From 9e041c621f978adb48200ddd91ac85b59bc44e34 Mon Sep 17 00:00:00 2001 From: bgeesaman Date: Tue, 16 Aug 2022 01:26:55 +0000 Subject: [PATCH] Fetch all roles --- gcp_roles_cai.json | 20 ++++++++++---------- roles/analyticshub.admin | 2 +- roles/analyticshub.subscriber | 2 +- roles/anthosservicemesh.serviceAgent | 18 +++++++++++++++++- roles/automlrecommendations.serviceAgent | 1 + roles/contactcenteraiplatform.admin | 2 +- roles/contactcenteraiplatform.viewer | 2 +- roles/iam.workforcePoolViewer | 2 +- roles/securedlandingzone.bqdwOrgRemediator | 2 +- roles/storagetransfer.transferAgent | 1 + roles/workloadmanager.worker | 2 +- 11 files changed, 36 insertions(+), 18 deletions(-) diff --git a/gcp_roles_cai.json b/gcp_roles_cai.json index 39fa3108..a0ac069c 100644 --- a/gcp_roles_cai.json +++ b/gcp_roles_cai.json @@ -29,17 +29,17 @@ {"description":"Connectivity access to Cloud AlloyDB instances.","etag":"AA==","includedPermissions":["alloydb.clusters.generateClientCertificate","alloydb.clusters.get","alloydb.instances.connect","alloydb.instances.get","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/alloydb.client","stage":"BETA","title":"Cloud AlloyDB Client","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Gives the AlloyDB service account permission to manage customer resources","etag":"AA==","includedPermissions":["alloydb.clusters.list"],"name":"roles/alloydb.serviceAgent","stage":"GA","title":"AlloyDB Service Agent","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Read-only access to Cloud AlloyDB all resources.","etag":"AA==","includedPermissions":["alloydb.backups.get","alloydb.backups.list","alloydb.clusters.get","alloydb.clusters.list","alloydb.instances.get","alloydb.instances.list","alloydb.locations.get","alloydb.locations.list","alloydb.operations.get","alloydb.operations.list","alloydb.supportedDatabaseFlags.get","alloydb.supportedDatabaseFlags.list","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/alloydb.viewer","stage":"BETA","title":"Cloud AlloyDB Viewer","asset_type":"iam.googleapis.com/ExportedIAMRole"} -{"description":"Administer Data Exchanges and Listings","etag":"AA==","includedPermissions":["analyticshub.dataExchanges.create","analyticshub.dataExchanges.delete","analyticshub.dataExchanges.get","analyticshub.dataExchanges.getIamPolicy","analyticshub.dataExchanges.list","analyticshub.dataExchanges.setIamPolicy","analyticshub.dataExchanges.update","analyticshub.listings.create","analyticshub.listings.delete","analyticshub.listings.get","analyticshub.listings.getIamPolicy","analyticshub.listings.list","analyticshub.listings.setIamPolicy","analyticshub.listings.update","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/analyticshub.admin","stage":"BETA","title":"Analytics Hub Admin","asset_type":"iam.googleapis.com/ExportedIAMRole"} +{"description":"Administer Data Exchanges and Listings","etag":"AA==","includedPermissions":["analyticshub.dataExchanges.create","analyticshub.dataExchanges.delete","analyticshub.dataExchanges.get","analyticshub.dataExchanges.getIamPolicy","analyticshub.dataExchanges.list","analyticshub.dataExchanges.setIamPolicy","analyticshub.dataExchanges.update","analyticshub.listings.create","analyticshub.listings.delete","analyticshub.listings.get","analyticshub.listings.getIamPolicy","analyticshub.listings.list","analyticshub.listings.setIamPolicy","analyticshub.listings.update","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/analyticshub.admin","stage":"GA","title":"Analytics Hub Admin","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Grants full control over the Listing, including updating, deleting and setting ACLs","etag":"AA==","includedPermissions":["analyticshub.dataExchanges.get","analyticshub.dataExchanges.getIamPolicy","analyticshub.dataExchanges.list","analyticshub.listings.delete","analyticshub.listings.get","analyticshub.listings.getIamPolicy","analyticshub.listings.list","analyticshub.listings.setIamPolicy","analyticshub.listings.update","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/analyticshub.listingAdmin","stage":"GA","title":"Analytics Hub Listing Admin","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Can publish to Data Exchanges thus creating Listings","etag":"AA==","includedPermissions":["analyticshub.dataExchanges.get","analyticshub.dataExchanges.getIamPolicy","analyticshub.dataExchanges.list","analyticshub.listings.create","analyticshub.listings.get","analyticshub.listings.getIamPolicy","analyticshub.listings.list","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/analyticshub.publisher","stage":"BETA","title":"Analytics Hub Publisher","asset_type":"iam.googleapis.com/ExportedIAMRole"} -{"description":"Can browse Data Exchanges and subscribe to Listings","etag":"AA==","includedPermissions":["analyticshub.dataExchanges.get","analyticshub.dataExchanges.getIamPolicy","analyticshub.dataExchanges.list","analyticshub.listings.get","analyticshub.listings.getIamPolicy","analyticshub.listings.list","analyticshub.listings.subscribe","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/analyticshub.subscriber","stage":"BETA","title":"Analytics Hub Subscriber","asset_type":"iam.googleapis.com/ExportedIAMRole"} +{"description":"Can browse Data Exchanges and subscribe to Listings","etag":"AA==","includedPermissions":["analyticshub.dataExchanges.get","analyticshub.dataExchanges.getIamPolicy","analyticshub.dataExchanges.list","analyticshub.listings.get","analyticshub.listings.getIamPolicy","analyticshub.listings.list","analyticshub.listings.subscribe","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/analyticshub.subscriber","stage":"GA","title":"Analytics Hub Subscriber","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Can browse Data Exchanges and Listings","etag":"AA==","includedPermissions":["analyticshub.dataExchanges.get","analyticshub.dataExchanges.getIamPolicy","analyticshub.dataExchanges.list","analyticshub.listings.get","analyticshub.listings.getIamPolicy","analyticshub.listings.list","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/analyticshub.viewer","stage":"BETA","title":"Analytics Hub Viewer","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Full access to manage devices.","etag":"AA==","includedPermissions":["androidmanagement.enterprises.manage","serviceusage.quotas.get","serviceusage.services.get","serviceusage.services.list"],"name":"roles/androidmanagement.user","stage":"GA","title":"Android Management User","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Gives the Anthos service agent access to Cloud Platformresources.","etag":"AA==","includedPermissions":["gkehub.features.get","gkehub.locations.get","gkehub.locations.list","gkehub.memberships.get","gkehub.memberships.list","serviceusage.services.get","serviceusage.services.list"],"name":"roles/anthos.serviceAgent","stage":"GA","title":"Anthos Service Agent","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Gives the Anthos Audit service agent access toCloud Platform resources.","etag":"AA==","includedPermissions":["gkehub.features.get","gkehub.locations.get","gkehub.locations.list","gkehub.memberships.get","gkehub.memberships.list"],"name":"roles/anthosaudit.serviceAgent","stage":"GA","title":"Anthos Audit Service Agent","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Gives the Anthos Config Management service agent access toCloud Platform resources.","etag":"AA==","includedPermissions":["container.clusters.get","gkehub.features.get","gkehub.locations.get","gkehub.locations.list","gkehub.memberships.get","gkehub.memberships.list"],"name":"roles/anthosconfigmanagement.serviceAgent","stage":"GA","title":"Anthos Config Management Service Agent","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Gives the Anthos Identity service agent access to Cloud Platform resources.","etag":"AA==","includedPermissions":["gkehub.features.get","gkehub.locations.get","gkehub.locations.list","gkehub.memberships.get","gkehub.memberships.list"],"name":"roles/anthosidentityservice.serviceAgent","stage":"GA","title":"Anthos Identity Service Agent","asset_type":"iam.googleapis.com/ExportedIAMRole"} -{"description":"Gives the Anthos Service Mesh service agent access to Cloud Platform resources.","etag":"AA==","includedPermissions":["container.backendConfigs.create","container.backendConfigs.delete","container.backendConfigs.get","container.backendConfigs.list","container.backendConfigs.update","container.clusterRoleBindings.create","container.clusterRoleBindings.delete","container.clusterRoleBindings.get","container.clusterRoleBindings.list","container.clusterRoleBindings.update","container.clusterRoles.bind","container.clusterRoles.create","container.clusterRoles.delete","container.clusterRoles.escalate","container.clusterRoles.get","container.clusterRoles.list","container.clusterRoles.update","container.clusters.get","container.configMaps.create","container.configMaps.delete","container.configMaps.get","container.configMaps.list","container.configMaps.update","container.customResourceDefinitions.create","container.customResourceDefinitions.get","container.customResourceDefinitions.list","container.customResourceDefinitions.update","container.daemonSets.create","container.daemonSets.delete","container.daemonSets.get","container.daemonSets.getStatus","container.daemonSets.list","container.daemonSets.update","container.deployments.get","container.deployments.list","container.events.get","container.events.list","container.jobs.create","container.jobs.delete","container.jobs.get","container.jobs.list","container.jobs.update","container.mutatingWebhookConfigurations.create","container.mutatingWebhookConfigurations.get","container.mutatingWebhookConfigurations.list","container.mutatingWebhookConfigurations.update","container.namespaces.create","container.namespaces.get","container.namespaces.list","container.pods.get","container.pods.list","container.secrets.create","container.secrets.delete","container.secrets.get","container.secrets.list","container.secrets.update","container.serviceAccounts.create","container.serviceAccounts.delete","container.serviceAccounts.get","container.serviceAccounts.list","container.serviceAccounts.update","container.services.get","container.services.list","container.thirdPartyObjects.create","container.thirdPartyObjects.get","container.thirdPartyObjects.list","container.thirdPartyObjects.update","container.validatingWebhookConfigurations.create","container.validatingWebhookConfigurations.get","container.validatingWebhookConfigurations.list","container.validatingWebhookConfigurations.update","gkehub.features.get","gkehub.locations.get","gkehub.locations.list","gkehub.memberships.get","gkehub.memberships.list","meshconfig.projects.init"],"name":"roles/anthosservicemesh.serviceAgent","stage":"GA","title":"Anthos Service Mesh Service Agent","asset_type":"iam.googleapis.com/ExportedIAMRole"} +{"description":"Gives the Anthos Service Mesh service agent access to Cloud Platform resources.","etag":"AA==","includedPermissions":["container.backendConfigs.create","container.backendConfigs.delete","container.backendConfigs.get","container.backendConfigs.list","container.backendConfigs.update","container.clusterRoleBindings.create","container.clusterRoleBindings.delete","container.clusterRoleBindings.get","container.clusterRoleBindings.list","container.clusterRoleBindings.update","container.clusterRoles.bind","container.clusterRoles.create","container.clusterRoles.delete","container.clusterRoles.escalate","container.clusterRoles.get","container.clusterRoles.list","container.clusterRoles.update","container.clusters.get","container.clusters.update","container.configMaps.create","container.configMaps.delete","container.configMaps.get","container.configMaps.list","container.configMaps.update","container.customResourceDefinitions.create","container.customResourceDefinitions.get","container.customResourceDefinitions.list","container.customResourceDefinitions.update","container.daemonSets.create","container.daemonSets.delete","container.daemonSets.get","container.daemonSets.getStatus","container.daemonSets.list","container.daemonSets.update","container.deployments.get","container.deployments.list","container.events.get","container.events.list","container.jobs.create","container.jobs.delete","container.jobs.get","container.jobs.list","container.jobs.update","container.mutatingWebhookConfigurations.create","container.mutatingWebhookConfigurations.get","container.mutatingWebhookConfigurations.list","container.mutatingWebhookConfigurations.update","container.namespaces.create","container.namespaces.get","container.namespaces.list","container.operations.get","container.pods.get","container.pods.list","container.secrets.create","container.secrets.delete","container.secrets.get","container.secrets.list","container.secrets.update","container.serviceAccounts.create","container.serviceAccounts.delete","container.serviceAccounts.get","container.serviceAccounts.list","container.serviceAccounts.update","container.services.get","container.services.list","container.thirdPartyObjects.create","container.thirdPartyObjects.get","container.thirdPartyObjects.list","container.thirdPartyObjects.update","container.validatingWebhookConfigurations.create","container.validatingWebhookConfigurations.get","container.validatingWebhookConfigurations.list","container.validatingWebhookConfigurations.update","gkehub.features.get","gkehub.gateway.delete","gkehub.gateway.get","gkehub.gateway.patch","gkehub.gateway.post","gkehub.gateway.put","gkehub.locations.get","gkehub.locations.list","gkehub.memberships.get","gkehub.memberships.list","logging.logEntries.create","meshconfig.projects.init","monitoring.metricDescriptors.create","monitoring.metricDescriptors.get","monitoring.metricDescriptors.list","monitoring.monitoredResourceDescriptors.get","monitoring.monitoredResourceDescriptors.list","monitoring.timeSeries.create","serviceusage.services.get","serviceusage.services.use"],"name":"roles/anthosservicemesh.serviceAgent","stage":"GA","title":"Anthos Service Mesh Service Agent","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":" Gives the Anthos Support Service Agent access to Cloud Platform resource.","etag":"AA==","includedPermissions":["gkehub.features.get","gkehub.features.getIamPolicy","gkehub.features.list","gkehub.fleet.get","gkehub.gateway.get","gkehub.locations.get","gkehub.locations.list","gkehub.memberships.generateConnectManifest","gkehub.memberships.get","gkehub.memberships.getIamPolicy","gkehub.memberships.list","gkehub.operations.get","gkehub.operations.list","resourcemanager.projects.get","resourcemanager.projects.list","serviceusage.services.get"],"name":"roles/anthossupport.serviceAgent","stage":"GA","title":"Anthos Support Service Agent","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Full access to ApiGateway and related resources.","etag":"AA==","includedPermissions":["apigateway.apiconfigs.create","apigateway.apiconfigs.delete","apigateway.apiconfigs.get","apigateway.apiconfigs.getIamPolicy","apigateway.apiconfigs.list","apigateway.apiconfigs.setIamPolicy","apigateway.apiconfigs.update","apigateway.apis.create","apigateway.apis.delete","apigateway.apis.get","apigateway.apis.getIamPolicy","apigateway.apis.list","apigateway.apis.setIamPolicy","apigateway.apis.update","apigateway.gateways.create","apigateway.gateways.delete","apigateway.gateways.get","apigateway.gateways.getIamPolicy","apigateway.gateways.list","apigateway.gateways.setIamPolicy","apigateway.gateways.update","apigateway.locations.get","apigateway.locations.list","apigateway.operations.cancel","apigateway.operations.delete","apigateway.operations.get","apigateway.operations.list","monitoring.metricDescriptors.list","monitoring.monitoredResourceDescriptors.get","monitoring.timeSeries.list","resourcemanager.projects.get","resourcemanager.projects.list","servicemanagement.services.get","serviceusage.services.list"],"name":"roles/apigateway.admin","stage":"GA","title":"ApiGateway Admin","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Gives Cloud API Gateway service account access to Service Management check and reports as well as impersonation on user-specified service accounts.","etag":"AA==","includedPermissions":["iam.serviceAccounts.getAccessToken","iam.serviceAccounts.getOpenIdToken","servicemanagement.services.check","servicemanagement.services.quota","servicemanagement.services.report"],"name":"roles/apigateway.serviceAgent","stage":"GA","title":"Cloud API Gateway Service Agent","asset_type":"iam.googleapis.com/ExportedIAMRole"} @@ -93,7 +93,7 @@ {"description":"Full access to all Recommendations AI resources.","etag":"AA==","includedPermissions":["automlrecommendations.apiKeys.create","automlrecommendations.apiKeys.delete","automlrecommendations.apiKeys.list","automlrecommendations.catalogItems.create","automlrecommendations.catalogItems.delete","automlrecommendations.catalogItems.get","automlrecommendations.catalogItems.list","automlrecommendations.catalogItems.update","automlrecommendations.catalogs.getStats","automlrecommendations.catalogs.list","automlrecommendations.catalogs.update","automlrecommendations.eventStores.getStats","automlrecommendations.events.create","automlrecommendations.events.list","automlrecommendations.events.purge","automlrecommendations.events.rejoin","automlrecommendations.placements.create","automlrecommendations.placements.delete","automlrecommendations.placements.getStats","automlrecommendations.placements.list","automlrecommendations.recommendations.create","automlrecommendations.recommendations.delete","automlrecommendations.recommendations.list","automlrecommendations.recommendations.pause","automlrecommendations.recommendations.resume","automlrecommendations.recommendations.update","resourcemanager.projects.get","resourcemanager.projects.list","retail.catalogs.list","retail.catalogs.update","retail.operations.get","retail.operations.list","retail.placements.predict","retail.placements.search","retail.products.create","retail.products.delete","retail.products.export","retail.products.get","retail.products.import","retail.products.list","retail.products.update","retail.retailProjects.get","retail.userEvents.create","retail.userEvents.import","retail.userEvents.purge","retail.userEvents.rejoin","serviceusage.services.get","serviceusage.services.list"],"name":"roles/automlrecommendations.admin","stage":"BETA","title":"Recommendations AI Admin","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Viewer of all Recommendations AI resources.","etag":"AA==","includedPermissions":["automlrecommendations.apiKeys.list","automlrecommendations.catalogItems.get","automlrecommendations.catalogItems.list","automlrecommendations.catalogs.getStats","automlrecommendations.catalogs.list","automlrecommendations.eventStores.getStats","automlrecommendations.events.list","automlrecommendations.placements.getStats","automlrecommendations.placements.list","automlrecommendations.recommendations.list","resourcemanager.projects.get","resourcemanager.projects.list","retail.catalogs.list","retail.operations.get","retail.operations.list","retail.placements.predict","retail.placements.search","retail.products.export","retail.products.get","retail.products.list","retail.retailProjects.get","serviceusage.services.get","serviceusage.services.list"],"name":"roles/automlrecommendations.adminViewer","stage":"BETA","title":"Recommendations AI Admin Viewer","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Editor of all Recommendations AI resources.","etag":"AA==","includedPermissions":["automlrecommendations.apiKeys.create","automlrecommendations.apiKeys.list","automlrecommendations.catalogItems.create","automlrecommendations.catalogItems.delete","automlrecommendations.catalogItems.get","automlrecommendations.catalogItems.list","automlrecommendations.catalogItems.update","automlrecommendations.catalogs.getStats","automlrecommendations.catalogs.list","automlrecommendations.eventStores.getStats","automlrecommendations.events.create","automlrecommendations.events.list","automlrecommendations.placements.create","automlrecommendations.placements.getStats","automlrecommendations.placements.list","automlrecommendations.recommendations.create","automlrecommendations.recommendations.list","automlrecommendations.recommendations.pause","automlrecommendations.recommendations.resume","automlrecommendations.recommendations.update","resourcemanager.projects.get","resourcemanager.projects.list","retail.catalogs.list","retail.catalogs.update","retail.operations.get","retail.operations.list","retail.placements.predict","retail.placements.search","retail.products.create","retail.products.delete","retail.products.export","retail.products.get","retail.products.import","retail.products.list","retail.products.update","retail.retailProjects.get","retail.userEvents.create","retail.userEvents.import","serviceusage.services.get","serviceusage.services.list"],"name":"roles/automlrecommendations.editor","stage":"BETA","title":"Recommendations AI Editor","asset_type":"iam.googleapis.com/ExportedIAMRole"} -{"description":"Recommendations AI service uploads catalog feeds from Cloud Storage, reports results to the customer Cloud Storage bucket, writes logs to customer projects, and writes and reads Stackdriver metrics for customer projects.","etag":"AA==","includedPermissions":["bigquery.datasets.create","bigquery.datasets.get","bigquery.jobs.create","bigquery.jobs.get","bigquery.jobs.list","bigquery.jobs.update","bigquery.tables.create","bigquery.tables.export","bigquery.tables.get","bigquery.tables.getData","bigquery.tables.list","bigquery.tables.updateData","cloudnotifications.activities.list","dataflow.jobs.cancel","dataflow.jobs.create","dataflow.jobs.get","dataflow.jobs.list","dataflow.jobs.snapshot","dataflow.jobs.updateContents","dataflow.messages.list","dataflow.metrics.get","logging.logEntries.create","monitoring.alertPolicies.get","monitoring.alertPolicies.list","monitoring.dashboards.get","monitoring.dashboards.list","monitoring.groups.get","monitoring.groups.list","monitoring.metricDescriptors.create","monitoring.metricDescriptors.get","monitoring.metricDescriptors.list","monitoring.monitoredResourceDescriptors.get","monitoring.monitoredResourceDescriptors.list","monitoring.notificationChannelDescriptors.get","monitoring.notificationChannelDescriptors.list","monitoring.notificationChannels.get","monitoring.notificationChannels.list","monitoring.publicWidgets.get","monitoring.publicWidgets.list","monitoring.services.get","monitoring.services.list","monitoring.slos.get","monitoring.slos.list","monitoring.timeSeries.create","monitoring.timeSeries.list","monitoring.uptimeCheckConfigs.get","monitoring.uptimeCheckConfigs.list","opsconfigmonitoring.resourceMetadata.list","resourcemanager.projects.get","resourcemanager.projects.list","stackdriver.projects.get","storage.buckets.create","storage.buckets.get","storage.objects.create","storage.objects.delete","storage.objects.get","storage.objects.list","storage.objects.update"],"name":"roles/automlrecommendations.serviceAgent","stage":"GA","title":"Recommendations AI Service Agent","asset_type":"iam.googleapis.com/ExportedIAMRole"} +{"description":"Recommendations AI service uploads catalog feeds from Cloud Storage, reports results to the customer Cloud Storage bucket, writes logs to customer projects, and writes and reads Stackdriver metrics for customer projects.","etag":"AA==","includedPermissions":["bigquery.datasets.create","bigquery.datasets.get","bigquery.jobs.create","bigquery.jobs.get","bigquery.jobs.list","bigquery.jobs.update","bigquery.tables.create","bigquery.tables.export","bigquery.tables.get","bigquery.tables.getData","bigquery.tables.list","bigquery.tables.update","bigquery.tables.updateData","cloudnotifications.activities.list","dataflow.jobs.cancel","dataflow.jobs.create","dataflow.jobs.get","dataflow.jobs.list","dataflow.jobs.snapshot","dataflow.jobs.updateContents","dataflow.messages.list","dataflow.metrics.get","logging.logEntries.create","monitoring.alertPolicies.get","monitoring.alertPolicies.list","monitoring.dashboards.get","monitoring.dashboards.list","monitoring.groups.get","monitoring.groups.list","monitoring.metricDescriptors.create","monitoring.metricDescriptors.get","monitoring.metricDescriptors.list","monitoring.monitoredResourceDescriptors.get","monitoring.monitoredResourceDescriptors.list","monitoring.notificationChannelDescriptors.get","monitoring.notificationChannelDescriptors.list","monitoring.notificationChannels.get","monitoring.notificationChannels.list","monitoring.publicWidgets.get","monitoring.publicWidgets.list","monitoring.services.get","monitoring.services.list","monitoring.slos.get","monitoring.slos.list","monitoring.timeSeries.create","monitoring.timeSeries.list","monitoring.uptimeCheckConfigs.get","monitoring.uptimeCheckConfigs.list","opsconfigmonitoring.resourceMetadata.list","resourcemanager.projects.get","resourcemanager.projects.list","stackdriver.projects.get","storage.buckets.create","storage.buckets.get","storage.objects.create","storage.objects.delete","storage.objects.get","storage.objects.list","storage.objects.update"],"name":"roles/automlrecommendations.serviceAgent","stage":"GA","title":"Recommendations AI Service Agent","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Viewer of all Recommendations AI resources except automlrecommendations.apiKeys. To have all read access use Recommendations AI Admin Viewer role instead.","etag":"AA==","includedPermissions":["automlrecommendations.catalogItems.get","automlrecommendations.catalogItems.list","automlrecommendations.catalogs.getStats","automlrecommendations.catalogs.list","automlrecommendations.eventStores.getStats","automlrecommendations.events.list","automlrecommendations.placements.getStats","automlrecommendations.placements.list","automlrecommendations.recommendations.list","resourcemanager.projects.get","resourcemanager.projects.list","retail.catalogs.list","retail.operations.get","retail.operations.list","retail.placements.predict","retail.placements.search","retail.products.export","retail.products.get","retail.products.list","retail.retailProjects.get","serviceusage.services.get","serviceusage.services.list"],"name":"roles/automlrecommendations.viewer","stage":"BETA","title":"Recommendations AI Viewer","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Access to write metrics for autoscaling site","etag":"AA==","includedPermissions":["autoscaling.sites.writeMetrics"],"name":"roles/autoscaling.metricsWriter","stage":"BETA","title":"Autoscaling Metrics Writer","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Access to read recommendations from autoscaling site","etag":"AA==","includedPermissions":["autoscaling.sites.readRecommendations"],"name":"roles/autoscaling.recommendationsReader","stage":"BETA","title":"Autoscaling Recommendations Reader","asset_type":"iam.googleapis.com/ExportedIAMRole"} @@ -330,8 +330,8 @@ {"description":"Allows inspecting entitlements and service states for a consumer project","etag":"AA==","includedPermissions":["consumerprocurement.entitlements.get","consumerprocurement.entitlements.list","consumerprocurement.freeTrials.get","consumerprocurement.freeTrials.list","resourcemanager.projects.get","resourcemanager.projects.list","serviceusage.services.get","serviceusage.services.list"],"name":"roles/consumerprocurement.entitlementViewer","stage":"BETA","title":"Consumer Procurement Entitlement Viewer","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Allows managing purchases","etag":"AA==","includedPermissions":["commerceoffercatalog.documents.get","commerceoffercatalog.offers.get","consumerprocurement.accounts.create","consumerprocurement.accounts.delete","consumerprocurement.accounts.get","consumerprocurement.accounts.list","consumerprocurement.consents.check","consumerprocurement.consents.grant","consumerprocurement.consents.list","consumerprocurement.consents.revoke","consumerprocurement.orderAttributions.get","consumerprocurement.orderAttributions.list","consumerprocurement.orderAttributions.update","consumerprocurement.orders.cancel","consumerprocurement.orders.get","consumerprocurement.orders.list","consumerprocurement.orders.modify","consumerprocurement.orders.place"],"name":"roles/consumerprocurement.orderAdmin","stage":"BETA","title":"Consumer Procurement Order Administrator","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Allows inspecting purchases","etag":"AA==","includedPermissions":["commerceoffercatalog.documents.get","commerceoffercatalog.offers.get","consumerprocurement.accounts.get","consumerprocurement.accounts.list","consumerprocurement.consents.check","consumerprocurement.consents.list","consumerprocurement.orderAttributions.get","consumerprocurement.orderAttributions.list","consumerprocurement.orders.get","consumerprocurement.orders.list"],"name":"roles/consumerprocurement.orderViewer","stage":"BETA","title":"Consumer Procurement Order Viewer","asset_type":"iam.googleapis.com/ExportedIAMRole"} -{"description":"Full access to Contact Center AI Platform resources.","etag":"AA==","includedPermissions":["contactcenteraiplatform.contactCenters.create","contactcenteraiplatform.contactCenters.delete","contactcenteraiplatform.contactCenters.get","contactcenteraiplatform.contactCenters.list","contactcenteraiplatform.contactCenters.update","contactcenteraiplatform.locations.get","contactcenteraiplatform.locations.list","contactcenteraiplatform.operations.cancel","contactcenteraiplatform.operations.delete","contactcenteraiplatform.operations.get","contactcenteraiplatform.operations.list","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/contactcenteraiplatform.admin","stage":"GA","title":"Contact Center AI Platform Admin","asset_type":"iam.googleapis.com/ExportedIAMRole"} -{"description":"Readonly access to Contact Center AI Platform resources.","etag":"AA==","includedPermissions":["contactcenteraiplatform.contactCenters.get","contactcenteraiplatform.contactCenters.list","contactcenteraiplatform.locations.get","contactcenteraiplatform.locations.list","contactcenteraiplatform.operations.get","contactcenteraiplatform.operations.list","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/contactcenteraiplatform.viewer","stage":"ALPHA","title":"Contact Center AI Platform Viewer","asset_type":"iam.googleapis.com/ExportedIAMRole"} +{"description":"Full access to Contact Center AI Platform resources.","etag":"AA==","includedPermissions":["contactcenteraiplatform.contactCenters.create","contactcenteraiplatform.contactCenters.delete","contactcenteraiplatform.contactCenters.get","contactcenteraiplatform.contactCenters.list","contactcenteraiplatform.contactCenters.update","contactcenteraiplatform.locations.get","contactcenteraiplatform.locations.list","contactcenteraiplatform.operations.cancel","contactcenteraiplatform.operations.delete","contactcenteraiplatform.operations.get","contactcenteraiplatform.operations.list","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/contactcenteraiplatform.admin","stage":"ALPHA","title":"Contact Center AI Platform Admin","asset_type":"iam.googleapis.com/ExportedIAMRole"} +{"description":"Readonly access to Contact Center AI Platform resources.","etag":"AA==","includedPermissions":["contactcenteraiplatform.contactCenters.get","contactcenteraiplatform.contactCenters.list","contactcenteraiplatform.locations.get","contactcenteraiplatform.locations.list","contactcenteraiplatform.operations.get","contactcenteraiplatform.operations.list","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/contactcenteraiplatform.viewer","stage":"GA","title":"Contact Center AI Platform Viewer","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Grants read and write access to all Contact Center AI Insights resources.","etag":"AA==","includedPermissions":["contactcenterinsights.analyses.create","contactcenterinsights.analyses.delete","contactcenterinsights.analyses.get","contactcenterinsights.analyses.list","contactcenterinsights.conversations.create","contactcenterinsights.conversations.delete","contactcenterinsights.conversations.get","contactcenterinsights.conversations.list","contactcenterinsights.conversations.update","contactcenterinsights.issueModels.create","contactcenterinsights.issueModels.delete","contactcenterinsights.issueModels.deploy","contactcenterinsights.issueModels.get","contactcenterinsights.issueModels.list","contactcenterinsights.issueModels.undeploy","contactcenterinsights.issueModels.update","contactcenterinsights.issues.get","contactcenterinsights.issues.list","contactcenterinsights.issues.update","contactcenterinsights.operations.get","contactcenterinsights.operations.list","contactcenterinsights.phraseMatchers.create","contactcenterinsights.phraseMatchers.delete","contactcenterinsights.phraseMatchers.get","contactcenterinsights.phraseMatchers.list","contactcenterinsights.phraseMatchers.update","contactcenterinsights.settings.get","contactcenterinsights.settings.update"],"name":"roles/contactcenterinsights.editor","stage":"BETA","title":"Contact Center AI Insights editor","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Allows Contact Center AI to read and write APIs including BigQuery, Dialogflow, and Storage.","etag":"AA==","includedPermissions":["bigquery.datasets.create","bigquery.datasets.get","bigquery.jobs.create","bigquery.jobs.get","bigquery.tables.create","bigquery.tables.get","bigquery.tables.update","bigquery.tables.updateData","datalabeling.dataitems.get","datalabeling.dataitems.list","datalabeling.datasets.create","datalabeling.datasets.delete","datalabeling.datasets.export","datalabeling.datasets.get","datalabeling.datasets.import","datalabeling.operations.get","datalabeling.operations.list","dialogflow.conversationDatasets.create","dialogflow.conversationDatasets.delete","dialogflow.conversationDatasets.get","dialogflow.conversationDatasets.import","dialogflow.conversationDatasets.list","dialogflow.conversationModels.create","dialogflow.conversationModels.delete","dialogflow.conversationModels.deploy","dialogflow.conversationModels.get","dialogflow.conversationModels.list","dialogflow.conversationModels.undeploy","dialogflow.documents.create","dialogflow.documents.delete","dialogflow.documents.get","dialogflow.documents.list","dialogflow.operations.get","dialogflow.participants.suggest","dialogflow.sessions.detectIntent","pubsub.topics.get","pubsub.topics.publish","storage.objects.get","storage.objects.list"],"name":"roles/contactcenterinsights.serviceAgent","stage":"GA","title":"Contact Center AI Insights Service Agent","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Grants read access to all Contact Center AI Insights resources.","etag":"AA==","includedPermissions":["contactcenterinsights.analyses.get","contactcenterinsights.analyses.list","contactcenterinsights.conversations.get","contactcenterinsights.conversations.list","contactcenterinsights.issueModels.get","contactcenterinsights.issueModels.list","contactcenterinsights.issues.get","contactcenterinsights.issues.list","contactcenterinsights.operations.get","contactcenterinsights.operations.list","contactcenterinsights.phraseMatchers.get","contactcenterinsights.phraseMatchers.list","contactcenterinsights.settings.get"],"name":"roles/contactcenterinsights.viewer","stage":"BETA","title":"Contact Center AI Insights viewer","asset_type":"iam.googleapis.com/ExportedIAMRole"} @@ -663,7 +663,7 @@ {"description":"Read access to service accounts, metadata, and keys.","etag":"AA==","includedPermissions":["iam.serviceAccountKeys.get","iam.serviceAccountKeys.list","iam.serviceAccounts.get","iam.serviceAccounts.getIamPolicy","iam.serviceAccounts.list","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/iam.serviceAccountViewer","stage":"GA","title":"View Service Accounts","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Full rights to create and manage all workforce pools in the org, along with the ability to delegate permissions to other admins.","etag":"AA==","includedPermissions":["iam.googleapis.com/workforcePoolProviders.create","iam.googleapis.com/workforcePoolProviders.delete","iam.googleapis.com/workforcePoolProviders.get","iam.googleapis.com/workforcePoolProviders.list","iam.googleapis.com/workforcePoolProviders.undelete","iam.googleapis.com/workforcePoolProviders.update","iam.googleapis.com/workforcePoolSubjects.delete","iam.googleapis.com/workforcePoolSubjects.undelete","iam.googleapis.com/workforcePools.create","iam.googleapis.com/workforcePools.delete","iam.googleapis.com/workforcePools.get","iam.googleapis.com/workforcePools.getIamPolicy","iam.googleapis.com/workforcePools.list","iam.googleapis.com/workforcePools.setIamPolicy","iam.googleapis.com/workforcePools.undelete","iam.googleapis.com/workforcePools.update"],"name":"roles/iam.workforcePoolAdmin","stage":"ALPHA","title":"IAM Workforce Pool Admin","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Rights to edit a particular instance of a workforce pool.","etag":"AA==","includedPermissions":["iam.googleapis.com/workforcePoolProviders.create","iam.googleapis.com/workforcePoolProviders.delete","iam.googleapis.com/workforcePoolProviders.get","iam.googleapis.com/workforcePoolProviders.list","iam.googleapis.com/workforcePoolProviders.undelete","iam.googleapis.com/workforcePoolProviders.update","iam.googleapis.com/workforcePools.get","iam.googleapis.com/workforcePools.list","iam.googleapis.com/workforcePools.update"],"name":"roles/iam.workforcePoolEditor","stage":"ALPHA","title":"IAM Workforce Pool Editor","asset_type":"iam.googleapis.com/ExportedIAMRole"} -{"description":"Rights to read workforce pool.","etag":"AA==","includedPermissions":["iam.googleapis.com/workforcePoolProviders.get","iam.googleapis.com/workforcePoolProviders.list","iam.googleapis.com/workforcePools.get","iam.googleapis.com/workforcePools.list"],"name":"roles/iam.workforcePoolViewer","stage":"ALPHA","title":"IAM Workforce Pool Viewer","asset_type":"iam.googleapis.com/ExportedIAMRole"} +{"description":"Rights to read workforce pool.","etag":"AA==","includedPermissions":["iam.googleapis.com/workforcePoolProviders.get","iam.googleapis.com/workforcePoolProviders.list","iam.googleapis.com/workforcePools.get","iam.googleapis.com/workforcePools.list"],"name":"roles/iam.workforcePoolViewer","stage":"BETA","title":"IAM Workforce Pool Viewer","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Full rights to create and manage workload identity pools.","etag":"AA==","includedPermissions":["iam.googleapis.com/workloadIdentityPoolProviders.create","iam.googleapis.com/workloadIdentityPoolProviders.delete","iam.googleapis.com/workloadIdentityPoolProviders.get","iam.googleapis.com/workloadIdentityPoolProviders.list","iam.googleapis.com/workloadIdentityPoolProviders.undelete","iam.googleapis.com/workloadIdentityPoolProviders.update","iam.googleapis.com/workloadIdentityPools.create","iam.googleapis.com/workloadIdentityPools.delete","iam.googleapis.com/workloadIdentityPools.get","iam.googleapis.com/workloadIdentityPools.list","iam.googleapis.com/workloadIdentityPools.undelete","iam.googleapis.com/workloadIdentityPools.update","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/iam.workloadIdentityPoolAdmin","stage":"BETA","title":"IAM Workload Identity Pool Admin","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Read access to workload identity pools.","etag":"AA==","includedPermissions":["iam.googleapis.com/workloadIdentityPoolProviders.get","iam.googleapis.com/workloadIdentityPoolProviders.list","iam.googleapis.com/workloadIdentityPools.get","iam.googleapis.com/workloadIdentityPools.list","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/iam.workloadIdentityPoolViewer","stage":"BETA","title":"IAM Workload Identity Pool Viewer","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Impersonate service accounts from GKE Workloads","etag":"AA==","includedPermissions":["iam.serviceAccounts.get","iam.serviceAccounts.getAccessToken","iam.serviceAccounts.getOpenIdToken","iam.serviceAccounts.list"],"name":"roles/iam.workloadIdentityUser","stage":"GA","title":"Workload Identity User","asset_type":"iam.googleapis.com/ExportedIAMRole"} @@ -938,7 +938,7 @@ {"description":"Allows adding versions to existing secrets.","etag":"AA==","includedPermissions":["resourcemanager.projects.get","resourcemanager.projects.list","secretmanager.versions.add"],"name":"roles/secretmanager.secretVersionAdder","stage":"GA","title":"Secret Manager Secret Version Adder","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Allows creating and managing versions of existing secrets.","etag":"AA==","includedPermissions":["resourcemanager.projects.get","resourcemanager.projects.list","secretmanager.versions.add","secretmanager.versions.destroy","secretmanager.versions.disable","secretmanager.versions.enable","secretmanager.versions.get","secretmanager.versions.list"],"name":"roles/secretmanager.secretVersionManager","stage":"GA","title":"Secret Manager Secret Version Manager","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Allows viewing metadata of all Secret Manager resources","etag":"AA==","includedPermissions":["resourcemanager.projects.get","resourcemanager.projects.list","secretmanager.locations.get","secretmanager.locations.list","secretmanager.secrets.get","secretmanager.secrets.getIamPolicy","secretmanager.secrets.list","secretmanager.versions.get","secretmanager.versions.list"],"name":"roles/secretmanager.viewer","stage":"GA","title":"Secret Manager Viewer","asset_type":"iam.googleapis.com/ExportedIAMRole"} -{"description":"Access to modify (remediate) resources in SLZ BQDW Blueprint at Organization.","etag":"AA==","includedPermissions":["accesscontextmanager.servicePerimeters.get","accesscontextmanager.servicePerimeters.list","accesscontextmanager.servicePerimeters.update"],"name":"roles/securedlandingzone.bqdwOrgRemediator","stage":"EAP","title":"SLZ BQDW Blueprint Organization Level Remediator","asset_type":"iam.googleapis.com/ExportedIAMRole"} +{"description":"Access to modify (remediate) resources in SLZ BQDW Blueprint at Organization.","etag":"AA==","includedPermissions":["accesscontextmanager.servicePerimeters.get","accesscontextmanager.servicePerimeters.list","accesscontextmanager.servicePerimeters.update"],"name":"roles/securedlandingzone.bqdwOrgRemediator","stage":"BETA","title":"SLZ BQDW Blueprint Organization Level Remediator","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Access to modify (remediate) resources in SLZ BQDW Blueprint at Project.","etag":"AA==","includedPermissions":["bigquery.datasets.get","bigquery.datasets.getIamPolicy","bigquery.datasets.setIamPolicy","bigquery.datasets.update","cloudkms.cryptoKeys.get","cloudkms.cryptoKeys.getIamPolicy","cloudkms.cryptoKeys.list","cloudkms.cryptoKeys.setIamPolicy","cloudkms.cryptoKeys.update","cloudkms.keyRings.getIamPolicy","cloudkms.keyRings.setIamPolicy","pubsub.topics.get","pubsub.topics.getIamPolicy","pubsub.topics.list","pubsub.topics.setIamPolicy","pubsub.topics.update","resourcemanager.projects.update","serviceusage.services.use","storage.buckets.get","storage.buckets.getIamPolicy","storage.buckets.list","storage.buckets.setIamPolicy","storage.buckets.update"],"name":"roles/securedlandingzone.bqdwProjectRemediator","stage":"EAP","title":"SLZ BQDW Blueprint Project Level Remediator","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"This role can activate or suspend Overwatches","etag":"AA==","includedPermissions":["resourcemanager.projects.get","resourcemanager.projects.list","securedlandingzone.overwatches.activate","securedlandingzone.overwatches.suspend"],"name":"roles/securedlandingzone.overwatchActivator","stage":"BETA","title":"Overwatch Activator","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Full access to Overwatches","etag":"AA==","includedPermissions":["resourcemanager.projects.get","resourcemanager.projects.list","securedlandingzone.operations.get","securedlandingzone.overwatches.activate","securedlandingzone.overwatches.create","securedlandingzone.overwatches.delete","securedlandingzone.overwatches.get","securedlandingzone.overwatches.list","securedlandingzone.overwatches.suspend","securedlandingzone.overwatches.update"],"name":"roles/securedlandingzone.overwatchAdmin","stage":"BETA","title":"Overwatch Admin","asset_type":"iam.googleapis.com/ExportedIAMRole"} @@ -1034,7 +1034,7 @@ {"description":"Access to create objects in GCS.","etag":"AA==","includedPermissions":["orgpolicy.policy.get","resourcemanager.projects.get","resourcemanager.projects.list","storage.multipartUploads.abort","storage.multipartUploads.create","storage.multipartUploads.listParts","storage.objects.create"],"name":"roles/storage.objectCreator","stage":"GA","title":"Storage Object Creator","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Read access to GCS objects.","etag":"AA==","includedPermissions":["resourcemanager.projects.get","resourcemanager.projects.list","storage.objects.get","storage.objects.list"],"name":"roles/storage.objectViewer","stage":"GA","title":"Storage Object Viewer","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Create, update and manage transfer jobs and operations.","etag":"AA==","includedPermissions":["resourcemanager.projects.get","resourcemanager.projects.list","storagetransfer.agentpools.create","storagetransfer.agentpools.delete","storagetransfer.agentpools.get","storagetransfer.agentpools.list","storagetransfer.agentpools.report","storagetransfer.agentpools.update","storagetransfer.jobs.create","storagetransfer.jobs.delete","storagetransfer.jobs.get","storagetransfer.jobs.list","storagetransfer.jobs.run","storagetransfer.jobs.update","storagetransfer.operations.assign","storagetransfer.operations.cancel","storagetransfer.operations.get","storagetransfer.operations.list","storagetransfer.operations.pause","storagetransfer.operations.report","storagetransfer.operations.resume","storagetransfer.projects.getServiceAccount"],"name":"roles/storagetransfer.admin","stage":"GA","title":"Storage Transfer Admin","asset_type":"iam.googleapis.com/ExportedIAMRole"} -{"description":"Perform transfers from an agent.","etag":"AA==","includedPermissions":["pubsub.subscriptions.consume","pubsub.subscriptions.create","pubsub.subscriptions.delete","pubsub.subscriptions.get","pubsub.topics.attachSubscription","pubsub.topics.create","pubsub.topics.get","pubsub.topics.list","pubsub.topics.publish","storagetransfer.agentpools.report","storagetransfer.operations.assign","storagetransfer.operations.get","storagetransfer.operations.report"],"name":"roles/storagetransfer.transferAgent","stage":"GA","title":"Storage Transfer Agent","asset_type":"iam.googleapis.com/ExportedIAMRole"} +{"description":"Perform transfers from an agent.","etag":"AA==","includedPermissions":["monitoring.timeSeries.create","pubsub.subscriptions.consume","pubsub.subscriptions.create","pubsub.subscriptions.delete","pubsub.subscriptions.get","pubsub.topics.attachSubscription","pubsub.topics.create","pubsub.topics.get","pubsub.topics.list","pubsub.topics.publish","storagetransfer.agentpools.report","storagetransfer.operations.assign","storagetransfer.operations.get","storagetransfer.operations.report"],"name":"roles/storagetransfer.transferAgent","stage":"GA","title":"Storage Transfer Agent","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Create and update storage transfer jobs and operations.","etag":"AA==","includedPermissions":["resourcemanager.projects.get","resourcemanager.projects.list","storagetransfer.agentpools.create","storagetransfer.agentpools.get","storagetransfer.agentpools.list","storagetransfer.agentpools.report","storagetransfer.agentpools.update","storagetransfer.jobs.create","storagetransfer.jobs.get","storagetransfer.jobs.list","storagetransfer.jobs.run","storagetransfer.jobs.update","storagetransfer.operations.assign","storagetransfer.operations.cancel","storagetransfer.operations.get","storagetransfer.operations.list","storagetransfer.operations.pause","storagetransfer.operations.report","storagetransfer.operations.resume","storagetransfer.projects.getServiceAccount"],"name":"roles/storagetransfer.user","stage":"GA","title":"Storage Transfer User","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Read access to storage transfer jobs and operations.","etag":"AA==","includedPermissions":["resourcemanager.projects.get","resourcemanager.projects.list","storagetransfer.agentpools.get","storagetransfer.agentpools.list","storagetransfer.jobs.get","storagetransfer.jobs.list","storagetransfer.operations.get","storagetransfer.operations.list","storagetransfer.projects.getServiceAccount"],"name":"roles/storagetransfer.viewer","stage":"GA","title":"Storage Transfer Viewer","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Access DevTools for Subscribe with Google","etag":"AA==","includedPermissions":["resourcemanager.projects.get","resourcemanager.projects.list","subscribewithgoogledeveloper.tools.get"],"name":"roles/subscribewithgoogledeveloper.developer","stage":"BETA","title":"Subscribe with Google Developer","asset_type":"iam.googleapis.com/ExportedIAMRole"} @@ -1078,4 +1078,4 @@ {"description":"Gives the Workload Certificate service agent access to Cloud Platform resources.","etag":"AA==","includedPermissions":["container.clusters.get","container.clusters.update","container.customResourceDefinitions.create","container.customResourceDefinitions.get","container.customResourceDefinitions.list","gkehub.features.get","gkehub.locations.get","gkehub.locations.list","gkehub.memberships.get","gkehub.memberships.list","serviceconsumermanagement.tenancyu.addResource","serviceconsumermanagement.tenancyu.create","serviceconsumermanagement.tenancyu.delete","serviceconsumermanagement.tenancyu.removeResource","serviceusage.services.use"],"name":"roles/workloadcertificate.serviceAgent","stage":"GA","title":"Workload Certificate Service Agent","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Full access to Workload Manager all resources.","etag":"AA==","includedPermissions":["resourcemanager.projects.get","resourcemanager.projects.list","workloadmanager.evaluations.create","workloadmanager.evaluations.delete","workloadmanager.evaluations.get","workloadmanager.evaluations.list","workloadmanager.evaluations.run","workloadmanager.evaluations.update","workloadmanager.executions.delete","workloadmanager.executions.get","workloadmanager.executions.list","workloadmanager.locations.get","workloadmanager.locations.list","workloadmanager.operations.cancel","workloadmanager.operations.delete","workloadmanager.operations.get","workloadmanager.operations.list","workloadmanager.results.list","workloadmanager.rules.list"],"name":"roles/workloadmanager.admin","stage":"ALPHA","title":"Workload Manager Admin","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Read-only access to Workload Manager all resources.","etag":"AA==","includedPermissions":["resourcemanager.projects.get","resourcemanager.projects.list","workloadmanager.evaluations.get","workloadmanager.evaluations.list","workloadmanager.executions.get","workloadmanager.executions.list","workloadmanager.results.list","workloadmanager.rules.list"],"name":"roles/workloadmanager.viewer","stage":"ALPHA","title":"Workload Manager Viewer","asset_type":"iam.googleapis.com/ExportedIAMRole"} -{"description":"The role used by Workload Manager application runners to read and update workloads.","etag":"AA==","includedPermissions":["resourcemanager.projects.get","resourcemanager.projects.list","workloadmanager.evaluations.create","workloadmanager.evaluations.delete","workloadmanager.evaluations.get","workloadmanager.evaluations.list","workloadmanager.evaluations.run","workloadmanager.evaluations.update","workloadmanager.executions.delete","workloadmanager.executions.get","workloadmanager.executions.list","workloadmanager.results.list","workloadmanager.rules.list"],"name":"roles/workloadmanager.worker","stage":"ALPHA","title":"Workload Manager Worker","asset_type":"iam.googleapis.com/ExportedIAMRole"} +{"description":"The role used by Workload Manager application runners to read and update workloads.","etag":"AA==","includedPermissions":["resourcemanager.projects.get","resourcemanager.projects.list","workloadmanager.evaluations.create","workloadmanager.evaluations.delete","workloadmanager.evaluations.get","workloadmanager.evaluations.list","workloadmanager.evaluations.run","workloadmanager.evaluations.update","workloadmanager.executions.delete","workloadmanager.executions.get","workloadmanager.executions.list","workloadmanager.results.list","workloadmanager.rules.list"],"name":"roles/workloadmanager.worker","stage":"BETA","title":"Workload Manager Worker","asset_type":"iam.googleapis.com/ExportedIAMRole"} diff --git a/roles/analyticshub.admin b/roles/analyticshub.admin index be96ba91..a5c1e89d 100644 --- a/roles/analyticshub.admin +++ b/roles/analyticshub.admin @@ -20,6 +20,6 @@ "resourcemanager.projects.list" ], "name": "roles/analyticshub.admin", - "stage": "BETA", + "stage": "GA", "title": "Analytics Hub Admin" } diff --git a/roles/analyticshub.subscriber b/roles/analyticshub.subscriber index 425635b1..c2f3f86f 100644 --- a/roles/analyticshub.subscriber +++ b/roles/analyticshub.subscriber @@ -13,6 +13,6 @@ "resourcemanager.projects.list" ], "name": "roles/analyticshub.subscriber", - "stage": "BETA", + "stage": "GA", "title": "Analytics Hub Subscriber" } diff --git a/roles/anthosservicemesh.serviceAgent b/roles/anthosservicemesh.serviceAgent index a9282352..5579043a 100644 --- a/roles/anthosservicemesh.serviceAgent +++ b/roles/anthosservicemesh.serviceAgent @@ -20,6 +20,7 @@ "container.clusterRoles.list", "container.clusterRoles.update", "container.clusters.get", + "container.clusters.update", "container.configMaps.create", "container.configMaps.delete", "container.configMaps.get", @@ -51,6 +52,7 @@ "container.namespaces.create", "container.namespaces.get", "container.namespaces.list", + "container.operations.get", "container.pods.get", "container.pods.list", "container.secrets.create", @@ -74,11 +76,25 @@ "container.validatingWebhookConfigurations.list", "container.validatingWebhookConfigurations.update", "gkehub.features.get", + "gkehub.gateway.delete", + "gkehub.gateway.get", + "gkehub.gateway.patch", + "gkehub.gateway.post", + "gkehub.gateway.put", "gkehub.locations.get", "gkehub.locations.list", "gkehub.memberships.get", "gkehub.memberships.list", - "meshconfig.projects.init" + "logging.logEntries.create", + "meshconfig.projects.init", + "monitoring.metricDescriptors.create", + "monitoring.metricDescriptors.get", + "monitoring.metricDescriptors.list", + "monitoring.monitoredResourceDescriptors.get", + "monitoring.monitoredResourceDescriptors.list", + "monitoring.timeSeries.create", + "serviceusage.services.get", + "serviceusage.services.use" ], "name": "roles/anthosservicemesh.serviceAgent", "stage": "GA", diff --git a/roles/automlrecommendations.serviceAgent b/roles/automlrecommendations.serviceAgent index bda440d6..26889299 100644 --- a/roles/automlrecommendations.serviceAgent +++ b/roles/automlrecommendations.serviceAgent @@ -13,6 +13,7 @@ "bigquery.tables.get", "bigquery.tables.getData", "bigquery.tables.list", + "bigquery.tables.update", "bigquery.tables.updateData", "cloudnotifications.activities.list", "dataflow.jobs.cancel", diff --git a/roles/contactcenteraiplatform.admin b/roles/contactcenteraiplatform.admin index 11ef09ed..62a61928 100644 --- a/roles/contactcenteraiplatform.admin +++ b/roles/contactcenteraiplatform.admin @@ -17,6 +17,6 @@ "resourcemanager.projects.list" ], "name": "roles/contactcenteraiplatform.admin", - "stage": "GA", + "stage": "ALPHA", "title": "Contact Center AI Platform Admin" } diff --git a/roles/contactcenteraiplatform.viewer b/roles/contactcenteraiplatform.viewer index fc21716b..c04af1e9 100644 --- a/roles/contactcenteraiplatform.viewer +++ b/roles/contactcenteraiplatform.viewer @@ -12,6 +12,6 @@ "resourcemanager.projects.list" ], "name": "roles/contactcenteraiplatform.viewer", - "stage": "ALPHA", + "stage": "GA", "title": "Contact Center AI Platform Viewer" } diff --git a/roles/iam.workforcePoolViewer b/roles/iam.workforcePoolViewer index 92b48a3a..7a0aefa9 100644 --- a/roles/iam.workforcePoolViewer +++ b/roles/iam.workforcePoolViewer @@ -8,6 +8,6 @@ "iam.googleapis.com/workforcePools.list" ], "name": "roles/iam.workforcePoolViewer", - "stage": "ALPHA", + "stage": "BETA", "title": "IAM Workforce Pool Viewer" } diff --git a/roles/securedlandingzone.bqdwOrgRemediator b/roles/securedlandingzone.bqdwOrgRemediator index e217df82..23cf8825 100644 --- a/roles/securedlandingzone.bqdwOrgRemediator +++ b/roles/securedlandingzone.bqdwOrgRemediator @@ -7,6 +7,6 @@ "accesscontextmanager.servicePerimeters.update" ], "name": "roles/securedlandingzone.bqdwOrgRemediator", - "stage": "EAP", + "stage": "BETA", "title": "SLZ BQDW Blueprint Organization Level Remediator" } diff --git a/roles/storagetransfer.transferAgent b/roles/storagetransfer.transferAgent index be271a43..eb932cc4 100644 --- a/roles/storagetransfer.transferAgent +++ b/roles/storagetransfer.transferAgent @@ -2,6 +2,7 @@ "description": "Perform transfers from an agent.", "etag": "AA==", "includedPermissions": [ + "monitoring.timeSeries.create", "pubsub.subscriptions.consume", "pubsub.subscriptions.create", "pubsub.subscriptions.delete", diff --git a/roles/workloadmanager.worker b/roles/workloadmanager.worker index 8932bfde..e6391606 100644 --- a/roles/workloadmanager.worker +++ b/roles/workloadmanager.worker @@ -17,6 +17,6 @@ "workloadmanager.rules.list" ], "name": "roles/workloadmanager.worker", - "stage": "ALPHA", + "stage": "BETA", "title": "Workload Manager Worker" }