GCP IAM Updates Detected

roles/accesscontextmanager.policyAdmin

@@ -8,18 +8,6 @@
     "accesscontextmanager.accessLevels.list",
     "accesscontextmanager.accessLevels.replaceAll",
     "accesscontextmanager.accessLevels.update",
-    "accesscontextmanager.accessPolicies.create",
-    "accesscontextmanager.accessPolicies.delete",
-    "accesscontextmanager.accessPolicies.get",
-    "accesscontextmanager.accessPolicies.getIamPolicy",
-    "accesscontextmanager.accessPolicies.list",
-    "accesscontextmanager.accessPolicies.setIamPolicy",
-    "accesscontextmanager.accessPolicies.update",
-    "accesscontextmanager.accessZones.create",
-    "accesscontextmanager.accessZones.delete",
-    "accesscontextmanager.accessZones.get",
-    "accesscontextmanager.accessZones.list",
-    "accesscontextmanager.accessZones.update",
     "accesscontextmanager.authorizedOrgsDescs.create",
     "accesscontextmanager.authorizedOrgsDescs.delete",
     "accesscontextmanager.authorizedOrgsDescs.get",

roles/appengine.appViewer

@@ -3,6 +3,7 @@
   "etag": "AA==",
   "includedPermissions": [
     "appengine.applications.get",
+    "appengine.applications.listRuntimes",
     "appengine.instances.get",
     "appengine.instances.list",
     "appengine.operations.get",

roles/chronicle.limitedViewer

@@ -68,6 +68,7 @@
     "chronicle.multitenantDirectories.get",
     "chronicle.operations.get",
     "chronicle.operations.list",
+    "chronicle.operations.streamSearch",
     "chronicle.operations.wait",
     "chronicle.preferenceSets.get",
     "chronicle.preferenceSets.update",

roles/chronicle.restrictedDataAccessViewer

@@ -5,7 +5,6 @@
     "chronicle.ais.createFeedback",
     "chronicle.ais.translateUdmQuery",
     "chronicle.ais.translateYlRule",
-    "chronicle.dataAccessScopes.list",
     "chronicle.entities.find",
     "chronicle.entities.findRelatedEntities",
     "chronicle.entities.get",

roles/chronicle.viewer

@@ -25,10 +25,10 @@
     "chronicle.dashboards.get",
     "chronicle.dashboards.list",
     "chronicle.dashboards.schedule",
-    "chronicle.dataAccessScopes.list",
     "chronicle.entities.find",
     "chronicle.entities.findRelatedEntities",
     "chronicle.entities.get",
+    "chronicle.entities.list",
     "chronicle.entities.queryEntityRiskScoreModifications",
     "chronicle.entities.searchEntities",
     "chronicle.entities.summarize",
@@ -101,6 +101,7 @@
     "chronicle.multitenantDirectories.get",
     "chronicle.operations.get",
     "chronicle.operations.list",
+    "chronicle.operations.streamSearch",
     "chronicle.operations.wait",
     "chronicle.preferenceSets.get",
     "chronicle.preferenceSets.update",
@@ -122,6 +123,8 @@
     "chronicle.searchQueries.get",
     "chronicle.searchQueries.list",
     "chronicle.searchQueries.update",
+    "chronicle.watchlists.get",
+    "chronicle.watchlists.list",
     "resourcemanager.projects.get",
     "resourcemanager.projects.list"
   ],

roles/ondemandscanning.serviceAgent

@@ -4,6 +4,7 @@
   "includedPermissions": [
     "artifactregistry.dockerimages.get",
     "artifactregistry.dockerimages.list",
+    "artifactregistry.files.download",
     "artifactregistry.files.get",
     "artifactregistry.files.list",
     "artifactregistry.locations.get",

roles/owner

@@ -361,6 +361,7 @@
     "alloydb.instances.connect",
     "alloydb.instances.create",
     "alloydb.instances.delete",
+    "alloydb.instances.executeSql",
     "alloydb.instances.failover",
     "alloydb.instances.get",
     "alloydb.instances.injectFault",
@@ -7894,6 +7895,7 @@
     "retail.attributesConfigs.replaceCatalogAttribute",
     "retail.attributesConfigs.update",
     "retail.catalogs.completeQuery",
+    "retail.catalogs.exportAnalyticsMetrics",
     "retail.catalogs.import",
     "retail.catalogs.list",
     "retail.catalogs.update",
@@ -8233,7 +8235,6 @@
     "securityposture.postures.get",
     "securityposture.postures.list",
     "securityposture.postures.update",
-    "securityposture.reports.create",
     "servicebroker.bindingoperations.get",
     "servicebroker.bindingoperations.list",
     "servicebroker.bindings.create",

roles/securesourcemanager.admin

@@ -0,0 +1,45 @@
+{
+  "description": "Full access to all Secure Source Manager resources.",
+  "etag": "AA==",
+  "includedPermissions": [
+    "resourcemanager.projects.get",
+    "resourcemanager.projects.list",
+    "securesourcemanager.instances.access",
+    "securesourcemanager.instances.create",
+    "securesourcemanager.instances.createRepository",
+    "securesourcemanager.instances.delete",
+    "securesourcemanager.instances.get",
+    "securesourcemanager.instances.getIamPolicy",
+    "securesourcemanager.instances.list",
+    "securesourcemanager.instances.setIamPolicy",
+    "securesourcemanager.locations.get",
+    "securesourcemanager.locations.list",
+    "securesourcemanager.operations.cancel",
+    "securesourcemanager.operations.delete",
+    "securesourcemanager.operations.get",
+    "securesourcemanager.operations.list",
+    "securesourcemanager.repositories.create",
+    "securesourcemanager.repositories.delete",
+    "securesourcemanager.repositories.fetch",
+    "securesourcemanager.repositories.get",
+    "securesourcemanager.repositories.getIamPolicy",
+    "securesourcemanager.repositories.list",
+    "securesourcemanager.repositories.push",
+    "securesourcemanager.repositories.readIssues",
+    "securesourcemanager.repositories.readPullRequests",
+    "securesourcemanager.repositories.setIamPolicy",
+    "securesourcemanager.repositories.update",
+    "securesourcemanager.repositories.writeIssues",
+    "securesourcemanager.repositories.writePullRequests",
+    "securesourcemanager.sshkeys.create",
+    "securesourcemanager.sshkeys.createAny",
+    "securesourcemanager.sshkeys.delete",
+    "securesourcemanager.sshkeys.deleteAny",
+    "securesourcemanager.sshkeys.get",
+    "securesourcemanager.sshkeys.list",
+    "securesourcemanager.sshkeys.listAny"
+  ],
+  "name": "roles/securesourcemanager.admin",
+  "stage": "BETA",
+  "title": "Secure Source Manager Admin"
+}

roles/viewer

@@ -3378,6 +3378,7 @@
     "retail.attributesConfigs.exportCatalogAttributes",
     "retail.attributesConfigs.get",
     "retail.catalogs.completeQuery",
+    "retail.catalogs.exportAnalyticsMetrics",
     "retail.catalogs.list",
     "retail.controls.export",
     "retail.controls.get",

roles/workloadmanager.admin

@@ -10,17 +10,14 @@
     "compute.regions.list",
     "compute.subnetworks.list",
     "compute.zones.list",
-    "dns.managedZones.list",
     "iam.serviceAccounts.list",
     "monitoring.timeSeries.list",
     "orgpolicy.policy.get",
     "resourcemanager.projects.get",
-    "resourcemanager.projects.getIamPolicy",
     "resourcemanager.projects.list",
     "serviceusage.quotas.get",
     "serviceusage.services.get",
     "storage.buckets.list",
-    "storage.objects.list",
     "workloadmanager.actuations.create",
     "workloadmanager.actuations.delete",
     "workloadmanager.actuations.get",

roles/workloadmanager.deploymentAdmin

@@ -10,13 +10,16 @@
     "compute.regions.list",
     "compute.subnetworks.list",
     "compute.zones.list",
+    "dns.managedZones.list",
     "iam.serviceAccounts.list",
     "monitoring.timeSeries.list",
     "resourcemanager.projects.get",
+    "resourcemanager.projects.getIamPolicy",
     "resourcemanager.projects.list",
     "serviceusage.quotas.get",
     "serviceusage.services.get",
     "storage.buckets.list",
+    "storage.objects.list",
     "workloadmanager.actuations.create",
     "workloadmanager.actuations.delete",
     "workloadmanager.actuations.get",