GCP IAM Updates Detected

roles/aiplatform.admin

@@ -2,6 +2,16 @@
   "description": "Grants full access to all resources in Vertex AI",
   "etag": "AA==",
   "includedPermissions": [
+    "aiplatform.agentExamples.create",
+    "aiplatform.agentExamples.delete",
+    "aiplatform.agentExamples.get",
+    "aiplatform.agentExamples.list",
+    "aiplatform.agentExamples.update",
+    "aiplatform.agents.create",
+    "aiplatform.agents.delete",
+    "aiplatform.agents.get",
+    "aiplatform.agents.list",
+    "aiplatform.agents.update",
     "aiplatform.annotationSpecs.create",
     "aiplatform.annotationSpecs.delete",
     "aiplatform.annotationSpecs.get",
@@ -12,6 +22,11 @@
     "aiplatform.annotations.get",
     "aiplatform.annotations.list",
     "aiplatform.annotations.update",
+    "aiplatform.apps.create",
+    "aiplatform.apps.delete",
+    "aiplatform.apps.get",
+    "aiplatform.apps.list",
+    "aiplatform.apps.update",
     "aiplatform.artifacts.create",
     "aiplatform.artifacts.delete",
     "aiplatform.artifacts.get",
@@ -22,6 +37,8 @@
     "aiplatform.batchPredictionJobs.delete",
     "aiplatform.batchPredictionJobs.get",
     "aiplatform.batchPredictionJobs.list",
+    "aiplatform.cacheConfigs.get",
+    "aiplatform.cacheConfigs.update",
     "aiplatform.consents.get",
     "aiplatform.consents.update",
     "aiplatform.contexts.addContextArtifactsAndExecutions",
@@ -255,6 +272,9 @@
     "aiplatform.schedules.get",
     "aiplatform.schedules.list",
     "aiplatform.schedules.update",
+    "aiplatform.sessions.get",
+    "aiplatform.sessions.list",
+    "aiplatform.sessions.run",
     "aiplatform.specialistPools.create",
     "aiplatform.specialistPools.delete",
     "aiplatform.specialistPools.get",
@@ -307,6 +327,7 @@
     "aiplatform.tuningJobs.delete",
     "aiplatform.tuningJobs.get",
     "aiplatform.tuningJobs.list",
+    "aiplatform.tuningJobs.vertexTune",
     "resourcemanager.projects.get",
     "resourcemanager.projects.list"
   ],

roles/aiplatform.customCodeServiceAgent

@@ -2,6 +2,16 @@
   "description": "Gives Vertex AI Custom Code the proper permissions.",
   "etag": "AA==",
   "includedPermissions": [
+    "aiplatform.agentExamples.create",
+    "aiplatform.agentExamples.delete",
+    "aiplatform.agentExamples.get",
+    "aiplatform.agentExamples.list",
+    "aiplatform.agentExamples.update",
+    "aiplatform.agents.create",
+    "aiplatform.agents.delete",
+    "aiplatform.agents.get",
+    "aiplatform.agents.list",
+    "aiplatform.agents.update",
     "aiplatform.annotationSpecs.create",
     "aiplatform.annotationSpecs.delete",
     "aiplatform.annotationSpecs.get",
@@ -12,6 +22,11 @@
     "aiplatform.annotations.get",
     "aiplatform.annotations.list",
     "aiplatform.annotations.update",
+    "aiplatform.apps.create",
+    "aiplatform.apps.delete",
+    "aiplatform.apps.get",
+    "aiplatform.apps.list",
+    "aiplatform.apps.update",
     "aiplatform.artifacts.create",
     "aiplatform.artifacts.delete",
     "aiplatform.artifacts.get",
@@ -22,6 +37,7 @@
     "aiplatform.batchPredictionJobs.delete",
     "aiplatform.batchPredictionJobs.get",
     "aiplatform.batchPredictionJobs.list",
+    "aiplatform.cacheConfigs.get",
     "aiplatform.consents.get",
     "aiplatform.contexts.addContextArtifactsAndExecutions",
     "aiplatform.contexts.addContextChildren",
@@ -242,6 +258,9 @@
     "aiplatform.schedules.get",
     "aiplatform.schedules.list",
     "aiplatform.schedules.update",
+    "aiplatform.sessions.get",
+    "aiplatform.sessions.list",
+    "aiplatform.sessions.run",
     "aiplatform.specialistPools.create",
     "aiplatform.specialistPools.delete",
     "aiplatform.specialistPools.get",
@@ -293,6 +312,7 @@
     "aiplatform.tuningJobs.delete",
     "aiplatform.tuningJobs.get",
     "aiplatform.tuningJobs.list",
+    "aiplatform.tuningJobs.vertexTune",
     "artifactregistry.repositories.downloadArtifacts",
     "artifactregistry.repositories.get",
     "artifactregistry.repositories.list",

roles/aiplatform.notebookRuntimeAdmin

@@ -9,6 +9,7 @@
     "aiplatform.notebookRuntimeTemplates.getIamPolicy",
     "aiplatform.notebookRuntimeTemplates.list",
     "aiplatform.notebookRuntimeTemplates.setIamPolicy",
+    "aiplatform.notebookRuntimeTemplates.update",
     "aiplatform.notebookRuntimes.assign",
     "aiplatform.notebookRuntimes.delete",
     "aiplatform.notebookRuntimes.get",

roles/aiplatform.user

@@ -2,6 +2,16 @@
   "description": "Grants access to use all resource in Vertex AI",
   "etag": "AA==",
   "includedPermissions": [
+    "aiplatform.agentExamples.create",
+    "aiplatform.agentExamples.delete",
+    "aiplatform.agentExamples.get",
+    "aiplatform.agentExamples.list",
+    "aiplatform.agentExamples.update",
+    "aiplatform.agents.create",
+    "aiplatform.agents.delete",
+    "aiplatform.agents.get",
+    "aiplatform.agents.list",
+    "aiplatform.agents.update",
     "aiplatform.annotationSpecs.create",
     "aiplatform.annotationSpecs.delete",
     "aiplatform.annotationSpecs.get",
@@ -12,6 +22,11 @@
     "aiplatform.annotations.get",
     "aiplatform.annotations.list",
     "aiplatform.annotations.update",
+    "aiplatform.apps.create",
+    "aiplatform.apps.delete",
+    "aiplatform.apps.get",
+    "aiplatform.apps.list",
+    "aiplatform.apps.update",
     "aiplatform.artifacts.create",
     "aiplatform.artifacts.delete",
     "aiplatform.artifacts.get",
@@ -22,6 +37,7 @@
     "aiplatform.batchPredictionJobs.delete",
     "aiplatform.batchPredictionJobs.get",
     "aiplatform.batchPredictionJobs.list",
+    "aiplatform.cacheConfigs.get",
     "aiplatform.consents.get",
     "aiplatform.contexts.addContextArtifactsAndExecutions",
     "aiplatform.contexts.addContextChildren",
@@ -242,6 +258,9 @@
     "aiplatform.schedules.get",
     "aiplatform.schedules.list",
     "aiplatform.schedules.update",
+    "aiplatform.sessions.get",
+    "aiplatform.sessions.list",
+    "aiplatform.sessions.run",
     "aiplatform.specialistPools.create",
     "aiplatform.specialistPools.delete",
     "aiplatform.specialistPools.get",
@@ -293,6 +312,7 @@
     "aiplatform.tuningJobs.delete",
     "aiplatform.tuningJobs.get",
     "aiplatform.tuningJobs.list",
+    "aiplatform.tuningJobs.vertexTune",
     "resourcemanager.projects.get",
     "resourcemanager.projects.list"
   ],

roles/apihub.admin

@@ -1,5 +1,5 @@
 {
-  "description": "Full access to Cloud API Hub Registry and Runtime resources.",
+  "description": "Full access to all API hub resources.",
   "etag": "AA==",
   "includedPermissions": [
     "apihub.apiHubInstances.create",

roles/apihub.attributeAdmin

@@ -1,5 +1,5 @@
 {
-  "description": "API hub attribute admin",
+  "description": "Full access to all Cloud API hub attribute's resources.",
   "etag": "AA==",
   "includedPermissions": [
     "apihub.attributes.create",
@@ -12,5 +12,5 @@
   ],
   "name": "roles/apihub.attributeAdmin",
   "stage": "BETA",
-  "title": "API hub attribute admin"
+  "title": "Cloud API hub Attributes Admin"
 }

roles/apihub.editor

@@ -1,5 +1,5 @@
 {
-  "description": "Edit access to Cloud API Hub Registry resources.",
+  "description": "Edit access to most of Cloud API Hub resources.",
   "etag": "AA==",
   "includedPermissions": [
     "apihub.apiHubInstances.get",
@@ -39,6 +39,8 @@
     "apihub.llmEnablements.list",
     "apihub.llmEnablements.register",
     "apihub.locations.searchResources",
+    "apihub.operations.get",
+    "apihub.operations.list",
     "apihub.plugins.get",
     "apihub.plugins.list",
     "apihub.runTimeProjectAttachments.get",
@@ -50,7 +52,6 @@
     "apihub.specs.list",
     "apihub.specs.update",
     "apihub.styleGuides.get",
-    "apihub.styleGuides.update",
     "apihub.versions.create",
     "apihub.versions.delete",
     "apihub.versions.get",

roles/apihub.pluginAdmin

@@ -1,5 +1,5 @@
 {
-  "description": "API hub plugin admin",
+  "description": "Full access to all Cloud API hub plugin's resources.",
   "etag": "AA==",
   "includedPermissions": [
     "apihub.plugins.disable",
@@ -14,5 +14,5 @@
   ],
   "name": "roles/apihub.pluginAdmin",
   "stage": "BETA",
-  "title": "API hub plugin admin"
+  "title": "Cloud API hub Plugins Admin"
 }

roles/apihub.provisioningAdmin

@@ -1,5 +1,5 @@
 {
-  "description": "API hub all permissions related to provisioning",
+  "description": "Full access to Cloud API hub provisioning related resources.",
   "etag": "AA==",
   "includedPermissions": [
     "apihub.apiHubInstances.create",
@@ -11,6 +11,10 @@
     "apihub.hostProjectRegistrations.get",
     "apihub.hostProjectRegistrations.list",
     "apihub.hostProjectRegistrations.register",
+    "apihub.operations.cancel",
+    "apihub.operations.delete",
+    "apihub.operations.get",
+    "apihub.operations.list",
     "apihub.runTimeProjectAttachments.attach",
     "apihub.runTimeProjectAttachments.create",
     "apihub.runTimeProjectAttachments.delete",
@@ -22,5 +26,5 @@
   ],
   "name": "roles/apihub.provisioningAdmin",
   "stage": "BETA",
-  "title": "API hub all permissions related to provisioning"
+  "title": "Cloud API hub Provisioning Admin"
 }

roles/apihub.runtimeProjectServiceAgent

@@ -5,9 +5,11 @@
     "apigee.deployments.list",
     "apigee.envgroupattachments.list",
     "apigee.envgroups.list",
+    "apigee.environments.get",
+    "apigee.organizations.get",
     "apigee.proxyrevisions.get"
   ],
   "name": "roles/apihub.runtimeProjectServiceAgent",
-  "stage": "ALPHA",
+  "stage": "GA",
   "title": "API-Hub Runtime Project Service Agent"
 }

roles/apihub.viewer

@@ -1,5 +1,5 @@
 {
-  "description": "This role can view all resources in API hub",
+  "description": "View access to all Cloud API hub resources.",
   "etag": "AA==",
   "includedPermissions": [
     "apihub.apiHubInstances.get",
@@ -23,6 +23,8 @@
     "apihub.llmEnablements.get",
     "apihub.llmEnablements.list",
     "apihub.locations.searchResources",
+    "apihub.operations.get",
+    "apihub.operations.list",
     "apihub.plugins.get",
     "apihub.plugins.list",
     "apihub.runTimeProjectAttachments.get",
@@ -37,5 +39,5 @@
   ],
   "name": "roles/apihub.viewer",
   "stage": "BETA",
-  "title": "API hub all resource viewer"
+  "title": "Cloud API hub Viewer"
 }

roles/apim.admin

@@ -26,6 +26,6 @@
     "resourcemanager.projects.list"
   ],
   "name": "roles/apim.admin",
-  "stage": "ALPHA",
+  "stage": "BETA",
   "title": "API Management Admin"
 }

roles/apim.viewer

@@ -18,6 +18,6 @@
     "resourcemanager.projects.list"
   ],
   "name": "roles/apim.viewer",
-  "stage": "ALPHA",
+  "stage": "BETA",
   "title": "API Management Viewer"
 }

roles/auditmanager.serviceAgent

@@ -2,6 +2,7 @@
   "description": "Grants Audit Manager Service Agent access to various list/get rpcs of products to perform an audit.",
   "etag": "AA==",
   "includedPermissions": [
+    "bigquery.datasets.get",
     "cloudasset.assets.analyzeIamPolicy",
     "cloudasset.assets.analyzeMove",
     "cloudasset.assets.analyzeOrgPolicy",

roles/bigquery.studioAdmin

@@ -9,6 +9,7 @@
     "aiplatform.notebookRuntimeTemplates.getIamPolicy",
     "aiplatform.notebookRuntimeTemplates.list",
     "aiplatform.notebookRuntimeTemplates.setIamPolicy",
+    "aiplatform.notebookRuntimeTemplates.update",
     "aiplatform.notebookRuntimes.assign",
     "aiplatform.notebookRuntimes.delete",
     "aiplatform.notebookRuntimes.get",

roles/capacityplanner.viewer

@@ -7,6 +7,7 @@
     "capacityplanner.usageHistories.summarize",
     "cloudquotas.quotas.get",
     "monitoring.timeSeries.list",
+    "resourcemanager.folders.get",
     "resourcemanager.organizations.get",
     "resourcemanager.projects.get",
     "resourcemanager.projects.list",

roles/chronicle.admin

@@ -133,6 +133,7 @@
     "chronicle.instances.generateSoarAuthJwt",
     "chronicle.instances.generateWorkspaceConnectionToken",
     "chronicle.instances.get",
+    "chronicle.instances.logTypeClassifier",
     "chronicle.instances.report",
     "chronicle.iocMatches.get",
     "chronicle.iocMatches.list",

roles/chronicle.restrictedDataAccessViewer

@@ -6,6 +6,10 @@
     "chronicle.ais.translateUdmQuery",
     "chronicle.ais.translateYlRule",
     "chronicle.dataAccessScopes.list",
+    "chronicle.dataTableRows.get",
+    "chronicle.dataTableRows.list",
+    "chronicle.dataTables.get",
+    "chronicle.dataTables.list",
     "chronicle.entities.find",
     "chronicle.entities.findRelatedEntities",
     "chronicle.entities.get",
@@ -24,7 +28,6 @@
     "chronicle.findingsGraphs.initializeGraph",
     "chronicle.instances.generateCollectionAgentAuth",
     "chronicle.instances.generateSoarAuthJwt",
-    "chronicle.instances.generateWorkspaceConnectionToken",
     "chronicle.instances.get",
     "chronicle.instances.report",
     "chronicle.legacies.legacyBatchGetCases",

roles/cloudbuild.serviceAgent

@@ -56,7 +56,10 @@
     "cloudbuild.workerpools.use",
     "compute.firewalls.get",
     "compute.firewalls.list",
+    "compute.networkAttachments.get",
+    "compute.networkAttachments.update",
     "compute.networks.get",
+    "compute.regionOperations.get",
     "compute.subnetworks.get",
     "containeranalysis.notes.attachOccurrence",
     "containeranalysis.notes.create",

roles/clouddeploy.customTargetTypeAdmin

@@ -14,6 +14,6 @@
     "resourcemanager.projects.list"
   ],
   "name": "roles/clouddeploy.customTargetTypeAdmin",
-  "stage": "BETA",
+  "stage": "GA",
   "title": "Cloud Deploy Custom Target Type Admin"
 }

roles/cloudkms.autokeyAdmin

@@ -7,6 +7,6 @@
     "cloudkms.projects.showEffectiveAutokeyConfig"
   ],
   "name": "roles/cloudkms.autokeyAdmin",
-  "stage": "ALPHA",
+  "stage": "BETA",
   "title": "Cloud KMS Autokey Admin"
 }

roles/compute.instanceAdmin

@@ -181,6 +181,7 @@
     "compute.regions.list",
     "compute.reservations.get",
     "compute.reservations.list",
+    "compute.resourcePolicies.list",
     "compute.resourcePolicies.useReadOnly",
     "compute.storagePools.get",
     "compute.storagePools.list",