From 5554b749deeb42a5d92deb80f5d519aa85247930 Mon Sep 17 00:00:00 2001 From: bgeesaman Date: Wed, 17 Aug 2022 01:27:40 +0000 Subject: [PATCH] Fetch all roles --- gcp_roles_cai.json | 12 ++++++------ roles/analyticshub.admin | 2 +- roles/analyticshub.listingAdmin | 2 +- roles/automlrecommendations.serviceAgent | 1 + roles/iam.workforcePoolAdmin | 2 +- roles/retail.serviceAgent | 1 + roles/securedlandingzone.bqdwOrgRemediator | 2 +- 7 files changed, 12 insertions(+), 10 deletions(-) diff --git a/gcp_roles_cai.json b/gcp_roles_cai.json index 2a4c02dd..31a86907 100644 --- a/gcp_roles_cai.json +++ b/gcp_roles_cai.json @@ -29,8 +29,8 @@ {"description":"Connectivity access to Cloud AlloyDB instances.","etag":"AA==","includedPermissions":["alloydb.clusters.generateClientCertificate","alloydb.clusters.get","alloydb.instances.connect","alloydb.instances.get","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/alloydb.client","stage":"BETA","title":"Cloud AlloyDB Client","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Gives the AlloyDB service account permission to manage customer resources","etag":"AA==","includedPermissions":["alloydb.clusters.list"],"name":"roles/alloydb.serviceAgent","stage":"GA","title":"AlloyDB Service Agent","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Read-only access to Cloud AlloyDB all resources.","etag":"AA==","includedPermissions":["alloydb.backups.get","alloydb.backups.list","alloydb.clusters.get","alloydb.clusters.list","alloydb.instances.get","alloydb.instances.list","alloydb.locations.get","alloydb.locations.list","alloydb.operations.get","alloydb.operations.list","alloydb.supportedDatabaseFlags.get","alloydb.supportedDatabaseFlags.list","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/alloydb.viewer","stage":"BETA","title":"Cloud AlloyDB Viewer","asset_type":"iam.googleapis.com/ExportedIAMRole"} -{"description":"Administer Data Exchanges and Listings","etag":"AA==","includedPermissions":["analyticshub.dataExchanges.create","analyticshub.dataExchanges.delete","analyticshub.dataExchanges.get","analyticshub.dataExchanges.getIamPolicy","analyticshub.dataExchanges.list","analyticshub.dataExchanges.setIamPolicy","analyticshub.dataExchanges.update","analyticshub.listings.create","analyticshub.listings.delete","analyticshub.listings.get","analyticshub.listings.getIamPolicy","analyticshub.listings.list","analyticshub.listings.setIamPolicy","analyticshub.listings.update","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/analyticshub.admin","stage":"GA","title":"Analytics Hub Admin","asset_type":"iam.googleapis.com/ExportedIAMRole"} -{"description":"Grants full control over the Listing, including updating, deleting and setting ACLs","etag":"AA==","includedPermissions":["analyticshub.dataExchanges.get","analyticshub.dataExchanges.getIamPolicy","analyticshub.dataExchanges.list","analyticshub.listings.delete","analyticshub.listings.get","analyticshub.listings.getIamPolicy","analyticshub.listings.list","analyticshub.listings.setIamPolicy","analyticshub.listings.update","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/analyticshub.listingAdmin","stage":"BETA","title":"Analytics Hub Listing Admin","asset_type":"iam.googleapis.com/ExportedIAMRole"} +{"description":"Administer Data Exchanges and Listings","etag":"AA==","includedPermissions":["analyticshub.dataExchanges.create","analyticshub.dataExchanges.delete","analyticshub.dataExchanges.get","analyticshub.dataExchanges.getIamPolicy","analyticshub.dataExchanges.list","analyticshub.dataExchanges.setIamPolicy","analyticshub.dataExchanges.update","analyticshub.listings.create","analyticshub.listings.delete","analyticshub.listings.get","analyticshub.listings.getIamPolicy","analyticshub.listings.list","analyticshub.listings.setIamPolicy","analyticshub.listings.update","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/analyticshub.admin","stage":"BETA","title":"Analytics Hub Admin","asset_type":"iam.googleapis.com/ExportedIAMRole"} +{"description":"Grants full control over the Listing, including updating, deleting and setting ACLs","etag":"AA==","includedPermissions":["analyticshub.dataExchanges.get","analyticshub.dataExchanges.getIamPolicy","analyticshub.dataExchanges.list","analyticshub.listings.delete","analyticshub.listings.get","analyticshub.listings.getIamPolicy","analyticshub.listings.list","analyticshub.listings.setIamPolicy","analyticshub.listings.update","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/analyticshub.listingAdmin","stage":"GA","title":"Analytics Hub Listing Admin","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Can publish to Data Exchanges thus creating Listings","etag":"AA==","includedPermissions":["analyticshub.dataExchanges.get","analyticshub.dataExchanges.getIamPolicy","analyticshub.dataExchanges.list","analyticshub.listings.create","analyticshub.listings.get","analyticshub.listings.getIamPolicy","analyticshub.listings.list","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/analyticshub.publisher","stage":"GA","title":"Analytics Hub Publisher","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Can browse Data Exchanges and subscribe to Listings","etag":"AA==","includedPermissions":["analyticshub.dataExchanges.get","analyticshub.dataExchanges.getIamPolicy","analyticshub.dataExchanges.list","analyticshub.listings.get","analyticshub.listings.getIamPolicy","analyticshub.listings.list","analyticshub.listings.subscribe","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/analyticshub.subscriber","stage":"GA","title":"Analytics Hub Subscriber","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Can browse Data Exchanges and Listings","etag":"AA==","includedPermissions":["analyticshub.dataExchanges.get","analyticshub.dataExchanges.getIamPolicy","analyticshub.dataExchanges.list","analyticshub.listings.get","analyticshub.listings.getIamPolicy","analyticshub.listings.list","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/analyticshub.viewer","stage":"GA","title":"Analytics Hub Viewer","asset_type":"iam.googleapis.com/ExportedIAMRole"} @@ -93,7 +93,7 @@ {"description":"Full access to all Recommendations AI resources.","etag":"AA==","includedPermissions":["automlrecommendations.apiKeys.create","automlrecommendations.apiKeys.delete","automlrecommendations.apiKeys.list","automlrecommendations.catalogItems.create","automlrecommendations.catalogItems.delete","automlrecommendations.catalogItems.get","automlrecommendations.catalogItems.list","automlrecommendations.catalogItems.update","automlrecommendations.catalogs.getStats","automlrecommendations.catalogs.list","automlrecommendations.catalogs.update","automlrecommendations.eventStores.getStats","automlrecommendations.events.create","automlrecommendations.events.list","automlrecommendations.events.purge","automlrecommendations.events.rejoin","automlrecommendations.placements.create","automlrecommendations.placements.delete","automlrecommendations.placements.getStats","automlrecommendations.placements.list","automlrecommendations.recommendations.create","automlrecommendations.recommendations.delete","automlrecommendations.recommendations.list","automlrecommendations.recommendations.pause","automlrecommendations.recommendations.resume","automlrecommendations.recommendations.update","resourcemanager.projects.get","resourcemanager.projects.list","retail.catalogs.list","retail.catalogs.update","retail.operations.get","retail.operations.list","retail.placements.predict","retail.placements.search","retail.products.create","retail.products.delete","retail.products.export","retail.products.get","retail.products.import","retail.products.list","retail.products.update","retail.retailProjects.get","retail.userEvents.create","retail.userEvents.import","retail.userEvents.purge","retail.userEvents.rejoin","serviceusage.services.get","serviceusage.services.list"],"name":"roles/automlrecommendations.admin","stage":"BETA","title":"Recommendations AI Admin","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Viewer of all Recommendations AI resources.","etag":"AA==","includedPermissions":["automlrecommendations.apiKeys.list","automlrecommendations.catalogItems.get","automlrecommendations.catalogItems.list","automlrecommendations.catalogs.getStats","automlrecommendations.catalogs.list","automlrecommendations.eventStores.getStats","automlrecommendations.events.list","automlrecommendations.placements.getStats","automlrecommendations.placements.list","automlrecommendations.recommendations.list","resourcemanager.projects.get","resourcemanager.projects.list","retail.catalogs.list","retail.operations.get","retail.operations.list","retail.placements.predict","retail.placements.search","retail.products.export","retail.products.get","retail.products.list","retail.retailProjects.get","serviceusage.services.get","serviceusage.services.list"],"name":"roles/automlrecommendations.adminViewer","stage":"BETA","title":"Recommendations AI Admin Viewer","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Editor of all Recommendations AI resources.","etag":"AA==","includedPermissions":["automlrecommendations.apiKeys.create","automlrecommendations.apiKeys.list","automlrecommendations.catalogItems.create","automlrecommendations.catalogItems.delete","automlrecommendations.catalogItems.get","automlrecommendations.catalogItems.list","automlrecommendations.catalogItems.update","automlrecommendations.catalogs.getStats","automlrecommendations.catalogs.list","automlrecommendations.eventStores.getStats","automlrecommendations.events.create","automlrecommendations.events.list","automlrecommendations.placements.create","automlrecommendations.placements.getStats","automlrecommendations.placements.list","automlrecommendations.recommendations.create","automlrecommendations.recommendations.list","automlrecommendations.recommendations.pause","automlrecommendations.recommendations.resume","automlrecommendations.recommendations.update","resourcemanager.projects.get","resourcemanager.projects.list","retail.catalogs.list","retail.catalogs.update","retail.operations.get","retail.operations.list","retail.placements.predict","retail.placements.search","retail.products.create","retail.products.delete","retail.products.export","retail.products.get","retail.products.import","retail.products.list","retail.products.update","retail.retailProjects.get","retail.userEvents.create","retail.userEvents.import","serviceusage.services.get","serviceusage.services.list"],"name":"roles/automlrecommendations.editor","stage":"BETA","title":"Recommendations AI Editor","asset_type":"iam.googleapis.com/ExportedIAMRole"} -{"description":"Recommendations AI service uploads catalog feeds from Cloud Storage, reports results to the customer Cloud Storage bucket, writes logs to customer projects, and writes and reads Stackdriver metrics for customer projects.","etag":"AA==","includedPermissions":["bigquery.datasets.create","bigquery.datasets.get","bigquery.jobs.create","bigquery.jobs.get","bigquery.jobs.list","bigquery.jobs.update","bigquery.tables.create","bigquery.tables.export","bigquery.tables.get","bigquery.tables.getData","bigquery.tables.list","bigquery.tables.updateData","cloudnotifications.activities.list","dataflow.jobs.cancel","dataflow.jobs.create","dataflow.jobs.get","dataflow.jobs.list","dataflow.jobs.snapshot","dataflow.jobs.updateContents","dataflow.messages.list","dataflow.metrics.get","logging.logEntries.create","monitoring.alertPolicies.get","monitoring.alertPolicies.list","monitoring.dashboards.get","monitoring.dashboards.list","monitoring.groups.get","monitoring.groups.list","monitoring.metricDescriptors.create","monitoring.metricDescriptors.get","monitoring.metricDescriptors.list","monitoring.monitoredResourceDescriptors.get","monitoring.monitoredResourceDescriptors.list","monitoring.notificationChannelDescriptors.get","monitoring.notificationChannelDescriptors.list","monitoring.notificationChannels.get","monitoring.notificationChannels.list","monitoring.publicWidgets.get","monitoring.publicWidgets.list","monitoring.services.get","monitoring.services.list","monitoring.slos.get","monitoring.slos.list","monitoring.timeSeries.create","monitoring.timeSeries.list","monitoring.uptimeCheckConfigs.get","monitoring.uptimeCheckConfigs.list","opsconfigmonitoring.resourceMetadata.list","resourcemanager.projects.get","resourcemanager.projects.list","stackdriver.projects.get","storage.buckets.create","storage.buckets.get","storage.objects.create","storage.objects.delete","storage.objects.get","storage.objects.list","storage.objects.update"],"name":"roles/automlrecommendations.serviceAgent","stage":"GA","title":"Recommendations AI Service Agent","asset_type":"iam.googleapis.com/ExportedIAMRole"} +{"description":"Recommendations AI service uploads catalog feeds from Cloud Storage, reports results to the customer Cloud Storage bucket, writes logs to customer projects, and writes and reads Stackdriver metrics for customer projects.","etag":"AA==","includedPermissions":["bigquery.datasets.create","bigquery.datasets.get","bigquery.jobs.create","bigquery.jobs.get","bigquery.jobs.list","bigquery.jobs.update","bigquery.tables.create","bigquery.tables.export","bigquery.tables.get","bigquery.tables.getData","bigquery.tables.list","bigquery.tables.update","bigquery.tables.updateData","cloudnotifications.activities.list","dataflow.jobs.cancel","dataflow.jobs.create","dataflow.jobs.get","dataflow.jobs.list","dataflow.jobs.snapshot","dataflow.jobs.updateContents","dataflow.messages.list","dataflow.metrics.get","logging.logEntries.create","monitoring.alertPolicies.get","monitoring.alertPolicies.list","monitoring.dashboards.get","monitoring.dashboards.list","monitoring.groups.get","monitoring.groups.list","monitoring.metricDescriptors.create","monitoring.metricDescriptors.get","monitoring.metricDescriptors.list","monitoring.monitoredResourceDescriptors.get","monitoring.monitoredResourceDescriptors.list","monitoring.notificationChannelDescriptors.get","monitoring.notificationChannelDescriptors.list","monitoring.notificationChannels.get","monitoring.notificationChannels.list","monitoring.publicWidgets.get","monitoring.publicWidgets.list","monitoring.services.get","monitoring.services.list","monitoring.slos.get","monitoring.slos.list","monitoring.timeSeries.create","monitoring.timeSeries.list","monitoring.uptimeCheckConfigs.get","monitoring.uptimeCheckConfigs.list","opsconfigmonitoring.resourceMetadata.list","resourcemanager.projects.get","resourcemanager.projects.list","stackdriver.projects.get","storage.buckets.create","storage.buckets.get","storage.objects.create","storage.objects.delete","storage.objects.get","storage.objects.list","storage.objects.update"],"name":"roles/automlrecommendations.serviceAgent","stage":"GA","title":"Recommendations AI Service Agent","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Viewer of all Recommendations AI resources except automlrecommendations.apiKeys. To have all read access use Recommendations AI Admin Viewer role instead.","etag":"AA==","includedPermissions":["automlrecommendations.catalogItems.get","automlrecommendations.catalogItems.list","automlrecommendations.catalogs.getStats","automlrecommendations.catalogs.list","automlrecommendations.eventStores.getStats","automlrecommendations.events.list","automlrecommendations.placements.getStats","automlrecommendations.placements.list","automlrecommendations.recommendations.list","resourcemanager.projects.get","resourcemanager.projects.list","retail.catalogs.list","retail.operations.get","retail.operations.list","retail.placements.predict","retail.placements.search","retail.products.export","retail.products.get","retail.products.list","retail.retailProjects.get","serviceusage.services.get","serviceusage.services.list"],"name":"roles/automlrecommendations.viewer","stage":"BETA","title":"Recommendations AI Viewer","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Access to write metrics for autoscaling site","etag":"AA==","includedPermissions":["autoscaling.sites.writeMetrics"],"name":"roles/autoscaling.metricsWriter","stage":"BETA","title":"Autoscaling Metrics Writer","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Access to read recommendations from autoscaling site","etag":"AA==","includedPermissions":["autoscaling.sites.readRecommendations"],"name":"roles/autoscaling.recommendationsReader","stage":"BETA","title":"Autoscaling Recommendations Reader","asset_type":"iam.googleapis.com/ExportedIAMRole"} @@ -661,7 +661,7 @@ {"description":"Impersonate service accounts (create OAuth2 access tokens, sign blobs or JWTs, etc).","etag":"AA==","includedPermissions":["iam.serviceAccounts.get","iam.serviceAccounts.getAccessToken","iam.serviceAccounts.getOpenIdToken","iam.serviceAccounts.implicitDelegation","iam.serviceAccounts.list","iam.serviceAccounts.signBlob","iam.serviceAccounts.signJwt","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/iam.serviceAccountTokenCreator","stage":"GA","title":"Service Account Token Creator","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Run operations as the service account.","etag":"AA==","includedPermissions":["iam.serviceAccounts.actAs","iam.serviceAccounts.get","iam.serviceAccounts.list","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/iam.serviceAccountUser","stage":"GA","title":"Service Account User","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Read access to service accounts, metadata, and keys.","etag":"AA==","includedPermissions":["iam.serviceAccountKeys.get","iam.serviceAccountKeys.list","iam.serviceAccounts.get","iam.serviceAccounts.getIamPolicy","iam.serviceAccounts.list","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/iam.serviceAccountViewer","stage":"GA","title":"View Service Accounts","asset_type":"iam.googleapis.com/ExportedIAMRole"} -{"description":"Full rights to create and manage all workforce pools in the org, along with the ability to delegate permissions to other admins.","etag":"AA==","includedPermissions":["iam.googleapis.com/workforcePoolProviders.create","iam.googleapis.com/workforcePoolProviders.delete","iam.googleapis.com/workforcePoolProviders.get","iam.googleapis.com/workforcePoolProviders.list","iam.googleapis.com/workforcePoolProviders.undelete","iam.googleapis.com/workforcePoolProviders.update","iam.googleapis.com/workforcePoolSubjects.delete","iam.googleapis.com/workforcePoolSubjects.undelete","iam.googleapis.com/workforcePools.create","iam.googleapis.com/workforcePools.delete","iam.googleapis.com/workforcePools.get","iam.googleapis.com/workforcePools.getIamPolicy","iam.googleapis.com/workforcePools.list","iam.googleapis.com/workforcePools.setIamPolicy","iam.googleapis.com/workforcePools.undelete","iam.googleapis.com/workforcePools.update"],"name":"roles/iam.workforcePoolAdmin","stage":"ALPHA","title":"IAM Workforce Pool Admin","asset_type":"iam.googleapis.com/ExportedIAMRole"} +{"description":"Full rights to create and manage all workforce pools in the org, along with the ability to delegate permissions to other admins.","etag":"AA==","includedPermissions":["iam.googleapis.com/workforcePoolProviders.create","iam.googleapis.com/workforcePoolProviders.delete","iam.googleapis.com/workforcePoolProviders.get","iam.googleapis.com/workforcePoolProviders.list","iam.googleapis.com/workforcePoolProviders.undelete","iam.googleapis.com/workforcePoolProviders.update","iam.googleapis.com/workforcePoolSubjects.delete","iam.googleapis.com/workforcePoolSubjects.undelete","iam.googleapis.com/workforcePools.create","iam.googleapis.com/workforcePools.delete","iam.googleapis.com/workforcePools.get","iam.googleapis.com/workforcePools.getIamPolicy","iam.googleapis.com/workforcePools.list","iam.googleapis.com/workforcePools.setIamPolicy","iam.googleapis.com/workforcePools.undelete","iam.googleapis.com/workforcePools.update"],"name":"roles/iam.workforcePoolAdmin","stage":"BETA","title":"IAM Workforce Pool Admin","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Rights to edit a particular instance of a workforce pool.","etag":"AA==","includedPermissions":["iam.googleapis.com/workforcePoolProviders.create","iam.googleapis.com/workforcePoolProviders.delete","iam.googleapis.com/workforcePoolProviders.get","iam.googleapis.com/workforcePoolProviders.list","iam.googleapis.com/workforcePoolProviders.undelete","iam.googleapis.com/workforcePoolProviders.update","iam.googleapis.com/workforcePools.get","iam.googleapis.com/workforcePools.list","iam.googleapis.com/workforcePools.update"],"name":"roles/iam.workforcePoolEditor","stage":"BETA","title":"IAM Workforce Pool Editor","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Rights to read workforce pool.","etag":"AA==","includedPermissions":["iam.googleapis.com/workforcePoolProviders.get","iam.googleapis.com/workforcePoolProviders.list","iam.googleapis.com/workforcePools.get","iam.googleapis.com/workforcePools.list"],"name":"roles/iam.workforcePoolViewer","stage":"ALPHA","title":"IAM Workforce Pool Viewer","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Full rights to create and manage workload identity pools.","etag":"AA==","includedPermissions":["iam.googleapis.com/workloadIdentityPoolProviders.create","iam.googleapis.com/workloadIdentityPoolProviders.delete","iam.googleapis.com/workloadIdentityPoolProviders.get","iam.googleapis.com/workloadIdentityPoolProviders.list","iam.googleapis.com/workloadIdentityPoolProviders.undelete","iam.googleapis.com/workloadIdentityPoolProviders.update","iam.googleapis.com/workloadIdentityPools.create","iam.googleapis.com/workloadIdentityPools.delete","iam.googleapis.com/workloadIdentityPools.get","iam.googleapis.com/workloadIdentityPools.list","iam.googleapis.com/workloadIdentityPools.undelete","iam.googleapis.com/workloadIdentityPools.update","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/iam.workloadIdentityPoolAdmin","stage":"BETA","title":"IAM Workload Identity Pool Admin","asset_type":"iam.googleapis.com/ExportedIAMRole"} @@ -920,7 +920,7 @@ {"description":"Provides capabilities to view Resource Settings and Resource Setting Values on resources.","etag":"AA==","includedPermissions":["resourcesettings.settings.get","resourcesettings.settings.list"],"name":"roles/resourcesettings.viewer","stage":"GA","title":"Resource Settings Viewer","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Full access to Retail api resources.","etag":"AA==","includedPermissions":["automlrecommendations.apiKeys.create","automlrecommendations.apiKeys.delete","automlrecommendations.catalogItems.create","automlrecommendations.catalogItems.delete","automlrecommendations.catalogItems.get","automlrecommendations.catalogItems.list","automlrecommendations.catalogItems.update","automlrecommendations.catalogs.getStats","automlrecommendations.catalogs.list","automlrecommendations.catalogs.update","automlrecommendations.eventStores.getStats","automlrecommendations.events.create","automlrecommendations.events.list","automlrecommendations.events.purge","automlrecommendations.events.rejoin","automlrecommendations.placements.create","automlrecommendations.placements.delete","automlrecommendations.placements.getStats","automlrecommendations.placements.list","automlrecommendations.recommendations.create","automlrecommendations.recommendations.delete","automlrecommendations.recommendations.list","automlrecommendations.recommendations.pause","automlrecommendations.recommendations.resume","automlrecommendations.recommendations.update","retail.attributesConfigs.addCatalogAttribute","retail.attributesConfigs.batchRemoveCatalogAttributes","retail.attributesConfigs.exportCatalogAttributes","retail.attributesConfigs.get","retail.attributesConfigs.importCatalogAttributes","retail.attributesConfigs.removeCatalogAttribute","retail.attributesConfigs.replaceCatalogAttribute","retail.attributesConfigs.update","retail.catalogs.completeQuery","retail.catalogs.import","retail.catalogs.list","retail.catalogs.update","retail.controls.create","retail.controls.delete","retail.controls.export","retail.controls.get","retail.controls.import","retail.controls.list","retail.controls.update","retail.models.create","retail.models.delete","retail.models.list","retail.operations.get","retail.operations.list","retail.placements.predict","retail.placements.search","retail.products.create","retail.products.delete","retail.products.export","retail.products.get","retail.products.import","retail.products.list","retail.products.setSponsorship","retail.products.update","retail.retailProjects.get","retail.servingConfigs.create","retail.servingConfigs.delete","retail.servingConfigs.get","retail.servingConfigs.list","retail.servingConfigs.predict","retail.servingConfigs.search","retail.servingConfigs.update","retail.userEvents.create","retail.userEvents.import","retail.userEvents.purge","retail.userEvents.rejoin"],"name":"roles/retail.admin","stage":"GA","title":"Retail Admin","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Full access to Retail api resources except purge, rejoin, and setSponsorship.","etag":"AA==","includedPermissions":["automlrecommendations.apiKeys.create","automlrecommendations.apiKeys.delete","automlrecommendations.catalogItems.create","automlrecommendations.catalogItems.delete","automlrecommendations.catalogItems.get","automlrecommendations.catalogItems.list","automlrecommendations.catalogItems.update","automlrecommendations.catalogs.getStats","automlrecommendations.catalogs.list","automlrecommendations.catalogs.update","automlrecommendations.eventStores.getStats","automlrecommendations.events.create","automlrecommendations.events.list","automlrecommendations.placements.create","automlrecommendations.placements.delete","automlrecommendations.placements.getStats","automlrecommendations.placements.list","automlrecommendations.recommendations.create","automlrecommendations.recommendations.delete","automlrecommendations.recommendations.list","automlrecommendations.recommendations.pause","automlrecommendations.recommendations.resume","automlrecommendations.recommendations.update","retail.attributesConfigs.addCatalogAttribute","retail.attributesConfigs.exportCatalogAttributes","retail.attributesConfigs.get","retail.attributesConfigs.importCatalogAttributes","retail.attributesConfigs.replaceCatalogAttribute","retail.attributesConfigs.update","retail.catalogs.completeQuery","retail.catalogs.import","retail.catalogs.list","retail.catalogs.update","retail.controls.create","retail.controls.delete","retail.controls.export","retail.controls.get","retail.controls.import","retail.controls.list","retail.controls.update","retail.models.create","retail.models.delete","retail.models.list","retail.operations.get","retail.operations.list","retail.placements.predict","retail.placements.search","retail.products.create","retail.products.delete","retail.products.export","retail.products.get","retail.products.import","retail.products.list","retail.products.update","retail.retailProjects.get","retail.servingConfigs.create","retail.servingConfigs.delete","retail.servingConfigs.get","retail.servingConfigs.list","retail.servingConfigs.predict","retail.servingConfigs.search","retail.servingConfigs.update","retail.userEvents.create","retail.userEvents.import"],"name":"roles/retail.editor","stage":"GA","title":"Retail Editor","asset_type":"iam.googleapis.com/ExportedIAMRole"} -{"description":"Retail service uploads product feeds and user events from Cloud Storage and BigQuery, reports results to the customer Cloud Storage bucket, writes logs to customer projects, and writes and reads Stackdriver metrics for customer projects.","etag":"AA==","includedPermissions":["bigquery.datasets.create","bigquery.datasets.get","bigquery.jobs.create","bigquery.jobs.get","bigquery.jobs.list","bigquery.jobs.update","bigquery.tables.create","bigquery.tables.export","bigquery.tables.get","bigquery.tables.getData","bigquery.tables.list","bigquery.tables.updateData","cloudnotifications.activities.list","dataflow.jobs.cancel","dataflow.jobs.create","dataflow.jobs.get","dataflow.jobs.list","dataflow.jobs.snapshot","dataflow.jobs.updateContents","dataflow.messages.list","dataflow.metrics.get","logging.logEntries.create","monitoring.alertPolicies.get","monitoring.alertPolicies.list","monitoring.dashboards.get","monitoring.dashboards.list","monitoring.groups.get","monitoring.groups.list","monitoring.metricDescriptors.create","monitoring.metricDescriptors.get","monitoring.metricDescriptors.list","monitoring.monitoredResourceDescriptors.get","monitoring.monitoredResourceDescriptors.list","monitoring.notificationChannelDescriptors.get","monitoring.notificationChannelDescriptors.list","monitoring.notificationChannels.get","monitoring.notificationChannels.list","monitoring.publicWidgets.get","monitoring.publicWidgets.list","monitoring.services.get","monitoring.services.list","monitoring.slos.get","monitoring.slos.list","monitoring.timeSeries.create","monitoring.timeSeries.list","monitoring.uptimeCheckConfigs.get","monitoring.uptimeCheckConfigs.list","opsconfigmonitoring.resourceMetadata.list","resourcemanager.projects.get","resourcemanager.projects.list","stackdriver.projects.get","storage.buckets.create","storage.buckets.get","storage.objects.create","storage.objects.delete","storage.objects.get","storage.objects.list","storage.objects.update"],"name":"roles/retail.serviceAgent","stage":"GA","title":"Retail Service Agent","asset_type":"iam.googleapis.com/ExportedIAMRole"} +{"description":"Retail service uploads product feeds and user events from Cloud Storage and BigQuery, reports results to the customer Cloud Storage bucket, writes logs to customer projects, and writes and reads Stackdriver metrics for customer projects.","etag":"AA==","includedPermissions":["bigquery.datasets.create","bigquery.datasets.get","bigquery.jobs.create","bigquery.jobs.get","bigquery.jobs.list","bigquery.jobs.update","bigquery.tables.create","bigquery.tables.export","bigquery.tables.get","bigquery.tables.getData","bigquery.tables.list","bigquery.tables.update","bigquery.tables.updateData","cloudnotifications.activities.list","dataflow.jobs.cancel","dataflow.jobs.create","dataflow.jobs.get","dataflow.jobs.list","dataflow.jobs.snapshot","dataflow.jobs.updateContents","dataflow.messages.list","dataflow.metrics.get","logging.logEntries.create","monitoring.alertPolicies.get","monitoring.alertPolicies.list","monitoring.dashboards.get","monitoring.dashboards.list","monitoring.groups.get","monitoring.groups.list","monitoring.metricDescriptors.create","monitoring.metricDescriptors.get","monitoring.metricDescriptors.list","monitoring.monitoredResourceDescriptors.get","monitoring.monitoredResourceDescriptors.list","monitoring.notificationChannelDescriptors.get","monitoring.notificationChannelDescriptors.list","monitoring.notificationChannels.get","monitoring.notificationChannels.list","monitoring.publicWidgets.get","monitoring.publicWidgets.list","monitoring.services.get","monitoring.services.list","monitoring.slos.get","monitoring.slos.list","monitoring.timeSeries.create","monitoring.timeSeries.list","monitoring.uptimeCheckConfigs.get","monitoring.uptimeCheckConfigs.list","opsconfigmonitoring.resourceMetadata.list","resourcemanager.projects.get","resourcemanager.projects.list","stackdriver.projects.get","storage.buckets.create","storage.buckets.get","storage.objects.create","storage.objects.delete","storage.objects.get","storage.objects.list","storage.objects.update"],"name":"roles/retail.serviceAgent","stage":"GA","title":"Retail Service Agent","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Grants access to read all resources in Retail.","etag":"AA==","includedPermissions":["automlrecommendations.catalogItems.get","automlrecommendations.catalogItems.list","automlrecommendations.catalogs.getStats","automlrecommendations.catalogs.list","automlrecommendations.eventStores.getStats","automlrecommendations.events.list","automlrecommendations.placements.getStats","automlrecommendations.placements.list","automlrecommendations.recommendations.list","retail.attributesConfigs.exportCatalogAttributes","retail.attributesConfigs.get","retail.catalogs.completeQuery","retail.catalogs.list","retail.controls.export","retail.controls.get","retail.controls.list","retail.models.list","retail.operations.get","retail.operations.list","retail.placements.predict","retail.placements.search","retail.products.export","retail.products.get","retail.products.list","retail.retailProjects.get","retail.servingConfigs.get","retail.servingConfigs.list","retail.servingConfigs.predict","retail.servingConfigs.search"],"name":"roles/retail.viewer","stage":"GA","title":"Retail Viewer","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Grants all Risk Manager permissions","etag":"AA==","includedPermissions":["resourcemanager.projects.get","resourcemanager.projects.list","riskmanager.operations.delete","riskmanager.operations.get","riskmanager.operations.list","riskmanager.policies.get","riskmanager.policies.list","riskmanager.reports.create","riskmanager.reports.delete","riskmanager.reports.get","riskmanager.reports.list","riskmanager.reports.review","riskmanager.reports.share","riskmanager.serviceAccount.create","riskmanager.settings.get","riskmanager.settings.update"],"name":"roles/riskmanager.admin","stage":"BETA","title":"Risk Manager Admin","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Access to edit Risk Manager resources","etag":"AA==","includedPermissions":["resourcemanager.projects.get","resourcemanager.projects.list","riskmanager.operations.delete","riskmanager.operations.get","riskmanager.operations.list","riskmanager.policies.get","riskmanager.policies.list","riskmanager.reports.create","riskmanager.reports.delete","riskmanager.reports.get","riskmanager.reports.list","riskmanager.serviceAccount.create","riskmanager.settings.get","riskmanager.settings.update"],"name":"roles/riskmanager.editor","stage":"BETA","title":"Risk Manager Editor","asset_type":"iam.googleapis.com/ExportedIAMRole"} @@ -938,7 +938,7 @@ {"description":"Allows adding versions to existing secrets.","etag":"AA==","includedPermissions":["resourcemanager.projects.get","resourcemanager.projects.list","secretmanager.versions.add"],"name":"roles/secretmanager.secretVersionAdder","stage":"GA","title":"Secret Manager Secret Version Adder","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Allows creating and managing versions of existing secrets.","etag":"AA==","includedPermissions":["resourcemanager.projects.get","resourcemanager.projects.list","secretmanager.versions.add","secretmanager.versions.destroy","secretmanager.versions.disable","secretmanager.versions.enable","secretmanager.versions.get","secretmanager.versions.list"],"name":"roles/secretmanager.secretVersionManager","stage":"GA","title":"Secret Manager Secret Version Manager","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Allows viewing metadata of all Secret Manager resources","etag":"AA==","includedPermissions":["resourcemanager.projects.get","resourcemanager.projects.list","secretmanager.locations.get","secretmanager.locations.list","secretmanager.secrets.get","secretmanager.secrets.getIamPolicy","secretmanager.secrets.list","secretmanager.versions.get","secretmanager.versions.list"],"name":"roles/secretmanager.viewer","stage":"GA","title":"Secret Manager Viewer","asset_type":"iam.googleapis.com/ExportedIAMRole"} -{"description":"Access to modify (remediate) resources in SLZ BQDW Blueprint at Organization.","etag":"AA==","includedPermissions":["accesscontextmanager.servicePerimeters.get","accesscontextmanager.servicePerimeters.list","accesscontextmanager.servicePerimeters.update"],"name":"roles/securedlandingzone.bqdwOrgRemediator","stage":"EAP","title":"SLZ BQDW Blueprint Organization Level Remediator","asset_type":"iam.googleapis.com/ExportedIAMRole"} +{"description":"Access to modify (remediate) resources in SLZ BQDW Blueprint at Organization.","etag":"AA==","includedPermissions":["accesscontextmanager.servicePerimeters.get","accesscontextmanager.servicePerimeters.list","accesscontextmanager.servicePerimeters.update"],"name":"roles/securedlandingzone.bqdwOrgRemediator","stage":"BETA","title":"SLZ BQDW Blueprint Organization Level Remediator","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Access to modify (remediate) resources in SLZ BQDW Blueprint at Project.","etag":"AA==","includedPermissions":["bigquery.datasets.get","bigquery.datasets.getIamPolicy","bigquery.datasets.setIamPolicy","bigquery.datasets.update","cloudkms.cryptoKeys.get","cloudkms.cryptoKeys.getIamPolicy","cloudkms.cryptoKeys.list","cloudkms.cryptoKeys.setIamPolicy","cloudkms.cryptoKeys.update","cloudkms.keyRings.getIamPolicy","cloudkms.keyRings.setIamPolicy","pubsub.topics.get","pubsub.topics.getIamPolicy","pubsub.topics.list","pubsub.topics.setIamPolicy","pubsub.topics.update","resourcemanager.projects.update","serviceusage.services.use","storage.buckets.get","storage.buckets.getIamPolicy","storage.buckets.list","storage.buckets.setIamPolicy","storage.buckets.update"],"name":"roles/securedlandingzone.bqdwProjectRemediator","stage":"BETA","title":"SLZ BQDW Blueprint Project Level Remediator","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"This role can activate or suspend Overwatches","etag":"AA==","includedPermissions":["resourcemanager.projects.get","resourcemanager.projects.list","securedlandingzone.overwatches.activate","securedlandingzone.overwatches.suspend"],"name":"roles/securedlandingzone.overwatchActivator","stage":"BETA","title":"Overwatch Activator","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Full access to Overwatches","etag":"AA==","includedPermissions":["resourcemanager.projects.get","resourcemanager.projects.list","securedlandingzone.operations.get","securedlandingzone.overwatches.activate","securedlandingzone.overwatches.create","securedlandingzone.overwatches.delete","securedlandingzone.overwatches.get","securedlandingzone.overwatches.list","securedlandingzone.overwatches.suspend","securedlandingzone.overwatches.update"],"name":"roles/securedlandingzone.overwatchAdmin","stage":"BETA","title":"Overwatch Admin","asset_type":"iam.googleapis.com/ExportedIAMRole"} diff --git a/roles/analyticshub.admin b/roles/analyticshub.admin index a5c1e89d..be96ba91 100644 --- a/roles/analyticshub.admin +++ b/roles/analyticshub.admin @@ -20,6 +20,6 @@ "resourcemanager.projects.list" ], "name": "roles/analyticshub.admin", - "stage": "GA", + "stage": "BETA", "title": "Analytics Hub Admin" } diff --git a/roles/analyticshub.listingAdmin b/roles/analyticshub.listingAdmin index 9cfa979d..f420d5ba 100644 --- a/roles/analyticshub.listingAdmin +++ b/roles/analyticshub.listingAdmin @@ -15,6 +15,6 @@ "resourcemanager.projects.list" ], "name": "roles/analyticshub.listingAdmin", - "stage": "BETA", + "stage": "GA", "title": "Analytics Hub Listing Admin" } diff --git a/roles/automlrecommendations.serviceAgent b/roles/automlrecommendations.serviceAgent index bda440d6..26889299 100644 --- a/roles/automlrecommendations.serviceAgent +++ b/roles/automlrecommendations.serviceAgent @@ -13,6 +13,7 @@ "bigquery.tables.get", "bigquery.tables.getData", "bigquery.tables.list", + "bigquery.tables.update", "bigquery.tables.updateData", "cloudnotifications.activities.list", "dataflow.jobs.cancel", diff --git a/roles/iam.workforcePoolAdmin b/roles/iam.workforcePoolAdmin index 6ceb6932..4b705c2b 100644 --- a/roles/iam.workforcePoolAdmin +++ b/roles/iam.workforcePoolAdmin @@ -20,6 +20,6 @@ "iam.googleapis.com/workforcePools.update" ], "name": "roles/iam.workforcePoolAdmin", - "stage": "ALPHA", + "stage": "BETA", "title": "IAM Workforce Pool Admin" } diff --git a/roles/retail.serviceAgent b/roles/retail.serviceAgent index 679f4df0..ae12aed3 100644 --- a/roles/retail.serviceAgent +++ b/roles/retail.serviceAgent @@ -13,6 +13,7 @@ "bigquery.tables.get", "bigquery.tables.getData", "bigquery.tables.list", + "bigquery.tables.update", "bigquery.tables.updateData", "cloudnotifications.activities.list", "dataflow.jobs.cancel", diff --git a/roles/securedlandingzone.bqdwOrgRemediator b/roles/securedlandingzone.bqdwOrgRemediator index e217df82..23cf8825 100644 --- a/roles/securedlandingzone.bqdwOrgRemediator +++ b/roles/securedlandingzone.bqdwOrgRemediator @@ -7,6 +7,6 @@ "accesscontextmanager.servicePerimeters.update" ], "name": "roles/securedlandingzone.bqdwOrgRemediator", - "stage": "EAP", + "stage": "BETA", "title": "SLZ BQDW Blueprint Organization Level Remediator" }