GCP IAM Updates Detected

roles/bigquerydatapolicy.rawDataReader

@@ -0,0 +1,10 @@
+{
+  "description": "Raw read access to sub-resources associated with a data policy, for example, BigQuery columns",
+  "etag": "AA==",
+  "includedPermissions": [
+    "bigquery.dataPolicies.getRawData"
+  ],
+  "name": "roles/bigquerydatapolicy.rawDataReader",
+  "stage": "BETA",
+  "title": "Raw Data Reader"
+}

roles/cloudaicompanion.codeRepositoryIndexesAdmin

@@ -0,0 +1,27 @@
+{
+  "description": "Grants full access to Code Repository Indexes resources.",
+  "etag": "AA==",
+  "includedPermissions": [
+    "cloudaicompanion.codeRepositoryIndexes.create",
+    "cloudaicompanion.codeRepositoryIndexes.delete",
+    "cloudaicompanion.codeRepositoryIndexes.get",
+    "cloudaicompanion.codeRepositoryIndexes.list",
+    "cloudaicompanion.codeRepositoryIndexes.update",
+    "cloudaicompanion.operations.cancel",
+    "cloudaicompanion.operations.delete",
+    "cloudaicompanion.operations.get",
+    "cloudaicompanion.operations.list",
+    "cloudaicompanion.repositoryGroups.create",
+    "cloudaicompanion.repositoryGroups.delete",
+    "cloudaicompanion.repositoryGroups.get",
+    "cloudaicompanion.repositoryGroups.getIamPolicy",
+    "cloudaicompanion.repositoryGroups.list",
+    "cloudaicompanion.repositoryGroups.setIamPolicy",
+    "cloudaicompanion.repositoryGroups.update",
+    "resourcemanager.projects.get",
+    "resourcemanager.projects.list"
+  ],
+  "name": "roles/cloudaicompanion.codeRepositoryIndexesAdmin",
+  "stage": "BETA",
+  "title": "Cloud AI Companion Code Repository Indexes Admin"
+}

roles/cloudaicompanion.codeRepositoryIndexesViewer

@@ -0,0 +1,18 @@
+{
+  "description": "Grants readonly access to Code Repository Indexes resources.",
+  "etag": "AA==",
+  "includedPermissions": [
+    "cloudaicompanion.codeRepositoryIndexes.get",
+    "cloudaicompanion.codeRepositoryIndexes.list",
+    "cloudaicompanion.operations.get",
+    "cloudaicompanion.operations.list",
+    "cloudaicompanion.repositoryGroups.get",
+    "cloudaicompanion.repositoryGroups.getIamPolicy",
+    "cloudaicompanion.repositoryGroups.list",
+    "resourcemanager.projects.get",
+    "resourcemanager.projects.list"
+  ],
+  "name": "roles/cloudaicompanion.codeRepositoryIndexesViewer",
+  "stage": "BETA",
+  "title": "Cloud AI Companion Code Repository Indexes Viewer"
+}

roles/cloudaicompanion.repositoryGroupsUser

@@ -0,0 +1,13 @@
+{
+  "description": "Grants Read/Use access to the Code Repository Indexes Repository Group.",
+  "etag": "AA==",
+  "includedPermissions": [
+    "cloudaicompanion.codeRepositoryIndexes.get",
+    "cloudaicompanion.repositoryGroups.get",
+    "cloudaicompanion.repositoryGroups.getIamPolicy",
+    "cloudaicompanion.repositoryGroups.use"
+  ],
+  "name": "roles/cloudaicompanion.repositoryGroupsUser",
+  "stage": "BETA",
+  "title": "Cloud AI Companion Repository Groups User"
+}

roles/cloudaicompanion.serviceAgent

@@ -2,6 +2,11 @@
   "description": "Gives Cloud AI Companion components the proper permissions to function.",
   "etag": "AA==",
   "includedPermissions": [
+    "cloudaicompanion.codeRepositoryIndexes.get",
+    "cloudaicompanion.codeRepositoryIndexes.list",
+    "cloudaicompanion.repositoryGroups.get",
+    "cloudaicompanion.repositoryGroups.getIamPolicy",
+    "cloudaicompanion.repositoryGroups.list",
     "cloudbuild.connections.get",
     "cloudbuild.repositories.accessReadToken",
     "cloudbuild.repositories.fetchGitRefs",

roles/cloudtpu.serviceAgent

@@ -869,6 +869,12 @@
     "networksecurity.urlLists.list",
     "networksecurity.urlLists.update",
     "networksecurity.urlLists.use",
+    "networkservices.authzExtensions.create",
+    "networkservices.authzExtensions.delete",
+    "networkservices.authzExtensions.get",
+    "networkservices.authzExtensions.list",
+    "networkservices.authzExtensions.update",
+    "networkservices.authzExtensions.use",
     "networkservices.endpointConfigSelectors.create",
     "networkservices.endpointConfigSelectors.delete",
     "networkservices.endpointConfigSelectors.get",

roles/composer.serviceAgent

@@ -1464,6 +1464,12 @@
     "networksecurity.urlLists.list",
     "networksecurity.urlLists.update",
     "networksecurity.urlLists.use",
+    "networkservices.authzExtensions.create",
+    "networkservices.authzExtensions.delete",
+    "networkservices.authzExtensions.get",
+    "networkservices.authzExtensions.list",
+    "networkservices.authzExtensions.update",
+    "networkservices.authzExtensions.use",
     "networkservices.endpointConfigSelectors.create",
     "networkservices.endpointConfigSelectors.delete",
     "networkservices.endpointConfigSelectors.get",

roles/compute.networkAdmin

@@ -683,6 +683,12 @@
     "networksecurity.urlLists.list",
     "networksecurity.urlLists.update",
     "networksecurity.urlLists.use",
+    "networkservices.authzExtensions.create",
+    "networkservices.authzExtensions.delete",
+    "networkservices.authzExtensions.get",
+    "networkservices.authzExtensions.list",
+    "networkservices.authzExtensions.update",
+    "networkservices.authzExtensions.use",
     "networkservices.endpointConfigSelectors.create",
     "networkservices.endpointConfigSelectors.delete",
     "networkservices.endpointConfigSelectors.get",

roles/compute.networkUser

@@ -130,6 +130,9 @@
     "networksecurity.urlLists.get",
     "networksecurity.urlLists.list",
     "networksecurity.urlLists.use",
+    "networkservices.authzExtensions.get",
+    "networkservices.authzExtensions.list",
+    "networkservices.authzExtensions.use",
     "networkservices.endpointConfigSelectors.get",
     "networkservices.endpointConfigSelectors.list",
     "networkservices.endpointConfigSelectors.use",

roles/compute.networkViewer

@@ -239,6 +239,8 @@
     "networksecurity.tlsInspectionPolicies.list",
     "networksecurity.urlLists.get",
     "networksecurity.urlLists.list",
+    "networkservices.authzExtensions.get",
+    "networkservices.authzExtensions.list",
     "networkservices.endpointConfigSelectors.get",
     "networkservices.endpointConfigSelectors.list",
     "networkservices.endpointPolicies.get",

roles/container.serviceAgent

@@ -1449,6 +1449,12 @@
     "networksecurity.urlLists.list",
     "networksecurity.urlLists.update",
     "networksecurity.urlLists.use",
+    "networkservices.authzExtensions.create",
+    "networkservices.authzExtensions.delete",
+    "networkservices.authzExtensions.get",
+    "networkservices.authzExtensions.list",
+    "networkservices.authzExtensions.update",
+    "networkservices.authzExtensions.use",
     "networkservices.endpointConfigSelectors.create",
     "networkservices.endpointConfigSelectors.delete",
     "networkservices.endpointConfigSelectors.get",

roles/dataflow.serviceAgent

@@ -1129,6 +1129,12 @@
     "networksecurity.urlLists.list",
     "networksecurity.urlLists.update",
     "networksecurity.urlLists.use",
+    "networkservices.authzExtensions.create",
+    "networkservices.authzExtensions.delete",
+    "networkservices.authzExtensions.get",
+    "networkservices.authzExtensions.list",
+    "networkservices.authzExtensions.update",
+    "networkservices.authzExtensions.use",
     "networkservices.endpointConfigSelectors.create",
     "networkservices.endpointConfigSelectors.delete",
     "networkservices.endpointConfigSelectors.get",

roles/datafusion.serviceAgent

@@ -458,6 +458,8 @@
     "networksecurity.tlsInspectionPolicies.list",
     "networksecurity.urlLists.get",
     "networksecurity.urlLists.list",
+    "networkservices.authzExtensions.get",
+    "networkservices.authzExtensions.list",
     "networkservices.endpointConfigSelectors.get",
     "networkservices.endpointConfigSelectors.list",
     "networkservices.endpointPolicies.get",

roles/datastore.bulkAdmin

@@ -2,6 +2,7 @@
   "description": "Full access to manage bulk operations.",
   "etag": "AA==",
   "includedPermissions": [
+    "datastore.databases.bulkDelete",
     "datastore.databases.getMetadata",
     "datastore.operations.cancel",
     "datastore.operations.get",

roles/editor

@@ -1809,13 +1809,29 @@
     "clientauthconfig.clients.update",
     "cloud.locations.get",
     "cloud.locations.list",
+    "cloudaicompanion.codeRepositoryIndexes.create",
+    "cloudaicompanion.codeRepositoryIndexes.delete",
+    "cloudaicompanion.codeRepositoryIndexes.get",
+    "cloudaicompanion.codeRepositoryIndexes.list",
+    "cloudaicompanion.codeRepositoryIndexes.update",
     "cloudaicompanion.companions.generateChat",
     "cloudaicompanion.companions.generateCode",
     "cloudaicompanion.entitlements.get",
     "cloudaicompanion.instances.completeCode",
     "cloudaicompanion.instances.completeTask",
     "cloudaicompanion.instances.generateCode",
     "cloudaicompanion.instances.generateText",
+    "cloudaicompanion.operations.cancel",
+    "cloudaicompanion.operations.delete",
+    "cloudaicompanion.operations.get",
+    "cloudaicompanion.operations.list",
+    "cloudaicompanion.repositoryGroups.create",
+    "cloudaicompanion.repositoryGroups.delete",
+    "cloudaicompanion.repositoryGroups.get",
+    "cloudaicompanion.repositoryGroups.getIamPolicy",
+    "cloudaicompanion.repositoryGroups.list",
+    "cloudaicompanion.repositoryGroups.update",
+    "cloudaicompanion.repositoryGroups.use",
     "cloudasset.assets.analyzeIamPolicy",
     "cloudasset.assets.analyzeMove",
     "cloudasset.assets.analyzeOrgPolicy",
@@ -6175,6 +6191,11 @@
     "managedflink.operations.delete",
     "managedflink.operations.get",
     "managedflink.operations.list",
+    "managedflink.sessions.create",
+    "managedflink.sessions.delete",
+    "managedflink.sessions.get",
+    "managedflink.sessions.list",
+    "managedflink.sessions.update",
     "managedidentities.backups.create",
     "managedidentities.backups.delete",
     "managedidentities.backups.get",
@@ -6753,6 +6774,12 @@
     "networksecurity.urlLists.list",
     "networksecurity.urlLists.update",
     "networksecurity.urlLists.use",
+    "networkservices.authzExtensions.create",
+    "networkservices.authzExtensions.delete",
+    "networkservices.authzExtensions.get",
+    "networkservices.authzExtensions.list",
+    "networkservices.authzExtensions.update",
+    "networkservices.authzExtensions.use",
     "networkservices.endpointConfigSelectors.create",
     "networkservices.endpointConfigSelectors.delete",
     "networkservices.endpointConfigSelectors.get",
@@ -7779,6 +7806,11 @@
     "securedlandingzone.overwatches.list",
     "securedlandingzone.overwatches.suspend",
     "securedlandingzone.overwatches.update",
+    "securesourcemanager.branchRules.create",
+    "securesourcemanager.branchRules.delete",
+    "securesourcemanager.branchRules.get",
+    "securesourcemanager.branchRules.list",
+    "securesourcemanager.branchRules.update",
     "securesourcemanager.instances.access",
     "securesourcemanager.instances.create",
     "securesourcemanager.instances.createRepository",

roles/firebase.admin

@@ -120,6 +120,7 @@
     "datastore.backups.get",
     "datastore.backups.list",
     "datastore.backups.restoreDatabase",
+    "datastore.databases.bulkDelete",
     "datastore.databases.create",
     "datastore.databases.createTagBinding",
     "datastore.databases.delete",

roles/firebase.developAdmin

@@ -96,6 +96,7 @@
     "datastore.backups.get",
     "datastore.backups.list",
     "datastore.backups.restoreDatabase",
+    "datastore.databases.bulkDelete",
     "datastore.databases.create",
     "datastore.databases.createTagBinding",
     "datastore.databases.delete",

roles/iam.securityAdmin

@@ -454,6 +454,11 @@
     "clientauthconfig.brands.list",
     "clientauthconfig.clients.list",
     "cloud.locations.list",
+    "cloudaicompanion.codeRepositoryIndexes.list",
+    "cloudaicompanion.operations.list",
+    "cloudaicompanion.repositoryGroups.getIamPolicy",
+    "cloudaicompanion.repositoryGroups.list",
+    "cloudaicompanion.repositoryGroups.setIamPolicy",
     "cloudasset.assets.searchAllResources",
     "cloudasset.feeds.list",
     "cloudasset.savedqueries.list",
@@ -1487,6 +1492,7 @@
     "managedflink.jobs.list",
     "managedflink.locations.list",
     "managedflink.operations.list",
+    "managedflink.sessions.list",
     "managedidentities.backups.getIamPolicy",
     "managedidentities.backups.list",
     "managedidentities.backups.setIamPolicy",
@@ -1648,6 +1654,7 @@
     "networksecurity.serverTlsPolicies.setIamPolicy",
     "networksecurity.tlsInspectionPolicies.list",
     "networksecurity.urlLists.list",
+    "networkservices.authzExtensions.list",
     "networkservices.endpointConfigSelectors.getIamPolicy",
     "networkservices.endpointConfigSelectors.list",
     "networkservices.endpointConfigSelectors.setIamPolicy",
@@ -1966,6 +1973,7 @@
     "secretmanager.secrets.setIamPolicy",
     "secretmanager.versions.list",
     "securedlandingzone.overwatches.list",
+    "securesourcemanager.branchRules.list",
     "securesourcemanager.instances.getIamPolicy",
     "securesourcemanager.instances.list",
     "securesourcemanager.instances.setIamPolicy",

roles/managedflink.admin

@@ -18,6 +18,11 @@
     "managedflink.operations.delete",
     "managedflink.operations.get",
     "managedflink.operations.list",
+    "managedflink.sessions.create",
+    "managedflink.sessions.delete",
+    "managedflink.sessions.get",
+    "managedflink.sessions.list",
+    "managedflink.sessions.update",
     "resourcemanager.projects.get",
     "resourcemanager.projects.list"
   ],

roles/managedflink.serviceAgent

@@ -0,0 +1,32 @@
+{
+  "description": "Gives Managed Flink Service Agent access to Cloud Platform resources.",
+  "etag": "AA==",
+  "includedPermissions": [
+    "compute.networkAttachments.create",
+    "compute.networkAttachments.delete",
+    "compute.networkAttachments.get",
+    "compute.networkAttachments.list",
+    "compute.networkAttachments.update",
+    "compute.networks.get",
+    "compute.networks.list",
+    "compute.regionOperations.get",
+    "compute.subnetworks.get",
+    "compute.subnetworks.list",
+    "compute.subnetworks.use",
+    "dns.networks.targetWithPeeringZone",
+    "managedkafka.clusters.get",
+    "managedkafka.clusters.list",
+    "managedkafka.clusters.update",
+    "monitoring.metricDescriptors.create",
+    "monitoring.metricDescriptors.get",
+    "monitoring.metricDescriptors.list",
+    "monitoring.monitoredResourceDescriptors.get",
+    "monitoring.monitoredResourceDescriptors.list",
+    "monitoring.timeSeries.create",
+    "serviceusage.services.use",
+    "storage.objects.get"
+  ],
+  "name": "roles/managedflink.serviceAgent",
+  "stage": "GA",
+  "title": "Managed Flink Service Agent"
+}

roles/managedflink.viewer

@@ -10,6 +10,8 @@
     "managedflink.locations.list",
     "managedflink.operations.get",
     "managedflink.operations.list",
+    "managedflink.sessions.get",
+    "managedflink.sessions.list",
     "resourcemanager.projects.get",
     "resourcemanager.projects.list"
   ],