GCP IAM Updates Detected

roles/appengine.serviceAgent

@@ -24,6 +24,7 @@
     "artifactregistry.projectsettings.get",
     "artifactregistry.pythonpackages.get",
     "artifactregistry.pythonpackages.list",
+    "artifactregistry.repositories.create",
     "artifactregistry.repositories.downloadArtifacts",
     "artifactregistry.repositories.get",
     "artifactregistry.repositories.list",

roles/chronicle.admin

@@ -164,7 +164,6 @@
     "chronicle.iocs.get",
     "chronicle.iocs.searchCuratedDetectionsForIoc",
     "chronicle.legacies.legacyBatchGetCases",
-    "chronicle.legacies.legacyCalculateAlertStats",
     "chronicle.legacies.legacyFetchAlertsView",
     "chronicle.legacies.legacyFetchUdmSearchCsv",
     "chronicle.legacies.legacyFetchUdmSearchView",
@@ -175,7 +174,6 @@
     "chronicle.legacies.legacyGetCuratedRulesTrends",
     "chronicle.legacies.legacyGetDetection",
     "chronicle.legacies.legacyGetEventForDetection",
-    "chronicle.legacies.legacyGetFinding",
     "chronicle.legacies.legacyGetRuleCounts",
     "chronicle.legacies.legacyGetRulesTrends",
     "chronicle.legacies.legacyRunTestRule",
@@ -201,7 +199,6 @@
     "chronicle.legacies.legacyStreamDetectionAlerts",
     "chronicle.legacies.legacyTestRuleStreaming",
     "chronicle.legacies.legacyUpdateAlert",
-    "chronicle.legacies.legacyUpdateFinding",
     "chronicle.logTypeSchemas.list",
     "chronicle.logTypes.list",
     "chronicle.logs.export",

roles/chronicle.editor

@@ -129,7 +129,6 @@
     "chronicle.iocs.get",
     "chronicle.iocs.searchCuratedDetectionsForIoc",
     "chronicle.legacies.legacyBatchGetCases",
-    "chronicle.legacies.legacyCalculateAlertStats",
     "chronicle.legacies.legacyFetchAlertsView",
     "chronicle.legacies.legacyFetchUdmSearchCsv",
     "chronicle.legacies.legacyFetchUdmSearchView",
@@ -140,7 +139,6 @@
     "chronicle.legacies.legacyGetCuratedRulesTrends",
     "chronicle.legacies.legacyGetDetection",
     "chronicle.legacies.legacyGetEventForDetection",
-    "chronicle.legacies.legacyGetFinding",
     "chronicle.legacies.legacyGetRuleCounts",
     "chronicle.legacies.legacyGetRulesTrends",
     "chronicle.legacies.legacyRunTestRule",
@@ -166,7 +164,6 @@
     "chronicle.legacies.legacyStreamDetectionAlerts",
     "chronicle.legacies.legacyTestRuleStreaming",
     "chronicle.legacies.legacyUpdateAlert",
-    "chronicle.legacies.legacyUpdateFinding",
     "chronicle.logTypeSchemas.list",
     "chronicle.logs.export",
     "chronicle.logs.get",

roles/chronicle.limitedViewer

@@ -49,15 +49,13 @@
     "chronicle.ingestionLogNamespaces.list",
     "chronicle.instances.get",
     "chronicle.legacies.legacyBatchGetCases",
-    "chronicle.legacies.legacyCalculateAlertStats",
     "chronicle.legacies.legacyFetchAlertsView",
     "chronicle.legacies.legacyFetchUdmSearchCsv",
     "chronicle.legacies.legacyFetchUdmSearchView",
     "chronicle.legacies.legacyFindAssetEvents",
     "chronicle.legacies.legacyFindRawLogs",
     "chronicle.legacies.legacyFindUdmEvents",
     "chronicle.legacies.legacyGetAlert",
-    "chronicle.legacies.legacyGetFinding",
     "chronicle.legacies.legacySearchArtifactEvents",
     "chronicle.legacies.legacySearchArtifactIoCDetails",
     "chronicle.legacies.legacySearchAssetEvents",

roles/chronicle.restrictedDataAccessViewer

@@ -32,15 +32,13 @@
     "chronicle.instances.get",
     "chronicle.instances.report",
     "chronicle.legacies.legacyBatchGetCases",
-    "chronicle.legacies.legacyCalculateAlertStats",
     "chronicle.legacies.legacyFetchAlertsView",
     "chronicle.legacies.legacyFetchUdmSearchCsv",
     "chronicle.legacies.legacyFetchUdmSearchView",
     "chronicle.legacies.legacyFindAssetEvents",
     "chronicle.legacies.legacyFindRawLogs",
     "chronicle.legacies.legacyFindUdmEvents",
     "chronicle.legacies.legacyGetAlert",
-    "chronicle.legacies.legacyGetFinding",
     "chronicle.legacies.legacyGetRuleCounts",
     "chronicle.legacies.legacyGetRulesTrends",
     "chronicle.legacies.legacyRunTestRule",

roles/chronicle.viewer

@@ -90,7 +90,6 @@
     "chronicle.iocs.get",
     "chronicle.iocs.searchCuratedDetectionsForIoc",
     "chronicle.legacies.legacyBatchGetCases",
-    "chronicle.legacies.legacyCalculateAlertStats",
     "chronicle.legacies.legacyFetchAlertsView",
     "chronicle.legacies.legacyFetchUdmSearchCsv",
     "chronicle.legacies.legacyFetchUdmSearchView",
@@ -101,7 +100,6 @@
     "chronicle.legacies.legacyGetCuratedRulesTrends",
     "chronicle.legacies.legacyGetDetection",
     "chronicle.legacies.legacyGetEventForDetection",
-    "chronicle.legacies.legacyGetFinding",
     "chronicle.legacies.legacyGetRuleCounts",
     "chronicle.legacies.legacyGetRulesTrends",
     "chronicle.legacies.legacyRunTestRule",

roles/compute.admin

@@ -30,6 +30,7 @@
     "compute.addresses.setLabels",
     "compute.addresses.use",
     "compute.addresses.useInternal",
+    "compute.advice.calendarMode",
     "compute.autoscalers.create",
     "compute.autoscalers.delete",
     "compute.autoscalers.get",

roles/compute.futureReservationAdmin

@@ -2,6 +2,7 @@
   "etag": "AA==",
   "includedPermissions": [
     "compute.acceleratorTypes.list",
+    "compute.advice.calendarMode",
     "compute.futureReservations.cancel",
     "compute.futureReservations.create",
     "compute.futureReservations.delete",

roles/compute.peerSubnetMigrationAdmin

@@ -0,0 +1,29 @@
+{
+  "description": "Use subnetwork whose PURPOSE is \"PEER_MIGRATION\"",
+  "etag": "AA==",
+  "includedPermissions": [
+    "compute.addresses.createInternal",
+    "compute.addresses.deleteInternal",
+    "compute.addresses.get",
+    "compute.addresses.use",
+    "compute.forwardingRules.create",
+    "compute.forwardingRules.delete",
+    "compute.forwardingRules.get",
+    "compute.forwardingRules.list",
+    "compute.forwardingRules.pscCreate",
+    "compute.forwardingRules.pscDelete",
+    "compute.forwardingRules.pscUpdate",
+    "compute.forwardingRules.update",
+    "compute.networks.use",
+    "compute.regionOperations.get",
+    "compute.regions.list",
+    "compute.subnetworks.use",
+    "compute.subnetworks.usePeerMigration",
+    "servicedirectory.namespaces.create",
+    "servicedirectory.services.create",
+    "servicedirectory.services.delete"
+  ],
+  "name": "roles/compute.peerSubnetMigrationAdmin",
+  "stage": "GA",
+  "title": "Compute Peer Subnet Migration Admin"
+}

roles/contactcenterinsights.serviceAgent

@@ -35,6 +35,7 @@
     "dialogflow.documents.delete",
     "dialogflow.documents.get",
     "dialogflow.documents.list",
+    "dialogflow.generators.get",
     "dialogflow.operations.get",
     "dialogflow.participants.suggest",
     "dialogflow.sessions.detectIntent",

roles/datastream.serviceAgent

@@ -22,6 +22,8 @@
     "compute.globalAddresses.deleteInternal",
     "compute.globalAddresses.get",
     "compute.globalOperations.get",
+    "compute.networkAttachments.get",
+    "compute.networkAttachments.list",
     "compute.networks.addPeering",
     "compute.networks.get",
     "compute.networks.listPeeringRoutes",

roles/dialogflow.serviceAgent

@@ -127,6 +127,8 @@
     "discoveryengine.engines.delete",
     "discoveryengine.engines.get",
     "discoveryengine.engines.update",
+    "discoveryengine.schemas.get",
+    "discoveryengine.schemas.list",
     "discoveryengine.servingConfigs.search",
     "dlp.deidentifyTemplates.get",
     "dlp.deidentifyTemplates.list",

roles/discoveryengine.user

@@ -9,7 +9,8 @@
     "discoveryengine.sessions.delete",
     "discoveryengine.sessions.get",
     "discoveryengine.sessions.list",
-    "discoveryengine.sessions.update"
+    "discoveryengine.sessions.update",
+    "discoveryengine.widgetConfigs.get"
   ],
   "name": "roles/discoveryengine.user",
   "stage": "BETA",

roles/dlp.orgdriver

@@ -1240,7 +1240,11 @@
     "workflows.workflows.createTagBinding",
     "workflows.workflows.deleteTagBinding",
     "workflows.workflows.listEffectiveTags",
-    "workflows.workflows.listTagBindings"
+    "workflows.workflows.listTagBindings",
+    "workstations.workstationClusters.createTagBinding",
+    "workstations.workstationClusters.deleteTagBinding",
+    "workstations.workstationClusters.listEffectiveTags",
+    "workstations.workstationClusters.listTagBindings"
   ],
   "name": "roles/dlp.orgdriver",
   "stage": "GA",

roles/dlp.projectdriver

@@ -1240,7 +1240,11 @@
     "workflows.workflows.createTagBinding",
     "workflows.workflows.deleteTagBinding",
     "workflows.workflows.listEffectiveTags",
-    "workflows.workflows.listTagBindings"
+    "workflows.workflows.listTagBindings",
+    "workstations.workstationClusters.createTagBinding",
+    "workstations.workstationClusters.deleteTagBinding",
+    "workstations.workstationClusters.listEffectiveTags",
+    "workstations.workstationClusters.listTagBindings"
   ],
   "name": "roles/dlp.projectdriver",
   "stage": "GA",

roles/editor

@@ -1763,7 +1763,6 @@
     "chronicle.iocs.get",
     "chronicle.iocs.searchCuratedDetectionsForIoc",
     "chronicle.legacies.legacyBatchGetCases",
-    "chronicle.legacies.legacyCalculateAlertStats",
     "chronicle.legacies.legacyFetchAlertsView",
     "chronicle.legacies.legacyFetchUdmSearchCsv",
     "chronicle.legacies.legacyFetchUdmSearchView",
@@ -1774,7 +1773,6 @@
     "chronicle.legacies.legacyGetCuratedRulesTrends",
     "chronicle.legacies.legacyGetDetection",
     "chronicle.legacies.legacyGetEventForDetection",
-    "chronicle.legacies.legacyGetFinding",
     "chronicle.legacies.legacyGetRuleCounts",
     "chronicle.legacies.legacyGetRulesTrends",
     "chronicle.legacies.legacyRunTestRule",
@@ -1800,7 +1798,6 @@
     "chronicle.legacies.legacyStreamDetectionAlerts",
     "chronicle.legacies.legacyTestRuleStreaming",
     "chronicle.legacies.legacyUpdateAlert",
-    "chronicle.legacies.legacyUpdateFinding",
     "chronicle.logs.export",
     "chronicle.logs.get",
     "chronicle.logs.import",
@@ -5629,13 +5626,15 @@
     "firebasestorage.defaultBucket.get",
     "fleetengine.deliveryvehicles.allowAllActions",
     "fleetengine.deliveryvehicles.create",
+    "fleetengine.deliveryvehicles.delete",
     "fleetengine.deliveryvehicles.get",
     "fleetengine.deliveryvehicles.list",
     "fleetengine.deliveryvehicles.update",
     "fleetengine.deliveryvehicles.updateLocation",
     "fleetengine.deliveryvehicles.updateVehicleStops",
     "fleetengine.tasks.allowAllActions",
     "fleetengine.tasks.create",
+    "fleetengine.tasks.delete",
     "fleetengine.tasks.get",
     "fleetengine.tasks.list",
     "fleetengine.tasks.searchWithTrackingId",
@@ -5644,12 +5643,14 @@
     "fleetengine.tasktrackinginfo.get",
     "fleetengine.trips.allowAllActions",
     "fleetengine.trips.create",
+    "fleetengine.trips.delete",
     "fleetengine.trips.get",
     "fleetengine.trips.search",
     "fleetengine.trips.update",
     "fleetengine.trips.updateState",
     "fleetengine.vehicles.allowAllActions",
     "fleetengine.vehicles.create",
+    "fleetengine.vehicles.delete",
     "fleetengine.vehicles.get",
     "fleetengine.vehicles.list",
     "fleetengine.vehicles.search",
@@ -9153,6 +9154,8 @@
     "workstations.workstationClusters.delete",
     "workstations.workstationClusters.get",
     "workstations.workstationClusters.list",
+    "workstations.workstationClusters.listEffectiveTags",
+    "workstations.workstationClusters.listTagBindings",
     "workstations.workstationClusters.update",
     "workstations.workstationConfigs.create",
     "workstations.workstationConfigs.delete",

roles/fleetengine.deliveryAdmin

@@ -4,13 +4,15 @@
   "includedPermissions": [
     "fleetengine.deliveryvehicles.allowAllActions",
     "fleetengine.deliveryvehicles.create",
+    "fleetengine.deliveryvehicles.delete",
     "fleetengine.deliveryvehicles.get",
     "fleetengine.deliveryvehicles.list",
     "fleetengine.deliveryvehicles.update",
     "fleetengine.deliveryvehicles.updateLocation",
     "fleetengine.deliveryvehicles.updateVehicleStops",
     "fleetengine.tasks.allowAllActions",
     "fleetengine.tasks.create",
+    "fleetengine.tasks.delete",
     "fleetengine.tasks.get",
     "fleetengine.tasks.list",
     "fleetengine.tasks.searchWithTrackingId",

roles/fleetengine.deliverySuperUser

@@ -3,12 +3,14 @@
   "etag": "AA==",
   "includedPermissions": [
     "fleetengine.deliveryvehicles.create",
+    "fleetengine.deliveryvehicles.delete",
     "fleetengine.deliveryvehicles.get",
     "fleetengine.deliveryvehicles.list",
     "fleetengine.deliveryvehicles.update",
     "fleetengine.deliveryvehicles.updateLocation",
     "fleetengine.deliveryvehicles.updateVehicleStops",
     "fleetengine.tasks.create",
+    "fleetengine.tasks.delete",
     "fleetengine.tasks.get",
     "fleetengine.tasks.list",
     "fleetengine.tasks.searchWithTrackingId",

roles/fleetengine.ondemandAdmin

@@ -4,12 +4,14 @@
   "includedPermissions": [
     "fleetengine.trips.allowAllActions",
     "fleetengine.trips.create",
+    "fleetengine.trips.delete",
     "fleetengine.trips.get",
     "fleetengine.trips.search",
     "fleetengine.trips.update",
     "fleetengine.trips.updateState",
     "fleetengine.vehicles.allowAllActions",
     "fleetengine.vehicles.create",
+    "fleetengine.vehicles.delete",
     "fleetengine.vehicles.get",
     "fleetengine.vehicles.list",
     "fleetengine.vehicles.search",

roles/fleetengine.serviceSuperUser

@@ -3,11 +3,13 @@
   "etag": "AA==",
   "includedPermissions": [
     "fleetengine.trips.create",
+    "fleetengine.trips.delete",
     "fleetengine.trips.get",
     "fleetengine.trips.search",
     "fleetengine.trips.update",
     "fleetengine.trips.updateState",
     "fleetengine.vehicles.create",
+    "fleetengine.vehicles.delete",
     "fleetengine.vehicles.get",
     "fleetengine.vehicles.list",
     "fleetengine.vehicles.search",

roles/networkconnectivity.serviceAgent

@@ -33,6 +33,10 @@
     "compute.vpnTunnels.get",
     "dns.managedZones.create",
     "dns.networks.bindPrivateDNSZone",
+    "networkconnectivity.hubRouteTables.get",
+    "networkconnectivity.hubRouteTables.list",
+    "networkconnectivity.hubRoutes.get",
+    "networkconnectivity.hubRoutes.list",
     "networkconnectivity.operations.get",
     "servicedirectory.namespaces.associatePrivateZone",
     "servicedirectory.namespaces.create",

roles/networksecurity.securityProfileAdmin

@@ -0,0 +1,23 @@
+{
+  "description": "Enables full access to security profile and security profile group resources.",
+  "etag": "AA==",
+  "includedPermissions": [
+    "networksecurity.securityProfileGroups.create",
+    "networksecurity.securityProfileGroups.delete",
+    "networksecurity.securityProfileGroups.get",
+    "networksecurity.securityProfileGroups.list",
+    "networksecurity.securityProfileGroups.update",
+    "networksecurity.securityProfileGroups.use",
+    "networksecurity.securityProfiles.create",
+    "networksecurity.securityProfiles.delete",
+    "networksecurity.securityProfiles.get",
+    "networksecurity.securityProfiles.list",
+    "networksecurity.securityProfiles.update",
+    "networksecurity.securityProfiles.use",
+    "resourcemanager.projects.get",
+    "resourcemanager.projects.list"
+  ],
+  "name": "roles/networksecurity.securityProfileAdmin",
+  "stage": "BETA",
+  "title": "Security Profile Admin"
+}

roles/notebooks.legacyAdmin

@@ -30,6 +30,7 @@
     "compute.addresses.setLabels",
     "compute.addresses.use",
     "compute.addresses.useInternal",
+    "compute.advice.calendarMode",
     "compute.autoscalers.create",
     "compute.autoscalers.delete",
     "compute.autoscalers.get",