diff --git a/roles/chronicle.restrictedDataAccessViewer b/roles/chronicle.restrictedDataAccessViewer index fd043f11..f7d947c3 100644 --- a/roles/chronicle.restrictedDataAccessViewer +++ b/roles/chronicle.restrictedDataAccessViewer @@ -68,8 +68,6 @@ "chronicle.operations.list", "chronicle.operations.streamSearch", "chronicle.operations.wait", - "chronicle.preferenceSets.get", - "chronicle.preferenceSets.update", "chronicle.referenceLists.get", "chronicle.referenceLists.list", "chronicle.referenceLists.verifyReferenceList", @@ -82,11 +80,6 @@ "chronicle.rules.list", "chronicle.rules.listRevisions", "chronicle.rules.verifyRuleText", - "chronicle.searchQueries.create", - "chronicle.searchQueries.delete", - "chronicle.searchQueries.get", - "chronicle.searchQueries.list", - "chronicle.searchQueries.update", "resourcemanager.projects.get", "resourcemanager.projects.list" ], diff --git a/roles/chronicle.viewer b/roles/chronicle.viewer index c29dc48d..879e305a 100644 --- a/roles/chronicle.viewer +++ b/roles/chronicle.viewer @@ -40,8 +40,6 @@ "chronicle.dataTables.list", "chronicle.dataTaps.get", "chronicle.dataTaps.list", - "chronicle.enrichmentControls.get", - "chronicle.enrichmentControls.list", "chronicle.entities.find", "chronicle.entities.findRelatedEntities", "chronicle.entities.get", @@ -105,6 +103,7 @@ "chronicle.legacies.legacyGetRuleCounts", "chronicle.legacies.legacyGetRulesTrends", "chronicle.legacies.legacyRunTestRule", + "chronicle.legacies.legacySearchAlerts", "chronicle.legacies.legacySearchArtifactEvents", "chronicle.legacies.legacySearchArtifactIoCDetails", "chronicle.legacies.legacySearchAssetEvents", diff --git a/roles/chroniclesm.admin b/roles/chroniclesm.admin index 22f4f7af..ba8069cc 100644 --- a/roles/chroniclesm.admin +++ b/roles/chroniclesm.admin @@ -5,6 +5,7 @@ "chroniclesm.gcpAssociations.create", "chroniclesm.gcpAssociations.delete", "chroniclesm.gcpAssociations.get", + "chroniclesm.gcpAssociations.list", "chroniclesm.gcpLogFlowFilters.get", "chroniclesm.gcpLogFlowFilters.update", "chroniclesm.gcpSettings.get", diff --git a/roles/composer.serviceAgent b/roles/composer.serviceAgent index 704a9eca..4e47e2ae 100644 --- a/roles/composer.serviceAgent +++ b/roles/composer.serviceAgent @@ -464,8 +464,6 @@ "compute.networkEndpointGroups.listEffectiveTags", "compute.networkEndpointGroups.listTagBindings", "compute.networkEndpointGroups.use", - "compute.networkProfiles.get", - "compute.networkProfiles.list", "compute.networks.access", "compute.networks.addPeering", "compute.networks.create", @@ -683,7 +681,6 @@ "compute.snapshots.setIamPolicy", "compute.snapshots.setLabels", "compute.snapshots.useReadOnly", - "compute.spotAssistants.get", "compute.sslCertificates.get", "compute.sslCertificates.list", "compute.sslCertificates.listEffectiveTags", @@ -718,7 +715,6 @@ "compute.subnetworks.update", "compute.subnetworks.use", "compute.subnetworks.useExternalIp", - "compute.subnetworks.usePeerMigration", "compute.targetGrpcProxies.create", "compute.targetGrpcProxies.createTagBinding", "compute.targetGrpcProxies.delete", diff --git a/roles/container.serviceAgent b/roles/container.serviceAgent index 90d86b38..c25ecd54 100644 --- a/roles/container.serviceAgent +++ b/roles/container.serviceAgent @@ -426,8 +426,6 @@ "compute.networkEndpointGroups.listEffectiveTags", "compute.networkEndpointGroups.listTagBindings", "compute.networkEndpointGroups.use", - "compute.networkProfiles.get", - "compute.networkProfiles.list", "compute.networks.access", "compute.networks.addPeering", "compute.networks.create", @@ -678,7 +676,6 @@ "compute.snapshots.setIamPolicy", "compute.snapshots.setLabels", "compute.snapshots.useReadOnly", - "compute.spotAssistants.get", "compute.sslCertificates.create", "compute.sslCertificates.createTagBinding", "compute.sslCertificates.delete", @@ -722,7 +719,6 @@ "compute.subnetworks.update", "compute.subnetworks.use", "compute.subnetworks.useExternalIp", - "compute.subnetworks.usePeerMigration", "compute.targetGrpcProxies.create", "compute.targetGrpcProxies.createTagBinding", "compute.targetGrpcProxies.delete", diff --git a/roles/dialogflow.serviceAgent b/roles/dialogflow.serviceAgent index 75f93e09..4ec3a15d 100644 --- a/roles/dialogflow.serviceAgent +++ b/roles/dialogflow.serviceAgent @@ -46,11 +46,8 @@ "dialogflow.conversationDatasets.list", "dialogflow.conversationModels.get", "dialogflow.conversationModels.list", - "dialogflow.conversationProfiles.create", - "dialogflow.conversationProfiles.delete", "dialogflow.conversationProfiles.get", "dialogflow.conversationProfiles.list", - "dialogflow.conversationProfiles.update", "dialogflow.conversations.addPhoneNumber", "dialogflow.conversations.complete", "dialogflow.conversations.create", diff --git a/roles/discoveryengine.admin b/roles/discoveryengine.admin index 804026ab..1effa887 100644 --- a/roles/discoveryengine.admin +++ b/roles/discoveryengine.admin @@ -111,9 +111,6 @@ "discoveryengine.siteSearchEngines.fetchDomainVerificationStatus", "discoveryengine.siteSearchEngines.get", "discoveryengine.siteSearchEngines.recrawlUris", - "discoveryengine.sitemaps.create", - "discoveryengine.sitemaps.delete", - "discoveryengine.sitemaps.fetch", "discoveryengine.suggestionDenyListEntries.import", "discoveryengine.suggestionDenyListEntries.purge", "discoveryengine.targetSites.batchCreate", diff --git a/roles/genomics.serviceAgent b/roles/genomics.serviceAgent index eeece7c2..3ae8ede5 100644 --- a/roles/genomics.serviceAgent +++ b/roles/genomics.serviceAgent @@ -261,8 +261,6 @@ "compute.networkEndpointGroups.listEffectiveTags", "compute.networkEndpointGroups.listTagBindings", "compute.networkEndpointGroups.use", - "compute.networkProfiles.get", - "compute.networkProfiles.list", "compute.networks.get", "compute.networks.list", "compute.networks.listEffectiveTags", @@ -361,7 +359,6 @@ "compute.snapshots.setIamPolicy", "compute.snapshots.setLabels", "compute.snapshots.useReadOnly", - "compute.spotAssistants.get", "compute.sslCertificates.get", "compute.sslCertificates.list", "compute.sslCertificates.listEffectiveTags", diff --git a/roles/iam.principalAccessBoundaryAdmin b/roles/iam.principalAccessBoundaryAdmin index ec231235..31d1dd99 100644 --- a/roles/iam.principalAccessBoundaryAdmin +++ b/roles/iam.principalAccessBoundaryAdmin @@ -3,7 +3,6 @@ "etag": "AA==", "includedPermissions": [ "cloudasset.assets.listResource", - "cloudasset.assets.searchAllResources", "iam.principalaccessboundarypolicies.bind", "iam.principalaccessboundarypolicies.create", "iam.principalaccessboundarypolicies.delete", diff --git a/roles/notebooks.admin b/roles/notebooks.admin index 32776e1a..25f068f5 100644 --- a/roles/notebooks.admin +++ b/roles/notebooks.admin @@ -161,6 +161,8 @@ "compute.networkEndpointGroups.list", "compute.networkEndpointGroups.listEffectiveTags", "compute.networkEndpointGroups.listTagBindings", + "compute.networkProfiles.get", + "compute.networkProfiles.list", "compute.networks.get", "compute.networks.getEffectiveFirewalls", "compute.networks.getRegionEffectiveFirewalls", @@ -276,6 +278,7 @@ "compute.snapshots.list", "compute.snapshots.listEffectiveTags", "compute.snapshots.listTagBindings", + "compute.spotAssistants.get", "compute.sslCertificates.get", "compute.sslCertificates.list", "compute.sslCertificates.listEffectiveTags", diff --git a/roles/notebooks.legacyAdmin b/roles/notebooks.legacyAdmin index e9912e5a..88054d4b 100644 --- a/roles/notebooks.legacyAdmin +++ b/roles/notebooks.legacyAdmin @@ -419,8 +419,6 @@ "compute.networkEndpointGroups.listEffectiveTags", "compute.networkEndpointGroups.listTagBindings", "compute.networkEndpointGroups.use", - "compute.networkProfiles.get", - "compute.networkProfiles.list", "compute.networks.access", "compute.networks.addPeering", "compute.networks.create", @@ -722,7 +720,6 @@ "compute.snapshots.setIamPolicy", "compute.snapshots.setLabels", "compute.snapshots.useReadOnly", - "compute.spotAssistants.get", "compute.sslCertificates.create", "compute.sslCertificates.createTagBinding", "compute.sslCertificates.delete", @@ -766,7 +763,6 @@ "compute.subnetworks.update", "compute.subnetworks.use", "compute.subnetworks.useExternalIp", - "compute.subnetworks.usePeerMigration", "compute.targetGrpcProxies.create", "compute.targetGrpcProxies.createTagBinding", "compute.targetGrpcProxies.delete", diff --git a/roles/policyanalyzer.activityAnalysisViewer b/roles/policyanalyzer.activityAnalysisViewer index 70604172..c349a3d6 100644 --- a/roles/policyanalyzer.activityAnalysisViewer +++ b/roles/policyanalyzer.activityAnalysisViewer @@ -2,7 +2,6 @@ "description": "Viewer user that can read all activity analysis.", "etag": "AA==", "includedPermissions": [ - "policyanalyzer.resourceAuthorizationActivities.query", "policyanalyzer.serviceAccountKeyLastAuthenticationActivities.query", "policyanalyzer.serviceAccountLastAuthenticationActivities.query" ], diff --git a/roles/redis.editor b/roles/redis.editor index 95369b15..bd0561a7 100644 --- a/roles/redis.editor +++ b/roles/redis.editor @@ -3,11 +3,6 @@ "etag": "AA==", "includedPermissions": [ "compute.networks.list", - "redis.backupCollections.get", - "redis.backupCollections.list", - "redis.backups.get", - "redis.backups.list", - "redis.clusters.backup", "redis.clusters.get", "redis.clusters.list", "redis.clusters.update", diff --git a/roles/securitycenter.settingsViewer b/roles/securitycenter.settingsViewer index 40062756..b8b9714c 100644 --- a/roles/securitycenter.settingsViewer +++ b/roles/securitycenter.settingsViewer @@ -46,6 +46,7 @@ "securitycentermanagement.locations.list", "securitycentermanagement.securityCenterServices.get", "securitycentermanagement.securityCenterServices.list", + "securitycentermanagement.securityCommandCenter.checkActivationOperation", "securitycentermanagement.securityCommandCenter.get", "securitycentermanagement.securityHealthAnalyticsCustomModules.get", "securitycentermanagement.securityHealthAnalyticsCustomModules.list",