",
     "storage.objects.update"

roles/iam.securityReviewer

@@ -568,6 +568,8 @@
     "compute.snapshots.list",
     "compute.sslCertificates.list",
     "compute.sslPolicies.list",
+    "compute.storagePools.getIamPolicy",
+    "compute.storagePools.list",
     "compute.subnetworks.getIamPolicy",
     "compute.subnetworks.list",
     "compute.targetGrpcProxies.list",
@@ -1413,6 +1415,8 @@
     "recommender.cloudManageabilityGeneralRecommendations.list",
     "recommender.cloudPerformanceGeneralInsights.list",
     "recommender.cloudPerformanceGeneralRecommendations.list",
+    "recommender.cloudRecentChangeInsights.list",
+    "recommender.cloudRecentChangeRecommendations.list",
     "recommender.cloudReliabilityGeneralInsights.list",
     "recommender.cloudReliabilityGeneralRecommendations.list",
     "recommender.cloudSecurityGeneralInsights.list",
@@ -1646,6 +1650,7 @@
     "speech.phraseSets.list",
     "speech.recognizers.list",
     "stackdriver.resourceMetadata.list",
+    "storage.bucketOperations.list",
     "storage.buckets.getIamPolicy",
     "storage.buckets.list",
     "storage.hmacKeys.list",

roles/ml.serviceAgent

@@ -58,6 +58,9 @@
     "recommender.iamPolicyRecommendations.update",
     "resourcemanager.projects.get",
     "resourcemanager.projects.list",
+    "storage.bucketOperations.cancel",
+    "storage.bucketOperations.get",
+    "storage.bucketOperations.list",
     "storage.buckets.create",
     "storage.buckets.createTagBinding",
     "storage.buckets.delete",
@@ -69,6 +72,7 @@
     "storage.buckets.list",
     "storage.buckets.listEffectiveTags",
     "storage.buckets.listTagBindings",
+    "storage.buckets.restore",
     "storage.buckets.setIamPolicy",
     "storage.buckets.update",
     "storage.managedFolders.create",
@@ -87,6 +91,7 @@
     "storage.objects.getIamPolicy",
     "storage.objects.list",
     "storage.objects.overrideUnlockedRetention",
+    "storage.objects.restore",
     "storage.objects.setIamPolicy",
     "storage.objects.setRetention",
     "storage.objects.update"

roles/notebooks.admin

@@ -244,6 +244,9 @@
     "compute.sslPolicies.listAvailableFeatures",
     "compute.sslPolicies.listEffectiveTags",
     "compute.sslPolicies.listTagBindings",
+    "compute.storagePools.get",
+    "compute.storagePools.getIamPolicy",
+    "compute.storagePools.list",
     "compute.subnetworks.get",
     "compute.subnetworks.getIamPolicy",
     "compute.subnetworks.list",

roles/notebooks.legacyViewer

@@ -244,6 +244,9 @@
     "compute.sslPolicies.listAvailableFeatures",
     "compute.sslPolicies.listEffectiveTags",
     "compute.sslPolicies.listTagBindings",
+    "compute.storagePools.get",
+    "compute.storagePools.getIamPolicy",
+    "compute.storagePools.list",
     "compute.subnetworks.get",
     "compute.subnetworks.getIamPolicy",
     "compute.subnetworks.list",

roles/notebooks.serviceAgent

@@ -395,6 +395,9 @@
     "compute.sslPolicies.listAvailableFeatures",
     "compute.sslPolicies.listEffectiveTags",
     "compute.sslPolicies.listTagBindings",
+    "compute.storagePools.get",
+    "compute.storagePools.getIamPolicy",
+    "compute.storagePools.list",
     "compute.subnetworks.get",
     "compute.subnetworks.getIamPolicy",
     "compute.subnetworks.list",

roles/recommender.recentchangeriskAdmin

@@ -2,6 +2,14 @@
   "description": "Admin of Recent Change Risk Insights and Recommendations.",
   "etag": "AA==",
   "includedPermissions": [
+    "recommender.cloudRecentChangeInsights.get",
+    "recommender.cloudRecentChangeInsights.list",
+    "recommender.cloudRecentChangeInsights.update",
+    "recommender.cloudRecentChangeRecommendations.get",
+    "recommender.cloudRecentChangeRecommendations.list",
+    "recommender.cloudRecentChangeRecommendations.update",
+    "recommender.cloudRecentChangeRecommenderConfig.get",
+    "recommender.cloudRecentChangeRecommenderConfig.update",
     "recommender.locations.get",
     "recommender.locations.list",
     "resourcemanager.projects.get",

roles/storage.admin

@@ -12,6 +12,9 @@
     "recommender.iamPolicyRecommendations.update",
     "resourcemanager.projects.get",
     "resourcemanager.projects.list",
+    "storage.bucketOperations.cancel",
+    "storage.bucketOperations.get",
+    "storage.bucketOperations.list",
     "storage.buckets.create",
     "storage.buckets.createTagBinding",
     "storage.buckets.delete",
@@ -23,6 +26,7 @@
     "storage.buckets.list",
     "storage.buckets.listEffectiveTags",
     "storage.buckets.listTagBindings",
+    "storage.buckets.restore",
     "storage.buckets.setIamPolicy",
     "storage.buckets.update",
     "storage.managedFolders.create",
@@ -41,6 +45,7 @@
     "storage.objects.getIamPolicy",
     "storage.objects.list",
     "storage.objects.overrideUnlockedRetention",
+    "storage.objects.restore",
     "storage.objects.setIamPolicy",
     "storage.objects.setRetention",
     "storage.objects.update"

roles/storage.legacyBucketWriter

@@ -14,6 +14,7 @@
     "storage.objects.create",
     "storage.objects.delete",
     "storage.objects.list",
+    "storage.objects.restore",
     "storage.objects.setRetention"
   ],
   "name": "roles/storage.legacyBucketWriter",