Fetch all roles

roles/anthossupport.serviceAgent

@@ -13,6 +13,8 @@
     "gkehub.locations.list",
     "gkehub.membershipbindings.get",
     "gkehub.membershipbindings.list",
+    "gkehub.membershipfeatures.get",
+    "gkehub.membershipfeatures.list",
     "gkehub.memberships.generateConnectManifest",
     "gkehub.memberships.get",
     "gkehub.memberships.getIamPolicy",

roles/appengine.appAdmin

@@ -25,6 +25,7 @@
     "appengine.versions.get",
     "appengine.versions.list",
     "appengine.versions.update",
+    "artifactregistry.projectsettings.get",
     "resourcemanager.projects.get",
     "resourcemanager.projects.list"
   ],

roles/appengine.codeViewer

@@ -13,6 +13,7 @@
     "appengine.versions.get",
     "appengine.versions.getFileContents",
     "appengine.versions.list",
+    "artifactregistry.projectsettings.get",
     "resourcemanager.projects.get",
     "resourcemanager.projects.list"
   ],

roles/appengine.serviceAdmin

@@ -17,6 +17,7 @@
     "appengine.versions.get",
     "appengine.versions.list",
     "appengine.versions.update",
+    "artifactregistry.projectsettings.get",
     "resourcemanager.projects.get",
     "resourcemanager.projects.list"
   ],

roles/appengineflex.serviceAgent

@@ -2,6 +2,10 @@
   "description": "Can edit and manage App Engine Flexible Environment apps. Includes access to service accounts.",
   "etag": "AA==",
   "includedPermissions": [
+    "artifactregistry.projectsettings.get",
+    "artifactregistry.repositories.create",
+    "artifactregistry.repositories.get",
+    "artifactregistry.repositories.uploadArtifacts",
     "billing.accounts.get",
     "cloudbuild.builds.create",
     "cloudbuild.builds.get",
@@ -154,6 +158,7 @@
     "resourcemanager.projects.get",
     "resourcemanager.projects.getIamPolicy",
     "resourcemanager.projects.setIamPolicy",
+    "serviceusage.services.enable",
     "storage.buckets.create",
     "storage.buckets.delete",
     "storage.buckets.get",

roles/auditmanager.ccfAdmin

@@ -0,0 +1,7 @@
+{
+  "description": "Full access to Custom Compliance Framework resources.",
+  "etag": "AA==",
+  "name": "roles/auditmanager.ccfAdmin",
+  "stage": "ALPHA",
+  "title": "Custom Compliance Framework Admin"
+}

roles/auditmanager.ccfViewer

@@ -0,0 +1,17 @@
+{
+  "description": "Allows viewing Custom Compliance Framework resources.",
+  "etag": "AA==",
+  "includedPermissions": [
+    "auditmanager.billingSettings.get",
+    "auditmanager.customComplianceFrameworks.get",
+    "auditmanager.customComplianceFrameworks.list",
+    "auditmanager.locations.get",
+    "auditmanager.locations.list",
+    "auditmanager.operations.get",
+    "auditmanager.operations.list",
+    "resourcemanager.organizations.get"
+  ],
+  "name": "roles/auditmanager.ccfViewer",
+  "stage": "BETA",
+  "title": "Custom Compliance Framework Viewer"
+}

roles/backupdr.admin

@@ -81,6 +81,7 @@
     "backupdr.operations.delete",
     "backupdr.operations.get",
     "backupdr.operations.list",
+    "backupdr.serviceConfig.initialize",
     "resourcemanager.projects.get",
     "resourcemanager.projects.list"
   ],

roles/batch.serviceAgent

@@ -6,7 +6,15 @@
     "backupdr.backupPlanAssociations.deleteForComputeInstance",
     "backupdr.backupPlanAssociations.list",
     "backupdr.backupPlanAssociations.triggerBackupForComputeInstance",
+    "backupdr.backupPlans.get",
+    "backupdr.backupPlans.list",
     "backupdr.backupPlans.useForComputeInstance",
+    "backupdr.backupVaults.get",
+    "backupdr.backupVaults.list",
+    "backupdr.locations.list",
+    "backupdr.operations.get",
+    "backupdr.operations.list",
+    "backupdr.serviceConfig.initialize",
     "compute.acceleratorTypes.get",
     "compute.acceleratorTypes.list",
     "compute.addresses.createInternal",
@@ -315,6 +323,8 @@
     "compute.regionUrlMaps.listTagBindings",
     "compute.regions.get",
     "compute.regions.list",
+    "compute.reservationBlocks.get",
+    "compute.reservationBlocks.list",
     "compute.reservations.get",
     "compute.reservations.list",
     "compute.resourcePolicies.create",

roles/bigquery.admin

@@ -68,6 +68,7 @@
     "bigquery.reservations.delete",
     "bigquery.reservations.get",
     "bigquery.reservations.list",
+    "bigquery.reservations.listFailoverDatasets",
     "bigquery.reservations.update",
     "bigquery.routines.create",
     "bigquery.routines.delete",

roles/bigquery.resourceEditor

@@ -17,6 +17,7 @@
     "bigquery.reservations.delete",
     "bigquery.reservations.get",
     "bigquery.reservations.list",
+    "bigquery.reservations.listFailoverDatasets",
     "bigquery.reservations.update",
     "resourcemanager.projects.get",
     "resourcemanager.projects.list"

roles/bigquery.resourceViewer

@@ -13,6 +13,7 @@
     "bigquery.reservationAssignments.search",
     "bigquery.reservations.get",
     "bigquery.reservations.list",
+    "bigquery.reservations.listFailoverDatasets",
     "resourcemanager.projects.get",
     "resourcemanager.projects.list"
   ],

roles/bigquery.studioAdmin

@@ -1,5 +1,5 @@
 {
-  "description": "Combination role of BigQuery Admin, Dataform Admin, and Notebook Runtime Admin.",
+  "description": "Combination role of BigQuery Admin, Dataform Admin, Notebook Runtime Admin and Dataproc Serverless Editor.",
   "etag": "AA==",
   "includedPermissions": [
     "aiplatform.notebookRuntimeTemplates.apply",
@@ -84,6 +84,7 @@
     "bigquery.reservations.delete",
     "bigquery.reservations.get",
     "bigquery.reservations.list",
+    "bigquery.reservations.listFailoverDatasets",
     "bigquery.reservations.update",
     "bigquery.routines.create",
     "bigquery.routines.delete",
@@ -129,8 +130,13 @@
     "bigquery.transfers.get",
     "bigquery.transfers.update",
     "bigquerymigration.translation.translate",
+    "compute.projects.get",
+    "compute.regions.get",
+    "compute.regions.list",
     "compute.reservations.get",
     "compute.reservations.list",
+    "compute.zones.get",
+    "compute.zones.list",
     "dataform.compilationResults.create",
     "dataform.compilationResults.get",
     "dataform.compilationResults.list",
@@ -192,6 +198,45 @@
     "dataform.workspaces.setIamPolicy",
     "dataform.workspaces.writeFile",
     "dataplex.projects.search",
+    "dataproc.batches.analyze",
+    "dataproc.batches.cancel",
+    "dataproc.batches.create",
+    "dataproc.batches.delete",
+    "dataproc.batches.get",
+    "dataproc.batches.list",
+    "dataproc.operations.cancel",
+    "dataproc.operations.delete",
+    "dataproc.operations.get",
+    "dataproc.operations.list",
+    "dataproc.sessionTemplates.create",
+    "dataproc.sessionTemplates.delete",
+    "dataproc.sessionTemplates.get",
+    "dataproc.sessionTemplates.list",
+    "dataproc.sessionTemplates.update",
+    "dataproc.sessions.create",
+    "dataproc.sessions.delete",
+    "dataproc.sessions.get",
+    "dataproc.sessions.list",
+    "dataproc.sessions.sparkApplicationRead",
+    "dataproc.sessions.sparkApplicationWrite",
+    "dataproc.sessions.terminate",
+    "dataprocrm.nodePools.create",
+    "dataprocrm.nodePools.delete",
+    "dataprocrm.nodePools.deleteNodes",
+    "dataprocrm.nodePools.get",
+    "dataprocrm.nodePools.list",
+    "dataprocrm.nodePools.resize",
+    "dataprocrm.nodes.get",
+    "dataprocrm.nodes.heartbeat",
+    "dataprocrm.nodes.list",
+    "dataprocrm.nodes.update",
+    "dataprocrm.operations.get",
+    "dataprocrm.operations.list",
+    "dataprocrm.workloads.cancel",
+    "dataprocrm.workloads.create",
+    "dataprocrm.workloads.delete",
+    "dataprocrm.workloads.get",
+    "dataprocrm.workloads.list",
     "resourcemanager.projects.get",
     "resourcemanager.projects.list"
   ],

roles/bigquery.studioUser

@@ -1,5 +1,5 @@
 {
-  "description": "Combination role of BigQuery Job User, BigQuery Read Session User, Dataform Code Creator, and Notebook Runtime User.",
+  "description": "Combination role of BigQuery Job User, BigQuery Read Session User, Dataform Code Creator, Notebook Runtime User and Dataproc Serverless Editor.",
   "etag": "AA==",
   "includedPermissions": [
     "aiplatform.notebookRuntimeTemplates.apply",
@@ -15,11 +15,55 @@
     "bigquery.readsessions.create",
     "bigquery.readsessions.getData",
     "bigquery.readsessions.update",
+    "compute.projects.get",
+    "compute.regions.get",
+    "compute.regions.list",
+    "compute.zones.get",
+    "compute.zones.list",
     "dataform.locations.get",
     "dataform.locations.list",
     "dataform.repositories.create",
     "dataform.repositories.list",
     "dataplex.projects.search",
+    "dataproc.batches.analyze",
+    "dataproc.batches.cancel",
+    "dataproc.batches.create",
+    "dataproc.batches.delete",
+    "dataproc.batches.get",
+    "dataproc.batches.list",
+    "dataproc.operations.cancel",
+    "dataproc.operations.delete",
+    "dataproc.operations.get",
+    "dataproc.operations.list",
+    "dataproc.sessionTemplates.create",
+    "dataproc.sessionTemplates.delete",
+    "dataproc.sessionTemplates.get",
+    "dataproc.sessionTemplates.list",
+    "dataproc.sessionTemplates.update",
+    "dataproc.sessions.create",
+    "dataproc.sessions.delete",
+    "dataproc.sessions.get",
+    "dataproc.sessions.list",
+    "dataproc.sessions.sparkApplicationRead",
+    "dataproc.sessions.sparkApplicationWrite",
+    "dataproc.sessions.terminate",
+    "dataprocrm.nodePools.create",
+    "dataprocrm.nodePools.delete",
+    "dataprocrm.nodePools.deleteNodes",
+    "dataprocrm.nodePools.get",
+    "dataprocrm.nodePools.list",
+    "dataprocrm.nodePools.resize",
+    "dataprocrm.nodes.get",
+    "dataprocrm.nodes.heartbeat",
+    "dataprocrm.nodes.list",
+    "dataprocrm.nodes.update",
+    "dataprocrm.operations.get",
+    "dataprocrm.operations.list",
+    "dataprocrm.workloads.cancel",
+    "dataprocrm.workloads.create",
+    "dataprocrm.workloads.delete",
+    "dataprocrm.workloads.get",
+    "dataprocrm.workloads.list",
     "resourcemanager.projects.get",
     "resourcemanager.projects.list"
   ],

roles/bigquery.user

@@ -19,6 +19,7 @@
     "bigquery.reservationAssignments.search",
     "bigquery.reservations.get",
     "bigquery.reservations.list",
+    "bigquery.reservations.listFailoverDatasets",
     "bigquery.routines.list",
     "bigquery.savedqueries.get",
     "bigquery.savedqueries.list",

roles/bigquerymigration.editor

@@ -2,12 +2,13 @@
   "description": "Editor of EDW migration workflows.",
   "etag": "AA==",
   "includedPermissions": [
-    "bigquerymigration.locations.get",
-    "bigquerymigration.locations.list",
     "bigquerymigration.subtasks.get",
     "bigquerymigration.subtasks.list",
     "bigquerymigration.workflows.create",
     "bigquerymigration.workflows.delete",
+    "bigquerymigration.workflows.enableAiOutputTypes",
+    "bigquerymigration.workflows.enableLineageOutputTypes",
+    "bigquerymigration.workflows.enableOutputTypePermissions",
     "bigquerymigration.workflows.get",
     "bigquerymigration.workflows.list",
     "bigquerymigration.workflows.update"

roles/bigquerymigration.orchestrator

@@ -2,9 +2,6 @@
   "description": "Orchestrator of EDW migration tasks.",
   "etag": "AA==",
   "includedPermissions": [
-    "bigquerymigration.subtasks.create",
-    "bigquerymigration.taskTypes.orchestrateTask",
-    "bigquerymigration.taskTypes.writeLogs",
     "bigquerymigration.workflows.orchestrateTask",
     "storage.objects.list"
   ],

roles/bigquerymigration.viewer

@@ -2,8 +2,6 @@
   "description": "Viewer of EDW migration MigrationWorkflow.",
   "etag": "AA==",
   "includedPermissions": [
-    "bigquerymigration.locations.get",
-    "bigquerymigration.locations.list",
     "bigquerymigration.subtasks.get",
     "bigquerymigration.subtasks.list",
     "bigquerymigration.workflows.get",

roles/billing.viewer

@@ -10,6 +10,9 @@
     "billing.accounts.getSpendingInformation",
     "billing.accounts.getUsageExportSpec",
     "billing.accounts.list",
+    "billing.anomalies.get",
+    "billing.anomalies.list",
+    "billing.anomaliesConfigs.get",
     "billing.billingAccountPrice.get",
     "billing.billingAccountPrices.list",
     "billing.billingAccountServices.get",

roles/cloudsql.admin

@@ -2,7 +2,11 @@
   "description": "Full control of Cloud SQL resources.",
   "etag": "AA==",
   "includedPermissions": [
+    "cloudaicompanion.companions.generateChat",
+    "cloudaicompanion.companions.generateCode",
     "cloudaicompanion.entitlements.get",
+    "cloudaicompanion.instances.completeCode",
+    "cloudaicompanion.instances.generateCode",
     "cloudsql.backupRuns.create",
     "cloudsql.backupRuns.delete",
     "cloudsql.backupRuns.get",

roles/cloudsql.studioUser

@@ -2,6 +2,10 @@
   "description": "Role allowing access to Cloud SQL Studio",
   "etag": "AA==",
   "includedPermissions": [
+    "cloudaicompanion.companions.generateChat",
+    "cloudaicompanion.companions.generateCode",
+    "cloudaicompanion.instances.completeCode",
+    "cloudaicompanion.instances.generateCode",
     "cloudsql.databases.list",
     "cloudsql.instances.executeSql",
     "cloudsql.instances.get",

roles/commerceorggovernance.admin

@@ -20,6 +20,8 @@
     "commerceorggovernance.services.get",
     "commerceorggovernance.services.list",
     "commerceorggovernance.services.request",
+    "consumerprocurement.entitlements.get",
+    "consumerprocurement.entitlements.list",
     "resourcemanager.projects.get",
     "resourcemanager.projects.list"
   ],

roles/commerceorggovernance.user

@@ -5,6 +5,8 @@
     "commerceorggovernance.services.get",
     "commerceorggovernance.services.list",
     "commerceorggovernance.services.request",
+    "consumerprocurement.entitlements.get",
+    "consumerprocurement.entitlements.list",
     "resourcemanager.projects.get",
     "resourcemanager.projects.list"
   ],