Fetch all roles

roles/backupdr.backupUser

@@ -2,6 +2,14 @@
   "description": "Allows the user to apply existing backup plans. This role cannot create backup plans or restore from a backup.",
   "etag": "AA==",
   "includedPermissions": [
+    "backupdr.backupPlanAssociations.create",
+    "backupdr.backupPlanAssociations.delete",
+    "backupdr.backupPlanAssociations.get",
+    "backupdr.backupPlanAssociations.list",
+    "backupdr.backupPlanAssociations.triggerBackup",
+    "backupdr.backupPlans.get",
+    "backupdr.backupPlans.list",
+    "backupdr.backupPlans.useComputeInstanceOnly",
     "backupdr.backupVaults.get",
     "backupdr.backupVaults.list",
     "backupdr.bvbackups.get",

roles/backupdr.restoreUser

@@ -9,6 +9,7 @@
     "backupdr.bvbackups.restore",
     "backupdr.bvdataSources.get",
     "backupdr.bvdataSources.list",
+    "backupdr.compute.restoreFromBackupVault",
     "backupdr.locations.get",
     "backupdr.locations.list",
     "backupdr.managementServers.access",

roles/backupdr.user

@@ -2,6 +2,8 @@
   "description": "Provides access to management console. Granular Backup and DR permissions depend on ACL configuration provided by Backup and DR admin within the management console.",
   "etag": "AA==",
   "includedPermissions": [
+    "backupdr.backupPlanAssociations.create",
+    "backupdr.backupPlanAssociations.delete",
     "backupdr.managementServers.access",
     "backupdr.managementServers.backupAccess",
     "backupdr.managementServers.get",

roles/backupdr.userv2

@@ -6,7 +6,6 @@
     "backupdr.backupVaults.list",
     "backupdr.bvbackups.get",
     "backupdr.bvbackups.list",
-    "backupdr.bvbackups.restore",
     "backupdr.bvdataSources.get",
     "backupdr.bvdataSources.list",
     "backupdr.locations.get",

roles/cloudkms.admin

@@ -51,6 +51,7 @@
     "cloudkms.locations.get",
     "cloudkms.locations.list",
     "cloudkms.locations.optOutKeyDeletionMsa",
+    "cloudkms.operations.get",
     "cloudkms.projects.showEffectiveAutokeyConfig",
     "resourcemanager.projects.get"
   ],

roles/connectors.serviceAgent

@@ -14,7 +14,6 @@
     "connectors.customConnectors.list",
     "connectors.endpointAttachments.get",
     "connectors.endpointAttachments.list",
-    "connectors.entities.get",
     "connectors.entityTypes.list",
     "connectors.eventSubscriptions.get",
     "connectors.eventSubscriptions.list",

roles/container.defaultNodeServiceAccount

@@ -10,6 +10,6 @@
     "monitoring.timeSeries.list"
   ],
   "name": "roles/container.defaultNodeServiceAccount",
-  "stage": "GA",
+  "stage": "BETA",
   "title": "Kubernetes Engine Default Node Service Account"
 }

roles/datacatalog.migrationConfigAdmin

@@ -2,11 +2,13 @@
   "description": "Full access to Migration Config",
   "etag": "AA==",
   "includedPermissions": [
+    "datacatalog.migrationConfig.get",
+    "datacatalog.migrationConfig.set",
     "resourcemanager.organizations.get",
     "resourcemanager.projects.get",
     "resourcemanager.projects.list"
   ],
   "name": "roles/datacatalog.migrationConfigAdmin",
-  "stage": "ALPHA",
+  "stage": "BETA",
   "title": "DataCatalog Migration Config Admin"
 }

roles/dataform.viewer

@@ -5,6 +5,7 @@
     "dataform.compilationResults.get",
     "dataform.compilationResults.list",
     "dataform.compilationResults.query",
+    "dataform.config.get",
     "dataform.locations.get",
     "dataform.locations.list",
     "dataform.releaseConfigs.get",

roles/dataproc.worker

@@ -2,6 +2,8 @@
   "description": "Worker access to Dataproc. Intended for service accounts.",
   "etag": "AA==",
   "includedPermissions": [
+    "cloudprofiler.profiles.create",
+    "cloudprofiler.profiles.update",
     "dataproc.agents.create",
     "dataproc.agents.delete",
     "dataproc.agents.get",

roles/managedflink.developer

@@ -1,11 +1,22 @@
 {
-  "description": "Full access to Managed Flink Jobs and read access to Deployments.",
+  "description": "Full access to Managed Flink Jobs and Sessions and read access to Deployments.",
   "etag": "AA==",
   "includedPermissions": [
+    "managedflink.deployments.get",
+    "managedflink.deployments.list",
+    "managedflink.jobs.create",
+    "managedflink.jobs.delete",
+    "managedflink.jobs.get",
+    "managedflink.jobs.list",
+    "managedflink.jobs.update",
+    "managedflink.locations.get",
+    "managedflink.locations.list",
+    "managedflink.operations.get",
+    "managedflink.operations.list",
     "resourcemanager.projects.get",
     "resourcemanager.projects.list"
   ],
   "name": "roles/managedflink.developer",
-  "stage": "ALPHA",
+  "stage": "BETA",
   "title": "Managed Flink Developer"
 }

roles/memorystore.admin

@@ -6,6 +6,6 @@
     "resourcemanager.projects.list"
   ],
   "name": "roles/memorystore.admin",
-  "stage": "BETA",
+  "stage": "ALPHA",
   "title": "Memorystore Admin"
 }

roles/memorystore.dbConnectionUser

@@ -1,7 +1,10 @@
 {
   "description": "Access to connecting to Memorystore Server db.",
   "etag": "AA==",
+  "includedPermissions": [
+    "memorystore.instances.connect"
+  ],
   "name": "roles/memorystore.dbConnectionUser",
-  "stage": "ALPHA",
+  "stage": "BETA",
   "title": "Memorystore DB Connector User"
 }

roles/metastore.migrationAdmin

@@ -40,10 +40,6 @@
     "compute.zones.list",
     "datastream.connectionProfiles.create",
     "datastream.connectionProfiles.delete",
-    "datastream.objects.get",
-    "datastream.objects.list",
-    "datastream.objects.startBackfillJob",
-    "datastream.objects.stopBackfillJob",
     "datastream.operations.get",
     "datastream.privateConnections.create",
     "datastream.privateConnections.delete",

roles/networkmanagement.admin

@@ -2,9 +2,6 @@
   "description": "Full access to Network Management resources.",
   "etag": "AA==",
   "includedPermissions": [
-    "networkmanagement.config.get",
-    "networkmanagement.config.startFreeTrial",
-    "networkmanagement.config.update",
     "networkmanagement.connectivitytests.create",
     "networkmanagement.connectivitytests.delete",
     "networkmanagement.connectivitytests.get",
@@ -19,7 +16,11 @@
     "networkmanagement.operations.delete",
     "networkmanagement.operations.get",
     "networkmanagement.operations.list",
-    "networkmanagement.topologygraphs.read",
+    "networkmanagement.vpcflowlogsconfigs.create",
+    "networkmanagement.vpcflowlogsconfigs.delete",
+    "networkmanagement.vpcflowlogsconfigs.get",
+    "networkmanagement.vpcflowlogsconfigs.list",
+    "networkmanagement.vpcflowlogsconfigs.update",
     "resourcemanager.organizations.get",
     "resourcemanager.projects.get",
     "resourcemanager.projects.list"

roles/owner

@@ -1145,6 +1145,17 @@
     "autoscaling.sites.setIamPolicy",
     "autoscaling.sites.writeMetrics",
     "autoscaling.sites.writeState",
+    "backupdr.backupPlanAssociations.create",
+    "backupdr.backupPlanAssociations.delete",
+    "backupdr.backupPlanAssociations.get",
+    "backupdr.backupPlanAssociations.list",
+    "backupdr.backupPlanAssociations.triggerBackup",
+    "backupdr.backupPlans.create",
+    "backupdr.backupPlans.delete",
+    "backupdr.backupPlans.get",
+    "backupdr.backupPlans.list",
+    "backupdr.backupPlans.useComputeInstanceOnly",
+    "backupdr.backupVaults.associate",
     "backupdr.backupVaults.create",
     "backupdr.backupVaults.delete",
     "backupdr.backupVaults.get",
@@ -1164,6 +1175,7 @@
     "backupdr.bvdataSources.remove",
     "backupdr.bvdataSources.setInternalStatus",
     "backupdr.bvdataSources.update",
+    "backupdr.compute.restoreFromBackupVault",
     "backupdr.locations.get",
     "backupdr.locations.list",
     "backupdr.managementServers.access",
@@ -1351,6 +1363,8 @@
     "beyondcorp.subscriptions.create",
     "beyondcorp.subscriptions.get",
     "beyondcorp.subscriptions.list",
+    "beyondcorp.subscriptions.terminate",
+    "beyondcorp.subscriptions.update",
     "biglake.catalogs.create",
     "biglake.catalogs.delete",
     "biglake.catalogs.get",
@@ -2743,6 +2757,7 @@
     "cloudkms.locations.get",
     "cloudkms.locations.list",
     "cloudkms.locations.optOutKeyDeletionMsa",
+    "cloudkms.operations.get",
     "cloudkms.projects.showEffectiveAutokeyConfig",
     "cloudkms.protectedResources.search",
     "cloudmessaging.messages.create",
@@ -4181,9 +4196,11 @@
     "contactcenterinsights.faqModels.update",
     "contactcenterinsights.feedbackLabels.create",
     "contactcenterinsights.feedbackLabels.delete",
+    "contactcenterinsights.feedbackLabels.download",
     "contactcenterinsights.feedbackLabels.get",
     "contactcenterinsights.feedbackLabels.list",
     "contactcenterinsights.feedbackLabels.update",
+    "contactcenterinsights.feedbackLabels.upload",
     "contactcenterinsights.issueModels.create",
     "contactcenterinsights.issueModels.delete",
     "contactcenterinsights.issueModels.deploy",
@@ -4211,9 +4228,11 @@
     "contactcenterinsights.qaQuestions.list",
     "contactcenterinsights.qaQuestions.update",
     "contactcenterinsights.qaScorecardRevisions.create",
+    "contactcenterinsights.qaScorecardRevisions.delete",
     "contactcenterinsights.qaScorecardRevisions.deploy",
     "contactcenterinsights.qaScorecardRevisions.get",
     "contactcenterinsights.qaScorecardRevisions.list",
+    "contactcenterinsights.qaScorecardRevisions.tune",
     "contactcenterinsights.qaScorecards.create",
     "contactcenterinsights.qaScorecards.delete",
     "contactcenterinsights.qaScorecards.get",
@@ -4746,6 +4765,8 @@
     "datacatalog.entryGroups.setIamPolicy",
     "datacatalog.entryGroups.update",
     "datacatalog.entryGroups.updateTag",
+    "datacatalog.migrationConfig.get",
+    "datacatalog.migrationConfig.set",
     "datacatalog.operations.list",
     "datacatalog.relationships.create",
     "datacatalog.relationships.createBelongsTo",
@@ -4812,6 +4833,8 @@
     "dataform.compilationResults.get",
     "dataform.compilationResults.list",
     "dataform.compilationResults.query",
+    "dataform.config.get",
+    "dataform.config.update",
     "dataform.locations.get",
     "dataform.locations.list",
     "dataform.releaseConfigs.create",
@@ -5634,6 +5657,8 @@
     "dialogflow.webhooks.get",
     "dialogflow.webhooks.list",
     "dialogflow.webhooks.update",
+    "discoveryengine.aclConfigs.get",
+    "discoveryengine.aclConfigs.update",
     "discoveryengine.analytics.acquireDashboardSession",
     "discoveryengine.analytics.refreshDashboardSessionTokens",
     "discoveryengine.answers.get",
@@ -7188,6 +7213,22 @@
     "looker.operations.get",
     "looker.operations.list",
     "lookerstudio.pro.manage",
+    "managedflink.deployments.create",
+    "managedflink.deployments.delete",
+    "managedflink.deployments.get",
+    "managedflink.deployments.list",
+    "managedflink.deployments.update",
+    "managedflink.jobs.create",
+    "managedflink.jobs.delete",
+    "managedflink.jobs.get",
+    "managedflink.jobs.list",
+    "managedflink.jobs.update",
+    "managedflink.locations.get",
+    "managedflink.locations.list",
+    "managedflink.operations.cancel",
+    "managedflink.operations.delete",
+    "managedflink.operations.get",
+    "managedflink.operations.list",
     "managedidentities.backups.create",
     "managedidentities.backups.delete",
     "managedidentities.backups.get",
@@ -7340,6 +7381,18 @@
     "memcache.operations.delete",
     "memcache.operations.get",
     "memcache.operations.list",
+    "memorystore.instances.connect",
+    "memorystore.instances.create",
+    "memorystore.instances.delete",
+    "memorystore.instances.get",
+    "memorystore.instances.list",
+    "memorystore.instances.update",
+    "memorystore.locations.get",
+    "memorystore.locations.list",
+    "memorystore.operations.cancel",
+    "memorystore.operations.delete",
+    "memorystore.operations.get",
+    "memorystore.operations.list",
     "meshconfig.projects.init",
     "metastore.backups.create",
     "metastore.backups.delete",
@@ -7676,9 +7729,6 @@
     "networkconnectivity.spokes.list",
     "networkconnectivity.spokes.setIamPolicy",
     "networkconnectivity.spokes.update",
-    "networkmanagement.config.get",
-    "networkmanagement.config.startFreeTrial",
-    "networkmanagement.config.update",
     "networkmanagement.connectivitytests.create",
     "networkmanagement.connectivitytests.delete",
     "networkmanagement.connectivitytests.get",
@@ -7693,7 +7743,11 @@
     "networkmanagement.operations.delete",
     "networkmanagement.operations.get",
     "networkmanagement.operations.list",
-    "networkmanagement.topologygraphs.read",
+    "networkmanagement.vpcflowlogsconfigs.create",
+    "networkmanagement.vpcflowlogsconfigs.delete",
+    "networkmanagement.vpcflowlogsconfigs.get",
+    "networkmanagement.vpcflowlogsconfigs.list",
+    "networkmanagement.vpcflowlogsconfigs.update",
     "networksecurity.addressGroups.create",
     "networksecurity.addressGroups.delete",
     "networksecurity.addressGroups.get",

roles/servicenetworking.serviceAgent

@@ -6,17 +6,24 @@
     "compute.globalAddresses.list",
     "compute.globalOperations.get",
     "compute.networks.addPeering",
+    "compute.networks.create",
+    "compute.networks.delete",
     "compute.networks.get",
     "compute.networks.list",
     "compute.networks.listPeeringRoutes",
     "compute.networks.removePeering",
+    "compute.networks.update",
     "compute.networks.updatePeering",
     "compute.networks.updatePolicy",
     "compute.projects.get",
     "compute.regionOperations.get",
     "compute.routers.get",
     "compute.routers.list",
     "compute.routes.list",
+    "compute.subnetworks.create",
+    "compute.subnetworks.delete",
+    "compute.subnetworks.get",
+    "compute.subnetworks.list",
     "dns.changes.create",
     "dns.changes.get",
     "dns.changes.list",
@@ -59,6 +66,7 @@
     "dns.responsePolicyRules.get",
     "dns.responsePolicyRules.list",
     "dns.responsePolicyRules.update",
+    "networkconnectivity.internalRanges.list",
     "resourcemanager.projects.get",
     "resourcemanager.projects.list"
   ],