diff --git a/gcp_roles_cai.json b/gcp_roles_cai.json index 8f126253..ec3f2095 100644 --- a/gcp_roles_cai.json +++ b/gcp_roles_cai.json @@ -31,15 +31,15 @@ {"description":"Read-only access to Cloud AlloyDB all resources.","etag":"AA==","includedPermissions":["alloydb.backups.get","alloydb.backups.list","alloydb.clusters.get","alloydb.clusters.list","alloydb.instances.get","alloydb.instances.list","alloydb.locations.get","alloydb.locations.list","alloydb.operations.get","alloydb.operations.list","alloydb.supportedDatabaseFlags.get","alloydb.supportedDatabaseFlags.list","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/alloydb.viewer","stage":"BETA","title":"Cloud AlloyDB Viewer","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Administer Data Exchanges and Listings","etag":"AA==","includedPermissions":["analyticshub.dataExchanges.create","analyticshub.dataExchanges.delete","analyticshub.dataExchanges.get","analyticshub.dataExchanges.getIamPolicy","analyticshub.dataExchanges.list","analyticshub.dataExchanges.setIamPolicy","analyticshub.dataExchanges.update","analyticshub.listings.create","analyticshub.listings.delete","analyticshub.listings.get","analyticshub.listings.getIamPolicy","analyticshub.listings.list","analyticshub.listings.setIamPolicy","analyticshub.listings.update","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/analyticshub.admin","stage":"GA","title":"Analytics Hub Admin","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Grants full control over the Listing, including updating, deleting and setting ACLs","etag":"AA==","includedPermissions":["analyticshub.dataExchanges.get","analyticshub.dataExchanges.getIamPolicy","analyticshub.dataExchanges.list","analyticshub.listings.delete","analyticshub.listings.get","analyticshub.listings.getIamPolicy","analyticshub.listings.list","analyticshub.listings.setIamPolicy","analyticshub.listings.update","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/analyticshub.listingAdmin","stage":"GA","title":"Analytics Hub Listing Admin","asset_type":"iam.googleapis.com/ExportedIAMRole"} -{"description":"Can publish to Data Exchanges thus creating Listings","etag":"AA==","includedPermissions":["analyticshub.dataExchanges.get","analyticshub.dataExchanges.getIamPolicy","analyticshub.dataExchanges.list","analyticshub.listings.create","analyticshub.listings.get","analyticshub.listings.getIamPolicy","analyticshub.listings.list","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/analyticshub.publisher","stage":"GA","title":"Analytics Hub Publisher","asset_type":"iam.googleapis.com/ExportedIAMRole"} -{"description":"Can browse Data Exchanges and subscribe to Listings","etag":"AA==","includedPermissions":["analyticshub.dataExchanges.get","analyticshub.dataExchanges.getIamPolicy","analyticshub.dataExchanges.list","analyticshub.listings.get","analyticshub.listings.getIamPolicy","analyticshub.listings.list","analyticshub.listings.subscribe","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/analyticshub.subscriber","stage":"GA","title":"Analytics Hub Subscriber","asset_type":"iam.googleapis.com/ExportedIAMRole"} -{"description":"Can browse Data Exchanges and Listings","etag":"AA==","includedPermissions":["analyticshub.dataExchanges.get","analyticshub.dataExchanges.getIamPolicy","analyticshub.dataExchanges.list","analyticshub.listings.get","analyticshub.listings.getIamPolicy","analyticshub.listings.list","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/analyticshub.viewer","stage":"BETA","title":"Analytics Hub Viewer","asset_type":"iam.googleapis.com/ExportedIAMRole"} +{"description":"Can publish to Data Exchanges thus creating Listings","etag":"AA==","includedPermissions":["analyticshub.dataExchanges.get","analyticshub.dataExchanges.getIamPolicy","analyticshub.dataExchanges.list","analyticshub.listings.create","analyticshub.listings.get","analyticshub.listings.getIamPolicy","analyticshub.listings.list","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/analyticshub.publisher","stage":"BETA","title":"Analytics Hub Publisher","asset_type":"iam.googleapis.com/ExportedIAMRole"} +{"description":"Can browse Data Exchanges and subscribe to Listings","etag":"AA==","includedPermissions":["analyticshub.dataExchanges.get","analyticshub.dataExchanges.getIamPolicy","analyticshub.dataExchanges.list","analyticshub.listings.get","analyticshub.listings.getIamPolicy","analyticshub.listings.list","analyticshub.listings.subscribe","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/analyticshub.subscriber","stage":"BETA","title":"Analytics Hub Subscriber","asset_type":"iam.googleapis.com/ExportedIAMRole"} +{"description":"Can browse Data Exchanges and Listings","etag":"AA==","includedPermissions":["analyticshub.dataExchanges.get","analyticshub.dataExchanges.getIamPolicy","analyticshub.dataExchanges.list","analyticshub.listings.get","analyticshub.listings.getIamPolicy","analyticshub.listings.list","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/analyticshub.viewer","stage":"GA","title":"Analytics Hub Viewer","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Full access to manage devices.","etag":"AA==","includedPermissions":["androidmanagement.enterprises.manage","serviceusage.quotas.get","serviceusage.services.get","serviceusage.services.list"],"name":"roles/androidmanagement.user","stage":"GA","title":"Android Management User","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Gives the Anthos service agent access to Cloud Platformresources.","etag":"AA==","includedPermissions":["gkehub.features.get","gkehub.locations.get","gkehub.locations.list","gkehub.memberships.get","gkehub.memberships.list","serviceusage.services.get","serviceusage.services.list"],"name":"roles/anthos.serviceAgent","stage":"GA","title":"Anthos Service Agent","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Gives the Anthos Audit service agent access toCloud Platform resources.","etag":"AA==","includedPermissions":["gkehub.features.get","gkehub.locations.get","gkehub.locations.list","gkehub.memberships.get","gkehub.memberships.list"],"name":"roles/anthosaudit.serviceAgent","stage":"GA","title":"Anthos Audit Service Agent","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Gives the Anthos Config Management service agent access toCloud Platform resources.","etag":"AA==","includedPermissions":["container.clusters.get","gkehub.features.get","gkehub.locations.get","gkehub.locations.list","gkehub.memberships.get","gkehub.memberships.list"],"name":"roles/anthosconfigmanagement.serviceAgent","stage":"GA","title":"Anthos Config Management Service Agent","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Gives the Anthos Identity service agent access to Cloud Platform resources.","etag":"AA==","includedPermissions":["gkehub.features.get","gkehub.locations.get","gkehub.locations.list","gkehub.memberships.get","gkehub.memberships.list"],"name":"roles/anthosidentityservice.serviceAgent","stage":"GA","title":"Anthos Identity Service Agent","asset_type":"iam.googleapis.com/ExportedIAMRole"} -{"description":"Gives the Anthos Service Mesh service agent access to Cloud Platform resources.","etag":"AA==","includedPermissions":["container.backendConfigs.create","container.backendConfigs.delete","container.backendConfigs.get","container.backendConfigs.list","container.backendConfigs.update","container.clusterRoleBindings.create","container.clusterRoleBindings.delete","container.clusterRoleBindings.get","container.clusterRoleBindings.list","container.clusterRoleBindings.update","container.clusterRoles.bind","container.clusterRoles.create","container.clusterRoles.delete","container.clusterRoles.escalate","container.clusterRoles.get","container.clusterRoles.list","container.clusterRoles.update","container.clusters.get","container.clusters.update","container.configMaps.create","container.configMaps.delete","container.configMaps.get","container.configMaps.list","container.configMaps.update","container.customResourceDefinitions.create","container.customResourceDefinitions.get","container.customResourceDefinitions.list","container.customResourceDefinitions.update","container.daemonSets.create","container.daemonSets.delete","container.daemonSets.get","container.daemonSets.getStatus","container.daemonSets.list","container.daemonSets.update","container.deployments.get","container.deployments.list","container.events.get","container.events.list","container.jobs.create","container.jobs.delete","container.jobs.get","container.jobs.list","container.jobs.update","container.mutatingWebhookConfigurations.create","container.mutatingWebhookConfigurations.get","container.mutatingWebhookConfigurations.list","container.mutatingWebhookConfigurations.update","container.namespaces.create","container.namespaces.get","container.namespaces.list","container.operations.get","container.pods.get","container.pods.list","container.secrets.create","container.secrets.delete","container.secrets.get","container.secrets.list","container.secrets.update","container.serviceAccounts.create","container.serviceAccounts.delete","container.serviceAccounts.get","container.serviceAccounts.list","container.serviceAccounts.update","container.services.get","container.services.list","container.thirdPartyObjects.create","container.thirdPartyObjects.get","container.thirdPartyObjects.list","container.thirdPartyObjects.update","container.validatingWebhookConfigurations.create","container.validatingWebhookConfigurations.get","container.validatingWebhookConfigurations.list","container.validatingWebhookConfigurations.update","gkehub.features.get","gkehub.gateway.delete","gkehub.gateway.get","gkehub.gateway.patch","gkehub.gateway.post","gkehub.gateway.put","gkehub.locations.get","gkehub.locations.list","gkehub.memberships.get","gkehub.memberships.list","logging.logEntries.create","meshconfig.projects.init","monitoring.metricDescriptors.create","monitoring.metricDescriptors.get","monitoring.metricDescriptors.list","monitoring.monitoredResourceDescriptors.get","monitoring.monitoredResourceDescriptors.list","monitoring.timeSeries.create","serviceusage.services.get","serviceusage.services.use"],"name":"roles/anthosservicemesh.serviceAgent","stage":"GA","title":"Anthos Service Mesh Service Agent","asset_type":"iam.googleapis.com/ExportedIAMRole"} +{"description":"Gives the Anthos Service Mesh service agent access to Cloud Platform resources.","etag":"AA==","includedPermissions":["container.backendConfigs.create","container.backendConfigs.delete","container.backendConfigs.get","container.backendConfigs.list","container.backendConfigs.update","container.clusterRoleBindings.create","container.clusterRoleBindings.delete","container.clusterRoleBindings.get","container.clusterRoleBindings.list","container.clusterRoleBindings.update","container.clusterRoles.bind","container.clusterRoles.create","container.clusterRoles.delete","container.clusterRoles.escalate","container.clusterRoles.get","container.clusterRoles.list","container.clusterRoles.update","container.clusters.get","container.configMaps.create","container.configMaps.delete","container.configMaps.get","container.configMaps.list","container.configMaps.update","container.customResourceDefinitions.create","container.customResourceDefinitions.get","container.customResourceDefinitions.list","container.customResourceDefinitions.update","container.daemonSets.create","container.daemonSets.delete","container.daemonSets.get","container.daemonSets.getStatus","container.daemonSets.list","container.daemonSets.update","container.deployments.get","container.deployments.list","container.events.get","container.events.list","container.jobs.create","container.jobs.delete","container.jobs.get","container.jobs.list","container.jobs.update","container.mutatingWebhookConfigurations.create","container.mutatingWebhookConfigurations.get","container.mutatingWebhookConfigurations.list","container.mutatingWebhookConfigurations.update","container.namespaces.create","container.namespaces.get","container.namespaces.list","container.pods.get","container.pods.list","container.secrets.create","container.secrets.delete","container.secrets.get","container.secrets.list","container.secrets.update","container.serviceAccounts.create","container.serviceAccounts.delete","container.serviceAccounts.get","container.serviceAccounts.list","container.serviceAccounts.update","container.services.get","container.services.list","container.thirdPartyObjects.create","container.thirdPartyObjects.get","container.thirdPartyObjects.list","container.thirdPartyObjects.update","container.validatingWebhookConfigurations.create","container.validatingWebhookConfigurations.get","container.validatingWebhookConfigurations.list","container.validatingWebhookConfigurations.update","gkehub.features.get","gkehub.locations.get","gkehub.locations.list","gkehub.memberships.get","gkehub.memberships.list","meshconfig.projects.init"],"name":"roles/anthosservicemesh.serviceAgent","stage":"GA","title":"Anthos Service Mesh Service Agent","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":" Gives the Anthos Support Service Agent access to Cloud Platform resource.","etag":"AA==","includedPermissions":["gkehub.features.get","gkehub.features.getIamPolicy","gkehub.features.list","gkehub.fleet.get","gkehub.gateway.get","gkehub.locations.get","gkehub.locations.list","gkehub.memberships.generateConnectManifest","gkehub.memberships.get","gkehub.memberships.getIamPolicy","gkehub.memberships.list","gkehub.operations.get","gkehub.operations.list","resourcemanager.projects.get","resourcemanager.projects.list","serviceusage.services.get"],"name":"roles/anthossupport.serviceAgent","stage":"GA","title":"Anthos Support Service Agent","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Full access to ApiGateway and related resources.","etag":"AA==","includedPermissions":["apigateway.apiconfigs.create","apigateway.apiconfigs.delete","apigateway.apiconfigs.get","apigateway.apiconfigs.getIamPolicy","apigateway.apiconfigs.list","apigateway.apiconfigs.setIamPolicy","apigateway.apiconfigs.update","apigateway.apis.create","apigateway.apis.delete","apigateway.apis.get","apigateway.apis.getIamPolicy","apigateway.apis.list","apigateway.apis.setIamPolicy","apigateway.apis.update","apigateway.gateways.create","apigateway.gateways.delete","apigateway.gateways.get","apigateway.gateways.getIamPolicy","apigateway.gateways.list","apigateway.gateways.setIamPolicy","apigateway.gateways.update","apigateway.locations.get","apigateway.locations.list","apigateway.operations.cancel","apigateway.operations.delete","apigateway.operations.get","apigateway.operations.list","monitoring.metricDescriptors.list","monitoring.monitoredResourceDescriptors.get","monitoring.timeSeries.list","resourcemanager.projects.get","resourcemanager.projects.list","servicemanagement.services.get","serviceusage.services.list"],"name":"roles/apigateway.admin","stage":"GA","title":"ApiGateway Admin","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Gives Cloud API Gateway service account access to Service Management check and reports as well as impersonation on user-specified service accounts.","etag":"AA==","includedPermissions":["iam.serviceAccounts.getAccessToken","iam.serviceAccounts.getOpenIdToken","servicemanagement.services.check","servicemanagement.services.quota","servicemanagement.services.report"],"name":"roles/apigateway.serviceAgent","stage":"GA","title":"Cloud API Gateway Service Agent","asset_type":"iam.googleapis.com/ExportedIAMRole"} @@ -93,7 +93,7 @@ {"description":"Full access to all Recommendations AI resources.","etag":"AA==","includedPermissions":["automlrecommendations.apiKeys.create","automlrecommendations.apiKeys.delete","automlrecommendations.apiKeys.list","automlrecommendations.catalogItems.create","automlrecommendations.catalogItems.delete","automlrecommendations.catalogItems.get","automlrecommendations.catalogItems.list","automlrecommendations.catalogItems.update","automlrecommendations.catalogs.getStats","automlrecommendations.catalogs.list","automlrecommendations.catalogs.update","automlrecommendations.eventStores.getStats","automlrecommendations.events.create","automlrecommendations.events.list","automlrecommendations.events.purge","automlrecommendations.events.rejoin","automlrecommendations.placements.create","automlrecommendations.placements.delete","automlrecommendations.placements.getStats","automlrecommendations.placements.list","automlrecommendations.recommendations.create","automlrecommendations.recommendations.delete","automlrecommendations.recommendations.list","automlrecommendations.recommendations.pause","automlrecommendations.recommendations.resume","automlrecommendations.recommendations.update","resourcemanager.projects.get","resourcemanager.projects.list","retail.catalogs.list","retail.catalogs.update","retail.operations.get","retail.operations.list","retail.placements.predict","retail.placements.search","retail.products.create","retail.products.delete","retail.products.export","retail.products.get","retail.products.import","retail.products.list","retail.products.update","retail.retailProjects.get","retail.userEvents.create","retail.userEvents.import","retail.userEvents.purge","retail.userEvents.rejoin","serviceusage.services.get","serviceusage.services.list"],"name":"roles/automlrecommendations.admin","stage":"BETA","title":"Recommendations AI Admin","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Viewer of all Recommendations AI resources.","etag":"AA==","includedPermissions":["automlrecommendations.apiKeys.list","automlrecommendations.catalogItems.get","automlrecommendations.catalogItems.list","automlrecommendations.catalogs.getStats","automlrecommendations.catalogs.list","automlrecommendations.eventStores.getStats","automlrecommendations.events.list","automlrecommendations.placements.getStats","automlrecommendations.placements.list","automlrecommendations.recommendations.list","resourcemanager.projects.get","resourcemanager.projects.list","retail.catalogs.list","retail.operations.get","retail.operations.list","retail.placements.predict","retail.placements.search","retail.products.export","retail.products.get","retail.products.list","retail.retailProjects.get","serviceusage.services.get","serviceusage.services.list"],"name":"roles/automlrecommendations.adminViewer","stage":"BETA","title":"Recommendations AI Admin Viewer","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Editor of all Recommendations AI resources.","etag":"AA==","includedPermissions":["automlrecommendations.apiKeys.create","automlrecommendations.apiKeys.list","automlrecommendations.catalogItems.create","automlrecommendations.catalogItems.delete","automlrecommendations.catalogItems.get","automlrecommendations.catalogItems.list","automlrecommendations.catalogItems.update","automlrecommendations.catalogs.getStats","automlrecommendations.catalogs.list","automlrecommendations.eventStores.getStats","automlrecommendations.events.create","automlrecommendations.events.list","automlrecommendations.placements.create","automlrecommendations.placements.getStats","automlrecommendations.placements.list","automlrecommendations.recommendations.create","automlrecommendations.recommendations.list","automlrecommendations.recommendations.pause","automlrecommendations.recommendations.resume","automlrecommendations.recommendations.update","resourcemanager.projects.get","resourcemanager.projects.list","retail.catalogs.list","retail.catalogs.update","retail.operations.get","retail.operations.list","retail.placements.predict","retail.placements.search","retail.products.create","retail.products.delete","retail.products.export","retail.products.get","retail.products.import","retail.products.list","retail.products.update","retail.retailProjects.get","retail.userEvents.create","retail.userEvents.import","serviceusage.services.get","serviceusage.services.list"],"name":"roles/automlrecommendations.editor","stage":"BETA","title":"Recommendations AI Editor","asset_type":"iam.googleapis.com/ExportedIAMRole"} -{"description":"Recommendations AI service uploads catalog feeds from Cloud Storage, reports results to the customer Cloud Storage bucket, writes logs to customer projects, and writes and reads Stackdriver metrics for customer projects.","etag":"AA==","includedPermissions":["bigquery.datasets.create","bigquery.datasets.get","bigquery.jobs.create","bigquery.jobs.get","bigquery.jobs.list","bigquery.jobs.update","bigquery.tables.create","bigquery.tables.export","bigquery.tables.get","bigquery.tables.getData","bigquery.tables.list","bigquery.tables.update","bigquery.tables.updateData","cloudnotifications.activities.list","dataflow.jobs.cancel","dataflow.jobs.create","dataflow.jobs.get","dataflow.jobs.list","dataflow.jobs.snapshot","dataflow.jobs.updateContents","dataflow.messages.list","dataflow.metrics.get","logging.logEntries.create","monitoring.alertPolicies.get","monitoring.alertPolicies.list","monitoring.dashboards.get","monitoring.dashboards.list","monitoring.groups.get","monitoring.groups.list","monitoring.metricDescriptors.create","monitoring.metricDescriptors.get","monitoring.metricDescriptors.list","monitoring.monitoredResourceDescriptors.get","monitoring.monitoredResourceDescriptors.list","monitoring.notificationChannelDescriptors.get","monitoring.notificationChannelDescriptors.list","monitoring.notificationChannels.get","monitoring.notificationChannels.list","monitoring.publicWidgets.get","monitoring.publicWidgets.list","monitoring.services.get","monitoring.services.list","monitoring.slos.get","monitoring.slos.list","monitoring.timeSeries.create","monitoring.timeSeries.list","monitoring.uptimeCheckConfigs.get","monitoring.uptimeCheckConfigs.list","opsconfigmonitoring.resourceMetadata.list","resourcemanager.projects.get","resourcemanager.projects.list","stackdriver.projects.get","storage.buckets.create","storage.buckets.get","storage.objects.create","storage.objects.delete","storage.objects.get","storage.objects.list","storage.objects.update"],"name":"roles/automlrecommendations.serviceAgent","stage":"GA","title":"Recommendations AI Service Agent","asset_type":"iam.googleapis.com/ExportedIAMRole"} +{"description":"Recommendations AI service uploads catalog feeds from Cloud Storage, reports results to the customer Cloud Storage bucket, writes logs to customer projects, and writes and reads Stackdriver metrics for customer projects.","etag":"AA==","includedPermissions":["bigquery.datasets.create","bigquery.datasets.get","bigquery.jobs.create","bigquery.jobs.get","bigquery.jobs.list","bigquery.jobs.update","bigquery.tables.create","bigquery.tables.export","bigquery.tables.get","bigquery.tables.getData","bigquery.tables.list","bigquery.tables.updateData","cloudnotifications.activities.list","dataflow.jobs.cancel","dataflow.jobs.create","dataflow.jobs.get","dataflow.jobs.list","dataflow.jobs.snapshot","dataflow.jobs.updateContents","dataflow.messages.list","dataflow.metrics.get","logging.logEntries.create","monitoring.alertPolicies.get","monitoring.alertPolicies.list","monitoring.dashboards.get","monitoring.dashboards.list","monitoring.groups.get","monitoring.groups.list","monitoring.metricDescriptors.create","monitoring.metricDescriptors.get","monitoring.metricDescriptors.list","monitoring.monitoredResourceDescriptors.get","monitoring.monitoredResourceDescriptors.list","monitoring.notificationChannelDescriptors.get","monitoring.notificationChannelDescriptors.list","monitoring.notificationChannels.get","monitoring.notificationChannels.list","monitoring.publicWidgets.get","monitoring.publicWidgets.list","monitoring.services.get","monitoring.services.list","monitoring.slos.get","monitoring.slos.list","monitoring.timeSeries.create","monitoring.timeSeries.list","monitoring.uptimeCheckConfigs.get","monitoring.uptimeCheckConfigs.list","opsconfigmonitoring.resourceMetadata.list","resourcemanager.projects.get","resourcemanager.projects.list","stackdriver.projects.get","storage.buckets.create","storage.buckets.get","storage.objects.create","storage.objects.delete","storage.objects.get","storage.objects.list","storage.objects.update"],"name":"roles/automlrecommendations.serviceAgent","stage":"GA","title":"Recommendations AI Service Agent","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Viewer of all Recommendations AI resources except automlrecommendations.apiKeys. To have all read access use Recommendations AI Admin Viewer role instead.","etag":"AA==","includedPermissions":["automlrecommendations.catalogItems.get","automlrecommendations.catalogItems.list","automlrecommendations.catalogs.getStats","automlrecommendations.catalogs.list","automlrecommendations.eventStores.getStats","automlrecommendations.events.list","automlrecommendations.placements.getStats","automlrecommendations.placements.list","automlrecommendations.recommendations.list","resourcemanager.projects.get","resourcemanager.projects.list","retail.catalogs.list","retail.operations.get","retail.operations.list","retail.placements.predict","retail.placements.search","retail.products.export","retail.products.get","retail.products.list","retail.retailProjects.get","serviceusage.services.get","serviceusage.services.list"],"name":"roles/automlrecommendations.viewer","stage":"BETA","title":"Recommendations AI Viewer","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Access to write metrics for autoscaling site","etag":"AA==","includedPermissions":["autoscaling.sites.writeMetrics"],"name":"roles/autoscaling.metricsWriter","stage":"BETA","title":"Autoscaling Metrics Writer","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Access to read recommendations from autoscaling site","etag":"AA==","includedPermissions":["autoscaling.sites.readRecommendations"],"name":"roles/autoscaling.recommendationsReader","stage":"BETA","title":"Autoscaling Recommendations Reader","asset_type":"iam.googleapis.com/ExportedIAMRole"} @@ -661,9 +661,9 @@ {"description":"Impersonate service accounts (create OAuth2 access tokens, sign blobs or JWTs, etc).","etag":"AA==","includedPermissions":["iam.serviceAccounts.get","iam.serviceAccounts.getAccessToken","iam.serviceAccounts.getOpenIdToken","iam.serviceAccounts.implicitDelegation","iam.serviceAccounts.list","iam.serviceAccounts.signBlob","iam.serviceAccounts.signJwt","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/iam.serviceAccountTokenCreator","stage":"GA","title":"Service Account Token Creator","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Run operations as the service account.","etag":"AA==","includedPermissions":["iam.serviceAccounts.actAs","iam.serviceAccounts.get","iam.serviceAccounts.list","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/iam.serviceAccountUser","stage":"GA","title":"Service Account User","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Read access to service accounts, metadata, and keys.","etag":"AA==","includedPermissions":["iam.serviceAccountKeys.get","iam.serviceAccountKeys.list","iam.serviceAccounts.get","iam.serviceAccounts.getIamPolicy","iam.serviceAccounts.list","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/iam.serviceAccountViewer","stage":"GA","title":"View Service Accounts","asset_type":"iam.googleapis.com/ExportedIAMRole"} -{"description":"Full rights to create and manage all workforce pools in the org, along with the ability to delegate permissions to other admins.","etag":"AA==","includedPermissions":["iam.googleapis.com/workforcePoolProviders.create","iam.googleapis.com/workforcePoolProviders.delete","iam.googleapis.com/workforcePoolProviders.get","iam.googleapis.com/workforcePoolProviders.list","iam.googleapis.com/workforcePoolProviders.undelete","iam.googleapis.com/workforcePoolProviders.update","iam.googleapis.com/workforcePoolSubjects.delete","iam.googleapis.com/workforcePoolSubjects.undelete","iam.googleapis.com/workforcePools.create","iam.googleapis.com/workforcePools.delete","iam.googleapis.com/workforcePools.get","iam.googleapis.com/workforcePools.getIamPolicy","iam.googleapis.com/workforcePools.list","iam.googleapis.com/workforcePools.setIamPolicy","iam.googleapis.com/workforcePools.undelete","iam.googleapis.com/workforcePools.update"],"name":"roles/iam.workforcePoolAdmin","stage":"BETA","title":"IAM Workforce Pool Admin","asset_type":"iam.googleapis.com/ExportedIAMRole"} +{"description":"Full rights to create and manage all workforce pools in the org, along with the ability to delegate permissions to other admins.","etag":"AA==","includedPermissions":["iam.googleapis.com/workforcePoolProviders.create","iam.googleapis.com/workforcePoolProviders.delete","iam.googleapis.com/workforcePoolProviders.get","iam.googleapis.com/workforcePoolProviders.list","iam.googleapis.com/workforcePoolProviders.undelete","iam.googleapis.com/workforcePoolProviders.update","iam.googleapis.com/workforcePoolSubjects.delete","iam.googleapis.com/workforcePoolSubjects.undelete","iam.googleapis.com/workforcePools.create","iam.googleapis.com/workforcePools.delete","iam.googleapis.com/workforcePools.get","iam.googleapis.com/workforcePools.getIamPolicy","iam.googleapis.com/workforcePools.list","iam.googleapis.com/workforcePools.setIamPolicy","iam.googleapis.com/workforcePools.undelete","iam.googleapis.com/workforcePools.update"],"name":"roles/iam.workforcePoolAdmin","stage":"ALPHA","title":"IAM Workforce Pool Admin","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Rights to edit a particular instance of a workforce pool.","etag":"AA==","includedPermissions":["iam.googleapis.com/workforcePoolProviders.create","iam.googleapis.com/workforcePoolProviders.delete","iam.googleapis.com/workforcePoolProviders.get","iam.googleapis.com/workforcePoolProviders.list","iam.googleapis.com/workforcePoolProviders.undelete","iam.googleapis.com/workforcePoolProviders.update","iam.googleapis.com/workforcePools.get","iam.googleapis.com/workforcePools.list","iam.googleapis.com/workforcePools.update"],"name":"roles/iam.workforcePoolEditor","stage":"BETA","title":"IAM Workforce Pool Editor","asset_type":"iam.googleapis.com/ExportedIAMRole"} -{"description":"Rights to read workforce pool.","etag":"AA==","includedPermissions":["iam.googleapis.com/workforcePoolProviders.get","iam.googleapis.com/workforcePoolProviders.list","iam.googleapis.com/workforcePools.get","iam.googleapis.com/workforcePools.list"],"name":"roles/iam.workforcePoolViewer","stage":"BETA","title":"IAM Workforce Pool Viewer","asset_type":"iam.googleapis.com/ExportedIAMRole"} +{"description":"Rights to read workforce pool.","etag":"AA==","includedPermissions":["iam.googleapis.com/workforcePoolProviders.get","iam.googleapis.com/workforcePoolProviders.list","iam.googleapis.com/workforcePools.get","iam.googleapis.com/workforcePools.list"],"name":"roles/iam.workforcePoolViewer","stage":"ALPHA","title":"IAM Workforce Pool Viewer","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Full rights to create and manage workload identity pools.","etag":"AA==","includedPermissions":["iam.googleapis.com/workloadIdentityPoolProviders.create","iam.googleapis.com/workloadIdentityPoolProviders.delete","iam.googleapis.com/workloadIdentityPoolProviders.get","iam.googleapis.com/workloadIdentityPoolProviders.list","iam.googleapis.com/workloadIdentityPoolProviders.undelete","iam.googleapis.com/workloadIdentityPoolProviders.update","iam.googleapis.com/workloadIdentityPools.create","iam.googleapis.com/workloadIdentityPools.delete","iam.googleapis.com/workloadIdentityPools.get","iam.googleapis.com/workloadIdentityPools.list","iam.googleapis.com/workloadIdentityPools.undelete","iam.googleapis.com/workloadIdentityPools.update","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/iam.workloadIdentityPoolAdmin","stage":"BETA","title":"IAM Workload Identity Pool Admin","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Read access to workload identity pools.","etag":"AA==","includedPermissions":["iam.googleapis.com/workloadIdentityPoolProviders.get","iam.googleapis.com/workloadIdentityPoolProviders.list","iam.googleapis.com/workloadIdentityPools.get","iam.googleapis.com/workloadIdentityPools.list","resourcemanager.projects.get","resourcemanager.projects.list"],"name":"roles/iam.workloadIdentityPoolViewer","stage":"BETA","title":"IAM Workload Identity Pool Viewer","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Impersonate service accounts from GKE Workloads","etag":"AA==","includedPermissions":["iam.serviceAccounts.get","iam.serviceAccounts.getAccessToken","iam.serviceAccounts.getOpenIdToken","iam.serviceAccounts.list"],"name":"roles/iam.workloadIdentityUser","stage":"GA","title":"Workload Identity User","asset_type":"iam.googleapis.com/ExportedIAMRole"} @@ -1076,6 +1076,6 @@ {"description":"Gives Cloud Workflows service account access to managed resources.","etag":"AA==","includedPermissions":["iam.serviceAccounts.get","iam.serviceAccounts.getAccessToken","iam.serviceAccounts.getOpenIdToken"],"name":"roles/workflows.serviceAgent","stage":"GA","title":"Cloud Workflows Service Agent","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Read-only access to workflows and related resources.","etag":"AA==","includedPermissions":["resourcemanager.projects.get","resourcemanager.projects.list","workflows.executions.get","workflows.executions.list","workflows.locations.get","workflows.locations.list","workflows.operations.get","workflows.operations.list","workflows.workflows.get","workflows.workflows.list"],"name":"roles/workflows.viewer","stage":"GA","title":"Workflows Viewer","asset_type":"iam.googleapis.com/ExportedIAMRole"} {"description":"Gives the Workload Certificate service agent access to Cloud Platform resources.","etag":"AA==","includedPermissions":["container.clusters.get","container.clusters.update","container.customResourceDefinitions.create","container.customResourceDefinitions.get","container.customResourceDefinitions.list","gkehub.features.get","gkehub.locations.get","gkehub.locations.list","gkehub.memberships.get","gkehub.memberships.list","serviceconsumermanagement.tenancyu.addResource","serviceconsumermanagement.tenancyu.create","serviceconsumermanagement.tenancyu.delete","serviceconsumermanagement.tenancyu.removeResource","serviceusage.services.use"],"name":"roles/workloadcertificate.serviceAgent","stage":"GA","title":"Workload Certificate Service Agent","asset_type":"iam.googleapis.com/ExportedIAMRole"} -{"description":"Full access to Workload Manager all resources.","etag":"AA==","includedPermissions":["resourcemanager.projects.get","resourcemanager.projects.list","workloadmanager.evaluations.create","workloadmanager.evaluations.delete","workloadmanager.evaluations.get","workloadmanager.evaluations.list","workloadmanager.evaluations.run","workloadmanager.evaluations.update","workloadmanager.executions.delete","workloadmanager.executions.get","workloadmanager.executions.list","workloadmanager.locations.get","workloadmanager.locations.list","workloadmanager.operations.cancel","workloadmanager.operations.delete","workloadmanager.operations.get","workloadmanager.operations.list","workloadmanager.results.list","workloadmanager.rules.list"],"name":"roles/workloadmanager.admin","stage":"BETA","title":"Workload Manager Admin","asset_type":"iam.googleapis.com/ExportedIAMRole"} -{"description":"Read-only access to Workload Manager all resources.","etag":"AA==","includedPermissions":["resourcemanager.projects.get","resourcemanager.projects.list","workloadmanager.evaluations.get","workloadmanager.evaluations.list","workloadmanager.executions.get","workloadmanager.executions.list","workloadmanager.results.list","workloadmanager.rules.list"],"name":"roles/workloadmanager.viewer","stage":"ALPHA","title":"Workload Manager Viewer","asset_type":"iam.googleapis.com/ExportedIAMRole"} -{"description":"The role used by Workload Manager application runners to read and update workloads.","etag":"AA==","includedPermissions":["resourcemanager.projects.get","resourcemanager.projects.list","workloadmanager.evaluations.create","workloadmanager.evaluations.delete","workloadmanager.evaluations.get","workloadmanager.evaluations.list","workloadmanager.evaluations.run","workloadmanager.evaluations.update","workloadmanager.executions.delete","workloadmanager.executions.get","workloadmanager.executions.list","workloadmanager.results.list","workloadmanager.rules.list"],"name":"roles/workloadmanager.worker","stage":"ALPHA","title":"Workload Manager Worker","asset_type":"iam.googleapis.com/ExportedIAMRole"} +{"description":"Full access to Workload Manager all resources.","etag":"AA==","includedPermissions":["resourcemanager.projects.get","resourcemanager.projects.list","workloadmanager.evaluations.create","workloadmanager.evaluations.delete","workloadmanager.evaluations.get","workloadmanager.evaluations.list","workloadmanager.evaluations.run","workloadmanager.evaluations.update","workloadmanager.executions.delete","workloadmanager.executions.get","workloadmanager.executions.list","workloadmanager.locations.get","workloadmanager.locations.list","workloadmanager.operations.cancel","workloadmanager.operations.delete","workloadmanager.operations.get","workloadmanager.operations.list","workloadmanager.results.list","workloadmanager.rules.list"],"name":"roles/workloadmanager.admin","stage":"ALPHA","title":"Workload Manager Admin","asset_type":"iam.googleapis.com/ExportedIAMRole"} +{"description":"Read-only access to Workload Manager all resources.","etag":"AA==","includedPermissions":["resourcemanager.projects.get","resourcemanager.projects.list","workloadmanager.evaluations.get","workloadmanager.evaluations.list","workloadmanager.executions.get","workloadmanager.executions.list","workloadmanager.results.list","workloadmanager.rules.list"],"name":"roles/workloadmanager.viewer","stage":"BETA","title":"Workload Manager Viewer","asset_type":"iam.googleapis.com/ExportedIAMRole"} +{"description":"The role used by Workload Manager application runners to read and update workloads.","etag":"AA==","includedPermissions":["resourcemanager.projects.get","resourcemanager.projects.list","workloadmanager.evaluations.create","workloadmanager.evaluations.delete","workloadmanager.evaluations.get","workloadmanager.evaluations.list","workloadmanager.evaluations.run","workloadmanager.evaluations.update","workloadmanager.executions.delete","workloadmanager.executions.get","workloadmanager.executions.list","workloadmanager.results.list","workloadmanager.rules.list"],"name":"roles/workloadmanager.worker","stage":"BETA","title":"Workload Manager Worker","asset_type":"iam.googleapis.com/ExportedIAMRole"} diff --git a/roles/analyticshub.publisher b/roles/analyticshub.publisher index f187ca7f..9e94df70 100644 --- a/roles/analyticshub.publisher +++ b/roles/analyticshub.publisher @@ -13,6 +13,6 @@ "resourcemanager.projects.list" ], "name": "roles/analyticshub.publisher", - "stage": "GA", + "stage": "BETA", "title": "Analytics Hub Publisher" } diff --git a/roles/analyticshub.subscriber b/roles/analyticshub.subscriber index c2f3f86f..425635b1 100644 --- a/roles/analyticshub.subscriber +++ b/roles/analyticshub.subscriber @@ -13,6 +13,6 @@ "resourcemanager.projects.list" ], "name": "roles/analyticshub.subscriber", - "stage": "GA", + "stage": "BETA", "title": "Analytics Hub Subscriber" } diff --git a/roles/analyticshub.viewer b/roles/analyticshub.viewer index 4095f4fc..827b894e 100644 --- a/roles/analyticshub.viewer +++ b/roles/analyticshub.viewer @@ -12,6 +12,6 @@ "resourcemanager.projects.list" ], "name": "roles/analyticshub.viewer", - "stage": "BETA", + "stage": "GA", "title": "Analytics Hub Viewer" } diff --git a/roles/anthosservicemesh.serviceAgent b/roles/anthosservicemesh.serviceAgent index 5579043a..a9282352 100644 --- a/roles/anthosservicemesh.serviceAgent +++ b/roles/anthosservicemesh.serviceAgent @@ -20,7 +20,6 @@ "container.clusterRoles.list", "container.clusterRoles.update", "container.clusters.get", - "container.clusters.update", "container.configMaps.create", "container.configMaps.delete", "container.configMaps.get", @@ -52,7 +51,6 @@ "container.namespaces.create", "container.namespaces.get", "container.namespaces.list", - "container.operations.get", "container.pods.get", "container.pods.list", "container.secrets.create", @@ -76,25 +74,11 @@ "container.validatingWebhookConfigurations.list", "container.validatingWebhookConfigurations.update", "gkehub.features.get", - "gkehub.gateway.delete", - "gkehub.gateway.get", - "gkehub.gateway.patch", - "gkehub.gateway.post", - "gkehub.gateway.put", "gkehub.locations.get", "gkehub.locations.list", "gkehub.memberships.get", "gkehub.memberships.list", - "logging.logEntries.create", - "meshconfig.projects.init", - "monitoring.metricDescriptors.create", - "monitoring.metricDescriptors.get", - "monitoring.metricDescriptors.list", - "monitoring.monitoredResourceDescriptors.get", - "monitoring.monitoredResourceDescriptors.list", - "monitoring.timeSeries.create", - "serviceusage.services.get", - "serviceusage.services.use" + "meshconfig.projects.init" ], "name": "roles/anthosservicemesh.serviceAgent", "stage": "GA", diff --git a/roles/automlrecommendations.serviceAgent b/roles/automlrecommendations.serviceAgent index 26889299..bda440d6 100644 --- a/roles/automlrecommendations.serviceAgent +++ b/roles/automlrecommendations.serviceAgent @@ -13,7 +13,6 @@ "bigquery.tables.get", "bigquery.tables.getData", "bigquery.tables.list", - "bigquery.tables.update", "bigquery.tables.updateData", "cloudnotifications.activities.list", "dataflow.jobs.cancel", diff --git a/roles/iam.workforcePoolAdmin b/roles/iam.workforcePoolAdmin index 4b705c2b..6ceb6932 100644 --- a/roles/iam.workforcePoolAdmin +++ b/roles/iam.workforcePoolAdmin @@ -20,6 +20,6 @@ "iam.googleapis.com/workforcePools.update" ], "name": "roles/iam.workforcePoolAdmin", - "stage": "BETA", + "stage": "ALPHA", "title": "IAM Workforce Pool Admin" } diff --git a/roles/iam.workforcePoolViewer b/roles/iam.workforcePoolViewer index 7a0aefa9..92b48a3a 100644 --- a/roles/iam.workforcePoolViewer +++ b/roles/iam.workforcePoolViewer @@ -8,6 +8,6 @@ "iam.googleapis.com/workforcePools.list" ], "name": "roles/iam.workforcePoolViewer", - "stage": "BETA", + "stage": "ALPHA", "title": "IAM Workforce Pool Viewer" } diff --git a/roles/workloadmanager.admin b/roles/workloadmanager.admin index 11cff6cd..1b589a6c 100644 --- a/roles/workloadmanager.admin +++ b/roles/workloadmanager.admin @@ -23,6 +23,6 @@ "workloadmanager.rules.list" ], "name": "roles/workloadmanager.admin", - "stage": "BETA", + "stage": "ALPHA", "title": "Workload Manager Admin" } diff --git a/roles/workloadmanager.viewer b/roles/workloadmanager.viewer index f768979d..75ea1ab8 100644 --- a/roles/workloadmanager.viewer +++ b/roles/workloadmanager.viewer @@ -12,6 +12,6 @@ "workloadmanager.rules.list" ], "name": "roles/workloadmanager.viewer", - "stage": "ALPHA", + "stage": "BETA", "title": "Workload Manager Viewer" } diff --git a/roles/workloadmanager.worker b/roles/workloadmanager.worker index 8932bfde..e6391606 100644 --- a/roles/workloadmanager.worker +++ b/roles/workloadmanager.worker @@ -17,6 +17,6 @@ "workloadmanager.rules.list" ], "name": "roles/workloadmanager.worker", - "stage": "ALPHA", + "stage": "BETA", "title": "Workload Manager Worker" }