GCP IAM Updates Detected

roles/backupdr.admin

@@ -2,16 +2,16 @@
   "description": "Provides full access to all Backup and DR resources. ",
   "etag": "AA==",
   "includedPermissions": [
-    "backupdr.backupPlanAssociations.createForComputeInstance",
-    "backupdr.backupPlanAssociations.deleteForComputeInstance",
+    "backupdr.backupPlanAssociations.create",
+    "backupdr.backupPlanAssociations.delete",
     "backupdr.backupPlanAssociations.get",
     "backupdr.backupPlanAssociations.list",
-    "backupdr.backupPlanAssociations.triggerBackupForComputeInstance",
+    "backupdr.backupPlanAssociations.triggerBackup",
     "backupdr.backupPlans.create",
     "backupdr.backupPlans.delete",
     "backupdr.backupPlans.get",
     "backupdr.backupPlans.list",
-    "backupdr.backupPlans.useForComputeInstance",
+    "backupdr.backupPlans.useComputeInstanceOnly",
     "backupdr.backupVaults.associate",
     "backupdr.backupVaults.create",
     "backupdr.backupVaults.delete",

roles/backupdr.userv2

@@ -2,16 +2,16 @@
   "description": "Provides full access to Backup and DR resources except deploying and managing backup infrastructure, expiring backups, changing data sensitivity and configuring on-premises billing.",
   "etag": "AA==",
   "includedPermissions": [
-    "backupdr.backupPlanAssociations.createForComputeInstance",
-    "backupdr.backupPlanAssociations.deleteForComputeInstance",
+    "backupdr.backupPlanAssociations.create",
+    "backupdr.backupPlanAssociations.delete",
     "backupdr.backupPlanAssociations.get",
     "backupdr.backupPlanAssociations.list",
-    "backupdr.backupPlanAssociations.triggerBackupForComputeInstance",
+    "backupdr.backupPlanAssociations.triggerBackup",
     "backupdr.backupPlans.create",
     "backupdr.backupPlans.delete",
     "backupdr.backupPlans.get",
     "backupdr.backupPlans.list",
-    "backupdr.backupPlans.useForComputeInstance",
+    "backupdr.backupPlans.useComputeInstanceOnly",
     "backupdr.backupVaults.associate",
     "backupdr.backupVaults.get",
     "backupdr.backupVaults.list",

roles/cloudsql.viewer

@@ -5,6 +5,8 @@
     "cloudaicompanion.entitlements.get",
     "cloudsql.backupRuns.get",
     "cloudsql.backupRuns.list",
+    "cloudsql.backups.get",
+    "cloudsql.backups.list",
     "cloudsql.databases.get",
     "cloudsql.databases.list",
     "cloudsql.instances.export",
@@ -15,6 +17,8 @@
     "cloudsql.instances.listServerCas",
     "cloudsql.instances.listServerCertificates",
     "cloudsql.instances.listTagBindings",
+    "cloudsql.operations.get",
+    "cloudsql.operations.list",
     "cloudsql.sslCerts.get",
     "cloudsql.sslCerts.list",
     "cloudsql.users.get",

roles/compute.instanceAdmin.v1

@@ -2,11 +2,6 @@
   "description": "Full control of Compute Engine instances, instance groups, disks, snapshots, and images. Read access to all Compute Engine networking resources.",
   "etag": "AA==",
   "includedPermissions": [
-    "backupdr.backupPlanAssociations.createForComputeInstance",
-    "backupdr.backupPlanAssociations.deleteForComputeInstance",
-    "backupdr.backupPlanAssociations.list",
-    "backupdr.backupPlanAssociations.triggerBackupForComputeInstance",
-    "backupdr.backupPlans.useForComputeInstance",
     "compute.acceleratorTypes.get",
     "compute.acceleratorTypes.list",
     "compute.addresses.createInternal",

roles/contactcenterinsights.editor

@@ -67,7 +67,6 @@
     "contactcenterinsights.qaScorecardRevisions.get",
     "contactcenterinsights.qaScorecardRevisions.list",
     "contactcenterinsights.qaScorecardRevisions.tune",
-    "contactcenterinsights.qaScorecardRevisions.undeploy",
     "contactcenterinsights.qaScorecards.create",
     "contactcenterinsights.qaScorecards.delete",
     "contactcenterinsights.qaScorecards.get",

roles/designcenter.serviceAgent

@@ -0,0 +1,24 @@
+{
+  "description": "Gives the DesignCenter API Service Account access to necessary GCP resources.",
+  "etag": "AA==",
+  "includedPermissions": [
+    "storage.buckets.create",
+    "storage.buckets.delete",
+    "storage.buckets.get",
+    "storage.buckets.list",
+    "storage.buckets.update",
+    "storage.managedFolders.create",
+    "storage.managedFolders.delete",
+    "storage.managedFolders.get",
+    "storage.managedFolders.getIamPolicy",
+    "storage.managedFolders.list",
+    "storage.objects.create",
+    "storage.objects.delete",
+    "storage.objects.get",
+    "storage.objects.list",
+    "storage.objects.update"
+  ],
+  "name": "roles/designcenter.serviceAgent",
+  "stage": "ALPHA",
+  "title": "DesignCenter Service Agent"
+}

roles/dspm.serviceAgent

@@ -43,7 +43,6 @@
     "securitycentermanagement.securityHealthAnalyticsCustomModules.get",
     "securityposture.operations.get",
     "securityposture.postureDeployments.create",
-    "securityposture.postureDeployments.delete",
     "securityposture.postures.create",
     "securityposture.postures.get",
     "storage.buckets.createTagBinding",

roles/genomics.serviceAgent

@@ -2,11 +2,6 @@
   "description": "Gives Genomics Service Account access to compute resources. Includes access to service accounts.",
   "etag": "AA==",
   "includedPermissions": [
-    "backupdr.backupPlanAssociations.createForComputeInstance",
-    "backupdr.backupPlanAssociations.deleteForComputeInstance",
-    "backupdr.backupPlanAssociations.list",
-    "backupdr.backupPlanAssociations.triggerBackupForComputeInstance",
-    "backupdr.backupPlans.useForComputeInstance",
     "compute.acceleratorTypes.get",
     "compute.acceleratorTypes.list",
     "compute.addresses.createInternal",

roles/iam.securityReviewer

@@ -482,8 +482,10 @@
     "cloudsecurityscanner.scanruns.list",
     "cloudsecurityscanner.scans.list",
     "cloudsql.backupRuns.list",
+    "cloudsql.backups.list",
     "cloudsql.databases.list",
     "cloudsql.instances.list",
+    "cloudsql.operations.list",
     "cloudsql.sslCerts.list",
     "cloudsql.users.list",
     "cloudsupport.accounts.getIamPolicy",