GCP IAM Updates Detected

roles/alloydb.admin

@@ -18,6 +18,7 @@
     "alloydb.clusters.export",
     "alloydb.clusters.generateClientCertificate",
     "alloydb.clusters.get",
+    "alloydb.clusters.import",
     "alloydb.clusters.list",
     "alloydb.clusters.listEffectiveTags",
     "alloydb.clusters.listTagBindings",

roles/compute.networkAdmin

@@ -561,6 +561,8 @@
     "networkconnectivity.serviceConnectionPolicies.get",
     "networkconnectivity.serviceConnectionPolicies.list",
     "networkconnectivity.serviceConnectionPolicies.update",
+    "networkmanagement.connectivitytests.get",
+    "networkmanagement.connectivitytests.list",
     "networksecurity.addressGroups.create",
     "networksecurity.addressGroups.delete",
     "networksecurity.addressGroups.get",

roles/discoveryengine.admin

@@ -4,6 +4,7 @@
   "includedPermissions": [
     "discoveryengine.analytics.acquireDashboardSession",
     "discoveryengine.analytics.refreshDashboardSessionTokens",
+    "discoveryengine.answers.get",
     "discoveryengine.branches.get",
     "discoveryengine.branches.list",
     "discoveryengine.cmekConfigs.get",
@@ -12,6 +13,7 @@
     "discoveryengine.collections.delete",
     "discoveryengine.collections.get",
     "discoveryengine.collections.list",
+    "discoveryengine.completionConfigs.completeQuery",
     "discoveryengine.completionConfigs.get",
     "discoveryengine.completionConfigs.update",
     "discoveryengine.controls.create",
@@ -50,6 +52,9 @@
     "discoveryengine.engines.resume",
     "discoveryengine.engines.tune",
     "discoveryengine.engines.update",
+    "discoveryengine.evaluations.create",
+    "discoveryengine.evaluations.get",
+    "discoveryengine.evaluations.list",
     "discoveryengine.locations.estimateDataSize",
     "discoveryengine.models.create",
     "discoveryengine.models.delete",
@@ -64,20 +69,38 @@
     "discoveryengine.projects.get",
     "discoveryengine.projects.provision",
     "discoveryengine.projects.reportConsentChange",
+    "discoveryengine.rankingConfigs.rank",
+    "discoveryengine.sampleQueries.create",
+    "discoveryengine.sampleQueries.delete",
+    "discoveryengine.sampleQueries.get",
+    "discoveryengine.sampleQueries.import",
+    "discoveryengine.sampleQueries.list",
+    "discoveryengine.sampleQueries.update",
+    "discoveryengine.sampleQuerySets.create",
+    "discoveryengine.sampleQuerySets.delete",
+    "discoveryengine.sampleQuerySets.get",
+    "discoveryengine.sampleQuerySets.list",
+    "discoveryengine.sampleQuerySets.update",
     "discoveryengine.schemas.create",
     "discoveryengine.schemas.delete",
     "discoveryengine.schemas.get",
     "discoveryengine.schemas.list",
     "discoveryengine.schemas.preview",
     "discoveryengine.schemas.update",
     "discoveryengine.schemas.validate",
+    "discoveryengine.servingConfigs.answer",
     "discoveryengine.servingConfigs.create",
     "discoveryengine.servingConfigs.delete",
     "discoveryengine.servingConfigs.get",
     "discoveryengine.servingConfigs.list",
     "discoveryengine.servingConfigs.recommend",
     "discoveryengine.servingConfigs.search",
     "discoveryengine.servingConfigs.update",
+    "discoveryengine.sessions.create",
+    "discoveryengine.sessions.delete",
+    "discoveryengine.sessions.get",
+    "discoveryengine.sessions.list",
+    "discoveryengine.sessions.update",
     "discoveryengine.siteSearchEngines.batchVerifyTargetSites",
     "discoveryengine.siteSearchEngines.disableAdvancedSiteSearch",
     "discoveryengine.siteSearchEngines.enableAdvancedSiteSearch",

roles/discoveryengine.editor

@@ -4,12 +4,14 @@
   "includedPermissions": [
     "discoveryengine.analytics.acquireDashboardSession",
     "discoveryengine.analytics.refreshDashboardSessionTokens",
+    "discoveryengine.answers.get",
     "discoveryengine.branches.get",
     "discoveryengine.branches.list",
     "discoveryengine.cmekConfigs.get",
     "discoveryengine.cmekConfigs.list",
     "discoveryengine.collections.get",
     "discoveryengine.collections.list",
+    "discoveryengine.completionConfigs.completeQuery",
     "discoveryengine.completionConfigs.get",
     "discoveryengine.controls.get",
     "discoveryengine.controls.list",
@@ -34,6 +36,8 @@
     "discoveryengine.engines.pause",
     "discoveryengine.engines.resume",
     "discoveryengine.engines.tune",
+    "discoveryengine.evaluations.get",
+    "discoveryengine.evaluations.list",
     "discoveryengine.models.create",
     "discoveryengine.models.delete",
     "discoveryengine.models.get",
@@ -45,14 +49,32 @@
     "discoveryengine.operations.get",
     "discoveryengine.operations.list",
     "discoveryengine.projects.get",
+    "discoveryengine.rankingConfigs.rank",
+    "discoveryengine.sampleQueries.create",
+    "discoveryengine.sampleQueries.delete",
+    "discoveryengine.sampleQueries.get",
+    "discoveryengine.sampleQueries.import",
+    "discoveryengine.sampleQueries.list",
+    "discoveryengine.sampleQueries.update",
+    "discoveryengine.sampleQuerySets.create",
+    "discoveryengine.sampleQuerySets.delete",
+    "discoveryengine.sampleQuerySets.get",
+    "discoveryengine.sampleQuerySets.list",
+    "discoveryengine.sampleQuerySets.update",
     "discoveryengine.schemas.get",
     "discoveryengine.schemas.list",
     "discoveryengine.schemas.preview",
     "discoveryengine.schemas.validate",
+    "discoveryengine.servingConfigs.answer",
     "discoveryengine.servingConfigs.get",
     "discoveryengine.servingConfigs.list",
     "discoveryengine.servingConfigs.recommend",
     "discoveryengine.servingConfigs.search",
+    "discoveryengine.sessions.create",
+    "discoveryengine.sessions.delete",
+    "discoveryengine.sessions.get",
+    "discoveryengine.sessions.list",
+    "discoveryengine.sessions.update",
     "discoveryengine.siteSearchEngines.get",
     "discoveryengine.targetSites.get",
     "discoveryengine.targetSites.list",

roles/discoveryengine.viewer

@@ -4,12 +4,14 @@
   "includedPermissions": [
     "discoveryengine.analytics.acquireDashboardSession",
     "discoveryengine.analytics.refreshDashboardSessionTokens",
+    "discoveryengine.answers.get",
     "discoveryengine.branches.get",
     "discoveryengine.branches.list",
     "discoveryengine.cmekConfigs.get",
     "discoveryengine.cmekConfigs.list",
     "discoveryengine.collections.get",
     "discoveryengine.collections.list",
+    "discoveryengine.completionConfigs.completeQuery",
     "discoveryengine.completionConfigs.get",
     "discoveryengine.controls.get",
     "discoveryengine.controls.list",
@@ -24,19 +26,29 @@
     "discoveryengine.documents.list",
     "discoveryengine.engines.get",
     "discoveryengine.engines.list",
+    "discoveryengine.evaluations.get",
+    "discoveryengine.evaluations.list",
     "discoveryengine.models.get",
     "discoveryengine.models.list",
     "discoveryengine.operations.get",
     "discoveryengine.operations.list",
     "discoveryengine.projects.get",
+    "discoveryengine.rankingConfigs.rank",
+    "discoveryengine.sampleQueries.get",
+    "discoveryengine.sampleQueries.list",
+    "discoveryengine.sampleQuerySets.get",
+    "discoveryengine.sampleQuerySets.list",
     "discoveryengine.schemas.get",
     "discoveryengine.schemas.list",
     "discoveryengine.schemas.preview",
     "discoveryengine.schemas.validate",
+    "discoveryengine.servingConfigs.answer",
     "discoveryengine.servingConfigs.get",
     "discoveryengine.servingConfigs.list",
     "discoveryengine.servingConfigs.recommend",
     "discoveryengine.servingConfigs.search",
+    "discoveryengine.sessions.get",
+    "discoveryengine.sessions.list",
     "discoveryengine.siteSearchEngines.get",
     "discoveryengine.targetSites.get",
     "discoveryengine.targetSites.list",

roles/editor

@@ -393,6 +393,7 @@
     "alloydb.clusters.export",
     "alloydb.clusters.generateClientCertificate",
     "alloydb.clusters.get",
+    "alloydb.clusters.import",
     "alloydb.clusters.list",
     "alloydb.clusters.listEffectiveTags",
     "alloydb.clusters.listTagBindings",
@@ -4682,6 +4683,7 @@
     "dialogflow.webhooks.update",
     "discoveryengine.analytics.acquireDashboardSession",
     "discoveryengine.analytics.refreshDashboardSessionTokens",
+    "discoveryengine.answers.get",
     "discoveryengine.branches.get",
     "discoveryengine.branches.list",
     "discoveryengine.cmekConfigs.get",
@@ -4690,6 +4692,7 @@
     "discoveryengine.collections.delete",
     "discoveryengine.collections.get",
     "discoveryengine.collections.list",
+    "discoveryengine.completionConfigs.completeQuery",
     "discoveryengine.completionConfigs.get",
     "discoveryengine.completionConfigs.update",
     "discoveryengine.controls.create",
@@ -4728,6 +4731,9 @@
     "discoveryengine.engines.resume",
     "discoveryengine.engines.tune",
     "discoveryengine.engines.update",
+    "discoveryengine.evaluations.create",
+    "discoveryengine.evaluations.get",
+    "discoveryengine.evaluations.list",
     "discoveryengine.locations.estimateDataSize",
     "discoveryengine.models.create",
     "discoveryengine.models.delete",
@@ -4742,20 +4748,38 @@
     "discoveryengine.projects.get",
     "discoveryengine.projects.provision",
     "discoveryengine.projects.reportConsentChange",
+    "discoveryengine.rankingConfigs.rank",
+    "discoveryengine.sampleQueries.create",
+    "discoveryengine.sampleQueries.delete",
+    "discoveryengine.sampleQueries.get",
+    "discoveryengine.sampleQueries.import",
+    "discoveryengine.sampleQueries.list",
+    "discoveryengine.sampleQueries.update",
+    "discoveryengine.sampleQuerySets.create",
+    "discoveryengine.sampleQuerySets.delete",
+    "discoveryengine.sampleQuerySets.get",
+    "discoveryengine.sampleQuerySets.list",
+    "discoveryengine.sampleQuerySets.update",
     "discoveryengine.schemas.create",
     "discoveryengine.schemas.delete",
     "discoveryengine.schemas.get",
     "discoveryengine.schemas.list",
     "discoveryengine.schemas.preview",
     "discoveryengine.schemas.update",
     "discoveryengine.schemas.validate",
+    "discoveryengine.servingConfigs.answer",
     "discoveryengine.servingConfigs.create",
     "discoveryengine.servingConfigs.delete",
     "discoveryengine.servingConfigs.get",
     "discoveryengine.servingConfigs.list",
     "discoveryengine.servingConfigs.recommend",
     "discoveryengine.servingConfigs.search",
     "discoveryengine.servingConfigs.update",
+    "discoveryengine.sessions.create",
+    "discoveryengine.sessions.delete",
+    "discoveryengine.sessions.get",
+    "discoveryengine.sessions.list",
+    "discoveryengine.sessions.update",
     "discoveryengine.siteSearchEngines.batchVerifyTargetSites",
     "discoveryengine.siteSearchEngines.disableAdvancedSiteSearch",
     "discoveryengine.siteSearchEngines.enableAdvancedSiteSearch",
@@ -5756,12 +5780,19 @@
     "iam.googleapis.com/workforcePools.get",
     "iam.googleapis.com/workforcePools.getIamPolicy",
     "iam.googleapis.com/workforcePools.list",
+    "iam.googleapis.com/workforcePools.searchPolicyBindings",
     "iam.googleapis.com/workloadIdentityPoolProviderKeys.get",
     "iam.googleapis.com/workloadIdentityPoolProviderKeys.list",
     "iam.googleapis.com/workloadIdentityPoolProviders.get",
     "iam.googleapis.com/workloadIdentityPoolProviders.list",
     "iam.googleapis.com/workloadIdentityPools.get",
     "iam.googleapis.com/workloadIdentityPools.list",
+    "iam.googleapis.com/workspacePools.searchPolicyBindings",
+    "iam.policybindings.get",
+    "iam.policybindings.list",
+    "iam.principalaccessboundarypolicies.get",
+    "iam.principalaccessboundarypolicies.list",
+    "iam.principalaccessboundarypolicies.searchPolicyBindings",
     "iam.roles.get",
     "iam.roles.list",
     "iam.serviceAccountKeys.create",
@@ -5779,6 +5810,7 @@
     "iam.serviceAccounts.getIamPolicy",
     "iam.serviceAccounts.list",
     "iam.serviceAccounts.update",
+    "iam.workloadIdentityPools.searchPolicyBindings",
     "iap.projects.getSettings",
     "iap.projects.updateSettings",
     "iap.tunnelDestGroups.create",
@@ -6739,6 +6771,8 @@
     "oauthconfig.verification.get",
     "oauthconfig.verification.submit",
     "oauthconfig.verification.update",
+    "observability.scopes.get",
+    "observability.scopes.update",
     "ondemandscanning.operations.cancel",
     "ondemandscanning.operations.delete",
     "ondemandscanning.operations.get",
@@ -7380,14 +7414,17 @@
     "remotebuildexecution.workerpools.get",
     "remotebuildexecution.workerpools.list",
     "remotebuildexecution.workerpools.update",
+    "resourcemanager.folders.searchPolicyBinding",
     "resourcemanager.hierarchyNodes.createTagBinding",
     "resourcemanager.hierarchyNodes.deleteTagBinding",
     "resourcemanager.hierarchyNodes.listEffectiveTags",
     "resourcemanager.hierarchyNodes.listTagBindings",
+    "resourcemanager.organizations.searchPolicyBinding",
     "resourcemanager.projects.get",
     "resourcemanager.projects.getIamPolicy",
     "resourcemanager.projects.list",
     "resourcemanager.projects.move",
+    "resourcemanager.projects.searchPolicyBinding",
     "resourcemanager.projects.update",
     "resourcemanager.tagHolds.create",
     "resourcemanager.tagHolds.delete",

roles/firebasedataconnect.viewer

@@ -20,6 +20,6 @@
     "resourcemanager.projects.list"
   ],
   "name": "roles/firebasedataconnect.viewer",
-  "stage": "ALPHA",
+  "stage": "BETA",
   "title": "Firebase Data Connect API Viewer"
 }

roles/iam.operationViewer

@@ -0,0 +1,10 @@
+{
+  "description": "Operation user role, with permissions to view and list operations in IAM v3",
+  "etag": "AA==",
+  "includedPermissions": [
+    "iam.operations.get"
+  ],
+  "name": "roles/iam.operationViewer",
+  "stage": "ALPHA",
+  "title": "IAM Operation Viewer"
+}

roles/iam.principalAccessBoundaryAdmin

@@ -1,6 +1,16 @@
 {
   "description": "Principal Access Boundary admin role, with permissions to read and modify principal access boundary policies, and to bind and unbind principal access boundary policies to targets",
   "etag": "AA==",
+  "includedPermissions": [
+    "iam.principalaccessboundarypolicies.bind",
+    "iam.principalaccessboundarypolicies.create",
+    "iam.principalaccessboundarypolicies.delete",
+    "iam.principalaccessboundarypolicies.get",
+    "iam.principalaccessboundarypolicies.list",
+    "iam.principalaccessboundarypolicies.searchPolicyBindings",
+    "iam.principalaccessboundarypolicies.unbind",
+    "iam.principalaccessboundarypolicies.update"
+  ],
   "name": "roles/iam.principalAccessBoundaryAdmin",
   "stage": "BETA",
   "title": "Principal Access Boundary Policy Admin"

roles/iam.principalAccessBoundaryUser

@@ -1,6 +1,12 @@
 {
   "description": "Principal Access Boundary Policies user role, with permissions to view principal access boundary policies, and to bind and unbind principal access boundary policies to targets",
   "etag": "AA==",
+  "includedPermissions": [
+    "iam.principalaccessboundarypolicies.bind",
+    "iam.principalaccessboundarypolicies.get",
+    "iam.principalaccessboundarypolicies.list",
+    "iam.principalaccessboundarypolicies.unbind"
+  ],
   "name": "roles/iam.principalAccessBoundaryUser",
   "stage": "BETA",
   "title": "Principal Access Boundary Policy User"

roles/iam.principalAccessBoundaryViewer

@@ -1,6 +1,11 @@
 {
   "description": "Principal Access Boundary Reviewer role, with permissions to read principal access boundary policies and view associated policy bindings",
   "etag": "AA==",
+  "includedPermissions": [
+    "iam.principalaccessboundarypolicies.get",
+    "iam.principalaccessboundarypolicies.list",
+    "iam.principalaccessboundarypolicies.searchPolicyBindings"
+  ],
   "name": "roles/iam.principalAccessBoundaryViewer",
   "stage": "BETA",
   "title": "Principal Access Boundary Policy Viewer"

roles/iam.securityAdmin

@@ -1114,10 +1114,14 @@
     "discoveryengine.dataStores.list",
     "discoveryengine.documents.list",
     "discoveryengine.engines.list",
+    "discoveryengine.evaluations.list",
     "discoveryengine.models.list",
     "discoveryengine.operations.list",
+    "discoveryengine.sampleQueries.list",
+    "discoveryengine.sampleQuerySets.list",
     "discoveryengine.schemas.list",
     "discoveryengine.servingConfigs.list",
+    "discoveryengine.sessions.list",
     "discoveryengine.targetSites.list",
     "dlp.analyzeRiskTemplates.list",
     "dlp.columnDataProfiles.list",
@@ -1371,6 +1375,8 @@
     "iam.googleapis.com/workloadIdentityPoolProviderKeys.list",
     "iam.googleapis.com/workloadIdentityPoolProviders.list",
     "iam.googleapis.com/workloadIdentityPools.list",
+    "iam.policybindings.list",
+    "iam.principalaccessboundarypolicies.list",
     "iam.roles.get",
     "iam.roles.list",
     "iam.serviceAccountKeys.list",