Fetch all roles

roles/aiplatform.batchPredictionServiceAgent

@@ -0,0 +1,37 @@
+{
+  "description": "Vertex AI Batch Prediction Service Agent for serving batch prediction requests.",
+  "etag": "AA==",
+  "includedPermissions": [
+    "bigquery.datasets.create",
+    "bigquery.datasets.get",
+    "bigquery.jobs.create",
+    "bigquery.jobs.get",
+    "bigquery.models.create",
+    "bigquery.models.export",
+    "bigquery.models.getData",
+    "bigquery.readsessions.create",
+    "bigquery.readsessions.getData",
+    "bigquery.tables.create",
+    "bigquery.tables.createSnapshot",
+    "bigquery.tables.deleteSnapshot",
+    "bigquery.tables.export",
+    "bigquery.tables.get",
+    "bigquery.tables.getData",
+    "bigquery.tables.restoreSnapshot",
+    "bigquery.tables.update",
+    "bigquery.tables.updateData",
+    "storage.buckets.create",
+    "storage.buckets.delete",
+    "storage.buckets.get",
+    "storage.buckets.list",
+    "storage.buckets.update",
+    "storage.objects.create",
+    "storage.objects.delete",
+    "storage.objects.get",
+    "storage.objects.list",
+    "storage.objects.update"
+  ],
+  "name": "roles/aiplatform.batchPredictionServiceAgent",
+  "stage": "GA",
+  "title": "Vertex AI Batch Prediction Service Agent"
+}

roles/artifactregistry.admin

@@ -3,13 +3,18 @@
   "etag": "AA==",
   "includedPermissions": [
     "artifactregistry.aptartifacts.create",
+    "artifactregistry.attachments.create",
+    "artifactregistry.attachments.delete",
+    "artifactregistry.attachments.get",
+    "artifactregistry.attachments.list",
     "artifactregistry.dockerimages.get",
     "artifactregistry.dockerimages.list",
     "artifactregistry.files.delete",
     "artifactregistry.files.download",
     "artifactregistry.files.get",
     "artifactregistry.files.list",
     "artifactregistry.files.update",
+    "artifactregistry.files.upload",
     "artifactregistry.kfpartifacts.create",
     "artifactregistry.locations.get",
     "artifactregistry.locations.list",

roles/artifactregistry.createOnPushWriter

@@ -3,12 +3,16 @@
   "etag": "AA==",
   "includedPermissions": [
     "artifactregistry.aptartifacts.create",
+    "artifactregistry.attachments.create",
+    "artifactregistry.attachments.get",
+    "artifactregistry.attachments.list",
     "artifactregistry.dockerimages.get",
     "artifactregistry.dockerimages.list",
     "artifactregistry.files.download",
     "artifactregistry.files.get",
     "artifactregistry.files.list",
     "artifactregistry.files.update",
+    "artifactregistry.files.upload",
     "artifactregistry.kfpartifacts.create",
     "artifactregistry.locations.get",
     "artifactregistry.locations.list",

roles/assuredoss.admin

@@ -2,6 +2,8 @@
   "description": "Access to use Assured OSS and manage configuration.",
   "etag": "AA==",
   "includedPermissions": [
+    "artifactregistry.attachments.get",
+    "artifactregistry.attachments.list",
     "artifactregistry.dockerimages.get",
     "artifactregistry.dockerimages.list",
     "artifactregistry.files.download",

roles/assuredoss.user

@@ -2,6 +2,8 @@
   "description": "Access to use Assured OSS.",
   "etag": "AA==",
   "includedPermissions": [
+    "artifactregistry.attachments.get",
+    "artifactregistry.attachments.list",
     "artifactregistry.dockerimages.get",
     "artifactregistry.dockerimages.list",
     "artifactregistry.files.download",

roles/assuredworkloads.editor

@@ -4,6 +4,8 @@
   "includedPermissions": [
     "assuredworkloads.operations.get",
     "assuredworkloads.operations.list",
+    "assuredworkloads.updates.list",
+    "assuredworkloads.updates.update",
     "assuredworkloads.violations.get",
     "assuredworkloads.violations.list",
     "assuredworkloads.violations.update",

roles/assuredworkloads.reader

@@ -4,6 +4,7 @@
   "includedPermissions": [
     "assuredworkloads.operations.get",
     "assuredworkloads.operations.list",
+    "assuredworkloads.updates.list",
     "assuredworkloads.violations.get",
     "assuredworkloads.violations.list",
     "assuredworkloads.workload.get",

roles/chronicle.globalDataAccess

@@ -0,0 +1,10 @@
+{
+  "description": "Grants global access to data i.e. all data can be accessed.",
+  "etag": "AA==",
+  "includedPermissions": [
+    "chronicle.globalDataAccessScopes.permit"
+  ],
+  "name": "roles/chronicle.globalDataAccess",
+  "stage": "BETA",
+  "title": "Chronicle API Global Data Access"
+}

roles/chroniclesm.admin

@@ -5,6 +5,8 @@
     "chroniclesm.gcpAssociations.create",
     "chroniclesm.gcpAssociations.delete",
     "chroniclesm.gcpAssociations.get",
+    "chroniclesm.gcpLogFlowFilters.get",
+    "chroniclesm.gcpLogFlowFilters.update",
     "chroniclesm.gcpSettings.get",
     "chroniclesm.gcpSettings.update"
   ],

roles/chroniclesm.viewer

@@ -3,6 +3,7 @@
   "etag": "AA==",
   "includedPermissions": [
     "chroniclesm.gcpAssociations.get",
+    "chroniclesm.gcpLogFlowFilters.get",
     "chroniclesm.gcpSettings.get"
   ],
   "name": "roles/chroniclesm.viewer",

roles/cloudbuild.builds.builder

@@ -3,12 +3,16 @@
   "etag": "AA==",
   "includedPermissions": [
     "artifactregistry.aptartifacts.create",
+    "artifactregistry.attachments.create",
+    "artifactregistry.attachments.get",
+    "artifactregistry.attachments.list",
     "artifactregistry.dockerimages.get",
     "artifactregistry.dockerimages.list",
     "artifactregistry.files.download",
     "artifactregistry.files.get",
     "artifactregistry.files.list",
     "artifactregistry.files.update",
+    "artifactregistry.files.upload",
     "artifactregistry.kfpartifacts.create",
     "artifactregistry.locations.get",
     "artifactregistry.locations.list",

roles/cloudbuild.serviceAgent

@@ -3,12 +3,16 @@
   "etag": "AA==",
   "includedPermissions": [
     "artifactregistry.aptartifacts.create",
+    "artifactregistry.attachments.create",
+    "artifactregistry.attachments.get",
+    "artifactregistry.attachments.list",
     "artifactregistry.dockerimages.get",
     "artifactregistry.dockerimages.list",
     "artifactregistry.files.download",
     "artifactregistry.files.get",
     "artifactregistry.files.list",
     "artifactregistry.files.update",
+    "artifactregistry.files.upload",
     "artifactregistry.kfpartifacts.create",
     "artifactregistry.locations.get",
     "artifactregistry.locations.list",

roles/cloudsql.admin

@@ -13,6 +13,7 @@
     "cloudsql.databases.list",
     "cloudsql.databases.update",
     "cloudsql.instances.addServerCa",
+    "cloudsql.instances.addServerCertificate",
     "cloudsql.instances.clone",
     "cloudsql.instances.connect",
     "cloudsql.instances.create",
@@ -29,6 +30,7 @@
     "cloudsql.instances.list",
     "cloudsql.instances.listEffectiveTags",
     "cloudsql.instances.listServerCas",
+    "cloudsql.instances.listServerCertificates",
     "cloudsql.instances.listTagBindings",
     "cloudsql.instances.login",
     "cloudsql.instances.migrate",
@@ -40,6 +42,7 @@
     "cloudsql.instances.restart",
     "cloudsql.instances.restoreBackup",
     "cloudsql.instances.rotateServerCa",
+    "cloudsql.instances.rotateServerCertificate",
     "cloudsql.instances.startReplica",
     "cloudsql.instances.stopReplica",
     "cloudsql.instances.truncateLog",

roles/cloudsql.viewer

@@ -13,6 +13,7 @@
     "cloudsql.instances.list",
     "cloudsql.instances.listEffectiveTags",
     "cloudsql.instances.listServerCas",
+    "cloudsql.instances.listServerCertificates",
     "cloudsql.instances.listTagBindings",
     "cloudsql.sslCerts.get",
     "cloudsql.sslCerts.list",

roles/composer.serviceAgent

@@ -42,6 +42,7 @@
     "cloudsql.databases.list",
     "cloudsql.databases.update",
     "cloudsql.instances.addServerCa",
+    "cloudsql.instances.addServerCertificate",
     "cloudsql.instances.clone",
     "cloudsql.instances.connect",
     "cloudsql.instances.create",
@@ -58,6 +59,7 @@
     "cloudsql.instances.list",
     "cloudsql.instances.listEffectiveTags",
     "cloudsql.instances.listServerCas",
+    "cloudsql.instances.listServerCertificates",
     "cloudsql.instances.listTagBindings",
     "cloudsql.instances.login",
     "cloudsql.instances.migrate",
@@ -69,6 +71,7 @@
     "cloudsql.instances.restart",
     "cloudsql.instances.restoreBackup",
     "cloudsql.instances.rotateServerCa",
+    "cloudsql.instances.rotateServerCertificate",
     "cloudsql.instances.startReplica",
     "cloudsql.instances.stopReplica",
     "cloudsql.instances.truncateLog",

roles/contactcenterinsights.editor

@@ -6,6 +6,11 @@
     "contactcenterinsights.analyses.delete",
     "contactcenterinsights.analyses.get",
     "contactcenterinsights.analyses.list",
+    "contactcenterinsights.analysisRules.create",
+    "contactcenterinsights.analysisRules.delete",
+    "contactcenterinsights.analysisRules.get",
+    "contactcenterinsights.analysisRules.list",
+    "contactcenterinsights.analysisRules.update",
     "contactcenterinsights.conversations.create",
     "contactcenterinsights.conversations.delete",
     "contactcenterinsights.conversations.export",

roles/containeranalysis.ServiceAgent

@@ -2,6 +2,8 @@
   "description": "Gives Container Analysis API the access it needs to function",
   "etag": "AA==",
   "includedPermissions": [
+    "artifactregistry.attachments.get",
+    "artifactregistry.attachments.list",
     "artifactregistry.dockerimages.get",
     "artifactregistry.dockerimages.list",
     "artifactregistry.files.download",

roles/editor

@@ -942,13 +942,18 @@
     "applianceactivation.rttCommands.list",
     "applianceactivation.rttCommands.sendResult",
     "artifactregistry.aptartifacts.create",
+    "artifactregistry.attachments.create",
+    "artifactregistry.attachments.delete",
+    "artifactregistry.attachments.get",
+    "artifactregistry.attachments.list",
     "artifactregistry.dockerimages.get",
     "artifactregistry.dockerimages.list",
     "artifactregistry.files.delete",
     "artifactregistry.files.download",
     "artifactregistry.files.get",
     "artifactregistry.files.list",
     "artifactregistry.files.update",
+    "artifactregistry.files.upload",
     "artifactregistry.kfpartifacts.create",
     "artifactregistry.locations.get",
     "artifactregistry.locations.list",
@@ -996,6 +1001,8 @@
     "assuredoss.operations.list",
     "assuredworkloads.operations.get",
     "assuredworkloads.operations.list",
+    "assuredworkloads.updates.list",
+    "assuredworkloads.updates.update",
     "assuredworkloads.violations.get",
     "assuredworkloads.violations.list",
     "assuredworkloads.violations.update",
@@ -1620,6 +1627,7 @@
     "chronicle.dataExports.create",
     "chronicle.dataExports.fetchLogTypesAvailableForExport",
     "chronicle.dataExports.get",
+    "chronicle.dataTableOperationErrors.get",
     "chronicle.dataTableRows.asyncBulkCreate",
     "chronicle.dataTableRows.asyncBulkReplace",
     "chronicle.dataTableRows.asyncBulkUpdate",
@@ -1793,6 +1801,8 @@
     "chronicle.watchlists.get",
     "chronicle.watchlists.list",
     "chroniclesm.gcpAssociations.get",
+    "chroniclesm.gcpLogFlowFilters.get",
+    "chroniclesm.gcpLogFlowFilters.update",
     "chroniclesm.gcpSettings.get",
     "chroniclesm.gcpSettings.update",
     "clientauthconfig.brands.create",
@@ -2215,6 +2225,7 @@
     "cloudsql.databases.list",
     "cloudsql.databases.update",
     "cloudsql.instances.addServerCa",
+    "cloudsql.instances.addServerCertificate",
     "cloudsql.instances.clone",
     "cloudsql.instances.connect",
     "cloudsql.instances.create",
@@ -2229,6 +2240,7 @@
     "cloudsql.instances.list",
     "cloudsql.instances.listEffectiveTags",
     "cloudsql.instances.listServerCas",
+    "cloudsql.instances.listServerCertificates",
     "cloudsql.instances.listTagBindings",
     "cloudsql.instances.login",
     "cloudsql.instances.migrate",
@@ -2240,6 +2252,7 @@
     "cloudsql.instances.restart",
     "cloudsql.instances.restoreBackup",
     "cloudsql.instances.rotateServerCa",
+    "cloudsql.instances.rotateServerCertificate",
     "cloudsql.instances.startReplica",
     "cloudsql.instances.stopReplica",
     "cloudsql.instances.truncateLog",
@@ -3398,6 +3411,11 @@
     "contactcenterinsights.analyses.delete",
     "contactcenterinsights.analyses.get",
     "contactcenterinsights.analyses.list",
+    "contactcenterinsights.analysisRules.create",
+    "contactcenterinsights.analysisRules.delete",
+    "contactcenterinsights.analysisRules.get",
+    "contactcenterinsights.analysisRules.list",
+    "contactcenterinsights.analysisRules.update",
     "contactcenterinsights.conversations.create",
     "contactcenterinsights.conversations.delete",
     "contactcenterinsights.conversations.export",
@@ -7845,6 +7863,7 @@
     "securitycenter.bigQueryExports.get",
     "securitycenter.bigQueryExports.list",
     "securitycenter.bigQueryExports.update",
+    "securitycenter.billingtier.update",
     "securitycenter.complianceReports.aggregate",
     "securitycenter.compliancesnapshots.list",
     "securitycenter.containerthreatdetectionsettings.calculate",

roles/iam.securityAdmin

@@ -218,6 +218,7 @@
     "apphub.services.list",
     "apphub.workloads.list",
     "applianceactivation.rttCommands.list",
+    "artifactregistry.attachments.list",
     "artifactregistry.dockerimages.list",
     "artifactregistry.files.list",
     "artifactregistry.locations.list",
@@ -234,6 +235,7 @@
     "assuredoss.metadata.list",
     "assuredoss.operations.list",
     "assuredworkloads.operations.list",
+    "assuredworkloads.updates.list",
     "assuredworkloads.violations.list",
     "assuredworkloads.workload.list",
     "auditmanager.auditReports.list",
@@ -792,6 +794,7 @@
     "contactcenteraiplatform.locations.list",
     "contactcenteraiplatform.operations.list",
     "contactcenterinsights.analyses.list",
+    "contactcenterinsights.analysisRules.list",
     "contactcenterinsights.conversations.list",
     "contactcenterinsights.faqEntries.list",
     "contactcenterinsights.faqModels.list",

roles/oracledatabase.admin

@@ -0,0 +1,11 @@
+{
+  "description": "Grants full access to manage all Oracle Database resources.",
+  "etag": "AA==",
+  "includedPermissions": [
+    "resourcemanager.projects.get",
+    "resourcemanager.projects.list"
+  ],
+  "name": "roles/oracledatabase.admin",
+  "stage": "ALPHA",
+  "title": "Oracle Database @ Google Cloud admin"
+}

roles/oracledatabase.autonomousDatabaseAdmin

@@ -0,0 +1,11 @@
+{
+  "description": "Grants full access to manage all Autonomous Database resources.",
+  "etag": "AA==",
+  "includedPermissions": [
+    "resourcemanager.projects.get",
+    "resourcemanager.projects.list"
+  ],
+  "name": "roles/oracledatabase.autonomousDatabaseAdmin",
+  "stage": "ALPHA",
+  "title": "Oracle Database @ Google Cloud Autonomous Database Admin"
+}

roles/oracledatabase.autonomousDatabaseViewer

@@ -0,0 +1,11 @@
+{
+  "description": "Grants read access to see all Autonomous Database resources.",
+  "etag": "AA==",
+  "includedPermissions": [
+    "resourcemanager.projects.get",
+    "resourcemanager.projects.list"
+  ],
+  "name": "roles/oracledatabase.autonomousDatabaseViewer",
+  "stage": "ALPHA",
+  "title": "Oracle Database @ Google Cloud Autonomous Database Viewer"
+}